aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/classes/cve-check.bbclass181
-rw-r--r--meta/classes/image_types.bbclass5
-rw-r--r--meta/classes/kernel.bbclass6
-rw-r--r--meta/classes/populate_sdk_ext.bbclass6
-rw-r--r--meta/classes/rm_work.bbclass3
-rw-r--r--meta/classes/testimage.bbclass3
-rw-r--r--meta/classes/uboot-sign.bbclass20
-rw-r--r--meta/classes/uninative.bbclass4
-rw-r--r--meta/conf/distro/include/maintainers.inc2
-rw-r--r--meta/conf/distro/include/yocto-uninative.inc11
-rw-r--r--meta/conf/machine/include/arm/arch-arm64.inc2
-rw-r--r--meta/files/toolchain-shar-extract.sh11
-rw-r--r--meta/lib/oe/buildhistory_analysis.py2
-rw-r--r--meta/lib/oe/sdk.py4
-rw-r--r--meta/lib/oe/utils.py2
-rw-r--r--meta/lib/oeqa/core/runner.py34
-rw-r--r--meta/lib/oeqa/core/target/ssh.py4
-rw-r--r--meta/lib/oeqa/core/utils/concurrencytest.py29
-rw-r--r--meta/lib/oeqa/files/testresults/testresults.json40
-rw-r--r--meta/lib/oeqa/manual/bsp-hw.json264
-rw-r--r--meta/lib/oeqa/manual/compliance-test.json194
-rw-r--r--meta/lib/oeqa/manual/kernel-dev.json36
-rw-r--r--meta/lib/oeqa/manual/sdk.json14
-rw-r--r--meta/lib/oeqa/manual/toaster-managed-mode.json2572
-rw-r--r--meta/lib/oeqa/manual/toaster-unmanaged-mode.json1170
-rw-r--r--meta/lib/oeqa/sdk/case.py2
-rw-r--r--meta/lib/oeqa/sdk/utils/sdkbuildproject.py3
-rw-r--r--meta/lib/oeqa/sdkext/testsdk.py7
-rw-r--r--meta/lib/oeqa/selftest/cases/pkgdata.py1
-rw-r--r--meta/lib/oeqa/selftest/cases/resulttooltests.py94
-rw-r--r--meta/lib/oeqa/selftest/cases/signing.py4
-rw-r--r--meta/lib/oeqa/selftest/context.py1
-rw-r--r--meta/lib/oeqa/targetcontrol.py2
-rw-r--r--meta/lib/oeqa/utils/gitarchive.py4
-rw-r--r--meta/lib/oeqa/utils/qemurunner.py1
-rw-r--r--meta/recipes-connectivity/avahi/avahi.inc4
-rw-r--r--meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch48
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch72
-rw-r--r--meta/recipes-connectivity/bind/bind_9.11.5-P4.bb (renamed from meta/recipes-connectivity/bind/bind_9.11.4.bb)8
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5.inc3
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch705
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5/init12
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch79
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch117
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb1
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch69
-rw-r--r--meta/recipes-connectivity/openssl/openssl/afalg.patch31
-rw-r--r--meta/recipes-connectivity/openssl/openssl/run-ptest2
-rw-r--r--meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb (renamed from meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb)4
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.1.1b.bb (renamed from meta/recipes-connectivity/openssl/openssl_1.1.1a.bb)16
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch52
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb1
-rw-r--r--meta/recipes-core/busybox/busybox/CVE-2018-20679.patch142
-rw-r--r--meta/recipes-core/busybox/busybox/CVE-2019-5747.patch60
-rw-r--r--meta/recipes-core/busybox/busybox_1.29.3.bb2
-rw-r--r--meta/recipes-core/dbus/dbus/CVE-2019-12749.patch127
-rw-r--r--meta/recipes-core/dbus/dbus_1.12.10.bb1
-rw-r--r--meta/recipes-core/expat/expat/CVE-2018-20843.patch26
-rw-r--r--meta/recipes-core/expat/expat_2.2.6.bb1
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch59
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch47
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-9633_p1.patch316
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-9633_p2.patch231
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0/run-ptest1
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb4
-rw-r--r--meta/recipes-core/glibc/glibc-locale.inc3
-rw-r--r--meta/recipes-core/glibc/glibc-mtrace.inc3
-rw-r--r--meta/recipes-core/glibc/glibc-scripts.inc3
-rw-r--r--meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch33
-rw-r--r--meta/recipes-core/glibc/glibc/0026-reset-dl_load_write_lock-after-forking.patch37
-rw-r--r--meta/recipes-core/glibc/glibc/0027-Acquire-ld.so-lock-before-switching-to-malloc_atfork.patch65
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2016-10739.patch1136
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2018-19591.patch48
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2019-6488.patch274
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2019-7309.patch207
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2019-9169.patch63
-rw-r--r--meta/recipes-core/glibc/glibc_2.28.bb7
-rw-r--r--meta/recipes-core/images/build-appliance-image_15.0.0.bb2
-rw-r--r--meta/recipes-core/meta/buildtools-extended-tarball.bb36
-rw-r--r--meta/recipes-core/meta/buildtools-tarball.bb6
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb190
-rw-r--r--meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb3
-rw-r--r--meta/recipes-core/meta/target-sdk-provides-dummy.bb14
-rw-r--r--meta/recipes-core/systemd/systemd/0024-journald-do-not-store-the-iovec-entry-for-process-co.patch6
-rw-r--r--meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields-1k.patch56
-rw-r--r--meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields.patch139
-rw-r--r--meta/recipes-core/systemd/systemd/0026-journal-fix-out-of-bounds-read-CVE-2018-16866.patch49
-rw-r--r--meta/recipes-core/systemd/systemd/0026-journal-remote-set-a-limit-on-the-number-of-fields-i.patch84
-rw-r--r--meta/recipes-core/systemd/systemd/0027-journal-fix-syslog_parse_identifier.patch77
-rw-r--r--meta/recipes-core/systemd/systemd/0028-journal-do-not-remove-multiple-spaces-after-identifi.patch84
-rw-r--r--meta/recipes-core/systemd/systemd/CVE-2019-6454.patch210
-rw-r--r--meta/recipes-core/systemd/systemd/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch61
-rw-r--r--meta/recipes-core/systemd/systemd_239.bb10
-rw-r--r--meta/recipes-core/zlib/zlib-1.2.11/Makefile-runtests.patch38
-rw-r--r--meta/recipes-core/zlib/zlib-1.2.11/remove.ldconfig.call.patch21
-rw-r--r--meta/recipes-core/zlib/zlib-1.2.11/run-ptest2
-rw-r--r--meta/recipes-core/zlib/zlib/ldflags-tests.patch (renamed from meta/recipes-core/zlib/zlib-1.2.11/ldflags-tests.patch)4
-rw-r--r--meta/recipes-core/zlib/zlib/run-ptest7
-rw-r--r--meta/recipes-core/zlib/zlib_1.2.11.bb19
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.31.inc6
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2018-1000876.patch180
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2018-20623.patch74
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2018-20651.patch35
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch49
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch39
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch33
-rw-r--r--meta/recipes-devtools/binutils/binutils/nativesdk-relocation.patch80
-rw-r--r--meta/recipes-devtools/binutils/binutils_2.31.bb5
-rw-r--r--meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb62
-rw-r--r--meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch50
-rw-r--r--meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch215
-rw-r--r--meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch135
-rw-r--r--meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch52
-rw-r--r--meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch51
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest2
-rw-r--r--meta/recipes-devtools/elfutils/elfutils_0.175.bb6
-rw-r--r--meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch52
-rw-r--r--meta/recipes-devtools/elfutils/files/CVE-2019-7146_p2.patch65
-rw-r--r--meta/recipes-devtools/elfutils/files/CVE-2019-7149.patch148
-rw-r--r--meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch51
-rw-r--r--meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch65
-rw-r--r--meta/recipes-devtools/elfutils/files/CVE-2019-7665.patch154
-rw-r--r--meta/recipes-devtools/file/file/CVE-2019-8904.patch30
-rw-r--r--meta/recipes-devtools/file/file/CVE-2019-8905_CVE-2019-8907.patch120
-rw-r--r--meta/recipes-devtools/file/file/CVE-2019-8906.patch27
-rw-r--r--meta/recipes-devtools/file/file_5.34.bb3
-rw-r--r--meta/recipes-devtools/gcc/gcc-8.2.inc1
-rw-r--r--meta/recipes-devtools/gcc/gcc-8.2/CVE-2019-14250.patch44
-rw-r--r--meta/recipes-devtools/go/go-1.11.inc7
-rw-r--r--meta/recipes-devtools/go/go-1.11/0007-cmd-go-make-GOROOT-precious-by-default.patch6
-rw-r--r--meta/recipes-devtools/go/go-1.11/0008-use-GOBUILDMODE-to-set-buildmode.patch13
-rw-r--r--meta/recipes-devtools/go/go-crosssdk.inc2
-rw-r--r--meta/recipes-devtools/go/go-target.inc2
-rw-r--r--meta/recipes-devtools/json-c/json-c_0.13.1.bb2
-rw-r--r--meta/recipes-devtools/libcomps/libcomps/CVE-2019-3817.patch97
-rw-r--r--meta/recipes-devtools/libcomps/libcomps_git.bb1
-rw-r--r--meta/recipes-devtools/opkg-utils/opkg-utils/0001-opkg-make-index-use-ctime-instead-of-mtime.patch59
-rw-r--r--meta/recipes-devtools/opkg-utils/opkg-utils_0.3.6.bb1
-rw-r--r--meta/recipes-devtools/opkg/opkg/0001-libopkg-add-add-ignore-recommends-option.patch260
-rw-r--r--meta/recipes-devtools/opkg/opkg_0.3.6.bb1
-rw-r--r--meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch93
-rw-r--r--meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch80
-rw-r--r--meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch44
-rw-r--r--meta/recipes-devtools/patch/patch/CVE-2019-13636.patch113
-rw-r--r--meta/recipes-devtools/patch/patch_2.7.6.bb4
-rw-r--r--meta/recipes-devtools/perl/perl/CVE-2018-18311.patch183
-rw-r--r--meta/recipes-devtools/perl/perl/CVE-2018-18312.patchbin0 -> 2125 bytes
-rw-r--r--meta/recipes-devtools/perl/perl/CVE-2018-18313.patch60
-rw-r--r--meta/recipes-devtools/perl/perl/CVE-2018-18314.patch271
-rw-r--r--meta/recipes-devtools/perl/perl_5.24.4.bb4
-rw-r--r--meta/recipes-devtools/pseudo/pseudo_git.bb2
-rw-r--r--meta/recipes-devtools/python/python-native/0001-python-native-fix-one-do_populate_sysroot-warning.patch39
-rw-r--r--meta/recipes-devtools/python/python-native_2.7.16.bb (renamed from meta/recipes-devtools/python/python-native_2.7.15.bb)2
-rw-r--r--meta/recipes-devtools/python/python.inc18
-rw-r--r--meta/recipes-devtools/python/python/0001-bpo-33354-Fix-test_ssl-when-a-filename-cannot-be-enc.patch55
-rw-r--r--meta/recipes-devtools/python/python/0001-bpo-33570-TLS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch120
-rw-r--r--meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch67
-rw-r--r--meta/recipes-devtools/python/python/0002-bpo-34818-Add-missing-closing-wrapper-in-test_tls1_3.patch37
-rw-r--r--meta/recipes-devtools/python/python/0003-bpo-34834-Fix-test_ssl.test_options-to-account-for-O.patch37
-rw-r--r--meta/recipes-devtools/python/python/0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch34
-rw-r--r--meta/recipes-devtools/python/python/bpo-30458-cve-2019-9740.patch219
-rw-r--r--meta/recipes-devtools/python/python/bpo-35121-cve-2018-20852.patch127
-rw-r--r--meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948-fix.patch55
-rw-r--r--meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch55
-rw-r--r--meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch28
-rw-r--r--meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636.patch111
-rw-r--r--meta/recipes-devtools/python/python3-testtools/no_traceback2.patch23
-rw-r--r--meta/recipes-devtools/python/python3-testtools_2.3.0.bb2
-rw-r--r--meta/recipes-devtools/python/python3/0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch35
-rw-r--r--meta/recipes-devtools/python/python3/CVE-2018-14647.patch (renamed from meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch)73
-rw-r--r--meta/recipes-devtools/python/python3/CVE-2018-20406.patch217
-rw-r--r--meta/recipes-devtools/python/python3/CVE-2018-20852.patch129
-rw-r--r--meta/recipes-devtools/python/python3/CVE-2019-9636.patch154
-rw-r--r--meta/recipes-devtools/python/python3/CVE-2019-9740.patch155
-rw-r--r--meta/recipes-devtools/python/python3_3.5.6.bb12
-rw-r--r--meta/recipes-devtools/python/python_2.7.16.bb (renamed from meta/recipes-devtools/python/python_2.7.15.bb)10
-rw-r--r--meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch49
-rw-r--r--meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch95
-rw-r--r--meta/recipes-devtools/qemu/qemu/0011-linux-user-remove-host-stime-syscall.patch62
-rw-r--r--meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch19
-rw-r--r--meta/recipes-devtools/qemu/qemu/0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch336
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch2
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2018-16867.patch49
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2018-16872.patch89
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch52
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2018-18849.patch86
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2018-18954.patch50
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2018-19364_p1.patch51
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2018-19364_p2.patch115
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2018-19489.patch83
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p1.patch42
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p2.patch52
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch38
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch39
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2019-6778.patch41
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch215
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2019-9824.patch47
-rw-r--r--meta/recipes-devtools/qemu/qemu_3.0.0.bb20
-rw-r--r--meta/recipes-devtools/ruby/ruby.inc6
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch34
-rw-r--r--meta/recipes-devtools/ruby/ruby/run-ptest13
-rw-r--r--meta/recipes-devtools/ruby/ruby_2.5.3.bb12
-rw-r--r--meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch33
-rw-r--r--meta/recipes-extended/bzip2/bzip2-1.0.6/fix-regression-CVE-2019-12900.patch82
-rw-r--r--meta/recipes-extended/bzip2/bzip2_1.0.6.bb2
-rw-r--r--meta/recipes-extended/cups/cups/0001-don-t-try-to-run-generated-binaries.patch29
-rw-r--r--meta/recipes-extended/cups/cups_2.2.10.bb6
-rw-r--r--meta/recipes-extended/cups/cups_2.2.8.bb6
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch99
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch71
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch295
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch167
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch34
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch30
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript_9.26.bb6
-rw-r--r--meta/recipes-extended/libarchive/libarchive/CVE-2018-1000877.patch38
-rw-r--r--meta/recipes-extended/libarchive/libarchive/CVE-2018-1000878.patch79
-rw-r--r--meta/recipes-extended/libarchive/libarchive/CVE-2018-1000879.patch50
-rw-r--r--meta/recipes-extended/libarchive/libarchive/CVE-2018-1000880.patch44
-rw-r--r--meta/recipes-extended/libarchive/libarchive/CVE-2019-1000019.patch59
-rw-r--r--meta/recipes-extended/libarchive/libarchive/CVE-2019-1000020.patch61
-rw-r--r--meta/recipes-extended/libarchive/libarchive_3.3.3.bb6
-rw-r--r--meta/recipes-extended/libsolv/libsolv/0003-Fix-Dereference-of-null-pointer.patch33
-rw-r--r--meta/recipes-extended/libsolv/libsolv/0004-Fix-Add-va_end-before-return.patch36
-rw-r--r--meta/recipes-extended/libsolv/libsolv/0005-Fix-Memory-leaks.patch158
-rw-r--r--meta/recipes-extended/libsolv/libsolv/0006-Fix-testsolv-segfault.patch41
-rw-r--r--meta/recipes-extended/libsolv/libsolv/0007-Fix-testsolv-segfaults.patch47
-rw-r--r--meta/recipes-extended/libsolv/libsolv/0008-Fix-Be-sure-that-NONBLOCK-is-set.patch37
-rw-r--r--meta/recipes-extended/libsolv/libsolv/0009-Don-t-set-values-that-are-never-read.patch113
-rw-r--r--meta/recipes-extended/libsolv/libsolv_0.6.35.bb7
-rw-r--r--meta/recipes-extended/lighttpd/lighttpd/fix-http-parseopts.patch51
-rw-r--r--meta/recipes-extended/lighttpd/lighttpd_1.4.51.bb1
-rw-r--r--meta/recipes-extended/pam/libpam_1.3.0.bb4
-rw-r--r--meta/recipes-extended/sudo/sudo/CVE-2019-14287_p1.patch170
-rw-r--r--meta/recipes-extended/sudo/sudo/CVE-2019-14287_p2.patch98
-rw-r--r--meta/recipes-extended/sudo/sudo_1.8.23.bb2
-rw-r--r--meta/recipes-extended/tar/tar/CVE-2018-20482.patch405
-rw-r--r--meta/recipes-extended/tar/tar/CVE-2019-9923.patch38
-rw-r--r--meta/recipes-extended/tar/tar_1.30.bb2
-rw-r--r--meta/recipes-extended/timezone/timezone.inc18
-rw-r--r--meta/recipes-extended/timezone/tzcode-native.bb17
-rw-r--r--meta/recipes-extended/timezone/tzdata.bb (renamed from meta/recipes-extended/tzdata/tzdata_2018i.bb)12
-rw-r--r--meta/recipes-extended/tzcode/tzcode-native_2018i.bb30
-rw-r--r--meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch33
-rw-r--r--meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch356
-rw-r--r--meta/recipes-extended/unzip/unzip/CVE-2019-13232_p3.patch121
-rw-r--r--meta/recipes-extended/unzip/unzip_6.0.bb3
-rw-r--r--meta/recipes-extended/wget/wget/CVE-2018-20483_p1.patch73
-rw-r--r--meta/recipes-extended/wget/wget/CVE-2018-20483_p2.patch127
-rw-r--r--meta/recipes-extended/wget/wget/CVE-2019-5953.patch51
-rw-r--r--meta/recipes-extended/wget/wget_1.19.5.bb3
-rw-r--r--meta/recipes-gnome/gnome/adwaita-icon-theme_3.28.0.bb10
-rw-r--r--meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch19
-rw-r--r--meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch20
-rw-r--r--meta/recipes-graphics/cairo/cairo_1.14.12.bb2
-rw-r--r--meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7572.patch114
-rw-r--r--meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7574.patch68
-rw-r--r--meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7575.patch81
-rw-r--r--meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7576.patch80
-rw-r--r--meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7577.patch123
-rw-r--r--meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7578.patch64
-rw-r--r--meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7635.patch63
-rw-r--r--meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7637.patch192
-rw-r--r--meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7638.patch38
-rw-r--r--meta/recipes-graphics/libsdl/libsdl_1.2.15.bb9
-rw-r--r--meta/recipes-graphics/mesa/mesa.inc6
-rw-r--r--meta/recipes-graphics/pango/pango/CVE-2019-1010238.patch38
-rw-r--r--meta/recipes-graphics/pango/pango_1.42.4.bb4
-rw-r--r--meta/recipes-kernel/linux/kernel-devsrc.bb9
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_4.18.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_4.18.bb10
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_4.14.bb20
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_4.18.bb20
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0001-Fix-net-expose-sk-wmem-in-sock_exceed_buf_limit-trac.patch67
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules_2.10.9.bb (renamed from meta/recipes-kernel/lttng/lttng-modules_2.10.7.bb)5
-rw-r--r--meta/recipes-kernel/lttng/lttng-tools/0001-Allow-multiple-attempts-to-connect-to-relayd.patch17
-rw-r--r--meta/recipes-kernel/lttng/lttng-tools_2.9.11.bb (renamed from meta/recipes-kernel/lttng/lttng-tools_2.9.5.bb)4
-rw-r--r--meta/recipes-kernel/lttng/lttng-ust_2.10.3.bb (renamed from meta/recipes-kernel/lttng/lttng-ust_2.10.1.bb)4
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2019-9928.patch33
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.14.4.bb1
-rw-r--r--meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch20
-rw-r--r--meta/recipes-multimedia/libpng/libpng_1.6.36.bb3
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1/0001-a-ulaw-fix-multiple-buffer-overflows-432.patch18
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-12562.patch96
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14245-14246.patch121
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch30
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19432.patch115
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch34
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2019-3832.patch37
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb5
-rw-r--r--meta/recipes-sato/images/core-image-sato-sdk-ptest.bb10
-rw-r--r--meta/recipes-support/atk/at-spi2-core_2.28.0.bb2
-rw-r--r--meta/recipes-support/attr/attr_2.4.47.bb3
-rw-r--r--meta/recipes-support/boost/bjam-native_1.68.0.bb (renamed from meta/recipes-support/boost/bjam-native_1.69.0.bb)0
-rw-r--r--meta/recipes-support/boost/boost-1.68.0.inc (renamed from meta/recipes-support/boost/boost-1.69.0.inc)4
-rw-r--r--meta/recipes-support/boost/boost.inc1
-rw-r--r--meta/recipes-support/boost/boost/0003-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch (renamed from meta/recipes-support/boost/boost/0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch)23
-rw-r--r--meta/recipes-support/boost/boost/reproducibility-add-file-directive-to-assembler.patch243
-rw-r--r--meta/recipes-support/boost/boost_1.68.0.bb (renamed from meta/recipes-support/boost/boost_1.69.0.bb)6
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates_20190110.bb (renamed from meta/recipes-support/ca-certificates/ca-certificates_20180409.bb)2
-rw-r--r--meta/recipes-support/curl/curl/CVE-2018-16890.patch50
-rw-r--r--meta/recipes-support/curl/curl/CVE-2019-3822.patch47
-rw-r--r--meta/recipes-support/curl/curl/CVE-2019-3823.patch55
-rw-r--r--meta/recipes-support/curl/curl/CVE-2019-5435.patch200
-rw-r--r--meta/recipes-support/curl/curl/CVE-2019-5436.patch32
-rw-r--r--meta/recipes-support/curl/curl/CVE-2019-5482.patch68
-rw-r--r--meta/recipes-support/curl/curl_7.61.0.bb6
-rw-r--r--meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch31
-rw-r--r--meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch6
-rw-r--r--meta/recipes-support/gnupg/gnupg/relocate.patch2
-rw-r--r--meta/recipes-support/gnupg/gnupg_2.2.12.bb3
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p1.patch39
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p2.patch871
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch36
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch35
-rw-r--r--meta/recipes-support/gnutls/gnutls_3.6.4.bb4
-rw-r--r--meta/recipes-support/iso-codes/iso-codes_4.1.bb2
-rw-r--r--meta/recipes-support/libcroco/libcroco/CVE-2017-7961.patch45
-rw-r--r--meta/recipes-support/libcroco/libcroco_0.6.12.bb4
-rw-r--r--meta/recipes-support/libexif/libexif/CVE-2016-6328.patch64
-rw-r--r--meta/recipes-support/libexif/libexif/CVE-2018-20030.patch115
-rw-r--r--meta/recipes-support/libexif/libexif_0.6.21.bb4
-rw-r--r--meta/recipes-support/libgcrypt/files/CVE-2019-12904_p1.patch176
-rw-r--r--meta/recipes-support/libgcrypt/files/CVE-2019-12904_p2.patch330
-rw-r--r--meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb2
-rw-r--r--meta/recipes-support/libgpg-error/libgpg-error/libgpg-error-1.35-gawk5-support.patch161
-rw-r--r--meta/recipes-support/libgpg-error/libgpg-error_1.32.bb1
-rw-r--r--meta/recipes-support/libxslt/files/CVE-2019-13117.patch33
-rw-r--r--meta/recipes-support/libxslt/files/CVE-2019-13118.patch76
-rw-r--r--meta/recipes-support/libxslt/libxslt/CVE-2019-11068.patch128
-rw-r--r--meta/recipes-support/libxslt/libxslt_1.1.32.bb5
-rw-r--r--meta/recipes-support/sqlite/files/CVE-2018-20505.patch31
-rw-r--r--meta/recipes-support/sqlite/files/CVE-2018-20506.patch103
-rw-r--r--meta/recipes-support/sqlite/files/CVE-2019-8457.patch126
-rw-r--r--meta/recipes-support/sqlite/sqlite3_3.23.1.bb3
-rwxr-xr-xoe-init-build-env7
-rw-r--r--scripts/lib/devtool/__init__.py1
-rw-r--r--scripts/lib/devtool/standard.py4
-rw-r--r--scripts/lib/recipetool/create.py2
-rw-r--r--scripts/lib/recipetool/create_npm.py1
-rw-r--r--scripts/lib/resulttool/__init__.py0
-rw-r--r--scripts/lib/resulttool/log.py78
-rwxr-xr-xscripts/lib/resulttool/manualexecution.py212
-rw-r--r--scripts/lib/resulttool/merge.py42
-rw-r--r--scripts/lib/resulttool/regression.py192
-rw-r--r--scripts/lib/resulttool/report.py150
-rw-r--r--scripts/lib/resulttool/resultutils.py185
-rw-r--r--scripts/lib/resulttool/store.py102
-rw-r--r--scripts/lib/resulttool/template/test_report_full_text.txt44
-rw-r--r--scripts/lib/scriptutils.py11
-rw-r--r--scripts/lib/wic/plugins/source/bootimg-efi.py6
-rwxr-xr-xscripts/pythondeps8
-rwxr-xr-xscripts/resulttool85
-rwxr-xr-xscripts/runqemu134
-rwxr-xr-xscripts/send-error-report11
-rwxr-xr-xscripts/wic18
358 files changed, 23524 insertions, 2485 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 743bc08a4f..19ed5548b3 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
CVE_VERSION ??= "${PV}"
CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db"
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db"
CVE_CHECK_LOG ?= "${T}/cve.log"
CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
@@ -37,39 +37,39 @@ CVE_CHECK_COPY_FILES ??= "1"
CVE_CHECK_CREATE_MANIFEST ??= "1"
# Whitelist for packages (PN)
-CVE_CHECK_PN_WHITELIST = "\
- glibc-locale \
-"
+CVE_CHECK_PN_WHITELIST ?= ""
-# Whitelist for CVE and version of package
-CVE_CHECK_CVE_WHITELIST = "{\
- 'CVE-2014-2524': ('6.3','5.2',), \
-}"
+# Whitelist for CVE. If a CVE is found, then it is considered patched.
+# The value is a string containing space separated CVE values:
+#
+# CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234'
+#
+CVE_CHECK_WHITELIST ?= ""
python do_cve_check () {
"""
Check recipe for patched and unpatched CVEs
"""
- if os.path.exists(d.getVar("CVE_CHECK_TMP_FILE")):
+ if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
patched_cves = get_patches_cves(d)
patched, unpatched = check_cves(d, patched_cves)
if patched or unpatched:
cve_data = get_cve_info(d, patched + unpatched)
cve_write_data(d, patched, unpatched, cve_data)
else:
- bb.note("Failed to update CVE database, skipping CVE check")
+ bb.note("No CVE database found, skipping CVE check")
+
}
-addtask cve_check after do_unpack before do_build
-do_cve_check[depends] = "cve-check-tool-native:do_populate_sysroot cve-check-tool-native:do_populate_cve_db"
+addtask cve_check before do_build
+do_cve_check[depends] = "cve-update-db-native:do_populate_cve_db"
do_cve_check[nostamp] = "1"
python cve_check_cleanup () {
"""
Delete the file used to gather all the CVE information.
"""
-
bb.utils.remove(e.data.getVar("CVE_CHECK_TMP_FILE"))
}
@@ -163,89 +163,121 @@ def get_patches_cves(d):
def check_cves(d, patched_cves):
"""
- Run cve-check-tool looking for patched and unpatched CVEs.
+ Connect to the NVD database and find unpatched cves.
"""
+ from distutils.version import LooseVersion
- import ast, csv, tempfile, subprocess, io
-
- cves_patched = []
cves_unpatched = []
- bpn = d.getVar("CVE_PRODUCT")
+ # CVE_PRODUCT can contain more than one product (eg. curl/libcurl)
+ products = d.getVar("CVE_PRODUCT").split()
# If this has been unset then we're not scanning for CVEs here (for example, image recipes)
- if not bpn:
+ if not products:
return ([], [])
pv = d.getVar("CVE_VERSION").split("+git")[0]
- cves = " ".join(patched_cves)
- cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")
- cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST"))
- cve_cmd = "cve-check-tool"
- cmd = [cve_cmd, "--no-html", "--skip-update", "--csv", "--not-affected", "-t", "faux", "-d", cve_db_dir]
# If the recipe has been whitlisted we return empty lists
if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split():
bb.note("Recipe has been whitelisted, skipping check")
return ([], [])
- try:
- # Write the faux CSV file to be used with cve-check-tool
- fd, faux = tempfile.mkstemp(prefix="cve-faux-")
- with os.fdopen(fd, "w") as f:
- for pn in bpn.split():
- f.write("%s,%s,%s,\n" % (pn, pv, cves))
- cmd.append(faux)
-
- output = subprocess.check_output(cmd).decode("utf-8")
- bb.debug(2, "Output of command %s:\n%s" % ("\n".join(cmd), output))
- except subprocess.CalledProcessError as e:
- bb.warn("Couldn't check for CVEs: %s (output %s)" % (e, e.output))
- finally:
- os.remove(faux)
-
- for row in csv.reader(io.StringIO(output)):
- # Third row has the unpatched CVEs
- if row[2]:
- for cve in row[2].split():
- # Skip if the CVE has been whitlisted for the current version
- if pv in cve_whitelist.get(cve,[]):
- bb.note("%s-%s has been whitelisted for %s" % (bpn, pv, cve))
+ old_cve_whitelist = d.getVar("CVE_CHECK_CVE_WHITELIST")
+ if old_cve_whitelist:
+ bb.warn("CVE_CHECK_CVE_WHITELIST is deprecated, please use CVE_CHECK_WHITELIST.")
+ cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
+
+ import sqlite3
+ db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
+ conn = sqlite3.connect(db_file, uri=True)
+
+ # For each of the known product names (e.g. curl has CPEs using curl and libcurl)...
+ for product in products:
+ if ":" in product:
+ vendor, product = product.split(":", 1)
+ else:
+ vendor = "%"
+
+ # Find all relevant CVE IDs.
+ for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)):
+ cve = cverow[0]
+
+ if cve in cve_whitelist:
+ bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))
+ # TODO: this should be in the report as 'whitelisted'
+ patched_cves.add(cve)
+ continue
+ elif cve in patched_cves:
+ bb.note("%s has been patched" % (cve))
+ continue
+
+ vulnerable = False
+ for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)):
+ (_, _, _, version_start, operator_start, version_end, operator_end) = row
+ #bb.debug(2, "Evaluating row " + str(row))
+
+ if (operator_start == '=' and pv == version_start):
+ vulnerable = True
else:
+ if operator_start:
+ try:
+ vulnerable_start = (operator_start == '>=' and LooseVersion(pv) >= LooseVersion(version_start))
+ vulnerable_start |= (operator_start == '>' and LooseVersion(pv) > LooseVersion(version_start))
+ except:
+ bb.warn("%s: Failed to compare %s %s %s for %s" %
+ (product, pv, operator_start, version_start, cve))
+ vulnerable_start = False
+ else:
+ vulnerable_start = False
+
+ if operator_end:
+ try:
+ vulnerable_end = (operator_end == '<=' and LooseVersion(pv) <= LooseVersion(version_end))
+ vulnerable_end |= (operator_end == '<' and LooseVersion(pv) < LooseVersion(version_end))
+ except:
+ bb.warn("%s: Failed to compare %s %s %s for %s" %
+ (product, pv, operator_end, version_end, cve))
+ vulnerable_end = False
+ else:
+ vulnerable_end = False
+
+ if operator_start and operator_end:
+ vulnerable = vulnerable_start and vulnerable_end
+ else:
+ vulnerable = vulnerable_start or vulnerable_end
+
+ if vulnerable:
+ bb.note("%s-%s is vulnerable to %s" % (product, pv, cve))
cves_unpatched.append(cve)
- bb.debug(2, "%s-%s is not patched for %s" % (bpn, pv, cve))
- # Fourth row has patched CVEs
- if row[3]:
- for cve in row[3].split():
- cves_patched.append(cve)
- bb.debug(2, "%s-%s is patched for %s" % (bpn, pv, cve))
+ break
+
+ if not vulnerable:
+ bb.note("%s-%s is not vulnerable to %s" % (product, pv, cve))
+ # TODO: not patched but not vulnerable
+ patched_cves.add(cve)
+
+ conn.close()
- return (cves_patched, cves_unpatched)
+ return (list(patched_cves), cves_unpatched)
def get_cve_info(d, cves):
"""
- Get CVE information from the database used by cve-check-tool.
-
- Unfortunately the only way to get CVE info is set the output to
- html (hard to parse) or query directly the database.
+ Get CVE information from the database.
"""
- try:
- import sqlite3
- except ImportError:
- from pysqlite2 import dbapi2 as sqlite3
+ import sqlite3
cve_data = {}
- db_file = d.getVar("CVE_CHECK_DB_FILE")
- placeholder = ",".join("?" * len(cves))
- query = "SELECT * FROM NVD WHERE id IN (%s)" % placeholder
- conn = sqlite3.connect(db_file)
- cur = conn.cursor()
- for row in cur.execute(query, tuple(cves)):
- cve_data[row[0]] = {}
- cve_data[row[0]]["summary"] = row[1]
- cve_data[row[0]]["score"] = row[2]
- cve_data[row[0]]["modified"] = row[3]
- cve_data[row[0]]["vector"] = row[4]
- conn.close()
+ conn = sqlite3.connect(d.getVar("CVE_CHECK_DB_FILE"))
+ for cve in cves:
+ for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)):
+ cve_data[row[0]] = {}
+ cve_data[row[0]]["summary"] = row[1]
+ cve_data[row[0]]["scorev2"] = row[2]
+ cve_data[row[0]]["scorev3"] = row[3]
+ cve_data[row[0]]["modified"] = row[4]
+ cve_data[row[0]]["vector"] = row[5]
+
+ conn.close()
return cve_data
def cve_write_data(d, patched, unpatched, cve_data):
@@ -270,7 +302,8 @@ def cve_write_data(d, patched, unpatched, cve_data):
unpatched_cves.append(cve)
write_string += "CVE STATUS: Unpatched\n"
write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"]
- write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["score"]
+ write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"]
+ write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"]
write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
diff --git a/meta/classes/image_types.bbclass b/meta/classes/image_types.bbclass
index 0a69542fcc..c7d9b8d96d 100644
--- a/meta/classes/image_types.bbclass
+++ b/meta/classes/image_types.bbclass
@@ -171,7 +171,9 @@ multiubi_mkfs() {
echo vol_type=dynamic >> ubinize${vname}-${IMAGE_NAME}.cfg
echo vol_name=${UBI_VOLNAME} >> ubinize${vname}-${IMAGE_NAME}.cfg
echo vol_flags=autoresize >> ubinize${vname}-${IMAGE_NAME}.cfg
- mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs ${mkubifs_args}
+ if [ -n "$vname" ]; then
+ mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs ${mkubifs_args}
+ fi
ubinize -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubi ${ubinize_args} ubinize${vname}-${IMAGE_NAME}.cfg
# Cleanup cfg file
@@ -205,6 +207,7 @@ IMAGE_CMD_multiubi () {
IMAGE_CMD_ubi () {
multiubi_mkfs "${MKUBIFS_ARGS}" "${UBINIZE_ARGS}"
}
+IMAGE_TYPEDEP_ubi = "ubifs"
IMAGE_CMD_ubifs = "mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.ubifs ${MKUBIFS_ARGS}"
diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index 45cb4fabc1..c72d1fe78a 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -224,9 +224,11 @@ copy_initramfs() {
break
;;
esac
+ break
fi
done
- echo "Finished copy of initramfs into ./usr"
+ # Verify that the above loop found a initramfs, fail otherwise
+ [ -f ${B}/usr/${INITRAMFS_IMAGE_NAME}.cpio ] && echo "Finished copy of initramfs into ./usr" || die "Could not find any ${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE_NAME}.cpio{.gz|.lz4|.lzo|.lzma|.xz) for bundling; INITRAMFS_IMAGE_NAME might be wrong."
}
do_bundle_initramfs () {
@@ -449,7 +451,7 @@ do_shared_workdir () {
cp .config $kerneldir/
mkdir -p $kerneldir/include/config
cp include/config/kernel.release $kerneldir/include/config/kernel.release
- if [ -e certs/signing_key.pem ]; then
+ if [ -e certs/signing_key.x509 ]; then
# The signing_key.* files are stored in the certs/ dir in
# newer Linux kernels
mkdir -p $kerneldir/certs
diff --git a/meta/classes/populate_sdk_ext.bbclass b/meta/classes/populate_sdk_ext.bbclass
index 40b0375e0b..9bab54c6bd 100644
--- a/meta/classes/populate_sdk_ext.bbclass
+++ b/meta/classes/populate_sdk_ext.bbclass
@@ -574,8 +574,8 @@ sdk_ext_preinst() {
exit 1
fi
# The relocation script used by buildtools installer requires python
- if ! command -v python > /dev/null; then
- echo "ERROR: The installer requires python, please install it first"
+ if ! command -v python3 > /dev/null; then
+ echo "ERROR: The installer requires python3, please install it first"
exit 1
fi
missing_utils=""
@@ -634,7 +634,7 @@ sdk_ext_postinst() {
# current working directory when first ran, nor will it set $1 when
# sourcing a script. That is why this has to look so ugly.
LOGFILE="$target_sdk_dir/preparing_build_system.log"
- sh -c ". buildtools/environment-setup* > $LOGFILE && cd $target_sdk_dir/`dirname ${oe_init_build_env_path}` && set $target_sdk_dir && . $target_sdk_dir/${oe_init_build_env_path} $target_sdk_dir >> $LOGFILE && python $target_sdk_dir/ext-sdk-prepare.py $LOGFILE '${SDK_INSTALL_TARGETS}'" || { echo "printf 'ERROR: this SDK was not fully installed and needs reinstalling\n'" >> $env_setup_script ; exit 1 ; }
+ sh -c ". buildtools/environment-setup* > $LOGFILE && cd $target_sdk_dir/`dirname ${oe_init_build_env_path}` && set $target_sdk_dir && . $target_sdk_dir/${oe_init_build_env_path} $target_sdk_dir >> $LOGFILE && python3 $target_sdk_dir/ext-sdk-prepare.py $LOGFILE '${SDK_INSTALL_TARGETS}'" || { echo "printf 'ERROR: this SDK was not fully installed and needs reinstalling\n'" >> $env_setup_script ; exit 1 ; }
rm $target_sdk_dir/ext-sdk-prepare.py
fi
echo done
diff --git a/meta/classes/rm_work.bbclass b/meta/classes/rm_work.bbclass
index 10e134b958..c478f4a187 100644
--- a/meta/classes/rm_work.bbclass
+++ b/meta/classes/rm_work.bbclass
@@ -164,8 +164,7 @@ python inject_rm_work() {
# Determine what do_build depends upon, without including do_build
# itself or our own special do_rm_work_all.
- deps = set(bb.build.preceedtask('do_build', True, d))
- deps.difference_update(('do_build', 'do_rm_work_all'))
+ deps = sorted((set(bb.build.preceedtask('do_build', True, d))).difference(('do_build', 'do_rm_work_all')) or "")
# deps can be empty if do_build doesn't exist, e.g. *-inital recipes
if not deps:
diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass
index cb8c12acce..3479228307 100644
--- a/meta/classes/testimage.bbclass
+++ b/meta/classes/testimage.bbclass
@@ -314,7 +314,8 @@ def testimage_main(d):
configuration = get_testimage_configuration(d, 'runtime', machine)
results.logDetails(get_testimage_json_result_dir(d),
configuration,
- get_testimage_result_id(configuration))
+ get_testimage_result_id(configuration),
+ dump_streams=d.getVar('TESTREPORT_FULLLOGS'))
results.logSummary(pn)
if not results.wasSuccessful():
bb.fatal('%s - FAILED - check the task log and the ssh log' % pn, forcelog=True)
diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass
index 8ee904e7df..afaf46fe14 100644
--- a/meta/classes/uboot-sign.bbclass
+++ b/meta/classes/uboot-sign.bbclass
@@ -80,16 +80,16 @@ do_concat_dtb () {
}
python () {
- uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'
- if d.getVar('UBOOT_SIGN_ENABLE') == '1' and d.getVar('PN') == uboot_pn:
- kernel_pn = d.getVar('PREFERRED_PROVIDER_virtual/kernel')
+ uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'
+ if d.getVar('UBOOT_SIGN_ENABLE') == '1' and d.getVar('PN') == uboot_pn:
+ kernel_pn = d.getVar('PREFERRED_PROVIDER_virtual/kernel')
- # u-boot.dtb and u-boot-nodtb.bin are deployed _before_ do_deploy
- # Thus, do_deploy_setscene will also populate them in DEPLOY_IMAGE_DIR
- bb.build.addtask('do_deploy_dtb', 'do_deploy', 'do_compile', d)
+ # u-boot.dtb and u-boot-nodtb.bin are deployed _before_ do_deploy
+ # Thus, do_deploy_setscene will also populate them in DEPLOY_IMAGE_DIR
+ bb.build.addtask('do_deploy_dtb', 'do_deploy', 'do_compile', d)
- # do_concat_dtb is scheduled _before_ do_install as it overwrite the
- # u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR.
- bb.build.addtask('do_concat_dtb', 'do_install', None, d)
- d.appendVarFlag('do_concat_dtb', 'depends', ' %s:do_assemble_fitimage' % kernel_pn)
+ # do_concat_dtb is scheduled _before_ do_install as it overwrite the
+ # u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR.
+ bb.build.addtask('do_concat_dtb', 'do_install', None, d)
+ d.appendVarFlag('do_concat_dtb', 'depends', ' %s:do_assemble_fitimage' % kernel_pn)
}
diff --git a/meta/classes/uninative.bbclass b/meta/classes/uninative.bbclass
index ba99fb6e8f..3326c0db3d 100644
--- a/meta/classes/uninative.bbclass
+++ b/meta/classes/uninative.bbclass
@@ -2,7 +2,7 @@ UNINATIVE_LOADER ?= "${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux/lib/
UNINATIVE_STAGING_DIR ?= "${STAGING_DIR}"
UNINATIVE_URL ?= "unset"
-UNINATIVE_TARBALL ?= "${BUILD_ARCH}-nativesdk-libc.tar.bz2"
+UNINATIVE_TARBALL ?= "${BUILD_ARCH}-nativesdk-libc.tar.xz"
# Example checksums
#UNINATIVE_CHECKSUM[aarch64] = "dead"
#UNINATIVE_CHECKSUM[i686] = "dead"
@@ -89,7 +89,7 @@ python uninative_event_fetchloader() {
cmd = d.expand("\
mkdir -p ${UNINATIVE_STAGING_DIR}-uninative; \
cd ${UNINATIVE_STAGING_DIR}-uninative; \
-tar -xjf ${UNINATIVE_DLDIR}/%s/${UNINATIVE_TARBALL}; \
+tar -xJf ${UNINATIVE_DLDIR}/%s/${UNINATIVE_TARBALL}; \
${UNINATIVE_STAGING_DIR}-uninative/relocate_sdk.py \
${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux \
${UNINATIVE_LOADER} \
diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
index 672f067792..8eb5e7a864 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -81,6 +81,7 @@ RECIPE_MAINTAINER_pn-build-appliance-image = "Richard Purdie <richard.purdie@lin
RECIPE_MAINTAINER_pn-build-compare = "Paul Eggleton <paul.eggleton@linux.intel.com>"
RECIPE_MAINTAINER_pn-build-sysroots = "Richard Purdie <richard.purdie@linuxfoundation.org>"
RECIPE_MAINTAINER_pn-builder = "Richard Purdie <richard.purdie@linuxfoundation.org>"
+RECIPE_MAINTAINER_pn-buildtools-extended-tarball = "Richard Purdie <richard.purdie@linuxfoundation.org>"
RECIPE_MAINTAINER_pn-buildtools-tarball = "Richard Purdie <richard.purdie@linuxfoundation.org>"
RECIPE_MAINTAINER_pn-busybox = "Andrej Valek <andrej.valek@siemens.com>"
RECIPE_MAINTAINER_pn-busybox-inittab = "Denys Dmytriyenko <denys@ti.com>"
@@ -116,6 +117,7 @@ RECIPE_MAINTAINER_pn-cryptodev-tests = "Robert Yang <liezhi.yang@windriver.com>"
RECIPE_MAINTAINER_pn-cups = "Chen Qi <Qi.Chen@windriver.com>"
RECIPE_MAINTAINER_pn-curl = "Armin Kuster <akuster808@gmail.com>"
RECIPE_MAINTAINER_pn-cve-check-tool = "Ross Burton <ross.burton@intel.com>"
+RECIPE_MAINTAINER_pn-cve-update-db-native = "Ross Burton <ross.burton@intel.com>"
RECIPE_MAINTAINER_pn-cwautomacros = "Ross Burton <ross.burton@intel.com>"
RECIPE_MAINTAINER_pn-db = "Mark Hatle <mark.hatle@windriver.com>"
RECIPE_MAINTAINER_pn-dbus = "Chen Qi <Qi.Chen@windriver.com>"
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index c9d502ba4f..69b6edee5f 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,10 +6,9 @@
# to the distro running on the build machine.
#
-UNINATIVE_MAXGLIBCVERSION = "2.28"
-
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.3/"
-UNINATIVE_CHECKSUM[aarch64] ?= "b7fbbaad1ec86d76eca84d83098f50525b8a4124cc8685eaed"
-UNINATIVE_CHECKSUM[i686] ?= "44253cddbf629082568cea4fff59419106871a0cf81b4845b5d34e7014887b20"
-UNINATIVE_CHECKSUM[x86_64] ?= "c6954563dad3c95608117c6fc328099036c832bbd924ebf5fdccb622fc0a8684"
+UNINATIVE_MAXGLIBCVERSION = "2.32"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.9/"
+UNINATIVE_CHECKSUM[aarch64] ?= "9f25a667aee225b1dd65c4aea73e01983e825b1cb9b56937932a1ee328b45f81"
+UNINATIVE_CHECKSUM[i686] ?= "cae5d73245d95b07cf133b780ba3f6c8d0adca3ffc4e7e7fab999961d5e24d36"
+UNINATIVE_CHECKSUM[x86_64] ?= "d07916b95c419c81541a19c8ef0ed8cbd78ae18437ff28a4c8a60ef40518e423"
diff --git a/meta/conf/machine/include/arm/arch-arm64.inc b/meta/conf/machine/include/arm/arch-arm64.inc
index 5f90763f7f..53f4566815 100644
--- a/meta/conf/machine/include/arm/arch-arm64.inc
+++ b/meta/conf/machine/include/arm/arch-arm64.inc
@@ -4,7 +4,7 @@ require conf/machine/include/arm/arch-armv7ve.inc
TUNEVALID[aarch64] = "Enable instructions for aarch64"
-MACHINEOVERRIDES .= "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', ':aarch64', '' ,d)}"
+MACHINEOVERRIDES =. "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', 'aarch64:', '' ,d)}"
# Little Endian base configs
AVAILTUNES += "aarch64 aarch64_be"
diff --git a/meta/files/toolchain-shar-extract.sh b/meta/files/toolchain-shar-extract.sh
index 9eabd62630..6c4d14a038 100644
--- a/meta/files/toolchain-shar-extract.sh
+++ b/meta/files/toolchain-shar-extract.sh
@@ -1,13 +1,8 @@
#!/bin/sh
-[ -z "$ENVCLEANED" ] && exec /usr/bin/env -i ENVCLEANED=1 HOME="$HOME" \
- LC_ALL=en_US.UTF-8 \
- TERM=$TERM \
- ICECC_PATH="$ICECC_PATH" \
- http_proxy="$http_proxy" https_proxy="$https_proxy" ftp_proxy="$ftp_proxy" \
- no_proxy="$no_proxy" all_proxy="$all_proxy" GIT_PROXY_COMMAND="$GIT_PROXY_COMMAND" "$0" "$@"
-[ -f /etc/environment ] && . /etc/environment
-export PATH=`echo "$PATH" | sed -e 's/:\.//' -e 's/::/:/'`
+export LC_ALL=en_US.UTF-8
+# Remove invalid PATH elements first (maybe from a previously setup toolchain now deleted
+PATH=`python3 -c 'import os; print(":".join(e for e in os.environ["PATH"].split(":") if os.path.exists(e)))'`
tweakpath () {
case ":${PATH}:" in
diff --git a/meta/lib/oe/buildhistory_analysis.py b/meta/lib/oe/buildhistory_analysis.py
index ad7fceb8bb..d3cde4f650 100644
--- a/meta/lib/oe/buildhistory_analysis.py
+++ b/meta/lib/oe/buildhistory_analysis.py
@@ -127,7 +127,7 @@ class ChangeRecord:
removed = list(set(aitems) - set(bitems))
added = list(set(bitems) - set(aitems))
- if not removed and not added:
+ if not removed and not added and self.fieldname in ['RPROVIDES', 'RDEPENDS', 'RRECOMMENDS', 'RSUGGESTS', 'RREPLACES', 'RCONFLICTS']:
depvera = bb.utils.explode_dep_versions2(self.oldvalue, sort=False)
depverb = bb.utils.explode_dep_versions2(self.newvalue, sort=False)
for i, j in zip(depvera.items(), depverb.items()):
diff --git a/meta/lib/oe/sdk.py b/meta/lib/oe/sdk.py
index 153b07d76b..ef81f8cf60 100644
--- a/meta/lib/oe/sdk.py
+++ b/meta/lib/oe/sdk.py
@@ -84,10 +84,6 @@ class Sdk(object, metaclass=ABCMeta):
bb.warn("cannot remove SDK dir: %s" % path)
def install_locales(self, pm):
- # This is only relevant for glibc
- if self.d.getVar("TCLIBC") != "glibc":
- return
-
linguas = self.d.getVar("SDKIMAGE_LINGUAS")
if linguas:
import fnmatch
diff --git a/meta/lib/oe/utils.py b/meta/lib/oe/utils.py
index 8a584d6ddd..96ebc36b8b 100644
--- a/meta/lib/oe/utils.py
+++ b/meta/lib/oe/utils.py
@@ -370,7 +370,7 @@ def host_gcc_version(d, taskcontextonly=False):
except subprocess.CalledProcessError as e:
bb.fatal("Error running %s --version: %s" % (compiler, e.output.decode("utf-8")))
- match = re.match(".* (\d\.\d)\.\d.*", output.split('\n')[0])
+ match = re.match(r".* (\d+\.\d+)\.\d+.*", output.split('\n')[0])
if not match:
bb.fatal("Can't get compiler version from %s --version output" % compiler)
diff --git a/meta/lib/oeqa/core/runner.py b/meta/lib/oeqa/core/runner.py
index df88b85f1c..65be679b43 100644
--- a/meta/lib/oeqa/core/runner.py
+++ b/meta/lib/oeqa/core/runner.py
@@ -7,6 +7,7 @@ import unittest
import logging
import re
import json
+import sys
from unittest import TextTestResult as _TestResult
from unittest import TextTestRunner as _TestRunner
@@ -45,6 +46,9 @@ class OETestResult(_TestResult):
self.tc = tc
+ # stdout and stderr for each test case
+ self.logged_output = {}
+
def startTest(self, test):
# May have been set by concurrencytest
if test.id() not in self.starttime:
@@ -53,6 +57,9 @@ class OETestResult(_TestResult):
def stopTest(self, test):
self.endtime[test.id()] = time.time()
+ if self.buffer:
+ self.logged_output[test.id()] = (
+ sys.stdout.getvalue(), sys.stderr.getvalue())
super(OETestResult, self).stopTest(test)
if test.id() in self.progressinfo:
self.tc.logger.info(self.progressinfo[test.id()])
@@ -81,11 +88,17 @@ class OETestResult(_TestResult):
def _getTestResultDetails(self, case):
result_types = {'failures': 'FAILED', 'errors': 'ERROR', 'skipped': 'SKIPPED',
- 'expectedFailures': 'EXPECTEDFAIL', 'successes': 'PASSED'}
+ 'expectedFailures': 'EXPECTEDFAIL', 'successes': 'PASSED',
+ 'unexpectedSuccesses' : 'PASSED'}
for rtype in result_types:
found = False
- for (scase, msg) in getattr(self, rtype):
+ for resultclass in getattr(self, rtype):
+ # unexpectedSuccesses are just lists, not lists of tuples
+ if isinstance(resultclass, tuple):
+ scase, msg = resultclass
+ else:
+ scase, msg = resultclass, None
if case.id() == scase.id():
found = True
break
@@ -93,13 +106,13 @@ class OETestResult(_TestResult):
# When fails at module or class level the class name is passed as string
# so figure out to see if match
- m = re.search(r"^setUpModule \((?P<module_name>.*)\)$", scase_str)
+ m = re.search(r"^setUpModule \((?P<module_name>.*)\).*$", scase_str)
if m:
if case.__class__.__module__ == m.group('module_name'):
found = True
break
- m = re.search(r"^setUpClass \((?P<class_name>.*)\)$", scase_str)
+ m = re.search(r"^setUpClass \((?P<class_name>.*)\).*$", scase_str)
if m:
class_name = "%s.%s" % (case.__class__.__module__,
case.__class__.__name__)
@@ -118,7 +131,8 @@ class OETestResult(_TestResult):
self.successes.append((test, None))
super(OETestResult, self).addSuccess(test)
- def logDetails(self, json_file_dir=None, configuration=None, result_id=None):
+ def logDetails(self, json_file_dir=None, configuration=None, result_id=None,
+ dump_streams=False):
self.tc.logger.info("RESULTS:")
result = {}
@@ -144,10 +158,14 @@ class OETestResult(_TestResult):
if status not in logs:
logs[status] = []
logs[status].append("RESULTS - %s - Testcase %s: %s%s" % (case.id(), oeid, status, t))
+ report = {'status': status}
if log:
- result[case.id()] = {'status': status, 'log': log}
- else:
- result[case.id()] = {'status': status}
+ report['log'] = log
+ if dump_streams and case.id() in self.logged_output:
+ (stdout, stderr) = self.logged_output[case.id()]
+ report['stdout'] = stdout
+ report['stderr'] = stderr
+ result[case.id()] = report
for i in ['PASSED', 'SKIPPED', 'EXPECTEDFAIL', 'ERROR', 'FAILED', 'UNKNOWN']:
if i not in logs:
diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py
index 8ff1f6c677..0c09ddf518 100644
--- a/meta/lib/oeqa/core/target/ssh.py
+++ b/meta/lib/oeqa/core/target/ssh.py
@@ -207,7 +207,7 @@ def SSHCall(command, logger, timeout=None, **opts):
logger.debug('time: %s, endtime: %s' % (time.time(), endtime))
try:
if select.select([process.stdout], [], [], 5)[0] != []:
- reader = codecs.getreader('utf-8')(process.stdout)
+ reader = codecs.getreader('utf-8')(process.stdout, 'ignore')
data = reader.read(1024, 4096)
if not data:
process.stdout.close()
@@ -234,7 +234,7 @@ def SSHCall(command, logger, timeout=None, **opts):
output += lastline
else:
- output = process.communicate()[0].decode("utf-8", errors='replace')
+ output = process.communicate()[0].decode('utf-8', errors='ignore')
logger.debug('Data from SSH call: %s' % output.rstrip())
options = {
diff --git a/meta/lib/oeqa/core/utils/concurrencytest.py b/meta/lib/oeqa/core/utils/concurrencytest.py
index f050289e61..3e0e5d770c 100644
--- a/meta/lib/oeqa/core/utils/concurrencytest.py
+++ b/meta/lib/oeqa/core/utils/concurrencytest.py
@@ -19,6 +19,7 @@ import testtools
import threading
import time
import io
+import subunit
from queue import Queue
from itertools import cycle
@@ -50,10 +51,11 @@ class BBThreadsafeForwardingResult(ThreadsafeForwardingResult):
def _add_result_with_semaphore(self, method, test, *args, **kwargs):
self.semaphore.acquire()
try:
- self.result.starttime[test.id()] = self._test_start.timestamp()
- self.result.threadprogress[self.threadnum].append(test.id())
- totalprogress = sum(len(x) for x in self.result.threadprogress.values())
- self.result.progressinfo[test.id()] = "%s: %s/%s %s/%s (%ss) (%s)" % (
+ if self._test_start:
+ self.result.starttime[test.id()] = self._test_start.timestamp()
+ self.result.threadprogress[self.threadnum].append(test.id())
+ totalprogress = sum(len(x) for x in self.result.threadprogress.values())
+ self.result.progressinfo[test.id()] = "%s: %s/%s %s/%s (%ss) (%s)" % (
self.threadnum,
len(self.result.threadprogress[self.threadnum]),
self.totalinprocess,
@@ -66,6 +68,23 @@ class BBThreadsafeForwardingResult(ThreadsafeForwardingResult):
super(BBThreadsafeForwardingResult, self)._add_result_with_semaphore(method, test, *args, **kwargs)
#
+# We have to patch subunit since it doesn't understand how to handle addError
+# outside of a running test case. This can happen if classSetUp() fails
+# for a class of tests. This unfortunately has horrible internal knowledge.
+#
+def outSideTestaddError(self, offset, line):
+ """An 'error:' directive has been read."""
+ test_name = line[offset:-1].decode('utf8')
+ self.parser._current_test = subunit.RemotedTestCase(test_name)
+ self.parser.current_test_description = test_name
+ self.parser._state = self.parser._reading_error_details
+ self.parser._reading_error_details.set_simple()
+ self.parser.subunitLineReceived(line)
+
+subunit._OutSideTest.addError = outSideTestaddError
+
+
+#
# A dummy structure to add to io.StringIO so that the .buffer object
# is available and accepts writes. This allows unittest with buffer=True
# to interact ok with subunit which wants to access sys.stdout.buffer.
@@ -175,7 +194,7 @@ def fork_for_tests(concurrency_num, suite):
oe.path.copytree(selftestdir, newselftestdir)
for e in os.environ:
- if builddir in os.environ[e]:
+ if builddir + "/" in os.environ[e] or os.environ[e].endswith(builddir):
os.environ[e] = os.environ[e].replace(builddir, newbuilddir)
subprocess.check_output("git init; git add *; git commit -a -m 'initial'", cwd=newselftestdir, shell=True)
diff --git a/meta/lib/oeqa/files/testresults/testresults.json b/meta/lib/oeqa/files/testresults/testresults.json
new file mode 100644
index 0000000000..1a62155618
--- /dev/null
+++ b/meta/lib/oeqa/files/testresults/testresults.json
@@ -0,0 +1,40 @@
+{
+ "runtime_core-image-minimal_qemuarm_20181225195701": {
+ "configuration": {
+ "DISTRO": "poky",
+ "HOST_DISTRO": "ubuntu-16.04",
+ "IMAGE_BASENAME": "core-image-minimal",
+ "IMAGE_PKGTYPE": "rpm",
+ "LAYERS": {
+ "meta": {
+ "branch": "master",
+ "commit": "801745d918e83f976c706f29669779f5b292ade3",
+ "commit_count": 52782
+ },
+ "meta-poky": {
+ "branch": "master",
+ "commit": "801745d918e83f976c706f29669779f5b292ade3",
+ "commit_count": 52782
+ },
+ "meta-yocto-bsp": {
+ "branch": "master",
+ "commit": "801745d918e83f976c706f29669779f5b292ade3",
+ "commit_count": 52782
+ }
+ },
+ "MACHINE": "qemuarm",
+ "STARTTIME": "20181225195701",
+ "TEST_TYPE": "runtime"
+ },
+ "result": {
+ "apt.AptRepoTest.test_apt_install_from_repo": {
+ "log": "Test requires apt to be installed",
+ "status": "PASSED"
+ },
+ "buildcpio.BuildCpioTest.test_cpio": {
+ "log": "Test requires autoconf to be installed",
+ "status": "ERROR"
+ }
+ }
+ }
+} \ No newline at end of file
diff --git a/meta/lib/oeqa/manual/bsp-hw.json b/meta/lib/oeqa/manual/bsp-hw.json
index a2b1d3e0b0..4b7c76f70f 100644
--- a/meta/lib/oeqa/manual/bsp-hw.json
+++ b/meta/lib/oeqa/manual/bsp-hw.json
@@ -1,7 +1,7 @@
[
{
"test": {
- "@alias": "bsps-hw.bsps-tools.rpm_-__install_dependency_package",
+ "@alias": "bsps-hw.bsps-hw.rpm_-__install_dependency_package",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -27,7 +27,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.boot_and_install_from_USB",
+ "@alias": "bsps-hw.bsps-hw.boot_and_install_from_USB",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -61,7 +61,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.live_boot_from_USB",
+ "@alias": "bsps-hw.bsps-hw.live_boot_from_USB",
"author": [
{
"email": "juan.fernandox.ramos.frayle@intel.com",
@@ -87,7 +87,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.boot_from_runlevel_3",
+ "@alias": "bsps-hw.bsps-hw.boot_from_runlevel_3",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -121,7 +121,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.boot_from_runlevel_5",
+ "@alias": "bsps-hw.bsps-hw.boot_from_runlevel_5",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -151,7 +151,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.shutdown_system",
+ "@alias": "bsps-hw.bsps-hw.shutdown_system",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -173,7 +173,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.reboot_system",
+ "@alias": "bsps-hw.bsps-hw.reboot_system",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -195,7 +195,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.switch_among_multi_applications_and_desktop",
+ "@alias": "bsps-hw.bsps-hw.switch_among_multi_applications_and_desktop",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -225,7 +225,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.USB_-_mount",
+ "@alias": "bsps-hw.bsps-hw.USB_-_mount",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -251,7 +251,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.USB_-_read_files",
+ "@alias": "bsps-hw.bsps-hw.USB_-_read_files",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -281,7 +281,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.USB_-_umount",
+ "@alias": "bsps-hw.bsps-hw.USB_-_umount",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -307,7 +307,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.USB_-_write_files",
+ "@alias": "bsps-hw.bsps-hw.USB_-_write_files",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -333,7 +333,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.ethernet_static_ip_set_in_connman",
+ "@alias": "bsps-hw.bsps-hw.ethernet_static_ip_set_in_connman",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -367,7 +367,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.ethernet_get_IP_in_connman_via_DHCP",
+ "@alias": "bsps-hw.bsps-hw.ethernet_get_IP_in_connman_via_DHCP",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -397,7 +397,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-tools.connman_offline_mode_in_connman-gnome",
+ "@alias": "bsps-hw.bsps-hw.connman_offline_mode_in_connman-gnome",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -419,7 +419,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.X_server_can_start_up_with_runlevel_5_boot",
+ "@alias": "bsps-hw.bsps-hw.X_server_can_start_up_with_runlevel_5_boot",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -441,7 +441,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.standby",
+ "@alias": "bsps-hw.bsps-hw.standby",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -475,7 +475,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.check_CPU_utilization_after_standby",
+ "@alias": "bsps-hw.bsps-hw.check_CPU_utilization_after_standby",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -505,7 +505,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.Test_if_LAN_device_works_well_after_resume_from_suspend_state",
+ "@alias": "bsps-hw.bsps-hw.Test_if_LAN_device_works_well_after_resume_from_suspend_state",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -535,7 +535,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.Test_if_usb_hid_device_works_well_after_resume_from_suspend_state",
+ "@alias": "bsps-hw.bsps-hw.Test_if_usb_hid_device_works_well_after_resume_from_suspend_state",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -565,7 +565,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-tools.click_terminal_icon_on_X_desktop",
+ "@alias": "bsps-hw.bsps-hw.click_terminal_icon_on_X_desktop",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -587,7 +587,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-tools.Add_multiple_files_in_media_player",
+ "@alias": "bsps-hw.bsps-hw.Add_multiple_files_in_media_player",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -613,7 +613,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.check_bash_in_image",
+ "@alias": "bsps-hw.bsps-hw.check_bash_in_image",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -631,7 +631,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.MicroSD_-__mount",
+ "@alias": "bsps-hw.bsps-hw.MicroSD_-__mount",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -653,7 +653,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.MicroSD_-__read_files",
+ "@alias": "bsps-hw.bsps-hw.MicroSD_-__read_files",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -683,7 +683,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.MicroSD_-__umount",
+ "@alias": "bsps-hw.bsps-hw.MicroSD_-__umount",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -713,7 +713,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.MicroSD_-__write_files",
+ "@alias": "bsps-hw.bsps-hw.MicroSD_-__write_files",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -743,7 +743,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-tools.video_-_libva_check_(ogg_video_play)",
+ "@alias": "bsps-hw.bsps-hw.video_-_libva_check_(ogg_video_play)",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -769,29 +769,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-tools.media_player_-_unable_to_play_MPEG-1_without_\"commercial\"_flag",
- "author": [
- {
- "email": "alexandru.c.georgescu@intel.com",
- "name": "alexandru.c.georgescu@intel.com"
- }
- ],
- "execution": {
- "1": {
- "action": "Copy sample MPEG-1 file to a system without the \"commercial\" flag.",
- "expected_results": ""
- },
- "2": {
- "action": "Launch media player and make sure it cannot play the MPEG-1 file.",
- "expected_results": "MPEG-1 file can not be played on images without the \"commercial\" flag. "
- }
- },
- "summary": "media_player_-_unable_to_play_MPEG-1_without_\"commercial\"_flag"
- }
- },
- {
- "test": {
- "@alias": "bsps-hw.bsps-tools.media_player_-_play_video_(ogv)",
+ "@alias": "bsps-hw.bsps-hw.media_player_-_play_video_(ogv)",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -813,7 +791,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-tools.media_player_-_stop/play_button_(ogv)",
+ "@alias": "bsps-hw.bsps-hw.media_player_-_stop/play_button_(ogv)",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -843,7 +821,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-tools.audio_-_play_(ogg)_with_HDMI",
+ "@alias": "bsps-hw.bsps-hw.audio_-_play_(ogg)_with_HDMI",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -869,7 +847,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-tools.audio_-_play_(wav)_with_HDMI",
+ "@alias": "bsps-hw.bsps-hw.audio_-_play_(wav)_with_HDMI",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -895,7 +873,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-tools.Graphics_-_ABAT",
+ "@alias": "bsps-hw.bsps-hw.Graphics_-_ABAT",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -921,7 +899,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-tools.Graphics_-_x11perf_-_2D",
+ "@alias": "bsps-hw.bsps-hw.Graphics_-_x11perf_-_2D",
"author": [
{
"email": "alexandru.c.georgescu@intel.com",
@@ -943,33 +921,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-oe-core.Test_Run_Integrity_-_Check_that_image_is_buildable",
- "author": [
- {
- "email": "corneliux.stoicescu@intel.com",
- "name": "corneliux.stoicescu@intel.com"
- }
- ],
- "execution": {
- "1": {
- "action": "Check that image can be built using either of the following methods: \n\n",
- "expected_results": ""
- },
- "2": {
- "action": "Check that image is built by autobuilder \nPlease check at: https://autobuilder.yocto.io/pub/releases/ \nChoose the target release that you are validating. \n\n",
- "expected_results": ""
- },
- "3": {
- "action": "Build image yourself \nPreferred to build an core-image-sato-dev to ease the process of the dependent test cases in this run. \nNote: Please set MACHINE in conf/local.conf ",
- "expected_results": "If either method fails, this test case will be failed and dependent test cases will be blocked. "
- }
- },
- "summary": "Test_Run_Integrity_-_Check_that_image_is_buildable"
- }
- },
- {
- "test": {
- "@alias": "bsps-hw.bsps-runtime.Check_if_SATA_disk_can_work_correctly",
+ "@alias": "bsps-hw.bsps-hw.Check_if_SATA_disk_can_work_correctly",
"author": [
{
"email": "yi.zhao@windriver.com",
@@ -999,7 +951,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.Install_and_boot_from_USB-drive_to_HDD-drive",
+ "@alias": "bsps-hw.bsps-hw.Install_and_boot_from_USB-drive_to_HDD-drive",
"author": [
{
"email": "david.israelx.rodriguez.castellanos@intel.com",
@@ -1041,7 +993,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.Install_and_boot_from_USB-drive_to_SD-drive",
+ "@alias": "bsps-hw.bsps-hw.Install_and_boot_from_USB-drive_to_SD-drive",
"author": [
{
"email": "david.israelx.rodriguez.castellanos@intel.com",
@@ -1083,7 +1035,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.Test_boot_on_serial_communication_SD",
+ "@alias": "bsps-hw.bsps-hw.Test_boot_on_serial_communication_SD",
"author": [
{
"email": "juan.fernandox.ramos.frayle@intel.com",
@@ -1101,7 +1053,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.Test_boot_on_serial_communication_HDD",
+ "@alias": "bsps-hw.bsps-hw.Test_boot_on_serial_communication_HDD",
"author": [
{
"email": "juan.fernandox.ramos.frayle@intel.com",
@@ -1119,7 +1071,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.Test_boot_on_serial_communication_USB",
+ "@alias": "bsps-hw.bsps-hw.Test_boot_on_serial_communication_USB",
"author": [
{
"email": "juan.fernandox.ramos.frayle@intel.com",
@@ -1153,7 +1105,7 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-runtime.Test_Seek_bar_and_volume_control",
+ "@alias": "bsps-hw.bsps-hw.Test_Seek_bar_and_volume_control",
"author": [
{
"email": "juan.fernandox.ramos.frayle@intel.com",
@@ -1196,5 +1148,139 @@
},
"summary": "Test_Seek_bar_and_volume_control"
}
+ },
+ {
+ "test": {
+ "@alias": "bsps-hw.bsps-hw.Check_if_watchdog_can_reset_the_target_system",
+ "author": [
+ {
+ "email": "yi.zhao@windriver.com",
+ "name": "yi.zhao@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "1.Check if watchdog device exist in /dev/ directory. Run command echo 1 > /dev/watchdog and wait for 60s. Then, the target will reboot.",
+ "expected_results": "The watchdog device exist in /dev/ directory and can reboot the target.\n"
+ }
+ },
+ "summary": "Check_if_watchdog_can_reset_the_target_system"
+ }
+ },
+ {
+ "test": {
+ "@alias": "bsps-hw.bsps-hw.Check_if_RTC_(Real_Time_Clock)_can_work_correctly",
+ "author": [
+ {
+ "email": "yi.zhao@windriver.com",
+ "name": "yi.zhao@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Read time from RTC registers. root@localhost:/root> hwclock -r Sun Mar 22 04:05:47 1970 -0.001948 seconds ",
+ "expected_results": "Can read and set the time from RTC.\n"
+ },
+ "2": {
+ "action": "Set system current time root@localhost:/root> date 062309452008 ",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Synchronize the system current time to RTC registers root@localhost:/root> hwclock -w ",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Read time from RTC registers root@localhost:/root> hwclock -r ",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Reboot target and read time from RTC again\n",
+ "expected_results": ""
+ }
+ },
+ "summary": "Check_if_RTC_(Real_Time_Clock)_can_work_correctly"
+ }
+ },
+ {
+ "test": {
+ "@alias": "bsps-hw.bsps-hw.Check_if_target_can_support_EEPROM",
+ "author": [
+ {
+ "email": "yi.zhao@windriver.com",
+ "name": "yi.zhao@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Check eeprom device exist in /sys/bus/i2c/devices/ ",
+ "expected_results": "Hexdump can read data from eeprom.\n"
+ },
+ "2": {
+ "action": "Run \"hexdump eeprom\" commandroot@mpc8315e-rdb:/sys/bus/i2c/devices/1-0051> hexdump eeprom0000000 9210 0b02 0211 0009 0b52 0108 0c00 3c000000010 6978 6930 6911 208c 7003 3c3c 00f0 8381\u2026\n",
+ "expected_results": ""
+ }
+ },
+ "summary": "Check_if_target_can_support_EEPROM"
+ }
+ },
+ {
+ "test": {
+ "@alias": "bsps-hw.bsps-hw.System_can_boot_up_via_NFS",
+ "author": [
+ {
+ "email": "yi.zhao@windriver.com",
+ "name": "yi.zhao@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Connect the board's first serial port to your workstation and then start up your favourite serial terminal so that you will be able to interact with the serial console. If you don't have a favourite, picocom is suggested: $ picocom /dev/ttyS0 -b 115200 ",
+ "expected_results": "The system can boot up without problem\n"
+ },
+ "2": {
+ "action": "Power up or reset the board and press a key on the terminal when prompted to get to the U-Boot command line ",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Set up the environment in U-Boot: => setenv ipaddr => setenv serverip ",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Download the kernel and boot: => tftp tftp $loadaddr vmlinux => bootoctlinux $loadaddr coremask=0x3 root=/dev/nfs rw nfsroot=: ip=::::edgerouter:eth0:off mtdparts=phys_mapped_flash:512k(boot0),512k(boot1),64k@3072k(eeprom)\n",
+ "expected_results": ""
+ }
+ },
+ "summary": "System_can_boot_up_via_NFS"
+ }
+ },
+ {
+ "test": {
+ "@alias": "bsps-hw.bsps-hw.Boot_from_JFFS2_image",
+ "author": [
+ {
+ "email": "yi.zhao@windriver.com",
+ "name": "yi.zhao@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "First boot the board with NFS root. ",
+ "expected_results": "The system can boot up without problem\n"
+ },
+ "2": {
+ "action": "Install mtd-utils package. Erase the MTD partition which will be used as root: $ flash_eraseall /dev/mtd3 ",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Copy the JFFS2 image to the MTD partition: $ flashcp core-image-minimal-mpc8315e-rdb.jffs2 /dev/mtd3 ",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Then reboot the board and set up the environment in U-Boot: => setenv bootargs root=/dev/mtdblock3 rootfstype=jffs2 console=ttyS0,115200 ",
+ "expected_results": ""
+ }
+ },
+ "summary": "Boot_from_JFFS2_image"
+ }
}
] \ No newline at end of file
diff --git a/meta/lib/oeqa/manual/compliance-test.json b/meta/lib/oeqa/manual/compliance-test.json
new file mode 100644
index 0000000000..982f0b46cd
--- /dev/null
+++ b/meta/lib/oeqa/manual/compliance-test.json
@@ -0,0 +1,194 @@
+[
+ {
+ "test": {
+ "@alias": "compliance-test.compliance-test.LTP_subset_test_suite",
+ "author": [
+ {
+ "email": "corneliux.stoicescu@intel.com",
+ "name": "corneliux.stoicescu@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "For real hardware, run following component, \nsyscalls \nfs \nfsx \ndio \nio \nmm \nipc \nsched \nmath \nnptl \npty \nadmin_tools \ntimers \ncommands \n\nFor QEMU, run following component \nsyscalls \nmm \nipc \nsched \nmath \nnptl \npty \nadmin_tools \ncommands \n\nRun Instructions: \nLTP download: http://sourceforge.net/projects/ltp/files/LTP%20Source/ltp-20120401/ltp-full-20120401.bz2/download \n\n(link is outdated, always use the last version released or the one found in the image) \n\n\n\nbuild steps: refer to http://ltp.sourceforge.net \n\nRun steps:",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Build LTP with toolchain or in sdk image. Or use a sato-sdk image which has LTP already included in /opt/ltp",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "For QEMU, create the qemu target with \"-m 512\", which makes some memory stress cases pass. For some issues, we could only set 128M for qemuarm and 256M for qemumips.",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Copy LTP folder into target, for example, /opt/ltp if you have built it yourself. Modify the default scenario file \"scenario_groups/default\", remove test suites not to be tested",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Comment runtests/sched: hackbench, which is not suitable to run in emulators. Reminder (comment it also for Sugarbay Devices).",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Comment oom01, oom02, oom03, oom04 in runtest/mm, which consume lots of memory",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "From /opt/ltp run: ./runltp -p -l result-M2-20101218.log -C result-M2-20101218.fail -d /opt/ltp/tmp &> result-M2-20101218.fulllog \n\n",
+ "expected_results": "Check the result on wiki, https://wiki.yoctoproject.org/wiki/LTP_result, there should be no regression failure met."
+ }
+ },
+ "summary": "LTP_subset_test_suite"
+ }
+ },
+ {
+ "test": {
+ "@alias": "compliance-test.compliance-test.POSIX_subset_test_suite",
+ "author": [
+ {
+ "email": "corneliux.stoicescu@intel.com",
+ "name": "corneliux.stoicescu@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "In a sato-sdk image go to /opt/ltp or get latest LTP sourcecode, download location is http://sourceforge.net/projects/ltp/files/LTP%20Source/ and install it.",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Go into the folder of LTP, and posix_testsuite is under testcases/open_posix_testsuite/",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Run connmand: make generate-makefiles",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Run connmand: make conformance-all",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Run connmand: make conformance-test (this step may show errors, ignore them)",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Run connmand: make tools-all",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Run connmand: sh posix.sh > posix.log, posix.sh as below: \n \n#!/bin/sh \n./bin/run-posix-option-group-test.sh AIO \n./bin/run-posix-option-group-test.sh MEM \n./bin/run-posix-option-group-test.sh MSG \n./bin/run-posix-option-group-test.sh SEM \n./bin/run-posix-option-group-test.sh SIG \n./bin/run-posix-option-group-test.sh THR \n./bin/run-posix-option-group-test.sh TMR \n./bin/run-posix-option-group-test.sh TPS \n \n",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "Check the posix.log after testing is finished",
+ "expected_results": "Compare the test result on wiki, https://wiki.yoctoproject.org/wiki/Posix_result, there should be no more regression failures met."
+ }
+ },
+ "summary": "POSIX_subset_test_suite"
+ }
+ },
+ {
+ "test": {
+ "@alias": "compliance-test.compliance-test.LSB_subset_test_suite",
+ "author": [
+ {
+ "email": "corneliux.stoicescu@intel.com",
+ "name": "corneliux.stoicescu@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Get lsd-sdk image and install it on target device or start the image(if it is QEMU) with option \"-m 512M\"",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Comment in /opt/lsb-test/session any tests you don't want to run.",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Run /usr/bin/LSB_Test.sh which should download the LSB suite and set it up. Some packages may fail to download because their location changed on ftp.linuxfoundation.org. You need to manually update /opt/lsb-test/packages_list",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Tests should start automatically, you can use the web interface to reconfigure the setup. ",
+ "expected_results": "Check the result on wiki https://wiki.yoctoproject.org/wiki/LSB_Result No regression failures should be met."
+ }
+ },
+ "summary": "LSB_subset_test_suite"
+ }
+ },
+ {
+ "test": {
+ "@alias": "compliance-test.compliance-test.stress_test_-_Genericx86-64",
+ "author": [
+ {
+ "email": "corneliux.stoicescu@intel.com",
+ "name": "corneliux.stoicescu@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Bootup with core-image-lsb-sdk image",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Execute the crashme test with below command \n\n./opt/ltp/runltp f crashme",
+ "expected_results": "The stress testing should not make the target crash. Check CPU usage and basic functionality of the system after the tests are over. "
+ }
+ },
+ "summary": "stress_test_-_Genericx86-64"
+ }
+ },
+ {
+ "test": {
+ "@alias": "compliance-test.compliance-test.stress_test_-_- crashme_-_-Beaglebone",
+ "author": [
+ {
+ "email": "corneliux.stoicescu@intel.com",
+ "name": "corneliux.stoicescu@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Get crashme from http://people.delphiforums.com/gjc/crashme.html",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Follow the setup steps on above URL, build crashme in target",
+ "expected_results": ""
+ },
+ "3": {
+ "action": " Run crashme for 24 hours",
+ "expected_results": "Target should not crash with the program."
+ }
+ },
+ "summary": "stress_test_-_crashme_-Beaglebone"
+ }
+ },
+ {
+ "test": {
+ "@alias": "compliance-test.compliance-test.stress_test_-_ltp_-Beaglebone",
+ "author": [
+ {
+ "email": "corneliux.stoicescu@intel.com",
+ "name": "corneliux.stoicescu@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Build LTP with toolchain or in sdk image",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Copy LTP folder into target, for example, /opt/ltp. Modify script, testscripts/ltpstress.sh, set Iostat=1, NO_NETWORK=1",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "cd testscripts/ && ./ltpstress.sh",
+ "expected_results": "This stress case will run for 24 hours Check the result\ntarget should not crash with the program "
+ }
+ },
+ "summary": "stress_test_-_-ltp_-Beaglebone"
+ }
+ }
+] \ No newline at end of file
diff --git a/meta/lib/oeqa/manual/kernel-dev.json b/meta/lib/oeqa/manual/kernel-dev.json
index c93b4dd876..0dd99199dc 100644
--- a/meta/lib/oeqa/manual/kernel-dev.json
+++ b/meta/lib/oeqa/manual/kernel-dev.json
@@ -1,7 +1,7 @@
[
{
"test": {
- "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_defconfig",
+ "@alias": "kernel-dev.kernel-dev.Kernel_dev_defconfig",
"author": [
{
"email": "ee.peng.yeoh@intel.com",
@@ -18,12 +18,12 @@
"expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results_7"
}
},
- "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_defconfig"
+ "summary": "Kernel_dev_defconfig"
}
},
{
"test": {
- "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_defconfig+fragments",
+ "@alias": "kernel-dev.kernel-dev.Kernel_dev_defconfig+fragments",
"author": [
{
"email": "ee.peng.yeoh@intel.com",
@@ -40,12 +40,12 @@
"expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results_8"
}
},
- "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_defconfig+fragments"
+ "summary": "Kernel_dev_defconfig+fragments"
}
},
{
"test": {
- "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_Applying_patches",
+ "@alias": "kernel-dev.kernel-dev.Kernel_dev_Applying_patches",
"author": [
{
"email": "ee.peng.yeoh@intel.com",
@@ -62,12 +62,12 @@
"expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results"
}
},
- "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_Applying_patches"
+ "summary": "Kernel_dev_Applying_patches"
}
},
{
"test": {
- "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_linux-yocto-local-source",
+ "@alias": "kernel-dev.kernel-dev.Kernel_dev_linux-yocto-local-source",
"author": [
{
"email": "ee.peng.yeoh@intel.com",
@@ -84,12 +84,12 @@
"expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results_2"
}
},
- "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_linux-yocto-local-source"
+ "summary": "Kernel_dev_linux-yocto-local-source"
}
},
{
"test": {
- "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_linux-yocto-custom-local-source",
+ "@alias": "kernel-dev.kernel-dev.Kernel_dev_linux-yocto-custom-local-source",
"author": [
{
"email": "ee.peng.yeoh@intel.com",
@@ -106,12 +106,12 @@
"expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results_3"
}
},
- "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_linux-yocto-custom-local-source"
+ "summary": "Kernel_dev_linux-yocto-custom-local-source"
}
},
{
"test": {
- "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_recipe-space_meta",
+ "@alias": "kernel-dev.kernel-dev.Kernel_dev_recipe-space_meta",
"author": [
{
"email": "ee.peng.yeoh@intel.com",
@@ -128,12 +128,12 @@
"expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results_5"
}
},
- "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_recipe-space_meta"
+ "summary": "Kernel_dev_recipe-space_meta"
}
},
{
"test": {
- "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_External_source",
+ "@alias": "kernel-dev.kernel-dev.Kernel_dev_External_source",
"author": [
{
"email": "ee.peng.yeoh@intel.com",
@@ -150,12 +150,12 @@
"expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results_6"
}
},
- "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_External_source"
+ "summary": "Kernel_dev_External_source"
}
},
{
"test": {
- "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_building_external_modules(hello-mod)",
+ "@alias": "kernel-dev.kernel-dev.Kernel_dev_building_external_modules(hello-mod)",
"author": [
{
"email": "ee.peng.yeoh@intel.com",
@@ -172,12 +172,12 @@
"expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results_10"
}
},
- "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_building_external_modules(hello-mod)"
+ "summary": "Kernel_dev_building_external_modules(hello-mod)"
}
},
{
"test": {
- "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_local_parallel_meta",
+ "@alias": "kernel-dev.kernel-dev.Kernel_dev_local_parallel_meta",
"author": [
{
"email": "ee.peng.yeoh@intel.com",
@@ -194,7 +194,7 @@
"expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results_4"
}
},
- "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_local_parallel_meta"
+ "summary": "Kernel_dev_local_parallel_meta"
}
}
] \ No newline at end of file
diff --git a/meta/lib/oeqa/manual/sdk.json b/meta/lib/oeqa/manual/sdk.json
index 6475586591..434982f7f5 100644
--- a/meta/lib/oeqa/manual/sdk.json
+++ b/meta/lib/oeqa/manual/sdk.json
@@ -1,7 +1,7 @@
[
{
"test": {
- "@alias": "sdk.sdk_runqemu.test_sdk_toolchain_can_run_multiple_QEMU_machines_under_UNFS",
+ "@alias": "sdk.sdk_runqemu.test_install_cross_toolchain_can_run_multiple_qemu_for_x86",
"author": [
{
"email": "ee.peng.yeoh@intel.com",
@@ -11,22 +11,22 @@
"execution": {
"1": {
"action": "Prepare kernel, rootfs tar.bz2 image, and qemu configuration \n \ta. Download kernel, rootfs tar.bz2 image and qemu configuration from public autobuilder webpage \n \tb. Goto https://autobuilder.yocto.io/pub/releases/<target_release>/machines/qemu/qemux86/ \n \tc. Download \n \t \ti. rootfs tar.bz2: core-image-sato-sdk-qemux86.tar.bz2 \n \t\tii. kernel: bzImage-qemux86.bin \n \t\tiii. qemu configuration: core-image-sato-sdk-qemux86.qemuboot.conf ",
- "expected_results": ""
+ "expected_results": "Download completes successfully."
},
"2": {
- "action": "Download & install sdk toolchain from public autobuilder \n \ta. Goto https://autobuilder.yocto.io/pub/releases/<target_release>/toolchain/x86_64/ \n \tb. Download poky-glibc-x86_64-core-image-sato-sdk-<type-arch>-toolchain-<release-version>.sh \n \tc. Run command: poky-glibc-x86_64-core-image-sato-sdk-<type-arch>-toolchain-<release-version>.sh",
- "expected_results": ""
+ "action": "Download & install toolchain tarball matching your host from public autobuilder \n \ta. Goto https://autobuilder.yocto.io/pub/releases/<target_release>/toolchain/x86_64/ \n \tb. Download poky-glibc-x86_64-core-image-sato-<type-arch>-toolchain-<release-version>.sh \n \tc. Run command: poky-glibc-x86_64-core-image-sato-<type-arch>-toolchain-<release-version>.sh \n \td. After installation toolchain Run source command : source /toolchain-installed-path/environment-setup-<architecture name>-poky-linux",
+ "expected_results": "Toolchain gets installed successfully."
},
"3": {
"action": "Extract rootfs twice into two images \n \ta. Run 2 commands below: \n runqemu-extract-sdk core-image-sato-sdk-qemux86.tar.bz2 qemux86_rootfs_image1 \n runqemu-extract-sdk core-image-sato-sdk-qemux86.tar.bz2 qemux86_rootfs_image2",
- "expected_results": ""
+ "expected_results": "Both images build successfully."
},
"4": {
- "action": " From the 2 terminals, start qemu to boot up both two images \n \ta. Run 2 commands below: \n runqemu core-image-sato-sdk-qemux86.qemuboot.conf qemux86_rootfs_image1 \n runqemu core-image-sato-sdk-qemux86.qemuboot.conf qemux86_rootfs_image2 ",
+ "action": " From the 2 terminals, start qemu to boot up both two images \n \ta. Run 2 commands below: \n runqemu <kernel-name> core-image-sato-sdk-qemux86.qemuboot.conf qemux86_rootfs_image1 \n runqemu <kernel-name> core-image-sato-sdk-qemux86.qemuboot.conf qemux86_rootfs_image2 ",
"expected_results": "Expect both qemu to boot up successfully."
}
},
- "summary": "test_sdk_toolchain_can_run_multiple_QEMU_machines_under_UNFS"
+ "summary": "test_install_cross_toolchain_can_run_multiple_qemu_for_x86"
}
}
] \ No newline at end of file
diff --git a/meta/lib/oeqa/manual/toaster-managed-mode.json b/meta/lib/oeqa/manual/toaster-managed-mode.json
new file mode 100644
index 0000000000..812f57da34
--- /dev/null
+++ b/meta/lib/oeqa/manual/toaster-managed-mode.json
@@ -0,0 +1,2572 @@
+[
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.All_layers:_default_view",
+ "author": [
+ {
+ "email": "stanciux.mihail@intel.com",
+ "name": "stanciux.mihail@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table.",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "On the project page click on the \"View compatible layers\" link situated on the right-hand side, mid-page, under the \"Project configuration\" menu, in the \"Layers\" table.",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Check that the table is populated with the default layers (eg. meta-yocto-bsp, meta-yocto)",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Check that by default the following columns are shown: Layer, Summary, Revision, Dependencies and Add/Delete",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Check that the \"Revision\" entries match the release entry from the main project page, in the project details section.",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Check that only one instance of the core layers (openembedded-core, meta-yocto and meta-yocto-bsp) shows in this table, and that instance has a branch that matches the selected project release from the main project page.",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Check that in the \"Dependencies\" column some of the layers should have a square box with a number in it. When clicking on it, a small popup should appear containing a list of other layers required for this layer to work. Every layer listed here should also be a link to the layer's detail page. \n \n",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "From the \"Edit columns\" menu, activate the \"Git repository URL\" and the \"Subdirectory\" columns. In \"Git repository URL\": all the entries should have a link to the external site where the layer was downloaded from. Similarly, in \"Subdirectory\" links should exist, if a subdirectory entry is present.",
+ "expected_results": "All mentioned elements should be present and functional."
+ }
+ },
+ "summary": "All_layers:_default_view"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.All_layers:_Add/delete_layers",
+ "author": [
+ {
+ "email": "stanciux.mihail@intel.com",
+ "name": "stanciux.mihail@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table. \n\n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "On the project page click on the \"View compatible layers\" link situated on the right-hand side, mid-page, under the \"Project configuration\" menus, in the \"Layers\" table. \n\n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Check that the Add/delete column is enabled. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Add a new layer \nPick a layer that hasn't been added to the project. \n \nClick on the \"Add layer\" button present in the \"Add/delete\" column. \nIf the layer has unsatisfied dependencies a dialog will appear listing the dependencies (in alphabetical order), each of them with a checkbox so that you can select / deselect them. All checkboxes are checked by default. If you click the \"Cancel\" button the dialog closes. If you click the \"Add layers\" button, the layers are added to the project. \n\nMake sure to uncheck at least 1 of the dependencies so you can check that only the checked dependencies are added, and not the unchecked one(s). ",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Check that the \"Add layer\" button fades out and is replaced temporarily by a message like \"1 layer added\" and then it is replaced by the \"Delete layer\" button. \nCheck that a confirmation message is displayed at the top of the page similar to \"You have added 1 layer to project_name_here: meta-yocto-bsp\". \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Delete an existing layer \nPick a layer that's already been added to the project. \nClick on the \"Delete layer\" button present in the \"Add/delete\" column. \nCheck that once the button is pressed, it fades out and is replaced temporarily by the message \"1 layer deleted\" and then it is replaced by the \"Add layer\" button. \nCheck that a confirmation is displayed at the top of the page similar to \"You have deleted 1 layer from project_name_here: meta-yocto-bsp\". ",
+ "expected_results": "All actions should complete successfully."
+ }
+ },
+ "summary": "All_layers:_Add/delete_layers"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.All_targets:_Default_view",
+ "author": [
+ {
+ "email": "stanciux.mihail@intel.com",
+ "name": "stanciux.mihail@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table. \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": " If no images exist in the project, build an image by inserting \"core-image-minimal\" in the \"Recipes\" field and press the \"Build\" button. Wait for the image to finish building. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "On the project page click on the \"Image Recipes\" link situated in the left-handed side of the page, under the \"Project configuration\" menus, in the \"COMPATIBLE METADATA\" table. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Check that \"Compatible image recipes\" table is populated. \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Check that the following columns are shown by default: \n\t\tImage recipe \n\t\tDescription \n \n\t\tLayer \n\t\tBuild \n\t\t Version ",
+ "expected_results": ""
+ }
+ },
+ "summary": "All_targets:_Default_view"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Configuration_variables:_default_view",
+ "author": [
+ {
+ "email": "stanciux.mihail@intel.com",
+ "name": "stanciux.mihail@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table. \n\n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In the main project page, click on \"BitBake variables\" in the left-hand side of the page, under the \"CONFIGURATION\" menu. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Check that default values are as follows: \n\tDISTRO - poky \n\tIMAGE_FSTYPES - ext3 jffs2 tar.bz2 \n\tIMAGE_INSTALL_append - \"Not set\" \n\tPACKAGE_CLASES - package_rpm \n SSTATE_DIR - /homeDirectory/poky/sstate-cache \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Check that under the \"Add variable\" section, the \"Variable\" field has the default text \"Type variable name\" present, the \"Value\" field has the default text \"Type variable value\" present and that the \"Add variable\" button is inactive. \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Check that under the \"Add variable\" section, there is text present that describes the variables that Toaster cannot modify. ",
+ "expected_results": "All mentioned elements should be present and functional."
+ }
+ },
+ "summary": "Configuration_variables:_default_view"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Configuration_variables:_Test_UI_elements",
+ "author": [
+ {
+ "email": "stanciux.mihail@intel.com",
+ "name": "stanciux.mihail@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table. \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In the main project page, click on \"BitBake variables\" in the left-hand side of the page, under the \"CONFIGURATION\" menu. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "DISTRO: \n\t- check that the \"change\" icon is present (represented by a pen icon) \n\t- click on the \"change\" icon and check that the variable becomes an editable text field, populated with the current value of the variable \n\t- check that, if you delete the content of the text field, the save button is disabled \n\t- enter a distro name containing spaces (for example, \"poky tiny\") - check that an error message is shown explaining that the value entered cannot contain spaces \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "IMAGE_FSTYPES: \n\t- check that the \"change\" icon is present (represented by a pen icon) \n\t- click on the \"change\" icon and check that the variable becomes editable like so: the main input control is a set of checkboxes. There is a checkbox for each supported image type. The checkboxes are listed in ascending alphabetical order, broken down in 2 groups: \n\t\t",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "The selected types are checked and listed at the top \n\t\t",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "The other types are not checked and listed afterwards \n\t- check that all this is inside a scrollable div, and a text field is present above that filters out the content of the div as you type. \n\t- check that if there are no image types matching your typed string, a message is shown notifying you of this: \"No image types found\" \n\t- unselect all checkboxes and check that the save button is disabled and a message is shown: \"You must select at least one image type\" \n\t- select different checkboxes and hit save then make sure that the \tsaved value is consistent with the selected checkboxes \n\n",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "IMAGE_INSTALL_append: \n\t- check that the \"change\" icon is present (represented by a pen icon) \n\t- click on the \"change\" icon and check that the variable becomes a text field, populated with the current value of the variable. \n\n\t- check that the save button is disabled when the text field is empty \n\t- insert test in the text field (for example \"package1\") and hit save; be aware that there is no input validation for this variable \n\t- check that a new \"delete\" icon(a trashcan) has appeared next to the pen icon \n\t- check that clicking on the trashcan icon resets the value to \"Not set\" and makes the trashcan icon dissapear \n\n",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "PACKAGE_CLASSES: \n\t- check that the \"change\" icon is present (represented by a pen icon) \n\t- click on the \"change\" icon and check that the variable becomes editable with the following components: \n\t\t",
+ "expected_results": ""
+ },
+ "9": {
+ "action": "A dropdown menu with values 'package_dev', 'package_ipk' and 'package_rpm' in this order. The value selected when you enter the editable state matches the first value of the variable (e.g. if the value is set to 'package_dev package_ipk' the value selected is 'package_dev'). \n \n\t\t",
+ "expected_results": ""
+ },
+ "10": {
+ "action": "Two checkboxes, showing the 2 unselected values in the dropdown menu. \n\n\t- verify that the checkboxes are checked or unchecked to reflect the variable value (e.g. if the value is set to 'package_dev package_ipk', the 'package_ipk' checkbox is checked, and the 'package_rpm' checkbox is unchecked). \n\n\tBoth checkboxes can be unchecked. The value of the checkboxes changes dynamically as I change the selected value in the dropdown menu. This means that any changes to the dropdown menu should uncheck the checkboxes. \n\n\t- click on save and check that the value selected in the dropdown menu is the first value in the variable, followed by any checked checkboxes. \n\n\n",
+ "expected_results": ""
+ },
+ "11": {
+ "action": "Adding variables: \n\t- check that the \"add variable\" form has 2 text fields: one for the variable name and a second one for the variable value, plus an \"add\" button that is disabled until both text fields have some input in them. \n \n\t- check variable name validation: variable names cannot have spaces, and can only include letters, numbers, underscores and dashes; variable names entered cannot match the name of a variable already on the list; variable names cannot match the blacklisted variables mentioned in the text on the right-hand side of the page \n\n\t - check that an error message is shown indicating validation has failed and why once you try to put in the value or click on the \"Add variable\" button ",
+ "expected_results": "All mentioned elements should be present and functional."
+ },
+ "12": {
+ "action": "insert a valid combination and click on \"Add variable\"; check that a new variable/value pair is added at the bottom of the variable list and that the text fields in the \"add variable\" form are cleared and the \"add\" button is disabled \n\t- check that the added variable has a \"change\" icon present next to the variable value, and also that a \"delete\" icon is present next to the variable name \n\t- check that clicking the \"change\" icon makes the variable editable in a text field containing the value of the variable \n\t- check that, if you delete the content of the text field, the save button is\tdisabled\n\t- check that clicking on the \"delete\" button causes both the variable name and the variable value to be removed from the variables list",
+ "expected_results": "All mentioned elements should be present and functional."
+ }
+ },
+ "summary": "Configuration_variables:_Test_UI_elements"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Project_builds:_Default_view",
+ "author": [
+ {
+ "email": "stanciux.mihail@intel.com",
+ "name": "stanciux.mihail@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table. \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Click on the \"Builds\" , next to the \"Configuration\" Button. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Check that the page heading includes a counter with the number of builds run for the project(eg. \"Project builds (4)\"). \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Check that the following table heads are visible by default: outcome, completed on, failed tasks, errors, warnings, image files. \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Check that by default the table is sorted by \"Completed on\" in descending order",
+ "expected_results": "All mentioned elements should be present."
+ }
+ },
+ "summary": "Project_builds:_Default_view"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Project_builds:_Sorting_the_project_builds_table",
+ "author": [
+ {
+ "email": "stanciux.mihail@intel.com",
+ "name": "stanciux.mihail@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table. \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Click on the \"View all project builds\" link situated below the top-most \"Build\" button and text field, next to the \"View all targets\" link \n\n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Verify that, by default, the table is sorted by \"Completed on\" in descending order. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Activate all columns from the \"Edit columns\" table. \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Check that the following columns are sortable, both in ascending and descending order: outcome, target, machine, started on, completed on, warning, project \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Verify that hiding a column that is currently being used as the sorting criteria causes the sorting to reset to the default - i.e \"Completed on\" in descending order.",
+ "expected_results": "All mentioned elements should be present and functional."
+ }
+ },
+ "summary": "Project_builds:_Sorting_the_project_builds_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Project_builds:_customize_the_columns_of_the_table",
+ "author": [
+ {
+ "email": "stanciux.mihail@intel.com",
+ "name": "stanciux.mihail@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table. \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Click on the \"View all project builds\" link situated below the top-most \"Build\" button and text field, next to the \"View all targets\" link \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Click on the \"Edit column\" menu and check that the selected columns match the columns currently being shown. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Check that the following columns cannot be removed from the shown columns: completed on, outcome, recipe \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Check that unchecked items changed to checked immediately appear in the table and that checked items changed to unchecked immediately disappear from the table.",
+ "expected_results": "All mentioned elements should be present and functional."
+ }
+ },
+ "summary": "Project_builds:_customize_the_columns_of_the_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Project_builds:_filter_the_contents_of_the_table",
+ "author": [
+ {
+ "email": "stanciux.mihail@intel.com",
+ "name": "stanciux.mihail@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table. \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Click on the \"View all project builds\" link situated below the top-most \"Build\" button and text field, next to the \"View all targets\" link. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Make sure the following columns have filters: outcome, started on, completed on, failed tasks. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Filters are mutually exclusive. Click a filter button of a one column and a filter dialogue occurs. Select a filter item. The filter result would be showed. Then select another filter item of another column and the previously applied filter is overridden by the newly selected filter when a filter from a different column is applied to the table. This filter will override the current filter.\" \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Filters are overridden by search. Run a search query and you can see previous filter results are overridden by the results of the search query.",
+ "expected_results": "All mentioned elements should be present and functional."
+ }
+ },
+ "summary": "Project_builds:_filter_the_contents_of_the_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Project_builds:_search_the_contents_of_the_table",
+ "author": [
+ {
+ "email": "stanciux.mihail@intel.com",
+ "name": "stanciux.mihail@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table. \n\n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Click on the \"View all project builds\" link situated below the top-most \"Build\" button and text field, next to the \"View all targets\" link. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "When no search query has been entered, we have placeholder text saying: \"Search builds\". The placeholder text disappears when the first character is typed. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "When a search query has been submitted and results returned: \n- We keep the search string in the text input field. \n- We provide a \"Clear search\" icon (icon-remove-sign). Click it to clear the search and display all packages. \n- We change the page heading to indicate the number of results returned by the search query. \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "If your search query returns no results, the page heading changes to \"No packages found\", and we show you an alert with a search form and an option to show all packages. \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Searching does not change the state of the table: the same columns remain hidden and the same sorting applied. ",
+ "expected_results": "All mentioned elements should be present and functional."
+ }
+ },
+ "summary": "Project_builds:_search_the_contents_of_the_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Layer_details_page:_Default_view",
+ "author": [
+ {
+ "email": "stanciux.mihail@intel.com",
+ "name": "stanciux.mihail@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table. \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Click on the \"View compatible layers\" link situated in the \"Project configuration\" portion of the page, under \"Layers\" table. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Click on a layer (for example \"meta-aarch64\"). Notice that the page is divided into 2 columns: the left one is broken down into tabs; the right one provides information about the layer. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Check that breadcrumbs exist at the top of the page. Check that they work by clicking on them, then hitting back to return to the layer detail page. \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Check that the page heading includes the layer branch name - it should look something like meta-aarch64(dizzy) if the dizzy branch was selected. The branch name should also be present in the breadcrumbs. \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "The \"About\" information: \nit shows summary, description in this order, if not empty. If an information item is empty (like the Summary in the example shown in this page), it does not display. \n \n\n",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "The tabs: \nCheck that there are 3 tabs: \"layer details\", \"recipes\", \"machines\" showing up in this order. \n\n",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "\"Layer details\" tab: \nCheck that the tab shows: \n- A button to add / remove the layer to / from the project. In this tab, the button labels are\"Add the $layer_name layer to your project\" \"Delete the $layer_name layer from your project\" \n- Some details about the layer: repository URL, repository subdirectory, revision (the branch) and the list of layer dependencies. If any of the above details is blank (most likely, the subdirectory) it does not display.The icons next to the repository and subdirectory information are links to their web instances. Those links should open in a new window. \n\n",
+ "expected_results": ""
+ },
+ "9": {
+ "action": "The \"Recipes\" tab: \nCheck that it shows: \n\t",
+ "expected_results": ""
+ },
+ "10": {
+ "action": "A counter in the tab label showing the total number of targets provided by the layer \n\t",
+ "expected_results": ""
+ },
+ "11": {
+ "action": "A button to add / remove the layer to / from the project. In this tab, the button labels are \"Add the $layer_name layer to your project to enable these targets\"/\"Delete the $layer_name layer from your project\" \n\t",
+ "expected_results": ""
+ },
+ "12": {
+ "action": "A recipes table with the following columns: \n \n- Recipe \n- Description: the value of the DESCRIPTION variable. If not set, then the value of the SUMMARY variable. \n- Build recipe, which shows a \"build recipe\" button. The \"build recipe\" button is disabled when the layer is not added to the project. \n\nThe recipes table is sorted by \"Recipe\" in ascending alphabetical order. \n\n1",
+ "expected_results": ""
+ },
+ "13": {
+ "action": "The \"Machines\" tab: \n\t",
+ "expected_results": ""
+ },
+ "14": {
+ "action": "A counter in the tab label showing the total number of machines provided by the layer \n\t",
+ "expected_results": ""
+ },
+ "15": {
+ "action": "A button to add/remove the layer to/from the project. In this tab, the button labels are \"Add the $layer_name layer to your project to enable these machines\"/\"Delete the $layer_name layer from your project\" \n\t",
+ "expected_results": ""
+ },
+ "16": {
+ "action": "A machines table with the following columns: \n \n- Machine. \n \n- Description: The value of the DESCRIPTION variable in the .conf file \n- Select machine, which shows a \"select\" button. The \"select\" button is disabled when the layer is not added to the project. \nThe machines table is sorted by \"Machine\" in ascending alphabetical order. \n",
+ "expected_results": "All mentioned elements should be present and functional."
+ }
+ },
+ "summary": "Layer_details_page:_Default_view"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Layer_details_page:_UI_functionality",
+ "author": [
+ {
+ "email": "stanciux.mihail@intel.com",
+ "name": "stanciux.mihail@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table. \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Click on the \"View compatible layers\" link situated in the \"Project configuration\" portion of the page, under \"Layers\" \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Click on a layer (for example \"meta-aarch64\"). \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Adding/removing a layer: \nClick on \"Add the $layer_name_here layer to your project\" and verify that the \"Add layer\" button turns into a red button with the label \"Delete the $layer_name_here layer from your project\" and that at the top of the page, below the header, you see a message \"You have added 1 layer to $project_name_here: $layer_name_here\". This message can be dismissed by clicking on the \"X\" at the top right side of the message. ",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Click on the red \"Delete the $layer_name_here from your project\" button and verify that the \"Delete layer\" button turns back into a grey button with the label \"Add the $layer_name_here to your project\" and that at the top of the page, below the header, you see a message \"You have deleted 1 layer to $project_name_here: $layer_name_here\". This message can be dismissed by clicking on the \"X\" at the top right side of the message. \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Dependencies window: \n For a layer that has dependencies( for example \"meta-ettus\"), once you click the \"Add layer\" button, verify that you get a message window that presents the dependencies for this layer with the message \"$layer_name_here depends on some layers that are not added to your project. Select the ones you want to add:\", a list with a checkbox for each one and 2 options: \"Add layers\" or \"Cancel\". \nClicking on \"Add layers\" adds all the dependencies and the current layer. Clicking on \"Cancel\" takes you back to the layer detail page without adding any of the layers. \n\n",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "\"Recipes\" table \nCheck that if the layer hasn't been added to the project, the \"Build recipe\" button(s) are disabled. After the project is added, check that the \"Build recipe\" button(s) become active and clicking on a button sends you to the main project page and starts a build. \n\n",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "\"Machines table\" \nCheck that if the layer hasn't been added to the project, the \"Select machine\" button(s) are disabled. After the project is added, check that the \"Build machine\" button(s) become active and clicking on a button sends you to the main project page and modifies the project machine to the one selected. ",
+ "expected_results": "All mentioned elements should be present and functional."
+ }
+ },
+ "summary": "Layer_details_page:_UI_functionality"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Importing_new_layers",
+ "author": [
+ {
+ "email": "stanciux.mihail@intel.com",
+ "name": "stanciux.mihail@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table. \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Click on the \"Import layer\" link situated in the \"Project configuration\" portion of the page, under \"Layers\" table. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Check that the import layer form is shown, with the following elements as text fields to be filled out: \nLayer name (example: meta-imported) \nGit repository URL (example: git://github.com/shr-distribution/meta-smartphone.git) \nRepository subdirectory (optional) (example: meta-acer) \nRevision (example: master) \n\nIn addition, a separate portion of the form will be the \"Layer dependencies\" portion, where you can add dependency layers for the layer you are importing. This portion will contain a list of dependencies already added, with a trashcan icon next to them that will delete them when pressed and a text field with a \"add layer\" button next to it for adding dependencies. (for example: meta-android, meta-oe) \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "At the bottom of the form, check that a button exists with the label \"Import and add to project\". Check that this button is inactive until the required fields are filled out. \nCheck that clicking on the \"Import button\" takes you back to the main project page and that the imported layer, along with any dependencies, were added in the project's layers. ",
+ "expected_results": "All mentioned elements should be present and functional."
+ }
+ },
+ "summary": "Importing_new_layers"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Layer_details_page:_UI_functionality_for_imported_layers",
+ "author": [
+ {
+ "email": "stanciux.mihail@intel.com",
+ "name": "stanciux.mihail@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table. \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Click on the \"View compatible layers\" link situated in the \"Project configuration\" portion of the page, under \"Layers\" table. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Select an imported layer (see in TC 1112 how to import a layer). \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Page heading \nCheck that the page heading includes the branch, tag or commit as entered when importing the layer.\nIf it's a commit, Check that only the first 10 characters are shown followed by an ellipsis character. The full commit shows on hover.The branch, tag or commit information also shows in the breadcrumb. \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "The \"About\" information \nIt shows: \n- Summary \n- Description \nin this order. Those two items always show, independently of them being blank or not, since they can be edited by users. \n\nWhen an information item is empty, it shows as \"not set\" with a \"change\" icon. Click on the icon to add a value. \n\nFor \"Summary\" and \"Description\" clicking the \"change\" icon shows the selected information item in its editable state. It consists of a text area, set to 2 rows for the \"Summary\" and to 6 rows for the \"Description\", plus 'save' and 'cancel' buttons. \nThe 'save' buttons only activate when there is at least one character in the text area. \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "The tabs \nCheck that the tabs shown are: \n- \"Layer details\" \n- \"Recipes\" \n- \"Machines\" \nThe tabs should show in the order in which they are listed above. \n\n\"Layer details\" tab: \nIn not-editable pages, the tab shows: \n- A button to add / remove the layer to / from the project. In this tab, the button labels are: \n\t- \"Add the $layer_name layer to your project\" \n\t- \"Delete the $layer_name layer from your project\" \n\n- Some details about the layer: repository URL, repository subdirectory, revision (branch / tag / commit) and the list of layer dependencies. This is the information required from users when importing a layer. The subdirectory and the layer dependencies can be blank.",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "If blank, they show as \"not set\". \n\nEditing the \"Repository URL\" \nThe \"Git repository URL\" cannot be blank. Therefore, we show only a \"change\" icon next to it. When you click the icon, the text input field is set to the current value. If you delete the value from the input field, we disable the \"save\" button. We enable it again when you type something in the field. \n\nEditing the \"Repository subdirectory\" \nThe \"Repository subdirectory\" can be blank. Therefore, we show both \"change\" and \"delete\" icons. When you click the \"delete\" icon, we \nshow the label \"Not set\".",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "\nWhen you click the \"change\" icon, the text input field is set \nto the current value. \nIf you delete the value from the input field, we disable the \"save\" button. We enable it again when you type something in the field. \n \n\nEditing the \"Revision\" \nThe \"Revision\" cannot be blank. Therefore, we show only a \"change\" icon next to it. When you click the icon, the text input field is set to the current value. If you delete the value from the input field, we disable the \"save\" button. We enable it again when you type something in the field. \n\nThe \"Recipes\" tab \nIt shows: \n1: A counter in the tab label showing the total number of targets provided by the layer \n2: A button to add/remove the layer to/from the project. ",
+ "expected_results": ""
+ },
+ "9": {
+ "action": "In this tab, the button labels are \n \n\"Add the $layer_name layer to your project to enable \nthese targets\" \n\"Delete the $layer_name layer from your project\" \n\n3: A \"Recipes\" table with the following columns: \n \n- Recipe \n- Description: the value of the DESCRIPTION variable. If not set, then the value of the SUMMARY variable. \n- Build recipe, which shows a \"build recipe\" button. The \"build recipe\" button is disabled when the layer is not added to the project. \nThe recipes table is sorted by \"Recipe\" in ascending alphabetical order. \n\nThe \"Machines\" tab: \nIt shows: \n1: A counter in the tab label showing the total number of machines provided by the layer \n2: A button to add/remove the layer to/from the project.",
+ "expected_results": ""
+ },
+ "10": {
+ "action": "In this tab, the button labels are \n \n\t- \"Add the $layer_name layer to your project to enable these machines\" \n\t- \"Delete the $layer_name layer from your project\" \n3: A \"machines\" table with the following columns: \n- Machine. \n \n- Description: The value of the DESCRIPTION variable in the .conf file \n- Select machine, which shows a \"select\" button. The \"select\" button is disabled when the layer is not added to the project. \nThe machines table is sorted by \"Machine\" in ascending alphabetical order. ",
+ "expected_results": "All mentioned elements should be present and functional."
+ }
+ },
+ "summary": "Layer_details_page:_UI_functionality_for_imported_layers"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Multiple_build_directories",
+ "author": [
+ {
+ "email": "stanciux.mihail@intel.com",
+ "name": "stanciux.mihail@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "after starting Toaster for the first time, go to http://[localhost]:8000/admin/ and login with the admin user you created during setup. Click on the Build environments section, and on the BuildEnvironment object. \n\n\n\nNote: you can create a superuser to enter as admin with ... poky/bitbake/lib/toaster/manage.py createsuperuser \n\n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "make note of the \"sourcedir\" and \"builddir\" values. The build dir will be something like \"/home/user/path/build\" \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": " click \"back\", and click on the \"Add build environment\" button in the upper right corner. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "enter Address \"2\", Betype: \"local\", \"sourcedir\" is to be set to whatever the original build env is set, and \"builddir\" is ANOTHER path at the same level as the original builddir - e.g. \"/home/user/path/build2\" \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Click save \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Execute command : /poky$ source oe-init-build-env build2 \n\n",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Create new project \n\n",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "issue 2 build (e.g. core-image-minimal core-image-sato)\n\n\n\n\n\n",
+ "expected_results": "Both build commands should run simultaneously."
+ }
+ },
+ "summary": "Multiple_build_directories"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Run_again_button_from_all_builds_page_must_run_the_specified_task",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start Toaster.",
+ "expected_results": "Toaster starts. \n"
+ },
+ "2": {
+ "action": "Click on new project button.",
+ "expected_results": " Open create a new project page. \n"
+ },
+ "3": {
+ "action": "Enter a project name, select a release and click on create project or select an existing project.",
+ "expected_results": " Project Created. \n"
+ },
+ "4": {
+ "action": "Build a image task (ex: core-image-minimal:clean) and wait until build finish.\nfrom all build page.",
+ "expected_results": " Build task finishes successfully. \n"
+ },
+ "5": {
+ "action": "Click on rebuild button from all build page.",
+ "expected_results": "Specified task will run again. \n"
+ },
+ "6": {
+ "action": "Click on the build and verify if the number of tasks executed = 1.",
+ "expected_results": "Only the specified task is executed. \n"
+ },
+ "7": {
+ "action": "From project builds page click on run again button.",
+ "expected_results": "Specified task will run again.\n"
+ },
+ "8": {
+ "action": "Click on the build and verify if the number of tasks executed = 1.",
+ "expected_results": ""
+ }
+ },
+ "summary": "Run_again_button_from_all_builds_page_must_run_the_specified_task"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Intel_layers_builds",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start Toaster.",
+ "expected_results": "Toaster starts. \n"
+ },
+ "2": {
+ "action": "Click on new project button.",
+ "expected_results": "Open create a new project page. \n"
+ },
+ "3": {
+ "action": "Enter a project name, select a release and click on create project.",
+ "expected_results": "Project Created. \n"
+ },
+ "4": {
+ "action": "Click on layers tab.",
+ "expected_results": "Open compatible layers page. \n"
+ },
+ "5": {
+ "action": "Search for intel.",
+ "expected_results": "Return results \n"
+ },
+ "6": {
+ "action": "Add intel layers like: meta-intel, meta-intel-quark.",
+ "expected_results": "Layers added to project. \n"
+ },
+ "7": {
+ "action": "Click on the added layer.",
+ "expected_results": "Open layer page. \n"
+ },
+ "8": {
+ "action": "From machine tab, select a machine.",
+ "expected_results": "Machine has changed. \n"
+ },
+ "9": {
+ "action": "Build a recipe(core-image-minimal) or a recipe from recipe tab.",
+ "expected_results": "Build finishes successfully."
+ }
+ },
+ "summary": "Intel_layers_builds"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Download_other_artifacts",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Delete the build/tmp folder. (to make sure the rootfs task runs and other artifacts are generated for the build)",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Start Toaster.",
+ "expected_results": "Toaster starts. \n\t"
+ },
+ "3": {
+ "action": "Click on new project button.",
+ "expected_results": "Open create a new project page. \n\t"
+ },
+ "4": {
+ "action": "Enter a project name, select a release and click on create project.",
+ "expected_results": "Project Created. \n\t"
+ },
+ "5": {
+ "action": "Build an image recipe (ex: core-image-minimal) and wait until build finish.",
+ "expected_results": "Build finishes successfully. \n\t"
+ },
+ "6": {
+ "action": "Click on the built recipe.",
+ "expected_results": "Open build summary page. \n\t"
+ },
+ "7": {
+ "action": "From other artifacts tab click on a link.",
+ "expected_results": "You can download other artifacts."
+ }
+ },
+ "summary": "Download_other_artifacts"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Download_licence_manifest",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Delete the build/tmp folder. (to make sure license manifest is generated)",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Start Toaster \n\n",
+ "expected_results": "Toaster starts. \n"
+ },
+ "3": {
+ "action": "Click on new project button. \n\n",
+ "expected_results": "Open create a new project page. \n"
+ },
+ "4": {
+ "action": "Enter a project name, select a release and click on create project. \n\n",
+ "expected_results": "Project Created. \n"
+ },
+ "5": {
+ "action": "Build an image recipe (ex: core-image-minimal) and wait until build finish. \n\n",
+ "expected_results": "Build finishes successfully. \n"
+ },
+ "6": {
+ "action": "Click on the built recipe. \n\n",
+ "expected_results": "Open build summary page. \n"
+ },
+ "7": {
+ "action": "From Image tab click on \"Download\" button for License manifest.",
+ "expected_results": "You can download license manifest."
+ }
+ },
+ "summary": "Download_licence_manifest"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Test_dependencies_layers",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start Toaster.",
+ "expected_results": "Toaster starts. \n"
+ },
+ "2": {
+ "action": "Click on new project button.",
+ "expected_results": "Open create a new project page. \n"
+ },
+ "3": {
+ "action": "Enter a project name, select a release and click on create project.",
+ "expected_results": "Project Created. \n"
+ },
+ "4": {
+ "action": "Click on Layers.",
+ "expected_results": "Open compatible layers page. \n"
+ },
+ "5": {
+ "action": "Add a layer with multi-level dependencies. (ex: meta-acer) \nThis layer depends on meta-networking, which in turn depends on meta-android. \n \n",
+ "expected_results": "The selected layer and dependencies were added to project. \n"
+ },
+ "6": {
+ "action": "Check if meta-python appears in the dependencies list, and add the layers to project.",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Delete a dependency layer.",
+ "expected_results": "Layer removed from project. \n \n"
+ },
+ "8": {
+ "action": "Build a recipe (ex: core-image-minimal) and wait until build finish.\n",
+ "expected_results": "Build will fail with an error.\n\n\t"
+ }
+ },
+ "summary": "Test_dependencies_layers"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Test_build_recipe_button_from_recipes_page",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start Toaster.",
+ "expected_results": "Toaster starts. \n"
+ },
+ "2": {
+ "action": "Click on new project button.",
+ "expected_results": "Open create a new project page. \n"
+ },
+ "3": {
+ "action": "Enter a project name, select a release and click on create project.",
+ "expected_results": "Project Created. \n"
+ },
+ "4": {
+ "action": "Click on software recipes / image recipes.",
+ "expected_results": "Open compatible software recipes page. \n"
+ },
+ "5": {
+ "action": "Select a recipe and click on 'add layer' button.",
+ "expected_results": "Layer added to project and the 'add layer' button becomes 'build recipe'. \n"
+ },
+ "6": {
+ "action": "Click on \"Build recipe\" button for one recipe (ex : core-image-minimal / busybox).",
+ "expected_results": "Build finishes successfully."
+ },
+ "7": {
+ "action": "Test this for software and image recipes tables.",
+ "expected_results": ""
+ }
+ },
+ "summary": "Test_build_recipe_button_from_recipes_page"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Test_compatible_machines",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start Toaster.",
+ "expected_results": "Toaster starts. \n"
+ },
+ "2": {
+ "action": "Click on new project button.",
+ "expected_results": "Open create a new project page. \n"
+ },
+ "3": {
+ "action": "Enter a project name, select a master release and click on create project.",
+ "expected_results": "Project Created. \n"
+ },
+ "4": {
+ "action": "Go to machines page.",
+ "expected_results": "Open compatible machines page. \n"
+ },
+ "5": {
+ "action": "Choose a machine and click on add layer for it. (intel-core2-32)",
+ "expected_results": "Layers added to project and add layer button becomes select machine. \n"
+ },
+ "6": {
+ "action": "Click on select machine.",
+ "expected_results": "Machine has changed. \n"
+ },
+ "7": {
+ "action": "Go to layer page that generate the machine. (meta-intel)",
+ "expected_results": "Open layer page \n"
+ },
+ "8": {
+ "action": "Build a recipe generated by that layer.",
+ "expected_results": "Build finishes successfully."
+ }
+ },
+ "summary": "Test_compatible_machines"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Builds_with_different_machines",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start Toaster.",
+ "expected_results": "Toaster starts. \n"
+ },
+ "2": {
+ "action": "Click on new project button.",
+ "expected_results": "Open create a new project page. \n"
+ },
+ "3": {
+ "action": "Enter a project name, select a master release and click on create project.",
+ "expected_results": "Project Created. \n"
+ },
+ "4": {
+ "action": "Select a machine (ex: qemux86-64)",
+ "expected_results": "The machine has changed. \n"
+ },
+ "5": {
+ "action": "Build a recipe (ex: core-image-minimal) and wait until buid finish.",
+ "expected_results": "Build finishes successfully. \n"
+ },
+ "6": {
+ "action": "Go to project page and change the machine (ex: qemumips)",
+ "expected_results": "The machine has changed. \n"
+ },
+ "7": {
+ "action": "Build a recipe (ex: core-image-sato) and wait until build finish.",
+ "expected_results": "Build finishes successfully. \n\nYou can build recipes with different machines."
+ },
+ "8": {
+ "action": "Check on build summary page that the machine match the machine selected.",
+ "expected_results": ""
+ }
+ },
+ "summary": "Builds_with_different_machines"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Test_bitbake_variables_-_IMAGE_FSTYPES",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start Toaster.",
+ "expected_results": "Toaster starts. \n"
+ },
+ "2": {
+ "action": "Click on new project button.",
+ "expected_results": "Open create a new project page. \n"
+ },
+ "3": {
+ "action": "Enter a project name, select release and click on create project.",
+ "expected_results": "Project Created. \n"
+ },
+ "4": {
+ "action": "Go to Configuration --> BitBake variables",
+ "expected_results": "Open Bitbake variables page. \n"
+ },
+ "5": {
+ "action": "Change IMAGE_FSTYPES variable, add some image types like: hddimg, ext4, etc.",
+ "expected_results": "Image types were added. \n"
+ },
+ "6": {
+ "action": "Build a recipe (ex: core-image-minimal) and wait until build finish.",
+ "expected_results": "Build finishes successfully. \n"
+ },
+ "7": {
+ "action": "Verify in the build summary page if the image types selected were built.",
+ "expected_results": "All the image types selected appears in the build summary page."
+ }
+ },
+ "summary": "Test_bitbake_variables_-_IMAGE_FSTYPES"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Software_recipes:_default_view",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table. \n\n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": " If no images exist in the project, build an image by inserting \"core-image-minimal\" in the \"Recipes\" field and press the \"Build\" button. Wait for the image to finish building. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "On the project page click on the \"Software Recipes\" link situated in the left-handed side of the page, under the \"Project configuration\" menus, in the \"COMPATIBLE METADATA\" table. \n\n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Check that \"Compatible software recipes\" table is populated. \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Check that the following columns are shown by default: \n\n\t\tSoftware recipe \n\t\tDescription \n \n\t\tLayer \n\t\tBuild \n\t\t Version ",
+ "expected_results": ""
+ }
+ },
+ "summary": "Software_recipes:_default_view"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Software_recipes:_sorting_the_content_of_the_software_recipes_table",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table. \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Navigate to the \"Software Recipes\" page. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Make sure the table is sorted on the \"Software Recipe\" column by default in ascending order. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Activate all columns from the \"Edit column\" drop-down menu. Check that \"Build\" and \"Software Recipe\" columns cannot be unchecked. \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Check that \"Software Recipe\", \"Section\", \"License\", \"Layer\" are the only sortable table heads. \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Sort the table by \"Layer\" and then navigate away by selecting a layer(such as meta-yocto). When you click \"back\" button in web-browser to go back to the \"Compatible image recipes\" table it should still be sorted by \"Layer\". \n\n",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Sorting and \"Edit columns\" \nIf you use the \"Edit columns\" menu to hide the column with the applied sorting, we revert the sorting to the default sorting (i.e. \"Recipe\"). The default sorting always uses one of the core columns, which cannot be hidden using the \"Edit columns\" menu. \n\n",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "Sorting and search \nSearching should have no impact on the applied sorting. Any results returned should be sorted by the sorting criteria selected when the search query was submitted. \nSort recipes by \"Layer\" column heading. Input a string (such as \"meta\") in search box and click search button. Make sure results returned are sorted by \"Layer\".",
+ "expected_results": ""
+ }
+ },
+ "summary": "Software_recipes:_sorting_the_content_of_the_software_recipes_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Software_recipes:_Searching_the_content_of_the_software_recipes_table",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table. \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Navigate to the \"Software Recipes\" page. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Check that the search is made of a text input field and a \"Search\" button in a toolbar above the table. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "When no search query has been entered, we have placeholder text saying: \"Search compatible software recipes\". \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Input \"core\" in the text input field. The placeholder text disappears when the first character is typed. Click search button. \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": " \n(1) returned results \nThe search string is kept in the text input field. The results returned occur. Click \"Clear search\" icon to clear the search and display the compatible recipes. \n(2) no results returned \nIf your search query returns no results, the page heading changes to \"No recipes found\", and we show you an alert with a search form and an option to show all targets. Check that \"show compatible recipes\" button is available. \n\n",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "When I run a search, the search happens against the following columns (independently of they being shown or hidden):\n- Software Recipe\n- Recipe version\n- Description\n- Recipe file\n- Section\n- License\n- Layer\n- Revision\nInput a string to search for the above column headings separately to make sure that the search happens against the columns. \n",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "Search, sorting and \"Edit columns\" \nSearching does not change the state of the table: the same columns remain hidden and the same sorting applied when search results are displayed, but filters are cleared by the search results.\nSearch a string and make sure that the same columns remain hidden and the same sorting applied. \n\n",
+ "expected_results": ""
+ },
+ "9": {
+ "action": "Search and filters \nThe scope of the filters is the content currently on the table (this means all table pages, not only the one displayed). The scope of the search is always the content of the database. \n\nIf I run a search query, any filter applied afterwards will filter the content returned by the search query. \n\nIf I run a search query while a filter is applied, the filter is cleared by the results of the search query (i.e. we display the results of the search query and clear the filter applied beforehand). The same happens if I click the \"Clear search\" icon when a filter is applied to a set of search results (both search results and applied filter are cleared, and the table shows all the targets). ",
+ "expected_results": ""
+ }
+ },
+ "summary": "Software_recipes:_Searching_the_content_of_the_software_recipes_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Software_recipes:_Filter_the_contents_of_the_software_recipes_table",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Access a project page, either by creating a new project or accessing an existing project from the \"All builds\" table.",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Navigate to the \"Software Recipes\" page.",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Make sure the following table column has filters: \n- Build",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Filters are mutually exclusive. Click a filter button of a one column and a filter dialogue occurs. Select a filter item. The filter result would be showed. Then select another filter item of another column and the previously applied filter is overridden by the newly selected filter when a filter from a different column is applied to the table. In this state, we show some help text next to the \"Apply\" button, saying \"You can only apply one filter to the table. This filter will override the current filter.\"",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Filters are overridden by search. Run a search query and you can see previous filter results are overridden by the results of the search query.",
+ "expected_results": ""
+ }
+ },
+ "summary": "Software_recipes:_Filter_the_contents_of_the_software_recipes_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Test_the_packages_included_in_the_image",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start Toaster.",
+ "expected_results": "Toaster starts. \n"
+ },
+ "2": {
+ "action": " Click on new project button.",
+ "expected_results": " Open create a new project page. \n"
+ },
+ "3": {
+ "action": " Enter a project name, select a release and click on create project.",
+ "expected_results": " Project Created. \n"
+ },
+ "4": {
+ "action": " Build a recipe (ex: core-image-minimal) and wait until build finish.",
+ "expected_results": " Build finishes successfully. \n"
+ },
+ "5": {
+ "action": " Click on the built recipe.",
+ "expected_results": " Open build summary page. \n"
+ },
+ "6": {
+ "action": " Under IMAGES tab click on the recipe built.",
+ "expected_results": "Image page open. \n"
+ },
+ "7": {
+ "action": "Click on a package name.",
+ "expected_results": "Open the package page. \n"
+ },
+ "8": {
+ "action": "Under file title click on the link to file.",
+ "expected_results": "You are redirected to directory structure and you can see where the file is located."
+ }
+ },
+ "summary": "Test_the_packages_included_in_the_image"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Test_the_filters_from_a_image_page",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Start Toaster.",
+ "expected_results": "Toaster starts. \n"
+ },
+ "2": {
+ "action": " Click on new project button.",
+ "expected_results": " Open create a new project page. \n"
+ },
+ "3": {
+ "action": " Enter a project name, select a release and click on create project.",
+ "expected_results": " Project Created. \n"
+ },
+ "4": {
+ "action": " Build a recipe (ex: core-image-minimal) and wait until build finish.",
+ "expected_results": " Build finishes successfully. \n"
+ },
+ "5": {
+ "action": " Click on the built recipe.",
+ "expected_results": " Open build summary page. \n"
+ },
+ "6": {
+ "action": "Click on Configuration - Bitbake Variables.",
+ "expected_results": "Open bitbake variables page. \n"
+ },
+ "7": {
+ "action": "Test Description filter. ",
+ "expected_results": "Filter works ok. (filter returns only items that match the selected criteria) "
+ }
+ },
+ "summary": "Test_the_filters_from_a_image_page"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Test_dependencies_link",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Start Toaster.",
+ "expected_results": "Toaster starts. \n"
+ },
+ "2": {
+ "action": " Click on new project button.",
+ "expected_results": " Open create a new project page. \n"
+ },
+ "3": {
+ "action": " Enter a project name, select a release and click on create project.",
+ "expected_results": " Project Created. \n"
+ },
+ "4": {
+ "action": " Build a recipe (ex: core-image-minimal) and wait until build finish.",
+ "expected_results": " Build finishes successfully. \n"
+ },
+ "5": {
+ "action": " Click on the built recipe.",
+ "expected_results": " Open build summary page. \n"
+ },
+ "6": {
+ "action": "Click on recipes tab.",
+ "expected_results": "Open recipes page. \n"
+ },
+ "7": {
+ "action": "Click on edit columns and select Dependencies.",
+ "expected_results": "Dependencies column is shown in the table. \n"
+ },
+ "8": {
+ "action": "Click on a number of dependencies.",
+ "expected_results": "A pop up with dependencies will appear. \n"
+ },
+ "9": {
+ "action": "Click on a dependency. ",
+ "expected_results": "Open recipe dependency page. "
+ }
+ },
+ "summary": "Test_dependencies_link"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Test_recipe_file_link",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start Toaster. \n\n\t",
+ "expected_results": "Toaster starts. \n\n\t"
+ },
+ "2": {
+ "action": " Click on new project button. \n\n\t",
+ "expected_results": " Open create a new project page. \n\n\t"
+ },
+ "3": {
+ "action": " Enter a project name, select a release (ex: master) and click on create project. \n\n\t",
+ "expected_results": " Project Created. \n\n\t"
+ },
+ "4": {
+ "action": "Click on Image recipes tab. \n\n\t",
+ "expected_results": "Open Compatible image recipes table. \n\n\t"
+ },
+ "5": {
+ "action": "Click on edit columns and select recipe file. \n\n\t",
+ "expected_results": "Recipe file column appears in the table. \n\n\t"
+ },
+ "6": {
+ "action": "Click on the blue button near a recipe file. \n\n\t",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Repet steps - 4 to 6 for software recipes.",
+ "expected_results": ""
+ }
+ },
+ "summary": "Test_recipe_file_link"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.See_packages_size",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start Toaster. \n\n\t",
+ "expected_results": " Toaster starts. \n\n\t"
+ },
+ "2": {
+ "action": " Click on new project button. \n\n\t",
+ "expected_results": " Open create a new project page. \n\n\t"
+ },
+ "3": {
+ "action": " Enter a project name, select a release and click on create project. \n\n\t",
+ "expected_results": " Project Created. \n\n\t"
+ },
+ "4": {
+ "action": " Build a recipe (ex: core-image-minimal) and wait until build finish. \n\n\t",
+ "expected_results": " Build finishes successfully. \n\n\t"
+ },
+ "5": {
+ "action": " Click on the built recipe. \n\n\t",
+ "expected_results": " Open build summary page. \n\n\t"
+ },
+ "6": {
+ "action": "Click on packages tab. \n\n\t",
+ "expected_results": "Open packages page. \n\n\t"
+ },
+ "7": {
+ "action": "Click on size to sort the table. ",
+ "expected_results": "You can check the size of each package. \n\nWhen you click on 'Size' the first time, the correct sorting is the inverse one (biggest package on top). Clicking a second time will invert the sorting (you'll see packages with 0 B size on top)."
+ }
+ },
+ "summary": "See_packages_size"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Build_multiple_recipes",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Start Toaster. \n\n\t",
+ "expected_results": " Toaster starts. \n\n\t"
+ },
+ "2": {
+ "action": " Click on new project button. \n\n\t",
+ "expected_results": " Open create a new project page. \n\n\t"
+ },
+ "3": {
+ "action": " Enter a project name, select a release and click on create project. \n\n\t",
+ "expected_results": " Project Created. \n\n\t"
+ },
+ "4": {
+ "action": " Build a multiple recipes (ex: \"core-image-minimal core-image-sato\") and wait until build finish. ",
+ "expected_results": "Builds finishes successfully. \n\nYou can build multiple recipes with toaster"
+ }
+ },
+ "summary": "Build_multiple_recipes"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Build_a_recipe_with_different_distro",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Start Toaster. \n\n\t",
+ "expected_results": " Toaster starts. \n\n\t"
+ },
+ "2": {
+ "action": " Click on new project button. \n\n\t",
+ "expected_results": " Open create a new project page. \n\n\t"
+ },
+ "3": {
+ "action": " Enter a project name, select a release and click on create project. \n\n\t",
+ "expected_results": " Project Created. \n\n\t"
+ },
+ "4": {
+ "action": "From project page click on Bitbake variables tab. \n\n\t",
+ "expected_results": "Open Bitbake variables page. \n\n\t"
+ },
+ "5": {
+ "action": "Click on change button for distro. \n\n\t",
+ "expected_results": "A type in form appears. \n\n\t"
+ },
+ "6": {
+ "action": "Change distro (ex: poky-lsb). \n\n\t",
+ "expected_results": "Distro has changed. \n\n\t"
+ },
+ "7": {
+ "action": "Add specific layers for distro (meta-qt3, meta-qt4) \n\t\n\t",
+ "expected_results": "Layers added to the project \n\n\t"
+ },
+ "8": {
+ "action": " Build a recipe (ex: core-image-minimal) and wait until build finish.",
+ "expected_results": "Build finishes successfully. \n\nThe 'success' criteria for this one should be that the build is reported as using the poky-lsb distro in the build summary page, and that the DISTRO variable value in the bitbake variables table is set to the value specified in toaster (poky-lsb again)."
+ }
+ },
+ "summary": "Build_a_recipe_with_different_distro"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Test_package_format_-_ipk_rpm_deb",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " Start Toaster. \n\n\t",
+ "expected_results": " Toaster starts. \n\n\t"
+ },
+ "2": {
+ "action": " Click on new project button. \n\n\t",
+ "expected_results": " Open create a new project page. \n\n\t"
+ },
+ "3": {
+ "action": " Enter a project name, select a release and click on create project. \n\n\t",
+ "expected_results": " Project Created. \n\n\t"
+ },
+ "4": {
+ "action": "From the project page click on bitbake variables tab. \n\n\t",
+ "expected_results": "Open bitbake variables page. \n\n\t"
+ },
+ "5": {
+ "action": "Click on change button near PACKAGE_CLASSES and select all the package formats (rpm, deb, ipk). \n\n\t",
+ "expected_results": "Package classes selected. \n\n\t"
+ },
+ "6": {
+ "action": "Build a recipe (ex: core-image-minimal) and wait until build finish.",
+ "expected_results": "Build finishes successfully.\nYou can see the package classes in the build summary page."
+ }
+ },
+ "summary": "Test_package_format_-_ipk_rpm_deb"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Test_IMAGE_INSTALL_append_variable",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start Toaster. \n\n",
+ "expected_results": " Toaster starts. \n\n\t"
+ },
+ "2": {
+ "action": " Click on new project button. \n\n",
+ "expected_results": " Open create a new project page. \n\n\t"
+ },
+ "3": {
+ "action": " Enter a project name, select a release and click on create project. \n\n",
+ "expected_results": " Project Created. \n\n\t"
+ },
+ "4": {
+ "action": "From the project page click on bitbake variables tab. \n\n",
+ "expected_results": "Open bitbake variables page. \n\n\t"
+ },
+ "5": {
+ "action": "Click on change button for IMAGE_INSTALL_append and add a variable (ex: acpid). \n\n",
+ "expected_results": "Variable added. \n\n\t"
+ },
+ "6": {
+ "action": "Build a recipe (ex: core-image-minimal) and wait until build finish. \n\n",
+ "expected_results": "Build finishes successfully. \n\n\t"
+ },
+ "7": {
+ "action": "After build finishes go to build page. \n\n",
+ "expected_results": "Open build summary page. \n\n\t"
+ },
+ "8": {
+ "action": "Go to package tab and search for acpid.",
+ "expected_results": "You should get results for ssh packages."
+ }
+ },
+ "summary": "Test_IMAGE_INSTALL_append_variable"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.New_custom_image:_default_view",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Access a project page, either by creating a new project or accessing an existing project from the \"All projects\" table. \n\n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "On the project page click on the \"New custom image\" link situated on the left-hand side, near Configuration, builds, import layer \n\n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Check that the table is populated with the list of image recipes (eg. core-image minimal, core-image-lsb) \n\n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": " Check that by default the following columns are shown: Image recipe, Version, Description, Layer, Customise \n\n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "From the \"Edit columns\" menu, activate the: Recipe file, Section, License, Git revision \n\n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Check that the \"Git revision\" entries match the release entry from the main project page, in the project details section. \n\n\n",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Check that the image recipes provided by layers added to the project show a 'customise' button, while image recipes provided by layers not added to the project show an 'add layer' button ",
+ "expected_results": ""
+ }
+ },
+ "summary": "New_custom_image:_default_view"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.New_custom_image:_sorting_the_content_of_new_custom_image_table",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Access a project page, either by creating a new project or accessing an existing project from the \"All projects\" table. \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "On the project page click on the \"New custom image\" link situated on the left-hand side, near Configuration, builds, import layer \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Make sure that the table is sorted on the ‘Image recipe’ column by default in ascending order. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Clicking on Image recipe should revert the sorting. (from 'a to z' changes to 'z to a') \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "From the \"Edit columns\" menu activate all the columns. Check that ‘Image recipe’ and ‘Customise’ columns cannot be unchecked. \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Check that Image recipe, Section, Layer and License are the only sortable table heads. \n\n",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Sort the table by \"Layer\" and then navigate away by selecting an image (such as core-image-lsb). When you click the \"back\" button in the web-browser to go back, the \"New custom image\" table should still be sorted by \"Layer\". \nThis should apply also by navigating back to the page by any other means. \n\n",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "Sorting and \"Edit columns\" menu: If you use the \"Edit columns\" menu to hide the column with the applied sorting, we revert the sorting to the default sorting (i.e. \"Image recipe\"). The default sorting always uses one of the core columns, which cannot be hidden using the \"Edit columns\" menu \n\n",
+ "expected_results": ""
+ },
+ "9": {
+ "action": "Sorting and search: Searching should have no impact on the applied sorting. Any results returned should be sorted by the sorting criteria selected when the search query was submitted. Sort recipes by \"Layer\" column heading. Input a string (such as \"core-image\") in search box and click search button. Make sure results returned are sorted by \"Layer\".",
+ "expected_results": "N/A"
+ }
+ },
+ "summary": "New_custom_image:_sorting_the_content_of_new_custom_image_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.New_custom_image:_searching_the_content_of_new_custom_image_table",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Access a project page, either by creating a new project or accessing an existing project from the \"All projects\" table. \n \n\n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "On the project page click on the \"New custom image\" link situated on the left-hand side, near Configuration, builds, import layer \n \n\n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Check that the search is made of a text input field and a \"Search\" button in a toolbar above the table. When no search query has been entered, the text input field should show the following placeholder text: \"Search select the image recipe you want to customise\" \n \n\n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Input \"core\" in the text input field. The placeholder text disappears when the first character is typed. Click search button. \n \n\n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "The search string is kept in the text input field. The results returned occur. Click \"Clear search\" icon to clear the search and display the image recipes. If your search query returns no results, we show you an alert with a search form and an option to show all image recipes. Check that \"show all\" link is available. \n\n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Search, sorting and \"Edit columns\": Searching does not change the state of the table: the same columns remain hidden and the same sorting applied when search results are displayed, but filters are cleared by the search results. Search a string and make sure that the same columns remain hidden and the same sorting applied. \n\n\n",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Search and filters \n \n\t•\tThe scope of the filters is the content currently on the table (this means all table pages, not only the one displayed). The scope of the search is always the content of the database. \n\n\n",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "If I run a search query, any filter applied afterwards will filter the content returned by the search query. \tIf I run a search query while a filter is applied, the filter is cleared by the results of the search query (i.e. we display the results of the search query and clear the filter applied beforehand). The same happens if I click the \"Clear search\" icon when a filter is applied to a set of search results (both search results and applied filter are cleared, and the table shows all the targets). ",
+ "expected_results": "\n \n"
+ }
+ },
+ "summary": "New_custom_image:_searching_the_content_of_new_custom_image_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.New_custom_image:_Filter_the_contents_of_the_new_custom_image_table",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Access a project page, either by creating a new project or accessing an existing project from the \"All projects\" table. \n\n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "On the project page click on the \"New custom image\" link situated on the left-hand side, near Configuration, builds, import layer \n\n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Make sure the following table column has filters: Customise \n\n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Click the filter button in the \"Customise\" column and a filter dialogue comes up. Select a filter option. The filter results should be showed. \n\n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Filters are overridden by search. Run a search query and you can see previous filter results are overridden by the results of the search query.",
+ "expected_results": "N/A"
+ }
+ },
+ "summary": "New_custom_image:_Filter_the_contents_of_the_new_custom_image_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Create_new_custom_image",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Access a project page, either by creating a new project or accessing an existing project from the \"All projects\" table. \n \n\n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "On the project page click on the \"New custom image\" link situated on the left-hand side, near Configuration, builds, import layer \n\n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Search for rpi-basic-image, click on 'add layer' button. Make sure a \"layer added\" notification shows and a \"customise\" button is displayed. Click the \"customise\" button, type a name for you new custom image and click on create custom image. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Verify that image was created: when you create the custom image you will be redirected to the custom image details page, and a notification at the top of the page should tell you: ‘Your custom image X has been created. You can now add or remove packages as needed. \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "If you select an image that has not been built beforehand you should not see the 'add / remove' packages table until you build the image. \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "If you select an image that has been built beforehand you should see the 'add / remove' packages table when you create the custom image. ",
+ "expected_results": "N/A"
+ }
+ },
+ "summary": "Create_new_custom_image"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Custom_image_page_details",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "After you create a new custom image go to the custom image page, by clicking on the custom image. \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Breadcrumbs \n \n\t * Observe that the 3 breadcrumbs at the top left are: \n \n\t\ta live link that will take you back to the project page \n\t\tCustom images: a live link that will take you back to the custom images table \n\t\timage name(toaster-custom-images): the name of the current custom image (not a link) \n \n\n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Observe the 2 buttons build Custom image and Download recipe file \n \n\ti.\tTest this 2 buttons \n\tii.\tYou should always be able to build the custom image, but you only should be able to download the recipe file when the package content of the custom image is known. When you cannot download the recipe file, the 'download' button at the top of the page is disabled, and the right hand column does not show information about the recipe file. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Observe that there is a right-hand box, with information about the images \n \n\ti.\tThere is a number of packages included in the custom image \n\tii.\tApprox package size \n \n\tiii.\tLayer \n \n\tiv.\tImage based on \n \n\tv.\tRecipe file (only when you can download it_ \n\tvi.\tVersion \n \n\tvii.\tLicense \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Observe that the page includes a table with packages and you can add or remove packages from the custom image. The packages table only appears when: \n\na) the image recipe you chose as your base image when creating the custom image has been built within the project \n\nb) the custom image itself has been built \n\nIf no packages table shows, you see a notification with a build button instead. ",
+ "expected_results": "N/A"
+ }
+ },
+ "summary": "Custom_image_page_details"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Custom_image_page_–_Add_|_Remove_packages_table",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "After you create a new custom image go to the custom image page, by clicking on the custom image. \n\n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Make sure that the table is sorted on the ‘Package’ column by default in ascending order. \n\n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Check that by default the following columns are shown: Package, Package Version, Approx Size \n\n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "From the \"Edit columns\" menu, activate the: License, Recipe, Recipe version and Reverse dependencies columns \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Check that ‘Package’, Approx Size, License, Recipe are the only sortable table heads. \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Sorting and \"Edit columns\": If you use the \"Edit columns\" menu to hide the column with the applied sorting, we revert the sorting to the default sorting (i.e. \"Package\"). The default sorting always uses one of the core columns, which cannot be hidden using the \"Edit columns\" menu \n\n",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Sorting and search: Searching should have no impact on the applied sorting. Any results returned should be sorted by the sorting criteria selected when the search query was submitted. Sort recipes by \"Recipe\" column heading. Input a string (such as \"acl\") in search box and click search button. Make sure results returned are still sorted by \"Recipe\". \n\n",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "Click \"Clear search\" icon to clear the search and display the Packages. \n\n",
+ "expected_results": ""
+ },
+ "9": {
+ "action": "Make sure the following table column has filters: Add | Remove (Click on 'Edit custom image' in the left pane of the custom image) \n\n1",
+ "expected_results": ""
+ },
+ "10": {
+ "action": "Click the filter button: a filter dialogue displays. Select a filter option. The filter results should be showed. \n\n1",
+ "expected_results": ""
+ },
+ "11": {
+ "action": "Filters are overridden by search. Run a search query and you can see previous filter results are overridden by the results of the search query. \n\n1",
+ "expected_results": ""
+ },
+ "12": {
+ "action": "This page needs a special no results message for the search. You can see in the doc attached to\nhttps://bugzilla.yoctoproject.org/show_bug.cgi?id=9154 \n\nTo test it, enter a random string in the search input field (something like \"bbb\") and click the 'search' button. The special no results message includes the following: \n\na) instructions about searching and building recipes in order to generate new packages \n\nb) a search text input field with the search string you typed, a 'clear' icon and a search button. Click the 'clear' icon: the search field should be cleared and the full list of packages should be shown. \n\nc) a 'show all packages' link. Click the link: the search field should be cleared and the full list of packages should be shown. ",
+ "expected_results": "N/A"
+ }
+ },
+ "summary": "Custom_image_page_–_Add_|_Remove_packages_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Adding_packages_without_dependencies_from_custom_images",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Access a project page, either by creating a new project or accessing an existing project from the \"All projects\" table. \n\n ",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "On the project page click on the \"New custom image\" link situated on the left-hand side, near Configuration, builds, import layer \n\n\n ",
+ "expected_results": " "
+ },
+ "3": {
+ "action": "Choose an image recipe example:(core-image-sato) and click on the customise button on the far right (note if that layer is not added the button will say +Add layer, add it and then customise) \n\n\n ",
+ "expected_results": " A pop out should appear and you should get to give the new image a customized name. Then you will be redirected to a page of Add|Remove Packages. If this image has not been build it will not have packages.\n\n"
+ },
+ "4": {
+ "action": "Build the new image if it has not been build, else start adding packages without dependencies example: attr-doc \n\n \n ",
+ "expected_results": "You should get a message in blue that says \"You have added 1 package to $image-custom-name: $package-name\" "
+ },
+ "5": {
+ "action": "Build the image again.\n",
+ "expected_results": "Expected Result on step 5: the packages you have added should be installed in the image."
