summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta/classes/cve-check.bbclass2
-rw-r--r--meta/classes/sanity.bbclass2
-rw-r--r--meta/conf/distro/include/yocto-uninative.inc10
-rw-r--r--meta/lib/oeqa/buildperf/base.py2
-rw-r--r--meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch46
-rw-r--r--meta/recipes-connectivity/openssh/openssh_7.9p1.bb1
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch758
-rw-r--r--meta/recipes-connectivity/openssl/openssl/reproducible.patch32
-rw-r--r--meta/recipes-connectivity/openssl/openssl10_1.0.2u.bb (renamed from meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb)6
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.1.1g.bb (renamed from meta/recipes-connectivity/openssl/openssl_1.1.1d.bb)7
-rw-r--r--meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch47
-rw-r--r--meta/recipes-connectivity/ppp/ppp_2.4.7.bb1
-rw-r--r--meta/recipes-core/images/build-appliance-image_15.0.0.bb2
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch37
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch36
-rw-r--r--meta/recipes-core/libxml/libxml2/fix-CVE-2019-19956.patch38
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.8.bb3
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb2
-rw-r--r--meta/recipes-core/ncurses/ncurses_6.1+20181013.bb2
-rw-r--r--meta/recipes-core/systemd/systemd/0001-bus_open-leak-sd_event_source-when-udevadm-trigger.patch35
-rw-r--r--meta/recipes-core/systemd/systemd_241.bb1
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch49
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch57
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch76
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.5.bb3
-rw-r--r--meta/recipes-devtools/git/git_2.20.1.bb11
-rw-r--r--meta/recipes-devtools/git/git_2.20.4.bb11
-rw-r--r--meta/recipes-devtools/python/python-native_2.7.18.bb (renamed from meta/recipes-devtools/python/python-native_2.7.17.bb)0
-rw-r--r--meta/recipes-devtools/python/python.inc6
-rw-r--r--meta/recipes-devtools/python/python/python2-manifest.json1
-rw-r--r--meta/recipes-devtools/python/python3_3.7.7.bb (renamed from meta/recipes-devtools/python/python3_3.7.6.bb)6
-rw-r--r--meta/recipes-devtools/python/python_2.7.18.bb (renamed from meta/recipes-devtools/python/python_2.7.17.bb)0
-rw-r--r--meta/recipes-devtools/rsync/rsync_3.1.3.bb3
-rw-r--r--meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch316
-rw-r--r--meta/recipes-extended/cpio/cpio_2.12.bb1
-rw-r--r--meta/recipes-extended/timezone/timezone.inc10
-rw-r--r--meta/recipes-kernel/linux-firmware/linux-firmware_20190815.bb (renamed from meta/recipes-kernel/linux-firmware/linux-firmware_git.bb)26
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb8
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_4.19.bb20
-rw-r--r--meta/recipes-support/boost/boost/0001-dont-setup-compiler-flags-m32-m64.patch42
-rw-r--r--meta/recipes-support/boost/boost_1.69.0.bb1
-rw-r--r--meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch13
-rw-r--r--meta/recipes-support/gnupg/gnupg_2.2.17.bb (renamed from meta/recipes-support/gnupg/gnupg_2.2.13.bb)5
-rw-r--r--meta/recipes-support/libsoup/libsoup-2.4_2.64.2.bb2
-rw-r--r--meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch40
-rw-r--r--meta/recipes-support/sqlite/sqlite3_3.27.2.bb1
47 files changed, 952 insertions, 832 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 01b3637469..0ab022b135 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -214,7 +214,7 @@ def check_cves(d, patched_cves):
(_, _, _, version_start, operator_start, version_end, operator_end) = row
#bb.debug(2, "Evaluating row " + str(row))
- if (operator_start == '=' and pv == version_start):
+ if (operator_start == '=' and pv == version_start) or version_start == '-':
vulnerable = True
else:
if operator_start:
diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index 9429202dca..3b41c69ef6 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -919,7 +919,7 @@ def check_sanity(sanity_data):
last_tmpdir = ""
last_sstate_dir = ""
last_nativelsbstr = ""
- sanityverfile = sanity_data.expand("${TOPDIR}/conf/sanity_info")
+ sanityverfile = sanity_data.expand("${TOPDIR}/cache/sanity_info")
if os.path.exists(sanityverfile):
with open(sanityverfile, 'r') as f:
for line in f:
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index ad75d3e2a3..889695eae3 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,9 +6,9 @@
# to the distro running on the build machine.
#
-UNINATIVE_MAXGLIBCVERSION = "2.30"
+UNINATIVE_MAXGLIBCVERSION = "2.31"
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.7/"
-UNINATIVE_CHECKSUM[aarch64] ?= "e76a45886ee8a0b3904b761c17ac8ff91edf9811ee455f1832d10763ba794dfc"
-UNINATIVE_CHECKSUM[i686] ?= "810d027dfb1c7675226afbcec07808770516c969ee7378f6d8240281083f8924"
-UNINATIVE_CHECKSUM[x86_64] ?= "9498d8bba047499999a7310ac2576d0796461184965351a56f6d32c888a1f216"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.8/"
+UNINATIVE_CHECKSUM[aarch64] ?= "989187344bf9539b464fb7ed9c223e51f4bdb4c7a677d2c314e6fed393176efe"
+UNINATIVE_CHECKSUM[i686] ?= "cc3e45bc8594488b407363e3fa9af5a099279dab2703c64342098719bd674990"
+UNINATIVE_CHECKSUM[x86_64] ?= "a09922172c3a439105e0ae6b943daad2d83505b17da0aba97961ff433b8c21ab"
diff --git a/meta/lib/oeqa/buildperf/base.py b/meta/lib/oeqa/buildperf/base.py
index 3b2fed549f..5f1805d86c 100644
--- a/meta/lib/oeqa/buildperf/base.py
+++ b/meta/lib/oeqa/buildperf/base.py
@@ -462,7 +462,7 @@ class BuildPerfTestCase(unittest.TestCase):
def rm_tmp(self):
"""Cleanup temporary/intermediate files and directories"""
log.debug("Removing temporary and cache files")
- for name in ['bitbake.lock', 'conf/sanity_info',
+ for name in ['bitbake.lock', 'cache/sanity_info',
self.bb_vars['TMPDIR']]:
oe.path.remove(name, recurse=True)
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
new file mode 100644
index 0000000000..e2930c3c7d
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
@@ -0,0 +1,46 @@
+From 3cccc0a2ab597b8273bddf08e9a3cc5551d7e530 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 3 Jan 2020 03:02:26 +0000
+Subject: [PATCH] upstream: what bozo decided to use 2020 as a future date in a
+ regress
+
+test?
+
+OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/ff31f15773ee173502eec4d7861ec56f26bba381]
+
+[Dropped the script version and copyright year change at the top]
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ regress/cert-hostkey.sh | 2 +-
+ regress/cert-userkey.sh | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
+index 3ce7779..74d5a53 100644
+--- a/regress/cert-hostkey.sh
++++ b/regress/cert-hostkey.sh
+@@ -248,7 +248,7 @@ test_one() {
+ test_one "user-certificate" failure "-n $HOSTS"
+ test_one "empty principals" success "-h"
+ test_one "wrong principals" failure "-h -n foo"
+-test_one "cert not yet valid" failure "-h -V20200101:20300101"
++test_one "cert not yet valid" failure "-h -V20300101:20320101"
+ test_one "cert expired" failure "-h -V19800101:19900101"
+ test_one "cert valid interval" success "-h -V-1w:+2w"
+ test_one "cert has constraints" failure "-h -Oforce-command=false"
+diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
+index 6849e99..de455b8 100644
+--- a/regress/cert-userkey.sh
++++ b/regress/cert-userkey.sh
+@@ -327,7 +327,7 @@ test_one() {
+ test_one "correct principal" success "-n ${USER}"
+ test_one "host-certificate" failure "-n ${USER} -h"
+ test_one "wrong principals" failure "-n foo"
+-test_one "cert not yet valid" failure "-n ${USER} -V20200101:20300101"
++test_one "cert not yet valid" failure "-n ${USER} -V20300101:20320101"
+ test_one "cert expired" failure "-n ${USER} -V19800101:19900101"
+ test_one "cert valid interval" success "-n ${USER} -V-1w:+2w"
+ test_one "wrong source-address" failure "-n ${USER} -Osource-address=10.0.0.0/8"
diff --git a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
index 6c8f7327a9..4d4f2753fe 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
@@ -28,6 +28,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://CVE-2019-6109.patch \
file://0001-upstream-Have-progressmeter-force-an-update-at-the-b.patch \
file://CVE-2019-6111.patch \
+ file://0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch \
"
SRC_URI[md5sum] = "c6af50b7a474d04726a5aa747a5dce8f"
SRC_URI[sha256sum] = "6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aad"
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch
deleted file mode 100644
index 0cc19cb5f4..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch
+++ /dev/null
@@ -1,758 +0,0 @@
-From 419102400a2811582a7a3d4a4e317d72e5ce0a8f Mon Sep 17 00:00:00 2001
-From: Andy Polyakov <appro@openssl.org>
-Date: Wed, 4 Dec 2019 12:48:21 +0100
-Subject: [PATCH] Fix an overflow bug in rsaz_512_sqr
-
-There is an overflow bug in the x64_64 Montgomery squaring procedure used in
-exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis
-suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a
-result of this defect would be very difficult to perform and are not believed
-likely. Attacks against DH512 are considered just feasible. However, for an
-attack the target would have to re-use the DH512 private key, which is not
-recommended anyway. Also applications directly using the low level API
-BN_mod_exp may be affected if they use BN_FLG_CONSTTIME.
