summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
Diffstat (limited to 'meta')
-rw-r--r--meta/classes/cve-check.bbclass31
-rw-r--r--meta/classes/kernel-fitimage.bbclass6
-rw-r--r--meta/classes/kernel-yocto.bbclass3
-rw-r--r--meta/classes/kernel.bbclass2
-rw-r--r--meta/classes/kernelsrc.bbclass2
-rw-r--r--meta/classes/pypi.bbclass4
-rw-r--r--meta/classes/relocatable.bbclass20
-rw-r--r--meta/classes/sanity.bbclass12
-rw-r--r--meta/conf/distro/include/maintainers.inc1
-rw-r--r--meta/conf/distro/include/security_flags.inc2
-rw-r--r--meta/conf/distro/include/yocto-uninative.inc10
-rw-r--r--meta/files/toolchain-shar-extract.sh13
-rw-r--r--meta/lib/oe/package_manager.py37
-rw-r--r--meta/lib/oe/prservice.py4
-rw-r--r--meta/lib/oe/sstatesig.py13
-rw-r--r--meta/lib/oe/utils.py2
-rw-r--r--meta/lib/oeqa/core/utils/concurrencytest.py2
-rw-r--r--meta/lib/oeqa/sdkext/testsdk.py7
-rw-r--r--meta/lib/oeqa/selftest/cases/runtime_test.py2
-rw-r--r--meta/lib/oeqa/selftest/cases/signing.py4
-rw-r--r--meta/lib/oeqa/selftest/context.py6
-rw-r--r--meta/lib/oeqa/targetcontrol.py7
-rw-r--r--meta/lib/oeqa/utils/qemurunner.py16
-rw-r--r--meta/recipes-bsp/u-boot/u-boot-tools.inc65
-rw-r--r--meta/recipes-bsp/u-boot/u-boot-tools_2019.07.bb67
-rw-r--r--meta/recipes-connectivity/avahi/avahi.inc5
-rw-r--r--meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch64
-rw-r--r--meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch18
-rw-r--r--meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch60
-rw-r--r--meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch22
-rw-r--r--meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch31
-rw-r--r--meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch670
-rw-r--r--meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch278
-rw-r--r--meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch512
-rw-r--r--meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch911
-rw-r--r--meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch80
-rw-r--r--meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch140
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2020-8622.patch60
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2020-8623.patch402
-rw-r--r--meta/recipes-connectivity/bind/bind/CVE-2020-8624.patch33
-rw-r--r--meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch15
-rw-r--r--meta/recipes-connectivity/bind/bind_9.11.19.bb (renamed from meta/recipes-connectivity/bind/bind_9.11.5-P4.bb)22
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5.inc2
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch35
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch143
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp/0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch165
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp/0002-Added-shutdown-log-statment-to-dhcrelay.patch29
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp/0003-Addressed-review-comment.patch31
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb3
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb6
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch34
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-take-user-id-from-var-lib-nfs-sm.patch102
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb2
-rw-r--r--meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch46
-rw-r--r--meta/recipes-connectivity/openssh/openssh_8.0p1.bb1
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch758
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.1.1g.bb (renamed from meta/recipes-connectivity/openssl/openssl_1.1.1d.bb)6
-rw-r--r--meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch47
-rw-r--r--meta/recipes-connectivity/ppp/ppp_2.4.7.bb1
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch151
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch62
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch50
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb11
-rw-r--r--meta/recipes-core/busybox/busybox.inc43
-rw-r--r--meta/recipes-core/dbus/dbus/CVE-2020-12049.patch78
-rw-r--r--meta/recipes-core/dbus/dbus_1.12.16.bb1
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0/0020-meson.build-do-not-hardcode-linux-as-the-host-system.patch49
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-6750.patch741
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb2
-rw-r--r--meta/recipes-core/glibc/glibc-testsuite_2.30.bb3
-rw-r--r--meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch35
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2020-10029.patch128
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2020-1751.patch70
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2020-1752.patch66
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2020-6096-1.patch193
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2020-6096-2.patch111
-rw-r--r--meta/recipes-core/glibc/glibc_2.30.bb5
-rw-r--r--meta/recipes-core/images/build-appliance-image_15.0.0.bb2
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch37
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch36
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.9.bb2
-rw-r--r--meta/recipes-core/meta/buildtools-extended-tarball.bb36
-rw-r--r--meta/recipes-core/meta/buildtools-tarball.bb6
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb24
-rw-r--r--meta/recipes-core/meta/dummy-sdk-package.inc3
-rw-r--r--meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb8
-rw-r--r--meta/recipes-core/meta/nativesdk-sdk-provides-dummy.bb5
-rw-r--r--meta/recipes-core/meta/target-sdk-provides-dummy.bb1
-rw-r--r--meta/recipes-core/ncurses/ncurses_6.1+20190803.bb2
-rw-r--r--meta/recipes-core/systemd/systemd/0001-Merge-branch-polkit-ref-count.patch520
-rw-r--r--meta/recipes-core/systemd/systemd/CVE-2020-13776.patch96
-rw-r--r--meta/recipes-core/systemd/systemd_243.2.bb2
-rw-r--r--meta/recipes-devtools/apt/files/apt.conf2
-rw-r--r--meta/recipes-devtools/binutils/binutils/nativesdk-relocation.patch80
-rw-r--r--meta/recipes-devtools/binutils/binutils_2.32.bb5
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch49
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch57
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch76
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb3
-rw-r--r--meta/recipes-devtools/file/file_5.37.bb2
-rw-r--r--meta/recipes-devtools/gcc/gcc-cross-canadian.inc4
-rw-r--r--meta/recipes-devtools/gcc/gcc-cross.inc7
-rw-r--r--meta/recipes-devtools/gcc/gcc-runtime.inc4
-rw-r--r--meta/recipes-devtools/gcc/gcc-target.inc8
-rw-r--r--meta/recipes-devtools/git/git.inc16
-rw-r--r--meta/recipes-devtools/git/git/0001-t-lib-credential-use-test_i18ncmp-to-check-stderr.patch35
-rw-r--r--meta/recipes-devtools/git/git/0002-credential-detect-unrepresentable-values-when-parsin.patch156
-rw-r--r--meta/recipes-devtools/git/git/0003-fsck-detect-gitmodules-URLs-with-embedded-newlines.patch103
-rw-r--r--meta/recipes-devtools/git/git/CVE-2020-11008-1.patch70
-rw-r--r--meta/recipes-devtools/git/git/CVE-2020-11008-2.patch292
-rw-r--r--meta/recipes-devtools/git/git/CVE-2020-11008-3.patch97
-rw-r--r--meta/recipes-devtools/git/git/CVE-2020-11008-4.patch173
-rw-r--r--meta/recipes-devtools/git/git/CVE-2020-11008-5.patch211
-rw-r--r--meta/recipes-devtools/git/git/CVE-2020-11008-6.patch84
-rw-r--r--meta/recipes-devtools/git/git/CVE-2020-11008-7.patch206
-rw-r--r--meta/recipes-devtools/git/git/CVE-2020-11008-8.patch114
-rw-r--r--meta/recipes-devtools/git/git/CVE-2020-11008-9.patch114
-rw-r--r--meta/recipes-devtools/git/git/CVE-2020-5260.patch65
-rw-r--r--meta/recipes-devtools/go/go-1.12.inc4
-rw-r--r--meta/recipes-devtools/go/go-1.12/0001-net-http-cgi-rename-a-test-file-to-be-less-cute.patch28
-rw-r--r--meta/recipes-devtools/go/go-1.12/CVE-2020-15586.patch131
-rw-r--r--meta/recipes-devtools/go/go-1.12/CVE-2020-16845.patch110
-rw-r--r--meta/recipes-devtools/go/go-1.12/CVE-2020-24553.patch429
-rw-r--r--meta/recipes-devtools/mtd/mtd-utils/0001-mtd-utils-Fix-return-value-of-ubiformat.patch62
-rw-r--r--meta/recipes-devtools/mtd/mtd-utils_git.bb1
-rw-r--r--meta/recipes-devtools/patchelf/patchelf/fix-phdrs.patch37
-rw-r--r--meta/recipes-devtools/patchelf/patchelf_0.10.bb1
-rw-r--r--meta/recipes-devtools/perl/files/0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch27
-rw-r--r--meta/recipes-devtools/perl/files/CVE-2020-10543.patch36
-rw-r--r--meta/recipes-devtools/perl/files/CVE-2020-10878_1.patch152
-rw-r--r--meta/recipes-devtools/perl/files/CVE-2020-10878_2.patch36
-rw-r--r--meta/recipes-devtools/perl/files/encodefix.patch20
-rw-r--r--meta/recipes-devtools/perl/files/fix-setgroup.patch49
-rw-r--r--meta/recipes-devtools/perl/files/perl-configpm-switch.patch4
-rw-r--r--meta/recipes-devtools/perl/files/racefix.patch24
-rw-r--r--meta/recipes-devtools/perl/liberror-perl_0.17029.bb (renamed from meta/recipes-devtools/perl/liberror-perl_0.17028.bb)4
-rw-r--r--meta/recipes-devtools/perl/libmodule-build-perl/run-ptest2
-rw-r--r--meta/recipes-devtools/perl/libmodule-build-perl_0.4229.bb3
-rw-r--r--meta/recipes-devtools/perl/perl_5.30.1.bb (renamed from meta/recipes-devtools/perl/perl_5.30.0.bb)36
-rw-r--r--meta/recipes-devtools/pseudo/pseudo.inc2
-rw-r--r--meta/recipes-devtools/python-numpy/files/aarch64/_numpyconfig.h32
-rw-r--r--meta/recipes-devtools/python-numpy/files/aarch64/config.h139
-rw-r--r--meta/recipes-devtools/python-numpy/files/arm/config.h21
-rw-r--r--meta/recipes-devtools/python-numpy/files/arm/numpyconfig.h17
-rw-r--r--meta/recipes-devtools/python-numpy/files/armeb/config.h21
-rw-r--r--meta/recipes-devtools/python-numpy/files/armeb/numpyconfig.h17
-rw-r--r--meta/recipes-devtools/python-numpy/files/mipsarchn32eb/_numpyconfig.h32
-rw-r--r--meta/recipes-devtools/python-numpy/files/mipsarchn32eb/config.h139
-rw-r--r--meta/recipes-devtools/python-numpy/files/mipsarchn32el/_numpyconfig.h31
-rw-r--r--meta/recipes-devtools/python-numpy/files/mipsarchn32el/config.h138
-rw-r--r--meta/recipes-devtools/python-numpy/files/mipsarchn64eb/_numpyconfig.h32
-rw-r--r--meta/recipes-devtools/python-numpy/files/mipsarchn64eb/config.h139
-rw-r--r--meta/recipes-devtools/python-numpy/files/mipsarchn64el/_numpyconfig.h32
-rw-r--r--meta/recipes-devtools/python-numpy/files/mipsarchn64el/config.h138
-rw-r--r--meta/recipes-devtools/python-numpy/files/mipsarcho32eb/_numpyconfig.h32
-rw-r--r--meta/recipes-devtools/python-numpy/files/mipsarcho32eb/config.h139
-rw-r--r--meta/recipes-devtools/python-numpy/files/mipsarcho32el/config.h21
-rw-r--r--meta/recipes-devtools/python-numpy/files/mipsarcho32el/numpyconfig.h18
-rw-r--r--meta/recipes-devtools/python-numpy/files/powerpc/_numpyconfig.h32
-rw-r--r--meta/recipes-devtools/python-numpy/files/powerpc/config.h139
-rw-r--r--meta/recipes-devtools/python-numpy/files/powerpc64/_numpyconfig.h32
-rw-r--r--meta/recipes-devtools/python-numpy/files/powerpc64/config.h139
-rw-r--r--meta/recipes-devtools/python-numpy/files/riscv64/_numpyconfig.h32
-rw-r--r--meta/recipes-devtools/python-numpy/files/riscv64/config.h139
-rw-r--r--meta/recipes-devtools/python-numpy/files/x86-64/_numpyconfig.h32
-rw-r--r--meta/recipes-devtools/python-numpy/files/x86-64/config.h139
-rw-r--r--meta/recipes-devtools/python-numpy/files/x86/config.h108
-rw-r--r--meta/recipes-devtools/python-numpy/files/x86/numpyconfig.h24
-rw-r--r--meta/recipes-devtools/python-numpy/python-numpy.inc68
-rw-r--r--meta/recipes-devtools/python/python-native_2.7.18.bb (renamed from meta/recipes-devtools/python/python-native_2.7.17.bb)0
-rw-r--r--meta/recipes-devtools/python/python.inc6
-rw-r--r--meta/recipes-devtools/python/python3-testtools/no_traceback2.patch23
-rw-r--r--meta/recipes-devtools/python/python3-testtools_2.3.0.bb2
-rw-r--r--meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch29
-rw-r--r--meta/recipes-devtools/python/python3/0017-setup.py-do-not-report-missing-dependencies-for-disa.patch31
-rw-r--r--meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch2
-rw-r--r--meta/recipes-devtools/python/python3/CVE-2020-14422.patch79
-rw-r--r--meta/recipes-devtools/python/python3_3.7.8.bb (renamed from meta/recipes-devtools/python/python3_3.7.6.bb)27
-rw-r--r--meta/recipes-devtools/python/python_2.7.18.bb (renamed from meta/recipes-devtools/python/python_2.7.17.bb)0
-rw-r--r--meta/recipes-devtools/qemu/qemu.inc17
-rw-r--r--meta/recipes-devtools/qemu/qemu/0011-linux-user-remove-host-stime-syscall.patch61
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2019-20382.patch1018
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-10702.patch52
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-10756.patch40
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-11869.patch97
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-13765.patch48
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-14364.patch93
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-15863.patch64
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-16092.patch49
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch64
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-7039-1.patch44
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-7039-2.patch59
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-7039-3.patch64
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-7211.patch46
-rw-r--r--meta/recipes-devtools/ruby/ruby/fix-CVE-2019-16254.patch106
-rw-r--r--meta/recipes-devtools/ruby/ruby_2.5.5.bb1
-rw-r--r--meta/recipes-devtools/strace/strace/Makefile-ptest.patch2
-rwxr-xr-xmeta/recipes-devtools/strace/strace/run-ptest7
-rw-r--r--meta/recipes-extended/bash/bash/bash-CVE-2019-18276.patch402
-rw-r--r--meta/recipes-extended/bash/bash_5.0.bb1
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-10216.patch53
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript_9.27.bb1
-rw-r--r--meta/recipes-extended/libarchive/libarchive/0001-RAR5-reader-reject-files-that-declare-invalid-header.patch124
-rw-r--r--meta/recipes-extended/libarchive/libarchive_3.4.0.bb1
-rw-r--r--meta/recipes-extended/pam/libpam/pam.d/common-password5
-rw-r--r--meta/recipes-extended/screen/screen/CVE-2020-9366.patch48
-rw-r--r--meta/recipes-extended/screen/screen_4.6.2.bb1
-rw-r--r--meta/recipes-extended/timezone/timezone.inc10
-rw-r--r--meta/recipes-gnome/gcr/gcr_3.28.1.bb2
-rw-r--r--meta/recipes-graphics/jpeg/files/0001-rdppm.c-Fix-buf-overrun-caused-by-bad-binary-PPM.patch81
-rw-r--r--meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb1
-rw-r--r--meta/recipes-graphics/mesa/files/0003-Allow-enable-DRI-without-DRI-drivers.patch2
-rw-r--r--meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch66
-rw-r--r--meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18391.patch51
-rw-r--r--meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2020-8002.patch39
-rw-r--r--meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb3
-rw-r--r--meta/recipes-graphics/waffle/waffle_1.6.0.bb5
-rw-r--r--meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf2
-rwxr-xr-xmeta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm8
-rw-r--r--meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb7
-rw-r--r--meta/recipes-graphics/xorg-font/encodings_1.0.5.bb4
-rw-r--r--meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch37
-rw-r--r--meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.5.bb1
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb8
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb8
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_4.19.bb20
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_5.2.bb22
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0001-Fix-SUNRPC-Fix-oops-when-trace-sunrpc_task-events-in.patch94
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0002-Fix-sunrpc-null-rpc_clnt-dereference-in-rpc_task_que.patch44
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0003-Fix-sunrpc-use-signed-integer-for-client-id.patch105
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0004-sunrpc-introduce-lttng_get_clid-helper.patch130
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules_2.10.14.bb (renamed from meta/recipes-kernel/lttng/lttng-modules_2.10.11.bb)12
-rw-r--r--meta/recipes-kernel/perf/perf.bb8
-rw-r--r--meta/recipes-kernel/wireless-regdb/wireless-regdb_2020.04.29.bb (renamed from meta/recipes-kernel/wireless-regdb/wireless-regdb_2019.06.03.bb)3
-rw-r--r--meta/recipes-multimedia/gstreamer/gst-validate_1.16.2.bb (renamed from meta/recipes-multimedia/gstreamer/gst-validate_1.16.1.bb)4
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.2.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.1.bb)4
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.2.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.1.bb)4
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.2.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.1.bb)4
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.2.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.1.bb)4
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.2.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.1.bb)4
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.2.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.1.bb)4
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins.inc2
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-python/0001-meson.build-fix-builds-with-python-3.8.patch24
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.2.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.1.bb)8
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.2.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.1.bb)6
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.2.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.1.bb)4
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.1.bb)6
-rw-r--r--meta/recipes-support/aspell/aspell/CVE-2019-20433-0001.patch999
-rw-r--r--meta/recipes-support/aspell/aspell/CVE-2019-20433-0002.patch68
-rw-r--r--meta/recipes-support/aspell/aspell_0.60.7.bb2
-rw-r--r--meta/recipes-support/attr/acl_2.2.52.bb3
-rw-r--r--meta/recipes-support/attr/attr_2.4.47.bb3
-rw-r--r--meta/recipes-support/gnupg/gnupg_2.2.19.bb (renamed from meta/recipes-support/gnupg/gnupg_2.2.17.bb)4
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2020-13777-a.patch90
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2020-13777-b.patch137
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2020-13777-c.patch68
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch117
-rw-r--r--meta/recipes-support/gnutls/gnutls/posix-shell.patch39
-rw-r--r--meta/recipes-support/gnutls/gnutls_3.6.13.bb (renamed from meta/recipes-support/gnutls/gnutls_3.6.8.bb)9
-rw-r--r--meta/recipes-support/icu/icu/CVE-2020-10531.patch122
-rw-r--r--meta/recipes-support/icu/icu_64.2.bb12
-rw-r--r--meta/recipes-support/iso-codes/iso-codes_4.3.bb2
-rw-r--r--meta/recipes-support/libexif/libexif/CVE-2020-13114.patch73
-rw-r--r--meta/recipes-support/libexif/libexif_0.6.21.bb4
-rw-r--r--meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch41
-rw-r--r--meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch19
-rw-r--r--meta/recipes-support/libpcre/libpcre2_10.33.bb1
-rw-r--r--meta/recipes-support/libpcre/libpcre_8.43.bb1
-rw-r--r--meta/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch110
-rw-r--r--meta/recipes-support/nss/nss_3.45.bb1
-rw-r--r--meta/recipes-support/sqlite/files/CVE-2020-11655.patch32
-rw-r--r--meta/recipes-support/sqlite/sqlite3/CVE-2019-19244.patch33
-rw-r--r--meta/recipes-support/sqlite/sqlite3/CVE-2019-19923.patch50
-rw-r--r--meta/recipes-support/sqlite/sqlite3/CVE-2019-19924.patch65
-rw-r--r--meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch33
-rw-r--r--meta/recipes-support/sqlite/sqlite3/CVE-2019-19926.patch31
-rw-r--r--meta/recipes-support/sqlite/sqlite3/CVE-2019-19959.patch46
-rw-r--r--meta/recipes-support/sqlite/sqlite3/CVE-2019-20218.patch31
-rw-r--r--meta/recipes-support/sqlite/sqlite3_3.29.0.bb11
-rw-r--r--meta/recipes-support/vim/vim_8.1.1518.bb5
282 files changed, 12046 insertions, 6750 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 01b3637469..514897e8b8 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -52,17 +52,20 @@ python do_cve_check () {
52 """ 52 """
53 53
54 if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")): 54 if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
55 patched_cves = get_patches_cves(d) 55 try:
56 patched, unpatched = check_cves(d, patched_cves) 56 patched_cves = get_patches_cves(d)
57 except FileNotFoundError:
58 bb.fatal("Failure in searching patches")
59 whitelisted, patched, unpatched = check_cves(d, patched_cves)
57 if patched or unpatched: 60 if patched or unpatched:
58 cve_data = get_cve_info(d, patched + unpatched) 61 cve_data = get_cve_info(d, patched + unpatched)
59 cve_write_data(d, patched, unpatched, cve_data) 62 cve_write_data(d, patched, unpatched, whitelisted, cve_data)
60 else: 63 else:
61 bb.note("No CVE database found, skipping CVE check") 64 bb.note("No CVE database found, skipping CVE check")
62 65
63} 66}
64 67
65addtask cve_check before do_build 68addtask cve_check before do_build after do_fetch
66do_cve_check[depends] = "cve-update-db-native:do_populate_cve_db" 69do_cve_check[depends] = "cve-update-db-native:do_populate_cve_db"
67do_cve_check[nostamp] = "1" 70do_cve_check[nostamp] = "1"
68 71
@@ -129,6 +132,10 @@ def get_patches_cves(d):
129 for url in src_patches(d): 132 for url in src_patches(d):
130 patch_file = bb.fetch.decodeurl(url)[2] 133 patch_file = bb.fetch.decodeurl(url)[2]
131 134
135 if not os.path.isfile(patch_file):
136 bb.error("File Not found: %s" % patch_file)
137 raise FileNotFoundError
138
132 # Check patch file name for CVE ID 139 # Check patch file name for CVE ID
133 fname_match = cve_file_name_match.search(patch_file) 140 fname_match = cve_file_name_match.search(patch_file)
134 if fname_match: 141 if fname_match:
@@ -172,13 +179,13 @@ def check_cves(d, patched_cves):
172 products = d.getVar("CVE_PRODUCT").split() 179 products = d.getVar("CVE_PRODUCT").split()
173 # If this has been unset then we're not scanning for CVEs here (for example, image recipes) 180 # If this has been unset then we're not scanning for CVEs here (for example, image recipes)
174 if not products: 181 if not products:
175 return ([], []) 182 return ([], [], [])
176 pv = d.getVar("CVE_VERSION").split("+git")[0] 183 pv = d.getVar("CVE_VERSION").split("+git")[0]
177 184
178 # If the recipe has been whitlisted we return empty lists 185 # If the recipe has been whitlisted we return empty lists
179 if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split(): 186 if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split():
180 bb.note("Recipe has been whitelisted, skipping check") 187 bb.note("Recipe has been whitelisted, skipping check")
181 return ([], []) 188 return ([], [], [])
182 189
183 old_cve_whitelist = d.getVar("CVE_CHECK_CVE_WHITELIST") 190 old_cve_whitelist = d.getVar("CVE_CHECK_CVE_WHITELIST")
184 if old_cve_whitelist: 191 if old_cve_whitelist:
@@ -214,7 +221,7 @@ def check_cves(d, patched_cves):
214 (_, _, _, version_start, operator_start, version_end, operator_end) = row 221 (_, _, _, version_start, operator_start, version_end, operator_end) = row
215 #bb.debug(2, "Evaluating row " + str(row)) 222 #bb.debug(2, "Evaluating row " + str(row))
216 223
217 if (operator_start == '=' and pv == version_start): 224 if (operator_start == '=' and pv == version_start) or version_start == '-':
218 vulnerable = True 225 vulnerable = True
219 else: 226 else:
220 if operator_start: 227 if operator_start:
@@ -256,7 +263,7 @@ def check_cves(d, patched_cves):
256 263
257 conn.close() 264 conn.close()
258 265
259 return (list(patched_cves), cves_unpatched) 266 return (list(cve_whitelist), list(patched_cves), cves_unpatched)
260 267
261def get_cve_info(d, cves): 268def get_cve_info(d, cves):
262 """ 269 """
@@ -280,7 +287,7 @@ def get_cve_info(d, cves):
280 conn.close() 287 conn.close()
281 return cve_data 288 return cve_data
282 289
283def cve_write_data(d, patched, unpatched, cve_data): 290def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
284 """ 291 """
285 Write CVE information in WORKDIR; and to CVE_CHECK_DIR, and 292 Write CVE information in WORKDIR; and to CVE_CHECK_DIR, and
286 CVE manifest if enabled. 293 CVE manifest if enabled.
@@ -294,9 +301,11 @@ def cve_write_data(d, patched, unpatched, cve_data):
294 301
295 for cve in sorted(cve_data): 302 for cve in sorted(cve_data):
296 write_string += "PACKAGE NAME: %s\n" % d.getVar("PN") 303 write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
297 write_string += "PACKAGE VERSION: %s\n" % d.getVar("PV") 304 write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV"))
298 write_string += "CVE: %s\n" % cve 305 write_string += "CVE: %s\n" % cve
299 if cve in patched: 306 if cve in whitelisted:
307 write_string += "CVE STATUS: Whitelisted\n"
308 elif cve in patched:
300 write_string += "CVE STATUS: Patched\n" 309 write_string += "CVE STATUS: Patched\n"
301 else: 310 else:
302 unpatched_cves.append(cve) 311 unpatched_cves.append(cve)
diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index 1bcb09c598..6cd1b76fde 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -53,6 +53,9 @@ UBOOT_MKIMAGE_DTCOPTS ??= ""
53# fitImage Hash Algo 53# fitImage Hash Algo
54FIT_HASH_ALG ?= "sha256" 54FIT_HASH_ALG ?= "sha256"
55 55
56# fitImage Signature Algo
57FIT_SIGN_ALG ?= "rsa2048"
58
56# 59#
57# Emit the fitImage ITS header 60# Emit the fitImage ITS header
58# 61#
@@ -246,6 +249,7 @@ EOF
246fitimage_emit_section_config() { 249fitimage_emit_section_config() {
247 250
248 conf_csum="${FIT_HASH_ALG}" 251 conf_csum="${FIT_HASH_ALG}"
252 conf_sign_algo="${FIT_SIGN_ALG}"
249 if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then 253 if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then
250 conf_sign_keyname="${UBOOT_SIGN_KEYNAME}" 254 conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
251 fi 255 fi
@@ -327,7 +331,7 @@ EOF
327 331
328 cat << EOF >> ${1} 332 cat << EOF >> ${1}
329 signature@1 { 333 signature@1 {
330 algo = "${conf_csum},rsa2048"; 334 algo = "${conf_csum},${conf_sign_algo}";
331 key-name-hint = "${conf_sign_keyname}"; 335 key-name-hint = "${conf_sign_keyname}";
332 ${sign_line} 336 ${sign_line}
333 }; 337 };
diff --git a/meta/classes/kernel-yocto.bbclass b/meta/classes/kernel-yocto.bbclass
index ed9bcfa57c..ab05ac91f4 100644
--- a/meta/classes/kernel-yocto.bbclass
+++ b/meta/classes/kernel-yocto.bbclass
@@ -1,5 +1,5 @@
1# remove tasks that modify the source tree in case externalsrc is inherited 1# remove tasks that modify the source tree in case externalsrc is inherited
2SRCTREECOVEREDTASKS += "do_kernel_configme do_validate_branches do_kernel_configcheck do_kernel_checkout do_fetch do_unpack do_patch" 2SRCTREECOVEREDTASKS += "do_validate_branches do_kernel_configcheck do_kernel_checkout do_fetch do_unpack do_patch"
3PATCH_GIT_USER_EMAIL ?= "kernel-yocto@oe" 3PATCH_GIT_USER_EMAIL ?= "kernel-yocto@oe"
4PATCH_GIT_USER_NAME ?= "OpenEmbedded" 4PATCH_GIT_USER_NAME ?= "OpenEmbedded"
5 5
@@ -301,6 +301,7 @@ do_validate_branches[depends] = "kern-tools-native:do_populate_sysroot"
301do_kernel_configme[depends] += "virtual/${TARGET_PREFIX}binutils:do_populate_sysroot" 301do_kernel_configme[depends] += "virtual/${TARGET_PREFIX}binutils:do_populate_sysroot"
302do_kernel_configme[depends] += "virtual/${TARGET_PREFIX}gcc:do_populate_sysroot" 302do_kernel_configme[depends] += "virtual/${TARGET_PREFIX}gcc:do_populate_sysroot"
303do_kernel_configme[depends] += "bc-native:do_populate_sysroot bison-native:do_populate_sysroot" 303do_kernel_configme[depends] += "bc-native:do_populate_sysroot bison-native:do_populate_sysroot"
304do_kernel_configme[depends] += "kern-tools-native:do_populate_sysroot"
304do_kernel_configme[dirs] += "${S} ${B}" 305do_kernel_configme[dirs] += "${S} ${B}"
305do_kernel_configme() { 306do_kernel_configme() {
306 set +e 307 set +e
diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index 750988f4e5..9ace74564c 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -452,7 +452,7 @@ do_shared_workdir () {
452 452
453 # Copy files required for module builds 453 # Copy files required for module builds
454 cp System.map $kerneldir/System.map-${KERNEL_VERSION} 454 cp System.map $kerneldir/System.map-${KERNEL_VERSION}
455 cp Module.symvers $kerneldir/ 455 [ -e Module.symvers ] && cp Module.symvers $kerneldir/
456 cp .config $kerneldir/ 456 cp .config $kerneldir/
457 mkdir -p $kerneldir/include/config 457 mkdir -p $kerneldir/include/config
458 cp include/config/kernel.release $kerneldir/include/config/kernel.release 458 cp include/config/kernel.release $kerneldir/include/config/kernel.release
diff --git a/meta/classes/kernelsrc.bbclass b/meta/classes/kernelsrc.bbclass
index 675d40ec9a..a951ba3325 100644
--- a/meta/classes/kernelsrc.bbclass
+++ b/meta/classes/kernelsrc.bbclass
@@ -1,7 +1,7 @@
1S = "${STAGING_KERNEL_DIR}" 1S = "${STAGING_KERNEL_DIR}"
2deltask do_fetch 2deltask do_fetch
3deltask do_unpack 3deltask do_unpack
4do_patch[depends] += "virtual/kernel:do_patch" 4do_patch[depends] += "virtual/kernel:do_shared_workdir"
5do_patch[noexec] = "1" 5do_patch[noexec] = "1"
6do_package[depends] += "virtual/kernel:do_populate_sysroot" 6do_package[depends] += "virtual/kernel:do_populate_sysroot"
7KERNEL_VERSION = "${@get_kernelversion_file("${STAGING_KERNEL_BUILDDIR}")}" 7KERNEL_VERSION = "${@get_kernelversion_file("${STAGING_KERNEL_BUILDDIR}")}"
diff --git a/meta/classes/pypi.bbclass b/meta/classes/pypi.bbclass
index e5d7ab3ce1..87b4c85fc0 100644
--- a/meta/classes/pypi.bbclass
+++ b/meta/classes/pypi.bbclass
@@ -22,5 +22,5 @@ SECTION = "devel/python"
22SRC_URI += "${PYPI_SRC_URI}" 22SRC_URI += "${PYPI_SRC_URI}"
23S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}" 23S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}"
24 24
25UPSTREAM_CHECK_URI ?= "https://pypi.python.org/pypi/${PYPI_PACKAGE}/" 25UPSTREAM_CHECK_URI ?= "https://pypi.org/project/${PYPI_PACKAGE}/"
26UPSTREAM_CHECK_REGEX ?= "/${PYPI_PACKAGE}/(?P<pver>(\d+[\.\-_]*)+)" 26UPSTREAM_CHECK_REGEX ?= "/${PYPI_PACKAGE}/(?P<pver>(\d+[\.\-_]*)+)/"
diff --git a/meta/classes/relocatable.bbclass b/meta/classes/relocatable.bbclass
index 582812c1cf..af04be5cca 100644
--- a/meta/classes/relocatable.bbclass
+++ b/meta/classes/relocatable.bbclass
@@ -6,13 +6,15 @@ python relocatable_binaries_preprocess() {
6 rpath_replace(d.expand('${SYSROOT_DESTDIR}'), d) 6 rpath_replace(d.expand('${SYSROOT_DESTDIR}'), d)
7} 7}
8 8
9relocatable_native_pcfiles () { 9relocatable_native_pcfiles() {
10 if [ -d ${SYSROOT_DESTDIR}${libdir}/pkgconfig ]; then 10 for dir in ${libdir}/pkgconfig ${datadir}/pkgconfig; do
11 rel=${@os.path.relpath(d.getVar('base_prefix'), d.getVar('libdir') + "/pkgconfig")} 11 files_template=${SYSROOT_DESTDIR}$dir/*.pc
12 sed -i -e "s:${base_prefix}:\${pcfiledir}/$rel:g" ${SYSROOT_DESTDIR}${libdir}/pkgconfig/*.pc 12 # Expand to any files matching $files_template
13 fi 13 files=$(echo $files_template)
14 if [ -d ${SYSROOT_DESTDIR}${datadir}/pkgconfig ]; then 14 # $files_template and $files will differ if any files were found
15 rel=${@os.path.relpath(d.getVar('base_prefix'), d.getVar('datadir') + "/pkgconfig")} 15 if [ "$files_template" != "$files" ]; then
16 sed -i -e "s:${base_prefix}:\${pcfiledir}/$rel:g" ${SYSROOT_DESTDIR}${datadir}/pkgconfig/*.pc 16 rel=$(realpath -m --relative-to=$dir ${base_prefix})
17 fi 17 sed -i -e "s:${base_prefix}:\${pcfiledir}/$rel:g" $files
18 fi
19 done
18} 20}
diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index 936fe913b4..5c2f8f9d75 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -625,13 +625,14 @@ def check_sanity_version_change(status, d):
625 # In other words, these tests run once in a given build directory and then 625 # In other words, these tests run once in a given build directory and then
626 # never again until the sanity version or host distrubution id/version changes. 626 # never again until the sanity version or host distrubution id/version changes.
627 627
628 # Check the python install is complete. glib-2.0-natives requries 628 # Check the python install is complete. Examples that are often removed in
629 # xml.parsers.expat 629 # minimal installations: glib-2.0-natives requries # xml.parsers.expat and icu
630 # requires distutils.sysconfig.
630 try: 631 try:
631 import xml.parsers.expat 632 import xml.parsers.expat
632 except ImportError: 633 import distutils.sysconfig
633 status.addresult('Your python is not a full install. Please install the module xml.parsers.expat (python-xml on openSUSE and SUSE Linux).\n') 634 except ImportError as e:
634 import stat 635 status.addresult('Your Python 3 is not a full install. Please install the module %s (see the Getting Started guide for further information).\n' % e.name)
635 636
636 status.addresult(check_make_version(d)) 637 status.addresult(check_make_version(d))
637 status.addresult(check_patch_version(d)) 638 status.addresult(check_patch_version(d))
@@ -667,6 +668,7 @@ def check_sanity_version_change(status, d):
667 status.addresult('Please use ASSUME_PROVIDED +=, not ASSUME_PROVIDED = in your local.conf\n') 668 status.addresult('Please use ASSUME_PROVIDED +=, not ASSUME_PROVIDED = in your local.conf\n')
668 669
669 # Check that TMPDIR isn't on a filesystem with limited filename length (eg. eCryptFS) 670 # Check that TMPDIR isn't on a filesystem with limited filename length (eg. eCryptFS)
671 import stat
670 tmpdir = d.getVar('TMPDIR') 672 tmpdir = d.getVar('TMPDIR')
671 status.addresult(check_create_long_filename(tmpdir, "TMPDIR")) 673 status.addresult(check_create_long_filename(tmpdir, "TMPDIR"))
672 tmpdirmode = os.stat(tmpdir).st_mode 674 tmpdirmode = os.stat(tmpdir).st_mode
diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
index ab0c6c5541..7494873190 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -82,6 +82,7 @@ RECIPE_MAINTAINER_pn-build-appliance-image = "Richard Purdie <richard.purdie@lin
82RECIPE_MAINTAINER_pn-build-compare = "Paul Eggleton <paul.eggleton@linux.intel.com>" 82RECIPE_MAINTAINER_pn-build-compare = "Paul Eggleton <paul.eggleton@linux.intel.com>"
83RECIPE_MAINTAINER_pn-build-sysroots = "Richard Purdie <richard.purdie@linuxfoundation.org>" 83RECIPE_MAINTAINER_pn-build-sysroots = "Richard Purdie <richard.purdie@linuxfoundation.org>"
84RECIPE_MAINTAINER_pn-builder = "Richard Purdie <richard.purdie@linuxfoundation.org>" 84RECIPE_MAINTAINER_pn-builder = "Richard Purdie <richard.purdie@linuxfoundation.org>"
85RECIPE_MAINTAINER_pn-buildtools-extended-tarball = "Richard Purdie <richard.purdie@linuxfoundation.org>"
85RECIPE_MAINTAINER_pn-buildtools-tarball = "Richard Purdie <richard.purdie@linuxfoundation.org>" 86RECIPE_MAINTAINER_pn-buildtools-tarball = "Richard Purdie <richard.purdie@linuxfoundation.org>"
86RECIPE_MAINTAINER_pn-busybox = "Andrej Valek <andrej.valek@siemens.com>" 87RECIPE_MAINTAINER_pn-busybox = "Andrej Valek <andrej.valek@siemens.com>"
87RECIPE_MAINTAINER_pn-busybox-inittab = "Denys Dmytriyenko <denys@ti.com>" 88RECIPE_MAINTAINER_pn-busybox-inittab = "Denys Dmytriyenko <denys@ti.com>"
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index aaf04e9e59..568d03693c 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -57,6 +57,8 @@ SECURITY_STRINGFORMAT_pn-gcc = ""
57 57
58TARGET_CC_ARCH_append_class-target = " ${SECURITY_CFLAGS}" 58TARGET_CC_ARCH_append_class-target = " ${SECURITY_CFLAGS}"
59TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}" 59TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
60TARGET_CC_ARCH_append_class-cross-canadian = " ${SECURITY_CFLAGS}"
61TARGET_LDFLAGS_append_class-cross-canadian = " ${SECURITY_LDFLAGS}"
60 62
61SECURITY_STACK_PROTECTOR_pn-gcc-runtime = "" 63SECURITY_STACK_PROTECTOR_pn-gcc-runtime = ""
62SECURITY_STACK_PROTECTOR_pn-glibc = "" 64SECURITY_STACK_PROTECTOR_pn-glibc = ""
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index ad75d3e2a3..69b6edee5f 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,9 +6,9 @@
6# to the distro running on the build machine. 6# to the distro running on the build machine.
7# 7#
8 8
9UNINATIVE_MAXGLIBCVERSION = "2.30" 9UNINATIVE_MAXGLIBCVERSION = "2.32"
10 10
11UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.7/" 11UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.9/"
12UNINATIVE_CHECKSUM[aarch64] ?= "e76a45886ee8a0b3904b761c17ac8ff91edf9811ee455f1832d10763ba794dfc" 12UNINATIVE_CHECKSUM[aarch64] ?= "9f25a667aee225b1dd65c4aea73e01983e825b1cb9b56937932a1ee328b45f81"
13UNINATIVE_CHECKSUM[i686] ?= "810d027dfb1c7675226afbcec07808770516c969ee7378f6d8240281083f8924" 13UNINATIVE_CHECKSUM[i686] ?= "cae5d73245d95b07cf133b780ba3f6c8d0adca3ffc4e7e7fab999961d5e24d36"
14UNINATIVE_CHECKSUM[x86_64] ?= "9498d8bba047499999a7310ac2576d0796461184965351a56f6d32c888a1f216" 14UNINATIVE_CHECKSUM[x86_64] ?= "d07916b95c419c81541a19c8ef0ed8cbd78ae18437ff28a4c8a60ef40518e423"
diff --git a/meta/files/toolchain-shar-extract.sh b/meta/files/toolchain-shar-extract.sh
index ccc4f4e1ac..2e0fe94963 100644
--- a/meta/files/toolchain-shar-extract.sh
+++ b/meta/files/toolchain-shar-extract.sh
@@ -1,13 +1,8 @@
1#!/bin/sh 1#!/bin/sh
2 2
3[ -z "$ENVCLEANED" ] && exec /usr/bin/env -i ENVCLEANED=1 HOME="$HOME" \ 3export LC_ALL=en_US.UTF-8
4 LC_ALL=en_US.UTF-8 \ 4# Remove invalid PATH elements first (maybe from a previously setup toolchain now deleted
5 TERM=$TERM \ 5PATH=`python3 -c 'import os; print(":".join(e for e in os.environ["PATH"].split(":") if os.path.exists(e)))'`
6 ICECC_PATH="$ICECC_PATH" \
7 http_proxy="$http_proxy" https_proxy="$https_proxy" ftp_proxy="$ftp_proxy" \
8 no_proxy="$no_proxy" all_proxy="$all_proxy" GIT_PROXY_COMMAND="$GIT_PROXY_COMMAND" "$0" "$@"
9[ -f /etc/environment ] && . /etc/environment
10export PATH=`echo "$PATH" | sed -e 's/:\.//' -e 's/::/:/'`
11 6
12tweakpath () { 7tweakpath () {
13 case ":${PATH}:" in 8 case ":${PATH}:" in
@@ -249,7 +244,7 @@ if [ @SDK_ARCHIVE_TYPE@ = "zip" ]; then
249 rm sdk.zip && exit 1 244 rm sdk.zip && exit 1
250 fi 245 fi
251else 246else
252 tail -n +$payload_offset $0| $SUDO_EXEC tar xJ -C $target_sdk_dir --checkpoint=.2500 $EXTRA_TAR_OPTIONS || exit 1 247 tail -n +$payload_offset $0| $SUDO_EXEC tar mxJ -C $target_sdk_dir --checkpoint=.2500 $EXTRA_TAR_OPTIONS || exit 1
253fi 248fi
254echo "done" 249echo "done"
255 250
diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py
index 7c373715ad..e0b15dc9b4 100644
--- a/meta/lib/oe/package_manager.py
+++ b/meta/lib/oe/package_manager.py
@@ -40,8 +40,9 @@ def opkg_query(cmd_output):
40 ver = "" 40 ver = ""
41 filename = "" 41 filename = ""
42 dep = [] 42 dep = []
43 prov = []
43 pkgarch = "" 44 pkgarch = ""
44 for line in cmd_output.splitlines(): 45 for line in cmd_output.splitlines()+['']:
45 line = line.rstrip() 46 line = line.rstrip()
46 if ':' in line: 47 if ':' in line:
47 if line.startswith("Package: "): 48 if line.startswith("Package: "):
@@ -64,6 +65,10 @@ def opkg_query(cmd_output):
64 dep.append("%s [REC]" % recommend) 65 dep.append("%s [REC]" % recommend)
65 elif line.startswith("PackageArch: "): 66 elif line.startswith("PackageArch: "):
66 pkgarch = line.split(": ")[1] 67 pkgarch = line.split(": ")[1]
68 elif line.startswith("Provides: "):
69 provides = verregex.sub('', line.split(": ")[1])
70 for provide in provides.split(", "):
71 prov.append(provide)
67 72
68 # When there is a blank line save the package information 73 # When there is a blank line save the package information
69 elif not line: 74 elif not line:
@@ -72,20 +77,15 @@ def opkg_query(cmd_output):
72 filename = "%s_%s_%s.ipk" % (pkg, ver, arch) 77 filename = "%s_%s_%s.ipk" % (pkg, ver, arch)
73 if pkg: 78 if pkg:
74 output[pkg] = {"arch":arch, "ver":ver, 79 output[pkg] = {"arch":arch, "ver":ver,
75 "filename":filename, "deps": dep, "pkgarch":pkgarch } 80 "filename":filename, "deps": dep, "pkgarch":pkgarch, "provs": prov}
76 pkg = "" 81 pkg = ""
77 arch = "" 82 arch = ""
78 ver = "" 83 ver = ""
79 filename = "" 84 filename = ""
80 dep = [] 85 dep = []
86 prov = []
81 pkgarch = "" 87 pkgarch = ""
82 88
83 if pkg:
84 if not filename:
85 filename = "%s_%s_%s.ipk" % (pkg, ver, arch)
86 output[pkg] = {"arch":arch, "ver":ver,
87 "filename":filename, "deps": dep }
88
89 return output 89 return output
90 90
91def failed_postinsts_abort(pkgs, log_path): 91def failed_postinsts_abort(pkgs, log_path):
@@ -360,7 +360,7 @@ class DpkgPkgsList(PkgsList):
360 "--admindir=%s/var/lib/dpkg" % self.rootfs_dir, 360 "--admindir=%s/var/lib/dpkg" % self.rootfs_dir,
361 "-W"] 361 "-W"]
362 362
363 cmd.append("-f=Package: ${Package}\nArchitecture: ${PackageArch}\nVersion: ${Version}\nFile: ${Package}_${Version}_${Architecture}.deb\nDepends: ${Depends}\nRecommends: ${Recommends}\n\n") 363 cmd.append("-f=Package: ${Package}\nArchitecture: ${PackageArch}\nVersion: ${Version}\nFile: ${Package}_${Version}_${Architecture}.deb\nDepends: ${Depends}\nRecommends: ${Recommends}\nProvides: ${Provides}\n\n")
364 364
365 try: 365 try:
366 cmd_output = subprocess.check_output(cmd, stderr=subprocess.STDOUT).strip().decode("utf-8") 366 cmd_output = subprocess.check_output(cmd, stderr=subprocess.STDOUT).strip().decode("utf-8")
@@ -578,6 +578,11 @@ class PackageManager(object, metaclass=ABCMeta):
578 # oe-pkgdata-util reads it from a file 578 # oe-pkgdata-util reads it from a file
579 with tempfile.NamedTemporaryFile(mode="w+", prefix="installed-pkgs") as installed_pkgs: 579 with tempfile.NamedTemporaryFile(mode="w+", prefix="installed-pkgs") as installed_pkgs:
580 pkgs = self.list_installed() 580 pkgs = self.list_installed()
581
582 provided_pkgs = set()
583 for pkg in pkgs.values():
584 provided_pkgs |= set(pkg.get('provs', []))
585
581 output = oe.utils.format_pkg_list(pkgs, "arch") 586 output = oe.utils.format_pkg_list(pkgs, "arch")
582 installed_pkgs.write(output) 587 installed_pkgs.write(output)
583 installed_pkgs.flush() 588 installed_pkgs.flush()
@@ -589,10 +594,15 @@ class PackageManager(object, metaclass=ABCMeta):
589 if exclude: 594 if exclude:
590 cmd.extend(['--exclude=' + '|'.join(exclude.split())]) 595 cmd.extend(['--exclude=' + '|'.join(exclude.split())])
591 try: 596 try:
592 bb.note("Installing complementary packages ...")
