From c4ea075d918124f556619e8e75b7ca38b3f2dac8 Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Thu, 15 Nov 2018 14:30:15 -0800 Subject: poky: sumo refresh eebbc00b25..64a257fa22 Update poky to sumo HEAD. Armin Kuster (1): dhcp: allow for excluding the external bind Awais Belal (1): bitbake: bitbake: toaster: allow OE_ROOT to be provided through environment Changqing Li (2): unzip: fix for CVE-2018-18384 curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842 Fabien Lahoudere (1): archiver: Drop unwanted directories Ioan-Adrian Ratiu (1): wic: isoimage-isohybrid: fix UEFI spec breakage Kosta Zertsekel (1): meta: Use double colon for chown OWNER:GROUP Matthias Schiffer (1): base.bbclass: avoid 'find -ignore_readdir_race -delete' Mohamad Noor Alim Hussin (1): oeqa/selftest/recipetool: Fix problems from changing upstream source Peter Kjellerstedt (4): common-licenses: Correct the FreeType license text apr: Trim license info extracted from apr_lib.h apr-util: Trim license info extracted from apu_version.h pixman: Trim license info extracted from pixman-matrix.c Richard Purdie (4): oeqa/selftest/wic: Use a subdir of builddir, not /var/ oeqa/selftest/wic: Ensure initramfs exists for test_iso_image selftest/wic: Improve error message for test_fixed_size crosssdk: Remove usage of host flags for cross-compilation Ross Burton (3): unzip: actually apply CVE-2018-18384 curl: actually apply latest CVE patches gnupg: patch gnupg-native to allow path relocation Scott Rifenbark (1): kernel-dev: Updated phrasing for what a "defconfig" file is. Change-Id: I08f7fbe91f3f7ed6f00b6ea691c33ee1e0d3205b Signed-off-by: Brad Bishop --- poky/bitbake/bin/toaster | 4 +- .../documentation/kernel-dev/kernel-dev-common.xml | 7 +- poky/meta/classes/archiver.bbclass | 10 ++- poky/meta/classes/base.bbclass | 4 +- poky/meta/classes/crosssdk.bbclass | 8 +-- poky/meta/files/common-licenses/FreeType | 4 +- poky/meta/lib/oeqa/selftest/cases/recipetool.py | 4 +- poky/meta/lib/oeqa/selftest/cases/wic.py | 6 +- poky/meta/recipes-connectivity/dhcp/dhcp.inc | 3 +- .../dhcp/0008-tweak-to-support-external-bind.patch | 69 +++++++++--------- .../dhcp/dhcp/0010-build-shared-libs.patch | 83 +++++++++++----------- poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb | 17 ++++- .../images/build-appliance-image_15.0.0.bb | 6 +- .../initscripts-1.0/populate-volatile.sh | 4 +- .../meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb | 2 +- .../unzip/unzip/CVE-2018-18384.patch | 39 ++++++++++ poky/meta/recipes-extended/unzip/unzip_6.0.bb | 1 + .../recipes-graphics/xorg-lib/pixman_0.34.0.bb | 2 +- poky/meta/recipes-support/apr/apr-util_1.6.1.bb | 2 +- poky/meta/recipes-support/apr/apr_1.6.3.bb | 2 +- .../recipes-support/curl/curl/CVE-2018-16839.patch | 35 +++++++++ .../recipes-support/curl/curl/CVE-2018-16840.patch | 43 +++++++++++ .../recipes-support/curl/curl/CVE-2018-16842.patch | 35 +++++++++ poky/meta/recipes-support/curl/curl_7.61.0.bb | 3 + .../recipes-support/gnupg/gnupg/relocate.patch | 81 +++++++++++++++++++++ poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb | 7 +- .../lib/wic/plugins/source/isoimage-isohybrid.py | 10 +-- 27 files changed, 377 insertions(+), 114 deletions(-) create mode 100644 poky/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2018-16839.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2018-16840.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2018-16842.patch create mode 100644 poky/meta/recipes-support/gnupg/gnupg/relocate.patch (limited to 'poky') diff --git a/poky/bitbake/bin/toaster b/poky/bitbake/bin/toaster index 9fffbc6ae..ecf66fa51 100755 --- a/poky/bitbake/bin/toaster +++ b/poky/bitbake/bin/toaster @@ -161,7 +161,9 @@ fi export BBBASEDIR=`dirname $TOASTER`/.. MANAGE="python3 $BBBASEDIR/lib/toaster/manage.py" -OE_ROOT=`dirname $TOASTER`/../.. +if [ -z "$OE_ROOT" ]; then + OE_ROOT=`dirname $TOASTER`/../.. +fi # this is the configuraton file we are using for toaster # we are using the same logic that oe-setup-builddir uses diff --git a/poky/documentation/kernel-dev/kernel-dev-common.xml b/poky/documentation/kernel-dev/kernel-dev-common.xml index 299bac407..4c6fc35da 100644 --- a/poky/documentation/kernel-dev/kernel-dev-common.xml +++ b/poky/documentation/kernel-dev/kernel-dev-common.xml @@ -1603,8 +1603,11 @@ Creating a  <filename>defconfig</filename> File - A defconfig file is simply a - .config renamed to "defconfig". + A defconfig file in the context of + the Yocto Project is often a .config + file that is copied from a build or a + defconfig taken from the kernel tree + and moved into recipe space. You can use a defconfig file to retain a known set of kernel configurations from which the OpenEmbedded build system can draw to create the final diff --git a/poky/meta/classes/archiver.bbclass b/poky/meta/classes/archiver.bbclass index 31c9b7eb4..d68add9e5 100644 --- a/poky/meta/classes/archiver.bbclass +++ b/poky/meta/classes/archiver.bbclass @@ -267,6 +267,14 @@ python do_ar_configured() { create_tarball(d, srcdir, 'configured', ar_outdir) } +def exclude_useless_paths(tarinfo): + if tarinfo.isdir(): + if tarinfo.name.endswith('/temp') or tarinfo.name.endswith('/patches') or tarinfo.name.endswith('/.pc'): + return None + elif tarinfo.name == 'temp' or tarinfo.name == 'patches' or tarinfo.name == '.pc': + return None + return tarinfo + def create_tarball(d, srcdir, suffix, ar_outdir): """ create the tarball from srcdir @@ -291,7 +299,7 @@ def create_tarball(d, srcdir, suffix, ar_outdir): bb.note('Creating %s' % tarname) tar = tarfile.open(tarname, 'w:gz') - tar.add(srcdir, arcname=os.path.basename(srcdir)) + tar.add(srcdir, arcname=os.path.basename(srcdir), filter=exclude_useless_paths) tar.close() # creating .diff.gz between source.orig and source diff --git a/poky/meta/classes/base.bbclass b/poky/meta/classes/base.bbclass index abb4eadf5..2a6a6cb6d 100644 --- a/poky/meta/classes/base.bbclass +++ b/poky/meta/classes/base.bbclass @@ -303,7 +303,9 @@ base_do_configure() { if [ "${CLEANBROKEN}" != "1" -a \( -e Makefile -o -e makefile -o -e GNUmakefile \) ]; then oe_runmake clean fi - find ${B} -ignore_readdir_race -name \*.la -delete + # -ignore_readdir_race does not work correctly with -delete; + # use xargs to avoid spurious build failures + find ${B} -ignore_readdir_race -name \*.la -type f -print0 | xargs -0 rm -f fi fi if [ -n "${CONFIGURESTAMPFILE}" ]; then diff --git a/poky/meta/classes/crosssdk.bbclass b/poky/meta/classes/crosssdk.bbclass index ddb98d22b..03b0c602c 100644 --- a/poky/meta/classes/crosssdk.bbclass +++ b/poky/meta/classes/crosssdk.bbclass @@ -21,10 +21,10 @@ TARGET_PREFIX = "${SDK_PREFIX}" TARGET_CC_ARCH = "${SDK_CC_ARCH}" TARGET_LD_ARCH = "${SDK_LD_ARCH}" TARGET_AS_ARCH = "${SDK_AS_ARCH}" -TARGET_CPPFLAGS = "${BUILD_CPPFLAGS}" -TARGET_CFLAGS = "${BUILD_CFLAGS}" -TARGET_CXXFLAGS = "${BUILD_CXXFLAGS}" -TARGET_LDFLAGS = "${BUILD_LDFLAGS}" +TARGET_CPPFLAGS = "" +TARGET_CFLAGS = "" +TARGET_CXXFLAGS = "" +TARGET_LDFLAGS = "" TARGET_FPU = "" diff --git a/poky/meta/files/common-licenses/FreeType b/poky/meta/files/common-licenses/FreeType index b7d4d11c0..3666649f3 100644 --- a/poky/meta/files/common-licenses/FreeType +++ b/poky/meta/files/common-licenses/FreeType @@ -48,7 +48,7 @@ Introduction encourage you to use the following text: """ - Portions of this software are copyright � The FreeType + Portions of this software are copyright © The FreeType Project (www.freetype.org). All rights reserved. """ @@ -163,7 +163,7 @@ Legal Terms Our home page can be found at - http://www.freetype.org + https://www.freetype.org --- end of FTL.TXT --- diff --git a/poky/meta/lib/oeqa/selftest/cases/recipetool.py b/poky/meta/lib/oeqa/selftest/cases/recipetool.py index 754ea9498..437eb2a73 100644 --- a/poky/meta/lib/oeqa/selftest/cases/recipetool.py +++ b/poky/meta/lib/oeqa/selftest/cases/recipetool.py @@ -431,12 +431,12 @@ class RecipetoolTests(RecipetoolBase): temprecipe = os.path.join(self.tempdir, 'recipe') os.makedirs(temprecipe) recipefile = os.path.join(temprecipe, 'navit_0.5.0.bb') - srcuri = 'http://downloads.sourceforge.net/project/navit/v0.5.0/navit-0.5.0.tar.gz' + srcuri = 'http://downloads.yoctoproject.org/mirror/sources/navit-0.5.0.tar.gz' result = runCmd('recipetool create -o %s %s' % (temprecipe, srcuri)) self.assertTrue(os.path.isfile(recipefile)) checkvars = {} checkvars['LICENSE'] = set(['Unknown', 'GPLv2', 'LGPLv2']) - checkvars['SRC_URI'] = 'http://downloads.sourceforge.net/project/navit/v${PV}/navit-${PV}.tar.gz' + checkvars['SRC_URI'] = 'http://downloads.yoctoproject.org/mirror/sources/navit-${PV}.tar.gz' checkvars['SRC_URI[md5sum]'] = '242f398e979a6b8c0f3c802b63435b68' checkvars['SRC_URI[sha256sum]'] = '13353481d7fc01a4f64e385dda460b51496366bba0fd2cc85a89a0747910e94d' checkvars['DEPENDS'] = set(['freetype', 'zlib', 'openssl', 'glib-2.0', 'virtual/libgl', 'virtual/egl', 'gtk+', 'libpng', 'libsdl', 'freeglut', 'dbus-glib']) diff --git a/poky/meta/lib/oeqa/selftest/cases/wic.py b/poky/meta/lib/oeqa/selftest/cases/wic.py index b84466d9a..baf3af6eb 100644 --- a/poky/meta/lib/oeqa/selftest/cases/wic.py +++ b/poky/meta/lib/oeqa/selftest/cases/wic.py @@ -64,13 +64,13 @@ def only_for_arch(archs, image='core-image-minimal'): class Wic(OESelftestTestCase): """Wic test class.""" - resultdir = "/var/tmp/wic.oe-selftest/" image_is_ready = False native_sysroot = None wicenv_cache = {} def setUpLocal(self): """This code is executed before each test method.""" + self.resultdir = self.builddir + "/wic-tmp/" super(Wic, self).setUpLocal() if not self.native_sysroot: Wic.native_sysroot = get_bb_var('STAGING_DIR_NATIVE', 'wic-tools') @@ -191,7 +191,7 @@ class Wic(OESelftestTestCase): 'MACHINE_FEATURES_append = " efi"\n'\ 'DEPENDS_pn-core-image-minimal += "syslinux"\n' self.append_config(config) - bitbake('core-image-minimal') + bitbake('core-image-minimal core-image-minimal-initramfs') self.remove_config(config) cmd = "wic create mkhybridiso --image-name core-image-minimal -o %s" % self.resultdir self.assertEqual(0, runCmd(cmd).status) @@ -691,9 +691,7 @@ part /etc --source rootfs --ondisk mmcblk0 --fstype=ext4 --exclude-path bin/ --r # verify partition size with wic res = runCmd("parted -m %s unit mib p 2>/dev/null" % wicimg, - ignore_status=True, native_sysroot=self.native_sysroot) - self.assertEqual(0, res.status) # parse parted output which looks like this: # BYT;\n diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp.inc b/poky/meta/recipes-connectivity/dhcp/dhcp.inc index e94370786..44e946cb2 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp.inc +++ b/poky/meta/recipes-connectivity/dhcp/dhcp.inc @@ -10,7 +10,7 @@ HOMEPAGE = "http://www.isc.org/" LICENSE = "ISC" LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;md5=c5c64d696107f84b56fe337d14da1753" -DEPENDS = "openssl bind" +DEPENDS = "openssl" SRC_URI = "http://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \ file://init-relay file://default-relay \ @@ -48,7 +48,6 @@ EXTRA_OECONF = "--with-srv-lease-file=${localstatedir}/lib/dhcp/dhcpd.leases \ --with-srv6-lease-file=${localstatedir}/lib/dhcp/dhcpd6.leases \ --with-cli-lease-file=${localstatedir}/lib/dhcp/dhclient.leases \ --with-cli6-lease-file=${localstatedir}/lib/dhcp/dhclient6.leases \ - --with-libbind=${STAGING_LIBDIR}/ \ --enable-paranoia --disable-static \ --with-randomdev=/dev/random \ " diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch index 006d18ae7..a20b5f96f 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch +++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch @@ -20,10 +20,10 @@ Signed-off-by: Hongxu Jia server/tests/Makefile.am | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) -diff --git a/client/Makefile.am b/client/Makefile.am -index 4730bb3..84d8131 100644 ---- a/client/Makefile.am -+++ b/client/Makefile.am +Index: dhcp-4.3.6/client/Makefile.am +=================================================================== +--- dhcp-4.3.6.orig/client/Makefile.am ++++ dhcp-4.3.6/client/Makefile.am @@ -4,7 +4,7 @@ # production code. Sadly, we are not there yet. SUBDIRS = . tests @@ -33,10 +33,10 @@ index 4730bb3..84d8131 100644 AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \ -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes -diff --git a/client/tests/Makefile.am b/client/tests/Makefile.am -index 5031d0c..a8dfd26 100644 ---- a/client/tests/Makefile.am -+++ b/client/tests/Makefile.am +Index: dhcp-4.3.6/client/tests/Makefile.am +=================================================================== +--- dhcp-4.3.6.orig/client/tests/Makefile.am ++++ dhcp-4.3.6/client/tests/Makefile.am @@ -1,6 +1,6 @@ SUBDIRS = . @@ -45,10 +45,10 @@ index 5031d0c..a8dfd26 100644 AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir) -diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am -index f6a43e4..2f98d22 100644 ---- a/common/tests/Makefile.am -+++ b/common/tests/Makefile.am +Index: dhcp-4.3.6/common/tests/Makefile.am +=================================================================== +--- dhcp-4.3.6.orig/common/tests/Makefile.am ++++ dhcp-4.3.6/common/tests/Makefile.am @@ -1,6 +1,6 @@ SUBDIRS = . @@ -57,40 +57,40 @@ index f6a43e4..2f98d22 100644 AM_CPPFLAGS = $(ATF_CFLAGS) -I$(top_srcdir)/includes -diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am -index ba8dd8b..9b2486e 100644 ---- a/dhcpctl/Makefile.am -+++ b/dhcpctl/Makefile.am +Index: dhcp-4.3.6/dhcpctl/Makefile.am +=================================================================== +--- dhcp-4.3.6.orig/dhcpctl/Makefile.am ++++ dhcp-4.3.6/dhcpctl/Makefile.am @@ -1,4 +1,4 @@ -BINDLIBDIR = @BINDDIR@/lib +BINDLIBDIR = @BINDDIR@ AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) -diff --git a/omapip/Makefile.am b/omapip/Makefile.am -index dd1afa0..e4a8599 100644 ---- a/omapip/Makefile.am -+++ b/omapip/Makefile.am +Index: dhcp-4.3.6/omapip/Makefile.am +=================================================================== +--- dhcp-4.3.6.orig/omapip/Makefile.am ++++ dhcp-4.3.6/omapip/Makefile.am @@ -1,4 +1,4 @@ -BINDLIBDIR = @BINDDIR@/lib +BINDLIBDIR = @BINDDIR@ AM_CPPFLAGS = -I$(top_srcdir)/includes - lib_LIBRARIES = libomapi.a -diff --git a/relay/Makefile.am b/relay/Makefile.am -index 6d652f6..b3bf578 100644 ---- a/relay/Makefile.am -+++ b/relay/Makefile.am + lib_LTLIBRARIES = libomapi.la +Index: dhcp-4.3.6/relay/Makefile.am +=================================================================== +--- dhcp-4.3.6.orig/relay/Makefile.am ++++ dhcp-4.3.6/relay/Makefile.am @@ -1,4 +1,4 @@ -BINDLIBDIR = @BINDDIR@/lib +BINDLIBDIR = @BINDDIR@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes -diff --git a/server/Makefile.am