From c3d88e4d9fcc08e1aae7cc9d0337c0261e996c64 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Fri, 2 Oct 2020 09:45:00 -0500 Subject: poky: subtree update:c6bc20857c..b23aa6b753 Anatol Belski (1): bitbake: bitbake: hashserv: Fix localhost sometimes resolved to a wrong IP Andrew Geissler (1): systemd: Upgrade v246.2 -> v246.6 Anibal Limon (1): mesa: update 20.1.6 -> 20.1.8 Bruce Ashfield (2): linux-yocto/beaglebone: Switch to sdhci-omap driver kernel-yocto: add KBUILD_DEFCONFIG search location to failure message Changqing Li (1): sysklogd: fix parallel build issue Charlie Davies (2): bitbake: bitbake: fetch/git: add support for SRC_URI containing spaces in url bitbake: bitbake: tests/fetch: add unit tests for SRC_URI with spaces in url Chee Yang Lee (1): bash : include patch 17 & 18 Chen Qi (2): populate_sdk_ext.bbclass: add ESDK_MANIFEST_EXCLUDES testsdk.py: remove workspace/sources to avoid failure in case of multilib Chris Laplante (3): bitbake.conf: add name of multiconfig to BUILDCFG_HEADER when multiconfig is active cve-check: introduce CVE_CHECK_RECIPE_FILE variable to allow changing of per-recipe check file cve-check: add CVE_CHECK_REPORT_PATCHED variable to suppress reporting of patched CVEs Christian Eggers (1): packagegroup: rrecommend perf also for musl on ARM De Huo (1): bash: fix CVE-2019-18276 Jean-Francois Dagenais (2): bitbake: bitbake: tests/siggen: introduce clean_basepath testcases bitbake: bitbake: siggen: clean_basepath: improve perfo and readability Jens Rehsack (1): image-artifact-names: make variables overridable Jon Mason (1): Space-comma Cleanups Jonathan Richardson (1): cortex-m0.inc: Add tuning for cortex-m0 Kai Kang (2): systemd: disable xdg-autostart generator by default kea: fix conflict between multilibs Khairul Rohaizzat Jamaluddin (1): sphinx: ref-variables: Added entry for IMAGE_EFI_BOOT_FILES Khem Raj (6): ncurses: Create alternative symlinks for st and st-256color packagegroups: remove strace and lttng-tools for rv32/musl qemuboot: Add QB_RNG variable gettext: Fix ptest failure ptest-runner: Backport patch to fix inappropriate ioctl error systemd: Drop 0023-Fix-field-efi_loader_entry_one_shot_stat-has-incompl.patch Konrad Weihmann (1): testexport: rename create_tarball method Leif Middelschulte (2): bitbake: fetch2: fix handling of `\` in file:// SRC_URI bitbake: tests/fetch: backslash support in file:// URIs Mark Jonas (2): Add license text for PSF-2.0 Map license names PSF and PSFv2 to PSF-2.0 Mingli Yu (3): kea: create /var/lib/kea and /var/run/kea folder bind: remove -r option for rndc-confgen debianutils: update the debian snapshot version Nicolas Dechesne (3): sphinx: report errors when dependencies are not met README: include detailed information about sphinx sphinx: fix up some trademark and branding issues Norman Stetter (1): sstate.bbclass: Check file ownership before doing 'touch -a' Otavio Salvador (1): openssh: Allow enable/disable of rng-tools recommendation on sshd Peter A. Bigot (1): go-mod.bbclass: use append to add `modcacherw` Quentin Schulz (2): docs: static: theme_overrides.css: fix responsive design on <640px screens docs: fix broken links Randy MacLeod (1): curl: Change SRC_URI from http to https Rasmus Villemoes (1): kernel.bbclass: ensure symlink_kernsrc task gets run even with externalsrc Richard Purdie (15): scripts/oe-build-perf-report: Use python3 from the environment dropbear/openssh: Lower priority of key generation oeqa/qemurunner: Increase serial timeout python3-markupsafe: Import from meta-oe/meta-python python3-jinja2: Import from meta-oe/meta-python buildtools-tarball: Add python3-jinja2 buildtools-tarball: Fix conflicts with oe-selftest