From 635e0e4637e40ba03f69204265427550fd404f4c Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Fri, 21 Aug 2020 15:58:33 -0500 Subject: poky: subtree update:23deb29c1b..c67f57c09e Adrian Bunk (1): librsvg: Upgrade 2.40.20 -> 2.40.21 Alejandro Hernandez (1): musl: Upgrade to latest release 1.2.1 Alex Kiernan (8): systemd: Upgrade v245.6 -> v246 systemd: Move musl patches to SRC_URI_MUSL systemd: Fix path to modules-load.d et al nfs-utils: Drop StandardError=syslog from systemd unit openssh: Drop StandardError=syslog from systemd unit volatile-binds: Drop StandardOutput=syslog from systemd unit systemd: Upgrade v246 -> v246.1 systemd: Upgrade v246.1 -> v246.2 Alexander Kanavin (16): sysvinit: update 2.96 -> 2.97 kbd: update 2.2.0 -> 2.3.0 gnu-config: update to latest revision go: update 1.14.4 -> 1.14.6 meson: update 0.54.3 -> 0.55.0 nasm: update 2.14.02 -> 2.15.03 glib-2.0: correct build with latest meson rsync: update 3.2.1 -> 3.2.2 vala: update 0.48.6 -> 0.48.7 logrotate: update 3.16.0 -> 3.17.0 mesa: update 20.1.2 -> 20.1.4 libcap: update 2.36 -> 2.41 net-tools: fix upstream version check meson.bbclass: add a cups-config entry oeqa: write @OETestTag content into json test reports for each case libhandy: upstream has moved to gnome Alistair Francis (1): binutils: Remove RISC-V PIE patch Andrei Gherzan (2): initscripts: Fix various shellcheck warnings in populate-volatile.sh initscripts: Fix populate-volatile.sh bug when file/dir exists Anuj Mittal (4): harfbuzz: upgrade 2.6.8 -> 2.7.1 sqlite3: upgrade 3.32.3 -> 3.33.0 stress-ng: upgrade 0.11.17 -> 0.11.18 x264: upgrade to latest revision Armin Kuster (1): glibc: Secruity fix for CVE-2020-6096 Bruce Ashfield (25): linux-yocto/5.4: update to v5.4.53 linux-yocto/5.4: fix perf build with binutils 2.35 kernel/yocto: allow dangling KERNEL_FEATURES linux-yocto/5.4: update to v5.4.54 systemtap: update to 4.3 latest kernel-devsrc: fix x86 (32bit) on target module build lttng-modules: update to 2.12.2 (fixes v5.8+ builds) yocto-bsps: update reference BSPs to 5.4.54 kernel-yocto: enhance configuration queue analysis capabilities strace: update to 5.8 (fix build against v5.8 uapi headers) linux-yocto-rt/5.4: update to rt32 linux-yocto/5.4: update to v5.4.56 linux-yocto/5.4: update to v5.4.57 kernel-yocto: set cwd before querying the meta data dir kernel-yocto: make # is not set matching more precise kernel-yocto: split meta data gathering into patch and config phases make-mod-scripts: add HOSTCXX definitions and gmp-native dependency kernel-devsrc: fix on target modules prepare for ARM kernel-devsrc: 5.8 + gcc10 require gcc-plugins + libmpc-dev linux-yocto/5.4: update to v5.4.58 linux-yocto/5.4: perf cs-etm: Move definition of 'traceid_list' global variable from header file libc-headers: update to v5.8 linux-yocto: introduce 5.8 reference kernel kernel-yocto/5.8: add gmp-native dependency linux-yocto/5.8: update to v5.8.1 Chandana kalluri (1): qemu.inc: Use virtual/libgl instead of mesa Changhyeok Bae (2): iproute2: upgrade 5.7.0 -> 5.8.0 ethtool: upgrade 5.7 -> 5.8 Changqing Li (5): layer.conf: fix adwaita-icon-theme signature change problem gtk-icon-cache.bbclass: add features_check gcc-runtime.inc: fix m32 compile fail with x86-64 compiler libffi: fix multilib header conflict gpgme: fix multilib header conflict Chen Qi (3): grub: set CVE_PRODUCT to grub2 runqemu: fix permission check of /dev/vhost-net fribidi: extend CVE_PRODUCT to include fribidi Chris Laplante (11): lib/oe/log_colorizer.py: add LogColorizerProxyProgressHandler bitbake: build: print traceback if progress handler can't be created bitbake: build: create_progress_handler: fix calling 'get' on NoneType bitbake: progress: modernize syntax, format bitbake: progress: fix hypothetical NameError if 'progress' isn't set bitbake: progress: filter ANSI escape codes before looking for progress text bitbake: tests/color: add test suite for ANSI color code filtering bitbake: data: emit filename/lineno information for shell functions bitbake: build: print a backtrace when a Bash shell function fails bitbake: build: print a backtrace with the original metadata locations of Bash shell funcs bitbake: build: make shell traps less chatty when 'bitbake -v' is used Dan Callaghan (1): stress-ng: create a symlink for /usr/bin/stress Daniel Ammann (1): wic: fix typo Daniel Gomez (1): allarch: Add missing allarch ttf-bitstream-vera Diego Sueiro (1): cml1: Add the option to choose the .config root dir Dmitry Baryshkov (3): mesa: enable freedreno Vulkan driver if freedreno is enabled arch-armv8-2a.inc: add tune include for armv8.2a tune-cortexa55.inc: switch to using armv8.2a include file Fredrik Gustafsson (13): package_manager: Move to package_manager/__init__.py rpm: Move manifest to its own subdir ipk: Move ipk manifest to its own subdir deb: Move deb manifest to its own subdir rpm: Move rootfs to its own dir ipk: Move rootfs to its own dir deb: Move rootfs to its own dir rpm: Move sdk to its own dir ipk: Move sdk to its own dir deb: Move sdk to its own dir rpm: Move package manager to its own dir ipk: Move package manager to its own dir deb: Move package manager to its own dir Guillaume Champagne (1): weston: add missing packageconfigs Jeremy Puhlman (1): gobject-introspection: disable scanner caching in install Joe Slater (3): libdnf: allow reproducible binary builds gconf: use python3 gcr: make sure gcr-oids.h is generated Jonathan Richardson (1): cortex-m0plus.inc: Add tuning for cortex M0 plus Joshua Watt (3): bitbake: bitbake: command: Handle multiconfig in findSigInfo lib/oe/reproducible.py: Fix git HEAD check perl: Add check for non-arch Storable.pm file Khasim Mohammed (2): wic/bootimg-efi: Add support for IMAGE_BOOT_FILES wic/bootimg-efi: Update docs for IMAGE_BOOT_FILES support in bootimg-efi Khem Raj (23): qemumips: Use 34Kf CPU emulation libunwind: Backport a fix for -fno-common option to compile dhcp: Use -fcommon compiler option inetutils: Fix build with -fno-common libomxil: Use -fcommon compiler option kexec-tools: Fix build with -fno-common distcc: Fix build with -fno-common libacpi: Fix build with -fno-common minicom: Fix build when using -fno-common binutils: Upgrade to 2.35 release xf86-video-intel: Fix build with -fno-common glibc: Upgrade to 2.32 release go: Upgrade to 1.14.7 webkitgtk: Upgrade to 2.28.4 kexec-tools: Fix additional duplicate symbols on aarch64/x86_64 builds gcc: Upgrade to 10.2.0 buildcpio.py: Apply patch to fix build with -fno-common buildgalculator: Patch to fix build with -fno-common localedef: Update to include floatn.h fix xserver-xorg: Fix build with -fno-common/mips binutils: Let crosssdk gold linker generate 4096 btyes long .interp section gcc-cross-canadian: Correct the regexp to delete versioned gcc binary curl: Upgrade to 7.72.0 Konrad Weihmann (2): rootfs-post: remove traling blanks from tasks cve-update: handle baseMetricV2 as optional Lee Chee Yang (4): buildhistory: use pid for temporary txt file name checklayer: check layer in BBLAYERS before test ghostscript: fix CVE-2020-15900 qemu : fix CVE-2020-15863 Mark Hatle (1): package.bbclass: Sort shlib2 output for hash equivalency Martin Jansa (2): net-tools: upgrade to latest revision in upstream repo instead of old debian snapshot perf: backport a fix for confusing non-fatal