From c342db356d4f451821781eb24eb9f3d39d6c0c5e Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Wed, 15 May 2019 21:57:59 -0400 Subject: subtree updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit poky: 4e511f0abc..a015ed7704: Adrian Bunk (22): gnutls: upgrade 3.6.5 -> 3.6.7 dhcp: Replace OE specific patch for compatibility with latest bind with upstream patch Set XZ_COMPRESSION_LEVEL to -9 gcc: Remove Java support variables Use the best xz compression for the SDK gnome-doc-utils: Remove stale patch libxcrypt: Stop adding -std=gnu99 to CPPFLAGS file: Stop adding -std=c99 to CFLAGS gnu-efi: Remove support patch for gcc < 4.7 grub: Use -Wno-error instead of doing this on a per-warning basis socat: upgrade 1.7.3.2 -> 1.7.3.3 bison: upgrade 3.0.4 -> 3.1 mmc-utils: update to the latest upstream code cogl: upgrade 1.22.2 -> 1.22.4 cogl: remove -Werror=maybe-uninitialized workaround libxcb: remove workaround patch for a bug that was fixed in gcc 5 in 2015 sysstat: inherit upstream-version-is-even ccache: upgrade 3.6 -> 3.7.1 lttng-modules: upgrade 2.10.8 -> 2.10.9 iproute2: Remove bogus workaround patch for musl openssl: Remove openssl10 Remove irda-utils and the irda feature Alejandro Enedino Hernandez Samaniego (1): run-postinsts: Fix full execution of scripts at first boot Alejandro del Castillo (1): opkg: add ptest Alex Kiernan (12): systemd-conf: simplify creation of machine-specific configuration systemctl-native: Rewrite in Python supporting preset-all and mask image: call systemctl preset-all for images uboot-sign: Fix build when UBOOT_DTB_BINARY is empty patchelf: Upgrade 0.9 -> 0.10 python3: Add ntpath.py to python core go: Exclude vcs files when installing deps recipetool: fix unbound variable when fixed SRCREV can't be found systemd: Default to non-stateless images systemd-systemctl: Restore support for enable command systemd: Restore mask and preset targets, fix instance creation shadow: Backport last change reproducibility Alexander Kanavin (38): python3: add a tr-tr locale for test_locale ptest gobject-introspection: update to 1.60.1 dtc: upgrade 1.4.7 -> 1.5.0 webkitgtk: update to 2.24.0 libdazzle: update to 3.32.1 vala: update to 0.44.3 libdnf: update to 0.28.1 libcomps: upgrade 0.1.10 -> 0.1.11 dnf: upgrade 4.1.0 -> 4.2.2 btrfs-tools: upgrade 4.20.1 -> 4.20.2 meson: update to 0.50.0 libmodulemd: update to 2.2.3 at-spi2-core: fix meson 0.50 build ffmpeg: update to 4.1.3 python: update to 2.7.16 python: update to 3.7.3 python-numpy: update to 1.16.2 icu: update to 64.1 epiphany: update to 3.32.1.2 python3: add another multilib fix meson: do not try to substitute the prefix in python supplied paths python3-pygobject: update to 3.32.0 meson: add missing Upstream-Status and SOB to a patch acpica: update to 20190405 msmtp: fix upstream version check python-scons: update to 3.0.5 python-setuptools: update to 41.0.1 python3-mako: update to 1.0.9 python3-pbr: update to 5.1.3 python3-pip: update to 19.0.3 buildhistory: call a dependency parser only on actual dependency lists gtk-doc.bbclass: unify option setting for meson-based recipes python3-pycairo: update to 1.18.1 maintainers.inc: take over as perl maintainer xorg-lib: drop native overrides for REQUIRED_DISTRO_FEATURES meson: update to 0.50.1 perl: update to 5.28.2 packagegroup-self-hosted: drop epiphany Alistair Francis (5): u-boot: Upgrade from 2019.01 to 2019.04 beaglebone-yocto: Update u-boot config to match u-boot 19.04 u-boot: Fix missing Python.h build failure libsoup: Upgrade from 2.64.2 to 2.66.1 qemu: Upgrade from 3.1.0 to 4.0.0 Andre Rosa (1): bitbake: utils: Let mkdirhier fail if existing path is not a folder Andreas Müller (17): gobject-introspection: auto-enable/-disable gobject-introspection for meson libmodulemd: use gobject-introspection.bbclass on/off mechanism gdk-pixbuf: use gobject-introspection.bbclass on/off mechanism json-glib: use gobject-introspection.bbclass on/off mechanism libdazzle: use gobject-introspection.bbclass on/off mechanism clutter-gtk-1.0: use gobject-introspection.bbclass on/off mechanism pango: use gobject-introspection.bbclass on/off mechanism at-spi2-core: use gobject-introspection.bbclass on/off mechanism atk: use gobject-introspection.bbclass on/off mechanism libsoup-2.4: use gobject-introspection.bbclass on/off mechanism glib-networking: upgrade 2.58.0 -> 2.60.1 gst-plugins: move 'inherit gobject-introspection' to recipes supporting GI gstreamer1.0-python: rework gobject-introspection handling insane.bbclass: Trigger unrecognzed configure option for meson vte: upgrade 0.52.2 -> 0.56.1 vte: move shell auto scripts into seperate package qemu: split out vte into seperate PACKAGECONFIG Andreas Obergschwandtner (1): uboot-sign: add support for different u-boot configurations Andrej Valek (2): dropbear: update to 2019.78 systemd: upgrade to 242 Angus Lees (1): Revert "wic: Set a miniumum FAT16 volume size." Anuj Mittal (4): gcc: fix CVE-2018-18484 gdb: fix CVE-2017-9778 binutils: fix CVE-2019-9074 CVE-2019-9075 CVE-2019-9076 CVE-2019-9077 openssh: fix CVE-2018-20685, CVE-2019-6109, CVE-2019-6111 Armin Kuster (8): resulttool: add ltp test support logparser: Add decoding ltp logs ltp: add runtime test resulttool: add LTP compliance section logparser: Add LTP compliance section ltp_compliance: add new runtime manual compliance: remove bits done at runtime nss: cleanup recipe to match OE style Beniamin Sandu (1): kernel-devsrc: check for localversion files in the kernel source tree Breno Leitao (3): weston-init: Fix tab indentation weston-init: Add support for non-root start weston-init: Fix WESTON_USER typo Bruce Ashfield (8): linux-yocto/5.0: update to v5.0.5 linux-yocto-rt: update to 5.0.5-rt3 linux-yocto/5.0: update to v5.0.7 linux-yocto/4.19: update to v4.19.34 linux-yocto-rt/4.19: fix merge conflict in lru_drain linux-yocto/5.0: port RAID configuration tweaks from master linux-yocto/5.0: integrate TCP timeout / hang fix linux-yocto/5.0: update TCP patch to mainline version Changhyeok Bae (2): iw: upgrade 4.14 -> 5.0.1 iptables: upgrade 1.6.2 -> 1.8.2 Changqing Li (11): ruby: make ext module fiddle can compile success ruby: add ptest cogl: fix compile error caused by -Werror=maybe-uninitialized systemd: change default locale from C.UTF-8 to C m4: add ptest support gettext: add ptest support waffle: supprt build waffle without x11 piglit: support build piglit without x11 dbus: fix ptest failure populate_sdk_base: provide options to set sdk type python3: fix do_install fail for parallel