diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-11-04 21:55:29 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-11-04 21:56:09 +0300 |
commit | 64c979e88e6d0917b6fe45e52e381affec150afd (patch) | |
tree | a0e35da2075116b2d1d43813cc3f7f57f99d843a /poky/meta/recipes-extended | |
parent | 868407c65d79e82e83c37f7c32bef9a2e2bc4cd5 (diff) | |
download | openbmc-64c979e88e6d0917b6fe45e52e381affec150afd.tar.xz |
poky: subtree update:52a625582e..7035b4b21e
Adrian Bunk (9):
squashfs-tools: Upgrade to 4.4
screen: Upgrade 4.6.2 -> 4.7.0
stress-ng: Upgrade 0.10.00 -> 0.10.08
nspr: Upgrade 4.21 -> 4.23
gcc: Remove stale gcc 8 patchfile
gnu-efi: Upgrade 3.0.9 -> 3.0.10
python3-numpy: Stop shipping manual config files
coreutils: Move stdbuf into an own package coreutils-stdbuf
gnu-efi: Upgrade 3.0.10 -> 3.0.11
Alessio Igor Bogani (1):
systemtap: support usrmerge
Alexander Hirsch (1):
libksba: Fix license specification
Alexander Kanavin (6):
gcr: update to 3.34.0
btrfs-tools: update to 5.3
libmodulemd-v1: update to 1.8.16
selftest: skip virgl test on centos 7 entirely
nfs-utils: do not depend on bash unnecessarily
selftest: add a test for gpl3-free images
Alistair Francis (4):
opensbi: Bump from 0.4 to 0.5
u-boot: Bump from 2019.07 to 2019.10
qemuriscv64: Build smode U-Boot
libsdl2: Fix build failure when using mesa 19.2.1
Andreas Müller (4):
adwaita-icon-theme: upgrade 3.32.0 -> 3.34.0
gsettings-desktop-schemas: upgrade 3.32.0 -> 3.34.0
IMAGE_LINGUAS_COMPLEMENTARY: auto-add language packages other than locales
libical: add PACKAGECONFIG glib and enable it by default
André Draszik (10):
testimage.bbclass: support hardware-controlled targets
testimage.bbclass: enable ssh agent forwarding
oeqa/runtime/df: don't fail on long device names
oeqa/core/decorator: add skipIfFeature
oeqa/runtime/opkg: skip install on read-only-rootfs
oeqa/runtime/systemd: skip unit enable/disable on read-only-rootfs
ruby: update to v2.6.4
ruby: some ptest fixes
oeqa/runtime/context.py: ignore more files when loading controllers
connman: mark connman-wait-online as SYSTEMD_PACKAGE
Bruce Ashfield (6):
linux-yocto/4.19: update to v4.19.78
linux-yocto/5.2: update to v5.2.20
perf: fix v5.4+ builds
perf: create directories before copying single files
perf: add 'cap' PACKAGECONFIG
perf: drop 'include' copy
Carlos Rafael Giani (12):
gstreamer1.0: upgrade to version 1.16.1
gstreamer1.0-plugins-base: upgrade to version 1.16.1
gstreamer1.0-plugins-good: upgrade to version 1.16.1
gstreamer1.0-plugins-bad: upgrade to version 1.16.1
gstreamer1.0-plugins-ugly: upgrade to version 1.16.1
gstreamer1.0-libav: upgrade to version 1.16.1
gstreamer1.0-vaapi: upgrade to version 1.16.1
gstreamer1.0-omx: upgrade to version 1.16.1
gstreamer1.0-python: upgrade to version 1.16.1
gstreamer1.0-rtsp-server: upgrade to version 1.16.1
gst-validate: upgrade to version 1.16.1
gstreamer: Change SRC_URI to use HTTPS access instead of HTTP
Changqing Li (4):
qemu: Fix CVE-2019-12068
python: Fix CVE-2019-10160
sudo: fix CVE-2019-14287
mdadm: fix do_package failed when changed local.conf but not cleaned
Chee Yang Lee (2):
wic/help: change 'wic write' help description
wic/engine: use 'linux-swap' for swap file system
Chen Qi (3):
go: fix CVE-2019-16276
python3: fix CVE-2019-16935
python: fix CVE-2019-16935
Chris Laplante via bitbake-devel (2):
bitbake: bitbake: contrib/vim: initial commit, with unmodified code from indent/python.vim
bitbake: bitbake: contrib/vim: Modify Python indentation to work with 'python do_task {'
Christopher Larson (2):
bitbake: fetch2/git: fetch shallow revs when needed
bitbake: tests/fetch: add test for fetching shallow revs
Dan Callaghan (1):
elfutils: add PACKAGECONFIG for compression algorithms
Douglas Royds via Openembedded-core (1):
icecc: Export ICECC_CC and friends via wrapper-script
Eduardo Abinader (1):
devtool: add ssh key option to deploy-target param
Eugene Smirnov (1):
wic/rawcopy: Support files in sub-directories
Ferry Toth (1):
sudo: Fix fetching sources
Frazer Leslie Clews (2):
makedevs: fix format strings in makedevs.c in print statements
makedevs: fix invalidScanfFormatWidth to prevent overflowing usr_buf
George McCollister (1):
openssl: make OPENSSL_ENGINES match install path
Haiqing Bai (1):
unfs3: fixed the issue that unfsd consumes 100% CPU
He Zhe (1):
ltp: Fix overcommit_memory failure
Hongxu Jia (1):
openssh: fix CVE-2019-16905
Joe Slater (2):
libtiff: fix CVE-2019-17546
libxslt: fix CVE-2019-18197
Kai Kang (1):
bind: fix CVE-2019-6471 and CVE-2018-5743
Liwei Song (1):
util-linux: fix PKNAME name is NULL when use lsblk [LIN1019-2963]
Mattias Hansson (1):
base.bbclass: add dependency on pseudo from do_prepare_recipe_sysroot
Max Tomago (1):
python-native: Remove debug.patch
Maxime Roussin-Bélanger (2):
meta: update and add missing homepage/bugtracker links
meta: add missing description in recipes-gnome
Michael Ho (1):
cmake.bbclass: add HOSTTOOLS_DIR to CMAKE_FIND_ROOT_PATH
Mike Crowe (2):
kernel-fitimage: Cope with non-standard kernel deploy subdirectory
kernel-devicetree: Cope with non-standard kernel deploy subdirectory
Mikko Rapeli (1):
systemd.bbclass: enable all services specified in ${SYSTEMD_SERVICE}
Nicola Lunghi (1):
ofono: tidy up the recipe
Ola x Nilsson (10):
oeqa/selftest/recipetool: Use with to control file handle lifetime
oe.types.path: Use with to control file handle lifetime
lib/oe/packagedata: Use with to control file handle lifetime
lib/oe/package_manager: Use with to control file handle lifetime
report-error.bbclass: Use with to control file handle lifetime
package.bbclass: Use with to manage file handle lifetimes
devtool-source.bbclass: Use with to manage file handle lifetime
libc-package.bbclass: Use with to manage filehandle in do_spit_gconvs
