From d5ae7d902a40f26a8c26f4c6d300226689738716 Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Thu, 14 Jun 2018 09:52:03 -0700 Subject: Sumo refresh Update external subtrees to latest Yocto sumo. Change-Id: I8364f32bef079841c6e57f1c587f4b1bedf62fef Signed-off-by: Brad Bishop --- .../busybox/busybox-fix-lzma-segfaults.patch | 106 ++++++++++++ .../busybox/busybox/umount-ignore-c.patch | 40 +++++ poky/meta/recipes-core/busybox/busybox_1.27.2.bb | 2 + poky/meta/recipes-core/coreutils/coreutils_8.29.bb | 2 +- poky/meta/recipes-core/dropbear/dropbear/init | 26 +-- poky/meta/recipes-core/glibc/glibc-locale.inc | 13 +- poky/meta/recipes-core/glibc/glibc-package.inc | 1 - .../recipes-core/glibc/glibc/CVE-2017-18269.patch | 178 +++++++++++++++++++++ .../recipes-core/glibc/glibc/CVE-2018-11236.patch | 164 +++++++++++++++++++ poky/meta/recipes-core/glibc/glibc_2.27.bb | 2 + .../images/build-appliance-image_15.0.0.bb | 2 +- .../initrdscripts/files/init-install.sh | 2 + .../initscripts/initscripts-1.0/mountnfs.sh | 9 +- poky/meta/recipes-core/libxml/libxml2_2.9.7.bb | 7 +- ...eader.makefile-add-Wno-stringop-truncatio.patch | 71 ++++++++ ...aseTools-header.makefile-add-Wno-restrict.patch | 102 ++++++++++++ ...eader.makefile-revert-gcc-8-Wno-xxx-optio.patch | 53 ++++++ ...enVtf-silence-false-stringop-overflow-war.patch | 66 ++++++++ poky/meta/recipes-core/ovmf/ovmf_git.bb | 6 +- poky/meta/recipes-core/systemd/systemd_237.bb | 2 +- 20 files changed, 820 insertions(+), 34 deletions(-) create mode 100644 poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch create mode 100644 poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch create mode 100644 poky/meta/recipes-core/glibc/glibc/CVE-2017-18269.patch create mode 100644 poky/meta/recipes-core/glibc/glibc/CVE-2018-11236.patch create mode 100644 poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch create mode 100644 poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch create mode 100644 poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch create mode 100644 poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch (limited to 'poky/meta/recipes-core') diff --git a/poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch b/poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch new file mode 100644 index 000000000..da6dfa802 --- /dev/null +++ b/poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch @@ -0,0 +1,106 @@ +busybox-1.27.2: Fix lzma segfaults + +[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10871 + +libarchive: check buffer index in lzma_decompress + +With specific defconfig busybox fails to check zip fileheader magic +(archival/unzip.c) and uses (archival/libarchive/decompress_unlzma.c) +for decompression which leads to segmentation fault. It prevents accessing into +buffer, which is smaller than pos index. Patch includes multiple segmentation +fault fixes. + +Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=a36986bb80289c1cd8d15a557e49207c9a42946b] +bug: 10436 10871 +Signed-off-by: Andrej Valek + +diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c +index a904087..29eee2a 100644 +--- a/archival/libarchive/decompress_unlzma.c ++++ b/archival/libarchive/decompress_unlzma.c +@@ -11,6 +11,14 @@ + #include "libbb.h" + #include "bb_archive.h" + ++ ++#if 0 ++# define dbg(...) bb_error_msg(__VA_ARGS__) ++#else ++# define dbg(...) ((void)0) ++#endif ++ ++ + #if ENABLE_FEATURE_LZMA_FAST + # define speed_inline ALWAYS_INLINE + # define size_inline +@@ -217,6 +225,7 @@ unpack_lzma_stream(transformer_state_t *xstate) + rc_t *rc; + int i; + uint8_t *buffer; ++ uint32_t buffer_size; + uint8_t previous_byte = 0; + size_t buffer_pos = 0, global_pos = 0; + int len = 0; +@@ -246,7 +255,8 @@ unpack_lzma_stream(transformer_state_t *xstate) + if (header.dict_size == 0) + header.dict_size++; + +- buffer = xmalloc(MIN(header.dst_size, header.dict_size)); ++ buffer_size = MIN(header.dst_size, header.dict_size); ++ buffer = xmalloc(buffer_size); + + { + int num_probs; +@@ -341,8 +351,12 @@ unpack_lzma_stream(transformer_state_t *xstate) + state = state < LZMA_NUM_LIT_STATES ? 