diff options
Diffstat (limited to 'meta/recipes-core')
58 files changed, 1124 insertions, 2650 deletions
diff --git a/meta/recipes-core/busybox/busybox-inittab_1.24.1.bb b/meta/recipes-core/busybox/busybox-inittab_1.24.1.bb new file mode 100644 index 0000000000..a83620e859 --- /dev/null +++ b/meta/recipes-core/busybox/busybox-inittab_1.24.1.bb @@ -0,0 +1,32 @@ +SUMMARY = "inittab configuration for BusyBox" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" + +SRC_URI = "file://inittab" + +S = "${WORKDIR}" + +INHIBIT_DEFAULT_DEPS = "1" + +do_compile() { + : +} + +do_install() { + install -d ${D}${sysconfdir} + install -D -m 0644 ${WORKDIR}/inittab ${D}${sysconfdir}/inittab + tmp="${SERIAL_CONSOLES}" + for i in $tmp + do + j=`echo ${i} | sed s/\;/\ /g` + id=`echo ${i} | sed -e 's/^.*;//' -e 's/;.*//'` + echo "$id::respawn:${base_sbindir}/getty ${j}" >> ${D}${sysconfdir}/inittab + done +} + +# SERIAL_CONSOLES is generally defined by the MACHINE .conf. +# Set PACKAGE_ARCH appropriately. +PACKAGE_ARCH = "${MACHINE_ARCH}" + +FILES_${PN} = "${sysconfdir}/inittab" +CONFFILES_${PN} = "${sysconfdir}/inittab" diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc index 48910ca33a..a6bfd46b67 100644 --- a/meta/recipes-core/busybox/busybox.inc +++ b/meta/recipes-core/busybox/busybox.inc @@ -48,6 +48,8 @@ CONFFILES_${PN}-mdev = "${sysconfdir}/mdev.conf" RRECOMMENDS_${PN} = "${PN}-syslog ${PN}-udhcpc" +RDEPENDS_${PN} = "${@["", "busybox-inittab"][(d.getVar('VIRTUAL-RUNTIME_init_manager') == 'busybox')]}" + inherit cml1 systemd update-rc.d ptest # internal helper @@ -292,16 +294,6 @@ do_install () { install -D -m 0777 ${WORKDIR}/rcS ${D}${sysconfdir}/init.d/rcS install -D -m 0777 ${WORKDIR}/rcK ${D}${sysconfdir}/init.d/rcK install -D -m 0755 ${WORKDIR}/runlevel ${D}${base_sbindir}/runlevel - if grep "CONFIG_FEATURE_USE_INITTAB=y" ${B}/.config; then - install -D -m 0777 ${WORKDIR}/inittab ${D}${sysconfdir}/inittab - tmp="${SERIAL_CONSOLES}" - for i in $tmp - do - j=`echo ${i} | sed s/\;/\ /g` - id=`echo ${i} | sed -e 's/^.*;//' -e 's/;.*//'` - echo "$id::respawn:${base_sbindir}/getty ${j}" >> ${D}${sysconfdir}/inittab - done - fi fi if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then diff --git a/meta/recipes-core/expat/expat.inc b/meta/recipes-core/expat/expat.inc index 0ee6c276d9..b815f736ff 100644 --- a/meta/recipes-core/expat/expat.inc +++ b/meta/recipes-core/expat/expat.inc @@ -9,7 +9,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/expat/expat-${PV}.tar.bz2 \ file://libtool-tag.patch \ " -SRC_URI_append_class-native = " file://no_getrandom.patch" +SRC_URI[md5sum] = "789e297f547980fc9ecc036f9a070d49" +SRC_URI[sha256sum] = "d9dc32efba7e74f788fcc4f212a43216fc37cf5f23f4c2339664d473353aedf6" inherit autotools lib_package diff --git a/meta/recipes-core/expat/expat/no_getrandom.patch b/meta/recipes-core/expat/expat/no_getrandom.patch deleted file mode 100644 index d64f1bf113..0000000000 --- a/meta/recipes-core/expat/expat/no_getrandom.patch +++ /dev/null @@ -1,23 +0,0 @@ -The native version of expat may be used on older systems which dont have glibc 2.25 -and hence don't have getrandom() thanks to uninative. Disable the libc call and -use the syscall instead to avoid a compatibility issue until we have 2.25 everywhere -we support with uninative. - -RP -2017/8/14 - -Upstream-Status: Inappropriate - -Index: expat-2.2.3/configure.ac -=================================================================== ---- expat-2.2.3.orig/configure.ac -+++ expat-2.2.3/configure.ac -@@ -151,7 +151,7 @@ AC_LINK_IFELSE([AC_LANG_SOURCE([ - #include <stdlib.h> /* for NULL */ - #include <sys/random.h> - int main() { -- return getrandom(NULL, 0U, 0U); -+ return getrandomBREAKME(NULL, 0U, 0U); - } - ])], [ - AC_DEFINE([HAVE_GETRANDOM], [1], diff --git a/meta/recipes-core/glib-2.0/glib.inc b/meta/recipes-core/glib-2.0/glib.inc index 8434b7dae3..4cdf1411e8 100644 --- a/meta/recipes-core/glib-2.0/glib.inc +++ b/meta/recipes-core/glib-2.0/glib.inc @@ -121,6 +121,12 @@ do_install_append_class-target () { fi } +RDEPENDS_${PN}-codegen += "\ + python3 \ + python3-distutils \ + python3-xml \ + " + RDEPENDS_${PN}-ptest += "\ dbus \ gnome-desktop-testing \ diff --git a/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb b/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb index 2782bd95c4..0ba6c8d835 100644 --- a/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb +++ b/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb @@ -1,6 +1,6 @@ SUMMARY = "GLib networking extensions" DESCRIPTION = "glib-networking contains the implementations of certain GLib networking features that cannot be implemented directly in GLib itself because of their dependencies." -HOMEPAGE = "http://git.gnome.org/browse/glib-networking/" +HOMEPAGE = "https://gitlab.gnome.org/GNOME/glib-networking/" BUGTRACKER = "http://bugzilla.gnome.org" LICENSE = "LGPLv2" diff --git a/meta/recipes-core/glibc/cross-localedef-native_2.26.bb b/meta/recipes-core/glibc/cross-localedef-native_2.26.bb index fc5d70dbb9..744085f413 100644 --- a/meta/recipes-core/glibc/cross-localedef-native_2.26.bb +++ b/meta/recipes-core/glibc/cross-localedef-native_2.26.bb @@ -21,7 +21,7 @@ SRCBRANCH ?= "release/${PV}/master" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.\d+)*)" -SRCREV_glibc ?= "1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369" +SRCREV_glibc ?= "d300041c533a3d837c9f37a099bcc95466860e98" SRCREV_localedef ?= "dfb4afe551c6c6e94f9cc85417bd1f582168c843" SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ @@ -35,6 +35,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0021-eglibc-Install-PIC-archives.patch \ file://0022-eglibc-Forward-port-cross-locale-generation-support.patch \ file://0023-Define-DUMMY_LOCALE_T-if-not-defined.patch \ + file://archive-path.patch \ " # Makes for a rather long rev (22 characters), but... # diff --git a/meta/recipes-core/glibc/glibc-locale.inc b/meta/recipes-core/glibc/glibc-locale.inc index 1a629fc69d..b3cb10b87a 100644 --- a/meta/recipes-core/glibc/glibc-locale.inc +++ b/meta/recipes-core/glibc/glibc-locale.inc @@ -39,7 +39,6 @@ PACKAGES = "localedef ${PN}-dbg" PACKAGES_DYNAMIC = "^locale-base-.* \ ^glibc-gconv-.* ^glibc-charmap-.* ^glibc-localedata-.* ^glibc-binary-localedata-.* \ - ^glibc-gconv-.* ^glibc-charmap-.* ^glibc-localedata-.* ^glibc-binary-localedata-.* \ ^${MLPREFIX}glibc-gconv$" # Create a glibc-binaries package diff --git a/meta/recipes-core/glibc/glibc-package.inc b/meta/recipes-core/glibc/glibc-package.inc index df3db2cc45..b6d80745cc 100644 --- a/meta/recipes-core/glibc/glibc-package.inc +++ b/meta/recipes-core/glibc/glibc-package.inc @@ -113,15 +113,15 @@ do_install_append () { } do_install_append_aarch64 () { - if [ "${base_libdir}" != "/lib" ] ; then + if [ "${base_libdir}" != "${nonarch_base_libdir}" ]; then # The aarch64 ABI says the dynamic linker -must- be /lib/ld-linux-aarch64[_be].so.1 - install -d ${D}/lib + install -d ${D}${nonarch_base_libdir} if [ -e ${D}${base_libdir}/ld-linux-aarch64.so.1 ]; then - ln -s ${@base_path_relative('/lib', '${base_libdir}')}/ld-linux-aarch64.so.1 \ - ${D}/lib/ld-linux-aarch64.so.1 + ln -s ${@base_path_relative('${nonarch_base_libdir}', '${base_libdir}')}/ld-linux-aarch64.so.1 \ + ${D}${nonarch_base_libdir}/ld-linux-aarch64.so.1 elif [ -e ${D}${base_libdir}/ld-linux-aarch64_be.so.1 ]; then - ln -s ${@base_path_relative('/lib', '${base_libdir}')}/ld-linux-aarch64_be.so.1 \ - ${D}/lib/ld-linux-aarch64_be.so.1 + ln -s ${@base_path_relative('${nonarch_base_libdir}', '${base_libdir}')}/ld-linux-aarch64_be.so.1 \ + ${D}${nonarch_base_libdir}/ld-linux-aarch64_be.so.1 fi fi do_install_armmultilib diff --git a/meta/recipes-core/glibc/glibc/0029-assert-Support-types-without-operator-int-BZ-21972.patch b/meta/recipes-core/glibc/glibc/0029-assert-Support-types-without-operator-int-BZ-21972.patch new file mode 100644 index 0000000000..3c7050f078 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/0029-assert-Support-types-without-operator-int-BZ-21972.patch @@ -0,0 +1,194 @@ +Upstream-Status: Backport + +* fixes "lambda-expression in unevaluated context" compile failures such as + https://github.com/nlohmann/json/issues/705 + +* fixes "no match for 'operator==" compile failures such as + https://bugzilla.redhat.com/show_bug.cgi?id=1482990 + +* Changelog edit was removed from upstream commit because it caused conflict + +Signed-off-by: S. Lockwood-Childs <sjl@vctlabs.com> + +From b5889d25e9bf944a89fdd7bcabf3b6c6f6bb6f7c Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Mon, 21 Aug 2017 13:03:29 +0200 +Subject: [PATCH] assert: Support types without operator== (int) [BZ #21972] + +--- + assert/Makefile | 11 ++++++- + assert/assert.h | 16 ++++++---- + assert/tst-assert-c++.cc | 78 ++++++++++++++++++++++++++++++++++++++++++++++++ + assert/tst-assert-g++.cc | 19 ++++++++++++ + 4 files changed, 128 insertions(+), 7 deletions(-) + create mode 100644 assert/tst-assert-c++.cc + create mode 100644 assert/tst-assert-g++.cc + +diff --git a/assert/Makefile b/assert/Makefile +index 1c3be9b..9ec1be8 100644 +--- a/assert/Makefile ++++ b/assert/Makefile +@@ -25,6 +25,15 @@ include ../Makeconfig + headers := assert.h + + routines := assert assert-perr __assert +-tests := test-assert test-assert-perr ++tests := test-assert test-assert-perr tst-assert-c++ tst-assert-g++ + + include ../Rules ++ ++ifeq ($(have-cxx-thread_local),yes) ++CFLAGS-tst-assert-c++.o = -std=c++11 ++LDLIBS-tst-assert-c++ = -lstdc++ ++CFLAGS-tst-assert-g++.o = -std=gnu++11 ++LDLIBS-tst-assert-g++ = -lstdc++ ++else ++tests-unsupported += tst-assert-c++ tst-assert-g++ ++endif +diff --git a/assert/assert.h b/assert/assert.h +index 6801cfe..640c95c 100644 +--- a/assert/assert.h ++++ b/assert/assert.h +@@ -85,7 +85,12 @@ __END_DECLS + /* When possible, define assert so that it does not add extra + parentheses around EXPR. Otherwise, those added parentheses would + suppress warnings we'd expect to be detected by gcc's -Wparentheses. */ +-# if !defined __GNUC__ || defined __STRICT_ANSI__ ++# if defined __cplusplus ++# define assert(expr) \ ++ (static_cast <bool> (expr) \ ++ ? void (0) \ ++ : __assert_fail (#expr, __FILE__, __LINE__, __ASSERT_FUNCTION)) ++# elif !defined __GNUC__ || defined __STRICT_ANSI__ + # define assert(expr) \ + ((expr) \ + ? __ASSERT_VOID_CAST (0) \ +@@ -93,12 +98,11 @@ __END_DECLS + # else + /* The first occurrence of EXPR is not evaluated due to the sizeof, + but will trigger any pedantic warnings masked by the __extension__ +- for the second occurrence. The explicit comparison against zero is +- required to support function pointers and bit fields in this +- context, and to suppress the evaluation of variable length +- arrays. */ ++ for the second occurrence. The ternary operator is required to ++ support function pointers and bit fields in this context, and to ++ suppress the evaluation of variable length arrays. */ + # define assert(expr) \ +- ((void) sizeof ((expr) == 0), __extension__ ({ \ ++ ((void) sizeof ((expr) ? 1 : 0), __extension__ ({ \ + if (expr) \ + ; /* empty */ \ + else \ +diff --git a/assert/tst-assert-c++.cc b/assert/tst-assert-c++.cc +new file mode 100644 +index 0000000..12a5e69 +--- /dev/null ++++ b/assert/tst-assert-c++.cc +@@ -0,0 +1,78 @@ ++/* Tests for interactions between C++ and assert. ++ Copyright (C) 2017 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <http://www.gnu.org/licenses/>. */ ++ ++#include <assert.h> ++ ++/* The C++ standard requires that if the assert argument is a constant ++ subexpression, then the assert itself is one, too. */ ++constexpr int ++check_constexpr () ++{ ++ return (assert (true), 1); ++} ++ ++/* Objects of this class can be contextually converted to bool, but ++ cannot be compared to int. */ ++struct no_int ++{ ++ no_int () = default; ++ no_int (const no_int &) = delete; ++ ++ explicit operator bool () const ++ { ++ return true; ++ } ++ ++ bool operator! () const; /* No definition. */ ++ template <class T> bool operator== (T) const; /* No definition. */ ++ template <class T> bool operator!= (T) const; /* No definition. */ ++}; ++ ++/* This class tests that operator== is not used by assert. */ ++struct bool_and_int ++{ ++ bool_and_int () = default; ++ bool_and_int (const no_int &) = delete; ++ ++ explicit operator bool () const ++ { ++ return true; ++ } ++ ++ bool operator! () const; /* No definition. */ ++ template <class T> bool operator== (T) const; /* No definition. */ ++ template <class T> bool operator!= (T) const; /* No definition. */ ++}; ++ ++static int ++do_test () ++{ ++ { ++ no_int value; ++ assert (value); ++ } ++ ++ { ++ bool_and_int value; ++ assert (value); ++ } ++ ++ return 0; ++} ++ ++#include <support/test-driver.c> +diff --git a/assert/tst-assert-g++.cc b/assert/tst-assert-g++.cc +new file mode 100644 +index 0000000..8c06402 +--- /dev/null ++++ b/assert/tst-assert-g++.cc +@@ -0,0 +1,19 @@ ++/* Tests for interactions between C++ and assert. GNU C++11 version. ++ Copyright (C) 2017 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <http://www.gnu.org/licenses/>. */ ++ ++#include <tst-assert-c++.cc> +-- +1.9.4 + diff --git a/meta/recipes-core/glibc/glibc/0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch b/meta/recipes-core/glibc/glibc/0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch new file mode 100644 index 0000000000..436c84778e --- /dev/null +++ b/meta/recipes-core/glibc/glibc/0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch @@ -0,0 +1,69 @@ +From af3054b3856379d353a779801678f330e1b58c9a Mon Sep 17 00:00:00 2001 +Message-Id: <af3054b3856379d353a779801678f330e1b58c9a.1490183611.git.panand@redhat.com> +From: Pratyush Anand <panand@redhat.com> +Date: Wed, 22 Mar 2017 17:02:38 +0530 +Subject: [PATCH] bits/siginfo-consts.h: enum definition for TRAP_HWBKPT is missing +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Compile following linux kernel test code with latest glibc: + +https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/breakpoints/breakpoint_test_arm64.c + +and we get following error: +breakpoint_test_arm64.c: In function ‘run_test’: +breakpoint_test_arm64.c:171:25: error: ‘TRAP_HWBKPT’ undeclared (first use in this function) + if (siginfo.si_code != TRAP_HWBKPT) { + ^ +I can compile test code by modifying my local +/usr/include/bits/siginfo.h and test works great. Therefore, this patch +will be needed in upstream glibc so that issue is fixed there as well. + +Signed-off-by: Pratyush Anand <panand@redhat.com> + +Upstream-Status: Submitted [https://sourceware.org/bugzilla/show_bug.cgi?id=21286] +--- + bits/siginfo-consts.h | 6 +++++- + sysdeps/unix/sysv/linux/bits/siginfo-consts.h | 6 +++++- + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/bits/siginfo-consts.h b/bits/siginfo-consts.h +index a58ac4b..8448fac 100644 +--- a/bits/siginfo-consts.h ++++ b/bits/siginfo-consts.h +@@ -106,8 +106,12 @@ enum + { + TRAP_BRKPT = 1, /* Process breakpoint. */ + # define TRAP_BRKPT TRAP_BRKPT +- TRAP_TRACE /* Process trace trap. */ ++ TRAP_TRACE, /* Process trace trap. */ + # define TRAP_TRACE TRAP_TRACE ++ TRAP_BRANCH, /* Process branch trap. */ ++# define TRAP_BRANCH TRAP_BRANCH ++ TRAP_HWBKPT /* hardware breakpoint/watchpoint */ ++# define TRAP_HWBKPT TRAP_HWBKPT + }; + # endif + +diff --git a/sysdeps/unix/sysv/linux/bits/siginfo-consts.h b/sysdeps/unix/sysv/linux/bits/siginfo-consts.h +index 525840c..57a9edb 100644 +--- a/sysdeps/unix/sysv/linux/bits/siginfo-consts.h ++++ b/sysdeps/unix/sysv/linux/bits/siginfo-consts.h +@@ -137,8 +137,12 @@ enum + { + TRAP_BRKPT = 1, /* Process breakpoint. */ + # define TRAP_BRKPT TRAP_BRKPT +- TRAP_TRACE /* Process trace trap. */ ++ TRAP_TRACE, /* Process trace trap. */ + # define TRAP_TRACE TRAP_TRACE ++ TRAP_BRANCH, /* Process branch trap. */ ++# define TRAP_BRANCH TRAP_BRANCH ++ TRAP_HWBKPT /* hardware breakpoint/watchpoint */ ++# define TRAP_HWBKPT TRAP_HWBKPT + }; + # endif + +-- +2.7.4 + diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch new file mode 100644 index 0000000000..ae050a5223 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch @@ -0,0 +1,61 @@ +From a76376df7c07e577a9515c3faa5dbd50bda5da07 Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@cs.ucla.edu> +Date: Fri, 20 Oct 2017 18:41:14 +0200 +Subject: [PATCH] CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320] + +(cherry picked from commit c369d66e5426a30e4725b100d5cd28e372754f90) + +Upstream-Status: Backport +CVE: CVE-2017-15670 +Affects: glibc < 2.27 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + ChangeLog | 6 ++++++ + NEWS | 5 +++++ + posix/glob.c | 2 +- + 3 files changed, 12 insertions(+), 1 deletion(-) + +Index: git/NEWS +=================================================================== +--- git.orig/NEWS ++++ git/NEWS +@@ -206,6 +206,11 @@ Security related changes: + * A use-after-free vulnerability in clntudp_call in the Sun RPC system has been + fixed (CVE-2017-12133). + ++ CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, ++ suffered from a one-byte overflow during ~ operator processing (either ++ on the stack or the heap, depending on the length of the user name). ++ Reported by Tim Rühsen. ++ + The following bugs are resolved with this release: + + [984] network: Respond to changed resolv.conf in gethostbyname +Index: git/posix/glob.c +=================================================================== +--- git.orig/posix/glob.c ++++ git/posix/glob.c +@@ -843,7 +843,7 @@ glob (const char *pattern, int flags, in + *p = '\0'; + } + else +- *((char *) mempcpy (newp, dirname + 1, end_name - dirname)) ++ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1)) + = '\0'; + user_name = newp; + } +Index: git/ChangeLog +=================================================================== +--- git.orig/ChangeLog ++++ git/ChangeLog +@@ -1,3 +1,9 @@ ++2017-10-20 Paul Eggert <eggert@cs.ucla.edu> ++ ++ [BZ #22320] ++ CVE-2017-15670 ++ * posix/glob.c (__glob): Fix one-byte overflow. ++ + 2017-08-02 Siddhesh Poyarekar <siddhesh@sourceware.org> + + * version.h (RELEASE): Set to "stable" diff --git a/meta/recipes-core/glibc/glibc/archive-path.patch b/meta/recipes-core/glibc/glibc/archive-path.patch new file mode 100644 index 0000000000..b0d3158cfe --- /dev/null +++ b/meta/recipes-core/glibc/glibc/archive-path.patch @@ -0,0 +1,39 @@ +localedef --add-to-archive uses a hard-coded locale path which doesn't exist in +normal use, and there's no way to pass an alternative filename. + +Add a fallback of $LOCALEARCHIVE from the environment, and allow creation of new locale archives that are not the system archive. + +Upstream-Status: Inappropriate (OE-specific) +Signed-off-by: Ross Burton <ross.burton@intel.com> + +diff --git a/locale/programs/locarchive.c b/locale/programs/locarchive.c +index ca332a34..6b7ba9b2 100644 +--- a/locale/programs/locarchive.c ++++ b/locale/programs/locarchive.c +@@ -569,10 +569,13 @@ open_archive (struct locarhandle *ah, bool readonly) + /* If ah has a non-NULL fname open that otherwise open the default. */ + if (archivefname == NULL) + { +- archivefname = default_fname; +- if (output_prefix) +- memcpy (default_fname, output_prefix, prefix_len); +- strcpy (default_fname + prefix_len, ARCHIVE_NAME); ++ archivefname = getenv("LOCALEARCHIVE"); ++ if (archivefname == NULL) { ++ archivefname = default_fname; ++ if (output_prefix) ++ memcpy (default_fname, output_prefix, prefix_len); ++ strcpy (default_fname + prefix_len, ARCHIVE_NAME); ++ } + } + + while (1) +@@ -585,7 +588,7 @@ open_archive (struct locarhandle *ah, bool readonly) + the default locale archive we ignore the failure and + list an empty archive, otherwise we print an error + and exit. */ +- if (errno == ENOENT && archivefname == default_fname) ++ if (errno == ENOENT) + { + if (readonly) + { diff --git a/meta/recipes-core/glibc/glibc/relocate-locales.patch b/meta/recipes-core/glibc/glibc/relocate-locales.patch new file mode 100644 index 0000000000..2aea37f5ca --- /dev/null +++ b/meta/recipes-core/glibc/glibc/relocate-locales.patch @@ -0,0 +1,55 @@ +The glibc locale path is hard-coded to the install prefix, but in SDKs we need +to be able to relocate the binaries. Expand the strings to 4K and put them in a +magic segment that we can relocate at install time. + +Upstream-Status: Inappropriate (OE-specific) +Signed-off-by: Ross Burton <ross.burton@intel.com> + +diff --git a/locale/findlocale.c b/locale/findlocale.c +index 872cadb5..da14fa39 100644 +--- a/locale/findlocale.c ++++ b/locale/findlocale.c +@@ -56,7 +56,7 @@ struct __locale_data *const _nl_C[] attribute_hidden = + which are somehow addressed. */ + struct loaded_l10nfile *_nl_locale_file_list[__LC_LAST]; + +-const char _nl_default_locale_path[] attribute_hidden = COMPLOCALEDIR; ++char _nl_default_locale_path[4096] attribute_hidden __attribute__ ((section (".gccrelocprefix"))) = COMPLOCALEDIR; + + /* Checks if the name is actually present, that is, not NULL and not + empty. */ +@@ -167,7 +167,7 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len, + + /* Nothing in the archive. Set the default path to search below. */ + locale_path = _nl_default_locale_path; +- locale_path_len = sizeof _nl_default_locale_path; ++ locale_path_len = strlen(locale_path) + 1; + } + else + /* We really have to load some data. First see whether the name is +diff --git a/locale/localeinfo.h b/locale/localeinfo.h +index 68822a63..537bc351 100644 +--- a/locale/localeinfo.h ++++ b/locale/localeinfo.h +@@ -325,7 +325,7 @@ _nl_lookup_word (locale_t l, int category, int item) + } + + /* Default search path if no LOCPATH environment variable. */ +-extern const char _nl_default_locale_path[] attribute_hidden; ++extern char _nl_default_locale_path[4096] attribute_hidden; + + /* Load the locale data for CATEGORY from the file specified by *NAME. + If *NAME is "", use environment variables as specified by POSIX, and +diff --git a/locale/loadarchive.c b/locale/loadarchive.c +index 516d30d8..792b37fb 100644 +--- a/locale/loadarchive.c ++++ b/locale/loadarchive.c +@@ -42,7 +43,7 @@ + + + /* Name of the locale archive file. */ +-static const char archfname[] = COMPLOCALEDIR "/locale-archive"; ++static const char archfname[4096] __attribute__ ((section (".gccrelocprefix"))) = COMPLOCALEDIR "/locale-archive"; + + /* Size of initial mapping window, optimal if large enough to + cover the header plus the initial locale. */ diff --git a/meta/recipes-core/glibc/glibc_2.26.bb b/meta/recipes-core/glibc/glibc_2.26.bb index 135ec4fb16..a1a4022ebc 100644 --- a/meta/recipes-core/glibc/glibc_2.26.bb +++ b/meta/recipes-core/glibc/glibc_2.26.bb @@ -1,13 +1,13 @@ require glibc.inc -LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \ +LIC_FILES_CHKSUM = "file://LICENSES;md5=ebc14508894997e6daaad1b8ffd53a15\ file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \ file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" -DEPENDS += "gperf-native" +DEPENDS += "gperf-native bison-native" -SRCREV ?= "1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369" +SRCREV ?= "c9570bd2f54abb68e4e3c767aca3a54e05d2c7f6" SRCBRANCH ?= "release/${PV}/master" @@ -40,9 +40,9 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0023-Define-DUMMY_LOCALE_T-if-not-defined.patch \ file://0024-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch \ file://0025-locale-fix-hard-coded-reference-to-gcc-E.patch \ - file://0026-assert-Suppress-pedantic-warning-caused-by-statement.patch \ file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \ file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \ + file://0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch \ " NATIVESDKFIXES ?= "" @@ -51,6 +51,7 @@ NATIVESDKFIXES_class-nativesdk = "\ file://0002-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch \ file://0003-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch \ file://0004-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch \ + file://relocate-locales.patch \ " S = "${WORKDIR}/git" @@ -103,6 +104,10 @@ do_configure () { # version check and doesn't really help with anything (cd ${S} && gnu-configize) || die "failure in running gnu-configize" find ${S} -name "configure" | xargs touch + # "plural.c" may or may not get regenerated from "plural.y" so we + # touch "plural.y" to make sure it does. (This should not be needed + # for glibc version 2.26+) + find ${S}/intl -name "plural.y" | xargs touch CPPFLAGS="" oe_runconf } @@ -134,12 +139,6 @@ do_compile () { } -# Use the host locale archive when built for nativesdk so that we don't need to -# ship a complete (100MB) locale set. -do_compile_prepend_class-nativesdk() { - echo "complocaledir=/usr/lib/locale" >> ${S}/configparms -} - require glibc-package.inc BBCLASSEXTEND = "nativesdk" diff --git a/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb b/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb index 5654528ae8..e9f3a2aee9 100644 --- a/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb +++ b/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb @@ -6,7 +6,7 @@ the file /etc/network/interfaces." LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" -SRC_URI = "git://anonscm.debian.org/git/collab-maint/ifupdown.git \ +SRC_URI = "git://salsa.debian.org/debian/ifupdown.git;protocol=https \ file://defn2-c-man-don-t-rely-on-dpkg-architecture-to-set-a.patch \ file://inet-6-.defn-fix-inverted-checks-for-loopback.patch \ file://99_network \ diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb index cd96a128a8..b24d2cd651 100644 --- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -22,8 +22,8 @@ IMAGE_FSTYPES = "wic.vmdk" inherit core-image module-base setuptools3 -SRCREV ?= "1d57ca352f798dd671fd8c15ee4286644c49c4b9" -SRC_URI = "git://git.yoctoproject.org/poky;branch=master \ +SRCREV ?= "30c10a3d8bd9bcd909cc1600894815c2fd5400a2" +SRC_URI = "git://git.yoctoproject.org/poky;branch=rocko \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ file://README_VirtualBox_Guest_Additions.txt \ diff --git a/meta/recipes-core/images/core-image-minimal-initramfs.bb b/meta/recipes-core/images/core-image-minimal-initramfs.bb index 5794a25952..c446e87bd1 100644 --- a/meta/recipes-core/images/core-image-minimal-initramfs.bb +++ b/meta/recipes-core/images/core-image-minimal-initramfs.bb @@ -8,7 +8,7 @@ PACKAGE_INSTALL = "initramfs-live-boot initramfs-live-install initramfs-live-ins # Do not pollute the initrd image with rootfs features IMAGE_FEATURES = "" -export IMAGE_BASENAME = "core-image-minimal-initramfs" +export IMAGE_BASENAME = "${MLPREFIX}core-image-minimal-initramfs" IMAGE_LINGUAS = "" LICENSE = "MIT" diff --git a/meta/recipes-core/initrdscripts/files/init-install-efi.sh b/meta/recipes-core/initrdscripts/files/init-install-efi.sh index 5ad3a60c05..706418fa9c 100644 --- a/meta/recipes-core/initrdscripts/files/init-install-efi.sh +++ b/meta/recipes-core/initrdscripts/files/init-install-efi.sh @@ -186,6 +186,13 @@ parted ${device} mkpart swap linux-swap $swap_start 100% parted ${device} print +echo "Waiting for device nodes..." +C=0 +while [ $C -ne 3 ] && [ ! -e $bootfs -o ! -e $rootfs -o ! -e $swap ]; do + C=$(( C + 1 )) + sleep 1 +done + echo "Formatting $bootfs to vfat..." mkfs.vfat $bootfs diff --git a/meta/recipes-core/initrdscripts/files/init-install.sh b/meta/recipes-core/initrdscripts/files/init-install.sh index 572613ecd4..dade059c8f 100644 --- a/meta/recipes-core/initrdscripts/files/init-install.sh +++ b/meta/recipes-core/initrdscripts/files/init-install.sh @@ -132,7 +132,7 @@ fi disk_size=$(parted ${device} unit mb print | grep '^Disk .*: .*MB' | cut -d" " -f 3 | sed -e "s/MB//") -grub_version=$(grub-install -v|sed 's/.* \([0-9]\).*/\1/') +grub_version=$(grub-install -V|sed 's/.* \([0-9]\).*/\1/') if [ $grub_version -eq 0 ] ; then bios_boot_size=0 @@ -211,6 +211,13 @@ parted ${device} mkpart $pname linux-swap $swap_start 100% parted ${device} print +echo "Waiting for device nodes..." +C=0 +while [ $C -ne 3 ] && [ ! -e $bootfs -o ! -e $rootfs -o ! -e $swap ]; do + C=$(( C + 1 )) + sleep 1 +done + echo "Formatting $bootfs to ext3..." mkfs.ext3 $bootfs diff --git a/meta/recipes-core/initrdscripts/initramfs-framework/install-efi.sh b/meta/recipes-core/initrdscripts/initramfs-framework/install-efi.sh deleted file mode 100644 index 5ad3a60c05..0000000000 --- a/meta/recipes-core/initrdscripts/initramfs-framework/install-efi.sh +++ /dev/null @@ -1,276 +0,0 @@ -#!/bin/sh -e -# -# Copyright (c) 2012, Intel Corporation. -# All rights reserved. -# -# install.sh [device_name] [rootfs_name] -# - -PATH=/sbin:/bin:/usr/sbin:/usr/bin - -# We need 20 Mb for the boot partition -boot_size=20 - -# 5% for swap -swap_ratio=5 - -# Get a list of hard drives -hdnamelist="" -live_dev_name=`cat /proc/mounts | grep ${1%/} | awk '{print $1}'` -live_dev_name=${live_dev_name#\/dev/} -# Only strip the digit identifier if the device is not an mmc -case $live_dev_name in - mmcblk*) - ;; - nvme*) - ;; - *) - live_dev_name=${live_dev_name%%[0-9]*} - ;; -esac - -echo "Searching for hard drives ..." - -# Some eMMC devices have special sub devices such as mmcblk0boot0 etc -# we're currently only interested in the root device so pick them wisely -devices=`ls /sys/block/ | grep -v mmcblk` || true -mmc_devices=`ls /sys/block/ | grep "mmcblk[0-9]\{1,\}$"` || true -devices="$devices $mmc_devices" - -for device in $devices; do - case $device in - loop*) - # skip loop device - ;; - sr*) - # skip CDROM device - ;; - ram*) - # skip ram device - ;; - *) - # skip the device LiveOS is on - # Add valid hard drive name to the list - case $device in - $live_dev_name*) - # skip the device we are running from - ;; - *) - hdnamelist="$hdnamelist $device" - ;; - esac - ;; - esac -done - -if [ -z "${hdnamelist}" ]; then - echo "You need another device (besides the live device /dev/${live_dev_name}) to install the image. Installation aborted." - exit 1 -fi - -TARGET_DEVICE_NAME="" -for hdname in $hdnamelist; do - # Display found hard drives and their basic info - echo "-------------------------------" - echo /dev/$hdname - if [ -r /sys/block/$hdname/device/vendor ]; then - echo -n "VENDOR=" - cat /sys/block/$hdname/device/vendor - fi - if [ -r /sys/block/$hdname/device/model ]; then - echo -n "MODEL=" - cat /sys/block/$hdname/device/model - fi - if [ -r /sys/block/$hdname/device/uevent ]; then - echo -n "UEVENT=" - cat /sys/block/$hdname/device/uevent - fi - echo -done - -# Get user choice -while true; do - echo "Please select an install target or press n to exit ($hdnamelist ): " - read answer - if [ "$answer" = "n" ]; then - echo "Installation manually aborted." - exit 1 - fi - for hdname in $hdnamelist; do - if [ "$answer" = "$hdname" ]; then - TARGET_DEVICE_NAME=$answer - break - fi - done - if [ -n "$TARGET_DEVICE_NAME" ]; then - break - fi -done - -if [ -n "$TARGET_DEVICE_NAME" ]; then - echo "Installing image on /dev/$TARGET_DEVICE_NAME ..." -else - echo "No hard drive selected. Installation aborted." - exit 1 -fi - -device=/dev/$TARGET_DEVICE_NAME - -# -# The udev automounter can cause pain here, kill it -# -rm -f /etc/udev/rules.d/automount.rules -rm -f /etc/udev/scripts/mount* - -# -# Unmount anything the automounter had mounted -# -umount ${device}* 2> /dev/null || /bin/true - -mkdir -p /tmp - -# Create /etc/mtab if not present -if [ ! -e /etc/mtab ] && [ -e /proc/mounts ]; then - ln -sf /proc/mounts /etc/mtab -fi - -disk_size=$(parted ${device} unit mb print | grep '^Disk .*: .*MB' | cut -d" " -f 3 | sed -e "s/MB//") - -swap_size=$((disk_size*swap_ratio/100)) -rootfs_size=$((disk_size-boot_size-swap_size)) - -rootfs_start=$((boot_size)) -rootfs_end=$((rootfs_start+rootfs_size)) -swap_start=$((rootfs_end)) - -# MMC devices are special in a couple of ways -# 1) they use a partition prefix character 'p' -# 2) they are detected asynchronously (need rootwait) -rootwait="" -part_prefix="" -if [ ! "${device#/dev/mmcblk}" = "${device}" ] || \ - [ ! "${device#/dev/nvme}" = "${device}" ]; then - part_prefix="p" - rootwait="rootwait" -fi - -# USB devices also require rootwait -if [ -n `readlink /dev/disk/by-id/usb* | grep $TARGET_DEVICE_NAME` ]; then - rootwait="rootwait" -fi - -bootfs=${device}${part_prefix}1 -rootfs=${device}${part_prefix}2 -swap=${device}${part_prefix}3 - -echo "*****************" -echo "Boot partition size: $boot_size MB ($bootfs)" -echo "Rootfs partition size: $rootfs_size MB ($rootfs)" -echo "Swap partition size: $swap_size MB ($swap)" -echo "*****************" -echo "Deleting partition table on ${device} ..." -dd if=/dev/zero of=${device} bs=512 count=35 - -echo "Creating new partition table on ${device} ..." -parted ${device} mklabel gpt - -echo "Creating boot partition on $bootfs" -parted ${device} mkpart boot fat32 0% $boot_size -parted ${device} set 1 boot on - -echo "Creating rootfs partition on $rootfs" -parted ${device} mkpart root ext3 $rootfs_start $rootfs_end - -echo "Creating swap partition on $swap" -parted ${device} mkpart swap linux-swap $swap_start 100% - -parted ${device} print - -echo "Formatting $bootfs to vfat..." -mkfs.vfat $bootfs - -echo "Formatting $rootfs to ext3..." -mkfs.ext3 $rootfs - -echo "Formatting swap partition...($swap)" -mkswap $swap - -mkdir /tgt_root -mkdir /src_root -mkdir -p /boot - -# Handling of the target root partition -mount $rootfs /tgt_root -mount -o rw,loop,noatime,nodiratime /run/media/$1/$2 /src_root -echo "Copying rootfs files..." -cp -a /src_root/* /tgt_root -if [ -d /tgt_root/etc/ ] ; then - boot_uuid=$(blkid -o value -s UUID ${bootfs}) - swap_part_uuid=$(blkid -o value -s PARTUUID ${swap}) - echo "/dev/disk/by-partuuid/$swap_part_uuid swap swap defaults 0 0" >> /tgt_root/etc/fstab - echo "UUID=$boot_uuid /boot vfat defaults 1 2" >> /tgt_root/etc/fstab - # We dont want udev to mount our root device while we're booting... - if [ -d /tgt_root/etc/udev/ ] ; then - echo "${device}" >> /tgt_root/etc/udev/mount.blacklist - fi -fi - -umount /src_root - -# Handling of the target boot partition -mount $bootfs /boot -echo "Preparing boot partition..." - -EFIDIR="/boot/EFI/BOOT" -mkdir -p $EFIDIR -# Copy the efi loader -cp /run/media/$1/EFI/BOOT/*.efi $EFIDIR - -if [ -f /run/media/$1/EFI/BOOT/grub.cfg ]; then - root_part_uuid=$(blkid -o value -s PARTUUID ${rootfs}) - GRUBCFG="$EFIDIR/grub.cfg" - cp /run/media/$1/EFI/BOOT/grub.cfg $GRUBCFG - # Update grub config for the installed image - # Delete the install entry - sed -i "/menuentry 'install'/,/^}/d" $GRUBCFG - # Delete the initrd lines - sed -i "/initrd /d" $GRUBCFG - # Delete any LABEL= strings - sed -i "s/ LABEL=[^ ]*/ /" $GRUBCFG - # Delete any root= strings - sed -i "s/ root=[^ ]*/ /g" $GRUBCFG - # Add the root= and other standard boot options - sed -i "s@linux /vmlinuz *@linux /vmlinuz root=PARTUUID=$root_part_uuid rw $rootwait quiet @" $GRUBCFG -fi - -if [ -d /run/media/$1/loader ]; then - rootuuid=$(blkid -o value -s PARTUUID ${rootfs}) - SYSTEMDBOOT_CFGS="/boot/loader/entries/*.conf" - # copy config files for systemd-boot - cp -dr /run/media/$1/loader /boot - # delete the install entry - rm -f /boot/loader/entries/install.conf - # delete the initrd lines - sed -i "/initrd /d" $SYSTEMDBOOT_CFGS - # delete any LABEL= strings - sed -i "s/ LABEL=[^ ]*/ /" $SYSTEMDBOOT_CFGS - # delete any root= strings - sed -i "s/ root=[^ ]*/ /" $SYSTEMDBOOT_CFGS - # add the root= and other standard boot options - sed -i "s@options *@options root=PARTUUID=$rootuuid rw $rootwait quiet @" $SYSTEMDBOOT_CFGS -fi - -umount /tgt_root - -cp /run/media/$1/vmlinuz /boot - -umount /boot - -sync - -echo "Remove your installation media, and press ENTER" - -read enter - -echo "Rebooting..." -reboot -f diff --git a/meta/recipes-core/initrdscripts/initramfs-module-install-efi_1.0.bb b/meta/recipes-core/initrdscripts/initramfs-module-install-efi_1.0.bb index 2270441d06..1e7f76fd56 100644 --- a/meta/recipes-core/initrdscripts/initramfs-module-install-efi_1.0.bb +++ b/meta/recipes-core/initrdscripts/initramfs-module-install-efi_1.0.bb @@ -1,20 +1,17 @@ -SUMMARY = "initramfs-framework module for installation option" +SUMMARY = "initramfs-framework module for EFI installation option" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" RDEPENDS_${PN} = "initramfs-framework-base parted e2fsprogs-mke2fs dosfstools util-linux-blkid" PR = "r4" -inherit allarch - -FILESEXTRAPATHS_prepend := "${THISDIR}/initramfs-framework:" -SRC_URI = "file://install-efi.sh" +SRC_URI = "file://init-install-efi.sh" S = "${WORKDIR}" do_install() { install -d ${D}/init.d - install -m 0755 ${WORKDIR}/install-efi.sh ${D}/init.d/install-efi.sh + install -m 0755 ${WORKDIR}/init-install-efi.sh ${D}/init.d/install-efi.sh } FILES_${PN} = "/init.d/install-efi.sh" diff --git a/meta/recipes-core/initrdscripts/initramfs-module-install_1.0.bb b/meta/recipes-core/initrdscripts/initramfs-module-install_1.0.bb new file mode 100644 index 0000000000..02b69f37a4 --- /dev/null +++ b/meta/recipes-core/initrdscripts/initramfs-module-install_1.0.bb @@ -0,0 +1,22 @@ +SUMMARY = "initramfs-framework module for installation option" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" +RDEPENDS_${PN} = "initramfs-framework-base grub parted e2fsprogs-mke2fs util-linux-blkid" + +# The same restriction as grub +COMPATIBLE_HOST = '(x86_64.