From d25ed3241ddffad58c7a52e45e388e6c48d5123a Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Sat, 27 Jun 2020 00:28:28 -0500 Subject: poky: subtree update:26ae42ded7..5951cbcabe MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Alex Kiernan (1): recipetool: Fix list concatenation when using edit Alexander Kanavin (4): apr-util: make gdbm optional gobject-introspection: add a patch to fix a build race icu: merge .inc into main recipe icu: make filtered data generation optional, serial and off by default Alexandru N. Onea (3): bitbake: perforce: add basic progress handler for perforce bitbake: perforce: add local path handling SRC_URI options bitbake: bitbake-user-manual: update perforce fetcher docs Andreas M?ller (1): meson.bbclass: avoid unexpected operating-system names Andreas Müller (6): boost: Add upstream patch to fix build on depending projects libinput: upgrade 1.15.5 -> 1.15.6 sqlite3: upgrade 3.32.2 -> 3.32.3 desktop-file-utils: upgrade 0.24 -> 0.26 file: upgrade 5.38 -> 5.39 ffmpeg: upgrade 4.2.3 -> 4.3 Andrej Valek (1): oeqa/runtime/cases/ptest: Make output content path absolute Andrew Geissler (1): meson: backport library ordering fix Armin Kuster (1): libuv: move from meta-oe to core for bind update Arthur She (1): igt-gpu-tools: add new package Changqing Li (1): mime.bbclass: fix post install scriptlet error Chen Qi (1): systemd-serialgetty: do not use BindsTo Daniel McGregor (3): sign_rpm.bbclass: ignore thread count systemd-conf: Accept MTU from DHCP buildhistory-collect-srcrevs: sort directories He Zhe (1): ltp: Fix copy_file_rang02 for 32-bit arches Hongxu Jia (1): libmodulemd: switch branch master -> main Jacob Kroon (5): bitbake: lib/bb/utils.py: Do not preserve TERM in the environment bitbake: bitbake-user-manual: Remove TERM from BB_HASHBASE_WHITELIST example bitbake.conf: Remove TERM from default BB_HASHBASE_WHITELIST grub: Remove native version of grub-efi distro_alias: Remove unused grub-efi distro aliases Jens Rehsack (1): u-boot: avoid blind merging all *.cfg Joe Slater (1): systemd: fix CVE-2020-13776 Joshua Watt (5): sstatesig: Account for all dataCaches being passed bitbake: bitbake: cache: Fix error message with bad multiconfig wic: Fix error message when reporting invalid offset classes/archiver: Create patched archive before configuring bitbake: cache: Bump cache version Konrad Weihmann (3): oeqa/runtime: Add OERequirePackage decorator bitbake: cookerdata: Add BBFILES_DYNAMIC inverse mode bitbake: bitbake-user-manual: Add BBFILES_DYNAMIC Mark Morton (2): New source files and Makefile update for Test Manual test-manual: Fixed codeblock formatting Martin Jansa (1): net-tools: backport a patch from upstream to use the same ifconfig format as debian/ubuntu Mingli Yu (3): python3: add the rdepends for python3-misc python3: add rdepends for python3-idle python3-dbusmock: add the missing rdepends Otavio Salvador (2): systemd: Sync systemd-serialgetty@.service with upstream mtd-utils: Fix return value of ubiformat Ovidiu Panait (2): dbus-test: Remove EXTRA_OECONF_X configs dbus,dbus-test: Move common parts to dbus.inc Paul Barker (2): bitbake: fetch2/gitsm: Mark srcrev as fetched once all submodules are processed bitbake: fetch2/gitsm: Make need_update() process submodules Paul Eggleton (5): graph-tool: switch to argparse graph-tool: add filter subcommand dpkg-native: rebase and reinstate fix for "tar: file changed as we read it" shadow-sysroot: drop unused SRC_URI checksums devtool: fix typo Peter Kjellerstedt (1): relocatable.bbclass: Avoid an exception if an empty pkgconfig dir exist Pierre-Jean Texier (3): diffoscope: upgrade 146 -> 147 ell: upgrade 0.31 -> 0.32 curl: upgrade 7.70.0 -> 7.71.0 Rasmus Villemoes (1): curl: add debug info Richard Purdie (15): buildhistory: Add simplistic file move detection bitbake: bin/bitbake: Update to next series release version perl: Fix host specific modules problems sanity.conf: Require bitbake 1.47.0 as the minimum version patchelf: Upgrade 0.10 -> 0.11 test-manual: Add SPDX license headers Makefile: Drop obsolete edison/denzil branch conditionals bitbake: tests/fetch: Switch from git.infradead.org to a YP mirror pseudo: Fix attr errors due to incorrect library resolution issues oeqa/selftest/runcmd: Add better debug for thread count mismatch failures oeqa/utils/command: Improve stdin handling in runCmd vulkan-headers: Fix upstream branch deletion issue recipes: Fix Upstream-Status Accepted -> Backport scripts/install-buildtools: Update to 3.2 M1 buildtools scripts/install-buildtools: Handle new format checksum files Robert P. J. Day (1): python: use official "pypi.org" URLs for HOMEPAGE Ross Burton (8): install-buildtools: fail if an error occurs install-buildtools: remove hardcoded x86-64 architecture install-buildtools: add option to disable checksum validation common-licenses: add BSD-2-Clause-Patent gstreamer1.0-plugins-bad: add support for vdpau go-binary-native: add binary Go to bootstrap tcmode-default: use go-binary-native by default go-native: merge bb/inc and add comment Ryan Rowe (1): python3: fix PGO for non-reproducible biniaries Sakib Sajal (1): qemu: uprev v4.2.0 -> v5.0.0 Samuli Piippo (2): cmake: allow chainloading of the toolchain file perl: use relative paths in the perl wrapper Steve Sakoman (1): buildtools-tarball: export OPENSSL_CONF in environment setup Tanu Kaskinen (1): pulseaudio: remove unnecessary libltdl copying Trevor Gamblin (1): python3-setuptools: patch entrypoints for faster initialization Tuomas Salokanto (1): recipetool: create: fix SRCBRANCH not being passed to params Valentin Longchamp (2): tools-profile: disable valgrind for powerpc soft-float valgrind: disable it for powerpc soft-float Wang Mingyu (5): powertop: upgrade 2.12 -> 2.13 man-db: upgrade 2.9.2 -> 2.9.3 valgrind: upgrade 3.16.0 -> 3.16.1 man-pages: upgrade 5.06 -> 5.07 harfbuzz: upgrade 2.6.7 -> 2.6.8 Yi Zhao (2): iptables: fix invalid symbolic link for ip6tables-apply iptables: split iptables-apply to its own package Yongxin Liu (1): linux-firmware: add ice for Intel E800 series driver Yuki Hoshino (1): sysvinit-inittab: Add support for tty devices with 10 or more number. akuster (9): bind: update to 9.11.19 adt-manual: Add SPDX license headers bsp-guide: Add SPDX license headers brief-yoctoprojectsqa: Add SPDX license headers dev-manual: Add SPDX License headers kernel-dev: Add SPDX license headers profile-manual: Add SPDX licence headers sdk-manual: Add SPDX license headers toaster-manaul: Add SPDX license headers haiqing (1): libpam: Remove option 'obscure' from common-password hongxu (1): kmod: add nativesdk support zangrc (1): ethtool:upgrade 5.6 -> 5.7 Signed-off-by: Andrew Geissler Change-Id: I1190ca17297b1167286cfc06033e8485396c7cce --- poky/meta/recipes-core/dbus/dbus-test_1.12.18.bb | 42 ++-------- poky/meta/recipes-core/dbus/dbus.inc | 34 ++++++++ poky/meta/recipes-core/dbus/dbus_1.12.18.bb | 39 ++------- poky/meta/recipes-core/ell/ell_0.31.bb | 22 ----- poky/meta/recipes-core/ell/ell_0.32.bb | 21 +++++ poky/meta/recipes-core/meta/buildtools-tarball.bb | 1 + poky/meta/recipes-core/meta/wic-tools.bb | 2 +- .../packagegroup-core-tools-profile.bb | 1 + .../systemd/systemd-conf/wired.network | 1 + .../systemd-serialgetty/serial-getty@.service | 11 ++- .../systemd/systemd/CVE-2020-13776.patch | 96 ++++++++++++++++++++++ poky/meta/recipes-core/systemd/systemd_245.6.bb | 1 + .../sysvinit/sysvinit-inittab/start_getty | 4 +- 13 files changed, 180 insertions(+), 95 deletions(-) create mode 100644 poky/meta/recipes-core/dbus/dbus.inc delete mode 100644 poky/meta/recipes-core/ell/ell_0.31.bb create mode 100644 poky/meta/recipes-core/ell/ell_0.32.bb create mode 100644 poky/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch (limited to 'poky/meta/recipes-core') diff --git a/poky/meta/recipes-core/dbus/dbus-test_1.12.18.bb b/poky/meta/recipes-core/dbus/dbus-test_1.12.18.bb index 0063dcce6..755c841ba 100644 --- a/poky/meta/recipes-core/dbus/dbus-test_1.12.18.bb +++ b/poky/meta/recipes-core/dbus/dbus-test_1.12.18.bb @@ -1,57 +1,31 @@ SUMMARY = "D-Bus test package (for D-bus