bitbake: bitbake: prserv/serv: Use with while reading pidfile
bitbake: bitbake: ConfHandler: Use with to manage filehandle lifetime
Oleksandr Kravchuk (4):
ell: update to 0.23
ell: update to 0.25
ell: update to 0.26
ofono: update to 1.31
Ricardo Ribalda Delgado (1):
i2c-tools: Add missing RDEPEND
Richard Leitner (1):
kernel-fitimage: introduce FIT_SIGN_ALG
Richard Purdie (4):
tinderclient: Drop obsolete class
meson: Backport fix to assist meta-oe breakage
nfs-utils: Improve handling when no exported fileysystems
qemu: Avoid potential build configuration contamination
Robert Yang (1):
bluez5: Fix for --enable-btpclient
Ross Burton (29):
sanity: check the format of SDK_VENDOR
file: explicitly disable seccomp
python3: -dev should depend on distutils
gawk: add PACKAGECONFIG for readline
python3: alternative name is python3-config not python-config
python3: ensure that all forms of python3-config are in python3-dev
oeqa/selftest: use specialist assert* methods
bluez5: refresh upstreamed patches
xorgproto: fix summary
libx11: upgrade to 1.6.9
xorgproto: upgrade to 2019.2
llvm: add missing Upstream-Status tags
buildhistory-analysis: filter out -src changes by default
squashfs-tools: remove redundant source checksums
squashfs-tools: clean up compile/install tasks
wpa-supplicant: fix CVE-2019-16275
gcr: remove intltool-native
elfutils: disable bzip
cve-check: ensure all known CVEs are in the report
git: some tools are no longer perl, so move to main recipe
git: cleanup man install
qemu-helper-native: add missing option to getopt() call
qemu-helper-native: showing help shouldn't be an error
qemu-helper-native: pass compiler flags
oeqa/selftest: add test for oe-run-native
cve-check: failure to parse versions should be more visible
gst-examples: rename so PV is in filename
sanity: check for more bits of Python
recipeutils-test: use a small dependency in the dummy recipe
Sai Hari Chandana Kalluri (1):
devtool: Add --remove-work option for devtool reset command
Scott Rifenbark (9):
ref-manual: First pass of 2.8 migration changes (WIP)
poky.ent: Updated the release date to October 2019
dev-manual: Added info to "Selecting an Initialization Manager"
ref-manual: 2nd pass 3.0 migration
documenation: Changed "2.8" to "3.0".
ref-manual: Removed deprecated link to ref-classes-bluetooth
ref-manual, dev-manual: Clean up of a commit
ref-manual: Updated the BUSYBOX_SPLIT_SUID variable.
ref-manual, dev-manual: Added CMake toolchain files.
Stefan Agner (1):
uninative: check .done file instead of tarball
Tom Benn (1):
dbus: update dbus-1.init to reflect new PID file
Trevor Gamblin (5):
aspell: upgrade from 0.60.7 to 0.60.8
binutils: fix CVE-2019-17450
binutils: fix CVE-2019-17451
ncurses: fix CVE-2019-17594, CVE-2019-17595
libgcrypt: upgrade 1.8.4 -> 1.8.5
Trevor Woerner (1):
libcap-ng: undefined reference to `pthread_atfork'
Wenlin Kang (1):
sysstat: fix CVE-2019-16167
Yann Dirson (1):
mesa: fix meson configure fix when 'dri' is excluded from PACKAGECONFIG
Yeoh Ee Peng (1):
scripts/oe-pkgdata-util: Enable list-pkgs to print ordered packages
Yi Zhao (2):
libsdl2: fix CVE-2019-13616
libgcrypt: fix CVE-2019-12904
Zang Ruochen (6):
bison:upgrade 3.4.1 -> 3.4.2
e2fsprogs:upgrade 1.45.3 -> 1.45.4
libxvmc:upgrade 1.0.11 -> 1.0.12
python3-pip:upgrade 19.2.3 -> 19.3.1
python-setuptools:upgrade 41.2.0 -> 41.4.0
libcap-ng:upgrade 0.7.9 -> 0.7.10
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: I50bc42f74dffdc406ffc0dea034e41462fe6e06b
Diffstat (limited to 'poky/meta/recipes-extended')
17 files changed, 408 insertions, 543 deletions
diff --git a/poky/meta/recipes-extended/gawk/gawk_5.0.1.bb b/poky/meta/recipes-extended/gawk/gawk_5.0.1.bb index b3eb39e4e..eaba6c78e 100644 --- a/poky/meta/recipes-extended/gawk/gawk_5.0.1.bb +++ b/poky/meta/recipes-extended/gawk/gawk_5.0.1.bb @@ -11,8 +11,8 @@ SECTION = "console/utils" LICENSE = "GPLv3" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" -DEPENDS += "readline" - +PACKAGECONFIG ??= "readline" +PACKAGECONFIG[readline] = "--with-readline,--without-readline,readline" PACKAGECONFIG[mpfr] = "--with-mpfr,--without-mpfr, mpfr" SRC_URI = "${GNU_MIRROR}/gawk/gawk-${PV}.tar.gz \ diff --git a/poky/meta/recipes-extended/ltp/ltp/0001-overcommit_memory-update-for-mm-fix-false-positive-O.patch b/poky/meta/recipes-extended/ltp/ltp/0001-overcommit_memory-update-for-mm-fix-false-positive-O.patch new file mode 100644 index 000000000..bed84712a --- /dev/null +++ b/poky/meta/recipes-extended/ltp/ltp/0001-overcommit_memory-update-for-mm-fix-false-positive-O.patch @@ -0,0 +1,57 @@ +From d656a447893dccc310c975a239f482278550c3e0 Mon Sep 17 00:00:00 2001 +From: Jan Stancek <jstancek@redhat.com> +Date: Tue, 21 May 2019 10:10:44 +0200 +Subject: [PATCH] overcommit_memory: update for "mm: fix false-positive + OVERCOMMIT_GUESS failures" + +commit 8c7829b04c52 ("mm: fix false-positive OVERCOMMIT_GUESS failures") +changes logic of __vm_enough_memory(), simplifying it to: + When in GUESS mode, catch wild allocations by comparing their request + size to total amount of ram and swap in the system. + +Testcase currently allocates mem_total + swap_total, which doesn't trigger +new condition. Make it more extreme, but assuming free_total / 2 will PASS, +and 2*sum_total will FAIL. + +Signed-off-by: Jan Stancek <jstancek@redhat.com> +Acked-by: Cyril Hrubis <chrubis@suse.cz> + +Upstream-Status: Backport [https://github.com/linux-test-project/ltp/commit/d656a447893dccc310c975a239f482278550c3e0] +Signed-off-by: He Zhe <zhe.he@windriver.com> +--- + testcases/kernel/mem/tunable/overcommit_memory.c | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +diff --git a/testcases/kernel/mem/tunable/overcommit_memory.c