and other tooling oeqa/selftest/incompatible_lib: Fix append usage oeqa/selftest/containerimage: Update to match assumptions in configuration ssh-pregen-hostkeys: Add a recipe with pregenerated ssh host keys build-appliance-image: Update to master head revision bitbake: Revert "bitbake-layers: add signal hander to avoid exception" staging: Ensure cleaned dependencies are added oeqa/selftest/devtool: Add sync call to test teardown bitbake: cooker: Avoid tracebacks if data was never setup Ross Burton (11): gettext: no need to depend on bison-native meta: add/fix invalid Upstream-Status tags bitbake: taskexp: update for GTK API changes glibc: make nscd optional utils: respect scheduler affinity in cpu_count() rpm: disable libarchive use sstate: set mode explicitly when creating directories in sstate-cache rpm: add PACKAGECONFIG for the systemd inhibit plugin boost: move the build directory outside of S bitbake: utils: add umask changing context manager bitbake: siggen: use correct umask when writing siginfo Saul Wold (2): testimage: Add testimage_dump_target to kwargs target/ssh.py: Add dump_target support Teoh Jay Shen (1): oeqa/runtime : add test for RTC(Real Time Clock) Tim Orling (1): oeqa/selftest/cases/devtool.py: avoid .pyc race Usama Arif (1): ref-manual: document authentication key variables Wang Mingyu (1): maintainers.inc: Add Zang Ruochen and Wang Mingyu for several recipes Yi Zhao (4): dhcpcd: pass --dbdir to EXTRA_OECONF to set database directory dhcpcd: set --runstatedir to /run dhcpcd: add dhcpcd user to support priviledge separation dhcpcd: set service to conflict with connman akuster (1): libdrm: fix build failure zangrc (4): bind: upgrade 9.16.5 -> 9.16.7 stress-ng: upgrade 0.11.19 -> 0.11.21 pango: upgrade 1.46.1 -> 1.46.2 sudo: upgrade 1.9.2 -> 1.9.3 Signed-off-by: Andrew Geissler Change-Id: I2c19d3b3793ee5a6f42e04817147d75f315943a5 --- .../bash/bash/bash-CVE-2019-18276.patch | 386 +++++++++++++++++++++ poky/meta/recipes-extended/bash/bash_5.0.bb | 8 + .../ltp/0004-guard-mallocopt-with-__GLIBC__.patch | 2 +- .../stress-ng/stress-ng_0.11.19.bb | 27 -- .../stress-ng/stress-ng_0.11.21.bb | 27 ++ poky/meta/recipes-extended/sudo/sudo_1.9.2.bb | 47 --- poky/meta/recipes-extended/sudo/sudo_1.9.3.bb | 47 +++ .../files/0001-Makefile.am-fixup-issue-17.patch | 43 +++ poky/meta/recipes-extended/sysklogd/sysklogd.inc | 1 + 9 files changed, 513 insertions(+), 75 deletions(-) create mode 100644 poky/meta/recipes-extended/bash/bash/bash-CVE-2019-18276.patch delete mode 100644 poky/meta/recipes-extended/stress-ng/stress-ng_0.11.19.bb create mode 100644 poky/meta/recipes-extended/stress-ng/stress-ng_0.11.21.bb delete mode 100644 poky/meta/recipes-extended/sudo/sudo_1.9.2.bb create mode 100644 poky/meta/recipes-extended/sudo/sudo_1.9.3.bb create mode 100644 poky/meta/recipes-extended/sysklogd/files/0001-Makefile.am-fixup-issue-17.patch (limited to 'poky/meta/recipes-extended') diff --git a/poky/meta/recipes-extended/bash/bash/bash-CVE-2019-18276.patch b/poky/meta/recipes-extended/bash/bash/bash-CVE-2019-18276.patch new file mode 100644 index 000000000..7b2073201 --- /dev/null +++ b/poky/meta/recipes-extended/bash/bash/bash-CVE-2019-18276.patch @@ -0,0 +1,386 @@ +From 951bdaad7a18cc0dc1036bba86b18b90874d39ff Mon Sep 17 00:00:00 2001 +From: Chet Ramey +Date: Mon, 1 Jul 2019 09:03:53 -0400 +Subject: [PATCH] commit bash-20190628 snapshot + +An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. +By default, if Bash is run with its effective UID not equal to its real UID, +it will drop privileges by setting its effective UID to its real UID. +However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, +the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for +runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore +regains privileges. However, binaries running with an effective UID of 0 are unaffected. + +Get the patch from [1] to fix the issue. + +Upstream-Status: Inappropriate [the upstream thinks it doesn't increase the credibility of CVEs in general] +CVE: CVE-2019-18276 + +[1] https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=951bdaa + +Signed-off-by: De Huo +Signed-off-by: Kai Kang +Signed-off-by: Mingli Yu +--- + MANIFEST | 2 ++ + bashline.c | 50 +------------------------------------------------- + builtins/help.def | 2 +- + config.h.in | 10 +++++++++- + configure.ac | 1 + + doc/bash.1 | 3 ++- + doc/bashref.texi | 3 ++- + lib/glob/glob.c | 5 ++++- + pathexp.c | 16 ++++++++++++++-- + shell.c | 8 ++++++++ + tests/glob.tests | 2 ++ + tests/glob6.sub | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + tests/glob7.sub | 11 +++++++++++ + 14 files changed, 122 insertions(+), 56 deletions(-) + create mode 100644 tests/glob6.sub + create mode 100644 tests/glob7.sub + +diff --git a/MANIFEST b/MANIFEST +index 03de221..f9ccad7 100644 +--- a/MANIFEST ++++ b/MANIFEST +@@ -1037,6 +1037,8 @@ tests/extglob3.tests f + tests/extglob3.right f + tests/extglob4.sub f + tests/extglob5.sub f ++tests/glob6.sub f ++tests/glob7.sub f + tests/func.tests f + tests/func.right f + tests/func1.sub f +diff --git a/bashline.c b/bashline.c +index 824ea9d..d86b47d 100644 +--- a/bashline.c ++++ b/bashline.c +@@ -3718,55 +3718,7 @@ static int + completion_glob_pattern (string) + char *string; + { +- register int c; +- char *send; +- int open; +- +- DECLARE_MBSTATE; +- +- open = 0; +- send = string + strlen (string); +- +- while (c = *string++) +- { +- switch (c) +- { +- case '?': +- case '*': +- return (1); +- +- case '[': +- open++; +- continue; +- +- case ']': +- if (open) +- return (1); +- continue; +- +- case '+': +- case '@': +- case '!': +- if (*string == '(') /*)*/ +- return (1); +- continue; +- +- case '\\': +- if (*string++ == 0) +- return (0); +- } +- +- /* Advance one fewer byte than an entire multibyte character to +- account for the auto-increment in the loop above. */ +-#ifdef HANDLE_MULTIBYTE +- string--; +- ADVANCE_CHAR_P (string, send - string); +- string++; +-#else +- ADVANCE_CHAR_P (string, send - string); +-#endif +- } +- return (0); ++ return (glob_pattern_p (string) == 1); + } + + static char *globtext; +diff --git a/builtins/help.def b/builtins/help.def +index 006c4b5..92f9b38 100644 +--- a/builtins/help.def ++++ b/builtins/help.def +@@ -128,7 +128,7 @@ help_builtin (list) + + /* We should consider making `help bash' do something. */ + +- if (glob_pattern_p (list->word->word)) ++ if (glob_pattern_p (list->word->word) == 1) + { + printf ("%s", ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1))); + print_word_list (list, ", "); +diff --git a/config.h.in b/config.h.in +index 8554aec..ad4b1e8 100644 +--- a/config.h.in ++++ b/config.h.in +@@ -1,6 +1,6 @@ + /* config.h -- Configuration file for bash. */ + +-/* Copyright (C) 1987-2009,2011-2012 Free Software Foundation, Inc. ++/* Copyright (C) 1987-2009,2011-2012,2013-2019 Free Software Foundation, Inc. + + This file is part of GNU Bash, the Bourne Again SHell. + +@@ -807,6 +807,14 @@ + #undef HAVE_SETREGID + #undef HAVE_DECL_SETREGID + ++/* Define if you have the setregid function. */ ++#undef HAVE_SETRESGID ++#undef HAVE_DECL_SETRESGID ++ ++/* Define if you have the setresuid function. */ ++#undef HAVE_SETRESUID ++#undef HAVE_DECL_SETRESUID ++ + /* Define if you have the setvbuf function. */ + #undef HAVE_SETVBUF + +diff --git a/configure.ac