9 : 11; + + pos = buffer_pos - rep0; +- if ((int32_t)pos < 0) ++ if ((int32_t)pos < 0) { + pos += header.dict_size; ++ /* see unzip_bad_lzma_2.zip: */ ++ if (pos >= buffer_size) ++ goto bad; ++ } + previous_byte = buffer[pos]; + goto one_byte1; + #else +@@ -417,6 +431,10 @@ unpack_lzma_stream(transformer_state_t *xstate) + for (; num_bits2 != LZMA_NUM_ALIGN_BITS; num_bits2--) + rep0 = (rep0 << 1) | rc_direct_bit(rc); + rep0 <<= LZMA_NUM_ALIGN_BITS; ++ if ((int32_t)rep0 < 0) { ++ dbg("%d rep0:%d", __LINE__, rep0); ++ goto bad; ++ } + prob3 = p + LZMA_ALIGN; + } + i2 = 1; +@@ -450,8 +468,12 @@ unpack_lzma_stream(transformer_state_t *xstate) + IF_NOT_FEATURE_LZMA_FAST(string:) + do { + uint32_t pos = buffer_pos - rep0; +- if ((int32_t)pos < 0) ++ if ((int32_t)pos < 0) { + pos += header.dict_size; ++ /* more stringent test (see unzip_bad_lzma_1.zip): */ ++ if (pos >= buffer_size) ++ goto bad; ++ } + previous_byte = buffer[pos]; + IF_NOT_FEATURE_LZMA_FAST(one_byte2:) + buffer[buffer_pos++] = previous_byte; +@@ -478,6 +500,12 @@ unpack_lzma_stream(transformer_state_t *xstate) + IF_DESKTOP(total_written += buffer_pos;) + if (transformer_write(xstate, buffer, buffer_pos) != (ssize_t)buffer_pos) { + bad: ++ /* One of our users, bbunpack(), expects _us_ to emit ++ * the error message (since it's the best place to give ++ * potentially more detailed information). ++ * Do not fail silently. ++ */ ++ bb_error_msg("corrupted data"); + total_written = -1; /* failure */ + } + rc_free(rc); + diff --git a/poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch b/poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch new file mode 100644 index 000000000..9fe7998df --- /dev/null +++ b/poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch @@ -0,0 +1,40 @@ +Signed-off-by: Fabio Berton +Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=426134128112738c97a665170b21153ef0764b7d] + +From 95ea12791c8623bf825bc711ac7790306e7e1adb Mon Sep 17 00:00:00 2001 +From: Shawn Landden +Date: Mon, 8 Jan 2018 13:31:58 +0100 +Subject: [PATCH] umount: ignore -c +Organization: O.S. Systems Software LTDA. + +"-c, --no-canonicalize: Do not canonicalize paths." + +As busybox doesn't canonicalize paths in the first place it is safe to ignore +this option. + +See https://github.com/systemd/systemd/issues/7786 + +Signed-off-by: Shawn Landden +Signed-off-by: Denys Vlasenko +--- + util-linux/umount.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/util-linux/umount.c b/util-linux/umount.c +index 0c50dc9ee..0425c5b76 100644 +--- a/util-linux/umount.c ++++ b/util-linux/umount.c +@@ -68,8 +68,8 @@ static struct mntent *getmntent_r(FILE* stream, struct mntent* result, + } + #endif + +-/* ignored: -v -t -i */ +-#define OPTION_STRING "fldnra" "vt:i" ++/* ignored: -c -v -t -i */ ++#define OPTION_STRING "fldnra" "cvt:i" + #define OPT_FORCE (1 << 0) // Same as MNT_FORCE + #define OPT_LAZY (1 << 1) // Same as MNT_DETACH + #define OPT_FREELOOP (1 << 2) +-- +2.18.0 + diff --git a/poky/meta/recipes-core/busybox/busybox_1.27.2.bb b/poky/meta/recipes-core/busybox/busybox_1.27.2.bb index 36a6342aa..1ce4823d4 100644 --- a/poky/meta/recipes-core/busybox/busybox_1.27.2.bb +++ b/poky/meta/recipes-core/busybox/busybox_1.27.2.bb @@ -45,6 +45,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://CVE-2011-5325.patch \ file://CVE-2017-15873.patch \ file://busybox-CVE-2017-16544.patch \ + file://busybox-fix-lzma-segfaults.patch \ + file://umount-ignore-c.patch \ " SRC_URI_append_libc-musl = " file://musl.cfg " diff --git a/poky/meta/recipes-core/coreutils/coreutils_8.29.bb b/poky/meta/recipes-core/coreutils/coreutils_8.29.bb index 0b8acc588..4704f3219 100644 --- a/poky/meta/recipes-core/coreutils/coreutils_8.29.bb +++ b/poky/meta/recipes-core/coreutils/coreutils_8.29.bb @@ -26,7 +26,7 @@ SRC_URI[sha256sum] = "92d0fa1c311cacefa89853bdb53c62f4110cdfda3820346b59cbd098f4 EXTRA_OECONF_class-native = "--without-gmp" EXTRA_OECONF_class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}" -EXTRA_OECONF_class-nativesdk = "--enable-install-program=arch" +EXTRA_OECONF_class-nativesdk = "--enable-install-program=arch,hostname" # acl and xattr are not default features # diff --git a/poky/meta/recipes-core/dropbear/dropbear/init b/poky/meta/recipes-core/dropbear/dropbear/init index