b/testcases/kernel/mem/tunable/overcommit_memory.c +index 555298f..345764d 100644 +--- a/testcases/kernel/mem/tunable/overcommit_memory.c ++++ b/testcases/kernel/mem/tunable/overcommit_memory.c +@@ -36,11 +36,10 @@ + * + * The program is designed to test the two tunables: + * +- * When overcommit_memory = 0, allocatable memory can't overextends +- * the amount of free memory. I choose the three cases: ++ * When overcommit_memory = 0, allocatable memory can't overextend ++ * the amount of total memory: + * a. less than free_total: free_total / 2, alloc should pass. +- * b. greater than free_total: free_total * 2, alloc should fail. +- * c. equal to sum_total: sum_tatal, alloc should fail ++ * b. greater than sum_total: sum_total * 2, alloc should fail. + * + * When overcommit_memory = 1, it can alloc enough much memory, I + * choose the three cases: +@@ -164,9 +163,7 @@ static void overcommit_memory_test(void) + + update_mem(); + alloc_and_check(free_total / 2, EXPECT_PASS); +- update_mem(); +- alloc_and_check(free_total * 2, EXPECT_FAIL); +- alloc_and_check(sum_total, EXPECT_FAIL); ++ alloc_and_check(sum_total * 2, EXPECT_FAIL); + + /* start to test overcommit_memory=1 */ + set_sys_tune("overcommit_memory", 1, 1); +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/ltp/ltp_20190517.bb b/poky/meta/recipes-extended/ltp/ltp_20190517.bb index 465071560..5915b1c72 100644 --- a/poky/meta/recipes-extended/ltp/ltp_20190517.bb +++ b/poky/meta/recipes-extended/ltp/ltp_20190517.bb @@ -49,6 +49,7 @@ SRC_URI = "git://github.com/linux-test-project/ltp.git \ file://0001-testcases-use-python3-everywhere-to-run-python-scrip.patch \ file://0001-syscall-rt_sigtimedwait01-Fix-wrong-sigset-length-fo.patch \ file://0001-cve-2017-17052-Avoid-unsafe-exits-in-threads.patch \ + file://0001-overcommit_memory-update-for-mm-fix-false-positive-O.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb b/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb index 639382e13..64f519e75 100644 --- a/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb +++ b/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb @@ -43,13 +43,12 @@ CFLAGS_append_powerpc64 = ' -D__SANE_USERSPACE_TYPES__' CFLAGS_append_mipsarchn64 = ' -D__SANE_USERSPACE_TYPES__' CFLAGS_append_mipsarchn32 = ' -D__SANE_USERSPACE_TYPES__' -EXTRA_OEMAKE = 'CHECK_RUN_DIR=0 CXFLAGS="${CFLAGS}"' +EXTRA_OEMAKE = 'CHECK_RUN_DIR=0 CXFLAGS="${CFLAGS}" SYSTEMD_DIR=${systemd_unitdir}/system \ + BINDIR="${base_sbindir}" UDEVDIR="${nonarch_base_libdir}/udev"' DEBUG_OPTIMIZATION_append = " -Wno-error" do_compile() { - # Point to right sbindir - sed -i -e "s;BINDIR = /sbin;BINDIR = $base_sbindir;" -e "s;UDEVDIR = /lib;UDEVDIR = $nonarch_base_libdir;" -e "s;SYSTEMD_DIR=/lib/systemd/system;SYSTEMD_DIR=${systemd_unitdir}/system;" ${S}/Makefile oe_runmake SYSROOT="${STAGING_DIR_TARGET}" } diff --git a/poky/meta/recipes-extended/screen/screen/0001-configure.ac-fix-configure-failed-while-build-dir-ha.patch b/poky/meta/recipes-extended/screen/screen/0001-configure.ac-fix-configure-failed-while-build-dir-ha.patch deleted file mode 100644 index 1274b2794..000000000 --- a/poky/meta/recipes-extended/screen/screen/0001-configure.ac-fix-configure-failed-while-build-dir-ha.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 4b258c5a9078f8df60684ab7536ce3a8ff207e08 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Thu, 12 Oct 2017 10:03:57 +0000 -Subject: [PATCH] configure.ac: fix configure failed while build dir contains "yes" - -While the name of build dir contains "yes", the AC_EGREP_CPP -test always return true. - -We rarely use "yes;" to name build dir, so s/yes/yes;/g -could fix the issue - -Upstream-Status: Accepted -https://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4&id=8c2b4061d16756ee2ed37f08db063b8215656943 - -Signed-off-by: Jian Kang <jian.kang@windriver.com> ---- - configure.ac | 20 ++++++++++---------- - 1 file changed, 10 insertions(+), 10 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 12996cd..4765af6 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -128,7 +128,7 @@ fi - - - AC_CHECKING(for Ultrix) --AC_EGREP_CPP(yes, -+AC_EGREP_CPP(yes;, - [#if defined(ultrix) || defined(__ultrix) - yes; - #endif -@@ -145,7 +145,7 @@ dnl ghazi@caip.rutgers.edu (Kaveh R. Ghazi): - dnl BBN butterfly is not POSIX, but a MACH BSD system. - dnl Do not define POSIX and TERMIO. - AC_CHECKING(for butterfly) --AC_EGREP_CPP(yes, -+AC_EGREP_CPP(yes;, - [#if defined(butterfly) - yes; - #endif -@@ -156,7 +156,7 @@ if test -n "$ULTRIX"; then - test -z "$GCC" && CC="$CC -YBSD" - fi - AC_CHECKING(for POSIX.1) --AC_EGREP_CPP(yes, -+AC_EGREP_CPP(yes;, - [#include <sys/types.h> - #include <unistd.h> - main () { -@@ -173,14 +173,14 @@ AC_TRY_COMPILE( - #include <fcntl.h>], [int x = SIGCHLD | FNDELAY;], , AC_DEFINE(SYSV)) - - AC_CHECKING(for sequent/ptx) --AC_EGREP_CPP(yes, -+AC_EGREP_CPP(yes;, - [#ifdef _SEQUENT_ - yes; - #endif - ], LIBS="$LIBS -lsocket -linet";seqptx=1) - - AC_CHECKING(SVR4) --AC_EGREP_CPP(yes, -+AC_EGREP_CPP(yes;, - [main () { - #if defined(SVR4) || defined(__SVR4) - yes; -@@ -200,9 +200,9 @@ fi - AC_CHECK_HEADERS([stropts.h string.h strings.h]) - - AC_CHECKING(for Solaris 2.x) --AC_EGREP_CPP(yes, -+AC_EGREP_CPP(yes;, - [#if defined(SVR4) && defined(sun) -- yes -+ yes; - #endif - ], LIBS="$LIBS -lsocket -lnsl -lkstat") - -@@ -697,7 +697,7 @@ else - pdir='/dev' - fi - dnl SCO uses ptyp%d --AC_EGREP_CPP(yes, -+AC_EGREP_CPP(yes;, - [#ifdef M_UNIX - yes; - #endif -@@ -880,7 +880,7 @@ fi - ) - - if test -z "$load" ; then --AC_EGREP_CPP(yes, -+AC_EGREP_CPP(yes;, - [#if defined(NeXT) || defined(apollo) || defined(linux) - yes; - #endif -@@ -1112,7 +1112,7 @@ AC_CHECKING(syslog in libbsd.a) - AC_TRY_LINK(, [closelog();], AC_NOTE(- found.), [LIBS="$oldlibs" - AC_NOTE(- bad news: syslog missing.) AC_DEFINE(NOSYSLOG)])]) - --AC_EGREP_CPP(yes, -+AC_EGREP_CPP(yes;, - [#ifdef M_UNIX - yes; - #endif --- -2.13.3 - diff --git a/poky/meta/recipes-extended/screen/screen/Avoid-mis-identifying-systems-as-SVR4.patch b/poky/meta/recipes-extended/screen/screen/Avoid-mis-identifying-systems-as-SVR4.patch deleted file mode 100644 index e184aa1f3..000000000 --- a/poky/meta/recipes-extended/screen/screen/Avoid-mis-identifying-systems-as-SVR4.