b/configure.ac +index 52b4cdb..549adef 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -810,6 +810,7 @@ AC_CHECK_DECLS([confstr]) + AC_CHECK_DECLS([printf]) + AC_CHECK_DECLS([sbrk]) + AC_CHECK_DECLS([setregid]) ++AC_CHECK_DECLS[(setresuid, setresgid]) + AC_CHECK_DECLS([strcpy]) + AC_CHECK_DECLS([strsignal]) + +diff --git a/doc/bash.1 b/doc/bash.1 +index e6cd08d..9e58a0b 100644 +--- a/doc/bash.1 ++++ b/doc/bash.1 +@@ -4681,7 +4681,8 @@ above). + .PD + .SH "SIMPLE COMMAND EXPANSION" + When a simple command is executed, the shell performs the following +-expansions, assignments, and redirections, from left to right. ++expansions, assignments, and redirections, from left to right, in ++the following order. + .IP 1. + The words that the parser has marked as variable assignments (those + preceding the command name) and redirections are saved for later +diff --git a/doc/bashref.texi b/doc/bashref.texi +index d33cd57..3065126 100644 +--- a/doc/bashref.texi ++++ b/doc/bashref.texi +@@ -2964,7 +2964,8 @@ is not specified. If the file does not exist, it is created. + @cindex command expansion + + When a simple command is executed, the shell performs the following +-expansions, assignments, and redirections, from left to right. ++expansions, assignments, and redirections, from left to right, in ++the following order. + + @enumerate + @item +diff --git a/lib/glob/glob.c b/lib/glob/glob.c +index 398253b..2eaa33e 100644 +--- a/lib/glob/glob.c ++++ b/lib/glob/glob.c +@@ -607,6 +607,7 @@ glob_vector (pat, dir, flags) + register unsigned int i; + int mflags; /* Flags passed to strmatch (). */ + int pflags; /* flags passed to sh_makepath () */ ++ int hasglob; /* return value from glob_pattern_p */ + int nalloca; + struct globval *firstmalloc, *tmplink; + char *convfn; +@@ -648,10 +649,12 @@ glob_vector (pat, dir, flags) + patlen = (pat && *pat) ? strlen (pat) : 0; + + /* If the filename pattern (PAT) does not contain any globbing characters, ++ or contains a pattern with only backslash escapes (hasglob == 2), + we can dispense with reading the directory, and just see if there is + a filename `DIR/PAT'. If there is, and we can access it, just make the + vector to return and bail immediately. */ +- if (skip == 0 && glob_pattern_p (pat) == 0) ++ hasglob = 0; ++ if (skip == 0 && (hasglob = glob_pattern_p (pat)) == 0 || hasglob == 2) + { + int dirlen; + struct stat finfo; +diff --git a/pathexp.c b/pathexp.c +index c1bf2d8..e6c5392 100644 +--- a/pathexp.c ++++ b/pathexp.c +@@ -58,7 +58,10 @@ int extended_glob = EXTGLOB_DEFAULT; + /* Control enabling special handling of `**' */ + int glob_star = 0; + +-/* Return nonzero if STRING has any unquoted special globbing chars in it. */ ++/* Return nonzero if STRING has any unquoted special globbing chars in it. ++ This is supposed to be called when pathname expansion is performed, so ++ it implements the rules in Posix 2.13.3, specifically that an unquoted ++ slash cannot appear in a bracket expression. */ + int + unquoted_glob_pattern_p (string) + register char *string; +@@ -85,10 +88,14 @@ unquoted_glob_pattern_p (string) + continue; + + case ']': +- if (open) ++ if (open) /* XXX - if --open == 0? */ + return (1); + continue; + ++ case '/': ++ if (open) ++ open = 0; ++ + case '+': + case '@': + case '!': +@@ -106,6 +113,11 @@ unquoted_glob_pattern_p (string) + string++; + continue; + } ++ else if (open && *string == '/') ++ { ++ string++; /* quoted slashes in bracket expressions are ok */ ++ continue; ++ } + else if (*string == 0) + return (0); + +diff --git a/shell.c b/shell.c +index a2b2a55..6adabc8 100644 +--- a/shell.c ++++ b/shell.c +@@ -1293,7 +1293,11 @@ disable_priv_mode () + { + int