buiild Chee Yang Lee (1): wic/bootimg-efi: replace hardcoded volume name with label Chen Qi (9): runqemu: do not check return code of tput busybox: fix ptest failure about 'dc' base-files: move hostname operations out of issue file settings webkitgtk: set CVE_PRODUCT dropbear: set CVE_PRODUCT libsdl: set CVE_PRODUCT ghostscript: set CVE_PRODUCT flac: also add flac to CVE_PRODUCT squashfs-tools: set CVE_PRODUCT David Reyna (1): bitbake: toaster: update to Warrior Dengke Du (2): perf: workaround the error cased by maybe-uninitialized warning linux-yocto_5.0: set devicetree for armv5 Denys Dmytriyenko (1): weston: upgrade 5.0.0 -> 6.0.0 Douglas Royds (2): distutils: Run python from the PATH in the -native case as well distutils: Tidy and simplify for readability Fabio Berton (1): mesa: Update 19.0.1 -> 19.0.3 He Zhe (2): ltp: Fix setrlimit03 call succeeded unexpectedly systemd: Bump up SRCREV to systemd-stable top to include the fix for shutdown now hang Hongxu Jia (15): image_types.bbclass: fix a race between the ubi and ubifs FSTYPES cpio/tar/native.bbclass: move rmt to sbindir and add a prefix to avoid native clashing acpica: use update-alternatives for acpidump apr: upgrade 1.6.5 -> 1.7.0 man-pages: upgrade 4.16 -> 5.01 man-db: upgrade 2.8.4 -> 2.8.5 bash: upgrade 4.4.18 -> 5.0 ncurses: fix incorrect UPSTREAM_CHECK_GITTAGREGEX gpgme: upgrade 1.12.0 -> 1.13.0 subversion: upgrade 1.11.1 -> 1.12.0 groff: upgrade 1.22.3 -> 1.22.4 libxml2: upgrade 2.9.8 -> 2.9.9 ghostscript: 9.26 -> 9.27 groff: imporve musl support oeqa/targetcontrol.py: fix qemuparams not work in runqemu with launch_cmd Jacob Kroon (3): grub-efi-native: Install grub-editenv bitbake: knotty: Pretty print task elapsed time base-passwd: Add kvm group Jaewon Lee (1): Adding back wrapper and using OEPYTHON3HOME variable for python3 Jens Rehsack (1): kernel-module-split.bbclass: support CONFIG_MODULE_COMPRESS=y Jonas Bonn (3): systemd: don't build firstboot by default systemd: do not create machine-id systemd: create preset files instead of installing in image Joshua Watt (6): classes/waf: Set WAFLOCK resulttool: Load results from URL resulttool: Add log subcommand qemux86: Allow higher tunes bitbake.conf: Account for older versions of bitbake resulttool: Add option to dump all ptest logs Kai Kang (5): msmtp: 1.6.6 -> 1.8.3 cryptodev: fix module loading error target-sdk-provides-dummy: resolve sstate conflict bitbake.conf: set NO_RECOMMENDATIONS with weak assignment webkitgtk: fix compile error for arm64 Kevin Hao (1): meta-yocto-bsp: Bump to the latest stable kernel for all the BSP Khem Raj (9): gcc-cross-canadian: Make baremetal specific code generic musl: Upgrade to master past 1.1.22 webkitgtk: Fix build with clang mdadm: Disable Werror gcc-target: Do not set --with-sysroot and gxx-include-dir paths systemd: Add -Wno-error=format-overflow to fix build with gcc9 systemd: Backport patch to fix build with gcc9 libgfortan: Package target gcc include directory to fix gcc-9: Add recipes for gcc 9.1 release Lei Maohui (2): dnf: Enable nativesdk icu: Added armeb support. Lei Yang (1): recipetool: add missed module Luca Boccassi (1): systemd: add cgroupv2 PACKAGECONFIG Mardegan, Alberto (1): oeqa/core/runner: dump stdout and stderr of each test case Mariano Lopez (5): update-alternatives.bbclass: Add function to get metadata ptest.bbclass: Add feature to populate a binary directory util-linux: Use PTEST binary directory busybox: Use PTEST binary directory ptest.bbclass: Use d.getVar instead of os.environ Martin Jansa (6): connman: add PACKAGECONFIG for nfc, fix MACHINE_ARCH signature when l2tp is enabled icecc.bbclass: stop causing everything to be effectivelly MACHINE_ARCH glibc: always use bfd linker opkg: fix ptest packaging when OPKGLIBDIR == libdir kexec-tools: refresh patches with devtool perf: make sure that the tools/include/uapi/asm-generic directory exists Matthias Schiffer (1): systemd: move "machines" symlinks to systemd-container Max Kellermann (2): useradd-staticids: print exception after parse_args() error initrdscripts: merge multiple "mkdir" calls Michael Scott (2): kernel-fitimage: support RISC-V procps: update legacy sysctl.conf to fix rp_filter sysctl issue Mikko Rapeli (3): elfutils: remove Elfutils-Exception and include GPLv2 for shared libraries oeqa/sdk: use bash to execute SDK test commands openssh: recommend rng-tools with sshd Mingli Yu (6): nettle: fix ptest failure elfutils: add ptest support elfutils: fix build failure with musl gcc-sanitizers: fix -Werror=maybe-uninitialized issue nettle: fix the Segmentation fault nettle: fix ptest failure Nathan Rossi (1): ccmake.bbclass: Fix up un-escaped quotes in output formatting Naveen Saini (5): core-image-rt: make sure that we append to DEPENDS core-image-rt-sdk: make sure that we append to DEPENDS bitbake.conf: add git-lfs to HOSTTOOLS_NONFATAL bitbake: bitbake: fetch2/git: git-lfs check linux-yocto: update genericx86* SRCREV for 4.19 Oleksandr Kravchuk (52): iproute2: update to 5.0.0 curl: update to 7.64.1 libxext: update to 1.3.4 x11perf: update to 1.6.1 libxdmcp: update to 1.1.3 libxkbfile: update 1.1.0 libxvmc: update to 1.0.11 libxrandr: update to 1.5.2 connman: update to 1.37 ethtool: update to 5.0 tar: update to 1.32 ffmpeg: update to 4.1.2 librepo: update to 1.9.6 libxmu: update to 1.1.3 libxcrypt: update to 4.4.4 wget: update to 1.20.2 libsecret: 0.18.8 createrepo-c: update to 0.12.2 libinput: update to 1.13.0 cronie: update to 1.5.4 libyaml: update to 0.2.2 fontconfig: update to 2.13.1 makedepend: update to 1.0.6 libdrm: update to 2.4.98 libinput: update to 1.13.1 libnotify: update to 0.7.8 libpng: update to 1.6.37 libcroco: update to 0.6.13 libpsl: update to 0.21.0 git: update to 2.21.0 quota: update to 4.05 gnupg: update to 2.2.15 lz4: update to 1.9.0 orc: update to 0.4.29 help2man-native: update to 1.47.10 cups: update to 2.2.11 pixman: update to 0.38.4 libcap: update to 2.27 ninja: add Upstream-Status and SOB for musl patch python-numpy: update to 1.16.3 python3-pygobject: update to 3.32.1 wget: update to 1.20.3 libsolv: update to 0.7.4 ell: add recipe sqlite3: update to 3.28.0 kmscube: update to latest revision coreutils: update to 8.31 mtools: update to 4.0.23 msmtp: update to 1.8.4 wpa-supplicant: update to 2.8 bitbake.conf: use https instead of http ell: update to 0.20 Paul Barker (3): oe.path: Add copyhardlink() helper function license_image: Use new oe.path.copyhardlink() helper gdb: Fix aarch64 build with musl Peter Kjellerstedt (1): systemd: Use