From bf91d30bc84e7159f13d32da1bc4007fbfdb8a6e Mon Sep 17 00:00:00 2001 From: Patrick Williams Date: Sat, 30 Jan 2021 08:17:16 -0600 Subject: subtree updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit poky: 424296bf9b..7ea41de137: Adrian Herrera (1): scripts: oe-run-native, fix *-native directories Alexander Kanavin (8): meta/lib/oe/reproducible.py: gitsm:// works just as fine as git:// for timestamps llvm: fix reproducibility ruby: fix reproducibility webkitgtk: fix reproducibility ffmpeg: fix reproducibility serf: do not install the static library llvm: sort the lists in generated source reproducibibly valgrind: exclude bar_bad/bar_bad_xml from ptests Andrej Valek (2): kernel-dummy: fix executing unexpected tasks python3: fix CVE-2019-20907 Andrey Mozzhuhin (1): toolchain-shar-extract.sh: Handle special characters in script path Anuj Mittal (2): distutils-common-base: fix LINKSHARED expansion mesa: add more details to elf-tls patch Armin Kuster (2): xorg: Security fix for CVE-2020-14345 glibc: Security fix for CVE-2020-29573 Brett Warren (1): libffi: add patch to revert clang VFP workaround Bruce Ashfield (20): kernel: provide module.lds for out of tree builds in v5.10+ kernel: relocate copy of module.lds to module compilation task linux-yocto/5.4: update to v5.4.71 linux-yocto/5.4: update to v5.4.72 linux-yocto/5.4: update to v5.4.73 linux-yocto/5.4: config cleanup / warnings linux-yocto/5.4: update to v5.4.75 linux-yocto/5.4: perf: Alias SYS_futex with SYS_futex_time64 on 32-bit arches with 64bit time_t linux-yocto/5.4: update to v5.4.78 lttng-modules: add post 2.11.6 patches linux-yocto-rt/5.4: update to -rt44 linux-yocto/5.4: update to v5.4.80 linux-yocto/cfg: qemuppc: set CONFIG_SCSI to '=y' linux-yocto/5.4: update to v5.4.82 linux-yocto/cfg: qemuarm64-gfx.cfg: add CONFIG_INPUT_UINPUT linux-yocto/5.4: update to v5.4.83 linux-yocto/5.4/cfg: fix -tiny warnings linux-yocto/5.4/cfg: fix FIRMWARE_LOADER warnings linux-yocto/5.4: update to v5.4.85 linux-yocto/5.4: update to v5.4.87 Changqing Li (2): buildtools-tarball: add wic dependency into extended buildtools libexif: fix CVE-2020-0198; CVE-2020-0452 Chris Laplante (1): systemd.bbclass: improve error message when a service unit specified in SYSTEMD_SERVICE is not found Christopher Larson (2): grub-efi-cfg: exclude OVERRIDES from build_efi_cfg vardeps uboot-extlinux-config: exclude OVERRIDES from do_create_extlinux_config vardeps Daniel Ammann (1): wic: fix typo Diego Sueiro (1): modutils-initscripts: Use depmod -a when modules.dep is empty Dmitry Baryshkov (5): linux-firmware: upgrade 20201022 -> 20201118 linux-firmware: package ath11k firmware linux-firmware: upgrade 20201118 -> 20201218 linux-firmware: package firmware for Lontium lt9611uxc bridge perl: fix installation failure because of shell issue Fedor Ross (2): sysvinit: remove bashism to be compatible with dash eudev: remove bashism to be compatible with dash Gratian Crisan (1): kernel-module-split.bbclass: fix kernel modules getting marked as CONFFILES Hongxu Jia (1): glib-networking/btrfs-tools/dosfstools/parted/bmap-tools/libsoup-2.4: add nativesdk support Joshua Watt (4): ref-variables: Given example for naming sources ref-manual: Document wic --offset option documentation: Add Pipenv support classes/waf: Add build and install arguments Khem Raj (1): initscripts: use quotes for shell variable comparision Lee Chee Yang (7): go: update to 1.14.12 glibc: fix CVE-2020-29562 qemu: fix CVE-2020-25723 binutils: fix CVE-2020-16592/16598 wic/direct/kparser: ensure fsuuid for vfat and msdos align with format gdk-pixbuf: fix CVE-2020-29385 curl: fix CVE-2020-8231/8284/8285/8286 Loic Domaigne (1): roofs_*.bbclass: fix missing vardeps for do_rootfs Mans Rullgard (1): boost: drop arm-intrinsics.patch Marek Vasut (2): meta: toolchain-shar-relocate.sh: Do not use $target_sdk_dir as regex meta: toolchain-shar-relocate.sh: Filter out post-relocate-setup script Mark Jonas (1): libsdl2: Add directfb to PACKAGECONFIG rdepends Max Krummenacher (1): linux-firmware: rdepend on license for all nvidia packages Maxime Roussin-Bélanger (1): meta: add missing descriptions in some support recipes Mert Kirpici (1): bitbake: doc/conf.py: add missing import sys Michael Ho (1): license_image.bbclass: fix missing recipeinfo on self Mikko Rapeli (4): glibc: update to 2.31 stable tree head glib-2.0: add patch for CVE-2020-35457 systemd: update from 244.3 to 244.5 stable release zip: whitelist CVE-2018-13410 and CVE-2018-13684 Milan Shah (1): oe-pkgdata-util: Added a test to verify oe-pkgdata-util without parameters Naoki Hayama (1): dev/test/ref-manual: Fix typos Nathan Rossi (2): ncurses: Prevent LDFLAGS being emitted in .pc files coreutils: enable xattrs by default for nativesdk Nicolas Dechesne (16): bitbake: sphinx: import sphinx docs bitbake: sphinx: undo (bitbake-user-manual: Remove TERM from BB_HASHBASE_WHITELIST example) bitbake: sphinx: partial undo (bitbake-user-manual: update perforce fetcher docs) sphinx: import docs sphinx: undo (ref-system-requirements: update supported hosts lists) sphinx: reintroduce changes for 3.1.1, 3.1.2, 3.1.3 and 3.1.4 sphinx: remove test-manual sphinx: fix up some trademark and branding issues sphinx: remove DocBook files sphinx: rename Makefile.sphinx sdk-manual: use built-in footnotes sphinx: add 3.1.3 and 3.0.4 release in the switcher poky.yaml: remove unused variables Makefile: enable parallel build conf.py: set version to 3.1.4 sphinx: update link to bitbake docs Ovidiu Panait (2): timezone: upgrade to 2020e timezone: upgrade to 2020f Paul Barker (2): conf.py: Improve TOC and Outline depth in PDF output selftest: Add argument to keep build dir Paul Eggleton (5): ref-manual: add reference anchors for each QA check ref-manual: fix for features_check class change ref-manual: add IMAGE_VERSION_SUFFIX variable ref-manual: add IMAGE_NAME_SUFFIX variable ref-manual: add IMAGE_LINK_NAME Peter Kjellerstedt (1): apr-util: Only specify --with-dbm=gdbm if gdbm support is enabled Quentin Schulz (20): docs: ref-manual: ref-variables: fix one-letter pointer links in glossary docs: ref-manual: ref-variables: fix alphabetical order in glossary docs: ref-manual: ref-variables: add links to terms in glossary docs: poky.yaml: use HTTPS for links docs: ref-manual: indentation, links and highlights fixes docs: remove OE_INIT_FILE variable docs: ref-manual: fix typos docs: ref-manual: migration-2.3: specify 2.3 version instead of DISTRO docs: ref-manual: ref-classes: remove dropped tinderclient class docs: ref-manual: ref-system-requirements: update requirements to build Sphinx docs docs: sphinx: yocto-vars: rebuild files when poky.yaml has changed docs: poky.yaml: fix identation in host packages variables docs: dev-manual-common-tasks: remove paragraph about race when missing DEPENDS docs: dev-manual-common-tasks: update python webserver example to python3 docs: dev-manual: fix typos, highlights, indentation and links docs: ref-manual: ref-terms: add links to terms in glossary docs: bsp-guide: bsp: fix typos, highlights and links docs: kernel-dev: fix typos, highlights and links docs: kernel-dev-common: add .patch file extension to SRC_URI files docs: kernel-dev-faq: update outdated RDEPENDS_kernel-base Richard Purdie (20): fs-perms: Ensure /usr/src/debug/ file modes are correct e2fsprogs: Fix a ptest permissions determinism issue lz4: Use the new branch naming from upstream metadata_scm: Fix signature handling of METADATA_REVISION and METADATA_BRANCH grub: Fix build reproducibility issue grub: Add second fix for determinism issue u-boot-tools: Fix reproducibility issue groff: Fix reproducibility issue man-db: Avoid reproducibility failures after fixing groff-native cups: Mark CVE-2009-0032 as a non-issue cups: Mark CVE-2008-1033 as a non-issue docs: Fix license CC-BY-2.0-UK -> CC-BY-SA-2.0-UK ref-manual/faq: Add entry for why binaries are changed in images dev-manual: Add a note about prelink changing prebuild binaries oeqa/commands: Ensure sync can be found regardless of PATH grub: Further reproducibility fix man-db: Fix reproducibility issue gcc: Fix mangled patch bitbake: data_smart: Ensure hash reflects vardepvalue flags correctly linuxloader: Avoid confusing string concat errors Robert Joslyn (2): openssl: Update to 1.1.1i ppp: Whitelist CVE-2020-15704 Robert P. J. Day (3): ref-manual/ref-variables: "PACKAGE_FEEDS_ARCHS" -> "PACKAGE_FEED_ARCHS" README: "yocto-project-qs" -> "brief-yoctoprojectqs" adt-manual: delete obsolete ADT manual, and related content Robert Yang (5): buildtools-tarball.bb: Fix PATH for environment setup script ncurses: Make ncurses-tools depend on ncurses-terminfo-base minicom: RDEPENDS on ncurses-terminfo-base archiver.bbclass: Fix --runall=deploy_archives for images weston: Fix PACKAGECONFIG for remoting Ross Burton (17): bitbake: taskexp: update for GTK API changes cve-check: show real PN/PV python3: add CVE-2007-4559 to whitelist gstreamer1.0-rtsp-server: set CVE_PRODUCT gstreamer1.0-plugins-base: set CVE_PRODUCT oeqa/devtool: use Yocto mirror for pv-1.5.3 tarball devtool: remove unused variable image_types: sort tarball file listings cve-update-db-native: handle all-wildcard versions coreutils: add SUSE-specific issues to CVE whitelist kernel: set COMPATIBLE_HOST to *-linux ncurses: remove config.cache wic-image-minimal: only depend on syslinux on x86 targets lib/oe/qa: handle the 'no specific instruction set' ELF e_machine value diffstat: point the license checksum at the license ruby: remove tcl DEPENDS waf: don't assume the waf intepretter is good Scott Murray (3): grub: fix "CVE:" line in one of the patches patch: fix CVE-2019-20633 glibc: CVE-2019-25013 Steve Sakoman (5): sqlite3: add CVE-2015-3717 to whitelist oeqa/selftest/cases/devtool.py: fix typo in ignore_patterns call cups: whitelist CVE-2018-6553 documentation: prepare for 3.1.5 release poky.conf: Bump version for 3.1.5 release Tanu Kaskinen (1): pulseaudio: Remove OE_LT_RPATH_ALLOW Thomas Perrot (1): go.bbclass: don't stage test data with sources of dependencies Tomasz Dziendzielski (2): populate_sdk_base: Fix condition syntax if SDK_RELOCATE_AFTER_INSTALL is disabled lib/oe/utils: Return empty string in parallel_make Vyacheslav Yurkov (1): license_image.bbclass: use canonical name for license files Wang Mingyu (1): mobile-broadband-provider-info: upgrade 20190618 ->20201225 Wonmin Jung (1): kernel: Set proper LD in KERNEL_KCONFIG_COMMAND sangeeta jain (1): meta/lib/oeqa/manual/oe-core.json: Update test_bitbake_devshell zangrc (2): wireless-regdb: upgrade 2020.04.29 -> 2020.11.20 bash: Rename patch name meta-openembedded: f2d02cb71e..5bba79488b: Armin Kuster (5): wireguard-module: fix build issue with 5.4 kernel mariadb: update to 10.4.17 for cve fixes lua: update to 5.3.6 nss: Security fix CVE-2020-12401 wireshark: Several securtiy fixes Chenxi Mao (1): geoclue: select avahi-daemon