+ }
+ },
+ "summary": "Adding_packages_without_dependencies_from_custom_images"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Removing_packages_without_and_with_dependencies__from_custom_images",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Access a project page, either by creating a new project or accessing an existing project from the \"All projects\" table. \n\n ",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "On the project page click on the \"New custom image\" link situated on the left-hand side, near Configuration, builds, import layer \n\n\n\n ",
+ "expected_results": " A pop out should appear and you should get to give the new image a customized name. Then you will be redirected to a page of Add|Remove Packages. If this image has not been build it will not have packages. \n\n"
+ },
+ "3": {
+ "action": "Choose an image recipe example:(core-image-sato) and click on the customise button on the far right (note if that layer is not added the button will say +Add layer, add it and then customise) \n\n\n\n ",
+ "expected_results": "A pop out should appear and you should get to give the new image a customized name. Then you will be redirected to a page of Add|Remove Packages. If this image has not been build it will not have packages.\n\n"
+ },
+ "4": {
+ "action": "Build the new image if it has not been build else start removing a packages (click on 'Edit custom image' in the left pane of the custom image) that have dependencies and packages that have no dependencies that are already included by clicking on the red button \"Remove Package\" \n\n\n \n ",
+ "expected_results": "You should get a message in blue that says \"You have removed 1 package to $image-custom-name: $package-name\" "
+ },
+ "5": {
+ "action": "Build the image again.",
+ "expected_results": "the packages you have removed should not be installed in the image."
+ }
+ },
+ "summary": "Removing_packages_without_and_with_dependencies__from_custom_images"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Adding_packages_with_dependencies",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Access a project page, either by creating a new project or accessing an existing project from the \"All projects\" table. \n\n ",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "On the project page click on the \"New custom image\" link situated on the left-hand side, near Configuration, builds, import layer \n\n\n ",
+ "expected_results": " "
+ },
+ "3": {
+ "action": "Choose an image recipe example:(core-image-sato) and click on the customise button on the far right (note if that layer is not added the button will say +Add layer, add it and then customise) \n\n\n ",
+ "expected_results": "A pop out should appear and you should get to give the new image a customized name. Then you will be redirected to a page of Add|Remove Packages. If this image has not been build it will not have packages."
+ },
+ "4": {
+ "action": "Build the new image if it has not been build else start adding packages that have dependencies ( you will be able to see in the dependencies column a little square with a number, that tells you the dependencies it holds) example: libattr this holds 2 dependencies( bash and glibc) ",
+ "expected_results": " You should get a pop-out that that say \"$package_name dependencies\" then it should list the dependencies. Once clicked on the add packages button it should add the packages listed in the pop-out."
+ },
+ "5": {
+ "action": "Build the image again.",
+ "expected_results": ""
+ }
+ },
+ "summary": "Adding_packages_with_dependencies"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Create_Project",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start toaster",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Create a toaster project by issuing a name and selecting a release version.",
+ "expected_results": "Once project is created it should redirect you to a new project configuration page"
+ },
+ "3": {
+ "action": "Check that the h1 page title is set to the name the user typed in the new project form. ",
+ "expected_results": ""
+ }
+ },
+ "summary": "Create_Project"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Verify_project_detail_page_left_bar_menu",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start toaster",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Create a toaster project \n \n",
+ "expected_results": "Once project is created it should redirect you to a new project configuration page. \n\n"
+ },
+ "3": {
+ "action": "Check the page contains the tabs \n Configuration ---> selected by default \n Compatible Metadata (separation label) \n Custom images \n Image recipes \n Software recipes \n Machines \n Layers \n Extra Configuration (separation label) \n BitBake variables \n\n",
+ "expected_results": " All elements are present. \n\n"
+ },
+ "4": {
+ "action": "Click on each element to see if the h2 title is changing to the respective link clicked. Example if clicked on \"Custom Images\" then the h2 title should change to \"Custom images\"",
+ "expected_results": "All elements are clickable and h2 title changes to the corresponding title.."
+ }
+ },
+ "summary": "Verify_project_detail_page_left_bar_menu"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Configuration_information_of_Project_Detail_page",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Clone Poky and start toaster \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Create a master toaster project \n \n",
+ "expected_results": "Once project is created it should redirect you to a new project configuration page \n\n"
+ },
+ "3": {
+ "action": "Check that the configuration button on the left side bar is selected by default \n\n",
+ "expected_results": " Expected result step 3 & 4: The configuration link next to the build link should be selected see attachment. \n\n\n\n"
+ },
+ "4": {
+ "action": "The configuration details should include canvas: \n Machine \n Most built recipes \n Layers \n Project Release ",
+ "expected_results": "Expected result step 4: A machine must always be set. \n\nThe default layers specified in the Toaster configuration must always be listed in the layer section (in our case, for the poky configuration we should have openembedded-core, meta-poky and meta-yocto-bsp)"
+ }
+ },
+ "summary": "Configuration_information_of_Project_Detail_page"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Verify_Machine_information_of_project_detail_page",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start toaster",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Create a toaster project \n \n",
+ "expected_results": "Expected result step 2: Once project is created it should redirect you to a new project Configuration page \n\n"
+ },
+ "3": {
+ "action": "The configuration details should include a label in bold font that says: \n Machine: this canvas should have the machine label type under it and an editing button on the side ",
+ "expected_results": "Expected result step 3: Compare to the attached snapshot. The machine must always be set."
+ }
+ },
+ "summary": "Verify_Machine_information_of_project_detail_page"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Verify_most_built_recipes_information_of_the_project_detail_page",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start toaster ",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Create a toaster project \n \n",
+ "expected_results": "Expected result step 2: Once project is created it should redirect you to a new project configuration page "
+ },
+ "3": {
+ "action": "The configuration details should include a label in bold font that says: \n Most built recipes: In this canvas one of the following information should show: \n\n a) If there has been no built recipes it should have a label that says: \n \"You haven't built any recipes yet, choose a recipe to build\" \n\n b) Else it should have a list of built recipes and a check box in front of it. So that it could be selected and built again ",
+ "expected_results": "Expected result step a: See ProjectDetailPage2.png attachment.\n\nExpected result step b: See ProjectDetailPage.png attachment."
+ }
+ },
+ "summary": "Verify_most_built_recipes_information_of_the_project_detail_page"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Verify_project_release_information_on_project_detail_page",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start toaster",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Create a toaster project \n \n",
+ "expected_results": "Expected result step 2: Once project is created it should redirect you to a new project configuration page. "
+ },
+ "3": {
+ "action": "The configuration details should include a label in bold font that says: \n Project release: this canvas should also have a label that show the release project you chose at the beginning.",
+ "expected_results": "Expected result step 3: See attachment ProjectDetailPage.jnp."
+ }
+ },
+ "summary": "Verify_project_release_information_on_project_detail_page"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Verify_layer_information_of_the_project_detail_page",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Clone the poky environment git clone http://git.yoctoproject.org/git/poky",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Start toaster",
+ "expected_results": "Expected result step 2: Once project is created it should redirect you to a new project configuration page. \n\n"
+ },
+ "3": {
+ "action": "Create a toaster project \n \n",
+ "expected_results": "Expected result step 3: See attachment of layerCanvas.png\n"
+ },
+ "4": {
+ "action": "The configuration details should include a label with bold font that says: \n Layer: this canvas should have 3 layers listed by default (openembedded-core, meta-poky, and meta-yocto-bsp). \n Each layer should have a trashcan icon at the side that can be used to erase the label from the project. \n The layer canvas should have a text box with the text \"type a layer name\" a button \"Add layer\" next to it. \n just underneath a \"view compatible layer | import layer\" link. ",
+ "expected_results": ""
+ }
+ },
+ "summary": "Verify_layer_information_of_the_project_detail_page"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Verify_project_detail_links",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start toaster ",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Create a toaster project \n\n",
+ "expected_results": "Expected result step 2: Once project is created it should redirect you to a new project configuration page. \n\n"
+ },
+ "3": {
+ "action": "The configuration details should include \n 4 links, starting in the upper left side the Configuration link, Builds(#) link, Import layer link, and the New custom image link. \n\n ",
+ "expected_results": "Expected result step 3: All links should be clickable and should have information or tables, or forms. see attachment projectDetailLinks.png"
+ }
+ },
+ "summary": "Verify_project_detail_links"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Verify_build_texbox_exists_and_works",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start toaster",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Create a toaster project \n \n",
+ "expected_results": " Once project is created it should redirect you to a new project configuration page. \n\n\n"
+ },
+ "3": {
+ "action": "The configuration details should include \n After the 4 links (Configuration, Build(#), Import layer & New custom image) at the far right there should be a textbox with the label that says....\"Type the recipe you want to build\" and a button \"Build\" \n\n",
+ "expected_results": "See attachment buildTXT.png, The build button should be disabled whenever the text input field is empty, so that you cannot start a build with a blank target \n\n"
+ },
+ "4": {
+ "action": "Type in the textbox an image you would like to build example (core-image-minimal) and click the build button.\n\n",
+ "expected_results": " Image starts building. Whenever there is information in the image recipes and software recipes tables, the text input field should present suggestions from the list of recipes provided by the layers in the \"layers\" list. The suggestions contain the string typed in the input field, and update as you type. They appear on typing the second character. A maximum of 8 suggestions can be shown. They are sorted as follows: first recipes starting with the string, in alphabetical order; then recipes containing the string, also in alphabetical order \n\n\nWhen you click the build button you are brought to the \"Builds\" tab, and a new build in progress appears at the top of the \"Latest project builds\" section"
+ }
+ },
+ "summary": "Verify_build_texbox_exists_and_works."
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Veryfing_the_builds_link_show_proper_information",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start toaster",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Create a toaster project \n \n",
+ "expected_results": " Once project is created it should redirect you to a new project configuration page. \n\n\n"
+ },
+ "3": {
+ "action": "The configuration details should include \n A builds tab that when clicking on, it should display one of the following: \n \n\n a) A label that says \"Latest project builds\" then a label with \"All project builds\" \n If you have a finished build or there is an ongoing builds then: \n You should see a progress bar of the ongoing builds in the project. \n You should see a table with the already done builds in the project. \n\n\n b) \"All project builds\" and a search textbox with a button nothing else only if there are no builds done in the project \n ",
+ "expected_results": "Expected result for step a): See ExistingBuilds.png attachment. \n\n\nExpected result for step b): See ZeroBuilds.png attachment. "
+ }
+ },
+ "summary": "Veryfing_the_builds_link_show_proper_information"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Verify_that_the_Import_layer_link_shows_the_form",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start toaster",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Create a toaster project \n\n",
+ "expected_results": " Once project is created it should redirect you to a new project configuration page. \n\n\n"
+ },
+ "3": {
+ "action": "The configuration details should include \n An Import layer link that when clicking on, it should display: \n A label that says \"Layer repository information\" \n A label that says \"The layer you are importing must be compatible with Yocto Project master, which is the release you are using in this project.\" \n Form composed of the following elements: \n Layer name : textbox \n Git repository URL : textbox \n Repository subdirectory (optional) : textbox \n Git revision : textbox \n Layer dependencies (optional) : \"openembedded-core\" link and (trash icon), textbox and \"Add layer\" button \n Import and add to project : button",
+ "expected_results": " See attachment ImportLayerForm.png"
+ }
+ },
+ "summary": "Verify_that_the_Import_layer_link_shows_the_form"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Verify_that_New_Custom_Image_link_works_and_shows_information",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start toaster",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Create a toaster project \n\n",
+ "expected_results": " Once project is created it should redirect you to a new project configuration page \n\n\n"
+ },
+ "3": {
+ "action": "The configuration details should include \n A \"New custom image\" tab that when clicking on, it should display: \n a Title label that says: \"Select the image recipe you want to customise(#number_or_recipes_available)\" \n A search textbox with the label of: \"Search and select the image recipe you want to customise\" \n A \"Search button\" \n A \"Edit columns\" button \n A table that will display the customise images available ",
+ "expected_results": "See attachment CustomImage.png"
+ }
+ },
+ "summary": "Verify_that_New_Custom_Image_link_works_and_shows_information"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Verify_most_built_recipe_shows_a_maximum_of_5_recipes",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start toaster",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Create a toaster project",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Build 6 recipes example (core-image-sato, core-image-minimal, core-image-base, core-image-lsb, core-image-clutter) to name a few. ",
+ "expected_results": " All recipes are built correctly \n\n"
+ },
+ "4": {
+ "action": "Wait for the recipes to finish ",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Go to the configuration details.",
+ "expected_results": " You should see 5 of the 6 recipes that were build. If you order the recipes in alphabetical order you should see that the first 5 made the list. "
+ }
+ },
+ "summary": "Verify_most_built_recipe_shows_a_maximum_of_5_recipes"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Verify_order_sequence_of_listing_in_Most_build_recipes",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start toaster",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Create a toaster project",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Build 6 recipes example (core-image-sato, core-image-minimal, core-image-base, core-image-lsb, core-image-clutter) to name a few. \n\n",
+ "expected_results": "All recipes are built correctly \n\n"
+ },
+ "4": {
+ "action": "Wait for the recipes to finish \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Go to the configuration details. \n\n",
+ "expected_results": " If you order the recipes in alphabetical order you should see that the first 5 made the list. Only 5 out of the 6 should make the list. \n\n"
+ },
+ "6": {
+ "action": "Select the 6th recipe that did not make the list and build it again. ",
+ "expected_results": " Since the 6th recipe is now built twice it should make the list and the recipe in the 5th place should not appear."
+ }
+ },
+ "summary": "Verify_order_sequence_of_listing_in_Most_build_recipes"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Verify_Most_build_recipes_multiple_selection",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start toaster",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Create a toaster project",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Build 4 recipes example (core-image-sato, core-image-minimal, core-image-base, core-image-lsb, core-image-clutter) to name a few. \n\n",
+ "expected_results": " All recipes are built correctly \n\n"
+ },
+ "4": {
+ "action": "Wait for the recipes to finish. \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Go to the configuration details. \n\n",
+ "expected_results": " You should see the 4 recipes in alphabetical order. You should also note that the Build button on the upper right hand corner is disabled since no recipe has been selected. \n\n"
+ },
+ "6": {
+ "action": "Select 1 of the recipes in the most built recipes section. \n\n",
+ "expected_results": "The build button is automatically enabled. \n\n"
+ },
+ "7": {
+ "action": "Select multiple (example 2 or 3) recipes in the most built recipes section. \n\n",
+ "expected_results": " The build button is enabled. \n\n"
+ },
+ "8": {
+ "action": "Click on the build button to start building the recipes.",
+ "expected_results": "One recipe start to build and the others are on queue."
+ }
+ },
+ "summary": "Verify_Most_build_recipes_multiple_selection"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Verify_layer_addition_functionality",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Clone the poky environment git clone http://git.yoctoproject.org/git/poky",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Start toaster",
+ "expected_results": " Once project is created it should redirect you to a new project configuration page. \n\n"
+ },
+ "3": {
+ "action": "Create a toaster project with master release \n \n\n",
+ "expected_results": " See attachment of layerCanvas.png \n\n\n"
+ },
+ "4": {
+ "action": "Add layers by typing the name in the \"Type a layer name\" input box and adding by clicking the button. \n\n",
+ "expected_results": " A list of layers with similar name to the one you are typing should appear, giving you the choice to add it. The default text \"Type a layer name\" should disappear as soon as you start typing. \n\n"
+ },
+ "5": {
+ "action": "Add layers by clicking on the View compatible layers link just bellow the input text box. \n\n",
+ "expected_results": "This should redirect you to the compatible layers page where a list of compatible layers should appear and allow you to Add layers to the project. \n\n"
+ },
+ "6": {
+ "action": "Add a layer by importing a layer clicking in the Import layer",
+ "expected_results": "This link should redirect you to the import layer form where you will be able to add layers from git repository or a local directory. \n\n\n"
+ }
+ },
+ "summary": "Verify_layer_addition_functionality"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Verify_delete_layer_functionality",
+ "author": [
+ {
+ "email": "libertad.gonzalez.de.la.cruz@intel.com",
+ "name": "libertad.gonzalez.de.la.cruz@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Clone the poky environment git clone http://git.yoctoproject.org/git/poky\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Start toaster",
+ "expected_results": " Once project is created it should redirect you to a new project configuration page.\n\n"
+ },
+ "3": {
+ "action": "Create a toaster project master release \n \n",
+ "expected_results": "See attachment of layerCanvas.png \n\n"
+ },
+ "4": {
+ "action": "Remove openembedded-core layer from the project by clicking the trash icon next to it. \n\n",
+ "expected_results": "The layer should disappear from the list and a notification should appear at the top of the page saying: \"You have removed 1 layer from your project: \". The layer_name should be a link to the corresponding layer detail page. The layer counter next to the \"layers\" heading should decrease by one. \n"
+ },
+ "5": {
+ "action": "Remove all the layers from the project",
+ "expected_results": " you should see a message that reads: \n\nYou need to add some layers. For that you can: \n\n-View all layers compatible with this project \n\n-Import a layer \n\n-Read about layers in the documentation \n\nOr type a layer name below. \n\n\n The \"Choose from the layers compatible with this project\" link should go to the compatible layers page The \"Import a layer\" link should go to the import layer page The \"Read about layers in the documentation\" link should open in a new window and bring you to http://www.yoctoproject.org/docs/current/dev-manual/dev-manual.html#understanding-and-creating-layers"
+ }
+ },
+ "summary": "Verify_delete_layer_functionality"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-managed-mode.toaster-managed.Download_task_log",
+ "author": [
+ {
+ "email": "alexandru.costinx.roman@intel.com",
+ "name": "alexandru.costinx.roman@intel.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start Toaster. ",
+ "expected_results": "Toaster starts."
+ },
+ "2": {
+ "action": "Click on new project button.\n\n",
+ "expected_results": "Open create a new project page."
+ },
+ "3": {
+ "action": " Enter a project name, select a release and click on create project or select an existing project. \n\n",
+ "expected_results": "Project Created."
+ },
+ "4": {
+ "action": "Build a recipe (ex: core-image-minimal). \n\n",
+ "expected_results": "Build finish."
+ },
+ "5": {
+ "action": "Click on the built recipe. \n\n",
+ "expected_results": "Open build summary page."
+ },
+ "6": {
+ "action": "Click on tasks tab. \n\n",
+ "expected_results": "Open tasks page."
+ },
+ "7": {
+ "action": "Click on a task executed successfully. \n\n",
+ "expected_results": "Open task page."
+ },
+ "8": {
+ "action": "Click on \"Download task log\" button. \n",
+ "expected_results": "You can download the task log. \n"
+ },
+ "9": {
+ "action": "Click on a failed task. \n",
+ "expected_results": "Open task page, not appear download task \n"
+ }
+ },
+ "summary": "Download_task_log"
+ }
+ }
+] \ No newline at end of file
diff --git a/meta/lib/oeqa/manual/toaster-unmanaged-mode.json b/meta/lib/oeqa/manual/toaster-unmanaged-mode.json
new file mode 100644
index 0000000000..29d11a87d5
--- /dev/null
+++ b/meta/lib/oeqa/manual/toaster-unmanaged-mode.json
@@ -0,0 +1,1170 @@
+[
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.Create_a_Yocto_project_and_start_the_Toaster",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Set up yocto project and toaster test environment. \ncd ${installdir} \ngit clone git://git.yoctoproject.org/poky \n\n",
+ "expected_results": "NA \n\n"
+ },
+ "2": {
+ "action": "Start up toaster. \ncd ${installdir} \nsource poky/oe-init-build-env \nsource toaster start \n\n",
+ "expected_results": " \nlog: \nThe system will start. \nSyncing... \nCreating tables ... \nCreating table south_migrationhistory \nInstalling custom SQL ... \nInstalling indexes ... \nInstalled 0 object(s) from 0 fixture(s) \n > south \n\nNot synced (use migrations): \n - orm \n(use ./manage.py migrate to migrate these) \nRunning migrations for orm: \n - Migrating forwards to 0004_auto__add_field_package_installed_name. \n > orm:0001_initial \n > orm:0002_auto__add_field_build_timespent \n > orm:0003_timespent \n - Migration 'orm:0003_timespent' is marked for no-dry-run. \n > orm:0004_auto__add_field_package_installed_name \n - Loading initial data for orm. \nInstalled 0 object(s) from 0 fixture(s) \nserver address: 127.0.0.1, server port: 8200 \nSuccessful start."
+ },
+ "3": {
+ "action": "Build the yocto project. \nbitbake core-image-minimal \n\n",
+ "expected_results": "Build successfully. \n"
+ },
+ "4": {
+ "action": "Use a default web brower to see project build process. \nxdg-open http://localhost:8000/ \nWait for build completion. \n",
+ "expected_results": "You can open http://localhost:8000/ in a default browser. The build process is showed. "
+ }
+ },
+ "summary": "Create_a_Yocto_project_and_start_the_Toaster."
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.Sort_the_content_of_the_builds_table",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start up toaster.",
+ "expected_results": "Succeed to start up toaster. "
+ },
+ "2": {
+ "action": "Create 2 builds, such as \"bitbake core-image-minimal\" and \"bitbake core-image-sato\". Wait for successful builds and then run: http://localhost:8000/",
+ "expected_results": "Succeed to build the targets. "
+ },
+ "3": {
+ "action": "Enter \"All build\" table in web browser.",
+ "expected_results": "NA "
+ },
+ "4": {
+ "action": "Click \"Completed on\" component to sort.",
+ "expected_results": "Build targets are sorted out by the \"Completed on\". "
+ },
+ "5": {
+ "action": "Click \"Completed on\" component again to invert the sorting .",
+ "expected_results": "The sorting is inverted. "
+ },
+ "6": {
+ "action": "Have a sort try in other columns. outcome, machine, started on, completed on, errors, warnings, project.",
+ "expected_results": "See item 4 and 5."
+ }
+ },
+ "summary": "Sort_the_content_of_the_builds_table."
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.Search_the_content_of_the_builds_table",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start up toaster.",
+ "expected_results": "NA "
+ },
+ "2": {
+ "action": "Create 2 builds, such as \"bitbake core-image-minimal\" and \"bitbake core-image-sato\". Wait for successful builds and then run: xdg-open http://localhost:8000/",
+ "expected_results": "NA "
+ },
+ "3": {
+ "action": "Enter \"All build\" table in web browser.",
+ "expected_results": "NA "
+ },
+ "4": {
+ "action": "Input a string in search component and click search.",
+ "expected_results": "Show returned search results. When no search query has been entered, we have placeholder text saying: \"Search builds\". The placeholder text disappears when the first character is typed. "
+ },
+ "5": {
+ "action": "See returned search results.",
+ "expected_results": "If your search query returns no results, the section heading changes to \"No builds found\", and we show you an alert with a search form and an option to show all builds. "
+ },
+ "6": {
+ "action": "Click \"Clear search\" icon (icon-remove-sign). Observe all builds are showed. ",
+ "expected_results": "Click it to clear the search and display all builds."
+ }
+ },
+ "summary": "Search_the_content_of_the_builds_table."
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.Filter_the_content_of_the_builds_table",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start up toaster.",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Create 2 builds, such as \"bitbake core-image-minimal\" and \"bitbake core-image-sato\". Wait for successful builds and then run: xdg-open http://localhost:8000/.",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Enter \"All build\" table in web browser.",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Make sure the following table columns have filters. \n- Outcome \n-- Started on \n- Completed on \n- Failed tasks",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Filters are mutually exclusive. Click a filter button of a one column and a filter dialogue occurs. Select a filter item. The filter result would be showed. Then select another filter item of another column and the previously applied filter is overridden by the newly selected filter when a filter from a different column is applied to the table. In this state, we show some help text next to the \"Apply\" button, saying \"You can only apply one filter to the table. This filter will override the current filter.\"",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Filters are overridden by search. Run a search query and you can see previous filter results are overridden by the results of the search query.",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Have a try in filters of the following table columns. \n- Outcome \n- Started on \n- Completed on \n- Failed tasks \n",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "Filter_the_content_of_the_builds_table."
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.Tasks_in_toaster_UI",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": " === TOASTER: Test Instructions for \"Tasks\", \"Time\", \"CPU Usage\", and \"Disk I/O\" pages === \n \nNOTE TO TESTERS: The three pages \"Time\", \"CPU Usage\", and \"Disk I/O\" are simple variations on the \"Tasks\" page. Those test instructions will demonstrate the respective unique parts. \n \n \n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". \n \n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "In Toaster, select the build, and select the \"Tasks\" link in the left sidebar \n \n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Breadcrumbs \n \n * Observe that the 4 breadcrumbs at the top left are: \n \n : a live link that will take you back to the project page \n \t: a live link that will take you back to the project Builds page \n : a live link that will take you back to the image dashboard page \n \"Tasks\" \n \n * Test the breadcrumb live links, return to this page \n \n \n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "General Layout \n \n * Observe the left-hand box with links to the other pages of the build \n \n * Observe the title of the table is \"Tasks\", in bold \n \n * Observe the search/filter bar above the table \n \n * Observe the number of table rows in each page matches the number selected in the \"Show rows\" dropdown menu \n \n * Observe at the bottom of the page the \"Showing XX to XX out of xxx entries\", the page selection links, and the \"Show Rows\" selection. \n \n \n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Columns \n \nNote: to restore the default columns in your browser, for example in Firefox, select \"Tools > Privacy > remove individual cookies\", find the cookies for the IP address of the Toaster engine (for example \"localhost\"), and remove each sub-cookie with the prefix \"_displaycols_*\" (or the whole cookie if those are the only sub-cookies). \n \n * Observe that the default columns are: \n \n \"Order, Recipe, Task, Executed, Outcome, Cache attempt\" \n \n * Click the \"Edit Columns\" button. ",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Observe that the fields are sorted as follows (with the indicated items greyed) \n \n [ ] CPU usage \n [x] Cache attempt \n [ ] Disk I/O (ms) \n [x] Executed \n [x] Order {greyed} \n [x] Outcome \n [x] Recipe {greyed} \n [ ] Recipe version \n [x] Task {greyed} \n [ ] Time (secs) \n \n * For each of the greyed items, attempt to click them. Observe that they do not change. \n \n * For each of the non-greyed items, attempt to click them. Observe that the respective column dynamically appears when checked and disappears when un-checked. ",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "Search \n \n * Observe that the search text box background text is \"Search tasks\". \n \n * Set the search text to \"busybox\" and click \"Search\". Observe that only the busybox tasks are listed (about 16). \n \n * Click the \"X\" next to the search text box. Observe that all of the tasks re-appear. \n \n \n",
+ "expected_results": ""
+ },
+ "9": {
+ "action": "Column sorts \n \n * Enable all of the columns. \n \n * Observe that by default the \"Order\" column header is in bold, it has a down-arrow icon, and that the table is sorted by this column in ascending order. \n \n * Observe that the columns are in this order, and are sortable only if indicated: \n \n Order {sortable} \n Recipe {sortable} \n Recipe version \n Task {sortable} \n Executed {sortable} \n Outcome {sortable} \n Cache attempt {sortable} \n Time (secs) {sortable} \n CPU usage {sortable} \n Disk I/O (ms) {sortable} ",
+ "expected_results": ""
+ },
+ "10": {
+ "action": " Test that each of the sortable columns do sort, ascending and descending \n \n * Observe that each of the column headers have a question mark icon, and that hovering over it provides help text.",
+ "expected_results": ""
+ },
+ "11": {
+ "action": "\"Executed\" Filter \n \n * Observe that the \"Executed\" column has the filter icon. Click on it and observe these values, where \"All Tasks\" is the default \n \n (*) All Tasks \n ( ) Executed Tasks \n ( ) Not Executed Tasks \n \n * Click on \"Executed Tasks\" and observe that only rows with the value \"Executed\" are displayed. \n \n * Click on \"Not Executed Tasks\" and observe that only rows with the value \"Not Executed\" are displayed. \n \n * Click on \"All Tasks\" and observe that all rows are displayed. \n \n \n",
+ "expected_results": ""
+ },
+ "12": {
+ "action": "\"Outcome\" Filter \n \n * Observe that the \"Outcome\" column has the filter icon. Click on it and observe these values, where \"All Tasks\" is the default \n \n (*) All Tasks \n ( ) Succeeded Tasks \n ( ) Failed Tasks \n ( ) Cached Tasks \n ( ) Prebuilt Tasks \n ( ) Covered Tasks \n ( ) Empty Tasks \n \n * Click on each of the filter selections, and observe that the resulting row \"Outcome\" values match the selection. \n \n * Click on \"All Tasks\" and observe that all rows are displayed. \n \n \n1",
+ "expected_results": ""
+ },
+ "13": {
+ "action": "\"Cache attempt\" Filter \n \n * Observe that the \"Cache attempt\" column has the filter icon. Click on it and observe these values, where \"All Tasks\" is the default \n \n (*) All Tasks \n ( ) Tasks with cache attempts \n ( ) Tasks with 'File not in cache' attempts \n ( ) Tasks with 'Failed' cache attempts \n ( ) Tasks with 'Succeeded' cache attempts \n \n * Click on each of the filter selections, and observe that the resulting row \"Outcome\" values match the selection. \n \n Note the with a clean build, only the \"All Tasks\" and \"Tasks with cache attempts\" will return rows. \n \n * Click on \"All Tasks\" and observe that all rows are displayed. \n \n \n1",
+ "expected_results": ""
+ },
+ "14": {
+ "action": "Order, Task, Executed, Outcome, Cache attempt links \n \n * Observe that for a given row, the above values are live links that will both take you to the respective task detail page. Click the back button to return. \n\n * Observe that for a given row the values in \"Recipe\" and \"Recipe version\" are live links that will both take you to the respective recipe details page. Click the back button to return \n \n \n1",
+ "expected_results": ""
+ },
+ "15": {
+ "action": "Time Page \n \n * \"In Toaster, select the build, and select the \"Time\" link in the left sidebar \n \n * Observe that the default columns are: \n \n \"Recipe\", \"Task\", \"Executed\", \" Outcome\", \"Time (secs)\" \n \n * Observe that the default sort is \"Time (secs)\", in descending order. \n \n * In the \"Edit Columns\" button, turn on all of the columns. \n \n * Observe that the page now matches the \"Tasks\" page, and passes the same tests. \n \n \n1",
+ "expected_results": ""
+ },
+ "16": {
+ "action": "CPU Usage Page \n \n * \"In Toaster, select the build, and select the \"CPU Usage\" link in the left sidebar \n \n * Observe that the default columns are: \n \n \"Recipe\", \"Task\", \"Executed\", \"Outcome\", \"CPU Usage\" \n \n * Observe that the default sort is \"CPU Usage\", in descending order. \n \n * In the \"Edit Columns\" button, turn on all of the columns. \n \n * Observe that the page now matches the \"Tasks\" page, and passes the same tests. \n \n \n1",
+ "expected_results": ""
+ },
+ "17": {
+ "action": "Disk I/O Page \n \n * \"In Toaster, select the build, and select the \"Disk I/O\" link in the left sidebar \n \n * Observe that the default columns are: \n \n \"Recipe\", \"Task\", \"Executed\", \"Outcome\", \"Disk I/O (ms)\" \n \n * Observe that the default sort is \"Disk I/O (ms)\", in descending order. \n \n * In the \"Edit Columns\" button, turn on all of the columns. \n \n * Observe that the page now matches the \"Tasks\" page, and passes the same tests. ",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "Tasks_in_toaster_UI"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.package_detail_in_toaster_UI",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "TOASTER: Test Instructions for \"Package Detail\" page \n \n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". ",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "In Toaster, select the build, and select the \"Packages\" link in the left sidebar.",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Select a package from the \"Package\" column.",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Breadcrumbs \n * Observe that the 3 breadcrumbs at the top left are: \n : a live link that will take you back to the image dashboard page \n \"Packages\": a live link that will take you back to the Packages page \n \"bash\": the name of the current package (not a link) \n * Test the breadcrumb live links, return to this page ",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "General Layout \n * Click on any package \n * Observe that there is no the left-hand box \n * Observe that there is a right-hand box, with information about the package \n * Observe the title is the package name and version, in bold \n * Observe that, if the package is installed in an image, there is a link to the image(s) the package appears in \n * Observe that, if the package is not installed in the image, there are two tab buttons below the title ",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Observe that the tab buttons are: \n Generated files (2) {highlighted} \n Runtime dependencies (4) \n",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "Generated files tab \n * Click the \"Generated files\" tab (which should be selected by default) \n * Observe that the number of files in the table matches the number in parenthesis after the \"Generated files\" tab title. \n * Observe that the columns in the table are \"File\" and \"Size\" \n * Observe that the table is sorted by \"File\" in ascending alphabetical order (A to Z). ",
+ "expected_results": ""
+ },
+ "9": {
+ "action": "Runtime dependencies tab \n * Click the \"Runtime dependencies\" tab \n * Observe that the number of dependencies in the table matches the number in parenthesis after the \"Runtime dependencies\" tab title. \n * Observe that the columns in the table are: \n \"Package, Version, Size\" \n * Observe that the table is sorted by Package in ascending alphabetical order (A to Z) \n * Observe that the package name values are live links to the respective package details page. ",
+ "expected_results": "The information icon was eliminated on the columns that where self explanatory. "
+ },
+ "10": {
+ "action": "Package information box \n * Observe that there is a right-hand box, with information about the package, including in this example the fields: \n \"Size, License, Recipe, Recipe version, Layer, Layer branch, Layer commit\" \n * Observe that each of the field has a question mark icon, and that hovering will provide help text. \n * Observe that none of the values in the right-hand box are blank \n * Observe that the \"Recipe\" value is a live link to the respective recipe detail page. ",
+ "expected_results": ""
+ }
+ },
+ "summary": "package_detail_in_toaster_UI"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.recipes:_Sort_the_content_of_the_recipes_table",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". \n \n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In Toaster, select the build, and select the \"Recipes\" link in the left sidebar. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Make sure that by default the \"Recipes\" table is sorted by \"Recipe\" in ascending alphabetical order (A to Z). \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Sort my \"Recipes\" table by \"Section\" and then navigate away by selecting a recipe(such as click busybox recipe). When you click \"back\" button in web-browser to go back to the \"Recipes\" table it should still be sorted by \"Section\". \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Make sure all column headings are sortable, except \"Recipe version\", \"Dependencies\", \"Reverse dependencies\" and \"Layer commit\". \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Sorting and \"Edit columns\" \nIf you use the \"Edit columns\" menu to hide the column with the applied sorting, we revert the sorting to the default sorting (i.e. \"Recipe\"). The default sorting always uses one of the core columns, which cannot be hidden using the \"Edit columns\" menu. \nSort recipes by \"section\" column heading. Then hide \"Section\" column by \"Edit columns\". Make sure that the \"Recipes\" table is sorted by \"Recipe\" in ascending alphabetical order (A to Z). \nNOTE: Bug 5919 is filed against the issue. \n\n",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Sorting and search \nSearching should have no impact on the applied sorting. Any results returned should be sorted by the sorting criteria selected when the search query was submitted. \nSort recipes by \"section\" column heading. Input a string (such as \"lib\") in search box and click search button. Make sure results returned should be sorted by \"section\". \n",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "recipes:_Sort_the_content_of_the_recipes_table."
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.recipes:_Search_the_content_of_the_recipes_table",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "recipes: Search the content of the recipes table \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". \n \n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "In Toaster, select the build, and select the \"Recipes\" link in the left sidebar. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Observe the search is made of a text input field and a \"Search\" button in a toolbar above the table. \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "When no search query has been entered, we have placeholder text saying: \"Search recipes\". \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Input \"lib\" in the text input field. The placeholder text disappears when the first character is typed. Click search button. \n\n",
+ "expected_results": ""
+ },
+ "7": {
+ "action": " \n(1) returned results \nThe search string is kept in the text input field. The results returned occur. Click \"Clear search\" icon to clear the search and display all recipes. \n(2) no results returned \nIf your search query returns no results, the page heading changes to \"No recipes found\", and we show you an alert with a search form and an option to show all recipes. Observe \"show all recipes\" button is available. \n\n",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "When I run a search, the search happens against the following columns (independently of they being shown or hidden): \n- Recipe \n- Recipe version \n- Recipe file \n- Section \n- License \n- Layer \n- Layer branch \n- Layer commit \n\nInput a string to search for the above 8 column headings separately to make sure that the search happens against the columns. \n\n \n\n",
+ "expected_results": ""
+ },
+ "9": {
+ "action": "Search, sorting and \"Edit columns\" \nSearching does not change the state of the table: the same columns remain hidden and the same sorting applied when search results are displayed, but filters are cleared by the search results.\nSearch a string and make sure that the same columns remain hidden and the same sorting applied. Since filter feature of recipes (4296) is obsolete, we don't have to test filter. \n\n",
+ "expected_results": ""
+ },
+ "10": {
+ "action": "Search and filters \nThe scope of the filters is the content currently on the table (this means all table pages, not only the one displayed). The scope of the search is always the content of the database.\nSince filter feature of recipes (4296) is obsolete, we don't have to test filter. \n\nIf I run a search query, any filter applied afterwards will filter the content returned by the search query. \n\nIf I run a search query while a filter is applied, the filter is cleared by the results of the search query (i.e. we display the results of the search query and clear the filter applied beforehand).",
+ "expected_results": "NA"
+ },
+ "11": {
+ "action": " The same happens if I click the \"Clear search\" icon when a filter is applied to a set of search results (both search results and applied filter are cleared, and the table shows all the tasks). \nSince filter feature of recipes (4296) is obsolete, we don't have to test filter. \n\n",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "recipes:_Search_the_content_of_the_recipes_table."
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.recipes:_Customise_the_columns_of_the_recipes_table",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". \n \n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In Toaster, select the build, and select the \"Recipes\" link in the left sidebar. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "* Observe that the default columns are: \n \"Recipe, Recipe version, Recipe file, Section , License, Layer\" \n \n * Click the \"Edit Columns\" button. \n * Observe that the fields are sorted as follows (with the indicated items greyed) \n [ ] Dependencies \n [x] Layer \n [ ] Layer branch \n [ ] Layer commit \n [x] License \n [x] Recipe {greyed} \n [x] Recipe file \n [x] Recipe version {greyed} \n [ ] Reverse dependencies \n [x] Section \n \n * For each of the greyed items, attempt to click them. Observe that they do not change. \n * For each of the non-greyed items, attempt to click them. Observe that the respective column dynamically appears when checked and disappears when un-checked.\n",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "recipes:_Customise_the_columns_of_the_recipes_table."
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.recipes:_View_a_table_with_all_the_recipes_included_in_an_image_recipe",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". \n \n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In Toaster, select the build, and select the \"Recipes\" link in the left sidebar. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "By default, the all recipes table displays the following columns in this order: \n(1) Recipe (2) Recipe version: the target version and revision (3) Dependencies (4)Reverse Dependencies (5) License: the value of the target's LICENSE variable (6) Layer: the name of the layer providing the target \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "In the \"Edit columns\" menu, table columns appear listed alphabetically. \nIn the table itself, the default order of columns is as follows: \n(1) Dependencies (2) Layer (3) Layer branch (4) Layer commit (5) License (6) Recipe (7) Recipe file (8) Reverse dependencies (9) Section (10) Version \n\nThe minimum table is made of the 2 columns that provide the information needed to identify a target: Recipe and Recipe version.",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "recipes:_View_a_table_with_all_the_recipes_included_in_an_image_recipe"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.recipes:_View_detailed_information_about_a_recipe。",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Create a default Yocto project (qemux86), and start the Toaster. \n \n $ source poky/oe-init-build-env \n $ source toaster start \n $ bitbake core-image-minimal \n $ http://localhost:8000/ \n \n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Select the \"core-image-minimal\" build link \n \n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Select the \"Recipes\" link in the left sidebar \n \nObserve that the recipes are listed in a table, and that each recipe name is a live URL link. \n \n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Observe that \"Packages\" link. It should have an appended value like \"(4)\". Now click on this link. \n \nObserve: \n a) The number of packages matches the previous number in parenthesis. \n \n b) Each package has a version and a size. The size may be zero. \n \n c) Note that if you hover on a package name, it will reveal a URL of the following form. This link should take you to the corresponding package detail page. \n \n localhost:8000/gui/build//package/ \n \n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Observe that recipes of \"Build Dependencies\" link has an appended value like \"(0)\". Now click on this link. \n \nObserve: \n a) No dependencies appear, and you get a message of the form: \n \n \"$RECIPE_NAME_VERSION has no build dependencies.\" \n \n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Observe that \"Reverse build dependencies\" link has an appended value like \"(1)\". Now click on this link. \n \nObserve: \n a) The number of packages matches the previous number in parenthesis. \n \n b) The recipe dependency should be \"packagegroup-core-boot\", \n \n c) There should be a respective version displayed, for example \"1.0-r11\" \n \n d) If you hover on the recipe name, it will reveal a URL of the following form. This link should take you to the corresponding recipe detail page. \n \n localhost:8000/gui/build//recipe/ \n \n",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Click the breadcrumb \"Recipes\" at the top, locate the \"gdbm\" recipe, and select it. \n \n",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "Observe that \"Packages\" link. It should have an appended value like \"(0)\". Now click on this link. \n \nObserve: \n a) No packages appear, and you get a message of the form: \n \n \"$PACKAGE_NAME_VERSION does not build any packages.\" \n \n",
+ "expected_results": ""
+ },
+ "9": {
+ "action": "Observe that \"Build dependencies\" link. It should have an appended value like \"(2)\". Now click on this link. \n \nObserve: \n a) The number of build dependencies matches the previous number in parenthesis. \n \n b) The recipe dependency should have values like \"gettext-native\" and \"libtool-cross\". \n \n c) There should be a respective versions displayed for each dependency. \n \n d) If you hover on a recipe name, it will reveal a URL of the following form. This link should take you to the corresponding recipe detail page. \n \n localhost:8000/gui/build//recipe/ \n \n1",
+ "expected_results": ""
+ },
+ "10": {
+ "action": "Observe that \"Reverse build dependencies\" link. It should have an appended value like \"(0)\". Now click on this link. \n \nObserve: \n a) No reverse dependencies appear, and you get a message of the form: \n \n \"$RECIPE_NAME_VERSION does not build any packages.",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "recipes:_View_detailed_information_about_a_recipe。"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.variables:_Search_the_content_of_the_bitbake_variables_table",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". \n \n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In Toaster, select the build, and select the \"Configuration\" link in the left sidebar. Then click \"BitBake variables\" tab. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "When no search query has been entered, we have placeholder text saying: \"Search BitBake variables\". \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Input \"lib\" in text input field. The placeholder text disappears when the first character is typed. Click search button. \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Observe \"4 variables found\" is showed. (It may be other number.) \n If your search query returns no results, we display an alert with: \n - A h3 heading saying: \"No variables found\" \n - A search box \n - The search query is showed in the text input shield. \n - A link to show all variables. we show the variables table. \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "We provide a \"Clear search\" icon (icon-remove-sign). Click it to clear the search and display all variables. Check that the \"Clear search\" icon cannot be accessed using the tab key. \n\n",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Verify search scope. \nWhen I run a search, the search happens against the following columns (independently of they being shown or hidden): \n- Variable \n- Value \n- Set in file \n- Description \n\n",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "Verify \"search, sorting and 'Edit columns'\" \nSearching does not change the state of the table: the same columns remain hidden and the same sorting applied \nwhen search results are displayed, but filters are cleared by the search results. \n\n",
+ "expected_results": ""
+ },
+ "9": {
+ "action": "Search and filters \nIf I run a search query, any filter applied afterwards will filter the content returned by the search query. \nIf I run a search query while a filter is applied, the filter is cleared by the results of the search query. \n",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "variables:_Search_the_content_of_the_bitbake_variables_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.variables:_Sort_the_content_of_the_bitbake_variables_table",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". \n \n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In Toaster, select the build, and select the \"Configuration\" link in the left sidebar. Then click \"BitBake variables\" tab. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "By default, the \"variables\" table is sorted by \"Variable\" in ascending alphabetical order (A to Z). \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Make sure that \"Variable\" column is sortable (Developers have disabled sort function of all other columns to avoid bug 6004) \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Sorting and search \nSearching should have no impact on the applied sorting. Any results returned should be sorted by the sorting criteria selected when the search query was submitted.",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "variables:_Sort_the_content_of_the_bitbake_variables_table."
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.builds:_View_a_table_of_all_the_builds_run_for_a_certain_build_directory",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start up toaster and open localhost:8000. ",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "You can see 'Latest builds' section lists. - Builds in progress, sorted by inverse start time (last one starting at the top). - 3 latest completed builds, as long as they are less than 24 hours old. If there are no builds in progress or builds completed within the last 24 hours we don't display it: the page shows only the 'All builds' section. ",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "You can see the following column headings. You can see the their description in https://bugzilla.yoctoproject.org/attachment.cgi?id=1617. outcome, recipe, machine, started on, completed on, failed tasks, errors, warnings, time, image files, project",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "builds:_View_a_table_of_all_the_builds_run_for_a_certain_build_directory"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.builds:_Customise_the_columns_of_the_builds_table",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start up toaster.",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Create 2 builds, such as \"bitbake core-image-minimal\" and \"bitbake core-image-sato\". Wait for successful builds and then run: xdg-open http://localhost:8000/",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Enter \"All build\" table in web browser.",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Select a few item in \"Edit columns\" to show or hide them in all builds.",
+ "expected_results": "Unchecked items changed to checked should immediately appear in the table. Checked items changed to unchecked should immediately disappear from the table. If you uncheck the column with the applied sorting, when you close the \"Edit columns\" menu the applied sorting should revert to the table default sorting. Bug 5919 is filed for the function."
+ }
+ },
+ "summary": "builds:_Customise_the_columns_of_the_builds_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.packages:_View_a_table_with_all_the_packages_built_for_an_image_recipe",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". ",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In Toaster, select the build, and select the \"Packages\" link in the left sidebar. ",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "By default, the built packages table displays the following columns in this order: Package, Package version, Size ",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Apart from the columns shown by default, the following additional columns are also available to users via the \"Edit columns\" menu: Layer, Layer branch, Layer commit, License, Recipe version ",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Enable these columns and observe that table columns appear listed alphabetically in the \"Edit columns\" menu (1)Package (2)Package version (3)Size (4)License (5)Recipe (6)Recipe version (7)Layer (8)Layer branch (9)Layer commit ",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "The minimum table is made of the 2 columns that provide the information needed to identify a package: Package and Package version. Their corresponding checkboxes in the \"Edit columns\" menu appear always selected and are in an inactive state. ",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "packages:_View_a_table_with_all_the_packages_built_for_an_image_recipe"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.packages:_Sort_the_content_of_the_packages_table",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". ",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In Toaster, select the build, and select the \"Packages\" link in the left sidebar. ",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Observe that by default the \"built packages\" table is sorted by \"Package\" in ascending alphabetical order (A to Z). ",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Click \"Size\" column heading to sort my \"built packages\" table by \"Size\". Then navigate away by selecting a package and you can see the package page. After click \"go back\" button in browser to return to the \"built packages\" table it should still be sorted by \"Size\". ",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Observe that all except \"Package version\", \"Recipe version\", \"Layer commit\" are sortable. ",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "If you use the \"Edit columns\" menu to hide the column with the applied sorting, we revert the sorting to the default sorting (i.e. \"Package\"). The default sorting always uses one of the core columns, which cannot be hidden using the \"Edit columns\" menu. Bug 5919 is filed for the issue. ",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Searching should have no impact on the applied sorting. Any results returned should be sorted by the sorting criteria selected when the search query was submitted. Sort packages by size and search a string. Observe that results returned should be sorted by size. ",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "In Toaster, select the build, and select the \"core-image*\" link in the left sidebar. Observe that by default the \"built packages\" table is sorted by \"Package\" in ascending alphabetical order (A to Z). ",
+ "expected_results": ""
+ },
+ "9": {
+ "action": "If choose to sort my \"included packages\" table by \"Size\" and then navigate away by selecting a package, when I go back to the \"included packages\" table it should still be sorted by \"Size\". ",
+ "expected_results": ""
+ },
+ "10": {
+ "action": "Enable all columns by \"Edit columns\". All except \"Package version\", \"Recipe version\", \"Dependencies\", \"Reverse dependencies\", \"Layer commit\", should be sortable. ",
+ "expected_results": ""
+ },
+ "11": {
+ "action": "If you use the \"Edit columns\" menu to hide the column with the applied sorting, we revert the sorting to the default sorting (i.e. \"Package\"). The default sorting always uses one of the core columns, which cannot be hidden using the \"Edit columns\" menu. Bug 5919 is filed for the issue. ",
+ "expected_results": ""
+ },
+ "12": {
+ "action": "Searching should have no impact on the applied sorting. Any results returned should be sorted by the sorting criteria selected when the search query was submitted. Sort packages by size and search a string. Observe that results returned should be sorted by size.",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "packages:_Sort_the_content_of_the_packages_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.packages:_Customise_the_columns_of_the_packages_table",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". ",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In Toaster, select the build, and select the \"Packages\" link in the left sidebar. ",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Observe that by default the \"built packages\" table is sorted by \"Package\" in ascending alphabetical order (A to Z). ",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Select 1 column in \"Edit column\" to show the column. ",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Deselect 1 column in \"Edit column\" to hide 1 column by \"Edit columns\".",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "packages:_Customise_the_columns_of_the_packages_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.packages:_Search_the_content_of_the_packages_table",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". ",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In Toaster, select the build, and select the \"Packages\" link in the left sidebar. ",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Observe that by default the \"built packages\" table is sorted by \"Package\" in ascending alphabetical order (A to Z). ",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "When no search query has been entered, we have placeholder text saying: \"Search packages built\". The placeholder text disappears when the first character is typed. ",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "When a search query has been submitted and results returned: ▪ We keep the search string in the text input field. ▪ We provide a \"Clear search\" icon (icon-remove-sign). Click it to clear the search and display all packages. ▪ We change the page heading to indicate the number of results returned by the search query. ",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "If your search query returns no results, the page heading changes to \"No packages found\", and we show you an alert with a search form and an option to show all packages. ",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Searching does not change the state of the table: the same columns remain hidden and the same sorting applied. ",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "When I run a search, the search happens against the following columns (independently of they being shown or hidden): - Package - Package version - License - Recipe - Recipe version - Layer - Layer branch - Layer commit ",
+ "expected_results": ""
+ },
+ "9": {
+ "action": "Hide all columns except \"Package\" and \"Package version\". Search a string which is included in other hidden columns, not the 2 columns. See if returned results occur. ",
+ "expected_results": ""
+ },
+ "10": {
+ "action": "In Toaster, select the build, and select the \"core-image*\" link in the left sidebar. Observe that by default the \"included packages\" table is sorted by \"Package\" in ascending alphabetical order (A to Z). Rerun tests according to step 4~9.",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "packages:_Search_the_content_of_the_packages_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.View_detailed_information_about_a_layer",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". \n\n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Make sure that layer information is shown in: \n* recipes table \n All builds-> core-image-minimal-> recipes \n Select \"Layer\", \"Layer branch\", \"Layer commit\" in Edit columns and observe the 3 columns are showed. Note that the \"Layer branch\" column can be empty. \n\n* recipe details \n All builds-> core-image-minimal-> recipes \n Click a recipe and you can see \"Layer\", \"Layer branch\", \"Layer commit\", \"Recipe details\" information. Note that \"Layer branch\" is not required. If there is no layer branch, you should not see the \"Layer branch\" item on the list.",
+ "expected_results": "NA"
+ },
+ "3": {
+ "action": "built packages table \n All builds-> core-image-minimal-> packages \n Select \"Layer\", \"Layer branch\", \"Layer commit\" in Edit columns and observer the 3 columns is showed. Note that the \"Layer branch\" column can be empty. \n\n* built package details \n All builds-> core-image-minimal-> packages \n Click a package and you can see \"Layer\", \"Layer branch\", \"Layer commit\" in package information. Note that \"Layer branch\" is not required. If there is no layer branch, you should not see the \"Layer branch\" item on the list. \n\n* image information \n All builds-> core-image-minimal-> core-image-minimal(images) \n Select \"Layer\", \"Layer branch\", \"Layer commit\" in Edit columns and observer the 3 columns is showed.",
+ "expected_results": "NA"
+ },
+ "4": {
+ "action": "Note that the \"Layer branch\" column can be empty. \n\n* installed package details \n All builds-> core-image-minimal-> core-image-minimal(images) \n Click a package and you can see layer information in package information. Note that \"Layer branch\" is not required. If there is no layer branch, you should not see the \"Layer branch\" item on the list. \n\n* configuration \n All builds-> core-image-minimal-> Configuration \n You can see \"Layer\", \"Layer branch\", \"Layer commit\" in configuration summary. Note that the \"Layer branch\" column can be empty. \n\n* build dashboard \n All builds-> core-image-minimal \n You can see \"Layers\" in build summary. ",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "View_detailed_information_about_a_layer"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.Select_the_number_of_table_rows_displayed_per_page",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". ",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In Toaster, select the build, and select the \"Packages\" link in the left sidebar. ",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Users can select the number of rows they want to see in a table using the \"Show rows\" dropdown menu, which displays above and below each table. The options of the \"Show rows\" dropdown are: 10, 25, 50, 100, 150. ",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "The last selected option from the \"Show rows\" menu should be remembered: * Select one option, for example 10 * Click on a package name to navigate away from the built packages table * Click on the \"Packages\" link in the breadcrumb at the top of the page to go back to the packages table Note that 25 is still selected in the \"Show rows\" menu. ",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Observe that the pagination widget is made of: - A \"Previous\" button - A \"Next\" button - A maximum of 5 page buttons. ",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "See the pagination function of \"Tasks\", \"Recipes\" links according to steps 3~4.",
+ "expected_results": "Expected result for step 4: This widget has no previous or next button if testing in toaster 2.2. see Bug 9831"
+ }
+ },
+ "summary": "Select_the_number_of_table_rows_displayed_per_page"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.View_detailed_configuration_information_for_a_build",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". ",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In Toaster, select the build, and select the \"Configuration\" link in the left sidebar. ",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Observe that the configuration page has 2 tabs: - Summary - BitBake variables The Summary tab is the default tab. ",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "The following content is included in summary tab. (1) Build configuration (2) Layers (Layer, Layer branch - if any, Layer commit) ",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Observe that \"BitBake variables\" tab includes \"Variable\", \"Value\", \" Set in file\", \"Description\" columns. ",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Click filter button of \"Set in file\" column. Select \"Local configuration variables\" and click \"Apply\" button to see if filter function works well. ",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "In the \"Edit columns\" menu, table columns appear listed alphabetically: Description, Set in file, Value, Variable ",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "The minimum table is made of the \"Variable\" and \"Value\" columns. ",
+ "expected_results": ""
+ },
+ "9": {
+ "action": "Click a variable and a \"History of ${variable}\" dialog will occur. The modal dialog shows the variable value followed by the history table, which has the following columns: - Order: indicates the sequence in which the files set the variable - Configuration file: the location in disk of the file that set the variable - Operation: the value of the operation field as stored in the database. - Line number: the line number where the operation is performed in the configuration file. For such variables, whose value is an empty string, the Value cell in the variables table isempty, which is probably the right thing. In the modal, instead of the variable value, we show an alert (with the class .alert-info) saying: \"The value of is an empty string\" ",
+ "expected_results": ""
+ },
+ "10": {
+ "action": "Click arrow links in description tab to see linking variables to the Yocto Project reference manual.",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "View_detailed_configuration_information_for_a_build"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.variables:_Customise_the_columns_of_the_bitbake_variables_table",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". ",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In Toaster, select the build, and select the \"Configuration\" link in the left sidebar. Then click \"BitBake variables\" tab. ",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Show or hide columns by select or deselect options of \"Edit columns\".",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "variables:_Customise_the_columns_of_the_bitbake_variables_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.variables:_Filter_the_content_of_the_bitbake_variables_table",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". \n \n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In Toaster, select the build, and select the \"Configuration\" link in the left sidebar. Then click \"BitBake variables\" tab. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Observe \"Set in file\" and \"Description\" columns have filters. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Filters are mutually exclusive. Only one column filter can be applied to a table at any given time. \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Filters are overridden by search. \nThe scope of the filters is the content currently on the table. \nThe scope of the search is always the full content of the database. \nSo: \n- if I run a search query, any filter applied afterwards will filter the content returned by the search query. \nSearch a string and apply a filter. Observe it would filter the content returned by the search query. \n\n- if I run a search query while a filter is applied, the filter is overridden by the results of the search query. \nApply a filter and search a string. Observe that the previous filtered result is overridden by the search. ",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "variables:_Filter_the_content_of_the_bitbake_variables_table"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.View_and_navigate_the_full_directory_structure_of_built_images",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". \n \n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In Toaster, select the build, and select the \"core-image-minimal\" link in the left sidebar. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Observe image information page has 2 tabs: \n- Packages included: this tab shows a table with all the packages installed in the image. The tab label includes the total number of packages listed in the table and their size. \n- Directory structure: this tab shows all the files included in the image. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "By default, the included packages table displays the following columns in this order: \nPackage, Package version, Size, Dependencies \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Apart from the columns shown by default, the following additional columns are also available to users via the \"Edit columns\" menu: \nLayer, Layer branch, Layer commit, License, Recipe, Recipe version. \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "The minimum table is made of the 2 columns that provide the information needed to identify a package: Package and Package version. \n\n",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "By default, the directory structure table shows the top level directories and files in the file system.\nThe table includes the following columns: \nDirectory/File, Symbolic link to, Source package, Size, Permissions, Owner, Group \nOpen some directories and see files. ",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "View_and_navigate_the_full_directory_structure_of_built_images"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.View_a_summary_of_all_the_information_available_for_a_build",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and build \"bitbake core-image-minimal\". \n \n",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In Toaster, select the build. \n\n",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "A 'Build dashboard' page is showed. \nThe 'Build dashboard' page has two main states: \n(1) Success state: when the build completes successfully. In the success state, if the build target(s) include an image recipe, the page displays an image content module, and the left navigation has an \"Images\" section at the top. \n(2) Fail state: when the build fails (shown in this page). In the fail state, the page always displays an errors content module, and the left navigation does not have an \"Images\" section at the top. \n\n",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Observe that the page provides access to all information available for the selected build. \n(1) Images \n(2) Build: this group provides links to the following pages: \nConfiguration, Tasks, Recipes, Packages \n(3) Performance: this group provides links to the following pages: \nTime, CPU usage, Disk I/O \n\n",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "The page heading is made of the build target(s) and the machine, such as \"core-image-minimal qemux86\". If the build has more than one target, they show in ascending alphabetical order (A to Z) both in the page heading and in the \"Images\" section of the left navigation. If the build was successful, there is an image content module for each target that is an image recipe. The modules also show in ascending alphabetical order by target name. \n\n",
+ "expected_results": ""
+ },
+ "6": {
+ "action": "Packages included, total package size, license manifest, image files are included in the images section. \n\n",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "The information of Machine, Distro, Layers is included in configuration content module of \"Build summary\" section. \nThe information of \"Total number of task\", \"Tasks executed\", \" Tasks not executed\", \"Reuse\" is included in the tasks content module. \nThe information of \"Recipes built\" and \"Packages built\" is included in the \"Recipes&Packages\" content module. ",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "View_a_summary_of_all_the_information_available_for_a_build"
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.Display_the_content_of_error_messages_and_warnings",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and create a successful build and a failed build. You can force a build to terminate by ctrl+c. ",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "Observe that the number of errors and warnings thrown by a build shows in both 'All builds' page and the 'Latest builds' section. ",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Observe that the number and content of errors and warnings thrown by a build shows in the 'Build dashboard' page. ",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Click warning or error links to see warning and error details. ",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "Display_the_content_of_error_messages_and_warnings."
+ }
+ },
+ {
+ "test": {
+ "@alias": "toaster-unmanaged-mode.toaster-unmanaged.Build_summary_information_fully_implemented",
+ "author": [
+ {
+ "email": "Yuan.Sun2@windriver.com",
+ "name": "Yuan.Sun2@windriver.com"
+ }
+ ],
+ "execution": {
+ "1": {
+ "action": "Start with a default Yocto project (qemux86), start the Toaster, and create 4 builds. \na) a successful build with images (bitbake core-image-minimal) \nb) a successful build without images (bitbake mtools-native) \nc) a failed build with errors and warnings (run \"bitbake core-image-sato\", then press control+c to terminate the build)",
+ "expected_results": ""
+ },
+ "2": {
+ "action": "In Toaster, select a core-image-minimal build.",
+ "expected_results": ""
+ },
+ "3": {
+ "action": "Observe that there is a 'Build dashboard' page captured by Toaster. The page does not exist for builds in progress, only for finished builds. \nThe 'Build dashboard' page is made of: \na) Breadcrumb \nb) Navigation \n IMAGES: core-image-minimal \n BUILD: \n Configuration \n Tasks \n Recipes \n Packages \n PERFORMANCE: \n Time \n CPU usage \n Disk I/O \nc) Page heading (core-image-minimal qemux86) \nd) Section heading (Images, Build summary) \ne) Build status notification (Completed on xx/xx/xx... Build time:xx:xx:xx)",
+ "expected_results": ""
+ },
+ "4": {
+ "action": "Observe \"images\" section is made of the following \n.\na) Heading: core-image-minimal, which links to the \"Packages included\" tab of the image information page \nb) Number of packages installed: (packages included xx), which is a link to the \"Packages included\" tab of the image information page \nc) Total installed package size: xxMB \nd) License manifest (which is a link to the \"Packages included\" tab of the information page with the following columns showing: \"Package\", \"Package version\", \"License\" and \"Recipe\". We have bug 6079 open for this). Next to the license manifest is the path to the directory where you can find the license manifest file. \n \ne) Image files (rootfs file names and rootfs file sizes)",
+ "expected_results": ""
+ },
+ "5": {
+ "action": "Observe \"Build summary\" section is made of the following. \na) Configuration (which is a link to the configuration page): \n Machine \n Distro \n Layers (sorted in alphabetical order) \nb) Tasks (which is a link to the tasks page) \n Total number of tasks (which is a link to the tasks page) \n Tasks executed (which is a link to the tasks page with the tasks executed filter applied) \n Tasks not executed (which is a link to the tasks pages with the tasks not executed filter applied)\n Reuse \nc) Note that \"Total number of tasks\" should equal number of \"Tasks executed\" + number of \"Tasks not executed\" \nd) Recipes (which is a link to the recipes page) & Packages (which is a link to the packages built page) ",
+ "expected_results": ""
+ },
+ "6": {
+ "action": " Number of recipes built (which is a link to the recipes page) \n \n Number of packages built (which is a link to the packages built page)",
+ "expected_results": ""
+ },
+ "7": {
+ "action": "Return to localhost:8000 and select a successful build without images (mtools-native) \n.\nObserve the build dashboard for a successful build of a target that is not an image recipe. There is no image content module, and no \"Images\" section in the left navigation.",
+ "expected_results": ""
+ },
+ "8": {
+ "action": "Return to localhost:8000 and select the failed build (core-image-sato). Observe the build dashboard for the failed build. \n \na) the errors content module: \nThis module exists for those builds that throw error(s). It appears immediately below the build status notification. \nThe module has 2 states: \n▪ Expanded (shows number of errors and error content) \n▪ Collapsed (shows only the number of errors) \nBy default, the errors module is in the expanded state. \nErrors content modules include the following information: \n(1.1) A heading, which indicates the number of errors thrown by the build, and toggles the module between its 2 states on click. ",
+ "expected_results": "NA"
+ },
+ "9": {
+ "action": "Transitions between states should use a slide up / slide down animation. \n(1.2) Error(s) content \n\nb) the warning content module: \nThis module exists for those builds that throw warning(s). \nIt is the last content module shown on the build dashboard. \nThe module has 2 states: \n▪ Expanded (shows number of warnings and warning content) \n▪ Collapsed (shows only the number of warnings) \nBy default, the warning module is in the collapsed state. Warnings content modules include the following information: \n(2.1) A heading, which indicates the number of warnings thrown by the build, and toggles the module between its 2 \nstates on click. Transitions between states should use a slide up / slide down animation. \n(2.2) Warning(s) content ",
+ "expected_results": "NA"
+ }
+ },
+ "summary": "Build_summary_information_fully_implemented"
+ }
+ }
+] \ No newline at end of file
diff --git a/meta/lib/oeqa/sdk/case.py b/meta/lib/oeqa/sdk/case.py
index 963aa8d358..c0aef18cd5 100644
--- a/meta/lib/oeqa/sdk/case.py
+++ b/meta/lib/oeqa/sdk/case.py
@@ -8,5 +8,5 @@ from oeqa.core.case import OETestCase
class OESDKTestCase(OETestCase):
def _run(self, cmd):
return subprocess.check_output(". %s > /dev/null; %s;" % \
- (self.tc.sdk_env, cmd), shell=True,
+ (self.tc.sdk_env, cmd), shell=True, executable="/bin/bash",
stderr=subprocess.STDOUT, universal_newlines=True)
diff --git a/meta/lib/oeqa/sdk/utils/sdkbuildproject.py b/meta/lib/oeqa/sdk/utils/sdkbuildproject.py
index 6fed73e350..eafbd7a034 100644
--- a/meta/lib/oeqa/sdk/utils/sdkbuildproject.py
+++ b/meta/lib/oeqa/sdk/utils/sdkbuildproject.py
@@ -42,7 +42,8 @@ class SDKBuildProject(BuildProject):
def _run(self, cmd):
self.log("Running . %s; " % self.sdkenv + cmd)
try:
- output = subprocess.check_output(". %s; " % self.sdkenv + cmd, shell=True, stderr=subprocess.STDOUT)
+ output = subprocess.check_output(". %s; " % self.sdkenv + cmd, shell=True,
+ executable='/bin/bash', stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as exc:
print(exc.output.decode('utf-8'))
return exc.returncode
diff --git a/meta/lib/oeqa/sdkext/testsdk.py b/meta/lib/oeqa/sdkext/testsdk.py
index 57b2e0e03f..8ec5262d56 100644
--- a/meta/lib/oeqa/sdkext/testsdk.py
+++ b/meta/lib/oeqa/sdkext/testsdk.py
@@ -22,11 +22,8 @@ class TestSDKExt(TestSDKBase):
subprocesstweak.errors_have_output()
- # extensible sdk can be contaminated if native programs are
- # in PATH, i.e. use perl-native instead of eSDK one.
- paths_to_avoid = [d.getVar('STAGING_DIR'),
- d.getVar('BASE_WORKDIR')]
- os.environ['PATH'] = avoid_paths_in_environ(paths_to_avoid)
+ # We need the original PATH for testing the eSDK, not with our manipulations
+ os.environ['PATH'] = d.getVar("BB_ORIGENV", False).getVar("PATH")
tcname = d.expand("${SDK_DEPLOY}/${TOOLCHAINEXT_OUTPUTNAME}.sh")
if not os.path.exists(tcname):
diff --git a/meta/lib/oeqa/selftest/cases/pkgdata.py b/meta/lib/oeqa/selftest/cases/pkgdata.py
index 0b4caf1b2c..99117651e5 100644
--- a/meta/lib/oeqa/selftest/cases/pkgdata.py
+++ b/meta/lib/oeqa/selftest/cases/pkgdata.py
@@ -13,6 +13,7 @@ class OePkgdataUtilTests(OESelftestTestCase):
super(OePkgdataUtilTests, cls).setUpClass()
# Ensure we have the right data in pkgdata
cls.logger.info('Running bitbake to generate pkgdata')
+ bitbake('target-sdk-provides-dummy -c clean')
bitbake('busybox zlib m4')
@OETestID(1203)
diff --git a/meta/lib/oeqa/selftest/cases/resulttooltests.py b/meta/lib/oeqa/selftest/cases/resulttooltests.py
new file mode 100644
index 0000000000..0a089c0b7f
--- /dev/null
+++ b/meta/lib/oeqa/selftest/cases/resulttooltests.py
@@ -0,0 +1,94 @@
+import os
+import sys
+basepath = os.path.abspath(os.path.dirname(__file__) + '/../../../../../')
+lib_path = basepath + '/scripts/lib'
+sys.path = sys.path + [lib_path]
+from resulttool.report import ResultsTextReport
+from resulttool import regression as regression
+from resulttool import resultutils as resultutils
+from oeqa.selftest.case import OESelftestTestCase
+
+class ResultToolTests(OESelftestTestCase):
+ base_results_data = {'base_result1': {'configuration': {"TEST_TYPE": "runtime",
+ "TESTSERIES": "series1",
+ "IMAGE_BASENAME": "image",
+ "IMAGE_PKGTYPE": "ipk",
+ "DISTRO": "mydistro",
+ "MACHINE": "qemux86"},
+ 'result': {}},
+ 'base_result2': {'configuration': {"TEST_TYPE": "runtime",
+ "TESTSERIES": "series1",
+ "IMAGE_BASENAME": "image",
+ "IMAGE_PKGTYPE": "ipk",
+ "DISTRO": "mydistro",
+ "MACHINE": "qemux86-64"},
+ 'result': {}}}
+ target_results_data = {'target_result1': {'configuration': {"TEST_TYPE": "runtime",
+ "TESTSERIES": "series1",
+ "IMAGE_BASENAME": "image",
+ "IMAGE_PKGTYPE": "ipk",
+ "DISTRO": "mydistro",
+ "MACHINE": "qemux86"},
+ 'result': {}},
+ 'target_result2': {'configuration': {"TEST_TYPE": "runtime",
+ "TESTSERIES": "series1",
+ "IMAGE_BASENAME": "image",
+ "IMAGE_PKGTYPE": "ipk",
+ "DISTRO": "mydistro",
+ "MACHINE": "qemux86"},
+ 'result': {}},
+ 'target_result3': {'configuration': {"TEST_TYPE": "runtime",
+ "TESTSERIES": "series1",
+ "IMAGE_BASENAME": "image",
+ "IMAGE_PKGTYPE": "ipk",
+ "DISTRO": "mydistro",
+ "MACHINE": "qemux86-64"},
+ 'result': {}}}
+
+ def test_report_can_aggregate_test_result(self):
+ result_data = {'result': {'test1': {'status': 'PASSED'},
+ 'test2': {'status': 'PASSED'},
+ 'test3': {'status': 'FAILED'},
+ 'test4': {'status': 'ERROR'},
+ 'test5': {'status': 'SKIPPED'}}}
+ report = ResultsTextReport()
+ result_report = report.get_aggregated_test_result(None, result_data)
+ self.assertTrue(result_report['passed'] == 2, msg="Passed count not correct:%s" % result_report['passed'])
+ self.assertTrue(result_report['failed'] == 2, msg="Failed count not correct:%s" % result_report['failed'])
+ self.assertTrue(result_report['skipped'] == 1, msg="Skipped count not correct:%s" % result_report['skipped'])
+
+ def test_regression_can_get_regression_base_target_pair(self):
+
+ results = {}
+ resultutils.append_resultsdata(results, ResultToolTests.base_results_data)
+ resultutils.append_resultsdata(results, ResultToolTests.target_results_data)
+ self.assertTrue('target_result1' in results['runtime/mydistro/qemux86/image'], msg="Pair not correct:%s" % results)
+ self.assertTrue('target_result3' in results['runtime/mydistro/qemux86-64/image'], msg="Pair not correct:%s" % results)
+
+ def test_regrresion_can_get_regression_result(self):
+ base_result_data = {'result': {'test1': {'status': 'PASSED'},
+ 'test2': {'status': 'PASSED'},
+ 'test3': {'status': 'FAILED'},
+ 'test4': {'status': 'ERROR'},
+ 'test5': {'status': 'SKIPPED'}}}
+ target_result_data = {'result': {'test1': {'status': 'PASSED'},
+ 'test2': {'status': 'FAILED'},
+ 'test3': {'status': 'PASSED'},
+ 'test4': {'status': 'ERROR'},
+ 'test5': {'status': 'SKIPPED'}}}
+ result, text = regression.compare_result(self.logger, "BaseTestRunName", "TargetTestRunName", base_result_data, target_result_data)
+ self.assertTrue(result['test2']['base'] == 'PASSED',
+ msg="regression not correct:%s" % result['test2']['base'])
+ self.assertTrue(result['test2']['target'] == 'FAILED',
+ msg="regression not correct:%s" % result['test2']['target'])
+ self.assertTrue(result['test3']['base'] == 'FAILED',
+ msg="regression not correct:%s" % result['test3']['base'])
+ self.assertTrue(result['test3']['target'] == 'PASSED',
+ msg="regression not correct:%s" % result['test3']['target'])
+
+ def test_merge_can_merged_results(self):
+ results = {}
+ resultutils.append_resultsdata(results, ResultToolTests.base_results_data, configmap=resultutils.flatten_map)
+ resultutils.append_resultsdata(results, ResultToolTests.target_results_data, configmap=resultutils.flatten_map)
+ self.assertEqual(len(results[''].keys()), 5, msg="Flattened results not correct %s" % str(results))
+
diff --git a/meta/lib/oeqa/selftest/cases/signing.py b/meta/lib/oeqa/selftest/cases/signing.py
index 4fa99acbc9..8d585430be 100644
--- a/meta/lib/oeqa/selftest/cases/signing.py
+++ b/meta/lib/oeqa/selftest/cases/signing.py
@@ -40,7 +40,9 @@ class Signing(OESelftestTestCase):
origenv = os.environ.copy()
for e in os.environ:
- if builddir in os.environ[e]:
+ if builddir + "/" in os.environ[e]:
+ os.environ[e] = os.environ[e].replace(builddir + "/", newbuilddir + "/")
+ if os.environ[e].endswith(builddir):
os.environ[e] = os.environ[e].replace(builddir, newbuilddir)
os.chdir(newbuilddir)
diff --git a/meta/lib/oeqa/selftest/context.py b/meta/lib/oeqa/selftest/context.py
index c521290327..c56e53dcdd 100644
--- a/meta/lib/oeqa/selftest/context.py
+++ b/meta/lib/oeqa/selftest/context.py
@@ -108,6 +108,7 @@ class OESelftestTestContextExecutor(OETestContextExecutor):
logdir = os.environ.get("BUILDDIR")
if 'LOG_DIR' in bbvars:
logdir = bbvars['LOG_DIR']
+ bb.utils.mkdirhier(logdir)
args.output_log = logdir + '/%s-results-%s.log' % (self.name, args.test_start_time)
super(OESelftestTestContextExecutor, self)._process_args(logger, args)
diff --git a/meta/lib/oeqa/targetcontrol.py b/meta/lib/oeqa/targetcontrol.py
index 1868ad3206..b98b183504 100644
--- a/meta/lib/oeqa/targetcontrol.py
+++ b/meta/lib/oeqa/targetcontrol.py
@@ -159,7 +159,7 @@ class QemuTarget(BaseTarget):
def start(self, params=None, ssh=True, extra_bootparams='', runqemuparams='', launch_cmd='', discard_writes=True):
if launch_cmd:
- start = self.runner.launch(get_ip=ssh, launch_cmd=launch_cmd)
+ start = self.runner.launch(get_ip=ssh, launch_cmd=launch_cmd, qemuparams=params)
else:
start = self.runner.start(params, get_ip=ssh, extra_bootparams=extra_bootparams, runqemuparams=runqemuparams, discard_writes=discard_writes)
diff --git a/meta/lib/oeqa/utils/gitarchive.py b/meta/lib/oeqa/utils/gitarchive.py
index ff614d06bb..9520b2e126 100644
--- a/meta/lib/oeqa/utils/gitarchive.py
+++ b/meta/lib/oeqa/utils/gitarchive.py
@@ -80,6 +80,8 @@ def git_commit_data(repo, data_dir, branch, message, exclude, notes, log):
# Create new commit object from the tree
parent = repo.rev_parse(branch)
+ if not parent:
+ parent = repo.rev_parse("origin/" + branch)
git_cmd = ['commit-tree', tree, '-m', message]
if parent:
git_cmd += ['-p', parent]
@@ -93,8 +95,6 @@ def git_commit_data(repo, data_dir, branch, message, exclude, notes, log):
# Update branch head
git_cmd = ['update-ref', 'refs/heads/' + branch, commit]
- if parent:
- git_cmd.append(parent)
repo.run_cmd(git_cmd)
# Update current HEAD, if we're on branch 'branch'
diff --git a/meta/lib/oeqa/utils/qemurunner.py b/meta/lib/oeqa/utils/qemurunner.py
index cc95dc2990..49564f9abc 100644
--- a/meta/lib/oeqa/utils/qemurunner.py
+++ b/meta/lib/oeqa/utils/qemurunner.py
@@ -320,6 +320,7 @@ class QemuRunner:
self.logger.debug("Target didn't reach login banner in %d seconds (%s)" %
(self.boottime, time.strftime("%D %H:%M:%S")))
tail = lambda l: "\n".join(l.splitlines()[-25:])
+ bootlog = bootlog.decode("utf-8")
# in case bootlog is empty, use tail qemu log store at self.msg
lines = tail(bootlog if bootlog else self.msg)
self.logger.debug("Last 25 lines of text:\n%s" % lines)
diff --git a/meta/recipes-connectivity/avahi/avahi.inc b/meta/recipes-connectivity/avahi/avahi.inc
index 11846849f0..8339e451f5 100644
--- a/meta/recipes-connectivity/avahi/avahi.inc
+++ b/meta/recipes-connectivity/avahi/avahi.inc
@@ -19,7 +19,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
-SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz"
+SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \
+ file://fix-CVE-2017-6519.patch \
+ "
UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
SRC_URI[md5sum] = "d76c59d0882ac6c256d70a2a585362a6"
diff --git a/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch b/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch
new file mode 100644
index 0000000000..7461fe193d
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch
@@ -0,0 +1,48 @@
+Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/e111def]
+
+CVE: CVE-2017-6519
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001
+From: Trent Lloyd <trent@lloyd.id.au>
+Date: Sat, 22 Dec 2018 09:06:07 +0800
+Subject: [PATCH] Drop legacy unicast queries from address not on local link
+
+When handling legacy unicast queries, ensure that the source IP is
+inside a subnet on the local link, otherwise drop the packet.
+
+Fixes #145
+Fixes #203
+CVE-2017-6519
+CVE-2018-1000845
+---
+ avahi-core/server.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/avahi-core/server.c b/avahi-core/server.c
+index a2cb19a8..a2580e38 100644
+--- a/avahi-core/server.c
++++ b/avahi-core/server.c
+@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+
+ if (avahi_dns_packet_is_query(p)) {
+ int legacy_unicast = 0;
++ char t[AVAHI_ADDRESS_STR_MAX];
+
+ /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the
+ * AR section completely here, so far. Until the day we add
+@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+ legacy_unicast = 1;
+ }
+
++ if (!is_mdns_mcast_address(dst_address) &&
++ !avahi_interface_address_on_link(i, src_address)) {
++
++ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol);
++ return;
++ }
++
+ if (legacy_unicast)
+ reflect_legacy_unicast_query_packet(s, p, i, src_address, port);
+
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch b/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch
deleted file mode 100644
index 7a2ba7eab6..0000000000
--- a/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Upstream-Status: Backport [https://ftp.isc.org/isc/bind9/9.11.4-P1/patches/CVE-2018-5740]
-
-CVE: CVE-2018-5740
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
-
-diff --git a/CHANGES b/CHANGES
-index 750b600..3d8d655 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -1,3 +1,9 @@
-+ --- 9.11.4-P1 released ---
-+
-+4997. [security] named could crash during recursive processing
-+ of DNAME records when "deny-answer-aliases" was
-+ in use. (CVE-2018-5740) [GL #387]
-+
- --- 9.11.4 released ---
-
- --- 9.11.4rc2 released ---
-diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
-index 8f674a2..41d1385 100644
---- a/lib/dns/resolver.c
-+++ b/lib/dns/resolver.c
-@@ -6318,6 +6318,7 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname,
- unsigned int nlabels;
- dns_fixedname_t fixed;
- dns_name_t prefix;
-+ int order;
-
- REQUIRE(rdataset != NULL);
- REQUIRE(rdataset->type == dns_rdatatype_cname ||
-@@ -6340,17 +6341,25 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname,
- tname = &cname.cname;
- break;
- case dns_rdatatype_dname:
-+ if (dns_name_fullcompare(qname, rname, &order, &nlabels) !=
-+ dns_namereln_subdomain)
-+ {
-+ return (ISC_TRUE);
-+ }
- result = dns_rdata_tostruct(&rdata, &dname, NULL);
- RUNTIME_CHECK(result == ISC_R_SUCCESS);
- dns_name_init(&prefix, NULL);
- tname = dns_fixedname_initname(&fixed);
-- nlabels = dns_name_countlabels(qname) -
-- dns_name_countlabels(rname);
-+ nlabels = dns_name_countlabels(rname);
- dns_name_split(qname, nlabels, &prefix, NULL);
- result = dns_name_concatenate(&prefix, &dname.dname, tname,
- NULL);
-- if (result == DNS_R_NAMETOOLONG)
-+ if (result == DNS_R_NAMETOOLONG) {
-+ if (chainingp != NULL) {
-+ *chainingp = ISC_TRUE;
-+ }
- return (ISC_TRUE);
-+ }
- RUNTIME_CHECK(result == ISC_R_SUCCESS);
- break;
- default:
-@@ -7071,7 +7080,9 @@ answer_response(fetchctx_t *fctx) {
- }
- if ((ardataset->type == dns_rdatatype_cname ||
- ardataset->type == dns_rdatatype_dname) &&
-- !is_answertarget_allowed(fctx, qname, aname, ardataset,
-+ type != ardataset->type &&
-+ type != dns_rdatatype_any &&
-+ !is_answertarget_allowed(fctx, qname, aname, ardataset,
- NULL))
- {
- return (DNS_R_SERVFAIL);
diff --git a/meta/recipes-connectivity/bind/bind_9.11.4.bb b/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb
index cb4a21a9af..432bad010b 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.4.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "http://www.isc.org/sw/bind/"
SECTION = "console/network"
LICENSE = "ISC & BSD"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=6ba7c9fe0c888a943c79c93e6de744fb"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=8f17f64e47e83b60cd920a1e4b54419e"
DEPENDS = "openssl libcap zlib"
@@ -20,14 +20,14 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
file://0001-avoid-start-failure-with-bind-user.patch \
- file://CVE-2018-5740.patch \
"
-SRC_URI[md5sum] = "9b4834d78f30cdb796ce437262272a36"
-SRC_URI[sha256sum] = "595070b031f869f8939656b5a5d11b121211967f15f6afeafa895df745279617"
+SRC_URI[md5sum] = "8ddab4b61fa4516fe404679c74e37960"
+SRC_URI[sha256sum] = "7e8c08192bcbaeb6e9f2391a70e67583b027b90e8c4bc1605da6eb126edde434"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
UPSTREAM_CHECK_REGEX = "(?P<pver>9(\.\d+)+(-P\d+)*)/"
+RECIPE_NO_UPDATE_REASON = "9.11 is LTS 2021"
inherit autotools update-rc.d systemd useradd pkgconfig multilib_script
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index edb44b22a5..aaf2af975d 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -41,7 +41,7 @@ PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis"
PACKAGECONFIG[tools] = "--enable-tools,--disable-tools"
PACKAGECONFIG[threads] = "--enable-threads,--disable-threads"
PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated"
-PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c"
+PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c ell"
PACKAGECONFIG[btpclient] = "--enable-btpclient,--disable-btpclient, ell"
SRC_URI = "\
@@ -53,6 +53,7 @@ SRC_URI = "\
file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
file://0001-test-gatt-Fix-hung-issue.patch \
file://0001-Makefile.am-Fix-a-race-issue-for-tools.patch \
+ file://CVE-2018-10910.patch \
"
S = "${WORKDIR}/bluez-${PV}"
diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch
new file mode 100644
index 0000000000..b4b1846c45
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch
@@ -0,0 +1,705 @@
+A bug in Bluez may allow for the Bluetooth Discoverable state being set to on
+when no Bluetooth agent is registered with the system. This situation could
+lead to the unauthorized pairing of certain Bluetooth devices without any
+form of authentication.
+
+CVE: CVE-2018-10910
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+Subject: [PATCH BlueZ 1/4] client: Add discoverable-timeout command
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-25 10:20:32
+Message-ID: 20180725102035.19439-1-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This adds discoverable-timeout command which can be used to get/set
+DiscoverableTimeout property:
+
+[bluetooth]# discoverable-timeout 180
+Changing discoverable-timeout 180 succeeded
+---
+ client/main.c | 43 +++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 43 insertions(+)
+
+diff --git a/client/main.c b/client/main.c
+index 87323d8f7..59820c6d9 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -1061,6 +1061,47 @@ static void cmd_discoverable(int argc, char *argv[])
+ return bt_shell_noninteractive_quit(EXIT_FAILURE);
+ }
+
++static void cmd_discoverable_timeout(int argc, char *argv[])
++{
++ uint32_t value;
++ char *endptr = NULL;
++ char *str;
++
++ if (argc < 2) {
++ DBusMessageIter iter;
++
++ if (!g_dbus_proxy_get_property(default_ctrl->proxy,
++ "DiscoverableTimeout", &iter)) {
++ bt_shell_printf("Unable to get DiscoverableTimeout\n");
++ return bt_shell_noninteractive_quit(EXIT_FAILURE);
++ }
++
++ dbus_message_iter_get_basic(&iter, &value);
++
++ bt_shell_printf("DiscoverableTimeout: %d seconds\n", value);
++
++ return;
++ }
++
++ value = strtol(argv[1], &endptr, 0);
++ if (!endptr || *endptr != '\0' || value > UINT32_MAX) {
++ bt_shell_printf("Invalid argument\n");
++ return bt_shell_noninteractive_quit(EXIT_FAILURE);
++ }
++
++ str = g_strdup_printf("discoverable-timeout %d", value);
++
++ if (g_dbus_proxy_set_property_basic(default_ctrl->proxy,
++ "DiscoverableTimeout",
++ DBUS_TYPE_UINT32, &value,
++ generic_callback, str, g_free))
++ return;
++
++ g_free(str);
++
++ return bt_shell_noninteractive_quit(EXIT_FAILURE);
++}
++
+ static void cmd_agent(int argc, char *argv[])
+ {
+ dbus_bool_t enable;
+@@ -2549,6 +2590,8 @@ static const struct bt_shell_menu main_menu = {
+ { "discoverable", "<on/off>", cmd_discoverable,
+ "Set controller discoverable mode",
+ NULL },
++ { "discoverable-timeout", "[value]", cmd_discoverable_timeout,
++ "Set discoverable timeout", NULL },
+ { "agent", "<on/off/capability>", cmd_agent,
+ "Enable/disable agent with given capability",
+ capability_generator},
+--
+2.17.1
+
+Subject: [PATCH BlueZ 2/4] client: Make show command print DiscoverableTimeout
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-25 10:20:33
+Message-ID: 20180725102035.19439-2-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+Controller XX:XX:XX:XX:XX:XX (public)
+ Name: Vudentz's T460s
+ Alias: Intel-1
+ Class: 0x004c010c
+ Powered: yes
+ Discoverable: no
+ DiscoverableTimeout: 0x00000000
+ Pairable: yes
+ UUID: Headset AG (00001112-0000-1000-8000-00805f9b34fb)
+ UUID: Generic Attribute Profile (00001801-0000-1000-8000-00805f9b34fb)
+ UUID: A/V Remote Control (0000110e-0000-1000-8000-00805f9b34fb)
+ UUID: SIM Access (0000112d-0000-1000-8000-00805f9b34fb)
+ UUID: Generic Access Profile (00001800-0000-1000-8000-00805f9b34fb)
+ UUID: PnP Information (00001200-0000-1000-8000-00805f9b34fb)
+ UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb)
+ UUID: Audio Source (0000110a-0000-1000-8000-00805f9b34fb)
+ UUID: Audio Sink (0000110b-0000-1000-8000-00805f9b34fb)
+ UUID: Headset (00001108-0000-1000-8000-00805f9b34fb)
+ Modalias: usb:v1D6Bp0246d0532
+ Discovering: no
+---
+ client/main.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/client/main.c b/client/main.c
+index 59820c6d9..6f472d050 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -877,6 +877,7 @@ static void cmd_show(int argc, char *argv[])
+ print_property(proxy, "Class");
+ print_property(proxy, "Powered");
+ print_property(proxy, "Discoverable");
++ print_property(proxy, "DiscoverableTimeout");
+ print_property(proxy, "Pairable");
+ print_uuids(proxy);
+ print_property(proxy, "Modalias");
+--
+2.17.1
+Subject: [PATCH BlueZ 3/4] adapter: Track pending settings
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-25 10:20:34
+Message-ID: 20180725102035.19439-3-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This tracks settings being changed and in case the settings is already
+pending considered it to be done.
+---
+ src/adapter.c | 30 ++++++++++++++++++++++++++++--
+ 1 file changed, 28 insertions(+), 2 deletions(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index af340fd6e..20c20f9e9 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -196,6 +196,7 @@ struct btd_adapter {
+ char *name; /* controller device name */
+ char *short_name; /* controller short name */
+ uint32_t supported_settings; /* controller supported settings */
++ uint32_t pending_settings; /* pending controller settings */
+ uint32_t current_settings; /* current controller settings */
+
+ char *path; /* adapter object path */
+@@ -509,8 +510,10 @@ static void settings_changed(struct btd_adapter *adapter, uint32_t settings)
+ changed_mask = adapter->current_settings ^ settings;
+
+ adapter->current_settings = settings;
++ adapter->pending_settings &= ~changed_mask;
+
+ DBG("Changed settings: 0x%08x", changed_mask);
++ DBG("Pending settings: 0x%08x", adapter->pending_settings);
+
+ if (changed_mask & MGMT_SETTING_POWERED) {
+ g_dbus_emit_property_changed(dbus_conn, adapter->path,
+@@ -596,10 +599,31 @@ static bool set_mode(struct btd_adapter *adapter, uint16_t opcode,
+ uint8_t mode)
+ {
+ struct mgmt_mode cp;
++ uint32_t setting = 0;
+
+ memset(&cp, 0, sizeof(cp));
+ cp.val = mode;
+
++ switch (mode) {
++ case MGMT_OP_SET_POWERED:
++ setting = MGMT_SETTING_POWERED;
++ break;
++ case MGMT_OP_SET_CONNECTABLE:
++ setting = MGMT_SETTING_CONNECTABLE;
++ break;
++ case MGMT_OP_SET_FAST_CONNECTABLE:
++ setting = MGMT_SETTING_FAST_CONNECTABLE;
++ break;
++ case MGMT_OP_SET_DISCOVERABLE:
++ setting = MGMT_SETTING_DISCOVERABLE;
++ break;
++ case MGMT_OP_SET_BONDABLE:
++ setting = MGMT_SETTING_DISCOVERABLE;
++ break;
++ }
++
++ adapter->pending_settings |= setting;
++
+ DBG("sending set mode command for index %u", adapter->dev_id);
+
+ if (mgmt_send(adapter->mgmt, opcode,
+@@ -2739,13 +2763,15 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting,
+ else
+ current_enable = FALSE;
+
+- if (enable == current_enable) {
++ if (enable == current_enable || adapter->pending_settings & setting) {
+ g_dbus_pending_property_success(id);
+ return;
+ }
+
+ mode = (enable == TRUE) ? 0x01 : 0x00;
+
++ adapter->pending_settings |= setting;
++
+ switch (setting) {
+ case MGMT_SETTING_POWERED:
+ opcode = MGMT_OP_SET_POWERED;
+@@ -2798,7 +2824,7 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting,
+ data->id = id;
+
+ if (mgmt_send(adapter->mgmt, opcode, adapter->dev_id, len, param,
+- property_set_mode_complete, data, g_free) > 0)
++ property_set_mode_complete, data, g_free) > 0)
+ return;
+
+ g_free(data);
+--
+2.17.1
+Subject: [PATCH BlueZ 4/4] adapter: Check pending when setting DiscoverableTimeout
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-25 10:20:35
+Message-ID: 20180725102035.19439-4-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This makes DiscoverableTimeout check if discoverable is already pending
+and don't attempt to set it once again which may cause discoverable to
+be re-enabled when in fact the application just want to set the timeout
+alone.
+---
+ src/adapter.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index 20c20f9e9..f92c897c7 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -2901,6 +2901,7 @@ static void property_set_discoverable_timeout(
+ GDBusPendingPropertySet id, void *user_data)
+ {
+ struct btd_adapter *adapter = user_data;
++ bool enabled;
+ dbus_uint32_t value;
+
+ dbus_message_iter_get_basic(iter, &value);
+@@ -2914,8 +2915,19 @@ static void property_set_discoverable_timeout(
+ g_dbus_emit_property_changed(dbus_conn, adapter->path,
+ ADAPTER_INTERFACE, "DiscoverableTimeout");
+
++ if (adapter->pending_settings & MGMT_SETTING_DISCOVERABLE) {
++ if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE)
++ enabled = false;
++ else
++ enabled = true;
++ } else {
++ if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE)
++ enabled = true;
++ else
++ enabled = false;
++ }
+
+- if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE)
++ if (enabled)
+ set_discoverable(adapter, 0x01, adapter->discoverable_timeout);
+ }
+
+--
+2.17.1
+Subject: [PATCH BlueZ 1/5] doc/adapter-api: Add Discoverable option to SetDiscoveryFilter
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-26 14:17:19
+Message-ID: 20180726141723.20199-1-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This enables the client to set its discoverable setting while
+discovering which is very typical situation as usually the setings
+application would allow incoming pairing request while scanning, so
+this would reduce the number of calls setting Discoverable and
+DiscoverableTimeout and restoring after done with discovery.
+---
+ doc/adapter-api.txt | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/doc/adapter-api.txt b/doc/adapter-api.txt
+index d14d0ca50..4791af2c7 100644
+--- a/doc/adapter-api.txt
++++ b/doc/adapter-api.txt
+@@ -113,6 +113,12 @@ Methods void StartDiscovery()
+ generated for either ManufacturerData and
+ ServiceData everytime they are discovered.
+
++ bool Discoverable (Default: false)
++
++ Make adapter discoverable while discovering,
++ if the adapter is already discoverable this
++ setting this filter won't do anything.
++
+ When discovery filter is set, Device objects will be
+ created as new devices with matching criteria are
+ discovered regardless of they are connectable or
+--
+2.17.1
+Subject: [PATCH BlueZ 2/5] adapter: Discovery filter discoverable
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-26 14:17:20
+Message-ID: 20180726141723.20199-2-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This implements the discovery filter discoverable and tracks which
+clients had enabled it and restores the settings when the last client
+enabling it exits.
+---
+ src/adapter.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 54 insertions(+), 2 deletions(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index f92c897c7..bd9edddc6 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -157,6 +157,7 @@ struct discovery_filter {
+ int16_t rssi;
+ GSList *uuids;
+ bool duplicate;
++ bool discoverable;
+ };
+
+ struct watch_client {
+@@ -214,6 +215,7 @@ struct btd_adapter {
+
+ bool discovering; /* discovering property state */
+ bool filtered_discovery; /* we are doing filtered discovery */
++ bool filtered_discoverable; /* we are doing filtered discovery */
+ bool no_scan_restart_delay; /* when this flag is set, restart scan
+ * without delay */
+ uint8_t discovery_type; /* current active discovery type */
+@@ -1842,6 +1844,16 @@ static void discovery_free(void *user_data)
+ g_free(client);
+ }
+
++static bool set_filtered_discoverable(struct btd_adapter *adapter, bool enable)
++{
++ if (adapter->filtered_discoverable == enable)
++ return true;
++
++ adapter->filtered_discoverable = enable;
++
++ return set_discoverable(adapter, enable, 0);
++}
++
+ static void discovery_remove(struct watch_client *client)
+ {
+ struct btd_adapter *adapter = client->adapter;
+@@ -1854,6 +1866,22 @@ static void discovery_remove(struct watch_client *client)
+ adapter->discovery_list = g_slist_remove(adapter->discovery_list,
+ client);
+
++ if (adapter->filtered_discoverable &&
++ client->discovery_filter->discoverable) {
++ GSList *l;
++
++ for (l = adapter->discovery_list; l; l = g_slist_next(l)) {
++ struct watch_client *client = l->data;
++
++ if (client->discovery_filter->discoverable)
++ break;
++ }
++
++ /* Disable filtered discoverable if there are no clients */
++ if (!l)
++ set_filtered_discoverable(adapter, false);
++ }
++
+ discovery_free(client);
+
+ /*
+@@ -2224,6 +2252,15 @@ static DBusMessage *start_discovery(DBusConnection *conn,
+ adapter->set_filter_list, client);
+ adapter->discovery_list = g_slist_prepend(
+ adapter->discovery_list, client);
++
++ /* Reset discoverable filter if already set */
++ if (adapter->current_settings & MGMT_OP_SET_DISCOVERABLE)
++ goto done;
++
++ /* Set discoverable if filter requires and it*/
++ if (client->discovery_filter->discoverable)
++ set_filtered_discoverable(adapter, true);
++
+ goto done;
+ }
+
+@@ -2348,6 +2385,17 @@ static bool parse_duplicate_data(DBusMessageIter *value,
+ return true;
+ }
+
++static bool parse_discoverable(DBusMessageIter *value,
++ struct discovery_filter *filter)
++{
++ if (dbus_message_iter_get_arg_type(value) != DBUS_TYPE_BOOLEAN)
++ return false;
++
++ dbus_message_iter_get_basic(value, &filter->discoverable);
++
++ return true;
++}
++
+ struct filter_parser {
+ const char *name;
+ bool (*func)(DBusMessageIter *iter, struct discovery_filter *filter);
+@@ -2357,6 +2405,7 @@ struct filter_parser {
+ { "Pathloss", parse_pathloss },
+ { "Transport", parse_transport },
+ { "DuplicateData", parse_duplicate_data },
++ { "Discoverable", parse_discoverable },
+ { }
+ };
+
+@@ -2396,6 +2445,7 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter,
+ (*filter)->rssi = DISTANCE_VAL_INVALID;
+ (*filter)->type = get_scan_type(adapter);
+ (*filter)->duplicate = false;
++ (*filter)->discoverable = false;
+
+ dbus_message_iter_init(msg, &iter);
+ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY ||
+@@ -2441,8 +2491,10 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter,
+ goto invalid_args;
+
+ DBG("filtered discovery params: transport: %d rssi: %d pathloss: %d "
+- " duplicate data: %s ", (*filter)->type, (*filter)->rssi,
+- (*filter)->pathloss, (*filter)->duplicate ? "true" : "false");
++ " duplicate data: %s discoverable %s", (*filter)->type,
++ (*filter)->rssi, (*filter)->pathloss,
++ (*filter)->duplicate ? "true" : "false",
++ (*filter)->discoverable ? "true" : "false");
+
+ return true;
+
+--
+2.17.1
+Subject: [PATCH BlueZ 3/5] client: Add scan.discoverable command
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-26 14:17:21
+Message-ID: 20180726141723.20199-3-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This adds discoverable command to scan menu which can be used to set
+if adapter should become discoverable while scanning:
+
+[bluetooth]# scan.discoverable on
+[bluetooth]# scan on
+SetDiscoveryFilter success
+[CHG] Controller XX:XX:XX:XX:XX:XX Discoverable: yes
+Discovery started
+[CHG] Controller XX:XX:XX:XX:XX:XX Discovering: yes
+[bluetooth]# scan off
+Discovery stopped
+[CHG] Controller XX:XX:XX:XX:XX:XX Discoverable: no
+---
+ client/main.c | 29 +++++++++++++++++++++++++++++
+ 1 file changed, 29 insertions(+)
+
+diff --git a/client/main.c b/client/main.c
+index 6f472d050..6e6f6d2fb 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -1166,6 +1166,7 @@ static struct set_discovery_filter_args {
+ char **uuids;
+ size_t uuids_len;
+ dbus_bool_t duplicate;
++ dbus_bool_t discoverable;
+ bool set;
+ } filter = {
+ .rssi = DISTANCE_VAL_INVALID,
+@@ -1205,6 +1206,11 @@ static void set_discovery_filter_setup(DBusMessageIter *iter, void *user_data)
+ DBUS_TYPE_BOOLEAN,
+ &args->duplicate);
+
++ if (args->discoverable)
++ g_dbus_dict_append_entry(&dict, "Discoverable",
++ DBUS_TYPE_BOOLEAN,
++ &args->discoverable);
++
+ dbus_message_iter_close_container(iter, &dict);
+ }
+
+@@ -1362,6 +1368,26 @@ static void cmd_scan_filter_duplicate_data(int argc, char *argv[])
+ filter.set = false;
+ }
+
++static void cmd_scan_filter_discoverable(int argc, char *argv[])
++{
++ if (argc < 2 || !strlen(argv[1])) {
++ bt_shell_printf("Discoverable: %s\n",
++ filter.discoverable ? "on" : "off");
++ return bt_shell_noninteractive_quit(EXIT_SUCCESS);
++ }
++
++ if (!strcmp(argv[1], "on"))
++ filter.discoverable = true;
++ else if (!strcmp(argv[1], "off"))
++ filter.discoverable = false;
++ else {
++ bt_shell_printf("Invalid option: %s\n", argv[1]);
++ return bt_shell_noninteractive_quit(EXIT_FAILURE);
++ }
++
++ filter.set = false;
++}
++
+ static void filter_clear_uuids(void)
+ {
+ g_strfreev(filter.uuids);
+@@ -2510,6 +2536,9 @@ static const struct bt_shell_menu scan_menu = {
+ { "duplicate-data", "[on/off]", cmd_scan_filter_duplicate_data,
+ "Set/Get duplicate data filter",
+ NULL },
++ { "discoverable", "[on/off]", cmd_scan_filter_discoverable,
++ "Set/Get discoverable filter",
++ NULL },
+ { "clear", "[uuids/rssi/pathloss/transport/duplicate-data]",
+ cmd_scan_filter_clear,
+ "Clears discovery filter.",
+--
+2.17.1
+Subject: [PATCH BlueZ 4/5] client: Add scan.clear discoverable
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-26 14:17:22
+Message-ID: 20180726141723.20199-4-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This implements scan.clear for discoverable filter.
+---
+ client/main.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/client/main.c b/client/main.c
+index 6e6f6d2fb..1a66a3ab4 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -1416,6 +1416,11 @@ static void filter_clear_duplicate(void)
+ filter.duplicate = false;
+ }
+
++static void filter_clear_discoverable(void)
++{
++ filter.discoverable = false;
++}
++
+ struct clear_entry {
+ const char *name;
+ void (*clear) (void);
+@@ -1427,6 +1432,7 @@ static const struct clear_entry filter_clear[] = {
+ { "pathloss", filter_clear_pathloss },
+ { "transport", filter_clear_transport },
+ { "duplicate-data", filter_clear_duplicate },
++ { "discoverable", filter_clear_discoverable },
+ {}
+ };
+
+@@ -2539,7 +2545,8 @@ static const struct bt_shell_menu scan_menu = {
+ { "discoverable", "[on/off]", cmd_scan_filter_discoverable,
+ "Set/Get discoverable filter",
+ NULL },
+- { "clear", "[uuids/rssi/pathloss/transport/duplicate-data]",
++ { "clear",
++ "[uuids/rssi/pathloss/transport/duplicate-data/discoverable]",
+ cmd_scan_filter_clear,
+ "Clears discovery filter.",
+ filter_clear_generator },
+--
+2.17.1
+Subject: [PATCH BlueZ 5/5] adapter: Fix not keeping discovery filters
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-26 14:17:23
+Message-ID: 20180726141723.20199-5-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+If the discovery has been stopped and the client has set filters those
+should be put back into filter list since the client may still be
+interested in using them the next time it start a scanning.
+---
+ src/adapter.c | 25 ++++++++++++++++---------
+ 1 file changed, 16 insertions(+), 9 deletions(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index bd9edddc6..822bd3472 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -1854,7 +1854,7 @@ static bool set_filtered_discoverable(struct btd_adapter *adapter, bool enable)
+ return set_discoverable(adapter, enable, 0);
+ }
+
+-static void discovery_remove(struct watch_client *client)
++static void discovery_remove(struct watch_client *client, bool exit)
+ {
+ struct btd_adapter *adapter = client->adapter;
+
+@@ -1882,7 +1882,11 @@ static void discovery_remove(struct watch_client *client)
+ set_filtered_discoverable(adapter, false);
+ }
+
+- discovery_free(client);
++ if (!exit && client->discovery_filter)
++ adapter->set_filter_list = g_slist_prepend(
++ adapter->set_filter_list, client);
++ else
++ discovery_free(client);
+
+ /*
+ * If there are other client discoveries in progress, then leave
+@@ -1911,8 +1915,11 @@ static void stop_discovery_complete(uint8_t status, uint16_t length,
+ goto done;
+ }
+
+- if (client->msg)
++ if (client->msg) {
+ g_dbus_send_reply(dbus_conn, client->msg, DBUS_TYPE_INVALID);
++ dbus_message_unref(client->msg);
++ client->msg = NULL;
++ }
+
+ adapter->discovery_type = 0x00;
+ adapter->discovery_enable = 0x00;
+@@ -1925,7 +1932,7 @@ static void stop_discovery_complete(uint8_t status, uint16_t length,
+ trigger_passive_scanning(adapter);
+
+ done:
+- discovery_remove(client);
++ discovery_remove(client, false);
+ }
+
+ static int compare_sender(gconstpointer a, gconstpointer b)
+@@ -2146,14 +2153,14 @@ static int update_discovery_filter(struct btd_adapter *adapter)
+ return -EINPROGRESS;
+ }
+
+-static int discovery_stop(struct watch_client *client)
++static int discovery_stop(struct watch_client *client, bool exit)
+ {
+ struct btd_adapter *adapter = client->adapter;
+ struct mgmt_cp_stop_discovery cp;
+
+ /* Check if there are more client discovering */
+ if (g_slist_next(adapter->discovery_list)) {
+- discovery_remove(client);
++ discovery_remove(client, exit);
+ update_discovery_filter(adapter);
+ return 0;
+ }
+@@ -2163,7 +2170,7 @@ static int discovery_stop(struct watch_client *client)
+ * and so it is enough to send out the signal and just return.
+ */
+ if (adapter->discovery_enable == 0x00) {
+- discovery_remove(client);
++ discovery_remove(client, exit);
+ adapter->discovering = false;
+ g_dbus_emit_property_changed(dbus_conn, adapter->path,
+ ADAPTER_INTERFACE, "Discovering");
+@@ -2188,7 +2195,7 @@ static void discovery_disconnect(DBusConnection *conn, void *user_data)
+
+ DBG("owner %s", client->owner);
+
+- discovery_stop(client);
++ discovery_stop(client, true);
+ }
+
+ /*
+@@ -2586,7 +2593,7 @@ static DBusMessage *stop_discovery(DBusConnection *conn,
+ if (client->msg)
+ return btd_error_busy(msg);
+
+- err = discovery_stop(client);
++ err = discovery_stop(client, false);
+ switch (err) {
+ case 0:
+ return dbus_message_new_method_return(msg);
+--
+2.17.1
diff --git a/meta/recipes-connectivity/bluez5/bluez5/init b/meta/recipes-connectivity/bluez5/bluez5/init
index d7972f2d95..ca9fa18549 100644
--- a/meta/recipes-connectivity/bluez5/bluez5/init
+++ b/meta/recipes-connectivity/bluez5/bluez5/init
@@ -1,5 +1,8 @@
#!/bin/sh
+# Source function library
+. /etc/init.d/functions
+
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DESC=bluetooth
@@ -44,14 +47,7 @@ case $1 in
$0 start
;;
status)
- pidof ${DAEMON} >/dev/null
- status=$?
- if [ $status -eq 0 ]; then
- echo "bluetooth is running."
- else
- echo "bluetooth is not running"
- fi
- exit $status
+ status ${DAEMON} || exit $?
;;
*)
N=/etc/init.d/bluetooth
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch b/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch
new file mode 100644
index 0000000000..1bc1422475
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch
@@ -0,0 +1,79 @@
+From 8194daabfd590f17825f0c61e9534bee5c99cc86 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Fri, 14 Sep 2018 13:41:41 -0400
+Subject: [master] Added includes of new BIND9 compatibility headers
+
+ Merges in rt48072.
+
+Upstream-Status: Backport
+Signed-off-by: Adrian Bunk <bunk@stusta.de>
+
+diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h
+index 75a87ff6..538b927f 100644
+--- a/includes/omapip/isclib.h
++++ b/includes/omapip/isclib.h
+@@ -48,6 +48,9 @@
+ #include <string.h>
+ #include <netdb.h>
+
++#include <isc/boolean.h>
++#include <isc/int.h>
++
+ #include <isc/buffer.h>
+ #include <isc/lex.h>
+ #include <isc/lib.h>
+diff --git a/includes/omapip/result.h b/includes/omapip/result.h
+index 91243e1b..860298f6 100644
+--- a/includes/omapip/result.h
++++ b/includes/omapip/result.h
+@@ -26,6 +26,7 @@
+ #ifndef DHCP_RESULT_H
+ #define DHCP_RESULT_H 1
+
++#include <isc/boolean.h>
+ #include <isc/lang.h>
+ #include <isc/resultclass.h>
+ #include <isc/types.h>
+diff --git a/server/dhcpv6.c b/server/dhcpv6.c
+index a7110f98..cde4f617 100644
+--- a/server/dhcpv6.c
++++ b/server/dhcpv6.c
+@@ -1034,7 +1034,8 @@ void check_pool6_threshold(struct reply_state *reply,
+ shared_name,
+ inet_ntop(AF_INET6, &lease->addr,
+ tmp_addr, sizeof(tmp_addr)),
+- used, count);
++ (long long unsigned)(used),
++ (long long unsigned)(count));
+ }
+ return;
+ }
+@@ -1066,7 +1067,8 @@ void check_pool6_threshold(struct reply_state *reply,
+ "address: %s; high threshold %d%% %llu/%llu.",
+ shared_name,
+ inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
+- poolhigh, used, count);
++ poolhigh, (long long unsigned)(used),
++ (long long unsigned)(count));
+
+ /* handle the low threshold now, if we don't
+ * have one we default to 0. */
+@@ -1436,12 +1438,15 @@ pick_v6_address(struct reply_state *reply)
+ log_debug("Unable to pick client address: "
+ "no addresses available - shared network %s: "
+ " 2^64-1 < total, %llu active, %llu abandoned",
+- shared_name, active - abandoned, abandoned);
++ shared_name, (long long unsigned)(active - abandoned),
++ (long long unsigned)(abandoned));
+ } else {
+ log_debug("Unable to pick client address: "
+ "no addresses available - shared network %s: "
+ "%llu total, %llu active, %llu abandoned",
+- shared_name, total, active - abandoned, abandoned);
++ shared_name, (long long unsigned)(total),
++ (long long unsigned)(active - abandoned),
++ (long long unsigned)(abandoned));
+ }
+
+ return ISC_R_NORESOURCES;
+
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch b/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch
deleted file mode 100644
index 006d18ae7f..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From 92875f5cc44914515e50c11c503a09cec90497b2 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Sat, 11 Jun 2016 22:51:44 -0400
-Subject: [PATCH 08/11] tweak to support external bind
-
-Tweak the external bind to oe-core's sysroot rather than
-external bind source build.
-
-Upstream-Status: Inappropriate <oe-core specific>
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- client/Makefile.am | 2 +-
- client/tests/Makefile.am | 2 +-
- common/tests/Makefile.am | 2 +-
- dhcpctl/Makefile.am | 2 +-
- omapip/Makefile.am | 2 +-
- relay/Makefile.am | 2 +-
- server/Makefile.am | 2 +-
- server/tests/Makefile.am | 2 +-
- 8 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/client/Makefile.am b/client/Makefile.am
-index 4730bb3..84d8131 100644
---- a/client/Makefile.am
-+++ b/client/Makefile.am
-@@ -4,7 +4,7 @@
- # production code. Sadly, we are not there yet.
- SUBDIRS = . tests
-
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
-
- AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
- -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes
-diff --git a/client/tests/Makefile.am b/client/tests/Makefile.am
-index 5031d0c..a8dfd26 100644
---- a/client/tests/Makefile.am
-+++ b/client/tests/Makefile.am
-@@ -1,6 +1,6 @@
- SUBDIRS = .
-
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
-
- AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
- AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir)
-diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am
-index f6a43e4..2f98d22 100644
---- a/common/tests/Makefile.am
-+++ b/common/tests/Makefile.am
-@@ -1,6 +1,6 @@
- SUBDIRS = .
-
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
-
- AM_CPPFLAGS = $(ATF_CFLAGS) -I$(top_srcdir)/includes
-
-diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
-index ba8dd8b..9b2486e 100644
---- a/dhcpctl/Makefile.am
-+++ b/dhcpctl/Makefile.am
-@@ -1,4 +1,4 @@
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
-
- AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
-
-diff --git a/omapip/Makefile.am b/omapip/Makefile.am
-index dd1afa0..e4a8599 100644
---- a/omapip/Makefile.am
-+++ b/omapip/Makefile.am
-@@ -1,4 +1,4 @@
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- AM_CPPFLAGS = -I$(top_srcdir)/includes
-
- lib_LIBRARIES = libomapi.a
-diff --git a/relay/Makefile.am b/relay/Makefile.am
-index 6d652f6..b3bf578 100644
---- a/relay/Makefile.am
-+++ b/relay/Makefile.am
-@@ -1,4 +1,4 @@
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
-
- AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
-
-diff --git a/server/Makefile.am b/server/Makefile.am
-index 3990b9c..b5d8c2d 100644
---- a/server/Makefile.am
-+++ b/server/Makefile.am
-@@ -4,7 +4,7 @@
- # production code. Sadly, we are not there yet.
- SUBDIRS = . tests
-
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
-
- AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
-
-diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
-index a87c5e7..9821081 100644
---- a/server/tests/Makefile.am
-+++ b/server/tests/Makefile.am
-@@ -1,6 +1,6 @@
- SUBDIRS = .
-
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
-
- AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
- AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir)
---
-1.8.3.1
-
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb b/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
index 159abbc405..e8cc731a26 100644
--- a/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
+++ b/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat
file://0009-remove-dhclient-script-bash-dependency.patch \
file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \
file://0013-fixup_use_libbind.patch \
+ file://0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch \
"
SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede"
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch
new file mode 100644
index 0000000000..900ef97fce
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch
@@ -0,0 +1,69 @@
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/f426625b6ae9a7831010750490a5f0ad689c5ba3]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From f426625b6ae9a7831010750490a5f0ad689c5ba3 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 5 Mar 2019 14:39:15 +0000
+Subject: [PATCH] Prevent over long nonces in ChaCha20-Poly1305
+
+ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
+every encryption operation. RFC 7539 specifies that the nonce value (IV)
+should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and
+front pads the nonce with 0 bytes if it is less than 12 bytes. However it
+also incorrectly allows a nonce to be set of up to 16 bytes. In this case
+only the last 12 bytes are significant and any additional leading bytes are
+ignored.
+
+It is a requirement of using this cipher that nonce values are unique.
+Messages encrypted using a reused nonce value are susceptible to serious
+confidentiality and integrity attacks. If an application changes the
+default nonce length to be longer than 12 bytes and then makes a change to
+the leading bytes of the nonce expecting the new value to be a new unique
+nonce then such an application could inadvertently encrypt messages with a
+reused nonce.
+
+Additionally the ignored bytes in a long nonce are not covered by the
+integrity guarantee of this cipher. Any application that relies on the
+integrity of these ignored leading bytes of a long nonce may be further
+affected.
+
+Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe
+because no such use sets such a long nonce value. However user
+applications that use this cipher directly and set a non-default nonce
+length to be longer than 12 bytes may be vulnerable.
+
+CVE: CVE-2019-1543
+
+Fixes #8345
+
+Reviewed-by: Paul Dale <paul.dale@oracle.com>
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8406)
+
+(cherry picked from commit 2a3d0ee9d59156c48973592331404471aca886d6)
+---
+ crypto/evp/e_chacha20_poly1305.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
+index c1917bb86a6..d3e2c622a1b 100644
+--- a/crypto/evp/e_chacha20_poly1305.c
++++ b/crypto/evp/e_chacha20_poly1305.c
+@@ -30,6 +30,8 @@ typedef struct {
+
+ #define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
+
++#define CHACHA20_POLY1305_MAX_IVLEN 12
++
+ static int chacha_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char user_key[CHACHA_KEY_SIZE],
+ const unsigned char iv[CHACHA_CTR_SIZE], int enc)
+@@ -533,7 +535,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+ return 1;
+
+ case EVP_CTRL_AEAD_SET_IVLEN:
+- if (arg <= 0 || arg > CHACHA_CTR_SIZE)
++ if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
+ return 0;
+ actx->nonce_len = arg;
+ return 1;
diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch
new file mode 100644
index 0000000000..7c4b084f3d
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/afalg.patch
@@ -0,0 +1,31 @@
+Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
+
+Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/Configure b/Configure
+index 3baa8ce..9ef52ed 100755
+--- a/Configure
++++ b/Configure
+@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"})
+ unless ($disabled{afalgeng}) {
+ $config{afalgeng}="";
+ if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
+- my $minver = 4*10000 + 1*100 + 0;
+- if ($config{CROSS_COMPILE} eq "") {
+- my $verstr = `uname -r`;
+- my ($ma, $mi1, $mi2) = split("\\.", $verstr);
+- ($mi2) = $mi2 =~ /(\d+)/;
+- my $ver = $ma*10000 + $mi1*100 + $mi2;
+- if ($ver < $minver) {
+- $disabled{afalgeng} = "too-old-kernel";
+- } else {
+- push @{$config{engdirs}}, "afalg";
+- }
+- } else {
+- $disabled{afalgeng} = "cross-compiling";
+- }
++ push @{$config{engdirs}}, "afalg";
+ } else {
+ $disabled{afalgeng} = "not-linux";
+ }
diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest
index 0a620dea74..3fb22471f8 100644
--- a/meta/recipes-connectivity/openssl/openssl/run-ptest
+++ b/meta/recipes-connectivity/openssl/openssl/run-ptest
@@ -9,4 +9,4 @@ export TOP=.
# OPENSSL_ENGINES is relative from the test binaries
export OPENSSL_ENGINES=../engines
-perl ./test/run_tests.pl $*
+perl ./test/run_tests.pl $* | perl -0pe 's#(.*) \.*.ok#PASS: \1#g; s#(.*) \.*.skipped: (.*)#SKIP: \1 (\2)#g; s#(.*) \.*.\nDubious#FAIL: \1#;'
diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
index 54af100f90..da7223dc1a 100644
--- a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
+++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
@@ -53,8 +53,8 @@ SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[md5sum] = "7563e1ce046cb21948eeb6ba1a0eb71c"
-SRC_URI[sha256sum] = "5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684"
+SRC_URI[md5sum] = "0d2baaf04c56d542f6cc757b9c2a2aac"
+SRC_URI[sha256sum] = "ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6"
S = "${WORKDIR}/openssl-${PV}"
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb
index e9e9facd34..337aaa1798 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb
@@ -7,7 +7,7 @@ SECTION = "libs/network"
# "openssl" here actually means both OpenSSL and SSLeay licenses apply
# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped)
LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
DEPENDS = "hostperl-runtime-native"
@@ -16,17 +16,25 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://openssl-c_rehash.sh \
file://0001-skip-test_symbol_presence.patch \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
+ file://afalg.patch \
+ file://CVE-2019-1543.patch \
"
SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[md5sum] = "963deb2272d6be7d4c2458afd2517b73"
-SRC_URI[sha256sum] = "fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41"
+SRC_URI[md5sum] = "4532712e7bcc9414f5bce995e4e13930"
+SRC_URI[sha256sum] = "5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b"
inherit lib_package multilib_header ptest
+PACKAGECONFIG ?= ""
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux"
+
B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"
@@ -197,7 +205,7 @@ CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
RRECOMMENDS_libcrypto += "openssl-conf"
RDEPENDS_${PN}-bin = "perl"
RDEPENDS_${PN}-misc = "perl"
-RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash python"
+RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
RPROVIDES_openssl-conf = "openssl10-conf"
RREPLACES_openssl-conf = "openssl10-conf"
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
new file mode 100644
index 0000000000..a476cf040e
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
@@ -0,0 +1,52 @@
+From 94c401733a5a3d294cc412671166e6adfb409f53 Mon Sep 17 00:00:00 2001
+From: Joshua DeWeese <jdeweese@hennypenny.com>
+Date: Wed, 30 Jan 2019 16:19:47 -0500
+Subject: [PATCH] replace systemd install Alias with WantedBy
+
+According to the systemd documentation "WantedBy=foo.service in a
+service bar.service is mostly equivalent to
+Alias=foo.service.wants/bar.service in the same file." However,
+this is not really the intended purpose of install Aliases.
+
+Upstream-Status: Submitted [hostap@lists.infradead.org]
+
+Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com>
+---
+ wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | 2 +-
+ wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in | 2 +-
+ wpa_supplicant/systemd/wpa_supplicant.service.arg.in | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
+index 03ac507..da69a87 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I
+
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant-nl80211@%i.service
++WantedBy=multi-user.target
+diff --git a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
+index c8a744d..ca3054b 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I
+
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant-wired@%i.service
++WantedBy=multi-user.target
+diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+index 7788b38..55d2b9c 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
+
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant@%i.service
++WantedBy=multi-user.target
+--
+2.7.4
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
index aa4c4c2da0..c92ed4ab93 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
@@ -33,6 +33,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
file://key-replay-cve-multiple7.patch \
file://key-replay-cve-multiple8.patch \
file://wpa_supplicant-CVE-2018-14526.patch \
+ file://0001-replace-systemd-install-Alias-with-WantedBy.patch \
"
SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"
SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"
diff --git a/meta/recipes-core/busybox/busybox/CVE-2018-20679.patch b/meta/recipes-core/busybox/busybox/CVE-2018-20679.patch
new file mode 100644
index 0000000000..e4693768e0
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2018-20679.patch
@@ -0,0 +1,142 @@
+From 6d3b4bb24da9a07c263f3c1acf8df85382ff562c Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 17 Dec 2018 18:07:18 +0100
+Subject: [PATCH] udhcpc: check that 4-byte options are indeed 4-byte, closes
+ 11506
+
+function old new delta
+udhcp_get_option32 - 27 +27
+udhcp_get_option 231 248 +17
+------------------------------------------------------------------------------
+(add/remove: 1/0 grow/shrink: 1/0 up/down: 44/0) Total: 44 bytes
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+
+Upstream-Status: Backport
+CVE: CVE-2018-20679
+
+Affects < 1.30.0
+
+signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ networking/udhcp/common.c | 19 +++++++++++++++++++
+ networking/udhcp/common.h | 4 ++++
+ networking/udhcp/dhcpc.c | 6 +++---
+ networking/udhcp/dhcpd.c | 6 +++---
+ 4 files changed, 29 insertions(+), 6 deletions(-)
+
+Index: busybox-1.29.3/networking/udhcp/common.c
+===================================================================
+--- busybox-1.29.3.orig/networking/udhcp/common.c
++++ busybox-1.29.3/networking/udhcp/common.c
+@@ -270,6 +270,15 @@ uint8_t* FAST_FUNC udhcp_get_option(stru
+ goto complain; /* complain and return NULL */
+
+ if (optionptr[OPT_CODE] == code) {
++ if (optionptr[OPT_LEN] == 0) {
++ /* So far no valid option with length 0 known.
++ * Having this check means that searching
++ * for DHCP_MESSAGE_TYPE need not worry
++ * that returned pointer might be unsafe
++ * to dereference.
++ */
++ goto complain; /* complain and return NULL */
++ }
+ log_option("option found", optionptr);
+ return optionptr + OPT_DATA;
+ }
+@@ -287,6 +296,16 @@ uint8_t* FAST_FUNC udhcp_get_option(stru
+ return NULL;
+ }
+
++uint8_t* FAST_FUNC udhcp_get_option32(struct dhcp_packet *packet, int code)
++{
++ uint8_t *r = udhcp_get_option(packet, code);
++ if (r) {
++ if (r[-1] != 4)
++ r = NULL;
++ }
++ return r;
++}
++
+ /* Return the position of the 'end' option (no bounds checking) */
+ int FAST_FUNC udhcp_end_option(uint8_t *optionptr)
+ {
+Index: busybox-1.29.3/networking/udhcp/common.h
+===================================================================
+--- busybox-1.29.3.orig/networking/udhcp/common.h
++++ busybox-1.29.3/networking/udhcp/common.h
+@@ -204,6 +204,10 @@ extern const uint8_t dhcp_option_lengths
+ unsigned FAST_FUNC udhcp_option_idx(const char *name, const char *option_strings);
+
+ uint8_t *udhcp_get_option(struct dhcp_packet *packet, int code) FAST_FUNC;
++/* Same as above + ensures that option length is 4 bytes
++ * (returns NULL if size is different)
++ */
++uint8_t *udhcp_get_option32(struct dhcp_packet *packet, int code) FAST_FUNC;
+ int udhcp_end_option(uint8_t *optionptr) FAST_FUNC;
+ void udhcp_add_binary_option(struct dhcp_packet *packet, uint8_t *addopt) FAST_FUNC;
+ #if ENABLE_UDHCPC || ENABLE_UDHCPD
+Index: busybox-1.29.3/networking/udhcp/dhcpc.c
+===================================================================
+--- busybox-1.29.3.orig/networking/udhcp/dhcpc.c
++++ busybox-1.29.3/networking/udhcp/dhcpc.c
+@@ -1694,7 +1694,7 @@ int udhcpc_main(int argc UNUSED_PARAM, c
+ * They say ISC DHCP client supports this case.
+ */
+ server_addr = 0;
+- temp = udhcp_get_option(&packet, DHCP_SERVER_ID);
++ temp = udhcp_get_option32(&packet, DHCP_SERVER_ID);
+ if (!temp) {
+ bb_error_msg("no server ID, using 0.0.0.0");
+ } else {
+@@ -1721,7 +1721,7 @@ int udhcpc_main(int argc UNUSED_PARAM, c
+ struct in_addr temp_addr;
+ uint8_t *temp;
+
+- temp = udhcp_get_option(&packet, DHCP_LEASE_TIME);
++ temp = udhcp_get_option32(&packet, DHCP_LEASE_TIME);
+ if (!temp) {
+ bb_error_msg("no lease time with ACK, using 1 hour lease");
+ lease_seconds = 60 * 60;
+@@ -1817,7 +1817,7 @@ int udhcpc_main(int argc UNUSED_PARAM, c
+ uint32_t svid;
+ uint8_t *temp;
+
+- temp = udhcp_get_option(&packet, DHCP_SERVER_ID);
++ temp = udhcp_get_option32(&packet, DHCP_SERVER_ID);
+ if (!temp) {
+ non_matching_svid:
+ log1("received DHCP NAK with wrong"
+Index: busybox-1.29.3/networking/udhcp/dhcpd.c
+===================================================================
+--- busybox-1.29.3.orig/networking/udhcp/dhcpd.c
++++ busybox-1.29.3/networking/udhcp/dhcpd.c
+@@ -640,7 +640,7 @@ static void add_server_options(struct dh
+ static uint32_t select_lease_time(struct dhcp_packet *packet)
+ {
+ uint32_t lease_time_sec = server_config.max_lease_sec;
+- uint8_t *lease_time_opt = udhcp_get_option(packet, DHCP_LEASE_TIME);
++ uint8_t *lease_time_opt = udhcp_get_option32(packet, DHCP_LEASE_TIME);
+ if (lease_time_opt) {
+ move_from_unaligned32(lease_time_sec, lease_time_opt);
+ lease_time_sec = ntohl(lease_time_sec);
+@@ -987,7 +987,7 @@ int udhcpd_main(int argc UNUSED_PARAM, c
+ }
+
+ /* Get SERVER_ID if present */
+- server_id_opt = udhcp_get_option(&packet, DHCP_SERVER_ID);
++ server_id_opt = udhcp_get_option32(&packet, DHCP_SERVER_ID);
+ if (server_id_opt) {
+ uint32_t server_id_network_order;
+ move_from_unaligned32(server_id_network_order, server_id_opt);
+@@ -1011,7 +1011,7 @@ int udhcpd_main(int argc UNUSED_PARAM, c
+ }
+
+ /* Get REQUESTED_IP if present */
+- requested_ip_opt = udhcp_get_option(&packet, DHCP_REQUESTED_IP);
++ requested_ip_opt = udhcp_get_option32(&packet, DHCP_REQUESTED_IP);
+ if (requested_ip_opt) {
+ move_from_unaligned32(requested_nip, requested_ip_opt);
+ }
diff --git a/meta/recipes-core/busybox/busybox/CVE-2019-5747.patch b/meta/recipes-core/busybox/busybox/CVE-2019-5747.patch
new file mode 100644
index 0000000000..4225b11e56
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2019-5747.patch
@@ -0,0 +1,60 @@
+From 74d9f1ba37010face4bd1449df4d60dd84450b06 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 7 Jan 2019 15:33:42 +0100
+Subject: [PATCH] udhcpc: when decoding DHCP_SUBNET, ensure it is 4 bytes long
+
+function old new delta
+udhcp_run_script 795 801 +6
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+
+Upstream-Status: Backport
+CVE: CVE-2019-5747
+Affects < 1.30.0
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ networking/udhcp/common.c | 2 +-
+ networking/udhcp/common.h | 2 +-
+ networking/udhcp/dhcpc.c | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+Index: busybox-1.29.3/networking/udhcp/common.c
+===================================================================
+--- busybox-1.29.3.orig/networking/udhcp/common.c
++++ busybox-1.29.3/networking/udhcp/common.c
+@@ -300,7 +300,7 @@ uint8_t* FAST_FUNC udhcp_get_option32(st
+ {
+ uint8_t *r = udhcp_get_option(packet, code);
+ if (r) {
+- if (r[-1] != 4)
++ if (r[-OPT_DATA + OPT_LEN] != 4)
+ r = NULL;
+ }
+ return r;
+Index: busybox-1.29.3/networking/udhcp/common.h
+===================================================================
+--- busybox-1.29.3.orig/networking/udhcp/common.h
++++ busybox-1.29.3/networking/udhcp/common.h
+@@ -119,7 +119,7 @@ enum {
+ //#define DHCP_TIME_SERVER 0x04 /* RFC 868 time server (32-bit, 0 = 1.1.1900) */
+ //#define DHCP_NAME_SERVER 0x05 /* IEN 116 _really_ ancient kind of NS */
+ //#define DHCP_DNS_SERVER 0x06
+-//#define DHCP_LOG_SERVER 0x07 /* port 704 UDP log (not syslog)
++//#define DHCP_LOG_SERVER 0x07 /* port 704 UDP log (not syslog) */
+ //#define DHCP_COOKIE_SERVER 0x08 /* "quote of the day" server */
+ //#define DHCP_LPR_SERVER 0x09
+ #define DHCP_HOST_NAME 0x0c /* either client informs server or server gives name to client */
+Index: busybox-1.29.3/networking/udhcp/dhcpc.c
+===================================================================
+--- busybox-1.29.3.orig/networking/udhcp/dhcpc.c
++++ busybox-1.29.3/networking/udhcp/dhcpc.c
+@@ -526,7 +526,7 @@ static char **fill_envp(struct dhcp_pack
+ temp = udhcp_get_option(packet, code);
+ *curr = xmalloc_optname_optval(temp, &dhcp_optflags[i], opt_name);
+ putenv(*curr++);
+- if (code == DHCP_SUBNET) {
++ if (code == DHCP_SUBNET && temp[-OPT_DATA + OPT_LEN] == 4) {
+ /* Subnet option: make things like "$ip/$mask" possible */
+ uint32_t subnet;
+ move_from_unaligned32(subnet, temp);
diff --git a/meta/recipes-core/busybox/busybox_1.29.3.bb b/meta/recipes-core/busybox/busybox_1.29.3.bb
index 6064e9fdc6..5714d70768 100644
--- a/meta/recipes-core/busybox/busybox_1.29.3.bb
+++ b/meta/recipes-core/busybox/busybox_1.29.3.bb
@@ -41,6 +41,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
file://rcS \
file://rcK \
file://makefile-libbb-race.patch \
+ file://CVE-2018-20679.patch \
+ file://CVE-2019-5747.patch \
"
SRC_URI_append_libc-musl = " file://musl.cfg "
diff --git a/meta/recipes-core/dbus/dbus/CVE-2019-12749.patch b/meta/recipes-core/dbus/dbus/CVE-2019-12749.patch
new file mode 100644
index 0000000000..393c70ca21
--- /dev/null
+++ b/meta/recipes-core/dbus/dbus/CVE-2019-12749.patch
@@ -0,0 +1,127 @@
+From f0120c5d97a4cc1b659e86d38f2b1f646ca20ea3 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Thu, 30 May 2019 12:53:03 +0100
+Subject: [PATCH] auth: Reject DBUS_COOKIE_SHA1 for users other than the server
+ owner
+
+The DBUS_COOKIE_SHA1 authentication mechanism aims to prove ownership
+of a shared home directory by having the server write a secret "cookie"
+into a .dbus-keyrings subdirectory of the desired identity's home
+directory with 0700 permissions, and having the client prove that it can
+read the cookie. This never actually worked for non-malicious clients in
+the case where server uid != client uid (unless the server and client
+both have privileges, such as Linux CAP_DAC_OVERRIDE or traditional
+Unix uid 0) because an unprivileged server would fail to write out the
+cookie, and an unprivileged client would be unable to read the resulting
+file owned by the server.
+
+Additionally, since dbus 1.7.10 we have checked that ~/.dbus-keyrings
+is owned by the uid of the server (a side-effect of a check added to
+harden our use of XDG_RUNTIME_DIR), further ruling out successful use
+by a non-malicious client with a uid differing from the server's.
+
+Joe Vennix of Apple Information Security discovered that the
+implementation of DBUS_COOKIE_SHA1 was susceptible to a symbolic link
+attack: a malicious client with write access to its own home directory
+could manipulate a ~/.dbus-keyrings symlink to cause the DBusServer to
+read and write in unintended locations. In the worst case this could
+result in the DBusServer reusing a cookie that is known to the
+malicious client, and treating that cookie as evidence that a subsequent
+client connection came from an attacker-chosen uid, allowing
+authentication bypass.
+
+This is mitigated by the fact that by default, the well-known system
+dbus-daemon (since 2003) and the well-known session dbus-daemon (in
+stable releases since dbus 1.10.0 in 2015) only accept the EXTERNAL
+authentication mechanism, and as a result will reject DBUS_COOKIE_SHA1
+at an early stage, before manipulating cookies. As a result, this
+vulnerability only applies to:
+
+* system or session dbus-daemons with non-standard configuration
+* third-party dbus-daemon invocations such as at-spi2-core (although
+ in practice at-spi2-core also only accepts EXTERNAL by default)
+* third-party uses of DBusServer such as the one in Upstart
+
+Avoiding symlink attacks in a portable way is difficult, because APIs
+like openat() and Linux /proc/self/fd are not universally available.
+However, because DBUS_COOKIE_SHA1 already doesn't work in practice for
+a non-matching uid, we can solve this vulnerability in an easier way
+without regressions, by rejecting it early (before looking at
+~/.dbus-keyrings) whenever the requested identity doesn't match the
+identity of the process hosting the DBusServer.
+
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+Closes: https://gitlab.freedesktop.org/dbus/dbus/issues/269
+Closes: CVE-2019-12749
+
+Upstream-Status: Backport
+[https://gitlab.freedesktop.org/dbus/dbus/commit
+/47b1a4c41004bf494b87370987b222c934b19016]
+
+CVE: CVE-2019-12749
+
+Signed-off-by: Kevin Weng <t-keweng@microsoft.com>
+---
+ dbus/dbus-auth.c | 32 ++++++++++++++++++++++++++++++++
+ 1 file changed, 32 insertions(+)
+
+diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
+index 37d8d4c9..7390a9d5 100644
+--- a/dbus/dbus-auth.c
++++ b/dbus/dbus-auth.c
+@@ -529,6 +529,7 @@ sha1_handle_first_client_response (DBusAuth *auth,
+ DBusString tmp2;
+ dbus_bool_t retval = FALSE;
+ DBusError error = DBUS_ERROR_INIT;
++ DBusCredentials *myself = NULL;
+
+ _dbus_string_set_length (&auth->challenge, 0);
+
+@@ -565,6 +566,34 @@ sha1_handle_first_client_response (DBusAuth *auth,
+ return FALSE;
+ }
+
++ myself = _dbus_credentials_new_from_current_process ();
++
++ if (myself == NULL)
++ goto out;
++
++ if (!_dbus_credentials_same_user (myself, auth->desired_identity))
++ {
++ /*
++ * DBUS_COOKIE_SHA1 is not suitable for authenticating that the
++ * client is anyone other than the user owning the process
++ * containing the DBusServer: we probably aren't allowed to write
++ * to other users' home directories. Even if we can (for example
++ * uid 0 on traditional Unix or CAP_DAC_OVERRIDE on Linux), we
++ * must not, because the other user controls their home directory,
++ * and could carry out symlink attacks to make us read from or
++ * write to unintended locations. It's difficult to avoid symlink
++ * attacks in a portable way, so we just don't try. This isn't a
++ * regression, because DBUS_COOKIE_SHA1 never worked for other
++ * users anyway.
++ */
++ _dbus_verbose ("%s: client tried to authenticate as \"%s\", "
++ "but that doesn't match this process",
++ DBUS_AUTH_NAME (auth),
++ _dbus_string_get_const_data (data));
++ retval = send_rejected (auth);
++ goto out;
++ }
++
+ /* we cache the keyring for speed, so here we drop it if it's the
+ * wrong one. FIXME caching the keyring here is useless since we use
+ * a different DBusAuth for every connection.
+@@ -679,6 +708,9 @@ sha1_handle_first_client_response (DBusAuth *auth,
+ _dbus_string_zero (&tmp2);
+ _dbus_string_free (&tmp2);
+
++ if (myself != NULL)
++ _dbus_credentials_unref (myself);
++
+ return retval;
+ }
+
+--
+2.22.0
+
diff --git a/meta/recipes-core/dbus/dbus_1.12.10.bb b/meta/recipes-core/dbus/dbus_1.12.10.bb
index d71f7f7042..d7ad1d8be4 100644
--- a/meta/recipes-core/dbus/dbus_1.12.10.bb
+++ b/meta/recipes-core/dbus/dbus_1.12.10.bb
@@ -16,6 +16,7 @@ SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
file://tmpdir.patch \
file://dbus-1.init \
file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
+ file://CVE-2019-12749.patch \
"
SRC_URI[md5sum] = "c3e12b4206e2a7da39d7cc42567790ef"
diff --git a/meta/recipes-core/expat/expat/CVE-2018-20843.patch b/meta/recipes-core/expat/expat/CVE-2018-20843.patch
new file mode 100644
index 0000000000..af6641eff1
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2018-20843.patch
@@ -0,0 +1,26 @@
+From 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Wed, 12 Jun 2019 15:42:22 +0200
+Subject: [PATCH] xmlparse.c: Fix extraction of namespace prefix from XML name
+ (#186)
+
+Upstream-Status: Backport
+CVE: CVE-2018-20843
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ expat/lib/xmlparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 30d55c5c..737d7cd2 100644
+--- a/expat/lib/xmlparse.c
++++ b/expat/lib/xmlparse.c
+@@ -6071,7 +6071,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType)
+ else
+ poolDiscard(&dtd->pool);
+ elementType->prefix = prefix;
+-
++ break;
+ }
+ }
+ return 1;
diff --git a/meta/recipes-core/expat/expat_2.2.6.bb b/meta/recipes-core/expat/expat_2.2.6.bb
index c9e6081a35..0cef70555a 100644
--- a/meta/recipes-core/expat/expat_2.2.6.bb
+++ b/meta/recipes-core/expat/expat_2.2.6.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=5b8620d98e49772d95fc1d291c26aa79"
SRC_URI = "${SOURCEFORGE_MIRROR}/expat/expat-${PV}.tar.bz2 \
file://autotools.patch \
file://libtool-tag.patch \
+ file://CVE-2018-20843.patch;striplevel=2 \
"
SRC_URI[md5sum] = "ca047ae951b40020ac831c28859161b2"
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch
new file mode 100644
index 0000000000..37ad5808f5
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch
@@ -0,0 +1,59 @@
+From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Thu, 23 May 2019 10:41:53 +0200
+Subject: [PATCH] gfile: Limit access to files when copying
+
+file_copy_fallback creates new files with default permissions and
+set the correct permissions after the operation is finished. This
+might cause that the files can be accessible by more users during
+the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
+files to limit access to those files.
+
+Upstream-Status: Backport
+https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
+CVE: CVE-2019-12450
+Signed-off-by: Armin kuster <akuster@mvista.com>
+
+---
+ gio/gfile.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/gio/gfile.c b/gio/gfile.c
+index 24b136d..74b5804 100644
+--- a/gio/gfile.c
++++ b/gio/gfile.c
+@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source,
+ out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
+ FALSE, NULL,
+ flags & G_FILE_COPY_BACKUP,
+- G_FILE_CREATE_REPLACE_DESTINATION,
+- info,
++ G_FILE_CREATE_REPLACE_DESTINATION |
++ G_FILE_CREATE_PRIVATE, info,
+ cancellable, error);
+ else
+ out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
+- FALSE, 0, info,
++ FALSE, G_FILE_CREATE_PRIVATE, info,
+ cancellable, error);
+ }
+ else if (flags & G_FILE_COPY_OVERWRITE)
+@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source,
+ out = (GOutputStream *)g_file_replace (destination,
+ NULL,
+ flags & G_FILE_COPY_BACKUP,
+- G_FILE_CREATE_REPLACE_DESTINATION,
++ G_FILE_CREATE_REPLACE_DESTINATION |
++ G_FILE_CREATE_PRIVATE,
+ cancellable, error);
+ }
+ else
+ {
+- out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
++ out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
+ }
+
+ if (!out)
+--
+2.7.4
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch
new file mode 100644
index 0000000000..29c5d98402
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch
@@ -0,0 +1,47 @@
+From c7f7fd53780f8caebccc903d61ffc21632b46a6c Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Tue, 22 Jan 2019 13:26:31 -0500
+Subject: [PATCH] keyfile settings: Use tighter permissions
+
+When creating directories, create them with 700 permissions,
+instead of 777.
