diff options
Diffstat (limited to 'poky/meta/recipes-support')
30 files changed, 215 insertions, 632 deletions
diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb b/poky/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb index ce3cb217a1..37ba51ce6a 100644 --- a/poky/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb +++ b/poky/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb @@ -5,7 +5,7 @@ This derived from Debian's CA Certificates." HOMEPAGE = "http://packages.debian.org/sid/ca-certificates" SECTION = "misc" LICENSE = "GPL-2.0+ & MPL-2.0" -LIC_FILES_CHKSUM = "file://debian/copyright;md5=aeb420429b1659507e0a5a1b123e8308" +LIC_FILES_CHKSUM = "file://debian/copyright;md5=ae5b36b514e3f12ce1aa8e2ee67f3d7e" # This is needed to ensure we can run the postinst at image creation time DEPENDS = "" @@ -14,7 +14,7 @@ DEPENDS_class-nativesdk = "openssl-native" # Need rehash from openssl and run-parts from debianutils PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" -SRCREV = "c28799b138b044c963d24c4a69659b6e5486e3be" +SRCREV = "b3a8980b781bc9a370e42714a605cd4191bb6c0b" SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \ file://0002-update-ca-certificates-use-SYSROOT.patch \ diff --git a/poky/meta/recipes-support/debianutils/debianutils_4.9.1.bb b/poky/meta/recipes-support/debianutils/debianutils_4.9.1.bb index 904c52780f..768f28906f 100644 --- a/poky/meta/recipes-support/debianutils/debianutils_4.9.1.bb +++ b/poky/meta/recipes-support/debianutils/debianutils_4.9.1.bb @@ -35,7 +35,7 @@ FILES_${PN}-run-parts = "${base_bindir}/run-parts.debianutils" RDEPENDS_${PN} += "${PN}-run-parts" RDEPENDS_${PN}_class-native = "" -ALTERNATIVE_PRIORITY="30" +ALTERNATIVE_PRIORITY = "30" ALTERNATIVE_${PN} = "add-shell installkernel remove-shell savelog tempfile which" ALTERNATIVE_PRIORITY_${PN}-run-parts = "60" @@ -44,12 +44,12 @@ ALTERNATIVE_${PN}-run-parts = "run-parts" ALTERNATIVE_${PN}-doc = "which.1" ALTERNATIVE_LINK_NAME[which.1] = "${mandir}/man1/which.1" -ALTERNATIVE_LINK_NAME[add-shell]="${sbindir}/add-shell" -ALTERNATIVE_LINK_NAME[installkernel]="${sbindir}/installkernel" -ALTERNATIVE_LINK_NAME[remove-shell]="${sbindir}/remove-shell" -ALTERNATIVE_LINK_NAME[run-parts]="${base_bindir}/run-parts" -ALTERNATIVE_LINK_NAME[savelog]="${bindir}/savelog" -ALTERNATIVE_LINK_NAME[tempfile]="${base_bindir}/tempfile" -ALTERNATIVE_LINK_NAME[which]="${bindir}/which" +ALTERNATIVE_LINK_NAME[add-shell] = "${sbindir}/add-shell" +ALTERNATIVE_LINK_NAME[installkernel] = "${sbindir}/installkernel" +ALTERNATIVE_LINK_NAME[remove-shell] = "${sbindir}/remove-shell" +ALTERNATIVE_LINK_NAME[run-parts] = "${base_bindir}/run-parts" +ALTERNATIVE_LINK_NAME[savelog] = "${bindir}/savelog" +ALTERNATIVE_LINK_NAME[tempfile] = "${base_bindir}/tempfile" +ALTERNATIVE_LINK_NAME[which] = "${bindir}/which" BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-support/diffoscope/diffoscope_144.bb b/poky/meta/recipes-support/diffoscope/diffoscope_146.bb index 3a877cae15..a3402d42d8 100644 --- a/poky/meta/recipes-support/diffoscope/diffoscope_144.bb +++ b/poky/meta/recipes-support/diffoscope/diffoscope_146.bb @@ -7,8 +7,7 @@ PYPI_PACKAGE = "diffoscope" inherit pypi setuptools3 -SRC_URI[md5sum] = "4ee9d1a36086caa31ccbc6300ad31652" -SRC_URI[sha256sum] = "9a45464b7b7184fa1ad2af9c52ebac8f00b3dd5dcf9e15dfc00c653c26fcc345" +SRC_URI[sha256sum] = "a031605c043577c908052763e49b0bd9c1d4d8a169eaf41364900ff1d9566ee2" RDEPENDS_${PN} += "binutils vim squashfs-tools python3-libarchive-c python3-magic" diff --git a/poky/meta/recipes-support/libcap/files/0004-psx.c-replace-pthread_yield-with-standard-sched_yiel.patch b/poky/meta/recipes-support/libcap/files/0004-psx.c-replace-pthread_yield-with-standard-sched_yiel.patch deleted file mode 100644 index 848ceb2c0c..0000000000 --- a/poky/meta/recipes-support/libcap/files/0004-psx.c-replace-pthread_yield-with-standard-sched_yiel.patch +++ /dev/null @@ -1,24 +0,0 @@ -From a2c4cdb05d0e382101b13944c09c4375e8d7de5f Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Tue, 31 Mar 2020 13:39:28 +0200 -Subject: [PATCH] psx.c: replace pthread_yield() with standard sched_yield() - -This was causing failures when building with musl C library in -particular. - -Upstream-Status: Pending -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- -diff --git a/libcap/psx.c b/libcap/psx.c -index 04d250f..7e4ac10 100644 ---- a/libcap/psx.c -+++ b/libcap/psx.c -@@ -533,7 +533,7 @@ long int __psx_syscall(long int syscall_nr, ...) { - if (!waiting) { - break; - } -- pthread_yield(); -+ sched_yield(); - } - - errno = restore_errno; diff --git a/poky/meta/recipes-support/libcap/libcap_2.33.bb b/poky/meta/recipes-support/libcap/libcap_2.34.bb index bec492ca5f..a3bd969d2b 100644 --- a/poky/meta/recipes-support/libcap/libcap_2.33.bb +++ b/poky/meta/recipes-support/libcap/libcap_2.34.bb @@ -11,10 +11,9 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${ file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \ file://0002-tests-do-not-run-target-executables.patch \ file://0001-tests-do-not-statically-link-a-test.patch \ - file://0004-psx.c-replace-pthread_yield-with-standard-sched_yiel.patch \ " -SRC_URI[md5sum] = "dcc6220b4a9bf260050b20c07edcddf4" -SRC_URI[sha256sum] = "08edeaba2757021aeec45c4eeec52566675e0e0f5d4f057284d729e04f2643d6" +SRC_URI[md5sum] = "66028a8080a0891c54b202bb5e749035" +SRC_URI[sha256sum] = "aecdd42015955068d3d94b7caa9590fcb2de5df53ce53c61a21b912bfc0b1611" UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/" @@ -26,7 +25,7 @@ do_configure() { # libcap uses := for compilers, fortunately, it gives us a hint # on what should be replaced with ?