diff options
Diffstat (limited to 'meta')
157 files changed, 6146 insertions, 1585 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 01b3637469..2a530a0489 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -52,11 +52,14 @@ python do_cve_check () { """ if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")): - patched_cves = get_patches_cves(d) - patched, unpatched = check_cves(d, patched_cves) + try: + patched_cves = get_patches_cves(d) + except FileNotFoundError: + bb.fatal("Failure in searching patches") + whitelisted, patched, unpatched = check_cves(d, patched_cves) if patched or unpatched: cve_data = get_cve_info(d, patched + unpatched) - cve_write_data(d, patched, unpatched, cve_data) + cve_write_data(d, patched, unpatched, whitelisted, cve_data) else: bb.note("No CVE database found, skipping CVE check") @@ -129,6 +132,10 @@ def get_patches_cves(d): for url in src_patches(d): patch_file = bb.fetch.decodeurl(url)[2] + if not os.path.isfile(patch_file): + bb.error("File Not found: %s" % patch_file) + raise FileNotFoundError + # Check patch file name for CVE ID fname_match = cve_file_name_match.search(patch_file) if fname_match: @@ -172,13 +179,13 @@ def check_cves(d, patched_cves): products = d.getVar("CVE_PRODUCT").split() # If this has been unset then we're not scanning for CVEs here (for example, image recipes) if not products: - return ([], []) + return ([], [], []) pv = d.getVar("CVE_VERSION").split("+git")[0] # If the recipe has been whitlisted we return empty lists if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split(): bb.note("Recipe has been whitelisted, skipping check") - return ([], []) + return ([], [], []) old_cve_whitelist = d.getVar("CVE_CHECK_CVE_WHITELIST") if old_cve_whitelist: @@ -214,7 +221,7 @@ def check_cves(d, patched_cves): (_, _, _, version_start, operator_start, version_end, operator_end) = row #bb.debug(2, "Evaluating row " + str(row)) - if (operator_start == '=' and pv == version_start): + if (operator_start == '=' and pv == version_start) or version_start == '-': vulnerable = True else: if operator_start: @@ -256,7 +263,7 @@ def check_cves(d, patched_cves): conn.close() - return (list(patched_cves), cves_unpatched) + return (list(cve_whitelist), list(patched_cves), cves_unpatched) def get_cve_info(d, cves): """ @@ -280,7 +287,7 @@ def get_cve_info(d, cves): conn.close() return cve_data -def cve_write_data(d, patched, unpatched, cve_data): +def cve_write_data(d, patched, unpatched, whitelisted, cve_data): """ Write CVE information in WORKDIR; and to CVE_CHECK_DIR, and CVE manifest if enabled. @@ -296,7 +303,9 @@ def cve_write_data(d, patched, unpatched, cve_data): write_string += "PACKAGE NAME: %s\n" % d.getVar("PN") write_string += "PACKAGE VERSION: %s\n" % d.getVar("PV") write_string += "CVE: %s\n" % cve - if cve in patched: + if cve in whitelisted: + write_string += "CVE STATUS: Whitelisted\n" + elif cve in patched: write_string += "CVE STATUS: Patched\n" else: unpatched_cves.append(cve) diff --git a/meta/classes/kernel-yocto.bbclass b/meta/classes/kernel-yocto.bbclass index ed9bcfa57c..ab05ac91f4 100644 --- a/meta/classes/kernel-yocto.bbclass +++ b/meta/classes/kernel-yocto.bbclass @@ -1,5 +1,5 @@ # remove tasks that modify the source tree in case externalsrc is inherited -SRCTREECOVEREDTASKS += "do_kernel_configme do_validate_branches do_kernel_configcheck do_kernel_checkout do_fetch do_unpack do_patch" +SRCTREECOVEREDTASKS += "do_validate_branches do_kernel_configcheck do_kernel_checkout do_fetch do_unpack do_patch" PATCH_GIT_USER_EMAIL ?= "kernel-yocto@oe" PATCH_GIT_USER_NAME ?= "OpenEmbedded" @@ -301,6 +301,7 @@ do_validate_branches[depends] = "kern-tools-native:do_populate_sysroot" do_kernel_configme[depends] += "virtual/${TARGET_PREFIX}binutils:do_populate_sysroot" do_kernel_configme[depends] += "virtual/${TARGET_PREFIX}gcc:do_populate_sysroot" do_kernel_configme[depends] += "bc-native:do_populate_sysroot bison-native:do_populate_sysroot" +do_kernel_configme[depends] += "kern-tools-native:do_populate_sysroot" do_kernel_configme[dirs] += "${S} ${B}" do_kernel_configme() { set +e diff --git a/meta/classes/kernelsrc.bbclass b/meta/classes/kernelsrc.bbclass index 675d40ec9a..a951ba3325 100644 --- a/meta/classes/kernelsrc.bbclass +++ b/meta/classes/kernelsrc.bbclass @@ -1,7 +1,7 @@ S = "${STAGING_KERNEL_DIR}" deltask do_fetch deltask do_unpack -do_patch[depends] += "virtual/kernel:do_patch" +do_patch[depends] += "virtual/kernel:do_shared_workdir" do_patch[noexec] = "1" do_package[depends] += "virtual/kernel:do_populate_sysroot" KERNEL_VERSION = "${@get_kernelversion_file("${STAGING_KERNEL_BUILDDIR}")}" diff --git a/meta/classes/patch.bbclass b/meta/classes/patch.bbclass index cd241f1c84..25ec089ae1 100644 --- a/meta/classes/patch.bbclass +++ b/meta/classes/patch.bbclass @@ -5,6 +5,13 @@ QUILTRCFILE ?= "${STAGING_ETCDIR_NATIVE}/quiltrc" PATCHDEPENDENCY = "${PATCHTOOL}-native:do_populate_sysroot" +# There is a bug in patch 2.7.3 and earlier where index lines +# in patches can change file modes when they shouldn't: +# http://git.savannah.gnu.org/cgit/patch.git/patch/?id=82b800c9552a088a241457948219d25ce0a407a4 +# This leaks into debug sources in particular. Add the dependency +# to target recipes to avoid this problem until we can rely on 2.7.4 or later. +PATCHDEPENDENCY_append_class-target = " patch-replacement-native:do_populate_sysroot" + PATCH_GIT_USER_NAME ?= "OpenEmbedded" PATCH_GIT_USER_EMAIL ?= "oe.patch@oe" diff --git a/meta/classes/reproducible_build.bbclass b/meta/classes/reproducible_build.bbclass index 39b6e40cac..750eb950f2 100644 --- a/meta/classes/reproducible_build.bbclass +++ b/meta/classes/reproducible_build.bbclass @@ -44,10 +44,12 @@ SDE_DEPLOYDIR = "${WORKDIR}/deploy-source-date-epoch" SSTATETASKS += "do_deploy_source_date_epoch" do_deploy_source_date_epoch () { - echo "Deploying SDE to ${SDE_DIR}." mkdir -p ${SDE_DEPLOYDIR} if [ -e ${SDE_FILE} ]; then + echo "Deploying SDE from ${SDE_FILE} -> ${SDE_DEPLOYDIR}." cp -p ${SDE_FILE} ${SDE_DEPLOYDIR}/__source_date_epoch.txt + else + echo "${SDE_FILE} not found!" fi } @@ -56,7 +58,11 @@ python do_deploy_source_date_epoch_setscene () { bb.utils.mkdirhier(d.getVar('SDE_DIR')) sde_file = os.path.join(d.getVar('SDE_DEPLOYDIR'), '__source_date_epoch.txt') if os.path.exists(sde_file): - os.rename(sde_file, d.getVar('SDE_FILE')) + target = d.getVar('SDE_FILE') + bb.debug(1, "Moving setscene SDE file %s -> %s" % (sde_file, target)) + os.rename(sde_file, target) + else: + bb.debug(1, "%s not found!" % sde_file) } do_deploy_source_date_epoch[dirs] = "${SDE_DEPLOYDIR}" @@ -164,16 +170,32 @@ python do_create_source_date_epoch_stamp() { f.write(str(source_date_epoch)) } +def get_source_date_epoch_value(d): + cached = d.getVar('__CACHED_SOURCE_DATE_EPOCH') + if cached: + return cached + + epochfile = d.getVar('SDE_FILE') + source_date_epoch = 0 + if os.path.isfile(epochfile): + with open(epochfile, 'r') as f: + s = f.read() + try: + source_date_epoch = int(s) + except ValueError: + bb.warn("SOURCE_DATE_EPOCH value '%s' is invalid. Reverting to 0" % s) + source_date_epoch = 0 + bb.debug(1, "SOURCE_DATE_EPOCH: %d" % source_date_epoch) + else: + bb.debug(1, "Cannot find %s. SOURCE_DATE_EPOCH will default to %d" % (epochfile, source_date_epoch)) + + d.setVar('__CACHED_SOURCE_DATE_EPOCH', str(source_date_epoch)) + return str(source_date_epoch) + +export SOURCE_DATE_EPOCH ?= "${@get_source_date_epoch_value(d)}" BB_HASHBASE_WHITELIST += "SOURCE_DATE_EPOCH" python () { if d.getVar('BUILD_REPRODUCIBLE_BINARIES') == '1': d.appendVarFlag("do_unpack", "postfuncs", " do_create_source_date_epoch_stamp") - epochfile = d.getVar('SDE_FILE') - source_date_epoch = "0" - if os.path.isfile(epochfile): - with open(epochfile, 'r') as f: - source_date_epoch = f.read() - bb.debug(1, "SOURCE_DATE_EPOCH: %s" % source_date_epoch) - d.setVar('SOURCE_DATE_EPOCH', source_date_epoch) } diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass index 936fe913b4..5c2f8f9d75 100644 --- a/meta/classes/sanity.bbclass +++ b/meta/classes/sanity.bbclass @@ -625,13 +625,14 @@ def check_sanity_version_change(status, d): # In other words, these tests run once in a given build directory and then # never again until the sanity version or host distrubution id/version changes. - # Check the python install is complete. glib-2.0-natives requries - # xml.parsers.expat + # Check the python install is complete. Examples that are often removed in + # minimal installations: glib-2.0-natives requries # xml.parsers.expat and icu + # requires distutils.sysconfig. try: import xml.parsers.expat - except ImportError: - status.addresult('Your python is not a full install. Please install the module xml.parsers.expat (python-xml on openSUSE and SUSE Linux).\n') - import stat + import distutils.sysconfig + except ImportError as e: + status.addresult('Your Python 3 is not a full install. Please install the module %s (see the Getting Started guide for further information).\n' % e.name) status.addresult(check_make_version(d)) status.addresult(check_patch_version(d)) @@ -667,6 +668,7 @@ def check_sanity_version_change(status, d): status.addresult('Please use ASSUME_PROVIDED +=, not ASSUME_PROVIDED = in your local.conf\n') # Check that TMPDIR isn't on a filesystem with limited filename length (eg. eCryptFS) + import stat tmpdir = d.getVar('TMPDIR') status.addresult(check_create_long_filename(tmpdir, "TMPDIR")) tmpdirmode = os.stat(tmpdir).st_mode diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index ab0c6c5541..7494873190 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -82,6 +82,7 @@ RECIPE_MAINTAINER_pn-build-appliance-image = "Richard Purdie <richard.purdie@lin RECIPE_MAINTAINER_pn-build-compare = "Paul Eggleton <paul.eggleton@linux.intel.com>" RECIPE_MAINTAINER_pn-build-sysroots = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-builder = "Richard Purdie <richard.purdie@linuxfoundation.org>" +RECIPE_MAINTAINER_pn-buildtools-extended-tarball = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-buildtools-tarball = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-busybox = "Andrej Valek <andrej.valek@siemens.com>" RECIPE_MAINTAINER_pn-busybox-inittab = "Denys Dmytriyenko <denys@ti.com>" diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index aaf04e9e59..568d03693c 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -57,6 +57,8 @@ SECURITY_STRINGFORMAT_pn-gcc = "" TARGET_CC_ARCH_append_class-target = " ${SECURITY_CFLAGS}" TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}" +TARGET_CC_ARCH_append_class-cross-canadian = " ${SECURITY_CFLAGS}" +TARGET_LDFLAGS_append_class-cross-canadian = " ${SECURITY_LDFLAGS}" SECURITY_STACK_PROTECTOR_pn-gcc-runtime = "" SECURITY_STACK_PROTECTOR_pn-glibc = "" diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc index ad75d3e2a3..889695eae3 100644 --- a/meta/conf/distro/include/yocto-uninative.inc +++ b/meta/conf/distro/include/yocto-uninative.inc @@ -6,9 +6,9 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.30" +UNINATIVE_MAXGLIBCVERSION = "2.31" -UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.7/" -UNINATIVE_CHECKSUM[aarch64] ?= "e76a45886ee8a0b3904b761c17ac8ff91edf9811ee455f1832d10763ba794dfc" -UNINATIVE_CHECKSUM[i686] ?= "810d027dfb1c7675226afbcec07808770516c969ee7378f6d8240281083f8924" -UNINATIVE_CHECKSUM[x86_64] ?= "9498d8bba047499999a7310ac2576d0796461184965351a56f6d32c888a1f216" +UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.8/" +UNINATIVE_CHECKSUM[aarch64] ?= "989187344bf9539b464fb7ed9c223e51f4bdb4c7a677d2c314e6fed393176efe" +UNINATIVE_CHECKSUM[i686] ?= "cc3e45bc8594488b407363e3fa9af5a099279dab2703c64342098719bd674990" +UNINATIVE_CHECKSUM[x86_64] ?= "a09922172c3a439105e0ae6b943daad2d83505b17da0aba97961ff433b8c21ab" diff --git a/meta/files/toolchain-shar-extract.sh b/meta/files/toolchain-shar-extract.sh index ccc4f4e1ac..4c4b4deb4c 100644 --- a/meta/files/toolchain-shar-extract.sh +++ b/meta/files/toolchain-shar-extract.sh @@ -249,7 +249,7 @@ if [ @SDK_ARCHIVE_TYPE@ = "zip" ]; then rm sdk.zip && exit 1 fi else - tail -n +$payload_offset $0| $SUDO_EXEC tar xJ -C $target_sdk_dir --checkpoint=.2500 $EXTRA_TAR_OPTIONS || exit 1 + tail -n +$payload_offset $0| $SUDO_EXEC tar mxJ -C $target_sdk_dir --checkpoint=.2500 $EXTRA_TAR_OPTIONS || exit 1 fi echo "done" diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py index 7c373715ad..e0b15dc9b4 100644 --- a/meta/lib/oe/package_manager.py +++ b/meta/lib/oe/package_manager.py @@ -40,8 +40,9 @@ def opkg_query(cmd_output): ver = "" filename = "" dep = [] + prov = [] pkgarch = "" - for line in cmd_output.splitlines(): + for line in cmd_output.splitlines()+['']: line = line.rstrip() if ':' in line: if line.startswith("Package: "): @@ -64,6 +65,10 @@ def opkg_query(cmd_output): dep.append("%s [REC]" % recommend) elif line.startswith("PackageArch: "): pkgarch = line.split(": ")[1] + elif line.startswith("Provides: "): + provides = verregex.sub('', line.split(": ")[1]) + for provide in provides.split(", "): + prov.append(provide) # When there is a blank line save the package information elif not line: @@ -72,20 +77,15 @@ def opkg_query(cmd_output): filename = "%s_%s_%s.ipk" % (pkg, ver, arch) if pkg: output[pkg] = {"arch":arch, "ver":ver, - "filename":filename, "deps": dep, "pkgarch":pkgarch } + "filename":filename, "deps": dep, "pkgarch":pkgarch, "provs": prov} pkg = "" arch = "" ver = "" filename = "" dep = [] + prov = [] pkgarch = "" - if pkg: - if not filename: - filename = "%s_%s_%s.ipk" % (pkg, ver, arch) - output[pkg] = {"arch":arch, "ver":ver, - "filename":filename, "deps": dep } - return output def failed_postinsts_abort(pkgs, log_path): @@ -360,7 +360,7 @@ class DpkgPkgsList(PkgsList): "--admindir=%s/var/lib/dpkg" % self.rootfs_dir, "-W"] - cmd.append("-f=Package: ${Package}\nArchitecture: ${PackageArch}\nVersion: ${Version}\nFile: ${Package}_${Version}_${Architecture}.deb\nDepends: ${Depends}\nRecommends: ${Recommends}\n\n") + cmd.append("-f=Package: ${Package}\nArchitecture: ${PackageArch}\nVersion: ${Version}\nFile: ${Package}_${Version}_${Architecture}.deb\nDepends: ${Depends}\nRecommends: ${Recommends}\nProvides: ${Provides}\n\n") try: cmd_output = subprocess.check_output(cmd, stderr=subprocess.STDOUT).strip().decode("utf-8") @@ -578,6 +578,11 @@ class PackageManager(object, metaclass=ABCMeta): # oe-pkgdata-util reads it from a file with tempfile.NamedTemporaryFile(mode="w+", prefix="installed-pkgs") as installed_pkgs: pkgs = self.list_installed() + + provided_pkgs = set() + for pkg in pkgs.values(): + provided_pkgs |= set(pkg.get('provs', [])) + output = oe.utils.format_pkg_list(pkgs, "arch") installed_pkgs.write(output) installed_pkgs.flush() @@ -589,10 +594,15 @@ class PackageManager(object, metaclass=ABCMeta): if exclude: cmd.extend(['--exclude=' + '|'.join(exclude.split())]) try: - bb.note("Installing complementary packages ...") bb.note('Running %s' % cmd) complementary_pkgs = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8") - self.install(complementary_pkgs.split(), attempt_only=True) + complementary_pkgs = set(complementary_pkgs.split()) + skip_pkgs = sorted(complementary_pkgs & provided_pkgs) + install_pkgs = sorted(complementary_pkgs - provided_pkgs) + bb.note("Installing complementary packages ... %s (skipped already provided packages %s)" % ( + ' '.join(install_pkgs), + ' '.join(skip_pkgs))) + self.install(install_pkgs, attempt_only=True) except subprocess.CalledProcessError as e: bb.fatal("Could not compute complementary packages list. Command " "'%s' returned %d:\n%s" % @@ -1619,7 +1629,7 @@ class DpkgPM(OpkgDpkgPM): os.environ['APT_CONFIG'] = self.apt_conf_file - cmd = "%s %s install --force-yes --allow-unauthenticated %s" % \ + cmd = "%s %s install --force-yes --allow-unauthenticated --no-remove %s" % \ (self.apt_get_cmd, self.apt_args, ' '.join(pkgs)) try: @@ -1781,8 +1791,7 @@ class DpkgPM(OpkgDpkgPM): open(os.path.join(target_dpkg_dir, "available"), "w+").close() def remove_packaging_data(self): - bb.utils.remove(os.path.join(self.target_rootfs, - self.d.getVar('opkglibdir')), True) + bb.utils.remove(self.target_rootfs + self.d.getVar('opkglibdir'), True) bb.utils.remove(self.target_rootfs + "/var/lib/dpkg/", True) def fix_broken_dependencies(self): diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py index 24a221eb1a..b2316b12b8 100644 --- a/meta/lib/oe/sstatesig.py +++ b/meta/lib/oe/sstatesig.py @@ -521,8 +521,12 @@ def OEOuthashBasic(path, sigfile, task, d): add_perm(stat.S_IXOTH, 'x') if include_owners: - update_hash(" %10s" % pwd.getpwuid(s.st_uid).pw_name) - update_hash(" %10s" % grp.getgrgid(s.st_gid).gr_name) + try: + update_hash(" %10s" % pwd.getpwuid(s.st_uid).pw_name) + update_hash(" %10s" % grp.getgrgid(s.st_gid).gr_name) + except KeyError: + bb.warn("KeyError in %s" % path) + raise update_hash(" ") if stat.S_ISBLK(s.st_mode) or stat.S_ISCHR(s.st_mode): diff --git a/meta/lib/oeqa/selftest/cases/reproducible.py b/meta/lib/oeqa/selftest/cases/reproducible.py index a9110565a9..1b0b5bae70 100644 --- a/meta/lib/oeqa/selftest/cases/reproducible.py +++ b/meta/lib/oeqa/selftest/cases/reproducible.py @@ -174,6 +174,8 @@ class ReproducibleTests(OESelftestTestCase): # NOTE: The temp directories from the reproducible build are purposely # kept after the build so it can be diffed for debugging. + fails = [] + for c in self.package_classes: with self.subTest(package_class=c): package_class = 'package_' + c @@ -197,6 +199,9 @@ class ReproducibleTests(OESelftestTestCase): self.copy_file(d.test, '/'.join([save_dir, d.test])) if result.missing or result.different: - self.fail("The following %s packages are missing or different: %s" % - (c, ' '.join(r.test for r in (result.missing + result.different)))) + fails.append("The following %s packages are missing or different: %s" % + (c, '\n'.join(r.test for r in (result.missing + result.different)))) + + if fails: + self.fail('\n'.join(fails)) diff --git a/meta/lib/oeqa/utils/qemurunner.py b/meta/lib/oeqa/utils/qemurunner.py index fe8b77d97a..0d63e44ea7 100644 --- a/meta/lib/oeqa/utils/qemurunner.py +++ b/meta/lib/oeqa/utils/qemurunner.py @@ -396,7 +396,10 @@ class QemuRunner: self.qemupid = None self.ip = None if os.path.exists(self.qemu_pidfile): - os.remove(self.qemu_pidfile) + try: + os.remove(self.qemu_pidfile) + except FileNotFoundError as e: + self.logger.warning('qemu pidfile is no longer present') if self.monitorpipe: self.monitorpipe.close() diff --git a/meta/recipes-bsp/u-boot/u-boot-tools.inc b/meta/recipes-bsp/u-boot/u-boot-tools.inc new file mode 100644 index 0000000000..35894e1a8f --- /dev/null +++ b/meta/recipes-bsp/u-boot/u-boot-tools.inc @@ -0,0 +1,65 @@ +SUMMARY = "U-Boot bootloader tools" +DEPENDS += "openssl" + +PROVIDES = "${MLPREFIX}u-boot-mkimage ${MLPREFIX}u-boot-mkenvimage" +PROVIDES_class-native = "u-boot-mkimage-native u-boot-mkenvimage-native" + +PACKAGES += "${PN}-mkimage ${PN}-mkenvimage" + +# Required for backward compatibility with "u-boot-mkimage-xxx.bb" +RPROVIDES_${PN}-mkimage = "u-boot-mkimage" +RREPLACES_${PN}-mkimage = "u-boot-mkimage" +RCONFLICTS_${PN}-mkimage = "u-boot-mkimage" + +EXTRA_OEMAKE_class-target = 'CROSS_COMPILE="${TARGET_PREFIX}" CC="${CC} ${CFLAGS} ${LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1' +EXTRA_OEMAKE_class-native = 'CC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1' +EXTRA_OEMAKE_class-nativesdk = 'CROSS_COMPILE="${HOST_PREFIX}" CC="${CC} ${CFLAGS} ${LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1' + +SED_CONFIG_EFI = '-e "s/CONFIG_EFI_LOADER=.*/# CONFIG_EFI_LOADER is not set/"' +SED_CONFIG_EFI_x86 = '' +SED_CONFIG_EFI_x86-64 = '' +SED_CONFIG_EFI_arm = '' +SED_CONFIG_EFI_armeb = '' +SED_CONFIG_EFI_aarch64 = '' + +do_compile () { + oe_runmake sandbox_defconfig + + # Disable CONFIG_CMD_LICENSE, license.h is not used by tools and + # generating it requires bin2header tool, which for target build + # is built with target tools and thus cannot be executed on host. + sed -i -e "s/CONFIG_CMD_LICENSE=.*/# CONFIG_CMD_LICENSE is not set/" ${SED_CONFIG_EFI} .config + + oe_runmake cross_tools NO_SDL=1 +} + +do_install () { + install -d ${D}${bindir} + + # mkimage + install -m 0755 tools/mkimage ${D}${bindir}/uboot-mkimage + ln -sf uboot-mkimage ${D}${bindir}/mkimage + + # mkenvimage + install -m 0755 tools/mkenvimage ${D}${bindir}/uboot-mkenvimage + ln -sf uboot-mkenvimage ${D}${bindir}/mkenvimage + + # dumpimage + install -m 0755 tools/dumpimage ${D}${bindir}/uboot-dumpimage + ln -sf uboot-dumpimage ${D}${bindir}/dumpimage + + # fit_check_sign + install -m 0755 tools/fit_check_sign ${D}${bindir}/uboot-fit_check_sign + ln -sf uboot-fit_check_sign ${D}${bindir}/fit_check_sign +} + +ALLOW_EMPTY_${PN} = "1" +FILES_${PN} = "" +FILES_${PN}-mkimage = "${bindir}/uboot-mkimage ${bindir}/mkimage ${bindir}/uboot-dumpimage ${bindir}/dumpimage ${bindir}/uboot-fit_check_sign ${bindir}/fit_check_sign" +FILES_${PN}-mkenvimage = "${bindir}/uboot-mkenvimage ${bindir}/mkenvimage" + +RDEPENDS_${PN}-mkimage += "dtc" +RDEPENDS_${PN} += "${PN}-mkimage ${PN}-mkenvimage" +RDEPENDS_${PN}_class-native = "" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-bsp/u-boot/u-boot-tools_2019.07.bb b/meta/recipes-bsp/u-boot/u-boot-tools_2019.07.bb index bede984ef7..7eaf721ca8 100644 --- a/meta/recipes-bsp/u-boot/u-boot-tools_2019.07.bb +++ b/meta/recipes-bsp/u-boot/u-boot-tools_2019.07.bb @@ -1,67 +1,2 @@ require u-boot-common.inc - -SUMMARY = "U-Boot bootloader tools" -DEPENDS += "openssl" - -PROVIDES = "${MLPREFIX}u-boot-mkimage ${MLPREFIX}u-boot-mkenvimage" -PROVIDES_class-native = "u-boot-mkimage-native u-boot-mkenvimage-native" - -PACKAGES += "${PN}-mkimage ${PN}-mkenvimage" - -# Required for backward compatibility with "u-boot-mkimage-xxx.bb" -RPROVIDES_${PN}-mkimage = "u-boot-mkimage" -RREPLACES_${PN}-mkimage = "u-boot-mkimage" -RCONFLICTS_${PN}-mkimage = "u-boot-mkimage" - -EXTRA_OEMAKE_class-target = 'CROSS_COMPILE="${TARGET_PREFIX}" CC="${CC} ${CFLAGS} ${LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1' -EXTRA_OEMAKE_class-native = 'CC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1' -EXTRA_OEMAKE_class-nativesdk = 'CROSS_COMPILE="${HOST_PREFIX}" CC="${CC} ${CFLAGS} ${LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1' - -SED_CONFIG_EFI = '-e "s/CONFIG_EFI_LOADER=.*/# CONFIG_EFI_LOADER is not set/"' -SED_CONFIG_EFI_x86 = '' -SED_CONFIG_EFI_x86-64 = '' -SED_CONFIG_EFI_arm = '' -SED_CONFIG_EFI_armeb = '' -SED_CONFIG_EFI_aarch64 = '' - -do_compile () { - oe_runmake sandbox_defconfig - - # Disable CONFIG_CMD_LICENSE, license.h is not used by tools and - # generating it requires bin2header tool, which for target build - # is built with target tools and thus cannot be executed on host. - sed -i -e "s/CONFIG_CMD_LICENSE=.*/# CONFIG_CMD_LICENSE is not set/" ${SED_CONFIG_EFI} .config - - oe_runmake cross_tools NO_SDL=1 -} - -do_install () { - install -d ${D}${bindir} - - # mkimage - install -m 0755 tools/mkimage ${D}${bindir}/uboot-mkimage - ln -sf uboot-mkimage ${D}${bindir}/mkimage - - # mkenvimage - install -m 0755 tools/mkenvimage ${D}${bindir}/uboot-mkenvimage - ln -sf uboot-mkenvimage ${D}${bindir}/mkenvimage - - # dumpimage - install -m 0755 tools/dumpimage ${D}${bindir}/uboot-dumpimage - ln -sf uboot-dumpimage ${D}${bindir}/dumpimage - - # fit_check_sign - install -m 0755 tools/fit_check_sign ${D}${bindir}/uboot-fit_check_sign - ln -sf uboot-fit_check_sign ${D}${bindir}/fit_check_sign -} - -ALLOW_EMPTY_${PN} = "1" -FILES_${PN} = "" -FILES_${PN}-mkimage = "${bindir}/uboot-mkimage ${bindir}/mkimage ${bindir}/uboot-dumpimage ${bindir}/dumpimage ${bindir}/uboot-fit_check_sign ${bindir}/fit_check_sign" -FILES_${PN}-mkenvimage = "${bindir}/uboot-mkenvimage ${bindir}/mkenvimage" - -RDEPENDS_${PN}-mkimage += "dtc" -RDEPENDS_${PN} += "${PN}-mkimage ${PN}-mkenvimage" -RDEPENDS_${PN}_class-native = "" - -BBCLASSEXTEND = "native nativesdk" +require u-boot-tools.inc diff --git a/meta/recipes-bsp/u-boot/u-boot.inc b/meta/recipes-bsp/u-boot/u-boot.inc index 9a754fd09b..d241347bf7 100644 --- a/meta/recipes-bsp/u-boot/u-boot.inc +++ b/meta/recipes-bsp/u-boot/u-boot.inc @@ -87,6 +87,8 @@ do_configure () { fi merge_config.sh -m .config ${@" ".join(find_cfgs(d))} cml1_do_configure + else + DEVTOOL_DISABLE_MENUCONFIG=true fi } diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc index f582a07e22..75fc2dbf4c 100644 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/meta/recipes-connectivity/bluez5/bluez5.inc @@ -58,6 +58,8 @@ SRC_URI = "\ file://CVE-2018-10910.patch \ file://gcc9-fixes.patch \ file://0001-tools-Fix-build-after-y2038-changes-in-glibc.patch \ + file://CVE-2020-0556-1.patch \ + file://CVE-2020-0556-2.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch new file mode 100644 index 0000000000..a6bf31e14b --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch @@ -0,0 +1,35 @@ +From 8cdbd3b09f29da29374e2f83369df24228da0ad1 Mon Sep 17 00:00:00 2001 +From: Alain Michaud <alainm@chromium.org> +Date: Tue, 10 Mar 2020 02:35:16 +0000 +Subject: [PATCH 1/2] HOGP must only accept data from bonded devices. + +HOGP 1.0 Section 6.1 establishes that the HOGP must require bonding. + +Reference: +https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.htm + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +CVE: CVE-2020-0556 +--- + profiles/input/hog.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/profiles/input/hog.c b/profiles/input/hog.c +index 83c017dcb..dfac68921 100644 +--- a/profiles/input/hog.c ++++ b/profiles/input/hog.c +@@ -186,6 +186,10 @@ static int hog_accept(struct btd_service *service) + return -EINVAL; + } + ++ /* HOGP 1.0 Section 6.1 requires bonding */ ++ if (!device_is_bonded(device, btd_device_get_bdaddr_type(device))) ++ return -ECONNREFUSED; ++ + /* TODO: Replace GAttrib with bt_gatt_client */ + bt_hog_attach(dev->hog, attrib); + +-- +2.24.1 + diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch new file mode 100644 index 0000000000..8acb2f15ec --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch @@ -0,0 +1,143 @@ +From 3cccdbab2324086588df4ccf5f892fb3ce1f1787 Mon Sep 17 00:00:00 2001 +From: Alain Michaud <alainm@chromium.org> +Date: Tue, 10 Mar 2020 02:35:18 +0000 +Subject: [PATCH 2/2] HID accepts bonded device connections only. + +This change adds a configuration for platforms to choose a more secure +posture for the HID profile. While some older mice are known to not +support pairing or encryption, some platform may choose a more secure +posture by requiring the device to be bonded and require the +connection to be encrypted when bonding is required. + +Reference: +https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +CVE: CVE-2020-0556 + +--- + profiles/input/device.c | 23 ++++++++++++++++++++++- + profiles/input/device.h | 1 + + profiles/input/input.conf | 8 ++++++++ + profiles/input/manager.c | 13 ++++++++++++- + 4 files changed, 43 insertions(+), 2 deletions(-) + +diff --git a/profiles/input/device.c b/profiles/input/device.c +index 2cb3811c8..d89da2d7c 100644 +--- a/profiles/input/device.c ++++ b/profiles/input/device.c +@@ -92,6 +92,7 @@ struct input_device { + + static int idle_timeout = 0; + static bool uhid_enabled = false; ++static bool classic_bonded_only = false; + + void input_set_idle_timeout(int timeout) + { +@@ -103,6 +104,11 @@ void input_enable_userspace_hid(bool state) + uhid_enabled = state; + } + ++void input_set_classic_bonded_only(bool state) ++{ ++ classic_bonded_only = state; ++} ++ + static void input_device_enter_reconnect_mode(struct input_device *idev); + static int connection_disconnect(struct input_device *idev, uint32_t flags); + +@@ -970,8 +976,18 @@ static int hidp_add_connection(struct input_device *idev) + if (device_name_known(idev->device)) + device_get_name(idev->device, req->name, sizeof(req->name)); + ++ /* Make sure the device is bonded if required */ ++ if (classic_bonded_only && !device_is_bonded(idev->device, ++ btd_device_get_bdaddr_type(idev->device))) { ++ error("Rejected connection from !bonded device %s", dst_addr); ++ goto cleanup; ++ } ++ + /* Encryption is mandatory for keyboards */ +- if (req->subclass & 0x40) { ++ /* Some platforms may choose to require encryption for all devices */ ++ /* Note that this only matters for pre 2.1 devices as otherwise the */ ++ /* device is encrypted by default by the lower layers */ ++ if (classic_bonded_only || req->subclass & 0x40) { + if (!bt_io_set(idev->intr_io, &gerr, + BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM, + BT_IO_OPT_INVALID)) { +@@ -1203,6 +1219,11 @@ static void input_device_enter_reconnect_mode(struct input_device *idev) + DBG("path=%s reconnect_mode=%s", idev->path, + reconnect_mode_to_string(idev->reconnect_mode)); + ++ /* Make sure the device is bonded if required */ ++ if (classic_bonded_only && !device_is_bonded(idev->device, ++ btd_device_get_bdaddr_type(idev->device))) ++ return; ++ + /* Only attempt an auto-reconnect when the device is required to + * accept reconnections from the host. + */ +diff --git a/profiles/input/device.h b/profiles/input/device.h +index 51a9aee18..3044db673 100644 +--- a/profiles/input/device.h ++++ b/profiles/input/device.h +@@ -29,6 +29,7 @@ struct input_conn; + + void input_set_idle_timeout(int timeout); + void input_enable_userspace_hid(bool state); ++void input_set_classic_bonded_only(bool state); + + int input_device_register(struct btd_service *service); + void input_device_unregister(struct btd_service *service); +diff --git a/profiles/input/input.conf b/profiles/input/input.conf +index 3e1d65aae..166aff4a4 100644 +--- a/profiles/input/input.conf ++++ b/profiles/input/input.conf +@@ -11,3 +11,11 @@ + # Enable HID protocol handling in userspace input profile + # Defaults to false (HIDP handled in HIDP kernel module) + #UserspaceHID=true ++ ++# Limit HID connections to bonded devices ++# The HID Profile does not specify that devices must be bonded, however some ++# platforms may want to make sure that input connections only come from bonded ++# device connections. Several older mice have been known for not supporting ++# pairing/encryption. ++# Defaults to false to maximize device compatibility. ++#ClassicBondedOnly=true +diff --git a/profiles/input/manager.c b/profiles/input/manager.c +index 1d31b0652..5cd27b839 100644 +--- a/profiles/input/manager.c ++++ b/profiles/input/manager.c +@@ -96,7 +96,7 @@ static int input_init(void) + config = load_config_file(CONFIGDIR "/input.conf"); + if (config) { + int idle_timeout; +- gboolean uhid_enabled; ++ gboolean uhid_enabled, classic_bonded_only; + + idle_timeout = g_key_file_get_integer(config, "General", + "IdleTimeout", &err); +@@ -114,6 +114,17 @@ static int input_init(void) + input_enable_userspace_hid(uhid_enabled); + } else + g_clear_error(&err); ++ ++ classic_bonded_only = g_key_file_get_boolean(config, "General", ++ "ClassicBondedOnly", &err); ++ ++ if (!err) { ++ DBG("input.conf: ClassicBondedOnly=%s", ++ classic_bonded_only ? "true" : "false"); ++ input_set_classic_bonded_only(classic_bonded_only); ++ } else ++ g_clear_error(&err); ++ + } + + btd_profile_register(&input_profile); +-- +2.24.1 + diff --git a/meta/recipes-connectivity/dhcp/dhcp/0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch b/meta/recipes-connectivity/dhcp/dhcp/0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch new file mode 100644 index 0000000000..34b2ae1e5c --- /dev/null +++ b/meta/recipes-connectivity/dhcp/dhcp/0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch @@ -0,0 +1,165 @@ +From f369dbb9e67eb5ef336944af63039b6d8f838384 Mon Sep 17 00:00:00 2001 +From: Thomas Markwalder <tmark@isc.org> +Date: Thu, 12 Sep 2019 10:35:46 -0400 +Subject: [PATCH 1/3] Ensure context is running prior to calling + isc_app_ctxsuspend + +Add a release note. + +includes/omapip/isclib.h + Added actx_running flag to global context, dhcp_gbl_ctx + +omapip/isclib.c + set_ctx_running() - new function used as the ctxonrun callback + + dhcp_context_create() - installs set_ctx_running callback + + dhcp_signal_handler() - modified to use act_running flag to + determine is context is running and should be suspended + +Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/dhcp.git] + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + RELNOTES | 7 +++++ + includes/omapip/isclib.h | 3 ++- + omapip/isclib.c | 57 +++++++++++++++++++++++++++++++++------- + 3 files changed, 57 insertions(+), 10 deletions(-) + +diff --git a/RELNOTES b/RELNOTES +index f10305d..1730473 100644 +--- a/RELNOTES ++++ b/RELNOTES +@@ -6,6 +6,13 @@ + + NEW FEATURES + ++- Closed a small window of time between the installation of graceful ++ shutdown signal handlers and application context startup, during which ++ the receipt of shutdown signal would cause a REQUIRE() assertion to ++ occur. Note this issue is only visible when compiling with ++ ENABLE_GENTLE_SHUTDOWN defined. ++ [Gitlab #53,!18 git TBD] ++ + Please note that that ISC DHCP is now licensed under the Mozilla Public License, + MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0 + license terms. +diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h +index 6c20584..af6a6fc 100644 +--- a/includes/omapip/isclib.h ++++ b/includes/omapip/isclib.h +@@ -94,7 +94,8 @@ + typedef struct dhcp_context { + isc_mem_t *mctx; + isc_appctx_t *actx; +- int actx_started; ++ int actx_started; // ISC_TRUE if ctxstart has been called ++ int actx_running; // ISC_TRUE if ctxrun has been called + isc_taskmgr_t *taskmgr; + isc_task_t *task; + isc_socketmgr_t *socketmgr; +diff --git a/omapip/isclib.c b/omapip/isclib.c +index ce4b4a1..73e017c 100644 +--- a/omapip/isclib.c ++++ b/omapip/isclib.c +@@ -134,6 +134,35 @@ handle_signal(int sig, void (*handler)(int)) { + } + } + ++/* Callback passed to isc_app_ctxonrun ++ * ++ * BIND9 context code will invoke this handler once the context has ++ * entered the running state. We use it to set a global marker so that ++ * we can tell if the context is running. Several of the isc_app_ ++ * calls REQUIRE that the context is running and we need a way to ++ * know that. ++ * ++ * We also check to see if we received a shutdown signal prior to ++ * the context entering the run state. If we did, then we can just ++ * simply shut the context down now. This closes the relatively ++ * small window between start up and entering run via the call ++ * to dispatch(). ++ * ++ */ ++static void ++set_ctx_running(isc_task_t *task, isc_event_t *event) { ++ task = task; // unused; ++ dhcp_gbl_ctx.actx_running = ISC_TRUE; ++ ++ if (shutdown_signal) { ++ // We got signaled shutdown before we entered running state. ++ // Now that we've reached running state, shut'er down. ++ isc_app_ctxsuspend(dhcp_gbl_ctx.actx); ++ } ++ ++ isc_event_free(&event); ++} ++ + isc_result_t + dhcp_context_create(int flags, + struct in_addr *local4, +@@ -141,6 +170,9 @@ dhcp_context_create(int flags, + isc_result_t result; + + if ((flags & DHCP_CONTEXT_PRE_DB) != 0) { ++ dhcp_gbl_ctx.actx_started = ISC_FALSE; ++ dhcp_gbl_ctx.actx_running = ISC_FALSE; ++ + /* + * Set up the error messages, this isn't the right place + * for this call but it is convienent for now. +@@ -204,15 +236,24 @@ dhcp_context_create(int flags, + if (result != ISC_R_SUCCESS) + goto cleanup; + +- result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, &dhcp_gbl_ctx.task); ++ result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, ++ &dhcp_gbl_ctx.task); + if (result != ISC_R_SUCCESS) + goto cleanup; + + result = isc_app_ctxstart(dhcp_gbl_ctx.actx); + if (result != ISC_R_SUCCESS) +- return (result); ++ goto cleanup; ++ + dhcp_gbl_ctx.actx_started = ISC_TRUE; + ++ // Install the onrun callback. ++ result = isc_app_ctxonrun(dhcp_gbl_ctx.actx, dhcp_gbl_ctx.mctx, ++ dhcp_gbl_ctx.task, set_ctx_running, ++ dhcp_gbl_ctx.actx); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ + /* Not all OSs support suppressing SIGPIPE through socket + * options, so set the sigal action to be ignore. This allows + * broken connections to fail gracefully with EPIPE on writes */ +@@ -335,19 +376,17 @@ isclib_make_dst_key(char *inname, + * @param signal signal code that we received + */ + void dhcp_signal_handler(int signal) { +- isc_appctx_t *ctx = dhcp_gbl_ctx.actx; +- int prev = shutdown_signal; +- +- if (prev != 0) { ++ if (shutdown_signal != 0) { + /* Already in shutdown. */ + return; + } ++ + /* Possible race but does it matter? */ + shutdown_signal = signal; + +- /* Use reload (aka suspend) for easier dispatch() reenter. */ +- if (ctx && ctx->methods && ctx->methods->ctxsuspend) { +- (void) isc_app_ctxsuspend(ctx); ++ /* If the application context is running tell it to shut down */ ++ if (dhcp_gbl_ctx.actx_running == ISC_TRUE) { ++ (void) isc_app_ctxsuspend(dhcp_gbl_ctx.actx); + } + } + +-- +2.23.0 + diff --git a/meta/recipes-connectivity/dhcp/dhcp/0002-Added-shutdown-log-statment-to-dhcrelay.patch b/meta/recipes-connectivity/dhcp/dhcp/0002-Added-shutdown-log-statment-to-dhcrelay.patch new file mode 100644 index 0000000000..78b2b74f45 --- /dev/null +++ b/meta/recipes-connectivity/dhcp/dhcp/0002-Added-shutdown-log-statment-to-dhcrelay.patch @@ -0,0 +1,29 @@ +From adcd34ae1f56b16d7e9696d980332b4cf6c7ce91 Mon Sep 17 00:00:00 2001 +From: Thomas Markwalder <tmark@isc.org> +Date: Fri, 13 Sep 2019 15:03:31 -0400 +Subject: [PATCH 2/3] Added shutdown log statment to dhcrelay + +Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/dhcp.git] + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + relay/dhcrelay.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c +index d8caaaf..4bd1d47 100644 +--- a/relay/dhcrelay.c ++++ b/relay/dhcrelay.c +@@ -2076,6 +2076,9 @@ dhcp_set_control_state(control_object_state_t oldstate, + if (newstate != server_shutdown) + return ISC_R_SUCCESS; + ++ /* Log shutdown on signal. */ ++ log_info("Received signal %d, initiating shutdown.", shutdown_signal); ++ + if (no_pid_file == ISC_FALSE) + (void) unlink(path_dhcrelay_pid); + +-- +2.23.0 + diff --git a/meta/recipes-connectivity/dhcp/dhcp/0003-Addressed-review-comment.patch b/meta/recipes-connectivity/dhcp/dhcp/0003-Addressed-review-comment.patch new file mode 100644 index 0000000000..a51b6cf526 --- /dev/null +++ b/meta/recipes-connectivity/dhcp/dhcp/0003-Addressed-review-comment.patch @@ -0,0 +1,31 @@ +From e4b54b4d676783152d487103714cba2913661ef8 Mon Sep 17 00:00:00 2001 +From: Thomas Markwalder <tmark@isc.org> +Date: Wed, 6 Nov 2019 15:53:50 -0500 +Subject: [PATCH 3/3] Addressed review comment. + +omapip/isclib.c + Added use of IGNORE_UNUSED() + +Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/dhcp.git] + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + omapip/isclib.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/omapip/isclib.c b/omapip/isclib.c +index 73e017c..1d52463 100644 +--- a/omapip/isclib.c ++++ b/omapip/isclib.c +@@ -151,7 +151,7 @@ handle_signal(int sig, void (*handler)(int)) { + */ + static void + set_ctx_running(isc_task_t *task, isc_event_t *event) { +- task = task; // unused; ++ IGNORE_UNUSED(task); + dhcp_gbl_ctx.actx_running = ISC_TRUE; + + if (shutdown_signal) { +-- +2.23.0 + diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb b/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb index 275961a603..ddc8b60254 100644 --- a/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb +++ b/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb @@ -11,6 +11,9 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat file://0013-fixup_use_libbind.patch \ file://0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch \ file://0001-Fix-a-NSUPDATE-compiling-issue.patch \ + file://0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch \ + file://0002-Added-shutdown-log-statment-to-dhcrelay.patch \ + file://0003-Addressed-review-comment.patch \ " SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede" diff --git a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb index 684fbe09e1..cc9410b94e 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb @@ -143,11 +143,15 @@ ALTERNATIVE_${PN}-traceroute = "traceroute" ALTERNATIVE_${PN}-hostname = "hostname" ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname" -ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8" +ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \ + tftpd.8 tftp.1 telnetd.8" ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1" ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1" ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1" ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8" +ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8" +ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8" +ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1" ALTERNATIVE_${PN}-ifconfig = "ifconfig" ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig" diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch new file mode 100644 index 0000000000..98b1391923 --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch @@ -0,0 +1,34 @@ +From ff3ad88c233ecd87f7983ad13836323f944540ec Mon Sep 17 00:00:00 2001 +From: Doug Nazar <nazard@nazar.ca> +Date: Mon, 9 Dec 2019 10:53:37 -0500 +Subject: [PATCH] Disable statx if using glibc emulation + +On older kernels without statx, glibc with statx support will attempt +to emulate the call. However it doesn't support AT_STATX_DONT_SYNC and +will return EINVAL. This causes all xstat/xlstat calls to fail. + +Upstream-Status: Backport + +Signed-off-by: Doug Nazar <nazard@nazar.ca> +Signed-off-by: Steve Dickson <steved@redhat.com> +--- + support/misc/xstat.