functionality testing only)" HOMEPAGE = "http://dbus.freedesktop.org" SECTION = "base" -LICENSE = "AFL-2.1 | GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ - file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c" -DEPENDS = "dbus glib-2.0" +require dbus.inc -RDEPENDS_${PN}-dev = "" +SRC_URI += "file://run-ptest \ + file://python-config.patch \ + " -SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ - file://tmpdir.patch \ - file://run-ptest \ - file://python-config.patch \ - file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ - " +DEPENDS = "dbus glib-2.0" -SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242" -SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306" +RDEPENDS_${PN}-dev = "" S="${WORKDIR}/dbus-${PV}" FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:" -inherit autotools pkgconfig gettext ptest upstream-version-is-even +inherit ptest -EXTRA_OECONF_X = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '--with-x', '--without-x', d)}" -EXTRA_OECONF_X_class-native = "--without-x" - -EXTRA_OECONF = "--enable-tests \ +EXTRA_OECONF += "--enable-tests \ --enable-modular-tests \ --enable-installed-tests \ --enable-checks \ --enable-asserts \ - --enable-largefile \ - --disable-xml-docs \ - --disable-doxygen-docs \ - --disable-libaudit \ --with-dbus-test-dir=${PTEST_PATH} \ - ${EXTRA_OECONF_X} \ --enable-embedded-tests \ " -EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl" - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)}" -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" - -PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd" -PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" -PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session" -PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,," - do_install() { : } diff --git a/poky/meta/recipes-core/dbus/dbus.inc b/poky/meta/recipes-core/dbus/dbus.inc new file mode 100644 index 000000000..3bdb7ea4f --- /dev/null +++ b/poky/meta/recipes-core/dbus/dbus.inc @@ -0,0 +1,34 @@ +inherit autotools pkgconfig gettext upstream-version-is-even + +LICENSE = "AFL-2.1 | GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ + file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c" + +SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ + file://tmpdir.patch \ + file://dbus-1.init \ + file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ +" + +SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242" +SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306" + +EXTRA_OECONF = "--disable-xml-docs \ + --disable-doxygen-docs \ + --disable-libaudit \ + --enable-largefile \ + --with-system-socket=/run/dbus/system_bus_socket \ + " +EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl" +EXTRA_OECONF_append_class-native = " --disable-selinux" + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \ + user-session \ + " +PACKAGECONFIG_class-native = "" +PACKAGECONFIG_class-nativesdk = "" + +PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd" +PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" +PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session" +PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,," diff --git a/poky/meta/recipes-core/dbus/dbus_1.12.18.bb b/poky/meta/recipes-core/dbus/dbus_1.12.18.bb index 2fcb3079a..cf6f7dc0e 100644 --- a/poky/meta/recipes-core/dbus/dbus_1.12.18.bb +++ b/poky/meta/recipes-core/dbus/dbus_1.12.18.bb @@ -2,9 +2,9 @@ SUMMARY = "D-Bus message bus" DESCRIPTION = "D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a \"single instance\" application or daemon, and to launch applications and daemons on demand when their services are needed." HOMEPAGE = "https://dbus.freedesktop.org" SECTION = "base" -LICENSE = "AFL-2.1 | GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ - file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c" + +require dbus.inc + DEPENDS = "expat virtual/libintl autoconf-archive" RDEPENDS_dbus_class-native = "" RDEPENDS_dbus_class-nativesdk = "" @@ -12,16 +12,7 @@ PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '${PN}-ptest', '', ALLOW_EMPTY_dbus-ptest = "1" RDEPENDS_dbus-ptest_class-target = "dbus-test-ptest" -SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ - file://tmpdir.patch \ - file://dbus-1.init \ - file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ -" - -SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242" -SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306" - -inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even +inherit useradd update-rc.d INITSCRIPT_NAME = "dbus-1" INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ." @@ -92,27 +83,7 @@ pkg_postinst_dbus() { } -EXTRA_OECONF = "--disable-tests \ - --disable-xml-docs \ - --disable-doxygen-docs \ - --disable-libaudit \ - --enable-largefile \ - --with-system-socket=/run/dbus/system_bus_socket \ - " - -EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl" -EXTRA_OECONF_append_class-native = " --disable-selinux" - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \ - user-session \ - " - -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" - -PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd" -PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" -PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session" +EXTRA_OECONF += "--disable-tests" do_install() { autotools_do_install diff --git a/poky/meta/recipes-core/ell/ell_0.31.bb b/poky/meta/recipes-core/ell/ell_0.31.bb deleted file mode 100644 index 1db7131ab..000000000 --- a/poky/meta/recipes-core/ell/ell_0.31.bb +++ /dev/null @@ -1,22 +0,0 @@ -SUMMARY = "Embedded Linux Library" -DESCRIPTION = "The Embedded Linux Library (ELL) provides core, \ -low-level functionality for system daemons. It typically has no \ -dependencies other than the Linux kernel, C standard library, and \ -libdl (for dynamic linking). While ELL is designed to be efficient \ -and compact enough for use on embedded Linux platforms, it is not \ -limited to resource-constrained systems." -SECTION = "libs" -LICENSE = "LGPLv2.1" -LIC_FILES_CHKSUM = "file://COPYING;md5=fb504b67c50331fc78734fed90fb0e09" - -DEPENDS = "dbus" - -inherit autotools pkgconfig - -SRC_URI = "https://mirrors.edge.kernel.org/pub/linux/libs/${BPN}/${BPN}-${PV}.tar.xz" -SRC_URI[md5sum] = "3f670230be4d89d621b0508c70b1d36b" -SRC_URI[sha256sum] = "ae88617275452f9f5840b2365e33e6c7fb6fa3405d42cbf9367de642ee8b6701" - -do_configure_prepend () { - mkdir -p ${S}/build-aux -} diff --git a/poky/meta/recipes-core/ell/ell_0.32.bb b/poky/meta/recipes-core/ell/ell_0.32.bb new file mode 100644 index 000000000..07dc4d4cb --- /dev/null +++ b/poky/meta/recipes-core/ell/ell_0.32.bb @@ -0,0 +1,21 @@ +SUMMARY = "Embedded Linux Library" +DESCRIPTION = "The Embedded Linux Library (ELL) provides core, \ +low-level functionality for system daemons. It typically has no \ +dependencies other than the Linux kernel, C standard library, and \ +libdl (for dynamic linking). While ELL is designed to be efficient \ +and compact enough for use on embedded Linux platforms, it is not \ +limited to resource-constrained systems." +SECTION = "libs" +LICENSE = "LGPLv2.1" +LIC_FILES_CHKSUM = "file://COPYING;md5=fb504b67c50331fc78734fed90fb0e09" + +DEPENDS = "dbus" + +inherit autotools pkgconfig + +SRC_URI = "https://mirrors.edge.kernel.org/pub/linux/libs/${BPN}/${BPN}-${PV}.tar.xz" +SRC_URI[sha256sum] = "42fdb9e24ff561a101389d51445cab1ff7d55f5385dc22a05b0493088cf99e30" + +do_configure_prepend () { + mkdir -p ${S}/build-aux +} diff --git a/poky/meta/recipes-core/meta/buildtools-tarball.bb b/poky/meta/recipes-core/meta/buildtools-tarball.bb index c49802eef..d0f8dd7d7 100644 --- a/poky/meta/recipes-core/meta/buildtools-tarball.bb +++ b/poky/meta/recipes-core/meta/buildtools-tarball.bb @@ -74,6 +74,7 @@ create_sdk_files_append () { toolchain_create_sdk_version ${SDK_OUTPUT}/${SDKPATH}/version-${SDK_SYS} echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script + echo 'export SSL_CERT_FILE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script echo 'export OPENSSL_CONF="${SDKPATHNATIVE}${sysconfdir}/ssl/openssl.cnf"' >>$script