From 96ff1984133494bf6a3451ddeb7f14548d3697e1 Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Mon, 19 Aug 2019 13:50:42 -0400 Subject: subtree updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit poky: 67266331b0..835f7eac06: Adrian Bunk (9): valgrind: Remove dependency on libx11 bluez5: Remove obsolete dependency on dbus-glib python3-dbus: Remove obsolete dependency on dbus-glib cups: Remove unnecessary dependency on dbus-glib libnotify: Remove obsolete dependency on dbus-glib unfs3: Switch to new upstream location i2c-tools: Add alternative for i2ctransfer meta: Remove remnants of bluez4 support e2fsprogs: Remove patch that disabled 64bit for ext4 by default Adrian Freihofer (1): yocto-bsp: runqemu runs beaglebone-yocto Adrian Ratiu (1): opkg/package/rootfs_ipk: allow overwriting OPKGLIBDIR Alejandro del Castillo (1): opkg: upgrade to version 0.4.1 Alexander Kanavin (3): rt-tests: exclude 1.4 version from upstream check as well gtk-doc: correct the style.css permissions mobile-broadband-provider-info: upgrade 20190116 -> 20190618 Alistair Francis (7): mesa: Add support for the lima PACKAGECONFIG u-boot: Update to 2019.07 packagegroup-core-sdk: Set blank sanitiser for RISC-V 32 opensbi: Update from 0.3 to 0.4 opensbi: Fix installed-vs-shipped warning qemurunner.py: Be more verbose about problems package_manager: Ensure the base-feed directory exists Andrej Valek (2): busybox: 1.30.1 -> 1.31.0 oe/copy_buildsystem: move layer into layers directory Anuj Mittal (25): gstreamer1.0-plugins-bad: depend on vulkan-loader now vulkan-demos: depend on vulkan-loader vulkan: remove binutils: fix CVE-2019-12972 CVE-2019-9071 gnupg: upgrade 2.2.16 -> 2.2.17 libxslt: fix CVE-2019-13117 CVE-2019-13118 libva: upgrade 2.4.1 -> 2.5.0 libva-utils: upgrade 2.4.0 -> 2.5.0 nasm: fix CVE-2018-19755 python: fix CVE-2019-9740 python3: upgrade 3.7.3 -> 3.7.4 binutils: CVE-2019-9070 is same as CVE-2019-9071 qemu: fix CVE-2019-12155 bzip2: upgrade 1.0.7 -> 1.0.8 glib-2.0: upgrade 2.60.4 -> 2.60.5 vte: upgrade 0.56.1 -> 0.56.3 openssl: set CVE vendor to openssl curl: upgrade 7.65.1 -> 7.65.2 rsync: fix CVEs for included zlib glibc: CVE-2018-20796 is same as CVE-2019-9169 unzip: fix CVE-2019-13232 python: include CVE patches for python-native as well gdb: fix CVE-2017-9778 iptables: upgrade 1.8.2 -> 1.8.3 piglit: fix SRC_URI Armin Kuster (1): timezone: update to 2019b Bonnans, Laurent (1): openssl: fix valgrind errors on v1.1.1c Bruce Ashfield (5): linux-yocto/5.0: bsp: add basic xilinx zynqmp support linux-yocto/5.0: make scsi-debug include scsi core configs linux-yocto: bsp/beaglebone: support qemu -machine virt linux-yocto/4.19: update to 4.19.57 and -rt22 package: check PKG_ variables before executing ontarget postinst CHerzig@Gauselmann.de (1): bitbake: fetch2/clearcase: Fix class import errors Changqing Li (5): quilt: run-ptest remove Interactive Input mdadm: fix systemd service start up failure mdam: fix mdmonitor start up failure opkg: make ptest output format align with common style mdadm: make ptest output format align with common style Chee Yang Lee (1): wic: add support for kernel with initramfs bundled Chen Qi (13): target-sdk-provides-dummy: add libperl.so.5 64bit devtool: warn user about multiple layer having the same base name image.bbclass: fix systemd_preset_all devtool.py: track to clean devtool.conf in test_create_workspace grub-efi.bbclass: take into consideration of multilib sysstat: use service file from source codes xmlcatalog: hold libxml2-native dependency oeqa/runtime/rpm: ensure no user process running before deleting user oeqa/runtime/rpm: Move test_rpm_query_nonroot test case to RpmBasicTest qemurunner.py: fix race condition at qemu startup msmtp: use alternatives to