diff options
Diffstat (limited to 'poky/meta/recipes-support')
17 files changed, 131 insertions, 49 deletions
diff --git a/poky/meta/recipes-support/boost/boost.inc b/poky/meta/recipes-support/boost/boost.inc index 9be3717fd6..0330202586 100644 --- a/poky/meta/recipes-support/boost/boost.inc +++ b/poky/meta/recipes-support/boost/boost.inc @@ -2,6 +2,8 @@ SUMMARY = "Free peer-reviewed portable C++ source libraries" SECTION = "libs" DEPENDS = "bjam-native zlib bzip2" +CVE_PRODUCT = "boost:boost" + ARM_INSTRUCTION_SET_armv4 = "arm" ARM_INSTRUCTION_SET_armv5 = "arm" diff --git a/poky/meta/recipes-support/curl/curl_7.65.1.bb b/poky/meta/recipes-support/curl/curl_7.65.2.bb index e7bfe6cc0b..2fff04434a 100644 --- a/poky/meta/recipes-support/curl/curl_7.65.1.bb +++ b/poky/meta/recipes-support/curl/curl_7.65.2.bb @@ -9,8 +9,8 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ " -SRC_URI[md5sum] = "03ca3fa53ac4d791be66e30ba75b56ea" -SRC_URI[sha256sum] = "cbd36df60c49e461011b4f3064cff1184bdc9969a55e9608bf5cadec4686e3f7" +SRC_URI[md5sum] = "88910bdda3752a98083b6dbe85bafcaa" +SRC_URI[sha256sum] = "8093398b51e7d8337dac6f8fa6f1f77d562bdd9eca679dff9d9c3b8160ebfd28" CVE_PRODUCT = "curl libcurl" inherit autotools pkgconfig binconfig multilib_header diff --git a/poky/meta/recipes-support/debianutils/debianutils_4.8.6.1.bb b/poky/meta/recipes-support/debianutils/debianutils_4.8.6.3.bb index 7cc78a6850..a69d01e0f9 100644 --- a/poky/meta/recipes-support/debianutils/debianutils_4.8.6.1.bb +++ b/poky/meta/recipes-support/debianutils/debianutils_4.8.6.3.bb @@ -3,15 +3,13 @@ SECTION = "base" LICENSE = "GPLv2 & SMAIL_GPL" LIC_FILES_CHKSUM = "file://debian/copyright;md5=f01a5203d50512fc4830b4332b696a9f" -SRC_URI = "http://snapshot.debian.org/archive/debian/20190217T160716Z/pool/main/d/${BPN}/${BPN}_${PV}.tar.xz" +SRC_URI = "http://snapshot.debian.org/archive/debian/20190717T213444Z/pool/main/d/${BPN}/${BPN}_${PV}.tar.xz" # the package is taken from snapshots.debian.org; that source is static and goes stale # so we check the latest upstream from a directory that does get updated UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/d/${BPN}/" -SRC_URI[md5sum] = "80e2e670d8f6c0036770e971237f1f5c" -SRC_URI[sha256sum] = "099f1e8a7278b26145a2ba2dda84c4118403bfab38c8d7070a6235a7ffcb55ed" - -S = "${WORKDIR}/${BPN}" +SRC_URI[md5sum] = "ca57cc6621275346d7d516ab0b5fa1f5" +SRC_URI[sha256sum] = "2cc7de3afc6df1cf6d00af9938efac7ee8f739228e548e512ddc186b6a7be221" inherit autotools update-alternatives diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.2.16.bb b/poky/meta/recipes-support/gnupg/gnupg_2.2.17.bb index cb7c6c5c62..e5456dd9b9 100644 --- a/poky/meta/recipes-support/gnupg/gnupg_2.2.16.bb +++ b/poky/meta/recipes-support/gnupg/gnupg_2.2.17.bb @@ -19,9 +19,8 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \ file://relocate.patch" - -SRC_URI[md5sum] = "d90e186df1c06845880ea58a318f070b" -SRC_URI[sha256sum] = "6cbe8d454bf5dc204621eed3016d721b66298fa95363395bb8eeceb1d2fd14cb" +SRC_URI[md5sum] = "1ba2d9b70c377f8e967742064c27a19c" +SRC_URI[sha256sum] = "afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514" EXTRA_OECONF = "--disable-ldap \ --disable-ccid-driver \ diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng b/poky/meta/recipes-support/libcap-ng/libcap-ng deleted file mode 120000 index fb7744d293..0000000000 --- a/poky/meta/recipes-support/libcap-ng/libcap-ng +++ /dev/null @@ -1 +0,0 @@ -libcap-ng-python