if nmea enabled Diego Santa Cruz (2): gssdp: Upgrade to 1.2.2 -> 1.2.3 gupnp: Upgrade to 1.2.2 -> 1.2.4 Gianfranco (1): dlt-daemon: add upstream patch to fix CVE-2020-29394 Khem Raj (4): nodejs: Fix build with icu 67.1 nodejs: Upgrade to 12.18.3 nodejs: Fix arm32/thumb builds with clang nodejs: Update to 12.19.0 Leon Anavi (1): php: Upgrade 7.4.4 -> 7.4.9 Max Kellermann (1): php: remove the failing ${D}/${TMPDIR} code Robert Joslyn (1): postgresql: Update to 12.5 Roland Hieber (1): pcsc-lite: provide pcsc-lite-lib-native explicitly for native build Sakib Sajal (1): apache2: upgrade v2.4.43 -> v2.4.46 Sean Nyekjaer (1): nodejs: 12.19.1 -> 12.20.1 Stacy Gaikovaia (1): nodejs: 12.19.0 -> 12.19.1 Wang Mingyu (1): zabbix: CVE-2020-15803 Security Advisory Wenlin Kang (2): lua: fix CVE-2020-15945 lua: fix CVE-2020-24371 Zang Ruochen (1): mcpp: Normalize the patch format of CVE Zheng Ruoqin (4): samba: CVE-2020-14318 Security Advisory samba: CVE-2020-14383 Security Advisory php: CVE-2020-7070 php: CVE-2020-7069 jabdoa2 (2): libsdl2-mixer: Fix ogg/vorbis support in libsdl2-mixer libsdl2-mixer: set --disable-music-ogg-shared to link statically viatsk (1): tcpdump: Patch for CVE-2020-8037 Signed-off-by: Patrick Williams Change-Id: I6e3b58075efc33fcfd6e9e1aa697f8763b5a89aa --- ...ug-barriers-cannot-be-active-during-sweep.patch | 90 +++++++ .../recipes-devtools/lua/lua/CVE-2020-15945.patch | 167 +++++++++++++ .../meta-oe/recipes-devtools/lua/lua_5.3.5.bb | 68 ----- .../meta-oe/recipes-devtools/lua/lua_5.3.6.bb | 70 ++++++ .../mcpp/files/CVE-2019-14274.patch | 34 +++ .../recipes-devtools/mcpp/files/ice-mcpp.patch | 31 --- .../meta-oe/recipes-devtools/mcpp/mcpp_2.7.2.bb | 3 +- ...of-register-r7-because-llvm-now-issues-an.patch | 53 ++++ ...allow-passing-multiple-libs-to-pkg_config.patch | 41 --- ...uild-allow-use-of-system-installed-brotli.patch | 66 ----- ...0003-Install-both-binaries-and-use-libdir.patch | 28 +-- .../recipes-devtools/nodejs/nodejs_12.14.1.bb | 163 ------------ .../recipes-devtools/nodejs/nodejs_12.20.1.bb | 161 ++++++++++++ .../recipes-devtools/php/php/CVE-2020-7069.patch | 158 ++++++++++++ .../recipes-devtools/php/php/CVE-2020-7070.patch | 24 ++ .../php/php/debian-php-fixheader.patch | 27 +- .../meta-oe/recipes-devtools/php/php_7.4.4.bb | 275 --------------------- .../meta-oe/recipes-devtools/php/php_7.4.9.bb | 269 ++++++++++++++++++++ 18 files changed, 1052 insertions(+), 676 deletions(-) create mode 100644 meta-openembedded/meta-oe/recipes-devtools/lua/lua/0001-Fixed-bug-barriers-cannot-be-active-during-sweep.patch create mode 100644 meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2020-15945.patch delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.5.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.6.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/mcpp/files/CVE-2019-14274.patch create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-build-allow-passing-multiple-libs-to-pkg_config.patch delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-build-allow-use-of-system-installed-brotli.patch delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.14.1.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.20.1.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7069.patch create mode 100644 meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch mode change 100755 => 100644 meta-openembedded/meta-oe/recipes-devtools/php/php/debian-php-fixheader.patch delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/php/php_7.4.4.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/php/php_7.4.9.bb (limited to 'meta-openembedded/meta-oe/recipes-devtools') diff --git a/meta-openembedded/meta-oe/recipes-devtools/lua/lua/0001-Fixed-bug-barriers-cannot-be-active-during-sweep.patch b/meta-openembedded/meta-oe/recipes-devtools/lua/lua/0001-Fixed-bug-barriers-cannot-be-active-during-sweep.patch new file mode 100644 index 0000000000..a302874d76 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/lua/lua/0001-Fixed-bug-barriers-cannot-be-active-during-sweep.patch @@ -0,0 +1,90 @@ +From 1e6df25ac28dcd89f0324177bb55019422404b44 Mon Sep 17 00:00:00 2001 +From: Roberto Ierusalimschy +Date: Thu, 3 Sep 2020 15:32:17 +0800 +Subject: [PATCH] Fixed bug: barriers cannot be active during sweep + +Barriers cannot be active during sweep, even in generational mode. +(Although gen. mode is not incremental, it can hit a barrier when +deleting a thread and closing its upvalues.) The colors of objects are +being changed during sweep and, therefore, cannot be trusted. + +Upstream-Status: Backport [https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110] +CVE: CVE-2020-24371 + +[Adjust code KGC_INC -> KGC_NORMAL, refer 69371c4b84becac09c445aae01d005b49658ef82] +Signed-off-by: Wenlin Kang +--- + src/lgc.c | 33 ++++++++++++++++++++++++--------- + 1 file changed, 24 insertions(+), 9 deletions(-) + +diff --git a/src/lgc.c b/src/lgc.c +index 973c269..7af23d5 100644 +--- a/src/lgc.c ++++ b/src/lgc.c +@@ -142,10 +142,17 @@ static int iscleared (global_State *g, const TValue *o) { + + + /* +-** barrier that moves collector forward, that is, mark the white object +-** being pointed by a black object. (If in sweep phase, clear the black +-** object to white [sweep it] to avoid other barrier calls for this +-** same object.) ++** Barrier that moves collector forward, that is, marks the white object ++** 'v' being pointed by the black object 'o'. In the generational ++** mode, 'v' must also become old, if 'o' is old; however, it cannot ++** be changed directly to OLD, because it may still point to non-old ++** objects. So, it is marked as OLD0. In the next cycle it will become ++** OLD1, and in the next it will finally become OLD (regular old). By ++** then, any object it points to will also be old. If called in the ++** incremental sweep phase, it clears the black object to white (sweep ++** it) to avoid other barrier calls for this same object. (That cannot ++** be done is generational mode, as its sweep does not distinguish ++** whites from deads.) + */ + void luaC_barrier_ (lua_State *L, GCObject *o, GCObject *v) { + global_State *g = G(L); +@@ -154,7 +161,8 @@ void luaC_barrier_ (lua_State *L, GCObject *o, GCObject *v) { + reallymarkobject(g, v); /* restore invariant */ + else { /* sweep phase */ + lua_assert(issweepphase(g)); +- makewhite(g, o); /* mark main obj. as white to avoid other barriers */ ++ if (g->gckind == KGC_NORMAL) /* incremental mode? */ ++ makewhite(g, o); /* mark 'o' as white to avoid other barriers */ + } + } + +@@ -299,10 +307,15 @@ static void markbeingfnz (global_State *g) { + + + /* +-** Mark all values stored in marked open upvalues from non-marked threads. +-** (Values from marked threads were already marked when traversing the +-** thread.) Remove from the list threads that no longer have upvalues and +-** not-marked threads. ++** For each non-marked thread, simulates a barrier between each open ++** upvalue and its value. (If the thread is collected, the value will be ++** assigned to the upvalue, but then it can be too late for the barrier ++** to act. The "barrier" does not need to check colors: A non-marked ++** thread must be young; upvalues cannot be older than their threads; so ++** any visited upvalue must be young too.) Also removes the thread from ++** the list, as it was already visited. Removes also threads with no ++** upvalues, as they have nothing to be checked. (If the thread gets an ++** upvalue later, it will be linked in the list again.) + */ + static void remarkupvals (global_State *g) { + lua_State *thread; +@@ -313,9 +326,11 @@ static void remarkupvals (global_State *g) { + p = &thread->twups; /* keep marked thread with upvalues in the list */ + else { /* thread is not marked or without upvalues */ + UpVal *uv; ++ lua_assert(!isold(thread) || thread->openupval == NULL); + *p = thread->twups; /* remove thread from the list */ + thread->twups = thread; /* mark that it is out of list */ + for (uv = thread->openupval; uv != NULL; uv = uv->u.open.next) { ++ lua_assert(getage(uv) <= getage(thread)); + if (uv->u.open.touched) { + markvalue(g, uv->v); /* remark upvalue's value */ + uv->u.open.touched = 0; +-- +1.9.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2020-15945.patch b/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2020-15945.patch new file mode 100644 index 0000000000..89ce491487 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2020-15945.patch @@ -0,0 +1,167 @@ +From d8d344365945a534f700c82c5dd26f704f89fef3 Mon Sep 17 00:00:00 2001 +From: Roberto Ierusalimschy +Date: Wed, 5 Aug 2020 16:59:58 +0800 +Subject: [PATCH] Fixed bug: invalid 'oldpc' when returning to a function + +The field 'L->oldpc' is not always updated when control returns to a +function; an invalid value can seg. fault when computing 'changedline'. +(One example is an error in a finalizer; control can return to +'luaV_execute' without executing 'luaD_poscall'.) Instead of trying to +fix all possible corner cases, it seems safer to be resilient to invalid +values for 'oldpc'. Valid but wrong values at most cause an extra call +to a line hook. + +CVE: CVE-2020-15945 + +[Adjust the code to be applicable to the tree] + +Upstream-Status: Backport [https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3] + +Signed-off-by: Wenlin Kang +Signed-off-by: Joe Slater + +--- + src/ldebug.c | 30 +++++++++++++++--------------- + src/ldebug.h | 4 ++++ + src/ldo.c | 2 +- + src/lstate.c | 1 + + src/lstate.h | 2 +- + 5 files changed, 22 insertions(+), 17 deletions(-) + +diff --git a/src/ldebug.c b/src/ldebug.c +index 239affb..832b16c 100644 +--- a/src/ldebug.c ++++ b/src/ldebug.c +@@ -34,9 +34,8 @@ + #define noLuaClosure(f) ((f) == NULL || (f)->c.tt == LUA_TCCL) + + +-/* Active Lua function (given call info) */ +-#define ci_func(ci) (clLvalue((ci)->func)) +- ++/* inverse of 'pcRel' */ ++#define invpcRel(pc, p) ((p)->code + (pc) + 1) + + static const char *funcnamefromcode (lua_State *L, CallInfo *ci, + const char **name); +@@ -71,20 +70,18 @@ static void swapextra (lua_State *L) { + + /* + ** This function can be called asynchronously (e.g. during a signal). +-** Fields 'oldpc', 'basehookcount', and 'hookcount' (set by +-** 'resethookcount') are for debug only, and it is no problem if they +-** get arbitrary values (causes at most one wrong hook call). 'hookmask' +-** is an atomic value. We assume that pointers are atomic too (e.g., gcc +-** ensures that for all platforms where it runs). Moreover, 'hook' is +-** always checked before being called (see 'luaD_hook'). ++** Fields 'basehookcount' and 'hookcount' (set by 'resethookcount') ++** are for debug only, and it is no problem if they get arbitrary ++** values (causes at most one wrong hook call). 