manage /usr/lib/sendmail runtime_test.py: use track_for_cleanup for temp dir devtool: remove temp dir in upgrade Fabio Berton (1): mesa: Update 19.1.0 -> 19.1.1 Haiqing Bai (1): sysstat: Use sysstat.service in source for cron with systemd He Zhe (1): ltp: file01: Fix in was not recognized Hongzhi.Song (3): ltp: fix shmctl01 failure when executed. ltp: diotest4: Let kernel pick an address when calling mmap ltp: getrlimit03: adjust-a-bit-of-code-to-compatiable-with mips32 Jason Wessel (5): glibc: Fix multilibs + usrmerge builds psmisc: Fix dependency for USE_NLS=no glibc-locale: Fix build error with PACKAGE_NO_GCONV = "1" glibc/glibc-locale: Fix do_stash_locale to work with usrmerge and multilibs glibc / glibc-locale: Fix stash_locale determinism problems Joe Slater (1): libtool: remove host information from libtool Jon Mason (1): oe_syslog.py: Handle syslogd/klogd restart race Joshua Watt (5): python3: Fix .pyc file reproduciblility oeqa: Test bitbake --skip-setsecene bitbake: bitbake: Add --skip-setscene option classes/icecc: Disable remote pre-processing by default scripts/buildstats-diff: Add option to filter tasks Joël Esponde (1): package.bbclass: fix directories setuid and setgid bits Jun Nie (1): kernel-fitimage: uboot-sign: fix missing signature Kai Kang (4): rng-tools: fix rngd blocks system shutdown openssl: fix multilib files conflict webkitgtk: set incomptible with tune mips defaultsetup.conf: enable select init manager Khem Raj (10): efibootmgr: Pass correct flags to compiler from pkg-config mpeg2dec: Fix PIE build and avoid relocation in text section on ARM Revert "unzip: fix CVE-2019-13232" musl: Upgrade to 1.1.23+ mdadm: Include sys/sysmacros.h for major/minor definitions sysvinit: Include sys/sysmacros.h for major/minor definitions on musl too pam_systemd: Include missing.h for secure_getenv musl-obstack: Add recipe elfutils: Fix eu-* utils builds for musl maintainers: Account for musl-obstack and libssp-nonshared Li Zhou (2): bc: dc: fix exit code of q command iptables: Security Advisory - iptables - CVE-2019-11360 Luca Boccassi (1): bitbake: tests/fetch.py: add missing skipIfNoNetwork tags to tests that try to git clone Matthias Schiffer (1): systemd: backport patch to fix sysctl warning on boot Mike Crowe (4): bitbake.conf: Stop exporting TARGET_ flags variables image.bbclass: Only append to IMAGE_LINK_NAME if it was already set rootfs-postcommands: Cope with empty IMAGE_LINK_NAME in write_image_manifest rootfs-postcommands: Cope with empty IMAGE_LINK_NAME in write_image_test_data Mikko Rapeli (3): busybox: enable unicode support cve-check.bbclass: initialize to_append freetype: add --tag CC to libtool arguments Mingli Yu (2): go.bbclass: separate the ptest logic to go-ptest class mdadm: fix ptest hang Oleksandr Kravchuk (34): mc: update to 4.8.23 encodings: update to 1.0.5 gawk: update to 5.0.1 libinput: update to 1.13.3 libxi: update to 1.7.10 libxt: update to 1.2.0 autoconf-archive: update to 2019.01.06 python3-mako: update to 1.0.12 python3-pbr: update to 5.3.1 python3-pygobject: update to 3.32.2 git: update to 2.22.0 eudev: update to 3.2.8 babeltrace: update to 1.5.7 dpkg: update to 1.19.7 apt: update to 1.2.31 libinput: update to 1.13.4 expat: update to 2.2.7 libsolf: update to 0.7.5 bison: update to 3.4.1 ruby: update to 2.5.5 quilt: update to 0.66 bzip2: update to 1.0.7 python3-mako: update to 1.0.13 ifupdown: update to 0.8.22 libdrm: update to 2.4.99 python3-pbr: update to 5.4.0 linux-firmware: bump to 20190618 iproute2: update to 5.2.0 udev-extraconf: do not mount swap partitions python3-pbr: update to 5.4.1 xinput: update to 1.6.3 python3-scons: update to 3.1.0 python3-docutils: update to 0.15 python3-mako: update to 1.0.14 Pascal Bach (1): cmake: 