*|i.86.*|arm.*|aarch64.*)-(linux.*|freebsd.*)' +COMPATIBLE_HOST_armv7a = 'null' +COMPATIBLE_HOST_armv7ve = 'null' + +PR = "r1" + +SRC_URI = "file://init-install.sh" + +S = "${WORKDIR}" + +do_install() { + install -d ${D}/init.d + install -m 0755 ${WORKDIR}/init-install.sh ${D}/init.d/install.sh +} + +FILES_${PN} = "/init.d/install.sh" diff --git a/meta/recipes-core/initscripts/initscripts_1.0.bb b/meta/recipes-core/initscripts/initscripts_1.0.bb index fea4f22e95..91eea4b8c2 100644 --- a/meta/recipes-core/initscripts/initscripts_1.0.bb +++ b/meta/recipes-core/initscripts/initscripts_1.0.bb @@ -43,21 +43,20 @@ SRC_URI_append_arm = " file://alignment.sh" KERNEL_VERSION = "" -inherit update-alternatives DEPENDS_append = " update-rc.d-native" PACKAGE_WRITE_DEPS_append = " ${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd-systemctl-native','',d)}" PACKAGES =+ "${PN}-functions ${PN}-sushell" -RDEPENDS_${PN} = "${PN}-functions \ +RDEPENDS_${PN} = "initd-functions \ ${@bb.utils.contains('DISTRO_FEATURES','selinux','${PN}-sushell','',d)} \ " +# Recommend pn-functions so that it will be a preferred default provider for initd-functions +RRECOMMENDS_${PN} = "${PN}-functions" +RPROVIDES_${PN}-functions = "initd-functions" +RCONFLICTS_${PN}-functions = "lsbinitscripts" FILES_${PN}-functions = "${sysconfdir}/init.d/functions*" FILES_${PN}-sushell = "${base_sbindir}/sushell" -ALTERNATIVE_PRIORITY_${PN}-functions = "90" -ALTERNATIVE_${PN}-functions = "functions" -ALTERNATIVE_LINK_NAME[functions] = "${sysconfdir}/init.d/functions" - HALTARGS ?= "-d -f" do_configure() { diff --git a/meta/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch b/meta/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch new file mode 100644 index 0000000000..51a9e1935f --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch @@ -0,0 +1,21 @@ +Make sure that Makefile doesn't try to compile these tests again +on the target where the source dependencies won't be available. + +Upstream-Status: Inappropriate [cross-compile specific] + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +Index: libxml2-2.9.7/Makefile.am +=================================================================== +--- libxml2-2.9.7.orig/Makefile.am ++++ libxml2-2.9.7/Makefile.am +@@ -211,8 +211,7 @@ install-ptest: + sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile + $(MAKE) -C python install-ptest + +-runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \ +- testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT) ++runtests: + [ -d test ] || $(LN_S) $(srcdir)/test . + [ -d result ] || $(LN_S) $(srcdir)/result . + $(CHECKER) ./runtest$(EXEEXT) && \ diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch index 3277165618..d9ed1516fe 100644 --- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch +++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch @@ -183,7 +183,7 @@ index 68cd824..5fa0a9b 100644 - echo "*** If you have an old version installed, it is best to remove it, although" - echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ], - [ echo "*** The test program failed to compile or link. See the file config.log for the" -- echo "*** exact error that occured. This usually means LIBXML was incorrectly installed" +- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed" - echo "*** or that you have moved LIBXML since it was installed. In the latter case, you" - echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ]) - CPPFLAGS="$ac_save_CPPFLAGS" diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch deleted file mode 100644 index bb55eed171..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch +++ /dev/null @@ -1,269 +0,0 @@ -libxml2-2.9.4: Fix CVE-2016-4658 - -[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4658 - -xpointer: Disallow namespace nodes in XPointer points and ranges - -Namespace nodes must be copied to avoid use-after-free errors. -But they don't necessarily have a physical representation in a -document, so simply disallow them in XPointer ranges. - -Upstream-Status: Backport - - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b] - - [https://git.gnome.org/browse/libxml2/commit/?id=3f8a91036d338e51c059d54397a42d645f019c65] -CVE: CVE-2016-4658 -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com> - -diff --git a/xpointer.c b/xpointer.c -index 676c510..911680d 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) { - } - - /** -+ * xmlXPtrNewRangeInternal: -+ * @start: the starting node -+ * @startindex: the start index -+ * @end: the ending point -+ * @endindex: the ending index -+ * -+ * Internal function to create a new xmlXPathObjectPtr of type range -+ * -+ * Returns the newly created object. -+ */ -+static xmlXPathObjectPtr -+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex, -+ xmlNodePtr end, int endindex) { -+ xmlXPathObjectPtr ret; -+ -+ /* -+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs). -+ * Disallow them for now. -+ */ -+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL)) -+ return(NULL); -+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL)) -+ return(NULL); -+ -+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -+ if (ret == NULL) { -+ xmlXPtrErrMemory("allocating range"); -+ return(NULL); -+ } -+ memset(ret, 0, sizeof(xmlXPathObject)); -+ ret->type = XPATH_RANGE; -+ ret->user = start; -+ ret->index = startindex; -+ ret->user2 = end; -+ ret->index2 = endindex; -+ return(ret); -+} -+ -+/** - * xmlXPtrNewRange: - * @start: the starting node - * @startindex: the start index -@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex, - if (endindex < 0) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = startindex; -- ret->user2 = end; -- ret->index2 = endindex; -+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) { - if (end->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start->user; -- ret->index = start->index; -- ret->user2 = end->user; -- ret->index2 = end->index; -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user, -+ end->index); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) { - if (start->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start->user; -- ret->index = start->index; -- ret->user2 = end; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) { - if (end->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = end->user; -- ret->index2 = end->index; -+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) { - if (end == NULL) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = end; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { - if (start == NULL) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = NULL; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1); - return(ret); - } - -@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { - */ - xmlXPathObjectPtr - xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { -+ xmlNodePtr endNode; -+ int endIndex; - xmlXPathObjectPtr ret; - - if (start == NULL) -@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - return(NULL); - switch (end->type) { - case XPATH_POINT: -+ endNode = end->user; -+ endIndex = end->index; -+ break; - case XPATH_RANGE: -+ endNode = end->user2; -+ endIndex = end->index2; - break; - case XPATH_NODESET: - /* -@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - */ - if (end->nodesetval->nodeNr <= 0) - return(NULL); -+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; -+ endIndex = -1; - break; - default: - /* TODO */ - return(NULL); - } - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- switch (end->type) { -- case XPATH_POINT: -- ret->user2 = end->user; -- ret->index2 = end->index; -- break; -- case XPATH_RANGE: -- ret->user2 = end->user2; -- ret->index2 = end->index2; -- break; -- case XPATH_NODESET: { -- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; -- ret->index2 = -1; -- break; -- } -- default: -- STRANGE -- return(NULL); -- } -+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -1835,8 +1798,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr ctxt, int nargs) { - case XPATH_RANGE: { - xmlNodePtr node = tmp->user; - if (node != NULL) { -- if (node->type == XML_ATTRIBUTE_NODE) { -- /* TODO: Namespace Nodes ??? */ -+ if ((node->type == XML_ATTRIBUTE_NODE) || -+ (node->type == XML_NAMESPACE_DECL)) { - xmlXPathFreeObject(obj); - xmlXPtrFreeLocationSet(newset); - XP_ERROR(XPTR_SYNTAX_ERROR); -@@ -1931,8 +1894,8 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr ctxt, int nargs) { - case XPATH_RANGE: { - xmlNodePtr node = tmp->user2; - if (node != NULL) { -- if (node->type == XML_ATTRIBUTE_NODE) { -- /* TODO: Namespace Nodes ??? */ -+ if ((node->type == XML_ATTRIBUTE_NODE) || -+ (node->type == XML_NAMESPACE_DECL)) { - xmlXPathFreeObject(obj); - xmlXPtrFreeLocationSet(newset); - XP_ERROR(XPTR_SYNTAX_ERROR); diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch deleted file mode 100644 index 9d47d023a9..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch +++ /dev/null @@ -1,180 +0,0 @@ -From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Tue, 28 Jun 2016 14:22:23 +0200 -Subject: [PATCH] Fix XPointer paths beginning with range-to - -The old code would invoke the broken xmlXPtrRangeToFunction. range-to -isn't really a function but a special kind of location step. Remove -this function and always handle range-to in the XPath code. - -The old xmlXPtrRangeToFunction could also be abused to trigger a -use-after-free error with the potential for remote code execution. - -Found with afl-fuzz. - -Fixes CVE-2016-5131. - -CVE: CVE-2016-5131 -Upstream-Status: Backport -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e - -Signed-off-by: Yi Zhao <yi.zhao@windirver.com> ---- - result/XPath/xptr/vidbase | 13 ++++++++ - test/XPath/xptr/vidbase | 1 + - xpath.c | 7 ++++- - xpointer.c | 76 ++++------------------------------------------- - 4 files changed, 26 insertions(+), 71 deletions(-) - -diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase -index 8b9e92d..f19193e 100644 ---- a/result/XPath/xptr/vidbase -+++ b/result/XPath/xptr/vidbase -@@ -17,3 +17,16 @@ Object is a Location Set: - To node - ELEMENT p - -+ -+======================== -+Expression: xpointer(range-to(id('chapter2'))) -+Object is a Location Set: -+1 : Object is a range : -+ From node -+ / -+ To node -+ ELEMENT chapter -+ ATTRIBUTE id -+ TEXT -+ content=chapter2 -+ -diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase -index b146383..884b106 100644 ---- a/test/XPath/xptr/vidbase -+++ b/test/XPath/xptr/vidbase -@@ -1,2 +1,3 @@ - xpointer(id('chapter1')/p) - xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2])) -+xpointer(range-to(id('chapter2'))) -diff --git a/xpath.c b/xpath.c -index d992841..5a01b1b 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) { - lc = 1; - break; - } else if ((NXT(len) == '(')) { -- /* Note Type or Function */ -+ /* Node Type or Function */ - if (xmlXPathIsNodeType(name)) { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, - "PathExpr: Type search\n"); - #endif - lc = 1; -+#ifdef LIBXML_XPTR_ENABLED -+ } else if (ctxt->xptr && -+ xmlStrEqual(name, BAD_CAST "range-to")) { -+ lc = 1; -+#endif - } else { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, -diff --git a/xpointer.c b/xpointer.c -index 676c510..d74174a 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) { - ret->here = here; - ret->origin = origin; - -- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to", -- xmlXPtrRangeToFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range", - xmlXPtrRangeFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside", -@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) { - * @nargs: the number of args - * - * Implement the range-to() XPointer function -+ * -+ * Obsolete. range-to is not a real function but a special type of location -+ * step which is handled in xpath.c. - */ - void --xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) { -- xmlXPathObjectPtr range; -- const xmlChar *cur; -- xmlXPathObjectPtr res, obj; -- xmlXPathObjectPtr tmp; -- xmlLocationSetPtr newset = NULL; -- xmlNodeSetPtr oldset; -- int i; -- -- if (ctxt == NULL) return; -- CHECK_ARITY(1); -- /* -- * Save the expression pointer since we will have to evaluate -- * it multiple times. Initialize the new set. -- */ -- CHECK_TYPE(XPATH_NODESET); -- obj = valuePop(ctxt); -- oldset = obj->nodesetval; -- ctxt->context->node = NULL; -- -- cur = ctxt->cur; -- newset = xmlXPtrLocationSetCreate(NULL); -- -- for (i = 0; i < oldset->nodeNr; i++) { -- ctxt->cur = cur; -- -- /* -- * Run the evaluation with a node list made of a single item -- * in the nodeset. -- */ -- ctxt->context->node = oldset->nodeTab[i]; -- tmp = xmlXPathNewNodeSet(ctxt->context->node); -- valuePush(ctxt, tmp); -- -- xmlXPathEvalExpr(ctxt); -- CHECK_ERROR; -- -- /* -- * The result of the evaluation need to be tested to -- * decided whether the filter succeeded or not -- */ -- res = valuePop(ctxt); -- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res); -- if (range != NULL) { -- xmlXPtrLocationSetAdd(newset, range); -- } -- -- /* -- * Cleanup -- */ -- if (res != NULL) -- xmlXPathFreeObject(res); -- if (ctxt->value == tmp) { -- res = valuePop(ctxt); -- xmlXPathFreeObject(res); -- } -- -- ctxt->context->node = NULL; -- } -- -- /* -- * The result is used as the new evaluation set. -- */ -- xmlXPathFreeObject(obj); -- ctxt->context->node = NULL; -- ctxt->context->contextSize = -1; -- ctxt->context->proximityPosition = -1; -- valuePush(ctxt, xmlXPtrWrapLocationSet(newset)); -+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, -+ int nargs ATTRIBUTE_UNUSED) { -+ XP_ERROR(XPATH_EXPR_ERROR); - } - - /** --- -2.7.4 - diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch deleted file mode 100644 index 0108265855..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch +++ /dev/null @@ -1,40 +0,0 @@ -libxml2: Fix CVE-2017-0663 - -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228 - -valid: Fix type confusion in xmlValidateOneNamespace - -Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types -on namespace declarations make no practical sense anyway. - -Fixes bug 780228 - -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66] -CVE: CVE-2017-0663 -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> - -diff --git a/valid.c b/valid.c -index 19f84b8..e03d35e 100644 ---- a/valid.c -+++ b/valid.c -@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { - } - } - -+ /* -+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions -+ * xmlAddID and xmlAddRef for namespace declarations, but it makes -+ * no practical sense to use ID types anyway. -+ */ -+#if 0 - /* Validity Constraint: ID uniqueness */ - if (attrDecl->atype == XML_ATTRIBUTE_ID) { - if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) -@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { - if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) - ret = 0; - } -+#endif - - /* Validity Constraint: Notation Attributes */ - if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) { diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch deleted file mode 100644 index 571b05c087..