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 79afb676904653403145fda9e1a6a9d3ea1cb22a Mon Sep 17 00:00:00 2001 -From: Jussi Kukkonen <jussi.kukkonen@intel.com> -Date: Fri, 7 Aug 2015 11:10:32 +0300 -Subject: [PATCH 4/4] Avoid mis-identifying systems as SVR4 - -Linux can be misdetected as SVR4 because it has -libelf installed. This leads to linking with libelf, even though no -symbols from that library were actually used, and to a workaround for -a buggy getlogin() being enabled. - -It is not documented which exact SVR4 system had the bug that the -workaround was added for, so all I could do is make an educated guess -at the #defines its compiler would be likely to set. - -Modified from patch by Maarten ter Huurne. - -Upstream-Status: Submitted [http://savannah.gnu.org/bugs/?43223] - -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> ---- - configure.ac | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index dc928ae..65439ce 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -179,14 +179,24 @@ AC_EGREP_CPP(yes, - #endif - ], LIBS="$LIBS -lsocket -linet";seqptx=1) - -+AC_CHECKING(SVR4) -+AC_EGREP_CPP(yes, -+[main () { -+#if defined(SVR4) || defined(__SVR4) -+ yes; -+#endif -+], AC_NOTE(- you have a SVR4 system) AC_DEFINE(SVR4) svr4=1) -+if test -n "$svr4" ; then - oldlibs="$LIBS" - LIBS="$LIBS -lelf" - AC_CHECKING(SVR4) - AC_TRY_LINK([#include <utmpx.h> - ],, --[AC_CHECK_HEADER(dwarf.h, AC_DEFINE(SVR4) AC_DEFINE(BUGGYGETLOGIN), --[AC_CHECK_HEADER(elf.h, AC_DEFINE(SVR4) AC_DEFINE(BUGGYGETLOGIN))])] -+[AC_CHECK_HEADER(dwarf.h, AC_DEFINE(BUGGYGETLOGIN), -+[AC_CHECK_HEADER(elf.h, AC_DEFINE(BUGGYGETLOGIN))])] - ,LIBS="$oldlibs") -+fi -+ - AC_CHECK_HEADERS([stropts.h string.h strings.h]) - - AC_CHECKING(for Solaris 2.x) --- -2.1.4 - diff --git a/poky/meta/recipes-extended/screen/screen/Provide-cross-compile-alternatives-for-AC_TRY_RUN.patch b/poky/meta/recipes-extended/screen/screen/Provide-cross-compile-alternatives-for-AC_TRY_RUN.patch deleted file mode 100644 index 248bf087e..000000000 --- a/poky/meta/recipes-extended/screen/screen/Provide-cross-compile-alternatives-for-AC_TRY_RUN.patch +++ /dev/null @@ -1,137 +0,0 @@ -From cd0f7f10a3fffbc60fe55eb200474d13fe1da65b Mon Sep 17 00:00:00 2001 -From: Jussi Kukkonen <jussi.kukkonen@intel.com> -Date: Fri, 7 Aug 2015 10:34:29 +0300 -Subject: [PATCH 2/4] Provide cross compile alternatives for AC_TRY_RUN - -Modified from patch by Maarten ter Huurne. - -Upstream-Status: Submitted [http://savannah.gnu.org/bugs/?43223] - -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> ---- - configure.ac | 32 ++++++++++++++++++++------------ - 1 file changed, 20 insertions(+), 12 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 27690a6..ce89f56 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -348,7 +348,8 @@ main() - exit(0); - } - ], AC_NOTE(- your fifos are usable) fifo=1, --AC_NOTE(- your fifos are not usable)) -+AC_NOTE(- your fifos are not usable), -+AC_NOTE(- skipping check because we are cross compiling; assuming fifos are usable) fifo=1) - rm -f /tmp/conftest* - - if test -n "$fifo"; then -@@ -396,7 +397,8 @@ main() - exit(0); - } - ], AC_NOTE(- your implementation is ok), --AC_NOTE(- you have a broken implementation) AC_DEFINE(BROKEN_PIPE) fifobr=1) -+AC_NOTE(- you have a broken implementation) AC_DEFINE(BROKEN_PIPE) fifobr=1, -+AC_NOTE(- skipping check because we are cross compiling; assuming fifo implementation is ok)) - rm -f /tmp/conftest* - fi - -@@ -458,7 +460,8 @@ main() - exit(0); - } - ], AC_NOTE(- your sockets are usable) sock=1, --AC_NOTE(- your sockets are not usable)) -+AC_NOTE(- your sockets are not usable), -+AC_NOTE(- skipping check because we are cross compiling; assuming sockets are usable) sock=1) - rm -f /tmp/conftest* - - if test -n "$sock"; then -@@ -497,7 +500,8 @@ main() - } - ],AC_NOTE(- you are normal), - AC_NOTE(- unix domain sockets are not kept in the filesystem) --AC_DEFINE(SOCK_NOT_IN_FS) socknofs=1) -+AC_DEFINE(SOCK_NOT_IN_FS) socknofs=1, -+AC_NOTE(- skipping check because we are cross compiling; assuming sockets are normal)) - rm -f /tmp/conftest* - fi - -@@ -624,7 +628,8 @@ main() - exit(0); - } - ],AC_NOTE(- select is ok), --AC_NOTE(- select can't count) AC_DEFINE(SELECT_BROKEN)) -+AC_NOTE(- select can't count) AC_DEFINE(SELECT_BROKEN), -+AC_NOTE(- skipping check because we are cross compiling; assuming select is ok)) - - dnl - dnl **** termcap or terminfo **** -@@ -666,7 +671,8 @@ main() - { - exit(strcmp(tgoto("%p1%d", 0, 1), "1") ? 