-
-CVE-2019-1551
-
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
-(Merged from https://github.com/openssl/openssl/pull/10575)
-
-CVE: CVE-2019-1551
-Upstream-Status: Backport
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- crypto/bn/asm/rsaz-x86_64.pl | 381 ++++++++++++++++++-----------------
- 1 file changed, 197 insertions(+), 184 deletions(-)
-
-diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl
-index b1797b649f0..7534d5cd03e 100755
---- a/crypto/bn/asm/rsaz-x86_64.pl
-+++ b/crypto/bn/asm/rsaz-x86_64.pl
-@@ -116,7 +116,7 @@
- subq \$128+24, %rsp
- .cfi_adjust_cfa_offset 128+24
- .Lsqr_body:
-- movq $mod, %rbp # common argument
-+ movq $mod, %xmm1 # common off-load
- movq ($inp), %rdx
- movq 8($inp), %rax
- movq $n0, 128(%rsp)
-@@ -134,7 +134,8 @@
- .Loop_sqr:
- movl $times,128+8(%rsp)
- #first iteration
-- movq %rdx, %rbx
-+ movq %rdx, %rbx # 0($inp)
-+ mov %rax, %rbp # 8($inp)
- mulq %rdx
- movq %rax, %r8
- movq 16($inp), %rax
-@@ -173,31 +174,29 @@
- mulq %rbx
- addq %rax, %r14
- movq %rbx, %rax
-- movq %rdx, %r15
-- adcq \$0, %r15
-+ adcq \$0, %rdx
-
-- addq %r8, %r8 #shlq \$1, %r8
-- movq %r9, %rcx
-- adcq %r9, %r9 #shld \$1, %r8, %r9
-+ xorq %rcx,%rcx # rcx:r8 = r8 << 1
-+ addq %r8, %r8
-+ movq %rdx, %r15
-+ adcq \$0, %rcx
-
- mulq %rax
-- movq %rax, (%rsp)
-- addq %rdx, %r8
-- adcq \$0, %r9
-+ addq %r8, %rdx
-+ adcq \$0, %rcx
-
-- movq %r8, 8(%rsp)
-- shrq \$63, %rcx
-+ movq %rax, (%rsp)
-+ movq %rdx, 8(%rsp)
-
- #second iteration
-- movq 8($inp), %r8
- movq 16($inp), %rax
-- mulq %r8
-+ mulq %rbp
- addq %rax, %r10
- movq 24($inp), %rax
- movq %rdx, %rbx
- adcq \$0, %rbx
-
-- mulq %r8
-+ mulq %rbp
- addq %rax, %r11
- movq 32($inp), %rax
- adcq \$0, %rdx
-@@ -205,7 +204,7 @@
- movq %rdx, %rbx
- adcq \$0, %rbx
-
-- mulq %r8
-+ mulq %rbp
- addq %rax, %r12
- movq 40($inp), %rax
- adcq \$0, %rdx
-@@ -213,7 +212,7 @@
- movq %rdx, %rbx
- adcq \$0, %rbx
-
-- mulq %r8
-+ mulq %rbp
- addq %rax, %r13
- movq 48($inp), %rax
- adcq \$0, %rdx
-@@ -221,7 +220,7 @@
- movq %rdx, %rbx
- adcq \$0, %rbx
-
-- mulq %r8
-+ mulq %rbp
- addq %rax, %r14
- movq 56($inp), %rax
- adcq \$0, %rdx
-@@ -229,39 +228,39 @@
- movq %rdx, %rbx
- adcq \$0, %rbx
-
-- mulq %r8
-+ mulq %rbp
- addq %rax, %r15
-- movq %r8, %rax
-+ movq %rbp, %rax
- adcq \$0, %rdx
- addq %rbx, %r15
-- movq %rdx, %r8
-- movq %r10, %rdx
-- adcq \$0, %r8
-+ adcq \$0, %rdx
-
-- add %rdx, %rdx
-- lea (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10
-- movq %r11, %rbx
-- adcq %r11, %r11 #shld \$1, %r10, %r11
-+ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1
-+ addq %r9, %r9
-+ movq %rdx, %r8
-+ adcq %r10, %r10
-+ adcq \$0, %rbx
-
- mulq %rax
-+ addq %rcx, %rax
-+ movq 16($inp), %rbp
-+ adcq \$0, %rdx
- addq %rax, %r9
-+ movq 24($inp), %rax
- adcq %rdx, %r10
-- adcq \$0, %r11
-+ adcq \$0, %rbx
-
- movq %r9, 16(%rsp)
- movq %r10, 24(%rsp)
-- shrq \$63, %rbx
-
- #third iteration
-- movq 16($inp), %r9
-- movq 24($inp), %rax
-- mulq %r9
-+ mulq %rbp
- addq %rax, %r12
- movq 32($inp), %rax
- movq %rdx, %rcx
- adcq \$0, %rcx
-
-- mulq %r9
-+ mulq %rbp
- addq %rax, %r13
- movq 40($inp), %rax
- adcq \$0, %rdx
-@@ -269,7 +268,7 @@
- movq %rdx, %rcx
- adcq \$0, %rcx
-
-- mulq %r9
-+ mulq %rbp
- addq %rax, %r14
- movq 48($inp), %rax
- adcq \$0, %rdx
-@@ -277,9 +276,7 @@
- movq %rdx, %rcx
- adcq \$0, %rcx
-
-- mulq %r9
-- movq %r12, %r10
-- lea (%rbx,%r12,2), %r12 #shld \$1, %rbx, %r12
-+ mulq %rbp
- addq %rax, %r15
- movq 56($inp), %rax
- adcq \$0, %rdx
-@@ -287,36 +284,40 @@
- movq %rdx, %rcx
- adcq \$0, %rcx
-
-- mulq %r9
-- shrq \$63, %r10
-+ mulq %rbp
- addq %rax, %r8
-- movq %r9, %rax
-+ movq %rbp, %rax
- adcq \$0, %rdx
- addq %rcx, %r8
-- movq %rdx, %r9
-- adcq \$0, %r9
-+ adcq \$0, %rdx
-
-- movq %r13, %rcx
-- leaq (%r10,%r13,2), %r13 #shld \$1, %r12, %r13
-+ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1
-+ addq %r11, %r11
-+ movq %rdx, %r9
-+ adcq %r12, %r12
-+ adcq \$0, %rcx
-
- mulq %rax
-+ addq %rbx, %rax
-+ movq 24($inp), %r10
-+ adcq \$0, %rdx
- addq %rax, %r11
-+ movq 32($inp), %rax
- adcq %rdx, %r12
-- adcq \$0, %r13
-+ adcq \$0, %rcx
-
- movq %r11, 32(%rsp)
- movq %r12, 40(%rsp)
-- shrq \$63, %rcx
-
- #fourth iteration
-- movq 24($inp), %r10
-- movq 32($inp), %rax
-+ mov %rax, %r11 # 32($inp)
- mulq %r10
- addq %rax, %r14
- movq 40($inp), %rax
- movq %rdx, %rbx
- adcq \$0, %rbx
-
-+ mov %rax, %r12 # 40($inp)
- mulq %r10
- addq %rax, %r15
- movq 48($inp), %rax
-@@ -325,9 +326,8 @@
- movq %rdx, %rbx
- adcq \$0, %rbx
-
-+ mov %rax, %rbp # 48($inp)
- mulq %r10
-- movq %r14, %r12
-- leaq (%rcx,%r14,2), %r14 #shld \$1, %rcx, %r14
- addq %rax, %r8
- movq 56($inp), %rax
- adcq \$0, %rdx
-@@ -336,32 +336,33 @@
- adcq \$0, %rbx
-
- mulq %r10
-- shrq \$63, %r12
- addq %rax, %r9
- movq %r10, %rax
- adcq \$0, %rdx
- addq %rbx, %r9
-- movq %rdx, %r10
-- adcq \$0, %r10
-+ adcq \$0, %rdx
-
-- movq %r15, %rbx
-- leaq (%r12,%r15,2),%r15 #shld \$1, %r14, %r15
-+ xorq %rbx, %rbx # rbx:r13:r14 = r13:r14 << 1
-+ addq %r13, %r13
-+ movq %rdx, %r10
-+ adcq %r14, %r14
-+ adcq \$0, %rbx
-
- mulq %rax
-+ addq %rcx, %rax
-+ adcq \$0, %rdx
- addq %rax, %r13
-+ movq %r12, %rax # 40($inp)
- adcq %rdx, %r14
-- adcq \$0, %r15
-+ adcq \$0, %rbx
-
- movq %r13, 48(%rsp)
- movq %r14, 56(%rsp)
-- shrq \$63, %rbx
-
- #fifth iteration
-- movq 32($inp), %r11
-- movq 40($inp), %rax
- mulq %r11
- addq %rax, %r8
-- movq 48($inp), %rax
-+ movq %rbp, %rax # 48($inp)
- movq %rdx, %rcx
- adcq \$0, %rcx
-
-@@ -369,97 +370,99 @@
- addq %rax, %r9
- movq 56($inp), %rax
- adcq \$0, %rdx
-- movq %r8, %r12
-- leaq (%rbx,%r8,2), %r8 #shld \$1, %rbx, %r8
- addq %rcx, %r9
- movq %rdx, %rcx
- adcq \$0, %rcx
-
-+ mov %rax, %r14 # 56($inp)
- mulq %r11
-- shrq \$63, %r12
- addq %rax, %r10
- movq %r11, %rax
- adcq \$0, %rdx
- addq %rcx, %r10
-- movq %rdx, %r11
-- adcq \$0, %r11
-+ adcq \$0, %rdx
-
-- movq %r9, %rcx
-- leaq (%r12,%r9,2), %r9 #shld \$1, %r8, %r9
-+ xorq %rcx, %rcx # rcx:r8:r15 = r8:r15 << 1
-+ addq %r15, %r15
-+ movq %rdx, %r11
-+ adcq %r8, %r8
-+ adcq \$0, %rcx
-
- mulq %rax
-+ addq %rbx, %rax
-+ adcq \$0, %rdx
- addq %rax, %r15
-+ movq %rbp, %rax # 48($inp)
- adcq %rdx, %r8
-- adcq \$0, %r9
-+ adcq \$0, %rcx
-
- movq %r15, 64(%rsp)
- movq %r8, 72(%rsp)
-- shrq \$63, %rcx
-
- #sixth iteration
-- movq 40($inp), %r12
-- movq 48($inp), %rax
- mulq %r12
- addq %rax, %r10
-- movq 56($inp), %rax
-+ movq %r14, %rax # 56($inp)
- movq %rdx, %rbx
- adcq \$0, %rbx
-
- mulq %r12
- addq %rax, %r11
- movq %r12, %rax
-- movq %r10, %r15
-- leaq (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10
- adcq \$0, %rdx
-- shrq \$63, %r15
- addq %rbx, %r11
-- movq %rdx, %r12
-- adcq \$0, %r12
-+ adcq \$0, %rdx
-
-- movq %r11, %rbx
-- leaq (%r15,%r11,2), %r11 #shld \$1, %r10, %r11
-+ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1
-+ addq %r9, %r9
-+ movq %rdx, %r12
-+ adcq %r10, %r10
-+ adcq \$0, %rbx
-
- mulq %rax
-+ addq %rcx, %rax
-+ adcq \$0, %rdx
- addq %rax, %r9
-+ movq %r14, %rax # 56($inp)
- adcq %rdx, %r10
-- adcq \$0, %r11
-+ adcq \$0, %rbx
-
- movq %r9, 80(%rsp)
- movq %r10, 88(%rsp)
-
- #seventh iteration
-- movq 48($inp), %r13
-- movq 56($inp), %rax
-- mulq %r13
-+ mulq %rbp
- addq %rax, %r12
-- movq %r13, %rax
-- movq %rdx, %r13
-- adcq \$0, %r13
-+ movq %rbp, %rax
-+ adcq \$0, %rdx
-
-- xorq %r14, %r14
-- shlq \$1, %rbx
-- adcq %r12, %r12 #shld \$1, %rbx, %r12
-- adcq %r13, %r13 #shld \$1, %r12, %r13
-- adcq %r14, %r14 #shld \$1, %r13, %r14
-+ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1
-+ addq %r11, %r11
-+ movq %rdx, %r13
-+ adcq %r12, %r12
-+ adcq \$0, %rcx
-
- mulq %rax
-+ addq %rbx, %rax