= sed -e 's,:=,?=,g' -i Make.Rules - sed -e 's,^BUILD_CFLAGS ?= $(.*CFLAGS),BUILD_CFLAGS := $(BUILD_CFLAGS),' -i Make.Rules + sed -e 's,^BUILD_CFLAGS ?= ,BUILD_CFLAGS := $(BUILD_CFLAGS) ,' -i Make.Rules } PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" diff --git a/poky/meta/recipes-support/libexif/libexif/CVE-2016-6328.patch b/poky/meta/recipes-support/libexif/libexif/CVE-2016-6328.patch deleted file mode 100644 index a6f307439b..0000000000 --- a/poky/meta/recipes-support/libexif/libexif/CVE-2016-6328.patch +++ /dev/null @@ -1,64 +0,0 @@ -CVE: CVE-2016-6328 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001 -From: Marcus Meissner <marcus@jet.franken.de> -Date: Tue, 25 Jul 2017 23:44:44 +0200 -Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax - makernote entries. - -This should fix: -https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 ---- - libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c -index d03d159..ea0429a 100644 ---- a/libexif/pentax/mnote-pentax-entry.c -+++ b/libexif/pentax/mnote-pentax-entry.c -@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, - case EXIF_FORMAT_SHORT: - { - const unsigned char *data = entry->data; -- size_t k, len = strlen(val); -+ size_t k, len = strlen(val), sizeleft; -+ -+ sizeleft = entry->size; - for(k=0; k<entry->components; k++) { -+ if (sizeleft < 2) -+ break; - vs = exif_get_short (data, entry->order); - snprintf (val+len, maxlen-len, "%i ", vs); - len = strlen(val); - data += 2; -+ sizeleft -= 2; - } - } - break; - case EXIF_FORMAT_LONG: - { - const unsigned char *data = entry->data; -- size_t k, len = strlen(val); -+ size_t k, len = strlen(val), sizeleft; -+ -+ sizeleft = entry->size; - for(k=0; k<entry->components; k++) { -+ if (sizeleft < 4) -+ break; - vl = exif_get_long (data, entry->order); - snprintf (val+len, maxlen-len, "%li", (long int) vl); - len = strlen(val); - data += 4; -+ sizeleft -= 4; - } - } - break; -@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, - break; - } - -- return (val); -+ return val; - } diff --git a/poky/meta/recipes-support/libexif/libexif/CVE-2017-7544.patch b/poky/meta/recipes-support/libexif/libexif/CVE-2017-7544.patch deleted file mode 100644 index e49481ff84..0000000000 --- a/poky/meta/recipes-support/libexif/libexif/CVE-2017-7544.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 8a92f964a66d476ca8907234359e92a70fc1325b Mon Sep 17 00:00:00 2001 -From: Changqing Li <changqing.li@windriver.com> -Date: Tue, 28 Aug 2018 15:12:10 +0800 -Subject: [PATCH] On saving makernotes, make sure the makernote container tags - has a type with 1 byte components. - -Fixes (at least): - https://sourceforge.net/p/libexif/bugs/130 - https://sourceforge.net/p/libexif/bugs/129 - -Upstream-Status: Backport[https://github.com/libexif/libexif/commit/ -c39acd1692023b26290778a02a9232c873f9d71a#diff-830e348923810f00726700b083ec00cd] - -CVE: CVE-2017-7544 - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - libexif/exif-data.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/libexif/exif-data.c b/libexif/exif-data.c -index 67df4db..6bf89eb 100644 ---- a/libexif/exif-data.c -+++ b/libexif/exif-data.c -@@ -255,6 +255,12 @@ exif_data_save_data_entry (ExifData *data, ExifEntry *e, - exif_mnote_data_set_offset (data->priv->md, *ds - 6); - exif_mnote_data_save (data->priv->md, &e->data, &e->size); - e->components = e->size; -+ if (exif_format_get_size (e->format) != 1) { -+ /* e->format is taken from input code, -+ * but we need to make sure it is a 1 byte -+ * entity due to the multiplication below. */ -+ e->format = EXIF_FORMAT_UNDEFINED; -+ } - } - } - --- -2.7.4 - diff --git a/poky/meta/recipes-support/libexif/libexif/CVE-2018-20030.patch b/poky/meta/recipes-support/libexif/libexif/CVE-2018-20030.patch deleted file mode 100644 index 76233e6dc9..0000000000 --- a/poky/meta/recipes-support/libexif/libexif/CVE-2018-20030.patch +++ /dev/null @@ -1,115 +0,0 @@ -CVE: CVE-2018-20030 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 6aa11df549114ebda520dde4cdaea2f9357b2c89 Mon Sep 17 00:00:00 2001 -From: Dan Fandrich <dan@coneharvesters.com> -Date: Fri, 12 Oct 2018 16:01:45 +0200 -Subject: [PATCH] Improve deep recursion detection in - exif_data_load_data_content. - -The existing detection was still vulnerable to pathological cases -causing DoS by wasting CPU. The new algorithm takes the number of tags -into account to make it harder to abuse by cases using shallow recursion -but with a very large number of tags. This improves on commit 5d28011c -which wasn't sufficient to counter this kind of case. - -The limitation in the previous fix was discovered by Laurent Delosieres, -Secunia Research at Flexera (Secunia Advisory SA84652) and is assigned -the identifier CVE-2018-20030. - -diff --git a/libexif/exif-data.c b/libexif/exif-data.c -index 67df4db..8d9897e 100644 ---- a/libexif/exif-data.c -+++ b/libexif/exif-data.c -@@ -35,6 +35,7 @@ - #include <libexif/olympus/exif-mnote-data-olympus.h> - #include <libexif/pentax/exif-mnote-data-pentax.h> - -+#include <math.h> - #include <stdlib.h> - #include <stdio.h> - #include <string.h> -@@ -344,6 +345,20 @@ if (data->ifd[(i)]->count) { \ - break; \ - } - -+/*! Calculate the recursion cost added by one level of IFD loading. -+ * -+ * The work performed is related to the cost in the exponential relation -+ * work=1.1**cost -+ */ -+static unsigned int -+level_cost(unsigned int n) -+{ -+ static const double log_1_1 = 0.09531017980432493; -+ -+ /* Adding 0.1 protects against the case where n==1 */ -+ return ceil(log(n + 0.1)/log_1_1); -+} -+ - /*! Load data for an IFD. - * - * \param[in,out] data #ExifData -@@ -351,13 +366,13 @@ if (data->ifd[(i)]->count) { \ - * \param[in] d pointer to buffer containing raw IFD data - * \param[in] ds size of raw data in buffer at \c d - * \param[in] offset offset into buffer at \c d at which IFD starts -- * \param[in] recursion_depth number of times this function has been -- * recursively called without returning -+ * \param[in] recursion_cost factor indicating how expensive this recursive -+ * call could be - */ - static void - exif_data_load_data_content (ExifData *data, ExifIfd ifd, - const unsigned char *d, -- unsigned int ds, unsigned int offset, unsigned int recursion_depth) -+ unsigned int ds, unsigned int offset, unsigned int recursion_cost) - { - ExifLong o, thumbnail_offset = 0, thumbnail_length = 0; - ExifShort n; -@@ -372,9 +387,20 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, - if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT)) - return; - -- if (recursion_depth > 30) { -+ if (recursion_cost > 170) { -+ /* -+ * recursion_cost is a logarithmic-scale indicator of how expensive this -+ * recursive call might end up being. It is an indicator of the depth of -+ * recursion as well as the potential for worst-case future recursive -+ * calls. Since it's difficult to tell ahead of time how often recursion -+ * will occur, this assumes the worst by assuming every tag could end up -+ * causing recursion. -+ * The value of 170 was chosen to limit typical EXIF structures to a -+ * recursive depth of about 6, but pathological ones (those with very -+ * many tags) to only 2. -+ */ - exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", -- "Deep recursion detected!"); -+ "Deep/expensive recursion detected!"); - return; - } - -@@ -416,15 +442,18 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, - switch (tag) { - case EXIF_TAG_EXIF_IFD_POINTER: - CHECK_REC (EXIF_IFD_EXIF); -- exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1); -+ exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, -+ recursion_cost + level_cost(n)); - break; - case EXIF_TAG_GPS_INFO_IFD_POINTER: - CHECK_REC (EXIF_IFD_GPS); -- exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1); -+ exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, -+ recursion_cost + level_cost(n)); - break; - case EXIF_TAG_INTEROPERABILITY_IFD_POINTER: - CHECK_REC (EXIF_IFD_INTEROPERABILITY); -- exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1); -+ exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, -+ recursion_cost + level_cost(n)); - break; - case EXIF_TAG_JPEG_INTERCHANGE_FORMAT: - thumbnail_offset = o; diff --git a/poky/meta/recipes-support/libexif/libexif_0.6.21.bb b/poky/meta/recipes-support/libexif/libexif_0.6.21.bb deleted file mode 100644 index d847beab18..0000000000 --- a/poky/meta/recipes-support/libexif/libexif_0.6.21.bb +++ /dev/null @@ -1,17 +0,0 @@ -SUMMARY = "Library for reading extended image information (EXIF) from JPEG files" -HOMEPAGE = "http://sourceforge.net/projects/libexif" -SECTION = "libs" -LICENSE = "LGPLv2.1" -LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad" - -SRC_URI = "${SOURCEFORGE_MIRROR}/libexif/libexif-${PV}.tar.bz2 \ - file://CVE-2017-7544.patch \ - file://CVE-2016-6328.patch \ - file://CVE-2018-20030.patch" - -SRC_URI[md5sum] = "27339b89850f28c8f1c237f233e05b27" -SRC_URI[sha256sum] = "16cdaeb62eb3e6dfab2435f7d7bccd2f37438d21c5218ec4e58efa9157d4d41a" - -inherit autotools gettext - -EXTRA_OECONF += "--disable-docs" diff --git a/poky/meta/recipes-support/libexif/libexif_0.6.22.bb b/poky/meta/recipes-support/libexif/libexif_0.6.22.bb new file mode 100644 index 0000000000..a520d5c9f9 --- /dev/null +++ b/poky/meta/recipes-support/libexif/libexif_0.6.22.bb @@ -0,0 +1,19 @@ +SUMMARY = "Library for reading extended image information (EXIF) from JPEG files" +HOMEPAGE = "https://libexif.github.io/" +SECTION = "libs" +LICENSE = "LGPLv2.1" +LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad" + +def version_underscore(v): + return "_".join(v.split(".")) + +SRC_URI = "https://github.com/libexif/libexif/releases/download/libexif-${@version_underscore("${PV}")}-release/libexif-${PV}.tar.xz \ + " + +SRC_URI[sha256sum] = "5048f1c8fc509cc636c2f97f4b40c293338b6041a5652082d5ee2cf54b530c56" + +UPSTREAM_CHECK_URI = "https://github.com/libexif/libexif/releases/" + +inherit autotools gettext + +EXTRA_OECONF += "--disable-docs" diff --git a/poky/meta/recipes-support/libical/libical_3.0.7.bb b/poky/meta/recipes-support/libical/libical_3.0.8.bb index a50473e9ec..efb9433412 100644 --- a/poky/meta/recipes-support/libical/libical_3.0.7.bb +++ b/poky/meta/recipes-support/libical/libical_3.0.8.bb @@ -12,8 +12,8 @@ SRC_URI = " \ https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \ file://0001-Use-our-hand-build-native-src-generator.patch \ " -SRC_URI[md5sum] = "8a5d07a7fba9e73a85e67f76258bf042" -SRC_URI[sha256sum] = "0abe66df1ea826e57db7f281c704ede834c84139012e6c686ea7adafd4e763fc" +SRC_URI[md5sum] = "41bd1f1fcdcb4779cea478bb55cf07bf" +SRC_URI[sha256sum] = "09fecacaf75ba5a242159e3a9758a5446b5ce4d0ab684f98a7040864e1d1286f" UPSTREAM_CHECK_URI = "https://github.com/libical/libical/releases" inherit cmake pkgconfig diff --git a/poky/meta/recipes-support/libpcre/libpcre2/pcre-cross.patch b/poky/meta/recipes-support/libpcre/libpcre2/pcre-cross.patch deleted file mode 100644 index 871cdfcb7d..0000000000 --- a/poky/meta/recipes-support/libpcre/libpcre2/pcre-cross.patch +++ /dev/null @@ -1,65 +0,0 @@ -Fix for cross compiling - -Fixed: -| ./dftables src/pcre2_chartables.c -| make: ./dftables: Command not found -| make: *** [src/pcre2_chartables.c] Error 127 - -Upstream-Status: Pending - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> - -Index: pcre2-10.30/Makefile.am -=================================================================== ---- pcre2-10.30.orig/Makefile.am -+++ pcre2-10.30/Makefile.am -@@ -325,9 +325,21 @@ bin_SCRIPTS = pcre2-config - ## to copy a distributed set of tables that are defined for ASCII code. In this - ## case, dftables is not needed. - -+CC_FOR_BUILD = @CC_FOR_BUILD@ -+CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@ -+CCLD_FOR_BUILD = @CCLD_FOR_BUILD@ -+LDFLAGS_FOR_BUILD = @LDFLAGS_FOR_BUILD@ -+ - if WITH_REBUILD_CHARTABLES - noinst_PROGRAMS += dftables - dftables_SOURCES = src/dftables.c -+ -+dftables_LINK = $(CCLD_FOR_BUILD) -o $@ -+dftables_LDFLAGS = $(LDFLAGS_FOR_BUILD) -+ -+src/dftables.o: $(srcdir)/src/dftables.c -+ $(CC_FOR_BUILD) -c $(CFLAGS_FOR_BUILD) -o $@ $(srcdir)/src/dftables.c -+ - src/pcre2_chartables.c: dftables$(EXEEXT) - rm -f $@ - ./dftables$(EXEEXT) $@ -Index: pcre2-10.30/configure.ac -=================================================================== ---- pcre2-10.30.orig/configure.ac -+++ pcre2-10.30/configure.ac -@@ -60,6 +60,23 @@ fi - # This is a new thing required to stop a warning from automake 1.12 - m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) - -+if test x"$cross_compiling" = xyes; then -+ CC_FOR_BUILD="${CC_FOR_BUILD-gcc}" -+ CCLD_FOR_BUILD="${CCLD_FOR_BUILD-gcc}" -+ CFLAGS_FOR_BUILD="${CFLAGS_FOR_BUILD}" -+ LDFLAGS_FOR_BUILD="${LDFLAGS_FOR_BUILD}" -+else -+ CC_FOR_BUILD="${CC_FOR_BUILD-\$(CC)}" -+ CCLD_FOR_BUILD="${CCLD_FOR_BUILD-\$(CCLD)}" -+ CFLAGS_FOR_BUILD="${CFLAGS_FOR_BUILD-\$(CFLAGS)}" -+ LDFLAGS_FOR_BUILD="${LDFLAGS_FOR_BUILD-\$(LDFLAGS)}" -+fi -+AC_ARG_VAR(CC_FOR_BUILD, [build system C compiler]) -+AC_ARG_VAR(CCLD_FOR_BUILD, [build system C linker frontend]) -+AC_ARG_VAR(CFLAGS_FOR_BUILD, [build system C compiler arguments]) -+AC_ARG_VAR(LDFLAGS_FOR_BUILD, [build system C linker frontend arguments]) -+ -+ - # Check for a 64-bit integer type - AC_TYPE_INT64_T - diff --git a/poky/meta/recipes-support/libpcre/libpcre2_10.34.bb b/poky/meta/recipes-support/libpcre/libpcre2_10.35.bb index fa8655e027..35c019c100 100644 --- a/poky/meta/recipes-support/libpcre/libpcre2_10.34.bb +++ b/poky/meta/recipes-support/libpcre/libpcre2_10.35.bb @@ -8,14 +8,11 @@ SUMMARY = "Perl Compatible Regular Expressions version 2" HOMEPAGE = "http://www.pcre.org" SECTION = "devel" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENCE;md5=b1588d3bb4cb0e1f5a597d908f8c5b37" +LIC_FILES_CHKSUM = "file://LICENCE;md5=a06590e9bd4c229532364727aaeaf084" -SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \ - file://pcre-cross.patch \ -" +SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2" -SRC_URI[md5sum] = "d280b62ded13f9ccf2fac16ee5286366" -SRC_URI[sha256sum] = "74c473ffaba9e13db6951fd146e0143fe9887852ce73406a03277af1d9b798ca" +SRC_URI[sha256sum] = "9ccba8e02b0ce78046cdfb52e5c177f0f445e421059e43becca4359c669d4613" CVE_PRODUCT = "pcre2" @@ -30,20 +27,14 @@ inherit autotools binconfig-disabled EXTRA_OECONF = "\ --enable-newline-is-lf \ - --enable-rebuild-chartables \ --with-link-size=2 \ --with-match-limit=10000000 \ --enable-pcre2-16 \ --enable-pcre2-32 \ " -# Set LINK_SIZE in BUILD_CFLAGS given that the autotools bbclass use it to -# set CFLAGS_FOR_BUILD, required for the libpcre build. -BUILD_CFLAGS =+ "-DLINK_SIZE=2 -I${B}/src" CFLAGS += "-D_REENTRANT" CXXFLAGS_append_powerpc = " -lstdc++" -export CCLD_FOR_BUILD ="${BUILD_CCLD}" - PACKAGES =+ "libpcre2-16 libpcre2-32 pcre2grep pcre2grep-doc pcre2test pcre2test-doc" SUMMARY_pcre2grep = "grep utility that uses perl 5 compatible regexes" diff --git a/poky/meta/recipes-support/libunwind/libunwind/musl-header-conflict.patch b/poky/meta/recipes-support/libunwind/libunwind/musl-header-conflict.patch index 79f63fd84e..63b78a8a30 100644 --- a/poky/meta/recipes-support/libunwind/libunwind/musl-header-conflict.patch +++ b/poky/meta/recipes-support/libunwind/libunwind/musl-header-conflict.patch @@ -1,4 +1,7 @@ -If you: +From 49b21f0fe5fb93b30b94cc449429fd33de0652a7 Mon Sep 17 00:00:00 2001 +From: Richard Purdie <richard.purdie@linuxfoundation.org> +Date: Thu, 18 Aug 2016 14:46:32 +0100 +Subject: [PATCH] If you: TCLIBC=musl bitbake unwind TCLIBC=musl bitbake gcc-runtime -c cleansstate @@ -6,12 +9,12 @@ TCLIBC=musl bitbake gcc-runtime you will see libstdc++ fail to build due to finding libunwind's header file. -Khem: "When we build any of gcc components they expect to use internal version -and that works with glibc based gcc since the search headers first look into gcc -headers, however with musl the gcc headers are searched after the standard +Khem: "When we build any of gcc components they expect to use internal version +and that works with glibc based gcc since the search headers first look into gcc +headers, however with musl the gcc headers are searched after the standard headers ( which is by design the right thing )." -This patch hacks around the issue by looking for a define used during gcc-runtime's +This patch hacks around the issue by looking for a define used during gcc-runtime's build and skipping to the internal header in that case. [YOCTO #10129] @@ -20,11 +23,15 @@ RP 2016/8/18 Upstream-Status: Inappropriate [really need to fix gcc] -Index: git/include/unwind.h -=================================================================== ---- git.orig/include/unwind.h -+++ git/include/unwind.h -@@ -23,6 +23,10 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER L +--- + include/unwind.