From 220d5534d34c16d996dd3eb9c3dcc94591f5ded4 Mon Sep 17 00:00:00 2001
From: Brad Bishop <bradleyb@fuzziesquirrel.com>
Date: Tue, 14 Aug 2018 00:59:39 +0100
Subject: poky: sumo refresh 874976b..45ef387

Update poky to sumo HEAD.

Alexander Kanavin (1):
      openssl: fix upstream version check for 1.0 version

Andre McCurdy (19):
      openssl_1.1: avoid using += with an over-ride
      openssl_1.1: minor recipe formatting tweaks etc
      openssl_1.0: merge openssl10.inc into the openssl_1.0.2o.bb recipe
      openssl_1.0: minor recipe formatting tweaks etc
      openssl_1.0: drop curly brackets from shell local variables
      openssl_1.0: fix cryptodev-linux PACKAGECONFIG support
      openssl_1.0: drop leading "-" from no-ssl3 config option
      openssl_1.0: avoid running make twice for target do_compile()
      openssl: remove uclibc remnants
      openssl: support musl-x32 build
      openssl: minor indent fixes
      openssl_1.0: drop obsolete ca.patch
      openssl_1.0: drop obsolete exporting of AS, EX_LIBS and DIRS
      openssl_1.0: drop unmaintained darwin support
      openssl_1.0: add PACKAGECONFIG option to control manpages
      openssl_1.0: squash whitespace in CC_INFO
      openssl: fix missing dependency on hostperl-runtime-native
      openssl_1.0: drop unnecessary dependency on makedepend-native
      openssl_1.0: drop unnecessary call to perlpath.pl from do_configure()

Andrej Valek (3):
      openssl-1.1: fix c_rehash perl errors
      openssl: update 1.0.2o -> 1.0.2p
      openssl: update 1.1.0h -> 1.1.0i

Anuj Mittal (1):
      wic/qemux86: don't pass ip parameter to kernel in wks

Changqing Li (1):
      unzip: fix CVE-2018-1000035

Hongxu Jia (2):
      nasm: fix CVE-2018-8883 & CVE-2018-8882 & CVE-2018-10316
      patch: fix CVE-2018-6952

Jagadeesh Krishnanjanappa (19):
      libvorbis: CVE-2017-14160 CVE-2018-10393
      libvorbis: CVE-2018-10392
      flac: CVE-2017-6888
      libarchive: CVE-2017-14503
      libsndfile1: CVE-2017-14245 CVE-2017-14246
      libsndfile1: CVE-2017-14634
      coreutils: CVE-2017-18018
      libgcrypt: CVE-2018-0495
      git: CVE-2018-11235
      gnupg: CVE-2018-12020
      shadow: CVE-2018-7169
      procps: CVE-2018-1124
      python: CVE-2018-1000030
      qemu: CVE-2018-7550
      qemu: CVE-2018-12617
      perl: CVE-2018-6798
      perl: CVE-2018-6797
      perl: CVE-2018-6913
      perl: CVE-2018-12015

Joshua Watt (2):
      alsa-lib: Cleanup packaging
      swig: Remove superfluous python dependency

Ovidiu Panait (1):
      openssl-nativesdk: Fix "can't open config file" warning

Ross Burton (6):
      bzip2: use Yocto Project mirror for SRC_URI
      classes: sanity-check LIC_FILES_CHKSUM
      openssl: disable ccache usage
      unzip: fix symlink problem
      bitbake: utils/md5_file: don't iterate line-by-line
      bitbake: checksum: sanity check path when recursively checksumming

Change-Id: I262a451f483cb276343ae6f02c272af053d33d7a
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
---
 .../openssl/openssl-1.0.2p/debian/pic.patch        | 177 +++++++++++++++++++++
 1 file changed, 177 insertions(+)
 create mode 100644 poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/pic.patch

(limited to 'poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/pic.patch')

diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/pic.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/pic.patch
new file mode 100644
index 000000000..bfda3888b
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/pic.patch
@@ -0,0 +1,177 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.1c/crypto/des/asm/desboth.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl	2001-10-24 23:20:56.000000000 +0200
++++ openssl-1.0.1c/crypto/des/asm/desboth.pl	2012-07-29 14:15:26.000000000 +0200
+@@ -16,6 +16,11 @@
+ 
+ 	&push("edi");
+ 
++	&call   (&label("pic_point0"));
++	&set_label("pic_point0");
++	&blindpop("ebp");
++	&add    ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
++
+ 	&comment("");
+ 	&comment("Load the data words");
+ 	&mov($L,&DWP(0,"ebx","",0));
+@@ -47,15 +52,21 @@
+ 	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
+ 	&mov(&swtmp(1),	"eax");
+ 	&mov(&swtmp(0),	"ebx");
+-	&call("DES_encrypt2");
++	&exch("ebx", "ebp");
++	&call("DES_encrypt2\@PLT");
++	&exch("ebx", "ebp");
+ 	&mov(&swtmp(2),	(DWC(($enc)?"0":"1")));
+ 	&mov(&swtmp(1),	"edi");
+ 	&mov(&swtmp(0),	"ebx");
+-	&call("DES_encrypt2");
++	&exch("ebx", "ebp");
++	&call("DES_encrypt2\@PLT");
++	&exch("ebx", "ebp");
+ 	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
+ 	&mov(&swtmp(1),	"esi");
+ 	&mov(&swtmp(0),	"ebx");
+-	&call("DES_encrypt2");
++	&exch("ebx", "ebp");
++	&call("DES_encrypt2\@PLT");
++	&exch("ebx", "ebp");
+ 
+ 	&stack_pop(3);
+ 	&mov($L,&DWP(0,"ebx","",0));
+Index: openssl-1.0.1c/crypto/perlasm/cbc.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl	2011-07-13 08:22:46.000000000 +0200
++++ openssl-1.0.1c/crypto/perlasm/cbc.pl	2012-07-29 14:15:26.000000000 +0200
+@@ -122,7 +122,11 @@
+ 	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call
+ 	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
+ 
+-	&call($enc_func);
++	&call	(&label("pic_point0"));
++	&set_label("pic_point0");
++	&blindpop("ebx");
++	&add	("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
++	&call("$enc_func\@PLT");
+ 
+ 	&mov("eax",	&DWP($data_off,"esp","",0));
+ 	&mov("ebx",	&DWP($data_off+4,"esp","",0));
+@@ -185,7 +189,11 @@
+ 	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call
+ 	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
+ 
+-	&call($enc_func);
++	&call	(&label("pic_point1"));
++	&set_label("pic_point1");
++	&blindpop("ebx");
++	&add	("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]");
++	&call("$enc_func\@PLT");
+ 
+ 	&mov("eax",	&DWP($data_off,"esp","",0));
+ 	&mov("ebx",	&DWP($data_off+4,"esp","",0));
+@@ -218,7 +226,11 @@
+ 	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back
+ 	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
+ 
+-	&call($dec_func);
++	&call	(&label("pic_point2"));
++	&set_label("pic_point2");
++	&blindpop("ebx");
++	&add	("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]");
++	&call("$dec_func\@PLT");
+ 
+ 	&mov("eax",	&DWP($data_off,"esp","",0));	# get return
+ 	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#
+@@ -261,7 +273,11 @@
+ 	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back
+ 	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
+ 
+-	&call($dec_func);
++	&call	(&label("pic_point3"));
++	&set_label("pic_point3");
++	&blindpop("ebx");
++	&add	("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]");
++	&call("$dec_func\@PLT");
+ 
+ 	&mov("eax",	&DWP($data_off,"esp","",0));	# get return
+ 	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#
+Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl	2011-12-09 20:16:35.000000000 +0100
++++ openssl-1.0.1c/crypto/perlasm/x86gas.pl	2012-07-29 14:15:26.000000000 +0200
+@@ -161,6 +161,7 @@
+ 	if ($::macosx)	{ push (@out,"$tmp,2\n"); }
+ 	elsif ($::elf)	{ push (@out,"$tmp,4\n"); }
+ 	else		{ push (@out,"$tmp\n"); }
++	if ($::elf)	{ push (@out,".hidden\tOPENSSL_ia32cap_P\n"); }
+     }
+     push(@out,$initseg) if ($initseg);
+ }
+@@ -218,8 +219,23 @@
+     elsif ($::elf)
+     {	$initseg.=<<___;
+ .section	.init
++___
++        if ($::pic)
++	{   $initseg.=<<___;
++	pushl	%ebx
++	call	.pic_point0
++.pic_point0:
++	popl	%ebx
++	addl	\$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx
++	call	$f\@PLT
++	popl	%ebx
++___
++	}
++	else
++	{   $initseg.=<<___;
+ 	call	$f
+ ___
++	}
+     }
+     elsif ($::coff)
+     {   $initseg.=<<___;	# applies to both Cygwin and Mingw
+Index: openssl-1.0.1c/crypto/x86cpuid.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/x86cpuid.pl	2012-02-28 15:20:34.000000000 +0100
++++ openssl-1.0.1c/crypto/x86cpuid.pl	2012-07-29 14:15:26.000000000 +0200
+@@ -8,6 +8,8 @@
+ 
+ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+ 
++push(@out, ".hidden OPENSSL_ia32cap_P\n");
++
+ &function_begin("OPENSSL_ia32_cpuid");
+ 	&xor	("edx","edx");
+ 	&pushf	();
+@@ -139,9 +141,7 @@
+ &set_label("nocpuid");
+ &function_end("OPENSSL_ia32_cpuid");
+ 
+-&external_label("OPENSSL_ia32cap_P");
+-
+-&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_rdtsc");
+ 	&xor	("eax","eax");
+ 	&xor	("edx","edx");
+ 	&picmeup("ecx","OPENSSL_ia32cap_P");
+@@ -155,7 +155,7 @@
+ # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
+ # but it's safe to call it on any [supported] 32-bit platform...
+ # Just check for [non-]zero return value...
+-&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_instrument_halt");
+ 	&picmeup("ecx","OPENSSL_ia32cap_P");
+ 	&bt	(&DWP(0,"ecx"),4);
+ 	&jnc	(&label("nohalt"));	# no TSC
+@@ -222,7 +222,7 @@
+ 	&ret	();
+ &function_end_B("OPENSSL_far_spin");
+ 
+-&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_wipe_cpu");
+ 	&xor	("eax","eax");
+ 	&xor	("edx","edx");
+ 	&picmeup("ecx","OPENSSL_ia32cap_P");
-- 
cgit v1.2.3