b/server/Makefile.am -index 3990b9c..b5d8c2d 100644 ---- a/server/Makefile.am -+++ b/server/Makefile.am +Index: dhcp-4.3.6/server/Makefile.am +=================================================================== +--- dhcp-4.3.6.orig/server/Makefile.am ++++ dhcp-4.3.6/server/Makefile.am @@ -4,7 +4,7 @@ # production code. Sadly, we are not there yet. SUBDIRS = . tests @@ -100,10 +100,10 @@ index 3990b9c..b5d8c2d 100644 AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes -diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am -index a87c5e7..9821081 100644 ---- a/server/tests/Makefile.am -+++ b/server/tests/Makefile.am +Index: dhcp-4.3.6/server/tests/Makefile.am +=================================================================== +--- dhcp-4.3.6.orig/server/tests/Makefile.am ++++ dhcp-4.3.6/server/tests/Makefile.am @@ -1,6 +1,6 @@ SUBDIRS = . @@ -112,6 +112,3 @@ index a87c5e7..9821081 100644 AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir) --- -1.8.3.1 - diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch index f128731c6..898b1fc7e 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch +++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch @@ -23,11 +23,11 @@ Signed-off-by: Hongxu Jia server/tests/Makefile.am | 7 +++---- 8 files changed, 26 insertions(+), 43 deletions(-) -diff --git a/client/Makefile.am b/client/Makefile.am -index 84d8131..e776bf0 100644 ---- a/client/Makefile.am -+++ b/client/Makefile.am -@@ -15,7 +15,7 @@ dhclient_SOURCES = $(srcdir)/clparse.c $(srcdir)/dhclient.c $(srcdir)/dhc6.c \ +Index: dhcp-4.3.6/client/Makefile.am +=================================================================== +--- dhcp-4.3.6.orig/client/Makefile.am ++++ dhcp-4.3.6/client/Makefile.am +@@ -15,7 +15,7 @@ dhclient_SOURCES = $(srcdir)/clparse.c $ scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ scripts/netbsd scripts/nextstep scripts/openbsd \ scripts/solaris scripts/openwrt @@ -37,11 +37,11 @@ index 84d8131..e776bf0 100644 + -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 EXTRA_DIST = $(man_MANS) -diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am -index 2f98d22..8745e88 100644 ---- a/common/tests/Makefile.am -+++ b/common/tests/Makefile.am -@@ -15,26 +15,23 @@ ATF_TESTS += alloc_unittest dns_unittest misc_unittest ns_name_unittest +Index: dhcp-4.3.6/common/tests/Makefile.am +=================================================================== +--- dhcp-4.3.6.orig/common/tests/Makefile.am ++++ dhcp-4.3.6/common/tests/Makefile.am +@@ -15,26 +15,23 @@ ATF_TESTS += alloc_unittest dns_unittest alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c alloc_unittest_LDADD = $(ATF_LDFLAGS) alloc_unittest_LDADD += ../libdhcp.a \ @@ -73,11 +73,11 @@ index 2f98d22..8745e88 100644 check: $(ATF_TESTS) @if test $(top_srcdir) != ${top_builddir}; then \ -diff --git a/configure.ac b/configure.ac -index 8e9f509..bfe988a 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -47,16 +47,8 @@ AM_CONDITIONAL(CROSS_COMPILING, test "$cross_compiling" = "yes") +Index: dhcp-4.3.6/configure.ac +=================================================================== +--- dhcp-4.3.6.orig/configure.ac ++++ dhcp-4.3.6/configure.ac +@@ -47,16 +47,8 @@ AM_CONDITIONAL(CROSS_COMPILING, test "$c # Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API. AC_USE_SYSTEM_EXTENSIONS @@ -96,11 +96,11 @@ index 8e9f509..bfe988a 100644 AC_CONFIG_HEADERS([includes/config.h]) -diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am -index 9b2486e..784cdf7 100644 ---- a/dhcpctl/Makefile.am -+++ b/dhcpctl/Makefile.am -@@ -3,19 +3,17 @@ BINDLIBDIR = @BINDDIR@ +Index: dhcp-4.3.6/dhcpctl/Makefile.am +=================================================================== +--- dhcp-4.3.6.orig/dhcpctl/Makefile.am ++++ dhcp-4.3.6/dhcpctl/Makefile.am +@@ -3,19 +3,17 @@ BINDLIBDIR = @BINDDIR@/lib AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) bin_PROGRAMS = omshell @@ -126,12 +126,12 @@ index 9b2486e..784cdf7 100644 - $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a +cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \ + -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc -diff --git a/omapip/Makefile.am b/omapip/Makefile.am -index e4a8599..c0c7a1e 100644 ---- a/omapip/Makefile.am -+++ b/omapip/Makefile.am +Index: dhcp-4.3.6/omapip/Makefile.am +=================================================================== +--- dhcp-4.3.6.orig/omapip/Makefile.am ++++ dhcp-4.3.6/omapip/Makefile.am @@ -1,10 +1,10 @@ - BINDLIBDIR = @BINDDIR@ + BINDLIBDIR = @BINDDIR@/lib AM_CPPFLAGS = -I$(top_srcdir)/includes -lib_LIBRARIES = libomapi.a @@ -151,11 +151,11 @@ index e4a8599..c0c7a1e 100644 - $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a +svtest_LDADD = libomapi.la -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc -diff --git a/relay/Makefile.am b/relay/Makefile.am -index b3bf578..f47009f 