593 bb.note('Running %s' % cmd) 597 bb.note('Running %s' % cmd)
594 complementary_pkgs = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8") 598 complementary_pkgs = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8")
595 self.install(complementary_pkgs.split(), attempt_only=True) 599 complementary_pkgs = set(complementary_pkgs.split())
600 skip_pkgs = sorted(complementary_pkgs & provided_pkgs)
601 install_pkgs = sorted(complementary_pkgs - provided_pkgs)
602 bb.note("Installing complementary packages ... %s (skipped already provided packages %s)" % (
603 ' '.join(install_pkgs),
604 ' '.join(skip_pkgs)))
605 self.install(install_pkgs, attempt_only=True)
596 except subprocess.CalledProcessError as e: 606 except subprocess.CalledProcessError as e:
597 bb.fatal("Could not compute complementary packages list. Command " 607 bb.fatal("Could not compute complementary packages list. Command "
598 "'%s' returned %d:\n%s" % 608 "'%s' returned %d:\n%s" %
@@ -1619,7 +1629,7 @@ class DpkgPM(OpkgDpkgPM):
1619 1629
1620 os.environ['APT_CONFIG'] = self.apt_conf_file 1630 os.environ['APT_CONFIG'] = self.apt_conf_file
1621 1631
1622 cmd = "%s %s install --force-yes --allow-unauthenticated %s" % \ 1632 cmd = "%s %s install --force-yes --allow-unauthenticated --no-remove %s" % \
1623 (self.apt_get_cmd, self.apt_args, ' '.join(pkgs)) 1633 (self.apt_get_cmd, self.apt_args, ' '.join(pkgs))
1624 1634
1625 try: 1635 try:
@@ -1781,8 +1791,7 @@ class DpkgPM(OpkgDpkgPM):
1781 open(os.path.join(target_dpkg_dir, "available"), "w+").close() 1791 open(os.path.join(target_dpkg_dir, "available"), "w+").close()
1782 1792
1783 def remove_packaging_data(self): 1793 def remove_packaging_data(self):
1784 bb.utils.remove(os.path.join(self.target_rootfs, 1794 bb.utils.remove(self.target_rootfs + self.d.getVar('opkglibdir'), True)
1785 self.d.getVar('opkglibdir')), True)
1786 bb.utils.remove(self.target_rootfs + "/var/lib/dpkg/", True) 1795 bb.utils.remove(self.target_rootfs + "/var/lib/dpkg/", True)
1787 1796
1788 def fix_broken_dependencies(self): 1797 def fix_broken_dependencies(self):
diff --git a/meta/lib/oe/prservice.py b/meta/lib/oe/prservice.py
index b1132ccb11..3a5ef8d921 100644
--- a/meta/lib/oe/prservice.py
+++ b/meta/lib/oe/prservice.py
@@ -3,6 +3,10 @@
3# 3#
4 4
5def prserv_make_conn(d, check = False): 5def prserv_make_conn(d, check = False):
6 # Otherwise this fails when called from recipes which e.g. inherit python3native (which sets _PYTHON_SYSCONFIGDATA_NAME) with:
7 # No module named '_sysconfigdata'
8 if '_PYTHON_SYSCONFIGDATA_NAME' in os.environ:
9 del os.environ['_PYTHON_SYSCONFIGDATA_NAME']
6 import prserv.serv 10 import prserv.serv
7 host_params = list([_f for _f in (d.getVar("PRSERV_HOST") or '').split(':') if _f]) 11 host_params = list([_f for _f in (d.getVar("PRSERV_HOST") or '').split(':') if _f])
8 try: 12 try:
diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py
index b2316b12b8..f1abff0c45 100644
--- a/meta/lib/oe/sstatesig.py
+++ b/meta/lib/oe/sstatesig.py
@@ -151,6 +151,13 @@ class SignatureGeneratorOEBasicHashMixIn(object):
151 151
152 def get_taskhash(self, tid, deps, dataCache): 152 def get_taskhash(self, tid, deps, dataCache):
153 h = super(bb.siggen.SignatureGeneratorBasicHash, self).get_taskhash(tid, deps, dataCache) 153 h = super(bb.siggen.SignatureGeneratorBasicHash, self).get_taskhash(tid, deps, dataCache)
154 if tid in self.lockedhashes:
155 if self.lockedhashes[tid]:
156 return self.lockedhashes[tid]
157 else:
158 return h
159
160 h = super(bb.siggen.SignatureGeneratorBasicHash, self).get_taskhash(tid, deps, dataCache)
154 161
155 (mc, _, task, fn) = bb.runqueue.split_tid_mcfn(tid) 162 (mc, _, task, fn) = bb.runqueue.split_tid_mcfn(tid)
156 163
@@ -187,17 +194,19 @@ class SignatureGeneratorOEBasicHashMixIn(object):
187 % (recipename, task, h, h_locked, var)) 194 % (recipename, task, h, h_locked, var))
188 195
189 return h_locked 196 return h_locked
197
198 self.lockedhashes[tid] = False
190 #bb.warn("%s %s %s" % (recipename, task, h)) 199 #bb.warn("%s %s %s" % (recipename, task, h))
191 return h 200 return h
192 201
193 def get_unihash(self, tid): 202 def get_unihash(self, tid):
194 if tid in self.lockedhashes: 203 if tid in self.lockedhashes and self.lockedhashes[tid]:
195 return self.lockedhashes[tid] 204 return self.lockedhashes[tid]
196 return super().get_unihash(tid) 205 return super().get_unihash(tid)
197 206
198 def dump_sigtask(self, fn, task, stampbase, runtime): 207 def dump_sigtask(self, fn, task, stampbase, runtime):
199 tid = fn + ":" + task 208 tid = fn + ":" + task
200 if tid in self.lockedhashes: 209 if tid in self.lockedhashes and self.lockedhashes[tid]:
201 return 210 return
202 super(bb.siggen.SignatureGeneratorBasicHash, self).dump_sigtask(fn, task, stampbase, runtime) 211 super(bb.siggen.SignatureGeneratorBasicHash, self).dump_sigtask(fn, task, stampbase, runtime)
203 212
diff --git a/meta/lib/oe/utils.py b/meta/lib/oe/utils.py
index 652b2be145..144c123a0e 100644
--- a/meta/lib/oe/utils.py
+++ b/meta/lib/oe/utils.py
@@ -387,7 +387,7 @@ def host_gcc_version(d, taskcontextonly=False):
387 except subprocess.CalledProcessError as e: 387 except subprocess.CalledProcessError as e:
388 bb.fatal("Error running %s --version: %s" % (compiler, e.output.decode("utf-8"))) 388 bb.fatal("Error running %s --version: %s" % (compiler, e.output.decode("utf-8")))
389 389
390 match = re.match(r".* (\d\.\d)\.\d.*", output.split('\n')[0]) 390 match = re.match(r".* (\d+\.\d+)\.\d+.*", output.split('\n')[0])
391 if not match: 391 if not match:
392 bb.fatal("Can't get compiler version from %s --version output" % compiler) 392 bb.fatal("Can't get compiler version from %s --version output" % compiler)
393 393
diff --git a/meta/lib/oeqa/core/utils/concurrencytest.py b/meta/lib/oeqa/core/utils/concurrencytest.py
index 0f7b3dcc11..e6b14da89d 100644
--- a/meta/lib/oeqa/core/utils/concurrencytest.py
+++ b/meta/lib/oeqa/core/utils/concurrencytest.py
@@ -261,7 +261,7 @@ def fork_for_tests(concurrency_num, suite):
261 oe.path.copytree(selftestdir, newselftestdir) 261 oe.path.copytree(selftestdir, newselftestdir)
262 262
263 for e in os.environ: 263 for e in os.environ:
264 if builddir in os.environ[e]: 264 if builddir + "/" in os.environ[e] or os.environ[e].endswith(builddir):
265 os.environ[e] = os.environ[e].replace(builddir, newbuilddir) 265 os.environ[e] = os.environ[e].replace(builddir, newbuilddir)
266 266
267 subprocess.check_output("git init; git add *; git commit -a -m 'initial'", cwd=newselftestdir, shell=True) 267 subprocess.check_output("git init; git add *; git commit -a -m 'initial'", cwd=newselftestdir, shell=True)
diff --git a/meta/lib/oeqa/sdkext/testsdk.py b/meta/lib/oeqa/sdkext/testsdk.py
index 785b5dda53..c5c46df6cd 100644
--- a/meta/lib/oeqa/sdkext/testsdk.py
+++ b/meta/lib/oeqa/sdkext/testsdk.py
@@ -25,11 +25,8 @@ class TestSDKExt(TestSDKBase):
25 25
26 subprocesstweak.errors_have_output() 26 subprocesstweak.errors_have_output()
27 27
28 # extensible sdk can be contaminated if native programs are 28 # We need the original PATH for testing the eSDK, not with our manipulations
29 # in PATH, i.e. use perl-native instead of eSDK one. 29 os.environ['PATH'] = d.getVar("BB_ORIGENV", False).getVar("PATH")
30 paths_to_avoid = [d.getVar('STAGING_DIR'),
31 d.getVar('BASE_WORKDIR')]
32 os.environ['PATH'] = avoid_paths_in_environ(paths_to_avoid)
33 30
34 tcname = d.expand("${SDK_DEPLOY}/${TOOLCHAINEXT_OUTPUTNAME}.sh") 31 tcname = d.expand("${SDK_DEPLOY}/${TOOLCHAINEXT_OUTPUTNAME}.sh")
35 if not os.path.exists(tcname): 32 if not os.path.exists(tcname):
diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py
index 7d3922ce44..d4fea91350 100644
--- a/meta/lib/oeqa/selftest/cases/runtime_test.py
+++ b/meta/lib/oeqa/selftest/cases/runtime_test.py
@@ -166,7 +166,7 @@ class TestImage(OESelftestTestCase):
166 bitbake('core-image-full-cmdline socat') 166 bitbake('core-image-full-cmdline socat')
167 bitbake('-c testimage core-image-full-cmdline') 167 bitbake('-c testimage core-image-full-cmdline')
168 168
169 def test_testimage_virgl_gtk(self): 169 def disabled_test_testimage_virgl_gtk(self):
170 """ 170 """
171 Summary: Check host-assisted accelerate OpenGL functionality in qemu with gtk frontend 171 Summary: Check host-assisted accelerate OpenGL functionality in qemu with gtk frontend
172 Expected: 1. Check that virgl kernel driver is loaded and 3d acceleration is enabled 172 Expected: 1. Check that virgl kernel driver is loaded and 3d acceleration is enabled
diff --git a/meta/lib/oeqa/selftest/cases/signing.py b/meta/lib/oeqa/selftest/cases/signing.py
index 5c4e01b2c3..5b8f9bbd38 100644
--- a/meta/lib/oeqa/selftest/cases/signing.py
+++ b/meta/lib/oeqa/selftest/cases/signing.py
@@ -44,7 +44,9 @@ class Signing(OESelftestTestCase):
44 origenv = os.environ.copy() 44 origenv = os.environ.copy()
45 45
46 for e in os.environ: 46 for e in os.environ:
47 if builddir in os.environ[e]: 47 if builddir + "/" in os.environ[e]:
48 os.environ[e] = os.environ[e].replace(builddir + "/", newbuilddir + "/")
49 if os.environ[e].endswith(builddir):
48 os.environ[e] = os.environ[e].replace(builddir, newbuilddir) 50 os.environ[e] = os.environ[e].replace(builddir, newbuilddir)
49 51
50 os.chdir(newbuilddir) 52 os.chdir(newbuilddir)
diff --git a/meta/lib/oeqa/selftest/context.py b/meta/lib/oeqa/selftest/context.py
index c4eb5d614e..3d3b19c6e8 100644
--- a/meta/lib/oeqa/selftest/context.py
+++ b/meta/lib/oeqa/selftest/context.py
@@ -280,11 +280,15 @@ class OESelftestTestContextExecutor(OETestContextExecutor):
280 return rc 280 return rc
281 281
282 def _signal_clean_handler(self, signum, frame): 282 def _signal_clean_handler(self, signum, frame):
283 sys.exit(1) 283 if self.ourpid == os.getpid():
284 sys.exit(1)
284 285
285 def run(self, logger, args): 286 def run(self, logger, args):
286 self._process_args(logger, args) 287 self._process_args(logger, args)
287 288
289 # Setup a SIGTERM handler to allow restoration of files like local.conf and bblayers.conf
290 # but don't interfer with other processes
291 self.ourpid = os.getpid()
288 signal.signal(signal.SIGTERM, self._signal_clean_handler) 292 signal.signal(signal.SIGTERM, self._signal_clean_handler)
289 293
290 rc = None 294 rc = None
diff --git a/meta/lib/oeqa/targetcontrol.py b/meta/lib/oeqa/targetcontrol.py
index 1445e3ecfb..41557dc224 100644
--- a/meta/lib/oeqa/targetcontrol.py
+++ b/meta/lib/oeqa/targetcontrol.py
@@ -117,9 +117,9 @@ class QemuTarget(BaseTarget):
117 import oe.path 117 import oe.path
118 bb.utils.mkdirhier(self.testdir) 118 bb.utils.mkdirhier(self.testdir)
119 self.qemurunnerlog = os.path.join(self.testdir, 'qemurunner_log.%s' % self.datetime) 119 self.qemurunnerlog = os.path.join(self.testdir, 'qemurunner_log.%s' % self.datetime)
120 loggerhandler = logging.FileHandler(self.qemurunnerlog) 120 self.loggerhandler = logging.FileHandler(self.qemurunnerlog)
121 loggerhandler.setFormatter(logging.Formatter("%(levelname)s: %(message)s")) 121 self.loggerhandler.setFormatter(logging.Formatter("%(levelname)s: %(message)s"))
122 self.logger.addHandler(loggerhandler) 122 self.logger.addHandler(self.loggerhandler)
123 oe.path.symlink(os.path.basename(self.qemurunnerlog), os.path.join(self.testdir, 'qemurunner_log'), force=True) 123 oe.path.symlink(os.path.basename(self.qemurunnerlog), os.path.join(self.testdir, 'qemurunner_log'), force=True)
124 124
125 if d.getVar("DISTRO") == "poky-tiny": 125 if d.getVar("DISTRO") == "poky-tiny":
@@ -182,6 +182,7 @@ class QemuTarget(BaseTarget):
182 182
183 def stop(self): 183 def stop(self):
184 self.runner.stop() 184 self.runner.stop()
185 self.logger.removeHandler(self.loggerhandler)
185 self.connection = None 186 self.connection = None
186 self.ip = None 187 self.ip = None
187 self.server_ip = None 188 self.server_ip = None
diff --git a/meta/lib/oeqa/utils/qemurunner.py b/meta/lib/oeqa/utils/qemurunner.py
index fe8b77d97a..3db177b001 100644
--- a/meta/lib/oeqa/utils/qemurunner.py
+++ b/meta/lib/oeqa/utils/qemurunner.py
@@ -35,6 +35,7 @@ class QemuRunner:
35 35
36 # Popen object for runqemu 36 # Popen object for runqemu
37 self.runqemu = None 37 self.runqemu = None
38 self.runqemu_exited = False
38 # pid of the qemu process that runqemu will start 39 # pid of the qemu process that runqemu will start
39 self.qemupid = None 40 self.qemupid = None
40 # target ip - from the command line or runqemu output 41 # target ip - from the command line or runqemu output
@@ -102,7 +103,6 @@ class QemuRunner:
102 self.logger.debug("Output from runqemu:\n%s" % self.getOutput(self.runqemu.stdout)) 103 self.logger.debug("Output from runqemu:\n%s" % self.getOutput(self.runqemu.stdout))
103 self.stop() 104 self.stop()
104 self._dump_host() 105 self._dump_host()
105 raise SystemExit
106 106
107 def start(self, qemuparams = None, get_ip = True, extra_bootparams = None, runqemuparams='', launch_cmd=None, discard_writes=True): 107 def start(self, qemuparams = None, get_ip = True, extra_bootparams = None, runqemuparams='', launch_cmd=None, discard_writes=True):
108 env = os.environ.copy() 108 env = os.environ.copy()
@@ -206,6 +206,8 @@ class QemuRunner:
206 endtime = time.time() + self.runqemutime 206 endtime = time.time() + self.runqemutime
207 while not self.is_alive() and time.time() < endtime: 207 while not self.is_alive() and time.time() < endtime:
208 if self.runqemu.poll(): 208 if self.runqemu.poll():
209 if self.runqemu_exited:
210 return False
209 if self.runqemu.returncode: 211 if self.runqemu.returncode:
210 # No point waiting any longer 212 # No point waiting any longer
211 self.logger.warning('runqemu exited with code %d' % self.runqemu.returncode) 213 self.logger.warning('runqemu exited with code %d' % self.runqemu.returncode)
@@ -215,6 +217,9 @@ class QemuRunner:
215 return False 217 return False
216 time.sleep(0.5) 218 time.sleep(0.5)
217 219
220 if self.runqemu_exited:
221 return False
222
218 if not self.is_alive(): 223 if not self.is_alive():
219 self.logger.error("Qemu pid didn't appear in %s seconds (%s)" % 224 self.logger.error("Qemu pid didn't appear in %s seconds (%s)" %
220 (self.runqemutime, time.strftime("%D %H:%M:%S"))) 225 (self.runqemutime, time.strftime("%D %H:%M:%S")))
@@ -385,7 +390,7 @@ class QemuRunner:
385 os.killpg(os.getpgid(self.runqemu.pid), signal.SIGKILL) 390 os.killpg(os.getpgid(self.runqemu.pid), signal.SIGKILL)
386 self.runqemu.stdin.close() 391 self.runqemu.stdin.close()
387 self.runqemu.stdout.close() 392 self.runqemu.stdout.close()
388 self.runqemu = None 393 self.runqemu_exited = True
389 394
390 if hasattr(self, 'server_socket') and self.server_socket: 395 if hasattr(self, 'server_socket') and self.server_socket:
391 self.server_socket.close() 396 self.server_socket.close()
@@ -396,7 +401,10 @@ class QemuRunner:
396 self.qemupid = None 401 self.qemupid = None
397 self.ip = None 402 self.ip = None
398 if os.path.exists(self.qemu_pidfile): 403 if os.path.exists(self.qemu_pidfile):
399 os.remove(self.qemu_pidfile) 404 try:
405 os.remove(self.qemu_pidfile)
406 except FileNotFoundError as e:
407 self.logger.warning('qemu pidfile is no longer present')
400 if self.monitorpipe: 408 if self.monitorpipe:
401 self.monitorpipe.close() 409 self.monitorpipe.close()
402 410
@@ -422,7 +430,7 @@ class QemuRunner:
422 return False 430 return False
423 431
424 def is_alive(self): 432 def is_alive(self):
425 if not self.runqemu or self.runqemu.poll() is not None: 433 if not self.runqemu or self.runqemu.poll() is not None or self.runqemu_exited:
426 return False 434 return False
427 if os.path.isfile(self.qemu_pidfile): 435 if os.path.isfile(self.qemu_pidfile):
428 # when handling pidfile, qemu creates the file, stat it, lock it and then write to it 436 # when handling pidfile, qemu creates the file, stat it, lock it and then write to it
diff --git a/meta/recipes-bsp/u-boot/u-boot-tools.inc b/meta/recipes-bsp/u-boot/u-boot-tools.inc
new file mode 100644
index 0000000000..35894e1a8f
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/u-boot-tools.inc
@@ -0,0 +1,65 @@
1SUMMARY = "U-Boot bootloader tools"
2DEPENDS += "openssl"
3
4PROVIDES = "${MLPREFIX}u-boot-mkimage ${MLPREFIX}u-boot-mkenvimage"
5PROVIDES_class-native = "u-boot-mkimage-native u-boot-mkenvimage-native"
6
7PACKAGES += "${PN}-mkimage ${PN}-mkenvimage"
8
9# Required for backward compatibility with "u-boot-mkimage-xxx.bb"
10RPROVIDES_${PN}-mkimage = "u-boot-mkimage"
11RREPLACES_${PN}-mkimage = "u-boot-mkimage"
12RCONFLICTS_${PN}-mkimage = "u-boot-mkimage"
13
14EXTRA_OEMAKE_class-target = 'CROSS_COMPILE="${TARGET_PREFIX}" CC="${CC} ${CFLAGS} ${LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1'
15EXTRA_OEMAKE_class-native = 'CC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1'
16EXTRA_OEMAKE_class-nativesdk = 'CROSS_COMPILE="${HOST_PREFIX}" CC="${CC} ${CFLAGS} ${LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1'
17
18SED_CONFIG_EFI = '-e "s/CONFIG_EFI_LOADER=.*/# CONFIG_EFI_LOADER is not set/"'
19SED_CONFIG_EFI_x86 = ''
20SED_CONFIG_EFI_x86-64 = ''
21SED_CONFIG_EFI_arm = ''
22SED_CONFIG_EFI_armeb = ''
23SED_CONFIG_EFI_aarch64 = ''
24
25do_compile () {
26 oe_runmake sandbox_defconfig
27
28 # Disable CONFIG_CMD_LICENSE, license.h is not used by tools and
29 # generating it requires bin2header tool, which for target build
30 # is built with target tools and thus cannot be executed on host.
31 sed -i -e "s/CONFIG_CMD_LICENSE=.*/# CONFIG_CMD_LICENSE is not set/" ${SED_CONFIG_EFI} .config
32
33 oe_runmake cross_tools NO_SDL=1
34}
35
36do_install () {
37 install -d ${D}${bindir}
38
39 # mkimage
40 install -m 0755 tools/mkimage ${D}${bindir}/uboot-mkimage
41 ln -sf uboot-mkimage ${D}${bindir}/mkimage
42
43 # mkenvimage
44 install -m 0755 tools/mkenvimage ${D}${bindir}/uboot-mkenvimage
45 ln -sf uboot-mkenvimage ${D}${bindir}/mkenvimage
46
47 # dumpimage
48 install -m 0755 tools/dumpimage ${D}${bindir}/uboot-dumpimage
49 ln -sf uboot-dumpimage ${D}${bindir}/dumpimage
50
51 # fit_check_sign
52 install -m 0755 tools/fit_check_sign ${D}${bindir}/uboot-fit_check_sign
53 ln -sf uboot-fit_check_sign ${D}${bindir}/fit_check_sign
54}
55
56ALLOW_EMPTY_${PN} = "1"
57FILES_${PN} = ""
58FILES_${PN}-mkimage = "${bindir}/uboot-mkimage ${bindir}/mkimage ${bindir}/uboot-dumpimage ${bindir}/dumpimage ${bindir}/uboot-fit_check_sign ${bindir}/fit_check_sign"
59FILES_${PN}-mkenvimage = "${bindir}/uboot-mkenvimage ${bindir}/mkenvimage"
60
61RDEPENDS_${PN}-mkimage += "dtc"
62RDEPENDS_${PN} += "${PN}-mkimage ${PN}-mkenvimage"
63RDEPENDS_${PN}_class-native = ""
64
65BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-bsp/u-boot/u-boot-tools_2019.07.bb b/meta/recipes-bsp/u-boot/u-boot-tools_2019.07.bb
index bede984ef7..7eaf721ca8 100644
--- a/meta/recipes-bsp/u-boot/u-boot-tools_2019.07.bb
+++ b/meta/recipes-bsp/u-boot/u-boot-tools_2019.07.bb
@@ -1,67 +1,2 @@
1require u-boot-common.inc 1require u-boot-common.inc
2 2require u-boot-tools.inc
3SUMMARY = "U-Boot bootloader tools"
4DEPENDS += "openssl"
5
6PROVIDES = "${MLPREFIX}u-boot-mkimage ${MLPREFIX}u-boot-mkenvimage"
7PROVIDES_class-native = "u-boot-mkimage-native u-boot-mkenvimage-native"
8
9PACKAGES += "${PN}-mkimage ${PN}-mkenvimage"
10
11# Required for backward compatibility with "u-boot-mkimage-xxx.bb"
12RPROVIDES_${PN}-mkimage = "u-boot-mkimage"
13RREPLACES_${PN}-mkimage = "u-boot-mkimage"
14RCONFLICTS_${PN}-mkimage = "u-boot-mkimage"
15
16EXTRA_OEMAKE_class-target = 'CROSS_COMPILE="${TARGET_PREFIX}" CC="${CC} ${CFLAGS} ${LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1'
17EXTRA_OEMAKE_class-native = 'CC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1'
18EXTRA_OEMAKE_class-nativesdk = 'CROSS_COMPILE="${HOST_PREFIX}" CC="${CC} ${CFLAGS} ${LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1'
19
20SED_CONFIG_EFI = '-e "s/CONFIG_EFI_LOADER=.*/# CONFIG_EFI_LOADER is not set/"'
21SED_CONFIG_EFI_x86 = ''
22SED_CONFIG_EFI_x86-64 = ''
23SED_CONFIG_EFI_arm = ''
24SED_CONFIG_EFI_armeb = ''
25SED_CONFIG_EFI_aarch64 = ''
26
27do_compile () {
28 oe_runmake sandbox_defconfig
29
30 # Disable CONFIG_CMD_LICENSE, license.h is not used by tools and
31 # generating it requires bin2header tool, which for target build
32 # is built with target tools and thus cannot be executed on host.
33 sed -i -e "s/CONFIG_CMD_LICENSE=.*/# CONFIG_CMD_LICENSE is not set/" ${SED_CONFIG_EFI} .config
34
35 oe_runmake cross_tools NO_SDL=1
36}
37
38do_install () {
39 install -d ${D}${bindir}
40
41 # mkimage
42 install -m 0755 tools/mkimage ${D}${bindir}/uboot-mkimage
43 ln -sf uboot-mkimage ${D}${bindir}/mkimage
44
45 # mkenvimage
46 install -m 0755 tools/mkenvimage ${D}${bindir}/uboot-mkenvimage
47 ln -sf uboot-mkenvimage ${D}${bindir}/mkenvimage
48
49 # dumpimage
50 install -m 0755 tools/dumpimage ${D}${bindir}/uboot-dumpimage
51 ln -sf uboot-dumpimage ${D}${bindir}/dumpimage
52
53 # fit_check_sign
54 install -m 0755 tools/fit_check_sign ${D}${bindir}/uboot-fit_check_sign
55 ln -sf uboot-fit_check_sign ${D}${bindir}/fit_check_sign
56}
57
58ALLOW_EMPTY_${PN} = "1"
59FILES_${PN} = ""
60FILES_${PN}-mkimage = "${bindir}/uboot-mkimage ${bindir}/mkimage ${bindir}/uboot-dumpimage ${bindir}/dumpimage ${bindir}/uboot-fit_check_sign ${bindir}/fit_check_sign"
61FILES_${PN}-mkenvimage = "${bindir}/uboot-mkenvimage ${bindir}/mkenvimage"
62
63RDEPENDS_${PN}-mkimage += "dtc"
64RDEPENDS_${PN} += "${PN}-mkimage ${PN}-mkenvimage"
65RDEPENDS_${PN}_class-native = ""
66
67BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-connectivity/avahi/avahi.inc b/meta/recipes-connectivity/avahi/avahi.inc
index 94fe6a16b6..6acedb5412 100644
--- a/meta/recipes-connectivity/avahi/avahi.inc
+++ b/meta/recipes-connectivity/avahi/avahi.inc
@@ -77,6 +77,11 @@ do_install() {
77 rm -rf ${D}${datadir}/dbus-1/interfaces 77 rm -rf ${D}${datadir}/dbus-1/interfaces
78 test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 78 test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1
79 rm -rf ${D}${libdir}/avahi 79 rm -rf ${D}${libdir}/avahi
80
81 # Move example service files out of /etc/avahi/services so we don't
82 # advertise ssh & sftp-ssh by default
83 install -d ${D}${docdir}/avahi
84 mv ${D}${sysconfdir}/avahi/services/* ${D}${docdir}/avahi
80} 85}
81 86
82PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}" 87PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}"
diff --git a/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch b/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch
deleted file mode 100644
index 2fed99e1bb..0000000000
--- a/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch
+++ /dev/null
@@ -1,64 +0,0 @@
1Backport patch to fix CVE-2019-6471.
2
3Ref:
4https://security-tracker.debian.org/tracker/CVE-2019-6471
5
6CVE: CVE-2019-6471
7Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/3a9c7bb]
8
9Signed-off-by: Kai Kang <kai.kang@windriver.com>
10
11From 3a9c7bb80d4a609b86427406d9dd783199920b5b Mon Sep 17 00:00:00 2001
12From: Mark Andrews <marka@isc.org>
13Date: Tue, 19 Mar 2019 14:14:21 +1100
14Subject: [PATCH] move item_out test inside lock in dns_dispatch_getnext()
15
16(cherry picked from commit 60c42f849d520564ed42e5ed0ba46b4b69c07712)
17---
18 lib/dns/dispatch.c | 12 ++++++++----
19 1 file changed, 8 insertions(+), 4 deletions(-)
20
21diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
22index 408beda367..3278db4a07 100644
23--- a/lib/dns/dispatch.c
24+++ b/lib/dns/dispatch.c
25@@ -134,7 +134,7 @@ struct dns_dispentry {
26 isc_task_t *task;
27 isc_taskaction_t action;
28 void *arg;
29- bool item_out;
30+ bool item_out;
31 dispsocket_t *dispsocket;
32 ISC_LIST(dns_dispatchevent_t) items;
33 ISC_LINK(dns_dispentry_t) link;
34@@ -3422,13 +3422,14 @@ dns_dispatch_getnext(dns_dispentry_t *resp, dns_dispatchevent_t **sockevent) {
35 disp = resp->disp;
36 REQUIRE(VALID_DISPATCH(disp));
37
38- REQUIRE(resp->item_out == true);
39- resp->item_out = false;
40-
41 ev = *sockevent;
42 *sockevent = NULL;
43
44 LOCK(&disp->lock);
45+
46+ REQUIRE(resp->item_out == true);
47+ resp->item_out = false;
48+
49 if (ev->buffer.base != NULL)
50 free_buffer(disp, ev->buffer.base, ev->buffer.length);
51 free_devent(disp, ev);
52@@ -3573,6 +3574,9 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp,
53 isc_task_send(disp->task[0], &disp->ctlevent);
54 }
55
56+/*
57+ * disp must be locked.
58+ */
59 static void
60 do_cancel(dns_dispatch_t *disp) {
61 dns_dispatchevent_t *ev;
62--
632.20.1
64
diff --git a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch b/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
index 871bb2a5f6..9d31b98080 100644
--- a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
+++ b/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
@@ -1,4 +1,4 @@
1From 950867d9fd3f690e271c8c807b6eed144b2935b2 Mon Sep 17 00:00:00 2001 1From 2325a92f1896a2a7f586611686801b41fbc91b50 Mon Sep 17 00:00:00 2001
2From: Hongxu Jia <hongxu.jia@windriver.com> 2From: Hongxu Jia <hongxu.jia@windriver.com>
3Date: Mon, 27 Aug 2018 15:00:51 +0800 3Date: Mon, 27 Aug 2018 15:00:51 +0800
4Subject: [PATCH] configure.in: remove useless `-L$use_openssl/lib' 4Subject: [PATCH] configure.in: remove useless `-L$use_openssl/lib'
@@ -10,15 +10,16 @@ and helpful for clean up host build path in isc-config.sh
10Upstream-Status: Inappropriate [oe-core specific] 10Upstream-Status: Inappropriate [oe-core specific]
11 11
12Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> 12Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
13
13--- 14---
14 configure.in | 2 +- 15 configure.ac | 2 +-
15 1 file changed, 1 insertion(+), 1 deletion(-) 16 1 file changed, 1 insertion(+), 1 deletion(-)
16 17
17diff --git a/configure.in b/configure.in 18diff --git a/configure.ac b/configure.ac
18index 54efc55..76ac0eb 100644 19index e85a5c6..2bbfc58 100644
19--- a/configure.in 20--- a/configure.ac
20+++ b/configure.in 21+++ b/configure.ac
21@@ -1691,7 +1691,7 @@ If you don't want OpenSSL, use --without-openssl]) 22@@ -1631,7 +1631,7 @@ If you don't want OpenSSL, use --without-openssl])
22 fi 23 fi
23 ;; 24 ;;
24 *) 25 *)
@@ -27,6 +28,3 @@ index 54efc55..76ac0eb 100644
27 ;; 28 ;;
28 esac 29 esac
29 fi 30 fi
30--
312.7.4
32
diff --git a/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch b/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch
deleted file mode 100644
index 48ae125f84..0000000000
--- a/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch
+++ /dev/null
@@ -1,60 +0,0 @@
1Backport patch to fix CVE-2018-5743.
2
3Ref:
4https://security-tracker.debian.org/tracker/CVE-2018-5743
5
6CVE: CVE-2018-5743
7Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/ec2d50d]
8
9Signed-off-by: Kai Kang <kai.kang@windriver.com>
10
11From ec2d50da8d81814640e28593d912f4b96c7efece Mon Sep 17 00:00:00 2001
12From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org>
13Date: Thu, 3 Jan 2019 14:17:43 +0100
14Subject: [PATCH 1/6] fix enforcement of tcp-clients (v1)
15
16tcp-clients settings could be exceeded in some cases by
17creating more and more active TCP clients that are over
18the set quota limit, which in the end could lead to a
19DoS attack by e.g. exhaustion of file descriptors.
20
21If TCP client we're closing went over the quota (so it's
22not attached to a quota) mark it as mortal - so that it
23will be destroyed and not set up to listen for new
24connections - unless it's the last client for a specific
25interface.
26
27(cherry picked from commit f97131d21b97381cef72b971b157345c1f9b4115)
28(cherry picked from commit 9689ffc485df8f971f0ad81ab8ab1f5389493776)
29---
30 bin/named/client.c | 13 ++++++++++++-
31 1 file changed, 12 insertions(+), 1 deletion(-)
32
33diff --git a/bin/named/client.c b/bin/named/client.c
34index d482da7121..0739dd48af 100644
35--- a/bin/named/client.c
36+++ b/bin/named/client.c
37@@ -421,8 +421,19 @@ exit_check(ns_client_t *client) {
38 isc_socket_detach(&client->tcpsocket);
39 }
40
41- if (client->tcpquota != NULL)
42+ if (client->tcpquota != NULL) {
43 isc_quota_detach(&client->tcpquota);
44+ } else {
45+ /*
46+ * We went over quota with this client, we don't
47+ * want to restart listening unless this is the
48+ * last client on this interface, which is
49+ * checked later.
50+ */
51+ if (TCP_CLIENT(client)) {
52+ client->mortal = true;
53+ }
54+ }
55
56 if (client->timerset) {
57 (void)isc_timer_reset(client->timer,
58--
592.20.1
60
diff --git a/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch b/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch
deleted file mode 100644
index a8d601dcaa..0000000000
--- a/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch
+++ /dev/null
@@ -1,22 +0,0 @@
1Upstream-Status: Pending
2
3Subject: gen.c: extend DIRNAMESIZE from 256 to 512
4
5Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
6---
7 lib/dns/gen.c | 2 +-
8 1 file changed, 1 insertion(+), 1 deletion(-)
9
10Index: bind-9.11.3/lib/dns/gen.c
11===================================================================
12--- bind-9.11.3.orig/lib/dns/gen.c
13+++ bind-9.11.3/lib/dns/gen.c
14@@ -130,7 +130,7 @@ static const char copyright[] =
15 #define TYPECLASSBUF (TYPECLASSLEN + 1)
16 #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d"
17 #define ATTRIBUTESIZE 256
18-#define DIRNAMESIZE 256
19+#define DIRNAMESIZE 512
20
21 static struct cc {
22 struct cc *next;
diff --git a/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch b/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch
deleted file mode 100644
index 01874a4407..0000000000
--- a/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch
+++ /dev/null
@@ -1,31 +0,0 @@
1From 5bc3167a8b714ec0c4a3f1c7f3b9411296ec0a23 Mon Sep 17 00:00:00 2001
2From: Robert Yang <liezhi.yang@windriver.com>
3Date: Wed, 16 Sep 2015 20:23:47 -0700
4Subject: [PATCH] lib/dns/gen.c: fix too long error
5
6The 512 is a little short when build in deep dir, and cause "too long"
7error, use PATH_MAX if defined.
8
9Upstream-Status: Pending
10
11Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
12---
13 lib/dns/gen.c | 4 ++++
14 1 file changed, 4 insertions(+)
15
16Index: bind-9.11.3/lib/dns/gen.c
17===================================================================
18--- bind-9.11.3.orig/lib/dns/gen.c
19+++ bind-9.11.3/lib/dns/gen.c
20@@ -130,7 +130,11 @@ static const char copyright[] =
21 #define TYPECLASSBUF (TYPECLASSLEN + 1)
22 #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d"
23 #define ATTRIBUTESIZE 256
24+#ifdef PATH_MAX
25+#define DIRNAMESIZE PATH_MAX
26+#else
27 #define DIRNAMESIZE 512
28+#endif
29
30 static struct cc {
31 struct cc *next;
diff --git a/meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch b/meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch
deleted file mode 100644
index ca4e8b1a66..0000000000
--- a/meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch
+++ /dev/null
@@ -1,670 +0,0 @@
1Backport patch to fix CVE-2018-5743.
2
3Ref:
4https://security-tracker.debian.org/tracker/CVE-2018-5743
5
6CVE: CVE-2018-5743
7Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/719f604]
8
9Signed-off-by: Kai Kang <kai.kang@windriver.com>
10
11From 719f604e3fad5b7479bd14e2fa0ef4413f0a8fdc Mon Sep 17 00:00:00 2001
12From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org>
13Date: Fri, 4 Jan 2019 12:50:51 +0100
14Subject: [PATCH 2/6] tcp-clients could still be exceeded (v2)
15
16the TCP client quota could still be ineffective under some
17circumstances. this change:
18
19- improves quota accounting to ensure that TCP clients are
20 properly limited, while still guaranteeing that at least one client
21 is always available to serve TCP connections on each interface.
22- uses more descriptive names and removes one (ntcptarget) that
23 was no longer needed
24- adds comments
25
26(cherry picked from commit 924651f1d5e605cd186d03f4f7340bcc54d77cc2)
27(cherry picked from commit 55a7a458e30e47874d34bdf1079eb863a0512396)
28---
29 bin/named/client.c | 311 ++++++++++++++++++++-----
30 bin/named/include/named/client.h | 14 +-
31 bin/named/include/named/interfacemgr.h | 11 +-
32 bin/named/interfacemgr.c | 8 +-
33 4 files changed, 267 insertions(+), 77 deletions(-)
34
35diff --git a/bin/named/client.c b/bin/named/client.c
36index 0739dd48af..a7b49a0f71 100644
37--- a/bin/named/client.c
38+++ b/bin/named/client.c
39@@ -246,10 +246,11 @@ static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
40 static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
41 dns_dispatch_t *disp, bool tcp);
42 static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp,
43- isc_socket_t *sock);
44+ isc_socket_t *sock, ns_client_t *oldclient);
45 static inline bool
46-allowed(isc_netaddr_t *addr, dns_name_t *signer, isc_netaddr_t *ecs_addr,
47- uint8_t ecs_addrlen, uint8_t *ecs_scope, dns_acl_t *acl);
48+allowed(isc_netaddr_t *addr, dns_name_t *signer,
49+ isc_netaddr_t *ecs_addr, uint8_t ecs_addrlen,
50+ uint8_t *ecs_scope, dns_acl_t *acl)
51 static void compute_cookie(ns_client_t *client, uint32_t when,
52 uint32_t nonce, const unsigned char *secret,
53 isc_buffer_t *buf);
54@@ -405,8 +406,11 @@ exit_check(ns_client_t *client) {
55 */
56 INSIST(client->recursionquota == NULL);
57 INSIST(client->newstate <= NS_CLIENTSTATE_READY);
58- if (client->nreads > 0)
59+
60+ if (client->nreads > 0) {
61 dns_tcpmsg_cancelread(&client->tcpmsg);
62+ }
63+
64 if (client->nreads != 0) {
65 /* Still waiting for read cancel completion. */
66 return (true);
67@@ -416,25 +420,58 @@ exit_check(ns_client_t *client) {
68 dns_tcpmsg_invalidate(&client->tcpmsg);
69 client->tcpmsg_valid = false;
70 }
71+
72 if (client->tcpsocket != NULL) {
73 CTRACE("closetcp");
74 isc_socket_detach(&client->tcpsocket);
75+
76+ if (client->tcpactive) {
77+ LOCK(&client->interface->lock);
78+ INSIST(client->interface->ntcpactive > 0);
79+ client->interface->ntcpactive--;
80+ UNLOCK(&client->interface->lock);
81+ client->tcpactive = false;
82+ }
83 }
84
85 if (client->tcpquota != NULL) {
86- isc_quota_detach(&client->tcpquota);
87- } else {
88 /*
89- * We went over quota with this client, we don't
90- * want to restart listening unless this is the
91- * last client on this interface, which is
92- * checked later.
93+ * If we are not in a pipeline group, or
94+ * we are the last client in the group, detach from
95+ * tcpquota; otherwise, transfer the quota to
96+ * another client in the same group.