PACKAGECONFIG definition to depend on libnss-myhostname Randy MacLeod (5): valgrind: update from 3.14.0 to 3.15.0 valgrind: fix vg_regtest return code valgrind: update the ptest subdirs list valgrind: adjust test filters and expected output valgrind: fix call/cachegrind ptests Richard Purdie (52): pseudo: Update to gain key bugfixes python3: Avoid hanging tests python3: Fix ptest output parsing go.bbclass: Remove unused override goarch.bbclass: Simplify logic e2fsprogs: Skip slow ptest tests bitbake: bitbake: Update version to 1.42.0 poky.conf: Bump version for 2.7 warrior release build-appliance-image: Update to warrior head revision bitbake: bitbake: Post release version bumnp to 1.43 poky.conf: Post release version bump build-appliance-image: Update to master head revision Revert "nettle: fix ptest failure" core-image-sato-sdk-ptest: Try and keep image below 4GB limit core-image-sato-ptest-fast: Add 'fast' ptest execution image core-image-sato-sdk-ptest: Include more ptests in ptest image core-image-sato-sdk-ptest: Add temporary PROVIDES core-image-sato-ptest resultool/resultutils: Fix module import error lttng-tools: Add missing patch Upstream-Status utils/multiprocess_launch: Improve failing subprocess output python3: Drop ptest hack ptest-packagelists: Add m4 and gettext as 'fast' ptests bitbake: knotty: Implement console 'keepalive' output bitbake: build: Ensure warning for invalid task dependencies is useful bitbake: build: Disable warning about dependent tasks for now oeqa/ssh: Avoid unicode decode exceptions elfutils: ptest fixes elfutils: Fix ptest compile failures on musl bitbake: bitbake: Add initial pass of SPDX license headers to source code bitbake: bitbake: Drop duplicate license boilerplace text bitbake: bitbake: Strip old editor directives from file headers bitbake: HEADER: Drop it openssh/systemd/python/qemu: Fix patch Upstream-Status scripts/pybootchart: Fix mixed indentation scripts/pybootchart: Port to python3 scripts/pybootchart/draw: Clarify some variable names scripts/pybootchart/draw: Fix some bounding problems coreutils: Fix patch upstream status field oeqa: Drop OETestID meta/lib+scripts: Convert to SPDX license headers oeqa/core/runner: Handle unexpectedSucesses oeqa/systemd_boot: Drop OETestID oeqa/runner: Fix subunit setupClass/setupModule failure handling oeqa/concurrenttest: Patch subunit module to handle classSetup failures tcmode-default: Add PREFERRED_VERSION for libgfortran oeqa/selftest: Automate manual pybootchart tests openssh: Avoid PROVIDES warning from rng-tools dependency oeqa/target/ssh: Replace suggogatepass with ignoring errors core-image-sato-sdk-ptest: Tweak size to stay within 4GB limit valgrind: Include debugging symbols in ptests dbus-test: Improve ptest dependencies dependencies ptest: Add RDEPENDS frpm PN-ptest to PN package Robert Joslyn (1): qemu: Add PACKAGECONFIG for snappy Robert Yang (6): bitbake: bitbake-diffsigs: Use 4 spaces as indent for recursecb bitbake: bb: siggen: Make dump_sigfile and compare_sigfiles print uuid4 bitbake: bb: siggen: Print more info when basehash are mis-matched bitbake: BBHandler: Fix addtask and deltask bitbake: build.py: check dependendent task for addtask bitbake: tests/parse.py: Add testcase for addtask and deltask Ross Burton (14): lttng-tools: fix Upstream-Status acpica: upgrade to 20190215 staging: add ${datadir}/gtk-doc/html to the sysroot blacklist mpg123: port to use libsdl2 meta-poky: remove obsolete DISTRO_FEATURES_LIBC m4: update patch status packagegroup-core-full-cmdline: remove zlib wic: change expand behaviour to match docs wic: add global debug option gtk-icon-cache: clean up DEPENDS patch: add minver and maxver parameters glib-2.0: fix locale handling glib-2.0: add missing locales for the tests glib-2.0: fix last failing ptest Scott Rifenbark (34): bitbake: poky.ent: Removed "ECLIPSE" entity variables. bitbake: bitbake-user-manual: Added section on modifying variables Makefile: Removed Eclipse support Documentation: Removed customization.xsl files for Eclipse mega-manual: Removed two Eclipse figures from tarball list mega-manual, overview-manual: Added updated index releases figure poky.ent: Removed Eclipse related variables. mega-manual: Removed the Eclipse chapters dev-manual: Removed all references to Eclipse. overview-manual: Removed all references to Eclipse profile-manual: Removed all references to Eclipse ref-manual: Removed all references to Eclipse sdk-manual: Removed all references to Eclipse sdk-manual: Removed all references to Eclipse dev-manual; brief-yoctoprojectqs: Updated checkout branch example dev-manual: Added reasoning blurb to "Viewing Variables" section. ref-manual: Inserted Migration 2.7 section. ref-manual: Added Eclipse removal for migration section. ref-manual: Added "License Value Corrections to migration. ref-manual: Added Fedora 29 to the supported distros list. poky.ent: changed 2.7 release variable date to "May 2019" ref-manual: Review comments applied to 2.7 migration section. documentation: Prepared for 2.8 release bsp-guide: Removed inaccurate "container layer" references. ref-manual: Updated the "Container Layer" term. bsp-guide: Updated the "beaglebone-yocto.conf" example. documentation: Cleaned up "plug-in"/"plugin" terminology. bsp-guide: Updated the BSP kernel recipe example. ref-manual: Updated PREFERRED_VERSION variable to use 5.0 bsp-guide: More corrections to the BSP Kernel Recipe example dev-manual: Added cross-link to "Fetchers" section in BB manual. bitbake: bitbake-user-manual: Added npm to other fetcher list. overview-manual: Updated SMC section to link to fetchers ref-manual: Added "npm" information to the SRC_URI variable. Stefan Kral (1): bitbake: build: Add verbnote to shell log commands Stefan Müller-Klieser (1): cml1.bbclass: fix undefined behavior Steven Hung (洪于玉) (1): kernel.bbclass: convert base_do_unpack_append() to a task Tom Rini (2): vim: Rework to not rely on relative directories vim: Update to 8.1.1240 Wenlin Kang (1): systemd: install libnss-myhostname.so when myhostname be enabled Yeoh Ee Peng (1): resulttool/manualexecution: Refactor and remove duplicate code Yi Zhao (2): harfbuzz: update source checksums after upstream replaced the tarball libyaml: update SRC_URI[md5sum] and SRC_URI[sha256sum] Ying-Chun Liu (PaulLiu) (1): uboot-sign: Fix u-boot-nodtb symlinks Zang Ruochen (10): libatomic-ops:upgrade 7.6.8 -> 7.6.10 libgpg-error:upgrade 1.35 -> 1.36 libxft:upgrade 2.3.2 -> 2.3.3 libxxf86dga:upgrade 1.1.4 -> 1.1.5 nss:upgrade 