e; + ++#if HAVE_DECL_SETRESUID ++ if (setresuid (current_user.uid, current_user.uid, current_user.uid) < 0) ++#else + if (setuid (current_user.uid) < 0) ++#endif + { + e = errno; + sys_error (_("cannot set uid to %d: effective uid %d"), current_user.uid, current_user.euid); +@@ -1302,7 +1306,11 @@ disable_priv_mode () + exit (e); + #endif + } ++#if HAVE_DECL_SETRESGID ++ if (setresgid (current_user.gid, current_user.gid, current_user.gid) < 0) ++#else + if (setgid (current_user.gid) < 0) ++#endif + sys_error (_("cannot set gid to %d: effective gid %d"), current_user.gid, current_user.egid); + + current_user.euid = current_user.uid; +diff --git a/tests/glob.tests b/tests/glob.tests +index 01913bb..fb012f7 100644 +--- a/tests/glob.tests ++++ b/tests/glob.tests +@@ -12,6 +12,8 @@ ${THIS_SH} ./glob1.sub + ${THIS_SH} ./glob2.sub + ${THIS_SH} ./glob3.sub + ${THIS_SH} ./glob4.sub ++${THIS_SH} ./glob6.sub ++${THIS_SH} ./glob7.sub + + MYDIR=$PWD # save where we are + +diff --git a/tests/glob6.sub b/tests/glob6.sub +new file mode 100644 +index 0000000..b099811 +--- /dev/null ++++ b/tests/glob6.sub +@@ -0,0 +1,54 @@ ++# tests of the backslash-in-glob-patterns discussion on the austin-group ML ++ ++: ${TMPDIR:=/var/tmp} ++ ++ORIG=$PWD ++GLOBDIR=$TMPDIR/bash-glob-$$ ++mkdir $GLOBDIR && cd $GLOBDIR ++ ++# does the pattern matcher allow backslashes as escape characters and remove ++# them as part of matching? ++touch abcdefg ++pat='ab\cd*' ++printf '<%s>\n' $pat ++pat='\.' ++printf '<%s>\n' $pat ++rm abcdefg ++ ++# how about when escaping pattern characters? ++touch '*abc.c' ++a='\**.c' ++printf '%s\n' $a ++rm -f '*abc.c' ++ ++# how about when making the distinction between readable and searchable path ++# components? ++mkdir -m a=x searchable ++mkdir -m a=r readable ++ ++p='searchable/\.' ++printf "%s\n" $p ++ ++p='searchable/\./.' ++printf "%s\n" $p ++ ++p='readable/\.' ++printf "%s\n" $p ++ ++p='readable/\./.' ++printf "%s\n" $p ++ ++printf "%s\n" 'searchable/\.' ++printf "%s\n" 'readable/\.' ++ ++echo */. ++ ++p='*/\.' ++echo $p ++ ++echo */'.' ++ ++rmdir searchable readable ++ ++cd $ORIG ++rmdir $GLOBDIR +diff --git a/tests/glob7.sub b/tests/glob7.sub +new file mode 100644 +index 0000000..0212b8e +--- /dev/null ++++ b/tests/glob7.sub +@@ -0,0 +1,11 @@ ++# according to Posix 2.13.3, a slash in a bracket expression renders that ++# bracket expression invalid ++shopt -s nullglob ++ ++echo 1: [qwe/qwe] ++echo 2: [qwe/ ++echo 3: [qwe/] ++ ++echo 4: [qwe\/qwe] ++echo 5: [qwe\/ ++echo 6: [qwe\/] +-- +1.9.1 + diff --git a/poky/meta/recipes-extended/bash/bash_5.0.bb b/poky/meta/recipes-extended/bash/bash_5.0.bb index 8ff9e6eda..257a03bd8 100644 --- a/poky/meta/recipes-extended/bash/bash_5.0.bb +++ b/poky/meta/recipes-extended/bash/bash_5.0.bb @@ -21,6 +21,8 @@ SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \ ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-014;apply=yes;striplevel=0;name=patch014 \ ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-015;apply=yes;striplevel=0;name=patch015 \ ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-016;apply=yes;striplevel=0;name=patch016 \ + ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-017;apply=yes;striplevel=0;name=patch017 \ + ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-018;apply=yes;striplevel=0;name=patch018 \ file://execute_cmd.patch \ file://mkbuiltins_have_stringize.patch \ file://build-tests.patch \ @@ -28,6 +30,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \ file://run-ptest \ file://run-bash-ptests \ file://fix-run-builtins.patch \ + file://bash-CVE-2019-18276.patch \ " SRC_URI[tarball.md5sum] = "2b44b47b905be16f45709648f671820b" @@ -65,6 +68,11 @@ SRC_URI[patch015.md5sum] = "c4c6ea23d09a74eaa9385438e48fdf02" SRC_URI[patch015.sha256sum] = "a517df2dda93b26d5cbf00effefea93e3a4ccd6652f152f4109170544ebfa05e" SRC_URI[patch016.md5sum] = "a682ed6fa2c2e7a7c3ba6bdeada07fb5" SRC_URI[patch016.sha256sum] = "ffd1d7a54a99fa7f5b1825e4f7e95d8c8876bc2ca151f150e751d429c650b06d" +SRC_URI[patch017.md5sum] = "d9dcaa1d8e7a24850449a1aac43a12a9" +SRC_URI[patch017.sha256sum] = "4cf3b9fafb8a66d411dd5fc9120032533a4012df1dc6ee024c7833373e2ddc31" +SRC_URI[patch018.md5sum] = "a64d950d5de72ae590455b13e6afefcb" +SRC_URI[patch018.sha256sum] = "7c314e375a105a6642e8ed44f3808b9def89d15f7492fe2029a21ba9c0de81d3" + DEBUG_OPTIMIZATION_append_armv4 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" DEBUG_OPTIMIZATION_append_armv5 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" diff --git a/poky/meta/recipes-extended/ltp/ltp/0004-guard-mallocopt-with-__GLIBC__.patch b/poky/meta/recipes-extended/ltp/ltp/0004-guard-mallocopt-with-__GLIBC__.patch index e93886c9c..a187f61f0 100644 --- a/poky/meta/recipes-extended/ltp/ltp/0004-guard-mallocopt-with-__GLIBC__.patch +++ b/poky/meta/recipes-extended/ltp/ltp/0004-guard-mallocopt-with-__GLIBC__.patch @@ -7,7 +7,7 @@ mallocopt is not available on non glibc implementations Signed-off-by: Khem Raj Reviewed-by: Petr Vorel -[ Upstream-Status: accepted in 967612c454aea66770b64f69287671037fe895b3 ] +Upstream-Status: Accepted [967612c454aea66770b64f69287671037fe895b3] --- utils/benchmark/ebizzy-0.3/ebizzy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng_0.11.19.bb b/poky/meta/recipes-extended/stress-ng/stress-ng_0.11.19.bb deleted file mode 100644 index f1af99e51..000000000 --- a/poky/meta/recipes-extended/stress-ng/stress-ng_0.11.19.bb +++ /dev/null @@ -1,27 +0,0 @@ -SUMMARY = "System load testing utility" -DESCRIPTION = "Deliberately simple workload generator for POSIX systems. It \ -imposes a configurable amount of CPU, memory, I/O, and disk stress on the system." -HOMEPAGE = "https://kernel.ubuntu.com/~cking/stress-ng/" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" - -SRC_URI = "https://kernel.ubuntu.com/~cking/tarballs/${BPN}/${BP}.tar.xz \ - file://0001-Do-not-preserve-ownership-when-installing-example-jo.patch \ - file://no_daddr_t.patch \ - " -SRC_URI[sha256sum] = "a50b753f00a9c880eda4f9d72bb82e37149ac24fab4265212e101926a1c20868" - -DEPENDS = "coreutils-native" - -PROVIDES = "stress" -RPROVIDES_${PN} = "stress" -RREPLACES_${PN} = "stress" -RCONFLICTS_${PN} = "stress" - -inherit bash-completion - -do_install() { - oe_runmake DESTDIR=${D} install - ln -s stress-ng ${D}${bindir}/stress -} - diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng_0.11.21.bb b/poky/meta/recipes-extended/stress-ng/stress-ng_0.11.21.bb new file mode 100644 index 000000000..71671dd04 --- /dev/null +++ b/poky/meta/recipes-extended/stress-ng/stress-ng_0.11.21.bb @@ -0,0 +1,27 @@ +SUMMARY = "System load testing utility" +DESCRIPTION = "Deliberately simple workload generator for POSIX systems. It \ +imposes a configurable amount of CPU, memory, I/O, and disk stress on the system." +HOMEPAGE = "https://kernel.ubuntu.com/~cking/stress-ng/" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +SRC_URI = "https://kernel.ubuntu.com/~cking/tarballs/${BPN}/${BP}.tar.xz \ + file://0001-Do-not-preserve-ownership-when-installing-example-jo.patch \ + file://no_daddr_t.patch \ + " +SRC_URI[sha256sum] = "ee44b71aba20e9c7d10ec4768efa2245d12579fa17e08b9314c17f06f785ae39" + +DEPENDS = "coreutils-native" + +PROVIDES = "stress" +RPROVIDES_${PN} = "stress" +RREPLACES_${PN} = "stress" +RCONFLICTS_${PN} = "stress" + +inherit bash-completion + +do_install() { + oe_runmake