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/include/unwind.h b/include/unwind.h +index 7cf128d..31c2871 100644 +--- a/include/unwind.h ++++ b/include/unwind.h +@@ -23,6 +23,10 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ diff --git a/poky/meta/recipes-support/libunwind/libunwind_1.3.1.bb b/poky/meta/recipes-support/libunwind/libunwind_1.4.0.bb index 037e04c3c0..f50205f1b9 100644 --- a/poky/meta/recipes-support/libunwind/libunwind_1.3.1.bb +++ b/poky/meta/recipes-support/libunwind/libunwind_1.4.0.bb @@ -10,8 +10,8 @@ SRC_URI = "http://download.savannah.nongnu.org/releases/libunwind/libunwind-${PV " SRC_URI_append_libc-musl = " file://musl-header-conflict.patch" -SRC_URI[md5sum] = "a04f69d66d8e16f8bf3ab72a69112cd6" -SRC_URI[sha256sum] = "43997a3939b6ccdf2f669b50fdb8a4d3205374728c2923ddc2354c65260214f8" +SRC_URI[md5sum] = "5114504c74ac3992ac06aa551cd55678" +SRC_URI[sha256sum] = "df59c931bd4d7ebfd83ee481c943edf015138089b8e50abed8d9c57ba9338435" EXTRA_OECONF_append_libc-musl = " --disable-documentation --disable-tests --enable-static" diff --git a/poky/meta/recipes-support/liburcu/liburcu_0.12.0.bb b/poky/meta/recipes-support/liburcu/liburcu_0.12.1.bb index 0c20abe6d5..3a5ecbcc2d 100644 --- a/poky/meta/recipes-support/liburcu/liburcu_0.12.0.bb +++ b/poky/meta/recipes-support/liburcu/liburcu_0.12.1.bb @@ -9,8 +9,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e548d28737289d75a8f1e01ba2fd7825 \ SRC_URI = "http://lttng.org/files/urcu/userspace-rcu-${PV}.tar.bz2" -SRC_URI[md5sum] = "d923a42ce38e33e883313003c8afd559" -SRC_URI[sha256sum] = "409b1be506989e1d26543194df1a79212be990fe5d4fd84f34f019efed989f97" +SRC_URI[md5sum] = "5e419d7b30d0d98bffe0014c704ae936" +SRC_URI[sha256sum] = "bbfaead0345642b97e0de90f889dfbab4b2643a6a5e5c6bb59cd0d26fc0bcd0e" S = "${WORKDIR}/userspace-rcu-${PV}" inherit autotools multilib_header diff --git a/poky/meta/recipes-support/libyaml/libyaml_0.2.2.bb b/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb index 5105ce69db..e39a7b9083 100644 --- a/poky/meta/recipes-support/libyaml/libyaml_0.2.2.bb +++ b/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb @@ -5,11 +5,11 @@ HOMEPAGE = "https://pyyaml.org/wiki/LibYAML" SECTION = "libs/devel" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=a76b4c69bfcf82313bbdc0393b04438a" +LIC_FILES_CHKSUM = "file://License;md5=7bbd28caa69f81f5cd5f48647236663d" SRC_URI = "https://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz" -SRC_URI[md5sum] = "54bf11ccb8bc488b5b3bec931f5b70dc" -SRC_URI[sha256sum] = "4a9100ab61047fd9bd395bcef3ce5403365cafd55c1e0d0299cde14958e47be9" +SRC_URI[md5sum] = "bb15429d8fb787e7d3f1c83ae129a999" +SRC_URI[sha256sum] = "c642ae9b75fee120b2d96c712538bd2cf283228d2337df2cf2988e3c02678ef4" S = "${WORKDIR}/yaml-${PV}" diff --git a/poky/meta/recipes-support/lz4/lz4_1.9.2.bb b/poky/meta/recipes-support/lz4/lz4_1.9.2.bb index ed4452c82e..6510156ed0 100644 --- a/poky/meta/recipes-support/lz4/lz4_1.9.2.bb +++ b/poky/meta/recipes-support/lz4/lz4_1.9.2.bb @@ -21,7 +21,7 @@ S = "${WORKDIR}/git" # Fixed in r118, which is larger than the current version. CVE_CHECK_WHITELIST += "CVE-2014-4715" -EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir}" +EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no" do_install() { oe_runmake install diff --git a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb index 09fabdeebc..0a3186dac4 100644 --- a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb +++ b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb @@ -12,6 +12,7 @@ PV = "2.4.0+git${SRCPV}" SRC_URI = "git://git.yoctoproject.org/ptest-runner2 \ " +UPSTREAM_VERSION_UNKNOWN = "1" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/re2c/re2c/CVE-2020-11958.patch b/poky/meta/recipes-support/re2c/re2c/CVE-2020-11958.patch new file mode 100644 index 0000000000..43462e642a --- /dev/null +++ b/poky/meta/recipes-support/re2c/re2c/CVE-2020-11958.patch @@ -0,0 +1,41 @@ +From c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a Mon Sep 17 00:00:00 2001 +From: Ulya Trofimovich <skvadrik@gmail.com> +Date: Fri, 17 Apr 2020 22:47:14 +0100 +Subject: [PATCH] Fix crash in lexer refill (reported by Agostino Sarubbo). + +The crash happened in a rare case of a very long lexeme that doen't fit +into the buffer, forcing buffer reallocation. + +The crash was caused by an incorrect calculation of the shift offset +(it was smaller than necessary). As a consequence, the data from buffer +start and up to the beginning of the current lexeme was not discarded +(as it should have been), resulting in less free space for new data than +expected. + +Upstream-Status: Backport [https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a] +CVE: CVE-2020-11958 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + src/parse/scanner.cc | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/parse/scanner.cc b/src/parse/scanner.cc +index 1d6e9efa..bd651314 100644 +--- a/src/parse/scanner.cc ++++ b/src/parse/scanner.cc +@@ -155,13 +155,14 @@ bool Scanner::fill(size_t need) + if (!buf) fatal("out of memory"); + + memmove(buf, tok, copy); +- shift_ptrs_and_fpos(buf - bot); ++ shift_ptrs_and_fpos(buf - tok); + delete [] bot; + bot = buf; + + free = BSIZE - copy; + } + ++ DASSERT(lim + free <= bot + BSIZE); + if (!read(free)) { + eof = lim; + memset(lim, 0, YYMAXFILL); diff --git a/poky/meta/recipes-support/re2c/re2c_1.3.bb b/poky/meta/recipes-support/re2c/re2c_1.3.bb index 0e1d938748..e9053acdf6 100644 --- a/poky/meta/recipes-support/re2c/re2c_1.3.bb +++ b/poky/meta/recipes-support/re2c/re2c_1.3.bb @@ -5,7 +5,9 @@ SECTION = "devel" LICENSE = "PD" LIC_FILES_CHKSUM = "file://LICENSE;md5=64eca4d8a3b67f9dc7656094731a2c8d" -SRC_URI = "https://github.com/skvadrik/re2c/releases/download/${PV}/${BPN}-${PV}.tar.xz" +SRC_URI = "https://github.com/skvadrik/re2c/releases/download/${PV}/${BPN}-${PV}.tar.xz \ + file://CVE-2020-11958.patch \ +" SRC_URI[sha256sum] = "f37f25ff760e90088e7d03d1232002c2c2672646d5844fdf8e0d51a5cd75a503" UPSTREAM_CHECK_URI = "https://github.com/skvadrik/re2c/releases" diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch b/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch new file mode 100644 index 0000000000..96301617b2 --- /dev/null +++ b/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch @@ -0,0 +1,42 @@ +From a4b6d9ce64f132e463b9091d0536913ddaf11516 Mon Sep 17 00:00:00 2001 +From: Neil Horman <nhorman@tuxdriver.com> +Date: Thu, 30 Apr 2020 16:57:35 -0400 +Subject: [PATCH] Remove name conflict with libc encrypt +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Forgot to fixup the funciton name conflict with libcs encrypt() function +on power systems + +Upstream-Status: Backport [https://github.com/nhorman/rng-tools/commit/a4b6d9ce64f132e463b9091d0536913ddaf11516] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +Signed-off-by: Neil Horman <nhorman@tuxdriver.com> +Reported-by: Natanael Copa <ncopa@alpinelinux.org> +Reported-by: "Milan P. Stanić" <mps@arvanta.net> +--- + rngd_darn.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/rngd_darn.c b/rngd_darn.c +index 35df7a1..9345895 100644 +--- a/rngd_darn.c ++++ b/rngd_darn.c +@@ -109,7 +109,7 @@ static int init_openssl(struct rng *ent_src) + return 0; + } + +-int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, ++static int osslencrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, + unsigned char *iv, unsigned char *ciphertext) + { + int len; +@@ -150,7 +150,7 @@ static inline int openssl_mangle(unsigned char *tmp, struct rng *ent_src) + unsigned char ciphertext[CHUNK_SIZE * RDRAND_ROUNDS]; + + /* Encrypt the plaintext */ +- ciphertext_len = encrypt (tmp, strlen(tmp), key, iv_buf, ++ ciphertext_len = osslencrypt (tmp, strlen(tmp), key, iv_buf, + ciphertext); + printf("Calling mangle with len %d\n", ciphertext_len); + if (!ciphertext_len) diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch b/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch new file mode 100644 index 0000000000..93103ef79f --- /dev/null +++ b/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch @@ -0,0 +1,51 @@ +From dab16a5fd4efde8ef569b358e19b1fcbc7d0d938 Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine <fontaine.fabrice@gmail.com> +Date: Mon, 30 Mar 2020 00:10:46 +0200 +Subject: [PATCH] rngd_jitter: disambiguate call to encrypt + +Commit 0f184ea7e792427fb20afe81d471b565aee96f0b disambiguate the call to +encrypt in rngd_rdrand.c but did not update rngd_jitter.c. + +This raise the following build failure: + +rngd_jitter.c:75:12: error: conflicting types for 'encrypt' + static int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, + ^~~~~~~ +In file included from rngd_jitter.c:27: +/home/dawncrow/buildroot-test/scripts/instance-0/output-1/host/powerpc-buildroot-linux-uclibc/sysroot/usr/include/unistd.h:1132:13: note: previous declaration of 'encrypt' was here + extern void encrypt (char *__block, int __edflag) __THROW __nonnull ((1)); + ^~~~~~~ +Makefile:770: recipe for target 'rngd-rngd_jitter.o' failed + +Fixes: + - http://autobuild.buildroot.org/results/0ca6bf16e3acbc94065b88c4442d6595424b77cb + +Upstream-Status: Backport [https://github.com/nhorman/rng-tools/commit/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> +--- + rngd_jitter.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/rngd_jitter.c b/rngd_jitter.c +index c1b1aca..49a3825 100644 +--- a/rngd_jitter.c ++++ b/rngd_jitter.c +@@ -72,7 +72,7 @@ unsigned char *aes_buf; + char key[AES_BLOCK]; + static unsigned char iv_buf[CHUNK_SIZE] __attribute__((aligned(128))); + +-static int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, ++static int osslencrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, + unsigned char *iv, unsigned char *ciphertext) + { + EVP_CIPHER_CTX *ctx; +@@ -122,7 +122,7 @@ static inline int openssl_mangle(unsigned char *tmp, struct rng *ent_src) + unsigned char ciphertext[CHUNK_SIZE * RDRAND_ROUNDS]; + + /* Encrypt the plaintext */ +- ciphertext_len = encrypt (tmp, strlen(tmp), key, iv_buf, ++ ciphertext_len = osslencrypt (tmp, strlen(tmp), key, iv_buf, + ciphertext); + if (!ciphertext_len) + return -1; diff --git a/poky/meta/recipes-support/rng-tools/rng-tools_6.9.bb b/poky/meta/recipes-support/rng-tools/rng-tools_6.10.bb index 8c98a9aa3a..3f9720e406 100644 --- a/poky/meta/recipes-support/rng-tools/rng-tools_6.9.bb +++ b/poky/meta/recipes-support/rng-tools/rng-tools_6.10.bb @@ -6,25 +6,28 @@ HOMEPAGE = "https://github.com/nhorman/rng-tools" BUGTRACKER = "https://github.com/nhorman/rng-tools/issues" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -DEPENDS = "sysfsutils" +DEPENDS = "sysfsutils openssl" SRC_URI = "\ git://github.com/nhorman/rng-tools.git \ + file://a4b6d9ce64f132e463b9091d0536913ddaf11516.patch \ + file://dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch \ file://init \ file://default \ file://rngd.service \ " -SRCREV = "4a865797a69dd38c64a86aa32884ecc9ba7b4d08" +SRCREV = "0be82200a66d9321451e0a0785bfae350b9cffdc" S = "${WORKDIR}/git" inherit autotools update-rc.d systemd pkgconfig -PACKAGECONFIG ??= "libgcrypt libjitterentropy" +EXTRA_OECONF = "--without-rtlsdr" + +PACKAGECONFIG ??