3.42.1 -> 3.43 sysprof:upgrade 3.30.2 -> 3.32.0 libtirpc:upgrade 1.0.3 -> 1.1.4 xtrans:upgrade 1.3.5 -> 1.4.0 harfbuzz:upgrade 2.3.1 -> 2.4.0 icu: Upgrade 64.1 -> 64.2 Zheng Ruoqin (1): sanity: check_perl_modules bug fix sangeeta jain (1): resulttool/manualexecution: Enable test case configuration option meta-openembedded: 4a9deabbc8..1ecd8b4364: Adrian Bunk (34): linux-atm: Remove DEPENDS on virtual/kernel and PACKAGE_ARCH linux-atm: Replace bogus on_exit removal with musl-specific hack ledmon: Mark as incompatible on musl instead of adding bogus patch efivars: Drop workaround patch for host gcc < 4.7 sshfs-fuse: upgrade 2.8 -> 2.10 wv: upgrade 1.2.4 -> 1.2.9 caps: Upgrade 0.9.24 -> 0.9.26 dvb-apps: Remove dvb-fe-xc5000c-4.1.30.7.fw schroedinger: Remove the obsolete DEPENDS on liboil vlc: Remove workaround and patches for problems fixed upstream Remove liboil dnrd: Remove stale files of recipe removed 2 years ago postfix: Upgrade 3.4.1 -> 3.4.5 pptp-linux: Upgrade 1.9.0 -> 1.10.0 dovecot: Upgrade 2.2.36 -> 2.2.36.3 postgresql: Upgrade 11.2 -> 11.3 rocksdb: Upgrade 5.18.2 -> 5.18.3 cloud9: Remove stale files of recipe removed 2 years ago fluentbit: Upgrade 0.12.1 -> 0.12.19 libcec: Upgrade 4.0.2 -> 4.0.4 libqb: Upgrade 1.0.3 -> 1.0.5 openwsman: Upgrade 2.6.8 -> 2.6.9 glm: Upgrade 0.9.9.3 -> 0.9.9.5 fvwm: Upgrade 2.6.7 -> 2.6.8 augeas: Upgrade 1.11.0 -> 1.12.0 ccid: Upgrade 1.4.24 -> 1.4.30 daemonize: Upgrade 1.7.7 -> 1.7.8 inotify-tools: Upgrade 3.14 -> 3.20.1 liboop: Upgrade 1.0 -> 1.0.1 ode: Remove stale file of recipe removed 2 years ago openwbem: Remove stale files of recipe removed 2 years ago catch2: Upgrade 2.6.1 -> 2.7.2 geos: Upgrade 3.4.2 -> 3.4.3 rdfind: Upgrade 1.3.4 -> 1.4.1 Akshay Bhat (3): python-urllib3: Set CVE_PRODUCT python3-pillow: Set CVE_PRODUCT python-requests: Set CVE_PRODUCT Alistair Francis (3): mycroft: Update the systemd service to ensure we are ready to start mycroft: Bump from 19.2.2 to 19.2.3 python-obd: Add missing RDEPENDS Andreas Müller (33): gvfs: remove executable permission from systemd user services udisks2: upgrade 2.8.1 -> 2.8.2 parole: upgrade 1.0.1 -> 1.0.2 ristretto: upgrade 0.8.3 -> 0.8.4 networkmanager: rework musl build gvfs: remove systemd user unit executable permission adjustment fltk: upgrade 1.3.4-2 -> 1.3.5 samba: install bundled libs into seperate packages samba: rework localstatedir package split fluidsynth: upgrade 2.0.4 -> 2.0.5 xfce4-vala: auto-detect vala api version gnome-desktop3: set correct meson gtk doc option vlc: rework qt PACKAGECONFIG evince: add patch to fix build with recent gobject-introspection xfce4-cpufreq-plugin: Fix memory leak and reduce CPU load packagegroup-meta-networking: replace DISTRO_FEATURE by DISTRO_FEATURES meta-xfce: add meta-networking to layer depends gtksourceview4: initial add 4.2.0 gtksourceview-classic-light: extend to gtksourceview4 itstool: rework - it went out too early fontforge: upgrade 20170731 -> 20190413 exo: upgrade 0.12.4 -> 0.12.5 xfce4-places-plugin: upgrade 1.7.0 -> 1.8.0 xfce4-datetime-plugin: upgrade 0.7.0 -> 0.7.1 xfce4-notifyd: upgrade 0.4.3 -> 0.4.4 desktop-file-utils: remove - a more recent version is in oe-core libwnck3: upgrade 3.30.0 and move to meson build xfce4-terminal: add vte-prompt to RRECOMMENDS xfce4-session: get rid of machine-host xfce4-session: remove strange entry in FILES_${PN} libxfce4ui: Add PACKAGECONFIG 'gladeui2' for glade (gtk3) support glade3: move to to meta-xfce Remove me as maintainer Andrej Valek (2): squid: upgrade squid 3.5.28 -> 4.6 ntp: upgrade 4.2.8p12 -> 4.2.8p13 Ankit Navik (1): libnfc: Initial recipe for Near Field Communication library. Armin Kuster (1): meta-filesystems: drop bitbake from README Changqing Li (5): gd: fix compile error caused by -Werror=maybe-uninitialized apache2: add back patch for set perlbin php: upgrade 7.3.2 -> 7.3.4 postgresql: fix compile error php: correct httpd path Chris Garren (1): python-cryptography: Move linker flag to .inc Denys Dmytriyenko (1): v4l-utils: upgrade 1.16.0 -> 1.16.5 Gianfranco Costamagna (1): cpprest: update to 2.10.13, drop 32bit build fix upstream Hains van den Bosch (1): libcdio: update to version 2.1.0 Hongxu Jia (1): pmtools: use update-alternatives for acpidump Hongzhi.Song (1): lua: upgrade from v5.3.4 to v5.3.5 Ivan Maidanski (1): bdwgc: upgrade 7.6.12 -> 8.0.4 Johannes Pointner (1): samba: update to 4.8.11 Kai Kang (3): gvfs: fix typo libexec drbd: fix compile errors drbd-utils: fix file conflict with base-files Khem Raj (3): redis: Upgrade to 4.0.14 squid: Link with libatomic on mips/ppc cpupower: Inherit bash completion class Leon Anavi (1): openbox: Add python-shell as a runtime dependency Liwei Song (1): ledmon: control hard disk led for RAID arrays Mark Asselstine (1): xfconf: fix 'Failed to get connection to xfconfd' during do_rootfs Martin Jansa (13): ftgl: add x11 to required DISTRO_FEATURES like freeglut libforms: add x11 to required DISTRO_FEATURES because of libx11 Revert "ell: remove recipe" ne10: set NE10_TARGET_ARCH with an override instead of anonymous python libopus: use armv7a, aarch64 overrides when adding ne10 dependency esound: fix SRC_URI for multilib opusfile: fix SRC_URI for multilib miniupnpd: fix SRC_URI for multilib zbar: fix SRC_URI for multilib libvncserver: set PV in the recipe efivar: prevent native efivar depending on target kernel libdbi-perl: prevent native libdbi-perl depending on target perl aufs-util: prevent native aufs-util depending on target kernel Ming Liu (1): libmodbus: add documentation PACKAGECONFIG Mingli Yu (6): indent: Upgrade to 2.2.12 hostapd: Upgrade to 2.8 hwdata: Upgrade to 0.322 rrdtool: Upgrade to 1.7.1 libdev-checklib-perl: add new recipe libdbd-mysql-perl: Upgrade to 4.050 Nathan Rossi (1): fatresize_1.0.2.bb: Add recipe for fatresize command line tool Nicolas Dechesne (3): cpupower: remove LIC_FILES_CHKSUM bpftool: remove LIC_FILES_CHKSUM cannelloni: move from meta-oe to meta-networking Oleksandr Kravchuk (38): smcroute: update to 2.4.4 phytool: update to v2 fwknop: update to 2.6.10 cifs-utils: update to 6.9 keepalived: update to 2.0.15 usbredir: update to 0.8.0 open-isns: update to 0.99 nanomsg: update to 1.1.5 stunnel: update to 5.51 babeld: update to 1.8.4 drbd-utils: update to 9.8.0 drbd: update to 9.0.17-1 macchanger: update to 1.7.0 wolfssl: update to 4.0.0 ell: remove recipe analyze-suspend: update to 5.3 chrony: update to 3.4 nghttp2: update to 1.38 nano: update to 4.1 networkmanager-openvpn: update to 1.8.10 wpan-tools: update