+
+Closes: #1658
+
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/glib/commit
+/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429]
+
+CVE: CVE-2019-13012
+
+Signed-off-by: Kevin Weng <t-keweng@microsoft.com>
+---
+ gio/gkeyfilesettingsbackend.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
+index a37978e83..580a0b0a1 100644
+--- a/gio/gkeyfilesettingsbackend.c
++++ b/gio/gkeyfilesettingsbackend.c
+@@ -89,7 +89,8 @@ g_keyfile_settings_backend_keyfile_write (GKeyfileSettingsBackend *kfsb)
+
+ contents = g_key_file_to_data (kfsb->keyfile, &length, NULL);
+ g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE,
+- G_FILE_CREATE_REPLACE_DESTINATION,
++ G_FILE_CREATE_REPLACE_DESTINATION |
++ G_FILE_CREATE_PRIVATE,
+ NULL, NULL, NULL);
+
+ compute_checksum (kfsb->digest, contents, length);
+@@ -640,7 +641,7 @@ g_keyfile_settings_backend_new (const gchar *filename,
+
+ kfsb->file = g_file_new_for_path (filename);
+ kfsb->dir = g_file_get_parent (kfsb->file);
+- g_file_make_directory_with_parents (kfsb->dir, NULL, NULL);
++ g_mkdir_with_parents (g_file_peek_path (kfsb->dir), 0700);
+
+ kfsb->file_monitor = g_file_monitor (kfsb->file, 0, NULL, NULL);
+ kfsb->dir_monitor = g_file_monitor (kfsb->dir, 0, NULL, NULL);
+--
+2.22.0
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-9633_p1.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-9633_p1.patch
new file mode 100644
index 0000000000..f95716aecf
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-9633_p1.patch
@@ -0,0 +1,316 @@
+From c1e32b90576af11556c8a9178e43902f3394a4b0 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Mon, 29 Oct 2018 09:53:07 -0400
+Subject: [PATCH] gsocketclient: Improve handling of slow initial connections
+
+Currently a new connection will not be attempted until the previous
+one has timed out and as the current API only exposes a single
+timeout value in practice it often means that it will wait 30 seconds
+(or forever with 0 (the default)) on each connection.
+
+This is unacceptable so we are now trying to follow the behavior
+RFC 8305 recommends by making multiple connection attempts if
+the connection takes longer than 250ms. The first connection
+to make it to completion then wins.
+
+Upstream-Status: Backport
+CVE: CVE-2019-9633 patch 1
+Affects: < 2.59.2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ gio/gsocketclient.c | 176 ++++++++++++++++++++++++++++++++++++++++++++--------
+ 1 file changed, 151 insertions(+), 25 deletions(-)
+
+diff --git a/gio/gsocketclient.c b/gio/gsocketclient.c
+index ddd1497..5c6513c 100644
+--- a/gio/gsocketclient.c
++++ b/gio/gsocketclient.c
+@@ -2,6 +2,7 @@
+ *
+ * Copyright © 2008, 2009 codethink
+ * Copyright © 2009 Red Hat, Inc
++ * Copyright © 2018 Igalia S.L.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+@@ -49,6 +50,10 @@
+ #include <gio/ginetaddress.h>
+ #include "glibintl.h"
+
++/* As recommended by RFC 8305 this is the time it waits
++ * on a connection before starting another concurrent attempt.
++ */
++#define HAPPY_EYEBALLS_CONNECTION_ATTEMPT_TIMEOUT_MS 250
+
+ /**
+ * SECTION:gsocketclient
+@@ -1328,28 +1333,82 @@ typedef struct
+ GSocketConnectable *connectable;
+ GSocketAddressEnumerator *enumerator;
+ GProxyAddress *proxy_addr;
+- GSocketAddress *current_addr;
+- GSocket *current_socket;
++ GSocket *socket;
+ GIOStream *connection;
+
++ GSList *connection_attempts;
+ GError *last_error;
+ } GSocketClientAsyncConnectData;
+
++static void connection_attempt_unref (gpointer attempt);
++
+ static void
+ g_socket_client_async_connect_data_free (GSocketClientAsyncConnectData *data)
+ {
+ g_clear_object (&data->connectable);
+ g_clear_object (&data->enumerator);
+ g_clear_object (&data->proxy_addr);
+- g_clear_object (&data->current_addr);
+- g_clear_object (&data->current_socket);
++ g_clear_object (&data->socket);
+ g_clear_object (&data->connection);
++ g_slist_free_full (data->connection_attempts, connection_attempt_unref);
+
+ g_clear_error (&data->last_error);
+
+ g_slice_free (GSocketClientAsyncConnectData, data);
+ }
+
++typedef struct
++{
++ GSocketAddress *address;
++ GSocket *socket;
++ GIOStream *connection;
++ GSocketClientAsyncConnectData *data; /* unowned */
++ GSource *timeout_source;
++ GCancellable *cancellable;
++ grefcount ref;
++} ConnectionAttempt;
++
++static ConnectionAttempt *
++connection_attempt_new (void)
++{
++ ConnectionAttempt *attempt = g_new0 (ConnectionAttempt, 1);
++ g_ref_count_init (&attempt->ref);
++ return attempt;
++}
++
++static ConnectionAttempt *
++connection_attempt_ref (ConnectionAttempt *attempt)
++{
++ g_ref_count_inc (&attempt->ref);
++ return attempt;
++}
++
++static void
++connection_attempt_unref (gpointer pointer)
++{
++ ConnectionAttempt *attempt = pointer;
++ if (g_ref_count_dec (&attempt->ref))
++ {
++ g_clear_object (&attempt->address);
++ g_clear_object (&attempt->socket);
++ g_clear_object (&attempt->connection);
++ g_clear_object (&attempt->cancellable);
++ if (attempt->timeout_source)
++ {
++ g_source_destroy (attempt->timeout_source);
++ g_source_unref (attempt->timeout_source);
++ }
++ g_free (attempt);
++ }
++}
++
++static void
++connection_attempt_remove (ConnectionAttempt *attempt)
++{
++ attempt->data->connection_attempts = g_slist_remove (attempt->data->connection_attempts, attempt);
++ connection_attempt_unref (attempt);
++}
++
+ static void
+ g_socket_client_async_connect_complete (GSocketClientAsyncConnectData *data)
+ {
+@@ -1359,8 +1418,7 @@ g_socket_client_async_connect_complete (GSocketClientAsyncConnectData *data)
+ {
+ GSocketConnection *wrapper_connection;
+
+- wrapper_connection = g_tcp_wrapper_connection_new (data->connection,
+- data->current_socket);
++ wrapper_connection = g_tcp_wrapper_connection_new (data->connection, data->socket);
+ g_object_unref (data->connection);
+ data->connection = (GIOStream *)wrapper_connection;
+ }
+@@ -1389,8 +1447,7 @@ static void
+ enumerator_next_async (GSocketClientAsyncConnectData *data)
+ {
+ /* We need to cleanup the state */
+- g_clear_object (&data->current_socket);
+- g_clear_object (&data->current_addr);
++ g_clear_object (&data->socket);
+ g_clear_object (&data->proxy_addr);
+ g_clear_object (&data->connection);
+
+@@ -1485,34 +1542,68 @@ g_socket_client_connected_callback (GObject *source,
+ GAsyncResult *result,
+ gpointer user_data)
+ {
+- GSocketClientAsyncConnectData *data = user_data;
++ ConnectionAttempt *attempt = user_data;
++ GSocketClientAsyncConnectData *data = attempt->data;
++ GSList *l;
+ GError *error = NULL;
+ GProxy *proxy;
+ const gchar *protocol;
+
+- if (g_task_return_error_if_cancelled (data->task))
++ /* data is NULL once the task is completed */
++ if (data && g_task_return_error_if_cancelled (data->task))
+ {
+ g_object_unref (data->task);
++ connection_attempt_unref (attempt);
+ return;
+ }
+
++ if (attempt->timeout_source)
++ {
++ g_source_destroy (attempt->timeout_source);
++ g_clear_pointer (&attempt->timeout_source, g_source_unref);
++ }
++
+ if (!g_socket_connection_connect_finish (G_SOCKET_CONNECTION (source),
+ result, &error))
+ {
+- clarify_connect_error (error, data->connectable,
+- data->current_addr);
+- set_last_error (data, error);
++ if (!g_cancellable_is_cancelled (attempt->cancellable))
++ {
++ clarify_connect_error (error, data->connectable, attempt->address);
++ set_last_error (data, error);
++ }
++ else
++ g_clear_error (&error);
++
++ if (data)
++ {
++ connection_attempt_remove (attempt);
++ enumerator_next_async (data);
++ }
++ else
++ connection_attempt_unref (attempt);
+
+- /* try next one */
+- enumerator_next_async (data);
+ return;
+ }
+
++ data->socket = g_steal_pointer (&attempt->socket);
++ data->connection = g_steal_pointer (&attempt->connection);
++
++ for (l = data->connection_attempts; l; l = g_slist_next (l))
++ {
++ ConnectionAttempt *attempt_entry = l->data;
++ g_cancellable_cancel (attempt_entry->cancellable);
++ attempt_entry->data = NULL;
++ connection_attempt_unref (attempt_entry);
++ }
++ g_slist_free (data->connection_attempts);
++ data->connection_attempts = NULL;
++ connection_attempt_unref (attempt);
++
+ g_socket_connection_set_cached_remote_address ((GSocketConnection*)data->connection, NULL);
+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTED, data->connectable, data->connection);
+
+ /* wrong, but backward compatible */
+- g_socket_set_blocking (data->current_socket, TRUE);
++ g_socket_set_blocking (data->socket, TRUE);
+
+ if (!data->proxy_addr)
+ {
+@@ -1565,6 +1656,26 @@ g_socket_client_connected_callback (GObject *source,
+ }
+ }
+
++static gboolean
++on_connection_attempt_timeout (gpointer data)
++{
++ ConnectionAttempt *attempt = data;
++
++ enumerator_next_async (attempt->data);
++
++ g_clear_pointer (&attempt->timeout_source, g_source_unref);
++ return G_SOURCE_REMOVE;
++}
++
++static void
++on_connection_cancelled (GCancellable *cancellable,
++ gpointer data)
++{
++ GCancellable *attempt_cancellable = data;
++
++ g_cancellable_cancel (attempt_cancellable);
++}
++
+ static void
+ g_socket_client_enumerator_callback (GObject *object,
+ GAsyncResult *result,
+@@ -1573,6 +1684,7 @@ g_socket_client_enumerator_callback (GObject *object,
+ GSocketClientAsyncConnectData *data = user_data;
+ GSocketAddress *address = NULL;
+ GSocket *socket;
++ ConnectionAttempt *attempt;
+ GError *error = NULL;
+
+ if (g_task_return_error_if_cancelled (data->task))
+@@ -1585,6 +1697,9 @@ g_socket_client_enumerator_callback (GObject *object,
+ result, &error);
+ if (address == NULL)
+ {
++ if (data->connection_attempts)
++ return;
++
+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
+ if (!error)
+ {
+@@ -1621,16 +1736,27 @@ g_socket_client_enumerator_callback (GObject *object,
+ return;
+ }
+
+- data->current_socket = socket;
+- data->current_addr = address;
+- data->connection = (GIOStream *) g_socket_connection_factory_create_connection (socket);
+-
+- g_socket_connection_set_cached_remote_address ((GSocketConnection*)data->connection, address);
+- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTING, data->connectable, data->connection);
+- g_socket_connection_connect_async (G_SOCKET_CONNECTION (data->connection),
++ attempt = connection_attempt_new ();
++ attempt->data = data;
++ attempt->socket = socket;
++ attempt->address = address;
++ attempt->cancellable = g_cancellable_new ();
++ attempt->connection = (GIOStream *)g_socket_connection_factory_create_connection (socket);
++ attempt->timeout_source = g_timeout_source_new (HAPPY_EYEBALLS_CONNECTION_ATTEMPT_TIMEOUT_MS);
++ g_source_set_callback (attempt->timeout_source, on_connection_attempt_timeout, attempt, NULL);
++ g_source_attach (attempt->timeout_source, g_main_context_get_thread_default ());
++ data->connection_attempts = g_slist_append (data->connection_attempts, attempt);
++
++ if (g_task_get_cancellable (data->task))
++ g_cancellable_connect (g_task_get_cancellable (data->task), G_CALLBACK (on_connection_cancelled),
++ g_object_ref (attempt->cancellable), g_object_unref);
++
++ g_socket_connection_set_cached_remote_address ((GSocketConnection *)attempt->connection, address);
++ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTING, data->connectable, attempt->connection);
++ g_socket_connection_connect_async (G_SOCKET_CONNECTION (attempt->connection),
+ address,
+- g_task_get_cancellable (data->task),
+- g_socket_client_connected_callback, data);
++ attempt->cancellable,
++ g_socket_client_connected_callback, connection_attempt_ref (attempt));
+ }
+
+ /**
+--
+2.7.4
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-9633_p2.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-9633_p2.patch
new file mode 100644
index 0000000000..3bb2f5d917
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-9633_p2.patch
@@ -0,0 +1,231 @@
+From d553d92d6e9f53cbe5a34166fcb919ba652c6a8e Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Tue, 29 Jan 2019 10:07:06 -0500
+Subject: [PATCH] gsocketclient: Fix criticals
+
+This ensures the parent GTask is kept alive as long as an enumeration
+is running and trying to connect.
+
+Closes #1646
+Closes #1649
+
+Upstream-Status: Backport
+CVE: CVE-2019-9633 patch 2
+Affects: < 2.59.2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ gio/gsocketclient.c | 74 +++++++++++++++++++++++++++++-------------
+ gio/tests/gsocketclient-slow.c | 55 ++++++++++++++++++++++++++++++-
+ 2 files changed, 106 insertions(+), 23 deletions(-)
+
+Index: glib-2.58.0/gio/gsocketclient.c
+===================================================================
+--- glib-2.58.0.orig/gio/gsocketclient.c
++++ glib-2.58.0/gio/gsocketclient.c
+@@ -1327,7 +1327,7 @@ g_socket_client_connect_to_uri (GSocketC
+
+ typedef struct
+ {
+- GTask *task;
++ GTask *task; /* unowned */
+ GSocketClient *client;
+
+ GSocketConnectable *connectable;
+@@ -1345,6 +1345,7 @@ static void connection_attempt_unref (gp
+ static void
+ g_socket_client_async_connect_data_free (GSocketClientAsyncConnectData *data)
+ {
++ data->task = NULL;
+ g_clear_object (&data->connectable);
+ g_clear_object (&data->enumerator);
+ g_clear_object (&data->proxy_addr);
+@@ -1444,13 +1445,19 @@ set_last_error (GSocketClientAsyncConnec
+ }
+
+ static void
+-enumerator_next_async (GSocketClientAsyncConnectData *data)
++enumerator_next_async (GSocketClientAsyncConnectData *data,
++ gboolean add_task_ref)
+ {
+ /* We need to cleanup the state */
+ g_clear_object (&data->socket);
+ g_clear_object (&data->proxy_addr);
+ g_clear_object (&data->connection);
+
++ /* Each enumeration takes a ref. This arg just avoids repeated unrefs when
++ an enumeration starts another enumeration */
++ if (add_task_ref)
++ g_object_ref (data->task);
++
+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_RESOLVING, data->connectable, NULL);
+ g_socket_address_enumerator_next_async (data->enumerator,
+ g_task_get_cancellable (data->task),
+@@ -1478,7 +1485,7 @@ g_socket_client_tls_handshake_callback (
+ else
+ {
+ g_object_unref (object);
+- enumerator_next_async (data);
++ enumerator_next_async (data, FALSE);
+ }
+ }
+
+@@ -1509,7 +1516,7 @@ g_socket_client_tls_handshake (GSocketCl
+ }
+ else
+ {
+- enumerator_next_async (data);
++ enumerator_next_async (data, FALSE);
+ }
+ }
+
+@@ -1530,13 +1537,24 @@ g_socket_client_proxy_connect_callback (
+ }
+ else
+ {
+- enumerator_next_async (data);
++ enumerator_next_async (data, FALSE);
+ return;
+ }
+
+ g_socket_client_tls_handshake (data);
+ }
+
++static gboolean
++task_completed_or_cancelled (GTask *task)
++{
++ if (g_task_get_completed (task))
++ return TRUE;
++ else if (g_task_return_error_if_cancelled (task))
++ return TRUE;
++ else
++ return FALSE;
++}
++
+ static void
+ g_socket_client_connected_callback (GObject *source,
+ GAsyncResult *result,
+@@ -1549,8 +1567,7 @@ g_socket_client_connected_callback (GObj
+ GProxy *proxy;
+ const gchar *protocol;
+
+- /* data is NULL once the task is completed */
+- if (data && g_task_return_error_if_cancelled (data->task))
++ if (g_cancellable_is_cancelled (attempt->cancellable) || task_completed_or_cancelled (data->task))
+ {
+ g_object_unref (data->task);
+ connection_attempt_unref (attempt);
+@@ -1570,17 +1587,15 @@ g_socket_client_connected_callback (GObj
+ {
+ clarify_connect_error (error, data->connectable, attempt->address);
+ set_last_error (data, error);
++ connection_attempt_remove (attempt);
++ enumerator_next_async (data, FALSE);
+ }
+ else
+- g_clear_error (&error);
+-
+- if (data)
+ {
+- connection_attempt_remove (attempt);
+- enumerator_next_async (data);
++ g_clear_error (&error);
++ g_object_unref (data->task);
++ connection_attempt_unref (attempt);
+ }
+- else
+- connection_attempt_unref (attempt);
+
+ return;
+ }
+@@ -1592,7 +1607,6 @@ g_socket_client_connected_callback (GObj
+ {
+ ConnectionAttempt *attempt_entry = l->data;
+ g_cancellable_cancel (attempt_entry->cancellable);
+- attempt_entry->data = NULL;
+ connection_attempt_unref (attempt_entry);
+ }
+ g_slist_free (data->connection_attempts);
+@@ -1625,7 +1639,7 @@ g_socket_client_connected_callback (GObj
+ G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+ _("Proxying over a non-TCP connection is not supported."));
+
+- enumerator_next_async (data);
++ enumerator_next_async (data, FALSE);
+ }
+ else if (g_hash_table_contains (data->client->priv->app_proxies, protocol))
+ {
+@@ -1652,7 +1666,7 @@ g_socket_client_connected_callback (GObj
+ _("Proxy protocol “%s” is not supported."),
+ protocol);
+
+- enumerator_next_async (data);
++ enumerator_next_async (data, FALSE);
+ }
+ }
+
+@@ -1661,7 +1675,7 @@ on_connection_attempt_timeout (gpointer
+ {
+ ConnectionAttempt *attempt = data;
+
+- enumerator_next_async (attempt->data);
++ enumerator_next_async (attempt->data, TRUE);
+
+ g_clear_pointer (&attempt->timeout_source, g_source_unref);
+ return G_SOURCE_REMOVE;
+@@ -1687,7 +1701,7 @@ g_socket_client_enumerator_callback (GOb
+ ConnectionAttempt *attempt;
+ GError *error = NULL;
+
+- if (g_task_return_error_if_cancelled (data->task))
++ if (task_completed_or_cancelled (data->task))
+ {
+ g_object_unref (data->task);
+ return;
+@@ -1698,7 +1712,10 @@ g_socket_client_enumerator_callback (GOb
+ if (address == NULL)
+ {
+ if (data->connection_attempts)
+- return;
++ {
++ g_object_unref (data->task);
++ return;
++ }
+
+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
+ if (!error)
+@@ -1732,7 +1749,7 @@ g_socket_client_enumerator_callback (GOb
+ if (socket == NULL)
+ {
+ g_object_unref (address);
+- enumerator_next_async (data);
++ enumerator_next_async (data, FALSE);
+ return;
+ }
+
+@@ -1804,11 +1821,24 @@ g_socket_client_connect_async (GSocketCl
+ else
+ data->enumerator = g_socket_connectable_enumerate (connectable);
+
++ /* The flow and ownership here isn't quite obvious:
++ - The task starts an async attempt to connect.
++ - Each attempt holds a single ref on task.
++ - Each attempt may create new attempts by timing out (not a failure) so
++ there are multiple attempts happening in parallel.
++ - Upon failure an attempt will start a new attempt that steals its ref
++ until there are no more attempts left and it drops its ref.
++ - Upon success it will cancel all other attempts and continue on
++ to the rest of the connection (tls, proxies, etc) which do not
++ happen in parallel and at the very end drop its ref.
++ - Upon cancellation an attempt drops its ref.
++ */
++
+ data->task = g_task_new (client, cancellable, callback, user_data);
+ g_task_set_source_tag (data->task, g_socket_client_connect_async);
+ g_task_set_task_data (data->task, data, (GDestroyNotify)g_socket_client_async_connect_data_free);
+
+- enumerator_next_async (data);
++ enumerator_next_async (data, FALSE);
+ }
+
+ /**
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/run-ptest b/meta/recipes-core/glib-2.0/glib-2.0/run-ptest
index 5b85e8fabe..8f082d34f6 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0/run-ptest
+++ b/meta/recipes-core/glib-2.0/glib-2.0/run-ptest
@@ -1,5 +1,6 @@
#! /bin/sh
+set -eux
useradd glib2-test
su glib2-test -c gnome-desktop-testing-runner glib
userdel glib2-test
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb
index 1271a7c269..611abd8eb8 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb
@@ -14,6 +14,10 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
file://0001-Do-not-ignore-return-value-of-write.patch \
file://0010-Do-not-hardcode-python-path-into-various-tools.patch \
file://date-lt.patch \
+ file://CVE-2019-12450.patch \
+ file://CVE-2019-9633_p1.patch \
+ file://CVE-2019-9633_p2.patch \
+ file://CVE-2019-13012.patch \
"
SRC_URI_append_class-native = " file://relocate-modules.patch"
diff --git a/meta/recipes-core/glibc/glibc-locale.inc b/meta/recipes-core/glibc/glibc-locale.inc
index 1b676dc26e..97d83cb856 100644
--- a/meta/recipes-core/glibc/glibc-locale.inc
+++ b/meta/recipes-core/glibc/glibc-locale.inc
@@ -95,3 +95,6 @@ do_install () {
inherit libc-package
BBCLASSEXTEND = "nativesdk"
+
+# Don't scan for CVEs as glibc will be scanned
+CVE_PRODUCT = ""
diff --git a/meta/recipes-core/glibc/glibc-mtrace.inc b/meta/recipes-core/glibc/glibc-mtrace.inc
index d703c14bdc..ef9d60ec23 100644
--- a/meta/recipes-core/glibc/glibc-mtrace.inc
+++ b/meta/recipes-core/glibc/glibc-mtrace.inc
@@ -11,3 +11,6 @@ do_install() {
install -d -m 0755 ${D}${bindir}
install -m 0755 ${SRC}/mtrace ${D}${bindir}/
}
+
+# Don't scan for CVEs as glibc will be scanned
+CVE_PRODUCT = ""
diff --git a/meta/recipes-core/glibc/glibc-scripts.inc b/meta/recipes-core/glibc/glibc-scripts.inc
index 2a2b41507e..14a14e4512 100644
--- a/meta/recipes-core/glibc/glibc-scripts.inc
+++ b/meta/recipes-core/glibc/glibc-scripts.inc
@@ -18,3 +18,6 @@ do_install() {
# sotruss script requires sotruss-lib.so (given by libsotruss package),
# to produce trace of the library calls.
RDEPENDS_${PN} += "libsotruss"
+
+# Don't scan for CVEs as glibc will be scanned
+CVE_PRODUCT = ""
diff --git a/meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch b/meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch
index b53f2ef2e2..a5c2992f2e 100644
--- a/meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch
+++ b/meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch
@@ -65,3 +65,36 @@ index 68822a6319..537bc35149 100644
/* Load the locale data for CATEGORY from the file specified by *NAME.
If *NAME is "", use environment variables as specified by POSIX, and
+Index: git/locale/programs/locale.c
+===================================================================
+--- git.orig/locale/programs/locale.c
++++ git/locale/programs/locale.c
+@@ -632,6 +632,7 @@ nameentcmp (const void *a, const void *b
+ ((const struct nameent *) b)->name);
+ }
+
++static char _write_archive_locales_path[4096] attribute_hidden __attribute__ ((section (".gccrelocprefix"))) = ARCHIVE_NAME;
+
+ static int
+ write_archive_locales (void **all_datap, char *linebuf)
+@@ -645,7 +646,7 @@ write_archive_locales (void **all_datap,
+ int fd, ret = 0;
+ uint32_t cnt;
+
+- fd = open64 (ARCHIVE_NAME, O_RDONLY);
++ fd = open64 (_write_archive_locales_path, O_RDONLY);
+ if (fd < 0)
+ return 0;
+
+@@ -700,8 +701,8 @@ write_archive_locales (void **all_datap,
+ if (cnt)
+ putchar_unlocked ('\n');
+
+- printf ("locale: %-15.15s archive: " ARCHIVE_NAME "\n%s\n",
+- names[cnt].name, linebuf);
++ printf ("locale: %-15.15s archive: %s\n%s\n",
++ names[cnt].name, _write_archive_locales_path, linebuf);
+
+ locrec = (struct locrecent *) (addr + names[cnt].locrec_offset);
+
+
diff --git a/meta/recipes-core/glibc/glibc/0026-reset-dl_load_write_lock-after-forking.patch b/meta/recipes-core/glibc/glibc/0026-reset-dl_load_write_lock-after-forking.patch
deleted file mode 100644
index 71ddc1234b..0000000000
--- a/meta/recipes-core/glibc/glibc/0026-reset-dl_load_write_lock-after-forking.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From efb0fca7db742f4195e1771d8ba4c7fba4938819 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 27 Jan 2018 10:05:07 -0800
-Subject: [PATCH] reset dl_load_write_lock after forking
-
-The patch in this Bugzilla entry was requested by a customer:
-
- https://www.sourceware.org/bugzilla/show_bug.cgi?id=19282
-
-The __libc_fork() code reset dl_load_lock, but it also needed to reset
-dl_load_write_lock. The patch has not yet been integrated upstream.
-
-Upstream-Status: Pending [ No Author See bugzilla]
-
-Signed-off-by: Damodar Sonone <damodar.sonone@kpit.com>
-Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- sysdeps/nptl/fork.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/sysdeps/nptl/fork.c b/sysdeps/nptl/fork.c
-index ec56a827eb..0f48933ff1 100644
---- a/sysdeps/nptl/fork.c
-+++ b/sysdeps/nptl/fork.c
-@@ -130,9 +130,9 @@ __libc_fork (void)
- _IO_list_resetlock ();
- }
-
-- /* Reset the lock the dynamic loader uses to protect its data. */
-+ /* Reset the locks the dynamic loader uses to protect its data. */
- __rtld_lock_initialize (GL(dl_load_lock));
--
-+ __rtld_lock_initialize (GL(dl_load_write_lock));
- /* Run the handlers registered for the child. */
- __run_fork_handlers (atfork_run_child);
- }
diff --git a/meta/recipes-core/glibc/glibc/0027-Acquire-ld.so-lock-before-switching-to-malloc_atfork.patch b/meta/recipes-core/glibc/glibc/0027-Acquire-ld.so-lock-before-switching-to-malloc_atfork.patch
deleted file mode 100644
index dd37f2cd4d..0000000000
--- a/meta/recipes-core/glibc/glibc/0027-Acquire-ld.so-lock-before-switching-to-malloc_atfork.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 6ea962e0946da7564a774b08dd3eda28d64e9e56 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 27 Jan 2018 10:08:04 -0800
-Subject: [PATCH] Acquire ld.so lock before switching to malloc_atfork
-
-The patch is from
- https://sourceware.org/bugzilla/show_bug.cgi?id=4578
-
-If a thread happens to hold dl_load_lock and have r_state set to RT_ADD or
-RT_DELETE at the time another thread calls fork(), then the child exit code
-from fork (in nptl/sysdeps/unix/sysv/linux/fork.c in our case) re-initializes
-dl_load_lock but does not restore r_state to RT_CONSISTENT. If the child
-subsequently requires ld.so functionality before calling exec(), then the
-assertion will fire.
-
-The patch acquires dl_load_lock on entry to fork() and releases it on exit
-from the parent path. The child path is initialized as currently done.
-This is essentially pthreads_atfork, but forced to be first because the
-acquisition of dl_load_lock must happen before malloc_atfork is active
-to avoid a deadlock.
-
-The patch has not yet been integrated upstream.
-
-Upstream-Status: Pending [ Not Author See bugzilla]
-
-Signed-off-by: Raghunath Lolur <Raghunath.Lolur@kpit.com>
-Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- sysdeps/nptl/fork.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/sysdeps/nptl/fork.c b/sysdeps/nptl/fork.c
-index 0f48933ff1..eef3f9669b 100644
---- a/sysdeps/nptl/fork.c
-+++ b/sysdeps/nptl/fork.c
-@@ -25,6 +25,7 @@
- #include <tls.h>
- #include <hp-timing.h>
- #include <ldsodefs.h>
-+#include <libc-lock.h>
- #include <stdio-lock.h>
- #include <atomic.h>
- #include <nptl/pthreadP.h>
-@@ -56,6 +57,9 @@ __libc_fork (void)
- bool multiple_threads = THREAD_GETMEM (THREAD_SELF, header.multiple_threads);
-
- __run_fork_handlers (atfork_run_prepare);
-+ /* grab ld.so lock BEFORE switching to malloc_atfork */
-+ __rtld_lock_lock_recursive (GL(dl_load_lock));
-+ __rtld_lock_lock_recursive (GL(dl_load_write_lock));
-
- /* If we are not running multiple threads, we do not have to
- preserve lock state. If fork runs from a signal handler, only
-@@ -150,6 +154,9 @@ __libc_fork (void)
-
- /* Run the handlers registered for the parent. */
- __run_fork_handlers (atfork_run_parent);
-+ /* unlock ld.so last, because we locked it first */
-+ __rtld_lock_unlock_recursive (GL(dl_load_write_lock));
-+ __rtld_lock_unlock_recursive (GL(dl_load_lock));
- }
-
- return pid;
diff --git a/meta/recipes-core/glibc/glibc/CVE-2016-10739.patch b/meta/recipes-core/glibc/glibc/CVE-2016-10739.patch
new file mode 100644
index 0000000000..7dc842887c
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2016-10739.patch
@@ -0,0 +1,1136 @@
+CVE: CVE-2016-10739
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 8e92ca5dd7a7e38a4dddf1ebc4e1e8f0cb27e4aa Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 21 Jan 2019 08:59:42 +0100
+Subject: [PATCH 1/4] resolv: Reformat inet_addr, inet_aton to GNU style
+
+(cherry picked from commit 5e30b8ef0758763effa115634e0ed7d8938e4bc0)
+---
+ ChangeLog | 5 ++
+ resolv/inet_addr.c | 192 ++++++++++++++++++++++++---------------------
+ 2 files changed, 106 insertions(+), 91 deletions(-)
+
+diff --git a/resolv/inet_addr.c b/resolv/inet_addr.c
+index 022f7ea084..32f58b0e13 100644
+--- a/resolv/inet_addr.c
++++ b/resolv/inet_addr.c
+@@ -1,3 +1,21 @@
++/* Legacy IPv4 text-to-address functions.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
+ /*
+ * Copyright (c) 1983, 1990, 1993
+ * The Regents of the University of California. All rights reserved.
+@@ -78,105 +96,97 @@
+ #include <limits.h>
+ #include <errno.h>
+
+-/*
+- * Ascii internet address interpretation routine.
+- * The value returned is in network order.
+- */
++/* ASCII IPv4 Internet address interpretation routine. The value
++ returned is in network order. */
+ in_addr_t
+-__inet_addr(const char *cp) {
+- struct in_addr val;
++__inet_addr (const char *cp)
++{
++ struct in_addr val;
+
+- if (__inet_aton(cp, &val))
+- return (val.s_addr);
+- return (INADDR_NONE);
++ if (__inet_aton (cp, &val))
++ return val.s_addr;
++ return INADDR_NONE;
+ }
+ weak_alias (__inet_addr, inet_addr)
+
+-/*
+- * Check whether "cp" is a valid ascii representation
+- * of an Internet address and convert to a binary address.
+- * Returns 1 if the address is valid, 0 if not.
+- * This replaces inet_addr, the return value from which
+- * cannot distinguish between failure and a local broadcast address.
+- */
++/* Check whether "cp" is a valid ASCII representation of an IPv4
++ Internet address and convert it to a binary address. Returns 1 if
++ the address is valid, 0 if not. This replaces inet_addr, the
++ return value from which cannot distinguish between failure and a
++ local broadcast address. */
+ int
+-__inet_aton(const char *cp, struct in_addr *addr)
++__inet_aton (const char *cp, struct in_addr *addr)
+ {
+- static const in_addr_t max[4] = { 0xffffffff, 0xffffff, 0xffff, 0xff };
+- in_addr_t val;
+- char c;
+- union iaddr {
+- uint8_t bytes[4];
+- uint32_t word;
+- } res;
+- uint8_t *pp = res.bytes;
+- int digit;
+-
+- int saved_errno = errno;
+- __set_errno (0);
+-
+- res.word = 0;
+-
+- c = *cp;
+- for (;;) {
+- /*
+- * Collect number up to ``.''.
+- * Values are specified as for C:
+- * 0x=hex, 0=octal, isdigit=decimal.
+- */
+- if (!isdigit(c))
+- goto ret_0;
+- {
+- char *endp;
+- unsigned long ul = strtoul (cp, (char **) &endp, 0);
+- if (ul == ULONG_MAX && errno == ERANGE)
+- goto ret_0;
+- if (ul > 0xfffffffful)
+- goto ret_0;
+- val = ul;
+- digit = cp != endp;
+- cp = endp;
+- }
+- c = *cp;
+- if (c == '.') {
+- /*
+- * Internet format:
+- * a.b.c.d
+- * a.b.c (with c treated as 16 bits)
+- * a.b (with b treated as 24 bits)
+- */
+- if (pp > res.bytes + 2 || val > 0xff)
+- goto ret_0;
+- *pp++ = val;
+- c = *++cp;
+- } else
+- break;
+- }
+- /*
+- * Check for trailing characters.
+- */
+- if (c != '\0' && (!isascii(c) || !isspace(c)))
+- goto ret_0;
+- /*
+- * Did we get a valid digit?
+- */
+- if (!digit)
+- goto ret_0;
+-
+- /* Check whether the last part is in its limits depending on
+- the number of parts in total. */
+- if (val > max[pp - res.bytes])
++ static const in_addr_t max[4] = { 0xffffffff, 0xffffff, 0xffff, 0xff };
++ in_addr_t val;
++ char c;
++ union iaddr
++ {
++ uint8_t bytes[4];
++ uint32_t word;
++ } res;
++ uint8_t *pp = res.bytes;
++ int digit;
++
++ int saved_errno = errno;
++ __set_errno (0);
++
++ res.word = 0;
++
++ c = *cp;
++ for (;;)
++ {
++ /* Collect number up to ``.''. Values are specified as for C:
++ 0x=hex, 0=octal, isdigit=decimal. */
++ if (!isdigit (c))
++ goto ret_0;
++ {
++ char *endp;
++ unsigned long ul = strtoul (cp, &endp, 0);
++ if (ul == ULONG_MAX && errno == ERANGE)
+ goto ret_0;
+-
+- if (addr != NULL)
+- addr->s_addr = res.word | htonl (val);
+-
+- __set_errno (saved_errno);
+- return (1);
+-
+-ret_0:
+- __set_errno (saved_errno);
+- return (0);
++ if (ul > 0xfffffffful)
++ goto ret_0;
++ val = ul;
++ digit = cp != endp;
++ cp = endp;
++ }
++ c = *cp;
++ if (c == '.')
++ {
++ /* Internet format:
++ a.b.c.d
++ a.b.c (with c treated as 16 bits)
++ a.b (with b treated as 24 bits). */
++ if (pp > res.bytes + 2 || val > 0xff)
++ goto ret_0;
++ *pp++ = val;
++ c = *++cp;
++ }
++ else
++ break;
++ }
++ /* Check for trailing characters. */
++ if (c != '\0' && (!isascii (c) || !isspace (c)))
++ goto ret_0;
++ /* Did we get a valid digit? */
++ if (!digit)
++ goto ret_0;
++
++ /* Check whether the last part is in its limits depending on the
++ number of parts in total. */
++ if (val > max[pp - res.bytes])
++ goto ret_0;
++
++ if (addr != NULL)
++ addr->s_addr = res.word | htonl (val);
++
++ __set_errno (saved_errno);
++ return 1;
++
++ ret_0:
++ __set_errno (saved_errno);
++ return 0;
+ }
+ weak_alias (__inet_aton, inet_aton)
+ libc_hidden_def (__inet_aton)
+--
+2.20.1
+
+
+From 37edf1d3f8ab9adefb61cc466ac52b53114fbd5b Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 21 Jan 2019 09:26:41 +0100
+Subject: [PATCH 2/4] resolv: Do not send queries for non-host-names in nss_dns
+ [BZ #24112]
+
+Before this commit, nss_dns would send a query which did not contain a
+host name as the query name (such as invalid\032name.example.com) and
+then reject the answer in getanswer_r and gaih_getanswer_slice, using
+a check based on res_hnok. With this commit, no query is sent, and a
+host-not-found error is returned to NSS without network interaction.
+
+(cherry picked from commit 6ca53a2453598804a2559a548a08424fca96434a)
+---
+ ChangeLog | 9 +++++++++
+ resolv/nss_dns/dns-host.c | 24 ++++++++++++++++++++++--
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index 5dc2829cd1..99c3b61e1c 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -274,11 +274,26 @@ gethostbyname3_context (struct resolv_context *ctx,
+ return status;
+ }
+
++/* Verify that the name looks like a host name. There is no point in
++ sending a query which will not produce a usable name in the
++ response. */
++static enum nss_status
++check_name (const char *name, int *h_errnop)
++{
++ if (res_hnok (name))
++ return NSS_STATUS_SUCCESS;
++ *h_errnop = HOST_NOT_FOUND;
++ return NSS_STATUS_NOTFOUND;
++}
++
+ enum nss_status
+ _nss_dns_gethostbyname2_r (const char *name, int af, struct hostent *result,
+ char *buffer, size_t buflen, int *errnop,
+ int *h_errnop)
+ {
++ enum nss_status status = check_name (name, h_errnop);
++ if (status != NSS_STATUS_SUCCESS)
++ return status;
+ return _nss_dns_gethostbyname3_r (name, af, result, buffer, buflen, errnop,
+ h_errnop, NULL, NULL);
+ }
+@@ -289,6 +304,9 @@ _nss_dns_gethostbyname_r (const char *name, struct hostent *result,
+ char *buffer, size_t buflen, int *errnop,
+ int *h_errnop)
+ {
++ enum nss_status status = check_name (name, h_errnop);
++ if (status != NSS_STATUS_SUCCESS)
++ return status;
+ struct resolv_context *ctx = __resolv_context_get ();
+ if (ctx == NULL)
+ {
+@@ -296,7 +314,7 @@ _nss_dns_gethostbyname_r (const char *name, struct hostent *result,
+ *h_errnop = NETDB_INTERNAL;
+ return NSS_STATUS_UNAVAIL;
+ }
+- enum nss_status status = NSS_STATUS_NOTFOUND;
++ status = NSS_STATUS_NOTFOUND;
+ if (res_use_inet6 ())
+ status = gethostbyname3_context (ctx, name, AF_INET6, result, buffer,
+ buflen, errnop, h_errnop, NULL, NULL);
+@@ -313,6 +331,9 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
+ char *buffer, size_t buflen, int *errnop,
+ int *herrnop, int32_t *ttlp)
+ {
++ enum nss_status status = check_name (name, herrnop);
++ if (status != NSS_STATUS_SUCCESS)
++ return status;
+ struct resolv_context *ctx = __resolv_context_get ();
+ if (ctx == NULL)
+ {
+@@ -347,7 +368,6 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
+ int ans2p_malloced = 0;
+
+ int olderr = errno;
+- enum nss_status status;
+ int n = __res_context_search (ctx, name, C_IN, T_QUERY_A_AND_AAAA,
+ host_buffer.buf->buf, 2048, &host_buffer.ptr,
+ &ans2p, &nans2p, &resplen2, &ans2p_malloced);
+--
+2.20.1
+
+
+From 2373941bd73cb288c8a42a33e23e7f7bb81151e7 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 21 Jan 2019 21:26:03 +0100
+Subject: [PATCH 3/4] CVE-2016-10739: getaddrinfo: Fully parse IPv4 address
+ strings [BZ #20018]
+
+The IPv4 address parser in the getaddrinfo function is changed so that
+it does not ignore trailing whitespace and all characters after it.
+For backwards compatibility, the getaddrinfo function still recognizes
+legacy name syntax, such as 192.000.002.010 interpreted as 192.0.2.8
+(octal).
+
+This commit does not change the behavior of inet_addr and inet_aton.
+gethostbyname already had additional sanity checks (but is switched
+over to the new __inet_aton_exact function for completeness as well).
+
+To avoid sending the problematic query names over DNS, commit
+6ca53a2453598804a2559a548a08424fca96434a ("resolv: Do not send queries
+for non-host-names in nss_dns [BZ #24112]") is needed.
+
+(cherry picked from commit 108bc4049f8ae82710aec26a92ffdb4b439c83fd)
+---
+ ChangeLog | 33 ++++++++
+ NEWS | 4 +
+ include/arpa/inet.h | 6 +-
+ nscd/gai.c | 1 -
+ nscd/gethstbynm3_r.c | 2 -
+ nss/digits_dots.c | 3 +-
+ resolv/Makefile | 7 ++
+ resolv/Versions | 1 +
+ resolv/inet_addr.c | 62 ++++++++++-----
+ resolv/res_init.c | 17 ++--
+ resolv/tst-aton.c | 35 +++++++--
+ resolv/tst-inet_aton_exact.c | 47 +++++++++++
+ resolv/tst-resolv-nondecimal.c | 139 +++++++++++++++++++++++++++++++++
+ resolv/tst-resolv-trailing.c | 136 ++++++++++++++++++++++++++++++++
+ sysdeps/posix/getaddrinfo.c | 2 +-
+ 15 files changed, 455 insertions(+), 40 deletions(-)
+ create mode 100644 resolv/tst-inet_aton_exact.c
+ create mode 100644 resolv/tst-resolv-nondecimal.c
+ create mode 100644 resolv/tst-resolv-trailing.c
+
+diff --git a/include/arpa/inet.h b/include/arpa/inet.h
+index c3f28f2baa..19aec74275 100644
+--- a/include/arpa/inet.h
++++ b/include/arpa/inet.h
+@@ -1,10 +1,10 @@
+ #include <inet/arpa/inet.h>
+
+ #ifndef _ISOMAC
+-extern int __inet_aton (const char *__cp, struct in_addr *__inp);
+-libc_hidden_proto (__inet_aton)
++/* Variant of inet_aton which rejects trailing garbage. */
++extern int __inet_aton_exact (const char *__cp, struct in_addr *__inp);
++libc_hidden_proto (__inet_aton_exact)
+
+-libc_hidden_proto (inet_aton)
+ libc_hidden_proto (inet_ntop)
+ libc_hidden_proto (inet_pton)
+ extern __typeof (inet_pton) __inet_pton;
+diff --git a/nscd/gai.c b/nscd/gai.c
+index 24bdfee1db..f57f396f57 100644
+--- a/nscd/gai.c
++++ b/nscd/gai.c
+@@ -19,7 +19,6 @@
+
+ /* This file uses the getaddrinfo code but it compiles it without NSCD
+ support. We just need a few symbol renames. */
+-#define __inet_aton inet_aton
+ #define __ioctl ioctl
+ #define __getsockname getsockname
+ #define __socket socket
+diff --git a/nscd/gethstbynm3_r.c b/nscd/gethstbynm3_r.c
+index 7beb9dce9f..f792c4fcd0 100644
+--- a/nscd/gethstbynm3_r.c
++++ b/nscd/gethstbynm3_r.c
+@@ -38,8 +38,6 @@
+ #define HAVE_LOOKUP_BUFFER 1
+ #define HAVE_AF 1
+
+-#define __inet_aton inet_aton
+-
+ /* We are nscd, so we don't want to be talking to ourselves. */
+ #undef USE_NSCD
+
+diff --git a/nss/digits_dots.c b/nss/digits_dots.c
+index 39bff38865..5441bce16e 100644
+--- a/nss/digits_dots.c
++++ b/nss/digits_dots.c
+@@ -29,7 +29,6 @@
+ #include "nsswitch.h"
+
+ #ifdef USE_NSCD
+-# define inet_aton __inet_aton
+ # include <nscd/nscd_proto.h>
+ #endif
+
+@@ -160,7 +159,7 @@ __nss_hostname_digits_dots_context (struct resolv_context *ctx,
+ 255.255.255.255? The test below will succeed
+ spuriously... ??? */
+ if (af == AF_INET)
+- ok = __inet_aton (name, (struct in_addr *) host_addr);
++ ok = __inet_aton_exact (name, (struct in_addr *) host_addr);
+ else
+ {
+ assert (af == AF_INET6);
+diff --git a/resolv/Makefile b/resolv/Makefile
+index ea395ac3eb..d36eedd34a 100644
+--- a/resolv/Makefile
++++ b/resolv/Makefile
+@@ -34,6 +34,9 @@ routines := herror inet_addr inet_ntop inet_pton nsap_addr res_init \
+ tests = tst-aton tst-leaks tst-inet_ntop
+ xtests = tst-leaks2
+
++tests-internal += tst-inet_aton_exact
++
++
+ generate := mtrace-tst-leaks.out tst-leaks.mtrace tst-leaks2.mtrace
+
+ extra-libs := libresolv libnss_dns
+@@ -54,8 +57,10 @@ tests += \
+ tst-resolv-binary \
+ tst-resolv-edns \
+ tst-resolv-network \
++ tst-resolv-nondecimal \
+ tst-resolv-res_init-multi \
+ tst-resolv-search \
++ tst-resolv-trailing \
+
+ # These tests need libdl.
+ ifeq (yes,$(build-shared))
+@@ -190,9 +195,11 @@ $(objpfx)tst-resolv-res_init-multi: $(objpfx)libresolv.so \
+ $(shared-thread-library)
+ $(objpfx)tst-resolv-res_init-thread: $(libdl) $(objpfx)libresolv.so \
+ $(shared-thread-library)
++$(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-search: $(objpfx)libresolv.so $(shared-thread-library)
++$(objpfx)tst-resolv-trailing: $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-threads: \
+ $(libdl) $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-canonname: \
+diff --git a/resolv/Versions b/resolv/Versions
+index b05778d965..9a82704af7 100644
+--- a/resolv/Versions
++++ b/resolv/Versions
+@@ -27,6 +27,7 @@ libc {
+ __h_errno; __resp;
+
+ __res_iclose;
++ __inet_aton_exact;
+ __inet_pton_length;
+ __resolv_context_get;
+ __resolv_context_get_preinit;
+diff --git a/resolv/inet_addr.c b/resolv/inet_addr.c
+index 32f58b0e13..41b6166a5b 100644
+--- a/resolv/inet_addr.c
++++ b/resolv/inet_addr.c
+@@ -96,26 +96,14 @@
+ #include <limits.h>
+ #include <errno.h>
+
+-/* ASCII IPv4 Internet address interpretation routine. The value
+- returned is in network order. */
+-in_addr_t
+-__inet_addr (const char *cp)
+-{
+- struct in_addr val;
+-
+- if (__inet_aton (cp, &val))
+- return val.s_addr;
+- return INADDR_NONE;
+-}
+-weak_alias (__inet_addr, inet_addr)
+-
+ /* Check whether "cp" is a valid ASCII representation of an IPv4
+ Internet address and convert it to a binary address. Returns 1 if
+ the address is valid, 0 if not. This replaces inet_addr, the
+ return value from which cannot distinguish between failure and a
+- local broadcast address. */
+-int
+-__inet_aton (const char *cp, struct in_addr *addr)
++ local broadcast address. Write a pointer to the first
++ non-converted character to *endp. */
++static int
++inet_aton_end (const char *cp, struct in_addr *addr, const char **endp)
+ {
+ static const in_addr_t max[4] = { 0xffffffff, 0xffffff, 0xffff, 0xff };
+ in_addr_t val;
+@@ -180,6 +168,7 @@ __inet_aton (const char *cp, struct in_addr *addr)
+
+ if (addr != NULL)
+ addr->s_addr = res.word | htonl (val);
++ *endp = cp;
+
+ __set_errno (saved_errno);
+ return 1;
+@@ -188,6 +177,41 @@ __inet_aton (const char *cp, struct in_addr *addr)
+ __set_errno (saved_errno);
+ return 0;
+ }
+-weak_alias (__inet_aton, inet_aton)
+-libc_hidden_def (__inet_aton)
+-libc_hidden_weak (inet_aton)
++
++int
++__inet_aton_exact (const char *cp, struct in_addr *addr)
++{
++ struct in_addr val;
++ const char *endp;
++ /* Check that inet_aton_end parsed the entire string. */
++ if (inet_aton_end (cp, &val, &endp) != 0 && *endp == 0)
++ {
++ *addr = val;
++ return 1;
++ }
++ else
++ return 0;
++}
++libc_hidden_def (__inet_aton_exact)
++
++/* inet_aton ignores trailing garbage. */
++int
++__inet_aton_ignore_trailing (const char *cp, struct in_addr *addr)
++{
++ const char *endp;
++ return inet_aton_end (cp, addr, &endp);
++}
++weak_alias (__inet_aton_ignore_trailing, inet_aton)
++
++/* ASCII IPv4 Internet address interpretation routine. The value
++ returned is in network order. */
++in_addr_t
++__inet_addr (const char *cp)
++{
++ struct in_addr val;
++ const char *endp;
++ if (inet_aton_end (cp, &val, &endp))
++ return val.s_addr;
++ return INADDR_NONE;
++}
++weak_alias (__inet_addr, inet_addr)
+diff --git a/resolv/res_init.c b/resolv/res_init.c
+index f5e52cbbb9..94743a252e 100644
+--- a/resolv/res_init.c
++++ b/resolv/res_init.c
+@@ -399,8 +399,16 @@ res_vinit_1 (FILE *fp, struct resolv_conf_parser *parser)
+ cp = parser->buffer + sizeof ("nameserver") - 1;
+ while (*cp == ' ' || *cp == '\t')
+ cp++;
++
++ /* Ignore trailing contents on the name server line. */
++ {
++ char *el;
++ if ((el = strpbrk (cp, " \t\n")) != NULL)
++ *el = '\0';
++ }
++
+ struct sockaddr *sa;
+- if ((*cp != '\0') && (*cp != '\n') && __inet_aton (cp, &a))
++ if ((*cp != '\0') && (*cp != '\n') && __inet_aton_exact (cp, &a))
+ {
+ sa = allocate_address_v4 (a, NAMESERVER_PORT);
+ if (sa == NULL)
+@@ -410,9 +418,6 @@ res_vinit_1 (FILE *fp, struct resolv_conf_parser *parser)
+ {
+ struct in6_addr a6;
+ char *el;
+-
+- if ((el = strpbrk (cp, " \t\n")) != NULL)
+- *el = '\0';
+ if ((el = strchr (cp, SCOPE_DELIMITER)) != NULL)
+ *el = '\0';
+ if ((*cp != '\0') && (__inet_pton (AF_INET6, cp, &a6) > 0))
+@@ -472,7 +477,7 @@ res_vinit_1 (FILE *fp, struct resolv_conf_parser *parser)
+ char separator = *cp;
+ *cp = 0;
+ struct resolv_sortlist_entry e;
+- if (__inet_aton (net, &a))
++ if (__inet_aton_exact (net, &a))
+ {
+ e.addr = a;
+ if (is_sort_mask (separator))
+@@ -484,7 +489,7 @@ res_vinit_1 (FILE *fp, struct resolv_conf_parser *parser)
+ cp++;
+ separator = *cp;
+ *cp = 0;
+- if (__inet_aton (net, &a))
++ if (__inet_aton_exact (net, &a))
+ e.mask = a.s_addr;
+ else
+ e.mask = net_mask (e.addr);
+diff --git a/resolv/tst-aton.c b/resolv/tst-aton.c
+index 08110a007a..eb734d7758 100644
+--- a/resolv/tst-aton.c
++++ b/resolv/tst-aton.c
+@@ -1,11 +1,29 @@
++/* Test legacy IPv4 text-to-address function inet_aton.
++ Copyright (C) 1998-2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <array_length.h>
+ #include <stdio.h>
+ #include <stdint.h>
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+
+-
+-static struct tests
++static const struct tests
+ {
+ const char *input;
+ int valid;
+@@ -16,6 +34,7 @@ static struct tests
+ { "-1", 0, 0 },
+ { "256", 1, 0x00000100 },
+ { "256.", 0, 0 },
++ { "255a", 0, 0 },
+ { "256a", 0, 0 },
+ { "0x100", 1, 0x00000100 },
+ { "0200.0x123456", 1, 0x80123456 },
+@@ -40,7 +59,12 @@ static struct tests
+ { "1.2.256.4", 0, 0 },
+ { "1.2.3.0x100", 0, 0 },
+ { "323543357756889", 0, 0 },
+- { "10.1.2.3.4", 0, 0},
++ { "10.1.2.3.4", 0, 0 },
++ { "192.0.2.1", 1, 0xc0000201 },
++ { "192.0.2.2\nX", 1, 0xc0000202 },
++ { "192.0.2.3 Y", 1, 0xc0000203 },
++ { "192.0.2.3Z", 0, 0 },
++ { "192.000.002.010", 1, 0xc0000208 },
+ };
+
+
+@@ -50,7 +74,7 @@ do_test (void)
+ int result = 0;
+ size_t cnt;
+
+- for (cnt = 0; cnt < sizeof (tests) / sizeof (tests[0]); ++cnt)
++ for (cnt = 0; cnt < array_length (tests); ++cnt)
+ {
+ struct in_addr addr;
+
+@@ -73,5 +97,4 @@ do_test (void)
+ return result;
+ }
+
+-#define TEST_FUNCTION do_test ()
+-#include "../test-skeleton.c"
++#include <support/test-driver.c>
+diff --git a/resolv/tst-inet_aton_exact.c b/resolv/tst-inet_aton_exact.c
+new file mode 100644
+index 0000000000..0fdfa3d6aa
+--- /dev/null
++++ b/resolv/tst-inet_aton_exact.c
+@@ -0,0 +1,47 @@
++/* Test internal legacy IPv4 text-to-address function __inet_aton_exact.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <arpa/inet.h>
++#include <support/check.h>
++
++static int
++do_test (void)
++{
++ struct in_addr addr = { };
++
++ TEST_COMPARE (__inet_aton_exact ("192.0.2.1", &addr), 1);
++ TEST_COMPARE (ntohl (addr.s_addr), 0xC0000201);
++
++ TEST_COMPARE (__inet_aton_exact ("192.000.002.010", &addr), 1);
++ TEST_COMPARE (ntohl (addr.s_addr), 0xC0000208);
++ TEST_COMPARE (__inet_aton_exact ("0xC0000234", &addr), 1);
++ TEST_COMPARE (ntohl (addr.s_addr), 0xC0000234);
++
++ /* Trailing content is not accepted. */
++ TEST_COMPARE (__inet_aton_exact ("192.0.2.2X", &addr), 0);
++ TEST_COMPARE (__inet_aton_exact ("192.0.2.3 Y", &addr), 0);
++ TEST_COMPARE (__inet_aton_exact ("192.0.2.4\nZ", &addr), 0);
++ TEST_COMPARE (__inet_aton_exact ("192.0.2.5\tT", &addr), 0);
++ TEST_COMPARE (__inet_aton_exact ("192.0.2.6 Y", &addr), 0);
++ TEST_COMPARE (__inet_aton_exact ("192.0.2.7\n", &addr), 0);
++ TEST_COMPARE (__inet_aton_exact ("192.0.2.8\t", &addr), 0);
++
++ return 0;
++}
++
++#include <support/test-driver.c>
+diff --git a/resolv/tst-resolv-nondecimal.c b/resolv/tst-resolv-nondecimal.c
+new file mode 100644
+index 0000000000..a0df6f332a
+--- /dev/null
++++ b/resolv/tst-resolv-nondecimal.c
+@@ -0,0 +1,139 @@
++/* Test name resolution behavior for octal, hexadecimal IPv4 addresses.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <netdb.h>
++#include <stdlib.h>
++#include <support/check.h>
++#include <support/check_nss.h>
++#include <support/resolv_test.h>
++#include <support/support.h>
++
++static void
++response (const struct resolv_response_context *ctx,
++ struct resolv_response_builder *b,
++ const char *qname, uint16_t qclass, uint16_t qtype)
++{
++ /* The tests are not supposed send any DNS queries. */
++ FAIL_EXIT1 ("unexpected DNS query for %s/%d/%d", qname, qclass, qtype);
++}
++
++static void
++run_query_addrinfo (const char *query, const char *address)
++{
++ char *quoted_query = support_quote_string (query);
++
++ struct addrinfo *ai;
++ struct addrinfo hints =
++ {
++ .ai_socktype = SOCK_STREAM,
++ .ai_protocol = IPPROTO_TCP,
++ };
++
++ char *context = xasprintf ("getaddrinfo \"%s\" AF_INET", quoted_query);
++ char *expected = xasprintf ("address: STREAM/TCP %s 80\n", address);
++ hints.ai_family = AF_INET;
++ int ret = getaddrinfo (query, "80", &hints, &ai);
++ check_addrinfo (context, ai, ret, expected);
++ if (ret == 0)
++ freeaddrinfo (ai);
++ free (context);
++
++ context = xasprintf ("getaddrinfo \"%s\" AF_UNSPEC", quoted_query);
++ hints.ai_family = AF_UNSPEC;
++ ret = getaddrinfo (query, "80", &hints, &ai);
++ check_addrinfo (context, ai, ret, expected);
++ if (ret == 0)
++ freeaddrinfo (ai);
++ free (expected);
++ free (context);
++
++ context = xasprintf ("getaddrinfo \"%s\" AF_INET6", quoted_query);
++ expected = xasprintf ("flags: AI_V4MAPPED\n"
++ "address: STREAM/TCP ::ffff:%s 80\n",
++ address);
++ hints.ai_family = AF_INET6;
++ hints.ai_flags = AI_V4MAPPED;
++ ret = getaddrinfo (query, "80", &hints, &ai);
++ check_addrinfo (context, ai, ret, expected);
++ if (ret == 0)
++ freeaddrinfo (ai);
++ free (expected);
++ free (context);
++
++ free (quoted_query);
++}
++
++static void
++run_query (const char *query, const char *address)
++{
++ char *quoted_query = support_quote_string (query);
++ char *context = xasprintf ("gethostbyname (\"%s\")", quoted_query);
++ char *expected = xasprintf ("name: %s\n"
++ "address: %s\n", query, address);
++ check_hostent (context, gethostbyname (query), expected);
++ free (context);
++
++ context = xasprintf ("gethostbyname_r \"%s\"", quoted_query);
++ struct hostent storage;
++ char buf[4096];
++ struct hostent *e = NULL;
++ TEST_COMPARE (gethostbyname_r (query, &storage, buf, sizeof (buf),
++ &e, &h_errno), 0);
++ check_hostent (context, e, expected);
++ free (context);
++
++ context = xasprintf ("gethostbyname2 (\"%s\", AF_INET)", quoted_query);
++ check_hostent (context, gethostbyname2 (query, AF_INET), expected);
++ free (context);
++
++ context = xasprintf ("gethostbyname2_r \"%s\" AF_INET", quoted_query);
++ e = NULL;
++ TEST_COMPARE (gethostbyname2_r (query, AF_INET, &storage, buf, sizeof (buf),
++ &e, &h_errno), 0);
++ check_hostent (context, e, expected);
++ free (context);
++ free (expected);
++
++ free (quoted_query);
++
++ /* The gethostbyname tests are always valid for getaddrinfo, but not
++ vice versa. */
++ run_query_addrinfo (query, address);
++}
++
++static int
++do_test (void)
++{
++ struct resolv_test *aux = resolv_test_start
++ ((struct resolv_redirect_config)
++ {
++ .response_callback = response,
++ });
++
++ run_query ("192.000.002.010", "192.0.2.8");
++
++ /* Hexadecimal numbers are not accepted by gethostbyname. */
++ run_query_addrinfo ("0xc0000210", "192.0.2.16");
++ run_query_addrinfo ("192.0x234", "192.0.2.52");
++
++ resolv_test_end (aux);
++
++ return 0;
++}
++
++#include <support/test-driver.c>
+diff --git a/resolv/tst-resolv-trailing.c b/resolv/tst-resolv-trailing.c
+new file mode 100644
+index 0000000000..7504bdae57
+--- /dev/null
++++ b/resolv/tst-resolv-trailing.c
+@@ -0,0 +1,136 @@
++/* Test name resolution behavior with trailing characters.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <array_length.h>
++#include <netdb.h>
++#include <support/check.h>
++#include <support/check_nss.h>
++#include <support/resolv_test.h>
++#include <support/support.h>
++
++static void
++response (const struct resolv_response_context *ctx,
++ struct resolv_response_builder *b,
++ const char *qname, uint16_t qclass, uint16_t qtype)
++{
++ /* The tests are not supposed send any DNS queries. */
++ FAIL_EXIT1 ("unexpected DNS query for %s/%d/%d", qname, qclass, qtype);
++}
++
++static int
++do_test (void)
++{
++ struct resolv_test *aux = resolv_test_start
++ ((struct resolv_redirect_config)
++ {
++ .response_callback = response,
++ });
++
++ static const char *const queries[] =
++ {
++ "192.0.2.1 ",
++ "192.0.2.2\t",
++ "192.0.2.3\n",
++ "192.0.2.4 X",
++ "192.0.2.5\tY",
++ "192.0.2.6\nZ",
++ "192.0.2. ",
++ "192.0.2.\t",
++ "192.0.2.\n",
++ "192.0.2. X",
++ "192.0.2.\tY",
++ "192.0.2.\nZ",
++ "2001:db8::1 ",
++ "2001:db8::2\t",
++ "2001:db8::3\n",
++ "2001:db8::4 X",
++ "2001:db8::5\tY",
++ "2001:db8::6\nZ",
++ };
++ for (size_t query_idx = 0; query_idx < array_length (queries); ++query_idx)
++ {
++ const char *query = queries[query_idx];
++ struct hostent storage;
++ char buf[4096];
++ struct hostent *e;
++
++ h_errno = 0;
++ TEST_VERIFY (gethostbyname (query) == NULL);
++ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
++
++ h_errno = 0;
++ e = NULL;
++ TEST_COMPARE (gethostbyname_r (query, &storage, buf, sizeof (buf),
++ &e, &h_errno), 0);
++ TEST_VERIFY (e == NULL);
++ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
++
++ h_errno = 0;
++ TEST_VERIFY (gethostbyname2 (query, AF_INET) == NULL);
++ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
++
++ h_errno = 0;
++ e = NULL;
++ TEST_COMPARE (gethostbyname2_r (query, AF_INET,
++ &storage, buf, sizeof (buf),
++ &e, &h_errno), 0);
++ TEST_VERIFY (e == NULL);
++ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
++
++ h_errno = 0;
++ TEST_VERIFY (gethostbyname2 (query, AF_INET6) == NULL);
++ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
++
++ h_errno = 0;
++ e = NULL;
++ TEST_COMPARE (gethostbyname2_r (query, AF_INET6,
++ &storage, buf, sizeof (buf),
++ &e, &h_errno), 0);
++ TEST_VERIFY (e == NULL);
++ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
++
++ static const int gai_flags[] =
++ {
++ 0,
++ AI_ADDRCONFIG,
++ AI_NUMERICHOST,
++ AI_IDN,
++ AI_IDN | AI_NUMERICHOST,
++ AI_V4MAPPED,
++ AI_V4MAPPED | AI_NUMERICHOST,
++ };
++ for (size_t gai_flags_idx; gai_flags_idx < array_length (gai_flags);
++ ++gai_flags_idx)
++ {
++ struct addrinfo hints = { .ai_flags = gai_flags[gai_flags_idx], };
++ struct addrinfo *ai;
++ hints.ai_family = AF_INET;
++ TEST_COMPARE (getaddrinfo (query, "80", &hints, &ai), EAI_NONAME);
++ hints.ai_family = AF_INET6;
++ TEST_COMPARE (getaddrinfo (query, "80", &hints, &ai), EAI_NONAME);
++ hints.ai_family = AF_UNSPEC;
++ TEST_COMPARE (getaddrinfo (query, "80", &hints, &ai), EAI_NONAME);
++ }
++ };
++
++ resolv_test_end (aux);
++
++ return 0;
++}
++
++#include <support/test-driver.c>
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index 553833d1f2..c91b281e31 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -488,7 +488,7 @@ gaih_inet (const char *name, const struct gaih_service *service,
+ malloc_name = true;
+ }
+
+- if (__inet_aton (name, (struct in_addr *) at->addr) != 0)
++ if (__inet_aton_exact (name, (struct in_addr *) at->addr) != 0)
+ {
+ if (req->ai_family == AF_UNSPEC || req->ai_family == AF_INET)
+ at->family = AF_INET;
+--
+2.20.1
+
+
+From c533244b8e00ae701583ec50aeb43377d292452d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 4 Feb 2019 20:07:18 +0100
+Subject: [PATCH 4/4] nscd: Do not use __inet_aton_exact@GLIBC_PRIVATE [BZ
+ #20018]
+
+This commit avoids referencing the __inet_aton_exact@GLIBC_PRIVATE
+symbol from nscd. In master, the separately-compiled getaddrinfo
+implementation in nscd needs it, however such an internal ABI change
+is not desirable on a release branch if it can be avoided.
+---
+ ChangeLog | 10 ++++++++++
+ nscd/Makefile | 2 +-
+ nscd/gai.c | 6 ++++++
+ nscd/nscd-inet_addr.c | 32 ++++++++++++++++++++++++++++++++
+ 4 files changed, 49 insertions(+), 1 deletion(-)
+ create mode 100644 nscd/nscd-inet_addr.c
+
+diff --git a/nscd/Makefile b/nscd/Makefile
+index b713a84c49..eb23c01a39 100644
+--- a/nscd/Makefile
++++ b/nscd/Makefile
+@@ -36,7 +36,7 @@ nscd-modules := nscd connections pwdcache getpwnam_r getpwuid_r grpcache \
+ getsrvbynm_r getsrvbypt_r servicescache \
+ dbg_log nscd_conf nscd_stat cache mem nscd_setup_thread \
+ xmalloc xstrdup aicache initgrcache gai res_hconf \
+- netgroupcache
++ netgroupcache nscd-inet_addr
+
+ ifeq ($(build-nscd)$(have-thread-library),yesyes)
+
+diff --git a/nscd/gai.c b/nscd/gai.c
+index f57f396f57..68a4abd30e 100644
+--- a/nscd/gai.c
++++ b/nscd/gai.c
+@@ -33,6 +33,12 @@
+ #define __getifaddrs getifaddrs
+ #define __freeifaddrs freeifaddrs
+
++/* We do not want to export __inet_aton_exact. Get the prototype and
++ change its visibility to hidden. */
++#include <arpa/inet.h>
++__typeof__ (__inet_aton_exact) __inet_aton_exact
++ __attribute__ ((visibility ("hidden")));
++
+ /* We are nscd, so we don't want to be talking to ourselves. */
+ #undef USE_NSCD
+
+diff --git a/nscd/nscd-inet_addr.c b/nscd/nscd-inet_addr.c
+new file mode 100644
+index 0000000000..f366b9567d
+--- /dev/null
++++ b/nscd/nscd-inet_addr.c
+@@ -0,0 +1,32 @@
++/* Legacy IPv4 text-to-address functions. Version for nscd.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <arpa/inet.h>
++
++/* We do not want to export __inet_aton_exact. Get the prototype and
++ change the visibility to hidden. */
++#include <arpa/inet.h>
++__typeof__ (__inet_aton_exact) __inet_aton_exact
++ __attribute__ ((visibility ("hidden")));
++
++/* Do not provide definitions of the public symbols exported from
++ libc. */
++#undef weak_alias
++#define weak_alias(from, to)
++
++#include <resolv/inet_addr.c>
+--
+2.20.1
diff --git a/meta/recipes-core/glibc/glibc/CVE-2018-19591.patch b/meta/recipes-core/glibc/glibc/CVE-2018-19591.patch
new file mode 100644
index 0000000000..9c78a3dfa0
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2018-19591.patch
@@ -0,0 +1,48 @@
+CVE: CVE-2018-19591
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From ce6ba630dbc96f49eb1f30366aa62261df4792f9 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Tue, 27 Nov 2018 16:12:43 +0100
+Subject: [PATCH] CVE-2018-19591: if_nametoindex: Fix descriptor for overlong
+ name [BZ #23927]
+
+(cherry picked from commit d527c860f5a3f0ed687bd03f0cb464612dc23408)
+---
+ ChangeLog | 7 +++++++
+ NEWS | 6 ++++++
+ sysdeps/unix/sysv/linux/if_index.c | 11 ++++++-----
+ 3 files changed, 19 insertions(+), 5 deletions(-)
+
+diff --git a/sysdeps/unix/sysv/linux/if_index.c b/sysdeps/unix/sysv/linux/if_index.c
+index e3d08982d9..782fc5e175 100644
+--- a/sysdeps/unix/sysv/linux/if_index.c
++++ b/sysdeps/unix/sysv/linux/if_index.c
+@@ -38,11 +38,6 @@ __if_nametoindex (const char *ifname)
+ return 0;
+ #else
+ struct ifreq ifr;
+- int fd = __opensock ();
+-
+- if (fd < 0)
+- return 0;
+-
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+@@ -50,6 +45,12 @@ __if_nametoindex (const char *ifname)
+ }
+
+ strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
++
++ int fd = __opensock ();
++
++ if (fd < 0)
++ return 0;
++
+ if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
+ {
+ int saved_errno = errno;
+--
+2.11.0
diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-6488.patch b/meta/recipes-core/glibc/glibc/CVE-2019-6488.patch
new file mode 100644
index 0000000000..fa423754d4
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2019-6488.patch
@@ -0,0 +1,274 @@
+From 718016100d889a986c536b595bf6ec0d6ab4b90e Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Fri, 1 Feb 2019 12:17:09 -0800
+Subject: [PATCH] x86-64 memchr/wmemchr: Properly handle the length parameter
+ [BZ #24097]
+Reply-To: muislam@microsoft.com
+
+On x32, the size_t parameter may be passed in the lower 32 bits of a
+64-bit register with the non-zero upper 32 bits. The string/memory
+functions written in assembly can only use the lower 32 bits of a
+64-bit register as length or must clear the upper 32 bits before using
+the full 64-bit register for length.
+
+This pach fixes memchr/wmemchr for x32. Tested on x86-64 and x32. On
+x86-64, libc.so is the same with and withou the fix.
+
+ [BZ #24097]
+ CVE-2019-6488
+ * sysdeps/x86_64/memchr.S: Use RDX_LP for length. Clear the
+ upper 32 bits of RDX register.
+ * sysdeps/x86_64/multiarch/memchr-avx2.S: Likewise.
+ * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memchr and
+ tst-size_t-wmemchr.
+ * sysdeps/x86_64/x32/test-size_t.h: New file.
+ * sysdeps/x86_64/x32/tst-size_t-memchr.c: Likewise.
+ * sysdeps/x86_64/x32/tst-size_t-wmemchr.c: Likewise.
+
+(cherry picked from commit 97700a34f36721b11a754cf37a1cc40695ece1fd)
+
+CVE: CVE-2019-6488
+
+Upstream-Status: Backport
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+---
+ NEWS | 1 -
+ sysdeps/x86_64/memchr.S | 10 ++--
+ sysdeps/x86_64/multiarch/memchr-avx2.S | 8 ++-
+ sysdeps/x86_64/x32/Makefile | 8 +++
+ sysdeps/x86_64/x32/test-size_t.h | 35 ++++++++++++
+ sysdeps/x86_64/x32/tst-size_t-memchr.c | 72 +++++++++++++++++++++++++
+ sysdeps/x86_64/x32/tst-size_t-wmemchr.c | 20 +++++++
+ 7 files changed, 148 insertions(+), 6 deletions(-)
+ create mode 100644 sysdeps/x86_64/x32/test-size_t.h
+ create mode 100644 sysdeps/x86_64/x32/tst-size_t-memchr.c
+ create mode 100644 sysdeps/x86_64/x32/tst-size_t-wmemchr.c
+
+diff --git a/NEWS b/NEWS
+index fd14941128..b158973a30 100644
+--- a/NEWS
++++ b/NEWS
+@@ -17,7 +17,6 @@ The following bugs are resolved with this release:
+ [23606] Missing ENDBR32 in sysdeps/i386/start.S
+ [23679] gethostid: Missing NULL check for gethostbyname_r result
+ [23717] Fix stack overflow in stdlib/tst-setcontext9
+-
+
+ Version 2.28
+
+diff --git a/sysdeps/x86_64/memchr.S b/sysdeps/x86_64/memchr.S
+index feef5d4f24..cb320257a2 100644
+--- a/sysdeps/x86_64/memchr.S
++++ b/sysdeps/x86_64/memchr.S
+@@ -34,12 +34,16 @@ ENTRY(MEMCHR)
+ mov %edi, %ecx
+
+ #ifdef USE_AS_WMEMCHR
+- test %rdx, %rdx
++ test %RDX_LP, %RDX_LP
+ jz L(return_null)
+- shl $2, %rdx
++ shl $2, %RDX_LP
+ #else
++# ifdef __ILP32__
++ /* Clear the upper 32 bits. */
++ movl %edx, %edx
++# endif
+ punpcklbw %xmm1, %xmm1
+- test %rdx, %rdx
++ test %RDX_LP, %RDX_LP
+ jz L(return_null)
+ punpcklbw %xmm1, %xmm1
+ #endif
+diff --git a/sysdeps/x86_64/multiarch/memchr-avx2.S b/sysdeps/x86_64/multiarch/memchr-avx2.S
+index 5f5e772554..c81da19bf0 100644
+--- a/sysdeps/x86_64/multiarch/memchr-avx2.S
++++ b/sysdeps/x86_64/multiarch/memchr-avx2.S
+@@ -40,16 +40,20 @@
+ ENTRY (MEMCHR)
+ # ifndef USE_AS_RAWMEMCHR
+ /* Check for zero length. */
+- testq %rdx, %rdx
++ test %RDX_LP, %RDX_LP
+ jz L(null)
+ # endif
+ movl %edi, %ecx
+ /* Broadcast CHAR to YMM0. */
+ vmovd %esi, %xmm0
+ # ifdef USE_AS_WMEMCHR
+- shl $2, %rdx
++ shl $2, %RDX_LP
+ vpbroadcastd %xmm0, %ymm0
+ # else
++# ifdef __ILP32__
++ /* Clear the upper 32 bits. */
++ movl %edx, %edx
++# endif
+ vpbroadcastb %xmm0, %ymm0
+ # endif
+ /* Check if we may cross page boundary with one vector load. */
+diff --git a/sysdeps/x86_64/x32/Makefile b/sysdeps/x86_64/x32/Makefile
+index f2ebc24fb0..7d528889c6 100644
+--- a/sysdeps/x86_64/x32/Makefile
++++ b/sysdeps/x86_64/x32/Makefile
+@@ -4,3 +4,11 @@ ifeq ($(subdir),math)
+ # 64-bit llround. Add -fno-builtin-lround to silence the compiler.
+ CFLAGS-s_llround.c += -fno-builtin-lround
+ endif
++
++ifeq ($(subdir),string)
++tests += tst-size_t-memchr
++endif
++
++ifeq ($(subdir),wcsmbs)
++tests += tst-size_t-wmemchr
++endif
+diff --git a/sysdeps/x86_64/x32/test-size_t.h b/sysdeps/x86_64/x32/test-size_t.h
+new file mode 100644
+index 0000000000..78a940863e
+--- /dev/null
++++ b/sysdeps/x86_64/x32/test-size_t.h
+@@ -0,0 +1,35 @@
++/* Test string/memory functions with size_t in the lower 32 bits of
++ 64-bit register.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#define TEST_MAIN
++#include <string/test-string.h>
++
++/* On x32, parameter_t may be passed in a 64-bit register with the LEN
++ field in the lower 32 bits. When the LEN field of 64-bit register
++ is passed to string/memory function as the size_t parameter, only
++ the lower 32 bits can be used. */
++typedef struct
++{
++ union
++ {
++ size_t len;
++ void (*fn) (void);
++ };
++ void *p;
++} parameter_t;
+diff --git a/sysdeps/x86_64/x32/tst-size_t-memchr.c b/sysdeps/x86_64/x32/tst-size_t-memchr.c
+new file mode 100644
+index 0000000000..29a3daf102
+--- /dev/null
++++ b/sysdeps/x86_64/x32/tst-size_t-memchr.c
+@@ -0,0 +1,72 @@
++/* Test memchr with size_t in the lower 32 bits of 64-bit register.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#ifndef WIDE
++# define TEST_NAME "memchr"
++#else
++# define TEST_NAME "wmemchr"
++#endif /* WIDE */
++#include "test-size_t.h"
++
++#ifndef WIDE
++# define MEMCHR memchr
++# define CHAR char
++# define UCHAR unsigned char
++#else
++# include <wchar.h>
++# define MEMCHR wmemchr
++# define CHAR wchar_t
++# define UCHAR wchar_t
++#endif /* WIDE */
++
++IMPL (MEMCHR, 1)
++
++typedef CHAR * (*proto_t) (const CHAR*, int, size_t);
++
++static CHAR *
++__attribute__ ((noinline, noclone))
++do_memchr (parameter_t a, parameter_t b)
++{
++ return CALL (&b, a.p, (uintptr_t) b.p, a.len);
++}
++
++static int
++test_main (void)
++{
++ test_init ();
++
++ parameter_t src = { { page_size / sizeof (CHAR) }, buf2 };
++ parameter_t c = { { 0 }, (void *) (uintptr_t) 0x12 };
++
++ int ret = 0;
++ FOR_EACH_IMPL (impl, 0)
++ {
++ c.fn = impl->fn;
++ CHAR *res = do_memchr (src, c);
++ if (res)
++ {
++ error (0, 0, "Wrong result in function %s: %p != NULL",
++ impl->name, res);
++ ret = 1;
++ }
++ }
++
++ return ret ? EXIT_FAILURE : EXIT_SUCCESS;
++}
++
++#include <support/test-driver.c>
+diff --git a/sysdeps/x86_64/x32/tst-size_t-wmemchr.c b/sysdeps/x86_64/x32/tst-size_t-wmemchr.c
+new file mode 100644
+index 0000000000..877801d646
+--- /dev/null
++++ b/sysdeps/x86_64/x32/tst-size_t-wmemchr.c
+@@ -0,0 +1,20 @@
++/* Test wmemchr with size_t in the lower 32 bits of 64-bit register.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#define WIDE 1
++#include "tst-size_t-memchr.c"
+--
+2.23.0
+
diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-7309.patch b/meta/recipes-core/glibc/glibc/CVE-2019-7309.patch
new file mode 100644
index 0000000000..04963c29e4
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2019-7309.patch
@@ -0,0 +1,207 @@
+From af7f46c45a60e6df754fb6258b546917e61ae6f1 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Mon, 4 Feb 2019 08:55:52 -0800
+Subject: [PATCH] x86-64 memcmp: Use unsigned Jcc instructions on size [BZ
+ #24155]
+Reply-To: muislam@microsoft.com
+
+Since the size argument is unsigned. we should use unsigned Jcc
+instructions, instead of signed, to check size.
+
+Tested on x86-64 and x32, with and without --disable-multi-arch.
+
+ [BZ #24155]
+ CVE-2019-7309
+ * NEWS: Updated for CVE-2019-7309.
+ * sysdeps/x86_64/memcmp.S: Use RDX_LP for size. Clear the
+ upper 32 bits of RDX register for x32. Use unsigned Jcc
+ instructions, instead of signed.
+ * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memcmp-2.
+ * sysdeps/x86_64/x32/tst-size_t-memcmp-2.c: New test.
+
+(cherry picked from commit 3f635fb43389b54f682fc9ed2acc0b2aaf4a923d)
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+
+CVE: CVE-2019-7309
+
+Upstream-Status: Backport
+---
+ sysdeps/x86_64/memcmp.S | 20 +++---
+ sysdeps/x86_64/x32/Makefile | 2 +-
+ sysdeps/x86_64/x32/tst-size_t-memcmp-2.c | 79 ++++++++++++++++++++++++
+ 3 files changed, 92 insertions(+), 9 deletions(-)
+ create mode 100644 sysdeps/x86_64/x32/tst-size_t-memcmp-2.c
+
+diff --git a/sysdeps/x86_64/memcmp.S b/sysdeps/x86_64/memcmp.S
+index bcb4a2e88d..45918d375a 100644
+--- a/sysdeps/x86_64/memcmp.S
++++ b/sysdeps/x86_64/memcmp.S
+@@ -21,14 +21,18 @@
+
+ .text
+ ENTRY (memcmp)
+- test %rdx, %rdx
++#ifdef __ILP32__
++ /* Clear the upper 32 bits. */
++ movl %edx, %edx
++#endif
++ test %RDX_LP, %RDX_LP
+ jz L(finz)
+ cmpq $1, %rdx
+- jle L(finr1b)
++ jbe L(finr1b)
+ subq %rdi, %rsi
+ movq %rdx, %r10
+ cmpq $32, %r10
+- jge L(gt32)
++ jae L(gt32)
+ /* Handle small chunks and last block of less than 32 bytes. */
+ L(small):
+ testq $1, %r10
+@@ -156,7 +160,7 @@ L(A32):
+ movq %r11, %r10
+ andq $-32, %r10
+ cmpq %r10, %rdi
+- jge L(mt16)
++ jae L(mt16)
+ /* Pre-unroll to be ready for unrolled 64B loop. */
+ testq $32, %rdi
+ jz L(A64)
+@@ -178,7 +182,7 @@ L(A64):
+ movq %r11, %r10
+ andq $-64, %r10
+ cmpq %r10, %rdi
+- jge L(mt32)
++ jae L(mt32)
+
+ L(A64main):
+ movdqu (%rdi,%rsi), %xmm0
+@@ -216,7 +220,7 @@ L(mt32):
+ movq %r11, %r10
+ andq $-32, %r10
+ cmpq %r10, %rdi
+- jge L(mt16)
++ jae L(mt16)
+
+ L(A32main):
+ movdqu (%rdi,%rsi), %xmm0
+@@ -254,7 +258,7 @@ L(ATR):
+ movq %r11, %r10
+ andq $-32, %r10
+ cmpq %r10, %rdi
+- jge L(mt16)
++ jae L(mt16)
+ testq $16, %rdi
+ jz L(ATR32)
+
+@@ -325,7 +329,7 @@ L(ATR64main):
+ movq %r11, %r10
+ andq $-32, %r10
+ cmpq %r10, %rdi
+- jge L(mt16)
++ jae L(mt16)
+
+ L(ATR32res):
+ movdqa (%rdi,%rsi), %xmm0
+diff --git a/sysdeps/x86_64/x32/Makefile b/sysdeps/x86_64/x32/Makefile
+index 7d528889c6..c9850beeb5 100644
+--- a/sysdeps/x86_64/x32/Makefile
++++ b/sysdeps/x86_64/x32/Makefile
+@@ -6,7 +6,7 @@ CFLAGS-s_llround.c += -fno-builtin-lround
+ endif
+
+ ifeq ($(subdir),string)
+-tests += tst-size_t-memchr
++tests += tst-size_t-memchr tst-size_t-memcmp-2
+ endif
+
+ ifeq ($(subdir),wcsmbs)
+diff --git a/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c b/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c
+new file mode 100644
+index 0000000000..d8ae1a0813
+--- /dev/null
++++ b/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c
+@@ -0,0 +1,79 @@
++/* Test memcmp with size_t in the lower 32 bits of 64-bit register.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#define TEST_MAIN
++#ifdef WIDE
++# define TEST_NAME "wmemcmp"
++#else
++# define TEST_NAME "memcmp"
++#endif
++
++#include "test-size_t.h"
++
++#ifdef WIDE
++# include <inttypes.h>
++# include <wchar.h>
++
++# define MEMCMP wmemcmp
++# define CHAR wchar_t
++#else
++# define MEMCMP memcmp
++# define CHAR char
++#endif
++
++IMPL (MEMCMP, 1)
++
++typedef int (*proto_t) (const CHAR *, const CHAR *, size_t);
++
++static int
++__attribute__ ((noinline, noclone))
++do_memcmp (parameter_t a, parameter_t b)
++{
++ return CALL (&b, a.p, b.p, a.len);
++}
++
++static int
++test_main (void)
++{
++ test_init ();
++
++ parameter_t dest = { { page_size / sizeof (CHAR) }, buf1 };
++ parameter_t src = { { 0 }, buf2 };
++
++ memcpy (buf1, buf2, page_size);
++
++ CHAR *p = (CHAR *) buf1;
++ p[page_size / sizeof (CHAR) - 1] = (CHAR) 1;
++
++ int ret = 0;
++ FOR_EACH_IMPL (impl, 0)
++ {
++ src.fn = impl->fn;
++ int res = do_memcmp (dest, src);
++ if (res >= 0)
++ {
++ error (0, 0, "Wrong result in function %s: %i >= 0",
++ impl->name, res);
++ ret = 1;
++ }
++ }
++
++ return ret ? EXIT_FAILURE : EXIT_SUCCESS;
++}
++
++#include <support/test-driver.c>
+--
+2.23.0
+
diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch b/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch
new file mode 100644
index 0000000000..14cfaa35af
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch
@@ -0,0 +1,63 @@
+From 583dd860d5b833037175247230a328f0050dbfe9 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Mon, 21 Jan 2019 11:08:13 -0800
+Subject: [PATCH] regex: fix read overrun [BZ #24114]
+
+Problem found by AddressSanitizer, reported by Hongxu Chen in:
+https://debbugs.gnu.org/34140
+* posix/regexec.c (proceed_next_node):
+Do not read past end of input buffer.
+
+Upstream-Status: Backport
+https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9
+
+CVE: CVE-2019-9169
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ChangeLog | 10 +++++++++-
+ posix/regexec.c | 6 ++++--
+ 2 files changed, 13 insertions(+), 3 deletions(-)
+
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,11 @@
++2019-01-31 Paul Eggert <eggert@cs.ucla.edu>
++
++ regex: fix read overrun [BZ #24114]
++ Problem found by AddressSanitizer, reported by Hongxu Chen in:
++ https://debbugs.gnu.org/34140
++ * posix/regexec.c (proceed_next_node):
++ Do not read past end of input buffer.
++
+ 2018-09-30 Martin Jansa <Martin.Jansa@gmail.com>
+ Partial fix for [BZ #23716]
+ * locale/weight.h: Fix build with -Os.
+@@ -10917,7 +10925,7 @@
+ (CFLAGS-wcstof_l.c): Likewise.
+ (CPPFLAGS-tst-wchar-h.c): Likewise.
+ (CPPFLAGS-wcstold_l.c): Likewise.
+----
++
+ 2017-12-11 Paul A. Clarke <pc@us.ibm.com>
+
+ * sysdeps/ieee754/flt-32/s_cosf.c: New implementation.
+Index: git/posix/regexec.c
+===================================================================
+--- git.orig/posix/regexec.c
++++ git/posix/regexec.c
+@@ -1289,8 +1289,10 @@ proceed_next_node (const re_match_contex
+ else if (naccepted)
+ {
+ char *buf = (char *) re_string_get_buffer (&mctx->input);
+- if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
+- naccepted) != 0)
++ if (mctx->input.valid_len - *pidx < naccepted
++ || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
++ naccepted)
++ != 0))
+ return -1;
+ }
+ }
diff --git a/meta/recipes-core/glibc/glibc_2.28.bb b/meta/recipes-core/glibc/glibc_2.28.bb
index d072939254..4e6ee4dcab 100644
--- a/meta/recipes-core/glibc/glibc_2.28.bb
+++ b/meta/recipes-core/glibc/glibc_2.28.bb
@@ -40,8 +40,6 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0023-Define-DUMMY_LOCALE_T-if-not-defined.patch \
file://0024-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch \
file://0025-locale-fix-hard-coded-reference-to-gcc-E.patch \
- file://0026-reset-dl_load_write_lock-after-forking.patch \
- file://0027-Acquire-ld.so-lock-before-switching-to-malloc_atfork.patch \
file://0028-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch \
file://0029-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch \
file://0030-intl-Emit-no-lines-in-bison-generated-files.patch \
@@ -49,6 +47,11 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0032-sysdeps-ieee754-soft-fp-ignore-maybe-uninitialized-w.patch \
file://0033-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
file://0034-inject-file-assembly-directives.patch \
+ file://CVE-2019-9169.patch \
+ file://CVE-2016-10739.patch \
+ file://CVE-2018-19591.patch \
+ file://CVE-2019-6488.patch \
+ file://CVE-2019-7309.patch \
"
NATIVESDKFIXES ?= ""
diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index c4c369cab2..2099a12425 100644
--- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -22,7 +22,7 @@ IMAGE_FSTYPES = "wic.vmdk"
inherit core-image module-base setuptools3
-SRCREV ?= "ca417455d79b29cd14cd8d39a9da904bf23fcc48"
+SRCREV ?= "2c5af52109bca8c0452b1539589cf073f6f0064a"
SRC_URI = "git://git.yoctoproject.org/poky;branch=thud \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
diff --git a/meta/recipes-core/meta/buildtools-extended-tarball.bb b/meta/recipes-core/meta/buildtools-extended-tarball.bb
new file mode 100644
index 0000000000..94ed57585b
--- /dev/null
+++ b/meta/recipes-core/meta/buildtools-extended-tarball.bb
@@ -0,0 +1,36 @@
+require recipes-core/meta/buildtools-tarball.bb
+
+DESCRIPTION = "SDK type target for building a standalone tarball containing build-essentials, python3, chrpath, \
+ make, git and tar. The tarball can be used to run bitbake builds on systems which don't meet the \
+ usual version requirements and have ancient compilers."
+SUMMARY = "Standalone tarball for running builds on systems with inadequate software and ancient compilers"
+LICENSE = "MIT"
+
+# Add nativesdk equivalent of build-essentials
+TOOLCHAIN_HOST_TASK += "\
+ nativesdk-automake \
+ nativesdk-autoconf \
+ nativesdk-binutils \
+ nativesdk-binutils-symlinks \
+ nativesdk-cpp \
+ nativesdk-cpp-symlinks \
+ nativesdk-gcc \
+ nativesdk-gcc-symlinks \
+ nativesdk-g++ \
+ nativesdk-g++-symlinks \
+ nativesdk-gettext \
+ nativesdk-libatomic \
+ nativesdk-libgcc \
+ nativesdk-libstdc++ \
+ nativesdk-libstdc++-dev \
+ nativesdk-libstdc++-staticdev \
+ nativesdk-libtool \
+ nativesdk-pkgconfig \
+ nativesdk-glibc-utils \
+ nativesdk-python \
+ nativesdk-libxcrypt-dev \
+ "
+
+TOOLCHAIN_OUTPUTNAME = "${SDK_ARCH}-buildtools-extended-nativesdk-standalone-${DISTRO_VERSION}"
+
+SDK_TITLE = "Extended Build tools"
diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb
index 91df6f1ae9..aba10b4cd6 100644
--- a/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/meta/recipes-core/meta/buildtools-tarball.bb
@@ -72,7 +72,13 @@ create_sdk_files_append () {
toolchain_create_sdk_version ${SDK_OUTPUT}/${SDKPATH}/version-${SDK_SYS}
echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
+ echo 'export SSL_CERT_FILE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
+ echo 'export OPENSSL_CONF="${SDKPATHNATIVE}${sysconfdir}/ssl/openssl.cnf"' >>$script
+ mkdir -p ${SDK_OUTPUT}/${SDKPATHNATIVE}${sysconfdir}/
+ echo '${SDKPATHNATIVE}${libdir}
+${SDKPATHNATIVE}${base_libdir}
+include /etc/ld.so.conf' > ${SDK_OUTPUT}/${SDKPATHNATIVE}${sysconfdir}/ld.so.conf
if [ "${SDKMACHINE}" = "i686" ]; then
echo 'export NO32LIBS="0"' >>$script
echo 'echo "$BB_ENV_EXTRAWHITE" | grep -q "NO32LIBS"' >>$script
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
new file mode 100644
index 0000000000..e9a023e9bd
--- /dev/null
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -0,0 +1,190 @@
+SUMMARY = "Updates the NVD CVE database"
+LICENSE = "MIT"
+
+INHIBIT_DEFAULT_DEPS = "1"
+
+inherit native
+
+deltask do_unpack
+deltask do_patch
+deltask do_configure
+deltask do_compile
+deltask do_install
+deltask do_populate_sysroot
+
+python () {
+ if not d.getVar("CVE_CHECK_DB_FILE"):
+ raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
+}
+
+python do_populate_cve_db() {
+ """
+ Update NVD database with json data feed
+ """
+ import bb.utils
+ import sqlite3, urllib, urllib.parse, shutil, gzip
+ from datetime import date
+
+ bb.utils.export_proxies(d)
+
+ BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"
+ YEAR_START = 2002
+
+ db_file = d.getVar("CVE_CHECK_DB_FILE")
+ db_dir = os.path.dirname(db_file)
+ json_tmpfile = os.path.join(db_dir, 'nvd.json.gz')
+
+ # Don't refresh the database more than once an hour
+ try:
+ import time
+ if time.time() - os.path.getmtime(db_file) < (60*60):
+ return
+ except OSError:
+ pass
+
+ cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a')
+
+ if not os.path.isdir(db_dir):
+ os.mkdir(db_dir)
+
+ # Connect to database
+ conn = sqlite3.connect(db_file)
+ c = conn.cursor()
+
+ initialize_db(c)
+
+ for year in range(YEAR_START, date.today().year + 1):
+ year_url = BASE_URL + str(year)
+ meta_url = year_url + ".meta"
+ json_url = year_url + ".json.gz"
+
+ # Retrieve meta last modified date
+ response = urllib.request.urlopen(meta_url)
+ if response:
+ for l in response.read().decode("utf-8").splitlines():
+ key, value = l.split(":", 1)
+ if key == "lastModifiedDate":
+ last_modified = value
+ break
+ else:
+ bb.warn("Cannot parse CVE metadata, update failed")
+ return
+
+ # Compare with current db last modified date
+ c.execute("select DATE from META where YEAR = ?", (year,))
+ meta = c.fetchone()
+ if not meta or meta[0] != last_modified:
+ # Clear products table entries corresponding to current year
+ c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,))
+
+ # Update db with current year json file
+ try:
+ response = urllib.request.urlopen(json_url)
+ if response:
+ update_db(c, gzip.decompress(response.read()).decode('utf-8'))
+ c.execute("insert or replace into META values (?, ?)", [year, last_modified])
+ except urllib.error.URLError as e:
+ cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
+ bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
+ return
+
+ # Update success, set the date to cve_check file.
+ if year == date.today().year:
+ cve_f.write('CVE database update : %s\n\n' % date.today())
+
+ cve_f.close()
+ conn.commit()
+ conn.close()
+}
+
+def initialize_db(c):
+ c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
+
+ c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
+ SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
+
+ c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
+ VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
+ VERSION_END TEXT, OPERATOR_END TEXT)")
+ c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);")
+
+def parse_node_and_insert(c, node, cveId):
+ # Parse children node if needed
+ for child in node.get('children', ()):
+ parse_node_and_insert(c, child, cveId)
+
+ def cpe_generator():
+ for cpe in node.get('cpe_match', ()):
+ if not cpe['vulnerable']:
+ return
+ cpe23 = cpe['cpe23Uri'].split(':')
+ vendor = cpe23[3]
+ product = cpe23[4]
+ version = cpe23[5]
+
+ if version != '*':
+ # Version is defined, this is a '=' match
+ yield [cveId, vendor, product, version, '=', '', '']
+ else:
+ # Parse start version, end version and operators
+ op_start = ''
+ op_end = ''
+ v_start = ''
+ v_end = ''
+
+ if 'versionStartIncluding' in cpe:
+ op_start = '>='
+ v_start = cpe['versionStartIncluding']
+
+ if 'versionStartExcluding' in cpe:
+ op_start = '>'
+ v_start = cpe['versionStartExcluding']
+
+ if 'versionEndIncluding' in cpe:
+ op_end = '<='
+ v_end = cpe['versionEndIncluding']
+
+ if 'versionEndExcluding' in cpe:
+ op_end = '<'
+ v_end = cpe['versionEndExcluding']
+
+ yield [cveId, vendor, product, v_start, op_start, v_end, op_end]
+
+ c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())
+
+def update_db(c, jsondata):
+ import json
+ root = json.loads(jsondata)
+
+ for elt in root['CVE_Items']:
+ if not elt['impact']:
+ continue
+
+ accessVector = None
+ cveId = elt['cve']['CVE_data_meta']['ID']
+ cveDesc = elt['cve']['description']['description_data'][0]['value']
+ date = elt['lastModifiedDate']
+ try:
+ accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
+ cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
+ except KeyError:
+ cvssv2 = 0.0
+ try:
+ accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
+ cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
+ except KeyError:
+ accessVector = accessVector or "UNKNOWN"
+ cvssv3 = 0.0
+
+ c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
+ [cveId, cveDesc, cvssv2, cvssv3, date, accessVector])
+
+ configurations = elt['configurations']['nodes']
+ for config in configurations:
+ parse_node_and_insert(c, config, cveId)
+
+
+addtask do_populate_cve_db before do_fetch
+do_populate_cve_db[nostamp] = "1"
+
+EXCLUDE_FROM_WORLD = "1"
diff --git a/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb b/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb
index 6a8748acdf..ee7d7cd660 100644
--- a/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb
+++ b/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb
@@ -15,12 +15,15 @@ DUMMYPROVIDES = "\
nativesdk-perl-module-file-find \
nativesdk-perl-module-file-glob \
nativesdk-perl-module-file-path \
+ nativesdk-perl-module-file-spec \
nativesdk-perl-module-file-stat \
nativesdk-perl-module-getopt-long \
nativesdk-perl-module-io-file \
+ nativesdk-perl-module-overloading \
nativesdk-perl-module-posix \
nativesdk-perl-module-thread-queue \
nativesdk-perl-module-threads \
+ nativesdk-perl-module-warnings \
/usr/bin/perl \
"
diff --git a/meta/recipes-core/meta/target-sdk-provides-dummy.bb b/meta/recipes-core/meta/target-sdk-provides-dummy.bb
index edf07c4a23..0160cb8eef 100644
--- a/meta/recipes-core/meta/target-sdk-provides-dummy.bb
+++ b/meta/recipes-core/meta/target-sdk-provides-dummy.bb
@@ -2,9 +2,17 @@ DUMMYARCH = "sdk-provides-dummy-target"
DUMMYPROVIDES = "\
busybox \
+ busybox-dev \
+ busybox-src \
coreutils \
+ coreutils-dev \
+ coreutils-src \
bash \
+ bash-dev \
+ bash-src \
perl \
+ perl-dev \
+ perl-src \
perl-module-re \
perl-module-strict \
perl-module-vars \
@@ -23,16 +31,22 @@ DUMMYPROVIDES = "\
perl-module-file-glob \
perl-module-file-path \
perl-module-file-stat \
+ perl-module-file-temp \
perl-module-getopt-long \
perl-module-io-file \
+ perl-module-overload \
perl-module-posix \
+ perl-module-overload \
perl-module-thread-queue \
perl-module-threads \
+ perl-module-warnings \
/bin/sh \
/bin/bash \
/usr/bin/env \
/usr/bin/perl \
pkgconfig \
+ pkgconfig-dev \
+ pkgconfig-src \
"
require dummy-sdk-package.inc
diff --git a/meta/recipes-core/systemd/systemd/0024-journald-do-not-store-the-iovec-entry-for-process-co.patch b/meta/recipes-core/systemd/systemd/0024-journald-do-not-store-the-iovec-entry-for-process-co.patch
index c3009545b1..c2f78be39e 100644
--- a/meta/recipes-core/systemd/systemd/0024-journald-do-not-store-the-iovec-entry-for-process-co.patch
+++ b/meta/recipes-core/systemd/systemd/0024-journald-do-not-store-the-iovec-entry-for-process-co.patch
@@ -1,4 +1,4 @@
-From fe19f5a9d0d8b9977e9507a9b66c3cc66744cd38 Mon Sep 17 00:00:00 2001
+From 9cb07e7d82c7c4f28bbaa1478e1387e8ea3d03dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 5 Dec 2018 18:38:39 +0100
Subject: [PATCH] journald: do not store the iovec entry for process
@@ -16,6 +16,10 @@ journal_file_append_entry() returns -E2BIG.
Patch backported from systemd master at
084eeb865ca63887098e0945fb4e93c852b91b0f.
+
+CVE: CVE-2018-16864
+Upstream-Status: Backport
+Signed-off-by: Marcus Cooper <marcusc@axis.com>
---
src/basic/io-util.c | 10 ++++++++++
src/basic/io-util.h | 2 ++
diff --git a/meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields-1k.patch b/meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields-1k.patch
deleted file mode 100644
index 50a01efe8f..0000000000
--- a/meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields-1k.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 4566aaf97f5b4143b930d75628f3abc905249dcd Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 5 Dec 2018 22:45:02 +0100
-Subject: [PATCH] journald: set a limit on the number of fields (1k)
-
-We allocate a iovec entry for each field, so with many short entries,
-our memory usage and processing time can be large, even with a relatively
-small message size. Let's refuse overly long entries.
-
-CVE-2018-16865
-https://bugzilla.redhat.com/show_bug.cgi?id=1653861
-
-What from I can see, the problem is not from an alloca, despite what the CVE
-description says, but from the attack multiplication that comes from creating
-many very small iovecs: (void* + size_t) for each three bytes of input message.
-
-Patch backported from systemd master at
-052c57f132f04a3cf4148f87561618da1a6908b4.
----
- src/basic/journal-importer.h | 3 +++
- src/journal/journald-native.c | 5 +++++
- 2 files changed, 8 insertions(+)
-
-diff --git a/src/basic/journal-importer.h b/src/basic/journal-importer.h
-index f49ce734a1..c4ae45d32d 100644
---- a/src/basic/journal-importer.h
-+++ b/src/basic/journal-importer.h
-@@ -16,6 +16,9 @@
- #define DATA_SIZE_MAX (1024*1024*768u)
- #define LINE_CHUNK 8*1024u
-
-+/* The maximum number of fields in an entry */
-+#define ENTRY_FIELD_COUNT_MAX 1024
-+
- struct iovec_wrapper {
- struct iovec *iovec;
- size_t size_bytes;
-diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
-index 5ff22a10af..951d092053 100644
---- a/src/journal/journald-native.c
-+++ b/src/journal/journald-native.c
-@@ -140,6 +140,11 @@ static int server_process_entry(
- }
-
- /* A property follows */
-+ if (n > ENTRY_FIELD_COUNT_MAX) {
-+ log_debug("Received an entry that has more than " STRINGIFY(ENTRY_FIELD_COUNT_MAX) " fields, ignoring entry.");
-+ r = 1;
-+ goto finish;
-+ }
-
- /* n existing properties, 1 new, +1 for _TRANSPORT */
- if (!GREEDY_REALLOC(iovec, m,
---
-2.11.0
-
diff --git a/meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields.patch b/meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields.patch
new file mode 100644
index 0000000000..ae9ef5de56
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields.patch
@@ -0,0 +1,139 @@
+From 7cad044b72406cbadf048da432c29afea74c3c10 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 22:45:02 +0100
+Subject: [PATCH] journald: set a limit on the number of fields
+
+The fix for CVE-2018-16865 is plucked from two commits that have
+been pushed to systemd master.
+
+journald: set a limit on the number of fields (1k)
+
+We allocate a iovec entry for each field, so with many short entries,
+our memory usage and processing time can be large, even with a relatively
+small message size. Let's refuse overly long entries.
+
+CVE-2018-16865
+https://bugzilla.redhat.com/show_bug.cgi?id=1653861
+
+What from I can see, the problem is not from an alloca, despite what the CVE
+description says, but from the attack multiplication that comes from creating
+many very small iovecs: (void* + size_t) for each three bytes of input message.
+
+Patch backported from systemd master at
+052c57f132f04a3cf4148f87561618da1a6908b4.
+
+journal-remote: set a limit on the number of fields in a message
+
+Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is
+reused for the new error condition (too many fields).
+
+This matches the change done for systemd-journald, hence forming the second
+part of the fix for CVE-2018-16865
+(https://bugzilla.redhat.com/show_bug.cgi?id=1653861).
+
+Patch backported from systemd master at
+ef4d6abe7c7fab6cbff975b32e76b09feee56074.
+with the changes applied by 7fdb237f5473cb8fc2129e57e8a0039526dcb4fd
+removed.
+
+CVE: CVE-2018-16865
+Upstream-Status: Backport
+Signed-off-by: Marcus Cooper <marcusc@axis.com>
+---
+ src/basic/journal-importer.c | 5 ++++-
+ src/basic/journal-importer.h | 3 +++
+ src/journal-remote/journal-remote-main.c | 7 ++++++-
+ src/journal-remote/journal-remote.c | 5 ++++-
+ src/journal/journald-native.c | 5 +++++
+ 5 files changed, 22 insertions(+), 3 deletions(-)
+
+diff --git a/src/basic/journal-importer.c b/src/basic/journal-importer.c
+index ca203bbbfc..3ac55a66d9 100644
+--- a/src/basic/journal-importer.c
++++ b/src/basic/journal-importer.c
+@@ -23,6 +23,9 @@ enum {
+ };
+
+ static int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) {
++ if (iovw->count >= ENTRY_FIELD_COUNT_MAX)
++ return -E2BIG;
++
+ if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1))
+ return log_oom();
+
+@@ -98,7 +101,7 @@ static int get_line(JournalImporter *imp, char **line, size_t *size) {
+ imp->scanned = imp->filled;
+ if (imp->scanned >= DATA_SIZE_MAX) {
+ log_error("Entry is bigger than %u bytes.", DATA_SIZE_MAX);
+- return -E2BIG;
++ return -ENOBUFS;
+ }
+
+ if (imp->passive_fd)
+diff --git a/src/basic/journal-importer.h b/src/basic/journal-importer.h
+index f49ce734a1..c4ae45d32d 100644
+--- a/src/basic/journal-importer.h
++++ b/src/basic/journal-importer.h
+@@ -16,6 +16,9 @@
+ #define DATA_SIZE_MAX (1024*1024*768u)
+ #define LINE_CHUNK 8*1024u
+
++/* The maximum number of fields in an entry */
++#define ENTRY_FIELD_COUNT_MAX 1024
++
+ struct iovec_wrapper {
+ struct iovec *iovec;
+ size_t size_bytes;
+diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
+index 8fda9d1499..3a01fef646 100644
+--- a/src/journal-remote/journal-remote-main.c
++++ b/src/journal-remote/journal-remote-main.c
+@@ -212,7 +212,12 @@ static int process_http_upload(
+ break;
+ else if (r < 0) {
+ log_warning("Failed to process data for connection %p", connection);
+- if (r == -E2BIG)
++ if (r == -ENOBUFS)
++ return mhd_respondf(connection,
++ r, MHD_HTTP_PAYLOAD_TOO_LARGE,
++ "Entry is above the maximum of %u, aborting connection %p.",
++ DATA_SIZE_MAX, connection);
++ else if (r == -E2BIG)
+ return mhd_respondf(connection,
+ r, MHD_HTTP_PAYLOAD_TOO_LARGE,
+ "Entry is too large, maximum is " STRINGIFY(DATA_SIZE_MAX) " bytes.");
+diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
+index beb75a1cb4..67e3a70c06 100644
+--- a/src/journal-remote/journal-remote.c
++++ b/src/journal-remote/journal-remote.c
+@@ -408,7 +408,10 @@ int journal_remote_handle_raw_source(
+ log_debug("%zu active sources remaining", s->active);
+ return 0;
+ } else if (r == -E2BIG) {
+- log_notice_errno(E2BIG, "Entry too big, skipped");
++ log_notice("Entry with too many fields, skipped");
++ return 1;
++ } else if (r == -ENOBUFS) {
++ log_notice("Entry too big, skipped");
+ return 1;
+ } else if (r == -EAGAIN) {
+ return 0;
+diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
+index 5ff22a10af..951d092053 100644
+--- a/src/journal/journald-native.c
++++ b/src/journal/journald-native.c
+@@ -140,6 +140,11 @@ static int server_process_entry(
+ }
+
+ /* A property follows */
++ if (n > ENTRY_FIELD_COUNT_MAX) {
++ log_debug("Received an entry that has more than " STRINGIFY(ENTRY_FIELD_COUNT_MAX) " fields, ignoring entry.");
++ r = 1;
++ goto finish;
++ }
+
+ /* n existing properties, 1 new, +1 for _TRANSPORT */
+ if (!GREEDY_REALLOC(iovec, m,
+--
+2.11.0
+
diff --git a/meta/recipes-core/systemd/systemd/0026-journal-fix-out-of-bounds-read-CVE-2018-16866.patch b/meta/recipes-core/systemd/systemd/0026-journal-fix-out-of-bounds-read-CVE-2018-16866.patch
new file mode 100644
index 0000000000..3925a4abbb
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/0026-journal-fix-out-of-bounds-read-CVE-2018-16866.patch
@@ -0,0 +1,49 @@
+From ebd06c37d4311db9851f4d3fdd023de3dd590de0 Mon Sep 17 00:00:00 2001
+From: Filipe Brandenburger <filbranden@google.com>
+Date: Thu, 10 Jan 2019 14:53:33 -0800
+Subject: [PATCH] journal: fix out-of-bounds read CVE-2018-16866
+
+The original code didn't account for the fact that strchr() would match on the
+'\0' character, making it read past the end of the buffer if no non-whitespace
+character was present.
+
+This bug was introduced in commit ec5ff4445cca6a which was first released in
+systemd v221 and later fixed in commit 8595102d3ddde6 which was released in
+v240, so versions in the range [v221, v240) are affected.
+
+Patch backported from systemd-stable at f005e73d3723d62a39be661931fcb6347119b52b
+also includes a change from systemd master which removes a heap buffer overflow
+a6aadf4ae0bae185dc4c414d492a4a781c80ffe5.
+
+CVE: CVE-2018-16866
+Upstream-Status: Backport
+Signed-off-by: Marcus Cooper <marcusc@axis.com>
+---
+ src/journal/journald-syslog.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c
+index 9dea116722..809b318c06 100644
+--- a/src/journal/journald-syslog.c
++++ b/src/journal/journald-syslog.c
+@@ -194,7 +194,7 @@ size_t syslog_parse_identifier(const char **buf, char **identifier, char **pid)
+ e = l;
+ l--;
+
+- if (p[l-1] == ']') {
++ if (l > 0 && p[l-1] == ']') {
+ size_t k = l-1;
+
+ for (;;) {
+@@ -219,7 +219,7 @@ size_t syslog_parse_identifier(const char **buf, char **identifier, char **pid)
+ if (t)
+ *identifier = t;
+
+- if (strchr(WHITESPACE, p[e]))
++ if (p[e] != '\0' && strchr(WHITESPACE, p[e]))
+ e++;
+ *buf = p + e;
+ return e;
+--
+2.11.0
+
diff --git a/meta/recipes-core/systemd/systemd/0026-journal-remote-set-a-limit-on-the-number-of-fields-i.patch b/meta/recipes-core/systemd/systemd/0026-journal-remote-set-a-limit-on-the-number-of-fields-i.patch
deleted file mode 100644
index 104945cc25..0000000000
--- a/meta/recipes-core/systemd/systemd/0026-journal-remote-set-a-limit-on-the-number-of-fields-i.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From 4183ec3a135663128834ca8b35d50a60999343a7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Fri, 7 Dec 2018 10:48:10 +0100
-Subject: [PATCH] journal-remote: set a limit on the number of fields in a
- message
-
-Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is
-reused for the new error condition (too many fields).
-
-This matches the change done for systemd-journald, hence forming the second
-part of the fix for CVE-2018-16865
-(https://bugzilla.redhat.com/show_bug.cgi?id=1653861).
-
-Patch backported from systemd master at
-ef4d6abe7c7fab6cbff975b32e76b09feee56074.
----
- src/basic/journal-importer.c | 5 ++++-
- src/journal-remote/journal-remote-main.c | 10 ++++++----
- src/journal-remote/journal-remote.c | 5 ++++-
- 3 files changed, 14 insertions(+), 6 deletions(-)
-
-diff --git a/src/basic/journal-importer.c b/src/basic/journal-importer.c
-index ca203bbbfc..3ac55a66d9 100644
---- a/src/basic/journal-importer.c
-+++ b/src/basic/journal-importer.c
-@@ -23,6 +23,9 @@ enum {
- };
-
- static int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) {
-+ if (iovw->count >= ENTRY_FIELD_COUNT_MAX)
-+ return -E2BIG;
-+
- if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1))
- return log_oom();
-
-@@ -98,7 +101,7 @@ static int get_line(JournalImporter *imp, char **line, size_t *size) {
- imp->scanned = imp->filled;
- if (imp->scanned >= DATA_SIZE_MAX) {
- log_error("Entry is bigger than %u bytes.", DATA_SIZE_MAX);
-- return -E2BIG;
-+ return -ENOBUFS;
- }
-
- if (imp->passive_fd)
-diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
-index 8fda9d1499..f52618fb7b 100644
---- a/src/journal-remote/journal-remote-main.c
-+++ b/src/journal-remote/journal-remote-main.c
-@@ -212,10 +212,12 @@ static int process_http_upload(
- break;
- else if (r < 0) {
- log_warning("Failed to process data for connection %p", connection);
-- if (r == -E2BIG)
-- return mhd_respondf(connection,
-- r, MHD_HTTP_PAYLOAD_TOO_LARGE,
-- "Entry is too large, maximum is " STRINGIFY(DATA_SIZE_MAX) " bytes.");
-+ if (r == -ENOBUFS)
-+ log_warning_errno(r, "Entry is above the maximum of %u, aborting connection %p.",
-+ DATA_SIZE_MAX, connection);
-+ else if (r == -E2BIG)
-+ log_warning_errno(r, "Entry with more fields than the maximum of %u, aborting connection %p.",
-+ ENTRY_FIELD_COUNT_MAX, connection);
- else
- return mhd_respondf(connection,
- r, MHD_HTTP_UNPROCESSABLE_ENTITY,
-diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
-index beb75a1cb4..67e3a70c06 100644
---- a/src/journal-remote/journal-remote.c
-+++ b/src/journal-remote/journal-remote.c
-@@ -408,7 +408,10 @@ int journal_remote_handle_raw_source(
- log_debug("%zu active sources remaining", s->active);
- return 0;
- } else if (r == -E2BIG) {
-- log_notice_errno(E2BIG, "Entry too big, skipped");
-+ log_notice("Entry with too many fields, skipped");
-+ return 1;
-+ } else if (r == -ENOBUFS) {
-+ log_notice("Entry too big, skipped");
- return 1;
- } else if (r == -EAGAIN) {
- return 0;
---
-2.11.0
-
diff --git a/meta/recipes-core/systemd/systemd/0027-journal-fix-syslog_parse_identifier.patch b/meta/recipes-core/systemd/systemd/0027-journal-fix-syslog_parse_identifier.patch
deleted file mode 100644
index d4df0e12fd..0000000000
--- a/meta/recipes-core/systemd/systemd/0027-journal-fix-syslog_parse_identifier.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 8ccebb04e07628f7fe10131d6cd4f19d6a0d8f45 Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Wed, 8 Aug 2018 15:06:36 +0900
-Subject: [PATCH] journal: fix syslog_parse_identifier()
-
-Fixes #9829.
-
-An out of bounds read was discovered in systemd-journald in the way it
-parses log messages that terminate with a colon ':'. A local attacker
-can use this flaw to disclose process memory data.
-
-Patch backported from systemd master at
-a6aadf4ae0bae185dc4c414d492a4a781c80ffe5.
-
-This matches the change done for systemd-journald, hence forming the first
-part of the fix for CVE-2018-16866.
----
- src/journal/journald-syslog.c | 6 +++---
- src/journal/test-journal-syslog.c | 10 ++++++++--
- 2 files changed, 11 insertions(+), 5 deletions(-)
-
-diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c
-index 9dea116722..97711ac7a3 100644
---- a/src/journal/journald-syslog.c
-+++ b/src/journal/journald-syslog.c
-@@ -194,7 +194,7 @@ size_t syslog_parse_identifier(const char **buf, char **identifier, char **pid)
- e = l;
- l--;
-
-- if (p[l-1] == ']') {
-+ if (l > 0 && p[l-1] == ']') {
- size_t k = l-1;
-
- for (;;) {
-@@ -219,8 +219,8 @@ size_t syslog_parse_identifier(const char **buf, char **identifier, char **pid)
- if (t)
- *identifier = t;
-
-- if (strchr(WHITESPACE, p[e]))
-- e++;
-+ e += strspn(p + e, WHITESPACE);
-+
- *buf = p + e;
- return e;
- }
-diff --git a/src/journal/test-journal-syslog.c b/src/journal/test-journal-syslog.c
-index 9ba86f6c8a..05f759817e 100644
---- a/src/journal/test-journal-syslog.c
-+++ b/src/journal/test-journal-syslog.c
-@@ -5,8 +5,8 @@
- #include "macro.h"
- #include "string-util.h"
-
--static void test_syslog_parse_identifier(const char* str,
-- const char *ident, const char*pid, int ret) {
-+static void test_syslog_parse_identifier(const char *str,
-+ const char *ident, const char *pid, int ret) {
- const char *buf = str;
- _cleanup_free_ char *ident2 = NULL, *pid2 = NULL;
- int ret2;
-@@ -21,7 +21,13 @@ static void test_syslog_parse_identifier(const char* str,
- int main(void) {
- test_syslog_parse_identifier("pidu[111]: xxx", "pidu", "111", 11);
- test_syslog_parse_identifier("pidu: xxx", "pidu", NULL, 6);
-+ test_syslog_parse_identifier("pidu: xxx", "pidu", NULL, 7);
- test_syslog_parse_identifier("pidu xxx", NULL, NULL, 0);
-+ test_syslog_parse_identifier(":", "", NULL, 1);
-+ test_syslog_parse_identifier(": ", "", NULL, 3);
-+ test_syslog_parse_identifier("pidu:", "pidu", NULL, 5);
-+ test_syslog_parse_identifier("pidu: ", "pidu", NULL, 6);
-+ test_syslog_parse_identifier("pidu : ", NULL, NULL, 0);
-
- return 0;
- }
---
-2.11.0
-
diff --git a/meta/recipes-core/systemd/systemd/0028-journal-do-not-remove-multiple-spaces-after-identifi.patch b/meta/recipes-core/systemd/systemd/0028-journal-do-not-remove-multiple-spaces-after-identifi.patch
deleted file mode 100644
index fa2c01034b..0000000000
--- a/meta/recipes-core/systemd/systemd/0028-journal-do-not-remove-multiple-spaces-after-identifi.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From c3a7da1bbb6d2df8ab7ea1c7ce34ded37a21959f Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Fri, 10 Aug 2018 11:07:54 +0900
-Subject: [PATCH] journal: do not remove multiple spaces after identifier in
- syslog message
-
-Single space is used as separator.
-C.f. discussions in #156.
-
-Fixes #9839 introduced by a6aadf4ae0bae185dc4c414d492a4a781c80ffe5.
-
-Patch backported from systemd master at
-8595102d3ddde6d25c282f965573a6de34ab4421.
-
-This matches the change done for systemd-journald, hence forming the second
-part of the fix for CVE-2018-16866
----
- src/journal/journald-syslog.c | 4 +++-
- src/journal/test-journal-syslog.c | 24 ++++++++++++++----------
- 2 files changed, 17 insertions(+), 11 deletions(-)
-
-diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c
-index 97711ac7a3..e0b55cc566 100644
---- a/src/journal/journald-syslog.c
-+++ b/src/journal/journald-syslog.c
-@@ -219,7 +219,9 @@ size_t syslog_parse_identifier(const char **buf, char **identifier, char **pid)
- if (t)
- *identifier = t;
-
-- e += strspn(p + e, WHITESPACE);
-+ /* Single space is used as separator */
-+ if (p[e] != '\0' && strchr(WHITESPACE, p[e]))
-+ e++;
-
- *buf = p + e;
- return e;
-diff --git a/src/journal/test-journal-syslog.c b/src/journal/test-journal-syslog.c
-index 05f759817e..7294cde032 100644
---- a/src/journal/test-journal-syslog.c
-+++ b/src/journal/test-journal-syslog.c
-@@ -6,7 +6,7 @@
- #include "string-util.h"
-
- static void test_syslog_parse_identifier(const char *str,
-- const char *ident, const char *pid, int ret) {
-+ const char *ident, const char *pid, const char *rest, int ret) {
- const char *buf = str;
- _cleanup_free_ char *ident2 = NULL, *pid2 = NULL;
- int ret2;
-@@ -16,18 +16,22 @@ static void test_syslog_parse_identifier(const char *str,
- assert_se(ret == ret2);
- assert_se(ident == ident2 || streq_ptr(ident, ident2));
- assert_se(pid == pid2 || streq_ptr(pid, pid2));
-+ assert_se(streq(buf, rest));
- }
-
- int main(void) {
-- test_syslog_parse_identifier("pidu[111]: xxx", "pidu", "111", 11);
-- test_syslog_parse_identifier("pidu: xxx", "pidu", NULL, 6);
-- test_syslog_parse_identifier("pidu: xxx", "pidu", NULL, 7);
-- test_syslog_parse_identifier("pidu xxx", NULL, NULL, 0);
-- test_syslog_parse_identifier(":", "", NULL, 1);
-- test_syslog_parse_identifier(": ", "", NULL, 3);
-- test_syslog_parse_identifier("pidu:", "pidu", NULL, 5);
-- test_syslog_parse_identifier("pidu: ", "pidu", NULL, 6);
-- test_syslog_parse_identifier("pidu : ", NULL, NULL, 0);
-+ test_syslog_parse_identifier("pidu[111]: xxx", "pidu", "111", "xxx", 11);
-+ test_syslog_parse_identifier("pidu: xxx", "pidu", NULL, "xxx", 6);
-+ test_syslog_parse_identifier("pidu: xxx", "pidu", NULL, " xxx", 6);
-+ test_syslog_parse_identifier("pidu xxx", NULL, NULL, "pidu xxx", 0);
-+ test_syslog_parse_identifier(" pidu xxx", NULL, NULL, " pidu xxx", 0);
-+ test_syslog_parse_identifier("", NULL, NULL, "", 0);
-+ test_syslog_parse_identifier(" ", NULL, NULL, " ", 0);
-+ test_syslog_parse_identifier(":", "", NULL, "", 1);
-+ test_syslog_parse_identifier(": ", "", NULL, " ", 2);
-+ test_syslog_parse_identifier("pidu:", "pidu", NULL, "", 5);
-+ test_syslog_parse_identifier("pidu: ", "pidu", NULL, "", 6);
-+ test_syslog_parse_identifier("pidu : ", NULL, NULL, "pidu : ", 0);
-
- return 0;
- }
---
-2.11.0
-
diff --git a/meta/recipes-core/systemd/systemd/CVE-2019-6454.patch b/meta/recipes-core/systemd/systemd/CVE-2019-6454.patch
new file mode 100644
index 0000000000..80170dac0f
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/CVE-2019-6454.patch
@@ -0,0 +1,210 @@
+Description: sd-bus: enforce a size limit for dbus paths, and don't allocate
+ them on the stacka
+Forwarded: no
+
+Patch from: systemd_239-7ubuntu10.8
+
+For information see:
+https://usn.ubuntu.com/3891-1/
+https://git.launchpad.net/ubuntu/+source/systemd/commit/?id=f8e75d5634904c8e672658856508c3a02f349adb
+
+CVE: CVE-2019-6454
+Upstream-Status: Backport
+
+Signed-off-by: George McCollister <george.mccollister@gmail.com>
+
+--- a/src/libsystemd/sd-bus/bus-internal.c
++++ b/src/libsystemd/sd-bus/bus-internal.c
+@@ -45,7 +45,7 @@
+ if (slash)
+ return false;
+
+- return true;
++ return (q - p) <= BUS_PATH_SIZE_MAX;
+ }
+
+ char* object_path_startswith(const char *a, const char *b) {
+--- a/src/libsystemd/sd-bus/bus-internal.h
++++ b/src/libsystemd/sd-bus/bus-internal.h
+@@ -333,6 +333,10 @@
+
+ #define BUS_MESSAGE_SIZE_MAX (128*1024*1024)
+ #define BUS_AUTH_SIZE_MAX (64*1024)
++/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one
++ * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however,
++ * to not clash unnecessarily with real-life applications. */
++#define BUS_PATH_SIZE_MAX (64*1024)
+
+ #define BUS_CONTAINER_DEPTH 128
+
+--- a/src/libsystemd/sd-bus/bus-objects.c
++++ b/src/libsystemd/sd-bus/bus-objects.c
+@@ -1134,7 +1134,8 @@
+ const char *path,
+ sd_bus_error *error) {
+
+- char *prefix;
++ _cleanup_free_ char *prefix = NULL;
++ size_t pl;
+ int r;
+
+ assert(bus);
+@@ -1150,7 +1151,12 @@
+ return 0;
+
+ /* Second, add fallback vtables registered for any of the prefixes */
+- prefix = alloca(strlen(path) + 1);
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
++
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = object_manager_serialize_path(bus, reply, prefix, path, true, error);
+ if (r < 0)
+@@ -1346,6 +1352,7 @@
+ }
+
+ int bus_process_object(sd_bus *bus, sd_bus_message *m) {
++ _cleanup_free_ char *prefix = NULL;
+ int r;
+ size_t pl;
+ bool found_object = false;
+@@ -1370,9 +1377,12 @@
+ assert(m->member);
+
+ pl = strlen(m->path);
+- do {
+- char prefix[pl+1];
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
+
++ do {
+ bus->nodes_modified = false;
+
+ r = object_find_and_run(bus, m, m->path, false, &found_object);
+@@ -1499,9 +1509,15 @@
+
+ n = hashmap_get(bus->nodes, path);
+ if (!n) {
+- char *prefix;
++ _cleanup_free_ char *prefix = NULL;
++ size_t pl;
++
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
+
+- prefix = alloca(strlen(path) + 1);
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ n = hashmap_get(bus->nodes, prefix);
+ if (n)
+@@ -2091,8 +2107,9 @@
+ char **names) {
+
+ BUS_DONT_DESTROY(bus);
++ _cleanup_free_ char *prefix = NULL;
+ bool found_interface = false;
+- char *prefix;
++ size_t pl;
+ int r;
+
+ assert_return(bus, -EINVAL);
+@@ -2111,6 +2128,12 @@
+ if (names && names[0] == NULL)
+ return 0;
+
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
++
+ do {
+ bus->nodes_modified = false;
+
+@@ -2120,7 +2143,6 @@
+ if (bus->nodes_modified)
+ continue;
+
+- prefix = alloca(strlen(path) + 1);
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = emit_properties_changed_on_interface(bus, prefix, path, interface, true, &found_interface, names);
+ if (r != 0)
+@@ -2252,7 +2274,8 @@
+
+ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) {
+ _cleanup_set_free_ Set *s = NULL;
+- char *prefix;
++ _cleanup_free_ char *prefix = NULL;
++ size_t pl;
+ int r;
+
+ assert(bus);
+@@ -2297,7 +2320,12 @@
+ if (bus->nodes_modified)
+ return 0;
+
+- prefix = alloca(strlen(path) + 1);
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
++
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = object_added_append_all_prefix(bus, m, s, prefix, path, true);
+ if (r < 0)
+@@ -2436,7 +2464,8 @@
+
+ static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char *path) {
+ _cleanup_set_free_ Set *s = NULL;
+- char *prefix;
++ _cleanup_free_ char *prefix = NULL;
++ size_t pl;
+ int r;
+
+ assert(bus);
+@@ -2468,7 +2497,12 @@
+ if (bus->nodes_modified)
+ return 0;
+
+- prefix = alloca(strlen(path) + 1);
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
++
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = object_removed_append_all_prefix(bus, m, s, prefix, path, true);
+ if (r < 0)
+@@ -2618,7 +2652,8 @@
+ const char *path,
+ const char *interface) {
+
+- char *prefix;
++ _cleanup_free_ char *prefix = NULL;
++ size_t pl;
+ int r;
+
+ assert(bus);
+@@ -2632,7 +2667,12 @@
+ if (bus->nodes_modified)
+ return 0;
+
+- prefix = alloca(strlen(path) + 1);
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
++
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = interfaces_added_append_one_prefix(bus, m, prefix, path, interface, true);
+ if (r != 0)
diff --git a/meta/recipes-core/systemd/systemd/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch b/meta/recipes-core/systemd/systemd/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch
new file mode 100644
index 0000000000..57311faa60
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch
@@ -0,0 +1,61 @@
+Description: sd-bus: if we receive an invalid dbus message, ignore and
+ proceeed
+ .
+ dbus-daemon might have a slightly different idea of what a valid msg is
+ than us (for example regarding valid msg and field sizes). Let's hence
+ try to proceed if we can and thus drop messages rather than fail the
+ connection if we fail to validate a message.
+ .
+ Hopefully the differences in what is considered valid are not visible
+ for real-life usecases, but are specific to exploit attempts only.
+Author: Lennart Poettering <lennart@poettering.net>
+Forwarded: other,https://github.com/systemd/systemd/pull/11708/
+
+Patch from: systemd_239-7ubuntu10.8
+
+For information see:
+https://usn.ubuntu.com/3891-1/
+https://git.launchpad.net/ubuntu/+source/systemd/commit/?id=f8e75d5634904c8e672658856508c3a02f349adb
+
+CVE: CVE-2019-6454
+Upstream-Status: Backport
+
+Signed-off-by: George McCollister <george.mccollister@gmail.com>
+
+diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
+index 30d6455b6f..441b4a816f 100644
+--- a/src/libsystemd/sd-bus/bus-socket.c
++++ b/src/libsystemd/sd-bus/bus-socket.c
+@@ -1072,7 +1072,7 @@ static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
+ }
+
+ static int bus_socket_make_message(sd_bus *bus, size_t size) {
+- sd_bus_message *t;
++ sd_bus_message *t = NULL;
+ void *b;
+ int r;
+
+@@ -1097,7 +1097,9 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
+ bus->fds, bus->n_fds,
+ NULL,
+ &t);
+- if (r < 0) {
++ if (r == -EBADMSG)
++ log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description));
++ else if (r < 0) {
+ free(b);
+ return r;
+ }
+@@ -1108,7 +1110,8 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
+ bus->fds = NULL;
+ bus->n_fds = 0;
+
+- bus->rqueue[bus->rqueue_size++] = t;
++ if (t)
++ bus->rqueue[bus->rqueue_size++] = t;
+
+ return 1;
+ }
+--
+2.17.1
+
diff --git a/meta/recipes-core/systemd/systemd_239.bb b/meta/recipes-core/systemd/systemd_239.bb
index 6fbef47166..7fbd64ced7 100644
--- a/meta/recipes-core/systemd/systemd_239.bb
+++ b/meta/recipes-core/systemd/systemd_239.bb
@@ -39,10 +39,10 @@ SRC_URI += "file://touchscreen.rules \
file://0002-core-Fix-use-after-free-case-in-load_from_path.patch \
file://0001-meson-rename-Ddebug-to-Ddebug-extra.patch \
file://0024-journald-do-not-store-the-iovec-entry-for-process-co.patch \
- file://0025-journald-set-a-limit-on-the-number-of-fields-1k.patch \
- file://0026-journal-remote-set-a-limit-on-the-number-of-fields-i.patch \
- file://0027-journal-fix-syslog_parse_identifier.patch \
- file://0028-journal-do-not-remove-multiple-spaces-after-identifi.patch \
+ file://0025-journald-set-a-limit-on-the-number-of-fields.patch \
+ file://0026-journal-fix-out-of-bounds-read-CVE-2018-16866.patch \
+ file://CVE-2019-6454.patch \
+ file://sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch \
"
# patches made for musl are only applied on TCLIBC is musl
@@ -559,7 +559,7 @@ FILES_${PN} = " ${base_bindir}/* \
FILES_${PN}-dev += "${base_libdir}/security/*.la ${datadir}/dbus-1/interfaces/ ${sysconfdir}/rpm/macros.systemd"
-RDEPENDS_${PN} += "kmod dbus util-linux-mount udev (= ${EXTENDPKGV}) util-linux-agetty util-linux-fsck"
+RDEPENDS_${PN} += "kmod dbus util-linux-mount util-linux-umount udev (= ${EXTENDPKGV}) util-linux-agetty util-linux-fsck"
RDEPENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'serial-getty-generator', '', 'systemd-serialgetty', d)}"
RDEPENDS_${PN} += "volatile-binds update-rc.d systemd-conf"
diff --git a/meta/recipes-core/zlib/zlib-1.2.11/Makefile-runtests.patch b/meta/recipes-core/zlib/zlib-1.2.11/Makefile-runtests.patch
deleted file mode 100644
index 61eea8238a..0000000000
--- a/meta/recipes-core/zlib/zlib-1.2.11/Makefile-runtests.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Add 'ptest' target to Makefile, to run tests without checking dependencies.
-
-Signed-off-by: Anders Roxell <anders.roxell@enea.com>
-Upstream-Status: Pending
----
-diff -uNr a/Makefile.in b/Makefile.in
---- a/Makefile.in 2013-06-10 13:48:14.321959162 +0200
-+++ b/Makefile.in 2013-06-10 13:49:36.686476448 +0200
-@@ -83,6 +83,9 @@
- test: all teststatic testshared
-
- teststatic: static
-+ @make runteststatic
-+
-+runteststatic:
- @TMPST=tmpst_$$; \
- if echo hello world | ./minigzip | ./minigzip -d && ./example $$TMPST ; then \
- echo ' *** zlib test OK ***'; \
-@@ -92,6 +95,9 @@
- rm -f $$TMPST
-
- testshared: shared
-+ @make runtestshared
-+
-+runtestshared:
- @LD_LIBRARY_PATH=`pwd`:$(LD_LIBRARY_PATH) ; export LD_LIBRARY_PATH; \
- LD_LIBRARYN32_PATH=`pwd`:$(LD_LIBRARYN32_PATH) ; export LD_LIBRARYN32_PATH; \
- DYLD_LIBRARY_PATH=`pwd`:$(DYLD_LIBRARY_PATH) ; export DYLD_LIBRARY_PATH; \
-@@ -105,6 +111,9 @@
- rm -f $$TMPSH
-
- test64: all64
-+ @make runtestall64
-+
-+runtestall64:
- @TMP64=tmp64_$$; \
- if echo hello world | ./minigzip64 | ./minigzip64 -d && ./example64 $$TMP64; then \
- echo ' *** zlib 64-bit test OK ***'; \
diff --git a/meta/recipes-core/zlib/zlib-1.2.11/remove.ldconfig.call.patch b/meta/recipes-core/zlib/zlib-1.2.11/remove.ldconfig.call.patch
deleted file mode 100644
index 7ccbe1f44c..0000000000
--- a/meta/recipes-core/zlib/zlib-1.2.11/remove.ldconfig.call.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-
-When /etc/ld.so.cache is writeable by user running bitbake then it creates invalid cache
-(in my case libstdc++.so cannot be found after building zlib(-native) and I have to call
-touch */libstdc++.so && /sbin/ldconfig to fix it.
-
-So remove ldconfig call from make install-libs
-
-Upstream-Status: Inappropriate [disable feature]
-
-Index: zlib-1.2.11/Makefile.in
-===================================================================
---- zlib-1.2.11.orig/Makefile.in
-+++ zlib-1.2.11/Makefile.in
-@@ -322,7 +322,6 @@ install-libs: $(LIBS)
- rm -f $(DESTDIR)$(sharedlibdir)/$(SHAREDLIB) $(DESTDIR)$(sharedlibdir)/$(SHAREDLIBM); \
- ln -s $(SHAREDLIBV) $(DESTDIR)$(sharedlibdir)/$(SHAREDLIB); \
- ln -s $(SHAREDLIBV) $(DESTDIR)$(sharedlibdir)/$(SHAREDLIBM); \
-- ($(LDCONFIG) || true) >/dev/null 2>&1; \
- fi
- rm -f $(DESTDIR)$(man3dir)/zlib.3
- cp $(SRCDIR)zlib.3 $(DESTDIR)$(man3dir)
diff --git a/meta/recipes-core/zlib/zlib-1.2.11/run-ptest b/meta/recipes-core/zlib/zlib-1.2.11/run-ptest
deleted file mode 100644
index 884d9dc699..0000000000
--- a/meta/recipes-core/zlib/zlib-1.2.11/run-ptest
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-make -k runteststatic runtestshared | sed -r -e 's/^(\s+\*+ (.+?) test OK \*+)/\1\nPASS: \2/' -e 's/^(\s+\*+ (.+?) test FAILED \*+)/\1\nFAIL: \2/'
diff --git a/meta/recipes-core/zlib/zlib-1.2.11/ldflags-tests.patch b/meta/recipes-core/zlib/zlib/ldflags-tests.patch
index 19c40b7452..286390665f 100644
--- a/meta/recipes-core/zlib/zlib-1.2.11/ldflags-tests.patch
+++ b/meta/recipes-core/zlib/zlib/ldflags-tests.patch
@@ -1,7 +1,7 @@
Obey LDFLAGS for tests
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
-Upstream-Status: Pending
+Upstream-Status: Submitted [https://github.com/madler/zlib/pull/409]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
--- zlib-1.2.8.orig/Makefile.in
+++ zlib-1.2.8/Makefile.in
diff --git a/meta/recipes-core/zlib/zlib/run-ptest b/meta/recipes-core/zlib/zlib/run-ptest
new file mode 100644
index 0000000000..065863ef75
--- /dev/null
+++ b/meta/recipes-core/zlib/zlib/run-ptest
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if ./examplesh ; then
+ echo "PASS: zlib"
+else
+ echo "FAIL: zlib"
+fi
diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb b/meta/recipes-core/zlib/zlib_1.2.11.bb
index 6410519882..ef9431ae47 100644
--- a/meta/recipes-core/zlib/zlib_1.2.11.bb
+++ b/meta/recipes-core/zlib/zlib_1.2.11.bb
@@ -7,8 +7,6 @@ LICENSE = "Zlib"
LIC_FILES_CHKSUM = "file://zlib.h;beginline=6;endline=23;md5=5377232268e952e9ef63bc555f7aa6c0"
SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \
- file://remove.ldconfig.call.patch \
- file://Makefile-runtests.patch \
file://ldflags-tests.patch \
file://run-ptest \
"
@@ -24,32 +22,19 @@ RDEPENDS_${PN}-ptest += "make"
inherit ptest
do_configure() {
- uname=GNU ./configure --prefix=${prefix} --shared --libdir=${libdir}
+ LDCONFIG=true ./configure --prefix=${prefix} --shared --libdir=${libdir} --uname=GNU
}
do_compile() {
oe_runmake shared
}
-do_compile_ptest() {
- oe_runmake test
-}
-
do_install() {
oe_runmake DESTDIR=${D} install
}
do_install_ptest() {
- install ${B}/Makefile ${D}${PTEST_PATH}
- install ${B}/example ${D}${PTEST_PATH}
- install ${B}/minigzip ${D}${PTEST_PATH}
- install ${B}/examplesh ${D}${PTEST_PATH}
- install ${B}/minigzipsh ${D}${PTEST_PATH}
-
- # Remove buildhost references...
- sed -i -e "s,--sysroot=${STAGING_DIR_TARGET},,g" \
- -e 's|${DEBUG_PREFIX_MAP}||g' \
- ${D}${PTEST_PATH}/Makefile
+ install ${B}/examplesh ${D}${PTEST_PATH}
}
# Move zlib shared libraries for target builds to $base_libdir so the library
diff --git a/meta/recipes-devtools/binutils/binutils-2.31.inc b/meta/recipes-devtools/binutils/binutils-2.31.inc
index 62acec500e..c9a3610e72 100644
--- a/meta/recipes-devtools/binutils/binutils-2.31.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.31.inc
@@ -46,6 +46,12 @@ SRC_URI = "\
file://CVE-2018-18605.patch \
file://CVE-2018-18606.patch \
file://CVE-2018-18607.patch \
+ file://CVE-2019-14444.patch \
+ file://CVE-2019-12972.patch \
+ file://CVE-2018-20623.patch \
+ file://CVE-2018-20651.patch \
+ file://CVE-2018-20671.patch \
+ file://CVE-2018-1000876.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-1000876.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-1000876.patch
new file mode 100644
index 0000000000..ff853511f9
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-1000876.patch
@@ -0,0 +1,180 @@
+From efec0844fcfb5692f5a78f4082994d63e420ecd9 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 16 Dec 2018 23:02:50 +1030
+Subject: [PATCH] PR23994, libbfd integer overflow
+
+ PR 23994
+ * aoutx.h: Include limits.h.
+ (get_reloc_upper_bound): Detect long overflow and return a file
+ too big error if it occurs.
+ * elf.c: Include limits.h.
+ (_bfd_elf_get_symtab_upper_bound): Detect long overflow and return
+ a file too big error if it occurs.
+ (_bfd_elf_get_dynamic_symtab_upper_bound): Likewise.
+ (_bfd_elf_get_dynamic_reloc_upper_bound): Likewise.
+
+CVE: CVE-2018-1000876
+Upstream-Status: Backport
+[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ bfd/aoutx.h | 40 +++++++++++++++++++++-------------------
+ bfd/elf.c | 32 ++++++++++++++++++++++++--------
+ 2 files changed, 45 insertions(+), 27 deletions(-)
+
+diff --git a/bfd/aoutx.h b/bfd/aoutx.h
+index 023843b0be..78eaa9c503 100644
+--- a/bfd/aoutx.h
++++ b/bfd/aoutx.h
+@@ -117,6 +117,7 @@ DESCRIPTION
+ #define KEEPIT udata.i
+
+ #include "sysdep.h"
++#include <limits.h>
+ #include "bfd.h"
+ #include "safe-ctype.h"
+ #include "bfdlink.h"
+@@ -2491,6 +2492,8 @@ NAME (aout, canonicalize_reloc) (bfd *abfd,
+ long
+ NAME (aout, get_reloc_upper_bound) (bfd *abfd, sec_ptr asect)
+ {
++ bfd_size_type count;
++
+ if (bfd_get_format (abfd) != bfd_object)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+@@ -2498,26 +2501,25 @@ NAME (aout, get_reloc_upper_bound) (bfd *abfd, sec_ptr asect)
+ }
+
+ if (asect->flags & SEC_CONSTRUCTOR)
+- return sizeof (arelent *) * (asect->reloc_count + 1);
+-
+- if (asect == obj_datasec (abfd))
+- return sizeof (arelent *)
+- * ((exec_hdr (abfd)->a_drsize / obj_reloc_entry_size (abfd))
+- + 1);
+-
+- if (asect == obj_textsec (abfd))
+- return sizeof (arelent *)
+- * ((exec_hdr (abfd)->a_trsize / obj_reloc_entry_size (abfd))
+- + 1);
+-
+- if (asect == obj_bsssec (abfd))
+- return sizeof (arelent *);
+-
+- if (asect == obj_bsssec (abfd))
+- return 0;
++ count = asect->reloc_count;
++ else if (asect == obj_datasec (abfd))
++ count = exec_hdr (abfd)->a_drsize / obj_reloc_entry_size (abfd);
++ else if (asect == obj_textsec (abfd))
++ count = exec_hdr (abfd)->a_trsize / obj_reloc_entry_size (abfd);
++ else if (asect == obj_bsssec (abfd))
++ count = 0;
++ else
++ {
++ bfd_set_error (bfd_error_invalid_operation);
++ return -1;
++ }
+
+- bfd_set_error (bfd_error_invalid_operation);
+- return -1;
++ if (count >= LONG_MAX / sizeof (arelent *))
++ {
++ bfd_set_error (bfd_error_file_too_big);
++ return -1;
++ }
++ return (count + 1) * sizeof (arelent *);
+ }
+
+ long
+diff --git a/bfd/elf.c b/bfd/elf.c
+index 828241d48a..10037176a3 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -35,6 +35,7 @@ SECTION
+ /* For sparc64-cross-sparc32. */
+ #define _SYSCALL32
+ #include "sysdep.h"
++#include <limits.h>
+ #include "bfd.h"
+ #include "bfdlink.h"
+ #include "libbfd.h"
+@@ -8114,11 +8115,16 @@ error_return:
+ long
+ _bfd_elf_get_symtab_upper_bound (bfd *abfd)
+ {
+- long symcount;
++ bfd_size_type symcount;
+ long symtab_size;
+ Elf_Internal_Shdr *hdr = &elf_tdata (abfd)->symtab_hdr;
+
+ symcount = hdr->sh_size / get_elf_backend_data (abfd)->s->sizeof_sym;
++ if (symcount >= LONG_MAX / sizeof (asymbol *))
++ {
++ bfd_set_error (bfd_error_file_too_big);
++ return -1;
++ }
+ symtab_size = (symcount + 1) * (sizeof (asymbol *));
+ if (symcount > 0)
+ symtab_size -= sizeof (asymbol *);
+@@ -8129,7 +8135,7 @@ _bfd_elf_get_symtab_upper_bound (bfd *abfd)
+ long
+ _bfd_elf_get_dynamic_symtab_upper_bound (bfd *abfd)
+ {
+- long symcount;
++ bfd_size_type symcount;
+ long symtab_size;
+ Elf_Internal_Shdr *hdr = &elf_tdata (abfd)->dynsymtab_hdr;
+
+@@ -8140,6 +8146,11 @@ _bfd_elf_get_dynamic_symtab_upper_bound (bfd *abfd)
+ }
+
+ symcount = hdr->sh_size / get_elf_backend_data (abfd)->s->sizeof_sym;
++ if (symcount >= LONG_MAX / sizeof (asymbol *))
++ {
++ bfd_set_error (bfd_error_file_too_big);
++ return -1;
++ }
+ symtab_size = (symcount + 1) * (sizeof (asymbol *));
+ if (symcount > 0)
+ symtab_size -= sizeof (asymbol *);
+@@ -8209,7 +8220,7 @@ _bfd_elf_canonicalize_dynamic_symtab (bfd *abfd,
+ long
+ _bfd_elf_get_dynamic_reloc_upper_bound (bfd *abfd)
+ {
+- long ret;
++ bfd_size_type count;
+ asection *s;
+
+ if (elf_dynsymtab (abfd) == 0)
+@@ -8218,15 +8229,20 @@ _bfd_elf_get_dynamic_reloc_upper_bound (bfd *abfd)
+ return -1;
+ }
+
+- ret = sizeof (arelent *);
++ count = 1;
+ for (s = abfd->sections; s != NULL; s = s->next)
+ if (elf_section_data (s)->this_hdr.sh_link == elf_dynsymtab (abfd)
+ && (elf_section_data (s)->this_hdr.sh_type == SHT_REL
+ || elf_section_data (s)->this_hdr.sh_type == SHT_RELA))
+- ret += ((s->size / elf_section_data (s)->this_hdr.sh_entsize)
+- * sizeof (arelent *));
+-
+- return ret;
++ {
++ count += s->size / elf_section_data (s)->this_hdr.sh_entsize;
++ if (count > LONG_MAX / sizeof (arelent *))
++ {
++ bfd_set_error (bfd_error_file_too_big);
++ return -1;
++ }
++ }
++ return count * sizeof (arelent *);
+ }
+
+ /* Canonicalize the dynamic relocation entries. Note that we return the
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-20623.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-20623.patch
new file mode 100644
index 0000000000..b44d448fce
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-20623.patch
@@ -0,0 +1,74 @@
+From 90cce28d4b59f86366d4f562d01a8d439d514234 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 9 Jan 2019 12:25:16 +0000
+Subject: [PATCH] Fix a heap use after free memory access fault when displaying
+ error messages about malformed archives.