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/support/misc/xstat.c b/support/misc/xstat.c +index 661e29e4..a438fbcc 100644 +--- a/support/misc/xstat.c ++++ b/support/misc/xstat.c +@@ -51,6 +51,9 @@ statx_do_stat(int fd, const char *pathname, struct stat *statbuf, int flags) + statx_copy(statbuf, &stxbuf); + return 0; + } ++ /* glibc emulation doesn't support AT_STATX_DONT_SYNC */ ++ if (errno == EINVAL) ++ errno = ENOSYS; + if (errno == ENOSYS) + statx_supported = 0; + } else +-- +2.19.1 + diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb index 7e80354e4e..3ae8f965c8 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb @@ -33,6 +33,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \ file://0001-Don-t-build-tools-with-CC_FOR_BUILD.patch \ file://0001-Fix-include-order-between-config.h-and-stat.h.patch \ + file://0001-Disable-statx-if-using-glibc-emulation.patch \ " SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch" SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch" diff --git a/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch new file mode 100644 index 0000000000..e2930c3c7d --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch @@ -0,0 +1,46 @@ +From 3cccc0a2ab597b8273bddf08e9a3cc5551d7e530 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Fri, 3 Jan 2020 03:02:26 +0000 +Subject: [PATCH] upstream: what bozo decided to use 2020 as a future date in a + regress + +test? + +OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a + +Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/ff31f15773ee173502eec4d7861ec56f26bba381] + +[Dropped the script version and copyright year change at the top] + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + regress/cert-hostkey.sh | 2 +- + regress/cert-userkey.sh | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh +index 3ce7779..74d5a53 100644 +--- a/regress/cert-hostkey.sh ++++ b/regress/cert-hostkey.sh +@@ -248,7 +248,7 @@ test_one() { + test_one "user-certificate" failure "-n $HOSTS" + test_one "empty principals" success "-h" + test_one "wrong principals" failure "-h -n foo" +-test_one "cert not yet valid" failure "-h -V20200101:20300101" ++test_one "cert not yet valid" failure "-h -V20300101:20320101" + test_one "cert expired" failure "-h -V19800101:19900101" + test_one "cert valid interval" success "-h -V-1w:+2w" + test_one "cert has constraints" failure "-h -Oforce-command=false" +diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh +index 6849e99..de455b8 100644 +--- a/regress/cert-userkey.sh ++++ b/regress/cert-userkey.sh +@@ -327,7 +327,7 @@ test_one() { + test_one "correct principal" success "-n ${USER}" + test_one "host-certificate" failure "-n ${USER} -h" + test_one "wrong principals" failure "-n foo" +-test_one "cert not yet valid" failure "-n ${USER} -V20200101:20300101" ++test_one "cert not yet valid" failure "-n ${USER} -V20300101:20320101" + test_one "cert expired" failure "-n ${USER} -V19800101:19900101" + test_one "cert valid interval" success "-n ${USER} -V-1w:+2w" + test_one "wrong source-address" failure "-n ${USER} -Osource-address=10.0.0.0/8" diff --git a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb index 2ffbc9a95f..3d16f9d347 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb @@ -25,6 +25,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ file://0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch \ + file://0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch \ " SRC_URI[md5sum] = "bf050f002fe510e1daecd39044e1122d" SRC_URI[sha256sum] = "bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68" diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch deleted file mode 100644 index 0cc19cb5f4..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch +++ /dev/null @@ -1,758 +0,0 @@ -From 419102400a2811582a7a3d4a4e317d72e5ce0a8f Mon Sep 17 00:00:00 2001 -From: Andy Polyakov <appro@openssl.org> -Date: Wed, 4 Dec 2019 12:48:21 +0100 -Subject: [PATCH] Fix an overflow bug in rsaz_512_sqr - -There is an overflow bug in the x64_64 Montgomery squaring procedure used in -exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis -suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a -result of this defect would be very difficult to perform and are not believed -likely. Attacks against DH512 are considered just feasible. However, for an -attack the target would have to re-use the DH512 private key, which is not -recommended anyway. Also applications directly using the low level API -BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. - -CVE-2019-1551 - -Reviewed-by: Paul Dale <paul.dale@oracle.com> -Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> -(Merged from https://github.com/openssl/openssl/pull/10575) - -CVE: CVE-2019-1551 -Upstream-Status: Backport -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> ---- - crypto/bn/asm/rsaz-x86_64.pl | 381 ++++++++++++++++++----------------- - 1 file changed, 197 insertions(+), 184 deletions(-) - -diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl -index b1797b649f0..7534d5cd03e 100755 ---- a/crypto/bn/asm/rsaz-x86_64.pl -+++ b/crypto/bn/asm/rsaz-x86_64.pl -@@ -116,7 +116,7 @@ - subq \$128+24, %rsp - .cfi_adjust_cfa_offset 128+24 - .Lsqr_body: -- movq $mod, %rbp # common argument -+ movq $mod, %xmm1 # common off-load - movq ($inp), %rdx - movq 8($inp), %rax - movq $n0, 128(%rsp) -@@ -134,7 +134,8 @@ - .Loop_sqr: - movl $times,128+8(%rsp) - #first iteration -- movq %rdx, %rbx -+ movq %rdx, %rbx # 0($inp) -+ mov %rax, %rbp # 8($inp) - mulq %rdx - movq %rax, %r8 - movq 16($inp), %rax -@@ -173,31 +174,29 @@ - mulq %rbx - addq %rax, %r14 - movq %rbx, %rax -- movq %rdx, %r15 -- adcq \$0, %r15 -+ adcq \$0, %rdx - -- addq %r8, %r8 #shlq \$1, %r8 -- movq %r9, %rcx -- adcq %r9, %r9 #shld \$1, %r8, %r9 -+ xorq %rcx,%rcx # rcx:r8 = r8 << 1 -+ addq %r8, %r8 -+ movq %rdx, %r15 -+ adcq \$0, %rcx - - mulq %rax -- movq %rax, (%rsp) -- addq %rdx, %r8 -- adcq \$0, %r9 -+ addq %r8, %rdx -+ adcq \$0, %rcx - -- movq %r8, 8(%rsp) -- shrq \$63, %rcx -+ movq %rax, (%rsp) -+ movq %rdx, 8(%rsp) - - #second iteration -- movq 8($inp), %r8 - movq 16($inp), %rax -- mulq %r8 -+ mulq %rbp - addq %rax, %r10 - movq 24($inp), %rax - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r11 - movq 32($inp), %rax - adcq \$0, %rdx -@@ -205,7 +204,7 @@ - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r12 - movq 40($inp), %rax - adcq \$0, %rdx -@@ -213,7 +212,7 @@ - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r13 - movq 48($inp), %rax - adcq \$0, %rdx -@@ -221,7 +220,7 @@ - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r14 - movq 56($inp), %rax - adcq \$0, %rdx -@@ -229,39 +228,39 @@ - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r15 -- movq %r8, %rax -+ movq %rbp, %rax - adcq \$0, %rdx - addq %rbx, %r15 -- movq %rdx, %r8 -- movq %r10, %rdx -- adcq \$0, %r8 -+ adcq \$0, %rdx - -- add %rdx, %rdx -- lea (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 -- movq %r11, %rbx -- adcq %r11, %r11 #shld \$1, %r10, %r11 -+ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 -+ addq %r9, %r9 -+ movq %rdx, %r8 -+ adcq %r10, %r10 -+ adcq \$0, %rbx - - mulq %rax -+ addq %rcx, %rax -+ movq 16($inp), %rbp -+ adcq \$0, %rdx - addq %rax, %r9 -+ movq 24($inp), %rax - adcq %rdx, %r10 -- adcq \$0, %r11 -+ adcq \$0, %rbx - - movq %r9, 16(%rsp) - movq %r10, 24(%rsp) -- shrq \$63, %rbx - - #third iteration -- movq 16($inp), %r9 -- movq 24($inp), %rax -- mulq %r9 -+ mulq %rbp - addq %rax, %r12 - movq 32($inp), %rax - movq %rdx, %rcx - adcq \$0, %rcx - -- mulq %r9 -+ mulq %rbp - addq %rax, %r13 - movq 40($inp), %rax - adcq \$0, %rdx -@@ -269,7 +268,7 @@ - movq %rdx, %rcx - adcq \$0, %rcx - -- mulq %r9 -+ mulq %rbp - addq %rax, %r14 - movq 48($inp), %rax - adcq \$0, %rdx -@@ -277,9 +276,7 @@ - movq %rdx, %rcx - adcq \$0, %rcx - -- mulq %r9 -- movq %r12, %r10 -- lea (%rbx,%r12,2), %r12 #shld \$1, %rbx, %r12 -+ mulq %rbp - addq %rax, %r15 - movq 56($inp), %rax - adcq \$0, %rdx -@@ -287,36 +284,40 @@ - movq %rdx, %rcx - adcq \$0, %rcx - -- mulq %r9 -- shrq \$63, %r10 -+ mulq %rbp - addq %rax, %r8 -- movq %r9, %rax -+ movq %rbp, %rax - adcq \$0, %rdx - addq %rcx, %r8 -- movq %rdx, %r9 -- adcq \$0, %r9 -+ adcq \$0, %rdx - -- movq %r13, %rcx -- leaq (%r10,%r13,2), %r13 #shld \$1, %r12, %r13 -+ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 -+ addq %r11, %r11 -+ movq %rdx, %r9 -+ adcq %r12, %r12 -+ adcq \$0, %rcx - - mulq %rax -+ addq %rbx, %rax -+ movq 24($inp), %r10 -+ adcq \$0, %rdx - addq %rax, %r11 -+ movq 32($inp), %rax - adcq %rdx, %r12 -- adcq \$0, %r13 -+ adcq \$0, %rcx - - movq %r11, 32(%rsp) - movq %r12, 40(%rsp) -- shrq \$63, %rcx - - #fourth iteration -- movq 24($inp), %r10 -- movq 32($inp), %rax -+ mov %rax, %r11 # 32($inp) - mulq %r10 - addq %rax, %r14 - movq 40($inp), %rax - movq %rdx, %rbx - adcq \$0, %rbx - -+ mov %rax, %r12 # 40($inp) - mulq %r10 - addq %rax, %r15 - movq 48($inp), %rax -@@ -325,9 +326,8 @@ - movq %rdx, %rbx - adcq \$0, %rbx - -+ mov %rax, %rbp # 48($inp) - mulq %r10 -- movq %r14, %r12 -- leaq (%rcx,%r14,2), %r14 #shld \$1, %rcx, %r14 - addq %rax, %r8 - movq 56($inp), %rax - adcq \$0, %rdx -@@ -336,32 +336,33 @@ - adcq \$0, %rbx - - mulq %r10 -- shrq \$63, %r12 - addq %rax, %r9 - movq %r10, %rax - adcq \$0, %rdx - addq %rbx, %r9 -- movq %rdx, %r10 -- adcq \$0, %r10 -+ adcq \$0, %rdx - -- movq %r15, %rbx -- leaq (%r12,%r15,2),%r15 #shld \$1, %r14, %r15 -+ xorq %rbx, %rbx # rbx:r13:r14 = r13:r14 << 1 -+ addq %r13, %r13 -+ movq %rdx, %r10 -+ adcq %r14, %r14 -+ adcq \$0, %rbx - - mulq %rax -+ addq %rcx, %rax -+ adcq \$0, %rdx - addq %rax, %r13 -+ movq %r12, %rax # 40($inp) - adcq %rdx, %r14 -- adcq \$0, %r15 -+ adcq \$0, %rbx - - movq %r13, 48(%rsp) - movq %r14, 56(%rsp) -- shrq \$63, %rbx - - #fifth iteration -- movq 32($inp), %r11 -- movq 40($inp), %rax - mulq %r11 - addq %rax, %r8 -- movq 48($inp), %rax -+ movq %rbp, %rax # 48($inp) - movq %rdx, %rcx - adcq \$0, %rcx - -@@ -369,97 +370,99 @@ - addq %rax, %r9 - movq 56($inp), %rax - adcq \$0, %rdx -- movq %r8, %r12 -- leaq (%rbx,%r8,2), %r8 #shld \$1, %rbx, %r8 - addq %rcx, %r9 - movq %rdx, %rcx - adcq \$0, %rcx - -+ mov %rax, %r14 # 56($inp) - mulq %r11 -- shrq \$63, %r12 - addq %rax, %r10 - movq %r11, %rax - adcq \$0, %rdx - addq %rcx, %r10 -- movq %rdx, %r11 -- adcq \$0, %r11 -+ adcq \$0, %rdx - -- movq %r9, %rcx -- leaq (%r12,%r9,2), %r9 #shld \$1, %r8, %r9 -+ xorq %rcx, %rcx # rcx:r8:r15 = r8:r15 << 1 -+ addq %r15, %r15 -+ movq %rdx, %r11 -+ adcq %r8, %r8 -+ adcq \$0, %rcx - - mulq %rax -+ addq %rbx, %rax -+ adcq \$0, %rdx - addq %rax, %r15 -+ movq %rbp, %rax # 48($inp) - adcq %rdx, %r8 -- adcq \$0, %r9 -+ adcq \$0, %rcx - - movq %r15, 64(%rsp) - movq %r8, 72(%rsp) -- shrq \$63, %rcx - - #sixth iteration -- movq 40($inp), %r12 -- movq 48($inp), %rax - mulq %r12 - addq %rax, %r10 -- movq 56($inp), %rax -+ movq %r14, %rax # 56($inp) - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %r12 - addq %rax, %r11 - movq %r12, %rax -- movq %r10, %r15 -- leaq (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 - adcq \$0, %rdx -- shrq \$63, %r15 - addq %rbx, %r11 -- movq %rdx, %r12 -- adcq \$0, %r12 -+ adcq \$0, %rdx - -- movq %r11, %rbx -- leaq (%r15,%r11,2), %r11 #shld \$1, %r10, %r11 -+ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 -+ addq %r9, %r9 -+ movq %rdx, %r12 -+ adcq %r10, %r10 -+ adcq \$0, %rbx - - mulq %rax -+ addq %rcx, %rax -+ adcq \$0, %rdx - addq %rax, %r9 -+ movq %r14, %rax # 56($inp) - adcq %rdx, %r10 -- adcq \$0, %r11 -+ adcq \$0, %rbx - - movq %r9, 80(%rsp) - movq %r10, 88(%rsp) - - #seventh iteration -- movq 48($inp), %r13 -- movq 56($inp), %rax -- mulq %r13 -+ mulq %rbp - addq %rax, %r12 -- movq %r13, %rax -- movq %rdx, %r13 -- adcq \$0, %r13 -+ movq %rbp, %rax -+ adcq \$0, %rdx - -- xorq %r14, %r14 -- shlq \$1, %rbx -- adcq %r12, %r12 #shld \$1, %rbx, %r12 -- adcq %r13, %r13 #shld \$1, %r12, %r13 -- adcq %r14, %r14 #shld \$1, %r13, %r14 -+ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 -+ addq %r11, %r11 -+ movq %rdx, %r13 -+ adcq %r12, %r12 -+ adcq \$0, %rcx - - mulq %rax -+ addq %rbx, %rax -+ adcq \$0, %rdx - addq %rax, %r11 -+ movq %r14, %rax # 56($inp) - adcq %rdx, %r12 -- adcq \$0, %r13 -+ adcq \$0, %rcx - - movq %r11, 96(%rsp) - movq %r12, 104(%rsp) - - #eighth iteration -- movq 56($inp), %rax -+ xorq %rbx, %rbx # rbx:r13 = r13 << 1 -+ addq %r13, %r13 -+ adcq \$0, %rbx -+ - mulq %rax -- addq %rax, %r13 -+ addq %rcx, %rax - adcq \$0, %rdx -- -- addq %rdx, %r14 -- -- movq %r13, 112(%rsp) -- movq %r14, 120(%rsp) -+ addq %r13, %rax -+ adcq %rbx, %rdx - - movq (%rsp), %r8 - movq 8(%rsp), %r9 -@@ -469,6 +472,10 @@ - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 -+ movq %xmm1, %rbp -+ -+ movq %rax, 112(%rsp) -+ movq %rdx, 120(%rsp) - - call __rsaz_512_reduce - -@@ -500,9 +507,9 @@ - .Loop_sqrx: - movl $times,128+8(%rsp) - movq $out, %xmm0 # off-load -- movq %rbp, %xmm1 # off-load - #first iteration - mulx %rax, %r8, %r9 -+ mov %rax, %rbx - - mulx 16($inp), %rcx, %r10 - xor %rbp, %rbp # cf=0, of=0 -@@ -510,40 +517,39 @@ - mulx 24($inp), %rax, %r11 - adcx %rcx, %r9 - -- mulx 32($inp), %rcx, %r12 -+ .byte 0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($inp), %rcx, %r12 - adcx %rax, %r10 - -- mulx 40($inp), %rax, %r13 -+ .byte 0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00 # mulx 40($inp), %rax, %r13 - adcx %rcx, %r11 - -- .byte 0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($inp), %rcx, %r14 -+ mulx 48($inp), %rcx, %r14 - adcx %rax, %r12 - adcx %rcx, %r13 - -- .byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r15 -+ mulx 56($inp), %rax, %r15 - adcx %rax, %r14 - adcx %rbp, %r15 # %rbp is 0 - -- mov %r9, %rcx -- shld \$1, %r8, %r9 -- shl \$1, %r8 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -- adcx %rdx, %r8 -- mov 8($inp), %rdx -- adcx %rbp, %r9 -+ mulx %rdx, %rax, $out -+ mov %rbx, %rdx # 8($inp) -+ xor %rcx, %rcx -+ adox %r8, %r8 -+ adcx $out, %r8 -+ adox %rbp, %rcx -+ adcx %rbp, %rcx - - mov %rax, (%rsp) - mov %r8, 8(%rsp) - - #second iteration -- mulx 16($inp), %rax, %rbx -+ .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00 # mulx 16($inp), %rax, %rbx - adox %rax, %r10 - adcx %rbx, %r11 - -- .byte 0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r8 -+ mulx 24($inp), $out, %r8 - adox $out, %r11 -+ .byte 0x66 - adcx %r8, %r12 - - mulx 32($inp), %rax, %rbx -@@ -561,24 +567,25 @@ - .byte 0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r8 - adox $out, %r15 - adcx %rbp, %r8 -+ mulx %rdx, %rax, $out - adox %rbp, %r8 -+ .byte 0x48,0x8b,0x96,0x10,0x00,0x00,0x00 # mov 16($inp), %rdx - -- mov %r11, %rbx -- shld \$1, %r10, %r11 -- shld \$1, %rcx, %r10 -- -- xor %ebp,%ebp -- mulx %rdx, %rax, %rcx -- mov 16($inp), %rdx -+ xor %rbx, %rbx -+ adcx %rcx, %rax -+ adox %r9, %r9 -+ adcx %rbp, $out -+ adox %r10, %r10 - adcx %rax, %r9 -- adcx %rcx, %r10 -- adcx %rbp, %r11 -+ adox %rbp, %rbx -+ adcx $out, %r10 -+ adcx %rbp, %rbx - - mov %r9, 16(%rsp) - .byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp) - - #third iteration -- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r9 -+ mulx 24($inp), $out, %r9 - adox $out, %r12 - adcx %r9, %r13 - -@@ -586,7 +593,7 @@ - adox %rax, %r13 - adcx %rcx, %r14 - -- mulx 40($inp), $out, %r9 -+ .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r9 - adox $out, %r14 - adcx %r9, %r15 - -@@ -594,27 +601,28 @@ - adox %rax, %r15 - adcx %rcx, %r8 - -- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r9 -+ mulx 56($inp), $out, %r9 - adox $out, %r8 - adcx %rbp, %r9 -+ mulx %rdx, %rax, $out - adox %rbp, %r9 -+ mov 24($inp), %rdx - -- mov %r13, %rcx -- shld \$1, %r12, %r13 -- shld \$1, %rbx, %r12 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -+ xor %rcx, %rcx -+ adcx %rbx, %rax -+ adox %r11, %r11 -+ adcx %rbp, $out -+ adox %r12, %r12 - adcx %rax, %r11 -- adcx %rdx, %r12 -- mov 24($inp), %rdx -- adcx %rbp, %r13 -+ adox %rbp, %rcx -+ adcx $out, %r12 -+ adcx %rbp, %rcx - - mov %r11, 32(%rsp) -- .byte 0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00 # mov %r12, 40(%rsp) -+ mov %r12, 40(%rsp) - - #fourth iteration -- .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00 # mulx 32($inp), %rax, %rbx -+ mulx 32($inp), %rax, %rbx - adox %rax, %r14 - adcx %rbx, %r15 - -@@ -629,25 +637,25 @@ - mulx 56($inp), $out, %r10 - adox $out, %r9 - adcx %rbp, %r10 -+ mulx %rdx, %rax, $out - adox %rbp, %r10 -+ mov 32($inp), %rdx - -- .byte 0x66 -- mov %r15, %rbx -- shld \$1, %r14, %r15 -- shld \$1, %rcx, %r14 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -+ xor %rbx, %rbx -+ adcx %rcx, %rax -+ adox %r13, %r13 -+ adcx %rbp, $out -+ adox %r14, %r14 - adcx %rax, %r13 -- adcx %rdx, %r14 -- mov 32($inp), %rdx -- adcx %rbp, %r15 -+ adox %rbp, %rbx -+ adcx $out, %r14 -+ adcx %rbp, %rbx - - mov %r13, 48(%rsp) - mov %r14, 56(%rsp) - - #fifth iteration -- .byte 0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r11 -+ mulx 40($inp), $out, %r11 - adox $out, %r8 - adcx %r11, %r9 - -@@ -658,18 +666,19 @@ - mulx 56($inp), $out, %r11 - adox $out, %r10 - adcx %rbp, %r11 -+ mulx %rdx, %rax, $out -+ mov 40($inp), %rdx - adox %rbp, %r11 - -- mov %r9, %rcx -- shld \$1, %r8, %r9 -- shld \$1, %rbx, %r8 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -+ xor %rcx, %rcx -+ adcx %rbx, %rax -+ adox %r15, %r15 -+ adcx %rbp, $out -+ adox %r8, %r8 - adcx %rax, %r15 -- adcx %rdx, %r8 -- mov 40($inp), %rdx -- adcx %rbp, %r9 -+ adox %rbp, %rcx -+ adcx $out, %r8 -+ adcx %rbp, %rcx - - mov %r15, 64(%rsp) - mov %r8, 72(%rsp) -@@ -682,18 +691,19 @@ - .byte 0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r12 - adox $out, %r11 - adcx %rbp, %r12 -+ mulx %rdx, %rax, $out - adox %rbp, %r12 -+ mov 48($inp), %rdx - -- mov %r11, %rbx -- shld \$1, %r10, %r11 -- shld \$1, %rcx, %r10 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -+ xor %rbx, %rbx -+ adcx %rcx, %rax -+ adox %r9, %r9 -+ adcx %rbp, $out -+ adox %r10, %r10 - adcx %rax, %r9 -- adcx %rdx, %r10 -- mov 48($inp), %rdx -- adcx %rbp, %r11 -+ adcx $out, %r10 -+ adox %rbp, %rbx -+ adcx %rbp, %rbx - - mov %r9, 80(%rsp) - mov %r10, 88(%rsp) -@@ -703,31 +713,31 @@ - adox %rax, %r12 - adox %rbp, %r13 - -- xor %r14, %r14 -- shld \$1, %r13, %r14 -- shld \$1, %r12, %r13 -- shld \$1, %rbx, %r12 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -- adcx %rax, %r11 -- adcx %rdx, %r12 -+ mulx %rdx, %rax, $out -+ xor %rcx, %rcx - mov 56($inp), %rdx -- adcx %rbp, %r13 -+ adcx %rbx, %rax -+ adox %r11, %r11 -+ adcx %rbp, $out -+ adox %r12, %r12 -+ adcx %rax, %r11 -+ adox %rbp, %rcx -+ adcx $out, %r12 -+ adcx %rbp, %rcx - - .byte 0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00 # mov %r11, 96(%rsp) - .byte 0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00 # mov %r12, 104(%rsp) - - #eighth iteration - mulx %rdx, %rax, %rdx -- adox %rax, %r13 -- adox %rbp, %rdx -+ xor %rbx, %rbx -+ adcx %rcx, %rax -+ adox %r13, %r13 -+ adcx %rbp, %rdx -+ adox %rbp, %rbx -+ adcx %r13, %rax -+ adcx %rdx, %rbx - -- .byte 0x66 -- add %rdx, %r14 -- -- movq %r13, 112(%rsp) -- movq %r14, 120(%rsp) - movq %xmm0, $out - movq %xmm1, %rbp - -@@ -741,6 +751,9 @@ - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - -+ movq %rax, 112(%rsp) -+ movq %rbx, 120(%rsp) -+ - call __rsaz_512_reducex - - addq 64(%rsp), %r8 diff --git a/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/meta/recipes-connectivity/openssl/openssl/reproducible.patch new file mode 100644 index 0000000000..a24260c95d --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/reproducible.patch @@ -0,0 +1,32 @@ +The value for perl_archname can vary depending on the host, e.g. +x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which +makes the ptest package non-reproducible. Its unused other than +these references so drop it. + +RP 2020/2/6 + +Upstream-Status: Pending +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: openssl-1.1.1d/Configure +=================================================================== +--- openssl-1.1.1d.orig/Configure ++++ openssl-1.1.1d/Configure +@@ -286,7 +286,7 @@ if (defined env($local_config_envname)) + # Save away perl command information + $config{perl_cmd} = $^X; + $config{perl_version} = $Config{version}; +-$config{perl_archname} = $Config{archname}; ++#$config{perl_archname} = $Config{archname}; + + $config{prefix}=""; + $config{openssldir}=""; +@@ -2517,7 +2517,7 @@ _____ + @{$config{perlargv}}), "\n"; + print "\nPerl information:\n\n"; + print ' ',$config{perl_cmd},"\n"; +- print ' ',$config{perl_version},' for ',$config{perl_archname},"\n"; ++ print ' ',$config{perl_version},"\n"; + } + if ($dump || $options) { + my $longest = 0; diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1f.bb index 458ae7daf4..aa4ef6f48a 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1f.bb @@ -16,15 +16,14 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-skip-test_symbol_presence.patch \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ - file://CVE-2019-1551.patch \ + file://reproducible.patch \ " SRC_URI_append_class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[md5sum] = "3be209000dbc7e1b95bcdf47980a3baa" -SRC_URI[sha256sum] = "1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2" +SRC_URI[sha256sum] = "186c6bfe6ecfba7a5b48c47f8a1673d0f3b0e5ba2e25602dd23b629975da3f35" inherit lib_package multilib_header multilib_script ptest MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" @@ -33,7 +32,7 @@ PACKAGECONFIG ?= "" PACKAGECONFIG_class-native = "" PACKAGECONFIG_class-nativesdk = "" -PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux" +PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" B = "${WORKDIR}/build" do_configure[cleandirs] = "${B}" diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch new file mode 100644 index 0000000000..b7ba7ba643 --- /dev/null +++ b/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch @@ -0,0 +1,47 @@ +From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001 +From: Paul Mackerras <paulus@ozlabs.org> +Date: Mon, 3 Feb 2020 15:53:28 +1100 +Subject: [PATCH] pppd: Fix bounds check in EAP code + +Given that we have just checked vallen < len, it can never be the case +that vallen >= len + sizeof(rhostname). This fixes the check so we +actually avoid overflowing the rhostname array. + +Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> +Signed-off-by: Paul Mackerras <paulus@ozlabs.org> + +Upstream-Status: Backport +[https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426] + +CVE: CVE-2020-8597 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + pppd/eap.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/pppd/eap.c b/pppd/eap.c +index 94407f5..1b93db0 100644 +--- a/pppd/eap.c ++++ b/pppd/eap.c +@@ -1420,7 +1420,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; +@@ -1846,7 +1846,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; +-- +2.17.1 + diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb index 644cde4562..60c56dd0bd 100644 --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb @@ -33,6 +33,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ file://0001-ppp-Remove-unneeded-include.patch \ file://ppp-2.4.7-DES-openssl.patch \ + file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \ " SRC_URI_append_libc-musl = "\ diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc index bf6ddae7d1..33c84bc2c1 100644 --- a/meta/recipes-core/busybox/busybox.inc +++ b/meta/recipes-core/busybox/busybox.inc @@ -431,6 +431,32 @@ fi d.prependVar('pkg_postinst_%s' % pkg, postinst) } +pkg_postinst_${PN}_prepend () { + # Need path to saved utils, but they may have be removed on upgrade of busybox + # Only use shell to get paths. Also capture if busybox was saved. + BUSYBOX="" + if [ "x$D" = "x" ] ; then + for busybox_rmdir in /tmp/busyboxrm-*; do + if [ "$busybox_rmdir" != '/tmp/busyboxrm-*' ] ; then + export PATH=$busybox_rmdir:$PATH + if [ -e $busybox_rmdir/busybox* ] ; then + BUSYBOX="$busybox_rmdir/busybox*" + fi + fi + done + fi +} + +pkg_postinst_${PN}_append () { + # If busybox exists in the remove directory it is because it was the only shell left. + if [ "x$D" = "x" ] ; then + if [ "x$BUSYBOX" != "x" ] ; then + update-alternatives --remove sh $BUSYBOX + rm -f $BUSYBOX + fi + fi +} + pkg_prerm_${PN} () { # This is so you can make busybox commit suicide - removing busybox with no other packages # providing its files, this will make update-alternatives work, but the update-rc.d part @@ -451,9 +477,26 @@ pkg_prerm_${PN} () { ln -s ${base_bindir}/busybox $tmpdir/grep ln -s ${base_bindir}/busybox $tmpdir/tail export PATH=$PATH:$tmpdir + + # If busybox is the shell, we need to save it since its the lowest priority shell + # Register saved bitbake as the lowest priority shell possible as back up. + if [ -n "$(readlink -f /bin/sh | grep busybox)" ] ; then + BUSYBOX=$(readlink -f /bin/sh) + cp $BUSYBOX $tmpdir/$(basename $BUSYBOX) + update-alternatives --install /bin/sh sh $tmpdir/$(basename $BUSYBOX) 1 + fi } pkg_postrm_${PN} () { + # Add path to remove dir in case we removed our only grep + if [ "x$D" = "x" ] ; then + for busybox_rmdir in /tmp/busyboxrm-*; do + if [ "$busybox_rmdir" != '/tmp/busyboxrm-*' ] ; then + export PATH=$busybox_rmdir:$PATH + fi + done + fi + if grep -q "^${base_bindir}/bash$" $D${sysconfdir}/busybox.links* && [ ! -e $D${base_bindir}/bash ]; then printf "$(grep -v "^${base_bindir}/bash$" $D${sysconfdir}/shells)\n" > $D${sysconfdir}/shells fi diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-6750.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-6750.patch new file mode 100644 index 0000000000..6db3934978 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-6750.patch @@ -0,0 +1,741 @@ +From 747f2c646f5a86ac58ad59be08036e81388e971d Mon Sep 17 00:00:00 2001 +From: Patrick Griffis <tingping@tingping.se> +Date: Thu, 23 Jan 2020 19:58:41 -0800 +Subject: [PATCH] Refactor g_socket_client_connect_async() + +This is a fairly large refactoring. The highlights are: + +- Removing in-progress connections/addresses from GSocketClientAsyncConnectData: + + This caused issues where multiple ConnectionAttempt's would step over eachother + and modify shared state causing bugs like accidentally bypassing a set proxy. + + Fixes #1871 + Fixes #1989 + Fixes #1902 + +- Cancelling address enumeration on error/completion + +- Queuing successful TCP connections and doing application layer work serially: + + This is more in the spirit of Happy Eyeballs but it also greatly simplifies + the flow of connection handling so fewer tasks are happening in parallel + when they don't need to be. + + The behavior also should more closely match that of g_socket_client_connect(). + +- Better track the state of address enumeration: + + Previously we were over eager to treat enumeration finishing as an error. + + Fixes #1872 + See also #1982 + +- Add more detailed documentation and logging. + +Closes #1995 + +CVE: CVE-2020-6750 + +Upstream-Status: Backport [ https://gitlab.gnome.org/GNOME/glib.git; +commit=2722620e3291b930a3a228100d7c0e07b69534e3 ] + +Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> +--- + gio/gsocketclient.c | 459 ++++++++++++++++++++++++++++---------------- + 1 file changed, 296 insertions(+), 163 deletions(-) + +diff --git a/gio/gsocketclient.c b/gio/gsocketclient.c +index 81767c0..b1d5f6c 100644 +--- a/gio/gsocketclient.c ++++ b/gio/gsocketclient.c +@@ -1332,13 +1332,15 @@ typedef struct + + GSocketConnectable *connectable; + GSocketAddressEnumerator *enumerator; +- GProxyAddress *proxy_addr; +- GSocket *socket; +- GIOStream *connection; ++ GCancellable *enumeration_cancellable; + + GSList *connection_attempts; ++ GSList *successful_connections; + GError *last_error; + ++ gboolean enumerated_at_least_once; ++ gboolean enumeration_completed; ++ gboolean connection_in_progress; + gboolean completed; + } GSocketClientAsyncConnectData; + +@@ -1350,10 +1352,9 @@ g_socket_client_async_connect_data_free (GSocketClientAsyncConnectData *data) + data->task = NULL; + g_clear_object (&data->connectable); + g_clear_object (&data->enumerator); +- g_clear_object (&data->proxy_addr); +- g_clear_object (&data->socket); +- g_clear_object (&data->connection); ++ g_clear_object (&data->enumeration_cancellable); + g_slist_free_full (data->connection_attempts, connection_attempt_unref); ++ g_slist_free_full (data->successful_connections, connection_attempt_unref); + + g_clear_error (&data->last_error); + +@@ -1365,6 +1366,7 @@ typedef struct + GSocketAddress *address; + GSocket *socket; + GIOStream *connection; ++ GProxyAddress *proxy_addr; + GSocketClientAsyncConnectData *data; /* unowned */ + GSource *timeout_source; + GCancellable *cancellable; +@@ -1396,6 +1398,7 @@ connection_attempt_unref (gpointer pointer) + g_clear_object (&attempt->socket); + g_clear_object (&attempt->connection); + g_clear_object (&attempt->cancellable); ++ g_clear_object (&attempt->proxy_addr); + if (attempt->timeout_source) + { + g_source_destroy (attempt->timeout_source); +@@ -1413,37 +1416,59 @@ connection_attempt_remove (ConnectionAttempt *attempt) + } + + static void +-g_socket_client_async_connect_complete (GSocketClientAsyncConnectData *data) ++cancel_all_attempts (GSocketClientAsyncConnectData *data) + { +- g_assert (data->connection); ++ GSList *l; + +- if (!G_IS_SOCKET_CONNECTION (data->connection)) ++ for (l = data->connection_attempts; l; l = g_slist_next (l)) + { +- GSocketConnection *wrapper_connection; +- +- wrapper_connection = g_tcp_wrapper_connection_new (data->connection, data->socket); +- g_object_unref (data->connection); +- data->connection = (GIOStream *)wrapper_connection; ++ ConnectionAttempt *attempt_entry = l->data; ++ g_cancellable_cancel (attempt_entry->cancellable); ++ connection_attempt_unref (attempt_entry); + } ++ g_slist_free (data->connection_attempts); ++ data->connection_attempts = NULL; + +- if (!data->completed) ++ g_slist_free_full (data->successful_connections, connection_attempt_unref); ++ data->successful_connections = NULL; ++ ++ g_cancellable_cancel (data->enumeration_cancellable); ++} ++ ++static void ++g_socket_client_async_connect_complete (ConnectionAttempt *attempt) ++{ ++ GSocketClientAsyncConnectData *data = attempt->data; ++ GError *error = NULL; ++ g_assert (attempt->connection); ++ g_assert (!data->completed); ++ ++ if (!G_IS_SOCKET_CONNECTION (attempt->connection)) + { +- GError *error = NULL; ++ GSocketConnection *wrapper_connection; + +- if (g_cancellable_set_error_if_cancelled (g_task_get_cancellable (data->task), &error)) +- { +- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL); +- g_task_return_error (data->task, g_steal_pointer (&error)); +- } +- else +- { +- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, data->connection); +- g_task_return_pointer (data->task, g_steal_pointer (&data->connection), g_object_unref); +- } ++ wrapper_connection = g_tcp_wrapper_connection_new (attempt->connection, attempt->socket); ++ g_object_unref (attempt->connection); ++ attempt->connection = (GIOStream *)wrapper_connection; ++ } + +- data->completed = TRUE; ++ data->completed = TRUE; ++ cancel_all_attempts (data); ++ ++ if (g_cancellable_set_error_if_cancelled (g_task_get_cancellable (data->task), &error)) ++ { ++ g_debug ("GSocketClient: Connection cancelled!"); ++ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL); ++ g_task_return_error (data->task, g_steal_pointer (&error)); ++ } ++ else ++ { ++ g_debug ("GSocketClient: Connection successful!"); ++ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, attempt->connection); ++ g_task_return_pointer (data->task, g_steal_pointer (&attempt->connection), g_object_unref); + } + ++ connection_attempt_unref (attempt); + g_object_unref (data->task); + } + +@@ -1465,59 +1490,63 @@ static void + enumerator_next_async (GSocketClientAsyncConnectData *data, + gboolean add_task_ref) + { +- /* We need to cleanup the state */ +- g_clear_object (&data->socket); +- g_clear_object (&data->proxy_addr); +- g_clear_object (&data->connection); +- + /* Each enumeration takes a ref. This arg just avoids repeated unrefs when + an enumeration starts another enumeration */ + if (add_task_ref) + g_object_ref (data->task); + + g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_RESOLVING, data->connectable, NULL); ++ g_debug ("GSocketClient: Starting new address enumeration"); + g_socket_address_enumerator_next_async (data->enumerator, +- g_task_get_cancellable (data->task), ++ data->enumeration_cancellable, + g_socket_client_enumerator_callback, + data); + } + ++static void try_next_connection_or_finish (GSocketClientAsyncConnectData *, gboolean); ++ + static void + g_socket_client_tls_handshake_callback (GObject *object, + GAsyncResult *result, + gpointer user_data) + { +- GSocketClientAsyncConnectData *data = user_data; ++ ConnectionAttempt *attempt = user_data; ++ GSocketClientAsyncConnectData *data = attempt->data; + + if (g_tls_connection_handshake_finish (G_TLS_CONNECTION (object), + result, + &data->last_error)) + { +- g_object_unref (data->connection); +- data->connection = G_IO_STREAM (object); ++ g_object_unref (attempt->connection); ++ attempt->connection = G_IO_STREAM (object); + +- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_TLS_HANDSHAKED, data->connectable, data->connection); +- g_socket_client_async_connect_complete (data); ++ g_debug ("GSocketClient: TLS handshake succeeded"); ++ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_TLS_HANDSHAKED, data->connectable, attempt->connection); ++ g_socket_client_async_connect_complete (attempt); + } + else + { + g_object_unref (object); +- enumerator_next_async (data, FALSE); ++ connection_attempt_unref (attempt); ++ g_debug ("GSocketClient: TLS handshake failed: %s", data->last_error->message); ++ try_next_connection_or_finish (data, TRUE); + } + } + + static void +-g_socket_client_tls_handshake (GSocketClientAsyncConnectData *data) ++g_socket_client_tls_handshake (ConnectionAttempt *attempt) + { ++ GSocketClientAsyncConnectData *data = attempt->data; + GIOStream *tlsconn; + + if (!data->client->priv->tls) + { +- g_socket_client_async_connect_complete (data); ++ g_socket_client_async_connect_complete (attempt); + return; + } + +- tlsconn = g_tls_client_connection_new (data->connection, ++ g_debug ("GSocketClient: Starting TLS handshake"); ++ tlsconn = g_tls_client_connection_new (attempt->connection, + data->connectable, + &data->last_error); + if (tlsconn) +@@ -1529,11 +1558,12 @@ g_socket_client_tls_handshake (GSocketClientAsyncConnectData *data) + G_PRIORITY_DEFAULT, + g_task_get_cancellable (data->task), + g_socket_client_tls_handshake_callback, +- data); ++ attempt); + } + else + { +- enumerator_next_async (data, FALSE); ++ connection_attempt_unref (attempt); ++ try_next_connection_or_finish (data, TRUE); + } + } + +@@ -1542,23 +1572,38 @@ g_socket_client_proxy_connect_callback (GObject *object, + GAsyncResult *result, + gpointer user_data) + { +- GSocketClientAsyncConnectData *data = user_data; ++ ConnectionAttempt *attempt = user_data; ++ GSocketClientAsyncConnectData *data = attempt->data; + +- g_object_unref (data->connection); +- data->connection = g_proxy_connect_finish (G_PROXY (object), +- result, +- &data->last_error); +- if (data->connection) ++ g_object_unref (attempt->connection); ++ attempt->connection = g_proxy_connect_finish (G_PROXY (object), ++ result, ++ &data->last_error); ++ if (attempt->connection) + { +- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATED, data->connectable, data->connection); ++ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATED, data->connectable, attempt->connection); + } + else + { +- enumerator_next_async (data, FALSE); ++ connection_attempt_unref (attempt); ++ try_next_connection_or_finish (data, TRUE); + return; + } + +- g_socket_client_tls_handshake (data); ++ g_socket_client_tls_handshake (attempt); ++} ++ ++static void ++complete_connection_with_error (GSocketClientAsyncConnectData *data, ++ GError *error) ++{ ++ g_debug ("GSocketClient: Connection failed: %s", error->message); ++ g_assert (!data->completed); ++ ++ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL); ++ data->completed = TRUE; ++ cancel_all_attempts (data); ++ g_task_return_error (data->task, error); + } + + static gboolean +@@ -1572,15 +1617,114 @@ task_completed_or_cancelled (GSocketClientAsyncConnectData *data) + return TRUE; + else if (g_cancellable_set_error_if_cancelled (cancellable, &error)) + { +- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL); +- g_task_return_error (task, g_steal_pointer (&error)); +- data->completed = TRUE; ++ complete_connection_with_error (data, g_steal_pointer (&error)); + return TRUE; + } + else + return FALSE; + } + ++static gboolean ++try_next_successful_connection (GSocketClientAsyncConnectData *data) ++{ ++ ConnectionAttempt *attempt; ++ const gchar *protocol; ++ GProxy *proxy; ++ ++ if (data->connection_in_progress) ++ return FALSE; ++ ++ g_assert (data->successful_connections != NULL); ++ attempt = data->successful_connections->data; ++ g_assert (attempt != NULL); ++ data->successful_connections = g_slist_remove (data->successful_connections, attempt); ++ data->connection_in_progress = TRUE; ++ ++ g_debug ("GSocketClient: Starting application layer connection"); ++ ++ if (!attempt->proxy_addr) ++ { ++ g_socket_client_tls_handshake (g_steal_pointer (&attempt)); ++ return TRUE; ++ } ++ ++ protocol = g_proxy_address_get_protocol (attempt->proxy_addr); ++ ++ /* The connection should not be anything other than TCP, ++ * but let's put a safety guard in case ++ */ ++ if (!G_IS_TCP_CONNECTION (attempt->connection)) ++ { ++ g_critical ("Trying to proxy over non-TCP connection, this is " ++ "most likely a bug in GLib IO library."); ++ ++ g_set_error_literal (&data->last_error, ++ G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, ++ _("Proxying over a non-TCP connection is not supported.")); ++ } ++ else if (g_hash_table_contains (data->client->priv->app_proxies, protocol)) ++ { ++ /* Simply complete the connection, we don't want to do TLS handshake ++ * as the application proxy handling may need proxy handshake first */ ++ g_socket_client_async_connect_complete (g_steal_pointer (&attempt)); ++ return TRUE; ++ } ++ else if ((proxy = g_proxy_get_default_for_protocol (protocol))) ++ { ++ GIOStream *connection = attempt->connection; ++ GProxyAddress *proxy_addr = attempt->proxy_addr; ++ ++ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATING, data->connectable, attempt->connection); ++ g_debug ("GSocketClient: Starting proxy connection"); ++ g_proxy_connect_async (proxy, ++ connection, ++ proxy_addr, ++ g_task_get_cancellable (data->task), ++ g_socket_client_proxy_connect_callback, ++ g_steal_pointer (&attempt)); ++ g_object_unref (proxy); ++ return TRUE; ++ } ++ else ++ { ++ g_clear_error (&data->last_error); ++ ++ g_set_error (&data->last_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, ++ _("Proxy protocol “%s” is not supported."), ++ protocol); ++ } ++ ++ data->connection_in_progress = FALSE; ++ g_clear_pointer (&attempt, connection_attempt_unref); ++ return FALSE; /* All non-return paths are failures */ ++} ++ ++static void ++try_next_connection_or_finish (GSocketClientAsyncConnectData *data, ++ gboolean end_current_connection) ++{ ++ if (end_current_connection) ++ data->connection_in_progress = FALSE; ++ ++ if (data->connection_in_progress) ++ return; ++ ++ /* Keep trying successful connections until one works, each iteration pops one */ ++ while (data->successful_connections) ++ { ++ if (try_next_successful_connection (data)) ++ return; ++ } ++ ++ if (!data->enumeration_completed) ++ { ++ enumerator_next_async (data, FALSE); ++ return; ++ } ++ ++ complete_connection_with_error (data, data->last_error); ++} ++ + static void + g_socket_client_connected_callback (GObject *source, + GAsyncResult *result, +@@ -1588,10 +1732,7 @@ g_socket_client_connected_callback (GObject *source, + { + ConnectionAttempt *attempt = user_data; + GSocketClientAsyncConnectData *data = attempt->data; +- GSList *l; + GError *error = NULL; +- GProxy *proxy; +- const gchar *protocol; + + if (task_completed_or_cancelled (data) || g_cancellable_is_cancelled (attempt->cancellable)) + { +@@ -1613,11 +1754,12 @@ g_socket_client_connected_callback (GObject *source, + { + clarify_connect_error (error, data->connectable, attempt->address); + set_last_error (data, error); ++ g_debug ("GSocketClient: Connection attempt failed: %s", error->message); + connection_attempt_remove (attempt); +- enumerator_next_async (data, FALSE); + connection_attempt_unref (attempt); ++ try_next_connection_or_finish (data, FALSE); + } +- else ++ else /* Silently ignore cancelled attempts */ + { + g_clear_error (&error); + g_object_unref (data->task); +@@ -1627,74 +1769,21 @@ g_socket_client_connected_callback (GObject *source, + return; + } + +- data->socket = g_steal_pointer (&attempt->socket); +- data->connection = g_steal_pointer (&attempt->connection); +- +- for (l = data->connection_attempts; l; l = g_slist_next (l)) +- { +- ConnectionAttempt *attempt_entry = l->data; +- g_cancellable_cancel (attempt_entry->cancellable); +- connection_attempt_unref (attempt_entry); +- } +- g_slist_free (data->connection_attempts); +- data->connection_attempts = NULL; +- connection_attempt_unref (attempt); +- +- g_socket_connection_set_cached_remote_address ((GSocketConnection*)data->connection, NULL); +- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTED, data->connectable, data->connection); ++ g_socket_connection_set_cached_remote_address ((GSocketConnection*)attempt->connection, NULL); ++ g_debug ("GSocketClient: TCP connection successful"); ++ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTED, data->connectable, attempt->connection); + + /* wrong, but backward compatible */ +- g_socket_set_blocking (data->socket, TRUE); ++ g_socket_set_blocking (attempt->socket, TRUE); + +- if (!data->proxy_addr) +- { +- g_socket_client_tls_handshake (data); +- return; +- } +- +- protocol = g_proxy_address_get_protocol (data->proxy_addr); +- +- /* The connection should not be anything other than TCP, +- * but let's put a safety guard in case ++ /* This ends the parallel "happy eyeballs" portion of connecting. ++ Now that we have a successful tcp connection we will attempt to connect ++ at the TLS/Proxy layer. If those layers fail we will move on to the next ++ connection. + */ +- if (!G_IS_TCP_CONNECTION (data->connection)) +- { +- g_critical ("Trying to proxy over non-TCP connection, this is " +- "most likely a bug in GLib IO library."); +- +- g_set_error_literal (&data->last_error, +- G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, +- _("Proxying over a non-TCP connection is not supported.")); +- +- enumerator_next_async (data, FALSE); +- } +- else if (g_hash_table_contains (data->client->priv->app_proxies, protocol)) +- { +- /* Simply complete the connection, we don't want to do TLS handshake +- * as the application proxy handling may need proxy handshake first */ +- g_socket_client_async_connect_complete (data); +- } +- else if ((proxy = g_proxy_get_default_for_protocol (protocol))) +- { +- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATING, data->connectable, data->connection); +- g_proxy_connect_async (proxy, +- data->connection, +- data->proxy_addr, +- g_task_get_cancellable (data->task), +- g_socket_client_proxy_connect_callback, +- data); +- g_object_unref (proxy); +- } +- else +- { +- g_clear_error (&data->last_error); +- +- g_set_error (&data->last_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, +- _("Proxy protocol “%s” is not supported."), +- protocol); +- +- enumerator_next_async (data, FALSE); +- } ++ connection_attempt_remove (attempt); ++ data->successful_connections = g_slist_append (data->successful_connections, g_steal_pointer (&attempt)); ++ try_next_connection_or_finish (data, FALSE); + } + + static gboolean +@@ -1702,7 +1791,11 @@ on_connection_attempt_timeout (gpointer data) + { + ConnectionAttempt *attempt = data; + +- enumerator_next_async (attempt->data, TRUE); ++ if (!attempt->data->enumeration_completed) ++ { ++ g_debug ("GSocketClient: Timeout reached, trying another enumeration"); ++ enumerator_next_async (attempt->data, TRUE); ++ } + + g_clear_pointer (&attempt->timeout_source, g_source_unref); + return G_SOURCE_REMOVE; +@@ -1712,9 +1805,9 @@ static void + on_connection_cancelled (GCancellable *cancellable, + gpointer data) + { +- GCancellable *attempt_cancellable = data; ++ GCancellable *linked_cancellable = G_CANCELLABLE (data); + +- g_cancellable_cancel (attempt_cancellable); ++ g_cancellable_cancel (linked_cancellable); + } + + static void +@@ -1738,39 +1831,49 @@ g_socket_client_enumerator_callback (GObject *object, + result, &error); + if (address == NULL) + { +- if (data->connection_attempts) ++ if (G_UNLIKELY (data->enumeration_completed)) ++ return; ++ ++ data->enumeration_completed = TRUE; ++ g_debug ("GSocketClient: Address enumeration completed (out of addresses)"); ++ ++ /* As per API docs: We only care about error if its the first call, ++ after that the enumerator is done. ++ ++ Note that we don't care about cancellation errors because ++ task_completed_or_cancelled() above should handle that. ++ ++ If this fails and nothing is in progress then we will complete task here. ++ */ ++ if ((data->enumerated_at_least_once && !data->connection_attempts && !data->connection_in_progress) || ++ !data->enumerated_at_least_once) + { +- g_object_unref (data->task); +- return; ++ g_debug ("GSocketClient: Address enumeration failed: %s", error ? error->message : NULL); ++ if (data->last_error) ++ { ++ g_clear_error (&error); ++ error = data->last_error; ++ data->last_error = NULL; ++ } ++ else if (!error) ++ { ++ g_set_error_literal (&error, G_IO_ERROR, G_IO_ERROR_FAILED, ++ _("Unknown error on connect")); ++ } ++ ++ complete_connection_with_error (data, error); + } + +- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL); +- data->completed = TRUE; +- if (!error) +- { +- if (data->last_error) +- { +- error = data->last_error; +- data->last_error = NULL; +- } +- else +- { +- g_set_error_literal (&error, G_IO_ERROR, G_IO_ERROR_FAILED, +- _("Unknown error on connect")); +- } +- } +- g_task_return_error (data->task, error); ++ /* Enumeration should never trigger again, drop our ref */ + g_object_unref (data->task); + return; + } + ++ data->enumerated_at_least_once = TRUE; ++ g_debug ("GSocketClient: Address enumeration succeeded"); + g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_RESOLVED, + data->connectable, NULL); + +- if (G_IS_PROXY_ADDRESS (address) && +- data->client->priv->enable_proxy) +- data->proxy_addr = g_object_ref (G_PROXY_ADDRESS (address)); +- + g_clear_error (&data->last_error); + + socket = create_socket (data->client, address, &data->last_error); +@@ -1788,6 +1891,10 @@ g_socket_client_enumerator_callback (GObject *object, + attempt->cancellable = g_cancellable_new (); + attempt->connection = (GIOStream *)g_socket_connection_factory_create_connection (socket); + attempt->timeout_source = g_timeout_source_new (HAPPY_EYEBALLS_CONNECTION_ATTEMPT_TIMEOUT_MS); ++ ++ if (G_IS_PROXY_ADDRESS (address) && data->client->priv->enable_proxy) ++ attempt->proxy_addr = g_object_ref (G_PROXY_ADDRESS (address)); ++ + g_source_set_callback (attempt->timeout_source, on_connection_attempt_timeout, attempt, NULL); + g_source_attach (attempt->timeout_source, g_main_context_get_thread_default ()); + data->connection_attempts = g_slist_append (data->connection_attempts, attempt); +@@ -1797,6 +1904,7 @@ g_socket_client_enumerator_callback (GObject *object, + g_object_ref (attempt->cancellable), g_object_unref); + + g_socket_connection_set_cached_remote_address ((GSocketConnection *)attempt->connection, address); ++ g_debug ("GSocketClient: Starting TCP connection attempt"); + g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTING, data->connectable, attempt->connection); + g_socket_connection_connect_async (G_SOCKET_CONNECTION (attempt->connection), + address, +@@ -1849,24 +1957,48 @@ g_socket_client_connect_async (GSocketClient *client, + else + data->enumerator = g_socket_connectable_enumerate (connectable); + +- /* The flow and ownership here isn't quite obvious: +- - The task starts an async attempt to connect. +- - Each attempt holds a single ref on task. +- - Each attempt may create new attempts by timing out (not a failure) so +- there are multiple attempts happening in parallel. +- - Upon failure an attempt will start a new attempt that steals its ref +- until there are no more attempts left and it drops its ref. +- - Upon success it will cancel all other attempts and continue on +- to the rest of the connection (tls, proxies, etc) which do not +- happen in parallel and at the very end drop its ref. +- - Upon cancellation an attempt drops its ref. +- */ ++ /* This function tries to match the behavior of g_socket_client_connect () ++ which is simple enough but much of it is done in parallel to be as responsive ++ as possible as per Happy Eyeballs (RFC 8305). This complicates flow quite a ++ bit but we can describe it in 3 sections: ++ ++ Firstly we have address enumeration (DNS): ++ - This may be triggered multiple times by enumerator_next_async(). ++ - It also has its own cancellable (data->enumeration_cancellable). ++ - Enumeration is done lazily because GNetworkAddressAddressEnumerator ++ also does work in parallel and may lazily add new addresses. ++ - If the first enumeration errors then the task errors. Otherwise all enumerations ++ will potentially be used (until task or enumeration is cancelled). ++ ++ Then we start attempting connections (TCP): ++ - Each connection is independent and kept in a ConnectionAttempt object. ++ - They each hold a ref on the main task and have their own cancellable. ++ - Multiple attempts may happen in parallel as per Happy Eyeballs. ++ - Upon failure or timeouts more connection attempts are made. ++ - If no connections succeed the task errors. ++ - Upon success they are kept in a list of successful connections. ++ ++ Lastly we connect at the application layer (TLS, Proxies): ++ - These are done in serial. ++ - The reasoning here is that Happy Eyeballs is about making bad connections responsive ++ at the IP/TCP layers. Issues at the application layer are generally not due to ++ connectivity issues but rather misconfiguration. ++ - Upon failure it will try the next TCP connection until it runs out and ++ the task errors. ++ - Upon success it cancels everything remaining (enumeration and connections) ++ and returns the connection. ++ */ + + data->task = g_task_new (client, cancellable, callback, user_data); + g_task_set_check_cancellable (data->task, FALSE); /* We handle this manually */ + g_task_set_source_tag (data->task, g_socket_client_connect_async); + g_task_set_task_data (data->task, data, (GDestroyNotify)g_socket_client_async_connect_data_free); + ++ data->enumeration_cancellable = g_cancellable_new (); ++ if (cancellable) ++ g_cancellable_connect (cancellable, G_CALLBACK (on_connection_cancelled), ++ g_object_ref (data->enumeration_cancellable), g_object_unref); ++ + enumerator_next_async (data, FALSE); + } + +@@ -1985,6 +2117,7 @@ g_socket_client_connect_to_uri_async (GSocketClient *client, + } + else + { ++ g_debug("g_socket_client_connect_to_uri_async"); + g_socket_client_connect_async (client, + connectable, cancellable, + callback, user_data); +-- +2.23.0 + diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb index 5aefa6ad8b..5be81a8f31 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb @@ -16,6 +16,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \ file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \ + file://CVE-2020-6750.patch \ " SRC_URI_append_class-native = " file://relocate-modules.patch" diff --git a/meta/recipes-core/glibc/glibc-testsuite_2.30.bb b/meta/recipes-core/glibc/glibc-testsuite_2.30.bb index 657fd4dbc1..d887aeff79 100644 --- a/meta/recipes-core/glibc/glibc-testsuite_2.30.bb +++ b/meta/recipes-core/glibc/glibc-testsuite_2.30.bb @@ -1,5 +1,7 @@ require glibc_${PV}.bb +EXCLUDE_FROM_WORLD = "1" + # handle PN differences FILESEXTRAPATHS_prepend := "${THISDIR}/glibc:" @@ -58,3 +60,4 @@ addtask do_check after do_compile inherit nopackages deltask do_stash_locale +deltask do_install diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-10029.patch b/meta/recipes-core/glibc/glibc/CVE-2020-10029.patch new file mode 100644 index 0000000000..606b691bcf --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2020-10029.patch @@ -0,0 +1,128 @@ +From ce265ec5bc25ec35fba53807abac1b0c8469895e Mon Sep 17 00:00:00 2001 +From: Joseph Myers <joseph@codesourcery.com> +Date: Wed, 12 Feb 2020 23:31:56 +0000 +Subject: [PATCH] Avoid ldbl-96 stack corruption from range reduction of + + pseudo-zero (bug 25487). + +Bug 25487 reports stack corruption in ldbl-96 sinl on a pseudo-zero +argument (an representation where all the significand bits, including +the explicit high bit, are zero, but the exponent is not zero, which +is not a valid representation for the long double type). + +Although this is not a valid long double representation, existing +practice in this area (see bug 4586, originally marked invalid but +subsequently fixed) is that we still seek to avoid invalid memory +accesses as a result, in case of programs that treat arbitrary binary +data as long double representations, although the invalid +representations of the ldbl-96 format do not need to be consistently +handled the same as any particular valid representation. + +This patch makes the range reduction detect pseudo-zero and unnormal +representations that would otherwise go to __kernel_rem_pio2, and +returns a NaN for them instead of continuing with the range reduction +process. (Pseudo-zero and unnormal representations whose unbiased +exponent is less than -1 have already been safely returned from the +function before this point without going through the rest of range +reduction.) Pseudo-zero representations would previously result in +the value passed to __kernel_rem_pio2 being all-zero, which is +definitely unsafe; unnormal representations would previously result in +a value passed whose high bit is zero, which might well be unsafe +since that is not a form of input expected by __kernel_rem_pio2. + +Tested for x86_64. + +CVE: CVE-2020-10029 +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=glibc.git; +a=patch;h=9333498794cde1d5cca518badf79533a24114b6f] +Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> + +--- + sysdeps/ieee754/ldbl-96/Makefile | 3 ++- + sysdeps/ieee754/ldbl-96/e_rem_pio2l.c | 12 +++++++++ + sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c | 41 ++++++++++++++++++++++++++++++ + 3 files changed, 55 insertions(+), 1 deletion(-) + create mode 100644 sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c + +diff --git a/sysdeps/ieee754/ldbl-96/Makefile b/sysdeps/ieee754/ldbl-96/Makefile +index b103254..052c1c7 100644 +--- a/sysdeps/ieee754/ldbl-96/Makefile ++++ b/sysdeps/ieee754/ldbl-96/Makefile +@@ -17,5 +17,6 @@ + # <http://www.gnu.org/licenses/>. + + ifeq ($(subdir),math) +-tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96 ++tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96 test-sinl-pseudo ++CFLAGS-test-sinl-pseudo.c += -fstack-protector-all + endif +diff --git a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c +index 805de22..1aeccb4 100644 +--- a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c ++++ b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c +@@ -210,6 +210,18 @@ __ieee754_rem_pio2l (long double x, long double *y) + return 0; + } + ++ if ((i0 & 0x80000000) == 0) ++ { ++ /* Pseudo-zero and unnormal representations are not valid ++ representations of long double. We need to avoid stack ++ corruption in __kernel_rem_pio2, which expects input in a ++ particular normal form, but those representations do not need ++ to be consistently handled like any particular floating-point ++ value. */ ++ y[1] = y[0] = __builtin_nanl (""); ++ return 0; ++ } ++ + /* Split the 64 bits of the mantissa into three 24-bit integers + stored in a double array. */ + exp = j0 - 23; +diff --git a/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c b/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c +new file mode 100644 +index 0000000..f59b977 +--- /dev/null ++++ b/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c +@@ -0,0 +1,41 @@ ++/* Test sinl for pseudo-zeros and unnormals for ldbl-96 (bug 25487). ++ Copyright (C) 2020 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#include <math.h> ++#include <math_ldbl.h> ++#include <stdint.h> ++ ++static int ++do_test (void) ++{ ++ for (int i = 0; i < 64; i++) ++ { ++ uint64_t sig = i == 63 ? 0 : 1ULL << i; ++ long double ld; ++ SET_LDOUBLE_WORDS (ld, 0x4141, ++ sig >> 32, sig & 0xffffffffULL); ++ /* The requirement is that no stack overflow occurs when the ++ pseudo-zero or unnormal goes through range reduction. */ ++ volatile long double ldr; ++ ldr = sinl (ld); ++ (void) ldr; ++ } ++ return 0; ++} ++ ++#include <support/test-driver.c> diff --git a/meta/recipes-core/glibc/glibc_2.30.bb b/meta/recipes-core/glibc/glibc_2.30.bb index 7913bc2812..c9e44a396d 100644 --- a/meta/recipes-core/glibc/glibc_2.30.bb +++ b/meta/recipes-core/glibc/glibc_2.30.bb @@ -42,6 +42,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0027-inject-file-assembly-directives.patch \ file://0028-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \ file://CVE-2019-19126.patch \ + file://CVE-2020-10029.patch \ " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}" diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb index 6c9049f9ff..0c57d2a9f9 100644 --- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -24,7 +24,7 @@ IMAGE_FSTYPES = "wic.vmdk" inherit core-image module-base setuptools3 -SRCREV ?= "cf0cefd53c5d4f72e26c74571a10e098996a1ff2" +SRCREV ?= "65d341daaf1edf7241b0ea518ef9beb4328f16e9" SRC_URI = "git://git.yoctoproject.org/poky;branch=zeus \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ diff --git a/meta/recipes-core/kbd/kbd/0001-configure.ac-Fix-logic-of-vlock-configure-switch.patch b/meta/recipes-core/kbd/kbd/0001-configure.ac-Fix-logic-of-vlock-configure-switch.patch new file mode 100644 index 0000000000..c3f068f61b --- /dev/null +++ b/meta/recipes-core/kbd/kbd/0001-configure.ac-Fix-logic-of-vlock-configure-switch.patch @@ -0,0 +1,31 @@ +From f7f357ef079b6d185f340e716d7c72a98d82bad0 Mon Sep 17 00:00:00 2001 +From: Garry Filakhtov <filakhtov@gmail.com> +Date: Fri, 20 Jul 2018 15:58:56 +0200 +Subject: [PATCH] configure.ac: Fix logic of vlock configure switch + +Downstream bug report: https://bugs.gentoo.org/661650 + +Upstream-Status: Backport [f7f357ef079b6d185f340e716d7c72a98d82bad0] + +Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> +Signed-off-by: De Huo <de.huo@windriver.com> +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 87eb63c..07098cf 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -119,7 +119,7 @@ AM_CONDITIONAL(BUILD_LIBKEYMAP, test "$BUILD_LIBKEYMAP" = "yes") + + AC_ARG_ENABLE(vlock, + AS_HELP_STRING(--disable-vlock, [do not build vlock]), +- [VLOCK_PROG=no],[VLOCK_PROG=yes]) ++ [VLOCK_PROG=$enableval],[VLOCK_PROG=yes]) + AM_CONDITIONAL(VLOCK, test "$VLOCK_PROG" = "yes") + + if test "$VLOCK_PROG" = "yes"; then +-- +2.23.0 + diff --git a/meta/recipes-core/kbd/kbd_2.0.4.bb b/meta/recipes-core/kbd/kbd_2.0.4.bb index 4af3256fff..47e76da2b4 100644 --- a/meta/recipes-core/kbd/kbd_2.0.4.bb +++ b/meta/recipes-core/kbd/kbd_2.0.4.bb @@ -13,6 +13,7 @@ RCONFLICTS_${PN} = "console-tools" SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/${BP}.tar.xz \ file://run-ptest \ ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'file://set-proper-path-of-resources.patch', '', d)} \ + file://0001-configure.ac-Fix-logic-of-vlock-configure-switch.patch \ " SRC_URI[md5sum] = "c1635a5a83b63aca7f97a3eab39ebaa6" @@ -58,7 +59,8 @@ RDEPENDS_${PN}-ptest = "make" inherit update-alternatives -ALTERNATIVE_${PN} = "chvt deallocvt fgconsole openvt showkey" +ALTERNATIVE_${PN} = "chvt deallocvt fgconsole openvt showkey \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'vlock','', d)}" ALTERNATIVE_PRIORITY = "100" BBCLASSEXTEND = "native" diff --git a/meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch b/meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch new file mode 100644 index 0000000000..4ee2d4fe62 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch @@ -0,0 +1,37 @@ +From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001 +From: Zhipeng Xie <xiezhipeng1@huawei.com> +Date: Tue, 20 Aug 2019 16:33:06 +0800 +Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream + +When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun +alloc a new schema for ctxt->schema and set vctxt->xsiAssemble +to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize +vctxt->xsiAssemble to 0 again which cause the alloced schema +can not be freed anymore. + +Found with libFuzzer. + +Upstream-Status: Accepted [https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a] +CVE: CVE-2019-20388 + +Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com> +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + xmlschemas.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/xmlschemas.c b/xmlschemas.c +index 301c8449..39d92182 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) { + vctxt->nberrors = 0; + vctxt->depth = -1; + vctxt->skipDepth = -1; +- vctxt->xsiAssemble = 0; + vctxt->hasKeyrefs = 0; + #ifdef ENABLE_IDC_NODE_TABLES_TEST + vctxt->createIDCNodeTables = 1; +-- +2.24.1 + diff --git a/meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch b/meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch new file mode 100644 index 0000000000..facfefd362 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch @@ -0,0 +1,36 @@ +From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001 +From: Zhipeng Xie <xiezhipeng1@huawei.com> +Date: Thu, 12 Dec 2019 17:30:55 +0800 +Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities + +When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef +return NULL which cause a infinite loop in xmlStringLenDecodeEntities + +Found with libFuzzer. + +Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com> + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076] +CVE: CVE-2020-7595 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + parser.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/parser.c b/parser.c +index d1c31963..a34bb6cd 100644 +--- a/parser.c ++++ b/parser.c +@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, + else + c = 0; + while ((c != 0) && (c != end) && /* non input consuming loop */ +- (c != end2) && (c != end3)) { ++ (c != end2) && (c != end3) && ++ (ctxt->instate != XML_PARSER_EOF)) { + + if (c == 0) break; + if ((c == '&') && (str[1] == '#')) { +-- +2.24.1 + diff --git a/meta/recipes-core/libxml/libxml2/Fix-CVE-2019-19956.patch b/meta/recipes-core/libxml/libxml2/Fix-CVE-2019-19956.patch new file mode 100644 index 0000000000..1c2dff9d5f --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/Fix-CVE-2019-19956.patch @@ -0,0 +1,40 @@ +From 5a02583c7e683896d84878bd90641d8d9b0d0549 Mon Sep 17 00:00:00 2001 +From: Zhipeng Xie <xiezhipeng1@huawei.com> +Date: Wed, 7 Aug 2019 17:39:17 +0800 +Subject: [PATCH] Fix memory leak in xmlParseBalancedChunkMemoryRecover + +When doc is NULL, namespace created in xmlTreeEnsureXMLDecl +is bind to newDoc->oldNs, in this case, set newDoc->oldNs to +NULL and free newDoc will cause a memory leak. + +Found with libFuzzer. + +Closes #82. + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549] +CVE: CVE-2019-19956 + +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + parser.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/parser.c b/parser.c +index 1ce1ccf1..26d9f4e3 100644 +--- a/parser.c ++++ b/parser.c +@@ -13894,7 +13894,8 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr doc, xmlSAXHandlerPtr sax, + xmlFreeParserCtxt(ctxt); + newDoc->intSubset = NULL; + newDoc->extSubset = NULL; +- newDoc->oldNs = NULL; ++ if(doc != NULL) ++ newDoc->oldNs = NULL; + xmlFreeDoc(newDoc); + + return(ret); +-- +2.24.1 + + diff --git a/meta/recipes-core/libxml/libxml2_2.9.9.bb b/meta/recipes-core/libxml/libxml2_2.9.9.bb index c38f883e44..1d898ab020 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.9.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.9.bb @@ -20,6 +20,9 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \ file://libxml-m4-use-pkgconfig.patch \ file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \ file://fix-execution-of-ptests.patch \ + file://Fix-CVE-2019-19956.patch \ + file://CVE-2020-7595.patch \ + file://CVE-2019-20388.patch \ " SRC_URI[libtar.md5sum] = "c04a5a0a042eaa157e8e8c9eabe76bd6" diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb index 91df6f1ae9..66201514d7 100644 --- a/meta/recipes-core/meta/buildtools-tarball.bb +++ b/meta/recipes-core/meta/buildtools-tarball.bb @@ -25,6 +25,7 @@ TOOLCHAIN_HOST_TASK ?= "\ nativesdk-texinfo \ nativesdk-libnss-nis \ nativesdk-rpcsvc-proto \ + nativesdk-patch \ " MULTIMACH_TARGET_SYS = "${SDK_ARCH}-nativesdk${SDK_VENDOR}-${SDK_OS}" diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 575254af40..1b4f31692b 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -122,7 +122,7 @@ def parse_node_and_insert(c, node, cveId): product = cpe23[4] version = cpe23[5] - if version != '*': + if version != '*' and version != '-': # Version is defined, this is a '=' match yield [cveId, vendor, product, version, '=', '', ''] else: diff --git a/meta/recipes-core/meta/dummy-sdk-package.inc b/meta/recipes-core/meta/dummy-sdk-package.inc index 4d653706b1..0d15a37c35 100644 --- a/meta/recipes-core/meta/dummy-sdk-package.inc +++ b/meta/recipes-core/meta/dummy-sdk-package.inc @@ -17,6 +17,9 @@ ALLOW_EMPTY_${PN} = "1" PR[vardeps] += "DUMMYPROVIDES" +DUMMYPROVIDES_PACKAGES ??= "" +DUMMYPROVIDES += "${@' '.join([multilib_pkg_extend(d, pkg) for pkg in d.getVar('DUMMYPROVIDES_PACKAGES').split()])}" + python populate_packages_prepend() { p = d.getVar("PN") d.appendVar("RPROVIDES_%s" % p, "${DUMMYPROVIDES}") diff --git a/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb b/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb index 6a8748acdf..5bc11b9daf 100644 --- a/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb +++ b/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb @@ -1,6 +1,6 @@ DUMMYARCH = "buildtools-dummy-${SDKPKGSUFFIX}" -DUMMYPROVIDES = "\ +DUMMYPROVIDES_PACKAGES = "\ nativesdk-perl \ nativesdk-libxml-parser-perl \ nativesdk-perl-module-bytes \ @@ -21,6 +21,9 @@ DUMMYPROVIDES = "\ nativesdk-perl-module-posix \ nativesdk-perl-module-thread-queue \ nativesdk-perl-module-threads \ +" + +DUMMYPROVIDES = "\ /usr/bin/perl \ " diff --git a/meta/recipes-core/meta/nativesdk-sdk-provides-dummy.bb b/meta/recipes-core/meta/nativesdk-sdk-provides-dummy.bb index b891efa5ef..29f4dd3633 100644 --- a/meta/recipes-core/meta/nativesdk-sdk-provides-dummy.bb +++ b/meta/recipes-core/meta/nativesdk-sdk-provides-dummy.bb @@ -1,10 +1,13 @@ DUMMYARCH = "sdk-provides-dummy-${SDKPKGSUFFIX}" +DUMMYPROVIDES_PACKAGES = "\ + pkgconfig \ +" + # Add /bin/sh? DUMMYPROVIDES = "\ /bin/bash \ /usr/bin/env \ - pkgconfig \ libGL.so()(64bit) \ libGL.so \ " diff --git a/meta/recipes-core/meta/target-sdk-provides-dummy.bb b/meta/recipes-core/meta/target-sdk-provides-dummy.bb index 87b8bfab9c..e3beeb796c 100644 --- a/meta/recipes-core/meta/target-sdk-provides-dummy.bb +++ b/meta/recipes-core/meta/target-sdk-provides-dummy.bb @@ -48,7 +48,6 @@ DUMMYPROVIDES_PACKAGES = "\ " DUMMYPROVIDES = "\ - ${@' '.join([multilib_pkg_extend(d, pkg) for pkg in d.getVar('DUMMYPROVIDES_PACKAGES').split()])} \ /bin/sh \ /bin/bash \ /usr/bin/env \ diff --git a/meta/recipes-core/ncurses/ncurses.inc b/meta/recipes-core/ncurses/ncurses.inc index 5f2cc35823..b7bf4c0d81 100644 --- a/meta/recipes-core/ncurses/ncurses.inc +++ b/meta/recipes-core/ncurses/ncurses.inc @@ -87,6 +87,7 @@ ncurses_configure() { --disable-rpath-hack \ ${EXCONFIG_ARGS} \ --with-manpage-format=normal \ + --without-manpage-renames \ --disable-stripping \ "$@" || return 1 cd .. diff --git a/meta/recipes-core/ncurses/ncurses_6.1+20190803.bb b/meta/recipes-core/ncurses/ncurses_6.1+20190803.bb index e638a3737c..c3a89f1c4f 100644 --- a/meta/recipes-core/ncurses/ncurses_6.1+20190803.bb +++ b/meta/recipes-core/ncurses/ncurses_6.1+20190803.bb @@ -10,3 +10,5 @@ SRCREV = "3c9b2677c96c645496997321bf2fe465a5e7e21f" S = "${WORKDIR}/git" EXTRA_OECONF += "--with-abi-version=5 --cache-file=${B}/config.cache" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+(\+\d+)*)" + +CVE_VERSION = "6.1.${@d.getVar("PV").split('+')[1]}" diff --git a/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb b/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb index bfc1283f73..39f612be1f 100644 --- a/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb +++ b/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb @@ -31,6 +31,7 @@ B = "${S}/src" inherit update-alternatives distro_features_check DEPENDS_append = " update-rc.d-native base-passwd virtual/crypt" +do_package_setscene[depends] = "${MLPREFIX}base-passwd:do_populate_sysroot" REQUIRED_DISTRO_FEATURES = "sysvinit" diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch new file mode 100644 index 0000000000..ba4e3a3c97 --- /dev/null +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch @@ -0,0 +1,49 @@ +From 71ba13755337e19c9a826dfc874562a36e1b24d3 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o <tytso@mit.edu> +Date: Thu, 19 Dec 2019 19:45:06 -0500 +Subject: [PATCH] e2fsck: don't try to rehash a deleted directory + +If directory has been deleted in pass1[bcd] processing, then we +shouldn't try to rehash the directory in pass 3a when we try to +rehash/reoptimize directories. + +Signed-off-by: Theodore Ts'o <tytso@mit.edu> + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba13755337e19c9a826dfc874562a36e1b24d3] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + e2fsck/pass1b.c | 4 ++++ + e2fsck/rehash.c | 2 ++ + 2 files changed, 6 insertions(+) + +diff --git a/e2fsck/pass1b.c b/e2fsck/pass1b.c +index 5693b9cf..bca701ca 100644 +--- a/e2fsck/pass1b.c ++++ b/e2fsck/pass1b.c +@@ -705,6 +705,10 @@ static void delete_file(e2fsck_t ctx, ext2_ino_t ino, + fix_problem(ctx, PR_1B_BLOCK_ITERATE, &pctx); + if (ctx->inode_bad_map) + ext2fs_unmark_inode_bitmap2(ctx->inode_bad_map, ino); ++ if (ctx->inode_reg_map) ++ ext2fs_unmark_inode_bitmap2(ctx->inode_reg_map, ino); ++ ext2fs_unmark_inode_bitmap2(ctx->inode_dir_map, ino); ++ ext2fs_unmark_inode_bitmap2(ctx->inode_used_map, ino); + ext2fs_inode_alloc_stats2(fs, ino, -1, LINUX_S_ISDIR(dp->inode.i_mode)); + quota_data_sub(ctx->qctx, &dp->inode, ino, + pb.dup_blocks * fs->blocksize); +diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c +index 3dd1e941..2c908be0 100644 +--- a/e2fsck/rehash.c ++++ b/e2fsck/rehash.c +@@ -1028,6 +1028,8 @@ void e2fsck_rehash_directories(e2fsck_t ctx) + if (!ext2fs_u32_list_iterate(iter, &ino)) + break; + } ++ if (!ext2fs_test_inode_bitmap2(ctx->inode_dir_map, ino)) ++ continue; + + pctx.dir = ino; + if (first) { +-- +2.24.1 + diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch new file mode 100644 index 0000000000..de4bce0037 --- /dev/null +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch @@ -0,0 +1,57 @@ +From 8dd73c149f418238f19791f9d666089ef9734dff Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o <tytso@mit.edu> +Date: Thu, 19 Dec 2019 19:37:34 -0500 +Subject: [PATCH] e2fsck: abort if there is a corrupted directory block when + rehashing + +In e2fsck pass 3a, when we are rehashing directories, at least in +theory, all of the directories should have had corruptions with +respect to directory entry structure fixed. However, it's possible +(for example, if the user declined a fix) that we can reach this stage +of processing with a corrupted directory entries. + +So check for that case and don't try to process a corrupted directory +block so we don't run into trouble in mutate_name() if there is a +zero-length file name. + +Addresses: TALOS-2019-0973 +Addresses: CVE-2019-5188 +Signed-off-by: Theodore Ts'o <tytso@mit.edu> + +CVE: CVE-2019-5188 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff] +--- + e2fsck/rehash.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c +index a5fc1be1..3dd1e941 100644 +--- a/e2fsck/rehash.c ++++ b/e2fsck/rehash.c +@@ -160,6 +160,10 @@ static int fill_dir_block(ext2_filsys fs, + dir_offset += rec_len; + if (dirent->inode == 0) + continue; ++ if ((name_len) == 0) { ++ fd->err = EXT2_ET_DIR_CORRUPTED; ++ return BLOCK_ABORT; ++ } + if (!fd->compress && (name_len == 1) && + (dirent->name[0] == '.')) + continue; +@@ -401,6 +405,11 @@ static int duplicate_search_and_fix(e2fsck_t ctx, ext2_filsys fs, + continue; + } + new_len = ext2fs_dirent_name_len(ent->dir); ++ if (new_len == 0) { ++ /* should never happen */ ++ ext2fs_unmark_valid(fs); ++ continue; ++ } + memcpy(new_name, ent->dir->name, new_len); + mutate_name(new_name, &new_len); + for (j=0; j < fd->num_array; j++) { +-- +2.24.1 + diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch new file mode 100644 index 0000000000..342a2b855b --- /dev/null +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch @@ -0,0 +1,76 @@ +From: Wang Shilong <wshilong@ddn.com> +Date: Mon, 30 Dec 2019 19:52:39 -0500 +Subject: e2fsck: fix use after free in calculate_tree() + +The problem is alloc_blocks() will call get_next_block() which might +reallocate outdir->buf, and memory address could be changed after +this. To fix this, pointers that point into outdir->buf, such as +int_limit and root need to be recaulated based on the new starting +address of outdir->buf. + +[ Changed to correctly recalculate int_limit, and to optimize how we + reallocate outdir->buf. -TYT ] + +Addresses-Debian-Bug: 948517 +Signed-off-by: Wang Shilong <wshilong@ddn.com> +Signed-off-by: Theodore Ts'o <tytso@mit.edu> +(cherry picked from commit 101e73e99ccafa0403fcb27dd7413033b587ca01) + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=101e73e99ccafa0403fcb27dd7413033b587ca01] +--- + e2fsck/rehash.c | 17 ++++++++++++++++- + 1 file changed, 16 insertions(+), 1 deletion(-) + +diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c +index 0a5888a9..2574e151 100644 +--- a/e2fsck/rehash.c ++++ b/e2fsck/rehash.c +@@ -295,7 +295,11 @@ static errcode_t get_next_block(ext2_filsys fs, struct out_dir *outdir, + errcode_t retval; + + if (outdir->num >= outdir->max) { +- retval = alloc_size_dir(fs, outdir, outdir->max + 50); ++ int increment = outdir->max / 10; ++ ++ if (increment < 50) ++ increment = 50; ++ retval = alloc_size_dir(fs, outdir, outdir->max + increment); + if (retval) + return retval; + } +@@ -637,6 +641,9 @@ static int alloc_blocks(ext2_filsys fs, + if (retval) + return retval; + ++ /* outdir->buf might be reallocated */ ++ *prev_ent = (struct ext2_dx_entry *) (outdir->buf + *prev_offset); ++ + *next_ent = set_int_node(fs, block_start); + *limit = (struct ext2_dx_countlimit *)(*next_ent); + if (next_offset) +@@ -726,6 +733,9 @@ static errcode_t calculate_tree(ext2_filsys fs, + return retval; + } + if (c3 == 0) { ++ int delta1 = (char *)int_limit - outdir->buf; ++ int delta2 = (char *)root - outdir->buf; ++ + retval = alloc_blocks(fs, &limit, &int_ent, + &dx_ent, &int_offset, + NULL, outdir, i, &c2, +@@ -733,6 +743,11 @@ static errcode_t calculate_tree(ext2_filsys fs, + if (retval) + return retval; + ++ /* outdir->buf might be reallocated */ ++ int_limit = (struct ext2_dx_countlimit *) ++ (outdir->buf + delta1); ++ root = (struct ext2_dx_entry *) ++ (outdir->buf + delta2); + } + dx_ent->block = ext2fs_cpu_to_le32(i); + if (c3 != limit->limit) +-- +2.24.1 + diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb index 14c05a446c..f81defb837 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb @@ -6,6 +6,9 @@ SRC_URI += "file://remove.ldconfig.call.patch \ file://mkdir_p.patch \ file://0001-misc-create_inode.c-set-dir-s-mode-correctly.patch \ file://CVE-2019-5094.patch \ + file://CVE-2019-5188.patch \ + file://0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch \ + file://e2fsck-fix-use-after-free-in-calculate_tree.patch \ " SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \ diff --git a/meta/recipes-devtools/gcc/gcc-9.2.inc b/meta/recipes-devtools/gcc/gcc-9.2.inc index c6395998d5..4f068231f3 100644 --- a/meta/recipes-devtools/gcc/gcc-9.2.inc +++ b/meta/recipes-devtools/gcc/gcc-9.2.inc @@ -68,6 +68,7 @@ SRC_URI = "\ file://CVE-2019-15847_1.patch \ file://CVE-2019-15847_2.patch \ file://CVE-2019-15847_3.patch \ + file://re-PR-target-91102-aarch64-ICE-on-Linux-kernel-with-.patch \ " S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}" SRC_URI[md5sum] = "3818ad8600447f05349098232c2ddc78" diff --git a/meta/recipes-devtools/gcc/gcc-9.2/re-PR-target-91102-aarch64-ICE-on-Linux-kernel-with-.patch b/meta/recipes-devtools/gcc/gcc-9.2/re-PR-target-91102-aarch64-ICE-on-Linux-kernel-with-.patch new file mode 100644 index 0000000000..c37e0bb9dd --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc-9.2/re-PR-target-91102-aarch64-ICE-on-Linux-kernel-with-.patch @@ -0,0 +1,95 @@ +From efb0ee06f5c0186c2d1442ecd4dbbd55dbd97b44 Mon Sep 17 00:00:00 2001 +From: Vladimir Makarov <vmakarov@redhat.com> +Date: Wed, 10 Jul 2019 16:07:10 +0000 +Subject: [PATCH] re PR target/91102 (aarch64 ICE on Linux kernel with -Os + starting with r270266) + +2019-07-10 Vladimir Makarov <vmakarov@redhat.com> + + PR target/91102 + * lra-constraints.c (process_alt_operands): Don't match user + defined regs only if they are early clobbers. + +2019-07-10 Vladimir Makarov <vmakarov@redhat.com> + + PR target/91102 + * gcc.target/aarch64/pr91102.c: New test. + +From-SVN: r273357 +Upstream-Status: Backport [https://github.com/gcc-mirror/gcc/commit/613caed2feb9cfc8158308670b59df3d031ec629] +[takondra: dropped conflicting ChangeLog changes] +Signed-off-by: Taras Kondratiuk <takondra@cisco.com> +--- + gcc/lra-constraints.c | 17 ++++++++++---- + gcc/testsuite/gcc.target/aarch64/pr91102.c | 26 ++++++++++++++++++++++ + 2 files changed, 39 insertions(+), 4 deletions(-) + create mode 100644 gcc/testsuite/gcc.target/aarch64/pr91102.c + +diff --git a/gcc/lra-constraints.c b/gcc/lra-constraints.c +index cf33da8013e4..6382dbf852b6 100644 +--- a/gcc/lra-constraints.c ++++ b/gcc/lra-constraints.c +@@ -2172,8 +2172,9 @@ process_alt_operands (int only_alternative) + else + { + /* Operands don't match. If the operands are +- different user defined explicit hard registers, +- then we cannot make them match. */ ++ different user defined explicit hard ++ registers, then we cannot make them match ++ when one is early clobber operand. */ + if ((REG_P (*curr_id->operand_loc[nop]) + || SUBREG_P (*curr_id->operand_loc[nop])) + && (REG_P (*curr_id->operand_loc[m]) +@@ -2192,9 +2193,17 @@ process_alt_operands (int only_alternative) + && REG_P (m_reg) + && HARD_REGISTER_P (m_reg) + && REG_USERVAR_P (m_reg)) +- break; ++ { ++ int i; ++ ++ for (i = 0; i < early_clobbered_regs_num; i++) ++ if (m == early_clobbered_nops[i]) ++ break; ++ if (i < early_clobbered_regs_num ++ || early_clobber_p) ++ break; ++ } + } +- + /* Both operands must allow a reload register, + otherwise we cannot make them match. */ + if (curr_alt[m] == NO_REGS) +diff --git a/gcc/testsuite/gcc.target/aarch64/pr91102.c b/gcc/testsuite/gcc.target/aarch64/pr91102.c +new file mode 100644 +index 000000000000..70b99045a48e +--- /dev/null ++++ b/gcc/testsuite/gcc.target/aarch64/pr91102.c +@@ -0,0 +1,26 @@ ++/* PR target/91102 */ ++/* { dg-do compile } */ ++/* { dg-options "-O2" } */ ++ ++int ++foo (long d, long l) ++{ ++ register long e asm ("x1") = d; ++ register long f asm("x2") = l; ++ asm ("" : : "r" (e), "r" (f)); ++ return 3; ++} ++ ++struct T { int i; int j; }; ++union S { long h; struct T t; }; ++ ++void ++bar (union S b) ++{ ++ while (1) ++ { ++ union S c = b; ++ c.t.j++; ++ b.h = foo (b.h, c.h); ++ } ++} diff --git a/meta/recipes-devtools/gcc/gcc-cross-canadian.inc b/meta/recipes-devtools/gcc/gcc-cross-canadian.inc index f14cbf7152..4aac345bec 100644 --- a/meta/recipes-devtools/gcc/gcc-cross-canadian.inc +++ b/meta/recipes-devtools/gcc/gcc-cross-canadian.inc @@ -158,7 +158,7 @@ SYSTEMLIBS1 = "${target_libdir}/" EXTRA_OECONF += "--enable-poison-system-directories" EXTRA_OECONF_remove_elf = "--with-sysroot=/not/exist" EXTRA_OECONF_remove_eabi = "--with-sysroot=/not/exist" -EXTRA_OECONF_append_elf = "--without-headers --with-newlib" -EXTRA_OECONF_append_eabi = "--without-headers --with-newlib" +EXTRA_OECONF_append_elf = " --without-headers --with-newlib" +EXTRA_OECONF_append_eabi = " --without-headers --with-newlib" # gcc 4.7 needs -isystem export ARCH_FLAGS_FOR_TARGET = "--sysroot=${STAGING_DIR_TARGET} -isystem=${target_includedir}" diff --git a/meta/recipes-devtools/gcc/gcc-cross.inc b/meta/recipes-devtools/gcc/gcc-cross.inc index 8855bb1f34..06ba3ccd15 100644 --- a/meta/recipes-devtools/gcc/gcc-cross.inc +++ b/meta/recipes-devtools/gcc/gcc-cross.inc @@ -61,6 +61,13 @@ do_compile () { export CXXFLAGS_FOR_TARGET="${TARGET_CXXFLAGS}" export LDFLAGS_FOR_TARGET="${TARGET_LDFLAGS}" + # Prevent native/host sysroot path from being used in configargs.h header, + # as it will be rewritten when used by other sysroots preventing support + # for gcc plugins + oe_runmake configure-gcc + sed -i 's@${STAGING_DIR_TARGET}@/host@g' ${B}/gcc/configargs.h + sed -i 's@${STAGING_DIR_HOST}@/host@g' ${B}/gcc/configargs.h + oe_runmake all-host configure-target-libgcc (cd ${B}/${TARGET_SYS}/libgcc; oe_runmake enable-execute-stack.c unwind.h md-unwind-support.h sfp-machine.h gthr-default.h) # now generate script to drive testing diff --git a/meta/recipes-devtools/gcc/gcc-runtime.inc b/meta/recipes-devtools/gcc/gcc-runtime.inc index 2da3c02ef0..536b18d97f 100644 --- a/meta/recipes-devtools/gcc/gcc-runtime.inc +++ b/meta/recipes-devtools/gcc/gcc-runtime.inc @@ -302,10 +302,6 @@ do_check() { # HACK: this works around the configure setting CXX with -nostd* args sed -i 's/-nostdinc++ -nostdlib++//g' $(find ${B} -name testsuite_flags | head -1) - # HACK: this works around the de-stashing changes to configargs.h, as well as recipe-sysroot changing the content - sed -i '/static const char configuration_arguments/d' ${B}/gcc/configargs.h - ${CC} -v 2>&1 | grep "^Configured with:" | \ - sed 's/Configured with: \(.