to 0.9 uftp: update to 4.9.9 vblade: add UPSTREAM_CHECK_URI traceroute: add UPSTREAM_CHECK_URI nuttcp: update to 8.2.2 nfacct: add UPSTREAM_CHECK_URI nftables: add UPSTREAM_CHECK_URI libnetfilter-queue: update to 1.0.3 arno-iptables-firewall: update to 2.0.3 ypbind-mt: update to 2.6 ebtables: add UPSTREAM_CHECK_URI doxygen: replace ninja 1.9.0 fix with official one libnetfilter-queue: fix update to 1.0.3 networkd-dispatcher: update to 2.0.1 opensaf: update to 5.19.01 libnetfilter-conntrack: update to 1.0.7 conntrack-tools: update to 1.4.5 openvpn: update to 2.4.7 Paolo Valente (1): s-suite: push SRCREV to version 3.2 Parthiban Nallathambi (6): python3-aiohttp: add version 3.5.4 python3-supervisor: add version 4.0.2 python3-websocket-client: add version 0.56.0 python3-tinyrecord: add version 0.1.5 python3-sentry-sdk: add version 0.7.14 python3-raven: add version 6.10.0 Pascal Bach (2): paho-mqtt-c: 1.2.1 -> 1.3.0 thrift: update to 0.12.0 Pavel Modilaynen (1): jsoncpp: add native BBCLASSEXTEND Peter Kjellerstedt (2): apache2: Correct appending to SYSROOT_PREPROCESS_FUNCS apache2: Correct packaging of build and doc related files Philip Balister (1): sip: Update to 4.19.16. Qi.Chen@windriver.com (4): multipath-tools: fix up patch to avoid segfault netkit-rsh: add tag to CVE patch ipsec-tools: fix CVE tag in patch gd: set CVE_PRODUCT Randy MacLeod (1): imagemagick: update from 7.0.8-35 to 7.0.8-43 Robert Joslyn (5): gpm: Fix gpm path in unit file gpm: Add PID file to systemd unit file gpm: Generate documentation gpm: Remove duplicate definition of _GNU_SOURCE gpm: Recipe cleanup Sean Nyekjaer (2): cannelloni: new package, CAN to ethernet proxy ser2net: upgrade to version 3.5.1 Vincent Prince (1): mongodb: Fix build with gcc Wenlin Kang (1): samba: add PACKAGECONFIG for libunwind Yi Zhao (7): python-flask-socketio: move to meta-python directory apache2: upgrade 2.4.34 -> 2.4.39 apache-websocket: upgrade to latest git rev netkit-rsh: security fixes openhpi: fix failure of ptest case ohpi_035 openhpi: update openhpi-fix-testfail-errors.patch phpmyadmin: upgrade 4.8.3 -> 4.8.5 Zang Ruochen (43): xlsatoms: upgrade 1.1.2 -> 1.1.3 xrdb: upgrade 1.1.1 -> 1.2.0 xrefresh: upgrade 1.0.5 -> 1.0.6 xsetroot: upgrade 1.1.1 -> 1.1.2 xstdcmap: upgrade 1.0.3 -> 1.0.4 xbitmaps: upgrade 1.1.1 -> 1.1.2 wireshark: upgrade 3.0.0 -> 3.0.1 python-cffi: upgrade 1.11.5 -> 1.12.2 python-attrs: upgrade 18.1.0 -> 19.1.0 python-certifi: upgrade 2018.8.13 -> 2019.3.9 python-beabutifulsoup4: upgrade 4.6.0 -> 4.7.1 python-dateutil: upgrade 2.7.3 -> 2.8.0 python-mako: upgrade 1.0.7 -> 1.0.9 python-msgpack: upgrade 0.6.0 -> 0.6.1 python-paste: upgrade 3.0.6 -> 3.0.8 python-psutil: upgrade 5.4.6 -> 5.6.1 python-py: upgrade 1.6.0 -> 1.8.0 python-pymongo: upgrade 3.7.1 -> 3.7.2 python-pyopenssl: upgrade 18.0.0 -> 19.0.0 python-pytz: upgrade 2018.5 -> 2019.1 python-stevedore: upgrade 1.29.0 -> 1.30.1 python-pbr: upgrade 4.2.0 -> 5.1.3 python-cython: upgrade 0.28.5 -> 0.29.6 python-editor: upgrade 1.0.3 -> 1.0.4 python-jinja2: upgrade 2.10 -> 2.10.1 python-lxml: upgrade 4.3.1 -> 4.3.3 python-alembic: upgrade 1.0.0 -> 1.0.9 python-cffi: upgrade 1.12.2 -> 1.12.3 python-hyperlink: upgrade 18.0.0 -> 19.0.0 python-twisted: upgrade 18.4.0 -> 19.2.0 python-zopeinterface: upgrade 4.5.0 -> 4.6.0 python-decorator: upgrade 4.3.0 -> 4.4.0 python-pip: upgrade 18.0 -> 19.1 python-pyasn1: upgrade 0.4.4 -> 0.4.5 libnet-dns-perl: upgrade 1.19 -> 1.20 python-alembic: upgrade 1.0.9 -> 1.0.10 python-cython: upgrade 0.29.6 -> 0.29.7 python-mock: upgrade 2.0.0 -> 3.0.5 python-pbr: upgrade 5.1.3 -> 5.2.0 python-psutil: upgrade 5.6.1 -> 5.6.2 python-pymongo: upgrade 3.7.2 -> 3.8.0 python-pyperclip: upgrade 1.6.2 -> 1.7.0 python-rfc3987: upgrade 1.3.7 -> 1.3.8 leimaohui (3): To fix confilict error with python3-pbr. python-pycodestyle: Fix conflict error with python3-pycodestyle during do_rootfs mozjs: Make mozjs support arm32BE. meta-raspberrypi: 9ceb84ee9e..7059c37451: Francesco Giancane (1): qtbase_%.bbappend: update PACKAGECONFIG name for xkbcommon Gianluigi Tiesi (1): psplash: Raise alternatives priority to 200 Martin Jansa (3): linux_raspberrypi_4.19: Update to 4.19.34 bluez5: apply the same patches and pi-bluetooth dependency for all rpi MACHINEs userland: use default PACKAGE_ARCH Paul Barker (3): linux-raspberrypi: Update 4.14.y kernel linux-raspberrypi: Switch default back to 4.14.y linux-raspberrypi 4.9: Drop old version meta-security: 8a1f54a246..9f5cc2a7eb: Alexander Kanavin (1): apparmor: fetch from git Armin Kuster (15): clamav runtime: add resolve.conf support clamav: fix llvm reference version libldb: add waf-cross-answeres clamav: runtime fix local routing clamav: add clamav-cvd package for cvd db clamav-native: fix new build issue apparmor: fix fragment for 5.0 kernel apparmor: add a few more runtime smack: move patch to smack dir smack-test: add smack tests from meta-intel-iot-security samhain: add more tests and fix ret checks libldb: add earlier version libseccomp: update to 2.4.1 oe-selftest: add running cve checker smack: kernel fragment update Yi Zhao (2): meta-tpm/conf/layer.conf: update layer dependencies meta-tpm/README: update Change-Id: I9e02cb75a779f25fca84395144025410bb609dfa Signed-off-by: Brad Bishop --- ...ve-progressmeter-force-an-update-at-the-b.patch | 121 +++++++++ .../openssh/openssh/CVE-2018-20685.patch | 40 +++ .../openssh/openssh/CVE-2019-6109.patch | 275 +++++++++++++++++++++ .../openssh/openssh/CVE-2019-6111.patch | 187 ++++++++++++++ .../recipes-connectivity/openssh/openssh_7.9p1.bb | 5 + 5 files changed, 628 insertions(+) create mode 100644 poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-Have-progressmeter-force-an-update-at-the-b.patch create mode 100644 poky/meta/recipes-connectivity/openssh/openssh/CVE-2018-20685.patch create mode 100644 poky/meta/recipes-connectivity/openssh/openssh/CVE-2019-6109.patch create mode 100644 poky/meta/recipes-connectivity/openssh/openssh/CVE-2019-6111.patch (limited to 'poky/meta/recipes-connectivity/openssh') diff --git a/poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-Have-progressmeter-force-an-update-at-the-b.patch b/poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-Have-progressmeter-force-an-update-at-the-b.patch new file mode 100644 index 000000000..4c9d57442 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-Have-progressmeter-force-an-update-at-the-b.patch @@ -0,0 +1,121 @@ +From 5df934e2279e8ed1f07b990f4b2b3baf6470f7e5 Mon Sep 17 00:00:00 2001 +From: "dtucker@openbsd.org" +Date: Thu, 24 Jan 2019 16:52:17 +0000 +Subject: [PATCH] upstream: Have progressmeter force an update at the beginning + and + +end of each transfer. Fixes the problem recently introduces where very quick +transfers do not display the progressmeter at all. Spotted by naddy@ + +OpenBSD-Commit-ID: 68dc46c259e8fdd4f5db3ec2a130f8e4590a7a9a +Upstream-Status: Backport +Signed-off-by: Anuj Mittal +--- + progressmeter.c | 13 +++++-------- + progressmeter.h | 4 ++-- + scp.c | 2 +- + sftp-client.c | 2 +- + 4 files changed, 9 insertions(+), 12 deletions(-) + +diff --git a/progressmeter.c b/progressmeter.c +index add462d..e385c12 100644 +--- a/progressmeter.c ++++ b/progressmeter.