'hookmask' is an atomic ++** value. We assume that pointers are atomic too (e.g., gcc ensures that ++** for all platforms where it runs). Moreover, 'hook' is always checked ++** before being called (see 'luaD_hook'). + */ + LUA_API void lua_sethook (lua_State *L, lua_Hook func, int mask, int count) { + if (func == NULL || mask == 0) { /* turn off hooks? */ + mask = 0; + func = NULL; + } +- if (isLua(L->ci)) +- L->oldpc = L->ci->u.l.savedpc; + L->hook = func; + L->basehookcount = count; + resethookcount(L); +@@ -665,7 +662,10 @@ l_noret luaG_runerror (lua_State *L, const char *fmt, ...) { + void luaG_traceexec (lua_State *L) { + CallInfo *ci = L->ci; + lu_byte mask = L->hookmask; ++ const Proto *p = ci_func(ci)->p; + int counthook = (--L->hookcount == 0 && (mask & LUA_MASKCOUNT)); ++ /* 'L->oldpc' may be invalid; reset it in this case */ ++ int oldpc = (L->oldpc < p->sizecode) ? L->oldpc : 0; + if (counthook) + resethookcount(L); /* reset count */ + else if (!(mask & LUA_MASKLINE)) +@@ -677,15 +677,15 @@ void luaG_traceexec (lua_State *L) { + if (counthook) + luaD_hook(L, LUA_HOOKCOUNT, -1); /* call count hook */ + if (mask & LUA_MASKLINE) { +- Proto *p = ci_func(ci)->p; + int npc = pcRel(ci->u.l.savedpc, p); + int newline = getfuncline(p, npc); + if (npc == 0 || /* call linehook when enter a new function, */ +- ci->u.l.savedpc <= L->oldpc || /* when jump back (loop), or when */ +- newline != getfuncline(p, pcRel(L->oldpc, p))) /* enter a new line */ ++ ci->u.l.savedpc <= invpcRel(oldpc, p) || /* when jump back (loop), or when */ ++ newline != getfuncline(p, oldpc)) /* enter a new line */ + luaD_hook(L, LUA_HOOKLINE, newline); /* call line hook */ ++ ++ L->oldpc = npc; /* 'pc' of last call to line hook */ + } +- L->oldpc = ci->u.l.savedpc; + if (L->status == LUA_YIELD) { /* did hook yield? */ + if (counthook) + L->hookcount = 1; /* undo decrement to zero */ +diff --git a/src/ldebug.h b/src/ldebug.h +index 0e31546..c224cc4 100644 +--- a/src/ldebug.h ++++ b/src/ldebug.h +@@ -13,6 +13,10 @@ + + #define pcRel(pc, p) (cast(int, (pc) - (p)->code) - 1) + ++/* Active Lua function (given call info) */ ++#define ci_func(ci) (clLvalue((ci)->func)) ++ ++ + #define getfuncline(f,pc) (((f)->lineinfo) ? (f)->lineinfo[pc] : -1) + + #define resethookcount(L) (L->hookcount = L->basehookcount) +diff --git a/src/ldo.c b/src/ldo.c +index 90b695f..f66ac1a 100644 +--- a/src/ldo.c ++++ b/src/ldo.c +@@ -382,7 +382,7 @@ int luaD_poscall (lua_State *L, CallInfo *ci, StkId firstResult, int nres) { + luaD_hook(L, LUA_HOOKRET, -1); + firstResult = restorestack(L, fr); + } +- L->oldpc = ci->previous->u.l.savedpc; /* 'oldpc' for caller function */ ++ L->oldpc = pcRel(ci->u.l.savedpc, ci_func(ci)->p); /* 'oldpc' for caller function */ + } + res = ci->func; /* res == final position of 1st result */ + L->ci = ci->previous; /* back to caller */ +diff --git a/src/lstate.c b/src/lstate.c +index 9194ac3..3573e36 100644 +--- a/src/lstate.c ++++ b/src/lstate.c +@@ -236,6 +236,7 @@ static void preinit_thread (lua_State *L, global_State *g) { + L->nny = 1; + L->status = LUA_OK; + L->errfunc = 0; ++ L->oldpc = 0; + } + + +diff --git a/src/lstate.h b/src/lstate.h +index a469466..d75eadf 100644 +--- a/src/lstate.h ++++ b/src/lstate.h +@@ -164,7 +164,6 @@ struct lua_State { + StkId top; /* first free slot in the stack */ + global_State *l_G; + CallInfo *ci; /* call info for current function */ +- const Instruction *oldpc; /* last pc traced */ + StkId stack_last; /* last free slot in the stack */ + StkId stack; /* stack base */ + UpVal *openupval; /* list of open upvalues in this stack */ +@@ -174,6 +173,7 @@ struct lua_State { + CallInfo base_ci; /* CallInfo for first level (C calling Lua) */ + volatile lua_Hook hook; + ptrdiff_t errfunc; /* current error handling function (stack index) */ ++ int oldpc; /* last pc traced */ + int stacksize; + int basehookcount; + int hookcount; +-- +2.13.3 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.5.bb b/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.5.bb deleted file mode 100644 index d3461b06de..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.5.bb +++ /dev/null @@ -1,68 +0,0 @@ -DESCRIPTION = "Lua is a powerful light-weight programming language designed \ -for extending applications." -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://doc/readme.html;beginline=318;endline=352;md5=60aa5cfdbd40086501778d9b6ebf29ee" -HOMEPAGE = "http://www.lua.org/" - -SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \ - file://lua.pc.in \ - file://0001-Allow-building-lua-without-readline-on-Linux.patch \ - file://CVE-2020-15888.patch \ - " - -# if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release. -PV_testsuites = "5.3.4" - -SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', \ - 'http://www.lua.org/tests/lua-${PV_testsuites}-tests.tar.gz;name=tarballtest \ - file://run-ptest \ - ', '', d)}" - -SRC_URI[tarballsrc.md5sum] = "4f4b4f323fd3514a68e0ab3da8ce3455" -SRC_URI[tarballsrc.sha256sum] = "0c2eed3f960446e1a3e4b9a1ca2f3ff893b6ce41942cf54d5dd59ab4b3b058ac" -SRC_URI[tarballtest.md5sum] = "b14fe3748c1cb2d74e3acd1943629ba3" -SRC_URI[tarballtest.sha256sum] = "b80771238271c72565e5a1183292ef31bd7166414cd0d43a8eb79845fa7f599f" - -inherit pkgconfig binconfig ptest - -PACKAGECONFIG ??= "readline" -PACKAGECONFIG[readline] = ",,readline" - -UCLIBC_PATCHES += "file://uclibc-pthread.patch" -SRC_URI_append_libc-uclibc = "${UCLIBC_PATCHES}" - -TARGET_CC_ARCH += " -fPIC ${LDFLAGS}" -EXTRA_OEMAKE = "'CC=${CC} -fPIC' 'MYCFLAGS=${CFLAGS} -fPIC' MYLDFLAGS='${LDFLAGS}'" - -do_configure_prepend() { - sed -i -e s:/usr/local:${prefix}:g src/luaconf.h - sed -i -e s:lib/lua/:${baselib}/lua/:g src/luaconf.h -} - -do_compile () { - oe_runmake ${@bb.utils.contains('PACKAGECONFIG', 'readline', 'linux', 'linux-no-readline', d)} -} - -do_install () { - oe_runmake \ - 'INSTALL_TOP=${D}${prefix}' \ - 'INSTALL_BIN=${D}${bindir}' \ - 'INSTALL_INC=${D}${includedir}/' \ - 'INSTALL_MAN=${D}${mandir}/man1' \ - 'INSTALL_SHARE=${D}${datadir}/lua' \ - 'INSTALL_LIB=${D}${libdir}' \ - 'INSTALL_CMOD=${D}${libdir}/lua/5.3' \ - install - install -d ${D}${libdir}/pkgconfig - - sed -e s/@VERSION@/${PV}/ ${WORKDIR}/lua.pc.in > ${WORKDIR}/lua.pc - install -m 0644 ${WORKDIR}/lua.pc ${D}${libdir}/pkgconfig/ - rmdir ${D}${datadir}/lua/5.3 - rmdir ${D}${datadir}/lua -} - -do_install_ptest () { - cp -R --no-dereference --preserve=mode,links -v ${WORKDIR}/lua-${PV_testsuites}-tests ${D}${PTEST_PATH}/test -} - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.6.bb b/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.6.bb new file mode 100644 index 0000000000..342ed1b547 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.6.bb @@ -0,0 +1,70 @@ +DESCRIPTION = "Lua is a powerful light-weight programming language designed \ +for extending applications." +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://doc/readme.html;beginline=318;endline=352;md5=f43d8ee6bc4df18ef8b276439cc4a153" +HOMEPAGE = "http://www.lua.org/" + +SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \ + file://lua.pc.in \ + file://0001-Allow-building-lua-without-readline-on-Linux.patch \ + file://CVE-2020-15888.patch \ + file://CVE-2020-15945.patch \ + file://0001-Fixed-bug-barriers-cannot-be-active-during-sweep.patch \ + " + +# if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release. +PV_testsuites = "5.3.4" + +SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', \ + 'http://www.lua.org/tests/lua-${PV_testsuites}-tests.tar.gz;name=tarballtest \ + file://run-ptest \ + ', '', d)}" + +SRC_URI[tarballsrc.md5sum] = "83f23dbd5230140a3770d5f54076948d" +SRC_URI[tarballsrc.sha256sum] = "fc5fd69bb8736323f026672b1b7235da613d7177e72558893a0bdcd320466d60" +SRC_URI[tarballtest.md5sum] = "b14fe3748c1cb2d74e3acd1943629ba3" +SRC_URI[tarballtest.sha256sum] = "b80771238271c72565e5a1183292ef31bd7166414cd0d43a8eb79845fa7f599f" + +inherit pkgconfig binconfig ptest + +PACKAGECONFIG ??= "readline" +PACKAGECONFIG[readline] = ",,readline" + +UCLIBC_PATCHES += "file://uclibc-pthread.patch" +SRC_URI_append_libc-uclibc = "${UCLIBC_PATCHES}" + +TARGET_CC_ARCH += " -fPIC ${LDFLAGS}" +EXTRA_OEMAKE = "'CC=${CC} -fPIC' 'MYCFLAGS=${CFLAGS} -fPIC' MYLDFLAGS='${LDFLAGS}'" + +do_configure_prepend() { + sed -i -e s:/usr/local:${prefix}:g src/luaconf.h + sed -i -e s:lib/lua/:${baselib}/lua/:g src/luaconf.h +} + +do_compile () { + oe_runmake ${@bb.utils.contains('PACKAGECONFIG', 'readline', 'linux', 'linux-no-readline', d)} +} + +do_install () { + oe_runmake \ + 'INSTALL_TOP=${D}${prefix}' \ + 'INSTALL_BIN=${D}${bindir}' \ + 'INSTALL_INC=${D}${includedir}/' \ + 'INSTALL_MAN=${D}${mandir}/man1' \ + 'INSTALL_SHARE=${D}${datadir}/lua' \ + 'INSTALL_LIB=${D}${libdir}' \ + 'INSTALL_CMOD=${D}${libdir}/lua/5.3' \ + install + install -d ${D}${libdir}/pkgconfig + + sed -e s/@VERSION@/${PV}/ ${WORKDIR}/lua.pc.in > ${WORKDIR}/lua.pc + install -m 0644 ${WORKDIR}/lua.pc ${D}${libdir}/pkgconfig/ + rmdir ${D}${datadir}/lua/5.3 + rmdir ${D}${datadir}/lua +} + +do_install_ptest () { + cp -R --no-dereference --preserve=mode,links -v ${WORKDIR}/lua-${PV_testsuites}-tests ${D}${PTEST_PATH}/test +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/CVE-2019-14274.patch b/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/CVE-2019-14274.patch new file mode 100644 index 0000000000..a0c6584ecb --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/CVE-2019-14274.patch @@ -0,0 +1,34 @@ +From ea453aca2742be6ac43ba4ce0da6f938a7e5a5d8 Mon Sep 17 00:00:00 2001 +From: He Liu +Date: Tue, 4 Feb 2014 11:00:40 -0800 +Subject: [PATCH] line comment bug + +--- + src/support.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/support.c b/src/support.c +index c57eaef..e3357e4 100644 +--- a/src/support.c ++++ b/src/support.c +@@ -188,7 +188,7 @@ static char * append_to_buffer( + size_t length + ) + { +- if (mem_buf_p->bytes_avail < length) { /* Need to allocate more memory */ ++ if (mem_buf_p->bytes_avail < length + 1) { /* Need to allocate more memory */ + size_t size = MAX( BUF_INCR_SIZE, length); + + if (mem_buf_p->buffer == NULL) { /* 1st append */ +@@ -1722,6 +1722,8 @@ com_start: + sp -= 2; + while (*sp != '\n') /* Until end of line */ + mcpp_fputc( *sp++, OUT); ++ mcpp_fputc('\n', OUT); ++ wrong_line = TRUE; + } + goto end_line; + default: /* Not a comment */ +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/ice-mcpp.patch b/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/ice-mcpp.patch index 8103cf0920..1df3ae55bc 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/ice-mcpp.patch +++ b/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/ice-mcpp.patch @@ -114,37 +114,6 @@ diff -r -c -N ../mcpp-2.7.2-old/src/main.c ./src/main.c } int mcpp_lib_main -diff -r -c -N ../mcpp-2.7.2-old/src/support.c ./src/support.c -*** ../mcpp-2.7.2-old/src/support.c Tue Jun 10 06:02:33 2008 ---- ./src/support.c Fri May 14 12:40:56 2010 -*************** -*** 188,194 **** - size_t length - ) - { -! if (mem_buf_p->bytes_avail < length) { /* Need to allocate more memory */ - size_t size = MAX( BUF_INCR_SIZE, length); - - if (mem_buf_p->buffer == NULL) { /* 1st append */ ---- 188,194 ---- - size_t length - ) - { -! if (mem_buf_p->bytes_avail < length + 1) { /* Need to allocate more memory */ - size_t size = MAX( BUF_INCR_SIZE, length); - - if (mem_buf_p->buffer == NULL) { /* 1st append */ -*************** -*** 1722,1727 **** ---- 1722,1729 ---- - sp -= 2; - while (*sp != '\n') /* Until end of line */ - mcpp_fputc( *sp++, OUT); -+ mcpp_fputc( '\n', OUT); -+ wrong_line = TRUE; - } - goto end_line; - default: /* Not a comment */ diff -r -c -N ../mcpp-2.7.2-old/src/system.c ./src/system.c *** ../mcpp-2.7.2-old/src/system.c 2008-11-26 10:53:51.000000000 +0100 --- ./src/system.c 2011-02-21 16:18:05.678058106 +0100 diff --git a/meta-openembedded/meta-oe/recipes-devtools/mcpp/mcpp_2.7.2.bb b/meta-openembedded/meta-oe/recipes-devtools/mcpp/mcpp_2.7.2.bb index b5ca495663..f8125f72d9 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/mcpp/mcpp_2.7.2.