diff options
Diffstat (limited to 'meta-oe')
35 files changed, 1071 insertions, 69 deletions
diff --git a/meta-oe/classes/gitpkgv.bbclass b/meta-oe/classes/gitpkgv.bbclass index ab591bd45c..180421ed35 100644 --- a/meta-oe/classes/gitpkgv.bbclass +++ b/meta-oe/classes/gitpkgv.bbclass @@ -40,10 +40,16 @@ GITPKGV = "${@get_git_pkgv(d, False)}" GITPKGVTAG = "${@get_git_pkgv(d, True)}" -def gitpkgv_drop_tag_prefix(version): +# This regexp is used to drop unwanted parts of the found tags. Any matching +# groups will be concatenated to yield the final version. +GITPKGV_TAG_REGEXP ??= "v(\d.*)" + +def gitpkgv_drop_tag_prefix(d, version): import re - if re.match("v\d", version): - return version[1:] + + m = re.match(d.getVar('GITPKGV_TAG_REGEXP'), version) + if m: + return ''.join(group for group in m.groups() if group) else: return version @@ -105,7 +111,7 @@ def get_git_pkgv(d, use_tags): output = bb.fetch2.runfetchcmd( "git --git-dir=%(repodir)s describe %(rev)s --tags --exact-match 2>/dev/null" % vars, d, quiet=True).strip() - ver = gitpkgv_drop_tag_prefix(output) + ver = gitpkgv_drop_tag_prefix(d, output) except Exception: ver = "0.0-%s-g%s" % (commits, vars['rev'][:7]) else: diff --git a/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.5.0.bb b/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.5.0.bb index ffafd17f82..316d066d59 100644 --- a/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.5.0.bb +++ b/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.5.0.bb @@ -7,7 +7,6 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe \ DEPENDS = " \ bison-native \ flex-native \ - rrdtool \ virtual/libiconv \ " @@ -93,7 +92,7 @@ ALLOW_EMPTY_${PN} = "1" RDEPENDS_${PN} += " \ ${PN}-libsensors \ ${PN}-sensors \ - ${PN}-sensord \ + ${@bb.utils.contains('PACKAGECONFIG', 'sensord', '${PN}-sensord', '', d)} \ ${PN}-fancontrol \ ${PN}-sensorsdetect \ ${PN}-sensorsconfconvert \ diff --git a/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-oe/recipes-dbs/mysql/mariadb.inc index e1ae58ae7a..703e172174 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb.inc +++ b/meta-oe/recipes-dbs/mysql/mariadb.inc @@ -18,6 +18,7 @@ SRC_URI = "http://archive.mariadb.org/${BP}/source/${BP}.tar.gz \ file://c11_atomics.patch \ file://clang_version_header_conflict.patch \ file://fix-arm-atomic.patch \ + file://0001-Fix-library-LZ4-lookup.patch \ " SRC_URI[md5sum] = "b3524c0825c3a1c255496daea38304a0" SRC_URI[sha256sum] = "69456ca85bf9d96c6d28b4ade2a9f6787d79a602e27ef941f9ba4e0b55dddedc" diff --git a/meta-oe/recipes-dbs/mysql/mariadb/0001-Fix-library-LZ4-lookup.patch b/meta-oe/recipes-dbs/mysql/mariadb/0001-Fix-library-LZ4-lookup.patch new file mode 100644 index 0000000000..574dfd317a --- /dev/null +++ b/meta-oe/recipes-dbs/mysql/mariadb/0001-Fix-library-LZ4-lookup.patch @@ -0,0 +1,30 @@ +From 1d7612b063eb1fc7bf97bc27b13e1de596748aa1 Mon Sep 17 00:00:00 2001 +From: Sumit Garg <sumit.garg@linaro.org> +Date: Wed, 8 Jan 2020 04:58:30 +0000 +Subject: [PATCH] Fix library LZ4 lookup. + +Signed-off-by: Sumit Garg <sumit.garg@linaro.org> +--- + cmake/FindLZ4.cmake | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/cmake/FindLZ4.cmake b/cmake/FindLZ4.cmake +index e97dd63e2b0..2f4694e727c 100644 +--- a/cmake/FindLZ4.cmake ++++ b/cmake/FindLZ4.cmake +@@ -1,5 +1,10 @@ +-find_path(LZ4_INCLUDE_DIR NAMES lz4.h) +-find_library(LZ4_LIBRARY NAMES lz4) ++find_path(LZ4_INCLUDE_DIR ++ NAMES lz4.h ++ NO_DEFAULT_PATH NO_CMAKE_FIND_ROOT_PATH) ++ ++find_library(LZ4_LIBRARY ++ NAMES lz4 ++ NO_DEFAULT_PATH NO_CMAKE_FIND_ROOT_PATH) + + include(FindPackageHandleStandardArgs) + FIND_PACKAGE_HANDLE_STANDARD_ARGS( +-- +2.17.1 + diff --git a/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch b/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch new file mode 100644 index 0000000000..60a4125971 --- /dev/null +++ b/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch @@ -0,0 +1,45 @@ +From 6298903e35217ab69c279056f925fb72900ce0b7 Mon Sep 17 00:00:00 2001 +From: Roberto Ierusalimschy <roberto@inf.puc-rio.br> +Date: Mon, 6 Jul 2020 12:11:54 -0300 +Subject: [PATCH] Keep minimum size when shrinking a stack + +When shrinking a stack (during GC), do not make it smaller than the +initial stack size. +--- + ldo.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) +==== end of original header ==== + +CVE: CVE-2020-15888 + +Upstream-Status: backport [https://github.com/lua/lua.git] + +Signed-off-by: Joe Slater <joe.slater@windriver.com> + +==== +diff --git a/ldo.c b/ldo.c +index c563b1d9..a89ac010 100644 +--- a/src/ldo.c ++++ b/src/ldo.c +@@ -220,7 +220,7 @@ static int stackinuse (lua_State *L) { + + void luaD_shrinkstack (lua_State *L) { + int inuse = stackinuse(L); +- int goodsize = inuse + (inuse / 8) + 2*EXTRA_STACK; ++ int goodsize = inuse + BASIC_STACK_SIZE; + if (goodsize > LUAI_MAXSTACK) + goodsize = LUAI_MAXSTACK; /* respect stack limit */ + if (L->stacksize > LUAI_MAXSTACK) /* had been handling stack overflow? */ +@@ -229,8 +229,7 @@ void luaD_shrinkstack (lua_State *L) { + luaE_shrinkCI(L); /* shrink list */ + /* if thread is currently not handling a stack overflow and its + good size is smaller than current size, shrink its stack */ +- if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) && +- goodsize < L->stacksize) ++ if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) && goodsize < L->stacksize) + luaD_reallocstack(L, goodsize); + else /* don't change stack */ + condmovestack(L,{},{}); /* (change only for debugging) */ +-- +2.17.1 + diff --git a/meta-oe/recipes-devtools/lua/lua_5.3.5.bb b/meta-oe/recipes-devtools/lua/lua_5.3.5.bb index ae41e627f0..d3461b06de 100644 --- a/meta-oe/recipes-devtools/lua/lua_5.3.5.bb +++ b/meta-oe/recipes-devtools/lua/lua_5.3.5.bb @@ -7,6 +7,7 @@ HOMEPAGE = "http://www.lua.org/" SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \ file://lua.pc.in \ file://0001-Allow-building-lua-without-readline-on-Linux.patch \ + file://CVE-2020-15888.patch \ " # if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release. @@ -35,6 +36,7 @@ EXTRA_OEMAKE = "'CC=${CC} -fPIC' 'MYCFLAGS=${CFLAGS} -fPIC' MYLDFLAGS='${LDFLAGS do_configure_prepend() { sed -i -e s:/usr/local:${prefix}:g src/luaconf.h + sed -i -e s:lib/lua/:${baselib}/lua/:g src/luaconf.h } do_compile () { diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit/cmake_multilib.patch b/meta-oe/recipes-extended/fluentbit/fluentbit/cmake_multilib.patch new file mode 100644 index 0000000000..8fe9f3e703 --- /dev/null +++ b/meta-oe/recipes-extended/fluentbit/fluentbit/cmake_multilib.patch @@ -0,0 +1,18 @@ +Use CMAKE_INSTALL_LIBDIR instead of hardcoding lib path + +Helps build on platforms where libpaths are not lib/ but say lib64/ + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -182,7 +182,7 @@ if(NOT FLB_WITHOUT_SHARED_LIB) + PROPERTIES OUTPUT_NAME fluent-bit) + + # Library install routines +- install(TARGETS fluent-bit-shared LIBRARY DESTINATION lib) ++ install(TARGETS fluent-bit-shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}) + endif() + + # Static