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch +++ /dev/null @@ -1,62 +0,0 @@ -libxml2-2.9.4: Fix CVE-2017-5969 - -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422 - -valid: Fix NULL pointer deref in xmlDumpElementContent - -Can only be triggered in recovery mode. - -Fixes bug 758422 - -Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882] -CVE: CVE-2017-5969 -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> - -diff --git a/valid.c b/valid.c -index 19f84b8..0a8e58a 100644 ---- a/valid.c -+++ b/valid.c -@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob) - xmlBufferWriteCHAR(buf, content->name); - break; - case XML_ELEMENT_CONTENT_SEQ: -- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || -- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) -+ if ((content->c1 != NULL) && -+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || -+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) - xmlDumpElementContent(buf, content->c1, 1); - else - xmlDumpElementContent(buf, content->c1, 0); - xmlBufferWriteChar(buf, " , "); -- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) || -- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && -- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) -+ if ((content->c2 != NULL) && -+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) || -+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && -+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) - xmlDumpElementContent(buf, content->c2, 1); - else - xmlDumpElementContent(buf, content->c2, 0); - break; - case XML_ELEMENT_CONTENT_OR: -- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || -- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) -+ if ((content->c1 != NULL) && -+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || -+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) - xmlDumpElementContent(buf, content->c1, 1); - else - xmlDumpElementContent(buf, content->c1, 0); - xmlBufferWriteChar(buf, " | "); -- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || -- ((content->c2->type == XML_ELEMENT_CONTENT_OR) && -- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) -+ if ((content->c2 != NULL) && -+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || -+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) && -+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) - xmlDumpElementContent(buf, content->c2, 1); - else - xmlDumpElementContent(buf, content->c2, 0); diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch deleted file mode 100644 index 26779aa572..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch +++ /dev/null @@ -1,37 +0,0 @@ -From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Wed, 23 Aug 2017 16:04:49 +0800 -Subject: [PATCH] fix CVE-2017-8872 - -this makes xmlHaltParser "empty" the buffer, as it resets cur and ava -il too here. - -this seems to cure this specific issue, and also passes the testsuite - -Signed-off-by: Marcus Meissner <meissner@suse.de> - -https://bugzilla.gnome.org/show_bug.cgi?id=775200 -Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff] -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - parser.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/parser.c b/parser.c -index 9506ead..6c07ffd 100644 ---- a/parser.c -+++ b/parser.c -@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) { - } - ctxt->input->cur = BAD_CAST""; - ctxt->input->base = ctxt->input->cur; -+ if (ctxt->input->buf) { -+ xmlBufEmpty (ctxt->input->buf->buffer); -+ } else -+ ctxt->input->length = 0; - } - } - --- -2.7.4 - diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch deleted file mode 100644 index 8b034560fa..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch +++ /dev/null @@ -1,103 +0,0 @@ -libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048 - -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781333 - -- https://bugzilla.gnome.org/show_bug.cgi?id=781701 - -valid: Fix buffer size checks in xmlSnprintfElementContent - -xmlSnprintfElementContent failed to correctly check the available -buffer space in two locations. - -Fixes bug 781333 and bug 781701 - -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74] -CVE: CVE-2017-9047 CVE-2017-9048 -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> - -diff --git a/result/valid/781333.xml b/result/valid/781333.xml -new file mode 100644 -index 0000000..01baf11 ---- /dev/null -+++ b/result/valid/781333.xml -@@ -0,0 +1,5 @@ -+<?xml version="1.0"?> -+<!DOCTYPE a [ -+<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)> -+]> -+<a/> -diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err -new file mode 100644 -index 0000000..2176200 ---- /dev/null -+++ b/result/valid/781333.xml.err -@@ -0,0 +1,3 @@ -+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got -+<a/> -+ ^ -diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr -new file mode 100644 -index 0000000..1195a04 ---- /dev/null -+++ b/result/valid/781333.xml.err.rdr -@@ -0,0 +1,6 @@ -+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got -+<a/> -+ ^ -+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child -+ -+^ -diff --git a/test/valid/781333.xml b/test/valid/781333.xml -new file mode 100644 -index 0000000..bceac9c ---- /dev/null -+++ b/test/valid/781333.xml -@@ -0,0 +1,4 @@ -+<!DOCTYPE a [ -+ <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)> -+]> -+<a/> -diff --git a/valid.c b/valid.c -index 19f84b8..aaa30f6 100644 ---- a/valid.c -+++ b/valid.c -@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int - case XML_ELEMENT_CONTENT_PCDATA: - strcat(buf, "#PCDATA"); - break; -- case XML_ELEMENT_CONTENT_ELEMENT: -+ case XML_ELEMENT_CONTENT_ELEMENT: { -+ int qnameLen = xmlStrlen(content->name); -+ -+ if (content->prefix != NULL) -+ qnameLen += xmlStrlen(content->prefix) + 1; -+ if (size - len < qnameLen + 10) { -+ strcat(buf, " ..."); -+ return; -+ } - if (content->prefix != NULL) { -- if (size - len < xmlStrlen(content->prefix) + 10) { -- strcat(buf, " ..."); -- return; -- } - strcat(buf, (char *) content->prefix); - strcat(buf, ":"); - } -- if (size - len < xmlStrlen(content->name) + 10) { -- strcat(buf, " ..."); -- return; -- } - if (content->name != NULL) - strcat(buf, (char *) content->name); - break; -+ } - case XML_ELEMENT_CONTENT_SEQ: - if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || - (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) -@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int - xmlSnprintfElementContent(buf, size, content->c2, 0); - break; - } -+ if (size - strlen(buf) <= 2) return; - if (englob) - strcat(buf, ")"); - switch (content->ocur) { diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch deleted file mode 100644 index 591075de3c..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch +++ /dev/null @@ -1,291 +0,0 @@ -libxml2-2.9.4: Fix CVE-2017-9049 and CVE-2017-9050 - -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781205 - -- https://bugzilla.gnome.org/show_bug.cgi?id=781361 - -parser: Fix handling of parameter-entity references - -There were two bugs where parameter-entity references could lead to an -unexpected change of the input buffer in xmlParseNameComplex and -xmlDictLookup being called with an invalid pointer. - -Percent sign in DTD Names -========================= - -The NEXTL macro used to call xmlParserHandlePEReference. When parsing -"complex" names inside the DTD, this could result in entity expansion -which created a new input buffer. The fix is to simply remove the call -to xmlParserHandlePEReference from the NEXTL macro. This is safe because -no users of the macro require expansion of parameter entities. - -- xmlParseNameComplex -- xmlParseNCNameComplex -- xmlParseNmtoken - -The percent sign is not allowed in names, which are grammatical tokens. - -- xmlParseEntityValue - -Parameter-entity references in entity values are expanded but this -happens in a separate step in this function. - -- xmlParseSystemLiteral - -Parameter-entity references are ignored in the system literal. - -- xmlParseAttValueComplex -- xmlParseCharDataComplex -- xmlParseCommentComplex -- xmlParsePI -- xmlParseCDSect - -Parameter-entity references are ignored outside the DTD. - -- xmlLoadEntityContent - -This function is only called from xmlStringLenDecodeEntities and -entities are replaced in a separate step immediately after the function -call. - -This bug could also be triggered with an internal subset and double -entity expansion. - -This fixes bug 766956 initially reported by Wei Lei and independently by -Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone -involved. - -xmlParseNameComplex with XML_PARSE_OLD10 -======================================== - -When parsing Names inside an expanded parameter entity with the -XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the -GROW macro if the input buffer was exhausted. At the end of the -parameter entity's replacement text, this function would then call -xmlPopInput which invalidated the input buffer. - -There should be no need to invoke GROW in this situation because the -buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and, -at least for UTF-8, in xmlCurrentChar. This also matches the code path -executed when XML_PARSE_OLD10 is not set. - -This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). -Thanks to Marcel Böhme and Thuan Pham for the report. - -Additional hardening -==================== - -A separate check was added in xmlParseNameComplex to validate the -buffer size. - -Fixes bug 781205 and bug 781361 - -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74] -CVE: CVE-2017-9049 CVE-2017-9050 -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> - -diff --git a/Makefile.am b/Makefile.am -index 9f988b0..dab15a4 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT) - if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \ - rm result.$$name error.$$name ; \ - fi ; fi ; done) -+ @echo "## Error cases regression tests (old 1.0)" -+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \ -+ name=`basename $$i`; \ -+ if [ ! -d $$i ] ; then \ -+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \ -+ echo New test file $$name ; \ -+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \ -+ 2> $(srcdir)/result/errors10/$$name.err \ -+ > $(srcdir)/result/errors10/$$name ; \ -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ -+ else \ -+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \ -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ -+ diff $(srcdir)/result/errors10/$$name result.$$name ; \ -+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \ -+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \ -+ rm result.$$name error.$$name ; \ -+ fi ; fi ; done) - @echo "## Error cases stream regression tests" - -@(for i in $(srcdir)/test/errors/*.xml ; do \ - name=`basename $$i`; \ -diff --git a/parser.c b/parser.c -index 609a270..8e11c12 100644 ---- a/parser.c -+++ b/parser.c -@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) { - ctxt->input->line++; ctxt->input->col = 1; \ - } else ctxt->input->col++; \ - ctxt->input->cur += l; \ -- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \ - } while (0) - - #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l) -@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { - len += l; - NEXTL(l); - c = CUR_CHAR(l); -- if (c == 0) { -- count = 0; -- GROW; -- if (ctxt->instate == XML_PARSER_EOF) -- return(NULL); -- c = CUR_CHAR(l); -- } - } - } - if ((len > XML_MAX_NAME_LENGTH) && -@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { - xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); - return(NULL); - } -+ if (ctxt->input->cur - ctxt->input->base < len) { -+ /* -+ * There were a couple of bugs where PERefs lead to to a change -+ * of the buffer. Check the buffer size to avoid passing an invalid -+ * pointer to xmlDictLookup. -+ */ -+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, -+ "unexpected change of input buffer"); -+ return (NULL); -+ } - if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r')) - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len)); - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len)); -diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml -new file mode 100644 -index 0000000..e69de29 -diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err -new file mode 100644 -index 0000000..da15c3f ---- /dev/null -+++ b/result/errors10/781205.xml.err -@@ -0,0 +1,21 @@ -+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+ -+ %a; -+ ^ -+Entity: line 1: -+<:0000 -+^ -+Entity: line 1: parser error : DOCTYPE improperly terminated -+ %a; -+ ^ -+Entity: line 1: -+<:0000 -+^ -+namespace error : Failed to parse QName ':0000' -+ %a; -+ ^ -+<:0000 -+ ^ -+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1 -+ -+^ -diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml -new file mode 100644 -index 0000000..e69de29 -diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err -new file mode 100644 -index 0000000..655f41a ---- /dev/null -+++ b/result/errors10/781361.xml.err -@@ -0,0 +1,13 @@ -+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected -+ -+^ -+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+ -+ -+^ -+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated -+ -+^ -+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found -+ -+^ -diff --git a/result/valid/766956.xml b/result/valid/766956.xml -new file mode 100644 -index 0000000..e69de29 -diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err -new file mode 100644 -index 0000000..34b1dae ---- /dev/null -+++ b/result/valid/766956.xml.err -@@ -0,0 +1,9 @@ -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' -+%ä%ent; -+ ^ -+Entity: line 1: parser error : Content error in the external subset -+ %ent; -+ ^ -+Entity: line 1: -+value -+^ -diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr -new file mode 100644 -index 0000000..7760346 ---- /dev/null -+++ b/result/valid/766956.xml.err.rdr -@@ -0,0 +1,10 @@ -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' -+%ä%ent; -+ ^ -+Entity: line 1: parser error : Content error in the external subset -+ %ent; -+ ^ -+Entity: line 1: -+value -+^ -+./test/valid/766956.xml : failed to parse -diff --git a/runtest.c b/runtest.c -index bb74d2a..63e8c20 100644 ---- a/runtest.c -+++ b/runtest.c -@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = { - { "Error cases regression tests", - errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err", - 0 }, -+ { "Error cases regression tests (old 1.0)", -+ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err", -+ XML_PARSE_OLD10 }, - #ifdef LIBXML_READER_ENABLED - { "Error cases stream regression tests", - streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str", -diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml -new file mode 100644 -index 0000000..d9e9e83 ---- /dev/null -+++ b/test/errors10/781205.xml -@@ -0,0 +1,3 @@ -+<!DOCTYPE D [ -+ <!ENTITY % a "<:0000"> -+ %a; -diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml -new file mode 100644 -index 0000000..67476bc ---- /dev/null -+++ b/test/errors10/781361.xml -@@ -0,0 +1,3 @@ -+<!DOCTYPE doc [ -+ <!ENTITY % elem "<!ELEMENT e0000000000"> -+ %elem; -diff --git a/test/valid/766956.xml b/test/valid/766956.xml -new file mode 100644 -index 0000000..19a95a0 ---- /dev/null -+++ b/test/valid/766956.xml -@@ -0,0 +1,2 @@ -+<!DOCTYPE test SYSTEM "dtds/766956.dtd"> -+<test/> -diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd -new file mode 100644 -index 0000000..dddde68 ---- /dev/null -+++ b/test/valid/dtds/766956.dtd -@@ -0,0 +1,2 @@ -+<!ENTITY % ent "value"> -+%ä%ent; diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch deleted file mode 100644 index c60e32f656..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch +++ /dev/null @@ -1,45 +0,0 @@ -libxml2-2.9.4: Fix more NULL pointer derefs - -xpointer: Fix more NULL pointer derefs - -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd] -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com> - -diff --git a/xpointer.c b/xpointer.c -index 676c510..074db24 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - /* - * Empty set ... - */ -- if (end->nodesetval->nodeNr <= 0) -+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0)) - return(NULL); - break; - default: -@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) { - */ - xmlNodeSetPtr set; - set = tmp->nodesetval; -- if ((set->nodeNr != 1) || -+ if ((set == NULL) || (set->nodeNr != 1) || - (set->nodeTab[0] != (xmlNodePtr) ctx->doc)) - stack++; - } else -@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) { - xmlXPathFreeObject(set); - XP_ERROR(XPATH_MEMORY_ERROR); - } -- for (i = 0;i < oldset->locNr;i++) { -- xmlXPtrLocationSetAdd(newset, -- xmlXPtrCoveringRange(ctxt, oldset->locTab[i])); -+ if (oldset != NULL) { -+ for (i = 0;i < oldset->locNr;i++) { -+ xmlXPtrLocationSetAdd(newset, -+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i])); -+ } - } - - /* diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch deleted file mode 100644 index faa57701f5..