100644 ---- a/relay/Makefile.am -+++ b/relay/Makefile.am -@@ -4,9 +4,8 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes +Index: dhcp-4.3.6/relay/Makefile.am +=================================================================== +--- dhcp-4.3.6.orig/relay/Makefile.am ++++ dhcp-4.3.6/relay/Makefile.am +@@ -4,9 +4,8 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst sbin_PROGRAMS = dhcrelay dhcrelay_SOURCES = dhcrelay.c @@ -167,11 +167,11 @@ index b3bf578..f47009f 100644 man_MANS = dhcrelay.8 EXTRA_DIST = $(man_MANS) -diff --git a/server/Makefile.am b/server/Makefile.am -index b5d8c2d..d7f876d 100644 ---- a/server/Makefile.am -+++ b/server/Makefile.am -@@ -15,10 +15,9 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \ +Index: dhcp-4.3.6/server/Makefile.am +=================================================================== +--- dhcp-4.3.6.orig/server/Makefile.am ++++ dhcp-4.3.6/server/Makefile.am +@@ -15,10 +15,9 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c dhcpv6.c mdb6.c ldap.c ldap_casa.c leasechain.c ldap_krb_helper.c dhcpd_CFLAGS = $(LDAP_CFLAGS) @@ -185,11 +185,11 @@ index b5d8c2d..d7f876d 100644 man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 EXTRA_DIST = $(man_MANS) -diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am -index 9821081..de95872 100644 ---- a/server/tests/Makefile.am -+++ b/server/tests/Makefile.am -@@ -19,10 +19,9 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpars.c ../db.c ../class.c \ +Index: dhcp-4.3.6/server/tests/Makefile.am +=================================================================== +--- dhcp-4.3.6.orig/server/tests/Makefile.am ++++ dhcp-4.3.6/server/tests/Makefile.am +@@ -19,10 +19,9 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpa ../ddns.c ../dhcpleasequery.c ../dhcpv6.c ../mdb6.c \ ../ldap.c ../ldap_casa.c ../dhcpd.c ../leasechain.c @@ -203,6 +203,3 @@ index 9821081..de95872 100644 ATF_TESTS = if HAVE_ATF --- -1.8.3.1 - diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb b/poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb index cc135493e..8b30579e2 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb +++ b/poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb @@ -7,7 +7,6 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat file://0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch \ file://0006-site.h-enable-gentle-shutdown.patch \ file://0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch \ - file://0008-tweak-to-support-external-bind.patch \ file://0009-remove-dhclient-script-bash-dependency.patch \ file://0010-build-shared-libs.patch \ file://0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch \ @@ -15,8 +14,22 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat file://CVE-2017-3144.patch \ " +# use internal libisc libraries which are based on bind 9.9.11 - there +# is a bug in bind 9.10.x (normally supplied by OE) that prevents +# dhcpd/dhclient from shutting down cleanly on sigterm and from running +# in the background +# +# [https://bugzilla.yoctoproject.org/show_bug.cgi?id=12744] +# +# remove "ext-bind" and +# also set PARALLEL_MAKE = "" +# [ Yocto 12744 ] +# +SRC_URI += "${@bb.utils.contains('PACKAGECONFIG', 'ext-bind', 'file://0008-tweak-to-support-external-bind.patch', '', d)}" + SRC_URI[md5sum] = "afa6e9b3eb7539ea048421a82c668adc" SRC_URI[sha256sum] = "a41eaf6364f1377fe065d35671d9cf82bbbc8f21207819b2b9f33f652aec6f1b" -PACKAGECONFIG ?= "" +PACKAGECONFIG ?= "ext-bind" PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2" +PACKAGECONFIG[ext-bind] = "--with-libbind=${STAGING_LIBDIR}, --without-libbind, bind" diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb index 1e78f4f9c..6cb679a6e 100644 --- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -77,7 +77,7 @@ fakeroot do_populate_poky_src () { echo "# export ALL_PROXY=https://proxy.example.com:8080" >> ${IMAGE_ROOTFS}/home/builder/.bashrc echo "# export ALL_PROXY=socks://socks.example.com:1080" >> ${IMAGE_ROOTFS}/home/builder/.bashrc - chown -R builder.builder ${IMAGE_ROOTFS}/home/builder/poky + chown -R builder:builder ${IMAGE_ROOTFS}/home/builder/poky chmod -R ug+rw ${IMAGE_ROOTFS}/home/builder/poky # Assume we will need CDROM to install guest additions @@ -105,8 +105,8 @@ fakeroot do_populate_poky_src () { pip3_install_params="${pip3_install_params} --proxy ${http_proxy}" fi pip3 install ${pip3_install_params} - chown -R builder.builder ${IMAGE_ROOTFS}/home/builder/.local - chown -R builder.builder ${IMAGE_ROOTFS}/home/builder/.cache + chown -R builder:builder ${IMAGE_ROOTFS}/home/builder/.local + chown -R builder:builder ${IMAGE_ROOTFS}/home/builder/.cache } IMAGE_PREPROCESS_COMMAND += "do_populate_poky_src; " diff --git a/poky/meta/recipes-core/initscripts/initscripts-1.0/populate-volatile.sh b/poky/meta/recipes-core/initscripts/initscripts-1.0/populate-volatile.sh index 35316ec2b..3cf3243cf 100755 --- a/poky/meta/recipes-core/initscripts/initscripts-1.0/populate-volatile.sh +++ b/poky/meta/recipes-core/initscripts/initscripts-1.0/populate-volatile.sh @@ -37,7 +37,7 @@ create_file() { } EXEC=" ${EXEC} - chown ${TUSER}.