97 */
98- if (TCP_CLIENT(client)) {
99- client->mortal = true;
100+ if (!ISC_LINK_LINKED(client, glink) ||
101+ (client->glink.next == NULL &&
102+ client->glink.prev == NULL))
103+ {
104+ isc_quota_detach(&client->tcpquota);
105+ } else if (client->glink.next != NULL) {
106+ INSIST(client->glink.next->tcpquota == NULL);
107+ client->glink.next->tcpquota = client->tcpquota;
108+ client->tcpquota = NULL;
109+ } else {
110+ INSIST(client->glink.prev->tcpquota == NULL);
111+ client->glink.prev->tcpquota = client->tcpquota;
112+ client->tcpquota = NULL;
113 }
114 }
115
116+ /*
117+ * Unlink from pipeline group.
118+ */
119+ if (ISC_LINK_LINKED(client, glink)) {
120+ if (client->glink.next != NULL) {
121+ client->glink.next->glink.prev =
122+ client->glink.prev;
123+ }
124+ if (client->glink.prev != NULL) {
125+ client->glink.prev->glink.next =
126+ client->glink.next;
127+ }
128+ ISC_LINK_INIT(client, glink);
129+ }
130+
131 if (client->timerset) {
132 (void)isc_timer_reset(client->timer,
133 isc_timertype_inactive,
134@@ -455,15 +492,16 @@ exit_check(ns_client_t *client) {
135 * that already. Check whether this client needs to remain
136 * active and force it to go inactive if not.
137 *
138- * UDP clients go inactive at this point, but TCP clients
139- * may remain active if we have fewer active TCP client
140- * objects than desired due to an earlier quota exhaustion.
141+ * UDP clients go inactive at this point, but a TCP client
142+ * will needs to remain active if no other clients are
143+ * listening for TCP requests on this interface, to
144+ * prevent this interface from going nonresponsive.
145 */
146 if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) {
147 LOCK(&client->interface->lock);
148- if (client->interface->ntcpcurrent <
149- client->interface->ntcptarget)
150+ if (client->interface->ntcpaccepting == 0) {
151 client->mortal = false;
152+ }
153 UNLOCK(&client->interface->lock);
154 }
155
156@@ -472,15 +510,17 @@ exit_check(ns_client_t *client) {
157 * queue for recycling.
158 */
159 if (client->mortal) {
160- if (client->newstate > NS_CLIENTSTATE_INACTIVE)
161+ if (client->newstate > NS_CLIENTSTATE_INACTIVE) {
162 client->newstate = NS_CLIENTSTATE_INACTIVE;
163+ }
164 }
165
166 if (NS_CLIENTSTATE_READY == client->newstate) {
167 if (TCP_CLIENT(client)) {
168 client_accept(client);
169- } else
170+ } else {
171 client_udprecv(client);
172+ }
173 client->newstate = NS_CLIENTSTATE_MAX;
174 return (true);
175 }
176@@ -492,41 +532,57 @@ exit_check(ns_client_t *client) {
177 /*
178 * We are trying to enter the inactive state.
179 */
180- if (client->naccepts > 0)
181+ if (client->naccepts > 0) {
182 isc_socket_cancel(client->tcplistener, client->task,
183 ISC_SOCKCANCEL_ACCEPT);
184+ }
185
186 /* Still waiting for accept cancel completion. */
187- if (! (client->naccepts == 0))
188+ if (! (client->naccepts == 0)) {
189 return (true);
190+ }
191
192 /* Accept cancel is complete. */
193- if (client->nrecvs > 0)
194+ if (client->nrecvs > 0) {
195 isc_socket_cancel(client->udpsocket, client->task,
196 ISC_SOCKCANCEL_RECV);
197+ }
198
199 /* Still waiting for recv cancel completion. */
200- if (! (client->nrecvs == 0))
201+ if (! (client->nrecvs == 0)) {
202 return (true);
203+ }
204
205 /* Still waiting for control event to be delivered */
206- if (client->nctls > 0)
207+ if (client->nctls > 0) {
208 return (true);
209-
210- /* Deactivate the client. */
211- if (client->interface)
212- ns_interface_detach(&client->interface);
213+ }
214
215 INSIST(client->naccepts == 0);
216 INSIST(client->recursionquota == NULL);
217- if (client->tcplistener != NULL)
218+ if (client->tcplistener != NULL) {
219 isc_socket_detach(&client->tcplistener);
220
221- if (client->udpsocket != NULL)
222+ if (client->tcpactive) {
223+ LOCK(&client->interface->lock);
224+ INSIST(client->interface->ntcpactive > 0);
225+ client->interface->ntcpactive--;
226+ UNLOCK(&client->interface->lock);
227+ client->tcpactive = false;
228+ }
229+ }
230+ if (client->udpsocket != NULL) {
231 isc_socket_detach(&client->udpsocket);
232+ }
233
234- if (client->dispatch != NULL)
235+ /* Deactivate the client. */
236+ if (client->interface != NULL) {
237+ ns_interface_detach(&client->interface);
238+ }
239+
240+ if (client->dispatch != NULL) {
241 dns_dispatch_detach(&client->dispatch);
242+ }
243
244 client->attributes = 0;
245 client->mortal = false;
246@@ -551,10 +607,13 @@ exit_check(ns_client_t *client) {
247 client->newstate = NS_CLIENTSTATE_MAX;
248 if (!ns_g_clienttest && manager != NULL &&
249 !manager->exiting)
250+ {
251 ISC_QUEUE_PUSH(manager->inactive, client,
252 ilink);
253- if (client->needshutdown)
254+ }
255+ if (client->needshutdown) {
256 isc_task_shutdown(client->task);
257+ }
258 return (true);
259 }
260 }
261@@ -675,7 +734,6 @@ client_start(isc_task_t *task, isc_event_t *event) {
262 }
263 }
264
265-
266 /*%
267 * The client's task has received a shutdown event.
268 */
269@@ -2507,17 +2565,12 @@ client_request(isc_task_t *task, isc_event_t *event) {
270 /*
271 * Pipeline TCP query processing.
272 */
273- if (client->message->opcode != dns_opcode_query)
274+ if (client->message->opcode != dns_opcode_query) {
275 client->pipelined = false;
276+ }
277 if (TCP_CLIENT(client) && client->pipelined) {
278- result = isc_quota_reserve(&ns_g_server->tcpquota);
279- if (result == ISC_R_SUCCESS)
280- result = ns_client_replace(client);
281+ result = ns_client_replace(client);
282 if (result != ISC_R_SUCCESS) {
283- ns_client_log(client, NS_LOGCATEGORY_CLIENT,
284- NS_LOGMODULE_CLIENT, ISC_LOG_WARNING,
285- "no more TCP clients(read): %s",
286- isc_result_totext(result));
287 client->pipelined = false;
288 }
289 }
290@@ -3087,6 +3140,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
291 client->filter_aaaa = dns_aaaa_ok;
292 #endif
293 client->needshutdown = ns_g_clienttest;
294+ client->tcpactive = false;
295
296 ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL,
297 NS_EVENT_CLIENTCONTROL, client_start, client, client,
298@@ -3100,6 +3154,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
299 client->formerrcache.id = 0;
300 ISC_LINK_INIT(client, link);
301 ISC_LINK_INIT(client, rlink);
302+ ISC_LINK_INIT(client, glink);
303 ISC_QLINK_INIT(client, ilink);
304 client->keytag = NULL;
305 client->keytag_len = 0;
306@@ -3193,12 +3248,19 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
307
308 INSIST(client->state == NS_CLIENTSTATE_READY);
309
310+ /*
311+ * The accept() was successful and we're now establishing a new
312+ * connection. We need to make note of it in the client and
313+ * interface objects so client objects can do the right thing
314+ * when going inactive in exit_check() (see comments in
315+ * client_accept() for details).
316+ */
317 INSIST(client->naccepts == 1);
318 client->naccepts--;
319
320 LOCK(&client->interface->lock);
321- INSIST(client->interface->ntcpcurrent > 0);
322- client->interface->ntcpcurrent--;
323+ INSIST(client->interface->ntcpaccepting > 0);
324+ client->interface->ntcpaccepting--;
325 UNLOCK(&client->interface->lock);
326
327 /*
328@@ -3232,6 +3294,9 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
329 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
330 "accept failed: %s",
331 isc_result_totext(nevent->result));
332+ if (client->tcpquota != NULL) {
333+ isc_quota_detach(&client->tcpquota);
334+ }
335 }
336
337 if (exit_check(client))
338@@ -3270,18 +3335,12 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
339 * deny service to legitimate TCP clients.
340 */
341 client->pipelined = false;
342- result = isc_quota_attach(&ns_g_server->tcpquota,
343- &client->tcpquota);
344- if (result == ISC_R_SUCCESS)
345- result = ns_client_replace(client);
346- if (result != ISC_R_SUCCESS) {
347- ns_client_log(client, NS_LOGCATEGORY_CLIENT,
348- NS_LOGMODULE_CLIENT, ISC_LOG_WARNING,
349- "no more TCP clients(accept): %s",
350- isc_result_totext(result));
351- } else if (ns_g_server->keepresporder == NULL ||
352- !allowed(&netaddr, NULL, NULL, 0, NULL,
353- ns_g_server->keepresporder)) {
354+ result = ns_client_replace(client);
355+ if (result == ISC_R_SUCCESS &&
356+ (client->sctx->keepresporder == NULL ||
357+ !allowed(&netaddr, NULL, NULL, 0, NULL,
358+ ns_g_server->keepresporder)))
359+ {
360 client->pipelined = true;
361 }
362
363@@ -3298,12 +3357,80 @@ client_accept(ns_client_t *client) {
364
365 CTRACE("accept");
366
367+ /*
368+ * The tcpquota object can only be simultaneously referenced a
369+ * pre-defined number of times; this is configured by 'tcp-clients'
370+ * in named.conf. If we can't attach to it here, that means the TCP
371+ * client quota has been exceeded.
372+ */
373+ result = isc_quota_attach(&client->sctx->tcpquota,
374+ &client->tcpquota);
375+ if (result != ISC_R_SUCCESS) {
376+ bool exit;
377+
378+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
379+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
380+ "no more TCP clients: %s",
381+ isc_result_totext(result));
382+
383+ /*
384+ * We have exceeded the system-wide TCP client
385+ * quota. But, we can't just block this accept
386+ * in all cases, because if we did, a heavy TCP
387+ * load on other interfaces might cause this
388+ * interface to be starved, with no clients able
389+ * to accept new connections.
390+ *
391+ * So, we check here to see if any other client
392+ * is already servicing TCP queries on this
393+ * interface (whether accepting, reading, or
394+ * processing).
395+ *
396+ * If so, then it's okay *not* to call
397+ * accept - we can let this client to go inactive
398+ * and the other one handle the next connection
399+ * when it's ready.
400+ *
401+ * But if not, then we need to be a little bit
402+ * flexible about the quota. We allow *one* extra
403+ * TCP client through, to ensure we're listening on
404+ * every interface.
405+ *
406+ * (Note: In practice this means that the *real*
407+ * TCP client quota is tcp-clients plus the number
408+ * of interfaces.)
409+ */
410+ LOCK(&client->interface->lock);
411+ exit = (client->interface->ntcpactive > 0);
412+ UNLOCK(&client->interface->lock);
413+
414+ if (exit) {
415+ client->newstate = NS_CLIENTSTATE_INACTIVE;
416+ (void)exit_check(client);
417+ return;
418+ }
419+ }
420+
421+ /*
422+ * By incrementing the interface's ntcpactive counter we signal
423+ * that there is at least one client servicing TCP queries for the
424+ * interface.
425+ *
426+ * We also make note of the fact in the client itself with the
427+ * tcpactive flag. This ensures proper accounting by preventing
428+ * us from accidentally incrementing or decrementing ntcpactive
429+ * more than once per client object.
430+ */
431+ if (!client->tcpactive) {
432+ LOCK(&client->interface->lock);
433+ client->interface->ntcpactive++;
434+ UNLOCK(&client->interface->lock);
435+ client->tcpactive = true;
436+ }
437+
438 result = isc_socket_accept(client->tcplistener, client->task,
439 client_newconn, client);
440 if (result != ISC_R_SUCCESS) {
441- UNEXPECTED_ERROR(__FILE__, __LINE__,
442- "isc_socket_accept() failed: %s",
443- isc_result_totext(result));
444 /*
445 * XXXRTH What should we do? We're trying to accept but
446 * it didn't work. If we just give up, then TCP
447@@ -3311,12 +3438,39 @@ client_accept(ns_client_t *client) {
448 *
449 * For now, we just go idle.
450 */
451+ UNEXPECTED_ERROR(__FILE__, __LINE__,
452+ "isc_socket_accept() failed: %s",
453+ isc_result_totext(result));
454+ if (client->tcpquota != NULL) {
455+ isc_quota_detach(&client->tcpquota);
456+ }
457 return;
458 }
459+
460+ /*
461+ * The client's 'naccepts' counter indicates that this client has
462+ * called accept() and is waiting for a new connection. It should
463+ * never exceed 1.
464+ */
465 INSIST(client->naccepts == 0);
466 client->naccepts++;
467+
468+ /*
469+ * The interface's 'ntcpaccepting' counter is incremented when
470+ * any client calls accept(), and decremented in client_newconn()
471+ * once the connection is established.
472+ *
473+ * When the client object is shutting down after handling a TCP
474+ * request (see exit_check()), it looks to see whether this value is
475+ * non-zero. If so, that means another client has already called
476+ * accept() and is waiting to establish the next connection, which
477+ * means the first client is free to go inactive. Otherwise,
478+ * the first client must come back and call accept() again; this
479+ * guarantees there will always be at least one client listening
480+ * for new TCP connections on each interface.
481+ */
482 LOCK(&client->interface->lock);
483- client->interface->ntcpcurrent++;
484+ client->interface->ntcpaccepting++;
485 UNLOCK(&client->interface->lock);
486 }
487
488@@ -3390,13 +3544,14 @@ ns_client_replace(ns_client_t *client) {
489 tcp = TCP_CLIENT(client);
490 if (tcp && client->pipelined) {
491 result = get_worker(client->manager, client->interface,
492- client->tcpsocket);
493+ client->tcpsocket, client);
494 } else {
495 result = get_client(client->manager, client->interface,
496 client->dispatch, tcp);
497 }
498- if (result != ISC_R_SUCCESS)
499+ if (result != ISC_R_SUCCESS) {
500 return (result);
501+ }
502
503 /*
504 * The responsibility for listening for new requests is hereby
505@@ -3585,6 +3740,7 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
506 client->attributes |= NS_CLIENTATTR_TCP;
507 isc_socket_attach(ifp->tcpsocket,
508 &client->tcplistener);
509+
510 } else {
511 isc_socket_t *sock;
512
513@@ -3602,7 +3758,8 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
514 }
515
516 static isc_result_t
517-get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock)
518+get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
519+ ns_client_t *oldclient)
520 {
521 isc_result_t result = ISC_R_SUCCESS;
522 isc_event_t *ev;
523@@ -3610,6 +3767,7 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock)
524 MTRACE("get worker");
525
526 REQUIRE(manager != NULL);
527+ REQUIRE(oldclient != NULL);
528
529 if (manager->exiting)
530 return (ISC_R_SHUTTINGDOWN);
531@@ -3642,7 +3800,28 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock)
532 ns_interface_attach(ifp, &client->interface);
533 client->newstate = client->state = NS_CLIENTSTATE_WORKING;
534 INSIST(client->recursionquota == NULL);
535- client->tcpquota = &ns_g_server->tcpquota;
536+
537+ /*
538+ * Transfer TCP quota to the new client.
539+ */
540+ INSIST(client->tcpquota == NULL);
541+ INSIST(oldclient->tcpquota != NULL);
542+ client->tcpquota = oldclient->tcpquota;
543+ oldclient->tcpquota = NULL;
544+
545+ /*
546+ * Link to a pipeline group, creating it if needed.
547+ */
548+ if (!ISC_LINK_LINKED(oldclient, glink)) {
549+ oldclient->glink.next = NULL;
550+ oldclient->glink.prev = NULL;
551+ }
552+ client->glink.next = oldclient->glink.next;
553+ client->glink.prev = oldclient;
554+ if (oldclient->glink.next != NULL) {
555+ oldclient->glink.next->glink.prev = client;
556+ }
557+ oldclient->glink.next = client;
558
559 client->dscp = ifp->dscp;
560
561@@ -3656,6 +3835,12 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock)
562 (void)isc_socket_getpeername(client->tcpsocket, &client->peeraddr);
563 client->peeraddr_valid = true;
564
565+ LOCK(&client->interface->lock);
566+ client->interface->ntcpactive++;
567+ UNLOCK(&client->interface->lock);
568+
569+ client->tcpactive = true;
570+
571 INSIST(client->tcpmsg_valid == false);
572 dns_tcpmsg_init(client->mctx, client->tcpsocket, &client->tcpmsg);
573 client->tcpmsg_valid = true;
574diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
575index b23a7b191d..1f7973f9c5 100644
576--- a/bin/named/include/named/client.h
577+++ b/bin/named/include/named/client.h
578@@ -94,7 +94,8 @@ struct ns_client {
579 int nupdates;
580 int nctls;
581 int references;
582- bool needshutdown; /*
583+ bool tcpactive;
584+ bool needshutdown; /*
585 * Used by clienttest to get
586 * the client to go from
587 * inactive to free state
588@@ -130,9 +131,9 @@ struct ns_client {
589 isc_stdtime_t now;
590 isc_time_t tnow;
591 dns_name_t signername; /*%< [T]SIG key name */
592- dns_name_t * signer; /*%< NULL if not valid sig */
593- bool mortal; /*%< Die after handling request */
594- bool pipelined; /*%< TCP queries not in sequence */
595+ dns_name_t *signer; /*%< NULL if not valid sig */
596+ bool mortal; /*%< Die after handling request */
597+ bool pipelined; /*%< TCP queries not in sequence */
598 isc_quota_t *tcpquota;
599 isc_quota_t *recursionquota;
600 ns_interface_t *interface;
601@@ -143,8 +144,8 @@ struct ns_client {
602 isc_sockaddr_t destsockaddr;
603
604 isc_netaddr_t ecs_addr; /*%< EDNS client subnet */
605- uint8_t ecs_addrlen;
606- uint8_t ecs_scope;
607+ uint8_t ecs_addrlen;
608+ uint8_t ecs_scope;
609
610 struct in6_pktinfo pktinfo;
611 isc_dscp_t dscp;
612@@ -166,6 +167,7 @@ struct ns_client {
613
614 ISC_LINK(ns_client_t) link;
615 ISC_LINK(ns_client_t) rlink;
616+ ISC_LINK(ns_client_t) glink;
617 ISC_QLINK(ns_client_t) ilink;
618 unsigned char cookie[8];
619 uint32_t expire;
620diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
621index 7d1883e1e8..61b08826a6 100644
622--- a/bin/named/include/named/interfacemgr.h
623+++ b/bin/named/include/named/interfacemgr.h
624@@ -77,9 +77,14 @@ struct ns_interface {
625 /*%< UDP dispatchers. */
626 isc_socket_t * tcpsocket; /*%< TCP socket. */
627 isc_dscp_t dscp; /*%< "listen-on" DSCP value */
628- int ntcptarget; /*%< Desired number of concurrent
629- TCP accepts */
630- int ntcpcurrent; /*%< Current ditto, locked */
631+ int ntcpaccepting; /*%< Number of clients
632+ ready to accept new
633+ TCP connections on this
634+ interface */
635+ int ntcpactive; /*%< Number of clients
636+ servicing TCP queries
637+ (whether accepting or
638+ connected) */
639 int nudpdispatch; /*%< Number of UDP dispatches */
640 ns_clientmgr_t * clientmgr; /*%< Client manager. */
641 ISC_LINK(ns_interface_t) link;
642diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
643index 419927bf54..955096ef47 100644
644--- a/bin/named/interfacemgr.c
645+++ b/bin/named/interfacemgr.c
646@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
647 * connections will be handled in parallel even though there is
648 * only one client initially.
649 */
650- ifp->ntcptarget = 1;
651- ifp->ntcpcurrent = 0;
652+ ifp->ntcpaccepting = 0;
653+ ifp->ntcpactive = 0;
654 ifp->nudpdispatch = 0;
655
656 ifp->dscp = -1;
657@@ -522,9 +522,7 @@ ns_interface_accepttcp(ns_interface_t *ifp) {
658 */
659 (void)isc_socket_filter(ifp->tcpsocket, "dataready");
660
661- result = ns_clientmgr_createclients(ifp->clientmgr,
662- ifp->ntcptarget, ifp,
663- true);
664+ result = ns_clientmgr_createclients(ifp->clientmgr, 1, ifp, true);
665 if (result != ISC_R_SUCCESS) {
666 UNEXPECTED_ERROR(__FILE__, __LINE__,
667 "TCP ns_clientmgr_createclients(): %s",
668--
6692.20.1
670
diff --git a/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch b/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch
deleted file mode 100644
index 032cfb8c44..0000000000
--- a/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch
+++ /dev/null
@@ -1,278 +0,0 @@
1Backport patch to fix CVE-2018-5743.
2
3Ref:
4https://security-tracker.debian.org/tracker/CVE-2018-5743
5
6CVE: CVE-2018-5743
7Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/366b4e1]
8
9Signed-off-by: Kai Kang <kai.kang@windriver.com>
10
11From 366b4e1ede8aed690e981e07137cb1cb77879c36 Mon Sep 17 00:00:00 2001
12From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
13Date: Thu, 17 Jan 2019 15:53:38 +0100
14Subject: [PATCH 3/6] use reference counter for pipeline groups (v3)
15
16Track pipeline groups using a shared reference counter
17instead of a linked list.
18
19(cherry picked from commit 513afd33eb17d5dc41a3f0d2d38204ef8c5f6f91)
20(cherry picked from commit 9446629b730c59c4215f08d37fbaf810282fbccb)
21---
22 bin/named/client.c | 171 ++++++++++++++++++++-----------
23 bin/named/include/named/client.h | 2 +-
24 2 files changed, 110 insertions(+), 63 deletions(-)
25
26diff --git a/bin/named/client.c b/bin/named/client.c
27index a7b49a0f71..277656cef0 100644
28--- a/bin/named/client.c
29+++ b/bin/named/client.c
30@@ -299,6 +299,75 @@ ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
31 }
32 }
33
34+/*%
35+ * Allocate a reference counter that will track the number of client structures
36+ * using the TCP connection that 'client' called accept() for. This counter
37+ * will be shared between all client structures associated with this TCP
38+ * connection.
39+ */
40+static void
41+pipeline_init(ns_client_t *client) {
42+ isc_refcount_t *refs;
43+
44+ REQUIRE(client->pipeline_refs == NULL);
45+
46+ /*
47+ * A global memory context is used for the allocation as different
48+ * client structures may have different memory contexts assigned and a
49+ * reference counter allocated here might need to be freed by a
50+ * different client. The performance impact caused by memory context
51+ * contention here is expected to be negligible, given that this code
52+ * is only executed for TCP connections.
53+ */
54+ refs = isc_mem_allocate(client->sctx->mctx, sizeof(*refs));
55+ isc_refcount_init(refs, 1);
56+ client->pipeline_refs = refs;
57+}
58+
59+/*%
60+ * Increase the count of client structures using the TCP connection that
61+ * 'source' is associated with and put a pointer to that count in 'target',
62+ * thus associating it with the same TCP connection.
63+ */
64+static void
65+pipeline_attach(ns_client_t *source, ns_client_t *target) {
66+ int old_refs;
67+
68+ REQUIRE(source->pipeline_refs != NULL);
69+ REQUIRE(target->pipeline_refs == NULL);
70+
71+ old_refs = isc_refcount_increment(source->pipeline_refs);
72+ INSIST(old_refs > 0);
73+ target->pipeline_refs = source->pipeline_refs;
74+}
75+
76+/*%
77+ * Decrease the count of client structures using the TCP connection that
78+ * 'client' is associated with. If this is the last client using this TCP
79+ * connection, free the reference counter and return true; otherwise, return
80+ * false.
81+ */
82+static bool
83+pipeline_detach(ns_client_t *client) {
84+ isc_refcount_t *refs;
85+ int old_refs;
86+
87+ REQUIRE(client->pipeline_refs != NULL);
88+
89+ refs = client->pipeline_refs;
90+ client->pipeline_refs = NULL;
91+
92+ old_refs = isc_refcount_decrement(refs);
93+ INSIST(old_refs > 0);
94+
95+ if (old_refs == 1) {
96+ isc_mem_free(client->sctx->mctx, refs);
97+ return (true);
98+ }
99+
100+ return (false);
101+}
102+
103 /*%
104 * Check for a deactivation or shutdown request and take appropriate
105 * action. Returns true if either is in progress; in this case
106@@ -421,6 +490,40 @@ exit_check(ns_client_t *client) {
107 client->tcpmsg_valid = false;
108 }
109
110+ if (client->tcpquota != NULL) {
111+ if (client->pipeline_refs == NULL ||
112+ pipeline_detach(client))
113+ {
114+ /*
115+ * Only detach from the TCP client quota if
116+ * there are no more client structures using
117+ * this TCP connection.
118+ *
119+ * Note that we check 'pipeline_refs' and not
120+ * 'pipelined' because in some cases (e.g.
121+ * after receiving a request with an opcode
122+ * different than QUERY) 'pipelined' is set to
123+ * false after the reference counter gets
124+ * allocated in pipeline_init() and we must
125+ * still drop our reference as failing to do so
126+ * would prevent the reference counter itself
127+ * from being freed.
128+ */
129+ isc_quota_detach(&client->tcpquota);
130+ } else {
131+ /*
132+ * There are other client structures using this
133+ * TCP connection, so we cannot detach from the
134+ * TCP client quota to prevent excess TCP
135+ * connections from being accepted. However,
136+ * this client structure might later be reused
137+ * for accepting new connections and thus must
138+ * have its 'tcpquota' field set to NULL.
139+ */
140+ client->tcpquota = NULL;
141+ }
142+ }
143+
144 if (client->tcpsocket != NULL) {
145 CTRACE("closetcp");
146 isc_socket_detach(&client->tcpsocket);
147@@ -434,44 +537,6 @@ exit_check(ns_client_t *client) {
148 }
149 }
150
151- if (client->tcpquota != NULL) {
152- /*
153- * If we are not in a pipeline group, or
154- * we are the last client in the group, detach from
155- * tcpquota; otherwise, transfer the quota to
156- * another client in the same group.
157- */
158- if (!ISC_LINK_LINKED(client, glink) ||
159- (client->glink.next == NULL &&
160- client->glink.prev == NULL))
161- {
162- isc_quota_detach(&client->tcpquota);
163- } else if (client->glink.next != NULL) {
164- INSIST(client->glink.next->tcpquota == NULL);
165- client->glink.next->tcpquota = client->tcpquota;
166- client->tcpquota = NULL;
167- } else {
168- INSIST(client->glink.prev->tcpquota == NULL);
169- client->glink.prev->tcpquota = client->tcpquota;
170- client->tcpquota = NULL;
171- }
172- }
173-
174- /*
175- * Unlink from pipeline group.
176- */
177- if (ISC_LINK_LINKED(client, glink)) {
178- if (client->glink.next != NULL) {
179- client->glink.next->glink.prev =
180- client->glink.prev;
181- }
182- if (client->glink.prev != NULL) {
183- client->glink.prev->glink.next =
184- client->glink.next;
185- }
186- ISC_LINK_INIT(client, glink);
187- }
188-
189 if (client->timerset) {
190 (void)isc_timer_reset(client->timer,
191 isc_timertype_inactive,
192@@ -3130,6 +3195,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
193 dns_name_init(&client->signername, NULL);
194 client->mortal = false;
195 client->pipelined = false;
196+ client->pipeline_refs = NULL;
197 client->tcpquota = NULL;
198 client->recursionquota = NULL;
199 client->interface = NULL;
200@@ -3154,7 +3220,6 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
201 client->formerrcache.id = 0;
202 ISC_LINK_INIT(client, link);
203 ISC_LINK_INIT(client, rlink);
204- ISC_LINK_INIT(client, glink);
205 ISC_QLINK_INIT(client, ilink);
206 client->keytag = NULL;
207 client->keytag_len = 0;
208@@ -3341,6 +3406,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
209 !allowed(&netaddr, NULL, NULL, 0, NULL,
210 ns_g_server->keepresporder)))
211 {
212+ pipeline_init(client);
213 client->pipelined = true;
214 }
215
216@@ -3800,35 +3866,16 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
217 ns_interface_attach(ifp, &client->interface);
218 client->newstate = client->state = NS_CLIENTSTATE_WORKING;
219 INSIST(client->recursionquota == NULL);
220-
221- /*
222- * Transfer TCP quota to the new client.
223- */
224- INSIST(client->tcpquota == NULL);
225- INSIST(oldclient->tcpquota != NULL);
226- client->tcpquota = oldclient->tcpquota;
227- oldclient->tcpquota = NULL;
228-
229- /*
230- * Link to a pipeline group, creating it if needed.
231- */
232- if (!ISC_LINK_LINKED(oldclient, glink)) {
233- oldclient->glink.next = NULL;
234- oldclient->glink.prev = NULL;
235- }
236- client->glink.next = oldclient->glink.next;
237- client->glink.prev = oldclient;
238- if (oldclient->glink.next != NULL) {
239- oldclient->glink.next->glink.prev = client;
240- }
241- oldclient->glink.next = client;
242+ client->tcpquota = &client->sctx->tcpquota;
243
244 client->dscp = ifp->dscp;
245
246 client->attributes |= NS_CLIENTATTR_TCP;
247- client->pipelined = true;
248 client->mortal = true;
249
250+ pipeline_attach(oldclient, client);
251+ client->pipelined = true;
252+
253 isc_socket_attach(ifp->tcpsocket, &client->tcplistener);
254 isc_socket_attach(sock, &client->tcpsocket);
255 isc_socket_setname(client->tcpsocket, "worker-tcp", NULL);
256diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
257index 1f7973f9c5..aeed9ccdda 100644
258--- a/bin/named/include/named/client.h
259+++ b/bin/named/include/named/client.h
260@@ -134,6 +134,7 @@ struct ns_client {
261 dns_name_t *signer; /*%< NULL if not valid sig */
262 bool mortal; /*%< Die after handling request */
263 bool pipelined; /*%< TCP queries not in sequence */
264+ isc_refcount_t *pipeline_refs;
265 isc_quota_t *tcpquota;
266 isc_quota_t *recursionquota;
267 ns_interface_t *interface;
268@@ -167,7 +168,6 @@ struct ns_client {
269
270 ISC_LINK(ns_client_t) link;
271 ISC_LINK(ns_client_t) rlink;
272- ISC_LINK(ns_client_t) glink;
273 ISC_QLINK(ns_client_t) ilink;
274 unsigned char cookie[8];
275 uint32_t expire;
276--
2772.20.1
278
diff --git a/meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch b/meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch
deleted file mode 100644
index 034ab13303..0000000000
--- a/meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch
+++ /dev/null
@@ -1,512 +0,0 @@
1Backport patch to fix CVE-2018-5743.
2
3Ref:
4https://security-tracker.debian.org/tracker/CVE-2018-5743
5
6CVE: CVE-2018-5743
7Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/2ab8a08]
8
9Signed-off-by: Kai Kang <kai.kang@windriver.com>
10
11From 2ab8a085b3c666f28f1f9229bd6ecb59915b26c3 Mon Sep 17 00:00:00 2001
12From: Evan Hunt <each@isc.org>
13Date: Fri, 5 Apr 2019 16:12:18 -0700
14Subject: [PATCH 4/6] better tcpquota accounting and client mortality checks
15
16- ensure that tcpactive is cleaned up correctly when accept() fails.
17- set 'client->tcpattached' when the client is attached to the tcpquota.
18 carry this value on to new clients sharing the same pipeline group.
19 don't call isc_quota_detach() on the tcpquota unless tcpattached is
20 set. this way clients that were allowed to accept TCP connections
21 despite being over quota (and therefore, were never attached to the
22 quota) will not inadvertently detach from it and mess up the
23 accounting.
24- simplify the code for tcpquota disconnection by using a new function
25 tcpquota_disconnect().
26- before deciding whether to reject a new connection due to quota
27 exhaustion, check to see whether there are at least two active
28 clients. previously, this was "at least one", but that could be
29 insufficient if there was one other client in READING state (waiting
30 for messages on an open connection) but none in READY (listening
31 for new connections).
32- before deciding whether a TCP client object can to go inactive, we
33 must ensure there are enough other clients to maintain service
34 afterward -- both accepting new connections and reading/processing new
35 queries. A TCP client can't shut down unless at least one
36 client is accepting new connections and (in the case of pipelined
37 clients) at least one additional client is waiting to read.
38
39(cherry picked from commit c7394738b2445c16f728a88394864dd61baad900)
40(cherry picked from commit e965d5f11d3d0f6d59704e614fceca2093cb1856)
41(cherry picked from commit 87d431161450777ea093821212abfb52d51b36e3)
42---
43 bin/named/client.c | 244 +++++++++++++++++++------------
44 bin/named/include/named/client.h | 3 +-
45 2 files changed, 152 insertions(+), 95 deletions(-)
46
47diff --git a/bin/named/client.c b/bin/named/client.c
48index 277656cef0..61e96dd28c 100644
49--- a/bin/named/client.c
50+++ b/bin/named/client.c
51@@ -244,13 +244,14 @@ static void client_start(isc_task_t *task, isc_event_t *event);
52 static void client_request(isc_task_t *task, isc_event_t *event);
53 static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
54 static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
55- dns_dispatch_t *disp, bool tcp);
56+ dns_dispatch_t *disp, ns_client_t *oldclient,
57+ bool tcp);
58 static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp,
59 isc_socket_t *sock, ns_client_t *oldclient);
60 static inline bool
61 allowed(isc_netaddr_t *addr, dns_name_t *signer,
62 isc_netaddr_t *ecs_addr, uint8_t ecs_addrlen,
63- uint8_t *ecs_scope, dns_acl_t *acl)
64+ uint8_t *ecs_scope, dns_acl_t *acl);
65 static void compute_cookie(ns_client_t *client, uint32_t when,
66 uint32_t nonce, const unsigned char *secret,
67 isc_buffer_t *buf);
68@@ -319,7 +320,7 @@ pipeline_init(ns_client_t *client) {
69 * contention here is expected to be negligible, given that this code
70 * is only executed for TCP connections.
71 */
72- refs = isc_mem_allocate(client->sctx->mctx, sizeof(*refs));
73+ refs = isc_mem_allocate(ns_g_mctx, sizeof(*refs));
74 isc_refcount_init(refs, 1);
75 client->pipeline_refs = refs;
76 }
77@@ -331,13 +332,13 @@ pipeline_init(ns_client_t *client) {
78 */
79 static void
80 pipeline_attach(ns_client_t *source, ns_client_t *target) {
81- int old_refs;
82+ int refs;
83
84 REQUIRE(source->pipeline_refs != NULL);
85 REQUIRE(target->pipeline_refs == NULL);
86
87- old_refs = isc_refcount_increment(source->pipeline_refs);
88- INSIST(old_refs > 0);
89+ isc_refcount_increment(source->pipeline_refs, &refs);
90+ INSIST(refs > 1);
91 target->pipeline_refs = source->pipeline_refs;
92 }
93
94@@ -349,25 +350,51 @@ pipeline_attach(ns_client_t *source, ns_client_t *target) {
95 */
96 static bool
97 pipeline_detach(ns_client_t *client) {
98- isc_refcount_t *refs;
99- int old_refs;
100+ isc_refcount_t *refcount;
101+ int refs;
102
103 REQUIRE(client->pipeline_refs != NULL);
104
105- refs = client->pipeline_refs;
106+ refcount = client->pipeline_refs;
107 client->pipeline_refs = NULL;
108
109- old_refs = isc_refcount_decrement(refs);
110- INSIST(old_refs > 0);
111+ isc_refcount_decrement(refcount, refs);
112
113- if (old_refs == 1) {
114- isc_mem_free(client->sctx->mctx, refs);
115+ if (refs == 0) {
116+ isc_mem_free(ns_g_mctx, refs);
117 return (true);
118 }
119
120 return (false);
121 }
122
123+/*
124+ * Detach a client from the TCP client quota if appropriate, and set
125+ * the quota pointer to NULL.
126+ *
127+ * Sometimes when the TCP client quota is exhausted but there are no other
128+ * clients servicing the interface, a client will be allowed to continue
129+ * running despite not having been attached to the quota. In this event,
130+ * the TCP quota was never attached to the client, so when the client (or
131+ * associated pipeline group) shuts down, the quota must NOT be detached.
132+ *
133+ * Otherwise, if the quota pointer is set, it should be detached. If not
134+ * set at all, we just return without doing anything.
135+ */
136+static void
137+tcpquota_disconnect(ns_client_t *client) {
138+ if (client->tcpquota == NULL) {
139+ return;
140+ }
141+
142+ if (client->tcpattached) {
143+ isc_quota_detach(&client->tcpquota);
144+ client->tcpattached = false;
145+ } else {
146+ client->tcpquota = NULL;
147+ }
148+}
149+
150 /*%
151 * Check for a deactivation or shutdown request and take appropriate
152 * action. Returns true if either is in progress; in this case
153@@ -490,38 +517,31 @@ exit_check(ns_client_t *client) {
154 client->tcpmsg_valid = false;
155 }
156
157- if (client->tcpquota != NULL) {
158- if (client->pipeline_refs == NULL ||
159- pipeline_detach(client))
160- {
161- /*
162- * Only detach from the TCP client quota if
163- * there are no more client structures using
164- * this TCP connection.
165- *
166- * Note that we check 'pipeline_refs' and not
167- * 'pipelined' because in some cases (e.g.
168- * after receiving a request with an opcode
169- * different than QUERY) 'pipelined' is set to
170- * false after the reference counter gets
171- * allocated in pipeline_init() and we must
172- * still drop our reference as failing to do so
173- * would prevent the reference counter itself
174- * from being freed.
175- */
176- isc_quota_detach(&client->tcpquota);
177- } else {
178- /*
179- * There are other client structures using this
180- * TCP connection, so we cannot detach from the
181- * TCP client quota to prevent excess TCP
182- * connections from being accepted. However,
183- * this client structure might later be reused
184- * for accepting new connections and thus must
185- * have its 'tcpquota' field set to NULL.
186- */
187- client->tcpquota = NULL;
188- }
189+ /*
190+ * Detach from pipeline group and from TCP client quota,
191+ * if appropriate.
192+ *
193+ * - If no pipeline group is active, attempt to
194+ * detach from the TCP client quota.
195+ *
196+ * - If a pipeline group is active, detach from it;
197+ * if the return code indicates that there no more
198+ * clients left if this pipeline group, we also detach
199+ * from the TCP client quota.
200+ *
201+ * - Otherwise we don't try to detach, we just set the
202+ * TCP quota pointer to NULL if it wasn't NULL already.
203+ *
204+ * tcpquota_disconnect() will set tcpquota to NULL, either
205+ * by detaching it or by assignment, depending on the
206+ * needs of the client. See the comments on that function
207+ * for further information.
208+ */
209+ if (client->pipeline_refs == NULL || pipeline_detach(client)) {
210+ tcpquota_disconnect(client);
211+ } else {
212+ client->tcpquota = NULL;
213+ client->tcpattached = false;
214 }
215
216 if (client->tcpsocket != NULL) {
217@@ -544,8 +564,6 @@ exit_check(ns_client_t *client) {
218 client->timerset = false;
219 }
220
221- client->pipelined = false;
222-
223 client->peeraddr_valid = false;
224
225 client->state = NS_CLIENTSTATE_READY;
226@@ -558,18 +576,27 @@ exit_check(ns_client_t *client) {
227 * active and force it to go inactive if not.
228 *
229 * UDP clients go inactive at this point, but a TCP client
230- * will needs to remain active if no other clients are
231- * listening for TCP requests on this interface, to
232- * prevent this interface from going nonresponsive.
233+ * may need to remain active and go into ready state if
234+ * no other clients are available to listen for TCP
235+ * requests on this interface or (in the case of pipelined
236+ * clients) to read for additional messages on the current
237+ * connection.
238 */
239 if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) {
240 LOCK(&client->interface->lock);
241- if (client->interface->ntcpaccepting == 0) {
242+ if ((client->interface->ntcpaccepting == 0 ||
243+ (client->pipelined &&
244+ client->interface->ntcpactive < 2)) &&
245+ client->newstate != NS_CLIENTSTATE_FREED)
246+ {
247 client->mortal = false;
248+ client->newstate = NS_CLIENTSTATE_READY;
249 }
250 UNLOCK(&client->interface->lock);
251 }
252
253+ client->pipelined = false;
254+
255 /*
256 * We don't need the client; send it to the inactive
257 * queue for recycling.
258@@ -2634,6 +2661,18 @@ client_request(isc_task_t *task, isc_event_t *event) {
259 client->pipelined = false;
260 }
261 if (TCP_CLIENT(client) && client->pipelined) {
262+ /*
263+ * We're pipelining. Replace the client; the
264+ * the replacement can read the TCP socket looking
265+ * for new messages and this client can process the
266+ * current message asynchronously.
267+ *
268+ * There are now at least three clients using this
269+ * TCP socket - one accepting new connections,
270+ * one reading an existing connection to get new
271+ * messages, and one answering the message already
272+ * received.
273+ */
274 result = ns_client_replace(client);
275 if (result != ISC_R_SUCCESS) {
276 client->pipelined = false;
277@@ -3197,6 +3236,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
278 client->pipelined = false;
279 client->pipeline_refs = NULL;
280 client->tcpquota = NULL;
281+ client->tcpattached = false;
282 client->recursionquota = NULL;
283 client->interface = NULL;
284 client->peeraddr_valid = false;
285@@ -3359,9 +3399,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
286 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
287 "accept failed: %s",
288 isc_result_totext(nevent->result));
289- if (client->tcpquota != NULL) {
290- isc_quota_detach(&client->tcpquota);
291- }
292+ tcpquota_disconnect(client);
293 }
294
295 if (exit_check(client))
296@@ -3402,7 +3440,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
297 client->pipelined = false;
298 result = ns_client_replace(client);
299 if (result == ISC_R_SUCCESS &&
300- (client->sctx->keepresporder == NULL ||
301+ (ns_g_server->keepresporder == NULL ||
302 !allowed(&netaddr, NULL, NULL, 0, NULL,
303 ns_g_server->keepresporder)))
304 {
305@@ -3429,7 +3467,7 @@ client_accept(ns_client_t *client) {
306 * in named.conf. If we can't attach to it here, that means the TCP
307 * client quota has been exceeded.
308 */
309- result = isc_quota_attach(&client->sctx->tcpquota,
310+ result = isc_quota_attach(&ns_g_server->tcpquota,
311 &client->tcpquota);
312 if (result != ISC_R_SUCCESS) {
313 bool exit;
314@@ -3447,27 +3485,27 @@ client_accept(ns_client_t *client) {
315 * interface to be starved, with no clients able
316 * to accept new connections.
317 *
318- * So, we check here to see if any other client
319- * is already servicing TCP queries on this
320+ * So, we check here to see if any other clients
321+ * are already servicing TCP queries on this
322 * interface (whether accepting, reading, or
323- * processing).
324- *
325- * If so, then it's okay *not* to call
326- * accept - we can let this client to go inactive
327- * and the other one handle the next connection
328- * when it's ready.
329+ * processing). If there are at least two
330+ * (one reading and one processing a request)
331+ * then it's okay *not* to call accept - we
332+ * can let this client go inactive and another
333+ * one will resume accepting when it's done.
334 *
335- * But if not, then we need to be a little bit
336- * flexible about the quota. We allow *one* extra
337- * TCP client through, to ensure we're listening on
338- * every interface.
339+ * If there aren't enough active clients on the
340+ * interface, then we can be a little bit
341+ * flexible about the quota. We'll allow *one*
342+ * extra client through to ensure we're listening
343+ * on every interface.
344 *
345- * (Note: In practice this means that the *real*
346- * TCP client quota is tcp-clients plus the number
347- * of interfaces.)