*\)/static const char configuration_arguments[] = "\1";/g' >> ${B}/gcc/configargs.h if [ "${TOOLCHAIN_TEST_TARGET}" = "user" ]; then # qemu user has issues allocating large amounts of memory diff --git a/meta/recipes-devtools/gcc/gcc-target.inc b/meta/recipes-devtools/gcc/gcc-target.inc index bdc6ff658f..987e88d32c 100644 --- a/meta/recipes-devtools/gcc/gcc-target.inc +++ b/meta/recipes-devtools/gcc/gcc-target.inc @@ -137,6 +137,14 @@ FILES_${PN}-doc = "\ " do_compile () { + # Prevent full target sysroot path from being used in configargs.h header, + # as it will be rewritten when used by other sysroots preventing support + # for gcc plugins. Additionally the path is embeddeded into the output + # binary, this prevents building a reproducible binary. + oe_runmake configure-gcc + sed -i 's@${STAGING_DIR_TARGET}@/@g' ${B}/gcc/configargs.h + sed -i 's@${STAGING_DIR_HOST}@/@g' ${B}/gcc/configargs.h + oe_runmake all-host } diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils/0001-Switch-all-scripts-to-use-Python-3.x.patch b/meta/recipes-devtools/opkg-utils/opkg-utils/0001-Switch-all-scripts-to-use-Python-3.x.patch deleted file mode 100644 index 691ed50c2b..0000000000 --- a/meta/recipes-devtools/opkg-utils/opkg-utils/0001-Switch-all-scripts-to-use-Python-3.x.patch +++ /dev/null @@ -1,113 +0,0 @@ -From d42b23f4fb5d6bd58e92e995fe5befc76efbae0c Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Thu, 27 Apr 2017 15:47:58 +0300 -Subject: [PATCH] Switch all scripts to use Python 3.x - -Upstream-Status: Pending -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - makePackage | 2 +- - opkg-compare-indexes | 2 +- - opkg-graph-deps | 2 +- - opkg-list-fields | 2 +- - opkg-make-index | 2 +- - opkg-show-deps | 2 +- - opkg-unbuild | 2 +- - opkg-update-index | 2 +- - opkg.py | 2 +- - 9 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/makePackage b/makePackage -index 4bdfc56..02124dd 100755 ---- a/makePackage -+++ b/makePackage -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/env python3 - - # The general algorithm this program follows goes like this: - # Run tar to extract control from control.tar.gz from the package. -diff --git a/opkg-compare-indexes b/opkg-compare-indexes -index b60d20a..80c1263 100755 ---- a/opkg-compare-indexes -+++ b/opkg-compare-indexes -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - from __future__ import absolute_import - from __future__ import print_function - -diff --git a/opkg-graph-deps b/opkg-graph-deps -index 6653fd5..f1e376a 100755 ---- a/opkg-graph-deps -+++ b/opkg-graph-deps -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - from __future__ import absolute_import - from __future__ import print_function - -diff --git a/opkg-list-fields b/opkg-list-fields -index c14a90f..24f7955 100755 ---- a/opkg-list-fields -+++ b/opkg-list-fields -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - from __future__ import absolute_import - from __future__ import print_function - -diff --git a/opkg-make-index b/opkg-make-index -index 3f757f6..2988f9f 100755 ---- a/opkg-make-index -+++ b/opkg-make-index -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - """ - Utility to create opkg compatible indexes - """ - -diff --git a/opkg-show-deps b/opkg-show-deps -index 153f21e..4e18b4f 100755 ---- a/opkg-show-deps -+++ b/opkg-show-deps -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - from __future__ import absolute_import - from __future__ import print_function - -diff --git a/opkg-unbuild b/opkg-unbuild -index 4f36bec..57642c9 100755 ---- a/opkg-unbuild -+++ b/opkg-unbuild -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - from __future__ import absolute_import - from __future__ import print_function - -diff --git a/opkg-update-index b/opkg-update-index -index 341c1c2..7bff8a1 100755 ---- a/opkg-update-index -+++ b/opkg-update-index -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - from __future__ import absolute_import - - import sys, os -diff --git a/opkg.py b/opkg.py -index 2ecac8a..7e64de4 100644 ---- a/opkg.py -+++ b/opkg.py -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - # Copyright (C) 2001 Alexander S. Guy <a7r@andern.org> - # Andern Research Labs - # --- -2.11.0 - diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils/0001-opkg-build-clamp-mtimes-to-SOURCE_DATE_EPOCH.patch b/meta/recipes-devtools/opkg-utils/opkg-utils/0001-opkg-build-clamp-mtimes-to-SOURCE_DATE_EPOCH.patch deleted file mode 100644 index a181169d47..0000000000 --- a/meta/recipes-devtools/opkg-utils/opkg-utils/0001-opkg-build-clamp-mtimes-to-SOURCE_DATE_EPOCH.patch +++ /dev/null @@ -1,44 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 59da5577bf8df441c6ca958e50fcb83228702764 Mon Sep 17 00:00:00 2001 -From: Alejandro del Castillo <alejandro.delcastillo@ni.com> -Date: Thu, 12 Sep 2019 10:24:58 -0500 -Subject: [PATCH] opkg-build: clamp mtimes to SOURCE_DATE_EPOCH - -For reproducible builds, clamp mtimes bigger than SOURCE_DATE_EPOCH to -SOURCE_DATE_EPOCH (build generated files, usually). - -Fixes bugzilla 13450 - -Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com> -Signed-off-by: Ross Burton <ross.burton@intel.com> ---- - opkg-build | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/opkg-build b/opkg-build -index dcd2d68..2517a2b 100755 ---- a/opkg-build -+++ b/opkg-build -@@ -297,9 +297,16 @@ mkdir $tmp_dir - - build_date="${SOURCE_DATE_EPOCH:-$(date +%s)}" - -+mtime_args="" -+# --clamp-mtime requires tar > 1.28. Only use it if SOURCE_DATE_EPOCH is set, to avoid having a generic case dependency on tar > 1.28. -+# this setting will make sure files generated at build time have consistent mtimes, for reproducible builds. -+if [ ! -z "$SOURCE_DATE_EPOCH" ]; then -+ mtime_args="--mtime=@$build_date --clamp-mtime" -+fi -+ - ( cd $pkg_dir/$CONTROL && find . -type f > $tmp_dir/control_list ) - ( cd $pkg_dir && find . -path ./$CONTROL -prune -o -print > $tmp_dir/file_list ) --( cd $pkg_dir && tar $ogargs $tsortargs --no-recursion -c $tarformat -T $tmp_dir/file_list | $compressor $compressorargs > $tmp_dir/data.tar.$cext ) -+( cd $pkg_dir && tar $ogargs $tsortargs --no-recursion $mtime_args -c $tarformat -T $tmp_dir/file_list | $compressor $compressorargs > $tmp_dir/data.tar.$cext ) - ( cd $pkg_dir/$CONTROL && tar $ogargs $tsortargs --no-recursion --mtime=@$build_date -c $tarformat -T $tmp_dir/control_list | gzip $zipargs > $tmp_dir/control.tar.gz ) - rm $tmp_dir/file_list - rm $tmp_dir/control_list --- -2.20.1 - diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils/fix-reproducibility.patch b/meta/recipes-devtools/opkg-utils/opkg-utils/fix-reproducibility.patch new file mode 100644 index 0000000000..945979bc8a --- /dev/null +++ b/meta/recipes-devtools/opkg-utils/opkg-utils/fix-reproducibility.patch @@ -0,0 +1,32 @@ +Fix reproducibility issues in opkg-build + +There is a sorting problem with opkg-build where the ipk generated is depending +upon the order of files on disk. The reason is the --sort option to tar only +influences the orders of files tar reads, not those passed by the -T option. + +Add in a sort call to resolve this issue. To ensure consistent sorting we +also need to force to a specific locale (C) else the results are still not +deterministic. + +RP 2020/2/5 + +Upstream-Status: Submitted [https://groups.google.com/forum/#!topic/opkg-devel/YttZ73NLrYQ] +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: opkg-utils-0.4.2/opkg-build +=================================================================== +--- opkg-utils-0.4.2.orig/opkg-build ++++ opkg-utils-0.4.2/opkg-build +@@ -305,8 +305,10 @@ if [ ! -z "$SOURCE_DATE_EPOCH" ]; then + mtime_args="--mtime=@$build_date --clamp-mtime" + fi + +-( cd $pkg_dir/$CONTROL && find . -type f > $tmp_dir/control_list ) +-( cd $pkg_dir && find . -path ./$CONTROL -prune -o -path . -o -print > $tmp_dir/file_list ) ++export LANG=C ++export LC_ALL=C ++( cd $pkg_dir/$CONTROL && find . -type f | sort > $tmp_dir/control_list ) ++( cd $pkg_dir && find . -path ./$CONTROL -prune -o -path . -o -print | sort > $tmp_dir/file_list ) + ( cd $pkg_dir && tar $ogargs $tsortargs --no-recursion $mtime_args -c $tarformat -T $tmp_dir/file_list | $compressor $compressorargs > $tmp_dir/data.tar.$cext ) + ( cd $pkg_dir/$CONTROL && tar $ogargs $tsortargs --no-recursion --mtime=@$build_date -c $tarformat -T $tmp_dir/control_list | gzip $zipargs > $tmp_dir/control.tar.gz ) + rm $tmp_dir/file_list diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils/pipefail.patch b/meta/recipes-devtools/opkg-utils/opkg-utils/pipefail.patch deleted file mode 100644 index 55ddcc1fd2..0000000000 --- a/meta/recipes-devtools/opkg-utils/opkg-utils/pipefail.patch +++ /dev/null @@ -1,31 +0,0 @@ -We need opkg-build to fail if for example the tar command is passed invalid -options. Without this, we see silently created empty packaged where data.tar -is zero bytes in size. This creates hard to debug problems. - -An example is when reproducible builds are enabled and run on old hosts like -centos7 which has tar < 1.28: - -Subprocess output:tar: unrecognized option '--clamp-mtime' -Try `tar --help' or `tar --usage' for more information. - -Upstream-Status: Pending -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> - -Index: opkg-utils-0.4.1/opkg-build -=================================================================== ---- opkg-utils-0.4.1.orig/opkg-build -+++ opkg-utils-0.4.1/opkg-build -@@ -1,4 +1,4 @@ --#!/bin/sh -+#!/bin/bash - - : <<=cut - =head1 NAME -@@ -12,6 +12,7 @@ opkg-build - construct an .opk from a di - # Updated to work on Familiar Pre0.7rc1, with busybox tar. - # Note it Requires: binutils-ar (since the busybox ar can't create) - set -e -+set -o pipefail - - version=1.0 - diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils_0.4.1.bb b/meta/recipes-devtools/opkg-utils/opkg-utils_0.4.2.bb index eb6c7a3a6a..042eec7e0e 100644 --- a/meta/recipes-devtools/opkg-utils/opkg-utils_0.4.1.bb +++ b/meta/recipes-devtools/opkg-utils/opkg-utils_0.4.2.bb @@ -4,19 +4,16 @@ SECTION = "base" HOMEPAGE = "http://git.yoctoproject.org/cgit/cgit.cgi/opkg-utils" LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ - file://opkg.py;beginline=2;endline=18;md5=63ce9e6bcc445181cd9e4baf4b4ccc35" + file://opkg.py;beginline=2;endline=18;md5=ffa11ff3c15eb31c6a7ceaa00cc9f986" PROVIDES += "${@bb.utils.contains('PACKAGECONFIG', 'update-alternatives', 'virtual/update-alternatives', '', d)}" -SRC_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/${BPN}/snapshot/${BPN}-${PV}.tar.gz \ - file://0001-Switch-all-scripts-to-use-Python-3.x.patch \ - file://0001-opkg-build-clamp-mtimes-to-SOURCE_DATE_EPOCH.patch \ - file://pipefail.patch \ +SRC_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/${BPN}/snapshot/${BPN}-${PV}.tar.gz \ + file://fix-reproducibility.patch \ " UPSTREAM_CHECK_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/opkg-utils/refs/" - -SRC_URI[md5sum] = "8c140f835b694a0c27cfb23d2426a02b" -SRC_URI[sha256sum] = "9ea9efdd9fe13661ad251e3a2860c1c93045adcfaa6659c3e86d9748ecda3b6e" +SRC_URI[md5sum] = "cc210650644fcb9bba06ad5ec95a63ec" +SRC_URI[sha256sum] = "5929ad87d541789e0b82d626db01a1201ac48df6f49f2262fcfb86cf815e5d6c" TARGET_CC_ARCH += "${LDFLAGS}" diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb b/meta/recipes-devtools/patch/patch_2.7.6.bb index 5d7f55f8dc..b5897b357a 100644 --- a/meta/recipes-devtools/patch/patch_2.7.6.bb +++ b/meta/recipes-devtools/patch/patch_2.7.6.bb @@ -22,3 +22,6 @@ acpaths = "-I ${S}/m4 " PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'xattr', d)}" PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr," +PROVIDES_append_class-native = " patch-replacement-native" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-devtools/perl/files/0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch b/meta/recipes-devtools/perl/files/0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch new file mode 100644 index 0000000000..0f3a2c6327 --- /dev/null +++ b/meta/recipes-devtools/perl/files/0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch @@ -0,0 +1,27 @@ +From b0d53cfd785f64002128ac5eecc4aed0663d9c30 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Thu, 9 Jan 2020 17:26:55 +0100 +Subject: [PATCH] tests: adjust to correctly exclude unbuilt extensions + +Issue is reported here: +https://github.com/arsv/perl-cross/issues/85 + +Upstream-Status: Inappropriate [issue caused by perl-cross] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + t/TEST | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/t/TEST b/t/TEST +index a9c844f..8d3505f 100755 +--- a/t/TEST ++++ b/t/TEST +@@ -419,7 +419,7 @@ sub _tests_from_manifest { + while (<MANI>) { + if (m!^((?:cpan|dist|ext)/(\S+)/+(?:[^/\s]+\.t|test\.pl)|lib/\S+?(?:\.t|test\.pl))\s!) { + my $t = $1; +- my $extension = $2; ++ my $extension = $1."/".$2; + + # XXX Generates way too many error lines currently. Skip for + # v5.22 diff --git a/meta/recipes-devtools/perl/files/determinism.patch b/meta/recipes-devtools/perl/files/determinism.patch new file mode 100644 index 0000000000..ed4d06f5ec --- /dev/null +++ b/meta/recipes-devtools/perl/files/determinism.patch @@ -0,0 +1,81 @@ +Fixes to make the perl build reproducible: + +a) Remove the \n from configure_attr.sh since it gets quoted differently depending on + whether the shell is bash or dash which can cause the test result to be incorrect. + Reported upstream: https://github.com/arsv/perl-cross/issues/87 + +b) Sort the order of the module lists from configure_mods.sh since otherwise + the result isn't the same leading to makefile differences. + Reported upstream: https://github.com/arsv/perl-cross/issues/88 + +c) Sort the Encode::Byte byte_t.fnm file output (and the makefile depends whilst + there for good measure) + This needs to go to upstream perl (not done) + +d) Use bash for perl-cross configure since otherwise trnl gets set to "\n" with bash + and "" with dash + Reported upstream: https://github.com/arsv/perl-cross/issues/87 + +RP 2020/2/7 + +Upstream-Status: Pending [75% submitted] +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org + +Index: perl-5.30.1/cnf/configure_attr.sh +=================================================================== +--- perl-5.30.1.orig/cnf/configure_attr.sh ++++ perl-5.30.1/cnf/configure_attr.sh +@@ -131,7 +131,7 @@ if not hinted d_c99_variadic_macros 'sup + try_start + try_add '#include <stdio.h>' + try_add '#define foo(fmt, ...) printf(fmt, __VA_ARGS__)' +- try_add 'int main(void) { foo("%i\n", 1234); return 0; }' ++ try_add 'int main(void) { foo("%i", 1234); return 0; }' + try_compile + resdef d_c99_variadic_macros 'supported' 'missing' + fi +Index: perl-5.30.1/cnf/configure_mods.sh +=================================================================== +--- perl-5.30.1.orig/cnf/configure_mods.sh ++++ perl-5.30.1/cnf/configure_mods.sh +@@ -82,7 +82,7 @@ extonlyif() { + } + + definetrimspaces() { +- v=`echo "$2" | sed -r -e 's/\s+/ /g' -e 's/^\s+//' -e 's/\s+$//'` ++ v=`echo "$2" | sed -r -e 's/\s+/ /g' -e 's/^\s+//' -e 's/\s+$//' | xargs -n1 | LANG=C sort | xargs` + define $1 "$v" + } + +Index: perl-5.30.1/cpan/Encode/Byte/Makefile.PL +=================================================================== +--- perl-5.30.1.orig/cpan/Encode/Byte/Makefile.PL ++++ perl-5.30.1/cpan/Encode/Byte/Makefile.PL +@@ -171,7 +171,7 @@ sub postamble + my $lengthsofar = length($str); + my $continuator = ''; + $str .= "$table.c : $enc2xs Makefile.PL"; +- foreach my $file (@{$tables{$table}}) ++ foreach my $file (sort (@{$tables{$table}})) + { + $str .= $continuator.' '.$self->catfile($dir,$file); + if ( length($str)-$lengthsofar > 128*$numlines ) +@@ -189,7 +189,7 @@ sub postamble + qq{\n\t\$(PERL) $plib $enc2xs $ucopts -o \$\@ -f $table.fnm\n\n}; + open (FILELIST, ">$table.fnm") + || die "Could not open $table.fnm: $!"; +- foreach my $file (@{$tables{$table}}) ++ foreach my $file (sort (@{$tables{$table}})) + { + print FILELIST $self->catfile($dir,$file) . "\n"; + } +Index: perl-5.30.1/cnf/configure +=================================================================== +--- perl-5.30.1.orig/cnf/configure ++++ perl-5.30.1/cnf/configure +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + base=${0%/*}; test -z "$base" && base=. + diff --git a/meta/recipes-devtools/perl/files/encodefix.patch b/meta/recipes-devtools/perl/files/encodefix.patch new file mode 100644 index 0000000000..396ed0d53e --- /dev/null +++ b/meta/recipes-devtools/perl/files/encodefix.patch @@ -0,0 +1,20 @@ +The code is encoding host compiler parameters into target builds. Avoid +this for our target builds (patch is target specific, not native) + +Upstream-Status: Inappropriate [Cross compile hack] +RP 2020/2/18 +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: perl-5.30.1/cpan/Encode/bin/enc2xs +=================================================================== +--- perl-5.30.1.orig/cpan/Encode/bin/enc2xs ++++ perl-5.30.1/cpan/Encode/bin/enc2xs +@@ -195,7 +195,7 @@ sub compiler_info { + # above becomes false. + my $sized = $declaration && !($compat && !$pedantic); + +- return ($cpp, $static, $sized); ++ return (0, 1, 1); + } + + diff --git a/meta/recipes-devtools/perl/files/fix-setgroup.patch b/meta/recipes-devtools/perl/files/fix-setgroup.patch deleted file mode 100644 index 2b490e6067..0000000000 --- a/meta/recipes-devtools/perl/files/fix-setgroup.patch +++ /dev/null @@ -1,49 +0,0 @@ -Test script to reproduce the problem: - -#!/usr/bin/env perl -$) = "2 2"; -print $!; - -Result from perl 5.28 under strace: - -setgroups(1, [2]) = 0 -setresgid(-1, 2, -1) = 0 - -Result from perl 5.30 under strace: - -setgroups(1, [-1]) = -1 EINVAL (Invalid argument) -setresgid(-1, 2, -1) = 0 - -Patch which broke this upstream: -https://perl5.git.perl.org/perl.git/commitdiff/5d4a52b5c68a11bfc97c2e24806993b84a61eade - -Issue is that the new function changes the endptr to the end of the -scanned number and needs to be reset to the end of the string for -each iteration of the loop. - -[YOCTO #13391] - -RP -2019/6/14 -Upstream-Status: Pending - -Index: perl-5.30.0/mg.c -=================================================================== ---- perl-5.30.0.orig/mg.c -+++ perl-5.30.0/mg.c -@@ -3179,6 +3256,7 @@ Perl_magic_set(pTHX_ SV *sv, MAGIC *mg) - const char *p = SvPV_const(sv, len); - Groups_t *gary = NULL; - const char* endptr = p + len; -+ const char* realend = p + len; - UV uv; - #ifdef _SC_NGROUPS_MAX - int maxgrp = sysconf(_SC_NGROUPS_MAX); -@@ -3209,6 +3287,7 @@ Perl_magic_set(pTHX_ SV *sv, MAGIC *mg) - Newx(gary, i + 1, Groups_t); - else - Renew(gary, i + 1, Groups_t); -+ endptr = realend; - if (grok_atoUV(p, &uv, &endptr)) - gary[i] = (Groups_t)uv; - else { diff --git a/meta/recipes-devtools/perl/files/perl-configpm-switch.patch b/meta/recipes-devtools/perl/files/perl-configpm-switch.patch index 3c2cecb8c1..80ce4a6de7 100644 --- a/meta/recipes-devtools/perl/files/perl-configpm-switch.patch +++ b/meta/recipes-devtools/perl/files/perl-configpm-switch.patch @@ -1,4 +1,4 @@ -From 7f313cac31c55cbe62a4d0cdfa8321cc05a8eb3a Mon Sep 17 00:00:00 2001 +From 5120acaa2be5787d9657f6b91bc8ee3c2d664fbe Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Sun, 27 May 2007 21:04:11 +0000 Subject: [PATCH] perl: 5.8.7 -> 5.8.8 (from OE) @@ -20,7 +20,7 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/configpm b/configpm -index 09c4a3b..6a0a680 100755 +index c8de8bf..204613c 100755 --- a/configpm +++ b/configpm @@ -687,7 +687,7 @@ sub FETCH { diff --git a/meta/recipes-devtools/perl/files/racefix.patch b/meta/recipes-devtools/perl/files/racefix.patch new file mode 100644 index 0000000000..bac42d26ae --- /dev/null +++ b/meta/recipes-devtools/perl/files/racefix.patch @@ -0,0 +1,24 @@ +In our builds Config_heavy.pl sometimes has lines: +cwarnflags=XXX +ccstdflags=XXX +and sometimes does not. +The reason is that this information is pulled from cflags by configpm and yet +there is no dependency in the Makefile. Add one to fix this. + +Upstream-Status: Submitted [https://github.com/arsv/perl-cross/pull/89] +RP 2020/2/19 +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: perl-5.30.1/Makefile +=================================================================== +--- perl-5.30.1.orig/Makefile ++++ perl-5.30.1/Makefile +@@ -204,7 +204,7 @@ configpod: $(CONFIGPOD) + git_version.h lib/Config_git.pl: make_patchnum.pl | miniperl$X + ./miniperl_top make_patchnum.pl + +-lib/Config.pm lib/Config_heavy.pl lib/Config.pod: config.sh \ ++lib/Config.pm lib/Config_heavy.pl lib/Config.pod: config.sh cflags \ + lib/Config_git.pl Porting/Glossary | miniperl$X + ./miniperl_top configpm + diff --git a/meta/recipes-devtools/perl/liberror-perl_0.17028.bb b/meta/recipes-devtools/perl/liberror-perl_0.17029.bb index 8c6bbcba94..038808f0cd 100644 --- a/meta/recipes-devtools/perl/liberror-perl_0.17028.bb +++ b/meta/recipes-devtools/perl/liberror-perl_0.17029.bb @@ -32,8 +32,8 @@ RDEPENDS_${PN}-ptest += " \ SRC_URI = "http://cpan.metacpan.org/authors/id/S/SH/SHLOMIF/Error-${PV}.tar.gz" -SRC_URI[md5sum] = "ec3522c60a43a368f19c0f89e2205cb1" -SRC_URI[sha256sum] = "3ad85c5e58b31c8903006298424a51bba39f1840e324f5ae612eabc8b935e960" +SRC_URI[md5sum] = "6732b1c6207e4a9a3e2987c88368039a" +SRC_URI[sha256sum] = "1a23f7913032aed6d4b68321373a3899ca66590f4727391a091ec19c95bf7adc" S = "${WORKDIR}/Error-${PV}" diff --git a/meta/recipes-devtools/perl/libmodule-build-perl/run-ptest b/meta/recipes-devtools/perl/libmodule-build-perl/run-ptest index 0d63d1513b..d802781f9e 100644 --- a/meta/recipes-devtools/perl/libmodule-build-perl/run-ptest +++ b/meta/recipes-devtools/perl/libmodule-build-perl/run-ptest @@ -6,8 +6,6 @@ for case in `find t -type f -name '*.t'`; do cat $case.output if [ $ret -ne 0 ]; then echo "FAIL: ${case%.t}" - elif grep -i 'SKIP' $case.output; then - echo "SKIP: ${case%.t}" else echo "PASS: ${case%.t}" fi diff --git a/meta/recipes-devtools/perl/libmodule-build-perl_0.4229.bb b/meta/recipes-devtools/perl/libmodule-build-perl_0.4229.bb index f759f862fb..e3ba40d96c 100644 --- a/meta/recipes-devtools/perl/libmodule-build-perl_0.4229.bb +++ b/meta/recipes-devtools/perl/libmodule-build-perl_0.4229.bb @@ -36,7 +36,10 @@ do_patch[postfuncs] += "do_patch_module_build" do_install_ptest() { cp -r ${B}/inc ${D}${PTEST_PATH} cp -r ${B}/blib ${D}${PTEST_PATH} + cp -r ${B}/_build ${D}${PTEST_PATH} + cp -r ${B}/lib ${D}${PTEST_PATH} chown -R root:root ${D}${PTEST_PATH} + sed -i -e "s,'perl' => .*,'perl' => '/usr/bin/perl'\,,g" ${D}${PTEST_PATH}/_build/build_params } RDEPENDS_${PN} += " \ diff --git a/meta/recipes-devtools/perl/perl-ptest.inc b/meta/recipes-devtools/perl/perl-ptest.inc index 7152057762..98e3361fcc 100644 --- a/meta/recipes-devtools/perl/perl-ptest.inc +++ b/meta/recipes-devtools/perl/perl-ptest.inc @@ -42,6 +42,9 @@ do_install_ptest () { # Remove a useless timestamp... sed -i -e '/Autogenerated starting on/d' ${D}${PTEST_PATH}/lib/unicore/mktables.lst + + # Remove files with host-specific configuration for building native binaries + rm ${D}${PTEST_PATH}/Makefile.config ${D}${PTEST_PATH}/xconfig.h ${D}${PTEST_PATH}/xconfig.sh } python populate_packages_prepend() { diff --git a/meta/recipes-devtools/perl/perl_5.30.0.bb b/meta/recipes-devtools/perl/perl_5.30.1.bb index ba2a8437d4..32746c7095 100644 --- a/meta/recipes-devtools/perl/perl_5.30.0.bb +++ b/meta/recipes-devtools/perl/perl_5.30.1.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://Copying;md5=5b122a36d0f6dc55279a0ebc69f3c60b \ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \ - https://github.com/arsv/perl-cross/releases/download/1.3/perl-cross-1.3.tar.gz;name=perl-cross \ + https://github.com/arsv/perl-cross/releases/download/1.3.1/perl-cross-1.3.1.tar.gz;name=perl-cross \ file://perl-rdepends.txt \ file://0001-configure_tool.sh-do-not-quote-the-argument-to-comma.patch \ file://0001-ExtUtils-MakeMaker-add-LDFLAGS-when-linking-binary-m.patch \ @@ -18,18 +18,23 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \ file://0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch \ file://perl-dynloader.patch \ file://0001-configure_path.sh-do-not-hardcode-prefix-lib-as-libr.patch \ - file://fix-setgroup.patch \ file://0001-enc2xs-Add-environment-variable-to-suppress-comments.patch \ file://0002-Constant-Fix-up-shebang.patch \ + file://0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch \ + file://determinism.patch \ + file://racefix.patch \ " SRC_URI_append_class-native = " \ file://perl-configpm-switch.patch \ " +SRC_URI_append_class-target = " \ + file://encodefix.patch \ +" -SRC_URI[perl.md5sum] = "9770584cdf9b5631c38097645ce33549" -SRC_URI[perl.sha256sum] = "851213c754d98ccff042caa40ba7a796b2cee88c5325f121be5cbb61bbf975f2" -SRC_URI[perl-cross.md5sum] = "4dda3daf9c4fe42b3d6a5dd052852a48" -SRC_URI[perl-cross.sha256sum] = "49edea1ea2cd6c5c47386ca71beda8d150c748835781354dbe7f75b1df27e703" +SRC_URI[perl.md5sum] = "6438eb7b8db9bbde28e01086de376a46" +SRC_URI[perl.sha256sum] = "bf3d25571ff1ee94186177c2cdef87867fd6a14aa5a84f0b1fb7bf798f42f964" +SRC_URI[perl-cross.md5sum] = "1e463b105cfa56d251a86979af23e3a7" +SRC_URI[perl-cross.sha256sum] = "edce0b0c2f725e2db3f203d6d8e9f3f7161256f5d1590551e40694f21200141d" S = "${WORKDIR}/perl-${PV}" @@ -112,6 +117,14 @@ print(datetime.fromtimestamp($SOURCE_DATE_EPOCH, timezone.utc).strftime('%a %b % do_compile() { oe_runmake + # This isn't generated reliably so delete and re-generate. + # https://github.com/arsv/perl-cross/issues/86 + + if [ -e pod/perltoc.pod ]; then + bbnote Rebuilding perltoc.pod + rm -f pod/perltoc.pod + oe_runmake pod/perltoc.pod + fi } do_install() { @@ -135,6 +148,9 @@ do_install_append_class-target() { # This is used to substitute target configuration when running native perl via perl-configpm-switch.patch ln -s Config_heavy.pl ${D}${libdir}/perl5/${PV}/${TARGET_ARCH}-linux/Config_heavy-target.pl + # This contains host-specific information used for building miniperl (a helper executable built with host compiler) + # and therefore isn't reproducible. I believe the file isn't actually needed on target. + rm ${D}${libdir}/perl5/${PV}/${TARGET_ARCH}-linux/CORE/xconfig.h } do_install_append_class-nativesdk() { @@ -198,6 +214,7 @@ require perl-ptest.inc FILES_${PN} = "${bindir}/perl ${bindir}/perl.real ${bindir}/perl${PV} ${libdir}/libperl.so* \ ${libdir}/perl5/site_perl \ ${libdir}/perl5/${PV}/Config.pm \ + ${libdir}/perl5/${PV}/${TARGET_ARCH}-linux/Config.pm \ ${libdir}/perl5/${PV}/*/Config_git.pl \ ${libdir}/perl5/${PV}/*/Config_heavy-target.pl \ ${libdir}/perl5/config.sh \ @@ -206,6 +223,9 @@ FILES_${PN} = "${bindir}/perl ${bindir}/perl.real ${bindir}/perl${PV} ${libdir}/ ${libdir}/perl5/${PV}/warnings \ ${libdir}/perl5/${PV}/vars.pm \ ${libdir}/perl5/site_perl \ + ${libdir}/perl5/${PV}/ExtUtils/MANIFEST.SKIP \ + ${libdir}/perl5/${PV}/ExtUtils/xsubpp \ + ${libdir}/perl5/${PV}/ExtUtils/typemap \ " RPROVIDES_${PN} += "perl-module-strict perl-module-vars perl-module-config perl-module-warnings \ perl-module-warnings-register" @@ -216,9 +236,6 @@ FILES_${PN}-dev_append = " ${libdir}/perl5/${PV}/*/CORE" FILES_${PN}-doc_append = " ${libdir}/perl5/${PV}/Unicode/Collate/*.txt \ ${libdir}/perl5/${PV}/*/.packlist \ - ${libdir}/perl5/${PV}/ExtUtils/MANIFEST.SKIP \ - ${libdir}/perl5/${PV}/ExtUtils/xsubpp \ - ${libdir}/perl5/${PV}/ExtUtils/typemap \ ${libdir}/perl5/${PV}/Encode/encode.h \ " PACKAGES += "${PN}-misc" diff --git a/meta/recipes-devtools/pseudo/pseudo.inc b/meta/recipes-devtools/pseudo/pseudo.inc index 7ff8e449e9..50e30064bd 100644 --- a/meta/recipes-devtools/pseudo/pseudo.inc +++ b/meta/recipes-devtools/pseudo/pseudo.inc @@ -16,6 +16,7 @@ INSANE_SKIP_${PN}-dbg += "libdir" PROVIDES += "virtual/fakeroot" MAKEOPTS = "" +MAKEOPTS_class-native = "'RPATH=-Wl,--rpath=XORIGIN/../../../sqlite3-native/usr/lib/'" inherit siteinfo pkgconfig @@ -115,6 +116,7 @@ do_install () { } do_install_append_class-native () { + chrpath ${D}${bindir}/pseudo -r `chrpath ${D}${bindir}/pseudo | cut -d = -f 2 | sed s/XORIGIN/\\$ORIGIN/` install -d ${D}${sysconfdir} # The fallback files should never be modified install -m 444 ${WORKDIR}/fallback-passwd ${D}${sysconfdir}/passwd diff --git a/meta/recipes-devtools/python/python/python2-manifest.json b/meta/recipes-devtools/python/python/python2-manifest.json index eb52e862ab..fd98774d00 100644 --- a/meta/recipes-devtools/python/python/python2-manifest.json +++ b/meta/recipes-devtools/python/python/python2-manifest.json @@ -267,6 +267,7 @@ "${libdir}/python2.7/lib-dynload/xreadlines.so", "${libdir}/python2.7/linecache.py", "${libdir}/python2.7/new.py", + "${libdir}/python2.7/ntpath.py", "${libdir}/python2.7/os.py", "${libdir}/python2.7/platform.py", "${libdir}/python2.7/posixpath.py", diff --git a/meta/recipes-devtools/python/python3_3.7.6.bb b/meta/recipes-devtools/python/python3_3.7.7.bb index b33b7028d4..823eb2f8fd 100644 --- a/meta/recipes-devtools/python/python3_3.7.6.bb +++ b/meta/recipes-devtools/python/python3_3.7.7.bb @@ -3,7 +3,7 @@ HOMEPAGE = "http://www.python.org" LICENSE = "PSFv2" SECTION = "devel/python" -LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498" +LIC_FILES_CHKSUM = "file://LICENSE;md5=203a6dbc802ee896020a47161e759642" SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://run-ptest \ @@ -38,8 +38,8 @@ SRC_URI_append_class-nativesdk = " \ file://0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch \ " -SRC_URI[md5sum] = "c08fbee72ad5c2c95b0f4e44bf6fd72c" -SRC_URI[sha256sum] = "55a2cce72049f0794e9a11a84862e9039af9183603b78bc60d89539f82cf533f" +SRC_URI[md5sum] = "172c650156f7bea68ce31b2fd01fa766" +SRC_URI[sha256sum] = "06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index bb444b63d9..f451017f6d 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -29,7 +29,9 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \ file://CVE-2019-15890.patch \ file://CVE-2019-12068.patch \ - " + file://CVE-2020-1711.patch \ + file://CVE-2019-20382.patch \ + " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" SRC_URI[md5sum] = "cdf2b5ca52b9abac9bacb5842fa420f8" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-20382.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-20382.patch new file mode 100644 index 0000000000..183d100398 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-20382.patch @@ -0,0 +1,1018 @@ +From 6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0 Mon Sep 17 00:00:00 2001 +From: Li Qiang <liq3ea@163.com> +Date: Sat, 31 Aug 2019 08:39:22 -0700 +Subject: [PATCH] vnc: fix memory leak when vnc disconnect + +Currently when qemu receives a vnc connect, it creates a 'VncState' to +represent this connection. In 'vnc_worker_thread_loop' it creates a +local 'VncState'. The connection 'VcnState' and local 'VncState' exchange +data in 'vnc_async_encoding_start' and 'vnc_async_encoding_end'. +In 'zrle_compress_data' it calls 'deflateInit2' to allocate the libz library +opaque data. The 'VncState' used in 'zrle_compress_data' is the local +'VncState'. In 'vnc_zrle_clear' it calls 'deflateEnd' to free the libz +library opaque data. The 'VncState' used in 'vnc_zrle_clear' is the connection +'VncState'. In currently implementation there will be a memory leak when the +vnc disconnect. Following is the asan output backtrack: + +Direct leak of 29760 byte(s) in 5 object(s) allocated from: + 0 0xffffa67ef3c3 in __interceptor_calloc (/lib64/libasan.so.4+0xd33c3) + 1 0xffffa65071cb in g_malloc0 (/lib64/libglib-2.0.so.0+0x571cb) + 2 0xffffa5e968f7 in deflateInit2_ (/lib64/libz.so.1+0x78f7) + 3 0xaaaacec58613 in zrle_compress_data ui/vnc-enc-zrle.c:87 + 4 0xaaaacec58613 in zrle_send_framebuffer_update ui/vnc-enc-zrle.c:344 + 5 0xaaaacec34e77 in vnc_send_framebuffer_update ui/vnc.c:919 + 6 0xaaaacec5e023 in vnc_worker_thread_loop ui/vnc-jobs.c:271 + 7 0xaaaacec5e5e7 in vnc_worker_thread ui/vnc-jobs.c:340 + 8 0xaaaacee4d3c3 in qemu_thread_start util/qemu-thread-posix.c:502 + 9 0xffffa544e8bb in start_thread (/lib64/libpthread.so.0+0x78bb) + 10 0xffffa53965cb in thread_start (/lib64/libc.so.6+0xd55cb) + +This is because the opaque allocated in 'deflateInit2' is not freed in +'deflateEnd'. The reason is that the 'deflateEnd' calls 'deflateStateCheck' +and in the latter will check whether 's->strm != strm'(libz's data structure). +This check will be true so in 'deflateEnd' it just return 'Z_STREAM_ERROR' and +not free the data allocated in 'deflateInit2'. + +The reason this happens is that the 'VncState' contains the whole 'VncZrle', +so when calling 'deflateInit2', the 's->strm' will be the local address. +So 's->strm != strm' will be true. + +To fix this issue, we need to make 'zrle' of 'VncState' to be a pointer. +Then the connection 'VncState' and local 'VncState' exchange mechanism will +work as expection. The 'tight' of 'VncState' has the same issue, let's also turn +it to a pointer. + +Reported-by: Ying Fang <fangying1@huawei.com> +Signed-off-by: Li Qiang <liq3ea@163.com> +Message-id: 20190831153922.121308-1-liq3ea@163.com +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0] +CVE: CVE-2019-20382 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + +--- + ui/vnc-enc-tight.c | 219 +++++++++++++++++++++++++------------------------- + ui/vnc-enc-zlib.c | 11 +-- + ui/vnc-enc-zrle.c | 68 ++++++++-------- + ui/vnc-enc-zrle.inc.c | 2 +- + ui/vnc.c | 28 ++++--- + ui/vnc.h | 4 +- + 6 files changed, 170 insertions(+), 162 deletions(-) + +diff --git a/ui/vnc-enc-tight.c b/ui/vnc-enc-tight.c +index 9084c22..1e08518 100644 +--- a/ui/vnc-enc-tight.c ++++ b/ui/vnc-enc-tight.c +@@ -116,7 +116,7 @@ static int send_png_rect(VncState *vs, int x, int y, int w, int h, + + static bool tight_can_send_png_rect(VncState *vs, int w, int h) + { +- if (vs->tight.type != VNC_ENCODING_TIGHT_PNG) { ++ if (vs->tight->type != VNC_ENCODING_TIGHT_PNG) { + return false; + } + +@@ -144,7 +144,7 @@ tight_detect_smooth_image24(VncState *vs, int w, int h) + int pixels = 0; + int pix, left[3]; + unsigned int errors; +- unsigned char *buf = vs->tight.tight.buffer; ++ unsigned char *buf = vs->tight->tight.buffer; + + /* + * If client is big-endian, color samples begin from the second +@@ -215,7 +215,7 @@ tight_detect_smooth_image24(VncState *vs, int w, int h) + int pixels = 0; \ + int sample, sum, left[3]; \ + unsigned int errors; \ +- unsigned char *buf = vs->tight.tight.buffer; \ ++ unsigned char *buf = vs->tight->tight.buffer; \ + \ + endian = 0; /* FIXME */ \ + \ +@@ -296,8 +296,8 @@ static int + tight_detect_smooth_image(VncState *vs, int w, int h) + { + unsigned int errors; +- int compression = vs->tight.compression; +- int quality = vs->tight.quality; ++ int compression = vs->tight->compression; ++ int quality = vs->tight->quality; + + if (!vs->vd->lossy) { + return 0; +@@ -309,7 +309,7 @@ tight_detect_smooth_image(VncState *vs, int w, int h) + return 0; + } + +- if (vs->tight.quality != (uint8_t)-1) { ++ if (vs->tight->quality != (uint8_t)-1) { + if (w * h < VNC_TIGHT_JPEG_MIN_RECT_SIZE) { + return 0; + } +@@ -320,9 +320,9 @@ tight_detect_smooth_image(VncState *vs, int w, int h) + } + + if (vs->client_pf.bytes_per_pixel == 4) { +- if (vs->tight.pixel24) { ++ if (vs->tight->pixel24) { + errors = tight_detect_smooth_image24(vs, w, h); +- if (vs->tight.quality != (uint8_t)-1) { ++ if (vs->tight->quality != (uint8_t)-1) { + return (errors < tight_conf[quality].jpeg_threshold24); + } + return (errors < tight_conf[compression].gradient_threshold24); +@@ -352,7 +352,7 @@ tight_detect_smooth_image(VncState *vs, int w, int h) + uint##bpp##_t c0, c1, ci; \ + int i, n0, n1; \ + \ +- data = (uint##bpp##_t *)vs->tight.tight.buffer; \ ++ data = (uint##bpp##_t *)vs->tight->tight.buffer; \ + \ + c0 = data[0]; \ + i = 1; \ +@@ -423,9 +423,9 @@ static int tight_fill_palette(VncState *vs, int x, int y, + { + int max; + +- max = count / tight_conf[vs->tight.compression].idx_max_colors_divisor; ++ max = count / tight_conf[vs->tight->compression].idx_max_colors_divisor; + if (max < 2 && +- count >= tight_conf[vs->tight.compression].mono_min_rect_size) { ++ count >= tight_conf[vs->tight->compression].mono_min_rect_size) { + max = 2; + } + if (max >= 256) { +@@ -558,7 +558,7 @@ tight_filter_gradient24(VncState *vs, uint8_t *buf, int w, int h) + int x, y, c; + + buf32 = (uint32_t *)buf; +- memset(vs->tight.gradient.buffer, 0, w * 3 * sizeof(int)); ++ memset(vs->tight->gradient.buffer, 0, w * 3 * sizeof(int)); + + if (1 /* FIXME */) { + shift[0] = vs->client_pf.rshift; +@@ -575,7 +575,7 @@ tight_filter_gradient24(VncState *vs, uint8_t *buf, int w, int h) + upper[c] = 0; + here[c] = 0; + } +- prev = (int *)vs->tight.gradient.buffer; ++ prev = (int *)vs->tight->gradient.buffer; + for (x = 0; x < w; x++) { + pix32 = *buf32++; + for (c = 0; c < 3; c++) { +@@ -615,7 +615,7 @@ tight_filter_gradient24(VncState *vs, uint8_t *buf, int w, int h) + int prediction; \ + int x, y, c; \ + \ +- memset (vs->tight.gradient.buffer, 0, w * 3 * sizeof(int)); \ ++ memset(vs->tight->gradient.buffer, 0, w * 3 * sizeof(int)); \ + \ + endian = 0; /* FIXME */ \ + \ +@@ -631,7 +631,7 @@ tight_filter_gradient24(VncState *vs, uint8_t *buf, int w, int h) + upper[c] = 0; \ + here[c] = 0; \ + } \ +- prev = (int *)vs->tight.gradient.buffer; \ ++ prev = (int *)vs->tight->gradient.buffer; \ + for (x = 0; x < w; x++) { \ + pix = *buf; \ + if (endian) { \ +@@ -785,7 +785,7 @@ static void extend_solid_area(VncState *vs, int x, int y, int w, int h, + static int tight_init_stream(VncState *vs, int stream_id, + int level, int strategy) + { +- z_streamp zstream = &vs->tight.stream[stream_id]; ++ z_streamp zstream = &vs->tight->stream[stream_id]; + + if (zstream->opaque == NULL) { + int err; +@@ -803,15 +803,15 @@ static int tight_init_stream(VncState *vs, int stream_id, + return -1; + } + +- vs->tight.levels[stream_id] = level; ++ vs->tight->levels[stream_id] = level; + zstream->opaque = vs; + } + +- if (vs->tight.levels[stream_id] != level) { ++ if (vs->tight->levels[stream_id] != level) { + if (deflateParams(zstream, level, strategy) != Z_OK) { + return -1; + } +- vs->tight.levels[stream_id] = level; ++ vs->tight->levels[stream_id] = level; + } + return 0; + } +@@ -839,11 +839,11 @@ static void tight_send_compact_size(VncState *vs, size_t len) + static int tight_compress_data(VncState *vs, int stream_id, size_t bytes, + int level, int strategy) + { +- z_streamp zstream = &vs->tight.stream[stream_id]; ++ z_streamp zstream = &vs->tight->stream[stream_id]; + int previous_out; + + if (bytes < VNC_TIGHT_MIN_TO_COMPRESS) { +- vnc_write(vs, vs->tight.tight.buffer, vs->tight.tight.offset); ++ vnc_write(vs, vs->tight->tight.buffer, vs->tight->tight.offset); + return bytes; + } + +@@ -852,13 +852,13 @@ static int tight_compress_data(VncState *vs, int stream_id, size_t bytes, + } + + /* reserve memory in output buffer */ +- buffer_reserve(&vs->tight.zlib, bytes + 64); ++ buffer_reserve(&vs->tight->zlib, bytes + 64); + + /* set pointers */ +- zstream->next_in = vs->tight.tight.buffer; +- zstream->avail_in = vs->tight.tight.offset; +- zstream->next_out = vs->tight.zlib.buffer + vs->tight.zlib.offset; +- zstream->avail_out = vs->tight.zlib.capacity - vs->tight.zlib.offset; ++ zstream->next_in = vs->tight->tight.buffer; ++ zstream->avail_in = vs->tight->tight.offset; ++ zstream->next_out = vs->tight->zlib.buffer + vs->tight->zlib.offset; ++ zstream->avail_out = vs->tight->zlib.capacity - vs->tight->zlib.offset; + previous_out = zstream->avail_out; + zstream->data_type = Z_BINARY; + +@@ -868,14 +868,14 @@ static int tight_compress_data(VncState *vs, int stream_id, size_t bytes, + return -1; + } + +- vs->tight.zlib.offset = vs->tight.zlib.capacity - zstream->avail_out; ++ vs->tight->zlib.offset = vs->tight->zlib.capacity - zstream->avail_out; + /* ...how much data has actually been produced by deflate() */ + bytes = previous_out - zstream->avail_out; + + tight_send_compact_size(vs, bytes); +- vnc_write(vs, vs->tight.zlib.buffer, bytes); ++ vnc_write(vs, vs->tight->zlib.buffer, bytes); + +- buffer_reset(&vs->tight.zlib); ++ buffer_reset(&vs->tight->zlib); + + return bytes; + } +@@ -927,16 +927,17 @@ static int send_full_color_rect(VncState *vs, int x, int y, int w, int h) + + vnc_write_u8(vs, stream << 4); /* no flushing, no filter */ + +- if (vs->tight.pixel24) { +- tight_pack24(vs, vs->tight.tight.buffer, w * h, &vs->tight.tight.offset); ++ if (vs->tight->pixel24) { ++ tight_pack24(vs, vs->tight->tight.buffer, w * h, ++ &vs->tight->tight.offset); + bytes = 3; + } else { + bytes = vs->client_pf.bytes_per_pixel; + } + + bytes = tight_compress_data(vs, stream, w * h * bytes, +- tight_conf[vs->tight.compression].raw_zlib_level, +- Z_DEFAULT_STRATEGY); ++ tight_conf[vs->tight->compression].raw_zlib_level, ++ Z_DEFAULT_STRATEGY); + + return (bytes >= 0); + } +@@ -947,14 +948,14 @@ static int send_solid_rect(VncState *vs) + + vnc_write_u8(vs, VNC_TIGHT_FILL << 4); /* no flushing, no filter */ + +- if (vs->tight.pixel24) { +- tight_pack24(vs, vs->tight.tight.buffer, 1, &vs->tight.tight.offset); ++ if (vs->tight->pixel24) { ++ tight_pack24(vs, vs->tight->tight.buffer, 1, &vs->tight->tight.offset); + bytes = 3; + } else { + bytes = vs->client_pf.bytes_per_pixel; + } + +- vnc_write(vs, vs->tight.tight.buffer, bytes); ++ vnc_write(vs, vs->tight->tight.buffer, bytes); + return 1; + } + +@@ -963,7 +964,7 @@ static int send_mono_rect(VncState *vs, int x, int y, + { + ssize_t bytes; + int stream = 1; +- int level = tight_conf[vs->tight.compression].mono_zlib_level; ++ int level = tight_conf[vs->tight->compression].mono_zlib_level; + + #ifdef CONFIG_VNC_PNG + if (tight_can_send_png_rect(vs, w, h)) { +@@ -991,26 +992,26 @@ static int send_mono_rect(VncState *vs, int x, int y, + uint32_t buf[2] = {bg, fg}; + size_t ret = sizeof (buf); + +- if (vs->tight.pixel24) { ++ if (vs->tight->pixel24) { + tight_pack24(vs, (unsigned char*)buf, 2, &ret); + } + vnc_write(vs, buf, ret); + +- tight_encode_mono_rect32(vs->tight.tight.buffer, w, h, bg, fg); ++ tight_encode_mono_rect32(vs->tight->tight.buffer, w, h, bg, fg); + break; + } + case 2: + vnc_write(vs, &bg, 2); + vnc_write(vs, &fg, 2); +- tight_encode_mono_rect16(vs->tight.tight.buffer, w, h, bg, fg); ++ tight_encode_mono_rect16(vs->tight->tight.buffer, w, h, bg, fg); + break; + default: + vnc_write_u8(vs, bg); + vnc_write_u8(vs, fg); +- tight_encode_mono_rect8(vs->tight.tight.buffer, w, h, bg, fg); ++ tight_encode_mono_rect8(vs->tight->tight.buffer, w, h, bg, fg); + break; + } +- vs->tight.tight.offset = bytes; ++ vs->tight->tight.offset = bytes; + + bytes = tight_compress_data(vs, stream, bytes, level, Z_DEFAULT_STRATEGY); + return (bytes >= 0); +@@ -1040,7 +1041,7 @@ static void write_palette(int idx, uint32_t color, void *opaque) + static bool send_gradient_rect(VncState *vs, int x, int y, int w, int h) + { + int stream = 3; +- int level = tight_conf[vs->tight.compression].gradient_zlib_level; ++ int level = tight_conf[vs->tight->compression].gradient_zlib_level; + ssize_t bytes; + + if (vs->client_pf.bytes_per_pixel == 1) { +@@ -1050,23 +1051,23 @@ static bool send_gradient_rect(VncState *vs, int x, int y, int w, int h) + vnc_write_u8(vs, (stream | VNC_TIGHT_EXPLICIT_FILTER) << 4); + vnc_write_u8(vs, VNC_TIGHT_FILTER_GRADIENT); + +- buffer_reserve(&vs->tight.gradient, w * 3 * sizeof (int)); ++ buffer_reserve(&vs->tight->gradient, w * 3 * sizeof(int)); + +- if (vs->tight.pixel24) { +- tight_filter_gradient24(vs, vs->tight.tight.buffer, w, h); ++ if (vs->tight->pixel24) { ++ tight_filter_gradient24(vs, vs->tight->tight.buffer, w, h); + bytes = 3; + } else if (vs->client_pf.bytes_per_pixel == 4) { +- tight_filter_gradient32(vs, (uint32_t *)vs->tight.tight.buffer, w, h); ++ tight_filter_gradient32(vs, (uint32_t *)vs->tight->tight.buffer, w, h); + bytes = 4; + } else { +- tight_filter_gradient16(vs, (uint16_t *)vs->tight.tight.buffer, w, h); ++ tight_filter_gradient16(vs, (uint16_t *)vs->tight->tight.buffer, w, h); + bytes = 2; + } + +- buffer_reset(&vs->tight.gradient); ++ buffer_reset(&vs->tight->gradient); + + bytes = w * h * bytes; +- vs->tight.tight.offset = bytes; ++ vs->tight->tight.offset = bytes; + + bytes = tight_compress_data(vs, stream, bytes, + level, Z_FILTERED); +@@ -1077,7 +1078,7 @@ static int send_palette_rect(VncState *vs, int x, int y, + int w, int h, VncPalette *palette) + { + int stream = 2; +- int level = tight_conf[vs->tight.compression].idx_zlib_level; ++ int level = tight_conf[vs->tight->compression].idx_zlib_level; + int colors; + ssize_t bytes; + +@@ -1104,12 +1105,12 @@ static int send_palette_rect(VncState *vs, int x, int y, + palette_iter(palette, write_palette, &priv); + vnc_write(vs, header, sizeof(header)); + +- if (vs->tight.pixel24) { ++ if (vs->tight->pixel24) { + tight_pack24(vs, vs->output.buffer + old_offset, colors, &offset); + vs->output.offset = old_offset + offset; + } + +- tight_encode_indexed_rect32(vs->tight.tight.buffer, w * h, palette); ++ tight_encode_indexed_rect32(vs->tight->tight.buffer, w * h, palette); + break; + } + case 2: +@@ -1119,7 +1120,7 @@ static int send_palette_rect(VncState *vs, int x, int y, + + palette_iter(palette, write_palette, &priv); + vnc_write(vs, header, sizeof(header)); +- tight_encode_indexed_rect16(vs->tight.tight.buffer, w * h, palette); ++ tight_encode_indexed_rect16(vs->tight->tight.buffer, w * h, palette); + break; + } + default: +@@ -1127,7 +1128,7 @@ static int send_palette_rect(VncState *vs, int x, int y, + break; + } + bytes = w * h; +- vs->tight.tight.offset = bytes; ++ vs->tight->tight.offset = bytes; + + bytes = tight_compress_data(vs, stream, bytes, + level, Z_DEFAULT_STRATEGY); +@@ -1146,7 +1147,7 @@ static int send_palette_rect(VncState *vs, int x, int y, + static void jpeg_init_destination(j_compress_ptr cinfo) + { + VncState *vs = cinfo->client_data; +- Buffer *buffer = &vs->tight.jpeg; ++ Buffer *buffer = &vs->tight->jpeg; + + cinfo->dest->next_output_byte = (JOCTET *)buffer->buffer + buffer->offset; + cinfo->dest->free_in_buffer = (size_t)(buffer->capacity - buffer->offset); +@@ -1156,7 +1157,7 @@ static void jpeg_init_destination(j_compress_ptr cinfo) + static boolean jpeg_empty_output_buffer(j_compress_ptr cinfo) + { + VncState *vs = cinfo->client_data; +- Buffer *buffer = &vs->tight.jpeg; ++ Buffer *buffer = &vs->tight->jpeg; + + buffer->offset = buffer->capacity; + buffer_reserve(buffer, 2048); +@@ -1168,7 +1169,7 @@ static boolean jpeg_empty_output_buffer(j_compress_ptr cinfo) + static void jpeg_term_destination(j_compress_ptr cinfo) + { + VncState *vs = cinfo->client_data; +- Buffer *buffer = &vs->tight.jpeg; ++ Buffer *buffer = &vs->tight->jpeg; + + buffer->offset = buffer->capacity - cinfo->dest->free_in_buffer; + } +@@ -1187,7 +1188,7 @@ static int send_jpeg_rect(VncState *vs, int x, int y, int w, int h, int quality) + return send_full_color_rect(vs, x, y, w, h); + } + +- buffer_reserve(&vs->tight.jpeg, 2048); ++ buffer_reserve(&vs->tight->jpeg, 2048); + + cinfo.err = jpeg_std_error(&jerr); + jpeg_create_compress(&cinfo); +@@ -1222,9 +1223,9 @@ static int send_jpeg_rect(VncState *vs, int x, int y, int w, int h, int quality) + + vnc_write_u8(vs, VNC_TIGHT_JPEG << 4); + +- tight_send_compact_size(vs, vs->tight.jpeg.offset); +- vnc_write(vs, vs->tight.jpeg.buffer, vs->tight.jpeg.offset); +- buffer_reset(&vs->tight.jpeg); ++ tight_send_compact_size(vs, vs->tight->jpeg.offset); ++ vnc_write(vs, vs->tight->jpeg.buffer, vs->tight->jpeg.offset); ++ buffer_reset(&vs->tight->jpeg); + + return 1; + } +@@ -1240,7 +1241,7 @@ static void write_png_palette(int idx, uint32_t pix, void *opaque) + VncState *vs = priv->vs; + png_colorp color = &priv->png_palette[idx]; + +- if (vs->tight.pixel24) ++ if (vs->tight->pixel24) + { + color->red = (pix >> vs->client_pf.rshift) & vs->client_pf.rmax; + color->green = (pix >> vs->client_pf.gshift) & vs->client_pf.gmax; +@@ -1267,10 +1268,10 @@ static void png_write_data(png_structp png_ptr, png_bytep data, + { + VncState *vs = png_get_io_ptr(png_ptr); + +- buffer_reserve(&vs->tight.png, vs->tight.png.offset + length); +- memcpy(vs->tight.png.buffer + vs->tight.png.offset, data, length); ++ buffer_reserve(&vs->tight->png, vs->tight->png.offset + length); ++ memcpy(vs->tight->png.buffer + vs->tight->png.offset, data, length); + +- vs->tight.png.offset += length; ++ vs->tight->png.offset += length; + } + + static void png_flush_data(png_structp png_ptr) +@@ -1295,8 +1296,8 @@ static int send_png_rect(VncState *vs, int x, int y, int w, int h, + png_infop info_ptr; + png_colorp png_palette = NULL; + pixman_image_t *linebuf; +- int level = tight_png_conf[vs->tight.compression].png_zlib_level; +- int filters = tight_png_conf[vs->tight.compression].png_filters; ++ int level = tight_png_conf[vs->tight->compression].png_zlib_level; ++ int filters = tight_png_conf[vs->tight->compression].png_filters; + uint8_t *buf; + int dy; + +@@ -1340,21 +1341,23 @@ static int send_png_rect(VncState *vs, int x, int y, int w, int h, + png_set_PLTE(png_ptr, info_ptr, png_palette, palette_size(palette)); + + if (vs->client_pf.bytes_per_pixel == 4) { +- tight_encode_indexed_rect32(vs->tight.tight.buffer, w * h, palette); ++ tight_encode_indexed_rect32(vs->tight->tight.buffer, w * h, ++ palette); + } else { +- tight_encode_indexed_rect16(vs->tight.tight.buffer, w * h, palette); ++ tight_encode_indexed_rect16(vs->tight->tight.buffer, w * h, ++ palette); + } + } + + png_write_info(png_ptr, info_ptr); + +- buffer_reserve(&vs->tight.png, 2048); ++ buffer_reserve(&vs->tight->png, 2048); + linebuf = qemu_pixman_linebuf_create(PIXMAN_BE_r8g8b8, w); + buf = (uint8_t *)pixman_image_get_data(linebuf); + for (dy = 0; dy < h; dy++) + { + if (color_type == PNG_COLOR_TYPE_PALETTE) { +- memcpy(buf, vs->tight.tight.buffer + (dy * w), w); ++ memcpy(buf, vs->tight->tight.buffer + (dy * w), w); + } else { + qemu_pixman_linebuf_fill(linebuf, vs->vd->server, w, x, y + dy); + } +@@ -1372,27 +1375,27 @@ static int send_png_rect(VncState *vs, int x, int y, int w, int h, + + vnc_write_u8(vs, VNC_TIGHT_PNG << 4); + +- tight_send_compact_size(vs, vs->tight.png.offset); +- vnc_write(vs, vs->tight.png.buffer, vs->tight.png.offset); +- buffer_reset(&vs->tight.png); ++ tight_send_compact_size(vs, vs->tight->png.offset); ++ vnc_write(vs, vs->tight->png.buffer, vs->tight->png.offset); ++ buffer_reset(&vs->tight->png); + return 1; + } + #endif /* CONFIG_VNC_PNG */ + + static void vnc_tight_start(VncState *vs) + { +- buffer_reset(&vs->tight.tight); ++ buffer_reset(&vs->tight->tight); + + // make the output buffer be the zlib buffer, so we can compress it later +- vs->tight.tmp = vs->output; +- vs->output = vs->tight.tight; ++ vs->tight->tmp = vs->output; ++ vs->output = vs->tight->tight; + } + + static void vnc_tight_stop(VncState *vs) + { + // switch back to normal output/zlib buffers +- vs->tight.tight = vs->output; +- vs->output = vs->tight.tmp; ++ vs->tight->tight = vs->output; ++ vs->output = vs->tight->tmp; + } + + static int send_sub_rect_nojpeg(VncState *vs, int x, int y, int w, int h, +@@ -1426,9 +1429,9 @@ static int send_sub_rect_jpeg(VncState *vs, int x, int y, int w, int h, + int ret; + + if (colors == 0) { +- if (force || (tight_jpeg_conf[vs->tight.quality].jpeg_full && ++ if (force || (tight_jpeg_conf[vs->tight->quality].jpeg_full && + tight_detect_smooth_image(vs, w, h))) { +- int quality = tight_conf[vs->tight.quality].jpeg_quality; ++ int quality = tight_conf[vs->tight->quality].jpeg_quality; + + ret = send_jpeg_rect(vs, x, y, w, h, quality); + } else { +@@ -1440,9 +1443,9 @@ static int send_sub_rect_jpeg(VncState *vs, int x, int y, int w, int h, + ret = send_mono_rect(vs, x, y, w, h, bg, fg); + } else if (colors <= 256) { + if (force || (colors > 96 && +- tight_jpeg_conf[vs->tight.quality].jpeg_idx && ++ tight_jpeg_conf[vs->tight->quality].jpeg_idx && + tight_detect_smooth_image(vs, w, h))) { +- int quality = tight_conf[vs->tight.quality].jpeg_quality; ++ int quality = tight_conf[vs->tight->quality].jpeg_quality; + + ret = send_jpeg_rect(vs, x, y, w, h, quality); + } else { +@@ -1480,20 +1483,20 @@ static int send_sub_rect(VncState *vs, int x, int y, int w, int h) + qemu_thread_atexit_add(&vnc_tight_cleanup_notifier); + } + +- vnc_framebuffer_update(vs, x, y, w, h, vs->tight.type); ++ vnc_framebuffer_update(vs, x, y, w, h, vs->tight->type); + + vnc_tight_start(vs); + vnc_raw_send_framebuffer_update(vs, x, y, w, h); + vnc_tight_stop(vs); + + #ifdef CONFIG_VNC_JPEG +- if (!vs->vd->non_adaptive && vs->tight.quality != (uint8_t)-1) { ++ if (!vs->vd->non_adaptive && vs->tight->quality != (uint8_t)-1) { + double freq = vnc_update_freq(vs, x, y, w, h); + +- if (freq < tight_jpeg_conf[vs->tight.quality].jpeg_freq_min) { ++ if (freq < tight_jpeg_conf[vs->tight->quality].jpeg_freq_min) { + allow_jpeg = false; + } +- if (freq >= tight_jpeg_conf[vs->tight.quality].jpeg_freq_threshold) { ++ if (freq >= tight_jpeg_conf[vs->tight->quality].jpeg_freq_threshold) { + force_jpeg = true; + vnc_sent_lossy_rect(vs, x, y, w, h); + } +@@ -1503,7 +1506,7 @@ static int send_sub_rect(VncState *vs, int x, int y, int w, int h) + colors = tight_fill_palette(vs, x, y, w * h, &bg, &fg, color_count_palette); + + #ifdef CONFIG_VNC_JPEG +- if (allow_jpeg && vs->tight.quality != (uint8_t)-1) { ++ if (allow_jpeg && vs->tight->quality != (uint8_t)-1) { + ret = send_sub_rect_jpeg(vs, x, y, w, h, bg, fg, colors, + color_count_palette, force_jpeg); + } else { +@@ -1520,7 +1523,7 @@ static int send_sub_rect(VncState *vs, int x, int y, int w, int h) + + static int send_sub_rect_solid(VncState *vs, int x, int y, int w, int h) + { +- vnc_framebuffer_update(vs, x, y, w, h, vs->tight.type); ++ vnc_framebuffer_update(vs, x, y, w, h, vs->tight->type); + + vnc_tight_start(vs); + vnc_raw_send_framebuffer_update(vs, x, y, w, h); +@@ -1538,8 +1541,8 @@ static int send_rect_simple(VncState *vs, int x, int y, int w, int h, + int rw, rh; + int n = 0; + +- max_size = tight_conf[vs->tight.compression].max_rect_size; +- max_width = tight_conf[vs->tight.compression].max_rect_width; ++ max_size = tight_conf[vs->tight->compression].max_rect_size; ++ max_width = tight_conf[vs->tight->compression].max_rect_width; + + if (split && (w > max_width || w * h > max_size)) { + max_sub_width = (w > max_width) ? max_width : w; +@@ -1648,16 +1651,16 @@ static int tight_send_framebuffer_update(VncState *vs, int x, int y, + + if (vs->client_pf.bytes_per_pixel == 4 && vs->client_pf.rmax == 0xFF && + vs->client_pf.bmax == 0xFF && vs->client_pf.gmax == 0xFF) { +- vs->tight.pixel24 = true; ++ vs->tight->pixel24 = true; + } else { +- vs->tight.pixel24 = false; ++ vs->tight->pixel24 = false; + } + + #ifdef CONFIG_VNC_JPEG +- if (vs->tight.quality != (uint8_t)-1) { ++ if (vs->tight->quality != (uint8_t)-1) { + double freq = vnc_update_freq(vs, x, y, w, h); + +- if (freq > tight_jpeg_conf[vs->tight.quality].jpeg_freq_threshold) { ++ if (freq > tight_jpeg_conf[vs->tight->quality].jpeg_freq_threshold) { + return send_rect_simple(vs, x, y, w, h, false); + } + } +@@ -1669,8 +1672,8 @@ static int tight_send_framebuffer_update(VncState *vs, int x, int y, + + /* Calculate maximum number of rows in one non-solid rectangle. */ + +- max_rows = tight_conf[vs->tight.compression].max_rect_size; +- max_rows /= MIN(tight_conf[vs->tight.compression].max_rect_width, w); ++ max_rows = tight_conf[vs->tight->compression].max_rect_size; ++ max_rows /= MIN(tight_conf[vs->tight->compression].max_rect_width, w); + + return find_large_solid_color_rect(vs, x, y, w, h, max_rows); + } +@@ -1678,33 +1681,33 @@ static int tight_send_framebuffer_update(VncState *vs, int x, int y, + int vnc_tight_send_framebuffer_update(VncState *vs, int x, int y, + int w, int h) + { +- vs->tight.type = VNC_ENCODING_TIGHT; ++ vs->tight->type = VNC_ENCODING_TIGHT; + return tight_send_framebuffer_update(vs, x, y, w, h); + } + + int vnc_tight_png_send_framebuffer_update(VncState *vs, int x, int y, + int w, int h) + { +- vs->tight.type = VNC_ENCODING_TIGHT_PNG; ++ vs->tight->type = VNC_ENCODING_TIGHT_PNG; + return tight_send_framebuffer_update(vs, x, y, w, h); + } + + void vnc_tight_clear(VncState *vs) + { + int i; +- for (i=0; i<ARRAY_SIZE(vs->tight.stream); i++) { +- if (vs->tight.stream[i].opaque) { +- deflateEnd(&vs->tight.stream[i]); ++ for (i = 0; i < ARRAY_SIZE(vs->tight->stream); i++) { ++ if (vs->tight->stream[i].opaque) { ++ deflateEnd(&vs->tight->stream[i]); + } + } + +- buffer_free(&vs->tight.tight); +- buffer_free(&vs->tight.zlib); +- buffer_free(&vs->tight.gradient); ++ buffer_free(&vs->tight->tight); ++ buffer_free(&vs->tight->zlib); ++ buffer_free(&vs->tight->gradient); + #ifdef CONFIG_VNC_JPEG +- buffer_free(&vs->tight.jpeg); ++ buffer_free(&vs->tight->jpeg); + #endif + #ifdef CONFIG_VNC_PNG +- buffer_free(&vs->tight.png); ++ buffer_free(&vs->tight->png); + #endif + } +diff --git a/ui/vnc-enc-zlib.c b/ui/vnc-enc-zlib.c +index 33e9df2..900ae5b 100644 +--- a/ui/vnc-enc-zlib.c ++++ b/ui/vnc-enc-zlib.c +@@ -76,7 +76,8 @@ static int vnc_zlib_stop(VncState *vs) + zstream->zalloc = vnc_zlib_zalloc; + zstream->zfree = vnc_zlib_zfree; + +- err = deflateInit2(zstream, vs->tight.compression, Z_DEFLATED, MAX_WBITS, ++ err = deflateInit2(zstream, vs->tight->compression, Z_DEFLATED, ++ MAX_WBITS, + MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY); + + if (err != Z_OK) { +@@ -84,16 +85,16 @@ static int vnc_zlib_stop(VncState *vs) + return -1; + } + +- vs->zlib.level = vs->tight.compression; ++ vs->zlib.level = vs->tight->compression; + zstream->opaque = vs; + } + +- if (vs->tight.compression != vs->zlib.level) { +- if (deflateParams(zstream, vs->tight.compression, ++ if (vs->tight->compression != vs->zlib.level) { ++ if (deflateParams(zstream, vs->tight->compression, + Z_DEFAULT_STRATEGY) != Z_OK) { + return -1; + } +- vs->zlib.level = vs->tight.compression; ++ vs->zlib.level = vs->tight->compression; + } + + // reserve memory in output buffer +diff --git a/ui/vnc-enc-zrle.c b/ui/vnc-enc-zrle.c +index 7493a84..17fd28a 100644 +--- a/ui/vnc-enc-zrle.c ++++ b/ui/vnc-enc-zrle.c +@@ -37,18 +37,18 @@ static const int bits_per_packed_pixel[] = { + + static void vnc_zrle_start(VncState *vs) + { +- buffer_reset(&vs->zrle.zrle); ++ buffer_reset(&vs->zrle->zrle); + + /* make the output buffer be the zlib buffer, so we can compress it later */ +- vs->zrle.tmp = vs->output; +- vs->output = vs->zrle.zrle; ++ vs->zrle->tmp = vs->output; ++ vs->output = vs->zrle->zrle; + } + + static void vnc_zrle_stop(VncState *vs) + { + /* switch back to normal output/zlib buffers */ +- vs->zrle.zrle = vs->output; +- vs->output = vs->zrle.tmp; ++ vs->zrle->zrle = vs->output; ++ vs->output = vs->zrle->tmp; + } + + static void *zrle_convert_fb(VncState *vs, int x, int y, int w, int h, +@@ -56,24 +56,24 @@ static void *zrle_convert_fb(VncState *vs, int x, int y, int w, int h, + { + Buffer tmp; + +- buffer_reset(&vs->zrle.fb); +- buffer_reserve(&vs->zrle.fb, w * h * bpp + bpp); ++ buffer_reset(&vs->zrle->fb); ++ buffer_reserve(&vs->zrle->fb, w * h * bpp + bpp); + + tmp = vs->output; +- vs->output = vs->zrle.fb; ++ vs->output = vs->zrle->fb; + + vnc_raw_send_framebuffer_update(vs, x, y, w, h); + +- vs->zrle.fb = vs->output; ++ vs->zrle->fb = vs->output; + vs->output = tmp; +- return vs->zrle.fb.buffer; ++ return vs->zrle->fb.buffer; + } + + static int zrle_compress_data(VncState *vs, int level) + { +- z_streamp zstream = &vs->zrle.stream; ++ z_streamp zstream = &vs->zrle->stream; + +- buffer_reset(&vs->zrle.zlib); ++ buffer_reset(&vs->zrle->zlib); + + if (zstream->opaque != vs) { + int err; +@@ -93,13 +93,13 @@ static int zrle_compress_data(VncState *vs, int level) + } + + /* reserve memory in output buffer */ +- buffer_reserve(&vs->zrle.zlib, vs->zrle.zrle.offset + 64); ++ buffer_reserve(&vs->zrle->zlib, vs->zrle->zrle.offset + 64); + + /* set pointers */ +- zstream->next_in = vs->zrle.zrle.buffer; +- zstream->avail_in = vs->zrle.zrle.offset; +- zstream->next_out = vs->zrle.zlib.buffer + vs->zrle.zlib.offset; +- zstream->avail_out = vs->zrle.zlib.capacity - vs->zrle.zlib.offset; ++ zstream->next_in = vs->zrle->zrle.buffer; ++ zstream->avail_in = vs->zrle->zrle.offset; ++ zstream->next_out = vs->zrle->zlib.buffer + vs->zrle->zlib.offset; ++ zstream->avail_out = vs->zrle->zlib.capacity - vs->zrle->zlib.offset; + zstream->data_type = Z_BINARY; + + /* start encoding */ +@@ -108,8 +108,8 @@ static int zrle_compress_data(VncState *vs, int level) + return -1; + } + +- vs->zrle.zlib.offset = vs->zrle.zlib.capacity - zstream->avail_out; +- return vs->zrle.zlib.offset; ++ vs->zrle->zlib.offset = vs->zrle->zlib.capacity - zstream->avail_out; ++ return vs->zrle->zlib.offset; + } + + /* Try to work out whether to use RLE and/or a palette. We do this by +@@ -259,14 +259,14 @@ static int zrle_send_framebuffer_update(VncState *vs, int x, int y, + size_t bytes; + int zywrle_level; + +- if (vs->zrle.type == VNC_ENCODING_ZYWRLE) { +- if (!vs->vd->lossy || vs->tight.quality == (uint8_t)-1 +- || vs->tight.quality == 9) { ++ if (vs->zrle->type == VNC_ENCODING_ZYWRLE) { ++ if (!vs->vd->lossy || vs->tight->quality == (uint8_t)-1 ++ || vs->tight->quality == 9) { + zywrle_level = 0; +- vs->zrle.type = VNC_ENCODING_ZRLE; +- } else if (vs->tight.quality < 3) { ++ vs->zrle->type = VNC_ENCODING_ZRLE; ++ } else if (vs->tight->quality < 3) { + zywrle_level = 3; +- } else if (vs->tight.quality < 6) { ++ } else if (vs->tight->quality < 6) { + zywrle_level = 2; + } else { + zywrle_level = 1; +@@ -337,30 +337,30 @@ static int zrle_send_framebuffer_update(VncState *vs, int x, int y, + + vnc_zrle_stop(vs); + bytes = zrle_compress_data(vs, Z_DEFAULT_COMPRESSION); +- vnc_framebuffer_update(vs, x, y, w, h, vs->zrle.type); ++ vnc_framebuffer_update(vs, x, y, w, h, vs->zrle->type); + vnc_write_u32(vs, bytes); +- vnc_write(vs, vs->zrle.zlib.buffer, vs->zrle.zlib.offset); ++ vnc_write(vs, vs->zrle->zlib.buffer, vs->zrle->zlib.offset); + return 1; + } + + int vnc_zrle_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) + { +- vs->zrle.type = VNC_ENCODING_ZRLE; ++ vs->zrle->type = VNC_ENCODING_ZRLE; + return zrle_send_framebuffer_update(vs, x, y, w, h); + } + + int vnc_zywrle_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) + { +- vs->zrle.type = VNC_ENCODING_ZYWRLE; ++ vs->zrle->type = VNC_ENCODING_ZYWRLE; + return zrle_send_framebuffer_update(vs, x, y, w, h); + } + + void vnc_zrle_clear(VncState *vs) + { +- if (vs->zrle.stream.opaque) { +- deflateEnd(&vs->zrle.stream); ++ if (vs->zrle->stream.opaque) { ++ deflateEnd(&vs->zrle->stream); + } +- buffer_free(&vs->zrle.zrle); +- buffer_free(&vs->zrle.fb); +- buffer_free(&vs->zrle.zlib); ++ buffer_free(&vs->zrle->zrle); ++ buffer_free(&vs->zrle->fb); ++ buffer_free(&vs->zrle->zlib); + } +diff --git a/ui/vnc-enc-zrle.inc.c b/ui/vnc-enc-zrle.inc.c +index abf6b86..c107d8a 100644 +--- a/ui/vnc-enc-zrle.inc.c ++++ b/ui/vnc-enc-zrle.inc.c +@@ -96,7 +96,7 @@ static void ZRLE_ENCODE(VncState *vs, int x, int y, int w, int h, + static void ZRLE_ENCODE_TILE(VncState *vs, ZRLE_PIXEL *data, int w, int h, + int zywrle_level) + { +- VncPalette *palette = &vs->zrle.palette; ++ VncPalette *palette = &vs->zrle->palette; + + int runs = 0; + int single_pixels = 0; +diff --git a/ui/vnc.c b/ui/vnc.c +index bc43c4c..87b8045 100644 +--- a/ui/vnc.c ++++ b/ui/vnc.c +@@ -1307,6 +1307,8 @@ void vnc_disconnect_finish(VncState *vs) + object_unref(OBJECT(vs->sioc)); + vs->sioc = NULL; + vs->magic = 0; ++ g_free(vs->zrle); ++ g_free(vs->tight); + g_free(vs); + } + +@@ -2058,8 +2060,8 @@ static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) + + vs->features = 0; + vs->vnc_encoding = 0; +- vs->tight.compression = 9; +- vs->tight.quality = -1; /* Lossless by default */ ++ vs->tight->compression = 9; ++ vs->tight->quality = -1; /* Lossless by default */ + vs->absolute = -1; + + /* +@@ -2127,11 +2129,11 @@ static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) + vs->features |= VNC_FEATURE_LED_STATE_MASK; + break; + case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: +- vs->tight.compression = (enc & 0x0F); ++ vs->tight->compression = (enc & 0x0F); + break; + case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: + if (vs->vd->lossy) { +- vs->tight.quality = (enc & 0x0F); ++ vs->tight->quality = (enc & 0x0F); + } + break; + default: +@@ -3034,6 +3036,8 @@ static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc, + int i; + + trace_vnc_client_connect(vs, sioc); ++ vs->zrle = g_new0(VncZrle, 1); ++ vs->tight = g_new0(VncTight, 1); + vs->magic = VNC_MAGIC; + vs->sioc = sioc; + object_ref(OBJECT(vs->sioc)); +@@ -3045,19 +3049,19 @@ static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc, + buffer_init(&vs->output, "vnc-output/%p", sioc); + buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc); + +- buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc); +- buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc); +- buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc); ++ buffer_init(&vs->tight->tight, "vnc-tight/%p", sioc); ++ buffer_init(&vs->tight->zlib, "vnc-tight-zlib/%p", sioc); ++ buffer_init(&vs->tight->gradient, "vnc-tight-gradient/%p", sioc); + #ifdef CONFIG_VNC_JPEG +- buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc); ++ buffer_init(&vs->tight->jpeg, "vnc-tight-jpeg/%p", sioc); + #endif + #ifdef CONFIG_VNC_PNG +- buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc); ++ buffer_init(&vs->tight->png, "vnc-tight-png/%p", sioc); + #endif + buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc); +- buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc); +- buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc); +- buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc); ++ buffer_init(&vs->zrle->zrle, "vnc-zrle/%p", sioc); ++ buffer_init(&vs->zrle->fb, "vnc-zrle-fb/%p", sioc); ++ buffer_init(&vs->zrle->zlib, "vnc-zrle-zlib/%p", sioc); + + if (skipauth) { + vs->auth = VNC_AUTH_NONE; +diff --git a/ui/vnc.h b/ui/vnc.h +index 8643860..fea79c2 100644 +--- a/ui/vnc.h ++++ b/ui/vnc.h +@@ -338,10 +338,10 @@ struct VncState + /* Encoding specific, if you add something here, don't forget to + * update vnc_async_encoding_start() + */ +- VncTight tight; ++ VncTight *tight; + VncZlib zlib; + VncHextile hextile; +- VncZrle zrle; ++ VncZrle *zrle; + VncZywrle zywrle; + + Notifier mouse_mode_notifier; +-- +1.8.3.1 diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch new file mode 100644 index 0000000000..aa7bc82329 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch @@ -0,0 +1,64 @@ +From 693fd2acdf14dd86c0bf852610f1c2cca80a74dc Mon Sep 17 00:00:00 2001 +From: Felipe Franciosi <felipe@nutanix.com> +Date: Thu, 23 Jan 2020 12:44:59 +0000 +Subject: [PATCH] iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) + +When querying an iSCSI server for the provisioning status of blocks (via +GET LBA STATUS), Qemu only validates that the response descriptor zero's +LBA matches the one requested. Given the SCSI spec allows servers to +respond with the status of blocks beyond the end of the LUN, Qemu may +have its heap corrupted by clearing/setting too many bits at the end of +its allocmap for the LUN. + +A malicious guest in control of the iSCSI server could carefully program +Qemu's heap (by selectively setting the bitmap) and then smash it. + +This limits the number of bits that iscsi_co_block_status() will try to +update in the allocmap so it can't overflow the bitmap. + +Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=patch;h=693fd2acdf14dd86c0bf852610f1c2cca80a74dc] +CVE: CVE-2020-1711 + +Fixes: CVE-2020-1711 +Cc: qemu-stable@nongnu.org +Signed-off-by: Felipe Franciosi <felipe@nutanix.com> +Signed-off-by: Peter Turschmid <peter.turschm@nutanix.com> +Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com> +Signed-off-by: Kevin Wolf <kwolf@redhat.com> +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + block/iscsi.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/block/iscsi.c b/block/iscsi.c +index 2aea7e3..cbd5729 100644 +--- a/block/iscsi.c ++++ b/block/iscsi.c +@@ -701,7 +701,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs, + struct scsi_get_lba_status *lbas = NULL; + struct scsi_lba_status_descriptor *lbasd = NULL; + struct IscsiTask iTask; +- uint64_t lba; ++ uint64_t lba, max_bytes; + int ret; + + iscsi_co_init_iscsitask(iscsilun, &iTask); +@@ -721,6 +721,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs, + } + + lba = offset / iscsilun->block_size; ++ max_bytes = (iscsilun->num_blocks - lba) * iscsilun->block_size; + + qemu_mutex_lock(&iscsilun->mutex); + retry: +@@ -764,7 +765,7 @@ retry: + goto out_unlock; + } + +- *pnum = (int64_t) lbasd->num_blocks * iscsilun->block_size; ++ *pnum = MIN((int64_t) lbasd->num_blocks * iscsilun->block_size, max_bytes); + + if (lbasd->provisioning == SCSI_PROVISIONING_TYPE_DEALLOCATED || + lbasd->provisioning == SCSI_PROVISIONING_TYPE_ANCHORED) { +-- +1.8.3.1 diff --git a/meta/recipes-devtools/rsync/rsync_3.1.3.bb b/meta/recipes-devtools/rsync/rsync_3.1.3.bb index ffb1d061c0..152ff02a25 100644 --- a/meta/recipes-devtools/rsync/rsync_3.1.3.bb +++ b/meta/recipes-devtools/rsync/rsync_3.1.3.bb @@ -20,6 +20,9 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf" SRC_URI[sha256sum] = "55cc554efec5fdaad70de921cd5a5eeb6c29a95524c715f3bbf849235b0800c0" +# -16548 required for v3.1.3pre1. Already in v3.1.3. +CVE_CHECK_WHITELIST += " CVE-2017-16548 " + inherit autotools PACKAGECONFIG ??= "acl attr \ diff --git a/meta/recipes-devtools/ruby/ruby/fix-CVE-2019-16254.patch b/meta/recipes-devtools/ruby/ruby/fix-CVE-2019-16254.patch new file mode 100644 index 0000000000..704c850c50 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/fix-CVE-2019-16254.patch @@ -0,0 +1,106 @@ +From 18d5289b4579822e391b3f5c16541e6552e9f06c Mon Sep 17 00:00:00 2001 +From: Yusuke Endoh <mame@ruby-lang.org> +Date: Tue, 1 Oct 2019 12:29:18 +0900 +Subject: [PATCH] WEBrick: prevent response splitting and header injection + +This is a follow up to d9d4a28f1cdd05a0e8dabb36d747d40bbcc30f16. +The commit prevented CRLR, but did not address an isolated CR or an +isolated LF. + +Upstream-Status: Backport https://github.com/ruby/ruby/commit/3ce238b5f9795581eb84114dcfbdf4aa086bfecc +CVE: CVE-2019-16254 + +Co-Authored-By: NARUSE, Yui <naruse@airemix.jp> +Signed-off-by: Rahul Chauhan <rahulchauhankitps@gmail.com> +--- + lib/webrick/httpresponse.rb | 3 ++- + test/webrick/test_httpresponse.rb | 46 +++++++++++++++++++++++++++++++++++++-- + 2 files changed, 46 insertions(+), 3 deletions(-) + +diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb +index 6d77692..d26324c 100644 +--- a/lib/webrick/httpresponse.rb ++++ b/lib/webrick/httpresponse.rb +@@ -367,7 +367,8 @@ def set_error(ex, backtrace=false) + private + + def check_header(header_value) +- if header_value =~ /\r\n/ ++ header_value = header_value.to_s ++ if /[\r\n]/ =~ header_value + raise InvalidHeader + else + header_value +diff --git a/test/webrick/test_httpresponse.rb b/test/webrick/test_httpresponse.rb +index 6263e0a..24a6968 100644 +--- a/test/webrick/test_httpresponse.rb ++++ b/test/webrick/test_httpresponse.rb +@@ -29,7 +29,7 @@ def setup + @res.keep_alive = true + end + +- def test_prevent_response_splitting_headers ++ def test_prevent_response_splitting_headers_crlf + res['X-header'] = "malicious\r\nCookie: hack" + io = StringIO.new + res.send_response io +@@ -39,7 +39,7 @@ def test_prevent_response_splitting_headers + refute_match 'hack', io.string + end + +- def test_prevent_response_splitting_cookie_headers ++ def test_prevent_response_splitting_cookie_headers_crlf + user_input = "malicious\r\nCookie: hack" + res.cookies << WEBrick::Cookie.new('author', user_input) + io = StringIO.new +@@ -50,6 +50,48 @@ def test_prevent_response_splitting_cookie_headers + refute_match 'hack', io.string + end + ++ def test_prevent_response_splitting_headers_cr ++ res['X-header'] = "malicious\rCookie: hack" ++ io = StringIO.new ++ res.send_response io ++ io.rewind ++ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io)) ++ assert_equal '500', res.code ++ refute_match 'hack', io.string ++ end ++ ++ def test_prevent_response_splitting_cookie_headers_cr ++ user_input = "malicious\rCookie: hack" ++ res.cookies << WEBrick::Cookie.new('author', user_input) ++ io = StringIO.new ++ res.send_response io ++ io.rewind ++ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io)) ++ assert_equal '500', res.code ++ refute_match 'hack', io.string ++ end ++ ++ def test_prevent_response_splitting_headers_lf ++ res['X-header'] = "malicious\nCookie: hack" ++ io = StringIO.new ++ res.send_response io ++ io.rewind ++ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io)) ++ assert_equal '500', res.code ++ refute_match 'hack', io.string ++ end ++ ++ def test_prevent_response_splitting_cookie_headers_lf ++ user_input = "malicious\nCookie: hack" ++ res.cookies << WEBrick::Cookie.new('author', user_input) ++ io = StringIO.new ++ res.send_response io ++ io.rewind ++ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io)) ++ assert_equal '500', res.code ++ refute_match 'hack', io.string ++ end ++ + def test_304_does_not_log_warning + res.status = 304 + res.setup_header +-- +2.7.4 diff --git a/meta/recipes-devtools/ruby/ruby_2.5.5.bb b/meta/recipes-devtools/ruby/ruby_2.5.5.bb index 223b0371eb..58bb97f4bd 100644 --- a/meta/recipes-devtools/ruby/ruby_2.5.5.bb +++ b/meta/recipes-devtools/ruby/ruby_2.5.5.bb @@ -3,6 +3,7 @@ require ruby.inc SRC_URI += " \ file://0001-configure.ac-check-finite-isinf-isnan-as-macros-firs.patch \ file://run-ptest \ + file://fix-CVE-2019-16254.patch \ " SRC_URI[md5sum] = "7e156fb526b8f4bb1b30a3dd8a7ce400" diff --git a/meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch b/meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch new file mode 100644 index 0000000000..5d587fc832 --- /dev/null +++ b/meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch @@ -0,0 +1,316 @@ +CVE: CVE-2019-14866 +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7554e3e42cd72f6f8304410c47fe6f8918e9bfd7] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +From a052401293e45a13cded5959b258204dae6d0af5 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org> +Date: Sun, 3 Nov 2019 23:59:39 +0200 +Subject: [PATCH] Fix CVE-2019-14866 + +* src/copyout.c (to_ascii): Additional argument nul controls whether +to add the terminating nul character. +(field_width_error): Improve diagnostics: print the actual and the +maximum allowed field value. +* src/extern.h (to_ascii, field_width_error): New prototypes. +* src/tar.c (to_oct): Remove. +(to_oct_or_error): New function. +(TO_OCT): New macro. +(write_out_tar_header): Use TO_OCT and to_ascii. Return 0 on +success, 1 on error. +--- + src/copyout.c | 49 ++++++++++++++++++++++-------------- + src/extern.h | 15 +++++++++-- + src/tar.c | 69 ++++++++++++++++++++++++--------------------------- + 3 files changed, 75 insertions(+), 58 deletions(-) + +diff --git a/src/copyout.c b/src/copyout.c +index 1f0987a..1ae5477 100644 +--- a/src/copyout.c ++++ b/src/copyout.c +@@ -269,26 +269,32 @@ writeout_final_defers (int out_des) + so it should be moved to paxutils too. + Allowed values for logbase are: 1 (binary), 2, 3 (octal), 4 (hex) */ + int +-to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase) ++to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, bool nul) + { + static char codetab[] = "0123456789ABCDEF"; +- int i = digits; +- +- do ++ ++ if (nul) ++ where[--digits] = 0; ++ while (digits > 0) + { +- where[--i] = codetab[(v & ((1 << logbase) - 1))]; ++ where[--digits] = codetab[(v & ((1 << logbase) - 1))]; + v >>= logbase; + } +- while (i); + + return v != 0; + } + +-static void +-field_width_error (const char *filename, const char *fieldname) ++void ++field_width_error (const char *filename, const char *fieldname, ++ uintmax_t value, size_t width, bool nul) + { +- error (0, 0, _("%s: field width not sufficient for storing %s"), +- filename, fieldname); ++ char valbuf[UINTMAX_STRSIZE_BOUND + 1]; ++ char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; ++ error (0, 0, _("%s: value %s %s out of allowed range 0..%s"), ++ filename, fieldname, ++ STRINGIFY_BIGINT (value, valbuf), ++ STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8), ++ maxbuf)); + } + + static void +@@ -303,7 +309,7 @@ to_ascii_or_warn (char *where, uintmax_t n, size_t digits, + unsigned logbase, + const char *filename, const char *fieldname) + { +- if (to_ascii (where, n, digits, logbase)) ++ if (to_ascii (where, n, digits, logbase, false)) + field_width_warning (filename, fieldname); + } + +@@ -312,9 +318,9 @@ to_ascii_or_error (char *where, uintmax_t n, size_t digits, + unsigned logbase, + const char *filename, const char *fieldname) + { +- if (to_ascii (where, n, digits, logbase)) ++ if (to_ascii (where, n, digits, logbase, false)) + { +- field_width_error (filename, fieldname); ++ field_width_error (filename, fieldname, n, digits, false); + return 1; + } + return 0; +@@ -371,7 +377,7 @@ write_out_new_ascii_header (const char *magic_string, + _("name size"))) + return 1; + p += 8; +- to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16); ++ to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16, false); + + tape_buffered_write (ascii_header, out_des, sizeof ascii_header); + +@@ -388,7 +394,7 @@ write_out_old_ascii_header (dev_t dev, dev_t rdev, + char ascii_header[76]; + char *p = ascii_header; + +- to_ascii (p, file_hdr->c_magic, 6, LG_8); ++ to_ascii (p, file_hdr->c_magic, 6, LG_8, false); + p += 6; + to_ascii_or_warn (p, dev, 6, LG_8, file_hdr->c_name, _("device number")); + p += 6; +@@ -492,7 +498,10 @@ write_out_binary_header (dev_t rdev, + short_hdr.c_namesize = file_hdr->c_namesize & 0xFFFF; + if (short_hdr.c_namesize != file_hdr->c_namesize) + { +- field_width_error (file_hdr->c_name, _("name size")); ++ char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; ++ error (0, 0, _("%s: value %s %s out of allowed range 0..%u"), ++ file_hdr->c_name, _("name size"), ++ STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFu); + return 1; + } + +@@ -502,7 +511,10 @@ write_out_binary_header (dev_t rdev, + if (((off_t)short_hdr.c_filesizes[0] << 16) + short_hdr.c_filesizes[1] + != file_hdr->c_filesize) + { +- field_width_error (file_hdr->c_name, _("file size")); ++ char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; ++ error (0, 0, _("%s: value %s %s out of allowed range 0..