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/mcpp/mcpp_2.7.2.bb @@ -4,7 +4,8 @@ LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=5ca370b75ec890321888a00cea9bc1d5" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \ - file://ice-mcpp.patch " + file://ice-mcpp.patch \ + file://CVE-2019-14274.patch" SRC_URI[md5sum] = "512de48c87ab023a69250edc7a0c7b05" SRC_URI[sha256sum] = "3b9b4421888519876c4fc68ade324a3bbd81ceeb7092ecdbbc2055099fcb8864" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch new file mode 100644 index 0000000000..a23f1c243e --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch @@ -0,0 +1,53 @@ +From be8d3cd6eab4b8f9849133060abb1aba4400276b Mon Sep 17 00:00:00 2001 +From: Amy Huang +Date: Thu, 23 Apr 2020 11:25:53 -0700 +Subject: [PATCH] Remove use of register r7 because llvm now issues an error + when "r7" is used (starting in commit d85b3877) + +Bug: chromium:1073270 +Change-Id: I7ec8112f170b98d2edaf92bc9341e738f8de07a3 +Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2163435 +Reviewed-by: Nico Weber +Reviewed-by: Ross McIlroy +Commit-Queue: Nico Weber +Cr-Commit-Position: refs/heads/master@{#67371} +Signed-off-by: Khem Raj +--- +Upstream-Status: Backport [https://chromium.googlesource.com/v8/v8/+/00604cd2806b5d26bef592dd19989a234bd07a4b%5E%21/] + deps/v8/src/codegen/arm/cpu-arm.cc | 13 ------------- + 1 file changed, 13 deletions(-) + +diff --git a/deps/v8/src/codegen/arm/cpu-arm.cc b/deps/v8/src/codegen/arm/cpu-arm.cc +index 868f360..654d68f 100644 +--- a/deps/v8/src/codegen/arm/cpu-arm.cc ++++ b/deps/v8/src/codegen/arm/cpu-arm.cc +@@ -30,18 +30,6 @@ V8_NOINLINE void CpuFeatures::FlushICache(void* start, size_t size) { + register uint32_t end asm("r1") = beg + size; + register uint32_t flg asm("r2") = 0; + +-#ifdef __clang__ +- // This variant of the asm avoids a constant pool entry, which can be +- // problematic when LTO'ing. It is also slightly shorter. +- register uint32_t scno asm("r7") = __ARM_NR_cacheflush; +- +- asm volatile("svc 0\n" +- : +- : "r"(beg), "r"(end), "r"(flg), "r"(scno) +- : "memory"); +-#else +- // Use a different variant of the asm with GCC because some versions doesn't +- // support r7 as an asm input. + asm volatile( + // This assembly works for both ARM and Thumb targets. + +@@ -59,7 +47,6 @@ V8_NOINLINE void CpuFeatures::FlushICache(void* start, size_t size) { + : "r"(beg), "r"(end), "r"(flg), [scno] "i"(__ARM_NR_cacheflush) + : "memory"); + #endif +-#endif + #endif // !USE_SIMULATOR + } + +-- +2.29.2 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-build-allow-passing-multiple-libs-to-pkg_config.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-build-allow-passing-multiple-libs-to-pkg_config.patch deleted file mode 100644 index 13edf229b3..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-build-allow-passing-multiple-libs-to-pkg_config.patch +++ /dev/null @@ -1,41 +0,0 @@ -From fdaa0e3bef93c5c72a7258b5f1e30718e7d81f9b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= -Date: Mon, 2 Mar 2020 12:17:09 +0000 -Subject: [PATCH 1/2] build: allow passing multiple libs to pkg_config -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Sometimes it's necessary to pass multiple library names to pkg-config, -e.g. the brotli shared libraries can be pulled in with - pkg-config libbrotlienc libbrotlidec - -Update the code to handle both, strings (as used so far), and lists -of strings. - -Signed-off-by: André Draszik ---- -Upstream-Status: Submitted [https://github.com/nodejs/node/pull/32046] - configure.py | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/configure.py b/configure.py -index beb08df088..e3f78f2fed 100755 ---- a/configure.py -+++ b/configure.py -@@ -680,7 +680,11 @@ def pkg_config(pkg): - retval = () - for flag in ['--libs-only-l', '--cflags-only-I', - '--libs-only-L', '--modversion']: -- args += [flag, pkg] -+ args += [flag] -+ if isinstance(pkg, list): -+ args += pkg -+ else: -+ args += [pkg] - try: - proc = subprocess.Popen(shlex.split(pkg_config) + args, - stdout=subprocess.PIPE) --- -2.25.0 - diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-build-allow-use-of-system-installed-brotli.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-build-allow-use-of-system-installed-brotli.patch deleted file mode 100644 index fc038f3aae..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-build-allow-use-of-system-installed-brotli.patch +++ /dev/null @@ -1,66 +0,0 @@ -From f0f927feee8cb1fb173835d5c3f6beb6bf7d5e54 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= -Date: Mon, 2 Mar 2020 12:17:35 +0000 -Subject: [PATCH 2/2] build: allow use of system-installed brotli -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -brotli is available as a shared library since 2016, so it makes sense -to allow its use as a system-installed version. - -Some of the infrastructure was in place already (node.gyp and -node.gypi), but some bits in the configure script here were missing. - -Add them, keeping the default as before, to use the bundled version. - -Refs: https://github.com/google/brotli/pull/421 -Signed-off-by: André Draszik ---- -Upstream-Status: Submitted [https://github.com/nodejs/node/pull/32046] - configure.py | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/configure.py b/configure.py -index e3f78f2fed..0190e31b41 100755 ---- a/configure.py -+++ b/configure.py -@@ -301,6 +301,27 @@ shared_optgroup.add_option('--shared-zlib-libpath', - dest='shared_zlib_libpath', - help='a directory to search for the shared zlib DLL') - -+shared_optgroup.add_option('--shared-brotli', -+ action='store_true', -+ dest='shared_brotli', -+ help='link to a shared brotli DLL instead of static linking') -+ -+shared_optgroup.add_option('--shared-brotli-includes', -+ action='store', -+ dest='shared_brotli_includes', -+ help='directory containing brotli header files') -+ -+shared_optgroup.add_option('--shared-brotli-libname', -+ action='store', -+ dest='shared_brotli_libname', -+ default='brotlidec,brotlienc', -+ help='alternative lib name to link to [default: %default]') -+ -+shared_optgroup.add_option('--shared-brotli-libpath', -+ action='store', -+ dest='shared_brotli_libpath', -+ help='a directory to search for the shared brotli DLL') -+ - shared_optgroup.add_option('--shared-cares', - action='store_true', - dest='shared_cares', -@@ -1692,6 +1713,7 @@ configure_napi(output) - configure_library('zlib', output) - configure_library('http_parser', output) - configure_library('libuv', output) -+configure_library('brotli', output, pkgname=['libbrotlidec', 'libbrotlienc']) - configure_library('cares', output, pkgname='libcares') - configure_library('nghttp2', output, pkgname='libnghttp2') - configure_v8(output) --- -2.25.0 - diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0003-Install-both-binaries-and-use-libdir.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0003-Install-both-binaries-and-use-libdir.patch index 599f742b2f..92386fa779 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0003-Install-both-binaries-and-use-libdir.patch +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0003-Install-both-binaries-and-use-libdir.patch @@ -20,11 +20,9 @@ Signed-off-by: Andreas Müller tools/install.py | 31 ++++++++++++++----------------- 2 files changed, 21 insertions(+), 17 deletions(-) -diff --git a/configure.py b/configure.py -index 20cce214db..e2d78a2a51 100755 --- a/configure.py +++ b/configure.py -@@ -559,6 +559,12 @@ parser.add_option('--shared', +@@ -602,6 +602,12 @@ parser.add_option('--shared', help='compile shared library for embedding node in another project. ' + '(This mode is not officially supported for regular applications)') @@ -37,16 +35,14 @@ index 20cce214db..e2d78a2a51 100755 parser.add_option('--without-v8-platform', action='store_true', dest='without_v8_platform', -@@ -1103,6 +1109,7 @@ def configure_node(o): - if o['variables']['want_separate_host_toolset'] == 0: - o['variables']['node_code_cache'] = 'yes' # For testing +@@ -1168,6 +1174,7 @@ def configure_node(o): + o['variables']['node_no_browser_globals'] = b(options.no_browser_globals) + o['variables']['node_shared'] = b(options.shared) + o['variables']['libdir'] = options.libdir node_module_version = getmoduleversion.get_version() - if sys.platform == 'darwin': -diff --git a/tools/install.py b/tools/install.py -index 655802980a..fe4723bf15 100755 + if options.dest_os == 'android': --- a/tools/install.py +++ b/tools/install.py @@ -121,26 +121,23 @@ def subdir_files(path, dest, action): @@ -72,24 +68,20 @@ index 655802980a..fe4723bf15 100755 - # in its source - see the _InstallableTargetInstallPath function. - if sys.platform != 'darwin': - output_prefix += 'lib.target/' -- -- if 'false' == variables.get('node_shared'): -- action([output_prefix + output_file], 'bin/' + output_file) -- else: -- action([output_prefix + output_file], 'lib/' + output_file) + output_bin = 'node' + output_lib = 'libnode.' + variables.get('shlib_suffix') + # GYP will output to lib.target except on OS X, this is hardcoded + # in its source - see the _InstallableTargetInstallPath function. + if sys.platform != 'darwin': + output_libprefix += 'lib.target/' -+ + +- if 'false' == variables.get('node_shared'): +- action([output_prefix + output_file], 'bin/' + output_file) +- else: +- action([output_prefix + output_file], 'lib/' + output_file) + action([output_prefix + output_bin], 'bin/' + output_bin) + if 'true' == variables.get('node_shared'): + action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib) if 'true' == variables.get('node_use_dtrace'): action(['out/Release/node.d'], 'lib/dtrace/node.d') --- -2.20.1 - diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.14.1.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.14.1.bb deleted file mode 100644 index d468fb3ffa..