Library diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit_0.12.19.bb b/meta-oe/recipes-extended/fluentbit/fluentbit_0.12.19.bb index e50aa71a9f..27b910b8be 100644 --- a/meta-oe/recipes-extended/fluentbit/fluentbit_0.12.19.bb +++ b/meta-oe/recipes-extended/fluentbit/fluentbit_0.12.19.bb @@ -4,6 +4,7 @@ BUGTRACKER = "https://github.com/fluent/fluent-bit/issues" SRC_URI = "http://fluentbit.io/releases/0.12/fluent-bit-${PV}.tar.gz \ file://jemalloc.patch \ + file://cmake_multilib.patch \ " SRC_URI[md5sum] = "7c8708312ac9122faacf9e2a4751eb34" SRC_URI[sha256sum] = "23a81087edf0e2c6f2d49411c6a82308afc5224f67bbaa45729c057af62e9241" diff --git a/meta-oe/recipes-extended/sanlock/sanlock/0001-sanlock-Replace-cp-a-with-cp-R-no-dereference-preser.patch b/meta-oe/recipes-extended/sanlock/sanlock/0001-sanlock-Replace-cp-a-with-cp-R-no-dereference-preser.patch new file mode 100644 index 0000000000..a0b721c466 --- /dev/null +++ b/meta-oe/recipes-extended/sanlock/sanlock/0001-sanlock-Replace-cp-a-with-cp-R-no-dereference-preser.patch @@ -0,0 +1,51 @@ +From 78a9cffb1c760466933bbbcbae7ecb9b30a3e6a5 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Thu, 21 Nov 2019 13:47:42 -0800 +Subject: [PATCH] sanlock: Replace "cp -a" with "cp -R --no-dereference + --preserve=mode, links" + +Using "cp -a" leaks UID of user running the builds + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/Makefile | 8 ++++---- + wdmd/Makefile | 4 ++-- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/Makefile b/src/Makefile +index 533dd79..2fc9ba5 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -127,9 +127,9 @@ install: all + $(INSTALL) -c -m 755 $(LIBSO_CLIENT_TARGET) $(DESTDIR)/$(LIBDIR) + $(INSTALL) -c -m 644 $(LIBPC_ENTIRE_TARGET) $(DESTDIR)/$(LIBDIR)/pkgconfig + $(INSTALL) -c -m 644 $(LIBPC_CLIENT_TARGET) $(DESTDIR)/$(LIBDIR)/pkgconfig +- cp -a $(LIB_ENTIRE_TARGET).so $(DESTDIR)/$(LIBDIR) +- cp -a $(LIB_CLIENT_TARGET).so $(DESTDIR)/$(LIBDIR) +- cp -a $(LIB_ENTIRE_TARGET).so.$(SOMAJOR) $(DESTDIR)/$(LIBDIR) +- cp -a $(LIB_CLIENT_TARGET).so.$(SOMAJOR) $(DESTDIR)/$(LIBDIR) ++ cp -R --no-dereference --preserve=mode,links $(LIB_ENTIRE_TARGET).so $(DESTDIR)/$(LIBDIR) ++ cp -R --no-dereference --preserve=mode,links $(LIB_CLIENT_TARGET).so $(DESTDIR)/$(LIBDIR) ++ cp -R --no-dereference --preserve=mode,links $(LIB_ENTIRE_TARGET).so.$(SOMAJOR) $(DESTDIR)/$(LIBDIR) ++ cp -R --no-dereference --preserve=mode,links $(LIB_CLIENT_TARGET).so.$(SOMAJOR) $(DESTDIR)/$(LIBDIR) + $(INSTALL) -c -m 644 $(HEADER_TARGET) $(DESTDIR)/$(HEADIR) + $(INSTALL) -m 644 $(MAN_TARGET) $(DESTDIR)/$(MANDIR)/man8/ +diff --git a/wdmd/Makefile b/wdmd/Makefile +index 5849efc..4894517 100644 +--- a/wdmd/Makefile ++++ b/wdmd/Makefile +@@ -68,7 +68,7 @@ install: all + $(INSTALL) -d $(DESTDIR)/$(MANDIR)/man8 + $(INSTALL) -c -m 755 $(CMD_TARGET) $(DESTDIR)/$(BINDIR) + $(INSTALL) -c -m 755 $(SHLIB_TARGET) $(DESTDIR)/$(LIBDIR) +- cp -a $(LIB_TARGET).so $(DESTDIR)/$(LIBDIR) +- cp -a $(LIB_TARGET).so.$(SOMAJOR) $(DESTDIR)/$(LIBDIR) ++ cp -R --no-dereference --preserve=mode,links $(LIB_TARGET).so $(DESTDIR)/$(LIBDIR) ++ cp -R --no-dereference --preserve=mode,links $(LIB_TARGET).so.$(SOMAJOR) $(DESTDIR)/$(LIBDIR) + $(INSTALL) -c -m 644 $(HEADER_TARGET) $(DESTDIR)/$(HEADIR) + $(INSTALL) -m 644 $(MAN_TARGET) $(DESTDIR)/$(MANDIR)/man8 +-- +2.24.0 + diff --git a/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb b/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb index 9f7ce9c570..850690fe9e 100644 --- a/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb +++ b/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb @@ -11,7 +11,9 @@ SECTION = "utils" LICENSE = "LGPLv2+ & GPLv2 & GPLv2+" LIC_FILES_CHKSUM = "file://README.license;md5=60487bf0bf429d6b5aa72b6d37a0eb22" -SRC_URI = "git://pagure.io/sanlock.git;protocol=http" +SRC_URI = "git://pagure.io/sanlock.git;protocol=http \ + file://0001-sanlock-Replace-cp-a-with-cp-R-no-dereference-preser.patch \ + " SRCREV = "7afe0e66f5c7f24894896fad20ffa6f39733d80f" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-kernel/ipmitool/ipmitool/0001-fru-Fix-buffer-overflow-vulnerabilities.patch b/meta-oe/recipes-kernel/ipmitool/ipmitool/0001-fru-Fix-buffer-overflow-vulnerabilities.patch new file mode 100644 index 0000000000..aeb0da80e4 --- /dev/null +++ b/meta-oe/recipes-kernel/ipmitool/ipmitool/0001-fru-Fix-buffer-overflow-vulnerabilities.patch @@ -0,0 +1,133 @@ +From 2542bade29c192370ca897eab67c40f27b8912f8 Mon Sep 17 00:00:00 2001 +From: Chrostoper Ertl <chertl@microsoft.com> +Date: Wed, 12 Feb 2020 12:32:00 +0800 +Subject: [PATCH 1/6] fru: Fix buffer overflow vulnerabilities + +Partial fix for CVE-2020-5208, see +https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp + +The `read_fru_area_section` function only performs size validation of +requested read size, and falsely assumes that the IPMI message will not +respond with more than the requested amount of data; it uses the +unvalidated response size to copy into `frubuf`. If the response is +larger than the request, this can result in overflowing the buffer. + +The same issue affects the `read_fru_area` function. + +Upstream-Status: Backport[https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2] +CVE: CVE-2020-5208 + +Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> +--- + lib/ipmi_fru.c | 33 +++++++++++++++++++++++++++++++-- + 1 file changed, 31 insertions(+), 2 deletions(-) + +diff --git a/lib/ipmi_fru.c b/lib/ipmi_fru.c +index cf00eff..af99aa9 100644 +--- a/lib/ipmi_fru.c ++++ b/lib/ipmi_fru.c +@@ -615,7 +615,10 @@ int + read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, + uint32_t offset, uint32_t length, uint8_t *frubuf) + { +- uint32_t off = offset, tmp, finish; ++ uint32_t off = offset; ++ uint32_t tmp; ++ uint32_t finish; ++ uint32_t size_left_in_buffer; + struct ipmi_rs * rsp; + struct ipmi_rq req; + uint8_t msg_data[4]; +@@ -628,10 +631,12 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, + + finish = offset + length; + if (finish > fru->size) { ++ memset(frubuf + fru->size, 0, length - fru->size); + finish = fru->size; + lprintf(LOG_NOTICE, "Read FRU Area length %d too large, " + "Adjusting to %d", + offset + length, finish - offset); ++ length = finish - offset; + } + + memset(&req, 0, sizeof(req)); +@@ -667,6 +672,7 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, + } + } + ++ size_left_in_buffer = length; + do { + tmp = fru->access ? off >> 1 : off; + msg_data[0] = id; +@@ -707,9 +713,18 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, + } + + tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0]; ++ if(rsp->data_len < 1 ++ || tmp > rsp->data_len - 1 ++ || tmp > size_left_in_buffer) ++ { ++ printf(" Not enough buffer size"); ++ return -1; ++ } ++ + memcpy(frubuf, rsp->data + 1, tmp); + off += tmp; + frubuf += tmp; ++ size_left_in_buffer -= tmp; + /* sometimes the size returned in the Info command + * is too large. return 0 so higher level function + * still attempts to parse