if [ "${SDKMACHINE}" = "i686" ]; then diff --git a/poky/meta/recipes-core/meta/wic-tools.bb b/poky/meta/recipes-core/meta/wic-tools.bb index 8aeb942ed..3e7d0ed48 100644 --- a/poky/meta/recipes-core/meta/wic-tools.bb +++ b/poky/meta/recipes-core/meta/wic-tools.bb @@ -4,7 +4,7 @@ LICENSE = "MIT" DEPENDS = "\ parted-native syslinux-native gptfdisk-native dosfstools-native \ - mtools-native bmap-tools-native grub-efi-native cdrtools-native \ + mtools-native bmap-tools-native grub-native cdrtools-native \ btrfs-tools-native squashfs-tools-native pseudo-native \ e2fsprogs-native util-linux-native tar-native\ " diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb b/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb index ac180b542..8aed1e845 100644 --- a/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb +++ b/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb @@ -61,6 +61,7 @@ VALGRIND_armv6 = "" VALGRIND_armeb = "" VALGRIND_aarch64 = "" VALGRIND_riscv64 = "" +VALGRIND_powerpc = "${@bb.utils.contains('TARGET_FPU', 'soft', '', 'valgrind', d)}" VALGRIND_linux-gnux32 = "" VALGRIND_linux-gnun32 = "" diff --git a/poky/meta/recipes-core/systemd/systemd-conf/wired.network b/poky/meta/recipes-core/systemd/systemd-conf/wired.network index ff807ba31..dcf353459 100644 --- a/poky/meta/recipes-core/systemd/systemd-conf/wired.network +++ b/poky/meta/recipes-core/systemd/systemd-conf/wired.network @@ -6,5 +6,6 @@ KernelCommandLine=!nfsroot DHCP=yes [DHCP] +UseMTU=yes RouteMetric=10 ClientIdentifier=mac diff --git a/poky/meta/recipes-core/systemd/systemd-serialgetty/serial-getty@.service b/poky/meta/recipes-core/systemd/systemd-serialgetty/serial-getty@.service index 15af16a9f..549d56600 100644 --- a/poky/meta/recipes-core/systemd/systemd-serialgetty/serial-getty@.service +++ b/poky/meta/recipes-core/systemd/systemd-serialgetty/serial-getty@.service @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: LGPL-2.1+ +# # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it @@ -11,7 +13,7 @@ Documentation=man:agetty(8) man:systemd-getty-generator(8) Documentation=http://0pointer.de/blog/projects/serial-console.html PartOf=dev-%i.device ConditionPathExists=/dev/%i -After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service +After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target After=rc-local.service # If additional gettys are spawned during boot then we should make @@ -20,12 +22,17 @@ After=rc-local.service Before=getty.target IgnoreOnIsolate=yes +# IgnoreOnIsolate causes issues with sulogin, if someone isolates +# rescue.target or starts rescue.service from multi-user.target or +# graphical.target. +Conflicts=rescue.service +Before=rescue.service + [Service] Environment="TERM=xterm" ExecStart=-/sbin/agetty -8 -L %I @BAUDRATE@ $TERM Type=idle Restart=always -RestartSec=0 UtmpIdentifier=%I TTYPath=/dev/%I TTYReset=yes diff --git a/poky/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch b/poky/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch new file mode 100644 index 000000000..7b5e3e7f7 --- /dev/null +++ b/poky/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch @@ -0,0 +1,96 @@ +From 156a5fd297b61bce31630d7a52c15614bf784843 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 31 May 2020 18:21:09 +0200 +Subject: [PATCH 1/1] basic/user-util: always use base 10 for user/group + numbers + +We would parse numbers with base prefixes as user identifiers. For example, +"0x2b3bfa0" would be interpreted as UID==45334432 and "01750" would be +interpreted as UID==1000. This parsing was used also in cases where either a +user/group name or number may be specified. This means that names like +0x2b3bfa0 would be ambiguous: they are a valid user name according to our +documented relaxed rules, but they would also be parsed as numeric uids. + +This behaviour is definitely not expected by users, since tools generally only +accept decimal numbers (e.g. id, getent passwd), while other tools only accept +user names and thus will interpret