348+ * (Note: In practice this means that the real
349+ * TCP client quota is tcp-clients plus the
350+ * number of listening interfaces plus 2.)
351 */
352 LOCK(&client->interface->lock);
353- exit = (client->interface->ntcpactive > 0);
354+ exit = (client->interface->ntcpactive > 1);
355 UNLOCK(&client->interface->lock);
356
357 if (exit) {
358@@ -3475,6 +3513,9 @@ client_accept(ns_client_t *client) {
359 (void)exit_check(client);
360 return;
361 }
362+
363+ } else {
364+ client->tcpattached = true;
365 }
366
367 /*
368@@ -3507,9 +3548,16 @@ client_accept(ns_client_t *client) {
369 UNEXPECTED_ERROR(__FILE__, __LINE__,
370 "isc_socket_accept() failed: %s",
371 isc_result_totext(result));
372- if (client->tcpquota != NULL) {
373- isc_quota_detach(&client->tcpquota);
374+
375+ tcpquota_disconnect(client);
376+
377+ if (client->tcpactive) {
378+ LOCK(&client->interface->lock);
379+ client->interface->ntcpactive--;
380+ UNLOCK(&client->interface->lock);
381+ client->tcpactive = false;
382 }
383+
384 return;
385 }
386
387@@ -3527,13 +3575,12 @@ client_accept(ns_client_t *client) {
388 * once the connection is established.
389 *
390 * When the client object is shutting down after handling a TCP
391- * request (see exit_check()), it looks to see whether this value is
392- * non-zero. If so, that means another client has already called
393- * accept() and is waiting to establish the next connection, which
394- * means the first client is free to go inactive. Otherwise,
395- * the first client must come back and call accept() again; this
396- * guarantees there will always be at least one client listening
397- * for new TCP connections on each interface.
398+ * request (see exit_check()), if this value is at least one, that
399+ * means another client has called accept() and is waiting to
400+ * establish the next connection. That means the client may be
401+ * be free to become inactive; otherwise it may need to start
402+ * listening for connections itself to prevent the interface
403+ * going dead.
404 */
405 LOCK(&client->interface->lock);
406 client->interface->ntcpaccepting++;
407@@ -3613,19 +3660,19 @@ ns_client_replace(ns_client_t *client) {
408 client->tcpsocket, client);
409 } else {
410 result = get_client(client->manager, client->interface,
411- client->dispatch, tcp);
412+ client->dispatch, client, tcp);
413+
414+ /*
415+ * The responsibility for listening for new requests is hereby
416+ * transferred to the new client. Therefore, the old client
417+ * should refrain from listening for any more requests.
418+ */
419+ client->mortal = true;
420 }
421 if (result != ISC_R_SUCCESS) {
422 return (result);
423 }
424
425- /*
426- * The responsibility for listening for new requests is hereby
427- * transferred to the new client. Therefore, the old client
428- * should refrain from listening for any more requests.
429- */
430- client->mortal = true;
431-
432 return (ISC_R_SUCCESS);
433 }
434
435@@ -3759,7 +3806,7 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
436
437 static isc_result_t
438 get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
439- dns_dispatch_t *disp, bool tcp)
440+ dns_dispatch_t *disp, ns_client_t *oldclient, bool tcp)
441 {
442 isc_result_t result = ISC_R_SUCCESS;
443 isc_event_t *ev;
444@@ -3803,6 +3850,16 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
445 client->dscp = ifp->dscp;
446
447 if (tcp) {
448+ client->tcpattached = false;
449+ if (oldclient != NULL) {
450+ client->tcpattached = oldclient->tcpattached;
451+ }
452+
453+ LOCK(&client->interface->lock);
454+ client->interface->ntcpactive++;
455+ UNLOCK(&client->interface->lock);
456+ client->tcpactive = true;
457+
458 client->attributes |= NS_CLIENTATTR_TCP;
459 isc_socket_attach(ifp->tcpsocket,
460 &client->tcplistener);
461@@ -3866,7 +3923,8 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
462 ns_interface_attach(ifp, &client->interface);
463 client->newstate = client->state = NS_CLIENTSTATE_WORKING;
464 INSIST(client->recursionquota == NULL);
465- client->tcpquota = &client->sctx->tcpquota;
466+ client->tcpquota = &ns_g_server->tcpquota;
467+ client->tcpattached = oldclient->tcpattached;
468
469 client->dscp = ifp->dscp;
470
471@@ -3885,7 +3943,6 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
472 LOCK(&client->interface->lock);
473 client->interface->ntcpactive++;
474 UNLOCK(&client->interface->lock);
475-
476 client->tcpactive = true;
477
478 INSIST(client->tcpmsg_valid == false);
479@@ -3913,7 +3970,8 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
480 MTRACE("createclients");
481
482 for (disp = 0; disp < n; disp++) {
483- result = get_client(manager, ifp, ifp->udpdispatch[disp], tcp);
484+ result = get_client(manager, ifp, ifp->udpdispatch[disp],
485+ NULL, tcp);
486 if (result != ISC_R_SUCCESS)
487 break;
488 }
489diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
490index aeed9ccdda..e2c40acd28 100644
491--- a/bin/named/include/named/client.h
492+++ b/bin/named/include/named/client.h
493@@ -9,8 +9,6 @@
494 * information regarding copyright ownership.
495 */
496
497-/* $Id: client.h,v 1.96 2012/01/31 23:47:31 tbox Exp $ */
498-
499 #ifndef NAMED_CLIENT_H
500 #define NAMED_CLIENT_H 1
501
502@@ -136,6 +134,7 @@ struct ns_client {
503 bool pipelined; /*%< TCP queries not in sequence */
504 isc_refcount_t *pipeline_refs;
505 isc_quota_t *tcpquota;
506+ bool tcpattached;
507 isc_quota_t *recursionquota;
508 ns_interface_t *interface;
509
510--
5112.20.1
512
diff --git a/meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch b/meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch
deleted file mode 100644
index 987e75bc0e..0000000000
--- a/meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch
+++ /dev/null
@@ -1,911 +0,0 @@
1Backport patch to fix CVE-2018-5743.
2
3Ref:
4https://security-tracker.debian.org/tracker/CVE-2018-5743
5
6CVE: CVE-2018-5743
7Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/c47ccf6]
8
9Signed-off-by: Kai Kang <kai.kang@windriver.com>
10
11From c47ccf630f147378568b33e8fdb7b754f228c346 Mon Sep 17 00:00:00 2001
12From: Evan Hunt <each@isc.org>
13Date: Fri, 5 Apr 2019 16:26:05 -0700
14Subject: [PATCH 5/6] refactor tcpquota and pipeline refs; allow special-case
15 overrun in isc_quota
16
17- if the TCP quota has been exceeded but there are no clients listening
18 for new connections on the interface, we can now force attachment to the
19 quota using isc_quota_force(), instead of carrying on with the quota not
20 attached.
21- the TCP client quota is now referenced via a reference-counted
22 'ns_tcpconn' object, one of which is created whenever a client begins
23 listening for new connections, and attached to by members of that
24 client's pipeline group. when the last reference to the tcpconn
25 object is detached, it is freed and the TCP quota slot is released.
26- reduce code duplication by adding mark_tcp_active() function.
27- convert counters to atomic.
28
29(cherry picked from commit 7e8222378ca24f1302a0c1c638565050ab04681b)
30(cherry picked from commit 4939451275722bfda490ea86ca13e84f6bc71e46)
31(cherry picked from commit 13f7c918b8720d890408f678bd73c20e634539d9)
32---
33 bin/named/client.c | 444 +++++++++++--------------
34 bin/named/include/named/client.h | 12 +-
35 bin/named/include/named/interfacemgr.h | 6 +-
36 bin/named/interfacemgr.c | 1 +
37 lib/isc/include/isc/quota.h | 7 +
38 lib/isc/quota.c | 33 +-
39 lib/isc/win32/libisc.def.in | 1 +
40 7 files changed, 236 insertions(+), 268 deletions(-)
41
42diff --git a/bin/named/client.c b/bin/named/client.c
43index 61e96dd28c..d826ab32bf 100644
44--- a/bin/named/client.c
45+++ b/bin/named/client.c
46@@ -244,8 +244,7 @@ static void client_start(isc_task_t *task, isc_event_t *event);
47 static void client_request(isc_task_t *task, isc_event_t *event);
48 static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
49 static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
50- dns_dispatch_t *disp, ns_client_t *oldclient,
51- bool tcp);
52+ dns_dispatch_t *disp, bool tcp);
53 static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp,
54 isc_socket_t *sock, ns_client_t *oldclient);
55 static inline bool
56@@ -301,16 +300,32 @@ ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
57 }
58
59 /*%
60- * Allocate a reference counter that will track the number of client structures
61- * using the TCP connection that 'client' called accept() for. This counter
62- * will be shared between all client structures associated with this TCP
63- * connection.
64+ * Allocate a reference-counted object that will maintain a single pointer to
65+ * the (also reference-counted) TCP client quota, shared between all the
66+ * clients processing queries on a single TCP connection, so that all
67+ * clients sharing the one socket will together consume only one slot in
68+ * the 'tcp-clients' quota.
69 */
70-static void
71-pipeline_init(ns_client_t *client) {
72- isc_refcount_t *refs;
73+static isc_result_t
74+tcpconn_init(ns_client_t *client, bool force) {
75+ isc_result_t result;
76+ isc_quota_t *quota = NULL;
77+ ns_tcpconn_t *tconn = NULL;
78
79- REQUIRE(client->pipeline_refs == NULL);
80+ REQUIRE(client->tcpconn == NULL);
81+
82+ /*
83+ * Try to attach to the quota first, so we won't pointlessly
84+ * allocate memory for a tcpconn object if we can't get one.
85+ */
86+ if (force) {
87+ result = isc_quota_force(&ns_g_server->tcpquota, &quota);
88+ } else {
89+ result = isc_quota_attach(&ns_g_server->tcpquota, &quota);
90+ }
91+ if (result != ISC_R_SUCCESS) {
92+ return (result);
93+ }
94
95 /*
96 * A global memory context is used for the allocation as different
97@@ -320,78 +335,80 @@ pipeline_init(ns_client_t *client) {
98 * contention here is expected to be negligible, given that this code
99 * is only executed for TCP connections.
100 */
101- refs = isc_mem_allocate(ns_g_mctx, sizeof(*refs));
102- isc_refcount_init(refs, 1);
103- client->pipeline_refs = refs;
104+ tconn = isc_mem_allocate(ns_g_mctx, sizeof(*tconn));
105+
106+ isc_refcount_init(&tconn->refs, 1);
107+ tconn->tcpquota = quota;
108+ quota = NULL;
109+ tconn->pipelined = false;
110+
111+ client->tcpconn = tconn;
112+
113+ return (ISC_R_SUCCESS);
114 }
115
116 /*%
117- * Increase the count of client structures using the TCP connection that
118- * 'source' is associated with and put a pointer to that count in 'target',
119- * thus associating it with the same TCP connection.
120+ * Increase the count of client structures sharing the TCP connection
121+ * that 'source' is associated with; add a pointer to the same tcpconn
122+ * to 'target', thus associating it with the same TCP connection.
123 */
124 static void
125-pipeline_attach(ns_client_t *source, ns_client_t *target) {
126+tcpconn_attach(ns_client_t *source, ns_client_t *target) {
127 int refs;
128
129- REQUIRE(source->pipeline_refs != NULL);
130- REQUIRE(target->pipeline_refs == NULL);
131+ REQUIRE(source->tcpconn != NULL);
132+ REQUIRE(target->tcpconn == NULL);
133+ REQUIRE(source->tcpconn->pipelined);
134
135- isc_refcount_increment(source->pipeline_refs, &refs);
136+ isc_refcount_increment(&source->tcpconn->refs, &refs);
137 INSIST(refs > 1);
138- target->pipeline_refs = source->pipeline_refs;
139+ target->tcpconn = source->tcpconn;
140 }
141
142 /*%
143- * Decrease the count of client structures using the TCP connection that
144+ * Decrease the count of client structures sharing the TCP connection that
145 * 'client' is associated with. If this is the last client using this TCP
146- * connection, free the reference counter and return true; otherwise, return
147- * false.
148+ * connection, we detach from the TCP quota and free the tcpconn
149+ * object. Either way, client->tcpconn is set to NULL.
150 */
151-static bool
152-pipeline_detach(ns_client_t *client) {
153- isc_refcount_t *refcount;
154+static void
155+tcpconn_detach(ns_client_t *client) {
156+ ns_tcpconn_t *tconn = NULL;
157 int refs;
158
159- REQUIRE(client->pipeline_refs != NULL);
160-
161- refcount = client->pipeline_refs;
162- client->pipeline_refs = NULL;
163+ REQUIRE(client->tcpconn != NULL);
164
165- isc_refcount_decrement(refcount, refs);
166+ tconn = client->tcpconn;
167+ client->tcpconn = NULL;
168
169+ isc_refcount_decrement(&tconn->refs, &refs);
170 if (refs == 0) {
171- isc_mem_free(ns_g_mctx, refs);
172- return (true);
173+ isc_quota_detach(&tconn->tcpquota);
174+ isc_mem_free(ns_g_mctx, tconn);
175 }
176-
177- return (false);
178 }
179
180-/*
181- * Detach a client from the TCP client quota if appropriate, and set
182- * the quota pointer to NULL.
183- *
184- * Sometimes when the TCP client quota is exhausted but there are no other
185- * clients servicing the interface, a client will be allowed to continue
186- * running despite not having been attached to the quota. In this event,
187- * the TCP quota was never attached to the client, so when the client (or
188- * associated pipeline group) shuts down, the quota must NOT be detached.
189+/*%
190+ * Mark a client as active and increment the interface's 'ntcpactive'
191+ * counter, as a signal that there is at least one client servicing
192+ * TCP queries for the interface. If we reach the TCP client quota at
193+ * some point, this will be used to determine whether a quota overrun
194+ * should be permitted.
195 *
196- * Otherwise, if the quota pointer is set, it should be detached. If not
197- * set at all, we just return without doing anything.
198+ * Marking the client active with the 'tcpactive' flag ensures proper
199+ * accounting, by preventing us from incrementing or decrementing
200+ * 'ntcpactive' more than once per client.
201 */
202 static void
203-tcpquota_disconnect(ns_client_t *client) {
204- if (client->tcpquota == NULL) {
205- return;
206- }
207-
208- if (client->tcpattached) {
209- isc_quota_detach(&client->tcpquota);
210- client->tcpattached = false;
211- } else {
212- client->tcpquota = NULL;
213+mark_tcp_active(ns_client_t *client, bool active) {
214+ if (active && !client->tcpactive) {
215+ isc_atomic_xadd(&client->interface->ntcpactive, 1);
216+ client->tcpactive = active;
217+ } else if (!active && client->tcpactive) {
218+ uint32_t old =
219+ isc_atomic_xadd(&client->interface->ntcpactive, -1);
220+ INSIST(old > 0);
221+ client->tcpactive = active;
222 }
223 }
224
225@@ -484,7 +501,8 @@ exit_check(ns_client_t *client) {
226 INSIST(client->recursionquota == NULL);
227
228 if (NS_CLIENTSTATE_READING == client->newstate) {
229- if (!client->pipelined) {
230+ INSIST(client->tcpconn != NULL);
231+ if (!client->tcpconn->pipelined) {
232 client_read(client);
233 client->newstate = NS_CLIENTSTATE_MAX;
234 return (true); /* We're done. */
235@@ -507,8 +525,8 @@ exit_check(ns_client_t *client) {
236 dns_tcpmsg_cancelread(&client->tcpmsg);
237 }
238
239- if (client->nreads != 0) {
240- /* Still waiting for read cancel completion. */
241+ /* Still waiting for read cancel completion. */
242+ if (client->nreads > 0) {
243 return (true);
244 }
245
246@@ -518,43 +536,45 @@ exit_check(ns_client_t *client) {
247 }
248
249 /*
250- * Detach from pipeline group and from TCP client quota,
251- * if appropriate.
252+ * Soon the client will be ready to accept a new TCP
253+ * connection or UDP request, but we may have enough
254+ * clients doing that already. Check whether this client
255+ * needs to remain active and allow it go inactive if
256+ * not.
257 *
258- * - If no pipeline group is active, attempt to
259- * detach from the TCP client quota.
260+ * UDP clients always go inactive at this point, but a TCP
261+ * client may need to stay active and return to READY
262+ * state if no other clients are available to listen
263+ * for TCP requests on this interface.
264 *
265- * - If a pipeline group is active, detach from it;
266- * if the return code indicates that there no more
267- * clients left if this pipeline group, we also detach
268- * from the TCP client quota.
269- *
270- * - Otherwise we don't try to detach, we just set the
271- * TCP quota pointer to NULL if it wasn't NULL already.
272- *
273- * tcpquota_disconnect() will set tcpquota to NULL, either
274- * by detaching it or by assignment, depending on the
275- * needs of the client. See the comments on that function
276- * for further information.
277+ * Regardless, if we're going to FREED state, that means
278+ * the system is shutting down and we don't need to
279+ * retain clients.
280 */
281- if (client->pipeline_refs == NULL || pipeline_detach(client)) {
282- tcpquota_disconnect(client);
283- } else {
284- client->tcpquota = NULL;
285- client->tcpattached = false;
286+ if (client->mortal && TCP_CLIENT(client) &&
287+ client->newstate != NS_CLIENTSTATE_FREED &&
288+ !ns_g_clienttest &&
289+ isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0)
290+ {
291+ /* Nobody else is accepting */
292+ client->mortal = false;
293+ client->newstate = NS_CLIENTSTATE_READY;
294+ }
295+
296+ /*
297+ * Detach from TCP connection and TCP client quota,
298+ * if appropriate. If this is the last reference to
299+ * the TCP connection in our pipeline group, the
300+ * TCP quota slot will be released.
301+ */
302+ if (client->tcpconn) {
303+ tcpconn_detach(client);
304 }
305
306 if (client->tcpsocket != NULL) {
307 CTRACE("closetcp");
308 isc_socket_detach(&client->tcpsocket);
309-
310- if (client->tcpactive) {
311- LOCK(&client->interface->lock);
312- INSIST(client->interface->ntcpactive > 0);
313- client->interface->ntcpactive--;
314- UNLOCK(&client->interface->lock);
315- client->tcpactive = false;
316- }
317+ mark_tcp_active(client, false);
318 }
319
320 if (client->timerset) {
321@@ -567,35 +587,6 @@ exit_check(ns_client_t *client) {
322 client->peeraddr_valid = false;
323
324 client->state = NS_CLIENTSTATE_READY;
325- INSIST(client->recursionquota == NULL);
326-
327- /*
328- * Now the client is ready to accept a new TCP connection
329- * or UDP request, but we may have enough clients doing
330- * that already. Check whether this client needs to remain
331- * active and force it to go inactive if not.
332- *
333- * UDP clients go inactive at this point, but a TCP client
334- * may need to remain active and go into ready state if
335- * no other clients are available to listen for TCP
336- * requests on this interface or (in the case of pipelined
337- * clients) to read for additional messages on the current
338- * connection.
339- */
340- if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) {
341- LOCK(&client->interface->lock);
342- if ((client->interface->ntcpaccepting == 0 ||
343- (client->pipelined &&
344- client->interface->ntcpactive < 2)) &&
345- client->newstate != NS_CLIENTSTATE_FREED)
346- {
347- client->mortal = false;
348- client->newstate = NS_CLIENTSTATE_READY;
349- }
350- UNLOCK(&client->interface->lock);
351- }
352-
353- client->pipelined = false;
354
355 /*
356 * We don't need the client; send it to the inactive
357@@ -630,7 +621,7 @@ exit_check(ns_client_t *client) {
358 }
359
360 /* Still waiting for accept cancel completion. */
361- if (! (client->naccepts == 0)) {
362+ if (client->naccepts > 0) {
363 return (true);
364 }
365
366@@ -641,7 +632,7 @@ exit_check(ns_client_t *client) {
367 }
368
369 /* Still waiting for recv cancel completion. */
370- if (! (client->nrecvs == 0)) {
371+ if (client->nrecvs > 0) {
372 return (true);
373 }
374
375@@ -654,14 +645,7 @@ exit_check(ns_client_t *client) {
376 INSIST(client->recursionquota == NULL);
377 if (client->tcplistener != NULL) {
378 isc_socket_detach(&client->tcplistener);
379-
380- if (client->tcpactive) {
381- LOCK(&client->interface->lock);
382- INSIST(client->interface->ntcpactive > 0);
383- client->interface->ntcpactive--;
384- UNLOCK(&client->interface->lock);
385- client->tcpactive = false;
386- }
387+ mark_tcp_active(client, false);
388 }
389 if (client->udpsocket != NULL) {
390 isc_socket_detach(&client->udpsocket);
391@@ -816,7 +800,7 @@ client_start(isc_task_t *task, isc_event_t *event) {
392 return;
393
394 if (TCP_CLIENT(client)) {
395- if (client->pipelined) {
396+ if (client->tcpconn != NULL) {
397 client_read(client);
398 } else {
399 client_accept(client);
400@@ -2470,6 +2454,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
401 client->nrecvs--;
402 } else {
403 INSIST(TCP_CLIENT(client));
404+ INSIST(client->tcpconn != NULL);
405 REQUIRE(event->ev_type == DNS_EVENT_TCPMSG);
406 REQUIRE(event->ev_sender == &client->tcpmsg);
407 buffer = &client->tcpmsg.buffer;
408@@ -2657,17 +2642,19 @@ client_request(isc_task_t *task, isc_event_t *event) {
409 /*
410 * Pipeline TCP query processing.
411 */
412- if (client->message->opcode != dns_opcode_query) {
413- client->pipelined = false;
414+ if (TCP_CLIENT(client) &&
415+ client->message->opcode != dns_opcode_query)
416+ {
417+ client->tcpconn->pipelined = false;
418 }
419- if (TCP_CLIENT(client) && client->pipelined) {
420+ if (TCP_CLIENT(client) && client->tcpconn->pipelined) {
421 /*
422 * We're pipelining. Replace the client; the
423- * the replacement can read the TCP socket looking
424- * for new messages and this client can process the
425+ * replacement can read the TCP socket looking
426+ * for new messages and this one can process the
427 * current message asynchronously.
428 *
429- * There are now at least three clients using this
430+ * There will now be at least three clients using this
431 * TCP socket - one accepting new connections,
432 * one reading an existing connection to get new
433 * messages, and one answering the message already
434@@ -2675,7 +2662,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
435 */
436 result = ns_client_replace(client);
437 if (result != ISC_R_SUCCESS) {
438- client->pipelined = false;
439+ client->tcpconn->pipelined = false;
440 }
441 }
442
443@@ -3233,10 +3220,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
444 client->signer = NULL;
445 dns_name_init(&client->signername, NULL);
446 client->mortal = false;
447- client->pipelined = false;
448- client->pipeline_refs = NULL;
449- client->tcpquota = NULL;
450- client->tcpattached = false;
451+ client->tcpconn = NULL;
452 client->recursionquota = NULL;
453 client->interface = NULL;
454 client->peeraddr_valid = false;
455@@ -3341,9 +3325,10 @@ client_read(ns_client_t *client) {
456
457 static void
458 client_newconn(isc_task_t *task, isc_event_t *event) {
459+ isc_result_t result;
460 ns_client_t *client = event->ev_arg;
461 isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
462- isc_result_t result;
463+ uint32_t old;
464
465 REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN);
466 REQUIRE(NS_CLIENT_VALID(client));
467@@ -3363,10 +3348,8 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
468 INSIST(client->naccepts == 1);
469 client->naccepts--;
470
471- LOCK(&client->interface->lock);
472- INSIST(client->interface->ntcpaccepting > 0);
473- client->interface->ntcpaccepting--;
474- UNLOCK(&client->interface->lock);
475+ old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1);
476+ INSIST(old > 0);
477
478 /*
479 * We must take ownership of the new socket before the exit
480@@ -3399,7 +3382,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
481 NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
482 "accept failed: %s",
483 isc_result_totext(nevent->result));
484- tcpquota_disconnect(client);
485+ tcpconn_detach(client);
486 }
487
488 if (exit_check(client))
489@@ -3437,15 +3420,13 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
490 * telnetting to port 53 (once per CPU) will
491 * deny service to legitimate TCP clients.
492 */
493- client->pipelined = false;
494 result = ns_client_replace(client);
495 if (result == ISC_R_SUCCESS &&
496 (ns_g_server->keepresporder == NULL ||
497 !allowed(&netaddr, NULL, NULL, 0, NULL,
498 ns_g_server->keepresporder)))
499 {
500- pipeline_init(client);
501- client->pipelined = true;
502+ client->tcpconn->pipelined = true;
503 }
504
505 client_read(client);
506@@ -3462,78 +3443,59 @@ client_accept(ns_client_t *client) {
507 CTRACE("accept");
508
509 /*
510- * The tcpquota object can only be simultaneously referenced a
511- * pre-defined number of times; this is configured by 'tcp-clients'
512- * in named.conf. If we can't attach to it here, that means the TCP
513- * client quota has been exceeded.
514+ * Set up a new TCP connection. This means try to attach to the
515+ * TCP client quota (tcp-clients), but fail if we're over quota.
516 */
517- result = isc_quota_attach(&ns_g_server->tcpquota,
518- &client->tcpquota);
519+ result = tcpconn_init(client, false);
520 if (result != ISC_R_SUCCESS) {
521- bool exit;
522+ bool exit;
523
524- ns_client_log(client, NS_LOGCATEGORY_CLIENT,
525- NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
526- "no more TCP clients: %s",
527- isc_result_totext(result));
528-
529- /*
530- * We have exceeded the system-wide TCP client
531- * quota. But, we can't just block this accept
532- * in all cases, because if we did, a heavy TCP
533- * load on other interfaces might cause this
534- * interface to be starved, with no clients able
535- * to accept new connections.
536- *
537- * So, we check here to see if any other clients
538- * are already servicing TCP queries on this
539- * interface (whether accepting, reading, or
540- * processing). If there are at least two
541- * (one reading and one processing a request)
542- * then it's okay *not* to call accept - we
543- * can let this client go inactive and another
544- * one will resume accepting when it's done.
545- *
546- * If there aren't enough active clients on the
547- * interface, then we can be a little bit
548- * flexible about the quota. We'll allow *one*
549- * extra client through to ensure we're listening
550- * on every interface.
551- *
552- * (Note: In practice this means that the real
553- * TCP client quota is tcp-clients plus the
554- * number of listening interfaces plus 2.)
555- */
556- LOCK(&client->interface->lock);
557- exit = (client->interface->ntcpactive > 1);
558- UNLOCK(&client->interface->lock);
559+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
560+ NS_LOGMODULE_CLIENT, ISC_LOG_WARNING,
561+ "TCP client quota reached: %s",
562+ isc_result_totext(result));
563
564- if (exit) {
565- client->newstate = NS_CLIENTSTATE_INACTIVE;
566- (void)exit_check(client);
567- return;
568- }
569+ /*
570+ * We have exceeded the system-wide TCP client quota. But,
571+ * we can't just block this accept in all cases, because if
572+ * we did, a heavy TCP load on other interfaces might cause
573+ * this interface to be starved, with no clients able to
574+ * accept new connections.
575+ *
576+ * So, we check here to see if any other clients are
577+ * already servicing TCP queries on this interface (whether
578+ * accepting, reading, or processing). If we find at least
579+ * one, then it's okay *not* to call accept - we can let this
580+ * client go inactive and another will take over when it's
581+ * done.
582+ *
583+ * If there aren't enough active clients on the interface,
584+ * then we can be a little bit flexible about the quota.
585+ * We'll allow *one* extra client through to ensure we're
586+ * listening on every interface; we do this by setting the
587+ * 'force' option to tcpconn_init().
588+ *
589+ * (Note: In practice this means that the real TCP client
590+ * quota is tcp-clients plus the number of listening
591+ * interfaces plus 1.)
592+ */
593+ exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > 0);
594+ if (exit) {
595+ client->newstate = NS_CLIENTSTATE_INACTIVE;
596+ (void)exit_check(client);
597+ return;
598+ }
599
600- } else {
601- client->tcpattached = true;
602+ result = tcpconn_init(client, true);
603+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
604 }
605
606 /*
607- * By incrementing the interface's ntcpactive counter we signal
608- * that there is at least one client servicing TCP queries for the
609- * interface.
610- *
611- * We also make note of the fact in the client itself with the
612- * tcpactive flag. This ensures proper accounting by preventing
613- * us from accidentally incrementing or decrementing ntcpactive
614- * more than once per client object.
615+ * If this client was set up using get_client() or get_worker(),
616+ * then TCP is already marked active. However, if it was restarted
617+ * from exit_check(), it might not be, so we take care of it now.
618 */
619- if (!client->tcpactive) {
620- LOCK(&client->interface->lock);
621- client->interface->ntcpactive++;
622- UNLOCK(&client->interface->lock);
623- client->tcpactive = true;
624- }
625+ mark_tcp_active(client, true);
626
627 result = isc_socket_accept(client->tcplistener, client->task,
628 client_newconn, client);
629@@ -3549,15 +3511,8 @@ client_accept(ns_client_t *client) {
630 "isc_socket_accept() failed: %s",
631 isc_result_totext(result));
632
633- tcpquota_disconnect(client);
634-
635- if (client->tcpactive) {
636- LOCK(&client->interface->lock);
637- client->interface->ntcpactive--;
638- UNLOCK(&client->interface->lock);
639- client->tcpactive = false;
640- }
641-
642+ tcpconn_detach(client);
643+ mark_tcp_active(client, false);
644 return;
645 }
646
647@@ -3582,9 +3537,7 @@ client_accept(ns_client_t *client) {
648 * listening for connections itself to prevent the interface
649 * going dead.
650 */
651- LOCK(&client->interface->lock);
652- client->interface->ntcpaccepting++;
653- UNLOCK(&client->interface->lock);
654+ isc_atomic_xadd(&client->interface->ntcpaccepting, 1);
655 }
656
657 static void
658@@ -3655,24 +3608,25 @@ ns_client_replace(ns_client_t *client) {
659 REQUIRE(client->manager != NULL);
660
661 tcp = TCP_CLIENT(client);
662- if (tcp && client->pipelined) {
663+ if (tcp && client->tcpconn != NULL && client->tcpconn->pipelined) {
664 result = get_worker(client->manager, client->interface,
665 client->tcpsocket, client);
666 } else {
667 result = get_client(client->manager, client->interface,
668- client->dispatch, client, tcp);
669+ client->dispatch, tcp);
670
671- /*
672- * The responsibility for listening for new requests is hereby
673- * transferred to the new client. Therefore, the old client
674- * should refrain from listening for any more requests.
675- */
676- client->mortal = true;
677 }
678 if (result != ISC_R_SUCCESS) {
679 return (result);
680 }
681
682+ /*
683+ * The responsibility for listening for new requests is hereby
684+ * transferred to the new client. Therefore, the old client
685+ * should refrain from listening for any more requests.
686+ */
687+ client->mortal = true;
688+
689 return (ISC_R_SUCCESS);
690 }
691
692@@ -3806,7 +3760,7 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
693
694 static isc_result_t
695 get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
696- dns_dispatch_t *disp, ns_client_t *oldclient, bool tcp)
697+ dns_dispatch_t *disp, bool tcp)
698 {
699 isc_result_t result = ISC_R_SUCCESS;
700 isc_event_t *ev;
701@@ -3850,15 +3804,7 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
702 client->dscp = ifp->dscp;
703
704 if (tcp) {
705- client->tcpattached = false;
706- if (oldclient != NULL) {
707- client->tcpattached = oldclient->tcpattached;
708- }
709-
710- LOCK(&client->interface->lock);
711- client->interface->ntcpactive++;
712- UNLOCK(&client->interface->lock);
713- client->tcpactive = true;
714+ mark_tcp_active(client, true);
715
716 client->attributes |= NS_CLIENTATTR_TCP;
717 isc_socket_attach(ifp->tcpsocket,
718@@ -3923,16 +3869,14 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
719 ns_interface_attach(ifp, &client->interface);
720 client->newstate = client->state = NS_CLIENTSTATE_WORKING;
721 INSIST(client->recursionquota == NULL);
722- client->tcpquota = &ns_g_server->tcpquota;
723- client->tcpattached = oldclient->tcpattached;
724
725 client->dscp = ifp->dscp;
726
727 client->attributes |= NS_CLIENTATTR_TCP;
728 client->mortal = true;
729
730- pipeline_attach(oldclient, client);
731- client->pipelined = true;
732+ tcpconn_attach(oldclient, client);
733+ mark_tcp_active(client, true);
734
735 isc_socket_attach(ifp->tcpsocket, &client->tcplistener);
736 isc_socket_attach(sock, &client->tcpsocket);
737@@ -3940,11 +3884,6 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
738 (void)isc_socket_getpeername(client->tcpsocket, &client->peeraddr);
739 client->peeraddr_valid = true;
740
741- LOCK(&client->interface->lock);
742- client->interface->ntcpactive++;
743- UNLOCK(&client->interface->lock);
744- client->tcpactive = true;
745-
746 INSIST(client->tcpmsg_valid == false);
747 dns_tcpmsg_init(client->mctx, client->tcpsocket, &client->tcpmsg);
748 client->tcpmsg_valid = true;
749@@ -3970,8 +3909,7 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
750 MTRACE("createclients");
751
752 for (disp = 0; disp < n; disp++) {
753- result = get_client(manager, ifp, ifp->udpdispatch[disp],
754- NULL, tcp);
755+ result = get_client(manager, ifp, ifp->udpdispatch[disp], tcp);
756 if (result != ISC_R_SUCCESS)
757 break;
758 }
759diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
760index e2c40acd28..969ee4c08f 100644
761--- a/bin/named/include/named/client.h
762+++ b/bin/named/include/named/client.h
763@@ -78,6 +78,13 @@
764 *** Types
765 ***/
766
767+/*% reference-counted TCP connection object */
768+typedef struct ns_tcpconn {
769+ isc_refcount_t refs;
770+ isc_quota_t *tcpquota;
771+ bool pipelined;
772+} ns_tcpconn_t;
773+
774 /*% nameserver client structure */
775 struct ns_client {
776 unsigned int magic;
777@@ -131,10 +138,7 @@ struct ns_client {
778 dns_name_t signername; /*%< [T]SIG key name */
779 dns_name_t *signer; /*%< NULL if not valid sig */
780 bool mortal; /*%< Die after handling request */
781- bool pipelined; /*%< TCP queries not in sequence */
782- isc_refcount_t *pipeline_refs;
783- isc_quota_t *tcpquota;
784- bool tcpattached;
785+ ns_tcpconn_t *tcpconn;
786 isc_quota_t *recursionquota;
787 ns_interface_t *interface;
788
789diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
790index 61b08826a6..3535ef22a8 100644
791--- a/bin/named/include/named/interfacemgr.h
792+++ b/bin/named/include/named/interfacemgr.h
793@@ -9,8 +9,6 @@
794 * information regarding copyright ownership.
795 */
796
797-/* $Id: interfacemgr.h,v 1.35 2011/07/28 23:47:58 tbox Exp $ */
798-
799 #ifndef NAMED_INTERFACEMGR_H
800 #define NAMED_INTERFACEMGR_H 1
801
802@@ -77,11 +75,11 @@ struct ns_interface {
803 /*%< UDP dispatchers. */
804 isc_socket_t * tcpsocket; /*%< TCP socket. */
805 isc_dscp_t dscp; /*%< "listen-on" DSCP value */
806- int ntcpaccepting; /*%< Number of clients
807+ int32_t ntcpaccepting; /*%< Number of clients
808 ready to accept new
809 TCP connections on this
810 interface */
811- int ntcpactive; /*%< Number of clients
812+ int32_t ntcpactive; /*%< Number of clients
813 servicing TCP queries
814 (whether accepting or
815 connected) */
816diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
817index 955096ef47..d9f6df5802 100644
818--- a/bin/named/interfacemgr.c
819+++ b/bin/named/interfacemgr.c
820@@ -388,6 +388,7 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
821 */
822 ifp->ntcpaccepting = 0;
823 ifp->ntcpactive = 0;
824+
825 ifp->nudpdispatch = 0;
826
827 ifp->dscp = -1;
828diff --git a/lib/isc/include/isc/quota.h b/lib/isc/include/isc/quota.h
829index b9bf59877a..36c5830242 100644
830--- a/lib/isc/include/isc/quota.h
831+++ b/lib/isc/include/isc/quota.h
832@@ -100,6 +100,13 @@ isc_quota_attach(isc_quota_t *quota, isc_quota_t **p);
833 * quota if successful (ISC_R_SUCCESS or ISC_R_SOFTQUOTA).
834 */
835
836+isc_result_t
837+isc_quota_force(isc_quota_t *quota, isc_quota_t **p);
838+/*%<
839+ * Like isc_quota_attach, but will attach '*p' to the quota
840+ * even if the hard quota has been exceeded.
841+ */
842+
843 void
844 isc_quota_detach(isc_quota_t **p);
845 /*%<
846diff --git a/lib/isc/quota.c b/lib/isc/quota.c
847index 3ddff0d875..556a61f21d 100644
848--- a/lib/isc/quota.c
849+++ b/lib/isc/quota.c
850@@ -74,20 +74,39 @@ isc_quota_release(isc_quota_t *quota) {
851 UNLOCK(&quota->lock);
852 }
853
854-isc_result_t
855-isc_quota_attach(isc_quota_t *quota, isc_quota_t **p)
856-{
857+static isc_result_t
858+doattach(isc_quota_t *quota, isc_quota_t **p, bool force) {
859 isc_result_t result;
860- INSIST(p != NULL && *p == NULL);
861+ REQUIRE(p != NULL && *p == NULL);
862+
863 result = isc_quota_reserve(quota);
864- if (result == ISC_R_SUCCESS || result == ISC_R_SOFTQUOTA)
865+ if (result == ISC_R_SUCCESS || result == ISC_R_SOFTQUOTA) {
866+ *p = quota;
867+ } else if (result == ISC_R_QUOTA && force) {
868+ /* attach anyway */
869+ LOCK(&quota->lock);
870+ quota->used++;
871+ UNLOCK(&quota->lock);
872+
873 *p = quota;
874+ result = ISC_R_SUCCESS;
875+ }
876+
877 return (result);
878 }
879
880+isc_result_t
881+isc_quota_attach(isc_quota_t *quota, isc_quota_t **p) {
882+ return (doattach(quota, p, false));
883+}
884+
885+isc_result_t
886+isc_quota_force(isc_quota_t *quota, isc_quota_t **p) {
887+ return (doattach(quota, p, true));
888+}
889+
890 void
891-isc_quota_detach(isc_quota_t **p)
892-{
893+isc_quota_detach(isc_quota_t **p) {
894 INSIST(p != NULL && *p != NULL);
895 isc_quota_release(*p);
896 *p = NULL;
897diff --git a/lib/isc/win32/libisc.def.in b/lib/isc/win32/libisc.def.in
898index a82facec0f..7b9f23d776 100644
899--- a/lib/isc/win32/libisc.def.in
900+++ b/lib/isc/win32/libisc.def.in
901@@ -519,6 +519,7 @@ isc_portset_removerange
902 isc_quota_attach
903 isc_quota_destroy
904 isc_quota_detach
905+isc_quota_force
906 isc_quota_init
907 isc_quota_max
908 isc_quota_release
909--
9102.20.1
911
diff --git a/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch b/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch
deleted file mode 100644
index 3821d18501..0000000000
--- a/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch
+++ /dev/null
@@ -1,80 +0,0 @@
1Backport patch to fix CVE-2018-5743.
2
3Ref:
4https://security-tracker.debian.org/tracker/CVE-2018-5743
5
6CVE: CVE-2018-5743
7Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/59434b9]
8
9Signed-off-by: Kai Kang <kai.kang@windriver.com>
10
11From 59434b987e8eb436b08c24e559ee094c4e939daa Mon Sep 17 00:00:00 2001
12From: Evan Hunt <each@isc.org>
13Date: Fri, 5 Apr 2019 16:26:19 -0700
14Subject: [PATCH 6/6] restore allowance for tcp-clients < interfaces
15
16in the "refactor tcpquota and pipeline refs" commit, the counting
17of active interfaces was tightened in such a way that named could
18fail to listen on an interface if there were more interfaces than
19tcp-clients. when checking the quota to start accepting on an
20interface, if the number of active clients was above zero, then
21it was presumed that some other client was able to handle accepting
22new connections. this, however, ignored the fact that the current client
23could be included in that count, so if the quota was already exceeded
24before all the interfaces were listening, some interfaces would never
25listen.
26
27we now check whether the current client has been marked active; if so,
28then the number of active clients on the interface must be greater
29than 1, not 0.
30
31(cherry picked from commit 0b4e2cd4c3192ba88569dd344f542a8cc43742b5)
32(cherry picked from commit d01023aaac35543daffbdf48464e320150235d41)
33---
34 bin/named/client.c | 8 +++++---
35 doc/arm/Bv9ARM-book.xml | 3 ++-
36 2 files changed, 7 insertions(+), 4 deletions(-)
37
38diff --git a/bin/named/client.c b/bin/named/client.c
39index d826ab32bf..845326abc0 100644
40--- a/bin/named/client.c
41+++ b/bin/named/client.c
42@@ -3464,8 +3464,9 @@ client_accept(ns_client_t *client) {
43 *
44 * So, we check here to see if any other clients are
45 * already servicing TCP queries on this interface (whether
46- * accepting, reading, or processing). If we find at least
47- * one, then it's okay *not* to call accept - we can let this
48+ * accepting, reading, or processing). If we find that at
49+ * least one client other than this one is active, then
50+ * it's okay *not* to call accept - we can let this
51 * client go inactive and another will take over when it's
52 * done.
53 *
54@@ -3479,7 +3480,8 @@ client_accept(ns_client_t *client) {
55 * quota is tcp-clients plus the number of listening
56 * interfaces plus 1.)
57 */
58- exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > 0);
59+ exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) >
60+ (client->tcpactive ? 1 : 0));
61 if (exit) {
62 client->newstate = NS_CLIENTSTATE_INACTIVE;
63 (void)exit_check(client);
64diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
65index 381768d540..9c76d3cd6f 100644
66--- a/doc/arm/Bv9ARM-book.xml
67+++ b/doc/arm/Bv9ARM-book.xml
68@@ -8493,7 +8493,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
69 <para>
70 The number of file descriptors reserved for TCP, stdio,
71 etc. This needs to be big enough to cover the number of
72- interfaces <command>named</command> listens on, <command>tcp-clients</command> as well as
73+ interfaces <command>named</command> listens on plus
74+ <command>tcp-clients</command>, as well as
75 to provide room for outgoing TCP queries and incoming zone
76 transfers. The default is <literal>512</literal>.
77 The minimum value is <literal>128</literal> and the
78--
792.20.1
80
diff --git a/meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch b/meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch
deleted file mode 100644
index 1a84eca58a..0000000000
--- a/meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch
+++ /dev/null
@@ -1,140 +0,0 @@
1Backport commit to fix compile error on arm caused by commits which are
2to fix CVE-2018-5743.