3.14.1 -> 3.14.5 Paul Eggleton (7): libcap-ng: do not use symlink to share files with libcap-ng-python scripts/contrib/ddimage: fix typo scripts/contrib/ddimage: replace blacklist with mount check scripts/contrib/ddimage: be explicit whether device doesn't exist or isn't writeable list-packageconfig-flags: print PN instead of P recipetool: ignore zero-length setup.py files devtool: upgrade: fix handling of errors parsing upgraded recipe Peter Kjellerstedt (4): glib-2.0: Update to 2.60.4 glibc-package.inc: Do not use bitbake variable syntax for shell variables meson.bbclass: Remove the MESON_*_ARGS variables nativesdk-meson: Remove some unused variables Pierre Le Magourou (10): cve-update-db: Use std library instead of urllib3 cve-update-db: Manage proxy if needed. cve-update-db: do_populate_cve_db depends on do_fetch cve-update-db: Catch request.urlopen errors. cve-check: Depends on cve-update-db-native cve-update-db: Use NVD CPE data to populate PRODUCTS table cve-check: Update unpatched CVE matching cve-update-db-native: Skip recipe when cve-check class is not loaded. cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELIST cve-update-db-native: Remove hash column from database. Ricardo Ribalda Delgado (4): nfs-mountd: Add missing dependency on systemd service systemd: Fix interface bring-up on kernels >= 5.2 wic: Fix (again) partition files UIDs on multi rootfs images systemd-bootconf: Mark as machine specific Ricardo Salveti (1): gcc-9.1: add back GLIBC_DYNAMIC_LINKER riscv changes Richard Purdie (58): multilib_global: Fix multilib rebuild issue multilib_global: Fix KERNEL_VERSION expansion problems sysklogd: Fix init script races busybox: Improve syslog restart handling oeqa/runtime/syslog: Improve test debug messages oeqa/runtime/oesyslog: systemd syslog restart doesn't change pid oeqa/runtime/syslog: Add delay to test to avoid failures busybox: Fix typo in syslog initscript pigz: Add debug for autobuilder errors staging: Code cleanup package: Build pkgdata specific to the current recipe Revert "pigz: Add debug for autobuilder errors" grub2: Drop unneeded code bitbake: event: Clear ui_queue after handling it bitbake: main: Ensure log messages are printed when no UI starts bitbake: main: Alter EOFError handling core-image-sato-sdk-ptest: Reduce image padding size due to bootimg 4GB limit oeqa/bbtests: Tweak test bitbake output pattern matching sstate: Add tweak to avoid multiple sstate stats messages bitbake: siggen: Fix default handler bitbake: siggen: Use unique hashes for tasks bitbake: runqueue: Tweak buildable variable handling in scheduler bitbake: runqueue: Drop unused BB_SETSCENE_VERIFY_FUNCTION2 bitbake: runqueue: Remove now uneeded code bitbake: runqueue: Move scenequeue data generation to a separate function bitbake: runqueue: Remove unused function parameter bitbake: runqueue: Factor out the process_setscene_whitelist checks bitbake: runqueue: Uniquely namespace the scenequeue functions bitbake: runqueue: Merge stats handling together for setscene/real tasks bitbake: runqueue: Merge scenequeue and real task queue code together bitbake: runqueue: Fix counter/task updating glitch bitbake: runqueue: Remove RunQueueExecuteScenequeue and RunQueueExecuteTasks bitbake: runqueue: Simplify _execute_runqueue logic bitbake: runqueue: Fold remains of the scenequeue setup into RunQueueExecute bitbake: event/runqueue: Drop StampUpdate event, its pointless/unused bitbake: runqueue: Add covered_tasks (or 'collated_deps') to scenequeue data bitbake: runqueue: Simplify scenequeue unskippable calculation bitbake: runqueue: Tweak comments and debug code bitbake: runqueue: Code simplification bitbake: runqueue: Remove pointless variable bitbake: runqueue: Further scheduler buildable