= "libjitterentropy" PACKAGECONFIG_libc-musl = "libargp libjitterentropy" PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone," -PACKAGECONFIG[libgcrypt] = "--with-libgcrypt,--without-libgcrypt,libgcrypt," PACKAGECONFIG[libjitterentropy] = "--enable-jitterentropy,--disable-jitterentropy,libjitterentropy" PACKAGECONFIG[libp11] = "--with-pkcs11,--without-pkcs11,libp11 openssl" PACKAGECONFIG[nistbeacon] = "--with-nistbeacon,--without-nistbeacon,curl libxml2 openssl" diff --git a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb index 7a060b09ad..f0d5bc62e9 100644 --- a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb +++ b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb @@ -12,9 +12,6 @@ SRCREV = "829b26d85e7d89a0caee03046c3bce373f04c80a" PV = "1.15" S = "${WORKDIR}/git" -UPSTREAM_CHECK_GITTAGREGEX = "Release-(?P<pver>(\d+(\-\d+)+))" -UPSTREAM_VERSION_UNKNOWN = "1" - inherit autotools pkgconfig gettext python3native mime EXTRA_OECONF = "--disable-update-mimedb" diff --git a/poky/meta/recipes-support/sqlite/files/CVE-2020-11655.patch b/poky/meta/recipes-support/sqlite/files/CVE-2020-11655.patch deleted file mode 100644 index e30c482bbb..0000000000 --- a/poky/meta/recipes-support/sqlite/files/CVE-2020-11655.patch +++ /dev/null @@ -1,32 +0,0 @@ -From a4601326d61bf1a11151ac6b78b50804bfd03b4d Mon Sep 17 00:00:00 2001 -From: Sakib Sajal <sakib.sajal@windriver.com> -Date: Thu, 30 Apr 2020 10:46:16 -0700 -Subject: [PATCH 2/2] In the event of a semantic error in an aggregate query, - early-out the resetAccumulator() function to prevent problems due to - incomplete or incorrect initialization of the AggInfo object. Fix for ticket - [af4556bb5c285c08]. - -FossilOrigin-Name: 4a302b42c7bf5e11ddb5522ca999f74aba397d3a7eb91b1844bb02852f772441 -Upstream Status: Backport [c415d91007e1680e4eb17def583b202c3c83c718] - -CVE: CVE-2020-11655 -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - sqlite3.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/sqlite3.c b/sqlite3.c -index 1df6633..726adf7 100644 ---- a/sqlite3.c -+++ b/sqlite3.c -@@ -133242,6 +133242,7 @@ static void resetAccumulator(Parse *pParse, AggInfo *pAggInfo){ - struct AggInfo_func *pFunc; - int nReg = pAggInfo->nFunc + pAggInfo->nColumn; - if( nReg==0 ) return; -+ if( pParse->nErr ) return; - #ifdef SQLITE_DEBUG - /* Verify that all AggInfo registers are within the range specified by - ** AggInfo.mnReg..AggInfo.mxReg */ --- -2.17.1 - diff --git a/poky/meta/recipes-support/sqlite/files/CVE-2020-11656.patch b/poky/meta/recipes-support/sqlite/files/CVE-2020-11656.patch deleted file mode 100644 index b88a724e8c..0000000000 --- a/poky/meta/recipes-support/sqlite/files/CVE-2020-11656.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 2d69a520d027eb73eb6da9f2653d23e33b10e8bb Mon Sep 17 00:00:00 2001 -From: Sakib Sajal <sakib.sajal@windriver.com> -Date: Thu, 30 Apr 2020 10:14:36 -0700 -Subject: [PATCH 1/2] Fix a case when a pointer might be used after - being freed in the ALTER TABLE code. Fix for [4722bdab08cb1]. - -FossilOrigin-Name: d09f8c3621d5f7f8c6d99d7d82bcaa8421855b3f470bea2b26c858106382b906 -Upstream Status: Backport [fb99e388ec7f30fe43e4878236e3695ff24ae58d] - -[PATCH 2/2] Do not suppress errors when resolving references in an ORDER - BY clause belonging to a compound SELECT within a view or trigger within - ALTER TABLE. Fix for ticket [a10a14e9b4ba2]. - -FossilOrigin-Name: 684293882c302600e112cf52553c19d84fdb31663d96e5dd7f8ac17dda00a026 -Upstream Status: Backport [4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae] - -The two patches were converted to amalgamation format. - -CVE: CVE-2020-11656 -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - sqlite3.c | 18 +++++++++++++++++- - 1 file changed, 17 insertions(+), 1 deletion(-) - -diff --git a/sqlite3.c b/sqlite3.c -index 64fae04..1df6633 100644 ---- a/sqlite3.c -+++ b/sqlite3.c -@@ -97945,7 +97945,7 @@ static int resolveOrderByTermToExprList( - nc.nErr = 0; - db = pParse->db; - savedSuppErr = db->suppressErr; -- db->suppressErr = 1; -+ if( IN_RENAME_OBJECT==0 ) db->suppressErr = 1; - rc = sqlite3ResolveExprNames(&nc, pE); - db->suppressErr = savedSuppErr; - if( rc ) return 0; -@@ -105383,6 +105383,21 @@ static void renameWalkWith(Walker *pWalker, Select *pSelect){ - } - } - -+/* -+** Unmap all tokens in the IdList object passed as the second argument. -+*/ -+static void unmapColumnIdlistNames( -+ Parse *pParse, -+ IdList *pIdList -+){ -+ if( pIdList ){ -+ int ii; -+ for(ii=0; ii<pIdList->nId; ii++){ -+ sqlite3RenameTokenRemap(pParse, 0, (void*)pIdList->a[ii].zName); -+ } -+ } -+} -+ - /* - ** Walker callback used by sqlite3RenameExprUnmap(). - */ -@@ -105404,6 +105419,7 @@ static int renameUnmapSelectCb(Walker *pWalker, Select *p){ - for(i=0; i<pSrc->nSrc; i++){ - sqlite3RenameTokenRemap(pParse, 0, (void*)pSrc->a[i].zName); - if( sqlite3WalkExpr(pWalker, pSrc->a[i].pOn) ) return WRC_Abort; -+ unmapColumnIdlistNames(pParse, pSrc->a[i].pUsing); - } - } - --- -2.17.1 - diff --git a/poky/meta/recipes-support/sqlite/files/CVE-2020-9327.patch b/poky/meta/recipes-support/sqlite/files/CVE-2020-9327.patch deleted file mode 100644 index fecbbabce8..0000000000 --- a/poky/meta/recipes-support/sqlite/files/CVE-2020-9327.patch +++ /dev/null @@ -1,141 +0,0 @@ -From 45d491851e1bca378de158a5e279fd584ce548e4 Mon Sep 17 00:00:00 2001 -From: "D. Richard Hipp" <drh@hwaci.com> -Date: Mon, 17 Feb 2020 00:12:04 +0000 -Subject: [PATCH] [PATCH 1/2] Take care when checking the table of a TK_COLUMN - expression node to see if the table is a virtual table to first ensure that - the Expr.y.pTab pointer is not null due to generated column optimizations. - Ticket [4374860b29383380]. - -FossilOrigin-Name: 9d0d4ab95dc0c56e053c2924ed322a9ea7b25439e6f74599f706905a1994e454 - -[PATCH 2/2] A better (smaller