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.14.1.bb +++ /dev/null @@ -1,163 +0,0 @@ -DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" -HOMEPAGE = "http://nodejs.org" -LICENSE = "MIT & BSD & Artistic-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=be4d5107c64dc3d7c57e3797e1a0674b" - -DEPENDS = "openssl" -DEPENDS_append_class-target = " nodejs-native" - -inherit pkgconfig python3native - -COMPATIBLE_MACHINE_armv4 = "(!.*armv4).*" -COMPATIBLE_MACHINE_armv5 = "(!.*armv5).*" -COMPATIBLE_MACHINE_mips64 = "(!.*mips64).*" - -COMPATIBLE_HOST_riscv64 = "null" -COMPATIBLE_HOST_riscv32 = "null" - -SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ - file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ - file://0003-Install-both-binaries-and-use-libdir.patch \ - file://0004-v8-don-t-override-ARM-CFLAGS.patch \ - file://big-endian.patch \ - file://0001-build-allow-passing-multiple-libs-to-pkg_config.patch \ - file://0002-build-allow-use-of-system-installed-brotli.patch \ - file://mips-warnings.patch \ - " -SRC_URI_append_class-target = " \ - file://0002-Using-native-binaries.patch \ - " - -SRC_URI[md5sum] = "1c78a75f5c95321f533ecccca695e814" -SRC_URI[sha256sum] = "877b4b842318b0e09bc754faf7343f2f097f0fc4f88ab9ae57cf9944e88e7adb" - -S = "${WORKDIR}/node-v${PV}" - -# v8 errors out if you have set CCACHE -CCACHE = "" - -def map_nodejs_arch(a, d): - import re - - if re.match('i.86$', a): return 'ia32' - elif re.match('x86_64$', a): return 'x64' - elif re.match('aarch64$', a): return 'arm64' - elif re.match('(powerpc64|ppc64le)$', a): return 'ppc64' - elif re.match('powerpc$', a): return 'ppc' - return a - -ARCHFLAGS_arm = "${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', '--with-arm-float-abi=hard', '--with-arm-float-abi=softfp', d)} \ - ${@bb.utils.contains('TUNE_FEATURES', 'neon', '--with-arm-fpu=neon', \ - bb.utils.contains('TUNE_FEATURES', 'vfpv3d16', '--with-arm-fpu=vfpv3-d16', \ - bb.utils.contains('TUNE_FEATURES', 'vfpv3', '--with-arm-fpu=vfpv3', \ - '--with-arm-fpu=vfp', d), d), d)}" -GYP_DEFINES_append_mipsel = " mips_arch_variant='r1' " -ARCHFLAGS ?= "" - -PACKAGECONFIG ??= "ares brotli icu libuv zlib" -PACKAGECONFIG[ares] = "--shared-cares,,c-ares" -PACKAGECONFIG[brotli] = "--shared-brotli,,brotli" -PACKAGECONFIG[icu] = "--with-intl=system-icu,--without-intl,icu" -PACKAGECONFIG[libuv] = "--shared-libuv,,libuv" -PACKAGECONFIG[nghttp2] = "--shared-nghttp2,,nghttp2" -PACKAGECONFIG[shared] = "--shared" -PACKAGECONFIG[zlib] = "--shared-zlib,,zlib" - -# We don't want to cross-compile during target compile, -# and we need to use the right flags during host compile, -# too. -EXTRA_OEMAKE = "\ - CC.host='${CC}' \ - CFLAGS.host='${CPPFLAGS} ${CFLAGS}' \ - CXX.host='${CXX}' \ - CXXFLAGS.host='${CPPFLAGS} ${CXXFLAGS}' \ - LDFLAGS.host='${LDFLAGS}' \ - AR.host='${AR}' \ - \ - builddir_name=./ \ -" - -python do_unpack() { - import shutil - - bb.build.exec_func('base_do_unpack', d) - - shutil.rmtree(d.getVar('S') + '/deps/openssl', True) - if 'ares' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/cares', True) - if 'brotli' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/brotli', True) - if 'libuv' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/uv', True) - if 'nghttp2' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/nghttp2', True) - if 'zlib' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/zlib', True) -} - -# Node is way too cool to use proper autotools, so we install two wrappers to forcefully inject proper arch cflags to workaround gypi -do_configure () { - export LD="${CXX}" - GYP_DEFINES="${GYP_DEFINES}" export GYP_DEFINES - # $TARGET_ARCH settings don't match --dest-cpu settings - python3 configure.py --prefix=${prefix} --cross-compiling --without-snapshot --shared-openssl \ - --without-dtrace \ - --without-etw \ - --dest-cpu="${@map_nodejs_arch(d.getVar('TARGET_ARCH'), d)}" \ - --dest-os=linux \ - --libdir=${D}${libdir} \ - ${ARCHFLAGS} \ - ${PACKAGECONFIG_CONFARGS} -} - -do_compile () { - export LD="${CXX}" - oe_runmake BUILDTYPE=Release -} - -do_install () { - oe_runmake install DESTDIR=${D} - - # wasn't updated since 2009 and is the only thing requiring python2 in runtime - # ERROR: nodejs-12.14.1-r0 do_package_qa: QA Issue: /usr/lib/node_modules/npm/node_modules/node-gyp/gyp/samples/samples contained in package nodejs-npm requires /usr/bin/python, but no providers found in RDEPENDS_nodejs-npm? [file-rdeps] - rm -f ${D}${exec_prefix}/lib/node_modules/npm/node_modules/node-gyp/gyp/samples/samples -} - -do_install_append_class-native() { - # use node from PATH instead of absolute path to sysroot - # node-v0.10.25/tools/install.py is using: - # shebang = os.path.join(node_prefix, 'bin/node') - # update_shebang(link_path, shebang) - # and node_prefix can be very long path to bindir in native sysroot and - # when it exceeds 128 character shebang limit it's stripped to incorrect path - # and npm fails to execute like in this case with 133 characters show in log.do_install: - # updating shebang of /home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/work/x86_64-linux/nodejs-native/0.10.15-r0/image/home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/sysroots/x86_64-linux/usr/bin/npm to /home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/sysroots/x86_64-linux/usr/bin/node - # /usr/bin/npm is symlink to /usr/lib/node_modules/npm/bin/npm-cli.js - # use sed on npm-cli.js because otherwise symlink is replaced with normal file and - # npm-cli.js continues to use old shebang - sed "1s^.*^#\!/usr/bin/env node^g" -i ${D}${exec_prefix}/lib/node_modules/npm/bin/npm-cli.js - - # Install the native binaries to provide it within sysroot for the target compilation - install -d ${D}${bindir} - install -m 0755 ${S}/out/Release/torque ${D}${bindir}/torque - install -m 0755 ${S}/out/Release/bytecode_builtins_list_generator ${D}${bindir}/bytecode_builtins_list_generator - if ${@bb.utils.contains('PACKAGECONFIG','icu','true','false',d)}; then - install -m 0755 ${S}/out/Release/gen-regexp-special-case ${D}${bindir}/gen-regexp-special-case - fi - install -m 0755 ${S}/out/Release/mkcodecache ${D}${bindir}/mkcodecache - install -m 0755 ${S}/out/Release/node_mksnapshot ${D}${bindir}/node_mksnapshot -} - -do_install_append_class-target() { - sed "1s^.*^#\!${bindir}/env node^g" -i ${D}${exec_prefix}/lib/node_modules/npm/bin/npm-cli.js -} - -PACKAGES =+ "${PN}-npm" -FILES_${PN}-npm = "${exec_prefix}/lib/node_modules ${bindir}/npm ${bindir}/npx" -RDEPENDS_${PN}-npm = "bash python3-core python3-shell python3-datetime \ - python3-misc python3-multiprocessing" - -PACKAGES =+ "${PN}-systemtap" -FILES_${PN}-systemtap = "${datadir}/systemtap" - -BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.20.1.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.20.1.bb new file mode 100644 index 0000000000..0673a3202d --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.20.1.bb @@ -0,0 +1,161 @@ +DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" +HOMEPAGE = "http://nodejs.org" +LICENSE = "MIT & BSD & Artistic-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=8c66ff8861d9f96076a7cb61e3d75f54" + +DEPENDS = "openssl" +DEPENDS_append_class-target = " nodejs-native" + +inherit pkgconfig python3native + +COMPATIBLE_MACHINE_armv4 = "(!.*armv4).*" +COMPATIBLE_MACHINE_armv5 = "(!.*armv5).*" +COMPATIBLE_MACHINE_mips64 = "(!.*mips64).*" + +COMPATIBLE_HOST_riscv64 = "null" +COMPATIBLE_HOST_riscv32 = "null" + +SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ + file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ + file://0003-Install-both-binaries-and-use-libdir.patch \ + file://0004-v8-don-t-override-ARM-CFLAGS.patch \ + file://big-endian.patch \ + file://mips-warnings.patch \ + file://0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch \ + " +SRC_URI_append_class-target = " \ + file://0002-Using-native-binaries.patch \ + " +SRC_URI[sha256sum] = "e00eee325d705b2bfa9929b7d061eb2315402d7e8548945eac9870bf84321853" + +S = "${WORKDIR}/node-v${PV}" + +# v8 errors out if you have set CCACHE +CCACHE = "" + +def map_nodejs_arch(a, d): + import re + + if re.match('i.86$', a): return 'ia32' + elif re.match('x86_64$', a): return 'x64' + elif re.match('aarch64$', a): return 'arm64' + elif re.match('(powerpc64|ppc64le)$', a): return 'ppc64' + elif re.match('powerpc$', a): return 'ppc' + return a + +ARCHFLAGS_arm = "${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', '--with-arm-float-abi=hard', '--with-arm-float-abi=softfp', d)} \ + ${@bb.utils.contains('TUNE_FEATURES', 'neon', '--with-arm-fpu=neon', \ + bb.utils.contains('TUNE_FEATURES', 'vfpv3d16', '--with-arm-fpu=vfpv3-d16', \ + bb.utils.contains('TUNE_FEATURES', 'vfpv3', '--with-arm-fpu=vfpv3', \ + '--with-arm-fpu=vfp', d), d), d)}" +GYP_DEFINES_append_mipsel = " mips_arch_variant='r1' " +ARCHFLAGS ?= "" + +PACKAGECONFIG ??= "ares brotli icu zlib" + +PACKAGECONFIG[ares] = "--shared-cares,,c-ares" +PACKAGECONFIG[brotli] = "--shared-brotli,,brotli" +PACKAGECONFIG[icu] = "--with-intl=system-icu,--without-intl,icu" +PACKAGECONFIG[libuv] = "--shared-libuv,,libuv" +PACKAGECONFIG[nghttp2] = "--shared-nghttp2,,nghttp2" +PACKAGECONFIG[shared] = "--shared" +PACKAGECONFIG[zlib] = "--shared-zlib,,zlib" + +# We don't want to cross-compile during target compile, +# and we need to use the right flags during host compile, +# too. +EXTRA_OEMAKE = "\ + CC.host='${CC}' \ + CFLAGS.host='${CPPFLAGS} ${CFLAGS}' \ + CXX.host='${CXX}' \ + CXXFLAGS.host='${CPPFLAGS} ${CXXFLAGS}' \ + LDFLAGS.host='${LDFLAGS}' \ + AR.host='${AR}' \ + \ + builddir_name=./ \ +" + +python do_unpack() { + import shutil + + bb.build.exec_func('base_do_unpack', d) + + shutil.rmtree(d.getVar('S') + '/deps/openssl', True) + if 'ares' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/cares', True) + if 'brotli' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/brotli', True) + if 'libuv' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/uv', True) + if 'nghttp2' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/nghttp2', True) + if 'zlib' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/zlib', True) +} + +# Node is way too cool to use proper autotools, so we install two wrappers to forcefully inject proper arch cflags to workaround gypi +do_configure () { + export LD="${CXX}" + GYP_DEFINES="${GYP_DEFINES}" export GYP_DEFINES + # $TARGET_ARCH settings don't match --dest-cpu settings + python3 configure.py --prefix=${prefix} --cross-compiling --without-snapshot --shared-openssl \ + --without-dtrace \ + --without-etw \ + --dest-cpu="${@map_nodejs_arch(d.getVar('TARGET_ARCH'), d)}" \ + --dest-os=linux \ + --libdir=${D}${libdir} \ + ${ARCHFLAGS} \ + ${PACKAGECONFIG_CONFARGS} +} + +do_compile () { + export LD="${CXX}" + oe_runmake BUILDTYPE=Release +} + +do_install () { + oe_runmake install DESTDIR=${D} + + # wasn't updated since 2009 and is the only thing requiring python2 in runtime + # ERROR: nodejs-12.14.1-r0 do_package_qa: QA Issue: /usr/lib/node_modules/npm/node_modules/node-gyp/gyp/samples/samples contained in package nodejs-npm requires /usr/bin/python, but no providers found in RDEPENDS_nodejs-npm? [file-rdeps] + rm -f ${D}${exec_prefix}/lib/node_modules/npm/node_modules/node-gyp/gyp/samples/samples +} + +do_install_append_class-native() { + # use node from PATH instead of absolute path to sysroot + # node-v0.10.25/tools/install.py is using: + # shebang = os.path.join(node_prefix, 'bin/node') + # update_shebang(link_path, shebang) + # and node_prefix can be very long path to bindir in native sysroot and + # when it exceeds 128 character shebang limit it's stripped to incorrect path + # and npm fails to execute like in this case with 133 characters show in log.do_install: + # updating shebang of /home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/work/x86_64-linux/nodejs-native/0.10.15-r0/image/home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/sysroots/x86_64-linux/usr/bin/npm to /home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/sysroots/x86_64-linux/usr/bin/node + # /usr/bin/npm is symlink to /usr/lib/node_modules/npm/bin/npm-cli.js + # use sed on npm-cli.js because otherwise symlink is replaced with normal file and + # npm-cli.js continues to use old shebang + sed "1s^.