+
+ PR 14049
+ * readelf.c (process_archive): Use arch.file_name in error
+ messages until the qualified name is available.
+
+CVE: CVE-2018-20623
+Upstream-Status: Backport
+[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=28e817cc440bce73691c03e01860089a0954a837]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ binutils/readelf.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+index f4df697a7d..280023d8de 100644
+--- a/binutils/readelf.c
++++ b/binutils/readelf.c
+@@ -19061,7 +19061,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
+ /* Read the next archive header. */
+ if (fseek (filedata->handle, arch.next_arhdr_offset, SEEK_SET) != 0)
+ {
+- error (_("%s: failed to seek to next archive header\n"), filedata->file_name);
++ error (_("%s: failed to seek to next archive header\n"), arch.file_name);
+ return FALSE;
+ }
+ got = fread (&arch.arhdr, 1, sizeof arch.arhdr, filedata->handle);
+@@ -19069,7 +19069,10 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
+ {
+ if (got == 0)
+ break;
+- error (_("%s: failed to read archive header\n"), filedata->file_name);
++ /* PR 24049 - we cannot use filedata->file_name as this will
++ have already been freed. */
++ error (_("%s: failed to read archive header\n"), arch.file_name);
++
+ ret = FALSE;
+ break;
+ }
+@@ -19089,7 +19092,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
+ name = get_archive_member_name (&arch, &nested_arch);
+ if (name == NULL)
+ {
+- error (_("%s: bad archive file name\n"), filedata->file_name);
++ error (_("%s: bad archive file name\n"), arch.file_name);
+ ret = FALSE;
+ break;
+ }
+@@ -19098,7 +19101,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
+ qualified_name = make_qualified_name (&arch, &nested_arch, name);
+ if (qualified_name == NULL)
+ {
+- error (_("%s: bad archive file name\n"), filedata->file_name);
++ error (_("%s: bad archive file name\n"), arch.file_name);
+ ret = FALSE;
+ break;
+ }
+@@ -19144,7 +19147,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
+ if (nested_arch.file == NULL)
+ {
+ error (_("%s: contains corrupt thin archive: %s\n"),
+- filedata->file_name, name);
++ qualified_name, name);
+ ret = FALSE;
+ break;
+ }
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-20651.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-20651.patch
new file mode 100644
index 0000000000..24fb031223
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-20651.patch
@@ -0,0 +1,35 @@
+From 6a29d95602b09bb83d2c82b45ed935157fb780aa Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 31 Dec 2018 15:40:08 +1030
+Subject: [PATCH] PR24041, Invalid Memory Address Dereference in
+ elf_link_add_object_symbols
+
+ PR 24041
+ * elflink.c (elf_link_add_object_symbols): Don't segfault on
+ crafted ET_DYN with no program headers.
+
+CVE: CVE-2018-20651
+Upstream-Status: Backport
+[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ bfd/elflink.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index 46091b6341..557c550082 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -4178,7 +4178,7 @@ error_free_dyn:
+ all sections contained fully therein. This makes relro
+ shared library sections appear as they will at run-time. */
+ phdr = elf_tdata (abfd)->phdr + elf_elfheader (abfd)->e_phnum;
+- while (--phdr >= elf_tdata (abfd)->phdr)
++ while (phdr-- > elf_tdata (abfd)->phdr)
+ if (phdr->p_type == PT_GNU_RELRO)
+ {
+ for (s = abfd->sections; s != NULL; s = s->next)
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch
new file mode 100644
index 0000000000..9bd9207bb5
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch
@@ -0,0 +1,49 @@
+From 8a5f4f2ebe7f35ac5646060fa51e3332f6ef388c Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 4 Jan 2019 13:44:34 +0000
+Subject: [PATCH] Fix a possible integer overflow problem when examining
+ corrupt binaries using a 32-bit binutil.
+
+ PR 24005
+ * objdump.c (load_specific_debug_section): Check for integer
+ overflow before attempting to allocate contents.
+
+CVE: CVE-2018-20671
+Upstream-Status: Backport
+[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11fa9f134fd658075c6f74499c780df045d9e9ca]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ binutils/objdump.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/binutils/objdump.c b/binutils/objdump.c
+index f468fcdb59..89ca688938 100644
+--- a/binutils/objdump.c
++++ b/binutils/objdump.c
+@@ -2503,12 +2503,19 @@ load_specific_debug_section (enum dwarf_section_display_enum debug,
+ section->reloc_info = NULL;
+ section->num_relocs = 0;
+ section->address = bfd_get_section_vma (abfd, sec);
++ section->user_data = sec;
+ section->size = bfd_get_section_size (sec);
+ amt = section->size + 1;
++ if (amt == 0 || amt > bfd_get_file_size (abfd))
++ {
++ section->start = NULL;
++ free_debug_section (debug);
++ printf (_("\nSection '%s' has an invalid size: %#llx.\n"),
++ section->name, (unsigned long long) section->size);
++ return FALSE;
++ }
+ section->start = contents = malloc (amt);
+- section->user_data = sec;
+- if (amt == 0
+- || section->start == NULL
++ if (section->start == NULL
+ || !bfd_get_full_section_contents (abfd, sec, &contents))
+ {
+ free_debug_section (debug);
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch
new file mode 100644
index 0000000000..3e95b9221a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch
@@ -0,0 +1,39 @@
+From 890f750a3b053532a4b839a2dd6243076de12031 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Fri, 21 Jun 2019 11:51:38 +0930
+Subject: [PATCH] PR24689, string table corruption
+
+The testcase in the PR had a e_shstrndx section of type SHT_GROUP.
+hdr->contents were initialized by setup_group rather than being read
+from the file, thus last byte was not zero and string dereference ran
+off the end of the buffer.
+
+ PR 24689
+ * elfcode.h (elf_object_p): Check type of e_shstrndx section.
+
+Upstream-Status: Backport
+https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031
+
+CVE: CVE-2019-12972
+Affects: <= 2.23.0
+Dropped Changelog
+Signed-off-by Armin Kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/elfcode.h | 3 ++-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/bfd/elfcode.h
+===================================================================
+--- git.orig/bfd/elfcode.h
++++ git/bfd/elfcode.h
+@@ -747,7 +747,8 @@ elf_object_p (bfd *abfd)
+ /* A further sanity check. */
+ if (i_ehdrp->e_shnum != 0)
+ {
+- if (i_ehdrp->e_shstrndx >= elf_numsections (abfd))
++ if (i_ehdrp->e_shstrndx >= elf_numsections (abfd)
++ || i_shdrp[i_ehdrp->e_shstrndx].sh_type != SHT_STRTAB)
+ {
+ /* PR 2257:
+ We used to just goto got_wrong_format_error here
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch
new file mode 100644
index 0000000000..499cf0e046
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch
@@ -0,0 +1,33 @@
+From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 5 Aug 2019 10:40:35 +0100
+Subject: [PATCH] Catch potential integer overflow in readelf when processing
+ corrupt binaries.
+
+ PR 24829
+ * readelf.c (apply_relocations): Catch potential integer overflow
+ whilst checking reloc location against section size.
+
+Upstream-Status: Backport
+https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7
+CVE: CVE-2019-14444
+Dropped changelog
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/readelf.c | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -13113,7 +13113,7 @@ apply_relocations (Filedata *
+ }
+
+ rloc = start + rp->r_offset;
+- if ((rloc + reloc_size) > end || (rloc < start))
++ if (rloc >= end || (rloc + reloc_size) > end || (rloc < start))
+ {
+ warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
+ (unsigned long) rp->r_offset,
diff --git a/meta/recipes-devtools/binutils/binutils/nativesdk-relocation.patch b/meta/recipes-devtools/binutils/binutils/nativesdk-relocation.patch
new file mode 100644
index 0000000000..408f7d18b7
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/nativesdk-relocation.patch
@@ -0,0 +1,80 @@
+We need binutils to look at our ld.so.conf file within the SDK to ensure
+we search the SDK's libdirs as well as those from the host system.
+
+We therefore pass in the directory to the code using a define, then add
+it to a section we relocate in a similar way to the way we relocate the
+gcc internal paths. This ensures that ld works correctly in our buildtools
+tarball.
+
+Standard sysroot relocation doesn't work since we're not in a sysroot,
+we want to use both the host system and SDK libs.
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+2020/1/17
+Upstream-Status: Inappropriate [OE specific tweak]
+
+Index: git/ld/Makefile.am
+===================================================================
+--- git.orig/ld/Makefile.am
++++ git/ld/Makefile.am
+@@ -36,7 +36,8 @@ am__skipyacc =
+
+ ELF_CLFAGS=-DELF_LIST_OPTIONS=@elf_list_options@ \
+ -DELF_SHLIB_LIST_OPTIONS=@elf_shlib_list_options@ \
+- -DELF_PLT_UNWIND_LIST_OPTIONS=@elf_plt_unwind_list_options@
++ -DELF_PLT_UNWIND_LIST_OPTIONS=@elf_plt_unwind_list_options@ \
++ -DSYSCONFDIR="\"$(sysconfdir)\""
+ WARN_CFLAGS = @WARN_CFLAGS@
+ NO_WERROR = @NO_WERROR@
+ AM_CFLAGS = $(WARN_CFLAGS) $(ELF_CLFAGS)
+Index: git/ld/Makefile.in
+===================================================================
+--- git.orig/ld/Makefile.in
++++ git/ld/Makefile.in
+@@ -546,7 +546,8 @@ am__skiplex =
+ am__skipyacc =
+ ELF_CLFAGS = -DELF_LIST_OPTIONS=@elf_list_options@ \
+ -DELF_SHLIB_LIST_OPTIONS=@elf_shlib_list_options@ \
+- -DELF_PLT_UNWIND_LIST_OPTIONS=@elf_plt_unwind_list_options@
++ -DELF_PLT_UNWIND_LIST_OPTIONS=@elf_plt_unwind_list_options@ \
++ -DSYSCONFDIR="\"$(sysconfdir)\""
+
+ AM_CFLAGS = $(WARN_CFLAGS) $(ELF_CLFAGS)
+ @ENABLE_PLUGINS_FALSE@PLUGIN_C =
+Index: git/ld/emultempl/elf32.em
+===================================================================
+--- git.orig/ld/emultempl/elf32.em
++++ git/ld/emultempl/elf32.em
+@@ -1024,7 +1024,7 @@ gld${EMULATION_NAME}_check_ld_so_conf (c
+
+ info.path = NULL;
+ info.len = info.alloc = 0;
+- tmppath = concat (ld_sysroot, "${prefix}/etc/ld.so.conf",
++ tmppath = concat (ld_sysconfdir, "/ld.so.conf",
+ (const char *) NULL);
+ if (!gld${EMULATION_NAME}_parse_ld_so_conf (&info, tmppath))
+ {
+Index: git/ld/ldmain.c
+===================================================================
+--- git.orig/ld/ldmain.c
++++ git/ld/ldmain.c
+@@ -68,6 +68,7 @@ char *program_name;
+
+ /* The prefix for system library directories. */
+ const char *ld_sysroot;
++char ld_sysconfdir[4096] __attribute__ ((section (".gccrelocprefix"))) = SYSCONFDIR;
+
+ /* The canonical representation of ld_sysroot. */
+ char *ld_canon_sysroot;
+Index: git/ld/ldmain.h
+===================================================================
+--- git.orig/ld/ldmain.h
++++ git/ld/ldmain.h
+@@ -23,6 +23,7 @@
+
+ extern char *program_name;
+ extern const char *ld_sysroot;
++extern char ld_sysconfdir[4096];
+ extern char *ld_canon_sysroot;
+ extern int ld_canon_sysroot_len;
+ extern FILE *saved_script_handle;
diff --git a/meta/recipes-devtools/binutils/binutils_2.31.bb b/meta/recipes-devtools/binutils/binutils_2.31.bb
index 51a9748906..625e18c787 100644
--- a/meta/recipes-devtools/binutils/binutils_2.31.bb
+++ b/meta/recipes-devtools/binutils/binutils_2.31.bb
@@ -46,4 +46,9 @@ do_install_class-native () {
PACKAGE_BEFORE_PN += "libbfd"
FILES_libbfd = "${libdir}/libbfd-*.so"
+SRC_URI_append_class-nativesdk = "file://nativesdk-relocation.patch"
+
+USE_ALTERNATIVES_FOR_class-nativesdk = ""
+FILES_${PN}_append_class-nativesdk = " ${bindir}"
+
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb b/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb
deleted file mode 100644
index 1c84fb1cf2..0000000000
--- a/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb
+++ /dev/null
@@ -1,62 +0,0 @@
-SUMMARY = "cve-check-tool"
-DESCRIPTION = "cve-check-tool is a tool for checking known (public) CVEs.\
-The tool will identify potentially vunlnerable software packages within Linux distributions through version matching."
-HOMEPAGE = "https://github.com/ikeydoherty/cve-check-tool"
-SECTION = "Development/Tools"
-LICENSE = "GPL-2.0+"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=e8c1458438ead3c34974bc0be3a03ed6"
-
-SRC_URI = "https://github.com/ikeydoherty/${BPN}/releases/download/v${PV}/${BP}.tar.xz \
- file://check-for-malloc_trim-before-using-it.patch \
- file://0001-print-progress-in-percent-when-downloading-CVE-db.patch \
- file://0001-curl-allow-overriding-default-CA-certificate-file.patch \
- file://0001-update-Compare-computed-vs-expected-sha256-digit-str.patch \
- file://0001-Fix-freeing-memory-allocated-by-sqlite.patch \
- "
-
-SRC_URI[md5sum] = "c5f4247140fc9be3bf41491d31a34155"
-SRC_URI[sha256sum] = "b8f283be718af8d31232ac1bfc10a0378fb958aaaa49af39168f8acf501e6a5b"
-
-UPSTREAM_CHECK_URI = "https://github.com/ikeydoherty/cve-check-tool/releases"
-
-DEPENDS = "libcheck glib-2.0 json-glib curl libxml2 sqlite3 openssl ca-certificates"
-
-RDEPENDS_${PN} = "ca-certificates"
-
-inherit pkgconfig autotools
-
-EXTRA_OECONF = "--disable-coverage --enable-relative-plugins"
-CFLAGS_append = " -Wno-error=pedantic"
-
-do_populate_cve_db() {
- if [ "${BB_NO_NETWORK}" = "1" ] ; then
- bbwarn "BB_NO_NETWORK is set; Can't update cve-check-tool database, new CVEs won't be detected"
- return
- fi
-
- # In case we don't inherit cve-check class, use default values defined in the class.
- cve_dir="${CVE_CHECK_DB_DIR}"
- cve_file="${CVE_CHECK_TMP_FILE}"
-
- [ -z "${cve_dir}" ] && cve_dir="${DL_DIR}/CVE_CHECK"
- [ -z "${cve_file}" ] && cve_file="${TMPDIR}/cve_check"
-
- unused="${@bb.utils.export_proxies(d)}"
- bbdebug 2 "Updating cve-check-tool database located in $cve_dir"
- # --cacert works around curl-native not finding the CA bundle
- if cve-check-update --cacert ${sysconfdir}/ssl/certs/ca-certificates.crt -d "$cve_dir" ; then
- printf "CVE database was updated on %s UTC\n\n" "$(LANG=C date --utc +'%F %T')" > "$cve_file"
- else
- bbwarn "Error in executing cve-check-update"
- if [ "${@'1' if bb.data.inherits_class('cve-check', d) else '0'}" -ne 0 ] ; then
- bbwarn "Failed to update cve-check-tool database, CVEs won't be checked"
- fi
- fi
-}
-
-addtask populate_cve_db after do_populate_sysroot
-do_populate_cve_db[depends] = "cve-check-tool-native:do_populate_sysroot"
-do_populate_cve_db[nostamp] = "1"
-do_populate_cve_db[progress] = "percent"
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch b/meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch
deleted file mode 100644
index 4a82cf2dde..0000000000
--- a/meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From a3353429652f83bb8b0316500faa88fa2555542d Mon Sep 17 00:00:00 2001
-From: Peter Marko <peter.marko@siemens.com>
-Date: Thu, 13 Apr 2017 23:09:52 +0200
-Subject: [PATCH] Fix freeing memory allocated by sqlite
-
-Upstream-Status: Backport
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
----
- src/core.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/core.c b/src/core.c
-index 6263031..6788f16 100644
---- a/src/core.c
-+++ b/src/core.c
-@@ -82,7 +82,7 @@ static bool ensure_table(CveDB *self)
- rc = sqlite3_exec(self->db, query, NULL, NULL, &err);
- if (rc != SQLITE_OK) {
- fprintf(stderr, "ensure_table(): %s\n", err);
-- free(err);
-+ sqlite3_free(err);
- return false;
- }
-
-@@ -91,7 +91,7 @@ static bool ensure_table(CveDB *self)
- rc = sqlite3_exec(self->db, query, NULL, NULL, &err);
- if (rc != SQLITE_OK) {
- fprintf(stderr, "ensure_table(): %s\n", err);
-- free(err);
-+ sqlite3_free(err);
- return false;
- }
-
-@@ -99,11 +99,11 @@ static bool ensure_table(CveDB *self)
- rc = sqlite3_exec(self->db, query, NULL, NULL, &err);
- if (rc != SQLITE_OK) {
- fprintf(stderr, "ensure_table(): %s\n", err);
-- free(err);
-+ sqlite3_free(err);
- return false;
- }
- if (err) {
-- free(err);
-+ sqlite3_free(err);
- }
-
- return true;
---
-2.1.4
-
diff --git a/meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch b/meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch
deleted file mode 100644
index 3d8ebd1bd2..0000000000
--- a/meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch
+++ /dev/null
@@ -1,215 +0,0 @@
-From 825a9969dea052b02ba868bdf39e676349f10dce Mon Sep 17 00:00:00 2001
-From: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Date: Thu, 9 Feb 2017 14:51:28 +0200
-Subject: [PATCH] curl: allow overriding default CA certificate file
-
-Similar to curl, --cacert can now be used in cve-check-tool and
-cve-check-update to override the default CA certificate file. Useful
-in cases where the system default is unsuitable (for example,
-out-dated) or broken (as in OE's current native libcurl, which embeds
-a path string from one build host and then uses it on another although
-the right path may have become something different).
-
-Upstream-Status: Submitted [https://github.com/ikeydoherty/cve-check-tool/pull/45]
-
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
-
-
-Took Patrick Ohlys original patch from meta-security-isafw, rebased
-on top of other patches.
-
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
----
- src/library/cve-check-tool.h | 1 +
- src/library/fetch.c | 10 +++++++++-
- src/library/fetch.h | 3 ++-
- src/main.c | 5 ++++-
- src/update-main.c | 4 +++-
- src/update.c | 12 +++++++-----
- src/update.h | 2 +-
- 7 files changed, 27 insertions(+), 10 deletions(-)
-
-diff --git a/src/library/cve-check-tool.h b/src/library/cve-check-tool.h
-index e4bb5b1..f89eade 100644
---- a/src/library/cve-check-tool.h
-+++ b/src/library/cve-check-tool.h
-@@ -43,6 +43,7 @@ typedef struct CveCheckTool {
- bool bugs; /**<Whether bug tracking is enabled */
- GHashTable *mapping; /**<CVE Mapping */
- const char *output_file; /**<Output file, if any */
-+ const char *cacert_file; /**<Non-default SSL certificate file, if any */
- } CveCheckTool;
-
- /**
-diff --git a/src/library/fetch.c b/src/library/fetch.c
-index 0fe6d76..8f998c3 100644
---- a/src/library/fetch.c
-+++ b/src/library/fetch.c
-@@ -60,7 +60,8 @@ static int progress_callback_new(void *ptr, curl_off_t dltotal, curl_off_t dlnow
- }
-
- FetchStatus fetch_uri(const char *uri, const char *target, bool verbose,
-- unsigned int start_percent, unsigned int end_percent)
-+ unsigned int start_percent, unsigned int end_percent,
-+ const char *cacert_file)
- {
- FetchStatus ret = FETCH_STATUS_FAIL;
- CURLcode res;
-@@ -74,6 +75,13 @@ FetchStatus fetch_uri(const char *uri, const char *target, bool verbose,
- return ret;
- }
-
-+ if (cacert_file) {
-+ res = curl_easy_setopt(curl, CURLOPT_CAINFO, cacert_file);
-+ if (res != CURLE_OK) {
-+ goto bail;
-+ }
-+ }
-+
- if (stat(target, &st) == 0) {
- res = curl_easy_setopt(curl, CURLOPT_TIMECONDITION, CURL_TIMECOND_IFMODSINCE);
- if (res != CURLE_OK) {
-diff --git a/src/library/fetch.h b/src/library/fetch.h
-index 4cce5d1..836c7d7 100644
---- a/src/library/fetch.h
-+++ b/src/library/fetch.h
-@@ -29,7 +29,8 @@ typedef enum {
- * @return A FetchStatus, indicating the operation taken
- */
- FetchStatus fetch_uri(const char *uri, const char *target, bool verbose,
-- unsigned int this_percent, unsigned int next_percent);
-+ unsigned int this_percent, unsigned int next_percent,
-+ const char *cacert_file);
-
- /**
- * Attempt to extract the given gzipped file
-diff --git a/src/main.c b/src/main.c
-index 8e6f158..ae69d47 100644
---- a/src/main.c
-+++ b/src/main.c
-@@ -280,6 +280,7 @@ static bool csv_mode = false;
- static char *modified_stamp = NULL;
- static gchar *mapping_file = NULL;
- static gchar *output_file = NULL;
-+static gchar *cacert_file = NULL;
-
- static GOptionEntry _entries[] = {
- { "not-patched", 'n', 0, G_OPTION_ARG_NONE, &hide_patched, "Hide patched/addressed CVEs", NULL },
-@@ -294,6 +295,7 @@ static GOptionEntry _entries[] = {
- { "csv", 'c', 0, G_OPTION_ARG_NONE, &csv_mode, "Output CSV formatted data only", NULL },
- { "mapping", 'M', 0, G_OPTION_ARG_STRING, &mapping_file, "Path to a mapping file", NULL},
- { "output-file", 'o', 0, G_OPTION_ARG_STRING, &output_file, "Path to the output file (output plugin specific)", NULL},
-+ { "cacert", 'C', 0, G_OPTION_ARG_STRING, &cacert_file, "Path to the combined SSL certificates file (system default is used if not set)", NULL},
- { .short_name = 0 }
- };
-
-@@ -492,6 +494,7 @@ int main(int argc, char **argv)
-
- quiet = csv_mode || !no_html;
- self->output_file = output_file;
-+ self->cacert_file = cacert_file;
-
- if (!csv_mode && self->output_file) {
- quiet = false;
-@@ -530,7 +533,7 @@ int main(int argc, char **argv)
- if (status) {
- fprintf(stderr, "Update of db forced\n");
- cve_db_unlock();
-- if (!update_db(quiet, db_path->str)) {
-+ if (!update_db(quiet, db_path->str, self->cacert_file)) {
- fprintf(stderr, "DB update failure\n");
- goto cleanup;
- }
-diff --git a/src/update-main.c b/src/update-main.c
-index 2379cfa..c52d9d0 100644
---- a/src/update-main.c
-+++ b/src/update-main.c
-@@ -43,11 +43,13 @@ the Free Software Foundation; either version 2 of the License, or\n\
- static gchar *nvds = NULL;
- static bool _show_version = false;
- static bool _quiet = false;
-+static const char *_cacert_file = NULL;
-
- static GOptionEntry _entries[] = {
- { "nvd-dir", 'd', 0, G_OPTION_ARG_STRING, &nvds, "NVD directory in filesystem", NULL },
- { "version", 'v', 0, G_OPTION_ARG_NONE, &_show_version, "Show version", NULL },
- { "quiet", 'q', 0, G_OPTION_ARG_NONE, &_quiet, "Run silently", NULL },
-+ { "cacert", 'C', 0, G_OPTION_ARG_STRING, &_cacert_file, "Path to the combined SSL certificates file (system default is used if not set)", NULL},
- { .short_name = 0 }
- };
-
-@@ -88,7 +90,7 @@ int main(int argc, char **argv)
- goto end;
- }
-
-- if (update_db(_quiet, db_path->str)) {
-+ if (update_db(_quiet, db_path->str, _cacert_file)) {
- ret = EXIT_SUCCESS;
- } else {
- fprintf(stderr, "Failed to update database\n");
-diff --git a/src/update.c b/src/update.c
-index 070560a..8cb4a39 100644
---- a/src/update.c
-+++ b/src/update.c
-@@ -267,7 +267,8 @@ static inline void update_end(int fd, const char *update_fname, bool ok)
-
- static int do_fetch_update(int year, const char *db_dir, CveDB *cve_db,
- bool db_exist, bool verbose,
-- unsigned int this_percent, unsigned int next_percent)
-+ unsigned int this_percent, unsigned int next_percent,
-+ const char *cacert_file)
- {
- const char nvd_uri[] = URI_PREFIX;
- autofree(cve_string) *uri_meta = NULL;
-@@ -331,14 +332,14 @@ refetch:
- }
-
- /* Fetch NVD META file */
-- st = fetch_uri(uri_meta->str, nvdcve_meta->str, verbose, this_percent, this_percent);
-+ st = fetch_uri(uri_meta->str, nvdcve_meta->str, verbose, this_percent, this_percent, cacert_file);
- if (st == FETCH_STATUS_FAIL) {
- fprintf(stderr, "Failed to fetch %s\n", uri_meta->str);
- return -1;
- }
-
- /* Fetch NVD XML file */
-- st = fetch_uri(uri_data_gz->str, nvdcve_data_gz->str, verbose, this_percent, next_percent);
-+ st = fetch_uri(uri_data_gz->str, nvdcve_data_gz->str, verbose, this_percent, next_percent, cacert_file);
- switch (st) {
- case FETCH_STATUS_FAIL:
- fprintf(stderr, "Failed to fetch %s\n", uri_data_gz->str);
-@@ -391,7 +392,7 @@ refetch:
- return 0;
- }
-
--bool update_db(bool quiet, const char *db_file)
-+bool update_db(bool quiet, const char *db_file, const char *cacert_file)
- {
- autofree(char) *db_dir = NULL;
- autofree(CveDB) *cve_db = NULL;
-@@ -466,7 +467,8 @@ bool update_db(bool quiet, const char *db_file)
- if (!quiet)
- fprintf(stderr, "completed: %u%%\r", start_percent);
- rc = do_fetch_update(y, db_dir, cve_db, db_exist, !quiet,
-- start_percent, end_percent);
-+ start_percent, end_percent,
-+ cacert_file);
- switch (rc) {
- case 0:
- if (!quiet)
-diff --git a/src/update.h b/src/update.h
-index b8e9911..ceea0c3 100644
---- a/src/update.h
-+++ b/src/update.h
-@@ -15,7 +15,7 @@ cve_string *get_db_path(const char *path);
-
- int update_required(const char *db_file);
-
--bool update_db(bool quiet, const char *db_file);
-+bool update_db(bool quiet, const char *db_file, const char *cacert_file);
-
-
- /*
---
-2.1.4
-
diff --git a/meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch b/meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch
deleted file mode 100644
index 8ea6f686e3..0000000000
--- a/meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From e9ed26cde63f8ca7607a010a518329339f8c02d3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <git@andred.net>
-Date: Mon, 26 Sep 2016 12:12:41 +0100
-Subject: [PATCH] print progress in percent when downloading CVE db
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Upstream-Status: Pending
-Signed-off-by: André Draszik <git@andred.net>
----
- src/library/fetch.c | 28 +++++++++++++++++++++++++++-
- src/library/fetch.h | 3 ++-
- src/update.c | 16 ++++++++++++----
- 3 files changed, 41 insertions(+), 6 deletions(-)
-
-diff --git a/src/library/fetch.c b/src/library/fetch.c
-index 06d4b30..0fe6d76 100644
---- a/src/library/fetch.c
-+++ b/src/library/fetch.c
-@@ -37,13 +37,37 @@ static size_t write_func(void *ptr, size_t size, size_t nmemb, struct fetch_t *f
- return fwrite(ptr, size, nmemb, f->f);
- }
-
--FetchStatus fetch_uri(const char *uri, const char *target, bool verbose)
-+struct percent_t {
-+ unsigned int start;
-+ unsigned int end;
-+};
-+
-+static int progress_callback_new(void *ptr, curl_off_t dltotal, curl_off_t dlnow, curl_off_t ultotal, curl_off_t ulnow)
-+{
-+ (void) ultotal;
-+ (void) ulnow;
-+
-+ struct percent_t *percent = (struct percent_t *) ptr;
-+
-+ if (dltotal && percent && percent->end >= percent->start) {
-+ unsigned int diff = percent->end - percent->start;
-+ if (diff) {
-+ fprintf(stderr,"completed: %"CURL_FORMAT_CURL_OFF_T"%%\r", percent->start + (diff * dlnow / dltotal));
-+ }
-+ }
-+
-+ return 0;
-+}
-+
-+FetchStatus fetch_uri(const char *uri, const char *target, bool verbose,
-+ unsigned int start_percent, unsigned int end_percent)
- {
- FetchStatus ret = FETCH_STATUS_FAIL;
- CURLcode res;
- struct stat st;
- CURL *curl = NULL;
- struct fetch_t *f = NULL;
-+ struct percent_t percent = { .start = start_percent, .end = end_percent };
-
- curl = curl_easy_init();
- if (!curl) {
-@@ -67,6 +91,8 @@ FetchStatus fetch_uri(const char *uri, const char *target, bool verbose)
- }
- if (verbose) {
- (void)curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0L);
-+ (void)curl_easy_setopt(curl, CURLOPT_XFERINFODATA, &percent);
-+ (void)curl_easy_setopt(curl, CURLOPT_XFERINFOFUNCTION, progress_callback_new);
- }
- res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, (curl_write_callback)write_func);
- if (res != CURLE_OK) {
-diff --git a/src/library/fetch.h b/src/library/fetch.h
-index 70c3779..4cce5d1 100644
---- a/src/library/fetch.h
-+++ b/src/library/fetch.h
-@@ -28,7 +28,8 @@ typedef enum {
- * @param verbose Whether to be verbose
- * @return A FetchStatus, indicating the operation taken
- */
--FetchStatus fetch_uri(const char *uri, const char *target, bool verbose);
-+FetchStatus fetch_uri(const char *uri, const char *target, bool verbose,
-+ unsigned int this_percent, unsigned int next_percent);
-
- /**
- * Attempt to extract the given gzipped file
-diff --git a/src/update.c b/src/update.c
-index 30fbe96..eaeeefd 100644
---- a/src/update.c
-+++ b/src/update.c
-@@ -266,7 +266,8 @@ static inline void update_end(int fd, const char *update_fname, bool ok)
- }
-
- static int do_fetch_update(int year, const char *db_dir, CveDB *cve_db,
-- bool db_exist, bool verbose)
-+ bool db_exist, bool verbose,
-+ unsigned int this_percent, unsigned int next_percent)
- {
- const char nvd_uri[] = URI_PREFIX;
- autofree(cve_string) *uri_meta = NULL;
-@@ -330,14 +331,14 @@ refetch:
- }
-
- /* Fetch NVD META file */
-- st = fetch_uri(uri_meta->str, nvdcve_meta->str, verbose);
-+ st = fetch_uri(uri_meta->str, nvdcve_meta->str, verbose, this_percent, this_percent);
- if (st == FETCH_STATUS_FAIL) {
- fprintf(stderr, "Failed to fetch %s\n", uri_meta->str);
- return -1;
- }
-
- /* Fetch NVD XML file */
-- st = fetch_uri(uri_data_gz->str, nvdcve_data_gz->str, verbose);
-+ st = fetch_uri(uri_data_gz->str, nvdcve_data_gz->str, verbose, this_percent, next_percent);
- switch (st) {
- case FETCH_STATUS_FAIL:
- fprintf(stderr, "Failed to fetch %s\n", uri_data_gz->str);
-@@ -459,10 +460,17 @@ bool update_db(bool quiet, const char *db_file)
- for (int i = YEAR_START; i <= year+1; i++) {
- int y = i > year ? -1 : i;
- int rc;
-+ unsigned int start_percent = ((i+0 - YEAR_START) * 100) / (year+2 - YEAR_START);
-+ unsigned int end_percent = ((i+1 - YEAR_START) * 100) / (year+2 - YEAR_START);
-
-- rc = do_fetch_update(y, db_dir, cve_db, db_exist, !quiet);
-+ if (!quiet)
-+ fprintf(stderr, "completed: %u%%\r", start_percent);
-+ rc = do_fetch_update(y, db_dir, cve_db, db_exist, !quiet,
-+ start_percent, end_percent);
- switch (rc) {
- case 0:
-+ if (!quiet)
-+ fprintf(stderr,"completed: %u%%\r", end_percent);
- continue;
- case ENOMEM:
- goto oom;
---
-2.9.3
-
diff --git a/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch b/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch
deleted file mode 100644
index 458c0cc84e..0000000000
--- a/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From b0426e63c9ac61657e029f689bcb8dd051e752c6 Mon Sep 17 00:00:00 2001
-From: Sergey Popovich <popovich_sergei@mail.ua>
-Date: Fri, 21 Apr 2017 07:32:23 -0700
-Subject: [PATCH] update: Compare computed vs expected sha256 digit string
- ignoring case
-
-We produce sha256 digest string using %x snprintf()
-qualifier for each byte of digest which uses alphabetic
-characters from "a" to "f" in lower case to represent
-integer values from 10 to 15.
-
-Previously all of the NVD META files supply sha256
-digest string for corresponding XML file in lower case.
-
-However due to some reason this changed recently to
-provide digest digits in upper case causing fetched
-data consistency checks to fail. This prevents database
-from being updated periodically.
-
-While commit c4f6e94 (update: Do not treat sha256 failure
-as fatal if requested) adds useful option to skip
-digest validation at all and thus provides workaround for
-this situation, it might be unacceptable for some
-deployments where we need to ensure that downloaded
-data is consistent before start parsing it and update
-SQLite database.
-
-Use strcasecmp() to compare two digest strings case
-insensitively and addressing this case.
-
-Upstream-Status: Backport
-Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua>
----
- src/update.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/update.c b/src/update.c
-index 8588f38..3cc6b67 100644
---- a/src/update.c
-+++ b/src/update.c
-@@ -187,7 +187,7 @@ static bool nvdcve_data_ok(const char *meta, const char *data)
- snprintf(&csum_data[idx], len, "%02hhx", digest[i]);
- }
-
-- ret = streq(csum_meta, csum_data);
-+ ret = !strcasecmp(csum_meta, csum_data);
-
- err_unmap:
- munmap(buffer, length);
---
-2.11.0
-
diff --git a/meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch b/meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch
deleted file mode 100644
index 0774ad946a..0000000000
--- a/meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From ce64633b9733e962b8d8482244301f614d8b5845 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 22 Aug 2016 22:54:24 -0700
-Subject: [PATCH] Check for malloc_trim before using it
-
-malloc_trim is gnu specific and not all libc
-implement it, threfore write a configure check
-to poke for it first and use the define to
-guard its use.
-
-Helps in compiling on musl based systems
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Submitted [https://github.com/ikeydoherty/cve-check-tool/pull/48]
- configure.ac | 2 ++
- src/core.c | 4 ++--
- 2 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index d3b66ce..79c3542 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -19,6 +19,8 @@ m4_define([json_required_version], [0.16.0])
- m4_define([openssl_required_version],[1.0.0])
- # TODO: Set minimum sqlite
-
-+AC_CHECK_FUNCS_ONCE(malloc_trim)
-+
- PKG_CHECK_MODULES(CVE_CHECK_TOOL,
- [
- glib-2.0 >= glib_required_version,
-diff --git a/src/core.c b/src/core.c
-index 6263031..0d5df29 100644
---- a/src/core.c
-+++ b/src/core.c
-@@ -498,9 +498,9 @@ bool cve_db_load(CveDB *self, const char *fname)
- }
-
- b = true;
--
-+#ifdef HAVE_MALLOC_TRIM
- malloc_trim(0);
--
-+#endif
- xmlFreeTextReader(r);
- if (fd) {
- close(fd);
---
-2.9.3
-
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest b/meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest
index ef10b08bc8..c97c0377e9 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest
@@ -1,7 +1,7 @@
#!/bin/sh
cd ./test
-./test_script | sed -u -e '/:[[:space:]]ok/s/^/PASS: /' -e '/:[[:space:]]failed/s/^/FAIL: /' -e '/:[[:space:]]skipped/s/^/SKIP: /'
+SKIP_SLOW_TESTS=yes ./test_script | sed -u -e '/:[[:space:]]ok/s/^/PASS: /' -e '/:[[:space:]]failed/s/^/FAIL: /' -e '/:[[:space:]]skipped/s/^/SKIP: /'
rm -rf /var/volatile/tmp/*e2fsprogs*
rm -f tmp-*
rm -f *.tmp
diff --git a/meta/recipes-devtools/elfutils/elfutils_0.175.bb b/meta/recipes-devtools/elfutils/elfutils_0.175.bb
index b0b9ddc736..862a9b6c98 100644
--- a/meta/recipes-devtools/elfutils/elfutils_0.175.bb
+++ b/meta/recipes-devtools/elfutils/elfutils_0.175.bb
@@ -27,6 +27,12 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
file://debian/hurd_path.patch \
file://debian/ignore_strmerge.diff \
file://debian/disable_werror.patch \
+ file://CVE-2019-7149.patch \
+ file://CVE-2019-7150.patch \
+ file://CVE-2019-7146_p1.patch \
+ file://CVE-2019-7146_p2.patch \
+ file://CVE-2019-7664.patch \
+ file://CVE-2019-7665.patch \
"
SRC_URI_append_libc-musl = " file://0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch"
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch b/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch
new file mode 100644
index 0000000000..b6cd29af1a
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch
@@ -0,0 +1,52 @@
+From 012018907ca05eb0ab51d424a596ef38fc87cae1 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Wed, 16 Jan 2019 11:57:35 +0100
+Subject: [PATCH] libebl: Check GNU property note pr_datasz fits inside note
+ description.
+
+Before printing the data values, make sure pr_datasz doesn't go beyond
+the end of the note description data.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=24075
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+Upstream-Status: Backport
+CVE: CVE-2019-7146 patch #1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ libebl/ChangeLog | 4 ++++
+ libebl/eblobjnote.c | 7 +++++++
+ 2 files changed, 11 insertions(+)
+
+Index: elfutils-0.175/libebl/eblobjnote.c
+===================================================================
+--- elfutils-0.175.orig/libebl/eblobjnote.c
++++ elfutils-0.175/libebl/eblobjnote.c
+@@ -350,6 +350,13 @@ ebl_object_note (Ebl *ebl, uint32_t name
+ desc += 8;
+ descsz -= 8;
+
++ if (prop.pr_datasz > descsz)
++ {
++ printf ("BAD property datasz: %" PRId32 "\n",
++ prop.pr_datasz);
++ return;
++ }
++
+ int elfclass = gelf_getclass (ebl->elf);
+ char *elfident = elf_getident (ebl->elf, NULL);
+ GElf_Ehdr ehdr;
+Index: elfutils-0.175/libebl/ChangeLog
+===================================================================
+--- elfutils-0.175.orig/libebl/ChangeLog
++++ elfutils-0.175/libebl/ChangeLog
+@@ -1,3 +1,7 @@
++2019-01-16 Mark Wielaard <mark@klomp.org>
++
++ * eblobjnte.c (ebl_object_note): Check pr_datasz isn't too large.
++
+ 2018-11-15 Mark Wielaard <mark@klomp.org>
+
+ * eblobjnotetypename.c (ebl_object_note_type_name): Don't update
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p2.patch b/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p2.patch
new file mode 100644
index 0000000000..4434b36579
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p2.patch
@@ -0,0 +1,65 @@
+From cd7ded3df43f655af945c869976401a602e46fcd Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Wed, 30 Jan 2019 00:04:11 +0100
+Subject: [PATCH] libebl: Check GNU property note data padding fits inside
+ note.
+
+The GNU property note data is padded. Make sure the extra padding
+still fits in the note description.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=24075
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+Upstream-Status: Backport
+CVE: CVE-2019-7146 patch #2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ libebl/ChangeLog | 5 +++++
+ libebl/eblobjnote.c | 17 +++++++++--------
+ 2 files changed, 14 insertions(+), 8 deletions(-)
+
+Index: elfutils-0.175/libebl/ChangeLog
+===================================================================
+--- elfutils-0.175.orig/libebl/ChangeLog
++++ elfutils-0.175/libebl/ChangeLog
+@@ -1,3 +1,8 @@
++2019-01-29 Mark Wielaard <mark@klomp.org>
++
++ * eblobjnote.c (ebl_object_note): Check pr_datasz padding doesn't
++ overflow descsz.
++
+ 2019-01-16 Mark Wielaard <mark@klomp.org>
+
+ * eblobjnte.c (ebl_object_note): Check pr_datasz isn't too large.
+Index: elfutils-0.175/libebl/eblobjnote.c
+===================================================================
+--- elfutils-0.175.orig/libebl/eblobjnote.c
++++ elfutils-0.175/libebl/eblobjnote.c
+@@ -486,16 +486,17 @@ ebl_object_note (Ebl *ebl, uint32_t name
+ printf ("%02" PRIx8 "\n", (uint8_t) desc[i]);
+ }
+ }
++
+ if (elfclass == ELFCLASS32)
+- {
+- desc += NOTE_ALIGN4 (prop.pr_datasz);
+- descsz -= NOTE_ALIGN4 (prop.pr_datasz);
+- }
++ prop.pr_datasz = NOTE_ALIGN4 (prop.pr_datasz);
+ else
+- {
+- desc += NOTE_ALIGN8 (prop.pr_datasz);
+- descsz -= NOTE_ALIGN8 (prop.pr_datasz);
+- }
++ prop.pr_datasz = NOTE_ALIGN8 (prop.pr_datasz);
++
++ desc += prop.pr_datasz;
++ if (descsz > prop.pr_datasz)
++ descsz -= prop.pr_datasz;
++ else
++ descsz = 0;
+ }
+ }
+ break;
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7149.patch b/meta/recipes-devtools/elfutils/files/CVE-2019-7149.patch
new file mode 100644
index 0000000000..215a1715bf
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7149.patch
@@ -0,0 +1,148 @@
+From 2562759d6fe5b364fe224852e64e8bda39eb2e35 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sun, 20 Jan 2019 22:10:18 +0100
+Subject: [PATCH] libdw: Check terminating NUL byte in dwarf_getsrclines for
+ dir/file table.
+
+For DWARF version < 5 the .debug_line directory and file tables consist
+of a terminating NUL byte after all strings. The code used to just skip
+this without checking it actually existed. This could case a spurious
+read past the end of data.
+
+Fix the same issue in readelf.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=24102
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+Upstream-Status: Backport
+CVE: CVE-2019-7149
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ libdw/ChangeLog | 5 +++++
+ libdw/dwarf_getsrclines.c | 11 ++++++++---
+ src/ChangeLog | 5 +++++
+ src/readelf.c | 8 ++++++--
+ 4 files changed, 24 insertions(+), 5 deletions(-)
+
+Index: elfutils-0.175/libdw/dwarf_getsrclines.c
+===================================================================
+--- elfutils-0.175.orig/libdw/dwarf_getsrclines.c
++++ elfutils-0.175/libdw/dwarf_getsrclines.c
+@@ -315,7 +315,7 @@ read_srclines (Dwarf *dbg,
+ if (version < 5)
+ {
+ const unsigned char *dirp = linep;
+- while (*dirp != 0)
++ while (dirp < lineendp && *dirp != 0)
+ {
+ uint8_t *endp = memchr (dirp, '\0', lineendp - dirp);
+ if (endp == NULL)
+@@ -323,6 +323,8 @@ read_srclines (Dwarf *dbg,
+ ++ndirs;
+ dirp = endp + 1;
+ }
++ if (dirp >= lineendp || *dirp != '\0')
++ goto invalid_data;
+ ndirs = ndirs + 1; /* There is always the "unknown" dir. */
+ }
+ else
+@@ -392,11 +394,12 @@ read_srclines (Dwarf *dbg,
+ {
+ dirarray[n].dir = (char *) linep;
+ uint8_t *endp = memchr (linep, '\0', lineendp - linep);
+- assert (endp != NULL);
++ assert (endp != NULL); // Checked above when calculating ndirlist.
+ dirarray[n].len = endp - linep;
+ linep = endp + 1;
+ }
+ /* Skip the final NUL byte. */
++ assert (*linep == '\0'); // Checked above when calculating ndirlist.
+ ++linep;
+ }
+ else
+@@ -471,7 +474,7 @@ read_srclines (Dwarf *dbg,
+ {
+ if (unlikely (linep >= lineendp))
+ goto invalid_data;
+- while (*linep != 0)
++ while (linep < lineendp && *linep != '\0')
+ {
+ struct filelist *new_file = NEW_FILE ();
+
+@@ -527,6 +530,8 @@ read_srclines (Dwarf *dbg,
+ goto invalid_data;
+ get_uleb128 (new_file->info.length, linep, lineendp);
+ }
++ if (linep >= lineendp || *linep != '\0')
++ goto invalid_data;
+ /* Skip the final NUL byte. */
+ ++linep;
+ }
+Index: elfutils-0.175/src/readelf.c
+===================================================================
+--- elfutils-0.175.orig/src/readelf.c
++++ elfutils-0.175/src/readelf.c
+@@ -8444,7 +8444,7 @@ print_debug_line_section (Dwfl_Module *d
+ }
+ else
+ {
+- while (*linep != 0)
++ while (linep < lineendp && *linep != 0)
+ {
+ unsigned char *endp = memchr (linep, '\0', lineendp - linep);
+ if (unlikely (endp == NULL))
+@@ -8454,6 +8454,8 @@ print_debug_line_section (Dwfl_Module *d
+
+ linep = endp + 1;
+ }
++ if (linep >= lineendp || *linep != 0)
++ goto invalid_unit;
+ /* Skip the final NUL byte. */
+ ++linep;
+ }
+@@ -8523,7 +8525,7 @@ print_debug_line_section (Dwfl_Module *d
+ else
+ {
+ puts (gettext (" Entry Dir Time Size Name"));
+- for (unsigned int cnt = 1; *linep != 0; ++cnt)
++ for (unsigned int cnt = 1; linep < lineendp && *linep != 0; ++cnt)
+ {
+ /* First comes the file name. */
+ char *fname = (char *) linep;
+@@ -8553,6 +8555,8 @@ print_debug_line_section (Dwfl_Module *d
+ printf (" %-5u %-5u %-9u %-9u %s\n",
+ cnt, diridx, mtime, fsize, fname);
+ }
++ if (linep >= lineendp || *linep != '\0')
++ goto invalid_unit;
+ /* Skip the final NUL byte. */
+ ++linep;
+ }
+Index: elfutils-0.175/libdw/ChangeLog
+===================================================================
+--- elfutils-0.175.orig/libdw/ChangeLog
++++ elfutils-0.175/libdw/ChangeLog
+@@ -1,3 +1,8 @@
++2019-01-20 Mark Wielaard <mark@klomp.org>
++
++ * dwarf_getsrclines.c (read_srclines): Check terminating NUL byte
++ for dir and file lists.
++
+ 2018-10-20 Mark Wielaard <mark@klomp.org>
+
+ * libdw.map (ELFUTILS_0.175): New section. Add dwelf_elf_begin.
+Index: elfutils-0.175/src/ChangeLog
+===================================================================
+--- elfutils-0.175.orig/src/ChangeLog
++++ elfutils-0.175/src/ChangeLog
+@@ -1,3 +1,8 @@
++2019-01-20 Mark Wielaard <mark@klomp.org>
++
++ * readelf.c (print_debug_line_section): Check terminating NUL byte
++ for dir and file tables.
++
+ 2018-11-10 Mark Wielaard <mark@klomp.org>
+
+ * elflint.c (check_program_header): Allow PT_GNU_EH_FRAME segment
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch b/meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch
new file mode 100644
index 0000000000..01a4fb1562
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch
@@ -0,0 +1,51 @@
+From da5c5336a1eaf519de246f7d9f0f5585e1d4ac59 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sun, 20 Jan 2019 23:05:56 +0100
+Subject: [PATCH] libdwfl: Sanity check partial core file dyn data read.
+
+When reading the dyn data from the core file check if we got everything,
+or just part of the data.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=24103
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+Upstream-Status: Backport
+CVE: CVE-2019-7150
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ libdwfl/ChangeLog | 5 +++++
+ libdwfl/dwfl_segment_report_module.c | 6 ++++++
+ 2 files changed, 11 insertions(+)
+
+Index: elfutils-0.175/libdwfl/dwfl_segment_report_module.c
+===================================================================
+--- elfutils-0.175.orig/libdwfl/dwfl_segment_report_module.c
++++ elfutils-0.175/libdwfl/dwfl_segment_report_module.c
+@@ -783,6 +783,12 @@ dwfl_segment_report_module (Dwfl *dwfl,
+ if (dyn_filesz != 0 && dyn_filesz % dyn_entsize == 0
+ && ! read_portion (&dyn_data, &dyn_data_size, dyn_vaddr, dyn_filesz))
+ {
++ /* dyn_data_size will be zero if we got everything from the initial
++ buffer, otherwise it will be the size of the new buffer that
++ could be read. */
++ if (dyn_data_size != 0)
++ dyn_filesz = dyn_data_size;
++
+ void *dyns = malloc (dyn_filesz);
+ Elf32_Dyn (*d32)[dyn_filesz / sizeof (Elf32_Dyn)] = dyns;
+ Elf64_Dyn (*d64)[dyn_filesz / sizeof (Elf64_Dyn)] = dyns;
+Index: elfutils-0.175/libdwfl/ChangeLog
+===================================================================
+--- elfutils-0.175.orig/libdwfl/ChangeLog
++++ elfutils-0.175/libdwfl/ChangeLog
+@@ -1,3 +1,8 @@
++2019-01-20 Mark Wielaard <mark@klomp.org>
++
++ * dwfl_segment_report_module.c (dwfl_segment_report_module): Check
++ dyn_filesz vs dyn_data_size after read_portion call.
++
+ 2018-10-20 Mark Wielaard <mark@klomp.org>
+
+ * libdwflP.h (__libdw_open_elf): New internal function declaration.
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch b/meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch
new file mode 100644
index 0000000000..e55dc5a054
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch
@@ -0,0 +1,65 @@
+From 3ed05376e7b2c96c1d6eb24d2842cc25b79a4f07 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Wed, 16 Jan 2019 12:25:57 +0100
+Subject: [PATCH] CVE: CVE-2019-7664
+
+Upstream-Status: Backport
+libelf: Correct overflow check in note_xlate.
+
+We want to make sure the note_len doesn't overflow and becomes shorter
+than the note header. But the namesz and descsz checks got the note header
+size wrong). Replace the wrong constant (8) with a sizeof cvt_Nhdr (12).
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=24084
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+Signed-off-by: Ubuntu <lisa@shuagr-yocto-build.mdn4q2lr1oauhmizmzsslly3ad.xx.internal.cloudapp.net>
+---
+ libelf/ChangeLog | 13 +++++++++++++
+ libelf/note_xlate.h | 4 ++--
+ 2 files changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/libelf/ChangeLog b/libelf/ChangeLog
+index 68c4fbd..892e6e7 100644
+--- a/libelf/ChangeLog
++++ b/libelf/ChangeLog
+@@ -1,3 +1,16 @@
++<<<<<<< HEAD
++=======
++2019-01-16 Mark Wielaard <mark@klomp.org>
++
++ * note_xlate.h (elf_cvt_note): Check n_namesz and n_descsz don't
++ overflow note_len into note header.
++
++2018-11-17 Mark Wielaard <mark@klomp.org>
++
++ * elf32_updatefile.c (updatemmap): Make sure to call convert
++ function on a properly aligned destination.
++
++>>>>>>> e65d91d... libelf: Correct overflow check in note_xlate.
+ 2018-11-16 Mark Wielaard <mark@klomp.org>
+
+ * libebl.h (__elf32_msize): Mark with const attribute.
+diff --git a/libelf/note_xlate.h b/libelf/note_xlate.h
+index 9bdc3e2..bc9950f 100644
+--- a/libelf/note_xlate.h
++++ b/libelf/note_xlate.h
+@@ -46,13 +46,13 @@ elf_cvt_note (void *dest, const void *src, size_t len, int encode,
+ /* desc needs to be aligned. */
+ note_len += n->n_namesz;
+ note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len);
+- if (note_len > len || note_len < 8)
++ if (note_len > len || note_len < sizeof *n)
+ break;
+
+ /* data as a whole needs to be aligned. */
+ note_len += n->n_descsz;
+ note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len);
+- if (note_len > len || note_len < 8)
++ if (note_len > len || note_len < sizeof *n)
+ break;
+
+ /* Copy or skip the note data. */
+--
+2.7.4
+
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7665.patch b/meta/recipes-devtools/elfutils/files/CVE-2019-7665.patch
new file mode 100644
index 0000000000..a1bb30979d
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7665.patch
@@ -0,0 +1,154 @@
+From 4323d46c4a369b614aa1f574805860b3434552df Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Wed, 16 Jan 2019 15:41:31 +0100
+Subject: [PATCH] CVE: CVE-2019-7665
+
+Upstream-Status: Backport
+
+Sign off: Shubham Agrawal <shuagr@microsoft.com>
+
+libebl: Check NT_PLATFORM core notes contain a zero terminated string.
+
+Most strings in core notes are fixed size. But NT_PLATFORM contains just
+a variable length string. Check that it is actually zero terminated
+before passing to readelf to print.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=24089
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+Signed-off-by: Ubuntu <lisa@shuagr-yocto-build.mdn4q2lr1oauhmizmzsslly3ad.xx.internal.cloudapp.net>
+---
+ libdwfl/linux-core-attach.c | 9 +++++----
+ libebl/eblcorenote.c | 39 +++++++++++++++++++--------------------
+ libebl/libebl.h | 3 ++-
+ src/readelf.c | 2 +-
+ 4 files changed, 27 insertions(+), 26 deletions(-)
+
+diff --git a/libdwfl/linux-core-attach.c b/libdwfl/linux-core-attach.c
+index 6c99b9e..c0f1b0d 100644
+--- a/libdwfl/linux-core-attach.c
++++ b/libdwfl/linux-core-attach.c
+@@ -137,7 +137,7 @@ core_next_thread (Dwfl *dwfl __attribute__ ((unused)), void *dwfl_arg,
+ const Ebl_Register_Location *reglocs;
+ size_t nitems;
+ const Ebl_Core_Item *items;
+- if (! ebl_core_note (core_arg->ebl, &nhdr, name,
++ if (! ebl_core_note (core_arg->ebl, &nhdr, name, desc,
+ &regs_offset, &nregloc, &reglocs, &nitems, &items))
+ {
+ /* This note may be just not recognized, skip it. */
+@@ -191,8 +191,9 @@ core_set_initial_registers (Dwfl_Thread *thread, void *thread_arg_voidp)
+ const Ebl_Register_Location *reglocs;
+ size_t nitems;
+ const Ebl_Core_Item *items;
+- int core_note_err = ebl_core_note (core_arg->ebl, &nhdr, name, &regs_offset,
+- &nregloc, &reglocs, &nitems, &items);
++ int core_note_err = ebl_core_note (core_arg->ebl, &nhdr, name, desc,
++ &regs_offset, &nregloc, &reglocs,
++ &nitems, &items);
+ /* __libdwfl_attach_state_for_core already verified the note is there. */
+ assert (core_note_err != 0);
+ assert (nhdr.n_type == NT_PRSTATUS);
+@@ -383,7 +384,7 @@ dwfl_core_file_attach (Dwfl *dwfl, Elf *core)
+ const Ebl_Register_Location *reglocs;
+ size_t nitems;
+ const Ebl_Core_Item *items;
+- if (! ebl_core_note (ebl, &nhdr, name,
++ if (! ebl_core_note (ebl, &nhdr, name, desc,
+ &regs_offset, &nregloc, &reglocs, &nitems, &items))
+ {
+ /* This note may be just not recognized, skip it. */
+diff --git a/libebl/eblcorenote.c b/libebl/eblcorenote.c
+index 783f981..7fab397 100644
+--- a/libebl/eblcorenote.c
++++ b/libebl/eblcorenote.c
+@@ -36,11 +36,13 @@
+ #include <inttypes.h>
+ #include <stdio.h>
+ #include <stddef.h>
++#include <string.h>
+ #include <libeblP.h>
+
+
+ int
+ ebl_core_note (Ebl *ebl, const GElf_Nhdr *nhdr, const char *name,
++ const char *desc,
+ GElf_Word *regs_offset, size_t *nregloc,
+ const Ebl_Register_Location **reglocs, size_t *nitems,
+ const Ebl_Core_Item **items)
+@@ -51,28 +53,25 @@ ebl_core_note (Ebl *ebl, const GElf_Nhdr *nhdr, const char *name,
+ {
+ /* The machine specific function did not know this type. */
+
+- *regs_offset = 0;
+- *nregloc = 0;
+- *reglocs = NULL;
+- switch (nhdr->n_type)
++ /* NT_PLATFORM is kind of special since it needs a zero terminated
++ string (other notes often have a fixed size string). */
++ static const Ebl_Core_Item platform[] =
+ {
+-#define ITEMS(type, table) \
+- case type: \
+- *items = table; \
+- *nitems = sizeof table / sizeof table[0]; \
+- result = 1; \
+- break
++ {
++ .name = "Platform",
++ .type = ELF_T_BYTE, .count = 0, .format = 's'
++ }
++ };
+
+- static const Ebl_Core_Item platform[] =
+- {
+- {
+- .name = "Platform",
+- .type = ELF_T_BYTE, .count = 0, .format = 's'
+- }
+- };
+- ITEMS (NT_PLATFORM, platform);
+-
+-#undef ITEMS
++ if (nhdr->n_type == NT_PLATFORM
++ && memchr (desc, '\0', nhdr->n_descsz) != NULL)
++ {
++ *regs_offset = 0;
++ *nregloc = 0;
++ *reglocs = NULL;
++ *items = platform;
++ *nitems = 1;
++ result = 1;
+ }
+ }
+
+diff --git a/libebl/libebl.h b/libebl/libebl.h
+index ca9b9fe..24922eb 100644
+--- a/libebl/libebl.h
++++ b/libebl/libebl.h
+@@ -319,7 +319,8 @@ typedef struct
+
+ /* Describe the format of a core file note with the given header and NAME.
+ NAME is not guaranteed terminated, it's NHDR->n_namesz raw bytes. */
+-extern int ebl_core_note (Ebl *ebl, const GElf_Nhdr *nhdr, const char *name,
++extern int ebl_core_note (Ebl *ebl, const GElf_Nhdr *nhdr,
++ const char *name, const char *desc,
+ GElf_Word *regs_offset, size_t *nregloc,
+ const Ebl_Register_Location **reglocs,
+ size_t *nitems, const Ebl_Core_Item **items)
+diff --git a/src/readelf.c b/src/readelf.c
+index 3a73710..71651e0 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -12153,7 +12153,7 @@ handle_core_note (Ebl *ebl, const GElf_Nhdr *nhdr,
+ size_t nitems;
+ const Ebl_Core_Item *items;
+
+- if (! ebl_core_note (ebl, nhdr, name,
++ if (! ebl_core_note (ebl, nhdr, name, desc,
+ &regs_offset, &nregloc, &reglocs, &nitems, &items))
+ return;
+
+--
+2.7.4
+
diff --git a/meta/recipes-devtools/file/file/CVE-2019-8904.patch b/meta/recipes-devtools/file/file/CVE-2019-8904.patch
new file mode 100644
index 0000000000..5c3d6f73a4
--- /dev/null
+++ b/meta/recipes-devtools/file/file/CVE-2019-8904.patch
@@ -0,0 +1,30 @@
+From 94b7501f48e134e77716e7ebefc73d6bbe72ba55 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 18 Feb 2019 17:30:41 +0000
+Subject: [PATCH] PR/62: spinpx: Avoid non-nul-terminated string read.
+
+Upstream-Status: Backport
+CVE: CVE-2019-8904
+Affects < 5.36
+[Fixup for thud context]
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/readelf.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+Index: git/src/readelf.c
+===================================================================
+--- git.orig/src/readelf.c
++++ git/src/readelf.c
+@@ -558,8 +558,8 @@ do_bid_note(struct magic_set *ms, unsign
+ }
+ if (namesz == 4 && strcmp((char *)&nbuf[noff], "Go") == 0 &&
+ type == NT_GO_BUILD_ID && descsz < 128) {
+- if (file_printf(ms, ", Go BuildID=%s",
+- (char *)&nbuf[doff]) == -1)
++ if (file_printf(ms, ", Go BuildID=%.*s",
++ CAST(int, descsz), CAST(char *, &nbuf[doff])) == -1)
+ return 1;
+ return 1;
+ }
diff --git a/meta/recipes-devtools/file/file/CVE-2019-8905_CVE-2019-8907.patch b/meta/recipes-devtools/file/file/CVE-2019-8905_CVE-2019-8907.patch
new file mode 100644
index 0000000000..a55b94c61a
--- /dev/null
+++ b/meta/recipes-devtools/file/file/CVE-2019-8905_CVE-2019-8907.patch
@@ -0,0 +1,120 @@
+From d65781527c8134a1202b2649695d48d5701ac60b Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 18 Feb 2019 17:46:56 +0000
+Subject: [PATCH] PR/62: spinpx: limit size of file_printable.
+
+Upstream-Status: Backport
+CVE: CVE-2019-8905
+CVE: CVE-2019-8907
+affects < 5.36
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/file.h | 4 ++--
+ src/funcs.c | 9 +++++----
+ src/readelf.c | 7 ++++---
+ src/softmagic.c | 14 ++++++++------
+ 4 files changed, 19 insertions(+), 15 deletions(-)
+
+Index: git/src/file.h
+===================================================================
+--- git.orig/src/file.h
++++ git/src/file.h
+@@ -501,7 +501,7 @@ protected int file_looks_utf8(const unsi
+ size_t *);
+ protected size_t file_pstring_length_size(const struct magic *);
+ protected size_t file_pstring_get_length(const struct magic *, const char *);
+-protected char * file_printable(char *, size_t, const char *);
++protected char * file_printable(char *, size_t, const char *, size_t);
+ #ifdef __EMX__
+ protected int file_os2_apptype(struct magic_set *, const char *, const void *,
+ size_t);
+Index: git/src/funcs.c
+===================================================================
+--- git.orig/src/funcs.c
++++ git/src/funcs.c
+@@ -595,12 +595,13 @@ file_pop_buffer(struct magic_set *ms, fi
+ * convert string to ascii printable format.
+ */
+ protected char *
+-file_printable(char *buf, size_t bufsiz, const char *str)
++file_printable(char *buf, size_t bufsiz, const char *str, size_t slen)
+ {
+- char *ptr, *eptr;
++ char *ptr, *eptr = buf + bufsiz - 1;
+ const unsigned char *s = (const unsigned char *)str;
++ const unsigned char *es = s + slen;
+
+- for (ptr = buf, eptr = ptr + bufsiz - 1; ptr < eptr && *s; s++) {
++ for (ptr = buf; ptr < eptr && s < es && *s; s++) {
+ if (isprint(*s)) {
+ *ptr++ = *s;
+ continue;
+Index: git/src/readelf.c
+===================================================================
+--- git.orig/src/readelf.c
++++ git/src/readelf.c
+@@ -750,7 +750,7 @@ do_core_note(struct magic_set *ms, unsig
+ if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
+ "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",
+ file_printable(sbuf, sizeof(sbuf),
+- CAST(char *, pi.cpi_name)),
++ CAST(char *, pi.cpi_name), sizeof(pi.cpi_name)),
+ elf_getu32(swap, (uint32_t)pi.cpi_pid),
+ elf_getu32(swap, pi.cpi_euid),
+ elf_getu32(swap, pi.cpi_egid),
+@@ -1655,7 +1655,8 @@ dophn_exec(struct magic_set *ms, int cla
+ return -1;
+ if (interp[0])
+ if (file_printf(ms, ", interpreter %s",
+- file_printable(ibuf, sizeof(ibuf), interp)) == -1)
++ file_printable(ibuf, sizeof(ibuf), interp, sizeof(interp)))
++ == -1)
+ return -1;
+ return 0;
+ }
+Index: git/src/softmagic.c
+===================================================================
+--- git.orig/src/softmagic.c
++++ git/src/softmagic.c
+@@ -616,8 +616,8 @@ mprint(struct magic_set *ms, struct magi
+ case FILE_LESTRING16:
+ if (m->reln == '=' || m->reln == '!') {
+ if (file_printf(ms, F(ms, desc, "%s"),
+- file_printable(sbuf, sizeof(sbuf), m->value.s))
+- == -1)
++ file_printable(sbuf, sizeof(sbuf), m->value.s,
++ sizeof(m->value.s))) == -1)
+ return -1;
+ t = ms->offset + m->vallen;
+ }
+@@ -644,7 +644,8 @@ mprint(struct magic_set *ms, struct magi
+ }
+
+ if (file_printf(ms, F(ms, desc, "%s"),
+- file_printable(sbuf, sizeof(sbuf), str)) == -1)
++ file_printable(sbuf, sizeof(sbuf), str,
++ sizeof(p->s) - (str - p->s))) == -1)
+ return -1;
+
+ if (m->type == FILE_PSTRING)
+@@ -750,7 +751,7 @@ mprint(struct magic_set *ms, struct magi
+ return -1;
+ }
+ rval = file_printf(ms, F(ms, desc, "%s"),
+- file_printable(sbuf, sizeof(sbuf), cp));
++ file_printable(sbuf, sizeof(sbuf), cp, ms->search.rm_len));
+ free(cp);
+
+ if (rval == -1)
+@@ -777,7 +778,8 @@ mprint(struct magic_set *ms, struct magi
+ break;
+ case FILE_DER:
+ if (file_printf(ms, F(ms, desc, "%s"),
+- file_printable(sbuf, sizeof(sbuf), ms->ms_value.s)) == -1)
++ file_printable(sbuf, sizeof(sbuf), ms->ms_value.s,
++ sizeof(ms->ms_value.s))) == -1)
+ return -1;
+ t = ms->offset;
+ break;
diff --git a/meta/recipes-devtools/file/file/CVE-2019-8906.patch b/meta/recipes-devtools/file/file/CVE-2019-8906.patch
new file mode 100644
index 0000000000..1079ac6675
--- /dev/null
+++ b/meta/recipes-devtools/file/file/CVE-2019-8906.patch
@@ -0,0 +1,27 @@
+From 2858eaf99f6cc5aae129bcbf1e24ad160240185f Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Wed, 2 Jan 2019 19:44:14 +0000
+Subject: [PATCH] Avoid OOB read (found by ASAN reported by F. Alonso)
+
+Upstream-Status: Backport
+CVE: CVE-2019-8906
+Affects < 5.36
+[Fixup for thud context]
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ src/readelf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: git/src/readelf.c
+===================================================================
+--- git.orig/src/readelf.c
++++ git/src/readelf.c
+@@ -745,7 +745,7 @@ do_core_note(struct magic_set *ms, unsig
+ char sbuf[512];
+ struct NetBSD_elfcore_procinfo pi;
+ memset(&pi, 0, sizeof(pi));
+- memcpy(&pi, nbuf + doff, descsz);
++ memcpy(&pi, nbuf + doff, MIN(descsz, sizeof(pi)));
+
+ if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
+ "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",
diff --git a/meta/recipes-devtools/file/file_5.34.bb b/meta/recipes-devtools/file/file_5.34.bb
index 5d92913cb0..cb19642ff1 100644
--- a/meta/recipes-devtools/file/file_5.34.bb
+++ b/meta/recipes-devtools/file/file_5.34.bb
@@ -16,6 +16,9 @@ UPSTREAM_CHECK_GITTAGREGEX = "FILE(?P<pver>(?!6_23).+)"
SRC_URI = "git://github.com/file/file.git \
file://debian-742262.patch \
+ file://CVE-2019-8906.patch \
+ file://CVE-2019-8904.patch \
+ file://CVE-2019-8905_CVE-2019-8907.patch \
"
SRCREV = "315cef2f699da3c31a54bd3c6c6070680fbaf1f5"
diff --git a/meta/recipes-devtools/gcc/gcc-8.2.inc b/meta/recipes-devtools/gcc/gcc-8.2.inc
index 866a77558b..bd95ccda09 100644
--- a/meta/recipes-devtools/gcc/gcc-8.2.inc
+++ b/meta/recipes-devtools/gcc/gcc-8.2.inc
@@ -73,6 +73,7 @@ SRC_URI = "\
${BACKPORTS} \
"
BACKPORTS = "\
+ file://CVE-2019-14250.patch \
"
SRC_URI[md5sum] = "4ab282f414676496483b3e1793d07862"
SRC_URI[sha256sum] = "196c3c04ba2613f893283977e6011b2345d1cd1af9abeac58e916b1aab3e0080"
diff --git a/meta/recipes-devtools/gcc/gcc-8.2/CVE-2019-14250.patch b/meta/recipes-devtools/gcc/gcc-8.2/CVE-2019-14250.patch
new file mode 100644
index 0000000000..e327684e16
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-8.2/CVE-2019-14250.patch
@@ -0,0 +1,44 @@
+From a4f1b58eb48b349a5f353bc69c30be553506d33b Mon Sep 17 00:00:00 2001
+From: rguenth <rguenth@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Thu, 25 Jul 2019 10:48:26 +0000
+Subject: [PATCH] 2019-07-25 Richard Biener <rguenther@suse.de>
+
+ PR lto/90924
+ Backport from mainline
+ 2019-07-12 Ren Kimura <rkx1209dev@gmail.com>
+
+ * simple-object-elf.c (simple_object_elf_match): Check zero value
+ shstrndx.
+
+
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-8-branch@273794 138bc75d-0d04-0410-961f-82ee72b054a4
+
+Upstream-Status: Backport
+Affectes: < 9.2
+CVE: CVE-2019-14250
+Dropped changelog
+Signed-off-by: Armin Kuster <Akustre@mvista.com>
+
+---
+ libiberty/simple-object-elf.c | 8 ++++++++
+ 2 files changed, 17 insertions(+)
+
+Index: gcc-8.2.0/libiberty/simple-object-elf.c
+===================================================================
+--- gcc-8.2.0.orig/libiberty/simple-object-elf.c
++++ gcc-8.2.0/libiberty/simple-object-elf.c
+@@ -549,6 +549,14 @@ simple_object_elf_match (unsigned char h
+ return NULL;
+ }
+
++ if (eor->shstrndx == 0)
++ {
++ *errmsg = "invalid ELF shstrndx == 0";
++ *err = 0;
++ XDELETE (eor);
++ return NULL;
++ }
++
+ return (void *) eor;
+ }
+
diff --git a/meta/recipes-devtools/go/go-1.11.inc b/meta/recipes-devtools/go/go-1.11.inc
index d626514ae6..90d40376c5 100644
--- a/meta/recipes-devtools/go/go-1.11.inc
+++ b/meta/recipes-devtools/go/go-1.11.inc
@@ -1,7 +1,7 @@
require go-common.inc
GO_BASEVERSION = "1.11"
-GO_MINOR = ".1"
+GO_MINOR = ".13"
PV .= "${GO_MINOR}"
FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
@@ -17,8 +17,7 @@ SRC_URI += "\
file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
"
-
SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
-SRC_URI[main.md5sum] = "eb9e9792247143705a7aacea9398cde0"
-SRC_URI[main.sha256sum] = "558f8c169ae215e25b81421596e8de7572bd3ba824b79add22fba6e284db1117"
+SRC_URI[main.md5sum] = "32e71746981695517387a2149eb541ef"
+SRC_URI[main.sha256sum] = "5032095fd3f641cafcce164f551e5ae873785ce7b07ca7c143aecd18f7ba4076"
diff --git a/meta/recipes-devtools/go/go-1.11/0007-cmd-go-make-GOROOT-precious-by-default.patch b/meta/recipes-devtools/go/go-1.11/0007-cmd-go-make-GOROOT-precious-by-default.patch
index f317e48a33..29ef947abd 100644
--- a/meta/recipes-devtools/go/go-1.11/0007-cmd-go-make-GOROOT-precious-by-default.patch
+++ b/meta/recipes-devtools/go/go-1.11/0007-cmd-go-make-GOROOT-precious-by-default.patch
@@ -65,8 +65,8 @@ Index: go/src/cmd/go/internal/work/exec.go
===================================================================
--- go.orig/src/cmd/go/internal/work/exec.go
+++ go/src/cmd/go/internal/work/exec.go
-@@ -440,6 +440,23 @@ func (b *Builder) build(a *Action) (err
- return fmt.Errorf("module requires Go %s", p.Module.GoVersion)
+@@ -436,6 +436,23 @@ func (b *Builder) build(a *Action) (err
+ return fmt.Errorf("missing or invalid binary-only package; expected file %q", a.Package.Target)
}
+ if goRootPrecious && (a.Package.Standard || a.Package.Goroot) {
@@ -89,7 +89,7 @@ Index: go/src/cmd/go/internal/work/exec.go
if err := b.Mkdir(a.Objdir); err != nil {
return err
}
-@@ -1435,6 +1452,14 @@ func BuildInstallFunc(b *Builder, a *Act
+@@ -1438,6 +1455,14 @@ func BuildInstallFunc(b *Builder, a *Act
return nil
}
diff --git a/meta/recipes-devtools/go/go-1.11/0008-use-GOBUILDMODE-to-set-buildmode.patch b/meta/recipes-devtools/go/go-1.11/0008-use-GOBUILDMODE-to-set-buildmode.patch
index b6ab504335..225cf439c5 100644
--- a/meta/recipes-devtools/go/go-1.11/0008-use-GOBUILDMODE-to-set-buildmode.patch
+++ b/meta/recipes-devtools/go/go-1.11/0008-use-GOBUILDMODE-to-set-buildmode.patch
@@ -18,11 +18,11 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
src/cmd/go/internal/work/build.go | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
-diff --git a/src/cmd/go/internal/work/build.go b/src/cmd/go/internal/work/build.go
-index 145b875..595d703 100644
---- a/src/cmd/go/internal/work/build.go
-+++ b/src/cmd/go/internal/work/build.go
-@@ -218,7 +218,11 @@ func AddBuildFlags(cmd *base.Command) {
+Index: go/src/cmd/go/internal/work/build.go
+===================================================================
+--- go.orig/src/cmd/go/internal/work/build.go
++++ go/src/cmd/go/internal/work/build.go
+@@ -223,7 +223,11 @@ func AddBuildFlags(cmd *base.Command) {
cmd.Flag.Var(&load.BuildAsmflags, "asmflags", "")
cmd.Flag.Var(buildCompiler{}, "compiler", "")
@@ -35,6 +35,3 @@ index 145b875..595d703 100644
cmd.Flag.Var(&load.BuildGcflags, "gcflags", "")
cmd.Flag.Var(&load.BuildGccgoflags, "gccgoflags", "")
cmd.Flag.StringVar(&cfg.BuildMod, "mod", "", "")
---
-2.7.4
-
diff --git a/meta/recipes-devtools/go/go-crosssdk.inc b/meta/recipes-devtools/go/go-crosssdk.inc
index 4391b32424..94f6fb8eb7 100644
--- a/meta/recipes-devtools/go/go-crosssdk.inc
+++ b/meta/recipes-devtools/go/go-crosssdk.inc
@@ -1,7 +1,7 @@
inherit crosssdk
DEPENDS = "go-native virtual/${TARGET_PREFIX}gcc-crosssdk virtual/nativesdk-${TARGET_PREFIX}compilerlibs virtual/${TARGET_PREFIX}binutils-crosssdk"
-PN = "go-crosssdk-${TARGET_ARCH}"
+PN = "go-crosssdk-${SDK_SYS}"
PROVIDES = "virtual/${TARGET_PREFIX}go-crosssdk"
export GOHOSTOS = "${BUILD_GOOS}"
diff --git a/meta/recipes-devtools/go/go-target.inc b/meta/recipes-devtools/go/go-target.inc
index c229ab2f8d..379f87b498 100644
--- a/meta/recipes-devtools/go/go-target.inc
+++ b/meta/recipes-devtools/go/go-target.inc
@@ -40,7 +40,7 @@ do_install() {
for f in ${B}/${GO_BUILD_BINDIR}/*; do
name=`basename $f`
install -m 0755 $f ${D}${libdir}/go/bin/
- ln -sf ../${BASELIB}/go/bin/$name ${D}${bindir}/
+ ln -sf ../${baselib}/go/bin/$name ${D}${bindir}/
done
}
diff --git a/meta/recipes-devtools/json-c/json-c_0.13.1.bb b/meta/recipes-devtools/json-c/json-c_0.13.1.bb
index 5b10e68297..e6a38995cb 100644
--- a/meta/recipes-devtools/json-c/json-c_0.13.1.bb
+++ b/meta/recipes-devtools/json-c/json-c_0.13.1.bb
@@ -20,8 +20,6 @@ RPROVIDES_${PN} = "libjson"
inherit autotools
-EXTRA_OECONF = "--enable-rdrand"
-
do_configure_prepend() {
# Clean up autoconf cruft that should not be in the tarball
rm -f ${S}/config.status
diff --git a/meta/recipes-devtools/libcomps/libcomps/CVE-2019-3817.patch b/meta/recipes-devtools/libcomps/libcomps/CVE-2019-3817.patch
new file mode 100644
index 0000000000..b8cfb3c4db
--- /dev/null
+++ b/meta/recipes-devtools/libcomps/libcomps/CVE-2019-3817.patch
@@ -0,0 +1,97 @@
+From cea10cd1f2ef6bb4edaac0c1d46d47bf237c42b8 Mon Sep 17 00:00:00 2001
+From: Riccardo Schirone <rschiron@redhat.com>
+Date: Mon, 21 Jan 2019 18:11:42 +0100
+Subject: [PATCH] Fix UAF in comps_objmrtree_unite function
+
+The added field is not used at all in many places and it is probably the
+left-over of some copy-paste.
+
+Upstream-Status: Backport
+[https://github.com/rpm-software-management/libcomps/commit
+/e3a5d056633677959ad924a51758876d415e7046]
+
+CVE: CVE-2019-3817
+
+Signed-off-by: Kevin Weng <t-keweng@microsoft.com>
+---
+ libcomps/src/comps_mradix.c | 2 --
+ libcomps/src/comps_objmradix.c | 2 --
+ libcomps/src/comps_objradix.c | 2 --
+ libcomps/src/comps_radix.c | 1 -
+ 4 files changed, 7 deletions(-)
+
+diff --git a/libcomps/src/comps_mradix.c b/libcomps/src/comps_mradix.c
+index 338cb07..6ceb7c9 100644
+--- a/libcomps/src/comps_mradix.c
++++ b/libcomps/src/comps_mradix.c
+@@ -177,7 +177,6 @@ void comps_mrtree_unite(COMPS_MRTree *rt1, COMPS_MRTree *rt2) {
+ struct Pair {
+ COMPS_HSList * subnodes;
+ char * key;
+- char added;
+ } *pair, *parent_pair;
+
+ pair = malloc(sizeof(struct Pair));
+@@ -195,7 +194,6 @@ void comps_mrtree_unite(COMPS_MRTree *rt1, COMPS_MRTree *rt2) {
+ parent_pair = (struct Pair*) it->data;
+ free(it);
+
+- pair->added = 0;
+ for (it = tmp_subnodes->first; it != NULL; it=it->next) {
+ pair = malloc(sizeof(struct Pair));
+ pair->subnodes = ((COMPS_MRTreeData*)it->data)->subnodes;
+diff --git a/libcomps/src/comps_objmradix.c b/libcomps/src/comps_objmradix.c
+index 9be6648..8771c89 100644
+--- a/libcomps/src/comps_objmradix.c
++++ b/libcomps/src/comps_objmradix.c
+@@ -285,7 +285,6 @@ void comps_objmrtree_unite(COMPS_ObjMRTree *rt1, COMPS_ObjMRTree *rt2) {
+ struct Pair {
+ COMPS_HSList * subnodes;
+ char * key;
+- char added;
+ } *pair, *parent_pair;
+
+ pair = malloc(sizeof(struct Pair));
+@@ -303,7 +302,6 @@ void comps_objmrtree_unite(COMPS_ObjMRTree *rt1, COMPS_ObjMRTree *rt2) {
+ parent_pair = (struct Pair*) it->data;
+ free(it);
+
+- pair->added = 0;
+ for (it = tmp_subnodes->first; it != NULL; it=it->next) {
+ pair = malloc(sizeof(struct Pair));
+ pair->subnodes = ((COMPS_ObjMRTreeData*)it->data)->subnodes;
+diff --git a/libcomps/src/comps_objradix.c b/libcomps/src/comps_objradix.c
+index a790270..0ebaf22 100644
+--- a/libcomps/src/comps_objradix.c
++++ b/libcomps/src/comps_objradix.c
+@@ -692,7 +692,6 @@ void comps_objrtree_unite(COMPS_ObjRTree *rt1, COMPS_ObjRTree *rt2) {
+ struct Pair {
+ COMPS_HSList * subnodes;
+ char * key;
+- char added;
+ } *pair, *parent_pair;
+
+ pair = malloc(sizeof(struct Pair));
+@@ -711,7 +710,6 @@ void comps_objrtree_unite(COMPS_ObjRTree *rt1, COMPS_ObjRTree *rt2) {
+ //printf("key-part:%s\n", parent_pair->key);
+ free(it);
+
+- //pair->added = 0;
+ for (it = tmp_subnodes->first; it != NULL; it=it->next) {
+ pair = malloc(sizeof(struct Pair));
+ pair->subnodes = ((COMPS_ObjRTreeData*)it->data)->subnodes;
+diff --git a/libcomps/src/comps_radix.c b/libcomps/src/comps_radix.c
+index ada4fda..05dcaf2 100644
+--- a/libcomps/src/comps_radix.c
++++ b/libcomps/src/comps_radix.c
+@@ -529,7 +529,6 @@ void comps_rtree_unite(COMPS_RTree *rt1, COMPS_RTree *rt2) {
+ struct Pair {
+ COMPS_HSList * subnodes;
+ char * key;
+- char added;
+ } *pair, *parent_pair;
+
+ pair = malloc(sizeof(struct Pair));
+--
+2.22.0
+
diff --git a/meta/recipes-devtools/libcomps/libcomps_git.bb b/meta/recipes-devtools/libcomps/libcomps_git.bb
index e69bf67729..b657f3377c 100644
--- a/meta/recipes-devtools/libcomps/libcomps_git.bb
+++ b/meta/recipes-devtools/libcomps/libcomps_git.bb
@@ -6,6 +6,7 @@ SRC_URI = "git://github.com/rpm-software-management/libcomps.git \
file://0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \
file://0002-Set-library-installation-path-correctly.patch \
file://0001-Make-__comps_objmrtree_all-static-inline.patch \
+ file://CVE-2019-3817.patch \
"
PV = "0.1.8+git${SRCPV}"
diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils/0001-opkg-make-index-use-ctime-instead-of-mtime.patch b/meta/recipes-devtools/opkg-utils/opkg-utils/0001-opkg-make-index-use-ctime-instead-of-mtime.patch
new file mode 100644
index 0000000000..19778acd2b
--- /dev/null
+++ b/meta/recipes-devtools/opkg-utils/opkg-utils/0001-opkg-make-index-use-ctime-instead-of-mtime.patch
@@ -0,0 +1,59 @@
+From 0cd38bb1bdcdbfc091014a1f39d015a1586a33e6 Mon Sep 17 00:00:00 2001
+From: Stefan Agner <stefan.agner@toradex.com>
+Date: Fri, 19 Oct 2018 17:38:21 +0200
+Subject: [PATCH] opkg-make-index: use ctime instead of mtime
+
+Upstream-Status: Backport
+
+When using sstate, two parallel builds can produce two packages
+with the same mtime but different checksums. When later one of
+those two builds fetches the others ipk, the package index does
+not get udpated properly (since mtime matches). This ends up with
+messages such as:
+ Downloading file:/../tmp/work/../image/...ipk.
+ Removing corrupt package file /../sysroot/../var/cache/opkg/volatile/...ipk
+
+However, in that case, ctime is different. Use ctime instead of
+mtime to prevent failures like this.
+
+Suggested-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
+Acked-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Acked-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
+Signed-off-by: Ming Liu <liu.ming50@gmail.com>
+---
+ opkg-make-index | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/opkg-make-index b/opkg-make-index
+index 3227fc0..db7bf64 100755
+--- a/opkg-make-index
++++ b/opkg-make-index
+@@ -115,12 +115,12 @@ for abspath in files:
+ pkg = None
+ fnameStat = os.stat(abspath)
+ if filename in old_pkg_hash:
+- if filename in pkgsStamps and int(fnameStat.st_mtime) == pkgsStamps[filename]:
++ if filename in pkgsStamps and int(fnameStat.st_ctime) == pkgsStamps[filename]:
+ if (verbose):
+ sys.stderr.write("Found %s in Packages\n" % (filename,))
+ pkg = old_pkg_hash[filename]
+ else:
+- sys.stderr.write("Found %s in Packages, but mtime differs - re-reading\n" % (filename,))
++ sys.stderr.write("Found %s in Packages, but ctime differs - re-reading\n" % (filename,))
+
+ if not pkg:
+ if (verbose):
+@@ -137,7 +137,7 @@ for abspath in files:
+ else:
+ old_filename = ""
+ s = packages.add_package(pkg, opt_a)
+- pkgsStamps[filename] = fnameStat.st_mtime
++ pkgsStamps[filename] = fnameStat.st_ctime
+ if s == 0:
+ if old_filename:
+ # old package was displaced by newer
+--
+2.7.4
+
diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils_0.3.6.bb b/meta/recipes-devtools/opkg-utils/opkg-utils_0.3.6.bb
index 4c41774c39..41cf11c2dd 100644
--- a/meta/recipes-devtools/opkg-utils/opkg-utils_0.3.6.bb
+++ b/meta/recipes-devtools/opkg-utils/opkg-utils_0.3.6.bb
@@ -14,6 +14,7 @@ SRC_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/${BPN}/snapshot/${BPN}-${PV
file://threaded-xz.patch \
file://pigz.patch \
file://0001-update-alternatives-Fix-link-relocation-support.patch \
+ file://0001-opkg-make-index-use-ctime-instead-of-mtime.patch \
"
SRC_URI_append_class-native = " file://tar_ignore_error.patch"
UPSTREAM_CHECK_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/opkg-utils/refs/"
diff --git a/meta/recipes-devtools/opkg/opkg/0001-libopkg-add-add-ignore-recommends-option.patch b/meta/recipes-devtools/opkg/opkg/0001-libopkg-add-add-ignore-recommends-option.patch
new file mode 100644
index 0000000000..11954e9032
--- /dev/null
+++ b/meta/recipes-devtools/opkg/opkg/0001-libopkg-add-add-ignore-recommends-option.patch
@@ -0,0 +1,260 @@
+From 2eca28b6a37be92e4e835c51872c7df34ec6dedd Mon Sep 17 00:00:00 2001
+From: Quentin Schulz <quentin.schulz@streamunlimited.com>
+Date: Fri, 31 May 2019 17:30:40 +0200
+Subject: [PATCH] [PATCH] libopkg: add --add-ignore-recommends option
+
+Add option to ignore specific recommended packages. On the libsolv
+backed, this feature will only work on libsolv version > 0.7.2 [1].
+
+[1] https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openSUSE_libsolv_issues_254&d=DwIBaQ&c=I_0YwoKy7z5LMTVdyO6YCiE2uzI1jjZZuIPelcSjixA&r=wNcrL2akRn6jfxhHaKavUrJB_C9JAMXtynjLd8ZzgXQ&m=GObNHzFJpWpf_PripIrf-K2RhsktYdAUEieAJexXOKw&s=3G-meChUqClFggFPqsrAxIZBfLnRKIHm62Uuy1X6nQQ&e=
+
+Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
+Signed-off-by: Quentin Schulz <quentin.schulz@streamunlimited.com>
+
+Upstream-Status: Backport
+---
+ libopkg/opkg_conf.c | 2 +
+ libopkg/opkg_conf.h | 1 +
+ .../solvers/internal/pkg_depends_internal.c | 3 +-
+ libopkg/solvers/libsolv/opkg_solver_libsolv.c | 21 ++++++-
+ man/opkg.1.in | 3 +
+ src/opkg.c | 6 ++
+ tests/Makefile | 1 +
+ tests/core/43_add_ignore_recommends.py | 62 +++++++++++++++++++
+ 8 files changed, 97 insertions(+), 2 deletions(-)
+ create mode 100644 tests/core/43_add_ignore_recommends.py
+
+diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c
+index 06880a1..f2330cd 100644
+--- a/libopkg/opkg_conf.c
++++ b/libopkg/opkg_conf.c
+@@ -597,6 +597,7 @@ int opkg_conf_init(void)
+ pkg_dest_list_init(&opkg_config->tmp_dest_list);
+ nv_pair_list_init(&opkg_config->arch_list);
+ str_list_init(&opkg_config->exclude_list);
++ str_list_init(&opkg_config->ignore_recommends_list);
+
+ return 0;
+ }
+@@ -938,6 +939,7 @@ void opkg_conf_deinit(void)
+ pkg_dest_list_deinit(&opkg_config->pkg_dest_list);
+ nv_pair_list_deinit(&opkg_config->arch_list);
+ str_list_deinit(&opkg_config->exclude_list);
++ str_list_deinit(&opkg_config->ignore_recommends_list);
+
+ if (opkg_config->verbosity >= DEBUG) {
+ hash_print_stats(&opkg_config->pkg_hash);
+diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h
+index dc11516..fc42de3 100644
+--- a/libopkg/opkg_conf.h
++++ b/libopkg/opkg_conf.h
+@@ -61,6 +61,7 @@ typedef struct opkg_conf {
+ pkg_dest_list_t tmp_dest_list;
+ nv_pair_list_t arch_list;
+ str_list_t exclude_list;
++ str_list_t ignore_recommends_list;
+
+ int restrict_to_default_dest;
+ pkg_dest_t *default_dest;
+diff --git a/libopkg/solvers/internal/pkg_depends_internal.c b/libopkg/solvers/internal/pkg_depends_internal.c
+index cd56d84..5deee70 100644
+--- a/libopkg/solvers/internal/pkg_depends_internal.c
++++ b/libopkg/solvers/internal/pkg_depends_internal.c
+@@ -228,7 +228,8 @@ int pkg_hash_fetch_unsatisfied_dependencies(pkg_t *pkg,
+ || compound_depend->type == SUGGEST)
+ && (satisfying_pkg->state_want == SW_DEINSTALL
+ || satisfying_pkg->state_want == SW_PURGE
+- || opkg_config->no_install_recommends);
++ || opkg_config->no_install_recommends
++ || str_list_contains(&opkg_config->ignore_recommends_list, satisfying_pkg->name));
+ if (ignore) {
+ opkg_msg(NOTICE,
+ "%s: ignoring recommendation for "
+diff --git a/libopkg/solvers/libsolv/opkg_solver_libsolv.c b/libopkg/solvers/libsolv/opkg_solver_libsolv.c
+index bf0b72c..ea00a37 100644
+--- a/libopkg/solvers/libsolv/opkg_solver_libsolv.c
++++ b/libopkg/solvers/libsolv/opkg_solver_libsolv.c
+@@ -484,6 +484,7 @@ static void pkg2solvable(pkg_t *pkg, Solvable *solvable_out)
+ static void populate_installed_repo(libsolv_solver_t *libsolv_solver)
+ {
+ int i;
++ Id what;
+
+ pkg_vec_t *installed_pkgs = pkg_vec_alloc();
+
+@@ -507,6 +508,15 @@ static void populate_installed_repo(libsolv_solver_t *libsolv_solver)
+ /* set solvable attributes */
+ pkg2solvable(pkg, solvable);
+
++ /* if the package is in ignore-recommends-list, disfavor installation */
++ if (str_list_contains(&opkg_config->ignore_recommends_list, pkg->name)) {
++ opkg_message(NOTICE, "Disfavor package: %s\n",
++ pkg->name);
++ what = pool_str2id(libsolv_solver->pool, pkg->name, 1);
++ queue_push2(&libsolv_solver->solver_jobs, SOLVER_SOLVABLE_NAME
++ | SOLVER_DISFAVOR, what);
++ }
++
+ /* if the package is not autoinstalled, mark it as user installed */
+ if (!pkg->auto_installed)
+ queue_push2(&libsolv_solver->solver_jobs, SOLVER_SOLVABLE
+@@ -533,7 +543,7 @@ static void populate_available_repos(libsolv_solver_t *libsolv_solver)
+ {
+ int i;
+ Solvable *solvable;
+- Id solvable_id;
++ Id solvable_id, what;
+
+ pkg_vec_t *available_pkgs = pkg_vec_alloc();
+
+@@ -602,6 +612,15 @@ static void populate_available_repos(libsolv_solver_t *libsolv_solver)
+ solvable = pool_id2solvable(libsolv_solver->pool, solvable_id);
+ pkg2solvable(pkg, solvable);
+
++ /* if the package is in ignore-recommends-list, disfavor installation */
++ if (str_list_contains(&opkg_config->ignore_recommends_list, pkg->name)) {
++ opkg_message(NOTICE, "Disfavor package: %s\n",
++ pkg->name);
++ what = pool_str2id(libsolv_solver->pool, pkg->name, 1);
++ queue_push2(&libsolv_solver->solver_jobs, SOLVER_SOLVABLE_NAME
++ | SOLVER_DISFAVOR, what);
++ }
++
+ /* if the --force-depends option is specified make dependencies weak */
+ if (opkg_config->force_depends)
+ queue_push2(&libsolv_solver->solver_jobs, SOLVER_SOLVABLE
+diff --git a/man/opkg.1.in b/man/opkg.1.in
+index 026fb15..c0d4bf3 100644
+--- a/man/opkg.1.in
++++ b/man/opkg.1.in
+@@ -143,6 +143,9 @@ conjunction with \fB\--dest\fP
+ \fB\--add-arch <\fIarch\fP>:<\fIprio\fP>\fR
+ Register the package architecture \fIarch\fP with the numeric
+ priority \fIprio\fP. Lower priorities take precedence.
++.TP
++\fB\--add-ignore-recommends <\fIname\fP>\fR
++Register package to be ignored as a recomendee
+ .SS FORCE OPTIONS
+ .TP
+ \fB\--force-depends \fR
+diff --git a/src/opkg.c b/src/opkg.c
+index f23467d..5181065 100644
+--- a/src/opkg.c
++++ b/src/opkg.c
+@@ -51,6 +51,7 @@ enum {
+ ARGS_OPT_ADD_DEST,
+ ARGS_OPT_SIZE,
+ ARGS_OPT_ADD_EXCLUDE,
++ ARGS_OPT_ADD_IGNORE_RECOMMENDS,
+ ARGS_OPT_NOACTION,
+ ARGS_OPT_DOWNLOAD_ONLY,
+ ARGS_OPT_NODEPS,
+@@ -110,6 +111,7 @@ static struct option long_options[] = {
+ {"add-dest", 1, 0, ARGS_OPT_ADD_DEST},
+ {"size", 0, 0, ARGS_OPT_SIZE},
+ {"add-exclude", 1, 0, ARGS_OPT_ADD_EXCLUDE},
++ {"add-ignore-recommends", 1, 0, ARGS_OPT_ADD_IGNORE_RECOMMENDS},
+ {"test", 0, 0, ARGS_OPT_NOACTION},
+ {"tmp-dir", 1, 0, 't'},
+ {"tmp_dir", 1, 0, 't'},
+@@ -235,6 +237,9 @@ static int args_parse(int argc, char *argv[])
+ case ARGS_OPT_ADD_EXCLUDE:
+ str_list_append(&opkg_config->exclude_list, optarg);
+ break;
++ case ARGS_OPT_ADD_IGNORE_RECOMMENDS:
++ str_list_append(&opkg_config->ignore_recommends_list, optarg);
++ break;
+ case ARGS_OPT_SIZE:
+ opkg_config->size = 1;
+ break;
+@@ -335,6 +340,7 @@ static void usage()
+ printf("\t--add-arch <arch>:<prio> Register architecture with given priority\n");
+ printf("\t--add-dest <name>:<path> Register destination with given path\n");
+ printf("\t--add-exclude <name> Register package to be excluded from install\n");
++ printf("\t--add-ignore-recommends <name> Register package to be ignored as a recomendee\n");
+ printf("\t--prefer-arch-to-version Use the architecture priority package rather\n");
+ printf("\t than the higher version one if more\n");
+ printf("\t than one candidate is found.\n");
+diff --git a/tests/Makefile b/tests/Makefile
+index 148c844..ddf027f 100644
+--- a/tests/Makefile
++++ b/tests/Makefile
+@@ -38,6 +38,7 @@ REGRESSION_TESTS := core/01_install.py \
+ core/37_globs.py \
+ core/38_install_constrained_version.py \
+ core/39_distupgrade.py \
++ core/43_add_ignore_recommends.py \
+ regress/issue26.py \
+ regress/issue31.py \
+ regress/issue32.py \
+diff --git a/tests/core/43_add_ignore_recommends.py b/tests/core/43_add_ignore_recommends.py
+new file mode 100644
+index 0000000..7da0096
+--- /dev/null
++++ b/tests/core/43_add_ignore_recommends.py
+@@ -0,0 +1,62 @@
++#! /usr/bin/env python3
++#
++# Create package 'a' (1.0) which Recommends 'c'.
++# Install 'a' with --add-ignore-recommends 'c'.
++# Check that only 'a' (1.0) is installed.
++# Create package 'b' which Depends on 'c'.
++# Install 'a' & 'b', with --add-ignore-recommends 'c'.
++# Verify that 'a','b' & 'c' are installed.
++# Uninstall 'b' & 'c'.
++# Create package 'a' (2.0), which Recommends 'c'.
++# Upgrade 'a' with --add-ignore-recommends 'c'
++# Verify that only 'a' (2.0) is installed
++#
++
++import os
++import opk, cfg, opkgcl
++
++opk.regress_init()
++o = opk.OpkGroup()
++
++o.add(Package='a', Recommends='c', Version='1.0')
++o.add(Package='b', Depends='c')
++o.add(Package='c')
++o.write_opk()
++o.write_list()
++
++opkgcl.update()
++
++opkgcl.install('a', '--add-ignore-recommends c')
++
++if not opkgcl.is_installed('a'):
++ opk.fail("Package 'a' installed but reports as not installed.")
++
++if opkgcl.is_installed('c'):
++ opk.xfail("[libsolv<0.7.3] Package 'c' should not have been installed since it was in --add-ignore-recommends.")
++
++opkgcl.remove('a')
++opkgcl.install('a b', '--add-ignore-recommends c')
++
++if not opkgcl.is_installed('a'):
++ opk.fail("Package 'a' installed but reports as not installed.")
++
++if not opkgcl.is_installed('b'):
++ opk.fail("Package 'b' installed but reports as not installed.")
++
++if not opkgcl.is_installed('c'):
++ opk.fail("Package 'c' should have been installed since 'b' depends on it.")
++
++opkgcl.remove('b c', '--force-depends')
++o.add(Package='a', Recommends='c', Version='2.0')
++o.write_opk()
++o.write_list()
++
++opkgcl.update()
++
++opkgcl.upgrade('a', '--add-ignore-recommends c')
++
++if not opkgcl.is_installed('a', '2.0'):
++ opk.fail("Package 'a (2.0)' installed but reports as not installed.")
++
++if opkgcl.is_installed('c'):
++ opk.fail("Package 'c' should not have been installed since it was in --add-ignore-recommends.")
+--
+2.17.1
+
diff --git a/meta/recipes-devtools/opkg/opkg_0.3.6.bb b/meta/recipes-devtools/opkg/opkg_0.3.6.bb
index 6ebd58b967..b26d30b571 100644
--- a/meta/recipes-devtools/opkg/opkg_0.3.6.bb
+++ b/meta/recipes-devtools/opkg/opkg_0.3.6.bb
@@ -15,6 +15,7 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz
file://opkg.conf \
file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \
file://0001-remove_maintainer_scripts-use-strict-matching.patch \
+ file://0001-libopkg-add-add-ignore-recommends-option.patch \
"
SRC_URI[md5sum] = "79e04307f6f54db431c251772d7d987c"
diff --git a/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch b/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch
new file mode 100644
index 0000000000..9891526e4e
--- /dev/null
+++ b/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch
@@ -0,0 +1,93 @@
+From 7f770b9c20da1a192dad8cb572a6391f2773285a Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Thu, 3 May 2018 14:31:55 +0200
+Subject: [PATCH 1/2] Don't leak temporary file on failed ed-style patch
+
+Now that we write ed-style patches to a temporary file before we
+apply them, we need to ensure that the temporary file is removed
+before we leave, even on fatal error.
+
+* src/pch.c (do_ed_script): Use global TMPEDNAME instead of local
+ tmpname. Don't unlink the file directly, instead tag it for removal
+ at exit time.
+* src/patch.c (cleanup): Unlink TMPEDNAME at exit.
+
+This closes bug #53820:
+https://savannah.gnu.org/bugs/index.php?53820
+
+Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
+
+Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=19599883ffb6a450d2884f081f8ecf68edbed7ee]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ src/common.h | 2 ++
+ src/pch.c | 12 +++++-------
+ 2 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/common.h b/src/common.h
+index ec50b40..22238b5 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -94,10 +94,12 @@ XTERN char const *origsuff;
+ XTERN char const * TMPINNAME;
+ XTERN char const * TMPOUTNAME;
+ XTERN char const * TMPPATNAME;
++XTERN char const * TMPEDNAME;
+
+ XTERN bool TMPINNAME_needs_removal;
+ XTERN bool TMPOUTNAME_needs_removal;
+ XTERN bool TMPPATNAME_needs_removal;
++XTERN bool TMPEDNAME_needs_removal;
+
+ #ifdef DEBUGGING
+ XTERN int debug;
+diff --git a/src/pch.c b/src/pch.c
+index 16e001a..c1a62cf 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2392,7 +2392,6 @@ do_ed_script (char const *inname, char const *outname,
+ file_offset beginning_of_this_line;
+ size_t chars_read;
+ FILE *tmpfp = 0;
+- char const *tmpname;
+ int tmpfd;
+ pid_t pid;
+
+@@ -2404,12 +2403,13 @@ do_ed_script (char const *inname, char const *outname,
+ invalid commands and treats the next line as a new command, which
+ can lead to arbitrary command execution. */
+
+- tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
++ tmpfd = make_tempfile (&TMPEDNAME, 'e', NULL, O_RDWR | O_BINARY, 0);
+ if (tmpfd == -1)
+- pfatal ("Can't create temporary file %s", quotearg (tmpname));
++ pfatal ("Can't create temporary file %s", quotearg (TMPEDNAME));
++ TMPEDNAME_needs_removal = true;
+ tmpfp = fdopen (tmpfd, "w+b");
+ if (! tmpfp)
+- pfatal ("Can't open stream for file %s", quotearg (tmpname));
++ pfatal ("Can't open stream for file %s", quotearg (TMPEDNAME));
+ }
+
+ for (;;) {
+@@ -2449,8 +2449,7 @@ do_ed_script (char const *inname, char const *outname,
+ write_fatal ();
+
+ if (lseek (tmpfd, 0, SEEK_SET) == -1)
+- pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
+-
++ pfatal ("Can't rewind to the beginning of file %s", quotearg (TMPEDNAME));
+ if (! dry_run && ! skip_rest_of_patch) {
+ int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+ *outname_needs_removal = true;
+@@ -2482,7 +2481,6 @@ do_ed_script (char const *inname, char const *outname,
+ }
+
+ fclose (tmpfp);
+- safe_unlink (tmpname);
+
+ if (ofp)
+ {
+--
+2.17.0
+
diff --git a/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch b/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch
new file mode 100644
index 0000000000..d6a219a1b1
--- /dev/null
+++ b/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch
@@ -0,0 +1,80 @@
+From 369dcccdfa6336e5a873d6d63705cfbe04c55727 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Mon, 7 May 2018 15:14:45 +0200
+Subject: Don't leak temporary file on failed multi-file ed-style patch
+
+The previous fix worked fine with single-file ed-style patches, but
+would still leak temporary files in the case of multi-file ed-style
+patch. Fix that case as well, and extend the test case to check for
+it.
+
+* src/patch.c (main): Unlink TMPEDNAME if needed before moving to
+ the next file in a patch.
+
+This closes bug #53820:
+https://savannah.gnu.org/bugs/index.php?53820
+
+Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
+Fixes: 19599883ffb6 ("Don't leak temporary file on failed ed-style patch")
+
+Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=369dcccdfa6336e5a873d6d63705cfbe04c55727]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ src/patch.c | 1 +
+ tests/ed-style | 31 +++++++++++++++++++++++++++++++
+ 2 files changed, 32 insertions(+)
+
+diff --git a/src/patch.c b/src/patch.c
+index 9146597..81c7a02 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -236,6 +236,7 @@ main (int argc, char **argv)
+ }
+ remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
+ }
++ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
+
+ if (! skip_rest_of_patch && ! file_type)
+ {
+diff --git a/tests/ed-style b/tests/ed-style
+index 6b6ef9d..504e6e5 100644
+--- a/tests/ed-style
++++ b/tests/ed-style
+@@ -38,3 +38,34 @@ EOF
+ check 'cat foo' <<EOF
+ foo
+ EOF
++
++# Test the case where one ed-style patch modifies several files
++
++cat > ed3.diff <<EOF
++--- foo
+++++ foo
++1c
++bar
++.
++--- baz
+++++ baz
++0a
++baz
++.
++EOF
++
++# Apparently we can't create a file with such a patch, while it works fine
++# when the file name is provided on the command line
++cat > baz <<EOF
++EOF
++
++check 'patch -e -i ed3.diff' <<EOF
++EOF
++
++check 'cat foo' <<EOF
++bar
++EOF
++
++check 'cat baz' <<EOF
++baz
++EOF
+--
+cgit v1.0-41-gc330
+
diff --git a/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
new file mode 100644
index 0000000000..f60dfe879a
--- /dev/null
+++ b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
@@ -0,0 +1,44 @@
+From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 6 Apr 2018 19:36:15 +0200
+Subject: [PATCH] Invoke ed directly instead of using the shell
+
+* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
+command to avoid quoting vulnerabilities.
+
+CVE: CVE-2019-13638
+Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0]
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
+
+---
+ src/pch.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+
+diff --git a/src/pch.c b/src/pch.c
+index 4fd5a05..16e001a 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
+ *outname_needs_removal = true;
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ }
+- sprintf (buf, "%s %s%s", editor_program,
+- verbosity == VERBOSE ? "" : "- ",
+- outname);
+ fflush (stdout);
+
+ pid = fork();
+@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
+ else if (pid == 0)
+ {
+ dup2 (tmpfd, 0);
+- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++ assert (outname[0] != '!' && outname[0] != '-');
++ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
+ _exit (2);
+ }
+ else
+--
+2.7.4
+
diff --git a/meta/recipes-devtools/patch/patch/CVE-2019-13636.patch b/meta/recipes-devtools/patch/patch/CVE-2019-13636.patch
new file mode 100644
index 0000000000..9f8b6db0b9
--- /dev/null
+++ b/meta/recipes-devtools/patch/patch/CVE-2019-13636.patch
@@ -0,0 +1,113 @@
+From dce4683cbbe107a95f1f0d45fabc304acfb5d71a Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Mon, 15 Jul 2019 16:21:48 +0200
+Subject: Don't follow symlinks unless --follow-symlinks is given
+
+* src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file,
+append_to_file): Unless the --follow-symlinks option is given, open files with
+the O_NOFOLLOW flag to avoid following symlinks. So far, we were only doing
+that consistently for input files.
+* src/util.c (create_backup): When creating empty backup files, (re)create them
+with O_CREAT | O_EXCL to avoid following symlinks in that case as well.
+
+CVE: CVE-2019-13636
+Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+---
+ src/inp.c | 12 ++++++++++--
+ src/util.c | 14 +++++++++++---
+ 2 files changed, 21 insertions(+), 5 deletions(-)
+
+diff --git a/src/inp.c b/src/inp.c
+index 32d0919..22d7473 100644
+--- a/src/inp.c
++++ b/src/inp.c
+@@ -238,8 +238,13 @@ plan_a (char const *filename)
+ {
+ if (S_ISREG (instat.st_mode))
+ {
+- int ifd = safe_open (filename, O_RDONLY|binary_transput, 0);
++ int flags = O_RDONLY | binary_transput;
+ size_t buffered = 0, n;
++ int ifd;
++
++ if (! follow_symlinks)
++ flags |= O_NOFOLLOW;
++ ifd = safe_open (filename, flags, 0);
+ if (ifd < 0)
+ pfatal ("can't open file %s", quotearg (filename));
+
+@@ -340,6 +345,7 @@ plan_a (char const *filename)
+ static void
+ plan_b (char const *filename)
+ {
++ int flags = O_RDONLY | binary_transput;
+ int ifd;
+ FILE *ifp;
+ int c;
+@@ -353,7 +359,9 @@ plan_b (char const *filename)
+
+ if (instat.st_size == 0)
+ filename = NULL_DEVICE;
+- if ((ifd = safe_open (filename, O_RDONLY | binary_transput, 0)) < 0
++ if (! follow_symlinks)
++ flags |= O_NOFOLLOW;
++ if ((ifd = safe_open (filename, flags, 0)) < 0
+ || ! (ifp = fdopen (ifd, binary_transput ? "rb" : "r")))
+ pfatal ("Can't open file %s", quotearg (filename));
+ if (TMPINNAME_needs_removal)
+diff --git a/src/util.c b/src/util.c
+index 1cc08ba..fb38307 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -388,7 +388,7 @@ create_backup (char const *to, const struct stat *to_st, bool leave_original)
+
+ try_makedirs_errno = ENOENT;
+ safe_unlink (bakname);
+- while ((fd = safe_open (bakname, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0)
++ while ((fd = safe_open (bakname, O_CREAT | O_EXCL | O_WRONLY | O_TRUNC, 0666)) < 0)
+ {
+ if (errno != try_makedirs_errno)
+ pfatal ("Can't create file %s", quotearg (bakname));
+@@ -579,10 +579,13 @@ create_file (char const *file, int open_flags, mode_t mode,
+ static void
+ copy_to_fd (const char *from, int tofd)
+ {
++ int from_flags = O_RDONLY | O_BINARY;
+ int fromfd;
+ ssize_t i;
+
+- if ((fromfd = safe_open (from, O_RDONLY | O_BINARY, 0)) < 0)
++ if (! follow_symlinks)
++ from_flags |= O_NOFOLLOW;
++ if ((fromfd = safe_open (from, from_flags, 0)) < 0)
+ pfatal ("Can't reopen file %s", quotearg (from));
+ while ((i = read (fromfd, buf, bufsize)) != 0)
+ {
+@@ -625,6 +628,8 @@ copy_file (char const *from, char const *to, struct stat *tost,
+ else
+ {
+ assert (S_ISREG (mode));
++ if (! follow_symlinks)
++ to_flags |= O_NOFOLLOW;
+ tofd = create_file (to, O_WRONLY | O_BINARY | to_flags, mode,
+ to_dir_known_to_exist);
+ copy_to_fd (from, tofd);
+@@ -640,9 +645,12 @@ copy_file (char const *from, char const *to, struct stat *tost,
+ void
+ append_to_file (char const *from, char const *to)
+ {
++ int to_flags = O_WRONLY | O_APPEND | O_BINARY;
+ int tofd;
+
+- if ((tofd = safe_open (to, O_WRONLY | O_BINARY | O_APPEND, 0)) < 0)
++ if (! follow_symlinks)
++ to_flags |= O_NOFOLLOW;
++ if ((tofd = safe_open (to, to_flags, 0)) < 0)
+ pfatal ("Can't reopen file %s", quotearg (to));
+ copy_to_fd (from, tofd);
+ if (close (tofd) != 0)
+--
+cgit v1.0-41-gc330
+
diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb b/meta/recipes-devtools/patch/patch_2.7.6.bb
index 85b0db7333..5d7f55f8dc 100644
--- a/meta/recipes-devtools/patch/patch_2.7.6.bb
+++ b/meta/recipes-devtools/patch/patch_2.7.6.bb
@@ -6,6 +6,10 @@ SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
file://0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch \
file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \
file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \
+ file://CVE-2019-13636.patch \
+ file://0001-Invoke-ed-directly-instead-of-using-the-shell.patch \
+ file://0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch \
+ file://0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch \
"
SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600"
diff --git a/meta/recipes-devtools/perl/perl/CVE-2018-18311.patch b/meta/recipes-devtools/perl/perl/CVE-2018-18311.patch
new file mode 100644
index 0000000000..ba8cf151fd
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/CVE-2018-18311.patch
@@ -0,0 +1,183 @@
+From 4706b65d7c835c0bb219db160fbcdbcd98efab2d Mon Sep 17 00:00:00 2001
+From: David Mitchell <davem@iabyn.com>
+Date: Fri, 29 Jun 2018 13:37:03 +0100
+Subject: [PATCH] Perl_my_setenv(); handle integer wrap
+
+RT #133204
+
+Wean this function off int/I32 and onto UV/Size_t.
+Also, replace all malloc-ish calls with a wrapper that does
+overflow checks,
+
+In particular, it was doing (nlen + vlen + 2) which could wrap when
+the combined length of the environment variable name and value
+exceeded around 0x7fffffff.
+
+The wrapper check function is probably overkill, but belt and braces...
+
+NB this function has several variant parts, #ifdef'ed by platform
+type; I have blindly changed the parts that aren't compiled under linux.
+
+(cherry picked from commit 34716e2a6ee2af96078d62b065b7785c001194be)
+
+CVE: CVE-2018-18311
+Upstream-Status: Backport
+[https://perl5.git.perl.org/perl.git/commit/5737d31aac51360cc1eb412ef059e36147c9d6d6]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ util.c | 76 ++++++++++++++++++++++++++++++++++++++++------------------
+ 1 file changed, 53 insertions(+), 23 deletions(-)
+
+diff --git a/util.c b/util.c
+index 7c3d271f51..27f4eddf3b 100644
+--- a/util.c
++++ b/util.c
+@@ -2160,8 +2160,40 @@ Perl_new_warnings_bitfield(pTHX_ STRLEN *buffer, const char *const bits,
+ *(s+(nlen+1+vlen)) = '\0'
+
+ #ifdef USE_ENVIRON_ARRAY
+- /* VMS' my_setenv() is in vms.c */
++
++/* small wrapper for use by Perl_my_setenv that mallocs, or reallocs if
++ * 'current' is non-null, with up to three sizes that are added together.
++ * It handles integer overflow.
++ */
++static char *
++S_env_alloc(void *current, Size_t l1, Size_t l2, Size_t l3, Size_t size)
++{
++ void *p;
++ Size_t sl, l = l1 + l2;
++
++ if (l < l2)
++ goto panic;
++ l += l3;
++ if (l < l3)
++ goto panic;
++ sl = l * size;
++ if (sl < l)
++ goto panic;
++
++ p = current
++ ? safesysrealloc(current, sl)
++ : safesysmalloc(sl);
++ if (p)
++ return (char*)p;
++
++ panic:
++ croak_memory_wrap();
++}
++
++
++/* VMS' my_setenv() is in vms.c */
+ #if !defined(WIN32) && !defined(NETWARE)
++
+ void
+ Perl_my_setenv(pTHX_ const char *nam, const char *val)
+ {
+@@ -2177,28 +2209,27 @@ Perl_my_setenv(pTHX_ const char *nam, const char *val)
+ #ifndef PERL_USE_SAFE_PUTENV
+ if (!PL_use_safe_putenv) {
+ /* most putenv()s leak, so we manipulate environ directly */
+- I32 i;
+- const I32 len = strlen(nam);
+- int nlen, vlen;
++ UV i;
++ Size_t vlen, nlen = strlen(nam);
+
+ /* where does it go? */
+ for (i = 0; environ[i]; i++) {
+- if (strnEQ(environ[i],nam,len) && environ[i][len] == '=')
++ if (strnEQ(environ[i], nam, nlen) && environ[i][nlen] == '=')
+ break;
+ }
+
+ if (environ == PL_origenviron) { /* need we copy environment? */
+- I32 j;
+- I32 max;
++ UV j, max;
+ char **tmpenv;
+
+ max = i;
+ while (environ[max])
+ max++;
+- tmpenv = (char**)safesysmalloc((max+2) * sizeof(char*));
++ /* XXX shouldn't that be max+1 rather than max+2 ??? - DAPM */
++ tmpenv = (char**)S_env_alloc(NULL, max, 2, 0, sizeof(char*));
+ for (j=0; j<max; j++) { /* copy environment */
+- const int len = strlen(environ[j]);
+- tmpenv[j] = (char*)safesysmalloc((len+1)*sizeof(char));
++ const Size_t len = strlen(environ[j]);
++ tmpenv[j] = S_env_alloc(NULL, len, 1, 0, 1);
+ Copy(environ[j], tmpenv[j], len+1, char);
+ }
+ tmpenv[max] = NULL;
+@@ -2217,15 +2248,15 @@ Perl_my_setenv(pTHX_ const char *nam, const char *val)
+ #endif
+ }
+ if (!environ[i]) { /* does not exist yet */
+- environ = (char**)safesysrealloc(environ, (i+2) * sizeof(char*));
++ environ = (char**)S_env_alloc(environ, i, 2, 0, sizeof(char*));
+ environ[i+1] = NULL; /* make sure it's null terminated */
+ }
+ else
+ safesysfree(environ[i]);
+- nlen = strlen(nam);
++
+ vlen = strlen(val);
+
+- environ[i] = (char*)safesysmalloc((nlen+vlen+2) * sizeof(char));
++ environ[i] = S_env_alloc(NULL, nlen, vlen, 2, 1);
+ /* all that work just for this */
+ my_setenv_format(environ[i], nam, nlen, val, vlen);
+ } else {
+@@ -2250,22 +2281,21 @@ Perl_my_setenv(pTHX_ const char *nam, const char *val)
+ if (environ) /* old glibc can crash with null environ */
+ (void)unsetenv(nam);
+ } else {
+- const int nlen = strlen(nam);
+- const int vlen = strlen(val);
+- char * const new_env =
+- (char*)safesysmalloc((nlen + vlen + 2) * sizeof(char));
++ const Size_t nlen = strlen(nam);
++ const Size_t vlen = strlen(val);
++ char * const new_env = S_env_alloc(NULL, nlen, vlen, 2, 1);
+ my_setenv_format(new_env, nam, nlen, val, vlen);
+ (void)putenv(new_env);
+ }
+ # else /* ! HAS_UNSETENV */
+ char *new_env;
+- const int nlen = strlen(nam);
+- int vlen;
++ const Size_t nlen = strlen(nam);
++ Size_t vlen;
+ if (!val) {
+ val = "";
+ }
+ vlen = strlen(val);
+- new_env = (char*)safesysmalloc((nlen + vlen + 2) * sizeof(char));
++ new_env = S_env_alloc(NULL, nlen, vlen, 2, 1);
+ /* all that work just for this */
+ my_setenv_format(new_env, nam, nlen, val, vlen);
+ (void)putenv(new_env);
+@@ -2288,14 +2318,14 @@ Perl_my_setenv(pTHX_ const char *nam, const char *val)
+ {
+ dVAR;
+ char *envstr;
+- const int nlen = strlen(nam);
+- int vlen;
++ const Size_t nlen = strlen(nam);
++ Size_t vlen;
+
+ if (!val) {
+ val = "";
+ }
+ vlen = strlen(val);
+- Newx(envstr, nlen+vlen+2, char);
++ envstr = S_env_alloc(NULL, nlen, vlen, 2, 1);
+ my_setenv_format(envstr, nam, nlen, val, vlen);
+ (void)PerlEnv_putenv(envstr);
+ Safefree(envstr);
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-devtools/perl/perl/CVE-2018-18312.patch b/meta/recipes-devtools/perl/perl/CVE-2018-18312.patch
new file mode 100644
index 0000000000..1c3426542d
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/CVE-2018-18312.patch
Binary files differ
diff --git a/meta/recipes-devtools/perl/perl/CVE-2018-18313.patch b/meta/recipes-devtools/perl/perl/CVE-2018-18313.patch
new file mode 100644
index 0000000000..540aa073fb
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/CVE-2018-18313.patch
@@ -0,0 +1,60 @@
+From 3458f6115ca8e8d11779948c12b7e1cc5803358c Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Sat, 25 Mar 2017 15:00:22 -0600
+Subject: [PATCH 2/3] regcomp.c: Convert some strchr to memchr
+
+This allows things to work properly in the face of embedded NULs.
+See the branch merge message for more information.
+
+(cherry picked from commit 43b2f4ef399e2fd7240b4eeb0658686ad95f8e62)
+
+CVE: CVE-2018-18313
+Upstream-Status: Backport
+[https://perl5.git.perl.org/perl.git/commit/c1c28ce6ba90ee05aa96b11ad551a6063680f3b9]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ regcomp.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/regcomp.c b/regcomp.c
+index 00d26d9290..2688979882 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -11783,8 +11783,9 @@ S_grok_bslash_N(pTHX_ RExC_state_t *pRExC_state,
+
+ RExC_parse++; /* Skip past the '{' */
+
+- if (! (endbrace = strchr(RExC_parse, '}')) /* no trailing brace */
+- || ! (endbrace == RExC_parse /* nothing between the {} */
++ endbrace = (char *) memchr(RExC_parse, '}', RExC_end - RExC_parse);
++ if ((! endbrace) /* no trailing brace */
++ || ! (endbrace == RExC_parse /* nothing between the {} */
+ || (endbrace - RExC_parse >= 2 /* U+ (bad hex is checked... */
+ && strnEQ(RExC_parse, "U+", 2)))) /* ... below for a better
+ error msg) */
+@@ -12483,9 +12484,11 @@ S_regatom(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth)
+ else {
+ STRLEN length;
+ char name = *RExC_parse;
+- char * endbrace;
++ char * endbrace = NULL;
+ RExC_parse += 2;
+- endbrace = strchr(RExC_parse, '}');
++ if (RExC_parse < RExC_end) {
++ endbrace = (char *) memchr(RExC_parse, '}', RExC_end - RExC_parse);
++ }
+
+ if (! endbrace) {
+ vFAIL2("Missing right brace on \\%c{}", name);
+@@ -15939,7 +15942,7 @@ S_regclass(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth,
+ vFAIL2("Empty \\%c", (U8)value);
+ if (*RExC_parse == '{') {
+ const U8 c = (U8)value;
+- e = strchr(RExC_parse, '}');
++ e = (char *) memchr(RExC_parse, '}', RExC_end - RExC_parse);
+ if (!e) {
+ RExC_parse++;
+ vFAIL2("Missing right brace on \\%c{}", c);
+--
+2.22.0.vfs.1.1.57.gbaf16c8
diff --git a/meta/recipes-devtools/perl/perl/CVE-2018-18314.patch b/meta/recipes-devtools/perl/perl/CVE-2018-18314.patch
new file mode 100644
index 0000000000..e84e7bc4e4
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/CVE-2018-18314.patch
@@ -0,0 +1,271 @@
+From 6a2d07f43ae7cfcb2eb30cf39751f2f7fed7ecc1 Mon Sep 17 00:00:00 2001
+From: Yves Orton <demerphq@gmail.com>
+Date: Mon, 26 Jun 2017 13:19:55 +0200
+Subject: [PATCH 3/3] fix #131649 - extended charclass can trigger assert
+
+The extended charclass parser makes some assumptions during the
+first pass which are only true on well structured input, and it
+does not properly catch various errors. later on the code assumes
+that things the first pass will let through are valid, when in
+fact they should trigger errors.
+
+(cherry picked from commit 19a498a461d7c81ae3507c450953d1148efecf4f)
+
+CVE: CVE-2018-18314
+Upstream-Status: Backport
+[https://perl5.git.perl.org/perl.git/commit/dabe076af345ab4512ea80245b4e4cd7ec0996cd]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ pod/perldiag.pod | 27 ++++++++++++++++++++++++++-
+ pod/perlrecharclass.pod | 4 ++--
+ regcomp.c | 23 +++++++++++++----------
+ t/lib/warnings/regcomp | 6 +++---
+ t/re/reg_mesg.t | 29 ++++++++++++++++-------------
+ t/re/regex_sets.t | 6 +++---
+ 6 files changed, 63 insertions(+), 32 deletions(-)
+
+diff --git a/pod/perldiag.pod b/pod/perldiag.pod
+index 737d3633f6..644b814008 100644
+--- a/pod/perldiag.pod
++++ b/pod/perldiag.pod
+@@ -5777,7 +5777,7 @@ yourself.
+ a perl4 interpreter, especially if the next 2 tokens are "use strict"
+ or "my $var" or "our $var".
+
+-=item Syntax error in (?[...]) in regex m/%s/
++=item Syntax error in (?[...]) in regex; marked by <-- HERE in m/%s/
+
+ (F) Perl could not figure out what you meant inside this construct; this
+ notifies you that it is giving up trying.
+@@ -6153,6 +6153,31 @@ for example,
+ (F) The unexec() routine failed for some reason. See your local FSF
+ representative, who probably put it there in the first place.
+
++=item Unexpected ']' with no following ')' in (?[... in regex; marked by <-- HERE in m/%s/
++
++(F) While parsing an extended character class a ']' character was encountered
++at a point in the definition where the only legal use of ']' is to close the
++character class definition as part of a '])', you may have forgotten the close
++paren, or otherwise confused the parser.
++
++=item Expecting close paren for nested extended charclass in regex; marked by <-- HERE in m/%s/
++
++(F) While parsing a nested extended character class like:
++
++ (?[ ... (?flags:(?[ ... ])) ... ])
++ ^
++
++we expected to see a close paren ')' (marked by ^) but did not.
++
++=item Expecting close paren for wrapper for nested extended charclass in regex; marked by <-- HERE in m/%s/
++
++(F) While parsing a nested extended character class like:
++
++ (?[ ... (?flags:(?[ ... ])) ... ])
++ ^
++
++we expected to see a close paren ')' (marked by ^) but did not.
++
+ =item Unexpected binary operator '%c' with no preceding operand in regex;
+ marked by S<<-- HERE> in m/%s/
+
+diff --git a/pod/perlrecharclass.pod b/pod/perlrecharclass.pod
+index 89f4a7ef3f..a557cc0384 100644
+--- a/pod/perlrecharclass.pod
++++ b/pod/perlrecharclass.pod
+@@ -1101,8 +1101,8 @@ hence both of the following work:
+ Any contained POSIX character classes, including things like C<\w> and C<\D>
+ respect the C<E<sol>a> (and C<E<sol>aa>) modifiers.
+
+-C<< (?[ ]) >> is a regex-compile-time construct. Any attempt to use
+-something which isn't knowable at the time the containing regular
++Note that C<< (?[ ]) >> is a regex-compile-time construct. Any attempt
++to use something which isn't knowable at the time the containing regular
+ expression is compiled is a fatal error. In practice, this means
+ just three limitations:
+
+diff --git a/regcomp.c b/regcomp.c
+index 2688979882..cb8409ed27 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -14609,8 +14609,9 @@ S_handle_regex_sets(pTHX_ RExC_state_t *pRExC_state, SV** return_invlist,
+ TRUE /* Force /x */ );
+
+ switch (*RExC_parse) {
+- case '?':
+- if (RExC_parse[1] == '[') depth++, RExC_parse++;
++ case '(':
++ if (RExC_parse[1] == '?' && RExC_parse[2] == '[')
++ depth++, RExC_parse+=2;
+ /* FALLTHROUGH */
+ default:
+ break;
+@@ -14667,9 +14668,9 @@ S_handle_regex_sets(pTHX_ RExC_state_t *pRExC_state, SV** return_invlist,
+ }
+
+ case ']':
+- if (depth--) break;
+- RExC_parse++;
+- if (*RExC_parse == ')') {
++ if (RExC_parse[1] == ')') {
++ RExC_parse++;
++ if (depth--) break;
+ node = reganode(pRExC_state, ANYOF, 0);
+ RExC_size += ANYOF_SKIP;
+ nextchar(pRExC_state);
+@@ -14681,20 +14682,20 @@ S_handle_regex_sets(pTHX_ RExC_state_t *pRExC_state, SV** return_invlist,
+
+ return node;
+ }
+- goto no_close;
++ RExC_parse++;
++ vFAIL("Unexpected ']' with no following ')' in (?[...");
+ }
+
+ RExC_parse += UTF ? UTF8SKIP(RExC_parse) : 1;
+ }
+
+- no_close:
+ /* We output the messages even if warnings are off, because we'll fail
+ * the very next thing, and these give a likely diagnosis for that */
+ if (posix_warnings && av_tindex_nomg(posix_warnings) >= 0) {
+ output_or_return_posix_warnings(pRExC_state, posix_warnings, NULL);
+ }
+
+- FAIL("Syntax error in (?[...])");
++ vFAIL("Syntax error in (?[...])");
+ }
+
+ /* Pass 2 only after this. */
+@@ -14868,12 +14869,14 @@ redo_curchar:
+ * inversion list, and RExC_parse points to the trailing
+ * ']'; the next character should be the ')' */
+ RExC_parse++;
+- assert(UCHARAT(RExC_parse) == ')');
++ if (UCHARAT(RExC_parse) != ')')
++ vFAIL("Expecting close paren for nested extended charclass");
+
+ /* Then the ')' matching the original '(' handled by this
+ * case: statement */
+ RExC_parse++;
+- assert(UCHARAT(RExC_parse) == ')');
++ if (UCHARAT(RExC_parse) != ')')
++ vFAIL("Expecting close paren for wrapper for nested extended charclass");
+
+ RExC_flags = save_flags;
+ goto handle_operand;
+diff --git a/t/lib/warnings/regcomp b/t/lib/warnings/regcomp
+index 08cb27b00f..367276d0fc 100644
+--- a/t/lib/warnings/regcomp
++++ b/t/lib/warnings/regcomp
+@@ -59,21 +59,21 @@ Unmatched [ in regex; marked by <-- HERE in m/abc[ <-- HERE fi[.00./ at - line
+ qr/(?[[[:word]]])/;
+ EXPECT
+ Assuming NOT a POSIX class since there is no terminating ':' in regex; marked by <-- HERE in m/(?[[[:word <-- HERE ]]])/ at - line 2.
+-syntax error in (?[...]) in regex m/(?[[[:word]]])/ at - line 2.
++Unexpected ']' with no following ')' in (?[... in regex; marked by <-- HERE in m/(?[[[:word]] <-- HERE ])/ at - line 2.
+ ########
+ # NAME qr/(?[ [[:digit: ])/
+ # OPTION fatal
+ qr/(?[[[:digit: ])/;
+ EXPECT
+ Assuming NOT a POSIX class since no blanks are allowed in one in regex; marked by <-- HERE in m/(?[[[:digit: ] <-- HERE )/ at - line 2.
+-syntax error in (?[...]) in regex m/(?[[[:digit: ])/ at - line 2.
++syntax error in (?[...]) in regex; marked by <-- HERE in m/(?[[[:digit: ]) <-- HERE / at - line 2.
+ ########
+ # NAME qr/(?[ [:digit: ])/
+ # OPTION fatal
+ qr/(?[[:digit: ])/
+ EXPECT
+ Assuming NOT a POSIX class since no blanks are allowed in one in regex; marked by <-- HERE in m/(?[[:digit: ] <-- HERE )/ at - line 2.
+-syntax error in (?[...]) in regex m/(?[[:digit: ])/ at - line 2.
++syntax error in (?[...]) in regex; marked by <-- HERE in m/(?[[:digit: ]) <-- HERE / at - line 2.
+ ########
+ # NAME [perl #126141]
+ # OPTION fatal
+diff --git a/t/re/reg_mesg.t b/t/re/reg_mesg.t
+index 658397ac27..08a3688e1d 100644
+--- a/t/re/reg_mesg.t
++++ b/t/re/reg_mesg.t
+@@ -202,8 +202,9 @@ my @death =
+ '/\b{gc}/' => "'gc' is an unknown bound type {#} m/\\b{gc{#}}/",
+ '/\B{gc}/' => "'gc' is an unknown bound type {#} m/\\B{gc{#}}/",
+
+- '/(?[[[::]]])/' => "Syntax error in (?[...]) in regex m/(?[[[::]]])/",
+- '/(?[[[:w:]]])/' => "Syntax error in (?[...]) in regex m/(?[[[:w:]]])/",
++
++ '/(?[[[::]]])/' => "Unexpected ']' with no following ')' in (?[... {#} m/(?[[[::]]{#}])/",
++ '/(?[[[:w:]]])/' => "Unexpected ']' with no following ')' in (?[... {#} m/(?[[[:w:]]{#}])/",
+ '/(?[[:w:]])/' => "",
+ '/[][[:alpha:]]' => "", # [perl #127581]
+ '/([.].*)[.]/' => "", # [perl #127582]
+@@ -227,11 +228,12 @@ my @death =
+ '/(?[ \p{foo} ])/' => 'Can\'t find Unicode property definition "foo" {#} m/(?[ \p{foo}{#} ])/',
+ '/(?[ \p{ foo = bar } ])/' => 'Can\'t find Unicode property definition "foo = bar" {#} m/(?[ \p{ foo = bar }{#} ])/',
+ '/(?[ \8 ])/' => 'Unrecognized escape \8 in character class {#} m/(?[ \8{#} ])/',
+- '/(?[ \t ]/' => 'Syntax error in (?[...]) in regex m/(?[ \t ]/',
+- '/(?[ [ \t ]/' => 'Syntax error in (?[...]) in regex m/(?[ [ \t ]/',
+- '/(?[ \t ] ]/' => 'Syntax error in (?[...]) in regex m/(?[ \t ] ]/',
+- '/(?[ [ ] ]/' => 'Syntax error in (?[...]) in regex m/(?[ [ ] ]/',
+- '/(?[ \t + \e # This was supposed to be a comment ])/' => 'Syntax error in (?[...]) in regex m/(?[ \t + \e # This was supposed to be a comment ])/',
++ '/(?[ \t ]/' => "Unexpected ']' with no following ')' in (?[... {#} m/(?[ \\t ]{#}/",
++ '/(?[ [ \t ]/' => "Syntax error in (?[...]) {#} m/(?[ [ \\t ]{#}/",
++ '/(?[ \t ] ]/' => "Unexpected ']' with no following ')' in (?[... {#} m/(?[ \\t ]{#} ]/",
++ '/(?[ [ ] ]/' => "Syntax error in (?[...]) {#} m/(?[ [ ] ]{#}/",
++ '/(?[ \t + \e # This was supposed to be a comment ])/' =>
++ "Syntax error in (?[...]) {#} m/(?[ \\t + \\e # This was supposed to be a comment ]){#}/",
+ '/(?[ ])/' => 'Incomplete expression within \'(?[ ])\' {#} m/(?[ {#}])/',
+ 'm/(?[[a-\d]])/' => 'False [] range "a-\d" {#} m/(?[[a-\d{#}]])/',
+ 'm/(?[[\w-x]])/' => 'False [] range "\w-" {#} m/(?[[\w-{#}x]])/',
+@@ -410,10 +412,10 @@ my @death_utf8 = mark_as_utf8(
+
+ '/ネ\p{}ネ/' => 'Empty \p{} {#} m/ネ\p{{#}}ネ/',
+
+- '/ネ(?[[[:ネ]]])ネ/' => "Syntax error in (?[...]) in regex m/ネ(?[[[:ネ]]])ネ/",
+- '/ネ(?[[[:ネ: ])ネ/' => "Syntax error in (?[...]) in regex m/ネ(?[[[:ネ: ])ネ/",
+- '/ネ(?[[[::]]])ネ/' => "Syntax error in (?[...]) in regex m/ネ(?[[[::]]])ネ/",
+- '/ネ(?[[[:ネ:]]])ネ/' => "Syntax error in (?[...]) in regex m/ネ(?[[[:ネ:]]])ネ/",
++ '/ネ(?[[[:ネ]]])ネ/' => "Unexpected ']' with no following ')' in (?[... {#} m/ネ(?[[[:ネ]]{#}])ネ/",
++ '/ネ(?[[[:ネ: ])ネ/' => "Syntax error in (?[...]) {#} m/ネ(?[[[:ネ: ])ネ{#}/",
++ '/ネ(?[[[::]]])ネ/' => "Unexpected ']' with no following ')' in (?[... {#} m/ネ(?[[[::]]{#}])ネ/",
++ '/ネ(?[[[:ネ:]]])ネ/' => "Unexpected ']' with no following ')' in (?[... {#} m/ネ(?[[[:ネ:]]{#}])ネ/",
+ '/ネ(?[[:ネ:]])ネ/' => "",
+ '/ネ(?[ネ])ネ/' => 'Unexpected character {#} m/ネ(?[ネ{#}])ネ/',
+ '/ネ(?[ + [ネ] ])/' => 'Unexpected binary operator \'+\' with no preceding operand {#} m/ネ(?[ +{#} [ネ] ])/',
+@@ -426,8 +428,9 @@ my @death_utf8 = mark_as_utf8(
+ '/(?[ \x{ネ} ])ネ/' => 'Non-hex character {#} m/(?[ \x{ネ{#}} ])ネ/',
+ '/(?[ \p{ネ} ])/' => 'Can\'t find Unicode property definition "ネ" {#} m/(?[ \p{ネ}{#} ])/',
+ '/(?[ \p{ ネ = bar } ])/' => 'Can\'t find Unicode property definition "ネ = bar" {#} m/(?[ \p{ ネ = bar }{#} ])/',
+- '/ネ(?[ \t ]/' => 'Syntax error in (?[...]) in regex m/ネ(?[ \t ]/',
+- '/(?[ \t + \e # ネ This was supposed to be a comment ])/' => 'Syntax error in (?[...]) in regex m/(?[ \t + \e # ネ This was supposed to be a comment ])/',
++ '/ネ(?[ \t ]/' => "Unexpected ']' with no following ')' in (?[... {#} m/ネ(?[ \\t ]{#}/",
++ '/(?[ \t + \e # ネ This was supposed to be a comment ])/' =>
++ "Syntax error in (?[...]) {#} m/(?[ \\t + \\e # ネ This was supposed to be a comment ]){#}/",
+ 'm/(*ネ)ネ/' => q<Unknown verb pattern 'ネ' {#} m/(*ネ){#}ネ/>,
+ '/\cネ/' => "Character following \"\\c\" must be printable ASCII",
+ '/\b{ネ}/' => "'ネ' is an unknown bound type {#} m/\\b{ネ{#}}/",
+diff --git a/t/re/regex_sets.t b/t/re/regex_sets.t
+index 92875677be..60a126ba3c 100644
+--- a/t/re/regex_sets.t
++++ b/t/re/regex_sets.t
+@@ -157,13 +157,13 @@ for my $char ("٠", "٥", "٩") {
+ eval { $_ = '/(?[(\c]) /'; qr/$_/ };
+ like($@, qr/^Syntax error/, '/(?[(\c]) / should not panic');
+ eval { $_ = '(?[\c#]' . "\n])"; qr/$_/ };
+- like($@, qr/^Syntax error/, '/(?[(\c]) / should not panic');
++ like($@, qr/^Unexpected/, '/(?[(\c]) / should not panic');
+ eval { $_ = '(?[(\c])'; qr/$_/ };
+ like($@, qr/^Syntax error/, '/(?[(\c])/ should be a syntax error');
+ eval { $_ = '(?[(\c]) ]\b'; qr/$_/ };
+- like($@, qr/^Syntax error/, '/(?[(\c]) ]\b/ should be a syntax error');
++ like($@, qr/^Unexpected/, '/(?[(\c]) ]\b/ should be a syntax error');
+ eval { $_ = '(?[\c[]](])'; qr/$_/ };
+- like($@, qr/^Syntax error/, '/(?[\c[]](])/ should be a syntax error');
++ like($@, qr/^Unexpected/, '/(?[\c[]](])/ should be a syntax error');
+ like("\c#", qr/(?[\c#])/, '\c# should match itself');
+ like("\c[", qr/(?[\c[])/, '\c[ should match itself');
+ like("\c\ ", qr/(?[\c\])/, '\c\ should match itself');
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-devtools/perl/perl_5.24.4.bb b/meta/recipes-devtools/perl/perl_5.24.4.bb
index a644970192..2f27749c53 100644
--- a/meta/recipes-devtools/perl/perl_5.24.4.bb
+++ b/meta/recipes-devtools/perl/perl_5.24.4.bb
@@ -65,6 +65,10 @@ SRC_URI += " \
file://perl-5.26.1-guard_old_libcrypt_fix.patch \
file://CVE-2018-12015.patch \
file://0001-ExtUtils-MM_Unix.pm-fix-race-issues.patch \
+ file://CVE-2018-18311.patch \
+ file://CVE-2018-18312.patch \
+ file://CVE-2018-18313.patch \
+ file://CVE-2018-18314.patch \
"
# Fix test case issues
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 79e0b6bd21..51db84c4d4 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -8,7 +8,7 @@ SRC_URI = "git://git.yoctoproject.org/pseudo \
file://toomanyfiles.patch \
"
-SRCREV = "6294b344e5140f5467e6860f45a174440015304e"
+SRCREV = "3fa7c853e0bcd6fe23f7524c2a3c9e3af90901c3"
S = "${WORKDIR}/git"
PV = "1.9.0+git${SRCPV}"
diff --git a/meta/recipes-devtools/python/python-native/0001-python-native-fix-one-do_populate_sysroot-warning.patch b/meta/recipes-devtools/python/python-native/0001-python-native-fix-one-do_populate_sysroot-warning.patch
new file mode 100644
index 0000000000..989818927d
--- /dev/null
+++ b/meta/recipes-devtools/python/python-native/0001-python-native-fix-one-do_populate_sysroot-warning.patch
@@ -0,0 +1,39 @@
+From 12292444e1b3662b994bc223d92b8338fb0895ff Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 25 Oct 2018 07:32:14 +0000
+Subject: [PATCH] python-native: fix one do_populate_sysroot warning
+
+Fix below warning:
+WARNING: Skipping RPATH /usr/lib64 as is a standard search path for
+work/x86_64-linux/python-native/2.7.15-r1.1/recipe-sysroot-native/
+usr/lib/python2.7/lib-dynload/_bsddb.so
+
+setup.py will check db.h under include_dirs, for native build,
+/usr/lib64 will be insert to postion 0 of include_dirs, so
+it's priority is higher then our sysroot, cause db.h sysroot
+is ignored, and rpath set to /usr/lib64. and this cause warning
+when do_populate_sysroot. use append to fix it.
+
+Upstream-Status: Inappropriate [oe-specific]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index 7bf13ed..6c0f29b 100644
+--- a/setup.py
++++ b/setup.py
+@@ -40,7 +40,7 @@ def add_dir_to_list(dirlist, dir):
+ 1) 'dir' is not already in 'dirlist'
+ 2) 'dir' actually exists, and is a directory."""
