diff options
Diffstat (limited to 'meta/recipes-extended')
| -rw-r--r-- | meta/recipes-extended/bzip2/bzip2_1.0.6.bb | 6 | ||||
| -rw-r--r-- | meta/recipes-extended/lsb/lsbtest/packages_list | 2 | ||||
| -rw-r--r-- | meta/recipes-extended/lsof/lsof_4.89.bb | 6 | ||||
| -rw-r--r-- | meta/recipes-extended/minicom/minicom_2.7.1.bb | 2 | ||||
| -rw-r--r-- | meta/recipes-extended/shadow/files/CVE-2016-6252.patch | 48 | ||||
| -rw-r--r-- | meta/recipes-extended/shadow/files/CVE-2017-2616.patch | 64 | ||||
| -rw-r--r-- | meta/recipes-extended/shadow/files/CVE-2018-7169.patch | 186 | ||||
| -rw-r--r-- | meta/recipes-extended/shadow/shadow.inc | 10 | ||||
| -rw-r--r-- | meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch | 174 | ||||
| -rw-r--r-- | meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch | 115 | ||||
| -rw-r--r-- | meta/recipes-extended/tzcode/tzcode-native_2018f.bb (renamed from meta/recipes-extended/tzcode/tzcode-native_2018c.bb) | 8 | ||||
| -rw-r--r-- | meta/recipes-extended/tzdata/tzdata_2018f.bb (renamed from meta/recipes-extended/tzdata/tzdata_2018c.bb) | 6 |
12 files changed, 321 insertions, 306 deletions
diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb index de668d6d2b..acbf80a685 100644 --- a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb +++ b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb @@ -2,13 +2,13 @@ SUMMARY = "Very high-quality data compression program" DESCRIPTION = "bzip2 compresses files using the Burrows-Wheeler block-sorting text compression algorithm, and \ Huffman coding. Compression is generally considerably better than that achieved by more conventional \ LZ77/LZ78-based compressors, and approaches the performance of the PPM family of statistical compressors." -HOMEPAGE = "http://www.bzip.org/" +HOMEPAGE = "https://sourceware.org/bzip2/" SECTION = "console/utils" LICENSE = "bzip2" LIC_FILES_CHKSUM = "file://LICENSE;beginline=8;endline=37;md5=40d9d1eb05736d1bfc86cfdd9106e6b2" PR = "r5" -SRC_URI = "http://www.bzip.org/${PV}/${BP}.tar.gz \ +SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/${BP}.tar.gz \ file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \ file://configure.ac;subdir=${BP} \ file://Makefile.am;subdir=${BP} \ @@ -19,7 +19,7 @@ SRC_URI = "http://www.bzip.org/${PV}/${BP}.tar.gz \ SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b" SRC_URI[sha256sum] = "a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd" -UPSTREAM_CHECK_URI = "http://www.bzip.org/downloads.html" +UPSTREAM_CHECK_URI = "https://www.sourceware.org/bzip2/" PACKAGES =+ "libbz2" diff --git a/meta/recipes-extended/lsb/lsbtest/packages_list b/meta/recipes-extended/lsb/lsbtest/packages_list index 959f931504..1a6c11699a 100644 --- a/meta/recipes-extended/lsb/lsbtest/packages_list +++ b/meta/recipes-extended/lsb/lsbtest/packages_list @@ -1,7 +1,7 @@ LSB_RELEASE="released-5.0" LSB_ARCH="lsbarch" -BASE_PACKAGES_LIST="lsb-setup-4.1.0-1.noarch.rpm" +BASE_PACKAGES_LIST="lsb-setup-5.0.0-2.noarch.rpm" RUNTIME_BASE_PACKAGES_LIST="lsb-dist-checker-5.0.0.1-1.targetarch.rpm \ lsb-tet3-lite-3.7-27.lsb5.targetarch.rpm \ diff --git a/meta/recipes-extended/lsof/lsof_4.89.bb b/meta/recipes-extended/lsof/lsof_4.89.bb index 14546db23c..b58b8281f9 100644 --- a/meta/recipes-extended/lsof/lsof_4.89.bb +++ b/meta/recipes-extended/lsof/lsof_4.89.bb @@ -11,12 +11,12 @@ LIC_FILES_CHKSUM = "file://00README;beginline=645;endline=679;md5=964df275d26429 # https://people.freebsd.org/~abe/ ). http://www.mirrorservice.org seems to be # the most commonly used alternative. -SRC_URI = "http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_${PV}.tar.bz2 \ +SRC_URI = "http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/OLD/lsof_${PV}.tar.gz \ file://lsof-remove-host-information.patch \ " -SRC_URI[md5sum] = "1b9cd34f3fb86856a125abbf2be3a386" -SRC_URI[sha256sum] = "81ac2fc5fdc944793baf41a14002b6deb5a29096b387744e28f8c30a360a3718" +SRC_URI[md5sum] = "8afbaff3ee308edc130bdc5df0801c8f" +SRC_URI[sha256sum] = "5d08da7ebe049c9d9a6472d6afb81aa5af54c4733a3f8822cbc22b57867633c9" LOCALSRC = "file://${WORKDIR}/lsof_${PV}/lsof_${PV}_src.tar" diff --git a/meta/recipes-extended/minicom/minicom_2.7.1.bb b/meta/recipes-extended/minicom/minicom_2.7.1.bb index 1a31a872d6..78edffaf4c 100644 --- a/meta/recipes-extended/minicom/minicom_2.7.1.bb +++ b/meta/recipes-extended/minicom/minicom_2.7.1.bb @@ -7,7 +7,7 @@ LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=420477abc567404debca0a2a1cb6b645 \ file://src/minicom.h;beginline=1;endline=12;md5=a58838cb709f0db517f4e42730c49e81" -SRC_URI = "https://alioth.debian.org/frs/download.php/latestfile/3/${BP}.tar.gz \ +SRC_URI = "${DEBIAN_MIRROR}/main/m/${BPN}/${BPN}_${PV}.orig.tar.gz \ file://allow.to.disable.lockdev.patch \ file://0001-fix-minicom-h-v-return-value-is-not-0.patch \ file://0001-Fix-build-issus-surfaced-due-to-musl.patch \ diff --git a/meta/recipes-extended/shadow/files/CVE-2016-6252.patch b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch new file mode 100644 index 0000000000..bdaba5eecd --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch @@ -0,0 +1,48 @@ +From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001 +From: Sebastian Krahmer <krahmer@suse.com> +Date: Wed, 3 Aug 2016 11:51:07 -0500 +Subject: [PATCH] Simplify getulong + +Use strtoul to read an unsigned long, rather than reading +a signed long long and casting it. + +https://bugzilla.suse.com/show_bug.cgi?id=979282 + +Upstream-Status: Backport +Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> +--- + lib/getulong.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/lib/getulong.c b/lib/getulong.c +index 61579ca..08d2c1a 100644 +--- a/lib/getulong.c ++++ b/lib/getulong.c +@@ -44,22 +44,19 @@ + */ + int getulong (const char *numstr, /*@out@*/unsigned long int *result) + { +- long long int val; ++ unsigned long int val; + char *endptr; + + errno = 0; +- val = strtoll (numstr, &endptr, 0); ++ val = strtoul (numstr, &endptr, 0); + if ( ('\0' == *numstr) + || ('\0' != *endptr) + || (ERANGE == errno) +- /*@+ignoresigns@*/ +- || (val != (unsigned long int)val) +- /*@=ignoresigns@*/ + ) { + return 0; + } + +- *result = (unsigned long int)val; ++ *result = val; + return 1; + } + +-- +1.9.1 diff --git a/meta/recipes-extended/shadow/files/CVE-2017-2616.patch b/meta/recipes-extended/shadow/files/CVE-2017-2616.patch new file mode 100644 index 0000000000..ee728f0952 --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2017-2616.patch @@ -0,0 +1,64 @@ +shadow-4.2.1: Fix CVE-2017-2616 + +[No upstream tracking] -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943 + +su: properly clear child PID + +If su is compiled with PAM support, it is possible for any local user +to send SIGKILL to other processes with root privileges. There are +only two conditions. First, the user must be able to perform su with +a successful login. This does NOT have to be the root user, even using +su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL +can only be sent to processes which were executed after the su process. +It is not possible to send SIGKILL to processes