what was returned */ +@@ -742,7 +757,9 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, + uint32_t offset, uint32_t length, uint8_t *frubuf) + { + static uint32_t fru_data_rqst_size = 20; +- uint32_t off = offset, tmp, finish; ++ uint32_t off = offset; ++ uint32_t tmp, finish; ++ uint32_t size_left_in_buffer; + struct ipmi_rs * rsp; + struct ipmi_rq req; + uint8_t msg_data[4]; +@@ -755,10 +772,12 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, + + finish = offset + length; + if (finish > fru->size) { ++ memset(frubuf + fru->size, 0, length - fru->size); + finish = fru->size; + lprintf(LOG_NOTICE, "Read FRU Area length %d too large, " + "Adjusting to %d", + offset + length, finish - offset); ++ length = finish - offset; + } + + memset(&req, 0, sizeof(req)); +@@ -773,6 +792,8 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, + if (fru->access && fru_data_rqst_size > 16) + #endif + fru_data_rqst_size = 16; ++ ++ size_left_in_buffer = length; + do { + tmp = fru->access ? off >> 1 : off; + msg_data[0] = id; +@@ -804,8 +825,16 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, + } + + tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0]; ++ if(rsp->data_len < 1 ++ || tmp > rsp->data_len - 1 ++ || tmp > size_left_in_buffer) ++ { ++ printf(" Not enough buffer size"); ++ return -1; ++ } + memcpy((frubuf + off)-offset, rsp->data + 1, tmp); + off += tmp; ++ size_left_in_buffer -= tmp; + + /* sometimes the size returned in the Info command + * is too large. return 0 so higher level function +-- +2.23.0 + diff --git a/meta-oe/recipes-kernel/ipmitool/ipmitool/0002-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch b/meta-oe/recipes-kernel/ipmitool/ipmitool/0002-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch new file mode 100644 index 0000000000..50a5635a0a --- /dev/null +++ b/meta-oe/recipes-kernel/ipmitool/ipmitool/0002-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch @@ -0,0 +1,53 @@ +From 16b10ba5d3a368cd0ed90e9789553c306f1136a6 Mon Sep 17 00:00:00 2001 +From: Chrostoper Ertl <chertl@microsoft.com> +Date: Thu, 28 Nov 2019 16:44:18 +0000 +Subject: [PATCH 2/6] fru: Fix buffer overflow in ipmi_spd_print_fru + +Partial fix for CVE-2020-5208, see +https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp + +The `ipmi_spd_print_fru` function has a similar issue as the one fixed +by the previous commit in `read_fru_area_section`. An initial request is +made to get the `fru.size`, which is used as the size for the allocation +of `spd_data`. Inside a loop, further requests are performed to get the +copy sizes which are not checked before being used as the size for a +copy into the buffer. + +Upstream-Status: Backport[https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10] +CVE: CVE-2020-5208 + +Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> +--- + lib/dimm_spd.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/lib/dimm_spd.c b/lib/dimm_spd.c +index 41e30db..68f3b4f 100644 +--- a/lib/dimm_spd.c ++++ b/lib/dimm_spd.c +@@ -1621,7 +1621,7 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id) + struct ipmi_rq req; + struct fru_info fru; + uint8_t *spd_data, msg_data[4]; +- int len, offset; ++ uint32_t len, offset; + + msg_data[0] = id; + +@@ -1697,6 +1697,13 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id) + } + + len = rsp->data[0]; ++ if(rsp->data_len < 1 ++ || len > rsp->data_len - 1 ++ || len > fru.size - offset) ++ { ++ printf(" Not enough buffer size"); ++ return -1; ++ } + memcpy(&spd_data[offset], rsp->data + 1, len); + offset += len; + } while (offset < fru.size); +-- +2.23.0 + diff --git a/meta-oe/recipes-kernel/ipmitool/ipmitool/0003-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch b/meta-oe/recipes-kernel/ipmitool/ipmitool/0003-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch new file mode 100644 index 0000000000..6b50225332 --- /dev/null +++ b/meta-oe/recipes-kernel/ipmitool/ipmitool/0003-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch @@ -0,0 +1,53 @@ +From 89621b1ce67065fb9044b73c215862fc8aef523f Mon Sep 17 00:00:00 2001 +From: Chrostoper Ertl <chertl@microsoft.com> +Date: Thu, 28 Nov 2019 16:51:49 +0000 +Subject: [PATCH 3/6] session: Fix buffer overflow in ipmi_get_session_info + +Partial fix for CVE-2020-5208, see +https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp + +The `ipmi_get_session_info` function does not properly check the +response `data_len`, which is used as a copy size, allowing stack buffer +overflow. + +Upstream-Status: Backport[https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22] +CVE: CVE-2020-5208 + +Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> +--- + lib/ipmi_session.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/lib/ipmi_session.c b/lib/ipmi_session.c +index 141f0f4..b9af1fd 100644 +--- a/lib/ipmi_session.c ++++ b/lib/ipmi_session.c +@@ -309,8 +309,10 @@ ipmi_get_session_info(struct ipmi_intf * intf, + } + else + { +- memcpy(&session_info, rsp->data, rsp->data_len); +- print_session_info(&session_info, rsp->data_len); ++ memcpy(&session_info, rsp->data, ++ __min(rsp->data_len, sizeof(session_info))); ++ print_session_info(&session_info, ++ __min(rsp->data_len, sizeof(session_info))); + } + break; + +@@ -341,8 +343,10 @@ ipmi_get_session_info(struct ipmi_intf * intf, + break; + } + +- memcpy(&session_info, rsp->data, rsp->data_len); +- print_session_info(&session_info, rsp->data_len); ++ memcpy(&session_info, rsp->data, ++ __min(rsp->data_len, sizeof(session_info))); ++ print_session_info(&session_info, ++ __min(rsp->data_len, sizeof(session_info))); + + } while (i <= session_info.session_slot_count); + break; +-- +2.23.0 + diff --git a/meta-oe/recipes-kernel/ipmitool/ipmitool/0004-channel-Fix-buffer-overflow.patch b/meta-oe/recipes-kernel/ipmitool/ipmitool/0004-channel-Fix-buffer-overflow.patch new file mode 100644 index 0000000000..480090b923 --- /dev/null +++ b/meta-oe/recipes-kernel/ipmitool/ipmitool/0004-channel-Fix-buffer-overflow.patch @@ -0,0 +1,69 @@ +From 2a84669ea0d685b4a2ccb664fa3236ec5f19a80a Mon Sep 17 00:00:00 2001 +From: Chrostoper Ertl <chertl@microsoft.com> +Date: Thu, 28 Nov 2019 16:56:38 +0000 +Subject: [PATCH 4/6] channel: Fix buffer overflow +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Partial fix for CVE-2020-5208, see +https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp + +The `ipmi_get_channel_cipher_suites` function does not properly check +the final response’s `data_len`, which can lead to stack buffer overflow +on the final copy. + +Upstream-Status: Backport[https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4] +CVE: CVE-2020-5208 + +[Make some changes to apply it] +Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> +--- + include/ipmitool/ipmi_channel.h | 2 ++ + lib/ipmi_channel.c | 10 ++++++++-- + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/include/ipmitool/ipmi_channel.h b/include/ipmitool/ipmi_channel.h +index b138c26..d7cce5e 100644 +--- a/include/ipmitool/ipmi_channel.h ++++ b/include/ipmitool/ipmi_channel.h +@@ -77,6 +77,8 @@ struct channel_access_t { + uint8_t user_level_auth; + }; + ++#define MAX_CIPHER_SUITE_DATA_LEN 0x10 ++ + /* + * The Get Authentication Capabilities response structure + * From table 22-15 of the IPMI v2.0 spec +diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c +index fab2e54..76ecdcd 100644 +--- a/lib/ipmi_channel.c ++++ b/lib/ipmi_channel.c +@@ -378,7 +378,10 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type, + lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites"); + return -1; + } +- if (rsp->ccode > 0) { ++ if (rsp->ccode ++ || rsp->data_len < 1 ++ || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN) ++ { + lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s", + val2str(rsp->ccode, completion_code_vals)); + return -1; +@@ -413,7 +416,10 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type, + lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites"); + return -1; + } +- if (rsp->ccode > 0) { ++ if (rsp->ccode ++ || rsp->data_len < 1 ++ || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN) ++ { + lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s", + val2str(rsp->ccode, completion_code_vals)); + return -1; +-- +2.23.0 + diff --git a/meta-oe/recipes-kernel/ipmitool/ipmitool/0005-lanp-Fix-buffer-overflows-in-get_lan_param_select.patch b/meta-oe/recipes-kernel/ipmitool/ipmitool/0005-lanp-Fix-buffer-overflows-in-get_lan_param_select.patch new file mode 100644 index 0000000000..1b1dec1c1b --- /dev/null +++ b/meta-oe/recipes-kernel/ipmitool/ipmitool/0005-lanp-Fix-buffer-overflows-in-get_lan_param_select.patch @@ -0,0 +1,94 @@ +From f45e6d84b75dcd649e18c9256c136cda354de6fd Mon Sep 17 00:00:00 2001 +From: Chrostoper Ertl <chertl@microsoft.com> +Date: Thu, 28 Nov 2019 17:06:39 +0000 +Subject: [PATCH 5/6] lanp: Fix buffer overflows in get_lan_param_select +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Partial fix for CVE-2020-5208, see +https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp + +The `get_lan_param_select` function is missing a validation check on the +response’s `data_len`, which it then returns to caller functions, where +stack buffer overflow can occur. + +Upstream-Status: Backport[https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10] +CVE: CVE-2020-5208 + +[Make some changes to apply it] +Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> +--- + lib/ipmi_lanp.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/lib/ipmi_lanp.c b/lib/ipmi_lanp.c +index 65d881b..022c7f1 100644 +--- a/lib/ipmi_lanp.c ++++ b/lib/ipmi_lanp.c +@@ -1809,7 +1809,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, + if (p == NULL) { + return (-1); + } +- memcpy(data, p->data, p->data_len); ++ memcpy(data, p->data, __min(p->data_len, sizeof(data))); + /* set new ipaddr */ + memcpy(data+3, temp, 4); + printf("Setting LAN Alert %d IP Address to %d.%d.%d.%d\n", alert, +@@ -1824,7 +1824,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, + if (p == NULL) { + return (-1); + } +- memcpy(data, p->data, p->data_len); ++ memcpy(data, p->data, __min(p->data_len, sizeof(data))); + /* set new macaddr */ + memcpy(data+7, temp, 6); + printf("Setting LAN Alert %d MAC Address to " +@@ -1838,7 +1838,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, + if (p == NULL) { + return (-1); + } +- memcpy(data, p->data, p->data_len); ++ memcpy(data, p->data, __min(p->data_len, sizeof(data))); + + if (strncasecmp(argv[1], "def", 3) == 0 || + strncasecmp(argv[1], "default", 7) == 0) { +@@ -1864,7 +1864,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, + if (p == NULL) { + return (-1); + } +- memcpy(data, p->data, p->data_len); ++ memcpy(data, p->data, __min(p->data_len, sizeof(data))); + + if (strncasecmp(argv[1], "on", 2) == 0 || + strncasecmp(argv[1], "yes", 3) == 0) { +@@ -1889,7 +1889,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, + if (p == NULL) { + return (-1); + } +- memcpy(data, p->data, p->data_len); ++ memcpy(data, p->data, __min(p->data_len, sizeof(data))); + + if (strncasecmp(argv[1], "pet", 3) == 0) { + printf("Setting LAN Alert %d destination to PET Trap\n", alert); +@@ -1917,7 +1917,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, + if (p == NULL) { + return (-1); + } +- memcpy(data, p->data, p->data_len); ++ memcpy(data, p->data, __min(p->data_len, sizeof(data))); + + if (str2uchar(argv[1], &data[2]) != 0) { + lprintf(LOG_ERR, "Invalid time: %s", argv[1]); +@@ -1933,7 +1933,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, + if (p == NULL) { + return (-1); + } +- memcpy(data, p->data, p->data_len); ++ memcpy(data, p->data, __min(p->data_len, sizeof(data))); + + if (str2uchar(argv[1], &data[3]) != 0) { + lprintf(LOG_ERR, "Invalid retry: %s", argv[1]); +-- +2.23.0 + diff --git a/meta-oe/recipes-kernel/ipmitool/ipmitool/0006-fru-sdr-Fix-id_string-buffer-overflows.patch b/meta-oe/recipes-kernel/ipmitool/ipmitool/0006-fru-sdr-Fix-id_string-buffer-overflows.patch new file mode 100644 index 0000000000..38ca41b68d --- /dev/null +++ b/meta-oe/recipes-kernel/ipmitool/ipmitool/0006-fru-sdr-Fix-id_string-buffer-overflows.patch @@ -0,0 +1,142 @@ +From 401b7dda5ad1beada4791d54a7e75880f2a4fc24 Mon Sep 17 00:00:00 2001 +From: Chrostoper Ertl <chertl@microsoft.com> +Date: Thu, 28 Nov 2019 17:13:45 +0000 +Subject: [PATCH 6/6] fru, sdr: Fix id_string buffer overflows + +Final part of the fixes for CVE-2020-5208, see +https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp + +9 variants of stack buffer overflow when parsing `id_string` field of +SDR records returned from `CMD_GET_SDR` command. + +SDR record structs have an `id_code` field, and an `id_string` `char` +array. + +The length of `id_string` is calculated as `(id_code & 0x1f) + 1`, +which can be larger than expected 16 characters (if `id_code = 0xff`, +then length will be `(0xff & 0x1f) + 1 = 32`). + +In numerous places, this can cause stack buffer overflow when copying +into fixed buffer of size `17` bytes from this calculated length. + +Upstream-Status: Backport[https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637] +CVE: CVE-2020-5208 + +Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> +--- + lib/ipmi_fru.c | 2 +- + lib/ipmi_sdr.c | 40 ++++++++++++++++++++++++---------------- + 2 files changed, 25 insertions(+), 17 deletions(-) + +diff --git a/lib/ipmi_fru.c b/lib/ipmi_fru.c +index af99aa9..98bc984 100644 +--- a/lib/ipmi_fru.c ++++ b/lib/ipmi_fru.c +@@ -3062,7 +3062,7 @@ ipmi_fru_print(struct ipmi_intf * intf, struct sdr_record_fru_locator * fru) + return 0; + + memset(desc, 0, sizeof(desc)); +- memcpy(desc, fru->id_string, fru->id_code & 0x01f); ++ memcpy(desc, fru->id_string, __min(fru->id_code & 0x01f, sizeof(desc))); + desc[fru->id_code & 0x01f] = 0; + printf("FRU Device Description : %s (ID %d)\n", desc, fru->device_id); + +diff --git a/lib/ipmi_sdr.c b/lib/ipmi_sdr.c +index 2a9cbe3..62aac08 100644 +--- a/lib/ipmi_sdr.c ++++ b/lib/ipmi_sdr.c +@@ -2084,7 +2084,7 @@ ipmi_sdr_print_sensor_eventonly(struct ipmi_intf *intf, + return -1; + + memset(desc, 0, sizeof (desc)); +- snprintf(desc, (sensor->id_code & 0x1f) + 1, "%s", sensor->id_string); ++ snprintf(desc, sizeof(desc), "%.