+ if dir is not None and os.path.isdir(dir) and dir not in dirlist:
+- dirlist.insert(0, dir)
++ dirlist.append(dir)
+
+ def macosx_sdk_root():
+ """
+--
+2.18.0
+
diff --git a/meta/recipes-devtools/python/python-native_2.7.15.bb b/meta/recipes-devtools/python/python-native_2.7.16.bb
index 9d0fe3b84f..b7442800d9 100644
--- a/meta/recipes-devtools/python/python-native_2.7.15.bb
+++ b/meta/recipes-devtools/python/python-native_2.7.16.bb
@@ -1,7 +1,6 @@
require python.inc
EXTRANATIVEPATH += "bzip2-native"
DEPENDS = "openssl-native bzip2-replacement-native zlib-native readline-native sqlite3-native expat-native gdbm-native db-native"
-PR = "${INC_PR}.1"
SRC_URI += "\
file://05-enable-ctypes-cross-build.patch \
@@ -16,6 +15,7 @@ SRC_URI += "\
file://builddir.patch \
file://parallel-makeinst-create-bindir.patch \
file://revert_use_of_sysconfigdata.patch \
+ file://0001-python-native-fix-one-do_populate_sysroot-warning.patch \
"
S = "${WORKDIR}/Python-${PV}"
diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc
index 66923678b1..e5f1981ab8 100644
--- a/meta/recipes-devtools/python/python.inc
+++ b/meta/recipes-devtools/python/python.inc
@@ -5,18 +5,12 @@ SECTION = "devel/python"
# bump this on every change in contrib/python/generate-manifest-2.7.py
INC_PR = "r1"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f257cc14f81685691652a3d3e1b5d754"
-
-SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
- file://0001-bpo-33570-TLS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch \
- file://0002-bpo-34818-Add-missing-closing-wrapper-in-test_tls1_3.patch \
- file://0003-bpo-34834-Fix-test_ssl.test_options-to-account-for-O.patch \
- file://0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch \
- file://0001-bpo-33354-Fix-test_ssl-when-a-filename-cannot-be-enc.patch \
- "
-
-SRC_URI[md5sum] = "a80ae3cc478460b922242f43a1b4094d"
-SRC_URI[sha256sum] = "22d9b1ac5b26135ad2b8c2901a9413537e08749a753356ee913c84dbd2df5574"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498"
+
+SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz"
+
+SRC_URI[md5sum] = "30157d85a2c0479c09ea2cbe61f2aaf5"
+SRC_URI[sha256sum] = "f222ef602647eecb6853681156d32de4450a2c39f4de93bd5b20235f2e660ed7"
# python recipe is actually python 2.x
# also, exclude pre-releases for both python 2.x and 3.x
diff --git a/meta/recipes-devtools/python/python/0001-bpo-33354-Fix-test_ssl-when-a-filename-cannot-be-enc.patch b/meta/recipes-devtools/python/python/0001-bpo-33354-Fix-test_ssl-when-a-filename-cannot-be-enc.patch
deleted file mode 100644
index 4c0b3577b2..0000000000
--- a/meta/recipes-devtools/python/python/0001-bpo-33354-Fix-test_ssl-when-a-filename-cannot-be-enc.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 19f6bd06af3c7fc0db5f96878aaa68f5589ff13e Mon Sep 17 00:00:00 2001
-From: Pablo Galindo <Pablogsal@gmail.com>
-Date: Thu, 24 May 2018 23:20:44 +0100
-Subject: [PATCH] bpo-33354: Fix test_ssl when a filename cannot be encoded
- (GH-6613)
-
-Skip test_load_dh_params() of test_ssl when Python filesystem encoding
-cannot encode the provided path.
-
-Upstream-Status: Backport [https://github.com/python/cpython/commit/19f6bd06af3c7fc0db5f96878aaa68f5589ff13e]
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- Lib/test/test_ssl.py | 9 ++++++++-
- .../next/Tests/2018-04-26-22-39-17.bpo-33354.g35-44.rst | 2 ++
- 2 files changed, 10 insertions(+), 1 deletion(-)
- create mode 100644 Misc/NEWS.d/next/Tests/2018-04-26-22-39-17.bpo-33354.g35-44.rst
-
-diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
-index b59fe73f04..7ced90fdf6 100644
---- a/Lib/test/test_ssl.py
-+++ b/Lib/test/test_ssl.py
-@@ -989,6 +989,13 @@ class ContextTests(unittest.TestCase):
-
-
- def test_load_dh_params(self):
-+ filename = u'dhpäräm.pem'
-+ fs_encoding = sys.getfilesystemencoding()
-+ try:
-+ filename.encode(fs_encoding)
-+ except UnicodeEncodeError:
-+ self.skipTest("filename %r cannot be encoded to the filesystem encoding %r" % (filename, fs_encoding))
-+
- ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
- ctx.load_dh_params(DHFILE)
- if os.name != 'nt':
-@@ -1001,7 +1008,7 @@ class ContextTests(unittest.TestCase):
- with self.assertRaises(ssl.SSLError) as cm:
- ctx.load_dh_params(CERTFILE)
- with support.temp_dir() as d:
-- fname = os.path.join(d, u'dhpäräm.pem')
-+ fname = os.path.join(d, filename)
- shutil.copy(DHFILE, fname)
- ctx.load_dh_params(fname)
-
-diff --git a/Misc/NEWS.d/next/Tests/2018-04-26-22-39-17.bpo-33354.g35-44.rst b/Misc/NEWS.d/next/Tests/2018-04-26-22-39-17.bpo-33354.g35-44.rst
-new file mode 100644
-index 0000000000..c66cecac32
---- /dev/null
-+++ b/Misc/NEWS.d/next/Tests/2018-04-26-22-39-17.bpo-33354.g35-44.rst
-@@ -0,0 +1,2 @@
-+Skip ``test_ssl.test_load_dh_params`` when Python filesystem encoding cannot encode the
-+provided path.
---
-2.17.1
-
diff --git a/meta/recipes-devtools/python/python/0001-bpo-33570-TLS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch b/meta/recipes-devtools/python/python/0001-bpo-33570-TLS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch
deleted file mode 100644
index 1f70562fc0..0000000000
--- a/meta/recipes-devtools/python/python/0001-bpo-33570-TLS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From a333351592f097220fc862911b34d3a300f0985e Mon Sep 17 00:00:00 2001
-From: Christian Heimes <christian@python.org>
-Date: Wed, 15 Aug 2018 09:07:28 +0200
-Subject: [PATCH 1/4] bpo-33570: TLS 1.3 ciphers for OpenSSL 1.1.1 (GH-6976)
- (GH-8760)
-
-Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
-1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
-default.
-
-Also update multissltests to test with latest OpenSSL.
-
-Signed-off-by: Christian Heimes <christian@python.org>.
-(cherry picked from commit 3e630c541b35c96bfe5619165255e559f577ee71)
-
-Co-authored-by: Christian Heimes <christian@python.org>
-
-Upstream-Status: Accepted [https://github.com/python/cpython/pull/8771]
-
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- Doc/library/ssl.rst | 8 ++--
- Lib/test/test_ssl.py | 37 +++++++++++--------
- .../2018-05-18-21-50-47.bpo-33570.7CZy4t.rst | 3 ++
- 3 files changed, 27 insertions(+), 21 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Library/2018-05-18-21-50-47.bpo-33570.7CZy4t.rst
-
-diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
-index 0421031772..7c7c85b833 100644
---- a/Doc/library/ssl.rst
-+++ b/Doc/library/ssl.rst
-@@ -294,11 +294,6 @@ purposes.
-
- 3DES was dropped from the default cipher string.
-
-- .. versionchanged:: 2.7.15
--
-- TLS 1.3 cipher suites TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384,
-- and TLS_CHACHA20_POLY1305_SHA256 were added to the default cipher string.
--
- .. function:: _https_verify_certificates(enable=True)
-
- Specifies whether or not server certificates are verified when creating
-@@ -1179,6 +1174,9 @@ to speed up repeated connections from the same clients.
- when connected, the :meth:`SSLSocket.cipher` method of SSL sockets will
- give the currently selected cipher.
-
-+ OpenSSL 1.1.1 has TLS 1.3 cipher suites enabled by default. The suites
-+ cannot be disabled with :meth:`~SSLContext.set_ciphers`.
-+
- .. method:: SSLContext.set_alpn_protocols(protocols)
-
- Specify which protocols the socket should advertise during the SSL/TLS
-diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
-index dc14e22ad1..f51572e319 100644
---- a/Lib/test/test_ssl.py
-+++ b/Lib/test/test_ssl.py
-@@ -2772,19 +2772,24 @@ else:
- sock.do_handshake()
- self.assertEqual(cm.exception.errno, errno.ENOTCONN)
-
-- def test_default_ciphers(self):
-- context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-- try:
-- # Force a set of weak ciphers on our client context
-- context.set_ciphers("DES")
-- except ssl.SSLError:
-- self.skipTest("no DES cipher available")
-- with ThreadedEchoServer(CERTFILE,
-- ssl_version=ssl.PROTOCOL_SSLv23,
-- chatty=False) as server:
-- with closing(context.wrap_socket(socket.socket())) as s:
-- with self.assertRaises(ssl.SSLError):
-- s.connect((HOST, server.port))
-+ def test_no_shared_ciphers(self):
-+ server_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-+ server_context.load_cert_chain(SIGNED_CERTFILE)
-+ client_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-+ client_context.verify_mode = ssl.CERT_REQUIRED
-+ client_context.check_hostname = True
-+
-+ # OpenSSL enables all TLS 1.3 ciphers, enforce TLS 1.2 for test
-+ client_context.options |= ssl.OP_NO_TLSv1_3
-+ # Force different suites on client and master
-+ client_context.set_ciphers("AES128")
-+ server_context.set_ciphers("AES256")
-+ with ThreadedEchoServer(context=server_context) as server:
-+ s = client_context.wrap_socket(
-+ socket.socket(),
-+ server_hostname="localhost")
-+ with self.assertRaises(ssl.SSLError):
-+ s.connect((HOST, server.port))
- self.assertIn("no shared cipher", str(server.conn_errors[0]))
-
- def test_version_basic(self):
-@@ -2815,9 +2820,9 @@ else:
- with context.wrap_socket(socket.socket()) as s:
- s.connect((HOST, server.port))
- self.assertIn(s.cipher()[0], [
-- 'TLS13-AES-256-GCM-SHA384',
-- 'TLS13-CHACHA20-POLY1305-SHA256',
-- 'TLS13-AES-128-GCM-SHA256',
-+ 'TLS_AES_256_GCM_SHA384',
-+ 'TLS_CHACHA20_POLY1305_SHA256',
-+ 'TLS_AES_128_GCM_SHA256',
- ])
-
- @unittest.skipUnless(ssl.HAS_ECDH, "test requires ECDH-enabled OpenSSL")
-diff --git a/Misc/NEWS.d/next/Library/2018-05-18-21-50-47.bpo-33570.7CZy4t.rst b/Misc/NEWS.d/next/Library/2018-05-18-21-50-47.bpo-33570.7CZy4t.rst
-new file mode 100644
-index 0000000000..bd719a47e8
---- /dev/null
-+++ b/Misc/NEWS.d/next/Library/2018-05-18-21-50-47.bpo-33570.7CZy4t.rst
-@@ -0,0 +1,3 @@
-+Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
-+1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
-+default.
---
-2.17.1
-
diff --git a/meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch b/meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch
deleted file mode 100644
index 125db8512a..0000000000
--- a/meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From c7e692c61dc091d07dee573f5f424b6b427ff056 Mon Sep 17 00:00:00 2001
-From: Benjamin Peterson <benjamin@python.org>
-Date: Wed, 29 Aug 2018 21:59:21 -0700
-Subject: [PATCH] closes bpo-34540: Convert shutil._call_external_zip to use
- subprocess rather than distutils.spawn. (GH-8985)
-
-Upstream-Status: Backport
-CVE: CVE-2018-1000802
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- Lib/shutil.py | 16 ++++++++++------
- .../Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst | 3 +++
- 2 files changed, 13 insertions(+), 6 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst
-
-diff --git a/Lib/shutil.py b/Lib/shutil.py
-index 3462f7c..0ab1a06 100644
---- a/Lib/shutil.py
-+++ b/Lib/shutil.py
-@@ -413,17 +413,21 @@ def _make_tarball(base_name, base_dir, compress="gzip", verbose=0, dry_run=0,
-
- return archive_name
-
--def _call_external_zip(base_dir, zip_filename, verbose=False, dry_run=False):
-+def _call_external_zip(base_dir, zip_filename, verbose, dry_run, logger):
- # XXX see if we want to keep an external call here
- if verbose:
- zipoptions = "-r"
- else:
- zipoptions = "-rq"
-- from distutils.errors import DistutilsExecError
-- from distutils.spawn import spawn
-+ cmd = ["zip", zipoptions, zip_filename, base_dir]
-+ if logger is not None:
-+ logger.info(' '.join(cmd))
-+ if dry_run:
-+ return
-+ import subprocess
- try:
-- spawn(["zip", zipoptions, zip_filename, base_dir], dry_run=dry_run)
-- except DistutilsExecError:
-+ subprocess.check_call(cmd)
-+ except subprocess.CalledProcessError:
- # XXX really should distinguish between "couldn't find
- # external 'zip' command" and "zip failed".
- raise ExecError, \
-@@ -458,7 +462,7 @@ def _make_zipfile(base_name, base_dir, verbose=0, dry_run=0, logger=None):
- zipfile = None
-
- if zipfile is None:
-- _call_external_zip(base_dir, zip_filename, verbose, dry_run)
-+ _call_external_zip(base_dir, zip_filename, verbose, dry_run, logger)
- else:
- if logger is not None:
- logger.info("creating '%s' and adding '%s' to it",
-diff --git a/Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst b/Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst
-new file mode 100644
-index 0000000..4f68696
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst
-@@ -0,0 +1,3 @@
-+When ``shutil.make_archive`` falls back to the external ``zip`` problem, it
-+uses :mod:`subprocess` to invoke it rather than :mod:`distutils.spawn`. This
-+closes a possible shell injection vector.
---
-2.7.4
-
diff --git a/meta/recipes-devtools/python/python/0002-bpo-34818-Add-missing-closing-wrapper-in-test_tls1_3.patch b/meta/recipes-devtools/python/python/0002-bpo-34818-Add-missing-closing-wrapper-in-test_tls1_3.patch
deleted file mode 100644
index 96882712e9..0000000000
--- a/meta/recipes-devtools/python/python/0002-bpo-34818-Add-missing-closing-wrapper-in-test_tls1_3.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 0e1f3856a7e1511fb64d99646c54ddf3897cd444 Mon Sep 17 00:00:00 2001
-From: Dimitri John Ledkov <xnox@ubuntu.com>
-Date: Fri, 28 Sep 2018 14:15:52 +0100
-Subject: [PATCH 2/4] bpo-34818: Add missing closing() wrapper in test_tls1_3.
-
-Python 2.7 socket classes do not implement context manager protocol,
-hence closing() is required around it. Resolves testcase error
-traceback.
-
-Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
-
-https://bugs.python.org/issue34818
-
-Patch taken from Ubuntu.
-
-Upstream-Status: Submitted [https://github.com/python/cpython/pull/9622]
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- Lib/test/test_ssl.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
-index f51572e319..7a14053cee 100644
---- a/Lib/test/test_ssl.py
-+++ b/Lib/test/test_ssl.py
-@@ -2817,7 +2817,7 @@ else:
- ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2
- )
- with ThreadedEchoServer(context=context) as server:
-- with context.wrap_socket(socket.socket()) as s:
-+ with closing(context.wrap_socket(socket.socket())) as s:
- s.connect((HOST, server.port))
- self.assertIn(s.cipher()[0], [
- 'TLS_AES_256_GCM_SHA384',
---
-2.17.1
-
diff --git a/meta/recipes-devtools/python/python/0003-bpo-34834-Fix-test_ssl.test_options-to-account-for-O.patch b/meta/recipes-devtools/python/python/0003-bpo-34834-Fix-test_ssl.test_options-to-account-for-O.patch
deleted file mode 100644
index 77016cb430..0000000000
--- a/meta/recipes-devtools/python/python/0003-bpo-34834-Fix-test_ssl.test_options-to-account-for-O.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 8b06d56d26eee289fec22b9b72ab4c7cc3d6c482 Mon Sep 17 00:00:00 2001
-From: Dimitri John Ledkov <xnox@ubuntu.com>
-Date: Fri, 28 Sep 2018 16:34:16 +0100
-Subject: [PATCH 3/4] bpo-34834: Fix test_ssl.test_options to account for
- OP_ENABLE_MIDDLEBOX_COMPAT.
-
-Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
-
-https://bugs.python.org/issue34834
-
-Patch taken from Ubuntu.
-Upstream-Status: Submitted [https://github.com/python/cpython/pull/9624]
-
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- Lib/test/test_ssl.py | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
-index 7a14053cee..efc906a5ba 100644
---- a/Lib/test/test_ssl.py
-+++ b/Lib/test/test_ssl.py
-@@ -777,6 +777,11 @@ class ContextTests(unittest.TestCase):
- default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
- if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0):
- default |= ssl.OP_NO_COMPRESSION
-+ if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1):
-+ # define MIDDLEBOX constant, as python2.7 does not know about it
-+ # but it is used by default.
-+ OP_ENABLE_MIDDLEBOX_COMPAT = 1048576L
-+ default |= OP_ENABLE_MIDDLEBOX_COMPAT
- self.assertEqual(default, ctx.options)
- ctx.options |= ssl.OP_NO_TLSv1
- self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options)
---
-2.17.1
-
diff --git a/meta/recipes-devtools/python/python/0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch b/meta/recipes-devtools/python/python/0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch
deleted file mode 100644
index 39e1bcfc86..0000000000
--- a/meta/recipes-devtools/python/python/0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 946a7969345c6697697effd226ec396d3fea05b7 Mon Sep 17 00:00:00 2001
-From: Dimitri John Ledkov <xnox@ubuntu.com>
-Date: Fri, 28 Sep 2018 17:30:19 +0100
-Subject: [PATCH 4/4] bpo-34836: fix test_default_ecdh_curve, needs no tlsv1.3.
-
-Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
-
-https://bugs.python.org/issue34836
-
-Patch taken from Ubuntu.
-Upstream-Status: Submitted [https://github.com/python/cpython/pull/9626]
-
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- Lib/test/test_ssl.py | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
-index efc906a5ba..4a3286cd5f 100644
---- a/Lib/test/test_ssl.py
-+++ b/Lib/test/test_ssl.py
-@@ -2836,6 +2836,9 @@ else:
- # should be enabled by default on SSL contexts.
- context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
- context.load_cert_chain(CERTFILE)
-+ # TLSv1.3 defaults to PFS key agreement and no longer has KEA in
-+ # cipher name.
-+ context.options |= ssl.OP_NO_TLSv1_3
- # Prior to OpenSSL 1.0.0, ECDH ciphers have to be enabled
- # explicitly using the 'ECCdraft' cipher alias. Otherwise,
- # our default cipher list should prefer ECDH-based ciphers
---
-2.17.1
-
diff --git a/meta/recipes-devtools/python/python/bpo-30458-cve-2019-9740.patch b/meta/recipes-devtools/python/python/bpo-30458-cve-2019-9740.patch
new file mode 100644
index 0000000000..f4c56bb828
--- /dev/null
+++ b/meta/recipes-devtools/python/python/bpo-30458-cve-2019-9740.patch
@@ -0,0 +1,219 @@
+From 39815ee5bb7f2f9ca1f0d5e9f51e27a2877ec35b Mon Sep 17 00:00:00 2001
+From: Victor Stinner <victor.stinner@gmail.com>
+Date: Tue, 21 May 2019 15:12:33 +0200
+Subject: [PATCH] bpo-30458: Disallow control chars in http URLs (GH-12755)
+ (GH-13154) (GH-13315)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Disallow control chars in http URLs in urllib2.urlopen. This
+addresses a potential security problem for applications that do not
+sanity check their URLs where http request headers could be injected.
+
+Disable https related urllib tests on a build without ssl (GH-13032)
+These tests require an SSL enabled build. Skip these tests when
+python is built without SSL to fix test failures.
+
+Use httplib.InvalidURL instead of ValueError as the new error case's
+exception. (GH-13044)
+
+Backport Co-Authored-By: Miro Hrončok <miro@hroncok.cz>
+
+(cherry picked from commit 7e200e0763f5b71c199aaf98bd5588f291585619)
+
+Notes on backport to Python 2.7:
+
+* test_urllib tests urllib.urlopen() which quotes the URL and so is
+ not vulerable to HTTP Header Injection.
+* Add tests to test_urllib2 on urllib2.urlopen().
+* Reject non-ASCII characters: range 0x80-0xff.
+
+CVE: CVE-2019-9740 CVE-2019-9747
+Upstream-Status: Accepted
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ Lib/httplib.py | 16 ++++++
+ Lib/test/test_urllib.py | 25 +++++++++
+ Lib/test/test_urllib2.py | 51 ++++++++++++++++++-
+ Lib/test/test_xmlrpc.py | 8 ++-
+ .../2019-04-10-08-53-30.bpo-30458.51E-DA.rst | 1 +
+ 5 files changed, 99 insertions(+), 2 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst
+
+diff --git a/Lib/httplib.py b/Lib/httplib.py
+index 60a8fb4e35..1b41c346e0 100644
+--- a/Lib/httplib.py
++++ b/Lib/httplib.py
+@@ -247,6 +247,16 @@ _MAXHEADERS = 100
+ _is_legal_header_name = re.compile(r'\A[^:\s][^:\r\n]*\Z').match
+ _is_illegal_header_value = re.compile(r'\n(?![ \t])|\r(?![ \t\n])').search
+
++# These characters are not allowed within HTTP URL paths.
++# See https://tools.ietf.org/html/rfc3986#section-3.3 and the
++# https://tools.ietf.org/html/rfc3986#appendix-A pchar definition.
++# Prevents CVE-2019-9740. Includes control characters such as \r\n.
++# Restrict non-ASCII characters above \x7f (0x80-0xff).
++_contains_disallowed_url_pchar_re = re.compile('[\x00-\x20\x7f-\xff]')
++# Arguably only these _should_ allowed:
++# _is_allowed_url_pchars_re = re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$")
++# We are more lenient for assumed real world compatibility purposes.
++
+ # We always set the Content-Length header for these methods because some
+ # servers will otherwise respond with a 411
+ _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'}
+@@ -927,6 +937,12 @@ class HTTPConnection:
+ self._method = method
+ if not url:
+ url = '/'
++ # Prevent CVE-2019-9740.
++ match = _contains_disallowed_url_pchar_re.search(url)
++ if match:
++ raise InvalidURL("URL can't contain control characters. %r "
++ "(found at least %r)"
++ % (url, match.group()))
+ hdr = '%s %s %s' % (method, url, self._http_vsn_str)
+
+ self._output(hdr)
+diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
+index 1ce9201c06..d7778d4194 100644
+--- a/Lib/test/test_urllib.py
++++ b/Lib/test/test_urllib.py
+@@ -257,6 +257,31 @@ class urlopen_HttpTests(unittest.TestCase, FakeHTTPMixin):
+ finally:
+ self.unfakehttp()
+
++ def test_url_with_control_char_rejected(self):
++ for char_no in range(0, 0x21) + range(0x7f, 0x100):
++ char = chr(char_no)
++ schemeless_url = "//localhost:7777/test%s/" % char
++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.")
++ try:
++ # urllib quotes the URL so there is no injection.
++ resp = urllib.urlopen("http:" + schemeless_url)
++ self.assertNotIn(char, resp.geturl())
++ finally:
++ self.unfakehttp()
++
++ def test_url_with_newline_header_injection_rejected(self):
++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.")
++ host = "localhost:7777?a=1 HTTP/1.1\r\nX-injected: header\r\nTEST: 123"
++ schemeless_url = "//" + host + ":8080/test/?test=a"
++ try:
++ # urllib quotes the URL so there is no injection.
++ resp = urllib.urlopen("http:" + schemeless_url)
++ self.assertNotIn(' ', resp.geturl())
++ self.assertNotIn('\r', resp.geturl())
++ self.assertNotIn('\n', resp.geturl())
++ finally:
++ self.unfakehttp()
++
+ def test_read_bogus(self):
+ # urlopen() should raise IOError for many error codes.
+ self.fakehttp('''HTTP/1.1 401 Authentication Required
+diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py
+index 6d24d5ddf8..9531818e16 100644
+--- a/Lib/test/test_urllib2.py
++++ b/Lib/test/test_urllib2.py
+@@ -15,6 +15,9 @@ try:
+ except ImportError:
+ ssl = None
+
++from test.test_urllib import FakeHTTPMixin
++
++
+ # XXX
+ # Request
+ # CacheFTPHandler (hard to write)
+@@ -1262,7 +1265,7 @@ class HandlerTests(unittest.TestCase):
+ self.assertEqual(len(http_handler.requests), 1)
+ self.assertFalse(http_handler.requests[0].has_header(auth_header))
+
+-class MiscTests(unittest.TestCase):
++class MiscTests(unittest.TestCase, FakeHTTPMixin):
+
+ def test_build_opener(self):
+ class MyHTTPHandler(urllib2.HTTPHandler): pass
+@@ -1317,6 +1320,52 @@ class MiscTests(unittest.TestCase):
+ "Unsupported digest authentication algorithm 'invalid'"
+ )
+
++ @unittest.skipUnless(ssl, "ssl module required")
++ def test_url_with_control_char_rejected(self):
++ for char_no in range(0, 0x21) + range(0x7f, 0x100):
++ char = chr(char_no)
++ schemeless_url = "//localhost:7777/test%s/" % char
++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.")
++ try:
++ # We explicitly test urllib.request.urlopen() instead of the top
++ # level 'def urlopen()' function defined in this... (quite ugly)
++ # test suite. They use different url opening codepaths. Plain
++ # urlopen uses FancyURLOpener which goes via a codepath that
++ # calls urllib.parse.quote() on the URL which makes all of the
++ # above attempts at injection within the url _path_ safe.
++ escaped_char_repr = repr(char).replace('\\', r'\\')
++ InvalidURL = httplib.InvalidURL
++ with self.assertRaisesRegexp(
++ InvalidURL, "contain control.*" + escaped_char_repr):
++ urllib2.urlopen("http:" + schemeless_url)
++ with self.assertRaisesRegexp(
++ InvalidURL, "contain control.*" + escaped_char_repr):
++ urllib2.urlopen("https:" + schemeless_url)
++ finally:
++ self.unfakehttp()
++
++ @unittest.skipUnless(ssl, "ssl module required")
++ def test_url_with_newline_header_injection_rejected(self):
++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.")
++ host = "localhost:7777?a=1 HTTP/1.1\r\nX-injected: header\r\nTEST: 123"
++ schemeless_url = "//" + host + ":8080/test/?test=a"
++ try:
++ # We explicitly test urllib2.urlopen() instead of the top
++ # level 'def urlopen()' function defined in this... (quite ugly)
++ # test suite. They use different url opening codepaths. Plain
++ # urlopen uses FancyURLOpener which goes via a codepath that
++ # calls urllib.parse.quote() on the URL which makes all of the
++ # above attempts at injection within the url _path_ safe.
++ InvalidURL = httplib.InvalidURL
++ with self.assertRaisesRegexp(
++ InvalidURL, r"contain control.*\\r.*(found at least . .)"):
++ urllib2.urlopen("http:" + schemeless_url)
++ with self.assertRaisesRegexp(InvalidURL, r"contain control.*\\n"):
++ urllib2.urlopen("https:" + schemeless_url)
++ finally:
++ self.unfakehttp()
++
++
+
+ class RequestTests(unittest.TestCase):
+
+diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py
+index 36b3be67fd..90ccb30716 100644
+--- a/Lib/test/test_xmlrpc.py
++++ b/Lib/test/test_xmlrpc.py
+@@ -659,7 +659,13 @@ class SimpleServerTestCase(BaseServerTestCase):
+ def test_partial_post(self):
+ # Check that a partial POST doesn't make the server loop: issue #14001.
+ conn = httplib.HTTPConnection(ADDR, PORT)
+- conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye')
++ conn.send('POST /RPC2 HTTP/1.0\r\n'
++ 'Content-Length: 100\r\n\r\n'
++ 'bye HTTP/1.1\r\n'
++ 'Host: %s:%s\r\n'
++ 'Accept-Encoding: identity\r\n'
++ 'Content-Length: 0\r\n\r\n'
++ % (ADDR, PORT))
+ conn.close()
+
+ class SimpleServerEncodingTestCase(BaseServerTestCase):
+diff --git a/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst b/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst
+new file mode 100644
+index 0000000000..47cb899df1
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst
+@@ -0,0 +1 @@
++Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause an httplib.InvalidURL exception to be raised.
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-devtools/python/python/bpo-35121-cve-2018-20852.patch b/meta/recipes-devtools/python/python/bpo-35121-cve-2018-20852.patch
new file mode 100644
index 0000000000..7ce7b1f9e0
--- /dev/null
+++ b/meta/recipes-devtools/python/python/bpo-35121-cve-2018-20852.patch
@@ -0,0 +1,127 @@
+From 1bd50d351e508b8947e5813c5f925eb4b61c8d76 Mon Sep 17 00:00:00 2001
+From: Xtreak <tir.karthi@gmail.com>
+Date: Sat, 15 Jun 2019 20:59:43 +0530
+Subject: [PATCH] [2.7] bpo-35121: prefix dot in domain for proper subdomain
+ validation (GH-10258) (GH-13426)
+
+This is a manual backport of ca7fe5063593958e5efdf90f068582837f07bd14 since 2.7 has `http.cookiejar` in `cookielib`
+
+https://bugs.python.org/issue35121
+
+CVE: CVE-2018-20852
+Upstream-Status: Accepted
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ Lib/cookielib.py | 13 ++++++--
+ Lib/test/test_cookielib.py | 30 +++++++++++++++++++
+ .../2019-05-20-00-35-12.bpo-35121.RRi-HU.rst | 4 +++
+ 3 files changed, 45 insertions(+), 2 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2019-05-20-00-35-12.bpo-35121.RRi-HU.rst
+
+diff --git a/Lib/cookielib.py b/Lib/cookielib.py
+index 2dd7c48728..0b471a42f2 100644
+--- a/Lib/cookielib.py
++++ b/Lib/cookielib.py
+@@ -1139,6 +1139,11 @@ class DefaultCookiePolicy(CookiePolicy):
+ req_host, erhn = eff_request_host(request)
+ domain = cookie.domain
+
++ if domain and not domain.startswith("."):
++ dotdomain = "." + domain
++ else:
++ dotdomain = domain
++
+ # strict check of non-domain cookies: Mozilla does this, MSIE5 doesn't
+ if (cookie.version == 0 and
+ (self.strict_ns_domain & self.DomainStrictNonDomain) and
+@@ -1151,7 +1156,7 @@ class DefaultCookiePolicy(CookiePolicy):
+ _debug(" effective request-host name %s does not domain-match "
+ "RFC 2965 cookie domain %s", erhn, domain)
+ return False
+- if cookie.version == 0 and not ("."+erhn).endswith(domain):
++ if cookie.version == 0 and not ("."+erhn).endswith(dotdomain):
+ _debug(" request-host %s does not match Netscape cookie domain "
+ "%s", req_host, domain)
+ return False
+@@ -1165,7 +1170,11 @@ class DefaultCookiePolicy(CookiePolicy):
+ req_host = "."+req_host
+ if not erhn.startswith("."):
+ erhn = "."+erhn
+- if not (req_host.endswith(domain) or erhn.endswith(domain)):
++ if domain and not domain.startswith("."):
++ dotdomain = "." + domain
++ else:
++ dotdomain = domain
++ if not (req_host.endswith(dotdomain) or erhn.endswith(dotdomain)):
+ #_debug(" request domain %s does not match cookie domain %s",
+ # req_host, domain)
+ return False
+diff --git a/Lib/test/test_cookielib.py b/Lib/test/test_cookielib.py
+index f2dd9727d1..7f7ff614d6 100644
+--- a/Lib/test/test_cookielib.py
++++ b/Lib/test/test_cookielib.py
+@@ -368,6 +368,7 @@ class CookieTests(TestCase):
+ ("http://foo.bar.com/", ".foo.bar.com", True),
+ ("http://foo.bar.com/", "foo.bar.com", True),
+ ("http://foo.bar.com/", ".bar.com", True),
++ ("http://foo.bar.com/", "bar.com", True),
+ ("http://foo.bar.com/", "com", True),
+ ("http://foo.com/", "rhubarb.foo.com", False),
+ ("http://foo.com/", ".foo.com", True),
+@@ -378,6 +379,8 @@ class CookieTests(TestCase):
+ ("http://foo/", "foo", True),
+ ("http://foo/", "foo.local", True),
+ ("http://foo/", ".local", True),
++ ("http://barfoo.com", ".foo.com", False),
++ ("http://barfoo.com", "foo.com", False),
+ ]:
+ request = urllib2.Request(url)
+ r = pol.domain_return_ok(domain, request)
+@@ -938,6 +941,33 @@ class CookieTests(TestCase):
+ c.add_cookie_header(req)
+ self.assertFalse(req.has_header("Cookie"))
+
++ c.clear()
++
++ pol.set_blocked_domains([])
++ req = Request("http://acme.com/")
++ res = FakeResponse(headers, "http://acme.com/")
++ cookies = c.make_cookies(res, req)
++ c.extract_cookies(res, req)
++ self.assertEqual(len(c), 1)
++
++ req = Request("http://acme.com/")
++ c.add_cookie_header(req)
++ self.assertTrue(req.has_header("Cookie"))
++
++ req = Request("http://badacme.com/")
++ c.add_cookie_header(req)
++ self.assertFalse(pol.return_ok(cookies[0], req))
++ self.assertFalse(req.has_header("Cookie"))
++
++ p = pol.set_blocked_domains(["acme.com"])
++ req = Request("http://acme.com/")
++ c.add_cookie_header(req)
++ self.assertFalse(req.has_header("Cookie"))
++
++ req = Request("http://badacme.com/")
++ c.add_cookie_header(req)
++ self.assertFalse(req.has_header("Cookie"))
++
+ def test_secure(self):
+ from cookielib import CookieJar, DefaultCookiePolicy
+
+diff --git a/Misc/NEWS.d/next/Security/2019-05-20-00-35-12.bpo-35121.RRi-HU.rst b/Misc/NEWS.d/next/Security/2019-05-20-00-35-12.bpo-35121.RRi-HU.rst
+new file mode 100644
+index 0000000000..7725180616
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2019-05-20-00-35-12.bpo-35121.RRi-HU.rst
+@@ -0,0 +1,4 @@
++Don't send cookies of domain A without Domain attribute to domain B when
++domain A is a suffix match of domain B while using a cookiejar with
++:class:`cookielib.DefaultCookiePolicy` policy. Patch by Karthikeyan
++Singaravelan.
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948-fix.patch b/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948-fix.patch
new file mode 100644
index 0000000000..b267237018
--- /dev/null
+++ b/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948-fix.patch
@@ -0,0 +1,55 @@
+From 179a5f75f1121dab271fe8f90eb35145f9dcbbda Mon Sep 17 00:00:00 2001
+From: Sihoon Lee <push0ebp@gmail.com>
+Date: Fri, 17 May 2019 02:41:06 +0900
+Subject: [PATCH] Update test_urllib.py and urllib.py\nchange assertEqual into
+ assertRasies in DummyURLopener test, and simplify mitigation
+
+Upstream-Status: Submitted https://github.com/python/cpython/pull/11842
+
+CVE: CVE-2019-9948
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ Lib/test/test_urllib.py | 11 +++--------
+ Lib/urllib.py | 4 ++--
+ 2 files changed, 5 insertions(+), 10 deletions(-)
+
+diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
+index e5f210e62a18..1e23dfb0bb16 100644
+--- a/Lib/test/test_urllib.py
++++ b/Lib/test/test_urllib.py
+@@ -1027,14 +1027,9 @@ def test_local_file_open(self):
+ class DummyURLopener(urllib.URLopener):
+ def open_local_file(self, url):
+ return url
+- self.assertEqual(DummyURLopener().open(
+- 'local-file://example'), '//example')
+- self.assertEqual(DummyURLopener().open(
+- 'local_file://example'), '//example')
+- self.assertRaises(IOError, urllib.urlopen,
+- 'local-file://example')
+- self.assertRaises(IOError, urllib.urlopen,
+- 'local_file://example')
++ for url in ('local_file://example', 'local-file://example'):
++ self.assertRaises(IOError, DummyURLopener().open, url)
++ self.assertRaises(IOError, urllib.urlopen, url)
+
+ # Just commented them out.
+ # Can't really tell why keep failing in windows and sparc.
+diff --git a/Lib/urllib.py b/Lib/urllib.py
+index a24e9a5c68fb..39b834054e9e 100644
+--- a/Lib/urllib.py
++++ b/Lib/urllib.py
+@@ -203,10 +203,10 @@ def open(self, fullurl, data=None):
+ name = 'open_' + urltype
+ self.type = urltype
+ name = name.replace('-', '_')
+-
++
+ # bpo-35907: # disallow the file reading with the type not allowed
+ if not hasattr(self, name) or \
+- (self == _urlopener and name == 'open_local_file'):
++ getattr(self, name) == self.open_local_file:
+ if proxy:
+ return self.open_unknown_proxy(proxy, fullurl, data)
+ else:
diff --git a/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch b/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch
new file mode 100644
index 0000000000..f4c225d2fc
--- /dev/null
+++ b/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch
@@ -0,0 +1,55 @@
+From 8f99cc799e4393bf1112b9395b2342f81b3f45ef Mon Sep 17 00:00:00 2001
+From: push0ebp <push0ebp@shl-MacBook-Pro.local>
+Date: Thu, 14 Feb 2019 02:05:46 +0900
+Subject: [PATCH] bpo-35907: Avoid file reading as disallowing the unnecessary
+ URL scheme in urllib
+
+Upstream-Status: Submitted https://github.com/python/cpython/pull/11842
+
+CVE: CVE-2019-9948
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ Lib/test/test_urllib.py | 12 ++++++++++++
+ Lib/urllib.py | 5 ++++-
+ 2 files changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
+index 1ce9201c0693..e5f210e62a18 100644
+--- a/Lib/test/test_urllib.py
++++ b/Lib/test/test_urllib.py
+@@ -1023,6 +1023,18 @@ def open_spam(self, url):
+ "spam://c:|windows%/:=&?~#+!$,;'@()*[]|/path/"),
+ "//c:|windows%/:=&?~#+!$,;'@()*[]|/path/")
+
++ def test_local_file_open(self):
++ class DummyURLopener(urllib.URLopener):
++ def open_local_file(self, url):
++ return url
++ self.assertEqual(DummyURLopener().open(
++ 'local-file://example'), '//example')
++ self.assertEqual(DummyURLopener().open(
++ 'local_file://example'), '//example')
++ self.assertRaises(IOError, urllib.urlopen,
++ 'local-file://example')
++ self.assertRaises(IOError, urllib.urlopen,
++ 'local_file://example')
+
+ # Just commented them out.
+ # Can't really tell why keep failing in windows and sparc.
+diff --git a/Lib/urllib.py b/Lib/urllib.py
+index d85504a5cb7e..a24e9a5c68fb 100644
+--- a/Lib/urllib.py
++++ b/Lib/urllib.py
+@@ -203,7 +203,10 @@ def open(self, fullurl, data=None):
+ name = 'open_' + urltype
+ self.type = urltype
+ name = name.replace('-', '_')
+- if not hasattr(self, name):
++
++ # bpo-35907: # disallow the file reading with the type not allowed
++ if not hasattr(self, name) or \
++ (self == _urlopener and name == 'open_local_file'):
+ if proxy:
+ return self.open_unknown_proxy(proxy, fullurl, data)
+ else:
diff --git a/meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch b/meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch
new file mode 100644
index 0000000000..2ce4d2cde7
--- /dev/null
+++ b/meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch
@@ -0,0 +1,28 @@
+From 06b5ee585d6e76bdbb4002f642d864d860cbbd2b Mon Sep 17 00:00:00 2001
+From: Steve Dower <steve.dower@python.org>
+Date: Tue, 12 Mar 2019 08:23:33 -0700
+Subject: [PATCH] bpo-36216: Only print test messages when verbose
+
+CVE: CVE-2019-9636
+
+Upstream-Status: Backport https://github.com/python/cpython/pull/12291/commits/06b5ee585d6e76bdbb4002f642d864d860cbbd2b
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ Lib/test/test_urlparse.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
+index 73b0228ea8e3..1830d0b28688 100644
+--- a/Lib/test/test_urlparse.py
++++ b/Lib/test/test_urlparse.py
+@@ -644,7 +644,8 @@ def test_urlsplit_normalization(self):
+ for scheme in [u"http", u"https", u"ftp"]:
+ for c in denorm_chars:
+ url = u"{}://netloc{}false.netloc/path".format(scheme, c)
+- print "Checking %r" % url
++ if test_support.verbose:
++ print "Checking %r" % url
+ with self.assertRaises(ValueError):
+ urlparse.urlsplit(url)
+
diff --git a/meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636.patch b/meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636.patch
new file mode 100644
index 0000000000..352b13ba9b
--- /dev/null
+++ b/meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636.patch
@@ -0,0 +1,111 @@
+From 3e3669c9c41a27e1466e2c28b3906e3dd0ce3e7e Mon Sep 17 00:00:00 2001
+From: Steve Dower <steve.dower@python.org>
+Date: Thu, 7 Mar 2019 08:25:22 -0800
+Subject: [PATCH] bpo-36216: Add check for characters in netloc that normalize
+ to separators (GH-12201)
+
+CVE: CVE-2019-9636
+
+Upstream-Status: Backport https://github.com/python/cpython/pull/12216/commits/3e3669c9c41a27e1466e2c28b3906e3dd0ce3e7e
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ Doc/library/urlparse.rst | 20 ++++++++++++++++
+ Lib/test/test_urlparse.py | 24 +++++++++++++++++++
+ Lib/urlparse.py | 17 +++++++++++++
+ .../2019-03-06-09-38-40.bpo-36216.6q1m4a.rst | 3 +++
+ 4 files changed, 64 insertions(+)
+ create mode 100644 Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
+
+diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
+index 4e1ded73c266..73b0228ea8e3 100644
+--- a/Lib/test/test_urlparse.py
++++ b/Lib/test/test_urlparse.py
+@@ -1,4 +1,6 @@
+ from test import test_support
++import sys
++import unicodedata
+ import unittest
+ import urlparse
+
+@@ -624,6 +626,28 @@ def test_portseparator(self):
+ self.assertEqual(urlparse.urlparse("http://www.python.org:80"),
+ ('http','www.python.org:80','','','',''))
+
++ def test_urlsplit_normalization(self):
++ # Certain characters should never occur in the netloc,
++ # including under normalization.
++ # Ensure that ALL of them are detected and cause an error
++ illegal_chars = u'/:#?@'
++ hex_chars = {'{:04X}'.format(ord(c)) for c in illegal_chars}
++ denorm_chars = [
++ c for c in map(unichr, range(128, sys.maxunicode))
++ if (hex_chars & set(unicodedata.decomposition(c).split()))
++ and c not in illegal_chars
++ ]
++ # Sanity check that we found at least one such character
++ self.assertIn(u'\u2100', denorm_chars)
++ self.assertIn(u'\uFF03', denorm_chars)
++
++ for scheme in [u"http", u"https", u"ftp"]:
++ for c in denorm_chars:
++ url = u"{}://netloc{}false.netloc/path".format(scheme, c)
++ print "Checking %r" % url
++ with self.assertRaises(ValueError):
++ urlparse.urlsplit(url)
++
+ def test_main():
+ test_support.run_unittest(UrlParseTestCase)
+
+diff --git a/Lib/urlparse.py b/Lib/urlparse.py
+index f7c2b032b097..54eda08651ab 100644
+--- a/Lib/urlparse.py
++++ b/Lib/urlparse.py
+@@ -165,6 +165,21 @@ def _splitnetloc(url, start=0):
+ delim = min(delim, wdelim) # use earliest delim position
+ return url[start:delim], url[delim:] # return (domain, rest)
+
++def _checknetloc(netloc):
++ if not netloc or not isinstance(netloc, unicode):
++ return
++ # looking for characters like \u2100 that expand to 'a/c'
++ # IDNA uses NFKC equivalence, so normalize for this check
++ import unicodedata
++ netloc2 = unicodedata.normalize('NFKC', netloc)
++ if netloc == netloc2:
++ return
++ _, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay
++ for c in '/?#@:':
++ if c in netloc2:
++ raise ValueError("netloc '" + netloc2 + "' contains invalid " +
++ "characters under NFKC normalization")
++
+ def urlsplit(url, scheme='', allow_fragments=True):
+ """Parse a URL into 5 components:
+ <scheme>://<netloc>/<path>?<query>#<fragment>
+@@ -193,6 +208,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
+ url, fragment = url.split('#', 1)
+ if '?' in url:
+ url, query = url.split('?', 1)
++ _checknetloc(netloc)
+ v = SplitResult(scheme, netloc, url, query, fragment)
+ _parse_cache[key] = v
+ return v
+@@ -216,6 +232,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
+ url, fragment = url.split('#', 1)
+ if '?' in url:
+ url, query = url.split('?', 1)
++ _checknetloc(netloc)
+ v = SplitResult(scheme, netloc, url, query, fragment)
+ _parse_cache[key] = v
+ return v
+diff --git a/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst b/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
+new file mode 100644
+index 000000000000..1e1ad92c6feb
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
+@@ -0,0 +1,3 @@
++Changes urlsplit() to raise ValueError when the URL contains characters that
++decompose under IDNA encoding (NFKC-normalization) into characters that
++affect how the URL is parsed.
+\ No newline at end of file
diff --git a/meta/recipes-devtools/python/python3-testtools/no_traceback2.patch b/meta/recipes-devtools/python/python3-testtools/no_traceback2.patch
new file mode 100644
index 0000000000..594510342b
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-testtools/no_traceback2.patch
@@ -0,0 +1,23 @@
+traceback2 adds traceback for python2. Rather than depend on traceback2, we're
+python3 only so just use traceback.
+This caused breakage in oe-selftest -j which uses testtools on the autobuilder
+using buildtools-tarball.
+
+Upstream-Status: Inappropriate [Our recipe is python3 specific]
+(Once py2 is EOL upstream probably could/should take this)
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: testtools-2.3.0/testtools/content.py
+===================================================================
+--- testtools-2.3.0.orig/testtools/content.py
++++ testtools-2.3.0/testtools/content.py
+@@ -19,8 +19,7 @@ import os
+ import sys
+
+ from extras import try_import
+-# To let setup.py work, make this a conditional import.
+-traceback = try_import('traceback2')
++import traceback
+
+ from testtools.compat import (
+ _b,
diff --git a/meta/recipes-devtools/python/python3-testtools_2.3.0.bb b/meta/recipes-devtools/python/python3-testtools_2.3.0.bb
index 896ecee65c..a254b90a75 100644
--- a/meta/recipes-devtools/python/python3-testtools_2.3.0.bb
+++ b/meta/recipes-devtools/python/python3-testtools_2.3.0.bb
@@ -1,2 +1,4 @@
inherit setuptools3
require python-testtools.inc
+
+SRC_URI += "file://no_traceback2.patch"
diff --git a/meta/recipes-devtools/python/python3/0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch b/meta/recipes-devtools/python/python3/0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch
new file mode 100644
index 0000000000..48d4f73e9c
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch
@@ -0,0 +1,35 @@
+From ffe7797637f08cd6ee4c82e2d67462c5e194d30a Mon Sep 17 00:00:00 2001
+From: Jaewon Lee <jaewon.lee@xilinx.com>
+Date: Thu, 25 Apr 2019 15:34:26 -0700
+Subject: [PATCH] main.c: if OEPYTHON3HOME is set use instead of PYTHONHOME
+
+There is one variable PYTHONHOME to determine where libraries are coming
+from for both python2 and python3. This becomes an issue if only one has
+libraries in the specified PYTHONHOME path, but they are using the same
+PYTHONHOME. Creating another variable OEPYTHON3HOME to allow for a way
+to set a different path for python3
+
+Signed-off-by: Jaewon Lee <jaewon.lee@xilinx.com>
+RP: Backported to 3.5.6 (code totally different to original path for
+later python versions)
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+---
+ Modules/main.c | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+Index: Python-3.5.6/Python/pylifecycle.c
+===================================================================
+--- Python-3.5.6.orig/Python/pylifecycle.c
++++ Python-3.5.6/Python/pylifecycle.c
+@@ -864,7 +864,9 @@ Py_GetPythonHome(void)
+ {
+ wchar_t *home = default_home;
+ if (home == NULL && !Py_IgnoreEnvironmentFlag) {
+- char* chome = Py_GETENV("PYTHONHOME");
++ char* chome = Py_GETENV("OEPYTHON3HOME");
++ if (!chome)
++ chome = Py_GETENV("PYTHONHOME");
+ if (chome) {
+ size_t size = Py_ARRAY_LENGTH(env_home);
+ size_t r = mbstowcs(env_home, chome, size);
diff --git a/meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch b/meta/recipes-devtools/python/python3/CVE-2018-14647.patch
index 3c0d662296..c1f21f826c 100644
--- a/meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch
+++ b/meta/recipes-devtools/python/python3/CVE-2018-14647.patch
@@ -1,36 +1,35 @@
-From 3ffc80959f01f9fde548f1632694b9f950c2dd7c Mon Sep 17 00:00:00 2001
-From: Christian Heimes <christian@python.org>
-Date: Tue, 18 Sep 2018 15:13:09 +0200
-Subject: [PATCH] [2.7] bpo-34623: Use XML_SetHashSalt in _elementtree
- (GH-9146) (GH-9394)
+From 610b4b0dbaedd3099ab76acf678e9cc845d99a76 Mon Sep 17 00:00:00 2001
+From: stratakis <cstratak@redhat.com>
+Date: Mon, 25 Feb 2019 22:04:09 +0100
+Subject: [PATCH] [3.5] bpo-34623: Use XML_SetHashSalt in _elementtree (#9933)
+
+* bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146)
The C accelerated _elementtree module now initializes hash randomization
salt from _Py_HashSecret instead of libexpat's default CPRNG.
Signed-off-by: Christian Heimes <christian@python.org>
-https://bugs.python.org/issue34623.
+https://bugs.python.org/issue34623
(cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b)
Co-authored-by: Christian Heimes <christian@python.org>
-
-
-https://bugs.python.org/issue34623
-
-Upstream-Status: Backport
CVE: CVE-2018-14647
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+Upstream-Status: Backport
+[https://github.com/python/cpython/commit/41b48e71ac8a71f56694b548f118bd20ce203410]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
---
- Include/pyexpat.h | 4 +++-
- Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst | 2 ++
- Modules/_elementtree.c | 5 +++++
- Modules/pyexpat.c | 5 +++++
+ Include/pyexpat.h | 4 +++-
+ .../next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst | 2 ++
+ Modules/_elementtree.c | 5 +++++
+ Modules/pyexpat.c | 5 +++++
4 files changed, 15 insertions(+), 1 deletion(-)
create mode 100644 Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
diff --git a/Include/pyexpat.h b/Include/pyexpat.h
-index 5340ef5..3fc5fa5 100644
+index 44259bf6d7..07020b5dc9 100644
--- a/Include/pyexpat.h
+++ b/Include/pyexpat.h
@@ -3,7 +3,7 @@
@@ -41,11 +40,11 @@ index 5340ef5..3fc5fa5 100644
+#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.1"
#define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI"
- struct PyExpat_CAPI
-@@ -43,6 +43,8 @@ struct PyExpat_CAPI
- XML_Parser parser, XML_UnknownEncodingHandler handler,
- void *encodingHandlerData);
- void (*SetUserData)(XML_Parser parser, void *userData);
+ struct PyExpat_CAPI
+@@ -48,6 +48,8 @@ struct PyExpat_CAPI
+ enum XML_Status (*SetEncoding)(XML_Parser parser, const XML_Char *encoding);
+ int (*DefaultUnknownEncodingHandler)(
+ void *encodingHandlerData, const XML_Char *name, XML_Encoding *info);
+ /* might be none for expat < 2.1.0 */
+ int (*SetHashSalt)(XML_Parser parser, unsigned long hash_salt);
/* always add new stuff to the end! */
@@ -53,36 +52,36 @@ index 5340ef5..3fc5fa5 100644
diff --git a/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
new file mode 100644
-index 0000000..31ad92e
+index 0000000000..cbaa4b7506
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
@@ -0,0 +1,2 @@
-+The C accelerated _elementtree module now initializes hash randomization
-+salt from _Py_HashSecret instead of libexpat's default CSPRNG.
++CVE-2018-14647: The C accelerated _elementtree module now initializes hash
++randomization salt from _Py_HashSecret instead of libexpat's default CSPRNG.
diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c
-index 1d316a1..a19cbf7 100644
+index 5dba9f70a9..90c6daf64a 100644
--- a/Modules/_elementtree.c
+++ b/Modules/_elementtree.c
-@@ -2574,6 +2574,11 @@ xmlparser(PyObject* self_, PyObject* args, PyObject* kw)
+@@ -3282,6 +3282,11 @@ _elementtree_XMLParser___init___impl(XMLParserObject *self, PyObject *html,
PyErr_NoMemory();
- return NULL;
+ return -1;
}
+ /* expat < 2.1.0 has no XML_SetHashSalt() */
+ if (EXPAT(SetHashSalt) != NULL) {
+ EXPAT(SetHashSalt)(self->parser,
-+ (unsigned long)_Py_HashSecret.prefix);
++ (unsigned long)_Py_HashSecret.expat.hashsalt);
+ }
- ALLOC(sizeof(XMLParserObject), "create expatparser");
-
+ if (target) {
+ Py_INCREF(target);
diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
-index 2b4d312..1f8c0d7 100644
+index adc9b6cde8..948ab1b703 100644
--- a/Modules/pyexpat.c
+++ b/Modules/pyexpat.c
-@@ -2042,6 +2042,11 @@ MODULE_INITFUNC(void)
- capi.SetProcessingInstructionHandler = XML_SetProcessingInstructionHandler;
- capi.SetUnknownEncodingHandler = XML_SetUnknownEncodingHandler;
- capi.SetUserData = XML_SetUserData;
+@@ -1882,6 +1882,11 @@ MODULE_INITFUNC(void)
+ capi.SetStartDoctypeDeclHandler = XML_SetStartDoctypeDeclHandler;
+ capi.SetEncoding = XML_SetEncoding;
+ capi.DefaultUnknownEncodingHandler = PyUnknownEncodingHandler;
+#if XML_COMBINED_VERSION >= 20100
+ capi.SetHashSalt = XML_SetHashSalt;
+#else
@@ -92,5 +91,5 @@ index 2b4d312..1f8c0d7 100644
/* export using capsule */
capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL);
--
-2.7.4
+2.22.0.vfs.1.1.57.gbaf16c8
diff --git a/meta/recipes-devtools/python/python3/CVE-2018-20406.patch b/meta/recipes-devtools/python/python3/CVE-2018-20406.patch
new file mode 100644
index 0000000000..b69e0c4d6b
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2018-20406.patch
@@ -0,0 +1,217 @@
+From 3c7fd2b2729e3ebcf7877e7a32b3bbabf907a38d Mon Sep 17 00:00:00 2001
+From: Victor Stinner <vstinner@redhat.com>
+Date: Tue, 26 Feb 2019 01:42:39 +0100
+Subject: [PATCH] closes bpo-34656: Avoid relying on signed overflow in _pickle
+ memos. (GH-9261) (#11869)
+
+(cherry picked from commit a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd)
+
+CVE: CVE-2018-20406
+Upstream-Status: Backport
+[https://github.com/python/cpython/commit/ef33dd6036aafbd3f06c1d56e2b1a81dae3da63c]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ Modules/_pickle.c | 63 ++++++++++++++++++++++++-----------------------
+ 1 file changed, 32 insertions(+), 31 deletions(-)
+
+diff --git a/Modules/_pickle.c b/Modules/_pickle.c
+index 0f62b1c019..fcb9e87899 100644
+--- a/Modules/_pickle.c
++++ b/Modules/_pickle.c
+@@ -527,9 +527,9 @@ typedef struct {
+ } PyMemoEntry;
+
+ typedef struct {
+- Py_ssize_t mt_mask;
+- Py_ssize_t mt_used;
+- Py_ssize_t mt_allocated;
++ size_t mt_mask;
++ size_t mt_used;
++ size_t mt_allocated;
+ PyMemoEntry *mt_table;
+ } PyMemoTable;
+
+@@ -573,8 +573,8 @@ typedef struct UnpicklerObject {
+ /* The unpickler memo is just an array of PyObject *s. Using a dict
+ is unnecessary, since the keys are contiguous ints. */
+ PyObject **memo;
+- Py_ssize_t memo_size; /* Capacity of the memo array */
+- Py_ssize_t memo_len; /* Number of objects in the memo */
++ size_t memo_size; /* Capacity of the memo array */
++ size_t memo_len; /* Number of objects in the memo */
+
+ PyObject *pers_func; /* persistent_load() method, can be NULL. */
+
+@@ -658,7 +658,6 @@ PyMemoTable_New(void)
+ static PyMemoTable *
+ PyMemoTable_Copy(PyMemoTable *self)
+ {
+- Py_ssize_t i;
+ PyMemoTable *new = PyMemoTable_New();
+ if (new == NULL)
+ return NULL;
+@@ -675,7 +674,7 @@ PyMemoTable_Copy(PyMemoTable *self)
+ PyErr_NoMemory();
+ return NULL;
+ }
+- for (i = 0; i < self->mt_allocated; i++) {
++ for (size_t i = 0; i < self->mt_allocated; i++) {
+ Py_XINCREF(self->mt_table[i].me_key);
+ }
+ memcpy(new->mt_table, self->mt_table,
+@@ -721,7 +720,7 @@ _PyMemoTable_Lookup(PyMemoTable *self, PyObject *key)
+ {
+ size_t i;
+ size_t perturb;
+- size_t mask = (size_t)self->mt_mask;
++ size_t mask = self->mt_mask;
+ PyMemoEntry *table = self->mt_table;
+ PyMemoEntry *entry;
+ Py_hash_t hash = (Py_hash_t)key >> 3;
+@@ -743,22 +742,24 @@ _PyMemoTable_Lookup(PyMemoTable *self, PyObject *key)
+
+ /* Returns -1 on failure, 0 on success. */
+ static int
+-_PyMemoTable_ResizeTable(PyMemoTable *self, Py_ssize_t min_size)
++_PyMemoTable_ResizeTable(PyMemoTable *self, size_t min_size)
+ {
+ PyMemoEntry *oldtable = NULL;
+ PyMemoEntry *oldentry, *newentry;
+- Py_ssize_t new_size = MT_MINSIZE;
+- Py_ssize_t to_process;
++ size_t new_size = MT_MINSIZE;
++ size_t to_process;
+
+ assert(min_size > 0);
+
+- /* Find the smallest valid table size >= min_size. */
+- while (new_size < min_size && new_size > 0)
+- new_size <<= 1;
+- if (new_size <= 0) {
++ if (min_size > PY_SSIZE_T_MAX) {
+ PyErr_NoMemory();
+ return -1;
+ }
++
++ /* Find the smallest valid table size >= min_size. */
++ while (new_size < min_size) {
++ new_size <<= 1;
++ }
+ /* new_size needs to be a power of two. */
+ assert((new_size & (new_size - 1)) == 0);
+
+@@ -808,6 +809,7 @@ static int
+ PyMemoTable_Set(PyMemoTable *self, PyObject *key, Py_ssize_t value)
+ {
+ PyMemoEntry *entry;
++ size_t desired_size;
+
+ assert(key != NULL);
+
+@@ -831,10 +833,12 @@ PyMemoTable_Set(PyMemoTable *self, PyObject *key, Py_ssize_t value)
+ * Very large memo tables (over 50K items) use doubling instead.
+ * This may help applications with severe memory constraints.
+ */
+- if (!(self->mt_used * 3 >= (self->mt_mask + 1) * 2))
++ if (SIZE_MAX / 3 >= self->mt_used && self->mt_used * 3 < self->mt_allocated * 2) {
+ return 0;
+- return _PyMemoTable_ResizeTable(self,
+- (self->mt_used > 50000 ? 2 : 4) * self->mt_used);
++ }
++ // self->mt_used is always < PY_SSIZE_T_MAX, so this can't overflow.
++ desired_size = (self->mt_used > 50000 ? 2 : 4) * self->mt_used;
++ return _PyMemoTable_ResizeTable(self, desired_size);
+ }
+
+ #undef MT_MINSIZE
+@@ -1273,9 +1277,9 @@ _Unpickler_Readline(UnpicklerObject *self, char **result)
+ /* Returns -1 (with an exception set) on failure, 0 on success. The memo array
+ will be modified in place. */
+ static int
+-_Unpickler_ResizeMemoList(UnpicklerObject *self, Py_ssize_t new_size)
++_Unpickler_ResizeMemoList(UnpicklerObject *self, size_t new_size)
+ {
+- Py_ssize_t i;
++ size_t i;
+
+ assert(new_size > self->memo_size);
+
+@@ -1292,9 +1296,9 @@ _Unpickler_ResizeMemoList(UnpicklerObject *self, Py_ssize_t new_size)
+
+ /* Returns NULL if idx is out of bounds. */
+ static PyObject *
+-_Unpickler_MemoGet(UnpicklerObject *self, Py_ssize_t idx)
++_Unpickler_MemoGet(UnpicklerObject *self, size_t idx)
+ {
+- if (idx < 0 || idx >= self->memo_size)
++ if (idx >= self->memo_size)
+ return NULL;
+
+ return self->memo[idx];
+@@ -1303,7 +1307,7 @@ _Unpickler_MemoGet(UnpicklerObject *self, Py_ssize_t idx)
+ /* Returns -1 (with an exception set) on failure, 0 on success.
+ This takes its own reference to `value`. */
+ static int
+-_Unpickler_MemoPut(UnpicklerObject *self, Py_ssize_t idx, PyObject *value)
++_Unpickler_MemoPut(UnpicklerObject *self, size_t idx, PyObject *value)
+ {
+ PyObject *old_item;
+
+@@ -4194,14 +4198,13 @@ static PyObject *
+ _pickle_PicklerMemoProxy_copy_impl(PicklerMemoProxyObject *self)
+ /*[clinic end generated code: output=bb83a919d29225ef input=b73043485ac30b36]*/
+ {
+- Py_ssize_t i;
+ PyMemoTable *memo;
+ PyObject *new_memo = PyDict_New();
+ if (new_memo == NULL)
+ return NULL;
+
+ memo = self->pickler->memo;
+- for (i = 0; i < memo->mt_allocated; ++i) {
++ for (size_t i = 0; i < memo->mt_allocated; ++i) {
+ PyMemoEntry entry = memo->mt_table[i];
+ if (entry.me_key != NULL) {
+ int status;
+@@ -6620,7 +6623,7 @@ static PyObject *
+ _pickle_UnpicklerMemoProxy_copy_impl(UnpicklerMemoProxyObject *self)
+ /*[clinic end generated code: output=e12af7e9bc1e4c77 input=97769247ce032c1d]*/
+ {
+- Py_ssize_t i;
++ size_t i;
+ PyObject *new_memo = PyDict_New();
+ if (new_memo == NULL)
+ return NULL;
+@@ -6771,8 +6774,7 @@ static int
+ Unpickler_set_memo(UnpicklerObject *self, PyObject *obj)
+ {
+ PyObject **new_memo;
+- Py_ssize_t new_memo_size = 0;
+- Py_ssize_t i;
++ size_t new_memo_size = 0;
+
+ if (obj == NULL) {
+ PyErr_SetString(PyExc_TypeError,
+@@ -6789,7 +6791,7 @@ Unpickler_set_memo(UnpicklerObject *self, PyObject *obj)
+ if (new_memo == NULL)
+ return -1;
+
+- for (i = 0; i < new_memo_size; i++) {
++ for (size_t i = 0; i < new_memo_size; i++) {
+ Py_XINCREF(unpickler->memo[i]);
+ new_memo[i] = unpickler->memo[i];
+ }
+@@ -6837,8 +6839,7 @@ Unpickler_set_memo(UnpicklerObject *self, PyObject *obj)
+
+ error:
+ if (new_memo_size) {
+- i = new_memo_size;
+- while (--i >= 0) {
++ for (size_t i = new_memo_size - 1; i != SIZE_MAX; i--) {
+ Py_XDECREF(new_memo[i]);
+ }
+ PyMem_FREE(new_memo);
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-devtools/python/python3/CVE-2018-20852.patch b/meta/recipes-devtools/python/python3/CVE-2018-20852.patch
new file mode 100644
index 0000000000..82a114f29d
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2018-20852.patch
@@ -0,0 +1,129 @@
+From 31c16d62fc762ab87e66e7f47e36dbfcfc8b5224 Mon Sep 17 00:00:00 2001
+From: Xtreak <tir.karthi@gmail.com>
+Date: Sun, 17 Mar 2019 05:33:39 +0530
+Subject: [PATCH] [3.5] bpo-35121: prefix dot in domain for proper subdomain
+ validation (GH-10258) (#12281)
+
+Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan.
+(cherry picked from commit ca7fe5063593958e5efdf90f068582837f07bd14)
+
+Co-authored-by: Xtreak <tir.karthi@gmail.com>
+
+CVE: CVE-2018-20852
+Upstream-Status: Backport
+[https://github.com/python/cpython/commit/4749f1b69000259e23b4cc6f63c542a9bdc62f1b]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ Lib/http/cookiejar.py | 13 ++++++--
+ Lib/test/test_http_cookiejar.py | 30 +++++++++++++++++++
+ .../2018-10-31-15-39-17.bpo-35121.EgHv9k.rst | 4 +++
+ 3 files changed, 45 insertions(+), 2 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2018-10-31-15-39-17.bpo-35121.EgHv9k.rst
+
+diff --git a/Lib/http/cookiejar.py b/Lib/http/cookiejar.py
+index 6d4572af03..1cc9378ae4 100644
+--- a/Lib/http/cookiejar.py
++++ b/Lib/http/cookiejar.py
+@@ -1148,6 +1148,11 @@ class DefaultCookiePolicy(CookiePolicy):
+ req_host, erhn = eff_request_host(request)
+ domain = cookie.domain
+
++ if domain and not domain.startswith("."):
++ dotdomain = "." + domain
++ else:
++ dotdomain = domain
++
+ # strict check of non-domain cookies: Mozilla does this, MSIE5 doesn't
+ if (cookie.version == 0 and
+ (self.strict_ns_domain & self.DomainStrictNonDomain) and
+@@ -1160,7 +1165,7 @@ class DefaultCookiePolicy(CookiePolicy):
+ _debug(" effective request-host name %s does not domain-match "
+ "RFC 2965 cookie domain %s", erhn, domain)
+ return False
+- if cookie.version == 0 and not ("."+erhn).endswith(domain):
++ if cookie.version == 0 and not ("."+erhn).endswith(dotdomain):
+ _debug(" request-host %s does not match Netscape cookie domain "
+ "%s", req_host, domain)
+ return False
+@@ -1174,7 +1179,11 @@ class DefaultCookiePolicy(CookiePolicy):
+ req_host = "."+req_host
+ if not erhn.startswith("."):
+ erhn = "."+erhn
+- if not (req_host.endswith(domain) or erhn.endswith(domain)):
++ if domain and not domain.startswith("."):
++ dotdomain = "." + domain
++ else:
++ dotdomain = domain
++ if not (req_host.endswith(dotdomain) or erhn.endswith(dotdomain)):
+ #_debug(" request domain %s does not match cookie domain %s",
+ # req_host, domain)
+ return False
+diff --git a/Lib/test/test_http_cookiejar.py b/Lib/test/test_http_cookiejar.py
+index 49c01ae489..e67e6ae780 100644
+--- a/Lib/test/test_http_cookiejar.py
++++ b/Lib/test/test_http_cookiejar.py
+@@ -417,6 +417,7 @@ class CookieTests(unittest.TestCase):
+ ("http://foo.bar.com/", ".foo.bar.com", True),
+ ("http://foo.bar.com/", "foo.bar.com", True),
+ ("http://foo.bar.com/", ".bar.com", True),
++ ("http://foo.bar.com/", "bar.com", True),
+ ("http://foo.bar.com/", "com", True),
+ ("http://foo.com/", "rhubarb.foo.com", False),
+ ("http://foo.com/", ".foo.com", True),
+@@ -427,6 +428,8 @@ class CookieTests(unittest.TestCase):
+ ("http://foo/", "foo", True),
+ ("http://foo/", "foo.local", True),
+ ("http://foo/", ".local", True),
++ ("http://barfoo.com", ".foo.com", False),
++ ("http://barfoo.com", "foo.com", False),
+ ]:
+ request = urllib.request.Request(url)
+ r = pol.domain_return_ok(domain, request)
+@@ -961,6 +964,33 @@ class CookieTests(unittest.TestCase):
+ c.add_cookie_header(req)
+ self.assertFalse(req.has_header("Cookie"))
+
++ c.clear()
++
++ pol.set_blocked_domains([])
++ req = urllib.request.Request("http://acme.com/")
++ res = FakeResponse(headers, "http://acme.com/")
++ cookies = c.make_cookies(res, req)
++ c.extract_cookies(res, req)
++ self.assertEqual(len(c), 1)
++
++ req = urllib.request.Request("http://acme.com/")
++ c.add_cookie_header(req)
++ self.assertTrue(req.has_header("Cookie"))
++
++ req = urllib.request.Request("http://badacme.com/")
++ c.add_cookie_header(req)
++ self.assertFalse(pol.return_ok(cookies[0], req))
++ self.assertFalse(req.has_header("Cookie"))
++
++ p = pol.set_blocked_domains(["acme.com"])
++ req = urllib.request.Request("http://acme.com/")
++ c.add_cookie_header(req)
++ self.assertFalse(req.has_header("Cookie"))
++
++ req = urllib.request.Request("http://badacme.com/")
++ c.add_cookie_header(req)
++ self.assertFalse(req.has_header("Cookie"))
++
+ def test_secure(self):
+ for ns in True, False:
+ for whitespace in " ", "":
+diff --git a/Misc/NEWS.d/next/Security/2018-10-31-15-39-17.bpo-35121.EgHv9k.rst b/Misc/NEWS.d/next/Security/2018-10-31-15-39-17.bpo-35121.EgHv9k.rst
+new file mode 100644
+index 0000000000..d2eb8f1f35
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2018-10-31-15-39-17.bpo-35121.EgHv9k.rst
+@@ -0,0 +1,4 @@
++Don't send cookies of domain A without Domain attribute to domain B
++when domain A is a suffix match of domain B while using a cookiejar
++with :class:`http.cookiejar.DefaultCookiePolicy` policy. Patch by
++Karthikeyan Singaravelan.
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-devtools/python/python3/CVE-2019-9636.patch b/meta/recipes-devtools/python/python3/CVE-2019-9636.patch
new file mode 100644
index 0000000000..ce8eb666cf
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2019-9636.patch
@@ -0,0 +1,154 @@
+From b0305339567b64e07df87620e97e4cb99332aef6 Mon Sep 17 00:00:00 2001
+From: Steve Dower <steve.dower@microsoft.com>
+Date: Sun, 10 Mar 2019 21:59:24 -0700
+Subject: [PATCH] bpo-36216: Add check for characters in netloc that normalize
+ to separators (GH-12201) (#12223)
+
+CVE: CVE-2019-9636
+Upstream-Status: Backport
+[https://github.com/python/cpython/commit/c0d95113b070799679bcb9dc49d4960d82e8bb08]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ Doc/library/urllib.parse.rst | 18 +++++++++++++++
+ Lib/test/test_urlparse.py | 23 +++++++++++++++++++
+ Lib/urllib/parse.py | 17 ++++++++++++++
+ .../2019-03-06-09-38-40.bpo-36216.6q1m4a.rst | 3 +++
+ 4 files changed, 61 insertions(+)
+ create mode 100644 Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
+
+diff --git a/Doc/library/urllib.parse.rst b/Doc/library/urllib.parse.rst
+index 6f722a8897..a4c6b6726e 100644
+--- a/Doc/library/urllib.parse.rst
++++ b/Doc/library/urllib.parse.rst
+@@ -120,6 +120,11 @@ or on combining URL components into a URL string.
+ Unmatched square brackets in the :attr:`netloc` attribute will raise a
+ :exc:`ValueError`.
+
++ Characters in the :attr:`netloc` attribute that decompose under NFKC
++ normalization (as used by the IDNA encoding) into any of ``/``, ``?``,
++ ``#``, ``@``, or ``:`` will raise a :exc:`ValueError`. If the URL is
++ decomposed before parsing, no error will be raised.
++
+ .. versionchanged:: 3.2
+ Added IPv6 URL parsing capabilities.
+
+@@ -128,6 +133,10 @@ or on combining URL components into a URL string.
+ false), in accordance with :rfc:`3986`. Previously, a whitelist of
+ schemes that support fragments existed.
+
++ .. versionchanged:: 3.5.7
++ Characters that affect netloc parsing under NFKC normalization will
++ now raise :exc:`ValueError`.
++
+
+ .. function:: parse_qs(qs, keep_blank_values=False, strict_parsing=False, encoding='utf-8', errors='replace')
+
+@@ -236,6 +245,15 @@ or on combining URL components into a URL string.
+ Unmatched square brackets in the :attr:`netloc` attribute will raise a
+ :exc:`ValueError`.
+
++ Characters in the :attr:`netloc` attribute that decompose under NFKC
++ normalization (as used by the IDNA encoding) into any of ``/``, ``?``,
++ ``#``, ``@``, or ``:`` will raise a :exc:`ValueError`. If the URL is
++ decomposed before parsing, no error will be raised.
++
++ .. versionchanged:: 3.5.7
++ Characters that affect netloc parsing under NFKC normalization will
++ now raise :exc:`ValueError`.
++
+
+ .. function:: urlunsplit(parts)
+
+diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
+index e2cf1b7e0f..d0420b0e74 100644
+--- a/Lib/test/test_urlparse.py
++++ b/Lib/test/test_urlparse.py
+@@ -1,3 +1,5 @@
++import sys
++import unicodedata
+ import unittest
+ import urllib.parse
+
+@@ -970,6 +972,27 @@ class UrlParseTestCase(unittest.TestCase):
+ expected.append(name)
+ self.assertCountEqual(urllib.parse.__all__, expected)
+
++ def test_urlsplit_normalization(self):
++ # Certain characters should never occur in the netloc,
++ # including under normalization.
++ # Ensure that ALL of them are detected and cause an error
++ illegal_chars = '/:#?@'
++ hex_chars = {'{:04X}'.format(ord(c)) for c in illegal_chars}
++ denorm_chars = [
++ c for c in map(chr, range(128, sys.maxunicode))
++ if (hex_chars & set(unicodedata.decomposition(c).split()))
++ and c not in illegal_chars
++ ]
++ # Sanity check that we found at least one such character
++ self.assertIn('\u2100', denorm_chars)
++ self.assertIn('\uFF03', denorm_chars)
++
++ for scheme in ["http", "https", "ftp"]:
++ for c in denorm_chars:
++ url = "{}://netloc{}false.netloc/path".format(scheme, c)
++ with self.subTest(url=url, char='{:04X}'.format(ord(c))):
++ with self.assertRaises(ValueError):
++ urllib.parse.urlsplit(url)
+
+ class Utility_Tests(unittest.TestCase):
+ """Testcase to test the various utility functions in the urllib."""
+diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
+index 62e8ddf04b..7ba2b445f5 100644
+--- a/Lib/urllib/parse.py
++++ b/Lib/urllib/parse.py
+@@ -327,6 +327,21 @@ def _splitnetloc(url, start=0):
+ delim = min(delim, wdelim) # use earliest delim position
+ return url[start:delim], url[delim:] # return (domain, rest)
+
++def _checknetloc(netloc):
++ if not netloc or not any(ord(c) > 127 for c in netloc):
++ return
++ # looking for characters like \u2100 that expand to 'a/c'
++ # IDNA uses NFKC equivalence, so normalize for this check
++ import unicodedata
++ netloc2 = unicodedata.normalize('NFKC', netloc)
++ if netloc == netloc2:
++ return
++ _, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay
++ for c in '/?#@:':
++ if c in netloc2:
++ raise ValueError("netloc '" + netloc2 + "' contains invalid " +
++ "characters under NFKC normalization")
++
+ def urlsplit(url, scheme='', allow_fragments=True):
+ """Parse a URL into 5 components:
+ <scheme>://<netloc>/<path>?<query>#<fragment>
+@@ -356,6 +371,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
+ url, fragment = url.split('#', 1)
+ if '?' in url:
+ url, query = url.split('?', 1)
++ _checknetloc(netloc)
+ v = SplitResult(scheme, netloc, url, query, fragment)
+ _parse_cache[key] = v
+ return _coerce_result(v)
+@@ -379,6 +395,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
+ url, fragment = url.split('#', 1)
+ if '?' in url:
+ url, query = url.split('?', 1)
++ _checknetloc(netloc)
+ v = SplitResult(scheme, netloc, url, query, fragment)
+ _parse_cache[key] = v
+ return _coerce_result(v)
+diff --git a/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst b/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
+new file mode 100644
+index 0000000000..5546394157
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
+@@ -0,0 +1,3 @@
++Changes urlsplit() to raise ValueError when the URL contains characters that
++decompose under IDNA encoding (NFKC-normalization) into characters that
++affect how the URL is parsed.
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-devtools/python/python3/CVE-2019-9740.patch b/meta/recipes-devtools/python/python3/CVE-2019-9740.patch
new file mode 100644
index 0000000000..8370901696
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2019-9740.patch
@@ -0,0 +1,155 @@
+From afe3a4975cf93c97e5d6eb8800e48f368011d37a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
+Date: Sun, 14 Jul 2019 11:07:11 +0200
+Subject: [PATCH] bpo-30458: Disallow control chars in http URLs. (GH-12755)
+ (#13207)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Disallow control chars in http URLs in urllib.urlopen. This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.
+
+Disable https related urllib tests on a build without ssl (GH-13032)
+These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures.
+
+Use http.client.InvalidURL instead of ValueError as the new error case's exception. (GH-13044)
+
+Co-Authored-By: Miro Hrončok <miro@hroncok.cz>
+Upstream-Status: Backport[https://github.com/python/cpython/commit/afe3a4975cf93c97e5d6eb8800e48f368011d37a]
+CVE: CVE-2019-9740
+CVE: CVE-2019-9947
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ Lib/http/client.py | 16 ++++++
+ Lib/test/test_urllib.py | 55 +++++++++++++++++++
+ Lib/test/test_xmlrpc.py | 8 ++-
+ .../2019-04-10-08-53-30.bpo-30458.51E-DA.rst | 1 +
+ 4 files changed, 79 insertions(+), 1 deletion(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst
+
+diff --git a/Lib/http/client.py b/Lib/http/client.py
+index 352c1017adce..76b9be69a374 100644
+--- a/Lib/http/client.py
++++ b/Lib/http/client.py
+@@ -141,6 +141,16 @@
+ _is_legal_header_name = re.compile(rb'[^:\s][^:\r\n]*').fullmatch
+ _is_illegal_header_value = re.compile(rb'\n(?![ \t])|\r(?![ \t\n])').search
+
++# These characters are not allowed within HTTP URL paths.
++# See https://tools.ietf.org/html/rfc3986#section-3.3 and the
++# https://tools.ietf.org/html/rfc3986#appendix-A pchar definition.
++# Prevents CVE-2019-9740. Includes control characters such as \r\n.
++# We don't restrict chars above \x7f as putrequest() limits us to ASCII.
++_contains_disallowed_url_pchar_re = re.compile('[\x00-\x20\x7f]')
++# Arguably only these _should_ allowed:
++# _is_allowed_url_pchars_re = re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$")
++# We are more lenient for assumed real world compatibility purposes.
++
+ # We always set the Content-Length header for these methods because some
+ # servers will otherwise respond with a 411
+ _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'}
+@@ -978,6 +988,12 @@ def putrequest(self, method, url, skip_host=False,
+ self._method = method
+ if not url:
+ url = '/'
++ # Prevent CVE-2019-9740.
++ match = _contains_disallowed_url_pchar_re.search(url)
++ if match:
++ raise InvalidURL("URL can't contain control characters. {!r} "
++ "(found at least {!r})".format(url,
++ match.group()))
+ request = '%s %s %s' % (method, url, self._http_vsn_str)
+
+ # Non-ASCII characters should have been eliminated earlier
+diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
+index 3afb1312de32..1e2c622e29fd 100644
+--- a/Lib/test/test_urllib.py
++++ b/Lib/test/test_urllib.py
+@@ -330,6 +330,61 @@ def test_willclose(self):
+ finally:
+ self.unfakehttp()
+
++ @unittest.skipUnless(ssl, "ssl module required")
++ def test_url_with_control_char_rejected(self):
++ for char_no in list(range(0, 0x21)) + [0x7f]:
++ char = chr(char_no)
++ schemeless_url = "//localhost:7777/test{}/".format(char)
++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.")
++ try:
++ # We explicitly test urllib.request.urlopen() instead of the top
++ # level 'def urlopen()' function defined in this... (quite ugly)
++ # test suite. They use different url opening codepaths. Plain
++ # urlopen uses FancyURLOpener which goes via a codepath that
++ # calls urllib.parse.quote() on the URL which makes all of the
++ # above attempts at injection within the url _path_ safe.
++ escaped_char_repr = repr(char).replace('\\', r'\\')
++ InvalidURL = http.client.InvalidURL
++ with self.assertRaisesRegex(
++ InvalidURL,
++ "contain control.*{}".format(escaped_char_repr)):
++ urllib.request.urlopen("http:{}".format(schemeless_url))
++ with self.assertRaisesRegex(
++ InvalidURL,
++ "contain control.*{}".format(escaped_char_repr)):
++ urllib.request.urlopen("https:{}".format(schemeless_url))
++ # This code path quotes the URL so there is no injection.
++ resp = urlopen("http:{}".format(schemeless_url))
++ self.assertNotIn(char, resp.geturl())
++ finally:
++ self.unfakehttp()
++
++ @unittest.skipUnless(ssl, "ssl module required")
++ def test_url_with_newline_header_injection_rejected(self):
++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.")
++ host = "localhost:7777?a=1 HTTP/1.1\r\nX-injected: header\r\nTEST: 123"
++ schemeless_url = "//" + host + ":8080/test/?test=a"
++ try:
++ # We explicitly test urllib.request.urlopen() instead of the top
++ # level 'def urlopen()' function defined in this... (quite ugly)
++ # test suite. They use different url opening codepaths. Plain
++ # urlopen uses FancyURLOpener which goes via a codepath that
++ # calls urllib.parse.quote() on the URL which makes all of the
++ # above attempts at injection within the url _path_ safe.
++ InvalidURL = http.client.InvalidURL
++ with self.assertRaisesRegex(
++ InvalidURL, r"contain control.*\\r.*(found at least . .)"):
++ urllib.request.urlopen("http:{}".format(schemeless_url))
++ with self.assertRaisesRegex(InvalidURL, r"contain control.*\\n"):
++ urllib.request.urlopen("https:{}".format(schemeless_url))
++ # This code path quotes the URL so there is no injection.
++ resp = urlopen("http:{}".format(schemeless_url))
++ self.assertNotIn(' ', resp.geturl())
++ self.assertNotIn('\r', resp.geturl())
++ self.assertNotIn('\n', resp.geturl())
++ finally:
++ self.unfakehttp()
++
+ def test_read_0_9(self):
+ # "0.9" response accepted (but not "simple responses" without
+ # a status line)
+diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py
+index c2de057ecbfa..99e510fcee86 100644
+--- a/Lib/test/test_xmlrpc.py
++++ b/Lib/test/test_xmlrpc.py
+@@ -896,7 +896,13 @@ def test_unicode_host(self):
+ def test_partial_post(self):
+ # Check that a partial POST doesn't make the server loop: issue #14001.
+ conn = http.client.HTTPConnection(ADDR, PORT)
+- conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye')
++ conn.send('POST /RPC2 HTTP/1.0\r\n'
++ 'Content-Length: 100\r\n\r\n'
++ 'bye HTTP/1.1\r\n'
++ 'Host: {}:{}\r\n'
++ 'Accept-Encoding: identity\r\n'
++ 'Content-Length: 0\r\n\r\n'
++ .format(ADDR, PORT).encode('ascii'))
+ conn.close()
+
+ def test_context_manager(self):
+diff --git a/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst b/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst
+new file mode 100644
+index 000000000000..ed8027fb4d64
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst
+@@ -0,0 +1 @@
++Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause an http.client.InvalidURL exception to be raised.
diff --git a/meta/recipes-devtools/python/python3_3.5.6.bb b/meta/recipes-devtools/python/python3_3.5.6.bb
index 2cb65045aa..4633a3d239 100644
--- a/meta/recipes-devtools/python/python3_3.5.6.bb
+++ b/meta/recipes-devtools/python/python3_3.5.6.bb
@@ -43,6 +43,15 @@ SRC_URI += "\
file://0004-bpo-33570-TLS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976.patch \
file://0005-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-2305.patch \
file://run-ptest \
+ file://CVE-2019-9740.patch \
+ file://CVE-2018-14647.patch \
+ file://CVE-2018-20406.patch \
+ file://CVE-2018-20852.patch \
+ file://CVE-2019-9636.patch \
+ "
+
+SRC_URI_append_class-nativesdk = " \
+ file://0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch \
"
inherit multilib_header python3native update-alternatives qemu ptest
@@ -61,6 +70,7 @@ CACHED_CONFIGUREVARS = "ac_cv_have_chflags=no \
ac_cv_buggy_getaddrinfo=no \
ac_cv_file__dev_ptmx=yes \
ac_cv_file__dev_ptc=no \
+ ac_cv_working_tzset=yes \
"
TARGET_CC_ARCH += "-DNDEBUG -fno-inline"
@@ -178,7 +188,7 @@ do_install() {
}
do_install_append_class-nativesdk () {
- create_wrapper ${D}${bindir}/python${PYTHON_MAJMIN} PYTHONHOME='${prefix}' TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo' PYTHONNOUSERSITE='1'
+ create_wrapper ${D}${bindir}/python${PYTHON_MAJMIN} OEPYTHON3HOME='${prefix}' TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo' PYTHONNOUSERSITE='1'
}
SSTATE_SCAN_FILES += "Makefile"
diff --git a/meta/recipes-devtools/python/python_2.7.15.bb b/meta/recipes-devtools/python/python_2.7.16.bb
index c22c762d99..16b1744704 100644
--- a/meta/recipes-devtools/python/python_2.7.15.bb
+++ b/meta/recipes-devtools/python/python_2.7.16.bb
@@ -31,8 +31,12 @@ SRC_URI += "\
file://pass-missing-libraries-to-Extension-for-mul.patch \
file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \
file://float-endian.patch \
- file://0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch \
- file://0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch \
+ file://bpo-35907-cve-2019-9948.patch \
+ file://bpo-35907-cve-2019-9948-fix.patch \
+ file://bpo-36216-cve-2019-9636.patch \
+ file://bpo-36216-cve-2019-9636-fix.patch \
+ file://bpo-35121-cve-2018-20852.patch \
+ file://bpo-30458-cve-2019-9740.patch \
"
S = "${WORKDIR}/Python-${PV}"
@@ -41,7 +45,7 @@ inherit autotools multilib_header python-dir pythonnative ptest
CONFIGUREOPTS += " --with-system-ffi "
-EXTRA_OECONF += "ac_cv_file__dev_ptmx=yes ac_cv_file__dev_ptc=no"
+EXTRA_OECONF += "ac_cv_file__dev_ptmx=yes ac_cv_file__dev_ptc=no ac_cv_working_tzset=yes"
PACKAGECONFIG ??= "bdb"
PACKAGECONFIG[bdb] = ",,db"
diff --git a/meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch b/meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch
new file mode 100644
index 0000000000..767b200ba0
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch
@@ -0,0 +1,49 @@
+From 184943d827ce09375284e6fbb9fd5eeb9e369529 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Wed, 20 Mar 2019 16:18:41 +0000
+Subject: [PATCH] linux-user: assume __NR_gettid always exists
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The gettid syscall was introduced in Linux 2.4.11. This is old enough
+that we can assume it always exists and thus not bother with the
+conditional backcompat logic.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Laurent Vivier <laurent@vivier.eu>
+Message-Id: <20190320161842.13908-2-berrange@redhat.com>
+Signed-off-by: Laurent Vivier <laurent@vivier.eu>
+
+Upstream-Status: Backport
+dependancy patch for fix
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+---
+
+
+ linux-user/syscall.c | 8 --------
+ 1 file changed, 8 deletions(-)
+
+Index: qemu-3.0.0/linux-user/syscall.c
+===================================================================
+--- qemu-3.0.0.orig/linux-user/syscall.c
++++ qemu-3.0.0/linux-user/syscall.c
+@@ -251,15 +251,7 @@ static type name (type1 arg1,type2 arg2,
+ #define TARGET_NR__llseek TARGET_NR_llseek
+ #endif
+
+-#ifdef __NR_gettid
+ _syscall0(int, gettid)
+-#else
+-/* This is a replacement for the host gettid() and must return a host
+- errno. */
+-static int gettid(void) {
+- return -ENOSYS;
+-}
+-#endif
+
+ /* For the 64-bit guest on 32-bit host case we must emulate
+ * getdents using getdents64, because otherwise the host
diff --git a/meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch b/meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
new file mode 100644
index 0000000000..ab3b71d7c6
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
@@ -0,0 +1,95 @@
+From 71ba74f67eaca21b0cc9d96f534ad3b9a7161400 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Wed, 20 Mar 2019 16:18:42 +0000
+Subject: [PATCH] linux-user: rename gettid() to sys_gettid() to avoid clash
+ with glibc
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The glibc-2.29.9000-6.fc31.x86_64 package finally includes the gettid()
+function as part of unistd.h when __USE_GNU is defined. This clashes
+with linux-user code which unconditionally defines this function name
+itself.
+
+/home/berrange/src/virt/qemu/linux-user/syscall.c:253:16: error: static declaration of ‘gettid’ follows non-static declaration
+ 253 | _syscall0(int, gettid)
+ | ^~~~~~
+/home/berrange/src/virt/qemu/linux-user/syscall.c:184:13: note: in definition of macro ‘_syscall0’
+ 184 | static type name (void) \
+ | ^~~~
+In file included from /usr/include/unistd.h:1170,
+ from /home/berrange/src/virt/qemu/include/qemu/osdep.h:107,
+ from /home/berrange/src/virt/qemu/linux-user/syscall.c:20:
+/usr/include/bits/unistd_ext.h:34:16: note: previous declaration of ‘gettid’ was here
+ 34 | extern __pid_t gettid (void) __THROW;
+ | ^~~~~~
+ CC aarch64-linux-user/linux-user/signal.o
+make[1]: *** [/home/berrange/src/virt/qemu/rules.mak:69: linux-user/syscall.o] Error 1
+make[1]: *** Waiting for unfinished jobs....
+make: *** [Makefile:449: subdir-aarch64-linux-user] Error 2
+
+While we could make our definition conditional and rely on glibc's impl,
+this patch simply renames our definition to sys_gettid() which is a
+common pattern in this file.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Laurent Vivier <laurent@vivier.eu>
+Message-Id: <20190320161842.13908-3-berrange@redhat.com>
+Signed-off-by: Laurent Vivier <laurent@vivier.eu>
+
+Upstream-status: Backport
+
+Fixes issue found on tumbleweed-ty-1
+Yocto bug: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13577
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+---
+ linux-user/syscall.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+Index: qemu-3.0.0/linux-user/syscall.c
+===================================================================
+--- qemu-3.0.0.orig/linux-user/syscall.c
++++ qemu-3.0.0/linux-user/syscall.c
+@@ -251,7 +251,8 @@ static type name (type1 arg1,type2 arg2,
+ #define TARGET_NR__llseek TARGET_NR_llseek
+ #endif
+
+-_syscall0(int, gettid)
++#define __NR_sys_gettid __NR_gettid
++_syscall0(int, sys_gettid)
+
+ /* For the 64-bit guest on 32-bit host case we must emulate
+ * getdents using getdents64, because otherwise the host
+@@ -6483,7 +6484,7 @@ static void *clone_func(void *arg)
+ cpu = ENV_GET_CPU(env);
+ thread_cpu = cpu;
+ ts = (TaskState *)cpu->opaque;
+- info->tid = gettid();
++ info->tid = sys_gettid();
+ task_settid(ts);
+ if (info->child_tidptr)
+ put_user_u32(info->tid, info->child_tidptr);
+@@ -6628,9 +6629,9 @@ static int do_fork(CPUArchState *env, un
+ mapping. We can't repeat the spinlock hack used above because
+ the child process gets its own copy of the lock. */
+ if (flags & CLONE_CHILD_SETTID)
+- put_user_u32(gettid(), child_tidptr);
++ put_user_u32(sys_gettid(), child_tidptr);
+ if (flags & CLONE_PARENT_SETTID)
+- put_user_u32(gettid(), parent_tidptr);
++ put_user_u32(sys_gettid(), parent_tidptr);
+ ts = (TaskState *)cpu->opaque;
+ if (flags & CLONE_SETTLS)
+ cpu_set_tls (env, newtls);
+@@ -11876,7 +11877,7 @@ abi_long do_syscall(void *cpu_env, int n
+ break;
+ #endif
+ case TARGET_NR_gettid:
+- ret = get_errno(gettid());
++ ret = get_errno(sys_gettid());
+ break;
+ #ifdef TARGET_NR_readahead
+ case TARGET_NR_readahead:
diff --git a/meta/recipes-devtools/qemu/qemu/0011-linux-user-remove-host-stime-syscall.patch b/meta/recipes-devtools/qemu/qemu/0011-linux-user-remove-host-stime-syscall.patch
new file mode 100644
index 0000000000..618ebcdc81
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0011-linux-user-remove-host-stime-syscall.patch
@@ -0,0 +1,62 @@
+From 0f1f2d4596aee037d3ccbcf10592466daa54107f Mon Sep 17 00:00:00 2001
+From: Laurent Vivier <laurent@vivier.eu>
+Date: Tue, 12 Nov 2019 15:25:56 +0100
+Subject: [PATCH] linux-user: remove host stime() syscall
+
+stime() has been withdrawn from glibc
+(12cbde1dae6f "Use clock_settime to implement stime; withdraw stime.")
+
+Implement the target stime() syscall using host
+clock_settime(CLOCK_REALTIME, ...) as it is done internally in glibc.
+
+Tested qemu-ppc/x86_64 with:
+
+ #include <time.h>
+ #include <stdio.h>
+
+ int main(void)
+ {
+ time_t t;
+ int ret;
+
+ /* date -u -d"2019-11-12T15:11:00" "+%s" */
+ t = 1573571460;
+ ret = stime(&t);
+ printf("ret %d\n", ret);
+ return 0;
+ }
+
+ # date; ./stime; date
+ Tue Nov 12 14:18:32 UTC 2019
+ ret 0
+ Tue Nov 12 15:11:00 UTC 2019
+
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=0f1f2d4596aee037d3ccbcf10592466daa54107f]
+Buglink: https://bugs.launchpad.net/qemu/+bug/1852115
+Reported-by: Cole Robinson <crobinso@redhat.com>
+Signed-off-by: Laurent Vivier <laurent@vivier.eu>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-Id: <20191112142556.6335-1-laurent@vivier.eu>
+---
+ linux-user/syscall.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+Index: qemu-3.0.0/linux-user/syscall.c
+===================================================================
+--- qemu-3.0.0.orig/linux-user/syscall.c
++++ qemu-3.0.0/linux-user/syscall.c
+@@ -8520,10 +8520,11 @@ abi_long do_syscall(void *cpu_env, int n
+ #ifdef TARGET_NR_stime /* not on alpha */
+ case TARGET_NR_stime:
+ {
+- time_t host_time;
+- if (get_user_sal(host_time, arg1))
++ struct timespec ts;
++ ts.tv_nsec = 0;
++ if (get_user_sal(ts.tv_sec, arg1))
+ goto efault;
+- ret = get_errno(stime(&host_time));
++ ret = get_errno(clock_settime(CLOCK_REALTIME, &ts));
+ }
+ break;
+ #endif
diff --git a/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch b/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
index 8a9141acde..03ec2c90e1 100644
--- a/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
+++ b/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
@@ -18,11 +18,11 @@ Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
2 files changed, 29 insertions(+)
create mode 100644 custom_debug.h
-diff --git a/cpus.c b/cpus.c
-index 38eba8bff3..b84a60a4f3 100644
---- a/cpus.c
-+++ b/cpus.c
-@@ -1690,6 +1690,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
+Index: qemu-3.0.0/cpus.c
+===================================================================
+--- qemu-3.0.0.orig/cpus.c
++++ qemu-3.0.0/cpus.c
+@@ -1693,6 +1693,8 @@ static void *qemu_tcg_cpu_thread_fn(void
return NULL;
}
@@ -31,7 +31,7 @@ index 38eba8bff3..b84a60a4f3 100644
static void qemu_cpu_kick_thread(CPUState *cpu)
{
#ifndef _WIN32
-@@ -1702,6 +1704,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
+@@ -1705,6 +1707,9 @@ static void qemu_cpu_kick_thread(CPUStat
err = pthread_kill(cpu->thread->thread, SIG_IPI);
if (err) {
fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
@@ -41,11 +41,10 @@ index 38eba8bff3..b84a60a4f3 100644
exit(1);
}
#else /* _WIN32 */
-diff --git a/custom_debug.h b/custom_debug.h
-new file mode 100644
-index 0000000000..f029e45547
+Index: qemu-3.0.0/custom_debug.h
+===================================================================
--- /dev/null
-+++ b/custom_debug.h
++++ qemu-3.0.0/custom_debug.h
@@ -0,0 +1,24 @@
+#include <execinfo.h>
+#include <stdio.h>
diff --git a/meta/recipes-devtools/qemu/qemu/0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch b/meta/recipes-devtools/qemu/qemu/0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch
new file mode 100644
index 0000000000..31a7c9485d
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch
@@ -0,0 +1,336 @@
+From 8104018ba4c66e568d2583a3a0ee940851ee7471 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrangé <berrange@redhat.com>
+Date: Tue, 23 Jul 2019 17:50:00 +0200
+Subject: [PATCH] linux-user: fix to handle variably sized SIOCGSTAMP with new
+ kernels
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The SIOCGSTAMP symbol was previously defined in the
+asm-generic/sockios.h header file. QEMU sees that header
+indirectly via sys/socket.h
+
+In linux kernel commit 0768e17073dc527ccd18ed5f96ce85f9985e9115
+the asm-generic/sockios.h header no longer defines SIOCGSTAMP.
+Instead it provides only SIOCGSTAMP_OLD, which only uses a
+32-bit time_t on 32-bit architectures.
+
+The linux/sockios.h header then defines SIOCGSTAMP using
+either SIOCGSTAMP_OLD or SIOCGSTAMP_NEW as appropriate. If
+SIOCGSTAMP_NEW is used, then the tv_sec field is 64-bit even
+on 32-bit architectures
+
+To cope with this we must now convert the old and new type from
+the target to the host one.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+Signed-off-by: Laurent Vivier <laurent@vivier.eu>
+Reviewed-by: Arnd Bergmann <arnd@arndb.de>
+Message-Id: <20190718130641.15294-1-laurent@vivier.eu>
+Signed-off-by: Laurent Vivier <laurent@vivier.eu>
+Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
+---
+Uptream-status: Backport (upstream commit: 6d5d5dde9adb5acb32e6b8e3dfbf47fff0f308d2)
+
+ linux-user/ioctls.h | 21 +++++-
+ linux-user/syscall.c | 140 +++++++++++++++++++++++++++++--------
+ linux-user/syscall_defs.h | 30 +++++++-
+ linux-user/syscall_types.h | 6 --
+ 4 files changed, 159 insertions(+), 38 deletions(-)
+
+Index: qemu-3.0.0/linux-user/ioctls.h
+===================================================================
+--- qemu-3.0.0.orig/linux-user/ioctls.h
++++ qemu-3.0.0/linux-user/ioctls.h
+@@ -173,8 +173,25 @@
+ IOCTL(SIOCGRARP, IOC_R, MK_PTR(MK_STRUCT(STRUCT_arpreq)))
+ IOCTL(SIOCGIWNAME, IOC_W | IOC_R, MK_PTR(MK_STRUCT(STRUCT_char_ifreq)))
+ IOCTL(SIOCGPGRP, IOC_R, MK_PTR(TYPE_INT)) /* pid_t */
+- IOCTL(SIOCGSTAMP, IOC_R, MK_PTR(MK_STRUCT(STRUCT_timeval)))
+- IOCTL(SIOCGSTAMPNS, IOC_R, MK_PTR(MK_STRUCT(STRUCT_timespec)))
++
++ /*
++ * We can't use IOCTL_SPECIAL() because it will set
++ * host_cmd to XXX_OLD and XXX_NEW and these macros
++ * are not defined with kernel prior to 5.2.
++ * We must set host_cmd to the same value as in target_cmd
++ * otherwise the consistency check in syscall_init()
++ * will trigger an error.
++ * host_cmd is ignored by the do_ioctl_XXX() helpers.
++ * FIXME: create a macro to define this kind of entry
++ */
++ { TARGET_SIOCGSTAMP_OLD, TARGET_SIOCGSTAMP_OLD,
++ "SIOCGSTAMP_OLD", IOC_R, do_ioctl_SIOCGSTAMP },
++ { TARGET_SIOCGSTAMPNS_OLD, TARGET_SIOCGSTAMPNS_OLD,
++ "SIOCGSTAMPNS_OLD", IOC_R, do_ioctl_SIOCGSTAMPNS },
++ { TARGET_SIOCGSTAMP_NEW, TARGET_SIOCGSTAMP_NEW,
++ "SIOCGSTAMP_NEW", IOC_R, do_ioctl_SIOCGSTAMP },
++ { TARGET_SIOCGSTAMPNS_NEW, TARGET_SIOCGSTAMPNS_NEW,
++ "SIOCGSTAMPNS_NEW", IOC_R, do_ioctl_SIOCGSTAMPNS },
+
+ IOCTL(RNDGETENTCNT, IOC_R, MK_PTR(TYPE_INT))
+ IOCTL(RNDADDTOENTCNT, IOC_W, MK_PTR(TYPE_INT))
+Index: qemu-3.0.0/linux-user/syscall.c
+===================================================================
+--- qemu-3.0.0.orig/linux-user/syscall.c
++++ qemu-3.0.0/linux-user/syscall.c
+@@ -37,6 +37,7 @@
+ #include <sched.h>
+ #include <sys/timex.h>
+ #include <sys/socket.h>
++#include <linux/sockios.h>
+ #include <sys/un.h>
+ #include <sys/uio.h>
+ #include <poll.h>
+@@ -1391,8 +1392,9 @@ static inline abi_long copy_from_user_ti
+ {
+ struct target_timeval *target_tv;
+
+- if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1))
++ if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1)) {
+ return -TARGET_EFAULT;
++ }
+
+ __get_user(tv->tv_sec, &target_tv->tv_sec);
+ __get_user(tv->tv_usec, &target_tv->tv_usec);
+@@ -1407,8 +1409,26 @@ static inline abi_long copy_to_user_time
+ {
+ struct target_timeval *target_tv;
+
+- if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0))
++ if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0)) {
++ return -TARGET_EFAULT;
++ }
++
++ __put_user(tv->tv_sec, &target_tv->tv_sec);
++ __put_user(tv->tv_usec, &target_tv->tv_usec);
++
++ unlock_user_struct(target_tv, target_tv_addr, 1);
++
++ return 0;
++}
++
++static inline abi_long copy_to_user_timeval64(abi_ulong target_tv_addr,
++ const struct timeval *tv)
++{
++ struct target__kernel_sock_timeval *target_tv;
++
++ if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0)) {
+ return -TARGET_EFAULT;
++ }
+
+ __put_user(tv->tv_sec, &target_tv->tv_sec);
+ __put_user(tv->tv_usec, &target_tv->tv_usec);
+@@ -1418,6 +1438,48 @@ static inline abi_long copy_to_user_time
+ return 0;
+ }
+
++static inline abi_long target_to_host_timespec(struct timespec *host_ts,
++ abi_ulong target_addr)
++{
++ struct target_timespec *target_ts;
++
++ if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1)) {
++ return -TARGET_EFAULT;
++ }
++ __get_user(host_ts->tv_sec, &target_ts->tv_sec);
++ __get_user(host_ts->tv_nsec, &target_ts->tv_nsec);
++ unlock_user_struct(target_ts, target_addr, 0);
++ return 0;
++}
++
++static inline abi_long host_to_target_timespec(abi_ulong target_addr,
++ struct timespec *host_ts)
++{
++ struct target_timespec *target_ts;
++
++ if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) {
++ return -TARGET_EFAULT;
++ }
++ __put_user(host_ts->tv_sec, &target_ts->tv_sec);
++ __put_user(host_ts->tv_nsec, &target_ts->tv_nsec);
++ unlock_user_struct(target_ts, target_addr, 1);
++ return 0;
++}
++
++static inline abi_long host_to_target_timespec64(abi_ulong target_addr,
++ struct timespec *host_ts)
++{
++ struct target__kernel_timespec *target_ts;
++
++ if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) {
++ return -TARGET_EFAULT;
++ }
++ __put_user(host_ts->tv_sec, &target_ts->tv_sec);
++ __put_user(host_ts->tv_nsec, &target_ts->tv_nsec);
++ unlock_user_struct(target_ts, target_addr, 1);
++ return 0;
++}
++
+ static inline abi_long copy_from_user_timezone(struct timezone *tz,
+ abi_ulong target_tz_addr)
+ {
+@@ -5733,6 +5795,54 @@ static abi_long do_ioctl_kdsigaccept(con
+ return get_errno(safe_ioctl(fd, ie->host_cmd, sig));
+ }
+
++static abi_long do_ioctl_SIOCGSTAMP(const IOCTLEntry *ie, uint8_t *buf_temp,
++ int fd, int cmd, abi_long arg)
++{
++ struct timeval tv;
++ abi_long ret;
++
++ ret = get_errno(safe_ioctl(fd, SIOCGSTAMP, &tv));
++ if (is_error(ret)) {
++ return ret;
++ }
++
++ if (cmd == (int)TARGET_SIOCGSTAMP_OLD) {
++ if (copy_to_user_timeval(arg, &tv)) {
++ return -TARGET_EFAULT;
++ }
++ } else {
++ if (copy_to_user_timeval64(arg, &tv)) {
++ return -TARGET_EFAULT;
++ }
++ }
++
++ return ret;
++}
++
++static abi_long do_ioctl_SIOCGSTAMPNS(const IOCTLEntry *ie, uint8_t *buf_temp,
++ int fd, int cmd, abi_long arg)
++{
++ struct timespec ts;
++ abi_long ret;
++
++ ret = get_errno(safe_ioctl(fd, SIOCGSTAMPNS, &ts));
++ if (is_error(ret)) {
++ return ret;
++ }
++
++ if (cmd == (int)TARGET_SIOCGSTAMPNS_OLD) {
++ if (host_to_target_timespec(arg, &ts)) {
++ return -TARGET_EFAULT;
++ }
++ } else{
++ if (host_to_target_timespec64(arg, &ts)) {
++ return -TARGET_EFAULT;
++ }
++ }
++
++ return ret;
++}
++
+ #ifdef TIOCGPTPEER
+ static abi_long do_ioctl_tiocgptpeer(const IOCTLEntry *ie, uint8_t *buf_temp,
+ int fd, int cmd, abi_long arg)
+@@ -7106,32 +7216,6 @@ static inline abi_long target_ftruncate6
+ }
+ #endif
+
+-static inline abi_long target_to_host_timespec(struct timespec *host_ts,
+- abi_ulong target_addr)
+-{
+- struct target_timespec *target_ts;
+-
+- if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1))
+- return -TARGET_EFAULT;
+- __get_user(host_ts->tv_sec, &target_ts->tv_sec);
+- __get_user(host_ts->tv_nsec, &target_ts->tv_nsec);
+- unlock_user_struct(target_ts, target_addr, 0);
+- return 0;
+-}
+-
+-static inline abi_long host_to_target_timespec(abi_ulong target_addr,
+- struct timespec *host_ts)
+-{
+- struct target_timespec *target_ts;
+-
+- if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0))
+- return -TARGET_EFAULT;
+- __put_user(host_ts->tv_sec, &target_ts->tv_sec);
+- __put_user(host_ts->tv_nsec, &target_ts->tv_nsec);
+- unlock_user_struct(target_ts, target_addr, 1);
+- return 0;
+-}
+-
+ static inline abi_long target_to_host_itimerspec(struct itimerspec *host_itspec,
+ abi_ulong target_addr)
+ {
+Index: qemu-3.0.0/linux-user/syscall_defs.h
+===================================================================
+--- qemu-3.0.0.orig/linux-user/syscall_defs.h
++++ qemu-3.0.0/linux-user/syscall_defs.h
+@@ -203,16 +203,34 @@ struct target_ip_mreq_source {
+ uint32_t imr_sourceaddr;
+ };
+
++#if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
++struct target_timeval {
++ abi_long tv_sec;
++ abi_int tv_usec;
++};
++#define target__kernel_sock_timeval target_timeval
++#else
+ struct target_timeval {
+ abi_long tv_sec;
+ abi_long tv_usec;
+ };
+
++struct target__kernel_sock_timeval {
++ abi_llong tv_sec;
++ abi_llong tv_usec;
++};
++#endif
++
+ struct target_timespec {
+ abi_long tv_sec;
+ abi_long tv_nsec;
+ };
+
++struct target__kernel_timespec {
++ abi_llong tv_sec;
++ abi_llong tv_nsec;
++};
++
+ struct target_timezone {
+ abi_int tz_minuteswest;
+ abi_int tz_dsttime;
+@@ -738,8 +756,16 @@ struct target_pollfd {
+ #define TARGET_SIOCATMARK 0x8905
+ #define TARGET_SIOCGPGRP 0x8904
+ #endif
+-#define TARGET_SIOCGSTAMP 0x8906 /* Get stamp (timeval) */
+-#define TARGET_SIOCGSTAMPNS 0x8907 /* Get stamp (timespec) */
++#if defined(TARGET_SH4)
++#define TARGET_SIOCGSTAMP_OLD TARGET_IOR('s', 100, struct target_timeval)
++#define TARGET_SIOCGSTAMPNS_OLD TARGET_IOR('s', 101, struct target_timespec)
++#else
++#define TARGET_SIOCGSTAMP_OLD 0x8906
++#define TARGET_SIOCGSTAMPNS_OLD 0x8907
++#endif
++
++#define TARGET_SIOCGSTAMP_NEW TARGET_IOR(0x89, 0x06, abi_llong[2])
++#define TARGET_SIOCGSTAMPNS_NEW TARGET_IOR(0x89, 0x07, abi_llong[2])
+
+ /* Networking ioctls */
+ #define TARGET_SIOCADDRT 0x890B /* add routing table entry */
+Index: qemu-3.0.0/linux-user/syscall_types.h
+===================================================================
+--- qemu-3.0.0.orig/linux-user/syscall_types.h
++++ qemu-3.0.0/linux-user/syscall_types.h
+@@ -14,12 +14,6 @@ STRUCT(serial_icounter_struct,
+ STRUCT(sockaddr,
+ TYPE_SHORT, MK_ARRAY(TYPE_CHAR, 14))
+
+-STRUCT(timeval,
+- MK_ARRAY(TYPE_LONG, 2))
+-
+-STRUCT(timespec,
+- MK_ARRAY(TYPE_LONG, 2))
+-
+ STRUCT(rtentry,
+ TYPE_ULONG, MK_STRUCT(STRUCT_sockaddr), MK_STRUCT(STRUCT_sockaddr), MK_STRUCT(STRUCT_sockaddr),
+ TYPE_SHORT, TYPE_SHORT, TYPE_ULONG, TYPE_PTRVOID, TYPE_SHORT, TYPE_PTRVOID,
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch
index 7e1e442a41..81607c9505 100644
--- a/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch
@@ -19,7 +19,7 @@ Signed-off-by: Jason Wang <jasowang@redhat.com>
Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commitdiff
;h=fdc89e90fac40c5ca2686733df17b6423fb8d8fb#patch1]
-CVE: CVE-2018-10839
+CVE: CVE-2018-10839 CVE-2018-17958
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-16867.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-16867.patch
new file mode 100644
index 0000000000..644459e5af
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-16867.patch
@@ -0,0 +1,49 @@
+From 61f87388af0af72ad61dee00ddd267b8047049f2 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 3 Dec 2018 11:10:45 +0100
+Subject: [PATCH] usb-mtp: outlaw slashes in filenames
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Slash is unix directory separator, so they are not allowed in filenames.
+Note this also stops the classic escape via "../".
+
+Fixes: CVE-2018-16867
+Reported-by: Michael Hanselmann <public@hansmi.ch>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20181203101045.27976-3-kraxel@redhat.com
+(cherry picked from commit c52d46e041b42bb1ee6f692e00a0abe37a9659f6)
+Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
+
+Upstream-Status: Backport
+CVE: CVE-2018-16867
+Affects: < 3.1.0
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ hw/usb/dev-mtp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
+index 1ded7ac..899c8a3 100644
+--- a/hw/usb/dev-mtp.c
++++ b/hw/usb/dev-mtp.c
+@@ -1667,6 +1667,12 @@ static void usb_mtp_write_metadata(MTPState *s)
+
+ utf16_to_str(dataset->length, dataset->filename, filename);
+
++ if (strchr(filename, '/')) {
++ usb_mtp_queue_result(s, RES_PARAMETER_NOT_SUPPORTED, d->trans,
++ 0, 0, 0, 0);
++ return;
++ }
++
+ o = usb_mtp_object_lookup_name(p, filename, dataset->length);
+ if (o != NULL) {
+ next_handle = o->handle;
+--
+2.7.4
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-16872.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-16872.patch
new file mode 100644
index 0000000000..9f2c5d3ec1
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-16872.patch
@@ -0,0 +1,89 @@
+From 7347a04da35ec6284ce83e8bcd72dc4177d17b10 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Thu, 13 Dec 2018 13:25:11 +0100
+Subject: [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC.
+
+Open files and directories with O_NOFOLLOW to avoid symlinks attacks.
+While being at it also add O_CLOEXEC.
+
+usb-mtp only handles regular files and directories and ignores
+everything else, so users should not see a difference.
+
+Because qemu ignores symlinks, carrying out a successful symlink attack
+requires swapping an existing file or directory below rootdir for a
+symlink and winning the race against the inotify notification to qemu.
+
+Fixes: CVE-2018-16872
+Cc: Prasad J Pandit <ppandit@redhat.com>
+Cc: Bandan Das <bsd@redhat.com>
+Reported-by: Michael Hanselmann <public@hansmi.ch>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Michael Hanselmann <public@hansmi.ch>
+Message-id: 20181213122511.13853-1-kraxel@redhat.com
+(cherry picked from commit bab9df35ce73d1c8e19a37e2737717ea1c984dc1)
+Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
+
+Upstream-Status: Backport
+CVE: CVE-2018-16872
+Affects: < 3.1.0
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ hw/usb/dev-mtp.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
+index 899c8a3..f4223fb 100644
+--- a/hw/usb/dev-mtp.c
++++ b/hw/usb/dev-mtp.c
+@@ -649,13 +649,18 @@ static void usb_mtp_object_readdir(MTPState *s, MTPObject *o)
+ {
+ struct dirent *entry;
+ DIR *dir;
++ int fd;
+
+ if (o->have_children) {
+ return;
+ }
+ o->have_children = true;
+
+- dir = opendir(o->path);
++ fd = open(o->path, O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
++ if (fd < 0) {
++ return;
++ }
++ dir = fdopendir(fd);
+ if (!dir) {
+ return;
+ }
+@@ -1003,7 +1008,7 @@ static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c,
+
+ trace_usb_mtp_op_get_object(s->dev.addr, o->handle, o->path);
+
+- d->fd = open(o->path, O_RDONLY);
++ d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
+ if (d->fd == -1) {
+ usb_mtp_data_free(d);
+ return NULL;
+@@ -1027,7 +1032,7 @@ static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c,
+ c->argv[1], c->argv[2]);
+
+ d = usb_mtp_data_alloc(c);
+- d->fd = open(o->path, O_RDONLY);
++ d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
+ if (d->fd == -1) {
+ usb_mtp_data_free(d);
+ return NULL;
+@@ -1608,7 +1613,7 @@ static void usb_mtp_write_data(MTPState *s)
+ 0, 0, 0, 0);
+ goto done;
+ }
+- d->fd = open(path, O_CREAT | O_WRONLY, mask);
++ d->fd = open(path, O_CREAT | O_WRONLY | O_CLOEXEC | O_NOFOLLOW, mask);
+ if (d->fd == -1) {
+ usb_mtp_queue_result(s, RES_STORE_FULL, d->trans,
+ 0, 0, 0, 0);
+--
+2.7.4
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch
deleted file mode 100644
index af40ff275a..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 06e88ca78d056ea4de885e3a1496805179dc47bc Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Mon, 15 Oct 2018 16:33:04 +0800
-Subject: [PATCH] ne2000: fix possible out of bound access in ne2000_receive
-
-In ne2000_receive(), we try to assign size_ to size which converts
-from size_t to integer. This will cause troubles when size_ is greater
-INT_MAX, this will lead a negative value in size and it can then pass
-the check of size < MIN_BUF_SIZE which may lead out of bound access of
-for both buf and buf1.
-
-Fixing by converting the type of size to size_t.
-
-CC: address@hidden
-Reported-by: Daniel Shapira <address@hidden>
-Reviewed-by: Michael S. Tsirkin <address@hidden>
-Signed-off-by: Jason Wang <address@hidden>
-
-Upstream-Status: Backport [https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html]
-
-CVE: CVE-2018-17958
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- hw/net/ne2000.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
-index 07d79e3..869518e 100644
---- a/hw/net/ne2000.c
-+++ b/hw/net/ne2000.c
-@@ -174,7 +174,7 @@ static int ne2000_buffer_full(NE2000State *s)
- ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
- {
- NE2000State *s = qemu_get_nic_opaque(nc);
-- int size = size_;
-+ size_t size = size_;
- uint8_t *p;
- unsigned int total_len, next, avail, len, index, mcast_idx;
- uint8_t buf1[60];
-@@ -182,7 +182,7 @@ ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
- { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
-
- #if defined(DEBUG_NE2000)
-- printf("NE2000: received len=%d\n", size);
-+ printf("NE2000: received len=%zu\n", size);
- #endif
-
- if (s->cmd & E8390_STOP || ne2000_buffer_full(s))
---
-2.7.4
-
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-18849.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-18849.patch
new file mode 100644
index 0000000000..b632512e8b
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-18849.patch
@@ -0,0 +1,86 @@
+From bd6dd4eaa6f7fe0c4d797d4e59803d295313b7a7 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Sat, 27 Oct 2018 01:13:14 +0530
+Subject: [PATCH] lsi53c895a: check message length value is valid
+
+While writing a message in 'lsi_do_msgin', message length value
+in 'msg_len' could be invalid due to an invalid migration stream.
+Add an assertion to avoid an out of bounds access, and reject
+the incoming migration data if it contains an invalid message
+length.
+
+Discovered by Deja vu Security. Reported by Oracle.
+
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-Id: <20181026194314.18663-1-ppandit@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit e58ccf039650065a9442de43c9816f81e88f27f6)
+*CVE-2018-18849
+*avoid context dep. on c921370b22c
+Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
+
+Upstream-Status: Backport
+Affects: < 3.1.0
+CVE: CVE-2018-18849
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ hw/scsi/lsi53c895a.c | 19 +++++++++++++++++--
+ 1 file changed, 17 insertions(+), 2 deletions(-)
+
+diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
+index 160657f..3758635 100644
+--- a/hw/scsi/lsi53c895a.c
++++ b/hw/scsi/lsi53c895a.c
+@@ -865,10 +865,11 @@ static void lsi_do_status(LSIState *s)
+
+ static void lsi_do_msgin(LSIState *s)
+ {
+- int len;
++ uint8_t len;
+ DPRINTF("Message in len=%d/%d\n", s->dbc, s->msg_len);
+ s->sfbr = s->msg[0];
+ len = s->msg_len;
++ assert(len > 0 && len <= LSI_MAX_MSGIN_LEN);
+ if (len > s->dbc)
+ len = s->dbc;
+ pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len);
+@@ -1703,8 +1704,10 @@ static uint8_t lsi_reg_readb(LSIState *s, int offset)
+ break;
+ case 0x58: /* SBDL */
+ /* Some drivers peek at the data bus during the MSG IN phase. */
+- if ((s->sstat1 & PHASE_MASK) == PHASE_MI)
++ if ((s->sstat1 & PHASE_MASK) == PHASE_MI) {
++ assert(s->msg_len > 0);
+ return s->msg[0];
++ }
+ ret = 0;
+ break;
+ case 0x59: /* SBDL high */
+@@ -2096,11 +2099,23 @@ static int lsi_pre_save(void *opaque)
+ return 0;
+ }
+
++static int lsi_post_load(void *opaque, int version_id)
++{
++ LSIState *s = opaque;
++
++ if (s->msg_len < 0 || s->msg_len > LSI_MAX_MSGIN_LEN) {
++ return -EINVAL;
++ }
++
++ return 0;
++}
++
+ static const VMStateDescription vmstate_lsi_scsi = {
+ .name = "lsiscsi",
+ .version_id = 0,
+ .minimum_version_id = 0,
+ .pre_save = lsi_pre_save,
++ .post_load = lsi_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(parent_obj, LSIState),
+
+--
+2.7.4
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-18954.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-18954.patch
new file mode 100644
index 0000000000..9fe136455f
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-18954.patch
@@ -0,0 +1,50 @@
+From 3c9fd43da473a324f6cc7a0d3db58f651a2d262c Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Fri, 26 Oct 2018 18:03:58 +0530
+Subject: [PATCH] ppc/pnv: check size before data buffer access
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+While performing PowerNV memory r/w operations, the access length
+'sz' could exceed the data[4] buffer size. Add check to avoid OOB
+access.
+
+Reported-by: Moguofang <moguofang@huawei.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Cédric Le Goater <clg@kaod.org>
+Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
+
+CVE: CVE-2018-18954
+Upstream-Status: Backport
+[https://git.qemu.org/?p=qemu.git;a=commit;h=d07945e78eb6b593cd17a4640c1fc9eb35e3245d]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ hw/ppc/pnv_lpc.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/hw/ppc/pnv_lpc.c b/hw/ppc/pnv_lpc.c
+index d7721320a2..172a915cfc 100644
+--- a/hw/ppc/pnv_lpc.c
++++ b/hw/ppc/pnv_lpc.c
+@@ -155,9 +155,15 @@ static void pnv_lpc_do_eccb(PnvLpcController *lpc, uint64_t cmd)
+ /* XXX Check for magic bits at the top, addr size etc... */
+ unsigned int sz = (cmd & ECCB_CTL_SZ_MASK) >> ECCB_CTL_SZ_LSH;
+ uint32_t opb_addr = cmd & ECCB_CTL_ADDR_MASK;
+- uint8_t data[4];
++ uint8_t data[8];
+ bool success;
+
++ if (sz > sizeof(data)) {
++ qemu_log_mask(LOG_GUEST_ERROR,
++ "ECCB: invalid operation at @0x%08x size %d\n", opb_addr, sz);
++ return;
++ }
++
+ if (cmd & ECCB_CTL_READ) {
+ success = opb_read(lpc, opb_addr, data, sz);
+ if (success) {
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-19364_p1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-19364_p1.patch
new file mode 100644
index 0000000000..1d77af4e83
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-19364_p1.patch
@@ -0,0 +1,51 @@
+From 5b76ef50f62079a2389ba28cacaf6cce68b1a0ed Mon Sep 17 00:00:00 2001
+From: Greg Kurz <groug@kaod.org>
+Date: Wed, 7 Nov 2018 01:00:04 +0100
+Subject: [PATCH] 9p: write lock path in v9fs_co_open2()
+
+The assumption that the fid cannot be used by any other operation is
+wrong. At least, nothing prevents a misbehaving client to create a
+file with a given fid, and to pass this fid to some other operation
+at the same time (ie, without waiting for the response to the creation
+request). The call to v9fs_path_copy() performed by the worker thread
+after the file was created can race with any access to the fid path
+performed by some other thread. This causes use-after-free issues that
+can be detected by ASAN with a custom 9p client.
+
+Unlike other operations that only read the fid path, v9fs_co_open2()
+does modify it. It should hence take the write lock.
+
+Cc: P J P <ppandit@redhat.com>
+Reported-by: zhibin hu <noirfate@gmail.com>
+Signed-off-by: Greg Kurz <groug@kaod.org>
+
+Upstream-status: Backport
+Affects: < 3.1.0
+CVE: CVE-2018-19364 patch #1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ hw/9pfs/cofile.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/hw/9pfs/cofile.c b/hw/9pfs/cofile.c
+index 88791bc..9c22837 100644
+--- a/hw/9pfs/cofile.c
++++ b/hw/9pfs/cofile.c
+@@ -140,10 +140,10 @@ int coroutine_fn v9fs_co_open2(V9fsPDU *pdu, V9fsFidState *fidp,
+ cred.fc_gid = gid;
+ /*
+ * Hold the directory fid lock so that directory path name
+- * don't change. Read lock is fine because this fid cannot
+- * be used by any other operation.
++ * don't change. Take the write lock to be sure this fid
++ * cannot be used by another operation.
+ */
+- v9fs_path_read_lock(s);
++ v9fs_path_write_lock(s);
+ v9fs_co_run_in_worker(
+ {
+ err = s->ops->open2(&s->ctx, &fidp->path,
+--
+2.7.4
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-19364_p2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-19364_p2.patch
new file mode 100644
index 0000000000..b8d094c0b4
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-19364_p2.patch
@@ -0,0 +1,115 @@
+From 5b3c77aa581ebb215125c84b0742119483571e55 Mon Sep 17 00:00:00 2001
+From: Greg Kurz <groug@kaod.org>
+Date: Tue, 20 Nov 2018 13:00:35 +0100
+Subject: [PATCH] 9p: take write lock on fid path updates (CVE-2018-19364)
+
+Recent commit 5b76ef50f62079a fixed a race where v9fs_co_open2() could
+possibly overwrite a fid path with v9fs_path_copy() while it is being
+accessed by some other thread, ie, use-after-free that can be detected
+by ASAN with a custom 9p client.
+
+It turns out that the same can happen at several locations where
+v9fs_path_copy() is used to set the fid path. The fix is again to
+take the write lock.
+
+Fixes CVE-2018-19364.
+
+Cc: P J P <ppandit@redhat.com>
+Reported-by: zhibin hu <noirfate@gmail.com>
+Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Greg Kurz <groug@kaod.org>
+
+Upstream-status: Backport
+Affects: < 3.1.0
+CVE: CVE-2018-19364 patch #2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ hw/9pfs/9p.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index eef289e..267a255 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -1391,7 +1391,9 @@ static void coroutine_fn v9fs_walk(void *opaque)
+ err = -EINVAL;
+ goto out;
+ }
++ v9fs_path_write_lock(s);
+ v9fs_path_copy(&fidp->path, &path);
++ v9fs_path_unlock(s);
+ } else {
+ newfidp = alloc_fid(s, newfid);
+ if (newfidp == NULL) {
+@@ -2160,6 +2162,7 @@ static void coroutine_fn v9fs_create(void *opaque)
+ V9fsString extension;
+ int iounit;
+ V9fsPDU *pdu = opaque;
++ V9fsState *s = pdu->s;
+
+ v9fs_path_init(&path);
+ v9fs_string_init(&name);
+@@ -2200,7 +2203,9 @@ static void coroutine_fn v9fs_create(void *opaque)
+ if (err < 0) {
+ goto out;
+ }
++ v9fs_path_write_lock(s);
+ v9fs_path_copy(&fidp->path, &path);
++ v9fs_path_unlock(s);
+ err = v9fs_co_opendir(pdu, fidp);
+ if (err < 0) {
+ goto out;
+@@ -2216,7 +2221,9 @@ static void coroutine_fn v9fs_create(void *opaque)
+ if (err < 0) {
+ goto out;
+ }
++ v9fs_path_write_lock(s);
+ v9fs_path_copy(&fidp->path, &path);
++ v9fs_path_unlock(s);
+ } else if (perm & P9_STAT_MODE_LINK) {
+ int32_t ofid = atoi(extension.data);
+ V9fsFidState *ofidp = get_fid(pdu, ofid);
+@@ -2234,7 +2241,9 @@ static void coroutine_fn v9fs_create(void *opaque)
+ fidp->fid_type = P9_FID_NONE;
+ goto out;
+ }
++ v9fs_path_write_lock(s);
+ v9fs_path_copy(&fidp->path, &path);
++ v9fs_path_unlock(s);
+ err = v9fs_co_lstat(pdu, &fidp->path, &stbuf);
+ if (err < 0) {
+ fidp->fid_type = P9_FID_NONE;
+@@ -2272,7 +2281,9 @@ static void coroutine_fn v9fs_create(void *opaque)
+ if (err < 0) {
+ goto out;
+ }
++ v9fs_path_write_lock(s);
+ v9fs_path_copy(&fidp->path, &path);
++ v9fs_path_unlock(s);
+ } else if (perm & P9_STAT_MODE_NAMED_PIPE) {
+ err = v9fs_co_mknod(pdu, fidp, &name, fidp->uid, -1,
+ 0, S_IFIFO | (perm & 0777), &stbuf);
+@@ -2283,7 +2294,9 @@ static void coroutine_fn v9fs_create(void *opaque)
+ if (err < 0) {
+ goto out;
+ }
++ v9fs_path_write_lock(s);
+ v9fs_path_copy(&fidp->path, &path);
++ v9fs_path_unlock(s);
+ } else if (perm & P9_STAT_MODE_SOCKET) {
+ err = v9fs_co_mknod(pdu, fidp, &name, fidp->uid, -1,
+ 0, S_IFSOCK | (perm & 0777), &stbuf);
+@@ -2294,7 +2307,9 @@ static void coroutine_fn v9fs_create(void *opaque)
+ if (err < 0) {
+ goto out;
+ }
++ v9fs_path_write_lock(s);
+ v9fs_path_copy(&fidp->path, &path);
++ v9fs_path_unlock(s);
+ } else {
+ err = v9fs_co_open2(pdu, fidp, &name, -1,
+ omode_to_uflags(mode)|O_CREAT, perm, &stbuf);
+--
+2.7.4
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-19489.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-19489.patch
new file mode 100644
index 0000000000..7619e2a8ca
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-19489.patch
@@ -0,0 +1,83 @@
+From 1d20398694a3b67a388d955b7a945ba4aa90a8a8 Mon Sep 17 00:00:00 2001
+From: Greg Kurz <groug@kaod.org>
+Date: Fri, 23 Nov 2018 13:28:03 +0100
+Subject: [PATCH] 9p: fix QEMU crash when renaming files
+
+When using the 9P2000.u version of the protocol, the following shell
+command line in the guest can cause QEMU to crash:
+
+ while true; do rm -rf aa; mkdir -p a/b & touch a/b/c & mv a aa; done
+
+With 9P2000.u, file renaming is handled by the WSTAT command. The
+v9fs_wstat() function calls v9fs_complete_rename(), which calls
+v9fs_fix_path() for every fid whose path is affected by the change.
+The involved calls to v9fs_path_copy() may race with any other access
+to the fid path performed by some worker thread, causing a crash like
+shown below:
+
+Thread 12 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
+0x0000555555a25da2 in local_open_nofollow (fs_ctx=0x555557d958b8, path=0x0,
+ flags=65536, mode=0) at hw/9pfs/9p-local.c:59
+59 while (*path && fd != -1) {
+(gdb) bt
+#0 0x0000555555a25da2 in local_open_nofollow (fs_ctx=0x555557d958b8,
+ path=0x0, flags=65536, mode=0) at hw/9pfs/9p-local.c:59
+#1 0x0000555555a25e0c in local_opendir_nofollow (fs_ctx=0x555557d958b8,
+ path=0x0) at hw/9pfs/9p-local.c:92
+#2 0x0000555555a261b8 in local_lstat (fs_ctx=0x555557d958b8,
+ fs_path=0x555556b56858, stbuf=0x7fff84830ef0) at hw/9pfs/9p-local.c:185
+#3 0x0000555555a2b367 in v9fs_co_lstat (pdu=0x555557d97498,
+ path=0x555556b56858, stbuf=0x7fff84830ef0) at hw/9pfs/cofile.c:53
+#4 0x0000555555a1e9e2 in v9fs_stat (opaque=0x555557d97498)
+ at hw/9pfs/9p.c:1083
+#5 0x0000555555e060a2 in coroutine_trampoline (i0=-669165424, i1=32767)
+ at util/coroutine-ucontext.c:116
+#6 0x00007fffef4f5600 in __start_context () at /lib64/libc.so.6
+#7 0x0000000000000000 in ()
+(gdb)
+
+The fix is to take the path write lock when calling v9fs_complete_rename(),
+like in v9fs_rename().
+
+Impact: DoS triggered by unprivileged guest users.
+
+Fixes: CVE-2018-19489
+Cc: P J P <ppandit@redhat.com>
+Reported-by: zhibin hu <noirfate@gmail.com>
+Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Greg Kurz <groug@kaod.org>
+
+Upstream-Status: Backport
+Affects: < 4.0.0
+CVE: CVE-2018-19489
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ hw/9pfs/9p.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index 267a255..bdf7919 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -2855,6 +2855,7 @@ static void coroutine_fn v9fs_wstat(void *opaque)
+ struct stat stbuf;
+ V9fsFidState *fidp;
+ V9fsPDU *pdu = opaque;
++ V9fsState *s = pdu->s;
+
+ v9fs_stat_init(&v9stat);
+ err = pdu_unmarshal(pdu, offset, "dwS", &fid, &unused, &v9stat);
+@@ -2920,7 +2921,9 @@ static void coroutine_fn v9fs_wstat(void *opaque)
+ }
+ }
+ if (v9stat.name.size != 0) {
++ v9fs_path_write_lock(s);
+ err = v9fs_complete_rename(pdu, fidp, -1, &v9stat.name);
++ v9fs_path_unlock(s);
+ if (err < 0) {
+ goto out;
+ }
+--
+2.7.4
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p1.patch
new file mode 100644
index 0000000000..c3a5981488
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p1.patch
@@ -0,0 +1,42 @@
+From da885fe1ee8b4589047484bd7fa05a4905b52b17 Mon Sep 17 00:00:00 2001
+From: Peter Maydell <peter.maydell@linaro.org>
+Date: Fri, 14 Dec 2018 13:30:52 +0000
+Subject: [PATCH] device_tree.c: Don't use load_image()
+
+The load_image() function is deprecated, as it does not let the
+caller specify how large the buffer to read the file into is.
+Instead use load_image_size().
+
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Message-id: 20181130151712.2312-9-peter.maydell@linaro.org
+
+Upstream-Status: Backport
+CVE: CVE-2018-20815
+affects <= 3.0.1
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ device_tree.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/device_tree.c b/device_tree.c
+index 6d9c972..296278e 100644
+--- a/device_tree.c
++++ b/device_tree.c
+@@ -91,7 +91,7 @@ void *load_device_tree(const char *filename_path, int *sizep)
+ /* First allocate space in qemu for device tree */
+ fdt = g_malloc0(dt_size);
+
+- dt_file_load_size = load_image(filename_path, fdt);
++ dt_file_load_size = load_image_size(filename_path, fdt, dt_size);
+ if (dt_file_load_size < 0) {
+ error_report("Unable to open device tree file '%s'",
+ filename_path);
+--
+2.7.4
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p2.patch
new file mode 100644
index 0000000000..d01e874473
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p2.patch
@@ -0,0 +1,52 @@
+From 065e6298a75164b4347682b63381dbe752c2b156 Mon Sep 17 00:00:00 2001
+From: Markus Armbruster <armbru@redhat.com>
+Date: Tue, 9 Apr 2019 19:40:18 +0200
+Subject: [PATCH] device_tree: Fix integer overflowing in load_device_tree()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If the value of get_image_size() exceeds INT_MAX / 2 - 10000, the
+computation of @dt_size overflows to a negative number, which then
+gets converted to a very large size_t for g_malloc0() and
+load_image_size(). In the (fortunately improbable) case g_malloc0()
+succeeds and load_image_size() survives, we'd assign the negative
+number to *sizep. What that would do to the callers I can't say, but
+it's unlikely to be good.
+
+Fix by rejecting images whose size would overflow.
+
+Reported-by: Kurtis Miller <kurtis.miller@nccgroup.com>
+Signed-off-by: Markus Armbruster <armbru@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
+Message-Id: <20190409174018.25798-1-armbru@redhat.com>
+
+Upstream-Status: Backport
+CVE: CVE-2018-20815
+affects <= 3.0.1
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ device_tree.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/device_tree.c b/device_tree.c
+index 296278e..f8b46b3 100644
+--- a/device_tree.c
++++ b/device_tree.c
+@@ -84,6 +84,10 @@ void *load_device_tree(const char *filename_path, int *sizep)
+ filename_path);
+ goto fail;
+ }
++ if (dt_size > INT_MAX / 2 - 10000) {
++ error_report("Device tree file '%s' is too large", filename_path);
++ goto fail;
++ }
+
+ /* Expand to 2x size to give enough room for manipulation. */
+ dt_size += 10000;
+--
+2.7.4
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch
new file mode 100644
index 0000000000..8a5ece51f6
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch
@@ -0,0 +1,38 @@
+From d52680fc932efb8a2f334cc6993e705ed1e31e99 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 25 Apr 2019 12:05:34 +0530
+Subject: [PATCH] qxl: check release info object
+
+When releasing spice resources in release_resource() routine,
+if release info object 'ext.info' is null, it leads to null
+pointer dereference. Add check to avoid it.
+
+Reported-by: Bugs SysSec <bugs-syssec@rub.de>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 20190425063534.32747-1-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+Upstream-Status: Backport
+https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
+
+CVE: CVE-2019-12155
+Affects: <= 4.0.0
+Signed-off-by: Armin Kuster <akuster@mvistra.com>
+---
+ hw/display/qxl.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: qemu-3.0.0/hw/display/qxl.c
+===================================================================
+--- qemu-3.0.0.orig/hw/display/qxl.c
++++ qemu-3.0.0/hw/display/qxl.c
+@@ -764,6 +764,9 @@ static void interface_release_resource(Q
+ QXLReleaseRing *ring;
+ uint64_t *item, id;
+
++ if (!ext.info) {
++ return;
++ }
+ if (ext.group_id == MEMSLOT_GROUP_HOST) {
+ /* host group -> vga mode update request */
+ QXLCommandExt *cmdext = (void *)(intptr_t)(ext.info->id);
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
new file mode 100644
index 0000000000..0e11ad288c
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
@@ -0,0 +1,39 @@
+From b664d9d003d1a98642dcfb8e6fceef6dbf3d52d8 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 8 Jan 2019 11:23:01 +0100
+Subject: [PATCH] i2c-ddc: fix oob read
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Suggested-by: Michael Hanselmann <public@hansmi.ch>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Michael Hanselmann <public@hansmi.ch>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20190108102301.1957-1-kraxel@redhat.com
+
+CVE: CVE-2019-3812
+Upstream-Status: Backport
+[https://git.qemu.org/?p=qemu.git;a=commit;h=b05b267840515730dbf6753495d5b7bd8b04ad1c]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ hw/i2c/i2c-ddc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c
+index bec0c91e2d..89e659288e 100644
+--- a/hw/i2c/i2c-ddc.c
++++ b/hw/i2c/i2c-ddc.c
+@@ -247,7 +247,7 @@ static int i2c_ddc_rx(I2CSlave *i2c)
+ I2CDDCState *s = I2CDDC(i2c);
+
+ int value;
+- value = s->edid_blob[s->reg];
++ value = s->edid_blob[s->reg % sizeof(s->edid_blob)];
+ s->reg++;
+ return value;
+ }
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-6778.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-6778.patch
new file mode 100644
index 0000000000..5b14596042
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-6778.patch
@@ -0,0 +1,41 @@
+From b6c0fa3b435375918714e107b22de2ef13a41c26 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Sun, 13 Jan 2019 23:29:48 +0530
+Subject: [PATCH] slirp: check data length while emulating ident function
+
+While emulating identification protocol, tcp_emu() does not check
+available space in the 'sc_rcv->sb_data' buffer. It could lead to
+heap buffer overflow issue. Add check to avoid it.
+
+Reported-by: Kira <864786842@qq.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
+
+CVE: CVE-2019-6778
+Upstream-Status: Backport
+[https://git.qemu.org/?p=qemu.git;a=commit;h=a7104eda7dab99d0cdbd3595c211864cba415905]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ slirp/tcp_subr.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
+index 8d0f94b75f..7277aadfdf 100644
+--- a/slirp/tcp_subr.c
++++ b/slirp/tcp_subr.c
+@@ -640,6 +640,11 @@ tcp_emu(struct socket *so, struct mbuf *m)
+ socklen_t addrlen = sizeof(struct sockaddr_in);
+ struct sbuf *so_rcv = &so->so_rcv;
+
++ if (m->m_len > so_rcv->sb_datalen
++ - (so_rcv->sb_wptr - so_rcv->sb_data)) {
++ return 1;
++ }
++
+ memcpy(so_rcv->sb_wptr, m->m_data, m->m_len);
+ so_rcv->sb_wptr += m->m_len;
+ so_rcv->sb_rptr += m->m_len;
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch
new file mode 100644
index 0000000000..db3201c505
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch
@@ -0,0 +1,215 @@
+From 13e153f01b4f2a3e199202b34a247d83c176f21a Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Mon, 18 Feb 2019 23:43:49 +0530
+Subject: [PATCH] ppc: add host-serial and host-model machine attributes
+ (CVE-2019-8934)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On ppc hosts, hypervisor shares following system attributes
+
+ - /proc/device-tree/system-id
+ - /proc/device-tree/model
+
+with a guest. This could lead to information leakage and misuse.[*]
+Add machine attributes to control such system information exposure
+to a guest.