and faster) solution to ticket - [4374860b29383380]. - -FossilOrigin-Name: abc473fb8fb999005dc79a360e34f97b3b25429decf1820dd2afa5c19577753d - -The two patches were converted to amalgamation format - -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> -Upstream-Status: Backport -CVE: CVE-2020-9327 ---- - sqlite3.c | 35 ++++++++++++++++++++++++----------- - sqlite3.h | 2 +- - 2 files changed, 25 insertions(+), 12 deletions(-) - -diff --git a/sqlite3.c b/sqlite3.c -index 55dc686..64fae04 100644 ---- a/sqlite3.c -+++ b/sqlite3.c -@@ -1167,7 +1167,7 @@ extern "C" { - */ - #define SQLITE_VERSION "3.31.1" - #define SQLITE_VERSION_NUMBER 3031001 --#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837bb4d6" -+#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837balt1" - - /* - ** CAPI3REF: Run-Time Library Version Numbers -@@ -17428,8 +17428,11 @@ struct Table { - */ - #ifndef SQLITE_OMIT_VIRTUALTABLE - # define IsVirtual(X) ((X)->nModuleArg) -+# define ExprIsVtab(X) \ -+ ((X)->op==TK_COLUMN && (X)->y.pTab!=0 && (X)->y.pTab->nModuleArg) - #else - # define IsVirtual(X) 0 -+# define ExprIsVtab(X) 0 - #endif - - /* -@@ -104133,19 +104136,25 @@ static int impliesNotNullRow(Walker *pWalker, Expr *pExpr){ - case TK_LT: - case TK_LE: - case TK_GT: -- case TK_GE: -+ case TK_GE: { -+ Expr *pLeft = pExpr->pLeft; -+ Expr *pRight = pExpr->pRight; - testcase( pExpr->op==TK_EQ ); - testcase( pExpr->op==TK_NE ); - testcase( pExpr->op==TK_LT ); - testcase( pExpr->op==TK_LE ); - testcase( pExpr->op==TK_GT ); - testcase( pExpr->op==TK_GE ); -- if( (pExpr->pLeft->op==TK_COLUMN && IsVirtual(pExpr->pLeft->y.pTab)) -- || (pExpr->pRight->op==TK_COLUMN && IsVirtual(pExpr->pRight->y.pTab)) -+ /* The y.pTab=0 assignment in wherecode.c always happens after the -+ ** impliesNotNullRow() test */ -+ if( (pLeft->op==TK_COLUMN && ALWAYS(pLeft->y.pTab!=0) -+ && IsVirtual(pLeft->y.pTab)) -+ || (pRight->op==TK_COLUMN && ALWAYS(pRight->y.pTab!=0) -+ && IsVirtual(pRight->y.pTab)) - ){ -- return WRC_Prune; -+ return WRC_Prune; - } -- -+ } - default: - return WRC_Continue; - } -@@ -142591,7 +142600,8 @@ static int isAuxiliaryVtabOperator( - ** MATCH(expression,vtab_column) - */ - pCol = pList->a[1].pExpr; -- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){ -+ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 ); -+ if( ExprIsVtab(pCol) ){ - for(i=0; i<ArraySize(aOp); i++){ - if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){ - *peOp2 = aOp[i].eOp2; -@@ -142613,7 +142623,8 @@ static int isAuxiliaryVtabOperator( - ** with function names in an arbitrary case. - */ - pCol = pList->a[0].pExpr; -- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){ -+ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 ); -+ if( ExprIsVtab(pCol) ){ - sqlite3_vtab *pVtab; - sqlite3_module *pMod; - void (*xNotUsed)(sqlite3_context*,int,sqlite3_value**); -@@ -142636,10 +142647,12 @@ static int isAuxiliaryVtabOperator( - int res = 0; - Expr *pLeft = pExpr->pLeft; - Expr *pRight = pExpr->pRight; -- if( pLeft->op==TK_COLUMN && IsVirtual(pLeft->y.pTab) ){ -+ testcase( pLeft->op==TK_COLUMN && pLeft->y.pTab==0 ); -+ if( ExprIsVtab(pLeft) ){ - res++; - } -- if( pRight && pRight->op==TK_COLUMN && IsVirtual(pRight->y.pTab) ){ -+ testcase( pRight && pRight->op==TK_COLUMN && pRight->y.pTab==0 ); -+ if( pRight && ExprIsVtab(pRight) ){ - res++; - SWAP(Expr*, pLeft, pRight); - } -@@ -228440,7 +228453,7 @@ SQLITE_API int sqlite3_stmt_init( - #endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_STMTVTAB) */ - - /************** End of stmt.c ************************************************/ --#if __LINE__!=228443 -+#if __LINE__!=228456 - #undef SQLITE_SOURCE_ID - #define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837balt2" - #endif -diff --git a/sqlite3.h b/sqlite3.h -index cef6eea..5b9796c 100644 ---- a/sqlite3.h -+++ b/sqlite3.h -@@ -125,7 +125,7 @@ extern "C" { - */ - #define SQLITE_VERSION "3.31.1" - #define SQLITE_VERSION_NUMBER 3031001 --#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837bb4d6" -+#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837balt1" - - /* - ** CAPI3REF: Run-Time Library Version Numbers --- -2.25.1 - diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.32.1.bb index 57a791385c..d6081f10ad 100644 --- a/poky/meta/recipes-support/sqlite/sqlite3_3.31.1.bb +++ b/poky/meta/recipes-support/sqlite/sqlite3_3.32.1.bb @@ -3,13 +3,9 @@ require sqlite3.inc LICENSE = "PD" LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" -SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \ - file://CVE-2020-9327.patch \ - file://CVE-2020-11656.patch \ - file://CVE-2020-11655.patch \ - " -SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125" -SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae" +SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz" +SRC_URI[md5sum] = "bc7afc06f1e30b09ac930957af68d723" +SRC_URI[sha256sum] = "486748abfb16abd8af664e3a5f03b228e5f124682b0c942e157644bf6fff7d10" # -19242 is only an issue in specific development branch commits CVE_CHECK_WHITELIST += "CVE-2019-19242" diff --git a/poky/meta/recipes-support/vte/vte_0.60.2.bb b/poky/meta/recipes-support/vte/vte_0.60.2.bb index 4a33f6e4d0..8c7054913f 100644 --- a/poky/meta/recipes-support/vte/vte_0.60.2.bb +++ b/poky/meta/recipes-support/vte/vte_0.60.2.bb @@ -52,6 +52,9 @@ CFLAGS += "-D_GNU_SOURCE" PACKAGES =+ "libvte ${PN}-prompt" FILES_libvte = "${libdir}/*.so.* ${libdir}/girepository-1.0/*" -FILES_${PN}-prompt = "${sysconfdir}/profile.d" +FILES_${PN}-prompt = " \ + ${sysconfdir}/profile.d \ + ${libexecdir}/vte-urlencode-cwd \ +" BBCLASSEXTEND = "native nativesdk" |