tasks cleanup bitbake: runqueue: Clarify scenequeue_covered vs. tasks_covered bitbake: runqueue: Merge the queues and execute setscene and normal tasks in parallel bitbake: runqueue: Alter setscenewhitelist handling bitbake: runqueue: Complete the merge of scenequeue and normal task execution bitbake: tests: Add initial scenario based test for runqueue bitbake: uihelper: No longer listen to scenequeue task started bitbake: runqueue: Simplify some convoluted logic bitbake: runqueue: Whitespace fix bitbake: runqueue: Abstract hash verification function bitbake: runqueue: Optimise multiconfig with overlapping setscene bitbake: tests/runqueue: Allow common sstate tasks to become valid bitbake: runqueue: Fix non setscene tasks targets being lost staging: Drop clean_recipe_sysroot poky-lsb: Drop features already in poky poky-lsb: Drop libx11 PREFERRED_PROVIDER distro/include: Add poky-distro-alt-test-config.inc bitbake: siggen: Fix handling of tainted sig files Robert Yang (13): update-alternatives.bbclass: run update-alternatives firstly in postinst script busybox: make postinst run firstly before update-alternatives multilib.bbclass: Reduce ALTERNATIVE_PRIORITY for extended recipes bitbake: bitbake: lib: Cleanup /usr/bin/env python bitbake: bitbake: toaster:tests: python -> python3 ksum.py: python -> python3 wic: python2 -> python3 ext-sdk-prepare.py: python2 -> python3 oeqa: Cleanup /usr/bin/env python package_rpm.bbclass: python2 -> python3 bitbake: cache: Remove duplicated lines for provides and rprovides bitbake: cache: Set packages for skipped recipes bitbake: cache: Create a symlink for current cachefile Ross Burton (56): cve-check: be idiomatic gtk-icon-cache: rename intercept to update_gtk_icon_cache fortran-helloworld: add a very dumb Fortran Hello World for testing oeqa/buildoptions: check that Fortran code actually cross-compiles buildhistory: write the contents of the sysroot buildhistory: report sysroot changes perl: fix Upstream-Status tags efivar: ensure that target security flags are not used to build native code multilib_script: fix whitespace buildhistory_analysis: ignore ownership for sysroot diffs insane: use clean_path for the host contamination warnings libsndfile1: disable use of sqlite3 by default libsndfile1: remove redundant autoconf seeding buildhistory: don't output ownership for the sysroot buildhistory: filter out the unexpected prefix for native/cross sysroots alsa-utils: disable tools using GTK+2 packagegroup-core-lsb: remove GTK+ recipetool: add MD5 hash for the line-wrapped MPL-1.1 license oeqa/recipetool: change the CMake test to use taglib gtk+: remove GTK+ 2 gnome-themes-standard: remove Revert "sysstat: use service file from source codes" libpsl: update Upstream-Status grub: build with python 3 qemu: use Python 3 to build ninja: use Python 3 conf/poky: add debian-10 to the supported distribution list tiff: remove redundant patch tiff: fix CVE-2019-6128 tiff: fix CVE-2019-7663 cve-check: remove redundant readline CVE whitelisting cve-check-tool: remove glibc: exclude child recipes from CVE scanning libid3tag: CVE-2017-11551 is the same as CVE-2004-2779 libid3tag: handle unknown encodings (CVE-2017-11550) subversion: set CVE vendor to Apache boost: set CVE vendor to Boost git: set CVE vendor to git-scm ed: set CVE vendor to avoid false positives cve-check: allow comparison of Vendor as well as Product flex: set CVE_PRODUCT to include vendor cve-update-db-native: use SQL placeholders instead of format strings xkeyboard-config: remove redundant intltool dependency piglit: upgrade to latest revision pkgconf: upgrade 1.6.1 -> 1.6.3 conf/poky: add Fedora 30 and Opensuse Leap 15.1 to supported distributions cve-update-db-native: use os.path.join