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch +++ /dev/null @@ -1,590 +0,0 @@ -libxml2-2.9.4: Avoid reparsing and simplify control flow in xmlParseStartTag2 - -[No upstream tracking] - -parser: Avoid reparsing in xmlParseStartTag2 - -The code in xmlParseStartTag2 must handle the case that the input -buffer was grown and reallocated which can invalidate pointers to -attribute values. Before, this was handled by detecting changes of -the input buffer "base" pointer and, in case of a change, jumping -back to the beginning of the function and reparsing the start tag. - -The major problem of this approach is that whether an input buffer is -reallocated is nondeterministic, resulting in seemingly random test -failures. See the mailing list thread "runtest mystery bug: name2.xml -error case regression test" from 2012, for example. - -If a reallocation was detected, the code also made no attempts to -continue parsing in case of errors which makes a difference in -the lax "recover" mode. - -Now we store the current input buffer "base" pointer for each (not -separately allocated) attribute in the namespace URI field, which isn't -used until later. After the whole start tag was parsed, the pointers to -the attribute values are reconstructed using the offset between the -new and the old input buffer. This relies on arithmetic on dangling -pointers which is technically undefined behavior. But it seems like -the easiest and most efficient fix and a similar approach is used in -xmlParserInputGrow. - -This changes the error output of several tests, typically making it -more verbose because we try harder to continue parsing in case of errors. - -(Another possible solution is to check not only the "base" pointer -but the size of the input buffer as well. But this would result in -even more reparsing.) - -Remove some goto labels and deduplicate a bit of code after handling -namespaces. - -There were two bugs where parameter-entity references could lead to an -unexpected change of the input buffer in xmlParseNameComplex and -xmlDictLookup being called with an invalid pointer. - - -Upstream-Status: Backport - - [https://git.gnome.org/browse/libxml2/commit/?id=07b7428b69c368611d215a140fe630b2d1e61349] - - [https://git.gnome.org/browse/libxml2/commit/?id=855c19efb7cd30d927d673b3658563c4959ca6f0] -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> - -diff --git a/parser.c b/parser.c -index 609a270..74016e3 100644 ---- a/parser.c -+++ b/parser.c -@@ -43,6 +43,7 @@ - #include <limits.h> - #include <string.h> - #include <stdarg.h> -+#include <stddef.h> - #include <libxml/xmlmemory.h> - #include <libxml/threads.h> - #include <libxml/globals.h> -@@ -9377,8 +9378,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref, - const xmlChar **atts = ctxt->atts; - int maxatts = ctxt->maxatts; - int nratts, nbatts, nbdef; -- int i, j, nbNs, attval, oldline, oldcol, inputNr; -- const xmlChar *base; -+ int i, j, nbNs, attval; - unsigned long cur; - int nsNr = ctxt->nsNr; - -@@ -9392,13 +9392,8 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref, - * The Shrinking is only possible once the full set of attribute - * callbacks have been done. - */ --reparse: - SHRINK; -- base = ctxt->input->base; - cur = ctxt->input->cur - ctxt->input->base; -- inputNr = ctxt->inputNr; -- oldline = ctxt->input->line; -- oldcol = ctxt->input->col; - nbatts = 0; - nratts = 0; - nbdef = 0; -@@ -9422,8 +9417,6 @@ reparse: - */ - SKIP_BLANKS; - GROW; -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) -- goto base_changed; - - while (((RAW != '>') && - ((RAW != '/') || (NXT(1) != '>')) && -@@ -9434,203 +9427,174 @@ reparse: - - attname = xmlParseAttribute2(ctxt, prefix, localname, - &aprefix, &attvalue, &len, &alloc); -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) { -- if ((attvalue != NULL) && (alloc != 0)) -- xmlFree(attvalue); -- attvalue = NULL; -- goto base_changed; -- } -- if ((attname != NULL) && (attvalue != NULL)) { -- if (len < 0) len = xmlStrlen(attvalue); -- if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) { -- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len); -- xmlURIPtr uri; -- -- if (URL == NULL) { -- xmlErrMemory(ctxt, "dictionary allocation failure"); -- if ((attvalue != NULL) && (alloc != 0)) -- xmlFree(attvalue); -- return(NULL); -- } -- if (*URL != 0) { -- uri = xmlParseURI((const char *) URL); -- if (uri == NULL) { -- xmlNsErr(ctxt, XML_WAR_NS_URI, -- "xmlns: '%s' is not a valid URI\n", -- URL, NULL, NULL); -- } else { -- if (uri->scheme == NULL) { -- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE, -- "xmlns: URI %s is not absolute\n", -- URL, NULL, NULL); -- } -- xmlFreeURI(uri); -- } -- if (URL == ctxt->str_xml_ns) { -- if (attname != ctxt->str_xml) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "xml namespace URI cannot be the default namespace\n", -- NULL, NULL, NULL); -- } -- goto skip_default_ns; -- } -- if ((len == 29) && -- (xmlStrEqual(URL, -- BAD_CAST "http://www.w3.org/2000/xmlns/"))) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "reuse of the xmlns namespace name is forbidden\n", -- NULL, NULL, NULL); -- goto skip_default_ns; -- } -- } -- /* -- * check that it's not a defined namespace -- */ -- for (j = 1;j <= nbNs;j++) -- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL) -- break; -- if (j <= nbNs) -- xmlErrAttributeDup(ctxt, NULL, attname); -- else -- if (nsPush(ctxt, NULL, URL) > 0) nbNs++; --skip_default_ns: -- if ((attvalue != NULL) && (alloc != 0)) { -- xmlFree(attvalue); -- attvalue = NULL; -- } -- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>')))) -- break; -- if (!IS_BLANK_CH(RAW)) { -- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED, -- "attributes construct error\n"); -- break; -- } -- SKIP_BLANKS; -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) -- goto base_changed; -- continue; -- } -- if (aprefix == ctxt->str_xmlns) { -- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len); -- xmlURIPtr uri; -- -- if (attname == ctxt->str_xml) { -- if (URL != ctxt->str_xml_ns) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "xml namespace prefix mapped to wrong URI\n", -- NULL, NULL, NULL); -- } -- /* -- * Do not keep a namespace definition node -- */ -- goto skip_ns; -- } -+ if ((attname == NULL) || (attvalue == NULL)) -+ goto next_attr; -+ if (len < 0) len = xmlStrlen(attvalue); -+ -+ if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) { -+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len); -+ xmlURIPtr uri; -+ -+ if (URL == NULL) { -+ xmlErrMemory(ctxt, "dictionary allocation failure"); -+ if ((attvalue != NULL) && (alloc != 0)) -+ xmlFree(attvalue); -+ return(NULL); -+ } -+ if (*URL != 0) { -+ uri = xmlParseURI((const char *) URL); -+ if (uri == NULL) { -+ xmlNsErr(ctxt, XML_WAR_NS_URI, -+ "xmlns: '%s' is not a valid URI\n", -+ URL, NULL, NULL); -+ } else { -+ if (uri->scheme == NULL) { -+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE, -+ "xmlns: URI %s is not absolute\n", -+ URL, NULL, NULL); -+ } -+ xmlFreeURI(uri); -+ } - if (URL == ctxt->str_xml_ns) { -- if (attname != ctxt->str_xml) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "xml namespace URI mapped to wrong prefix\n", -- NULL, NULL, NULL); -- } -- goto skip_ns; -- } -- if (attname == ctxt->str_xmlns) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "redefinition of the xmlns prefix is forbidden\n", -- NULL, NULL, NULL); -- goto skip_ns; -- } -- if ((len == 29) && -- (xmlStrEqual(URL, -- BAD_CAST "http://www.w3.org/2000/xmlns/"))) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "reuse of the xmlns namespace name is forbidden\n", -- NULL, NULL, NULL); -- goto skip_ns; -- } -- if ((URL == NULL) || (URL[0] == 0)) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "xmlns:%s: Empty XML namespace is not allowed\n", -- attname, NULL, NULL); -- goto skip_ns; -- } else { -- uri = xmlParseURI((const char *) URL); -- if (uri == NULL) { -- xmlNsErr(ctxt, XML_WAR_NS_URI, -- "xmlns:%s: '%s' is not a valid URI\n", -- attname, URL, NULL); -- } else { -- if ((ctxt->pedantic) && (uri->scheme == NULL)) { -- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE, -- "xmlns:%s: URI %s is not absolute\n", -- attname, URL, NULL); -- } -- xmlFreeURI(uri); -- } -- } -- -- /* -- * check that it's not a defined namespace -- */ -- for (j = 1;j <= nbNs;j++) -- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname) -- break; -- if (j <= nbNs) -- xmlErrAttributeDup(ctxt, aprefix, attname); -- else -- if (nsPush(ctxt, attname, URL) > 0) nbNs++; --skip_ns: -- if ((attvalue != NULL) && (alloc != 0)) { -- xmlFree(attvalue); -- attvalue = NULL; -- } -- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>')))) -- break; -- if (!IS_BLANK_CH(RAW)) { -- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED, -- "attributes construct error\n"); -- break; -- } -- SKIP_BLANKS; -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) -- goto base_changed; -- continue; -- } -+ if (attname != ctxt->str_xml) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "xml namespace URI cannot be the default namespace\n", -+ NULL, NULL, NULL); -+ } -+ goto next_attr; -+ } -+ if ((len == 29) && -+ (xmlStrEqual(URL, -+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "reuse of the xmlns namespace name is forbidden\n", -+ NULL, NULL, NULL); -+ goto next_attr; -+ } -+ } -+ /* -+ * check that it's not a defined namespace -+ */ -+ for (j = 1;j <= nbNs;j++) -+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL) -+ break; -+ if (j <= nbNs) -+ xmlErrAttributeDup(ctxt, NULL, attname); -+ else -+ if (nsPush(ctxt, NULL, URL) > 0) nbNs++; -+ -+ } else if (aprefix == ctxt->str_xmlns) { -+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len); -+ xmlURIPtr uri; -+ -+ if (attname == ctxt->str_xml) { -+ if (URL != ctxt->str_xml_ns) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "xml namespace prefix mapped to wrong URI\n", -+ NULL, NULL, NULL); -+ } -+ /* -+ * Do not keep a namespace definition node -+ */ -+ goto next_attr; -+ } -+ if (URL == ctxt->str_xml_ns) { -+ if (attname != ctxt->str_xml) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "xml namespace URI mapped to wrong prefix\n", -+ NULL, NULL, NULL); -+ } -+ goto next_attr; -+ } -+ if (attname == ctxt->str_xmlns) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "redefinition of the xmlns prefix is forbidden\n", -+ NULL, NULL, NULL); -+ goto next_attr; -+ } -+ if ((len == 29) && -+ (xmlStrEqual(URL, -+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "reuse of the xmlns namespace name is forbidden\n", -+ NULL, NULL, NULL); -+ goto next_attr; -+ } -+ if ((URL == NULL) || (URL[0] == 0)) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "xmlns:%s: Empty XML namespace is not allowed\n", -+ attname, NULL, NULL); -+ goto next_attr; -+ } else { -+ uri = xmlParseURI((const char *) URL); -+ if (uri == NULL) { -+ xmlNsErr(ctxt, XML_WAR_NS_URI, -+ "xmlns:%s: '%s' is not a valid URI\n", -+ attname, URL, NULL); -+ } else { -+ if ((ctxt->pedantic) && (uri->scheme == NULL)) { -+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE, -+ "xmlns:%s: URI %s is not absolute\n", -+ attname, URL, NULL); -+ } -+ xmlFreeURI(uri); -+ } -+ } - -- /* -- * Add the pair to atts -- */ -- if ((atts == NULL) || (nbatts + 5 > maxatts)) { -- if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) { -- if (attvalue[len] == 0) -- xmlFree(attvalue); -- goto failed; -- } -- maxatts = ctxt->maxatts; -- atts = ctxt->atts; -- } -- ctxt->attallocs[nratts++] = alloc; -- atts[nbatts++] = attname; -- atts[nbatts++] = aprefix; -- atts[nbatts++] = NULL; /* the URI will be fetched later */ -- atts[nbatts++] = attvalue; -- attvalue += len; -- atts[nbatts++] = attvalue; -- /* -- * tag if some deallocation is needed -- */ -- if (alloc != 0) attval = 1; -- } else { -- if ((attvalue != NULL) && (attvalue[len] == 0)) -- xmlFree(attvalue); -- } -+ /* -+ * check that it's not a defined namespace -+ */ -+ for (j = 1;j <= nbNs;j++) -+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname) -+ break; -+ if (j <= nbNs) -+ xmlErrAttributeDup(ctxt, aprefix, attname); -+ else -+ if (nsPush(ctxt, attname, URL) > 0) nbNs++; -+ -+ } else { -+ /* -+ * Add the pair to atts -+ */ -+ if ((atts == NULL) || (nbatts + 5 > maxatts)) { -+ if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) { -+ goto next_attr; -+ } -+ maxatts = ctxt->maxatts; -+ atts = ctxt->atts; -+ } -+ ctxt->attallocs[nratts++] = alloc; -+ atts[nbatts++] = attname; -+ atts[nbatts++] = aprefix; -+ /* -+ * The namespace URI field is used temporarily to point at the -+ * base of the current input buffer for non-alloced attributes. -+ * When the input buffer is reallocated, all the pointers become -+ * invalid, but they can be reconstructed later. -+ */ -+ if (alloc) -+ atts[nbatts++] = NULL; -+ else -+ atts[nbatts++] = ctxt->input->base; -+ atts[nbatts++] = attvalue; -+ attvalue += len; -+ atts[nbatts++] = attvalue; -+ /* -+ * tag if some deallocation is needed -+ */ -+ if (alloc != 0) attval = 1; -+ attvalue = NULL; /* moved into atts */ -+ } - --failed: -+next_attr: -+ if ((attvalue != NULL) && (alloc != 0)) { -+ xmlFree(attvalue); -+ attvalue = NULL; -+ } - - GROW - if (ctxt->instate == XML_PARSER_EOF) - break; -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) -- goto base_changed; - if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>')))) - break; - if (!IS_BLANK_CH(RAW)) { -@@ -9646,8 +9610,20 @@ failed: - break; - } - GROW; -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) -- goto base_changed; -+ } -+ -+ /* Reconstruct attribute value pointers. */ -+ for (i = 0, j = 0; j < nratts; i += 5, j++) { -+ if (atts[i+2] != NULL) { -+ /* -+ * Arithmetic on dangling pointers is technically undefined -+ * behavior, but well... -+ */ -+ ptrdiff_t offset = ctxt->input->base - atts[i+2]; -+ atts[i+2] = NULL; /* Reset repurposed namespace URI */ -+ atts[i+3] += offset; /* value */ -+ atts[i+4] += offset; /* valuend */ -+ } - } - - /* -@@ -9804,34 +9780,6 @@ failed: - } - - return(localname); -- --base_changed: -- /* -- * the attribute strings are valid iif the base didn't changed -- */ -- if (attval != 0) { -- for (i = 3,j = 0; j < nratts;i += 5,j++) -- if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL)) -- xmlFree((xmlChar *) atts[i]); -- } -- -- /* -- * We can't switch from one entity to another in the middle -- * of a start tag -- */ -- if (inputNr != ctxt->inputNr) { -- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY, -- "Start tag doesn't start and stop in the same entity\n"); -- return(NULL); -- } -- -- ctxt->input->cur = ctxt->input->base + cur; -- ctxt->input->line = oldline; -- ctxt->input->col = oldcol; -- if (ctxt->wellFormed == 1) { -- goto reparse; -- } -- return(NULL); - } - - /** -diff --git a/result/errors/759398.xml.err b/result/errors/759398.xml.err -index e08d9bf..f6036a3 100644 ---- a/result/errors/759398.xml.err -+++ b/result/errors/759398.xml.err -@@ -1,9 +1,12 @@ - ./test/errors/759398.xml:210: parser error : StartTag: invalid element name - need to worry about parsers whi<! don't expand PErefs finding - ^ --./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: spec line 50 and termdef -+./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№m line 308 and termdef - and provide access to their content and structure.</termdef> <termdef - ^ --./test/errors/759398.xml:309: parser error : Extra content at the end of the document --and provide access to their content and structure.</termdef> <termdef -- ^ -+./test/errors/759398.xml:314: parser error : Opening and ending tag mismatch: spec line 50 and p -+data and the information it must provide to the application.</p> -+ ^ -+./test/errors/759398.xml:316: parser error : Extra content at the end of the document -+<div2 id='sec-origin-goals'> -+^ -diff --git a/result/errors/attr1.xml.err b/result/errors/attr1.xml.err -index 4f08538..c4c4fc8 100644 ---- a/result/errors/attr1.xml.err -+++ b/result/errors/attr1.xml.err -@@ -1,6 +1,9 @@ - ./test/errors/attr1.xml:2: parser error : AttValue: ' expected - - ^ --./test/errors/attr1.xml:1: parser error : Extra content at the end of the document --<foo foo="oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo -- ^ -+./test/errors/attr1.xml:2: parser error : attributes construct error -+ -+^ -+./test/errors/attr1.xml:2: parser error : Couldn't find end of Start Tag foo line 1 -+ -+^ -diff --git a/result/errors/attr2.xml.err b/result/errors/attr2.xml.err -index c8a9c7d..77e342e 100644 ---- a/result/errors/attr2.xml.err -+++ b/result/errors/attr2.xml.err -@@ -1,6 +1,9 @@ - ./test/errors/attr2.xml:2: parser error : AttValue: ' expected - - ^ --./test/errors/attr2.xml:1: parser error : Extra content at the end of the document --<foo foo=">ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo -- ^ -+./test/errors/attr2.xml:2: parser error : attributes construct error -+ -+^ -+./test/errors/attr2.xml:2: parser error : Couldn't find end of Start Tag foo line 1 -+ -+^ -diff --git a/result/errors/name2.xml.err b/result/errors/name2.xml.err -index a6649a1..8a6acee 100644 ---- a/result/errors/name2.xml.err -+++ b/result/errors/name2.xml.err -@@ -1,6 +1,9 @@ - ./test/errors/name2.xml:2: parser error : Specification mandate value for attribute foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo - - ^ --./test/errors/name2.xml:1: parser error : Extra content at the end of the document --<foo foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo -- ^ -+./test/errors/name2.xml:2: parser error : attributes construct error -+ -+^ -+./test/errors/name2.xml:2: parser error : Couldn't find end of Start Tag foo line 1 -+ -+^ diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch deleted file mode 100644 index 65f6bef1e6..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch +++ /dev/null @@ -1,67 +0,0 @@ -libxml2-2.9.4: Fix comparison with root node in xmlXPathCmpNodes and NULL pointer deref in XPointer - -xpath: - - Check for errors after evaluating first operand. - - Add sanity check for empty stack. - - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes - -Upstream-Status: Backport - - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b] - - [https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8] -CVE: CVE-2016-5131 -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com> - -diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror -new file mode 100644 -index 0000000..d589882 ---- /dev/null -+++ b/result/XPath/xptr/viderror -@@ -0,0 +1,4 @@ -+ -+======================== -+Expression: xpointer(non-existing-fn()/range-to(id('chapter2'))) -+Object is empty (NULL) -diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror -new file mode 100644 -index 0000000..da8c53b ---- /dev/null -+++ b/test/XPath/xptr/viderror -@@ -0,0 +1 @@ -+xpointer(non-existing-fn()/range-to(id('chapter2'))) -diff --git a/xpath.c b/xpath.c -index 113bce6..d992841 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) { - * compute depth to root - */ - for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) { -- if (cur == node1) -+ if (cur->parent == node1) - return(1); - depth2++; - } - root = cur; - for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) { -- if (cur == node2) -+ if (cur->parent == node2) - return(-1); - depth1++; - } -@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) - xmlNodeSetPtr oldset; - int i, j; - -- if (op->ch1 != -1) -+ if (op->ch1 != -1) { - total += - xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]); -+ CHECK_ERROR0; -+ } -+ if (ctxt->value == NULL) { -+ XP_ERROR0(XPATH_INVALID_OPERAND); -+ } - if (op->ch2 == -1) - return (total); - diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch b/meta/recipes-core/libxml/libxml2/runtest.patch index 6e56857caf..cb171d5b36 100644 --- a/meta/recipes-core/libxml/libxml2/runtest.patch +++ b/meta/recipes-core/libxml/libxml2/runtest.patch @@ -2,47 +2,29 @@ Add 'install-ptest' rule. Print a standard result line for each test. Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com> -Signed-off-by: Andrej Valek <andrej.valek@enea.com> +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Upstream-Status: Backport diff -uNr a/Makefile.am b/Makefile.am ---- a/Makefile.am 2016-05-22 03:49:02.000000000 +0200 -+++ b/Makefile.am 2017-06-14 10:38:43.381305385 +0200 -@@ -202,10 +202,24 @@ +--- a/Makefile.am 2017-08-28 15:01:14.000000000 +0200 ++++ b/Makefile.am 2017-09-05 08:06:05.752287323 +0200 +@@ -202,6 +202,15 @@ #testOOM_DEPENDENCIES = $(DEPS) #testOOM_LDADD= $(LDADDS) +install-ptest: + @(if [ -d .libs ] ; then cd .libs; fi; \ -+ install $(noinst_PROGRAMS) $(DESTDIR)) ++ install $(check_PROGRAMS) $(DESTDIR)) + cp -r $(srcdir)/test $(DESTDIR) + cp -r $(srcdir)/result $(DESTDIR) + cp -r $(srcdir)/python $(DESTDIR) + cp Makefile $(DESTDIR) + sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile + - runtests: + runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \ + testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT) [ -d test ] || $(LN_S) $(srcdir)/test . - [ -d result ] || $(LN_S) $(srcdir)/result . -- $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT) -+ $(CHECKER) ./runtest$(EXEEXT) && \ -+ $(CHECKER) ./testrecurse$(EXEEXT) && \ -+ ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) ./testapi$(EXEEXT) && \ -+ $(CHECKER) ./testchar$(EXEEXT) && \ -+ $(CHECKER) ./testdict$(EXEEXT) && \ -+ $(CHECKER) ./runxmlconf$(EXEEXT) - @(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \ - $(MAKE) tests ; fi) - -@@ -229,7 +243,7 @@ - - APItests: testapi$(EXEEXT) - @echo "## Running the API regression tests this may take a little while" -- -@($(CHECKER) $(top_builddir)/testapi -q) -+ -@(ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) $(top_builddir)/testapi -q) - - HTMLtests : testHTML$(EXEEXT) - @(echo > .memdump) + diff -uNr a/runsuite.c b/runsuite.c --- a/runsuite.c 2013-04-12 16:17:11.462823238 +0200 +++ b/runsuite.c 2013-04-17 14:07:24.352693211 +0200 diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.5.bb index 9adb29cfdd..27e1a8e7b1 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.5.bb @@ -19,21 +19,12 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \ file://run-ptest \ file://python-sitepackages-dir.patch \ file://libxml-m4-use-pkgconfig.patch \ - file://libxml2-fix_node_comparison.patch \ - file://libxml2-CVE-2016-5131.patch \ - file://libxml2-CVE-2016-4658.patch \ - file://libxml2-fix_NULL_pointer_derefs.patch \ - file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \ - file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \ - file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \ - file://libxml2-CVE-2017-5969.patch \ - file://libxml2-CVE-2017-0663.patch \ - file://libxml2-CVE-2017-8872.patch \ file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \ + file://fix-execution-of-ptests.patch \ " -SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5" -SRC_URI[libtar.sha256sum] = "ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c" +SRC_URI[libtar.md5sum] = "5ce0da9bdaa267b40c4ca36d35363b8b" +SRC_URI[libtar.sha256sum] = "4031c1ecee9ce7ba4f313e91ef6284164885cdb69937a123f6a83bb6a72dcd38" SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a" SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7" @@ -81,6 +72,10 @@ do_configure_prepend () { find ${WORKDIR}/xmlconf/ -type f -exec chmod -x {} \+ } +do_compile_ptest() { + oe_runmake check-am +} + do_install_ptest () { cp -r ${WORKDIR}/xmlconf ${D}${PTEST_PATH} if [ "${@bb.utils.filter('PACKAGECONFIG', 'python', d)}" ]; then diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb index be37c44210..d98a9c901c 100644 --- a/meta/recipes-core/meta/buildtools-tarball.bb +++ b/meta/recipes-core/meta/buildtools-tarball.bb @@ -21,7 +21,6 @@ TOOLCHAIN_HOST_TASK ?= "\ nativesdk-wget \ nativesdk-ca-certificates \ nativesdk-texinfo \ - nativesdk-locale-base-en-us \ " MULTIMACH_TARGET_SYS = "${SDK_ARCH}-nativesdk${SDK_VENDOR}-${SDK_OS}" diff --git a/meta/recipes-core/musl/musl.inc b/meta/recipes-core/musl/musl.inc index 56c9d7fe17..9af1172ae0 100644 --- a/meta/recipes-core/musl/musl.inc +++ b/meta/recipes-core/musl/musl.inc @@ -26,3 +26,8 @@ INSANE_SKIP_${PN} = "dev-so" # Doesn't compile in MIPS16e mode due to use of hand-written # assembly MIPS_INSTRUCTION_SET = "mips" + +# thumb1 is unsupported +ARM_INSTRUCTION_SET_armv5 = "arm" +ARM_INSTRUCTION_SET_armv4 = "arm" + diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb index bd7573e0f3..db26b4fef2 100644 --- a/meta/recipes-core/musl/musl_git.bb +++ b/meta/recipes-core/musl/musl_git.bb @@ -3,9 +3,9 @@ require musl.inc -SRCREV = "da438ee1fc516c41ba1790cef7be551a9e244397" +SRCREV = "eb03bde2f24582874cb72b56c7811bf51da0c817" -PV = "1.1.16+git${SRCPV}" +PV = "1.1.18+git${SRCPV}" # mirror is at git://github.com/kraj/musl.git @@ -57,10 +57,11 @@ do_install() { oe_runmake install DESTDIR='${D}' install -d ${D}${bindir} + rm -f ${D}${bindir}/ldd lnr ${D}${libdir}/libc.so ${D}${bindir}/ldd for l in crypt dl m pthread resolv rt util xnet do - ln -s libc.so ${D}${libdir}/lib$l.so + ln -sf libc.so ${D}${libdir}/lib$l.so done } diff --git a/meta/recipes-core/ncurses/files/CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch b/meta/recipes-core/ncurses/files/CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch deleted file mode 100644 index a19332c4b2..0000000000 --- a/meta/recipes-core/ncurses/files/CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch +++ /dev/null @@ -1,541 +0,0 @@ -From 4bf72cb8f1d3aa5f33c31eb817a5f0338f4aaf6f Mon Sep 17 00:00:00 2001 -From: Ovidiu Panait <ovidiu.panait@windriver.com> -Date: Wed, 20 Sep 2017 05:02:00 +0000 -Subject: [PATCH] Import upstream patch 20170826 - -20170826 - + fixes for "iterm2" (report by Leonardo Brondani Schenkel) -TD - + corrected a warning from tic about keys which are the same, to skip - over missing/cancelled values. - + add check in tic for unnecessary use of "2" to denote a shifted - special key. - + improve checks in trim_sgr0, comp_parse.c and parse_entry.c, for - cancelled string capabilities. - + add check in _nc_parse_entry() for invalid entry name, setting the - name to "invalid" to avoid problems storing entries. - + add/improve checks in tic's parser to address invalid input - + add a check in comp_scan.c to handle the special case where a - nontext file ending with a NUL rather than newline is given to tic - as input (Redhat #1484274). - + allow for cancelled capabilities in _nc_save_str (Redhat #1484276). - + add validity checks for "use=" target in _nc_parse_entry (Redhat - #1484284). - + check for invalid strings in postprocess_termcap (Redhat #1484285) - + reset secondary pointers on EOF in next_char() (Redhat #1484287). - + guard _nc_safe_strcpy() and _nc_safe_strcat() against calls using - cancelled strings (Redhat #1484291). - + correct typo in curs_memleaks.3x (Sven Joachim). - + improve test/configure checks for some curses variants not based on - X/Open Curses. - + add options for test/configure to disable checks for form, menu and - panel libraries. - -Upstream-Status: Backport -CVE: CVE-2017-13732, CVE-2017-13734, CVE-2017-13730, CVE-2017-13729, CVE-2017-13728, CVE-2017-13731 - - -Author: Sven Joachim <svenjoac@gmx.de> -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - dist.mk | 4 +- - include/ncurses_defs | 4 +- - ncurses/tinfo/alloc_entry.c | 4 +- - ncurses/tinfo/comp_parse.c | 10 ++--- - ncurses/tinfo/comp_scan.c | 6 ++- - ncurses/tinfo/parse_entry.c | 91 ++++++++++++++++++++++++++++++--------------- - ncurses/tinfo/strings.c | 9 +++-- - ncurses/tinfo/trim_sgr0.c | 4 +- - progs/tic.c | 75 ++++++++++++++++++++++++++++++++++++- - 9 files changed, 157 insertions(+), 50 deletions(-) - -diff --git a/dist.mk b/dist.mk -index 9af2699..2c70472 100644 ---- a/dist.mk -+++ b/dist.mk -@@ -25,7 +25,7 @@ - # use or other dealings in this Software without prior written # - # authorization. # - ############################################################################## --# $Id: dist.mk,v 1.1172 2017/07/13 00:15:27 tom Exp $ -+# $Id: dist.mk,v 1.1179 2017/08/20 15:33:41 tom Exp $ - # Makefile for creating ncurses distributions. - # - # This only needs to be used directly as a makefile by developers, but -@@ -37,7 +37,7 @@ SHELL = /bin/sh - # These define the major/minor/patch versions of ncurses. - NCURSES_MAJOR = 6 - NCURSES_MINOR = 0 --NCURSES_PATCH = 20170715 -+NCURSES_PATCH = 20170826 - - # We don't append the patch to the version, since this only applies to releases - VERSION = $(NCURSES_MAJOR).$(NCURSES_MINOR) -diff --git a/include/ncurses_defs b/include/ncurses_defs -index e6611b7..d237db1 100644 ---- a/include/ncurses_defs -+++ b/include/ncurses_defs -@@ -1,4 +1,4 @@ --# $Id: ncurses_defs,v 1.73 2017/06/24 14:20:57 tom Exp $ -+# $Id: ncurses_defs,v 1.75 2017/08/20 16:50:04 tom Exp $ - ############################################################################## - # Copyright (c) 2000-2016,2017 Free Software Foundation, Inc. # - # # -@@ -50,7 +50,9 @@ HAVE_BSD_STRING_H - HAVE_BTOWC - HAVE_BUILTIN_H - HAVE_CHGAT 1 -+HAVE_COLOR_CONTENT 1 - HAVE_COLOR_SET 1 -+HAVE_CURSCR 1 - HAVE_DIRENT_H - HAVE_ERRNO - HAVE_FCNTL_H -diff --git a/ncurses/tinfo/alloc_entry.c b/ncurses/tinfo/alloc_entry.c -index 5de09f1..09374d6 100644 ---- a/ncurses/tinfo/alloc_entry.c -+++ b/ncurses/tinfo/alloc_entry.c -@@ -47,7 +47,7 @@ - - #include <tic.h> - --MODULE_ID("$Id: alloc_entry.c,v 1.60 2017/06/27 23:48:55 tom Exp $") -+MODULE_ID("$Id: alloc_entry.c,v 1.61 2017/08/25 09:09:08 tom Exp $") - - #define ABSENT_OFFSET -1 - #define CANCELLED_OFFSET -2 -@@ -98,7 +98,7 @@ _nc_save_str(const char *const string) - size_t old_next_free = next_free; - size_t len; - -- if (string == 0) -+ if (!VALID_STRING(string)) - return _nc_save_str(""); - len = strlen(string) + 1; - -diff --git a/ncurses/tinfo/comp_parse.c b/ncurses/tinfo/comp_parse.c -index 34e6216..580d4df 100644 ---- a/ncurses/tinfo/comp_parse.c -+++ b/ncurses/tinfo/comp_parse.c -@@ -47,7 +47,7 @@ - - #include <tic.h> - --MODULE_ID("$Id: comp_parse.c,v 1.96 2017/04/15 15:36:58 tom Exp $") -+MODULE_ID("$Id: comp_parse.c,v 1.99 2017/08/26 16:15:50 tom Exp $") - - static void sanity_check2(TERMTYPE2 *, bool); - NCURSES_IMPEXP void NCURSES_API(*_nc_check_termtype2) (TERMTYPE2 *, bool) = sanity_check2; -@@ -510,9 +510,9 @@ static void - fixup_acsc(TERMTYPE2 *tp, int literal) - { - if (!literal) { -- if (acs_chars == 0 -- && enter_alt_charset_mode != 0 -- && exit_alt_charset_mode != 0) -+ if (acs_chars == ABSENT_STRING -+ && PRESENT(enter_alt_charset_mode) -+ && PRESENT(exit_alt_charset_mode)) - acs_chars = strdup(VT_ACSC); - } - } -@@ -568,9 +568,7 @@ sanity_check2(TERMTYPE2 *tp, bool literal) - PAIRED(enter_xon_mode, exit_xon_mode); - PAIRED(enter_am_mode, exit_am_mode); - ANDMISSING(label_off, label_on); --#ifdef remove_clock - PAIRED(display_clock, remove_clock); --#endif - ANDMISSING(set_color_pair, initialize_pair); - } - -diff --git a/ncurses/tinfo/comp_scan.c b/ncurses/tinfo/comp_scan.c -index 40d7f6a..b207257 100644 ---- a/ncurses/tinfo/comp_scan.c -+++ b/ncurses/tinfo/comp_scan.c -@@ -50,7 +50,7 @@ - #include <ctype.h> - #include <tic.h> - --MODULE_ID("$Id: comp_scan.c,v 1.106 2017/04/22 11:41:12 tom Exp $") -+MODULE_ID("$Id: comp_scan.c,v 1.108 2017/08/25 22:57:21 tom Exp $") - - /* - * Maximum length of string capability we'll accept before raising an error. -@@ -168,6 +168,8 @@ next_char(void) - if (result != 0) { - FreeAndNull(result); - FreeAndNull(pushname); -+ bufptr = 0; -+ bufstart = 0; - allocated = 0; - } - /* -@@ -222,6 +224,8 @@ next_char(void) - } - if ((bufptr = bufstart) != 0) { - used = strlen(bufptr); -+ if (used == 0) -+ return (EOF); - while (iswhite(*bufptr)) { - if (*bufptr == '\t') { - _nc_curr_col = (_nc_curr_col | 7) + 1; -diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c -index 3fa2f25..bbbfcb2 100644 ---- a/ncurses/tinfo/parse_entry.c -+++ b/ncurses/tinfo/parse_entry.c -@@ -47,7 +47,7 @@ - #include <ctype.h> - #include <tic.h> - --MODULE_ID("$Id: parse_entry.c,v 1.86 2017/06/28 00:53:12 tom Exp $") -+MODULE_ID("$Id: parse_entry.c,v 1.91 2017/08/26 16:13:34 tom Exp $") - - #ifdef LINT - static short const parametrized[] = -@@ -180,6 +180,20 @@ _nc_extend_names(ENTRY * entryp, char *name, int token_type) - } - #endif /* NCURSES_XNAMES */ - -+static bool -+valid_entryname(const char *name) -+{ -+ bool result = TRUE; -+ int ch; -+ while ((ch = UChar(*name++)) != '\0') { -+ if (ch <= ' ' || ch > '~' || ch == '/') { -+ result = FALSE; -+ break; -+ } -+ } -+ return result; -+} -+ - /* - * int - * _nc_parse_entry(entry, literal, silent) -@@ -211,6 +225,7 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent) - int token_type; - struct name_table_entry const *entry_ptr; - char *ptr, *base; -+ const char *name; - bool bad_tc_usage = FALSE; - - token_type = _nc_get_token(silent); -@@ -261,7 +276,12 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent) - * results in the terminal type getting prematurely set to correspond - * to that of the next entry. - */ -- _nc_set_type(_nc_first_name(entryp->tterm.term_names)); -+ name = _nc_first_name(entryp->tterm.term_names); -+ if (!valid_entryname(name)) { -+ _nc_warning("invalid entry name \"%s\"", name); -+ name = "invalid"; -+ } -+ _nc_set_type(name); - - /* check for overly-long names and aliases */ - for (base = entryp->tterm.term_names; (ptr = strchr(base, '|')) != 0; -@@ -283,13 +303,24 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent) - bool is_use = (strcmp(_nc_curr_token.tk_name, "use") == 0); - bool is_tc = !is_use && (strcmp(_nc_curr_token.tk_name, "tc") == 0); - if (is_use || is_tc) { -+ if (!VALID_STRING(_nc_curr_token.tk_valstring) -+ || _nc_curr_token.tk_valstring[0] == '\0') { -+ _nc_warning("missing name for use-clause"); -+ continue; -+ } else if (!valid_entryname(_nc_curr_token.tk_valstring)) { -+ _nc_warning("invalid name for use-clause \"%s\"", -+ _nc_curr_token.tk_valstring); -+ continue; -+ } else if (entryp->nuses >= MAX_USES) { -+ _nc_warning("too many use-clauses, ignored \"%s\"", -+ _nc_curr_token.tk_valstring); -+ continue; -+ } - entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring); - entryp->uses[entryp->nuses].line = _nc_curr_line; -- if (VALID_STRING(entryp->uses[entryp->nuses].name)) { -- entryp->nuses++; -- if (entryp->nuses > 1 && is_tc) { -- BAD_TC_USAGE -- } -+ entryp->nuses++; -+ if (entryp->nuses > 1 && is_tc) { -+ BAD_TC_USAGE - } - } else { - /* normal token lookup */ -@@ -641,13 +672,6 @@ static const char C_BS[] = "\b"; - static const char C_HT[] = "\t"; - - /* -- * Note that WANTED and PRESENT are not simple inverses! If a capability -- * has been explicitly cancelled, it's not considered WANTED. -- */ --#define WANTED(s) ((s) == ABSENT_STRING) --#define PRESENT(s) (((s) != ABSENT_STRING) && ((s) != CANCELLED_STRING)) -- --/* - * This bit of legerdemain turns all the terminfo variable names into - * references to locations in the arrays Booleans, Numbers, and Strings --- - * precisely what's needed. -@@ -672,10 +696,10 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base) - - /* if there was a tc entry, assume we picked up defaults via that */ - if (!has_base) { -- if (WANTED(init_3string) && termcap_init2) -+ if (WANTED(init_3string) && PRESENT(termcap_init2)) - init_3string = _nc_save_str(termcap_init2); - -- if (WANTED(reset_2string) && termcap_reset) -+ if (WANTED(reset_2string) && PRESENT(termcap_reset)) - reset_2string = _nc_save_str(termcap_reset); - - if (WANTED(carriage_return)) { -@@ -790,7 +814,7 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base) - if (init_tabs != 8 && init_tabs != ABSENT_NUMERIC) - _nc_warning("hardware tabs with a width other than 8: %d", init_tabs); - else { -- if (tab && _nc_capcmp(tab, C_HT)) -+ if (PRESENT(tab) && _nc_capcmp(tab, C_HT)) - _nc_warning("hardware tabs with a non-^I tab string %s", - _nc_visbuf(tab)); - else { -@@ -867,17 +891,22 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base) - * The magic moment -- copy the mapped key string over, - * stripping out padding. - */ -- for (dp = buf2, bp = tp->Strings[from_ptr->nte_index]; *bp; bp++) { -- if (bp[0] == '$' && bp[1] == '<') { -- while (*bp && *bp != '>') { -- ++bp; -- } -- } else -- *dp++ = *bp; -- } -- *dp = '\0'; -+ bp = tp->Strings[from_ptr->nte_index]; -+ if (VALID_STRING(bp)) { -+ for (dp = buf2; *bp; bp++) { -+ if (bp[0] == '$' && bp[1] == '<') { -+ while (*bp && *bp != '>') { -+ ++bp; -+ } -+ } else -+ *dp++ = *bp; -+ } -+ *dp = '\0'; - -- tp->Strings[to_ptr->nte_index] = _nc_save_str(buf2); -+ tp->Strings[to_ptr->nte_index] = _nc_save_str(buf2); -+ } else { -+ tp->Strings[to_ptr->nte_index] = bp; -+ } - } - - /* -@@ -886,7 +915,7 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base) - * got mapped to kich1 and im to kIC to avoid a collision. - * If the description has im but not ic, hack kIC back to kich1. - */ -- if (foundim && WANTED(key_ic) && key_sic) { -+ if (foundim && WANTED(key_ic) && PRESENT(key_sic)) { - key_ic = key_sic; - key_sic = ABSENT_STRING; - } -@@ -938,9 +967,9 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base) - acs_chars = _nc_save_str(buf2); - _nc_warning("acsc string synthesized from XENIX capabilities"); - } -- } else if (acs_chars == 0 -- && enter_alt_charset_mode != 0 -- && exit_alt_charset_mode != 0) { -+ } else if (acs_chars == ABSENT_STRING -+ && PRESENT(enter_alt_charset_mode) -+ && PRESENT(exit_alt_charset_mode)) { - acs_chars = _nc_save_str(VT_ACSC); - } - } -diff --git a/ncurses/tinfo/strings.c b/ncurses/tinfo/strings.c -index 393d8e7..10ec6c8 100644 ---- a/ncurses/tinfo/strings.c -+++ b/ncurses/tinfo/strings.c -@@ -1,5 +1,5 @@ - /**************************************************************************** -- * Copyright (c) 2000-2007,2012 Free Software Foundation, Inc. * -+ * Copyright (c) 2000-2012,2017 Free Software Foundation, Inc. * - * * - * Permission is hereby granted, free of charge, to any person obtaining a * - * copy of this software and associated documentation files (the * -@@ -35,8 +35,9 @@ - **/ - - #include <curses.priv.h> -+#include <tic.h> - --MODULE_ID("$Id: strings.c,v 1.8 2012/02/22 22:34:31 tom Exp $") -+MODULE_ID("$Id: strings.c,v 1.9 2017/08/26 13:16:11 tom Exp $") - - /**************************************************************************** - * Useful string functions (especially for mvcur) -@@ -105,7 +106,7 @@ _nc_str_copy(string_desc * dst, string_desc * src) - NCURSES_EXPORT(bool) - _nc_safe_strcat(string_desc * dst, const char *src) - { -- if (src != 0) { -+ if (PRESENT(src)) { - size_t len = strlen(src); - - if (len < dst->s_size) { -@@ -126,7 +127,7 @@ _nc_safe_strcat(string_desc * dst, const char *src) - NCURSES_EXPORT(bool) - _nc_safe_strcpy(string_desc * dst, const char *src) - { -- if (src != 0) { -+ if (PRESENT(src)) { - size_t len = strlen(src); - - if (len < dst->s_size) { -diff --git a/ncurses/tinfo/trim_sgr0.c b/ncurses/tinfo/trim_sgr0.c -index 4cbcb65..4d92d15 100644 ---- a/ncurses/tinfo/trim_sgr0.c -+++ b/ncurses/tinfo/trim_sgr0.c -@@ -36,7 +36,7 @@ - - #include <tic.h> - --MODULE_ID("$Id: trim_sgr0.c,v 1.16 2017/04/05 22:33:07 tom Exp $") -+MODULE_ID("$Id: trim_sgr0.c,v 1.17 2017/08/26 14:54:16 tom Exp $") - - #undef CUR - #define CUR tp-> -@@ -263,7 +263,7 @@ _nc_trim_sgr0(TERMTYPE2 *tp) - /* - * If rmacs is a substring of sgr(0), remove that chunk. - */ -- if (exit_alt_charset_mode != 0) { -+ if (PRESENT(exit_alt_charset_mode)) { - TR(TRACE_DATABASE, ("scan for rmacs %s", _nc_visbuf(exit_alt_charset_mode))); - j = strlen(off); - k = strlen(exit_alt_charset_mode); -diff --git a/progs/tic.c b/progs/tic.c -index c5d78e5..6dd4678 100644 ---- a/progs/tic.c -+++ b/progs/tic.c -@@ -48,7 +48,7 @@ - #include <parametrized.h> - #include <transform.h> - --MODULE_ID("$Id: tic.c,v 1.233 2017/07/15 17:40:19 tom Exp $") -+MODULE_ID("$Id: tic.c,v 1.243 2017/08/26 20:56:55 tom Exp $") - - #define STDIN_NAME "<stdin>" - -@@ -62,6 +62,10 @@ static bool showsummary = FALSE; - static char **namelst = 0; - static const char *to_remove; - -+#if NCURSES_XNAMES -+static bool using_extensions = FALSE; -+#endif -+ - static void (*save_check_termtype) (TERMTYPE2 *, bool); - static void check_termtype(TERMTYPE2 *tt, bool); - -@@ -850,6 +854,7 @@ main(int argc, char *argv[]) - /* FALLTHRU */ - case 'x': - use_extended_names(TRUE); -+ using_extensions = TRUE; - break; - #endif - default: -@@ -2405,10 +2410,17 @@ check_conflict(TERMTYPE2 *tp) - const char *a = given[j].value; - bool first = TRUE; - -+ if (!VALID_STRING(a)) -+ continue; -+ - for (k = j + 1; given[k].keycode; k++) { - const char *b = given[k].value; -+ -+ if (!VALID_STRING(b)) -+ continue; - if (check[k]) - continue; -+ - if (!_nc_capcmp(a, b)) { - check[j] = 1; - check[k] = 1; -@@ -2431,6 +2443,67 @@ check_conflict(TERMTYPE2 *tp) - if (!first) - fprintf(stderr, "\n"); - } -+#if NCURSES_XNAMES -+ if (using_extensions) { -+ /* *INDENT-OFF* */ -+ static struct { -+ const char *xcurses; -+ const char *shifted; -+ } table[] = { -+ { "kDC", NULL }, -+ { "kDN", "kind" }, -+ { "kEND", NULL }, -+ { "kHOM", NULL }, -+ { "kLFT", NULL }, -+ { "kNXT", NULL }, -+ { "kPRV", NULL }, -+ { "kRIT", NULL }, -+ { "kUP", "kri" }, -+ { NULL, NULL }, -+ }; -+ /* *INDENT-ON* */ -+ -+ /* -+ * SVr4 curses defines the "xcurses" names listed above except for -+ * the special cases in the "shifted" column. When using these -+ * names for xterm's extensions, that was confusing, and resulted -+ * in adding extended capabilities with "2" (shift) suffix. This -+ * check warns about unnecessary use of extensions for this quirk. -+ */ -+ for (j = 0; given[j].keycode; ++j) { -+ const char *find = given[j].name; -+ int value; -+ char ch; -+ -+ if (!VALID_STRING(given[j].value)) -+ continue; -+ -+ for (k = 0; table[k].xcurses; ++k) { -+ const char *test = table[k].xcurses; -+ size_t size = strlen(test); -+ -+ if (!strncmp(find, test, size) && strcmp(find, test)) { -+ switch (sscanf(find + size, "%d%c", &value, &ch)) { -+ case 1: -+ if (value == 2) { -+ _nc_warning("expected '%s' rather than '%s'", -+ (table[k].shifted -+ ? table[k].shifted -+ : test), find); -+ } else if (value < 2 || value > 15) { -+ _nc_warning("expected numeric 2..15 '%s'", find); -+ } -+ break; -+ default: -+ _nc_warning("expected numeric suffix for '%s'", find); -+ break; -+ } -+ break; -+ } -+ } -+ } -+ } -+#endif - free(given); - free(check); - } --- -2.10.2 - diff --git a/meta/recipes-core/ncurses/ncurses.inc b/meta/recipes-core/ncurses/ncurses.inc index 1f21cd413d..01e41d5f73 100644 --- a/meta/recipes-core/ncurses/ncurses.inc +++ b/meta/recipes-core/ncurses/ncurses.inc @@ -13,7 +13,7 @@ BINCONFIG = "${bindir}/ncurses5-config ${bindir}/ncursesw5-config \ inherit autotools binconfig-disabled multilib_header pkgconfig # Upstream has useful patches at times at ftp://invisible-island.net/ncurses/ -SRC_URI = "git://anonscm.debian.org/collab-maint/ncurses.git" +SRC_URI = "git://salsa.debian.org/debian/ncurses.git;protocol=https" EXTRA_AUTORECONF = "-I m4" CONFIG_SITE =+ "${WORKDIR}/config.cache" @@ -59,6 +59,7 @@ EX_TERMCAP_class-nativesdk = ":/etc/termcap:/usr/share/misc/termcap" EX_TERMINFO = "" EX_TERMINFO_class-native = ":/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo" EX_TERMINFO_class-nativesdk = ":/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo" +EX_TERMLIB ?= "tinfo" # Helper function for do_configure to allow multiple configurations # $1 the directory to run configure in @@ -80,7 +81,7 @@ ncurses_configure() { --disable-big-core \ --program-prefix= \ --with-ticlib \ - --with-termlib=tinfo \ + --with-termlib=${EX_TERMLIB} \ --enable-sigwinch \ --enable-pc-files \ --disable-rpath-hack \ @@ -201,7 +202,10 @@ do_install() { ln -sf xterm-color ${D}${sysconfdir}/terminfo/x/xterm fi - rm -f ${D}${libdir}/terminfo + # When changing ${libdir} to e.g. /usr/lib/myawesomelib/ ncurses + # still installs '/usr/lib/terminfo', so try to rm both + # the proper path and a slightly hardcoded one + rm -f ${D}${libdir}/terminfo ${D}${prefix}/lib/terminfo # create linker scripts for libcurses.so and libncurses to # link against -ltinfo when needed. Some builds might break @@ -227,7 +231,7 @@ do_install() { if [ ! -d "${D}${base_libdir}" ]; then # Setting base_libdir to libdir as is done in the -native # case will skip this code - mkdir ${D}${base_libdir} + mkdir -p ${D}${base_libdir} mv ${D}${libdir}/libncurses.so.* ${D}${base_libdir} ! ${ENABLE_WIDEC} || \ mv ${D}${libdir}/libncursesw.so.* ${D}${base_libdir} diff --git a/meta/recipes-core/ncurses/ncurses_6.0+20170715.bb b/meta/recipes-core/ncurses/ncurses_6.0+20171125.bb index d1da5d16e0..6c4b96f428 100644 --- a/meta/recipes-core/ncurses/ncurses_6.0+20170715.bb +++ b/meta/recipes-core/ncurses/ncurses_6.0+20171125.bb @@ -3,10 +3,9 @@ require ncurses.inc SRC_URI += "file://0001-tic-hang.patch \ file://0002-configure-reproducible.patch \ file://config.cache \ - file://CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch \ " # commit id corresponds to the revision in package version -SRCREV = "52681a6a1a18b4d6eb1a716512d0dd827bd71c87" +SRCREV = "5d849e836052459901cfe0b85a0b2939ff8d2b2a" S = "${WORKDIR}/git" EXTRA_OECONF += "--with-abi-version=5" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+(\+\d+)*)" diff --git a/meta/recipes-core/os-release/os-release.bb b/meta/recipes-core/os-release/os-release.bb index f988704756..7f3d9cba00 100644 --- a/meta/recipes-core/os-release/os-release.bb +++ b/meta/recipes-core/os-release/os-release.bb @@ -1,7 +1,7 @@ inherit allarch SUMMARY = "Operating system identification" -DESCRIPTION = "The /etc/os-release file contains operating system identification data." +DESCRIPTION = "The /usr/lib/os-release file contains operating system identification data." LICENSE = "MIT" INHIBIT_DEFAULT_DEPS = "1" @@ -42,6 +42,9 @@ python do_compile () { do_compile[vardeps] += "${OS_RELEASE_FIELDS}" do_install () { - install -d ${D}${sysconfdir} - install -m 0644 os-release ${D}${sysconfdir}/ + install -d ${D}${nonarch_libdir} ${D}${sysconfdir} + install -m 0644 os-release ${D}${nonarch_libdir}/ + lnr ${D}${nonarch_libdir}/os-release ${D}${sysconfdir}/os-release } + +FILES_${PN} += "${nonarch_libdir}/os-release" diff --git a/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch b/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch new file mode 100644 index 0000000000..342fcc6231 --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch @@ -0,0 +1,71 @@ +From 9fce4bab014b9aa618060eba13d6dd04b0fa1b70 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek <lersek@redhat.com> +Date: Fri, 2 Mar 2018 17:11:52 +0100 +Subject: [PATCH 1/4] BaseTools/header.makefile: add "-Wno-stringop-truncation" + +gcc-8 (which is part of Fedora 28) enables the new warning +"-Wstringop-truncation" in "-Wall". This warning is documented in detail +at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the +introduction says + +> Warn for calls to bounded string manipulation functions such as strncat, +> strncpy, and stpncpy that may either truncate the copied string or leave +> the destination unchanged. + +It breaks the BaseTools build with: + +> EfiUtilityMsgs.c: In function 'PrintMessage': +> EfiUtilityMsgs.c:484:9: error: 'strncat' output may be truncated copying +> between 0 and 511 bytes from a string of length 511 +> [-Werror=stringop-truncation] +> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> EfiUtilityMsgs.c:469:9: error: 'strncat' output may be truncated copying +> between 0 and 511 bytes from a string of length 511 +> [-Werror=stringop-truncation] +> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> EfiUtilityMsgs.c:511:5: error: 'strncat' output may be truncated copying +> between 0 and 511 bytes from a string of length 511 +> [-Werror=stringop-truncation] +> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The right way to fix the warning would be to implement string concat with +snprintf(). However, Microsoft does not appear to support snprintf() +before VS2015 +<https://stackoverflow.com/questions/2915672/snprintf-and-visual-studio-2010>, +so we just have to shut up the warning. The strncat() calls flagged above +are valid BTW. + +Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Cc: Cole Robinson <crobinso@redhat.com> +Cc: Liming Gao <liming.gao@intel.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: Yonghong Zhu <yonghong.zhu@intel.com> +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Liming Gao <liming.gao@intel.com> +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport + + BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: git/BaseTools/Source/C/Makefiles/header.makefile +=================================================================== +--- git.orig/BaseTools/Source/C/Makefiles/header.makefile ++++ git/BaseTools/Source/C/Makefiles/header.makefile +@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) + BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
+ endif
+ BUILD_LFLAGS = $(LDFLAGS)
+ BUILD_CXXFLAGS += -Wno-unused-result
diff --git a/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch new file mode 100644 index 0000000000..a076665c33 --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch @@ -0,0 +1,102 @@ +From 86dbdac5a25bd23deb4a0e0a97b527407e02184d Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek <lersek@redhat.com> +Date: Fri, 2 Mar 2018 17:11:52 +0100 +Subject: [PATCH 2/4] BaseTools/header.makefile: add "-Wno-restrict" + +gcc-8 (which is part of Fedora 28) enables the new warning +"-Wrestrict" in "-Wall". This warning is documented in detail +at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the +introduction says + +> Warn when an object referenced by a restrict-qualified parameter (or, in +> C++, a __restrict-qualified parameter) is aliased by another argument, +> or when copies between such objects overlap. + +It breaks the BaseTools build (in the Brotli compression library) with: + +> In function 'ProcessCommandsInternal', +> inlined from 'ProcessCommands' at dec/decode.c:1828:10: +> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631 +> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at +> offset 16 [-Werror=restrict] +> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16)); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> In function 'ProcessCommandsInternal', +> inlined from 'SafeProcessCommands' at dec/decode.c:1833:10: +> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631 +> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at +> offset 16 [-Werror=restrict] +> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16)); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Paolo Bonzini <pbonzini@redhat.com> analyzed the Brotli source in detail, +and concluded that the warning is a false positive: + +> This seems safe to me, because it's preceded by: +> +> uint8_t* copy_dst = &s->ringbuffer[pos]; +> uint8_t* copy_src = &s->ringbuffer[src_start]; +> int dst_end = pos + i; +> int src_end = src_start + i; +> if (src_end > pos && dst_end > src_start) { +> /* Regions intersect. */ +> goto CommandPostWrapCopy; +> } +> +> If [src_start, src_start + i) and [pos, pos + i) don't intersect, then +> neither do [src_start + 16, src_start + i) and [pos + 16, pos + i). +> +> The if seems okay: +> +> (src_start + i > pos && pos + i > src_start) +> +> which can be rewritten to: +> +> (pos < src_start + i && src_start < pos + i) +> +> Then the numbers are in one of these two orders: +> +> pos <= src_start < pos + i <= src_start + i +> src_start <= pos < src_start + i <= pos + i +> +> These two would be allowed by the "if", but they can only happen if pos +> == src_start so they degenerate to the same two orders above: +> +> pos <= src_start < src_start + i <= pos + i +> src_start <= pos < pos + i <= src_start + i +> +> So it is a false positive in GCC. + +Disable the warning for now. + +Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Cc: Cole Robinson <crobinso@redhat.com> +Cc: Liming Gao <liming.gao@intel.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: Yonghong Zhu <yonghong.zhu@intel.com> +Reported-by: Cole Robinson <crobinso@redhat.com> +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Liming Gao <liming.gao@intel.com> +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport + BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: git/BaseTools/Source/C/Makefiles/header.makefile +=================================================================== +--- git.orig/BaseTools/Source/C/Makefiles/header.makefile ++++ git/BaseTools/Source/C/Makefiles/header.makefile +@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) + BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
+ endif
+ BUILD_LFLAGS = $(LDFLAGS)
+ BUILD_CXXFLAGS += -Wno-unused-result
diff --git a/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch b/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch new file mode 100644 index 0000000000..920723e326 --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch @@ -0,0 +1,53 @@ +From 6866325dd9c17412e555974dde41f9631224db52 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek <lersek@redhat.com> +Date: Wed, 7 Mar 2018 10:17:28 +0100 +Subject: [PATCH 3/4] BaseTools/header.makefile: revert gcc-8 "-Wno-xxx" + options on OSX + +I recently added the gcc-8 specific "-Wno-stringop-truncation" and +"-Wno-restrict" options to BUILD_CFLAGS, both for "Darwin" (XCODE5 / +clang, OSX) and otherwise (gcc, Linux / Cygwin). + +I also regression-tested the change with gcc-4.8 on Linux -- gcc-4.8 does +not know either of the (gcc-8 specific) "-Wno-stringop-truncation" and +"-Wno-restrict" options, yet the build completed fine (by GCC design). + +Regarding OSX, my expectation was that + +- XCODE5 / clang would either recognize these warnings options (because + clang does recognize most -W options of gcc), + +- or, similarly to gcc, clang would simply ignore the "-Wno-xxx" flags + that it didn't recognize. + +Neither is the case; the new flags have broken the BaseTools build on OSX. +Revert them (for OSX only). + +Cc: Liming Gao <liming.gao@intel.com> +Cc: Yonghong Zhu <yonghong.zhu@intel.com> +Reported-by: Liming Gao <liming.gao@intel.com> +Fixes: 1d212a83df0eaf32a6f5d4159beb2d77832e0231 +Fixes: 9222154ae7b3eef75ae88cdb56158256227cb929 +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Liming Gao <liming.gao@intel.com> +Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport + BaseTools/Source/C/Makefiles/header.makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: git/BaseTools/Source/C/Makefiles/header.makefile +=================================================================== +--- git.orig/BaseTools/Source/C/Makefiles/header.makefile ++++ git/BaseTools/Source/C/Makefiles/header.makefile +@@ -47,7 +47,7 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) + BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+ BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