f6e1c462f..ffab7a236 100755 --- a/poky/meta/recipes-core/dropbear/dropbear/init +++ b/poky/meta/recipes-core/dropbear/dropbear/init @@ -17,8 +17,11 @@ NAME=dropbear DESC="Dropbear SSH server" PIDFILE=/var/run/dropbear.pid +# These values may be replaced by those from /etc/default/dropbear +DROPBEAR_RSAKEY_DIR="/etc/dropbear" DROPBEAR_PORT=22 DROPBEAR_EXTRA_ARGS= +DROPBEAR_RSAKEY_ARGS= NO_START=0 set -e @@ -28,32 +31,19 @@ test "$NO_START" = "0" || exit 0 test -x "$DAEMON" || exit 0 test ! -h /var/service/dropbear || exit 0 -readonly_rootfs=0 -for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' +Date: Fri, 23 Mar 2018 16:19:45 +0100 +Subject: [PATCH] Fix i386 memmove issue (bug 22644). + + [BZ #22644] + * sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S: Fixed + branch conditions. + * string/test-memmove.c (do_test2): New testcase. + +Upstream-Status: Backport +CVE: CVE-2017-18269 +Signed-off-by: Zhixiong Chi +--- + ChangeLog | 8 +++ + string/test-memmove.c | 58 ++++++++++++++++++++++ + .../i386/i686/multiarch/memcpy-sse2-unaligned.S | 12 ++--- + 3 files changed, 72 insertions(+), 6 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 18ed09e..afdb766 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,11 @@ ++2018-03-23 Andrew Senkevich ++ Max Horn ++ ++ [BZ #22644] ++ * sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S: Fixed ++ branch conditions. ++ * string/test-memmove.c (do_test2): New testcase. ++ + 2018-02-22 Andrew Waterman + + [BZ # 22884] +diff --git a/string/test-memmove.c b/string/test-memmove.c +index edc7a4c..64e3651 100644 +--- a/string/test-memmove.c ++++ b/string/test-memmove.c +@@ -24,6 +24,7 @@ + # define TEST_NAME "memmove" + #endif + #include "test-string.h" ++#include + + char *simple_memmove (char *, const char *, size_t); + +@@ -245,6 +246,60 @@ do_random_tests (void) + } + } + ++static void ++do_test2 (void) ++{ ++ size_t size = 0x20000000; ++ uint32_t * large_buf; ++ ++ large_buf = mmap ((void*) 0x70000000, size, PROT_READ | PROT_WRITE, ++ MAP_PRIVATE | MAP_ANON, -1, 0); ++ ++ if (large_buf == MAP_FAILED) ++ error (EXIT_UNSUPPORTED, errno, "Large mmap failed"); ++ ++ if ((uintptr_t) large_buf > 0x80000000 - 128 ++ || 0x80000000 - (uintptr_t) large_buf > 0x20000000) ++ { ++ error (0, 0, "Large mmap allocated improperly"); ++ ret = EXIT_UNSUPPORTED; ++ munmap ((void *) large_buf, size); ++ return; ++ } ++ ++ size_t bytes_move = 0x80000000 - (uintptr_t) large_buf; ++ size_t arr_size = bytes_move / sizeof (uint32_t); ++ size_t i; ++ ++ FOR_EACH_IMPL (impl, 0) ++ { ++ for (i = 0; i < arr_size; i++) ++ large_buf[i] = (uint32_t) i; ++ ++ uint32_t * dst = &large_buf[33]; ++ ++#ifdef TEST_BCOPY ++ CALL (impl, (char *) large_buf, (char *) dst, bytes_move); ++#else ++ CALL (impl, (char *) dst, (char *) large_buf, bytes_move); ++#endif ++ ++ for (i = 0; i < arr_size; i++) ++ { ++ if (dst[i] != (uint32_t) i) ++ { ++ error (0, 0, ++ "Wrong result in function %s dst \"%p\" src \"%p\" offset \"%zd\"", ++ impl->name, dst, large_buf, i); ++ ret = 1; ++ break; ++ } ++ } ++ } ++ ++ munmap ((void *) large_buf, size); ++} ++ + int + test_main (void) + { +@@ -284,6 +339,9 @@ test_main (void) + } + + do_random_tests (); ++ ++ do_test2 (); ++ + return ret; + } + +diff --git a/sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S b/sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S +index 9c3bbe7..9aa17de 100644 +--- a/sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S ++++ b/sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S +@@ -72,7 +72,7 @@ ENTRY (MEMCPY) + cmp %edx, %eax + + # ifdef USE_AS_MEMMOVE +- jg L(check_forward) ++ ja L(check_forward) + + L(mm_len_0_or_more_backward): + /* Now do checks for lengths. We do [0..16], [16..32], [32..64], [64..128] +@@ -81,7 +81,7 @@ L(mm_len_0_or_more_backward): + jbe L(mm_len_0_16_bytes_backward) + + cmpl $32, %ecx +- jg L(mm_len_32_or_more_backward) ++ ja L(mm_len_32_or_more_backward) + + /* Copy [0..32] and return. */ + movdqu (%eax), %xmm0 +@@ -92,7 +92,7 @@ L(mm_len_0_or_more_backward): + + L(mm_len_32_or_more_backward): + cmpl $64, %ecx +- jg L(mm_len_64_or_more_backward) ++ ja L(mm_len_64_or_more_backward) + + /* Copy [0..64] and return. */ + movdqu (%eax), %xmm0 +@@ -107,7 +107,7 @@ L(mm_len_32_or_more_backward): + + L(mm_len_64_or_more_backward): + cmpl $128, %ecx +- jg L(mm_len_128_or_more_backward) ++ ja L(mm_len_128_or_more_backward) + + /* Copy [0..128] and return. */ + movdqu (%eax), %xmm0 +@@ -132,7 +132,7 @@ L(mm_len_128_or_more_backward): + add %ecx, %eax + cmp %edx, %eax + movl SRC(%esp), %eax +- jle L(forward) ++ jbe L(forward) + PUSH (%esi) + PUSH (%edi) + PUSH (%ebx) +@@ -269,7 +269,7 @@ L(check_forward): + add %edx, %ecx + cmp %eax, %ecx + movl LEN(%esp), %ecx +- jle L(forward) ++ jbe L(forward) + + /* Now do checks for lengths. We do [0..16], [0..32], [0..64], [0..128] + separately. */ +-- +2.9.3 diff --git a/poky/meta/recipes-core/glibc/glibc/CVE-2018-11236.patch b/poky/meta/recipes-core/glibc/glibc/CVE-2018-11236.patch new file mode 100644 index 000000000..e2bb40b0d --- /dev/null +++ b/poky/meta/recipes-core/glibc/glibc/CVE-2018-11236.patch @@ -0,0 +1,164 @@ +From 5460617d1567657621107d895ee2dd83bc1f88f2 Mon Sep 17 00:00:00 2001 +From: Paul Pluzhnikov +Date: Tue, 8 May 2018 18:12:41 -0700 +Subject: [PATCH] Fix BZ 22786: integer addition overflow may cause stack + buffer overflow when realpath() input length is close to SSIZE_MAX. + +2018-05-09 Paul Pluzhnikov + + [BZ #22786] + * stdlib/canonicalize.c (__realpath): Fix overflow in path length + computation. + * stdlib/Makefile (test-bz22786): New test. + * stdlib/test-bz22786.c: New test. + +CVE: CVE-2018-11236 +Upstream-Status: Backport +Signed-off-by: Zhixiong Chi +--- + ChangeLog | 8 +++++ + stdlib/Makefile | 2 +- + stdlib/canonicalize.c | 2 +- + stdlib/test-bz22786.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 100 insertions(+), 2 deletions(-) + create mode 100644 stdlib/test-bz22786.c + +diff --git a/ChangeLog b/ChangeLog +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,11 @@ ++2018-05-09 Paul Pluzhnikov ++ ++ [BZ #22786] ++ * stdlib/canonicalize.c (__realpath): Fix overflow in path length ++ computation. ++ * stdlib/Makefile (test-bz22786): New test. ++ * stdlib/test-bz22786.c: New test. ++ + 2018-03-23 Andrew Senkevich + Max Horn + +diff --git a/stdlib/Makefile b/stdlib/Makefile +index af1643c..1ddb1f9 100644 +--- a/stdlib/Makefile ++++ b/stdlib/Makefile +@@ -84,7 +84,7 @@ tests := tst-strtol tst-strtod testmb testrand testsort testdiv \ + tst-cxa_atexit tst-on_exit test-atexit-race \ + test-at_quick_exit-race test-cxa_atexit-race \ + test-on_exit-race test-dlclose-exit-race \ +- tst-makecontext-align ++ tst-makecontext-align test-bz22786 + + tests-internal := tst-strtod1i tst-strtod3 tst-strtod4 tst-strtod5i \ + tst-tls-atexit tst-tls-atexit-nodelete +diff --git a/stdlib/canonicalize.c b/stdlib/canonicalize.c +index 4135f3f..390fb43 100644 +--- a/stdlib/canonicalize.c ++++ b/stdlib/canonicalize.c +@@ -181,7 +181,7 @@ __realpath (const char *name, char *resolved) + extra_buf = __alloca (path_max); + + len = strlen (end); +- if ((long int) (n + len) >= path_max) ++ if (path_max - n <= len) + { + __set_errno (ENAMETOOLONG); + goto error; +diff --git a/stdlib/test-bz22786.c b/stdlib/test-bz22786.c +new file mode 100644 +index 0000000..e7837f9 +--- /dev/null ++++ b/stdlib/test-bz22786.c +@@ -0,0 +1,90 @@ ++/* Bug 22786: test for buffer overflow in realpath. ++ Copyright (C) 2018 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++/* This file must be run from within a directory called "stdlib". */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static int ++do_test (void) ++{ ++ const char dir[] = "bz22786"; ++ const char lnk[] = "bz22786/symlink"; ++ ++ rmdir (dir); ++ if (mkdir (dir, 0755) != 0 && errno != EEXIST) ++ { ++ printf ("mkdir %s: %m\n", dir); ++ return EXIT_FAILURE; ++ } ++ if (symlink (".", lnk) != 0 && errno != EEXIST) ++ { ++ printf ("symlink (%s, %s): %m\n", dir, lnk); ++ return EXIT_FAILURE; ++ } ++ ++ const size_t path_len = (size_t) INT_MAX + 1; ++ ++ DIAG_PUSH_NEEDS_COMMENT; ++#if __GNUC_PREREQ (7, 0) ++ /* GCC 7 warns about too-large allocations; here we need such ++ allocation to succeed for the test to work. */ ++ DIAG_IGNORE_NEEDS_COMMENT (7, "-Walloc-size-larger-than="); ++#endif ++ char *path = malloc (path_len); ++ DIAG_POP_NEEDS_COMMENT; ++ ++ if (path == NULL) ++ { ++ printf ("malloc (%zu): %m\n", path_len); ++ return EXIT_UNSUPPORTED; ++ } ++ ++ /* Construct very long path = "bz22786/symlink/aaaa....." */ ++ char *p = mempcpy (path, lnk, sizeof (lnk) - 1); ++ *(p++) = '/'; ++ memset (p, 'a', path_len - (path - p) - 2); ++ p[path_len - (path - p) - 1] = '\0'; ++ ++ /* This call crashes before the fix for bz22786 on 32-bit platforms. */ ++ p = realpath (path, NULL); ++ ++ if (p != NULL || errno != ENAMETOOLONG) ++ { ++ printf ("realpath: %s (%m)", p); ++ return EXIT_FAILURE; ++ } ++ ++ /* Cleanup. */ ++ unlink (lnk); ++ rmdir (dir); ++ ++ return 0; ++} ++ ++#define TEST_FUNCTION do_test ++#include +-- +2.9.3 diff --git a/poky/meta/recipes-core/glibc/glibc_2.27.bb b/poky/meta/recipes-core/glibc/glibc_2.27.bb index c814798bb..22a9881ea 100644 --- a/poky/meta/recipes-core/glibc/glibc_2.27.bb +++ b/poky/meta/recipes-core/glibc/glibc_2.27.bb @@ -45,6 +45,8 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0028-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch \ file://0029-Replace-strncpy-with-memccpy-to-fix-Wstringop-trunca.patch \ file://0030-plural_c_no_preprocessor_lines.patch \ + file://CVE-2017-18269.patch \ + file://CVE-2018-11236.patch \ " NATIVESDKFIXES ?= "" diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb index db2f58dfb..1e78f4f9c 100644 --- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -22,7 +22,7 @@ IMAGE_FSTYPES = "wic.vmdk" inherit core-image module-base setuptools3 -SRCREV ?= "14d62d5c14e3552f2aeabdbd80d1504bb2c6ed64" +SRCREV ?= "2464dd404041a7a00b18e42950cbf4719180141d" SRC_URI = "git://git.yoctoproject.org/poky;branch=sumo \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ diff --git a/poky/meta/recipes-core/initrdscripts/files/init-install.sh b/poky/meta/recipes-core/initrdscripts/files/init-install.sh index 28e8f09d1..e71579631 100644 --- a/poky/meta/recipes-core/initrdscripts/files/init-install.sh +++ b/poky/meta/recipes-core/initrdscripts/files/init-install.sh @@ -302,6 +302,8 @@ if [ -f /etc/grub.d/00_header -a $grub_version -ne 0 ] ; then GRUBCFG="/boot/grub/grub.cfg" mkdir -p $(dirname $GRUBCFG) cat >$GRUBCFG <<_EOF +timeout=5 +default=0 menuentry "Linux" { search --no-floppy --fs-uuid $boot_uuid --set root linux /$kernel root=PARTUUID=$root_part_uuid $rootwait rw $5 $3 $4 quiet diff --git a/poky/meta/recipes-core/initscripts/initscripts-1.0/mountnfs.sh b/poky/meta/recipes-core/initscripts/initscripts-1.0/mountnfs.sh index fe6c19605..be9f5970f 100755 --- a/poky/meta/recipes-core/initscripts/initscripts-1.0/mountnfs.sh +++ b/poky/meta/recipes-core/initscripts/initscripts-1.0/mountnfs.sh @@ -67,9 +67,12 @@ if test "$rpcbind" = yes then if test -x /usr/sbin/rpcbind then - echo -n "Starting rpcbind... " - start-stop-daemon --start --quiet --exec /usr/sbin/rpcbind - sleep 2 + service rpcbind status > /dev/null + if [ $? != 0 ]; then + echo -n "Starting rpcbind..." + start-stop-daemon --start --quiet --exec /usr/sbin/rpcbind + sleep 2 + fi fi fi diff --git a/poky/meta/recipes-core/libxml/libxml2_2.9.7.bb b/poky/meta/recipes-core/libxml/libxml2_2.9.7.bb index 2fb90a68a..deb3488a7 100644 --- a/poky/meta/recipes-core/libxml/libxml2_2.9.7.bb +++ b/poky/meta/recipes-core/libxml/libxml2_2.9.7.bb @@ -44,7 +44,12 @@ RDEPENDS_${PN}-ptest += "make ${@bb.utils.contains('PACKAGECONFIG', 'python', 'l RDEPENDS_${PN}-python += "${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3-core', '', d)}" -RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-ebcdic-us glibc-gconv-ibm1141 glibc-gconv-iso8859-5" +RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-ebcdic-us \ + glibc-gconv-ibm1141 \ + glibc-gconv-iso8859-5 \ + glibc-gconv-euc-jp \ + locale-base-en-us \ + " export PYTHON_SITE_PACKAGES="${PYTHON_SITEPACKAGES_DIR}" diff --git a/poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch b/poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch new file mode 100644 index 000000000..342fcc623 --- /dev/null +++ b/poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch @@ -0,0 +1,71 @@ +From 9fce4bab014b9aa618060eba13d6dd04b0fa1b70 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 2 Mar 2018 17:11:52 +0100 +Subject: [PATCH 