DESTDIR=${D} install + ln -s stress-ng ${D}${bindir}/stress +} + diff --git a/poky/meta/recipes-extended/sudo/sudo_1.9.2.bb b/poky/meta/recipes-extended/sudo/sudo_1.9.2.bb deleted file mode 100644 index 5756b2e14..000000000 --- a/poky/meta/recipes-extended/sudo/sudo_1.9.2.bb +++ /dev/null @@ -1,47 +0,0 @@ -require sudo.inc - -SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - " - -PAM_SRC_URI = "file://sudo.pam" - -SRC_URI[sha256sum] = "7c98d201f181c47152711b9f391e0f6b5545f3ef8926298a3e8bc6288e118314" - -DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" -RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" - -CACHED_CONFIGUREVARS = " \ - ac_cv_type_rsize_t=no \ - ac_cv_path_MVPROG=${base_bindir}/mv \ - ac_cv_path_BSHELLPROG=${base_bindir}/sh \ - ac_cv_path_SENDMAILPROG=${sbindir}/sendmail \ - ac_cv_path_VIPROG=${base_bindir}/vi \ - " - -EXTRA_OECONF += " \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${nonarch_libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \ - --with-rundir=/run/sudo \ - --with-vardir=/var/lib/sudo \ - " - -do_install_append () { - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then - install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo - if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then - echo 'auth required pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo - sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers - fi - fi - - chmod 4111 ${D}${bindir}/sudo - chmod 0440 ${D}${sysconfdir}/sudoers - - # Explicitly remove the /sudo directory to avoid QA error - rmdir -p --ignore-fail-on-non-empty ${D}/run/sudo -} - -FILES_${PN} += "${nonarch_libdir}/tmpfiles.d" -FILES_${PN}-dev += "${libexecdir}/${BPN}/lib*${SOLIBSDEV} ${libexecdir}/${BPN}/*.la \ - ${libexecdir}/lib*${SOLIBSDEV} ${libexecdir}/*.la" diff --git a/poky/meta/recipes-extended/sudo/sudo_1.9.3.bb b/poky/meta/recipes-extended/sudo/sudo_1.9.3.bb new file mode 100644 index 000000000..270625ebe --- /dev/null +++ b/poky/meta/recipes-extended/sudo/sudo_1.9.3.bb @@ -0,0 +1,47 @@ +require sudo.inc + +SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + " + +PAM_SRC_URI = "file://sudo.pam" + +SRC_URI[sha256sum] = "1d9889cc3b3b15ed8c2c7c3de3aa392a3a726838d020815067c080525c3f5837" + +DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" +RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" + +CACHED_CONFIGUREVARS = " \ + ac_cv_type_rsize_t=no \ + ac_cv_path_MVPROG=${base_bindir}/mv \ + ac_cv_path_BSHELLPROG=${base_bindir}/sh \ + ac_cv_path_SENDMAILPROG=${sbindir}/sendmail \ + ac_cv_path_VIPROG=${base_bindir}/vi \ + " + +EXTRA_OECONF += " \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${nonarch_libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \ + --with-rundir=/run/sudo \ + --with-vardir=/var/lib/sudo \ + " + +do_install_append () { + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then + install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo + if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then + echo 'auth required pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo + sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers + fi + fi + + chmod 4111 ${D}${bindir}/sudo + chmod 0440 ${D}${sysconfdir}/sudoers + + # Explicitly remove the /sudo directory to avoid QA error + rmdir -p --ignore-fail-on-non-empty ${D}/run/sudo +} + +FILES_${PN} += "${nonarch_libdir}/tmpfiles.d" +FILES_${PN}-dev += "${libexecdir}/${BPN}/lib*${SOLIBSDEV} ${libexecdir}/${BPN}/*.la \ + ${libexecdir}/lib*${SOLIBSDEV} ${libexecdir}/*.la" diff --git a/poky/meta/recipes-extended/sysklogd/files/0001-Makefile.am-fixup-issue-17.patch