*s", (sensor->id_code & 0x1f) + 1, sensor->id_string); + + if (verbose) { + printf("Sensor ID : %s (0x%x)\n", +@@ -2135,7 +2135,7 @@ ipmi_sdr_print_sensor_mc_locator(struct ipmi_intf *intf, + return -1; + + memset(desc, 0, sizeof (desc)); +- snprintf(desc, (mc->id_code & 0x1f) + 1, "%s", mc->id_string); ++ snprintf(desc, sizeof(desc), "%.*s", (mc->id_code & 0x1f) + 1, mc->id_string); + + if (verbose == 0) { + if (csv_output) +@@ -2228,7 +2228,7 @@ ipmi_sdr_print_sensor_generic_locator(struct ipmi_intf *intf, + char desc[17]; + + memset(desc, 0, sizeof (desc)); +- snprintf(desc, (dev->id_code & 0x1f) + 1, "%s", dev->id_string); ++ snprintf(desc, sizeof(desc), "%.*s", (dev->id_code & 0x1f) + 1, dev->id_string); + + if (!verbose) { + if (csv_output) +@@ -2285,7 +2285,7 @@ ipmi_sdr_print_sensor_fru_locator(struct ipmi_intf *intf, + char desc[17]; + + memset(desc, 0, sizeof (desc)); +- snprintf(desc, (fru->id_code & 0x1f) + 1, "%s", fru->id_string); ++ snprintf(desc, sizeof(desc), "%.*s", (fru->id_code & 0x1f) + 1, fru->id_string); + + if (!verbose) { + if (csv_output) +@@ -2489,35 +2489,43 @@ ipmi_sdr_print_name_from_rawentry(struct ipmi_intf *intf, uint16_t id, + + int rc =0; + char desc[17]; ++ const char *id_string; ++ uint8_t id_code; + memset(desc, ' ', sizeof (desc)); + + switch ( type) { + case SDR_RECORD_TYPE_FULL_SENSOR: + record.full = (struct sdr_record_full_sensor *) raw; +- snprintf(desc, (record.full->id_code & 0x1f) +1, "%s", +- (const char *)record.full->id_string); ++ id_code = record.full->id_code; ++ id_string = record.full->id_string; + break; ++ + case SDR_RECORD_TYPE_COMPACT_SENSOR: + record.compact = (struct sdr_record_compact_sensor *) raw ; +- snprintf(desc, (record.compact->id_code & 0x1f) +1, "%s", +- (const char *)record.compact->id_string); ++ id_code = record.compact->id_code; ++ id_string = record.compact->id_string; + break; ++ + case SDR_RECORD_TYPE_EVENTONLY_SENSOR: + record.eventonly = (struct sdr_record_eventonly_sensor *) raw ; +- snprintf(desc, (record.eventonly->id_code & 0x1f) +1, "%s", +- (const char *)record.eventonly->id_string); +- break; ++ id_code = record.eventonly->id_code; ++ id_string = record.eventonly->id_string; ++ break; ++ + case SDR_RECORD_TYPE_MC_DEVICE_LOCATOR: + record.mcloc = (struct sdr_record_mc_locator *) raw ; +- snprintf(desc, (record.mcloc->id_code & 0x1f) +1, "%s", +- (const char *)record.mcloc->id_string); ++ id_code = record.mcloc->id_code; ++ id_string = record.mcloc->id_string; + break; ++ + default: + rc = -1; +- break; +- } ++ } ++ if (!rc) { ++ snprintf(desc, sizeof(desc), "%.*s", (id_code & 0x1f) + 1, id_string); ++ } + +- lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc); ++ lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc); + return rc; + } + +-- +2.23.0 + diff --git a/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb b/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb index b7f1aa9145..16dbcb291e 100644 --- a/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb +++ b/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb @@ -24,6 +24,12 @@ DEPENDS = "openssl readline ncurses" SRC_URI = "${SOURCEFORGE_MIRROR}/ipmitool/ipmitool-${PV}.tar.bz2 \ file://0001-Migrate-to-openssl-1.1.patch \ + file://0001-fru-Fix-buffer-overflow-vulnerabilities.patch \ + file://0002-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch \ + file://0003-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch \ + file://0004-channel-Fix-buffer-overflow.patch \ + file://0005-lanp-Fix-buffer-overflows-in-get_lan_param_select.patch \ + file://0006-fru-sdr-Fix-id_string-buffer-overflows.patch \ " SRC_URI[md5sum] = "bab7ea104c7b85529c3ef65c54427aa3" SRC_URI[sha256sum] = "0c1ba3b1555edefb7c32ae8cd6a3e04322056bc087918f07189eeedfc8b81e01" diff --git a/meta-oe/recipes-support/gd/gd/CVE-2017-6363.patch b/meta-oe/recipes-support/gd/gd/CVE-2017-6363.patch new file mode 100644 index 0000000000..25b5880ff9 --- /dev/null +++ b/meta-oe/recipes-support/gd/gd/CVE-2017-6363.patch @@ -0,0 +1,35 @@ +From 8f7b60ea7db87de5df76169e3f3918e401ef8bf7 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Wed, 31 Jan 2018 14:50:16 -0500 +Subject: [PATCH] gd/gd2: make sure transparent palette index is within bounds + #383 + +The gd image formats allow for a palette of 256 colors, +so if the transparent index is out of range, disable it. + +Upstream-Status: Backport +[https://github.com/libgd/libgd.git commit:0be86e1926939a98afbd2f3a23c673dfc4df2a7c] +CVE-2017-6363 + +Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> +--- + src/gd_gd.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/gd_gd.c b/src/gd_gd.c +index f8d39cb..5a86fc3 100644 +--- a/src/gd_gd.c ++++ b/src/gd_gd.c +@@ -54,7 +54,8 @@ _gdGetColors (gdIOCtx * in, gdImagePtr im, int gd2xFlag) + if (!gdGetWord (&im->transparent, in)) { + goto fail1; + } +- if (im->transparent == 257) { ++ /* Make sure transparent index is within bounds of the palette. */ ++ if (im->transparent >= 256 || im->transparent < 0) { + im->transparent = (-1); + } + } +-- +1.9.1 + diff --git a/meta-oe/recipes-support/gd/gd_2.2.5.bb b/meta-oe/recipes-support/gd/gd_2.2.5.bb index 35f9bb2516..dda2e67d6d 100644 --- a/meta-oe/recipes-support/gd/gd_2.2.5.bb +++ b/meta-oe/recipes-support/gd/gd_2.2.5.bb @@ -17,6 +17,7 @@ SRC_URI = "git://github.com/libgd/libgd.git;branch=GD-2.2 \ file://0001-annotate.c-gdft.c-Replace-strncpy-with-memccpy-to-fi.patch \ file://CVE-2018-1000222.patch \ file://CVE-2019-6978.patch \ + file://CVE-2017-6363.patch \ " SRCREV = "8255231b68889597d04d451a72438ab92a405aba" diff --git a/meta-oe/recipes-support/glog/glog_0.3.5.bb b/meta-oe/recipes-support/glog/glog_0.3.5.bb index 3de01ef5b6..70eef72057 100644 --- a/meta-oe/recipes-support/glog/glog_0.3.5.bb +++ b/meta-oe/recipes-support/glog/glog_0.3.5.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=dc9db360e0bbd4e46672f3fd91dd6c4b" DEPENDS = "libunwind" SRC_URI = " \ - git://github.com/google/glog.git;branch=v035 \ + git://github.com/google/glog.git;nobranch=1 \ file://0001-Rework-CMake-glog-VERSION-management.patch \ file://0002-Find-Libunwind-during-configure.patch \ file://0003-installation-path-fix.patch \ diff --git a/meta-oe/recipes-support/libssh2/libssh2/CVE-2019-17498.patch b/meta-oe/recipes-support/libssh2/libssh2/CVE-2019-17498.patch new file mode 100644 index 0000000000..f60764c92d --- /dev/null +++ b/meta-oe/recipes-support/libssh2/libssh2/CVE-2019-17498.patch @@ -0,0 +1,131 @@ +From dedcbd106f8e52d5586b0205bc7677e4c9868f9c Mon Sep 17 00:00:00 2001 +From: Will Cosgrove <will@panic.com> +Date: Fri, 30 Aug 2019 09:57:38 -0700 +Subject: [PATCH] packet.c: improve message parsing (#402) + +* packet.c: improve parsing of packets + +file: packet.c + +notes: +Use _libssh2_get_string API in SSH_MSG_DEBUG/SSH_MSG_DISCONNECT. Additional uint32 bounds check in SSH_MSG_GLOBAL_REQUEST. + +Upstream-Status: Accepted +CVE: CVE-2019-17498 + +Reference to upstream patch: +https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c + +--- + src/packet.c | 68 ++++++++++++++++++++++------------------------------ + 1 file changed, 29 insertions(+), 39 deletions(-) + +diff --git a/src/packet.c b/src/packet.c +index 38ab6294..2e01bfc5 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -416,8 +416,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + size_t datalen, int macstate) + { + int rc = 0; +- char *message = NULL; +- char *language = NULL; ++ unsigned char *message = NULL; ++ unsigned char *language = NULL; + size_t message_len = 0; + size_t language_len = 0; + LIBSSH2_CHANNEL *channelp = NULL; +@@ -469,33 +469,23 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + + case SSH_MSG_DISCONNECT: + if(datalen >= 5) { +- size_t reason = _libssh2_ntohu32(data + 1); ++ uint32_t reason = 0; ++ struct string_buf buf; ++ buf.data = (unsigned char *)data; ++ buf.dataptr = buf.data; ++ buf.len = datalen; ++ buf.dataptr++; /* advance past type */ + +- if(datalen >= 9) { +- message_len = _libssh2_ntohu32(data + 5); ++ _libssh2_get_u32(&buf, &reason); ++ _libssh2_get_string(&buf, &message, &message_len); ++ _libssh2_get_string(&buf, &language, &language_len); + +- if(message_len < datalen-13) { +- /* 9 = packet_type(1) + reason(4) + message_len(4) */ +- message = (char *) data + 9; +- +- language_len = +- _libssh2_ntohu32(data + 9 + message_len); +- language = (char *) data + 9 + message_len + 4; +- +- if(language_len > (datalen-13-message_len)) { +- /* bad input, clear info */ +- language = message = NULL; +- language_len = message_len = 0; +- } +- } +- else +- /* bad size, clear it */ +- message_len = 0; +- } + if(session->ssh_msg_disconnect) { +- LIBSSH2_DISCONNECT(session, reason, message, +- message_len, language, language_len); ++ LIBSSH2_DISCONNECT(session, reason, (const char *)message, ++ message_len, (const char *)language, ++ language_len); + } ++ + _libssh2_debug(session, LIBSSH2_TRACE_TRANS, + "Disconnect(%d): %s(%s)", reason, + message, language); +@@ -534,23 +526,24 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + int always_display = data[1]; + + if(datalen >= 6) { +- message_len = _libssh2_ntohu32(data + 2); +- +- if(message_len <= (datalen - 10)) { +- /* 6 = packet_type(1) + display(1) + message_len(4) */ +- message = (char *) data + 6; +- language_len = _libssh2_ntohu32(data + 6 + +- message_len); +- +- if(language_len <= (datalen - 10 - message_len)) +- language = (char *) data + 10 + message_len; +- } ++ struct string_buf buf; ++ buf.data = (unsigned char *)data; ++ buf.dataptr = buf.data; ++ buf.len = datalen; ++ buf.dataptr += 2; /* advance past type & always display */ ++ ++ _libssh2_get_string(&buf, &message, &message_len); ++ _libssh2_get_string(&buf, &language, &language_len); + } + + if(session->ssh_msg_debug) { +- LIBSSH2_DEBUG(session, always_display, message, +- message_len, language, language_len); ++ LIBSSH2_DEBUG(session, always_display, ++ (const char *)message, ++ message_len, (const char *)language, ++ language_len); + } + } ++ + /* + * _libssh2_debug will actually truncate this for us so + * that it's not an inordinate about of data +@@ -576,7 +566,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + uint32_t len = 0; + unsigned char want_reply = 0; + len = _libssh2_ntohu32(data + 1); +- if(datalen >= (6 + len)) { ++ if((len <= (UINT_MAX - 6)) && (datalen >= (6 + len))) { + want_reply = data[5 + len]; + _libssh2_debug(session, + LIBSSH2_TRACE_CONN, diff --git a/meta-oe/recipes-support/libssh2/libssh2_1.8.2.bb b/meta-oe/recipes-support/libssh2/libssh2_1.8.2.bb index fe853cde4f..a17ae5b7c3 100644 --- a/meta-oe/recipes-support/libssh2/libssh2_1.8.2.bb +++ b/meta-oe/recipes-support/libssh2/libssh2_1.8.2.bb @@ -17,6 +17,7 @@ inherit autotools pkgconfig EXTRA_OECONF += "\ --with-libz \ --with-libz-prefix=${STAGING_LIBDIR} \ + file://CVE-2019-17498.patch \ " # only one of openssl and gcrypt could be set diff --git a/meta-oe/recipes-support/lvm2/files/0001-configure-Fix-setting-of-CLDFLAGS-default.patch b/meta-oe/recipes-support/lvm2/files/0001-configure-Fix-setting-of-CLDFLAGS-default.patch index 07cb88ffba..91ab239f37 100644 --- a/meta-oe/recipes-support/lvm2/files/0001-configure-Fix-setting-of-CLDFLAGS-default.patch +++ b/meta-oe/recipes-support/lvm2/files/0001-configure-Fix-setting-of-CLDFLAGS-default.patch @@ -4,44 +4,12 @@ Date: Mon, 19 Aug 2019 14:54:43 +0200 Subject: [PATCH] configure: Fix setting of CLDFLAGS default --- - configure | 6 +++--- configure.ac | 6 +++--- - 2 files changed, 6 insertions(+), 6 deletions(-) + 1 file changed, 3 insertions(+), 3 deletions(-) Upstream-Status: Backport [https://sourceware.org/git/?p=lvm2.git;a=commit;h=4a3e707402032788e09282e0f54fdf82c8a0f8fc] Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> -diff --git a/configure b/configure -index ff3a59b6b..4c8476502 100755 ---- a/configure -+++ b/configure -@@ -3077,7 +3077,7 @@ if test -z "$CFLAGS"; then : - fi - case "$host_os" in - linux*) -- CLDFLAGS="${CLDFLAGS:"$LDFLAGS"} -Wl,--version-script,.export.sym" -+ CLDFLAGS="${CLDFLAGS-"$LDFLAGS"} -Wl,--version-script,.export.sym" - # equivalent to -rdynamic - ELDFLAGS="-Wl,--export-dynamic" - # FIXME Generate list and use --dynamic-list=.dlopen.sym -@@ -3098,7 +3098,7 @@ case "$host_os" in - ;; - darwin*) - CFLAGS="$CFLAGS -no-cpp-precomp -fno-common" -- CLDFLAGS="${CLDFLAGS:"$LDFLAGS"}" -+ CLDFLAGS="${CLDFLAGS-"$LDFLAGS"}" - ELDFLAGS= - CLDWHOLEARCHIVE="-all_load" - CLDNOWHOLEARCHIVE= -@@ -3111,7 +3111,7 @@ case "$host_os" in - BLKDEACTIVATE=no - ;; - *) -- CLDFLAGS="${CLDFLAGS:"$LDFLAGS"}" -+ CLDFLAGS="${CLDFLAGS-"$LDFLAGS"}" - ;; - esac - diff --git a/configure.ac b/configure.ac index 5da694631..830edb8da 100644 --- a/configure.ac diff --git a/meta-oe/recipes-support/opencv/ade/0001-use-GNUInstallDirs-for-detecting-install-paths.patch b/meta-oe/recipes-support/opencv/ade/0001-use-GNUInstallDirs-for-detecting-install-paths.patch new file mode 100644 index 0000000000..f038b0aa91 --- /dev/null +++ b/meta-oe/recipes-support/opencv/ade/0001-use-GNUInstallDirs-for-detecting-install-paths.patch @@ -0,0 +1,39 @@ +From 67ccf77d97b76e8260c9d793ab172577e2393dbc Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Thu, 19 Dec 2019 21:33:46 -0800 +Subject: [PATCH] use GNUInstallDirs for detecting install paths + +This helps with multilib builds + +Upstream-Status: Submitted [https://github.com/opencv/ade/pull/19] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + sources/ade/CMakeLists.txt | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/sources/ade/CMakeLists.txt b/sources/ade/CMakeLists.txt +index 2d1dd20..46415d1 100644 +--- a/sources/ade/CMakeLists.txt ++++ b/sources/ade/CMakeLists.txt +@@ -47,12 +47,14 @@ if(BUILD_ADE_DOCUMENTATION) + VERBATIM) + endif() + ++include(GNUInstallDirs) ++ + install(TARGETS ade COMPONENT dev + EXPORT adeTargets +- ARCHIVE DESTINATION lib +- LIBRARY