error Matt Madison (1): cogl-1.0: correct X11 dependencies Matthew (3): ltp: remove --with-power-management-testsuite from EXTRA_OECONF ltp: remove OOM tests from runtest/mm ltp: make copyFrom scp command non-fatal Mikko Rapeli (2): alsa-topology-conf: use ${datadir} in do_install() alsa-ucm-conf: use ${datadir} in do_install() Ming Liu (3): conf/machine: set UBOOT_MACHINE for qemumips and qemumips64 multilib.conf: add u-boot to NON_MULTILIB_RECIPES libubootenv: uprev to v0.3 Mingli Yu (2): ccache: Upgrade to 3.7.11 Revert "python3: define a profile directory path" Naoto Yamaguchi (1): patch.py: Change to more strictly fuzz detection Nathan Rossi (4): libexif: Enable native and nativesdk cmake.bbclass: Rework compiler program variables for allarch python3: Improve handling of python3 manifest generation python3-manifest.json: Updates Oleksandr Kravchuk (9): python3-setuptools: update to 49.2.0 bash-completion: update to 2.11 python3: update to 3.8.5 re2c: update to 2.0 diffoscope: update to 153 json-c: update to 0.15 git: update 2.28.0 libwpe: update to 1.7.1 python3-setuptools: update to 49.3.1 Richard Purdie (20): perl: Avoid race continually rebuilding miniperl gcc: Fix mangled patch bitbake: server/process: Fix UI first connection tracking bitbake: server/process: Account for xmlrpc connections Revert "lib/oe/log_colorizer.py: add LogColorizerProxyProgressHandler" lib/package_manager: Fix missing imports populate_sdk_ext: Ensure buildtools doesn't corrupt OECORE_NATIVE_SYSROOT buildtools: Handle generic environment setup injection uninative: Handle PREMIRRORS generically maintainers: Update entries for Mark Hatle gcr: Fix patch Upstream-Status from v2 patch bitbake: server/process: Remove pointless process forking bitbake: server/process: Simplfy idle callback handler function bitbake: server/process: Pass timeout/xmlrpc parameters directly to the server bitbake: server/process: Add extra logfile flushing packagefeed-stability: Remove as obsolete build-compare: Drop recipe qemu: Upgrade 5.0.0 -> 5.1.0 selftest/tinfoil: Increase wait event timeout lttng-tools: upgrade 2.12.1 -> 2.12.2 Ross Burton (3): popt: upgrade to 1.18 conf/machine: set UBOOT_MACHINE for qemuarm and qemuarm64 gcc: backport a fix for out-of-line atomics on aarch64 TeohJayShen (2): oeqa/manual/bsp-hw.json : remove shutdown_system test oeqa/manual/bsp-hw.json : remove X_server_can_start_up_with_runlevel_5_boot test Trevor Gamblin (1): llvm: upgrade 9.0.1 -> 10.0.1 Tyler Hicks (1): kernel-devicetree: Fix intermittent build failures caused by DTB builds Usama Arif (3): kernel-fitimage: build configuration for image tree when dtb is not present oeqa/selftest/imagefeatures: Add testcase for fitImage ref-manual: Add documentation for kernel-fitimage Vasyl Vavrychuk (1): runqemu: Check gtk or sdl option is passed together with gl or gl-es options. Yi Zhao (1): pbzip2: extend for nativesdk Zhang Qiang (1): kernel.bbclass: Configuration for environment with HOSTCXX hongxu (1): nativesdk-rpm: adjust RPM_CONFIGDIR paths dynamically zangrc (8): libevdev:upgrade 1.9.0 -> 1.9.1 mpg123:upgrade 1.26.2 -> 1.26.3 flex: Refresh patch stress-ng:upgrade 0.11.15 -> 0.11.17 sudo:upgrade 1.9.1 -> 1.9.2 libcap: Upgrade 2.41 -> 2.42 libinput: Upgrade 1.15.6 -> 1.16.0 python3-setuptools: Upgrade 49.2.0 -> 49.2.1 Signed-off-by: Andrew Geissler Change-Id: Ic7fa1e8484c1c7722a70c75608aa4ab21fa7d755 --- .../json-c/json-c/CVE-2020-12762.patch | 160 --------------------- poky/meta/recipes-devtools/json-c/json-c_0.14.bb | 20 --- poky/meta/recipes-devtools/json-c/json-c_0.15.bb | 18 +++ 3 files changed, 18 insertions(+), 180 deletions(-) delete