such strings as user names without even +attempting to convert them to numbers (su, ssh). So let's follow suit and only +accept numbers in decimal notation. Effectively this means that we will reject +such strings as a username/uid/groupname/gid where strict mode is used, and try +to look up a user/group with such a name in relaxed mode. + +Since the function changed is fairly low-level and fairly widely used, this +affects multiple tools: loginctl show-user/enable-linger/disable-linger foo', +the third argument in sysusers.d, fourth and fifth arguments in tmpfiles.d, +etc. + +Fixes #15985. +--- + src/basic/user-util.c | 2 +- + src/test/test-user-util.c | 10 ++++++++++ + 2 files changed, 11 insertions(+), 1 deletion(-) + +--- end of commit 156a5fd297b61bce31630d7a52c15614bf784843 --- + + +Add definition of safe_atou32_full() from commit b934ac3d6e7dcad114776ef30ee9098693e7ab7e + +CVE: CVE-2020-13776 + +Upstream-Status: Backport [https://github.com/systemd/systemd.git] + +Signed-off-by: Joe Slater + + + +--- git.orig/src/basic/user-util.c ++++ git/src/basic/user-util.c +@@ -49,7 +49,7 @@ int parse_uid(const char *s, uid_t *ret) + assert(s); + + assert_cc(sizeof(uid_t) == sizeof(uint32_t)); +- r = safe_atou32(s, &uid); ++ r = safe_atou32_full(s, 10, &uid); + if (r < 0) + return r; + +--- git.orig/src/test/test-user-util.c ++++ git/src/test/test-user-util.c +@@ -48,9 +48,19 @@ static void test_parse_uid(void) { + + r = parse_uid("65535", &uid); + assert_se(r == -ENXIO); ++ assert_se(uid == 100); ++ ++ r = parse_uid("0x1234", &uid); ++ assert_se(r == -EINVAL); ++ assert_se(uid == 100); ++ ++ r = parse_uid("01234", &uid); ++ assert_se(r == 0); ++ assert_se(uid == 1234); + + r = parse_uid("asdsdas", &uid); + assert_se(r == -EINVAL); ++ assert_se(uid == 1234); + } + + static void test_uid_ptr(void) { +--- git.orig/src/basic/parse-util.h ++++ git/src/basic/parse-util.h +@@ -45,9 +45,13 @@ static inline int safe_atoux16(const cha + + int safe_atoi16(const char *s, int16_t *ret); + +-static inline int safe_atou32(const char *s, uint32_t *ret_u) { ++static inline int safe_atou32_full(const char *s, unsigned base, uint32_t *ret_u) { + assert_cc(sizeof(uint32_t) == sizeof(unsigned)); +- return safe_atou(s, (unsigned*) ret_u); ++ return safe_atou_full(s, base, (unsigned*) ret_u); ++} ++ ++static inline int safe_atou32(const char *s, uint32_t *ret_u) { ++ return safe_atou32_full(s, 0, (unsigned*) ret_u); + } + + static inline int safe_atoi32(const char *s, int32_t *ret_i) { diff --git a/poky/meta/recipes-core/systemd/systemd_245.6.bb b/poky/meta/recipes-core/systemd/systemd_245.6.bb index ece422098..b6681b206 100644 --- a/poky/meta/recipes-core/systemd/systemd_245.6.bb +++ b/poky/meta/recipes-core/systemd/systemd_245.6.bb @@ -20,6 +20,7 @@ SRC_URI += "file://touchscreen.rules \ file://99-default.preset \ file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \ file://0003-implment-systemd-sysv-install-for-OE.patch \ + file://CVE-2020-13776.patch \ " # patches needed by musl diff --git a/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty b/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty index 96fd6cfcf..dfa799ada 100644 --- a/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty +++ b/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty @@ -11,7 +11,7 @@ active_serial=$(grep "serial" /proc/tty/drivers | cut -d/ -f1 | sed "s/ *$//") # Rephrase input parameter from ttyS target index (ttyS1, ttyS2, ttyAMA0, etc). -runtime_tty=$(echo $2 | grep -oh '[0-9]') +runtime_tty=$(echo $2 | grep -oh '[0-9]\+') # busybox' getty does this itself, util-linux' agetty needs extra help getty="/sbin/getty" @@ -36,7 +36,7 @@ for line in $active_serial; do then # Remove all unknown entries and discard the first line (desc). activetty=$(grep -v "unknown" "/proc/tty/driver/$line" \ - | tail -n +2 | grep -oh "^\s*\S*[0-9]") + | tail -n +2 | grep -oh "^\s*\S*[0-9]\+") for active in $activetty; do # If indexes do match then enable the serial console. if [ $active -eq $runtime_tty ] -- cgit v1.2.3