3
4CVE: CVE-2018-5743
5Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/ef49780]
6
7Signed-off-by: Kai Kang <kai.kang@windriver.com>
8
9From ef49780d30d3ddc5735cfc32561b678a634fa72f Mon Sep 17 00:00:00 2001
10From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
11Date: Wed, 17 Apr 2019 15:22:27 +0200
12Subject: [PATCH] Replace atomic operations in bin/named/client.c with
13 isc_refcount reference counting
14
15---
16 bin/named/client.c | 18 +++++++-----------
17 bin/named/include/named/interfacemgr.h | 5 +++--
18 bin/named/interfacemgr.c | 7 +++++--
19 3 files changed, 15 insertions(+), 15 deletions(-)
20
21diff --git a/bin/named/client.c b/bin/named/client.c
22index 845326abc0..29fecadca8 100644
23--- a/bin/named/client.c
24+++ b/bin/named/client.c
25@@ -402,12 +402,10 @@ tcpconn_detach(ns_client_t *client) {
26 static void
27 mark_tcp_active(ns_client_t *client, bool active) {
28 if (active && !client->tcpactive) {
29- isc_atomic_xadd(&client->interface->ntcpactive, 1);
30+ isc_refcount_increment0(&client->interface->ntcpactive, NULL);
31 client->tcpactive = active;
32 } else if (!active && client->tcpactive) {
33- uint32_t old =
34- isc_atomic_xadd(&client->interface->ntcpactive, -1);
35- INSIST(old > 0);
36+ isc_refcount_decrement(&client->interface->ntcpactive, NULL);
37 client->tcpactive = active;
38 }
39 }
40@@ -554,7 +552,7 @@ exit_check(ns_client_t *client) {
41 if (client->mortal && TCP_CLIENT(client) &&
42 client->newstate != NS_CLIENTSTATE_FREED &&
43 !ns_g_clienttest &&
44- isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0)
45+ isc_refcount_current(&client->interface->ntcpaccepting) == 0)
46 {
47 /* Nobody else is accepting */
48 client->mortal = false;
49@@ -3328,7 +3326,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
50 isc_result_t result;
51 ns_client_t *client = event->ev_arg;
52 isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
53- uint32_t old;
54
55 REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN);
56 REQUIRE(NS_CLIENT_VALID(client));
57@@ -3348,8 +3345,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
58 INSIST(client->naccepts == 1);
59 client->naccepts--;
60
61- old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1);
62- INSIST(old > 0);
63+ isc_refcount_decrement(&client->interface->ntcpaccepting, NULL);
64
65 /*
66 * We must take ownership of the new socket before the exit
67@@ -3480,8 +3476,8 @@ client_accept(ns_client_t *client) {
68 * quota is tcp-clients plus the number of listening
69 * interfaces plus 1.)
70 */
71- exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) >
72- (client->tcpactive ? 1 : 0));
73+ exit = (isc_refcount_current(&client->interface->ntcpactive) >
74+ (client->tcpactive ? 1U : 0U));
75 if (exit) {
76 client->newstate = NS_CLIENTSTATE_INACTIVE;
77 (void)exit_check(client);
78@@ -3539,7 +3535,7 @@ client_accept(ns_client_t *client) {
79 * listening for connections itself to prevent the interface
80 * going dead.
81 */
82- isc_atomic_xadd(&client->interface->ntcpaccepting, 1);
83+ isc_refcount_increment0(&client->interface->ntcpaccepting, NULL);
84 }
85
86 static void
87diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
88index 3535ef22a8..6e10f210fd 100644
89--- a/bin/named/include/named/interfacemgr.h
90+++ b/bin/named/include/named/interfacemgr.h
91@@ -45,6 +45,7 @@
92 #include <isc/magic.h>
93 #include <isc/mem.h>
94 #include <isc/socket.h>
95+#include <isc/refcount.h>
96
97 #include <dns/result.h>
98
99@@ -75,11 +76,11 @@ struct ns_interface {
100 /*%< UDP dispatchers. */
101 isc_socket_t * tcpsocket; /*%< TCP socket. */
102 isc_dscp_t dscp; /*%< "listen-on" DSCP value */
103- int32_t ntcpaccepting; /*%< Number of clients
104+ isc_refcount_t ntcpaccepting; /*%< Number of clients
105 ready to accept new
106 TCP connections on this
107 interface */
108- int32_t ntcpactive; /*%< Number of clients
109+ isc_refcount_t ntcpactive; /*%< Number of clients
110 servicing TCP queries
111 (whether accepting or
112 connected) */
113diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
114index d9f6df5802..135533be6b 100644
115--- a/bin/named/interfacemgr.c
116+++ b/bin/named/interfacemgr.c
117@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
118 * connections will be handled in parallel even though there is
119 * only one client initially.
120 */
121- ifp->ntcpaccepting = 0;
122- ifp->ntcpactive = 0;
123+ isc_refcount_init(&ifp->ntcpaccepting, 0);
124+ isc_refcount_init(&ifp->ntcpactive, 0);
125
126 ifp->nudpdispatch = 0;
127
128@@ -618,6 +618,9 @@ ns_interface_destroy(ns_interface_t *ifp) {
129
130 ns_interfacemgr_detach(&ifp->mgr);
131
132+ isc_refcount_destroy(&ifp->ntcpactive);
133+ isc_refcount_destroy(&ifp->ntcpaccepting);
134+
135 ifp->magic = 0;
136 isc_mem_put(mctx, ifp, sizeof(*ifp));
137 }
138--
1392.20.1
140
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2020-8622.patch b/meta/recipes-connectivity/bind/bind/CVE-2020-8622.patch
new file mode 100644
index 0000000000..dec5672657
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2020-8622.patch
@@ -0,0 +1,60 @@
1From ca543240380475d888d660ea3296fc880ce52f35 Mon Sep 17 00:00:00 2001
2From: Mark Andrews <marka@isc.org>
3Date: Wed, 15 Jul 2020 16:07:51 +1000
4Subject: [PATCH] bind: Always keep a copy of the message
5
6this allows it to be available even when dns_message_parse()
7returns a error.
8
9Upstream-Status: Backport
10CVE: CVE-2020-8622
11Signed-off-by: Li Zhou <li.zhou@windriver.com>
12---
13 lib/dns/message.c | 24 +++++++++++++-----------
14 1 file changed, 13 insertions(+), 11 deletions(-)
15
16diff --git a/lib/dns/message.c b/lib/dns/message.c
17index ac637a2..39ed80f 100644
18--- a/lib/dns/message.c
19+++ b/lib/dns/message.c
20@@ -1679,6 +1679,19 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source,
21 msg->header_ok = 0;
22 msg->question_ok = 0;
23
24+ if ((options & DNS_MESSAGEPARSE_CLONEBUFFER) == 0) {
25+ isc_buffer_usedregion(&origsource, &msg->saved);
26+ } else {
27+ msg->saved.length = isc_buffer_usedlength(&origsource);
28+ msg->saved.base = isc_mem_get(msg->mctx, msg->saved.length);
29+ if (msg->saved.base == NULL) {
30+ return (ISC_R_NOMEMORY);
31+ }
32+ memmove(msg->saved.base, isc_buffer_base(&origsource),
33+ msg->saved.length);
34+ msg->free_saved = 1;
35+ }
36+
37 isc_buffer_remainingregion(source, &r);
38 if (r.length < DNS_MESSAGE_HEADERLEN)
39 return (ISC_R_UNEXPECTEDEND);
40@@ -1754,17 +1767,6 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source,
41 }
42
43 truncated:
44- if ((options & DNS_MESSAGEPARSE_CLONEBUFFER) == 0)
45- isc_buffer_usedregion(&origsource, &msg->saved);
46- else {
47- msg->saved.length = isc_buffer_usedlength(&origsource);
48- msg->saved.base = isc_mem_get(msg->mctx, msg->saved.length);
49- if (msg->saved.base == NULL)
50- return (ISC_R_NOMEMORY);
51- memmove(msg->saved.base, isc_buffer_base(&origsource),
52- msg->saved.length);
53- msg->free_saved = 1;
54- }
55
56 if (ret == ISC_R_UNEXPECTEDEND && ignore_tc)
57 return (DNS_R_RECOVERABLE);
58--
591.9.1
60
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2020-8623.patch b/meta/recipes-connectivity/bind/bind/CVE-2020-8623.patch
new file mode 100644
index 0000000000..8e5412a89e
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2020-8623.patch
@@ -0,0 +1,402 @@
1From 8d807cc21655eaa6e6a08afafeec3682c0f3f2ab Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
3Date: Tue, 21 Jul 2020 14:42:47 +0200
4Subject: [PATCH] Fix crash in pk11_numbits() when native-pkcs11 is used
5
6When pk11_numbits() is passed a user provided input that contains all
7zeroes (via crafted DNS message), it would crash with assertion
8failure. Fix that by properly handling such input.
9
10Upstream-Status: Backport
11CVE: CVE-2020-8623
12Signed-off-by: Li Zhou <li.zhou@windriver.com>
13---
14 lib/dns/pkcs11dh_link.c | 15 ++++++-
15 lib/dns/pkcs11dsa_link.c | 8 +++-
16 lib/dns/pkcs11rsa_link.c | 79 +++++++++++++++++++++++++--------
17 lib/isc/include/pk11/internal.h | 3 +-
18 lib/isc/pk11.c | 61 ++++++++++++++++---------
19 5 files changed, 121 insertions(+), 45 deletions(-)
20
21diff --git a/lib/dns/pkcs11dh_link.c b/lib/dns/pkcs11dh_link.c
22index e2b60ea7c5..4cd8e32d60 100644
23--- a/lib/dns/pkcs11dh_link.c
24+++ b/lib/dns/pkcs11dh_link.c
25@@ -748,6 +748,7 @@ pkcs11dh_fromdns(dst_key_t *key, isc_buffer_t *data) {
26 CK_BYTE *prime = NULL, *base = NULL, *pub = NULL;
27 CK_ATTRIBUTE *attr;
28 int special = 0;
29+ unsigned int bits;
30 isc_result_t result;
31
32 isc_buffer_remainingregion(data, &r);
33@@ -852,7 +853,11 @@ pkcs11dh_fromdns(dst_key_t *key, isc_buffer_t *data) {
34 pub = r.base;
35 isc_region_consume(&r, publen);
36
37- key->key_size = pk11_numbits(prime, plen_);
38+ result = pk11_numbits(prime, plen_, &bits);
39+ if (result != ISC_R_SUCCESS) {
40+ goto cleanup;
41+ }
42+ key->key_size = bits;
43
44 dh->repr = (CK_ATTRIBUTE *) isc_mem_get(key->mctx, sizeof(*attr) * 3);
45 if (dh->repr == NULL)
46@@ -1012,6 +1017,7 @@ pkcs11dh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
47 dst_private_t priv;
48 isc_result_t ret;
49 int i;
50+ unsigned int bits;
51 pk11_object_t *dh = NULL;
52 CK_ATTRIBUTE *attr;
53 isc_mem_t *mctx;
54@@ -1082,7 +1088,12 @@ pkcs11dh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
55
56 attr = pk11_attribute_bytype(dh, CKA_PRIME);
57 INSIST(attr != NULL);
58- key->key_size = pk11_numbits(attr->pValue, attr->ulValueLen);
59+
60+ ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits);
61+ if (ret != ISC_R_SUCCESS) {
62+ goto err;
63+ }
64+ key->key_size = bits;
65
66 return (ISC_R_SUCCESS);
67
68diff --git a/lib/dns/pkcs11dsa_link.c b/lib/dns/pkcs11dsa_link.c
69index 12d707a112..24d4c149ff 100644
70--- a/lib/dns/pkcs11dsa_link.c
71+++ b/lib/dns/pkcs11dsa_link.c
72@@ -983,6 +983,7 @@ pkcs11dsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
73 dst_private_t priv;
74 isc_result_t ret;
75 int i;
76+ unsigned int bits;
77 pk11_object_t *dsa = NULL;
78 CK_ATTRIBUTE *attr;
79 isc_mem_t *mctx = key->mctx;
80@@ -1072,7 +1073,12 @@ pkcs11dsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
81
82 attr = pk11_attribute_bytype(dsa, CKA_PRIME);
83 INSIST(attr != NULL);
84- key->key_size = pk11_numbits(attr->pValue, attr->ulValueLen);
85+
86+ ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits);
87+ if (ret != ISC_R_SUCCESS) {
88+ goto err;
89+ }
90+ key->key_size = bits;
91
92 return (ISC_R_SUCCESS);
93
94diff --git a/lib/dns/pkcs11rsa_link.c b/lib/dns/pkcs11rsa_link.c
95index 096c1a8e91..1d10d26564 100644
96--- a/lib/dns/pkcs11rsa_link.c
97+++ b/lib/dns/pkcs11rsa_link.c
98@@ -332,6 +332,7 @@ pkcs11rsa_createctx_verify(dst_key_t *key, unsigned int maxbits,
99 key->key_alg == DST_ALG_RSASHA256 ||
100 key->key_alg == DST_ALG_RSASHA512);
101 #endif
102+ REQUIRE(maxbits <= RSA_MAX_PUBEXP_BITS);
103
104 /*
105 * Reject incorrect RSA key lengths.
106@@ -376,6 +377,7 @@ pkcs11rsa_createctx_verify(dst_key_t *key, unsigned int maxbits,
107 for (attr = pk11_attribute_first(rsa);
108 attr != NULL;
109 attr = pk11_attribute_next(rsa, attr))
110+ {
111 switch (attr->type) {
112 case CKA_MODULUS:
113 INSIST(keyTemplate[5].type == attr->type);
114@@ -396,12 +398,16 @@ pkcs11rsa_createctx_verify(dst_key_t *key, unsigned int maxbits,
115 memmove(keyTemplate[6].pValue, attr->pValue,
116 attr->ulValueLen);
117 keyTemplate[6].ulValueLen = attr->ulValueLen;
118- if (pk11_numbits(attr->pValue,
119- attr->ulValueLen) > maxbits &&
120- maxbits != 0)
121+ unsigned int bits;
122+ ret = pk11_numbits(attr->pValue, attr->ulValueLen,
123+ &bits);
124+ if (ret != ISC_R_SUCCESS ||
125+ (bits > maxbits && maxbits != 0)) {
126 DST_RET(DST_R_VERIFYFAILURE);
127+ }
128 break;
129 }
130+ }
131 pk11_ctx->object = CK_INVALID_HANDLE;
132 pk11_ctx->ontoken = false;
133 PK11_RET(pkcs_C_CreateObject,
134@@ -1072,6 +1078,7 @@ pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
135 keyTemplate[5].ulValueLen = attr->ulValueLen;
136 break;
137 case CKA_PUBLIC_EXPONENT:
138+ unsigned int bits;
139 INSIST(keyTemplate[6].type == attr->type);
140 keyTemplate[6].pValue = isc_mem_get(dctx->mctx,
141 attr->ulValueLen);
142@@ -1080,10 +1087,12 @@ pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
143 memmove(keyTemplate[6].pValue, attr->pValue,
144 attr->ulValueLen);
145 keyTemplate[6].ulValueLen = attr->ulValueLen;
146- if (pk11_numbits(attr->pValue,
147- attr->ulValueLen)
148- > RSA_MAX_PUBEXP_BITS)
149+ ret = pk11_numbits(attr->pValue, attr->ulValueLen,
150+ &bits);
151+ if (ret != ISC_R_SUCCESS || bits > RSA_MAX_PUBEXP_BITS)
152+ {
153 DST_RET(DST_R_VERIFYFAILURE);
154+ }
155 break;
156 }
157 pk11_ctx->object = CK_INVALID_HANDLE;
158@@ -1461,6 +1470,8 @@ pkcs11rsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
159 CK_BYTE *exponent = NULL, *modulus = NULL;
160 CK_ATTRIBUTE *attr;
161 unsigned int length;
162+ unsigned int bits;
163+ isc_result_t ret = ISC_R_SUCCESS;
164
165 isc_buffer_remainingregion(data, &r);
166 if (r.length == 0)
167@@ -1478,9 +1489,7 @@ pkcs11rsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
168
169 if (e_bytes == 0) {
170 if (r.length < 2) {
171- isc_safe_memwipe(rsa, sizeof(*rsa));
172- isc_mem_put(key->mctx, rsa, sizeof(*rsa));
173- return (DST_R_INVALIDPUBLICKEY);
174+ DST_RET(DST_R_INVALIDPUBLICKEY);
175 }
176 e_bytes = (*r.base) << 8;
177 isc_region_consume(&r, 1);
178@@ -1489,16 +1498,18 @@ pkcs11rsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
179 }
180
181 if (r.length < e_bytes) {
182- isc_safe_memwipe(rsa, sizeof(*rsa));
183- isc_mem_put(key->mctx, rsa, sizeof(*rsa));
184- return (DST_R_INVALIDPUBLICKEY);
185+ DST_RET(DST_R_INVALIDPUBLICKEY);
186 }
187 exponent = r.base;
188 isc_region_consume(&r, e_bytes);
189 modulus = r.base;
190 mod_bytes = r.length;
191
192- key->key_size = pk11_numbits(modulus, mod_bytes);
193+ ret = pk11_numbits(modulus, mod_bytes, &bits);
194+ if (ret != ISC_R_SUCCESS) {
195+ goto err;
196+ }
197+ key->key_size = bits;
198
199 isc_buffer_forward(data, length);
200
201@@ -1548,9 +1559,12 @@ pkcs11rsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
202 rsa->repr,
203 rsa->attrcnt * sizeof(*attr));
204 }
205+ ret = ISC_R_NOMEMORY;
206+
207+ err:
208 isc_safe_memwipe(rsa, sizeof(*rsa));
209 isc_mem_put(key->mctx, rsa, sizeof(*rsa));
210- return (ISC_R_NOMEMORY);
211+ return (ret);
212 }
213
214 static isc_result_t
215@@ -1729,6 +1743,7 @@ pkcs11rsa_fetch(dst_key_t *key, const char *engine, const char *label,
216 pk11_object_t *pubrsa;
217 pk11_context_t *pk11_ctx = NULL;
218 isc_result_t ret;
219+ unsigned int bits;
220
221 if (label == NULL)
222 return (DST_R_NOENGINE);
223@@ -1815,7 +1830,11 @@ pkcs11rsa_fetch(dst_key_t *key, const char *engine, const char *label,
224
225 attr = pk11_attribute_bytype(rsa, CKA_MODULUS);
226 INSIST(attr != NULL);
227- key->key_size = pk11_numbits(attr->pValue, attr->ulValueLen);
228+ ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits);
229+ if (ret != ISC_R_SUCCESS) {
230+ goto err;
231+ }
232+ key->key_size = bits;
233
234 return (ISC_R_SUCCESS);
235
236@@ -1901,6 +1920,7 @@ pkcs11rsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
237 CK_ATTRIBUTE *attr;
238 isc_mem_t *mctx = key->mctx;
239 const char *engine = NULL, *label = NULL;
240+ unsigned int bits;
241
242 /* read private key file */
243 ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv);
244@@ -2044,12 +2064,22 @@ pkcs11rsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
245
246 attr = pk11_attribute_bytype(rsa, CKA_MODULUS);
247 INSIST(attr != NULL);
248- key->key_size = pk11_numbits(attr->pValue, attr->ulValueLen);
249+ ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits);
250+ if (ret != ISC_R_SUCCESS) {
251+ goto err;
252+ }
253+ key->key_size = bits;
254
255 attr = pk11_attribute_bytype(rsa, CKA_PUBLIC_EXPONENT);
256 INSIST(attr != NULL);
257- if (pk11_numbits(attr->pValue, attr->ulValueLen) > RSA_MAX_PUBEXP_BITS)
258+
259+ ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits);
260+ if (ret != ISC_R_SUCCESS) {
261+ goto err;
262+ }
263+ if (bits > RSA_MAX_PUBEXP_BITS) {
264 DST_RET(ISC_R_RANGE);
265+ }
266
267 dst__privstruct_free(&priv, mctx);
268 isc_safe_memwipe(&priv, sizeof(priv));
269@@ -2084,6 +2114,7 @@ pkcs11rsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
270 pk11_context_t *pk11_ctx = NULL;
271 isc_result_t ret;
272 unsigned int i;
273+ unsigned int bits;
274
275 UNUSED(pin);
276
277@@ -2178,12 +2209,22 @@ pkcs11rsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
278
279 attr = pk11_attribute_bytype(rsa, CKA_PUBLIC_EXPONENT);
280 INSIST(attr != NULL);
281- if (pk11_numbits(attr->pValue, attr->ulValueLen) > RSA_MAX_PUBEXP_BITS)
282+
283+ ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits);
284+ if (ret != ISC_R_SUCCESS) {
285+ goto err;
286+ }
287+ if (bits > RSA_MAX_PUBEXP_BITS) {
288 DST_RET(ISC_R_RANGE);
289+ }
290
291 attr = pk11_attribute_bytype(rsa, CKA_MODULUS);
292 INSIST(attr != NULL);
293- key->key_size = pk11_numbits(attr->pValue, attr->ulValueLen);
294+ ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits);
295+ if (ret != ISC_R_SUCCESS) {
296+ goto err;
297+ }
298+ key->key_size = bits;
299
300 pk11_return_session(pk11_ctx);
301 isc_safe_memwipe(pk11_ctx, sizeof(*pk11_ctx));
302diff --git a/lib/isc/include/pk11/internal.h b/lib/isc/include/pk11/internal.h
303index aa8907ab08..7cc8ec812b 100644
304--- a/lib/isc/include/pk11/internal.h
305+++ b/lib/isc/include/pk11/internal.h
306@@ -25,7 +25,8 @@ void pk11_mem_put(void *ptr, size_t size);
307
308 CK_SLOT_ID pk11_get_best_token(pk11_optype_t optype);
309
310-unsigned int pk11_numbits(CK_BYTE_PTR data, unsigned int bytecnt);
311+isc_result_t
312+pk11_numbits(CK_BYTE_PTR data, unsigned int bytecnt, unsigned int *bits);
313
314 CK_ATTRIBUTE *pk11_attribute_first(const pk11_object_t *obj);
315
316diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c
317index 012afd968a..4e4052044b 100644
318--- a/lib/isc/pk11.c
319+++ b/lib/isc/pk11.c
320@@ -962,13 +962,15 @@ pk11_get_best_token(pk11_optype_t optype) {
321 return (token->slotid);
322 }
323
324-unsigned int
325-pk11_numbits(CK_BYTE_PTR data, unsigned int bytecnt) {
326+isc_result_t
327+pk11_numbits(CK_BYTE_PTR data, unsigned int bytecnt, unsigned int *bits) {
328 unsigned int bitcnt, i;
329 CK_BYTE top;
330
331- if (bytecnt == 0)
332- return (0);
333+ if (bytecnt == 0) {
334+ *bits = 0;
335+ return (ISC_R_SUCCESS);
336+ }
337 bitcnt = bytecnt * 8;
338 for (i = 0; i < bytecnt; i++) {
339 top = data[i];
340@@ -976,26 +978,41 @@ pk11_numbits(CK_BYTE_PTR data, unsigned int bytecnt) {
341 bitcnt -= 8;
342 continue;
343 }
344- if (top & 0x80)
345- return (bitcnt);
346- if (top & 0x40)
347- return (bitcnt - 1);
348- if (top & 0x20)
349- return (bitcnt - 2);
350- if (top & 0x10)
351- return (bitcnt - 3);
352- if (top & 0x08)
353- return (bitcnt - 4);
354- if (top & 0x04)
355- return (bitcnt - 5);
356- if (top & 0x02)
357- return (bitcnt - 6);
358- if (top & 0x01)
359- return (bitcnt - 7);
360+ if (top & 0x80) {
361+ *bits = bitcnt;
362+ return (ISC_R_SUCCESS);
363+ }
364+ if (top & 0x40) {
365+ *bits = bitcnt - 1;
366+ return (ISC_R_SUCCESS);
367+ }
368+ if (top & 0x20) {
369+ *bits = bitcnt - 2;
370+ return (ISC_R_SUCCESS);
371+ }
372+ if (top & 0x10) {
373+ *bits = bitcnt - 3;
374+ return (ISC_R_SUCCESS);
375+ }
376+ if (top & 0x08) {
377+ *bits = bitcnt - 4;
378+ return (ISC_R_SUCCESS);
379+ }
380+ if (top & 0x04) {
381+ *bits = bitcnt - 5;
382+ return (ISC_R_SUCCESS);
383+ }
384+ if (top & 0x02) {
385+ *bits = bitcnt - 6;
386+ return (ISC_R_SUCCESS);
387+ }
388+ if (top & 0x01) {
389+ *bits = bitcnt - 7;
390+ return (ISC_R_SUCCESS);
391+ }
392 break;
393 }
394- INSIST(0);
395- ISC_UNREACHABLE();
396+ return (ISC_R_RANGE);
397 }
398
399 CK_ATTRIBUTE *
400--
4012.17.1
402
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2020-8624.patch b/meta/recipes-connectivity/bind/bind/CVE-2020-8624.patch
new file mode 100644
index 0000000000..9cffe358bf
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2020-8624.patch
@@ -0,0 +1,33 @@
1From a73c3d30de7fe98af9e4dc0e490f732a48412380 Mon Sep 17 00:00:00 2001
2From: Mark Andrews <marka@isc.org>
3Date: Wed, 29 Jul 2020 23:36:03 +1000
4Subject: [PATCH] bind: Update-policy 'subdomain' was incorrectly treated as
5 'zonesub'
6
7resulting in names outside the specified subdomain having the wrong
8restrictions for the given key.
9
10Upstream-Status: Backport
11CVE: CVE-2020-8624
12Signed-off-by: Li Zhou <li.zhou@windriver.com>
13---
14 bin/named/zoneconf.c | 3 ++-
15 1 file changed, 2 insertions(+), 1 deletion(-)
16
17diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
18index e237bdb..4898447 100644
19--- a/bin/named/zoneconf.c
20+++ b/bin/named/zoneconf.c
21@@ -237,7 +237,8 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone,
22
23 str = cfg_obj_asstring(matchtype);
24 CHECK(dns_ssu_mtypefromstring(str, &mtype));
25- if (mtype == dns_ssumatchtype_subdomain) {
26+ if (mtype == dns_ssumatchtype_subdomain &&
27+ strcasecmp(str, "zonesub") == 0) {
28 usezone = true;
29 }
30
31--
321.9.1
33
diff --git a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
index 37e210e6da..84559e5f37 100644
--- a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
+++ b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
@@ -1,4 +1,4 @@
1From 9473d29843579802e96b0293a3e953fed93de82c Mon Sep 17 00:00:00 2001 1From edda20fb5a6e88548f85e39d34d6c074306e15bc Mon Sep 17 00:00:00 2001
2From: Paul Gortmaker <paul.gortmaker@windriver.com> 2From: Paul Gortmaker <paul.gortmaker@windriver.com>
3Date: Tue, 9 Jun 2015 11:22:00 -0400 3Date: Tue, 9 Jun 2015 11:22:00 -0400
4Subject: [PATCH] bind: ensure searching for json headers searches sysroot 4Subject: [PATCH] bind: ensure searching for json headers searches sysroot
@@ -27,15 +27,16 @@ to make use of the combination some day.
27 27
28Upstream-Status: Inappropriate [OE Specific] 28Upstream-Status: Inappropriate [OE Specific]
29Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> 29Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
30
30--- 31---
31 configure.in | 2 +- 32 configure.ac | 2 +-
32 1 file changed, 1 insertion(+), 1 deletion(-) 33 1 file changed, 1 insertion(+), 1 deletion(-)
33 34
34Index: bind-9.11.3/configure.in 35diff --git a/configure.ac b/configure.ac
35=================================================================== 36index 17392fd..e85a5c6 100644
36--- bind-9.11.3.orig/configure.in 37--- a/configure.ac
37+++ bind-9.11.3/configure.in 38+++ b/configure.ac
38@@ -2574,7 +2574,7 @@ case "$use_libjson" in 39@@ -2449,7 +2449,7 @@ case "$use_libjson" in
39 libjson_libs="" 40 libjson_libs=""
40 ;; 41 ;;
41 auto|yes) 42 auto|yes)
diff --git a/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb b/meta/recipes-connectivity/bind/bind_9.11.19.bb
index b0bb64b7c7..d4467b0b48 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.19.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "http://www.isc.org/sw/bind/"
3SECTION = "console/network" 3SECTION = "console/network"
4 4
5LICENSE = "ISC & BSD" 5LICENSE = "ISC & BSD"
6LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=8f17f64e47e83b60cd920a1e4b54419e" 6LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bf39058a7f64b2a934ce14dc9ec1dd45"
7 7
8DEPENDS = "openssl libcap zlib" 8DEPENDS = "openssl libcap zlib"
9 9
@@ -15,23 +15,15 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
15 file://make-etc-initd-bind-stop-work.patch \ 15 file://make-etc-initd-bind-stop-work.patch \
16 file://init.d-add-support-for-read-only-rootfs.patch \ 16 file://init.d-add-support-for-read-only-rootfs.patch \
17 file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ 17 file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
18 file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \
19 file://0001-lib-dns-gen.c-fix-too-long-error.patch \
20 file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ 18 file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
21 file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ 19 file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
22 file://0001-avoid-start-failure-with-bind-user.patch \ 20 file://0001-avoid-start-failure-with-bind-user.patch \
23 file://0001-bind-fix-CVE-2019-6471.patch \ 21 file://CVE-2020-8622.patch \
24 file://0001-fix-enforcement-of-tcp-clients-v1.patch \ 22 file://CVE-2020-8623.patch \
25 file://0002-tcp-clients-could-still-be-exceeded-v2.patch \ 23 file://CVE-2020-8624.patch \
26 file://0003-use-reference-counter-for-pipeline-groups-v3.patch \ 24 "
27 file://0004-better-tcpquota-accounting-and-client-mortality-chec.patch \ 25
28 file://0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch \ 26SRC_URI[sha256sum] = "0dee554a4caa368948b32da9a0c97b516c19103bc13ff5b3762c5d8552f52329"
29 file://0006-restore-allowance-for-tcp-clients-interfaces.patch \
30 file://0007-Replace-atomic-operations-in-bin-named-client.c-with.patch \
31"
32
33SRC_URI[md5sum] = "8ddab4b61fa4516fe404679c74e37960"
34SRC_URI[sha256sum] = "7e8c08192bcbaeb6e9f2391a70e67583b027b90e8c4bc1605da6eb126edde434"
35 27
36UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" 28UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
37# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4 29# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index f582a07e22..75fc2dbf4c 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -58,6 +58,8 @@ SRC_URI = "\
58 file://CVE-2018-10910.patch \ 58 file://CVE-2018-10910.patch \
59 file://gcc9-fixes.patch \ 59 file://gcc9-fixes.patch \
60 file://0001-tools-Fix-build-after-y2038-changes-in-glibc.patch \ 60 file://0001-tools-Fix-build-after-y2038-changes-in-glibc.patch \
61 file://CVE-2020-0556-1.patch \
62 file://CVE-2020-0556-2.patch \
61" 63"
62S = "${WORKDIR}/bluez-${PV}" 64S = "${WORKDIR}/bluez-${PV}"
63 65
diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch
new file mode 100644
index 0000000000..a6bf31e14b
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch
@@ -0,0 +1,35 @@
1From 8cdbd3b09f29da29374e2f83369df24228da0ad1 Mon Sep 17 00:00:00 2001
2From: Alain Michaud <alainm@chromium.org>
3Date: Tue, 10 Mar 2020 02:35:16 +0000
4Subject: [PATCH 1/2] HOGP must only accept data from bonded devices.
5
6HOGP 1.0 Section 6.1 establishes that the HOGP must require bonding.
7
8Reference:
9https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.htm
10
11Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1]
12Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
13CVE: CVE-2020-0556
14---
15 profiles/input/hog.c | 4 ++++
16 1 file changed, 4 insertions(+)
17
18diff --git a/profiles/input/hog.c b/profiles/input/hog.c
19index 83c017dcb..dfac68921 100644
20--- a/profiles/input/hog.c
21+++ b/profiles/input/hog.c
22@@ -186,6 +186,10 @@ static int hog_accept(struct btd_service *service)
23 return -EINVAL;
24 }
25
26+ /* HOGP 1.0 Section 6.1 requires bonding */
27+ if (!device_is_bonded(device, btd_device_get_bdaddr_type(device)))
28+ return -ECONNREFUSED;
29+
30 /* TODO: Replace GAttrib with bt_gatt_client */
31 bt_hog_attach(dev->hog, attrib);
32
33--
342.24.1
35
diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch
new file mode 100644
index 0000000000..8acb2f15ec
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch
@@ -0,0 +1,143 @@
1From 3cccdbab2324086588df4ccf5f892fb3ce1f1787 Mon Sep 17 00:00:00 2001
2From: Alain Michaud <alainm@chromium.org>
3Date: Tue, 10 Mar 2020 02:35:18 +0000
4Subject: [PATCH 2/2] HID accepts bonded device connections only.
5
6This change adds a configuration for platforms to choose a more secure
7posture for the HID profile. While some older mice are known to not
8support pairing or encryption, some platform may choose a more secure
9posture by requiring the device to be bonded and require the
10connection to be encrypted when bonding is required.
11
12Reference:
13https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
14
15Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787]
16Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
17CVE: CVE-2020-0556
18
19---
20 profiles/input/device.c | 23 ++++++++++++++++++++++-
21 profiles/input/device.h | 1 +
22 profiles/input/input.conf | 8 ++++++++
23 profiles/input/manager.c | 13 ++++++++++++-
24 4 files changed, 43 insertions(+), 2 deletions(-)
25
26diff --git a/profiles/input/device.c b/profiles/input/device.c
27index 2cb3811c8..d89da2d7c 100644
28--- a/profiles/input/device.c
29+++ b/profiles/input/device.c
30@@ -92,6 +92,7 @@ struct input_device {
31
32 static int idle_timeout = 0;
33 static bool uhid_enabled = false;
34+static bool classic_bonded_only = false;
35
36 void input_set_idle_timeout(int timeout)
37 {
38@@ -103,6 +104,11 @@ void input_enable_userspace_hid(bool state)
39 uhid_enabled = state;
40 }
41
42+void input_set_classic_bonded_only(bool state)
43+{
44+ classic_bonded_only = state;
45+}
46+
47 static void input_device_enter_reconnect_mode(struct input_device *idev);
48 static int connection_disconnect(struct input_device *idev, uint32_t flags);
49
50@@ -970,8 +976,18 @@ static int hidp_add_connection(struct input_device *idev)
51 if (device_name_known(idev->device))
52 device_get_name(idev->device, req->name, sizeof(req->name));
53
54+ /* Make sure the device is bonded if required */
55+ if (classic_bonded_only && !device_is_bonded(idev->device,
56+ btd_device_get_bdaddr_type(idev->device))) {
57+ error("Rejected connection from !bonded device %s", dst_addr);
58+ goto cleanup;
59+ }
60+
61 /* Encryption is mandatory for keyboards */
62- if (req->subclass & 0x40) {
63+ /* Some platforms may choose to require encryption for all devices */
64+ /* Note that this only matters for pre 2.1 devices as otherwise the */
65+ /* device is encrypted by default by the lower layers */
66+ if (classic_bonded_only || req->subclass & 0x40) {
67 if (!bt_io_set(idev->intr_io, &gerr,
68 BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM,
69 BT_IO_OPT_INVALID)) {
70@@ -1203,6 +1219,11 @@ static void input_device_enter_reconnect_mode(struct input_device *idev)
71 DBG("path=%s reconnect_mode=%s", idev->path,
72 reconnect_mode_to_string(idev->reconnect_mode));
73
74+ /* Make sure the device is bonded if required */
75+ if (classic_bonded_only && !device_is_bonded(idev->device,
76+ btd_device_get_bdaddr_type(idev->device)))
77+ return;
78+
79 /* Only attempt an auto-reconnect when the device is required to
80 * accept reconnections from the host.
81 */
82diff --git a/profiles/input/device.h b/profiles/input/device.h
83index 51a9aee18..3044db673 100644
84--- a/profiles/input/device.h
85+++ b/profiles/input/device.h
86@@ -29,6 +29,7 @@ struct input_conn;
87
88 void input_set_idle_timeout(int timeout);
89 void input_enable_userspace_hid(bool state);
90+void input_set_classic_bonded_only(bool state);
91
92 int input_device_register(struct btd_service *service);
93 void input_device_unregister(struct btd_service *service);
94diff --git a/profiles/input/input.conf b/profiles/input/input.conf
95index 3e1d65aae..166aff4a4 100644
96--- a/profiles/input/input.conf
97+++ b/profiles/input/input.conf
98@@ -11,3 +11,11 @@
99 # Enable HID protocol handling in userspace input profile
100 # Defaults to false (HIDP handled in HIDP kernel module)
101 #UserspaceHID=true
102+
103+# Limit HID connections to bonded devices
104+# The HID Profile does not specify that devices must be bonded, however some
105+# platforms may want to make sure that input connections only come from bonded
106+# device connections. Several older mice have been known for not supporting
107+# pairing/encryption.
108+# Defaults to false to maximize device compatibility.
109+#ClassicBondedOnly=true
110diff --git a/profiles/input/manager.c b/profiles/input/manager.c
111index 1d31b0652..5cd27b839 100644
112--- a/profiles/input/manager.c
113+++ b/profiles/input/manager.c
114@@ -96,7 +96,7 @@ static int input_init(void)
115 config = load_config_file(CONFIGDIR "/input.conf");
116 if (config) {
117 int idle_timeout;
118- gboolean uhid_enabled;
119+ gboolean uhid_enabled, classic_bonded_only;
120
121 idle_timeout = g_key_file_get_integer(config, "General",
122 "IdleTimeout", &err);
123@@ -114,6 +114,17 @@ static int input_init(void)
124 input_enable_userspace_hid(uhid_enabled);
125 } else
126 g_clear_error(&err);
127+
128+ classic_bonded_only = g_key_file_get_boolean(config, "General",
129+ "ClassicBondedOnly", &err);
130+
131+ if (!err) {
132+ DBG("input.conf: ClassicBondedOnly=%s",
133+ classic_bonded_only ? "true" : "false");
134+ input_set_classic_bonded_only(classic_bonded_only);
135+ } else
136+ g_clear_error(&err);
137+
138 }
139
140 btd_profile_register(&input_profile);
141--
1422.24.1
143
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch b/meta/recipes-connectivity/dhcp/dhcp/0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch
new file mode 100644
index 0000000000..34b2ae1e5c
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch
@@ -0,0 +1,165 @@
1From f369dbb9e67eb5ef336944af63039b6d8f838384 Mon Sep 17 00:00:00 2001
2From: Thomas Markwalder <tmark@isc.org>
3Date: Thu, 12 Sep 2019 10:35:46 -0400
4Subject: [PATCH 1/3] Ensure context is running prior to calling
5 isc_app_ctxsuspend
6
7Add a release note.
8
9includes/omapip/isclib.h
10 Added actx_running flag to global context, dhcp_gbl_ctx
11
12omapip/isclib.c
13 set_ctx_running() - new function used as the ctxonrun callback
14
15 dhcp_context_create() - installs set_ctx_running callback
16
17 dhcp_signal_handler() - modified to use act_running flag to
18 determine is context is running and should be suspended
19
20Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/dhcp.git]
21
22Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
23---
24 RELNOTES | 7 +++++
25 includes/omapip/isclib.h | 3 ++-
26 omapip/isclib.c | 57 +++++++++++++++++++++++++++++++++-------
27 3 files changed, 57 insertions(+), 10 deletions(-)
28
29diff --git a/RELNOTES b/RELNOTES
30index f10305d..1730473 100644
31--- a/RELNOTES
32+++ b/RELNOTES
33@@ -6,6 +6,13 @@
34
35 NEW FEATURES
36
37+- Closed a small window of time between the installation of graceful
38+ shutdown signal handlers and application context startup, during which
39+ the receipt of shutdown signal would cause a REQUIRE() assertion to
40+ occur. Note this issue is only visible when compiling with
41+ ENABLE_GENTLE_SHUTDOWN defined.
42+ [Gitlab #53,!18 git TBD]
43+
44 Please note that that ISC DHCP is now licensed under the Mozilla Public License,
45 MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0
46 license terms.
47diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h
48index 6c20584..af6a6fc 100644
49--- a/includes/omapip/isclib.h
50+++ b/includes/omapip/isclib.h
51@@ -94,7 +94,8 @@
52 typedef struct dhcp_context {
53 isc_mem_t *mctx;
54 isc_appctx_t *actx;
55- int actx_started;
56+ int actx_started; // ISC_TRUE if ctxstart has been called
57+ int actx_running; // ISC_TRUE if ctxrun has been called
58 isc_taskmgr_t *taskmgr;
59 isc_task_t *task;
60 isc_socketmgr_t *socketmgr;
61diff --git a/omapip/isclib.c b/omapip/isclib.c
62index ce4b4a1..73e017c 100644
63--- a/omapip/isclib.c
64+++ b/omapip/isclib.c
65@@ -134,6 +134,35 @@ handle_signal(int sig, void (*handler)(int)) {
66 }
67 }
68
69+/* Callback passed to isc_app_ctxonrun
70+ *
71+ * BIND9 context code will invoke this handler once the context has
72+ * entered the running state. We use it to set a global marker so that
73+ * we can tell if the context is running. Several of the isc_app_
74+ * calls REQUIRE that the context is running and we need a way to
75+ * know that.
76+ *
77+ * We also check to see if we received a shutdown signal prior to
78+ * the context entering the run state. If we did, then we can just
79+ * simply shut the context down now. This closes the relatively
80+ * small window between start up and entering run via the call
81+ * to dispatch().
82+ *
83+ */
84+static void
85+set_ctx_running(isc_task_t *task, isc_event_t *event) {
86+ task = task; // unused;
87+ dhcp_gbl_ctx.actx_running = ISC_TRUE;
88+
89+ if (shutdown_signal) {
90+ // We got signaled shutdown before we entered running state.
91+ // Now that we've reached running state, shut'er down.
92+ isc_app_ctxsuspend(dhcp_gbl_ctx.actx);
93+ }
94+
95+ isc_event_free(&event);
96+}
97+
98 isc_result_t
99 dhcp_context_create(int flags,
100 struct in_addr *local4,
101@@ -141,6 +170,9 @@ dhcp_context_create(int flags,
102 isc_result_t result;
103
104 if ((flags & DHCP_CONTEXT_PRE_DB) != 0) {
105+ dhcp_gbl_ctx.actx_started = ISC_FALSE;
106+ dhcp_gbl_ctx.actx_running = ISC_FALSE;
107+
108 /*
109 * Set up the error messages, this isn't the right place
110 * for this call but it is convienent for now.
111@@ -204,15 +236,24 @@ dhcp_context_create(int flags,
112 if (result != ISC_R_SUCCESS)
113 goto cleanup;
114
115- result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, &dhcp_gbl_ctx.task);
116+ result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0,
117+ &dhcp_gbl_ctx.task);
118 if (result != ISC_R_SUCCESS)
119 goto cleanup;
120
121 result = isc_app_ctxstart(dhcp_gbl_ctx.actx);
122 if (result != ISC_R_SUCCESS)
123- return (result);
124+ goto cleanup;
125+
126 dhcp_gbl_ctx.actx_started = ISC_TRUE;
127
128+ // Install the onrun callback.