+
+[*] https://wiki.openstack.org/wiki/OSSN/OSSN-0028
+
+Reported-by: Daniel P. Berrangé <berrange@redhat.com>
+Fix-suggested-by: Daniel P. Berrangé <berrange@redhat.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-Id: <20190218181349.23885-1-ppandit@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Reviewed-by: Greg Kurz <groug@kaod.org>
+Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
+
+CVE: CVE-2019-8934
+Upstream-Status: Backport
+[https://github.com/qemu/qemu/commit/27461d69a0f108dea756419251acc3ea65198f1b]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ hw/ppc/spapr.c | 128 ++++++++++++++++++++++++++++++++++++++---
+ include/hw/ppc/spapr.h | 2 +
+ 2 files changed, 123 insertions(+), 7 deletions(-)
+
+diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
+index 421b2dd09b..069d678ee0 100644
+--- a/hw/ppc/spapr.c
++++ b/hw/ppc/spapr.c
+@@ -1266,13 +1266,30 @@ static void *spapr_build_fdt(sPAPRMachineState *spapr,
+ * Add info to guest to indentify which host is it being run on
+ * and what is the uuid of the guest
+ */
+- if (kvmppc_get_host_model(&buf)) {
+- _FDT(fdt_setprop_string(fdt, 0, "host-model", buf));
+- g_free(buf);
++ if (spapr->host_model && !g_str_equal(spapr->host_model, "none")) {
++ if (g_str_equal(spapr->host_model, "passthrough")) {
++ /* -M host-model=passthrough */
++ if (kvmppc_get_host_model(&buf)) {
++ _FDT(fdt_setprop_string(fdt, 0, "host-model", buf));
++ g_free(buf);
++ }
++ } else {
++ /* -M host-model=<user-string> */
++ _FDT(fdt_setprop_string(fdt, 0, "host-model", spapr->host_model));
++ }
+ }
+- if (kvmppc_get_host_serial(&buf)) {
+- _FDT(fdt_setprop_string(fdt, 0, "host-serial", buf));
+- g_free(buf);
++
++ if (spapr->host_serial && !g_str_equal(spapr->host_serial, "none")) {
++ if (g_str_equal(spapr->host_serial, "passthrough")) {
++ /* -M host-serial=passthrough */
++ if (kvmppc_get_host_serial(&buf)) {
++ _FDT(fdt_setprop_string(fdt, 0, "host-serial", buf));
++ g_free(buf);
++ }
++ } else {
++ /* -M host-serial=<user-string> */
++ _FDT(fdt_setprop_string(fdt, 0, "host-serial", spapr->host_serial));
++ }
+ }
+
+ buf = qemu_uuid_unparse_strdup(&qemu_uuid);
+@@ -3027,6 +3044,73 @@ static void spapr_set_vsmt(Object *obj, Visitor *v, const char *name,
+ visit_type_uint32(v, name, (uint32_t *)opaque, errp);
+ }
+
++static char *spapr_get_ic_mode(Object *obj, Error **errp)
++{
++ sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
++
++ if (spapr->irq == &spapr_irq_xics_legacy) {
++ return g_strdup("legacy");
++ } else if (spapr->irq == &spapr_irq_xics) {
++ return g_strdup("xics");
++ } else if (spapr->irq == &spapr_irq_xive) {
++ return g_strdup("xive");
++ } else if (spapr->irq == &spapr_irq_dual) {
++ return g_strdup("dual");
++ }
++ g_assert_not_reached();
++}
++
++static void spapr_set_ic_mode(Object *obj, const char *value, Error **errp)
++{
++ sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
++
++ if (SPAPR_MACHINE_GET_CLASS(spapr)->legacy_irq_allocation) {
++ error_setg(errp, "This machine only uses the legacy XICS backend, don't pass ic-mode");
++ return;
++ }
++
++ /* The legacy IRQ backend can not be set */
++ if (strcmp(value, "xics") == 0) {
++ spapr->irq = &spapr_irq_xics;
++ } else if (strcmp(value, "xive") == 0) {
++ spapr->irq = &spapr_irq_xive;
++ } else if (strcmp(value, "dual") == 0) {
++ spapr->irq = &spapr_irq_dual;
++ } else {
++ error_setg(errp, "Bad value for \"ic-mode\" property");
++ }
++}
++
++static char *spapr_get_host_model(Object *obj, Error **errp)
++{
++ sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
++
++ return g_strdup(spapr->host_model);
++}
++
++static void spapr_set_host_model(Object *obj, const char *value, Error **errp)
++{
++ sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
++
++ g_free(spapr->host_model);
++ spapr->host_model = g_strdup(value);
++}
++
++static char *spapr_get_host_serial(Object *obj, Error **errp)
++{
++ sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
++
++ return g_strdup(spapr->host_serial);
++}
++
++static void spapr_set_host_serial(Object *obj, const char *value, Error **errp)
++{
++ sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
++
++ g_free(spapr->host_serial);
++ spapr->host_serial = g_strdup(value);
++}
++
+ static void spapr_instance_init(Object *obj)
+ {
+ sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
+@@ -3063,6 +3147,25 @@ static void spapr_instance_init(Object *obj)
+ " the host's SMT mode", &error_abort);
+ object_property_add_bool(obj, "vfio-no-msix-emulation",
+ spapr_get_msix_emulation, NULL, NULL);
++
++ /* The machine class defines the default interrupt controller mode */
++ spapr->irq = smc->irq;
++ object_property_add_str(obj, "ic-mode", spapr_get_ic_mode,
++ spapr_set_ic_mode, NULL);
++ object_property_set_description(obj, "ic-mode",
++ "Specifies the interrupt controller mode (xics, xive, dual)",
++ NULL);
++
++ object_property_add_str(obj, "host-model",
++ spapr_get_host_model, spapr_set_host_model,
++ &error_abort);
++ object_property_set_description(obj, "host-model",
++ "Set host's model-id to use - none|passthrough|string", &error_abort);
++ object_property_add_str(obj, "host-serial",
++ spapr_get_host_serial, spapr_set_host_serial,
++ &error_abort);
++ object_property_set_description(obj, "host-serial",
++ "Set host's system-id to use - none|passthrough|string", &error_abort);
+ }
+
+ static void spapr_machine_finalizefn(Object *obj)
+@@ -4067,7 +4170,18 @@ static void spapr_machine_3_0_instance_options(MachineState *machine)
+
+ static void spapr_machine_3_0_class_options(MachineClass *mc)
+ {
+- /* Defaults for the latest behaviour inherited from the base class */
++ sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
++ static GlobalProperty compat[] = {
++ { TYPE_SPAPR_MACHINE, "host-model", "passthrough" },
++ { TYPE_SPAPR_MACHINE, "host-serial", "passthrough" },
++ };
++
++ spapr_machine_4_0_class_options(mc);
++ compat_props_add(mc->compat_props, hw_compat_3_1, hw_compat_3_1_len);
++ compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat));
++
++ mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power8_v2.0");
++ smc->update_dt_enabled = false;
+ }
+
+ DEFINE_SPAPR_MACHINE(3_0, "3.0", true);
+diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
+index 7e5de1a6fd..4c69a55374 100644
+--- a/include/hw/ppc/spapr.h
++++ b/include/hw/ppc/spapr.h
+@@ -165,6 +165,8 @@ struct sPAPRMachineState {
+
+ /*< public >*/
+ char *kvm_type;
++ char *host_model;
++ char *host_serial;
+
+ const char *icp_type;
+
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-9824.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-9824.patch
new file mode 100644
index 0000000000..7f8300672b
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-9824.patch
@@ -0,0 +1,47 @@
+From d3222975c7d6cda9e25809dea05241188457b113 Mon Sep 17 00:00:00 2001
+From: William Bowling <will@wbowling.info>
+Date: Fri, 1 Mar 2019 21:45:56 +0000
+Subject: [PATCH 1/1] slirp: check sscanf result when emulating ident
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+When emulating ident in tcp_emu, if the strchr checks passed but the
+sscanf check failed, two uninitialized variables would be copied and
+sent in the reply, so move this code inside the if(sscanf()) clause.
+
+Signed-off-by: William Bowling <will@wbowling.info>
+Cc: qemu-stable@nongnu.org
+Cc: secalert@redhat.com
+Message-Id: <1551476756-25749-1-git-send-email-will@wbowling.info>
+Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+
+Upstream-Status: Backport
+https://git.qemu.org/?p=qemu.git;a=commitdiff;h=d3222975c7d6cda9e25809dea05241188457b113;hp=6c419a1e06c21c4568d5a12a9c5cafcdb00f6aa8
+CVE: CVE-2019-9824
+affects < 4.0.0
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: qemu-3.0.0/slirp/tcp_subr.c
+===================================================================
+--- qemu-3.0.0.orig/slirp/tcp_subr.c
++++ qemu-3.0.0/slirp/tcp_subr.c
+@@ -662,12 +662,12 @@ tcp_emu(struct socket *so, struct mbuf *
+ break;
+ }
+ }
++ so_rcv->sb_cc = snprintf(so_rcv->sb_data,
++ so_rcv->sb_datalen,
++ "%d,%d\r\n", n1, n2);
++ so_rcv->sb_rptr = so_rcv->sb_data;
++ so_rcv->sb_wptr = so_rcv->sb_data + so_rcv->sb_cc;
+ }
+- so_rcv->sb_cc = snprintf(so_rcv->sb_data,
+- so_rcv->sb_datalen,
+- "%d,%d\r\n", n1, n2);
+- so_rcv->sb_rptr = so_rcv->sb_data;
+- so_rcv->sb_wptr = so_rcv->sb_data + so_rcv->sb_cc;
+ }
+ m_free(m);
+ return 0;
diff --git a/meta/recipes-devtools/qemu/qemu_3.0.0.bb b/meta/recipes-devtools/qemu/qemu_3.0.0.bb
index 776548b05a..1daee7211f 100644
--- a/meta/recipes-devtools/qemu/qemu_3.0.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_3.0.0.bb
@@ -21,10 +21,28 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://0009-apic-fixup-fallthrough-to-PIC.patch \
file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
+ file://CVE-2018-10839.patch\
file://CVE-2018-15746.patch \
- file://CVE-2018-17958.patch \
file://CVE-2018-17962.patch \
file://CVE-2018-17963.patch \
+ file://CVE-2018-16867.patch \
+ file://CVE-2018-16872.patch \
+ file://CVE-2018-18849.patch \
+ file://CVE-2018-19364_p1.patch \
+ file://CVE-2018-19364_p2.patch \
+ file://CVE-2018-19489.patch \
+ file://CVE-2019-12155.patch \
+ file://CVE-2018-20815_p1.patch \
+ file://CVE-2018-20815_p2.patch \
+ file://CVE-2019-9824.patch \
+ file://0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch \
+ file://CVE-2018-18954.patch \
+ file://CVE-2019-3812.patch \
+ file://CVE-2019-6778.patch \
+ file://CVE-2019-8934.patch \
+ file://0001-linux-user-assume-__NR_gettid-always-exists.patch \
+ file://0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch \
+ file://0011-linux-user-remove-host-stime-syscall.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/ruby/ruby.inc b/meta/recipes-devtools/ruby/ruby.inc
index 5a5bef2024..1ecd087d7d 100644
--- a/meta/recipes-devtools/ruby/ruby.inc
+++ b/meta/recipes-devtools/ruby/ruby.inc
@@ -14,8 +14,8 @@ LIC_FILES_CHKSUM = "\
file://LEGAL;md5=23a79bb4c1a40f6cc9bcb6f4e7c39799 \
"
-DEPENDS = "ruby-native zlib openssl tcl libyaml gdbm readline"
-DEPENDS_class-native = "openssl-native libyaml-native"
+DEPENDS = "ruby-native zlib openssl tcl libyaml gdbm readline libffi"
+DEPENDS_class-native = "openssl-native libyaml-native readline-native"
SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
@@ -24,7 +24,7 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
"
UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
-inherit autotools
+inherit autotools ptest
# This snippet lets compiled extensions which rely on external libraries,
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch b/meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch
deleted file mode 100644
index 22fa1b5f4d..0000000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 1b931fc03b819b9a0214be3eaca844ef534175e2 Mon Sep 17 00:00:00 2001
-From: Jonathan Claudius <jclaudius@mozilla.com>
-Date: Wed, 7 Feb 2018 23:54:52 -0500
-Subject: [PATCH] Non-working patch for deducing symlinked base-dirs
-
----
-CVE: CVE-2018-1000073
-
-Fixed in ruby 2.7.6.
-
-Upstream-Status: Backport [github.com/rubygems/rubygems/commit/1b931fc...]
-
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
-
----
- lib/rubygems/package.rb | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb
-index dede959..cb9c74a 100644
---- a/lib/rubygems/package.rb
-+++ b/lib/rubygems/package.rb
-@@ -421,6 +421,8 @@ EOM
- destination_dir = File.expand_path destination_dir
-
- destination = File.join destination_dir, filename
-+ destination = File.realpath destination if
-+ File.respond_to? :realpath
- destination = File.expand_path destination
-
- raise Gem::Package::PathError.new(destination, destination_dir) unless
---
-1.7.9.5
-
diff --git a/meta/recipes-devtools/ruby/ruby/run-ptest b/meta/recipes-devtools/ruby/ruby/run-ptest
new file mode 100644
index 0000000000..de7c415aba
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/run-ptest
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+test_fullname=`find test -name test_*.rb`
+
+for i in ${test_fullname}; do
+ ruby ./test/runner.rb ${i} 2>&1 > /dev/null
+ ret=$?
+ if [ $ret != 0 ]; then
+ echo "FAIL: ${i}"
+ else
+ echo "PASS: ${i}"
+ fi
+done
diff --git a/meta/recipes-devtools/ruby/ruby_2.5.3.bb b/meta/recipes-devtools/ruby/ruby_2.5.3.bb
index e9f0453788..519daf294f 100644
--- a/meta/recipes-devtools/ruby/ruby_2.5.3.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.5.3.bb
@@ -3,7 +3,7 @@ require ruby.inc
SRC_URI += " \
file://ruby-CVE-2017-9226.patch \
file://ruby-CVE-2017-9228.patch \
- file://CVE-2018-1000073.patch \
+ file://run-ptest \
"
SRC_URI[md5sum] = "20c85b67846d49622ef3b24230803fef"
@@ -29,6 +29,7 @@ EXTRA_OECONF = "\
--disable-dtrace \
--enable-shared \
--enable-load-relative \
+ --with-pkg-config=pkg-config \
"
do_install() {
@@ -55,6 +56,13 @@ do_install_append_class-target () {
}
+do_install_ptest () {
+ cp -rf ${S}/test ${D}${PTEST_PATH}/
+ cp -r ${S}/include ${D}/${libdir}/ruby/
+ test_case_rb=`grep rubygems/test_case.rb ${B}/.installed.list`
+ sed -i -e 's:../../../test/:../../../ptest/test/:g' ${D}/$test_case_rb
+}
+
PACKAGES =+ "${PN}-ri-docs ${PN}-rdoc"
SUMMARY_${PN}-ri-docs = "ri (Ruby Interactive) documentation for the Ruby standard library"
@@ -67,4 +75,6 @@ FILES_${PN}-rdoc += "${libdir}/ruby/*/rdoc ${bindir}/rdoc"
FILES_${PN} += "${datadir}/rubygems"
+FILES_${PN}-ptest_append_class-target += "${libdir}/ruby/include"
+
BBCLASSEXTEND = "native"
diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
new file mode 100644
index 0000000000..9841644881
--- /dev/null
+++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
@@ -0,0 +1,33 @@
+From 11e1fac27eb8a3076382200736874c78e09b75d6 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Tue, 28 May 2019 19:35:18 +0200
+Subject: [PATCH] Make sure nSelectors is not out of range
+
+nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
+which is
+ UChar selectorMtf[BZ_MAX_SELECTORS];
+so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
+access
+
+Fixes out of bounds access discovered while fuzzying karchive
+CVE: CVE-2019-12900
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+---
+ decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/decompress.c b/decompress.c
+index 311f566..b6e0a29 100644
+--- a/decompress.c
++++ b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+ GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+ if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+ GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+- if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
+ for (i = 0; i < nSelectors; i++) {
+ j = 0;
+ while (True) {
diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-regression-CVE-2019-12900.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-regression-CVE-2019-12900.patch
new file mode 100644
index 0000000000..362e6cf319
--- /dev/null
+++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-regression-CVE-2019-12900.patch
@@ -0,0 +1,82 @@
+From 212f3ed7ac3931c9e0e9167a0bdc16eeb3c76af4 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Wed, 3 Jul 2019 01:28:11 +0200
+Subject: [PATCH] Accept as many selectors as the file format allows.
+
+But ignore any larger than the theoretical maximum, BZ_MAX_SELECTORS.
+
+The theoretical maximum number of selectors depends on the maximum
+blocksize (900000 bytes) and the number of symbols (50) that can be
+encoded with a different Huffman tree. BZ_MAX_SELECTORS is 18002.
+
+But the bzip2 file format allows the number of selectors to be encoded
+with 15 bits (because 18002 isn't a factor of 2 and doesn't fit in
+14 bits). So the file format maximum is 32767 selectors.
+
+Some bzip2 encoders might actually have written out more selectors
+than the theoretical maximum because they rounded up the number of
+selectors to some convenient factor of 8.
+
+The extra 14766 selectors can never be validly used by the decompression
+algorithm. So we can read them, but then discard them.
+
+This is effectively what was done (by accident) before we added a
+check for nSelectors to be at most BZ_MAX_SELECTORS to mitigate
+CVE-2019-12900.
+
+The extra selectors were written out after the array inside the
+EState struct. But the struct has extra space allocated after the
+selector arrays of 18060 bytes (which is larger than 14766).
+All of which will be initialized later (so the overwrite of that
+space with extra selector values would have been harmless).
+
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+---
+ compress.c | 2 +-
+ decompress.c | 10 ++++++++--
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/compress.c b/compress.c
+index caf7696..19b662b 100644
+--- a/compress.c
++++ b/compress.c
+@@ -454,7 +454,7 @@ void sendMTFValues ( EState* s )
+
+ AssertH( nGroups < 8, 3002 );
+ AssertH( nSelectors < 32768 &&
+- nSelectors <= (2 + (900000 / BZ_G_SIZE)),
++ nSelectors <= BZ_MAX_SELECTORS,
+ 3003 );
+
+
+diff --git a/decompress.c b/decompress.c
+index b6e0a29..78060c9 100644
+--- a/decompress.c
++++ b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+ GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+ if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+ GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+- if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
++ if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
+ for (i = 0; i < nSelectors; i++) {
+ j = 0;
+ while (True) {
+@@ -296,8 +296,14 @@ Int32 BZ2_decompress ( DState* s )
+ j++;
+ if (j >= nGroups) RETURN(BZ_DATA_ERROR);
+ }
+- s->selectorMtf[i] = j;
++ /* Having more than BZ_MAX_SELECTORS doesn't make much sense
++ since they will never be used, but some implementations might
++ "round up" the number of selectors, so just ignore those. */
++ if (i < BZ_MAX_SELECTORS)
++ s->selectorMtf[i] = j;
+ }
++ if (nSelectors > BZ_MAX_SELECTORS)
++ nSelectors = BZ_MAX_SELECTORS;
+
+ /*--- Undo the MTF values for the selectors. ---*/
+ {
diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
index 025f45c472..33cb8dda97 100644
--- a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
+++ b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
@@ -14,6 +14,8 @@ SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/${BP}.tar.gz \
file://Makefile.am;subdir=${BP} \
file://run-ptest \
file://CVE-2016-3189.patch \
+ file://CVE-2019-12900.patch \
+ file://fix-regression-CVE-2019-12900.patch \
"
SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b"
diff --git a/meta/recipes-extended/cups/cups/0001-don-t-try-to-run-generated-binaries.patch b/meta/recipes-extended/cups/cups/0001-don-t-try-to-run-generated-binaries.patch
index db013cf08c..d6a69f2833 100644
--- a/meta/recipes-extended/cups/cups/0001-don-t-try-to-run-generated-binaries.patch
+++ b/meta/recipes-extended/cups/cups/0001-don-t-try-to-run-generated-binaries.patch
@@ -1,20 +1,21 @@
-Upstream-Status: Inappropriate [embedded specific]
-
-From 90069586167b930befce7303aea57078f04b4ed8 Mon Sep 17 00:00:00 2001
+From 1fb07162a9ed187cccf06e34c9bf841d15c6e64e Mon Sep 17 00:00:00 2001
From: Koen Kooi <koen@dominion.thruhere.net>
Date: Sun, 30 Jan 2011 16:37:27 +0100
Subject: [PATCH] don't try to run generated binaries
+Upstream-Status: Inappropriate [embedded specific]
+
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
+
---
- ppdc/Makefile | 30 +++++++++++++++---------------
- 1 files changed, 15 insertions(+), 15 deletions(-)
+ ppdc/Makefile | 32 ++++++++++++++++----------------
+ 1 file changed, 16 insertions(+), 16 deletions(-)
-Index: cups-2.2.6/ppdc/Makefile
-===================================================================
---- cups-2.2.6.orig/ppdc/Makefile
-+++ cups-2.2.6/ppdc/Makefile
-@@ -228,8 +228,8 @@ genstrings: genstrings.o libcupsppdc.a
+diff --git a/ppdc/Makefile b/ppdc/Makefile
+index e563988..973dd3f 100644
+--- a/ppdc/Makefile
++++ b/ppdc/Makefile
+@@ -189,8 +189,8 @@ genstrings: genstrings.o libcupsppdc.a ../cups/$(LIBCUPSSTATIC) \
$(LD_CXX) $(ARCHFLAGS) $(LDFLAGS) -o genstrings genstrings.o \
libcupsppdc.a ../cups/$(LIBCUPSSTATIC) $(LIBGSSAPI) $(SSLLIBS) \
$(DNSSDLIBS) $(COMMONLIBS) $(LIBZ)
@@ -25,10 +26,10 @@ Index: cups-2.2.6/ppdc/Makefile
#
-@@ -246,9 +246,9 @@ ppdc-static: ppdc.o libcupsppdc.a ../cu
- $(LD_CXX) $(ARCHFLAGS) $(LDFLAGS) -o ppdc-static ppdc.o libcupsppdc.a \
+@@ -209,9 +209,9 @@ ppdc-static: ppdc.o libcupsppdc.a ../cups/$(LIBCUPSSTATIC) foo.drv foo-fr.po
../cups/$(LIBCUPSSTATIC) $(LIBGSSAPI) $(SSLLIBS) $(DNSSDLIBS) \
$(COMMONLIBS) $(LIBZ)
+ $(CODE_SIGN) -s "$(CODE_SIGN_IDENTITY)" $@
- echo Testing PPD compiler...
- ./ppdc-static -l en,fr -I ../data foo.drv
- ./ppdc-static -l en,fr -z -I ../data foo.drv
@@ -38,10 +39,10 @@ Index: cups-2.2.6/ppdc/Makefile
#
-@@ -274,17 +274,17 @@ ppdi-static: ppdc-static ppdi.o libcups
- $(LD_CXX) $(ARCHFLAGS) $(LDFLAGS) -o ppdi-static ppdi.o libcupsppdc.a \
+@@ -240,17 +240,17 @@ ppdi-static: ppdc-static ppdi.o libcupsppdc.a ../cups/$(LIBCUPSSTATIC)
../cups/$(LIBCUPSSTATIC) $(LIBGSSAPI) $(SSLLIBS) $(DNSSDLIBS) \
$(COMMONLIBS) $(LIBZ)
+ $(CODE_SIGN) -s "$(CODE_SIGN_IDENTITY)" $@
- echo Testing PPD importer...
- $(RM) -r ppd ppd2 sample-import.drv
- ./ppdc-static -l en -I ../data sample.drv
diff --git a/meta/recipes-extended/cups/cups_2.2.10.bb b/meta/recipes-extended/cups/cups_2.2.10.bb
new file mode 100644
index 0000000000..490c84e2f4
--- /dev/null
+++ b/meta/recipes-extended/cups/cups_2.2.10.bb
@@ -0,0 +1,6 @@
+require cups.inc
+
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=f212b4338db0da8cb892e94bf2949460"
+
+SRC_URI[md5sum] = "3d22d747403ec5dcd0b66d1332564816"
+SRC_URI[sha256sum] = "77c8b2b3bb7fe8b5fbfffc307f2c817b2d7ec67b657f261a1dd1c61ab81205bb"
diff --git a/meta/recipes-extended/cups/cups_2.2.8.bb b/meta/recipes-extended/cups/cups_2.2.8.bb
deleted file mode 100644
index de1bd84bf7..0000000000
--- a/meta/recipes-extended/cups/cups_2.2.8.bb
+++ /dev/null
@@ -1,6 +0,0 @@
-require cups.inc
-
-LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=f212b4338db0da8cb892e94bf2949460"
-
-SRC_URI[md5sum] = "33150d08993a04c8e22176e93805a051"
-SRC_URI[sha256sum] = "3968fc1d26fc48727508db1c1380e36c6694ab90177fd6920aec5f6cc73af9e4"
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch
new file mode 100644
index 0000000000..30ce04a7b1
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch
@@ -0,0 +1,99 @@
+From ad3ad6b389653722507e588c5cb34d8731e49e89 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Mon, 26 Nov 2018 18:01:25 +0000
+Subject: [PATCH] Have gs_cet.ps run from gs_init.ps
+
+Previously gs_cet.ps was run on the command line, to set up the interpreter
+state so our output more closely matches the example output for the QL CET
+tests.
+
+Allow a -dCETMODE command line switch, which will cause gs_init.ps to run the
+file directly.
+
+This works better for gpdl as it means the changes are made in the intial
+interpreter state, rather than after initialisation is complete.
+
+This also means adding a definition of the default procedure for black
+generation and under color removal (rather it being defined in-line in
+.setdefaultbgucr
+
+Also, add a check so gs_cet.ps only runs once - if we try to run it a second
+time, we'll just skip over the file, flushing through to the end.
+
+CVE: CVE-2019-3835
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Resource/Init/gs_cet.ps | 11 ++++++++++-
+ Resource/Init/gs_init.ps | 13 ++++++++++++-
+ 2 files changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps
+index d3e1686..75534bb 100644
+--- a/Resource/Init/gs_cet.ps
++++ b/Resource/Init/gs_cet.ps
+@@ -1,6 +1,11 @@
+ %!PS
+ % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET
+
++systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq
++{
++ (%END GS_CET) .skipeof
++} if
++
+ % do this in the server level so it is persistent across jobs
+ //true 0 startjob not {
+ (*** Warning: CET startup is not in server default) = flush
+@@ -25,7 +30,9 @@ currentglobal //true setglobal
+
+ /UNROLLFORMS true def
+
+-{ } bind dup
++(%.defaultbgrucrproc) cvn { } bind def
++
++(%.defaultbgrucrproc) cvn load dup
+ setblackgeneration
+ setundercolorremoval
+ 0 array cvx readonly dup dup dup setcolortransfer
+@@ -109,3 +116,5 @@ userdict /.smoothness currentsmoothness put
+ % end of slightly nasty hack to give consistent cluster results
+
+ //false 0 startjob pop % re-enter encapsulated mode
++
++%END GS_CET
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index 45bebf4..e6b9cd2 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -1538,10 +1538,18 @@ setpacking
+ % any-part-of-pixel rule.
+ 0.5 .setfilladjust
+ } bind def
++
+ % Set the default screen and BG/UCR.
++% We define the proc here, rather than inline in .setdefaultbgucr
++% for the benefit of gs_cet.ps so jobs that do anything that causes
++% .setdefaultbgucr to be called will still get the redefined proc
++% in gs_cet.ps
++(%.defaultbgrucrproc) cvn { pop 0 } def
++
+ /.setdefaultbgucr {
+ systemdict /setblackgeneration known {
+- { pop 0 } dup setblackgeneration setundercolorremoval
++ (%.defaultbgrucrproc) cvn load dup
++ setblackgeneration setundercolorremoval
+ } if
+ } bind def
+ /.useloresscreen { % - .useloresscreen <bool>
+@@ -2491,4 +2499,7 @@ WRITESYSTEMDICT {
+ % be 'true' in some cases.
+ userdict /AGM_preserve_spots //false put
+
++systemdict /CETMODE .knownget
++{ { (gs_cet.ps) runlibfile } if } if
++
+ % The interpreter will run the initial procedure (start).
+--
+2.18.1
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch
new file mode 100644
index 0000000000..590b92e186
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch
@@ -0,0 +1,71 @@
+From ba6dbd6e61dbb3cc6ee6db9dd3a4f70cc18f706e Mon Sep 17 00:00:00 2001
+From: Nancy Durgin <nancy.durgin@artifex.com>
+Date: Thu, 14 Feb 2019 10:09:00 -0800
+Subject: [PATCH] Undef /odef in gs_init.ps
+
+Made a new temporary utility function in gs_cet.ps (.odef) to use instead
+of /odef. This makes it fine to undef odef with all the other operators in
+gs_init.ps
+
+This punts the bigger question of what to do with .makeoperator, but it
+doesn't make the situation any worse than it already was.
+
+CVE: CVE-2019-3835
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Resource/Init/gs_cet.ps | 10 ++++++++--
+ Resource/Init/gs_init.ps | 1 +
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps
+index 75534bb..dbc5c4e 100644
+--- a/Resource/Init/gs_cet.ps
++++ b/Resource/Init/gs_cet.ps
+@@ -1,6 +1,10 @@
+ %!PS
+ % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET
+
++/.odef { % <name> <proc> odef -
++ 1 index exch .makeoperator def
++} bind def
++
+ systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq
+ {
+ (%END GS_CET) .skipeof
+@@ -93,8 +97,8 @@ userdict /.smoothness currentsmoothness put
+ } {
+ /setsmoothness .systemvar /typecheck signalerror
+ } ifelse
+-} bind odef
+-/currentsmoothness { userdict /.smoothness get } bind odef % for 09-55.PS, 09-57.PS .
++} bind //.odef exec
++/currentsmoothness { userdict /.smoothness get } bind //.odef exec % for 09-55.PS, 09-57.PS .
+
+ % slightly nasty hack to give consistent cluster results
+ /ofnfa systemdict /filenameforall get def
+@@ -113,6 +117,8 @@ userdict /.smoothness currentsmoothness put
+ } ifelse
+ ofnfa
+ } bind def
++
++currentdict /.odef undef
+ % end of slightly nasty hack to give consistent cluster results
+
+ //false 0 startjob pop % re-enter encapsulated mode
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index e6b9cd2..80d9585 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -2257,6 +2257,7 @@ SAFER { .setsafeglobal } if
+ /.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams
+ /.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath /.currentoutputdevice
+ /.type /.writecvs /.setSMask /.currentSMask /.needinput /.countexecstack /.execstack /.applypolicies
++ /odef
+
+ % Used by a free user in the Library of Congress. Apparently this is used to
+ % draw a partial page, which is then filled in by the results of a barcode
+--
+2.18.1
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch
new file mode 100644
index 0000000000..a339fa2f33
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch
@@ -0,0 +1,295 @@
+From 4203e04ef9e6ca22ed68a1ab10a878aa9ceaeedc Mon Sep 17 00:00:00 2001
+From: Ray Johnston <ray.johnston@artifex.com>
+Date: Thu, 14 Feb 2019 10:20:03 -0800
+Subject: [PATCH] Fix bug 700585: Restrict superexec and remove it from
+ internals and gs_cet.ps
+
+Also while changing things, restructure the CETMODE so that it will
+work with -dSAFER. The gs_cet.ps is now run when we are still at save
+level 0 with systemdict writeable. Allows us to undefine .makeoperator
+and .setCPSImode internal operators after CETMODE is handled.
+
+Change previous uses of superexec to using .forceput (with the usual
+.bind executeonly to hide it).
+
+CVE: CVE-2019-3835
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Resource/Init/gs_cet.ps | 38 ++++++++++++++------------------------
+ Resource/Init/gs_dps1.ps | 2 +-
+ Resource/Init/gs_fonts.ps | 8 ++++----
+ Resource/Init/gs_init.ps | 38 +++++++++++++++++++++++++++-----------
+ Resource/Init/gs_ttf.ps | 8 ++++----
+ Resource/Init/gs_type1.ps | 6 +++---
+ 6 files changed, 53 insertions(+), 47 deletions(-)
+
+diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps
+index dbc5c4e..3cc6883 100644
+--- a/Resource/Init/gs_cet.ps
++++ b/Resource/Init/gs_cet.ps
+@@ -1,37 +1,29 @@
+ %!PS
+ % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET
+
+-/.odef { % <name> <proc> odef -
+- 1 index exch .makeoperator def
+-} bind def
+-
++% skip if we've already run this -- based on fake "product"
+ systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq
+ {
+ (%END GS_CET) .skipeof
+ } if
+
+-% do this in the server level so it is persistent across jobs
+-//true 0 startjob not {
+- (*** Warning: CET startup is not in server default) = flush
+-} if
++% Note: this must be run at save level 0 and when systemdict is writeable
++currentglobal //true setglobal
++systemdict dup dup dup
++/version (3017.102) readonly .forceput % match CPSI 3017.102
++/product (PhotoPRINT SE 5.0v2) readonly .forceput % match CPSI 3017.102
++/revision 0 put % match CPSI 3017.103 Tek shows revision 5
++/serialnumber dup {233640} readonly .makeoperator .forceput % match CPSI 3017.102 Tek shows serialnumber 1401788461
++
++systemdict /.odef { % <name> <proc> odef -
++ 1 index exch //.makeoperator def
++} .bind .forceput % this will be undefined at the end
+
+ 300 .sethiresscreen % needed for language switch build since it
+ % processes gs_init.ps BEFORE setting the resolution
+
+ 0 array 0 setdash % CET 09-08 wants local setdash
+
+-currentglobal //true setglobal
+-
+-{
+- systemdict dup dup dup
+- /version (3017.102) readonly put % match CPSI 3017.102
+- /product (PhotoPRINT SE 5.0v2) readonly put % match CPSI 3017.102
+- /revision 0 put % match CPSI 3017.103 Tek shows revision 5
+- /serialnumber dup {233640} readonly .makeoperator put % match CPSI 3017.102 Tek shows serialnumber 1401788461
+- systemdict /deviceinfo undef % for CET 20-23-1
+-% /UNROLLFORMS true put % CET files do unreasonable things inside forms
+-} 1183615869 internaldict /superexec get exec
+-
+ /UNROLLFORMS true def
+
+ (%.defaultbgrucrproc) cvn { } bind def
+@@ -118,9 +110,7 @@ userdict /.smoothness currentsmoothness put
+ ofnfa
+ } bind def
+
+-currentdict /.odef undef
+-% end of slightly nasty hack to give consistent cluster results
+-
+-//false 0 startjob pop % re-enter encapsulated mode
++systemdict /.odef .undef
+
++% end of slightly nasty hack to give consistent cluster results
+ %END GS_CET
+diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
+index 3d2cf7a..c4fd839 100644
+--- a/Resource/Init/gs_dps1.ps
++++ b/Resource/Init/gs_dps1.ps
+@@ -89,7 +89,7 @@ level2dict begin
+ % definition, copy it into the local directory.
+ //systemdict /SharedFontDirectory .knownget
+ { 1 index .knownget
+- { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
++ { //.FontDirectory 2 index 3 -1 roll .forceput } % readonly
+ if
+ }
+ if
+diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
+index 0562235..f2b4e19 100644
+--- a/Resource/Init/gs_fonts.ps
++++ b/Resource/Init/gs_fonts.ps
+@@ -519,11 +519,11 @@ buildfontdict 3 /.buildfont3 cvx put
+ % the font in LocalFontDirectory.
+ .currentglobal
+ { //systemdict /LocalFontDirectory .knownget
+- { 2 index 2 index { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
++ { 2 index 2 index .forceput } % readonly
+ if
+ }
+ if
+- dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
++ dup //.FontDirectory 4 -2 roll .forceput % readonly
+ % If the font originated as a resource, register it.
+ currentfile .currentresourcefile eq { dup .registerfont } if
+ readonly
+@@ -1191,13 +1191,13 @@ $error /SubstituteFont { } put
+ //.FontDirectory 1 index known not {
+ 2 dict dup /FontName 3 index put
+ dup /FontType 1 put
+- //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
++ //.FontDirectory 3 1 roll //.forceput exec % readonly
+ } {
+ pop
+ } ifelse
+ } forall
+ } forall
+- }
++ } executeonly % hide .forceput
+ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined
+
+ % Install initial fonts from Fontmap.
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index 80d9585..0d5c4f7 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -2188,9 +2188,6 @@ SAFER { .setsafeglobal } if
+ /.endtransparencygroup % transparency-example.ps
+ /.setdotlength % Bug687720.ps
+ /.sort /.setdebug /.mementolistnewblocks /getenv
+-
+- /.makeoperator /.setCPSImode % gs_cet.ps, this won't work on cluster with -dSAFER
+-
+ /unread
+ ]
+ {systemdict exch .forceundef} forall
+@@ -2270,7 +2267,6 @@ SAFER { .setsafeglobal } if
+
+ % Used by our own test suite files
+ %/.fileposition %image-qa.ps
+- %/.makeoperator /.setCPSImode % gs_cet.ps
+
+ % Either our code uses these in ways which mean they can't be undefined, or they are used directly by
+ % test files/utilities, or engineers expressed a desire to keep them visible.
+@@ -2457,6 +2453,16 @@ end
+ /vmreclaim where
+ { pop NOGC not { 2 .vmreclaim 0 vmreclaim } if
+ } if
++
++% Do this before systemdict is locked (see below for additional CETMODE setup using gs_cet.ps)
++systemdict /CETMODE .knownget {
++ {
++ (gs_cet.ps) runlibfile
++ } if
++} if
++systemdict /.makeoperator .undef % must be after gs_cet.ps
++systemdict /.setCPSImode .undef % must be after gs_cet.ps
++
+ DELAYBIND not {
+ systemdict /.bindnow .undef % We only need this for DELAYBIND
+ systemdict /.forcecopynew .undef % remove temptation
+@@ -2464,16 +2470,29 @@ DELAYBIND not {
+ systemdict /.forceundef .undef % ditto
+ } if
+
+-% Move superexec to internaldict if superexec is defined.
+-systemdict /superexec .knownget {
+- 1183615869 internaldict /superexec 3 -1 roll put
+- systemdict /superexec .undef
++% Move superexec to internaldict if superexec is defined. (Level 2 or later)
++systemdict /superexec known {
++ % restrict superexec to single known use by PScript5.dll
++ % We could do this only for SAFER mode, but internaldict and superexec are
++ % not very well documented, and we don't want them to be used.
++ 1183615869 internaldict /superexec {
++ 2 index /Private eq % first check for typical use in PScript5.dll
++ 1 index length 1 eq and % expected usage is: dict /Private <value> {put} superexec
++ 1 index 0 get systemdict /put get eq and
++ {
++ //superexec exec % the only usage we allow
++ } {
++ /superexec load /invalidaccess signalerror
++ } ifelse
++ } bind cvx executeonly put
++ systemdict /superexec .undef % get rid of the dangerous (unrestricted) operator
+ } if
+
+ % Can't remove this one until the last minute :-)
+ DELAYBIND not {
+ systemdict /.undef .undef
+ } if
++
+ WRITESYSTEMDICT {
+ SAFER {
+ (\n *** WARNING - you have selected SAFER, indicating you want Ghostscript\n) print
+@@ -2500,7 +2519,4 @@ WRITESYSTEMDICT {
+ % be 'true' in some cases.
+ userdict /AGM_preserve_spots //false put
+
+-systemdict /CETMODE .knownget
+-{ { (gs_cet.ps) runlibfile } if } if
+-
+ % The interpreter will run the initial procedure (start).
+diff --git a/Resource/Init/gs_ttf.ps b/Resource/Init/gs_ttf.ps
+index 05943c5..da97afa 100644
+--- a/Resource/Init/gs_ttf.ps
++++ b/Resource/Init/gs_ttf.ps
+@@ -1421,7 +1421,7 @@ mark
+ TTFDEBUG { (\n1 setting alias: ) print dup ==only
+ ( to be the same as ) print 2 index //== exec } if
+
+- 7 index 2 index 3 -1 roll exch //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse
++ 7 index 2 index 3 -1 roll exch .forceput
+ } forall
+ pop pop pop
+ }
+@@ -1439,7 +1439,7 @@ mark
+ exch pop
+ TTFDEBUG { (\n2 setting alias: ) print 1 index ==only
+ ( to use glyph index: ) print dup //== exec } if
+- 5 index 3 1 roll //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse
++ 5 index 3 1 roll .forceput
+ //false
+ }
+ {
+@@ -1456,7 +1456,7 @@ mark
+ { % CharStrings(dict) isunicode(boolean) cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer)
+ TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only
+ ( to be index: ) print dup //== exec } if
+- exch pop 5 index 3 1 roll //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse
++ exch pop 5 index 3 1 roll .forceput
+ }
+ {
+ pop pop
+@@ -1486,7 +1486,7 @@ mark
+ } ifelse
+ ]
+ TTFDEBUG { (Encoding: ) print dup === flush } if
+-} bind def
++} .bind executeonly odef % hides .forceput
+
+ % to be removed 9.09......
+ currentdict /postalias undef
+diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
+index 96e1ced..61f5269 100644
+--- a/Resource/Init/gs_type1.ps
++++ b/Resource/Init/gs_type1.ps
+@@ -116,7 +116,7 @@
+ { % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname aglname
+ CFFDEBUG { (\nsetting alias: ) print dup ==only
+ ( to be the same as glyph: ) print 1 index //== exec } if
+- 3 index exch 3 index //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse
++ 3 index exch 3 index .forceput
+ % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
+ }
+ {pop} ifelse
+@@ -135,7 +135,7 @@
+ 3 1 roll pop pop
+ } if
+ pop
+- dup /.AGLprocessed~GS //true //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse
++ dup /.AGLprocessed~GS //true .forceput
+ } if
+
+ %% We need to excute the C .buildfont1 in a stopped context so that, if there
+@@ -148,7 +148,7 @@
+ {//.buildfont1} stopped
+ 4 3 roll .setglobal
+ {//.buildfont1 $error /errorname get signalerror} if
+- } bind def
++ } .bind executeonly def % hide .forceput
+
+ % If the diskfont feature isn't included, define a dummy .loadfontdict.
+ /.loadfontdict where
+--
+2.20.1
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch
new file mode 100644
index 0000000000..5228cace24
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch
@@ -0,0 +1,167 @@
+From 5845e667dda3c945ee793fbe6af021533cb4fbec Mon Sep 17 00:00:00 2001
+From: Ray Johnston <ray.johnston@artifex.com>
+Date: Sun, 24 Feb 2019 22:01:04 -0800
+Subject: [PATCH] Bug 700585: Obliterate "superexec". We don't need it, nor
+ do any known apps.
+
+We were under the impression that the Windows driver 'PScript5.dll' used
+superexec, but after testing with our extensive suite of PostScript file,
+and analysis of the PScript5 "Adobe CoolType ProcSet, it does not appear
+that this operator is needed anymore. Get rid of superexec and all of the
+references to it, since it is a potential security hole.
+
+CVE: CVE-2019-3835
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Resource/Init/gs_init.ps | 18 ------------------
+ psi/icontext.c | 1 -
+ psi/icstate.h | 1 -
+ psi/zcontrol.c | 30 ------------------------------
+ psi/zdict.c | 6 ++----
+ psi/zgeneric.c | 3 +--
+ 6 files changed, 3 insertions(+), 56 deletions(-)
+
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index 0d5c4f7..c5ac82a 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -2470,24 +2470,6 @@ DELAYBIND not {
+ systemdict /.forceundef .undef % ditto
+ } if
+
+-% Move superexec to internaldict if superexec is defined. (Level 2 or later)
+-systemdict /superexec known {
+- % restrict superexec to single known use by PScript5.dll
+- % We could do this only for SAFER mode, but internaldict and superexec are
+- % not very well documented, and we don't want them to be used.
+- 1183615869 internaldict /superexec {
+- 2 index /Private eq % first check for typical use in PScript5.dll
+- 1 index length 1 eq and % expected usage is: dict /Private <value> {put} superexec
+- 1 index 0 get systemdict /put get eq and
+- {
+- //superexec exec % the only usage we allow
+- } {
+- /superexec load /invalidaccess signalerror
+- } ifelse
+- } bind cvx executeonly put
+- systemdict /superexec .undef % get rid of the dangerous (unrestricted) operator
+-} if
+-
+ % Can't remove this one until the last minute :-)
+ DELAYBIND not {
+ systemdict /.undef .undef
+diff --git a/psi/icontext.c b/psi/icontext.c
+index 1fbe486..7462ea3 100644
+--- a/psi/icontext.c
++++ b/psi/icontext.c
+@@ -151,7 +151,6 @@ context_state_alloc(gs_context_state_t ** ppcst,
+ pcst->rand_state = rand_state_initial;
+ pcst->usertime_total = 0;
+ pcst->keep_usertime = false;
+- pcst->in_superexec = 0;
+ pcst->plugin_list = 0;
+ make_t(&pcst->error_object, t__invalid);
+ { /*
+diff --git a/psi/icstate.h b/psi/icstate.h
+index 4c6a14d..1009d85 100644
+--- a/psi/icstate.h
++++ b/psi/icstate.h
+@@ -54,7 +54,6 @@ struct gs_context_state_s {
+ long usertime_total; /* total accumulated usertime, */
+ /* not counting current time if running */
+ bool keep_usertime; /* true if context ever executed usertime */
+- int in_superexec; /* # of levels of superexec */
+ /* View clipping is handled in the graphics state. */
+ ref error_object; /* t__invalid or error object from operator */
+ ref userparams; /* t_dictionary */
+diff --git a/psi/zcontrol.c b/psi/zcontrol.c
+index 0362cf4..dc813e8 100644
+--- a/psi/zcontrol.c
++++ b/psi/zcontrol.c
+@@ -158,34 +158,6 @@ zexecn(i_ctx_t *i_ctx_p)
+ return o_push_estack;
+ }
+
+-/* <obj> superexec - */
+-static int end_superexec(i_ctx_t *);
+-static int
+-zsuperexec(i_ctx_t *i_ctx_p)
+-{
+- os_ptr op = osp;
+- es_ptr ep;
+-
+- check_op(1);
+- if (!r_has_attr(op, a_executable))
+- return 0; /* literal object just gets pushed back */
+- check_estack(2);
+- ep = esp += 3;
+- make_mark_estack(ep - 2, es_other, end_superexec); /* error case */
+- make_op_estack(ep - 1, end_superexec); /* normal case */
+- ref_assign(ep, op);
+- esfile_check_cache();
+- pop(1);
+- i_ctx_p->in_superexec++;
+- return o_push_estack;
+-}
+-static int
+-end_superexec(i_ctx_t *i_ctx_p)
+-{
+- i_ctx_p->in_superexec--;
+- return 0;
+-}
+-
+ /* <array> <executable> .runandhide <obj> */
+ /* before executing <executable>, <array> is been removed from */
+ /* the operand stack and placed on the execstack with attributes */
+@@ -971,8 +943,6 @@ const op_def zcontrol3_op_defs[] = {
+ {"0%loop_continue", loop_continue},
+ {"0%repeat_continue", repeat_continue},
+ {"0%stopped_push", stopped_push},
+- {"1superexec", zsuperexec},
+- {"0%end_superexec", end_superexec},
+ {"2.runandhide", zrunandhide},
+ {"0%end_runandhide", end_runandhide},
+ op_def_end(0)
+diff --git a/psi/zdict.c b/psi/zdict.c
+index b0deaaa..e2e525d 100644
+--- a/psi/zdict.c
++++ b/psi/zdict.c
+@@ -212,8 +212,7 @@ zundef(i_ctx_t *i_ctx_p)
+ int code;
+
+ check_type(*op1, t_dictionary);
+- if (i_ctx_p->in_superexec == 0)
+- check_dict_write(*op1);
++ check_dict_write(*op1);
+ code = idict_undef(op1, op);
+ if (code < 0 && code != gs_error_undefined) /* ignore undefined error */
+ return code;
+@@ -504,8 +503,7 @@ zsetmaxlength(i_ctx_t *i_ctx_p)
+ int code;
+
+ check_type(*op1, t_dictionary);
+- if (i_ctx_p->in_superexec == 0)
+- check_dict_write(*op1);
++ check_dict_write(*op1);
+ check_type(*op, t_integer);
+ if (op->value.intval < 0)
+ return_error(gs_error_rangecheck);
+diff --git a/psi/zgeneric.c b/psi/zgeneric.c
+index 8048e28..d4edddb 100644
+--- a/psi/zgeneric.c
++++ b/psi/zgeneric.c
+@@ -204,8 +204,7 @@ zput(i_ctx_t *i_ctx_p)
+
+ switch (r_type(op2)) {
+ case t_dictionary:
+- if (i_ctx_p->in_superexec == 0)
+- check_dict_write(*op2);
++ check_dict_write(*op2);
+ {
+ int code = idict_put(op2, op1, op);
+
+--
+2.18.1
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch
new file mode 100644
index 0000000000..593109fb9f
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch
@@ -0,0 +1,34 @@
+From 53f0cb4c54ac951697704cb87d24154ae08aecce Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 20 Feb 2019 09:54:28 +0000
+Subject: [PATCH] Bug 700576: Make a transient proc executeonly (in
+ DefineResource).
+
+This prevents access to .forceput
+
+Solution originally suggested by cbuissar@redhat.com.
+
+CVE: CVE-2019-3838
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Resource/Init/gs_res.ps | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index 89c0ed6..a163541 100644
+--- a/Resource/Init/gs_res.ps
++++ b/Resource/Init/gs_res.ps
+@@ -426,7 +426,7 @@ status {
+ % so we have to use .forceput here.
+ currentdict /.Instances 2 index .forceput % Category dict is read-only
+ } executeonly if
+- }
++ } executeonly
+ { .LocalInstances dup //.emptydict eq
+ { pop 3 dict localinstancedict Category 2 index put
+ }
+--
+2.18.1
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch
new file mode 100644
index 0000000000..921e5b6876
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch
@@ -0,0 +1,30 @@
+From 0cb5e967c0200559f946291b5b54f8da30c32cd6 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Fri, 22 Feb 2019 12:28:23 +0000
+Subject: [PATCH] Bug 700576(redux): an extra transient proc needs
+ executeonly'ed.
+
+CVE: CVE-2019-3838
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Resource/Init/gs_res.ps | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index a163541..8ce4ae3 100644
+--- a/Resource/Init/gs_res.ps
++++ b/Resource/Init/gs_res.ps
+@@ -438,7 +438,7 @@ status {
+ % Now make the resource value read-only.
+ 0 2 copy get { readonly } .internalstopped pop
+ dup 4 1 roll put exch pop exch pop
+- }
++ } executeonly
+ { /defineresource cvx /typecheck signaloperror
+ }
+ ifelse
+--
+2.18.1
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.26.bb b/meta/recipes-extended/ghostscript/ghostscript_9.26.bb
index ad4c5e17d2..bb32347880 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.26.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.26.bb
@@ -39,6 +39,12 @@ SRC_URI = "${SRC_URI_BASE} \
file://CVE-2019-6116-0005.patch \
file://CVE-2019-6116-0006.patch \
file://CVE-2019-6116-0007.patch \
+ file://CVE-2019-3835-0001.patch \
+ file://CVE-2019-3835-0002.patch \
+ file://CVE-2019-3835-0003.patch \
+ file://CVE-2019-3835-0004.patch \
+ file://CVE-2019-3838-0001.patch \
+ file://CVE-2019-3838-0002.patch \
"
SRC_URI_class-native = "${SRC_URI_BASE} \
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000877.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000877.patch
new file mode 100644
index 0000000000..ce638370bd
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000877.patch
@@ -0,0 +1,38 @@
+CVE: CVE-2018-1000877
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 021efa522ad729ff0f5806c4ce53e4a6cc1daa31 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 20 Nov 2018 17:56:29 +1100
+Subject: [PATCH] Avoid a double-free when a window size of 0 is specified
+
+new_size can be 0 with a malicious or corrupted RAR archive.
+
+realloc(area, 0) is equivalent to free(area), so the region would
+be free()d here and the free()d again in the cleanup function.
+
+Found with a setup running AFL, afl-rb, and qsym.
+---
+ libarchive/archive_read_support_format_rar.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index 23452222..6f419c27 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -2300,6 +2300,11 @@ parse_codes(struct archive_read *a)
+ new_size = DICTIONARY_MAX_SIZE;
+ else
+ new_size = rar_fls((unsigned int)rar->unp_size) << 1;
++ if (new_size == 0) {
++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
++ "Zero window size is invalid.");
++ return (ARCHIVE_FATAL);
++ }
+ new_window = realloc(rar->lzss.window, new_size);
+ if (new_window == NULL) {
+ archive_set_error(&a->archive, ENOMEM,
+--
+2.20.0
+
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000878.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000878.patch
new file mode 100644
index 0000000000..7468fd3c93
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000878.patch
@@ -0,0 +1,79 @@
+CVE: CVE-2018-1000878
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From bfcfe6f04ed20db2504db8a254d1f40a1d84eb28 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 4 Dec 2018 00:55:22 +1100
+Subject: [PATCH] rar: file split across multi-part archives must match
+
+Fuzzing uncovered some UAF and memory overrun bugs where a file in a
+single file archive reported that it was split across multiple
+volumes. This was caused by ppmd7 operations calling
+rar_br_fillup. This would invoke rar_read_ahead, which would in some
+situations invoke archive_read_format_rar_read_header. That would
+check the new file name against the old file name, and if they didn't
+match up it would free the ppmd7 buffer and allocate a new
+one. However, because the ppmd7 decoder wasn't actually done with the
+buffer, it would continue to used the freed buffer. Both reads and
+writes to the freed region can be observed.
+
+This is quite tricky to solve: once the buffer has been freed it is
+too late, as the ppmd7 decoder functions almost universally assume
+success - there's no way for ppmd_read to signal error, nor are there
+good ways for functions like Range_Normalise to propagate them. So we
+can't detect after the fact that we're in an invalid state - e.g. by
+checking rar->cursor, we have to prevent ourselves from ever ending up
+there. So, when we are in the dangerous part or rar_read_ahead that
+assumes a valid split, we set a flag force read_header to either go
+down the path for split files or bail. This means that the ppmd7
+decoder keeps a valid buffer and just runs out of data.
+
+Found with a combination of AFL, afl-rb and qsym.
+---
+ libarchive/archive_read_support_format_rar.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index 6f419c27..a8cc5c94 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -258,6 +258,7 @@ struct rar
+ struct data_block_offsets *dbo;
+ unsigned int cursor;
+ unsigned int nodes;
++ char filename_must_match;
+
+ /* LZSS members */
+ struct huffman_code maincode;
+@@ -1560,6 +1561,12 @@ read_header(struct archive_read *a, struct archive_entry *entry,
+ }
+ return ret;
+ }
++ else if (rar->filename_must_match)
++ {
++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
++ "Mismatch of file parts split across multi-volume archive");
++ return (ARCHIVE_FATAL);
++ }
+
+ rar->filename_save = (char*)realloc(rar->filename_save,
+ filename_size + 1);
+@@ -2933,12 +2940,14 @@ rar_read_ahead(struct archive_read *a, size_t min, ssize_t *avail)
+ else if (*avail == 0 && rar->main_flags & MHD_VOLUME &&
+ rar->file_flags & FHD_SPLIT_AFTER)
+ {
++ rar->filename_must_match = 1;
+ ret = archive_read_format_rar_read_header(a, a->entry);
+ if (ret == (ARCHIVE_EOF))
+ {
+ rar->has_endarc_header = 1;
+ ret = archive_read_format_rar_read_header(a, a->entry);
+ }
++ rar->filename_must_match = 0;
+ if (ret != (ARCHIVE_OK))
+ return NULL;
+ return rar_read_ahead(a, min, avail);
+--
+2.20.0
+
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000879.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000879.patch
new file mode 100644
index 0000000000..9f25932a1a
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000879.patch
@@ -0,0 +1,50 @@
+CVE: CVE-2018-1000879
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 4 Dec 2018 14:29:42 +1100
+Subject: [PATCH] Skip 0-length ACL fields
+
+Currently, it is possible to create an archive that crashes bsdtar
+with a malformed ACL:
+
+Program received signal SIGSEGV, Segmentation fault.
+archive_acl_from_text_l (acl=<optimised out>, text=0x7e2e92 "", want_type=<optimised out>, sc=<optimised out>) at libarchive/archive_acl.c:1726
+1726 switch (*s) {
+(gdb) p n
+$1 = 1
+(gdb) p field[n]
+$2 = {start = 0x0, end = 0x0}
+
+Stop this by checking that the length is not zero before beginning
+the switch statement.
+
+I am pretty sure this is the bug mentioned in the qsym paper [1],
+and I was able to replicate it with a qsym + AFL + afl-rb setup.
+
+[1] https://www.usenix.org/conference/usenixsecurity18/presentation/yun
+---
+ libarchive/archive_acl.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libarchive/archive_acl.c b/libarchive/archive_acl.c
+index 512beee1..7beeee86 100644
+--- a/libarchive/archive_acl.c
++++ b/libarchive/archive_acl.c
+@@ -1723,6 +1723,11 @@ archive_acl_from_text_l(struct archive_acl *acl, const char *text,
+ st = field[n].start + 1;
+ len = field[n].end - field[n].start;
+
++ if (len == 0) {
++ ret = ARCHIVE_WARN;
++ continue;
++ }
++
+ switch (*s) {
+ case 'u':
+ if (len == 1 || (len == 4
+--
+2.20.0
+
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000880.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000880.patch
new file mode 100644
index 0000000000..bc264a1242
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000880.patch
@@ -0,0 +1,44 @@
+CVE: CVE-2018-1000880
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 9c84b7426660c09c18cc349f6d70b5f8168b5680 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 4 Dec 2018 16:33:42 +1100
+Subject: [PATCH] warc: consume data once read
+
+The warc decoder only used read ahead, it wouldn't actually consume
+data that had previously been printed. This means that if you specify
+an invalid content length, it will just reprint the same data over
+and over and over again until it hits the desired length.
+
+This means that a WARC resource with e.g.
+Content-Length: 666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666665
+but only a few hundred bytes of data, causes a quasi-infinite loop.
+
+Consume data in subsequent calls to _warc_read.
+
+Found with an AFL + afl-rb + qsym setup.
+---
+ libarchive/archive_read_support_format_warc.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_warc.c b/libarchive/archive_read_support_format_warc.c
+index e8753853..e8fc8428 100644
+--- a/libarchive/archive_read_support_format_warc.c
++++ b/libarchive/archive_read_support_format_warc.c
+@@ -386,6 +386,11 @@ _warc_read(struct archive_read *a, const void **buf, size_t *bsz, int64_t *off)
+ return (ARCHIVE_EOF);
+ }
+
++ if (w->unconsumed) {
++ __archive_read_consume(a, w->unconsumed);
++ w->unconsumed = 0U;
++ }
++
+ rab = __archive_read_ahead(a, 1U, &nrd);
+ if (nrd < 0) {
+ *bsz = 0U;
+--
+2.20.0
+
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2019-1000019.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2019-1000019.patch
new file mode 100644
index 0000000000..f6f1add5e0
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2019-1000019.patch
@@ -0,0 +1,59 @@
+CVE: CVE-2018-1000019
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 65a23f5dbee4497064e9bb467f81138a62b0dae1 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 1 Jan 2019 16:01:40 +1100
+Subject: [PATCH 2/2] 7zip: fix crash when parsing certain archives
+
+Fuzzing with CRCs disabled revealed that a call to get_uncompressed_data()
+would sometimes fail to return at least 'minimum' bytes. This can cause
+the crc32() invocation in header_bytes to read off into invalid memory.
+
+A specially crafted archive can use this to cause a crash.
+
+An ASAN trace is below, but ASAN is not required - an uninstrumented
+binary will also crash.
+
+==7719==ERROR: AddressSanitizer: SEGV on unknown address 0x631000040000 (pc 0x7fbdb3b3ec1d bp 0x7ffe77a51310 sp 0x7ffe77a51150 T0)
+==7719==The signal is caused by a READ memory access.
+ #0 0x7fbdb3b3ec1c in crc32_z (/lib/x86_64-linux-gnu/libz.so.1+0x2c1c)
+ #1 0x84f5eb in header_bytes (/tmp/libarchive/bsdtar+0x84f5eb)
+ #2 0x856156 in read_Header (/tmp/libarchive/bsdtar+0x856156)
+ #3 0x84e134 in slurp_central_directory (/tmp/libarchive/bsdtar+0x84e134)
+ #4 0x849690 in archive_read_format_7zip_read_header (/tmp/libarchive/bsdtar+0x849690)
+ #5 0x5713b7 in _archive_read_next_header2 (/tmp/libarchive/bsdtar+0x5713b7)
+ #6 0x570e63 in _archive_read_next_header (/tmp/libarchive/bsdtar+0x570e63)
+ #7 0x6f08bd in archive_read_next_header (/tmp/libarchive/bsdtar+0x6f08bd)
+ #8 0x52373f in read_archive (/tmp/libarchive/bsdtar+0x52373f)
+ #9 0x5257be in tar_mode_x (/tmp/libarchive/bsdtar+0x5257be)
+ #10 0x51daeb in main (/tmp/libarchive/bsdtar+0x51daeb)
+ #11 0x7fbdb27cab96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
+ #12 0x41dd09 in _start (/tmp/libarchive/bsdtar+0x41dd09)
+
+This was primarly done with afl and FairFuzz. Some early corpus entries
+may have been generated by qsym.
+---
+ libarchive/archive_read_support_format_7zip.c | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
+index bccbf8966..b6d1505d3 100644
+--- a/libarchive/archive_read_support_format_7zip.c
++++ b/libarchive/archive_read_support_format_7zip.c
+@@ -2964,13 +2964,7 @@ get_uncompressed_data(struct archive_read *a, const void **buff, size_t size,
+ if (zip->codec == _7Z_COPY && zip->codec2 == (unsigned long)-1) {
+ /* Copy mode. */
+
+- /*
+- * Note: '1' here is a performance optimization.
+- * Recall that the decompression layer returns a count of
+- * available bytes; asking for more than that forces the
+- * decompressor to combine reads by copying data.
+- */
+- *buff = __archive_read_ahead(a, 1, &bytes_avail);
++ *buff = __archive_read_ahead(a, minimum, &bytes_avail);
+ if (bytes_avail <= 0) {
+ archive_set_error(&a->archive,
+ ARCHIVE_ERRNO_FILE_FORMAT,
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2019-1000020.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2019-1000020.patch
new file mode 100644
index 0000000000..3e63921346
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2019-1000020.patch
@@ -0,0 +1,61 @@
+CVE: CVE-2018-1000020
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 8312eaa576014cd9b965012af51bc1f967b12423 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 1 Jan 2019 17:10:49 +1100
+Subject: [PATCH 1/2] iso9660: Fail when expected Rockridge extensions is
+ missing
+
+A corrupted or malicious ISO9660 image can cause read_CE() to loop
+forever.
+
+read_CE() calls parse_rockridge(), expecting a Rockridge extension
+to be read. However, parse_rockridge() is structured as a while
+loop starting with a sanity check, and if the sanity check fails
+before the loop has run, the function returns ARCHIVE_OK without
+advancing the position in the file. This causes read_CE() to retry
+indefinitely.
+
+Make parse_rockridge() return ARCHIVE_WARN if it didn't read an
+extension. As someone with no real knowledge of the format, this
+seems more apt than ARCHIVE_FATAL, but both the call-sites escalate
+it to a fatal error immediately anyway.
+
+Found with a combination of AFL, afl-rb (FairFuzz) and qsym.
+---
+ libarchive/archive_read_support_format_iso9660.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c
+index 28acfefbb..bad8f1dfe 100644
+--- a/libarchive/archive_read_support_format_iso9660.c
++++ b/libarchive/archive_read_support_format_iso9660.c
+@@ -2102,6 +2102,7 @@ parse_rockridge(struct archive_read *a, struct file_info *file,
+ const unsigned char *p, const unsigned char *end)
+ {
+ struct iso9660 *iso9660;
++ int entry_seen = 0;
+
+ iso9660 = (struct iso9660 *)(a->format->data);
+
+@@ -2257,8 +2258,16 @@ parse_rockridge(struct archive_read *a, struct file_info *file,
+ }
+
+ p += p[2];
++ entry_seen = 1;
++ }
++
++ if (entry_seen)
++ return (ARCHIVE_OK);
++ else {
++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
++ "Tried to parse Rockridge extensions, but none found");
++ return (ARCHIVE_WARN);
+ }
+- return (ARCHIVE_OK);
+ }
+
+ static int
+
diff --git a/meta/recipes-extended/libarchive/libarchive_3.3.3.bb b/meta/recipes-extended/libarchive/libarchive_3.3.3.bb
index 46a3d43762..af5ca65297 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.3.3.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.3.3.bb
@@ -34,6 +34,12 @@ EXTRA_OECONF += "--enable-largefile"
SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
file://non-recursive-extract-and-list.patch \
file://bug1066.patch \
+ file://CVE-2018-1000877.patch \
+ file://CVE-2018-1000878.patch \
+ file://CVE-2018-1000879.patch \
+ file://CVE-2018-1000880.patch \
+ file://CVE-2019-1000019.patch \
+ file://CVE-2019-1000020.patch \
"
SRC_URI[md5sum] = "4038e366ca5b659dae3efcc744e72120"
diff --git a/meta/recipes-extended/libsolv/libsolv/0003-Fix-Dereference-of-null-pointer.patch b/meta/recipes-extended/libsolv/libsolv/0003-Fix-Dereference-of-null-pointer.patch
new file mode 100644
index 0000000000..b10fd82770
--- /dev/null
+++ b/meta/recipes-extended/libsolv/libsolv/0003-Fix-Dereference-of-null-pointer.patch
@@ -0,0 +1,33 @@
+From fcd9e3aba122a220af617a802c4f47bad4b51e64 Mon Sep 17 00:00:00 2001
+From: Jaroslav Rohel <jrohel@redhat.com>
+Date: Fri, 7 Dec 2018 07:05:10 +0100
+Subject: [PATCH] Fix: Dereference of null pointer
+Reply-To: muislam@microsoft.com
+CVE: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534
+
+Upstream-Status: Backport
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+
+Cherry picked from https://github.com/openSUSE/libsolv/pull/291/commits
+
+---
+ ext/repo_repomdxml.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/repo_repomdxml.c b/ext/repo_repomdxml.c
+index 760d481f..b2a5b8dd 100644
+--- a/ext/repo_repomdxml.c
++++ b/ext/repo_repomdxml.c
+@@ -181,7 +181,7 @@ startElement(struct solv_xmlparser *xmlp, int state, const char *name, const cha
+ while (value)
+ {
+ char *p = strchr(value, ',');
+- if (*p)
++ if (p)
+ *p++ = 0;
+ if (*value)
+ repodata_add_poolstr_array(pd->data, SOLVID_META, REPOSITORY_UPDATES, value);
+--
+2.23.0
+
diff --git a/meta/recipes-extended/libsolv/libsolv/0004-Fix-Add-va_end-before-return.patch b/meta/recipes-extended/libsolv/libsolv/0004-Fix-Add-va_end-before-return.patch
new file mode 100644
index 0000000000..fde19940ed
--- /dev/null
+++ b/meta/recipes-extended/libsolv/libsolv/0004-Fix-Add-va_end-before-return.patch
@@ -0,0 +1,36 @@
+From 58053b44c9ed043d48fa7dd595d213849b733f0f Mon Sep 17 00:00:00 2001
+From: Jaroslav Rohel <jrohel@redhat.com>
+Date: Tue, 11 Dec 2018 09:50:06 +0100
+Subject: [PATCH] Fix: Add va_end() before return
+Reply-To: muislam@microsoft.com
+
+The va_end() performs cleanup.
+If va_end() is not called before a function that calls va_start() returns,
+the behavior is undefined.
+
+CVE: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534
+
+Upstream-Status: Backport
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+
+Cherry picked from https://github.com/openSUSE/libsolv/pull/291/commits
+---
+ src/pool.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/pool.c b/src/pool.c
+index 60cc0f49..f03b43f9 100644
+--- a/src/pool.c
++++ b/src/pool.c
+@@ -1505,6 +1505,7 @@ pool_debug(Pool *pool, int type, const char *format, ...)
+ vprintf(format, args);
+ else
+ vfprintf(stderr, format, args);
++ va_end(args);
+ return;
+ }
+ vsnprintf(buf, sizeof(buf), format, args);
+--
+2.23.0
+
diff --git a/meta/recipes-extended/libsolv/libsolv/0005-Fix-Memory-leaks.patch b/meta/recipes-extended/libsolv/libsolv/0005-Fix-Memory-leaks.patch
new file mode 100644
index 0000000000..85398a82ec
--- /dev/null
+++ b/meta/recipes-extended/libsolv/libsolv/0005-Fix-Memory-leaks.patch
@@ -0,0 +1,158 @@
+From 6c99f33252d8bf8ff3e49013b8ad78aacf71c5d8 Mon Sep 17 00:00:00 2001
+From: Jaroslav Rohel <jrohel@redhat.com>
+Date: Tue, 11 Dec 2018 10:14:04 +0100
+Subject: [PATCH] Fix: Memory leaks
+Reply-To: muislam@microsoft.com
+
+CVE: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534
+
+Upstream-Status: Backport
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+
+Cherry picked from https://github.com/openSUSE/libsolv/pull/291/commits
+---
+ ext/repo_rpmdb.c | 16 ++++++++++++++++
+ ext/testcase.c | 4 ++++
+ tools/repo2solv.c | 1 +
+ 3 files changed, 21 insertions(+)
+
+diff --git a/ext/repo_rpmdb.c b/ext/repo_rpmdb.c
+index 75bb6780..ff939978 100644
+--- a/ext/repo_rpmdb.c
++++ b/ext/repo_rpmdb.c
+@@ -1939,6 +1939,8 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
+ if (fread(lead, 96 + 16, 1, fp) != 1 || getu32(lead) != 0xedabeedb)
+ {
+ pool_error(pool, -1, "%s: not a rpm", rpm);
++ solv_chksum_free(leadsigchksumh, NULL);
++ solv_chksum_free(chksumh, NULL);
+ fclose(fp);
+ return 0;
+ }
+@@ -1951,12 +1953,16 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
+ if (lead[78] != 0 || lead[79] != 5)
+ {
+ pool_error(pool, -1, "%s: not a rpm v5 header", rpm);
++ solv_chksum_free(leadsigchksumh, NULL);
++ solv_chksum_free(chksumh, NULL);
+ fclose(fp);
+ return 0;
+ }
+ if (getu32(lead + 96) != 0x8eade801)
+ {
+ pool_error(pool, -1, "%s: bad signature header", rpm);
++ solv_chksum_free(leadsigchksumh, NULL);
++ solv_chksum_free(chksumh, NULL);
+ fclose(fp);
+ return 0;
+ }
+@@ -1965,6 +1971,8 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
+ if (sigcnt >= MAX_SIG_CNT || sigdsize >= MAX_SIG_DSIZE)
+ {
+ pool_error(pool, -1, "%s: bad signature header", rpm);
++ solv_chksum_free(leadsigchksumh, NULL);
++ solv_chksum_free(chksumh, NULL);
+ fclose(fp);
+ return 0;
+ }
+@@ -1975,6 +1983,8 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
+ {
+ if (!headfromfp(&state, rpm, fp, lead + 96, sigcnt, sigdsize, sigpad, chksumh, leadsigchksumh))
+ {
++ solv_chksum_free(leadsigchksumh, NULL);
++ solv_chksum_free(chksumh, NULL);
+ fclose(fp);
+ return 0;
+ }
+@@ -2014,6 +2024,8 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
+ if (fread(lead, l, 1, fp) != 1)
+ {
+ pool_error(pool, -1, "%s: unexpected EOF", rpm);
++ solv_chksum_free(leadsigchksumh, NULL);
++ solv_chksum_free(chksumh, NULL);
+ fclose(fp);
+ return 0;
+ }
+@@ -2034,6 +2046,7 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
+ if (fread(lead, 16, 1, fp) != 1)
+ {
+ pool_error(pool, -1, "%s: unexpected EOF", rpm);
++ solv_chksum_free(chksumh, NULL);
+ fclose(fp);
+ return 0;
+ }
+@@ -2042,6 +2055,7 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
+ if (getu32(lead) != 0x8eade801)
+ {
+ pool_error(pool, -1, "%s: bad header", rpm);
++ solv_chksum_free(chksumh, NULL);
+ fclose(fp);
+ return 0;
+ }
+@@ -2050,6 +2064,7 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
+ if (sigcnt >= MAX_HDR_CNT || sigdsize >= MAX_HDR_DSIZE)
+ {
+ pool_error(pool, -1, "%s: bad header", rpm);
++ solv_chksum_free(chksumh, NULL);
+ fclose(fp);
+ return 0;
+ }
+@@ -2057,6 +2072,7 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
+
+ if (!headfromfp(&state, rpm, fp, lead, sigcnt, sigdsize, 0, chksumh, 0))
+ {
++ solv_chksum_free(chksumh, NULL);
+ fclose(fp);
+ return 0;
+ }
+diff --git a/ext/testcase.c b/ext/testcase.c
+index aa72a8d7..3901d90d 100644
+--- a/ext/testcase.c
++++ b/ext/testcase.c
+@@ -2348,6 +2348,7 @@ testcase_write_mangled(Solver *solv, const char *dir, int resultflags, const cha
+ if (fclose(fp))
+ {
+ pool_error(solv->pool, 0, "testcase_write: write error");
++ solv_free(result);
+ strqueue_free(&sq);
+ return 0;
+ }
+@@ -2360,12 +2361,14 @@ testcase_write_mangled(Solver *solv, const char *dir, int resultflags, const cha
+ if (!(fp = fopen(out, "w")))
+ {
+ pool_error(solv->pool, 0, "testcase_write: could not open '%s' for writing", out);
++ solv_free(cmd);
+ strqueue_free(&sq);
+ return 0;
+ }
+ if (*cmd && fwrite(cmd, strlen(cmd), 1, fp) != 1)
+ {
+ pool_error(solv->pool, 0, "testcase_write: write error");
++ solv_free(cmd);
+ strqueue_free(&sq);
+ fclose(fp);
+ return 0;
+@@ -2373,6 +2376,7 @@ testcase_write_mangled(Solver *solv, const char *dir, int resultflags, const cha
+ if (fclose(fp))
+ {
+ pool_error(solv->pool, 0, "testcase_write: write error");
++ solv_free(cmd);
+ strqueue_free(&sq);
+ return 0;
+ }
+diff --git a/tools/repo2solv.c b/tools/repo2solv.c
+index e055e408..30a41f42 100644
+--- a/tools/repo2solv.c
++++ b/tools/repo2solv.c
+@@ -208,6 +208,7 @@ read_plaindir_repo(Repo *repo, const char *dir)
+ repodata_set_location(data, p, 0, 0, bp[0] == '.' && bp[1] == '/' ? bp + 2 : bp);
+ solv_free(rpm);
+ }
++ solv_free(buf);
+ fclose(fp);
+ while (waitpid(pid, &wstatus, 0) == -1)
+ {
+--
+2.23.0
+
diff --git a/meta/recipes-extended/libsolv/libsolv/0006-Fix-testsolv-segfault.patch b/meta/recipes-extended/libsolv/libsolv/0006-Fix-testsolv-segfault.patch
new file mode 100644
index 0000000000..559aefb1ec
--- /dev/null
+++ b/meta/recipes-extended/libsolv/libsolv/0006-Fix-testsolv-segfault.patch
@@ -0,0 +1,41 @@
+From 823bf65087a017d2f488f01e09ee284fa36f7446 Mon Sep 17 00:00:00 2001
+From: Jaroslav Rohel <jrohel@redhat.com>
+Date: Tue, 11 Dec 2018 10:22:09 +0100
+Subject: [PATCH] Fix: testsolv segfault
+Reply-To: muislam@microsoft.com
+
+ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fab0e11bf2b bp 0x7ffdfc044b70 sp 0x7ffdfc044a90 T0)
+0 0x7fab0e11bf2a in testcase_str2dep_complex /home/company/real_sanitize/libsolv-master/ext/testcase.c:577
+1 0x7fab0e11c80f in testcase_str2dep /home/company/real_sanitize/libsolv-master/ext/testcase.c:656
+2 0x7fab0e12e64a in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2952
+3 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148
+4 0x7fab0d9d2a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
+5 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8)
+
+CVE: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534
+
+Upstream-Status: Backport
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+
+Cherry picked from https://github.com/openSUSE/libsolv/pull/291/commits
+---
+ ext/testcase.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/ext/testcase.c b/ext/testcase.c
+index 3901d90d..dd20de14 100644
+--- a/ext/testcase.c
++++ b/ext/testcase.c
+@@ -571,6 +571,8 @@ testcase_str2dep_complex(Pool *pool, const char **sp, int relop)
+ Id flags, id, id2, namespaceid = 0;
+ struct oplist *op;
+
++ if (!s)
++ return 0;
+ while (*s == ' ' || *s == '\t')
+ s++;
+ if (!strncmp(s, "namespace:", 10))
+--
+2.23.0
+
diff --git a/meta/recipes-extended/libsolv/libsolv/0007-Fix-testsolv-segfaults.patch b/meta/recipes-extended/libsolv/libsolv/0007-Fix-testsolv-segfaults.patch
new file mode 100644
index 0000000000..5c13ce5e9d
--- /dev/null
+++ b/meta/recipes-extended/libsolv/libsolv/0007-Fix-testsolv-segfaults.patch
@@ -0,0 +1,47 @@
+From 43928ee565b9c4f69daa1875da66f92b2d5bf932 Mon Sep 17 00:00:00 2001
+From: Jaroslav Rohel <jrohel@redhat.com>
+Date: Tue, 11 Dec 2018 10:27:15 +0100
+Subject: [PATCH] Fix: testsolv segfaults
+Reply-To: muislam@microsoft.com
+
+ERROR: AddressSanitizer: SEGV on unknown address 0x0000000002f0 (pc 0x7f31501d3bd2 bp 0x7ffcfe4d4a50 sp 0x7ffcfe4d4a30 T0)
+0 0x7f31501d3bd1 in pool_whatprovides /home/company/real_sanitize/libsolv-master/src/pool.h:331
+1 0x7f31501d895e in testcase_str2solvid /home/company/real_sanitize/libsolv-master/ext/testcase.c:793
+2 0x7f31501e8388 in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2807
+3 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148
+4 0x7f314fa8da3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
+5 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8)
+
+ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f5af9e7815f bp 0x7ffc4c843a40 sp 0x7ffc4c8436c0 T0)
+0 0x7f5af9e7815e in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2799
+1 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148
+2 0x7f5af971da3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
+3 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8)
+
+CVE: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534
+
+Upstream-Status: Backport
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+
+Cherry picked from https://github.com/openSUSE/libsolv/pull/291/commits
+---
+ ext/testcase.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/testcase.c b/ext/testcase.c
+index dd20de14..83467fe2 100644
+--- a/ext/testcase.c
++++ b/ext/testcase.c
+@@ -2772,7 +2772,7 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
+ {
+ int i = strlen(pieces[1]);
+ s = strchr(pieces[1], '(');
+- if (!s && pieces[1][i - 1] != ')')
++ if (!s || pieces[1][i - 1] != ')')
+ {
+ pool_error(pool, 0, "testcase_read: bad namespace '%s'", pieces[1]);
+ }
+--
+2.23.0
+
diff --git a/meta/recipes-extended/libsolv/libsolv/0008-Fix-Be-sure-that-NONBLOCK-is-set.patch b/meta/recipes-extended/libsolv/libsolv/0008-Fix-Be-sure-that-NONBLOCK-is-set.patch
new file mode 100644
index 0000000000..fdea9dbdb5
--- /dev/null
+++ b/meta/recipes-extended/libsolv/libsolv/0008-Fix-Be-sure-that-NONBLOCK-is-set.patch
@@ -0,0 +1,37 @@
+From ebb51f73491987435664ac14b79bebe16ffbdd5c Mon Sep 17 00:00:00 2001
+From: Jaroslav Rohel <jrohel@redhat.com>
+Date: Tue, 11 Dec 2018 12:40:42 +0100
+Subject: [PATCH] Fix: Be sure that NONBLOCK is set
+Reply-To: muislam@microsoft.com
+
+CVE: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534
+
+Upstream-Status: Backport
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+
+Cherry picked from https://github.com/openSUSE/libsolv/pull/291/commits
+---
+ examples/solv/fastestmirror.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/examples/solv/fastestmirror.c b/examples/solv/fastestmirror.c
+index d2ebd97a..0ee4e73b 100644
+--- a/examples/solv/fastestmirror.c
++++ b/examples/solv/fastestmirror.c
+@@ -68,7 +68,11 @@ findfastest(char **urls, int nurls)
+ socks[i] = socket(result->ai_family, result->ai_socktype, result->ai_protocol);
+ if (socks[i] >= 0)
+ {
+- fcntl(socks[i], F_SETFL, O_NONBLOCK);
++ if (fcntl(socks[i], F_SETFL, O_NONBLOCK) == -1)
++ {
++ close(socks[i]);
++ socks[i] = -1;
++ }
+ if (connect(socks[i], result->ai_addr, result->ai_addrlen) == -1)
+ {
+ if (errno != EINPROGRESS)
+--
+2.23.0
+
diff --git a/meta/recipes-extended/libsolv/libsolv/0009-Don-t-set-values-that-are-never-read.patch b/meta/recipes-extended/libsolv/libsolv/0009-Don-t-set-values-that-are-never-read.patch
new file mode 100644
index 0000000000..8b4a993d22
--- /dev/null
+++ b/meta/recipes-extended/libsolv/libsolv/0009-Don-t-set-values-that-are-never-read.patch
@@ -0,0 +1,113 @@
+From edf87c92cf59c2eed9c1e33c51a47163da15d90b Mon Sep 17 00:00:00 2001
+From: Jaroslav Rohel <jrohel@redhat.com>
+Date: Tue, 11 Dec 2018 12:58:34 +0100
+Subject: [PATCH] Don't set values that are never read
+Reply-To: muislam@microsoft.com
+
+CVE: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534
+
+Upstream-Status: Backport
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+
+Cherry picked from https://github.com/openSUSE/libsolv/pull/291/commits
+---
+ ext/pool_fileconflicts.c | 1 -
+ ext/repo_appdata.c | 2 +-
+ ext/repo_comps.c | 2 +-
+ src/cleandeps.c | 1 -
+ src/dirpool.c | 2 +-
+ src/order.c | 1 -
+ src/repopage.c | 1 -
+ 7 files changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/ext/pool_fileconflicts.c b/ext/pool_fileconflicts.c
+index eaeb52b2..2fd3d540 100644
+--- a/ext/pool_fileconflicts.c
++++ b/ext/pool_fileconflicts.c
+@@ -590,7 +590,6 @@ findfileconflicts_alias_cb(void *cbdatav, const char *fn, struct filelistinfo *i
+
+ if (!info->dirlen)
+ return;
+- dp = fn + info->dirlen;
+ if (info->diridx != cbdata->lastdiridx)
+ {
+ cbdata->lastdiridx = info->diridx;
+diff --git a/ext/repo_appdata.c b/ext/repo_appdata.c
+index 62faf2d8..69d46386 100644
+--- a/ext/repo_appdata.c
++++ b/ext/repo_appdata.c
+@@ -103,7 +103,7 @@ startElement(struct solv_xmlparser *xmlp, int state, const char *name, const cha
+ {
+ struct parsedata *pd = xmlp->userdata;
+ Pool *pool = pd->pool;
+- Solvable *s = pd->solvable;
++ Solvable *s;
+ const char *type;
+
+ /* ignore all language tags */
+diff --git a/ext/repo_comps.c b/ext/repo_comps.c
+index 255ecb16..e59f8d12 100644
+--- a/ext/repo_comps.c
++++ b/ext/repo_comps.c
+@@ -107,7 +107,7 @@ startElement(struct solv_xmlparser *xmlp, int state, const char *name, const cha
+ {
+ struct parsedata *pd = xmlp->userdata;
+ Pool *pool = pd->pool;
+- Solvable *s = pd->solvable;
++ Solvable *s;
+
+ switch(state)
+ {
+diff --git a/src/cleandeps.c b/src/cleandeps.c
+index 1da28f6e..b2fde317 100644
+--- a/src/cleandeps.c
++++ b/src/cleandeps.c
+@@ -748,7 +748,6 @@ solver_createcleandepsmap(Solver *solv, Map *cleandepsmap, int unneeded)
+ continue;
+ if (strncmp(pool_id2str(pool, s->name), "pattern:", 8) != 0)
+ continue;
+- dp = s->repo->idarraydata + s->requires;
+ for (dp = s->repo->idarraydata + s->requires; *dp; dp++)
+ FOR_PROVIDES(p, pp, *dp)
+ if (pool->solvables[p].repo == installed)
+diff --git a/src/dirpool.c b/src/dirpool.c
+index afb26ea5..bed9435e 100644
+--- a/src/dirpool.c
++++ b/src/dirpool.c
+@@ -85,7 +85,7 @@ dirpool_make_dirtraverse(Dirpool *dp)
+ return;
+ dp->dirs = solv_extend_resize(dp->dirs, dp->ndirs, sizeof(Id), DIR_BLOCK);
+ dirtraverse = solv_calloc_block(dp->ndirs, sizeof(Id), DIR_BLOCK);
+- for (parent = 0, i = 0; i < dp->ndirs; i++)
++ for (i = 0; i < dp->ndirs; i++)
+ {
+ if (dp->dirs[i] > 0)
+ continue;
+diff --git a/src/order.c b/src/order.c
+index c92c3328..cfde40c9 100644
+--- a/src/order.c
++++ b/src/order.c
+@@ -1066,7 +1066,6 @@ transaction_order(Transaction *trans, int flags)
+ #if 0
+ printf("do %s [%d]\n", pool_solvid2str(pool, te->p), temedianr[i]);
+ #endif
+- s = pool->solvables + te->p;
+ for (j = te->edges; od.invedgedata[j]; j++)
+ {
+ struct _TransactionElement *te2 = od.tes + od.invedgedata[j];
+diff --git a/src/repopage.c b/src/repopage.c
+index 2b7a863b..85d53eb9 100644
+--- a/src/repopage.c
++++ b/src/repopage.c
+@@ -399,7 +399,6 @@ match_done:
+ litlen -= 32;
+ }
+ }
+- litofs = 0;
+ }
+ return oo;
+ }
+--
+2.23.0
+
diff --git a/meta/recipes-extended/libsolv/libsolv_0.6.35.bb b/meta/recipes-extended/libsolv/libsolv_0.6.35.bb
index 12dfc5d3a2..ed6a7cbfd5 100644
--- a/meta/recipes-extended/libsolv/libsolv_0.6.35.bb
+++ b/meta/recipes-extended/libsolv/libsolv_0.6.35.bb
@@ -10,6 +10,13 @@ DEPENDS = "expat zlib"
SRC_URI = "git://github.com/openSUSE/libsolv.git"
SRC_URI_append_libc-musl = " file://0001-Add-fallback-fopencookie-implementation.patch \
file://0002-Fixes-to-internal-fopencookie-implementation.patch \
+ file://0003-Fix-Dereference-of-null-pointer.patch \
+ file://0004-Fix-Add-va_end-before-return.patch \
+ file://0005-Fix-Memory-leaks.patch \
+ file://0006-Fix-testsolv-segfault.patch \
+ file://0007-Fix-testsolv-segfaults.patch \
+ file://0008-Fix-Be-sure-that-NONBLOCK-is-set.patch \
+ file://0009-Don-t-set-values-that-are-never-read.patch \
"
SRCREV = "38c5374d4712667b0b6ada4bf78ddbb343095d0c"
diff --git a/meta/recipes-extended/lighttpd/lighttpd/fix-http-parseopts.patch b/meta/recipes-extended/lighttpd/lighttpd/fix-http-parseopts.patch
new file mode 100644
index 0000000000..f3a0402c4b
--- /dev/null
+++ b/meta/recipes-extended/lighttpd/lighttpd/fix-http-parseopts.patch
@@ -0,0 +1,51 @@
+CVE: CVE-2019-11072
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 32120d5b8b3203fc21ccb9eafb0eaf824bb59354 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Wed, 10 Apr 2019 11:28:10 -0400
+Subject: [PATCH] [core] fix abort in http-parseopts (fixes #2945)
+
+fix abort in server.http-parseopts with url-path-2f-decode enabled
+
+(thx stze)
+
+x-ref:
+ "Security - SIGABRT during GET request handling with url-path-2f-decode enabled"
+ https://redmine.lighttpd.net/issues/2945
+---
+ src/burl.c | 6 ++++--
+ src/t/test_burl.c | 2 ++
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/burl.c b/src/burl.c
+index 51182628..c4b928fd 100644
+--- a/src/burl.c
++++ b/src/burl.c
+@@ -252,8 +252,10 @@ static int burl_normalize_2F_to_slash_fix (buffer *b, int qs, int i)
+ }
+ }
+ if (qs >= 0) {
+- memmove(s+j, s+qs, blen - qs);
+- j += blen - qs;
++ const int qslen = blen - qs;
++ memmove(s+j, s+qs, (size_t)qslen);
++ qs = j;
++ j += qslen;
+ }
+ buffer_string_set_length(b, j);
+ return qs;
+diff --git a/src/t/test_burl.c b/src/t/test_burl.c
+index 7be9be50..f7a16815 100644
+--- a/src/t/test_burl.c
++++ b/src/t/test_burl.c
+@@ -97,6 +97,8 @@ static void test_burl_normalize (void) {
+ flags |= HTTP_PARSEOPT_URL_NORMALIZE_PATH_2F_DECODE;
+ run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/a/b?c=/"), CONST_STR_LEN("/a/b?c=/"));
+ run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/a/b?c=%2f"), CONST_STR_LEN("/a/b?c=/"));
++ run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("%2f?"), CONST_STR_LEN("/?"));
++ run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/%2f?"), CONST_STR_LEN("//?"));
+ run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/a%2fb"), CONST_STR_LEN("/a/b"));
+ run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/a%2Fb"), CONST_STR_LEN("/a/b"));
+ run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/a%2fb?c=/"), CONST_STR_LEN("/a/b?c=/"));
diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.51.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.51.bb
index f28fd2f690..5c828da5b0 100644
--- a/meta/recipes-extended/lighttpd/lighttpd_1.4.51.bb
+++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.51.bb
@@ -18,6 +18,7 @@ SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.t
file://lighttpd \
file://lighttpd.service \
file://0001-Use-pkg-config-for-pcre-dependency-instead-of-config.patch \
+ file://fix-http-parseopts.patch \
"
SRC_URI[md5sum] = "6e68c19601af332fa3c5f174245f59bf"
diff --git a/meta/recipes-extended/pam/libpam_1.3.0.bb b/meta/recipes-extended/pam/libpam_1.3.0.bb
index 3aec2cdb4c..cc1241020f 100644
--- a/meta/recipes-extended/pam/libpam_1.3.0.bb
+++ b/meta/recipes-extended/pam/libpam_1.3.0.bb
@@ -7,7 +7,9 @@ SECTION = "base"
# /etc/pam.d comes from Debian libpam-runtime in 2009-11 (at that time
# libpam-runtime-1.0.1 is GPLv2+), by openembedded
LICENSE = "GPLv2+ | BSD"
-LIC_FILES_CHKSUM = "file://COPYING;md5=7eb5c1bf854e8881005d673599ee74d3"
+LIC_FILES_CHKSUM = "file://COPYING;md5=7eb5c1bf854e8881005d673599ee74d3 \
+ file://libpamc/License;md5=a4da476a14c093fdc73be3c3c9ba8fb3 \
+ "
SRC_URI = "http://linux-pam.org/library/Linux-PAM-${PV}.tar.bz2 \
file://99_pam \
diff --git a/meta/recipes-extended/sudo/sudo/CVE-2019-14287_p1.patch b/meta/recipes-extended/sudo/sudo/CVE-2019-14287_p1.patch
new file mode 100644
index 0000000000..f954fac8fc
--- /dev/null
+++ b/meta/recipes-extended/sudo/sudo/CVE-2019-14287_p1.patch
@@ -0,0 +1,170 @@
+Treat an ID of -1 as invalid since that means "no change".
+Fixes CVE-2019-14287.
+Found by Joe Vennix from Apple Information Security.
+
+CVE: CVE-2019-14287
+Upstream-Status: Backport
+[https://www.sudo.ws/repos/sudo/rev/83db8dba09e7]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+
+Index: sudo-1.8.21p2/lib/util/strtoid.c
+===================================================================
+--- sudo-1.8.21p2.orig/lib/util/strtoid.c 2019-10-10 14:31:08.338476078 -0400
++++ sudo-1.8.21p2/lib/util/strtoid.c 2019-10-10 14:31:08.338476078 -0400
+@@ -42,6 +42,27 @@
+ #include "sudo_util.h"
+
+ /*
++ * Make sure that the ID ends with a valid separator char.
++ */
++static bool
++valid_separator(const char *p, const char *ep, const char *sep)
++{
++ bool valid = false;
++ debug_decl(valid_separator, SUDO_DEBUG_UTIL)
++
++ if (ep != p) {
++ /* check for valid separator (including '\0') */
++ if (sep == NULL)
++ sep = "";
++ do {
++ if (*ep == *sep)
++ valid = true;
++ } while (*sep++ != '\0');
++ }
++ debug_return_bool(valid);
++}
++
++/*
+ * Parse a uid/gid in string form.
+ * If sep is non-NULL, it contains valid separator characters (e.g. comma, space)
+ * If endp is non-NULL it is set to the next char after the ID.
+@@ -55,36 +76,33 @@ sudo_strtoid_v1(const char *p, const cha
+ char *ep;
+ id_t ret = 0;
+ long long llval;
+- bool valid = false;
+ debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+
+ /* skip leading space so we can pick up the sign, if any */
+ while (isspace((unsigned char)*p))
+ p++;
+- if (sep == NULL)
+- sep = "";
++
++ /* While id_t may be 64-bit signed, uid_t and gid_t are 32-bit unsigned. */
+ errno = 0;
+ llval = strtoll(p, &ep, 10);
+- if (ep != p) {
+- /* check for valid separator (including '\0') */
+- do {
+- if (*ep == *sep)
+- valid = true;
+- } while (*sep++ != '\0');
++ if ((errno == ERANGE && llval == LLONG_MAX) || llval > (id_t)UINT_MAX) {
++ errno = ERANGE;
++ if (errstr != NULL)
++ *errstr = N_("value too large");
++ goto done;
+ }
+- if (!valid) {
++ if ((errno == ERANGE && llval == LLONG_MIN) || llval < INT_MIN) {
++ errno = ERANGE;
+ if (errstr != NULL)
+- *errstr = N_("invalid value");
+- errno = EINVAL;
++ *errstr = N_("value too small");
+ goto done;
+ }
+- if (errno == ERANGE) {
+- if (errstr != NULL) {
+- if (llval == LLONG_MAX)
+- *errstr = N_("value too large");
+- else
+- *errstr = N_("value too small");
+- }
++
++ /* Disallow id -1, which means "no change". */
++ if (!valid_separator(p, ep, sep) || llval == -1 || llval == (id_t)UINT_MAX) {
++ if (errstr != NULL)
++ *errstr = N_("invalid value");
++ errno = EINVAL;
+ goto done;
+ }
+ ret = (id_t)llval;
+@@ -101,30 +119,15 @@ sudo_strtoid_v1(const char *p, const cha
+ {
+ char *ep;
+ id_t ret = 0;
+- bool valid = false;
+ debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+
+ /* skip leading space so we can pick up the sign, if any */
+ while (isspace((unsigned char)*p))
+ p++;
+- if (sep == NULL)
+- sep = "";
++
+ errno = 0;
+ if (*p == '-') {
+ long lval = strtol(p, &ep, 10);
+- if (ep != p) {
+- /* check for valid separator (including '\0') */
+- do {
+- if (*ep == *sep)
+- valid = true;
+- } while (*sep++ != '\0');
+- }
+- if (!valid) {
+- if (errstr != NULL)
+- *errstr = N_("invalid value");
+- errno = EINVAL;
+- goto done;
+- }
+ if ((errno == ERANGE && lval == LONG_MAX) || lval > INT_MAX) {
+ errno = ERANGE;
+ if (errstr != NULL)
+@@ -137,28 +140,31 @@ sudo_strtoid_v1(const char *p, const cha
+ *errstr = N_("value too small");
+ goto done;
+ }
+- ret = (id_t)lval;
+- } else {
+- unsigned long ulval = strtoul(p, &ep, 10);
+- if (ep != p) {
+- /* check for valid separator (including '\0') */
+- do {
+- if (*ep == *sep)
+- valid = true;
+- } while (*sep++ != '\0');
+- }
+- if (!valid) {
++
++ /* Disallow id -1, which means "no change". */
++ if (!valid_separator(p, ep, sep) || lval == -1) {
+ if (errstr != NULL)
+ *errstr = N_("invalid value");
+ errno = EINVAL;
+ goto done;
+ }
++ ret = (id_t)lval;
++ } else {
++ unsigned long ulval = strtoul(p, &ep, 10);
+ if ((errno == ERANGE && ulval == ULONG_MAX) || ulval > UINT_MAX) {
+ errno = ERANGE;
+ if (errstr != NULL)
+ *errstr = N_("value too large");
+ goto done;
+ }
++
++ /* Disallow id -1, which means "no change". */
++ if (!valid_separator(p, ep, sep) || ulval == UINT_MAX) {
++ if (errstr != NULL)
++ *errstr = N_("invalid value");
++ errno = EINVAL;
++ goto done;
++ }
+ ret = (id_t)ulval;
+ }
+ if (errstr != NULL)
diff --git a/meta/recipes-extended/sudo/sudo/CVE-2019-14287_p2.patch b/meta/recipes-extended/sudo/sudo/CVE-2019-14287_p2.patch
new file mode 100644
index 0000000000..dcb2703d23
--- /dev/null
+++ b/meta/recipes-extended/sudo/sudo/CVE-2019-14287_p2.patch
@@ -0,0 +1,98 @@
+CVE: CVE-2019-14287
+Upstream-Status: Backport
+[https://www.sudo.ws/repos/sudo/rev/db06a8336c09]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+
+Index: sudo-1.8.21p2/lib/util/regress/atofoo/atofoo_test.c
+===================================================================
+--- sudo-1.8.21p2.orig/lib/util/regress/atofoo/atofoo_test.c 2019-10-11 07:11:49.874655384 -0400
++++ sudo-1.8.21p2/lib/util/regress/atofoo/atofoo_test.c 2019-10-11 07:13:07.471005893 -0400
+@@ -24,6 +24,7 @@
+ #else
+ # include "compat/stdbool.h"
+ #endif
++#include <errno.h>
+
+ #include "sudo_compat.h"
+ #include "sudo_util.h"
+@@ -78,15 +79,20 @@ static struct strtoid_data {
+ id_t id;
+ const char *sep;
+ const char *ep;
++ int errnum;
+ } strtoid_data[] = {
+- { "0,1", 0, ",", "," },
+- { "10", 10, NULL, NULL },
+- { "-2", -2, NULL, NULL },
++ { "0,1", 0, ",", ",", 0 },
++ { "10", 10, NULL, NULL, 0 },
++ { "-1", 0, NULL, NULL, EINVAL },
++ { "4294967295", 0, NULL, NULL, EINVAL },
++ { "4294967296", 0, NULL, NULL, ERANGE },
++ { "-2147483649", 0, NULL, NULL, ERANGE },
++ { "-2", -2, NULL, NULL, 0 },
+ #if SIZEOF_ID_T != SIZEOF_LONG_LONG
+- { "-2", 4294967294U, NULL, NULL },
++ { "-2", (id_t)4294967294U, NULL, NULL, 0 },
+ #endif
+- { "4294967294", 4294967294U, NULL, NULL },
+- { NULL, 0, NULL, NULL }
++ { "4294967294", (id_t)4294967294U, NULL, NULL, 0 },
++ { NULL, 0, NULL, NULL, 0 }
+ };
+
+ static int
+@@ -102,11 +108,23 @@ test_strtoid(int *ntests)
+ (*ntests)++;
+ errstr = "some error";
+ value = sudo_strtoid(d->idstr, d->sep, &ep, &errstr);
+- if (errstr != NULL) {
+- if (d->id != (id_t)-1) {
+- sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
++ if (d->errnum != 0) {
++ if (errstr == NULL) {
++ sudo_warnx_nodebug("FAIL: %s: missing errstr for errno %d",
++ d->idstr, d->errnum);
++ errors++;
++ } else if (value != 0) {
++ sudo_warnx_nodebug("FAIL: %s should return 0 on error",
++ d->idstr);
++ errors++;
++ } else if (errno != d->errnum) {
++ sudo_warnx_nodebug("FAIL: %s: errno mismatch, %d != %d",
++ d->idstr, errno, d->errnum);
+ errors++;
+ }
++ } else if (errstr != NULL) {
++ sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
++ errors++;
+ } else if (value != d->id) {
+ sudo_warnx_nodebug("FAIL: %s != %u", d->idstr, (unsigned int)d->id);
+ errors++;
+Index: sudo-1.8.21p2/plugins/sudoers/regress/testsudoers/test5.out.ok
+===================================================================
+--- sudo-1.8.21p2.orig/plugins/sudoers/regress/testsudoers/test5.out.ok 2019-10-11 07:11:49.874655384 -0400
++++ sudo-1.8.21p2/plugins/sudoers/regress/testsudoers/test5.out.ok 2019-10-11 07:11:49.870655365 -0400
+@@ -4,7 +4,7 @@ Parse error in sudoers near line 1.
+ Entries for user root:
+
+ Command unmatched
+-testsudoers: test5.inc should be owned by gid 4294967295
++testsudoers: test5.inc should be owned by gid 4294967294
+ Parse error in sudoers near line 1.
+
+ Entries for user root:
+Index: sudo-1.8.21p2/plugins/sudoers/regress/testsudoers/test5.sh
+===================================================================
+--- sudo-1.8.21p2.orig/plugins/sudoers/regress/testsudoers/test5.sh 2019-10-11 07:11:49.874655384 -0400
++++ sudo-1.8.21p2/plugins/sudoers/regress/testsudoers/test5.sh 2019-10-11 07:11:49.870655365 -0400
+@@ -24,7 +24,7 @@ EOF
+
+ # Test group writable
+ chmod 664 $TESTFILE
+-./testsudoers -U $MYUID -G -1 root id <<EOF
++./testsudoers -U $MYUID -G -2 root id <<EOF
+ #include $TESTFILE
+ EOF
+
diff --git a/meta/recipes-extended/sudo/sudo_1.8.23.bb b/meta/recipes-extended/sudo/sudo_1.8.23.bb
index ce32bd187e..d12cf2d549 100644
--- a/meta/recipes-extended/sudo/sudo_1.8.23.bb
+++ b/meta/recipes-extended/sudo/sudo_1.8.23.bb
@@ -3,6 +3,8 @@ require sudo.inc
SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
file://0001-Include-sys-types.h-for-id_t-definition.patch \
+ file://CVE-2019-14287_p1.patch \
+ file://CVE-2019-14287_p2.patch \
"
PAM_SRC_URI = "file://sudo.pam"
diff --git a/meta/recipes-extended/tar/tar/CVE-2018-20482.patch b/meta/recipes-extended/tar/tar/CVE-2018-20482.patch
new file mode 100644
index 0000000000..2a13148427
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/CVE-2018-20482.patch
@@ -0,0 +1,405 @@
+From 331be56598b284d41370c67046df25673b040a55 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Thu, 27 Dec 2018 17:48:57 +0200
+Subject: [PATCH] Fix CVE-2018-20482
+
+* NEWS: Update.
+* src/sparse.c (sparse_dump_region): Handle short read condition.
+(sparse_extract_region,check_data_region): Fix dumped_size calculation.
+Handle short read condition.
+(pax_decode_header): Fix dumped_size calculation.
+* tests/Makefile.am: Add new testcases.
+* tests/testsuite.at: Likewise.
+
+* tests/sptrcreat.at: New file.
+* tests/sptrdiff00.at: New file.
+* tests/sptrdiff01.at: New file.
+
+CVE: CVE-2018-20482
+Upstream-Status: Backport
+[http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ src/sparse.c | 50 +++++++++++++++++++++++++++++++-----
+ tests/Makefile.am | 5 +++-
+ tests/sptrcreat.at | 62 +++++++++++++++++++++++++++++++++++++++++++++
+ tests/sptrdiff00.at | 55 ++++++++++++++++++++++++++++++++++++++++
+ tests/sptrdiff01.at | 55 ++++++++++++++++++++++++++++++++++++++++
+ tests/testsuite.at | 5 +++-
+ 6 files changed, 224 insertions(+), 8 deletions(-)
+ create mode 100644 tests/sptrcreat.at
+ create mode 100644 tests/sptrdiff00.at
+ create mode 100644 tests/sptrdiff01.at
+
+diff --git a/src/sparse.c b/src/sparse.c
+index 0830f62..e8e8259 100644
+--- a/src/sparse.c
++++ b/src/sparse.c
+@@ -1,6 +1,6 @@
+ /* Functions for dealing with sparse files
+
+- Copyright 2003-2007, 2010, 2013-2017 Free Software Foundation, Inc.
++ Copyright 2003-2007, 2010, 2013-2018 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by the
+@@ -427,6 +427,30 @@ sparse_dump_region (struct tar_sparse_file *file, size_t i)
+ bufsize);
+ return false;
+ }
++ else if (bytes_read == 0)
++ {
++ char buf[UINTMAX_STRSIZE_BOUND];
++ struct stat st;
++ size_t n;
++ if (fstat (file->fd, &st) == 0)
++ n = file->stat_info->stat.st_size - st.st_size;
++ else
++ n = file->stat_info->stat.st_size
++ - (file->stat_info->sparse_map[i].offset
++ + file->stat_info->sparse_map[i].numbytes
++ - bytes_left);
++
++ WARNOPT (WARN_FILE_SHRANK,
++ (0, 0,
++ ngettext ("%s: File shrank by %s byte; padding with zeros",
++ "%s: File shrank by %s bytes; padding with zeros",
++ n),
++ quotearg_colon (file->stat_info->orig_file_name),
++ STRINGIFY_BIGINT (n, buf)));
++ if (! ignore_failed_read_option)
++ set_exit_status (TAREXIT_DIFFERS);
++ return false;
++ }
+
+ memset (blk->buffer + bytes_read, 0, BLOCKSIZE - bytes_read);
+ bytes_left -= bytes_read;
+@@ -464,9 +488,9 @@ sparse_extract_region (struct tar_sparse_file *file, size_t i)
+ return false;
+ }
+ set_next_block_after (blk);
++ file->dumped_size += BLOCKSIZE;
+ count = blocking_write (file->fd, blk->buffer, wrbytes);
+ write_size -= count;
+- file->dumped_size += count;
+ mv_size_left (file->stat_info->archive_file_size - file->dumped_size);
+ file->offset += count;
+ if (count != wrbytes)
+@@ -598,6 +622,12 @@ check_sparse_region (struct tar_sparse_file *file, off_t beg, off_t end)
+ rdsize);
+ return false;
+ }
++ else if (bytes_read == 0)
++ {
++ report_difference (file->stat_info, _("Size differs"));
++ return false;
++ }
++
+ if (!zero_block_p (diff_buffer, bytes_read))
+ {
+ char begbuf[INT_BUFSIZE_BOUND (off_t)];
+@@ -609,6 +639,7 @@ check_sparse_region (struct tar_sparse_file *file, off_t beg, off_t end)
+
+ beg += bytes_read;
+ }
++
+ return true;
+ }
+
+@@ -635,6 +666,7 @@ check_data_region (struct tar_sparse_file *file, size_t i)
+ return false;
+ }
+ set_next_block_after (blk);
++ file->dumped_size += BLOCKSIZE;
+ bytes_read = safe_read (file->fd, diff_buffer, rdsize);
+ if (bytes_read == SAFE_READ_ERROR)
+ {
+@@ -645,7 +677,11 @@ check_data_region (struct tar_sparse_file *file, size_t i)
+ rdsize);
+ return false;
+ }
+- file->dumped_size += bytes_read;
++ else if (bytes_read == 0)
++ {
++ report_difference (&current_stat_info, _("Size differs"));
++ return false;
++ }
+ size_left -= bytes_read;
+ mv_size_left (file->stat_info->archive_file_size - file->dumped_size);
+ if (memcmp (blk->buffer, diff_buffer, rdsize))
+@@ -1213,7 +1249,8 @@ pax_decode_header (struct tar_sparse_file *file)
+ union block *blk;
+ char *p;
+ size_t i;
+-
++ off_t start;
++
+ #define COPY_BUF(b,buf,src) do \
+ { \
+ char *endp = b->buffer + BLOCKSIZE; \
+@@ -1229,7 +1266,6 @@ pax_decode_header (struct tar_sparse_file *file)
+ if (src == endp) \
+ { \
+ set_next_block_after (b); \
+- file->dumped_size += BLOCKSIZE; \
+ b = find_next_block (); \
+ if (!b) \
+ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive"))); \
+@@ -1242,8 +1278,8 @@ pax_decode_header (struct tar_sparse_file *file)
+ dst[-1] = 0; \
+ } while (0)
+
++ start = current_block_ordinal ();
+ set_next_block_after (current_header);
+- file->dumped_size += BLOCKSIZE;
+ blk = find_next_block ();
+ if (!blk)
+ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive")));
+@@ -1282,6 +1318,8 @@ pax_decode_header (struct tar_sparse_file *file)
+ sparse_add_map (file->stat_info, &sp);
+ }
+ set_next_block_after (blk);
++
++ file->dumped_size += BLOCKSIZE * (current_block_ordinal () - start);
+ }
+
+ return true;
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 2d7939d..ac3b6e7 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -1,6 +1,6 @@
+ # Makefile for GNU tar regression tests.
+
+-# Copyright 1996-1997, 1999-2001, 2003-2007, 2009, 2012-2015 Free Software
++# Copyright 1996-1997, 1999-2001, 2003-2007, 2009, 2012-2018 Free Software
+
+ # This file is part of GNU tar.
+
+@@ -228,6 +228,9 @@ TESTSUITE_AT = \
+ spmvp00.at\
+ spmvp01.at\
+ spmvp10.at\
++ sptrcreat.at\
++ sptrdiff00.at\
++ sptrdiff01.at\
+ time01.at\
+ time02.at\
+ truncate.at\
+diff --git a/tests/sptrcreat.at b/tests/sptrcreat.at
+new file mode 100644
+index 0000000..8e28f0e
+--- /dev/null
++++ b/tests/sptrcreat.at
+@@ -0,0 +1,62 @@
++# Process this file with autom4te to create testsuite. -*- Autotest -*-
++
++# Test suite for GNU tar.
++# Copyright 2018 Free Software Foundation, Inc.
++
++# This file is part of GNU tar.
++
++# GNU tar is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3 of the License, or
++# (at your option) any later version.
++
++# GNU tar is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License
++# along with this program. If not, see <http://www.gnu.org/licenses/>.
++
++# Tar up to 1.30 would loop endlessly if a sparse file had been truncated
++# while being archived (with --sparse flag).
++#
++# The bug has been assigned id CVE-2018-20482 (on the grounds that it is a
++# denial of service possibility).
++#
++# Reported by: Chris Siebenmann <cks.gnutar-01@cs.toronto.edu>
++# References: <20181226223948.781EB32008E@apps1.cs.toronto.edu>,
++# <http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html>
++# <https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug>
++# <https://nvd.nist.gov/vuln/detail/CVE-2018-20482>
++
++AT_SETUP([sparse file truncated while archiving])
++AT_KEYWORDS([truncate filechange sparse sptr sptrcreat])
++
++AT_TAR_CHECK([
++genfile --sparse --block-size=1024 --file foo \
++ 0 ABCDEFGHIJ 1M ABCDEFGHIJ 10M ABCDEFGHIJ 200M ABCDEFGHIJ
++genfile --file baz
++genfile --run --checkpoint 3 --length 200m --truncate foo -- \
++ tar --checkpoint=1 \
++ --checkpoint-action=echo \
++ --checkpoint-action=sleep=1 \
++ --sparse -vcf bar foo baz
++echo Exit status: $?
++echo separator
++genfile --file foo --seek 200m --length 11575296 --pattern=zeros
++tar dvf bar],
++[1],
++[foo
++baz
++Exit status: 1
++separator
++foo
++foo: Mod time differs
++baz
++],
++[tar: foo: File shrank by 11575296 bytes; padding with zeros
++],
++[],[],[posix, gnu, oldgnu])
++
++AT_CLEANUP
+diff --git a/tests/sptrdiff00.at b/tests/sptrdiff00.at
+new file mode 100644
+index 0000000..c410561
+--- /dev/null
++++ b/tests/sptrdiff00.at
+@@ -0,0 +1,55 @@
++# Process this file with autom4te to create testsuite. -*- Autotest -*-
++#
++# Test suite for GNU tar.
++# Copyright 2018 Free Software Foundation, Inc.
++#
++# This file is part of GNU tar.
++#
++# GNU tar is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3 of the License, or
++# (at your option) any later version.
++#
++# GNU tar is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program. If not, see <http://www.gnu.org/licenses/>.
++
++# While fixing CVE-2018-20482 (see sptrcreat.at) it has been discovered
++# that similar bug exists in file checking code (tar d).
++# This test case checks if tar correctly handles a short read condition
++# appearing in check_sparse_region.
++
++AT_SETUP([file truncated in sparse region while comparing])
++AT_KEYWORDS([truncate filechange sparse sptr sptrdiff diff])
++
++# This triggers short read in check_sparse_region.
++AT_TAR_CHECK([
++genfile --sparse --block-size=1024 --file foo \
++ 0 ABCDEFGHIJ 1M ABCDEFGHIJ 10M ABCDEFGHIJ 200M ABCDEFGHIJ
++genfile --file baz
++echo creating
++tar --sparse -vcf bar foo baz
++echo comparing
++genfile --run --checkpoint 3 --length 200m --truncate foo -- \
++ tar --checkpoint=1 \
++ --checkpoint-action=echo='Write checkpoint %u' \
++ --checkpoint-action=sleep=1 \
++ --sparse -vdf bar
++],
++[1],
++[creating
++foo
++baz
++comparing
++foo
++foo: Size differs
++baz
++],
++[],
++[],[],[posix, gnu, oldgnu])
++
++AT_CLEANUP
+diff --git a/tests/sptrdiff01.at b/tests/sptrdiff01.at
+new file mode 100644
+index 0000000..2da2267
+--- /dev/null
++++ b/tests/sptrdiff01.at
+@@ -0,0 +1,55 @@
++# Process this file with autom4te to create testsuite. -*- Autotest -*-
++#
++# Test suite for GNU tar.
++# Copyright 2018 Free Software Foundation, Inc.
++#
++# This file is part of GNU tar.
++#
++# GNU tar is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3 of the License, or
++# (at your option) any later version.
++#
++# GNU tar is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program. If not, see <http://www.gnu.org/licenses/>.
++
++# While fixing CVE-2018-20482 (see sptrcreat.at) it has been discovered
++# that similar bug exists in file checking code (tar d).
++# This test case checks if tar correctly handles a short read condition
++# appearing in check_data_region.
++
++AT_SETUP([file truncated in data region while comparing])
++AT_KEYWORDS([truncate filechange sparse sptr sptrdiff diff])
++
++# This triggers short read in check_data_region.
++AT_TAR_CHECK([
++genfile --sparse --block-size=1024 --file foo \
++ 0 ABCDEFGHIJ 1M ABCDEFGHIJ 10M ABCDEFGHIJ 200M ABCDEFGHIJ
++genfile --file baz
++echo creating
++tar --sparse -vcf bar foo baz
++echo comparing
++genfile --run --checkpoint 5 --length 221278210 --truncate foo -- \
++ tar --checkpoint=1 \
++ --checkpoint-action=echo='Write checkpoint %u' \
++ --checkpoint-action=sleep=1 \
++ --sparse -vdf bar
++],
++[1],
++[creating
++foo
++baz
++comparing
++foo
++foo: Size differs
++baz
++],
++[],
++[],[],[posix, gnu, oldgnu])
++
++AT_CLEANUP
+diff --git a/tests/testsuite.at b/tests/testsuite.at
+index 2a83757..23386f7 100644
+--- a/tests/testsuite.at
++++ b/tests/testsuite.at
+@@ -1,7 +1,7 @@
+ # Process this file with autom4te to create testsuite. -*- Autotest -*-
+
+ # Test suite for GNU tar.
+-# Copyright 2004-2008, 2010-2017 Free Software Foundation, Inc.
++# Copyright 2004-2008, 2010-2018 Free Software Foundation, Inc.
+
+ # This file is part of GNU tar.
+
+@@ -405,6 +405,9 @@ m4_include([sparsemv.at])
+ m4_include([spmvp00.at])
+ m4_include([spmvp01.at])
+ m4_include([spmvp10.at])
++m4_include([sptrcreat.at])
++m4_include([sptrdiff00.at])
++m4_include([sptrdiff01.at])
+
+ AT_BANNER([Updates])
+ m4_include([update.at])
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-extended/tar/tar/CVE-2019-9923.patch b/meta/recipes-extended/tar/tar/CVE-2019-9923.patch
new file mode 100644
index 0000000000..146cbffea5
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/CVE-2019-9923.patch
@@ -0,0 +1,38 @@
+From cb07844454d8cc9fb21f53ace75975f91185a120 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Mon, 14 Jan 2019 15:22:09 +0200
+Subject: [PATCH] Fix possible NULL dereference (savannah bug #55369)
+
+* src/sparse.c (pax_decode_header): Check return from find_next_block.
+
+Upstream-Status: Backport
+CVE: CVE-2019-9923
+Affects: tar < 1.32
+Signed-off-by: Armin kuster <akuster@mvista.com>
+
+---
+ src/sparse.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+Index: tar-1.30/src/sparse.c
+===================================================================
+--- tar-1.30.orig/src/sparse.c
++++ tar-1.30/src/sparse.c
+@@ -1231,6 +1231,8 @@ pax_decode_header (struct tar_sparse_fil
+ set_next_block_after (b); \
+ file->dumped_size += BLOCKSIZE; \
+ b = find_next_block (); \
++ if (!b) \
++ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive"))); \
+ src = b->buffer; \
+ endp = b->buffer + BLOCKSIZE; \
+ } \
+@@ -1243,6 +1245,8 @@ pax_decode_header (struct tar_sparse_fil
+ set_next_block_after (current_header);
+ file->dumped_size += BLOCKSIZE;
+ blk = find_next_block ();
++ if (!blk)
++ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive")));
+ p = blk->buffer;
+ COPY_BUF (blk,nbuf,p);
+ if (!decode_num (&u, nbuf, TYPE_MAXIMUM (size_t)))
diff --git a/meta/recipes-extended/tar/tar_1.30.bb b/meta/recipes-extended/tar/tar_1.30.bb
index bd24f4762f..7cf0522455 100644
--- a/meta/recipes-extended/tar/tar_1.30.bb
+++ b/meta/recipes-extended/tar/tar_1.30.bb
@@ -9,6 +9,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
file://remove-gets.patch \
file://musl_dirent.patch \
+ file://CVE-2019-9923.patch \
+ file://CVE-2018-20482.patch \
"
SRC_URI[md5sum] = "8404e4c1fc5a3000228ab2b8ad674a65"
diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
new file mode 100644
index 0000000000..1ade0075e6
--- /dev/null
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -0,0 +1,18 @@
+SUMMARY = "Timezone data"
+HOMEPAGE = "http://www.iana.org/time-zones"
+SECTION = "base"
+LICENSE = "PD & BSD & BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
+
+PV = "2019a"
+
+SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
+ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \
+ "
+
+UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
+
+SRC_URI[tzcode.md5sum] = "27585a20bc5401324f42c8deb6e4677f"
+SRC_URI[tzcode.sha256sum] = "8739f162bc30cdfb482435697f969253abea49595541a0afd5f443fbae433ff5"
+SRC_URI[tzdata.md5sum] = "288f7b1e43018c633da108f13b27cf91"
+SRC_URI[tzdata.sha256sum] = "90366ddf4aa03e37a16cd49255af77f801822310b213f195e2206ead48c59772"
diff --git a/meta/recipes-extended/timezone/tzcode-native.bb b/meta/recipes-extended/timezone/tzcode-native.bb
new file mode 100644
index 0000000000..e3582ba674
--- /dev/null
+++ b/meta/recipes-extended/timezone/tzcode-native.bb
@@ -0,0 +1,17 @@
+require timezone.inc
+
+#
+SUMMARY = "tzcode, timezone zoneinfo utils -- zic, zdump, tzselect"
+
+S = "${WORKDIR}"
+
+inherit native
+
+EXTRA_OEMAKE += "cc='${CC}'"
+
+do_install () {
+ install -d ${D}${bindir}/
+ install -m 755 zic ${D}${bindir}/
+ install -m 755 zdump ${D}${bindir}/
+ install -m 755 tzselect ${D}${bindir}/
+}
diff --git a/meta/recipes-extended/tzdata/tzdata_2018i.bb b/meta/recipes-extended/timezone/tzdata.bb
index 4482e89d32..7542ce52d2 100644
--- a/meta/recipes-extended/tzdata/tzdata_2018i.bb
+++ b/meta/recipes-extended/timezone/tzdata.bb
@@ -1,17 +1,7 @@
-SUMMARY = "Timezone data"
-HOMEPAGE = "http://www.iana.org/time-zones"
-SECTION = "base"
-LICENSE = "PD & BSD & BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
+require timezone.inc
DEPENDS = "tzcode-native"
-SRC_URI = "http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata"
-UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
-
-SRC_URI[tzdata.md5sum] = "b3f0a1a789480a036e58466cd0702477"
-SRC_URI[tzdata.sha256sum] = "82c45ef84ca3bc01d0a4a397ba8adeb8f7f199c6550740587c6ac5a7108c00d9"
-
inherit allarch
RCONFLICTS_${PN} = "timezones timezone-africa timezone-america timezone-antarctica \
diff --git a/meta/recipes-extended/tzcode/tzcode-native_2018i.bb b/meta/recipes-extended/tzcode/tzcode-native_2018i.bb
deleted file mode 100644
index f056370b4a..0000000000
--- a/meta/recipes-extended/tzcode/tzcode-native_2018i.bb
+++ /dev/null
@@ -1,30 +0,0 @@
-# note that we allow for us to use data later than our code version
-#
-SUMMARY = "tzcode, timezone zoneinfo utils -- zic, zdump, tzselect"
-LICENSE = "PD & BSD & BSD-3-Clause"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
-
-SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
- http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \
- "
-
-UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
-
-SRC_URI[tzcode.md5sum] = "6a6d98be8fa2fa3485e25343e79188b4"
-SRC_URI[tzcode.sha256sum] = "aaacdb876ca6fb9d58e244b462cbc7578a496b1b10994381b4b32b9f2ded32dc"
-SRC_URI[tzdata.md5sum] = "b3f0a1a789480a036e58466cd0702477"
-SRC_URI[tzdata.sha256sum] = "82c45ef84ca3bc01d0a4a397ba8adeb8f7f199c6550740587c6ac5a7108c00d9"
-
-S = "${WORKDIR}"
-
-inherit native
-
-EXTRA_OEMAKE += "cc='${CC}'"
-
-do_install () {
- install -d ${D}${bindir}/
- install -m 755 zic ${D}${bindir}/
- install -m 755 zdump ${D}${bindir}/
- install -m 755 tzselect ${D}${bindir}/
-}
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch b/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch
new file mode 100644
index 0000000000..d485a1bd6e
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch
@@ -0,0 +1,33 @@
+From 080d52c3c9416c731f637f9c6e003961ef43f079 Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Mon, 27 May 2019 08:20:32 -0700
+Subject: [PATCH 1/3] Fix bug in undefer_input() that misplaced the input
+ state.
+
+CVE: CVE-2019-13232
+Upstream-Status: Backport
+[https://github.com/madler/unzip/commit/41beb477c5744bc396fa1162ee0c14218ec12213]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ fileio.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/fileio.c b/fileio.c
+index 7605a29..14460f3 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -532,8 +532,10 @@ void undefer_input(__G)
+ * This condition was checked when G.incnt_leftover was set > 0 in
+ * defer_leftover_input(), and it is NOT allowed to touch G.csize
+ * before calling undefer_input() when (G.incnt_leftover > 0)
+- * (single exception: see read_byte()'s "G.csize <= 0" handling) !!
++ * (single exception: see readbyte()'s "G.csize <= 0" handling) !!
+ */
++ if (G.csize < 0L)
++ G.csize = 0L;
+ G.incnt = G.incnt_leftover + (int)G.csize;
+ G.inptr = G.inptr_leftover - (int)G.csize;
+ G.incnt_leftover = 0;
+--
+2.22.0.vfs.1.1.57.gbaf16c8
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch b/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch
new file mode 100644
index 0000000000..41037a8e24
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch
@@ -0,0 +1,356 @@
+From 1aae47fa8935654a84403768f32c03ecbb1be470 Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Tue, 11 Jun 2019 22:01:18 -0700
+Subject: [PATCH 2/3] Detect and reject a zip bomb using overlapped entries.
+
+This detects an invalid zip file that has at least one entry that
+overlaps with another entry or with the central directory to the
+end of the file. A Fifield zip bomb uses overlapped local entries
+to vastly increase the potential inflation ratio. Such an invalid
+zip file is rejected.
+
+See https://www.bamsoftware.com/hacks/zipbomb/ for David Fifield's
+analysis, construction, and examples of such zip bombs.
+
+The detection maintains a list of covered spans of the zip files
+so far, where the central directory to the end of the file and any
+bytes preceding the first entry at zip file offset zero are
+considered covered initially. Then as each entry is decompressed
+or tested, it is considered covered. When a new entry is about to
+be processed, its initial offset is checked to see if it is
+contained by a covered span. If so, the zip file is rejected as
+invalid.
+
+This commit depends on a preceding commit: "Fix bug in
+undefer_input() that misplaced the input state."
+
+CVE: CVE-2019-13232
+Upstream-Status: Backport
+[https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ extract.c | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ globals.c | 1 +
+ globals.h | 3 +
+ process.c | 10 +++
+ unzip.h | 1 +
+ 5 files changed, 204 insertions(+), 1 deletion(-)
+
+diff --git a/extract.c b/extract.c
+index 24db2a8..2bb72ba 100644
+--- a/extract.c
++++ b/extract.c
+@@ -321,6 +321,125 @@ static ZCONST char Far UnsupportedExtraField[] =
+ "\nerror: unsupported extra-field compression type (%u)--skipping\n";
+ static ZCONST char Far BadExtraFieldCRC[] =
+ "error [%s]: bad extra-field CRC %08lx (should be %08lx)\n";
++static ZCONST char Far NotEnoughMemCover[] =
++ "error: not enough memory for bomb detection\n";
++static ZCONST char Far OverlappedComponents[] =
++ "error: invalid zip file with overlapped components (possible zip bomb)\n";
++
++
++
++
++
++/* A growable list of spans. */
++typedef zoff_t bound_t;
++typedef struct {
++ bound_t beg; /* start of the span */
++ bound_t end; /* one past the end of the span */
++} span_t;
++typedef struct {
++ span_t *span; /* allocated, distinct, and sorted list of spans */
++ size_t num; /* number of spans in the list */
++ size_t max; /* allocated number of spans (num <= max) */
++} cover_t;
++
++/*
++ * Return the index of the first span in cover whose beg is greater than val.
++ * If there is no such span, then cover->num is returned.
++ */
++static size_t cover_find(cover, val)
++ cover_t *cover;
++ bound_t val;
++{
++ size_t lo = 0, hi = cover->num;
++ while (lo < hi) {
++ size_t mid = (lo + hi) >> 1;
++ if (val < cover->span[mid].beg)
++ hi = mid;
++ else
++ lo = mid + 1;
++ }
++ return hi;
++}
++
++/* Return true if val lies within any one of the spans in cover. */
++static int cover_within(cover, val)
++ cover_t *cover;
++ bound_t val;
++{
++ size_t pos = cover_find(cover, val);
++ return pos > 0 && val < cover->span[pos - 1].end;
++}
++
++/*
++ * Add a new span to the list, but only if the new span does not overlap any
++ * spans already in the list. The new span covers the values beg..end-1. beg
++ * must be less than end.
++ *
++ * Keep the list sorted and merge adjacent spans. Grow the allocated space for
++ * the list as needed. On success, 0 is returned. If the new span overlaps any
++ * existing spans, then 1 is returned and the new span is not added to the
++ * list. If the new span is invalid because beg is greater than or equal to
++ * end, then -1 is returned. If the list needs to be grown but the memory
++ * allocation fails, then -2 is returned.
++ */
++static int cover_add(cover, beg, end)
++ cover_t *cover;
++ bound_t beg;
++ bound_t end;
++{
++ size_t pos;
++ int prec, foll;
++
++ if (beg >= end)
++ /* The new span is invalid. */
++ return -1;
++
++ /* Find where the new span should go, and make sure that it does not
++ overlap with any existing spans. */
++ pos = cover_find(cover, beg);
++ if ((pos > 0 && beg < cover->span[pos - 1].end) ||
++ (pos < cover->num && end > cover->span[pos].beg))
++ return 1;
++
++ /* Check for adjacencies. */
++ prec = pos > 0 && beg == cover->span[pos - 1].end;
++ foll = pos < cover->num && end == cover->span[pos].beg;
++ if (prec && foll) {
++ /* The new span connects the preceding and following spans. Merge the
++ following span into the preceding span, and delete the following
++ span. */
++ cover->span[pos - 1].end = cover->span[pos].end;
++ cover->num--;
++ memmove(cover->span + pos, cover->span + pos + 1,
++ (cover->num - pos) * sizeof(span_t));
++ }
++ else if (prec)
++ /* The new span is adjacent only to the preceding span. Extend the end
++ of the preceding span. */
++ cover->span[pos - 1].end = end;
++ else if (foll)
++ /* The new span is adjacent only to the following span. Extend the
++ beginning of the following span. */
++ cover->span[pos].beg = beg;
++ else {
++ /* The new span has gaps between both the preceding and the following
++ spans. Assure that there is room and insert the span. */
++ if (cover->num == cover->max) {
++ size_t max = cover->max == 0 ? 16 : cover->max << 1;
++ span_t *span = realloc(cover->span, max * sizeof(span_t));
++ if (span == NULL)
++ return -2;
++ cover->span = span;
++ cover->max = max;
++ }
++ memmove(cover->span + pos + 1, cover->span + pos,
++ (cover->num - pos) * sizeof(span_t));
++ cover->num++;
++ cover->span[pos].beg = beg;
++ cover->span[pos].end = end;
++ }
++ return 0;
++}
+
+
+
+@@ -376,6 +495,29 @@ int extract_or_test_files(__G) /* return PK-type error code */
+ }
+ #endif /* !SFX || SFX_EXDIR */
+
++ /* One more: initialize cover structure for bomb detection. Start with a
++ span that covers the central directory though the end of the file. */
++ if (G.cover == NULL) {
++ G.cover = malloc(sizeof(cover_t));
++ if (G.cover == NULL) {
++ Info(slide, 0x401, ((char *)slide,
++ LoadFarString(NotEnoughMemCover)));
++ return PK_MEM;
++ }
++ ((cover_t *)G.cover)->span = NULL;
++ ((cover_t *)G.cover)->max = 0;
++ }
++ ((cover_t *)G.cover)->num = 0;
++ if ((G.extra_bytes != 0 &&
++ cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) ||
++ cover_add((cover_t *)G.cover,
++ G.extra_bytes + G.ecrec.offset_start_central_directory,
++ G.ziplen) != 0) {
++ Info(slide, 0x401, ((char *)slide,
++ LoadFarString(NotEnoughMemCover)));
++ return PK_MEM;
++ }
++
+ /*---------------------------------------------------------------------------
+ The basic idea of this function is as follows. Since the central di-
+ rectory lies at the end of the zipfile and the member files lie at the
+@@ -593,7 +735,8 @@ int extract_or_test_files(__G) /* return PK-type error code */
+ if (error > error_in_archive)
+ error_in_archive = error;
+ /* ...and keep going (unless disk full or user break) */
+- if (G.disk_full > 1 || error_in_archive == IZ_CTRLC) {
++ if (G.disk_full > 1 || error_in_archive == IZ_CTRLC ||
++ error == PK_BOMB) {
+ /* clear reached_end to signal premature stop ... */
+ reached_end = FALSE;
+ /* ... and cancel scanning the central directory */
+@@ -1062,6 +1205,11 @@ static int extract_or_test_entrylist(__G__ numchunk,
+
+ /* seek_zipf(__G__ pInfo->offset); */
+ request = G.pInfo->offset + G.extra_bytes;
++ if (cover_within((cover_t *)G.cover, request)) {
++ Info(slide, 0x401, ((char *)slide,
++ LoadFarString(OverlappedComponents)));
++ return PK_BOMB;
++ }
+ inbuf_offset = request % INBUFSIZ;
+ bufstart = request - inbuf_offset;
+
+@@ -1593,6 +1741,18 @@ reprompt:
+ return IZ_CTRLC; /* cancel operation by user request */
+ }
+ #endif
++ error = cover_add((cover_t *)G.cover, request,
++ G.cur_zipfile_bufstart + (G.inptr - G.inbuf));
++ if (error < 0) {
++ Info(slide, 0x401, ((char *)slide,
++ LoadFarString(NotEnoughMemCover)));
++ return PK_MEM;
++ }
++ if (error != 0) {
++ Info(slide, 0x401, ((char *)slide,
++ LoadFarString(OverlappedComponents)));
++ return PK_BOMB;
++ }
+ #ifdef MACOS /* MacOS is no preemptive OS, thus call event-handling by hand */
+ UserStop();
+ #endif
+@@ -1994,6 +2154,34 @@ static int extract_or_test_member(__G) /* return PK-type error code */
+ }
+
+ undefer_input(__G);
++
++ if ((G.lrec.general_purpose_bit_flag & 8) != 0) {
++ /* skip over data descriptor (harder than it sounds, due to signature
++ * ambiguity)
++ */
++# define SIG 0x08074b50
++# define LOW 0xffffffff
++ uch buf[12];
++ unsigned shy = 12 - readbuf((char *)buf, 12);
++ ulg crc = shy ? 0 : makelong(buf);
++ ulg clen = shy ? 0 : makelong(buf + 4);
++ ulg ulen = shy ? 0 : makelong(buf + 8); /* or high clen if ZIP64 */
++ if (crc == SIG && /* if not SIG, no signature */
++ (G.lrec.crc32 != SIG || /* if not SIG, have signature */
++ (clen == SIG && /* if not SIG, no signature */
++ ((G.lrec.csize & LOW) != SIG || /* if not SIG, have signature */
++ (ulen == SIG && /* if not SIG, no signature */
++ (G.zip64 ? G.lrec.csize >> 32 : G.lrec.ucsize) != SIG
++ /* if not SIG, have signature */
++ )))))
++ /* skip four more bytes to account for signature */
++ shy += 4 - readbuf((char *)buf, 4);
++ if (G.zip64)
++ shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */
++ if (shy)
++ error = PK_ERR;
++ }
++
+ return error;
+
+ } /* end function extract_or_test_member() */
+diff --git a/globals.c b/globals.c
+index fa8cca5..1e0f608 100644
+--- a/globals.c
++++ b/globals.c
+@@ -181,6 +181,7 @@ Uz_Globs *globalsCtor()
+ # if (!defined(NO_TIMESTAMPS))
+ uO.D_flag=1; /* default to '-D', no restoration of dir timestamps */
+ # endif
++ G.cover = NULL; /* not allocated yet */
+ #endif
+
+ uO.lflag=(-1);
+diff --git a/globals.h b/globals.h
+index 11b7215..2bdcdeb 100644
+--- a/globals.h
++++ b/globals.h
+@@ -260,12 +260,15 @@ typedef struct Globals {
+ ecdir_rec ecrec; /* used in unzip.c, extract.c */
+ z_stat statbuf; /* used by main, mapname, check_for_newer */
+
++ int zip64; /* true if Zip64 info in extra field */
++
+ int mem_mode;
+ uch *outbufptr; /* extract.c static */
+ ulg outsize; /* extract.c static */
+ int reported_backslash; /* extract.c static */
+ int disk_full;
+ int newfile;
++ void **cover; /* used in extract.c for bomb detection */
+
+ int didCRlast; /* fileio static */
+ ulg numlines; /* fileio static: number of lines printed */
+diff --git a/process.c b/process.c
+index a3c1a4d..208619c 100644
+--- a/process.c
++++ b/process.c
+@@ -637,6 +637,13 @@ void free_G_buffers(__G) /* releases all memory allocated in global vars */
+ }
+ #endif
+
++ /* Free the cover span list and the cover structure. */
++ if (G.cover != NULL) {
++ free(*(G.cover));
++ free(G.cover);
++ G.cover = NULL;
++ }
++
+ } /* end function free_G_buffers() */
+
+
+@@ -1905,6 +1912,7 @@ int getZip64Data(__G__ ef_buf, ef_len)
+
+ #define Z64FLGS 0xffff
+ #define Z64FLGL 0xffffffff
++ G.zip64 = FALSE;
+
+ if (ef_len == 0 || ef_buf == NULL)
+ return PK_COOL;
+@@ -1964,6 +1972,8 @@ int getZip64Data(__G__ ef_buf, ef_len)
+ G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);
+ offset += 4;
+ }
++
++ G.zip64 = TRUE;
+ #if 0
+ break; /* Expect only one EF_PKSZ64 block. */
+ #endif /* 0 */
+diff --git a/unzip.h b/unzip.h
+index 5b2a326..ed24a5b 100644
+--- a/unzip.h
++++ b/unzip.h
+@@ -645,6 +645,7 @@ typedef struct _Uzp_cdir_Rec {
+ #define PK_NOZIP 9 /* zipfile not found */
+ #define PK_PARAM 10 /* bad or illegal parameters specified */
+ #define PK_FIND 11 /* no files found */
++#define PK_BOMB 12 /* likely zip bomb */
+ #define PK_DISK 50 /* disk full */
+ #define PK_EOF 51 /* unexpected EOF */
+
+--
+2.22.0.vfs.1.1.57.gbaf16c8
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p3.patch b/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p3.patch
new file mode 100644
index 0000000000..fd26fdd833
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p3.patch
@@ -0,0 +1,121 @@
+From be88aa4811af47ca06d8b7dcda294f899eba70ea Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Thu, 25 Jul 2019 20:43:17 -0700
+Subject: [PATCH 3/3] Do not raise a zip bomb alert for a misplaced central
+ directory.
+
+There is a zip-like file in the Firefox distribution, omni.ja,
+which is a zip container with the central directory placed at the
+start of the file instead of after the local entries as required
+by the zip standard. This commit marks the actual location of the
+central directory, as well as the end of central directory records,
+as disallowed locations. This now permits such containers to not
+raise a zip bomb alert, where in fact there are no overlaps.
+
+CVE: CVE-2019-13232
+Upstream-Status: Backport
+[https://github.com/madler/unzip/commit/6d351831be705cc26d897db44f878a978f4138fc]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ extract.c | 25 +++++++++++++++++++------
+ process.c | 6 ++++++
+ unzpriv.h | 10 ++++++++++
+ 3 files changed, 35 insertions(+), 6 deletions(-)
+
+diff --git a/extract.c b/extract.c
+index 2bb72ba..a9dcca8 100644
+--- a/extract.c
++++ b/extract.c
+@@ -495,8 +495,11 @@ int extract_or_test_files(__G) /* return PK-type error code */
+ }
+ #endif /* !SFX || SFX_EXDIR */
+
+- /* One more: initialize cover structure for bomb detection. Start with a
+- span that covers the central directory though the end of the file. */
++ /* One more: initialize cover structure for bomb detection. Start with
++ spans that cover any extra bytes at the start, the central directory,
++ the end of central directory record (including the Zip64 end of central
++ directory locator, if present), and the Zip64 end of central directory
++ record, if present. */
+ if (G.cover == NULL) {
+ G.cover = malloc(sizeof(cover_t));
+ if (G.cover == NULL) {
+@@ -508,15 +511,25 @@ int extract_or_test_files(__G) /* return PK-type error code */
+ ((cover_t *)G.cover)->max = 0;
+ }
+ ((cover_t *)G.cover)->num = 0;
+- if ((G.extra_bytes != 0 &&
+- cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) ||
+- cover_add((cover_t *)G.cover,
++ if (cover_add((cover_t *)G.cover,
+ G.extra_bytes + G.ecrec.offset_start_central_directory,
+- G.ziplen) != 0) {
++ G.extra_bytes + G.ecrec.offset_start_central_directory +
++ G.ecrec.size_central_directory) != 0) {
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarString(NotEnoughMemCover)));
+ return PK_MEM;
+ }
++ if ((G.extra_bytes != 0 &&
++ cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) ||
++ (G.ecrec.have_ecr64 &&
++ cover_add((cover_t *)G.cover, G.ecrec.ec64_start,
++ G.ecrec.ec64_end) != 0) ||
++ cover_add((cover_t *)G.cover, G.ecrec.ec_start,
++ G.ecrec.ec_end) != 0) {
++ Info(slide, 0x401, ((char *)slide,
++ LoadFarString(OverlappedComponents)));
++ return PK_BOMB;
++ }
+
+ /*---------------------------------------------------------------------------
+ The basic idea of this function is as follows. Since the central di-
+diff --git a/process.c b/process.c
+index 208619c..5f8f6c6 100644
+--- a/process.c
++++ b/process.c
+@@ -1408,6 +1408,10 @@ static int find_ecrec64(__G__ searchlen) /* return PK-class error */
+
+ /* Now, we are (almost) sure that we have a Zip64 archive. */
+ G.ecrec.have_ecr64 = 1;
++ G.ecrec.ec_start -= ECLOC64_SIZE+4;
++ G.ecrec.ec64_start = ecrec64_start_offset;
++ G.ecrec.ec64_end = ecrec64_start_offset +
++ 12 + makeint64(&byterec[ECREC64_LENGTH]);
+
+ /* Update the "end-of-central-dir offset" for later checks. */
+ G.real_ecrec_offset = ecrec64_start_offset;
+@@ -1542,6 +1546,8 @@ static int find_ecrec(__G__ searchlen) /* return PK-class error */
+ makelong(&byterec[OFFSET_START_CENTRAL_DIRECTORY]);
+ G.ecrec.zipfile_comment_length =
+ makeword(&byterec[ZIPFILE_COMMENT_LENGTH]);
++ G.ecrec.ec_start = G.real_ecrec_offset;
++ G.ecrec.ec_end = G.ecrec.ec_start + 22 + G.ecrec.zipfile_comment_length;
+
+ /* Now, we have to read the archive comment, BEFORE the file pointer
+ is moved away backwards to seek for a Zip64 ECLOC64 structure.
+diff --git a/unzpriv.h b/unzpriv.h
+index c8d3eab..5e177c7 100644
+--- a/unzpriv.h
++++ b/unzpriv.h
+@@ -2185,6 +2185,16 @@ typedef struct VMStimbuf {
+ int have_ecr64; /* valid Zip64 ecdir-record exists */
+ int is_zip64_archive; /* Zip64 ecdir-record is mandatory */
+ ush zipfile_comment_length;
++ zusz_t ec_start, ec_end; /* offsets of start and end of the
++ end of central directory record,
++ including if present the Zip64
++ end of central directory locator,
++ which immediately precedes the
++ end of central directory record */
++ zusz_t ec64_start, ec64_end; /* if have_ecr64 is true, then these
++ are the offsets of the start and
++ end of the Zip64 end of central
++ directory record */
+ } ecdir_rec;
+
+
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index daba722722..464d73d0f3 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -22,6 +22,9 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
file://symlink.patch \
file://0001-unzip-fix-CVE-2018-1000035.patch \
file://CVE-2018-18384.patch \
+ file://CVE-2019-13232_p1.patch \
+ file://CVE-2019-13232_p2.patch \
+ file://CVE-2019-13232_p3.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
diff --git a/meta/recipes-extended/wget/wget/CVE-2018-20483_p1.patch b/meta/recipes-extended/wget/wget/CVE-2018-20483_p1.patch
new file mode 100644
index 0000000000..cbc4a127a8
--- /dev/null
+++ b/meta/recipes-extended/wget/wget/CVE-2018-20483_p1.patch
@@ -0,0 +1,73 @@
+From 6c5471e4834aebd7359d88b760b087136473bac8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Wed, 26 Dec 2018 13:51:48 +0100
+Subject: [PATCH 1/2] Don't use extended attributes (--xattr) by default
+
+* src/init.c (defaults): Set enable_xattr to false by default
+* src/main.c (print_help): Reverse option logic of --xattr
+* doc/wget.texi: Add description for --xattr
+
+Users may not be aware that the origin URL and Referer are saved
+including credentials, and possibly access tokens within
+the urls.
+
+CVE: CVE-2018-20483 patch 1
+Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/wget.git/commit/?id=c125d24762962d91050d925fbbd9e6f30b2302f8]
+Signed-off-by: Aviraj CJ <acj@cisco.com>
+---
+ doc/wget.texi | 8 ++++++++
+ src/init.c | 4 ----
+ src/main.c | 2 +-
+ 3 files changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/doc/wget.texi b/doc/wget.texi
+index eaf6b380..3f9d7c1c 100644
+--- a/doc/wget.texi
++++ b/doc/wget.texi
+@@ -540,6 +540,14 @@ right NUMBER.
+ Set preferred location for Metalink resources. This has effect if multiple
+ resources with same priority are available.
+
++@cindex xattr
++@item --xattr
++Enable use of file system's extended attributes to save the
++original URL and the Referer HTTP header value if used.
++
++Be aware that the URL might contain private information like
++access tokens or credentials.
++
+
+ @cindex force html
+ @item -F
+diff --git a/src/init.c b/src/init.c
+index eb81ab47..800970c5 100644
+--- a/src/init.c
++++ b/src/init.c
+@@ -509,11 +509,7 @@ defaults (void)
+ opt.hsts = true;
+ #endif
+
+-#ifdef ENABLE_XATTR
+- opt.enable_xattr = true;
+-#else
+ opt.enable_xattr = false;
+-#endif
+ }
+
+ /* Return the user's home directory (strdup-ed), or NULL if none is
+diff --git a/src/main.c b/src/main.c
+index 81db9319..6ac1621b 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -754,7 +754,7 @@ Download:\n"),
+ #endif
+ #ifdef ENABLE_XATTR
+ N_("\
+- --no-xattr turn off storage of metadata in extended file attributes\n"),
++ --xattr turn on storage of metadata in extended file attributes\n"),
+ #endif
+ "\n",
+
+--
+2.19.1
+
diff --git a/meta/recipes-extended/wget/wget/CVE-2018-20483_p2.patch b/meta/recipes-extended/wget/wget/CVE-2018-20483_p2.patch
new file mode 100644
index 0000000000..72ce8a0b33
--- /dev/null
+++ b/meta/recipes-extended/wget/wget/CVE-2018-20483_p2.patch
@@ -0,0 +1,127 @@
+From 5a4ee4f3c07cc5dc7ef5f7244fcf51fd2fa3bc67 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Wed, 26 Dec 2018 14:38:18 +0100
+Subject: [PATCH 2/2] Don't save user/pw with --xattr
+
+Also the Referer info is reduced to scheme+host+port.
+
+* src/ftp.c (getftp): Change params of set_file_metadata()
+* src/http.c (gethttp): Change params of set_file_metadata()
+* src/xattr.c (set_file_metadata): Remove user/password from origin URL,
+ reduce Referer value to scheme/host/port.
+* src/xattr.h: Change prototype of set_file_metadata()
+
+CVE: CVE-2018-20483 patch 2
+Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/wget.git/commit/?id=3cdfb594cf75f11cdbb9702ac5e856c332ccacfa]
+Signed-off-by: Aviraj CJ <acj@cisco.com>
+---
+ src/ftp.c | 2 +-
+ src/http.c | 4 ++--
+ src/xattr.c | 24 ++++++++++++++++++++----
+ src/xattr.h | 3 ++-
+ 4 files changed, 25 insertions(+), 8 deletions(-)
+
+diff --git a/src/ftp.c b/src/ftp.c
+index 69148936..db8a6267 100644
+--- a/src/ftp.c
++++ b/src/ftp.c
+@@ -1580,7 +1580,7 @@ Error in server response, closing control connection.\n"));
+
+ #ifdef ENABLE_XATTR
+ if (opt.enable_xattr)
+- set_file_metadata (u->url, NULL, fp);
++ set_file_metadata (u, NULL, fp);
+ #endif
+
+ fd_close (local_sock);
+diff --git a/src/http.c b/src/http.c
+index 77bdbbed..472c328f 100644
+--- a/src/http.c
++++ b/src/http.c
+@@ -4120,9 +4120,9 @@ gethttp (const struct url *u, struct url *original_url, struct http_stat *hs,
+ if (opt.enable_xattr)
+ {
+ if (original_url != u)
+- set_file_metadata (u->url, original_url->url, fp);
++ set_file_metadata (u, original_url, fp);
+ else
+- set_file_metadata (u->url, NULL, fp);
++ set_file_metadata (u, NULL, fp);
+ }
+ #endif
+
+diff --git a/src/xattr.c b/src/xattr.c
+index 66524226..0f20fadf 100644
+--- a/src/xattr.c
++++ b/src/xattr.c
+@@ -21,6 +21,7 @@
+ #include <string.h>
+
+ #include "log.h"
++#include "utils.h"
+ #include "xattr.h"
+
+ #ifdef USE_XATTR
+@@ -57,7 +58,7 @@ write_xattr_metadata (const char *name, const char *value, FILE *fp)
+ #endif /* USE_XATTR */
+
+ int
+-set_file_metadata (const char *origin_url, const char *referrer_url, FILE *fp)
++set_file_metadata (const struct url *origin_url, const struct url *referrer_url, FILE *fp)
+ {
+ /* Save metadata about where the file came from (requested, final URLs) to
+ * user POSIX Extended Attributes of retrieved file.
