diff options
Diffstat (limited to 'meta')
51 files changed, 767 insertions, 819 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 01b3637469..0ab022b135 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -214,7 +214,7 @@ def check_cves(d, patched_cves): (_, _, _, version_start, operator_start, version_end, operator_end) = row #bb.debug(2, "Evaluating row " + str(row)) - if (operator_start == '=' and pv == version_start): + if (operator_start == '=' and pv == version_start) or version_start == '-': vulnerable = True else: if operator_start: diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index 660a52ad87..4cb8c5c55a 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -81,6 +81,7 @@ RECIPE_MAINTAINER_pn-build-appliance-image = "Richard Purdie <richard.purdie@lin RECIPE_MAINTAINER_pn-build-compare = "Paul Eggleton <paul.eggleton@linux.intel.com>" RECIPE_MAINTAINER_pn-build-sysroots = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-builder = "Richard Purdie <richard.purdie@linuxfoundation.org>" +RECIPE_MAINTAINER_pn-buildtools-extended-tarball = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-buildtools-tarball = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-busybox = "Andrej Valek <andrej.valek@siemens.com>" RECIPE_MAINTAINER_pn-busybox-inittab = "Denys Dmytriyenko <denys@ti.com>" diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc index ad75d3e2a3..69b6edee5f 100644 --- a/meta/conf/distro/include/yocto-uninative.inc +++ b/meta/conf/distro/include/yocto-uninative.inc @@ -6,9 +6,9 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.30" +UNINATIVE_MAXGLIBCVERSION = "2.32" -UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.7/" -UNINATIVE_CHECKSUM[aarch64] ?= "e76a45886ee8a0b3904b761c17ac8ff91edf9811ee455f1832d10763ba794dfc" -UNINATIVE_CHECKSUM[i686] ?= "810d027dfb1c7675226afbcec07808770516c969ee7378f6d8240281083f8924" -UNINATIVE_CHECKSUM[x86_64] ?= "9498d8bba047499999a7310ac2576d0796461184965351a56f6d32c888a1f216" +UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.9/" +UNINATIVE_CHECKSUM[aarch64] ?= "9f25a667aee225b1dd65c4aea73e01983e825b1cb9b56937932a1ee328b45f81" +UNINATIVE_CHECKSUM[i686] ?= "cae5d73245d95b07cf133b780ba3f6c8d0adca3ffc4e7e7fab999961d5e24d36" +UNINATIVE_CHECKSUM[x86_64] ?= "d07916b95c419c81541a19c8ef0ed8cbd78ae18437ff28a4c8a60ef40518e423" diff --git a/meta/files/toolchain-shar-extract.sh b/meta/files/toolchain-shar-extract.sh index 156085b500..d9112eab72 100644 --- a/meta/files/toolchain-shar-extract.sh +++ b/meta/files/toolchain-shar-extract.sh @@ -1,13 +1,8 @@ #!/bin/sh -[ -z "$ENVCLEANED" ] && exec /usr/bin/env -i ENVCLEANED=1 HOME="$HOME" \ - LC_ALL=en_US.UTF-8 \ - TERM=$TERM \ - ICECC_PATH="$ICECC_PATH" \ - http_proxy="$http_proxy" https_proxy="$https_proxy" ftp_proxy="$ftp_proxy" \ - no_proxy="$no_proxy" all_proxy="$all_proxy" GIT_PROXY_COMMAND="$GIT_PROXY_COMMAND" "$0" "$@" -[ -f /etc/environment ] && . /etc/environment -export PATH=`echo "$PATH" | sed -e 's/:\.//' -e 's/::/:/'` +export LC_ALL=en_US.UTF-8 +# Remove invalid PATH elements first (maybe from a previously setup toolchain now deleted +PATH=`python3 -c 'import os; print(":".join(e for e in os.environ["PATH"].split(":") if os.path.exists(e)))'` tweakpath () { case ":${PATH}:" in diff --git a/meta/lib/oe/prservice.py b/meta/lib/oe/prservice.py index b1132ccb11..3a5ef8d921 100644 --- a/meta/lib/oe/prservice.py +++ b/meta/lib/oe/prservice.py @@ -3,6 +3,10 @@ # def prserv_make_conn(d, check = False): + # Otherwise this fails when called from recipes which e.g. inherit python3native (which sets _PYTHON_SYSCONFIGDATA_NAME) with: + # No module named '_sysconfigdata' + if '_PYTHON_SYSCONFIGDATA_NAME' in os.environ: + del os.environ['_PYTHON_SYSCONFIGDATA_NAME'] import prserv.serv host_params = list([_f for _f in (d.getVar("PRSERV_HOST") or '').split(':') if _f]) try: diff --git a/meta/lib/oeqa/core/utils/concurrencytest.py b/meta/lib/oeqa/core/utils/concurrencytest.py index 6bf7718863..5f10267f70 100644 --- a/meta/lib/oeqa/core/utils/concurrencytest.py +++ b/meta/lib/oeqa/core/utils/concurrencytest.py @@ -199,7 +199,7 @@ def fork_for_tests(concurrency_num, suite): oe.path.copytree(selftestdir, newselftestdir) for e in os.environ: - if builddir in os.environ[e]: + if builddir + "/" in os.environ[e] or os.environ[e].endswith(builddir): os.environ[e] = os.environ[e].replace(builddir, newbuilddir) subprocess.check_output("git init; git add *; git commit -a -m 'initial'", cwd=newselftestdir, shell=True) diff --git a/meta/lib/oeqa/sdkext/testsdk.py b/meta/lib/oeqa/sdkext/testsdk.py index 785b5dda53..c5c46df6cd 100644 --- a/meta/lib/oeqa/sdkext/testsdk.py +++ b/meta/lib/oeqa/sdkext/testsdk.py @@ -25,11 +25,8 @@ class TestSDKExt(TestSDKBase): subprocesstweak.errors_have_output() - # extensible sdk can be contaminated if native programs are - # in PATH, i.e. use perl-native instead of eSDK one. - paths_to_avoid = [d.getVar('STAGING_DIR'), - d.getVar('BASE_WORKDIR')] - os.environ['PATH'] = avoid_paths_in_environ(paths_to_avoid) + # We need the original PATH for testing the eSDK, not with our manipulations + os.environ['PATH'] = d.getVar("BB_ORIGENV", False).getVar("PATH") tcname = d.expand("${SDK_DEPLOY}/${TOOLCHAINEXT_OUTPUTNAME}.sh") if not os.path.exists(tcname): diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py index d817b755fe..5149583bd4 100644 --- a/meta/lib/oeqa/selftest/cases/runtime_test.py +++ b/meta/lib/oeqa/selftest/cases/runtime_test.py @@ -168,7 +168,7 @@ class TestImage(OESelftestTestCase): # remove the oeqa-feed-sign temporal directory shutil.rmtree(self.gpg_home, ignore_errors=True) - def test_testimage_virgl_gtk(self): + def disabled_test_testimage_virgl_gtk(self): """ Summary: Check host-assisted accelerate OpenGL functionality in qemu with gtk frontend Expected: 1. Check that virgl kernel driver is loaded and 3d acceleration is enabled diff --git a/meta/lib/oeqa/selftest/cases/signing.py b/meta/lib/oeqa/selftest/cases/signing.py index b390f37d8e..41627ff858 100644 --- a/meta/lib/oeqa/selftest/cases/signing.py +++ b/meta/lib/oeqa/selftest/cases/signing.py @@ -44,7 +44,9 @@ class Signing(OESelftestTestCase): origenv = os.environ.copy() for e in os.environ: - if builddir in os.environ[e]: + if builddir + "/" in os.environ[e]: + os.environ[e] = os.environ[e].replace(builddir + "/", newbuilddir + "/") + if os.environ[e].endswith(builddir): os.environ[e] = os.environ[e].replace(builddir, newbuilddir) os.chdir(newbuilddir) diff --git a/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch new file mode 100644 index 0000000000..e2930c3c7d --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch @@ -0,0 +1,46 @@ +From 3cccc0a2ab597b8273bddf08e9a3cc5551d7e530 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Fri, 3 Jan 2020 03:02:26 +0000 +Subject: [PATCH] upstream: what bozo decided to use 2020 as a future date in a + regress + +test? + +OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a + +Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/ff31f15773ee173502eec4d7861ec56f26bba381] + +[Dropped the script version and copyright year change at the top] + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + regress/cert-hostkey.sh | 2 +- + regress/cert-userkey.sh | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh +index 3ce7779..74d5a53 100644 +--- a/regress/cert-hostkey.sh ++++ b/regress/cert-hostkey.sh +@@ -248,7 +248,7 @@ test_one() { + test_one "user-certificate" failure "-n $HOSTS" + test_one "empty principals" success "-h" + test_one "wrong principals" failure "-h -n foo" +-test_one "cert not yet valid" failure "-h -V20200101:20300101" ++test_one "cert not yet valid" failure "-h -V20300101:20320101" + test_one "cert expired" failure "-h -V19800101:19900101" + test_one "cert valid interval" success "-h -V-1w:+2w" + test_one "cert has constraints" failure "-h -Oforce-command=false" +diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh +index 6849e99..de455b8 100644 +--- a/regress/cert-userkey.sh ++++ b/regress/cert-userkey.sh +@@ -327,7 +327,7 @@ test_one() { + test_one "correct principal" success "-n ${USER}" + test_one "host-certificate" failure "-n ${USER} -h" + test_one "wrong principals" failure "-n foo" +-test_one "cert not yet valid" failure "-n ${USER} -V20200101:20300101" ++test_one "cert not yet valid" failure "-n ${USER} -V20300101:20320101" + test_one "cert expired" failure "-n ${USER} -V19800101:19900101" + test_one "cert valid interval" success "-n ${USER} -V-1w:+2w" + test_one "wrong source-address" failure "-n ${USER} -Osource-address=10.0.0.0/8" diff --git a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb index 6c8f7327a9..4d4f2753fe 100644 --- a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb @@ -28,6 +28,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://CVE-2019-6109.patch \ file://0001-upstream-Have-progressmeter-force-an-update-at-the-b.patch \ file://CVE-2019-6111.patch \ + file://0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch \ " SRC_URI[md5sum] = "c6af50b7a474d04726a5aa747a5dce8f" SRC_URI[sha256sum] = "6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aad" diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch deleted file mode 100644 index 0cc19cb5f4..