129+ result = isc_app_ctxonrun(dhcp_gbl_ctx.actx, dhcp_gbl_ctx.mctx,
130+ dhcp_gbl_ctx.task, set_ctx_running,
131+ dhcp_gbl_ctx.actx);
132+ if (result != ISC_R_SUCCESS)
133+ goto cleanup;
134+
135 /* Not all OSs support suppressing SIGPIPE through socket
136 * options, so set the sigal action to be ignore. This allows
137 * broken connections to fail gracefully with EPIPE on writes */
138@@ -335,19 +376,17 @@ isclib_make_dst_key(char *inname,
139 * @param signal signal code that we received
140 */
141 void dhcp_signal_handler(int signal) {
142- isc_appctx_t *ctx = dhcp_gbl_ctx.actx;
143- int prev = shutdown_signal;
144-
145- if (prev != 0) {
146+ if (shutdown_signal != 0) {
147 /* Already in shutdown. */
148 return;
149 }
150+
151 /* Possible race but does it matter? */
152 shutdown_signal = signal;
153
154- /* Use reload (aka suspend) for easier dispatch() reenter. */
155- if (ctx && ctx->methods && ctx->methods->ctxsuspend) {
156- (void) isc_app_ctxsuspend(ctx);
157+ /* If the application context is running tell it to shut down */
158+ if (dhcp_gbl_ctx.actx_running == ISC_TRUE) {
159+ (void) isc_app_ctxsuspend(dhcp_gbl_ctx.actx);
160 }
161 }
162
163--
1642.23.0
165
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0002-Added-shutdown-log-statment-to-dhcrelay.patch b/meta/recipes-connectivity/dhcp/dhcp/0002-Added-shutdown-log-statment-to-dhcrelay.patch
new file mode 100644
index 0000000000..78b2b74f45
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/0002-Added-shutdown-log-statment-to-dhcrelay.patch
@@ -0,0 +1,29 @@
1From adcd34ae1f56b16d7e9696d980332b4cf6c7ce91 Mon Sep 17 00:00:00 2001
2From: Thomas Markwalder <tmark@isc.org>
3Date: Fri, 13 Sep 2019 15:03:31 -0400
4Subject: [PATCH 2/3] Added shutdown log statment to dhcrelay
5
6Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/dhcp.git]
7
8Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
9---
10 relay/dhcrelay.c | 3 +++
11 1 file changed, 3 insertions(+)
12
13diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
14index d8caaaf..4bd1d47 100644
15--- a/relay/dhcrelay.c
16+++ b/relay/dhcrelay.c
17@@ -2076,6 +2076,9 @@ dhcp_set_control_state(control_object_state_t oldstate,
18 if (newstate != server_shutdown)
19 return ISC_R_SUCCESS;
20
21+ /* Log shutdown on signal. */
22+ log_info("Received signal %d, initiating shutdown.", shutdown_signal);
23+
24 if (no_pid_file == ISC_FALSE)
25 (void) unlink(path_dhcrelay_pid);
26
27--
282.23.0
29
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0003-Addressed-review-comment.patch b/meta/recipes-connectivity/dhcp/dhcp/0003-Addressed-review-comment.patch
new file mode 100644
index 0000000000..a51b6cf526
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/0003-Addressed-review-comment.patch
@@ -0,0 +1,31 @@
1From e4b54b4d676783152d487103714cba2913661ef8 Mon Sep 17 00:00:00 2001
2From: Thomas Markwalder <tmark@isc.org>
3Date: Wed, 6 Nov 2019 15:53:50 -0500
4Subject: [PATCH 3/3] Addressed review comment.
5
6omapip/isclib.c
7 Added use of IGNORE_UNUSED()
8
9Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/dhcp.git]
10
11Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
12---
13 omapip/isclib.c | 2 +-
14 1 file changed, 1 insertion(+), 1 deletion(-)
15
16diff --git a/omapip/isclib.c b/omapip/isclib.c
17index 73e017c..1d52463 100644
18--- a/omapip/isclib.c
19+++ b/omapip/isclib.c
20@@ -151,7 +151,7 @@ handle_signal(int sig, void (*handler)(int)) {
21 */
22 static void
23 set_ctx_running(isc_task_t *task, isc_event_t *event) {
24- task = task; // unused;
25+ IGNORE_UNUSED(task);
26 dhcp_gbl_ctx.actx_running = ISC_TRUE;
27
28 if (shutdown_signal) {
29--
302.23.0
31
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb b/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
index 275961a603..ddc8b60254 100644
--- a/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
+++ b/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
@@ -11,6 +11,9 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat
11 file://0013-fixup_use_libbind.patch \ 11 file://0013-fixup_use_libbind.patch \
12 file://0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch \ 12 file://0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch \
13 file://0001-Fix-a-NSUPDATE-compiling-issue.patch \ 13 file://0001-Fix-a-NSUPDATE-compiling-issue.patch \
14 file://0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch \
15 file://0002-Added-shutdown-log-statment-to-dhcrelay.patch \
16 file://0003-Addressed-review-comment.patch \
14" 17"
15 18
16SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede" 19SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede"
diff --git a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
index 684fbe09e1..cc9410b94e 100644
--- a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
+++ b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
@@ -143,11 +143,15 @@ ALTERNATIVE_${PN}-traceroute = "traceroute"
143ALTERNATIVE_${PN}-hostname = "hostname" 143ALTERNATIVE_${PN}-hostname = "hostname"
144ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname" 144ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname"
145 145
146ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8" 146ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \
147 tftpd.8 tftp.1 telnetd.8"
147ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1" 148ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1"
148ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1" 149ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1"
149ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1" 150ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1"
150ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8" 151ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8"
152ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8"
153ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8"
154ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1"
151 155
152ALTERNATIVE_${PN}-ifconfig = "ifconfig" 156ALTERNATIVE_${PN}-ifconfig = "ifconfig"
153ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig" 157ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig"
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch
new file mode 100644
index 0000000000..98b1391923
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch
@@ -0,0 +1,34 @@
1From ff3ad88c233ecd87f7983ad13836323f944540ec Mon Sep 17 00:00:00 2001
2From: Doug Nazar <nazard@nazar.ca>
3Date: Mon, 9 Dec 2019 10:53:37 -0500
4Subject: [PATCH] Disable statx if using glibc emulation
5
6On older kernels without statx, glibc with statx support will attempt
7to emulate the call. However it doesn't support AT_STATX_DONT_SYNC and
8will return EINVAL. This causes all xstat/xlstat calls to fail.
9
10Upstream-Status: Backport
11
12Signed-off-by: Doug Nazar <nazard@nazar.ca>
13Signed-off-by: Steve Dickson <steved@redhat.com>
14---
15 support/misc/xstat.c | 3 +++
16 1 file changed, 3 insertions(+)
17
18diff --git a/support/misc/xstat.c b/support/misc/xstat.c
19index 661e29e4..a438fbcc 100644
20--- a/support/misc/xstat.c
21+++ b/support/misc/xstat.c
22@@ -51,6 +51,9 @@ statx_do_stat(int fd, const char *pathname, struct stat *statbuf, int flags)
23 statx_copy(statbuf, &stxbuf);
24 return 0;
25 }
26+ /* glibc emulation doesn't support AT_STATX_DONT_SYNC */
27+ if (errno == EINVAL)
28+ errno = ENOSYS;
29 if (errno == ENOSYS)
30 statx_supported = 0;
31 } else
32--
332.19.1
34
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-take-user-id-from-var-lib-nfs-sm.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-take-user-id-from-var-lib-nfs-sm.patch
new file mode 100644
index 0000000000..87f4f098e0
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-take-user-id-from-var-lib-nfs-sm.patch
@@ -0,0 +1,102 @@
1From 12ee0ff1120a6e42b67cc90ad7d5006555e866c3 Mon Sep 17 00:00:00 2001
2From: NeilBrown <neilb@suse.de>
3Date: Tue, 23 Jun 2020 09:22:22 +0000
4Subject: [PATCH] statd: take user-id from /var/lib/nfs/sm
5
6Having /var/lib/nfs writeable by statd is not ideal
7as there are files in there that statd doesn't need
8to access.
9After dropping privs, statd and sm-notify only need to
10access files in the directories sm and sm.bak.
11So take the uid for these deamons from 'sm'.
12
13Upstream-Status: Backport [https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=fee2cc29e888f2ced6a76990923aef19d326dc0e]
14CVE: CVE-2019-3689
15
16Signed-off-by: NeilBrown <neilb@suse.de>
17Signed-off-by: Steve Dickson <steved@redhat.com>
18Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
19---
20 support/nsm/file.c | 16 +++++-----------
21 utils/statd/sm-notify.man | 10 +++++++++-
22 utils/statd/statd.man | 10 +++++++++-
23 3 files changed, 23 insertions(+), 13 deletions(-)
24
25diff --git a/support/nsm/file.c b/support/nsm/file.c
26index 0b66f12..f5b4480 100644
27--- a/support/nsm/file.c
28+++ b/support/nsm/file.c
29@@ -388,23 +388,17 @@ nsm_drop_privileges(const int pidfd)
30
31 (void)umask(S_IRWXO);
32
33- /*
34- * XXX: If we can't stat dirname, or if dirname is owned by
35- * root, we should use "statduser" instead, which is set up
36- * by configure.ac. Nothing in nfs-utils seems to use
37- * "statduser," though.
38- */
39- if (lstat(nsm_base_dirname, &st) == -1) {
40- xlog(L_ERROR, "Failed to stat %s: %m", nsm_base_dirname);
41- return false;
42- }
43-
44 if (chdir(nsm_base_dirname) == -1) {
45 xlog(L_ERROR, "Failed to change working directory to %s: %m",
46 nsm_base_dirname);
47 return false;
48 }
49
50+ if (lstat(NSM_MONITOR_DIR, &st) == -1) {
51+ xlog(L_ERROR, "Failed to stat %s/%s: %m", nsm_base_dirname, NSM_MONITOR_DIR);
52+ return false;
53+ }
54+
55 if (!prune_bounding_set())
56 return false;
57
58diff --git a/utils/statd/sm-notify.man b/utils/statd/sm-notify.man
59index cfe1e4b..addf5d3 100644
60--- a/utils/statd/sm-notify.man
61+++ b/utils/statd/sm-notify.man
62@@ -190,7 +190,15 @@ by default.
63 After starting,
64 .B sm-notify
65 attempts to set its effective UID and GID to the owner
66-and group of this directory.
67+and group of the subdirectory
68+.B sm
69+of this directory. After changing the effective ids,
70+.B sm-notify
71+only needs to access files in
72+.B sm
73+and
74+.B sm.bak
75+within the state-directory-path.
76 .TP
77 .BI -v " ipaddr " | " hostname
78 Specifies the network address from which to send reboot notifications,
79diff --git a/utils/statd/statd.man b/utils/statd/statd.man
80index 71d5846..6222701 100644
81--- a/utils/statd/statd.man
82+++ b/utils/statd/statd.man
83@@ -259,7 +259,15 @@ by default.
84 After starting,
85 .B rpc.statd
86 attempts to set its effective UID and GID to the owner
87-and group of this directory.
88+and group of the subdirectory
89+.B sm
90+of this directory. After changing the effective ids,
91+.B rpc.statd
92+only needs to access files in
93+.B sm
94+and
95+.B sm.bak
96+within the state-directory-path.
97 .TP
98 .BR -v ", " -V ", " --version
99 Causes
100--
1012.23.0
102
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb
index 7e80354e4e..458e534864 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb
@@ -33,6 +33,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x
33 file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \ 33 file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \
34 file://0001-Don-t-build-tools-with-CC_FOR_BUILD.patch \ 34 file://0001-Don-t-build-tools-with-CC_FOR_BUILD.patch \
35 file://0001-Fix-include-order-between-config.h-and-stat.h.patch \ 35 file://0001-Fix-include-order-between-config.h-and-stat.h.patch \
36 file://0001-Disable-statx-if-using-glibc-emulation.patch \
37 file://0001-statd-take-user-id-from-var-lib-nfs-sm.patch \
36" 38"
37SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch" 39SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch"
38SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch" 40SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch"
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
new file mode 100644
index 0000000000..e2930c3c7d
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
@@ -0,0 +1,46 @@
1From 3cccc0a2ab597b8273bddf08e9a3cc5551d7e530 Mon Sep 17 00:00:00 2001
2From: "djm@openbsd.org" <djm@openbsd.org>
3Date: Fri, 3 Jan 2020 03:02:26 +0000
4Subject: [PATCH] upstream: what bozo decided to use 2020 as a future date in a
5 regress
6
7test?
8
9OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a
10
11Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/ff31f15773ee173502eec4d7861ec56f26bba381]
12
13[Dropped the script version and copyright year change at the top]
14
15Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
16---
17 regress/cert-hostkey.sh | 2 +-
18 regress/cert-userkey.sh | 2 +-
19 2 files changed, 2 insertions(+), 2 deletions(-)
20
21diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
22index 3ce7779..74d5a53 100644
23--- a/regress/cert-hostkey.sh
24+++ b/regress/cert-hostkey.sh
25@@ -248,7 +248,7 @@ test_one() {
26 test_one "user-certificate" failure "-n $HOSTS"
27 test_one "empty principals" success "-h"
28 test_one "wrong principals" failure "-h -n foo"
29-test_one "cert not yet valid" failure "-h -V20200101:20300101"
30+test_one "cert not yet valid" failure "-h -V20300101:20320101"
31 test_one "cert expired" failure "-h -V19800101:19900101"
32 test_one "cert valid interval" success "-h -V-1w:+2w"
33 test_one "cert has constraints" failure "-h -Oforce-command=false"
34diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
35index 6849e99..de455b8 100644
36--- a/regress/cert-userkey.sh
37+++ b/regress/cert-userkey.sh
38@@ -327,7 +327,7 @@ test_one() {
39 test_one "correct principal" success "-n ${USER}"
40 test_one "host-certificate" failure "-n ${USER} -h"
41 test_one "wrong principals" failure "-n foo"
42-test_one "cert not yet valid" failure "-n ${USER} -V20200101:20300101"
43+test_one "cert not yet valid" failure "-n ${USER} -V20300101:20320101"
44 test_one "cert expired" failure "-n ${USER} -V19800101:19900101"
45 test_one "cert valid interval" success "-n ${USER} -V-1w:+2w"
46 test_one "wrong source-address" failure "-n ${USER} -Osource-address=10.0.0.0/8"
diff --git a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
index 2ffbc9a95f..3d16f9d347 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
@@ -25,6 +25,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
25 file://sshd_check_keys \ 25 file://sshd_check_keys \
26 file://add-test-support-for-busybox.patch \ 26 file://add-test-support-for-busybox.patch \
27 file://0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch \ 27 file://0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch \
28 file://0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch \
28 " 29 "
29SRC_URI[md5sum] = "bf050f002fe510e1daecd39044e1122d" 30SRC_URI[md5sum] = "bf050f002fe510e1daecd39044e1122d"
30SRC_URI[sha256sum] = "bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68" 31SRC_URI[sha256sum] = "bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68"
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch
deleted file mode 100644
index 0cc19cb5f4..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch
+++ /dev/null
@@ -1,758 +0,0 @@
1From 419102400a2811582a7a3d4a4e317d72e5ce0a8f Mon Sep 17 00:00:00 2001
2From: Andy Polyakov <appro@openssl.org>
3Date: Wed, 4 Dec 2019 12:48:21 +0100
4Subject: [PATCH] Fix an overflow bug in rsaz_512_sqr
5
6There is an overflow bug in the x64_64 Montgomery squaring procedure used in
7exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis
8suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a
9result of this defect would be very difficult to perform and are not believed
10likely. Attacks against DH512 are considered just feasible. However, for an
11attack the target would have to re-use the DH512 private key, which is not
12recommended anyway. Also applications directly using the low level API
13BN_mod_exp may be affected if they use BN_FLG_CONSTTIME.
14
15CVE-2019-1551
16
17Reviewed-by: Paul Dale <paul.dale@oracle.com>
18Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
19(Merged from https://github.com/openssl/openssl/pull/10575)
20
21CVE: CVE-2019-1551
22Upstream-Status: Backport
23Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
24---
25 crypto/bn/asm/rsaz-x86_64.pl | 381 ++++++++++++++++++-----------------
26 1 file changed, 197 insertions(+), 184 deletions(-)
27
28diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl
29index b1797b649f0..7534d5cd03e 100755
30--- a/crypto/bn/asm/rsaz-x86_64.pl
31+++ b/crypto/bn/asm/rsaz-x86_64.pl
32@@ -116,7 +116,7 @@
33 subq \$128+24, %rsp
34 .cfi_adjust_cfa_offset 128+24
35 .Lsqr_body:
36- movq $mod, %rbp # common argument
37+ movq $mod, %xmm1 # common off-load
38 movq ($inp), %rdx
39 movq 8($inp), %rax
40 movq $n0, 128(%rsp)
41@@ -134,7 +134,8 @@
42 .Loop_sqr:
43 movl $times,128+8(%rsp)
44 #first iteration
45- movq %rdx, %rbx
46+ movq %rdx, %rbx # 0($inp)
47+ mov %rax, %rbp # 8($inp)
48 mulq %rdx
49 movq %rax, %r8
50 movq 16($inp), %rax
51@@ -173,31 +174,29 @@
52 mulq %rbx
53 addq %rax, %r14
54 movq %rbx, %rax
55- movq %rdx, %r15
56- adcq \$0, %r15
57+ adcq \$0, %rdx
58
59- addq %r8, %r8 #shlq \$1, %r8
60- movq %r9, %rcx
61- adcq %r9, %r9 #shld \$1, %r8, %r9
62+ xorq %rcx,%rcx # rcx:r8 = r8 << 1
63+ addq %r8, %r8
64+ movq %rdx, %r15
65+ adcq \$0, %rcx
66
67 mulq %rax
68- movq %rax, (%rsp)
69- addq %rdx, %r8
70- adcq \$0, %r9
71+ addq %r8, %rdx
72+ adcq \$0, %rcx
73
74- movq %r8, 8(%rsp)
75- shrq \$63, %rcx
76+ movq %rax, (%rsp)
77+ movq %rdx, 8(%rsp)
78
79 #second iteration
80- movq 8($inp), %r8
81 movq 16($inp), %rax
82- mulq %r8
83+ mulq %rbp
84 addq %rax, %r10
85 movq 24($inp), %rax
86 movq %rdx, %rbx
87 adcq \$0, %rbx
88
89- mulq %r8
90+ mulq %rbp
91 addq %rax, %r11
92 movq 32($inp), %rax
93 adcq \$0, %rdx
94@@ -205,7 +204,7 @@
95 movq %rdx, %rbx
96 adcq \$0, %rbx
97
98- mulq %r8
99+ mulq %rbp
100 addq %rax, %r12
101 movq 40($inp), %rax
102 adcq \$0, %rdx
103@@ -213,7 +212,7 @@
104 movq %rdx, %rbx
105 adcq \$0, %rbx
106
107- mulq %r8
108+ mulq %rbp
109 addq %rax, %r13
110 movq 48($inp), %rax
111 adcq \$0, %rdx
112@@ -221,7 +220,7 @@
113 movq %rdx, %rbx
114 adcq \$0, %rbx
115
116- mulq %r8
117+ mulq %rbp
118 addq %rax, %r14
119 movq 56($inp), %rax
120 adcq \$0, %rdx
121@@ -229,39 +228,39 @@
122 movq %rdx, %rbx
123 adcq \$0, %rbx
124
125- mulq %r8
126+ mulq %rbp
127 addq %rax, %r15
128- movq %r8, %rax
129+ movq %rbp, %rax
130 adcq \$0, %rdx
131 addq %rbx, %r15
132- movq %rdx, %r8
133- movq %r10, %rdx
134- adcq \$0, %r8
135+ adcq \$0, %rdx
136
137- add %rdx, %rdx
138- lea (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10
139- movq %r11, %rbx
140- adcq %r11, %r11 #shld \$1, %r10, %r11
141+ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1
142+ addq %r9, %r9
143+ movq %rdx, %r8
144+ adcq %r10, %r10
145+ adcq \$0, %rbx
146
147 mulq %rax
148+ addq %rcx, %rax
149+ movq 16($inp), %rbp
150+ adcq \$0, %rdx
151 addq %rax, %r9
152+ movq 24($inp), %rax
153 adcq %rdx, %r10
154- adcq \$0, %r11
155+ adcq \$0, %rbx
156
157 movq %r9, 16(%rsp)
158 movq %r10, 24(%rsp)
159- shrq \$63, %rbx
160
161 #third iteration
162- movq 16($inp), %r9
163- movq 24($inp), %rax
164- mulq %r9
165+ mulq %rbp
166 addq %rax, %r12
167 movq 32($inp), %rax
168 movq %rdx, %rcx
169 adcq \$0, %rcx
170
171- mulq %r9
172+ mulq %rbp
173 addq %rax, %r13
174 movq 40($inp), %rax
175 adcq \$0, %rdx
176@@ -269,7 +268,7 @@
177 movq %rdx, %rcx
178 adcq \$0, %rcx
179
180- mulq %r9
181+ mulq %rbp
182 addq %rax, %r14
183 movq 48($inp), %rax
184 adcq \$0, %rdx
185@@ -277,9 +276,7 @@
186 movq %rdx, %rcx
187 adcq \$0, %rcx
188
189- mulq %r9
190- movq %r12, %r10
191- lea (%rbx,%r12,2), %r12 #shld \$1, %rbx, %r12
192+ mulq %rbp
193 addq %rax, %r15
194 movq 56($inp), %rax
195 adcq \$0, %rdx
196@@ -287,36 +284,40 @@
197 movq %rdx, %rcx
198 adcq \$0, %rcx
199
200- mulq %r9
201- shrq \$63, %r10
202+ mulq %rbp
203 addq %rax, %r8
204- movq %r9, %rax
205+ movq %rbp, %rax
206 adcq \$0, %rdx
207 addq %rcx, %r8
208- movq %rdx, %r9
209- adcq \$0, %r9
210+ adcq \$0, %rdx
211
212- movq %r13, %rcx
213- leaq (%r10,%r13,2), %r13 #shld \$1, %r12, %r13
214+ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1
215+ addq %r11, %r11
216+ movq %rdx, %r9
217+ adcq %r12, %r12
218+ adcq \$0, %rcx
219
220 mulq %rax
221+ addq %rbx, %rax
222+ movq 24($inp), %r10
223+ adcq \$0, %rdx
224 addq %rax, %r11
225+ movq 32($inp), %rax
226 adcq %rdx, %r12
227- adcq \$0, %r13
228+ adcq \$0, %rcx
229
230 movq %r11, 32(%rsp)
231 movq %r12, 40(%rsp)
232- shrq \$63, %rcx
233
234 #fourth iteration
235- movq 24($inp), %r10
236- movq 32($inp), %rax
237+ mov %rax, %r11 # 32($inp)
238 mulq %r10
239 addq %rax, %r14
240 movq 40($inp), %rax
241 movq %rdx, %rbx
242 adcq \$0, %rbx
243
244+ mov %rax, %r12 # 40($inp)
245 mulq %r10
246 addq %rax, %r15
247 movq 48($inp), %rax
248@@ -325,9 +326,8 @@
249 movq %rdx, %rbx
250 adcq \$0, %rbx
251
252+ mov %rax, %rbp # 48($inp)
253 mulq %r10
254- movq %r14, %r12
255- leaq (%rcx,%r14,2), %r14 #shld \$1, %rcx, %r14
256 addq %rax, %r8
257 movq 56($inp), %rax
258 adcq \$0, %rdx
259@@ -336,32 +336,33 @@
260 adcq \$0, %rbx
261
262 mulq %r10
263- shrq \$63, %r12
264 addq %rax, %r9
265 movq %r10, %rax
266 adcq \$0, %rdx
267 addq %rbx, %r9
268- movq %rdx, %r10
269- adcq \$0, %r10
270+ adcq \$0, %rdx
271
272- movq %r15, %rbx
273- leaq (%r12,%r15,2),%r15 #shld \$1, %r14, %r15
274+ xorq %rbx, %rbx # rbx:r13:r14 = r13:r14 << 1
275+ addq %r13, %r13
276+ movq %rdx, %r10
277+ adcq %r14, %r14
278+ adcq \$0, %rbx
279
280 mulq %rax
281+ addq %rcx, %rax
282+ adcq \$0, %rdx
283 addq %rax, %r13
284+ movq %r12, %rax # 40($inp)
285 adcq %rdx, %r14
286- adcq \$0, %r15
287+ adcq \$0, %rbx
288
289 movq %r13, 48(%rsp)
290 movq %r14, 56(%rsp)
291- shrq \$63, %rbx
292
293 #fifth iteration
294- movq 32($inp), %r11
295- movq 40($inp), %rax
296 mulq %r11
297 addq %rax, %r8
298- movq 48($inp), %rax
299+ movq %rbp, %rax # 48($inp)
300 movq %rdx, %rcx
301 adcq \$0, %rcx
302
303@@ -369,97 +370,99 @@
304 addq %rax, %r9
305 movq 56($inp), %rax
306 adcq \$0, %rdx
307- movq %r8, %r12
308- leaq (%rbx,%r8,2), %r8 #shld \$1, %rbx, %r8
309 addq %rcx, %r9
310 movq %rdx, %rcx
311 adcq \$0, %rcx
312
313+ mov %rax, %r14 # 56($inp)
314 mulq %r11
315- shrq \$63, %r12
316 addq %rax, %r10
317 movq %r11, %rax
318 adcq \$0, %rdx
319 addq %rcx, %r10
320- movq %rdx, %r11
321- adcq \$0, %r11
322+ adcq \$0, %rdx
323
324- movq %r9, %rcx
325- leaq (%r12,%r9,2), %r9 #shld \$1, %r8, %r9
326+ xorq %rcx, %rcx # rcx:r8:r15 = r8:r15 << 1
327+ addq %r15, %r15
328+ movq %rdx, %r11
329+ adcq %r8, %r8
330+ adcq \$0, %rcx
331
332 mulq %rax
333+ addq %rbx, %rax
334+ adcq \$0, %rdx
335 addq %rax, %r15
336+ movq %rbp, %rax # 48($inp)
337 adcq %rdx, %r8
338- adcq \$0, %r9
339+ adcq \$0, %rcx
340
341 movq %r15, 64(%rsp)
342 movq %r8, 72(%rsp)
343- shrq \$63, %rcx
344
345 #sixth iteration
346- movq 40($inp), %r12
347- movq 48($inp), %rax
348 mulq %r12
349 addq %rax, %r10
350- movq 56($inp), %rax
351+ movq %r14, %rax # 56($inp)
352 movq %rdx, %rbx
353 adcq \$0, %rbx
354
355 mulq %r12
356 addq %rax, %r11
357 movq %r12, %rax
358- movq %r10, %r15
359- leaq (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10
360 adcq \$0, %rdx
361- shrq \$63, %r15
362 addq %rbx, %r11
363- movq %rdx, %r12
364- adcq \$0, %r12
365+ adcq \$0, %rdx
366
367- movq %r11, %rbx
368- leaq (%r15,%r11,2), %r11 #shld \$1, %r10, %r11
369+ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1
370+ addq %r9, %r9
371+ movq %rdx, %r12
372+ adcq %r10, %r10
373+ adcq \$0, %rbx
374
375 mulq %rax
376+ addq %rcx, %rax
377+ adcq \$0, %rdx
378 addq %rax, %r9
379+ movq %r14, %rax # 56($inp)
380 adcq %rdx, %r10
381- adcq \$0, %r11
382+ adcq \$0, %rbx
383
384 movq %r9, 80(%rsp)
385 movq %r10, 88(%rsp)
386
387 #seventh iteration
388- movq 48($inp), %r13
389- movq 56($inp), %rax
390- mulq %r13
391+ mulq %rbp
392 addq %rax, %r12
393- movq %r13, %rax
394- movq %rdx, %r13
395- adcq \$0, %r13
396+ movq %rbp, %rax
397+ adcq \$0, %rdx
398
399- xorq %r14, %r14
400- shlq \$1, %rbx
401- adcq %r12, %r12 #shld \$1, %rbx, %r12
402- adcq %r13, %r13 #shld \$1, %r12, %r13
403- adcq %r14, %r14 #shld \$1, %r13, %r14
404+ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1
405+ addq %r11, %r11
406+ movq %rdx, %r13
407+ adcq %r12, %r12
408+ adcq \$0, %rcx
409
410 mulq %rax
411+ addq %rbx, %rax
412+ adcq \$0, %rdx
413 addq %rax, %r11
414+ movq %r14, %rax # 56($inp)
415 adcq %rdx, %r12
416- adcq \$0, %r13
417+ adcq \$0, %rcx
418
419 movq %r11, 96(%rsp)
420 movq %r12, 104(%rsp)
421
422 #eighth iteration
423- movq 56($inp), %rax
424+ xorq %rbx, %rbx # rbx:r13 = r13 << 1
425+ addq %r13, %r13
426+ adcq \$0, %rbx
427+
428 mulq %rax
429- addq %rax, %r13
430+ addq %rcx, %rax
431 adcq \$0, %rdx
432-
433- addq %rdx, %r14
434-
435- movq %r13, 112(%rsp)
436- movq %r14, 120(%rsp)
437+ addq %r13, %rax
438+ adcq %rbx, %rdx
439
440 movq (%rsp), %r8
441 movq 8(%rsp), %r9
442@@ -469,6 +472,10 @@
443 movq 40(%rsp), %r13
444 movq 48(%rsp), %r14
445 movq 56(%rsp), %r15
446+ movq %xmm1, %rbp
447+
448+ movq %rax, 112(%rsp)
449+ movq %rdx, 120(%rsp)
450
451 call __rsaz_512_reduce
452
453@@ -500,9 +507,9 @@
454 .Loop_sqrx:
455 movl $times,128+8(%rsp)
456 movq $out, %xmm0 # off-load
457- movq %rbp, %xmm1 # off-load
458 #first iteration
459 mulx %rax, %r8, %r9
460+ mov %rax, %rbx
461
462 mulx 16($inp), %rcx, %r10
463 xor %rbp, %rbp # cf=0, of=0
464@@ -510,40 +517,39 @@
465 mulx 24($inp), %rax, %r11
466 adcx %rcx, %r9
467
468- mulx 32($inp), %rcx, %r12
469+ .byte 0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($inp), %rcx, %r12
470 adcx %rax, %r10
471
472- mulx 40($inp), %rax, %r13
473+ .byte 0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00 # mulx 40($inp), %rax, %r13
474 adcx %rcx, %r11
475
476- .byte 0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($inp), %rcx, %r14
477+ mulx 48($inp), %rcx, %r14
478 adcx %rax, %r12
479 adcx %rcx, %r13
480
481- .byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r15
482+ mulx 56($inp), %rax, %r15
483 adcx %rax, %r14
484 adcx %rbp, %r15 # %rbp is 0
485
486- mov %r9, %rcx
487- shld \$1, %r8, %r9
488- shl \$1, %r8
489-
490- xor %ebp, %ebp
491- mulx %rdx, %rax, %rdx
492- adcx %rdx, %r8
493- mov 8($inp), %rdx
494- adcx %rbp, %r9
495+ mulx %rdx, %rax, $out
496+ mov %rbx, %rdx # 8($inp)
497+ xor %rcx, %rcx
498+ adox %r8, %r8
499+ adcx $out, %r8
500+ adox %rbp, %rcx
501+ adcx %rbp, %rcx
502
503 mov %rax, (%rsp)
504 mov %r8, 8(%rsp)
505
506 #second iteration
507- mulx 16($inp), %rax, %rbx
508+ .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00 # mulx 16($inp), %rax, %rbx
509 adox %rax, %r10
510 adcx %rbx, %r11
511
512- .byte 0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r8
513+ mulx 24($inp), $out, %r8
514 adox $out, %r11
515+ .byte 0x66
516 adcx %r8, %r12
517
518 mulx 32($inp), %rax, %rbx
519@@ -561,24 +567,25 @@
520 .byte 0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r8
521 adox $out, %r15
522 adcx %rbp, %r8
523+ mulx %rdx, %rax, $out
524 adox %rbp, %r8
525+ .byte 0x48,0x8b,0x96,0x10,0x00,0x00,0x00 # mov 16($inp), %rdx
526
527- mov %r11, %rbx
528- shld \$1, %r10, %r11
529- shld \$1, %rcx, %r10
530-
531- xor %ebp,%ebp
532- mulx %rdx, %rax, %rcx
533- mov 16($inp), %rdx
534+ xor %rbx, %rbx
535+ adcx %rcx, %rax
536+ adox %r9, %r9
537+ adcx %rbp, $out
538+ adox %r10, %r10
539 adcx %rax, %r9
540- adcx %rcx, %r10
541- adcx %rbp, %r11
542+ adox %rbp, %rbx
543+ adcx $out, %r10
544+ adcx %rbp, %rbx
545
546 mov %r9, 16(%rsp)
547 .byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp)
548
549 #third iteration
550- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r9
551+ mulx 24($inp), $out, %r9
552 adox $out, %r12
553 adcx %r9, %r13
554
555@@ -586,7 +593,7 @@
556 adox %rax, %r13
557 adcx %rcx, %r14
558
559- mulx 40($inp), $out, %r9
560+ .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r9
561 adox $out, %r14
562 adcx %r9, %r15
563
564@@ -594,27 +601,28 @@
565 adox %rax, %r15
566 adcx %rcx, %r8
567
568- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r9
569+ mulx 56($inp), $out, %r9
570 adox $out, %r8
571 adcx %rbp, %r9
572+ mulx %rdx, %rax, $out
573 adox %rbp, %r9
574+ mov 24($inp), %rdx
575
576- mov %r13, %rcx
577- shld \$1, %r12, %r13
578- shld \$1, %rbx, %r12
579-
580- xor %ebp, %ebp
581- mulx %rdx, %rax, %rdx
582+ xor %rcx, %rcx
583+ adcx %rbx, %rax
584+ adox %r11, %r11
585+ adcx %rbp, $out
586+ adox %r12, %r12
587 adcx %rax, %r11
588- adcx %rdx, %r12
589- mov 24($inp), %rdx
590- adcx %rbp, %r13
591+ adox %rbp, %rcx
592+ adcx $out, %r12
593+ adcx %rbp, %rcx
594
595 mov %r11, 32(%rsp)
596- .byte 0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00 # mov %r12, 40(%rsp)
597+ mov %r12, 40(%rsp)
598
599 #fourth iteration
600- .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00 # mulx 32($inp), %rax, %rbx
601+ mulx 32($inp), %rax, %rbx
602 adox %rax, %r14
603 adcx %rbx, %r15
604
605@@ -629,25 +637,25 @@
606 mulx 56($inp), $out, %r10
607 adox $out, %r9
608 adcx %rbp, %r10
609+ mulx %rdx, %rax, $out
610 adox %rbp, %r10
611+ mov 32($inp), %rdx
612
613- .byte 0x66
614- mov %r15, %rbx
615- shld \$1, %r14, %r15
616- shld \$1, %rcx, %r14
617-
618- xor %ebp, %ebp
619- mulx %rdx, %rax, %rdx
620+ xor %rbx, %rbx
621+ adcx %rcx, %rax
622+ adox %r13, %r13
623+ adcx %rbp, $out
624+ adox %r14, %r14
625 adcx %rax, %r13
626- adcx %rdx, %r14
627- mov 32($inp), %rdx
628- adcx %rbp, %r15
629+ adox %rbp, %rbx
630+ adcx $out, %r14
631+ adcx %rbp, %rbx
632
633 mov %r13, 48(%rsp)
634 mov %r14, 56(%rsp)
635
636 #fifth iteration
637- .byte 0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r11
638+ mulx 40($inp), $out, %r11
639 adox $out, %r8
640 adcx %r11, %r9
641
642@@ -658,18 +666,19 @@
643 mulx 56($inp), $out, %r11
644 adox $out, %r10
645 adcx %rbp, %r11
646+ mulx %rdx, %rax, $out
647+ mov 40($inp), %rdx
648 adox %rbp, %r11
649
650- mov %r9, %rcx
651- shld \$1, %r8, %r9
652- shld \$1, %rbx, %r8
653-
654- xor %ebp, %ebp
655- mulx %rdx, %rax, %rdx
656+ xor %rcx, %rcx
657+ adcx %rbx, %rax
658+ adox %r15, %r15
659+ adcx %rbp, $out
660+ adox %r8, %r8
661 adcx %rax, %r15
662- adcx %rdx, %r8
663- mov 40($inp), %rdx
664- adcx %rbp, %r9
665+ adox %rbp, %rcx
666+ adcx $out, %r8
667+ adcx %rbp, %rcx
668
669 mov %r15, 64(%rsp)
670 mov %r8, 72(%rsp)
671@@ -682,18 +691,19 @@
672 .byte 0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r12
673 adox $out, %r11
674 adcx %rbp, %r12
675+ mulx %rdx, %rax, $out
676 adox %rbp, %r12
677+ mov 48($inp), %rdx
678
679- mov %r11, %rbx
680- shld \$1, %r10, %r11
681- shld \$1, %rcx, %r10
682-
683- xor %ebp, %ebp
684- mulx %rdx, %rax, %rdx
685+ xor %rbx, %rbx
686+ adcx %rcx, %rax
687+ adox %r9, %r9
688+ adcx %rbp, $out
689+ adox %r10, %r10
690 adcx %rax, %r9
691- adcx %rdx, %r10
692- mov 48($inp), %rdx
693- adcx %rbp, %r11
694+ adcx $out, %r10
695+ adox %rbp, %rbx
696+ adcx %rbp, %rbx
697
698 mov %r9, 80(%rsp)
699 mov %r10, 88(%rsp)
700@@ -703,31 +713,31 @@
701 adox %rax, %r12
702 adox %rbp, %r13
703
704- xor %r14, %r14
705- shld \$1, %r13, %r14
706- shld \$1, %r12, %r13
707- shld \$1, %rbx, %r12
708-
709- xor %ebp, %ebp
710- mulx %rdx, %rax, %rdx
711- adcx %rax, %r11
712- adcx %rdx, %r12
713+ mulx %rdx, %rax, $out
714+ xor %rcx, %rcx
715 mov 56($inp), %rdx
716- adcx %rbp, %r13
717+ adcx %rbx, %rax
718+ adox %r11, %r11
719+ adcx %rbp, $out
720+ adox %r12, %r12
721+ adcx %rax, %r11
722+ adox %rbp, %rcx
723+ adcx $out, %r12
724+ adcx %rbp, %rcx
725
726 .byte 0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00 # mov %r11, 96(%rsp)
727 .byte 0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00 # mov %r12, 104(%rsp)
728
729 #eighth iteration
730 mulx %rdx, %rax, %rdx
731- adox %rax, %r13
732- adox %rbp, %rdx
733+ xor %rbx, %rbx
734+ adcx %rcx, %rax
735+ adox %r13, %r13
736+ adcx %rbp, %rdx
737+ adox %rbp, %rbx
738+ adcx %r13, %rax
739+ adcx %rdx, %rbx
740
741- .byte 0x66
742- add %rdx, %r14
743-
744- movq %r13, 112(%rsp)
745- movq %r14, 120(%rsp)
746 movq %xmm0, $out
747 movq %xmm1, %rbp
748
749@@ -741,6 +751,9 @@
750 movq 48(%rsp), %r14
751 movq 56(%rsp), %r15
752
753+ movq %rax, 112(%rsp)
754+ movq %rbx, 120(%rsp)
755+
756 call __rsaz_512_reducex
757
758 addq 64(%rsp), %r8
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
index 169824a8be..c514fcd82a 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
@@ -16,7 +16,6 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
16 file://0001-skip-test_symbol_presence.patch \ 16 file://0001-skip-test_symbol_presence.patch \
17 file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ 17 file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
18 file://afalg.patch \ 18 file://afalg.patch \
19 file://CVE-2019-1551.patch \
20 file://reproducible.patch \ 19 file://reproducible.patch \
21 " 20 "
22 21
@@ -24,8 +23,7 @@ SRC_URI_append_class-nativesdk = " \
24 file://environment.d-openssl.sh \ 23 file://environment.d-openssl.sh \
25 " 24 "
26 25
27SRC_URI[md5sum] = "3be209000dbc7e1b95bcdf47980a3baa" 26SRC_URI[sha256sum] = "ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46"
28SRC_URI[sha256sum] = "1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2"
29 27
30inherit lib_package multilib_header multilib_script ptest 28inherit lib_package multilib_header multilib_script ptest
31MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" 29MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -34,7 +32,7 @@ PACKAGECONFIG ?= ""
34PACKAGECONFIG_class-native = "" 32PACKAGECONFIG_class-native = ""
35PACKAGECONFIG_class-nativesdk = "" 33PACKAGECONFIG_class-nativesdk = ""
36 34
37PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux" 35PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
38 36
39B = "${WORKDIR}/build" 37B = "${WORKDIR}/build"
40do_configure[cleandirs] = "${B}" 38do_configure[cleandirs] = "${B}"
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch
new file mode 100644
index 0000000000..b7ba7ba643
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch
@@ -0,0 +1,47 @@
1From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
2From: Paul Mackerras <paulus@ozlabs.org>
3Date: Mon, 3 Feb 2020 15:53:28 +1100
4Subject: [PATCH] pppd: Fix bounds check in EAP code
5
6Given that we have just checked vallen < len, it can never be the case
7that vallen >= len + sizeof(rhostname). This fixes the check so we
8actually avoid overflowing the rhostname array.
9
10Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
11Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
12
13Upstream-Status: Backport
14[https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426]
15
16CVE: CVE-2020-8597
17
18Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
19---
20 pppd/eap.c | 4 ++--
21 1 file changed, 2 insertions(+), 2 deletions(-)
22
23diff --git a/pppd/eap.c b/pppd/eap.c
24index 94407f5..1b93db0 100644
25--- a/pppd/eap.c
26+++ b/pppd/eap.c
27@@ -1420,7 +1420,7 @@ int len;
28 }
29
30 /* Not so likely to happen. */
31- if (vallen >= len + sizeof (rhostname)) {
32+ if (len - vallen >= sizeof (rhostname)) {
33 dbglog("EAP: trimming really long peer name down");
34 BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
35 rhostname[sizeof (rhostname) - 1] = '\0';
36@@ -1846,7 +1846,7 @@ int len;
37 }
38
39 /* Not so likely to happen. */
40- if (vallen >= len + sizeof (rhostname)) {
41+ if (len - vallen >= sizeof (rhostname)) {
42 dbglog("EAP: trimming really long peer name down");
43 BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
44 rhostname[sizeof (rhostname) - 1] = '\0';
45--
462.17.1
47
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
index 644cde4562..60c56dd0bd 100644
--- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
+++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
@@ -33,6 +33,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
33 file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ 33 file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \
34 file://0001-ppp-Remove-unneeded-include.patch \ 34 file://0001-ppp-Remove-unneeded-include.patch \
35 file://ppp-2.4.7-DES-openssl.patch \ 35 file://ppp-2.4.7-DES-openssl.patch \
36 file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \
36" 37"
37 38
38SRC_URI_append_libc-musl = "\ 39SRC_URI_append_libc-musl = "\
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
new file mode 100644
index 0000000000..53ad5d028a
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
@@ -0,0 +1,151 @@
1From 5b78c8f961f25f4dc22d6f2b77ddd06d712cec63 Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <jouni@codeaurora.org>
3Date: Wed, 3 Jun 2020 23:17:35 +0300
4Subject: [PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
5 other networks
6
7The UPnP Device Architecture 2.0 specification errata ("UDA errata
816-04-2020.docx") addresses a problem with notifications being allowed
9to go out to other domains by disallowing such cases. Do such filtering
10for the notification callback URLs to avoid undesired connections to
11external networks based on subscriptions that any device in the local
12network could request when WPS support for external registrars is
13enabled (the upnp_iface parameter in hostapd configuration).