0 : 1); - }], AC_NOTE(- you use the termcap database), --AC_NOTE(- you use the terminfo database) AC_DEFINE(TERMINFO)) -+AC_NOTE(- you use the terminfo database) AC_DEFINE(TERMINFO), -+AC_NOTE(- skipping check because we are cross compiling; assuming terminfo database is used) AC_DEFINE(TERMINFO)) - AC_CHECKING(ospeed) - AC_TRY_LINK(extern short ospeed;,ospeed=5;,,AC_DEFINE(NEED_OSPEED)) - -@@ -801,7 +807,8 @@ main() - else - AC_NOTE(- can't determine - assume ptys are world accessable) - fi -- ] -+ ], -+ AC_NOTE(- skipping check because we are cross compiling; assuming ptys are world accessable) - ) - rm -f conftest_grp - fi -@@ -885,7 +892,7 @@ AC_EGREP_CPP(yes, - #endif - ], load=1) - fi --if test -z "$load" ; then -+if test -z "$load" && test "$cross_compiling" = no ; then - AC_CHECKING(for kernelfile) - for core in /unix /vmunix /dynix /hp-ux /xelos /dev/ksyms /kernel/unix /kernel/genunix /unicos /mach /netbsd /386bsd /dgux /bsd /stand/vmunix; do - if test -f $core || test -c $core; then -@@ -1078,7 +1085,7 @@ main() - #endif - exit(0); - } --],,AC_DEFINE(SYSVSIGS)) -+],,AC_DEFINE(SYSVSIGS),:) - - fi - -@@ -1158,7 +1165,7 @@ main() { - if (strncmp(buf, "cdedef", 6)) - exit(1); - exit(0); /* libc version works properly. */ --}], AC_DEFINE(USEBCOPY)) -+}], AC_DEFINE(USEBCOPY),,:) - - AC_TRY_RUN([ - #define bcopy(s,d,l) memmove(d,s,l) -@@ -1173,7 +1180,8 @@ main() { - if (strncmp(buf, "cdedef", 6)) - exit(1); - exit(0); /* libc version works properly. */ --}], AC_DEFINE(USEMEMMOVE)) -+}], AC_DEFINE(USEMEMMOVE),, -+ AC_NOTE(- skipping check because we are cross compiling; use memmove) AC_DEFINE(USEMEMMOVE)) - - - AC_TRY_RUN([ -@@ -1189,7 +1197,7 @@ main() { - if (strncmp(buf, "cdedef", 6)) - exit(1); - exit(0); /* libc version works properly. */ --}], AC_DEFINE(USEMEMCPY)) -+}], AC_DEFINE(USEMEMCPY),,:) - - AC_SYS_LONG_FILE_NAMES - --- -2.1.4 - diff --git a/poky/meta/recipes-extended/screen/screen/Remove-redundant-compiler-sanity-checks.patch b/poky/meta/recipes-extended/screen/screen/Remove-redundant-compiler-sanity-checks.patch deleted file mode 100644 index cc62c12e0..000000000 --- a/poky/meta/recipes-extended/screen/screen/Remove-redundant-compiler-sanity-checks.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 73b726c25f94c1b15514ed9249b927afdfbbfb94 Mon Sep 17 00:00:00 2001 -From: Jussi Kukkonen <jussi.kukkonen@intel.com> -Date: Fri, 7 Aug 2015 10:30:40 +0300 -Subject: [PATCH 1/4] Remove redundant compiler sanity checks - -AC_PROG_CC already performs sanity checks. And unlike the removed -checks, it does so in a way that supports cross compilation. - -Modified from patch by Maarten ter Huurne. - -Upstream-Status: Submitted [http://savannah.gnu.org/bugs/?43223] - -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> ---- - configure.ac | 27 --------------------------- - 1 file changed, 27 deletions(-) - -diff --git a/configure.ac b/configure.ac -index ffe2e37..27690a6 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -48,31 +48,6 @@ AC_PROG_GCC_TRADITIONAL - AC_ISC_POSIX - AC_USE_SYSTEM_EXTENSIONS - --AC_TRY_RUN(main(){exit(0);},,[ --if test $CC != cc ; then --AC_NOTE(Your $CC failed - restarting with CC=cc) --AC_NOTE() --CC=cc --export CC --exec $0 $configure_args --fi --]) -- --AC_TRY_RUN(main(){exit(0);},, --exec 5>&2 --eval $ac_link --AC_NOTE(CC=$CC; CFLAGS=$CFLAGS; LIBS=$LIBS;) --AC_NOTE($ac_compile) --AC_MSG_ERROR(Can't run the compiler - sorry)) -- --AC_TRY_RUN([ --main() --{ -- int __something_strange_(); -- __something_strange_(0); --} --],AC_MSG_ERROR(Your compiler does not set the exit status - sorry)) -- - AC_PROG_AWK - - AC_PROG_INSTALL -@@ -1300,8 +1275,6 @@ fi - dnl Ptx bug workaround -- insert -lc after -ltermcap - test -n "$seqptx" && LIBS="-ltermcap -lc -lsocket -linet -lnsl -lsec -lseq" - --AC_TRY_RUN(main(){exit(0);},,AC_MSG_ERROR(Can't run the compiler - internal error. Sorry.)) -- - ETCSCREENRC= - AC_MSG_CHECKING(for the global screenrc file) - AC_ARG_WITH(sys-screenrc, [ --with-sys-screenrc=path to the global screenrc file], [ ETCSCREENRC="${withval}" ]) --- -2.1.4 - diff --git a/poky/meta/recipes-extended/screen/screen/Skip-host-file-system-checks-when-cross-compiling.patch b/poky/meta/recipes-extended/screen/screen/Skip-host-file-system-checks-when-cross-compiling.patch deleted file mode 100644 index d7e55a445..000000000 --- a/poky/meta/recipes-extended/screen/screen/Skip-host-file-system-checks-when-cross-compiling.patch +++ /dev/null @@ -1,135 +0,0 @@ -From d0b20e4cacc60ad62a2150ce07388cb5a25c2040 Mon Sep 17 00:00:00 2001 -From: Jussi Kukkonen <jussi.kukkonen@intel.com> -Date: Fri, 7 Aug 2015 11:09:01 +0300 -Subject: [PATCH 3/4] Skip host file system checks when cross-compiling - -Modified from patch by Maarten ter Huurne. - -Upstream-Status: Submitted [http://savannah.gnu.org/bugs/?43223] - -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> ---- - configure.ac | 23 +++++++++++++++++++---- - 1 file changed, 19 insertions(+), 4 deletions(-) - -diff --git a/configure.ac b/configure.ac -index ce89f56..dc928ae 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -85,7 +85,7 @@ AC_ARG_ENABLE(socket-dir, - dnl - dnl **** special unix variants **** - dnl --if test -n "$ISC"; then -+if test "$cross_compiling" = no && test -n "$ISC" ; then - AC_DEFINE(ISC) LIBS="$LIBS -linet" - fi - -@@ -96,10 +96,11 @@ dnl AC_DEFINE(OSF1) # this disables MIPS again.... - dnl fi - dnl fi - --if test -f /sysV68 ; then -+if test "$cross_compiling" = no && test -f /sysV68 ; then - AC_DEFINE(sysV68) - fi - -+if test "$cross_compiling" = no ; then - AC_CHECKING(for MIPS) - if test -f /lib/libmld.a || test -f /usr/lib/libmld.a || test -f /usr/lib/cmplrs/cc/libmld.a; then - oldlibs="$LIBS" -@@ -123,6 +124,7 @@ AC_DEFINE(USE_WAIT2) LIBS="$LIBS -lbsd" ; CC="$CC -I/usr/include/bsd" - )) - fi - fi -+fi - - - AC_CHECKING(for Ultrix) -@@ -132,7 +134,7 @@ AC_EGREP_CPP(yes, - #endif - ], ULTRIX=1) - --if test -f /usr/lib/libpyr.a ; then -+if test "$cross_compiling" = no && test -f /usr/lib/libpyr.a ; then - oldlibs="$LIBS" - LIBS="$LIBS -lpyr" - AC_CHECKING(Pyramid OSX) -@@ -679,17 +681,21 @@ AC_TRY_LINK(extern short ospeed;,ospeed=5;,,AC_DEFINE(NEED_OSPEED)) - dnl - dnl **** PTY specific things **** - dnl -+if test "$cross_compiling" = no ; then - AC_CHECKING(for /dev/ptc) - if test -r /dev/ptc; then - AC_DEFINE(HAVE_DEV_PTC) - fi -+fi - -+if test "$cross_compiling" = no ; then - AC_CHECKING(for SVR4 ptys) - sysvr4ptys= - if test -c /dev/ptmx ; then - AC_TRY_LINK([],[ptsname(0);grantpt(0);unlockpt(0);],[AC_DEFINE(HAVE_SVR4_PTYS) - sysvr4ptys=1]) - fi -+fi - - AC_CHECK_FUNCS(getpt) - -@@ -699,6 +705,7 @@ AC_CHECK_FUNCS(openpty,, - [AC_CHECK_LIB(util,openpty, [AC_DEFINE(HAVE_OPENPTY)] [LIBS="$LIBS -lutil"])]) - fi - -+if test "$cross_compiling" = no ; then - AC_CHECKING(for ptyranges) - if test -d /dev/ptym ; then - pdir='/dev/ptym' -@@ -722,6 +729,7 @@ p1=`echo $ptys | tr ' ' '\012' | sed -e 's/^.