\ No newline at end of file diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.7.9.bb b/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.7.9.bb index e49b445f57..43f76dc561 100644 --- a/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.7.9.bb +++ b/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.7.9.bb @@ -1,5 +1,7 @@ require libcap-ng.inc +FILESEXTRAPATHS_prepend := "${THISDIR}/libcap-ng:" + SUMMARY .= " - python" inherit lib_package autotools python3native diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng-python/python.patch b/poky/meta/recipes-support/libcap-ng/libcap-ng/python.patch index d60a0a39b6..d60a0a39b6 100644 --- a/poky/meta/recipes-support/libcap-ng/libcap-ng-python/python.patch +++ b/poky/meta/recipes-support/libcap-ng/libcap-ng/python.patch diff --git a/poky/meta/recipes-support/libpsl/libpsl/0001-gtk-doc-do-not-include-tree_index.sgml.patch b/poky/meta/recipes-support/libpsl/libpsl/0001-gtk-doc-do-not-include-tree_index.sgml.patch index 2331a766a1..c78d6fd981 100644 --- a/poky/meta/recipes-support/libpsl/libpsl/0001-gtk-doc-do-not-include-tree_index.sgml.patch +++ b/poky/meta/recipes-support/libpsl/libpsl/0001-gtk-doc-do-not-include-tree_index.sgml.patch @@ -5,7 +5,7 @@ Subject: [PATCH] gtk-doc: do not include tree_index.sgml gtk-doc 1.30 no longer generates the file if the object tree is empty -Upstream-Status: Submitted [https://github.com/rockdaboot/libpsl/pull/137] +Upstream-Status: Backport [87d1add318b5e5d09977f7f374e923577b6ff3be] Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> --- docs/libpsl/libpsl-docs.sgml | 4 ---- diff --git a/poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch b/poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch new file mode 100644 index 0000000000..ef3f2709f7 --- /dev/null +++ b/poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch @@ -0,0 +1,33 @@ +From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat, 27 Apr 2019 11:19:48 +0200 +Subject: [PATCH] Fix uninitialized read of xsl:number token + +Found by OSS-Fuzz. + +CVE: CVE-2019-13117 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + libxslt/numbers.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/libxslt/numbers.c b/libxslt/numbers.c +index 89e1f668..75c31eba 100644 +--- a/libxslt/numbers.c ++++ b/libxslt/numbers.c +@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format, + tokens->tokens[tokens->nTokens].token = val - 1; + ix += len; + val = xmlStringCurrentChar(NULL, format+ix, &len); +- } ++ } else { ++ tokens->tokens[tokens->nTokens].token = (xmlChar)'0'; ++ tokens->tokens[tokens->nTokens].width = 1; ++ } + } else if ( (val == (xmlChar)'A') || + (val == (xmlChar)'a') || + (val == (xmlChar)'I') || +-- +2.21.0 + diff --git a/poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch b/poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch new file mode 100644 index 0000000000..595e6c2f33 --- /dev/null +++ b/poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch @@ -0,0 +1,76 @@ +From 6ce8de69330783977dd14f6569419489875fb71b Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Mon, 3 Jun 2019 13:14:45 +0200 +Subject: [PATCH] Fix uninitialized read with UTF-8 grouping chars + +The character type in xsltFormatNumberConversion was too narrow and +an invalid character/length combination could be passed to +xsltNumberFormatDecimal, resulting in an uninitialized read. + +Found by OSS-Fuzz. + +CVE: CVE-2019-13118 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +--- + libxslt/numbers.c | 5 +++-- + tests/docs/bug-222.xml | 1 + + tests/general/bug-222.out | 2 ++ + tests/general/bug-222.xsl | 6 ++++++ + 4 files changed, 12 insertions(+), 2 deletions(-) + create mode 100644 tests/docs/bug-222.xml + create mode 100644 tests/general/bug-222.out + create mode 100644 tests/general/bug-222.xsl + +diff --git a/libxslt/numbers.c b/libxslt/numbers.c +index f1ed8846..20b99d5a 100644 +--- a/libxslt/numbers.c ++++ b/libxslt/numbers.c +@@ -1298,13 +1298,14 @@ OUTPUT_NUMBER: + number = floor((scale * number + 0.5)) / scale; + if ((self->grouping != NULL) && + (self->grouping[0] != 0)) { ++ int gchar; + + len = xmlStrlen(self->grouping); +- pchar = xsltGetUTF8Char(self->grouping, &len); ++ gchar = xsltGetUTF8Char(self->grouping, &len); + xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0], + format_info.integer_digits, + format_info.group, +- pchar, len); ++ gchar, len); + } else + xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0], + format_info.integer_digits, +diff --git a/tests/docs/bug-222.xml b/tests/docs/bug-222.xml +new file mode 100644 +index 00000000..69d62f2c +--- /dev/null ++++ b/tests/docs/bug-222.xml +@@ -0,0 +1 @@ ++<doc/> +diff --git a/tests/general/bug-222.out b/tests/general/bug-222.out +new file mode 100644 +index 00000000..e3139698 +--- /dev/null ++++ b/tests/general/bug-222.out +@@ -0,0 +1,2 @@ ++<?xml version="1.0"?> ++1⠢0 +diff --git a/tests/general/bug-222.xsl b/tests/general/bug-222.xsl +new file mode 100644 +index 00000000..e32dc473 +--- /dev/null ++++ b/tests/general/bug-222.xsl +@@ -0,0 +1,6 @@ ++<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"> ++ <xsl:decimal-format name="f" grouping-separator="⠢"/> ++ <xsl:template match="/"> ++ <xsl:value-of select="format-number(10,'#⠢0','f')"/> ++ </xsl:template> ++</xsl:stylesheet> +-- +2.21.0 + diff --git a/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb b/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb index 6320a821dc..abc00a09ea 100644 --- a/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb +++ b/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb @@ -10,6 +10,8 @@ DEPENDS = "libxml2" SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \ file://0001-Fix-security-framework-bypass.patch \ + file://CVE-2019-13117.patch \ + file://CVE-2019-13118.patch \ " SRC_URI[md5sum] = "b3bd254a03e46d58f8ad1e4559cd2c2f" diff --git a/poky/meta/recipes-support/nss/nss_3.44.bb b/poky/meta/recipes-support/nss/nss_3.45.bb index 4205d79485..e89e7d69d5 100644 --- a/poky/meta/recipes-support/nss/nss_3.44.bb +++ b/poky/meta/recipes-support/nss/nss_3.45.bb @@ -33,8 +33,8 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO file://system-pkcs11.txt \ " -SRC_URI[md5sum] = "e9222b9573452b9f4e6ff4915d6407c2" -SRC_URI[sha256sum] = "a5620e59b6eeedfd5a12c9298b50ad92e9898b223e214eb675e36f4ffb5b6aff" +SRC_URI[md5sum] = "f1752d7223ee9d910d551e57264bafa8" +SRC_URI[sha256sum] = "112f05223d1fde902c170966bfc6f011b24a838be16969b110ecf2bb7bc24e8b" UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases" UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes" diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/fix-rngd-fail-to-stop.patch b/poky/meta/recipes-support/rng-tools/rng-tools/fix-rngd-fail-to-stop.patch deleted file mode 100644 index 58cf3f9d59..0000000000 --- a/poky/meta/recipes-support/rng-tools/rng-tools/fix-rngd-fail-to-stop.patch +++ /dev/null @@ -1,25 +0,0 @@ -It fails to stop rngd. It just shows warnings when stop rngd such as by: - -$ systemctl stop rngd.service - -but stalls shutdown untill daemon rngd is killed. - -Backport patch to fix the issue. - -Upstream-Status: Backport [https://bugzilla.redhat.com/show_bug.cgi?id=1690364#c8] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> ---- -diff --git a/rngd_jitter.c b/rngd_jitter.c -index 54070ae..7a69bf9 100644 ---- a/rngd_jitter.c -+++ b/rngd_jitter.c -@@ -280,7 +280,7 @@ static void *thread_entropy_task(void *data) - - /* Write to pipe */ - written = 0; -- while(written != me->buf_sz) { -+ while(me->active && written != me->buf_sz) { - message(LOG_DAEMON|LOG_DEBUG, "Writing to pipe\n"); - ret = write(me->pipe_fd, &tmpbuf[written], me->buf_sz - written); - message(LOG_DAEMON|LOG_DEBUG, "DONE Writing to pipe with return %ld\n", ret); diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service b/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service index b1a78527be..49d5de294f 100644 --- a/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service +++ b/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service @@ -1,8 +1,5 @@ [Unit] Description=Hardware RNG Entropy Gatherer Daemon -DefaultDependencies=no -After=systemd-udev-settle.service -Before=sysinit.target [Service] EnvironmentFile=-@SYSCONFDIR@/default/rng-tools diff --git a/poky/meta/recipes-support/rng-tools/rng-tools_6.7.bb b/poky/meta/recipes-support/rng-tools/rng-tools_6.7.bb index aeb558b2b7..b4e453f67f 100644 --- a/poky/meta/recipes-support/rng-tools/rng-tools_6.7.bb +++ b/poky/meta/recipes-support/rng-tools/rng-tools_6.7.bb @@ -10,7 +10,6 @@ DEPENDS = "sysfsutils" SRC_URI = "\ git://github.com/nhorman/rng-tools.git \ - file://fix-rngd-fail-to-stop.patch \ file://init \ file://default \ file://rngd.service \ @@ -46,8 +45,8 @@ do_install_append() { install -Dm 0644 ${WORKDIR}/rngd.service \ ${D}${systemd_system_unitdir}/rngd.service sed -i \ - -e 's,@SYSCONFDIR@,${sysconfdir},' \ - -e 's,@SBINDIR@,${sbindir},' \ + -e 's,@SYSCONFDIR@,${sysconfdir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ ${D}${sysconfdir}/init.d/rng-tools \ ${D}${systemd_system_unitdir}/rngd.service } diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.28.0.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.29.0.bb index 438a4ea471..07e36bede7 100644 --- a/poky/meta/recipes-support/sqlite/sqlite3_3.28.0.bb +++ b/poky/meta/recipes-support/sqlite/sqlite3_3.29.0.bb @@ -4,5 +4,5 @@ LICENSE = "PD" LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" SRC_URI = "http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz" -SRC_URI[md5sum] = "3c68eb400f8354605736cd55400e1572" -SRC_URI[sha256sum] = "d61b5286f062adfce5125eaf544d495300656908e61fca143517afcc0a89b7c3" +SRC_URI[md5sum] = "8f3dfe83387e62ecb91c7c5c09c688dc" +SRC_URI[sha256sum] = "8e7c1e2950b5b04c5944a981cb31fffbf9d2ddda939d536838ebc854481afd5b" diff --git a/poky/meta/recipes-support/vte/vte_0.56.1.bb b/poky/meta/recipes-support/vte/vte_0.56.3.bb index 702436b368..0deee175df 100644 --- a/poky/meta/recipes-support/vte/vte_0.56.1.bb +++ b/poky/meta/recipes-support/vte/vte_0.56.3.bb @@ -19,8 +19,8 @@ SRC_URI += "file://0001-Don-t-enable-stack-protection-by-default.patch \ file://0001-app.cc-use-old-school-asignment-to-avoid-gcc-4.8-err.patch \ file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch \ " -SRC_URI[archive.md5sum] = "a8984cd5a101dbff0b0c875d1de3f692" -SRC_URI[archive.sha256sum] = "02fa8ecc02a9332e47f486795494527b5687b3bd448e73e6b67285f2f326dc7c" +SRC_URI[archive.md5sum] = "adf341807861a5dad9f98e5c701c0769" +SRC_URI[archive.sha256sum] = "17a1d4bc8848f1d2acfa4c20aaa24b9bac49f057b8909c56d3dafec2e2332648" ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" |