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch +++ /dev/null @@ -1,758 +0,0 @@ -From 419102400a2811582a7a3d4a4e317d72e5ce0a8f Mon Sep 17 00:00:00 2001 -From: Andy Polyakov <appro@openssl.org> -Date: Wed, 4 Dec 2019 12:48:21 +0100 -Subject: [PATCH] Fix an overflow bug in rsaz_512_sqr - -There is an overflow bug in the x64_64 Montgomery squaring procedure used in -exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis -suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a -result of this defect would be very difficult to perform and are not believed -likely. Attacks against DH512 are considered just feasible. However, for an -attack the target would have to re-use the DH512 private key, which is not -recommended anyway. Also applications directly using the low level API -BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. - -CVE-2019-1551 - -Reviewed-by: Paul Dale <paul.dale@oracle.com> -Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> -(Merged from https://github.com/openssl/openssl/pull/10575) - -CVE: CVE-2019-1551 -Upstream-Status: Backport -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> ---- - crypto/bn/asm/rsaz-x86_64.pl | 381 ++++++++++++++++++----------------- - 1 file changed, 197 insertions(+), 184 deletions(-) - -diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl -index b1797b649f0..7534d5cd03e 100755 ---- a/crypto/bn/asm/rsaz-x86_64.pl -+++ b/crypto/bn/asm/rsaz-x86_64.pl -@@ -116,7 +116,7 @@ - subq \$128+24, %rsp - .cfi_adjust_cfa_offset 128+24 - .Lsqr_body: -- movq $mod, %rbp # common argument -+ movq $mod, %xmm1 # common off-load - movq ($inp), %rdx - movq 8($inp), %rax - movq $n0, 128(%rsp) -@@ -134,7 +134,8 @@ - .Loop_sqr: - movl $times,128+8(%rsp) - #first iteration -- movq %rdx, %rbx -+ movq %rdx, %rbx # 0($inp) -+ mov %rax, %rbp # 8($inp) - mulq %rdx - movq %rax, %r8 - movq 16($inp), %rax -@@ -173,31 +174,29 @@ - mulq %rbx - addq %rax, %r14 - movq %rbx, %rax -- movq %rdx, %r15 -- adcq \$0, %r15 -+ adcq \$0, %rdx - -- addq %r8, %r8 #shlq \$1, %r8 -- movq %r9, %rcx -- adcq %r9, %r9 #shld \$1, %r8, %r9 -+ xorq %rcx,%rcx # rcx:r8 = r8 << 1 -+ addq %r8, %r8 -+ movq %rdx, %r15 -+ adcq \$0, %rcx - - mulq %rax -- movq %rax, (%rsp) -- addq %rdx, %r8 -- adcq \$0, %r9 -+ addq %r8, %rdx -+ adcq \$0, %rcx - -- movq %r8, 8(%rsp) -- shrq \$63, %rcx -+ movq %rax, (%rsp) -+ movq %rdx, 8(%rsp) - - #second iteration -- movq 8($inp), %r8 - movq 16($inp), %rax -- mulq %r8 -+ mulq %rbp - addq %rax, %r10 - movq 24($inp), %rax - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r11 - movq 32($inp), %rax - adcq \$0, %rdx -@@ -205,7 +204,7 @@ - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r12 - movq 40($inp), %rax - adcq \$0, %rdx -@@ -213,7 +212,7 @@ - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r13 - movq 48($inp), %rax - adcq \$0, %rdx -@@ -221,7 +220,7 @@ - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r14 - movq 56($inp), %rax - adcq \$0, %rdx -@@ -229,39 +228,39 @@ - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r15 -- movq %r8, %rax -+ movq %rbp, %rax - adcq \$0, %rdx - addq %rbx, %r15 -- movq %rdx, %r8 -- movq %r10, %rdx -- adcq \$0, %r8 -+ adcq \$0, %rdx - -- add %rdx, %rdx -- lea (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 -- movq %r11, %rbx -- adcq %r11, %r11 #shld \$1, %r10, %r11 -+ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 -+ addq %r9, %r9 -+ movq %rdx, %r8 -+ adcq %r10, %r10 -+ adcq \$0, %rbx - - mulq %rax -+ addq %rcx, %rax -+ movq 16($inp), %rbp -+ adcq \$0, %rdx - addq %rax, %r9 -+ movq 24($inp), %rax - adcq %rdx, %r10 -- adcq \$0, %r11 -+ adcq \$0, %rbx - - movq %r9, 16(%rsp) - movq %r10, 24(%rsp) -- shrq \$63, %rbx - - #third iteration -- movq 16($inp), %r9 -- movq 24($inp), %rax -- mulq %r9 -+ mulq %rbp - addq %rax, %r12 - movq 32($inp), %rax - movq %rdx, %rcx - adcq \$0, %rcx - -- mulq %r9 -+ mulq %rbp - addq %rax, %r13 - movq 40($inp), %rax - adcq \$0, %rdx -@@ -269,7 +268,7 @@ - movq %rdx, %rcx - adcq \$0, %rcx - -- mulq %r9 -+ mulq %rbp - addq %rax, %r14 - movq 48($inp), %rax - adcq \$0, %rdx -@@ -277,9 +276,7 @@ - movq %rdx, %rcx - adcq \$0, %rcx - -- mulq %r9 -- movq %r12, %r10 -- lea (%rbx,%r12,2), %r12 #shld \$1, %rbx, %r12 -+ mulq %rbp - addq %rax, %r15 - movq 56($inp), %rax - adcq \$0, %rdx -@@ -287,36 +284,40 @@ - movq %rdx, %rcx - adcq \$0, %rcx - -- mulq %r9 -- shrq \$63, %r10 -+ mulq %rbp - addq %rax, %r8 -- movq %r9, %rax -+ movq %rbp, %rax - adcq \$0, %rdx - addq %rcx, %r8 -- movq %rdx, %r9 -- adcq \$0, %r9 -+ adcq \$0, %rdx - -- movq %r13, %rcx -- leaq (%r10,%r13,2), %r13 #shld \$1, %r12, %r13 -+ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 -+ addq %r11, %r11 -+ movq %rdx, %r9 -+ adcq %r12, %r12 -+ adcq \$0, %rcx - - mulq %rax -+ addq %rbx, %rax -+ movq 24($inp), %r10 -+ adcq \$0, %rdx - addq %rax, %r11 -+ movq 32($inp), %rax - adcq %rdx, %r12 -- adcq \$0, %r13 -+ adcq \$0, %rcx - - movq %r11, 32(%rsp) - movq %r12, 40(%rsp) -- shrq \$63, %rcx - - #fourth iteration -- movq 24($inp), %r10 -- movq 32($inp), %rax -+ mov %rax, %r11 # 32($inp) - mulq %r10 - addq %rax, %r14 - movq 40($inp), %rax - movq %rdx, %rbx - adcq \$0, %rbx - -+ mov %rax, %r12 # 40($inp) - mulq %r10 - addq %rax, %r15 - movq 48($inp), %rax -@@ -325,9 +326,8 @@ - movq %rdx, %rbx - adcq \$0, %rbx - -+ mov %rax, %rbp # 48($inp) - mulq %r10 -- movq %r14, %r12 -- leaq (%rcx,%r14,2), %r14 #shld \$1, %rcx, %r14 - addq %rax, %r8 - movq 56($inp), %rax - adcq \$0, %rdx -@@ -336,32 +336,33 @@ - adcq \$0, %rbx - - mulq %r10 -- shrq \$63, %r12 - addq %rax, %r9 - movq %r10, %rax - adcq \$0, %rdx - addq %rbx, %r9 -- movq %rdx, %r10 -- adcq \$0, %r10 -+ adcq \$0, %rdx - -- movq %r15, %rbx -- leaq (%r12,%r15,2),%r15 #shld \$1, %r14, %r15 -+ xorq %rbx, %rbx # rbx:r13:r14 = r13:r14 << 1 -+ addq %r13, %r13 -+ movq %rdx, %r10 -+ adcq %r14, %r14 -+ adcq \$0, %rbx - - mulq %rax -+ addq %rcx, %rax -+ adcq \$0, %rdx - addq %rax, %r13 -+ movq %r12, %rax # 40($inp) - adcq %rdx, %r14 -- adcq \$0, %r15 -+ adcq \$0, %rbx - - movq %r13, 48(%rsp) - movq %r14, 56(%rsp) -- shrq \$63, %rbx - - #fifth iteration -- movq 32($inp), %r11 -- movq 40($inp), %rax - mulq %r11 - addq %rax, %r8 -- movq 48($inp), %rax -+ movq %rbp, %rax # 48($inp) - movq %rdx, %rcx - adcq \$0, %rcx - -@@ -369,97 +370,99 @@ - addq %rax, %r9 - movq 56($inp), %rax - adcq \$0, %rdx -- movq %r8, %r12 -- leaq (%rbx,%r8,2), %r8 #shld \$1, %rbx, %r8 - addq %rcx, %r9 - movq %rdx, %rcx - adcq \$0, %rcx - -+ mov %rax, %r14 # 56($inp) - mulq %r11 -- shrq \$63, %r12 - addq %rax, %r10 - movq %r11, %rax - adcq \$0, %rdx - addq %rcx, %r10 -- movq %rdx, %r11 -- adcq \$0, %r11 -+ adcq \$0, %rdx - -- movq %r9, %rcx -- leaq (%r12,%r9,2), %r9 #shld \$1, %r8, %r9 -+ xorq %rcx, %rcx # rcx:r8:r15 = r8:r15 << 1 -+ addq %r15, %r15 -+ movq %rdx, %r11 -+ adcq %r8, %r8 -+ adcq \$0, %rcx - - mulq %rax -+ addq %rbx, %rax -+ adcq \$0, %rdx - addq %rax, %r15 -+ movq %rbp, %rax # 48($inp) - adcq %rdx, %r8 -- adcq \$0, %r9 -+ adcq \$0, %rcx - - movq %r15, 64(%rsp) - movq %r8, 72(%rsp) -- shrq \$63, %rcx - - #sixth iteration -- movq 40($inp), %r12 -- movq 48($inp), %rax - mulq %r12 - addq %rax, %r10 -- movq 56($inp), %rax -+ movq %r14, %rax # 56($inp) - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %r12 - addq %rax, %r11 - movq %r12, %rax -- movq %r10, %r15 -- leaq (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 - adcq \$0, %rdx -- shrq \$63, %r15 - addq %rbx, %r11 -- movq %rdx, %r12 -- adcq \$0, %r12 -+ adcq \$0, %rdx - -- movq %r11, %rbx -- leaq (%r15,%r11,2), %r11 #shld \$1, %r10, %r11 -+ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 -+ addq %r9, %r9 -+ movq %rdx, %r12 -+ adcq %r10, %r10 -+ adcq \$0, %rbx - - mulq %rax -+ addq %rcx, %rax -+ adcq \$0, %rdx - addq %rax, %r9 -+ movq %r14, %rax # 56($inp) - adcq %rdx, %r10 -- adcq \$0, %r11 -+ adcq \$0, %rbx - - movq %r9, 80(%rsp) - movq %r10, 88(%rsp) - - #seventh iteration -- movq 48($inp), %r13 -- movq 56($inp), %rax -- mulq %r13 -+ mulq %rbp - addq %rax, %r12 -- movq %r13, %rax -- movq %rdx, %r13 -- adcq \$0, %r13 -+ movq %rbp, %rax -+ adcq \$0, %rdx - -- xorq %r14, %r14 -- shlq \$1, %rbx -- adcq %r12, %r12 #shld \$1, %rbx, %r12 -- adcq %r13, %r13 #shld \$1, %r12, %r13 -- adcq %r14, %r14 #shld \$1, %r13, %r14 -+ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 -+ addq %r11, %r11 -+ movq %rdx, %r13 -+ adcq %r12, %r12 -+ adcq \$0, %rcx - - mulq %rax -+ addq %rbx, %rax -+ adcq \$0, %rdx - addq %rax, %r11 -+ movq %r14, %rax # 56($inp) - adcq %rdx, %r12 -- adcq \$0, %r13 -+ adcq \$0, %rcx - - movq %r11, 96(%rsp) - movq %r12, 104(%rsp) - - #eighth iteration -- movq 56($inp), %rax -+ xorq %rbx, %rbx # rbx:r13 = r13 << 1 -+ addq %r13, %r13 -+ adcq \$0, %rbx -+ - mulq %rax -- addq %rax, %r13 -+ addq %rcx, %rax - adcq \$0, %rdx -- -- addq %rdx, %r14 -- -- movq %r13, 112(%rsp) -- movq %r14, 120(%rsp) -+ addq %r13, %rax -+ adcq %rbx, %rdx - - movq (%rsp), %r8 - movq 8(%rsp), %r9 -@@ -469,6 +472,10 @@ - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 -+ movq %xmm1, %rbp -+ -+ movq %rax, 112(%rsp) -+ movq %rdx, 120(%rsp) - - call __rsaz_512_reduce - -@@ -500,9 +507,9 @@ - .Loop_sqrx: - movl $times,128+8(%rsp) - movq $out, %xmm0 # off-load -- movq %rbp, %xmm1 # off-load - #first iteration - mulx %rax, %r8, %r9 -+ mov %rax, %rbx - - mulx 16($inp), %rcx, %r10 - xor %rbp, %rbp # cf=0, of=0 -@@ -510,40 +517,39 @@ - mulx 24($inp), %rax, %r11 - adcx %rcx, %r9 - -- mulx 32($inp), %rcx, %r12 -+ .byte 0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($inp), %rcx, %r12 - adcx %rax, %r10 - -- mulx 40($inp), %rax, %r13 -+ .byte 0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00 # mulx 40($inp), %rax, %r13 - adcx %rcx, %r11 - -- .byte 0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($inp), %rcx, %r14 -+ mulx 48($inp), %rcx, %r14 - adcx %rax, %r12 - adcx %rcx, %r13 - -- .byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r15 -+ mulx 56($inp), %rax, %r15 - adcx %rax, %r14 - adcx %rbp, %r15 # %rbp is 0 - -- mov %r9, %rcx -- shld \$1, %r8, %r9 -- shl \$1, %r8 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -- adcx %rdx, %r8 -- mov 8($inp), %rdx -- adcx %rbp, %r9 -+ mulx %rdx, %rax, $out -+ mov %rbx, %rdx # 8($inp) -+ xor %rcx, %rcx -+ adox %r8, %r8 -+ adcx $out, %r8 -+ adox %rbp, %rcx -+ adcx %rbp, %rcx - - mov %rax, (%rsp) - mov %r8, 8(%rsp) - - #second iteration -- mulx 16($inp), %rax, %rbx -+ .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00 # mulx 16($inp), %rax, %rbx - adox %rax, %r10 - adcx %rbx, %r11 - -- .byte 0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r8 -+ mulx 24($inp), $out, %r8 - adox $out, %r11 -+ .byte 0x66 - adcx %r8, %r12 - - mulx 32($inp), %rax, %rbx -@@ -561,24 +567,25 @@ - .byte 0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r8 - adox $out, %r15 - adcx %rbp, %r8 -+ mulx %rdx, %rax, $out - adox %rbp, %r8 -+ .byte 0x48,0x8b,0x96,0x10,0x00,0x00,0x00 # mov 16($inp), %rdx - -- mov %r11, %rbx -- shld \$1, %r10, %r11 -- shld \$1, %rcx, %r10 -- -- xor %ebp,%ebp -- mulx %rdx, %rax, %rcx -- mov 16($inp), %rdx -+ xor %rbx, %rbx -+ adcx %rcx, %rax -+ adox %r9, %r9 -+ adcx %rbp, $out -+ adox %r10, %r10 - adcx %rax, %r9 -- adcx %rcx, %r10 -- adcx %rbp, %r11 -+ adox %rbp, %rbx -+ adcx $out, %r10 -+ adcx %rbp, %rbx - - mov %r9, 16(%rsp) - .byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp) - - #third iteration -- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r9 -+ mulx 24($inp), $out, %r9 - adox $out, %r12 - adcx %r9, %r13 - -@@ -586,7 +593,7 @@ - adox %rax, %r13 - adcx %rcx, %r14 - -- mulx 40($inp), $out, %r9 -+ .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r9 - adox $out, %r14 - adcx %r9, %r15 - -@@ -594,27 +601,28 @@ - adox %rax, %r15 - adcx %rcx, %r8 - -- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r9 -+ mulx 56($inp), $out, %r9 - adox $out, %r8 - adcx %rbp, %r9 -+ mulx %rdx, %rax, $out - adox %rbp, %r9 -+ mov 24($inp), %rdx - -- mov %r13, %rcx -- shld \$1, %r12, %r13 -- shld \$1, %rbx, %r12 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -+ xor %rcx, %rcx -+ adcx %rbx, %rax -+ adox %r11, %r11 -+ adcx %rbp, $out -+ adox %r12, %r12 - adcx %rax, %r11 -- adcx %rdx, %r12 -- mov 24($inp), %rdx -- adcx %rbp, %r13 -+ adox %rbp, %rcx -+ adcx $out, %r12 -+ adcx %rbp, %rcx - - mov %r11, 32(%rsp) -- .byte 0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00 # mov %r12, 40(%rsp) -+ mov %r12, 40(%rsp) - - #fourth iteration -- .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00 # mulx 32($inp), %rax, %rbx -+ mulx 32($inp), %rax, %rbx - adox %rax, %r14 - adcx %rbx, %r15 - -@@ -629,25 +637,25 @@ - mulx 56($inp), $out, %r10 - adox $out, %r9 - adcx %rbp, %r10 -+ mulx %rdx, %rax, $out - adox %rbp, %r10 -+ mov 32($inp), %rdx - -- .byte 0x66 -- mov %r15, %rbx -- shld \$1, %r14, %r15 -- shld \$1, %rcx, %r14 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -+ xor %rbx, %rbx -+ adcx %rcx, %rax -+ adox %r13, %r13 -+ adcx %rbp, $out -+ adox %r14, %r14 - adcx %rax, %r13 -- adcx %rdx, %r14 -- mov 32($inp), %rdx -- adcx %rbp, %r15 -+ adox %rbp, %rbx -+ adcx $out, %r14 -+ adcx %rbp, %rbx - - mov %r13, 48(%rsp) - mov %r14, 56(%rsp) - - #fifth iteration -- .byte 0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r11 -+ mulx 40($inp), $out, %r11 - adox $out, %r8 - adcx %r11, %r9 - -@@ -658,18 +666,19 @@ - mulx 56($inp), $out, %r11 - adox $out, %r10 - adcx %rbp, %r11 -+ mulx %rdx, %rax, $out -+ mov 40($inp), %rdx - adox %rbp, %r11 - -- mov %r9, %rcx -- shld \$1, %r8, %r9 -- shld \$1, %rbx, %r8 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -+ xor %rcx, %rcx -+ adcx %rbx, %rax -+ adox %r15, %r15 -+ adcx %rbp, $out -+ adox %r8, %r8 - adcx %rax, %r15 -- adcx %rdx, %r8 -- mov 40($inp), %rdx -- adcx %rbp, %r9 -+ adox %rbp, %rcx -+ adcx $out, %r8 -+ adcx %rbp, %rcx - - mov %r15, 64(%rsp) - mov %r8, 72(%rsp) -@@ -682,18 +691,19 @@ - .byte 0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r12 - adox $out, %r11 - adcx %rbp, %r12 -+ mulx %rdx, %rax, $out - adox %rbp, %r12 -+ mov 48($inp), %rdx - -- mov %r11, %rbx -- shld \$1, %r10, %r11 -- shld \$1, %rcx, %r10 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -+ xor %rbx, %rbx -+ adcx %rcx, %rax -+ adox %r9, %r9 -+ adcx %rbp, $out -+ adox %r10, %r10 - adcx %rax, %r9 -- adcx %rdx, %r10 -- mov 48($inp), %rdx -- adcx %rbp, %r11 -+ adcx $out, %r10 -+ adox %rbp, %rbx -+ adcx %rbp, %rbx - - mov %r9, 80(%rsp) - mov %r10, 88(%rsp) -@@ -703,31 +713,31 @@ - adox %rax, %r12 - adox %rbp, %r13 - -- xor %r14, %r14 -- shld \$1, %r13, %r14 -- shld \$1, %r12, %r13 -- shld \$1, %rbx, %r12 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -- adcx %rax, %r11 -- adcx %rdx, %r12 -+ mulx %rdx, %rax, $out -+ xor %rcx, %rcx - mov 56($inp), %rdx -- adcx %rbp, %r13 -+ adcx %rbx, %rax -+ adox %r11, %r11 -+ adcx %rbp, $out -+ adox %r12, %r12 -+ adcx %rax, %r11 -+ adox %rbp, %rcx -+ adcx $out, %r12 -+ adcx %rbp, %rcx - - .byte 0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00 # mov %r11, 96(%rsp) - .byte 0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00 # mov %r12, 104(%rsp) - - #eighth iteration - mulx %rdx, %rax, %rdx -- adox %rax, %r13 -- adox %rbp, %rdx -+ xor %rbx, %rbx -+ adcx %rcx, %rax -+ adox %r13, %r13 -+ adcx %rbp, %rdx -+ adox %rbp, %rbx -+ adcx %r13, %rax -+ adcx %rdx, %rbx - -- .byte 0x66 -- add %rdx, %r14 -- -- movq %r13, 112(%rsp) -- movq %r14, 120(%rsp) - movq %xmm0, $out - movq %xmm1, %rbp - -@@ -741,6 +751,9 @@ - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - -+ movq %rax, 112(%rsp) -+ movq %rbx, 120(%rsp) -+ - call __rsaz_512_reducex - - addq 64(%rsp), %r8 diff --git a/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/meta/recipes-connectivity/openssl/openssl/reproducible.patch new file mode 100644 index 0000000000..a24260c95d --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/reproducible.patch @@ -0,0 +1,32 @@ +The value for perl_archname can vary depending on the host, e.g. +x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which +makes the ptest package non-reproducible. Its unused other than +these references so drop it. + +RP 2020/2/6 + +Upstream-Status: Pending +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: openssl-1.1.1d/Configure +=================================================================== +--- openssl-1.1.1d.orig/Configure ++++ openssl-1.1.1d/Configure +@@ -286,7 +286,7 @@ if (defined env($local_config_envname)) + # Save away perl command information + $config{perl_cmd} = $^X; + $config{perl_version} = $Config{version}; +-$config{perl_archname} = $Config{archname}; ++#$config{perl_archname} = $Config{archname}; + + $config{prefix}=""; + $config{openssldir}=""; +@@ -2517,7 +2517,7 @@ _____ + @{$config{perlargv}}), "\n"; + print "\nPerl information:\n\n"; + print ' ',$config{perl_cmd},"\n"; +- print ' ',$config{perl_version},' for ',$config{perl_archname},"\n"; ++ print ' ',$config{perl_version},"\n"; + } + if ($dump || $options) { + my $longest = 0; diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2u.bb index 87df4f517a..c5a00066ba 100644 --- a/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb +++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2u.bb @@ -53,13 +53,15 @@ SRC_URI_append_class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[md5sum] = "0d2baaf04c56d542f6cc757b9c2a2aac" -SRC_URI[sha256sum] = "ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6" +SRC_URI[md5sum] = "cdc2638f789ecc2db2c91488265686c1" +SRC_URI[sha256sum] = "ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16" S = "${WORKDIR}/openssl-${PV}" UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar" +CVE_PRODUCT = "openssl:openssl" + inherit pkgconfig siteinfo multilib_header ptest manpages PACKAGECONFIG ?= "cryptodev-linux" diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb index d256646934..a57e09c802 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb @@ -16,15 +16,14 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-skip-test_symbol_presence.patch \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ - file://CVE-2019-1551.patch \ + file://reproducible.patch \ " SRC_URI_append_class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[md5sum] = "3be209000dbc7e1b95bcdf47980a3baa" -SRC_URI[sha256sum] = "1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2" +SRC_URI[sha256sum] = "ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46" inherit lib_package multilib_header ptest @@ -32,7 +31,7 @@ PACKAGECONFIG ?= "" PACKAGECONFIG_class-native = "" PACKAGECONFIG_class-nativesdk = "" -PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux" +PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" B = "${WORKDIR}/build" do_configure[cleandirs] = "${B}" diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch new file mode 100644 index 0000000000..b7ba7ba643 --- /dev/null +++ b/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch @@ -0,0 +1,47 @@ +From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001 +From: Paul Mackerras <paulus@ozlabs.org> +Date: Mon, 3 Feb 2020 15:53:28 +1100 +Subject: [PATCH] pppd: Fix bounds check in EAP code + +Given that we have just checked vallen < len, it can never be the case +that vallen >= len + sizeof(rhostname). This fixes the check so we +actually avoid overflowing the rhostname array. + +Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> +Signed-off-by: Paul Mackerras <paulus@ozlabs.org> + +Upstream-Status: Backport +[https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426] + +CVE: CVE-2020-8597 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + pppd/eap.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/pppd/eap.c b/pppd/eap.c +index 94407f5..1b93db0 100644 +--- a/pppd/eap.c ++++ b/pppd/eap.c +@@ -1420,7 +1420,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; +@@ -1846,7 +1846,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; +-- +2.17.1 + diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb index 644cde4562..60c56dd0bd 100644 --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb @@ -33,6 +33,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ file://0001-ppp-Remove-unneeded-include.patch \ file://ppp-2.4.7-DES-openssl.patch \ + file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \ " SRC_URI_append_libc-musl = "\ diff --git a/meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch b/meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch index 9f9f503a1e..6e5085b9c9 100644 --- a/meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch +++ b/meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch @@ -65,6 +65,36 @@ index 7c1cc3eecb..53cb8bfc59 100644 /* Load the locale data for CATEGORY from the file specified by *NAME. If *NAME is "", use environment variables as specified by POSIX, and --- -2.20.1 +Index: git/locale/programs/locale.c +=================================================================== +--- git.orig/locale/programs/locale.c ++++ git/locale/programs/locale.c +@@ -632,6 +632,7 @@ nameentcmp (const void *a, const void *b + ((const struct nameent *) b)->name); + } + ++static char _write_archive_locales_path[4096] attribute_hidden __attribute__ ((section (".gccrelocprefix"))) = ARCHIVE_NAME; + + static int + write_archive_locales (void **all_datap, char *linebuf) +@@ -645,7 +646,7 @@ write_archive_locales (void **all_datap, + int fd, ret = 0; + uint32_t cnt; + +- fd = open64 (ARCHIVE_NAME, O_RDONLY); ++ fd = open64 (_write_archive_locales_path, O_RDONLY); + if (fd < 0) + return 0; + +@@ -700,8 +701,8 @@ write_archive_locales (void **all_datap, + if (cnt) + putchar_unlocked ('\n'); + +- printf ("locale: %-15.15s archive: " ARCHIVE_NAME "\n%s\n", +- names[cnt].name, linebuf); ++ printf ("locale: %-15.15s archive: %s\n%s\n", ++ names[cnt].name, _write_archive_locales_path, linebuf); + + locrec = (struct locrecent *) (addr + names[cnt].locrec_offset); + diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb index a17c51e9a7..d3b6fef312 100644 --- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -22,7 +22,7 @@ IMAGE_FSTYPES = "wic.vmdk" inherit core-image module-base setuptools3 -SRCREV ?= "d0f73121551dc98f6924cd77952bf9ebf5ef3dd7" +SRCREV ?= "ba1fb60b3980c86794f8a4c23e3a984f9e3590e1" SRC_URI = "git://git.yoctoproject.org/poky;branch=warrior \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ diff --git a/meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch b/meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch new file mode 100644 index 0000000000..4ee2d4fe62 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch @@ -0,0 +1,37 @@ +From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001 +From: Zhipeng Xie <xiezhipeng1@huawei.com> +Date: Tue, 20 Aug 2019 16:33:06 +0800 +Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream + +When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun +alloc a new schema for ctxt->schema and set vctxt->xsiAssemble +to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize +vctxt->xsiAssemble to 0 again which cause the alloced schema +can not be freed anymore. + +Found with libFuzzer. + +Upstream-Status: Accepted [https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a] +CVE: CVE-2019-20388 + +Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com> +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + xmlschemas.