14
15Upstream-Status: Backport
16CVE: CVE-2020-12695 patch #1
17Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
18Signed-off-by: Armin Kuster <akuster@mvista.com>
19
20---
21 src/wps/wps_er.c | 2 +-
22 src/wps/wps_upnp.c | 38 ++++++++++++++++++++++++++++++++++++--
23 src/wps/wps_upnp_i.h | 3 ++-
24 3 files changed, 39 insertions(+), 4 deletions(-)
25
26Index: wpa_supplicant-2.9/src/wps/wps_er.c
27===================================================================
28--- wpa_supplicant-2.9.orig/src/wps/wps_er.c
29+++ wpa_supplicant-2.9/src/wps/wps_er.c
30@@ -1298,7 +1298,7 @@ wps_er_init(struct wps_context *wps, con
31 "with %s", filter);
32 }
33 if (get_netif_info(er->ifname, &er->ip_addr, &er->ip_addr_text,
34- er->mac_addr)) {
35+ NULL, er->mac_addr)) {
36 wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
37 "for %s. Does it have IP address?", er->ifname);
38 wps_er_deinit(er, NULL, NULL);
39Index: wpa_supplicant-2.9/src/wps/wps_upnp.c
40===================================================================
41--- wpa_supplicant-2.9.orig/src/wps/wps_upnp.c
42+++ wpa_supplicant-2.9/src/wps/wps_upnp.c
43@@ -303,6 +303,14 @@ static void subscr_addr_free_all(struct
44 }
45
46
47+static int local_network_addr(struct upnp_wps_device_sm *sm,
48+ struct sockaddr_in *addr)
49+{
50+ return (addr->sin_addr.s_addr & sm->netmask.s_addr) ==
51+ (sm->ip_addr & sm->netmask.s_addr);
52+}
53+
54+
55 /* subscr_addr_add_url -- add address(es) for one url to subscription */
56 static void subscr_addr_add_url(struct subscription *s, const char *url,
57 size_t url_len)
58@@ -381,6 +389,7 @@ static void subscr_addr_add_url(struct s
59
60 for (rp = result; rp; rp = rp->ai_next) {
61 struct subscr_addr *a;
62+ struct sockaddr_in *addr = (struct sockaddr_in *) rp->ai_addr;
63
64 /* Limit no. of address to avoid denial of service attack */
65 if (dl_list_len(&s->addr_list) >= MAX_ADDR_PER_SUBSCRIPTION) {
66@@ -389,6 +398,13 @@ static void subscr_addr_add_url(struct s
67 break;
68 }
69
70+ if (!local_network_addr(s->sm, addr)) {
71+ wpa_printf(MSG_INFO,
72+ "WPS UPnP: Ignore a delivery URL that points to another network %s",
73+ inet_ntoa(addr->sin_addr));
74+ continue;
75+ }
76+
77 a = os_zalloc(sizeof(*a) + alloc_len);
78 if (a == NULL)
79 break;
80@@ -889,11 +905,12 @@ static int eth_get(const char *device, u
81 * @net_if: Selected network interface name
82 * @ip_addr: Buffer for returning IP address in network byte order
83 * @ip_addr_text: Buffer for returning a pointer to allocated IP address text
84+ * @netmask: Buffer for returning netmask or %NULL if not needed
85 * @mac: Buffer for returning MAC address
86 * Returns: 0 on success, -1 on failure
87 */
88 int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
89- u8 mac[ETH_ALEN])
90+ struct in_addr *netmask, u8 mac[ETH_ALEN])
91 {
92 struct ifreq req;
93 int sock = -1;
94@@ -919,6 +936,19 @@ int get_netif_info(const char *net_if, u
95 in_addr.s_addr = *ip_addr;
96 os_snprintf(*ip_addr_text, 16, "%s", inet_ntoa(in_addr));
97
98+ if (netmask) {
99+ os_memset(&req, 0, sizeof(req));
100+ os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
101+ if (ioctl(sock, SIOCGIFNETMASK, &req) < 0) {
102+ wpa_printf(MSG_ERROR,
103+ "WPS UPnP: SIOCGIFNETMASK failed: %d (%s)",
104+ errno, strerror(errno));
105+ goto fail;
106+ }
107+ addr = (struct sockaddr_in *) &req.ifr_netmask;
108+ netmask->s_addr = addr->sin_addr.s_addr;
109+ }
110+
111 #ifdef __linux__
112 os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
113 if (ioctl(sock, SIOCGIFHWADDR, &req) < 0) {
114@@ -1025,11 +1055,15 @@ static int upnp_wps_device_start(struct
115
116 /* Determine which IP and mac address we're using */
117 if (get_netif_info(net_if, &sm->ip_addr, &sm->ip_addr_text,
118- sm->mac_addr)) {
119+ &sm->netmask, sm->mac_addr)) {
120 wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
121 "for %s. Does it have IP address?", net_if);
122 goto fail;
123 }
124+ wpa_printf(MSG_DEBUG, "WPS UPnP: Local IP address %s netmask %s hwaddr "
125+ MACSTR,
126+ sm->ip_addr_text, inet_ntoa(sm->netmask),
127+ MAC2STR(sm->mac_addr));
128
129 /* Listen for incoming TCP connections so that others
130 * can fetch our "xml files" from us.
131Index: wpa_supplicant-2.9/src/wps/wps_upnp_i.h
132===================================================================
133--- wpa_supplicant-2.9.orig/src/wps/wps_upnp_i.h
134+++ wpa_supplicant-2.9/src/wps/wps_upnp_i.h
135@@ -128,6 +128,7 @@ struct upnp_wps_device_sm {
136 u8 mac_addr[ETH_ALEN]; /* mac addr of network i.f. we use */
137 char *ip_addr_text; /* IP address of network i.f. we use */
138 unsigned ip_addr; /* IP address of network i.f. we use (host order) */
139+ struct in_addr netmask;
140 int multicast_sd; /* send multicast messages over this socket */
141 int ssdp_sd; /* receive discovery UPD packets on socket */
142 int ssdp_sd_registered; /* nonzero if we must unregister */
143@@ -158,7 +159,7 @@ struct subscription * subscription_find(
144 const u8 uuid[UUID_LEN]);
145 void subscr_addr_delete(struct subscr_addr *a);
146 int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
147- u8 mac[ETH_ALEN]);
148+ struct in_addr *netmask, u8 mac[ETH_ALEN]);
149
150 /* wps_upnp_ssdp.c */
151 void msearchreply_state_machine_stop(struct advertisement_state_machine *a);
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
new file mode 100644
index 0000000000..59640859dd
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
@@ -0,0 +1,62 @@
1From f7d268864a2660b7239b9a8ff5ad37faeeb751ba Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <jouni@codeaurora.org>
3Date: Wed, 3 Jun 2020 22:41:02 +0300
4Subject: [PATCH 2/3] WPS UPnP: Fix event message generation using a long URL
5 path
6
7More than about 700 character URL ended up overflowing the wpabuf used
8for building the event notification and this resulted in the wpabuf
9buffer overflow checks terminating the hostapd process. Fix this by
10allocating the buffer to be large enough to contain the full URL path.
11However, since that around 700 character limit has been the practical
12limit for more than ten years, start explicitly enforcing that as the
13limit or the callback URLs since any longer ones had not worked before
14and there is no need to enable them now either.
15
16Upstream-Status: Backport
17CVE: CVE-2020-12695 patch #2
18Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
19Signed-off-by: Armin Kuster <akuster@mvista.com>
20
21---
22 src/wps/wps_upnp.c | 9 +++++++--
23 src/wps/wps_upnp_event.c | 3 ++-
24 2 files changed, 9 insertions(+), 3 deletions(-)
25
26diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c
27index 7d4b7439940e..ab685d52ecab 100644
28--- a/src/wps/wps_upnp.c
29+++ b/src/wps/wps_upnp.c
30@@ -328,9 +328,14 @@ static void subscr_addr_add_url(struct subscription *s, const char *url,
31 int rerr;
32 size_t host_len, path_len;
33
34- /* url MUST begin with http: */
35- if (url_len < 7 || os_strncasecmp(url, "http://", 7))
36+ /* URL MUST begin with HTTP scheme. In addition, limit the length of
37+ * the URL to 700 characters which is around the limit that was
38+ * implicitly enforced for more than 10 years due to a bug in
39+ * generating the event messages. */
40+ if (url_len < 7 || os_strncasecmp(url, "http://", 7) || url_len > 700) {
41+ wpa_printf(MSG_DEBUG, "WPS UPnP: Reject an unacceptable URL");
42 goto fail;
43+ }
44 url += 7;
45 url_len -= 7;
46
47diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
48index d7e6edcc6503..08a23612f338 100644
49--- a/src/wps/wps_upnp_event.c
50+++ b/src/wps/wps_upnp_event.c
51@@ -147,7 +147,8 @@ static struct wpabuf * event_build_message(struct wps_event_ *e)
52 struct wpabuf *buf;
53 char *b;
54
55- buf = wpabuf_alloc(1000 + wpabuf_len(e->data));
56+ buf = wpabuf_alloc(1000 + os_strlen(e->addr->path) +
57+ wpabuf_len(e->data));
58 if (buf == NULL)
59 return NULL;
60 wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path);
61--
622.20.1
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
new file mode 100644
index 0000000000..8a014ef28a
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
@@ -0,0 +1,50 @@
1From 85aac526af8612c21b3117dadc8ef5944985b476 Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <jouni@codeaurora.org>
3Date: Thu, 4 Jun 2020 21:24:04 +0300
4Subject: [PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more
5 properly
6
7While it is appropriate to try to retransmit the event to another
8callback URL on a failure to initiate the HTTP client connection, there
9is no point in trying the exact same operation multiple times in a row.
10Replve the event_retry() calls with event_addr_failure() for these cases
11to avoid busy loops trying to repeat the same failing operation.
12
13These potential busy loops would go through eloop callbacks, so the
14process is not completely stuck on handling them, but unnecessary CPU
15would be used to process the continues retries that will keep failing
16for the same reason.
17
18Upstream-Status: Backport
19CVE: CVE-2020-12695 patch #2
20Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
21Signed-off-by: Armin Kuster <akuster@mvista.com>
22
23---
24 src/wps/wps_upnp_event.c | 4 ++--
25 1 file changed, 2 insertions(+), 2 deletions(-)
26
27diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
28index 08a23612f338..c0d9e41d9a38 100644
29--- a/src/wps/wps_upnp_event.c
30+++ b/src/wps/wps_upnp_event.c
31@@ -294,7 +294,7 @@ static int event_send_start(struct subscription *s)
32
33 buf = event_build_message(e);
34 if (buf == NULL) {
35- event_retry(e, 0);
36+ event_addr_failure(e);
37 return -1;
38 }
39
40@@ -302,7 +302,7 @@ static int event_send_start(struct subscription *s)
41 event_http_cb, e);
42 if (e->http_event == NULL) {
43 wpabuf_free(buf);
44- event_retry(e, 0);
45+ event_addr_failure(e);
46 return -1;
47 }
48
49--
502.20.1
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
index 2db09ad2c6..de882fad55 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
@@ -15,7 +15,7 @@ PACKAGECONFIG[openssl] = ",,openssl"
15 15
16inherit pkgconfig systemd 16inherit pkgconfig systemd
17 17
18SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service wpa_supplicant-nl80211@.service wpa_supplicant-wired@.service" 18SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service"
19SYSTEMD_AUTO_ENABLE = "disable" 19SYSTEMD_AUTO_ENABLE = "disable"
20 20
21SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ 21SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
@@ -25,7 +25,10 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
25 file://wpa_supplicant.conf-sane \ 25 file://wpa_supplicant.conf-sane \
26 file://99_wpa_supplicant \ 26 file://99_wpa_supplicant \
27 file://0001-replace-systemd-install-Alias-with-WantedBy.patch \ 27 file://0001-replace-systemd-install-Alias-with-WantedBy.patch \
28 file://0001-AP-Silently-ignore-management-frame-from-unexpected-.patch \ 28 file://0001-AP-Silently-ignore-management-frame-from-unexpected-.patch \
29 file://0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch \
30 file://0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch \
31 file://0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \
29 " 32 "
30SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190" 33SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190"
31SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17" 34SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17"
@@ -37,13 +40,13 @@ S = "${WORKDIR}/wpa_supplicant-${PV}"
37PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli " 40PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli "
38FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase" 41FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase"
39FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli" 42FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli"
40FILES_${PN} += "${datadir}/dbus-1/system-services/*" 43FILES_${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*"
41CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf" 44CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf"
42 45
43do_configure () { 46do_configure () {
44 ${MAKE} -C wpa_supplicant clean 47 ${MAKE} -C wpa_supplicant clean
45 install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config 48 install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config
46 49
47 if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then 50 if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then
48 ssl=openssl 51 ssl=openssl
49 elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then 52 elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then
diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc
index bf6ddae7d1..33c84bc2c1 100644
--- a/meta/recipes-core/busybox/busybox.inc
+++ b/meta/recipes-core/busybox/busybox.inc
@@ -431,6 +431,32 @@ fi
431 d.prependVar('pkg_postinst_%s' % pkg, postinst) 431 d.prependVar('pkg_postinst_%s' % pkg, postinst)
432} 432}
433 433
434pkg_postinst_${PN}_prepend () {
435 # Need path to saved utils, but they may have be removed on upgrade of busybox
436 # Only use shell to get paths. Also capture if busybox was saved.
437 BUSYBOX=""
438 if [ "x$D" = "x" ] ; then
439 for busybox_rmdir in /tmp/busyboxrm-*; do
440 if [ "$busybox_rmdir" != '/tmp/busyboxrm-*' ] ; then
441 export PATH=$busybox_rmdir:$PATH
442 if [ -e $busybox_rmdir/busybox* ] ; then
443 BUSYBOX="$busybox_rmdir/busybox*"
444 fi
445 fi
446 done
447 fi
448}
449
450pkg_postinst_${PN}_append () {
451 # If busybox exists in the remove directory it is because it was the only shell left.
452 if [ "x$D" = "x" ] ; then
453 if [ "x$BUSYBOX" != "x" ] ; then
454 update-alternatives --remove sh $BUSYBOX
455 rm -f $BUSYBOX
456 fi
457 fi
458}
459
434pkg_prerm_${PN} () { 460pkg_prerm_${PN} () {
435 # This is so you can make busybox commit suicide - removing busybox with no other packages 461 # This is so you can make busybox commit suicide - removing busybox with no other packages
436 # providing its files, this will make update-alternatives work, but the update-rc.d part 462 # providing its files, this will make update-alternatives work, but the update-rc.d part
@@ -451,9 +477,26 @@ pkg_prerm_${PN} () {
451 ln -s ${base_bindir}/busybox $tmpdir/grep 477 ln -s ${base_bindir}/busybox $tmpdir/grep
452 ln -s ${base_bindir}/busybox $tmpdir/tail 478 ln -s ${base_bindir}/busybox $tmpdir/tail
453 export PATH=$PATH:$tmpdir 479 export PATH=$PATH:$tmpdir
480
481 # If busybox is the shell, we need to save it since its the lowest priority shell
482 # Register saved bitbake as the lowest priority shell possible as back up.
483 if [ -n "$(readlink -f /bin/sh | grep busybox)" ] ; then
484 BUSYBOX=$(readlink -f /bin/sh)
485 cp $BUSYBOX $tmpdir/$(basename $BUSYBOX)
486 update-alternatives --install /bin/sh sh $tmpdir/$(basename $BUSYBOX) 1
487 fi
454} 488}
455 489
456pkg_postrm_${PN} () { 490pkg_postrm_${PN} () {
491 # Add path to remove dir in case we removed our only grep
492 if [ "x$D" = "x" ] ; then
493 for busybox_rmdir in /tmp/busyboxrm-*; do
494 if [ "$busybox_rmdir" != '/tmp/busyboxrm-*' ] ; then
495 export PATH=$busybox_rmdir:$PATH
496 fi
497 done
498 fi
499
457 if grep -q "^${base_bindir}/bash$" $D${sysconfdir}/busybox.links* && [ ! -e $D${base_bindir}/bash ]; then 500 if grep -q "^${base_bindir}/bash$" $D${sysconfdir}/busybox.links* && [ ! -e $D${base_bindir}/bash ]; then
458 printf "$(grep -v "^${base_bindir}/bash$" $D${sysconfdir}/shells)\n" > $D${sysconfdir}/shells 501 printf "$(grep -v "^${base_bindir}/bash$" $D${sysconfdir}/shells)\n" > $D${sysconfdir}/shells
459 fi 502 fi
diff --git a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch b/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
new file mode 100644
index 0000000000..ac7a4b7a71
--- /dev/null
+++ b/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
@@ -0,0 +1,78 @@
1From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001
2From: Simon McVittie <smcv@collabora.com>
3Date: Thu, 16 Apr 2020 14:45:11 +0100
4Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive
5
6MSG_CTRUNC indicates that we have received fewer fds that we should
7have done because the buffer was too small, but we were treating it
8as though it indicated that we received *no* fds. If we received any,
9we still have to make sure we close them, otherwise they will be leaked.
10
11On the system bus, if an attacker can induce us to leak fds in this
12way, that's a local denial of service via resource exhaustion.
13
14Reported-by: Kevin Backhouse, GitHub Security Lab
15Fixes: dbus#294
16Fixes: CVE-2020-12049
17Fixes: GHSL-2020-057
18
19Upstream-Status: Backport [https://gitlab.freedesktop.org/dbus/dbus/-/commit/872b085f12f56da25a2dbd9bd0b2dff31d5aea63]
20CVE: CVE-2020-12049
21Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
22---
23 dbus/dbus-sysdeps-unix.c | 32 ++++++++++++++++++++------------
24 1 file changed, 20 insertions(+), 12 deletions(-)
25
26diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
27index b5fc2466..b176dae1 100644
28--- a/dbus/dbus-sysdeps-unix.c
29+++ b/dbus/dbus-sysdeps-unix.c
30@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
31 struct cmsghdr *cm;
32 dbus_bool_t found = FALSE;
33
34- if (m.msg_flags & MSG_CTRUNC)
35- {
36- /* Hmm, apparently the control data was truncated. The bad
37- thing is that we might have completely lost a couple of fds
38- without chance to recover them. Hence let's treat this as a
39- serious error. */
40-
41- errno = ENOSPC;
42- _dbus_string_set_length (buffer, start);
43- return -1;
44- }
45-
46 for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm))
47 if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
48 {
49@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
50 if (!found)
51 *n_fds = 0;
52
53+ if (m.msg_flags & MSG_CTRUNC)
54+ {
55+ unsigned int i;
56+
57+ /* Hmm, apparently the control data was truncated. The bad
58+ thing is that we might have completely lost a couple of fds
59+ without chance to recover them. Hence let's treat this as a
60+ serious error. */
61+
62+ /* We still need to close whatever fds we *did* receive,
63+ * otherwise they'll never get closed. (CVE-2020-12049) */
64+ for (i = 0; i < *n_fds; i++)
65+ close (fds[i]);
66+
67+ *n_fds = 0;
68+ errno = ENOSPC;
69+ _dbus_string_set_length (buffer, start);
70+ return -1;
71+ }
72+
73 /* put length back (doesn't actually realloc) */
74 _dbus_string_set_length (buffer, start + bytes_read);
75
76--
772.25.1
78
diff --git a/meta/recipes-core/dbus/dbus_1.12.16.bb b/meta/recipes-core/dbus/dbus_1.12.16.bb
index cfdbec09d0..92508cbeb8 100644
--- a/meta/recipes-core/dbus/dbus_1.12.16.bb
+++ b/meta/recipes-core/dbus/dbus_1.12.16.bb
@@ -16,6 +16,7 @@ SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
16 file://tmpdir.patch \ 16 file://tmpdir.patch \
17 file://dbus-1.init \ 17 file://dbus-1.init \
18 file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ 18 file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
19 file://CVE-2020-12049.patch \
19" 20"
20 21
21SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890" 22SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890"
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0020-meson.build-do-not-hardcode-linux-as-the-host-system.patch b/meta/recipes-core/glib-2.0/glib-2.0/0020-meson.build-do-not-hardcode-linux-as-the-host-system.patch
new file mode 100644
index 0000000000..9c311f1c90
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/0020-meson.build-do-not-hardcode-linux-as-the-host-system.patch
@@ -0,0 +1,49 @@
1From d5e82cd0b6076f33b86e0285ef1c0dba8a14112e Mon Sep 17 00:00:00 2001
2From: Ahmad Fatoum <a.fatoum@pengutronix.de>
3Date: Thu, 9 Jul 2020 13:00:16 +0200
4Subject: [PATCH] meson.build: do not hardcode 'linux' as the host system
5
6OE build system can set this to other values that include 'linux',
7e.g. 'linux-gnueabi'. This led to glib always being built without
8libmount, mkostemp and selinux support.
9
10Upstream-Status: Inappropriate [other]
11Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
12---
13 meson.build | 6 +++---
14 1 file changed, 3 insertions(+), 3 deletions(-)
15
16diff --git a/meson.build b/meson.build
17index dd95c750b5ea..8bcacaf3c7e1 100644
18--- a/meson.build
19+++ b/meson.build
20@@ -604,7 +604,7 @@ else
21 endif
22 message('Checking whether to use statfs or statvfs .. ' + stat_func_to_use)
23
24-if host_system == 'linux'
25+if host_system.contains('linux')
26 if cc.has_function('mkostemp',
27 prefix: '''#define _GNU_SOURCE
28 #include <stdlib.h>''')
29@@ -1810,7 +1810,7 @@ glib_conf.set_quoted('GLIB_LOCALE_DIR', join_paths(glib_datadir, 'locale'))
30 # libmount is only used by gio, but we need to fetch the libs to generate the
31 # pkg-config file below
32 libmount_dep = []
33-if host_system == 'linux' and get_option('libmount')
34+if host_system.contains('linux') and get_option('libmount')
35 libmount_dep = [dependency('mount', version : '>=2.23', required : true)]
36 glib_conf.set('HAVE_LIBMOUNT', 1)
37 endif
38@@ -1820,7 +1820,7 @@ if host_system == 'windows'
39 endif
40
41 selinux_dep = []
42-if host_system == 'linux'
43+if host_system.contains('linux')
44 selinux_dep = dependency('libselinux', required: get_option('selinux'))
45
46 glib_conf.set('HAVE_SELINUX', selinux_dep.found())
47--
482.27.0
49
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-6750.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-6750.patch
new file mode 100644
index 0000000000..6db3934978
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-6750.patch
@@ -0,0 +1,741 @@
1From 747f2c646f5a86ac58ad59be08036e81388e971d Mon Sep 17 00:00:00 2001
2From: Patrick Griffis <tingping@tingping.se>
3Date: Thu, 23 Jan 2020 19:58:41 -0800
4Subject: [PATCH] Refactor g_socket_client_connect_async()
5
6This is a fairly large refactoring. The highlights are:
7
8- Removing in-progress connections/addresses from GSocketClientAsyncConnectData:
9
10 This caused issues where multiple ConnectionAttempt's would step over eachother
11 and modify shared state causing bugs like accidentally bypassing a set proxy.
12
13 Fixes #1871
14 Fixes #1989
15 Fixes #1902
16
17- Cancelling address enumeration on error/completion
18
19- Queuing successful TCP connections and doing application layer work serially:
20
21 This is more in the spirit of Happy Eyeballs but it also greatly simplifies
22 the flow of connection handling so fewer tasks are happening in parallel
23 when they don't need to be.
24
25 The behavior also should more closely match that of g_socket_client_connect().
26
27- Better track the state of address enumeration:
28
29 Previously we were over eager to treat enumeration finishing as an error.
30
31 Fixes #1872
32 See also #1982
33
34- Add more detailed documentation and logging.
35
36Closes #1995
37
38CVE: CVE-2020-6750
39
40Upstream-Status: Backport [ https://gitlab.gnome.org/GNOME/glib.git;
41commit=2722620e3291b930a3a228100d7c0e07b69534e3 ]
42
43Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
44---
45 gio/gsocketclient.c | 459 ++++++++++++++++++++++++++++----------------
46 1 file changed, 296 insertions(+), 163 deletions(-)
47
48diff --git a/gio/gsocketclient.c b/gio/gsocketclient.c
49index 81767c0..b1d5f6c 100644
50--- a/gio/gsocketclient.c
51+++ b/gio/gsocketclient.c
52@@ -1332,13 +1332,15 @@ typedef struct
53
54 GSocketConnectable *connectable;
55 GSocketAddressEnumerator *enumerator;
56- GProxyAddress *proxy_addr;
57- GSocket *socket;
58- GIOStream *connection;
59+ GCancellable *enumeration_cancellable;
60
61 GSList *connection_attempts;
62+ GSList *successful_connections;
63 GError *last_error;
64
65+ gboolean enumerated_at_least_once;
66+ gboolean enumeration_completed;
67+ gboolean connection_in_progress;
68 gboolean completed;
69 } GSocketClientAsyncConnectData;
70
71@@ -1350,10 +1352,9 @@ g_socket_client_async_connect_data_free (GSocketClientAsyncConnectData *data)
72 data->task = NULL;
73 g_clear_object (&data->connectable);
74 g_clear_object (&data->enumerator);
75- g_clear_object (&data->proxy_addr);
76- g_clear_object (&data->socket);
77- g_clear_object (&data->connection);
78+ g_clear_object (&data->enumeration_cancellable);
79 g_slist_free_full (data->connection_attempts, connection_attempt_unref);
80+ g_slist_free_full (data->successful_connections, connection_attempt_unref);
81
82 g_clear_error (&data->last_error);
83
84@@ -1365,6 +1366,7 @@ typedef struct
85 GSocketAddress *address;
86 GSocket *socket;
87 GIOStream *connection;
88+ GProxyAddress *proxy_addr;
89 GSocketClientAsyncConnectData *data; /* unowned */
90 GSource *timeout_source;
91 GCancellable *cancellable;
92@@ -1396,6 +1398,7 @@ connection_attempt_unref (gpointer pointer)
93 g_clear_object (&attempt->socket);
94 g_clear_object (&attempt->connection);
95 g_clear_object (&attempt->cancellable);
96+ g_clear_object (&attempt->proxy_addr);
97 if (attempt->timeout_source)
98 {
99 g_source_destroy (attempt->timeout_source);
100@@ -1413,37 +1416,59 @@ connection_attempt_remove (ConnectionAttempt *attempt)
101 }
102
103 static void
104-g_socket_client_async_connect_complete (GSocketClientAsyncConnectData *data)
105+cancel_all_attempts (GSocketClientAsyncConnectData *data)
106 {
107- g_assert (data->connection);
108+ GSList *l;
109
110- if (!G_IS_SOCKET_CONNECTION (data->connection))
111+ for (l = data->connection_attempts; l; l = g_slist_next (l))
112 {
113- GSocketConnection *wrapper_connection;
114-
115- wrapper_connection = g_tcp_wrapper_connection_new (data->connection, data->socket);
116- g_object_unref (data->connection);
117- data->connection = (GIOStream *)wrapper_connection;
118+ ConnectionAttempt *attempt_entry = l->data;
119+ g_cancellable_cancel (attempt_entry->cancellable);
120+ connection_attempt_unref (attempt_entry);
121 }
122+ g_slist_free (data->connection_attempts);
123+ data->connection_attempts = NULL;
124
125- if (!data->completed)
126+ g_slist_free_full (data->successful_connections, connection_attempt_unref);
127+ data->successful_connections = NULL;
128+
129+ g_cancellable_cancel (data->enumeration_cancellable);
130+}
131+
132+static void
133+g_socket_client_async_connect_complete (ConnectionAttempt *attempt)
134+{
135+ GSocketClientAsyncConnectData *data = attempt->data;
136+ GError *error = NULL;
137+ g_assert (attempt->connection);
138+ g_assert (!data->completed);
139+
140+ if (!G_IS_SOCKET_CONNECTION (attempt->connection))
141 {
142- GError *error = NULL;
143+ GSocketConnection *wrapper_connection;
144
145- if (g_cancellable_set_error_if_cancelled (g_task_get_cancellable (data->task), &error))
146- {
147- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
148- g_task_return_error (data->task, g_steal_pointer (&error));
149- }
150- else
151- {
152- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, data->connection);
153- g_task_return_pointer (data->task, g_steal_pointer (&data->connection), g_object_unref);
154- }
155+ wrapper_connection = g_tcp_wrapper_connection_new (attempt->connection, attempt->socket);
156+ g_object_unref (attempt->connection);
157+ attempt->connection = (GIOStream *)wrapper_connection;
158+ }
159
160- data->completed = TRUE;
161+ data->completed = TRUE;
162+ cancel_all_attempts (data);
163+
164+ if (g_cancellable_set_error_if_cancelled (g_task_get_cancellable (data->task), &error))
165+ {
166+ g_debug ("GSocketClient: Connection cancelled!");
167+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
168+ g_task_return_error (data->task, g_steal_pointer (&error));
169+ }
170+ else
171+ {
172+ g_debug ("GSocketClient: Connection successful!");
173+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, attempt->connection);
174+ g_task_return_pointer (data->task, g_steal_pointer (&attempt->connection), g_object_unref);
175 }
176
177+ connection_attempt_unref (attempt);
178 g_object_unref (data->task);
179 }
180
181@@ -1465,59 +1490,63 @@ static void
182 enumerator_next_async (GSocketClientAsyncConnectData *data,
183 gboolean add_task_ref)
184 {
185- /* We need to cleanup the state */
186- g_clear_object (&data->socket);
187- g_clear_object (&data->proxy_addr);
188- g_clear_object (&data->connection);
189-
190 /* Each enumeration takes a ref. This arg just avoids repeated unrefs when
191 an enumeration starts another enumeration */
192 if (add_task_ref)
193 g_object_ref (data->task);
194
195 g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_RESOLVING, data->connectable, NULL);
196+ g_debug ("GSocketClient: Starting new address enumeration");
197 g_socket_address_enumerator_next_async (data->enumerator,
198- g_task_get_cancellable (data->task),
199+ data->enumeration_cancellable,
200 g_socket_client_enumerator_callback,
201 data);
202 }
203
204+static void try_next_connection_or_finish (GSocketClientAsyncConnectData *, gboolean);
205+
206 static void
207 g_socket_client_tls_handshake_callback (GObject *object,
208 GAsyncResult *result,
209 gpointer user_data)
210 {
211- GSocketClientAsyncConnectData *data = user_data;
212+ ConnectionAttempt *attempt = user_data;
213+ GSocketClientAsyncConnectData *data = attempt->data;
214
215 if (g_tls_connection_handshake_finish (G_TLS_CONNECTION (object),
216 result,
217 &data->last_error))
218 {
219- g_object_unref (data->connection);
220- data->connection = G_IO_STREAM (object);
221+ g_object_unref (attempt->connection);
222+ attempt->connection = G_IO_STREAM (object);
223
224- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_TLS_HANDSHAKED, data->connectable, data->connection);
225- g_socket_client_async_connect_complete (data);
226+ g_debug ("GSocketClient: TLS handshake succeeded");
227+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_TLS_HANDSHAKED, data->connectable, attempt->connection);
228+ g_socket_client_async_connect_complete (attempt);
229 }
230 else
231 {
232 g_object_unref (object);
233- enumerator_next_async (data, FALSE);
234+ connection_attempt_unref (attempt);
235+ g_debug ("GSocketClient: TLS handshake failed: %s", data->last_error->message);
236+ try_next_connection_or_finish (data, TRUE);
237 }
238 }
239
240 static void
241-g_socket_client_tls_handshake (GSocketClientAsyncConnectData *data)
242+g_socket_client_tls_handshake (ConnectionAttempt *attempt)
243 {
244+ GSocketClientAsyncConnectData *data = attempt->data;
245 GIOStream *tlsconn;
246
247 if (!data->client->priv->tls)
248 {
249- g_socket_client_async_connect_complete (data);
250+ g_socket_client_async_connect_complete (attempt);
251 return;
252 }
253
254- tlsconn = g_tls_client_connection_new (data->connection,
255+ g_debug ("GSocketClient: Starting TLS handshake");
256+ tlsconn = g_tls_client_connection_new (attempt->connection,
257 data->connectable,
258 &data->last_error);
259 if (tlsconn)
260@@ -1529,11 +1558,12 @@ g_socket_client_tls_handshake (GSocketClientAsyncConnectData *data)
261 G_PRIORITY_DEFAULT,
262 g_task_get_cancellable (data->task),
263 g_socket_client_tls_handshake_callback,
264- data);
265+ attempt);
266 }
267 else
268 {
269- enumerator_next_async (data, FALSE);
270+ connection_attempt_unref (attempt);
271+ try_next_connection_or_finish (data, TRUE);
272 }
273 }
274
275@@ -1542,23 +1572,38 @@ g_socket_client_proxy_connect_callback (GObject *object,
276 GAsyncResult *result,
277 gpointer user_data)
278 {
279- GSocketClientAsyncConnectData *data = user_data;
280+ ConnectionAttempt *attempt = user_data;
281+ GSocketClientAsyncConnectData *data = attempt->data;
282
283- g_object_unref (data->connection);
284- data->connection = g_proxy_connect_finish (G_PROXY (object),
285- result,
286- &data->last_error);
287- if (data->connection)
288+ g_object_unref (attempt->connection);
289+ attempt->connection = g_proxy_connect_finish (G_PROXY (object),
290+ result,
291+ &data->last_error);
292+ if (attempt->connection)
293 {
294- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATED, data->connectable, data->connection);
295+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATED, data->connectable, attempt->connection);
296 }
297 else
298 {
299- enumerator_next_async (data, FALSE);
300+ connection_attempt_unref (attempt);
301+ try_next_connection_or_finish (data, TRUE);
302 return;
303 }
304
305- g_socket_client_tls_handshake (data);
306+ g_socket_client_tls_handshake (attempt);
307+}
308+
309+static void
310+complete_connection_with_error (GSocketClientAsyncConnectData *data,
311+ GError *error)
312+{
313+ g_debug ("GSocketClient: Connection failed: %s", error->message);
314+ g_assert (!data->completed);
315+
316+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
317+ data->completed = TRUE;
318+ cancel_all_attempts (data);
319+ g_task_return_error (data->task, error);
320 }
321
322 static gboolean
323@@ -1572,15 +1617,114 @@ task_completed_or_cancelled (GSocketClientAsyncConnectData *data)
324 return TRUE;
325 else if (g_cancellable_set_error_if_cancelled (cancellable, &error))
326 {
327- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
328- g_task_return_error (task, g_steal_pointer (&error));
329- data->completed = TRUE;
330+ complete_connection_with_error (data, g_steal_pointer (&error));
331 return TRUE;
332 }
333 else
334 return FALSE;
335 }
336
337+static gboolean
338+try_next_successful_connection (GSocketClientAsyncConnectData *data)
339+{
340+ ConnectionAttempt *attempt;
341+ const gchar *protocol;
342+ GProxy *proxy;
343+
344+ if (data->connection_in_progress)
345+ return FALSE;
346+
347+ g_assert (data->successful_connections != NULL);
348+ attempt = data->successful_connections->data;
349+ g_assert (attempt != NULL);
350+ data->successful_connections = g_slist_remove (data->successful_connections, attempt);
351+ data->connection_in_progress = TRUE;
352+
353+ g_debug ("GSocketClient: Starting application layer connection");
354+
355+ if (!attempt->proxy_addr)
356+ {
357+ g_socket_client_tls_handshake (g_steal_pointer (&attempt));
358+ return TRUE;
359+ }
360+
361+ protocol = g_proxy_address_get_protocol (attempt->proxy_addr);
362+
363+ /* The connection should not be anything other than TCP,
364+ * but let's put a safety guard in case
365+ */
366+ if (!G_IS_TCP_CONNECTION (attempt->connection))
367+ {
368+ g_critical ("Trying to proxy over non-TCP connection, this is "
369+ "most likely a bug in GLib IO library.");
370+
371+ g_set_error_literal (&data->last_error,
372+ G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
373+ _("Proxying over a non-TCP connection is not supported."));
374+ }
375+ else if (g_hash_table_contains (data->client->priv->app_proxies, protocol))
376+ {
377+ /* Simply complete the connection, we don't want to do TLS handshake
378+ * as the application proxy handling may need proxy handshake first */
379+ g_socket_client_async_connect_complete (g_steal_pointer (&attempt));
380+ return TRUE;
381+ }
382+ else if ((proxy = g_proxy_get_default_for_protocol (protocol)))
383+ {
384+ GIOStream *connection = attempt->connection;
385+ GProxyAddress *proxy_addr = attempt->proxy_addr;
386+
387+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATING, data->connectable, attempt->connection);
388+ g_debug ("GSocketClient: Starting proxy connection");
389+ g_proxy_connect_async (proxy,
390+ connection,
391+ proxy_addr,
392+ g_task_get_cancellable (data->task),
393+ g_socket_client_proxy_connect_callback,
394+ g_steal_pointer (&attempt));
395+ g_object_unref (proxy);
396+ return TRUE;
397+ }
398+ else
399+ {
400+ g_clear_error (&data->last_error);
401+
402+ g_set_error (&data->last_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
403+ _("Proxy protocol “%s” is not supported."),
404+ protocol);
405+ }
406+
407+ data->connection_in_progress = FALSE;
408+ g_clear_pointer (&attempt, connection_attempt_unref);
409+ return FALSE; /* All non-return paths are failures */
410+}
411+
412+static void
413+try_next_connection_or_finish (GSocketClientAsyncConnectData *data,
414+ gboolean end_current_connection)
415+{
416+ if (end_current_connection)
417+ data->connection_in_progress = FALSE;
418+
419+ if (data->connection_in_progress)
420+ return;
421+
422+ /* Keep trying successful connections until one works, each iteration pops one */
423+ while (data->successful_connections)
424+ {
425+ if (try_next_successful_connection (data))
426+ return;
427+ }
428+
429+ if (!data->enumeration_completed)
430+ {
431+ enumerator_next_async (data, FALSE);
432+ return;
433+ }
434+
435+ complete_connection_with_error (data, data->last_error);
436+}
437+
438 static void
439 g_socket_client_connected_callback (GObject *source,
440 GAsyncResult *result,
441@@ -1588,10 +1732,7 @@ g_socket_client_connected_callback (GObject *source,
442 {
443 ConnectionAttempt *attempt = user_data;
444 GSocketClientAsyncConnectData *data = attempt->data;
445- GSList *l;
446 GError *error = NULL;
447- GProxy *proxy;
448- const gchar *protocol;
449
450 if (task_completed_or_cancelled (data) || g_cancellable_is_cancelled (attempt->cancellable))
451 {
452@@ -1613,11 +1754,12 @@ g_socket_client_connected_callback (GObject *source,
453 {
454 clarify_connect_error (error, data->connectable, attempt->address);
455 set_last_error (data, error);
456+ g_debug ("GSocketClient: Connection attempt failed: %s", error->message);
457 connection_attempt_remove (attempt);
458- enumerator_next_async (data, FALSE);
459 connection_attempt_unref (attempt);
460+ try_next_connection_or_finish (data, FALSE);
461 }
462- else
463+ else /* Silently ignore cancelled attempts */
464 {
465 g_clear_error (&error);
466 g_object_unref (data->task);
467@@ -1627,74 +1769,21 @@ g_socket_client_connected_callback (GObject *source,
468 return;
469 }
470
471- data->socket = g_steal_pointer (&attempt->socket);
472- data->connection = g_steal_pointer (&attempt->connection);
473-
474- for (l = data->connection_attempts; l; l = g_slist_next (l))
475- {
476- ConnectionAttempt *attempt_entry = l->data;
477- g_cancellable_cancel (attempt_entry->cancellable);
478- connection_attempt_unref (attempt_entry);
479- }
480- g_slist_free (data->connection_attempts);
481- data->connection_attempts = NULL;
482- connection_attempt_unref (attempt);
483-
484- g_socket_connection_set_cached_remote_address ((GSocketConnection*)data->connection, NULL);
485- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTED, data->connectable, data->connection);
486+ g_socket_connection_set_cached_remote_address ((GSocketConnection*)attempt->connection, NULL);
487+ g_debug ("GSocketClient: TCP connection successful");
488+ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTED, data->connectable, attempt->connection);
489
490 /* wrong, but backward compatible */
491- g_socket_set_blocking (data->socket, TRUE);
492+ g_socket_set_blocking (attempt->socket, TRUE);
493
494- if (!data->proxy_addr)
495- {
496- g_socket_client_tls_handshake (data);
497- return;
498- }
499-
500- protocol = g_proxy_address_get_protocol (data->proxy_addr);
501-
502- /* The connection should not be anything other than TCP,
503- * but let's put a safety guard in case
504+ /* This ends the parallel "happy eyeballs" portion of connecting.
505+ Now that we have a successful tcp connection we will attempt to connect
506+ at the TLS/Proxy layer. If those layers fail we will move on to the next
507+ connection.
508 */
509- if (!G_IS_TCP_CONNECTION (data->connection))
510- {
511- g_critical ("Trying to proxy over non-TCP connection, this is "
512- "most likely a bug in GLib IO library.");
513-
514- g_set_error_literal (&data->last_error,
515- G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
516- _("Proxying over a non-TCP connection is not supported."));
517-
518- enumerator_next_async (data, FALSE);
519- }
520- else if (g_hash_table_contains (data->client->priv->app_proxies, protocol))
521- {
522- /* Simply complete the connection, we don't want to do TLS handshake
523- * as the application proxy handling may need proxy handshake first */
524- g_socket_client_async_connect_complete (data);
525- }
526- else if ((proxy = g_proxy_get_default_for_protocol (protocol)))
527- {
528- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATING, data->connectable, data->connection);
529- g_proxy_connect_async (proxy,
530- data->connection,
531- data->proxy_addr,
532- g_task_get_cancellable (data->task),
533- g_socket_client_proxy_connect_callback,
534- data);
535- g_object_unref (proxy);
536- }
537- else
538- {
539- g_clear_error (&data->last_error);
540-
541- g_set_error (&data->last_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
542- _("Proxy protocol “%s” is not supported."),
543- protocol);
544-
545- enumerator_next_async (data, FALSE);
546- }
547+ connection_attempt_remove (attempt);
548+ data->successful_connections = g_slist_append (data->successful_connections, g_steal_pointer (&attempt));
549+ try_next_connection_or_finish (data, FALSE);
550 }
551
552 static gboolean
553@@ -1702,7 +1791,11 @@ on_connection_attempt_timeout (gpointer data)
554 {
555 ConnectionAttempt *attempt = data;
556
557- enumerator_next_async (attempt->data, TRUE);
558+ if (!attempt->data->enumeration_completed)
559+ {
560+ g_debug ("GSocketClient: Timeout reached, trying another enumeration");
561+ enumerator_next_async (attempt->data, TRUE);
562+ }
563
564 g_clear_pointer (&attempt->timeout_source, g_source_unref);
565 return G_SOURCE_REMOVE;
566@@ -1712,9 +1805,9 @@ static void
567 on_connection_cancelled (GCancellable *cancellable,
568 gpointer data)
569 {
570- GCancellable *attempt_cancellable = data;
571+ GCancellable *linked_cancellable = G_CANCELLABLE (data);
572
573- g_cancellable_cancel (attempt_cancellable);
574+ g_cancellable_cancel (linked_cancellable);
575 }
576
577 static void
578@@ -1738,39 +1831,49 @@ g_socket_client_enumerator_callback (GObject *object,
579 result, &error);
580 if (address == NULL)
581 {
582- if (data->connection_attempts)
583+ if (G_UNLIKELY (data->enumeration_completed))
584+ return;
585+
586+ data->enumeration_completed = TRUE;
587+ g_debug ("GSocketClient: Address enumeration completed (out of addresses)");
588+
589+ /* As per API docs: We only care about error if its the first call,
590+ after that the enumerator is done.
591+
592+ Note that we don't care about cancellation errors because
593+ task_completed_or_cancelled() above should handle that.
594+
595+ If this fails and nothing is in progress then we will complete task here.
596+ */
597+ if ((data->enumerated_at_least_once && !data->connection_attempts && !data->connection_in_progress) ||
598+ !data->enumerated_at_least_once)
599 {
600- g_object_unref (data->task);
601- return;
602+ g_debug ("GSocketClient: Address enumeration failed: %s", error ? error->message : NULL);
603+ if (data->last_error)
604+ {
605+ g_clear_error (&error);
606+ error = data->last_error;
607+ data->last_error = NULL;
608+ }
609+ else if (!error)
610+ {
611+ g_set_error_literal (&error, G_IO_ERROR, G_IO_ERROR_FAILED,
612+ _("Unknown error on connect"));
613+ }
614+
615+ complete_connection_with_error (data, error);
616 }
617
618- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
619- data->completed = TRUE;
620- if (!error)
621- {
622- if (data->last_error)
623- {
624- error = data->last_error;
625- data->last_error = NULL;
626- }
627- else
628- {
629- g_set_error_literal (&error, G_IO_ERROR, G_IO_ERROR_FAILED,
630- _("Unknown error on connect"));
631- }
632- }
633- g_task_return_error (data->task, error);
634+ /* Enumeration should never trigger again, drop our ref */
635 g_object_unref (data->task);
636 return;
637 }
638
639+ data->enumerated_at_least_once = TRUE;
640+ g_debug ("GSocketClient: Address enumeration succeeded");
641 g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_RESOLVED,
642 data->connectable, NULL);
643
644- if (G_IS_PROXY_ADDRESS (address) &&
645- data->client->priv->enable_proxy)
646- data->proxy_addr = g_object_ref (G_PROXY_ADDRESS (address));
647-
648 g_clear_error (&data->last_error);
649
650 socket = create_socket (data->client, address, &data->last_error);
651@@ -1788,6 +1891,10 @@ g_socket_client_enumerator_callback (GObject *object,
652 attempt->cancellable = g_cancellable_new ();
653 attempt->connection = (GIOStream *)g_socket_connection_factory_create_connection (socket);
654 attempt->timeout_source = g_timeout_source_new (HAPPY_EYEBALLS_CONNECTION_ATTEMPT_TIMEOUT_MS);
655+
656+ if (G_IS_PROXY_ADDRESS (address) && data->client->priv->enable_proxy)
657+ attempt->proxy_addr = g_object_ref (G_PROXY_ADDRESS (address));
658+
659 g_source_set_callback (attempt->timeout_source, on_connection_attempt_timeout, attempt, NULL);
660 g_source_attach (attempt->timeout_source, g_main_context_get_thread_default ());
661 data->connection_attempts = g_slist_append (data->connection_attempts, attempt);
662@@ -1797,6 +1904,7 @@ g_socket_client_enumerator_callback (GObject *object,
663 g_object_ref (attempt->cancellable), g_object_unref);
664
665 g_socket_connection_set_cached_remote_address ((GSocketConnection *)attempt->connection, address);
666+ g_debug ("GSocketClient: Starting TCP connection attempt");
667 g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTING, data->connectable, attempt->connection);
668 g_socket_connection_connect_async (G_SOCKET_CONNECTION (attempt->connection),
669 address,
670@@ -1849,24 +1957,48 @@ g_socket_client_connect_async (GSocketClient *client,
671 else
672 data->enumerator = g_socket_connectable_enumerate (connectable);
673
674- /* The flow and ownership here isn't quite obvious:
675- - The task starts an async attempt to connect.