+@@ -67,13 +68,28 @@ set_file_metadata (const char *origin_url, const char *referrer_url, FILE *fp)
+ * [http://0pointer.de/lennart/projects/mod_mime_xattr/].
+ */
+ int retval = -1;
++ char *value;
+
+ if (!origin_url || !fp)
+ return retval;
+
+- retval = write_xattr_metadata ("user.xdg.origin.url", escnonprint_uri (origin_url), fp);
+- if ((!retval) && referrer_url)
+- retval = write_xattr_metadata ("user.xdg.referrer.url", escnonprint_uri (referrer_url), fp);
++ value = url_string (origin_url, URL_AUTH_HIDE);
++ retval = write_xattr_metadata ("user.xdg.origin.url", escnonprint_uri (value), fp);
++ xfree (value);
++
++ if (!retval && referrer_url)
++ {
++ struct url u;
++
++ memset(&u, 0, sizeof(u));
++ u.scheme = referrer_url->scheme;
++ u.host = referrer_url->host;
++ u.port = referrer_url->port;
++
++ value = url_string (&u, 0);
++ retval = write_xattr_metadata ("user.xdg.referrer.url", escnonprint_uri (value), fp);
++ xfree (value);
++ }
+
+ return retval;
+ }
+diff --git a/src/xattr.h b/src/xattr.h
+index 10f3ed11..40c7a8d3 100644
+--- a/src/xattr.h
++++ b/src/xattr.h
+@@ -16,12 +16,13 @@
+ along with this program; if not, see <http://www.gnu.org/licenses/>. */
+
+ #include <stdio.h>
++#include <url.h>
+
+ #ifndef _XATTR_H
+ #define _XATTR_H
+
+ /* Store metadata name/value attributes against fp. */
+-int set_file_metadata (const char *origin_url, const char *referrer_url, FILE *fp);
++int set_file_metadata (const struct url *origin_url, const struct url *referrer_url, FILE *fp);
+
+ #if defined(__linux)
+ /* libc on Linux has fsetxattr (5 arguments). */
+--
+2.19.1
+
diff --git a/meta/recipes-extended/wget/wget/CVE-2019-5953.patch b/meta/recipes-extended/wget/wget/CVE-2019-5953.patch
new file mode 100644
index 0000000000..e43e8e545b
--- /dev/null
+++ b/meta/recipes-extended/wget/wget/CVE-2019-5953.patch
@@ -0,0 +1,51 @@
+From 692d5c5215de0db482c252492a92fc424cc6a97c Mon Sep 17 00:00:00 2001
+From: Tim Ruehsen <tim.ruehsen@gmx.de>
+Date: Fri, 5 Apr 2019 11:50:44 +0200
+Subject: [PATCH] Fix a buffer overflow vulnerability
+
+* src/iri.c(do_conversion): Reallocate the output buffer to a larger
+ size if it is already full
+
+Upstream-Status: Backport
+http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c
+CVE: CVE-2019-5953
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/iri.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+Index: wget-1.19.5/src/iri.c
+===================================================================
+--- wget-1.19.5.orig/src/iri.c
++++ wget-1.19.5/src/iri.c
+@@ -151,8 +151,11 @@ do_conversion (const char *tocode, const
+ *out = s = xmalloc (outlen + 1);
+ done = 0;
+
++ DEBUGP (("iconv %s -> %s\n", tocode, fromcode));
++
+ for (;;)
+ {
++ DEBUGP (("iconv outlen=%d inlen=%d\n", outlen, inlen));
+ if (iconv (cd, (ICONV_CONST char **) &in, &inlen, out, &outlen) != (size_t)(-1) &&
+ iconv (cd, NULL, NULL, out, &outlen) != (size_t)(-1))
+ {
+@@ -187,11 +190,14 @@ do_conversion (const char *tocode, const
+ }
+ else if (errno == E2BIG) /* Output buffer full */
+ {
++ logprintf (LOG_VERBOSE,
++ _("Reallocate output buffer len=%d outlen=%d inlen=%d\n"), len, outlen, inlen);
+ tooshort++;
+ done = len;
+- len = outlen = done + inlen * 2;
+- s = xrealloc (s, outlen + 1);
+- *out = s + done;
++ len = done + inlen * 2;
++ s = xrealloc (s, len + 1);
++ *out = s + done - outlen;
++ outlen += inlen * 2;
+ }
+ else /* Weird, we got an unspecified error */
+ {
diff --git a/meta/recipes-extended/wget/wget_1.19.5.bb b/meta/recipes-extended/wget/wget_1.19.5.bb
index e37d8c7847..a53844bb8f 100644
--- a/meta/recipes-extended/wget/wget_1.19.5.bb
+++ b/meta/recipes-extended/wget/wget_1.19.5.bb
@@ -1,6 +1,9 @@
SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
file://0002-improve-reproducibility.patch \
+ file://CVE-2019-5953.patch \
+ file://CVE-2018-20483_p1.patch \
+ file://CVE-2018-20483_p2.patch \
"
SRC_URI[md5sum] = "2db6f03d655041f82eb64b8c8a1fa7da"
diff --git a/meta/recipes-gnome/gnome/adwaita-icon-theme_3.28.0.bb b/meta/recipes-gnome/gnome/adwaita-icon-theme_3.28.0.bb
index 40dd35ba30..6e453a0163 100644
--- a/meta/recipes-gnome/gnome/adwaita-icon-theme_3.28.0.bb
+++ b/meta/recipes-gnome/gnome/adwaita-icon-theme_3.28.0.bb
@@ -18,13 +18,6 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
SRC_URI[md5sum] = "b25b2d82cbebf2cc9cd469457b604f2c"
SRC_URI[sha256sum] = "7aae8c1dffd6772fd1a21a3d365a0ea28b7c3988bdbbeafbf8742cda68242150"
-do_install_append() {
- # Build uses gtk-encode-symbolic-svg to create png versions:
- # no need to store the svgs anymore.
- rm -f ${D}${prefix}/share/icons/Adwaita/scalable/*/*-symbolic.svg \
- ${D}${prefix}/share/icons/Adwaita/scalable/*/*-symbolic-rtl.svg
-}
-
PACKAGES = "${PN}-cursors ${PN}-symbolic-hires ${PN}-symbolic ${PN}-hires ${PN}"
RREPLACES_${PN} = "gnome-icon-theme"
@@ -37,7 +30,8 @@ FILES_${PN}-symbolic-hires = "${prefix}/share/icons/Adwaita/96x96/*/*.symbolic.p
${prefix}/share/icons/Adwaita/48x48/*/*.symbolic.png \
${prefix}/share/icons/Adwaita/32x32/*/*.symbolic.png"
FILES_${PN}-symbolic = "${prefix}/share/icons/Adwaita/16x16/*/*.symbolic.png \
- ${prefix}/share/icons/Adwaita/24x24/*/*.symbolic.png"
+ ${prefix}/share/icons/Adwaita/24x24/*/*.symbolic.png \
+ ${prefix}/share/icons/Adwaita/scalable/*/*-symbolic*.svg"
FILES_${PN}-hires = "${prefix}/share/icons/Adwaita/256x256/ \
${prefix}/share/icons/Adwaita/512x512/"
FILES_${PN} = "${prefix}/share/icons/Adwaita/ \
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
new file mode 100644
index 0000000000..5232cf70c6
--- /dev/null
+++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
@@ -0,0 +1,19 @@
+There is a potential infinite-loop in function _arc_error_normalized().
+
+CVE: CVE-2019-6461
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/src/cairo-arc.c b/src/cairo-arc.c
+index 390397bae..f9249dbeb 100644
+--- a/src/cairo-arc.c
++++ b/src/cairo-arc.c
+@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
+ do {
+ angle = M_PI / i++;
+ error = _arc_error_normalized (angle);
+- } while (error > tolerance);
++ } while (error > tolerance && error > __DBL_EPSILON__);
+
+ return angle;
+ }
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
new file mode 100644
index 0000000000..4e4598c5b5
--- /dev/null
+++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
@@ -0,0 +1,20 @@
+There is an assertion in function _cairo_arc_in_direction().
+
+CVE: CVE-2019-6462
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/src/cairo-arc.c b/src/cairo-arc.c
+index 390397bae..1bde774a4 100644
+--- a/src/cairo-arc.c
++++ b/src/cairo-arc.c
+@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
+ if (cairo_status (cr))
+ return;
+
+- assert (angle_max >= angle_min);
++ if (angle_max < angle_min)
++ return;
+
+ if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
+ angle_max = fmod (angle_max - angle_min, 2 * M_PI);
diff --git a/meta/recipes-graphics/cairo/cairo_1.14.12.bb b/meta/recipes-graphics/cairo/cairo_1.14.12.bb
index 18b947948a..08026c462d 100644
--- a/meta/recipes-graphics/cairo/cairo_1.14.12.bb
+++ b/meta/recipes-graphics/cairo/cairo_1.14.12.bb
@@ -25,6 +25,8 @@ DEPENDS = "fontconfig glib-2.0 libpng pixman zlib"
SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \
file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \
file://0001-cairo-Fix-CVE-2017-9814.patch \
+ file://CVE-2019-6461.patch \
+ file://CVE-2019-6462.patch \
"
SRC_URI[md5sum] = "9f0db9dbfca0966be8acd682e636d165"
diff --git a/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7572.patch b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7572.patch
new file mode 100644
index 0000000000..c41c2de0f3
--- /dev/null
+++ b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7572.patch
@@ -0,0 +1,114 @@
+# HG changeset patch
+# User Petr Písař <ppisar@redhat.com>
+# Date 1560182231 25200
+# Mon Jun 10 08:57:11 2019 -0700
+# Branch SDL-1.2
+# Node ID a8afedbcaea0e84921dc770195c4699bda3ccdc5
+# Parent faf9abbcfb5fe0d0ca23c4bf0394aa226ceccf02
+CVE-2019-7572: Fix a buffer overwrite in IMA_ADPCM_decode
+If data chunk was longer than expected based on a WAV format
+definition, IMA_ADPCM_decode() tried to write past the output
+buffer. This patch fixes it.
+
+Based on patch from
+<https://bugzilla.libsdl.org/show_bug.cgi?id=4496>.
+
+CVE-2019-7572
+https://bugzilla.libsdl.org/show_bug.cgi?id=4495
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+# HG changeset patch
+# User Petr Písař <ppisar@redhat.com>
+# Date 1560041863 25200
+# Sat Jun 08 17:57:43 2019 -0700
+# Branch SDL-1.2
+# Node ID e52413f5258600878f9a10d2f92605a729aa8976
+# Parent 4e73be7b47877ae11d2279bd916910d469d18f8e
+CVE-2019-7572: Fix a buffer overread in IMA_ADPCM_nibble
+If an IMA ADPCM block contained an initial index out of step table
+range (loaded in IMA_ADPCM_decode()), IMA_ADPCM_nibble() blindly used
+this bogus value and that lead to a buffer overread.
+
+This patch fixes it by moving clamping the index value at the
+beginning of IMA_ADPCM_nibble() function instead of the end after
+an update.
+
+CVE-2019-7572
+https://bugzilla.libsdl.org/show_bug.cgi?id=4495
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+CVE: CVE-2019-7572
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+diff -r faf9abbcfb5f -r a8afedbcaea0 src/audio/SDL_wave.c
+--- a/src/audio/SDL_wave.c Mon Jun 10 08:54:29 2019 -0700
++++ b/src/audio/SDL_wave.c Mon Jun 10 08:57:11 2019 -0700
+@@ -346,7 +346,7 @@
+ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ {
+ struct IMA_ADPCM_decodestate *state;
+- Uint8 *freeable, *encoded, *encoded_end, *decoded;
++ Uint8 *freeable, *encoded, *encoded_end, *decoded, *decoded_end;
+ Sint32 encoded_len, samplesleft;
+ unsigned int c, channels;
+
+@@ -373,6 +373,7 @@
+ return(-1);
+ }
+ decoded = *audio_buf;
++ decoded_end = decoded + *audio_len;
+
+ /* Get ready... Go! */
+ while ( encoded_len >= IMA_ADPCM_state.wavefmt.blockalign ) {
+@@ -392,6 +393,7 @@
+ }
+
+ /* Store the initial sample we start with */
++ if (decoded + 2 > decoded_end) goto invalid_size;
+ decoded[0] = (Uint8)(state[c].sample&0xFF);
+ decoded[1] = (Uint8)(state[c].sample>>8);
+ decoded += 2;
+@@ -402,6 +404,8 @@
+ while ( samplesleft > 0 ) {
+ for ( c=0; c<channels; ++c ) {
+ if (encoded + 4 > encoded_end) goto invalid_size;
++ if (decoded + 4 * 4 * channels > decoded_end)
++ goto invalid_size;
+ Fill_IMA_ADPCM_block(decoded, encoded,
+ c, channels, &state[c]);
+ encoded += 4;
+
+diff -r 4e73be7b4787 -r e52413f52586 src/audio/SDL_wave.c
+--- a/src/audio/SDL_wave.c Sat Jun 01 18:27:46 2019 +0100
++++ b/src/audio/SDL_wave.c Sat Jun 08 17:57:43 2019 -0700
+@@ -264,6 +264,14 @@
+ };
+ Sint32 delta, step;
+
++ /* Clamp index value. The inital value can be invalid. */
++ if ( state->index > 88 ) {
++ state->index = 88;
++ } else
++ if ( state->index < 0 ) {
++ state->index = 0;
++ }
++
+ /* Compute difference and new sample value */
+ step = step_table[state->index];
+ delta = step >> 3;
+@@ -275,12 +283,6 @@
+
+ /* Update index value */
+ state->index += index_table[nybble];
+- if ( state->index > 88 ) {
+- state->index = 88;
+- } else
+- if ( state->index < 0 ) {
+- state->index = 0;
+- }
+
+ /* Clamp output sample */
+ if ( state->sample > max_audioval ) {
diff --git a/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7574.patch b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7574.patch
new file mode 100644
index 0000000000..9fd53da29b
--- /dev/null
+++ b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7574.patch
@@ -0,0 +1,68 @@
+# HG changeset patch
+# User Petr Písař <ppisar@redhat.com>
+# Date 1560181859 25200
+# Mon Jun 10 08:50:59 2019 -0700
+# Branch SDL-1.2
+# Node ID a6e3d2f5183e1cc300ad993e10e9ce077e13bd9c
+# Parent 388987dff7bf8f1e214e69c2e4f1aa31e06396b5
+CVE-2019-7574: Fix a buffer overread in IMA_ADPCM_decode
+If data chunk was shorter than expected based on a WAV format
+definition, IMA_ADPCM_decode() tried to read past the data chunk
+buffer. This patch fixes it.
+
+CVE-2019-7574
+https://bugzilla.libsdl.org/show_bug.cgi?id=4496
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+CVE: CVE-2019-7574
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+diff -r 388987dff7bf -r a6e3d2f5183e src/audio/SDL_wave.c
+--- a/src/audio/SDL_wave.c Sat Jun 08 18:02:09 2019 -0700
++++ b/src/audio/SDL_wave.c Mon Jun 10 08:50:59 2019 -0700
+@@ -331,7 +331,7 @@
+ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ {
+ struct IMA_ADPCM_decodestate *state;
+- Uint8 *freeable, *encoded, *decoded;
++ Uint8 *freeable, *encoded, *encoded_end, *decoded;
+ Sint32 encoded_len, samplesleft;
+ unsigned int c, channels;
+
+@@ -347,6 +347,7 @@
+ /* Allocate the proper sized output buffer */
+ encoded_len = *audio_len;
+ encoded = *audio_buf;
++ encoded_end = encoded + encoded_len;
+ freeable = *audio_buf;
+ *audio_len = (encoded_len/IMA_ADPCM_state.wavefmt.blockalign) *
+ IMA_ADPCM_state.wSamplesPerBlock*
+@@ -362,6 +363,7 @@
+ while ( encoded_len >= IMA_ADPCM_state.wavefmt.blockalign ) {
+ /* Grab the initial information for this block */
+ for ( c=0; c<channels; ++c ) {
++ if (encoded + 4 > encoded_end) goto invalid_size;
+ /* Fill the state information for this block */
+ state[c].sample = ((encoded[1]<<8)|encoded[0]);
+ encoded += 2;
+@@ -384,6 +386,7 @@
+ samplesleft = (IMA_ADPCM_state.wSamplesPerBlock-1)*channels;
+ while ( samplesleft > 0 ) {
+ for ( c=0; c<channels; ++c ) {
++ if (encoded + 4 > encoded_end) goto invalid_size;
+ Fill_IMA_ADPCM_block(decoded, encoded,
+ c, channels, &state[c]);
+ encoded += 4;
+@@ -395,6 +398,10 @@
+ }
+ SDL_free(freeable);
+ return(0);
++invalid_size:
++ SDL_SetError("Unexpected chunk length for an IMA ADPCM decoder");
++ SDL_free(freeable);
++ return(-1);
+ }
+
+ SDL_AudioSpec * SDL_LoadWAV_RW (SDL_RWops *src, int freesrc,
diff --git a/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7575.patch b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7575.patch
new file mode 100644
index 0000000000..a3e8416d0e
--- /dev/null
+++ b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7575.patch
@@ -0,0 +1,81 @@
+# HG changeset patch
+# User Petr Písař <ppisar@redhat.com>
+# Date 1560183905 25200
+# Mon Jun 10 09:25:05 2019 -0700
+# Branch SDL-1.2
+# Node ID a936f9bd3e381d67d8ddee8b9243f85799ea4798
+# Parent fcbecae427951bac1684baaba2ade68221315140
+CVE-2019-7575: Fix a buffer overwrite in MS_ADPCM_decode
+If a WAV format defines shorter audio stream and decoded MS ADPCM data chunk
+is longer, decoding continued past the output audio buffer.
+
+This fix is based on a patch from
+<https://bugzilla.libsdl.org/show_bug.cgi?id=4492>.
+
+https://bugzilla.libsdl.org/show_bug.cgi?id=4493
+CVE-2019-7575
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+CVE: CVE-2019-7575
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+diff -r fcbecae42795 -r a936f9bd3e38 src/audio/SDL_wave.c
+--- a/src/audio/SDL_wave.c Mon Jun 10 09:06:23 2019 -0700
++++ b/src/audio/SDL_wave.c Mon Jun 10 09:25:05 2019 -0700
+@@ -122,7 +122,7 @@
+ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ {
+ struct MS_ADPCM_decodestate *state[2];
+- Uint8 *freeable, *encoded, *encoded_end, *decoded;
++ Uint8 *freeable, *encoded, *encoded_end, *decoded, *decoded_end;
+ Sint32 encoded_len, samplesleft;
+ Sint8 nybble, stereo;
+ Sint16 *coeff[2];
+@@ -142,6 +142,7 @@
+ return(-1);
+ }
+ decoded = *audio_buf;
++ decoded_end = decoded + *audio_len;
+
+ /* Get ready... Go! */
+ stereo = (MS_ADPCM_state.wavefmt.channels == 2);
+@@ -149,7 +150,7 @@
+ state[1] = &MS_ADPCM_state.state[stereo];
+ while ( encoded_len >= MS_ADPCM_state.wavefmt.blockalign ) {
+ /* Grab the initial information for this block */
+- if (encoded + 7 + (stereo ? 7 : 0) > encoded_end) goto too_short;
++ if (encoded + 7 + (stereo ? 7 : 0) > encoded_end) goto invalid_size;
+ state[0]->hPredictor = *encoded++;
+ if ( stereo ) {
+ state[1]->hPredictor = *encoded++;
+@@ -179,6 +180,7 @@
+ coeff[1] = MS_ADPCM_state.aCoeff[state[1]->hPredictor];
+
+ /* Store the two initial samples we start with */
++ if (decoded + 4 + (stereo ? 4 : 0) > decoded_end) goto invalid_size;
+ decoded[0] = state[0]->iSamp2&0xFF;
+ decoded[1] = state[0]->iSamp2>>8;
+ decoded += 2;
+@@ -200,7 +202,8 @@
+ samplesleft = (MS_ADPCM_state.wSamplesPerBlock-2)*
+ MS_ADPCM_state.wavefmt.channels;
+ while ( samplesleft > 0 ) {
+- if (encoded + 1 > encoded_end) goto too_short;
++ if (encoded + 1 > encoded_end) goto invalid_size;
++ if (decoded + 4 > decoded_end) goto invalid_size;
+
+ nybble = (*encoded)>>4;
+ new_sample = MS_ADPCM_nibble(state[0],nybble,coeff[0]);
+@@ -223,8 +226,8 @@
+ }
+ SDL_free(freeable);
+ return(0);
+-too_short:
+- SDL_SetError("Too short chunk for a MS ADPCM decoder");
++invalid_size:
++ SDL_SetError("Unexpected chunk length for a MS ADPCM decoder");
+ SDL_free(freeable);
+ return(-1);
+ invalid_predictor:
diff --git a/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7576.patch b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7576.patch
new file mode 100644
index 0000000000..d9a505217b
--- /dev/null
+++ b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7576.patch
@@ -0,0 +1,80 @@
+# HG changeset patch
+# User Petr Písař <ppisar@redhat.com>
+# Date 1560182783 25200
+# Mon Jun 10 09:06:23 2019 -0700
+# Branch SDL-1.2
+# Node ID fcbecae427951bac1684baaba2ade68221315140
+# Parent a8afedbcaea0e84921dc770195c4699bda3ccdc5
+CVE-2019-7573, CVE-2019-7576: Fix buffer overreads in InitMS_ADPCM
+If MS ADPCM format chunk was too short, InitMS_ADPCM() parsing it
+could read past the end of chunk data. This patch fixes it.
+
+CVE-2019-7573
+https://bugzilla.libsdl.org/show_bug.cgi?id=4491
+CVE-2019-7576
+https://bugzilla.libsdl.org/show_bug.cgi?id=4490
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+CVE: CVE-2019-7573
+CVE: CVE-2019-7576
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+diff -r a8afedbcaea0 -r fcbecae42795 src/audio/SDL_wave.c
+--- a/src/audio/SDL_wave.c Mon Jun 10 08:57:11 2019 -0700
++++ b/src/audio/SDL_wave.c Mon Jun 10 09:06:23 2019 -0700
+@@ -44,12 +44,13 @@
+ struct MS_ADPCM_decodestate state[2];
+ } MS_ADPCM_state;
+
+-static int InitMS_ADPCM(WaveFMT *format)
++static int InitMS_ADPCM(WaveFMT *format, int length)
+ {
+- Uint8 *rogue_feel;
++ Uint8 *rogue_feel, *rogue_feel_end;
+ int i;
+
+ /* Set the rogue pointer to the MS_ADPCM specific data */
++ if (length < sizeof(*format)) goto too_short;
+ MS_ADPCM_state.wavefmt.encoding = SDL_SwapLE16(format->encoding);
+ MS_ADPCM_state.wavefmt.channels = SDL_SwapLE16(format->channels);
+ MS_ADPCM_state.wavefmt.frequency = SDL_SwapLE32(format->frequency);
+@@ -58,9 +59,11 @@
+ MS_ADPCM_state.wavefmt.bitspersample =
+ SDL_SwapLE16(format->bitspersample);
+ rogue_feel = (Uint8 *)format+sizeof(*format);
++ rogue_feel_end = (Uint8 *)format + length;
+ if ( sizeof(*format) == 16 ) {
+ rogue_feel += sizeof(Uint16);
+ }
++ if (rogue_feel + 4 > rogue_feel_end) goto too_short;
+ MS_ADPCM_state.wSamplesPerBlock = ((rogue_feel[1]<<8)|rogue_feel[0]);
+ rogue_feel += sizeof(Uint16);
+ MS_ADPCM_state.wNumCoef = ((rogue_feel[1]<<8)|rogue_feel[0]);
+@@ -70,12 +73,16 @@
+ return(-1);
+ }
+ for ( i=0; i<MS_ADPCM_state.wNumCoef; ++i ) {
++ if (rogue_feel + 4 > rogue_feel_end) goto too_short;
+ MS_ADPCM_state.aCoeff[i][0] = ((rogue_feel[1]<<8)|rogue_feel[0]);
+ rogue_feel += sizeof(Uint16);
+ MS_ADPCM_state.aCoeff[i][1] = ((rogue_feel[1]<<8)|rogue_feel[0]);
+ rogue_feel += sizeof(Uint16);
+ }
+ return(0);
++too_short:
++ SDL_SetError("Unexpected length of a chunk with a MS ADPCM format");
++ return(-1);
+ }
+
+ static Sint32 MS_ADPCM_nibble(struct MS_ADPCM_decodestate *state,
+@@ -495,7 +502,7 @@
+ break;
+ case MS_ADPCM_CODE:
+ /* Try to understand this */
+- if ( InitMS_ADPCM(format) < 0 ) {
++ if ( InitMS_ADPCM(format, lenread) < 0 ) {
+ was_error = 1;
+ goto done;
+ }
diff --git a/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7577.patch b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7577.patch
new file mode 100644
index 0000000000..92e40aec5e
--- /dev/null
+++ b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7577.patch
@@ -0,0 +1,123 @@
+# HG changeset patch
+# User Petr Písař <ppisar@redhat.com>
+# Date 1560182051 25200
+# Mon Jun 10 08:54:11 2019 -0700
+# Branch SDL-1.2
+# Node ID 416136310b88cbeeff8773e573e90ac1e22b3526
+# Parent a6e3d2f5183e1cc300ad993e10e9ce077e13bd9c
+CVE-2019-7577: Fix a buffer overread in MS_ADPCM_decode
+If RIFF/WAV data chunk length is shorter then expected for an audio
+format defined in preceeding RIFF/WAV format headers, a buffer
+overread can happen.
+
+This patch fixes it by checking a MS ADPCM data to be decoded are not
+past the initialized buffer.
+
+CVE-2019-7577
+Reproducer: https://bugzilla.libsdl.org/show_bug.cgi?id=4492
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+# HG changeset patch
+# User Petr Písař <ppisar@redhat.com>
+# Date 1560182069 25200
+# Mon Jun 10 08:54:29 2019 -0700
+# Branch SDL-1.2
+# Node ID faf9abbcfb5fe0d0ca23c4bf0394aa226ceccf02
+# Parent 416136310b88cbeeff8773e573e90ac1e22b3526
+CVE-2019-7577: Fix a buffer overread in MS_ADPCM_nibble and MS_ADPCM_decode
+If a chunk of RIFF/WAV file with MS ADPCM encoding contains an invalid
+predictor (a valid predictor's value is between 0 and 6 inclusive),
+a buffer overread can happen when the predictor is used as an index
+into an array of MS ADPCM coefficients.
+
+The overead happens when indexing MS_ADPCM_state.aCoeff[] array in
+MS_ADPCM_decode() and later when dereferencing a coef pointer in
+MS_ADPCM_nibble().
+
+This patch fixes it by checking the MS ADPCM predictor values fit
+into the valid range.
+
+CVE-2019-7577
+Reproducer: https://bugzilla.libsdl.org/show_bug.cgi?id=4492
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+CVE: CVE-2019-7577
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+diff -r a6e3d2f5183e -r 416136310b88 src/audio/SDL_wave.c
+--- a/src/audio/SDL_wave.c Mon Jun 10 08:50:59 2019 -0700
++++ b/src/audio/SDL_wave.c Mon Jun 10 08:54:11 2019 -0700
+@@ -115,7 +115,7 @@
+ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ {
+ struct MS_ADPCM_decodestate *state[2];
+- Uint8 *freeable, *encoded, *decoded;
++ Uint8 *freeable, *encoded, *encoded_end, *decoded;
+ Sint32 encoded_len, samplesleft;
+ Sint8 nybble, stereo;
+ Sint16 *coeff[2];
+@@ -124,6 +124,7 @@
+ /* Allocate the proper sized output buffer */
+ encoded_len = *audio_len;
+ encoded = *audio_buf;
++ encoded_end = encoded + encoded_len;
+ freeable = *audio_buf;
+ *audio_len = (encoded_len/MS_ADPCM_state.wavefmt.blockalign) *
+ MS_ADPCM_state.wSamplesPerBlock*
+@@ -141,6 +142,7 @@
+ state[1] = &MS_ADPCM_state.state[stereo];
+ while ( encoded_len >= MS_ADPCM_state.wavefmt.blockalign ) {
+ /* Grab the initial information for this block */
++ if (encoded + 7 + (stereo ? 7 : 0) > encoded_end) goto too_short;
+ state[0]->hPredictor = *encoded++;
+ if ( stereo ) {
+ state[1]->hPredictor = *encoded++;
+@@ -188,6 +190,8 @@
+ samplesleft = (MS_ADPCM_state.wSamplesPerBlock-2)*
+ MS_ADPCM_state.wavefmt.channels;
+ while ( samplesleft > 0 ) {
++ if (encoded + 1 > encoded_end) goto too_short;
++
+ nybble = (*encoded)>>4;
+ new_sample = MS_ADPCM_nibble(state[0],nybble,coeff[0]);
+ decoded[0] = new_sample&0xFF;
+@@ -209,6 +213,10 @@
+ }
+ SDL_free(freeable);
+ return(0);
++too_short:
++ SDL_SetError("Too short chunk for a MS ADPCM decoder");
++ SDL_free(freeable);
++ return(-1);
+ }
+
+ struct IMA_ADPCM_decodestate {
+
+
+diff -r 416136310b88 -r faf9abbcfb5f src/audio/SDL_wave.c
+--- a/src/audio/SDL_wave.c Mon Jun 10 08:54:11 2019 -0700
++++ b/src/audio/SDL_wave.c Mon Jun 10 08:54:29 2019 -0700
+@@ -147,6 +147,9 @@
+ if ( stereo ) {
+ state[1]->hPredictor = *encoded++;
+ }
++ if (state[0]->hPredictor >= 7 || state[1]->hPredictor >= 7) {
++ goto invalid_predictor;
++ }
+ state[0]->iDelta = ((encoded[1]<<8)|encoded[0]);
+ encoded += sizeof(Sint16);
+ if ( stereo ) {
+@@ -217,6 +220,10 @@
+ SDL_SetError("Too short chunk for a MS ADPCM decoder");
+ SDL_free(freeable);
+ return(-1);
++invalid_predictor:
++ SDL_SetError("Invalid predictor value for a MS ADPCM decoder");
++ SDL_free(freeable);
++ return(-1);
+ }
+
+ struct IMA_ADPCM_decodestate {
diff --git a/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7578.patch b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7578.patch
new file mode 100644
index 0000000000..7028890333
--- /dev/null
+++ b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7578.patch
@@ -0,0 +1,64 @@
+# HG changeset patch
+# User Petr Písař <ppisar@redhat.com>
+# Date 1560042129 25200
+# Sat Jun 08 18:02:09 2019 -0700
+# Branch SDL-1.2
+# Node ID 388987dff7bf8f1e214e69c2e4f1aa31e06396b5
+# Parent e52413f5258600878f9a10d2f92605a729aa8976
+CVE-2019-7578: Fix a buffer overread in InitIMA_ADPCM
+If IMA ADPCM format chunk was too short, InitIMA_ADPCM() parsing it
+could read past the end of chunk data. This patch fixes it.
+
+CVE-2019-7578
+https://bugzilla.libsdl.org/show_bug.cgi?id=4494
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+CVE: CVE-2019-7578
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+diff -r e52413f52586 -r 388987dff7bf src/audio/SDL_wave.c
+--- a/src/audio/SDL_wave.c Sat Jun 08 17:57:43 2019 -0700
++++ b/src/audio/SDL_wave.c Sat Jun 08 18:02:09 2019 -0700
+@@ -222,11 +222,12 @@
+ struct IMA_ADPCM_decodestate state[2];
+ } IMA_ADPCM_state;
+
+-static int InitIMA_ADPCM(WaveFMT *format)
++static int InitIMA_ADPCM(WaveFMT *format, int length)
+ {
+- Uint8 *rogue_feel;
++ Uint8 *rogue_feel, *rogue_feel_end;
+
+ /* Set the rogue pointer to the IMA_ADPCM specific data */
++ if (length < sizeof(*format)) goto too_short;
+ IMA_ADPCM_state.wavefmt.encoding = SDL_SwapLE16(format->encoding);
+ IMA_ADPCM_state.wavefmt.channels = SDL_SwapLE16(format->channels);
+ IMA_ADPCM_state.wavefmt.frequency = SDL_SwapLE32(format->frequency);
+@@ -235,11 +236,16 @@
+ IMA_ADPCM_state.wavefmt.bitspersample =
+ SDL_SwapLE16(format->bitspersample);
+ rogue_feel = (Uint8 *)format+sizeof(*format);
++ rogue_feel_end = (Uint8 *)format + length;
+ if ( sizeof(*format) == 16 ) {
+ rogue_feel += sizeof(Uint16);
+ }
++ if (rogue_feel + 2 > rogue_feel_end) goto too_short;
+ IMA_ADPCM_state.wSamplesPerBlock = ((rogue_feel[1]<<8)|rogue_feel[0]);
+ return(0);
++too_short:
++ SDL_SetError("Unexpected length of a chunk with an IMA ADPCM format");
++ return(-1);
+ }
+
+ static Sint32 IMA_ADPCM_nibble(struct IMA_ADPCM_decodestate *state,Uint8 nybble)
+@@ -471,7 +477,7 @@
+ break;
+ case IMA_ADPCM_CODE:
+ /* Try to understand this */
+- if ( InitIMA_ADPCM(format) < 0 ) {
++ if ( InitIMA_ADPCM(format, lenread) < 0 ) {
+ was_error = 1;
+ goto done;
+ }
diff --git a/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7635.patch b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7635.patch
new file mode 100644
index 0000000000..78af1b061d
--- /dev/null
+++ b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7635.patch
@@ -0,0 +1,63 @@
+# HG changeset patch
+# User Petr Písař <ppisar@redhat.com>
+# Date 1560259692 25200
+# Tue Jun 11 06:28:12 2019 -0700
+# Branch SDL-1.2
+# Node ID f1f5878be5dbf63c1161a8ee52b8a86ece30e552
+# Parent a936f9bd3e381d67d8ddee8b9243f85799ea4798
+CVE-2019-7635: Reject BMP images with pixel colors out the palette
+If a 1-, 4-, or 8-bit per pixel BMP image declares less used colors
+than the palette offers an SDL_Surface with a palette of the indicated
+number of used colors is created. If some of the image's pixel
+refer to a color number higher then the maximal used colors, a subsequent
+bliting operation on the surface will look up a color past a blit map
+(that is based on the palette) memory. I.e. passing such SDL_Surface
+to e.g. an SDL_DisplayFormat() function will result in a buffer overread in
+a blit function.
+
+This patch fixes it by validing each pixel's color to be less than the
+maximal color number in the palette. A validation failure raises an
+error from a SDL_LoadBMP_RW() function.
+
+CVE-2019-7635
+https://bugzilla.libsdl.org/show_bug.cgi?id=4498
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+CVE: CVE-2019-7635
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+diff -r a936f9bd3e38 -r f1f5878be5db src/video/SDL_bmp.c
+--- a/src/video/SDL_bmp.c Mon Jun 10 09:25:05 2019 -0700
++++ b/src/video/SDL_bmp.c Tue Jun 11 06:28:12 2019 -0700
+@@ -308,6 +308,12 @@
+ }
+ *(bits+i) = (pixel>>shift);
+ pixel <<= ExpandBMP;
++ if ( bits[i] >= biClrUsed ) {
++ SDL_SetError(
++ "A BMP image contains a pixel with a color out of the palette");
++ was_error = SDL_TRUE;
++ goto done;
++ }
+ } }
+ break;
+
+@@ -318,6 +324,16 @@
+ was_error = SDL_TRUE;
+ goto done;
+ }
++ if ( 8 == biBitCount && palette && biClrUsed < (1 << biBitCount ) ) {
++ for ( i=0; i<surface->w; ++i ) {
++ if ( bits[i] >= biClrUsed ) {
++ SDL_SetError(
++ "A BMP image contains a pixel with a color out of the palette");
++ was_error = SDL_TRUE;
++ goto done;
++ }
++ }
++ }
+ #if SDL_BYTEORDER == SDL_BIG_ENDIAN
+ /* Byte-swap the pixels if needed. Note that the 24bpp
+ case has already been taken care of above. */
diff --git a/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7637.patch b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7637.patch
new file mode 100644
index 0000000000..c95338e61a
--- /dev/null
+++ b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7637.patch
@@ -0,0 +1,192 @@
+# HG changeset patch
+# User Petr Písař <ppisar@redhat.com>
+# Date 1552788984 25200
+# Sat Mar 16 19:16:24 2019 -0700
+# Branch SDL-1.2
+# Node ID 9b0e5c555c0f5ce6d2c3c19da6cc2c7fb5048bf2
+# Parent 4646533663ae1d80c2cc6b2d6dbfb37c62491c1e
+CVE-2019-7637: Fix in integer overflow in SDL_CalculatePitch
+If a too large width is passed to SDL_SetVideoMode() the width travels
+to SDL_CalculatePitch() where the width (e.g. 65535) is multiplied by
+BytesPerPixel (e.g. 4) and the result is stored into Uint16 pitch
+variable. During this arithmetics an integer overflow can happen (e.g.
+the value is clamped as 65532). As a result SDL_Surface with a pitch
+smaller than width * BytesPerPixel is created, too small pixel buffer
+is allocated and when the SDL_Surface is processed in SDL_FillRect()
+a buffer overflow occurs.
+
+This can be reproduced with "./graywin -width 21312312313123213213213"
+command.
+
+This patch fixes is by using a very careful arithmetics in
+SDL_CalculatePitch(). If an overflow is detected, an error is reported
+back as a special 0 value. We assume that 0-width surfaces do not
+occur in the wild. Since SDL_CalculatePitch() is a private function,
+we can change the semantics.
+
+CVE-2019-7637
+https://bugzilla.libsdl.org/show_bug.cgi?id=4497
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+CVE: CVE-2019-7637
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+diff -r 4646533663ae -r 9b0e5c555c0f src/video/SDL_pixels.c
+--- a/src/video/SDL_pixels.c Sat Mar 16 18:35:33 2019 -0700
++++ b/src/video/SDL_pixels.c Sat Mar 16 19:16:24 2019 -0700
+@@ -286,26 +286,53 @@
+ }
+ }
+ /*
+- * Calculate the pad-aligned scanline width of a surface
++ * Calculate the pad-aligned scanline width of a surface. Return 0 in case of
++ * an error.
+ */
+ Uint16 SDL_CalculatePitch(SDL_Surface *surface)
+ {
+- Uint16 pitch;
++ unsigned int pitch = 0;
+
+ /* Surface should be 4-byte aligned for speed */
+- pitch = surface->w*surface->format->BytesPerPixel;
++ /* The code tries to prevent from an Uint16 overflow. */;
++ for (Uint8 byte = surface->format->BytesPerPixel; byte; byte--) {
++ pitch += (unsigned int)surface->w;
++ if (pitch < surface->w) {
++ SDL_SetError("A scanline is too wide");
++ return(0);
++ }
++ }
+ switch (surface->format->BitsPerPixel) {
+ case 1:
+- pitch = (pitch+7)/8;
++ if (pitch % 8) {
++ pitch = pitch / 8 + 1;
++ } else {
++ pitch = pitch / 8;
++ }
+ break;
+ case 4:
+- pitch = (pitch+1)/2;
++ if (pitch % 2) {
++ pitch = pitch / 2 + 1;
++ } else {
++ pitch = pitch / 2;
++ }
+ break;
+ default:
+ break;
+ }
+- pitch = (pitch + 3) & ~3; /* 4-byte aligning */
+- return(pitch);
++ /* 4-byte aligning */
++ if (pitch & 3) {
++ if (pitch + 3 < pitch) {
++ SDL_SetError("A scanline is too wide");
++ return(0);
++ }
++ pitch = (pitch + 3) & ~3;
++ }
++ if (pitch > 0xFFFF) {
++ SDL_SetError("A scanline is too wide");
++ return(0);
++ }
++ return((Uint16)pitch);
+ }
+ /*
+ * Match an RGB value to a particular palette index
+diff -r 4646533663ae -r 9b0e5c555c0f src/video/gapi/SDL_gapivideo.c
+--- a/src/video/gapi/SDL_gapivideo.c Sat Mar 16 18:35:33 2019 -0700
++++ b/src/video/gapi/SDL_gapivideo.c Sat Mar 16 19:16:24 2019 -0700
+@@ -733,6 +733,9 @@
+ video->w = gapi->w = width;
+ video->h = gapi->h = height;
+ video->pitch = SDL_CalculatePitch(video);
++ if (!current->pitch) {
++ return(NULL);
++ }
+
+ /* Small fix for WinCE/Win32 - when activating window
+ SDL_VideoSurface is equal to zero, so activating code
+diff -r 4646533663ae -r 9b0e5c555c0f src/video/nanox/SDL_nxvideo.c
+--- a/src/video/nanox/SDL_nxvideo.c Sat Mar 16 18:35:33 2019 -0700
++++ b/src/video/nanox/SDL_nxvideo.c Sat Mar 16 19:16:24 2019 -0700
+@@ -378,6 +378,10 @@
+ current -> w = width ;
+ current -> h = height ;
+ current -> pitch = SDL_CalculatePitch (current) ;
++ if (!current->pitch) {
++ current = NULL;
++ goto done;
++ }
+ NX_ResizeImage (this, current, flags) ;
+ }
+
+diff -r 4646533663ae -r 9b0e5c555c0f src/video/ps2gs/SDL_gsvideo.c
+--- a/src/video/ps2gs/SDL_gsvideo.c Sat Mar 16 18:35:33 2019 -0700
++++ b/src/video/ps2gs/SDL_gsvideo.c Sat Mar 16 19:16:24 2019 -0700
+@@ -479,6 +479,9 @@
+ current->w = width;
+ current->h = height;
+ current->pitch = SDL_CalculatePitch(current);
++ if (!current->pitch) {
++ return(NULL);
++ }
+
+ /* Memory map the DMA area for block memory transfer */
+ if ( ! mapped_mem ) {
+diff -r 4646533663ae -r 9b0e5c555c0f src/video/ps3/SDL_ps3video.c
+--- a/src/video/ps3/SDL_ps3video.c Sat Mar 16 18:35:33 2019 -0700
++++ b/src/video/ps3/SDL_ps3video.c Sat Mar 16 19:16:24 2019 -0700
+@@ -339,6 +339,9 @@
+ current->w = width;
+ current->h = height;
+ current->pitch = SDL_CalculatePitch(current);
++ if (!current->pitch) {
++ return(NULL);
++ }
+
+ /* Alloc aligned mem for current->pixels */
+ s_pixels = memalign(16, current->h * current->pitch);
+diff -r 4646533663ae -r 9b0e5c555c0f src/video/windib/SDL_dibvideo.c
+--- a/src/video/windib/SDL_dibvideo.c Sat Mar 16 18:35:33 2019 -0700
++++ b/src/video/windib/SDL_dibvideo.c Sat Mar 16 19:16:24 2019 -0700
+@@ -675,6 +675,9 @@
+ video->w = width;
+ video->h = height;
+ video->pitch = SDL_CalculatePitch(video);
++ if (!current->pitch) {
++ return(NULL);
++ }
+
+ /* Small fix for WinCE/Win32 - when activating window
+ SDL_VideoSurface is equal to zero, so activating code
+diff -r 4646533663ae -r 9b0e5c555c0f src/video/windx5/SDL_dx5video.c
+--- a/src/video/windx5/SDL_dx5video.c Sat Mar 16 18:35:33 2019 -0700
++++ b/src/video/windx5/SDL_dx5video.c Sat Mar 16 19:16:24 2019 -0700
+@@ -1127,6 +1127,9 @@
+ video->w = width;
+ video->h = height;
+ video->pitch = SDL_CalculatePitch(video);
++ if (!current->pitch) {
++ return(NULL);
++ }
+
+ #ifndef NO_CHANGEDISPLAYSETTINGS
+ /* Set fullscreen mode if appropriate.
+diff -r 4646533663ae -r 9b0e5c555c0f src/video/x11/SDL_x11video.c
+--- a/src/video/x11/SDL_x11video.c Sat Mar 16 18:35:33 2019 -0700
++++ b/src/video/x11/SDL_x11video.c Sat Mar 16 19:16:24 2019 -0700
+@@ -1225,6 +1225,10 @@
+ current->w = width;
+ current->h = height;
+ current->pitch = SDL_CalculatePitch(current);
++ if (!current->pitch) {
++ current = NULL;
++ goto done;
++ }
+ if (X11_ResizeImage(this, current, flags) < 0) {
+ current = NULL;
+ goto done;
diff --git a/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7638.patch b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7638.patch
new file mode 100644
index 0000000000..dab9aaeb2b
--- /dev/null
+++ b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7638.patch
@@ -0,0 +1,38 @@
+# HG changeset patch
+# User Sam Lantinga <slouken@libsdl.org>
+# Date 1550504903 28800
+# Mon Feb 18 07:48:23 2019 -0800
+# Branch SDL-1.2
+# Node ID 19d8c3b9c25143f71a34ff40ce1df91b4b3e3b78
+# Parent 8586f153eedec4c4e07066d6248ebdf67f10a229
+Fixed bug 4500 - Heap-Buffer Overflow in Map1toN pertaining to SDL_pixels.c
+
+Petr Pisar
+
+The reproducer has these data in BITMAPINFOHEADER:
+
+biSize = 40
+biBitCount = 8
+biClrUsed = 131075
+
+SDL_LoadBMP_RW() function passes biBitCount as a color depth to SDL_CreateRGBSurface(), thus 256-color pallete is allocated. But then biClrUsed colors are read from a file and stored into the palette. SDL_LoadBMP_RW should report an error if biClrUsed is greater than 2^biBitCount.
+
+CVE: CVE-2019-7638
+CVE: CVE-2019-7636
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+diff -r 8586f153eede -r 19d8c3b9c251 src/video/SDL_bmp.c
+--- a/src/video/SDL_bmp.c Sun Jan 13 15:27:50 2019 +0100
++++ b/src/video/SDL_bmp.c Mon Feb 18 07:48:23 2019 -0800
+@@ -233,6 +233,10 @@
+ if ( palette ) {
+ if ( biClrUsed == 0 ) {
+ biClrUsed = 1 << biBitCount;
++ } else if ( biClrUsed > (1 << biBitCount) ) {
++ SDL_SetError("BMP file has an invalid number of colors");
++ was_error = SDL_TRUE;
++ goto done;
+ }
+ if ( biSize == 12 ) {
+ for ( i = 0; i < (int)biClrUsed; ++i ) {
diff --git a/meta/recipes-graphics/libsdl/libsdl_1.2.15.bb b/meta/recipes-graphics/libsdl/libsdl_1.2.15.bb
index 3680ea9d80..d61ee0f981 100644
--- a/meta/recipes-graphics/libsdl/libsdl_1.2.15.bb
+++ b/meta/recipes-graphics/libsdl/libsdl_1.2.15.bb
@@ -18,6 +18,15 @@ SRC_URI = "http://www.libsdl.org/release/SDL-${PV}.tar.gz \
file://libsdl-1.2.15-xdata32.patch \
file://pkgconfig.patch \
file://0001-build-Pass-tag-CC-explictly-when-using-libtool.patch \
+ file://CVE-2019-7577.patch \
+ file://CVE-2019-7574.patch \
+ file://CVE-2019-7572.patch \
+ file://CVE-2019-7578.patch \
+ file://CVE-2019-7575.patch \
+ file://CVE-2019-7635.patch \
+ file://CVE-2019-7637.patch \
+ file://CVE-2019-7638.patch \
+ file://CVE-2019-7576.patch \
"
UPSTREAM_CHECK_REGEX = "SDL-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-graphics/mesa/mesa.inc b/meta/recipes-graphics/mesa/mesa.inc
index 0cc0a82de4..f47f1aa20d 100644
--- a/meta/recipes-graphics/mesa/mesa.inc
+++ b/meta/recipes-graphics/mesa/mesa.inc
@@ -141,8 +141,6 @@ do_install_append () {
rm -f ${D}${libdir}/gallium-pipe/*.la
rm -f ${D}${libdir}/gbm/*.la
- # it was packaged in libdricore9.1.3-1 and preventing upgrades when debian.bbclass was used
- rm -f ${D}${sysconfdir}/drirc
chrpath --delete ${D}${libdir}/dri/*_dri.so || true
# libwayland-egl has been moved to wayland 1.15+
@@ -209,8 +207,8 @@ PACKAGESPLITFUNCS_prepend = "mesa_populate_packages "
PACKAGES_DYNAMIC += "^mesa-driver-.*"
-FILES_${PN} += "${sysconfdir}/drirc"
-FILES_mesa-megadriver = "${libdir}/dri/*"
+FILES_${PN} = ""
+FILES_mesa-megadriver = "${libdir}/dri/* ${sysconfdir}"
FILES_mesa-vulkan-drivers = "${libdir}/libvulkan_*.so ${datadir}/vulkan"
FILES_libegl-mesa = "${libdir}/libEGL.so.*"
FILES_libgbm = "${libdir}/libgbm.so.*"
diff --git a/meta/recipes-graphics/pango/pango/CVE-2019-1010238.patch b/meta/recipes-graphics/pango/pango/CVE-2019-1010238.patch
new file mode 100644
index 0000000000..5b0c342f49
--- /dev/null
+++ b/meta/recipes-graphics/pango/pango/CVE-2019-1010238.patch
@@ -0,0 +1,38 @@
+From 490f8979a260c16b1df055eab386345da18a2d54 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Wed, 10 Jul 2019 20:26:23 -0400
+Subject: [PATCH] bidi: Be safer against bad input
+
+Don't run off the end of an array that we
+allocated to certain length.
+
+Closes: https://gitlab.gnome.org/GNOME/pango/issues/342
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/pango/commit/490f8979a260c16b1df055eab386345da18a2d54]
+CVE: CVE-2019-1010238
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ pango/pango-bidi-type.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/pango/pango-bidi-type.c b/pango/pango-bidi-type.c
+index 3e46b66c..5c02dbbb 100644
+--- a/pango/pango-bidi-type.c
++++ b/pango/pango-bidi-type.c
+@@ -181,8 +181,11 @@ pango_log2vis_get_embedding_levels (const gchar *text,
+ for (i = 0, p = text; p < text + length; p = g_utf8_next_char(p), i++)
+ {
+ gunichar ch = g_utf8_get_char (p);
+- FriBidiCharType char_type;
+- char_type = fribidi_get_bidi_type (ch);
++ FriBidiCharType char_type = fribidi_get_bidi_type (ch);
++
++ if (i == n_chars)
++ break;
++
+ bidi_types[i] = char_type;
+ ored_types |= char_type;
+ if (FRIBIDI_IS_STRONG (char_type))
+--
+2.21.0
+
diff --git a/meta/recipes-graphics/pango/pango_1.42.4.bb b/meta/recipes-graphics/pango/pango_1.42.4.bb
index 22fe3af15d..f6a3a5ac4c 100644
--- a/meta/recipes-graphics/pango/pango_1.42.4.bb
+++ b/meta/recipes-graphics/pango/pango_1.42.4.bb
@@ -15,7 +15,9 @@ inherit gnomebase gtk-doc ptest-gnome upstream-version-is-even gobject-introspec
SRC_URI += "file://run-ptest \
file://0001-Enforce-recreation-of-docs-pango.types-it-is-build-c.patch \
-"
+ file://CVE-2019-1010238.patch \
+ "
+
SRC_URI[archive.md5sum] = "deb171a31a3ad76342d5195a1b5bbc7c"
SRC_URI[archive.sha256sum] = "1d2b74cd63e8bd41961f2f8d952355aa0f9be6002b52c8aa7699d9f5da597c9d"
diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb b/meta/recipes-kernel/linux/kernel-devsrc.bb
index 361ad21e1f..ec5cf0993a 100644
--- a/meta/recipes-kernel/linux/kernel-devsrc.bb
+++ b/meta/recipes-kernel/linux/kernel-devsrc.bb
@@ -62,6 +62,12 @@ do_install() {
cd ${S}
cp --parents $(find -type f -name "Makefile*" -o -name "Kconfig*") $kerneldir/build
cp --parents $(find -type f -name "Build" -o -name "Build.include") $kerneldir/build
+
+ # Copy localversion file if any to keep correct version magic after
+ # modules_prepare.
+ if [ -f *localversion* ]; then
+ cp *localversion* $kerneldir/build
+ fi
)
# then drop all but the needed Makefiles/Kconfig files
@@ -213,6 +219,9 @@ do_install() {
# required to build scripts/selinux/genheaders/genheaders
cp -a --parents security/selinux/include/* $kerneldir/build/
+
+ # copy any localversion files
+ cp -a localversion* $kerneldir/build/ 2>/dev/null || :
)
# Make sure the Makefile and version.h have a matching timestamp so that
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb
index 4189fc8d17..de6f5c98bf 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "82ac7b2b8048b537481bf16b8acda1cc9bfe9565"
-SRCREV_meta ?= "6a3254e7b370cbb86c1f73379dcf38885c1c69e0"
+SRCREV_machine ?= "3aa9671ae072f45665e72591be5636522c8a6215"
+SRCREV_meta ?= "a889c43359ca8bee705601817c50edf3c209bc09"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.14;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.14.79"
+LINUX_VERSION ?= "4.14.154"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.18.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.18.bb
index 9b8609b425..91bb5765d1 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.18.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.18.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "917ee880b11f569d7a1118dc3575fd24d8ff349b"
-SRCREV_meta ?= "9e348b6f9db185cb60a34d18fd14a18b5def2c31"
+SRCREV_machine ?= "60b23779def52cac86267bdef0da0f2750dce287"
+SRCREV_meta ?= "865683fc87deee7030cd168f295e8afd70894d6c"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.18;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.18.27"
+LINUX_VERSION ?= "4.18.33"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb
index 71f5c4716a..52c02cad10 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb
@@ -4,7 +4,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "4.14.79"
+LINUX_VERSION ?= "4.14.154"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
@@ -12,8 +12,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "6ce17eae5d962b30846a5258956246438d68d60a"
-SRCREV_meta ?= "6a3254e7b370cbb86c1f73379dcf38885c1c69e0"
+SRCREV_machine ?= "38c3a6549d60a3b4a5ab0cb6a440929ba8502f7f"
+SRCREV_meta ?= "a889c43359ca8bee705601817c50edf3c209bc09"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.18.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.18.bb
index 0be7f0889a..c986eb8bac 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.18.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.18.bb
@@ -1,12 +1,12 @@
KBRANCH ?= "v4.18/standard/tiny/base"
-KBRANCH_qemuarm ?= "v4.15/standard/tiny/arm-versatile-926ejs"
+KBRANCH_qemuarm ?= "v4.18/standard/tiny/arm-versatile-926ejs"
LINUX_KERNEL_TYPE = "tiny"
KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "4.18.27"
+LINUX_VERSION ?= "4.18.33"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "8f59516428463985f2a636b024b6c3f1b2178855"
-SRCREV_machine ?= "62f0a3acffffd555f68ed97d5e4faade2b28f3c0"
-SRCREV_meta ?= "9e348b6f9db185cb60a34d18fd14a18b5def2c31"
+SRCREV_machine_qemuarm ?= "bc69d96021b7407a636cb7bc56334bf95a525e76"
+SRCREV_machine ?= "1a564c76f41cff5c9e9011c4dbb5ef8453836b5d"
+SRCREV_meta ?= "865683fc87deee7030cd168f295e8afd70894d6c"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.14.bb b/meta/recipes-kernel/linux/linux-yocto_4.14.bb
index 65b2444098..0048735c01 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.14.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.14.bb
@@ -11,20 +11,20 @@ KBRANCH_qemux86 ?= "v4.14/standard/base"
KBRANCH_qemux86-64 ?= "v4.14/standard/base"
KBRANCH_qemumips64 ?= "v4.14/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "8752b8421efe8b5a478f17fbffacf4af974ec703"
-SRCREV_machine_qemuarm64 ?= "ac66474ba7f7e93d16ae3ea005f214113bb127c5"
-SRCREV_machine_qemumips ?= "ab031b267e2a79fcd48da5d10d503f4d065f4821"
-SRCREV_machine_qemuppc ?= "f47c3945e8dd230ea37771bcacc836245fc79d22"
-SRCREV_machine_qemux86 ?= "f1d93b219bde37a8a286cd18d6af2dcf0d02c1a8"
-SRCREV_machine_qemux86-64 ?= "f1d93b219bde37a8a286cd18d6af2dcf0d02c1a8"
-SRCREV_machine_qemumips64 ?= "8063a7258fc670a361fed85b858fabb237485f1c"
-SRCREV_machine ?= "f1d93b219bde37a8a286cd18d6af2dcf0d02c1a8"
-SRCREV_meta ?= "6a3254e7b370cbb86c1f73379dcf38885c1c69e0"
+SRCREV_machine_qemuarm ?= "e4e2990af921c2d1544d18efa5f7183f95289cd0"
+SRCREV_machine_qemuarm64 ?= "51c9e69ebef5d2d15dfbcdf098269d86e0e38317"
+SRCREV_machine_qemumips ?= "e70c76a3fe9cc785619d9e4c8e28cb4d4d76ecaf"
+SRCREV_machine_qemuppc ?= "6b6eab44d3a04294c233e0b47d6b7c6cbb6e9ffb"
+SRCREV_machine_qemux86 ?= "57278e88a6b0f7c6230f7429cab7e74229f2b7ce"
+SRCREV_machine_qemux86-64 ?= "57278e88a6b0f7c6230f7429cab7e74229f2b7ce"
+SRCREV_machine_qemumips64 ?= "4e099e87d223bfc1526543a5e4c5383cb2edda70"
+SRCREV_machine ?= "57278e88a6b0f7c6230f7429cab7e74229f2b7ce"
+SRCREV_meta ?= "a889c43359ca8bee705601817c50edf3c209bc09"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.14;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.14.79"
+LINUX_VERSION ?= "4.14.154"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.18.bb b/meta/recipes-kernel/linux/linux-yocto_4.18.bb
index 4a9febc062..3be72a3a57 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.18.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.18.bb
@@ -11,21 +11,21 @@ KBRANCH_qemux86 ?= "v4.18/standard/base"
KBRANCH_qemux86-64 ?= "v4.18/standard/base"
KBRANCH_qemumips64 ?= "v4.18/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "e66e05d38c1a0eda0db1f34090ecf7155226fa4c"
-SRCREV_machine_qemuarm64 ?= "62f0a3acffffd555f68ed97d5e4faade2b28f3c0"
-SRCREV_machine_qemumips ?= "5fb9275fdd72ccd5f61cbbce5fef842fbcf3c957"
-SRCREV_machine_qemuppc ?= "62f0a3acffffd555f68ed97d5e4faade2b28f3c0"
-SRCREV_machine_qemux86 ?= "62f0a3acffffd555f68ed97d5e4faade2b28f3c0"
-SRCREV_machine_qemux86-64 ?= "62f0a3acffffd555f68ed97d5e4faade2b28f3c0"
-SRCREV_machine_qemumips64 ?= "19cccc092a7fe2337153c65045bded55ae4d5e4b"
-SRCREV_machine ?= "62f0a3acffffd555f68ed97d5e4faade2b28f3c0"
-SRCREV_meta ?= "9e348b6f9db185cb60a34d18fd14a18b5def2c31"
+SRCREV_machine_qemuarm ?= "813d81df5defc4e552b7c3085673437eaba4eea7"
+SRCREV_machine_qemuarm64 ?= "1a564c76f41cff5c9e9011c4dbb5ef8453836b5d"
+SRCREV_machine_qemumips ?= "12620f16df220007dfda3b70cc5044ec2322142c"
+SRCREV_machine_qemuppc ?= "1a564c76f41cff5c9e9011c4dbb5ef8453836b5d"
+SRCREV_machine_qemux86 ?= "1a564c76f41cff5c9e9011c4dbb5ef8453836b5d"
+SRCREV_machine_qemux86-64 ?= "1a564c76f41cff5c9e9011c4dbb5ef8453836b5d"
+SRCREV_machine_qemumips64 ?= "104cdfbbf95981e31a32dfe3bdeaff3afb517ad4"
+SRCREV_machine ?= "1a564c76f41cff5c9e9011c4dbb5ef8453836b5d"
+SRCREV_meta ?= "865683fc87deee7030cd168f295e8afd70894d6c"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.18;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "4.18.27"
+LINUX_VERSION ?= "4.18.33"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-net-expose-sk-wmem-in-sock_exceed_buf_limit-trac.patch b/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-net-expose-sk-wmem-in-sock_exceed_buf_limit-trac.patch
deleted file mode 100644
index 92e12df177..0000000000
--- a/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-net-expose-sk-wmem-in-sock_exceed_buf_limit-trac.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 9e67b4c94b94493123d38379bd9b3eceae23a6f1 Mon Sep 17 00:00:00 2001
-From: Michael Jeanson <mjeanson@efficios.com>
-Date: Fri, 7 Sep 2018 12:21:12 -0400
-Subject: [PATCH] Fix: net: expose sk wmem in sock_exceed_buf_limit tracepoint
- (4.19)
-
-See upstream commit:
-
- commit d6f19938eb031ee2158272757db33258153ae59c
- Author: Yafang Shao <laoar.shao@gmail.com>
- Date: Sun Jul 1 23:31:30 2018 +0800
-
- net: expose sk wmem in sock_exceed_buf_limit tracepoint
-
- Currently trace_sock_exceed_buf_limit() only show rmem info,
- but wmem limit may also be hit.
- So expose wmem info in this tracepoint as well.
-
- Regarding memcg, I think it is better to introduce a new tracepoint(if
- that is needed), i.e. trace_memcg_limit_hit other than show memcg info in
- trace_sock_exceed_buf_limit.
-
-Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
-Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
-Upstream-Status: Backport
-Signed-off-by: He Zhe <zhe.he@windriver.com>
----
- instrumentation/events/lttng-module/sock.h | 23 ++++++++++++++++++++++-
- 1 file changed, 22 insertions(+), 1 deletion(-)
-
-diff --git a/instrumentation/events/lttng-module/sock.h b/instrumentation/events/lttng-module/sock.h
-index 5cd02ca..cd0c92b 100644
---- a/instrumentation/events/lttng-module/sock.h
-+++ b/instrumentation/events/lttng-module/sock.h
-@@ -21,7 +21,28 @@ LTTNG_TRACEPOINT_EVENT(sock_rcvqueue_full,
- )
- )
-
--#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4,15,0))
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4,19,0))
-+
-+LTTNG_TRACEPOINT_EVENT(sock_exceed_buf_limit,
-+
-+ TP_PROTO(struct sock *sk, struct proto *prot, long allocated, int kind),
-+
-+ TP_ARGS(sk, prot, allocated, kind),
-+
-+ TP_FIELDS(
-+ ctf_string(name, prot->name)
-+ ctf_array(long, sysctl_mem, prot->sysctl_mem, 3)
-+ ctf_integer(long, allocated, allocated)
-+ ctf_integer(int, sysctl_rmem, sk_get_rmem0(sk, prot))
-+ ctf_integer(int, rmem_alloc, atomic_read(&sk->sk_rmem_alloc))
-+ ctf_integer(int, sysctl_wmem, sk_get_wmem0(sk, prot))
-+ ctf_integer(int, wmem_alloc, refcount_read(&sk->sk_wmem_alloc))
-+ ctf_integer(int, wmem_queued, sk->sk_wmem_queued)
-+ ctf_integer(int, kind, kind)
-+ )
-+)
-+
-+#elif (LINUX_VERSION_CODE >= KERNEL_VERSION(4,15,0))
-
- LTTNG_TRACEPOINT_EVENT(sock_exceed_buf_limit,
-
---
-2.7.4
-
diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.10.7.bb b/meta/recipes-kernel/lttng/lttng-modules_2.10.9.bb
index f6c865a875..d297377755 100644
--- a/meta/recipes-kernel/lttng/lttng-modules_2.10.7.bb
+++ b/meta/recipes-kernel/lttng/lttng-modules_2.10.9.bb
@@ -15,11 +15,10 @@ COMPATIBLE_HOST = '(x86_64|i.86|powerpc|aarch64|mips|nios2|arm).*-linux'
SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \
file://Makefile-Do-not-fail-if-CONFIG_TRACEPOINTS-is-not-en.patch \
file://BUILD_RUNTIME_BUG_ON-vs-gcc7.patch \
- file://0001-Fix-net-expose-sk-wmem-in-sock_exceed_buf_limit-trac.patch \
"
-SRC_URI[md5sum] = "d3cb4520948083bf1573a2e4cb7406aa"
-SRC_URI[sha256sum] = "f049428d3d131e103a7a7038d184731bf7bcdce00503fc19a2c9b5693ecbb3b5"
+SRC_URI[md5sum] = "09df0ac2e8f245740a2f32411d10c0d1"
+SRC_URI[sha256sum] = "a1855bbd02d0f71ebd180e9872309862036624f012442ab9cc5852eb60340145"
export INSTALL_MOD_DIR="kernel/lttng-modules"
diff --git a/meta/recipes-kernel/lttng/lttng-tools/0001-Allow-multiple-attempts-to-connect-to-relayd.patch b/meta/recipes-kernel/lttng/lttng-tools/0001-Allow-multiple-attempts-to-connect-to-relayd.patch
index 62a0978592..0998fc3860 100644
--- a/meta/recipes-kernel/lttng/lttng-tools/0001-Allow-multiple-attempts-to-connect-to-relayd.patch
+++ b/meta/recipes-kernel/lttng/lttng-tools/0001-Allow-multiple-attempts-to-connect-to-relayd.patch
@@ -16,17 +16,17 @@ Signed-off-by: Mikael Beckius <mikael.beckius@windriver.com>
Signed-off-by: He Zhe <zhe.he@windriver.com>
Upstream-Status: Pending
---
- src/bin/lttng-sessiond/cmd.c | 8 --------
+ src/bin/lttng-sessiond/cmd.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c
-index 73b4ce3..36f62ee 100644
+index cf30b8e..cc41a48 100644
--- a/src/bin/lttng-sessiond/cmd.c
+++ b/src/bin/lttng-sessiond/cmd.c
-@@ -689,14 +689,6 @@ close_sock:
- free(rsock);
+@@ -945,14 +945,6 @@ static int send_consumer_relayd_socket(enum lttng_domain_type domain,
+ */
- error:
+ close_sock:
- if (ret != LTTNG_OK) {
- /*
- * The consumer output for this session should not be used anymore
@@ -35,9 +35,8 @@ index 73b4ce3..36f62ee 100644
- */
- consumer->enabled = 0;
- }
- return ret;
- }
+ (void) relayd_close(rsock);
+ free(rsock);
--
-1.7.9.5
-
+2.17.1
diff --git a/meta/recipes-kernel/lttng/lttng-tools_2.9.5.bb b/meta/recipes-kernel/lttng/lttng-tools_2.9.11.bb
index 0314b53637..5e3fc1aab2 100644
--- a/meta/recipes-kernel/lttng/lttng-tools_2.9.5.bb
+++ b/meta/recipes-kernel/lttng/lttng-tools_2.9.11.bb
@@ -34,8 +34,8 @@ SRC_URI = "https://lttng.org/files/lttng-tools/lttng-tools-${PV}.tar.bz2 \
file://lttng-sessiond.service \
"
-SRC_URI[md5sum] = "051224eb991aee07f8721ff1877d0b96"
-SRC_URI[sha256sum] = "77839eb6fc6c652125f08acfd9369701c2516eb05cc2084160e7efc7a3fb731c"
+SRC_URI[md5sum] = "f9c2b35810790f5bd802483eb14cb301"
+SRC_URI[sha256sum] = "2c45144acf8dc6fcd655be7370a022e9c03c8b7419af489c9c2e786a335006db"
inherit autotools ptest pkgconfig useradd python3-dir manpages systemd
diff --git a/meta/recipes-kernel/lttng/lttng-ust_2.10.1.bb b/meta/recipes-kernel/lttng/lttng-ust_2.10.3.bb
index d79a47931c..b5c43200d6 100644
--- a/meta/recipes-kernel/lttng/lttng-ust_2.10.1.bb
+++ b/meta/recipes-kernel/lttng/lttng-ust_2.10.3.bb
@@ -23,8 +23,8 @@ PE = "2"
SRC_URI = "https://lttng.org/files/lttng-ust/lttng-ust-${PV}.tar.bz2 \
file://lttng-ust-doc-examples-disable.patch \
"
-SRC_URI[md5sum] = "4863cc2f9f0a070b42438bb646bbba06"
-SRC_URI[sha256sum] = "07cc3c0b71e7b77f1913d5b7f340a78a9af414440e4662712aef2d635b88ee9d"
+SRC_URI[md5sum] = "ffcfa8c1ba9a52f002d240e936e9afa2"
+SRC_URI[sha256sum] = "9e8420f90d5f963f7aa32bc6d44adc1e491136f687c69ffb7a3075d33b40852b"
CVE_PRODUCT = "ust"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2019-9928.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2019-9928.patch
new file mode 100644
index 0000000000..0ad7245c8e
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2019-9928.patch
@@ -0,0 +1,33 @@
+From f672277509705c4034bc92a141eefee4524d15aa Mon Sep 17 00:00:00 2001
+From: Tobias Ronge <tobiasr@axis.com>
+Date: Thu, 14 Mar 2019 10:12:27 +0100
+Subject: [PATCH] gstrtspconnection: Security loophole making heap overflow
+
+The former code allowed an attacker to create a heap overflow by
+sending a longer than allowed session id in a response and including a
+semicolon to change the maximum length. With this change, the parser
+will never go beyond 512 bytes.
+
+Upstream-Status: Backport
+CVE: CVE-2019-9928
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ gst-libs/gst/rtsp/gstrtspconnection.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst-libs/gst/rtsp/gstrtspconnection.c b/gst-libs/gst/rtsp/gstrtspconnection.c
+index a6755bedd..c0429064a 100644
+--- a/gst-libs/gst/rtsp/gstrtspconnection.c
++++ b/gst-libs/gst/rtsp/gstrtspconnection.c
+@@ -2461,7 +2461,7 @@ build_next (GstRTSPBuilder * builder, GstRTSPMessage * message,
+ maxlen = sizeof (conn->session_id) - 1;
+ /* the sessionid can have attributes marked with ;
+ * Make sure we strip them */
+- for (i = 0; session_id[i] != '\0'; i++) {
++ for (i = 0; i < maxlen && session_id[i] != '\0'; i++) {
+ if (session_id[i] == ';') {
+ maxlen = i;
+ /* parse timeout */
+--
+2.21.0
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.14.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.14.4.bb
index 12c9bbce9d..0d8b033f88 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.14.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.14.4.bb
@@ -20,6 +20,7 @@ SRC_URI = " \
file://0010-gl-Add-switch-for-explicitely-enabling-disabling-GBM.patch \
file://0011-gl-Add-switches-for-explicitely-enabling-disabling-P.patch \
file://link-with-libvchostif.patch \
+ file://CVE-2019-9928.patch \
"
SRC_URI[md5sum] = "4dbe20c1bf44191c2b8833234df5cb2a"
SRC_URI[sha256sum] = "ca6139490e48863e7706d870ff4e8ac9f417b56f3b9e4b3ce490c13b09a77461"
diff --git a/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
new file mode 100644
index 0000000000..6ee1f8da30
--- /dev/null
+++ b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
@@ -0,0 +1,20 @@
+Use-after-free detected with static analysis.
+
+CVE: CVE-2019-7317
+Upstream-Status: Submitted [https://github.com/glennrp/libpng/issues/275]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/png.c b/png.c
+index 9d9926f638..efd1aecfbd 100644
+--- a/png.c
++++ b/png.c
+@@ -4588,8 +4588,7 @@ png_image_free(png_imagep image)
+ if (image != NULL && image->opaque != NULL &&
+ image->opaque->error_buf == NULL)
+ {
+- /* Ignore errors here: */
+- (void)png_safe_execute(image, png_image_free_function, image);
++ png_image_free_function(image);
+ image->opaque = NULL;
+ }
+ }
diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb b/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
index 3cf4f7249c..a586237888 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
@@ -9,7 +9,8 @@ DEPENDS = "zlib"
LIBV = "16"
-SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz"
+SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz \
+ file://CVE-2019-7317.patch"
SRC_URI[md5sum] = "df2be2d29c40937fe1f5349b16bc2826"
SRC_URI[sha256sum] = "eceb924c1fa6b79172fdfd008d335f0e59172a86a66481e09d4089df872aa319"
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/0001-a-ulaw-fix-multiple-buffer-overflows-432.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/0001-a-ulaw-fix-multiple-buffer-overflows-432.patch
index c3f44ca235..a4679cef2a 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1/0001-a-ulaw-fix-multiple-buffer-overflows-432.patch
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/0001-a-ulaw-fix-multiple-buffer-overflows-432.patch
@@ -1,3 +1,15 @@
+This patch fixes #429 (CVE-2018-19661 CVE-2018-19662) and #344 (CVE-2017-17456
+CVE-2017-17457). As per
+https://github.com/erikd/libsndfile/issues/344#issuecomment-448504425 it also
+fixes #317 (CVE-2017-14245 CVE-2017-14246).
+
+CVE: CVE-2017-14245 CVE-2017-14246
+CVE: CVE-2017-17456 CVE-2017-17457
+CVE: CVE-2018-19661 CVE-2018-19662
+
+Upstream-Status: Backport [8ddc442d539ca775d80cdbc7af17a718634a743f]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
From 39453899fe1bb39b2e041fdf51a85aecd177e9c7 Mon Sep 17 00:00:00 2001
From: Changqing Li <changqing.li@windriver.com>
Date: Mon, 7 Jan 2019 15:55:03 +0800
@@ -17,12 +29,6 @@ In this case, arbitrarily set the buffer value to 0.
This commit fixes #429 (CVE-2018-19661 and CVE-2018-19662) and
fixes #344 (CVE-2017-17456 and CVE-2017-17457).
-Upstream-Status: Backport[https://github.com/erikd/libsndfile/
-commit/585cc28a93be27d6938f276af0011401b9f7c0ca]
-
-CVE: CVE-2017-17456 CVE-2017-17457 CVE-2018-19661 CVE-2018-19662
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
src/alaw.c | 9 +++++++--
src/ulaw.c | 9 +++++++--
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-12562.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-12562.patch
new file mode 100644
index 0000000000..491dae3114
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-12562.patch
@@ -0,0 +1,96 @@
+Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in
+libsndfile through 1.0.28 allows remote attackers to cause a denial of service
+(application crash) or possibly have unspecified other impact.
+
+CVE: CVE-2017-12562
+Upstream-Status: Backport [cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From b6a9d7e95888ffa77d8c75ce3f03e6c7165587cd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= <osmanx@problemloesungsmaschine.de>
+Date: Wed, 14 Jun 2017 12:25:40 +0200
+Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings
+ in binheader
+
+Fixes the following problems:
+ 1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes.
+ 2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the
+ big switch statement by an amount (16 bytes) which is enough for all cases
+ where only a single value gets added. Cases 's', 'S', 'p' however
+ additionally write an arbitrary length block of data and again enlarge the
+ buffer to the required amount. However, the required space calculation does
+ not take into account the size of the length field which gets output before
+ the data.
+ 3. Buffer size requirement calculation in case 'S' does not account for the
+ padding byte ("size += (size & 1) ;" happens after the calculation which
+ uses "size").
+ 4. Case 'S' can overrun the header buffer by 1 byte when no padding is
+ involved
+ ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while
+ the buffer is only guaranteed to have "size" space available).
+ 5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte
+ beyond the space which is guaranteed to be allocated in the header buffer.
+ 6. Case 's' can overrun the provided source string by 1 byte if padding is
+ involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;"
+ where "size" is "strlen (strptr) + 1" (which includes the 0 terminator,
+ plus optionally another 1 which is padding and not guaranteed to be
+ readable via the source string pointer).
+
+Closes: https://github.com/erikd/libsndfile/issues/292
+---
+ src/common.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/src/common.c b/src/common.c
+index 1a6204ca..6b2a2ee9 100644
+--- a/src/common.c
++++ b/src/common.c
+@@ -681,16 +681,16 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ /* Write a C string (guaranteed to have a zero terminator). */
+ strptr = va_arg (argptr, char *) ;
+ size = strlen (strptr) + 1 ;
+- size += (size & 1) ;
+
+- if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16))
++ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ return count ;
+
+ if (psf->rwf_endian == SF_ENDIAN_BIG)
+- header_put_be_int (psf, size) ;
++ header_put_be_int (psf, size + (size & 1)) ;
+ else
+- header_put_le_int (psf, size) ;
++ header_put_le_int (psf, size + (size & 1)) ;
+ memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;
++ size += (size & 1) ;
+ psf->header.indx += size ;
+ psf->header.ptr [psf->header.indx - 1] = 0 ;
+ count += 4 + size ;
+@@ -703,16 +703,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ */
+ strptr = va_arg (argptr, char *) ;
+ size = strlen (strptr) ;
+- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
++ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ return count ;
+ if (psf->rwf_endian == SF_ENDIAN_BIG)
+ header_put_be_int (psf, size) ;
+ else
+ header_put_le_int (psf, size) ;
+- memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;
++ memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ;
+ size += (size & 1) ;
+ psf->header.indx += size ;
+- psf->header.ptr [psf->header.indx] = 0 ;
+ count += 4 + size ;
+ break ;
+
+@@ -724,7 +723,7 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ size = (size & 1) ? size : size + 1 ;
+ size = (size > 254) ? 254 : size ;
+
+- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
++ if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size))
+ return count ;
+
+ header_put_byte (psf, size) ;
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14245-14246.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14245-14246.patch
deleted file mode 100644
index a17ec21f98..0000000000
--- a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14245-14246.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-From 2d54514a4f6437b67829717c05472d2e3300a258 Mon Sep 17 00:00:00 2001
-From: Fabian Greffrath <fabian@greffrath.com>
-Date: Wed, 27 Sep 2017 14:46:17 +0200
-Subject: [PATCH] sfe_copy_data_fp: check value of "max" variable for being
- normal
-
-and check elements of the data[] array for being finite.
-
-Both checks use functions provided by the <math.h> header as declared
-by the C99 standard.
-
-Fixes #317
-CVE: CVE-2017-14245
-CVE: CVE-2017-14246
-
-Upstream-Status: Backport [https://github.com/fabiangreffrath/libsndfile/commit/2d54514a4f6437b67829717c05472d2e3300a258]
-
-Signed-off-by: Fabian Greffrath <fabian@greffrath.com>
-Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
----
- programs/common.c | 20 ++++++++++++++++----
- programs/common.h | 2 +-
- programs/sndfile-convert.c | 6 +++++-
- 3 files changed, 22 insertions(+), 6 deletions(-)
-
-diff --git a/programs/common.c b/programs/common.c
-index a21e62c..a249a58 100644
---- a/programs/common.c
-+++ b/programs/common.c
-@@ -36,6 +36,7 @@
- #include <string.h>
- #include <ctype.h>
- #include <stdint.h>
-+#include <math.h>
-
- #include <sndfile.h>
-
-@@ -45,7 +46,7 @@
-
- #define MIN(x, y) ((x) < (y) ? (x) : (y))
-
--void
-+int
- sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize)
- { static double data [BUFFER_LEN], max ;
- int frames, readcount, k ;
-@@ -54,6 +55,8 @@ sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize
- readcount = frames ;
-
- sf_command (infile, SFC_CALC_SIGNAL_MAX, &max, sizeof (max)) ;
-+ if (!isnormal (max)) /* neither zero, subnormal, infinite, nor NaN */
-+ return 1 ;
-
- if (!normalize && max < 1.0)
- { while (readcount > 0)
-@@ -67,12 +70,16 @@ sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize
- while (readcount > 0)
- { readcount = sf_readf_double (infile, data, frames) ;
- for (k = 0 ; k < readcount * channels ; k++)
-- data [k] /= max ;
-+ { data [k] /= max ;
-+
-+ if (!isfinite (data [k])) /* infinite or NaN */
-+ return 1;
-+ }
- sf_writef_double (outfile, data, readcount) ;
- } ;
- } ;
-
-- return ;
-+ return 0 ;
- } /* sfe_copy_data_fp */
-
- void
-@@ -252,7 +259,12 @@ sfe_apply_metadata_changes (const char * filenames [2], const METADATA_INFO * in
-
- /* If the input file is not the same as the output file, copy the data. */
- if ((infileminor == SF_FORMAT_DOUBLE) || (infileminor == SF_FORMAT_FLOAT))
-- sfe_copy_data_fp (outfile, infile, sfinfo.channels, SF_FALSE) ;
-+ { if (sfe_copy_data_fp (outfile, infile, sfinfo.channels, SF_FALSE) != 0)
-+ { printf ("Error : Not able to decode input file '%s'\n", filenames [0]) ;
-+ error_code = 1 ;
-+ goto cleanup_exit ;
-+ } ;
-+ }
- else
- sfe_copy_data_int (outfile, infile, sfinfo.channels) ;
- } ;
-diff --git a/programs/common.h b/programs/common.h
-index eda2d7d..986277e 100644
---- a/programs/common.h
-+++ b/programs/common.h
-@@ -62,7 +62,7 @@ typedef SF_BROADCAST_INFO_VAR (2048) SF_BROADCAST_INFO_2K ;
-
- void sfe_apply_metadata_changes (const char * filenames [2], const METADATA_INFO * info) ;
-
--void sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize) ;
-+int sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize) ;
-
- void sfe_copy_data_int (SNDFILE *outfile, SNDFILE *infile, int channels) ;
-
-diff --git a/programs/sndfile-convert.c b/programs/sndfile-convert.c
-index dff7f79..e6de593 100644
---- a/programs/sndfile-convert.c
-+++ b/programs/sndfile-convert.c
-@@ -335,7 +335,11 @@ main (int argc, char * argv [])
- || (outfileminor == SF_FORMAT_DOUBLE) || (outfileminor == SF_FORMAT_FLOAT)
- || (infileminor == SF_FORMAT_DOUBLE) || (infileminor == SF_FORMAT_FLOAT)
- || (infileminor == SF_FORMAT_VORBIS) || (outfileminor == SF_FORMAT_VORBIS))
-- sfe_copy_data_fp (outfile, infile, sfinfo.channels, normalize) ;
-+ { if (sfe_copy_data_fp (outfile, infile, sfinfo.channels, normalize) != 0)
-+ { printf ("Error : Not able to decode input file %s.\n", infilename) ;
-+ return 1 ;
-+ } ;
-+ }
- else
- sfe_copy_data_int (outfile, infile, sfinfo.channels) ;
-
---
-2.7.4
-
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch
index 4ae3674df1..707373d414 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch
@@ -1,23 +1,25 @@
-From 5473aeef7875e54bd0f786fbdd259a35aaee875c Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Wed, 10 Oct 2018 08:59:30 +0800
-Subject: [PATCH] libsndfile1: patch for CVE-2018-13139
+CVE: CVE-2018-13139
+Upstream-Status: Backport [9dc989eb89cd697e19897afa616d6ab0debe4822]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
-Upstream-Status: Backport [https://github.com/bwarden/libsndfile/
-commit/df18323c622b54221ee7ace74b177cdcccc152d7]
+From 9dc989eb89cd697e19897afa616d6ab0debe4822 Mon Sep 17 00:00:00 2001
+From: "Brett T. Warden" <brett.t.warden@intel.com>
+Date: Tue, 28 Aug 2018 12:01:17 -0700
+Subject: [PATCH] Check MAX_CHANNELS in sndfile-deinterleave
-CVE: CVE-2018-13139
+Allocated buffer has space for only 16 channels. Verify that input file
+meets this limit.
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
+Fixes #397
---
- programs/sndfile-deinterleave.c | 6 ++++++
- 1 file changed, 6 insertions(+)
+ programs/sndfile-deinterleave.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c
-index e27593e..721bee7 100644
+index e27593e2..cb497e1f 100644
--- a/programs/sndfile-deinterleave.c
+++ b/programs/sndfile-deinterleave.c
-@@ -89,6 +89,12 @@ main (int argc, char **argv)
+@@ -89,6 +89,13 @@ main (int argc, char **argv)
exit (1) ;
} ;
@@ -27,9 +29,9 @@ index e27593e..721bee7 100644
+ exit (1) ;
+ } ;
+
++
state.channels = sfinfo.channels ;
sfinfo.channels = 1 ;
--
-2.7.4
-
+2.11.0
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19432.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19432.patch
new file mode 100644
index 0000000000..8ded2c0f85
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19432.patch
@@ -0,0 +1,115 @@
+From 6f3266277bed16525f0ac2f0f03ff4626f1923e5 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Thu, 8 Mar 2018 18:00:21 +1100
+Subject: [PATCH] Fix max channel count bug
+
+The code was allowing files to be written with a channel count of exactly
+`SF_MAX_CHANNELS` but was failing to read some file formats with the same
+channel count.
+
+Upstream-Status: Backport [https://github.com/erikd/libsndfile/
+commit/6f3266277bed16525f0ac2f0f03ff4626f1923e5]
+
+CVE: CVE-2018-19432
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+---
+ src/aiff.c | 6 +++---
+ src/rf64.c | 4 ++--
+ src/w64.c | 4 ++--
+ src/wav.c | 4 ++--
+ 4 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/src/aiff.c b/src/aiff.c
+index fbd43cb..6386bce 100644
+--- a/src/aiff.c
++++ b/src/aiff.c
+@@ -1,5 +1,5 @@
+ /*
+-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
++** Copyright (C) 1999-2018 Erik de Castro Lopo <erikd@mega-nerd.com>
+ ** Copyright (C) 2005 David Viens <davidv@plogue.com>
+ **
+ ** This program is free software; you can redistribute it and/or modify
+@@ -950,7 +950,7 @@ aiff_read_header (SF_PRIVATE *psf, COMM_
+ if (psf->sf.channels < 1)
+ return SFE_CHANNEL_COUNT_ZERO ;
+
+- if (psf->sf.channels >= SF_MAX_CHANNELS)
++ if (psf->sf.channels > SF_MAX_CHANNELS)
+ return SFE_CHANNEL_COUNT ;
+
+ if (! (found_chunk & HAVE_FORM))
+@@ -1030,7 +1030,7 @@ aiff_read_comm_chunk (SF_PRIVATE *psf, C
+ psf_log_printf (psf, " Sample Rate : %d\n", samplerate) ;
+ psf_log_printf (psf, " Frames : %u%s\n", comm_fmt->numSampleFrames, (comm_fmt->numSampleFrames == 0 && psf->filelength > 104) ? " (Should not be 0)" : "") ;
+
+- if (comm_fmt->numChannels < 1 || comm_fmt->numChannels >= SF_MAX_CHANNELS)
++ if (comm_fmt->numChannels < 1 || comm_fmt->numChannels > SF_MAX_CHANNELS)
+ { psf_log_printf (psf, " Channels : %d (should be >= 1 and < %d)\n", comm_fmt->numChannels, SF_MAX_CHANNELS) ;
+ return SFE_CHANNEL_COUNT_BAD ;
+ } ;
+diff --git a/src/rf64.c b/src/rf64.c
+index d57f0f3..876cd45 100644
+--- a/src/rf64.c
++++ b/src/rf64.c
+@@ -1,5 +1,5 @@
+ /*
+-** Copyright (C) 2008-2017 Erik de Castro Lopo <erikd@mega-nerd.com>
++** Copyright (C) 2008-2018 Erik de Castro Lopo <erikd@mega-nerd.com>
+ ** Copyright (C) 2009 Uli Franke <cls@nebadje.org>
+ **
+ ** This program is free software; you can redistribute it and/or modify
+@@ -382,7 +382,7 @@ rf64_read_header (SF_PRIVATE *psf, int *
+ if (psf->sf.channels < 1)
+ return SFE_CHANNEL_COUNT_ZERO ;
+
+- if (psf->sf.channels >= SF_MAX_CHANNELS)
++ if (psf->sf.channels > SF_MAX_CHANNELS)
+ return SFE_CHANNEL_COUNT ;
+
+ /* WAVs can be little or big endian */
+diff --git a/src/w64.c b/src/w64.c
+index 939b716..a37d2c5 100644
+--- a/src/w64.c
++++ b/src/w64.c
+@@ -1,5 +1,5 @@
+ /*
+-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
++** Copyright (C) 1999-2018 Erik de Castro Lopo <erikd@mega-nerd.com>
+ **
+ ** This program is free software; you can redistribute it and/or modify
+ ** it under the terms of the GNU Lesser General Public License as published by
+@@ -383,7 +383,7 @@ w64_read_header (SF_PRIVATE *psf, int *b
+ if (psf->sf.channels < 1)
+ return SFE_CHANNEL_COUNT_ZERO ;
+
+- if (psf->sf.channels >= SF_MAX_CHANNELS)
++ if (psf->sf.channels > SF_MAX_CHANNELS)
+ return SFE_CHANNEL_COUNT ;
+
+ psf->endian = SF_ENDIAN_LITTLE ; /* All W64 files are little endian. */
+diff --git a/src/wav.c b/src/wav.c
+index 7bd97bc..dc97545 100644
+--- a/src/wav.c
++++ b/src/wav.c
+@@ -1,5 +1,5 @@
+ /*
+-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
++** Copyright (C) 1999-2018 Erik de Castro Lopo <erikd@mega-nerd.com>
+ ** Copyright (C) 2004-2005 David Viens <davidv@plogue.com>
+ **
+ ** This program is free software; you can redistribute it and/or modify
+@@ -627,7 +627,7 @@ wav_read_header (SF_PRIVATE *psf, int *b
+ if (psf->sf.channels < 1)
+ return SFE_CHANNEL_COUNT_ZERO ;
+
+- if (psf->sf.channels >= SF_MAX_CHANNELS)
++ if (psf->sf.channels > SF_MAX_CHANNELS)
+ return SFE_CHANNEL_COUNT ;
+
+ if (format != WAVE_FORMAT_PCM && (parsestage & HAVE_fact) == 0)
+--
+1.7.9.5
+
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch
new file mode 100644
index 0000000000..c3586f9dfc
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch
@@ -0,0 +1,34 @@
+There is a heap-based buffer over-read at wav.c in wav_write_header in
+libsndfile 1.0.28 that will cause a denial of service.
+
+CVE: CVE-2018-19758
+Upstream-Status: Backport [42132c543358cee9f7c3e9e9b15bb6c1063a608e]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From c12173b0197dd0c5cfa2cd27977e982d2ae59486 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Tue, 1 Jan 2019 20:11:46 +1100
+Subject: [PATCH] src/wav.c: Fix heap read overflow
+
+This is CVE-2018-19758.
+
+Closes: https://github.com/erikd/libsndfile/issues/435
+---
+ src/wav.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/wav.c b/src/wav.c
+index e8405b55..6fb94ae8 100644
+--- a/src/wav.c
++++ b/src/wav.c
+@@ -1094,6 +1094,8 @@ wav_write_header (SF_PRIVATE *psf, int calc_length)
+ psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */
+ psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ;
+
++ /* Loop count is signed 16 bit number so we limit it range to something sensible. */
++ psf->instrument->loop_count &= 0x7fff ;
+ for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
+ { int type ;
+
+--
+2.11.0
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2019-3832.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2019-3832.patch
new file mode 100644
index 0000000000..ab37211399
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2019-3832.patch
@@ -0,0 +1,37 @@
+From 43886efc408c21e1e329086ef70c88860310f25b Mon Sep 17 00:00:00 2001
+From: Emilio Pozuelo Monfort <pochu27@gmail.com>
+Date: Tue, 5 Mar 2019 11:27:17 +0100
+Subject: [PATCH] wav_write_header: don't read past the array end
+
+CVE-2018-19758 wasn't entirely fixed in the fix, so fix it harder.
+
+CVE: CVE-2019-3832
+Upstream-Status: Backport [7408c4c788ce047d4e652b60a04e7796bcd7267e]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+If loop_count is bigger than the array, truncate it to the array
+length (and not to 32k).
+
+CVE-2019-3832
+
+---
+ src/wav.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/wav.c b/src/wav.c
+index daae3cc..8851549 100644
+--- a/src/wav.c
++++ b/src/wav.c
+@@ -1094,8 +1094,10 @@ wav_write_header (SF_PRIVATE *psf, int calc_length)
+ psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */
+ psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ;
+
+- /* Loop count is signed 16 bit number so we limit it range to something sensible. */
+- psf->instrument->loop_count &= 0x7fff ;
++ /* Make sure we don't read past the loops array end. */
++ if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops))
++ psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ;
++
+ for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
+ { int type ;
+
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index 13248f5cb7..77393db847 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -10,10 +10,13 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
file://CVE-2017-8361-8365.patch \
file://CVE-2017-8362.patch \
file://CVE-2017-8363.patch \
- file://CVE-2017-14245-14246.patch \
file://CVE-2017-14634.patch \
file://CVE-2018-13139.patch \
file://0001-a-ulaw-fix-multiple-buffer-overflows-432.patch \
+ file://CVE-2018-19432.patch \
+ file://CVE-2017-12562.patch \
+ file://CVE-2018-19758.patch \
+ file://CVE-2019-3832.patch \
"
SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
diff --git a/meta/recipes-sato/images/core-image-sato-sdk-ptest.bb b/meta/recipes-sato/images/core-image-sato-sdk-ptest.bb
index 531571ee87..22df057947 100644
--- a/meta/recipes-sato/images/core-image-sato-sdk-ptest.bb
+++ b/meta/recipes-sato/images/core-image-sato-sdk-ptest.bb
@@ -4,8 +4,12 @@ DESCRIPTION += "Also includes ptest packages."
IMAGE_FEATURES += "ptest-pkgs"
-# This image is sufficiently large (~3GB) that it can't actually fit in a live
+# This image is sufficiently large (~1.8GB) that we need to be careful that it fits in a live
# image (which has a 4GB limit), so nullify the overhead factor (1.3x out of the
-# box) and explicitly add just 500MB.
+# box) and explicitly add just 1200MB.
+# strace-ptest in particular needs more than 500MB
IMAGE_OVERHEAD_FACTOR = "1.0"
-IMAGE_ROOTFS_EXTRA_SPACE = "524288"
+IMAGE_ROOTFS_EXTRA_SPACE = "1224288"
+
+# ptests need more memory than standard to avoid the OOM killer
+QB_MEM = "-m 1024"
diff --git a/meta/recipes-support/atk/at-spi2-core_2.28.0.bb b/meta/recipes-support/atk/at-spi2-core_2.28.0.bb
index 7975f58bad..0bdb1e37f3 100644
--- a/meta/recipes-support/atk/at-spi2-core_2.28.0.bb
+++ b/meta/recipes-support/atk/at-spi2-core_2.28.0.bb
@@ -18,7 +18,7 @@ inherit meson gtk-doc gettext systemd pkgconfig distro_features_check upstream-v
REQUIRED_DISTRO_FEATURES = "x11"
EXTRA_OEMESON = " -Dsystemd_user_dir=${systemd_user_unitdir} \
- -Ddbus_daemon=${bindir}"
+ -Ddbus_daemon=${bindir}/dbus-daemon"
GTKDOC_ENABLE_FLAG = "-Denable_docs=true"
GTKDOC_DISABLE_FLAG = "-Denable_docs=false"
diff --git a/meta/recipes-support/attr/attr_2.4.47.bb b/meta/recipes-support/attr/attr_2.4.47.bb
index fc88bef830..c3da66a0c7 100644
--- a/meta/recipes-support/attr/attr_2.4.47.bb
+++ b/meta/recipes-support/attr/attr_2.4.47.bb
@@ -12,4 +12,7 @@ SRC_URI += "file://attr-Missing-configure.ac.patch \
SRC_URI[md5sum] = "84f58dec00b60f2dc8fd1c9709291cc7"
SRC_URI[sha256sum] = "25772f653ac5b2e3ceeb89df50e4688891e21f723c460636548971652af0a859"
+# Has issues with newer versions of make
+PARALLEL_MAKEINST = ""
+
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-support/boost/bjam-native_1.69.0.bb b/meta/recipes-support/boost/bjam-native_1.68.0.bb
index 94f96e62d8..94f96e62d8 100644
--- a/meta/recipes-support/boost/bjam-native_1.69.0.bb
+++ b/meta/recipes-support/boost/bjam-native_1.68.0.bb
diff --git a/meta/recipes-support/boost/boost-1.69.0.inc b/meta/recipes-support/boost/boost-1.68.0.inc
index 923436b1e0..b367a80b64 100644
--- a/meta/recipes-support/boost/boost-1.69.0.inc
+++ b/meta/recipes-support/boost/boost-1.68.0.inc
@@ -12,8 +12,8 @@ BOOST_MAJ = "${@"_".join(d.getVar("PV").split(".")[0:2])}"
BOOST_P = "boost_${BOOST_VER}"
SRC_URI = "${SOURCEFORGE_MIRROR}/project/boost/boost/${PV}/${BOOST_P}.tar.bz2"
-SRC_URI[md5sum] = "a1332494397bf48332cb152abfefcec2"
-SRC_URI[sha256sum] = "8f32d4617390d1c2d16f26a27ab60d97807b35440d45891fa340fc2648b04406"
+SRC_URI[md5sum] = "7fbd1890f571051f2a209681d57d486a"
+SRC_URI[sha256sum] = "7f6130bc3cf65f56a618888ce9d5ea704fa10b462be126ad053e80e553d6d8b7"
UPSTREAM_CHECK_URI = "http://www.boost.org/users/download/"
UPSTREAM_CHECK_REGEX = "boostorg/release/(?P<pver>.*)/source/"
diff --git a/meta/recipes-support/boost/boost.inc b/meta/recipes-support/boost/boost.inc
index 9be3717fd6..c4faea211f 100644
--- a/meta/recipes-support/boost/boost.inc
+++ b/meta/recipes-support/boost/boost.inc
@@ -21,6 +21,7 @@ BOOST_LIBS = "\
random \
regex \
serialization \
+ signals \
system \
timer \
test \
diff --git a/meta/recipes-support/boost/boost/0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch b/meta/recipes-support/boost/boost/0003-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch
index 8944cb37b4..fb6d9711b9 100644
--- a/meta/recipes-support/boost/boost/0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch
+++ b/meta/recipes-support/boost/boost/0003-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch
@@ -1,20 +1,21 @@
-From 3e4eb02eb5951058bc6f8dffbf049eb189df8291 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Tue, 18 Dec 2018 15:42:57 +0100
-Subject: [PATCH] Don't set up arch/instruction-set flags, we do that ourselves
+From 0868761e7d2d75d472090e3ef96f3d2f9ced27f3 Mon Sep 17 00:00:00 2001
+From: Christopher Larson <chris_larson@mentor.com>
+Date: Tue, 13 Dec 2016 10:29:32 -0700
+Subject: [PATCH 5/6] Don't set up arch/instruction-set flags, we do that
+ ourselves
Upstream-Status: Inappropriate
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
---
- tools/build/src/tools/gcc.jam | 128 ----------------------------------
- 1 file changed, 128 deletions(-)
+ tools/build/src/tools/gcc.jam | 127 ------------------------------------------
+ 1 file changed, 127 deletions(-)
diff --git a/tools/build/src/tools/gcc.jam b/tools/build/src/tools/gcc.jam
-index c57c773f..28618fb1 100644
+index e3b1b952..e4fc6c32 100644
--- a/tools/build/src/tools/gcc.jam
+++ b/tools/build/src/tools/gcc.jam
-@@ -1152,131 +1152,3 @@ local rule cpu-flags ( toolset variable : architecture : instruction-set + :
+@@ -1276,130 +1276,3 @@ local rule cpu-flags ( toolset variable : architecture : instruction-set + :
<architecture>$(architecture)/<instruction-set>$(instruction-set)
: $(values) ;
}
@@ -64,7 +65,6 @@ index c57c773f..28618fb1 100644
-cpu-flags gcc OPTIONS : x86 : skylake : -march=skylake ;
-cpu-flags gcc OPTIONS : x86 : skylake-avx512 : -march=skylake-avx512 ;
-cpu-flags gcc OPTIONS : x86 : cannonlake : -march=skylake-avx512 -mavx512vbmi -mavx512ifma -msha ;
--cpu-flags gcc OPTIONS : x86 : icelake : -march=icelake ;
-cpu-flags gcc OPTIONS : x86 : k6 : -march=k6 ;
-cpu-flags gcc OPTIONS : x86 : k6-2 : -march=k6-2 ;
-cpu-flags gcc OPTIONS : x86 : k6-3 : -march=k6-3 ;
@@ -146,3 +146,6 @@ index c57c773f..28618fb1 100644
-cpu-flags gcc OPTIONS : power : rs64a : -mcpu=rs64 ;
-# AIX variant of RS/6000 & PowerPC
-toolset.flags gcc AROPTIONS <address-model>64/<target-os>aix : "-X64" ;
+--
+2.15.1
+
diff --git a/meta/recipes-support/boost/boost/reproducibility-add-file-directive-to-assembler.patch b/meta/recipes-support/boost/boost/reproducibility-add-file-directive-to-assembler.patch
new file mode 100644
index 0000000000..155653316c
--- /dev/null
+++ b/meta/recipes-support/boost/boost/reproducibility-add-file-directive-to-assembler.patch
@@ -0,0 +1,243 @@
+Author: Douglas Royds <douglas.royds@taitradio.com>
+Date: Thu Nov 22 09:34:22 2018 +1300
+
+Add a .file directive explicitly for all *_elf_gas.S files to prevent the linker
+adding a host build-system path as a FILE symbol to the object file.
+
+This replaces the existing patch that added the .file directive to a small
+subset of these files.
+
+Upstream-Status: Submitted [https://github.com/boostorg/context/issues/91]
+Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
+
+diff -ur boost_1_68_0.original/libs/context/src/asm/jump_arm64_aapcs_elf_gas.S boost_1_68_0/libs/context/src/asm/jump_arm64_aapcs_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/jump_arm64_aapcs_elf_gas.S 2018-11-21 16:31:18.601760893 +1300
++++ boost_1_68_0/libs/context/src/asm/jump_arm64_aapcs_elf_gas.S 2018-11-22 09:04:27.900876941 +1300
+@@ -51,6 +51,7 @@
+ * *
+ *******************************************************/
+
++.file "jump_arm64_aapcs_elf_gas.S"
+ .text
+ .align 2
+ .global jump_fcontext
+diff -ur boost_1_68_0.original/libs/context/src/asm/jump_arm_aapcs_elf_gas.S boost_1_68_0/libs/context/src/asm/jump_arm_aapcs_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/jump_arm_aapcs_elf_gas.S 2018-11-21 16:31:18.601760893 +1300
++++ boost_1_68_0/libs/context/src/asm/jump_arm_aapcs_elf_gas.S 2018-11-22 09:04:28.876898240 +1300
+@@ -38,6 +38,7 @@
+ * *
+ *******************************************************/
+
++.file "jump_arm_aapcs_elf_gas.S"
+ .text
+ .globl jump_fcontext
+ .align 2
+diff -ur boost_1_68_0.original/libs/context/src/asm/jump_i386_sysv_elf_gas.S boost_1_68_0/libs/context/src/asm/jump_i386_sysv_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/jump_i386_sysv_elf_gas.S 2018-11-21 16:31:18.601760893 +1300
++++ boost_1_68_0/libs/context/src/asm/jump_i386_sysv_elf_gas.S 2018-11-22 09:04:29.904920674 +1300
+@@ -24,6 +24,7 @@
+ * *
+ ****************************************************************************************/
+
++.file "jump_i386_sysv_elf_gas.S"
+ .text
+ .globl jump_fcontext
+ .align 2
+diff -ur boost_1_68_0.original/libs/context/src/asm/jump_mips32_o32_elf_gas.S boost_1_68_0/libs/context/src/asm/jump_mips32_o32_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/jump_mips32_o32_elf_gas.S 2018-11-21 16:31:18.601760893 +1300
++++ boost_1_68_0/libs/context/src/asm/jump_mips32_o32_elf_gas.S 2018-11-22 09:04:41.021163195 +1300
+@@ -38,6 +38,7 @@
+ * *
+ * *****************************************************/
+
++.file "jump_mips32_o32_elf_gas.S"
+ .text
+ .globl jump_fcontext
+ .align 2
+diff -ur boost_1_68_0.original/libs/context/src/asm/jump_ppc32_sysv_elf_gas.S boost_1_68_0/libs/context/src/asm/jump_ppc32_sysv_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/jump_ppc32_sysv_elf_gas.S 2018-11-21 16:31:18.601760893 +1300
++++ boost_1_68_0/libs/context/src/asm/jump_ppc32_sysv_elf_gas.S 2018-11-22 09:04:42.281190679 +1300
+@@ -73,6 +73,7 @@
+ * *
+ *******************************************************/
+
++.file "jump_ppc32_sysv_elf_gas.S"
+ .text
+ .globl jump_fcontext
+ .align 2
+diff -ur boost_1_68_0.original/libs/context/src/asm/jump_ppc64_sysv_elf_gas.S boost_1_68_0/libs/context/src/asm/jump_ppc64_sysv_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/jump_ppc64_sysv_elf_gas.S 2018-11-21 16:31:18.601760893 +1300
++++ boost_1_68_0/libs/context/src/asm/jump_ppc64_sysv_elf_gas.S 2018-11-22 09:04:43.193210571 +1300
+@@ -66,6 +66,7 @@
+ * *
+ *******************************************************/
+
++.file "jump_ppc64_sysv_elf_gas.S"
+ .globl jump_fcontext
+ #if _CALL_ELF == 2
+ .text
+diff -ur boost_1_68_0.original/libs/context/src/asm/jump_x86_64_sysv_elf_gas.S boost_1_68_0/libs/context/src/asm/jump_x86_64_sysv_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/jump_x86_64_sysv_elf_gas.S 2018-11-21 16:31:18.601760893 +1300
++++ boost_1_68_0/libs/context/src/asm/jump_x86_64_sysv_elf_gas.S 2018-11-22 09:04:44.213232818 +1300
+@@ -24,6 +24,7 @@
+ * *
+ ****************************************************************************************/
+
++.file "jump_x86_64_sysv_elf_gas.S"
+ .text
+ .globl jump_fcontext
+ .type jump_fcontext,@function
+diff -ur boost_1_68_0.original/libs/context/src/asm/make_arm64_aapcs_elf_gas.S boost_1_68_0/libs/context/src/asm/make_arm64_aapcs_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/make_arm64_aapcs_elf_gas.S 2018-11-21 16:31:18.601760893 +1300
++++ boost_1_68_0/libs/context/src/asm/make_arm64_aapcs_elf_gas.S 2018-11-22 09:04:45.153253319 +1300
+@@ -51,6 +51,7 @@
+ * *
+ *******************************************************/
+
++.file "make_arm64_aapcs_elf_gas.S"
+ .text
+ .align 2
+ .global make_fcontext
+diff -ur boost_1_68_0.original/libs/context/src/asm/make_arm_aapcs_elf_gas.S boost_1_68_0/libs/context/src/asm/make_arm_aapcs_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/make_arm_aapcs_elf_gas.S 2018-11-21 16:31:18.601760893 +1300
++++ boost_1_68_0/libs/context/src/asm/make_arm_aapcs_elf_gas.S 2018-11-22 09:04:46.097273908 +1300
+@@ -38,6 +38,7 @@
+ * *
+ *******************************************************/
+
++.file "make_arm_aapcs_elf_gas.S"
+ .text
+ .globl make_fcontext
+ .align 2
+diff -ur boost_1_68_0.original/libs/context/src/asm/make_i386_sysv_elf_gas.S boost_1_68_0/libs/context/src/asm/make_i386_sysv_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/make_i386_sysv_elf_gas.S 2018-11-21 16:31:18.601760893 +1300
++++ boost_1_68_0/libs/context/src/asm/make_i386_sysv_elf_gas.S 2018-11-22 09:04:46.973293012 +1300
+@@ -24,6 +24,7 @@
+ * *
+ ****************************************************************************************/
+
++.file "make_i386_sysv_elf_gas.S"
+ .text
+ .globl make_fcontext
+ .align 2
+diff -ur boost_1_68_0.original/libs/context/src/asm/make_mips32_o32_elf_gas.S boost_1_68_0/libs/context/src/asm/make_mips32_o32_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/make_mips32_o32_elf_gas.S 2018-11-21 16:31:18.601760893 +1300
++++ boost_1_68_0/libs/context/src/asm/make_mips32_o32_elf_gas.S 2018-11-22 09:04:47.925313772 +1300
+@@ -38,6 +38,7 @@
+ * *
+ * *****************************************************/
+
++.file "make_mips32_o32_elf_gas.S"
+ .text
+ .globl make_fcontext
+ .align 2
+diff -ur boost_1_68_0.original/libs/context/src/asm/make_ppc32_sysv_elf_gas.S boost_1_68_0/libs/context/src/asm/make_ppc32_sysv_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/make_ppc32_sysv_elf_gas.S 2018-11-21 16:31:18.601760893 +1300
++++ boost_1_68_0/libs/context/src/asm/make_ppc32_sysv_elf_gas.S 2018-11-22 09:04:48.865334271 +1300
+@@ -73,6 +73,7 @@
+ * *
+ *******************************************************/
+
++.file "make_ppc32_sysv_elf_gas.S"
+ .text
+ .globl make_fcontext
+ .align 2
+diff -ur boost_1_68_0.original/libs/context/src/asm/make_ppc64_sysv_elf_gas.S boost_1_68_0/libs/context/src/asm/make_ppc64_sysv_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/make_ppc64_sysv_elf_gas.S 2018-11-21 16:31:18.601760893 +1300
++++ boost_1_68_0/libs/context/src/asm/make_ppc64_sysv_elf_gas.S 2018-11-22 09:04:50.049360089 +1300
+@@ -66,6 +66,7 @@
+ * *
+ *******************************************************/
+
++.file "make_ppc64_sysv_elf_gas.S"
+ .globl make_fcontext
+ #if _CALL_ELF == 2
+ .text
+diff -ur boost_1_68_0.original/libs/context/src/asm/make_x86_64_sysv_elf_gas.S boost_1_68_0/libs/context/src/asm/make_x86_64_sysv_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/make_x86_64_sysv_elf_gas.S 2018-11-21 16:31:18.601760893 +1300
++++ boost_1_68_0/libs/context/src/asm/make_x86_64_sysv_elf_gas.S 2018-11-22 09:04:51.117383378 +1300
+@@ -24,6 +24,7 @@
+ * *
+ ****************************************************************************************/
+
++.file "make_x86_64_sysv_elf_gas.S"
+ .text
+ .globl make_fcontext
+ .type make_fcontext,@function
+diff -ur boost_1_68_0.original/libs/context/src/asm/ontop_arm64_aapcs_elf_gas.S boost_1_68_0/libs/context/src/asm/ontop_arm64_aapcs_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/ontop_arm64_aapcs_elf_gas.S 2018-11-21 16:31:18.601760893 +1300
++++ boost_1_68_0/libs/context/src/asm/ontop_arm64_aapcs_elf_gas.S 2018-11-22 09:04:52.201407013 +1300
+@@ -51,6 +51,7 @@
+ * *
+ *******************************************************/
+
++.file "ontop_arm64_aapcs_elf_gas.S"
+ .text
+ .align 2
+ .global ontop_fcontext
+diff -ur boost_1_68_0.original/libs/context/src/asm/ontop_arm_aapcs_elf_gas.S boost_1_68_0/libs/context/src/asm/ontop_arm_aapcs_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/ontop_arm_aapcs_elf_gas.S 2018-11-21 16:31:18.605760935 +1300
++++ boost_1_68_0/libs/context/src/asm/ontop_arm_aapcs_elf_gas.S 2018-11-22 09:04:53.269430300 +1300
+@@ -38,6 +38,7 @@
+ * *
+ *******************************************************/
+
++.file "ontop_arm_aapcs_elf_gas.S"
+ .text
+ .globl ontop_fcontext
+ .align 2
+diff -ur boost_1_68_0.original/libs/context/src/asm/ontop_i386_sysv_elf_gas.S boost_1_68_0/libs/context/src/asm/ontop_i386_sysv_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/ontop_i386_sysv_elf_gas.S 2018-11-21 16:31:18.605760935 +1300
++++ boost_1_68_0/libs/context/src/asm/ontop_i386_sysv_elf_gas.S 2018-11-22 09:04:54.389454719 +1300
+@@ -24,6 +24,7 @@
+ * *
+ ****************************************************************************************/
+
++.file "ontop_i386_sysv_elf_gas.S"
+ .text
+ .globl ontop_fcontext
+ .align 2
+diff -ur boost_1_68_0.original/libs/context/src/asm/ontop_mips32_o32_elf_gas.S boost_1_68_0/libs/context/src/asm/ontop_mips32_o32_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/ontop_mips32_o32_elf_gas.S 2018-11-21 16:31:18.605760935 +1300
++++ boost_1_68_0/libs/context/src/asm/ontop_mips32_o32_elf_gas.S 2018-11-22 09:04:55.657482363 +1300
+@@ -38,6 +38,7 @@
+ * *
+ * *****************************************************/
+
++.file "ontop_mips32_o32_elf_gas.S"
+ .text
+ .globl ontop_fcontext
+ .align 2
+diff -ur boost_1_68_0.original/libs/context/src/asm/ontop_ppc32_sysv_elf_gas.S boost_1_68_0/libs/context/src/asm/ontop_ppc32_sysv_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/ontop_ppc32_sysv_elf_gas.S 2018-11-21 16:31:18.605760935 +1300
++++ boost_1_68_0/libs/context/src/asm/ontop_ppc32_sysv_elf_gas.S 2018-11-22 09:04:56.777506781 +1300
+@@ -73,6 +73,7 @@
+ * *
+ *******************************************************/
+
++.file "ontop_ppc32_sysv_elf_gas.S"
+ .text
+ .globl ontop_fcontext
+ .align 2
+diff -ur boost_1_68_0.original/libs/context/src/asm/ontop_ppc64_sysv_elf_gas.S boost_1_68_0/libs/context/src/asm/ontop_ppc64_sysv_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/ontop_ppc64_sysv_elf_gas.S 2018-11-21 16:31:18.605760935 +1300
++++ boost_1_68_0/libs/context/src/asm/ontop_ppc64_sysv_elf_gas.S 2018-11-22 09:04:58.485544015 +1300
+@@ -66,6 +66,7 @@
+ * *
+ *******************************************************/
+
++.file "ontop_ppc64_sysv_elf_gas.S"
+ .globl ontop_fcontext
+ #if _CALL_ELF == 2
+ .text
+diff -ur boost_1_68_0.original/libs/context/src/asm/ontop_x86_64_sysv_elf_gas.S boost_1_68_0/libs/context/src/asm/ontop_x86_64_sysv_elf_gas.S
+--- boost_1_68_0.original/libs/context/src/asm/ontop_x86_64_sysv_elf_gas.S 2018-11-21 16:31:18.605760935 +1300
++++ boost_1_68_0/libs/context/src/asm/ontop_x86_64_sysv_elf_gas.S 2018-11-22 09:04:59.609568516 +1300
+@@ -24,6 +24,7 @@
+ * *
+ ****************************************************************************************/
+
++.file "ontop_x86_64_sysv_elf_gas.S"
+ .text
+ .globl ontop_fcontext
+ .type ontop_fcontext,@function
diff --git a/meta/recipes-support/boost/boost_1.69.0.bb b/meta/recipes-support/boost/boost_1.68.0.bb
index 324b46f168..82e36fd732 100644
--- a/meta/recipes-support/boost/boost_1.69.0.bb
+++ b/meta/recipes-support/boost/boost_1.68.0.bb
@@ -1,9 +1,11 @@
require boost-${PV}.inc
require boost.inc
-SRC_URI += "file://arm-intrinsics.patch \
+SRC_URI += "\
+ file://arm-intrinsics.patch \
file://boost-CVE-2012-2677.patch \
file://boost-math-disable-pch-for-gcc.patch \
file://0001-Apply-boost-1.62.0-no-forced-flags.patch.patch \
- file://0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \
+ file://0003-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \
+ file://reproducibility-add-file-directive-to-assembler.patch \
"
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20180409.bb b/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb
index 0d57083c52..b9f57900c8 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20180409.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb
@@ -14,7 +14,7 @@ DEPENDS_class-nativesdk = "openssl-native"
# Need c_rehash from openssl and run-parts from debianutils
PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
-SRCREV = "dbbd11e56af93bb79f21d0ee6059a901f83f70a5"
+SRCREV = "c28799b138b044c963d24c4a69659b6e5486e3be"
SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
file://0002-update-ca-certificates-use-SYSROOT.patch \
diff --git a/meta/recipes-support/curl/curl/CVE-2018-16890.patch b/meta/recipes-support/curl/curl/CVE-2018-16890.patch
new file mode 100644
index 0000000000..3776f362bc
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2018-16890.patch
@@ -0,0 +1,50 @@
+From 53d3c2f92b4a7561b1006494badf8cf2ef9110c0 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 2 Jan 2019 20:33:08 +0100
+Subject: [PATCH 1/3] NTLM: fix size check condition for type2 received data
+
+Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
+Reported-by: Wenxiang Qian
+CVE-2018-16890
+
+Upstream-Status: Backport
+[https://github.com/curl/curl/commit
+/b780b30d1377adb10bbe774835f49e9b237fb9bb]
+
+CVE: CVE-2018-16890
+
+Signed-off-by: Kevin Weng <t-keweng@microsoft.com>
+---
+ lib/vauth/ntlm.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
+index cdb8d8f0d..0212756ab 100644
+--- a/lib/vauth/ntlm.c
++++ b/lib/vauth/ntlm.c
+@@ -5,7 +5,7 @@
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+@@ -182,10 +182,11 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data,
+ target_info_len = Curl_read16_le(&buffer[40]);
+ target_info_offset = Curl_read32_le(&buffer[44]);
+ if(target_info_len > 0) {
+- if(((target_info_offset + target_info_len) > size) ||
++ if((target_info_offset >= size) ||
++ ((target_info_offset + target_info_len) > size) ||
+ (target_info_offset < 48)) {
+ infof(data, "NTLM handshake failure (bad type-2 message). "
+- "Target Info Offset Len is set incorrect by the peer\n");
++ "Target Info Offset Len is set incorrect by the peer\n");
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+--
+2.22.0
+
diff --git a/meta/recipes-support/curl/curl/CVE-2019-3822.patch b/meta/recipes-support/curl/curl/CVE-2019-3822.patch
new file mode 100644
index 0000000000..4f612ddd5e
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2019-3822.patch
@@ -0,0 +1,47 @@
+From 761b51f66c7b1cd2cd6c71b807bfdb6a27c49b30 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 3 Jan 2019 12:59:28 +0100
+Subject: [PATCH 2/3] ntlm: fix *_type3_message size check to avoid buffer
+ overflow
+
+Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
+Reported-by: Wenxiang Qian
+CVE-2019-3822
+
+Upstream-Status: Backport
+[https://github.com/curl/curl/commit
+/50c9484278c63b958655a717844f0721263939cc]
+
+CVE: CVE-2019-3822
+
+Signed-off-by: Kevin Weng <t-keweng@microsoft.com>
+---
+ lib/vauth/ntlm.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
+index 0212756ab..3be0403d9 100644
+--- a/lib/vauth/ntlm.c
++++ b/lib/vauth/ntlm.c
+@@ -777,11 +777,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
+ });
+
+ #ifdef USE_NTRESPONSES
+- if(size < (NTLM_BUFSIZE - ntresplen)) {
+- DEBUGASSERT(size == (size_t)ntrespoff);
+- memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
+- size += ntresplen;
++ /* ntresplen + size should not be risking an integer overflow here */
++ if(ntresplen + size > sizeof(ntlmbuf)) {
++ failf(data, "incoming NTLM message too big");
++ return CURLE_OUT_OF_MEMORY;
+ }
++ DEBUGASSERT(size == (size_t)ntrespoff);
++ memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
++ size += ntresplen;
+
+ DEBUG_OUT({
+ fprintf(stderr, "\n ntresp=");
+--
+2.22.0
+
diff --git a/meta/recipes-support/curl/curl/CVE-2019-3823.patch b/meta/recipes-support/curl/curl/CVE-2019-3823.patch
new file mode 100644
index 0000000000..194e6e6430
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2019-3823.patch
@@ -0,0 +1,55 @@
+From 40f6c913f63cdbfa81daa7ac7f1c7415bb99edeb Mon Sep 17 00:00:00 2001
+From: Daniel Gustafsson <daniel@yesql.se>
+Date: Sat, 19 Jan 2019 00:42:47 +0100
+Subject: [PATCH 3/3] smtp: avoid risk of buffer overflow in strtol
+
+If the incoming len 5, but the buffer does not have a termination
+after 5 bytes, the strtol() call may keep reading through the line
+buffer until is exceeds its boundary. Fix by ensuring that we are
+using a bounded read with a temporary buffer on the stack.
+
+Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
+Reported-by: Brian Carpenter (Geeknik Labs)
+CVE-2019-3823
+
+Upstream-Status: Backport
+[https://github.com/curl/curl/commit
+/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484]
+
+CVE: CVE-2019-3823
+
+Signed-off-by: Kevin Weng <t-keweng@microsoft.com>
+---
+ lib/smtp.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/lib/smtp.c b/lib/smtp.c
+index ecf10a41a..1b9f92d30 100644
+--- a/lib/smtp.c
++++ b/lib/smtp.c
+@@ -5,7 +5,7 @@
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+@@ -207,8 +207,12 @@ static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len,
+ Section 4. Examples of RFC-4954 but some e-mail servers ignore this and
+ only send the response code instead as per Section 4.2. */
+ if(line[3] == ' ' || len == 5) {
++ char tmpline[6];
++
+ result = TRUE;
+- *resp = curlx_sltosi(strtol(line, NULL, 10));
++ memset(tmpline, '\0', sizeof(tmpline));
++ memcpy(tmpline, line, (len == 5 ? 5 : 3));
++ *resp = curlx_sltosi(strtol(tmpline, NULL, 10));
+
+ /* Make sure real server never sends internal value */
+ if(*resp == 1)
+--
+2.22.0
+
diff --git a/meta/recipes-support/curl/curl/CVE-2019-5435.patch b/meta/recipes-support/curl/curl/CVE-2019-5435.patch
new file mode 100644
index 0000000000..8ac5554550
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2019-5435.patch
@@ -0,0 +1,200 @@
+From 5fc28510a4664f46459d9a40187d81cc08571e60 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 29 Apr 2019 08:00:49 +0200
+Subject: [PATCH] CURL_MAX_INPUT_LENGTH: largest acceptable string input size
+
+This limits all accepted input strings passed to libcurl to be less than
+CURL_MAX_INPUT_LENGTH (8000000) bytes, for these API calls:
+curl_easy_setopt() and curl_url_set().
+
+The 8000000 number is arbitrary picked and is meant to detect mistakes
+or abuse, not to limit actual practical use cases. By limiting the
+acceptable string lengths we also reduce the risk of integer overflows
+all over.
+
+NOTE: This does not apply to `CURLOPT_POSTFIELDS`.
+
+Test 1559 verifies.
+
+Closes #3805
+
+Upstream-Status: Backport
+Dropped a few changes to apply against this version
+https://github.com/curl/curl/commit/5fc28510a4664f4
+
+CVE: CVE-2019-5435
+affects: libcurl 7.19.4 to and including 7.64.1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ lib/setopt.c | 7 +++++
+ lib/urldata.h | 4 +++
+ 7 files changed, 146 insertions(+), 3 deletions(-)
+ create mode 100644 tests/data/test1559
+ create mode 100644 tests/libtest/lib1559.c
+
+Index: curl-7.61.0/lib/setopt.c
+===================================================================
+--- curl-7.61.0.orig/lib/setopt.c
++++ curl-7.61.0/lib/setopt.c
+@@ -60,6 +60,13 @@ CURLcode Curl_setstropt(char **charp, co
+ if(s) {
+ char *str = strdup(s);
+
++ if(str) {
++ size_t len = strlen(str);
++ if(len > CURL_MAX_INPUT_LENGTH) {
++ free(str);
++ return CURLE_BAD_FUNCTION_ARGUMENT;
++ }
++ }
+ if(!str)
+ return CURLE_OUT_OF_MEMORY;
+
+Index: curl-7.61.0/lib/urldata.h
+===================================================================
+--- curl-7.61.0.orig/lib/urldata.h
++++ curl-7.61.0/lib/urldata.h
+@@ -79,6 +79,10 @@
+ */
+ #define RESP_TIMEOUT (1800*1000)
+
++/* Max string intput length is a precaution against abuse and to detect junk
++ input easier and better. */
++#define CURL_MAX_INPUT_LENGTH 8000000
++
+ #include "cookie.h"
+ #include "psl.h"
+ #include "formdata.h"
+Index: curl-7.61.0/tests/data/test1559
+===================================================================
+--- /dev/null
++++ curl-7.61.0/tests/data/test1559
+@@ -0,0 +1,44 @@
++<testcase>
++<info>
++<keywords>
++CURLOPT_URL
++</keywords>
++</info>
++
++<reply>
++</reply>
++
++<client>
++<server>
++none
++</server>
++
++# require HTTP so that CURLOPT_POSTFIELDS works as assumed
++<features>
++http
++</features>
++<tool>
++lib1559
++</tool>
++
++<name>
++Set excessive URL lengths
++</name>
++</client>
++
++#
++# Verify that the test runs to completion without crashing
++<verify>
++<errorcode>
++0
++</errorcode>
++<stdout>
++CURLOPT_URL 10000000 bytes URL == 43
++CURLOPT_POSTFIELDS 10000000 bytes data == 0
++CURLUPART_URL 10000000 bytes URL == 3
++CURLUPART_SCHEME 10000000 bytes scheme == 3
++CURLUPART_USER 10000000 bytes user == 3
++</stdout>
++</verify>
++
++</testcase>
+Index: curl-7.61.0/tests/libtest/lib1559.c
+===================================================================
+--- /dev/null
++++ curl-7.61.0/tests/libtest/lib1559.c
+@@ -0,0 +1,78 @@
++/***************************************************************************
++ * _ _ ____ _
++ * Project ___| | | | _ \| |
++ * / __| | | | |_) | |
++ * | (__| |_| | _ <| |___
++ * \___|\___/|_| \_\_____|
++ *
++ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
++ *
++ * This software is licensed as described in the file COPYING, which
++ * you should have received as part of this distribution. The terms
++ * are also available at https://curl.haxx.se/docs/copyright.html.
++ *
++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
++ * copies of the Software, and permit persons to whom the Software is
++ * furnished to do so, under the terms of the COPYING file.
++ *
++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
++ * KIND, either express or implied.
++ *
++ ***************************************************************************/
++#include "test.h"
++
++#include "testutil.h"
++#include "warnless.h"
++#include "memdebug.h"
++
++#define EXCESSIVE 10*1000*1000
++int test(char *URL)
++{
++ CURLcode res = 0;
++ CURL *curl = NULL;
++ char *longurl = malloc(EXCESSIVE);
++ CURLU *u;
++ (void)URL;
++
++ memset(longurl, 'a', EXCESSIVE);
++ longurl[EXCESSIVE-1] = 0;
++
++ global_init(CURL_GLOBAL_ALL);
++ easy_init(curl);
++
++ res = curl_easy_setopt(curl, CURLOPT_URL, longurl);
++ printf("CURLOPT_URL %d bytes URL == %d\n",
++ EXCESSIVE, (int)res);
++
++ res = curl_easy_setopt(curl, CURLOPT_POSTFIELDS, longurl);
++ printf("CURLOPT_POSTFIELDS %d bytes data == %d\n",
++ EXCESSIVE, (int)res);
++
++ u = curl_url();
++ if(u) {
++ CURLUcode uc = curl_url_set(u, CURLUPART_URL, longurl, 0);
++ printf("CURLUPART_URL %d bytes URL == %d\n",
++ EXCESSIVE, (int)uc);
++ uc = curl_url_set(u, CURLUPART_SCHEME, longurl, CURLU_NON_SUPPORT_SCHEME);
++ printf("CURLUPART_SCHEME %d bytes scheme == %d\n",
++ EXCESSIVE, (int)uc);
++ uc = curl_url_set(u, CURLUPART_USER, longurl, 0);
++ printf("CURLUPART_USER %d bytes user == %d\n",
++ EXCESSIVE, (int)uc);
++ curl_url_cleanup(u);
++ }
++
++ free(longurl);
++
++ curl_easy_cleanup(curl);
++ curl_global_cleanup();
++
++ return 0;
++
++test_cleanup:
++
++ curl_easy_cleanup(curl);
++ curl_global_cleanup();
++
++ return res; /* return the final return code */
++}
diff --git a/meta/recipes-support/curl/curl/CVE-2019-5436.patch b/meta/recipes-support/curl/curl/CVE-2019-5436.patch
new file mode 100644
index 0000000000..05fd8e9bcc
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2019-5436.patch
@@ -0,0 +1,32 @@
+From 2576003415625d7b5f0e390902f8097830b82275 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 3 May 2019 22:20:37 +0200
+Subject: [PATCH] tftp: use the current blksize for recvfrom()
+
+bug: https://curl.haxx.se/docs/CVE-2019-5436.html
+Reported-by: l00p3r on hackerone
+CVE-2019-5436
+
+Upstream-Status: Backport
+https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275
+CVE: CVE-2019-5436
+affects: libcurl 7.19.4 to and including 7.64.1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ lib/tftp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: curl-7.61.0/lib/tftp.c
+===================================================================
+--- curl-7.61.0.orig/lib/tftp.c
++++ curl-7.61.0/lib/tftp.c
+@@ -1005,7 +1005,7 @@ static CURLcode tftp_connect(struct conn
+ state->sockfd = state->conn->sock[FIRSTSOCKET];
+ state->state = TFTP_STATE_START;
+ state->error = TFTP_ERR_NONE;
+- state->blksize = TFTP_BLKSIZE_DEFAULT;
++ state->blksize = blksize;
+ state->requested_blksize = blksize;
+
+ ((struct sockaddr *)&state->local_addr)->sa_family =
diff --git a/meta/recipes-support/curl/curl/CVE-2019-5482.patch b/meta/recipes-support/curl/curl/CVE-2019-5482.patch
new file mode 100644
index 0000000000..91b186699d
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2019-5482.patch
@@ -0,0 +1,68 @@
+From 38319e0717844c32464a6c7630de9be226f1c6f4 Mon Sep 17 00:00:00 2001
+From: Thomas Vegas <>
+Date: Sat, 31 Aug 2019 17:30:51 +0200
+Subject: [PATCH] tftp: Alloc maximum blksize, and use default unless OACK is
+ received
+Reply-To: muislam@microsoft.com
+
+Fixes potential buffer overflow from 'recvfrom()', should the server
+return an OACK without blksize.
+
+Bug: https://curl.haxx.se/docs/CVE-2019-5482.html
+
+CVE: CVE-2019-5482
+
+Upstream-Status: Backport
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+---
+ lib/tftp.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/lib/tftp.c b/lib/tftp.c
+index 064eef318..2c148e3e1 100644
+--- a/lib/tftp.c
++++ b/lib/tftp.c
+@@ -969,6 +969,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
+ {
+ tftp_state_data_t *state;
+ int blksize;
++ int need_blksize;
+
+ blksize = TFTP_BLKSIZE_DEFAULT;
+
+@@ -983,15 +984,20 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
+ return CURLE_TFTP_ILLEGAL;
+ }
+
++ need_blksize = blksize;
++ /* default size is the fallback when no OACK is received */
++ if(need_blksize < TFTP_BLKSIZE_DEFAULT)
++ need_blksize = TFTP_BLKSIZE_DEFAULT;
++
+ if(!state->rpacket.data) {
+- state->rpacket.data = calloc(1, blksize + 2 + 2);
++ state->rpacket.data = calloc(1, need_blksize + 2 + 2);
+
+ if(!state->rpacket.data)
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ if(!state->spacket.data) {
+- state->spacket.data = calloc(1, blksize + 2 + 2);
++ state->spacket.data = calloc(1, need_blksize + 2 + 2);
+
+ if(!state->spacket.data)
+ return CURLE_OUT_OF_MEMORY;
+@@ -1005,7 +1011,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
+ state->sockfd = state->conn->sock[FIRSTSOCKET];
+ state->state = TFTP_STATE_START;
+ state->error = TFTP_ERR_NONE;
+- state->blksize = blksize;
++ state->blksize = TFTP_BLKSIZE_DEFAULT; /* Unless updated by OACK response */
+ state->requested_blksize = blksize;
+
+ ((struct sockaddr *)&state->local_addr)->sa_family =
+--
+2.23.0
+
diff --git a/meta/recipes-support/curl/curl_7.61.0.bb b/meta/recipes-support/curl/curl_7.61.0.bb
index 56327a632b..cd880f9e22 100644
--- a/meta/recipes-support/curl/curl_7.61.0.bb
+++ b/meta/recipes-support/curl/curl_7.61.0.bb
@@ -11,6 +11,12 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://CVE-2018-16839.patch \
file://CVE-2018-16840.patch \
file://CVE-2018-16842.patch \
+ file://CVE-2019-5435.patch \
+ file://CVE-2019-5436.patch \
+ file://CVE-2018-16890.patch \
+ file://CVE-2019-3822.patch \
+ file://CVE-2019-3823.patch \
+ file://CVE-2019-5482.patch \
"
SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a"
diff --git a/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch b/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch
new file mode 100644
index 0000000000..4a280f9d5c
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch
@@ -0,0 +1,31 @@
+From 0df5800cc2e720aad883a517f7d24a9722fe5845 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 20 Dec 2018 17:37:48 -0800
+Subject: [PATCH] Woverride-init is not needed with gcc 9
+
+Fixes
+| ../../gnupg-2.2.12/dirmngr/dns.h:525:16: error: lvalue required as
+unary '&' operand |
+525 | dns_rr_i_init(&dns_quietinit((struct dns_rr_i){ 0, __VA_ARGS__
+}), (P))
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ dirmngr/dns.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dirmngr/dns.h b/dirmngr/dns.h
+index 30d0b45..98fe412 100644
+--- a/dirmngr/dns.h
++++ b/dirmngr/dns.h
+@@ -154,7 +154,7 @@ DNS_PUBLIC int *dns_debug_p(void);
+
+ #define dns_quietinit(...) \
+ DNS_PRAGMA_PUSH DNS_PRAGMA_QUIET __VA_ARGS__ DNS_PRAGMA_POP
+-#elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || __GNUC__ > 4
++#elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || (__GNUC__ > 4 && __GNUC__ < 9)
+ #define DNS_PRAGMA_PUSH _Pragma("GCC diagnostic push")
+ #define DNS_PRAGMA_QUIET _Pragma("GCC diagnostic ignored \"-Woverride-init\"")
+ #define DNS_PRAGMA_POP _Pragma("GCC diagnostic pop")
diff --git a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
index 3f1c3abaeb..c43ecdf861 100644
--- a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
+++ b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
@@ -1,4 +1,4 @@
-From 8eb4d25c25a1c1323797d94e0727a3e42b7f3287 Mon Sep 17 00:00:00 2001
+From c69c3a49f3295179c247db5ceb3ef8952928a724 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 22 Jan 2018 18:00:21 +0200
Subject: [PATCH] configure.ac: use a custom value for the location of
@@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index 4d66af9..b9ef235 100644
+index 919ab31..cd58fdb 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1848,7 +1848,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
+@@ -1855,7 +1855,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
diff --git a/meta/recipes-support/gnupg/gnupg/relocate.patch b/meta/recipes-support/gnupg/gnupg/relocate.patch
index c494ef80b7..1a5ea4aa2b 100644
--- a/meta/recipes-support/gnupg/gnupg/relocate.patch
+++ b/meta/recipes-support/gnupg/gnupg/relocate.patch
@@ -1,4 +1,4 @@
-From f9fc214b0bf2f67b515ca8a5333f39c497d1b518 Mon Sep 17 00:00:00 2001
+From 6d31b04d7a75f1d73c3518bf043b5b0a2dc40cb1 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Wed, 19 Sep 2018 14:44:40 +0100
Subject: [PATCH] Allow the environment to override where gnupg looks for its
diff --git a/meta/recipes-support/gnupg/gnupg_2.2.12.bb b/meta/recipes-support/gnupg/gnupg_2.2.12.bb
index 1f381c2d91..a02c66a0c8 100644
--- a/meta/recipes-support/gnupg/gnupg_2.2.12.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.2.12.bb
@@ -14,7 +14,8 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://0002-use-pkgconfig-instead-of-npth-config.patch \
file://0003-dirmngr-uses-libgpg-error.patch \
file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \
- "
+ file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \
+ "
SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \
file://relocate.patch"
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p1.patch b/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p1.patch
new file mode 100644
index 0000000000..823869e85e
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p1.patch
@@ -0,0 +1,39 @@
+From 367688c05988bc7257d7e1801c5acf17ef7e854d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Tue, 12 Feb 2019 15:09:11 +0100
+Subject: [PATCH 1/3] Automatically NULLify after gnutls_free()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This method prevents direct use-after-free and
+double-free issues.
+
+Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
+
+CVE: CVE-2019-3829
+Upstream-Status: Backport
+[https://gitlab.com/gnutls/gnutls/commit/d39778e43d1674cb3ab3685157fd299816d535c0]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ lib/includes/gnutls/gnutls.h.in | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
+index 49990b5f5..fa77fd0df 100644
+--- a/lib/includes/gnutls/gnutls.h.in
++++ b/lib/includes/gnutls/gnutls.h.in
+@@ -2132,6 +2132,10 @@ extern _SYM_EXPORT gnutls_realloc_function gnutls_realloc;
+ extern _SYM_EXPORT gnutls_calloc_function gnutls_calloc;
+ extern _SYM_EXPORT gnutls_free_function gnutls_free;
+
++#ifdef GNUTLS_INTERNAL_BUILD
++#define gnutls_free(a) gnutls_free((void *) (a)), a=NULL
++#endif
++
+ extern _SYM_EXPORT char *(*gnutls_strdup) (const char *);
+
+ /* a variant of memset that doesn't get optimized out */
+--
+2.22.0.vfs.1.1.57.gbaf16c8
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p2.patch b/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p2.patch
new file mode 100644
index 0000000000..b3cd047798
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p2.patch
@@ -0,0 +1,871 @@
+From a57509ef7c4983721193ac325ad5fb1783ea0f57 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Tue, 12 Feb 2019 15:14:07 +0100
+Subject: [PATCH 2/3] Remove redundant resets of variables after free()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
+
+CVE: CVE-2019-3829
+Upstream-Status: Backport
+[https://gitlab.com/gnutls/gnutls/commit/372821c883a3d36ed3ed683844ad9d90818f6392]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ lib/auth.c | 3 ---
+ lib/auth/rsa.c | 2 ++
+ lib/auth/rsa_psk.c | 1 -
+ lib/auth/srp_sb64.c | 2 --
+ lib/cert-cred-x509.c | 3 ---
+ lib/cert-cred.c | 3 ---
+ lib/hello_ext.c | 5 ++---
+ lib/mpi.c | 1 -
+ lib/nettle/mpi.c | 2 --
+ lib/nettle/pk.c | 3 ---
+ lib/ocsp-api.c | 1 -
+ lib/pk.c | 2 --
+ lib/pkcs11.c | 1 -
+ lib/pkcs11_privkey.c | 6 +-----
+ lib/pkcs11_write.c | 1 -
+ lib/session_pack.c | 2 --
+ lib/srp.c | 1 -
+ lib/str.c | 2 +-
+ lib/tls13/certificate_request.c | 2 --
+ lib/tpm.c | 2 --
+ lib/x509/ocsp.c | 15 +++------------
+ lib/x509/pkcs12_bag.c | 1 -
+ lib/x509/pkcs7-crypt.c | 1 -
+ lib/x509/pkcs7.c | 6 ------
+ lib/x509/privkey_pkcs8.c | 1 -
+ lib/x509/verify-high2.c | 1 -
+ lib/x509/virt-san.c | 1 -
+ lib/x509/x509.c | 4 ----
+ lib/x509/x509_ext.c | 1 -
+ lib/x509_b64.c | 1 -
+ tests/cert.c | 2 --
+ tests/name-constraints-ip.c | 3 +--
+ tests/pkcs11/pkcs11-import-url-privkey.c | 2 --
+ tests/pkcs11/pkcs11-privkey-always-auth.c | 2 --
+ tests/pkcs11/pkcs11-privkey-fork-reinit.c | 1 -
+ tests/pkcs11/pkcs11-privkey-fork.c | 1 -
+ tests/pkcs11/pkcs11-privkey-safenet-always-auth.c | 2 --
+ tests/pkcs7.c | 2 --
+ tests/resume-dtls.c | 1 -
+ tests/resume.c | 1 -
+ tests/sign-verify-data.c | 1 -
+ tests/sign-verify-ext.c | 2 --
+ tests/sign-verify-ext4.c | 2 --
+ tests/sign-verify.c | 1 -
+ tests/x509-extensions.c | 1 -
+ tests/x509sign-verify-error.c | 1 -
+ 46 files changed, 10 insertions(+), 92 deletions(-)
+
+diff --git a/lib/auth.c b/lib/auth.c
+index 4bdedda38..5f9b8c427 100644
+--- a/lib/auth.c
++++ b/lib/auth.c
+@@ -349,8 +349,6 @@ void _gnutls_free_auth_info(gnutls_session_t session)
+
+ gnutls_free(info->raw_certificate_list);
+ gnutls_free(info->raw_ocsp_list);
+- info->raw_certificate_list = NULL;
+- info->raw_ocsp_list = NULL;
+ info->ncerts = 0;
+ info->nocsp = 0;
+
+@@ -367,7 +365,6 @@ void _gnutls_free_auth_info(gnutls_session_t session)
+ }
+
+ gnutls_free(session->key.auth_info);
+- session->key.auth_info = NULL;
+ session->key.auth_info_size = 0;
+ session->key.auth_info_type = 0;
+
+diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
+index 6afc91ae6..df6bd7bc6 100644
+--- a/lib/auth/rsa.c
++++ b/lib/auth/rsa.c
+@@ -196,6 +196,8 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ ret = gnutls_rnd(GNUTLS_RND_NONCE, rndkey.data,
+ rndkey.size);
+ if (ret < 0) {
++ gnutls_free(session->key.key.data);
++ session->key.key.size = 0;
+ gnutls_assert();
+ goto cleanup;
+ }
+diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
+index 5a29f9183..590ff0f71 100644
+--- a/lib/auth/rsa_psk.c
++++ b/lib/auth/rsa_psk.c
+@@ -341,7 +341,6 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ ("auth_rsa_psk: Possible PKCS #1 format attack\n");
+ if (ret >= 0) {
+ gnutls_free(plaintext.data);
+- plaintext.data = NULL;
+ }
+ randomize_key = 1;
+ } else {
+diff --git a/lib/auth/srp_sb64.c b/lib/auth/srp_sb64.c
+index 1177e7671..7bfffdf07 100644
+--- a/lib/auth/srp_sb64.c
++++ b/lib/auth/srp_sb64.c
+@@ -263,7 +263,6 @@ _gnutls_sbase64_decode(char *data, size_t idata_size, uint8_t ** result)
+ tmp = decode(tmpres, datrev);
+ if (tmp < 0) {
+ gnutls_free((*result));
+- *result = NULL;
+ return tmp;
+ }
+
+@@ -277,7 +276,6 @@ _gnutls_sbase64_decode(char *data, size_t idata_size, uint8_t ** result)
+ tmp = decode(tmpres, (uint8_t *) & data[i]);
+ if (tmp < 0) {
+ gnutls_free((*result));
+- *result = NULL;
+ return tmp;
+ }
+ memcpy(&(*result)[j], tmpres, tmp);
+diff --git a/lib/cert-cred-x509.c b/lib/cert-cred-x509.c
+index f342a420b..da9cd647e 100644
+--- a/lib/cert-cred-x509.c
++++ b/lib/cert-cred-x509.c
+@@ -296,7 +296,6 @@ parse_pem_cert_mem(gnutls_certificate_credentials_t res,
+ gnutls_pcert_import_x509_list(pcerts, unsorted, &ncerts, GNUTLS_X509_CRT_LIST_SORT);
+ if (ret < 0) {
+ gnutls_free(pcerts);
+- pcerts = NULL;
+ gnutls_assert();
+ goto cleanup;
+ }
+@@ -540,7 +539,6 @@ read_cert_url(gnutls_certificate_credentials_t res, gnutls_privkey_t key, const
+ goto cleanup;
+ }
+ gnutls_free(t.data);
+- t.data = NULL;
+ }
+
+ ret = certificate_credential_append_crt_list(res, key, names, ccert, count);
+@@ -991,7 +989,6 @@ gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
+ while (i--)
+ gnutls_x509_crt_deinit((*crt_list)[i]);
+ gnutls_free(*crt_list);
+- *crt_list = NULL;
+
+ return gnutls_assert_val(ret);
+ }
+diff --git a/lib/cert-cred.c b/lib/cert-cred.c
+index 2150e903f..190a8b3a2 100644
+--- a/lib/cert-cred.c
++++ b/lib/cert-cred.c
+@@ -63,7 +63,6 @@ void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc)
+
+ for (j = 0; j < sc->certs[i].ocsp_data_length; j++) {
+ gnutls_free(sc->certs[i].ocsp_data[j].response.data);
+- sc->certs[i].ocsp_data[j].response.data = NULL;
+ }
+ _gnutls_str_array_clear(&sc->certs[i].names);
+ gnutls_privkey_deinit(sc->certs[i].pkey);
+@@ -71,8 +70,6 @@ void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc)
+
+ gnutls_free(sc->certs);
+ gnutls_free(sc->sorted_cert_idx);
+- sc->certs = NULL;
+- sc->sorted_cert_idx = NULL;
+
+ sc->ncerts = 0;
+ }
+diff --git a/lib/hello_ext.c b/lib/hello_ext.c
+index c4907aace..fb2b4db67 100644
+--- a/lib/hello_ext.c
++++ b/lib/hello_ext.c
+@@ -464,9 +464,8 @@ void _gnutls_hello_ext_deinit(void)
+ continue;
+
+ if (extfunc[i]->free_struct != 0) {
+- gnutls_free((void*)extfunc[i]->name);
+- gnutls_free((void*)extfunc[i]);
+- extfunc[i] = NULL;
++ gnutls_free(((hello_ext_entry_st *)extfunc[i])->name);
++ gnutls_free(extfunc[i]);
+ }
+ }
+ }
+diff --git a/lib/mpi.c b/lib/mpi.c
+index 2bc970d7c..ed208d511 100644
+--- a/lib/mpi.c
++++ b/lib/mpi.c
+@@ -88,7 +88,6 @@ _gnutls_mpi_random_modp(bigint_t r, bigint_t p,
+
+ if (buf_release != 0) {
+ gnutls_free(buf);
+- buf = NULL;
+ }
+
+ if (r != NULL) {
+diff --git a/lib/nettle/mpi.c b/lib/nettle/mpi.c
+index 8a93ac278..96bec4aa4 100644
+--- a/lib/nettle/mpi.c
++++ b/lib/nettle/mpi.c
+@@ -122,7 +122,6 @@ static int wrap_nettle_mpi_init_multi(bigint_t *w, ...)