*^#\!/usr/bin/env node^g" -i ${D}${exec_prefix}/lib/node_modules/npm/bin/npm-cli.js + + # Install the native binaries to provide it within sysroot for the target compilation + install -d ${D}${bindir} + install -m 0755 ${S}/out/Release/torque ${D}${bindir}/torque + install -m 0755 ${S}/out/Release/bytecode_builtins_list_generator ${D}${bindir}/bytecode_builtins_list_generator + if ${@bb.utils.contains('PACKAGECONFIG','icu','true','false',d)}; then + install -m 0755 ${S}/out/Release/gen-regexp-special-case ${D}${bindir}/gen-regexp-special-case + fi + install -m 0755 ${S}/out/Release/mkcodecache ${D}${bindir}/mkcodecache + install -m 0755 ${S}/out/Release/node_mksnapshot ${D}${bindir}/node_mksnapshot +} + +do_install_append_class-target() { + sed "1s^.*^#\!${bindir}/env node^g" -i ${D}${exec_prefix}/lib/node_modules/npm/bin/npm-cli.js +} + +PACKAGES =+ "${PN}-npm" +FILES_${PN}-npm = "${exec_prefix}/lib/node_modules ${bindir}/npm ${bindir}/npx" +RDEPENDS_${PN}-npm = "bash python3-core python3-shell python3-datetime \ + python3-misc python3-multiprocessing" + +PACKAGES =+ "${PN}-systemtap" +FILES_${PN}-systemtap = "${datadir}/systemtap" + +BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7069.patch b/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7069.patch new file mode 100644 index 0000000000..0cf4d5ed60 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7069.patch @@ -0,0 +1,158 @@ +Subject: Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption + for a 12 bytes IV) + +--- + ext/openssl/openssl.c | 10 ++++----- + ext/openssl/tests/cipher_tests.inc | 21 +++++++++++++++++ + ext/openssl/tests/openssl_decrypt_ccm.phpt | 22 +++++++++++------- + ext/openssl/tests/openssl_encrypt_ccm.phpt | 26 ++++++++++++++-------- + 4 files changed, 57 insertions(+), 22 deletions(-) + +diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c +index 04cb9b0f..fdad2c3b 100644 +--- a/ext/openssl/openssl.c ++++ b/ext/openssl/openssl.c +@@ -6521,11 +6521,6 @@ static int php_openssl_validate_iv(char **piv, size_t *piv_len, size_t iv_requir + { + char *iv_new; + +- /* Best case scenario, user behaved */ +- if (*piv_len == iv_required_len) { +- return SUCCESS; +- } +- + if (mode->is_aead) { + if (EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_ivlen_flag, *piv_len, NULL) != 1) { + php_error_docref(NULL, E_WARNING, "Setting of IV length for AEAD mode failed"); +@@ -6534,6 +6529,11 @@ static int php_openssl_validate_iv(char **piv, size_t *piv_len, size_t iv_requir + return SUCCESS; + } + ++ /* Best case scenario, user behaved */ ++ if (*piv_len == iv_required_len) { ++ return SUCCESS; ++ } ++ + iv_new = ecalloc(1, iv_required_len + 1); + + if (*piv_len == 0) { +diff --git a/ext/openssl/tests/cipher_tests.inc b/ext/openssl/tests/cipher_tests.inc +index b1e46b41..779bfa85 100644 +--- a/ext/openssl/tests/cipher_tests.inc ++++ b/ext/openssl/tests/cipher_tests.inc +@@ -1,5 +1,26 @@ + array( ++ array( ++ 'key' => '404142434445464748494a4b4c4d4e4f', ++ 'iv' => '1011121314151617', ++ 'aad' => '000102030405060708090a0b0c0d0e0f', ++ 'tag' => '1fc64fbfaccd', ++ 'pt' => '202122232425262728292a2b2c2d2e2f', ++ 'ct' => 'd2a1f0e051ea5f62081a7792073d593d', ++ ), ++ array( ++ 'key' => '404142434445464748494a4b4c4d4e4f', ++ 'iv' => '101112131415161718191a1b', ++ 'aad' => '000102030405060708090a0b0c0d0e0f' . ++ '10111213', ++ 'tag' => '484392fbc1b09951', ++ 'pt' => '202122232425262728292a2b2c2d2e2f' . ++ '3031323334353637', ++ 'ct' => 'e3b201a9f5b71a7a9b1ceaeccd97e70b' . ++ '6176aad9a4428aa5', ++ ), ++ ), + 'aes-256-ccm' => array( + array( + 'key' => '1bde3251d41a8b5ea013c195ae128b21' . +diff --git a/ext/openssl/tests/openssl_decrypt_ccm.phpt b/ext/openssl/tests/openssl_decrypt_ccm.phpt +index a5f01b87..08ef5bb7 100644 +--- a/ext/openssl/tests/openssl_decrypt_ccm.phpt ++++ b/ext/openssl/tests/openssl_decrypt_ccm.phpt +@@ -10,14 +10,16 @@ if (!in_array('aes-256-ccm', openssl_get_cipher_methods())) + --FILE-- + $test) { +- echo "TEST $idx\n"; +- $pt = openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA, +- $test['iv'], $test['tag'], $test['aad']); +- var_dump($test['pt'] === $pt); ++foreach ($methods as $method) { ++ $tests = openssl_get_cipher_tests($method); ++ foreach ($tests as $idx => $test) { ++ echo "$method - TEST $idx\n"; ++ $pt = openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA, ++ $test['iv'], $test['tag'], $test['aad']); ++ var_dump($test['pt'] === $pt); ++ } + } + + // no IV +@@ -32,7 +34,11 @@ var_dump(openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA, + + ?> + --EXPECTF-- +-TEST 0 ++aes-128-ccm - TEST 0 ++bool(true) ++aes-128-ccm - TEST 1 ++bool(true) ++aes-256-ccm - TEST 0 + bool(true) + + Warning: openssl_decrypt(): Setting of IV length for AEAD mode failed in %s on line %d +diff --git a/ext/openssl/tests/openssl_encrypt_ccm.phpt b/ext/openssl/tests/openssl_encrypt_ccm.phpt +index fb5dbbc8..8c4c41f8 100644 +--- a/ext/openssl/tests/openssl_encrypt_ccm.phpt ++++ b/ext/openssl/tests/openssl_encrypt_ccm.phpt +@@ -10,15 +10,17 @@ if (!in_array('aes-256-ccm', openssl_get_cipher_methods())) + --FILE-- + $test) { +- echo "TEST $idx\n"; +- $ct = openssl_encrypt($test['pt'], $method, $test['key'], OPENSSL_RAW_DATA, +- $test['iv'], $tag, $test['aad'], strlen($test['tag'])); +- var_dump($test['ct'] === $ct); +- var_dump($test['tag'] === $tag); ++foreach ($methods as $method) { ++ $tests = openssl_get_cipher_tests($method); ++ foreach ($tests as $idx => $test) { ++ echo "$method - TEST $idx\n"; ++ $ct = openssl_encrypt($test['pt'], $method, $test['key'], OPENSSL_RAW_DATA, ++ $test['iv'], $tag, $test['aad'], strlen($test['tag'])); ++ var_dump($test['ct'] === $ct); ++ var_dump($test['tag'] === $tag); ++ } + } + + // Empty IV error +@@ -32,7 +34,13 @@ var_dump(strlen($tag)); + var_dump(openssl_encrypt('data', $method, 'password', 0, str_repeat('x', 16), $tag, '', 1024)); + ?> + --EXPECTF-- +-TEST 0 ++aes-128-ccm - TEST 0 ++bool(true) ++bool(true) ++aes-128-ccm - TEST 1 ++bool(true) ++bool(true) ++aes-256-ccm - TEST 0 + bool(true) + bool(true) + +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch b/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch new file mode 100644 index 0000000000..e5b527f989 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch @@ -0,0 +1,24 @@ +Subject: Patch fix-urldecode for HTTP related Bug #79699 + +--- + main/php_variables.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/main/php_variables.c b/main/php_variables.c +index 1a40c2a1..cbdc7cf1 100644 +--- a/main/php_variables.c ++++ b/main/php_variables.c +@@ -514,7 +514,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data) + } + + val = estrndup(val, val_len); +- php_url_decode(var, strlen(var)); ++ if (arg != PARSE_COOKIE) { ++ php_url_decode(var, strlen(var)); ++ } + if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) { + php_register_variable_safe(var, val, new_val_len, &array); + } +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php/debian-php-fixheader.patch b/meta-openembedded/meta-oe/recipes-devtools/php/php/debian-php-fixheader.patch old mode 100755 new mode 100644 index 21050f7605..a4804d1849 --- a/meta-openembedded/meta-oe/recipes-devtools/php/php/debian-php-fixheader.patch +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php/debian-php-fixheader.patch @@ -1,31 +1,32 @@ -php: remove host specific info from header file +From 1234a8ef7c5ab88e24bc5908f0ccfd55af21aa39 Mon Sep 17 00:00:00 2001 +From: Leon Anavi +Date: Mon, 31 Aug 2020 16:03:27 +0300 +Subject: [PATCH] php: remove host specific info from header file +Based on: https://sources.debian.org/data/main/p/php7.3/7.3.6-1/debian/patches/ 0036-php-5.4.9-fixheader.patch Upstream-Status: Inappropriate [not author] Signed-off-by: Joe Slater - ---- -From: Debian PHP Maintainers -Date: Sat, 2 May 2015 10:26:56 +0200 -Subject: php-5.4.9-fixheader - -Make generated php_config.h constant across rebuilds. +Signed-off-by: Leon Anavi --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 433d7e6..41893d7 100644 +index 2a474ba36d..6d22a21630 100644 --- a/configure.ac +++ b/configure.ac -@@ -1357,7 +1357,7 @@ PHP_BUILD_DATE=`date -u +%Y-%m-%d` +@@ -1323,7 +1323,7 @@ PHP_BUILD_DATE=`date -u +%Y-%m-%d` fi AC_DEFINE_UNQUOTED(PHP_BUILD_DATE,"$PHP_BUILD_DATE",[PHP build date]) --PHP_UNAME=`uname -a | xargs` -+PHP_UNAME=`uname | xargs` +-UNAME=`uname -a | xargs` ++UNAME=`uname | xargs` + PHP_UNAME=${PHP_UNAME:-$UNAME} AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[uname -a output]) PHP_OS=`uname | xargs` - AC_DEFINE_UNQUOTED(PHP_OS,"$PHP_OS",[uname output]) +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_7.4.4.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_7.4.4.bb deleted file mode 100644 index 1d93902e72..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/php/php_7.4.4.bb +++ /dev/null @@ -1,275 +0,0 @@ -SUMMARY = "A server-side, HTML-embedded scripting language" -HOMEPAGE = "http://www.php.net" -SECTION = "console/network" - -LICENSE = "PHP-3.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=7e571b888d585b31f9ef5edcc647fa30" - -BBCLASSEXTEND = "native" -DEPENDS = "zlib bzip2 libxml2 virtual/libiconv php-native lemon-native" -DEPENDS_class-native = "zlib-native libxml2-native" - -PHP_MAJOR_VERSION = "${@d.getVar('PV').split('.')[0]}" - -SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \ - file://0001-php-don-t-use-broken-wrapper-for-mkdir.patch \ - file://debian-php-fixheader.patch \ - file://0001-configure.ac-don-t-include-build-libtool.m4.patch \ - file://0001-php.m4-don-t-unset-cache-variables.patch \ - " - -SRC_URI_append_class-target = " \ - file://iconv.patch \ - file://imap-fix-autofoo.patch \ - file://php_exec_native.patch \ - file://php-fpm.conf \ - file://php-fpm-apache.conf \ - file://70_mod_php${PHP_MAJOR_VERSION}.conf \ - file://php-fpm.service \ - file://pear-makefile.patch \ - file://phar-makefile.patch \ - file://0001-opcache-config.m4-enable-opcache.patch \ - file://xfail_two_bug_tests.patch \ - " -S = "${WORKDIR}/php-${PV}" -SRC_URI[md5sum] = "262c258a3b8b5699fcca89a64e58758c" -SRC_URI[sha256sum] = "308e8f4182ec8a2767b0b1b8e1e7c69fb149b37cfb98ee4a37475e082fa9829f" - -inherit autotools pkgconfig python3native gettext - -# phpize is not scanned for absolute paths by default (but php-config is). -# -SSTATE_SCAN_FILES += "phpize" -SSTATE_SCAN_FILES += "build-defs.h" - -PHP_LIBDIR = "${libdir}/php${PHP_MAJOR_VERSION}" - -# Common EXTRA_OECONF -COMMON_EXTRA_OECONF = "--enable-sockets \ - --enable-pcntl \ - --enable-shared \ - --disable-rpath \ - --with-pic \ - --libdir=${PHP_LIBDIR} \ -" -EXTRA_OECONF = "--enable-mbstring \ - --enable-fpm \ - --with-libdir=${baselib} \ - --with-gettext=${STAGING_LIBDIR}/.. \ - --with-zlib=${STAGING_LIBDIR}/.. \ - --with-iconv=${STAGING_LIBDIR}/.. \ - --with-bz2=${STAGING_DIR_TARGET}${exec_prefix} \ - --with-config-file-path=${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION} \ - ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', 'ac_cv_c_bigendian_php=no', 'ac_cv_c_bigendian_php=yes', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'pam', '', 'ac_cv_lib_pam_pam_start=no', d)} \ - ${COMMON_EXTRA_OECONF} \ -" - -EXTRA_OECONF_append_riscv64 = " --with-pcre-jit=no" -EXTRA_OECONF_append_riscv32 = " --with-pcre-jit=no" - -CACHED_CONFIGUREVARS += "ac_cv_func_dlopen=no ac_cv_lib_dl_dlopen=yes" - -EXTRA_OECONF_class-native = " \ - --with-zlib=${STAGING_LIBDIR_NATIVE}/.. \ - --without-iconv \ - ${COMMON_EXTRA_OECONF} \ -" - -PACKAGECONFIG ??= "mysql sqlite3 imap opcache openssl \ - ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 pam', d)} \ -" -PACKAGECONFIG_class-native = "" - -PACKAGECONFIG[zip] = "--with-zip --with-zlib-dir=${STAGING_EXECPREFIXDIR},,libzip" - -PACKAGECONFIG[mysql] = "--with-mysqli=mysqlnd \ - --with-pdo-mysql=mysqlnd \ - ,--without-mysqli --without-pdo-mysql \ - ,mysql5" - -PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_LIBDIR}/.. \ - --with-pdo-sqlite=${STAGING_LIBDIR}/.. \ - ,--without-sqlite3 --without-pdo-sqlite \ - ,sqlite3" -PACKAGECONFIG[pgsql] = "--with-pgsql=${STAGING_DIR_TARGET}${exec_prefix},--without-pgsql,postgresql" -PACKAGECONFIG[soap] = "--enable-soap, --disable-soap, libxml2" -PACKAGECONFIG[apache2] = "--with-apxs2=${STAGING_BINDIR_CROSS}/apxs,,apache2-native apache2" -PACKAGECONFIG[pam] = ",,libpam" -PACKAGECONFIG[imap] = "--with-imap=${STAGING_DIR_HOST} \ - --with-imap-ssl=${STAGING_DIR_HOST} \ - ,--without-imap --without-imap-ssl \ - ,uw-imap" -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -PACKAGECONFIG[opcache] = "--enable-opcache,--disable-opcache" -PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl" -PACKAGECONFIG[valgrind] = "--with-valgrind=${STAGING_DIR_TARGET}/usr,--with-valgrind=no,valgrind" -PACKAGECONFIG[mbregex] = "--enable-mbregex, --disable-mbregex, oniguruma" - -export PHP_NATIVE_DIR = "${STAGING_BINDIR_NATIVE}" -export PHP_PEAR_PHP_BIN = "${STAGING_BINDIR_NATIVE}/php" -CFLAGS += " -D_GNU_SOURCE -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I${STAGING_INCDIR}/apache2" - -# Adding these flags enables dynamic library support, which is disabled by -# default when cross compiling -# See https://bugs.php.net/bug.php?id=60109 -CFLAGS += " -DHAVE_LIBDL " -LDFLAGS += " -ldl " - -EXTRA_OEMAKE = "INSTALL_ROOT=${D}" - -acpaths = "" - -do_configure_prepend () { - rm -f ${S}/build/libtool.m4 ${S}/ltmain.sh ${S}/aclocal.m4 - find ${S} -name config.m4 | xargs -n1 sed -i 's!APXS_HTTPD=.*!APXS_HTTPD=${STAGING_SBINDIR_NATIVE}/httpd!' -} - -do_configure_append() { - # No, libtool, we really don't want rpath set... - sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' ${HOST_SYS}-libtool - sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' ${HOST_SYS}-libtool -} - -do_install_append_class-native() { - rm -rf ${D}/${PHP_LIBDIR}/php/.registry - rm -rf ${D}/${PHP_LIBDIR}/php/.channels - rm -rf ${D}/${PHP_LIBDIR}/php/.[a-z]* -} - -do_install_prepend() { - cat ${ACLOCALDIR}/libtool.m4 ${ACLOCALDIR}/lt~obsolete.m4 ${ACLOCALDIR}/ltoptions.m4 \ - ${ACLOCALDIR}/ltsugar.m4 ${ACLOCALDIR}/ltversion.m4 > ${S}/build/libtool.m4 -} - -do_install_prepend_class-target() { - if ${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'true', 'false', d)}; then - # Install dummy config file so apxs doesn't fail - install -d ${D}${sysconfdir}/apache2 - printf "\nLoadModule dummy_module modules/mod_dummy.so\n" > ${D}${sysconfdir}/apache2/httpd.conf - fi -} - -# fixme -do_install_append_class-target() { - install -d ${D}${sysconfdir}/ - rm -rf ${D}/${TMPDIR} - rm -rf ${D}/.registry - rm -rf ${D}/.channels - rm -rf ${D}/.[a-z]* - rm -rf ${D}/var - rm -f ${D}/${sysconfdir}/php-fpm.conf.default - install -m 0644 ${WORKDIR}/php-fpm.conf ${D}/${sysconfdir}/php-fpm.conf - install -d ${D}/${sysconfdir}/apache2/conf.d - install -m 0644 ${WORKDIR}/php-fpm-apache.conf ${D}/${sysconfdir}/apache2/conf.d/php-fpm.conf - install -d ${D}${sysconfdir}/init.d - sed -i 's:=/usr/sbin:=${sbindir}:g' ${B}/sapi/fpm/init.d.php-fpm - sed -i 's:=/etc:=${sysconfdir}:g' ${B}/sapi/fpm/init.d.php-fpm - sed -i 's:=/var:=${localstatedir}:g' ${B}/sapi/fpm/init.d.php-fpm - install -m 0755 ${B}/sapi/fpm/init.d.php-fpm ${D}${sysconfdir}/init.d/php-fpm - install -m 0644 ${WORKDIR}/php-fpm-apache.conf ${D}/${sysconfdir}/apache2/conf.d/php-fpm.conf - - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/php-fpm.service ${D}${systemd_unitdir}/system/ - sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' \ - -e 's,@LOCALSTATEDIR@,${localstatedir},g' \ - ${D}${systemd_unitdir}/system/php-fpm.service - fi - - TMP=`dirname ${D}/${TMPDIR}` - while test ${TMP} != ${D}; do - if [ -d ${TMP} ]; then - rmdir ${TMP} - fi - TMP=`dirname ${TMP}`; - done - - if ${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/apache2/modules.d - install -d ${D}${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION} - install -m 644 ${WORKDIR}/70_mod_php${PHP_MAJOR_VERSION}.conf ${D}${sysconfdir}/apache2/modules.d - sed -i s,lib/,${libexecdir}/, ${D}${sysconfdir}/apache2/modules.d/70_mod_php${PHP_MAJOR_VERSION}.conf - cat ${S}/php.ini-production | \ - sed -e 's,extension_dir = \"\./\",extension_dir = \"/usr/lib/extensions\",' \ - > ${D}${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION}/php.ini - rm -f ${D}${sysconfdir}/apache2/httpd.conf* - fi -} - -SYSROOT_PREPROCESS_FUNCS += "php_sysroot_preprocess" - -php_sysroot_preprocess () { - install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ - install -m 755 ${D}${bindir}/phpize ${SYSROOT_DESTDIR}${bindir_crossscripts}/ - install -m 755 ${D}${bindir}/php-config ${SYSROOT_DESTDIR}${bindir_crossscripts}/ - - sed -i 's!eval echo /!eval echo ${STAGING_DIR_HOST}/!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/phpize - sed -i 's!^include_dir=.*!include_dir=${STAGING_INCDIR}/php!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/php-config -} - -MODPHP_PACKAGE = "${@bb.utils.contains('PACKAGECONFIG', 'apache2', '${PN}-modphp', '', d)}" - -PACKAGES = "${PN}-dbg ${PN}-cli ${PN}-cgi ${PN}-fpm ${PN}-fpm-apache2 ${PN}-pear ${PN}-phar ${MODPHP_PACKAGE} ${PN}-dev ${PN}-staticdev ${PN}-doc ${PN}-opcache ${PN}" - -RDEPENDS_${PN} += "libgcc" -RDEPENDS_${PN}-pear = "${PN}" -RDEPENDS_${PN}-phar = "${PN}-cli" -RDEPENDS_${PN}-cli = "${PN}" -RDEPENDS_${PN}-modphp = "${PN} apache2" -RDEPENDS_${PN}-opcache = "${PN}" - -INITSCRIPT_PACKAGES = "${PN}-fpm" -inherit update-rc.d - -FILES_${PN}-dbg =+ "${bindir}/.debug \ - ${libexecdir}/apache2/modules/.debug" -FILES_${PN}-doc += "${PHP_LIBDIR}/php/doc" -FILES_${PN}-cli = "${bindir}/php" -FILES_${PN}-phar = "${bindir}/phar*" -FILES_${PN}-cgi = "${bindir}/php-cgi" -FILES_${PN}-fpm = "${sbindir}/php-fpm ${sysconfdir}/php-fpm.conf ${datadir}/fpm ${sysconfdir}/init.d/php-fpm ${systemd_unitdir}/system/php-fpm.service ${sysconfdir}/php-fpm.d/www.conf.default" -FILES_${PN}-fpm-apache2 = "${sysconfdir}/apache2/conf.d/php-fpm.conf" -CONFFILES_${PN}-fpm = "${sysconfdir}/php-fpm.conf" -CONFFILES_${PN}-fpm-apache2 = "${sysconfdir}/apache2/conf.d/php-fpm.conf" -INITSCRIPT_NAME_${PN}-fpm = "php-fpm" -INITSCRIPT_PARAMS_${PN}-fpm = "defaults 60" -FILES_${PN}-pear = "${bindir}/pear* ${bindir}/pecl ${PHP_LIBDIR}/php/PEAR \ - ${PHP_LIBDIR}/php/PEAR*.php ${PHP_LIBDIR}/php/System.php \ - ${PHP_LIBDIR}/php/peclcmd.php ${PHP_LIBDIR}/php/pearcmd.php \ - ${PHP_LIBDIR}/php/.channels ${PHP_LIBDIR}/php/.channels/.alias \ - ${PHP_LIBDIR}/php/.registry ${PHP_LIBDIR}/php/Archive/Tar.php \ - ${PHP_LIBDIR}/php/Console/Getopt.php ${PHP_LIBDIR}/php/OS/Guess.php \ - ${PHP_LIBDIR}/php/data/PEAR \ - ${sysconfdir}/pear.conf" -FILES_${PN}-dev = "${includedir}/php ${PHP_LIBDIR}/build ${bindir}/phpize \ - ${bindir}/php-config ${PHP_LIBDIR}/php/.depdb \ - ${PHP_LIBDIR}/php/.depdblock ${PHP_LIBDIR}/php/.filemap \ - ${PHP_LIBDIR}/php/.lock ${PHP_LIBDIR}/php/test" -FILES_${PN}-staticdev += "${PHP_LIBDIR}/extensions/*/*.a" -FILES_${PN}-opcache = "${PHP_LIBDIR}/extensions/*/opcache${SOLIBSDEV}" -FILES_${PN} = "${PHP_LIBDIR}/php" -FILES_${PN} += "${bindir} ${libexecdir}/apache2" - -SUMMARY_${PN}-modphp = "PHP module for the Apache HTTP server" -FILES_${PN}-modphp = "${libdir}/apache2 ${sysconfdir}" - -MODPHP_OLDPACKAGE = "${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'modphp', '', d)}" -RPROVIDES_${PN}-modphp = "${MODPHP_OLDPACKAGE}" -RREPLACES_${PN}-modphp = "${MODPHP_OLDPACKAGE}" -RCONFLICTS_${PN}-modphp = "${MODPHP_OLDPACKAGE}" - -do_install_append_class-native() { - create_wrapper ${D}${bindir}/php \ - PHP_PEAR_SYSCONF_DIR=${sysconfdir}/ -} - - -# Fails to build with thumb-1 (qemuarm) -# | {standard input}: Assembler messages: -# | {standard input}:3719: Error: selected processor does not support Thumb mode `smull r0,r2,r9,r3' -# | {standard input}:3720: Error: unshifted register required -- `sub r2,r2,r0,asr#31' -# | {standard input}:3796: Error: selected processor does not support Thumb mode `smull r0,r2,r3,r3' -# | {standard input}:3797: Error: unshifted register required -- `sub r2,r2,r0,asr#31' -# | make: *** [ext/standard/math.lo] Error 1 -ARM_INSTRUCTION_SET = "arm" diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_7.4.9.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_7.4.9.bb new file mode 100644 index 0000000000..16fc311b0e --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php_7.4.9.bb @@ -0,0 +1,269 @@ +SUMMARY = "A server-side, HTML-embedded scripting language" +HOMEPAGE = "http://www.php.net" +SECTION = "console/network" + +LICENSE = "PHP-3.