${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1; + chown ${TUSER}:${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1; chmod ${TMODE} $1 || echo \"Failed to set mode -${TMODE}- for -$1-.\" >/dev/tty0 2>&1 " test "$VOLATILE_ENABLE_CACHE" = yes && echo "$EXEC" >> /etc/volatile.cache.build @@ -60,7 +60,7 @@ create_file() { mk_dir() { EXEC=" mkdir -p \"$1\"; - chown ${TUSER}.${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1; + chown ${TUSER}:${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1; chmod ${TMODE} $1 || echo \"Failed to set mode -${TMODE}- for -$1-.\" >/dev/tty0 2>&1 " test "$VOLATILE_ENABLE_CACHE" = yes && echo "$EXEC" >> /etc/volatile.cache.build diff --git a/poky/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb b/poky/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb index ad65819b2..89b1b69d3 100644 --- a/poky/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb +++ b/poky/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb @@ -104,6 +104,6 @@ do_install () { install -d ${D}${sysconfdir}/default/volatiles install -m 0644 ${WORKDIR}/01_bootlogd ${D}${sysconfdir}/default/volatiles - chown root.shutdown ${D}${base_sbindir}/halt ${D}${base_sbindir}/shutdown + chown root:shutdown ${D}${base_sbindir}/halt ${D}${base_sbindir}/shutdown chmod o-x,u+s ${D}${base_sbindir}/halt ${D}${base_sbindir}/shutdown } diff --git a/poky/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch b/poky/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch new file mode 100644 index 000000000..cc9e2c1ea --- /dev/null +++ b/poky/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch @@ -0,0 +1,39 @@ +Upstream-Status: Backport [https://sourceforge.net/p/infozip/bugs/53/] +CVE: CVE-2018-18384 +Signed-off-by: Changqing Li + +--- unzip60/list.c ++++ unzip60/list.c +@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type + { + int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; + #ifndef WINDLL +- char sgn, cfactorstr[10]; ++ char sgn, cfactorstr[1+10+1+1]; /* %NUL */ + int longhdr=(uO.vflag>1); + #endif + int date_format; +@@ -389,9 +389,9 @@ int list_files(__G) /* return PK-type + } + #else /* !WINDLL */ + if (cfactor == 100) +- sprintf(cfactorstr, LoadFarString(CompFactor100)); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); + else +- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); + if (longhdr) + Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats), + FmZofft(G.crec.ucsize, "8", "u"), methbuf, +@@ -471,9 +471,9 @@ int list_files(__G) /* return PK-type + + #else /* !WINDLL */ + if (cfactor == 100) +- sprintf(cfactorstr, LoadFarString(CompFactor100)); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); + else +- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); + if (longhdr) { + Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer), + FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"), diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb index a47491ea4..f6a4cb627 100644 --- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb @@ -21,6 +21,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/ file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \ file://symlink.patch \ file://0001-unzip-fix-CVE-2018-1000035.patch \ + file://CVE-2018-18384.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" diff --git a/poky/meta/recipes-graphics/xorg-lib/pixman_0.34.0.bb b/poky/meta/recipes-graphics/xorg-lib/pixman_0.34.0.bb index c4ca621a8..c290fa461 100644 --- a/poky/meta/recipes-graphics/xorg-lib/pixman_0.34.0.bb +++ b/poky/meta/recipes-graphics/xorg-lib/pixman_0.34.0.bb @@ -12,7 +12,7 @@ UPSTREAM_CHECK_REGEX = "pixman-(?P\d+\.(\d*[02468])+(\.\d+)+)" LICENSE = "MIT & MIT-style & PD" LIC_FILES_CHKSUM = "file://COPYING;md5=14096c769ae0cbb5fcb94ec468be11b3 \ - file://pixman/pixman-matrix.c;endline=25;md5=ba6e8769bfaaee2c41698755af04c4be \ + file://pixman/pixman-matrix.c;endline=21;md5=4a018dff3e4e25302724c88ff95c2456 \ file://pixman/pixman-arm-neon-asm.h;endline=24;md5=9a9cc1e51abbf1da58f4d9528ec9d49b \ " DEPENDS += "zlib libpng" diff --git a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb b/poky/meta/recipes-support/apr/apr-util_1.6.1.bb index 12d71cbb6..0c90f8d25 100644 --- a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb +++ b/poky/meta/recipes-support/apr/apr-util_1.6.1.bb @@ -7,7 +7,7 @@ BBCLASSEXTEND = "native nativesdk" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=158aa0b1efe0c12f23d4b007ddb9a5db \ - file://include/apu_version.h;endline=17;md5=806685a84e71f10c80144c48eb35df42" + file://include/apu_version.h;endline=15;md5=823b3d1a7225df8f7b68a69c3c2b4c71" SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.gz \ file://configfix.patch \ diff --git a/poky/meta/recipes-support/apr/apr_1.6.3.bb b/poky/meta/recipes-support/apr/apr_1.6.3.bb index 87b878723..7563a381d 100644 --- a/poky/meta/recipes-support/apr/apr_1.6.3.bb +++ b/poky/meta/recipes-support/apr/apr_1.6.3.bb @@ -5,7 +5,7 @@ DEPENDS = "util-linux" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=4dfd4cd216828c8cae5de5a12f3844c8 \ - file://include/apr_lib.h;endline=17;md5=ee42fa7575dc40580a9e01c1b75fae96" + file://include/apr_lib.h;endline=15;md5=823b3d1a7225df8f7b68a69c3c2b4c71" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/curl/curl/CVE-2018-16839.patch b/poky/meta/recipes-support/curl/curl/CVE-2018-16839.patch new file mode 100644 index 000000000..bf972d2ed --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2018-16839.patch @@ -0,0 +1,35 @@ +From 55b90532f9190dce40a325b3312d014c66dc3ae1 Mon Sep 17 00:00:00 2001 +From: Changqing Li +Date: Thu, 1 Nov 2018 15:27:35 +0800 +Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check + +CVE-2018-16839 +Reported-by: Harry Sintonen +Bug: https://curl.haxx.se/docs/CVE-2018-16839.html + +Upstream-Status: Backport [https://github.com/curl/curl/commit +/f3a24d7916b9173c69a3e0ee790102993833d6c5?diff=unified] + +CVE: CVE-2018-16839 + +Signed-off-by: Changqing Li +--- + lib/vauth/cleartext.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c +index 5d61ce6..1367143 100644 +--- a/lib/vauth/cleartext.c ++++ b/lib/vauth/cleartext.c +@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data, + plen = strlen(passwdp); + + /* Compute binary message length. Check for overflows. */ +- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2))) ++ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2))) + return CURLE_OUT_OF_MEMORY; + plainlen = 2 * ulen + plen + 2; + +-- +2.7.4 + diff --git a/poky/meta/recipes-support/curl/curl/CVE-2018-16840.patch b/poky/meta/recipes-support/curl/curl/CVE-2018-16840.patch new file mode 100644 index 000000000..3d086c4d9 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2018-16840.patch @@ -0,0 +1,43 @@ +From 3c2846bec008e03d456e181d9ab55686da83f140 Mon Sep 17 00:00:00 2001 +From: Changqing Li +Date: Thu, 1 Nov 2018 15:33:35 +0800 +Subject: [PATCH] Curl_close: clear data->multi_easy on free to avoid + use-after-free + +Regression from b46cfbc (7.59.0) +CVE-2018-16840 +Reported-by: Brian Carpenter (Geeknik Labs) + +Bug: https://curl.haxx.se/docs/CVE-2018-16840.html + +Upstream-Status: Backport [https://github.com/curl/curl/commit/ +81d135d67155c5295b1033679c606165d4e28f3f] + +CVE: CVE-2018-16840 + +Signed-off-by: Changqing Li +--- + lib/url.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/url.c b/lib/url.c +index 27b2c1e..7ef7c20 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -320,10 +320,12 @@ CURLcode Curl_close(struct Curl_easy *data) + and detach this handle from there. */ + curl_multi_remove_handle(data->multi, data); + +- if(data->multi_easy) ++ if(data->multi_easy) { + /* when curl_easy_perform() is used, it creates its own multi handle to + use and this is the one */ + curl_multi_cleanup(data->multi_easy); ++ data->multi_easy = NULL; ++ } + + /* Destroy the timeout list that is held in the easy handle. It is + /normally/ done by curl_multi_remove_handle() but this is "just in +-- +2.7.4 + diff --git a/poky/meta/recipes-support/curl/curl/CVE-2018-16842.patch b/poky/meta/recipes-support/curl/curl/CVE-2018-16842.patch new file mode 100644 index 000000000..82e755706 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2018-16842.patch @@ -0,0 +1,35 @@ +From 0e4a6058b130f07cfa52fde8a3cb6f2abfe4c700 Mon Sep 17 00:00:00 2001 +From: Changqing Li +Date: Thu, 1 Nov 2018 15:30:56 +0800 +Subject: [PATCH] voutf: fix bad arethmetic when outputting warnings to stderr + +CVE-2018-16842 +Reported-by: Brian Carpenter +Bug: https://curl.haxx.se/docs/CVE-2018-16842.html + +Upstream-Status: Backport [https://github.com/curl/curl/commit +/d530e92f59ae9bb2d47066c3c460b25d2ffeb211] + +CVE: CVE-2018-16842 + +Signed-off-by: Changqing Li +--- + src/tool_msgs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tool_msgs.c b/src/tool_msgs.c +index 9cce806..05bec39 100644 +--- a/src/tool_msgs.c ++++ b/src/tool_msgs.c +@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config, + (void)fwrite(ptr, cut + 1, 1, config->errors); + fputs("\n", config->errors); + ptr += cut + 1; /* skip the space too */ +- len -= cut; ++ len -= cut + 1; + } + else { + fputs(ptr, config->errors); +-- +2.7.4 + diff --git a/poky/meta/recipes-support/curl/curl_7.61.0.bb b/poky/meta/recipes-support/curl/curl_7.61.0.bb index 31d5d9bda..207837946 100644 --- a/poky/meta/recipes-support/curl/curl_7.61.0.bb +++ b/poky/meta/recipes-support/curl/curl_7.61.0.bb @@ -8,6 +8,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ef889a37a5a874490ac7ce116396f29a" SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ file://CVE-2018-14618.patch \ + file://CVE-2018-16839.patch \ + file://CVE-2018-16840.patch \ + file://CVE-2018-16842.patch \ " SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a" diff --git a/poky/meta/recipes-support/gnupg/gnupg/relocate.patch b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch new file mode 100644 index 000000000..87ec409ca --- /dev/null +++ b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch @@ -0,0 +1,81 @@ +Allow the environment to override where gnupg looks for its own files. Useful in native builds. + +Upstream-Status: Inappropriate [OE-specific] +Signed-off-by: Ross Burton + +diff --git a/common/homedir.c b/common/homedir.c +index e9e75d01e..19140aa0d 100644 +--- a/common/homedir.c ++++ b/common/homedir.c +@@ -760,7 +760,7 @@ gnupg_socketdir (void) + if (!name) + { + unsigned int dummy; +- name = _gnupg_socketdir_internal (0, &dummy); ++ name = getenv("GNUPG_SOCKETDIR") ?: _gnupg_socketdir_internal (0, &dummy); + } + + return name; +@@ -786,7 +786,7 @@ gnupg_sysconfdir (void) + } + return name; + #else /*!HAVE_W32_SYSTEM*/ +- return GNUPG_SYSCONFDIR; ++ return getenv("GNUPG_SYSCONFDIR") ?: GNUPG_SYSCONFDIR; + #endif /*!HAVE_W32_SYSTEM*/ + } + +@@ -815,7 +815,7 @@ gnupg_bindir (void) + else + return rdir; + #else /*!HAVE_W32_SYSTEM*/ +- return GNUPG_BINDIR; ++ return getenv("GNUPG_BINDIR") ?: GNUPG_BINDIR; + #endif /*!HAVE_W32_SYSTEM*/ + } + +@@ -828,7 +828,7 @@ gnupg_libexecdir (void) + #ifdef HAVE_W32_SYSTEM + return gnupg_bindir (); + #else /*!HAVE_W32_SYSTEM*/ +- return GNUPG_LIBEXECDIR; ++ return getenv("GNUPG_LIBEXECDIR") ?: GNUPG_LIBEXECDIR; + #endif /*!HAVE_W32_SYSTEM*/ + } + +@@ -842,7 +842,7 @@ gnupg_libdir (void) + name = xstrconcat (w32_rootdir (), DIRSEP_S "lib" DIRSEP_S "gnupg", NULL); + return name; + #else /*!HAVE_W32_SYSTEM*/ +- return GNUPG_LIBDIR; ++ return getenv("GNUPG_LIBDIR") ?: GNUPG_LIBDIR; + #endif /*!HAVE_W32_SYSTEM*/ + } + +@@ -856,7 +856,7 @@ gnupg_datadir (void) + name = xstrconcat (w32_rootdir (), DIRSEP_S "share" DIRSEP_S "gnupg", NULL); + return name; + #else /*!HAVE_W32_SYSTEM*/ +- return GNUPG_DATADIR; ++ return getenv("GNUPG_DATADIR") ?: GNUPG_DATADIR; + #endif /*!HAVE_W32_SYSTEM*/ + } + +@@ -872,7 +872,7 @@ gnupg_localedir (void) + NULL); + return name; + #else /*!HAVE_W32_SYSTEM*/ +- return LOCALEDIR; ++ return getenv("LOCALEDIR") ?: LOCALEDIR; + #endif /*!HAVE_W32_SYSTEM*/ + } + +@@ -940,7 +940,7 @@ gnupg_cachedir (void) + } + return dir; + #else /*!HAVE_W32_SYSTEM*/ +- return GNUPG_LOCALSTATEDIR "/cache/" PACKAGE_NAME; ++ return getenv("GNUPG_LOCALSTATEDIR") ?: GNUPG_LOCALSTATEDIR "/cache/" PACKAGE_NAME; + #endif /*!HAVE_W32_SYSTEM*/ + } + diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb b/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb index d777fcb12..5a3688acf 100644 --- a/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb +++ b/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb @@ -17,7 +17,8 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://CVE-2018-12020.patch \ file://CVE-2018-9234.patch \ " -SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch" +SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \ + file://relocate.patch" SRC_URI[md5sum] = "709e5af5bba84d251c520222e720972f" @@ -45,6 +46,10 @@ do_install_append() { ln -sf gpgv2 ${D}${bindir}/gpgv } +do_install_append_class-native() { + create_wrapper ${D}${bindir}/gpg2 GNUPG_BINDIR=${STAGING_BINDIR_NATIVE} +} + PACKAGECONFIG ??= "gnutls" PACKAGECONFIG[gnutls] = "--enable-gnutls, --disable-gnutls, gnutls" PACKAGECONFIG[sqlite3] = "--enable-sqlite, --disable-sqlite, sqlite3" diff --git a/poky/scripts/lib/wic/plugins/source/isoimage-isohybrid.py b/poky/scripts/lib/wic/plugins/source/isoimage-isohybrid.py index d6bd3bff7..b119c9c2f 100644 --- a/poky/scripts/lib/wic/plugins/source/isoimage-isohybrid.py +++ b/poky/scripts/lib/wic/plugins/source/isoimage-isohybrid.py @@ -328,16 +328,18 @@ class IsoImagePlugin(SourcePlugin): raise WicError("Coludn't find target architecture") if re.match("x86_64", target_arch): - grub_image = "grub-efi-bootx64.efi" + grub_src_image = "grub-efi-bootx64.efi" + grub_dest_image = "bootx64.efi" elif re.match('i.86', target_arch): - grub_image = "grub-efi-bootia32.efi" + grub_src_image = "grub-efi-bootia32.efi" + grub_dest_image = "bootia32.efi" else: raise WicError("grub-efi is incompatible with target %s" % target_arch) - grub_target = os.path.join(target_dir, grub_image) + grub_target = os.path.join(target_dir, grub_dest_image) if not os.path.isfile(grub_target): - grub_src = os.path.join(deploy_dir, grub_image) + grub_src = os.path.join(deploy_dir, grub_src_image) if not os.path.exists(grub_src): raise WicError("Grub loader %s is not found in %s. " "Please build grub-efi first" % (grub_image, deploy_dir)) -- cgit v1.2.3