which were already +running. I consider this as a security vulnerability, because I was +able to write a proof of concept which unlocked a screen saver of +another user this way. + +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686] +CVE: CVE-2017-2616 +bug: 855943 +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> + +diff --git a/src/su.c b/src/su.c +index 3704217..1efcd61 100644 +--- a/src/su.c ++++ b/src/su.c +@@ -363,20 +363,35 @@ static void prepare_pam_close_session (void) + /* wake child when resumed */ + kill (pid, SIGCONT); + stop = false; ++ } else { ++ pid_child = 0; + } + } while (!stop); + } + +- if (0 != caught) { ++ if (0 != caught && 0 != pid_child) { + (void) fputs ("\n", stderr); + (void) fputs (_("Session terminated, terminating shell..."), + stderr); + (void) kill (-pid_child, caught); + + (void) signal (SIGALRM, kill_child); ++ (void) signal (SIGCHLD, catch_signals); + (void) alarm (2); + +- (void) wait (&status); ++ sigemptyset (&ourset); ++ if ((sigaddset (&ourset, SIGALRM) != 0) ++ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) { ++ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog); ++ kill_child (0); ++ } else { ++ while (0 == waitpid (pid_child, &status, WNOHANG)) { ++ sigsuspend (&ourset); ++ } ++ pid_child = 0; ++ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL); ++ } ++ + (void) fputs (_(" ...terminated.\n"), stderr); + } + diff --git a/meta/recipes-extended/shadow/files/CVE-2018-7169.patch b/meta/recipes-extended/shadow/files/CVE-2018-7169.patch new file mode 100644 index 0000000000..36887d44ee --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2018-7169.patch @@ -0,0 +1,186 @@ +From fb28c99b8a66ff2605c5cb96abc0a4d975f92de0 Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai <asarai@suse.de> +Date: Thu, 15 Feb 2018 23:49:40 +1100 +Subject: [PATCH] newgidmap: enforce setgroups=deny if self-mapping a group + +This is necessary to match the kernel-side policy of "self-mapping in a +user namespace is fine, but you cannot drop groups" -- a policy that was +created in order to stop user namespaces from allowing trivial privilege +escalation by dropping supplementary groups that were "blacklisted" from +certain paths. + +This is the simplest fix for the underlying issue, and effectively makes +it so that unless a user has a valid mapping set in /etc/subgid (which +only administrators can modify) -- and they are currently trying to use +that mapping -- then /proc/$pid/setgroups will be set to deny. This +workaround is only partial, because ideally it should be possible to set +an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow +administrators to further restrict newgidmap(1). + +We also don't write anything in the "allow" case because "allow" is the +default, and users may have already written "deny" even if they +technically are allowed to use setgroups. And we don't write anything if +the setgroups policy is already "deny". + +Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 +Fixes: CVE-2018-7169 + +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/fb28c99b8a66ff2605c5cb96abc0a4d975f92de0] +Reported-by: Craig Furman <craig.furman89@gmail.com> +Signed-off-by: Aleksa Sarai <asarai@suse.de> +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + src/newgidmap.