diff options
Diffstat (limited to 'poky/meta/recipes-support')
6 files changed, 120 insertions, 0 deletions
diff --git a/poky/meta/recipes-support/attr/attr.inc b/poky/meta/recipes-support/attr/attr.inc index f13a83a7b4..0c3330a686 100644 --- a/poky/meta/recipes-support/attr/attr.inc +++ b/poky/meta/recipes-support/attr/attr.inc @@ -8,6 +8,7 @@ LICENSE = "LGPLv2.1+ & GPLv2+" LICENSE_${PN} = "GPLv2+" LICENSE_lib${BPN} = "LGPLv2.1+" LIC_FILES_CHKSUM = "file://doc/COPYING;md5=2d0aa14b3fce4694e4f615e30186335f \ + file://doc/COPYING.LGPL;md5=b8d31f339300bc239d73461d68e77b9c \ file://tools/attr.c;endline=17;md5=be0403261f0847e5f43ed5b08d19593c \ file://libattr/libattr.c;endline=17;md5=7970f77049f8fa1199fff62a7ab724fb" diff --git a/poky/meta/recipes-support/boost/boost-build-native_4.3.0.bb b/poky/meta/recipes-support/boost/boost-build-native_4.3.0.bb index d8096de5af..258f8c9cdf 100644 --- a/poky/meta/recipes-support/boost/boost-build-native_4.3.0.bb +++ b/poky/meta/recipes-support/boost/boost-build-native_4.3.0.bb @@ -7,6 +7,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c" SRC_URI = "git://github.com/boostorg/build;protocol=https" SRCREV = "632ea768f3eb225b4472c5ed6d20afee708724ad" +UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+){2,}))" + inherit native S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/boost/boost/0001-fiber-libs-Define-SYS_futex-if-it-does-not-exist.patch b/poky/meta/recipes-support/boost/boost/0001-fiber-libs-Define-SYS_futex-if-it-does-not-exist.patch new file mode 100644 index 0000000000..523568e9bc --- /dev/null +++ b/poky/meta/recipes-support/boost/boost/0001-fiber-libs-Define-SYS_futex-if-it-does-not-exist.patch @@ -0,0 +1,54 @@ +From d6f7b6064dc91d1d5fa18554b40b14822ab7a32b Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 16 Oct 2020 11:13:22 -0700 +Subject: [PATCH] fiber,libs: Define SYS_futex if it does not exist + +__NR_futex is not defines by newer architectures e.g. arc, riscv32 as +they only have 64bit variant of time_t. Glibc defines SYS_futex interface based on +__NR_futex, since this is used in applications, such applications start +to fail to build for these newer architectures. This patch defines a +fallback to alias __NR_futex to __NR_futex_tim64 so SYS_futex keeps +working + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + boost/fiber/detail/futex.hpp | 5 +++++ + libs/log/src/event.cpp | 4 ++++ + 2 files changed, 9 insertions(+) + +diff --git a/boost/fiber/detail/futex.hpp b/boost/fiber/detail/futex.hpp +index e64bd5990..16bee64f1 100644 +--- a/boost/fiber/detail/futex.hpp ++++ b/boost/fiber/detail/futex.hpp +@@ -17,6 +17,11 @@ extern "C" { + #include <linux/futex.h> + #include <sys/syscall.h> + } ++ ++#if !defined(SYS_futex) && defined(SYS_futex_time64) ++#define SYS_futex SYS_futex_time64 ++#endif ++ + #elif BOOST_OS_WINDOWS + #include <windows.h> + #endif +diff --git a/libs/log/src/event.cpp b/libs/log/src/event.cpp +index 5485154d7..2c7c0381f 100644 +--- a/libs/log/src/event.cpp ++++ b/libs/log/src/event.cpp +@@ -31,6 +31,10 @@ + #include <linux/futex.h> + #include <boost/memory_order.hpp> + ++#if !defined(SYS_futex) && defined(SYS_futex_time64) ++#define SYS_futex SYS_futex_time64 ++#endif ++ + // Some Android NDKs (Google NDK and older Crystax.NET NDK versions) don't define SYS_futex + #if defined(SYS_futex) + #define BOOST_LOG_SYS_FUTEX SYS_futex +-- +2.28.0 + diff --git a/poky/meta/recipes-support/boost/boost_1.74.0.bb b/poky/meta/recipes-support/boost/boost_1.74.0.bb index 5e9e0d87d7..b01b390a59 100644 --- a/poky/meta/recipes-support/boost/boost_1.74.0.bb +++ b/poky/meta/recipes-support/boost/boost_1.74.0.bb @@ -7,4 +7,5 @@ SRC_URI += "file://arm-intrinsics.patch \ file://0001-Apply-boost-1.62.0-no-forced-flags.patch.patch \ file://0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \ file://0001-dont-setup-compiler-flags-m32-m64.patch \ + file://0001-fiber-libs-Define-SYS_futex-if-it-does-not-exist.patch \ " diff --git a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch b/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch new file mode 100644 index 0000000000..3ef7f85451 --- /dev/null +++ b/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch @@ -0,0 +1,61 @@ +From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro <mcatanzaro@gnome.org> +Date: Wed, 9 Sep 2020 11:12:02 -0500 +Subject: [PATCH] Rewrite url::recvline to be nonrecursive + +This function processes network input. It's semi-trusted, because the +PAC ought to be trusted. But we still shouldn't allow it to control how +far we recurse. A malicious PAC can cause us to overflow the stack by +sending a sufficiently-long line without any '\n' character. + +Also, this function failed to properly handle EINTR, so let's fix that +too, for good measure. + +Fixes #134 + +Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/836c10b60c65e947ff1e10eb02fbcc676d909ffa] +CVE: CVE-2020-25219 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + libproxy/url.cpp | 28 ++++++++++++++++++---------- + 1 file changed, 18 insertions(+), 10 deletions(-) + +diff --git a/libproxy/url.cpp b/libproxy/url.cpp +index ee776b2..68d69cd 100644 +--- a/libproxy/url.cpp ++++ b/libproxy/url.cpp +@@ -388,16 +388,24 @@ string url::to_string() const { + return m_orig; + } + +-static inline string recvline(int fd) { +- // Read a character. +- // If we don't get a character, return empty string. +- // If we are at the end of the line, return empty string. +- char c = '\0'; +- +- if (recv(fd, &c, 1, 0) != 1 || c == '\n') +- return ""; +- +- return string(1, c) + recvline(fd); ++static string recvline(int fd) { ++ string line; ++ int ret; ++ ++ // Reserve arbitrary amount of space to avoid small memory reallocations. ++ line.reserve(128); ++ ++ do { ++ char c; ++ ret = recv(fd, &c, 1, 0); ++ if (ret == 1) { ++ if (c == '\n') ++ return line; ++ line += c; ++ } ++ } while (ret == 1 || (ret == -1 && errno == EINTR)); ++ ++ return line; + } + + char* url::get_pac() { diff --git a/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb b/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb index 19dddebd44..a14c358cc2 100644 --- a/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb +++ b/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb @@ -10,6 +10,7 @@ DEPENDS = "glib-2.0" SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz \ file://0001-get-pac-test-Fix-build-with-clang-libc.patch \ + file://CVE-2020-25219.patch \ " SRC_URI[md5sum] = "f6b1d2a1e17a99cd3debaae6d04ab152" SRC_URI[sha256sum] = "654db464120c9534654590b6683c7fa3887b3dad0ca1c4cd412af24fbfca6d4f" |