b/poky/meta/recipes-extended/sysklogd/files/0001-Makefile.am-fixup-issue-17.patch new file mode 100644 index 000000000..96365648d --- /dev/null +++ b/poky/meta/recipes-extended/sysklogd/files/0001-Makefile.am-fixup-issue-17.patch @@ -0,0 +1,43 @@ +From a4a472c19eaaf03cc0e70797b2d24b540d6424e1 Mon Sep 17 00:00:00 2001 +From: Changqing Li +Date: Wed, 3 Jun 2020 13:39:18 +0800 +Subject: [PATCH] Makefile.am: fixup issue #17 + +only make $(LIBOBJS) depend on $(LTLIBOBJS) still have race condition, +library like pidfile.o may be changed when compile or link for +libsyslog_la_LIBADD, which will cause problem like below: + +ERROR: dwarfsrcfiles failed with exit code 1 (cmd was ['dwarfsrcfiles', /tmp/work/ppc7400-oe-linux/sysklogd/2.1.2-r0/package/usr/lib/libsyslog.a']): +dwarfsrcfiles: tmp/work/ppc7400-oe-linux/sysklogd/2.1.2-r0/package/usr/lib/libsyslog.a: not a valid ELF file + +arm-oe-linux-gnueabi-libtool: link: arm-oe-linux-gnueabi-gcc -march=armv7ve -mthumb -mfpu=neon -mfloat-abi=hard --sysroot=TOPDIR/tmp-glibc/work/armv7vet2hf-neon-oe-linux-gnueabi/sysklogd/2.1.2-r0/recipe-sysroot -shared -fPIC -DPIC .libs/libsyslog_la-syslog.o ../lib/.libs/pidfile.o ../lib/.libs/strlcpy.o ../lib/.libs/strlcat.o -march=armv7ve -mthumb -mfpu=neon -mfloat-abi=hard --sysroot=TOPDIR/tmp-glibc/work/armv7vet2hf-neon-oe-linux-gnueabi/sysklogd/2.1.2-r0/recipe-sysroot -O2 -g -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,-soname -Wl,libsyslog.so.0 -o .libs/libsyslog.so.0.0.0 +arm-oe-linux-gnueabi-libtool: link: (cd ".libs" && rm -f "libsyslog.so.0" && ln -s "libsyslog.so.0.0.0" "libsyslog.so.0") +arm-oe-linux-gnueabi-libtool: link: (cd ".libs" && rm -f "libsyslog.so" && ln -s "libsyslog.so.0.0.0" "libsyslog.so") +arm-oe-linux-gnueabi-libtool: link: arm-oe-linux-gnueabi-gcc-ar cru .libs/libsyslog.a libsyslog_la-syslog.o ../lib/pidfile.o ../lib/strlcpy.o ../lib/strlcat.o +TOPDIR/tmp-glibc/work/armv7vet2hf-neon-oe-linux-gnueabi/sysklogd/2.1.2-r0/recipe-sysroot-native/usr/bin/arm-oe-linux-gnueabi/../../libexec/arm-oe-linux-gnueabi/gcc/arm-oe-linux-gnueabi/10.1.0/ar: `u' modifier ignored since `D' is the default (see `U') +TOPDIR/tmp-glibc/work/armv7vet2hf-neon-oe-linux-gnueabi/sysklogd/2.1.2-r0/recipe-sysroot-native/usr/bin/arm-oe-linux-gnueabi/../../libexec/arm-oe-linux-gnueabi/gcc/arm-oe-linux-gnueabi/10.1.0/ar: ../lib/strlcat.o: No such file or directory + +Upstream-Status: Submitted [https://github.com/troglobit/sysklogd/pull/23/commits/e684939559341cb1c6373dfc6469b59e580d80af] + +Signed-off-by: Changqing Li +--- + src/Makefile.am | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index f8a6820..f45c773 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -66,6 +66,7 @@ libsyslog_la_LIBADD = $(LTLIBOBJS) + # ld: syslogd-syslogd.o: in function `main': syslogd.c:417: undefined + # reference to `__pidfile' + # +-# Work around the problem by building one .o from lib at a time, this +-# can be achieved by making LIBOBJS depend on LTLIBOBJS. +-$(LIBOBJS): $(LTLIBOBJS) ++# Work around the problem by make LIBOBJS depend on libsyslog.la, ++# so that LIBOBJS/syslogd/logger will start compile after libsyslog.la ++# is completed ++$(LIBOBJS): $(lib_LTLIBRARIES) +-- +2.17.1 diff --git a/poky/meta/recipes-extended/sysklogd/sysklogd.inc b/poky/meta/recipes-extended/sysklogd/sysklogd.inc index 2e3d9831b..162260f00 100644 --- a/poky/meta/recipes-extended/sysklogd/sysklogd.inc +++ b/poky/meta/recipes-extended/sysklogd/sysklogd.inc @@ -12,6 +12,7 @@ inherit update-rc.d update-alternatives systemd autotools SRC_URI = "git://github.com/troglobit/sysklogd.git;nobranch=1 \ file://sysklogd \ + file://0001-Makefile.am-fixup-issue-17.patch \ " S = "${WORKDIR}/git" -- cgit v1.2.3