+ fail:
+ mpz_clear(TOMPZ(*w));
+ gnutls_free(*w);
+- *w = NULL;
+
+ va_start(args, w);
+
+@@ -131,7 +130,6 @@ fail:
+ if (next != last_failed) {
+ mpz_clear(TOMPZ(*next));
+ gnutls_free(*next);
+- *next = NULL;
+ }
+ } while(next != last_failed);
+
+diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
+index 6dcd2fdd0..f010493c0 100644
+--- a/lib/nettle/pk.c
++++ b/lib/nettle/pk.c
+@@ -371,7 +371,6 @@ dh_cleanup:
+
+ if (_gnutls_mem_is_zero(out->data, out->size)) {
+ gnutls_free(out->data);
+- out->data = NULL;
+ gnutls_assert();
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ goto cleanup;
+@@ -2203,8 +2202,6 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
+ params->params_nr = 0;
+ gnutls_free(params->raw_priv.data);
+ gnutls_free(params->raw_pub.data);
+- params->raw_priv.data = NULL;
+- params->raw_pub.data = NULL;
+
+ FAIL_IF_LIB_ERROR;
+ return ret;
+diff --git a/lib/ocsp-api.c b/lib/ocsp-api.c
+index d18a1f0c2..a0005e99d 100644
+--- a/lib/ocsp-api.c
++++ b/lib/ocsp-api.c
+@@ -473,7 +473,6 @@ gnutls_certificate_set_ocsp_status_request_mem(gnutls_certificate_credentials_t
+ nresp++;
+
+ gnutls_free(der.data);
+- der.data = NULL;
+
+ p.data++;
+ p.size--;
+diff --git a/lib/pk.c b/lib/pk.c
+index 1f137f71c..a5bb58b73 100644
+--- a/lib/pk.c
++++ b/lib/pk.c
+@@ -537,8 +537,6 @@ void gnutls_pk_params_release(gnutls_pk_params_st * p)
+ }
+ gnutls_free(p->raw_priv.data);
+ gnutls_free(p->raw_pub.data);
+- p->raw_priv.data = NULL;
+- p->raw_pub.data = NULL;
+
+ p->params_nr = 0;
+ }
+diff --git a/lib/pkcs11.c b/lib/pkcs11.c
+index 990912790..fa1b65884 100644
+--- a/lib/pkcs11.c
++++ b/lib/pkcs11.c
+@@ -1233,7 +1233,6 @@ int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * obj)
+ (*obj)->info = p11_kit_uri_new();
+ if ((*obj)->info == NULL) {
+ gnutls_free(*obj);
+- *obj = NULL;
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
+index b721ed125..560a732e3 100644
+--- a/lib/pkcs11_privkey.c
++++ b/lib/pkcs11_privkey.c
+@@ -443,7 +443,6 @@ _gnutls_pkcs11_privkey_sign(gnutls_pkcs11_privkey_t key,
+ }
+
+ gnutls_free(tmp.data);
+- tmp.data = NULL;
+ } else {
+ signature->size = siglen;
+ signature->data = tmp.data;
+@@ -521,10 +520,8 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
+
+ memset(&pkey->sinfo, 0, sizeof(pkey->sinfo));
+
+- if (pkey->url) {
++ if (pkey->url)
+ gnutls_free(pkey->url);
+- pkey->url = NULL;
+- }
+
+ if (pkey->uinfo) {
+ p11_kit_uri_free(pkey->uinfo);
+@@ -613,7 +610,6 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
+ pkey->uinfo = NULL;
+ }
+ gnutls_free(pkey->url);
+- pkey->url = NULL;
+
+ return ret;
+ }
+diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
+index 35207d554..6e866e2d4 100644
+--- a/lib/pkcs11_write.c
++++ b/lib/pkcs11_write.c
+@@ -268,7 +268,6 @@ static void clean_pubkey(struct ck_attribute *a, unsigned a_val)
+ case CKA_EC_PARAMS:
+ case CKA_EC_POINT:
+ gnutls_free(a[i].value);
+- a[i].value = NULL;
+ break;
+ }
+ }
+diff --git a/lib/session_pack.c b/lib/session_pack.c
+index c5801fb32..5d475ea59 100644
+--- a/lib/session_pack.c
++++ b/lib/session_pack.c
+@@ -562,8 +562,6 @@ unpack_certificate_auth_info(gnutls_session_t session,
+
+ gnutls_free(info->raw_certificate_list);
+ gnutls_free(info->raw_ocsp_list);
+- info->raw_certificate_list = NULL;
+- info->raw_ocsp_list = NULL;
+ }
+
+ return ret;
+diff --git a/lib/srp.c b/lib/srp.c
+index c3eb8e684..670642d64 100644
+--- a/lib/srp.c
++++ b/lib/srp.c
+@@ -608,7 +608,6 @@ gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t res,
+ if (res->password_conf_file == NULL) {
+ gnutls_assert();
+ gnutls_free(res->password_file);
+- res->password_file = NULL;
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+diff --git a/lib/str.c b/lib/str.c
+index c8d742e91..7408ea6ac 100644
+--- a/lib/str.c
++++ b/lib/str.c
+@@ -81,7 +81,7 @@ void _gnutls_buffer_clear(gnutls_buffer_st * str)
+ return;
+ gnutls_free(str->allocd);
+
+- str->data = str->allocd = NULL;
++ str->data = NULL;
+ str->max_length = 0;
+ str->length = 0;
+ }
+diff --git a/lib/tls13/certificate_request.c b/lib/tls13/certificate_request.c
+index a7ec0e2fd..823adc87f 100644
+--- a/lib/tls13/certificate_request.c
++++ b/lib/tls13/certificate_request.c
+@@ -152,7 +152,6 @@ int _gnutls13_recv_certificate_request_int(gnutls_session_t session, gnutls_buff
+ return gnutls_assert_val(ret);
+
+ gnutls_free(session->internals.post_handshake_cr_context.data);
+- session->internals.post_handshake_cr_context.data = NULL;
+ ret = _gnutls_set_datum(&session->internals.post_handshake_cr_context,
+ context.data, context.size);
+ if (ret < 0)
+@@ -279,7 +278,6 @@ int _gnutls13_send_certificate_request(gnutls_session_t session, unsigned again)
+ }
+
+ gnutls_free(session->internals.post_handshake_cr_context.data);
+- session->internals.post_handshake_cr_context.data = NULL;
+ ret = _gnutls_set_datum(&session->internals.post_handshake_cr_context,
+ rnd, sizeof(rnd));
+ if (ret < 0) {
+diff --git a/lib/tpm.c b/lib/tpm.c
+index ee53c7154..03565acb0 100644
+--- a/lib/tpm.c
++++ b/lib/tpm.c
+@@ -1645,10 +1645,8 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
+ gnutls_pubkey_deinit(pub);
+ privkey_cleanup:
+ gnutls_free(privkey->data);
+- privkey->data = NULL;
+ cleanup:
+ gnutls_free(tmpkey.data);
+- tmpkey.data = NULL;
+ err_sa:
+ pTspi_Context_CloseObject(s.tpm_ctx, key_ctx);
+ err_cc:
+diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
+index db54b3ea2..55cae94c3 100644
+--- a/lib/x509/ocsp.c
++++ b/lib/x509/ocsp.c
+@@ -162,7 +162,6 @@ void gnutls_ocsp_resp_deinit(gnutls_ocsp_resp_t resp)
+ asn1_delete_structure(&resp->basicresp);
+
+ resp->resp = NULL;
+- resp->response_type_oid.data = NULL;
+ resp->basicresp = NULL;
+
+ gnutls_free(resp->der.data);
+@@ -299,7 +298,6 @@ gnutls_ocsp_resp_import2(gnutls_ocsp_resp_t resp,
+ }
+
+ gnutls_free(resp->der.data);
+- resp->der.data = NULL;
+ }
+
+ resp->init = 1;
+@@ -1668,18 +1666,12 @@ gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp,
+
+ return GNUTLS_E_SUCCESS;
+ fail:
+- if (issuer_name_hash) {
++ if (issuer_name_hash)
+ gnutls_free(issuer_name_hash->data);
+- issuer_name_hash->data = NULL;
+- }
+- if (issuer_key_hash) {
++ if (issuer_key_hash)
+ gnutls_free(issuer_key_hash->data);
+- issuer_key_hash->data = NULL;
+- }
+- if (serial_number) {
++ if (serial_number)
+ gnutls_free(serial_number->data);
+- serial_number->data = NULL;
+- }
+ return ret;
+ }
+
+@@ -1955,7 +1947,6 @@ gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_t resp,
+ }
+
+ gnutls_free(c.data);
+- c.data = NULL;
+ }
+
+ tmpcerts[ctr] = NULL;
+diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c
+index 26d2142ea..35d12ac4b 100644
+--- a/lib/x509/pkcs12_bag.c
++++ b/lib/x509/pkcs12_bag.c
+@@ -62,7 +62,6 @@ static inline void _pkcs12_bag_free_data(gnutls_pkcs12_bag_t bag)
+ _gnutls_free_datum(&bag->element[i].data);
+ _gnutls_free_datum(&bag->element[i].local_key_id);
+ gnutls_free(bag->element[i].friendly_name);
+- bag->element[i].friendly_name = NULL;
+ bag->element[i].type = 0;
+ }
+
+diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c
+index c2b00e61c..39eb7784b 100644
+--- a/lib/x509/pkcs7-crypt.c
++++ b/lib/x509/pkcs7-crypt.c
+@@ -1269,7 +1269,6 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
+ _gnutls_cipher_init(&ch, ce, &dkey, &d_iv, 0);
+
+ gnutls_free(key);
+- key = NULL;
+
+ if (ret < 0) {
+ gnutls_assert();
+diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
+index 955cb5ae9..8ae7b3e78 100644
+--- a/lib/x509/pkcs7.c
++++ b/lib/x509/pkcs7.c
+@@ -692,7 +692,6 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx,
+
+ ret = gnutls_pkcs7_add_attr(&info->signed_attrs, oid, &tmp, 0);
+ gnutls_free(tmp.data);
+- tmp.data = NULL;
+
+ if (ret < 0) {
+ gnutls_assert();
+@@ -730,7 +729,6 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx,
+ ret =
+ gnutls_pkcs7_add_attr(&info->unsigned_attrs, oid, &tmp, 0);
+ gnutls_free(tmp.data);
+- tmp.data = NULL;
+
+ if (ret < 0) {
+ gnutls_assert();
+@@ -842,9 +840,7 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root,
+ }
+
+ gnutls_free(tmp.data);
+- tmp.data = NULL;
+ gnutls_free(tmp2.data);
+- tmp2.data = NULL;
+ }
+
+ if (msg_digest_ok)
+@@ -1087,7 +1083,6 @@ static gnutls_x509_crt_t find_verified_issuer_of(gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_deinit(issuer);
+ issuer = NULL;
+ gnutls_free(tmp.data);
+- tmp.data = NULL;
+ continue;
+ }
+
+@@ -1204,7 +1199,6 @@ static gnutls_x509_crt_t find_child_of_with_serial(gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_deinit(crt);
+ crt = NULL;
+ gnutls_free(tmpdata.data);
+- tmpdata.data = NULL;
+ continue;
+ }
+ } else {
+diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
+index 92dea06b0..56000ff12 100644
+--- a/lib/x509/privkey_pkcs8.c
++++ b/lib/x509/privkey_pkcs8.c
+@@ -600,7 +600,6 @@ gnutls_pkcs8_info(const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format,
+ cleanup:
+ if (ret != GNUTLS_E_UNKNOWN_CIPHER_TYPE && oid) {
+ gnutls_free(*oid);
+- *oid = NULL;
+ }
+ if (need_free)
+ _gnutls_free_datum(&_data);
+diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c
+index 8ba2f2a3e..b9aed5cf4 100644
+--- a/lib/x509/verify-high2.c
++++ b/lib/x509/verify-high2.c
+@@ -178,7 +178,6 @@ int remove_pkcs11_url(gnutls_x509_trust_list_t list, const char *ca_file)
+ {
+ if (strcmp(ca_file, list->pkcs11_token) == 0) {
+ gnutls_free(list->pkcs11_token);
+- list->pkcs11_token = NULL;
+ }
+ return 0;
+ }
+diff --git a/lib/x509/virt-san.c b/lib/x509/virt-san.c
+index f3b87135b..a81337e25 100644
+--- a/lib/x509/virt-san.c
++++ b/lib/x509/virt-san.c
+@@ -70,7 +70,6 @@ int _gnutls_alt_name_assign_virt_type(struct name_st *name, unsigned type, gnutl
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ gnutls_free(san->data);
+- san->data = NULL;
+
+ if (othername_oid) {
+ name->othername_oid.data = (uint8_t *) othername_oid;
+diff --git a/lib/x509/x509.c b/lib/x509/x509.c
+index 4aff55eba..c149881f6 100644
+--- a/lib/x509/x509.c
++++ b/lib/x509/x509.c
+@@ -383,7 +383,6 @@ static int cache_alt_names(gnutls_x509_crt_t cert)
+ if (ret >= 0) {
+ ret = gnutls_x509_ext_import_subject_alt_names(&tmpder, cert->san, 0);
+ gnutls_free(tmpder.data);
+- tmpder.data = NULL;
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+@@ -3680,7 +3679,6 @@ gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs,
+
+ if (ret < 0) {
+ gnutls_free(*certs);
+- *certs = NULL;
+ return ret;
+ }
+
+@@ -4310,7 +4308,6 @@ gnutls_x509_crt_list_import_url(gnutls_x509_crt_t **certs,
+
+ if (gnutls_x509_crt_equals2(crts[i-1], &issuer)) {
+ gnutls_free(issuer.data);
+- issuer.data = NULL;
+ break;
+ }
+
+@@ -4331,7 +4328,6 @@ gnutls_x509_crt_list_import_url(gnutls_x509_crt_t **certs,
+ }
+
+ gnutls_free(issuer.data);
+- issuer.data = NULL;
+ }
+
+ *certs = gnutls_malloc(total*sizeof(gnutls_x509_crt_t));
+diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
+index 58c3263d1..477cf03c4 100644
+--- a/lib/x509/x509_ext.c
++++ b/lib/x509/x509_ext.c
+@@ -1994,7 +1994,6 @@ int gnutls_x509_ext_import_policies(const gnutls_datum_t * ext,
+ ret =
+ decode_user_notice(td.data, td.size, &txt);
+ gnutls_free(td.data);
+- td.data = NULL;
+
+ if (ret < 0) {
+ gnutls_assert();
+diff --git a/lib/x509_b64.c b/lib/x509_b64.c
+index 9a1037405..3117843be 100644
+--- a/lib/x509_b64.c
++++ b/lib/x509_b64.c
+@@ -302,7 +302,6 @@ _gnutls_base64_decode(const uint8_t * data, size_t data_size,
+
+ fail:
+ gnutls_free(result->data);
+- result->data = NULL;
+
+ cleanup:
+ gnutls_free(pdata.data);
+diff --git a/tests/cert.c b/tests/cert.c
+index da0ab23df..ec566a4a4 100644
+--- a/tests/cert.c
++++ b/tests/cert.c
+@@ -89,7 +89,6 @@ static int getnextcert(DIR **dirp, gnutls_datum_t *der, int *exp_ret)
+ *exp_ret = atoi((char*)local.data);
+ success("expecting error code %d\n", *exp_ret);
+ gnutls_free(local.data);
+- local.data = NULL;
+ }
+
+ return 0;
+@@ -135,7 +134,6 @@ void doit(void)
+
+ gnutls_x509_crt_deinit(cert);
+ gnutls_free(der.data);
+- der.data = NULL;
+ der.size = 0;
+ exp_ret = -1;
+ }
+diff --git a/tests/name-constraints-ip.c b/tests/name-constraints-ip.c
+index 3dd4ff2cb..ed96109c7 100644
+--- a/tests/name-constraints-ip.c
++++ b/tests/name-constraints-ip.c
+@@ -78,7 +78,6 @@ static void check_test_result(int ret, int expected_outcome,
+ static void parse_cidr(const char* cidr, gnutls_datum_t *datum) {
+ if (datum->data != NULL) {
+ gnutls_free(datum->data);
+- datum->data = NULL;
+ }
+ int ret = gnutls_x509_cidr_to_rfc5280(cidr, datum);
+ check_for_error(ret);
+@@ -699,7 +698,7 @@ static int teardown(void **state) {
+ gnutls_free(test_vars->ip.data);
+ gnutls_x509_name_constraints_deinit(test_vars->nc);
+ gnutls_x509_name_constraints_deinit(test_vars->nc2);
+- gnutls_free(test_vars);
++ gnutls_free(*state);
+ return 0;
+ }
+
+diff --git a/tests/pkcs11/pkcs11-import-url-privkey.c b/tests/pkcs11/pkcs11-import-url-privkey.c
+index cb44fb1e5..c7e06eb1a 100644
+--- a/tests/pkcs11/pkcs11-import-url-privkey.c
++++ b/tests/pkcs11/pkcs11-import-url-privkey.c
+@@ -85,7 +85,6 @@ void doit(void)
+ for (i=0;i<obj_list_size;i++)
+ gnutls_pkcs11_obj_deinit(obj_list[i]);
+ gnutls_free(obj_list);
+- obj_list = NULL;
+ obj_list_size = 0;
+
+ #ifndef _WIN32
+@@ -116,7 +115,6 @@ void doit(void)
+ for (i=0;i<obj_list_size;i++)
+ gnutls_pkcs11_obj_deinit(obj_list[i]);
+ gnutls_free(obj_list);
+- obj_list = NULL;
+ obj_list_size = 0;
+ }
+ #endif
+diff --git a/tests/pkcs11/pkcs11-privkey-always-auth.c b/tests/pkcs11/pkcs11-privkey-always-auth.c
+index 3561c412f..441f63722 100644
+--- a/tests/pkcs11/pkcs11-privkey-always-auth.c
++++ b/tests/pkcs11/pkcs11-privkey-always-auth.c
+@@ -175,7 +175,6 @@ void doit(void)
+ pin_called = 0;
+
+ gnutls_free(sig.data);
+- sig.data = NULL;
+
+ /* call again - should re-authenticate */
+ ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig);
+@@ -190,7 +189,6 @@ void doit(void)
+ pin_called = 0;
+
+ gnutls_free(sig.data);
+- sig.data = NULL;
+
+ if (debug)
+ printf("done\n\n\n");
+diff --git a/tests/pkcs11/pkcs11-privkey-fork-reinit.c b/tests/pkcs11/pkcs11-privkey-fork-reinit.c
+index 1535d644f..a72584225 100644
+--- a/tests/pkcs11/pkcs11-privkey-fork-reinit.c
++++ b/tests/pkcs11/pkcs11-privkey-fork-reinit.c
+@@ -123,7 +123,6 @@ void doit(void)
+ }
+
+ gnutls_free(sig.data);
+- sig.data = NULL;
+
+ pid = fork();
+ if (pid != 0) {
+diff --git a/tests/pkcs11/pkcs11-privkey-fork.c b/tests/pkcs11/pkcs11-privkey-fork.c
+index 9d301d7d6..b99755c73 100644
+--- a/tests/pkcs11/pkcs11-privkey-fork.c
++++ b/tests/pkcs11/pkcs11-privkey-fork.c
+@@ -123,7 +123,6 @@ void doit(void)
+ }
+
+ gnutls_free(sig.data);
+- sig.data = NULL;
+
+ pid = fork();
+ if (pid != 0) {
+diff --git a/tests/pkcs11/pkcs11-privkey-safenet-always-auth.c b/tests/pkcs11/pkcs11-privkey-safenet-always-auth.c
+index 1b5b34054..a4ab5b5aa 100644
+--- a/tests/pkcs11/pkcs11-privkey-safenet-always-auth.c
++++ b/tests/pkcs11/pkcs11-privkey-safenet-always-auth.c
+@@ -157,7 +157,6 @@ void doit(void)
+ pin_called = 0;
+
+ gnutls_free(sig.data);
+- sig.data = NULL;
+
+ /* call again - should re-authenticate */
+ ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig);
+@@ -172,7 +171,6 @@ void doit(void)
+ pin_called = 0;
+
+ gnutls_free(sig.data);
+- sig.data = NULL;
+
+ if (debug)
+ printf("done\n\n\n");
+diff --git a/tests/pkcs7.c b/tests/pkcs7.c
+index a490976fc..2d5a5548d 100644
+--- a/tests/pkcs7.c
++++ b/tests/pkcs7.c
+@@ -90,7 +90,6 @@ static int getnextfile(DIR **dirp, gnutls_datum_t *der, int *exp_ret)
+ *exp_ret = atoi((char*)local.data);
+ success("expecting error code %d\n", *exp_ret);
+ gnutls_free(local.data);
+- local.data = NULL;
+ }
+
+ return 0;
+@@ -134,7 +133,6 @@ void doit(void)
+
+ gnutls_pkcs7_deinit(cert);
+ gnutls_free(der.data);
+- der.data = NULL;
+ der.size = 0;
+ exp_ret = -1;
+ }
+diff --git a/tests/resume-dtls.c b/tests/resume-dtls.c
+index 9e6327c7f..b5b214313 100644
+--- a/tests/resume-dtls.c
++++ b/tests/resume-dtls.c
+@@ -363,7 +363,6 @@ static void server(int sds[], struct params_res *params)
+ }
+
+ gnutls_free(session_ticket_key.data);
+- session_ticket_key.data = NULL;
+ gnutls_anon_free_server_credentials(anoncred);
+
+ if (debug)
+diff --git a/tests/resume.c b/tests/resume.c
+index 84314b836..3dc225136 100644
+--- a/tests/resume.c
++++ b/tests/resume.c
+@@ -873,7 +873,6 @@ static void server(int sds[], struct params_res *params)
+ }
+
+ gnutls_free(session_ticket_key.data);
+- session_ticket_key.data = NULL;
+
+ if (debug)
+ success("server: finished\n");
+diff --git a/tests/sign-verify-data.c b/tests/sign-verify-data.c
+index 3aa261175..558ad2253 100644
+--- a/tests/sign-verify-data.c
++++ b/tests/sign-verify-data.c
+@@ -153,7 +153,6 @@ void doit(void)
+
+ /* test the raw interface */
+ gnutls_free(signature.data);
+- signature.data = NULL;
+
+ gnutls_free(signature.data);
+ gnutls_x509_crt_deinit(crt);
+diff --git a/tests/sign-verify-ext.c b/tests/sign-verify-ext.c
+index eecb1f357..cc80bf907 100644
+--- a/tests/sign-verify-ext.c
++++ b/tests/sign-verify-ext.c
+@@ -186,9 +186,7 @@ void doit(void)
+
+ /* test the raw interface */
+ gnutls_free(signature.data);
+- signature.data = NULL;
+ gnutls_free(signature2.data);
+- signature2.data = NULL;
+
+ if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) ==
+ GNUTLS_PK_RSA) {
+diff --git a/tests/sign-verify-ext4.c b/tests/sign-verify-ext4.c
+index 81aa345bf..be582ec14 100644
+--- a/tests/sign-verify-ext4.c
++++ b/tests/sign-verify-ext4.c
+@@ -227,7 +227,6 @@ void doit(void)
+ testfail("gnutls_pubkey_verify_data2\n");
+
+ gnutls_free(signature.data);
+- signature.data = NULL;
+
+
+ if (!tests[i].data_only) {
+@@ -243,7 +242,6 @@ void doit(void)
+ testfail("gnutls_pubkey_verify_hash2-1 (hashed data)\n");
+
+ gnutls_free(signature2.data);
+- signature2.data = NULL;
+ }
+
+ if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) ==
+diff --git a/tests/sign-verify.c b/tests/sign-verify.c
+index 1fbed5ece..5a14741fc 100644
+--- a/tests/sign-verify.c
++++ b/tests/sign-verify.c
+@@ -206,7 +206,6 @@ void doit(void)
+
+ /* test the raw interface */
+ gnutls_free(signature.data);
+- signature.data = NULL;
+
+ if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) ==
+ GNUTLS_PK_RSA) {
+diff --git a/tests/x509-extensions.c b/tests/x509-extensions.c
+index d480f8364..a062c1ba8 100644
+--- a/tests/x509-extensions.c
++++ b/tests/x509-extensions.c
+@@ -767,7 +767,6 @@ void doit(void)
+ }
+ }
+ gnutls_free(ext.data);
+- ext.data = NULL;
+ }
+
+ if (debug)
+diff --git a/tests/x509sign-verify-error.c b/tests/x509sign-verify-error.c
+index 54bdc40ab..97c966685 100644
+--- a/tests/x509sign-verify-error.c
++++ b/tests/x509sign-verify-error.c
+@@ -181,7 +181,6 @@ void doit(void)
+ fail("gnutls_privkey_sign_hash\n");
+
+ gnutls_free(signature2.data);
+- signature2.data = NULL;
+
+ _gnutls_lib_simulate_error();
+ ret = gnutls_privkey_sign_hash(privkey, GNUTLS_DIG_SHA1, 0,
+--
+2.22.0.vfs.1.1.57.gbaf16c8
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch b/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch
new file mode 100644
index 0000000000..d27ea4a918
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch
@@ -0,0 +1,36 @@
+From bf616850cf20af2bec3d68b82e6ac610ee8fc404 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Tue, 12 Feb 2019 15:20:23 +0100
+Subject: [PATCH 3/3] gnutls_x509_crt_init: Fix dereference of NULL pointer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
+
+CVE: CVE-2019-3829
+Upstream-Status: Backport
+[https://gitlab.com/gnutls/gnutls/commit/6b5cbc9ea5bdca704bdbe2f8fb551f720d634bc6]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ lib/x509/x509.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/x509/x509.c b/lib/x509/x509.c
+index c149881f6..cc232ea50 100644
+--- a/lib/x509/x509.c
++++ b/lib/x509/x509.c
+@@ -224,8 +224,8 @@ int gnutls_x509_crt_init(gnutls_x509_crt_t * cert)
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&tmp->cert);
+- gnutls_free(tmp);
+ gnutls_subject_alt_names_deinit(tmp->san);
++ gnutls_free(tmp);
+ return result;
+ }
+
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch b/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch
new file mode 100644
index 0000000000..4aeb689347
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch
@@ -0,0 +1,35 @@
+From c68195f0ff65144d7e0c32f4de5f264c4012983a Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Mon, 25 Mar 2019 16:06:39 +0100
+Subject: [PATCH] handshake: add missing initialization of local variable
+
+Resolves: #704
+
+Signed-off-by: Daiki Ueno <dueno@redhat.com>
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+CVE: CVE-2019-3836
+Upstream-Status: Backport
+[https://gitlab.com/gnutls/gnutls/commit/96e07075e8f105b13e76b11e493d5aa2dd937226]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ lib/handshake-tls13.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c
+index 06c7c01d2..82689b5d8 100644
+--- a/lib/handshake-tls13.c
++++ b/lib/handshake-tls13.c
+@@ -534,6 +534,8 @@ _gnutls13_recv_async_handshake(gnutls_session_t session)
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+
+ do {
++ _gnutls_handshake_buffer_init(&hsk);
++
+ /* the received handshake message has already been pushed into
+ * handshake buffers. As we do not need to use the handshake hash
+ * buffers we call the lower level receive functions */
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+
diff --git a/meta/recipes-support/gnutls/gnutls_3.6.4.bb b/meta/recipes-support/gnutls/gnutls_3.6.4.bb
index 6d2a11df34..30873f00db 100644
--- a/meta/recipes-support/gnutls/gnutls_3.6.4.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.6.4.bb
@@ -19,6 +19,10 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \
file://arm_eabi.patch \
+ file://CVE-2019-3829_p1.patch \
+ file://CVE-2019-3829_p2.patch \
+ file://CVE-2019-3829_p3.patch \
+ file://CVE-2019-3836.patch \
"
SRC_URI[md5sum] = "63363d1c00601f4d11a5cadc8b5e0799"
diff --git a/meta/recipes-support/iso-codes/iso-codes_4.1.bb b/meta/recipes-support/iso-codes/iso-codes_4.1.bb
index 1761ded44e..a70513033d 100644
--- a/meta/recipes-support/iso-codes/iso-codes_4.1.bb
+++ b/meta/recipes-support/iso-codes/iso-codes_4.1.bb
@@ -5,7 +5,7 @@ BUGTRACKER = "https://salsa.debian.org/iso-codes-team/iso-codes/issues"
LICENSE = "LGPLv2.1"
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
-SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=http"
+SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=http;branch=main;"
SRCREV = "164802d5fd8c7a8167816fd86a62b286680619f0"
# inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which
diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2017-7961.patch b/meta/recipes-support/libcroco/libcroco/CVE-2017-7961.patch
new file mode 100644
index 0000000000..35471ec7ee
--- /dev/null
+++ b/meta/recipes-support/libcroco/libcroco/CVE-2017-7961.patch
@@ -0,0 +1,45 @@
+CVE: CVE-2017-7961
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 9ad72875e9f08e4c519ef63d44cdbd94aa9504f7 Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Sun, 16 Apr 2017 13:56:09 +0200
+Subject: [PATCH] tknzr: support only max long rgb values
+
+This fixes a possible out of bound when reading rgbs which
+are longer than the support MAXLONG
+---
+ src/cr-tknzr.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/cr-tknzr.c b/src/cr-tknzr.c
+index 1a7cfeb..1548c35 100644
+--- a/src/cr-tknzr.c
++++ b/src/cr-tknzr.c
+@@ -1279,6 +1279,11 @@ cr_tknzr_parse_rgb (CRTknzr * a_this, CRRgb ** a_rgb)
+ status = cr_tknzr_parse_num (a_this, &num);
+ ENSURE_PARSING_COND ((status == CR_OK) && (num != NULL));
+
++ if (num->val > G_MAXLONG) {
++ status = CR_PARSING_ERROR;
++ goto error;
++ }
++
+ red = num->val;
+ cr_num_destroy (num);
+ num = NULL;
+@@ -1298,6 +1303,11 @@ cr_tknzr_parse_rgb (CRTknzr * a_this, CRRgb ** a_rgb)
+ status = cr_tknzr_parse_num (a_this, &num);
+ ENSURE_PARSING_COND ((status == CR_OK) && (num != NULL));
+
++ if (num->val > G_MAXLONG) {
++ status = CR_PARSING_ERROR;
++ goto error;
++ }
++
+ PEEK_BYTE (a_this, 1, &next_bytes[0]);
+ if (next_bytes[0] == '%') {
+ SKIP_CHARS (a_this, 1);
+--
+2.18.1
diff --git a/meta/recipes-support/libcroco/libcroco_0.6.12.bb b/meta/recipes-support/libcroco/libcroco_0.6.12.bb
index 5b962ee738..f95a583134 100644
--- a/meta/recipes-support/libcroco/libcroco_0.6.12.bb
+++ b/meta/recipes-support/libcroco/libcroco_0.6.12.bb
@@ -16,7 +16,9 @@ BINCONFIG = "${bindir}/croco-0.6-config"
inherit gnomebase gtk-doc binconfig-disabled
-SRC_URI += "file://CVE-2017-7960.patch"
+SRC_URI += "file://CVE-2017-7960.patch \
+ file://CVE-2017-7961.patch \
+ "
SRC_URI[archive.md5sum] = "bc0984fce078ba2ce29f9500c6b9ddce"
SRC_URI[archive.sha256sum] = "ddc4b5546c9fb4280a5017e2707fbd4839034ed1aba5b7d4372212f34f84f860"
diff --git a/meta/recipes-support/libexif/libexif/CVE-2016-6328.patch b/meta/recipes-support/libexif/libexif/CVE-2016-6328.patch
new file mode 100644
index 0000000000..a6f307439b
--- /dev/null
+++ b/meta/recipes-support/libexif/libexif/CVE-2016-6328.patch
@@ -0,0 +1,64 @@
+CVE: CVE-2016-6328
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <marcus@jet.franken.de>
+Date: Tue, 25 Jul 2017 23:44:44 +0200
+Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
+ makernote entries.
+
+This should fix:
+https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
+---
+ libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
+index d03d159..ea0429a 100644
+--- a/libexif/pentax/mnote-pentax-entry.c
++++ b/libexif/pentax/mnote-pentax-entry.c
+@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
+ case EXIF_FORMAT_SHORT:
+ {
+ const unsigned char *data = entry->data;
+- size_t k, len = strlen(val);
++ size_t k, len = strlen(val), sizeleft;
++
++ sizeleft = entry->size;
+ for(k=0; k<entry->components; k++) {
++ if (sizeleft < 2)
++ break;
+ vs = exif_get_short (data, entry->order);
+ snprintf (val+len, maxlen-len, "%i ", vs);
+ len = strlen(val);
+ data += 2;
++ sizeleft -= 2;
+ }
+ }
+ break;
+ case EXIF_FORMAT_LONG:
+ {
+ const unsigned char *data = entry->data;
+- size_t k, len = strlen(val);
++ size_t k, len = strlen(val), sizeleft;
++
++ sizeleft = entry->size;
+ for(k=0; k<entry->components; k++) {
++ if (sizeleft < 4)
++ break;
+ vl = exif_get_long (data, entry->order);
+ snprintf (val+len, maxlen-len, "%li", (long int) vl);
+ len = strlen(val);
+ data += 4;
++ sizeleft -= 4;
+ }
+ }
+ break;
+@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
+ break;
+ }
+
+- return (val);
++ return val;
+ }
diff --git a/meta/recipes-support/libexif/libexif/CVE-2018-20030.patch b/meta/recipes-support/libexif/libexif/CVE-2018-20030.patch
new file mode 100644
index 0000000000..76233e6dc9
--- /dev/null
+++ b/meta/recipes-support/libexif/libexif/CVE-2018-20030.patch
@@ -0,0 +1,115 @@
+CVE: CVE-2018-20030
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 6aa11df549114ebda520dde4cdaea2f9357b2c89 Mon Sep 17 00:00:00 2001
+From: Dan Fandrich <dan@coneharvesters.com>
+Date: Fri, 12 Oct 2018 16:01:45 +0200
+Subject: [PATCH] Improve deep recursion detection in
+ exif_data_load_data_content.
+
+The existing detection was still vulnerable to pathological cases
+causing DoS by wasting CPU. The new algorithm takes the number of tags
+into account to make it harder to abuse by cases using shallow recursion
+but with a very large number of tags. This improves on commit 5d28011c
+which wasn't sufficient to counter this kind of case.
+
+The limitation in the previous fix was discovered by Laurent Delosieres,
+Secunia Research at Flexera (Secunia Advisory SA84652) and is assigned
+the identifier CVE-2018-20030.
+
+diff --git a/libexif/exif-data.c b/libexif/exif-data.c
+index 67df4db..8d9897e 100644
+--- a/libexif/exif-data.c
++++ b/libexif/exif-data.c
+@@ -35,6 +35,7 @@
+ #include <libexif/olympus/exif-mnote-data-olympus.h>
+ #include <libexif/pentax/exif-mnote-data-pentax.h>
+
++#include <math.h>
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <string.h>
+@@ -344,6 +345,20 @@ if (data->ifd[(i)]->count) { \
+ break; \
+ }
+
++/*! Calculate the recursion cost added by one level of IFD loading.
++ *
++ * The work performed is related to the cost in the exponential relation
++ * work=1.1**cost
++ */
++static unsigned int
++level_cost(unsigned int n)
++{
++ static const double log_1_1 = 0.09531017980432493;
++
++ /* Adding 0.1 protects against the case where n==1 */
++ return ceil(log(n + 0.1)/log_1_1);
++}
++
+ /*! Load data for an IFD.
+ *
+ * \param[in,out] data #ExifData
+@@ -351,13 +366,13 @@ if (data->ifd[(i)]->count) { \
+ * \param[in] d pointer to buffer containing raw IFD data
+ * \param[in] ds size of raw data in buffer at \c d
+ * \param[in] offset offset into buffer at \c d at which IFD starts
+- * \param[in] recursion_depth number of times this function has been
+- * recursively called without returning
++ * \param[in] recursion_cost factor indicating how expensive this recursive
++ * call could be
+ */
+ static void
+ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ const unsigned char *d,
+- unsigned int ds, unsigned int offset, unsigned int recursion_depth)
++ unsigned int ds, unsigned int offset, unsigned int recursion_cost)
+ {
+ ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
+ ExifShort n;
+@@ -372,9 +387,20 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT))
+ return;
+
+- if (recursion_depth > 30) {
++ if (recursion_cost > 170) {
++ /*
++ * recursion_cost is a logarithmic-scale indicator of how expensive this
++ * recursive call might end up being. It is an indicator of the depth of
++ * recursion as well as the potential for worst-case future recursive
++ * calls. Since it's difficult to tell ahead of time how often recursion
++ * will occur, this assumes the worst by assuming every tag could end up
++ * causing recursion.
++ * The value of 170 was chosen to limit typical EXIF structures to a
++ * recursive depth of about 6, but pathological ones (those with very
++ * many tags) to only 2.
++ */
+ exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
+- "Deep recursion detected!");
++ "Deep/expensive recursion detected!");
+ return;
+ }
+
+@@ -416,15 +442,18 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ switch (tag) {
+ case EXIF_TAG_EXIF_IFD_POINTER:
+ CHECK_REC (EXIF_IFD_EXIF);
+- exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1);
++ exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o,
++ recursion_cost + level_cost(n));
+ break;
+ case EXIF_TAG_GPS_INFO_IFD_POINTER:
+ CHECK_REC (EXIF_IFD_GPS);
+- exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1);
++ exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o,
++ recursion_cost + level_cost(n));
+ break;
+ case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
+ CHECK_REC (EXIF_IFD_INTEROPERABILITY);
+- exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1);
++ exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o,
++ recursion_cost + level_cost(n));
+ break;
+ case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
+ thumbnail_offset = o;
diff --git a/meta/recipes-support/libexif/libexif_0.6.21.bb b/meta/recipes-support/libexif/libexif_0.6.21.bb
index b550a1125c..4cb7e6b8dd 100644
--- a/meta/recipes-support/libexif/libexif_0.6.21.bb
+++ b/meta/recipes-support/libexif/libexif_0.6.21.bb
@@ -5,7 +5,9 @@ LICENSE = "LGPLv2.1"
LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad"
SRC_URI = "${SOURCEFORGE_MIRROR}/libexif/libexif-${PV}.tar.bz2 \
- file://CVE-2017-7544.patch"
+ file://CVE-2017-7544.patch \
+ file://CVE-2016-6328.patch \
+ file://CVE-2018-20030.patch"
SRC_URI[md5sum] = "27339b89850f28c8f1c237f233e05b27"
SRC_URI[sha256sum] = "16cdaeb62eb3e6dfab2435f7d7bccd2f37438d21c5218ec4e58efa9157d4d41a"
diff --git a/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p1.patch b/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p1.patch
new file mode 100644
index 0000000000..cda52119ba
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p1.patch
@@ -0,0 +1,176 @@
+From 263ad8ae08f287e32656d4e3e0116479f3d9ad9d Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Fri, 31 May 2019 17:27:25 +0300
+Subject: [PATCH] GCM: move look-up table to .data section and unshare between processes
+Reply-To: shuagr@microsoft.com
+
+CVE: CVE-2019-12904_p1
+Upstream-Status: Backport
+Signed-off-by: Shubham Agrawal<shuagr@microsoft.com>
+Upstream-commit : https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
+
+* cipher/cipher-gcm.c (ATTR_ALIGNED_64): New.
+(gcmR): Move to 'gcm_table' structure.
+(gcm_table): New structure for look-up table with counters before and
+after.
+(gcmR): New macro.
+(prefetch_table): Handle input with length not multiple of 256.
+(do_prefetch_tables): Modify pre- and post-table counters to unshare
+look-up table pages between processes.
+--
+GnuPG-bug-id: 4541
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+---
+ cipher/cipher-gcm.c | 129 ++++++++++++++++++++++++++++++++++++++--------------
+ 1 file changed, 95 insertions(+), 34 deletions(-)
+
+diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
+index 6169d14..97a8015 100644
+--- a/cipher/cipher-gcm.c
++++ b/cipher/cipher-gcm.c
+@@ -30,6 +30,14 @@
+ #include "./cipher-internal.h"
+
+
++/* Helper macro to force alignment to 16 or 64 bytes. */
++#ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
++# define ATTR_ALIGNED_64 __attribute__ ((aligned (64)))
++#else
++# define ATTR_ALIGNED_64
++#endif
++
++
+ #ifdef GCM_USE_INTEL_PCLMUL
+ extern void _gcry_ghash_setup_intel_pclmul (gcry_cipher_hd_t c);
+
+@@ -63,40 +71,93 @@ ghash_armv8_ce_pmull (gcry_cipher_hd_t c, byte *result, const byte *buf,
+
+
+ #ifdef GCM_USE_TABLES
+-static const u16 gcmR[256] = {
+- 0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e,
+- 0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e,
+- 0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e,
+- 0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e,
+- 0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e,
+- 0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e,
+- 0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e,
+- 0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e,
+- 0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce,
+- 0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde,
+- 0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee,
+- 0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe,
+- 0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e,
+- 0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e,
+- 0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae,
+- 0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe,
+- 0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e,
+- 0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e,
+- 0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e,
+- 0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e,
+- 0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e,
+- 0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e,
+- 0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e,
+- 0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e,
+- 0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce,
+- 0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade,
+- 0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee,
+- 0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe,
+- 0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e,
+- 0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e,
+- 0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae,
+- 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
+-};
++static struct
++{
++ volatile u32 counter_head;
++ u32 cacheline_align[64 / 4 - 1];
++ u16 R[256];
++ volatile u32 counter_tail;
++} gcm_table ATTR_ALIGNED_64 =
++ {
++ 0,
++ { 0, },
++ {
++ 0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e,
++ 0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e,
++ 0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e,
++ 0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e,
++ 0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e,
++ 0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e,
++ 0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e,
++ 0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e,
++ 0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce,
++ 0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde,
++ 0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee,
++ 0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe,
++ 0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e,
++ 0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e,
++ 0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae,
++ 0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe,
++ 0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e,
++ 0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e,
++ 0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e,
++ 0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e,
++ 0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e,
++ 0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e,
++ 0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e,
++ 0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e,
++ 0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce,
++ 0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade,
++ 0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee,
++ 0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe,
++ 0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e,
++ 0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e,
++ 0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae,
++ 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
++ },
++ 0
++ };
++
++#define gcmR gcm_table.R
++static inline
++void prefetch_table(const void *tab, size_t len)
++{
++ const volatile byte *vtab = tab;
++ size_t i;
++
++ for (i = 0; len - i >= 8 * 32; i += 8 * 32)
++ {
++ (void)vtab[i + 0 * 32];
++ (void)vtab[i + 1 * 32];
++ (void)vtab[i + 2 * 32];
++ (void)vtab[i + 3 * 32];
++ (void)vtab[i + 4 * 32];
++ (void)vtab[i + 5 * 32];
++ (void)vtab[i + 6 * 32];
++ (void)vtab[i + 7 * 32];
++ }
++ for (; i < len; i += 32)
++ {
++ (void)vtab[i];
++ }
++
++ (void)vtab[len - 1];
++}
++
++static inline void
++do_prefetch_tables (const void *gcmM, size_t gcmM_size)
++{
++ /* Modify counters to trigger copy-on-write and unsharing if physical pages
++ * of look-up table are shared between processes. Modifying counters also
++ * causes checksums for pages to change and hint same-page merging algorithm
++ * that these pages are frequently changing. */
++ gcm_table.counter_head++;
++ gcm_table.counter_tail++;
++
++ /* Prefetch look-up tables to cache. */
++ prefetch_table(gcmM, gcmM_size);
++ prefetch_table(&gcm_table, sizeof(gcm_table));
++}
+
+ #ifdef GCM_TABLES_USE_U64
+ static void
+--
+2.7.4
+
diff --git a/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p2.patch b/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p2.patch
new file mode 100644
index 0000000000..0cb503ed65
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p2.patch
@@ -0,0 +1,330 @@
+From a5c359cc68a4def9bf39f63070837d89711b4e17 Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Fri, 31 May 2019 17:18:09 +0300
+Subject: [PATCH] AES: move look-up tables to .data section and unshare between processes
+Reply-To: shuagr@microsoft.com
+
+CVE: CVE-2019-12904_p2
+Upstream-status: Backport
+Signed-off-by: Shubham Agrawal<shuagr@microsoft.com>
+Upstream-commit: https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
+
+* cipher/rijndael-internal.h (ATTR_ALIGNED_64): New.
+* cipher/rijndael-tables.h (encT): Move to 'enc_tables' structure.
+(enc_tables): New structure for encryption table with counters before
+and after.
+(encT): New macro.
+(dec_tables): Add counters before and after encryption table; Move
+from .rodata to .data section.
+(do_encrypt): Change 'encT' to 'enc_tables.T'.
+(do_decrypt): Change '&dec_tables' to 'dec_tables.T'.
+* cipher/cipher-gcm.c (prefetch_table): Make inline; Handle input
+with length not multiple of 256.
+(prefetch_enc, prefetch_dec): Modify pre- and post-table counters
+to unshare look-up table pages between processes.
+--
+
+GnuPG-bug-id: 4541
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+---
+ cipher/rijndael-internal.h | 4 +-
+ cipher/rijndael-tables.h | 155 +++++++++++++++++++++++++--------------------
+ cipher/rijndael.c | 35 ++++++++--
+ 3 files changed, 118 insertions(+), 76 deletions(-)
+
+diff --git a/cipher/rijndael-internal.h b/cipher/rijndael-internal.h
+index 160fb8c..a62d4b7 100644
+--- a/cipher/rijndael-internal.h
++++ b/cipher/rijndael-internal.h
+@@ -29,11 +29,13 @@
+ #define BLOCKSIZE (128/8)
+
+
+-/* Helper macro to force alignment to 16 bytes. */
++/* Helper macro to force alignment to 16 or 64 bytes. */
+ #ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
+ # define ATTR_ALIGNED_16 __attribute__ ((aligned (16)))
++# define ATTR_ALIGNED_64 __attribute__ ((aligned (64)))
+ #else
+ # define ATTR_ALIGNED_16
++# define ATTR_ALIGNED_64
+ #endif
+
+
+diff --git a/cipher/rijndael-tables.h b/cipher/rijndael-tables.h
+index 8359470..b54d959 100644
+--- a/cipher/rijndael-tables.h
++++ b/cipher/rijndael-tables.h
+@@ -21,80 +21,98 @@
+ /* To keep the actual implementation at a readable size we use this
+ include file to define the tables. */
+
+-static const u32 encT[256] =
++static struct
++{
++ volatile u32 counter_head;
++ u32 cacheline_align[64 / 4 - 1];
++ u32 T[256];
++ volatile u32 counter_tail;
++} enc_tables ATTR_ALIGNED_64 =
+ {
+- 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
+- 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
+- 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
+- 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
+- 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
+- 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
+- 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
+- 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
+- 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
+- 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
+- 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
+- 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
+- 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
+- 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
+- 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
+- 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
+- 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
+- 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
+- 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
+- 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
+- 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
+- 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
+- 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
+- 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
+- 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
+- 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
+- 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
+- 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
+- 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
+- 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
+- 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
+- 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
+- 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
+- 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
+- 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
+- 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
+- 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
+- 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
+- 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
+- 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
+- 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
+- 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
+- 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
+- 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
+- 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
+- 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
+- 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
+- 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
+- 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
+- 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
+- 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
+- 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
+- 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
+- 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
+- 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
+- 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
+- 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
+- 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
+- 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
+- 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
+- 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
+- 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
+- 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
+- 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c
++ 0,
++ { 0, },
++ {
++ 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
++ 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
++ 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
++ 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
++ 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
++ 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
++ 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
++ 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
++ 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
++ 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
++ 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
++ 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
++ 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
++ 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
++ 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
++ 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
++ 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
++ 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
++ 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
++ 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
++ 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
++ 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
++ 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
++ 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
++ 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
++ 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
++ 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
++ 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
++ 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
++ 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
++ 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
++ 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
++ 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
++ 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
++ 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
++ 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
++ 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
++ 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
++ 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
++ 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
++ 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
++ 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
++ 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
++ 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
++ 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
++ 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
++ 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
++ 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
++ 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
++ 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
++ 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
++ 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
++ 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
++ 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
++ 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
++ 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
++ 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
++ 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
++ 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
++ 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
++ 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
++ 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
++ 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
++ 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c
++ },
++ 0
+ };
+
+-static const struct
++#define encT enc_tables.T
++
++static struct
+ {
++ volatile u32 counter_head;
++ u32 cacheline_align[64 / 4 - 1];
+ u32 T[256];
+ byte inv_sbox[256];
+-} dec_tables =
++ volatile u32 counter_tail;
++} dec_tables ATTR_ALIGNED_64 =
+ {
++ 0,
++ { 0, },
+ {
+ 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
+ 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
+@@ -194,7 +212,8 @@ static const struct
+ 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
+ 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
+ 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
+- }
++ },
++ 0
+ };
+
+ #define decT dec_tables.T
+diff --git a/cipher/rijndael.c b/cipher/rijndael.c
+index 8637195..d0edab2 100644
+--- a/cipher/rijndael.c
++++ b/cipher/rijndael.c
+@@ -227,11 +227,11 @@ static const char *selftest(void);
+
+
+ /* Prefetching for encryption/decryption tables. */
+-static void prefetch_table(const volatile byte *tab, size_t len)
++static inline void prefetch_table(const volatile byte *tab, size_t len)
+ {
+ size_t i;
+
+- for (i = 0; i < len; i += 8 * 32)
++ for (i = 0; len - i >= 8 * 32; i += 8 * 32)
+ {
+ (void)tab[i + 0 * 32];
+ (void)tab[i + 1 * 32];
+@@ -242,17 +242,37 @@ static void prefetch_table(const volatile byte *tab, size_t len)
+ (void)tab[i + 6 * 32];
+ (void)tab[i + 7 * 32];
+ }
++ for (; i < len; i += 32)
++ {
++ (void)tab[i];
++ }
+
+ (void)tab[len - 1];
+ }
+
+ static void prefetch_enc(void)
+ {
+- prefetch_table((const void *)encT, sizeof(encT));
++ /* Modify counters to trigger copy-on-write and unsharing if physical pages
++ * of look-up table are shared between processes. Modifying counters also
++ * causes checksums for pages to change and hint same-page merging algorithm
++ * that these pages are frequently changing. */
++ enc_tables.counter_head++;
++ enc_tables.counter_tail++;
++
++ /* Prefetch look-up tables to cache. */
++ prefetch_table((const void *)&enc_tables, sizeof(enc_tables));
+ }
+
+ static void prefetch_dec(void)
+ {
++ /* Modify counters to trigger copy-on-write and unsharing if physical pages
++ * of look-up table are shared between processes. Modifying counters also
++ * causes checksums for pages to change and hint same-page merging algorithm
++ * that these pages are frequently changing. */
++ dec_tables.counter_head++;
++ dec_tables.counter_tail++;
++
++ /* Prefetch look-up tables to cache. */
+ prefetch_table((const void *)&dec_tables, sizeof(dec_tables));
+ }
+
+@@ -737,7 +757,7 @@ do_encrypt (const RIJNDAEL_context *ctx,
+ #ifdef USE_AMD64_ASM
+ # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS
+ return _gcry_aes_amd64_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds,
+- encT);
++ enc_tables.T);
+ # else
+ /* Call SystemV ABI function without storing non-volatile XMM registers,
+ * as target function does not use vector instruction sets. */
+@@ -757,7 +777,8 @@ do_encrypt (const RIJNDAEL_context *ctx,
+ return ret;
+ # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */
+ #elif defined(USE_ARM_ASM)
+- return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, encT);
++ return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds,
++ enc_tables.T);
+ #else
+ return do_encrypt_fn (ctx, bx, ax);
+ #endif /* !USE_ARM_ASM && !USE_AMD64_ASM*/
+@@ -1120,7 +1141,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx,
+ #ifdef USE_AMD64_ASM
+ # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS
+ return _gcry_aes_amd64_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds,
+- &dec_tables);
++ dec_tables.T);
+ # else
+ /* Call SystemV ABI function without storing non-volatile XMM registers,
+ * as target function does not use vector instruction sets. */
+@@ -1141,7 +1162,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx,
+ # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */
+ #elif defined(USE_ARM_ASM)
+ return _gcry_aes_arm_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds,
+- &dec_tables);
++ dec_tables.T);
+ #else
+ return do_decrypt_fn (ctx, bx, ax);
+ #endif /*!USE_ARM_ASM && !USE_AMD64_ASM*/
+--
+2.7.4
+
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb
index fda68a2938..13d037880b 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb
@@ -21,6 +21,8 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
file://0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch \
file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \
file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \
+ file://CVE-2019-12904_p1.patch \
+ file://CVE-2019-12904_p2.patch \
"
SRC_URI[md5sum] = "fbfdaebbbc6d7e5fbbf6ffdb3e139573"
SRC_URI[sha256sum] = "f638143a0672628fde0cad745e9b14deb85dffb175709cacc1f4fe24b93f2227"
diff --git a/meta/recipes-support/libgpg-error/libgpg-error/libgpg-error-1.35-gawk5-support.patch b/meta/recipes-support/libgpg-error/libgpg-error/libgpg-error-1.35-gawk5-support.patch
new file mode 100644
index 0000000000..dc3d558e24
--- /dev/null
+++ b/meta/recipes-support/libgpg-error/libgpg-error/libgpg-error-1.35-gawk5-support.patch
@@ -0,0 +1,161 @@
+Upstream-Status: Backport [https://dev.gnupg.org/T4459]
+Signed-off-by: Sean Nyekjaer <sean@geanix.com>
+
+From 37069826e497d6af01e3e48fe5d2220ae7f85449 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Mon, 15 Apr 2019 15:10:44 +0900
+Subject: [PATCH] awk: Prepare for Gawk 5.0.
+
+* src/Makefile.am: Use pkg_namespace (instead of namespace).
+* src/mkerrnos.awk: Likewise.
+* lang/cl/mkerrcodes.awk: Don't escape # in regexp.
+* src/mkerrcodes.awk, src/mkerrcodes1.awk, src/mkerrcodes2.awk: Ditto.
+
+--
+
+In Gawk 5.0, regexp routines are replaced by Gnulib implementation,
+which only allows escaping specific characters.
+
+GnuPG-bug-id: 4459
+Reported-by: Marius Schamschula
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ lang/cl/mkerrcodes.awk | 2 +-
+ src/Makefile.am | 2 +-
+ src/mkerrcodes.awk | 2 +-
+ src/mkerrcodes1.awk | 2 +-
+ src/mkerrcodes2.awk | 2 +-
+ src/mkerrnos.awk | 2 +-
+ src/mkstrtable.awk | 10 +++++-----
+ 7 files changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/lang/cl/mkerrcodes.awk b/lang/cl/mkerrcodes.awk
+index ae29043..9a1fc18 100644
+--- a/lang/cl/mkerrcodes.awk
++++ b/lang/cl/mkerrcodes.awk
+@@ -122,7 +122,7 @@ header {
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 42998e4..0ceac9f 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -281,7 +281,7 @@ code-from-errno.h: mkerrcodes Makefile
+
+ errnos-sym.h: Makefile mkstrtable.awk errnos.in
+ $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=2 -v nogettext=1 \
+- -v prefix=GPG_ERR_ -v namespace=errnos_ \
++ -v prefix=GPG_ERR_ -v pkg_namespace=errnos_ \
+ $(srcdir)/errnos.in >$@
+
+
+diff --git a/src/mkerrcodes.awk b/src/mkerrcodes.awk
+index 46d436c..e9c857c 100644
+--- a/src/mkerrcodes.awk
++++ b/src/mkerrcodes.awk
+@@ -85,7 +85,7 @@ header {
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+diff --git a/src/mkerrcodes1.awk b/src/mkerrcodes1.awk
+index a771a73..4578e29 100644
+--- a/src/mkerrcodes1.awk
++++ b/src/mkerrcodes1.awk
+@@ -81,7 +81,7 @@ header {
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+diff --git a/src/mkerrcodes2.awk b/src/mkerrcodes2.awk
+index ea58503..188f7a4 100644
+--- a/src/mkerrcodes2.awk
++++ b/src/mkerrcodes2.awk
+@@ -91,7 +91,7 @@ header {
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+diff --git a/src/mkerrnos.awk b/src/mkerrnos.awk
+index f79df66..15b1aad 100644
+--- a/src/mkerrnos.awk
++++ b/src/mkerrnos.awk
+@@ -83,7 +83,7 @@ header {
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+diff --git a/src/mkstrtable.awk b/src/mkstrtable.awk
+index c9de9c1..285e45f 100644
+--- a/src/mkstrtable.awk
++++ b/src/mkstrtable.awk
+@@ -77,7 +77,7 @@
+ #
+ # The variable prefix can be used to prepend a string to each message.
+ #
+-# The variable namespace can be used to prepend a string to each
++# The variable pkg_namespace can be used to prepend a string to each
+ # variable and macro name.
+
+ BEGIN {
+@@ -102,7 +102,7 @@ header {
+ print "/* The purpose of this complex string table is to produce";
+ print " optimal code with a minimum of relocations. */";
+ print "";
+- print "static const char " namespace "msgstr[] = ";
++ print "static const char " pkg_namespace "msgstr[] = ";
+ header = 0;
+ }
+ else
+@@ -110,7 +110,7 @@ header {
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+@@ -150,7 +150,7 @@ END {
+ else
+ print " gettext_noop (\"" last_msgstr "\");";
+ print "";
+- print "static const int " namespace "msgidx[] =";
++ print "static const int " pkg_namespace "msgidx[] =";
+ print " {";
+ for (i = 0; i < coded_msgs; i++)
+ print " " pos[i] ",";
+@@ -158,7 +158,7 @@ END {
+ print " };";
+ print "";
+ print "static GPG_ERR_INLINE int";
+- print namespace "msgidxof (int code)";
++ print pkg_namespace "msgidxof (int code)";
+ print "{";
+ print " return (0 ? 0";
+
+--
+2.23.0
+
diff --git a/meta/recipes-support/libgpg-error/libgpg-error_1.32.bb b/meta/recipes-support/libgpg-error/libgpg-error_1.32.bb
index e552001cb6..52ae11a989 100644
--- a/meta/recipes-support/libgpg-error/libgpg-error_1.32.bb
+++ b/meta/recipes-support/libgpg-error/libgpg-error_1.32.bb
@@ -16,6 +16,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgpg-error/libgpg-error-${PV}.tar.bz2 \
file://pkgconfig.patch \
file://0001-syscfg-Support-ARC-CPUs-and-simplify-aliasing-table.patch \
file://0002-syscfg-Add-support-for-arc-unknown-linux-gnu.patch \
+ file://libgpg-error-1.35-gawk5-support.patch \
"
SRC_URI[md5sum] = "ef3d928a5a453fa701ecc3bb22be1c64"
SRC_URI[sha256sum] = "c345c5e73cc2332f8d50db84a2280abfb1d8f6d4f1858b9daa30404db44540ca"
diff --git a/meta/recipes-support/libxslt/files/CVE-2019-13117.patch b/meta/recipes-support/libxslt/files/CVE-2019-13117.patch
new file mode 100644
index 0000000000..ef3f2709f7
--- /dev/null
+++ b/meta/recipes-support/libxslt/files/CVE-2019-13117.patch
@@ -0,0 +1,33 @@
+From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 27 Apr 2019 11:19:48 +0200
+Subject: [PATCH] Fix uninitialized read of xsl:number token
+
+Found by OSS-Fuzz.
+
+CVE: CVE-2019-13117
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ libxslt/numbers.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index 89e1f668..75c31eba 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format,
+ tokens->tokens[tokens->nTokens].token = val - 1;
+ ix += len;
+ val = xmlStringCurrentChar(NULL, format+ix, &len);
+- }
++ } else {
++ tokens->tokens[tokens->nTokens].token = (xmlChar)'0';
++ tokens->tokens[tokens->nTokens].width = 1;
++ }
+ } else if ( (val == (xmlChar)'A') ||
+ (val == (xmlChar)'a') ||
+ (val == (xmlChar)'I') ||
+--
+2.21.0
+
diff --git a/meta/recipes-support/libxslt/files/CVE-2019-13118.patch b/meta/recipes-support/libxslt/files/CVE-2019-13118.patch
new file mode 100644
index 0000000000..595e6c2f33
--- /dev/null
+++ b/meta/recipes-support/libxslt/files/CVE-2019-13118.patch
@@ -0,0 +1,76 @@
+From 6ce8de69330783977dd14f6569419489875fb71b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 3 Jun 2019 13:14:45 +0200
+Subject: [PATCH] Fix uninitialized read with UTF-8 grouping chars
+
+The character type in xsltFormatNumberConversion was too narrow and
+an invalid character/length combination could be passed to
+xsltNumberFormatDecimal, resulting in an uninitialized read.
+
+Found by OSS-Fuzz.
+
+CVE: CVE-2019-13118
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+---
+ libxslt/numbers.c | 5 +++--
+ tests/docs/bug-222.xml | 1 +
+ tests/general/bug-222.out | 2 ++
+ tests/general/bug-222.xsl | 6 ++++++
+ 4 files changed, 12 insertions(+), 2 deletions(-)
+ create mode 100644 tests/docs/bug-222.xml
+ create mode 100644 tests/general/bug-222.out
+ create mode 100644 tests/general/bug-222.xsl
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index f1ed8846..20b99d5a 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -1298,13 +1298,14 @@ OUTPUT_NUMBER:
+ number = floor((scale * number + 0.5)) / scale;
+ if ((self->grouping != NULL) &&
+ (self->grouping[0] != 0)) {
++ int gchar;
+
+ len = xmlStrlen(self->grouping);
+- pchar = xsltGetUTF8Char(self->grouping, &len);
++ gchar = xsltGetUTF8Char(self->grouping, &len);
+ xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0],
+ format_info.integer_digits,
+ format_info.group,
+- pchar, len);
++ gchar, len);
+ } else
+ xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0],
+ format_info.integer_digits,
+diff --git a/tests/docs/bug-222.xml b/tests/docs/bug-222.xml
+new file mode 100644
+index 00000000..69d62f2c
+--- /dev/null
++++ b/tests/docs/bug-222.xml
+@@ -0,0 +1 @@
++<doc/>
+diff --git a/tests/general/bug-222.out b/tests/general/bug-222.out
+new file mode 100644
+index 00000000..e3139698
+--- /dev/null
++++ b/tests/general/bug-222.out
+@@ -0,0 +1,2 @@
++<?xml version="1.0"?>
++1⠢0
+diff --git a/tests/general/bug-222.xsl b/tests/general/bug-222.xsl
+new file mode 100644
+index 00000000..e32dc473
+--- /dev/null
++++ b/tests/general/bug-222.xsl
+@@ -0,0 +1,6 @@
++<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
++ <xsl:decimal-format name="f" grouping-separator="⠢"/>
++ <xsl:template match="/">
++ <xsl:value-of select="format-number(10,'#⠢0','f')"/>
++ </xsl:template>
++</xsl:stylesheet>
+--
+2.21.0
+
diff --git a/meta/recipes-support/libxslt/libxslt/CVE-2019-11068.patch b/meta/recipes-support/libxslt/libxslt/CVE-2019-11068.patch
new file mode 100644
index 0000000000..83ca8a3c00
--- /dev/null
+++ b/meta/recipes-support/libxslt/libxslt/CVE-2019-11068.patch
@@ -0,0 +1,128 @@
+From aed812d8dbbb6d1337312652aa72aa7f44d2b07d Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 24 Mar 2019 09:51:39 +0100
+Subject: [PATCH] Fix security framework bypass
+
+xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
+don't check for this condition and allow access. With a specially
+crafted URL, xsltCheckRead could be tricked into returning an error
+because of a supposedly invalid URL that would still be loaded
+succesfully later on.
+
+Fixes #12.
+
+Thanks to Felix Wilhelm for the report.
+
+Signed-off-by: Muminul Islam <muminul.islam@microsoft.com>
+
+CVE: CVE-2019-11068
+
+Upstream-Status: Backport
+
+https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
+---
+ libxslt/documents.c | 18 ++++++++++--------
+ libxslt/imports.c | 9 +++++----
+ libxslt/transform.c | 9 +++++----
+ libxslt/xslt.c | 9 +++++----
+ 4 files changed, 25 insertions(+), 20 deletions(-)
+
+diff --git a/libxslt/documents.c b/libxslt/documents.c
+index 3f3a7312..4aad11bb 100644
+--- a/libxslt/documents.c
++++ b/libxslt/documents.c
+@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
+ int res;
+
+ res = xsltCheckRead(ctxt->sec, ctxt, URI);
+- if (res == 0) {
+- xsltTransformError(ctxt, NULL, NULL,
+- "xsltLoadDocument: read rights for %s denied\n",
+- URI);
++ if (res <= 0) {
++ if (res == 0)
++ xsltTransformError(ctxt, NULL, NULL,
++ "xsltLoadDocument: read rights for %s denied\n",
++ URI);
+ return(NULL);
+ }
+ }
+@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
+ int res;
+
+ res = xsltCheckRead(sec, NULL, URI);
+- if (res == 0) {
+- xsltTransformError(NULL, NULL, NULL,
+- "xsltLoadStyleDocument: read rights for %s denied\n",
+- URI);
++ if (res <= 0) {
++ if (res == 0)
++ xsltTransformError(NULL, NULL, NULL,
++ "xsltLoadStyleDocument: read rights for %s denied\n",
++ URI);
+ return(NULL);
+ }
+ }
+diff --git a/libxslt/imports.c b/libxslt/imports.c
+index 7262aab9..b62e0877 100644
+--- a/libxslt/imports.c
++++ b/libxslt/imports.c
+@@ -131,10 +131,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
+ int secres;
+
+ secres = xsltCheckRead(sec, NULL, URI);
+- if (secres == 0) {
+- xsltTransformError(NULL, NULL, NULL,
+- "xsl:import: read rights for %s denied\n",
+- URI);
++ if (secres <= 0) {
++ if (secres == 0)
++ xsltTransformError(NULL, NULL, NULL,
++ "xsl:import: read rights for %s denied\n",
++ URI);
+ goto error;
+ }
+ }
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index 560f43ca..46eef553 100644
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -3485,10 +3485,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
+ */
+ if (ctxt->sec != NULL) {
+ ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
+- if (ret == 0) {
+- xsltTransformError(ctxt, NULL, inst,
+- "xsltDocumentElem: write rights for %s denied\n",
+- filename);
++ if (ret <= 0) {
++ if (ret == 0)
++ xsltTransformError(ctxt, NULL, inst,
++ "xsltDocumentElem: write rights for %s denied\n",
++ filename);
+ xmlFree(URL);
+ xmlFree(filename);
+ return;
+diff --git a/libxslt/xslt.c b/libxslt/xslt.c
+index 54a39de9..359913e4 100644
+--- a/libxslt/xslt.c
++++ b/libxslt/xslt.c
+@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
+ int res;
+
+ res = xsltCheckRead(sec, NULL, filename);
+- if (res == 0) {
+- xsltTransformError(NULL, NULL, NULL,
+- "xsltParseStylesheetFile: read rights for %s denied\n",
+- filename);
++ if (res <= 0) {
++ if (res == 0)
++ xsltTransformError(NULL, NULL, NULL,
++ "xsltParseStylesheetFile: read rights for %s denied\n",
++ filename);
+ return(NULL);
+ }
+ }
+--
+2.23.0
+
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.32.bb b/meta/recipes-support/libxslt/libxslt_1.1.32.bb
index f0fa5e723f..e2a515f857 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.32.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.32.bb
@@ -10,7 +10,10 @@ DEPENDS = "libxml2"
SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \
file://fix-rvts-handling.patch \
- "
+ file://CVE-2019-11068.patch \
+ file://CVE-2019-13117.patch \
+ file://CVE-2019-13118.patch \
+"
SRC_URI[md5sum] = "1fc72f98e98bf4443f1651165f3aa146"
SRC_URI[sha256sum] = "526ecd0abaf4a7789041622c3950c0e7f2c4c8835471515fd77eec684a355460"
diff --git a/meta/recipes-support/sqlite/files/CVE-2018-20505.patch b/meta/recipes-support/sqlite/files/CVE-2018-20505.patch
new file mode 100644
index 0000000000..d1119f3b31
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2018-20505.patch
@@ -0,0 +1,31 @@
+From: D. Richard Hipp <drh@hwaci.com>
+Date: Sat, 3 Nov 2018 13:11:24 +0000 (+0000)
+Subject: Fix a assert() in the query planner that can arise when doing row-value
+X-Git-Tag: version-3.26.0~59
+X-Git-Url: https://repo.or.cz/sqlite.git/commitdiff_plain/24298027a30cf7941f16a8cc878d0c1f9f14308f
+
+Fix a assert() in the query planner that can arise when doing row-value
+operations on a PRIMARY KEY that contains duplicate columns.
+Ticket [1a84668dcfdebaf12415d].
+
+https://sqlite.org/src/info/1a84668dcfdebaf12415d
+
+upstream-Status: Backport
+CVE: CVE-2018-20505
+affects <= 3.26.0
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: sqlite-autoconf-3230100/sqlite3.c
+===================================================================
+--- sqlite-autoconf-3230100.orig/sqlite3.c
++++ sqlite-autoconf-3230100/sqlite3.c
+@@ -131231,7 +131231,7 @@ static Expr *removeUnindexableInClauseTe
+ for(i=iEq; i<pLoop->nLTerm; i++){
+ if( pLoop->aLTerm[i]->pExpr==pX ){
+ int iField = pLoop->aLTerm[i]->iField - 1;
+- assert( pOrigRhs->a[iField].pExpr!=0 );
++ if( pOrigRhs->a[iField].pExpr==0 ) continue; /* Duplicate PK column */
+ pRhs = sqlite3ExprListAppend(pParse, pRhs, pOrigRhs->a[iField].pExpr);
+ pOrigRhs->a[iField].pExpr = 0;
+ assert( pOrigLhs->a[iField].pExpr!=0 );
diff --git a/meta/recipes-support/sqlite/files/CVE-2018-20506.patch b/meta/recipes-support/sqlite/files/CVE-2018-20506.patch
new file mode 100644
index 0000000000..7919f9b5ee
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2018-20506.patch
@@ -0,0 +1,103 @@
+From: Dan Kennedy <danielk1977@gmail.com>
+Date: Sat, 3 Nov 2018 16:51:30 +0000 (+0000)
+Subject: Add extra defenses against strategically corrupt databases to fts3/4.
+X-Git-Tag: version-3.26.0~58
+X-Git-Url: https://repo.or.cz/sqlite.git/commitdiff_plain/19816852d4e82e115338b1997540c26a1b794d18
+
+Add extra defenses against strategically corrupt databases to fts3/4.
+
+https://sqlite.org/src/info/940f2adc8541a838
+
+Upstream-Status: Backport
+CVE: CVE-2018-20506
+Affects <= 3.26.0
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: sqlite-autoconf-3230100/sqlite3.c
+===================================================================
+--- sqlite-autoconf-3230100.orig/sqlite3.c
++++ sqlite-autoconf-3230100/sqlite3.c
+@@ -152368,7 +152368,7 @@ static int fts3ScanInteriorNode(
+ const char *zCsr = zNode; /* Cursor to iterate through node */
+ const char *zEnd = &zCsr[nNode];/* End of interior node buffer */
+ char *zBuffer = 0; /* Buffer to load terms into */
+- int nAlloc = 0; /* Size of allocated buffer */
++ i64 nAlloc = 0; /* Size of allocated buffer */
+ int isFirstTerm = 1; /* True when processing first term on page */
+ sqlite3_int64 iChild; /* Block id of child node to descend to */
+
+@@ -152406,14 +152406,14 @@ static int fts3ScanInteriorNode(
+ zCsr += fts3GetVarint32(zCsr, &nSuffix);
+
+ assert( nPrefix>=0 && nSuffix>=0 );
+- if( &zCsr[nSuffix]>zEnd ){
++ if( nPrefix>zCsr-zNode || nSuffix>zEnd-zCsr ){
+ rc = FTS_CORRUPT_VTAB;
+ goto finish_scan;
+ }
+- if( nPrefix+nSuffix>nAlloc ){
++ if( (i64)nPrefix+nSuffix>nAlloc ){
+ char *zNew;
+- nAlloc = (nPrefix+nSuffix) * 2;
+- zNew = (char *)sqlite3_realloc(zBuffer, nAlloc);
++ nAlloc = ((i64)nPrefix+nSuffix) * 2;
++ zNew = (char *)sqlite3_realloc64(zBuffer, nAlloc);
+ if( !zNew ){
+ rc = SQLITE_NOMEM;
+ goto finish_scan;
+@@ -162012,15 +162012,19 @@ static int fts3SegReaderNext(
+ ** safe (no risk of overread) even if the node data is corrupted. */
+ pNext += fts3GetVarint32(pNext, &nPrefix);
+ pNext += fts3GetVarint32(pNext, &nSuffix);
+- if( nPrefix<0 || nSuffix<=0
+- || &pNext[nSuffix]>&pReader->aNode[pReader->nNode]
++ if( nSuffix<=0
++ || (&pReader->aNode[pReader->nNode] - pNext)<nSuffix
++ || nPrefix>pReader->nTermAlloc
+ ){
+ return FTS_CORRUPT_VTAB;
+ }
+
+- if( nPrefix+nSuffix>pReader->nTermAlloc ){
+- int nNew = (nPrefix+nSuffix)*2;
+- char *zNew = sqlite3_realloc(pReader->zTerm, nNew);
++ /* Both nPrefix and nSuffix were read by fts3GetVarint32() and so are
++ ** between 0 and 0x7FFFFFFF. But the sum of the two may cause integer
++ ** overflow - hence the (i64) casts. */
++ if( (i64)nPrefix+nSuffix>(i64)pReader->nTermAlloc ){
++ i64 nNew = ((i64)nPrefix+nSuffix)*2;
++ char *zNew = sqlite3_realloc64(pReader->zTerm, nNew);
+ if( !zNew ){
+ return SQLITE_NOMEM;
+ }
+@@ -162042,7 +162046,7 @@ static int fts3SegReaderNext(
+ ** b-tree node. And that the final byte of the doclist is 0x00. If either
+ ** of these statements is untrue, then the data structure is corrupt.
+ */
+- if( &pReader->aDoclist[pReader->nDoclist]>&pReader->aNode[pReader->nNode]
++ if( (&pReader->aNode[pReader->nNode] - pReader->aDoclist)<pReader->nDoclist
+ || (pReader->nPopulate==0 && pReader->aDoclist[pReader->nDoclist-1])
+ ){
+ return FTS_CORRUPT_VTAB;
+@@ -164367,7 +164371,9 @@ static int nodeReaderNext(NodeReader *p)
+ p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &nPrefix);
+ }
+ p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &nSuffix);
+-
++ if( nPrefix>p->iOff || nSuffix>p->nNode-p->iOff ){
++ return SQLITE_CORRUPT_VTAB;
++ }
+ blobGrowBuffer(&p->term, nPrefix+nSuffix, &rc);
+ if( rc==SQLITE_OK ){
+ memcpy(&p->term.a[nPrefix], &p->aNode[p->iOff], nSuffix);
+@@ -164375,6 +164381,9 @@ static int nodeReaderNext(NodeReader *p)
+ p->iOff += nSuffix;
+ if( p->iChild==0 ){
+ p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &p->nDoclist);
++ if( (p->nNode-p->iOff)<p->nDoclist ){
++ return SQLITE_CORRUPT_VTAB;
++ }
+ p->aDoclist = &p->aNode[p->iOff];
+ p->iOff += p->nDoclist;
+ }
diff --git a/meta/recipes-support/sqlite/files/CVE-2019-8457.patch b/meta/recipes-support/sqlite/files/CVE-2019-8457.patch
new file mode 100644
index 0000000000..5883774e4a
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2019-8457.patch
@@ -0,0 +1,126 @@
+From fbf2392644f0ae4282fa4583c9bb67260995d983 Mon Sep 17 00:00:00 2001
+From: Shubham Agrawal <shuagr@microsoft.com>
+Date: Mon, 23 Sep 2019 20:58:47 +0000
+Subject: [PATCH] sqlite: fix for CVE-2019-8457
+
+Upstream-Status: Backport
+CVE: CVE-2019-8457
+Signed-off-by: Shubham Agrawal <shuagr@microsoft.com>
+---
+ sqlite3.c | 50 +++++++++++++++++++++++++++++++-------------------
+ 1 file changed, 31 insertions(+), 19 deletions(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 00513d4..5c8c7f4 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -172325,6 +172325,33 @@
+ }
+
+
++/* Allocate and initialize a new dynamic string object */
++StrAccum *sqlite3_str_new(sqlite3 *db){
++ StrAccum *p = sqlite3DbMallocRaw(db, sizeof(*p));
++ if( p ){
++ sqlite3StrAccumInit(p, db, 0, 0, SQLITE_MAX_LENGTH);
++ }
++ return p;
++}
++
++/* Finalize a string created using sqlite3_str_new().
++*/
++
++char *sqlite3_str_finish(StrAccum *p){
++ char *z;
++ if( p ){
++ z = sqlite3StrAccumFinish(p);
++ sqlite3DbFree(p->db, p);
++ }else{
++ z = 0;
++ }
++ return z;
++}
++/* Return any error code associated with p */
++int sqlite3_str_errcode(StrAccum *p){
++ return p ? p->accError : SQLITE_NOMEM;
++}
++
+ /*
+ ** Implementation of a scalar function that decodes r-tree nodes to
+ ** human readable strings. This can be used for debugging and analysis.
+@@ -172342,49 +172369,53 @@
+ ** <num-dimension>*2 coordinates.
+ */
+ static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
+- char *zText = 0;
++
+ RtreeNode node;
+ Rtree tree;
+ int ii;
++ int nData;
++ int errCode;
++ StrAccum *pOut;
+
+ UNUSED_PARAMETER(nArg);
+ memset(&node, 0, sizeof(RtreeNode));
+ memset(&tree, 0, sizeof(Rtree));
+ tree.nDim = (u8)sqlite3_value_int(apArg[0]);
++ if( tree.nDim<1 || tree.nDim>5 ) return;
+ tree.nDim2 = tree.nDim*2;
+ tree.nBytesPerCell = 8 + 8 * tree.nDim;
+ node.zData = (u8 *)sqlite3_value_blob(apArg[1]);
++ nData = sqlite3_value_bytes(apArg[1]);
++ if( nData<4 ) return;
++ if( nData<NCELL(&node)*tree.nBytesPerCell ) return;
+
++ pOut = sqlite3_str_new(0);
+ for(ii=0; ii<NCELL(&node); ii++){
+- char zCell[512];
+- int nCell = 0;
++
++
+ RtreeCell cell;
+ int jj;
+
+ nodeGetCell(&tree, &node, ii, &cell);
+- sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid);
+- nCell = (int)strlen(zCell);
++ if( ii>0 ) sqlite3StrAccumAppend(pOut, " ", 1);
++ sqlite3XPrintf(pOut, "{%lld", cell.iRowid);
++
+ for(jj=0; jj<tree.nDim2; jj++){
+ #ifndef SQLITE_RTREE_INT_ONLY
+- sqlite3_snprintf(512-nCell,&zCell[nCell], " %g",
+- (double)cell.aCoord[jj].f);
++
++ sqlite3XPrintf(pOut, " %g", (double)cell.aCoord[jj].f);
+ #else
+- sqlite3_snprintf(512-nCell,&zCell[nCell], " %d",
+- cell.aCoord[jj].i);
++
++ sqlite3XPrintf(pOut, " %d", cell.aCoord[jj].i);
+ #endif
+- nCell = (int)strlen(zCell);
+- }
+
+- if( zText ){
+- char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell);
+- sqlite3_free(zText);
+- zText = zTextNew;
+- }else{
+- zText = sqlite3_mprintf("{%s}", zCell);
+ }
++ sqlite3StrAccumAppend(pOut, "}", 1);
+ }
+-
+- sqlite3_result_text(ctx, zText, -1, sqlite3_free);
++
++ errCode = sqlite3_str_errcode(pOut);
++ sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free);
++ sqlite3_result_error_code(ctx, errCode);
+ }
+
+ /* This routine implements an SQL function that returns the "depth" parameter
+--
+2.7.4
+
diff --git a/meta/recipes-support/sqlite/sqlite3_3.23.1.bb b/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
index 3755761d76..7df61cd1cc 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
@@ -5,6 +5,9 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0
SRC_URI = "\
http://www.sqlite.org/2018/sqlite-autoconf-${SQLITE_PV}.tar.gz \
+ file://CVE-2018-20505.patch \
+ file://CVE-2018-20506.patch \
+ file://CVE-2019-8457.patch \
"
SRC_URI[md5sum] = "99a51b40a66872872a91c92f6d0134fa"
SRC_URI[sha256sum] = "92842b283e5e744eff5da29ed3c69391de7368fccc4d0ee6bf62490ce555ef25"
diff --git a/oe-init-build-env b/oe-init-build-env
index e813230a98..861c3e000e 100755
--- a/oe-init-build-env
+++ b/oe-init-build-env
@@ -31,13 +31,18 @@ elif [ -n "$ZSH_NAME" ]; then
THIS_SCRIPT=$0
else
THIS_SCRIPT="$(pwd)/oe-init-build-env"
+ if [ ! -e "$THIS_SCRIPT" ]; then
+ echo "Error: $THIS_SCRIPT doesn't exist!" >&2
+ echo "Please run this script in oe-init-build-env's directory." >&2
+ exit 1
+ fi
fi
if [ -n "$BBSERVER" ]; then
unset BBSERVER
fi
if [ -z "$ZSH_NAME" ] && [ "$0" = "$THIS_SCRIPT" ]; then
- echo "Error: This script needs to be sourced. Please run as '. $THIS_SCRIPT'"
+ echo "Error: This script needs to be sourced. Please run as '. $THIS_SCRIPT'" >&2
exit 1
fi
diff --git a/scripts/lib/devtool/__init__.py b/scripts/lib/devtool/__init__.py
index 89f098a912..8fc7fffcd6 100644
--- a/scripts/lib/devtool/__init__.py
+++ b/scripts/lib/devtool/__init__.py
@@ -205,6 +205,7 @@ def setup_git_repo(repodir, version, devbranch, basetag='devtool-base', d=None):
import oe.patch
if not os.path.exists(os.path.join(repodir, '.git')):
bb.process.run('git init', cwd=repodir)
+ bb.process.run('git config --local gc.autodetach 0', cwd=repodir)
bb.process.run('git add .', cwd=repodir)
commit_cmd = ['git']
oe.patch.GitApplyTree.gitCommandUserOptions(commit_cmd, d=d)
diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py
index b7d4d47dfc..ea09bbff31 100644
--- a/scripts/lib/devtool/standard.py
+++ b/scripts/lib/devtool/standard.py
@@ -849,9 +849,7 @@ def modify(args, config, basepath, workspace):
if bb.data.inherits_class('kernel', rd):
f.write('SRCTREECOVEREDTASKS = "do_validate_branches do_kernel_checkout '
'do_fetch do_unpack do_kernel_configme do_kernel_configcheck"\n')
- f.write('\ndo_patch() {\n'
- ' :\n'
- '}\n')
+ f.write('\ndo_patch[noexec] = "1"\n')
f.write('\ndo_configure_append() {\n'
' cp ${B}/.config ${S}/.config.baseline\n'
' ln -sfT ${B}/.config ${S}/.config.new\n'
diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py
index 1810c70ae2..dbd74a1ca3 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -704,7 +704,7 @@ def create_recipe(args):
if not args.autorev and srcrev == '${AUTOREV}':
if os.path.exists(os.path.join(srctree, '.git')):
(stdout, _) = bb.process.run('git rev-parse HEAD', cwd=srctree)
- srcrev = stdout.rstrip()
+ srcrev = stdout.rstrip()
lines_before.append('SRCREV = "%s"' % srcrev)
if args.provides:
lines_before.append('PROVIDES = "%s"' % args.provides)
diff --git a/scripts/lib/recipetool/create_npm.py b/scripts/lib/recipetool/create_npm.py
index 03667887fc..0b09ed0b04 100644
--- a/scripts/lib/recipetool/create_npm.py
+++ b/scripts/lib/recipetool/create_npm.py
@@ -16,6 +16,7 @@
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
import os
+import sys
import logging
import subprocess
import tempfile
diff --git a/scripts/lib/resulttool/__init__.py b/scripts/lib/resulttool/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/scripts/lib/resulttool/__init__.py
diff --git a/scripts/lib/resulttool/log.py b/scripts/lib/resulttool/log.py
new file mode 100644
index 0000000000..49816357cd
--- /dev/null
+++ b/scripts/lib/resulttool/log.py
@@ -0,0 +1,78 @@
+# resulttool - Show logs
+#
+# Copyright (c) 2019 Garmin International
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms and conditions of the GNU General Public License,
+# version 2, as published by the Free Software Foundation.
+#
+# This program is distributed in the hope it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+# more details.
+#
+import os
+import resulttool.resultutils as resultutils
+
+def show_ptest(result, ptest, logger):
+ if 'ptestresult.sections' in result:
+ if ptest in result['ptestresult.sections'] and 'log' in result['ptestresult.sections'][ptest]:
+ print(result['ptestresult.sections'][ptest]['log'])
+ return 0
+
+ print("ptest '%s' not found" % ptest)
+ return 1
+
+def log(args, logger):
+ results = resultutils.load_resultsdata(args.source)
+
+ ptest_count = sum(1 for _, _, _, r in resultutils.test_run_results(results) if 'ptestresult.sections' in r)
+ if ptest_count > 1 and not args.prepend_run:
+ print("%i ptest sections found. '--prepend-run' is required" % ptest_count)
+ return 1
+
+ for _, run_name, _, r in resultutils.test_run_results(results):
+ if args.dump_ptest:
+ if 'ptestresult.sections' in r:
+ for name, ptest in r['ptestresult.sections'].items():
+ if 'log' in ptest:
+ dest_dir = args.dump_ptest
+ if args.prepend_run:
+ dest_dir = os.path.join(dest_dir, run_name)
+
+ os.makedirs(dest_dir, exist_ok=True)
+
+ dest = os.path.join(dest_dir, '%s.log' % name)
+ print(dest)
+ with open(dest, 'w') as f:
+ f.write(ptest['log'])
+
+ if args.raw:
+ if 'ptestresult.rawlogs' in r:
+ print(r['ptestresult.rawlogs']['log'])
+ else:
+ print('Raw logs not found')
+ return 1
+
+ for ptest in args.ptest:
+ if not show_ptest(r, ptest, logger):
+ return 1
+
+def register_commands(subparsers):
+ """Register subcommands from this plugin"""
+ parser = subparsers.add_parser('log', help='show logs',
+ description='show the logs from test results',
+ group='analysis')
+ parser.set_defaults(func=log)
+ parser.add_argument('source',
+ help='the results file/directory/URL to import')
+ parser.add_argument('--ptest', action='append', default=[],
+ help='show logs for a ptest')
+ parser.add_argument('--dump-ptest', metavar='DIR',
+ help='Dump all ptest log files to the specified directory.')
+ parser.add_argument('--prepend-run', action='store_true',
+ help='''Dump ptest results to a subdirectory named after the test run when using --dump-ptest.
+ Required if more than one test run is present in the result file''')
+ parser.add_argument('--raw', action='store_true',
+ help='show raw logs')
+
diff --git a/scripts/lib/resulttool/manualexecution.py b/scripts/lib/resulttool/manualexecution.py
new file mode 100755
index 0000000000..dc368f36fc
--- /dev/null
+++ b/scripts/lib/resulttool/manualexecution.py
@@ -0,0 +1,212 @@
+# test case management tool - manual execution from testopia test cases
+#
+# Copyright (c) 2018, Intel Corporation.
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms and conditions of the GNU General Public License,
+# version 2, as published by the Free Software Foundation.
+#
+# This program is distributed in the hope it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+# more details.
+#
+import argparse
+import json
+import os
+import sys
+import datetime
+import re
+import copy
+from oeqa.core.runner import OETestResultJSONHelper
+
+
+def load_json_file(f):
+ with open(f, "r") as filedata:
+ return json.load(filedata)
+
+def write_json_file(f, json_data):
+ os.makedirs(os.path.dirname(f), exist_ok=True)
+ with open(f, 'w') as filedata:
+ filedata.write(json.dumps(json_data, sort_keys=True, indent=4))
+
+class ManualTestRunner(object):
+
+ def _get_test_module(self, case_file):
+ return os.path.basename(case_file).split('.')[0]
+
+ def _get_input(self, config):
+ while True:
+ output = input('{} = '.format(config))
+ if re.match('^[a-z0-9-.]+$', output):
+ break
+ print('Only lowercase alphanumeric, hyphen and dot are allowed. Please try again')
+ return output
+
+ def _get_available_config_options(self, config_options, test_module, target_config):
+ avail_config_options = None
+ if test_module in config_options:
+ avail_config_options = config_options[test_module].get(target_config)
+ return avail_config_options
+
+ def _choose_config_option(self, options):
+ while True:
+ output = input('{} = '.format('Option index number'))
+ if output in options:
+ break
+ print('Only integer index inputs from above available configuration options are allowed. Please try again.')
+ return options[output]
+
+ def _get_config(self, config_options, test_module):
+ from oeqa.utils.metadata import get_layers
+ from oeqa.utils.commands import get_bb_var
+ from resulttool.resultutils import store_map
+
+ layers = get_layers(get_bb_var('BBLAYERS'))
+ configurations = {}
+ configurations['LAYERS'] = layers
+ configurations['STARTTIME'] = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
+ configurations['TEST_TYPE'] = 'manual'
+ configurations['TEST_MODULE'] = test_module
+
+ extra_config = set(store_map['manual']) - set(configurations)
+ for config in sorted(extra_config):
+ avail_config_options = self._get_available_config_options(config_options, test_module, config)
+ if avail_config_options:
+ print('---------------------------------------------')
+ print('These are available configuration #%s options:' % config)
+ print('---------------------------------------------')
+ for option, _ in sorted(avail_config_options.items(), key=lambda x: int(x[0])):
+ print('%s: %s' % (option, avail_config_options[option]))
+ print('Please select configuration option, enter the integer index number.')
+ value_conf = self._choose_config_option(avail_config_options)
+ print('---------------------------------------------\n')
+ else:
+ print('---------------------------------------------')
+ print('This is configuration #%s. Please provide configuration value(use "None" if not applicable).' % config)
+ print('---------------------------------------------')
+ value_conf = self._get_input('Configuration Value')
+ print('---------------------------------------------\n')
+ configurations[config] = value_conf
+ return configurations
+
+ def _execute_test_steps(self, case):
+ test_result = {}
+ print('------------------------------------------------------------------------')
+ print('Executing test case: %s' % case['test']['@alias'])
+ print('------------------------------------------------------------------------')
+ print('You have total %s test steps to be executed.' % len(case['test']['execution']))
+ print('------------------------------------------------------------------------\n')
+ for step, _ in sorted(case['test']['execution'].items(), key=lambda x: int(x[0])):
+ print('Step %s: %s' % (step, case['test']['execution'][step]['action']))
+ expected_output = case['test']['execution'][step]['expected_results']
+ if expected_output:
+ print('Expected output: %s' % expected_output)
+ while True:
+ done = input('\nPlease provide test results: (P)assed/(F)ailed/(B)locked/(S)kipped? \n').lower()
+ result_types = {'p':'PASSED',
+ 'f':'FAILED',
+ 'b':'BLOCKED',
+ 's':'SKIPPED'}
+ if done in result_types:
+ for r in result_types:
+ if done == r:
+ res = result_types[r]
+ if res == 'FAILED':
+ log_input = input('\nPlease enter the error and the description of the log: (Ex:log:211 Error Bitbake)\n')
+ test_result.update({case['test']['@alias']: {'status': '%s' % res, 'log': '%s' % log_input}})
+ else:
+ test_result.update({case['test']['@alias']: {'status': '%s' % res}})
+ break
+ print('Invalid input!')
+ return test_result
+
+ def _get_write_dir(self):
+ return os.environ['BUILDDIR'] + '/tmp/log/manual/'
+
+ def run_test(self, case_file, config_options_file, testcase_config_file):
+ test_module = self._get_test_module(case_file)
+ cases = load_json_file(case_file)
+ config_options = {}
+ if config_options_file:
+ config_options = load_json_file(config_options_file)
+ configurations = self._get_config(config_options, test_module)
+ result_id = 'manual_%s_%s' % (test_module, configurations['STARTTIME'])
+ test_results = {}
+ if testcase_config_file:
+ test_case_config = load_json_file(testcase_config_file)
+ test_case_to_execute = test_case_config['testcases']
+ for case in copy.deepcopy(cases) :
+ if case['test']['@alias'] not in test_case_to_execute:
+ cases.remove(case)
+
+ print('\nTotal number of test cases in this test suite: %s\n' % len(cases))
+ for c in cases:
+ test_result = self._execute_test_steps(c)
+ test_results.update(test_result)
+ return configurations, result_id, self._get_write_dir(), test_results
+
+ def _get_true_false_input(self, input_message):
+ yes_list = ['Y', 'YES']
+ no_list = ['N', 'NO']
+ while True:
+ more_config_option = input(input_message).upper()
+ if more_config_option in yes_list or more_config_option in no_list:
+ break
+ print('Invalid input!')
+ if more_config_option in no_list:
+ return False
+ return True
+
+ def make_config_option_file(self, logger, case_file, config_options_file):
+ config_options = {}
+ if config_options_file:
+ config_options = load_json_file(config_options_file)
+ new_test_module = self._get_test_module(case_file)
+ print('Creating configuration options file for test module: %s' % new_test_module)
+ new_config_options = {}
+
+ while True:
+ config_name = input('\nPlease provide test configuration to create:\n').upper()
+ new_config_options[config_name] = {}
+ while True:
+ config_value = self._get_input('Configuration possible option value')
+ config_option_index = len(new_config_options[config_name]) + 1
+ new_config_options[config_name][config_option_index] = config_value
+ more_config_option = self._get_true_false_input('\nIs there more configuration option input: (Y)es/(N)o\n')
+ if not more_config_option:
+ break
+ more_config = self._get_true_false_input('\nIs there more configuration to create: (Y)es/(N)o\n')
+ if not more_config:
+ break
+
+ if new_config_options:
+ config_options[new_test_module] = new_config_options
+ if not config_options_file:
+ config_options_file = os.path.join(self._get_write_dir(), 'manual_config_options.json')
+ write_json_file(config_options_file, config_options)
+ logger.info('Configuration option file created at %s' % config_options_file)
+
+def manualexecution(args, logger):
+ testrunner = ManualTestRunner()
+ if args.make_config_options_file:
+ testrunner.make_config_option_file(logger, args.file, args.config_options_file)
+ return 0
+ configurations, result_id, write_dir, test_results = testrunner.run_test(args.file, args.config_options_file, args.testcase_config_file)
+ resultjsonhelper = OETestResultJSONHelper()
+ resultjsonhelper.dump_testresult_file(write_dir, configurations, result_id, test_results)
+ return 0
+
+def register_commands(subparsers):
+ """Register subcommands from this plugin"""
+ parser_build = subparsers.add_parser('manualexecution', help='helper script for results populating during manual test execution.',
+ description='helper script for results populating during manual test execution. You can find manual test case JSON file in meta/lib/oeqa/manual/',
+ group='manualexecution')
+ parser_build.set_defaults(func=manualexecution)
+ parser_build.add_argument('file', help='specify path to manual test case JSON file.Note: Please use \"\" to encapsulate the file path.')
+ parser_build.add_argument('-c', '--config-options-file', default='',
+ help='the config options file to import and used as available configuration option selection or make config option file')
+ parser_build.add_argument('-m', '--make-config-options-file', action='store_true',
+ help='make the configuration options file based on provided inputs')
+ parser_build.add_argument('-t', '--testcase-config-file', default='',
+ help='the testcase configuration file to enable user to run a selected set of test case') \ No newline at end of file
diff --git a/scripts/lib/resulttool/merge.py b/scripts/lib/resulttool/merge.py
new file mode 100644
index 0000000000..7159463f6e
--- /dev/null
+++ b/scripts/lib/resulttool/merge.py
@@ -0,0 +1,42 @@
+# resulttool - merge multiple testresults.json files into a file or directory
+#
+# Copyright (c) 2019, Intel Corporation.
+# Copyright (c) 2019, Linux Foundation
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms and conditions of the GNU General Public License,
+# version 2, as published by the Free Software Foundation.
+#
+# This program is distributed in the hope it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+# more details.
+#
+import os
+import json
+import resulttool.resultutils as resultutils
+
+def merge(args, logger):
+ if resultutils.is_url(args.target_results) or os.path.isdir(args.target_results):
+ results = resultutils.load_resultsdata(args.target_results, configmap=resultutils.store_map)
+ resultutils.append_resultsdata(results, args.base_results, configmap=resultutils.store_map)
+ resultutils.save_resultsdata(results, args.target_results)
+ else:
+ results = resultutils.load_resultsdata(args.base_results, configmap=resultutils.flatten_map)
+ if os.path.exists(args.target_results):
+ resultutils.append_resultsdata(results, args.target_results, configmap=resultutils.flatten_map)
+ resultutils.save_resultsdata(results, os.path.dirname(args.target_results), fn=os.path.basename(args.target_results))
+
+ return 0
+
+def register_commands(subparsers):
+ """Register subcommands from this plugin"""
+ parser_build = subparsers.add_parser('merge', help='merge test result files/directories/URLs',
+ description='merge the results from multiple files/directories/URLs into the target file or directory',
+ group='setup')
+ parser_build.set_defaults(func=merge)
+ parser_build.add_argument('base_results',
+ help='the results file/directory/URL to import')
+ parser_build.add_argument('target_results',
+ help='the target file or directory to merge the base_results with')
+
diff --git a/scripts/lib/resulttool/regression.py b/scripts/lib/resulttool/regression.py
new file mode 100644
index 0000000000..fa90ab1e52
--- /dev/null
+++ b/scripts/lib/resulttool/regression.py
@@ -0,0 +1,192 @@
+# resulttool - regression analysis
+#
+# Copyright (c) 2019, Intel Corporation.
+# Copyright (c) 2019, Linux Foundation
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms and conditions of the GNU General Public License,
+# version 2, as published by the Free Software Foundation.
+#
+# This program is distributed in the hope it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+# more details.
+#
+import resulttool.resultutils as resultutils
+import json
+
+from oeqa.utils.git import GitRepo
+import oeqa.utils.gitarchive as gitarchive
+
+def compare_result(logger, base_name, target_name, base_result, target_result):
+ base_result = base_result.get('result')
+ target_result = target_result.get('result')
+ result = {}
+ if base_result and target_result:
+ for k in base_result:
+ base_testcase = base_result[k]
+ base_status = base_testcase.get('status')
+ if base_status:
+ target_testcase = target_result.get(k, {})
+ target_status = target_testcase.get('status')
+ if base_status != target_status:
+ result[k] = {'base': base_status, 'target': target_status}
+ else:
+ logger.error('Failed to retrieved base test case status: %s' % k)
+ if result:
+ resultstring = "Regression: %s\n %s\n" % (base_name, target_name)
+ for k in sorted(result):
+ resultstring += ' %s: %s -> %s\n' % (k, result[k]['base'], result[k]['target'])
+ else:
+ resultstring = "Match: %s\n %s" % (base_name, target_name)
+ return result, resultstring
+
+def get_results(logger, source):
+ return resultutils.load_resultsdata(source, configmap=resultutils.regression_map)
+
+def regression(args, logger):
+ base_results = get_results(logger, args.base_result)
+ target_results = get_results(logger, args.target_result)
+
+ regression_common(args, logger, base_results, target_results)
+
+def regression_common(args, logger, base_results, target_results):
+ if args.base_result_id:
+ base_results = resultutils.filter_resultsdata(base_results, args.base_result_id)
+ if args.target_result_id:
+ target_results = resultutils.filter_resultsdata(target_results, args.target_result_id)
+
+ matches = []
+ regressions = []
+ notfound = []
+
+ for a in base_results:
+ if a in target_results:
+ base = list(base_results[a].keys())
+ target = list(target_results[a].keys())
+ # We may have multiple base/targets which are for different configurations. Start by
+ # removing any pairs which match
+ for c in base.copy():
+ for b in target.copy():
+ res, resstr = compare_result(logger, c, b, base_results[a][c], target_results[a][b])
+ if not res:
+ matches.append(resstr)
+ base.remove(c)
+ target.remove(b)
+ break
+ # Should only now see regressions, we may not be able to match multiple pairs directly
+ for c in base:
+ for b in target:
+ res, resstr = compare_result(logger, c, b, base_results[a][c], target_results[a][b])
+ if res:
+ regressions.append(resstr)
+ else:
+ notfound.append("%s not found in target" % a)
+ print("\n".join(sorted(matches)))
+ print("\n".join(sorted(regressions)))
+ print("\n".join(sorted(notfound)))
+
+ return 0
+
+def regression_git(args, logger):
+ base_results = {}
+ target_results = {}
+
+ tag_name = "{branch}/{commit_number}-g{commit}/{tag_number}"
+ repo = GitRepo(args.repo)
+
+ revs = gitarchive.get_test_revs(logger, repo, tag_name, branch=args.branch)
+
+ if args.branch2:
+ revs2 = gitarchive.get_test_revs(logger, repo, tag_name, branch=args.branch2)
+ if not len(revs2):
+ logger.error("No revisions found to compare against")
+ return 1
+ if not len(revs):
+ logger.error("No revision to report on found")
+ return 1
+ else:
+ if len(revs) < 2:
+ logger.error("Only %d tester revisions found, unable to generate report" % len(revs))
+ return 1
+
+ # Pick revisions
+ if args.commit:
+ if args.commit_number:
+ logger.warning("Ignoring --commit-number as --commit was specified")
+ index1 = gitarchive.rev_find(revs, 'commit', args.commit)
+ elif args.commit_number:
+ index1 = gitarchive.rev_find(revs, 'commit_number', args.commit_number)
+ else:
+ index1 = len(revs) - 1
+
+ if args.branch2:
+ revs2.append(revs[index1])
+ index1 = len(revs2) - 1
+ revs = revs2
+
+ if args.commit2:
+ if args.commit_number2:
+ logger.warning("Ignoring --commit-number2 as --commit2 was specified")
+ index2 = gitarchive.rev_find(revs, 'commit', args.commit2)
+ elif args.commit_number2:
+ index2 = gitarchive.rev_find(revs, 'commit_number', args.commit_number2)
+ else:
+ if index1 > 0:
+ index2 = index1 - 1
+ # Find the closest matching commit number for comparision
+ # In future we could check the commit is a common ancestor and
+ # continue back if not but this good enough for now
+ while index2 > 0 and revs[index2].commit_number > revs[index1].commit_number:
+ index2 = index2 - 1
+ else:
+ logger.error("Unable to determine the other commit, use "
+ "--commit2 or --commit-number2 to specify it")
+ return 1
+
+ logger.info("Comparing:\n%s\nto\n%s\n" % (revs[index1], revs[index2]))
+
+ base_results = resultutils.git_get_result(repo, revs[index1][2])
+ target_results = resultutils.git_get_result(repo, revs[index2][2])
+
+ regression_common(args, logger, base_results, target_results)
+
+ return 0
+
+def register_commands(subparsers):
+ """Register subcommands from this plugin"""
+
+ parser_build = subparsers.add_parser('regression', help='regression file/directory analysis',
+ description='regression analysis comparing the base set of results to the target results',
+ group='analysis')
+ parser_build.set_defaults(func=regression)
+ parser_build.add_argument('base_result',
+ help='base result file/directory/URL for the comparison')
+ parser_build.add_argument('target_result',
+ help='target result file/directory/URL to compare with')
+ parser_build.add_argument('-b', '--base-result-id', default='',
+ help='(optional) filter the base results to this result ID')
+ parser_build.add_argument('-t', '--target-result-id', default='',
+ help='(optional) filter the target results to this result ID')
+
+ parser_build = subparsers.add_parser('regression-git', help='regression git analysis',
+ description='regression analysis comparing base result set to target '
+ 'result set',
+ group='analysis')
+ parser_build.set_defaults(func=regression_git)
+ parser_build.add_argument('repo',
+ help='the git repository containing the data')
+ parser_build.add_argument('-b', '--base-result-id', default='',
+ help='(optional) default select regression based on configurations unless base result '
+ 'id was provided')
+ parser_build.add_argument('-t', '--target-result-id', default='',
+ help='(optional) default select regression based on configurations unless target result '
+ 'id was provided')
+
+ parser_build.add_argument('--branch', '-B', default='master', help="Branch to find commit in")
+ parser_build.add_argument('--branch2', help="Branch to find comparision revisions in")
+ parser_build.add_argument('--commit', help="Revision to search for")
+ parser_build.add_argument('--commit-number', help="Revision number to search for, redundant if --commit is specified")
+ parser_build.add_argument('--commit2', help="Revision to compare with")
+ parser_build.add_argument('--commit-number2', help="Revision number to compare with, redundant if --commit2 is specified")
+
diff --git a/scripts/lib/resulttool/report.py b/scripts/lib/resulttool/report.py
new file mode 100644
index 0000000000..8ae42728e4
--- /dev/null
+++ b/scripts/lib/resulttool/report.py
@@ -0,0 +1,150 @@
+# test result tool - report text based test results
+#
+# Copyright (c) 2019, Intel Corporation.
+# Copyright (c) 2019, Linux Foundation
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms and conditions of the GNU General Public License,
+# version 2, as published by the Free Software Foundation.
+#
+# This program is distributed in the hope it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+# more details.
+#
+import os
+import glob
+import json
+import resulttool.resultutils as resultutils
+from oeqa.utils.git import GitRepo
+import oeqa.utils.gitarchive as gitarchive
+
+
+class ResultsTextReport(object):
+ def __init__(self):
+ self.ptests = {}
+ self.result_types = {'passed': ['PASSED', 'passed'],
+ 'failed': ['FAILED', 'failed', 'ERROR', 'error', 'UNKNOWN'],
+ 'skipped': ['SKIPPED', 'skipped']}
+
+
+ def handle_ptest_result(self, k, status, result):
+ if k == 'ptestresult.sections':
+ # Ensure tests without any test results still show up on the report
+ for suite in result['ptestresult.sections']:
+ if suite not in self.ptests:
+ self.ptests[suite] = {'passed': 0, 'failed': 0, 'skipped': 0, 'duration' : '-', 'failed_testcases': []}
+ if 'duration' in result['ptestresult.sections'][suite]:
+ self.ptests[suite]['duration'] = result['ptestresult.sections'][suite]['duration']
+ if 'timeout' in result['ptestresult.sections'][suite]:
+ self.ptests[suite]['duration'] += " T"
+ return
+ try:
+ _, suite, test = k.split(".", 2)
+ except ValueError:
+ return
+ # Handle 'glib-2.0'
+ if 'ptestresult.sections' in result and suite not in result['ptestresult.sections']:
+ try:
+ _, suite, suite1, test = k.split(".", 3)
+ if suite + "." + suite1 in result['ptestresult.sections']:
+ suite = suite + "." + suite1
+ except ValueError:
+ pass
+ if suite not in self.ptests:
+ self.ptests[suite] = {'passed': 0, 'failed': 0, 'skipped': 0, 'duration' : '-', 'failed_testcases': []}
+ for tk in self.result_types:
+ if status in self.result_types[tk]:
+ self.ptests[suite][tk] += 1
+
+ def get_aggregated_test_result(self, logger, testresult):
+ test_count_report = {'passed': 0, 'failed': 0, 'skipped': 0, 'failed_testcases': []}
+ result = testresult.get('result', [])
+ for k in result:
+ test_status = result[k].get('status', [])
+ for tk in self.result_types:
+ if test_status in self.result_types[tk]:
+ test_count_report[tk] += 1
+ if test_status in self.result_types['failed']:
+ test_count_report['failed_testcases'].append(k)
+ if k.startswith("ptestresult."):
+ self.handle_ptest_result(k, test_status, result)
+ return test_count_report
+
+ def print_test_report(self, template_file_name, test_count_reports):
+ from jinja2 import Environment, FileSystemLoader
+ script_path = os.path.dirname(os.path.realpath(__file__))
+ file_loader = FileSystemLoader(script_path + '/template')
+ env = Environment(loader=file_loader, trim_blocks=True)
+ template = env.get_template(template_file_name)
+ havefailed = False
+ haveptest = bool(self.ptests)
+ reportvalues = []
+ cols = ['passed', 'failed', 'skipped']
+ maxlen = {'passed' : 0, 'failed' : 0, 'skipped' : 0, 'result_id': 0, 'testseries' : 0, 'ptest' : 0 }
+ for line in test_count_reports:
+ total_tested = line['passed'] + line['failed'] + line['skipped']
+ vals = {}
+ vals['result_id'] = line['result_id']
+ vals['testseries'] = line['testseries']
+ vals['sort'] = line['testseries'] + "_" + line['result_id']
+ vals['failed_testcases'] = line['failed_testcases']
+ for k in cols:
+ vals[k] = "%d (%s%%)" % (line[k], format(line[k] / total_tested * 100, '.0f'))
+ for k in maxlen:
+ if k in vals and len(vals[k]) > maxlen[k]:
+ maxlen[k] = len(vals[k])
+ reportvalues.append(vals)
+ if line['failed_testcases']:
+ havefailed = True
+ for ptest in self.ptests:
+ if len(ptest) > maxlen['ptest']:
+ maxlen['ptest'] = len(ptest)
+ output = template.render(reportvalues=reportvalues,
+ havefailed=havefailed,
+ haveptest=haveptest,
+ ptests=self.ptests,
+ maxlen=maxlen)
+ print(output)
+
+ def view_test_report(self, logger, source_dir, branch, commit, tag):
+ test_count_reports = []
+ if commit:
+ if tag:
+ logger.warning("Ignoring --tag as --commit was specified")
+ tag_name = "{branch}/{commit_number}-g{commit}/{tag_number}"
+ repo = GitRepo(source_dir)
+ revs = gitarchive.get_test_revs(logger, repo, tag_name, branch=branch)
+ rev_index = gitarchive.rev_find(revs, 'commit', commit)
+ testresults = resultutils.git_get_result(repo, revs[rev_index][2])
+ elif tag:
+ repo = GitRepo(source_dir)
+ testresults = resultutils.git_get_result(repo, [tag])
+ else:
+ testresults = resultutils.load_resultsdata(source_dir)
+ for testsuite in testresults:
+ for resultid in testresults[testsuite]:
+ result = testresults[testsuite][resultid]
+ test_count_report = self.get_aggregated_test_result(logger, result)
+ test_count_report['testseries'] = result['configuration']['TESTSERIES']
+ test_count_report['result_id'] = resultid
+ test_count_reports.append(test_count_report)
+ self.print_test_report('test_report_full_text.txt', test_count_reports)
+
+def report(args, logger):
+ report = ResultsTextReport()
+ report.view_test_report(logger, args.source_dir, args.branch, args.commit, args.tag)
+ return 0
+
+def register_commands(subparsers):
+ """Register subcommands from this plugin"""
+ parser_build = subparsers.add_parser('report', help='summarise test results',
+ description='print a text-based summary of the test results',
+ group='analysis')
+ parser_build.set_defaults(func=report)
+ parser_build.add_argument('source_dir',
+ help='source file/directory/URL that contain the test result files to summarise')
+ parser_build.add_argument('--branch', '-B', default='master', help="Branch to find commit in")
+ parser_build.add_argument('--commit', help="Revision to report")
+ parser_build.add_argument('-t', '--tag', default='',
+ help='source_dir is a git repository, report on the tag specified from that repository')
diff --git a/scripts/lib/resulttool/resultutils.py b/scripts/lib/resulttool/resultutils.py
new file mode 100644
index 0000000000..07dab4cbd3
--- /dev/null
+++ b/scripts/lib/resulttool/resultutils.py
@@ -0,0 +1,185 @@
+# resulttool - common library/utility functions
+#
+# Copyright (c) 2019, Intel Corporation.
+# Copyright (c) 2019, Linux Foundation
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms and conditions of the GNU General Public License,
+# version 2, as published by the Free Software Foundation.
+#
+# This program is distributed in the hope it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+# more details.
+#
+import os
+import json
+import scriptpath
+import copy
+import urllib.request
+import posixpath
+scriptpath.add_oe_lib_path()
+
+flatten_map = {
+ "oeselftest": [],
+ "runtime": [],
+ "sdk": [],
+ "sdkext": [],
+ "manual": []
+}
+regression_map = {
+ "oeselftest": ['TEST_TYPE', 'MACHINE'],
+ "runtime": ['TESTSERIES', 'TEST_TYPE', 'IMAGE_BASENAME', 'MACHINE', 'IMAGE_PKGTYPE', 'DISTRO'],
+ "sdk": ['TESTSERIES', 'TEST_TYPE', 'IMAGE_BASENAME', 'MACHINE', 'SDKMACHINE'],
+ "sdkext": ['TESTSERIES', 'TEST_TYPE', 'IMAGE_BASENAME', 'MACHINE', 'SDKMACHINE'],
+ "manual": ['TEST_TYPE', 'TEST_MODULE', 'IMAGE_BASENAME', 'MACHINE']
+}
+store_map = {
+ "oeselftest": ['TEST_TYPE'],
+ "runtime": ['TEST_TYPE', 'DISTRO', 'MACHINE', 'IMAGE_BASENAME'],
+ "sdk": ['TEST_TYPE', 'MACHINE', 'SDKMACHINE', 'IMAGE_BASENAME'],
+ "sdkext": ['TEST_TYPE', 'MACHINE', 'SDKMACHINE', 'IMAGE_BASENAME'],
+ "manual": ['TEST_TYPE', 'TEST_MODULE', 'MACHINE', 'IMAGE_BASENAME']
+}
+
+def is_url(p):
+ """
+ Helper for determining if the given path is a URL
+ """
+ return p.startswith('http://') or p.startswith('https://')
+
+#
+# Load the json file and append the results data into the provided results dict
+#
+def append_resultsdata(results, f, configmap=store_map):
+ if type(f) is str:
+ if is_url(f):
+ with urllib.request.urlopen(f) as response:
+ data = json.loads(response.read().decode('utf-8'))
+ url = urllib.parse.urlparse(f)
+ testseries = posixpath.basename(posixpath.dirname(url.path))
+ else:
+ with open(f, "r") as filedata:
+ data = json.load(filedata)
+ testseries = os.path.basename(os.path.dirname(f))
+ else:
+ data = f
+ for res in data:
+ if "configuration" not in data[res] or "result" not in data[res]:
+ raise ValueError("Test results data without configuration or result section?")
+ if "TESTSERIES" not in data[res]["configuration"]:
+ data[res]["configuration"]["TESTSERIES"] = testseries
+ testtype = data[res]["configuration"].get("TEST_TYPE")
+ if testtype not in configmap:
+ raise ValueError("Unknown test type %s" % testtype)
+ configvars = configmap[testtype]
+ testpath = "/".join(data[res]["configuration"].get(i) for i in configmap[testtype])
+ if testpath not in results:
+ results[testpath] = {}
+ results[testpath][res] = data[res]
+
+#
+# Walk a directory and find/load results data
+# or load directly from a file
+#
+def load_resultsdata(source, configmap=store_map):
+ results = {}
+ if is_url(source) or os.path.isfile(source):
+ append_resultsdata(results, source, configmap)
+ return results
+ for root, dirs, files in os.walk(source):
+ for name in files:
+ f = os.path.join(root, name)
+ if name == "testresults.json":
+ append_resultsdata(results, f, configmap)
+ return results
+
+def filter_resultsdata(results, resultid):
+ newresults = {}
+ for r in results:
+ for i in results[r]:
+ if i == resultsid:
+ newresults[r] = {}
+ newresults[r][i] = results[r][i]
+ return newresults
+
+def strip_ptestresults(results):
+ newresults = copy.deepcopy(results)
+ #for a in newresults2:
+ # newresults = newresults2[a]
+ for res in newresults:
+ if 'result' not in newresults[res]:
+ continue
+ if 'ptestresult.rawlogs' in newresults[res]['result']:
+ del newresults[res]['result']['ptestresult.rawlogs']
+ if 'ptestresult.sections' in newresults[res]['result']:
+ for i in newresults[res]['result']['ptestresult.sections']:
+ if 'log' in newresults[res]['result']['ptestresult.sections'][i]:
+ del newresults[res]['result']['ptestresult.sections'][i]['log']
+ return newresults
+
+def save_resultsdata(results, destdir, fn="testresults.json", ptestjson=False, ptestlogs=False):
+ for res in results:
+ if res:
+ dst = destdir + "/" + res + "/" + fn
+ else:
+ dst = destdir + "/" + fn
+ os.makedirs(os.path.dirname(dst), exist_ok=True)
+ resultsout = results[res]
+ if not ptestjson:
+ resultsout = strip_ptestresults(results[res])
+ with open(dst, 'w') as f:
+ f.write(json.dumps(resultsout, sort_keys=True, indent=4))
+ for res2 in results[res]:
+ if ptestlogs and 'result' in results[res][res2]:
+ if 'ptestresult.rawlogs' in results[res][res2]['result']:
+ with open(dst.replace(fn, "ptest-raw.log"), "w+") as f:
+ f.write(results[res][res2]['result']['ptestresult.rawlogs']['log'])
+ if 'ptestresult.sections' in results[res][res2]['result']:
+ for i in results[res][res2]['result']['ptestresult.sections']:
+ if 'log' in results[res][res2]['result']['ptestresult.sections'][i]:
+ with open(dst.replace(fn, "ptest-%s.log" % i), "w+") as f:
+ f.write(results[res][res2]['result']['ptestresult.sections'][i]['log'])
+
+def git_get_result(repo, tags):
+ git_objs = []
+ for tag in tags:
+ files = repo.run_cmd(['ls-tree', "--name-only", "-r", tag]).splitlines()
+ git_objs.extend([tag + ':' + f for f in files if f.endswith("testresults.json")])
+
+ def parse_json_stream(data):
+ """Parse multiple concatenated JSON objects"""
+ objs = []
+ json_d = ""
+ for line in data.splitlines():
+ if line == '}{':
+ json_d += '}'
+ objs.append(json.loads(json_d))
+ json_d = '{'
+ else:
+ json_d += line
+ objs.append(json.loads(json_d))
+ return objs
+
+ # Optimize by reading all data with one git command
+ results = {}
+ for obj in parse_json_stream(repo.run_cmd(['show'] + git_objs + ['--'])):
+ append_resultsdata(results, obj)
+
+ return results
+
+def test_run_results(results):
+ """
+ Convenient generator function that iterates over all test runs that have a
+ result section.
+
+ Generates a tuple of:
+ (result json file path, test run name, test run (dict), test run "results" (dict))
+ for each test run that has a "result" section
+ """
+ for path in results:
+ for run_name, test_run in results[path].items():
+ if not 'result' in test_run:
+ continue
+ yield path, run_name, test_run, test_run['result']
+
diff --git a/scripts/lib/resulttool/store.py b/scripts/lib/resulttool/store.py
new file mode 100644
index 0000000000..acdfbd94fd
--- /dev/null
+++ b/scripts/lib/resulttool/store.py
@@ -0,0 +1,102 @@
+# resulttool - store test results
+#
+# Copyright (c) 2019, Intel Corporation.
+# Copyright (c) 2019, Linux Foundation
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms and conditions of the GNU General Public License,
+# version 2, as published by the Free Software Foundation.
+#
+# This program is distributed in the hope it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+# more details.
+#
+import tempfile
+import os
+import subprocess
+import json
+import shutil
+import scriptpath
+scriptpath.add_bitbake_lib_path()
+scriptpath.add_oe_lib_path()
+import resulttool.resultutils as resultutils
+import oeqa.utils.gitarchive as gitarchive
+
+
+def store(args, logger):
+ tempdir = tempfile.mkdtemp(prefix='testresults.')
+ try:
+ results = {}
+ logger.info('Reading files from %s' % args.source)
+ if resultutils.is_url(args.source) or os.path.isfile(args.source):
+ resultutils.append_resultsdata(results, args.source)
+ else:
+ for root, dirs, files in os.walk(args.source):
+ for name in files:
+ f = os.path.join(root, name)
+ if name == "testresults.json":
+ resultutils.append_resultsdata(results, f)
+ elif args.all:
+ dst = f.replace(args.source, tempdir + "/")
+ os.makedirs(os.path.dirname(dst), exist_ok=True)
+ shutil.copyfile(f, dst)
+
+ revisions = {}
+
+ if not results and not args.all:
+ if args.allow_empty:
+ logger.info("No results found to store")
+ return 0
+ logger.error("No results found to store")
+ return 1
+
+ # Find the branch/commit/commit_count and ensure they all match
+ for suite in results:
+ for result in results[suite]:
+ config = results[suite][result]['configuration']['LAYERS']['meta']
+ revision = (config['commit'], config['branch'], str(config['commit_count']))
+ if revision not in revisions:
+ revisions[revision] = {}
+ if suite not in revisions[revision]:
+ revisions[revision][suite] = {}
+ revisions[revision][suite][result] = results[suite][result]
+
+ logger.info("Found %d revisions to store" % len(revisions))
+
+ for r in revisions:
+ results = revisions[r]
+ keywords = {'commit': r[0], 'branch': r[1], "commit_count": r[2]}
+ subprocess.check_call(["find", tempdir, "!", "-path", "./.git/*", "-delete"])
+ resultutils.save_resultsdata(results, tempdir, ptestlogs=True)
+
+ logger.info('Storing test result into git repository %s' % args.git_dir)
+
+ gitarchive.gitarchive(tempdir, args.git_dir, False, False,
+ "Results of {branch}:{commit}", "branch: {branch}\ncommit: {commit}", "{branch}",
+ False, "{branch}/{commit_count}-g{commit}/{tag_number}",
+ 'Test run #{tag_number} of {branch}:{commit}', '',
+ [], [], False, keywords, logger)
+
+ finally:
+ subprocess.check_call(["rm", "-rf", tempdir])
+
+ return 0
+
+def register_commands(subparsers):
+ """Register subcommands from this plugin"""
+ parser_build = subparsers.add_parser('store', help='store test results into a git repository',
+ description='takes a results file or directory of results files and stores '
+ 'them into the destination git repository, splitting out the results '
+ 'files as configured',
+ group='setup')
+ parser_build.set_defaults(func=store)
+ parser_build.add_argument('source',
+ help='source file/directory/URL that contain the test result files to be stored')
+ parser_build.add_argument('git_dir',
+ help='the location of the git repository to store the results in')
+ parser_build.add_argument('-a', '--all', action='store_true',
+ help='include all files, not just testresults.json files')
+ parser_build.add_argument('-e', '--allow-empty', action='store_true',
+ help='don\'t error if no results to store are found')
+
diff --git a/scripts/lib/resulttool/template/test_report_full_text.txt b/scripts/lib/resulttool/template/test_report_full_text.txt
new file mode 100644
index 0000000000..590f35c7dd
--- /dev/null
+++ b/scripts/lib/resulttool/template/test_report_full_text.txt
@@ -0,0 +1,44 @@
+==============================================================================================================
+Test Result Status Summary (Counts/Percentages sorted by testseries, ID)
+==============================================================================================================
+--------------------------------------------------------------------------------------------------------------
+{{ 'Test Series'.ljust(maxlen['testseries']) }} | {{ 'ID'.ljust(maxlen['result_id']) }} | {{ 'Passed'.ljust(maxlen['passed']) }} | {{ 'Failed'.ljust(maxlen['failed']) }} | {{ 'Skipped'.ljust(maxlen['skipped']) }}
+--------------------------------------------------------------------------------------------------------------
+{% for report in reportvalues |sort(attribute='sort') %}
+{{ report.testseries.ljust(maxlen['testseries']) }} | {{ report.result_id.ljust(maxlen['result_id']) }} | {{ (report.passed|string).ljust(maxlen['passed']) }} | {{ (report.failed|string).ljust(maxlen['failed']) }} | {{ (report.skipped|string).ljust(maxlen['skipped']) }}
+{% endfor %}
+--------------------------------------------------------------------------------------------------------------
+
+{% if haveptest %}
+==============================================================================================================
+PTest Result Summary
+==============================================================================================================
+--------------------------------------------------------------------------------------------------------------
+{{ 'Recipe'.ljust(maxlen['ptest']) }} | {{ 'Passed'.ljust(maxlen['passed']) }} | {{ 'Failed'.ljust(maxlen['failed']) }} | {{ 'Skipped'.ljust(maxlen['skipped']) }} | {{ 'Time(s)'.ljust(10) }}
+--------------------------------------------------------------------------------------------------------------
+{% for ptest in ptests |sort %}
+{{ ptest.ljust(maxlen['ptest']) }} | {{ (ptests[ptest]['passed']|string).ljust(maxlen['passed']) }} | {{ (ptests[ptest]['failed']|string).ljust(maxlen['failed']) }} | {{ (ptests[ptest]['skipped']|string).ljust(maxlen['skipped']) }} | {{ (ptests[ptest]['duration']|string) }}
+{% endfor %}
+--------------------------------------------------------------------------------------------------------------
+
+{% else %}
+There was no ptest data
+{% endif %}
+
+==============================================================================================================
+Failed test cases (sorted by testseries, ID)
+==============================================================================================================
+{% if havefailed %}
+--------------------------------------------------------------------------------------------------------------
+{% for report in reportvalues |sort(attribute='sort') %}
+{% if report.failed_testcases %}
+testseries | result_id : {{ report.testseries }} | {{ report.result_id }}
+{% for testcase in report.failed_testcases %}
+ {{ testcase }}
+{% endfor %}
+{% endif %}
+{% endfor %}
+--------------------------------------------------------------------------------------------------------------
+{% else %}
+There were no test failures
+{% endif %}
diff --git a/scripts/lib/scriptutils.py b/scripts/lib/scriptutils.py
index 31e48ea4dc..3c60c3a1e6 100644
--- a/scripts/lib/scriptutils.py
+++ b/scripts/lib/scriptutils.py
@@ -26,6 +26,8 @@ import string
import subprocess
import sys
import tempfile
+import importlib
+from importlib import machinery
def logger_create(name, stream=None):
logger = logging.getLogger(name)
@@ -50,12 +52,9 @@ def load_plugins(logger, plugins, pluginpath):
def load_plugin(name):
logger.debug('Loading plugin %s' % name)
- fp, pathname, description = imp.find_module(name, [pluginpath])
- try:
- return imp.load_module(name, fp, pathname, description)
- finally:
- if fp:
- fp.close()
+ spec = importlib.machinery.PathFinder.find_spec(name, path=[pluginpath] )
+ if spec:
+ return spec.loader.load_module()
def plugin_name(filename):
return os.path.splitext(os.path.basename(filename))[0]
diff --git a/scripts/lib/wic/plugins/source/bootimg-efi.py b/scripts/lib/wic/plugins/source/bootimg-efi.py
index 0eb86a079f..1269818464 100644
--- a/scripts/lib/wic/plugins/source/bootimg-efi.py
+++ b/scripts/lib/wic/plugins/source/bootimg-efi.py
@@ -256,8 +256,10 @@ class BootimgEFIPlugin(SourcePlugin):
# dosfs image, created by mkdosfs
bootimg = "%s/boot.img" % cr_workdir
- dosfs_cmd = "mkdosfs -n efi -i %s -C %s %d" % \
- (part.fsuuid, bootimg, blocks)
+ label = part.label if part.label else "ESP"
+
+ dosfs_cmd = "mkdosfs -n %s -i %s -C %s %d" % \
+ (label, part.fsuuid, bootimg, blocks)
exec_native_cmd(dosfs_cmd, native_sysroot)
mcopy_cmd = "mcopy -i %s -s %s/* ::/" % (bootimg, hdddir)
diff --git a/scripts/pythondeps b/scripts/pythondeps
index 590b9769e7..3e13a587ee 100755
--- a/scripts/pythondeps
+++ b/scripts/pythondeps
@@ -9,7 +9,8 @@
import argparse
import ast
-import imp
+import importlib
+from importlib import machinery
import logging
import os.path
import sys
@@ -17,10 +18,7 @@ import sys
logger = logging.getLogger('pythondeps')
-suffixes = []
-for triple in imp.get_suffixes():
- suffixes.append(triple[0])
-
+suffixes = importlib.machinery.all_suffixes()
class PythonDepError(Exception):
pass
diff --git a/scripts/resulttool b/scripts/resulttool
new file mode 100755
index 0000000000..9477667a87
--- /dev/null
+++ b/scripts/resulttool
@@ -0,0 +1,85 @@
+#!/usr/bin/env python3
+#
+# test results tool - tool for manipulating OEQA test result json files
+# (merge results, summarise results, regression analysis, generate manual test results file)
+#
+# To look for help information.
+# $ resulttool
+#
+# To store test results from oeqa automated tests, execute the below
+# $ resulttool store <source_dir> <git_branch>
+#
+# To merge test results, execute the below
+# $ resulttool merge <base_result_file> <target_result_file>
+#
+# To report test report, execute the below
+# $ resulttool report <source_dir>
+#
+# To perform regression file analysis, execute the below
+# $ resulttool regression-file <base_result_file> <target_result_file>
+#
+# To execute manual test cases, execute the below
+# $ resulttool manualexecution <manualjsonfile>
+#
+# By default testresults.json for manualexecution store in <build>/tmp/log/manual/
+#
+# Copyright (c) 2019, Intel Corporation.
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms and conditions of the GNU General Public License,
+# version 2, as published by the Free Software Foundation.
+#
+# This program is distributed in the hope it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+# more details.
+#
+
+import os
+import sys
+import argparse
+import logging
+script_path = os.path.dirname(os.path.realpath(__file__))
+lib_path = script_path + '/lib'
+sys.path = sys.path + [lib_path]
+import argparse_oe
+import scriptutils
+import resulttool.merge
+import resulttool.store
+import resulttool.regression
+import resulttool.report
+import resulttool.manualexecution
+import resulttool.log
+logger = scriptutils.logger_create('resulttool')
+
+def main():
+ parser = argparse_oe.ArgumentParser(description="OEQA test result manipulation tool.",
+ epilog="Use %(prog)s <subcommand> --help to get help on a specific command")
+ parser.add_argument('-d', '--debug', help='enable debug output', action='store_true')
+ parser.add_argument('-q', '--quiet', help='print only errors', action='store_true')
+ subparsers = parser.add_subparsers(dest="subparser_name", title='subcommands', metavar='<subcommand>')
+ subparsers.required = True
+ subparsers.add_subparser_group('manualexecution', 'manual testcases', 300)
+ resulttool.manualexecution.register_commands(subparsers)
+ subparsers.add_subparser_group('setup', 'setup', 200)
+ resulttool.merge.register_commands(subparsers)
+ resulttool.store.register_commands(subparsers)
+ subparsers.add_subparser_group('analysis', 'analysis', 100)
+ resulttool.regression.register_commands(subparsers)
+ resulttool.report.register_commands(subparsers)
+ resulttool.log.register_commands(subparsers)
+
+ args = parser.parse_args()
+ if args.debug:
+ logger.setLevel(logging.DEBUG)
+ elif args.quiet:
+ logger.setLevel(logging.ERROR)
+
+ try:
+ ret = args.func(args, logger)
+ except argparse_oe.ArgumentUsageError as ae:
+ parser.error_subcommand(ae.message, ae.subcommand)
+ return ret
+
+if __name__ == "__main__":
+ sys.exit(main())
diff --git a/scripts/runqemu b/scripts/runqemu
index 1c96b29a40..b0509672d5 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -157,19 +157,6 @@ def get_first_file(cmds):
return f
return ''
-def check_free_port(host, port):
- """ Check whether the port is free or not """
- import socket
- from contextlib import closing
-
- with closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as sock:
- if sock.connect_ex((host, port)) == 0:
- # Port is open, so not free
- return False
- else:
- # Port is not open, so free
- return True
-
class BaseConfig(object):
def __init__(self):
# The self.d saved vars from self.set(), part of them are from qemuboot.conf
@@ -218,8 +205,9 @@ class BaseConfig(object):
self.audio_enabled = False
self.tcpserial_portnum = ''
self.custombiosdir = ''
- self.lock = ''
- self.lock_descriptor = None
+ self.taplock = ''
+ self.taplock_descriptor = None
+ self.portlocks = {}
self.bitbake_e = ''
self.snapshot = False
self.fstypes = ('ext2', 'ext3', 'ext4', 'jffs2', 'nfs', 'btrfs',
@@ -240,30 +228,81 @@ class BaseConfig(object):
# avoid cleanup twice
self.cleaned = False
- def acquire_lock(self, error=True):
- logger.debug("Acquiring lockfile %s..." % self.lock)
+ def acquire_taplock(self, error=True):
+ logger.debug("Acquiring lockfile %s..." % self.taplock)
try:
- self.lock_descriptor = open(self.lock, 'w')
- fcntl.flock(self.lock_descriptor, fcntl.LOCK_EX|fcntl.LOCK_NB)
+ self.taplock_descriptor = open(self.taplock, 'w')
+ fcntl.flock(self.taplock_descriptor, fcntl.LOCK_EX|fcntl.LOCK_NB)
except Exception as e:
- msg = "Acquiring lockfile %s failed: %s" % (self.lock, e)
+ msg = "Acquiring lockfile %s failed: %s" % (self.taplock, e)
if error:
logger.error(msg)
else:
logger.info(msg)
- if self.lock_descriptor:
- self.lock_descriptor.close()
- self.lock_descriptor = None
+ if self.taplock_descriptor:
+ self.taplock_descriptor.close()
+ self.taplock_descriptor = None
return False
return True
- def release_lock(self):
- if self.lock_descriptor:
+ def release_taplock(self):
+ if self.taplock_descriptor:
logger.debug("Releasing lockfile for tap device '%s'" % self.tap)
- fcntl.flock(self.lock_descriptor, fcntl.LOCK_UN)
- self.lock_descriptor.close()
- os.remove(self.lock)
- self.lock_descriptor = None
+ fcntl.flock(self.taplock_descriptor, fcntl.LOCK_UN)
+ self.taplock_descriptor.close()
+ os.remove(self.taplock)
+ self.taplock_descriptor = None
+
+ def check_free_port(self, host, port, lockdir):
+ """ Check whether the port is free or not """
+ import socket
+ from contextlib import closing
+
+ lockfile = os.path.join(lockdir, str(port) + '.lock')
+ if self.acquire_portlock(lockfile):
+ with closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as sock:
+ if sock.connect_ex((host, port)) == 0:
+ # Port is open, so not free
+ self.release_portlock(lockfile)
+ return False
+ else:
+ # Port is not open, so free
+ return True
+ else:
+ return False
+
+ def acquire_portlock(self, lockfile, error=True):
+ logger.debug("Acquiring lockfile %s..." % lockfile)
+ try:
+ portlock_descriptor = open(lockfile, 'w')
+ self.portlocks.update({lockfile: portlock_descriptor})
+ fcntl.flock(self.portlocks[lockfile], fcntl.LOCK_EX|fcntl.LOCK_NB)
+ except Exception as e:
+ msg = "Acquiring lockfile %s failed: %s" % (lockfile, e)
+ if error:
+ logger.error(msg)
+ else:
+ logger.info(msg)
+ if self.portlocks[lockfile]:
+ self.portlocks[lockfile].close()
+ del self.portlocks[lockfile]
+ return False
+ return True
+
+ def release_portlock(self, lockfile=None):
+ if lockfile != None:
+ logger.debug("Releasing lockfile '%s'" % lockfile)
+ fcntl.flock(self.portlocks[lockfile], fcntl.LOCK_UN)
+ self.portlocks[lockfile].close()
+ os.remove(lockfile)
+ del self.portlocks[lockfile]
+ elif len(self.portlocks):
+ for lockfile, descriptor in self.portlocks.items():
+ logger.debug("Releasing lockfile '%s'" % lockfile)
+ fcntl.flock(descriptor, fcntl.LOCK_UN)
+ descriptor.close()
+ os.remove(lockfile)
+ self.portlocks = {}
def get(self, key):
if key in self.d:
@@ -923,10 +962,21 @@ class BaseConfig(object):
ports = re.findall('hostfwd=[^-]*:([0-9]+)-[^,-]*', qb_slirp_opt)
ports = [int(i) for i in ports]
mac = 2
+
+ lockdir = "/tmp/qemu-port-locks"
+ if not os.path.exists(lockdir):
+ # There might be a race issue when multi runqemu processess are
+ # running at the same time.
+ try:
+ os.mkdir(lockdir)
+ os.chmod(lockdir, 0o777)
+ except FileExistsError:
+ pass
+
# Find a free port to avoid conflicts
for p in ports[:]:
p_new = p
- while not check_free_port('localhost', p_new):
+ while not self.check_free_port('localhost', p_new, lockdir):
p_new += 1
mac += 1
while p_new in ports:
@@ -981,8 +1031,8 @@ class BaseConfig(object):
if os.path.exists('%s.skip' % lockfile):
logger.info('Found %s.skip, skipping %s' % (lockfile, p))
continue
- self.lock = lockfile + '.lock'
- if self.acquire_lock(error=False):
+ self.taplock = lockfile + '.lock'
+ if self.acquire_taplock(error=False):
tap = p
logger.info("Using preconfigured tap device %s" % tap)
logger.info("If this is not intended, touch %s.skip to make runqemu skip %s." %(lockfile, tap))
@@ -1000,8 +1050,8 @@ class BaseConfig(object):
cmd = ('sudo', self.qemuifup, str(uid), str(gid), self.bindir_native)
tap = subprocess.check_output(cmd).decode('utf-8').strip()
lockfile = os.path.join(lockdir, tap)
- self.lock = lockfile + '.lock'
- self.acquire_lock()
+ self.taplock = lockfile + '.lock'
+ self.acquire_taplock()
self.cleantap = True
logger.debug('Created tap: %s' % tap)
@@ -1233,8 +1283,11 @@ class BaseConfig(object):
cmds = shlex.split(cmd)
logger.info('Running %s\n' % cmd)
pass_fds = []
- if self.lock_descriptor:
- pass_fds = [self.lock_descriptor.fileno()]
+ if self.taplock_descriptor:
+ pass_fds = [self.taplock_descriptor.fileno()]
+ if len(self.portlocks):
+ for descriptor in self.portlocks.values():
+ pass_fds.append(descriptor.fileno())
process = subprocess.Popen(cmds, stderr=subprocess.PIPE, pass_fds=pass_fds)
self.qemupid = process.pid
retcode = process.wait()
@@ -1256,7 +1309,8 @@ class BaseConfig(object):
cmd = ('sudo', self.qemuifdown, self.tap, self.bindir_native)
logger.debug('Running %s' % str(cmd))
subprocess.check_call(cmd)
- self.release_lock()
+ self.release_taplock()
+ self.release_portlock()
if self.nfs_running:
logger.info("Shutting down the userspace NFS server...")
@@ -1333,7 +1387,8 @@ def main():
logger.info("SIGTERM received")
os.kill(config.qemupid, signal.SIGTERM)
config.cleanup()
- subprocess.check_call(["tput", "smam"])
+ # Deliberately ignore the return code of 'tput smam'.
+ subprocess.call(["tput", "smam"])
signal.signal(signal.SIGTERM, sigterm_handler)
config.check_args()
@@ -1355,7 +1410,8 @@ def main():
return 1
finally:
config.cleanup()
- subprocess.check_call(["tput", "smam"])
+ # Deliberately ignore the return code of 'tput smam'.
+ subprocess.call(["tput", "smam"])
if __name__ == "__main__":
sys.exit(main())
diff --git a/scripts/send-error-report b/scripts/send-error-report
index 3528cf93a9..0ed7cc905e 100755
--- a/scripts/send-error-report
+++ b/scripts/send-error-report
@@ -62,7 +62,7 @@ def edit_content(json_file_path):
def prepare_data(args):
# attempt to get the max_log_size from the server's settings
- max_log_size = getPayloadLimit("https://"+args.server+"/ClientPost/JSON")
+ max_log_size = getPayloadLimit(args.protocol+args.server+"/ClientPost/JSON")
if not os.path.isfile(args.error_file):
log.error("No data file found.")
@@ -132,9 +132,9 @@ def send_data(data, args):
headers={'Content-type': 'application/json', 'User-Agent': "send-error-report/"+version}
if args.json:
- url = "https://"+args.server+"/ClientPost/JSON/"
+ url = args.protocol+args.server+"/ClientPost/JSON/"
else:
- url = "https://"+args.server+"/ClientPost/"
+ url = args.protocol+args.server+"/ClientPost/"
req = urllib.request.Request(url, data=data, headers=headers)
try:
@@ -187,6 +187,11 @@ if __name__ == '__main__':
help="Return the result in json format, silences all other output",
action="store_true")
+ arg_parse.add_argument("--no-ssl",
+ help="Use http instead of https protocol",
+ dest="protocol",
+ action="store_const", const="http://", default="https://")
+
args = arg_parse.parse_args()
diff --git a/scripts/wic b/scripts/wic
index 37dfe2dc58..a3c0f731d9 100755
--- a/scripts/wic
+++ b/scripts/wic
@@ -35,6 +35,7 @@ import os
import sys
import argparse
import logging
+import subprocess
from collections import namedtuple
from distutils import spawn
@@ -63,10 +64,7 @@ if os.environ.get('SDKTARGETSYSROOT'):
bitbake_exe = spawn.find_executable('bitbake')
if bitbake_exe:
bitbake_path = scriptpath.add_bitbake_lib_path()
- from bb import cookerdata
- from bb.main import bitbake_main, BitBakeConfigParameters
-else:
- bitbake_main = None
+ import bb
from wic import WicError
from wic.misc import get_bitbake_var, BB_VARS
@@ -124,7 +122,7 @@ def wic_create_subcommand(options, usage_str):
Command-line handling for image creation. The real work is done
by image.engine.wic_create()
"""
- if options.build_rootfs and not bitbake_main:
+ if options.build_rootfs and not bitbake_exe:
raise WicError("Can't build rootfs as bitbake is not in the $PATH")
if not options.image_name:
@@ -160,9 +158,7 @@ def wic_create_subcommand(options, usage_str):
argv.append("--debug")
logger.info("Building rootfs...\n")
- if bitbake_main(BitBakeConfigParameters(argv),
- cookerdata.CookerConfiguration()):
- raise WicError("bitbake exited with error")
+ subprocess.check_call(argv)
rootfs_dir = get_bitbake_var("IMAGE_ROOTFS", options.image_name)
kernel_dir = get_bitbake_var("DEPLOY_DIR_IMAGE", options.image_name)
@@ -179,9 +175,7 @@ def wic_create_subcommand(options, usage_str):
if not options.vars_dir and (not native_sysroot or not os.path.isdir(native_sysroot)):
logger.info("Building wic-tools...\n")
- if bitbake_main(BitBakeConfigParameters("bitbake wic-tools".split()),
- cookerdata.CookerConfiguration()):
- raise WicError("bitbake wic-tools failed")
+ subprocess.check_call(["bitbake", "wic-tools"])
native_sysroot = get_bitbake_var("RECIPE_SYSROOT_NATIVE", "wic-tools")
if not native_sysroot:
@@ -432,7 +426,7 @@ def expandtype(rules):
if rules == 'auto':
return {}
result = {}
- for rule in rules.split('-'):
+ for rule in rules.split(','):
try:
part, size = rule.split(':')
except ValueError: