diff options
162 files changed, 8031 insertions, 1187 deletions
diff --git a/bitbake/bin/toaster b/bitbake/bin/toaster index 4036f0ad58..ed365ee82e 100755 --- a/bitbake/bin/toaster +++ b/bitbake/bin/toaster @@ -68,7 +68,7 @@ webserverKillAll() if [ -f ${pidfile} ]; then pid=`cat ${pidfile}` while kill -0 $pid 2>/dev/null; do - kill -SIGTERM -$pid 2>/dev/null + kill -SIGTERM $pid 2>/dev/null sleep 1 done rm ${pidfile} @@ -91,7 +91,7 @@ webserverStartAll() echo "Starting webserver..." - $MANAGE runserver "$ADDR_PORT" \ + $MANAGE runserver --noreload "$ADDR_PORT" \ </dev/null >>${BUILDDIR}/toaster_web.log 2>&1 \ & echo $! >${BUILDDIR}/.toastermain.pid diff --git a/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.xml b/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.xml index c721e86eb9..43eae6b853 100644 --- a/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.xml +++ b/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.xml @@ -588,6 +588,14 @@ The name of the path in which to place the checkout. By default, the path is <filename>git/</filename>. </para></listitem> + <listitem><para><emphasis>"usehead":</emphasis> + Enables local <filename>git://</filename> URLs to use the + current branch HEAD as the revision for use with + <filename>AUTOREV</filename>. + The "usehead" parameter implies no branch and only works + when the transfer protocol is + <filename>file://</filename>. + </para></listitem> </itemizedlist> Here are some example URLs: <literallayout class='monospaced'> diff --git a/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.xml b/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.xml index 0cfa53d02b..918d0fbcb6 100644 --- a/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.xml +++ b/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.xml @@ -502,7 +502,7 @@ </section> <section id='unsetting-variables'> - <title>Unseting variables</title> + <title>Unsetting variables</title> <para> It is possible to completely remove a variable or a variable flag diff --git a/bitbake/lib/bb/checksum.py b/bitbake/lib/bb/checksum.py index 84289208f4..4e1598fe83 100644 --- a/bitbake/lib/bb/checksum.py +++ b/bitbake/lib/bb/checksum.py @@ -97,6 +97,8 @@ class FileChecksumCache(MultiProcessCache): def checksum_dir(pth): # Handle directories recursively + if pth == "/": + bb.fatal("Refusing to checksum /") dirchecksums = [] for root, dirs, files in os.walk(pth): for name in files: diff --git a/bitbake/lib/bb/fetch2/__init__.py b/bitbake/lib/bb/fetch2/__init__.py index f70f1b5157..e758a68180 100644 --- a/bitbake/lib/bb/fetch2/__init__.py +++ b/bitbake/lib/bb/fetch2/__init__.py @@ -853,6 +853,9 @@ def runfetchcmd(cmd, d, quiet=False, cleanup=None, log=None, workdir=None): if val: cmd = 'export ' + var + '=\"%s\"; %s' % (val, cmd) + # Disable pseudo as it may affect ssh, potentially causing it to hang. + cmd = 'export PSEUDO_DISABLED=1; ' + cmd + logger.debug(1, "Running %s", cmd) success = False diff --git a/bitbake/lib/bb/fetch2/clearcase.py b/bitbake/lib/bb/fetch2/clearcase.py index 36beab6a5b..3a6573d0b2 100644 --- a/bitbake/lib/bb/fetch2/clearcase.py +++ b/bitbake/lib/bb/fetch2/clearcase.py @@ -69,7 +69,6 @@ from bb.fetch2 import FetchMethod from bb.fetch2 import FetchError from bb.fetch2 import runfetchcmd from bb.fetch2 import logger -from distutils import spawn class ClearCase(FetchMethod): """Class to fetch urls via 'clearcase'""" @@ -107,7 +106,7 @@ class ClearCase(FetchMethod): else: ud.module = "" - ud.basecmd = d.getVar("FETCHCMD_ccrc") or spawn.find_executable("cleartool") or spawn.find_executable("rcleartool") + ud.basecmd = d.getVar("FETCHCMD_ccrc") or "/usr/bin/env cleartool || rcleartool" if d.getVar("SRCREV") == "INVALID": raise FetchError("Set a valid SRCREV for the clearcase fetcher in your recipe, e.g. SRCREV = \"/main/LATEST\" or any other label of your choice.") diff --git a/bitbake/lib/bb/fetch2/npm.py b/bitbake/lib/bb/fetch2/npm.py index b5f148ca03..ccc287b164 100644 --- a/bitbake/lib/bb/fetch2/npm.py +++ b/bitbake/lib/bb/fetch2/npm.py @@ -32,7 +32,6 @@ from bb.fetch2 import runfetchcmd from bb.fetch2 import logger from bb.fetch2 import UnpackError from bb.fetch2 import ParameterError -from distutils import spawn def subprocess_setup(): # Python installs a SIGPIPE handler by default. This is usually not what diff --git a/bitbake/lib/bb/main.py b/bitbake/lib/bb/main.py index 7711b290de..85d933266b 100755 --- a/bitbake/lib/bb/main.py +++ b/bitbake/lib/bb/main.py @@ -401,9 +401,6 @@ def setup_bitbake(configParams, configuration, extrafeatures=None): # In status only mode there are no logs and no UI logger.addHandler(handler) - # Clear away any spurious environment variables while we stoke up the cooker - cleanedvars = bb.utils.clean_environment() - if configParams.server_only: featureset = [] ui_module = None @@ -419,6 +416,10 @@ def setup_bitbake(configParams, configuration, extrafeatures=None): server_connection = None + # Clear away any spurious environment variables while we stoke up the cooker + # (done after import_extension_module() above since for example import gi triggers env var usage) + cleanedvars = bb.utils.clean_environment() + if configParams.remote_server: # Connect to a remote XMLRPC server server_connection = bb.server.xmlrpcclient.connectXMLRPC(configParams.remote_server, featureset, diff --git a/bitbake/lib/bb/tests/fetch.py b/bitbake/lib/bb/tests/fetch.py index 7d7c5d7ff9..53146d9034 100644 --- a/bitbake/lib/bb/tests/fetch.py +++ b/bitbake/lib/bb/tests/fetch.py @@ -757,12 +757,12 @@ class FetchLatestVersionTest(FetcherTest): ("dtc", "git://git.qemu.org/dtc.git", "65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf", "") : "1.4.0", # combination version pattern - ("sysprof", "git://git.gnome.org/sysprof", "cd44ee6644c3641507fb53b8a2a69137f2971219", "") + ("sysprof", "git://gitlab.gnome.org/GNOME/sysprof;protocol=https", "cd44ee6644c3641507fb53b8a2a69137f2971219", "") : "1.2.0", ("u-boot-mkimage", "git://git.denx.de/u-boot.git;branch=master;protocol=git", "62c175fbb8a0f9a926c88294ea9f7e88eb898f6c", "") : "2014.01", # version pattern "yyyymmdd" - ("mobile-broadband-provider-info", "git://git.gnome.org/mobile-broadband-provider-info", "4ed19e11c2975105b71b956440acdb25d46a347d", "") + ("mobile-broadband-provider-info", "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info;protocol=https", "4ed19e11c2975105b71b956440acdb25d46a347d", "") : "20120614", # packages with a valid UPSTREAM_CHECK_GITTAGREGEX ("xf86-video-omap", "git://anongit.freedesktop.org/xorg/driver/xf86-video-omap", "ae0394e687f1a77e966cf72f895da91840dffb8f", "(?P<pver>(\d+\.(\d\.?)*))") @@ -796,8 +796,8 @@ class FetchLatestVersionTest(FetcherTest): # packages with valid UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX ("cups", "http://www.cups.org/software/1.7.2/cups-1.7.2-source.tar.bz2", "https://github.com/apple/cups/releases", "(?P<name>cups\-)(?P<pver>((\d+[\.\-_]*)+))\-source\.tar\.gz") : "2.0.0", - ("db", "http://download.oracle.com/berkeley-db/db-5.3.21.tar.gz", "http://www.oracle.com/technetwork/products/berkeleydb/downloads/index-082944.html", "http://download.oracle.com/otn/berkeley-db/(?P<name>db-)(?P<pver>((\d+[\.\-_]*)+))\.tar\.gz") - : "6.1.19", + ("db", "http://download.oracle.com/berkeley-db/db-5.3.21.tar.gz", "http://ftp.debian.org/debian/pool/main/d/db5.3/", "(?P<name>db5\.3_)(?P<pver>\d+(\.\d+)+).+\.orig\.tar\.xz") + : "5.3.10", } @skipIfNoNetwork() diff --git a/bitbake/lib/bb/utils.py b/bitbake/lib/bb/utils.py index c540b49cf6..f75312399b 100644 --- a/bitbake/lib/bb/utils.py +++ b/bitbake/lib/bb/utils.py @@ -523,12 +523,17 @@ def md5_file(filename): """ Return the hex string representation of the MD5 checksum of filename. """ - import hashlib - m = hashlib.md5() + import hashlib, mmap with open(filename, "rb") as f: - for line in f: - m.update(line) + m = hashlib.md5() + try: + with mmap.mmap(f.fileno(), 0, access=mmap.ACCESS_READ) as mm: + for chunk in iter(lambda: mm.read(8192), b''): + m.update(chunk) + except ValueError: + # You can't mmap() an empty file so silence this exception + pass return m.hexdigest() def sha256_file(filename): diff --git a/bitbake/lib/toaster/bldcontrol/management/commands/checksettings.py b/bitbake/lib/toaster/bldcontrol/management/commands/checksettings.py index 582114ac97..823c6f154a 100644 --- a/bitbake/lib/toaster/bldcontrol/management/commands/checksettings.py +++ b/bitbake/lib/toaster/bldcontrol/management/commands/checksettings.py @@ -107,7 +107,10 @@ class Command(BaseCommand): action="ignore", message="^.*No fixture named.*$") print("Importing custom settings if present") - call_command("loaddata", "custom") + try: + call_command("loaddata", "custom") + except: + print("NOTE: optional fixture 'custom' not found") # we run lsupdates after config update print("\nFetching information from the layer index, " diff --git a/documentation/bsp-guide/bsp-guide.xml b/documentation/bsp-guide/bsp-guide.xml index 576ed18b15..cdb3495486 100644 --- a/documentation/bsp-guide/bsp-guide.xml +++ b/documentation/bsp-guide/bsp-guide.xml @@ -32,86 +32,6 @@ <revhistory> <revision> - <revnumber>0.9</revnumber> - <date>24 November 2010</date> - <revremark>The initial document draft released with the Yocto Project 0.9 Release.</revremark> - </revision> - <revision> - <revnumber>1.0</revnumber> - <date>6 April 2011</date> - <revremark>Released with the Yocto Project 1.0 Release.</revremark> - </revision> - <revision> - <revnumber>1.0.1</revnumber> - <date>23 May 2011</date> - <revremark>Released with the Yocto Project 1.0.1 Release.</revremark> - </revision> - <revision> - <revnumber>1.1</revnumber> - <date>6 October 2011</date> - <revremark>Released with the Yocto Project 1.1 Release.</revremark> - </revision> - <revision> - <revnumber>1.2</revnumber> - <date>April 2012</date> - <revremark>Released with the Yocto Project 1.2 Release.</revremark> - </revision> - <revision> - <revnumber>1.3</revnumber> - <date>October 2012</date> - <revremark>Released with the Yocto Project 1.3 Release.</revremark> - </revision> - <revision> - <revnumber>1.4</revnumber> - <date>April 2013</date> - <revremark>Released with the Yocto Project 1.4 Release.</revremark> - </revision> - <revision> - <revnumber>1.5</revnumber> - <date>October 2013</date> - <revremark>Released with the Yocto Project 1.5 Release.</revremark> - </revision> - <revision> - <revnumber>1.5.1</revnumber> - <date>January 2014</date> - <revremark>Released with the Yocto Project 1.5.1 Release.</revremark> - </revision> - <revision> - <revnumber>1.6</revnumber> - <date>April 2014</date> - <revremark>Released with the Yocto Project 1.6 Release.</revremark> - </revision> - <revision> - <revnumber>1.7</revnumber> - <date>October 2014</date> - <revremark>Released with the Yocto Project 1.7 Release.</revremark> - </revision> - <revision> - <revnumber>1.8</revnumber> - <date>April 2015</date> - <revremark>Released with the Yocto Project 1.8 Release.</revremark> - </revision> - <revision> - <revnumber>2.0</revnumber> - <date>October 2015</date> - <revremark>Released with the Yocto Project 2.0 Release.</revremark> - </revision> - <revision> - <revnumber>2.1</revnumber> - <date>April 2016</date> - <revremark>Released with the Yocto Project 2.1 Release.</revremark> - </revision> - <revision> - <revnumber>2.2</revnumber> - <date>October 2016</date> - <revremark>Released with the Yocto Project 2.2 Release.</revremark> - </revision> - <revision> - <revnumber>2.3</revnumber> - <date>May 2017</date> - <revremark>Released with the Yocto Project 2.3 Release.</revremark> - </revision> - <revision> <revnumber>2.4</revnumber> <date>October 2017</date> <revremark>Released with the Yocto Project 2.4 Release.</revremark> @@ -126,6 +46,16 @@ <date>March 2018</date> <revremark>Released with the Yocto Project 2.4.2 Release.</revremark> </revision> + <revision> + <revnumber>2.4.3</revnumber> + <date>June 2018</date> + <revremark>Released with the Yocto Project 2.4.3 Release.</revremark> + </revision> + <revision> + <revnumber>2.4.4</revnumber> + <date>&REL_MONTH_YEAR;</date> + <revremark>Released with the Yocto Project 2.4.4 Release.</revremark> + </revision> </revhistory> <copyright> @@ -142,28 +72,40 @@ <itemizedlist> <listitem><para> This version of the - <emphasis>Yocto Project Board Support Package Developer's Guide</emphasis> + <emphasis>Yocto Project Board Support Package (BSP) Developer's Guide</emphasis> is for the &YOCTO_DOC_VERSION; release of the Yocto Project. To be sure you have the latest version of the manual - for this release, use the manual from the - <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>. + for this release, go to the + <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> + and select the manual from that site. + Manuals from the site are more up-to-date than manuals + derived from the Yocto Project released TAR files. </para></listitem> <listitem><para> - For manuals associated with other releases of the Yocto - Project, go to the + If you located this manual through a web search, the + version of the manual might not be the one you want + (e.g. the search might have returned a manual much + older than the Yocto Project version with which you + are working). + You can see all Yocto Project major releases by + visiting the + <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink> + page. + If you need a version of this manual for a different + Yocto Project release, visit the <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> - and use the drop-down "Active Releases" button - and choose the manual associated with the desired - Yocto Project. + and select the manual set by using the + "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE" + pull-down menus. </para></listitem> <listitem><para> - To report any inaccuracies or problems with this - manual, send an email to the Yocto Project - discussion group at - <filename>yocto@yoctoproject.com</filename> or log into - the freenode <filename>#yocto</filename> channel. - </para></listitem> + To report any inaccuracies or problems with this + manual, send an email to the Yocto Project + discussion group at + <filename>yocto@yoctoproject.com</filename> or log into + the freenode <filename>#yocto</filename> channel. + </para></listitem> </itemizedlist> </note> </legalnotice> diff --git a/documentation/dev-manual/dev-manual.xml b/documentation/dev-manual/dev-manual.xml index ed8011dc1c..a906bda3df 100644 --- a/documentation/dev-manual/dev-manual.xml +++ b/documentation/dev-manual/dev-manual.xml @@ -32,71 +32,6 @@ <revhistory> <revision> - <revnumber>1.1</revnumber> - <date>6 October 2011</date> - <revremark>The initial document released with the Yocto Project 1.1 Release.</revremark> - </revision> - <revision> - <revnumber>1.2</revnumber> - <date>April 2012</date> - <revremark>Released with the Yocto Project 1.2 Release.</revremark> - </revision> - <revision> - <revnumber>1.3</revnumber> - <date>October 2012</date> - <revremark>Released with the Yocto Project 1.3 Release.</revremark> - </revision> - <revision> - <revnumber>1.4</revnumber> - <date>April 2013</date> - <revremark>Released with the Yocto Project 1.4 Release.</revremark> - </revision> - <revision> - <revnumber>1.5</revnumber> - <date>October 2013</date> - <revremark>Released with the Yocto Project 1.5 Release.</revremark> - </revision> - <revision> - <revnumber>1.5.1</revnumber> - <date>January 2014</date> - <revremark>Released with the Yocto Project 1.5.1 Release.</revremark> - </revision> - <revision> - <revnumber>1.6</revnumber> - <date>April 2014</date> - <revremark>Released with the Yocto Project 1.6 Release.</revremark> - </revision> - <revision> - <revnumber>1.7</revnumber> - <date>October 2014</date> - <revremark>Released with the Yocto Project 1.7 Release.</revremark> - </revision> - <revision> - <revnumber>1.8</revnumber> - <date>April 2015</date> - <revremark>Released with the Yocto Project 1.8 Release.</revremark> - </revision> - <revision> - <revnumber>2.0</revnumber> - <date>October 2015</date> - <revremark>Released with the Yocto Project 2.0 Release.</revremark> - </revision> - <revision> - <revnumber>2.1</revnumber> - <date>April 2016</date> - <revremark>Released with the Yocto Project 2.1 Release.</revremark> - </revision> - <revision> - <revnumber>2.2</revnumber> - <date>October 2016</date> - <revremark>Released with the Yocto Project 2.2 Release.</revremark> - </revision> - <revision> - <revnumber>2.3</revnumber> - <date>May 2017</date> - <revremark>Released with the Yocto Project 2.3 Release.</revremark> - </revision> - <revision> <revnumber>2.4</revnumber> <date>October 2017</date> <revremark>Released with the Yocto Project 2.4 Release.</revremark> @@ -111,6 +46,16 @@ <date>March 2018</date> <revremark>Released with the Yocto Project 2.4.2 Release.</revremark> </revision> + <revision> + <revnumber>2.4.3</revnumber> + <date>June 2018</date> + <revremark>Released with the Yocto Project 2.4.3 Release.</revremark> + </revision> + <revision> + <revnumber>2.4.4</revnumber> + <date>&REL_MONTH_YEAR;</date> + <revremark>Released with the Yocto Project 2.4.4 Release.</revremark> + </revision> </revhistory> <copyright> @@ -125,6 +70,7 @@ Creative Commons Attribution-Share Alike 2.0 UK: England & Wales</ulink> as published by Creative Commons. </para> + <note><title>Manual Notes</title> <itemizedlist> <listitem><para> @@ -133,24 +79,36 @@ is for the &YOCTO_DOC_VERSION; release of the Yocto Project. To be sure you have the latest version of the manual - for this release, use the manual from the - <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>. + for this release, go to the + <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> + and select the manual from that site. + Manuals from the site are more up-to-date than manuals + derived from the Yocto Project released TAR files. </para></listitem> <listitem><para> - For manuals associated with other releases of the Yocto - Project, go to the + If you located this manual through a web search, the + version of the manual might not be the one you want + (e.g. the search might have returned a manual much + older than the Yocto Project version with which you + are working). + You can see all Yocto Project major releases by + visiting the + <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink> + page. + If you need a version of this manual for a different + Yocto Project release, visit the <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> - and use the drop-down "Active Releases" button - and choose the manual associated with the desired - Yocto Project. + and select the manual set by using the + "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE" + pull-down menus. </para></listitem> <listitem><para> - To report any inaccuracies or problems with this - manual, send an email to the Yocto Project - discussion group at - <filename>yocto@yoctoproject.com</filename> or log into - the freenode <filename>#yocto</filename> channel. - </para></listitem> + To report any inaccuracies or problems with this + manual, send an email to the Yocto Project + discussion group at + <filename>yocto@yoctoproject.com</filename> or log into + the freenode <filename>#yocto</filename> channel. + </para></listitem> </itemizedlist> </note> </legalnotice> diff --git a/documentation/kernel-dev/kernel-dev.xml b/documentation/kernel-dev/kernel-dev.xml index ec36d24491..e5f829182f 100644 --- a/documentation/kernel-dev/kernel-dev.xml +++ b/documentation/kernel-dev/kernel-dev.xml @@ -32,56 +32,6 @@ <revhistory> <revision> - <revnumber>1.4</revnumber> - <date>April 2013</date> - <revremark>Released with the Yocto Project 1.4 Release.</revremark> - </revision> - <revision> - <revnumber>1.5</revnumber> - <date>October 2013</date> - <revremark>Released with the Yocto Project 1.5 Release.</revremark> - </revision> - <revision> - <revnumber>1.5.1</revnumber> - <date>January 2014</date> - <revremark>Released with the Yocto Project 1.5.1 Release.</revremark> - </revision> - <revision> - <revnumber>1.6</revnumber> - <date>April 2014</date> - <revremark>Released with the Yocto Project 1.6 Release.</revremark> - </revision> - <revision> - <revnumber>1.7</revnumber> - <date>October 2014</date> - <revremark>Released with the Yocto Project 1.7 Release.</revremark> - </revision> - <revision> - <revnumber>1.8</revnumber> - <date>April 2015</date> - <revremark>Released with the Yocto Project 1.8 Release.</revremark> - </revision> - <revision> - <revnumber>2.0</revnumber> - <date>October 2015</date> - <revremark>Released with the Yocto Project 2.0 Release.</revremark> - </revision> - <revision> - <revnumber>2.1</revnumber> - <date>April 2016</date> - <revremark>Released with the Yocto Project 2.1 Release.</revremark> - </revision> - <revision> - <revnumber>2.2</revnumber> - <date>October 2016</date> - <revremark>Released with the Yocto Project 2.2 Release.</revremark> - </revision> - <revision> - <revnumber>2.3</revnumber> - <date>May 2017</date> - <revremark>Released with the Yocto Project 2.3 Release.</revremark> - </revision> - <revision> <revnumber>2.4</revnumber> <date>October 2017</date> <revremark>Released with the Yocto Project 2.4 Release.</revremark> @@ -96,6 +46,16 @@ <date>March 2018</date> <revremark>Released with the Yocto Project 2.4.2 Release.</revremark> </revision> + <revision> + <revnumber>2.4.3</revnumber> + <date>June 2018</date> + <revremark>Released with the Yocto Project 2.4.3 Release.</revremark> + </revision> + <revision> + <revnumber>2.4.4</revnumber> + <date>&REL_MONTH_YEAR;</date> + <revremark>Released with the Yocto Project 2.4.4 Release.</revremark> + </revision> </revhistory> <copyright> @@ -116,24 +76,36 @@ is for the &YOCTO_DOC_VERSION; release of the Yocto Project. To be sure you have the latest version of the manual - for this release, use the manual from the - <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>. + for this release, go to the + <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> + and select the manual from that site. + Manuals from the site are more up-to-date than manuals + derived from the Yocto Project released TAR files. </para></listitem> <listitem><para> - For manuals associated with other releases of the Yocto - Project, go to the + If you located this manual through a web search, the + version of the manual might not be the one you want + (e.g. the search might have returned a manual much + older than the Yocto Project version with which you + are working). + You can see all Yocto Project major releases by + visiting the + <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink> + page. + If you need a version of this manual for a different + Yocto Project release, visit the <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> - and use the drop-down "Active Releases" button - and choose the manual associated with the desired - Yocto Project. + and select the manual set by using the + "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE" + pull-down menus. </para></listitem> <listitem><para> - To report any inaccuracies or problems with this - manual, send an email to the Yocto Project - discussion group at - <filename>yocto@yoctoproject.com</filename> or log into - the freenode <filename>#yocto</filename> channel. - </para></listitem> + To report any inaccuracies or problems with this + manual, send an email to the Yocto Project + discussion group at + <filename>yocto@yoctoproject.com</filename> or log into + the freenode <filename>#yocto</filename> channel. + </para></listitem> </itemizedlist> </note> </legalnotice> diff --git a/documentation/mega-manual/mega-manual.xml b/documentation/mega-manual/mega-manual.xml index a941d799a1..bae7c8330a 100644 --- a/documentation/mega-manual/mega-manual.xml +++ b/documentation/mega-manual/mega-manual.xml @@ -41,31 +41,6 @@ <revhistory> <revision> - <revnumber>1.8</revnumber> - <date>April 2015</date> - <revremark>Released with the Yocto Project 1.8 Release.</revremark> - </revision> - <revision> - <revnumber>2.0</revnumber> - <date>October 2015</date> - <revremark>Released with the Yocto Project 2.0 Release.</revremark> - </revision> - <revision> - <revnumber>2.1</revnumber> - <date>April 2016</date> - <revremark>Released with the Yocto Project 2.1 Release.</revremark> - </revision> - <revision> - <revnumber>2.2</revnumber> - <date>October 2016</date> - <revremark>Released with the Yocto Project 2.2 Release.</revremark> - </revision> - <revision> - <revnumber>2.3</revnumber> - <date>May 2017</date> - <revremark>Released with the Yocto Project 2.3 Release.</revremark> - </revision> - <revision> <revnumber>2.4</revnumber> <date>October 2017</date> <revremark>Released with the Yocto Project 2.4 Release.</revremark> @@ -80,6 +55,16 @@ <date>March 2018</date> <revremark>Released with the Yocto Project 2.4.2 Release.</revremark> </revision> + <revision> + <revnumber>2.4.3</revnumber> + <date>June 2018</date> + <revremark>Released with the Yocto Project 2.4.3 Release.</revremark> + </revision> + <revision> + <revnumber>2.4.4</revnumber> + <date>&REL_MONTH_YEAR;</date> + <revremark>Released with the Yocto Project 2.4.4 Release.</revremark> + </revision> </revhistory> <copyright> @@ -100,24 +85,36 @@ is for the &YOCTO_DOC_VERSION; release of the Yocto Project. To be sure you have the latest version of the manual - for this release, use the manual from the - <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>. + for this release, go to the + <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> + and select the manual from that site. + Manuals from the site are more up-to-date than manuals + derived from the Yocto Project released TAR files. </para></listitem> <listitem><para> - For manuals associated with other releases of the Yocto - Project, go to the + If you located this manual through a web search, the + version of the manual might not be the one you want + (e.g. the search might have returned a manual much + older than the Yocto Project version with which you + are working). + You can see all Yocto Project major releases by + visiting the + <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink> + page. + If you need a version of this manual for a different + Yocto Project release, visit the <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> - and use the drop-down "Active Releases" button - and choose the manual associated with the desired - Yocto Project. + and select the manual set by using the + "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE" + pull-down menus. </para></listitem> <listitem><para> - To report any inaccuracies or problems with this - manual, send an email to the Yocto Project - discussion group at - <filename>yocto@yoctoproject.com</filename> or log into - the freenode <filename>#yocto</filename> channel. - </para></listitem> + To report any inaccuracies or problems with this + manual, send an email to the Yocto Project + discussion group at + <filename>yocto@yoctoproject.com</filename> or log into + the freenode <filename>#yocto</filename> channel. + </para></listitem> </itemizedlist> </note> diff --git a/documentation/poky.ent b/documentation/poky.ent index db3eef0862..94c71b4135 100644 --- a/documentation/poky.ent +++ b/documentation/poky.ent @@ -1,15 +1,16 @@ -<!ENTITY DISTRO "2.4.2"> -<!ENTITY DISTRO_COMPRESSED "242"> +<!ENTITY DISTRO "2.4.4"> +<!ENTITY DISTRO_COMPRESSED "244"> <!ENTITY DISTRO_NAME_NO_CAP "rocko"> <!ENTITY DISTRO_NAME "Rocko"> -<!ENTITY YOCTO_DOC_VERSION "2.4.2"> -<!ENTITY DISTRO_REL_TAG "yocto-2.4.2"> -<!ENTITY METAINTELVERSION "8.0"> +<!ENTITY YOCTO_DOC_VERSION "2.4.4"> +<!ENTITY DISTRO_REL_TAG "yocto-2.4.4"> +<!ENTITY METAINTELVERSION "8.1"> +<!ENTITY REL_MONTH_YEAR "November 2018"> <!ENTITY META_INTEL_REL_TAG "&METAINTELVERSION;-&DISTRO_NAME_NO_CAP;-&YOCTO_DOC_VERSION;"> -<!ENTITY POKYVERSION "19.0.2"> -<!ENTITY POKYVERSION_COMPRESSED "1902"> +<!ENTITY POKYVERSION "18.0.4"> +<!ENTITY POKYVERSION_COMPRESSED "1804"> <!ENTITY YOCTO_POKY "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;"> -<!ENTITY COPYRIGHT_YEAR "2010-2018"> +<!ENTITY COPYRIGHT_YEAR "2010-2019"> <!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org"> <!ENTITY YOCTO_HOME_URL "http://www.yoctoproject.org"> <!ENTITY YOCTO_LISTS_URL "http://lists.yoctoproject.org"> diff --git a/documentation/profile-manual/profile-manual.xml b/documentation/profile-manual/profile-manual.xml index f742e88718..23ac3fdc3a 100644 --- a/documentation/profile-manual/profile-manual.xml +++ b/documentation/profile-manual/profile-manual.xml @@ -32,56 +32,6 @@ <revhistory> <revision> - <revnumber>1.4</revnumber> - <date>April 2013</date> - <revremark>Released with the Yocto Project 1.4 Release.</revremark> - </revision> - <revision> - <revnumber>1.5</revnumber> - <date>October 2013</date> - <revremark>Released with the Yocto Project 1.5 Release.</revremark> - </revision> - <revision> - <revnumber>1.5.1</revnumber> - <date>January 2014</date> - <revremark>Released with the Yocto Project 1.5.1 Release.</revremark> - </revision> - <revision> - <revnumber>1.6</revnumber> - <date>April 2014</date> - <revremark>Released with the Yocto Project 1.6 Release.</revremark> - </revision> - <revision> - <revnumber>1.7</revnumber> - <date>October 2014</date> - <revremark>Released with the Yocto Project 1.7 Release.</revremark> - </revision> - <revision> - <revnumber>1.8</revnumber> - <date>April 2015</date> - <revremark>Released with the Yocto Project 1.8 Release.</revremark> - </revision> - <revision> - <revnumber>2.0</revnumber> - <date>October 2015</date> - <revremark>Released with the Yocto Project 2.0 Release.</revremark> - </revision> - <revision> - <revnumber>2.1</revnumber> - <date>April 2016</date> - <revremark>Released with the Yocto Project 2.1 Release.</revremark> - </revision> - <revision> - <revnumber>2.2</revnumber> - <date>October 2016</date> - <revremark>Released with the Yocto Project 2.2 Release.</revremark> - </revision> - <revision> - <revnumber>2.3</revnumber> - <date>May 2017</date> - <revremark>Released with the Yocto Project 2.3 Release.</revremark> - </revision> - <revision> <revnumber>2.4</revnumber> <date>October 2017</date> <revremark>Released with the Yocto Project 2.4 Release.</revremark> @@ -96,6 +46,16 @@ <date>March 2018</date> <revremark>Released with the Yocto Project 2.4.2 Release.</revremark> </revision> + <revision> + <revnumber>2.4.3</revnumber> + <date>June 2018</date> + <revremark>Released with the Yocto Project 2.4.3 Release.</revremark> + </revision> + <revision> + <revnumber>2.4.4</revnumber> + <date>&REL_MONTH_YEAR;</date> + <revremark>Released with the Yocto Project 2.4.4 Release.</revremark> + </revision> </revhistory> <copyright> @@ -110,6 +70,7 @@ Creative Commons Attribution-Share Alike 2.0 UK: England & Wales</ulink> as published by Creative Commons. </para> + <note><title>Manual Notes</title> <itemizedlist> <listitem><para> @@ -118,24 +79,36 @@ is for the &YOCTO_DOC_VERSION; release of the Yocto Project. To be sure you have the latest version of the manual - for this release, use the manual from the - <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>. + for this release, go to the + <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> + and select the manual from that site. + Manuals from the site are more up-to-date than manuals + derived from the Yocto Project released TAR files. </para></listitem> <listitem><para> - For manuals associated with other releases of the Yocto - Project, go to the + If you located this manual through a web search, the + version of the manual might not be the one you want + (e.g. the search might have returned a manual much + older than the Yocto Project version with which you + are working). + You can see all Yocto Project major releases by + visiting the + <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink> + page. + If you need a version of this manual for a different + Yocto Project release, visit the <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> - and use the drop-down "Active Releases" button - and choose the manual associated with the desired - Yocto Project. + and select the manual set by using the + "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE" + pull-down menus. </para></listitem> <listitem><para> - To report any inaccuracies or problems with this - manual, send an email to the Yocto Project - discussion group at - <filename>yocto@yoctoproject.com</filename> or log into - the freenode <filename>#yocto</filename> channel. - </para></listitem> + To report any inaccuracies or problems with this + manual, send an email to the Yocto Project + discussion group at + <filename>yocto@yoctoproject.com</filename> or log into + the freenode <filename>#yocto</filename> channel. + </para></listitem> </itemizedlist> </note> </legalnotice> diff --git a/documentation/ref-manual/ref-manual.xml b/documentation/ref-manual/ref-manual.xml index d4b7bee7d5..1f9dcebe1c 100644 --- a/documentation/ref-manual/ref-manual.xml +++ b/documentation/ref-manual/ref-manual.xml @@ -33,86 +33,6 @@ <revhistory> <revision> - <revnumber>4.0+git</revnumber> - <date>24 November 2010</date> - <revremark>Released with the Yocto Project 0.9 Release</revremark> - </revision> - <revision> - <revnumber>1.0</revnumber> - <date>6 April 2011</date> - <revremark>Released with the Yocto Project 1.0 Release.</revremark> - </revision> - <revision> - <revnumber>1.0.1</revnumber> - <date>23 May 2011</date> - <revremark>Released with the Yocto Project 1.0.1 Release.</revremark> - </revision> - <revision> - <revnumber>1.1</revnumber> - <date>6 October 2011</date> - <revremark>Released with the Yocto Project 1.1 Release.</revremark> - </revision> - <revision> - <revnumber>1.2</revnumber> - <date>April 2012</date> - <revremark>Released with the Yocto Project 1.2 Release.</revremark> - </revision> - <revision> - <revnumber>1.3</revnumber> - <date>October 2012</date> - <revremark>Released with the Yocto Project 1.3 Release.</revremark> - </revision> - <revision> - <revnumber>1.4</revnumber> - <date>April 2013</date> - <revremark>Released with the Yocto Project 1.4 Release.</revremark> - </revision> - <revision> - <revnumber>1.5</revnumber> - <date>October 2013</date> - <revremark>Released with the Yocto Project 1.5 Release.</revremark> - </revision> - <revision> - <revnumber>1.5.1</revnumber> - <date>January 2014</date> - <revremark>Released with the Yocto Project 1.5.1 Release.</revremark> - </revision> - <revision> - <revnumber>1.6</revnumber> - <date>April 2014</date> - <revremark>Released with the Yocto Project 1.6 Release.</revremark> - </revision> - <revision> - <revnumber>1.7</revnumber> - <date>October 2014</date> - <revremark>Released with the Yocto Project 1.7 Release.</revremark> - </revision> - <revision> - <revnumber>1.8</revnumber> - <date>April 2015</date> - <revremark>Released with the Yocto Project 1.8 Release.</revremark> - </revision> - <revision> - <revnumber>2.0</revnumber> - <date>October 2015</date> - <revremark>Released with the Yocto Project 2.0 Release.</revremark> - </revision> - <revision> - <revnumber>2.1</revnumber> - <date>April 2016</date> - <revremark>Released with the Yocto Project 2.1 Release.</revremark> - </revision> - <revision> - <revnumber>2.2</revnumber> - <date>October 2016</date> - <revremark>Released with the Yocto Project 2.2 Release.</revremark> - </revision> - <revision> - <revnumber>2.3</revnumber> - <date>May 2017</date> - <revremark>Released with the Yocto Project 2.3 Release.</revremark> - </revision> - <revision> <revnumber>2.4</revnumber> <date>October 2017</date> <revremark>Released with the Yocto Project 2.4 Release.</revremark> @@ -127,6 +47,16 @@ <date>March 2018</date> <revremark>Released with the Yocto Project 2.4.2 Release.</revremark> </revision> + <revision> + <revnumber>2.4.3</revnumber> + <date>June 2018</date> + <revremark>Released with the Yocto Project 2.4.3 Release.</revremark> + </revision> + <revision> + <revnumber>2.4.4</revnumber> + <date>&REL_MONTH_YEAR;</date> + <revremark>Released with the Yocto Project 2.4.4 Release.</revremark> + </revision> </revhistory> <copyright> @@ -139,6 +69,7 @@ Permission is granted to copy, distribute and/or modify this document under the terms of the <ulink type="http" url="http://creativecommons.org/licenses/by-sa/2.0/uk/">Creative Commons Attribution-Share Alike 2.0 UK: England & Wales</ulink> as published by Creative Commons. </para> + <note><title>Manual Notes</title> <itemizedlist> <listitem><para> @@ -147,24 +78,36 @@ is for the &YOCTO_DOC_VERSION; release of the Yocto Project. To be sure you have the latest version of the manual - for this release, use the manual from the - <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>. + for this release, go to the + <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> + and select the manual from that site. + Manuals from the site are more up-to-date than manuals + derived from the Yocto Project released TAR files. </para></listitem> <listitem><para> - For manuals associated with other releases of the Yocto - Project, go to the + If you located this manual through a web search, the + version of the manual might not be the one you want + (e.g. the search might have returned a manual much + older than the Yocto Project version with which you + are working). + You can see all Yocto Project major releases by + visiting the + <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink> + page. + If you need a version of this manual for a different + Yocto Project release, visit the <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> - and use the drop-down "Active Releases" button - and choose the manual associated with the desired - Yocto Project. + and select the manual set by using the + "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE" + pull-down menus. </para></listitem> <listitem><para> - To report any inaccuracies or problems with this - manual, send an email to the Yocto Project - discussion group at - <filename>yocto@yoctoproject.com</filename> or log into - the freenode <filename>#yocto</filename> channel. - </para></listitem> + To report any inaccuracies or problems with this + manual, send an email to the Yocto Project + discussion group at + <filename>yocto@yoctoproject.com</filename> or log into + the freenode <filename>#yocto</filename> channel. + </para></listitem> </itemizedlist> </note> </legalnotice> diff --git a/documentation/ref-manual/ref-variables.xml b/documentation/ref-manual/ref-variables.xml index 2b0172317d..506ee90d25 100644 --- a/documentation/ref-manual/ref-variables.xml +++ b/documentation/ref-manual/ref-variables.xml @@ -12527,8 +12527,8 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3" </para> <para> - In this example, <filename>intone</filename> depends on - <filename>mplayer2</filename>. + In the previous example, <filename>intone</filename> + depends on <filename>mplayer2</filename>. </para> <para> diff --git a/documentation/sdk-manual/sdk-manual.xml b/documentation/sdk-manual/sdk-manual.xml index 7fc0472cd7..42b171ab99 100644 --- a/documentation/sdk-manual/sdk-manual.xml +++ b/documentation/sdk-manual/sdk-manual.xml @@ -32,21 +32,6 @@ <revhistory> <revision> - <revnumber>2.1</revnumber> - <date>April 2016</date> - <revremark>Released with the Yocto Project 2.1 Release.</revremark> - </revision> - <revision> - <revnumber>2.2</revnumber> - <date>October 2016</date> - <revremark>Released with the Yocto Project 2.2 Release.</revremark> - </revision> - <revision> - <revnumber>2.3</revnumber> - <date>May 2017</date> - <revremark>Released with the Yocto Project 2.3 Release.</revremark> - </revision> - <revision> <revnumber>2.4</revnumber> <date>October 2017</date> <revremark>Released with the Yocto Project 2.4 Release.</revremark> @@ -61,6 +46,16 @@ <date>March 2018</date> <revremark>Released with the Yocto Project 2.4.2 Release.</revremark> </revision> + <revision> + <revnumber>2.4.3</revnumber> + <date>June 2018</date> + <revremark>Released with the Yocto Project 2.4.3 Release.</revremark> + </revision> + <revision> + <revnumber>2.4.4</revnumber> + <date>&REL_MONTH_YEAR;</date> + <revremark>Released with the Yocto Project 2.4.4 Release.</revremark> + </revision> </revhistory> <copyright> @@ -73,6 +68,7 @@ Permission is granted to copy, distribute and/or modify this document under the terms of the <ulink type="http" url="http://creativecommons.org/licenses/by-sa/2.0/uk/">Creative Commons Attribution-Share Alike 2.0 UK: England & Wales</ulink> as published by Creative Commons. </para> + <note><title>Manual Notes</title> <itemizedlist> <listitem><para> @@ -81,24 +77,36 @@ manual is for the &YOCTO_DOC_VERSION; release of the Yocto Project. To be sure you have the latest version of the manual - for this release, use the manual from the - <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>. + for this release, go to the + <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> + and select the manual from that site. + Manuals from the site are more up-to-date than manuals + derived from the Yocto Project released TAR files. </para></listitem> <listitem><para> - For manuals associated with other releases of the Yocto - Project, go to the + If you located this manual through a web search, the + version of the manual might not be the one you want + (e.g. the search might have returned a manual much + older than the Yocto Project version with which you + are working). + You can see all Yocto Project major releases by + visiting the + <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink> + page. + If you need a version of this manual for a different + Yocto Project release, visit the <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> - and use the drop-down "Active Releases" button - and choose the manual associated with the desired - Yocto Project. + and select the manual set by using the + "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE" + pull-down menus. </para></listitem> <listitem><para> - To report any inaccuracies or problems with this - manual, send an email to the Yocto Project - discussion group at - <filename>yocto@yoctoproject.com</filename> or log into - the freenode <filename>#yocto</filename> channel. - </para></listitem> + To report any inaccuracies or problems with this + manual, send an email to the Yocto Project + discussion group at + <filename>yocto@yoctoproject.com</filename> or log into + the freenode <filename>#yocto</filename> channel. + </para></listitem> </itemizedlist> </note> diff --git a/documentation/toaster-manual/toaster-manual.xml b/documentation/toaster-manual/toaster-manual.xml index 5a1b60e58c..fc30f7d230 100644 --- a/documentation/toaster-manual/toaster-manual.xml +++ b/documentation/toaster-manual/toaster-manual.xml @@ -32,31 +32,6 @@ <revhistory> <revision> - <revnumber>1.8</revnumber> - <date>April 2015</date> - <revremark>Released with the Yocto Project 1.8 Release.</revremark> - </revision> - <revision> - <revnumber>2.0</revnumber> - <date>October 2015</date> - <revremark>Released with the Yocto Project 2.0 Release.</revremark> - </revision> - <revision> - <revnumber>2.1</revnumber> - <date>April 2016</date> - <revremark>Released with the Yocto Project 2.1 Release.</revremark> - </revision> - <revision> - <revnumber>2.2</revnumber> - <date>October 2016</date> - <revremark>Released with the Yocto Project 2.2 Release.</revremark> - </revision> - <revision> - <revnumber>2.3</revnumber> - <date>May 2017</date> - <revremark>Released with the Yocto Project 2.3 Release.</revremark> - </revision> - <revision> <revnumber>2.4</revnumber> <date>October 2017</date> <revremark>Released with the Yocto Project 2.4 Release.</revremark> @@ -71,6 +46,16 @@ <date>March 2018</date> <revremark>Released with the Yocto Project 2.4.2 Release.</revremark> </revision> + <revision> + <revnumber>2.4.3</revnumber> + <date>June 2018</date> + <revremark>Released with the Yocto Project 2.4.3 Release.</revremark> + </revision> + <revision> + <revnumber>2.4.4</revnumber> + <date>&REL_MONTH_YEAR;</date> + <revremark>Released with the Yocto Project 2.4.4 Release.</revremark> + </revision> </revhistory> <copyright> @@ -91,24 +76,36 @@ is for the &YOCTO_DOC_VERSION; release of the Yocto Project. To be sure you have the latest version of the manual - for this release, use the manual from the - <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>. + for this release, go to the + <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> + and select the manual from that site. + Manuals from the site are more up-to-date than manuals + derived from the Yocto Project released TAR files. </para></listitem> <listitem><para> - For manuals associated with other releases of the Yocto - Project, go to the + If you located this manual through a web search, the + version of the manual might not be the one you want + (e.g. the search might have returned a manual much + older than the Yocto Project version with which you + are working). + You can see all Yocto Project major releases by + visiting the + <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink> + page. + If you need a version of this manual for a different + Yocto Project release, visit the <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> - and use the drop-down "Active Releases" button - and choose the manual associated with the desired - Yocto Project. + and select the manual set by using the + "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE" + pull-down menus. </para></listitem> <listitem><para> - To report any inaccuracies or problems with this - manual, send an email to the Yocto Project - discussion group at - <filename>yocto@yoctoproject.com</filename> or log into - the freenode <filename>#yocto</filename> channel. - </para></listitem> + To report any inaccuracies or problems with this + manual, send an email to the Yocto Project + discussion group at + <filename>yocto@yoctoproject.com</filename> or log into + the freenode <filename>#yocto</filename> channel. + </para></listitem> </itemizedlist> </note> diff --git a/documentation/tools/mega-manual.sed b/documentation/tools/mega-manual.sed index ae2800c2b7..30bfeada0a 100644 --- a/documentation/tools/mega-manual.sed +++ b/documentation/tools/mega-manual.sed @@ -2,32 +2,32 @@ # This style is for manual folders like "yocto-project-qs" and "poky-ref-manual". # This is the old way that did it. Can't do that now that we have "bitbake-user-manual" strings # in the mega-manual. -# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g -s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g -s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/poky-ref-manual\/poky-ref-manual.html#/\"link\" href=\"#/g +# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g +s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g +s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/poky-ref-manual\/poky-ref-manual.html#/\"link\" href=\"#/g # Processes all other manuals (<word>-<word> style) except for the BitBake User Manual because # it is not included in the mega-manual. # This style is for manual folders that use two word, which is the standard now (e.g. "ref-manual"). # This was the one-liner that worked before we introduced the BitBake User Manual, which is # not in the mega-manual. -# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g +# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g -s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/sdk-manual\/sdk-manual.html#/\"link\" href=\"#/g -s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/bsp-guide\/bsp-guide.html#/\"link\" href=\"#/g -s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/dev-manual\/dev-manual.html#/\"link\" href=\"#/g -s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/kernel-dev\/kernel-dev.html#/\"link\" href=\"#/g -s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/profile-manual\/profile-manual.html#/\"link\" href=\"#/g -s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/ref-manual\/ref-manual.html#/\"link\" href=\"#/g -s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/toaster-manual\/toaster-manual.html#/\"link\" href=\"#/g -s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g +s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/sdk-manual\/sdk-manual.html#/\"link\" href=\"#/g +s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/bsp-guide\/bsp-guide.html#/\"link\" href=\"#/g +s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/dev-manual\/dev-manual.html#/\"link\" href=\"#/g +s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/kernel-dev\/kernel-dev.html#/\"link\" href=\"#/g +s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/profile-manual\/profile-manual.html#/\"link\" href=\"#/g +s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/ref-manual\/ref-manual.html#/\"link\" href=\"#/g +s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/toaster-manual\/toaster-manual.html#/\"link\" href=\"#/g +s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g # Process cases where just an external manual is referenced without an id anchor -s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g -s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Tasks Manual<\/a>/Yocto Project Development Tasks Manual/g -s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/sdk-manual\/sdk-manual.html\" target=\"_top\">Yocto Project Application Development and the Extensible Software Development Kit (eSDK)<\/a>/Yocto Project Application Development and the Extensible Software Development Kit (eSDK)/g -s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g -s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g -s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g -s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g -s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/toaster-manual\/toaster-manual.html\" target=\"_top\">Toaster User Manual<\/a>/Toaster User Manual/g +s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g +s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Tasks Manual<\/a>/Yocto Project Development Tasks Manual/g +s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/sdk-manual\/sdk-manual.html\" target=\"_top\">Yocto Project Application Development and the Extensible Software Development Kit (eSDK)<\/a>/Yocto Project Application Development and the Extensible Software Development Kit (eSDK)/g +s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g +s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g +s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g +s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g +s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/toaster-manual\/toaster-manual.html\" target=\"_top\">Toaster User Manual<\/a>/Toaster User Manual/g diff --git a/documentation/yocto-project-qs/yocto-project-qs.xml b/documentation/yocto-project-qs/yocto-project-qs.xml index e6dae7ffe3..4ea918058f 100644 --- a/documentation/yocto-project-qs/yocto-project-qs.xml +++ b/documentation/yocto-project-qs/yocto-project-qs.xml @@ -16,34 +16,48 @@ Permission is granted to copy, distribute and/or modify this document under the terms of the <ulink type="http" url="http://creativecommons.org/licenses/by-sa/2.0/uk/">Creative Commons Attribution-Share Alike 2.0 UK: England & Wales</ulink> as published by Creative Commons. </para> - <note><title>Manual Notes</title> - <itemizedlist> - <listitem><para> - This version of the - <emphasis>Yocto Project Quick Start</emphasis> - is for the &YOCTO_DOC_VERSION; release of the - Yocto Project. - To be sure you have the latest version of the manual - for this release, use the manual from the - <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>. - </para></listitem> - <listitem><para> - For manuals associated with other releases of the Yocto - Project, go to the - <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> - and use the drop-down "Active Releases" button - and choose the manual associated with the desired - Yocto Project. - </para></listitem> - <listitem><para> + + <note><title>Manual Notes</title> + <itemizedlist> + <listitem><para> + This version of the + <emphasis>Yocto Project Quick Start</emphasis> + is for the &YOCTO_DOC_VERSION; release of the + Yocto Project. + To be sure you have the latest version of the manual + for this release, go to the + <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> + and select the manual from that site. + Manuals from the site are more up-to-date than manuals + derived from the Yocto Project released TAR files. + </para></listitem> + <listitem><para> + If you located this manual through a web search, the + version of the manual might not be the one you want + (e.g. the search might have returned a manual much + older than the Yocto Project version with which you + are working). + You can see all Yocto Project major releases by + visiting the + <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink> + page. + If you need a version of this manual for a different + Yocto Project release, visit the + <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink> + and select the manual set by using the + "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE" + pull-down menus. + </para></listitem> + <listitem><para> To report any inaccuracies or problems with this manual, send an email to the Yocto Project discussion group at <filename>yocto@yoctoproject.com</filename> or log into the freenode <filename>#yocto</filename> channel. </para></listitem> - </itemizedlist> - </note> + </itemizedlist> + </note> + </legalnotice> <abstract> diff --git a/meta-poky/conf/distro/poky.conf b/meta-poky/conf/distro/poky.conf index 9bd9ee58c4..a2c3b2edd8 100644 --- a/meta-poky/conf/distro/poky.conf +++ b/meta-poky/conf/distro/poky.conf @@ -1,6 +1,6 @@ DISTRO = "poky" DISTRO_NAME = "Poky (Yocto Project Reference Distro)" -DISTRO_VERSION = "2.4.3" +DISTRO_VERSION = "2.4.4" DISTRO_CODENAME = "rocko" SDK_VENDOR = "-pokysdk" SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}" diff --git a/meta-yocto-bsp/lib/oeqa/selftest/cases/systemd_boot.py b/meta-yocto-bsp/lib/oeqa/selftest/cases/systemd_boot.py index dd5eeec163..26c775c09e 100644 --- a/meta-yocto-bsp/lib/oeqa/selftest/cases/systemd_boot.py +++ b/meta-yocto-bsp/lib/oeqa/selftest/cases/systemd_boot.py @@ -44,7 +44,7 @@ class Systemdboot(OESelftestTestCase): # Ensure we're actually testing that this gets built and not that # it was around from an earlier build - bitbake('-c cleansstate systemd-boot') + bitbake('-c clean systemd-boot') runCmd('rm -f %s' % systemdbootfile) self._common_build() diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass index bd0d6e3ca6..3014767b8a 100644 --- a/meta/classes/base.bbclass +++ b/meta/classes/base.bbclass @@ -100,8 +100,8 @@ def get_lic_checksum_file_list(d): # We only care about items that are absolute paths since # any others should be covered by SRC_URI. try: - path = bb.fetch.decodeurl(url)[2] - if not path: + (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url) + if method != "file" or not path: raise bb.fetch.MalformedUrl(url) if path[0] == '/': diff --git a/meta/classes/clutter.bbclass b/meta/classes/clutter.bbclass index 167407dfdc..f5cd04f97f 100644 --- a/meta/classes/clutter.bbclass +++ b/meta/classes/clutter.bbclass @@ -14,7 +14,7 @@ REALNAME = "${@get_real_name("${BPN}")}" CLUTTER_SRC_FTP = "${GNOME_MIRROR}/${REALNAME}/${VERMINOR}/${REALNAME}-${PV}.tar.xz;name=archive" -CLUTTER_SRC_GIT = "git://git.gnome.org/${REALNAME}" +CLUTTER_SRC_GIT = "git://gitlab.gnome.org/GNOME/${REALNAME};protocol=https" SRC_URI = "${CLUTTER_SRC_FTP}" S = "${WORKDIR}/${REALNAME}-${PV}" diff --git a/meta/classes/license.bbclass b/meta/classes/license.bbclass index d353110464..5103ed8533 100644 --- a/meta/classes/license.bbclass +++ b/meta/classes/license.bbclass @@ -226,9 +226,7 @@ def get_deployed_dependencies(d): # The manifest file name contains the arch. Because we are not running # in the recipe context it is necessary to check every arch used. sstate_manifest_dir = d.getVar("SSTATE_MANIFESTS") - sstate_archs = d.getVar("SSTATE_ARCHS") - extra_archs = d.getVar("PACKAGE_EXTRA_ARCHS") - archs = list(set(("%s %s" % (sstate_archs, extra_archs)).split())) + archs = list(set(d.getVar("SSTATE_ARCHS").split())) for dep in depends: # Some recipes have an arch on their own, so we try that first. special_arch = d.getVar("PACKAGE_ARCH_pn-%s" % dep) @@ -336,7 +334,7 @@ def add_package_and_files(d): files = d.getVar('LICENSE_FILES_DIRECTORY') pn = d.getVar('PN') pn_lic = "%s%s" % (pn, d.getVar('LICENSE_PACKAGE_SUFFIX', False)) - if pn_lic in packages: + if pn_lic in packages.split(): bb.warn("%s package already existed in %s." % (pn_lic, pn)) else: # first in PACKAGES to be sure that nothing else gets LICENSE_FILES_DIRECTORY @@ -482,7 +480,9 @@ def find_license_files(d): for url in lic_files.split(): try: - (type, host, path, user, pswd, parm) = bb.fetch.decodeurl(url) + (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url) + if method != "file" or not path: + raise bb.fetch.MalformedUrl() except bb.fetch.MalformedUrl: bb.fatal("%s: LIC_FILES_CHKSUM contains an invalid URL: %s" % (d.getVar('PF'), url)) # We want the license filename and path diff --git a/meta/classes/mirrors.bbclass b/meta/classes/mirrors.bbclass index b331afc5d0..87bba41472 100644 --- a/meta/classes/mirrors.bbclass +++ b/meta/classes/mirrors.bbclass @@ -1,4 +1,5 @@ MIRRORS += "\ +${DEBIAN_MIRROR} http://snapshot.debian.org/archive/debian/20180310T215105Z/pool \n \ ${DEBIAN_MIRROR} http://snapshot.debian.org/archive/debian-archive/20120328T092752Z/debian/pool \n \ ${DEBIAN_MIRROR} http://snapshot.debian.org/archive/debian-archive/20110127T084257Z/debian/pool \n \ ${DEBIAN_MIRROR} http://snapshot.debian.org/archive/debian-archive/20090802T004153Z/debian/pool \n \ @@ -68,7 +69,7 @@ ${CPAN_MIRROR} http://search.cpan.org/CPAN/ \n \ MIRRORS += "\ git://salsa.debian.org/.* git://salsa.debian.org/PATH;protocol=https \n \ -git://git.gnome.org/.* git://git.gnome.org/browse/PATH;protocol=https \n \ +git://git.gnome.org/.* git://gitlab.gnome.org/GNOME/PATH;protocol=https \n \ git://git.savannah.gnu.org/.* git://git.savannah.gnu.org/git/PATH;protocol=https \n \ git://git.yoctoproject.org/.* git://git.yoctoproject.org/git/PATH;protocol=https \n \ git://.*/.* git://HOST/PATH;protocol=https \n \ diff --git a/meta/classes/module-base.bbclass b/meta/classes/module-base.bbclass index 6fe77c01b7..c1fa3ad1c1 100644 --- a/meta/classes/module-base.bbclass +++ b/meta/classes/module-base.bbclass @@ -12,6 +12,8 @@ export CROSS_COMPILE = "${TARGET_PREFIX}" # we didn't pick the name. export KBUILD_OUTPUT = "${STAGING_KERNEL_BUILDDIR}" +DEPENDS += "bc-native" + export KERNEL_VERSION = "${@base_read_file('${STAGING_KERNEL_BUILDDIR}/kernel-abiversion')}" KERNEL_OBJECT_SUFFIX = ".ko" @@ -23,5 +25,6 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" do_make_scripts() { unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS make CC="${KERNEL_CC}" LD="${KERNEL_LD}" AR="${KERNEL_AR}" \ - -C ${STAGING_KERNEL_DIR} O=${STAGING_KERNEL_BUILDDIR} scripts + HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCPP="${BUILD_CPP}" \ + -C ${STAGING_KERNEL_DIR} O=${STAGING_KERNEL_BUILDDIR} scripts prepare } diff --git a/meta/classes/module.bbclass b/meta/classes/module.bbclass index 78d1b21dbd..282900dc6d 100644 --- a/meta/classes/module.bbclass +++ b/meta/classes/module.bbclass @@ -2,7 +2,7 @@ inherit module-base kernel-module-split pkgconfig addtask make_scripts after do_prepare_recipe_sysroot before do_configure do_make_scripts[lockfiles] = "${TMPDIR}/kernel-scripts.lock" -do_make_scripts[depends] += "virtual/kernel:do_shared_workdir" +do_make_scripts[depends] += "virtual/kernel:do_shared_workdir openssl-native:do_populate_sysroot" EXTRA_OEMAKE += "KERNEL_SRC=${STAGING_KERNEL_DIR}" diff --git a/meta/classes/toolchain-scripts.bbclass b/meta/classes/toolchain-scripts.bbclass index 9bcfe708c7..c9a04dd1d9 100644 --- a/meta/classes/toolchain-scripts.bbclass +++ b/meta/classes/toolchain-scripts.bbclass @@ -62,7 +62,8 @@ toolchain_create_tree_env_script () { script=${TMPDIR}/environment-setup-${REAL_MULTIMACH_TARGET_SYS} rm -f $script touch $script - echo 'export PATH=${STAGING_DIR_NATIVE}/usr/bin:${PATH}' >> $script + echo ". ${COREBASE}/oe-init-build-env ${TOPDIR}" >> $script + echo 'export PATH=${STAGING_DIR_NATIVE}/usr/bin:${STAGING_BINDIR_TOOLCHAIN}:$PATH' >> $script echo 'export PKG_CONFIG_SYSROOT_DIR=${PKG_CONFIG_SYSROOT_DIR}' >> $script echo 'export PKG_CONFIG_PATH=${PKG_CONFIG_PATH}' >> $script echo 'export CONFIG_SITE="${@siteinfo_get_files(d)}"' >> $script diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index e5dc1ac2f7..d4754dd5bf 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -620,7 +620,7 @@ BBLAYERS_FETCH_DIR ??= "${COREBASE}" APACHE_MIRROR = "http://archive.apache.org/dist" DEBIAN_MIRROR = "http://ftp.debian.org/debian/pool" GENTOO_MIRROR = "http://distfiles.gentoo.org/distfiles" -GNOME_GIT = "git://git.gnome.org" +GNOME_GIT = "git://gitlab.gnome.org/GNOME" GNOME_MIRROR = "http://ftp.gnome.org/pub/GNOME/sources" GNU_MIRROR = "http://ftp.gnu.org/gnu" GNUPG_MIRROR = "https://www.gnupg.org/ftp/gcrypt" diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc index a8e82cb5d7..c5b0556cf8 100644 --- a/meta/conf/distro/include/yocto-uninative.inc +++ b/meta/conf/distro/include/yocto-uninative.inc @@ -6,8 +6,9 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.27" +UNINATIVE_MAXGLIBCVERSION = "2.28" + +UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.3/" +UNINATIVE_CHECKSUM[i686] ?= "44253cddbf629082568cea4fff59419106871a0cf81b4845b5d34e7014887b20" +UNINATIVE_CHECKSUM[x86_64] ?= "c6954563dad3c95608117c6fc328099036c832bbd924ebf5fdccb622fc0a8684" -UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/1.9/" -UNINATIVE_CHECKSUM[i686] ?= "83a4f927da81d9889ef0cbe5c12cb782e21c6cc11e6155600b94ff0c99576dce" -UNINATIVE_CHECKSUM[x86_64] ?= "c26622a1f27dbf5b25de986b11584b5c5b2f322d9eb367f705a744f58a5561ec" diff --git a/meta/files/common-licenses/BSD-1-Clause b/meta/files/common-licenses/BSD-1-Clause new file mode 100644 index 0000000000..ded889768f --- /dev/null +++ b/meta/files/common-licenses/BSD-1-Clause @@ -0,0 +1,9 @@ + +Copyright (c) <YEAR>, <OWNER> +All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +THIS SOFTWARE IS PROVIDED BY Berkeley Software Design, Inc. "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL Berkeley Software Design, Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + diff --git a/meta/lib/oeqa/runtime/cases/kernelmodule.py b/meta/lib/oeqa/runtime/cases/kernelmodule.py index 11ad7b7f01..de1a5aa445 100644 --- a/meta/lib/oeqa/runtime/cases/kernelmodule.py +++ b/meta/lib/oeqa/runtime/cases/kernelmodule.py @@ -28,7 +28,7 @@ class KernelModuleTest(OERuntimeTestCase): @OETestDepends(['gcc.GccCompileTest.test_gcc_compile']) def test_kernel_module(self): cmds = [ - 'cd /usr/src/kernel && make scripts', + 'cd /usr/src/kernel && make scripts prepare', 'cd /tmp && make', 'cd /tmp && insmod hellomod.ko', 'lsmod | grep hellomod', diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index dbc578e2d8..57f521a6c4 100644 --- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -7,7 +7,8 @@ SRCREV = "befcbbc9867e742ac16415660b0b7521218a530c" PV = "20170310" PE = "1" -SRC_URI = "git://git.gnome.org/mobile-broadband-provider-info" +SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info;protocol=https" + S = "${WORKDIR}/git" inherit autotools diff --git a/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb b/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb index 2782bd95c4..0ba6c8d835 100644 --- a/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb +++ b/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb @@ -1,6 +1,6 @@ SUMMARY = "GLib networking extensions" DESCRIPTION = "glib-networking contains the implementations of certain GLib networking features that cannot be implemented directly in GLib itself because of their dependencies." -HOMEPAGE = "http://git.gnome.org/browse/glib-networking/" +HOMEPAGE = "https://gitlab.gnome.org/GNOME/glib-networking/" BUGTRACKER = "http://bugzilla.gnome.org" LICENSE = "LGPLv2" diff --git a/meta/recipes-core/glibc/glibc_2.26.bb b/meta/recipes-core/glibc/glibc_2.26.bb index 9d1e636bbc..a1a4022ebc 100644 --- a/meta/recipes-core/glibc/glibc_2.26.bb +++ b/meta/recipes-core/glibc/glibc_2.26.bb @@ -1,13 +1,13 @@ require glibc.inc -LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \ +LIC_FILES_CHKSUM = "file://LICENSES;md5=ebc14508894997e6daaad1b8ffd53a15\ file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \ file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" DEPENDS += "gperf-native bison-native" -SRCREV ?= "d300041c533a3d837c9f37a099bcc95466860e98" +SRCREV ?= "c9570bd2f54abb68e4e3c767aca3a54e05d2c7f6" SRCBRANCH ?= "release/${PV}/master" diff --git a/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb b/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb index 5654528ae8..e9f3a2aee9 100644 --- a/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb +++ b/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb @@ -6,7 +6,7 @@ the file /etc/network/interfaces." LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" -SRC_URI = "git://anonscm.debian.org/git/collab-maint/ifupdown.git \ +SRC_URI = "git://salsa.debian.org/debian/ifupdown.git;protocol=https \ file://defn2-c-man-don-t-rely-on-dpkg-architecture-to-set-a.patch \ file://inet-6-.defn-fix-inverted-checks-for-loopback.patch \ file://99_network \ diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb index bd441aef62..b24d2cd651 100644 --- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -22,7 +22,7 @@ IMAGE_FSTYPES = "wic.vmdk" inherit core-image module-base setuptools3 -SRCREV ?= "a9588646fcec17e53199e1ea7e7b8dccf140817e" +SRCREV ?= "30c10a3d8bd9bcd909cc1600894815c2fd5400a2" SRC_URI = "git://git.yoctoproject.org/poky;branch=rocko \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ diff --git a/meta/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch b/meta/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch new file mode 100644 index 0000000000..51a9e1935f --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch @@ -0,0 +1,21 @@ +Make sure that Makefile doesn't try to compile these tests again +on the target where the source dependencies won't be available. + +Upstream-Status: Inappropriate [cross-compile specific] + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +Index: libxml2-2.9.7/Makefile.am +=================================================================== +--- libxml2-2.9.7.orig/Makefile.am ++++ libxml2-2.9.7/Makefile.am +@@ -211,8 +211,7 @@ install-ptest: + sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile + $(MAKE) -C python install-ptest + +-runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \ +- testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT) ++runtests: + [ -d test ] || $(LN_S) $(srcdir)/test . + [ -d result ] || $(LN_S) $(srcdir)/result . + $(CHECKER) ./runtest$(EXEEXT) && \ diff --git a/meta/recipes-core/libxml/libxml2_2.9.5.bb b/meta/recipes-core/libxml/libxml2_2.9.5.bb index df060d7266..27e1a8e7b1 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.5.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.5.bb @@ -20,6 +20,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \ file://python-sitepackages-dir.patch \ file://libxml-m4-use-pkgconfig.patch \ file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \ + file://fix-execution-of-ptests.patch \ " SRC_URI[libtar.md5sum] = "5ce0da9bdaa267b40c4ca36d35363b8b" diff --git a/meta/recipes-core/os-release/os-release.bb b/meta/recipes-core/os-release/os-release.bb index f988704756..7f3d9cba00 100644 --- a/meta/recipes-core/os-release/os-release.bb +++ b/meta/recipes-core/os-release/os-release.bb @@ -1,7 +1,7 @@ inherit allarch SUMMARY = "Operating system identification" -DESCRIPTION = "The /etc/os-release file contains operating system identification data." +DESCRIPTION = "The /usr/lib/os-release file contains operating system identification data." LICENSE = "MIT" INHIBIT_DEFAULT_DEPS = "1" @@ -42,6 +42,9 @@ python do_compile () { do_compile[vardeps] += "${OS_RELEASE_FIELDS}" do_install () { - install -d ${D}${sysconfdir} - install -m 0644 os-release ${D}${sysconfdir}/ + install -d ${D}${nonarch_libdir} ${D}${sysconfdir} + install -m 0644 os-release ${D}${nonarch_libdir}/ + lnr ${D}${nonarch_libdir}/os-release ${D}${sysconfdir}/os-release } + +FILES_${PN} += "${nonarch_libdir}/os-release" diff --git a/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch b/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch new file mode 100644 index 0000000000..342fcc6231 --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch @@ -0,0 +1,71 @@ +From 9fce4bab014b9aa618060eba13d6dd04b0fa1b70 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek <lersek@redhat.com> +Date: Fri, 2 Mar 2018 17:11:52 +0100 +Subject: [PATCH 1/4] BaseTools/header.makefile: add "-Wno-stringop-truncation" + +gcc-8 (which is part of Fedora 28) enables the new warning +"-Wstringop-truncation" in "-Wall". This warning is documented in detail +at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the +introduction says + +> Warn for calls to bounded string manipulation functions such as strncat, +> strncpy, and stpncpy that may either truncate the copied string or leave +> the destination unchanged. + +It breaks the BaseTools build with: + +> EfiUtilityMsgs.c: In function 'PrintMessage': +> EfiUtilityMsgs.c:484:9: error: 'strncat' output may be truncated copying +> between 0 and 511 bytes from a string of length 511 +> [-Werror=stringop-truncation] +> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> EfiUtilityMsgs.c:469:9: error: 'strncat' output may be truncated copying +> between 0 and 511 bytes from a string of length 511 +> [-Werror=stringop-truncation] +> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> EfiUtilityMsgs.c:511:5: error: 'strncat' output may be truncated copying +> between 0 and 511 bytes from a string of length 511 +> [-Werror=stringop-truncation] +> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The right way to fix the warning would be to implement string concat with +snprintf(). However, Microsoft does not appear to support snprintf() +before VS2015 +<https://stackoverflow.com/questions/2915672/snprintf-and-visual-studio-2010>, +so we just have to shut up the warning. The strncat() calls flagged above +are valid BTW. + +Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Cc: Cole Robinson <crobinso@redhat.com> +Cc: Liming Gao <liming.gao@intel.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: Yonghong Zhu <yonghong.zhu@intel.com> +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Liming Gao <liming.gao@intel.com> +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport + + BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: git/BaseTools/Source/C/Makefiles/header.makefile +=================================================================== +--- git.orig/BaseTools/Source/C/Makefiles/header.makefile ++++ git/BaseTools/Source/C/Makefiles/header.makefile +@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) + BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
+ endif
+ BUILD_LFLAGS = $(LDFLAGS)
+ BUILD_CXXFLAGS += -Wno-unused-result
diff --git a/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch new file mode 100644 index 0000000000..a076665c33 --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch @@ -0,0 +1,102 @@ +From 86dbdac5a25bd23deb4a0e0a97b527407e02184d Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek <lersek@redhat.com> +Date: Fri, 2 Mar 2018 17:11:52 +0100 +Subject: [PATCH 2/4] BaseTools/header.makefile: add "-Wno-restrict" + +gcc-8 (which is part of Fedora 28) enables the new warning +"-Wrestrict" in "-Wall". This warning is documented in detail +at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the +introduction says + +> Warn when an object referenced by a restrict-qualified parameter (or, in +> C++, a __restrict-qualified parameter) is aliased by another argument, +> or when copies between such objects overlap. + +It breaks the BaseTools build (in the Brotli compression library) with: + +> In function 'ProcessCommandsInternal', +> inlined from 'ProcessCommands' at dec/decode.c:1828:10: +> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631 +> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at +> offset 16 [-Werror=restrict] +> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16)); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> In function 'ProcessCommandsInternal', +> inlined from 'SafeProcessCommands' at dec/decode.c:1833:10: +> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631 +> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at +> offset 16 [-Werror=restrict] +> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16)); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Paolo Bonzini <pbonzini@redhat.com> analyzed the Brotli source in detail, +and concluded that the warning is a false positive: + +> This seems safe to me, because it's preceded by: +> +> uint8_t* copy_dst = &s->ringbuffer[pos]; +> uint8_t* copy_src = &s->ringbuffer[src_start]; +> int dst_end = pos + i; +> int src_end = src_start + i; +> if (src_end > pos && dst_end > src_start) { +> /* Regions intersect. */ +> goto CommandPostWrapCopy; +> } +> +> If [src_start, src_start + i) and [pos, pos + i) don't intersect, then +> neither do [src_start + 16, src_start + i) and [pos + 16, pos + i). +> +> The if seems okay: +> +> (src_start + i > pos && pos + i > src_start) +> +> which can be rewritten to: +> +> (pos < src_start + i && src_start < pos + i) +> +> Then the numbers are in one of these two orders: +> +> pos <= src_start < pos + i <= src_start + i +> src_start <= pos < src_start + i <= pos + i +> +> These two would be allowed by the "if", but they can only happen if pos +> == src_start so they degenerate to the same two orders above: +> +> pos <= src_start < src_start + i <= pos + i +> src_start <= pos < pos + i <= src_start + i +> +> So it is a false positive in GCC. + +Disable the warning for now. + +Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Cc: Cole Robinson <crobinso@redhat.com> +Cc: Liming Gao <liming.gao@intel.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: Yonghong Zhu <yonghong.zhu@intel.com> +Reported-by: Cole Robinson <crobinso@redhat.com> +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Liming Gao <liming.gao@intel.com> +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport + BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: git/BaseTools/Source/C/Makefiles/header.makefile +=================================================================== +--- git.orig/BaseTools/Source/C/Makefiles/header.makefile ++++ git/BaseTools/Source/C/Makefiles/header.makefile +@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) + BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
+ endif
+ BUILD_LFLAGS = $(LDFLAGS)
+ BUILD_CXXFLAGS += -Wno-unused-result
diff --git a/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch b/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch new file mode 100644 index 0000000000..920723e326 --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch @@ -0,0 +1,53 @@ +From 6866325dd9c17412e555974dde41f9631224db52 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek <lersek@redhat.com> +Date: Wed, 7 Mar 2018 10:17:28 +0100 +Subject: [PATCH 3/4] BaseTools/header.makefile: revert gcc-8 "-Wno-xxx" + options on OSX + +I recently added the gcc-8 specific "-Wno-stringop-truncation" and +"-Wno-restrict" options to BUILD_CFLAGS, both for "Darwin" (XCODE5 / +clang, OSX) and otherwise (gcc, Linux / Cygwin). + +I also regression-tested the change with gcc-4.8 on Linux -- gcc-4.8 does +not know either of the (gcc-8 specific) "-Wno-stringop-truncation" and +"-Wno-restrict" options, yet the build completed fine (by GCC design). + +Regarding OSX, my expectation was that + +- XCODE5 / clang would either recognize these warnings options (because + clang does recognize most -W options of gcc), + +- or, similarly to gcc, clang would simply ignore the "-Wno-xxx" flags + that it didn't recognize. + +Neither is the case; the new flags have broken the BaseTools build on OSX. +Revert them (for OSX only). + +Cc: Liming Gao <liming.gao@intel.com> +Cc: Yonghong Zhu <yonghong.zhu@intel.com> +Reported-by: Liming Gao <liming.gao@intel.com> +Fixes: 1d212a83df0eaf32a6f5d4159beb2d77832e0231 +Fixes: 9222154ae7b3eef75ae88cdb56158256227cb929 +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Liming Gao <liming.gao@intel.com> +Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport + BaseTools/Source/C/Makefiles/header.makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: git/BaseTools/Source/C/Makefiles/header.makefile +=================================================================== +--- git.orig/BaseTools/Source/C/Makefiles/header.makefile ++++ git/BaseTools/Source/C/Makefiles/header.makefile +@@ -47,7 +47,7 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) + BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+ BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
+ endif
diff --git a/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch b/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch new file mode 100644 index 0000000000..7ad7cdf0ce --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch @@ -0,0 +1,66 @@ +From dfb42a5bff78d9239a80731e337855234badef3e Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek <lersek@redhat.com> +Date: Fri, 2 Mar 2018 17:11:52 +0100 +Subject: [PATCH 4/4] BaseTools/GenVtf: silence false "stringop-overflow" + warning with memcpy() + +gcc-8 (which is part of Fedora 28) enables the new warning +"-Wstringop-overflow" in "-Wall". This warning is documented in detail at +<https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the +introduction says + +> Warn for calls to string manipulation functions such as memcpy and +> strcpy that are determined to overflow the destination buffer. + +It breaks the BaseTools build with: + +> GenVtf.c: In function 'ConvertVersionInfo': +> GenVtf.c:132:7: error: 'strncpy' specified bound depends on the length +> of the source argument [-Werror=stringop-overflow=] +> strncpy (TemStr + 4 - Length, Str, Length); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> GenVtf.c:130:14: note: length computed here +> Length = strlen(Str); +> ^~~~~~~~~~~ + +It is a false positive because, while the bound equals the length of the +source argument, the destination pointer is moved back towards the +beginning of the destination buffer by the same amount (and this amount is +range-checked first, so we can't precede the start of the dest buffer). + +Replace both strncpy() calls with memcpy(). + +Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Cc: Cole Robinson <crobinso@redhat.com> +Cc: Liming Gao <liming.gao@intel.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: Yonghong Zhu <yonghong.zhu@intel.com> +Reported-by: Cole Robinson <crobinso@redhat.com> +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Liming Gao <liming.gao@intel.com> +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport + BaseTools/Source/C/GenVtf/GenVtf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/BaseTools/Source/C/GenVtf/GenVtf.c b/BaseTools/Source/C/GenVtf/GenVtf.c +index 2ae9a7be2c..0cd33e71e9 100644 +--- a/BaseTools/Source/C/GenVtf/GenVtf.c ++++ b/BaseTools/Source/C/GenVtf/GenVtf.c +@@ -129,9 +129,9 @@ Returns: + } else {
+ Length = strlen(Str);
+ if (Length < 4) {
+- strncpy (TemStr + 4 - Length, Str, Length);
++ memcpy (TemStr + 4 - Length, Str, Length);
+ } else {
+- strncpy (TemStr, Str + Length - 4, 4);
++ memcpy (TemStr, Str + Length - 4, 4);
+ }
+
+ sscanf (
+-- +2.17.0 + diff --git a/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch b/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch index 959b1c649c..25e5b58e70 100644 --- a/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch +++ b/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch @@ -17,4 +17,4 @@ Index: git/BaseTools/Conf/tools_def.template +DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -fno-stack-protector -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -fno-PIE -no-pie
DEFINE GCC44_X64_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables
- DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20
+ DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20 -no-pie
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index fa0d66291d..fe0850cc03 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb @@ -19,6 +19,10 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \ file://0004-ovmf-enable-long-path-file.patch \ file://VfrCompile-increase-path-length-limit.patch \ file://no-stack-protector-all-archs.patch \ + file://0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch \ + file://0002-BaseTools-header.makefile-add-Wno-restrict.patch \ + file://0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch \ + file://0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" @@ -35,7 +39,7 @@ SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6eb inherit deploy -PARALLEL_MAKE_class-native = "" +PARALLEL_MAKE = "" S = "${WORKDIR}/git" diff --git a/meta/recipes-core/systemd/systemd_234.bb b/meta/recipes-core/systemd/systemd_234.bb index 9ce27bf67a..6c248e8828 100644 --- a/meta/recipes-core/systemd/systemd_234.bb +++ b/meta/recipes-core/systemd/systemd_234.bb @@ -344,7 +344,7 @@ USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--sys USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /bin/nologin systemd-coredump;', '', d)}" USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'resolved', '--system -d / -M --shell /bin/nologin systemd-resolve;', '', d)}" USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;', '', d)}" -GROUPADD_PARAM_${PN} = "-r lock; -r systemd-journal" +GROUPADD_PARAM_${PN} = "-r systemd-journal" USERADD_PARAM_${PN}-extra-utils += "--system -d / -M --shell /bin/nologin systemd-bus-proxy;" FILES_${PN}-analyze = "${bindir}/systemd-analyze" diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index 07a72e2b5a..eccb12828e 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc @@ -18,7 +18,7 @@ BINUPV = "${@binutils_branch_version(d)}" UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)" -SRCREV ?= "90276f15379d380761fc499da2ba24cfb3c12a94" +SRCREV ?= "8efd17cb25686c51b9db6531ae2fbeb2e6ef2399" BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=binutils-${BINUPV}-branch;protocol=git" SRC_URI = "\ ${BINUTILS_GIT_URI} \ @@ -35,6 +35,48 @@ SRC_URI = "\ file://0013-fix-the-incorrect-assembling-for-ppc-wait-mnemonic.patch \ file://0014-Detect-64-bit-MIPS-targets.patch \ file://0015-sync-with-OE-libtool-changes.patch \ + file://CVE-2017-17124.patch \ + file://CVE-2017-14930.patch \ + file://CVE-2017-14932.patch \ + file://CVE-2017-14933_p1.patch \ + file://CVE-2017-14933_p2.patch \ + file://CVE-2017-14934.patch \ + file://CVE-2017-14938.patch \ + file://CVE-2017-14939.patch \ + file://CVE-2017-14940.patch \ + file://CVE-2017-15021.patch \ + file://CVE-2017-15022.patch \ + file://CVE-2017-15023.patch \ + file://CVE-2017-15024.patch \ + file://CVE-2017-15025.patch \ + file://CVE-2017-15225.patch \ + file://CVE-2017-15939.patch \ + file://CVE-2017-15996.patch \ + file://CVE-2017-16826.patch \ + file://CVE-2017-16827.patch \ + file://CVE-2017-16828_p1.patch \ + file://CVE-2017-16828_p2.patch \ + file://CVE-2017-16829.patch \ + file://CVE-2017-16830.patch \ + file://CVE-2017-16831.patch \ + file://CVE-2017-16832.patch \ + file://CVE-2017-17080.patch \ + file://CVE-2017-17121.patch \ + file://CVE-2017-17122.patch \ + file://CVE-2017-17125.patch \ + file://CVE-2017-17123.patch \ + file://CVE-2018-10372.patch \ + file://CVE-2018-10373.patch \ + file://CVE-2018-10534.patch \ + file://CVE-2018-10535.patch \ + file://CVE-2018-13033.patch \ + file://CVE-2018-6323.patch \ + file://CVE-2018-6759.patch \ + file://CVE-2018-7208.patch \ + file://CVE-2018-7568_p1.patch \ + file://CVE-2018-7568_p2.patch \ + file://CVE-2018-7569.patch \ + file://CVE-2018-7642.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14930.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14930.patch new file mode 100644 index 0000000000..bbd267a959 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14930.patch @@ -0,0 +1,53 @@ +From a26a013f22a19e2c16729e64f40ef8a7dfcc086e Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 17:10:14 +0930 +Subject: [PATCH] PR22191, memory leak in dwarf2.c + +table->sequences is a linked list before it is replaced by a bfd_alloc +array in sort_line_sequences. + + PR 22191 + * dwarf2.c (decode_line_info): Properly free line sequences on error. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14930 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/dwarf2.c | 8 ++++++-- + 2 files changed, 11 insertions(+), 2 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -2473,8 +2473,12 @@ decode_line_info (struct comp_unit *unit + return table; + + fail: +- if (table->sequences != NULL) +- free (table->sequences); ++ while (table->sequences != NULL) ++ { ++ struct line_sequence* seq = table->sequences; ++ table->sequences = table->sequences->prev_sequence; ++ free (seq); ++ } + if (table->files != NULL) + free (table->files); + if (table->dirs != NULL) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,8 @@ ++2017-09-24 Alan Modra <amodra@gmail.com> ++ ++ PR 22191 ++ * dwarf2.c (decode_line_info): Properly free line sequences on error. ++ + 2017-11-28 Nick Clifton <nickc@redhat.com> + + PR 22507 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14932.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14932.patch new file mode 100644 index 0000000000..a436031dc2 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14932.patch @@ -0,0 +1,46 @@ +From e338894dc2e603683bed2172e8e9f25b29051005 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 26 Sep 2017 09:32:18 +0930 +Subject: [PATCH] PR22204, Lack of DW_LNE_end_sequence causes "infinite" loop + + PR 22204 + * dwarf2.c (decode_line_info): Ensure line_ptr stays within + bounds in inner loop. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14932 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/dwarf2.c | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -2269,7 +2269,7 @@ decode_line_info (struct comp_unit *unit + bfd_vma high_pc = 0; + + /* Decode the table. */ +- while (! end_sequence) ++ while (!end_sequence && line_ptr < line_end) + { + op_code = read_1_byte (abfd, line_ptr, line_end); + line_ptr += 1; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-09-26 Alan Modra <amodra@gmail.com> ++ ++ PR 22204 ++ * dwarf2.c (decode_line_info): Ensure line_ptr stays within ++ bounds in inner loop. ++ + 2017-09-24 Alan Modra <amodra@gmail.com> + + PR 22191 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch new file mode 100644 index 0000000000..9df8138401 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch @@ -0,0 +1,58 @@ +From 30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 26 Sep 2017 14:37:47 +0100 +Subject: [PATCH] Avoid needless resource usage when processing a corrupt DWARF + directory or file name table. + + PR 22210 + * dwarf2.c (read_formatted_entries): Fail early if we know that + the loop parsing data entries will overflow the end of the + section. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14933 #1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/dwarf2.c | 10 ++++++++++ + 2 files changed, 17 insertions(+) + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-26 Nick Clifton <nickc@redhat.com> ++ ++ PR 22210 ++ * dwarf2.c (read_formatted_entries): Fail early if we know that ++ the loop parsing data entries will overflow the end of the ++ section. ++ + 2017-09-26 Alan Modra <amodra@gmail.com> + + PR 22204 +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -1933,6 +1933,17 @@ read_formatted_entries (struct comp_unit + + data_count = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, buf_end); + buf += bytes_read; ++ ++ /* PR 22210. Paranoia check. Don't bother running the loop ++ if we know that we are going to run out of buffer. */ ++ if (data_count > (bfd_vma) (buf_end - buf)) ++ { ++ _bfd_error_handler (_("Dwarf Error: data count (%Lx) larger than buffer size."), ++ data_count); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } ++ + for (datai = 0; datai < data_count; datai++) + { + bfd_byte *format = format_header_data; diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch new file mode 100644 index 0000000000..607d92f3d4 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch @@ -0,0 +1,102 @@ +From 33e0a9a056bd23e923b929a4f2ab049ade0b1c32 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 26 Sep 2017 23:20:06 +0930 +Subject: [PATCH] Tidy reading data in read_formatted_entries + +Using read_attribute_value accomplishes two things: It checks for +unexpected formats, and ensures the buffer pointer always increments. + + PR 22210 + * dwarf2.c (read_formatted_entries): Use read_attribute_value to + read data. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14933 #2 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/dwarf2.c | 37 +++++++------------------------------ + 2 files changed, 13 insertions(+), 30 deletions(-) + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-09-26 Alan Modra <amodra@gmail.com> ++ ++ PR 22210 ++ * dwarf2.c (read_formatted_entries): Use read_attribute_value to ++ read data. ++ + 2017-09-26 Nick Clifton <nickc@redhat.com> + + PR 22210 +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -1955,6 +1955,7 @@ read_formatted_entries (struct comp_unit + char *string_trash; + char **stringp = &string_trash; + unsigned int uint_trash, *uintp = &uint_trash; ++ struct attribute attr; + + content_type = _bfd_safe_read_leb128 (abfd, format, &bytes_read, + FALSE, buf_end); +@@ -1986,47 +1987,23 @@ read_formatted_entries (struct comp_unit + form = _bfd_safe_read_leb128 (abfd, format, &bytes_read, FALSE, + buf_end); + format += bytes_read; ++ ++ buf = read_attribute_value (&attr, form, 0, unit, buf, buf_end); ++ if (buf == NULL) ++ return FALSE; + switch (form) + { + case DW_FORM_string: +- *stringp = read_string (abfd, buf, buf_end, &bytes_read); +- buf += bytes_read; +- break; +- + case DW_FORM_line_strp: +- *stringp = read_indirect_line_string (unit, buf, buf_end, &bytes_read); +- buf += bytes_read; ++ *stringp = attr.u.str; + break; + + case DW_FORM_data1: +- *uintp = read_1_byte (abfd, buf, buf_end); +- buf += 1; +- break; +- + case DW_FORM_data2: +- *uintp = read_2_bytes (abfd, buf, buf_end); +- buf += 2; +- break; +- + case DW_FORM_data4: +- *uintp = read_4_bytes (abfd, buf, buf_end); +- buf += 4; +- break; +- + case DW_FORM_data8: +- *uintp = read_8_bytes (abfd, buf, buf_end); +- buf += 8; +- break; +- + case DW_FORM_udata: +- *uintp = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, +- buf_end); +- buf += bytes_read; +- break; +- +- case DW_FORM_block: +- /* It is valid only for DW_LNCT_timestamp which is ignored by +- current GDB. */ ++ *uintp = attr.u.val; + break; + } + } diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch new file mode 100644 index 0000000000..57733f08cf --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch @@ -0,0 +1,63 @@ +From 19485196044b2521af979f1e5c4a89bfb90fba0b Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 27 Sep 2017 10:42:51 +0100 +Subject: [PATCH] Prevent an infinite loop in the DWARF parsing code when + encountering a CU structure with a small negative size. + + PR 22219 + * dwarf.c (process_debug_info): Add a check for a negative + cu_length field. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14934 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 6 ++++++ + binutils/dwarf.c | 11 ++++++++++- + 2 files changed, 16 insertions(+), 1 deletion(-) + +Index: git/binutils/dwarf.c +=================================================================== +--- git.orig/binutils/dwarf.c ++++ git/binutils/dwarf.c +@@ -2547,7 +2547,7 @@ process_debug_info (struct dwarf_section + int level, last_level, saved_level; + dwarf_vma cu_offset; + unsigned int offset_size; +- int initial_length_size; ++ unsigned int initial_length_size; + dwarf_vma signature_high = 0; + dwarf_vma signature_low = 0; + dwarf_vma type_offset = 0; +@@ -2695,6 +2695,15 @@ process_debug_info (struct dwarf_section + num_units = unit; + break; + } ++ else if (compunit.cu_length + initial_length_size < initial_length_size) ++ { ++ warn (_("Debug info is corrupted, length of CU at %s is negative (%s)\n"), ++ dwarf_vmatoa ("x", cu_offset), ++ dwarf_vmatoa ("x", compunit.cu_length)); ++ num_units = unit; ++ break; ++ } ++ + tags = hdrptr; + start += compunit.cu_length + initial_length_size; + +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,9 @@ ++2017-09-27 Nick Clifton <nickc@redhat.com> ++ ++ PR 22219 ++ * dwarf.c (process_debug_info): Add a check for a negative ++ cu_length field. ++ + 2017-11-01 Alan Modra <amodra@gmail.com> + + Apply from master diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch new file mode 100644 index 0000000000..e62c73c06d --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch @@ -0,0 +1,64 @@ +From bd61e135492ecf624880e6b78e5fcde3c9716df6 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 14:34:57 +0930 +Subject: [PATCH] PR22166, SHT_GNU_verneed memory allocation + +The sanity check covers the previous minimim size, plus that the size +is at least enough for sh_info verneed entries. + +Also, since we write all verneed fields or exit with an error, there +isn't any need to zero the memory allocated for verneed entries. + + PR 22166 + * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on + SHT_GNU_verneed section for sanity. Don't zalloc memory for + verref. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14938 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/elf.c | 5 +++-- + 2 files changed, 10 insertions(+), 2 deletions(-) + +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c ++++ git/bfd/elf.c +@@ -8198,7 +8198,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd + + hdr = &elf_tdata (abfd)->dynverref_hdr; + +- if (hdr->sh_info == 0 || hdr->sh_size < sizeof (Elf_External_Verneed)) ++ if (hdr->sh_info == 0 ++ || hdr->sh_info > hdr->sh_size / sizeof (Elf_External_Verneed)) + { + error_return_bad_verref: + _bfd_error_handler +@@ -8219,7 +8220,7 @@ error_return_verref: + goto error_return_verref; + + elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) +- bfd_zalloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed)); ++ bfd_alloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed)); + + if (elf_tdata (abfd)->verref == NULL) + goto error_return_verref; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-24 Alan Modra <amodra@gmail.com> ++ ++ PR 22166 ++ * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on ++ SHT_GNU_verneed section for sanity. Don't zalloc memory for ++ verref. ++ + 2017-09-26 Alan Modra <amodra@gmail.com> + + PR 22210 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14939.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14939.patch new file mode 100644 index 0000000000..d1e4c3e609 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14939.patch @@ -0,0 +1,56 @@ +From 515f23e63c0074ab531bc954f84ca40c6281a724 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 14:36:16 +0930 +Subject: [PATCH] PR22169, heap-based buffer overflow in read_1_byte + +The .debug_line header length field doesn't include the length field +itself, ie. it's the size of the rest of .debug_line. + + PR 22169 + * dwarf2.c (decode_line_info): Correct .debug_line unit_length check. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14939 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/dwarf2.c | 7 ++++--- + 2 files changed, 9 insertions(+), 3 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -2084,12 +2084,13 @@ decode_line_info (struct comp_unit *unit + offset_size = 8; + } + +- if (unit->line_offset + lh.total_length > stash->dwarf_line_size) ++ if (lh.total_length > (size_t) (line_end - line_ptr)) + { + _bfd_error_handler + /* xgettext: c-format */ +- (_("Dwarf Error: Line info data is bigger (%#Lx) than the space remaining in the section (%#Lx)"), +- lh.total_length, stash->dwarf_line_size - unit->line_offset); ++ (_("Dwarf Error: Line info data is bigger (%#Lx)" ++ " than the space remaining in the section (%#lx)"), ++ lh.total_length, (unsigned long) (line_end - line_ptr)); + bfd_set_error (bfd_error_bad_value); + return NULL; + } +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,9 @@ + 2017-09-24 Alan Modra <amodra@gmail.com> ++ ++ PR 22169 ++ * dwarf2.c (decode_line_info): Correct .debug_line unit_length check. ++ ++2017-09-24 Alan Modra <amodra@gmail.com> + + PR 22166 + * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14940.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14940.patch new file mode 100644 index 0000000000..49b0bdc546 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14940.patch @@ -0,0 +1,47 @@ +From 0d76029f92182c3682d8be2c833d45bc9a2068fe Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 14:35:33 +0930 +Subject: [PATCH] PR22167, NULL pointer dereference in scan_unit_for_symbols + + PR 22167 + * dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14940 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/dwarf2.c | 3 ++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -3202,7 +3202,8 @@ scan_unit_for_symbols (struct comp_unit + case DW_FORM_block2: + case DW_FORM_block4: + case DW_FORM_exprloc: +- if (*attr.u.blk->data == DW_OP_addr) ++ if (attr.u.blk->data != NULL ++ && *attr.u.blk->data == DW_OP_addr) + { + var->stack = 0; + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,5 +1,10 @@ + 2017-09-24 Alan Modra <amodra@gmail.com> + ++ PR 22167 ++ * dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL. ++ ++2017-09-24 Alan Modra <amodra@gmail.com> ++ + PR 22169 + * dwarf2.c (decode_line_info): Correct .debug_line unit_length check. + diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch new file mode 100644 index 0000000000..caca7b107e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch @@ -0,0 +1,48 @@ +From 52b36c51e5bf6d7600fdc6ba115b170b0e78e31d Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 21:36:18 +0930 +Subject: [PATCH] PR22197, buffer overflow in bfd_get_debug_link_info_1 + + PR 22197 + * opncls.c (bfd_get_debug_link_info_1): Properly check that crc is + within section bounds. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15021 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/opncls.c | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +Index: git/bfd/opncls.c +=================================================================== +--- git.orig/bfd/opncls.c ++++ git/bfd/opncls.c +@@ -1200,7 +1200,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo + /* PR 17597: avoid reading off the end of the buffer. */ + crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1; + crc_offset = (crc_offset + 3) & ~3; +- if (crc_offset >= bfd_get_section_size (sect)) ++ if (crc_offset + 4 > bfd_get_section_size (sect)) + return NULL; + + *crc32 = bfd_get_32 (abfd, contents + crc_offset); +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,5 +1,11 @@ + 2017-09-24 Alan Modra <amodra@gmail.com> + ++ PR 22197 ++ * opncls.c (bfd_get_debug_link_info_1): Properly check that crc is ++ within section bounds. ++ ++2017-09-24 Alan Modra <amodra@gmail.com> ++ + PR 22167 + * dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL. + diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15022.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15022.patch new file mode 100644 index 0000000000..c9acfa7853 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15022.patch @@ -0,0 +1,61 @@ +From 11855d8a1f11b102a702ab76e95b22082cccf2f8 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Mon, 25 Sep 2017 19:46:34 +0930 +Subject: [PATCH] PR22201, DW_AT_name with out of bounds reference + +DW_AT_name ought to always have a string value. + + PR 22201 + * dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it + has string form. + (parse_comp_unit): Likewise. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15022 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/dwarf2.c | 6 ++++-- + 2 files changed, 11 insertions(+), 2 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -3177,7 +3177,8 @@ scan_unit_for_symbols (struct comp_unit + switch (attr.name) + { + case DW_AT_name: +- var->name = attr.u.str; ++ if (is_str_attr (attr.form)) ++ var->name = attr.u.str; + break; + + case DW_AT_decl_file: +@@ -3429,7 +3430,8 @@ parse_comp_unit (struct dwarf2_debug *st + break; + + case DW_AT_name: +- unit->name = attr.u.str; ++ if (is_str_attr (attr.form)) ++ unit->name = attr.u.str; + break; + + case DW_AT_low_pc: +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-25 Alan Modra <amodra@gmail.com> ++ ++ PR 22201 ++ * dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it ++ has string form. ++ (parse_comp_unit): Likewise. ++ + 2017-09-24 Alan Modra <amodra@gmail.com> + + PR 22197 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch new file mode 100644 index 0000000000..9439b7b55f --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch @@ -0,0 +1,52 @@ +From c361faae8d964db951b7100cada4dcdc983df1bf Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Mon, 25 Sep 2017 19:03:46 +0930 +Subject: [PATCH] PR22200, DWARF5 .debug_line sanity check + +The format_count entry can't be zero unless the count is also zero. + + PR 22200 + * dwarf2.c (read_formatted_entries): Error on format_count zero. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15023 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/dwarf2.c | 7 +++++++ + 2 files changed, 12 insertions(+) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -1934,6 +1934,13 @@ read_formatted_entries (struct comp_unit + data_count = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, buf_end); + buf += bytes_read; + ++ if (format_count == 0 && data_count != 0) ++ { ++ _bfd_error_handler (_("Dwarf Error: Zero format count.")); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } ++ + /* PR 22210. Paranoia check. Don't bother running the loop + if we know that we are going to run out of buffer. */ + if (data_count > (bfd_vma) (buf_end - buf)) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,9 @@ + 2017-09-25 Alan Modra <amodra@gmail.com> ++ ++ PR 22200 ++ * dwarf2.c (read_formatted_entries): Error on format_count zero. ++ ++2017-09-25 Alan Modra <amodra@gmail.com> + + PR 22201 + * dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch new file mode 100644 index 0000000000..53b072ebaf --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch @@ -0,0 +1,227 @@ +From 52a93b95ec0771c97e26f0bb28630a271a667bd2 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 14:37:16 +0930 +Subject: [PATCH] PR22187, infinite loop in find_abstract_instance_name + +This patch prevents the simple case of infinite recursion in +find_abstract_instance_name by ensuring that the attributes being +processed are not the same as the previous call. + +The patch also does a little cleanup, and leaves in place some changes +to the nested_funcs array that I made when I wrongly thought looping +might occur in scan_unit_for_symbols. + + PR 22187 + * dwarf2.c (find_abstract_instance_name): Add orig_info_ptr and + pname param. Return status. Make name const. Don't abort, + return an error. Formatting. Exit if current info_ptr matches + orig_info_ptr. Update callers. + (scan_unit_for_symbols): Start at nesting_level of zero. Make + nested_funcs an array of structs for extensibility. Formatting. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15024 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 10 ++++++++ + bfd/dwarf2.c | 76 +++++++++++++++++++++++++++++++++++++++-------------------- + 2 files changed, 61 insertions(+), 25 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -2823,9 +2823,11 @@ lookup_symbol_in_variable_table (struct + return FALSE; + } + +-static char * ++static bfd_boolean + find_abstract_instance_name (struct comp_unit *unit, ++ bfd_byte *orig_info_ptr, + struct attribute *attr_ptr, ++ const char **pname, + bfd_boolean *is_linkage) + { + bfd *abfd = unit->abfd; +@@ -2835,7 +2837,7 @@ find_abstract_instance_name (struct comp + struct abbrev_info *abbrev; + bfd_uint64_t die_ref = attr_ptr->u.val; + struct attribute attr; +- char *name = NULL; ++ const char *name = NULL; + + /* DW_FORM_ref_addr can reference an entry in a different CU. It + is an offset from the .debug_info section, not the current CU. */ +@@ -2844,7 +2846,12 @@ find_abstract_instance_name (struct comp + /* We only support DW_FORM_ref_addr within the same file, so + any relocations should be resolved already. */ + if (!die_ref) +- abort (); ++ { ++ _bfd_error_handler ++ (_("Dwarf Error: Abstract instance DIE ref zero.")); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } + + info_ptr = unit->sec_info_ptr + die_ref; + info_ptr_end = unit->end_ptr; +@@ -2879,9 +2886,10 @@ find_abstract_instance_name (struct comp + _bfd_error_handler + (_("Dwarf Error: Unable to read alt ref %u."), die_ref); + bfd_set_error (bfd_error_bad_value); +- return NULL; ++ return FALSE; + } +- info_ptr_end = unit->stash->alt_dwarf_info_buffer + unit->stash->alt_dwarf_info_size; ++ info_ptr_end = (unit->stash->alt_dwarf_info_buffer ++ + unit->stash->alt_dwarf_info_size); + + /* FIXME: Do we need to locate the correct CU, in a similar + fashion to the code in the DW_FORM_ref_addr case above ? */ +@@ -2904,6 +2912,7 @@ find_abstract_instance_name (struct comp + _bfd_error_handler + (_("Dwarf Error: Could not find abbrev number %u."), abbrev_number); + bfd_set_error (bfd_error_bad_value); ++ return FALSE; + } + else + { +@@ -2913,6 +2922,15 @@ find_abstract_instance_name (struct comp + info_ptr, info_ptr_end); + if (info_ptr == NULL) + break; ++ /* It doesn't ever make sense for DW_AT_specification to ++ refer to the same DIE. Stop simple recursion. */ ++ if (info_ptr == orig_info_ptr) ++ { ++ _bfd_error_handler ++ (_("Dwarf Error: Abstract instance recursion detected.")); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } + switch (attr.name) + { + case DW_AT_name: +@@ -2926,7 +2944,9 @@ find_abstract_instance_name (struct comp + } + break; + case DW_AT_specification: +- name = find_abstract_instance_name (unit, &attr, is_linkage); ++ if (!find_abstract_instance_name (unit, info_ptr, &attr, ++ pname, is_linkage)) ++ return FALSE; + break; + case DW_AT_linkage_name: + case DW_AT_MIPS_linkage_name: +@@ -2944,7 +2964,8 @@ find_abstract_instance_name (struct comp + } + } + } +- return name; ++ *pname = name; ++ return TRUE; + } + + static bfd_boolean +@@ -3005,20 +3026,22 @@ scan_unit_for_symbols (struct comp_unit + bfd *abfd = unit->abfd; + bfd_byte *info_ptr = unit->first_child_die_ptr; + bfd_byte *info_ptr_end = unit->stash->info_ptr_end; +- int nesting_level = 1; +- struct funcinfo **nested_funcs; ++ int nesting_level = 0; ++ struct nest_funcinfo { ++ struct funcinfo *func; ++ } *nested_funcs; + int nested_funcs_size; + + /* Maintain a stack of in-scope functions and inlined functions, which we + can use to set the caller_func field. */ + nested_funcs_size = 32; +- nested_funcs = (struct funcinfo **) +- bfd_malloc (nested_funcs_size * sizeof (struct funcinfo *)); ++ nested_funcs = (struct nest_funcinfo *) ++ bfd_malloc (nested_funcs_size * sizeof (*nested_funcs)); + if (nested_funcs == NULL) + return FALSE; +- nested_funcs[nesting_level] = 0; ++ nested_funcs[nesting_level].func = 0; + +- while (nesting_level) ++ while (nesting_level >= 0) + { + unsigned int abbrev_number, bytes_read, i; + struct abbrev_info *abbrev; +@@ -3076,13 +3099,13 @@ scan_unit_for_symbols (struct comp_unit + BFD_ASSERT (!unit->cached); + + if (func->tag == DW_TAG_inlined_subroutine) +- for (i = nesting_level - 1; i >= 1; i--) +- if (nested_funcs[i]) ++ for (i = nesting_level; i-- != 0; ) ++ if (nested_funcs[i].func) + { +- func->caller_func = nested_funcs[i]; ++ func->caller_func = nested_funcs[i].func; + break; + } +- nested_funcs[nesting_level] = func; ++ nested_funcs[nesting_level].func = func; + } + else + { +@@ -3102,12 +3125,13 @@ scan_unit_for_symbols (struct comp_unit + } + + /* No inline function in scope at this nesting level. */ +- nested_funcs[nesting_level] = 0; ++ nested_funcs[nesting_level].func = 0; + } + + for (i = 0; i < abbrev->num_attrs; ++i) + { +- info_ptr = read_attribute (&attr, &abbrev->attrs[i], unit, info_ptr, info_ptr_end); ++ info_ptr = read_attribute (&attr, &abbrev->attrs[i], ++ unit, info_ptr, info_ptr_end); + if (info_ptr == NULL) + goto fail; + +@@ -3126,8 +3150,10 @@ scan_unit_for_symbols (struct comp_unit + + case DW_AT_abstract_origin: + case DW_AT_specification: +- func->name = find_abstract_instance_name (unit, &attr, +- &func->is_linkage); ++ if (!find_abstract_instance_name (unit, info_ptr, &attr, ++ &func->name, ++ &func->is_linkage)) ++ goto fail; + break; + + case DW_AT_name: +@@ -3254,17 +3280,17 @@ scan_unit_for_symbols (struct comp_unit + + if (nesting_level >= nested_funcs_size) + { +- struct funcinfo **tmp; ++ struct nest_funcinfo *tmp; + + nested_funcs_size *= 2; +- tmp = (struct funcinfo **) ++ tmp = (struct nest_funcinfo *) + bfd_realloc (nested_funcs, +- nested_funcs_size * sizeof (struct funcinfo *)); ++ nested_funcs_size * sizeof (*nested_funcs)); + if (tmp == NULL) + goto fail; + nested_funcs = tmp; + } +- nested_funcs[nesting_level] = 0; ++ nested_funcs[nesting_level].func = 0; + } + } + diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15025.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15025.patch new file mode 100644 index 0000000000..ce5315976a --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15025.patch @@ -0,0 +1,47 @@ +From d8010d3e75ec7194a4703774090b27486b742d48 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 14:36:48 +0930 +Subject: [PATCH] PR22186, divide-by-zero in decode_line_info + + PR 22186 + * dwarf2.c (decode_line_info): Fail on lh.line_range of zero + rather than dividing by zero. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15025 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/dwarf2.c | 2 ++ + 2 files changed, 8 insertions(+) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -2432,6 +2432,8 @@ decode_line_info (struct comp_unit *unit + case DW_LNS_set_basic_block: + break; + case DW_LNS_const_add_pc: ++ if (lh.line_range == 0) ++ goto line_fail; + if (lh.maximum_ops_per_insn == 1) + address += (lh.minimum_instruction_length + * ((255 - lh.opcode_base) / lh.line_range)); +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-24 Alan Modra <amodra@gmail.com> ++ ++ PR 22186 ++ * dwarf2.c (decode_line_info): Fail on lh.line_range of zero ++ rather than dividing by zero. ++ ++ + 2017-09-25 Alan Modra <amodra@gmail.com> + + PR 22200 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15225.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15225.patch new file mode 100644 index 0000000000..2ef3f53737 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15225.patch @@ -0,0 +1,48 @@ +From b55ec8b676ed05d93ee49d6c79ae0403616c4fb0 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Mon, 9 Oct 2017 13:21:44 +1030 +Subject: [PATCH] PR22212, memory leak in nm + + PR 22212 + * dwarf2.c (_bfd_dwarf2_cleanup_debug_info): Free + funcinfo_hash_table and varinfo_hash_table. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15225 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/dwarf2.c | 4 ++++ + 2 files changed, 10 insertions(+) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -4932,6 +4932,10 @@ _bfd_dwarf2_cleanup_debug_info (bfd *abf + } + } + ++ if (stash->funcinfo_hash_table) ++ bfd_hash_table_free (&stash->funcinfo_hash_table->base); ++ if (stash->varinfo_hash_table) ++ bfd_hash_table_free (&stash->varinfo_hash_table->base); + if (stash->dwarf_abbrev_buffer) + free (stash->dwarf_abbrev_buffer); + if (stash->dwarf_line_buffer) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-10-09 Alan Modra <amodra@gmail.com> ++ ++ PR 22212 ++ * dwarf2.c (_bfd_dwarf2_cleanup_debug_info): Free ++ funcinfo_hash_table and varinfo_hash_table. ++ + 2017-09-24 Alan Modra <amodra@gmail.com> + + PR 22186 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15939.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15939.patch new file mode 100644 index 0000000000..bccad763f4 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15939.patch @@ -0,0 +1,113 @@ +From a54018b72d75abf2e74bf36016702da06399c1d9 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 26 Sep 2017 09:38:26 +0930 +Subject: [PATCH] PR22205, .debug_line file table NULL filename + +The PR22200 fuzzer testcase found one way to put NULLs into .debug_line +file tables. PR22205 finds another. This patch gives up on trying to +prevent NULL files in the file table and instead just copes with them. +Arguably, this is better than giving up and showing no info from +.debug_line. I've also fixed a case where the fairly recent DWARF5 +support in handling broken DWARG could result in uninitialized memory +reads, and made a small tidy. + + PR 22205 + * dwarf2.c (concat_filename): Return "<unknown>" on NULL filename. + (read_formatted_entries): Init "fe". + (decode_line_info <DW_LNE_define_file>): Use line_info_add_file_name. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15939 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/dwarf2.c | 35 +++++++++++++---------------------- + 2 files changed, 20 insertions(+), 22 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -1597,6 +1597,8 @@ concat_filename (struct line_info_table + } + + filename = table->files[file - 1].name; ++ if (filename == NULL) ++ return strdup ("<unknown>"); + + if (!IS_ABSOLUTE_PATH (filename)) + { +@@ -1956,6 +1958,7 @@ read_formatted_entries (struct comp_unit + bfd_byte *format = format_header_data; + struct fileinfo fe; + ++ memset (&fe, 0, sizeof fe); + for (formati = 0; formati < format_count; formati++) + { + bfd_vma content_type, form; +@@ -2256,6 +2259,7 @@ decode_line_info (struct comp_unit *unit + unsigned int discriminator = 0; + int is_stmt = lh.default_is_stmt; + int end_sequence = 0; ++ unsigned int dir, xtime, size; + /* eraxxon@alumni.rice.edu: Against the DWARF2 specs, some + compilers generate address sequences that are wildly out of + order using DW_LNE_set_address (e.g. Intel C++ 6.0 compiler +@@ -2330,31 +2334,18 @@ decode_line_info (struct comp_unit *unit + case DW_LNE_define_file: + cur_file = read_string (abfd, line_ptr, line_end, &bytes_read); + line_ptr += bytes_read; +- if ((table->num_files % FILE_ALLOC_CHUNK) == 0) +- { +- struct fileinfo *tmp; +- +- amt = table->num_files + FILE_ALLOC_CHUNK; +- amt *= sizeof (struct fileinfo); +- tmp = (struct fileinfo *) bfd_realloc (table->files, amt); +- if (tmp == NULL) +- goto line_fail; +- table->files = tmp; +- } +- table->files[table->num_files].name = cur_file; +- table->files[table->num_files].dir = +- _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, +- FALSE, line_end); ++ dir = _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, ++ FALSE, line_end); + line_ptr += bytes_read; +- table->files[table->num_files].time = +- _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, +- FALSE, line_end); ++ xtime = _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, ++ FALSE, line_end); + line_ptr += bytes_read; +- table->files[table->num_files].size = +- _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, +- FALSE, line_end); ++ size = _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, ++ FALSE, line_end); + line_ptr += bytes_read; +- table->num_files++; ++ if (!line_info_add_file_name (table, cur_file, dir, ++ xtime, size)) ++ goto line_fail; + break; + case DW_LNE_set_discriminator: + discriminator = +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-26 Alan Modra <amodra@gmail.com> ++ ++ PR 22205 ++ * dwarf2.c (concat_filename): Return "<unknown>" on NULL filename. ++ (read_formatted_entries): Init "fe". ++ (decode_line_info <DW_LNE_define_file>): Use line_info_add_file_name. ++ + 2017-10-09 Alan Modra <amodra@gmail.com> + + PR 22212 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15996.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15996.patch new file mode 100644 index 0000000000..dab8380e33 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15996.patch @@ -0,0 +1,84 @@ +From d91f0b20e561e326ee91a09a76206257bde8438b Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sat, 28 Oct 2017 21:31:16 +1030 +Subject: [PATCH] PR22361 readelf buffer overflow on fuzzed archive header + + PR 22361 + * readelf.c (process_archive_index_and_symbols): Ensure ar_size + field is zero terminated for strtoul. + (setup_archive, get_archive_member_name): Likewise. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15996 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 7 +++++++ + binutils/elfcomm.c | 11 +++++++++++ + 2 files changed, 18 insertions(+) + +Index: git/binutils/elfcomm.c +=================================================================== +--- git.orig/binutils/elfcomm.c ++++ git/binutils/elfcomm.c +@@ -466,8 +466,12 @@ process_archive_index_and_symbols (struc + { + size_t got; + unsigned long size; ++ char fmag_save; + ++ fmag_save = arch->arhdr.ar_fmag[0]; ++ arch->arhdr.ar_fmag[0] = 0; + size = strtoul (arch->arhdr.ar_size, NULL, 10); ++ arch->arhdr.ar_fmag[0] = fmag_save; + /* PR 17531: file: 912bd7de. */ + if ((signed long) size < 0) + { +@@ -655,7 +659,10 @@ setup_archive (struct archive_info *arch + if (const_strneq (arch->arhdr.ar_name, "// ")) + { + /* This is the archive string table holding long member names. */ ++ char fmag_save = arch->arhdr.ar_fmag[0]; ++ arch->arhdr.ar_fmag[0] = 0; + arch->longnames_size = strtoul (arch->arhdr.ar_size, NULL, 10); ++ arch->arhdr.ar_fmag[0] = fmag_save; + /* PR 17531: file: 01068045. */ + if (arch->longnames_size < 8) + { +@@ -758,6 +765,7 @@ get_archive_member_name (struct archive_ + char *endp; + char *member_file_name; + char *member_name; ++ char fmag_save; + + if (arch->longnames == NULL || arch->longnames_size == 0) + { +@@ -766,9 +774,12 @@ get_archive_member_name (struct archive_ + } + + arch->nested_member_origin = 0; ++ fmag_save = arch->arhdr.ar_fmag[0]; ++ arch->arhdr.ar_fmag[0] = 0; + k = j = strtoul (arch->arhdr.ar_name + 1, &endp, 10); + if (arch->is_thin_archive && endp != NULL && * endp == ':') + arch->nested_member_origin = strtoul (endp + 1, NULL, 10); ++ arch->arhdr.ar_fmag[0] = fmag_save; + + if (j > arch->longnames_size) + { +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-10-28 Alan Modra <amodra@gmail.com> ++ ++ PR 22361 ++ * readelf.c (process_archive_index_and_symbols): Ensure ar_size ++ field is zero terminated for strtoul. ++ (setup_archive, get_archive_member_name): Likewise. ++ + 2017-09-26 Alan Modra <amodra@gmail.com> + + PR 22205 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch new file mode 100644 index 0000000000..bb24ba8834 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch @@ -0,0 +1,53 @@ +From a67d66eb97e7613a38ffe6622d837303b3ecd31d Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 1 Nov 2017 15:21:46 +0000 +Subject: [PATCH] Prevent illegal memory accesses when attempting to read + excessively large COFF line number tables. + + PR 22376 + * coffcode.h (coff_slurp_line_table): Check for an excessively + large line number count. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16826 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/coffcode.h | 8 ++++++++ + 2 files changed, 14 insertions(+) + +Index: git/bfd/coffcode.h +=================================================================== +--- git.orig/bfd/coffcode.h ++++ git/bfd/coffcode.h +@@ -4578,6 +4578,14 @@ coff_slurp_line_table (bfd *abfd, asecti + + BFD_ASSERT (asect->lineno == NULL); + ++ if (asect->lineno_count > asect->size) ++ { ++ _bfd_error_handler ++ (_("%B: warning: line number count (%#lx) exceeds section size (%#lx)"), ++ abfd, (unsigned long) asect->lineno_count, (unsigned long) asect->size); ++ return FALSE; ++ } ++ + amt = ((bfd_size_type) asect->lineno_count + 1) * sizeof (alent); + lineno_cache = (alent *) bfd_alloc (abfd, amt); + if (lineno_cache == NULL) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-11-01 Nick Clifton <nickc@redhat.com> ++ ++ PR 22376 ++ * coffcode.h (coff_slurp_line_table): Check for an excessively ++ large line number count. ++ + 2017-10-28 Alan Modra <amodra@gmail.com> + + PR 22361 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16827.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16827.patch new file mode 100644 index 0000000000..dbc577c8e0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16827.patch @@ -0,0 +1,95 @@ +From 0301ce1486b1450f219202677f30d0fa97335419 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 17 Oct 2017 16:43:47 +1030 +Subject: [PATCH] PR22306, Invalid free() in slurp_symtab() + + PR 22306 + * aoutx.h (aout_get_external_symbols): Handle stringsize of zero, + and error for any other size that doesn't cover the header word. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16827 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/aoutx.h | 45 ++++++++++++++++++++++++++++++--------------- + 2 files changed, 36 insertions(+), 15 deletions(-) + +Index: git/bfd/aoutx.h +=================================================================== +--- git.orig/bfd/aoutx.h ++++ git/bfd/aoutx.h +@@ -1352,27 +1352,42 @@ aout_get_external_symbols (bfd *abfd) + || bfd_bread ((void *) string_chars, amt, abfd) != amt) + return FALSE; + stringsize = GET_WORD (abfd, string_chars); ++ if (stringsize == 0) ++ stringsize = 1; ++ else if (stringsize < BYTES_IN_WORD ++ || (size_t) stringsize != stringsize) ++ { ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } + + #ifdef USE_MMAP +- if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize, +- &obj_aout_string_window (abfd), TRUE)) +- return FALSE; +- strings = (char *) obj_aout_string_window (abfd).data; +-#else +- strings = (char *) bfd_malloc (stringsize + 1); +- if (strings == NULL) +- return FALSE; +- +- /* Skip space for the string count in the buffer for convenience +- when using indexes. */ +- amt = stringsize - BYTES_IN_WORD; +- if (bfd_bread (strings + BYTES_IN_WORD, amt, abfd) != amt) ++ if (stringsize >= BYTES_IN_WORD) + { +- free (strings); +- return FALSE; ++ if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize, ++ &obj_aout_string_window (abfd), TRUE)) ++ return FALSE; ++ strings = (char *) obj_aout_string_window (abfd).data; + } ++ else + #endif ++ { ++ strings = (char *) bfd_malloc (stringsize); ++ if (strings == NULL) ++ return FALSE; + ++ if (stringsize >= BYTES_IN_WORD) ++ { ++ /* Keep the string count in the buffer for convenience ++ when indexing with e_strx. */ ++ amt = stringsize - BYTES_IN_WORD; ++ if (bfd_bread (strings + BYTES_IN_WORD, amt, abfd) != amt) ++ { ++ free (strings); ++ return FALSE; ++ } ++ } ++ } + /* Ensure that a zero index yields an empty string. */ + strings[0] = '\0'; + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-10-17 Alan Modra <amodra@gmail.com> ++ ++ PR 22306 ++ * aoutx.h (aout_get_external_symbols): Handle stringsize of zero, ++ and error for any other size that doesn't cover the header word. ++ + 2017-11-01 Nick Clifton <nickc@redhat.com> + + PR 22376 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p1.patch new file mode 100644 index 0000000000..310908f86d --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p1.patch @@ -0,0 +1,79 @@ +From 9c0f3d3f2017829ffd908c9893b85094985c3b58 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Thu, 5 Oct 2017 17:32:18 +1030 +Subject: [PATCH] PR22239 - invalid memory read in display_debug_frames + +Pointer comparisons have traps for the unwary. After adding a large +unknown value to "start", the test "start < end" depends on where +"start" is originally in memory. + + PR 22239 + * dwarf.c (read_cie): Don't compare "start" and "end" pointers + after adding a possibly wild length to "start", compare the length + to the difference of the pointers instead. Remove now redundant + "negative" length test. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16828 patch1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 8 ++++++++ + binutils/dwarf.c | 15 ++++----------- + 2 files changed, 12 insertions(+), 11 deletions(-) + +Index: git/binutils/dwarf.c +=================================================================== +--- git.orig/binutils/dwarf.c ++++ git/binutils/dwarf.c +@@ -6652,14 +6652,14 @@ read_cie (unsigned char *start, unsigned + { + READ_ULEB (augmentation_data_len); + augmentation_data = start; +- start += augmentation_data_len; + /* PR 17512: file: 11042-2589-0.004. */ +- if (start > end) ++ if (augmentation_data_len > (size_t) (end - start)) + { + warn (_("Augmentation data too long: %#lx, expected at most %#lx\n"), +- augmentation_data_len, (long)((end - start) + augmentation_data_len)); ++ augmentation_data_len, (unsigned long) (end - start)); + return end; + } ++ start += augmentation_data_len; + } + + if (augmentation_data_len) +@@ -6672,14 +6672,7 @@ read_cie (unsigned char *start, unsigned + q = augmentation_data; + qend = q + augmentation_data_len; + +- /* PR 17531: file: 015adfaa. */ +- if (qend < q) +- { +- warn (_("Negative augmentation data length: 0x%lx"), augmentation_data_len); +- augmentation_data_len = 0; +- } +- +- while (p < end && q < augmentation_data + augmentation_data_len) ++ while (p < end && q < qend) + { + if (*p == 'L') + q++; +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,11 @@ ++2017-10-05 Alan Modra <amodra@gmail.com> ++ ++ PR 22239 ++ * dwarf.c (read_cie): Don't compare "start" and "end" pointers ++ after adding a possibly wild length to "start", compare the length ++ to the difference of the pointers instead. Remove now redundant ++ "negative" length test. ++ + 2017-09-27 Nick Clifton <nickc@redhat.com> + + PR 22219 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p2.patch new file mode 100644 index 0000000000..5073d31ce0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p2.patch @@ -0,0 +1,149 @@ +From bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Fri, 3 Nov 2017 13:57:15 +0000 +Subject: [PATCH] Fix integer overflow problems when reading an ELF binary with + corrupt augmentation data. + + PR 22386 + * dwarf.c (read_cie): Use bfd_size_type for + augmentation_data_len. + (display_augmentation_data): New function. + (display_debug_frames): Use it. + Check for integer overflow when testing augmentation_data_len. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16828 patch2 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 10 +++++++++ + binutils/dwarf.c | 65 +++++++++++++++++++++++++++++++++--------------------- + 2 files changed, 50 insertions(+), 25 deletions(-) + +Index: git/binutils/dwarf.c +=================================================================== +--- git.orig/binutils/dwarf.c ++++ git/binutils/dwarf.c +@@ -6577,13 +6577,13 @@ frame_display_row (Frame_Chunk *fc, int + static unsigned char * + read_cie (unsigned char *start, unsigned char *end, + Frame_Chunk **p_cie, int *p_version, +- unsigned long *p_aug_len, unsigned char **p_aug) ++ bfd_size_type *p_aug_len, unsigned char **p_aug) + { + int version; + Frame_Chunk *fc; + unsigned int length_return; + unsigned char *augmentation_data = NULL; +- unsigned long augmentation_data_len = 0; ++ bfd_size_type augmentation_data_len = 0; + + * p_cie = NULL; + /* PR 17512: file: 001-228113-0.004. */ +@@ -6653,10 +6653,11 @@ read_cie (unsigned char *start, unsigned + READ_ULEB (augmentation_data_len); + augmentation_data = start; + /* PR 17512: file: 11042-2589-0.004. */ +- if (augmentation_data_len > (size_t) (end - start)) ++ if (augmentation_data_len > (bfd_size_type) (end - start)) + { +- warn (_("Augmentation data too long: %#lx, expected at most %#lx\n"), +- augmentation_data_len, (unsigned long) (end - start)); ++ warn (_("Augmentation data too long: 0x%s, expected at most %#lx\n"), ++ dwarf_vmatoa ("x", augmentation_data_len), ++ (unsigned long) (end - start)); + return end; + } + start += augmentation_data_len; +@@ -6701,6 +6702,31 @@ read_cie (unsigned char *start, unsigned + return start; + } + ++/* Prints out the contents on the augmentation data array. ++ If do_wide is not enabled, then formats the output to fit into 80 columns. */ ++ ++static void ++display_augmentation_data (const unsigned char * data, const bfd_size_type len) ++{ ++ bfd_size_type i; ++ ++ i = printf (_(" Augmentation data: ")); ++ ++ if (do_wide || len < ((80 - i) / 3)) ++ for (i = 0; i < len; ++i) ++ printf (" %02x", data[i]); ++ else ++ { ++ for (i = 0; i < len; ++i) ++ { ++ if (i % (80 / 3) == 0) ++ putchar ('\n'); ++ printf (" %02x", data[i]); ++ } ++ } ++ putchar ('\n'); ++} ++ + static int + display_debug_frames (struct dwarf_section *section, + void *file ATTRIBUTE_UNUSED) +@@ -6729,7 +6755,7 @@ display_debug_frames (struct dwarf_secti + Frame_Chunk *cie; + int need_col_headers = 1; + unsigned char *augmentation_data = NULL; +- unsigned long augmentation_data_len = 0; ++ bfd_size_type augmentation_data_len = 0; + unsigned int encoded_ptr_size = saved_eh_addr_size; + unsigned int offset_size; + unsigned int initial_length_size; +@@ -6823,16 +6849,8 @@ display_debug_frames (struct dwarf_secti + printf (" Return address column: %d\n", fc->ra); + + if (augmentation_data_len) +- { +- unsigned long i; ++ display_augmentation_data (augmentation_data, augmentation_data_len); + +- printf (" Augmentation data: "); +- for (i = 0; i < augmentation_data_len; ++i) +- /* FIXME: If do_wide is FALSE, then we should +- add carriage returns at 80 columns... */ +- printf (" %02x", augmentation_data[i]); +- putchar ('\n'); +- } + putchar ('\n'); + } + } +@@ -6988,11 +7006,13 @@ display_debug_frames (struct dwarf_secti + READ_ULEB (augmentation_data_len); + augmentation_data = start; + start += augmentation_data_len; +- /* PR 17512: file: 722-8446-0.004. */ +- if (start >= end || ((signed long) augmentation_data_len) < 0) ++ /* PR 17512 file: 722-8446-0.004 and PR 22386. */ ++ if (start >= end ++ || ((bfd_signed_vma) augmentation_data_len) < 0 ++ || augmentation_data > start) + { +- warn (_("Corrupt augmentation data length: %lx\n"), +- augmentation_data_len); ++ warn (_("Corrupt augmentation data length: 0x%s\n"), ++ dwarf_vmatoa ("x", augmentation_data_len)); + start = end; + augmentation_data = NULL; + augmentation_data_len = 0; +@@ -7014,12 +7034,7 @@ display_debug_frames (struct dwarf_secti + + if (! do_debug_frames_interp && augmentation_data_len) + { +- unsigned long i; +- +- printf (" Augmentation data: "); +- for (i = 0; i < augmentation_data_len; ++i) +- printf (" %02x", augmentation_data[i]); +- putchar ('\n'); ++ display_augmentation_data (augmentation_data, augmentation_data_len); + putchar ('\n'); + } + } diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16829.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16829.patch new file mode 100644 index 0000000000..f9410e2728 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16829.patch @@ -0,0 +1,82 @@ +From cf54ebff3b7361989712fd9c0128a9b255578163 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 17 Oct 2017 21:57:29 +1030 +Subject: [PATCH] PR22307, Heap out of bounds read in + _bfd_elf_parse_gnu_properties + +When adding an unbounded increment to a pointer, you can't just check +against the end of the buffer but also must check that overflow +doesn't result in "negative" pointer movement. Pointer comparisons +are signed. Better, check the increment against the space left using +an unsigned comparison. + + PR 22307 + * elf-properties.c (_bfd_elf_parse_gnu_properties): Compare datasz + against size left rather than comparing pointers. Reorganise loop. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16829 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/elf-properties.c | 18 +++++++++--------- + 2 files changed, 15 insertions(+), 9 deletions(-) + +Index: git/bfd/elf-properties.c +=================================================================== +--- git.orig/bfd/elf-properties.c ++++ git/bfd/elf-properties.c +@@ -93,15 +93,20 @@ bad_size: + return FALSE; + } + +- while (1) ++ while (ptr != ptr_end) + { +- unsigned int type = bfd_h_get_32 (abfd, ptr); +- unsigned int datasz = bfd_h_get_32 (abfd, ptr + 4); ++ unsigned int type; ++ unsigned int datasz; + elf_property *prop; + ++ if ((size_t) (ptr_end - ptr) < 8) ++ goto bad_size; ++ ++ type = bfd_h_get_32 (abfd, ptr); ++ datasz = bfd_h_get_32 (abfd, ptr + 4); + ptr += 8; + +- if ((ptr + datasz) > ptr_end) ++ if (datasz > (size_t) (ptr_end - ptr)) + { + _bfd_error_handler + (_("warning: %B: corrupt GNU_PROPERTY_TYPE (%ld) type (0x%x) datasz: 0x%x"), +@@ -182,11 +187,6 @@ bad_size: + + next: + ptr += (datasz + (align_size - 1)) & ~ (align_size - 1); +- if (ptr == ptr_end) +- break; +- +- if (ptr > (ptr_end - 8)) +- goto bad_size; + } + + return TRUE; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,10 @@ + 2017-10-17 Alan Modra <amodra@gmail.com> ++ ++ PR 22307 ++ * elf-properties.c (_bfd_elf_parse_gnu_properties): Compare datasz ++ against size left rather than comparing pointers. Reorganise loop. ++ ++2017-10-17 Alan Modra <amodra@gmail.com> + + PR 22306 + * aoutx.h (aout_get_external_symbols): Handle stringsize of zero, diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch new file mode 100644 index 0000000000..1382c8e3e7 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch @@ -0,0 +1,91 @@ +From 6ab2c4ed51f9c4243691755e1b1d2149c6a426f4 Mon Sep 17 00:00:00 2001 +From: Mingi Cho <mgcho.minic@gmail.com> +Date: Thu, 2 Nov 2017 17:01:08 +0000 +Subject: [PATCH] Work around integer overflows when readelf is checking for + corrupt ELF notes when run on a 32-bit host. + + PR 22384 + * readelf.c (print_gnu_property_note): Improve overflow checks so + that they will work on a 32-bit host. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16830 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 6 ++++++ + binutils/readelf.c | 33 +++++++++++++++++---------------- + 2 files changed, 23 insertions(+), 16 deletions(-) + +Index: git/binutils/readelf.c +=================================================================== +--- git.orig/binutils/readelf.c ++++ git/binutils/readelf.c +@@ -16431,15 +16431,24 @@ print_gnu_property_note (Elf_Internal_No + return; + } + +- while (1) ++ while (ptr < ptr_end) + { + unsigned int j; +- unsigned int type = byte_get (ptr, 4); +- unsigned int datasz = byte_get (ptr + 4, 4); ++ unsigned int type; ++ unsigned int datasz; ++ ++ if ((size_t) (ptr_end - ptr) < 8) ++ { ++ printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz); ++ break; ++ } ++ ++ type = byte_get (ptr, 4); ++ datasz = byte_get (ptr + 4, 4); + + ptr += 8; + +- if ((ptr + datasz) > ptr_end) ++ if (datasz > (size_t) (ptr_end - ptr)) + { + printf (_("<corrupt type (%#x) datasz: %#x>\n"), + type, datasz); +@@ -16520,19 +16529,11 @@ next: + ptr += ((datasz + (size - 1)) & ~ (size - 1)); + if (ptr == ptr_end) + break; +- else +- { +- if (do_wide) +- printf (", "); +- else +- printf ("\n\t"); +- } + +- if (ptr > (ptr_end - 8)) +- { +- printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz); +- break; +- } ++ if (do_wide) ++ printf (", "); ++ else ++ printf ("\n\t"); + } + + printf ("\n"); +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,9 @@ ++2017-11-02 Mingi Cho <mgcho.minic@gmail.com> ++ ++ PR 22384 ++ * readelf.c (print_gnu_property_note): Improve overflow checks so ++ that they will work on a 32-bit host. ++ + 2017-10-05 Alan Modra <amodra@gmail.com> + + PR 22239 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16831.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16831.patch new file mode 100644 index 0000000000..7acd5e0f2f --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16831.patch @@ -0,0 +1,77 @@ +From 6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Fri, 3 Nov 2017 11:55:21 +0000 +Subject: [PATCH] Fix excessive memory allocation attempts and possible integer + overfloaws when attempting to read a COFF binary with a corrupt symbol count. + + PR 22385 + * coffgen.c (_bfd_coff_get_external_symbols): Check for an + overlarge raw syment count. + (coff_get_normalized_symtab): Likewise. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16831 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 8 ++++++++ + bfd/coffgen.c | 17 +++++++++++++++-- + 2 files changed, 23 insertions(+), 2 deletions(-) + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,11 @@ ++2017-11-03 Mingi Cho <mgcho.minic@gmail.com> ++ Nick Clifton <nickc@redhat.com> ++ ++ PR 22385 ++ * coffgen.c (_bfd_coff_get_external_symbols): Check for an ++ overlarge raw syment count. ++ (coff_get_normalized_symtab): Likewise. ++ + 2017-10-17 Alan Modra <amodra@gmail.com> + + PR 22307 +Index: git/bfd/coffgen.c +=================================================================== +--- git.orig/bfd/coffgen.c ++++ git/bfd/coffgen.c +@@ -1640,13 +1640,23 @@ _bfd_coff_get_external_symbols (bfd *abf + size = obj_raw_syment_count (abfd) * symesz; + if (size == 0) + return TRUE; ++ /* Check for integer overflow and for unreasonable symbol counts. */ ++ if (size < obj_raw_syment_count (abfd) ++ || (bfd_get_file_size (abfd) > 0 ++ && size > bfd_get_file_size (abfd))) ++ ++ { ++ _bfd_error_handler (_("%B: corrupt symbol count: %#Lx"), ++ abfd, obj_raw_syment_count (abfd)); ++ return FALSE; ++ } + + syms = bfd_malloc (size); + if (syms == NULL) + { + /* PR 21013: Provide an error message when the alloc fails. */ +- _bfd_error_handler (_("%B: Not enough memory to allocate space for %lu symbols"), +- abfd, size); ++ _bfd_error_handler (_("%B: not enough memory to allocate space for %#Lx symbols of size %#Lx"), ++ abfd, obj_raw_syment_count (abfd), symesz); + return FALSE; + } + +@@ -1790,6 +1800,9 @@ coff_get_normalized_symtab (bfd *abfd) + return NULL; + + size = obj_raw_syment_count (abfd) * sizeof (combined_entry_type); ++ /* Check for integer overflow. */ ++ if (size < obj_raw_syment_count (abfd)) ++ return NULL; + internal = (combined_entry_type *) bfd_zalloc (abfd, size); + if (internal == NULL && size != 0) + return NULL; diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch new file mode 100644 index 0000000000..9044bccf95 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch @@ -0,0 +1,61 @@ +From 0bb6961f18b8e832d88b490d421ca56cea16c45b Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 31 Oct 2017 14:29:40 +0000 +Subject: [PATCH] Fix illegal memory access triggered when parsing a PE binary + with a corrupt data dictionary. + + PR 22373 + * peicode.h (pe_bfd_read_buildid): Check for invalid size and data + offset values. + +Upstrem-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16832 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/peicode.h | 9 ++++++--- + 2 files changed, 12 insertions(+), 3 deletions(-) + +Index: git/bfd/peicode.h +=================================================================== +--- git.orig/bfd/peicode.h ++++ git/bfd/peicode.h +@@ -1303,7 +1303,6 @@ pe_bfd_read_buildid (bfd *abfd) + bfd_byte *data = 0; + bfd_size_type dataoff; + unsigned int i; +- + bfd_vma addr = extra->DataDirectory[PE_DEBUG_DATA].VirtualAddress; + bfd_size_type size = extra->DataDirectory[PE_DEBUG_DATA].Size; + +@@ -1327,8 +1326,12 @@ pe_bfd_read_buildid (bfd *abfd) + + dataoff = addr - section->vma; + +- /* PR 20605: Make sure that the data is really there. */ +- if (dataoff + size > section->size) ++ /* PR 20605 and 22373: Make sure that the data is really there. ++ Note - since we are dealing with unsigned quantities we have ++ to be careful to check for potential overflows. */ ++ if (dataoff > section->size ++ || size > section->size ++ || dataoff + size > section->size) + { + _bfd_error_handler (_("%B: Error: Debug Data ends beyond end of debug directory."), + abfd); +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-10-31 Nick Clifton <nickc@redhat.com> ++ ++ PR 22373 ++ * peicode.h (pe_bfd_read_buildid): Check for invalid size and data ++ offset values. ++ + 2017-11-03 Mingi Cho <mgcho.minic@gmail.com> + Nick Clifton <nickc@redhat.com> + diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch new file mode 100644 index 0000000000..611a276def --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch @@ -0,0 +1,78 @@ +From 80a0437873045cc08753fcac4af154e2931a99fd Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Thu, 16 Nov 2017 14:53:32 +0000 +Subject: [PATCH] Prevent illegal memory accesses when parsing incorrecctly + formated core notes. + + PR 22421 + * elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough. + (elfcore_grok_openbsd_procinfo): Likewise. + (elfcore_grok_nto_status): Likewise. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-17080 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/elf.c | 10 ++++++++++ + 2 files changed, 17 insertions(+) + +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c ++++ git/bfd/elf.c +@@ -9862,6 +9862,7 @@ elfcore_grok_freebsd_psinfo (bfd *abfd, + /* Check for version 1 in pr_version. */ + if (bfd_h_get_32 (abfd, (bfd_byte *) note->descdata) != 1) + return FALSE; ++ + offset = 4; + + /* Skip over pr_psinfosz. */ +@@ -10030,6 +10031,9 @@ elfcore_netbsd_get_lwpid (Elf_Internal_N + static bfd_boolean + elfcore_grok_netbsd_procinfo (bfd *abfd, Elf_Internal_Note *note) + { ++ if (note->descsz <= 0x7c + 31) ++ return FALSE; ++ + /* Signal number at offset 0x08. */ + elf_tdata (abfd)->core->signal + = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08); +@@ -10114,6 +10118,9 @@ elfcore_grok_netbsd_note (bfd *abfd, Elf + static bfd_boolean + elfcore_grok_openbsd_procinfo (bfd *abfd, Elf_Internal_Note *note) + { ++ if (note->descsz <= 0x48 + 31) ++ return FALSE; ++ + /* Signal number at offset 0x08. */ + elf_tdata (abfd)->core->signal + = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08); +@@ -10185,6 +10192,9 @@ elfcore_grok_nto_status (bfd *abfd, Elf_ + short sig; + unsigned flags; + ++ if (note->descsz < 16) ++ return FALSE; ++ + /* nto_procfs_status 'pid' field is at offset 0. */ + elf_tdata (abfd)->core->pid = bfd_get_32 (abfd, (bfd_byte *) ddata); + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-11-16 Nick Clifton <nickc@redhat.com> ++ ++ PR 22421 ++ * elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough. ++ (elfcore_grok_openbsd_procinfo): Likewise. ++ (elfcore_grok_nto_status): Likewise. ++ + 2017-10-31 Nick Clifton <nickc@redhat.com> + + PR 22373 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17121.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17121.patch new file mode 100644 index 0000000000..4b675f7b72 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17121.patch @@ -0,0 +1,366 @@ +From b23dc97fe237a1d9e850d7cbeee066183a00630b Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 28 Nov 2017 13:20:31 +0000 +Subject: [PATCH] Fix a memory access violation when attempting to parse a + corrupt COFF binary with a relocation that points beyond the end of the + section to be relocated. + + PR 22506 + * reloc.c (reloc_offset_in_range): Rename to + bfd_reloc_offset_in_range and export. + (bfd_perform_relocation): Rename function invocation. + (bfd_install_relocation): Likewise. + (bfd_final_link_relocate): Likewise. + * bfd-in2.h: Regenerate. + * coff-arm.c (coff_arm_reloc): Use bfd_reloc_offset_in_range. + * coff-i386.c (coff_i386_reloc): Likewise. + * coff-i860.c (coff_i860_reloc): Likewise. + * coff-m68k.c (mk68kcoff_common_addend_special_fn): Likewise. + * coff-m88k.c (m88k_special_reloc): Likewise. + * coff-mips.c (mips_reflo_reloc): Likewise. + * coff-x86_64.c (coff_amd64_reloc): Likewise. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-17121 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 17 +++++++++++++++ + bfd/bfd-in2.h | 6 +++++ + bfd/coff-arm.c | 65 ++++++++++++++++++++++++++++++------------------------- + bfd/coff-i386.c | 5 +++++ + bfd/coff-i860.c | 5 +++++ + bfd/coff-m68k.c | 5 +++++ + bfd/coff-m88k.c | 9 +++++++- + bfd/coff-mips.c | 6 +++++ + bfd/coff-x86_64.c | 16 +++++--------- + bfd/reloc.c | 40 +++++++++++++++++++++++++++++----- + 10 files changed, 126 insertions(+), 48 deletions(-) + +Index: git/bfd/bfd-in2.h +=================================================================== +--- git.orig/bfd/bfd-in2.h ++++ git/bfd/bfd-in2.h +@@ -2661,6 +2661,12 @@ bfd_reloc_status_type bfd_check_overflow + unsigned int addrsize, + bfd_vma relocation); + ++bfd_boolean bfd_reloc_offset_in_range ++ (reloc_howto_type *howto, ++ bfd *abfd, ++ asection *section, ++ bfd_size_type offset); ++ + bfd_reloc_status_type bfd_perform_relocation + (bfd *abfd, + arelent *reloc_entry, +Index: git/bfd/coff-arm.c +=================================================================== +--- git.orig/bfd/coff-arm.c ++++ git/bfd/coff-arm.c +@@ -109,41 +109,46 @@ coff_arm_reloc (bfd *abfd, + x = ((x & ~howto->dst_mask) \ + | (((x & howto->src_mask) + diff) & howto->dst_mask)) + +- if (diff != 0) +- { +- reloc_howto_type *howto = reloc_entry->howto; +- unsigned char *addr = (unsigned char *) data + reloc_entry->address; ++ if (diff != 0) ++ { ++ reloc_howto_type *howto = reloc_entry->howto; ++ unsigned char *addr = (unsigned char *) data + reloc_entry->address; ++ ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ ++ switch (howto->size) ++ { ++ case 0: ++ { ++ char x = bfd_get_8 (abfd, addr); ++ DOIT (x); ++ bfd_put_8 (abfd, x, addr); ++ } ++ break; + +- switch (howto->size) ++ case 1: + { +- case 0: +- { +- char x = bfd_get_8 (abfd, addr); +- DOIT (x); +- bfd_put_8 (abfd, x, addr); +- } +- break; +- +- case 1: +- { +- short x = bfd_get_16 (abfd, addr); +- DOIT (x); +- bfd_put_16 (abfd, (bfd_vma) x, addr); +- } +- break; +- +- case 2: +- { +- long x = bfd_get_32 (abfd, addr); +- DOIT (x); +- bfd_put_32 (abfd, (bfd_vma) x, addr); +- } +- break; ++ short x = bfd_get_16 (abfd, addr); ++ DOIT (x); ++ bfd_put_16 (abfd, (bfd_vma) x, addr); ++ } ++ break; + +- default: +- abort (); ++ case 2: ++ { ++ long x = bfd_get_32 (abfd, addr); ++ DOIT (x); ++ bfd_put_32 (abfd, (bfd_vma) x, addr); + } +- } ++ break; ++ ++ default: ++ abort (); ++ } ++ } + + /* Now let bfd_perform_relocation finish everything up. */ + return bfd_reloc_continue; +Index: git/bfd/coff-i386.c +=================================================================== +--- git.orig/bfd/coff-i386.c ++++ git/bfd/coff-i386.c +@@ -144,6 +144,11 @@ coff_i386_reloc (bfd *abfd, + reloc_howto_type *howto = reloc_entry->howto; + unsigned char *addr = (unsigned char *) data + reloc_entry->address; + ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ + switch (howto->size) + { + case 0: +Index: git/bfd/coff-i860.c +=================================================================== +--- git.orig/bfd/coff-i860.c ++++ git/bfd/coff-i860.c +@@ -95,6 +95,11 @@ coff_i860_reloc (bfd *abfd, + reloc_howto_type *howto = reloc_entry->howto; + unsigned char *addr = (unsigned char *) data + reloc_entry->address; + ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ + switch (howto->size) + { + case 0: +Index: git/bfd/coff-m68k.c +=================================================================== +--- git.orig/bfd/coff-m68k.c ++++ git/bfd/coff-m68k.c +@@ -305,6 +305,11 @@ m68kcoff_common_addend_special_fn (bfd * + reloc_howto_type *howto = reloc_entry->howto; + unsigned char *addr = (unsigned char *) data + reloc_entry->address; + ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ + switch (howto->size) + { + case 0: +Index: git/bfd/coff-m88k.c +=================================================================== +--- git.orig/bfd/coff-m88k.c ++++ git/bfd/coff-m88k.c +@@ -72,10 +72,17 @@ m88k_special_reloc (bfd *abfd, + { + bfd_vma output_base = 0; + bfd_vma addr = reloc_entry->address; +- bfd_vma x = bfd_get_16 (abfd, (bfd_byte *) data + addr); ++ bfd_vma x; + asection *reloc_target_output_section; + long relocation = 0; + ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ ++ x = bfd_get_16 (abfd, (bfd_byte *) data + addr); ++ + /* Work out which section the relocation is targeted at and the + initial relocation command value. */ + +Index: git/bfd/coff-mips.c +=================================================================== +--- git.orig/bfd/coff-mips.c ++++ git/bfd/coff-mips.c +@@ -504,6 +504,12 @@ mips_reflo_reloc (bfd *abfd ATTRIBUTE_UN + unsigned long vallo; + struct mips_hi *next; + ++ if (! bfd_reloc_offset_in_range (reloc_entry->howto, abfd, ++ input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ + /* Do the REFHI relocation. Note that we actually don't + need to know anything about the REFLO itself, except + where to find the low 16 bits of the addend needed by the +Index: git/bfd/coff-x86_64.c +=================================================================== +--- git.orig/bfd/coff-x86_64.c ++++ git/bfd/coff-x86_64.c +@@ -143,16 +143,10 @@ coff_amd64_reloc (bfd *abfd, + reloc_howto_type *howto = reloc_entry->howto; + unsigned char *addr = (unsigned char *) data + reloc_entry->address; + +- /* FIXME: We do not have an end address for data, so we cannot +- accurately range check any addresses computed against it. +- cf: PR binutils/17512: file: 1085-1761-0.004. +- For now we do the best that we can. */ +- if (addr < (unsigned char *) data +- || addr > ((unsigned char *) data) + input_section->size) +- { +- bfd_set_error (bfd_error_bad_value); +- return bfd_reloc_notsupported; +- } ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; + + switch (howto->size) + { +Index: git/bfd/reloc.c +=================================================================== +--- git.orig/bfd/reloc.c ++++ git/bfd/reloc.c +@@ -538,12 +538,31 @@ bfd_check_overflow (enum complain_overfl + return flag; + } + ++/* ++FUNCTION ++ bfd_reloc_offset_in_range ++ ++SYNOPSIS ++ bfd_boolean bfd_reloc_offset_in_range ++ (reloc_howto_type *howto, ++ bfd *abfd, ++ asection *section, ++ bfd_size_type offset); ++ ++DESCRIPTION ++ Returns TRUE if the reloc described by @var{HOWTO} can be ++ applied at @var{OFFSET} octets in @var{SECTION}. ++ ++*/ ++ + /* HOWTO describes a relocation, at offset OCTET. Return whether the + relocation field is within SECTION of ABFD. */ + +-static bfd_boolean +-reloc_offset_in_range (reloc_howto_type *howto, bfd *abfd, +- asection *section, bfd_size_type octet) ++bfd_boolean ++bfd_reloc_offset_in_range (reloc_howto_type *howto, ++ bfd *abfd, ++ asection *section, ++ bfd_size_type octet) + { + bfd_size_type octet_end = bfd_get_section_limit_octets (abfd, section); + bfd_size_type reloc_size = bfd_get_reloc_size (howto); +@@ -617,6 +636,11 @@ bfd_perform_relocation (bfd *abfd, + if (howto && howto->special_function) + { + bfd_reloc_status_type cont; ++ ++ /* Note - we do not call bfd_reloc_offset_in_range here as the ++ reloc_entry->address field might actually be valid for the ++ backend concerned. It is up to the special_function itself ++ to call bfd_reloc_offset_in_range if needed. */ + cont = howto->special_function (abfd, reloc_entry, symbol, data, + input_section, output_bfd, + error_message); +@@ -637,7 +661,7 @@ bfd_perform_relocation (bfd *abfd, + + /* Is the address of the relocation really within the section? */ + octets = reloc_entry->address * bfd_octets_per_byte (abfd); +- if (!reloc_offset_in_range (howto, abfd, input_section, octets)) ++ if (!bfd_reloc_offset_in_range (howto, abfd, input_section, octets)) + return bfd_reloc_outofrange; + + /* Work out which section the relocation is targeted at and the +@@ -1003,6 +1027,10 @@ bfd_install_relocation (bfd *abfd, + { + bfd_reloc_status_type cont; + ++ /* Note - we do not call bfd_reloc_offset_in_range here as the ++ reloc_entry->address field might actually be valid for the ++ backend concerned. It is up to the special_function itself ++ to call bfd_reloc_offset_in_range if needed. */ + /* XXX - The special_function calls haven't been fixed up to deal + with creating new relocations and section contents. */ + cont = howto->special_function (abfd, reloc_entry, symbol, +@@ -1025,7 +1053,7 @@ bfd_install_relocation (bfd *abfd, + + /* Is the address of the relocation really within the section? */ + octets = reloc_entry->address * bfd_octets_per_byte (abfd); +- if (!reloc_offset_in_range (howto, abfd, input_section, octets)) ++ if (!bfd_reloc_offset_in_range (howto, abfd, input_section, octets)) + return bfd_reloc_outofrange; + + /* Work out which section the relocation is targeted at and the +@@ -1363,7 +1391,7 @@ _bfd_final_link_relocate (reloc_howto_ty + bfd_size_type octets = address * bfd_octets_per_byte (input_bfd); + + /* Sanity check the address. */ +- if (!reloc_offset_in_range (howto, input_bfd, input_section, octets)) ++ if (!bfd_reloc_offset_in_range (howto, input_bfd, input_section, octets)) + return bfd_reloc_outofrange; + + /* This function assumes that we are dealing with a basic relocation +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,20 @@ ++2017-11-28 Nick Clifton <nickc@redhat.com> ++ ++ PR 22506 ++ * reloc.c (reloc_offset_in_range): Rename to ++ bfd_reloc_offset_in_range and export. ++ (bfd_perform_relocation): Rename function invocation. ++ (bfd_install_relocation): Likewise. ++ (bfd_final_link_relocate): Likewise. ++ * bfd-in2.h: Regenerate. ++ * coff-arm.c (coff_arm_reloc): Use bfd_reloc_offset_in_range. ++ * coff-i386.c (coff_i386_reloc): Likewise. ++ * coff-i860.c (coff_i860_reloc): Likewise. ++ * coff-m68k.c (mk68kcoff_common_addend_special_fn): Likewise. ++ * coff-m88k.c (m88k_special_reloc): Likewise. ++ * coff-mips.c (mips_reflo_reloc): Likewise. ++ * coff-x86_64.c (coff_amd64_reloc): Likewise. ++ + 2017-11-16 Nick Clifton <nickc@redhat.com> + + PR 22421 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch new file mode 100644 index 0000000000..5ae749bcca --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch @@ -0,0 +1,58 @@ +From d785b7d4b877ed465d04072e17ca19d0f47d840f Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 29 Nov 2017 12:40:43 +0000 +Subject: [PATCH] Stop objdump from attempting to allocate a huge chunk of + memory when parsing relocs in a corrupt file. + + PR 22508 + * objdump.c (dump_relocs_in_section): Also check the section's + relocation count to make sure that it is reasonable before + attempting to allocate space for the relocs. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-17122 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 7 +++++++ + binutils/objdump.c | 11 ++++++++++- + 2 files changed, 17 insertions(+), 1 deletion(-) + +Index: git/binutils/objdump.c +=================================================================== +--- git.orig/binutils/objdump.c ++++ git/binutils/objdump.c +@@ -3381,7 +3381,16 @@ dump_relocs_in_section (bfd *abfd, + } + + if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0 +- && (ufile_ptr) relsize > bfd_get_file_size (abfd)) ++ && (((ufile_ptr) relsize > bfd_get_file_size (abfd)) ++ /* Also check the section's reloc count since if this is negative ++ (or very large) the computation in bfd_get_reloc_upper_bound ++ may have resulted in returning a small, positive integer. ++ See PR 22508 for a reproducer. ++ ++ Note - we check against file size rather than section size as ++ it is possible for there to be more relocs that apply to a ++ section than there are bytes in that section. */ ++ || (section->reloc_count > bfd_get_file_size (abfd)))) + { + printf (" (too many: 0x%x)\n", section->reloc_count); + bfd_set_error (bfd_error_file_truncated); +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,10 @@ ++2017-11-29 Nick Clifton <nickc@redhat.com> ++ ++ PR 22508 ++ * objdump.c (dump_relocs_in_section): Also check the section's ++ relocation count to make sure that it is reasonable before ++ attempting to allocate space for the relocs. ++ + 2017-11-02 Mingi Cho <mgcho.minic@gmail.com> + + PR 22384 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17123.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17123.patch new file mode 100644 index 0000000000..08412108da --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17123.patch @@ -0,0 +1,33 @@ +From 4581a1c7d304ce14e714b27522ebf3d0188d6543 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 29 Nov 2017 17:12:12 +0000 +Subject: [PATCH] Check for a NULL symbol pointer when reading relocs from a + COFF based file. + + PR 22509 + * coffcode.h (coff_slurp_reloc_table): Check for a NULL symbol + pointer when processing relocs. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-17123 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/coffcode.h | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +Index: git/bfd/coffcode.h +=================================================================== +--- git.orig/bfd/coffcode.h ++++ git/bfd/coffcode.h +@@ -5326,7 +5326,7 @@ coff_slurp_reloc_table (bfd * abfd, sec_ + #else + cache_ptr->address = dst.r_vaddr; + +- if (dst.r_symndx != -1) ++ if (dst.r_symndx != -1 && symbols != NULL) + { + if (dst.r_symndx < 0 || dst.r_symndx >= obj_conv_table_size (abfd)) + { diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17124.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17124.patch new file mode 100644 index 0000000000..16f0768d95 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17124.patch @@ -0,0 +1,47 @@ +From b0029dce6867de1a2828293177b0e030d2f0f03c Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 28 Nov 2017 18:00:29 +0000 +Subject: [PATCH] Prevent a memory exhaustion problem when trying to read in + strings from a COFF binary with a corrupt string table size. + + PR 22507 + * coffgen.c (_bfd_coff_read_string_table): Check for an excessive + size of the external string table. + +Upstream-Status: Backport +Affects binutls <= 2.29.1 +CVE: CVE-2017-17124 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/coffgen.c | 4 ++-- + 2 files changed, 8 insertions(+), 2 deletions(-) + +Index: git/bfd/coffgen.c +=================================================================== +--- git.orig/bfd/coffgen.c ++++ git/bfd/coffgen.c +@@ -1709,7 +1709,7 @@ _bfd_coff_read_string_table (bfd *abfd) + #endif + } + +- if (strsize < STRING_SIZE_SIZE) ++ if (strsize < STRING_SIZE_SIZE || strsize > bfd_get_file_size (abfd)) + { + _bfd_error_handler + /* xgettext: c-format */ +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-11-28 Nick Clifton <nickc@redhat.com> ++ ++ PR 22507 ++ * coffgen.c (_bfd_coff_read_string_table): Check for an excessive ++ size of the external string table. ++ + 2018-03-28 Eric Botcazou <ebotcazou@adacore.com> + + PR ld/22972 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch new file mode 100644 index 0000000000..30dc6d5727 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch @@ -0,0 +1,129 @@ +From 160b1a618ad94988410dc81fce9189fcda5b7ff4 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sat, 18 Nov 2017 23:18:22 +1030 +Subject: [PATCH] PR22443, Global buffer overflow in + _bfd_elf_get_symbol_version_string + +Symbols like *ABS* defined in bfd/section.c:global_syms are not +elf_symbol_type. They can appear on relocs and perhaps other places +in an ELF bfd, so a number of places in nm.c and objdump.c are wrong +to cast an asymbol based on the bfd being ELF. I think we lose +nothing by excluding all section symbols, not just the global_syms. + + PR 22443 + * nm.c (sort_symbols_by_size): Don't attempt to access + section symbol internal_elf_sym. + (print_symbol): Likewise. Don't call bfd_get_symbol_version_string + for section symbols. + * objdump.c (compare_symbols): Don't attempt to access + section symbol internal_elf_sym. + (objdump_print_symname): Don't call bfd_get_symbol_version_string + for section symbols. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-17125 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 12 ++++++++++++ + binutils/nm.c | 17 ++++++++++------- + binutils/objdump.c | 6 +++--- + 3 files changed, 25 insertions(+), 10 deletions(-) + +Index: git/binutils/nm.c +=================================================================== +--- git.orig/binutils/nm.c ++++ git/binutils/nm.c +@@ -765,7 +765,6 @@ sort_symbols_by_size (bfd *abfd, bfd_boo + asection *sec; + bfd_vma sz; + asymbol *temp; +- int synthetic = (sym->flags & BSF_SYNTHETIC); + + if (from + size < fromend) + { +@@ -782,10 +781,13 @@ sort_symbols_by_size (bfd *abfd, bfd_boo + sec = bfd_get_section (sym); + + /* Synthetic symbols don't have a full type set of data available, thus +- we can't rely on that information for the symbol size. */ +- if (!synthetic && bfd_get_flavour (abfd) == bfd_target_elf_flavour) ++ we can't rely on that information for the symbol size. Ditto for ++ bfd/section.c:global_syms like *ABS*. */ ++ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0 ++ && bfd_get_flavour (abfd) == bfd_target_elf_flavour) + sz = ((elf_symbol_type *) sym)->internal_elf_sym.st_size; +- else if (!synthetic && bfd_is_com_section (sec)) ++ else if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0 ++ && bfd_is_com_section (sec)) + sz = sym->value; + else + { +@@ -874,8 +876,9 @@ print_symbol (bfd * abfd, + + info.sinfo = &syminfo; + info.ssize = ssize; +- /* Synthetic symbols do not have a full symbol type set of data available. */ +- if ((sym->flags & BSF_SYNTHETIC) != 0) ++ /* Synthetic symbols do not have a full symbol type set of data available. ++ Nor do bfd/section.c:global_syms like *ABS*. */ ++ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) != 0) + { + info.elfinfo = NULL; + info.coffinfo = NULL; +@@ -893,7 +896,7 @@ print_symbol (bfd * abfd, + const char * version_string = NULL; + bfd_boolean hidden = FALSE; + +- if ((sym->flags & BSF_SYNTHETIC) == 0) ++ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) + version_string = bfd_get_symbol_version_string (abfd, sym, &hidden); + + if (bfd_is_und_section (bfd_get_section (sym))) +Index: git/binutils/objdump.c +=================================================================== +--- git.orig/binutils/objdump.c ++++ git/binutils/objdump.c +@@ -799,10 +799,10 @@ compare_symbols (const void *ap, const v + bfd_vma asz, bsz; + + asz = 0; +- if ((a->flags & BSF_SYNTHETIC) == 0) ++ if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) + asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size; + bsz = 0; +- if ((b->flags & BSF_SYNTHETIC) == 0) ++ if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) + bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size; + if (asz != bsz) + return asz > bsz ? -1 : 1; +@@ -888,7 +888,7 @@ objdump_print_symname (bfd *abfd, struct + name = alloc; + } + +- if ((sym->flags & BSF_SYNTHETIC) == 0) ++ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) + version_string = bfd_get_symbol_version_string (abfd, sym, &hidden); + + if (bfd_is_und_section (bfd_get_section (sym))) +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,15 @@ ++2017-11-18 Alan Modra <amodra@gmail.com> ++ ++ PR 22443 ++ * nm.c (sort_symbols_by_size): Don't attempt to access ++ section symbol internal_elf_sym. ++ (print_symbol): Likewise. Don't call bfd_get_symbol_version_string ++ for section symbols. ++ * objdump.c (compare_symbols): Don't attempt to access ++ section symbol internal_elf_sym. ++ (objdump_print_symname): Don't call bfd_get_symbol_version_string ++ for section symbols. ++ + 2017-11-29 Nick Clifton <nickc@redhat.com> + + PR 22508 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch new file mode 100644 index 0000000000..caaaf2317e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch @@ -0,0 +1,58 @@ +From 6aea08d9f3e3d6475a65454da488a0c51f5dc97d Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 17 Apr 2018 12:35:55 +0100 +Subject: [PATCH] Fix illegal memory access when parsing corrupt DWARF + information. + + PR 23064 + * dwarf.c (process_cu_tu_index): Test for a potential buffer + overrun before copying signature pointer. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-10372 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 6 ++++++ + binutils/dwarf.c | 13 ++++++++++++- + 2 files changed, 18 insertions(+), 1 deletion(-) + +Index: git/binutils/dwarf.c +=================================================================== +--- git.orig/binutils/dwarf.c ++++ git/binutils/dwarf.c +@@ -8526,7 +8526,18 @@ process_cu_tu_index (struct dwarf_sectio + } + + if (!do_display) +- memcpy (&this_set[row - 1].signature, ph, sizeof (uint64_t)); ++ { ++ size_t num_copy = sizeof (uint64_t); ++ ++ /* PR 23064: Beware of buffer overflow. */ ++ if (ph + num_copy < limit) ++ memcpy (&this_set[row - 1].signature, ph, num_copy); ++ else ++ { ++ warn (_("Signature (%p) extends beyond end of space in section\n"), ph); ++ return 0; ++ } ++ } + + prow = poffsets + (row - 1) * ncols * 4; + /* PR 17531: file: b8ce60a8. */ +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,9 @@ ++2018-04-17 Nick Clifton <nickc@redhat.com> ++ ++ PR 23064 ++ * dwarf.c (process_cu_tu_index): Test for a potential buffer ++ overrun before copying signature pointer. ++ + 2017-11-18 Alan Modra <amodra@gmail.com> + + PR 22443 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch new file mode 100644 index 0000000000..963d767f84 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch @@ -0,0 +1,45 @@ +From 6327533b1fd29fa86f6bf34e61c332c010e3c689 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 17 Apr 2018 14:30:07 +0100 +Subject: [PATCH] Add a check for a NULL table pointer before attempting to + compute a DWARF filename. + + PR 23065 + * dwarf2.c (concat_filename): Check for a NULL table pointer. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-10373 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/dwarf2.c | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -1587,7 +1587,7 @@ concat_filename (struct line_info_table + { + char *filename; + +- if (file - 1 >= table->num_files) ++ if (table == NULL || file - 1 >= table->num_files) + { + /* FILE == 0 means unknown. */ + if (file) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,8 @@ ++2018-04-17 Nick Clifton <nickc@redhat.com> ++ ++ PR 23065 ++ * dwarf2.c (concat_filename): Check for a NULL table pointer. ++ + 2017-11-28 Nick Clifton <nickc@redhat.com> + + PR 22506 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch new file mode 100644 index 0000000000..27e86285a2 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch @@ -0,0 +1,2443 @@ +From aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 24 Apr 2018 16:31:27 +0100 +Subject: [PATCH] Fix an illegal memory access when copying a PE format file + with corrupt debug information. + + PR 23110 + * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for + a negative PE_DEBUG_DATA size before iterating over the debug data. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-10534 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 + + bfd/peXXigen.c | 9 + + bfd/po/bfd.pot | 5631 ++++++++++++++++++++++++++------------------------------ + 3 files changed, 2662 insertions(+), 2984 deletions(-) + +Index: git/bfd/peXXigen.c +=================================================================== +--- git.orig/bfd/peXXigen.c ++++ git/bfd/peXXigen.c +@@ -2991,6 +2991,15 @@ _bfd_XX_bfd_copy_private_bfd_data_common + bfd_get_section_size (section) - (addr - section->vma)); + return FALSE; + } ++ /* PR 23110. */ ++ else if (ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size < 0) ++ { ++ /* xgettext:c-format */ ++ _bfd_error_handler ++ (_("%pB: Data Directory size (%#lx) is negative"), ++ obfd, ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size); ++ return FALSE; ++ } + + for (i = 0; i < ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size + / sizeof (struct external_IMAGE_DEBUG_DIRECTORY); i++) +Index: git/bfd/po/bfd.pot +=================================================================== +--- git.orig/bfd/po/bfd.pot ++++ git/bfd/po/bfd.pot +@@ -6119,1961 +6119,1932 @@ msgstr "" + #. Rotate. + #. Redefine symbol to current location. + #. Define a literal. +-#: vms-alpha.c:2115 vms-alpha.c:2146 vms-alpha.c:2237 vms-alpha.c:2395 ++#: vms-alpha.c:2116 vms-alpha.c:2147 vms-alpha.c:2238 vms-alpha.c:2396 + #, c-format + msgid "%s: not supported" + msgstr "" + +-#: vms-alpha.c:2121 ++#: vms-alpha.c:2122 + #, c-format + msgid "%s: not implemented" + msgstr "" + +-#: vms-alpha.c:2379 ++#: vms-alpha.c:2380 + #, c-format + msgid "invalid use of %s with contexts" + msgstr "" + +-#: vms-alpha.c:2413 ++#: vms-alpha.c:2414 + #, c-format + msgid "reserved cmd %d" + msgstr "" + +-#: vms-alpha.c:2497 +-msgid "Corrupt EEOM record - size is too small" ++#: vms-alpha.c:2498 ++msgid "corrupt EEOM record - size is too small" + msgstr "" + +-#: vms-alpha.c:2506 +-msgid "Object module NOT error-free !\n" ++#: vms-alpha.c:2507 ++msgid "object module not error-free !" + msgstr "" + +-#: vms-alpha.c:3830 ++#: vms-alpha.c:3831 + #, c-format +-msgid "SEC_RELOC with no relocs in section %A" ++msgid "SEC_RELOC with no relocs in section %pA" + msgstr "" + +-#: vms-alpha.c:3882 vms-alpha.c:4095 ++#: vms-alpha.c:3883 vms-alpha.c:4096 + #, c-format +-msgid "Size error in section %A" ++msgid "size error in section %pA" + msgstr "" + +-#: vms-alpha.c:4041 +-msgid "Spurious ALPHA_R_BSR reloc" ++#: vms-alpha.c:4042 ++msgid "spurious ALPHA_R_BSR reloc" + msgstr "" + +-#: vms-alpha.c:4082 ++#: vms-alpha.c:4083 + #, c-format +-msgid "Unhandled relocation %s" ++msgid "unhandled relocation %s" + msgstr "" + +-#: vms-alpha.c:4375 ++#: vms-alpha.c:4376 + #, c-format + msgid "unknown source command %d" + msgstr "" + +-#: vms-alpha.c:4436 +-msgid "DST__K_SET_LINUM_INCR not implemented" +-msgstr "" +- +-#: vms-alpha.c:4442 +-msgid "DST__K_SET_LINUM_INCR_W not implemented" +-msgstr "" +- +-#: vms-alpha.c:4448 +-msgid "DST__K_RESET_LINUM_INCR not implemented" +-msgstr "" +- +-#: vms-alpha.c:4454 +-msgid "DST__K_BEG_STMT_MODE not implemented" +-msgstr "" +- +-#: vms-alpha.c:4460 +-msgid "DST__K_END_STMT_MODE not implemented" +-msgstr "" +- +-#: vms-alpha.c:4487 +-msgid "DST__K_SET_PC not implemented" +-msgstr "" +- +-#: vms-alpha.c:4493 +-msgid "DST__K_SET_PC_W not implemented" +-msgstr "" +- +-#: vms-alpha.c:4499 +-msgid "DST__K_SET_PC_L not implemented" +-msgstr "" +- +-#: vms-alpha.c:4505 +-msgid "DST__K_SET_STMTNUM not implemented" ++#: vms-alpha.c:4437 vms-alpha.c:4443 vms-alpha.c:4449 vms-alpha.c:4455 ++#: vms-alpha.c:4461 vms-alpha.c:4488 vms-alpha.c:4494 vms-alpha.c:4500 ++#: vms-alpha.c:4506 ++#, c-format ++msgid "%s not implemented" + msgstr "" + +-#: vms-alpha.c:4548 ++#: vms-alpha.c:4549 + #, c-format + msgid "unknown line command %d" + msgstr "" + +-#: vms-alpha.c:5008 vms-alpha.c:5026 vms-alpha.c:5041 vms-alpha.c:5057 +-#: vms-alpha.c:5070 vms-alpha.c:5082 vms-alpha.c:5095 ++#: vms-alpha.c:5009 vms-alpha.c:5027 vms-alpha.c:5042 vms-alpha.c:5058 ++#: vms-alpha.c:5071 vms-alpha.c:5083 vms-alpha.c:5096 + #, c-format +-msgid "Unknown reloc %s + %s" ++msgid "unknown reloc %s + %s" + msgstr "" + +-#: vms-alpha.c:5150 ++#: vms-alpha.c:5151 + #, c-format +-msgid "Unknown reloc %s" ++msgid "unknown reloc %s" + msgstr "" + +-#: vms-alpha.c:5163 +-msgid "Invalid section index in ETIR" ++#: vms-alpha.c:5164 ++msgid "invalid section index in ETIR" + msgstr "" + +-#: vms-alpha.c:5172 +-msgid "Relocation for non-REL psect" ++#: vms-alpha.c:5173 ++msgid "relocation for non-REL psect" + msgstr "" + +-#: vms-alpha.c:5219 ++#: vms-alpha.c:5220 + #, c-format +-msgid "Unknown symbol in command %s" ++msgid "unknown symbol in command %s" + msgstr "" + +-#: vms-alpha.c:5629 ++#: vms-alpha.c:5630 + #, c-format + msgid "reloc (%d) is *UNKNOWN*" + msgstr "" + +-#: vms-alpha.c:5745 ++#: vms-alpha.c:5746 + #, c-format + msgid " EMH %u (len=%u): " + msgstr "" + +-#: vms-alpha.c:5750 ++#: vms-alpha.c:5751 + #, c-format + msgid " Error: The length is less than the length of an EMH record\n" + msgstr "" + +-#: vms-alpha.c:5767 ++#: vms-alpha.c:5768 + #, c-format + msgid "" + " Error: The record length is less than the size of an EMH_MHD record\n" + msgstr "" + +-#: vms-alpha.c:5770 ++#: vms-alpha.c:5771 + #, c-format + msgid "Module header\n" + msgstr "" + +-#: vms-alpha.c:5771 ++#: vms-alpha.c:5772 + #, c-format + msgid " structure level: %u\n" + msgstr "" + +-#: vms-alpha.c:5772 ++#: vms-alpha.c:5773 + #, c-format + msgid " max record size: %u\n" + msgstr "" + +-#: vms-alpha.c:5778 ++#: vms-alpha.c:5779 + #, c-format + msgid " Error: The module name is missing\n" + msgstr "" + +-#: vms-alpha.c:5784 ++#: vms-alpha.c:5785 + #, c-format + msgid " Error: The module name is too long\n" + msgstr "" + +-#: vms-alpha.c:5787 ++#: vms-alpha.c:5788 + #, c-format + msgid " module name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:5791 ++#: vms-alpha.c:5792 + #, c-format + msgid " Error: The module version is missing\n" + msgstr "" + +-#: vms-alpha.c:5797 ++#: vms-alpha.c:5798 + #, c-format + msgid " Error: The module version is too long\n" + msgstr "" + +-#: vms-alpha.c:5800 ++#: vms-alpha.c:5801 + #, c-format + msgid " module version : %.*s\n" + msgstr "" + +-#: vms-alpha.c:5803 ++#: vms-alpha.c:5804 + #, c-format + msgid " Error: The compile date is truncated\n" + msgstr "" + +-#: vms-alpha.c:5805 ++#: vms-alpha.c:5806 + #, c-format + msgid " compile date : %.17s\n" + msgstr "" + +-#: vms-alpha.c:5810 ++#: vms-alpha.c:5811 + #, c-format + msgid "Language Processor Name\n" + msgstr "" + +-#: vms-alpha.c:5811 ++#: vms-alpha.c:5812 + #, c-format + msgid " language name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:5815 ++#: vms-alpha.c:5816 + #, c-format + msgid "Source Files Header\n" + msgstr "" + +-#: vms-alpha.c:5816 ++#: vms-alpha.c:5817 + #, c-format + msgid " file: %.*s\n" + msgstr "" + +-#: vms-alpha.c:5820 ++#: vms-alpha.c:5821 + #, c-format + msgid "Title Text Header\n" + msgstr "" + +-#: vms-alpha.c:5821 ++#: vms-alpha.c:5822 + #, c-format + msgid " title: %.*s\n" + msgstr "" + +-#: vms-alpha.c:5825 ++#: vms-alpha.c:5826 + #, c-format + msgid "Copyright Header\n" + msgstr "" + +-#: vms-alpha.c:5826 ++#: vms-alpha.c:5827 + #, c-format + msgid " copyright: %.*s\n" + msgstr "" + +-#: vms-alpha.c:5830 ++#: vms-alpha.c:5831 + #, c-format + msgid "unhandled emh subtype %u\n" + msgstr "" + +-#: vms-alpha.c:5840 ++#: vms-alpha.c:5841 + #, c-format + msgid " EEOM (len=%u):\n" + msgstr "" + +-#: vms-alpha.c:5845 ++#: vms-alpha.c:5846 + #, c-format + msgid " Error: The length is less than the length of an EEOM record\n" + msgstr "" + +-#: vms-alpha.c:5849 ++#: vms-alpha.c:5850 + #, c-format + msgid " number of cond linkage pairs: %u\n" + msgstr "" + +-#: vms-alpha.c:5851 ++#: vms-alpha.c:5852 + #, c-format + msgid " completion code: %u\n" + msgstr "" + +-#: vms-alpha.c:5855 ++#: vms-alpha.c:5856 + #, c-format + msgid " transfer addr flags: 0x%02x\n" + msgstr "" + +-#: vms-alpha.c:5856 ++#: vms-alpha.c:5857 + #, c-format + msgid " transfer addr psect: %u\n" + msgstr "" + +-#: vms-alpha.c:5858 ++#: vms-alpha.c:5859 + #, c-format + msgid " transfer address : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:5867 ++#: vms-alpha.c:5868 + msgid " WEAK" + msgstr "" + +-#: vms-alpha.c:5869 ++#: vms-alpha.c:5870 + msgid " DEF" + msgstr "" + +-#: vms-alpha.c:5871 ++#: vms-alpha.c:5872 + msgid " UNI" + msgstr "" + +-#: vms-alpha.c:5873 vms-alpha.c:5894 ++#: vms-alpha.c:5874 vms-alpha.c:5895 + msgid " REL" + msgstr "" + +-#: vms-alpha.c:5875 ++#: vms-alpha.c:5876 + msgid " COMM" + msgstr "" + +-#: vms-alpha.c:5877 ++#: vms-alpha.c:5878 + msgid " VECEP" + msgstr "" + +-#: vms-alpha.c:5879 ++#: vms-alpha.c:5880 + msgid " NORM" + msgstr "" + +-#: vms-alpha.c:5881 ++#: vms-alpha.c:5882 + msgid " QVAL" + msgstr "" + +-#: vms-alpha.c:5888 ++#: vms-alpha.c:5889 + msgid " PIC" + msgstr "" + +-#: vms-alpha.c:5890 ++#: vms-alpha.c:5891 + msgid " LIB" + msgstr "" + +-#: vms-alpha.c:5892 ++#: vms-alpha.c:5893 + msgid " OVR" + msgstr "" + +-#: vms-alpha.c:5896 ++#: vms-alpha.c:5897 + msgid " GBL" + msgstr "" + +-#: vms-alpha.c:5898 ++#: vms-alpha.c:5899 + msgid " SHR" + msgstr "" + +-#: vms-alpha.c:5900 ++#: vms-alpha.c:5901 + msgid " EXE" + msgstr "" + +-#: vms-alpha.c:5902 ++#: vms-alpha.c:5903 + msgid " RD" + msgstr "" + +-#: vms-alpha.c:5904 ++#: vms-alpha.c:5905 + msgid " WRT" + msgstr "" + +-#: vms-alpha.c:5906 ++#: vms-alpha.c:5907 + msgid " VEC" + msgstr "" + +-#: vms-alpha.c:5908 ++#: vms-alpha.c:5909 + msgid " NOMOD" + msgstr "" + +-#: vms-alpha.c:5910 ++#: vms-alpha.c:5911 + msgid " COM" + msgstr "" + +-#: vms-alpha.c:5912 ++#: vms-alpha.c:5913 + msgid " 64B" + msgstr "" + +-#: vms-alpha.c:5921 ++#: vms-alpha.c:5922 + #, c-format + msgid " EGSD (len=%u):\n" + msgstr "" + +-#: vms-alpha.c:5934 ++#: vms-alpha.c:5935 + #, c-format + msgid " EGSD entry %2u (type: %u, len: %u): " + msgstr "" + +-#: vms-alpha.c:5940 vms-alpha.c:6191 ++#: vms-alpha.c:5941 vms-alpha.c:6192 + #, c-format + msgid " Error: length larger than remaining space in record\n" + msgstr "" + +-#: vms-alpha.c:5952 ++#: vms-alpha.c:5953 + #, c-format + msgid "PSC - Program section definition\n" + msgstr "" + +-#: vms-alpha.c:5953 vms-alpha.c:5970 ++#: vms-alpha.c:5954 vms-alpha.c:5971 + #, c-format + msgid " alignment : 2**%u\n" + msgstr "" + +-#: vms-alpha.c:5954 vms-alpha.c:5971 ++#: vms-alpha.c:5955 vms-alpha.c:5972 + #, c-format + msgid " flags : 0x%04x" + msgstr "" + +-#: vms-alpha.c:5958 ++#: vms-alpha.c:5959 + #, c-format + msgid " alloc (len): %u (0x%08x)\n" + msgstr "" + +-#: vms-alpha.c:5959 vms-alpha.c:6016 vms-alpha.c:6065 ++#: vms-alpha.c:5960 vms-alpha.c:6017 vms-alpha.c:6066 + #, c-format + msgid " name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:5969 ++#: vms-alpha.c:5970 + #, c-format + msgid "SPSC - Shared Image Program section def\n" + msgstr "" + +-#: vms-alpha.c:5975 ++#: vms-alpha.c:5976 + #, c-format + msgid " alloc (len) : %u (0x%08x)\n" + msgstr "" + +-#: vms-alpha.c:5976 ++#: vms-alpha.c:5977 + #, c-format + msgid " image offset : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:5978 ++#: vms-alpha.c:5979 + #, c-format + msgid " symvec offset : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:5980 ++#: vms-alpha.c:5981 + #, c-format + msgid " name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:5993 ++#: vms-alpha.c:5994 + #, c-format + msgid "SYM - Global symbol definition\n" + msgstr "" + +-#: vms-alpha.c:5994 vms-alpha.c:6054 vms-alpha.c:6075 vms-alpha.c:6094 ++#: vms-alpha.c:5995 vms-alpha.c:6055 vms-alpha.c:6076 vms-alpha.c:6095 + #, c-format + msgid " flags: 0x%04x" + msgstr "" + +-#: vms-alpha.c:5997 ++#: vms-alpha.c:5998 + #, c-format + msgid " psect offset: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6001 ++#: vms-alpha.c:6002 + #, c-format + msgid " code address: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6003 ++#: vms-alpha.c:6004 + #, c-format + msgid " psect index for entry point : %u\n" + msgstr "" + +-#: vms-alpha.c:6006 vms-alpha.c:6082 vms-alpha.c:6101 ++#: vms-alpha.c:6007 vms-alpha.c:6083 vms-alpha.c:6102 + #, c-format + msgid " psect index : %u\n" + msgstr "" + +-#: vms-alpha.c:6008 vms-alpha.c:6084 vms-alpha.c:6103 ++#: vms-alpha.c:6009 vms-alpha.c:6085 vms-alpha.c:6104 + #, c-format + msgid " name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:6015 ++#: vms-alpha.c:6016 + #, c-format + msgid "SYM - Global symbol reference\n" + msgstr "" + +-#: vms-alpha.c:6027 ++#: vms-alpha.c:6028 + #, c-format + msgid "IDC - Ident Consistency check\n" + msgstr "" + +-#: vms-alpha.c:6028 ++#: vms-alpha.c:6029 + #, c-format + msgid " flags : 0x%08x" + msgstr "" + +-#: vms-alpha.c:6032 ++#: vms-alpha.c:6033 + #, c-format + msgid " id match : %x\n" + msgstr "" + +-#: vms-alpha.c:6034 ++#: vms-alpha.c:6035 + #, c-format + msgid " error severity: %x\n" + msgstr "" + +-#: vms-alpha.c:6037 ++#: vms-alpha.c:6038 + #, c-format + msgid " entity name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:6039 ++#: vms-alpha.c:6040 + #, c-format + msgid " object name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:6042 ++#: vms-alpha.c:6043 + #, c-format + msgid " binary ident : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6045 ++#: vms-alpha.c:6046 + #, c-format + msgid " ascii ident : %.*s\n" + msgstr "" + +-#: vms-alpha.c:6053 ++#: vms-alpha.c:6054 + #, c-format + msgid "SYMG - Universal symbol definition\n" + msgstr "" + +-#: vms-alpha.c:6057 ++#: vms-alpha.c:6058 + #, c-format + msgid " symbol vector offset: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6059 ++#: vms-alpha.c:6060 + #, c-format + msgid " entry point: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6061 ++#: vms-alpha.c:6062 + #, c-format + msgid " proc descr : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6063 ++#: vms-alpha.c:6064 + #, c-format + msgid " psect index: %u\n" + msgstr "" + +-#: vms-alpha.c:6074 ++#: vms-alpha.c:6075 + #, c-format + msgid "SYMV - Vectored symbol definition\n" + msgstr "" + +-#: vms-alpha.c:6078 ++#: vms-alpha.c:6079 + #, c-format + msgid " vector : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6080 vms-alpha.c:6099 ++#: vms-alpha.c:6081 vms-alpha.c:6100 + #, c-format + msgid " psect offset: %u\n" + msgstr "" + +-#: vms-alpha.c:6093 ++#: vms-alpha.c:6094 + #, c-format + msgid "SYMM - Global symbol definition with version\n" + msgstr "" + +-#: vms-alpha.c:6097 ++#: vms-alpha.c:6098 + #, c-format + msgid " version mask: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6108 ++#: vms-alpha.c:6109 + #, c-format + msgid "unhandled egsd entry type %u\n" + msgstr "" + +-#: vms-alpha.c:6143 ++#: vms-alpha.c:6144 + #, c-format + msgid " linkage index: %u, replacement insn: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6147 ++#: vms-alpha.c:6148 + #, c-format + msgid " psect idx 1: %u, offset 1: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6152 ++#: vms-alpha.c:6153 + #, c-format + msgid " psect idx 2: %u, offset 2: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6158 ++#: vms-alpha.c:6159 + #, c-format + msgid " psect idx 3: %u, offset 3: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6163 ++#: vms-alpha.c:6164 + #, c-format + msgid " global name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:6174 ++#: vms-alpha.c:6175 + #, c-format + msgid " %s (len=%u+%u):\n" + msgstr "" + +-#: vms-alpha.c:6196 ++#: vms-alpha.c:6197 + #, c-format + msgid " (type: %3u, size: 4+%3u): " + msgstr "" + +-#: vms-alpha.c:6200 ++#: vms-alpha.c:6201 + #, c-format + msgid "STA_GBL (stack global) %.*s\n" + msgstr "" + +-#: vms-alpha.c:6204 ++#: vms-alpha.c:6205 + #, c-format + msgid "STA_LW (stack longword) 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6208 ++#: vms-alpha.c:6209 + #, c-format + msgid "STA_QW (stack quadword) 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6213 ++#: vms-alpha.c:6214 + #, c-format + msgid "STA_PQ (stack psect base + offset)\n" + msgstr "" + +-#: vms-alpha.c:6215 ++#: vms-alpha.c:6216 + #, c-format + msgid " psect: %u, offset: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6221 ++#: vms-alpha.c:6222 + #, c-format + msgid "STA_LI (stack literal)\n" + msgstr "" + +-#: vms-alpha.c:6224 ++#: vms-alpha.c:6225 + #, c-format + msgid "STA_MOD (stack module)\n" + msgstr "" + +-#: vms-alpha.c:6227 ++#: vms-alpha.c:6228 + #, c-format + msgid "STA_CKARG (compare procedure argument)\n" + msgstr "" + +-#: vms-alpha.c:6231 ++#: vms-alpha.c:6232 + #, c-format + msgid "STO_B (store byte)\n" + msgstr "" + +-#: vms-alpha.c:6234 ++#: vms-alpha.c:6235 + #, c-format + msgid "STO_W (store word)\n" + msgstr "" + +-#: vms-alpha.c:6237 ++#: vms-alpha.c:6238 + #, c-format + msgid "STO_LW (store longword)\n" + msgstr "" + +-#: vms-alpha.c:6240 ++#: vms-alpha.c:6241 + #, c-format + msgid "STO_QW (store quadword)\n" + msgstr "" + +-#: vms-alpha.c:6246 ++#: vms-alpha.c:6247 + #, c-format + msgid "STO_IMMR (store immediate repeat) %u bytes\n" + msgstr "" + +-#: vms-alpha.c:6253 ++#: vms-alpha.c:6254 + #, c-format + msgid "STO_GBL (store global) %.*s\n" + msgstr "" + +-#: vms-alpha.c:6257 ++#: vms-alpha.c:6258 + #, c-format + msgid "STO_CA (store code address) %.*s\n" + msgstr "" + +-#: vms-alpha.c:6261 ++#: vms-alpha.c:6262 + #, c-format + msgid "STO_RB (store relative branch)\n" + msgstr "" + +-#: vms-alpha.c:6264 ++#: vms-alpha.c:6265 + #, c-format + msgid "STO_AB (store absolute branch)\n" + msgstr "" + +-#: vms-alpha.c:6267 ++#: vms-alpha.c:6268 + #, c-format + msgid "STO_OFF (store offset to psect)\n" + msgstr "" + +-#: vms-alpha.c:6273 ++#: vms-alpha.c:6274 + #, c-format + msgid "STO_IMM (store immediate) %u bytes\n" + msgstr "" + +-#: vms-alpha.c:6280 ++#: vms-alpha.c:6281 + #, c-format + msgid "STO_GBL_LW (store global longword) %.*s\n" + msgstr "" + +-#: vms-alpha.c:6284 ++#: vms-alpha.c:6285 + #, c-format + msgid "STO_OFF (store LP with procedure signature)\n" + msgstr "" + +-#: vms-alpha.c:6287 ++#: vms-alpha.c:6288 + #, c-format + msgid "STO_BR_GBL (store branch global) *todo*\n" + msgstr "" + +-#: vms-alpha.c:6290 ++#: vms-alpha.c:6291 + #, c-format + msgid "STO_BR_PS (store branch psect + offset) *todo*\n" + msgstr "" + +-#: vms-alpha.c:6294 ++#: vms-alpha.c:6295 + #, c-format + msgid "OPR_NOP (no-operation)\n" + msgstr "" + +-#: vms-alpha.c:6297 ++#: vms-alpha.c:6298 + #, c-format + msgid "OPR_ADD (add)\n" + msgstr "" + +-#: vms-alpha.c:6300 ++#: vms-alpha.c:6301 + #, c-format + msgid "OPR_SUB (subtract)\n" + msgstr "" + +-#: vms-alpha.c:6303 ++#: vms-alpha.c:6304 + #, c-format + msgid "OPR_MUL (multiply)\n" + msgstr "" + +-#: vms-alpha.c:6306 ++#: vms-alpha.c:6307 + #, c-format + msgid "OPR_DIV (divide)\n" + msgstr "" + +-#: vms-alpha.c:6309 ++#: vms-alpha.c:6310 + #, c-format + msgid "OPR_AND (logical and)\n" + msgstr "" + +-#: vms-alpha.c:6312 ++#: vms-alpha.c:6313 + #, c-format + msgid "OPR_IOR (logical inclusive or)\n" + msgstr "" + +-#: vms-alpha.c:6315 ++#: vms-alpha.c:6316 + #, c-format + msgid "OPR_EOR (logical exclusive or)\n" + msgstr "" + +-#: vms-alpha.c:6318 ++#: vms-alpha.c:6319 + #, c-format + msgid "OPR_NEG (negate)\n" + msgstr "" + +-#: vms-alpha.c:6321 ++#: vms-alpha.c:6322 + #, c-format + msgid "OPR_COM (complement)\n" + msgstr "" + +-#: vms-alpha.c:6324 ++#: vms-alpha.c:6325 + #, c-format + msgid "OPR_INSV (insert field)\n" + msgstr "" + +-#: vms-alpha.c:6327 ++#: vms-alpha.c:6328 + #, c-format + msgid "OPR_ASH (arithmetic shift)\n" + msgstr "" + +-#: vms-alpha.c:6330 ++#: vms-alpha.c:6331 + #, c-format + msgid "OPR_USH (unsigned shift)\n" + msgstr "" + +-#: vms-alpha.c:6333 ++#: vms-alpha.c:6334 + #, c-format + msgid "OPR_ROT (rotate)\n" + msgstr "" + +-#: vms-alpha.c:6336 ++#: vms-alpha.c:6337 + #, c-format + msgid "OPR_SEL (select)\n" + msgstr "" + +-#: vms-alpha.c:6339 ++#: vms-alpha.c:6340 + #, c-format + msgid "OPR_REDEF (redefine symbol to curr location)\n" + msgstr "" + +-#: vms-alpha.c:6342 ++#: vms-alpha.c:6343 + #, c-format + msgid "OPR_REDEF (define a literal)\n" + msgstr "" + +-#: vms-alpha.c:6346 ++#: vms-alpha.c:6347 + #, c-format + msgid "STC_LP (store cond linkage pair)\n" + msgstr "" + +-#: vms-alpha.c:6350 ++#: vms-alpha.c:6351 + #, c-format + msgid "STC_LP_PSB (store cond linkage pair + signature)\n" + msgstr "" + +-#: vms-alpha.c:6352 ++#: vms-alpha.c:6353 + #, c-format + msgid " linkage index: %u, procedure: %.*s\n" + msgstr "" + +-#: vms-alpha.c:6355 ++#: vms-alpha.c:6356 + #, c-format + msgid " signature: %.*s\n" + msgstr "" + +-#: vms-alpha.c:6358 ++#: vms-alpha.c:6359 + #, c-format + msgid "STC_GBL (store cond global)\n" + msgstr "" + +-#: vms-alpha.c:6360 ++#: vms-alpha.c:6361 + #, c-format + msgid " linkage index: %u, global: %.*s\n" + msgstr "" + +-#: vms-alpha.c:6364 ++#: vms-alpha.c:6365 + #, c-format + msgid "STC_GCA (store cond code address)\n" + msgstr "" + +-#: vms-alpha.c:6366 ++#: vms-alpha.c:6367 + #, c-format + msgid " linkage index: %u, procedure name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:6370 ++#: vms-alpha.c:6371 + #, c-format + msgid "STC_PS (store cond psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6373 ++#: vms-alpha.c:6374 + #, c-format + msgid " linkage index: %u, psect: %u, offset: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6380 ++#: vms-alpha.c:6381 + #, c-format + msgid "STC_NOP_GBL (store cond NOP at global addr)\n" + msgstr "" + +-#: vms-alpha.c:6384 ++#: vms-alpha.c:6385 + #, c-format + msgid "STC_NOP_PS (store cond NOP at psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6388 ++#: vms-alpha.c:6389 + #, c-format + msgid "STC_BSR_GBL (store cond BSR at global addr)\n" + msgstr "" + +-#: vms-alpha.c:6392 ++#: vms-alpha.c:6393 + #, c-format + msgid "STC_BSR_PS (store cond BSR at psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6396 ++#: vms-alpha.c:6397 + #, c-format + msgid "STC_LDA_GBL (store cond LDA at global addr)\n" + msgstr "" + +-#: vms-alpha.c:6400 ++#: vms-alpha.c:6401 + #, c-format + msgid "STC_LDA_PS (store cond LDA at psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6404 ++#: vms-alpha.c:6405 + #, c-format + msgid "STC_BOH_GBL (store cond BOH at global addr)\n" + msgstr "" + +-#: vms-alpha.c:6408 ++#: vms-alpha.c:6409 + #, c-format + msgid "STC_BOH_PS (store cond BOH at psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6413 ++#: vms-alpha.c:6414 + #, c-format + msgid "STC_NBH_GBL (store cond or hint at global addr)\n" + msgstr "" + +-#: vms-alpha.c:6417 ++#: vms-alpha.c:6418 + #, c-format + msgid "STC_NBH_PS (store cond or hint at psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6421 ++#: vms-alpha.c:6422 + #, c-format + msgid "CTL_SETRB (set relocation base)\n" + msgstr "" + +-#: vms-alpha.c:6427 ++#: vms-alpha.c:6428 + #, c-format + msgid "CTL_AUGRB (augment relocation base) %u\n" + msgstr "" + +-#: vms-alpha.c:6431 ++#: vms-alpha.c:6432 + #, c-format + msgid "CTL_DFLOC (define location)\n" + msgstr "" + +-#: vms-alpha.c:6434 ++#: vms-alpha.c:6435 + #, c-format + msgid "CTL_STLOC (set location)\n" + msgstr "" + +-#: vms-alpha.c:6437 ++#: vms-alpha.c:6438 + #, c-format + msgid "CTL_STKDL (stack defined location)\n" + msgstr "" + +-#: vms-alpha.c:6440 vms-alpha.c:6864 vms-alpha.c:6990 ++#: vms-alpha.c:6441 vms-alpha.c:6865 vms-alpha.c:6991 + #, c-format + msgid "*unhandled*\n" + msgstr "" + +-#: vms-alpha.c:6470 vms-alpha.c:6509 ++#: vms-alpha.c:6471 vms-alpha.c:6510 + #, c-format + msgid "cannot read GST record length\n" + msgstr "" + + #. Ill-formed. +-#: vms-alpha.c:6491 ++#: vms-alpha.c:6492 + #, c-format + msgid "cannot find EMH in first GST record\n" + msgstr "" + +-#: vms-alpha.c:6517 ++#: vms-alpha.c:6518 + #, c-format + msgid "cannot read GST record header\n" + msgstr "" + +-#: vms-alpha.c:6530 ++#: vms-alpha.c:6531 + #, c-format + msgid " corrupted GST\n" + msgstr "" + +-#: vms-alpha.c:6538 ++#: vms-alpha.c:6539 + #, c-format + msgid "cannot read GST record\n" + msgstr "" + +-#: vms-alpha.c:6567 ++#: vms-alpha.c:6568 + #, c-format + msgid " unhandled EOBJ record type %u\n" + msgstr "" + +-#: vms-alpha.c:6591 ++#: vms-alpha.c:6592 + #, c-format + msgid " bitcount: %u, base addr: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6605 ++#: vms-alpha.c:6606 + #, c-format + msgid " bitmap: 0x%08x (count: %u):\n" + msgstr "" + +-#: vms-alpha.c:6612 ++#: vms-alpha.c:6613 + #, c-format + msgid " %08x" + msgstr "" + +-#: vms-alpha.c:6638 ++#: vms-alpha.c:6639 + #, c-format + msgid " image %u (%u entries)\n" + msgstr "" + +-#: vms-alpha.c:6644 ++#: vms-alpha.c:6645 + #, c-format + msgid " offset: 0x%08x, val: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6666 ++#: vms-alpha.c:6667 + #, c-format + msgid " image %u (%u entries), offsets:\n" + msgstr "" + +-#: vms-alpha.c:6673 ++#: vms-alpha.c:6674 + #, c-format + msgid " 0x%08x" + msgstr "" + + #. 64 bits. +-#: vms-alpha.c:6795 ++#: vms-alpha.c:6796 + #, c-format + msgid "64 bits *unhandled*\n" + msgstr "" + +-#: vms-alpha.c:6800 ++#: vms-alpha.c:6801 + #, c-format + msgid "class: %u, dtype: %u, length: %u, pointer: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6811 ++#: vms-alpha.c:6812 + #, c-format + msgid "non-contiguous array of %s\n" + msgstr "" + +-#: vms-alpha.c:6816 ++#: vms-alpha.c:6817 + #, c-format + msgid "dimct: %u, aflags: 0x%02x, digits: %u, scale: %u\n" + msgstr "" + +-#: vms-alpha.c:6821 ++#: vms-alpha.c:6822 + #, c-format + msgid "arsize: %u, a0: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6825 ++#: vms-alpha.c:6826 + #, c-format + msgid "Strides:\n" + msgstr "" + +-#: vms-alpha.c:6835 ++#: vms-alpha.c:6836 + #, c-format + msgid "Bounds:\n" + msgstr "" + +-#: vms-alpha.c:6841 ++#: vms-alpha.c:6842 + #, c-format + msgid "[%u]: Lower: %u, upper: %u\n" + msgstr "" + +-#: vms-alpha.c:6853 ++#: vms-alpha.c:6854 + #, c-format + msgid "unaligned bit-string of %s\n" + msgstr "" + +-#: vms-alpha.c:6858 ++#: vms-alpha.c:6859 + #, c-format + msgid "base: %u, pos: %u\n" + msgstr "" + +-#: vms-alpha.c:6879 ++#: vms-alpha.c:6880 + #, c-format + msgid "vflags: 0x%02x, value: 0x%08x " + msgstr "" + +-#: vms-alpha.c:6885 ++#: vms-alpha.c:6886 + #, c-format + msgid "(no value)\n" + msgstr "" + +-#: vms-alpha.c:6888 ++#: vms-alpha.c:6889 + #, c-format + msgid "(not active)\n" + msgstr "" + +-#: vms-alpha.c:6891 ++#: vms-alpha.c:6892 + #, c-format + msgid "(not allocated)\n" + msgstr "" + +-#: vms-alpha.c:6894 ++#: vms-alpha.c:6895 + #, c-format + msgid "(descriptor)\n" + msgstr "" + +-#: vms-alpha.c:6898 ++#: vms-alpha.c:6899 + #, c-format + msgid "(trailing value)\n" + msgstr "" + +-#: vms-alpha.c:6901 ++#: vms-alpha.c:6902 + #, c-format + msgid "(value spec follows)\n" + msgstr "" + +-#: vms-alpha.c:6904 ++#: vms-alpha.c:6905 + #, c-format + msgid "(at bit offset %u)\n" + msgstr "" + +-#: vms-alpha.c:6908 ++#: vms-alpha.c:6909 + #, c-format + msgid "(reg: %u, disp: %u, indir: %u, kind: " + msgstr "" + +-#: vms-alpha.c:6915 ++#: vms-alpha.c:6916 + msgid "literal" + msgstr "" + +-#: vms-alpha.c:6918 ++#: vms-alpha.c:6919 + msgid "address" + msgstr "" + +-#: vms-alpha.c:6921 ++#: vms-alpha.c:6922 + msgid "desc" + msgstr "" + +-#: vms-alpha.c:6924 ++#: vms-alpha.c:6925 + msgid "reg" + msgstr "" + +-#: vms-alpha.c:6941 ++#: vms-alpha.c:6942 + #, c-format + msgid "len: %2u, kind: %2u " + msgstr "" + +-#: vms-alpha.c:6947 ++#: vms-alpha.c:6948 + #, c-format + msgid "atomic, type=0x%02x %s\n" + msgstr "" + +-#: vms-alpha.c:6951 ++#: vms-alpha.c:6952 + #, c-format + msgid "indirect, defined at 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6955 ++#: vms-alpha.c:6956 + #, c-format + msgid "typed pointer\n" + msgstr "" + +-#: vms-alpha.c:6959 ++#: vms-alpha.c:6960 + #, c-format + msgid "pointer\n" + msgstr "" + +-#: vms-alpha.c:6967 ++#: vms-alpha.c:6968 + #, c-format + msgid "array, dim: %u, bitmap: " + msgstr "" + +-#: vms-alpha.c:6974 ++#: vms-alpha.c:6975 + #, c-format + msgid "array descriptor:\n" + msgstr "" + +-#: vms-alpha.c:6981 ++#: vms-alpha.c:6982 + #, c-format + msgid "type spec for element:\n" + msgstr "" + +-#: vms-alpha.c:6983 ++#: vms-alpha.c:6984 + #, c-format + msgid "type spec for subscript %u:\n" + msgstr "" + +-#: vms-alpha.c:7001 ++#: vms-alpha.c:7002 + #, c-format + msgid "Debug symbol table:\n" + msgstr "" + +-#: vms-alpha.c:7012 ++#: vms-alpha.c:7013 + #, c-format + msgid "cannot read DST header\n" + msgstr "" + +-#: vms-alpha.c:7018 ++#: vms-alpha.c:7019 + #, c-format + msgid " type: %3u, len: %3u (at 0x%08x): " + msgstr "" + +-#: vms-alpha.c:7032 ++#: vms-alpha.c:7033 + #, c-format + msgid "cannot read DST symbol\n" + msgstr "" + +-#: vms-alpha.c:7075 ++#: vms-alpha.c:7076 + #, c-format + msgid "standard data: %s\n" + msgstr "" + +-#: vms-alpha.c:7078 vms-alpha.c:7166 ++#: vms-alpha.c:7079 vms-alpha.c:7167 + #, c-format + msgid " name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7085 ++#: vms-alpha.c:7086 + #, c-format + msgid "modbeg\n" + msgstr "" + +-#: vms-alpha.c:7087 ++#: vms-alpha.c:7088 + #, c-format + msgid " flags: %d, language: %u, major: %u, minor: %u\n" + msgstr "" + +-#: vms-alpha.c:7093 vms-alpha.c:7367 ++#: vms-alpha.c:7094 vms-alpha.c:7368 + #, c-format + msgid " module name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7096 ++#: vms-alpha.c:7097 + #, c-format + msgid " compiler : %.*s\n" + msgstr "" + +-#: vms-alpha.c:7101 ++#: vms-alpha.c:7102 + #, c-format + msgid "modend\n" + msgstr "" + +-#: vms-alpha.c:7108 ++#: vms-alpha.c:7109 + msgid "rtnbeg\n" + msgstr "" + +-#: vms-alpha.c:7110 ++#: vms-alpha.c:7111 + #, c-format + msgid " flags: %u, address: 0x%08x, pd-address: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7115 ++#: vms-alpha.c:7116 + #, c-format + msgid " routine name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7123 ++#: vms-alpha.c:7124 + #, c-format + msgid "rtnend: size 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7131 ++#: vms-alpha.c:7132 + #, c-format + msgid "prolog: bkpt address 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7140 ++#: vms-alpha.c:7141 + #, c-format + msgid "epilog: flags: %u, count: %u\n" + msgstr "" + +-#: vms-alpha.c:7150 ++#: vms-alpha.c:7151 + #, c-format + msgid "blkbeg: address: 0x%08x, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7159 ++#: vms-alpha.c:7160 + #, c-format + msgid "blkend: size: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7165 ++#: vms-alpha.c:7166 + #, c-format + msgid "typspec (len: %u)\n" + msgstr "" + +-#: vms-alpha.c:7172 ++#: vms-alpha.c:7173 + #, c-format + msgid "septyp, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7181 ++#: vms-alpha.c:7182 + #, c-format + msgid "recbeg: name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7183 ++#: vms-alpha.c:7184 + #, c-format + msgid " len: %u bits\n" + msgstr "" + +-#: vms-alpha.c:7188 ++#: vms-alpha.c:7189 + #, c-format + msgid "recend\n" + msgstr "" + +-#: vms-alpha.c:7192 ++#: vms-alpha.c:7193 + #, c-format + msgid "enumbeg, len: %u, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7196 ++#: vms-alpha.c:7197 + #, c-format + msgid "enumelt, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7200 ++#: vms-alpha.c:7201 + #, c-format + msgid "enumend\n" + msgstr "" + +-#: vms-alpha.c:7205 ++#: vms-alpha.c:7206 + #, c-format + msgid "label, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7207 ++#: vms-alpha.c:7208 + #, c-format + msgid " address: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7217 ++#: vms-alpha.c:7218 + #, c-format + msgid "discontiguous range (nbr: %u)\n" + msgstr "" + +-#: vms-alpha.c:7220 ++#: vms-alpha.c:7221 + #, c-format + msgid " address: 0x%08x, size: %u\n" + msgstr "" + +-#: vms-alpha.c:7230 ++#: vms-alpha.c:7231 + #, c-format + msgid "line num (len: %u)\n" + msgstr "" + +-#: vms-alpha.c:7247 ++#: vms-alpha.c:7248 + #, c-format + msgid "delta_pc_w %u\n" + msgstr "" + +-#: vms-alpha.c:7254 ++#: vms-alpha.c:7255 + #, c-format + msgid "incr_linum(b): +%u\n" + msgstr "" + +-#: vms-alpha.c:7260 ++#: vms-alpha.c:7261 + #, c-format + msgid "incr_linum_w: +%u\n" + msgstr "" + +-#: vms-alpha.c:7266 ++#: vms-alpha.c:7267 + #, c-format + msgid "incr_linum_l: +%u\n" + msgstr "" + +-#: vms-alpha.c:7272 ++#: vms-alpha.c:7273 + #, c-format + msgid "set_line_num(w) %u\n" + msgstr "" + +-#: vms-alpha.c:7277 ++#: vms-alpha.c:7278 + #, c-format + msgid "set_line_num_b %u\n" + msgstr "" + +-#: vms-alpha.c:7282 ++#: vms-alpha.c:7283 + #, c-format + msgid "set_line_num_l %u\n" + msgstr "" + +-#: vms-alpha.c:7287 ++#: vms-alpha.c:7288 + #, c-format + msgid "set_abs_pc: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7291 ++#: vms-alpha.c:7292 + #, c-format + msgid "delta_pc_l: +0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7296 ++#: vms-alpha.c:7297 + #, c-format + msgid "term(b): 0x%02x" + msgstr "" + +-#: vms-alpha.c:7298 ++#: vms-alpha.c:7299 + #, c-format + msgid " pc: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7303 ++#: vms-alpha.c:7304 + #, c-format + msgid "term_w: 0x%04x" + msgstr "" + +-#: vms-alpha.c:7305 ++#: vms-alpha.c:7306 + #, c-format + msgid " pc: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7311 ++#: vms-alpha.c:7312 + #, c-format + msgid "delta pc +%-4d" + msgstr "" + +-#: vms-alpha.c:7315 ++#: vms-alpha.c:7316 + #, c-format + msgid " pc: 0x%08x line: %5u\n" + msgstr "" + +-#: vms-alpha.c:7320 ++#: vms-alpha.c:7321 + #, c-format + msgid " *unhandled* cmd %u\n" + msgstr "" + +-#: vms-alpha.c:7335 ++#: vms-alpha.c:7336 + #, c-format + msgid "source (len: %u)\n" + msgstr "" + +-#: vms-alpha.c:7350 ++#: vms-alpha.c:7351 + #, c-format + msgid " declfile: len: %u, flags: %u, fileid: %u\n" + msgstr "" + +-#: vms-alpha.c:7355 ++#: vms-alpha.c:7356 + #, c-format + msgid " rms: cdt: 0x%08x %08x, ebk: 0x%08x, ffb: 0x%04x, rfo: %u\n" + msgstr "" + +-#: vms-alpha.c:7364 ++#: vms-alpha.c:7365 + #, c-format + msgid " filename : %.*s\n" + msgstr "" + +-#: vms-alpha.c:7373 ++#: vms-alpha.c:7374 + #, c-format + msgid " setfile %u\n" + msgstr "" + +-#: vms-alpha.c:7378 vms-alpha.c:7383 ++#: vms-alpha.c:7379 vms-alpha.c:7384 + #, c-format + msgid " setrec %u\n" + msgstr "" + +-#: vms-alpha.c:7388 vms-alpha.c:7393 ++#: vms-alpha.c:7389 vms-alpha.c:7394 + #, c-format + msgid " setlnum %u\n" + msgstr "" + +-#: vms-alpha.c:7398 vms-alpha.c:7403 ++#: vms-alpha.c:7399 vms-alpha.c:7404 + #, c-format + msgid " deflines %u\n" + msgstr "" + +-#: vms-alpha.c:7407 ++#: vms-alpha.c:7408 + #, c-format + msgid " formfeed\n" + msgstr "" + +-#: vms-alpha.c:7411 ++#: vms-alpha.c:7412 + #, c-format + msgid " *unhandled* cmd %u\n" + msgstr "" + +-#: vms-alpha.c:7423 ++#: vms-alpha.c:7424 + #, c-format + msgid "*unhandled* dst type %u\n" + msgstr "" + +-#: vms-alpha.c:7455 ++#: vms-alpha.c:7456 + #, c-format + msgid "cannot read EIHD\n" + msgstr "" + +-#: vms-alpha.c:7459 ++#: vms-alpha.c:7460 + #, c-format + msgid "EIHD: (size: %u, nbr blocks: %u)\n" + msgstr "" + +-#: vms-alpha.c:7463 ++#: vms-alpha.c:7464 + #, c-format + msgid " majorid: %u, minorid: %u\n" + msgstr "" + +-#: vms-alpha.c:7471 ++#: vms-alpha.c:7472 + msgid "executable" + msgstr "" + +-#: vms-alpha.c:7474 ++#: vms-alpha.c:7475 + msgid "linkable image" + msgstr "" + +-#: vms-alpha.c:7481 ++#: vms-alpha.c:7482 + #, c-format + msgid " image type: %u (%s)" + msgstr "" + +-#: vms-alpha.c:7487 ++#: vms-alpha.c:7488 + msgid "native" + msgstr "" + +-#: vms-alpha.c:7490 ++#: vms-alpha.c:7491 + msgid "CLI" + msgstr "" + +-#: vms-alpha.c:7497 ++#: vms-alpha.c:7498 + #, c-format + msgid ", subtype: %u (%s)\n" + msgstr "" + +-#: vms-alpha.c:7504 ++#: vms-alpha.c:7505 + #, c-format + msgid " offsets: isd: %u, activ: %u, symdbg: %u, imgid: %u, patch: %u\n" + msgstr "" + +-#: vms-alpha.c:7508 ++#: vms-alpha.c:7509 + #, c-format + msgid " fixup info rva: " + msgstr "" + +-#: vms-alpha.c:7510 ++#: vms-alpha.c:7511 + #, c-format + msgid ", symbol vector rva: " + msgstr "" + +-#: vms-alpha.c:7513 ++#: vms-alpha.c:7514 + #, c-format + msgid "" + "\n" + " version array off: %u\n" + msgstr "" + +-#: vms-alpha.c:7518 ++#: vms-alpha.c:7519 + #, c-format + msgid " img I/O count: %u, nbr channels: %u, req pri: %08x%08x\n" + msgstr "" + +-#: vms-alpha.c:7524 ++#: vms-alpha.c:7525 + #, c-format + msgid " linker flags: %08x:" + msgstr "" + +-#: vms-alpha.c:7555 ++#: vms-alpha.c:7556 + #, c-format + msgid " ident: 0x%08x, sysver: 0x%08x, match ctrl: %u, symvect_size: %u\n" + msgstr "" + +-#: vms-alpha.c:7561 ++#: vms-alpha.c:7562 + #, c-format + msgid " BPAGE: %u" + msgstr "" + +-#: vms-alpha.c:7568 ++#: vms-alpha.c:7569 + #, c-format + msgid ", ext fixup offset: %u, no_opt psect off: %u" + msgstr "" + +-#: vms-alpha.c:7571 ++#: vms-alpha.c:7572 + #, c-format + msgid ", alias: %u\n" + msgstr "" + +-#: vms-alpha.c:7579 ++#: vms-alpha.c:7580 + #, c-format + msgid "system version array information:\n" + msgstr "" + +-#: vms-alpha.c:7583 ++#: vms-alpha.c:7584 + #, c-format + msgid "cannot read EIHVN header\n" + msgstr "" + +-#: vms-alpha.c:7593 ++#: vms-alpha.c:7594 + #, c-format + msgid "cannot read EIHVN version\n" + msgstr "" + +-#: vms-alpha.c:7596 ++#: vms-alpha.c:7597 + #, c-format + msgid " %02u " + msgstr "" + +-#: vms-alpha.c:7600 ++#: vms-alpha.c:7601 + msgid "BASE_IMAGE " + msgstr "" + +-#: vms-alpha.c:7603 ++#: vms-alpha.c:7604 + msgid "MEMORY_MANAGEMENT" + msgstr "" + +-#: vms-alpha.c:7606 ++#: vms-alpha.c:7607 + msgid "IO " + msgstr "" + +-#: vms-alpha.c:7609 ++#: vms-alpha.c:7610 + msgid "FILES_VOLUMES " + msgstr "" + +-#: vms-alpha.c:7612 ++#: vms-alpha.c:7613 + msgid "PROCESS_SCHED " + msgstr "" + +-#: vms-alpha.c:7615 ++#: vms-alpha.c:7616 + msgid "SYSGEN " + msgstr "" + +-#: vms-alpha.c:7618 ++#: vms-alpha.c:7619 + msgid "CLUSTERS_LOCKMGR " + msgstr "" + +-#: vms-alpha.c:7621 ++#: vms-alpha.c:7622 + msgid "LOGICAL_NAMES " + msgstr "" + +-#: vms-alpha.c:7624 ++#: vms-alpha.c:7625 + msgid "SECURITY " + msgstr "" + +-#: vms-alpha.c:7627 ++#: vms-alpha.c:7628 + msgid "IMAGE_ACTIVATOR " + msgstr "" + +-#: vms-alpha.c:7630 ++#: vms-alpha.c:7631 + msgid "NETWORKS " + msgstr "" + +-#: vms-alpha.c:7633 ++#: vms-alpha.c:7634 + msgid "COUNTERS " + msgstr "" + +-#: vms-alpha.c:7636 ++#: vms-alpha.c:7637 + msgid "STABLE " + msgstr "" + +-#: vms-alpha.c:7639 ++#: vms-alpha.c:7640 + msgid "MISC " + msgstr "" + +-#: vms-alpha.c:7642 ++#: vms-alpha.c:7643 + msgid "CPU " + msgstr "" + +-#: vms-alpha.c:7645 ++#: vms-alpha.c:7646 + msgid "VOLATILE " + msgstr "" + +-#: vms-alpha.c:7648 ++#: vms-alpha.c:7649 + msgid "SHELL " + msgstr "" + +-#: vms-alpha.c:7651 ++#: vms-alpha.c:7652 + msgid "POSIX " + msgstr "" + +-#: vms-alpha.c:7654 ++#: vms-alpha.c:7655 + msgid "MULTI_PROCESSING " + msgstr "" + +-#: vms-alpha.c:7657 ++#: vms-alpha.c:7658 + msgid "GALAXY " + msgstr "" + +-#: vms-alpha.c:7660 ++#: vms-alpha.c:7661 + msgid "*unknown* " + msgstr "" + +-#: vms-alpha.c:7676 vms-alpha.c:7951 ++#: vms-alpha.c:7677 vms-alpha.c:7952 + #, c-format + msgid "cannot read EIHA\n" + msgstr "" + +-#: vms-alpha.c:7679 ++#: vms-alpha.c:7680 + #, c-format + msgid "Image activation: (size=%u)\n" + msgstr "" + +-#: vms-alpha.c:7682 ++#: vms-alpha.c:7683 + #, c-format + msgid " First address : 0x%08x 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7686 ++#: vms-alpha.c:7687 + #, c-format + msgid " Second address: 0x%08x 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7690 ++#: vms-alpha.c:7691 + #, c-format + msgid " Third address : 0x%08x 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7694 ++#: vms-alpha.c:7695 + #, c-format + msgid " Fourth address: 0x%08x 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7698 ++#: vms-alpha.c:7699 + #, c-format + msgid " Shared image : 0x%08x 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7709 ++#: vms-alpha.c:7710 + #, c-format + msgid "cannot read EIHI\n" + msgstr "" + +-#: vms-alpha.c:7713 ++#: vms-alpha.c:7714 + #, c-format + msgid "Image identification: (major: %u, minor: %u)\n" + msgstr "" + +-#: vms-alpha.c:7716 ++#: vms-alpha.c:7717 + #, c-format + msgid " image name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:7718 ++#: vms-alpha.c:7719 + #, c-format + msgid " link time : %s\n" + msgstr "" + +-#: vms-alpha.c:7720 ++#: vms-alpha.c:7721 + #, c-format + msgid " image ident : %.*s\n" + msgstr "" + +-#: vms-alpha.c:7722 ++#: vms-alpha.c:7723 + #, c-format + msgid " linker ident : %.*s\n" + msgstr "" + +-#: vms-alpha.c:7724 ++#: vms-alpha.c:7725 + #, c-format + msgid " image build ident: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7734 ++#: vms-alpha.c:7735 + #, c-format + msgid "cannot read EIHS\n" + msgstr "" + +-#: vms-alpha.c:7738 ++#: vms-alpha.c:7739 + #, c-format + msgid "Image symbol & debug table: (major: %u, minor: %u)\n" + msgstr "" + +-#: vms-alpha.c:7744 ++#: vms-alpha.c:7745 + #, c-format + msgid " debug symbol table : vbn: %u, size: %u (0x%x)\n" + msgstr "" + +-#: vms-alpha.c:7749 ++#: vms-alpha.c:7750 + #, c-format + msgid " global symbol table: vbn: %u, records: %u\n" + msgstr "" + +-#: vms-alpha.c:7754 ++#: vms-alpha.c:7755 + #, c-format + msgid " debug module table : vbn: %u, size: %u\n" + msgstr "" + +-#: vms-alpha.c:7767 ++#: vms-alpha.c:7768 + #, c-format + msgid "cannot read EISD\n" + msgstr "" + +-#: vms-alpha.c:7778 ++#: vms-alpha.c:7779 + #, c-format + msgid "" + "Image section descriptor: (major: %u, minor: %u, size: %u, offset: %u)\n" + msgstr "" + +-#: vms-alpha.c:7786 ++#: vms-alpha.c:7787 + #, c-format + msgid " section: base: 0x%08x%08x size: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7791 ++#: vms-alpha.c:7792 + #, c-format + msgid " flags: 0x%04x" + msgstr "" + +-#: vms-alpha.c:7829 ++#: vms-alpha.c:7830 + #, c-format + msgid " vbn: %u, pfc: %u, matchctl: %u type: %u (" + msgstr "" + +-#: vms-alpha.c:7835 ++#: vms-alpha.c:7836 + msgid "NORMAL" + msgstr "" + +-#: vms-alpha.c:7838 ++#: vms-alpha.c:7839 + msgid "SHRFXD" + msgstr "" + +-#: vms-alpha.c:7841 ++#: vms-alpha.c:7842 + msgid "PRVFXD" + msgstr "" + +-#: vms-alpha.c:7844 ++#: vms-alpha.c:7845 + msgid "SHRPIC" + msgstr "" + +-#: vms-alpha.c:7847 ++#: vms-alpha.c:7848 + msgid "PRVPIC" + msgstr "" + +-#: vms-alpha.c:7850 ++#: vms-alpha.c:7851 + msgid "USRSTACK" + msgstr "" + +-#: vms-alpha.c:7856 ++#: vms-alpha.c:7857 + msgid ")\n" + msgstr "" + +-#: vms-alpha.c:7859 ++#: vms-alpha.c:7860 + #, c-format + msgid " ident: 0x%08x, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7869 ++#: vms-alpha.c:7870 + #, c-format + msgid "cannot read DMT\n" + msgstr "" + +-#: vms-alpha.c:7873 ++#: vms-alpha.c:7874 + #, c-format + msgid "Debug module table:\n" + msgstr "" + +-#: vms-alpha.c:7882 ++#: vms-alpha.c:7883 + #, c-format + msgid "cannot read DMT header\n" + msgstr "" + +-#: vms-alpha.c:7888 ++#: vms-alpha.c:7889 + #, c-format + msgid " module offset: 0x%08x, size: 0x%08x, (%u psects)\n" + msgstr "" + +-#: vms-alpha.c:7898 ++#: vms-alpha.c:7899 + #, c-format + msgid "cannot read DMT psect\n" + msgstr "" + +-#: vms-alpha.c:7902 ++#: vms-alpha.c:7903 + #, c-format + msgid " psect start: 0x%08x, length: %u\n" + msgstr "" + +-#: vms-alpha.c:7915 ++#: vms-alpha.c:7916 + #, c-format + msgid "cannot read DST\n" + msgstr "" + +-#: vms-alpha.c:7925 ++#: vms-alpha.c:7926 + #, c-format + msgid "cannot read GST\n" + msgstr "" + +-#: vms-alpha.c:7929 ++#: vms-alpha.c:7930 + #, c-format + msgid "Global symbol table:\n" + msgstr "" + +-#: vms-alpha.c:7958 ++#: vms-alpha.c:7959 + #, c-format + msgid "Image activator fixup: (major: %u, minor: %u)\n" + msgstr "" + +-#: vms-alpha.c:7962 ++#: vms-alpha.c:7963 + #, c-format + msgid " iaflink : 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:7966 ++#: vms-alpha.c:7967 + #, c-format + msgid " fixuplnk: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:7969 ++#: vms-alpha.c:7970 + #, c-format + msgid " size : %u\n" + msgstr "" + +-#: vms-alpha.c:7971 ++#: vms-alpha.c:7972 + #, c-format + msgid " flags: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7976 ++#: vms-alpha.c:7977 + #, c-format + msgid " qrelfixoff: %5u, lrelfixoff: %5u\n" + msgstr "" + +-#: vms-alpha.c:7981 ++#: vms-alpha.c:7982 + #, c-format + msgid " qdotadroff: %5u, ldotadroff: %5u\n" + msgstr "" + +-#: vms-alpha.c:7986 ++#: vms-alpha.c:7987 + #, c-format + msgid " codeadroff: %5u, lpfixoff : %5u\n" + msgstr "" + +-#: vms-alpha.c:7989 ++#: vms-alpha.c:7990 + #, c-format + msgid " chgprtoff : %5u\n" + msgstr "" + +-#: vms-alpha.c:7993 ++#: vms-alpha.c:7994 + #, c-format + msgid " shlstoff : %5u, shrimgcnt : %5u\n" + msgstr "" + +-#: vms-alpha.c:7996 ++#: vms-alpha.c:7997 + #, c-format + msgid " shlextra : %5u, permctx : %5u\n" + msgstr "" + +-#: vms-alpha.c:7999 ++#: vms-alpha.c:8000 + #, c-format + msgid " base_va : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:8001 ++#: vms-alpha.c:8002 + #, c-format + msgid " lppsbfixoff: %5u\n" + msgstr "" + +-#: vms-alpha.c:8009 ++#: vms-alpha.c:8010 + #, c-format + msgid " Shareable images:\n" + msgstr "" + +-#: vms-alpha.c:8014 ++#: vms-alpha.c:8015 + #, c-format + msgid " %u: size: %u, flags: 0x%02x, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:8021 ++#: vms-alpha.c:8022 + #, c-format + msgid " quad-word relocation fixups:\n" + msgstr "" + +-#: vms-alpha.c:8026 ++#: vms-alpha.c:8027 + #, c-format + msgid " long-word relocation fixups:\n" + msgstr "" + +-#: vms-alpha.c:8031 ++#: vms-alpha.c:8032 + #, c-format + msgid " quad-word .address reference fixups:\n" + msgstr "" + +-#: vms-alpha.c:8036 ++#: vms-alpha.c:8037 + #, c-format + msgid " long-word .address reference fixups:\n" + msgstr "" + +-#: vms-alpha.c:8041 ++#: vms-alpha.c:8042 + #, c-format + msgid " Code Address Reference Fixups:\n" + msgstr "" + +-#: vms-alpha.c:8046 ++#: vms-alpha.c:8047 + #, c-format + msgid " Linkage Pairs Reference Fixups:\n" + msgstr "" + +-#: vms-alpha.c:8055 ++#: vms-alpha.c:8056 + #, c-format + msgid " Change Protection (%u entries):\n" + msgstr "" + +-#: vms-alpha.c:8061 ++#: vms-alpha.c:8062 + #, c-format + msgid " base: 0x%08x %08x, size: 0x%08x, prot: 0x%08x " + msgstr "" + + #. FIXME: we do not yet support relocatable link. It is not obvious + #. how to do it for debug infos. +-#: vms-alpha.c:8901 ++#: vms-alpha.c:8902 + msgid "%P: relocatable link is not supported\n" + msgstr "" + +-#: vms-alpha.c:8972 ++#: vms-alpha.c:8973 + #, c-format +-msgid "%P: multiple entry points: in modules %B and %B\n" ++msgid "%P: multiple entry points: in modules %pB and %pB\n" + msgstr "" + + #: vms-lib.c:1445 +@@ -8537,7 +8508,7 @@ msgstr "" + #: peigen.c:1906 peigen.c:2103 pepigen.c:1906 pepigen.c:2103 pex64igen.c:1906 + #: pex64igen.c:2103 + #, c-format +-msgid "Warning, .pdata section size (%ld) is not a multiple of %d\n" ++msgid "warning, .pdata section size (%ld) is not a multiple of %d\n" + msgstr "" + + #: peigen.c:1910 peigen.c:2107 pepigen.c:1910 pepigen.c:2107 pex64igen.c:1910 +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2018-04-24 Nick Clifton <nickc@redhat.com> ++ ++ PR 23110 ++ * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for ++ a negative PE_DEBUG_DATA size before iterating over the debug data. ++ + 2018-04-17 Nick Clifton <nickc@redhat.com> + + PR 23065 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch new file mode 100644 index 0000000000..29b834337e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch @@ -0,0 +1,63 @@ +From db0c309f4011ca94a4abc8458e27f3734dab92ac Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 24 Apr 2018 16:57:04 +0100 +Subject: [PATCH] Fix an illegal memory access when trying to copy an ELF + binary with corrupt section symbols. + + PR 23113 + * elf.c (ignore_section_sym): Check for the output_section pointer + being NULL before dereferencing it. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-10535 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 4 ++++ + bfd/elf.c | 9 ++++++++- + 2 files changed, 12 insertions(+), 1 deletion(-) + +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c ++++ git/bfd/elf.c +@@ -3994,15 +3994,22 @@ ignore_section_sym (bfd *abfd, asymbol * + { + elf_symbol_type *type_ptr; + ++ if (sym == NULL) ++ return FALSE; ++ + if ((sym->flags & BSF_SECTION_SYM) == 0) + return FALSE; + ++ if (sym->section == NULL) ++ return TRUE; ++ + type_ptr = elf_symbol_from (abfd, sym); + return ((type_ptr != NULL + && type_ptr->internal_elf_sym.st_shndx != 0 + && bfd_is_abs_section (sym->section)) + || !(sym->section->owner == abfd +- || (sym->section->output_section->owner == abfd ++ || (sym->section->output_section != NULL ++ && sym->section->output_section->owner == abfd + && sym->section->output_offset == 0) + || bfd_is_abs_section (sym->section))); + } +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,10 @@ + 2018-04-24 Nick Clifton <nickc@redhat.com> ++ ++ PR 23113 ++ * elf.c (ignore_section_sym): Check for the output_section pointer ++ being NULL before dereferencing it. ++ ++2018-04-24 Nick Clifton <nickc@redhat.com> + + PR 23110 + * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-13033.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-13033.patch new file mode 100644 index 0000000000..3fa852c951 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-13033.patch @@ -0,0 +1,71 @@ +From 95a6d23566165208853a68d9cd3c6eedca840ec6 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 8 May 2018 12:51:06 +0100 +Subject: [PATCH] Prevent a memory exhaustion failure when running objdump on a + fuzzed input file with corrupt string and attribute sections. + + PR 22809 + * elf.c (bfd_elf_get_str_section): Check for an excessively large + string section. + * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the + attribute section is larger than the size of the file. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-13033 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 8 ++++++++ + bfd/elf-attrs.c | 9 +++++++++ + bfd/elf.c | 1 + + 3 files changed, 18 insertions(+) + +Index: git/bfd/elf-attrs.c +=================================================================== +--- git.orig/bfd/elf-attrs.c ++++ git/bfd/elf-attrs.c +@@ -438,6 +438,15 @@ _bfd_elf_parse_attributes (bfd *abfd, El + /* PR 17512: file: 2844a11d. */ + if (hdr->sh_size == 0) + return; ++ if (hdr->sh_size > bfd_get_file_size (abfd)) ++ { ++ /* xgettext:c-format */ ++ _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"), ++ abfd, hdr->bfd_section, (long long) hdr->sh_size); ++ bfd_set_error (bfd_error_invalid_operation); ++ return; ++ } ++ + contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1); + if (!contents) + return; +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c ++++ git/bfd/elf.c +@@ -297,6 +297,7 @@ bfd_elf_get_str_section (bfd *abfd, unsi + /* Allocate and clear an extra byte at the end, to prevent crashes + in case the string table is not terminated. */ + if (shstrtabsize + 1 <= 1 ++ || shstrtabsize > bfd_get_file_size (abfd) + || bfd_seek (abfd, offset, SEEK_SET) != 0 + || (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL) + shstrtab = NULL; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,11 @@ ++2018-05-08 Nick Clifton <nickc@redhat.com> ++ ++ PR 22809 ++ * elf.c (bfd_elf_get_str_section): Check for an excessively large ++ string section. ++ * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the ++ attribute section is larger than the size of the file. ++ + 2018-04-24 Nick Clifton <nickc@redhat.com> + + PR 23113 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch new file mode 100644 index 0000000000..2c6b1b2427 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch @@ -0,0 +1,55 @@ +From 38e64b0ecc7f4ee64a02514b8d532782ac057fa2 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Thu, 25 Jan 2018 21:47:41 +1030 +Subject: [PATCH] PR22746, crash when running 32-bit objdump on corrupted file + +Avoid unsigned int overflow by performing bfd_size_type multiplication. + + PR 22746 + * elfcode.h (elf_object_p): Avoid integer overflow. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2018-6323 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/elfcode.h | 4 ++-- + 2 files changed, 7 insertions(+), 2 deletions(-) + +Index: git/bfd/elfcode.h +=================================================================== +--- git.orig/bfd/elfcode.h ++++ git/bfd/elfcode.h +@@ -680,7 +680,7 @@ elf_object_p (bfd *abfd) + if (i_ehdrp->e_shnum > ((bfd_size_type) -1) / sizeof (*i_shdrp)) + goto got_wrong_format_error; + #endif +- amt = sizeof (*i_shdrp) * i_ehdrp->e_shnum; ++ amt = sizeof (*i_shdrp) * (bfd_size_type) i_ehdrp->e_shnum; + i_shdrp = (Elf_Internal_Shdr *) bfd_alloc (abfd, amt); + if (!i_shdrp) + goto got_no_match; +@@ -776,7 +776,7 @@ elf_object_p (bfd *abfd) + if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr)) + goto got_wrong_format_error; + #endif +- amt = i_ehdrp->e_phnum * sizeof (*i_phdr); ++ amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr); + elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt); + if (elf_tdata (abfd)->phdr == NULL) + goto got_no_match; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,8 @@ ++2018-01-25 Alan Modra <amodra@gmail.com> ++ ++ PR 22746 ++ * elfcode.h (elf_object_p): Avoid integer overflow. ++ + 2018-05-08 Nick Clifton <nickc@redhat.com> + + PR 22809 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch new file mode 100644 index 0000000000..3b0e98a0a3 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch @@ -0,0 +1,108 @@ +From 64e234d417d5685a4aec0edc618114d9991c031b Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 6 Feb 2018 15:48:29 +0000 +Subject: [PATCH] Prevent attempts to call strncpy with a zero-length field by + chacking the size of debuglink sections. + + PR 22794 + * opncls.c (bfd_get_debug_link_info_1): Check the size of the + section before attempting to read it in. + (bfd_get_alt_debug_link_info): Likewise. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-6759 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/opncls.c | 22 +++++++++++++++++----- + 2 files changed, 24 insertions(+), 5 deletions(-) + +Index: git/bfd/opncls.c +=================================================================== +--- git.orig/bfd/opncls.c ++++ git/bfd/opncls.c +@@ -1179,6 +1179,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo + bfd_byte *contents; + unsigned int crc_offset; + char *name; ++ bfd_size_type size; + + BFD_ASSERT (abfd); + BFD_ASSERT (crc32_out); +@@ -1188,6 +1189,12 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo + if (sect == NULL) + return NULL; + ++ size = bfd_get_section_size (sect); ++ ++ /* PR 22794: Make sure that the section has a reasonable size. */ ++ if (size < 8 || size >= bfd_get_size (abfd)) ++ return NULL; ++ + if (!bfd_malloc_and_get_section (abfd, sect, &contents)) + { + if (contents != NULL) +@@ -1197,10 +1204,10 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo + + /* CRC value is stored after the filename, aligned up to 4 bytes. */ + name = (char *) contents; +- /* PR 17597: avoid reading off the end of the buffer. */ +- crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1; ++ /* PR 17597: Avoid reading off the end of the buffer. */ ++ crc_offset = strnlen (name, size) + 1; + crc_offset = (crc_offset + 3) & ~3; +- if (crc_offset + 4 > bfd_get_section_size (sect)) ++ if (crc_offset + 4 > size) + return NULL; + + *crc32 = bfd_get_32 (abfd, contents + crc_offset); +@@ -1261,6 +1268,7 @@ bfd_get_alt_debug_link_info (bfd * abfd, + bfd_byte *contents; + unsigned int buildid_offset; + char *name; ++ bfd_size_type size; + + BFD_ASSERT (abfd); + BFD_ASSERT (buildid_len); +@@ -1271,6 +1279,10 @@ bfd_get_alt_debug_link_info (bfd * abfd, + if (sect == NULL) + return NULL; + ++ size = bfd_get_section_size (sect); ++ if (size < 8 || size >= bfd_get_size (abfd)) ++ return NULL; ++ + if (!bfd_malloc_and_get_section (abfd, sect, & contents)) + { + if (contents != NULL) +@@ -1280,11 +1292,11 @@ bfd_get_alt_debug_link_info (bfd * abfd, + + /* BuildID value is stored after the filename. */ + name = (char *) contents; +- buildid_offset = strnlen (name, bfd_get_section_size (sect)) + 1; ++ buildid_offset = strnlen (name, size) + 1; + if (buildid_offset >= bfd_get_section_size (sect)) + return NULL; + +- *buildid_len = bfd_get_section_size (sect) - buildid_offset; ++ *buildid_len = size - buildid_offset; + *buildid_out = bfd_malloc (*buildid_len); + memcpy (*buildid_out, contents + buildid_offset, *buildid_len); + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2018-02-06 Nick Clifton <nickc@redhat.com> ++ ++ PR 22794 ++ * opncls.c (bfd_get_debug_link_info_1): Check the size of the ++ section before attempting to read it in. ++ (bfd_get_alt_debug_link_info): Likewise. ++ + 2018-01-25 Alan Modra <amodra@gmail.com> + + PR 22746 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch new file mode 100644 index 0000000000..7d78db7eb3 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch @@ -0,0 +1,47 @@ +From eb77f6a4621795367a39cdd30957903af9dbb815 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sat, 27 Jan 2018 08:19:33 +1030 +Subject: [PATCH] PR22741, objcopy segfault on fuzzed COFF object + + PR 22741 + * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in + range before converting to a symbol table pointer. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-7208 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/coffgen.c | 3 ++- + 2 files changed, 8 insertions(+), 1 deletion(-) + +Index: git/bfd/coffgen.c +=================================================================== +--- git.orig/bfd/coffgen.c ++++ git/bfd/coffgen.c +@@ -1555,7 +1555,8 @@ coff_pointerize_aux (bfd *abfd, + } + /* A negative tagndx is meaningless, but the SCO 3.2v4 cc can + generate one, so we must be careful to ignore it. */ +- if (auxent->u.auxent.x_sym.x_tagndx.l > 0) ++ if ((unsigned long) auxent->u.auxent.x_sym.x_tagndx.l ++ < obj_raw_syment_count (abfd)) + { + auxent->u.auxent.x_sym.x_tagndx.p = + table_base + auxent->u.auxent.x_sym.x_tagndx.l; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2018-01-29 Alan Modra <amodra@gmail.com> ++ ++ PR 22741 ++ * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in ++ range before converting to a symbol table pointer. ++ + 2018-02-06 Nick Clifton <nickc@redhat.com> + + PR 22794 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p1.patch new file mode 100644 index 0000000000..b014080a7e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p1.patch @@ -0,0 +1,161 @@ +From 1da5c9a485f3dcac4c45e96ef4b7dae5948314b5 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Mon, 25 Sep 2017 20:20:38 +0930 +Subject: [PATCH] PR22202, buffer overflow in parse_die + +There was a complete lack of sanity checking in dwarf1.c + + PR 22202 + * dwarf1.c (parse_die): Sanity check pointer against section limit + before dereferencing. + (parse_line_table): Likewise. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-7568 patch1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/dwarf1.c | 56 ++++++++++++++++++++++++++++++++++++++------------------ + 2 files changed, 45 insertions(+), 18 deletions(-) + +Index: git/bfd/dwarf1.c +=================================================================== +--- git.orig/bfd/dwarf1.c ++++ git/bfd/dwarf1.c +@@ -189,11 +189,14 @@ parse_die (bfd * abfd, + memset (aDieInfo, 0, sizeof (* aDieInfo)); + + /* First comes the length. */ +- aDieInfo->length = bfd_get_32 (abfd, (bfd_byte *) xptr); ++ if (xptr + 4 > aDiePtrEnd) ++ return FALSE; ++ aDieInfo->length = bfd_get_32 (abfd, xptr); + xptr += 4; + if (aDieInfo->length == 0 +- || (this_die + aDieInfo->length) >= aDiePtrEnd) ++ || this_die + aDieInfo->length > aDiePtrEnd) + return FALSE; ++ aDiePtrEnd = this_die + aDieInfo->length; + if (aDieInfo->length < 6) + { + /* Just padding bytes. */ +@@ -202,18 +205,20 @@ parse_die (bfd * abfd, + } + + /* Then the tag. */ +- aDieInfo->tag = bfd_get_16 (abfd, (bfd_byte *) xptr); ++ if (xptr + 2 > aDiePtrEnd) ++ return FALSE; ++ aDieInfo->tag = bfd_get_16 (abfd, xptr); + xptr += 2; + + /* Then the attributes. */ +- while (xptr < (this_die + aDieInfo->length)) ++ while (xptr + 2 <= aDiePtrEnd) + { + unsigned short attr; + + /* Parse the attribute based on its form. This section + must handle all dwarf1 forms, but need only handle the + actual attributes that we care about. */ +- attr = bfd_get_16 (abfd, (bfd_byte *) xptr); ++ attr = bfd_get_16 (abfd, xptr); + xptr += 2; + + switch (FORM_FROM_ATTR (attr)) +@@ -223,12 +228,15 @@ parse_die (bfd * abfd, + break; + case FORM_DATA4: + case FORM_REF: +- if (attr == AT_sibling) +- aDieInfo->sibling = bfd_get_32 (abfd, (bfd_byte *) xptr); +- else if (attr == AT_stmt_list) ++ if (xptr + 4 <= aDiePtrEnd) + { +- aDieInfo->stmt_list_offset = bfd_get_32 (abfd, (bfd_byte *) xptr); +- aDieInfo->has_stmt_list = 1; ++ if (attr == AT_sibling) ++ aDieInfo->sibling = bfd_get_32 (abfd, xptr); ++ else if (attr == AT_stmt_list) ++ { ++ aDieInfo->stmt_list_offset = bfd_get_32 (abfd, xptr); ++ aDieInfo->has_stmt_list = 1; ++ } + } + xptr += 4; + break; +@@ -236,22 +244,29 @@ parse_die (bfd * abfd, + xptr += 8; + break; + case FORM_ADDR: +- if (attr == AT_low_pc) +- aDieInfo->low_pc = bfd_get_32 (abfd, (bfd_byte *) xptr); +- else if (attr == AT_high_pc) +- aDieInfo->high_pc = bfd_get_32 (abfd, (bfd_byte *) xptr); ++ if (xptr + 4 <= aDiePtrEnd) ++ { ++ if (attr == AT_low_pc) ++ aDieInfo->low_pc = bfd_get_32 (abfd, xptr); ++ else if (attr == AT_high_pc) ++ aDieInfo->high_pc = bfd_get_32 (abfd, xptr); ++ } + xptr += 4; + break; + case FORM_BLOCK2: +- xptr += 2 + bfd_get_16 (abfd, (bfd_byte *) xptr); ++ if (xptr + 2 <= aDiePtrEnd) ++ xptr += bfd_get_16 (abfd, xptr); ++ xptr += 2; + break; + case FORM_BLOCK4: +- xptr += 4 + bfd_get_32 (abfd, (bfd_byte *) xptr); ++ if (xptr + 4 <= aDiePtrEnd) ++ xptr += bfd_get_32 (abfd, xptr); ++ xptr += 4; + break; + case FORM_STRING: + if (attr == AT_name) + aDieInfo->name = (char *) xptr; +- xptr += strlen ((char *) xptr) + 1; ++ xptr += strnlen ((char *) xptr, aDiePtrEnd - xptr) + 1; + break; + } + } +@@ -290,7 +305,7 @@ parse_line_table (struct dwarf1_debug* s + } + + xptr = stash->line_section + aUnit->stmt_list_offset; +- if (xptr < stash->line_section_end) ++ if (xptr + 8 <= stash->line_section_end) + { + unsigned long eachLine; + bfd_byte *tblend; +@@ -318,6 +333,11 @@ parse_line_table (struct dwarf1_debug* s + + for (eachLine = 0; eachLine < aUnit->line_count; eachLine++) + { ++ if (xptr + 10 > stash->line_section_end) ++ { ++ aUnit->line_count = eachLine; ++ break; ++ } + /* A line number. */ + aUnit->linenumber_table[eachLine].linenumber + = bfd_get_32 (stash->abfd, (bfd_byte *) xptr); +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-25 Alan Modra <amodra@gmail.com> ++ ++ PR 22202 ++ * dwarf1.c (parse_die): Sanity check pointer against section limit ++ before dereferencing. ++ (parse_line_table): Likewise. ++ + 2018-01-29 Alan Modra <amodra@gmail.com> + + PR 22741 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p2.patch new file mode 100644 index 0000000000..b5511d7d8a --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p2.patch @@ -0,0 +1,73 @@ +From eef104664efb52965d85a28bc3fc7c77e52e48e2 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 28 Feb 2018 10:13:54 +0000 +Subject: [PATCH] Fix potential integer overflow when reading corrupt dwarf1 + debug information. + + PR 22894 + * dwarf1.c (parse_die): Check the length of form blocks before + advancing the data pointer. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-7568 patch2 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/dwarf1.c | 17 +++++++++++++++-- + 2 files changed, 21 insertions(+), 2 deletions(-) + +Index: git/bfd/dwarf1.c +=================================================================== +--- git.orig/bfd/dwarf1.c ++++ git/bfd/dwarf1.c +@@ -213,6 +213,7 @@ parse_die (bfd * abfd, + /* Then the attributes. */ + while (xptr + 2 <= aDiePtrEnd) + { ++ unsigned int block_len; + unsigned short attr; + + /* Parse the attribute based on its form. This section +@@ -255,12 +256,24 @@ parse_die (bfd * abfd, + break; + case FORM_BLOCK2: + if (xptr + 2 <= aDiePtrEnd) +- xptr += bfd_get_16 (abfd, xptr); ++ { ++ block_len = bfd_get_16 (abfd, xptr); ++ if (xptr + block_len > aDiePtrEnd ++ || xptr + block_len < xptr) ++ return FALSE; ++ xptr += block_len; ++ } + xptr += 2; + break; + case FORM_BLOCK4: + if (xptr + 4 <= aDiePtrEnd) +- xptr += bfd_get_32 (abfd, xptr); ++ { ++ block_len = bfd_get_32 (abfd, xptr); ++ if (xptr + block_len > aDiePtrEnd ++ || xptr + block_len < xptr) ++ return FALSE; ++ xptr += block_len; ++ } + xptr += 4; + break; + case FORM_STRING: +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2018-02-28 Nick Clifton <nickc@redhat.com> ++ ++ PR 22894 ++ * dwarf1.c (parse_die): Check the length of form blocks before ++ advancing the data pointer. ++ + 2017-09-25 Alan Modra <amodra@gmail.com> + + PR 22202 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch new file mode 100644 index 0000000000..e77118bc13 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch @@ -0,0 +1,120 @@ +From 12c963421d045a127c413a0722062b9932c50aa9 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 28 Feb 2018 11:50:49 +0000 +Subject: [PATCH] Catch integer overflows/underflows when parsing corrupt DWARF + FORM blocks. + + PR 22895 + PR 22893 + * dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block + pointer. Drop unused abfd parameter. Check the size of the block + before initialising the data field. Return the end pointer if the + size is invalid. + (read_attribute_value): Adjust invocations of read_n_bytes. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-7569 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 8 ++++++++ + bfd/dwarf2.c | 36 +++++++++++++++++++++--------------- + 2 files changed, 29 insertions(+), 15 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -649,14 +649,24 @@ read_8_bytes (bfd *abfd, bfd_byte *buf, + } + + static bfd_byte * +-read_n_bytes (bfd *abfd ATTRIBUTE_UNUSED, +- bfd_byte *buf, +- bfd_byte *end, +- unsigned int size ATTRIBUTE_UNUSED) +-{ +- if (buf + size > end) +- return NULL; +- return buf; ++read_n_bytes (bfd_byte * buf, ++ bfd_byte * end, ++ struct dwarf_block * block) ++{ ++ unsigned int size = block->size; ++ bfd_byte * block_end = buf + size; ++ ++ if (block_end > end || block_end < buf) ++ { ++ block->data = NULL; ++ block->size = 0; ++ return end; ++ } ++ else ++ { ++ block->data = buf; ++ return block_end; ++ } + } + + /* Scans a NUL terminated string starting at BUF, returning a pointer to it. +@@ -1154,8 +1164,7 @@ read_attribute_value (struct attribute * + return NULL; + blk->size = read_2_bytes (abfd, info_ptr, info_ptr_end); + info_ptr += 2; +- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); +- info_ptr += blk->size; ++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); + attr->u.blk = blk; + break; + case DW_FORM_block4: +@@ -1165,8 +1174,7 @@ read_attribute_value (struct attribute * + return NULL; + blk->size = read_4_bytes (abfd, info_ptr, info_ptr_end); + info_ptr += 4; +- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); +- info_ptr += blk->size; ++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); + attr->u.blk = blk; + break; + case DW_FORM_data2: +@@ -1206,8 +1214,7 @@ read_attribute_value (struct attribute * + blk->size = _bfd_safe_read_leb128 (abfd, info_ptr, &bytes_read, + FALSE, info_ptr_end); + info_ptr += bytes_read; +- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); +- info_ptr += blk->size; ++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); + attr->u.blk = blk; + break; + case DW_FORM_block1: +@@ -1217,8 +1224,7 @@ read_attribute_value (struct attribute * + return NULL; + blk->size = read_1_byte (abfd, info_ptr, info_ptr_end); + info_ptr += 1; +- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); +- info_ptr += blk->size; ++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); + attr->u.blk = blk; + break; + case DW_FORM_data1: +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,14 @@ + 2018-02-28 Nick Clifton <nickc@redhat.com> ++ ++ PR 22895 ++ PR 22893 ++ * dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block ++ pointer. Drop unused abfd parameter. Check the size of the block ++ before initialising the data field. Return the end pointer if the ++ size is invalid. ++ (read_attribute_value): Adjust invocations of read_n_bytes. ++ ++2018-02-28 Nick Clifton <nickc@redhat.com> + + PR 22894 + * dwarf1.c (parse_die): Check the length of form blocks before diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch new file mode 100644 index 0000000000..14b233e2c1 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch @@ -0,0 +1,51 @@ +From 116acb2c268c89c89186673a7c92620d21825b25 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Wed, 28 Feb 2018 22:09:50 +1030 +Subject: [PATCH] PR22887, null pointer dereference in + aout_32_swap_std_reloc_out + + PR 22887 + * aoutx.h (swap_std_reloc_in): Correct r_index bound check. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-7642 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/aoutx.h | 6 ++++-- + 2 files changed, 9 insertions(+), 2 deletions(-) + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,8 @@ ++2018-02-28 Alan Modra <amodra@gmail.com> ++ ++ PR 22887 ++ * aoutx.h (swap_std_reloc_in): Correct r_index bound check. ++ + 2018-02-28 Nick Clifton <nickc@redhat.com> + + PR 22895 +Index: git/bfd/aoutx.h +=================================================================== +--- git.orig/bfd/aoutx.h ++++ git/bfd/aoutx.h +@@ -2211,10 +2211,12 @@ NAME (aout, swap_ext_reloc_in) (bfd *abf + || r_type == (unsigned int) RELOC_BASE22) + r_extern = 1; + +- if (r_extern && r_index > symcount) ++ if (r_extern && r_index >= symcount) + { + /* We could arrange to return an error, but it might be useful +- to see the file even if it is bad. */ ++ to see the file even if it is bad. FIXME: Of course this ++ means that objdump -r *doesn't* see the actual reloc, and ++ objcopy silently writes a different reloc. */ + r_extern = 0; + r_index = N_ABS; + } diff --git a/meta/recipes-devtools/chrpath/chrpath_0.16.bb b/meta/recipes-devtools/chrpath/chrpath_0.16.bb index b61eef9c8b..8de8850576 100644 --- a/meta/recipes-devtools/chrpath/chrpath_0.16.bb +++ b/meta/recipes-devtools/chrpath/chrpath_0.16.bb @@ -7,14 +7,12 @@ BUGTRACKER = "http://alioth.debian.org/tracker/?atid=412807&group_id=31052" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552" -SRC_URI = "https://alioth.debian.org/frs/download.php/file/3979/chrpath-0.16.tar.gz \ +SRC_URI = "${DEBIAN_MIRROR}/main/c/${BPN}/${BPN}_${PV}.orig.tar.gz \ file://standarddoc.patch" SRC_URI[md5sum] = "2bf8d1d1ee345fc8a7915576f5649982" SRC_URI[sha256sum] = "bb0d4c54bac2990e1bdf8132f2c9477ae752859d523e141e72b3b11a12c26e7b" -UPSTREAM_CHECK_URI = "http://alioth.debian.org/frs/?group_id=31052" - inherit autotools # We don't have a staged chrpath-native for ensuring our binary is diff --git a/meta/recipes-devtools/distcc/distcc_3.2.bb b/meta/recipes-devtools/distcc/distcc_3.2.bb index e6f159c7cd..fe64c5b793 100644 --- a/meta/recipes-devtools/distcc/distcc_3.2.bb +++ b/meta/recipes-devtools/distcc/distcc_3.2.bb @@ -41,7 +41,9 @@ INITSCRIPT_NAME = "distcc" SYSTEMD_PACKAGES = "${PN}" SYSTEMD_SERVICE_${PN} = "distcc.service" -do_install_append() { +do_install() { + # Improve reproducibility: compress w/o timestamps + oe_runmake 'DESTDIR=${D}' "GZIP_BIN=gzip -n" install install -d ${D}${sysconfdir}/init.d/ install -d ${D}${sysconfdir}/default install -m 0755 ${WORKDIR}/distcc ${D}${sysconfdir}/init.d/ diff --git a/meta/recipes-devtools/make/make.inc b/meta/recipes-devtools/make/make.inc index 849b74299c..b8905bc6d3 100644 --- a/meta/recipes-devtools/make/make.inc +++ b/meta/recipes-devtools/make/make.inc @@ -5,7 +5,10 @@ called the makefile, which lists each of the non-source files and how to compute HOMEPAGE = "http://www.gnu.org/software/make/" SECTION = "devel" -SRC_URI = "${GNU_MIRROR}/make/make-${PV}.tar.bz2" +SRC_URI = "${GNU_MIRROR}/make/make-${PV}.tar.bz2 \ + file://0001-glob-Do-not-assume-glibc-glob-internals.patch \ + file://0002-glob-Do-not-assume-glibc-glob-internals.patch \ + " inherit autotools gettext pkgconfig texinfo diff --git a/meta/recipes-devtools/make/make/0001-glob-Do-not-assume-glibc-glob-internals.patch b/meta/recipes-devtools/make/make/0001-glob-Do-not-assume-glibc-glob-internals.patch new file mode 100644 index 0000000000..2b6e4d40c3 --- /dev/null +++ b/meta/recipes-devtools/make/make/0001-glob-Do-not-assume-glibc-glob-internals.patch @@ -0,0 +1,70 @@ +From c90a7dda6c572f79b8e78da44b6ebf8704edef65 Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun, 24 Sep 2017 09:12:58 -0400 +Subject: [PATCH 1/2] glob: Do not assume glibc glob internals. + +It has been proposed that glibc glob start using gl_lstat, +which the API allows it to do. GNU 'make' should not get in +the way of this. See: +https://sourceware.org/ml/libc-alpha/2017-09/msg00409.html + +* dir.c (local_lstat): New function, like local_stat. +(dir_setup_glob): Use it to initialize gl_lstat too, as the API +requires. +--- +Upstream-Status: Backport +Signed-off-by: Khem Raj <raj.khem@gmail.com> + + dir.c | 29 +++++++++++++++++++++++++++-- + 1 file changed, 27 insertions(+), 2 deletions(-) + +diff --git a/dir.c b/dir.c +index f34bbf5..12eef30 100644 +--- a/dir.c ++++ b/dir.c +@@ -1299,15 +1299,40 @@ local_stat (const char *path, struct stat *buf) + } + #endif + ++/* Similarly for lstat. */ ++#if !defined(lstat) && !defined(WINDOWS32) || defined(VMS) ++# ifndef VMS ++# ifndef HAVE_SYS_STAT_H ++int lstat (const char *path, struct stat *sbuf); ++# endif ++# else ++ /* We are done with the fake lstat. Go back to the real lstat */ ++# ifdef lstat ++# undef lstat ++# endif ++# endif ++# define local_lstat lstat ++#elif defined(WINDOWS32) ++/* Windows doesn't support lstat(). */ ++# define local_lstat local_stat ++#else ++static int ++local_lstat (const char *path, struct stat *buf) ++{ ++ int e; ++ EINTRLOOP (e, lstat (path, buf)); ++ return e; ++} ++#endif ++ + void + dir_setup_glob (glob_t *gl) + { + gl->gl_opendir = open_dirstream; + gl->gl_readdir = read_dirstream; + gl->gl_closedir = free; ++ gl->gl_lstat = local_lstat; + gl->gl_stat = local_stat; +- /* We don't bother setting gl_lstat, since glob never calls it. +- The slot is only there for compatibility with 4.4 BSD. */ + } + + void +-- +2.16.1 + diff --git a/meta/recipes-devtools/make/make/0002-glob-Do-not-assume-glibc-glob-internals.patch b/meta/recipes-devtools/make/make/0002-glob-Do-not-assume-glibc-glob-internals.patch new file mode 100644 index 0000000000..d49acd9f6e --- /dev/null +++ b/meta/recipes-devtools/make/make/0002-glob-Do-not-assume-glibc-glob-internals.patch @@ -0,0 +1,38 @@ +From 9858702dbd1e137262c06765919937660879f63c Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun, 24 Sep 2017 09:12:58 -0400 +Subject: [PATCH 2/2] glob: Do not assume glibc glob internals. + +It has been proposed that glibc glob start using gl_lstat, +which the API allows it to do. GNU 'make' should not get in +the way of this. See: +https://sourceware.org/ml/libc-alpha/2017-09/msg00409.html + +* dir.c (local_lstat): New function, like local_stat. +(dir_setup_glob): Use it to initialize gl_lstat too, as the API +requires. +--- +Upstream-Status: Backport + + configure.ac | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 64ec870..e87901c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -399,10 +399,9 @@ AC_CACHE_CHECK([if system libc has GNU glob], [make_cv_sys_gnu_glob], + #include <glob.h> + #include <fnmatch.h> + +-#define GLOB_INTERFACE_VERSION 1 + #if !defined _LIBC && defined __GNU_LIBRARY__ && __GNU_LIBRARY__ > 1 + # include <gnu-versions.h> +-# if _GNU_GLOB_INTERFACE_VERSION == GLOB_INTERFACE_VERSION ++if _GNU_GLOB_INTERFACE_VERSION == 1 || _GNU_GLOB_INTERFACE_VERSION == 2 + gnu glob + # endif + #endif], +-- +2.16.1 + diff --git a/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch b/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch new file mode 100644 index 0000000000..049149eb9e --- /dev/null +++ b/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch @@ -0,0 +1,36 @@ +From 9c986353e420ead6e706262bf204d6e03322c300 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agruen@gnu.org> +Date: Fri, 17 Aug 2018 13:35:40 +0200 +Subject: [PATCH] Fix swapping fake lines in pch_swap + +* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a +blank line in the middle of a context-diff hunk: that empty line stays +in the middle of the hunk and isn't swapped. + +Fixes: https://savannah.gnu.org/bugs/index.php?53133 +Signed-off-by: Andreas Gruenbacher <agruen@gnu.org> + +Upstream-Status: Backport [https://git.savannah.gnu.org/git/patch.git] +CVE: CVE-2018-6952 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + +--- + src/pch.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pch.c b/src/pch.c +index e92bc64..a500ad9 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -2122,7 +2122,7 @@ pch_swap (void) + } + if (p_efake >= 0) { /* fix non-freeable ptr range */ + if (p_efake <= i) +- n = p_end - i + 1; ++ n = p_end - p_ptrn_lines; + else + n = -i; + p_efake += n; +-- +2.10.2 + diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb b/meta/recipes-devtools/patch/patch_2.7.6.bb index 823486dd0a..85b0db7333 100644 --- a/meta/recipes-devtools/patch/patch_2.7.6.bb +++ b/meta/recipes-devtools/patch/patch_2.7.6.bb @@ -5,6 +5,7 @@ SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://0002-Fix-segfault-with-mangled-rename-patch.patch \ file://0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch \ file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \ + file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \ " SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600" diff --git a/meta/recipes-devtools/perl/perl/0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch b/meta/recipes-devtools/perl/perl/0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch new file mode 100644 index 0000000000..c5db1b7060 --- /dev/null +++ b/meta/recipes-devtools/perl/perl/0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch @@ -0,0 +1,126 @@ +From ba6733216202523a95b0b7ee2e534b8e30b6d7df Mon Sep 17 00:00:00 2001 +From: Dominic Hargreaves <dom@earth.li> +Date: Sat, 14 Oct 2017 16:27:53 +0200 +Subject: [PATCH] Skip various tests if PERL_BUILD_PACKAGING is set + +These are tests which tend not to be useful for downstream packagers + +t/porting/customized.t change originally from Todd Rinaldo + +Upstream-Status: Backport[https://perl5.git.perl.org/perl.git/ba6733216202523a95b0b7ee2e534b8e30b6d7df] + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + INSTALL | 3 ++- + MANIFEST | 1 + + PACKAGING | 30 ++++++++++++++++++++++++++++++ + regen/lib_cleanup.pl | 5 +++++ + t/porting/customized.t | 1 + + t/test.pl | 3 +++ + 6 files changed, 42 insertions(+), 1 deletion(-) + create mode 100644 PACKAGING + +diff --git a/INSTALL b/INSTALL +index 636f4bd52f..1285fc69a2 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -2714,4 +2714,5 @@ This document is part of the Perl package and may be distributed under + the same terms as perl itself, with the following additional request: + If you are distributing a modified version of perl (perhaps as part of + a larger package) please B<do> modify these installation instructions +-and the contact information to match your distribution. ++and the contact information to match your distribution. Additional ++information for packagers is in F<PACKAGING>. +diff --git a/MANIFEST b/MANIFEST +index b3207030a9..32de824ca1 100644 +--- a/MANIFEST ++++ b/MANIFEST +@@ -4932,6 +4932,7 @@ os2/perlrexx.c Support perl interpreter embedded in REXX + os2/perlrexx.cmd Test perl interpreter embedded in REXX + overload.h generated overload enum (public) + overload.inc generated overload name table (implementation) ++PACKAGING notes and best practice for packaging perl 5 + packsizetables.inc The generated packprops array used in pp_pack.c + pad.c Scratchpad functions + pad.h Scratchpad headers +diff --git a/PACKAGING b/PACKAGING +new file mode 100644 +index 0000000000..0c69b87ba6 +--- /dev/null ++++ b/PACKAGING +@@ -0,0 +1,30 @@ ++If you read this file _as_is_, just ignore the funny characters you ++see. It is written in the POD format (see pod/perlpod.pod) which is ++specifically designed to be readable as is. ++ ++=head1 NAME ++ ++PACKAGING - notes and best practice for packaging perl 5 ++ ++=head1 SYNOPSIS ++ ++This document is aimed at anyone who is producing their own version of ++perl for distribution to other users. It is intended as a collection ++of useful tips, advice and best practice, rather than being a complete ++packaging manual. The starting point for installing perl remains ++F<INSTALL>. ++ ++=head1 Customizing test running ++ ++A small number of porting tests (those in t/porting) are not well suited ++to typical distribution packaging scenarios. For example, they assume ++they are working in a git clone of the upstream Perl repository, or ++enforce rules which are not relevant to downstream packagers. These can ++be skipped by setting the environment variable PERL_BUILD_PACKAGING. ++A complete list of tests which this applied to can be found by searching ++the codebase for this string. ++ ++An alternative strategy would be to skip all porting tests, but many of ++them are useful if additional patches might be applied. ++ ++=cut +diff --git a/regen/lib_cleanup.pl b/regen/lib_cleanup.pl +index 5e40b405a4..6caf74a563 100644 +--- a/regen/lib_cleanup.pl ++++ b/regen/lib_cleanup.pl +@@ -164,6 +164,11 @@ if ($TAP && !-d '.git' && !-f 'lib/.gitignore') { + exit 0; + } + ++if ($ENV{'PERL_BUILD_PACKAGING'}) { ++ print "ok # skip explicitly disabled git tests by PERL_BUILD_PACKAGING\n"; ++ exit 0; ++} ++ + $fh = open_new('lib/.gitignore', '>', + { by => $0, + from => 'MANIFEST and parsing files in cpan/ dist/ and ext/'}); +diff --git a/t/porting/customized.t b/t/porting/customized.t +index 45fcafb100..5c3739198c 100644 +--- a/t/porting/customized.t ++++ b/t/porting/customized.t +@@ -13,6 +13,7 @@ BEGIN { + @INC = qw(lib Porting t); + require 'test.pl'; + skip_all("pre-computed SHA1 won't match under EBCDIC") if $::IS_EBCDIC; ++ skip_all("This distro may have modified some files in cpan/. Skipping validation.") if $ENV{'PERL_BUILD_PACKAGING'}; + } + + use strict; +diff --git a/t/test.pl b/t/test.pl +index 79e6e25e95..1782dcf73c 100644 +--- a/t/test.pl ++++ b/t/test.pl +@@ -212,6 +212,9 @@ sub find_git_or_skip { + } else { + $reason = 'not being run from a git checkout'; + } ++ if ($ENV{'PERL_BUILD_PACKAGING'}) { ++ $reason = 'PERL_BUILD_PACKAGING is set'; ++ } + skip_all($reason) if $_[0] && $_[0] eq 'all'; + skip($reason, @_); + } +-- +2.17.1 + diff --git a/meta/recipes-devtools/perl/perl/CVE-2017-12837.patch b/meta/recipes-devtools/perl/perl/CVE-2017-12837.patch new file mode 100644 index 0000000000..0b59fcda3e --- /dev/null +++ b/meta/recipes-devtools/perl/perl/CVE-2017-12837.patch @@ -0,0 +1,32 @@ +From 73d7247ecab863ef26b5687a37ccc75d6144ad0f Mon Sep 17 00:00:00 2001 +From: Karl Williamson <khw@cpan.org> +Date: Tue, 17 Oct 2017 13:49:14 +0800 +Subject: [PATCH] fix CVE-2017-12837 + +Signed-off-by: Karl Williamson <khw@cpan.org> +Signed-off-by: Steve Hay <steve.m.hay@googlemail.com> + +CVE: CVE-2017-12837 +Upstream-Status: Backport +https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5 + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + regcomp.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/regcomp.c b/regcomp.c +index 5498d14..31ec383 100644 +--- a/regcomp.c ++++ b/regcomp.c +@@ -13021,6 +13021,7 @@ S_regatom(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth) + goto loopdone; + } + p = RExC_parse; ++ RExC_parse = parse_start; + if (ender > 0xff) { + REQUIRE_UTF8(flagp); + } +-- +1.8.3.1 + diff --git a/meta/recipes-devtools/perl/perl/perl-test-customized.patch b/meta/recipes-devtools/perl/perl/perl-test-customized.patch deleted file mode 100644 index 90e4dcd5fb..0000000000 --- a/meta/recipes-devtools/perl/perl/perl-test-customized.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 64df09205b6ccb5a434a4e53e8e0a32377ab634f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com> -Date: Thu, 24 Nov 2016 10:49:55 -0600 -Subject: [PATCH] The OE core recipies customize some ExtUtils-MakeMaker - modules, which causes their MD5 sum to mismatch the provided table and the - corresponding tests to fail. Also, we patch several test files with a - backported patch. Update list of hashes to reflect the patched files. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Bill Randle <william.c.randle@intel.com> -Signed-off-by: AnÃbal Limón <anibal.limon@linux.intel.com> ---- - t/porting/customized.dat | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/t/porting/customized.dat b/t/porting/customized.dat -index defeae1..b5d3c46 100644 ---- a/t/porting/customized.dat -+++ b/t/porting/customized.dat -@@ -18,12 +18,12 @@ Encode cpan/Encode/bin/unidump 715f47c2fcc661268f3c6cd3de0d27c72b745cd2 - Encode cpan/Encode/Encode.pm e146861ff2e6aaa62defa4887eade68dd7b17c8e - Encode cpan/Encode/encoding.pm 51c19efc9bfe8467d6ae12a4654f6e7f980715bf - ExtUtils::Constant cpan/ExtUtils-Constant/t/Constant.t a0369c919e216fb02767a637666bb4577ad79b02 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/bin/instmodsh 5bc04a0173b8b787f465271b6186220326ae8eef -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/bin/instmodsh 2070fe968fa344d89aea1bdc6a8dbb0c467d0612 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Command.pm e3a372e07392179711ea9972087c1105a2780fad - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Command/MM.pm b72721bd6aa9bf7ec328bda99a8fdb63cac6114d - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist.pm 0e1e4c25eddb999fec6c4dc66593f76db34cfd16 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist/Kid.pm bfd2aa00ca4ed251f342e1d1ad704abbaf5a615e --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm 5529ae3064365eafd99536621305d52f4ab31b45 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist/Kid.pm d593d8fdc5c0ebcb6d3701c70fc6640c50d93455 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm bf9174c70a0e50ff2fee4552c7df89b37d292da1 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker/Config.pm bc88b275af73b8faac6abd59a9aad3f625925810 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker/FAQ.pod 062e5d14a803fbbec8d61803086a3d7997e8a473 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker/Tutorial.pod a8a9cab7d67922ed3d6883c864e1fe29aaa6ad89 -@@ -33,7 +33,7 @@ ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Mkbootstrap.pm 412e95c3 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Mksymlists.pm 8559ef191b4371d0c381472464856a8a73825b2a - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM.pm 09d579ed9daea95c3bf47de2e0b8fe3aa0ff6447 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_AIX.pm f720c13748293b792f7073aa96e7daecb590b183 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Any.pm 243649a399d293ae7ad0f26b7eab2668aa864ce8 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Any.pm ec39f68802a6fee8daaa914fc7131f40533cfc23 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_BeOS.pm b63c90129303b2c17d084fb828aa2c02a2ad85b8 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Cygwin.pm cabd1c97eaa427067811d92807e34c17940c7350 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Darwin.pm 6a185d897a600c34615a6073f4de0ac2f54fef3e -@@ -42,7 +42,7 @@ ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_MacOS.pm 1f5eb772eed - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_NW5.pm de777d7809c0d73e5d4622a29921731c7e5dff48 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_OS2.pm 01e8f08a82b5304009574e3ac0892b4066ff7639 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_QNX.pm 5340052b58557a6764f5ac9f8b807fefec404a06 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm 3c3b93f431b0a51b9592b3d69624dbf5409f6f74 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm 0d6ed5e4bdcdcd28e968e8629a592fdd0cc84818 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_UWIN.pm 40397f4cd2d49700b80b4ef490da98add24c5b37 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_VMS.pm 147e97fbabb74841f0733dbd5d1b9f3fa51f87c1 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_VOS.pm 3f13ed7045ff3443bcb4dd6c95c98b9bd705820f -@@ -51,7 +51,7 @@ ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Win95.pm 48e8a2fe176 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MY.pm 6fefe99045b64459905d4721f3a494d8d50f7ab9 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/testlib.pm 172778ad21c065a89cd270668eb9f99a7364b41c - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/cd.t 0a71fbd646a7be8358b07b6f64f838243cc0aef4 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/echo.t 37aec8f794c52e037540757eb5b2556f79419ff7 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/echo.t 1a93dd8834e4bb0e5facf08204e782807567b2eb - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/lib/MakeMaker/Test/NoXS.pm 371cdff1b2375017907cfbc9c8f4a31f5ad10582 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/prereq.t 53bda2c549fd13a6b6c13a070ca6bc79883081c0 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/vstrings.t 90035a2bdbf45f15b9c3196d072d7cba7e662871 -@@ -165,7 +165,7 @@ bignum cpan/bignum/lib/bigrat.pm 7fccc9df30e43dbbae6e5ea91b26c8046545c9a9 - bignum cpan/bignum/lib/Math/BigFloat/Trace.pm a6b4b995e18f4083252e6dc72e9bef69671893dd - bignum cpan/bignum/lib/Math/BigInt/Trace.pm d9596963673760cae3eeeb752c1eeeec50bb2290 - libnet cpan/libnet/lib/Net/Cmd.pm a44a10c939a4c35f923c4638054178c32f1d283a --libnet cpan/libnet/lib/Net/Config.pm 9bd49bf4de0dc438bceee0ef4baf8ba7a6633327 -+libnet cpan/libnet/lib/Net/Config.pm 2873da5efbffed67934dd297ef6f360b3558cb0b - libnet cpan/libnet/lib/Net/Domain.pm 1bbed50f70fd1ff3e1cdf087b19a9349cddfaced - libnet cpan/libnet/lib/Net/FTP.pm 40dba553c8d44e1530daec2d07a6e50910401f2e - libnet cpan/libnet/lib/Net/FTP/A.pm c570b10730b168990034dcf9cb00e305a100f336 -@@ -176,6 +176,6 @@ libnet cpan/libnet/lib/Net/FTP/L.pm ac1599c775faee0474710e4f75051c8949f13df2 - libnet cpan/libnet/lib/Net/Netrc.pm 009cfc08f8a5bf247257acb64a21e1b6ad8b2c9c - libnet cpan/libnet/lib/Net/NNTP.pm 6325fc05fd9ef81dc8d461a77b2a3f56ad1ae114 - libnet cpan/libnet/lib/Net/POP3.pm 2d8065646df80061dae5a9e3465a36a6557165fd --libnet cpan/libnet/lib/Net/SMTP.pm f3ed7a177b49ee0ba65ac1c414de797cdbbe6886 -+libnet cpan/libnet/lib/Net/SMTP.pm f1beb42bfbef4333ed24ad63d5dd1aa5c67b20c7 - libnet cpan/libnet/lib/Net/Time.pm b3df8bbaa3bc253fbf77e8386c59a1b2aae13627 - version cpan/version/lib/version.pm ff75e2076be10bd4c05133cd979fda0b38ca8653 --- -2.1.4 - diff --git a/meta/recipes-devtools/perl/perl/run-ptest b/meta/recipes-devtools/perl/perl/run-ptest index 1e2dd1b66d..dad4d42916 100644 --- a/meta/recipes-devtools/perl/perl/run-ptest +++ b/meta/recipes-devtools/perl/perl/run-ptest @@ -1,2 +1,2 @@ #!/bin/sh -cd t && ./TEST | sed -u -e 's|\(.*\) .* ok$|PASS: \1|' -e 's|\(.*\) .* skipped|SKIP: \1|' -e 's|\(.*\) \.\(.*\)|FAIL: \1|' +cd t && PERL_BUILD_PACKAGING=1 ./TEST | sed -u -e 's|\(.*\) .* ok$|PASS: \1|' -e 's|\(.*\) .* skipped|SKIP: \1|' -e 's|\(.*\) \.\(.*\)|FAIL: \1|' diff --git a/meta/recipes-devtools/perl/perl_5.24.1.bb b/meta/recipes-devtools/perl/perl_5.24.1.bb index 243422fcfb..1a9b8d1c3e 100644 --- a/meta/recipes-devtools/perl/perl_5.24.1.bb +++ b/meta/recipes-devtools/perl/perl_5.24.1.bb @@ -64,15 +64,16 @@ SRC_URI += " \ file://perl-PathTools-don-t-filter-out-blib-from-INC.patch \ file://perl-errno-generation-gcc5.patch \ file://perl-fix-conflict-between-skip_all-and-END.patch \ - file://perl-test-customized.patch \ file://perl-5.26.1-guard_old_libcrypt_fix.patch \ file://CVE-2017-12883.patch \ + file://CVE-2017-12837.patch \ " # Fix test case issues SRC_URI_append_class-target = " \ file://test/dist-threads-t-join.t-adjust-ps-option.patch \ file://test/ext-DynaLoader-t-DynaLoader.t-fix-calling-dl_findfil.patch \ + file://0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch \ " SRC_URI[md5sum] = "af6a84c7c3e2b8b269c105a5db2f6d53" diff --git a/meta/recipes-devtools/python/python-3.5-manifest.inc b/meta/recipes-devtools/python/python-3.5-manifest.inc index 0260e87e75..710b22eaa3 100644 --- a/meta/recipes-devtools/python/python-3.5-manifest.inc +++ b/meta/recipes-devtools/python/python-3.5-manifest.inc @@ -194,7 +194,7 @@ FILES_${PN}-readline="${libdir}/python3.5/lib-dynload/readline.*.so ${libdir}/py SUMMARY_${PN}-reprlib="Python alternate repr() implementation" RDEPENDS_${PN}-reprlib="${PN}-core" -FILES_${PN}-reprlib="${libdir}/python3.5/reprlib.py ${libdir}/python3.5/__pycache__/reprlib.py " +FILES_${PN}-reprlib="${libdir}/python3.5/reprlib.* ${libdir}/python3.5/__pycache__/reprlib.* " SUMMARY_${PN}-resource="Python resource control interface" RDEPENDS_${PN}-resource="${PN}-core" diff --git a/meta/recipes-devtools/python/python-native_2.7.13.bb b/meta/recipes-devtools/python/python-native_2.7.14.bb index 7edf153489..5373ce6690 100644 --- a/meta/recipes-devtools/python/python-native_2.7.13.bb +++ b/meta/recipes-devtools/python/python-native_2.7.14.bb @@ -1,7 +1,7 @@ require python.inc EXTRANATIVEPATH += "bzip2-native" -DEPENDS = "openssl-native bzip2-replacement-native zlib-native readline-native sqlite3-native expat-native" +DEPENDS = "openssl-native bzip2-replacement-native zlib-native readline-native sqlite3-native expat-native gdbm-native db-native" PR = "${INC_PR}.1" SRC_URI += "\ @@ -17,6 +17,7 @@ SRC_URI += "\ file://builddir.patch \ file://parallel-makeinst-create-bindir.patch \ file://revert_use_of_sysconfigdata.patch \ + file://fix-gc-alignment.patch \ " S = "${WORKDIR}/Python-${PV}" @@ -39,6 +40,12 @@ do_configure_append() { autoreconf --verbose --install --force --exclude=autopoint ../Python-${PV}/Modules/_ctypes/libffi } +# Regenerate all of the generated files +# This ensures that pgen and friends get created during the compile phase +do_compile_prepend() { + oe_runmake regen-all +} + do_install() { oe_runmake 'DESTDIR=${D}' install install -d ${D}${bindir}/${PN} diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc index b40f551ab3..979b601bf1 100644 --- a/meta/recipes-devtools/python/python.inc +++ b/meta/recipes-devtools/python/python.inc @@ -5,12 +5,12 @@ SECTION = "devel/python" # bump this on every change in contrib/python/generate-manifest-2.7.py INC_PR = "r1" -LIC_FILES_CHKSUM = "file://LICENSE;md5=6b60258130e4ed10d3101517eb5b9385" +LIC_FILES_CHKSUM = "file://LICENSE;md5=f741e51de91d4eeea5930b9c3c7fa69d" SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz" -SRC_URI[md5sum] = "53b43534153bb2a0363f08bae8b9d990" -SRC_URI[sha256sum] = "35d543986882f78261f97787fd3e06274bfa6df29fac9b4a94f73930ff98f731" +SRC_URI[md5sum] = "1f6db41ad91d9eb0a6f0c769b8613c5b" +SRC_URI[sha256sum] = "71ffb26e09e78650e424929b2b457b9c912ac216576e6bd9e7d204ed03296a66" # python recipe is actually python 2.x # also, exclude pre-releases for both python 2.x and 3.x diff --git a/meta/recipes-devtools/python/python/01-use-proper-tools-for-cross-build.patch b/meta/recipes-devtools/python/python/01-use-proper-tools-for-cross-build.patch index 366ce3e400..e795a74b91 100644 --- a/meta/recipes-devtools/python/python/01-use-proper-tools-for-cross-build.patch +++ b/meta/recipes-devtools/python/python/01-use-proper-tools-for-cross-build.patch @@ -9,6 +9,9 @@ Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Rebased for python-2.7.9 Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> +Rebased for python-2.7.14 +Signed-off-by: Derek Straka <derek@asterius.io> + Index: Python-2.7.13/Makefile.pre.in =================================================================== --- Python-2.7.13.orig/Makefile.pre.in @@ -30,14 +33,14 @@ Index: Python-2.7.13/Makefile.pre.in # Create build directory and generate the sysconfig build-time data there. # pybuilddir.txt contains the name of the build dir and is used for -@@ -681,7 +682,7 @@ Modules/pwdmodule.o: $(srcdir)/Modules/p - - $(GRAMMAR_H): @GENERATED_COMMENT@ $(GRAMMAR_INPUT) $(PGEN) +@@ -663,7 +663,7 @@ + # Regenerate Include/graminit.h and Python/graminit.c + # from Grammar/Grammar using pgen @$(MKDIR_P) Include -- $(PGEN) $(GRAMMAR_INPUT) $(GRAMMAR_H) $(GRAMMAR_C) -+ $(HOSTPGEN) $(GRAMMAR_INPUT) $(GRAMMAR_H) $(GRAMMAR_C) - $(GRAMMAR_C): @GENERATED_COMMENT@ $(GRAMMAR_H) - touch $(GRAMMAR_C) +- $(PGEN) $(srcdir)/Grammar/Grammar \ ++ $(HOSTPGEN) $(srcdir)/Grammar/Grammar \ + $(srcdir)/Include/graminit.h \ + $(srcdir)/Python/graminit.c @@ -1121,27 +1122,27 @@ libinstall: build_all $(srcdir)/Lib/$(PL $(DESTDIR)$(LIBDEST)/distutils/tests ; \ diff --git a/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch b/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch deleted file mode 100644 index 38e53778dc..0000000000 --- a/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch +++ /dev/null @@ -1,41 +0,0 @@ -Upstream-Status: Backport - -Signed-off-by: Andreas Oberritter <obi@opendreambox.org> - -From 905d1b30ac7cb0e31c57cec0533825c8f170b942 Mon Sep 17 00:00:00 2001 -From: Victor Stinner <victor.stinner@gmail.com> -Date: Mon, 9 Jan 2017 11:10:41 +0100 -Subject: [PATCH] Don't use getentropy() on Linux - -Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but -read from /dev/urandom to get random bytes, for example in os.urandom(). On -Linux, getentropy() is implemented which getrandom() is blocking mode, whereas -os.urandom() should not block. - -(cherry picked from commit 2687486756721e39164fa9f597e468c35d495227) ---- - Python/random.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/Python/random.c b/Python/random.c -index b4bc1f3..f3f5d14 100644 ---- a/Python/random.c -+++ b/Python/random.c -@@ -94,8 +94,15 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) - } - - /* Issue #25003: Don't use getentropy() on Solaris (available since -- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ --#elif defined(HAVE_GETENTROPY) && !defined(sun) -+ Solaris 11.3), it is blocking whereas os.urandom() should not block. -+ -+ Issue #29188: Don't use getentropy() on Linux since the glibc 2.24 -+ implements it with the getrandom() syscall which can fail with ENOSYS, -+ and this error is not supported in py_getentropy() and getrandom() is called -+ with flags=0 which blocks until system urandom is initialized, which is not -+ the desired behaviour to seed the Python hash secret nor for os.urandom(): -+ see the PEP 524 which was only implemented in Python 3.6. */ -+#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux) - #define PY_GETENTROPY 1 - - /* Fill buffer with size pseudo-random bytes generated by getentropy(). diff --git a/meta/recipes-devtools/python/python/fix-gc-alignment.patch b/meta/recipes-devtools/python/python/fix-gc-alignment.patch new file mode 100644 index 0000000000..b63cd08747 --- /dev/null +++ b/meta/recipes-devtools/python/python/fix-gc-alignment.patch @@ -0,0 +1,43 @@ +Upstream-Status: Submitted +Signed-off-by: Ross Burton <ross.burton@intel.com> + +Fix for over-aligned GC info +Patch by Florian Weimer + +See: https://bugzilla.redhat.com/show_bug.cgi?id=1540316 +Upstream discussion: https://mail.python.org/pipermail/python-dev/2018-January/152000.html + +diff --git a/Include/objimpl.h b/Include/objimpl.h +index 55e83eced6..aa906144dc 100644 +--- a/Include/objimpl.h ++++ b/Include/objimpl.h +@@ -248,6 +248,18 @@ PyAPI_FUNC(PyVarObject *) _PyObject_GC_Resize(PyVarObject *, Py_ssize_t); + /* for source compatibility with 2.2 */ + #define _PyObject_GC_Del PyObject_GC_Del + ++/* Former over-aligned definition of PyGC_Head, used to compute the ++ size of the padding for the new version below. */ ++union _gc_head; ++union _gc_head_old { ++ struct { ++ union _gc_head *gc_next; ++ union _gc_head *gc_prev; ++ Py_ssize_t gc_refs; ++ } gc; ++ long double dummy; ++}; ++ + /* GC information is stored BEFORE the object structure. */ + typedef union _gc_head { + struct { +@@ -255,7 +267,8 @@ typedef union _gc_head { + union _gc_head *gc_prev; + Py_ssize_t gc_refs; + } gc; +- long double dummy; /* force worst-case alignment */ ++ double dummy; /* force worst-case alignment */ ++ char dummy_padding[sizeof(union _gc_head_old)]; + } PyGC_Head; + + extern PyGC_Head *_PyGC_generation0; +
\ No newline at end of file diff --git a/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch b/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch index 669112dab0..90dcd57c04 100644 --- a/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch +++ b/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch @@ -15,7 +15,7 @@ diff -ruN a/Makefile.pre.in b/Makefile.pre.in +TESTOPTS= -l -v $(EXTRATESTOPTS) TESTPROG= $(srcdir)/Lib/test/regrtest.py -TESTPYTHON= $(RUNSHARED) ./$(BUILDPYTHON) -Wd -3 -E -tt $(TESTPYTHONOPTS) --test: all platform +-test: @DEF_MAKE_RULE@ platform - -find $(srcdir)/Lib -name '*.py[co]' -print | xargs rm -f +TESTPYTHON= $(RUNSHARED) $(BUILDPYTHON) -Wd -3 -E -tt $(TESTPYTHONOPTS) +test: build-test @@ -26,8 +26,8 @@ diff -ruN a/Makefile.pre.in b/Makefile.pre.in -$(TESTPYTHON) $(TESTPROG) $(TESTOPTS) $(TESTPYTHON) $(TESTPROG) $(TESTOPTS) -+build-test: all platform ++build-test: @DEF_MAKE_RULE@ platform + - testall: all platform + testall: @DEF_MAKE_RULE@ platform -find $(srcdir)/Lib -name '*.py[co]' -print | xargs rm -f $(TESTPYTHON) $(srcdir)/Lib/compileall.py diff --git a/meta/recipes-devtools/python/python/parallel-makeinst-create-bindir.patch b/meta/recipes-devtools/python/python/parallel-makeinst-create-bindir.patch index 951cb466ff..abab41e957 100644 --- a/meta/recipes-devtools/python/python/parallel-makeinst-create-bindir.patch +++ b/meta/recipes-devtools/python/python/parallel-makeinst-create-bindir.patch @@ -8,12 +8,12 @@ Upstream-Status: Pending --- Python-2.7.3.orig/Makefile.pre.in +++ Python-2.7.3/Makefile.pre.in -@@ -1008,7 +1008,7 @@ LIBPL= $(LIBP)/config +@@ -1187,7 +1187,7 @@ LIBPC= $(LIBDIR)/pkgconfig - - libainstall: all python-config + + libainstall: @DEF_MAKE_RULE@ python-config - @for i in $(LIBDIR) $(LIBP) $(LIBPL) $(LIBPC); \ + @for i in $(LIBDIR) $(LIBP) $(LIBPL) $(LIBPC) $(BINDIR); \ - do \ - if test ! -d $(DESTDIR)$$i; then \ - echo "Creating directory $$i"; \ + do \ + if test ! -d $(DESTDIR)$$i; then \ + echo "Creating directory $$i"; \ diff --git a/meta/recipes-devtools/python/python_2.7.13.bb b/meta/recipes-devtools/python/python_2.7.14.bb index 754c029097..35b6324970 100644 --- a/meta/recipes-devtools/python/python_2.7.13.bb +++ b/meta/recipes-devtools/python/python_2.7.14.bb @@ -26,9 +26,9 @@ SRC_URI += "\ file://parallel-makeinst-create-bindir.patch \ file://use_sysroot_ncurses_instead_of_host.patch \ file://add-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch \ - file://Don-t-use-getentropy-on-Linux.patch \ file://pass-missing-libraries-to-Extension-for-mul.patch \ file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \ + file://fix-gc-alignment.patch \ " S = "${WORKDIR}/Python-${PV}" diff --git a/meta/recipes-devtools/valgrind/valgrind/0001-fix-opcode-not-supported-on-mips32-linux.patch b/meta/recipes-devtools/valgrind/valgrind/0001-fix-opcode-not-supported-on-mips32-linux.patch new file mode 100644 index 0000000000..39b624d9f6 --- /dev/null +++ b/meta/recipes-devtools/valgrind/valgrind/0001-fix-opcode-not-supported-on-mips32-linux.patch @@ -0,0 +1,82 @@ +From fb5362f205b37c5060fcd764a7ed393abe4f2f3d Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Fri, 27 Jul 2018 17:39:37 +0800 +Subject: [PATCH 1/2] fix opcode not supported on mips32-linux + +While build tests(`make check') on mips32-linux, there are +serial failures such as: +[snip] +| mips-wrsmllib32-linux-gcc -meb -mabi=32 -mhard-float -c +-o atomic_incs-atomic_incs.o `test -f 'atomic_incs.c' || echo +'../../../valgrind-3.13.0/memcheck/tests/'`atomic_incs.c +| /tmp/ccqrmINN.s: Assembler messages: +| /tmp/ccqrmINN.s:247: Error: opcode not supported on this +processor: mips1 (mips1) `ll $t3,0($t1)' +| /tmp/ccqrmINN.s:249: Error: opcode not supported on this +processor: mips1 (mips1) `sc $t3,0($t1)' +[snip] + +Since the following commit applied, it defines CLFAGS for mips32, +but missed to pass them to tests which caused the above failure +... +3e344c57f Merge in a port for mips32-linux +... + +Upstream-Status: Submitted [https://bugs.kde.org/show_bug.cgi?id=396905] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + helgrind/tests/Makefile.am | 5 +++++ + memcheck/tests/Makefile.am | 5 +++++ + none/tests/mips32/Makefile.am | 4 ++++ + 3 files changed, 14 insertions(+) + +diff --git a/helgrind/tests/Makefile.am b/helgrind/tests/Makefile.am +index ad1af191a..6209d35a7 100644 +--- a/helgrind/tests/Makefile.am ++++ b/helgrind/tests/Makefile.am +@@ -214,6 +214,11 @@ check_PROGRAMS += annotate_rwlock + endif + + AM_CFLAGS += $(AM_FLAG_M3264_PRI) ++ ++if VGCONF_PLATFORMS_INCLUDE_MIPS32_LINUX ++AM_CFLAGS += $(AM_CFLAGS_MIPS32_LINUX) ++endif ++ + AM_CXXFLAGS += $(AM_FLAG_M3264_PRI) + + LDADD = -lpthread +diff --git a/memcheck/tests/Makefile.am b/memcheck/tests/Makefile.am +index 84e49405f..aff861a32 100644 +--- a/memcheck/tests/Makefile.am ++++ b/memcheck/tests/Makefile.am +@@ -443,6 +443,11 @@ check_PROGRAMS += reach_thread_register + endif + + AM_CFLAGS += $(AM_FLAG_M3264_PRI) ++ ++if VGCONF_PLATFORMS_INCLUDE_MIPS32_LINUX ++AM_CFLAGS += $(AM_CFLAGS_MIPS32_LINUX) ++endif ++ + AM_CXXFLAGS += $(AM_FLAG_M3264_PRI) + + if VGCONF_PLATFORMS_INCLUDE_ARM_LINUX +diff --git a/none/tests/mips32/Makefile.am b/none/tests/mips32/Makefile.am +index d11591d45..602cd26f6 100644 +--- a/none/tests/mips32/Makefile.am ++++ b/none/tests/mips32/Makefile.am +@@ -99,6 +99,10 @@ check_PROGRAMS = \ + round_fpu64 \ + fpu_branches + ++if VGCONF_PLATFORMS_INCLUDE_MIPS32_LINUX ++AM_CFLAGS += $(AM_CFLAGS_MIPS32_LINUX) ++endif ++ + AM_CFLAGS += @FLAG_M32@ + AM_CXXFLAGS += @FLAG_M32@ + AM_CCASFLAGS += @FLAG_M32@ +-- +2.17.1 + diff --git a/meta/recipes-devtools/valgrind/valgrind/0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch b/meta/recipes-devtools/valgrind/valgrind/0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch new file mode 100644 index 0000000000..6df295f8a2 --- /dev/null +++ b/meta/recipes-devtools/valgrind/valgrind/0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch @@ -0,0 +1,47 @@ +From 63ce36396348e7c4c021cffa652d2e3d20f7963a Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Fri, 27 Jul 2018 17:51:54 +0800 +Subject: [PATCH 2/2] fix broken inline asm in tests on mips32-linux + +While build tests(`make check') with gcc 8.1.0 on mips32-linux, +there is a failure +[snip] +|mips-wrsmllib32-linux-gcc -meb -mabi=32 -mhard-float -march=mips32 +-c -o tc08_hbl2-tc08_hbl2.o `test -f 'tc08_hbl2.c' || echo '../../../ +valgrind-3.13.0/helgrind/tests/'`tc08_hbl2.c +|/tmp/cc37aJxQ.s: Assembler messages: +|/tmp/cc37aJxQ.s:275: Error: symbol `L1xyzzy1main' is already defined +|Makefile:1323: recipe for target 'tc08_hbl2-tc08_hbl2.o' failed +[snip] + +Remove the duplicated L1xyzzy1main, and use local symbol to replace. +http://tigcc.ticalc.org/doc/gnuasm.html#SEC46 + +Upstream-Status: Submitted [https://bugs.kde.org/show_bug.cgi?id=396906] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + helgrind/tests/tc08_hbl2.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/helgrind/tests/tc08_hbl2.c b/helgrind/tests/tc08_hbl2.c +index 2a757a008..f660d82dd 100644 +--- a/helgrind/tests/tc08_hbl2.c ++++ b/helgrind/tests/tc08_hbl2.c +@@ -121,12 +121,12 @@ + #elif defined(PLAT_mips32_linux) || defined(PLAT_mips64_linux) + # define INC(_lval,_lqual) \ + __asm__ __volatile__ ( \ +- "L1xyzzy1" _lqual":\n" \ ++ "1:\n" \ + " move $t0, %0\n" \ + " ll $t1, 0($t0)\n" \ + " addiu $t1, $t1, 1\n" \ + " sc $t1, 0($t0)\n" \ +- " beqz $t1, L1xyzzy1" _lqual \ ++ " beqz $t1, 1b\n" \ + : /*out*/ : /*in*/ "r"(&(_lval)) \ + : /*trash*/ "t0", "t1", "memory" \ + ) +-- +2.17.1 + diff --git a/meta/recipes-devtools/valgrind/valgrind/0002-remove-rpath.patch b/meta/recipes-devtools/valgrind/valgrind/0002-remove-rpath.patch deleted file mode 100644 index e9112da0cb..0000000000 --- a/meta/recipes-devtools/valgrind/valgrind/0002-remove-rpath.patch +++ /dev/null @@ -1,35 +0,0 @@ -From f96cf1f4eaa72860ab8b5e18ad10fdc704d78c5f Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Tue, 15 Dec 2015 15:01:34 +0200 -Subject: [PATCH 2/5] remove rpath - -Upstream-Status: Inappropriate [embedded config] -Signed-off-by: Saul Wold <sgw@linux.intel.com> ---- - none/tests/Makefile.am | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/none/tests/Makefile.am b/none/tests/Makefile.am -index 54f2a7e..25b0f49 100644 ---- a/none/tests/Makefile.am -+++ b/none/tests/Makefile.am -@@ -326,7 +326,6 @@ threadederrno_CFLAGS += --std=c99 - endif - tls_SOURCES = tls.c tls2.c - tls_DEPENDENCIES = tls.so tls2.so --tls_LDFLAGS = -Wl,-rpath,$(abs_top_builddir)/none/tests - tls_LDADD = tls.so tls2.so -lpthread - tls_so_SOURCES = tls_so.c - tls_so_DEPENDENCIES = tls2.so -@@ -334,7 +333,7 @@ if VGCONF_OS_IS_DARWIN - tls_so_LDFLAGS = -dynamic -dynamiclib -all_load -fpic - tls_so_LDADD = `pwd`/tls2.so - else -- tls_so_LDFLAGS = -Wl,-rpath,$(abs_top_builddir)/none/tests -shared -fPIC -+ tls_so_LDFLAGS = -shared -fPIC - tls_so_LDADD = tls2.so - endif - tls_so_CFLAGS = $(AM_CFLAGS) -fPIC --- -2.6.2 - diff --git a/meta/recipes-devtools/valgrind/valgrind/mask-CPUID-support-in-HWCAP-on-aarch64.patch b/meta/recipes-devtools/valgrind/valgrind/mask-CPUID-support-in-HWCAP-on-aarch64.patch new file mode 100644 index 0000000000..89a95b82fe --- /dev/null +++ b/meta/recipes-devtools/valgrind/valgrind/mask-CPUID-support-in-HWCAP-on-aarch64.patch @@ -0,0 +1,36 @@ +Fix runtime Valgrind failure + +This patch is derived from +https://bugzilla.redhat.com/show_bug.cgi?id=1464211 + +At runtime it will fails like this: + +ARM64 front end: branch_etc +disInstr(arm64): unhandled instruction 0xD5380001 +disInstr(arm64): 1101'0101 0011'1000 0000'0000 0000'0001 ==2082== +valgrind: Unrecognised instruction at address 0x4014e64. + +This patch is a workaround by masking all HWCAP + +Upstream-Status: Pending + +Signed-off-by: Manjukumar Matha <manjukumar.harthikote-matha@xilinx.com> + +Index: valgrind-3.13.0/coregrind/m_initimg/initimg-linux.c +=================================================================== + +--- valgrind-3.13.0.orig/coregrind/m_initimg/initimg-linux.c 2018-03-04 22:22:17.698572675 -0800 ++++ valgrind-3.13.0/coregrind/m_initimg/initimg-linux.c 2018-03-04 22:23:25.727815624 -0800 +@@ -703,6 +703,12 @@ + (and anything above) are not supported by Valgrind. */ + auxv->u.a_val &= VKI_HWCAP_S390_TE - 1; + } ++# elif defined(VGP_arm64_linux) ++ { ++ /* Linux 4.11 started populating this for arm64, but we ++ currently don't support any. */ ++ auxv->u.a_val = 0; ++ } + # endif + break; + # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux) diff --git a/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch b/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch index 51259db001..4b531b42ea 100644 --- a/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch +++ b/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch @@ -12,6 +12,11 @@ The #ifdef HAS_VSX guard is wrongly placed. It makes the standard include headers not be used. Causing a build failure. Fix by moving the #ifdef HAS_VSX after the standard includes. +[v2 changes] +- Add #ifdef HAS_VSX guard correctly for ppc64 test_isa_2_06_partx.c + test cases. The changes are similar to what was done for ppc32. + +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Index: none/tests/ppc32/test_isa_2_06_part3.c =================================================================== --- a/none/tests/ppc32/test_isa_2_06_part3.c (revision 16449) @@ -85,3 +90,76 @@ Index: none/tests/ppc32/test_isa_2_06_part2.c #ifndef __powerpc64__ typedef uint32_t HWord_t; #else +Index: none/tests/ppc64/test_isa_2_06_part3.c +=================================================================== +--- a/none/tests/ppc64/test_isa_2_06_part3.c (revision 16449) ++++ b/none/tests/ppc64/test_isa_2_06_part3.c (revision 16450) +@@ -20,17 +20,18 @@ + The GNU General Public License is contained in the file COPYING. + */ + +-#ifdef HAS_VSX +- + #include <stdio.h> + #include <stdint.h> + #include <stdlib.h> + #include <string.h> + #include <malloc.h> +-#include <altivec.h> + #include <math.h> + #include <unistd.h> // getopt + ++#ifdef HAS_VSX ++ ++#include <altivec.h> ++ + #ifndef __powerpc64__ + typedef uint32_t HWord_t; + #else +Index: none/tests/ppc64/test_isa_2_06_part1.c +=================================================================== +--- a/none/tests/ppc64/test_isa_2_06_part1.c (revision 16449) ++++ b/none/tests/ppc64/test_isa_2_06_part1.c (revision 16450) +@@ -20,13 +20,14 @@ + The GNU General Public License is contained in the file COPYING. + */ + +-#ifdef HAS_VSX +- + #include <stdio.h> + #include <stdint.h> + #include <stdlib.h> + #include <string.h> + #include <malloc.h> ++ ++#ifdef HAS_VSX ++ + #include <altivec.h> + + #ifndef __powerpc64__ +Index: none/tests/ppc64/test_isa_2_06_part2.c +=================================================================== +--- a/none/tests/ppc64/test_isa_2_06_part2.c (revision 16449) ++++ b/none/tests/ppc64/test_isa_2_06_part2.c (revision 16450) +@@ -20,17 +20,18 @@ + The GNU General Public License is contained in the file COPYING. + */ + +-#ifdef HAS_VSX +- + #include <stdio.h> + #include <stdint.h> + #include <stdlib.h> + #include <string.h> + #include <malloc.h> +-#include <altivec.h> + #include <math.h> + #include <unistd.h> // getopt + ++#ifdef HAS_VSX ++ ++#include <altivec.h> ++ + #ifndef __powerpc64__ + typedef uint32_t HWord_t; + #else diff --git a/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb b/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb index bf3cfd7f36..39ec6f5cc8 100644 --- a/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb +++ b/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb @@ -16,7 +16,6 @@ SRC_URI = "ftp://sourceware.org/pub/valgrind/valgrind-${PV}.tar.bz2 \ file://fixed-perl-path.patch \ file://Added-support-for-PPC-instructions-mfatbu-mfatbl.patch \ file://run-ptest \ - file://0002-remove-rpath.patch \ file://0004-Fix-out-of-tree-builds.patch \ file://0005-Modify-vg_test-wrapper-to-support-PTEST-formats.patch \ file://0001-Remove-tests-that-fail-to-build-on-some-PPC32-config.patch \ @@ -37,6 +36,9 @@ SRC_URI = "ftp://sourceware.org/pub/valgrind/valgrind-${PV}.tar.bz2 \ file://0003-tests-seg_override-Replace-__modify_ldt-with-syscall.patch \ file://link-gz-tests.patch \ file://ppc-headers.patch \ + file://mask-CPUID-support-in-HWCAP-on-aarch64.patch \ + file://0001-fix-opcode-not-supported-on-mips32-linux.patch \ + file://0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch \ " SRC_URI[md5sum] = "817dd08f1e8a66336b9ff206400a5369" SRC_URI[sha256sum] = "d76680ef03f00cd5e970bbdcd4e57fb1f6df7d2e2c071635ef2be74790190c3b" @@ -54,7 +56,6 @@ COMPATIBLE_HOST_linux-gnux32 = 'null' COMPATIBLE_HOST_linux-muslx32 = 'null' # Disable for some MIPS variants -COMPATIBLE_HOST_mipsarchn32 = 'null' COMPATIBLE_HOST_mipsarchr6 = 'null' inherit autotools ptest multilib_header @@ -86,6 +87,8 @@ def get_mcpu(d): do_configure_prepend () { rm -rf ${S}/config.h + sed -i -e 's:$(abs_top_builddir):$(pkglibdir)/ptest:g' ${S}/none/tests/Makefile.am + sed -i -e 's:$(top_builddir):$(pkglibdir)/ptest:g' ${S}/memcheck/tests/Makefile.am } do_install_append () { diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb index de668d6d2b..acbf80a685 100644 --- a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb +++ b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb @@ -2,13 +2,13 @@ SUMMARY = "Very high-quality data compression program" DESCRIPTION = "bzip2 compresses files using the Burrows-Wheeler block-sorting text compression algorithm, and \ Huffman coding. Compression is generally considerably better than that achieved by more conventional \ LZ77/LZ78-based compressors, and approaches the performance of the PPM family of statistical compressors." -HOMEPAGE = "http://www.bzip.org/" +HOMEPAGE = "https://sourceware.org/bzip2/" SECTION = "console/utils" LICENSE = "bzip2" LIC_FILES_CHKSUM = "file://LICENSE;beginline=8;endline=37;md5=40d9d1eb05736d1bfc86cfdd9106e6b2" PR = "r5" -SRC_URI = "http://www.bzip.org/${PV}/${BP}.tar.gz \ +SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/${BP}.tar.gz \ file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \ file://configure.ac;subdir=${BP} \ file://Makefile.am;subdir=${BP} \ @@ -19,7 +19,7 @@ SRC_URI = "http://www.bzip.org/${PV}/${BP}.tar.gz \ SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b" SRC_URI[sha256sum] = "a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd" -UPSTREAM_CHECK_URI = "http://www.bzip.org/downloads.html" +UPSTREAM_CHECK_URI = "https://www.sourceware.org/bzip2/" PACKAGES =+ "libbz2" diff --git a/meta/recipes-extended/lsb/lsbtest/packages_list b/meta/recipes-extended/lsb/lsbtest/packages_list index 959f931504..1a6c11699a 100644 --- a/meta/recipes-extended/lsb/lsbtest/packages_list +++ b/meta/recipes-extended/lsb/lsbtest/packages_list @@ -1,7 +1,7 @@ LSB_RELEASE="released-5.0" LSB_ARCH="lsbarch" -BASE_PACKAGES_LIST="lsb-setup-4.1.0-1.noarch.rpm" +BASE_PACKAGES_LIST="lsb-setup-5.0.0-2.noarch.rpm" RUNTIME_BASE_PACKAGES_LIST="lsb-dist-checker-5.0.0.1-1.targetarch.rpm \ lsb-tet3-lite-3.7-27.lsb5.targetarch.rpm \ diff --git a/meta/recipes-extended/lsof/lsof_4.89.bb b/meta/recipes-extended/lsof/lsof_4.89.bb index 14546db23c..b58b8281f9 100644 --- a/meta/recipes-extended/lsof/lsof_4.89.bb +++ b/meta/recipes-extended/lsof/lsof_4.89.bb @@ -11,12 +11,12 @@ LIC_FILES_CHKSUM = "file://00README;beginline=645;endline=679;md5=964df275d26429 # https://people.freebsd.org/~abe/ ). http://www.mirrorservice.org seems to be # the most commonly used alternative. -SRC_URI = "http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_${PV}.tar.bz2 \ +SRC_URI = "http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/OLD/lsof_${PV}.tar.gz \ file://lsof-remove-host-information.patch \ " -SRC_URI[md5sum] = "1b9cd34f3fb86856a125abbf2be3a386" -SRC_URI[sha256sum] = "81ac2fc5fdc944793baf41a14002b6deb5a29096b387744e28f8c30a360a3718" +SRC_URI[md5sum] = "8afbaff3ee308edc130bdc5df0801c8f" +SRC_URI[sha256sum] = "5d08da7ebe049c9d9a6472d6afb81aa5af54c4733a3f8822cbc22b57867633c9" LOCALSRC = "file://${WORKDIR}/lsof_${PV}/lsof_${PV}_src.tar" diff --git a/meta/recipes-extended/minicom/minicom_2.7.1.bb b/meta/recipes-extended/minicom/minicom_2.7.1.bb index 1a31a872d6..78edffaf4c 100644 --- a/meta/recipes-extended/minicom/minicom_2.7.1.bb +++ b/meta/recipes-extended/minicom/minicom_2.7.1.bb @@ -7,7 +7,7 @@ LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=420477abc567404debca0a2a1cb6b645 \ file://src/minicom.h;beginline=1;endline=12;md5=a58838cb709f0db517f4e42730c49e81" -SRC_URI = "https://alioth.debian.org/frs/download.php/latestfile/3/${BP}.tar.gz \ +SRC_URI = "${DEBIAN_MIRROR}/main/m/${BPN}/${BPN}_${PV}.orig.tar.gz \ file://allow.to.disable.lockdev.patch \ file://0001-fix-minicom-h-v-return-value-is-not-0.patch \ file://0001-Fix-build-issus-surfaced-due-to-musl.patch \ diff --git a/meta/recipes-extended/shadow/files/CVE-2016-6252.patch b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch new file mode 100644 index 0000000000..bdaba5eecd --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch @@ -0,0 +1,48 @@ +From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001 +From: Sebastian Krahmer <krahmer@suse.com> +Date: Wed, 3 Aug 2016 11:51:07 -0500 +Subject: [PATCH] Simplify getulong + +Use strtoul to read an unsigned long, rather than reading +a signed long long and casting it. + +https://bugzilla.suse.com/show_bug.cgi?id=979282 + +Upstream-Status: Backport +Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> +--- + lib/getulong.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/lib/getulong.c b/lib/getulong.c +index 61579ca..08d2c1a 100644 +--- a/lib/getulong.c ++++ b/lib/getulong.c +@@ -44,22 +44,19 @@ + */ + int getulong (const char *numstr, /*@out@*/unsigned long int *result) + { +- long long int val; ++ unsigned long int val; + char *endptr; + + errno = 0; +- val = strtoll (numstr, &endptr, 0); ++ val = strtoul (numstr, &endptr, 0); + if ( ('\0' == *numstr) + || ('\0' != *endptr) + || (ERANGE == errno) +- /*@+ignoresigns@*/ +- || (val != (unsigned long int)val) +- /*@=ignoresigns@*/ + ) { + return 0; + } + +- *result = (unsigned long int)val; ++ *result = val; + return 1; + } + +-- +1.9.1 diff --git a/meta/recipes-extended/shadow/files/CVE-2017-2616.patch b/meta/recipes-extended/shadow/files/CVE-2017-2616.patch new file mode 100644 index 0000000000..ee728f0952 --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2017-2616.patch @@ -0,0 +1,64 @@ +shadow-4.2.1: Fix CVE-2017-2616 + +[No upstream tracking] -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943 + +su: properly clear child PID + +If su is compiled with PAM support, it is possible for any local user +to send SIGKILL to other processes with root privileges. There are +only two conditions. First, the user must be able to perform su with +a successful login. This does NOT have to be the root user, even using +su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL +can only be sent to processes which were executed after the su process. +It is not possible to send SIGKILL to processes which were already +running. I consider this as a security vulnerability, because I was +able to write a proof of concept which unlocked a screen saver of +another user this way. + +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686] +CVE: CVE-2017-2616 +bug: 855943 +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> + +diff --git a/src/su.c b/src/su.c +index 3704217..1efcd61 100644 +--- a/src/su.c ++++ b/src/su.c +@@ -363,20 +363,35 @@ static void prepare_pam_close_session (void) + /* wake child when resumed */ + kill (pid, SIGCONT); + stop = false; ++ } else { ++ pid_child = 0; + } + } while (!stop); + } + +- if (0 != caught) { ++ if (0 != caught && 0 != pid_child) { + (void) fputs ("\n", stderr); + (void) fputs (_("Session terminated, terminating shell..."), + stderr); + (void) kill (-pid_child, caught); + + (void) signal (SIGALRM, kill_child); ++ (void) signal (SIGCHLD, catch_signals); + (void) alarm (2); + +- (void) wait (&status); ++ sigemptyset (&ourset); ++ if ((sigaddset (&ourset, SIGALRM) != 0) ++ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) { ++ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog); ++ kill_child (0); ++ } else { ++ while (0 == waitpid (pid_child, &status, WNOHANG)) { ++ sigsuspend (&ourset); ++ } ++ pid_child = 0; ++ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL); ++ } ++ + (void) fputs (_(" ...terminated.\n"), stderr); + } + diff --git a/meta/recipes-extended/shadow/files/CVE-2018-7169.patch b/meta/recipes-extended/shadow/files/CVE-2018-7169.patch new file mode 100644 index 0000000000..36887d44ee --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2018-7169.patch @@ -0,0 +1,186 @@ +From fb28c99b8a66ff2605c5cb96abc0a4d975f92de0 Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai <asarai@suse.de> +Date: Thu, 15 Feb 2018 23:49:40 +1100 +Subject: [PATCH] newgidmap: enforce setgroups=deny if self-mapping a group + +This is necessary to match the kernel-side policy of "self-mapping in a +user namespace is fine, but you cannot drop groups" -- a policy that was +created in order to stop user namespaces from allowing trivial privilege +escalation by dropping supplementary groups that were "blacklisted" from +certain paths. + +This is the simplest fix for the underlying issue, and effectively makes +it so that unless a user has a valid mapping set in /etc/subgid (which +only administrators can modify) -- and they are currently trying to use +that mapping -- then /proc/$pid/setgroups will be set to deny. This +workaround is only partial, because ideally it should be possible to set +an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow +administrators to further restrict newgidmap(1). + +We also don't write anything in the "allow" case because "allow" is the +default, and users may have already written "deny" even if they +technically are allowed to use setgroups. And we don't write anything if +the setgroups policy is already "deny". + +Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 +Fixes: CVE-2018-7169 + +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/fb28c99b8a66ff2605c5cb96abc0a4d975f92de0] +Reported-by: Craig Furman <craig.furman89@gmail.com> +Signed-off-by: Aleksa Sarai <asarai@suse.de> +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + src/newgidmap.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 80 insertions(+), 9 deletions(-) + +diff --git a/src/newgidmap.c b/src/newgidmap.c +index b1e33513..59a2e75c 100644 +--- a/src/newgidmap.c ++++ b/src/newgidmap.c +@@ -46,32 +46,37 @@ + */ + const char *Prog; + +-static bool verify_range(struct passwd *pw, struct map_range *range) ++ ++static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups) + { + /* An empty range is invalid */ + if (range->count == 0) + return false; + +- /* Test /etc/subgid */ +- if (have_sub_gids(pw->pw_name, range->lower, range->count)) ++ /* Test /etc/subgid. If the mapping is valid then we allow setgroups. */ ++ if (have_sub_gids(pw->pw_name, range->lower, range->count)) { ++ *allow_setgroups = true; + return true; ++ } + +- /* Allow a process to map it's own gid */ +- if ((range->count == 1) && (pw->pw_gid == range->lower)) ++ /* Allow a process to map its own gid. */ ++ if ((range->count == 1) && (pw->pw_gid == range->lower)) { ++ /* noop -- if setgroups is enabled already we won't disable it. */ + return true; ++ } + + return false; + } + + static void verify_ranges(struct passwd *pw, int ranges, +- struct map_range *mappings) ++ struct map_range *mappings, bool *allow_setgroups) + { + struct map_range *mapping; + int idx; + + mapping = mappings; + for (idx = 0; idx < ranges; idx++, mapping++) { +- if (!verify_range(pw, mapping)) { ++ if (!verify_range(pw, mapping, allow_setgroups)) { + fprintf(stderr, _( "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"), + Prog, + mapping->upper, +@@ -89,6 +94,70 @@ static void usage(void) + exit(EXIT_FAILURE); + } + ++void write_setgroups(int proc_dir_fd, bool allow_setgroups) ++{ ++ int setgroups_fd; ++ char *policy, policy_buffer[4096]; ++ ++ /* ++ * Default is "deny", and any "allow" will out-rank a "deny". We don't ++ * forcefully write an "allow" here because the process we are writing ++ * mappings for may have already set themselves to "deny" (and "allow" ++ * is the default anyway). So allow_setgroups == true is a noop. ++ */ ++ policy = "deny\n"; ++ if (allow_setgroups) ++ return; ++ ++ setgroups_fd = openat(proc_dir_fd, "setgroups", O_RDWR|O_CLOEXEC); ++ if (setgroups_fd < 0) { ++ /* ++ * If it's an ENOENT then we are on too old a kernel for the setgroups ++ * code to exist. Emit a warning and bail on this. ++ */ ++ if (ENOENT == errno) { ++ fprintf(stderr, _("%s: kernel doesn't support setgroups restrictions\n"), Prog); ++ goto out; ++ } ++ fprintf(stderr, _("%s: couldn't open process setgroups: %s\n"), ++ Prog, ++ strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ ++ /* ++ * Check whether the policy is already what we want. /proc/self/setgroups ++ * is write-once, so attempting to write after it's already written to will ++ * fail. ++ */ ++ if (read(setgroups_fd, policy_buffer, sizeof(policy_buffer)) < 0) { ++ fprintf(stderr, _("%s: failed to read setgroups: %s\n"), ++ Prog, ++ strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ if (!strncmp(policy_buffer, policy, strlen(policy))) ++ goto out; ++ ++ /* Write the policy. */ ++ if (lseek(setgroups_fd, 0, SEEK_SET) < 0) { ++ fprintf(stderr, _("%s: failed to seek setgroups: %s\n"), ++ Prog, ++ strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ if (dprintf(setgroups_fd, "%s", policy) < 0) { ++ fprintf(stderr, _("%s: failed to setgroups %s policy: %s\n"), ++ Prog, ++ policy, ++ strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ ++out: ++ close(setgroups_fd); ++} ++ + /* + * newgidmap - Set the gid_map for the specified process + */ +@@ -103,6 +172,7 @@ int main(int argc, char **argv) + struct stat st; + struct passwd *pw; + int written; ++ bool allow_setgroups = false; + + Prog = Basename (argv[0]); + +@@ -145,7 +215,7 @@ int main(int argc, char **argv) + (unsigned long) getuid ())); + return EXIT_FAILURE; + } +- ++ + /* Get the effective uid and effective gid of the target process */ + if (fstat(proc_dir_fd, &st) < 0) { + fprintf(stderr, _("%s: Could not stat directory for target %u\n"), +@@ -177,8 +247,9 @@ int main(int argc, char **argv) + if (!mappings) + usage(); + +- verify_ranges(pw, ranges, mappings); ++ verify_ranges(pw, ranges, mappings, &allow_setgroups); + ++ write_setgroups(proc_dir_fd, allow_setgroups); + write_mapping(proc_dir_fd, ranges, mappings, "gid_map"); + sub_gid_close(); + +-- +2.13.3 + diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index cc189649b2..f3f5bf6f07 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -9,7 +9,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ DEPENDS_class-native = "" DEPENDS_class-nativesdk = "" -SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ +UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases" + +SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/${BP}.tar.xz \ file://shadow-4.1.3-dots-in-usernames.patch \ file://usermod-fix-compilation-failure-with-subids-disabled.patch \ file://fix-installation-failure-with-subids-disabled.patch \ @@ -17,7 +19,10 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \ file://0001-useradd-copy-extended-attributes-of-home.patch \ file://0001-shadow-CVE-2017-12424 \ + file://CVE-2017-2616.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://CVE-2018-7169.patch \ + file://CVE-2016-6252.patch \ " SRC_URI_append_class-target = " \ @@ -128,7 +133,8 @@ do_install_append() { # Ensure that the image has as a /var/spool/mail dir so shadow can # put mailboxes there if the user reconfigures shadow to its # defaults (see sed below). - install -d ${D}${localstatedir}/spool/mail + install -m 0775 -d ${D}${localstatedir}/spool/mail + chown root:mail ${D}${localstatedir}/spool/mail if [ -e ${WORKDIR}/pam.d ]; then install -d ${D}${sysconfdir}/pam.d/ diff --git a/meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch b/meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch deleted file mode 100644 index e49fa09647..0000000000 --- a/meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch +++ /dev/null @@ -1,174 +0,0 @@ -From b520d20b8122a783f99f088758b78d928f70ee34 Mon Sep 17 00:00:00 2001 -From: Paul Eggert <eggert@cs.ucla.edu> -Date: Mon, 23 Oct 2017 11:42:45 -0700 -Subject: [PATCH] Fix Makefile quoting bug - -Problem with INSTALLARGS reported by Zefram in: -https://mm.icann.org/pipermail/tz/2017-October/025360.html -Fix similar problems too. -* Makefile (ZIC_INSTALL, VALIDATE_ENV, CC, install) -(INSTALL, version, INSTALLARGS, right_posix, posix_right) -(check_public): Use apostrophes to prevent undesirable -interpretation of names by the shell. We still do not support -directory names containing apostrophes or newlines, but this is -good enough. - -Upstream-Status: Backport -Signed-off-by: Armin Kuster <akuster@mvista.com> - -* NEWS: Mention this. ---- - Makefile | 64 ++++++++++++++++++++++++++++++++-------------------------------- - NEWS | 8 ++++++++ - 2 files changed, 40 insertions(+), 32 deletions(-) - -diff --git a/Makefile b/Makefile -index c92edc0..97649ca 100644 ---- a/Makefile -+++ b/Makefile -@@ -313,7 +313,7 @@ ZFLAGS= - - # How to use zic to install tz binary files. - --ZIC_INSTALL= $(ZIC) -d $(DESTDIR)$(TZDIR) $(LEAPSECONDS) -+ZIC_INSTALL= $(ZIC) -d '$(DESTDIR)$(TZDIR)' $(LEAPSECONDS) - - # The name of a Posix-compliant 'awk' on your system. - AWK= awk -@@ -341,8 +341,8 @@ SGML_CATALOG_FILES= \ - VALIDATE = nsgmls - VALIDATE_FLAGS = -s -B -wall -wno-unused-param - VALIDATE_ENV = \ -- SGML_CATALOG_FILES=$(SGML_CATALOG_FILES) \ -- SGML_SEARCH_PATH=$(SGML_SEARCH_PATH) \ -+ SGML_CATALOG_FILES='$(SGML_CATALOG_FILES)' \ -+ SGML_SEARCH_PATH='$(SGML_SEARCH_PATH)' \ - SP_CHARSET_FIXED=YES \ - SP_ENCODING=UTF-8 - -@@ -396,7 +396,7 @@ GZIPFLAGS= -9n - #MAKE= make - - cc= cc --CC= $(cc) -DTZDIR=\"$(TZDIR)\" -+CC= $(cc) -DTZDIR='"$(TZDIR)"' - - AR= ar - -@@ -473,29 +473,29 @@ all: tzselect yearistype zic zdump libtz.a $(TABDATA) - ALL: all date $(ENCHILADA) - - install: all $(DATA) $(REDO) $(MANS) -- mkdir -p $(DESTDIR)$(ETCDIR) $(DESTDIR)$(TZDIR) \ -- $(DESTDIR)$(LIBDIR) \ -- $(DESTDIR)$(MANDIR)/man3 $(DESTDIR)$(MANDIR)/man5 \ -- $(DESTDIR)$(MANDIR)/man8 -+ mkdir -p '$(DESTDIR)$(ETCDIR)' '$(DESTDIR)$(TZDIR)' \ -+ '$(DESTDIR)$(LIBDIR)' \ -+ '$(DESTDIR)$(MANDIR)/man3' '$(DESTDIR)$(MANDIR)/man5' \ -+ '$(DESTDIR)$(MANDIR)/man8' - $(ZIC_INSTALL) -l $(LOCALTIME) -p $(POSIXRULES) -- cp -f $(TABDATA) $(DESTDIR)$(TZDIR)/. -- cp tzselect zic zdump $(DESTDIR)$(ETCDIR)/. -- cp libtz.a $(DESTDIR)$(LIBDIR)/. -- $(RANLIB) $(DESTDIR)$(LIBDIR)/libtz.a -- cp -f newctime.3 newtzset.3 $(DESTDIR)$(MANDIR)/man3/. -- cp -f tzfile.5 $(DESTDIR)$(MANDIR)/man5/. -- cp -f tzselect.8 zdump.8 zic.8 $(DESTDIR)$(MANDIR)/man8/. -+ cp -f $(TABDATA) '$(DESTDIR)$(TZDIR)/.' -+ cp tzselect zic zdump '$(DESTDIR)$(ETCDIR)/.' -+ cp libtz.a '$(DESTDIR)$(LIBDIR)/.' -+ $(RANLIB) '$(DESTDIR)$(LIBDIR)/libtz.a' -+ cp -f newctime.3 newtzset.3 '$(DESTDIR)$(MANDIR)/man3/.' -+ cp -f tzfile.5 '$(DESTDIR)$(MANDIR)/man5/.' -+ cp -f tzselect.8 zdump.8 zic.8 '$(DESTDIR)$(MANDIR)/man8/.' - - INSTALL: ALL install date.1 -- mkdir -p $(DESTDIR)$(BINDIR) $(DESTDIR)$(MANDIR)/man1 -- cp date $(DESTDIR)$(BINDIR)/. -- cp -f date.1 $(DESTDIR)$(MANDIR)/man1/. -+ mkdir -p '$(DESTDIR)$(BINDIR)' '$(DESTDIR)$(MANDIR)/man1' -+ cp date '$(DESTDIR)$(BINDIR)/.' -+ cp -f date.1 '$(DESTDIR)$(MANDIR)/man1/.' - - version: $(VERSION_DEPS) - { (type git) >/dev/null 2>&1 && \ - V=`git describe --match '[0-9][0-9][0-9][0-9][a-z]*' \ - --abbrev=7 --dirty` || \ -- V=$(VERSION); } && \ -+ V='$(VERSION)'; } && \ - printf '%s\n' "$$V" >$@.out - mv $@.out $@ - -@@ -529,12 +529,12 @@ leapseconds: $(LEAP_DEPS) - # Arguments to pass to submakes of install_data. - # They can be overridden by later submake arguments. - INSTALLARGS = \ -- BACKWARD=$(BACKWARD) \ -- DESTDIR=$(DESTDIR) \ -+ BACKWARD='$(BACKWARD)' \ -+ DESTDIR='$(DESTDIR)' \ - LEAPSECONDS='$(LEAPSECONDS)' \ - PACKRATDATA='$(PACKRATDATA)' \ -- TZDIR=$(TZDIR) \ -- YEARISTYPE=$(YEARISTYPE) \ -+ TZDIR='$(TZDIR)' \ -+ YEARISTYPE='$(YEARISTYPE)' \ - ZIC='$(ZIC)' - - # 'make install_data' installs one set of tz binary files. -@@ -558,16 +558,16 @@ right_only: - # You must replace all of $(TZDIR) to switch from not using leap seconds - # to using them, or vice versa. - right_posix: right_only -- rm -fr $(DESTDIR)$(TZDIR)-leaps -- ln -s $(TZDIR_BASENAME) $(DESTDIR)$(TZDIR)-leaps || \ -- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-leaps right_only -- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-posix posix_only -+ rm -fr '$(DESTDIR)$(TZDIR)-leaps' -+ ln -s '$(TZDIR_BASENAME)' '$(DESTDIR)$(TZDIR)-leaps' || \ -+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-leaps' right_only -+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-posix' posix_only - - posix_right: posix_only -- rm -fr $(DESTDIR)$(TZDIR)-posix -- ln -s $(TZDIR_BASENAME) $(DESTDIR)$(TZDIR)-posix || \ -- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-posix posix_only -- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-leaps right_only -+ rm -fr '$(DESTDIR)$(TZDIR)-posix' -+ ln -s '$(TZDIR_BASENAME)' '$(DESTDIR)$(TZDIR)-posix' || \ -+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-posix' posix_only -+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-leaps' right_only - - # This obsolescent rule is present for backwards compatibility with - # tz releases 2014g through 2015g. It should go away eventually. -@@ -764,7 +764,7 @@ set-timestamps.out: $(ENCHILADA) - - check_public: - $(MAKE) maintainer-clean -- $(MAKE) "CFLAGS=$(GCC_DEBUG_FLAGS)" ALL -+ $(MAKE) CFLAGS='$(GCC_DEBUG_FLAGS)' ALL - mkdir -p public.dir - for i in $(TDATA) tzdata.zi; do \ - $(zic) -v -d public.dir $$i 2>&1 || exit; \ -diff --git a/NEWS b/NEWS -index bd2bec2..75ab095 100644 ---- a/NEWS -+++ b/NEWS -@@ -1,5 +1,13 @@ - News for the tz database - -+Unreleased, experimental changes -+ -+ Changes to build procedure -+ -+ The Makefile now quotes values like BACKWARD more carefully when -+ passing them to the shell. (Problem reported by Zefram.) -+ -+ - Release 2017c - 2017-10-20 14:49:34 -0700 - - Briefly: --- -2.7.4 - diff --git a/meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch b/meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch deleted file mode 100644 index 87afe47694..0000000000 --- a/meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch +++ /dev/null @@ -1,115 +0,0 @@ -From e231da4fb2beb17c60b4b1a5c276366d6a6e433f Mon Sep 17 00:00:00 2001 -From: Paul Eggert <eggert@cs.ucla.edu> -Date: Mon, 23 Oct 2017 17:58:36 -0700 -Subject: [PATCH] Port zdump to C90 + snprintf -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Problem reported by Jon Skeet in: -https://mm.icann.org/pipermail/tz/2017-October/025362.html -* NEWS: Mention this. -* zdump.c (my_snprintf): New macro or function. If a macro, it is -just snprintf. If a function, it is the same as the old snprintf -static function, with an ATTRIBUTE_FORMAT to pacify modern GCC. -All uses of snprintf changed to use my_snprintf. This way, -installers don’t need to specify -DHAVE_SNPRINTF if they are using -a pre-C99 compiler with a library that has snprintf. - -Upstream-Status: Backport -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - NEWS | 4 ++++ - zdump.c | 29 ++++++++++++++++------------- - 2 files changed, 20 insertions(+), 13 deletions(-) - -diff --git a/NEWS b/NEWS -index 75ab095..dea08b8 100644 ---- a/NEWS -+++ b/NEWS -@@ -7,6 +7,10 @@ Unreleased, experimental changes - The Makefile now quotes values like BACKWARD more carefully when - passing them to the shell. (Problem reported by Zefram.) - -+ Builders no longer need to specify -DHAVE_SNPRINTF on platforms -+ that have snprintf and use pre-C99 compilers. (Problem reported -+ by Jon Skeet.) -+ - - Release 2017c - 2017-10-20 14:49:34 -0700 - -diff --git a/zdump.c b/zdump.c -index 8e3bf3e..d4e6084 100644 ---- a/zdump.c -+++ b/zdump.c -@@ -795,12 +795,14 @@ show(timezone_t tz, char *zone, time_t t, bool v) - abbrok(abbr(tmp), zone); - } - --#if !HAVE_SNPRINTF -+#if HAVE_SNPRINTF -+# define my_snprintf snprintf -+#else - # include <stdarg.h> - - /* A substitute for snprintf that is good enough for zdump. */ --static int --snprintf(char *s, size_t size, char const *format, ...) -+static int ATTRIBUTE_FORMAT((printf, 3, 4)) -+my_snprintf(char *s, size_t size, char const *format, ...) - { - int n; - va_list args; -@@ -839,10 +841,10 @@ format_local_time(char *buf, size_t size, struct tm const *tm) - { - int ss = tm->tm_sec, mm = tm->tm_min, hh = tm->tm_hour; - return (ss -- ? snprintf(buf, size, "%02d:%02d:%02d", hh, mm, ss) -+ ? my_snprintf(buf, size, "%02d:%02d:%02d", hh, mm, ss) - : mm -- ? snprintf(buf, size, "%02d:%02d", hh, mm) -- : snprintf(buf, size, "%02d", hh)); -+ ? my_snprintf(buf, size, "%02d:%02d", hh, mm) -+ : my_snprintf(buf, size, "%02d", hh)); - } - - /* Store into BUF, of size SIZE, a formatted UTC offset for the -@@ -877,10 +879,10 @@ format_utc_offset(char *buf, size_t size, struct tm const *tm, time_t t) - mm = off / 60 % 60; - hh = off / 60 / 60; - return (ss || 100 <= hh -- ? snprintf(buf, size, "%c%02ld%02d%02d", sign, hh, mm, ss) -+ ? my_snprintf(buf, size, "%c%02ld%02d%02d", sign, hh, mm, ss) - : mm -- ? snprintf(buf, size, "%c%02ld%02d", sign, hh, mm) -- : snprintf(buf, size, "%c%02ld", sign, hh)); -+ ? my_snprintf(buf, size, "%c%02ld%02d", sign, hh, mm) -+ : my_snprintf(buf, size, "%c%02ld", sign, hh)); - } - - /* Store into BUF (of size SIZE) a quoted string representation of P. -@@ -983,15 +985,16 @@ istrftime(char *buf, size_t size, char const *time_fmt, - for (abp = ab; is_alpha(*abp); abp++) - continue; - len = (!*abp && *ab -- ? snprintf(b, s, "%s", ab) -+ ? my_snprintf(b, s, "%s", ab) - : format_quoted_string(b, s, ab)); - if (s <= len) - return false; - b += len, s -= len; - } -- formatted_len = (tm->tm_isdst -- ? snprintf(b, s, &"\t\t%d"[show_abbr], tm->tm_isdst) -- : 0); -+ formatted_len -+ = (tm->tm_isdst -+ ? my_snprintf(b, s, &"\t\t%d"[show_abbr], tm->tm_isdst) -+ : 0); - } - break; - } --- -2.7.4 - diff --git a/meta/recipes-extended/tzcode/tzcode-native_2018c.bb b/meta/recipes-extended/tzcode/tzcode-native_2018f.bb index 85e9b70ace..816e34d00f 100644 --- a/meta/recipes-extended/tzcode/tzcode-native_2018c.bb +++ b/meta/recipes-extended/tzcode/tzcode-native_2018f.bb @@ -11,10 +11,10 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.md5sum] = "e6e0d4b2ce3fa6906f303157bed2612e" -SRC_URI[tzcode.sha256sum] = "31fa7fc0f94a6ff2d6bc878c0a35e8ab8b5aa0e8b01445a1d4a8f14777d0e665" -SRC_URI[tzdata.md5sum] = "c412b1531adef1be7a645ab734f86acc" -SRC_URI[tzdata.sha256sum] = "2825c3e4b7ef520f24d393bcc02942f9762ffd3e7fc9b23850789ed8f22933f6" +SRC_URI[tzdata.md5sum] = "e5e84f00f9d18bd6ebc8b1affec91b15" +SRC_URI[tzdata.sha256sum] = "0af6a85fc4ea95832f76524f35696a61abb3992fd3f8db33e5a1f95653e043f2" +SRC_URI[tzcode.md5sum] = "011d394b70e6ee3823fd77010b99737f" +SRC_URI[tzcode.sha256sum] = "4ec74f8a84372570135ea4be16a042442fafe100f5598cb1017bfd30af6aaa70" S = "${WORKDIR}" diff --git a/meta/recipes-extended/tzdata/tzdata_2018c.bb b/meta/recipes-extended/tzdata/tzdata_2018f.bb index ff5ec1cc43..b167540608 100644 --- a/meta/recipes-extended/tzdata/tzdata_2018c.bb +++ b/meta/recipes-extended/tzdata/tzdata_2018f.bb @@ -9,8 +9,8 @@ DEPENDS = "tzcode-native" SRC_URI = "http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata" UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzdata.md5sum] = "c412b1531adef1be7a645ab734f86acc" -SRC_URI[tzdata.sha256sum] = "2825c3e4b7ef520f24d393bcc02942f9762ffd3e7fc9b23850789ed8f22933f6" +SRC_URI[tzdata.md5sum] = "e5e84f00f9d18bd6ebc8b1affec91b15" +SRC_URI[tzdata.sha256sum] = "0af6a85fc4ea95832f76524f35696a61abb3992fd3f8db33e5a1f95653e043f2" inherit allarch @@ -171,7 +171,7 @@ FILES_${PN} += "${datadir}/zoneinfo/Pacific/Honolulu \ ${datadir}/zoneinfo/Asia/Dubai \ ${datadir}/zoneinfo/Asia/Karachi \ ${datadir}/zoneinfo/Asia/Dhaka \ - ${datadir}/zoneinfo/Asia/Bankok \ + ${datadir}/zoneinfo/Asia/Bangkok \ ${datadir}/zoneinfo/Asia/Hong_Kong \ ${datadir}/zoneinfo/Asia/Tokyo \ ${datadir}/zoneinfo/Australia/Darwin \ diff --git a/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb b/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb index c71ab1165d..9d8fb28281 100644 --- a/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb +++ b/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb @@ -5,7 +5,7 @@ DESCRIPTION = "The Cantarell font typeface is designed as a \ on-screen reading; in particular, reading web pages on an \ HTC Dream mobile phone." -HOMEPAGE = "https://git.gnome.org/browse/cantarell-fonts/" +HOMEPAGE = "https://gitlab.gnome.org/GNOME/cantarell-fonts/" SECTION = "fonts" LICENSE = "OFL-1.1" LIC_FILES_CHKSUM = "file://COPYING;md5=df91e3ffcab8cfb972a66bf11255188d" @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=df91e3ffcab8cfb972a66bf11255188d" PV = "0.0.24" SRCREV = "07b6ea2cbbebfc360aa4668612a376be5e214eaa" -SRC_URI = "git://git.gnome.org/cantarell-fonts;protocol=git;branch=master" +SRC_URI = "git://gitlab.gnome.org/GNOME/cantarell-fonts;protocol=https;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(?!0\.13)(?!0\.10\.1)\d+\.\d+(\.\d+)+)" S = "${WORKDIR}/git" diff --git a/meta/recipes-graphics/xorg-lib/libxcursor/CVE-2017-16612.patch b/meta/recipes-graphics/xorg-lib/libxcursor/CVE-2017-16612.patch new file mode 100644 index 0000000000..9a1b12e4f4 --- /dev/null +++ b/meta/recipes-graphics/xorg-lib/libxcursor/CVE-2017-16612.patch @@ -0,0 +1,75 @@ +From 4794b5dd34688158fb51a2943032569d3780c4b8 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sat, 21 Oct 2017 23:47:52 +0200 +Subject: Fix heap overflows when parsing malicious files. (CVE-2017-16612) + +It is possible to trigger heap overflows due to an integer overflow +while parsing images and a signedness issue while parsing comments. + +The integer overflow occurs because the chosen limit 0x10000 for +dimensions is too large for 32 bit systems, because each pixel takes +4 bytes. Properly chosen values allow an overflow which in turn will +lead to less allocated memory than needed for subsequent reads. + +The signedness bug is triggered by reading the length of a comment +as unsigned int, but casting it to int when calling the function +XcursorCommentCreate. Turning length into a negative value allows the +check against XCURSOR_COMMENT_MAX_LEN to pass, and the following +addition of sizeof (XcursorComment) + 1 makes it possible to allocate +less memory than needed for subsequent reads. + +Upstream-Status: Backport from v1.1.15 +CVE: CVE-2017-16612 + +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + src/file.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/file.c b/src/file.c +index 43163c2..da16277 100644 +--- a/src/file.c ++++ b/src/file.c +@@ -29,6 +29,11 @@ XcursorImageCreate (int width, int height) + { + XcursorImage *image; + ++ if (width < 0 || height < 0) ++ return NULL; ++ if (width > XCURSOR_IMAGE_MAX_SIZE || height > XCURSOR_IMAGE_MAX_SIZE) ++ return NULL; ++ + image = malloc (sizeof (XcursorImage) + + width * height * sizeof (XcursorPixel)); + if (!image) +@@ -101,7 +106,7 @@ XcursorCommentCreate (XcursorUInt comment_type, int length) + { + XcursorComment *comment; + +- if (length > XCURSOR_COMMENT_MAX_LEN) ++ if (length < 0 || length > XCURSOR_COMMENT_MAX_LEN) + return NULL; + + comment = malloc (sizeof (XcursorComment) + length + 1); +@@ -448,7 +453,8 @@ _XcursorReadImage (XcursorFile *file, + if (!_XcursorReadUInt (file, &head.delay)) + return NULL; + /* sanity check data */ +- if (head.width >= 0x10000 || head.height > 0x10000) ++ if (head.width > XCURSOR_IMAGE_MAX_SIZE || ++ head.height > XCURSOR_IMAGE_MAX_SIZE) + return NULL; + if (head.width == 0 || head.height == 0) + return NULL; +@@ -457,6 +463,8 @@ _XcursorReadImage (XcursorFile *file, + + /* Create the image and initialize it */ + image = XcursorImageCreate (head.width, head.height); ++ if (image == NULL) ++ return NULL; + if (chunkHeader.version < image->version) + image->version = chunkHeader.version; + image->size = chunkHeader.subtype; +-- +cgit v1.1 + diff --git a/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb b/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb index 17629047b7..ccc4347820 100644 --- a/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb +++ b/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb @@ -16,6 +16,8 @@ BBCLASSEXTEND = "native nativesdk" PE = "1" +SRC_URI += "file://CVE-2017-16612.patch" + XORG_PN = "libXcursor" SRC_URI[md5sum] = "1e7c17afbbce83e2215917047c57d1b3" diff --git a/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb b/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb index 552eb6abaa..6052650c95 100644 --- a/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb +++ b/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb @@ -9,6 +9,8 @@ DEPENDS += "cryptodev-linux" SRC_URI += " \ file://0001-Disable-installing-header-file-provided-by-another-p.patch \ +file://0001-ioctl.c-Fix-build-with-linux-4.13.patch \ +file://0001-ioctl.c-Fix-build-with-linux-4.17.patch \ " EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"' diff --git a/meta/recipes-kernel/cryptodev/cryptodev.inc b/meta/recipes-kernel/cryptodev/cryptodev.inc index 50366e7202..ab15bc1d97 100644 --- a/meta/recipes-kernel/cryptodev/cryptodev.inc +++ b/meta/recipes-kernel/cryptodev/cryptodev.inc @@ -3,11 +3,9 @@ HOMEPAGE = "http://cryptodev-linux.org/" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "http://nwl.cc/pub/cryptodev-linux/cryptodev-linux-${PV}.tar.gz" +SRC_URI = "git://github.com/cryptodev-linux/cryptodev-linux" +SRCREV = "87d959d9a279c055b361de8e730fab6a7144edd7" -SRC_URI[md5sum] = "cb4e0ed9e5937716c7c8a7be84895b6d" -SRC_URI[sha256sum] = "9f4c0b49b30e267d776f79455d09c70cc9c12c86eee400a0d0a0cd1d8e467950" - -S = "${WORKDIR}/cryptodev-linux-${PV}" +S = "${WORKDIR}/git" CLEANBROKEN = "1" diff --git a/meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch b/meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch index 3f0298b0b0..84fd27e681 100644 --- a/meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch +++ b/meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch @@ -14,37 +14,37 @@ Upstream-Status: Pending tests/Makefile | 8 ++++++++ 2 files changed, 14 insertions(+), 0 deletions(-) -diff --git a/Makefile b/Makefile -index 31c4b3f..2ecf2a9 100644 ---- a/Makefile -+++ b/Makefile -@@ -34,6 +34,9 @@ modules_install: - @echo "Installing cryptodev.h in $(PREFIX)/usr/include/crypto ..." - @install -D crypto/cryptodev.h $(PREFIX)/usr/include/crypto/cryptodev.h +Index: git/Makefile +=================================================================== +--- git.orig/Makefile ++++ git/Makefile +@@ -35,6 +35,9 @@ modules_install: + $(MAKE) $(KERNEL_MAKE_OPTS) modules_install + install -m 644 -D crypto/cryptodev.h $(DESTDIR)/$(includedir)/crypto/cryptodev.h +install_tests: + make -C tests install DESTDIR=$(PREFIX) + clean: - make -C $(KERNEL_DIR) SUBDIRS=`pwd` clean + $(MAKE) $(KERNEL_MAKE_OPTS) clean rm -f $(hostprogs) *~ -@@ -42,6 +45,9 @@ clean: +@@ -43,6 +46,9 @@ clean: check: - CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) make -C tests check + CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) $(MAKE) -C tests check +testprogs: + KERNEL_DIR=$(KERNEL_DIR) make -C tests testprogs + CPOPTS = - ifneq (${SHOW_TYPES},) + ifneq ($(SHOW_TYPES),) CPOPTS += --show-types -diff --git a/tests/Makefile b/tests/Makefile -index c9f04e8..cd202af 100644 ---- a/tests/Makefile -+++ b/tests/Makefile -@@ -19,6 +19,12 @@ example-async-hmac-objs := async_hmac.o - example-async-speed-objs := async_speed.o - example-hashcrypt-speed-objs := hashcrypt_speed.c +Index: git/tests/Makefile +=================================================================== +--- git.orig/tests/Makefile ++++ git/tests/Makefile +@@ -23,6 +23,12 @@ bindir = $(execprefix)/bin + + all: $(hostprogs) +install: + install -d $(DESTDIR)/usr/bin/tests_cryptodev @@ -55,9 +55,9 @@ index c9f04e8..cd202af 100644 check: $(hostprogs) ./cipher ./hmac -@@ -28,6 +34,8 @@ check: $(hostprogs) - ./cipher-gcm - ./cipher-aead +@@ -38,6 +44,8 @@ install: + install -m 755 $$prog $(DESTDIR)/$(bindir); \ + done +testprogs: $(hostprogs) + diff --git a/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.13.patch b/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.13.patch new file mode 100644 index 0000000000..a41efacdd9 --- /dev/null +++ b/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.13.patch @@ -0,0 +1,49 @@ +From f0d69774afb27ffc62bf353465fba145e70cb85a Mon Sep 17 00:00:00 2001 +From: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com> +Date: Mon, 4 Sep 2017 11:05:08 +0200 +Subject: [PATCH] ioctl.c: Fix build with linux 4.13 + +git/ioctl.c:1127:3: error: positional initialization of field in 'struct' declared with 'designated_init' attribute [-Werror=designated-init] + {0, }, + ^ +note: (near initialization for 'verbosity_ctl_dir[1]') +git/ioctl.c:1136:3: error: positional initialization of field in 'struct' declared with 'designated_init' attribute [-Werror=designated-init] + {0, }, + ^ + +Linux kernel has added -Werror=designated-init around 4.11 (c834f0e8a8b) +triggering build errors with gcc 5 and 6 (but not with gcc 4) + +Upstream-Status: Backport + +Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com> +Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> +--- + ioctl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index 0385203..8d4a162 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -1124,7 +1124,7 @@ static struct ctl_table verbosity_ctl_dir[] = { + .mode = 0644, + .proc_handler = proc_dointvec, + }, +- {0, }, ++ {}, + }; + + static struct ctl_table verbosity_ctl_root[] = { +@@ -1133,7 +1133,7 @@ static struct ctl_table verbosity_ctl_root[] = { + .mode = 0555, + .child = verbosity_ctl_dir, + }, +- {0, }, ++ {}, + }; + static struct ctl_table_header *verbosity_sysctl_header; + static int __init init_cryptodev(void) +-- +2.7.4 + diff --git a/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch b/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch new file mode 100644 index 0000000000..5881d1c4ee --- /dev/null +++ b/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch @@ -0,0 +1,43 @@ +From f60aa08c63fc02780554a0a12180a478ca27d49f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Horia=20Geant=C4=83?= <horia.geanta@nxp.com> +Date: Wed, 23 May 2018 18:43:39 +0300 +Subject: [PATCH] ioctl.c: Fix build with linux 4.17 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since kernel 4.17-rc1, sys_* syscalls can no longer be called directly: +819671ff849b ("syscalls: define and explain goal to not call syscalls in the kernel") + +Since cryptodev uses sys_close() - and this has been removed in commit: +2ca2a09d6215 ("fs: add ksys_close() wrapper; remove in-kernel calls to sys_close()") +cryptodev has to be updated to use the ksys_close() wrapper. + +Signed-off-by: Horia Geantă <horia.geanta@nxp.com> + +Upstream-Status: Backport + +Signed-off-by: He Zhe <zhe.he@windriver.com> +--- + ioctl.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/ioctl.c b/ioctl.c +index d831b0c..2571034 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -828,7 +828,11 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + fd = clonefd(filp); + ret = put_user(fd, p); + if (unlikely(ret)) { ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0)) + sys_close(fd); ++#else ++ ksys_close(fd); ++#endif + return ret; + } + return ret; +-- +2.7.4 + diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb index 9054b33cc0..2c3f8cd323 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb @@ -37,6 +37,7 @@ LICENSE = "\ & Firmware-ath9k-htc \ & Firmware-phanfw \ & Firmware-qat \ + & Firmware-qcom \ & Firmware-qla1280 \ & Firmware-qla2xxx \ & Firmware-qualcommAthos_ar3k \ @@ -90,12 +91,13 @@ LIC_FILES_CHKSUM = "\ file://LICENCE.Marvell;md5=9ddea1734a4baf3c78d845151f42a37a \ file://LICENCE.moxa;md5=1086614767d8ccf744a923289d3d4261 \ file://LICENCE.myri10ge_firmware;md5=42e32fb89f6b959ca222e25ac8df8fed \ - file://LICENCE.Netronome;md5=cd2a3e6effe3cdf42731575b8e9477ed \ + file://LICENCE.Netronome;md5=4add08f2577086d44447996503cddf5f \ file://LICENCE.nvidia;md5=4428a922ed3ba2ceec95f076a488ce07 \ file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \ file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \ file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \ file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ + file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \ file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \ file://LICENCE.qla2xxx;md5=505855e921b75f1be4a437ad9b79dff0 \ file://LICENSE.QualcommAtheros_ar3k;md5=b5fe244fb2b532311de1472a3bc06da5 \ @@ -116,7 +118,7 @@ LIC_FILES_CHKSUM = "\ file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \ file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \ file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \ - file://WHENCE;md5=038edbc9e744171d8b6235e0224028ba \ + file://WHENCE;md5=6f46986f4e913ef16b765c2319cc5141 \ " # These are not common licenses, set NO_GENERIC_LICENSE for them @@ -156,6 +158,7 @@ NO_GENERIC_LICENSE[Firmware-OLPC] = "LICENCE.OLPC" NO_GENERIC_LICENSE[Firmware-ath9k-htc] = "LICENCE.open-ath9k-htc-firmware" NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw" NO_GENERIC_LICENSE[Firmware-qat] = "LICENCE.qat_firmware" +NO_GENERIC_LICENSE[Firmware-qcom] = "LICENSE.qcom" NO_GENERIC_LICENSE[Firmware-qla1280] = "LICENCE.qla1280" NO_GENERIC_LICENSE[Firmware-qla2xxx] = "LICENCE.qla2xxx" NO_GENERIC_LICENSE[Firmware-qualcommAthos_ar3k] = "LICENSE.QualcommAtheros_ar3k" @@ -178,7 +181,7 @@ NO_GENERIC_LICENSE[Firmware-xc5000] = "LICENCE.xc5000" NO_GENERIC_LICENSE[Firmware-xc5000c] = "LICENCE.xc5000c" NO_GENERIC_LICENSE[WHENCE] = "WHENCE" -SRCREV = "bf04291309d3169c0ad3b8db52564235bbd08e30" +SRCREV = "8fc2d4e55685bf73b6f7752383da9067404a74bb" PE = "1" PV = "0.0+git${SRCPV}" @@ -229,6 +232,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-ti-connectivity-license ${PN}-wl12xx ${PN}-wl18xx \ ${PN}-vt6656-license ${PN}-vt6656 \ ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \ + ${PN}-rtl8168 \ ${PN}-broadcom-license \ ${PN}-bcm4329 ${PN}-bcm4330 ${PN}-bcm4334 ${PN}-bcm43340 \ ${PN}-bcm43362 ${PN}-bcm4339 ${PN}-bcm43430 ${PN}-bcm4354 \ @@ -249,14 +253,19 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-iwlwifi-7260 \ ${PN}-iwlwifi-7265 \ ${PN}-iwlwifi-7265d ${PN}-iwlwifi-8000c ${PN}-iwlwifi-8265 \ + ${PN}-iwlwifi-9000 \ ${PN}-iwlwifi-misc \ ${PN}-ibt-license ${PN}-ibt ${PN}-ibt-misc \ ${PN}-ibt-11-5 ${PN}-ibt-12-16 ${PN}-ibt-hw-37-7 ${PN}-ibt-hw-37-8 \ + ${PN}-ibt-17 \ ${PN}-i915-license ${PN}-i915 \ ${PN}-adsp-sst-license ${PN}-adsp-sst \ ${PN}-bnx2-mips \ ${PN}-netronome-license ${PN}-netronome \ ${PN}-qat ${PN}-qat-license \ + ${PN}-qcom-license \ + ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 \ + ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a530 \ ${PN}-whence-license \ ${PN}-license \ " @@ -432,6 +441,7 @@ LICENSE_${PN}-rtl8192su = "Firmware-rtlwifi_firmware" LICENSE_${PN}-rtl8723 = "Firmware-rtlwifi_firmware" LICENSE_${PN}-rtl8821 = "Firmware-rtlwifi_firmware" LICENSE_${PN}-rtl-license = "Firmware-rtlwifi_firmware" +LICENSE_${PN}-rtl8168 = "WHENCE" FILES_${PN}-rtl-license = " \ ${nonarch_base_libdir}/firmware/LICENCE.rtlwifi_firmware.txt \ @@ -454,6 +464,9 @@ FILES_${PN}-rtl8723 = " \ FILES_${PN}-rtl8821 = " \ ${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \ " +FILES_${PN}-rtl8168 = " \ + ${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \ +" RDEPENDS_${PN}-rtl8188 += "${PN}-rtl-license" RDEPENDS_${PN}-rtl8192ce += "${PN}-rtl-license" @@ -461,6 +474,7 @@ RDEPENDS_${PN}-rtl8192cu += "${PN}-rtl-license" RDEPENDS_${PN}-rtl8192su = "${PN}-rtl-license" RDEPENDS_${PN}-rtl8723 += "${PN}-rtl-license" RDEPENDS_${PN}-rtl8821 += "${PN}-rtl-license" +RDEPENDS_${PN}-rtl8168 += "${PN}-whence-license" # For ti-connectivity LICENSE_${PN}-wl12xx = "Firmware-ti-connectivity" @@ -596,6 +610,7 @@ LICENSE_${PN}-iwlwifi-7265 = "Firmware-iwlwifi_firmware" LICENSE_${PN}-iwlwifi-7265d = "Firmware-iwlwifi_firmware" LICENSE_${PN}-iwlwifi-8000c = "Firmware-iwlwifi_firmware" LICENSE_${PN}-iwlwifi-8265 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-9000 = "Firmware-iwlwifi_firmware" LICENSE_${PN}-iwlwifi-misc = "Firmware-iwlwifi_firmware" LICENSE_${PN}-iwlwifi-license = "Firmware-iwlwifi_firmware" @@ -622,6 +637,7 @@ FILES_${PN}-iwlwifi-7265 = "${nonarch_base_libdir}/firmware/iwlwifi-7265-*.uco FILES_${PN}-iwlwifi-7265d = "${nonarch_base_libdir}/firmware/iwlwifi-7265D-*.ucode" FILES_${PN}-iwlwifi-8000c = "${nonarch_base_libdir}/firmware/iwlwifi-8000C-*.ucode" FILES_${PN}-iwlwifi-8265 = "${nonarch_base_libdir}/firmware/iwlwifi-8265-*.ucode" +FILES_${PN}-iwlwifi-9000 = "${nonarch_base_libdir}/firmware/iwlwifi-9000-*.ucode" FILES_${PN}-iwlwifi-misc = "${nonarch_base_libdir}/firmware/iwlwifi-*.ucode" RDEPENDS_${PN}-iwlwifi-135-6 = "${PN}-iwlwifi-license" @@ -645,6 +661,7 @@ RDEPENDS_${PN}-iwlwifi-7265 = "${PN}-iwlwifi-license" RDEPENDS_${PN}-iwlwifi-7265d = "${PN}-iwlwifi-license" RDEPENDS_${PN}-iwlwifi-8000c = "${PN}-iwlwifi-license" RDEPENDS_${PN}-iwlwifi-8265 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-9000 = "${PN}-iwlwifi-license" RDEPENDS_${PN}-iwlwifi-misc = "${PN}-iwlwifi-license" # -iwlwifi-misc is a "catch all" package that includes all the iwlwifi @@ -670,6 +687,7 @@ LICENSE_${PN}-ibt-hw-37-7 = "Firmware-ibt_firmware" LICENSE_${PN}-ibt-hw-37-8 = "Firmware-ibt_firmware" LICENSE_${PN}-ibt-11-5 = "Firmware-ibt_firmware" LICENSE_${PN}-ibt-12-16 = "Firmware-ibt_firmware" +LICENSE_${PN}-ibt-17 = "Firmware-ibt_firmware" LICENSE_${PN}-ibt-misc = "Firmware-ibt_firmware" FILES_${PN}-ibt-license = "${nonarch_base_libdir}/firmware/LICENCE.ibt_firmware" @@ -677,12 +695,14 @@ FILES_${PN}-ibt-hw-37-7 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.7*.bs FILES_${PN}-ibt-hw-37-8 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.8*.bseq" FILES_${PN}-ibt-11-5 = "${nonarch_base_libdir}/firmware/intel/ibt-11-5.sfi /lib/firmware/intel/ibt-11-5.ddc" FILES_${PN}-ibt-12-16 = "${nonarch_base_libdir}/firmware/intel/ibt-12-16.sfi /lib/firmware/intel/ibt-12-16.ddc" +FILES_${PN}-ibt-17 = "${nonarch_base_libdir}/firmware/intel/ibt-17-*.sfi /lib/firmware/intel/ibt-17-*.ddc" FILES_${PN}-ibt-misc = "${nonarch_base_libdir}/firmware/ibt-*" RDEPENDS_${PN}-ibt-hw-37-7 = "${PN}-ibt-license" RDEPENDS_${PN}-ibt-hw-37.8 = "${PN}-ibt-license" RDEPENDS_${PN}-ibt-11-5 = "${PN}-ibt-license" RDEPENDS_${PN}-ibt-12-16 = "${PN}-ibt-license" +RDEPENDS_${PN}-ibt-17 = "${PN}-ibt-license" RDEPENDS_${PN}-ibt-misc = "${PN}-ibt-license" ALLOW_EMPTY_${PN}-ibt= "1" @@ -707,6 +727,18 @@ FILES_${PN}-qat-license = "${nonarch_base_libdir}/firmware/LICENCE.qat_firmwar FILES_${PN}-qat = "${nonarch_base_libdir}/firmware/qat*.bin" RDEPENDS_${PN}-qat = "${PN}-qat-license" +# For QCOM VPU/GPU +LICENSE_${PN}-qcom-license = "Firmware-qcom" +FILES_${PN}-qcom-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt" +FILES_${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*" +FILES_${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*" +FILES_${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a300_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw" +FILES_${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*" +RDEPENDS_${PN}-qcom-venus-1.8 = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-venus-4.2 = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-adreno-a3xx = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-adreno-a530 = "${PN}-qcom-license" + # For other firmwares # Maybe split out to separate packages when needed. LICENSE_${PN} = "\ @@ -737,6 +769,7 @@ LICENSE_${PN} = "\ & Firmware-ath9k-htc \ & Firmware-phanfw \ & Firmware-qat \ + & Firmware-qcom \ & Firmware-qla1280 \ & Firmware-qla2xxx \ & Firmware-r8a779x_usb3 \ diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb b/meta/recipes-kernel/linux/kernel-devsrc.bb index c1b5b7786d..8bbfa23e4b 100644 --- a/meta/recipes-kernel/linux/kernel-devsrc.bb +++ b/meta/recipes-kernel/linux/kernel-devsrc.bb @@ -69,6 +69,13 @@ do_install() { cp ${B}/arch/powerpc/lib/crtsavres.o $kerneldir/arch/powerpc/lib/crtsavres.o fi + # Remove fixdep/objtool as they won't be target binaries + for i in fixdep objtool; do + if [ -e $kerneldir/tools/objtool/$i ]; then + rm -rf $kerneldir/tools/objtool/$i + fi + done + chown -R root:root ${D} } # Ensure we don't race against "make scripts" during cpio diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb index da167feeed..e6061f7293 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "bec5c846f002161d695171798f250c59e85ab821" -SRCREV_meta ?= "f8f75cc4d9cb3195a2221b375cfc4f91ee211399" +SRCREV_machine ?= "ef88c3326f62cec4b98340324ddbe7f7f7704fd5" +SRCREV_meta ?= "2ae65226f64ed5c888d60eef76b6249db678d060" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.12.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.12;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.12.21" +LINUX_VERSION ?= "4.12.28" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb index 97538e28bb..cd6e0aa17b 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "d5efeeeb928a0111fc187fd1e8d03d2e4e35d4a0" -SRCREV_meta ?= "b149d14ccae8349ab33e101f6af233a12f4b17ba" +SRCREV_machine ?= "515e72c4bbb5d99964669052220fe459177b7329" +SRCREV_meta ?= "69ebea34250696ebe2d8c87c553480974e56d922" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.4.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.4.113" +LINUX_VERSION ?= "4.4.162" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb index 5c016ed7c2..539865cae7 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "90d1ffa36cbd36722638c97c1bb46a5874dbe28e" -SRCREV_meta ?= "0774eacea2a7d3a150594533b8c80d0c0bfdfded" +SRCREV_machine ?= "3ba839d695fd3681e6920373fc260a2a3f812b8f" +SRCREV_meta ?= "5e993963afb54bdc82a02077c29ecdbc0b12368e" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.9.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.9;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.9.82" +LINUX_VERSION ?= "4.9.113" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb index 325857fa9d..cb4ef3a659 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb @@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "4.12.21" +LINUX_VERSION ?= "4.12.28" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "97e710ef0545c19d3c10bd81a61bdca9fe543b81" -SRCREV_meta ?= "f8f75cc4d9cb3195a2221b375cfc4f91ee211399" +SRCREV_machine ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_meta ?= "2ae65226f64ed5c888d60eef76b6249db678d060" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb index 8a98189d4c..fcf0c6a68c 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb @@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "4.4.113" +LINUX_VERSION ?= "4.4.162" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_meta ?= "b149d14ccae8349ab33e101f6af233a12f4b17ba" +SRCREV_machine ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_meta ?= "69ebea34250696ebe2d8c87c553480974e56d922" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb index 4d4680254d..78b2a9640e 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb @@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "4.9.82" +LINUX_VERSION ?= "4.9.113" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_meta ?= "0774eacea2a7d3a150594533b8c80d0c0bfdfded" +SRCREV_machine ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_meta ?= "5e993963afb54bdc82a02077c29ecdbc0b12368e" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_4.12.bb b/meta/recipes-kernel/linux/linux-yocto_4.12.bb index 81079ce584..0aea05b83f 100644 --- a/meta/recipes-kernel/linux/linux-yocto_4.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto_4.12.bb @@ -11,22 +11,22 @@ KBRANCH_qemux86 ?= "standard/base" KBRANCH_qemux86-64 ?= "standard/base" KBRANCH_qemumips64 ?= "standard/mti-malta64" -SRCREV_machine_qemuarm ?= "fa1d1c94af290039f25b2b6fb0f419b4272e7156" -SRCREV_machine_qemuarm64 ?= "97e710ef0545c19d3c10bd81a61bdca9fe543b81" -SRCREV_machine_qemumips ?= "558d4b974687d421c5e8ff63a7d2660520f9dab0" -SRCREV_machine_qemuppc ?= "97e710ef0545c19d3c10bd81a61bdca9fe543b81" -SRCREV_machine_qemux86 ?= "97e710ef0545c19d3c10bd81a61bdca9fe543b81" -SRCREV_machine_qemux86-64 ?= "97e710ef0545c19d3c10bd81a61bdca9fe543b81" -SRCREV_machine_qemumips64 ?= "09bddd16543c2f4fa1bb5a535994975dd1457fe2" -SRCREV_machine ?= "97e710ef0545c19d3c10bd81a61bdca9fe543b81" -SRCREV_meta ?= "f8f75cc4d9cb3195a2221b375cfc4f91ee211399" +SRCREV_machine_qemuarm ?= "b84ecefc243a6ed67d8b6020394963de1240a9f0" +SRCREV_machine_qemuarm64 ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_machine_qemumips ?= "15b1ab68f73fa60dd95a74c640e87e05fad1716d" +SRCREV_machine_qemuppc ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_machine_qemux86 ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_machine_qemux86-64 ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_machine_qemumips64 ?= "57a3f72a020fc84f2da5b0b4c5de4cdbc22b3284" +SRCREV_machine ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_meta ?= "2ae65226f64ed5c888d60eef76b6249db678d060" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.12.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.12;destsuffix=${KMETA}" DEPENDS += "openssl-native util-linux-native" -LINUX_VERSION ?= "4.12.21" +LINUX_VERSION ?= "4.12.28" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_4.4.bb b/meta/recipes-kernel/linux/linux-yocto_4.4.bb index 97c16d59dd..9d0724712a 100644 --- a/meta/recipes-kernel/linux/linux-yocto_4.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto_4.4.bb @@ -11,20 +11,20 @@ KBRANCH_qemux86 ?= "standard/base" KBRANCH_qemux86-64 ?= "standard/base" KBRANCH_qemumips64 ?= "standard/mti-malta64" -SRCREV_machine_qemuarm ?= "400c0f39b954cd8fffdf53e6ec97852b73fea7af" -SRCREV_machine_qemuarm64 ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_machine_qemumips ?= "fb03a9472367b6c177729ac631326aafd5d17c92" -SRCREV_machine_qemuppc ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_machine_qemux86 ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_machine_qemux86-64 ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_machine_qemumips64 ?= "26b8ba186a6d39728fc1510bd2264110c75842f5" -SRCREV_machine ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_meta ?= "b149d14ccae8349ab33e101f6af233a12f4b17ba" +SRCREV_machine_qemuarm ?= "a68a73dbd3c37ec21239dd97060eef308f1ff958" +SRCREV_machine_qemuarm64 ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_machine_qemumips ?= "3c0e62ea8803a1757e389dcd6233e3d6acba8d2c" +SRCREV_machine_qemuppc ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_machine_qemux86 ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_machine_qemux86-64 ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_machine_qemumips64 ?= "eaed2a94a20c7f65afa342d9243f19337f63b434" +SRCREV_machine ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_meta ?= "69ebea34250696ebe2d8c87c553480974e56d922" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.4.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.4.113" +LINUX_VERSION ?= "4.4.162" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_4.9.bb b/meta/recipes-kernel/linux/linux-yocto_4.9.bb index a5a165f760..5826ba6e2a 100644 --- a/meta/recipes-kernel/linux/linux-yocto_4.9.bb +++ b/meta/recipes-kernel/linux/linux-yocto_4.9.bb @@ -11,20 +11,20 @@ KBRANCH_qemux86 ?= "standard/base" KBRANCH_qemux86-64 ?= "standard/base" KBRANCH_qemumips64 ?= "standard/mti-malta64" -SRCREV_machine_qemuarm ?= "23369eb7e07c839fa73a8c1e85aba37a07bf14c1" -SRCREV_machine_qemuarm64 ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_machine_qemumips ?= "cab9e059447878f5383f91a05db12813f69cbfc1" -SRCREV_machine_qemuppc ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_machine_qemux86 ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_machine_qemux86-64 ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_machine_qemumips64 ?= "c2e5ef83b612d50f50fafeed9930dbea302fbe8c" -SRCREV_machine ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_meta ?= "0774eacea2a7d3a150594533b8c80d0c0bfdfded" +SRCREV_machine_qemuarm ?= "cd831469d8eb4d900fe65985921d2003c59f3a86" +SRCREV_machine_qemuarm64 ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_machine_qemumips ?= "24b020741e8762ec8aeb5be95f842332083b2028" +SRCREV_machine_qemuppc ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_machine_qemux86 ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_machine_qemux86-64 ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_machine_qemumips64 ?= "100a1682529e34d118d5552c9db773635cd2c621" +SRCREV_machine ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_meta ?= "5e993963afb54bdc82a02077c29ecdbc0b12368e" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.9.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.9;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.9.82" +LINUX_VERSION ?= "4.9.113" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb index b79b973947..6fd23d63e3 100644 --- a/meta/recipes-kernel/perf/perf.bb +++ b/meta/recipes-kernel/perf/perf.bb @@ -22,6 +22,9 @@ PACKAGECONFIG[libnuma] = ",NO_LIBNUMA=1" PACKAGECONFIG[systemtap] = ",NO_SDT=1,systemtap" PACKAGECONFIG[jvmti] = ",NO_JVMTI=1" +# libaudit support would need scripting to be enabled +PACKAGECONFIG[audit] = ",NO_LIBAUDIT=1,audit" + DEPENDS = " \ virtual/${MLPREFIX}libc \ ${MLPREFIX}elfutils \ @@ -56,7 +59,7 @@ export PERL_ARCHLIB = "${STAGING_LIBDIR}${PERL_OWN_DIR}/perl/${@get_perl_version inherit kernelsrc -B = "${WORKDIR}/${BPN}-${PV}" +S = "${WORKDIR}/${BP}" SPDX_S = "${S}/tools/perf" # The LDFLAGS is required or some old kernels fails due missing @@ -92,6 +95,24 @@ EXTRA_OEMAKE += "\ 'infodir=${@os.path.relpath(infodir, prefix)}' \ " +# During do_configure, we might run a 'make clean'. That often breaks +# when done in parallel, so disable parallelism for do_configure. Note +# that it has to be done this way rather than by passing -j1, since +# perf's build system by default ignores any -j argument, but does +# honour a JOBS variable. +EXTRA_OEMAKE_append_task-configure = " JOBS=1" + +PERF_SRC ?= "Makefile \ + include \ + tools/arch \ + tools/build \ + tools/include \ + tools/lib \ + tools/Makefile \ + tools/perf \ + tools/scripts \ +" + PERF_EXTRA_LDFLAGS = "" # MIPS N32 @@ -114,11 +135,22 @@ do_install() { fi } -do_configure_prepend () { - # Fix for rebuilding - rm -rf ${B}/ - mkdir -p ${B}/ +do_configure[prefuncs] += "copy_perf_source_from_kernel" +python copy_perf_source_from_kernel() { + sources = (d.getVar("PERF_SRC") or "").split() + src_dir = d.getVar("STAGING_KERNEL_DIR") + dest_dir = d.getVar("S") + bb.utils.mkdirhier(dest_dir) + for s in sources: + src = oe.path.join(src_dir, s) + dest = oe.path.join(dest_dir, s) + if os.path.isdir(src): + oe.path.copyhardlinktree(src, dest) + else: + bb.utils.copyfile(src, dest) +} +do_configure_prepend () { # If building a multlib based perf, the incorrect library path will be # detected by perf, since it triggers via: ifeq ($(ARCH),x86_64). In a 32 bit # build, with a 64 bit multilib, the arch won't match and the detection of a @@ -214,7 +246,7 @@ PACKAGES =+ "${PN}-archive ${PN}-tests ${PN}-perl ${PN}-python" RDEPENDS_${PN} += "elfutils bash" RDEPENDS_${PN}-doc += "man" RDEPENDS_${PN}-archive =+ "bash" -RDEPENDS_${PN}-python =+ "bash python python-modules" +RDEPENDS_${PN}-python =+ "bash python python-modules ${@bb.utils.contains('PACKAGECONFIG', 'audit', 'audit-python', '', d)}" RDEPENDS_${PN}-perl =+ "bash perl perl-modules" RDEPENDS_${PN}-tests =+ "python" diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch new file mode 100644 index 0000000000..7564d92879 --- /dev/null +++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch @@ -0,0 +1,33 @@ +From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001 +From: Thomas Daede <daede003@umn.edu> +Date: Wed, 9 May 2018 14:56:59 -0700 +Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates. + +CVE: CVE-2017-14160 +CVE: CVE-2018-10393 +Upstream-Status: Backport from https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25 + +Signed-off-by: Thomas Daede <daede003@umn.edu> +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + lib/psy.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/psy.c b/lib/psy.c +index 422c6f1..1310123 100644 +--- a/lib/psy.c ++++ b/lib/psy.c +@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b, + for (i = 0, x = 0.f;; i++, x += 1.f) { + + lo = b[i] >> 16; +- if( lo>=0 ) break; + hi = b[i] & 0xffff; ++ if( lo>=0 ) break; ++ if( hi>=n ) break; + + tN = N[hi] + N[-lo]; + tX = X[hi] - X[-lo]; +-- +2.7.4 + diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch new file mode 100644 index 0000000000..f1ef6fb9c7 --- /dev/null +++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch @@ -0,0 +1,29 @@ +From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001 +From: Thomas Daede <daede003@umn.edu> +Date: Thu, 17 May 2018 16:19:19 -0700 +Subject: [PATCH] Sanity check number of channels in setup. + +Fixes #2335. +CVE: CVE-2018-10392 +Upstream-Status: Backport [https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b] + +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + lib/vorbisenc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c +index 4fc7b62..64a51b5 100644 +--- a/lib/vorbisenc.c ++++ b/lib/vorbisenc.c +@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){ + highlevel_encode_setup *hi=&ci->hi; + + if(ci==NULL)return(OV_EINVAL); ++ if(vi->channels<1||vi->channels>255)return(OV_EINVAL); + if(!hi->impulse_block_p)i0=1; + + /* too low/high an ATH floater is nonsensical, but doesn't break anything */ +-- +2.13.3 + diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb index 20f887c252..615b53963b 100644 --- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb +++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb @@ -9,12 +9,15 @@ LICENSE = "BSD" LIC_FILES_CHKSUM = "file://COPYING;md5=7d2c487d2fc7dd3e3c7c465a5b7f6217 \ file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=d1c1d138863d6315131193d4046d81cb" DEPENDS = "libogg" +PR = "r1" SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \ file://0001-configure-Check-for-clang.patch \ file://CVE-2017-14633.patch \ file://CVE-2017-14632.patch \ file://CVE-2018-5146.patch \ + file://CVE-2017-14160.patch \ + file://CVE-2018-10392.patch \ " SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f" SRC_URI[sha256sum] = "54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1" diff --git a/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/update-output-syntax.patch b/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/update-output-syntax.patch index 5a178e2ef1..19c524b0ac 100644 --- a/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/update-output-syntax.patch +++ b/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/update-output-syntax.patch @@ -3,7 +3,7 @@ The terms `FAIL` instead of `FAILED` and `SKIP` instead of `SKIPPED` match what Automake does Upstream-Status: Accepted -[ https://git.gnome.org/browse/gnome-desktop-testing/commit/?id=048850731a640532ef55a61df7357fcc6d2ad501 ] +[ https://gitlab.gnome.org/GNOME/gnome-desktop-testing/commit/048850731a640532ef55a61df7357fcc6d2ad501 ] Signed-off-by: Maxin B. John <maxin.john@intel.com> --- diff --git a/meta/recipes-support/popt/popt_1.16.bb b/meta/recipes-support/popt/popt_1.16.bb index 478288f9bf..377d108449 100644 --- a/meta/recipes-support/popt/popt_1.16.bb +++ b/meta/recipes-support/popt/popt_1.16.bb @@ -8,7 +8,7 @@ PR = "r3" DEPENDS = "virtual/libiconv" -SRC_URI = "http://rpm5.org/files/popt/popt-${PV}.tar.gz \ +SRC_URI = "https://fossies.org/linux/misc/popt-${PV}.tar.gz \ file://pkgconfig_fix.patch \ file://popt_fix_for_automake-1.12.patch \ file://disable_tests.patch \ diff --git a/scripts/contrib/python/generate-manifest-3.5.py b/scripts/contrib/python/generate-manifest-3.5.py index 6352f8f120..750d4fc754 100755 --- a/scripts/contrib/python/generate-manifest-3.5.py +++ b/scripts/contrib/python/generate-manifest-3.5.py @@ -371,7 +371,7 @@ if __name__ == "__main__": "lib-dynload/readline.*.so rlcompleter.*" ) m.addPackage( "${PN}-reprlib", "Python alternate repr() implementation", "${PN}-core", - "reprlib.py" ) + "reprlib.*" ) m.addPackage( "${PN}-resource", "Python resource control interface", "${PN}-core", "lib-dynload/resource.*.so" ) diff --git a/scripts/lib/devtool/sdk.py b/scripts/lib/devtool/sdk.py index f46577c2ab..4616753797 100644 --- a/scripts/lib/devtool/sdk.py +++ b/scripts/lib/devtool/sdk.py @@ -145,6 +145,9 @@ def sdk_update(args, config, basepath, workspace): # Fetch manifest from server tmpmanifest = os.path.join(tmpsdk_dir, 'conf', 'sdk-conf-manifest') ret = subprocess.call("wget -q -O %s %s/conf/sdk-conf-manifest" % (tmpmanifest, updateserver), shell=True) + if ret != 0: + logger.error("Cannot dowload files from %s" % updateserver) + return ret changedfiles = check_manifest(tmpmanifest, basepath) if not changedfiles: logger.info("Already up-to-date") diff --git a/scripts/lib/wic/filemap.py b/scripts/lib/wic/filemap.py index 77e32b9add..a72fa09ef5 100644 --- a/scripts/lib/wic/filemap.py +++ b/scripts/lib/wic/filemap.py @@ -37,7 +37,15 @@ def get_block_size(file_obj): # Get the block size of the host file-system for the image file by calling # the FIGETBSZ ioctl (number 2). binary_data = fcntl.ioctl(file_obj, 2, struct.pack('I', 0)) - return struct.unpack('I', binary_data)[0] + bsize = struct.unpack('I', binary_data)[0] + if not bsize: + import os + stat = os.fstat(file_obj.fileno()) + if hasattr(stat, 'st_blksize'): + bsize = stat.st_blksize + else: + raise IOError("Unable to determine block size") + return bsize class ErrorNotSupp(Exception): """ diff --git a/scripts/multilib_header_wrapper.h b/scripts/multilib_header_wrapper.h index f516673b63..9660225fdd 100644 --- a/scripts/multilib_header_wrapper.h +++ b/scripts/multilib_header_wrapper.h @@ -22,7 +22,9 @@ */ -#if defined (__arm__) +#if defined (__bpf__) +#define __MHWORDSIZE 64 +#elif defined (__arm__) #define __MHWORDSIZE 32 #elif defined (__aarch64__) && defined ( __LP64__) #define __MHWORDSIZE 64 |