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/xmlschemas.c b/xmlschemas.c +index 301c8449..39d92182 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) { + vctxt->nberrors = 0; + vctxt->depth = -1; + vctxt->skipDepth = -1; +- vctxt->xsiAssemble = 0; + vctxt->hasKeyrefs = 0; + #ifdef ENABLE_IDC_NODE_TABLES_TEST + vctxt->createIDCNodeTables = 1; +-- +2.24.1 + diff --git a/meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch b/meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch new file mode 100644 index 0000000000..facfefd362 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch @@ -0,0 +1,36 @@ +From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001 +From: Zhipeng Xie <xiezhipeng1@huawei.com> +Date: Thu, 12 Dec 2019 17:30:55 +0800 +Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities + +When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef +return NULL which cause a infinite loop in xmlStringLenDecodeEntities + +Found with libFuzzer. + +Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com> + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076] +CVE: CVE-2020-7595 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + parser.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/parser.c b/parser.c +index d1c31963..a34bb6cd 100644 +--- a/parser.c ++++ b/parser.c +@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, + else + c = 0; + while ((c != 0) && (c != end) && /* non input consuming loop */ +- (c != end2) && (c != end3)) { ++ (c != end2) && (c != end3) && ++ (ctxt->instate != XML_PARSER_EOF)) { + + if (c == 0) break; + if ((c == '&') && (str[1] == '#')) { +-- +2.24.1 + diff --git a/meta/recipes-core/libxml/libxml2_2.9.8.bb b/meta/recipes-core/libxml/libxml2_2.9.8.bb index 67c2d4fafb..ab47a50c56 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.8.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.8.bb @@ -24,6 +24,8 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \ file://fix-CVE-2018-14404.patch \ file://0001-Fix-infinite-loop-in-LZMA-decompression.patch \ file://fix-CVE-2019-19956.patch \ + file://CVE-2020-7595.patch \ + file://CVE-2019-20388.patch \ " SRC_URI[libtar.md5sum] = "b786e353e2aa1b872d70d5d1ca0c740d" diff --git a/meta/recipes-core/meta/buildtools-extended-tarball.bb b/meta/recipes-core/meta/buildtools-extended-tarball.bb new file mode 100644 index 0000000000..94ed57585b --- /dev/null +++ b/meta/recipes-core/meta/buildtools-extended-tarball.bb @@ -0,0 +1,36 @@ +require recipes-core/meta/buildtools-tarball.bb + +DESCRIPTION = "SDK type target for building a standalone tarball containing build-essentials, python3, chrpath, \ + make, git and tar. The tarball can be used to run bitbake builds on systems which don't meet the \ + usual version requirements and have ancient compilers." +SUMMARY = "Standalone tarball for running builds on systems with inadequate software and ancient compilers" +LICENSE = "MIT" + +# Add nativesdk equivalent of build-essentials +TOOLCHAIN_HOST_TASK += "\ + nativesdk-automake \ + nativesdk-autoconf \ + nativesdk-binutils \ + nativesdk-binutils-symlinks \ + nativesdk-cpp \ + nativesdk-cpp-symlinks \ + nativesdk-gcc \ + nativesdk-gcc-symlinks \ + nativesdk-g++ \ + nativesdk-g++-symlinks \ + nativesdk-gettext \ + nativesdk-libatomic \ + nativesdk-libgcc \ + nativesdk-libstdc++ \ + nativesdk-libstdc++-dev \ + nativesdk-libstdc++-staticdev \ + nativesdk-libtool \ + nativesdk-pkgconfig \ + nativesdk-glibc-utils \ + nativesdk-python \ + nativesdk-libxcrypt-dev \ + " + +TOOLCHAIN_OUTPUTNAME = "${SDK_ARCH}-buildtools-extended-nativesdk-standalone-${DISTRO_VERSION}" + +SDK_TITLE = "Extended Build tools" diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb index 91df6f1ae9..aba10b4cd6 100644 --- a/meta/recipes-core/meta/buildtools-tarball.bb +++ b/meta/recipes-core/meta/buildtools-tarball.bb @@ -72,7 +72,13 @@ create_sdk_files_append () { toolchain_create_sdk_version ${SDK_OUTPUT}/${SDKPATH}/version-${SDK_SYS} echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script + echo 'export SSL_CERT_FILE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script + echo 'export OPENSSL_CONF="${SDKPATHNATIVE}${sysconfdir}/ssl/openssl.cnf"' >>$script + mkdir -p ${SDK_OUTPUT}/${SDKPATHNATIVE}${sysconfdir}/ + echo '${SDKPATHNATIVE}${libdir} +${SDKPATHNATIVE}${base_libdir} +include /etc/ld.so.conf' > ${SDK_OUTPUT}/${SDKPATHNATIVE}${sysconfdir}/ld.so.conf if [ "${SDKMACHINE}" = "i686" ]; then echo 'export NO32LIBS="0"' >>$script echo 'echo "$BB_ENV_EXTRAWHITE" | grep -q "NO32LIBS"' >>$script diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 575254af40..c64dd768c8 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -122,7 +122,7 @@ def parse_node_and_insert(c, node, cveId): product = cpe23[4] version = cpe23[5] - if version != '*': + if version != '*' and version != '-': # Version is defined, this is a '=' match yield [cveId, vendor, product, version, '=', '', ''] else: @@ -160,15 +160,20 @@ def update_db(c, jsondata): if not elt['impact']: continue + accessVector = None cveId = elt['cve']['CVE_data_meta']['ID'] cveDesc = elt['cve']['description']['description_data'][0]['value'] date = elt['lastModifiedDate'] - accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector'] - cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore'] - try: + accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector'] + cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore'] + except KeyError: + cvssv2 = 0.0 + try: + accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector'] cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] - except: + except KeyError: + accessVector = accessVector or "UNKNOWN" cvssv3 = 0.0 c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", diff --git a/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb b/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb index 6a8748acdf..ee7d7cd660 100644 --- a/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb +++ b/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb @@ -15,12 +15,15 @@ DUMMYPROVIDES = "\ nativesdk-perl-module-file-find \ nativesdk-perl-module-file-glob \ nativesdk-perl-module-file-path \ + nativesdk-perl-module-file-spec \ nativesdk-perl-module-file-stat \ nativesdk-perl-module-getopt-long \ nativesdk-perl-module-io-file \ + nativesdk-perl-module-overloading \ nativesdk-perl-module-posix \ nativesdk-perl-module-thread-queue \ nativesdk-perl-module-threads \ + nativesdk-perl-module-warnings \ /usr/bin/perl \ " diff --git a/meta/recipes-core/ncurses/ncurses_6.1+20181013.bb b/meta/recipes-core/ncurses/ncurses_6.1+20181013.bb index ef6ca9879b..90f6b4695c 100644 --- a/meta/recipes-core/ncurses/ncurses_6.1+20181013.bb +++ b/meta/recipes-core/ncurses/ncurses_6.1+20181013.bb @@ -9,3 +9,5 @@ SRCREV = "7a97a7f937762ba342d5b2fd7cd090885a809835" S = "${WORKDIR}/git" EXTRA_OECONF += "--with-abi-version=5 --cache-file=${B}/config.cache" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+(\+\d+)*)" + +CVE_VERSION = "6.1.${@d.getVar("PV").split('+')[1]}" diff --git a/meta/recipes-core/systemd/systemd/0001-bus_open-leak-sd_event_source-when-udevadm-trigger.patch b/meta/recipes-core/systemd/systemd/0001-bus_open-leak-sd_event_source-when-udevadm-trigger.patch new file mode 100644 index 0000000000..7864140bd1 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/0001-bus_open-leak-sd_event_source-when-udevadm-trigger.patch @@ -0,0 +1,35 @@ +From 3e9828454dcdaa6cd19ee7ea3e3db30567f22c9f Mon Sep 17 00:00:00 2001 +From: ven <2988994+hexiaowen@users.noreply.github.com> +Date: Wed, 22 May 2019 14:24:28 +0800 +Subject: =?UTF-8?q?bus=5Fopen=20leak=20sd=5Fevent=5Fsource=20when=20udevad?= + =?UTF-8?q?m=20trigger=E3=80=82?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +On my host, when executing the udevadm trigger, I only receive the change event, which causes memleak + +CVE: CVE-2019-20386 +Upstream-Status: Backport +Signed-off-by: Adrian Bunk <bunk@stusta.de> +--- + src/login/logind-button.