*\(.\)$/\1/g' | sort -u | tr -d '\ - AC_DEFINE_UNQUOTED(PTYRANGE0,"$p0") - AC_DEFINE_UNQUOTED(PTYRANGE1,"$p1") - fi -+fi - - dnl **** pty mode/group handling **** - dnl -@@ -869,14 +877,16 @@ fi - dnl - dnl **** loadav **** - dnl -+if test "$cross_compiling" = no ; then - AC_CHECKING(for libutil(s)) - test -f /usr/lib/libutils.a && LIBS="$LIBS -lutils" - test -f /usr/lib/libutil.a && LIBS="$LIBS -lutil" -+fi - - AC_CHECKING(getloadavg) - AC_TRY_LINK(,[getloadavg((double *)0, 0);], - AC_DEFINE(LOADAV_GETLOADAVG) load=1, --if test -f /usr/lib/libkvm.a ; then -+if test "$cross_compiling" = no && test -f /usr/lib/libkvm.a ; then - olibs="$LIBS" - LIBS="$LIBS -lkvm" - AC_CHECKING(getloadavg with -lkvm) -@@ -1094,13 +1104,18 @@ dnl **** libraries **** - dnl - - AC_CHECKING(for crypt and sec libraries) -+if test "$cross_compiling" = no ; then - test -f /lib/libcrypt_d.a || test -f /usr/lib/libcrypt_d.a && LIBS="$LIBS -lcrypt_d" -+fi - oldlibs="$LIBS" - LIBS="$LIBS -lcrypt" - AC_CHECKING(crypt) - AC_TRY_LINK(,,,LIBS="$oldlibs") -+if test "$cross_compiling" = no ; then - test -f /lib/libsec.a || test -f /usr/lib/libsec.a && LIBS="$LIBS -lsec" - test -f /lib/libshadow.a || test -f /usr/lib/libshadow.a && LIBS="$LIBS -lshadow" -+fi -+ - oldlibs="$LIBS" - LIBS="$LIBS -lsun" - AC_CHECKING(IRIX sun library) --- -2.1.4 - diff --git a/poky/meta/recipes-extended/screen/screen_4.6.2.bb b/poky/meta/recipes-extended/screen/screen_4.7.0.bb index 21b476ddb..67aa5f1fc 100644 --- a/poky/meta/recipes-extended/screen/screen_4.6.2.bb +++ b/poky/meta/recipes-extended/screen/screen_4.7.0.bb @@ -17,18 +17,13 @@ RDEPENDS_${PN} = "base-files" SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'file://screen.pam', '', d)} \ - file://Remove-redundant-compiler-sanity-checks.patch \ - file://Provide-cross-compile-alternatives-for-AC_TRY_RUN.patch \ - file://Skip-host-file-system-checks-when-cross-compiling.patch \ - file://Avoid-mis-identifying-systems-as-SVR4.patch \ file://0002-comm.h-now-depends-on-term.h.patch \ file://0001-fix-for-multijob-build.patch \ - file://0001-configure.ac-fix-configure-failed-while-build-dir-ha.patch \ file://0001-Remove-more-compatibility-stuff.patch \ " -SRC_URI[md5sum] = "a0f529d3333b128dfaa324d978ba73a8" -SRC_URI[sha256sum] = "1b6922520e6a0ce5e28768d620b0f640a6631397f95ccb043b70b91bb503fa3a" +SRC_URI[md5sum] = "b8971ebd68d046f2814d1040cb8e6641" +SRC_URI[sha256sum] = "da775328fa783bd2a787d722014dbd99c6093effc11f337827604c2efc5d20c1" inherit autotools texinfo diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng/0001-bash-completion-remove-the-shebang-at-the-start.patch b/poky/meta/recipes-extended/stress-ng/stress-ng/0001-bash-completion-remove-the-shebang-at-the-start.patch deleted file mode 100644 index 66d99dd88..000000000 --- a/poky/meta/recipes-extended/stress-ng/stress-ng/0001-bash-completion-remove-the-shebang-at-the-start.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 042147675c7c2ea7dd65b2597f2e350376a710aa Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Tue, 6 Aug 2019 17:28:56 +0200 -Subject: [PATCH] bash-completion: remove the shebang at the start - -bash completion files do not need to specify that. - -Upstream-Status: Pending -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - bash-completion/stress-ng | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/bash-completion/stress-ng b/bash-completion/stress-ng -index 8b1421c..7f195be 100755 ---- a/bash-completion/stress-ng -+++ b/bash-completion/stress-ng -@@ -1,5 +1,3 @@ --#!/bin/bash --# - # stress-ng tab completion for bash. - # - # Copyright (C) 2019 Canonical diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng_0.10.00.bb b/poky/meta/recipes-extended/stress-ng/stress-ng_0.10.08.bb index 7d194b305..470f42295 100644 --- a/poky/meta/recipes-extended/stress-ng/stress-ng_0.10.00.bb +++ b/poky/meta/recipes-extended/stress-ng/stress-ng_0.10.08.bb @@ -7,10 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRC_URI = "https://kernel.ubuntu.com/~cking/tarballs/${BPN}/${BP}.tar.xz \ file://0001-Do-not-preserve-ownership-when-installing-example-jo.patch \ - file://0001-bash-completion-remove-the-shebang-at-the-start.patch \ " -SRC_URI[md5sum] = "46aa41d37690324ceab4febfcc549018" -SRC_URI[sha256sum] = "d09dd2a1aea549e478995bf9be90b38906a4cdf33ea7b245ef9d46aa5213c074" +SRC_URI[md5sum] = "e02acd0bc00d3c6a81412537393c2436" +SRC_URI[sha256sum] = "4addeaabcfcb709581cbc4c61182317b8d91bcf31f529bfa899d170facfd75ce" DEPENDS = "coreutils-native" diff --git a/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch b/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch new file mode 100644 index 000000000..2a11e3f7e --- /dev/null +++ b/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch @@ -0,0 +1,178 @@ +From f752ae5cee163253730ff7cdf293e34a91aa5520 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" <Todd.Miller@sudo.ws> +Date: Thu, 10 Oct 2019 10:04:13 -0600 +Subject: [PATCH] Treat an ID of -1 as invalid since that means "no change". + Fixes CVE-2019-14287. Found by Joe Vennix from Apple Information Security. + +Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/f752ae5cee163253730ff7cdf293e34a91aa5520] +CVE: CVE-2019-14287 