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: progressmeter.c,v 1.46 2019/01/23 08:01:46 dtucker Exp $ */ ++/* $OpenBSD: progressmeter.c,v 1.47 2019/01/24 16:52:17 dtucker Exp $ */ + /* + * Copyright (c) 2003 Nils Nordman. All rights reserved. + * +@@ -59,9 +59,6 @@ static void format_rate(char *, int, off_t); + static void sig_winch(int); + static void setscreensize(void); + +-/* updates the progressmeter to reflect the current state of the transfer */ +-void refresh_progress_meter(void); +- + /* signal handler for updating the progress meter */ + static void sig_alarm(int); + +@@ -120,7 +117,7 @@ format_size(char *buf, int size, off_t bytes) + } + + void +-refresh_progress_meter(void) ++refresh_progress_meter(int force_update) + { + char buf[MAX_WINSIZE + 1]; + off_t transferred; +@@ -131,7 +128,7 @@ refresh_progress_meter(void) + int hours, minutes, seconds; + int file_len; + +- if ((!alarm_fired && !win_resized) || !can_output()) ++ if ((!force_update && !alarm_fired && !win_resized) || !can_output()) + return; + alarm_fired = 0; + +@@ -254,7 +251,7 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr) + bytes_per_second = 0; + + setscreensize(); +- refresh_progress_meter(); ++ refresh_progress_meter(1); + + signal(SIGALRM, sig_alarm); + signal(SIGWINCH, sig_winch); +@@ -271,7 +268,7 @@ stop_progress_meter(void) + + /* Ensure we complete the progress */ + if (cur_pos != end_pos) +- refresh_progress_meter(); ++ refresh_progress_meter(1); + + atomicio(vwrite, STDOUT_FILENO, "\n", 1); + } +diff --git a/progressmeter.h b/progressmeter.h +index 8f66780..1703ea7 100644 +--- a/progressmeter.h ++++ b/progressmeter.h +@@ -1,4 +1,4 @@ +-/* $OpenBSD: progressmeter.h,v 1.4 2019/01/23 08:01:46 dtucker Exp $ */ ++/* $OpenBSD: progressmeter.h,v 1.5 2019/01/24 16:52:17 dtucker Exp $ */ + /* + * Copyright (c) 2002 Nils Nordman. All rights reserved. + * +@@ -24,5 +24,5 @@ + */ + + void start_progress_meter(const char *, off_t, off_t *); +-void refresh_progress_meter(void); ++void refresh_progress_meter(int); + void stop_progress_meter(void); +diff --git a/scp.c b/scp.c +index 4a342a6..0587cec 100644 +--- a/scp.c ++++ b/scp.c +@@ -585,7 +585,7 @@ scpio(void *_cnt, size_t s) + off_t *cnt = (off_t *)_cnt; + + *cnt += s; +- refresh_progress_meter(); ++ refresh_progress_meter(0); + if (limit_kbps > 0) + bandwidth_limit(&bwlimit, s); + return 0; +diff --git a/sftp-client.c b/sftp-client.c +index 2bc698f..cf2887a 100644 +--- a/sftp-client.c ++++ b/sftp-client.c +@@ -101,7 +101,7 @@ sftpio(void *_bwlimit, size_t amount) + { + struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit; + +- refresh_progress_meter(); ++ refresh_progress_meter(0); + if (bwlimit != NULL) + bandwidth_limit(bwlimit, amount); + return 0; +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/openssh/openssh/CVE-2018-20685.patch b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2018-20685.patch new file mode 100644 index 000000000..c5b3baece --- /dev/null +++ b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2018-20685.patch @@ -0,0 +1,40 @@ +From 6010c0303a422a9c5fa8860c061bf7105eb7f8b2 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Fri, 16 Nov 2018 03:03:10 +0000 +Subject: [PATCH] upstream: disallow empty incoming filename or ones that refer + to the + +current directory; based on report/patch from Harry Sintonen + +OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9 + +CVE: CVE-2018-20685 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal +--- + scp.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/scp.c b/scp.c +index 60682c6..4f3fdcd 100644 +--- a/scp.c ++++ b/scp.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: scp.c,v 1.197 2018/06/01 04:31:48 dtucker Exp $ */ ++/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */ + /* + * scp - secure remote copy. This is basically patched BSD rcp which + * uses ssh to do the data transfer (instead of using rcmd). +@@ -1106,7 +1106,8 @@ sink(int argc, char **argv) + SCREWUP("size out of range"); + size = (off_t)ull; + +- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { ++ if (*cp == '\0' || strchr(cp, '/') != NULL || ++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { + run_err("error: unexpected filename: %s", cp); + exit(1); + } +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/openssh/openssh/CVE-2019-6109.patch b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2019-6109.patch new file mode 100644 index 000000000..dabe4a6c9 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2019-6109.patch @@ -0,0 +1,275 @@ +From 15d47c3bd8551521240bc459fc004c280daef817 Mon Sep 17 00:00:00 2001 +From: "dtucker@openbsd.org" +Date: Wed, 23 Jan 2019 08:01:46 +0000 +Subject: [PATCH] upstream: Sanitize scp filenames via snmprintf. To do this we + move + +the progressmeter formatting outside of signal handler context and have the +atomicio callback called for EINTR too. bz#2434 with contributions from djm +and jjelen at redhat.com, ok djm@ + +OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8 +CVE: CVE-2019-6109 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal +--- + atomicio.c | 20 +++++++++++++++----- + progressmeter.c | 53 ++++++++++++++++++++++++----------------------------- + progressmeter.h | 3 ++- + scp.c | 1 + + sftp-client.c | 16 +++++++++------- + 5 files changed, 51 insertions(+), 42 deletions(-) + +diff --git a/atomicio.c b/atomicio.c +index f854a06..d91bd76 100644 +--- a/atomicio.c ++++ b/atomicio.