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/login/logind-button.c b/src/login/logind-button.c +index daffbf0668..1624a31cc3 100644 +--- a/src/login/logind-button.c ++++ b/src/login/logind-button.c +@@ -341,7 +341,8 @@ int button_open(Button *b) { + } + + (void) button_set_mask(b); +- ++ ++ b->io_event_source = sd_event_source_unref(b->io_event_source); + r = sd_event_add_io(b->manager->event, &b->io_event_source, b->fd, EPOLLIN, button_dispatch, b); + if (r < 0) { + log_error_errno(r, "Failed to add button event: %m"); +-- +2.20.1 + diff --git a/meta/recipes-core/systemd/systemd_241.bb b/meta/recipes-core/systemd/systemd_241.bb index eb3242d624..e0dc936294 100644 --- a/meta/recipes-core/systemd/systemd_241.bb +++ b/meta/recipes-core/systemd/systemd_241.bb @@ -24,6 +24,7 @@ SRC_URI += "file://touchscreen.rules \ file://0005-rules-watch-metadata-changes-in-ide-devices.patch \ file://0001-meson-declare-version.h-as-dep-for-various-targets-t.patch \ file://0001-meson-declare-version.h-as-dependency-for-systemd.patch \ + file://0001-bus_open-leak-sd_event_source-when-udevadm-trigger.patch \ " # patches needed by musl diff --git a/meta/recipes-devtools/binutils/binutils/nativesdk-relocation.patch b/meta/recipes-devtools/binutils/binutils/nativesdk-relocation.patch new file mode 100644 index 0000000000..408f7d18b7 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/nativesdk-relocation.patch @@ -0,0 +1,80 @@ +We need binutils to look at our ld.so.conf file within the SDK to ensure +we search the SDK's libdirs as well as those from the host system. + +We therefore pass in the directory to the code using a define, then add +it to a section we relocate in a similar way to the way we relocate the +gcc internal paths. This ensures that ld works correctly in our buildtools +tarball. + +Standard sysroot relocation doesn't work since we're not in a sysroot, +we want to use both the host system and SDK libs. + +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +2020/1/17 +Upstream-Status: Inappropriate [OE specific tweak] + +Index: git/ld/Makefile.am +=================================================================== +--- git.orig/ld/Makefile.am ++++ git/ld/Makefile.am +@@ -36,7 +36,8 @@ am__skipyacc = + + ELF_CLFAGS=-DELF_LIST_OPTIONS=@elf_list_options@ \ + -DELF_SHLIB_LIST_OPTIONS=@elf_shlib_list_options@ \ +- -DELF_PLT_UNWIND_LIST_OPTIONS=@elf_plt_unwind_list_options@ ++ -DELF_PLT_UNWIND_LIST_OPTIONS=@elf_plt_unwind_list_options@ \ ++ -DSYSCONFDIR="\"$(sysconfdir)\"" + WARN_CFLAGS = @WARN_CFLAGS@ + NO_WERROR = @NO_WERROR@ + AM_CFLAGS = $(WARN_CFLAGS) $(ELF_CLFAGS) +Index: git/ld/Makefile.in +=================================================================== +--- git.orig/ld/Makefile.in ++++ git/ld/Makefile.in +@@ -546,7 +546,8 @@ am__skiplex = + am__skipyacc = + ELF_CLFAGS = -DELF_LIST_OPTIONS=@elf_list_options@ \ + -DELF_SHLIB_LIST_OPTIONS=@elf_shlib_list_options@ \ +- -DELF_PLT_UNWIND_LIST_OPTIONS=@elf_plt_unwind_list_options@ ++ -DELF_PLT_UNWIND_LIST_OPTIONS=@elf_plt_unwind_list_options@ \ ++ -DSYSCONFDIR="\"$(sysconfdir)\"" + + AM_CFLAGS = $(WARN_CFLAGS) $(ELF_CLFAGS) + @ENABLE_PLUGINS_FALSE@PLUGIN_C = +Index: git/ld/emultempl/elf32.em +=================================================================== +--- git.orig/ld/emultempl/elf32.em ++++ git/ld/emultempl/elf32.em +@@ -1024,7 +1024,7 @@ gld${EMULATION_NAME}_check_ld_so_conf (c + + info.path = NULL; + info.len = info.alloc = 0; +- tmppath = concat (ld_sysroot, "${prefix}/etc/ld.so.conf", ++ tmppath = concat (ld_sysconfdir, "/ld.so.conf", + (const char *) NULL); + if (!gld${EMULATION_NAME}_parse_ld_so_conf (&info, tmppath)) + { +Index: git/ld/ldmain.c +=================================================================== +--- git.orig/ld/ldmain.c ++++ git/ld/ldmain.c +@@ -68,6 +68,7 @@ char *program_name; + + /* The prefix for system library directories. */ + const char *ld_sysroot; ++char ld_sysconfdir[4096] __attribute__ ((section (".gccrelocprefix"))) = SYSCONFDIR; + + /* The canonical representation of ld_sysroot. */ + char *ld_canon_sysroot; +Index: git/ld/ldmain.h +=================================================================== +--- git.orig/ld/ldmain.h ++++ git/ld/ldmain.h +@@ -23,6 +23,7 @@ + + extern char *program_name; + extern const char *ld_sysroot; ++extern char ld_sysconfdir[4096]; + extern char *ld_canon_sysroot; + extern int ld_canon_sysroot_len; + extern FILE *saved_script_handle; diff --git a/meta/recipes-devtools/binutils/binutils_2.32.bb b/meta/recipes-devtools/binutils/binutils_2.32.bb index 51a9748906..625e18c787 100644 --- a/meta/recipes-devtools/binutils/binutils_2.32.bb +++ b/meta/recipes-devtools/binutils/binutils_2.32.bb @@ -46,4 +46,9 @@ do_install_class-native () { PACKAGE_BEFORE_PN += "libbfd" FILES_libbfd = "${libdir}/libbfd-*.so" +SRC_URI_append_class-nativesdk = "file://nativesdk-relocation.patch" + +USE_ALTERNATIVES_FOR_class-nativesdk = "" +FILES_${PN}_append_class-nativesdk = " ${bindir}" + BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch new file mode 100644 index 0000000000..ba4e3a3c97 --- /dev/null +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch @@ -0,0 +1,49 @@ +From 71ba13755337e19c9a826dfc874562a36e1b24d3 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o <tytso@mit.edu> +Date: Thu, 19 Dec 2019 19:45:06 -0500 +Subject: [PATCH] e2fsck: don't try to rehash a deleted directory + +If directory has been deleted in pass1[bcd] processing, then we +shouldn't try to rehash the directory in pass 3a when we try to +rehash/reoptimize directories. + +Signed-off-by: Theodore Ts'o <tytso@mit.edu> + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba13755337e19c9a826dfc874562a36e1b24d3] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + e2fsck/pass1b.c | 4 ++++ + e2fsck/rehash.c | 2 ++ + 2 files changed, 6 insertions(+) + +diff --git a/e2fsck/pass1b.c b/e2fsck/pass1b.c +index 5693b9cf..bca701ca 100644 +--- a/e2fsck/pass1b.c ++++ b/e2fsck/pass1b.c +@@ -705,6 +705,10 @@ static void delete_file(e2fsck_t ctx, ext2_ino_t ino, + fix_problem(ctx, PR_1B_BLOCK_ITERATE, &pctx); + if (ctx->inode_bad_map) + ext2fs_unmark_inode_bitmap2(ctx->inode_bad_map, ino); ++ if (ctx->inode_reg_map) ++ ext2fs_unmark_inode_bitmap2(ctx->inode_reg_map, ino); ++ ext2fs_unmark_inode_bitmap2(ctx->inode_dir_map, ino); ++ ext2fs_unmark_inode_bitmap2(ctx->inode_used_map, ino); + ext2fs_inode_alloc_stats2(fs, ino, -1, LINUX_S_ISDIR(dp->inode.i_mode)); + quota_data_sub(ctx->qctx, &dp->inode, ino, + pb.dup_blocks * fs->blocksize); +diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c +index 3dd1e941..2c908be0 100644 +--- a/e2fsck/rehash.c ++++ b/e2fsck/rehash.c +@@ -1028,6 +1028,8 @@ void e2fsck_rehash_directories(e2fsck_t ctx) + if (!ext2fs_u32_list_iterate(iter, &ino)) + break; + } ++ if (!ext2fs_test_inode_bitmap2(ctx->inode_dir_map, ino)) ++ continue; + + pctx.dir = ino; + if (first) { +-- +2.24.1 + diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch new file mode 100644 index 0000000000..de4bce0037 --- /dev/null +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch @@ -0,0 +1,57 @@ +From 8dd73c149f418238f19791f9d666089ef9734dff Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o <tytso@mit.edu> +Date: Thu, 19 Dec 2019 19:37:34 -0500 +Subject: [PATCH] e2fsck: abort if there is a corrupted directory block when + rehashing + +In e2fsck pass 3a, when we are rehashing directories, at least in +theory, all of the directories should have had corruptions with +respect to directory entry structure fixed. However, it's possible +(for example, if the user declined a fix) that we can reach this stage +of processing with a corrupted directory entries. + +So check for that case and don't try to process a corrupted directory +block so we don't run into trouble in mutate_name() if there is a +zero-length file name. + +Addresses: TALOS-2019-0973 +Addresses: CVE-2019-5188 +Signed-off-by: Theodore Ts'o <tytso@mit.edu> + +CVE: CVE-2019-5188 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff] +--- + e2fsck/rehash.