DESTINATION lib +- RUNTIME DESTINATION lib +- INCLUDES DESTINATION include) ++ ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} ++ LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ++ RUNTIME DESTINATION ${CMAKE_INSTALL_LIBDIR} ++ INCLUDES DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) + + install(EXPORT adeTargets DESTINATION share/ade COMPONENT dev) + +-- +2.24.1 + diff --git a/meta-oe/recipes-support/opencv/ade_0.1.1f.bb b/meta-oe/recipes-support/opencv/ade_0.1.1f.bb index 332820d149..3861802158 100644 --- a/meta-oe/recipes-support/opencv/ade_0.1.1f.bb +++ b/meta-oe/recipes-support/opencv/ade_0.1.1f.bb @@ -5,6 +5,7 @@ organizing data flow processing and execution." HOMEPAGE = "https://github.com/opencv/ade" SRC_URI = "git://github.com/opencv/ade.git \ + file://0001-use-GNUInstallDirs-for-detecting-install-paths.patch \ " SRCREV = "58b2595a1a95cc807be8bf6222f266a9a1f393a9" diff --git a/meta-oe/recipes-support/opencv/opencv/download.patch b/meta-oe/recipes-support/opencv/opencv/download.patch new file mode 100644 index 0000000000..fa8db88078 --- /dev/null +++ b/meta-oe/recipes-support/opencv/opencv/download.patch @@ -0,0 +1,32 @@ +This CMake module will download files during do_configure. This is bad as it +means we can't do offline builds. + +Add an option to disallow downloads by emitting a fatal error. + +Upstream-Status: Pending +Signed-off-by: Ross Burton <ross.burton@intel.com> + +diff --git a/cmake/OpenCVDownload.cmake b/cmake/OpenCVDownload.cmake +index cdc47ad2cb..74573f45a2 100644 +--- a/cmake/OpenCVDownload.cmake ++++ b/cmake/OpenCVDownload.cmake +@@ -14,6 +14,7 @@ + # RELATIVE_URL - if set, then URL is treated as a base, and FILENAME will be appended to it + # Note: uses OPENCV_DOWNLOAD_PATH folder as cache, default is <opencv>/.cache + ++set(OPENCV_ALLOW_DOWNLOADS ON CACHE BOOL "Allow downloads") + set(HELP_OPENCV_DOWNLOAD_PATH "Cache directory for downloaded files") + if(DEFINED ENV{OPENCV_DOWNLOAD_PATH}) + set(OPENCV_DOWNLOAD_PATH "$ENV{OPENCV_DOWNLOAD_PATH}" CACHE PATH "${HELP_OPENCV_DOWNLOAD_PATH}") +@@ -153,6 +154,11 @@ function(ocv_download) + + # Download + if(NOT EXISTS "${CACHE_CANDIDATE}") ++ if(NOT OPENCV_ALLOW_DOWNLOADS) ++ message(FATAL_ERROR "Not going to download ${DL_FILENAME}") ++ return() ++ endif() ++ + ocv_download_log("#cmake_download \"${CACHE_CANDIDATE}\" \"${DL_URL}\"") + file(DOWNLOAD "${DL_URL}" "${CACHE_CANDIDATE}" + INACTIVITY_TIMEOUT 60 diff --git a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb index 77b5dd60c4..f679ccb05f 100644 --- a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb +++ b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb @@ -15,6 +15,7 @@ SRCREV_contrib = "2c32791a9c500343568a21ea34bf2daeac2adae7" SRCREV_ipp = "32e315a5b106a7b89dbed51c28f8120a48b368b4" SRCREV_boostdesc = "34e4206aef44d50e6bbcd0ab06354b52e7466d26" SRCREV_vgg = "fccf7cd6a4b12079f73bbfb21745f9babcd4eb1d" +SRCREV_face = "8afa57abc8229d611c4937165d20e2a2d9fc5a12" def ipp_filename(d): import re @@ -41,20 +42,41 @@ SRC_URI = "git://github.com/opencv/opencv.git;name=opencv \ git://github.com/opencv/opencv_3rdparty.git;branch=ippicv/master_20180723;destsuffix=ipp;name=ipp \ git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_boostdesc_20161012;destsuffix=boostdesc;name=boostdesc \ git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_vgg_20160317;destsuffix=vgg;name=vgg \ + git://github.com/opencv/opencv_3rdparty.git;branch=contrib_face_alignment_20170818;destsuffix=face;name=face \ file://0001-3rdparty-ippicv-Use-pre-downloaded-ipp.patch \ file://0002-Make-opencv-ts-create-share-library-intead-of-static.patch \ file://0003-To-fix-errors-as-following.patch \ file://0001-Temporarliy-work-around-deprecated-ffmpeg-RAW-functi.patch \ file://0001-Dont-use-isystem.patch \ + file://download.patch \ " PV = "4.1.0" S = "${WORKDIR}/git" +# OpenCV wants to download more files during configure. We download these in +# do_fetch and construct a source cache in the format it expects +OPENCV_DLDIR = "${WORKDIR}/downloads" + do_unpack_extra() { tar xzf ${WORKDIR}/ipp/ippicv/${IPP_FILENAME} -C ${WORKDIR} - cp ${WORKDIR}/vgg/*.i ${WORKDIR}/contrib/modules/xfeatures2d/src - cp ${WORKDIR}/boostdesc/*.i ${WORKDIR}/contrib/modules/xfeatures2d/src + + md5() { + # Return the MD5 of $1 + echo $(md5sum $1 | cut -d' ' -f1) + } + cache() { + TAG=$1 + shift + mkdir --parents ${OPENCV_DLDIR}/$TAG + for F in $*; do + DEST=${OPENCV_DLDIR}/$TAG/$(md5 $F)-$(basename $F) + test -e $DEST || ln -s $F $DEST + done + } + cache xfeatures2d/boostdesc ${WORKDIR}/boostdesc/*.i + cache xfeatures2d/vgg ${WORKDIR}/vgg/*.i + cache data ${WORKDIR}/face/*.dat } addtask unpack_extra after do_unpack before do_patch @@ -64,16 +86,20 @@ EXTRA_OECMAKE = "-DOPENCV_EXTRA_MODULES_PATH=${WORKDIR}/contrib/modules \ -DCMAKE_SKIP_RPATH=ON \ -DOPENCV_ICV_HASH=${IPP_MD5} \ -DIPPROOT=${WORKDIR}/ippicv_lnx \ + -DOPENCV_GENERATE_PKGCONFIG=ON \ + -DOPENCV_DOWNLOAD_PATH=${OPENCV_DLDIR} \ + -DOPENCV_ALLOW_DOWNLOADS=OFF \ ${@bb.utils.contains("TARGET_CC_ARCH", "-msse3", "-DENABLE_SSE=1 -DENABLE_SSE2=1 -DENABLE_SSE3=1 -DENABLE_SSSE3=1", "", d)} \ ${@bb.utils.contains("TARGET_CC_ARCH", "-msse4.1", "-DENABLE_SSE=1 -DENABLE_SSE2=1 -DENABLE_SSE3=1 -DENABLE_SSSE3=1 -DENABLE_SSE41=1", "", d)} \ ${@bb.utils.contains("TARGET_CC_ARCH", "-msse4.2", "-DENABLE_SSE=1 -DENABLE_SSE2=1 -DENABLE_SSE3=1 -DENABLE_SSSE3=1 -DENABLE_SSE41=1 -DENABLE_SSE42=1", "", d)} \ " EXTRA_OECMAKE_append_x86 = " -DX86=ON" -PACKAGECONFIG ??= "python3 eigen jpeg png tiff v4l libv4l gstreamer samples tbb gphoto2 \ +PACKAGECONFIG ??= "gapi python3 eigen jpeg png tiff v4l libv4l gstreamer samples tbb gphoto2 \ ${@bb.utils.contains("DISTRO_FEATURES", "x11", "gtk", "", d)} \ ${@bb.utils.contains("LICENSE_FLAGS_WHITELIST", "commercial", "libav", "", d)}" +PACKAGECONFIG[gapi] = "-DWITH_ADE=ON -Dade_DIR=${STAGING_LIBDIR},-DWITH_ADE=OFF,ade" PACKAGECONFIG[amdblas] = "-DWITH_OPENCLAMDBLAS=ON,-DWITH_OPENCLAMDBLAS=OFF,libclamdblas," PACKAGECONFIG[amdfft] = "-DWITH_OPENCLAMDFFT=ON,-DWITH_OPENCLAMDFFT=OFF,libclamdfft," PACKAGECONFIG[dnn] = "-DBUILD_opencv_dnn=ON -DPROTOBUF_UPDATE_FILES=ON -DBUILD_PROTOBUF=OFF,-DBUILD_opencv_dnn=OFF,protobuf protobuf-native," diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2019-19479.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2019-19479.patch new file mode 100644 index 0000000000..73222ee1a4 --- /dev/null +++ b/meta-oe/recipes-support/opensc/opensc/CVE-2019-19479.patch @@ -0,0 +1,30 @@ +From c3f23b836e5a1766c36617fe1da30d22f7b63de2 Mon Sep 17 00:00:00 2001 +From: Frank Morgner <frankmorgner@gmail.com> +Date: Sun, 3 Nov 2019 04:45:28 +0100 +Subject: [PATCH] fixed UNKNOWN READ + +Upstream-Status: Accepted <or Backport> +CVE: CVE-2019-19479 + +Reported by OSS-Fuzz +https://oss-fuzz.com/testcase-detail/5681169970757632 + +Reference to upstream patch: +https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2 +--- + src/libopensc/card-setcos.