instead of + cve-update-db: actually inherit native cve-update-db-native: use executemany() to optimise CPE insertion cve-update-db-native: improve metadata parsing cve-update-db-native: clean up JSON fetching freetype: upgrade to 2.10.1 unfs3: set upstream tag regex to avoid false-positives meson.bbclass: export STRIP=${BUILD_STRIP} ffmpeg: don't use hardcoded lookup tables ffmpeg: upgrade to 4.1.4 Sai Hari Chandana Kalluri (3): devtool/standard.py: Update devtool modify to copy source from work-shared if its already downloaded devtool/standard.py: Create a copy of kernel source within work-shared if not present devtool: provide support for devtool menuconfig command Scott Rifenbark (5): overview-manual: Fixed manual history table sdk-manual: Updated devtool to talk about oe-local-files. dev-manual: Provided proper link title ref-manual: Fixed typo for BBMULTICONFIG variable. ref-manual: Removed "python2" mention in example. Stefan Agner (1): psplash: create psplash tmpfs mount directory in psplash-init Tim Orling (3): vulkan-headers: add recipe vulkan-loader: add recipe vulkan-tools: add recipe Ulrich Ölmann (1): squashfs-tools: upgrade to commit f95864afe883 William Bourque (2): wic/plugins: Source that support both EFI and BIOS meta/lib/oeqa: Test for bootimg-biosplusefi Source Yi Zhao (2): debianutils: upgrade 4.8.6.1 -> 4.8.6.3 ltp: upgrade 20190115 -> 20190517 Zang Ruochen (9): nss: upgrade 3.44 -> 3.44.1 util-linux:upgrade 2.33.2 -> 2.34 librepo:upgrade 1.10.3 -> 1.10.4 sqlite3: Upgrade 3.28.0 -> 3.29.0 nss: Upgrade 3.44.1 -> 3.45 xauth:upgrade 1.0.10 -> 1.1 libice:upgrade 1.0.9 -> 1.0.10 xwininfo:upgrade 1.1.4 -> 1.1.5 libpciaccess:upgrade 0.14 -> 0.16 meta-phosphor: fe8cee7488..601f253a66: Brad Bishop (1): meta-phosphor: systemd: remove upstreamed patches Change-Id: If591144821cd2e5b990a7aa49a1cf426f6a906de Signed-off-by: Brad Bishop --- .../rsync/files/CVE-2016-9840.patch | 75 +++++++ .../rsync/files/CVE-2016-9841.patch | 228 +++++++++++++++++++++ .../rsync/files/CVE-2016-9842.patch | 33 +++ .../rsync/files/CVE-2016-9843.patch | 53 +++++ 4 files changed, 389 insertions(+) create mode 100644 poky/meta/recipes-devtools/rsync/files/CVE-2016-9840.patch create mode 100644 poky/meta/recipes-devtools/rsync/files/CVE-2016-9841.patch create mode 100644 poky/meta/recipes-devtools/rsync/files/CVE-2016-9842.patch create mode 100644 poky/meta/recipes-devtools/rsync/files/CVE-2016-9843.patch (limited to 'poky/meta/recipes-devtools/rsync/files') diff --git a/poky/meta/recipes-devtools/rsync/files/CVE-2016-9840.patch b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9840.patch new file mode 100644 index 000000000..758188779 --- /dev/null +++ b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9840.patch @@ -0,0 +1,75 @@ +From 6a043145ca6e9c55184013841a67b2fef87e44c0 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Wed, 21 Sep 2016 23:35:50 -0700 +Subject: [PATCH] Remove offset pointer optimization in inftrees.c. + +inftrees.c was subtracting an offset from a pointer to an array, +in order to provide a pointer that allowed indexing starting at +the offset. This is not compliant with the C standard, for which +the behavior of a pointer decremented before its allocated memory +is undefined. Per the recommendation of a security audit of the +zlib code by Trail of Bits and TrustInSoft, in support of the +Mozilla Foundation, this tiny optimization was removed, in order +to avoid the possibility of undefined behavior. + +CVE: CVE-2016-9840 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal +--- + inftrees.c | 18 ++++++++---------- + 1 file changed, 8 insertions(+), 10 deletions(-) + +diff --git a/zlib/inftrees.c b/zlib/inftrees.c +index 22fcd666..0d2670d5 100644 +--- a/zlib/inftrees.c ++++ b/zlib/inftrees.c +@@ -54,7 +54,7 @@ unsigned short FAR *work; + code FAR *next; /* next available space in table */ + const unsigned short FAR *base; /* base value table to use */ + const unsigned short FAR *extra; /* extra bits table to use */ +- int end; /* use base and extra for symbol > end */ ++ unsigned match; /* use base and extra for symbol >= match */ + unsigned short count[MAXBITS+1]; /* number of codes of each length */ + unsigned short offs[MAXBITS+1]; /* offsets in table for each length */ + static const unsigned short lbase[31] = { /* Length codes 257..285 base */ +@@ -181,19 +181,17 @@ unsigned short FAR *work; + switch (type) { + case CODES: + base = extra = work; /* dummy value--not used */ +- end = 19; ++ match = 20; + break; + case LENS: + base = lbase; +- base -= 257; + extra = lext; +- extra -= 257; +- end = 256; ++ match = 257; + break; + default: /* DISTS */ + base = dbase; + extra = dext; +- end = -1; ++ match = 0; + } + + /* initialize state for loop */ +@@ -216,13 +214,13 @@ unsigned short FAR *work; + for (;;) { + /* create table entry */ + here.bits = (unsigned char)(len - drop); +- if ((int)(work[sym]) < end) { ++ if (work[sym] + 1 < match) { + here.op = (unsigned char)0; + here.val = work[sym]; + } +- else if ((int)(work[sym]) > end) { +- here.op = (unsigned char)(extra[work[sym]]); +- here.val = base[work[sym]]; ++ else if (work[sym] >= match) { ++ here.op = (unsigned char)(extra[work[sym] - match]); ++ here.val = base[work[sym] - match]; + } + else { + here.op = (unsigned char)(32 + 64); /* end of block */ diff --git a/poky/meta/recipes-devtools/rsync/files/CVE-2016-9841.patch b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9841.patch new file mode 100644 index 000000000..3942176de --- /dev/null +++ b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9841.patch @@ -0,0 +1,228 @@ +From 9aaec95e82117c1cb0f9624264c3618fc380cecb Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Wed, 21 Sep 2016 22:25:21 -0700 +Subject: [PATCH] Use post-increment only in inffast.c. + +An old inffast.c optimization turns out to not be optimal anymore +with modern compilers, and furthermore was not compliant with the +C standard, for which decrementing a pointer before its allocated +memory is undefined. Per the recommendation of a security audit of +the zlib code by Trail of Bits and TrustInSoft, in support of the +Mozilla Foundation, this "optimization" was removed, in order to +avoid the possibility of undefined behavior. + +CVE: CVE-2016-9841 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal +--- + zlib/inffast.c | 81 +++++++++++++++++++++---------------------------------- + 1 file changed, 31 insertions(+), 50 deletions(-) + +diff --git a/zlib/inffast.c b/zlib/inffast.c +index bda59ceb..f0d163db 100644 +--- a/zlib/inffast.c ++++ b/zlib/inffast.c +@@ -10,25 +10,6 @@ + + #ifndef ASMINF + +-/* Allow machine dependent optimization for post-increment or pre-increment. +- Based on testing to date, +- Pre-increment preferred for: +- - PowerPC G3 (Adler) +- - MIPS R5000 (Randers-Pehrson) +- Post-increment preferred for: +- - none +- No measurable difference: +- - Pentium III (Anderson) +- - M68060 (Nikl) +- */ +-#ifdef POSTINC +-# define OFF 0 +-# define PUP(a) *(a)++ +-#else +-# define OFF 1 +-# define PUP(a) *++(a) +-#endif +- + /* + Decode literal, length, and distance codes and write out the resulting + literal and match bytes until either not enough input or output is +@@ -96,9 +77,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + + /* copy state to local variables */ + state = (struct inflate_state FAR *)strm->state; +- in = strm->next_in - OFF; ++ in = strm->next_in; + last = in + (strm->avail_in - 5); +- out = strm->next_out - OFF; ++ out = strm->next_out; + beg = out - (start - strm->avail_out); + end = out + (strm->avail_out - 257); + #ifdef INFLATE_STRICT +@@ -119,9 +100,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + input data or output space */ + do { + if (bits < 15) { +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; + } + here = lcode[hold & lmask]; +@@ -134,14 +115,14 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? + "inflate: literal '%c'\n" : + "inflate: literal 0x%02x\n", here.val)); +- PUP(out) = (unsigned char)(here.val); ++ *out++ = (unsigned char)(here.val); + } + else if (op & 16) { /* length base */ + len = (unsigned)(here.val); + op &= 15; /* number of extra bits */ + if (op) { + if (bits < op) { +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; + } + len += (unsigned)hold & ((1U << op) - 1); +@@ -150,9 +131,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + } + Tracevv((stderr, "inflate: length %u\n", len)); + if (bits < 15) { +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; + } + here = dcode[hold & dmask]; +@@ -165,10 +146,10 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + dist = (unsigned)(here.val); + op &= 15; /* number of extra bits */ + if (bits < op) { +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; + if (bits < op) { +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; + } + } +@@ -196,30 +177,30 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + #ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR + if (len <= op - whave) { + do { +- PUP(out) = 0; ++ *out++ = 0; + } while (--len); + continue; + } + len -= op - whave; + do { +- PUP(out) = 0; ++ *out++ = 0; + } while (--op > whave); + if (op == 0) { + from = out - dist; + do { +- PUP(out) = PUP(from); ++ *out++ = *from++; + } while (--len); + continue; + } + #endif + } +- from = window - OFF; ++ from = window; + if (wnext == 0) { /* very common case */ + from += wsize - op; + if (op < len) { /* some from window */ + len -= op; + do { +- PUP(out) = PUP(from); ++ *out++ = *from++; + } while (--op); + from = out - dist; /* rest from output */ + } +@@ -230,14 +211,14 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + if (op < len) { /* some from end of window */ + len -= op; + do { +- PUP(out) = PUP(from); ++ *out++ = *from++; + } while (--op); +- from = window - OFF; ++ from = window; + if (wnext < len) { /* some from start of window */ + op = wnext; + len -= op; + do { +- PUP(out) = PUP(from); ++ *out++ = *from++; + } while (--op); + from = out - dist; /* rest from output */ + } +@@ -248,35 +229,35 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + if (op < len) { /* some from window */ + len -= op; + do { +- PUP(out) = PUP(from); ++ *out++ = *from++; + } while (--op); + from = out - dist; /* rest from output */ + } + } + while (len > 2) { +- PUP(out) = PUP(from); +- PUP(out) = PUP(from); +- PUP(out) = PUP(from); ++ *out++ = *from++; ++ *out++ = *from++; ++ *out++ = *from++; + len -= 3; + } + if (len) { +- PUP(out) = PUP(from); ++ *out++ = *from++; + if (len > 1) +- PUP(out) = PUP(from); ++ *out++ = *from++; + } + } + else { + from = out - dist; /* copy direct from output */ + do { /* minimum length is three */ +- PUP(out) = PUP(from); +- PUP(out) = PUP(from); +- PUP(out) = PUP(from); ++ *out++ = *from++; ++ *out++ = *from++; ++ *out++ = *from++; + len -= 3; + } while (len > 2); + if (len) { +- PUP(out) = PUP(from); ++ *out++ = *from++; + if (len > 1) +- PUP(out) = PUP(from); ++ *out++ = *from++; + } + } + } +@@ -313,8 +294,8 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + hold &= (1U << bits) - 1; + + /* update state and return */ +- strm->next_in = in + OFF; +- strm->next_out = out + OFF; ++ strm->next_in = in; ++ strm->next_out = out; + strm->avail_in = (unsigned)(in < last ? 