-+ adcq \$0, %rdx
- addq %rax, %r11
-+ movq %r14, %rax # 56($inp)
- adcq %rdx, %r12
-- adcq \$0, %r13
-+ adcq \$0, %rcx
-
- movq %r11, 96(%rsp)
- movq %r12, 104(%rsp)
-
- #eighth iteration
-- movq 56($inp), %rax
-+ xorq %rbx, %rbx # rbx:r13 = r13 << 1
-+ addq %r13, %r13
-+ adcq \$0, %rbx
-+
- mulq %rax
-- addq %rax, %r13
-+ addq %rcx, %rax
- adcq \$0, %rdx
--
-- addq %rdx, %r14
--
-- movq %r13, 112(%rsp)
-- movq %r14, 120(%rsp)
-+ addq %r13, %rax
-+ adcq %rbx, %rdx
-
- movq (%rsp), %r8
- movq 8(%rsp), %r9
-@@ -469,6 +472,10 @@
- movq 40(%rsp), %r13
- movq 48(%rsp), %r14
- movq 56(%rsp), %r15
-+ movq %xmm1, %rbp
-+
-+ movq %rax, 112(%rsp)
-+ movq %rdx, 120(%rsp)
-
- call __rsaz_512_reduce
-
-@@ -500,9 +507,9 @@
- .Loop_sqrx:
- movl $times,128+8(%rsp)
- movq $out, %xmm0 # off-load
-- movq %rbp, %xmm1 # off-load
- #first iteration
- mulx %rax, %r8, %r9
-+ mov %rax, %rbx
-
- mulx 16($inp), %rcx, %r10
- xor %rbp, %rbp # cf=0, of=0
-@@ -510,40 +517,39 @@
- mulx 24($inp), %rax, %r11
- adcx %rcx, %r9
-
-- mulx 32($inp), %rcx, %r12
-+ .byte 0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($inp), %rcx, %r12
- adcx %rax, %r10
-
-- mulx 40($inp), %rax, %r13
-+ .byte 0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00 # mulx 40($inp), %rax, %r13
- adcx %rcx, %r11
-
-- .byte 0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($inp), %rcx, %r14
-+ mulx 48($inp), %rcx, %r14
- adcx %rax, %r12
- adcx %rcx, %r13
-
-- .byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r15
-+ mulx 56($inp), %rax, %r15
- adcx %rax, %r14
- adcx %rbp, %r15 # %rbp is 0
-
-- mov %r9, %rcx
-- shld \$1, %r8, %r9
-- shl \$1, %r8
--
-- xor %ebp, %ebp
-- mulx %rdx, %rax, %rdx
-- adcx %rdx, %r8
-- mov 8($inp), %rdx
-- adcx %rbp, %r9
-+ mulx %rdx, %rax, $out
-+ mov %rbx, %rdx # 8($inp)
-+ xor %rcx, %rcx
-+ adox %r8, %r8
-+ adcx $out, %r8
-+ adox %rbp, %rcx
-+ adcx %rbp, %rcx
-
- mov %rax, (%rsp)
- mov %r8, 8(%rsp)
-
- #second iteration
-- mulx 16($inp), %rax, %rbx
-+ .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00 # mulx 16($inp), %rax, %rbx
- adox %rax, %r10
- adcx %rbx, %r11
-
-- .byte 0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r8
-+ mulx 24($inp), $out, %r8
- adox $out, %r11
-+ .byte 0x66
- adcx %r8, %r12
-
- mulx 32($inp), %rax, %rbx
-@@ -561,24 +567,25 @@
- .byte 0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r8
- adox $out, %r15
- adcx %rbp, %r8
-+ mulx %rdx, %rax, $out
- adox %rbp, %r8
-+ .byte 0x48,0x8b,0x96,0x10,0x00,0x00,0x00 # mov 16($inp), %rdx
-
-- mov %r11, %rbx
-- shld \$1, %r10, %r11
-- shld \$1, %rcx, %r10
--
-- xor %ebp,%ebp
-- mulx %rdx, %rax, %rcx
-- mov 16($inp), %rdx
-+ xor %rbx, %rbx
-+ adcx %rcx, %rax
-+ adox %r9, %r9
-+ adcx %rbp, $out
-+ adox %r10, %r10
- adcx %rax, %r9
-- adcx %rcx, %r10
-- adcx %rbp, %r11
-+ adox %rbp, %rbx
-+ adcx $out, %r10
-+ adcx %rbp, %rbx
-
- mov %r9, 16(%rsp)
- .byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp)
-
- #third iteration
-- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r9
-+ mulx 24($inp), $out, %r9
- adox $out, %r12
- adcx %r9, %r13
-
-@@ -586,7 +593,7 @@
- adox %rax, %r13
- adcx %rcx, %r14
-
-- mulx 40($inp), $out, %r9
-+ .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r9
- adox $out, %r14
- adcx %r9, %r15
-
-@@ -594,27 +601,28 @@
- adox %rax, %r15
- adcx %rcx, %r8
-
-- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r9
-+ mulx 56($inp), $out, %r9
- adox $out, %r8
- adcx %rbp, %r9
-+ mulx %rdx, %rax, $out
- adox %rbp, %r9
-+ mov 24($inp), %rdx
-
-- mov %r13, %rcx
-- shld \$1, %r12, %r13
-- shld \$1, %rbx, %r12
--
-- xor %ebp, %ebp
-- mulx %rdx, %rax, %rdx
-+ xor %rcx, %rcx
-+ adcx %rbx, %rax
-+ adox %r11, %r11
-+ adcx %rbp, $out
-+ adox %r12, %r12
- adcx %rax, %r11
-- adcx %rdx, %r12
-- mov 24($inp), %rdx
-- adcx %rbp, %r13
-+ adox %rbp, %rcx
-+ adcx $out, %r12
-+ adcx %rbp, %rcx
-
- mov %r11, 32(%rsp)
-- .byte 0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00 # mov %r12, 40(%rsp)
-+ mov %r12, 40(%rsp)
-
- #fourth iteration
-- .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00 # mulx 32($inp), %rax, %rbx
-+ mulx 32($inp), %rax, %rbx
- adox %rax, %r14
- adcx %rbx, %r15
-
-@@ -629,25 +637,25 @@
- mulx 56($inp), $out, %r10
- adox $out, %r9
- adcx %rbp, %r10
-+ mulx %rdx, %rax, $out
- adox %rbp, %r10
-+ mov 32($inp), %rdx
-
-- .byte 0x66
-- mov %r15, %rbx
-- shld \$1, %r14, %r15
-- shld \$1, %rcx, %r14
--
-- xor %ebp, %ebp
-- mulx %rdx, %rax, %rdx
-+ xor %rbx, %rbx
-+ adcx %rcx, %rax
-+ adox %r13, %r13
-+ adcx %rbp, $out
-+ adox %r14, %r14
- adcx %rax, %r13
-- adcx %rdx, %r14
-- mov 32($inp), %rdx
-- adcx %rbp, %r15
-+ adox %rbp, %rbx
-+ adcx $out, %r14
-+ adcx %rbp, %rbx
-
- mov %r13, 48(%rsp)
- mov %r14, 56(%rsp)
-
- #fifth iteration
-- .byte 0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r11
-+ mulx 40($inp), $out, %r11
- adox $out, %r8
- adcx %r11, %r9
-
-@@ -658,18 +666,19 @@
- mulx 56($inp), $out, %r11
- adox $out, %r10
- adcx %rbp, %r11
-+ mulx %rdx, %rax, $out
-+ mov 40($inp), %rdx
- adox %rbp, %r11
-
-- mov %r9, %rcx
-- shld \$1, %r8, %r9
-- shld \$1, %rbx, %r8
--
-- xor %ebp, %ebp
-- mulx %rdx, %rax, %rdx
-+ xor %rcx, %rcx
-+ adcx %rbx, %rax
-+ adox %r15, %r15
-+ adcx %rbp, $out
-+ adox %r8, %r8
- adcx %rax, %r15
-- adcx %rdx, %r8
-- mov 40($inp), %rdx
-- adcx %rbp, %r9
-+ adox %rbp, %rcx
-+ adcx $out, %r8
-+ adcx %rbp, %rcx
-
- mov %r15, 64(%rsp)
- mov %r8, 72(%rsp)
-@@ -682,18 +691,19 @@
- .byte 0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r12
- adox $out, %r11
- adcx %rbp, %r12
-+ mulx %rdx, %rax, $out
- adox %rbp, %r12
-+ mov 48($inp), %rdx
-
-- mov %r11, %rbx
-- shld \$1, %r10, %r11
-- shld \$1, %rcx, %r10
--
-- xor %ebp, %ebp
-- mulx %rdx, %rax, %rdx
-+ xor %rbx, %rbx
-+ adcx %rcx, %rax
-+ adox %r9, %r9
-+ adcx %rbp, $out
-+ adox %r10, %r10
- adcx %rax, %r9
-- adcx %rdx, %r10
-- mov 48($inp), %rdx
-- adcx %rbp, %r11
-+ adcx $out, %r10
-+ adox %rbp, %rbx
-+ adcx %rbp, %rbx
-
- mov %r9, 80(%rsp)
- mov %r10, 88(%rsp)
-@@ -703,31 +713,31 @@
- adox %rax, %r12
- adox %rbp, %r13
-
-- xor %r14, %r14
-- shld \$1, %r13, %r14
-- shld \$1, %r12, %r13
-- shld \$1, %rbx, %r12
--
-- xor %ebp, %ebp
-- mulx %rdx, %rax, %rdx
-- adcx %rax, %r11
-- adcx %rdx, %r12
-+ mulx %rdx, %rax, $out
-+ xor %rcx, %rcx
- mov 56($inp), %rdx
-- adcx %rbp, %r13
-+ adcx %rbx, %rax
-+ adox %r11, %r11
-+ adcx %rbp, $out
-+ adox %r12, %r12
-+ adcx %rax, %r11
-+ adox %rbp, %rcx
-+ adcx $out, %r12
-+ adcx %rbp, %rcx
-
- .byte 0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00 # mov %r11, 96(%rsp)
- .byte 0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00 # mov %r12, 104(%rsp)
-
- #eighth iteration
- mulx %rdx, %rax, %rdx
-- adox %rax, %r13
-- adox %rbp, %rdx
-+ xor %rbx, %rbx
-+ adcx %rcx, %rax
-+ adox %r13, %r13
-+ adcx %rbp, %rdx
-+ adox %rbp, %rbx
-+ adcx %r13, %rax
-+ adcx %rdx, %rbx
-
-- .byte 0x66
-- add %rdx, %r14
--
-- movq %r13, 112(%rsp)
-- movq %r14, 120(%rsp)
- movq %xmm0, $out
- movq %xmm1, %rbp
-
-@@ -741,6 +751,9 @@
- movq 48(%rsp), %r14
- movq 56(%rsp), %r15
-
-+ movq %rax, 112(%rsp)
-+ movq %rbx, 120(%rsp)
-+
- call __rsaz_512_reducex
-
- addq 64(%rsp), %r8
diff --git a/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/meta/recipes-connectivity/openssl/openssl/reproducible.patch
new file mode 100644
index 0000000000..a24260c95d
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/reproducible.patch
@@ -0,0 +1,32 @@
+The value for perl_archname can vary depending on the host, e.g.
+x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which
+makes the ptest package non-reproducible. Its unused other than
+these references so drop it.