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: atomicio.c,v 1.28 2016/07/27 23:18:12 djm Exp $ */ ++/* $OpenBSD: atomicio.c,v 1.29 2019/01/23 08:01:46 dtucker Exp $ */ + /* + * Copyright (c) 2006 Damien Miller. All rights reserved. + * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. +@@ -65,9 +65,14 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, + res = (f) (fd, s + pos, n - pos); + switch (res) { + case -1: +- if (errno == EINTR) ++ if (errno == EINTR) { ++ /* possible SIGALARM, update callback */ ++ if (cb != NULL && cb(cb_arg, 0) == -1) { ++ errno = EINTR; ++ return pos; ++ } + continue; +- if (errno == EAGAIN || errno == EWOULDBLOCK) { ++ } else if (errno == EAGAIN || errno == EWOULDBLOCK) { + #ifndef BROKEN_READ_COMPARISON + (void)poll(&pfd, 1, -1); + #endif +@@ -122,9 +127,14 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd, + res = (f) (fd, iov, iovcnt); + switch (res) { + case -1: +- if (errno == EINTR) ++ if (errno == EINTR) { ++ /* possible SIGALARM, update callback */ ++ if (cb != NULL && cb(cb_arg, 0) == -1) { ++ errno = EINTR; ++ return pos; ++ } + continue; +- if (errno == EAGAIN || errno == EWOULDBLOCK) { ++ } else if (errno == EAGAIN || errno == EWOULDBLOCK) { + #ifndef BROKEN_READV_COMPARISON + (void)poll(&pfd, 1, -1); + #endif +diff --git a/progressmeter.c b/progressmeter.c +index fe9bf52..add462d 100644 +--- a/progressmeter.c ++++ b/progressmeter.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: progressmeter.c,v 1.45 2016/06/30 05:17:05 dtucker Exp $ */ ++/* $OpenBSD: progressmeter.c,v 1.46 2019/01/23 08:01:46 dtucker Exp $ */ + /* + * Copyright (c) 2003 Nils Nordman. All rights reserved. + * +@@ -31,6 +31,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -39,6 +40,7 @@ + #include "progressmeter.h" + #include "atomicio.h" + #include "misc.h" ++#include "utf8.h" + + #define DEFAULT_WINSIZE 80 + #define MAX_WINSIZE 512 +@@ -61,7 +63,7 @@ static void setscreensize(void); + void refresh_progress_meter(void); + + /* signal handler for updating the progress meter */ +-static void update_progress_meter(int); ++static void sig_alarm(int); + + static double start; /* start progress */ + static double last_update; /* last progress update */ +@@ -74,6 +76,7 @@ static long stalled; /* how long we have been stalled */ + static int bytes_per_second; /* current speed in bytes per second */ + static int win_size; /* terminal window size */ + static volatile sig_atomic_t win_resized; /* for window resizing */ ++static volatile sig_atomic_t alarm_fired; + + /* units for format_size */ + static const char unit[] = " KMGT"; +@@ -126,9 +129,17 @@ refresh_progress_meter(void) + off_t bytes_left; + int cur_speed; + int hours, minutes, seconds; +- int i, len; + int file_len; + ++ if ((!alarm_fired && !win_resized) || !can_output()) ++ return; ++ alarm_fired = 0; ++ ++ if (win_resized) { ++ setscreensize(); ++ win_resized = 0; ++ } ++ + transferred = *counter - (cur_pos ? cur_pos : start_pos); + cur_pos = *counter; + now = monotime_double(); +@@ -158,16 +169,11 @@ refresh_progress_meter(void) + + /* filename */ + buf[0] = '\0'; +- file_len = win_size - 35; ++ file_len = win_size - 36; + if (file_len > 0) { +- len = snprintf(buf, file_len + 1, "\r%s", file); +- if (len < 0) +- len = 0; +- if (len >= file_len + 1) +- len = file_len; +- for (i = len; i < file_len; i++) +- buf[i] = ' '; +- buf[file_len] = '\0'; ++ buf[0] = '\r'; ++ snmprintf(buf+1, sizeof(buf)-1 , &file_len, "%*s", ++ file_len * -1, file); + } + + /* percent of transfer done */ +@@ -228,22 +234,11 @@ refresh_progress_meter(void) + + /*ARGSUSED*/ + static void +-update_progress_meter(int ignore) ++sig_alarm(int ignore) + { +- int save_errno; +- +- save_errno = errno; +- +- if (win_resized) { +- setscreensize(); +- win_resized = 0; +- } +- if (can_output()) +- refresh_progress_meter(); +- +- signal(SIGALRM, update_progress_meter); ++ signal(SIGALRM, sig_alarm); ++ alarm_fired = 1; + alarm(UPDATE_INTERVAL); +- errno = save_errno; + } + + void +@@ -259,10 +254,9 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr) + bytes_per_second = 0; + + setscreensize(); +- if (can_output()) +- refresh_progress_meter(); ++ refresh_progress_meter(); + +- signal(SIGALRM, update_progress_meter); ++ signal(SIGALRM, sig_alarm); + signal(SIGWINCH, sig_winch); + alarm(UPDATE_INTERVAL); + } +@@ -286,6 +280,7 @@ stop_progress_meter(void) + static void + sig_winch(int sig) + { ++ signal(SIGWINCH, sig_winch); + win_resized = 1; + } + +diff --git a/progressmeter.h b/progressmeter.h +index bf179dc..8f66780 100644 +--- a/progressmeter.h ++++ b/progressmeter.h +@@ -1,4 +1,4 @@ +-/* $OpenBSD: progressmeter.h,v 1.3 2015/01/14 13:54:13 djm Exp $ */ ++/* $OpenBSD: progressmeter.h,v 1.4 2019/01/23 08:01:46 dtucker Exp $ */ + /* + * Copyright (c) 2002 Nils Nordman. All rights reserved. + * +@@ -24,4 +24,5 @@ + */ + + void start_progress_meter(const char *, off_t, off_t *); ++void refresh_progress_meter(void); + void stop_progress_meter(void); +diff --git a/scp.c b/scp.c +index 4f3fdcd..4a342a6 100644 +--- a/scp.c ++++ b/scp.c +@@ -585,6 +585,7 @@ scpio(void *_cnt, size_t s) + off_t *cnt = (off_t *)_cnt; + + *cnt += s; ++ refresh_progress_meter(); + if (limit_kbps > 0) + bandwidth_limit(&bwlimit, s); + return 0; +diff --git a/sftp-client.c b/sftp-client.c +index 4986d6d..2bc698f 100644 +--- a/sftp-client.c ++++ b/sftp-client.c +@@ -101,7 +101,9 @@ sftpio(void *_bwlimit, size_t amount) + { + struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit; + +- bandwidth_limit(bwlimit, amount); ++ refresh_progress_meter(); ++ if (bwlimit != NULL) ++ bandwidth_limit(bwlimit, amount); + return 0; + } + +@@ -121,8 +123,8 @@ send_msg(struct sftp_conn *conn, struct sshbuf *m) + iov[1].iov_base = (u_char *)sshbuf_ptr(m); + iov[1].iov_len = sshbuf_len(m); + +- if (atomiciov6(writev, conn->fd_out, iov, 2, +- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) != ++ if (atomiciov6(writev, conn->fd_out, iov, 2, sftpio, ++ conn->limit_kbps > 0 ? &conn->bwlimit_out : NULL) != + sshbuf_len(m) + sizeof(mlen)) + fatal("Couldn't send packet: %s", strerror(errno)); + +@@ -138,8 +140,8 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial) + + if ((r = sshbuf_reserve(m, 4, &p)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); +- if (atomicio6(read, conn->fd_in, p, 4, +- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) != 4) { ++ if (atomicio6(read, conn->fd_in, p, 4, sftpio, ++ conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) { + if (errno == EPIPE || errno == ECONNRESET) + fatal("Connection closed"); + else +@@ -157,8 +159,8 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial) + + if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); +- if (atomicio6(read, conn->fd_in, p, msg_len, +- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) ++ if (atomicio6(read, conn->fd_in, p, msg_len, sftpio, ++ conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) + != msg_len) { + if (errno == EPIPE) + fatal("Connection closed"); +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/openssh/openssh/CVE-2019-6111.patch b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2019-6111.patch new file mode 100644 index 000000000..e498da381 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2019-6111.patch @@ -0,0 +1,187 @@ +From 15cc3497367d2e9729353b3df75518548e845c82 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Sat, 26 Jan 2019 22:41:28 +0000 +Subject: [PATCH] upstream: check in scp client that filenames sent during + +remote->local directory copies satisfy the wildcard specified by the user. + +This checking provides some protection against a malicious server +sending unexpected filenames, but it comes at a risk of rejecting wanted +files due to differences between client and server wildcard expansion rules. + +For this reason, this also adds a new -T flag to disable the check. + +reported by Harry Sintonen +fix approach suggested by markus@; +has been in snaps for ~1wk courtesy deraadt@ + +OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda + +CVE: CVE-2019-6111 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal +--- + scp.1 | 12 +++++++++++- + scp.c | 37 +++++++++++++++++++++++++++++-------- + 2 files changed, 40 insertions(+), 9 deletions(-) + +diff --git a/scp.1 b/scp.1 +index 0e5cc1b..397e770 100644 +--- a/scp.1 ++++ b/scp.1 +@@ -18,7 +18,7 @@ + .Nd secure copy (remote file copy program) + .Sh SYNOPSIS + .Nm scp +-.Op Fl 346BCpqrv ++.Op Fl 346BCpqrTv + .Op Fl c Ar cipher + .Op Fl F Ar ssh_config + .Op Fl i Ar identity_file +@@ -208,6 +208,16 @@ to use for the encrypted connection. + The program must understand + .Xr ssh 1 + options. ++.It Fl T ++Disable strict filename checking. ++By default when copying files from a remote host to a local directory ++.Nm ++checks that the received filenames match those requested on the command-line ++to prevent the remote end from sending unexpected or unwanted files. ++Because of differences in how various operating systems and shells interpret ++filename wildcards, these checks may cause wanted files to be rejected. ++This option disables these checks at the expense of fully trusting that ++the server will not send unexpected filenames. + .It Fl v + Verbose mode. + Causes +diff --git a/scp.c b/scp.c +index 0587cec..b2d331e 100644 +--- a/scp.c ++++ b/scp.c +@@ -94,6 +94,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -375,14 +376,14 @@ void verifydir(char *); + struct passwd *pwd; + uid_t userid; + int errs, remin, remout; +-int pflag, iamremote, iamrecursive, targetshouldbedirectory; ++int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory; + + #define CMDNEEDS 64 + char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ + + int response(void); + void rsource(char *, struct stat *); +-void sink(int, char *[]); ++void sink(int, char *[], const char *); + void source(int, char *[]); + void tolocal(int, char *[]); + void toremote(int, char *[]); +@@ -421,8 +422,9 @@ main(int argc, char **argv) + addargs(&args, "-oRemoteCommand=none"); + addargs(&args, "-oRequestTTY=no"); + +- fflag = tflag = 0; +- while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1) ++ fflag = Tflag = tflag = 0; ++ while ((ch = getopt(argc, argv, ++ "dfl:prtTvBCc:i:P:q12346S:o:F:")) != -1) { + switch (ch) { + /* User-visible flags. */ + case '1': +@@ -501,9 +503,13 @@ main(int argc, char **argv) + setmode(0, O_BINARY); + #endif + break; ++ case 'T': ++ Tflag = 1; ++ break; + default: + usage(); + } ++ } + argc -= optind; + argv += optind; + +@@ -534,7 +540,7 @@ main(int argc, char **argv) + } + if (tflag) { + /* Receive data. */ +- sink(argc, argv); ++ sink(argc, argv, NULL); + exit(errs != 0); + } + if (argc < 2) +@@ -792,7 +798,7 @@ tolocal(int argc, char **argv) + continue; + } + free(bp); +- sink(1, argv + argc - 1); ++ sink(1, argv + argc - 1, src); + (void) close(remin); + remin = remout = -1; + } +@@ -968,7 +974,7 @@ rsource(char *name, struct stat *statp) + (sizeof(type) != 4 && sizeof(type) != 8)) + + void +-sink(int argc, char **argv) ++sink(int argc, char **argv, const char *src) + { + static BUF buffer; + struct stat stb; +@@ -984,6 +990,7 @@ sink(int argc, char **argv) + unsigned long long ull; + int setimes, targisdir, wrerrno = 0; + char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; ++ char *src_copy = NULL, *restrict_pattern = NULL; + struct timeval tv[2]; + + #define atime tv[0] +@@ -1008,6 +1015,17 @@ sink(int argc, char **argv) + (void) atomicio(vwrite, remout, "", 1); + if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) + targisdir = 1; ++ if (src != NULL && !iamrecursive && !Tflag) { ++ /* ++ * Prepare to try to restrict incoming filenames to match ++ * the requested destination file glob. ++ */ ++ if ((src_copy = strdup(src)) == NULL) ++ fatal("strdup failed"); ++ if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) { ++ *restrict_pattern++ = '\0'; ++ } ++ } + for (first = 1;; first = 0) { + cp = buf; + if (atomicio(read, remin, cp, 1) != 1) +@@ -1112,6 +1130,9 @@ sink(int argc, char **argv) + run_err("error: unexpected filename: %s", cp); + exit(1); + } ++ if (restrict_pattern != NULL && ++ fnmatch(restrict_pattern, cp, 0) != 0) ++ SCREWUP("filename does not match request"); + if (targisdir) { + static char *namebuf; + static size_t cursize; +@@ -1149,7 +1170,7 @@ sink(int argc, char **argv) + goto bad; + } + vect[0] = xstrdup(np); +- sink(1, vect); ++ sink(1, vect, src); + if (setimes) { + setimes = 0; + if (utimes(vect[0], tv) < 0) +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb index 6260135d5..3b4ed7223 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb +++ b/poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb @@ -24,6 +24,10 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ + file://CVE-2018-20685.patch \ + file://CVE-2019-6109.patch \ + file://0001-upstream-Have-progressmeter-force-an-update-at-the-b.patch \ + file://CVE-2019-6111.patch \ " SRC_URI[md5sum] = "c6af50b7a474d04726a5aa747a5dce8f" SRC_URI[sha256sum] = "6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aad" @@ -144,6 +148,7 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen" RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" +RRECOMMENDS_${PN}-sshd_append_class-target = " rng-tools" RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed" RPROVIDES_${PN}-ssh = "ssh" -- cgit v1.2.3