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c +index a5fc1be1..3dd1e941 100644 +--- a/e2fsck/rehash.c ++++ b/e2fsck/rehash.c +@@ -160,6 +160,10 @@ static int fill_dir_block(ext2_filsys fs, + dir_offset += rec_len; + if (dirent->inode == 0) + continue; ++ if ((name_len) == 0) { ++ fd->err = EXT2_ET_DIR_CORRUPTED; ++ return BLOCK_ABORT; ++ } + if (!fd->compress && (name_len == 1) && + (dirent->name[0] == '.')) + continue; +@@ -401,6 +405,11 @@ static int duplicate_search_and_fix(e2fsck_t ctx, ext2_filsys fs, + continue; + } + new_len = ext2fs_dirent_name_len(ent->dir); ++ if (new_len == 0) { ++ /* should never happen */ ++ ext2fs_unmark_valid(fs); ++ continue; ++ } + memcpy(new_name, ent->dir->name, new_len); + mutate_name(new_name, &new_len); + for (j=0; j < fd->num_array; j++) { +-- +2.24.1 + diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch new file mode 100644 index 0000000000..342a2b855b --- /dev/null +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch @@ -0,0 +1,76 @@ +From: Wang Shilong <wshilong@ddn.com> +Date: Mon, 30 Dec 2019 19:52:39 -0500 +Subject: e2fsck: fix use after free in calculate_tree() + +The problem is alloc_blocks() will call get_next_block() which might +reallocate outdir->buf, and memory address could be changed after +this. To fix this, pointers that point into outdir->buf, such as +int_limit and root need to be recaulated based on the new starting +address of outdir->buf. + +[ Changed to correctly recalculate int_limit, and to optimize how we + reallocate outdir->buf. -TYT ] + +Addresses-Debian-Bug: 948517 +Signed-off-by: Wang Shilong <wshilong@ddn.com> +Signed-off-by: Theodore Ts'o <tytso@mit.edu> +(cherry picked from commit 101e73e99ccafa0403fcb27dd7413033b587ca01) + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=101e73e99ccafa0403fcb27dd7413033b587ca01] +--- + e2fsck/rehash.c | 17 ++++++++++++++++- + 1 file changed, 16 insertions(+), 1 deletion(-) + +diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c +index 0a5888a9..2574e151 100644 +--- a/e2fsck/rehash.c ++++ b/e2fsck/rehash.c +@@ -295,7 +295,11 @@ static errcode_t get_next_block(ext2_filsys fs, struct out_dir *outdir, + errcode_t retval; + + if (outdir->num >= outdir->max) { +- retval = alloc_size_dir(fs, outdir, outdir->max + 50); ++ int increment = outdir->max / 10; ++ ++ if (increment < 50) ++ increment = 50; ++ retval = alloc_size_dir(fs, outdir, outdir->max + increment); + if (retval) + return retval; + } +@@ -637,6 +641,9 @@ static int alloc_blocks(ext2_filsys fs, + if (retval) + return retval; + ++ /* outdir->buf might be reallocated */ ++ *prev_ent = (struct ext2_dx_entry *) (outdir->buf + *prev_offset); ++ + *next_ent = set_int_node(fs, block_start); + *limit = (struct ext2_dx_countlimit *)(*next_ent); + if (next_offset) +@@ -726,6 +733,9 @@ static errcode_t calculate_tree(ext2_filsys fs, + return retval; + } + if (c3 == 0) { ++ int delta1 = (char *)int_limit - outdir->buf; ++ int delta2 = (char *)root - outdir->buf; ++ + retval = alloc_blocks(fs, &limit, &int_ent, + &dx_ent, &int_offset, + NULL, outdir, i, &c2, +@@ -733,6 +743,11 @@ static errcode_t calculate_tree(ext2_filsys fs, + if (retval) + return retval; + ++ /* outdir->buf might be reallocated */ ++ int_limit = (struct ext2_dx_countlimit *) ++ (outdir->buf + delta1); ++ root = (struct ext2_dx_entry *) ++ (outdir->buf + delta2); + } + dx_ent->block = ext2fs_cpu_to_le32(i); + if (c3 != limit->limit) +-- +2.24.1 + diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.5.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.5.bb index 0695ee9dc3..da06888b34 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.5.bb +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.5.bb @@ -7,6 +7,9 @@ SRC_URI += "file://remove.ldconfig.call.patch \ file://mkdir_p.patch \ file://0001-misc-create_inode.c-set-dir-s-mode-correctly.patch \ file://0001-create_inode-fix-copying-large-files.patch \ + file://CVE-2019-5188.patch \ + file://0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch \ + file://e2fsck-fix-use-after-free-in-calculate_tree.patch \ " SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \ diff --git a/meta/recipes-devtools/git/git_2.20.1.bb b/meta/recipes-devtools/git/git_2.20.1.bb deleted file mode 100644 index 877fb05e58..0000000000 --- a/meta/recipes-devtools/git/git_2.20.1.bb +++ /dev/null @@ -1,11 +0,0 @@ -require git.inc - -EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \ - ac_cv_fread_reads_directories=${ac_cv_fread_reads_directories=yes} \ - " -EXTRA_OEMAKE += "NO_GETTEXT=1" - -SRC_URI[tarball.md5sum] = "7a7769e5c957364ed0aed89e6e67c254" -SRC_URI[tarball.sha256sum] = "edc3bc1495b69179ba4e272e97eff93334a20decb1d8db6ec3c19c16417738fd" -SRC_URI[manpages.md5sum] = "78c6e54a61a167dab5e8ae07036293ab" -SRC_URI[manpages.sha256sum] = "e9c123463abd05e142defe44a8060ce6e9853dfd8c83b2542e38b7deac4e6d4c" diff --git a/meta/recipes-devtools/git/git_2.20.4.bb b/meta/recipes-devtools/git/git_2.20.4.bb new file mode 100644 index 0000000000..e44da452ad --- /dev/null +++ b/meta/recipes-devtools/git/git_2.20.4.bb @@ -0,0 +1,11 @@ +require git.inc + +EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \ + ac_cv_fread_reads_directories=${ac_cv_fread_reads_directories=yes} \ + " +EXTRA_OEMAKE += "NO_GETTEXT=1" + +SRC_URI[tarball.md5sum] = "6f524e37186a79848a716e2a91330868" +SRC_URI[tarball.sha256sum] = "92719084d7648b69038ea617a3bc45ec74f60ed7eef753ae2ad84b6f0b268e9a" +SRC_URI[manpages.md5sum] = "dceabcda244042a06ed4cabd754627a5" +SRC_URI[manpages.sha256sum] = "72fdd1799756b1240921d10eb5c67de9a651b44d429ba7293929c9d5344ad3e0" diff --git a/meta/recipes-devtools/python/python-native_2.7.17.bb b/meta/recipes-devtools/python/python-native_2.7.18.bb index 335318bab8..335318bab8 100644 --- a/meta/recipes-devtools/python/python-native_2.7.17.bb +++ b/meta/recipes-devtools/python/python-native_2.7.18.bb diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc index a2424a67bf..bd214e8f8b 100644 --- a/meta/recipes-devtools/python/python.inc +++ b/meta/recipes-devtools/python/python.inc @@ -5,13 +5,13 @@ SECTION = "devel/python" # bump this on every change in contrib/python/generate-manifest-2.7.py INC_PR = "r1" -LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498" +LIC_FILES_CHKSUM = "file://LICENSE;md5=203a6dbc802ee896020a47161e759642" SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ " -SRC_URI[md5sum] = "b3b6d2c92f42a60667814358ab9f0cfd" -SRC_URI[sha256sum] = "4d43f033cdbd0aa7b7023c81b0e986fd11e653b5248dac9144d508f11812ba41" +SRC_URI[md5sum] = "fd6cc8ec0a78c44036f825e739f36e5a" +SRC_URI[sha256sum] = "b62c0e7937551d0cc02b8fd5cb0f544f9405bafc9a54d3808ed4594812edef43" # python recipe is actually python 2.x # also, exclude pre-releases for both python 2.x and 3.x diff --git a/meta/recipes-devtools/python/python3-testtools/no_traceback2.patch b/meta/recipes-devtools/python/python3-testtools/no_traceback2.patch new file mode 100644 index 0000000000..594510342b --- /dev/null +++ b/meta/recipes-devtools/python/python3-testtools/no_traceback2.patch @@ -0,0 +1,23 @@ +traceback2 adds traceback for python2. Rather than depend on traceback2, we're +python3 only so just use traceback. +This caused breakage in oe-selftest -j which uses testtools on the autobuilder +using buildtools-tarball. + +Upstream-Status: Inappropriate [Our recipe is python3 specific] +(Once py2 is EOL upstream probably could/should take this) +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: testtools-2.3.0/testtools/content.py +=================================================================== +--- testtools-2.3.0.orig/testtools/content.py ++++ testtools-2.3.0/testtools/content.py +@@ -19,8 +19,7 @@ import os + import sys + + from extras import try_import +-# To let setup.py work, make this a conditional import. +-traceback = try_import('traceback2') ++import traceback + + from testtools.compat import ( + _b, diff --git a/meta/recipes-devtools/python/python3-testtools_2.3.0.bb b/meta/recipes-devtools/python/python3-testtools_2.3.0.bb index 896ecee65c..a254b90a75 100644 --- a/meta/recipes-devtools/python/python3-testtools_2.3.0.bb +++ b/meta/recipes-devtools/python/python3-testtools_2.3.0.bb @@ -1,2 +1,4 @@ inherit setuptools3 require python-testtools.inc + +SRC_URI += "file://no_traceback2.patch" diff --git a/meta/recipes-devtools/python/python3_3.7.6.bb b/meta/recipes-devtools/python/python3_3.7.7.bb index 3efd3bcac8..114cf2fe09 100644 --- a/meta/recipes-devtools/python/python3_3.7.6.bb +++ b/meta/recipes-devtools/python/python3_3.7.7.bb @@ -3,7 +3,7 @@ HOMEPAGE = "http://www.python.org" LICENSE = "PSFv2" SECTION = "devel/python" -LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498" +LIC_FILES_CHKSUM = "file://LICENSE;md5=203a6dbc802ee896020a47161e759642" SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://run-ptest \ @@ -38,8 +38,8 @@ SRC_URI_append_class-nativesdk = " \ file://0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch \ " -SRC_URI[md5sum] = "c08fbee72ad5c2c95b0f4e44bf6fd72c" -SRC_URI[sha256sum] = "55a2cce72049f0794e9a11a84862e9039af9183603b78bc60d89539f82cf533f" +SRC_URI[md5sum] = "172c650156f7bea68ce31b2fd01fa766" +SRC_URI[sha256sum] = "06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" diff --git a/meta/recipes-devtools/python/python_2.7.17.bb b/meta/recipes-devtools/python/python_2.7.18.bb index ec724c3918..ec724c3918 100644 --- a/meta/recipes-devtools/python/python_2.7.17.bb +++ b/meta/recipes-devtools/python/python_2.7.18.bb diff --git a/meta/recipes-support/attr/attr_2.4.47.bb b/meta/recipes-support/attr/attr_2.4.47.bb index fc88bef830..c3da66a0c7 100644 --- a/meta/recipes-support/attr/attr_2.4.47.bb +++ b/meta/recipes-support/attr/attr_2.4.47.bb @@ -12,4 +12,7 @@ SRC_URI += "file://attr-Missing-configure.ac.patch \ SRC_URI[md5sum] = "84f58dec00b60f2dc8fd1c9709291cc7" SRC_URI[sha256sum] = "25772f653ac5b2e3ceeb89df50e4688891e21f723c460636548971652af0a859" +# Has issues with newer versions of make +PARALLEL_MAKEINST = "" + BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-support/boost/boost/0001-dont-setup-compiler-flags-m32-m64.patch b/meta/recipes-support/boost/boost/0001-dont-setup-compiler-flags-m32-m64.patch new file mode 100644 index 0000000000..78b19225d4 --- /dev/null +++ b/meta/recipes-support/boost/boost/0001-dont-setup-compiler-flags-m32-m64.patch @@ -0,0 +1,42 @@ +From 59402e3a61d14eb7ce8c2019ea1a87ad4bd28605 Mon Sep 17 00:00:00 2001 +From: Anuj Mittal <anuj.mittal@intel.com> +Date: Thu, 14 Nov 2019 10:13:53 +0800 +Subject: [PATCH] dont setup compiler flags -m32/-m64 + +We don't want these to be setup by boost as we pass our own flags. + +Upstream-Status: Inappropriate [OE-specific] + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + tools/build/src/tools/gcc.jam | 14 -------------- + 1 file changed, 14 deletions(-) + +diff --git a/tools/build/src/tools/gcc.jam b/tools/build/src/tools/gcc.jam +index c7e3cf3..24486e0 100644 +--- a/tools/build/src/tools/gcc.jam ++++ b/tools/build/src/tools/gcc.jam +@@ -430,20 +430,6 @@ local rule compile-link-flags ( * ) + } + + { +- # Handle address-model +- compile-link-flags <target-os>aix/<address-model>32 : -maix32 ; +- compile-link-flags <target-os>aix/<address-model>64 : -maix64 ; +- +- compile-link-flags <target-os>hpux/<address-model>32 : -milp32 ; +- compile-link-flags <target-os>hpux/<address-model>64 : -mlp64 ; +- +- local generic-os = [ set.difference $(all-os) : aix hpux ] ; +- local arch = power sparc x86 ; +- compile-link-flags <target-os>$(generic-os)/<architecture>$(arch)/<address-model>32 : -m32 ; +- compile-link-flags <target-os>$(generic-os)/<architecture>$(arch)/<address-model>64 : -m64 ; +-} +- +-{ + # Handle threading + local rule threading-flags ( * ) + { +-- +2.7.4 + diff --git a/meta/recipes-support/boost/boost_1.69.0.bb b/meta/recipes-support/boost/boost_1.69.0.bb index 324b46f168..5e9e0d87d7 100644 --- a/meta/recipes-support/boost/boost_1.69.0.bb +++ b/meta/recipes-support/boost/boost_1.69.0.bb @@ -6,4 +6,5 @@ SRC_URI += "file://arm-intrinsics.patch \ file://boost-math-disable-pch-for-gcc.patch \ file://0001-Apply-boost-1.62.0-no-forced-flags.patch.patch \ file://0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \ + file://0001-dont-setup-compiler-flags-m32-m64.patch \ " diff --git a/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch b/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch index 4a280f9d5c..83195b5bd4 100644 --- a/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch +++ b/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch @@ -1,4 +1,4 @@ -From 0df5800cc2e720aad883a517f7d24a9722fe5845 Mon Sep 17 00:00:00 2001 +From e3adc816d2d56dd929016073937ba24e01e03cb8 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Thu, 20 Dec 2018 17:37:48 -0800 Subject: [PATCH] Woverride-init is not needed with gcc 9 @@ -17,15 +17,18 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dirmngr/dns.h b/dirmngr/dns.h -index 30d0b45..98fe412 100644 +index 024d6dcc8..c6e141e16 100644 --- a/dirmngr/dns.h +++ b/dirmngr/dns.h -@@ -154,7 +154,7 @@ DNS_PUBLIC int *dns_debug_p(void); +@@ -139,7 +139,7 @@ DNS_PUBLIC int *dns_debug_p(void); + #define DNS_PRAGMA_QUIET _Pragma("clang diagnostic ignored \"-Winitializer-overrides\"") + #define DNS_PRAGMA_POP _Pragma("clang diagnostic pop") - #define dns_quietinit(...) \ - DNS_PRAGMA_PUSH DNS_PRAGMA_QUIET __VA_ARGS__ DNS_PRAGMA_POP -#elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || __GNUC__ > 4 +#elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || (__GNUC__ > 4 && __GNUC__ < 9) #define DNS_PRAGMA_PUSH _Pragma("GCC diagnostic push") #define DNS_PRAGMA_QUIET _Pragma("GCC diagnostic ignored \"-Woverride-init\"") #define DNS_PRAGMA_POP _Pragma("GCC diagnostic pop") +-- +2.17.1 + diff --git a/meta/recipes-support/gnupg/gnupg_2.2.13.bb b/meta/recipes-support/gnupg/gnupg_2.2.17.bb index 3ce2a38c0e..e5456dd9b9 100644 --- a/meta/recipes-support/gnupg/gnupg_2.2.13.bb +++ b/meta/recipes-support/gnupg/gnupg_2.2.17.bb @@ -19,9 +19,8 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \ file://relocate.patch" - -SRC_URI[md5sum] = "563b959d0c3856e34526e9ca51c80d7b" -SRC_URI[sha256sum] = "76c787a955f9e6e0ead47c9be700bfb9d454f955a7b7c7e697aa719bac7b11d8" +SRC_URI[md5sum] = "1ba2d9b70c377f8e967742064c27a19c" +SRC_URI[sha256sum] = "afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514" EXTRA_OECONF = "--disable-ldap \ --disable-ccid-driver \ diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.64.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.64.2.bb index b095397ec2..b33a47be6a 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.64.2.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.64.2.bb @@ -15,6 +15,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ SRC_URI[md5sum] = "cac755dc6c6acd6e0c70007f547548f5" SRC_URI[sha256sum] = "75ddc194a5b1d6f25033bb9d355f04bfe5c03e0e1c71ed0774104457b3a786c6" +CVE_PRODUCT = "libsoup" + S = "${WORKDIR}/libsoup-${PV}" inherit meson gettext pkgconfig upstream-version-is-even gobject-introspection gtk-doc diff --git a/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch b/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch new file mode 100644 index 0000000000..7c4a65b3cd --- /dev/null +++ b/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch @@ -0,0 +1,40 @@ +From fcf06b0b426e6c243d6ca2d6c6a02830717ab6a3 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Tue, 15 Oct 2019 13:22:52 +0800 +Subject: [PATCH] Fix CVE-2019-16168 + +CVE: CVE-2019-16168 + +Upstream-Status: Backport [https://www.sqlite.org/src/vpatch?from=4f5b2d938194fab7&to=98357d8c1263920b] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + sqlite3.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 61bfdeb..b3e6ae2 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -105933,7 +105933,9 @@ static void decodeIntArray( + if( sqlite3_strglob("unordered*", z)==0 ){ + pIndex->bUnordered = 1; + }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){ +- pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3)); ++ int sz = sqlite3Atoi(z+3); ++ if( sz<2 ) sz = 2; ++ pIndex->szIdxRow = sqlite3LogEst(sz); + }else if( sqlite3_strglob("noskipscan*", z)==0 ){ + pIndex->noSkipScan = 1; + } +@@ -143260,6 +143262,7 @@ static int whereLoopAddBtreeIndex( + ** it to pNew->rRun, which is currently set to the cost of the index + ** seek only. Then, if this is a non-covering index, add the cost of + ** visiting the rows in the main table. */ ++ assert( pSrc->pTab->szTabRow>0 ); + rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow; + pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx); + if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){ +-- +2.17.1 + diff --git a/meta/recipes-support/sqlite/sqlite3_3.27.2.bb b/meta/recipes-support/sqlite/sqlite3_3.27.2.bb index 4bdb04f4d1..2888a56ee9 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.27.2.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.27.2.bb @@ -7,6 +7,7 @@ SRC_URI = "\ http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \ file://CVE-2019-9936.patch \ file://CVE-2019-9937.patch \ + file://0001-Fix-CVE-2019-16168.patch \ " SRC_URI[md5sum] = "1f72631ce6e8efa5b4a6e55a43b3bdc0" |