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libopensc/card-setcos.c b/src/libopensc/card-setcos.c +index 4cf328ad6a..1b4e8f3e23 100644 +--- a/src/libopensc/card-setcos.c ++++ b/src/libopensc/card-setcos.c +@@ -868,7 +868,7 @@ static void parse_sec_attr_44(sc_file_t *file, const u8 *buf, size_t len) + } + + /* Encryption key present ? */ +- iPinCount = iACLen - 1; ++ iPinCount = iACLen > 0 ? iACLen - 1 : 0; + + if (buf[iOffset] & 0x20) { + int iSC; diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2019-19480.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2019-19480.patch new file mode 100644 index 0000000000..12c1f0b4af --- /dev/null +++ b/meta-oe/recipes-support/opensc/opensc/CVE-2019-19480.patch @@ -0,0 +1,34 @@ +From 6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen <jjelen@redhat.com> +Date: Wed, 23 Oct 2019 09:22:44 +0200 +Subject: [PATCH] pkcs15-prkey: Simplify cleaning memory after failure + +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478 + +Upstream-Status: Accepted +CVE: CVE-2019-19480 + +Reference to upstream patch: +https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7 +--- + src/libopensc/pkcs15-prkey.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/libopensc/pkcs15-prkey.c b/src/libopensc/pkcs15-prkey.c +index d3eee983..4b249582 100644 +--- a/src/libopensc/pkcs15-prkey.c ++++ b/src/libopensc/pkcs15-prkey.c +@@ -258,6 +258,10 @@ int sc_pkcs15_decode_prkdf_entry(struct sc_pkcs15_card *p15card, + memset(gostr3410_params, 0, sizeof(gostr3410_params)); + + r = sc_asn1_decode_choice(ctx, asn1_prkey, *buf, *buflen, buf, buflen); ++ if (r < 0) { ++ /* This might have allocated something. If so, clear it now */ ++ free(info.subject.value); ++ } + if (r == SC_ERROR_ASN1_END_OF_CONTENTS) + return r; + LOG_TEST_RET(ctx, r, "PrKey DF ASN.1 decoding failed"); +-- +2.17.1 + diff --git a/meta-oe/recipes-support/opensc/opensc_0.19.0.bb b/meta-oe/recipes-support/opensc/opensc_0.19.0.bb index bc1722e394..d26825a06d 100644 --- a/meta-oe/recipes-support/opensc/opensc_0.19.0.bb +++ b/meta-oe/recipes-support/opensc/opensc_0.19.0.bb @@ -15,6 +15,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7fbc338309ac38fefcd64b04bb903e34" SRCREV = "f1691fc91fc113191c3a8aaf5facd6983334ec47" SRC_URI = "git://github.com/OpenSC/OpenSC \ file://0001-Remove-redundant-logging.patch \ + file://CVE-2019-19479.patch \ + file://CVE-2019-19480.patch \ " DEPENDS = "openct pcsc-lite virtual/libiconv openssl" diff --git a/meta-oe/recipes-support/samsung-soc-utils/s3c24xx-gpio_svn.bb b/meta-oe/recipes-support/samsung-soc-utils/s3c24xx-gpio_git.bb index 255754d5d1..98573a062c 100644 --- a/meta-oe/recipes-support/samsung-soc-utils/s3c24xx-gpio_svn.bb +++ b/meta-oe/recipes-support/samsung-soc-utils/s3c24xx-gpio_git.bb @@ -3,11 +3,10 @@ SECTION = "console/utils" AUTHOR = "Werner Almesberger <werner@openmoko.org>" LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://gpio.c;endline=12;md5=cfb91c686857b2e60852b4925d90a3e1" -SRCREV = "4949" -PV = "1.0+svnr${SRCPV}" -PR = "r2" +PV = "1.0+git${SRCPV}" -SRC_URI = "svn://svn.openmoko.org/trunk/src/target;module=gpio;protocol=http" +SRCREV = "0bde889e6fc09a330d0e0b9eb9808b20b2bf13d1" +SRC_URI = "git://github.com/openmoko/openmoko-svn.git;protocol=https;subpath=src/target/gpio" S = "${WORKDIR}/gpio" CLEANBROKEN = "1" diff --git a/meta-oe/recipes-support/samsung-soc-utils/s3c64xx-gpio_svn.bb b/meta-oe/recipes-support/samsung-soc-utils/s3c64xx-gpio_git.bb index 976a4f15ec..99781718c8 100644 --- a/meta-oe/recipes-support/samsung-soc-utils/s3c64xx-gpio_svn.bb +++ b/meta-oe/recipes-support/samsung-soc-utils/s3c64xx-gpio_git.bb @@ -3,10 +3,10 @@ SECTION = "console/utils" AUTHOR = "Werner Almesberger <werner@openmoko.org>" LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://gpio-s3c6410.c;endline=12;md5=060cda1be945ad9194593f11d56d55c7" -SRCREV = "4949" -PV = "1.0+svnr${SRCPV}" +PV = "1.0+git${SRCPV}" -SRC_URI = "svn://svn.openmoko.org/trunk/src/target;module=gpio;protocol=http" +SRCREV = "0bde889e6fc09a330d0e0b9eb9808b20b2bf13d1" +SRC_URI = "git://github.com/openmoko/openmoko-svn.git;protocol=https;subpath=src/target/gpio" S = "${WORKDIR}/gpio" CLEANBROKEN = "1" diff --git a/meta-oe/recipes-support/samsung-soc-utils/sjf2410-linux-native_svn.bb b/meta-oe/recipes-support/samsung-soc-utils/sjf2410-linux-native_git.bb index 9e609c4dd8..7d468bae18 100644 --- a/meta-oe/recipes-support/samsung-soc-utils/sjf2410-linux-native_svn.bb +++ b/meta-oe/recipes-support/samsung-soc-utils/sjf2410-linux-native_git.bb @@ -3,13 +3,12 @@ SECTION = "devel" AUTHOR = "Harald Welte <laforge@openmoko.org>" LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://parport.c;endline=19;md5=b5681091b0fd8c5f7068835c441bf0c8" -SRCREV = "4268" -PV = "0.1+svnr${SRCPV}" -PR = "r1" +PV = "1.0+git${SRCPV}" -SRC_URI = "svn://svn.openmoko.org/trunk/src/host/;module=sjf2410-linux;protocol=http \ - file://0001-ppt.c-Do-not-include-sys-io.h.patch \ - " +SRCREV = "0bde889e6fc09a330d0e0b9eb9808b20b2bf13d1" +SRC_URI = "git://github.com/openmoko/openmoko-svn.git;protocol=https;subpath=src/host/sjf2410-linux \ + file://0001-ppt.c-Do-not-include-sys-io.h.patch \ +" S = "${WORKDIR}/sjf2410-linux" inherit native deploy diff --git a/meta-oe/recipes-support/usbpath/usbpath_svn.bb b/meta-oe/recipes-support/usbpath/usbpath_git.bb index 6c9cd049fe..a3c75901fb 100644 --- a/meta-oe/recipes-support/usbpath/usbpath_svn.bb +++ b/meta-oe/recipes-support/usbpath/usbpath_git.bb @@ -8,12 +8,12 @@ DEPENDS_class-native = "virtual/libusb0-native" BBCLASSEXTEND = "native" -SRCREV = "3172" -PV = "0.0+svnr${SRCPV}" - -SRC_URI = "svn://svn.openmoko.org/trunk/src/host;module=usbpath;protocol=http \ - file://configure.patch" +PV = "1.0+git${SRCPV}" +SRCREV = "0bde889e6fc09a330d0e0b9eb9808b20b2bf13d1" +SRC_URI = "git://github.com/openmoko/openmoko-svn.git;protocol=https;subpath=src/host/usbpath \ + file://configure.patch \ +" S = "${WORKDIR}/usbpath" inherit autotools pkgconfig diff --git a/meta-oe/recipes-support/wmiconfig/wmiconfig_svn.bb b/meta-oe/recipes-support/wmiconfig/wmiconfig_git.bb index c66572b1c1..23273caf8e 100644 --- a/meta-oe/recipes-support/wmiconfig/wmiconfig_svn.bb +++ b/meta-oe/recipes-support/wmiconfig/wmiconfig_git.bb @@ -2,14 +2,13 @@ SUMMARY = "Atheros 6K Wifi configuration utility" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://wmiconfig.c;endline=19;md5=4394a56bca1c5b2446c9f8e406c82911" SECTION = "console/network" -SRCREV = "5394" -PV = "0.0.0+svnr${SRCPV}" -PR = "r2" +PV = "1.0+git${SRCPV}" -SRC_URI = "svn://svn.openmoko.org/trunk/src/target;module=AR6kSDK.build_sw.18;protocol=http \ - file://0001-makefile-Pass-CFLAGS-to-compile.patch \ - file://0002-fix-err-API-to-have-format-string.patch \ - " +SRCREV = "0bde889e6fc09a330d0e0b9eb9808b20b2bf13d1" +SRC_URI = "git://github.com/openmoko/openmoko-svn.git;protocol=https;subpath=src/target/AR6kSDK.build_sw.18 \ + file://0001-makefile-Pass-CFLAGS-to-compile.patch \ + file://0002-fix-err-API-to-have-format-string.patch \ +" S = "${WORKDIR}/AR6kSDK.build_sw.18/host/tools/wmiconfig" CLEANBROKEN = "1" |