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 80 insertions(+), 9 deletions(-) + +diff --git a/src/newgidmap.c b/src/newgidmap.c +index b1e33513..59a2e75c 100644 +--- a/src/newgidmap.c ++++ b/src/newgidmap.c +@@ -46,32 +46,37 @@ + */ + const char *Prog; + +-static bool verify_range(struct passwd *pw, struct map_range *range) ++ ++static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups) + { + /* An empty range is invalid */ + if (range->count == 0) + return false; + +- /* Test /etc/subgid */ +- if (have_sub_gids(pw->pw_name, range->lower, range->count)) ++ /* Test /etc/subgid. If the mapping is valid then we allow setgroups. */ ++ if (have_sub_gids(pw->pw_name, range->lower, range->count)) { ++ *allow_setgroups = true; + return true; ++ } + +- /* Allow a process to map it's own gid */ +- if ((range->count == 1) && (pw->pw_gid == range->lower)) ++ /* Allow a process to map its own gid. */ ++ if ((range->count == 1) && (pw->pw_gid == range->lower)) { ++ /* noop -- if setgroups is enabled already we won't disable it. */ + return true; ++ } + + return false; + } + + static void verify_ranges(struct passwd *pw, int ranges, +- struct map_range *mappings) ++ struct map_range *mappings, bool *allow_setgroups) + { + struct map_range *mapping; + int idx; + + mapping = mappings; + for (idx = 0; idx < ranges; idx++, mapping++) { +- if (!verify_range(pw, mapping)) { ++ if (!verify_range(pw, mapping, allow_setgroups)) { + fprintf(stderr, _( "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"), + Prog, + mapping->upper, +@@ -89,6 +94,70 @@ static void usage(void) + exit(EXIT_FAILURE); + } + ++void write_setgroups(int proc_dir_fd, bool allow_setgroups) ++{ ++ int setgroups_fd; ++ char *policy, policy_buffer[4096]; ++ ++ /* ++ * Default is "deny", and any "allow" will out-rank a "deny". We don't ++ * forcefully write an "allow" here because the process we are writing ++ * mappings for may have already set themselves to "deny" (and "allow" ++ * is the default anyway). So allow_setgroups == true is a noop. ++ */ ++ policy = "deny\n"; ++ if (allow_setgroups) ++ return; ++ ++ setgroups_fd = openat(proc_dir_fd, "setgroups", O_RDWR|O_CLOEXEC); ++ if (setgroups_fd < 0) { ++ /* ++ * If it's an ENOENT then we are on too old a kernel for the setgroups ++ * code to exist. Emit a warning and bail on this. ++ */ ++ if (ENOENT == errno) { ++ fprintf(stderr, _("%s: kernel doesn't support setgroups restrictions\n"), Prog); ++ goto out; ++ } ++ fprintf(stderr, _("%s: couldn't open process setgroups: %s\n"), ++ Prog, ++ strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ ++ /* ++ * Check whether the policy is already what we want. /proc/self/setgroups ++ * is write-once, so attempting to write after it's already written to will ++ * fail. ++ */ ++ if (read(setgroups_fd, policy_buffer, sizeof(policy_buffer)) < 0) { ++ fprintf(stderr, _("%s: failed to read setgroups: %s\n"), ++ Prog, ++ strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ if (!strncmp(policy_buffer, policy, strlen(policy))) ++ goto out; ++ ++ /* Write the policy. */ ++ if (lseek(setgroups_fd, 0, SEEK_SET) < 0) { ++ fprintf(stderr, _("%s: failed to seek setgroups: %s\n"), ++ Prog, ++ strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ if (dprintf(setgroups_fd, "%s", policy) < 0) { ++ fprintf(stderr, _("%s: failed to setgroups %s policy: %s\n"), ++ Prog, ++ policy, ++ strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ ++out: ++ close(setgroups_fd); ++} ++ + /* + * newgidmap - Set the gid_map for the specified process + */ +@@ -103,6 +172,7 @@ int main(int argc, char **argv) + struct stat st; + struct passwd *pw; + int written; ++ bool allow_setgroups = false; + + Prog = Basename (argv[0]); + +@@ -145,7 +215,7 @@ int main(int argc, char **argv) + (unsigned long) getuid ())); + return