+
+RP 2020/2/6
+
+Upstream-Status: Pending
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: openssl-1.1.1d/Configure
+===================================================================
+--- openssl-1.1.1d.orig/Configure
++++ openssl-1.1.1d/Configure
+@@ -286,7 +286,7 @@ if (defined env($local_config_envname))
+ # Save away perl command information
+ $config{perl_cmd} = $^X;
+ $config{perl_version} = $Config{version};
+-$config{perl_archname} = $Config{archname};
++#$config{perl_archname} = $Config{archname};
+
+ $config{prefix}="";
+ $config{openssldir}="";
+@@ -2517,7 +2517,7 @@ _____
+ @{$config{perlargv}}), "\n";
+ print "\nPerl information:\n\n";
+ print ' ',$config{perl_cmd},"\n";
+- print ' ',$config{perl_version},' for ',$config{perl_archname},"\n";
++ print ' ',$config{perl_version},"\n";
+ }
+ if ($dump || $options) {
+ my $longest = 0;
diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2u.bb
index 87df4f517a..c5a00066ba 100644
--- a/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
+++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2u.bb
@@ -53,13 +53,15 @@ SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[md5sum] = "0d2baaf04c56d542f6cc757b9c2a2aac"
-SRC_URI[sha256sum] = "ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6"
+SRC_URI[md5sum] = "cdc2638f789ecc2db2c91488265686c1"
+SRC_URI[sha256sum] = "ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16"
S = "${WORKDIR}/openssl-${PV}"
UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
+CVE_PRODUCT = "openssl:openssl"
+
inherit pkgconfig siteinfo multilib_header ptest manpages
PACKAGECONFIG ?= "cryptodev-linux"
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
index d256646934..a57e09c802 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
@@ -16,15 +16,14 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://0001-skip-test_symbol_presence.patch \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
- file://CVE-2019-1551.patch \
+ file://reproducible.patch \
"
SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[md5sum] = "3be209000dbc7e1b95bcdf47980a3baa"
-SRC_URI[sha256sum] = "1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2"
+SRC_URI[sha256sum] = "ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46"
inherit lib_package multilib_header ptest
@@ -32,7 +31,7 @@ PACKAGECONFIG ?= ""
PACKAGECONFIG_class-native = ""
PACKAGECONFIG_class-nativesdk = ""
-PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux"
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch
new file mode 100644
index 0000000000..b7ba7ba643
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch
@@ -0,0 +1,47 @@
+From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Mon, 3 Feb 2020 15:53:28 +1100
+Subject: [PATCH] pppd: Fix bounds check in EAP code
+
+Given that we have just checked vallen < len, it can never be the case
+that vallen >= len + sizeof(rhostname). This fixes the check so we
+actually avoid overflowing the rhostname array.
+
+Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+
+Upstream-Status: Backport
+[https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426]
+
+CVE: CVE-2020-8597
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ pppd/eap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 94407f5..1b93db0 100644
+--- a/pppd/eap.c
++++ b/pppd/eap.c
+@@ -1420,7 +1420,7 @@ int len;
+ }
+
+ /* Not so likely to happen. */
+- if (vallen >= len + sizeof (rhostname)) {
++ if (len - vallen >= sizeof (rhostname)) {
+ dbglog("EAP: trimming really long peer name down");
+ BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ rhostname[sizeof (rhostname) - 1] = '\0';
+@@ -1846,7 +1846,7 @@ int len;
+ }
+
+ /* Not so likely to happen. */
+- if (vallen >= len + sizeof (rhostname)) {
++ if (len - vallen >= sizeof (rhostname)) {
+ dbglog("EAP: trimming really long peer name down");
+ BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ rhostname[sizeof (rhostname) - 1] = '\0';
+--
+2.17.1
+
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
index 644cde4562..60c56dd0bd 100644
--- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
+++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
@@ -33,6 +33,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \
file://0001-ppp-Remove-unneeded-include.patch \
file://ppp-2.4.7-DES-openssl.patch \
+ file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \
"
SRC_URI_append_libc-musl = "\
diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index a17c51e9a7..20a71adb52 100644
--- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -22,7 +22,7 @@ IMAGE_FSTYPES = "wic.vmdk"
inherit core-image module-base setuptools3
-SRCREV ?= "d0f73121551dc98f6924cd77952bf9ebf5ef3dd7"
+SRCREV ?= "83e9841bb832c0e68b3b34e64166234ad09155b9"
SRC_URI = "git://git.yoctoproject.org/poky;branch=warrior \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch b/meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch
new file mode 100644
index 0000000000..4ee2d4fe62
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch
@@ -0,0 +1,37 @@
+From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Tue, 20 Aug 2019 16:33:06 +0800
+Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
+
+When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
+alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
+to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
+vctxt->xsiAssemble to 0 again which cause the alloced schema
+can not be freed anymore.
+
+Found with libFuzzer.
+
+Upstream-Status: Accepted [https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a]
+CVE: CVE-2019-20388
+
+Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ xmlschemas.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 301c8449..39d92182 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
+ vctxt->nberrors = 0;
+ vctxt->depth = -1;
+ vctxt->skipDepth = -1;
+- vctxt->xsiAssemble = 0;
+ vctxt->hasKeyrefs = 0;
+ #ifdef ENABLE_IDC_NODE_TABLES_TEST
+ vctxt->createIDCNodeTables = 1;
+--
+2.24.1
+
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch b/meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch
new file mode 100644
index 0000000000..facfefd362
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch
@@ -0,0 +1,36 @@
+From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Thu, 12 Dec 2019 17:30:55 +0800
+Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
+
+When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
+return NULL which cause a infinite loop in xmlStringLenDecodeEntities
+
+Found with libFuzzer.
+
+Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076]
+CVE: CVE-2020-7595
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ parser.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index d1c31963..a34bb6cd 100644
+--- a/parser.c
++++ b/parser.c
+@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
+ else
+ c = 0;
+ while ((c != 0) && (c != end) && /* non input consuming loop */
+- (c != end2) && (c != end3)) {
++ (c != end2) && (c != end3) &&
++ (ctxt->instate != XML_PARSER_EOF)) {
+
+ if (c == 0) break;
+ if ((c == '&') && (str[1] == '#')) {
+--
+2.24.1
+
diff --git a/meta/recipes-core/libxml/libxml2/fix-CVE-2019-19956.patch b/meta/recipes-core/libxml/libxml2/fix-CVE-2019-19956.patch
new file mode 100644
index 0000000000..43c3589d2c
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/fix-CVE-2019-19956.patch
@@ -0,0 +1,38 @@
+From 3cd2b25ddb04740be2880cfd78d60038452228b1 Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Wed, 7 Aug 2019 17:39:17 +0800
+Subject: [PATCH] Fix memory leak in xmlParseBalancedChunkMemoryRecover
+
+When doc is NULL, namespace created in xmlTreeEnsureXMLDecl
+is bind to newDoc->oldNs, in this case, set newDoc->oldNs to
+NULL and free newDoc will cause a memory leak.
+
+Found with libFuzzer.
+
+Closes #82.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549]
+CVE: CVE-2019-19956
+
+Signed-off-by: Rahul Chauhan <rahulk@mvista.com>
+---
+ parser.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index b7ecd65..491f5c9 100644
+--- a/parser.c
++++ b/parser.c
+@@ -13899,7 +13899,8 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr doc, xmlSAXHandlerPtr sax,
+ xmlFreeParserCtxt(ctxt);
+ newDoc->intSubset = NULL;
+ newDoc->extSubset = NULL;
+- newDoc->oldNs = NULL;
++ if(doc != NULL)
++ newDoc->oldNs = NULL;
+ xmlFreeDoc(newDoc);
+
+ return(ret);
+--
+2.7.4
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.8.bb b/meta/recipes-core/libxml/libxml2_2.9.8.bb
index 62643bc764..ab47a50c56 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.8.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.8.bb
@@ -23,6 +23,9 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
file://fix-CVE-2017-8872.patch \
file://fix-CVE-2018-14404.patch \
file://0001-Fix-infinite-loop-in-LZMA-decompression.patch \
+ file://fix-CVE-2019-19956.patch \
+ file://CVE-2020-7595.patch \
+ file://CVE-2019-20388.patch \
"
SRC_URI[libtar.md5sum] = "b786e353e2aa1b872d70d5d1ca0c740d"
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 575254af40..1b4f31692b 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -122,7 +122,7 @@ def parse_node_and_insert(c, node, cveId):
product = cpe23[4]
version = cpe23[5]
- if version != '*':
+ if version != '*' and version != '-':
# Version is defined, this is a '=' match
yield [cveId, vendor, product, version, '=', '', '']
else:
diff --git a/meta/recipes-core/ncurses/ncurses_6.1+20181013.bb b/meta/recipes-core/ncurses/ncurses_6.1+20181013.bb
index ef6ca9879b..90f6b4695c 100644
--- a/meta/recipes-core/ncurses/ncurses_6.1+20181013.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.1+20181013.bb
@@ -9,3 +9,5 @@ SRCREV = "7a97a7f937762ba342d5b2fd7cd090885a809835"
S = "${WORKDIR}/git"
EXTRA_OECONF += "--with-abi-version=5 --cache-file=${B}/config.cache"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+(\+\d+)*)"
+
+CVE_VERSION = "6.1.${@d.getVar("PV").split('+')[1]}"
diff --git a/meta/recipes-core/systemd/systemd/0001-bus_open-leak-sd_event_source-when-udevadm-trigger.patch b/meta/recipes-core/systemd/systemd/0001-bus_open-leak-sd_event_source-when-udevadm-trigger.patch
new file mode 100644
index 0000000000..7864140bd1
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/0001-bus_open-leak-sd_event_source-when-udevadm-trigger.patch
@@ -0,0 +1,35 @@
+From 3e9828454dcdaa6cd19ee7ea3e3db30567f22c9f Mon Sep 17 00:00:00 2001
+From: ven <2988994+hexiaowen@users.noreply.github.com>
+Date: Wed, 22 May 2019 14:24:28 +0800
+Subject: =?UTF-8?q?bus=5Fopen=20leak=20sd=5Fevent=5Fsource=20when=20udevad?=
+ =?UTF-8?q?m=20trigger=E3=80=82?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On my host, when executing the udevadm trigger, I only receive the change event, which causes memleak
+
+CVE: CVE-2019-20386
+Upstream-Status: Backport
+Signed-off-by: Adrian Bunk <bunk@stusta.de>
+---
+ src/login/logind-button.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/login/logind-button.c b/src/login/logind-button.c
+index daffbf0668..1624a31cc3 100644
+--- a/src/login/logind-button.c
++++ b/src/login/logind-button.c
+@@ -341,7 +341,8 @@ int button_open(Button *b) {
+ }
+
+ (void) button_set_mask(b);
+-
++
++ b->io_event_source = sd_event_source_unref(b->io_event_source);
+ r = sd_event_add_io(b->manager->event, &b->io_event_source, b->fd, EPOLLIN, button_dispatch, b);
+ if (r < 0) {
+ log_error_errno(r, "Failed to add button event: %m");
+--
+2.20.1
+
diff --git a/meta/recipes-core/systemd/systemd_241.bb b/meta/recipes-core/systemd/systemd_241.bb
index eb3242d624..e0dc936294 100644
--- a/meta/recipes-core/systemd/systemd_241.bb
+++ b/meta/recipes-core/systemd/systemd_241.bb
@@ -24,6 +24,7 @@ SRC_URI += "file://touchscreen.rules \
file://0005-rules-watch-metadata-changes-in-ide-devices.patch \
file://0001-meson-declare-version.h-as-dep-for-various-targets-t.patch \
file://0001-meson-declare-version.h-as-dependency-for-systemd.patch \
+ file://0001-bus_open-leak-sd_event_source-when-udevadm-trigger.patch \
"
# patches needed by musl
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch
new file mode 100644
index 0000000000..ba4e3a3c97
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch
@@ -0,0 +1,49 @@
+From 71ba13755337e19c9a826dfc874562a36e1b24d3 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 19 Dec 2019 19:45:06 -0500
+Subject: [PATCH] e2fsck: don't try to rehash a deleted directory
+
+If directory has been deleted in pass1[bcd] processing, then we
+shouldn't try to rehash the directory in pass 3a when we try to
+rehash/reoptimize directories.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba13755337e19c9a826dfc874562a36e1b24d3]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ e2fsck/pass1b.c | 4 ++++
+ e2fsck/rehash.c | 2 ++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/e2fsck/pass1b.c b/e2fsck/pass1b.c
+index 5693b9cf..bca701ca 100644
+--- a/e2fsck/pass1b.c
++++ b/e2fsck/pass1b.c
+@@ -705,6 +705,10 @@ static void delete_file(e2fsck_t ctx, ext2_ino_t ino,
+ fix_problem(ctx, PR_1B_BLOCK_ITERATE, &pctx);
+ if (ctx->inode_bad_map)
+ ext2fs_unmark_inode_bitmap2(ctx->inode_bad_map, ino);
++ if (ctx->inode_reg_map)
++ ext2fs_unmark_inode_bitmap2(ctx->inode_reg_map, ino);
++ ext2fs_unmark_inode_bitmap2(ctx->inode_dir_map, ino);
++ ext2fs_unmark_inode_bitmap2(ctx->inode_used_map, ino);
+ ext2fs_inode_alloc_stats2(fs, ino, -1, LINUX_S_ISDIR(dp->inode.i_mode));
+ quota_data_sub(ctx->qctx, &dp->inode, ino,
+ pb.dup_blocks * fs->blocksize);
+diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
+index 3dd1e941..2c908be0 100644
+--- a/e2fsck/rehash.c
++++ b/e2fsck/rehash.c
+@@ -1028,6 +1028,8 @@ void e2fsck_rehash_directories(e2fsck_t ctx)
+ if (!ext2fs_u32_list_iterate(iter, &ino))
+ break;
+ }
++ if (!ext2fs_test_inode_bitmap2(ctx->inode_dir_map, ino))
++ continue;
+
+ pctx.dir = ino;
+ if (first) {
+--
+2.24.1
+
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch
new file mode 100644
index 0000000000..de4bce0037
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch
@@ -0,0 +1,57 @@
+From 8dd73c149f418238f19791f9d666089ef9734dff Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 19 Dec 2019 19:37:34 -0500
+Subject: [PATCH] e2fsck: abort if there is a corrupted directory block when
+ rehashing
+
+In e2fsck pass 3a, when we are rehashing directories, at least in
+theory, all of the directories should have had corruptions with
+respect to directory entry structure fixed. However, it's possible
+(for example, if the user declined a fix) that we can reach this stage
+of processing with a corrupted directory entries.
+
+So check for that case and don't try to process a corrupted directory
+block so we don't run into trouble in mutate_name() if there is a
+zero-length file name.
+
+Addresses: TALOS-2019-0973
+Addresses: CVE-2019-5188
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+CVE: CVE-2019-5188
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff]
+---
+ e2fsck/rehash.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
+index a5fc1be1..3dd1e941 100644
+--- a/e2fsck/rehash.c
++++ b/e2fsck/rehash.c
+@@ -160,6 +160,10 @@ static int fill_dir_block(ext2_filsys fs,
+ dir_offset += rec_len;
+ if (dirent->inode == 0)
+ continue;
++ if ((name_len) == 0) {
++ fd->err = EXT2_ET_DIR_CORRUPTED;
++ return BLOCK_ABORT;
++ }
+ if (!fd->compress && (name_len == 1) &&
+ (dirent->name[0] == '.'))
+ continue;
+@@ -401,6 +405,11 @@ static int duplicate_search_and_fix(e2fsck_t ctx, ext2_filsys fs,
+ continue;
+ }
+ new_len = ext2fs_dirent_name_len(ent->dir);
++ if (new_len == 0) {
++ /* should never happen */
++ ext2fs_unmark_valid(fs);
++ continue;
++ }
+ memcpy(new_name, ent->dir->name, new_len);
+ mutate_name(new_name, &new_len);
+ for (j=0; j < fd->num_array; j++) {
+--
+2.24.1
+
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch
new file mode 100644
index 0000000000..342a2b855b
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch
@@ -0,0 +1,76 @@
+From: Wang Shilong <wshilong@ddn.com>
+Date: Mon, 30 Dec 2019 19:52:39 -0500
+Subject: e2fsck: fix use after free in calculate_tree()
+
+The problem is alloc_blocks() will call get_next_block() which might
+reallocate outdir->buf, and memory address could be changed after
+this. To fix this, pointers that point into outdir->buf, such as
+int_limit and root need to be recaulated based on the new starting
+address of outdir->buf.
+
+[ Changed to correctly recalculate int_limit, and to optimize how we
+ reallocate outdir->buf. -TYT ]
+
+Addresses-Debian-Bug: 948517
+Signed-off-by: Wang Shilong <wshilong@ddn.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+(cherry picked from commit 101e73e99ccafa0403fcb27dd7413033b587ca01)
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=101e73e99ccafa0403fcb27dd7413033b587ca01]
+---
+ e2fsck/rehash.c | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
+index 0a5888a9..2574e151 100644
+--- a/e2fsck/rehash.c
++++ b/e2fsck/rehash.c
+@@ -295,7 +295,11 @@ static errcode_t get_next_block(ext2_filsys fs, struct out_dir *outdir,
+ errcode_t retval;
+
+ if (outdir->num >= outdir->max) {
+- retval = alloc_size_dir(fs, outdir, outdir->max + 50);
++ int increment = outdir->max / 10;
++
++ if (increment < 50)
++ increment = 50;
++ retval = alloc_size_dir(fs, outdir, outdir->max + increment);
+ if (retval)
+ return retval;
+ }
+@@ -637,6 +641,9 @@ static int alloc_blocks(ext2_filsys fs,
+ if (retval)
+ return retval;
+
++ /* outdir->buf might be reallocated */
++ *prev_ent = (struct ext2_dx_entry *) (outdir->buf + *prev_offset);
++
+ *next_ent = set_int_node(fs, block_start);
+ *limit = (struct ext2_dx_countlimit *)(*next_ent);
+ if (next_offset)
+@@ -726,6 +733,9 @@ static errcode_t calculate_tree(ext2_filsys fs,
+ return retval;
+ }
+ if (c3 == 0) {
++ int delta1 = (char *)int_limit - outdir->buf;
++ int delta2 = (char *)root - outdir->buf;
++
+ retval = alloc_blocks(fs, &limit, &int_ent,
+ &dx_ent, &int_offset,
+ NULL, outdir, i, &c2,
+@@ -733,6 +743,11 @@ static errcode_t calculate_tree(ext2_filsys fs,
+ if (retval)
+ return retval;
+
++ /* outdir->buf might be reallocated */
++ int_limit = (struct ext2_dx_countlimit *)
++ (outdir->buf + delta1);
++ root = (struct ext2_dx_entry *)
++ (outdir->buf + delta2);
+ }
+ dx_ent->block = ext2fs_cpu_to_le32(i);
+ if (c3 != limit->limit)
+--
+2.24.1
+
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.5.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.5.bb
index 0695ee9dc3..da06888b34 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.5.bb
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.5.bb
@@ -7,6 +7,9 @@ SRC_URI += "file://remove.ldconfig.call.patch \
file://mkdir_p.patch \
file://0001-misc-create_inode.c-set-dir-s-mode-correctly.patch \
file://0001-create_inode-fix-copying-large-files.patch \
+ file://CVE-2019-5188.patch \
+ file://0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch \
+ file://e2fsck-fix-use-after-free-in-calculate_tree.patch \
"
SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \
diff --git a/meta/recipes-devtools/git/git_2.20.1.bb b/meta/recipes-devtools/git/git_2.20.1.bb
deleted file mode 100644
index 877fb05e58..0000000000
--- a/meta/recipes-devtools/git/git_2.20.1.bb
+++ /dev/null
@@ -1,11 +0,0 @@
-require git.inc
-
-EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
- ac_cv_fread_reads_directories=${ac_cv_fread_reads_directories=yes} \
- "
-EXTRA_OEMAKE += "NO_GETTEXT=1"
-
-SRC_URI[tarball.md5sum] = "7a7769e5c957364ed0aed89e6e67c254"
-SRC_URI[tarball.sha256sum] = "edc3bc1495b69179ba4e272e97eff93334a20decb1d8db6ec3c19c16417738fd"
-SRC_URI[manpages.md5sum] = "78c6e54a61a167dab5e8ae07036293ab"
-SRC_URI[manpages.sha256sum] = "e9c123463abd05e142defe44a8060ce6e9853dfd8c83b2542e38b7deac4e6d4c"
diff --git a/meta/recipes-devtools/git/git_2.20.4.bb b/meta/recipes-devtools/git/git_2.20.4.bb
new file mode 100644
index 0000000000..e44da452ad
--- /dev/null
+++ b/meta/recipes-devtools/git/git_2.20.4.bb
@@ -0,0 +1,11 @@
+require git.inc
+
+EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
+ ac_cv_fread_reads_directories=${ac_cv_fread_reads_directories=yes} \
+ "
+EXTRA_OEMAKE += "NO_GETTEXT=1"
+
+SRC_URI[tarball.md5sum] = "6f524e37186a79848a716e2a91330868"
+SRC_URI[tarball.sha256sum] = "92719084d7648b69038ea617a3bc45ec74f60ed7eef753ae2ad84b6f0b268e9a"
+SRC_URI[manpages.md5sum] = "dceabcda244042a06ed4cabd754627a5"
+SRC_URI[manpages.sha256sum] = "72fdd1799756b1240921d10eb5c67de9a651b44d429ba7293929c9d5344ad3e0"
diff --git a/meta/recipes-devtools/python/python-native_2.7.17.bb b/meta/recipes-devtools/python/python-native_2.7.18.bb
index 335318bab8..335318bab8 100644
--- a/meta/recipes-devtools/python/python-native_2.7.17.bb
+++ b/meta/recipes-devtools/python/python-native_2.7.18.bb
diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc
index a2424a67bf..bd214e8f8b 100644
--- a/meta/recipes-devtools/python/python.inc
+++ b/meta/recipes-devtools/python/python.inc
@@ -5,13 +5,13 @@ SECTION = "devel/python"
# bump this on every change in contrib/python/generate-manifest-2.7.py
INC_PR = "r1"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=203a6dbc802ee896020a47161e759642"
SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
"
-SRC_URI[md5sum] = "b3b6d2c92f42a60667814358ab9f0cfd"
-SRC_URI[sha256sum] = "4d43f033cdbd0aa7b7023c81b0e986fd11e653b5248dac9144d508f11812ba41"
+SRC_URI[md5sum] = "fd6cc8ec0a78c44036f825e739f36e5a"
+SRC_URI[sha256sum] = "b62c0e7937551d0cc02b8fd5cb0f544f9405bafc9a54d3808ed4594812edef43"
# python recipe is actually python 2.x
# also, exclude pre-releases for both python 2.x and 3.x
diff --git a/meta/recipes-devtools/python/python/python2-manifest.json b/meta/recipes-devtools/python/python/python2-manifest.json
index eb52e862ab..fd98774d00 100644
--- a/meta/recipes-devtools/python/python/python2-manifest.json
+++ b/meta/recipes-devtools/python/python/python2-manifest.json
@@ -267,6 +267,7 @@
"${libdir}/python2.7/lib-dynload/xreadlines.so",
"${libdir}/python2.7/linecache.py",
"${libdir}/python2.7/new.py",
+ "${libdir}/python2.7/ntpath.py",
"${libdir}/python2.7/os.py",
"${libdir}/python2.7/platform.py",
"${libdir}/python2.7/posixpath.py",
diff --git a/meta/recipes-devtools/python/python3_3.7.6.bb b/meta/recipes-devtools/python/python3_3.7.7.bb
index 3efd3bcac8..114cf2fe09 100644
--- a/meta/recipes-devtools/python/python3_3.7.6.bb
+++ b/meta/recipes-devtools/python/python3_3.7.7.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "http://www.python.org"
LICENSE = "PSFv2"
SECTION = "devel/python"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=203a6dbc802ee896020a47161e759642"
SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://run-ptest \
@@ -38,8 +38,8 @@ SRC_URI_append_class-nativesdk = " \
file://0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch \
"
-SRC_URI[md5sum] = "c08fbee72ad5c2c95b0f4e44bf6fd72c"
-SRC_URI[sha256sum] = "55a2cce72049f0794e9a11a84862e9039af9183603b78bc60d89539f82cf533f"
+SRC_URI[md5sum] = "172c650156f7bea68ce31b2fd01fa766"
+SRC_URI[sha256sum] = "06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
diff --git a/meta/recipes-devtools/python/python_2.7.17.bb b/meta/recipes-devtools/python/python_2.7.18.bb
index ec724c3918..ec724c3918 100644
--- a/meta/recipes-devtools/python/python_2.7.17.bb
+++ b/meta/recipes-devtools/python/python_2.7.18.bb
diff --git a/meta/recipes-devtools/rsync/rsync_3.1.3.bb b/meta/recipes-devtools/rsync/rsync_3.1.3.bb
index ffb1d061c0..152ff02a25 100644
--- a/meta/recipes-devtools/rsync/rsync_3.1.3.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.1.3.bb
@@ -20,6 +20,9 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf"
SRC_URI[sha256sum] = "55cc554efec5fdaad70de921cd5a5eeb6c29a95524c715f3bbf849235b0800c0"
+# -16548 required for v3.1.3pre1. Already in v3.1.3.
+CVE_CHECK_WHITELIST += " CVE-2017-16548 "
+
inherit autotools
PACKAGECONFIG ??= "acl attr \
diff --git a/meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch b/meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch
new file mode 100644
index 0000000000..5d587fc832
--- /dev/null
+++ b/meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch
@@ -0,0 +1,316 @@
+CVE: CVE-2019-14866
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7554e3e42cd72f6f8304410c47fe6f8918e9bfd7]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+From a052401293e45a13cded5959b258204dae6d0af5 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Sun, 3 Nov 2019 23:59:39 +0200
+Subject: [PATCH] Fix CVE-2019-14866
+
+* src/copyout.c (to_ascii): Additional argument nul controls whether
+to add the terminating nul character.
+(field_width_error): Improve diagnostics: print the actual and the
+maximum allowed field value.
+* src/extern.h (to_ascii, field_width_error): New prototypes.
+* src/tar.c (to_oct): Remove.
+(to_oct_or_error): New function.
+(TO_OCT): New macro.
+(write_out_tar_header): Use TO_OCT and to_ascii. Return 0 on
+success, 1 on error.
+---
+ src/copyout.c | 49 ++++++++++++++++++++++--------------
+ src/extern.h | 15 +++++++++--
+ src/tar.c | 69 ++++++++++++++++++++++++---------------------------
+ 3 files changed, 75 insertions(+), 58 deletions(-)
+
+diff --git a/src/copyout.c b/src/copyout.c
+index 1f0987a..1ae5477 100644
+--- a/src/copyout.c
++++ b/src/copyout.c
+@@ -269,26 +269,32 @@ writeout_final_defers (int out_des)
+ so it should be moved to paxutils too.
+ Allowed values for logbase are: 1 (binary), 2, 3 (octal), 4 (hex) */
+ int
+-to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase)
++to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, bool nul)
+ {
+ static char codetab[] = "0123456789ABCDEF";
+- int i = digits;
+-
+- do
++
++ if (nul)
++ where[--digits] = 0;
++ while (digits > 0)
+ {
+- where[--i] = codetab[(v & ((1 << logbase) - 1))];
++ where[--digits] = codetab[(v & ((1 << logbase) - 1))];
+ v >>= logbase;
+ }
+- while (i);
+
+ return v != 0;
+ }
+
+-static void
+-field_width_error (const char *filename, const char *fieldname)
++void
++field_width_error (const char *filename, const char *fieldname,
++ uintmax_t value, size_t width, bool nul)
+ {
+- error (0, 0, _("%s: field width not sufficient for storing %s"),
+- filename, fieldname);
++ char valbuf[UINTMAX_STRSIZE_BOUND + 1];
++ char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
++ error (0, 0, _("%s: value %s %s out of allowed range 0..%s"),
++ filename, fieldname,
++ STRINGIFY_BIGINT (value, valbuf),
++ STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8),
++ maxbuf));
+ }
+
+ static void
+@@ -303,7 +309,7 @@ to_ascii_or_warn (char *where, uintmax_t n, size_t digits,
+ unsigned logbase,
+ const char *filename, const char *fieldname)
+ {
+- if (to_ascii (where, n, digits, logbase))
++ if (to_ascii (where, n, digits, logbase, false))
+ field_width_warning (filename, fieldname);
+ }
+
+@@ -312,9 +318,9 @@ to_ascii_or_error (char *where, uintmax_t n, size_t digits,
+ unsigned logbase,
+ const char *filename, const char *fieldname)
+ {
+- if (to_ascii (where, n, digits, logbase))
++ if (to_ascii (where, n, digits, logbase, false))
+ {
+- field_width_error (filename, fieldname);
++ field_width_error (filename, fieldname, n, digits, false);
+ return 1;
+ }
+ return 0;
+@@ -371,7 +377,7 @@ write_out_new_ascii_header (const char *magic_string,
+ _("name size")))
+ return 1;
+ p += 8;
+- to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16);
++ to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16, false);
+
+ tape_buffered_write (ascii_header, out_des, sizeof ascii_header);
+
+@@ -388,7 +394,7 @@ write_out_old_ascii_header (dev_t dev, dev_t rdev,
+ char ascii_header[76];
+ char *p = ascii_header;
+
+- to_ascii (p, file_hdr->c_magic, 6, LG_8);
++ to_ascii (p, file_hdr->c_magic, 6, LG_8, false);
+ p += 6;
+ to_ascii_or_warn (p, dev, 6, LG_8, file_hdr->c_name, _("device number"));
+ p += 6;
+@@ -492,7 +498,10 @@ write_out_binary_header (dev_t rdev,
+ short_hdr.c_namesize = file_hdr->c_namesize & 0xFFFF;
+ if (short_hdr.c_namesize != file_hdr->c_namesize)
+ {
+- field_width_error (file_hdr->c_name, _("name size"));
++ char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
++ error (0, 0, _("%s: value %s %s out of allowed range 0..%u"),
++ file_hdr->c_name, _("name size"),
++ STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFu);
+ return 1;
+ }
+
+@@ -502,7 +511,10 @@ write_out_binary_header (dev_t rdev,
+ if (((off_t)short_hdr.c_filesizes[0] << 16) + short_hdr.c_filesizes[1]
+ != file_hdr->c_filesize)
+ {
+- field_width_error (file_hdr->c_name, _("file size"));
++ char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
++ error (0, 0, _("%s: value %s %s out of allowed range 0..%lu"),
++ file_hdr->c_name, _("file size"),
++ STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFFFFFlu);
+ return 1;
+ }
+
+@@ -552,8 +564,7 @@ write_out_header (struct cpio_file_stat *file_hdr, int out_des)
+ error (0, 0, _("%s: file name too long"), file_hdr->c_name);
+ return 1;
+ }
+- write_out_tar_header (file_hdr, out_des); /* FIXME: No error checking */
+- return 0;
++ return write_out_tar_header (file_hdr, out_des);
+
+ case arf_binary:
+ return write_out_binary_header (makedev (file_hdr->c_rdev_maj,
+diff --git a/src/extern.h b/src/extern.h
+index e27d662..f9ef56a 100644
+--- a/src/extern.h
++++ b/src/extern.h
+@@ -117,6 +117,10 @@ void print_name_with_quoting (char *p);
+ /* copyout.c */
+ int write_out_header (struct cpio_file_stat *file_hdr, int out_des);
+ void process_copy_out (void);
++int to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase,
++ bool nul);
++void field_width_error (const char *filename, const char *fieldname,
++ uintmax_t value, size_t width, bool nul);
+
+ /* copypass.c */
+ void process_copy_pass (void);
+@@ -145,7 +149,7 @@ int make_path (char *argpath, uid_t owner, gid_t group,
+ const char *verbose_fmt_string);
+
+ /* tar.c */
+-void write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des);
++int write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des);
+ int null_block (long *block, int size);
+ void read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des);
+ int otoa (char *s, unsigned long *n);
+@@ -204,9 +208,16 @@ void cpio_safer_name_suffix (char *name, bool link_target,
+ int cpio_create_dir (struct cpio_file_stat *file_hdr, int existing_dir);
+ void change_dir (void);
+
+-/* FIXME: These two defines should be defined in paxutils */
++/* FIXME: The following three should be defined in paxutils */
+ #define LG_8 3
+ #define LG_16 4
++/* The maximum uintmax_t value that can be represented with DIGITS digits,
++ assuming that each digit is BITS_PER_DIGIT wide. */
++#define MAX_VAL_WITH_DIGITS(digits, bits_per_digit) \
++ ((digits) * (bits_per_digit) < sizeof (uintmax_t) * CHAR_BIT \
++ ? ((uintmax_t) 1 << ((digits) * (bits_per_digit))) - 1 \
++ : (uintmax_t) -1)
++
+
+ uintmax_t from_ascii (char const *where, size_t digs, unsigned logbase);
+
+diff --git a/src/tar.c b/src/tar.c
+index a2ce171..ef58027 100644
+--- a/src/tar.c
++++ b/src/tar.c
+@@ -79,36 +79,17 @@ stash_tar_filename (char *prefix, char *filename)
+ return hold_tar_filename;
+ }
+
+-/* Convert a number into a string of octal digits.
+- Convert long VALUE into a DIGITS-digit field at WHERE,
+- including a trailing space and room for a NUL. DIGITS==3 means
+- 1 digit, a space, and room for a NUL.
+-
+- We assume the trailing NUL is already there and don't fill it in.
+- This fact is used by start_header and finish_header, so don't change it!
+-
+- This is be equivalent to:
+- sprintf (where, "%*lo ", digits - 2, value);
+- except that sprintf fills in the trailing NUL and we don't. */
+-
+-static void
+-to_oct (register long value, register int digits, register char *where)
++static int
++to_oct_or_error (uintmax_t value, size_t digits, char *where, char const *field,
++ char const *file)
+ {
+- --digits; /* Leave the trailing NUL slot alone. */
+-
+- /* Produce the digits -- at least one. */
+- do
++ if (to_ascii (where, value, digits, LG_8, true))
+ {
+- where[--digits] = '0' + (char) (value & 7); /* One octal digit. */
+- value >>= 3;
++ field_width_error (file, field, value, digits, true);
++ return 1;
+ }
+- while (digits > 0 && value != 0);
+-
+- /* Add leading zeroes, if necessary. */
+- while (digits > 0)
+- where[--digits] = '0';
++ return 0;
+ }
+-
+
+
+ /* Compute and return a checksum for TAR_HDR,
+@@ -134,10 +115,22 @@ tar_checksum (struct tar_header *tar_hdr)
+ return sum;
+ }
+
++#define TO_OCT(file_hdr, c_fld, digits, tar_hdr, tar_field) \
++ do \
++ { \
++ if (to_oct_or_error (file_hdr -> c_fld, \
++ digits, \
++ tar_hdr -> tar_field, \
++ #tar_field, \
++ file_hdr->c_name)) \
++ return 1; \
++ } \
++ while (0)
++
+ /* Write out header FILE_HDR, including the file name, to file
+ descriptor OUT_DES. */
+
+-void
++int
+ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
+ {
+ int name_len;
+@@ -166,11 +159,11 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
+
+ /* Ustar standard (POSIX.1-1988) requires the mode to contain only 3 octal
+ digits */
+- to_oct (file_hdr->c_mode & MODE_ALL, 8, tar_hdr->mode);
+- to_oct (file_hdr->c_uid, 8, tar_hdr->uid);
+- to_oct (file_hdr->c_gid, 8, tar_hdr->gid);
+- to_oct (file_hdr->c_filesize, 12, tar_hdr->size);
+- to_oct (file_hdr->c_mtime, 12, tar_hdr->mtime);
++ TO_OCT (file_hdr, c_mode & MODE_ALL, 8, tar_hdr, mode);
++ TO_OCT (file_hdr, c_uid, 8, tar_hdr, uid);
++ TO_OCT (file_hdr, c_gid, 8, tar_hdr, gid);
++ TO_OCT (file_hdr, c_filesize, 12, tar_hdr, size);
++ TO_OCT (file_hdr, c_mtime, 12, tar_hdr, mtime);
+
+ switch (file_hdr->c_mode & CP_IFMT)
+ {
+@@ -182,7 +175,7 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
+ strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname,
+ TARLINKNAMESIZE);
+ tar_hdr->typeflag = LNKTYPE;
+- to_oct (0, 12, tar_hdr->size);
++ to_ascii (tar_hdr->size, 0, 12, LG_8, true);
+ }
+ else
+ tar_hdr->typeflag = REGTYPE;
+@@ -208,7 +201,7 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
+ than TARLINKNAMESIZE. */
+ strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname,
+ TARLINKNAMESIZE);
+- to_oct (0, 12, tar_hdr->size);
++ to_ascii (tar_hdr->size, 0, 12, LG_8, true);
+ break;
+ #endif /* CP_IFLNK */
+ }
+@@ -227,13 +220,15 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
+ if (name)
+ strcpy (tar_hdr->gname, name);
+
+- to_oct (file_hdr->c_rdev_maj, 8, tar_hdr->devmajor);
+- to_oct (file_hdr->c_rdev_min, 8, tar_hdr->devminor);
++ TO_OCT (file_hdr, c_rdev_maj, 8, tar_hdr, devmajor);
++ TO_OCT (file_hdr, c_rdev_min, 8, tar_hdr, devminor);
+ }
+
+- to_oct (tar_checksum (tar_hdr), 8, tar_hdr->chksum);
++ to_ascii (tar_hdr->chksum, tar_checksum (tar_hdr), 8, LG_8, true);
+
+ tape_buffered_write ((char *) &tar_rec, out_des, TARRECORDSIZE);
++
++ return 0;
+ }
+
+ /* Return nonzero iff all the bytes in BLOCK are NUL.
+--
+2.24.1
+
diff --git a/meta/recipes-extended/cpio/cpio_2.12.bb b/meta/recipes-extended/cpio/cpio_2.12.bb
index 3713bf0b1f..5abe494ebc 100644
--- a/meta/recipes-extended/cpio/cpio_2.12.bb
+++ b/meta/recipes-extended/cpio/cpio_2.12.bb
@@ -11,6 +11,7 @@ SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \
file://0001-Fix-CVE-2015-1197.patch \
file://0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch \
file://0001-Fix-segfault-with-append.patch \
+ file://CVE-2019-14866.patch \
"
SRC_URI[md5sum] = "fc207561a86b63862eea4b8300313e86"
diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index 1ade0075e6..f6bab1acb4 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -4,7 +4,7 @@ SECTION = "base"
LICENSE = "PD & BSD & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
-PV = "2019a"
+PV = "2019c"
SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \
@@ -12,7 +12,7 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
-SRC_URI[tzcode.md5sum] = "27585a20bc5401324f42c8deb6e4677f"
-SRC_URI[tzcode.sha256sum] = "8739f162bc30cdfb482435697f969253abea49595541a0afd5f443fbae433ff5"
-SRC_URI[tzdata.md5sum] = "288f7b1e43018c633da108f13b27cf91"
-SRC_URI[tzdata.sha256sum] = "90366ddf4aa03e37a16cd49255af77f801822310b213f195e2206ead48c59772"
+SRC_URI[tzcode.md5sum] = "195a17454c5db05cab96595380650391"
+SRC_URI[tzcode.sha256sum] = "f6ebd3668e02d5ed223d3b7b1947561bf2d2da2f4bd1db61efefd9e06c167ed4"
+SRC_URI[tzdata.md5sum] = "f6987e6dfdb2eb83a1b5076a50b80894"
+SRC_URI[tzdata.sha256sum] = "79c7806dab09072308da0e3d22c37d3b245015a591891ea147d3b133b60ffc7c"
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20190815.bb
index 8b6ad96dba..d83000b64f 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20190815.bb
@@ -92,7 +92,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.it913x;md5=1fbf727bfb6a949810c4dbfa7e6ce4f8 \
file://LICENCE.iwlwifi_firmware;md5=3fd842911ea93c29cd32679aa23e1c88 \
file://LICENCE.kaweth;md5=b1d876e562f4b3b8d391ad8395dfe03f \
- file://LICENCE.Marvell;md5=9ddea1734a4baf3c78d845151f42a37a \
+ file://LICENCE.Marvell;md5=28b6ed8bd04ba105af6e4dcd6e997772 \
file://LICENCE.mediatek;md5=7c1976b63217d76ce47d0a11d8a79cf2 \
file://LICENCE.moxa;md5=1086614767d8ccf744a923289d3d4261 \
file://LICENCE.myri10ge_firmware;md5=42e32fb89f6b959ca222e25ac8df8fed \
@@ -123,7 +123,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
- file://WHENCE;md5=b6e44adf71bc37e5f26ebfe5a08b5490 \
+ file://WHENCE;md5=37a01e379219d1e06dbccfa90a8fc0ad \
"
# These are not common licenses, set NO_GENERIC_LICENSE for them
@@ -190,9 +190,9 @@ NO_GENERIC_LICENSE[Firmware-xc5000] = "LICENCE.xc5000"
NO_GENERIC_LICENSE[Firmware-xc5000c] = "LICENCE.xc5000c"
NO_GENERIC_LICENSE[WHENCE] = "WHENCE"
-SRCREV = "711d3297bac870af42088a467459a0634c1970ca"
PE = "1"
-PV = "0.0+git${SRCPV}"
+
+SRCREV = "07b925b450bfb4cf3e141c612ec5b104658cd020"
SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git"
@@ -273,6 +273,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
${PN}-bcm4358 \
${PN}-bcm43602 \
${PN}-bcm4366b \
+ ${PN}-bcm4366c \
${PN}-bcm4371 \
${PN}-bcm4373 \
${PN}-bcm43xx \
@@ -571,7 +572,7 @@ FILES_${PN}-bcm43xx-hdr = "${nonarch_base_libdir}/firmware/brcm/bcm43xx_hdr-0.fw
FILES_${PN}-bcm4329-fullmac = "${nonarch_base_libdir}/firmware/brcm/bcm4329-fullmac-4.bin"
FILES_${PN}-bcm43236b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43236b.bin"
FILES_${PN}-bcm4329 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4329-sdio.bin"
-FILES_${PN}-bcm4330 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4330-sdio.bin"
+FILES_${PN}-bcm4330 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4330-sdio.*"
FILES_${PN}-bcm4334 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4334-sdio.bin"
FILES_${PN}-bcm4335 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4335-sdio.bin"
FILES_${PN}-bcm4339 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4339-sdio.bin"
@@ -582,8 +583,8 @@ FILES_${PN}-bcm43242a = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43242a.bin
FILES_${PN}-bcm43143 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43143.bin \
${nonarch_base_libdir}/firmware/brcm/brcmfmac43143-sdio.bin \
"
-FILES_${PN}-bcm43430a0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430a0-sdio.bin"
-FILES_${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.bin"
+FILES_${PN}-bcm43430a0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430a0-sdio.*"
+FILES_${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.*"
FILES_${PN}-bcm4350c2 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350c2-pcie.bin"
FILES_${PN}-bcm4350 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350-pcie.bin"
FILES_${PN}-bcm4356 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-sdio.bin"
@@ -594,6 +595,7 @@ FILES_${PN}-bcm43602 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.