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +--- + lib/util/strtoid.c | 100 ++++++++++++++++++++++++++++------------------------- + 1 files changed, 53 insertions(+), 46 deletions(-) + +diff --git a/lib/util/strtoid.c b/lib/util/strtoid.c +index 2dfce75..6b3916b 100644 +--- a/lib/util/strtoid.c ++++ b/lib/util/strtoid.c +@@ -49,6 +49,27 @@ + #include "sudo_util.h" + + /* ++ * Make sure that the ID ends with a valid separator char. ++ */ ++static bool ++valid_separator(const char *p, const char *ep, const char *sep) ++{ ++ bool valid = false; ++ debug_decl(valid_separator, SUDO_DEBUG_UTIL) ++ ++ if (ep != p) { ++ /* check for valid separator (including '\0') */ ++ if (sep == NULL) ++ sep = ""; ++ do { ++ if (*ep == *sep) ++ valid = true; ++ } while (*sep++ != '\0'); ++ } ++ debug_return_bool(valid); ++} ++ ++/* + * Parse a uid/gid in string form. + * If sep is non-NULL, it contains valid separator characters (e.g. comma, space) + * If endp is non-NULL it is set to the next char after the ID. +@@ -62,36 +83,33 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr + char *ep; + id_t ret = 0; + long long llval; +- bool valid = false; + debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL) + + /* skip leading space so we can pick up the sign, if any */ + while (isspace((unsigned char)*p)) + p++; +- if (sep == NULL) +- sep = ""; ++ ++ /* While id_t may be 64-bit signed, uid_t and gid_t are 32-bit unsigned. */ + errno = 0; + llval = strtoll(p, &ep, 10); +- if (ep != p) { +- /* check for valid separator (including '\0') */ +- do { +- if (*ep == *sep) +- valid = true; +- } while (*sep++ != '\0'); ++ if ((errno == ERANGE && llval == LLONG_MAX) || llval > (id_t)UINT_MAX) { ++ errno = ERANGE; ++ if (errstr != NULL) ++ *errstr = N_("value too large"); ++ goto done; + } +- if (!valid) { ++ if ((errno == ERANGE && llval == LLONG_MIN) || llval < INT_MIN) { ++ errno = ERANGE; + if (errstr != NULL) +- *errstr = N_("invalid value"); +- errno = EINVAL; ++ *errstr = N_("value too small"); + goto done; + } +- if (errno == ERANGE) { +- if (errstr != NULL) { +- if (llval == LLONG_MAX) +- *errstr = N_("value too large"); +- else +- *errstr = N_("value too small"); +- } ++ ++ /* Disallow id -1, which means "no change". */ ++ if (!valid_separator(p, ep, sep) || llval == -1 || llval == (id_t)UINT_MAX) { ++ if (errstr != NULL) ++ *errstr = N_("invalid value"); ++ errno = EINVAL; + goto done; + } + ret = (id_t)llval; +@@ -108,30 +126,15 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr + { + char *ep; + id_t ret = 0; +- bool valid = false; + debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL) + + /* skip leading space so we can pick up the sign, if any */ + while (isspace((unsigned char)*p)) + p++; +- if (sep == NULL) +- sep = ""; ++ + errno = 0; + if (*p == '-') { + long lval = strtol(p, &ep, 10); +- if (ep != p) { +- /* check for valid separator (including '\0') */ +- do { +- if (*ep == *sep) +- valid = true; +- } while (*sep++ != '\0'); +- } +- if (!valid) { +- if (errstr != NULL) +- *errstr = N_("invalid value"); +- errno = EINVAL; +- goto done; +- } + if ((errno == ERANGE && lval == LONG_MAX) || lval > INT_MAX) { + errno = ERANGE; + if (errstr != NULL) +@@ -144,28 +147,31 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr + *errstr = N_("value too small"); + goto done; + } +- ret = (id_t)lval; +- } else { +- unsigned long ulval = strtoul(p, &ep, 10); +- if (ep != p) { +- /* check for valid separator (including '\0') */ +- do { +- if (*ep == *sep) +- valid = true; +- } while (*sep++ != '\0'); +- } +- if (!valid) { ++ ++ /* Disallow id -1, which means "no change". */ ++ if (!valid_separator(p, ep, sep) || lval == -1) { + if (errstr != NULL) + *errstr = N_("invalid value"); + errno = EINVAL; + goto done; + } ++ ret = (id_t)lval; ++ } else { ++ unsigned long ulval = strtoul(p, &ep, 10); + if ((errno == ERANGE && ulval == ULONG_MAX) || ulval > UINT_MAX) { + errno = ERANGE; + if (errstr != NULL) + *errstr = N_("value too large"); + goto done; + } ++ ++ /* Disallow id -1, which means "no change". */ ++ if (!valid_separator(p, ep, sep) || ulval == UINT_MAX) { ++ if (errstr != NULL) ++ *errstr = N_("invalid value"); ++ errno = EINVAL; ++ goto done; ++ } + ret = (id_t)ulval; + } + if (errstr != NULL) +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch b/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch new file mode 100644 index 000000000..453a8b09a --- /dev/null +++ b/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch @@ -0,0 +1,112 @@ +From 396bc57feff3e360007634f62448b64e0626390c Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" <Todd.Miller@sudo.ws> +Date: Thu, 10 Oct 2019 10:04:13 -0600 +Subject: [PATCH] Add sudo_strtoid() tests for -1 and range errors. Also adjust + testsudoers/test5 which relied upon gid -1 parsing. + +Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/396bc57] +CVE: CVE-2019-14287 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +--- + lib/util/regress/atofoo/atofoo_test.c | 36 ++++++++++++++++------ + plugins/sudoers/regress/testsudoers/test5.out.ok | 2 +- + plugins/sudoers/regress/testsudoers/test5.sh | 2 +- + 3 files changed, 29 insertions(+), 11 deletions(-) + +diff --git a/lib/util/regress/atofoo/atofoo_test.c b/lib/util/regress/atofoo/atofoo_test.c +index 031a7ed..fb41c1a 100644 +--- a/lib/util/regress/atofoo/atofoo_test.c ++++ b/lib/util/regress/atofoo/atofoo_test.c +@@ -26,6 +26,7 @@ + #else + # include "compat/stdbool.h" + #endif ++#include <errno.h> + + #include "sudo_compat.h" + #include "sudo_util.h" +@@ -80,15 +81,20 @@ static struct strtoid_data { + id_t id; + const char *sep; + const char *ep; ++ int errnum; + } strtoid_data[] = { +- { "0,1", 0, ",", "," }, +- { "10", 