5 + (last - in) : 5 - (in - last)); + strm->avail_out = (unsigned)(out < end ? + 257 + (end - out) : 257 - (out - end)); diff --git a/poky/meta/recipes-devtools/rsync/files/CVE-2016-9842.patch b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9842.patch new file mode 100644 index 000000000..810d8a3fd --- /dev/null +++ b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9842.patch @@ -0,0 +1,33 @@ +From e54e1299404101a5a9d0cf5e45512b543967f958 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sat, 5 Sep 2015 17:45:55 -0700 +Subject: [PATCH] Avoid shifts of negative values inflateMark(). + +The C standard says that bit shifts of negative integers is +undefined. This casts to unsigned values to assure a known +result. + +CVE: CVE-2016-9842 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal +--- + inflate.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/zlib/inflate.c b/zlib/inflate.c +index 2889e3a0..a7184167 100644 +--- a/zlib/inflate.c ++++ b/zlib/inflate.c +@@ -1506,9 +1506,10 @@ z_streamp strm; + { + struct inflate_state FAR *state; + +- if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16; ++ if (strm == Z_NULL || strm->state == Z_NULL) ++ return (long)(((unsigned long)0 - 1) << 16); + state = (struct inflate_state FAR *)strm->state; +- return ((long)(state->back) << 16) + ++ return (long)(((unsigned long)((long)state->back)) << 16) + + (state->mode == COPY ? state->length : + (state->mode == MATCH ? state->was - state->length : 0)); + } diff --git a/poky/meta/recipes-devtools/rsync/files/CVE-2016-9843.patch b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9843.patch new file mode 100644 index 000000000..ea2e42fe7 --- /dev/null +++ b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9843.patch @@ -0,0 +1,53 @@ +From d1d577490c15a0c6862473d7576352a9f18ef811 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Wed, 28 Sep 2016 20:20:25 -0700 +Subject: [PATCH] Avoid pre-decrement of pointer in big-endian CRC calculation. + +There was a small optimization for PowerPCs to pre-increment a +pointer when accessing a word, instead of post-incrementing. This +required prefacing the loop with a decrement of the pointer, +possibly pointing before the object passed. This is not compliant +with the C standard, for which decrementing a pointer before its +allocated memory is undefined. When tested on a modern PowerPC +with a modern compiler, the optimization no longer has any effect. +Due to all that, and per the recommendation of a security audit of +the zlib code by Trail of Bits and TrustInSoft, in support of the +Mozilla Foundation, this "optimization" was removed, in order to +avoid the possibility of undefined behavior. + +CVE: CVE-2016-9843 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal +--- + crc32.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/zlib/crc32.c b/zlib/crc32.c +index 979a7190..05733f4e 100644 +--- a/zlib/crc32.c ++++ b/zlib/crc32.c +@@ -278,7 +278,7 @@ local unsigned long crc32_little(crc, buf, len) + } + + /* ========================================================================= */ +-#define DOBIG4 c ^= *++buf4; \ ++#define DOBIG4 c ^= *buf4++; \ + c = crc_table[4][c & 0xff] ^ crc_table[5][(c >> 8) & 0xff] ^ \ + crc_table[6][(c >> 16) & 0xff] ^ crc_table[7][c >> 24] + #define DOBIG32 DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4 +@@ -300,7 +300,6 @@ local unsigned long crc32_big(crc, buf, len) + } + + buf4 = (const z_crc_t FAR *)(const void FAR *)buf; +- buf4--; + while (len >= 32) { + DOBIG32; + len -= 32; +@@ -309,7 +308,6 @@ local unsigned long crc32_big(crc, buf, len) + DOBIG4; + len -= 4; + } +- buf4++; + buf = (const unsigned char FAR *)buf4; + + if (len) do { -- cgit v1.2.3