EXIT_FAILURE; + } +- ++ + /* Get the effective uid and effective gid of the target process */ + if (fstat(proc_dir_fd, &st) < 0) { + fprintf(stderr, _("%s: Could not stat directory for target %u\n"), +@@ -177,8 +247,9 @@ int main(int argc, char **argv) + if (!mappings) + usage(); + +- verify_ranges(pw, ranges, mappings); ++ verify_ranges(pw, ranges, mappings, &allow_setgroups); + ++ write_setgroups(proc_dir_fd, allow_setgroups); + write_mapping(proc_dir_fd, ranges, mappings, "gid_map"); + sub_gid_close(); + +-- +2.13.3 + diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index cc189649b2..f3f5bf6f07 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -9,7 +9,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ DEPENDS_class-native = "" DEPENDS_class-nativesdk = "" -SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ +UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases" + +SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/${BP}.tar.xz \ file://shadow-4.1.3-dots-in-usernames.patch \ file://usermod-fix-compilation-failure-with-subids-disabled.patch \ file://fix-installation-failure-with-subids-disabled.patch \ @@ -17,7 +19,10 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \ file://0001-useradd-copy-extended-attributes-of-home.patch \ file://0001-shadow-CVE-2017-12424 \ + file://CVE-2017-2616.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://CVE-2018-7169.patch \ + file://CVE-2016-6252.patch \ " SRC_URI_append_class-target = " \ @@ -128,7 +133,8 @@ do_install_append() { # Ensure that the image has as a /var/spool/mail dir so shadow can # put mailboxes there if the user reconfigures shadow to its # defaults (see sed below). - install -d ${D}${localstatedir}/spool/mail + install -m 0775 -d ${D}${localstatedir}/spool/mail + chown root:mail ${D}${localstatedir}/spool/mail if [ -e ${WORKDIR}/pam.d ]; then install -d ${D}${sysconfdir}/pam.d/ diff --git a/meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch b/meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch deleted file mode 100644 index e49fa09647..0000000000 --- a/meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch +++ /dev/null @@ -1,174 +0,0 @@ -From b520d20b8122a783f99f088758b78d928f70ee34 Mon Sep 17 00:00:00 2001 -From: Paul Eggert <eggert@cs.ucla.edu> -Date: Mon, 23 Oct 2017 11:42:45 -0700 -Subject: [PATCH] Fix Makefile quoting bug - -Problem with INSTALLARGS reported by Zefram in: -https://mm.icann.org/pipermail/tz/2017-October/025360.html -Fix similar problems too. -* Makefile (ZIC_INSTALL, VALIDATE_ENV, CC, install) -(INSTALL, version, INSTALLARGS, right_posix, posix_right) -(check_public): Use apostrophes to prevent undesirable -interpretation of names by the shell. We still do not support -directory names containing apostrophes or newlines, but this is -good enough. - -Upstream-Status: Backport -Signed-off-by: Armin Kuster <akuster@mvista.com> - -* NEWS: Mention this. ---- - Makefile | 64 ++++++++++++++++++++++++++++++++-------------------------------- - NEWS | 8 ++++++++ - 2 files changed, 40 insertions(+), 32 deletions(-) - -diff --git a/Makefile b/Makefile -index c92edc0..97649ca 100644 ---- a/Makefile -+++ b/Makefile -@@ -313,7 +313,7 @@ ZFLAGS= - - # How to use zic to install tz binary files. - --ZIC_INSTALL= $(ZIC) -d $(DESTDIR)$(TZDIR) $(LEAPSECONDS) -+ZIC_INSTALL= $(ZIC) -d '$(DESTDIR)$(TZDIR)' $(LEAPSECONDS) - - # The name of a Posix-compliant 'awk' on your system. - AWK= awk -@@ -341,8 +341,8 @@ SGML_CATALOG_FILES= \ - VALIDATE = nsgmls - VALIDATE_FLAGS = -s -B -wall -wno-unused-param - VALIDATE_ENV = \ -- SGML_CATALOG_FILES=$(SGML_CATALOG_FILES) \ -- SGML_SEARCH_PATH=$(SGML_SEARCH_PATH) \ -+ SGML_CATALOG_FILES='$(SGML_CATALOG_FILES)' \ -+ SGML_SEARCH_PATH='$(SGML_SEARCH_PATH)' \ - SP_CHARSET_FIXED=YES \ - SP_ENCODING=UTF-8 - -@@ -396,7 +396,7 @@ GZIPFLAGS= -9n - #MAKE= make - - cc= cc --CC= $(cc) -DTZDIR=\"$(TZDIR)\" -+CC= $(cc) -DTZDIR='"$(TZDIR)"' - - AR= ar - -@@ -473,29 +473,29 @@ all: tzselect yearistype zic zdump libtz.a $(TABDATA) - ALL: all date $(ENCHILADA) - - install: all $(DATA) $(REDO) $(MANS) -- mkdir -p $(DESTDIR)$(ETCDIR) $(DESTDIR)$(TZDIR) \ -- $(DESTDIR)$(LIBDIR) \ -- $(DESTDIR)$(MANDIR)/man3 $(DESTDIR)$(MANDIR)/man5 \ -- $(DESTDIR)$(MANDIR)/man8 -+ mkdir -p '$(DESTDIR)$(ETCDIR)' '$(DESTDIR)$(TZDIR)' \ -+ '$(DESTDIR)$(LIBDIR)' \ -+ '$(DESTDIR)$(MANDIR)/man3' '$(DESTDIR)$(MANDIR)/man5' \ -+ '$(DESTDIR)$(MANDIR)/man8' - $(ZIC_INSTALL) -l $(LOCALTIME) -p $(POSIXRULES) -- cp -f $(TABDATA) $(DESTDIR)$(TZDIR)/. -- cp tzselect zic zdump $(DESTDIR)$(ETCDIR)/. -- cp libtz.a $(DESTDIR)$(LIBDIR)/. -- $(RANLIB) $(DESTDIR)$(LIBDIR)/libtz.a -- cp -f newctime.3 newtzset.3 $(DESTDIR)$(MANDIR)/man3/. -- cp -f tzfile.5 $(DESTDIR)$(MANDIR)/man5/. -- cp -f tzselect.8 zdump.8 zic.8 $(DESTDIR)$(MANDIR)/man8/. -+ cp -f $(TABDATA) '$(DESTDIR)$(TZDIR)/.' -+ cp tzselect zic zdump '$(DESTDIR)$(ETCDIR)/.' -+ cp libtz.a '$(DESTDIR)$(LIBDIR)/.' -+ $(RANLIB) '$(DESTDIR)$(LIBDIR)/libtz.a' -+ cp -f newctime.3 newtzset.3 '$(DESTDIR)$(MANDIR)/man3/.' -+ cp -f tzfile.5 '$(DESTDIR)$(MANDIR)/man5/.' -+ cp -f tzselect.8 zdump.8 zic.8 '$(DESTDIR)$(MANDIR)/man8/.' - - INSTALL: ALL install date.1 -- mkdir -p $(DESTDIR)$(BINDIR) $(DESTDIR)$(MANDIR)/man1 -- cp date $(DESTDIR)$(BINDIR)/. -- cp -f date.1 $(DESTDIR)$(MANDIR)/man1/. -+ mkdir -p '$(DESTDIR)$(BINDIR)' '$(DESTDIR)$(MANDIR)/man1' -+ cp date '$(DESTDIR)$(BINDIR)/.' -+ cp -f date.1 '$(DESTDIR)$(MANDIR)/man1/.' - - version: $(VERSION_DEPS) - { (type git) >/dev/null 2>&1 && \ - V=`git describe --match '[0-9][0-9][0-9][0-9][a-z]*' \ - --abbrev=7 --dirty` || \ -- V=$(VERSION); } && \ -+ V='$(VERSION)'; } && \ - printf '%s\n' "$$V" >$@.out - mv $@.out $@ - -@@ -529,12 +529,12 @@ leapseconds: $(LEAP_DEPS) - # Arguments to pass to submakes of install_data. - # They can be overridden by later submake arguments. - INSTALLARGS = \ -- BACKWARD=$(BACKWARD) \ -- DESTDIR=$(DESTDIR) \ -+ BACKWARD='$(BACKWARD)' \ -+ DESTDIR='$(DESTDIR)' \ - LEAPSECONDS='$(LEAPSECONDS)' \ - PACKRATDATA='$(PACKRATDATA)' \ -- TZDIR=$(TZDIR) \ -- YEARISTYPE=$(YEARISTYPE) \ -+ TZDIR='$(TZDIR)' \ -+ YEARISTYPE='$(YEARISTYPE)' \ - ZIC='$(ZIC)' - - # 'make install_data' installs one set of tz binary files. -@@ -558,16 +558,16 @@ right_only: - # You must replace all of $(TZDIR) to switch from not using leap seconds - # to using them, or vice versa. - right_posix: right_only -- rm -fr $(DESTDIR)$(TZDIR)-leaps -- ln -s $(TZDIR_BASENAME) $(DESTDIR)$(TZDIR)-leaps || \ -- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-leaps right_only -- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-posix posix_only -+ rm -fr '$(DESTDIR)$(TZDIR)-leaps' -+ ln -s '$(TZDIR_BASENAME)' '$(DESTDIR)$(TZDIR)-leaps' || \ -+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-leaps' right_only -+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-posix' posix_only - - posix_right: posix_only -- rm -fr $(DESTDIR)$(TZDIR)-posix -- ln -s $(TZDIR_BASENAME) $(DESTDIR)$(TZDIR)-posix || \ -- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-posix posix_only -- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-leaps right_only -+ rm -fr '$(DESTDIR)$(TZDIR)-posix' -+ ln -s '$(TZDIR_BASENAME)' '$(DESTDIR)$(TZDIR)-posix' || \ -+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-posix' posix_only -+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-leaps' right_only - - # This obsolescent rule is present for backwards compatibility with - # tz releases 2014g through 2015g. It should go away eventually. -@@ -764,7 +764,7 @@ set-timestamps.out: $(ENCHILADA) - - check_public: - $(MAKE) maintainer-clean -- $(MAKE) "CFLAGS=$(GCC_DEBUG_FLAGS)" ALL -+ $(MAKE) CFLAGS='$(GCC_DEBUG_FLAGS)' ALL - mkdir -p public.dir - for i in $(TDATA) tzdata.zi; do \ - $(zic) -v -d public.dir $$i 2>&1 || exit; \ -diff --git a/NEWS b/NEWS -index bd2bec2..75ab095 100644 ---- a/NEWS -+++ b/NEWS -@@ -1,5 +1,13 @@ - News for the tz database - -+Unreleased, experimental changes -+ -+ Changes to build procedure -+ -+ The Makefile now quotes values like BACKWARD more carefully when -+ passing them to the shell. (Problem reported by Zefram.) -+ -+ - Release 2017c - 2017-10-20 14:49:34 -0700 - - Briefly: --- -2.7.4 - diff --git a/meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch b/meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch deleted file mode 100644 index 87afe47694..0000000000 --- a/meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch +++ /dev/null @@ -1,115 +0,0 @@ -From e231da4fb2beb17c60b4b1a5c276366d6a6e433f Mon Sep 17 00:00:00 2001 -From: Paul Eggert <eggert@cs.ucla.edu> -Date: Mon, 23 Oct 2017 17:58:36 -0700 -Subject: [PATCH] Port zdump to C90 + snprintf -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Problem reported by Jon Skeet in: -https://mm.icann.org/pipermail/tz/2017-October/025362.html -* NEWS: Mention this. -* zdump.c (my_snprintf): New macro or function. If a macro, it is -just snprintf. If a function, it is the same as the old snprintf -static function, with an ATTRIBUTE_FORMAT to pacify modern GCC. -All uses of snprintf changed to use my_snprintf. This way, -installers don’t need to specify -DHAVE_SNPRINTF if they are using -a pre-C99 compiler with a library that has snprintf. - -Upstream-Status: Backport -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - NEWS | 4 ++++ - zdump.c | 29 ++++++++++++++++------------- - 2 files changed, 20 insertions(+), 13 deletions(-) - -diff --git a/NEWS b/NEWS -index 75ab095..dea08b8 100644 ---- a/NEWS -+++ b/NEWS -@@ -7,6 +7,10 @@ Unreleased, experimental changes - The Makefile now quotes values like BACKWARD more carefully when - passing them to the shell. (Problem reported by Zefram.) - -+ Builders no longer need to specify -DHAVE_SNPRINTF on platforms -+ that have snprintf and use pre-C99 compilers. (Problem reported -+ by Jon Skeet.) -+ - - Release 2017c - 2017-10-20 14:49:34 -0700 - -diff --git a/zdump.c b/zdump.c -index 8e3bf3e..d4e6084 100644 ---- a/zdump.c -+++ b/zdump.c -@@ -795,12 +795,14 @@ show(timezone_t tz, char *zone, time_t t, bool v) - abbrok(abbr(tmp), zone); - } - --#if !HAVE_SNPRINTF -+#if HAVE_SNPRINTF -+# define my_snprintf snprintf -+#else - # include <stdarg.h> - - /* A substitute for snprintf that is good enough for zdump. */ --static int --snprintf(char *s, size_t size, char const *format, ...) -+static int ATTRIBUTE_FORMAT((printf, 3, 4)) -+my_snprintf(char *s, size_t size, char const *format, ...) - { - int n; - va_list args; -@@ -839,10 +841,10 @@ format_local_time(char *buf, size_t size, struct tm const *tm) - { - int ss = tm->tm_sec, mm = tm->tm_min, hh = tm->tm_hour; - return (ss -- ? snprintf(buf, size, "%02d:%02d:%02d", hh, mm, ss) -+ ? my_snprintf(buf, size, "%02d:%02d:%02d", hh, mm, ss) - : mm -- ? snprintf(buf, size, "%02d:%02d", hh, mm) -- : snprintf(buf, size, "%02d", hh)); -+ ? my_snprintf(buf, size, "%02d:%02d", hh, mm) -+ : my_snprintf(buf, size, "%02d", hh)); - } - - /* Store into BUF, of size SIZE, a formatted UTC offset for the -@@ -877,10 +879,10 @@ format_utc_offset(char *buf, size_t size, struct tm const *tm, time_t t) - mm = off / 60 % 60; - hh = off / 60 / 60; - return (ss || 100 <= hh -- ? snprintf(buf, size, "%c%02ld%02d%02d", sign, hh, mm, ss) -+ ? my_snprintf(buf, size, "%c%02ld%02d%02d", sign, hh, mm, ss) - : mm -- ? snprintf(buf, size, "%c%02ld%02d", sign, hh, mm) -- : snprintf(buf, size, "%c%02ld", sign, hh)); -+ ? my_snprintf(buf, size, "%c%02ld%02d", sign, hh, mm) -+ : my_snprintf(buf, size, "%c%02ld", sign, hh)); - } - - /* Store into BUF (of size SIZE) a quoted string representation of P. -@@ -983,15 +985,16 @@ istrftime(char *buf, size_t size, char const *time_fmt, - for (abp = ab; is_alpha(*abp); abp++) - continue; - len = (!*abp && *ab -- ? snprintf(b, s, "%s", ab) -+ ? my_snprintf(b, s, "%s", ab) - : format_quoted_string(b, s, ab)); - if (s <= len) - return false; - b += len, s -= len; - } -- formatted_len = (tm->tm_isdst -- ? snprintf(b, s, &"\t\t%d"[show_abbr], tm->tm_isdst) -- : 0); -+ formatted_len -+ = (tm->tm_isdst -+ ? my_snprintf(b, s, &"\t\t%d"[show_abbr], tm->tm_isdst) -+ : 0); - } - break; - } --- -2.7.4 - diff --git a/meta/recipes-extended/tzcode/tzcode-native_2018c.bb b/meta/recipes-extended/tzcode/tzcode-native_2018f.bb index 85e9b70ace..816e34d00f 100644 --- a/meta/recipes-extended/tzcode/tzcode-native_2018c.bb +++ b/meta/recipes-extended/tzcode/tzcode-native_2018f.bb @@ -11,10 +11,10 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.md5sum] = "e6e0d4b2ce3fa6906f303157bed2612e" -SRC_URI[tzcode.sha256sum] = "31fa7fc0f94a6ff2d6bc878c0a35e8ab8b5aa0e8b01445a1d4a8f14777d0e665" -SRC_URI[tzdata.md5sum] = "c412b1531adef1be7a645ab734f86acc" -SRC_URI[tzdata.sha256sum] = "2825c3e4b7ef520f24d393bcc02942f9762ffd3e7fc9b23850789ed8f22933f6" +SRC_URI[tzdata.md5sum] = "e5e84f00f9d18bd6ebc8b1affec91b15" +SRC_URI[tzdata.sha256sum] = "0af6a85fc4ea95832f76524f35696a61abb3992fd3f8db33e5a1f95653e043f2" +SRC_URI[tzcode.md5sum] = "011d394b70e6ee3823fd77010b99737f" +SRC_URI[tzcode.sha256sum] = "4ec74f8a84372570135ea4be16a042442fafe100f5598cb1017bfd30af6aaa70" S = "${WORKDIR}" diff --git a/meta/recipes-extended/tzdata/tzdata_2018c.bb b/meta/recipes-extended/tzdata/tzdata_2018f.bb index ff5ec1cc43..b167540608 100644 --- a/meta/recipes-extended/tzdata/tzdata_2018c.bb +++ b/meta/recipes-extended/tzdata/tzdata_2018f.bb @@ -9,8 +9,8 @@ DEPENDS = "tzcode-native" SRC_URI = "http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata" UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzdata.md5sum] = "c412b1531adef1be7a645ab734f86acc" -SRC_URI[tzdata.sha256sum] = "2825c3e4b7ef520f24d393bcc02942f9762ffd3e7fc9b23850789ed8f22933f6" +SRC_URI[tzdata.md5sum] = "e5e84f00f9d18bd6ebc8b1affec91b15" +SRC_URI[tzdata.sha256sum] = "0af6a85fc4ea95832f76524f35696a61abb3992fd3f8db33e5a1f95653e043f2" inherit allarch @@ -171,7 +171,7 @@ FILES_${PN} += "${datadir}/zoneinfo/Pacific/Honolulu \ ${datadir}/zoneinfo/Asia/Dubai \ ${datadir}/zoneinfo/Asia/Karachi \ ${datadir}/zoneinfo/Asia/Dhaka \ - ${datadir}/zoneinfo/Asia/Bankok \ + ${datadir}/zoneinfo/Asia/Bangkok \ ${datadir}/zoneinfo/Asia/Hong_Kong \ ${datadir}/zoneinfo/Asia/Tokyo \ ${datadir}/zoneinfo/Australia/Darwin \ |