+ endif
diff --git a/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch b/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch new file mode 100644 index 0000000000..7ad7cdf0ce --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch @@ -0,0 +1,66 @@ +From dfb42a5bff78d9239a80731e337855234badef3e Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek <lersek@redhat.com> +Date: Fri, 2 Mar 2018 17:11:52 +0100 +Subject: [PATCH 4/4] BaseTools/GenVtf: silence false "stringop-overflow" + warning with memcpy() + +gcc-8 (which is part of Fedora 28) enables the new warning +"-Wstringop-overflow" in "-Wall". This warning is documented in detail at +<https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the +introduction says + +> Warn for calls to string manipulation functions such as memcpy and +> strcpy that are determined to overflow the destination buffer. + +It breaks the BaseTools build with: + +> GenVtf.c: In function 'ConvertVersionInfo': +> GenVtf.c:132:7: error: 'strncpy' specified bound depends on the length +> of the source argument [-Werror=stringop-overflow=] +> strncpy (TemStr + 4 - Length, Str, Length); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> GenVtf.c:130:14: note: length computed here +> Length = strlen(Str); +> ^~~~~~~~~~~ + +It is a false positive because, while the bound equals the length of the +source argument, the destination pointer is moved back towards the +beginning of the destination buffer by the same amount (and this amount is +range-checked first, so we can't precede the start of the dest buffer). + +Replace both strncpy() calls with memcpy(). + +Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Cc: Cole Robinson <crobinso@redhat.com> +Cc: Liming Gao <liming.gao@intel.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: Yonghong Zhu <yonghong.zhu@intel.com> +Reported-by: Cole Robinson <crobinso@redhat.com> +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Liming Gao <liming.gao@intel.com> +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport + BaseTools/Source/C/GenVtf/GenVtf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/BaseTools/Source/C/GenVtf/GenVtf.c b/BaseTools/Source/C/GenVtf/GenVtf.c +index 2ae9a7be2c..0cd33e71e9 100644 +--- a/BaseTools/Source/C/GenVtf/GenVtf.c ++++ b/BaseTools/Source/C/GenVtf/GenVtf.c +@@ -129,9 +129,9 @@ Returns: + } else {
+ Length = strlen(Str);
+ if (Length < 4) {
+- strncpy (TemStr + 4 - Length, Str, Length);
++ memcpy (TemStr + 4 - Length, Str, Length);
+ } else {
+- strncpy (TemStr, Str + Length - 4, 4);
++ memcpy (TemStr, Str + Length - 4, 4);
+ }
+
+ sscanf (
+-- +2.17.0 + diff --git a/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch b/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch index 959b1c649c..25e5b58e70 100644 --- a/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch +++ b/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch @@ -17,4 +17,4 @@ Index: git/BaseTools/Conf/tools_def.template +DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -fno-stack-protector -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -fno-PIE -no-pie
DEFINE GCC44_X64_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables
- DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20
+ DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20 -no-pie
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index a98826210e..fe0850cc03 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb @@ -19,6 +19,10 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \ file://0004-ovmf-enable-long-path-file.patch \ file://VfrCompile-increase-path-length-limit.patch \ file://no-stack-protector-all-archs.patch \ + file://0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch \ + file://0002-BaseTools-header.makefile-add-Wno-restrict.patch \ + file://0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch \ + file://0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" @@ -35,7 +39,7 @@ SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6eb inherit deploy -PARALLEL_MAKE_class-native = "" +PARALLEL_MAKE = "" S = "${WORKDIR}/git" @@ -151,7 +155,7 @@ do_compile_class-native() { do_compile_class-target() { export LFLAGS="${LDFLAGS}" - PARALLEL_JOBS="${@ '${PARALLEL_MAKE}'.replace('-j', '-n')}" + PARALLEL_JOBS="${@ '${PARALLEL_MAKE}'.replace('-j', '-n ')}" OVMF_ARCH="X64" if [ "${TARGET_ARCH}" != "x86_64" ] ; then OVMF_ARCH="IA32" diff --git a/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb b/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb index 51335e232d..a8e47da40c 100644 --- a/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb +++ b/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb @@ -58,6 +58,7 @@ VALGRIND_nios2 = "" VALGRIND_armv4 = "" VALGRIND_armv5 = "" VALGRIND_armv6 = "" +VALGRIND_armeb = "" VALGRIND_aarch64 = "" VALGRIND_linux-gnux32 = "" diff --git a/meta/recipes-core/systemd/systemd/0001-core-evaluate-presets-after-generators-have-run-6526.patch b/meta/recipes-core/systemd/systemd/0001-core-evaluate-presets-after-generators-have-run-6526.patch new file mode 100644 index 0000000000..df100e587d --- /dev/null +++ b/meta/recipes-core/systemd/systemd/0001-core-evaluate-presets-after-generators-have-run-6526.patch @@ -0,0 +1,69 @@ +From 28dd66ecfce743b1ea9046c7bb501e0fcaeff724 Mon Sep 17 00:00:00 2001 +From: Luca Bruno <luca.bruno@coreos.com> +Date: Sun, 6 Aug 2017 13:24:24 +0000 +Subject: [PATCH] core: evaluate presets after generators have run (#6526) + +This commit moves the first-boot system preset-settings evaluation out +of main and into the manager startup logic itself. Notably, it reverses +the order between generators and presets evaluation, so that any changes +performed by first-boot generators are taken into the account by presets +logic. + +After this change, units created by a generator can be enabled as part +of a preset. + +Upstream-Status: Backport + +Signed-off-by: Catalin Enache <catalin.enache@windriver.com> +--- + src/core/main.c | 12 ++---------- + src/core/manager.c | 8 ++++++++ + 2 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index dfedc3d..11ac9cf 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -1809,18 +1809,10 @@ int main(int argc, char *argv[]) { + if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0) + log_warning_errno(errno, "Failed to make us a subreaper: %m"); + +- if (arg_system) { ++ if (arg_system) ++ /* Bump up RLIMIT_NOFILE for systemd itself */ + (void) bump_rlimit_nofile(&saved_rlimit_nofile); + +- if (empty_etc) { +- r = unit_file_preset_all(UNIT_FILE_SYSTEM, 0, NULL, UNIT_FILE_PRESET_ENABLE_ONLY, NULL, 0); +- if (r < 0) +- log_full_errno(r == -EEXIST ? LOG_NOTICE : LOG_WARNING, r, "Failed to populate /etc with preset unit settings, ignoring: %m"); +- else +- log_info("Populated /etc with preset unit settings."); +- } +- } +- + r = manager_new(arg_system ? UNIT_FILE_SYSTEM : UNIT_FILE_USER, arg_action == ACTION_TEST, &m); + if (r < 0) { + log_emergency_errno(r, "Failed to allocate manager object: %m"); +diff --git a/src/core/manager.c b/src/core/manager.c +index 1aadb70..fb5e2b5 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1328,6 +1328,14 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { + if (r < 0) + return r; + ++ if (m->first_boot && m->unit_file_scope == UNIT_FILE_SYSTEM) { ++ q = unit_file_preset_all(UNIT_FILE_SYSTEM, 0, NULL, UNIT_FILE_PRESET_ENABLE_ONLY, NULL, 0); ++ if (q < 0) ++ log_full_errno(q == -EEXIST ? LOG_NOTICE : LOG_WARNING, q, "Failed to populate /etc with preset unit settings, ignoring: %m"); ++ else ++ log_info("Populated /etc with preset unit settings."); ++ } ++ + lookup_paths_reduce(&m->lookup_paths); + manager_build_unit_path_cache(m); + +-- +2.10.2 + diff --git a/meta/recipes-core/systemd/systemd/0001-main-skip-many-initialization-steps-when-running-in-.patch b/meta/recipes-core/systemd/systemd/0001-main-skip-many-initialization-steps-when-running-in-.patch new file mode 100644 index 0000000000..a033b04b23 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/0001-main-skip-many-initialization-steps-when-running-in-.patch @@ -0,0 +1,163 @@ +From dea374e898a749a0474b72b2015cca9009b1432b Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 13 Sep 2017 10:31:40 +0200 +Subject: [PATCH] main: skip many initialization steps when running in --test + mode + +Most importantly, don't collect open socket activation fds when in +--test mode. This specifically created a problem because we invoke +pager_open() beforehand (which these days makes copies of the original +stdout/stderr in order to be able to restore them when the pager goes +away) and we might mistakenly the fd copies it creates as socket +activation fds. + +Fixes: #6383 + +Upstream-Status: Backport + +Signed-off-by: Catalin Enache <catalin.enache@windriver.com> +--- + src/core/main.c | 108 +++++++++++++++++++++++++++++--------------------------- + 1 file changed, 56 insertions(+), 52 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index 11ac9cf..d1a53a5 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -1679,20 +1679,22 @@ int main(int argc, char *argv[]) { + log_close(); + + /* Remember open file descriptors for later deserialization */ +- r = fdset_new_fill(&fds); +- if (r < 0) { +- log_emergency_errno(r, "Failed to allocate fd set: %m"); +- error_message = "Failed to allocate fd set"; +- goto finish; +- } else +- fdset_cloexec(fds, true); ++ if (arg_action == ACTION_RUN) { ++ r = fdset_new_fill(&fds); ++ if (r < 0) { ++ log_emergency_errno(r, "Failed to allocate fd set: %m"); ++ error_message = "Failed to allocate fd set"; ++ goto finish; ++ } else ++ fdset_cloexec(fds, true); + +- if (arg_serialization) +- assert_se(fdset_remove(fds, fileno(arg_serialization)) >= 0); ++ if (arg_serialization) ++ assert_se(fdset_remove(fds, fileno(arg_serialization)) >= 0); + +- if (arg_system) +- /* Become a session leader if we aren't one yet. */ +- setsid(); ++ if (arg_system) ++ /* Become a session leader if we aren't one yet. */ ++ setsid(); ++ } + + /* Move out of the way, so that we won't block unmounts */ + assert_se(chdir("/") == 0); +@@ -1762,56 +1764,58 @@ int main(int argc, char *argv[]) { + arg_action == ACTION_TEST ? " test" : "", getuid(), t); + } + +- if (arg_system && !skip_setup) { +- if (arg_show_status > 0) +- status_welcome(); ++ if (arg_action == ACTION_RUN) { ++ if (arg_system && !skip_setup) { ++ if (arg_show_status > 0) ++ status_welcome(); + +- hostname_setup(); +- machine_id_setup(NULL, arg_machine_id, NULL); +- loopback_setup(); +- bump_unix_max_dgram_qlen(); ++ hostname_setup(); ++ machine_id_setup(NULL, arg_machine_id, NULL); ++ loopback_setup(); ++ bump_unix_max_dgram_qlen(); + +- test_usr(); +- } ++ test_usr(); ++ } + +- if (arg_system && arg_runtime_watchdog > 0 && arg_runtime_watchdog != USEC_INFINITY) +- watchdog_set_timeout(&arg_runtime_watchdog); ++ if (arg_system && arg_runtime_watchdog > 0 && arg_runtime_watchdog != USEC_INFINITY) ++ watchdog_set_timeout(&arg_runtime_watchdog); + +- if (arg_timer_slack_nsec != NSEC_INFINITY) +- if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0) +- log_error_errno(errno, "Failed to adjust timer slack: %m"); ++ if (arg_timer_slack_nsec != NSEC_INFINITY) ++ if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0) ++ log_error_errno(errno, "Failed to adjust timer slack: %m"); + +- if (arg_system && !cap_test_all(arg_capability_bounding_set)) { +- r = capability_bounding_set_drop_usermode(arg_capability_bounding_set); +- if (r < 0) { +- log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m"); +- error_message = "Failed to drop capability bounding set of usermode helpers"; +- goto finish; +- } +- r = capability_bounding_set_drop(arg_capability_bounding_set, true); +- if (r < 0) { +- log_emergency_errno(r, "Failed to drop capability bounding set: %m"); +- error_message = "Failed to drop capability bounding set"; +- goto finish; ++ if (arg_system && !cap_test_all(arg_capability_bounding_set)) { ++ r = capability_bounding_set_drop_usermode(arg_capability_bounding_set); ++ if (r < 0) { ++ log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m"); ++ error_message = "Failed to drop capability bounding set of usermode helpers"; ++ goto finish; ++ } ++ r = capability_bounding_set_drop(arg_capability_bounding_set, true); ++ if (r < 0) { ++ log_emergency_errno(r, "Failed to drop capability bounding set: %m"); ++ error_message = "Failed to drop capability bounding set"; ++ goto finish; ++ } + } +- } + +- if (arg_syscall_archs) { +- r = enforce_syscall_archs(arg_syscall_archs); +- if (r < 0) { +- error_message = "Failed to set syscall architectures"; +- goto finish; ++ if (arg_syscall_archs) { ++ r = enforce_syscall_archs(arg_syscall_archs); ++ if (r < 0) { ++ error_message = "Failed to set syscall architectures"; ++ goto finish; ++ } + } +- } + +- if (!arg_system) +- /* Become reaper of our children */ +- if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0) +- log_warning_errno(errno, "Failed to make us a subreaper: %m"); ++ if (!arg_system) ++ /* Become reaper of our children */ ++ if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0) ++ log_warning_errno(errno, "Failed to make us a subreaper: %m"); + +- if (arg_system) +- /* Bump up RLIMIT_NOFILE for systemd itself */ +- (void) bump_rlimit_nofile(&saved_rlimit_nofile); ++ if (arg_system) ++ /* Bump up RLIMIT_NOFILE for systemd itself */ ++ (void) bump_rlimit_nofile(&saved_rlimit_nofile); ++ } + + r = manager_new(arg_system ? UNIT_FILE_SYSTEM : UNIT_FILE_USER, arg_action == ACTION_TEST, &m); + if (r < 0) { +-- +2.10.2 + diff --git a/meta/recipes-core/systemd/systemd_234.bb b/meta/recipes-core/systemd/systemd_234.bb index bfcecb3d4e..6c248e8828 100644 --- a/meta/recipes-core/systemd/systemd_234.bb +++ b/meta/recipes-core/systemd/systemd_234.bb @@ -41,6 +41,8 @@ SRC_URI = "git://github.com/systemd/systemd.git;protocol=git \ file://0013-comparison_fn_t-is-glibc-specific-use-raw-signature-.patch \ file://0001-Define-_PATH_WTMPX-and-_PATH_UTMPX-if-not-defined.patch \ file://0001-Use-uintmax_t-for-handling-rlim_t.patch \ + file://0001-core-evaluate-presets-after-generators-have-run-6526.patch \ + file://0001-main-skip-many-initialization-steps-when-running-in-.patch \ " SRC_URI_append_qemuall = " file://0001-core-device.c-Change-the-default-device-timeout-to-2.patch" @@ -342,7 +344,7 @@ USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--sys USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /bin/nologin systemd-coredump;', '', d)}" USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'resolved', '--system -d / -M --shell /bin/nologin systemd-resolve;', '', d)}" USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;', '', d)}" -GROUPADD_PARAM_${PN} = "-r lock; -r systemd-journal" +GROUPADD_PARAM_${PN} = "-r systemd-journal" USERADD_PARAM_${PN}-extra-utils += "--system -d / -M --shell /bin/nologin systemd-bus-proxy;" FILES_${PN}-analyze = "${bindir}/systemd-analyze" diff --git a/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb b/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb index 884857a96d..22a0ecf839 100644 --- a/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb +++ b/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb @@ -68,7 +68,7 @@ FILES_${PN} += "${base_sbindir}/* ${base_bindir}/*" FILES_sysvinit-pidof = "${base_bindir}/pidof.sysvinit ${base_sbindir}/killall5" FILES_sysvinit-sulogin = "${base_sbindir}/sulogin.sysvinit" -RDEPENDS_${PN} += "sysvinit-pidof initscripts-functions" +RDEPENDS_${PN} += "sysvinit-pidof initd-functions" CFLAGS_prepend = "-D_GNU_SOURCE " export LCRYPT = "-lcrypt" diff --git a/meta/recipes-core/util-linux/util-linux/no_getrandom.patch b/meta/recipes-core/util-linux/util-linux/no_getrandom.patch deleted file mode 100644 index b9fa1cace4..0000000000 --- a/meta/recipes-core/util-linux/util-linux/no_getrandom.patch +++ /dev/null @@ -1,21 +0,0 @@ -getrandom() is only available in glibc 2.25+ and uninative may relocate -binaries onto systems that don't have this function. For now, force the -code to the older codepath until we can come up with a better solution -for this kind of issue. - -Upstream-Status: Inappropriate -RP -2016/8/15 - -Index: util-linux-2.30/configure.ac -=================================================================== ---- util-linux-2.30.orig/configure.ac -+++ util-linux-2.30/configure.ac -@@ -399,7 +399,6 @@ AC_CHECK_FUNCS([ \ - getdtablesize \ - getexecname \ - getmntinfo \ -- getrandom \ - getrlimit \ - getsgnam \ - inotify_init \ diff --git a/meta/recipes-core/util-linux/util-linux_2.30.bb b/meta/recipes-core/util-linux/util-linux_2.30.bb index 39449d9ac9..6b309b555f 100644 --- a/meta/recipes-core/util-linux/util-linux_2.30.bb +++ b/meta/recipes-core/util-linux/util-linux_2.30.bb @@ -15,7 +15,6 @@ SRC_URI += "file://configure-sbindir.patch \ file://display_testname_for_subtest.patch \ file://avoid_parallel_tests.patch \ " -SRC_URI_append_class-native = " file://no_getrandom.patch" SRC_URI[md5sum] = "eaa3429150268027908a1b8ae6ee9a62" SRC_URI[sha256sum] = "c208a4ff6906cb7f57940aa5bc3a6eed146e50a7cc0a092f52ef2ab65057a08d" |