%lu"), ++ file_hdr->c_name, _("file size"), ++ STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFFFFFlu); + return 1; + } + +@@ -552,8 +564,7 @@ write_out_header (struct cpio_file_stat *file_hdr, int out_des) + error (0, 0, _("%s: file name too long"), file_hdr->c_name); + return 1; + } +- write_out_tar_header (file_hdr, out_des); /* FIXME: No error checking */ +- return 0; ++ return write_out_tar_header (file_hdr, out_des); + + case arf_binary: + return write_out_binary_header (makedev (file_hdr->c_rdev_maj, +diff --git a/src/extern.h b/src/extern.h +index e27d662..f9ef56a 100644 +--- a/src/extern.h ++++ b/src/extern.h +@@ -117,6 +117,10 @@ void print_name_with_quoting (char *p); + /* copyout.c */ + int write_out_header (struct cpio_file_stat *file_hdr, int out_des); + void process_copy_out (void); ++int to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, ++ bool nul); ++void field_width_error (const char *filename, const char *fieldname, ++ uintmax_t value, size_t width, bool nul); + + /* copypass.c */ + void process_copy_pass (void); +@@ -145,7 +149,7 @@ int make_path (char *argpath, uid_t owner, gid_t group, + const char *verbose_fmt_string); + + /* tar.c */ +-void write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des); ++int write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des); + int null_block (long *block, int size); + void read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des); + int otoa (char *s, unsigned long *n); +@@ -204,9 +208,16 @@ void cpio_safer_name_suffix (char *name, bool link_target, + int cpio_create_dir (struct cpio_file_stat *file_hdr, int existing_dir); + void change_dir (void); + +-/* FIXME: These two defines should be defined in paxutils */ ++/* FIXME: The following three should be defined in paxutils */ + #define LG_8 3 + #define LG_16 4 ++/* The maximum uintmax_t value that can be represented with DIGITS digits, ++ assuming that each digit is BITS_PER_DIGIT wide. */ ++#define MAX_VAL_WITH_DIGITS(digits, bits_per_digit) \ ++ ((digits) * (bits_per_digit) < sizeof (uintmax_t) * CHAR_BIT \ ++ ? ((uintmax_t) 1 << ((digits) * (bits_per_digit))) - 1 \ ++ : (uintmax_t) -1) ++ + + uintmax_t from_ascii (char const *where, size_t digs, unsigned logbase); + +diff --git a/src/tar.c b/src/tar.c +index a2ce171..ef58027 100644 +--- a/src/tar.c ++++ b/src/tar.c +@@ -79,36 +79,17 @@ stash_tar_filename (char *prefix, char *filename) + return hold_tar_filename; + } + +-/* Convert a number into a string of octal digits. +- Convert long VALUE into a DIGITS-digit field at WHERE, +- including a trailing space and room for a NUL. DIGITS==3 means +- 1 digit, a space, and room for a NUL. +- +- We assume the trailing NUL is already there and don't fill it in. +- This fact is used by start_header and finish_header, so don't change it! +- +- This is be equivalent to: +- sprintf (where, "%*lo ", digits - 2, value); +- except that sprintf fills in the trailing NUL and we don't. */ +- +-static void +-to_oct (register long value, register int digits, register char *where) ++static int ++to_oct_or_error (uintmax_t value, size_t digits, char *where, char const *field, ++ char const *file) + { +- --digits; /* Leave the trailing NUL slot alone. */ +- +- /* Produce the digits -- at least one. */ +- do ++ if (to_ascii (where, value, digits, LG_8, true)) + { +- where[--digits] = '0' + (char) (value & 7); /* One octal digit. */ +- value >>= 3; ++ field_width_error (file, field, value, digits, true); ++ return 1; + } +- while (digits > 0 && value != 0); +- +- /* Add leading zeroes, if necessary. */ +- while (digits > 0) +- where[--digits] = '0'; ++ return 0; + } +- + + + /* Compute and return a checksum for TAR_HDR, +@@ -134,10 +115,22 @@ tar_checksum (struct tar_header *tar_hdr) + return sum; + } + ++#define TO_OCT(file_hdr, c_fld, digits, tar_hdr, tar_field) \ ++ do \ ++ { \ ++ if (to_oct_or_error (file_hdr -> c_fld, \ ++ digits, \ ++ tar_hdr -> tar_field, \ ++ #tar_field, \ ++ file_hdr->c_name)) \ ++ return 1; \ ++ } \ ++ while (0) ++ + /* Write out header FILE_HDR, including the file name, to file + descriptor OUT_DES. */ + +-void ++int + write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) + { + int name_len; +@@ -166,11 +159,11 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) + + /* Ustar standard (POSIX.1-1988) requires the mode to contain only 3 octal + digits */ +- to_oct (file_hdr->c_mode & MODE_ALL, 8, tar_hdr->mode); +- to_oct (file_hdr->c_uid, 8, tar_hdr->uid); +- to_oct (file_hdr->c_gid, 8, tar_hdr->gid); +- to_oct (file_hdr->c_filesize, 12, tar_hdr->size); +- to_oct (file_hdr->c_mtime, 12, tar_hdr->mtime); ++ TO_OCT (file_hdr, c_mode & MODE_ALL, 8, tar_hdr, mode); ++ TO_OCT (file_hdr, c_uid, 8, tar_hdr, uid); ++ TO_OCT (file_hdr, c_gid, 8, tar_hdr, gid); ++ TO_OCT (file_hdr, c_filesize, 12, tar_hdr, size); ++ TO_OCT (file_hdr, c_mtime, 12, tar_hdr, mtime); + + switch (file_hdr->c_mode & CP_IFMT) + { +@@ -182,7 +175,7 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) + strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname, + TARLINKNAMESIZE); + tar_hdr->typeflag = LNKTYPE; +- to_oct (0, 12, tar_hdr->size); ++ to_ascii (tar_hdr->size, 0, 12, LG_8, true); + } + else + tar_hdr->typeflag = REGTYPE; +@@ -208,7 +201,7 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) + than TARLINKNAMESIZE. */ + strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname, + TARLINKNAMESIZE); +- to_oct (0, 12, tar_hdr->size); ++ to_ascii (tar_hdr->size, 0, 12, LG_8, true); + break; + #endif /* CP_IFLNK */ + } +@@ -227,13 +220,15 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) + if (name) + strcpy (tar_hdr->gname, name); + +- to_oct (file_hdr->c_rdev_maj, 8, tar_hdr->devmajor); +- to_oct (file_hdr->c_rdev_min, 8, tar_hdr->devminor); ++ TO_OCT (file_hdr, c_rdev_maj, 8, tar_hdr, devmajor); ++ TO_OCT (file_hdr, c_rdev_min, 8, tar_hdr, devminor); + } + +- to_oct (tar_checksum (tar_hdr), 8, tar_hdr->chksum); ++ to_ascii (tar_hdr->chksum, tar_checksum (tar_hdr), 8, LG_8, true); + + tape_buffered_write ((char *) &tar_rec, out_des, TARRECORDSIZE); ++ ++ return 0; + } + + /* Return nonzero iff all the bytes in BLOCK are NUL. +-- +2.24.1 + diff --git a/meta/recipes-extended/cpio/cpio_2.12.bb b/meta/recipes-extended/cpio/cpio_2.12.bb index 3713bf0b1f..5abe494ebc 100644 --- a/meta/recipes-extended/cpio/cpio_2.12.bb +++ b/meta/recipes-extended/cpio/cpio_2.12.bb @@ -11,6 +11,7 @@ SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ file://0001-Fix-CVE-2015-1197.patch \ file://0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch \ file://0001-Fix-segfault-with-append.patch \ + file://CVE-2019-14866.patch \ " SRC_URI[md5sum] = "fc207561a86b63862eea4b8300313e86" diff --git a/meta/recipes-extended/iputils/iputils_s20190709.bb b/meta/recipes-extended/iputils/iputils_s20190709.bb index 3f9e9917f0..42260f531e 100644 --- a/meta/recipes-extended/iputils/iputils_s20190709.bb +++ b/meta/recipes-extended/iputils/iputils_s20190709.bb @@ -32,7 +32,8 @@ PACKAGECONFIG[docs] = "-DBUILD_HTML_MANS=true -DBUILD_MANS=true,-DBUILD_HTML_MAN inherit meson update-alternatives -EXTRA_OEMESON += "--prefix=${root_prefix}/" +# Have to disable setcap/suid as its not deterministic +EXTRA_OEMESON += "--prefix=${root_prefix}/ -DNO_SETCAP_OR_SUID=true" ALTERNATIVE_PRIORITY = "100" diff --git a/meta/recipes-extended/libarchive/libarchive/0001-RAR5-reader-reject-files-that-declare-invalid-header.patch b/meta/recipes-extended/libarchive/libarchive/0001-RAR5-reader-reject-files-that-declare-invalid-header.patch new file mode 100644 index 0000000000..a84c1f1f76 --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/0001-RAR5-reader-reject-files-that-declare-invalid-header.patch @@ -0,0 +1,124 @@ +From c1fe0a8cc8dde8ba3eae3d17e34060d2d6e4eb96 Mon Sep 17 00:00:00 2001 +From: Grzegorz Antoniak <ga@anadoxin.org> +Date: Sun, 2 Feb 2020 08:04:41 +0100 +Subject: [PATCH] RAR5 reader: reject files that declare invalid header flags + +One of the fields in RAR5's base block structure is the size of the +header. Some invalid files declare a 0 header size setting, which can +confuse the unpacker. Minimum header size for RAR5 base blocks is 7 +bytes (4 bytes for CRC, and 3 bytes for the rest), so block size of 0 +bytes should be rejected at header parsing stage. + +The fix adds an error condition if header size of 0 bytes is detected. +In this case, the unpacker will not attempt to unpack the file, as the +header is corrupted. + +The commit also adds OSSFuzz #20459 sample to test further regressions +in this area. + +Upstream-Status: Backport[https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a] +CVE: CVE-2020-9308 + +Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> +--- + Makefile.am | 1 + + libarchive/archive_read_support_format_rar5.c | 17 +++++++++++++++-- + libarchive/test/test_read_format_rar5.c | 15 +++++++++++++++ + ...d_format_rar5_block_size_is_too_small.rar.uu | 8 ++++++++ + 4 files changed, 39 insertions(+), 2 deletions(-) + create mode 100644 libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu + +diff --git a/Makefile.am b/Makefile.am +index da78b24..01abf20 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -863,6 +863,7 @@ libarchive_test_EXTRA_DIST=\ + libarchive/test/test_read_format_rar5_symlink.rar.uu \ + libarchive/test/test_read_format_rar5_truncated_huff.rar.uu \ + libarchive/test/test_read_format_rar5_win32.rar.uu \ ++ libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu \ + libarchive/test/test_read_format_raw.bufr.uu \ + libarchive/test/test_read_format_raw.data.gz.uu \ + libarchive/test/test_read_format_raw.data.Z.uu \ +diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c +index 7c24627..f73393c 100644 +--- a/libarchive/archive_read_support_format_rar5.c ++++ b/libarchive/archive_read_support_format_rar5.c +@@ -2034,6 +2034,8 @@ static int scan_for_signature(struct archive_read* a); + static int process_base_block(struct archive_read* a, + struct archive_entry* entry) + { ++ const size_t SMALLEST_RAR5_BLOCK_SIZE = 3; ++ + struct rar5* rar = get_context(a); + uint32_t hdr_crc, computed_crc; + size_t raw_hdr_size = 0, hdr_size_len, hdr_size; +@@ -2057,15 +2059,26 @@ static int process_base_block(struct archive_read* a, + return ARCHIVE_EOF; + } + ++ hdr_size = raw_hdr_size + hdr_size_len; ++ + /* Sanity check, maximum header size for RAR5 is 2MB. */ +- if(raw_hdr_size > (2 * 1024 * 1024)) { ++ if(hdr_size > (2 * 1024 * 1024)) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Base block header is too large"); + + return ARCHIVE_FATAL; + } + +- hdr_size = raw_hdr_size + hdr_size_len; ++ /* Additional sanity checks to weed out invalid files. */ ++ if(raw_hdr_size == 0 || hdr_size_len == 0 || ++ hdr_size < SMALLEST_RAR5_BLOCK_SIZE) ++ { ++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ++ "Too small block encountered (%ld bytes)", ++ raw_hdr_size); ++ ++ return ARCHIVE_FATAL; ++ } + + /* Read the whole header data into memory, maximum memory use here is + * 2MB. */ +diff --git a/libarchive/test/test_read_format_rar5.c b/libarchive/test/test_read_format_rar5.c +index 1408f37..32e7ed8 100644 +--- a/libarchive/test/test_read_format_rar5.c ++++ b/libarchive/test/test_read_format_rar5.c +@@ -1194,3 +1194,18 @@ DEFINE_TEST(test_read_format_rar5_fileattr) + + EPILOGUE(); + } ++ ++DEFINE_TEST(test_read_format_rar5_block_size_is_too_small) ++{ ++ char buf[4096]; ++ PROLOGUE("test_read_format_rar5_block_size_is_too_small.rar"); ++ ++ /* This file is damaged, so those functions should return failure. ++ * Additionally, SIGSEGV shouldn't be raised during execution ++ * of those functions. */ ++ ++ assertA(archive_read_next_header(a, &ae) != ARCHIVE_OK); ++ assertA(archive_read_data(a, buf, sizeof(buf)) <= 0); ++ ++ EPILOGUE(); ++} +diff --git a/libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu b/libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu +new file mode 100644 +index 0000000..5cad219 +--- /dev/null ++++ b/libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu +@@ -0,0 +1,8 @@ ++begin 644 test_read_format_rar5_block_size_is_too_small.rar ++M4F%R(1H'`0"-[P+2``+'(!P,("`@N`,!`B`@("`@("`@("`@("`@("#_("`@ ++M("`@("`@("`@((:Q;2!4-'-^4B`!((WO`M(``O\@$/\@-R`@("`@("`@("`@ ++M``X@("`@("`@____("`@("`@(/\@("`@("`@("`@("#_(+6U,2"UM;6UM[CU ++M)B`@*(0G(`!.`#D\3R``(/__(,+_````-0#_($&%*/HE=C+N`"```"```"`D ++J`)$#("#_("#__P`@__\@_R#_("`@("`@("#_("#__R`@(/__("#__R`" ++` ++end +-- +2.23.0 + diff --git a/meta/recipes-extended/libarchive/libarchive_3.4.0.bb b/meta/recipes-extended/libarchive/libarchive_3.4.0.bb index c196382b07..db45ccf654 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.4.0.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.4.0.bb @@ -33,6 +33,7 @@ EXTRA_OECONF += "--enable-largefile" SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ file://CVE-2019-19221.patch \ + file://0001-RAR5-reader-reject-files-that-declare-invalid-header.patch \ " SRC_URI[md5sum] = "6046396255bd7cf6d0f6603a9bda39ac" diff --git a/meta/recipes-extended/libidn/libidn2_2.2.0.bb b/meta/recipes-extended/libidn/libidn2_2.2.0.bb index bcbfdd85b9..71314149e1 100644 --- a/meta/recipes-extended/libidn/libidn2_2.2.0.bb +++ b/meta/recipes-extended/libidn/libidn2_2.2.0.bb @@ -22,7 +22,8 @@ EXTRA_OECONF += "--disable-rpath \ " do_install_append() { - sed -i -e 's|-L${STAGING_LIBDIR}||' ${D}${libdir}/pkgconfig/libidn2.pc + # Need to remove any duplicate whitespace too for reproducibility + sed -i -e 's|-L${STAGING_LIBDIR}||' -e 's/ */ /g' ${D}${libdir}/pkgconfig/libidn2.pc } LICENSE_${PN} = "(GPLv2+ | LGPLv3)" diff --git a/meta/recipes-extended/man-db/man-db_2.8.7.bb b/meta/recipes-extended/man-db/man-db_2.8.7.bb index 083b2374aa..0d73b03482 100644 --- a/meta/recipes-extended/man-db/man-db_2.8.7.bb +++ b/meta/recipes-extended/man-db/man-db_2.8.7.bb @@ -10,7 +10,7 @@ SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/man-db/man-db-${PV}.tar.xz \ SRC_URI[md5sum] = "ec0b23c8314a1654c4d059b2c18ce43d" SRC_URI[sha256sum] = "b9cd5bb996305d08bfe9e1114edc30b4c97be807093b88af8033ed1cf9beb326" -DEPENDS = "libpipeline gdbm groff-native base-passwd" +DEPENDS = "libpipeline gdbm groff-native base-passwd flex-native" RDEPENDS_${PN} += "base-passwd" # | /usr/src/debug/man-db/2.8.0-r0/man-db-2.8.0/src/whatis.c:939: undefined reference to `_nl_msg_cat_cntr' diff --git a/meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch b/meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch new file mode 100644 index 0000000000..e76aac8161 --- /dev/null +++ b/meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch @@ -0,0 +1,99 @@ +From a54501d3c9541bc8600225aa2d42531f93c6def7 Mon Sep 17 00:00:00 2001 +From: Joshua Watt <JPEWhacker@gmail.com> +Date: Sat, 9 Nov 2019 20:01:48 -0600 +Subject: [PATCH] Add option to control configure args + +Embedding the configure time options into the executable can lead to +non-reproducible builds, since configure options often have embedded +paths. Add a configure time option to control if the configure args are +embedded so this can be disabled. + +Upstream-Status: Submitted [https://midnight-commander.org/ticket/4031] +Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> +--- + configure.ac | 6 ++++++ + src/args.c | 6 ++++++ + src/textconf.c | 2 ++ + 3 files changed, 14 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 19d1a76be..a1948f6b9 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -544,6 +544,12 @@ dnl Clarify do we really need GModule + AM_CONDITIONAL([HAVE_GMODULE], [test -n "$g_module_supported" && \ + test x"$textmode_x11_support" = x"yes" -o x"$enable_aspell" = x"yes"]) + ++AC_ARG_ENABLE([configure-args], ++ AS_HELP_STRING([--enable-configure-args], [Handle all compiler warnings as errors])) ++if test "x$enable_configure_args" != xno; then ++ AC_DEFINE([ENABLE_CONFIGURE_ARGS], 1, [Define to enable showing configure arguments in help]) ++fi ++ + AC_DEFINE_UNQUOTED([MC_CONFIGURE_ARGS], ["$ac_configure_args"], [MC configure arguments]) + + AC_CONFIG_FILES( +diff --git a/src/args.c b/src/args.c +index baef1a1c8..f8dc24020 100644 +--- a/src/args.c ++++ b/src/args.c +@@ -95,7 +95,9 @@ static gboolean mc_args__nouse_subshell = FALSE; + #endif /* ENABLE_SUBSHELL */ + static gboolean mc_args__show_datadirs = FALSE; + static gboolean mc_args__show_datadirs_extended = FALSE; ++#ifdef ENABLE_CONFIGURE_ARGS + static gboolean mc_args__show_configure_opts = FALSE; ++#endif + + static GOptionGroup *main_group; + +@@ -125,6 +127,7 @@ static const GOptionEntry argument_main_table[] = { + NULL + }, + ++#ifdef ENABLE_CONFIGURE_ARGS + /* show configure options */ + { + "configure-options", '\0', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_NONE, +@@ -132,6 +135,7 @@ static const GOptionEntry argument_main_table[] = { + N_("Print configure options"), + NULL + }, ++#endif + + { + "printwd", 'P', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_STRING, +@@ -758,11 +762,13 @@ mc_args_show_info (void) + return FALSE; + } + ++#ifdef ENABLE_CONFIGURE_ARGS + if (mc_args__show_configure_opts) + { + show_configure_options (); + return FALSE; + } ++#endif + + return TRUE; + } +diff --git a/src/textconf.c b/src/textconf.c +index 1e0613e58..f39b9e028 100644 +--- a/src/textconf.c ++++ b/src/textconf.c +@@ -232,10 +232,12 @@ show_datadirs_extended (void) + + /* --------------------------------------------------------------------------------------------- */ + ++#ifdef ENABLE_CONFIGURE_ARGS + void + show_configure_options (void) + { + (void) printf ("%s\n", MC_CONFIGURE_ARGS); + } ++#endif + + /* --------------------------------------------------------------------------------------------- */ +-- +2.23.0 + diff --git a/meta/recipes-extended/mc/files/nomandate.patch b/meta/recipes-extended/mc/files/nomandate.patch new file mode 100644 index 0000000000..48bd73b110 --- /dev/null +++ b/meta/recipes-extended/mc/files/nomandate.patch @@ -0,0 +1,21 @@ +The man page date can vary depending upon the host perl, e.g. in Russian +some versions print 'июня', others 'Июнь' or Polish 'czerwca' or 'czerwiec'. +Rather than depend upon perl-native to fix this, just remove the date from +the manpages. + +RP 2020/2/4 + +Upstream-Status: Inappropriate [OE specficic reproducibility workaround] +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: mc-4.8.23/doc/man/date-of-man-include.am +=================================================================== +--- mc-4.8.23.orig/doc/man/date-of-man-include.am ++++ mc-4.8.23/doc/man/date-of-man-include.am +@@ -1,5 +1,5 @@ + SED_PARAMETERS = \ +- -e "s/%DATE_OF_MAN_PAGE%/$${MAN_DATE}/g" \ ++ -e "s/%DATE_OF_MAN_PAGE%//g" \ + -e "s/%DISTR_VERSION%/@DISTR_VERSION@/g" \ + -e "s{%prefix%{@prefix@{g" \ + -e "s{%sysconfdir%{@sysconfdir@{g" \ diff --git a/meta/recipes-extended/mc/mc_4.8.23.bb b/meta/recipes-extended/mc/mc_4.8.23.bb index 83de8dbb2c..de76591d9b 100644 --- a/meta/recipes-extended/mc/mc_4.8.23.bb +++ b/meta/recipes-extended/mc/mc_4.8.23.bb @@ -8,6 +8,8 @@ RDEPENDS_${PN} = "ncurses-terminfo" SRC_URI = "http://www.midnight-commander.org/downloads/${BPN}-${PV}.tar.bz2 \ file://0001-mc-replace-perl-w-with-use-warnings.patch \ + file://0001-Add-option-to-control-configure-args.patch \ + file://nomandate.patch \ " SRC_URI[md5sum] = "152927ac29cf0e61d7d019f261bb7d89" SRC_URI[sha256sum] = "238c4552545dcf3065359bd50753abbb150c1b22ec5a36eaa02c82808293267d" @@ -21,9 +23,12 @@ PACKAGECONFIG ??= "" PACKAGECONFIG[smb] = "--enable-vfs-smb,--disable-vfs-smb,samba," PACKAGECONFIG[sftp] = "--enable-vfs-sftp,--disable-vfs-sftp,libssh2," -EXTRA_OECONF = "--with-screen=ncurses --without-gpm-mouse --without-x" +EXTRA_OECONF = "--with-screen=ncurses --without-gpm-mouse --without-x --disable-configure-args" CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'" +CACHED_CONFIGUREVARS += "ac_cv_path_PYTHON='/usr/bin/env python'" +CACHED_CONFIGUREVARS += "ac_cv_path_GREP='/usr/bin/env grep'" +CACHED_CONFIGUREVARS += "mc_cv_have_zipinfo=yes" do_install_append () { sed -i -e '1s,#!.*perl,#!${bindir}/env perl,' ${D}${libexecdir}/mc/extfs.d/* diff --git a/meta/recipes-extended/psmisc/psmisc.inc b/meta/recipes-extended/psmisc/psmisc.inc index 594a10cf22..6de5acb71b 100644 --- a/meta/recipes-extended/psmisc/psmisc.inc +++ b/meta/recipes-extended/psmisc/psmisc.inc @@ -7,7 +7,7 @@ command sends a specified signal (SIGTERM if nothing is specified) to \ processes identified by name. The fuser command identifies the PIDs \ of processes that are using specified files or filesystems." SECTION = "base" -DEPENDS = "ncurses virtual/libintl gettext-native" +DEPENDS = "ncurses virtual/libintl gettext-native xz-native" LICENSE = "GPLv2" SRC_URI = "${SOURCEFORGE_MIRROR}/psmisc/psmisc-${PV}.tar.gz" diff --git a/meta/recipes-extended/screen/screen/CVE-2020-9366.patch b/meta/recipes-extended/screen/screen/CVE-2020-9366.patch new file mode 100644 index 0000000000..a52b9e6e68 --- /dev/null +++ b/meta/recipes-extended/screen/screen/CVE-2020-9366.patch @@ -0,0 +1,48 @@ +From 8ce90c1d3d5bece150479d8bc9303fd9d9f45e03 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net> +Date: Thu, 30 Jan 2020 17:56:27 +0100 +Subject: [PATCH] Fix out of bounds access when setting w_xtermosc after OSC 49 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net> +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +echo -e "\e]49\e; \n\ec" +crashes screen. + +This happens because 49 is divided by 10 and used as table index +resulting in access to w_xtermosc[4], which is out of bounds with table +itself being size 4. Increase size of table by 1 to 5, which is enough +for all current uses. + +As this overwrites memory based on user input it is potential security +issue. + +Reported-by: pippin@gimp.org +Signed-off-by: Amadeusz Sławiński <amade@asmblr.net> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/screen.git/commit/?h=v.4.8.0&id=68386dfb1fa33471372a8cd2e74686758a2f527b] +CVE: CVE-2020-9366 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +--- + window.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/window.h b/window.h +index bd10dcd..a8afa19 100644 +--- a/window.h ++++ b/window.h +@@ -237,7 +237,7 @@ struct win + char w_vbwait; + char w_norefresh; /* dont redisplay when switching to that win */ + #ifdef RXVT_OSC +- char w_xtermosc[4][MAXSTR]; /* special xterm/rxvt escapes */ ++ char w_xtermosc[5][MAXSTR]; /* special xterm/rxvt escapes */ + #endif + int w_mouse; /* mouse mode 0,9,1000 */ + #ifdef HAVE_BRAILLE diff --git a/meta/recipes-extended/screen/screen_4.6.2.bb b/meta/recipes-extended/screen/screen_4.6.2.bb index 21b476ddb0..d00b849021 100644 --- a/meta/recipes-extended/screen/screen_4.6.2.bb +++ b/meta/recipes-extended/screen/screen_4.6.2.bb @@ -25,6 +25,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \ file://0001-fix-for-multijob-build.patch \ file://0001-configure.ac-fix-configure-failed-while-build-dir-ha.patch \ file://0001-Remove-more-compatibility-stuff.patch \ + file://CVE-2020-9366.patch \ " SRC_URI[md5sum] = "a0f529d3333b128dfaa324d978ba73a8" diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc index 15075bcefd..4edfabe510 100644 --- a/meta/recipes-extended/sudo/sudo.inc +++ b/meta/recipes-extended/sudo/sudo.inc @@ -26,7 +26,7 @@ PACKAGECONFIG[pam-wheel] = ",,,pam-plugin-wheel" CONFFILES_${PN} = "${sysconfdir}/sudoers" -EXTRA_OECONF = "--with-editor=/bin/vi --with-env-editor" +EXTRA_OECONF = "--with-editor=${base_bindir}/vi --with-env-editor" EXTRA_OECONF_append_libc-musl = " --disable-hardening " diff --git a/meta/recipes-extended/sudo/sudo_1.8.27.bb b/meta/recipes-extended/sudo/sudo_1.8.27.bb index 0a11a1b28f..6d470d0373 100644 --- a/meta/recipes-extended/sudo/sudo_1.8.27.bb +++ b/meta/recipes-extended/sudo/sudo_1.8.27.bb @@ -15,10 +15,18 @@ SRC_URI[sha256sum] = "7beb68b94471ef56d8a1036dbcdc09a7b58a949a68ffce48b83f837dd3 DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" +CACHED_CONFIGUREVARS = " \ + ac_cv_type_rsize_t=no \ + ac_cv_path_MVPROG=${base_bindir}/mv \ + ac_cv_path_BSHELLPROG=${base_bindir}/sh \ + ac_cv_path_SENDMAILPROG=${sbindir}/sendmail \ + ac_cv_path_VIPROG=${base_bindir}/vi \ + " + EXTRA_OECONF += " \ - ac_cv_type_rsize_t=no \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${nonarch_libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \ + --with-vardir=/var/lib/sudo \ " do_install_append () { diff --git a/meta/recipes-extended/tar/tar_1.32.bb b/meta/recipes-extended/tar/tar_1.32.bb index 18f09b5711..ebe6cb0dbd 100644 --- a/meta/recipes-extended/tar/tar_1.32.bb +++ b/meta/recipes-extended/tar/tar_1.32.bb @@ -22,6 +22,8 @@ PACKAGECONFIG[acl] = "--with-posix-acls,--without-posix-acls,acl" EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}" +CACHED_CONFIGUREVARS += "tar_cv_path_RSH=no" + # Let aclocal use the relative path for the m4 file rather than the # absolute since tar has a lot of m4 files, otherwise there might # be an "Argument list too long" error when it is built in a long/deep diff --git a/meta/recipes-gnome/gtk+/gtk+3/sort-resources.patch b/meta/recipes-gnome/gtk+/gtk+3/sort-resources.patch new file mode 100644 index 0000000000..7f87372c52 --- /dev/null +++ b/meta/recipes-gnome/gtk+/gtk+3/sort-resources.patch @@ -0,0 +1,19 @@ +If the resources file isn't sorted in some way then libgdk.so will differ +depending on the inode order of the resource files. + +Upstream-Status: Pending +Signed-off-by: Ross Burton <ross.burton@intel.com> + +diff --git a/gdk/Makefile.am b/gdk/Makefile.am +index e25b57ba50..26f2d57c6e 100644 +--- a/gdk/Makefile.am ++++ b/gdk/Makefile.am +@@ -465,7 +465,7 @@ stamp-gc-h: $(top_builddir)/config.status + # Resources + # + +-glsl_sources := $(wildcard $(srcdir)/resources/glsl/*.glsl) ++glsl_sources := $(sort $(wildcard $(srcdir)/resources/glsl/*.glsl)) + + gdk.gresource.xml: Makefile.am + $(AM_V_GEN) echo "<?xml version='1.0' encoding='UTF-8'?>" > $@; \ diff --git a/meta/recipes-gnome/gtk+/gtk+3_3.24.8.bb b/meta/recipes-gnome/gtk+/gtk+3_3.24.8.bb index d79b18bee0..596dee6264 100644 --- a/meta/recipes-gnome/gtk+/gtk+3_3.24.8.bb +++ b/meta/recipes-gnome/gtk+/gtk+3_3.24.8.bb @@ -7,6 +7,7 @@ SRC_URI = "http://ftp.gnome.org/pub/gnome/sources/gtk+/${MAJ_VER}/gtk+-${PV}.tar file://0002-Do-not-try-to-initialize-GL-without-libGL.patch \ file://0003-Add-disable-opengl-configure-option.patch \ file://link_fribidi.patch \ + file://sort-resources.patch \ " SRC_URI[md5sum] = "eeedde01856238114dcf4df3ebc942a5" SRC_URI[sha256sum] = "666962de9b9768fe9ca785b0e2f42c8b9db3868a12fa9b356b167238d70ac799" diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch new file mode 100644 index 0000000000..ad61c95be3 --- /dev/null +++ b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch @@ -0,0 +1,66 @@ +From 24f67de7a9088a873844a39be03cee6882260ac9 Mon Sep 17 00:00:00 2001 +From: Gert Wollny <gert.wollny@collabora.com> +Date: Mon, 7 Oct 2019 10:59:56 +0200 +Subject: [PATCH] vrend: check info formats in blits + +Closes #141 +Closes #142 + +v2 : drop colon in error description (Emil) + +Signed-off-by: Gert Wollny <gert.wollny@collabora.com> +Reviewed-by: Emil Velikov <emil.velikov@collabora.com> + +Upstream-Status: Backport +[https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9] +CVE: CVE-2019-18390 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + src/virgl_hw.h | 1 + + src/vrend_renderer.c | 11 +++++++++++ + 2 files changed, 12 insertions(+) + +diff --git a/src/virgl_hw.h b/src/virgl_hw.h +index 145780bf..5ccf3073 100644 +--- a/src/virgl_hw.h ++++ b/src/virgl_hw.h +@@ -426,6 +426,7 @@ enum virgl_ctx_errors { + VIRGL_ERROR_CTX_ILLEGAL_CMD_BUFFER, + VIRGL_ERROR_CTX_GLES_HAVE_TES_BUT_MISS_TCS, + VIRGL_ERROR_GL_ANY_SAMPLES_PASSED, ++ VIRGL_ERROR_CTX_ILLEGAL_FORMAT, + }; + + #define VIRGL_RESOURCE_Y_0_TOP (1 << 0) +diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c +index 14fefb38..aa6a89c1 100644 +--- a/src/vrend_renderer.c ++++ b/src/vrend_renderer.c +@@ -758,6 +758,7 @@ static const char *vrend_ctx_error_strings[] = { + [VIRGL_ERROR_CTX_ILLEGAL_CMD_BUFFER] = "Illegal command buffer", + [VIRGL_ERROR_CTX_GLES_HAVE_TES_BUT_MISS_TCS] = "On GLES context and shader program has tesselation evaluation shader but no tesselation control shader", + [VIRGL_ERROR_GL_ANY_SAMPLES_PASSED] = "Query for ANY_SAMPLES_PASSED not supported", ++ [VIRGL_ERROR_CTX_ILLEGAL_FORMAT] = "Illegal format ID", + }; + + static void __report_context_error(const char *fname, struct vrend_context *ctx, +@@ -8492,6 +8493,16 @@ void vrend_renderer_blit(struct vrend_context *ctx, + if (ctx->in_error) + return; + ++ if (!info->src.format || (enum virgl_formats)info->src.format >= VIRGL_FORMAT_MAX) { ++ report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_FORMAT, info->src.format); ++ return; ++ } ++ ++ if (!info->dst.format || (enum virgl_formats)info->dst.format >= VIRGL_FORMAT_MAX) { ++ report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_FORMAT, info->dst.format); ++ return; ++ } ++ + if (info->render_condition_enable == false) + vrend_pause_render_condition(ctx, true); + +-- +2.24.1 + diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18391.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18391.patch new file mode 100644 index 0000000000..cc641d8293 --- /dev/null +++ b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18391.patch @@ -0,0 +1,51 @@ +From 2abeb1802e3c005b17a7123e382171b3fb665971 Mon Sep 17 00:00:00 2001 +From: Gert Wollny <gert.wollny@collabora.com> +Date: Tue, 8 Oct 2019 17:27:01 +0200 +Subject: [PATCH] vrend: check that the transfer iov holds enough data for the + data upload + +Closes #140 + +Signed-off-by: Gert Wollny <gert.wollny@collabora.com> +Reviewed-by: Emil Velikov <emil.velikov@collabora.com> + +Upstream-Status: Backport +[https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971] +CVE: CVE-2019-18391 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + src/vrend_renderer.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c +index 694e1d0e..fe23846b 100644 +--- a/src/vrend_renderer.c ++++ b/src/vrend_renderer.c +@@ -7005,15 +7005,22 @@ static int vrend_renderer_transfer_write_iov(struct vrend_context *ctx, + invert = true; + } + ++ send_size = util_format_get_nblocks(res->base.format, info->box->width, ++ info->box->height) * elsize; ++ if (res->target == GL_TEXTURE_3D || ++ res->target == GL_TEXTURE_2D_ARRAY || ++ res->target == GL_TEXTURE_CUBE_MAP_ARRAY) ++ send_size *= info->box->depth; ++ + if (need_temp) { +- send_size = util_format_get_nblocks(res->base.format, info->box->width, +- info->box->height) * elsize * info->box->depth; + data = malloc(send_size); + if (!data) + return ENOMEM; + read_transfer_data(iov, num_iovs, data, res->base.format, info->offset, + stride, layer_stride, info->box, invert); + } else { ++ if (send_size > iov[0].iov_len - info->offset) ++ return EINVAL; + data = (char*)iov[0].iov_base + info->offset; + } + +-- +2.24.1 + diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2020-8002.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2020-8002.patch new file mode 100644 index 0000000000..925f2c8eb0 --- /dev/null +++ b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2020-8002.patch @@ -0,0 +1,39 @@ +From 63bcca251f093d83da7e290ab4bbd38ae69089b5 Mon Sep 17 00:00:00 2001 +From: Gert Wollny <gert.wollny@collabora.com> +Date: Wed, 15 Jan 2020 13:43:58 +0100 +Subject: [PATCH] vrend: Don't try launching a grid if no CS is available + +Closes #155 + +Signed-off-by: Gert Wollny <gert.wollny@collabora.com> +Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org> + +Upstream-Status: Backport +[https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5.patch] +CVE: CVE-2020-8002 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + src/vrend_renderer.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c +index a054bad8..2280fc43 100644 +--- a/src/vrend_renderer.c ++++ b/src/vrend_renderer.c +@@ -4604,6 +4604,13 @@ void vrend_launch_grid(struct vrend_context *ctx, + } + ctx->sub->shader_dirty = true; + } ++ ++ if (!ctx->sub->prog) { ++ vrend_printf("%s: Skipping compute shader execution due to missing shaders: %s\n", ++ __func__, ctx->debug_name); ++ return; ++ } ++ + vrend_use_program(ctx, ctx->sub->prog->id); + + vrend_draw_bind_ubo_shader(ctx, PIPE_SHADER_COMPUTE, 0); +-- +2.24.1 + diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb b/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb index d2b11c103a..e91ccc6c57 100644 --- a/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb +++ b/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb @@ -8,6 +8,9 @@ DEPENDS = "libdrm mesa libepoxy" SRCREV = "48cc96c9aebb9d0164830a157efc8916f08f00c0" SRC_URI = "git://anongit.freedesktop.org/virglrenderer \ file://0001-gallium-Expand-libc-check-to-be-platform-OS-check.patch \ + file://CVE-2019-18390.patch \ + file://CVE-2019-18391.patch \ + file://CVE-2020-8002.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-graphics/waffle/waffle_1.6.0.bb b/meta/recipes-graphics/waffle/waffle_1.6.0.bb index 8a1d5748f6..82cead9ad1 100644 --- a/meta/recipes-graphics/waffle/waffle_1.6.0.bb +++ b/meta/recipes-graphics/waffle/waffle_1.6.0.bb @@ -35,3 +35,8 @@ PACKAGECONFIG[x11-egl] = "-Dx11_egl=enabled,-Dx11_egl=disabled,virtual/${MLPREFI PACKAGECONFIG[surfaceless-egl] = "-Dsurfaceless_egl=enabled,-Dsurfaceless_egl=disabled,virtual/${MLPREFIX}libgl" # TODO: optionally build manpages and examples + +# Unset these to stop python trying to report the target Python setup +_PYTHON_SYSCONFIGDATA_NAME[unexport] = "1" +STAGING_INCDIR[unexport] = "1" +STAGING_LIBDIR[unexport] = "1" diff --git a/meta/recipes-graphics/wayland/libinput/determinism.patch b/meta/recipes-graphics/wayland/libinput/determinism.patch new file mode 100644 index 0000000000..cb554030cf --- /dev/null +++ b/meta/recipes-graphics/wayland/libinput/determinism.patch @@ -0,0 +1,21 @@ +This finds our outer git tree and that version information breaks +determinism of this recipe. Disable it. + +RP 2020/2/6 + +Upstream-Status: Pending +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: libinput-1.14.3/meson.build +=================================================================== +--- libinput-1.14.3.orig/meson.build ++++ libinput-1.14.3/meson.build +@@ -387,7 +387,7 @@ pkgconfig.generate( + libraries : lib_libinput + ) + +-git_version_h = vcs_tag(command : ['git', 'describe'], ++git_version_h = vcs_tag(command : ['false'], + fallback : 'unknown', + input : 'src/libinput-git-version.h.in', + output :'libinput-git-version.h') diff --git a/meta/recipes-graphics/wayland/libinput_1.14.1.bb b/meta/recipes-graphics/wayland/libinput_1.14.1.bb index 38bc8d2c33..2c5733f33a 100644 --- a/meta/recipes-graphics/wayland/libinput_1.14.1.bb +++ b/meta/recipes-graphics/wayland/libinput_1.14.1.bb @@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1f2ea9ebff3a2c6d458faf58492efb63" DEPENDS = "libevdev udev mtdev" -SRC_URI = "http://www.freedesktop.org/software/${BPN}/${BP}.tar.xz" +SRC_URI = "http://www.freedesktop.org/software/${BPN}/${BP}.tar.xz \ + file://determinism.patch \ +" SRC_URI[md5sum] = "da29a704dc6f7ea2d5aac754db046340" SRC_URI[sha256sum] = "e333a3242835c019ca37d2cef8b51a87d3138eb47444119c0153dc7a8656ee70" diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf b/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf new file mode 100644 index 0000000000..7ab7460816 --- /dev/null +++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf @@ -0,0 +1,2 @@ +cap_sys_admin @USER@ +none * diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm index 6c548551b8..116bb278bc 100755 --- a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm +++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm @@ -38,6 +38,14 @@ case "$1" in if [ -e /dev/hidraw0 ]; then chmod o+rw /dev/hidraw* fi + # Make sure that the Xorg has the cap_sys_admin capability which is + # needed for setting the drm master + if ! grep -q "^auth.*pam_cap\.so" /etc/pam.d/su; then + echo "auth optional pam_cap.so" >>/etc/pam.d/su + fi + if ! /usr/sbin/getcap $XSERVER | grep -q cap_sys_admin; then + /usr/sbin/setcap cap_sys_admin+eip $XSERVER + fi fi # Using su rather than sudo as latest 1.8.1 cause failure [YOCTO #1211] diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb b/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb index a77c56445c..7f4e1e29f1 100644 --- a/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb +++ b/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb @@ -10,6 +10,7 @@ SRC_URI = "file://xserver-nodm \ file://gplv2-license.patch \ file://xserver-nodm.service.in \ file://xserver-nodm.conf.in \ + file://capability.conf \ " S = "${WORKDIR}" @@ -19,7 +20,7 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" inherit update-rc.d systemd distro_features_check -REQUIRED_DISTRO_FEATURES = "x11" +REQUIRED_DISTRO_FEATURES = "x11 ${@oe.utils.conditional('ROOTLESS_X', '1', 'pam', '', d)}" PACKAGECONFIG ??= "blank" # dpms and screen saver will be on only if 'blank' is in PACKAGECONFIG @@ -40,6 +41,8 @@ do_install() { if [ "${ROOTLESS_X}" = "1" ] ; then XUSER_HOME="/home/xuser" XUSER="xuser" + install -D capability.conf ${D}${sysconfdir}/security/capability.conf + sed -i "s:@USER@:${XUSER}:" ${D}${sysconfdir}/security/capability.conf else XUSER_HOME=${ROOT_HOME} XUSER="root" @@ -60,7 +63,7 @@ do_install() { fi } -RDEPENDS_${PN} = "xinit ${@oe.utils.conditional('ROOTLESS_X', '1', 'xuser-account', '', d)}" +RDEPENDS_${PN} = "xinit ${@oe.utils.conditional('ROOTLESS_X', '1', 'xuser-account libcap libcap-bin', '', d)}" INITSCRIPT_NAME = "xserver-nodm" INITSCRIPT_PARAMS = "start 9 5 . stop 20 0 1 2 3 6 ." diff --git a/meta/recipes-graphics/xorg-app/xorg-app-common.inc b/meta/recipes-graphics/xorg-app/xorg-app-common.inc index 3529cb26ef..211e399cf0 100644 --- a/meta/recipes-graphics/xorg-app/xorg-app-common.inc +++ b/meta/recipes-graphics/xorg-app/xorg-app-common.inc @@ -12,6 +12,6 @@ INC_PR = "r8" SRC_URI = "${XORG_MIRROR}/individual/app/${BPN}-${PV}.tar.bz2" -inherit autotools pkgconfig distro_features_check +inherit autotools pkgconfig distro_features_check gettext FILES_${PN} += " ${libdir}/X11/${BPN} ${datadir}/X11/app-defaults/" diff --git a/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb b/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb index 85a48e4c58..cc45696530 100644 --- a/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb +++ b/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb @@ -11,6 +11,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=47e508ca280fde97906eacb77892c3ac" DEPENDS += "virtual/libx11" +EXTRA_OECONF += "--with-shared-memory-dir=/dev/shm" + BBCLASSEXTEND = "native nativesdk" SRC_URI[md5sum] = "42dda8016943dc12aff2c03a036e0937" diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb index b6e0a1e9e2..93c4472316 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "2fbf678238302f33b3aec5a2cba829f260744f24" -SRCREV_meta ?= "4f5d761316a9cf14605e5d0cc91b53c1b2e9dc6a" +SRCREV_machine ?= "40e34fdcb540e35b1a97e8e52c11dfe52bd68b16" +SRCREV_meta ?= "7cb520d405cd5ca8f21a333941fbc0861bbb36b0" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.19.87" +LINUX_VERSION ?= "4.19.107" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb index 5391e052c5..a23a5e6f93 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "e2d396270864afd14f5882ce8921d8fb562f5665" -SRCREV_meta ?= "dd6019025cbb701b9818102f267c26e87031a59b" +SRCREV_machine ?= "78e147f949b5b18524aa7bd72f1cc8f7ae8039f8" +SRCREV_meta ?= "bb2776d6beaae64b1a0fc902b64376f082085498" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.2;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.2.28" +LINUX_VERSION ?= "5.2.32" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb index e2626ab4c9..76b2467ef5 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "4.19.87" +LINUX_VERSION ?= "4.19.107" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "bd239fb802a15c2759ea456dd1f09f5e106fc88a" -SRCREV_machine ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656" -SRCREV_meta ?= "4f5d761316a9cf14605e5d0cc91b53c1b2e9dc6a" +SRCREV_machine_qemuarm ?= "e2c947b59c650f2aa2f0f88d6af90f9dfb336e04" +SRCREV_machine ?= "16ae5406361af8329b74580697cb738dadeb1ecb" +SRCREV_meta ?= "7cb520d405cd5ca8f21a333941fbc0861bbb36b0" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb index 986dd6e351..ac9904f415 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.2.28" +LINUX_VERSION ?= "5.2.32" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "d79fa780eef7c3b08fcff8a44070c211afa91214" -SRCREV_machine ?= "992280855e88289b7e7019ee2cf9dff867c58b94" -SRCREV_meta ?= "dd6019025cbb701b9818102f267c26e87031a59b" +SRCREV_machine_qemuarm ?= "e0a3a01b24070b15121e938ea19755091bf0d662" +SRCREV_machine ?= "73b12de4c879e4569bef3b2d0ee9c783a9788b27" +SRCREV_meta ?= "bb2776d6beaae64b1a0fc902b64376f082085498" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_4.19.bb b/meta/recipes-kernel/linux/linux-yocto_4.19.bb index c6e482a984..6e3b00e0e5 100644 --- a/meta/recipes-kernel/linux/linux-yocto_4.19.bb +++ b/meta/recipes-kernel/linux/linux-yocto_4.19.bb @@ -11,22 +11,22 @@ KBRANCH_qemux86 ?= "v4.19/standard/base" KBRANCH_qemux86-64 ?= "v4.19/standard/base" KBRANCH_qemumips64 ?= "v4.19/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "19fa1657d1d82d01647c6f73a2bbf39305505294" -SRCREV_machine_qemuarm64 ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656" -SRCREV_machine_qemumips ?= "8fb7ab96b84852ee3d9e1d9d9e7bc35e1249b653" -SRCREV_machine_qemuppc ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656" -SRCREV_machine_qemux86 ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656" -SRCREV_machine_qemux86-64 ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656" -SRCREV_machine_qemumips64 ?= "c8a036abd7d469013dddab15a23e0d2dde1d0000" -SRCREV_machine ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656" -SRCREV_meta ?= "4f5d761316a9cf14605e5d0cc91b53c1b2e9dc6a" +SRCREV_machine_qemuarm ?= "c8b87f4d12eb957d8a95442a928ef4820037bb55" +SRCREV_machine_qemuarm64 ?= "16ae5406361af8329b74580697cb738dadeb1ecb" +SRCREV_machine_qemumips ?= "94f102eaca76ffdcc3d47ea94b47486d7157c531" +SRCREV_machine_qemuppc ?= "16ae5406361af8329b74580697cb738dadeb1ecb" +SRCREV_machine_qemux86 ?= "16ae5406361af8329b74580697cb738dadeb1ecb" +SRCREV_machine_qemux86-64 ?= "16ae5406361af8329b74580697cb738dadeb1ecb" +SRCREV_machine_qemumips64 ?= "98288b7e79bc8130c2a889d763c9c1aa15ff4939" +SRCREV_machine ?= "16ae5406361af8329b74580697cb738dadeb1ecb" +SRCREV_meta ?= "7cb520d405cd5ca8f21a333941fbc0861bbb36b0" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA} \ " LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" -LINUX_VERSION ?= "4.19.87" +LINUX_VERSION ?= "4.19.107" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.2.bb b/meta/recipes-kernel/linux/linux-yocto_5.2.bb index 358c0ad80a..eab142e1c6 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.2.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.2.bb @@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.2/standard/base" KBRANCH_qemux86-64 ?= "v5.2/standard/base" KBRANCH_qemumips64 ?= "v5.2/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "ed43b791f2cca6e87928fa47556e540333385187" -SRCREV_machine_qemuarm64 ?= "992280855e88289b7e7019ee2cf9dff867c58b94" -SRCREV_machine_qemumips ?= "5d47f37ab0b7bcd5c0aaf0ecbd6d00bb8a22ddf4" -SRCREV_machine_qemuppc ?= "992280855e88289b7e7019ee2cf9dff867c58b94" -SRCREV_machine_qemuriscv64 ?= "992280855e88289b7e7019ee2cf9dff867c58b94" -SRCREV_machine_qemux86 ?= "992280855e88289b7e7019ee2cf9dff867c58b94" -SRCREV_machine_qemux86-64 ?= "992280855e88289b7e7019ee2cf9dff867c58b94" -SRCREV_machine_qemumips64 ?= "894ee953d9c4036003f41e0800315efe3bab8492" -SRCREV_machine ?= "992280855e88289b7e7019ee2cf9dff867c58b94" -SRCREV_meta ?= "dd6019025cbb701b9818102f267c26e87031a59b" +SRCREV_machine_qemuarm ?= "fdb7cd1bb5e4238e5b3d120ce9db31119ec2b5ee" +SRCREV_machine_qemuarm64 ?= "73b12de4c879e4569bef3b2d0ee9c783a9788b27" +SRCREV_machine_qemumips ?= "eb7faee13cfce200e9add4ba1852a3fe5d8b92e6" +SRCREV_machine_qemuppc ?= "73b12de4c879e4569bef3b2d0ee9c783a9788b27" +SRCREV_machine_qemuriscv64 ?= "73b12de4c879e4569bef3b2d0ee9c783a9788b27" +SRCREV_machine_qemux86 ?= "73b12de4c879e4569bef3b2d0ee9c783a9788b27" +SRCREV_machine_qemux86-64 ?= "73b12de4c879e4569bef3b2d0ee9c783a9788b27" +SRCREV_machine_qemumips64 ?= "8e3bfeb7e9b5aa92c5bea941d361ff5b081a2aaa" +SRCREV_machine ?= "73b12de4c879e4569bef3b2d0ee9c783a9788b27" +SRCREV_meta ?= "bb2776d6beaae64b1a0fc902b64376f082085498" # remap qemuarm to qemuarma15 for the 5.2 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.2;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" -LINUX_VERSION ?= "5.2.28" +LINUX_VERSION ?= "5.2.32" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-SUNRPC-Fix-oops-when-trace-sunrpc_task-events-in.patch b/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-SUNRPC-Fix-oops-when-trace-sunrpc_task-events-in.patch deleted file mode 100644 index bdbc4f811e..0000000000 --- a/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-SUNRPC-Fix-oops-when-trace-sunrpc_task-events-in.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 1ff7013bcf7f068cf4371d12d758f9c0fd16a619 Mon Sep 17 00:00:00 2001 -From: Quanyang Wang <quanyang.wang@windriver.com> -Date: Thu, 5 Dec 2019 15:35:32 +0800 -Subject: [PATCH 1/4] Fix: SUNRPC: Fix oops when trace sunrpc_task events in - nfs client - -See upstream commit : - - commit 2ca310fc4160ed0420da65534a21ae77b24326a8 - Author: Ditang Chen <chendt.fnst@cn.fujitsu.com> - Date: Fri, 7 Mar 2014 13:27:57 +0800 - Subject: SUNRPC: Fix oops when trace sunrpc_task events in nfs client - - When tracking sunrpc_task events in nfs client, the clnt pointer may be NULL. - - [ 139.269266] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 - [ 139.269915] IP: [<ffffffffa026f216>] ftrace_raw_event_rpc_task_running+0x86/0xf0 [sunrpc] - [ 139.269915] PGD 1d293067 PUD 1d294067 PMD 0 - [ 139.269915] Oops: 0000 [#1] SMP - [ 139.269915] Modules linked in: nfsv4 dns_resolver nfs lockd sunrpc fscache sg ppdev e1000 - serio_raw pcspkr parport_pc parport i2c_piix4 i2c_core microcode xfs libcrc32c sd_mod sr_mod - cdrom ata_generic crc_t10dif crct10dif_common pata_acpi ahci libahci ata_piix libata dm_mirror - dm_region_hash dm_log dm_mod - [ 139.269915] CPU: 0 PID: 59 Comm: kworker/0:2 Not tainted 3.10.0-84.el7.x86_64 #1 - [ 139.269915] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 - [ 139.269915] Workqueue: rpciod rpc_async_schedule [sunrpc] - [ 139.269915] task: ffff88001b598000 ti: ffff88001b632000 task.ti: ffff88001b632000 - [ 139.269915] RIP: 0010:[<ffffffffa026f216>] [<ffffffffa026f216>] ftrace_raw_event_rpc_task_running+0x86/0xf0 [sunrpc] - [ 139.269915] RSP: 0018:ffff88001b633d70 EFLAGS: 00010206 - [ 139.269915] RAX: ffff88001dfc5338 RBX: ffff88001cc37a00 RCX: ffff88001dfc5334 - [ 139.269915] RDX: ffff88001dfc5338 RSI: 0000000000000000 RDI: ffff88001dfc533c - [ 139.269915] RBP: ffff88001b633db0 R08: 000000000000002c R09: 000000000000000a - [ 139.269915] R10: 0000000000062180 R11: 00000020759fb9dc R12: ffffffffa0292c20 - [ 139.269915] R13: ffff88001dfc5334 R14: 0000000000000000 R15: 0000000000000000 - [ 139.269915] FS: 0000000000000000(0000) GS:ffff88001fc00000(0000) knlGS:0000000000000000 - [ 139.269915] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b - [ 139.269915] CR2: 0000000000000004 CR3: 000000001d290000 CR4: 00000000000006f0 - [ 139.269915] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 - [ 139.269915] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 - [ 139.269915] Stack: - [ 139.269915] 000000001b633d98 0000000000000246 ffff88001df1dc00 ffff88001cc37a00 - [ 139.269915] ffff88001bc35e60 0000000000000000 ffff88001ffa0a48 ffff88001bc35ee0 - [ 139.269915] ffff88001b633e08 ffffffffa02704b5 0000000000010000 ffff88001cc37a70 - [ 139.269915] Call Trace: - [ 139.269915] [<ffffffffa02704b5>] __rpc_execute+0x1d5/0x400 [sunrpc] - [ 139.269915] [<ffffffffa0270706>] rpc_async_schedule+0x26/0x30 [sunrpc] - [ 139.269915] [<ffffffff8107867b>] process_one_work+0x17b/0x460 - [ 139.269915] [<ffffffff8107942b>] worker_thread+0x11b/0x400 - [ 139.269915] [<ffffffff81079310>] ? rescuer_thread+0x3e0/0x3e0 - [ 139.269915] [<ffffffff8107fc80>] kthread+0xc0/0xd0 - [ 139.269915] [<ffffffff8107fbc0>] ? kthread_create_on_node+0x110/0x110 - [ 139.269915] [<ffffffff815d122c>] ret_from_fork+0x7c/0xb0 - [ 139.269915] [<ffffffff8107fbc0>] ? kthread_create_on_node+0x110/0x110 - [ 139.269915] Code: 4c 8b 45 c8 48 8d 7d d0 89 4d c4 41 89 c9 b9 28 00 00 00 e8 9d b4 e9 - e0 48 85 c0 49 89 c5 74 a2 48 89 c7 e8 9d 3f e9 e0 48 89 c2 <41> 8b 46 04 48 8b 7d d0 4c - 89 e9 4c 89 e6 89 42 0c 0f b7 83 d4 - [ 139.269915] RIP [<ffffffffa026f216>] ftrace_raw_event_rpc_task_running+0x86/0xf0 [sunrpc] - [ 139.269915] RSP <ffff88001b633d70> - [ 139.269915] CR2: 0000000000000004 - [ 140.946406] ---[ end trace ba486328b98d7622 ]--- - -Upstream-Status: Backport [https://github.com/lttng/lttng-modules/commit/2b228b503cad10bf0c5a99b42a908ca906eab5b9] - -Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com> -Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> ---- - instrumentation/events/lttng-module/rpc.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/instrumentation/events/lttng-module/rpc.h b/instrumentation/events/lttng-module/rpc.h -index 3798e8e..fb13106 100644 ---- a/instrumentation/events/lttng-module/rpc.h -+++ b/instrumentation/events/lttng-module/rpc.h -@@ -139,7 +139,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_running, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(unsigned int, client_id, task->tk_client->cl_clid) -+ ctf_integer(unsigned int, client_id, task->tk_client ? task->tk_client->cl_clid : -1) - ctf_integer_hex(const void *, action, action) - ctf_integer(unsigned long, runstate, task->tk_runstate) - ctf_integer(int, status, task->tk_status) -@@ -208,7 +208,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_running, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(unsigned int, client_id, task->tk_client->cl_clid) -+ ctf_integer(unsigned int, client_id, task->tk_client ? task->tk_client->cl_clid : -1) - ctf_integer_hex(const void *, action, action) - ctf_integer(unsigned long, runstate, task->tk_runstate) - ctf_integer(int, status, task->tk_status) --- -2.17.1 - diff --git a/meta/recipes-kernel/lttng/lttng-modules/0002-Fix-sunrpc-null-rpc_clnt-dereference-in-rpc_task_que.patch b/meta/recipes-kernel/lttng/lttng-modules/0002-Fix-sunrpc-null-rpc_clnt-dereference-in-rpc_task_que.patch deleted file mode 100644 index 03264bac68..0000000000 --- a/meta/recipes-kernel/lttng/lttng-modules/0002-Fix-sunrpc-null-rpc_clnt-dereference-in-rpc_task_que.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 032a74d83b263c4faead8e4c25d497fb8ea07b6e Mon Sep 17 00:00:00 2001 -From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> -Date: Thu, 12 Dec 2019 10:29:02 -0500 -Subject: [PATCH 2/4] Fix: sunrpc: null rpc_clnt dereference in rpc_task_queued - tracepoint - -Based on upstream Linux commit: - -commit 0be283f676a1e7b208db0c992283197ef8b52158 -Author: Benjamin Coddington <bcodding@redhat.com> -Date: Tue Jan 23 09:32:35 2018 -0500 - - SUNRPC: Fix null rpc_clnt dereference in rpc_task_queued tracepoint - - Backchannel tasks will not have a reference to the rpc_clnt. Return -1 for - cl_clid in that case. - - Signed-off-by: Benjamin Coddington <bcodding@redhat.com> - Signed-off-by: Trond Myklebust <trondmy@gmail.com> - -Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> -Upstream-Status: Backport [https://github.com/lttng/lttng-modules/commit/8f83a9103dcdf4f6b73783427fc5ded4869309d5] -Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com> ---- - instrumentation/events/lttng-module/rpc.h | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/instrumentation/events/lttng-module/rpc.h b/instrumentation/events/lttng-module/rpc.h -index fb13106..68c622c 100644 ---- a/instrumentation/events/lttng-module/rpc.h -+++ b/instrumentation/events/lttng-module/rpc.h -@@ -176,7 +176,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_queued, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(unsigned int, client_id, task->tk_client->cl_clid) -+ ctf_integer(unsigned int, client_id, task->tk_client ? -+ task->tk_client->cl_clid : -1) - ctf_integer(unsigned long, timeout, task->tk_timeout) - ctf_integer(unsigned long, runstate, task->tk_runstate) - ctf_integer(int, status, task->tk_status) --- -2.17.1 - diff --git a/meta/recipes-kernel/lttng/lttng-modules/0003-Fix-sunrpc-use-signed-integer-for-client-id.patch b/meta/recipes-kernel/lttng/lttng-modules/0003-Fix-sunrpc-use-signed-integer-for-client-id.patch deleted file mode 100644 index c7529f16dd..0000000000 --- a/meta/recipes-kernel/lttng/lttng-modules/0003-Fix-sunrpc-use-signed-integer-for-client-id.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 70389e422dd3146161089d454f525367c9046ecd Mon Sep 17 00:00:00 2001 -From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> -Date: Thu, 12 Dec 2019 10:29:37 -0500 -Subject: [PATCH 3/4] Fix: sunrpc: use signed integer for client id - -Within include/linux/sunrpc/clnt.h:struct rpc_cltn, the cl_clid field -is an unsigned integer, which is the type expected by the tracepoint -signature. - -However, looking into net/sunrpc/clnt.c:rpc_alloc_clid(), its allocation -considers negative signed integer as errors. - -Therefore, in order to properly show "-1" in the trace output (rather -than MAX_INT) when called with a NULL task->tk_client, move to a -signed integer as backing type for the client_id field. - -Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> -Upstream-Status: Backport [https://github.com/lttng/lttng-modules/commit/cc7bb0aa52cae22255581d67841449bb8ea36fda] -Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com> ---- - instrumentation/events/lttng-module/rpc.h | 19 +++++++++++-------- - 1 file changed, 11 insertions(+), 8 deletions(-) - -diff --git a/instrumentation/events/lttng-module/rpc.h b/instrumentation/events/lttng-module/rpc.h -index 68c622c..2d06e55 100644 ---- a/instrumentation/events/lttng-module/rpc.h -+++ b/instrumentation/events/lttng-module/rpc.h -@@ -18,7 +18,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_status, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(unsigned int, client_id, task->tk_client->cl_clid) -+ ctf_integer(int, client_id, task->tk_client->cl_clid) - ctf_integer(int, status, task->tk_status) - ) - ) -@@ -43,7 +43,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_status, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(unsigned int, client_id, task->tk_client->cl_clid) -+ ctf_integer(int, client_id, task->tk_client->cl_clid) - ctf_integer(int, status, task->tk_status) - ) - ) -@@ -100,7 +100,7 @@ LTTNG_TRACEPOINT_EVENT(rpc_connect_status, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(unsigned int, client_id, task->tk_client->cl_clid) -+ ctf_integer(int, client_id, task->tk_client->cl_clid) - ctf_integer(int, status, task->tk_status) - ) - ) -@@ -112,7 +112,7 @@ LTTNG_TRACEPOINT_EVENT(rpc_connect_status, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(unsigned int, client_id, task->tk_client->cl_clid) -+ ctf_integer(int, client_id, task->tk_client->cl_clid) - ctf_integer(int, status, status) - ) - ) -@@ -139,7 +139,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_running, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(unsigned int, client_id, task->tk_client ? task->tk_client->cl_clid : -1) -+ ctf_integer(int, client_id, task->tk_client ? -+ task->tk_client->cl_clid : -1) - ctf_integer_hex(const void *, action, action) - ctf_integer(unsigned long, runstate, task->tk_runstate) - ctf_integer(int, status, task->tk_status) -@@ -176,7 +177,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_queued, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(unsigned int, client_id, task->tk_client ? -+ ctf_integer(int, client_id, task->tk_client ? - task->tk_client->cl_clid : -1) - ctf_integer(unsigned long, timeout, task->tk_timeout) - ctf_integer(unsigned long, runstate, task->tk_runstate) -@@ -209,7 +210,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_running, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(unsigned int, client_id, task->tk_client ? task->tk_client->cl_clid : -1) -+ ctf_integer(int, client_id, task->tk_client ? -+ task->tk_client->cl_clid : -1) - ctf_integer_hex(const void *, action, action) - ctf_integer(unsigned long, runstate, task->tk_runstate) - ctf_integer(int, status, task->tk_status) -@@ -246,7 +248,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_queued, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(unsigned int, client_id, task->tk_client->cl_clid) -+ ctf_integer(int, client_id, task->tk_client ? -+ task->tk_client->cl_clid : -1) - ctf_integer(unsigned long, timeout, task->tk_timeout) - ctf_integer(unsigned long, runstate, task->tk_runstate) - ctf_integer(int, status, task->tk_status) --- -2.17.1 - diff --git a/meta/recipes-kernel/lttng/lttng-modules/0004-sunrpc-introduce-lttng_get_clid-helper.patch b/meta/recipes-kernel/lttng/lttng-modules/0004-sunrpc-introduce-lttng_get_clid-helper.patch deleted file mode 100644 index 4dd726cf2c..0000000000 --- a/meta/recipes-kernel/lttng/lttng-modules/0004-sunrpc-introduce-lttng_get_clid-helper.patch +++ /dev/null @@ -1,130 +0,0 @@ -From b6903d57e4c3234ec5b1c7f72e232023cdee0fab Mon Sep 17 00:00:00 2001 -From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> -Date: Thu, 12 Dec 2019 10:39:38 -0500 -Subject: [PATCH 4/4] sunrpc: introduce lttng_get_clid helper - -Introduce the lttng_get_clid helper to always check for NULL pointer -when getting the client id. While not always strictly needed depending -on the tracepoint callsite, prefer robustness of instrumentation and -always check for NULL rather than play whack-a-mole. - -Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> -Upstream-Status: Backport [https://github.com/lttng/lttng-modules/commit/1330a091a687a406513c3a326c2fc2a0dbe75536] -Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com> ---- - instrumentation/events/lttng-module/rpc.h | 43 ++++++++++++++++------- - 1 file changed, 31 insertions(+), 12 deletions(-) - -diff --git a/instrumentation/events/lttng-module/rpc.h b/instrumentation/events/lttng-module/rpc.h -index 2d06e55..ceaf9db 100644 ---- a/instrumentation/events/lttng-module/rpc.h -+++ b/instrumentation/events/lttng-module/rpc.h -@@ -9,6 +9,29 @@ - #include <linux/sunrpc/sched.h> - #include <linux/sunrpc/clnt.h> - -+#ifndef ONCE_LTTNG_RPC_H -+#define ONCE_LTTNG_RPC_H -+ -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,12,0)) -+static inline -+int lttng_get_clid(const struct rpc_task *task) -+{ -+ struct rpc_clnt *tk_client; -+ -+ tk_client = task->tk_client; -+ if (!tk_client) -+ return -1; -+ /* -+ * The cl_clid field is always initialized to positive signed -+ * integers. Negative signed integer values are treated as -+ * errors. -+ */ -+ return (int) tk_client->cl_clid; -+} -+#endif /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,12,0)) */ -+ -+#endif /* ONCE_LTTNG_RPC_H */ -+ - #if (LINUX_VERSION_CODE >= KERNEL_VERSION(5,0,0)) - LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_status, - -@@ -18,7 +41,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_status, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(int, client_id, task->tk_client->cl_clid) -+ ctf_integer(int, client_id, lttng_get_clid(task)) - ctf_integer(int, status, task->tk_status) - ) - ) -@@ -43,7 +66,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_status, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(int, client_id, task->tk_client->cl_clid) -+ ctf_integer(int, client_id, lttng_get_clid(task)) - ctf_integer(int, status, task->tk_status) - ) - ) -@@ -100,7 +123,7 @@ LTTNG_TRACEPOINT_EVENT(rpc_connect_status, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(int, client_id, task->tk_client->cl_clid) -+ ctf_integer(int, client_id, lttng_get_clid(task)) - ctf_integer(int, status, task->tk_status) - ) - ) -@@ -112,7 +135,7 @@ LTTNG_TRACEPOINT_EVENT(rpc_connect_status, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(int, client_id, task->tk_client->cl_clid) -+ ctf_integer(int, client_id, lttng_get_clid(task)) - ctf_integer(int, status, status) - ) - ) -@@ -139,8 +162,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_running, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(int, client_id, task->tk_client ? -- task->tk_client->cl_clid : -1) -+ ctf_integer(int, client_id, lttng_get_clid(task)) - ctf_integer_hex(const void *, action, action) - ctf_integer(unsigned long, runstate, task->tk_runstate) - ctf_integer(int, status, task->tk_status) -@@ -177,8 +199,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_queued, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(int, client_id, task->tk_client ? -- task->tk_client->cl_clid : -1) -+ ctf_integer(int, client_id, lttng_get_clid(task)) - ctf_integer(unsigned long, timeout, task->tk_timeout) - ctf_integer(unsigned long, runstate, task->tk_runstate) - ctf_integer(int, status, task->tk_status) -@@ -210,8 +231,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_running, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(int, client_id, task->tk_client ? -- task->tk_client->cl_clid : -1) -+ ctf_integer(int, client_id, lttng_get_clid(task)) - ctf_integer_hex(const void *, action, action) - ctf_integer(unsigned long, runstate, task->tk_runstate) - ctf_integer(int, status, task->tk_status) -@@ -248,8 +268,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_queued, - - TP_FIELDS( - ctf_integer(unsigned int, task_id, task->tk_pid) -- ctf_integer(int, client_id, task->tk_client ? -- task->tk_client->cl_clid : -1) -+ ctf_integer(int, client_id, lttng_get_clid(task)) - ctf_integer(unsigned long, timeout, task->tk_timeout) - ctf_integer(unsigned long, runstate, task->tk_runstate) - ctf_integer(int, status, task->tk_status) --- -2.17.1 - diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.10.11.bb b/meta/recipes-kernel/lttng/lttng-modules_2.10.14.bb index cc4f44519a..1c24e94902 100644 --- a/meta/recipes-kernel/lttng/lttng-modules_2.10.11.bb +++ b/meta/recipes-kernel/lttng/lttng-modules_2.10.14.bb @@ -14,14 +14,10 @@ COMPATIBLE_HOST = '(x86_64|i.86|powerpc|aarch64|mips|nios2|arm|riscv).*-linux' SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \ file://Makefile-Do-not-fail-if-CONFIG_TRACEPOINTS-is-not-en.patch \ file://BUILD_RUNTIME_BUG_ON-vs-gcc7.patch \ - file://0001-Fix-SUNRPC-Fix-oops-when-trace-sunrpc_task-events-in.patch \ - file://0002-Fix-sunrpc-null-rpc_clnt-dereference-in-rpc_task_que.patch \ - file://0003-Fix-sunrpc-use-signed-integer-for-client-id.patch \ - file://0004-sunrpc-introduce-lttng_get_clid-helper.patch \ " -SRC_URI[md5sum] = "c618fb646514dfc1bf910cfd7cda4256" -SRC_URI[sha256sum] = "7f91e39b2e8e46d8bbba2b4c8c1614f1fb380611cd1a1fccc1d1859be26112f1" +SRC_URI[md5sum] = "3e9ed67a2da17edf93194f8a5e75a246" +SRC_URI[sha256sum] = "d0ba614a9cac3daf8ac034837f8b786e6be2ce0242aeecef7096bed5e03b762c" export INSTALL_MOD_DIR="kernel/lttng-modules" @@ -44,7 +40,7 @@ SRC_URI_class-devupstream = "git://git.lttng.org/lttng-modules;branch=stable-2.1 file://Makefile-Do-not-fail-if-CONFIG_TRACEPOINTS-is-not-en.patch \ file://BUILD_RUNTIME_BUG_ON-vs-gcc7.patch \ " -SRCREV_class-devupstream = "624aca5d7507fbd11ea4a1a474c3aa1031bd9a31" -PV_class-devupstream = "2.10.10+git${SRCPV}" +SRCREV_class-devupstream = "b34304f146ea234ea764580d7ce1b03d05a215f9" +PV_class-devupstream = "2.10.14+git${SRCPV}" S_class-devupstream = "${WORKDIR}/git" SRCREV_FORMAT ?= "lttng_git" diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb index 8201c0cb60..90f05c0e62 100644 --- a/meta/recipes-kernel/perf/perf.bb +++ b/meta/recipes-kernel/perf/perf.bb @@ -51,7 +51,7 @@ export PYTHON_SITEPACKAGES_DIR #kernel 3.1+ supports WERROR to disable warnings as errors export WERROR = "0" -do_populate_lic[depends] += "virtual/kernel:do_patch" +do_populate_lic[depends] += "virtual/kernel:do_shared_workdir" # needed for building the tools/perf Perl binding include ${@bb.utils.contains('PACKAGECONFIG', 'scripting', 'perf-perl.inc', '', d)} diff --git a/meta/recipes-sato/webkit/webkitgtk/fix-link-error.patch b/meta/recipes-sato/webkit/webkitgtk/fix-link-error.patch new file mode 100755 index 0000000000..9696ddd691 --- /dev/null +++ b/meta/recipes-sato/webkit/webkitgtk/fix-link-error.patch @@ -0,0 +1,45 @@ +webkitgtk: fix an occasional link error + +Part of ae465a4e... Changelog is not included in the source tarball. + +Upstream-Status: backport [git://git.webkit.org/WebKit.git] + +commit ae465a4e3b1498b6c4038fc7e596e0e3662d116f +Author: Hironori.Fujii@sony.com <Hironori.Fujii@sony.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> +Date: Fri Jun 28 07:38:09 2019 +0000 + + [Win] unresolved external symbol "JSC::JSObject::didBecomePrototype(void)" referenced in function "JSC::Structure::create(...)" + https://bugs.webkit.org/show_bug.cgi?id=199312 + + Reviewed by Keith Miller. + + WinCairo port, clang-cl Release builds reported a following linkage error: + + > WebCore.lib(UnifiedSource-4babe430-10.cpp.obj) : error LNK2019: unresolved external symbol "public: void __cdecl JSC::JSObject::didBecomePrototype(void)" (?didBecomePrototype@JSObject@JSC@@QEAAXXZ) referenced in function "public: static class JSC::Structure * __cdecl JSC::Structure::create(class JSC::VM &,class JSC::JSGlobalObject *,class JSC::JSValue,class JSC::TypeInfo const &,struct JSC::ClassInfo const *,unsigned char,unsigned int)" (?create@Structure@JSC@@SAPEAV12@AEAVVM@2@PEAVJSGlobalObject@2@VJSValue@2@AEBVTypeInfo@2@PEBUClassInfo@2@EI@Z) + + No new tests because there is no behavior change. + + * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp: Include <JavaScriptCore/JSCInlines.h>, + and do not include headers which is included by it. + + git-svn-id: http://svn.webkit.org/repository/webkit/trunk@246922 268f45cc-cd09-0410-ab3c-d52691b4dbfc + +[ modification of Changelog deleted ] + +diff --git a/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp b/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp +index d1b047c..0899a9a 100644 +--- a/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp ++++ b/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp +@@ -49,11 +49,8 @@ + #include "SQLiteTransaction.h" + #include "ThreadSafeDataBuffer.h" + #include <JavaScriptCore/AuxiliaryBarrierInlines.h> +-#include <JavaScriptCore/HeapInlines.h> +-#include <JavaScriptCore/JSCJSValueInlines.h> +-#include <JavaScriptCore/JSGlobalObject.h> ++#include <JavaScriptCore/JSCInlines.h> + #include <JavaScriptCore/StrongInlines.h> +-#include <JavaScriptCore/StructureInlines.h> + #include <wtf/FileSystem.h> + #include <wtf/NeverDestroyed.h> + #include <wtf/text/StringConcatenateNumbers.h> diff --git a/meta/recipes-sato/webkit/webkitgtk_2.24.4.bb b/meta/recipes-sato/webkit/webkitgtk_2.24.4.bb index c090782411..1c71762945 100644 --- a/meta/recipes-sato/webkit/webkitgtk_2.24.4.bb +++ b/meta/recipes-sato/webkit/webkitgtk_2.24.4.bb @@ -23,6 +23,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \ file://include_array.patch \ file://narrowing.patch \ file://0001-gstreamer-add-a-missing-format-string.patch \ + file://fix-link-error.patch \ " SRC_URI[md5sum] = "c214963d8c0e7d83460da04a0d8dda87" diff --git a/meta/recipes-support/aspell/aspell/CVE-2019-20433-0001.patch b/meta/recipes-support/aspell/aspell/CVE-2019-20433-0001.patch new file mode 100644 index 0000000000..fd68461e32 --- /dev/null +++ b/meta/recipes-support/aspell/aspell/CVE-2019-20433-0001.patch @@ -0,0 +1,999 @@ +From de29341638833ba7717bd6b5e6850998454b044b Mon Sep 17 00:00:00 2001 +From: Kevin Atkinson <kevina@gnu.org> +Date: Sat, 17 Aug 2019 17:06:53 -0400 +Subject: [PATCH 1/2] Don't allow null-terminated UCS-2/4 strings using the + original API. + +Detect if the encoding is UCS-2/4 and the length is -1 in affected API +functions and refuse to convert the string. If the string ends up +being converted somehow, abort with an error message in DecodeDirect +and ConvDirect. To convert a null terminated string in +Decode/ConvDirect, a negative number corresponding to the width of the +underlying character type for the encoding is expected; for example, +if the encoding is "ucs-2" then a the size is expected to be -2. + +Also fix a 1-3 byte over-read in DecodeDirect when reading UCS-2/4 +strings when a size is provided (found by OSS-Fuzz). + +Also fix a bug in DecodeDirect that caused DocumentChecker to return +the wrong offsets when working with UCS-2/4 strings. + +CVE: CVE-2019-20433 +Upstream-Status: Backport [https://github.com/GNUAspell/aspell/commit/de29341638833ba7717bd6b5e6850998454b044b] + +[SG: - adjusted context + - discarded test changes as test framework is not available + - discarded manual entry changes for features that aren't backported] +Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> +--- + auto/MkSrc/CcHelper.pm | 99 ++++++++++++++++++++++++++++++++++--- + auto/MkSrc/Create.pm | 5 +- + auto/MkSrc/Info.pm | 5 +- + auto/MkSrc/ProcCc.pm | 24 +++++---- + auto/MkSrc/ProcImpl.pm | 57 +++++++++++++++------ + auto/MkSrc/Read.pm | 4 +- + auto/mk-src.in | 44 +++++++++++++++-- + common/convert.cpp | 39 ++++++++++++--- + common/convert.hpp | 38 +++++++++++++- + common/document_checker.cpp | 17 ++++++- + common/document_checker.hpp | 1 + + common/version.cpp | 15 ++++-- + configure.ac | 8 +++ + manual/aspell.texi | 58 ++++++++++++++++------ + manual/readme.texi | 70 +++++++++++++++++++++----- + 15 files changed, 409 insertions(+), 75 deletions(-) + +diff --git a/auto/MkSrc/CcHelper.pm b/auto/MkSrc/CcHelper.pm +index f2de991..0044335 100644 +--- a/auto/MkSrc/CcHelper.pm ++++ b/auto/MkSrc/CcHelper.pm +@@ -10,8 +10,8 @@ BEGIN { + use Exporter; + our @ISA = qw(Exporter); + our @EXPORT = qw(to_c_return_type c_error_cond +- to_type_name make_desc make_func call_func +- make_c_method call_c_method form_c_method ++ to_type_name make_desc make_func call_func get_c_func_name ++ make_c_method make_wide_macro call_c_method form_c_method + make_cxx_method); + } + +@@ -90,6 +90,69 @@ sub make_func ( $ \@ $ ; \% ) { + ')')); + } + ++=item make_wide_version NAME @TYPES PARMS ; %ACCUM ++ ++Creates the wide character version of the function if needed ++ ++=cut ++ ++sub make_wide_version ( $ \@ $ ; \% ) { ++ my ($name, $d, $p, $accum) = @_; ++ my @d = @$d; ++ shift @d; ++ return '' unless grep {$_->{type} eq 'encoded string'} @d; ++ $accum->{sys_headers}{'stddef.h'} = true; ++ $accum->{suffix}[5] = <<'---'; ++ ++/******************* private implemantion details *********************/ ++ ++#ifdef __cplusplus ++# define aspell_cast_(type, expr) (static_cast<type>(expr)) ++# define aspell_cast_from_wide_(str) (static_cast<const void *>(str)) ++#else ++# define aspell_cast_(type, expr) ((type)(expr)) ++# define aspell_cast_from_wide_(str) ((const char *)(str)) ++#endif ++--- ++ my @parms = map {$_->{type} eq 'encoded string' ++ ? ($_->{name}, $_->{name}.'_size') ++ : $_->{name}} @d; ++ $name = to_lower $name; ++ $accum->{suffix}[0] = <<'---'; ++/**********************************************************************/ ++ ++#ifdef ASPELL_ENCODE_SETTING_SECURE ++--- ++ $accum->{suffix}[2] = "#endif\n"; ++ my @args = map {$_->{type} eq 'encoded string' ++ ? ($_->{name}, "$_->{name}_size", '-1') ++ : $_->{name}} @d; ++ $accum->{suffix}[1] .= ++ (join '', ++ "#define $name", ++ '(', join(', ', @parms), ')', ++ "\\\n ", ++ $name, '_wide', ++ '(', join(', ', @args), ')', ++ "\n"); ++ @args = map {$_->{type} eq 'encoded string' ++ ? ("aspell_cast_from_wide_($_->{name})", ++ "$_->{name}_size*aspell_cast_(int,sizeof(*($_->{name})))", ++ "sizeof(*($_->{name}))") ++ : $_->{name}} @d; ++ return (join '', ++ "\n", ++ "/* version of $name that is safe to use with (null terminated) wide characters */\n", ++ '#define ', ++ $name, '_w', ++ '(', join(', ', @parms), ')', ++ "\\\n ", ++ $name, '_wide', ++ '(', join(', ', @args), ')', ++ "\n"); ++} ++ ++ + =item call_func NAME @TYPES PARMS ; %ACCUM + + Return a string to call a func. Will prefix the function with return +@@ -103,7 +166,6 @@ Parms can be any of: + + sub call_func ( $ \@ $ ; \% ) { + my ($name, $d, $p, $accum) = @_; +- $accum = {} unless defined $accum; + my @d = @$d; + my $func_ret = to_type_name(shift @d, {%$p,pos=>'return'}, %$accum); + return (join '', +@@ -148,8 +210,14 @@ sub to_type_name ( $ $ ; \% ) { + my $name = $t->{name}; + my $type = $t->{type}; + +- return ( (to_type_name {%$d, type=>'string'}, $p, %$accum) , +- (to_type_name {%$d, type=>'int', name=>"$d->{name}_size"}, $p, %$accum) ) ++ if ($name eq 'encoded string' && $is_cc && $pos eq 'parm') { ++ my @types = ((to_type_name {%$d, type=>($p->{wide}?'const void pointer':'string')}, $p, %$accum), ++ (to_type_name {%$d, type=>'int', name=>"$d->{name}_size"}, $p, %$accum)); ++ push @types, (to_type_name {%$d, type=>'int', name=>"$d->{name}_type_width"}, $p, %$accum) if $p->{wide}; ++ return @types; ++ } ++ return ( (to_type_name {%$d, type=>($p->{wide}?'const void pointer':'string')}, $p, %$accum) , ++ (to_type_name {%$d, type=>'int', name=>"$d->{name}_size"}, $p, %$accum) ) + if $name eq 'encoded string' && $is_cc && $pos eq 'parm'; + + my $str; +@@ -174,7 +242,7 @@ sub to_type_name ( $ $ ; \% ) { + $str .= "String"; + } + } elsif ($name eq 'encoded string') { +- $str .= "const char *"; ++ $str .= $p->{wide} ? "const void *" : "const char *"; + } elsif ($name eq '') { + $str .= "void"; + } elsif ($name eq 'bool' && $is_cc) { +@@ -186,7 +254,7 @@ sub to_type_name ( $ $ ; \% ) { + if ($t->{pointer}) { + $accum->{types}->{$name} = $t; + } else { +- $accum->{headers}->{$t->{created_in}} = true; ++ $accum->{headers}->{$t->{created_in}} = true unless $mode eq 'cc'; + } + $str .= "$c_type Aspell" if $mode eq 'cc'; + $str .= to_mixed($name); +@@ -214,6 +282,7 @@ sub to_type_name ( $ $ ; \% ) { + return $str; + } + ++ + =item make_desc DESC ; LEVEL + + Make a C comment out of DESC optionally indenting it LEVEL spaces. +@@ -286,6 +355,7 @@ sub form_c_method ($ $ $ ; \% ) + } else { + $func = "aspell $class $name"; + } ++ $func .= " wide" if $p->{wide}; + if (exists $d->{'const'}) { + splice @data, 1, 0, {type => "const $class", name=> $this_name}; + } else { +@@ -306,6 +376,21 @@ sub make_c_method ($ $ $ ; \%) + return &make_func(@ret); + } + ++sub get_c_func_name ($ $ $) ++{ ++ my @ret = &form_c_method(@_); ++ return undef unless @ret > 0; ++ return to_lower $ret[0]; ++} ++ ++sub make_wide_macro ($ $ $ ; \%) ++{ ++ my @ret = &form_c_method(@_); ++ return undef unless @ret > 0; ++ my $str = &make_wide_version(@ret); ++ return $str; ++} ++ + sub call_c_method ($ $ $ ; \%) + { + my @ret = &form_c_method(@_); +diff --git a/auto/MkSrc/Create.pm b/auto/MkSrc/Create.pm +index d39b60e..630ede5 100644 +--- a/auto/MkSrc/Create.pm ++++ b/auto/MkSrc/Create.pm +@@ -77,8 +77,10 @@ sub create_cc_file ( % ) { + $file .= "#include \"aspell.h\"\n" if $p{type} eq 'cxx'; + $file .= "#include \"settings.h\"\n" if $p{type} eq 'native_impl' && $p{name} eq 'errors'; + $file .= "#include \"gettext.h\"\n" if $p{type} eq 'native_impl' && $p{name} eq 'errors'; ++ $file .= cmap {"#include <$_>\n"} sort keys %{$accum{sys_headers}}; + $file .= cmap {"#include \"".to_lower($_).".hpp\"\n"} sort keys %{$accum{headers}}; +- $file .= "#ifdef __cplusplus\nextern \"C\" {\n#endif\n" if $p{header} && !$p{cxx}; ++ $file .= "\n#ifdef __cplusplus\nextern \"C\" {\n#endif\n" if $p{header} && !$p{cxx}; ++ $file .= join('', grep {defined $_} @{$accum{prefix}}); + $file .= "\nnamespace $p{namespace} {\n\n" if $p{cxx}; + if (defined $info{forward}{proc}{$p{type}}) { + my @types = sort {$a->{name} cmp $b->{name}} (values %{$accum{types}}); +@@ -86,6 +88,7 @@ sub create_cc_file ( % ) { + } + $file .= "\n"; + $file .= $body; ++ $file .= join('', grep {defined $_} @{$accum{suffix}}); + $file .= "\n\n}\n\n" if $p{cxx}; + $file .= "#ifdef __cplusplus\n}\n#endif\n" if $p{header} && !$p{cxx}; + $file .= "#endif /* $hm */\n" if $p{header}; +diff --git a/auto/MkSrc/Info.pm b/auto/MkSrc/Info.pm +index c644028..ace8e21 100644 +--- a/auto/MkSrc/Info.pm ++++ b/auto/MkSrc/Info.pm +@@ -60,6 +60,7 @@ each proc sub should take the following argv + the object from which it is a member of + no native: do not attempt to create a native implementation + treat as object: treat as a object rather than a pointer ++ no conv: do not converted an encoded string + + The %info structure is initialized as follows: + +@@ -104,8 +105,8 @@ The %info structure is initialized as follows: + errors => {}, # possible errors + method => { + # A class method +- options => ['desc', 'posib err', 'c func', 'const', +- 'c only', 'c impl', 'cxx impl'], ++ options => ['desc', 'posib err', 'c func', 'const', 'no conv', 'on conv error', ++ 'c only', 'c impl', 'cxx impl', 'cc extra'], + groups => undef}, + constructor => { + # A class constructor +diff --git a/auto/MkSrc/ProcCc.pm b/auto/MkSrc/ProcCc.pm +index 47c4338..98cc435 100644 +--- a/auto/MkSrc/ProcCc.pm ++++ b/auto/MkSrc/ProcCc.pm +@@ -23,7 +23,7 @@ use MkSrc::Info; + sub make_c_object ( $ @ ); + + $info{group}{proc}{cc} = sub { +- my ($data) = @_; ++ my ($data,@rest) = @_; + my $ret; + my $stars = (70 - length $data->{name})/2; + $ret .= "/"; +@@ -33,14 +33,14 @@ $info{group}{proc}{cc} = sub { + $ret .= "/\n"; + foreach my $d (@{$data->{data}}) { + $ret .= "\n\n"; +- $ret .= $info{$d->{type}}{proc}{cc}->($d); ++ $ret .= $info{$d->{type}}{proc}{cc}->($d,@rest); + } + $ret .= "\n\n"; + return $ret; + }; + + $info{enum}{proc}{cc} = sub { +- my ($d) = @_; ++ my ($d,@rest) = @_; + my $n = "Aspell".to_mixed($d->{name}); + return ("\n". + make_desc($d->{desc}). +@@ -58,21 +58,26 @@ $info{struct}{proc}{cc} = sub { + }; + + $info{union}{proc}{cc} = sub { +- return make_c_object "union", $_[0]; ++ return make_c_object "union", @_; + }; + + $info{class}{proc}{cc} = sub { +- my ($d) = @_; ++ my ($d,$accum) = @_; + my $class = $d->{name}; + my $classname = "Aspell".to_mixed($class); + my $ret = ""; + $ret .= "typedef struct $classname $classname;\n\n"; + foreach (@{$d->{data}}) { +- my $s = make_c_method($class, $_, {mode=>'cc'}); ++ my $s = make_c_method($class, $_, {mode=>'cc'}, %$accum); + next unless defined $s; + $ret .= "\n"; + $ret .= make_desc($_->{desc}); +- $ret .= make_c_method($class, $_, {mode=>'cc'}).";\n"; ++ $ret .= make_c_method($class, $_, {mode=>'cc'}, %$accum).";\n"; ++ if (grep {$_->{type} eq 'encoded string'} @{$_->{data}}) { ++ $ret .= make_c_method($class, $_, {mode=>'cc', wide=>true}, %$accum).";\n"; ++ $ret .= make_wide_macro($class, $_, {mode=>'cc'}, %$accum); ++ } ++ $ret .= "\n".$_->{'cc extra'}."\n" if defined $_->{'cc extra'}; + } + $ret .= "\n"; + return $ret; +@@ -105,7 +110,8 @@ $info{errors}{proc}{cc} = sub { + }; + + sub make_c_object ( $ @ ) { +- my ($t, $d) = @_; ++ my ($t, $d, $accum) = @_; ++ $accum = {} unless defined $accum; + my $struct; + $struct .= "Aspell"; + $struct .= to_mixed($d->{name}); +@@ -120,7 +126,7 @@ sub make_c_object ( $ @ ) { + "\n};\n"), + "typedef $t $struct $struct;", + join ("\n", +- map {make_c_method($d->{name}, $_, {mode=>'cc'}).";"} ++ map {make_c_method($d->{name}, $_, {mode=>'cc'}, %$accum).";"} + grep {$_->{type} eq 'method'} + @{$d->{data}}) + )."\n"; +diff --git a/auto/MkSrc/ProcImpl.pm b/auto/MkSrc/ProcImpl.pm +index b8628fd..3d0f220 100644 +--- a/auto/MkSrc/ProcImpl.pm ++++ b/auto/MkSrc/ProcImpl.pm +@@ -45,10 +45,13 @@ $info{class}{proc}{impl} = sub { + foreach (grep {$_ ne ''} split /\s*,\s*/, $data->{'c impl headers'}) { + $accum->{headers}{$_} = true; + } +- foreach my $d (@{$data->{data}}) { ++ my @d = @{$data->{data}}; ++ while (@d) { ++ my $d = shift @d; ++ my $need_wide = false; + next unless one_of $d->{type}, qw(method constructor destructor); + my @parms = @{$d->{data}} if exists $d->{data}; +- my $m = make_c_method $data->{name}, $d, {mode=>'cc_cxx', use_name=>true}, %$accum; ++ my $m = make_c_method $data->{name}, $d, {mode=>'cc_cxx', use_name=>true, wide=>$d->{wide}}, %$accum; + next unless defined $m; + $ret .= "extern \"C\" $m\n"; + $ret .= "{\n"; +@@ -57,24 +60,49 @@ $info{class}{proc}{impl} = sub { + } else { + if ($d->{type} eq 'method') { + my $ret_type = shift @parms; +- my $ret_native = to_type_name $ret_type, {mode=>'native_no_err', pos=>'return'}, %$accum; ++ my $ret_native = to_type_name $ret_type, {mode=>'native_no_err', pos=>'return', wide=>$d->{wide}}, %$accum; + my $snum = 0; ++ my $call_fun = $d->{name}; ++ my @call_parms; + foreach (@parms) { + my $n = to_lower($_->{name}); +- if ($_->{type} eq 'encoded string') { +- $accum->{headers}{'mutable string'} = true; +- $accum->{headers}{'convert'} = true; +- $ret .= " ths->temp_str_$snum.clear();\n"; +- $ret .= " ths->to_internal_->convert($n, ${n}_size, ths->temp_str_$snum);\n"; +- $ret .= " unsigned int s$snum = ths->temp_str_$snum.size();\n"; +- $_ = "MutableString(ths->temp_str_$snum.mstr(), s$snum)"; +- $snum++; ++ if ($_->{type} eq 'encoded string' && !exists($d->{'no conv'})) { ++ $need_wide = true unless $d->{wide}; ++ die unless exists $d->{'posib err'}; ++ $accum->{headers}{'mutable string'} = true; ++ $accum->{headers}{'convert'} = true; ++ my $name = get_c_func_name $data->{name}, $d, {mode=>'cc_cxx', use_name=>true, wide=>$d->{wide}}; ++ $ret .= " ths->temp_str_$snum.clear();\n"; ++ if ($d->{wide}) { ++ $ret .= " ${n}_size = get_correct_size(\"$name\", ths->to_internal_->in_type_width(), ${n}_size, ${n}_type_width);\n"; ++ } else { ++ $ret .= " PosibErr<int> ${n}_fixed_size = get_correct_size(\"$name\", ths->to_internal_->in_type_width(), ${n}_size);\n"; ++ if (exists($d->{'on conv error'})) { ++ $ret .= " if (${n}_fixed_size.get_err()) {\n"; ++ $ret .= " ".$d->{'on conv error'}."\n"; ++ $ret .= " } else {\n"; ++ $ret .= " ${n}_size = ${n}_fixed_size;\n"; ++ $ret .= " }\n"; ++ } else { ++ $ret .= " ths->err_.reset(${n}_fixed_size.release_err());\n"; ++ $ret .= " if (ths->err_ != 0) return ".(c_error_cond $ret_type).";\n"; ++ } ++ } ++ $ret .= " ths->to_internal_->convert($n, ${n}_size, ths->temp_str_$snum);\n"; ++ $ret .= " unsigned int s$snum = ths->temp_str_$snum.size();\n"; ++ push @call_parms, "MutableString(ths->temp_str_$snum.mstr(), s$snum)"; ++ $snum++; ++ } elsif ($_->{type} eq 'encoded string') { ++ $need_wide = true unless $d->{wide}; ++ push @call_parms, $n, "${n}_size"; ++ push @call_parms, "${n}_type_width" if $d->{wide}; ++ $call_fun .= " wide" if $d->{wide}; + } else { +- $_ = $n; ++ push @call_parms, $n; + } + } +- my $parms = '('.(join ', ', @parms).')'; +- my $exp = "ths->".to_lower($d->{name})."$parms"; ++ my $parms = '('.(join ', ', @call_parms).')'; ++ my $exp = "ths->".to_lower($call_fun)."$parms"; + if (exists $d->{'posib err'}) { + $accum->{headers}{'posib err'} = true; + $ret .= " PosibErr<$ret_native> ret = $exp;\n"; +@@ -118,6 +146,7 @@ $info{class}{proc}{impl} = sub { + } + } + $ret .= "}\n\n"; ++ unshift @d,{%$d, wide=>true} if $need_wide; + } + return $ret; + }; +diff --git a/auto/MkSrc/Read.pm b/auto/MkSrc/Read.pm +index 4b3d1d0..4bf640e 100644 +--- a/auto/MkSrc/Read.pm ++++ b/auto/MkSrc/Read.pm +@@ -88,13 +88,13 @@ sub advance ( ) { + $in_pod = $1 if $line =~ /^\=(\w+)/; + $line = '' if $in_pod; + $in_pod = undef if $in_pod && $in_pod eq 'cut'; +- $line =~ s/\#.*$//; ++ $line =~ s/(?<!\\)\#.*$//; + $line =~ s/^(\t*)//; + $level = $base_level + length($1); + $line =~ s/\s*$//; + ++$base_level if $line =~ s/^\{$//; + --$base_level if $line =~ s/^\}$//; +- $line =~ s/\\([{}])/$1/g; ++ $line =~ s/\\([{}#\\])/$1/g; + } while ($line eq ''); + #print "$level:$line\n"; + } +diff --git a/auto/mk-src.in b/auto/mk-src.in +index 0e7833a..eb3353f 100644 +--- a/auto/mk-src.in ++++ b/auto/mk-src.in +@@ -608,6 +608,7 @@ errors: + invalid expression + mesg => "%expression" is not a valid regular expression. + parms => expression ++ + } + group: speller + { +@@ -650,6 +651,7 @@ class: speller + posib err + desc => Returns 0 if it is not in the dictionary, + 1 if it is, or -1 on error. ++ on conv error => return 0; + / + bool + encoded string: word +@@ -715,6 +717,8 @@ class: speller + desc => Return NULL on error. + The word list returned by suggest is only + valid until the next call to suggest. ++ on conv error => ++ word = NULL; word_size = 0; + / + const word list + encoded string: word +@@ -840,7 +844,6 @@ class: document checker + void + + method: process +- + desc => Process a string. + The string passed in should only be split on + white space characters. Furthermore, between +@@ -849,10 +852,10 @@ class: document checker + in the document. Passing in strings out of + order, skipping strings or passing them in + more than once may lead to undefined results. ++ no conv + / + void +- string: str +- int: size ++ encoded string: str + + method: next misspelling + +@@ -860,9 +863,23 @@ class: document checker + processed string. If there are no more + misspelled words, then token.word will be + NULL and token.size will be 0 ++ cc extra => ++ \#define aspell_document_checker_next_misspelling_w(type, ths) \\ ++ aspell_document_checker_next_misspelling_adj(ths, sizeof(type)) + / + token object + ++ method: next misspelling adj ++ desc => internal: do not use ++ c impl => ++ Token res = ths->next_misspelling(); ++ res.offset /= type_width; ++ res.len /= type_width; ++ return res; ++ / ++ token object ++ int: type_width ++ + method: filter + + desc => Returns the underlying filter class. +@@ -922,9 +939,30 @@ class: string enumeration + ths->from_internal_->append_null(ths->temp_str); + return ths->temp_str.data(); + \} ++ cc extra => ++ \#define aspell_string_enumeration_next_w(type, ths) \\ ++ aspell_cast_(const type *, aspell_string_enumeration_next_wide(ths, sizeof(type))) + / + const string + ++ method: next wide ++ c impl => ++ const char * s = ths->next(); ++ if (s == 0) { ++ return s; ++ } else if (ths->from_internal_ == 0) \{ ++ assert(type_width == 1); ++ return s; ++ \} else \{ ++ assert(type_width == ths->from_internal_->out_type_width()); ++ ths->temp_str.clear(); ++ ths->from_internal_->convert(s,-1,ths->temp_str); ++ ths->from_internal_->append_null(ths->temp_str); ++ return ths->temp_str.data(); ++ \} ++ / ++ const void pointer ++ int: type_width + } + group: info + { +diff --git a/common/convert.cpp b/common/convert.cpp +index 1add95a..7ae0317 100644 +--- a/common/convert.cpp ++++ b/common/convert.cpp +@@ -541,18 +541,25 @@ namespace acommon { + // Trivial Conversion + // + ++ const char * unsupported_null_term_wide_string_msg = ++ "Null-terminated wide-character strings unsupported when used this way."; ++ + template <typename Chr> + struct DecodeDirect : public Decode + { ++ DecodeDirect() {type_width = sizeof(Chr);} + void decode(const char * in0, int size, FilterCharVector & out) const { + const Chr * in = reinterpret_cast<const Chr *>(in0); +- if (size == -1) { ++ if (size == -sizeof(Chr)) { + for (;*in; ++in) +- out.append(*in); ++ out.append(*in, sizeof(Chr)); ++ } else if (size <= -1) { ++ fprintf(stderr, "%s\n", unsupported_null_term_wide_string_msg); ++ abort(); + } else { +- const Chr * stop = reinterpret_cast<const Chr *>(in0 +size); ++ const Chr * stop = reinterpret_cast<const Chr *>(in0) + size/sizeof(Chr); + for (;in != stop; ++in) +- out.append(*in); ++ out.append(*in, sizeof(Chr)); + } + } + PosibErr<void> decode_ec(const char * in0, int size, +@@ -565,6 +572,7 @@ namespace acommon { + template <typename Chr> + struct EncodeDirect : public Encode + { ++ EncodeDirect() {type_width = sizeof(Chr);} + void encode(const FilterChar * in, const FilterChar * stop, + CharVector & out) const { + for (; in != stop; ++in) { +@@ -594,11 +602,15 @@ namespace acommon { + template <typename Chr> + struct ConvDirect : public DirectConv + { ++ ConvDirect() {type_width = sizeof(Chr);} + void convert(const char * in0, int size, CharVector & out) const { +- if (size == -1) { ++ if (size == -sizeof(Chr)) { + const Chr * in = reinterpret_cast<const Chr *>(in0); + for (;*in != 0; ++in) + out.append(in, sizeof(Chr)); ++ } else if (size <= -1) { ++ fprintf(stderr, "%s\n", unsupported_null_term_wide_string_msg); ++ abort(); + } else { + out.append(in0, size); + } +@@ -1121,5 +1133,20 @@ namespace acommon { + } + return 0; + } +- ++ ++ PosibErr<void> unsupported_null_term_wide_string_err_(const char * func) { ++ static bool reported_to_stderr = false; ++ PosibErr<void> err = make_err(other_error, unsupported_null_term_wide_string_msg); ++ if (!reported_to_stderr) { ++ CERR.printf("ERROR: %s: %s\n", func, unsupported_null_term_wide_string_msg); ++ reported_to_stderr = true; ++ } ++ return err; ++ } ++ ++ void unsupported_null_term_wide_string_abort_(const char * func) { ++ CERR.printf("%s: %s\n", unsupported_null_term_wide_string_msg); ++ abort(); ++ } ++ + } +diff --git a/common/convert.hpp b/common/convert.hpp +index 76332ee..c948973 100644 +--- a/common/convert.hpp ++++ b/common/convert.hpp +@@ -7,6 +7,8 @@ + #ifndef ASPELL_CONVERT__HPP + #define ASPELL_CONVERT__HPP + ++#include "settings.h" ++ + #include "string.hpp" + #include "posib_err.hpp" + #include "char_vector.hpp" +@@ -25,8 +27,9 @@ namespace acommon { + typedef const Config CacheConfig; + typedef const char * CacheKey; + String key; ++ int type_width; // type width in bytes + bool cache_key_eq(const char * l) const {return key == l;} +- ConvBase() {} ++ ConvBase() : type_width(1) {} + private: + ConvBase(const ConvBase &); + void operator=(const ConvBase &); +@@ -56,6 +59,8 @@ namespace acommon { + virtual ~Encode() {} + }; + struct DirectConv { // convert directly from in_code to out_code. ++ int type_width; // type width in bytes ++ DirectConv() : type_width(1) {} + // should not take ownership of decode and encode. + // decode and encode guaranteed to stick around for the life + // of the object. +@@ -126,6 +131,9 @@ namespace acommon { + const char * in_code() const {return decode_->key.c_str();} + const char * out_code() const {return encode_->key.c_str();} + ++ int in_type_width() const {return decode_->type_width;} ++ int out_type_width() const {return encode_->type_width;} ++ + void append_null(CharVector & out) const + { + const char nul[4] = {0,0,0,0}; // 4 should be enough +@@ -191,6 +199,10 @@ namespace acommon { + } + } + ++ void convert(const void * in, int size, CharVector & out) { ++ convert(static_cast<const char *>(in), size, out); ++ } ++ + void generic_convert(const char * in, int size, CharVector & out); + + }; +@@ -412,6 +424,30 @@ namespace acommon { + return operator()(str, str + byte_size);} + }; + ++#ifdef SLOPPY_NULL_TERM_STRINGS ++ static const bool sloppy_null_term_strings = true; ++#else ++ static const bool sloppy_null_term_strings = false; ++#endif ++ ++ PosibErr<void> unsupported_null_term_wide_string_err_(const char * func); ++ void unsupported_null_term_wide_string_abort_(const char * func); ++ ++ static inline PosibErr<int> get_correct_size(const char * func, int conv_type_width, int size) { ++ if (sloppy_null_term_strings && size <= -1) ++ return -conv_type_width; ++ if (size <= -1 && -conv_type_width != size) ++ return unsupported_null_term_wide_string_err_(func); ++ return size; ++ } ++ static inline int get_correct_size(const char * func, int conv_type_width, int size, int type_width) { ++ if ((sloppy_null_term_strings || type_width <= -1) && size <= -1) ++ return -conv_type_width; ++ if (size <= -1 && conv_type_width != type_width) ++ unsupported_null_term_wide_string_abort_(func); ++ return size; ++ } ++ + } + + #endif +diff --git a/common/document_checker.cpp b/common/document_checker.cpp +index 5e510c4..0ccf1cd 100644 +--- a/common/document_checker.cpp ++++ b/common/document_checker.cpp +@@ -44,7 +44,9 @@ namespace acommon { + void DocumentChecker::process(const char * str, int size) + { + proc_str_.clear(); +- conv_->decode(str, size, proc_str_); ++ PosibErr<int> fixed_size = get_correct_size("aspell_document_checker_process", conv_->in_type_width(), size); ++ if (!fixed_size.has_err()) ++ conv_->decode(str, fixed_size, proc_str_); + proc_str_.append(0); + FilterChar * begin = proc_str_.pbegin(); + FilterChar * end = proc_str_.pend() - 1; +@@ -53,6 +55,19 @@ namespace acommon { + tokenizer_->reset(begin, end); + } + ++ void DocumentChecker::process_wide(const void * str, int size, int type_width) ++ { ++ proc_str_.clear(); ++ int fixed_size = get_correct_size("aspell_document_checker_process", conv_->in_type_width(), size, type_width); ++ conv_->decode(static_cast<const char *>(str), fixed_size, proc_str_); ++ proc_str_.append(0); ++ FilterChar * begin = proc_str_.pbegin(); ++ FilterChar * end = proc_str_.pend() - 1; ++ if (filter_) ++ filter_->process(begin, end); ++ tokenizer_->reset(begin, end); ++ } ++ + Token DocumentChecker::next_misspelling() + { + bool correct; +diff --git a/common/document_checker.hpp b/common/document_checker.hpp +index d35bb88..11a3c73 100644 +--- a/common/document_checker.hpp ++++ b/common/document_checker.hpp +@@ -36,6 +36,7 @@ namespace acommon { + PosibErr<void> setup(Tokenizer *, Speller *, Filter *); + void reset(); + void process(const char * str, int size); ++ void process_wide(const void * str, int size, int type_width); + Token next_misspelling(); + + Filter * filter() {return filter_;} +diff --git a/common/version.cpp b/common/version.cpp +index 414d938..9e60b75 100644 +--- a/common/version.cpp ++++ b/common/version.cpp +@@ -1,8 +1,17 @@ + #include "settings.h" + +-extern "C" const char * aspell_version_string() { + #ifdef NDEBUG +- return VERSION " NDEBUG"; ++# define NDEBUG_STR " NDEBUG" ++#else ++# define NDEBUG_STR ++#endif ++ ++#ifdef SLOPPY_NULL_TERM_STRINGS ++# define SLOPPY_STR " SLOPPY" ++#else ++# define SLOPPY_STR + #endif +- return VERSION; ++ ++extern "C" const char * aspell_version_string() { ++ return VERSION NDEBUG_STR SLOPPY_STR; + } +diff --git a/configure.ac b/configure.ac +index 60e3b39..a5d51e3 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -73,6 +73,9 @@ AC_ARG_ENABLE(filter-version-control, + AC_ARG_ENABLE(32-bit-hash-fun, + AS_HELP_STRING([--enable-32-bit-hash-fun],[use 32-bit hash function for compiled dictionaries])) + ++AC_ARG_ENABLE(sloppy-null-term-strings, ++ AS_HELP_STRING([--enable-sloppy-null-term-strings],[allows allow null terminated UCS-2 and UCS-4 strings])) ++ + AC_ARG_ENABLE(pspell-compatibility, + AS_HELP_STRING([--disable-pspell-compatibility],[don't install pspell compatibility libraries])) + +@@ -141,6 +144,11 @@ then + AC_DEFINE(USE_32_BIT_HASH_FUN, 1, [Defined if 32-bit hash function should be used for compiled dictionaries.]) + fi + ++if test "$enable_sloppy_null_term_strings" = "yes" ++then ++ AC_DEFINE(SLOPPY_NULL_TERM_STRINGS, 1, [Defined if null-terminated UCS-2 and UCS-4 strings should always be allowed.]) ++fi ++ + AM_CONDITIONAL(PSPELL_COMPATIBILITY, + [test "$enable_pspell_compatibility" != "no"]) + AM_CONDITIONAL(INCREMENTED_SONAME, +diff --git a/manual/aspell.texi b/manual/aspell.texi +index 45fa091..f400e06 100644 +--- a/manual/aspell.texi ++++ b/manual/aspell.texi +@@ -158,7 +158,8 @@ Installing + + * Generic Install Instructions:: + * HTML Manuals and "make clean":: +-* Curses Notes:: ++* Curses Notes:: ++* Upgrading from Aspell 0.60.7:: + * Loadable Filter Notes:: + * Upgrading from Aspell 0.50:: + * Upgrading from Aspell .33/Pspell .12:: +@@ -2206,18 +2207,26 @@ int correct = aspell_speller_check(spell_checker, @var{word}, @var{size}); + @end smallexample + + @noindent +-@var{word} is expected to be a @code{const char *} character +-string. If the encoding is set to be @code{ucs-2} or +-@code{ucs-4} @var{word} is expected to be a cast +-from either @code{const u16int *} or @code{const u32int *} +-respectively. @code{u16int} and @code{u32int} are generally +-@code{unsigned short} and @code{unsigned int} respectively. +-@var{size} is the length of the string or @code{-1} if the string +-is null terminated. If the string is a cast from @code{const u16int +-*} or @code{const u32int *} then @code{@i{size}} is the amount of +-space in bytes the string takes up after being cast to @code{const +-char *} and not the true size of the string. @code{sspell_speller_check} +-will return @code{0} if it is not found and non-zero otherwise. ++@var{word} is expected to be a @code{const char *} character string. ++@var{size} is the length of the string or @code{-1} if the string is ++null terminated. @code{aspell_speller_check} will return @code{0} if it is not found ++and non-zero otherwise. ++ ++If you are using the @code{ucs-2} or @code{ucs-4} encoding then the ++string is expected to be either a 2 or 4 byte wide integer ++(respectively) and the @code{_w} macro vesion should be used: ++ ++@smallexample ++int correct = aspell_speller_check_w(spell_checker, @var{word}, @var{size}); ++@end smallexample ++ ++The macro will cast the string to to the correct type and convert ++@var{size} into bytes for you and then a call the special wide version of the ++function that will make sure the encoding is correct for the type ++passed in. For compatibility with older versions of Aspell the normal ++non-wide functions can still be used provided that the size of the ++string, in bytes, is also passed in. Null terminated @code{ucs-2} or ++@code{ucs-4} are no longer supported when using the non-wide functions. + + If the word is not correct, then the @code{suggest} method can be used + to come up with likely replacements. +@@ -2236,7 +2245,28 @@ delete_aspell_string_enumeration(elements); + + Notice how @code{elements} is deleted but @code{suggestions} is not. + The value returned by @code{suggestions} is only valid to the next +-call to @code{suggest}. Once a replacement is made the ++call to @code{suggest}. ++ ++If you are using the @code{ucs-2} or @code{ucs-4} encoding then, in ++addition to using the @code{_w} macro for the @code{suggest} method, you ++should also use the @code{_w} macro with the @code{next} method which ++will cast the string to the correct type for you. For example, if you ++are using the @code{ucs-2} encoding and the string is a @code{const ++uint16_t *} then you should use: ++ ++@smallexample ++AspellWordList * suggestions = aspell_speller_suggest_w(spell_checker, ++ @var{word}, @var{size}); ++AspellStringEnumeration * elements = aspell_word_list_elements(suggestions); ++const uint16_t * word; ++while ( (word = aspell_string_enumeration_next_w(uint16_t, aspell_elements)) != NULL ) ++@{ ++ // add to suggestion list ++@} ++delete_aspell_string_enumeration(elements); ++@end smallexample ++ ++Once a replacement is made the + @code{store_repl} method should be used to communicate the replacement + pair back to the spell checker (for the reason, @pxref{Notes on + Storing Replacement Pairs}). Its usage is as follows: +diff --git a/manual/readme.texi b/manual/readme.texi +index 669ab8e..531721f 100644 +--- a/manual/readme.texi ++++ b/manual/readme.texi +@@ -15,15 +15,16 @@ The latest version can always be found at GNU Aspell's home page at + @uref{http://aspell.net}. + + @menu +-* Generic Install Instructions:: +-* HTML Manuals and "make clean":: +-* Curses Notes:: +-* Loadable Filter Notes:: +-* Using 32-Bit Dictionaries on a 64-Bit System:: +-* Upgrading from Aspell 0.50:: +-* Upgrading from Aspell .33/Pspell .12:: +-* Upgrading from a Pre-0.50 snapshot:: +-* WIN32 Notes:: ++* Generic Install Instructions:: ++* HTML Manuals and "make clean":: ++* Curses Notes:: ++* Upgrading from Aspell 0.60.7:: ++* Loadable Filter Notes:: ++* Using 32-Bit Dictionaries on a 64-Bit System:: ++* Upgrading from Aspell 0.50:: ++* Upgrading from Aspell .33/Pspell .12:: ++* Upgrading from a Pre-0.50 snapshot:: ++* WIN32 Notes:: + @end menu + + @node Generic Install Instructions +@@ -121,17 +122,62 @@ In addition your system must also support the @code{mblen} function. + Although this function was defined in the ISO C89 standard (ANSI + X3.159-1989), not all systems have it. + ++@node Upgrading from Aspell 0.60.7 ++@appendixsec Upgrading from Aspell 0.60.7 ++ ++To prevent a potentially unbounded buffer over-read, Aspell no longer ++supports null-terminated UCS-2 and UCS-4 encoded strings with the ++original C API. Null-termianted 8-bit or UTF-8 encoded strings are ++still supported, as are UCS-2 and UCS-4 encoded strings when the ++length is passed in. ++ ++As of Aspell 0.60.8 a function from the original API that expects an ++encoded string as a parameter will return meaningless results (or an ++error code) if string is null terminated and the encoding is set to ++@code{ucs-2} or @code{ucs-4}. In addition, a single: ++@example ++ERROR: aspell_speller_check: Null-terminated wide-character strings unsupported when used this way. ++@end example ++will be printed to standard error the first time one of those ++functions is called. ++ ++Application that use null-terminated UCS-2/4 strings should either (1) ++use the interface intended for working with wide-characters ++(@xref{Through the C API}); or (2) define ++@code{ASPELL_ENCODE_SETTING_SECURE} before including @code{aspell.h}. ++In the latter case is is important that the application explicitly ++sets the encoding to a known value. Defining ++@code{ASPELL_ENCODE_SETTING_SECURE} and not setting the encoding ++explicitly or allowing user of the application to set the encoding ++could result in an unbounded buffer over-read. ++ ++If it is necessary to preserve binary compatibility with older ++versions of Aspell, the easiest thing would be to determine the length ++of the UCS-2/4 string---in bytes---and pass that in. Due to an ++implemenation detail, existing API functions can be made to work with ++null-terminated UCS-2/4 strings safely by passing in either @code{-2} ++or @code{-4} (corresponding to the width of the character type) as the ++size. Doing so, however, will cause a buffer over-read for unpatched ++version of Aspell. To avoid this it will be necessary to parse the ++version string to determine the correct value to use. However, no ++official support will be provided for the latter method. ++ ++If the application can not be recompiled, then Aspell can be configured ++to preserve the old behavior by passing ++@option{--enable-sloppy-null-term-strings} to @command{configure}. When Aspell ++is compiled this way the version string will include the string ++@samp{ SLOPPY}. ++ + @node Loadable Filter Notes + @appendixsec Loadable Filter Notes +- ++ + Support for being able to load additional filter modules at run-time + has only been verified to work on Linux platforms. If you get linker + errors when trying to use a filter, then it is likely that loadable + filter support is not working yet on your platform. Thus, in order to + get Aspell to work correctly you will need to avoid compiling the + filters as individual modules by using the +-@option{--enable-compile-in-filters} when configuring Aspell with +-@command{./configure}. ++@option{--enable-compile-in-filters} @command{configure} option. + + @node Using 32-Bit Dictionaries on a 64-Bit System + @appendixsec Using 32-Bit Dictionaries on a 64-Bit System +-- +2.17.1 + diff --git a/meta/recipes-support/aspell/aspell/CVE-2019-20433-0002.patch b/meta/recipes-support/aspell/aspell/CVE-2019-20433-0002.patch new file mode 100644 index 0000000000..9569ddeebe --- /dev/null +++ b/meta/recipes-support/aspell/aspell/CVE-2019-20433-0002.patch @@ -0,0 +1,68 @@ +From cefd447e5528b08bb0cd6656bc52b4255692cefc Mon Sep 17 00:00:00 2001 +From: Kevin Atkinson <kevina@gnu.org> +Date: Sat, 17 Aug 2019 20:25:21 -0400 +Subject: [PATCH 2/2] Increment library version to reflect API changes. + +CVE: CVE-2019-20433 +Upstream-Status: Backport [https://github.com/GNUAspell/aspell/commit/cefd447e5528b08bb0cd6656bc52b4255692cefc] + +Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> +--- + Makefile.am | 31 +++++++++++++++++-------------- + 1 file changed, 17 insertions(+), 14 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 7e15851..19dc044 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -94,18 +94,25 @@ libaspell_la_SOURCES =\ + + libaspell_la_LIBADD = $(LTLIBINTL) $(PTHREAD_LIB) + +-## Libtool to so name +-## C:R:A => (C-A).(A).(R) +-## 16:5:0 => 16.0.5 +-## 16:5:1 => 15.1.5 +-## 18:0:2 => 16.2.0 +-## 17:0:2 => 15.2.0 +- ++## The version string is current[:revision[:age]] ++## ++## Before a release that has changed the source code at all ++## increment revision. ++## ++## After merging changes that have changed the API in a backwards ++## comptable way set revision to 0 and bump both current and age. ++## ++## Do not change the API in a backwards incompatible way. ++## ++## See "Libtool: Updating version info" ++## (https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html) ++## for more into ++## + if INCREMENTED_SONAME +-libaspell_la_LDFLAGS = -version-info 18:0:2 -no-undefined ++libaspell_la_LDFLAGS = -version-info 19:0:3 -no-undefined + else + ## Use C-1:R:A +-libaspell_la_LDFLAGS = -version-info 17:0:2 -no-undefined ++libaspell_la_LDFLAGS = -version-info 18:0:3 -no-undefined + endif + + if PSPELL_COMPATIBILITY +@@ -113,11 +120,7 @@ libpspell_la_SOURCES = lib/dummy.cpp + + libpspell_la_LIBADD = libaspell.la + +-if INCREMENTED_SONAME +-libpspell_la_LDFLAGS = -version-info 18:0:2 -no-undefined +-else +-libpspell_la_LDFLAGS = -version-info 17:0:2 -no-undefined +-endif ++libpspell_la_LDFLAGS = $(libaspell_la_LDFLAGS) + + endif + +-- +2.17.1 + diff --git a/meta/recipes-support/aspell/aspell_0.60.7.bb b/meta/recipes-support/aspell/aspell_0.60.7.bb index b565cb3c6e..1e104c263c 100644 --- a/meta/recipes-support/aspell/aspell_0.60.7.bb +++ b/meta/recipes-support/aspell/aspell_0.60.7.bb @@ -8,6 +8,8 @@ PR = "r1" SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz \ file://0001-Fix-various-bugs-found-by-OSS-Fuze.patch \ + file://CVE-2019-20433-0001.patch \ + file://CVE-2019-20433-0002.patch \ " SRC_URI[md5sum] = "8ef2252609c511cd2bb26f3a3932ef28" SRC_URI[sha256sum] = "5ca8fc8cb0370cc6c9eb5b64c6d1bc5d57b3750dbf17887726c3407d833b70e4" diff --git a/meta/recipes-support/curl/curl/CVE-2019-15601.patch b/meta/recipes-support/curl/curl/CVE-2019-15601.patch new file mode 100644 index 0000000000..7bfaae7b21 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2019-15601.patch @@ -0,0 +1,46 @@ +Upstream-Status: Backport [https://github.com/curl/curl/commit/1b71bc532bde8621fd3260843f8197182a467ff2] +CVE: CVE-2019-15601 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +From 1b71bc532bde8621fd3260843f8197182a467ff2 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 7 Nov 2019 10:13:01 +0100 +Subject: [PATCH] file: on Windows, refuse paths that start with \\ +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +... as that might cause an unexpected SMB connection to a given host +name. + +Reported-by: Fernando Muñoz +CVE-2019-15601 +Bug: https://curl.haxx.se/docs/CVE-2019-15601.html +--- + lib/file.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/lib/file.c b/lib/file.c +index d349cd9241..166931d7f1 100644 +--- a/lib/file.c ++++ b/lib/file.c +@@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done) + struct Curl_easy *data = conn->data; + char *real_path; + struct FILEPROTO *file = data->req.protop; +- int fd; ++ int fd = -1; + #ifdef DOS_FILESYSTEM + size_t i; + char *actual_path; +@@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done) + return CURLE_URL_MALFORMAT; + } + +- fd = open_readonly(actual_path, O_RDONLY|O_BINARY); ++ if(strncmp("\\\\", actual_path, 2)) ++ /* refuse to open path that starts with two backslashes */ ++ fd = open_readonly(actual_path, O_RDONLY|O_BINARY); + file->path = actual_path; + #else + if(memchr(real_path, 0, real_path_len)) { diff --git a/meta/recipes-support/curl/curl_7.66.0.bb b/meta/recipes-support/curl/curl_7.66.0.bb index d1975f2460..a54e0536e9 100644 --- a/meta/recipes-support/curl/curl_7.66.0.bb +++ b/meta/recipes-support/curl/curl_7.66.0.bb @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=be5d9e1419c4363f4b32037a2d3b7ffa" SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ + file://CVE-2019-15601.patch \ " SRC_URI[md5sum] = "c238aa394e3aa47ca4fcb0491774149f" diff --git a/meta/recipes-support/icu/icu/CVE-2020-10531.patch b/meta/recipes-support/icu/icu/CVE-2020-10531.patch new file mode 100644 index 0000000000..56303fc0f2 --- /dev/null +++ b/meta/recipes-support/icu/icu/CVE-2020-10531.patch @@ -0,0 +1,122 @@ +From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001 +From: Frank Tang <ftang@chromium.org> +Date: Sat, 1 Feb 2020 02:39:04 +0000 +Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append + +See #971 + +Upstream-Status: Backport [https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca] +CVE: CVE-2020-10531 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + icu4c/source/common/unistr.cpp | 6 ++- + icu4c/source/test/intltest/ustrtest.cpp | 62 +++++++++++++++++++++++++ + icu4c/source/test/intltest/ustrtest.h | 1 + + 3 files changed, 68 insertions(+), 1 deletion(-) + +diff --git a/icu4c/source/common/unistr.cpp b/icu4c/source/common/unistr.cpp +index 901bb3358ba..077b4d6ef20 100644 +--- a/icu4c/source/common/unistr.cpp ++++ b/icu4c/source/common/unistr.cpp +@@ -1563,7 +1563,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng + } + + int32_t oldLength = length(); +- int32_t newLength = oldLength + srcLength; ++ int32_t newLength; ++ if (uprv_add32_overflow(oldLength, srcLength, &newLength)) { ++ setToBogus(); ++ return *this; ++ } + + // Check for append onto ourself + const UChar* oldArray = getArrayStart(); +diff --git a/icu4c/source/test/intltest/ustrtest.cpp b/icu4c/source/test/intltest/ustrtest.cpp +index b6515ea813c..ad38bdf53a3 100644 +--- a/icu4c/source/test/intltest/ustrtest.cpp ++++ b/icu4c/source/test/intltest/ustrtest.cpp +@@ -67,6 +67,7 @@ void UnicodeStringTest::runIndexedTest( int32_t index, UBool exec, const char* & + TESTCASE_AUTO(TestWCharPointers); + TESTCASE_AUTO(TestNullPointers); + TESTCASE_AUTO(TestUnicodeStringInsertAppendToSelf); ++ TESTCASE_AUTO(TestLargeAppend); + TESTCASE_AUTO_END; + } + +@@ -2310,3 +2311,64 @@ void UnicodeStringTest::TestUnicodeStringInsertAppendToSelf() { + str.insert(2, sub); + assertEquals("", u"abbcdcde", str); + } ++ ++void UnicodeStringTest::TestLargeAppend() { ++ if(quick) return; ++ ++ IcuTestErrorCode status(*this, "TestLargeAppend"); ++ // Make a large UnicodeString ++ int32_t len = 0xAFFFFFF; ++ UnicodeString str; ++ char16_t *buf = str.getBuffer(len); ++ // A fast way to set buffer to valid Unicode. ++ // 4E4E is a valid unicode character ++ uprv_memset(buf, 0x4e, len * 2); ++ str.releaseBuffer(len); ++ UnicodeString dest; ++ // Append it 16 times ++ // 0xAFFFFFF times 16 is 0xA4FFFFF1, ++ // which is greater than INT32_MAX, which is 0x7FFFFFFF. ++ int64_t total = 0; ++ for (int32_t i = 0; i < 16; i++) { ++ dest.append(str); ++ total += len; ++ if (total <= INT32_MAX) { ++ assertFalse("dest is not bogus", dest.isBogus()); ++ } else { ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } ++ } ++ dest.remove(); ++ total = 0; ++ for (int32_t i = 0; i < 16; i++) { ++ dest.append(str); ++ total += len; ++ if (total + len <= INT32_MAX) { ++ assertFalse("dest is not bogus", dest.isBogus()); ++ } else if (total <= INT32_MAX) { ++ // Check that a string of exactly the maximum size works ++ UnicodeString str2; ++ int32_t remain = INT32_MAX - total; ++ char16_t *buf2 = str2.getBuffer(remain); ++ if (buf2 == nullptr) { ++ // if somehow memory allocation fail, return the test ++ return; ++ } ++ uprv_memset(buf2, 0x4e, remain * 2); ++ str2.releaseBuffer(remain); ++ dest.append(str2); ++ total += remain; ++ assertEquals("When a string of exactly the maximum size works", (int64_t)INT32_MAX, total); ++ assertEquals("When a string of exactly the maximum size works", INT32_MAX, dest.length()); ++ assertFalse("dest is not bogus", dest.isBogus()); ++ ++ // Check that a string size+1 goes bogus ++ str2.truncate(1); ++ dest.append(str2); ++ total++; ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } else { ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } ++ } ++} +diff --git a/icu4c/source/test/intltest/ustrtest.h b/icu4c/source/test/intltest/ustrtest.h +index 218befdcc68..4a356a92c7a 100644 +--- a/icu4c/source/test/intltest/ustrtest.h ++++ b/icu4c/source/test/intltest/ustrtest.h +@@ -97,6 +97,7 @@ class UnicodeStringTest: public IntlTest { + void TestWCharPointers(); + void TestNullPointers(); + void TestUnicodeStringInsertAppendToSelf(); ++ void TestLargeAppend(); + }; + + #endif diff --git a/meta/recipes-support/icu/icu_64.2.bb b/meta/recipes-support/icu/icu_64.2.bb index 10bac7aac0..2ed807787d 100644 --- a/meta/recipes-support/icu/icu_64.2.bb +++ b/meta/recipes-support/icu/icu_64.2.bb @@ -18,6 +18,7 @@ SRC_URI = "${BASE_SRC_URI} \ file://fix-install-manx.patch \ file://0001-Fix-big-endian-build.patch \ file://0001-icu-Added-armeb-support.patch \ + file://CVE-2020-10531.patch;striplevel=3 \ " SRC_URI_append_class-target = "\ diff --git a/meta/recipes-support/libevdev/libevdev/determinism.patch b/meta/recipes-support/libevdev/libevdev/determinism.patch new file mode 100644 index 0000000000..33a6076b78 --- /dev/null +++ b/meta/recipes-support/libevdev/libevdev/determinism.patch @@ -0,0 +1,34 @@ +The order of dict values is not deterministic leading to differing header file generation. +Sort to remove this inconsistency. + +RP 2020/2/7 + +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +Upstream-Status: Pending + +Index: a/libevdev/make-event-names.py +=================================================================== +--- a/libevdev/make-event-names.py ++++ b/libevdev/make-event-names.py +@@ -67,10 +67,10 @@ def print_bits(bits, prefix): + if not hasattr(bits, prefix): + return + print("static const char * const %s_map[%s_MAX + 1] = {" % (prefix, prefix.upper())) +- for val, name in list(getattr(bits, prefix).items()): ++ for val, name in sorted(list(getattr(bits, prefix).items())): + print(" [%s] = \"%s\"," % (name, name)) + if prefix == "key": +- for val, name in list(getattr(bits, "btn").items()): ++ for val, name in sorted(list(getattr(bits, "btn").items())): + print(" [%s] = \"%s\"," % (name, name)) + print("};") + print("") +@@ -111,7 +111,7 @@ def print_lookup(bits, prefix): + if not hasattr(bits, prefix): + return + +- names = list(getattr(bits, prefix).items()) ++ names = sorted(list(getattr(bits, prefix).items())) + if prefix == "btn": + names = names + btn_additional; + diff --git a/meta/recipes-support/libevdev/libevdev_1.8.0.bb b/meta/recipes-support/libevdev/libevdev_1.8.0.bb index 84274987d7..46ed5d786a 100644 --- a/meta/recipes-support/libevdev/libevdev_1.8.0.bb +++ b/meta/recipes-support/libevdev/libevdev_1.8.0.bb @@ -6,7 +6,8 @@ LICENSE = "MIT-X" LIC_FILES_CHKSUM = "file://COPYING;md5=75aae0d38feea6fda97ca381cb9132eb \ file://libevdev/libevdev.h;endline=21;md5=7ff4f0b5113252c2f1a828e0bbad98d1" -SRC_URI = "http://www.freedesktop.org/software/libevdev/${BP}.tar.xz" +SRC_URI = "http://www.freedesktop.org/software/libevdev/${BP}.tar.xz \ + file://determinism.patch" SRC_URI[md5sum] = "879631080be18526737e33b63d848039" SRC_URI[sha256sum] = "20d3cae4efd277f485abdf8f2a7c46588e539998b5a08c2c4d368218379d4211" diff --git a/meta/recipes-support/libgcrypt/files/determinism.patch b/meta/recipes-support/libgcrypt/files/determinism.patch new file mode 100644 index 0000000000..ad0b8c7950 --- /dev/null +++ b/meta/recipes-support/libgcrypt/files/determinism.patch @@ -0,0 +1,32 @@ +gnutls detects our outer git trees and injects that revision into its objects. +That isn't deterministic so stop it. Also ensure we're not marked as a development +build as its git detection is faulty. + +RP 2020/2/6 + +Upstream-Status: Pending +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + + +Index: libgcrypt-1.8.5/configure.ac +=================================================================== +--- libgcrypt-1.8.5.orig/configure.ac ++++ libgcrypt-1.8.5/configure.ac +@@ -45,7 +45,7 @@ m4_define([mym4_revision_dec], + m4_define([mym4_betastring], + m4_esyscmd_s([git describe --match 'libgcrypt-[0-9].*[0-9]' --long|\ + awk -F- '$3!=0{print"-beta"$3}'])) +-m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes])) ++m4_define([mym4_isgit],[no]) + m4_define([mym4_full_version],[mym4_version[]mym4_betastring]) + + AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org]) +@@ -2575,7 +2575,7 @@ AM_CONDITIONAL([BUILD_DOC], [test "x$bui + # + # Provide information about the build. + # +-BUILD_REVISION="mym4_revision" ++BUILD_REVISION="None" + AC_SUBST(BUILD_REVISION) + AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION", + [GIT commit id revision used to build this package]) diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb index 1bd355133e..92eb2d257a 100644 --- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb @@ -26,6 +26,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \ file://0001-ecc-Add-mitigation-against-timing-attack.patch \ file://0001-dsa-ecdsa-Fix-use-of-nonce-use-larger-one.patch \ + file://determinism.patch \ " SRC_URI[md5sum] = "fbfdaebbbc6d7e5fbbf6ffdb3e139573" SRC_URI[sha256sum] = "f638143a0672628fde0cad745e9b14deb85dffb175709cacc1f4fe24b93f2227" diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch new file mode 100644 index 0000000000..51f95a7097 --- /dev/null +++ b/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch @@ -0,0 +1,19 @@ +Upstream-Status: Backport [https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_jit_compile.c?r1=1092&r2=1091&pathrev=1092] +CVE: CVE-2020-8002 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + +--- pcre2-10.30/src/pcre2_jit_compile.c 2019/05/13 16:26:17 1091 ++++ pcre2-10.30/src/pcre2_jit_compile.c 2019/05/13 16:38:18 1092 +@@ -8571,7 +8571,10 @@ + PCRE2_SPTR bptr; + uint32_t c; + +-GETCHARINC(c, cc); ++/* Patch by PH */ ++/* GETCHARINC(c, cc); */ ++ ++c = *cc++; + #if PCRE2_CODE_UNIT_WIDTH == 32 + if (c >= 0x110000) + return NULL; + diff --git a/meta/recipes-support/libpcre/libpcre2_10.33.bb b/meta/recipes-support/libpcre/libpcre2_10.33.bb index 50b26753b4..1020df99b8 100644 --- a/meta/recipes-support/libpcre/libpcre2_10.33.bb +++ b/meta/recipes-support/libpcre/libpcre2_10.33.bb @@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b1588d3bb4cb0e1f5a597d908f8c5b37" SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \ file://pcre-cross.patch \ + file://CVE-2019-20454.patch \ " SRC_URI[md5sum] = "80b355f2dce909a2e2424f5c79eddb44" diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19244.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19244.patch new file mode 100644 index 0000000000..3f70979acc --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19244.patch @@ -0,0 +1,33 @@ +CVE: CVE-2019-19244 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From 0f690d4ae5ffe656762fdbb7f36cc4c2dcbb2d9d Mon Sep 17 00:00:00 2001 +From: dan <dan@noemail.net> +Date: Fri, 22 Nov 2019 10:14:01 +0000 +Subject: [PATCH] Fix a crash that could occur if a sub-select that uses both + DISTINCT and window functions also used an ORDER BY that is the same as its + select list. + +Amalgamation version of the patch: +FossilOrigin-Name: bcdd66c1691955c697f3d756c2b035acfe98f6aad72e90b0021bab6e9023b3ba +--- + sqlite3.c | 5 +++-- + sqlite3.h | 2 +- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 8fd740b..db1c649 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -131679,6 +131679,7 @@ SQLITE_PRIVATE int sqlite3Select( + */ + if( (p->selFlags & (SF_Distinct|SF_Aggregate))==SF_Distinct + && sqlite3ExprListCompare(sSort.pOrderBy, pEList, -1)==0 ++ && p->pWin==0 + ){ + p->selFlags &= ~SF_Distinct; + pGroupBy = p->pGroupBy = sqlite3ExprListDup(db, pEList, 0); +-- +2.24.1 + diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19923.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19923.patch new file mode 100644 index 0000000000..b1b866b250 --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19923.patch @@ -0,0 +1,50 @@ +CVE: CVE-2019-19923 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From b64463719dc53bde98b0ce3930b10a32560c3a02 Mon Sep 17 00:00:00 2001 +From: "D. Richard Hipp" <drh@hwaci.com> +Date: Wed, 18 Dec 2019 20:51:58 +0000 +Subject: [PATCH] Continue to back away from the LEFT JOIN optimization of + check-in [41c27bc0ff1d3135] by disallowing query flattening if the outer + query is DISTINCT. Without this fix, if an index scan is run on the table + within the view on the right-hand side of the LEFT JOIN, stale result + registers might be accessed yielding incorrect results, and/or an + OP_IfNullRow opcode might be invoked on the un-opened table, resulting in a + NULL-pointer dereference. This problem was found by the Yongheng and Rui + fuzzer. + +FossilOrigin-Name: 862974312edf00e9d1068115d1a39b7235b7db68b6d86b81d38a12f025a4748e +--- + sqlite3.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/sqlite3.c b/sqlite3.c +index d29da07..5bc06c8 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -129216,6 +129216,7 @@ static void substSelect( + ** (3b) the FROM clause of the subquery may not contain a virtual + ** table and + ** (3c) the outer query may not be an aggregate. ++** (3d) the outer query may not be DISTINCT. + ** + ** (4) The subquery can not be DISTINCT. + ** +@@ -129412,8 +129413,11 @@ static int flattenSubquery( + */ + if( (pSubitem->fg.jointype & JT_OUTER)!=0 ){ + isLeftJoin = 1; +- if( pSubSrc->nSrc>1 || isAgg || IsVirtual(pSubSrc->a[0].pTab) ){ +- /* (3a) (3c) (3b) */ ++ if( pSubSrc->nSrc>1 /* (3a) */ ++ || isAgg /* (3b) */ ++ || IsVirtual(pSubSrc->a[0].pTab) /* (3c) */ ++ || (p->selFlags & SF_Distinct)!=0 /* (3d) */ ++ ){ + return 0; + } + } +-- +2.24.1 + diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19924.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19924.patch new file mode 100644 index 0000000000..80d5edbb0c --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19924.patch @@ -0,0 +1,65 @@ +CVE: CVE-2019-19924 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From 854fe21e8a987f84da81f6bb9e90abc5355c6621 Mon Sep 17 00:00:00 2001 +From: "D. Richard Hipp" <drh@hwaci.com> +Date: Thu, 19 Dec 2019 20:37:32 +0000 +Subject: [PATCH] When an error occurs while rewriting the parser tree for + window functions in the sqlite3WindowRewrite() routine, make sure that + pParse->nErr is set, and make sure that this shuts down any subsequent code + generation that might depend on the transformations that were implemented. + This fixes a problem discovered by the Yongheng and Rui fuzzer. + +Amalgamation format of backported patch +FossilOrigin-Name: e2bddcd4c55ba3cbe0130332679ff4b048630d0ced9a8899982edb5a3569ba7f +--- + sqlite3.c | 16 +++++++++++----- + sqlite3.h | 2 +- + 2 files changed, 12 insertions(+), 6 deletions(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 408ec4c..857c28e 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -77798,7 +77798,8 @@ SQLITE_PRIVATE void sqlite3VdbeSetP4KeyInfo(Parse *pParse, Index *pIdx){ + */ + static void vdbeVComment(Vdbe *p, const char *zFormat, va_list ap){ + assert( p->nOp>0 || p->aOp==0 ); +- assert( p->aOp==0 || p->aOp[p->nOp-1].zComment==0 || p->db->mallocFailed ); ++ assert( p->aOp==0 || p->aOp[p->nOp-1].zComment==0 || p->db->mallocFailed ++ || p->pParse->nErr>0 ); + if( p->nOp ){ + assert( p->aOp ); + sqlite3DbFree(p->db, p->aOp[p->nOp-1].zComment); +@@ -97872,6 +97873,7 @@ static int codeCompare( + int addr; + CollSeq *p4; + ++ if( pParse->nErr ) return 0; + p4 = sqlite3BinaryCompareCollSeq(pParse, pLeft, pRight); + p5 = binaryCompareP5(pLeft, pRight, jumpIfNull); + addr = sqlite3VdbeAddOp4(pParse->pVdbe, opcode, in2, dest, in1, +@@ -147627,7 +147629,7 @@ SQLITE_PRIVATE int sqlite3WindowRewrite(Parse *pParse, Select *p){ + + pTab = sqlite3DbMallocZero(db, sizeof(Table)); + if( pTab==0 ){ +- return SQLITE_NOMEM; ++ return sqlite3ErrorToParser(db, SQLITE_NOMEM); + } + + p->pSrc = 0; +@@ -147731,6 +147733,10 @@ SQLITE_PRIVATE int sqlite3WindowRewrite(Parse *pParse, Select *p){ + sqlite3DbFree(db, pTab); + } + ++ if( rc && pParse->nErr==0 ){ ++ assert( pParse->db->mallocFailed ); ++ return sqlite3ErrorToParser(pParse->db, SQLITE_NOMEM); ++ } + return rc; + } + +-- +2.24.1 + diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch new file mode 100644 index 0000000000..ffc2c6afff --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch @@ -0,0 +1,33 @@ +CVE: CVE-2019-19925 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From e92580434d2cdca228649d32f76167492de4f512 Mon Sep 17 00:00:00 2001 +From: "D. Richard Hipp" <drh@hwaci.com> +Date: Thu, 19 Dec 2019 15:15:40 +0000 +Subject: [PATCH] Fix the zipfile extension so that INSERT works even if the + pathname of the file being inserted is a NULL. Bug discovered by the + Yongheng and Rui fuzzer. + +FossilOrigin-Name: a80f84b511231204658304226de3e075a55afc2e3f39ac063716f7a57f585c06 +--- + shell.c | 1 + + sqlite3.c | 4 ++-- + sqlite3.h | 2 +- + 3 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/shell.c b/shell.c +index 053180c..404a8d4 100644 +--- a/shell.c ++++ b/shell.c +@@ -5827,6 +5827,7 @@ static int zipfileUpdate( + + if( rc==SQLITE_OK ){ + zPath = (const char*)sqlite3_value_text(apVal[2]); ++ if( zPath==0 ) zPath = ""; + nPath = (int)strlen(zPath); + mTime = zipfileGetTime(apVal[4]); + } +-- +2.24.1 + diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19926.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19926.patch new file mode 100644 index 0000000000..92bc7908bc --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19926.patch @@ -0,0 +1,31 @@ +CVE: CVE-2019-19926 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From 4165b1e1e0001165ace9051a70f938099505eadc Mon Sep 17 00:00:00 2001 +From: "D. Richard Hipp" <drh@hwaci.com> +Date: Thu, 19 Dec 2019 22:08:19 +0000 +Subject: [PATCH] Continuation of [e2bddcd4c55ba3cb]: Add another spot where it + is necessary to abort early due to prior errors in sqlite3WindowRewrite(). + +FossilOrigin-Name: cba2a2a44cdf138a629109bb0ad088ed4ef67fc66bed3e0373554681a39615d2 +--- + sqlite3.c | 7 ++++--- + sqlite3.h | 2 +- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 857c28e..19a474d 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -128427,6 +128427,7 @@ static int multiSelect( + } + #endif + } ++ if( pParse->nErr ) goto multi_select_end; + + /* Compute collating sequences used by + ** temporary tables needed to implement the compound select. +-- +2.24.1 + diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19959.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19959.patch new file mode 100644 index 0000000000..cba8ec9d30 --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19959.patch @@ -0,0 +1,46 @@ +CVE: CVE-2019-19959 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From f83f7e8141ee7cbbf7f2dc8985279a7372b259b6 Mon Sep 17 00:00:00 2001 +From: "D. Richard Hipp" <drh@hwaci.com> +Date: Mon, 23 Dec 2019 21:04:33 +0000 +Subject: [PATCH] Fix the zipfile() function in the zipfile extension so that + it is able to deal with goofy filenames that contain embedded zeros. + +FossilOrigin-Name: cc0fb00a128fd0773db5ff7891f7aa577a3671d570166d2cbb30df922344adcf +--- + shell.c | 4 ++-- + sqlite3.c | 4 ++-- + sqlite3.h | 2 +- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/shell.c b/shell.c +index 404a8d4..48065e9 100644 +--- a/shell.c ++++ b/shell.c +@@ -5841,7 +5841,7 @@ static int zipfileUpdate( + zFree = sqlite3_mprintf("%s/", zPath); + if( zFree==0 ){ rc = SQLITE_NOMEM; } + zPath = (const char*)zFree; +- nPath++; ++ nPath = (int)strlen(zPath); + } + } + +@@ -6242,11 +6242,11 @@ void zipfileStep(sqlite3_context *pCtx, int nVal, sqlite3_value **apVal){ + }else{ + if( zName[nName-1]!='/' ){ + zName = zFree = sqlite3_mprintf("%s/", zName); +- nName++; + if( zName==0 ){ + rc = SQLITE_NOMEM; + goto zipfile_step_out; + } ++ nName = (int)strlen(zName); + }else{ + while( nName>1 && zName[nName-2]=='/' ) nName--; + } +-- +2.24.1 + diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-20218.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-20218.patch new file mode 100644 index 0000000000..fb6cd6df2d --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-20218.patch @@ -0,0 +1,31 @@ +CVE: CVE-2019-20218 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From 6bbd76d34f29f61483791231f2ce579dcadab8a5 Mon Sep 17 00:00:00 2001 +From: Dan Kennedy <danielk1977@gmail.com> +Date: Fri, 27 Dec 2019 20:54:42 +0000 +Subject: [PATCH] Do not attempt to unwind the WITH stack in the Parse object + following an error. This fixes a separate case to [de6e6d68]. + +FossilOrigin-Name: d29edef93451cc67a5d69c1cce1b1832d9ca8fff1f600afdd51338b74d077b92 +--- + sqlite3.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 5bc06c8..408ec4c 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -130570,7 +130570,7 @@ static int selectExpander(Walker *pWalker, Select *p){ + + /* Process NATURAL keywords, and ON and USING clauses of joins. + */ +- if( db->mallocFailed || sqliteProcessJoin(pParse, p) ){ ++ if( pParse->nErr || db->mallocFailed || sqliteProcessJoin(pParse, p) ){ + return WRC_Abort; + } + +-- +2.24.1 + diff --git a/meta/recipes-support/sqlite/sqlite3_3.29.0.bb b/meta/recipes-support/sqlite/sqlite3_3.29.0.bb index 34066fbe89..cf3b179845 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.29.0.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.29.0.bb @@ -4,6 +4,14 @@ LICENSE = "PD" LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" SRC_URI = "http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \ - file://0001-Fix-CVE-2019-16168.patch" + file://0001-Fix-CVE-2019-16168.patch \ + file://CVE-2019-19244.patch \ + file://CVE-2019-19923.patch \ + file://CVE-2019-19924.patch \ + file://CVE-2019-19925.patch \ + file://CVE-2019-19926.patch \ + file://CVE-2019-19959.patch \ + file://CVE-2019-20218.patch \ +" SRC_URI[md5sum] = "8f3dfe83387e62ecb91c7c5c09c688dc" SRC_URI[sha256sum] = "8e7c1e2950b5b04c5944a981cb31fffbf9d2ddda939d536838ebc854481afd5b" |