mode 100644 poky/meta/recipes-devtools/json-c/json-c/CVE-2020-12762.patch delete mode 100644 poky/meta/recipes-devtools/json-c/json-c_0.14.bb create mode 100644 poky/meta/recipes-devtools/json-c/json-c_0.15.bb (limited to 'poky/meta/recipes-devtools/json-c') diff --git a/poky/meta/recipes-devtools/json-c/json-c/CVE-2020-12762.patch b/poky/meta/recipes-devtools/json-c/json-c/CVE-2020-12762.patch deleted file mode 100644 index a45cfb61b..000000000 --- a/poky/meta/recipes-devtools/json-c/json-c/CVE-2020-12762.patch +++ /dev/null @@ -1,160 +0,0 @@ -From 099016b7e8d70a6d5dd814e788bba08d33d48426 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann -Date: Mon, 4 May 2020 19:41:16 +0200 -Subject: [PATCH 1/3] Protect array_list_del_idx against size_t overflow. - -If the assignment of stop overflows due to idx and count being -larger than SIZE_T_MAX in sum, out of boundary access could happen. - -It takes invalid usage of this function for this to happen, but -I decided to add this check so array_list_del_idx is as safe against -bad usage as the other arraylist functions. - -Upstream-Status: Backport [https://github.com/json-c/json-c/commit/31243e4d1204ef78be34b0fcae73221eee6b83be] -CVE: CVE-2020-12762 -Signed-off-by: Chee Yang Lee - ---- - arraylist.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/arraylist.c b/arraylist.c -index 12ad8af6d3..e5524aca75 100644 ---- a/arraylist.c -+++ b/arraylist.c -@@ -136,6 +136,9 @@ int array_list_del_idx(struct array_list *arr, size_t idx, size_t count) - { - size_t i, stop; - -+ /* Avoid overflow in calculation with large indices. */ -+ if (idx > SIZE_T_MAX - count) -+ return -1; - stop = idx + count; - if (idx >= arr->length || stop > arr->length) - return -1; - -From 77d935b7ae7871a1940cd827e850e6063044ec45 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann -Date: Mon, 4 May 2020 19:46:45 +0200 -Subject: [PATCH 2/3] Prevent division by zero in linkhash. - -If a linkhash with a size of zero is created, then modulo operations -are prone to division by zero operations. - -Purely protective measure against bad usage. ---- - linkhash.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/linkhash.c b/linkhash.c -index 7ea58c0abf..f05cc38030 100644 ---- a/linkhash.c -+++ b/linkhash.c -@@ -12,6 +12,7 @@ - - #include "config.h" - -+#include - #include - #include - #include -@@ -499,6 +500,8 @@ struct lh_table *lh_table_new(int size, lh_entry_free_fn *free_fn, lh_hash_fn *h - int i; - struct lh_table *t; - -+ /* Allocate space for elements to avoid divisions by zero. */ -+ assert(size > 0); - t = (struct lh_table *)calloc(1, sizeof(struct lh_table)); - if (!t) - return NULL; - -From d07b91014986900a3a75f306d302e13e005e9d67 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann -Date: Mon, 4 May 2020 19:47:25 +0200 -Subject: [PATCH 3/3] Fix integer overflows. - -The data structures linkhash and printbuf are limited to 2 GB in size -due to a signed integer being used to track their current size. - -If too much data is added, then size variable can overflow, which is -an undefined behaviour in C programming language. - -Assuming that a signed int overflow just leads to a negative value, -like it happens on many sytems (Linux i686/amd64 with gcc), then -printbuf is vulnerable to an out of boundary write on 64 bit systems. ---- - linkhash.c | 7 +++++-- - printbuf.c | 19 ++++++++++++++++--- - 2 files changed, 21 insertions(+), 5 deletions(-) - -diff --git a/linkhash.c b/linkhash.c -index f05cc38030..51e90b13a2 100644 ---- a/linkhash.c -+++ b/linkhash.c -@@ -580,9 +580,12 @@ int lh_table_insert_w_hash(struct lh_table *t, const void *k, const void *v, con - { - unsigned long n; - -- if (t->count >= t->size * LH_LOAD_FACTOR) -- if (lh_table_resize(t, t->size * 2) != 0) -+ if (t->count >= t->size * LH_LOAD_FACTOR) { -+ /* Avoid signed integer overflow with large tables. */ -+ int new_size = INT_MAX / 2 < t->size ? t->size * 2 : INT_MAX; -+ if (t->size == INT_MAX || lh_table_resize(t, new_size) != 0) - return -1; -+ } - - n = h % t->size; - -diff --git a/printbuf.c b/printbuf.c -index 976c12dde5..00822fac4f 100644 ---- a/printbuf.c -+++ b/printbuf.c -@@ -15,6 +15,7 @@ - - #include "config.h" - -+#include - #include - #include - #include -@@ -65,10 +66,16 @@ static int printbuf_extend(struct printbuf *p, int min_size) - - if (p->size >= min_size) - return 0; -- -- new_size = p->size * 2; -- if (new_size < min_size + 8) -+ /* Prevent signed integer overflows with large buffers. */ -+ if (min_size > INT_MAX - 8) -+ return -1; -+ if (p->size > INT_MAX / 2) - new_size = min_size + 8; -+ else { -+ new_size = p->size * 2; -+ if (new_size < min_size + 8) -+ new_size = min_size + 8; -+ } - #ifdef PRINTBUF_DEBUG - MC_DEBUG("printbuf_memappend: realloc " - "bpos=%d min_size=%d old_size=%d new_size=%d\n", -@@ -83,6 +90,9 @@ static int printbuf_extend(struct printbuf *p, int min_size) - - int printbuf_memappend(struct printbuf *p, const char *buf, int size) - { -+ /* Prevent signed integer overflows with large buffers. */ -+ if (size > INT_MAX - p->bpos - 1) -+ return -1; - if (p->size <= p->bpos + size + 1) - { - if (printbuf_extend(p, p->bpos + size + 1) < 0) -@@ -100,6 +110,9 @@ int printbuf_memset(struct printbuf *pb, int offset, int charvalue, int len) - - if (offset == -1) - offset = pb->bpos; -+ /* Prevent signed integer overflows with large buffers. */ -+ if (len > INT_MAX - offset) -+ return -1; - size_needed = offset + len; - if (pb->size < size_needed) - { diff --git a/poky/meta/recipes-devtools/json-c/json-c_0.14.bb b/poky/meta/recipes-devtools/json-c/json-c_0.14.bb deleted file mode 100644 index 1d501d129..000000000 --- a/poky/meta/recipes-devtools/json-c/json-c_0.14.bb +++ /dev/null @@ -1,20 +0,0 @@ -SUMMARY = "C bindings for apps which will manipulate JSON data" -DESCRIPTION = "JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C." -HOMEPAGE = "https://github.com/json-c/json-c/wiki" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=de54b60fbbc35123ba193fea8ee216f2" - -SRC_URI = "https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \ - file://CVE-2020-12762.patch \ -" - -SRC_URI[sha256sum] = "b377de08c9b23ca3b37d9a9828107dff1de5ce208ff4ebb35005a794f30c6870" - -UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases" -UPSTREAM_CHECK_REGEX = "json-c-(?P\d+(\.\d+)+)-\d+" - -RPROVIDES_${PN} = "libjson" - -inherit cmake - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/json-c/json-c_0.15.bb b/poky/meta/recipes-devtools/json-c/json-c_0.15.bb new file mode 100644 index 000000000..2968590dd --- /dev/null +++ b/poky/meta/recipes-devtools/json-c/json-c_0.15.bb @@ -0,0 +1,18 @@ +SUMMARY = "C bindings for apps which will manipulate JSON data" +DESCRIPTION = "JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C." +HOMEPAGE = "https://github.com/json-c/json-c/wiki" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=de54b60fbbc35123ba193fea8ee216f2" + +SRC_URI = "https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz" + +SRC_URI[sha256sum] = "b8d80a1ddb718b3ba7492916237bbf86609e9709fb007e7f7d4322f02341a4c6" + +UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases" +UPSTREAM_CHECK_REGEX = "json-c-(?P\d+(\.\d+)+)-\d+" + +RPROVIDES_${PN} = "libjson" + +inherit cmake + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3