${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.ap.bin \
"
FILES_${PN}-bcm4366b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366b-pcie.bin"
+FILES_${PN}-bcm4366c = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366c-pcie.bin"
FILES_${PN}-bcm4371 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4371-pcie.bin"
# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e "LICENSE_\${PN}-$pkg = \"Firmware-broadcom_bcm43xx\"\nRDEPENDS_\${PN}-$pkg += \"\${PN}-broadcom-license\""; done
@@ -647,6 +649,8 @@ LICENSE_${PN}-bcm43602 = "Firmware-broadcom_bcm43xx"
RDEPENDS_${PN}-bcm43602 += "${PN}-broadcom-license"
LICENSE_${PN}-bcm4366b = "Firmware-broadcom_bcm43xx"
RDEPENDS_${PN}-bcm4366b += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4366c = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4366c += "${PN}-broadcom-license"
LICENSE_${PN}-bcm4371 = "Firmware-broadcom_bcm43xx"
RDEPENDS_${PN}-bcm4371 += "${PN}-broadcom-license"
@@ -656,11 +660,11 @@ LICENSE_${PN}-cypress-license = "Firmware-cypress"
FILES_${PN}-cypress-license = "${nonarch_base_libdir}/firmware/LICENCE.cypress"
FILES_${PN}-bcm-0bb4-0306 = "${nonarch_base_libdir}/firmware/brcm/BCM-0bb4-0306.hcd"
-FILES_${PN}-bcm43340 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.bin"
-FILES_${PN}-bcm43362 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.bin"
-FILES_${PN}-bcm43430 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.bin"
+FILES_${PN}-bcm43340 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.*"
+FILES_${PN}-bcm43362 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.*"
+FILES_${PN}-bcm43430 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.*"
FILES_${PN}-bcm4354 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4354-sdio.bin"
-FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pcie.bin"
+FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pcie.*"
FILES_${PN}-bcm4373 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.bin \
${nonarch_base_libdir}/firmware/brcm/brcmfmac4373.bin \
"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
index da87d476f9..7b89a24223 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "ca2e3322f4c5678eaef6434c808d0842c805d74d"
-SRCREV_meta ?= "20a6158aa35dbf11819382ef1eeb28915afea765"
+SRCREV_machine ?= "d3fb163023de0a5a57a021e58b55976f68142fc0"
+SRCREV_meta ?= "4f5d761316a9cf14605e5d0cc91b53c1b2e9dc6a"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.19.61"
+LINUX_VERSION ?= "4.19.87"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
index cadf1a7402..9cde2c2342 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "4.19.61"
+LINUX_VERSION ?= "4.19.87"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "b5a2efa31290f31384971494031285d394635938"
-SRCREV_machine ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
-SRCREV_meta ?= "20a6158aa35dbf11819382ef1eeb28915afea765"
+SRCREV_machine_qemuarm ?= "6e7574e9a9b41143e0c42fcb31b13802529602f0"
+SRCREV_machine ?= "2ba1fa4d5068982e785527ef8ad1a8b658f0add1"
+SRCREV_meta ?= "4f5d761316a9cf14605e5d0cc91b53c1b2e9dc6a"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.19.bb b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
index 5edb97fed1..aab30a981e 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
@@ -11,22 +11,22 @@ KBRANCH_qemux86 ?= "v4.19/standard/base"
KBRANCH_qemux86-64 ?= "v4.19/standard/base"
KBRANCH_qemumips64 ?= "v4.19/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "ca3cb923f8d7962c6d47a8d29923e52da1818854"
-SRCREV_machine_qemuarm64 ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
-SRCREV_machine_qemumips ?= "f624314048dfac57e47ac91d89ca3dc8395ca47a"
-SRCREV_machine_qemuppc ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
-SRCREV_machine_qemux86 ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
-SRCREV_machine_qemux86-64 ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
-SRCREV_machine_qemumips64 ?= "ca47368b698795cd5cada84dbfcceda1f47da1aa"
-SRCREV_machine ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
-SRCREV_meta ?= "20a6158aa35dbf11819382ef1eeb28915afea765"
+SRCREV_machine_qemuarm ?= "4d9d89763cde098e4a8b879e8c831e35a5f39ae6"
+SRCREV_machine_qemuarm64 ?= "2ba1fa4d5068982e785527ef8ad1a8b658f0add1"
+SRCREV_machine_qemumips ?= "1f0855745653c8cb7d72ea2d03197889cc82a410"
+SRCREV_machine_qemuppc ?= "2ba1fa4d5068982e785527ef8ad1a8b658f0add1"
+SRCREV_machine_qemux86 ?= "2ba1fa4d5068982e785527ef8ad1a8b658f0add1"
+SRCREV_machine_qemux86-64 ?= "2ba1fa4d5068982e785527ef8ad1a8b658f0add1"
+SRCREV_machine_qemumips64 ?= "5ed73d6e6dc7d4ad8184de8eb6641bdb265ae2ea"
+SRCREV_machine ?= "2ba1fa4d5068982e785527ef8ad1a8b658f0add1"
+SRCREV_meta ?= "4f5d761316a9cf14605e5d0cc91b53c1b2e9dc6a"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA} \
"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "4.19.61"
+LINUX_VERSION ?= "4.19.87"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/meta/recipes-support/boost/boost/0001-dont-setup-compiler-flags-m32-m64.patch b/meta/recipes-support/boost/boost/0001-dont-setup-compiler-flags-m32-m64.patch
new file mode 100644
index 0000000000..78b19225d4
--- /dev/null
+++ b/meta/recipes-support/boost/boost/0001-dont-setup-compiler-flags-m32-m64.patch
@@ -0,0 +1,42 @@
+From 59402e3a61d14eb7ce8c2019ea1a87ad4bd28605 Mon Sep 17 00:00:00 2001
+From: Anuj Mittal <anuj.mittal@intel.com>
+Date: Thu, 14 Nov 2019 10:13:53 +0800
+Subject: [PATCH] dont setup compiler flags -m32/-m64
+
+We don't want these to be setup by boost as we pass our own flags.
+
+Upstream-Status: Inappropriate [OE-specific]
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ tools/build/src/tools/gcc.jam | 14 --------------
+ 1 file changed, 14 deletions(-)
+
+diff --git a/tools/build/src/tools/gcc.jam b/tools/build/src/tools/gcc.jam
+index c7e3cf3..24486e0 100644
+--- a/tools/build/src/tools/gcc.jam
++++ b/tools/build/src/tools/gcc.jam
+@@ -430,20 +430,6 @@ local rule compile-link-flags ( * )
+ }
+
+ {
+- # Handle address-model
+- compile-link-flags <target-os>aix/<address-model>32 : -maix32 ;
+- compile-link-flags <target-os>aix/<address-model>64 : -maix64 ;
+-
+- compile-link-flags <target-os>hpux/<address-model>32 : -milp32 ;
+- compile-link-flags <target-os>hpux/<address-model>64 : -mlp64 ;
+-
+- local generic-os = [ set.difference $(all-os) : aix hpux ] ;
+- local arch = power sparc x86 ;
+- compile-link-flags <target-os>$(generic-os)/<architecture>$(arch)/<address-model>32 : -m32 ;
+- compile-link-flags <target-os>$(generic-os)/<architecture>$(arch)/<address-model>64 : -m64 ;
+-}
+-
+-{
+ # Handle threading
+ local rule threading-flags ( * )
+ {
+--
+2.7.4
+
diff --git a/meta/recipes-support/boost/boost_1.69.0.bb b/meta/recipes-support/boost/boost_1.69.0.bb
index 324b46f168..5e9e0d87d7 100644
--- a/meta/recipes-support/boost/boost_1.69.0.bb
+++ b/meta/recipes-support/boost/boost_1.69.0.bb
@@ -6,4 +6,5 @@ SRC_URI += "file://arm-intrinsics.patch \
file://boost-math-disable-pch-for-gcc.patch \
file://0001-Apply-boost-1.62.0-no-forced-flags.patch.patch \
file://0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \
+ file://0001-dont-setup-compiler-flags-m32-m64.patch \
"
diff --git a/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch b/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch
index 4a280f9d5c..83195b5bd4 100644
--- a/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch
+++ b/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch
@@ -1,4 +1,4 @@
-From 0df5800cc2e720aad883a517f7d24a9722fe5845 Mon Sep 17 00:00:00 2001
+From e3adc816d2d56dd929016073937ba24e01e03cb8 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Thu, 20 Dec 2018 17:37:48 -0800
Subject: [PATCH] Woverride-init is not needed with gcc 9
@@ -17,15 +17,18 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dirmngr/dns.h b/dirmngr/dns.h
-index 30d0b45..98fe412 100644
+index 024d6dcc8..c6e141e16 100644
--- a/dirmngr/dns.h
+++ b/dirmngr/dns.h
-@@ -154,7 +154,7 @@ DNS_PUBLIC int *dns_debug_p(void);
+@@ -139,7 +139,7 @@ DNS_PUBLIC int *dns_debug_p(void);
+ #define DNS_PRAGMA_QUIET _Pragma("clang diagnostic ignored \"-Winitializer-overrides\"")
+ #define DNS_PRAGMA_POP _Pragma("clang diagnostic pop")
- #define dns_quietinit(...) \
- DNS_PRAGMA_PUSH DNS_PRAGMA_QUIET __VA_ARGS__ DNS_PRAGMA_POP
-#elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || __GNUC__ > 4
+#elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || (__GNUC__ > 4 && __GNUC__ < 9)
#define DNS_PRAGMA_PUSH _Pragma("GCC diagnostic push")
#define DNS_PRAGMA_QUIET _Pragma("GCC diagnostic ignored \"-Woverride-init\"")
#define DNS_PRAGMA_POP _Pragma("GCC diagnostic pop")
+--
+2.17.1
+
diff --git a/meta/recipes-support/gnupg/gnupg_2.2.13.bb b/meta/recipes-support/gnupg/gnupg_2.2.17.bb
index 3ce2a38c0e..e5456dd9b9 100644
--- a/meta/recipes-support/gnupg/gnupg_2.2.13.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.2.17.bb
@@ -19,9 +19,8 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \
file://relocate.patch"
-
-SRC_URI[md5sum] = "563b959d0c3856e34526e9ca51c80d7b"
-SRC_URI[sha256sum] = "76c787a955f9e6e0ead47c9be700bfb9d454f955a7b7c7e697aa719bac7b11d8"
+SRC_URI[md5sum] = "1ba2d9b70c377f8e967742064c27a19c"
+SRC_URI[sha256sum] = "afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514"
EXTRA_OECONF = "--disable-ldap \
--disable-ccid-driver \
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.64.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.64.2.bb
index b095397ec2..b33a47be6a 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.64.2.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.64.2.bb
@@ -15,6 +15,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
SRC_URI[md5sum] = "cac755dc6c6acd6e0c70007f547548f5"
SRC_URI[sha256sum] = "75ddc194a5b1d6f25033bb9d355f04bfe5c03e0e1c71ed0774104457b3a786c6"
+CVE_PRODUCT = "libsoup"
+
S = "${WORKDIR}/libsoup-${PV}"
inherit meson gettext pkgconfig upstream-version-is-even gobject-introspection gtk-doc
diff --git a/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch b/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch
new file mode 100644
index 0000000000..7c4a65b3cd
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch
@@ -0,0 +1,40 @@
+From fcf06b0b426e6c243d6ca2d6c6a02830717ab6a3 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Tue, 15 Oct 2019 13:22:52 +0800
+Subject: [PATCH] Fix CVE-2019-16168
+
+CVE: CVE-2019-16168
+
+Upstream-Status: Backport [https://www.sqlite.org/src/vpatch?from=4f5b2d938194fab7&to=98357d8c1263920b]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ sqlite3.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 61bfdeb..b3e6ae2 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -105933,7 +105933,9 @@ static void decodeIntArray(
+ if( sqlite3_strglob("unordered*", z)==0 ){
+ pIndex->bUnordered = 1;
+ }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){
+- pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3));
++ int sz = sqlite3Atoi(z+3);
++ if( sz<2 ) sz = 2;
++ pIndex->szIdxRow = sqlite3LogEst(sz);
+ }else if( sqlite3_strglob("noskipscan*", z)==0 ){
+ pIndex->noSkipScan = 1;
+ }
+@@ -143260,6 +143262,7 @@ static int whereLoopAddBtreeIndex(
+ ** it to pNew->rRun, which is currently set to the cost of the index
+ ** seek only. Then, if this is a non-covering index, add the cost of
+ ** visiting the rows in the main table. */
++ assert( pSrc->pTab->szTabRow>0 );
+ rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow;
+ pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx);
+ if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){
+--
+2.17.1
+
diff --git a/meta/recipes-support/sqlite/sqlite3_3.27.2.bb b/meta/recipes-support/sqlite/sqlite3_3.27.2.bb
index 4bdb04f4d1..2888a56ee9 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.27.2.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.27.2.bb
@@ -7,6 +7,7 @@ SRC_URI = "\
http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \
file://CVE-2019-9936.patch \
file://CVE-2019-9937.patch \
+ file://0001-Fix-CVE-2019-16168.patch \
"
SRC_URI[md5sum] = "1f72631ce6e8efa5b4a6e55a43b3bdc0"
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-25 08:58:36 +0000