10, NULL, NULL }, +- { "-2", -2, NULL, NULL }, ++ { "0,1", 0, ",", ",", 0 }, ++ { "10", 10, NULL, NULL, 0 }, ++ { "-1", 0, NULL, NULL, EINVAL }, ++ { "4294967295", 0, NULL, NULL, EINVAL }, ++ { "4294967296", 0, NULL, NULL, ERANGE }, ++ { "-2147483649", 0, NULL, NULL, ERANGE }, ++ { "-2", -2, NULL, NULL, 0 }, + #if SIZEOF_ID_T != SIZEOF_LONG_LONG +- { "-2", (id_t)4294967294U, NULL, NULL }, ++ { "-2", (id_t)4294967294U, NULL, NULL, 0 }, + #endif +- { "4294967294", (id_t)4294967294U, NULL, NULL }, +- { NULL, 0, NULL, NULL } ++ { "4294967294", (id_t)4294967294U, NULL, NULL, 0 }, ++ { NULL, 0, NULL, NULL, 0 } + }; + + static int +@@ -104,11 +110,23 @@ test_strtoid(int *ntests) + (*ntests)++; + errstr = "some error"; + value = sudo_strtoid(d->idstr, d->sep, &ep, &errstr); +- if (errstr != NULL) { +- if (d->id != (id_t)-1) { +- sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr); ++ if (d->errnum != 0) { ++ if (errstr == NULL) { ++ sudo_warnx_nodebug("FAIL: %s: missing errstr for errno %d", ++ d->idstr, d->errnum); ++ errors++; ++ } else if (value != 0) { ++ sudo_warnx_nodebug("FAIL: %s should return 0 on error", ++ d->idstr); ++ errors++; ++ } else if (errno != d->errnum) { ++ sudo_warnx_nodebug("FAIL: %s: errno mismatch, %d != %d", ++ d->idstr, errno, d->errnum); + errors++; + } ++ } else if (errstr != NULL) { ++ sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr); ++ errors++; + } else if (value != d->id) { + sudo_warnx_nodebug("FAIL: %s != %u", d->idstr, (unsigned int)d->id); + errors++; +diff --git a/plugins/sudoers/regress/testsudoers/test5.out.ok b/plugins/sudoers/regress/testsudoers/test5.out.ok +index 5e319c9..cecf700 100644 +--- a/plugins/sudoers/regress/testsudoers/test5.out.ok ++++ b/plugins/sudoers/regress/testsudoers/test5.out.ok +@@ -4,7 +4,7 @@ Parse error in sudoers near line 1. + Entries for user root: + + Command unmatched +-testsudoers: test5.inc should be owned by gid 4294967295 ++testsudoers: test5.inc should be owned by gid 4294967294 + Parse error in sudoers near line 1. + + Entries for user root: +diff --git a/plugins/sudoers/regress/testsudoers/test5.sh b/plugins/sudoers/regress/testsudoers/test5.sh +index 9e690a6..94d585c 100755 +--- a/plugins/sudoers/regress/testsudoers/test5.sh ++++ b/plugins/sudoers/regress/testsudoers/test5.sh +@@ -24,7 +24,7 @@ EOF + + # Test group writable + chmod 664 $TESTFILE +-./testsudoers -U $MYUID -G -1 root id <<EOF ++./testsudoers -U $MYUID -G -2 root id <<EOF + #include $TESTFILE + EOF + +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/sudo/sudo_1.8.27.bb b/poky/meta/recipes-extended/sudo/sudo_1.8.27.bb index 9d2d6bd42..0a11a1b28 100644 --- a/poky/meta/recipes-extended/sudo/sudo_1.8.27.bb +++ b/poky/meta/recipes-extended/sudo/sudo_1.8.27.bb @@ -1,8 +1,10 @@ require sudo.inc -SRC_URI = "http://www.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \ +SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ file://0001-Include-sys-types.h-for-id_t-definition.patch \ + file://CVE-2019-14287-1.patch \ + file://CVE-2019-14287-2.patch \ " PAM_SRC_URI = "file://sudo.pam" diff --git a/poky/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch b/poky/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch new file mode 100644 index 000000000..46b111806 --- /dev/null +++ b/poky/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch @@ -0,0 +1,46 @@ +From 603ae4ed8cd65abf0776ef7f68354a5c24a3411c Mon Sep 17 00:00:00 2001 +From: Sebastien GODARD <sysstat@users.noreply.github.com> +Date: Tue, 15 Oct 2019 14:39:33 +0800 +Subject: [PATCH] Fix #232: Memory corruption bug due to Integer Overflow in + remap_struct() + +Try to avoid integer overflow when reading a corrupted binary datafile +with sadf. + +Upstream-Status: Backport [https://github.com/sysstat/sysstat/commit/83fad9c895d1ac13f76af5883b7451b3302beef5] +CVE: CVE-2019-16167 + +Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com> +Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> +--- + sa_common.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/sa_common.c b/sa_common.c +index 395c11c..cfa9007 100644 +--- a/sa_common.c ++++ b/sa_common.c +@@ -1336,7 +1336,8 @@ int remap_struct(unsigned int gtypes_nr[], unsigned int ftypes_nr[], + /* Remap [unsigned] int fields */ + d = gtypes_nr[1] - ftypes_nr[1]; + if (d) { +- if (ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1]) ++ if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + ++ ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1]) + /* Overflow */ + return -1; + +@@ -1365,7 +1366,9 @@ int remap_struct(unsigned int gtypes_nr[], unsigned int ftypes_nr[], + /* Remap possible fields (like strings of chars) following int fields */ + d = gtypes_nr[2] - ftypes_nr[2]; + if (d) { +- if (ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2]) ++ if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + ++ gtypes_nr[1] * UL_ALIGNMENT_WIDTH + ++ ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2]) + /* Overflow */ + return -1; + +-- +1.9.1 + diff --git a/poky/meta/recipes-extended/sysstat/sysstat_12.1.6.bb b/poky/meta/recipes-extended/sysstat/sysstat_12.1.6.bb index 8cf8c36d9..362888d50 100644 --- a/poky/meta/recipes-extended/sysstat/sysstat_12.1.6.bb +++ b/poky/meta/recipes-extended/sysstat/sysstat_12.1.6.bb @@ -2,7 +2,9 @@ require sysstat.inc LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" -SRC_URI += "file://0001-Include-needed-headers-explicitly.patch" +SRC_URI += "file://0001-Include-needed-headers-explicitly.patch \ + file://0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch \ +" SRC_URI[md5sum] = "d8e3bbb9c873dd370f6d33664e326570" SRC_URI[sha256sum] = "f752f3c406153a6fc446496f1102872505ace3f0931d975c1d664c81ec09f129" |