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=7e571b888d585b31f9ef5edcc647fa30" + +BBCLASSEXTEND = "native" +DEPENDS = "zlib bzip2 libxml2 virtual/libiconv php-native lemon-native" +DEPENDS_class-native = "zlib-native libxml2-native" + +PHP_MAJOR_VERSION = "${@d.getVar('PV').split('.')[0]}" + +SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \ + file://0001-php-don-t-use-broken-wrapper-for-mkdir.patch \ + file://debian-php-fixheader.patch \ + file://0001-configure.ac-don-t-include-build-libtool.m4.patch \ + file://0001-php.m4-don-t-unset-cache-variables.patch \ + " + +SRC_URI_append_class-target = " \ + file://iconv.patch \ + file://imap-fix-autofoo.patch \ + file://php_exec_native.patch \ + file://php-fpm.conf \ + file://php-fpm-apache.conf \ + file://70_mod_php${PHP_MAJOR_VERSION}.conf \ + file://php-fpm.service \ + file://pear-makefile.patch \ + file://phar-makefile.patch \ + file://0001-opcache-config.m4-enable-opcache.patch \ + file://xfail_two_bug_tests.patch \ + file://CVE-2020-7070.patch \ + file://CVE-2020-7069.patch \ + " + +S = "${WORKDIR}/php-${PV}" +SRC_URI[md5sum] = "e68a66c54b080d108831f6dc2e1e403d" +SRC_URI[sha256sum] = "2e270958a4216480da7886743438ccc92b6acf32ea96fefda88d07e0a5095deb" + +inherit autotools pkgconfig python3native gettext + +# phpize is not scanned for absolute paths by default (but php-config is). +# +SSTATE_SCAN_FILES += "phpize" +SSTATE_SCAN_FILES += "build-defs.h" + +PHP_LIBDIR = "${libdir}/php${PHP_MAJOR_VERSION}" + +# Common EXTRA_OECONF +COMMON_EXTRA_OECONF = "--enable-sockets \ + --enable-pcntl \ + --enable-shared \ + --disable-rpath \ + --with-pic \ + --libdir=${PHP_LIBDIR} \ +" +EXTRA_OECONF = "--enable-mbstring \ + --enable-fpm \ + --with-libdir=${baselib} \ + --with-gettext=${STAGING_LIBDIR}/.. \ + --with-zlib=${STAGING_LIBDIR}/.. \ + --with-iconv=${STAGING_LIBDIR}/.. \ + --with-bz2=${STAGING_DIR_TARGET}${exec_prefix} \ + --with-config-file-path=${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION} \ + ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', 'ac_cv_c_bigendian_php=no', 'ac_cv_c_bigendian_php=yes', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'pam', '', 'ac_cv_lib_pam_pam_start=no', d)} \ + ${COMMON_EXTRA_OECONF} \ +" + +EXTRA_OECONF_append_riscv64 = " --with-pcre-jit=no" +EXTRA_OECONF_append_riscv32 = " --with-pcre-jit=no" + +CACHED_CONFIGUREVARS += "ac_cv_func_dlopen=no ac_cv_lib_dl_dlopen=yes" + +EXTRA_OECONF_class-native = " \ + --with-zlib=${STAGING_LIBDIR_NATIVE}/.. \ + --without-iconv \ + ${COMMON_EXTRA_OECONF} \ +" + +PACKAGECONFIG ??= "mysql sqlite3 imap opcache openssl \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 pam', d)} \ +" +PACKAGECONFIG_class-native = "" + +PACKAGECONFIG[zip] = "--with-zip --with-zlib-dir=${STAGING_EXECPREFIXDIR},,libzip" + +PACKAGECONFIG[mysql] = "--with-mysqli=mysqlnd \ + --with-pdo-mysql=mysqlnd \ + ,--without-mysqli --without-pdo-mysql \ + ,mysql5" + +PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_LIBDIR}/.. \ + --with-pdo-sqlite=${STAGING_LIBDIR}/.. \ + ,--without-sqlite3 --without-pdo-sqlite \ + ,sqlite3" +PACKAGECONFIG[pgsql] = "--with-pgsql=${STAGING_DIR_TARGET}${exec_prefix},--without-pgsql,postgresql" +PACKAGECONFIG[soap] = "--enable-soap, --disable-soap, libxml2" +PACKAGECONFIG[apache2] = "--with-apxs2=${STAGING_BINDIR_CROSS}/apxs,,apache2-native apache2" +PACKAGECONFIG[pam] = ",,libpam" +PACKAGECONFIG[imap] = "--with-imap=${STAGING_DIR_HOST} \ + --with-imap-ssl=${STAGING_DIR_HOST} \ + ,--without-imap --without-imap-ssl \ + ,uw-imap" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[opcache] = "--enable-opcache,--disable-opcache" +PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl" +PACKAGECONFIG[valgrind] = "--with-valgrind=${STAGING_DIR_TARGET}/usr,--with-valgrind=no,valgrind" +PACKAGECONFIG[mbregex] = "--enable-mbregex, --disable-mbregex, oniguruma" + +export PHP_NATIVE_DIR = "${STAGING_BINDIR_NATIVE}" +export PHP_PEAR_PHP_BIN = "${STAGING_BINDIR_NATIVE}/php" +CFLAGS += " -D_GNU_SOURCE -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I${STAGING_INCDIR}/apache2" + +# Adding these flags enables dynamic library support, which is disabled by +# default when cross compiling +# See https://bugs.php.net/bug.php?id=60109 +CFLAGS += " -DHAVE_LIBDL " +LDFLAGS += " -ldl " + +EXTRA_OEMAKE = "INSTALL_ROOT=${D}" + +acpaths = "" + +do_configure_prepend () { + rm -f ${S}/build/libtool.m4 ${S}/ltmain.sh ${S}/aclocal.m4 + find ${S} -name config.m4 | xargs -n1 sed -i 's!APXS_HTTPD=.*!APXS_HTTPD=${STAGING_SBINDIR_NATIVE}/httpd!' +} + +do_configure_append() { + # No, libtool, we really don't want rpath set... + sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' ${HOST_SYS}-libtool + sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' ${HOST_SYS}-libtool +} + +do_install_append_class-native() { + rm -rf ${D}/${PHP_LIBDIR}/php/.registry + rm -rf ${D}/${PHP_LIBDIR}/php/.channels + rm -rf ${D}/${PHP_LIBDIR}/php/.[a-z]* +} + +do_install_prepend() { + cat ${ACLOCALDIR}/libtool.m4 ${ACLOCALDIR}/lt~obsolete.m4 ${ACLOCALDIR}/ltoptions.m4 \ + ${ACLOCALDIR}/ltsugar.m4 ${ACLOCALDIR}/ltversion.m4 > ${S}/build/libtool.m4 +} + +do_install_prepend_class-target() { + if ${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'true', 'false', d)}; then + # Install dummy config file so apxs doesn't fail + install -d ${D}${sysconfdir}/apache2 + printf "\nLoadModule dummy_module modules/mod_dummy.so\n" > ${D}${sysconfdir}/apache2/httpd.conf + fi +} + +# fixme +do_install_append_class-target() { + install -d ${D}${sysconfdir}/ + rm -rf ${D}/.registry + rm -rf ${D}/.channels + rm -rf ${D}/.[a-z]* + rm -rf ${D}/var + rm -f ${D}/${sysconfdir}/php-fpm.conf.default + install -m 0644 ${WORKDIR}/php-fpm.conf ${D}/${sysconfdir}/php-fpm.conf + install -d ${D}/${sysconfdir}/apache2/conf.d + install -m 0644 ${WORKDIR}/php-fpm-apache.conf ${D}/${sysconfdir}/apache2/conf.d/php-fpm.conf + install -d ${D}${sysconfdir}/init.d + sed -i 's:=/usr/sbin:=${sbindir}:g' ${B}/sapi/fpm/init.d.php-fpm + sed -i 's:=/etc:=${sysconfdir}:g' ${B}/sapi/fpm/init.d.php-fpm + sed -i 's:=/var:=${localstatedir}:g' ${B}/sapi/fpm/init.d.php-fpm + install -m 0755 ${B}/sapi/fpm/init.d.php-fpm ${D}${sysconfdir}/init.d/php-fpm + install -m 0644 ${WORKDIR}/php-fpm-apache.conf ${D}/${sysconfdir}/apache2/conf.d/php-fpm.conf + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/php-fpm.service ${D}${systemd_unitdir}/system/ + sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' \ + -e 's,@LOCALSTATEDIR@,${localstatedir},g' \ + ${D}${systemd_unitdir}/system/php-fpm.service + fi + + if ${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/apache2/modules.d + install -d ${D}${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION} + install -m 644 ${WORKDIR}/70_mod_php${PHP_MAJOR_VERSION}.conf ${D}${sysconfdir}/apache2/modules.d + sed -i s,lib/,${libexecdir}/, ${D}${sysconfdir}/apache2/modules.d/70_mod_php${PHP_MAJOR_VERSION}.conf + cat ${S}/php.ini-production | \ + sed -e 's,extension_dir = \"\./\",extension_dir = \"/usr/lib/extensions\",' \ + > ${D}${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION}/php.ini + rm -f ${D}${sysconfdir}/apache2/httpd.conf* + fi +} + +SYSROOT_PREPROCESS_FUNCS += "php_sysroot_preprocess" + +php_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/phpize ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/php-config ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + + sed -i 's!eval echo /!eval echo ${STAGING_DIR_HOST}/!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/phpize + sed -i 's!^include_dir=.*!include_dir=${STAGING_INCDIR}/php!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/php-config +} + +MODPHP_PACKAGE = "${@bb.utils.contains('PACKAGECONFIG', 'apache2', '${PN}-modphp', '', d)}" + +PACKAGES = "${PN}-dbg ${PN}-cli ${PN}-cgi ${PN}-fpm ${PN}-fpm-apache2 ${PN}-pear ${PN}-phar ${MODPHP_PACKAGE} ${PN}-dev ${PN}-staticdev ${PN}-doc ${PN}-opcache ${PN}" + +RDEPENDS_${PN} += "libgcc" +RDEPENDS_${PN}-pear = "${PN}" +RDEPENDS_${PN}-phar = "${PN}-cli" +RDEPENDS_${PN}-cli = "${PN}" +RDEPENDS_${PN}-modphp = "${PN} apache2" +RDEPENDS_${PN}-opcache = "${PN}" + +INITSCRIPT_PACKAGES = "${PN}-fpm" +inherit update-rc.d + +FILES_${PN}-dbg =+ "${bindir}/.debug \ + ${libexecdir}/apache2/modules/.debug" +FILES_${PN}-doc += "${PHP_LIBDIR}/php/doc" +FILES_${PN}-cli = "${bindir}/php" +FILES_${PN}-phar = "${bindir}/phar*" +FILES_${PN}-cgi = "${bindir}/php-cgi" +FILES_${PN}-fpm = "${sbindir}/php-fpm ${sysconfdir}/php-fpm.conf ${datadir}/fpm ${sysconfdir}/init.d/php-fpm ${systemd_unitdir}/system/php-fpm.service ${sysconfdir}/php-fpm.d/www.conf.default" +FILES_${PN}-fpm-apache2 = "${sysconfdir}/apache2/conf.d/php-fpm.conf" +CONFFILES_${PN}-fpm = "${sysconfdir}/php-fpm.conf" +CONFFILES_${PN}-fpm-apache2 = "${sysconfdir}/apache2/conf.d/php-fpm.conf" +INITSCRIPT_NAME_${PN}-fpm = "php-fpm" +INITSCRIPT_PARAMS_${PN}-fpm = "defaults 60" +FILES_${PN}-pear = "${bindir}/pear* ${bindir}/pecl ${PHP_LIBDIR}/php/PEAR \ + ${PHP_LIBDIR}/php/PEAR*.php ${PHP_LIBDIR}/php/System.php \ + ${PHP_LIBDIR}/php/peclcmd.php ${PHP_LIBDIR}/php/pearcmd.php \ + ${PHP_LIBDIR}/php/.channels ${PHP_LIBDIR}/php/.channels/.alias \ + ${PHP_LIBDIR}/php/.registry ${PHP_LIBDIR}/php/Archive/Tar.php \ + ${PHP_LIBDIR}/php/Console/Getopt.php ${PHP_LIBDIR}/php/OS/Guess.php \ + ${PHP_LIBDIR}/php/data/PEAR \ + ${sysconfdir}/pear.conf" +FILES_${PN}-dev = "${includedir}/php ${PHP_LIBDIR}/build ${bindir}/phpize \ + ${bindir}/php-config ${PHP_LIBDIR}/php/.depdb \ + ${PHP_LIBDIR}/php/.depdblock ${PHP_LIBDIR}/php/.filemap \ + ${PHP_LIBDIR}/php/.lock ${PHP_LIBDIR}/php/test" +FILES_${PN}-staticdev += "${PHP_LIBDIR}/extensions/*/*.a" +FILES_${PN}-opcache = "${PHP_LIBDIR}/extensions/*/opcache${SOLIBSDEV}" +FILES_${PN} = "${PHP_LIBDIR}/php" +FILES_${PN} += "${bindir} ${libexecdir}/apache2" + +SUMMARY_${PN}-modphp = "PHP module for the Apache HTTP server" +FILES_${PN}-modphp = "${libdir}/apache2 ${sysconfdir}" + +MODPHP_OLDPACKAGE = "${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'modphp', '', d)}" +RPROVIDES_${PN}-modphp = "${MODPHP_OLDPACKAGE}" +RREPLACES_${PN}-modphp = "${MODPHP_OLDPACKAGE}" +RCONFLICTS_${PN}-modphp = "${MODPHP_OLDPACKAGE}" + +do_install_append_class-native() { + create_wrapper ${D}${bindir}/php \ + PHP_PEAR_SYSCONF_DIR=${sysconfdir}/ +} + + +# Fails to build with thumb-1 (qemuarm) +# | {standard input}: Assembler messages: +# | {standard input}:3719: Error: selected processor does not support Thumb mode `smull r0,r2,r9,r3' +# | {standard input}:3720: Error: unshifted register required -- `sub r2,r2,r0,asr#31' +# | {standard input}:3796: Error: selected processor does not support Thumb mode `smull r0,r2,r3,r3' +# | {standard input}:3797: Error: unshifted register required -- `sub r2,r2,r0,asr#31' +# | make: *** [ext/standard/math.lo] Error 1 +ARM_INSTRUCTION_SET = "arm" -- cgit v1.2.3