1/4] BaseTools/header.makefile: add "-Wno-stringop-truncation" + +gcc-8 (which is part of Fedora 28) enables the new warning +"-Wstringop-truncation" in "-Wall". This warning is documented in detail +at ; the +introduction says + +> Warn for calls to bounded string manipulation functions such as strncat, +> strncpy, and stpncpy that may either truncate the copied string or leave +> the destination unchanged. + +It breaks the BaseTools build with: + +> EfiUtilityMsgs.c: In function 'PrintMessage': +> EfiUtilityMsgs.c:484:9: error: 'strncat' output may be truncated copying +> between 0 and 511 bytes from a string of length 511 +> [-Werror=stringop-truncation] +> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> EfiUtilityMsgs.c:469:9: error: 'strncat' output may be truncated copying +> between 0 and 511 bytes from a string of length 511 +> [-Werror=stringop-truncation] +> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> EfiUtilityMsgs.c:511:5: error: 'strncat' output may be truncated copying +> between 0 and 511 bytes from a string of length 511 +> [-Werror=stringop-truncation] +> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The right way to fix the warning would be to implement string concat with +snprintf(). However, Microsoft does not appear to support snprintf() +before VS2015 +, +so we just have to shut up the warning. The strncat() calls flagged above +are valid BTW. + +Cc: Ard Biesheuvel +Cc: Cole Robinson +Cc: Liming Gao +Cc: Paolo Bonzini +Cc: Yonghong Zhu +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek +Reviewed-by: Liming Gao +--- +Signed-off-by: Khem Raj +Upstream-Status: Backport + + BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: git/BaseTools/Source/C/Makefiles/header.makefile +=================================================================== +--- git.orig/BaseTools/Source/C/Makefiles/header.makefile ++++ git/BaseTools/Source/C/Makefiles/header.makefile +@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) + BUILD_CPPFLAGS += $(INCLUDE) -O2 + ifeq ($(DARWIN),Darwin) + # assume clang or clang compatible flags on OS X +-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g ++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g + else +-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g ++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g + endif + BUILD_LFLAGS = $(LDFLAGS) + BUILD_CXXFLAGS += -Wno-unused-result diff --git a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch new file mode 100644 index 000000000..a076665c3 --- /dev/null +++ b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch @@ -0,0 +1,102 @@ +From 86dbdac5a25bd23deb4a0e0a97b527407e02184d Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 2 Mar 2018 17:11:52 +0100 +Subject: [PATCH 2/4] BaseTools/header.makefile: add "-Wno-restrict" + +gcc-8 (which is part of Fedora 28) enables the new warning +"-Wrestrict" in "-Wall". This warning is documented in detail +at ; the +introduction says + +> Warn when an object referenced by a restrict-qualified parameter (or, in +> C++, a __restrict-qualified parameter) is aliased by another argument, +> or when copies between such objects overlap. + +It breaks the BaseTools build (in the Brotli compression library) with: + +> In function 'ProcessCommandsInternal', +> inlined from 'ProcessCommands' at dec/decode.c:1828:10: +> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631 +> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at +> offset 16 [-Werror=restrict] +> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16)); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> In function 'ProcessCommandsInternal', +> inlined from 'SafeProcessCommands' at dec/decode.c:1833:10: +> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631 +> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at +> offset 16 [-Werror=restrict] +> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16)); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Paolo Bonzini analyzed the Brotli source in detail, +and concluded that the warning is a false positive: + +> This seems safe to me, because it's preceded by: +> +> uint8_t* copy_dst = &s->ringbuffer[pos]; +> uint8_t* copy_src = &s->ringbuffer[src_start]; +> int dst_end = pos + i; +> int src_end = src_start + i; +> if (src_end > pos && dst_end > src_start) { +> /* Regions intersect. */ +> goto CommandPostWrapCopy; +> } +> +> If [src_start, src_start + i) and [pos, pos + i) don't intersect, then +> neither do [src_start + 16, src_start + i) and [pos + 16, pos + i). +> +> The if seems okay: +> +> (src_start + i > pos && pos + i > src_start) +> +> which can be rewritten to: +> +> (pos < src_start + i && src_start < pos + i) +> +> Then the numbers are in one of these two orders: +> +> pos <= src_start < pos + i <= src_start + i +> src_start <= pos < src_start + i <= pos + i +> +> These two would be allowed by the "if", but they can only happen if pos +> == src_start so they degenerate to the same two orders above: +> +> pos <= src_start < src_start + i <= pos + i +> src_start <= pos < pos + i <= src_start + i +> +> So it is a false positive in GCC. + +Disable the warning for now. + +Cc: Ard Biesheuvel +Cc: Cole Robinson +Cc: Liming Gao +Cc: Paolo Bonzini +Cc: Yonghong Zhu +Reported-by: Cole Robinson +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek +Reviewed-by: Liming Gao +--- +Signed-off-by: Khem Raj +Upstream-Status: Backport + BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: git/BaseTools/Source/C/Makefiles/header.makefile +=================================================================== +--- git.orig/BaseTools/Source/C/Makefiles/header.makefile ++++ git/BaseTools/Source/C/Makefiles/header.makefile +@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) + BUILD_CPPFLAGS += $(INCLUDE) -O2 + ifeq ($(DARWIN),Darwin) + # assume clang or clang compatible flags on OS X +-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g ++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g + else +-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g ++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g + endif + BUILD_LFLAGS = $(LDFLAGS) + BUILD_CXXFLAGS += -Wno-unused-result diff --git a/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch b/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch new file mode 100644 index 000000000..920723e32 --- /dev/null +++ b/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch @@ -0,0 +1,53 @@ +From 6866325dd9c17412e555974dde41f9631224db52 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 7 Mar 2018 10:17:28 +0100 +Subject: [PATCH 3/4] BaseTools/header.makefile: revert gcc-8 "-Wno-xxx" + options on OSX + +I recently added the gcc-8 specific "-Wno-stringop-truncation" and +"-Wno-restrict" options to BUILD_CFLAGS, both for "Darwin" (XCODE5 / +clang, OSX) and otherwise (gcc, Linux / Cygwin). + +I also regression-tested the change with gcc-4.8 on Linux -- gcc-4.8 does +not know either of the (gcc-8 specific) "-Wno-stringop-truncation" and +"-Wno-restrict" options, yet the build completed fine (by GCC design). + +Regarding OSX, my expectation was that + +- XCODE5 / clang would either recognize these warnings options (because + clang does recognize most -W options of gcc), + +- or, similarly to gcc, clang would simply ignore the "-Wno-xxx" flags + that it didn't recognize. + +Neither is the case; the new flags have broken the BaseTools build on OSX. +Revert them (for OSX only). + +Cc: Liming Gao +Cc: Yonghong Zhu +Reported-by: Liming Gao +Fixes: 1d212a83df0eaf32a6f5d4159beb2d77832e0231 +Fixes: 9222154ae7b3eef75ae88cdb56158256227cb929 +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek +Reviewed-by: Liming Gao +Acked-by: Ard Biesheuvel +--- +Signed-off-by: Khem Raj +Upstream-Status: Backport + BaseTools/Source/C/Makefiles/header.makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: git/BaseTools/Source/C/Makefiles/header.makefile +=================================================================== +--- git.orig/BaseTools/Source/C/Makefiles/header.makefile ++++ git/BaseTools/Source/C/Makefiles/header.makefile +@@ -47,7 +47,7 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) + BUILD_CPPFLAGS += $(INCLUDE) -O2 + ifeq ($(DARWIN),Darwin) + # assume clang or clang compatible flags on OS X +-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g ++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g + else + BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g + endif diff --git a/poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch b/poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch new file mode 100644 index 000000000..7ad7cdf0c --- /dev/null +++ b/poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch @@ -0,0 +1,66 @@ +From dfb42a5bff78d9239a80731e337855234badef3e Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 2 Mar 2018 17:11:52 +0100 +Subject: [PATCH 4/4] BaseTools/GenVtf: silence false "stringop-overflow" + warning with memcpy() + +gcc-8 (which is part of Fedora 28) enables the new warning +"-Wstringop-overflow" in "-Wall". This warning is documented in detail at +; the +introduction says + +> Warn for calls to string manipulation functions such as memcpy and +> strcpy that are determined to overflow the destination buffer. + +It breaks the BaseTools build with: + +> GenVtf.c: In function 'ConvertVersionInfo': +> GenVtf.c:132:7: error: 'strncpy' specified bound depends on the length +> of the source argument [-Werror=stringop-overflow=] +> strncpy (TemStr + 4 - Length, Str, Length); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> GenVtf.c:130:14: note: length computed here +> Length = strlen(Str); +> ^~~~~~~~~~~ + +It is a false positive because, while the bound equals the length of the +source argument, the destination pointer is moved back towards the +beginning of the destination buffer by the same amount (and this amount is +range-checked first, so we can't precede the start of the dest buffer). + +Replace both strncpy() calls with memcpy(). + +Cc: Ard Biesheuvel +Cc: Cole Robinson +Cc: Liming Gao +Cc: Paolo Bonzini +Cc: Yonghong Zhu +Reported-by: Cole Robinson +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek +Reviewed-by: Liming Gao +--- +Signed-off-by: Khem Raj +Upstream-Status: Backport + BaseTools/Source/C/GenVtf/GenVtf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/BaseTools/Source/C/GenVtf/GenVtf.c b/BaseTools/Source/C/GenVtf/GenVtf.c +index 2ae9a7be2c..0cd33e71e9 100644 +--- a/BaseTools/Source/C/GenVtf/GenVtf.c ++++ b/BaseTools/Source/C/GenVtf/GenVtf.c +@@ -129,9 +129,9 @@ Returns: + } else { + Length = strlen(Str); + if (Length < 4) { +- strncpy (TemStr + 4 - Length, Str, Length); ++ memcpy (TemStr + 4 - Length, Str, Length); + } else { +- strncpy (TemStr, Str + Length - 4, 4); ++ memcpy (TemStr, Str + Length - 4, 4); + } + + sscanf ( +-- +2.17.0 + diff --git a/poky/meta/recipes-core/ovmf/ovmf_git.bb b/poky/meta/recipes-core/ovmf/ovmf_git.bb index 8750b3c52..e57fa0972 100644 --- a/poky/meta/recipes-core/ovmf/ovmf_git.bb +++ b/poky/meta/recipes-core/ovmf/ovmf_git.bb @@ -19,6 +19,10 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \ file://0004-ovmf-enable-long-path-file.patch \ file://VfrCompile-increase-path-length-limit.patch \ file://no-stack-protector-all-archs.patch \ + file://0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch \ + file://0002-BaseTools-header.makefile-add-Wno-restrict.patch \ + file://0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch \ + file://0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" @@ -35,7 +39,7 @@ SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6eb inherit deploy -PARALLEL_MAKE_class-native = "" +PARALLEL_MAKE = "" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-core/systemd/systemd_237.bb b/poky/meta/recipes-core/systemd/systemd_237.bb index 2e6558ded..a409b1829 100644 --- a/poky/meta/recipes-core/systemd/systemd_237.bb +++ b/poky/meta/recipes-core/systemd/systemd_237.bb @@ -312,7 +312,7 @@ USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--sys USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /bin/nologin systemd-coredump;', '', d)}" USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'resolved', '--system -d / -M --shell /bin/nologin systemd-resolve;', '', d)}" USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;', '', d)}" -GROUPADD_PARAM_${PN} = "-r lock; -r systemd-journal" +GROUPADD_PARAM_${PN} = "-r systemd-journal" USERADD_PARAM_${PN}-extra-utils += "--system -d / -M --shell /bin/nologin systemd-bus-proxy;" FILES_${PN}-analyze = "${bindir}/systemd-analyze" -- cgit v1.2.3