676- - Each attempt holds a single ref on task.
677- - Each attempt may create new attempts by timing out (not a failure) so
678- there are multiple attempts happening in parallel.
679- - Upon failure an attempt will start a new attempt that steals its ref
680- until there are no more attempts left and it drops its ref.
681- - Upon success it will cancel all other attempts and continue on
682- to the rest of the connection (tls, proxies, etc) which do not
683- happen in parallel and at the very end drop its ref.
684- - Upon cancellation an attempt drops its ref.
685- */
686+ /* This function tries to match the behavior of g_socket_client_connect ()
687+ which is simple enough but much of it is done in parallel to be as responsive
688+ as possible as per Happy Eyeballs (RFC 8305). This complicates flow quite a
689+ bit but we can describe it in 3 sections:
690+
691+ Firstly we have address enumeration (DNS):
692+ - This may be triggered multiple times by enumerator_next_async().
693+ - It also has its own cancellable (data->enumeration_cancellable).
694+ - Enumeration is done lazily because GNetworkAddressAddressEnumerator
695+ also does work in parallel and may lazily add new addresses.
696+ - If the first enumeration errors then the task errors. Otherwise all enumerations
697+ will potentially be used (until task or enumeration is cancelled).
698+
699+ Then we start attempting connections (TCP):
700+ - Each connection is independent and kept in a ConnectionAttempt object.
701+ - They each hold a ref on the main task and have their own cancellable.
702+ - Multiple attempts may happen in parallel as per Happy Eyeballs.
703+ - Upon failure or timeouts more connection attempts are made.
704+ - If no connections succeed the task errors.
705+ - Upon success they are kept in a list of successful connections.
706+
707+ Lastly we connect at the application layer (TLS, Proxies):
708+ - These are done in serial.
709+ - The reasoning here is that Happy Eyeballs is about making bad connections responsive
710+ at the IP/TCP layers. Issues at the application layer are generally not due to
711+ connectivity issues but rather misconfiguration.
712+ - Upon failure it will try the next TCP connection until it runs out and
713+ the task errors.
714+ - Upon success it cancels everything remaining (enumeration and connections)
715+ and returns the connection.
716+ */
717
718 data->task = g_task_new (client, cancellable, callback, user_data);
719 g_task_set_check_cancellable (data->task, FALSE); /* We handle this manually */
720 g_task_set_source_tag (data->task, g_socket_client_connect_async);
721 g_task_set_task_data (data->task, data, (GDestroyNotify)g_socket_client_async_connect_data_free);
722
723+ data->enumeration_cancellable = g_cancellable_new ();
724+ if (cancellable)
725+ g_cancellable_connect (cancellable, G_CALLBACK (on_connection_cancelled),
726+ g_object_ref (data->enumeration_cancellable), g_object_unref);
727+
728 enumerator_next_async (data, FALSE);
729 }
730
731@@ -1985,6 +2117,7 @@ g_socket_client_connect_to_uri_async (GSocketClient *client,
732 }
733 else
734 {
735+ g_debug("g_socket_client_connect_to_uri_async");
736 g_socket_client_connect_async (client,
737 connectable, cancellable,
738 callback, user_data);
739--
7402.23.0
741
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb
index 5aefa6ad8b..af8ded76d5 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb
@@ -16,6 +16,8 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
16 file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ 16 file://0001-Do-not-write-bindir-into-pkg-config-files.patch \
17 file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \ 17 file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \
18 file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \ 18 file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \
19 file://CVE-2020-6750.patch \
20 file://0020-meson.build-do-not-hardcode-linux-as-the-host-system.patch \
19 " 21 "
20 22
21SRC_URI_append_class-native = " file://relocate-modules.patch" 23SRC_URI_append_class-native = " file://relocate-modules.patch"
diff --git a/meta/recipes-core/glibc/glibc-testsuite_2.30.bb b/meta/recipes-core/glibc/glibc-testsuite_2.30.bb
index 657fd4dbc1..d887aeff79 100644
--- a/meta/recipes-core/glibc/glibc-testsuite_2.30.bb
+++ b/meta/recipes-core/glibc/glibc-testsuite_2.30.bb
@@ -1,5 +1,7 @@
1require glibc_${PV}.bb 1require glibc_${PV}.bb
2 2
3EXCLUDE_FROM_WORLD = "1"
4
3# handle PN differences 5# handle PN differences
4FILESEXTRAPATHS_prepend := "${THISDIR}/glibc:" 6FILESEXTRAPATHS_prepend := "${THISDIR}/glibc:"
5 7
@@ -58,3 +60,4 @@ addtask do_check after do_compile
58 60
59inherit nopackages 61inherit nopackages
60deltask do_stash_locale 62deltask do_stash_locale
63deltask do_install
diff --git a/meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch b/meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch
index 3aad603ada..5cd235f6ac 100644
--- a/meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch
+++ b/meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch
@@ -65,6 +65,35 @@ index 7c1cc3eecb..53cb8bfc59 100644
65 65
66 /* Load the locale data for CATEGORY from the file specified by *NAME. 66 /* Load the locale data for CATEGORY from the file specified by *NAME.
67 If *NAME is "", use environment variables as specified by POSIX, and 67 If *NAME is "", use environment variables as specified by POSIX, and
68-- 68Index: git/locale/programs/locale.c
692.22.0 69===================================================================
70 70--- git.orig/locale/programs/locale.c
71+++ git/locale/programs/locale.c
72@@ -632,6 +632,7 @@ nameentcmp (const void *a, const void *b
73 ((const struct nameent *) b)->name);
74 }
75
76+static char _write_archive_locales_path[4096] attribute_hidden __attribute__ ((section (".gccrelocprefix"))) = ARCHIVE_NAME;
77
78 static int
79 write_archive_locales (void **all_datap, char *linebuf)
80@@ -645,7 +646,7 @@ write_archive_locales (void **all_datap,
81 int fd, ret = 0;
82 uint32_t cnt;
83
84- fd = open64 (ARCHIVE_NAME, O_RDONLY);
85+ fd = open64 (_write_archive_locales_path, O_RDONLY);
86 if (fd < 0)
87 return 0;
88
89@@ -700,8 +701,8 @@ write_archive_locales (void **all_datap,
90 if (cnt)
91 putchar_unlocked ('\n');
92
93- printf ("locale: %-15.15s archive: " ARCHIVE_NAME "\n%s\n",
94- names[cnt].name, linebuf);
95+ printf ("locale: %-15.15s archive: %s\n%s\n",
96+ names[cnt].name, _write_archive_locales_path, linebuf);
97
98 locrec = (struct locrecent *) (addr + names[cnt].locrec_offset);
99
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-10029.patch b/meta/recipes-core/glibc/glibc/CVE-2020-10029.patch
new file mode 100644
index 0000000000..606b691bcf
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2020-10029.patch
@@ -0,0 +1,128 @@
1From ce265ec5bc25ec35fba53807abac1b0c8469895e Mon Sep 17 00:00:00 2001
2From: Joseph Myers <joseph@codesourcery.com>
3Date: Wed, 12 Feb 2020 23:31:56 +0000
4Subject: [PATCH] Avoid ldbl-96 stack corruption from range reduction of
5
6 pseudo-zero (bug 25487).
7
8Bug 25487 reports stack corruption in ldbl-96 sinl on a pseudo-zero
9argument (an representation where all the significand bits, including
10the explicit high bit, are zero, but the exponent is not zero, which
11is not a valid representation for the long double type).
12
13Although this is not a valid long double representation, existing
14practice in this area (see bug 4586, originally marked invalid but
15subsequently fixed) is that we still seek to avoid invalid memory
16accesses as a result, in case of programs that treat arbitrary binary
17data as long double representations, although the invalid
18representations of the ldbl-96 format do not need to be consistently
19handled the same as any particular valid representation.
20
21This patch makes the range reduction detect pseudo-zero and unnormal
22representations that would otherwise go to __kernel_rem_pio2, and
23returns a NaN for them instead of continuing with the range reduction
24process. (Pseudo-zero and unnormal representations whose unbiased
25exponent is less than -1 have already been safely returned from the
26function before this point without going through the rest of range
27reduction.) Pseudo-zero representations would previously result in
28the value passed to __kernel_rem_pio2 being all-zero, which is
29definitely unsafe; unnormal representations would previously result in
30a value passed whose high bit is zero, which might well be unsafe
31since that is not a form of input expected by __kernel_rem_pio2.
32
33Tested for x86_64.
34
35CVE: CVE-2020-10029
36Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=glibc.git;
37a=patch;h=9333498794cde1d5cca518badf79533a24114b6f]
38Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
39
40---
41 sysdeps/ieee754/ldbl-96/Makefile | 3 ++-
42 sysdeps/ieee754/ldbl-96/e_rem_pio2l.c | 12 +++++++++
43 sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c | 41 ++++++++++++++++++++++++++++++
44 3 files changed, 55 insertions(+), 1 deletion(-)
45 create mode 100644 sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c
46
47diff --git a/sysdeps/ieee754/ldbl-96/Makefile b/sysdeps/ieee754/ldbl-96/Makefile
48index b103254..052c1c7 100644
49--- a/sysdeps/ieee754/ldbl-96/Makefile
50+++ b/sysdeps/ieee754/ldbl-96/Makefile
51@@ -17,5 +17,6 @@
52 # <http://www.gnu.org/licenses/>.
53
54 ifeq ($(subdir),math)
55-tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96
56+tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96 test-sinl-pseudo
57+CFLAGS-test-sinl-pseudo.c += -fstack-protector-all
58 endif
59diff --git a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
60index 805de22..1aeccb4 100644
61--- a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
62+++ b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
63@@ -210,6 +210,18 @@ __ieee754_rem_pio2l (long double x, long double *y)
64 return 0;
65 }
66
67+ if ((i0 & 0x80000000) == 0)
68+ {
69+ /* Pseudo-zero and unnormal representations are not valid
70+ representations of long double. We need to avoid stack
71+ corruption in __kernel_rem_pio2, which expects input in a
72+ particular normal form, but those representations do not need
73+ to be consistently handled like any particular floating-point
74+ value. */
75+ y[1] = y[0] = __builtin_nanl ("");
76+ return 0;
77+ }
78+
79 /* Split the 64 bits of the mantissa into three 24-bit integers
80 stored in a double array. */
81 exp = j0 - 23;
82diff --git a/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c b/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c
83new file mode 100644
84index 0000000..f59b977
85--- /dev/null
86+++ b/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c
87@@ -0,0 +1,41 @@
88+/* Test sinl for pseudo-zeros and unnormals for ldbl-96 (bug 25487).
89+ Copyright (C) 2020 Free Software Foundation, Inc.
90+ This file is part of the GNU C Library.
91+
92+ The GNU C Library is free software; you can redistribute it and/or
93+ modify it under the terms of the GNU Lesser General Public
94+ License as published by the Free Software Foundation; either
95+ version 2.1 of the License, or (at your option) any later version.
96+
97+ The GNU C Library is distributed in the hope that it will be useful,
98+ but WITHOUT ANY WARRANTY; without even the implied warranty of
99+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
100+ Lesser General Public License for more details.
101+
102+ You should have received a copy of the GNU Lesser General Public
103+ License along with the GNU C Library; if not, see
104+ <https://www.gnu.org/licenses/>. */
105+
106+#include <math.h>
107+#include <math_ldbl.h>
108+#include <stdint.h>
109+
110+static int
111+do_test (void)
112+{
113+ for (int i = 0; i < 64; i++)
114+ {
115+ uint64_t sig = i == 63 ? 0 : 1ULL << i;
116+ long double ld;
117+ SET_LDOUBLE_WORDS (ld, 0x4141,
118+ sig >> 32, sig & 0xffffffffULL);
119+ /* The requirement is that no stack overflow occurs when the
120+ pseudo-zero or unnormal goes through range reduction. */
121+ volatile long double ldr;
122+ ldr = sinl (ld);
123+ (void) ldr;
124+ }
125+ return 0;
126+}
127+
128+#include <support/test-driver.c>
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-1751.patch b/meta/recipes-core/glibc/glibc/CVE-2020-1751.patch
new file mode 100644
index 0000000000..0ed92d50e9
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2020-1751.patch
@@ -0,0 +1,70 @@
1From d93769405996dfc11d216ddbe415946617b5a494 Mon Sep 17 00:00:00 2001
2From: Andreas Schwab <schwab@suse.de>
3Date: Mon, 20 Jan 2020 17:01:50 +0100
4Subject: [PATCH] Fix array overflow in backtrace on PowerPC (bug 25423)
5
6When unwinding through a signal frame the backtrace function on PowerPC
7didn't check array bounds when storing the frame address. Fixes commit
8d400dcac5e ("PowerPC: fix backtrace to handle signal trampolines").
9
10CVE: CVE-2020-1751
11Upstream-Status: Backport [git://sourceware.org/git/glibc.git]
12Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
13---
14 debug/tst-backtrace5.c | 12 ++++++++++++
15 sysdeps/powerpc/powerpc32/backtrace.c | 2 ++
16 sysdeps/powerpc/powerpc64/backtrace.c | 2 ++
17 3 files changed, 16 insertions(+)
18
19diff --git a/debug/tst-backtrace5.c b/debug/tst-backtrace5.c
20index e7ce410845..b2f46160e7 100644
21--- a/debug/tst-backtrace5.c
22+++ b/debug/tst-backtrace5.c
23@@ -89,6 +89,18 @@ handle_signal (int signum)
24 }
25 /* Symbol names are not available for static functions, so we do not
26 check do_test. */
27+
28+ /* Check that backtrace does not return more than what fits in the array
29+ (bug 25423). */
30+ for (int j = 0; j < NUM_FUNCTIONS; j++)
31+ {
32+ n = backtrace (addresses, j);
33+ if (n > j)
34+ {
35+ FAIL ();
36+ return;
37+ }
38+ }
39 }
40
41 NO_INLINE int
42diff --git a/sysdeps/powerpc/powerpc32/backtrace.c b/sysdeps/powerpc/powerpc32/backtrace.c
43index 7c2d4726f8..d1456c8ae4 100644
44--- a/sysdeps/powerpc/powerpc32/backtrace.c
45+++ b/sysdeps/powerpc/powerpc32/backtrace.c
46@@ -114,6 +114,8 @@ __backtrace (void **array, int size)
47 }
48 if (gregset)
49 {
50+ if (count + 1 == size)
51+ break;
52 array[++count] = (void*)((*gregset)[PT_NIP]);
53 current = (void*)((*gregset)[PT_R1]);
54 }
55diff --git a/sysdeps/powerpc/powerpc64/backtrace.c b/sysdeps/powerpc/powerpc64/backtrace.c
56index 65c260ab76..8a53a1088f 100644
57--- a/sysdeps/powerpc/powerpc64/backtrace.c
58+++ b/sysdeps/powerpc/powerpc64/backtrace.c
59@@ -87,6 +87,8 @@ __backtrace (void **array, int size)
60 if (is_sigtramp_address (current->return_address))
61 {
62 struct signal_frame_64 *sigframe = (struct signal_frame_64*) current;
63+ if (count + 1 == size)
64+ break;
65 array[++count] = (void*) sigframe->uc.uc_mcontext.gp_regs[PT_NIP];
66 current = (void*) sigframe->uc.uc_mcontext.gp_regs[PT_R1];
67 }
68--
692.23.0
70
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-1752.patch b/meta/recipes-core/glibc/glibc/CVE-2020-1752.patch
new file mode 100644
index 0000000000..6c347cd414
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2020-1752.patch
@@ -0,0 +1,66 @@
1From ddc650e9b3dc916eab417ce9f79e67337b05035c Mon Sep 17 00:00:00 2001
2From: Andreas Schwab <schwab@suse.de>
3Date: Wed, 19 Feb 2020 17:21:46 +0100
4Subject: [PATCH] Fix use-after-free in glob when expanding ~user (bug 25414)
5
6The value of `end_name' points into the value of `dirname', thus don't
7deallocate the latter before the last use of the former.
8
9CVE: CVE-2020-1752
10Upstream-Status: Backport [git://sourceware.org/git/glibc.git]
11Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
12---
13 posix/glob.c | 25 +++++++++++++------------
14 1 file changed, 13 insertions(+), 12 deletions(-)
15
16diff --git a/posix/glob.c b/posix/glob.c
17index cba9cd1819..4580cefb9f 100644
18--- a/posix/glob.c
19+++ b/posix/glob.c
20@@ -827,31 +827,32 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
21 {
22 size_t home_len = strlen (p->pw_dir);
23 size_t rest_len = end_name == NULL ? 0 : strlen (end_name);
24- char *d;
25+ char *d, *newp;
26+ bool use_alloca = glob_use_alloca (alloca_used,
27+ home_len + rest_len + 1);
28
29- if (__glibc_unlikely (malloc_dirname))
30- free (dirname);
31- malloc_dirname = 0;
32-
33- if (glob_use_alloca (alloca_used, home_len + rest_len + 1))
34- dirname = alloca_account (home_len + rest_len + 1,
35- alloca_used);
36+ if (use_alloca)
37+ newp = alloca_account (home_len + rest_len + 1, alloca_used);
38 else
39 {
40- dirname = malloc (home_len + rest_len + 1);
41- if (dirname == NULL)
42+ newp = malloc (home_len + rest_len + 1);
43+ if (newp == NULL)
44 {
45 scratch_buffer_free (&pwtmpbuf);
46 retval = GLOB_NOSPACE;
47 goto out;
48 }
49- malloc_dirname = 1;
50 }
51- d = mempcpy (dirname, p->pw_dir, home_len);
52+ d = mempcpy (newp, p->pw_dir, home_len);
53 if (end_name != NULL)
54 d = mempcpy (d, end_name, rest_len);
55 *d = '\0';
56
57+ if (__glibc_unlikely (malloc_dirname))
58+ free (dirname);
59+ dirname = newp;
60+ malloc_dirname = !use_alloca;
61+
62 dirlen = home_len + rest_len;
63 dirname_modified = 1;
64 }
65--
662.18.2
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-6096-1.patch b/meta/recipes-core/glibc/glibc/CVE-2020-6096-1.patch
new file mode 100644
index 0000000000..01c0328362
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2020-6096-1.patch
@@ -0,0 +1,193 @@
1From 79a4fa341b8a89cb03f84564fd72abaa1a2db394 Mon Sep 17 00:00:00 2001
2From: Evgeny Eremin <e.eremin@omprussia.ru>
3Date: Wed, 8 Jul 2020 14:18:19 +0200
4Subject: [PATCH 1/2] arm: CVE-2020-6096: fix memcpy and memmove for negative
5 length [BZ #25620]
6
7Unsigned branch instructions could be used for r2 to fix the wrong
8behavior when a negative length is passed to memcpy and memmove.
9This commit fixes the generic arm implementation of memcpy amd memmove.
10
11CVE: CVE-2020-6096
12Upstream-Status: Backport [git://sourceware.org/git/glibc.git]
13Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
14---
15 sysdeps/arm/memcpy.S | 24 ++++++++++--------------
16 sysdeps/arm/memmove.S | 24 ++++++++++--------------
17 2 files changed, 20 insertions(+), 28 deletions(-)
18
19diff --git a/sysdeps/arm/memcpy.S b/sysdeps/arm/memcpy.S
20index 510e8adaf2..bcfbc51d99 100644
21--- a/sysdeps/arm/memcpy.S
22+++ b/sysdeps/arm/memcpy.S
23@@ -68,7 +68,7 @@ ENTRY(memcpy)
24 cfi_remember_state
25
26 subs r2, r2, #4
27- blt 8f
28+ blo 8f
29 ands ip, r0, #3
30 PLD( pld [r1, #0] )
31 bne 9f
32@@ -82,7 +82,7 @@ ENTRY(memcpy)
33 cfi_rel_offset (r6, 4)
34 cfi_rel_offset (r7, 8)
35 cfi_rel_offset (r8, 12)
36- blt 5f
37+ blo 5f
38
39 CALGN( ands ip, r1, #31 )
40 CALGN( rsb r3, ip, #32 )
41@@ -98,9 +98,9 @@ ENTRY(memcpy)
42 #endif
43
44 PLD( pld [r1, #0] )
45-2: PLD( subs r2, r2, #96 )
46+2: PLD( cmp r2, #96 )
47 PLD( pld [r1, #28] )
48- PLD( blt 4f )
49+ PLD( blo 4f )
50 PLD( pld [r1, #60] )
51 PLD( pld [r1, #92] )
52
53@@ -108,9 +108,7 @@ ENTRY(memcpy)
54 4: ldmia r1!, {r3, r4, r5, r6, r7, r8, ip, lr}
55 subs r2, r2, #32
56 stmia r0!, {r3, r4, r5, r6, r7, r8, ip, lr}
57- bge 3b
58- PLD( cmn r2, #96 )
59- PLD( bge 4b )
60+ bhs 3b
61
62 5: ands ip, r2, #28
63 rsb ip, ip, #32
64@@ -222,7 +220,7 @@ ENTRY(memcpy)
65 strbge r4, [r0], #1
66 subs r2, r2, ip
67 strb lr, [r0], #1
68- blt 8b
69+ blo 8b
70 ands ip, r1, #3
71 beq 1b
72
73@@ -236,7 +234,7 @@ ENTRY(memcpy)
74 .macro forward_copy_shift pull push
75
76 subs r2, r2, #28
77- blt 14f
78+ blo 14f
79
80 CALGN( ands ip, r1, #31 )
81 CALGN( rsb ip, ip, #32 )
82@@ -253,9 +251,9 @@ ENTRY(memcpy)
83 cfi_rel_offset (r10, 16)
84
85 PLD( pld [r1, #0] )
86- PLD( subs r2, r2, #96 )
87+ PLD( cmp r2, #96 )
88 PLD( pld [r1, #28] )
89- PLD( blt 13f )
90+ PLD( blo 13f )
91 PLD( pld [r1, #60] )
92 PLD( pld [r1, #92] )
93
94@@ -280,9 +278,7 @@ ENTRY(memcpy)
95 mov ip, ip, PULL #\pull
96 orr ip, ip, lr, PUSH #\push
97 stmia r0!, {r3, r4, r5, r6, r7, r8, r10, ip}
98- bge 12b
99- PLD( cmn r2, #96 )
100- PLD( bge 13b )
101+ bhs 12b
102
103 pop {r5 - r8, r10}
104 cfi_adjust_cfa_offset (-20)
105diff --git a/sysdeps/arm/memmove.S b/sysdeps/arm/memmove.S
106index 954037ef3a..0d07b76ee6 100644
107--- a/sysdeps/arm/memmove.S
108+++ b/sysdeps/arm/memmove.S
109@@ -85,7 +85,7 @@ ENTRY(memmove)
110 add r1, r1, r2
111 add r0, r0, r2
112 subs r2, r2, #4
113- blt 8f
114+ blo 8f
115 ands ip, r0, #3
116 PLD( pld [r1, #-4] )
117 bne 9f
118@@ -99,7 +99,7 @@ ENTRY(memmove)
119 cfi_rel_offset (r6, 4)
120 cfi_rel_offset (r7, 8)
121 cfi_rel_offset (r8, 12)
122- blt 5f
123+ blo 5f
124
125 CALGN( ands ip, r1, #31 )
126 CALGN( sbcsne r4, ip, r2 ) @ C is always set here
127@@ -114,9 +114,9 @@ ENTRY(memmove)
128 #endif
129
130 PLD( pld [r1, #-4] )
131-2: PLD( subs r2, r2, #96 )
132+2: PLD( cmp r2, #96 )
133 PLD( pld [r1, #-32] )
134- PLD( blt 4f )
135+ PLD( blo 4f )
136 PLD( pld [r1, #-64] )
137 PLD( pld [r1, #-96] )
138
139@@ -124,9 +124,7 @@ ENTRY(memmove)
140 4: ldmdb r1!, {r3, r4, r5, r6, r7, r8, ip, lr}
141 subs r2, r2, #32
142 stmdb r0!, {r3, r4, r5, r6, r7, r8, ip, lr}
143- bge 3b
144- PLD( cmn r2, #96 )
145- PLD( bge 4b )
146+ bhs 3b
147
148 5: ands ip, r2, #28
149 rsb ip, ip, #32
150@@ -237,7 +235,7 @@ ENTRY(memmove)
151 strbge r4, [r0, #-1]!
152 subs r2, r2, ip
153 strb lr, [r0, #-1]!
154- blt 8b
155+ blo 8b
156 ands ip, r1, #3
157 beq 1b
158
159@@ -251,7 +249,7 @@ ENTRY(memmove)
160 .macro backward_copy_shift push pull
161
162 subs r2, r2, #28
163- blt 14f
164+ blo 14f
165
166 CALGN( ands ip, r1, #31 )
167 CALGN( rsb ip, ip, #32 )
168@@ -268,9 +266,9 @@ ENTRY(memmove)
169 cfi_rel_offset (r10, 16)
170
171 PLD( pld [r1, #-4] )
172- PLD( subs r2, r2, #96 )
173+ PLD( cmp r2, #96 )
174 PLD( pld [r1, #-32] )
175- PLD( blt 13f )
176+ PLD( blo 13f )
177 PLD( pld [r1, #-64] )
178 PLD( pld [r1, #-96] )
179
180@@ -295,9 +293,7 @@ ENTRY(memmove)
181 mov r4, r4, PUSH #\push
182 orr r4, r4, r3, PULL #\pull
183 stmdb r0!, {r4 - r8, r10, ip, lr}
184- bge 12b
185- PLD( cmn r2, #96 )
186- PLD( bge 13b )
187+ bhs 12b
188
189 pop {r5 - r8, r10}
190 cfi_adjust_cfa_offset (-20)
191--
1922.17.0
193
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-6096-2.patch b/meta/recipes-core/glibc/glibc/CVE-2020-6096-2.patch
new file mode 100644
index 0000000000..bfb2d7e7f5
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2020-6096-2.patch
@@ -0,0 +1,111 @@
1From beea361050728138b82c57dda0c4810402d342b9 Mon Sep 17 00:00:00 2001
2From: Alexander Anisimov <a.anisimov@omprussia.ru>
3Date: Wed, 8 Jul 2020 14:18:31 +0200
4Subject: [PATCH 2/2] arm: CVE-2020-6096: Fix multiarch memcpy for negative
5 length [BZ #25620]
6
7Unsigned branch instructions could be used for r2 to fix the wrong
8behavior when a negative length is passed to memcpy.
9This commit fixes the armv7 version.
10
11CVE: CVE-2020-6096
12Upstream-Status: Backport [git://sourceware.org/git/glibc.git]
13Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
14---
15 sysdeps/arm/armv7/multiarch/memcpy_impl.S | 22 +++++++++++-----------
16 1 file changed, 11 insertions(+), 11 deletions(-)
17
18diff --git a/sysdeps/arm/armv7/multiarch/memcpy_impl.S b/sysdeps/arm/armv7/multiarch/memcpy_impl.S
19index bf4ac7077f..379bb56fc9 100644
20--- a/sysdeps/arm/armv7/multiarch/memcpy_impl.S
21+++ b/sysdeps/arm/armv7/multiarch/memcpy_impl.S
22@@ -268,7 +268,7 @@ ENTRY(memcpy)
23
24 mov dst, dstin /* Preserve dstin, we need to return it. */
25 cmp count, #64
26- bge .Lcpy_not_short
27+ bhs .Lcpy_not_short
28 /* Deal with small copies quickly by dropping straight into the
29 exit block. */
30
31@@ -351,10 +351,10 @@ ENTRY(memcpy)
32
33 1:
34 subs tmp2, count, #64 /* Use tmp2 for count. */
35- blt .Ltail63aligned
36+ blo .Ltail63aligned
37
38 cmp tmp2, #512
39- bge .Lcpy_body_long
40+ bhs .Lcpy_body_long
41
42 .Lcpy_body_medium: /* Count in tmp2. */
43 #ifdef USE_VFP
44@@ -378,7 +378,7 @@ ENTRY(memcpy)
45 add src, src, #64
46 vstr d1, [dst, #56]
47 add dst, dst, #64
48- bge 1b
49+ bhs 1b
50 tst tmp2, #0x3f
51 beq .Ldone
52
53@@ -412,7 +412,7 @@ ENTRY(memcpy)
54 ldrd A_l, A_h, [src, #64]!
55 strd A_l, A_h, [dst, #64]!
56 subs tmp2, tmp2, #64
57- bge 1b
58+ bhs 1b
59 tst tmp2, #0x3f
60 bne 1f
61 ldr tmp2,[sp], #FRAME_SIZE
62@@ -482,7 +482,7 @@ ENTRY(memcpy)
63 add src, src, #32
64
65 subs tmp2, tmp2, #prefetch_lines * 64 * 2
66- blt 2f
67+ blo 2f
68 1:
69 cpy_line_vfp d3, 0
70 cpy_line_vfp d4, 64
71@@ -494,7 +494,7 @@ ENTRY(memcpy)
72 add dst, dst, #2 * 64
73 add src, src, #2 * 64
74 subs tmp2, tmp2, #prefetch_lines * 64
75- bge 1b
76+ bhs 1b
77
78 2:
79 cpy_tail_vfp d3, 0
80@@ -615,8 +615,8 @@ ENTRY(memcpy)
81 1:
82 pld [src, #(3 * 64)]
83 subs count, count, #64
84- ldrmi tmp2, [sp], #FRAME_SIZE
85- bmi .Ltail63unaligned
86+ ldrlo tmp2, [sp], #FRAME_SIZE
87+ blo .Ltail63unaligned
88 pld [src, #(4 * 64)]
89
90 #ifdef USE_NEON
91@@ -633,7 +633,7 @@ ENTRY(memcpy)
92 neon_load_multi d0-d3, src
93 neon_load_multi d4-d7, src
94 subs count, count, #64
95- bmi 2f
96+ blo 2f
97 1:
98 pld [src, #(4 * 64)]
99 neon_store_multi d0-d3, dst
100@@ -641,7 +641,7 @@ ENTRY(memcpy)
101 neon_store_multi d4-d7, dst
102 neon_load_multi d4-d7, src
103 subs count, count, #64
104- bpl 1b
105+ bhs 1b
106 2:
107 neon_store_multi d0-d3, dst
108 neon_store_multi d4-d7, dst
109--
1102.17.0
111
diff --git a/meta/recipes-core/glibc/glibc_2.30.bb b/meta/recipes-core/glibc/glibc_2.30.bb
index 7913bc2812..b674b02706 100644
--- a/meta/recipes-core/glibc/glibc_2.30.bb
+++ b/meta/recipes-core/glibc/glibc_2.30.bb
@@ -42,6 +42,11 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
42 file://0027-inject-file-assembly-directives.patch \ 42 file://0027-inject-file-assembly-directives.patch \
43 file://0028-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \ 43 file://0028-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
44 file://CVE-2019-19126.patch \ 44 file://CVE-2019-19126.patch \
45 file://CVE-2020-10029.patch \
46 file://CVE-2020-1751.patch \
47 file://CVE-2020-1752.patch \
48 file://CVE-2020-6096-1.patch \
49 file://CVE-2020-6096-2.patch \
45 " 50 "
46S = "${WORKDIR}/git" 51S = "${WORKDIR}/git"
47B = "${WORKDIR}/build-${TARGET_SYS}" 52B = "${WORKDIR}/build-${TARGET_SYS}"
diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index f071f6cf14..e993bde2d7 100644
--- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -24,7 +24,7 @@ IMAGE_FSTYPES = "wic.vmdk"
24 24
25inherit core-image module-base setuptools3 25inherit core-image module-base setuptools3
26 26
27SRCREV ?= "36520aa3829288e561f160f679c06246904591b6" 27SRCREV ?= "f4b1c01110bf6cf7691aa6f214cecd89a52d5661"
28SRC_URI = "git://git.yoctoproject.org/poky;branch=zeus \ 28SRC_URI = "git://git.yoctoproject.org/poky;branch=zeus \
29 file://Yocto_Build_Appliance.vmx \ 29 file://Yocto_Build_Appliance.vmx \
30 file://Yocto_Build_Appliance.vmxf \ 30 file://Yocto_Build_Appliance.vmxf \
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch b/meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch
new file mode 100644
index 0000000000..4ee2d4fe62
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch
@@ -0,0 +1,37 @@
1From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
2From: Zhipeng Xie <xiezhipeng1@huawei.com>
3Date: Tue, 20 Aug 2019 16:33:06 +0800
4Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
5
6When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
7alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
8to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
9vctxt->xsiAssemble to 0 again which cause the alloced schema
10can not be freed anymore.
11
12Found with libFuzzer.
13
14Upstream-Status: Accepted [https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a]
15CVE: CVE-2019-20388
16
17Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
18Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
19---
20 xmlschemas.c | 1 -
21 1 file changed, 1 deletion(-)
22
23diff --git a/xmlschemas.c b/xmlschemas.c
24index 301c8449..39d92182 100644
25--- a/xmlschemas.c
26+++ b/xmlschemas.c
27@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
28 vctxt->nberrors = 0;
29 vctxt->depth = -1;
30 vctxt->skipDepth = -1;
31- vctxt->xsiAssemble = 0;
32 vctxt->hasKeyrefs = 0;
33 #ifdef ENABLE_IDC_NODE_TABLES_TEST
34 vctxt->createIDCNodeTables = 1;
35--
362.24.1
37
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch b/meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch
new file mode 100644
index 0000000000..facfefd362
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch
@@ -0,0 +1,36 @@
1From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
2From: Zhipeng Xie <xiezhipeng1@huawei.com>
3Date: Thu, 12 Dec 2019 17:30:55 +0800
4Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
5
6When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
7return NULL which cause a infinite loop in xmlStringLenDecodeEntities
8
9Found with libFuzzer.
10
11Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
12
13Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076]
14CVE: CVE-2020-7595
15Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
16---
17 parser.c | 3 ++-
18 1 file changed, 2 insertions(+), 1 deletion(-)
19
20diff --git a/parser.c b/parser.c
21index d1c31963..a34bb6cd 100644
22--- a/parser.c
23+++ b/parser.c
24@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
25 else
26 c = 0;
27 while ((c != 0) && (c != end) && /* non input consuming loop */
28- (c != end2) && (c != end3)) {
29+ (c != end2) && (c != end3) &&
30+ (ctxt->instate != XML_PARSER_EOF)) {
31
32 if (c == 0) break;
33 if ((c == '&') && (str[1] == '#')) {
34--
352.24.1
36
diff --git a/meta/recipes-core/libxml/libxml2_2.9.9.bb b/meta/recipes-core/libxml/libxml2_2.9.9.bb
index c44a90b1c2..1d898ab020 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.9.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.9.bb
@@ -21,6 +21,8 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
21 file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \ 21 file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
22 file://fix-execution-of-ptests.patch \ 22 file://fix-execution-of-ptests.patch \
23 file://Fix-CVE-2019-19956.patch \ 23 file://Fix-CVE-2019-19956.patch \
24 file://CVE-2020-7595.patch \
25 file://CVE-2019-20388.patch \
24 " 26 "
25 27
26SRC_URI[libtar.md5sum] = "c04a5a0a042eaa157e8e8c9eabe76bd6" 28SRC_URI[libtar.md5sum] = "c04a5a0a042eaa157e8e8c9eabe76bd6"
diff --git a/meta/recipes-core/meta/buildtools-extended-tarball.bb b/meta/recipes-core/meta/buildtools-extended-tarball.bb
new file mode 100644
index 0000000000..94ed57585b
--- /dev/null
+++ b/meta/recipes-core/meta/buildtools-extended-tarball.bb
@@ -0,0 +1,36 @@
1require recipes-core/meta/buildtools-tarball.bb
2
3DESCRIPTION = "SDK type target for building a standalone tarball containing build-essentials, python3, chrpath, \
4 make, git and tar. The tarball can be used to run bitbake builds on systems which don't meet the \
5 usual version requirements and have ancient compilers."
6SUMMARY = "Standalone tarball for running builds on systems with inadequate software and ancient compilers"
7LICENSE = "MIT"
8
9# Add nativesdk equivalent of build-essentials
10TOOLCHAIN_HOST_TASK += "\
11 nativesdk-automake \
12 nativesdk-autoconf \
13 nativesdk-binutils \
14 nativesdk-binutils-symlinks \
15 nativesdk-cpp \
16 nativesdk-cpp-symlinks \
17 nativesdk-gcc \
18 nativesdk-gcc-symlinks \
19 nativesdk-g++ \
20 nativesdk-g++-symlinks \
21 nativesdk-gettext \
22 nativesdk-libatomic \
23 nativesdk-libgcc \
24 nativesdk-libstdc++ \
25 nativesdk-libstdc++-dev \
26 nativesdk-libstdc++-staticdev \
27 nativesdk-libtool \
28 nativesdk-pkgconfig \
29 nativesdk-glibc-utils \
30 nativesdk-python \
31 nativesdk-libxcrypt-dev \
32 "
33
34TOOLCHAIN_OUTPUTNAME = "${SDK_ARCH}-buildtools-extended-nativesdk-standalone-${DISTRO_VERSION}"
35
36SDK_TITLE = "Extended Build tools"
diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb
index 66201514d7..ceb60b0e48 100644
--- a/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/meta/recipes-core/meta/buildtools-tarball.bb
@@ -73,7 +73,13 @@ create_sdk_files_append () {
73 toolchain_create_sdk_version ${SDK_OUTPUT}/${SDKPATH}/version-${SDK_SYS} 73 toolchain_create_sdk_version ${SDK_OUTPUT}/${SDKPATH}/version-${SDK_SYS}
74 74
75 echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script 75 echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
76 echo 'export SSL_CERT_FILE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
77 echo 'export OPENSSL_CONF="${SDKPATHNATIVE}${sysconfdir}/ssl/openssl.cnf"' >>$script
76 78
79 mkdir -p ${SDK_OUTPUT}/${SDKPATHNATIVE}${sysconfdir}/
80 echo '${SDKPATHNATIVE}${libdir}
81${SDKPATHNATIVE}${base_libdir}
82include /etc/ld.so.conf' > ${SDK_OUTPUT}/${SDKPATHNATIVE}${sysconfdir}/ld.so.conf
77 if [ "${SDKMACHINE}" = "i686" ]; then 83 if [ "${SDKMACHINE}" = "i686" ]; then
78 echo 'export NO32LIBS="0"' >>$script 84 echo 'export NO32LIBS="0"' >>$script
79 echo 'echo "$BB_ENV_EXTRAWHITE" | grep -q "NO32LIBS"' >>$script 85 echo 'echo "$BB_ENV_EXTRAWHITE" | grep -q "NO32LIBS"' >>$script
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 575254af40..0577a5ccac 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -13,8 +13,15 @@ deltask do_install
13deltask do_populate_sysroot 13deltask do_populate_sysroot
14 14
15python () { 15python () {
16 if not d.getVar("CVE_CHECK_DB_FILE"): 16 cve_check_db_file = d.getVar("CVE_CHECK_DB_FILE")
17 if not cve_check_db_file:
17 raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") 18 raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
19
20 if os.path.exists("%s-journal" % cve_check_db_file ):
21 os.remove("%s-journal" % cve_check_db_file)
22
23 if os.path.exists(cve_check_db_file):
24 os.remove(cve_check_db_file)
18} 25}
19 26
20python do_populate_cve_db() { 27python do_populate_cve_db() {
@@ -122,7 +129,7 @@ def parse_node_and_insert(c, node, cveId):
122 product = cpe23[4] 129 product = cpe23[4]
123 version = cpe23[5] 130 version = cpe23[5]
124 131
125 if version != '*': 132 if version != '*' and version != '-':
126 # Version is defined, this is a '=' match 133 # Version is defined, this is a '=' match
127 yield [cveId, vendor, product, version, '=', '', ''] 134 yield [cveId, vendor, product, version, '=', '', '']
128 else: 135 else:
@@ -160,15 +167,20 @@ def update_db(c, jsondata):
160 if not elt['impact']: 167 if not elt['impact']:
161 continue 168 continue
162 169
170 accessVector = None
163 cveId = elt['cve']['CVE_data_meta']['ID'] 171 cveId = elt['cve']['CVE_data_meta']['ID']
164 cveDesc = elt['cve']['description']['description_data'][0]['value'] 172 cveDesc = elt['cve']['description']['description_data'][0]['value']
165 date = elt['lastModifiedDate'] 173 date = elt['lastModifiedDate']
166 accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
167 cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
168
169 try: 174 try:
175 accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
176 cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
177 except KeyError:
178 cvssv2 = 0.0
179 try:
180 accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
170 cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] 181 cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
171 except: 182 except KeyError:
183 accessVector = accessVector or "UNKNOWN"
172 cvssv3 = 0.0 184 cvssv3 = 0.0
173 185
174 c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", 186 c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
diff --git a/meta/recipes-core/meta/dummy-sdk-package.inc b/meta/recipes-core/meta/dummy-sdk-package.inc
index 4d653706b1..0d15a37c35 100644
--- a/meta/recipes-core/meta/dummy-sdk-package.inc
+++ b/meta/recipes-core/meta/dummy-sdk-package.inc
@@ -17,6 +17,9 @@ ALLOW_EMPTY_${PN} = "1"
17 17
18PR[vardeps] += "DUMMYPROVIDES" 18PR[vardeps] += "DUMMYPROVIDES"
19 19
20DUMMYPROVIDES_PACKAGES ??= ""
21DUMMYPROVIDES += "${@' '.join([multilib_pkg_extend(d, pkg) for pkg in d.getVar('DUMMYPROVIDES_PACKAGES').split()])}"
22
20python populate_packages_prepend() { 23python populate_packages_prepend() {
21 p = d.getVar("PN") 24 p = d.getVar("PN")
22 d.appendVar("RPROVIDES_%s" % p, "${DUMMYPROVIDES}") 25 d.appendVar("RPROVIDES_%s" % p, "${DUMMYPROVIDES}")
diff --git a/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb b/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb
index 6a8748acdf..cfa41c4ae6 100644
--- a/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb
+++ b/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb
@@ -1,6 +1,6 @@
1DUMMYARCH = "buildtools-dummy-${SDKPKGSUFFIX}" 1DUMMYARCH = "buildtools-dummy-${SDKPKGSUFFIX}"
2 2
3DUMMYPROVIDES = "\ 3DUMMYPROVIDES_PACKAGES = "\
4 nativesdk-perl \ 4 nativesdk-perl \
5 nativesdk-libxml-parser-perl \ 5 nativesdk-libxml-parser-perl \
6 nativesdk-perl-module-bytes \ 6 nativesdk-perl-module-bytes \
@@ -15,12 +15,18 @@ DUMMYPROVIDES = "\
15 nativesdk-perl-module-file-find \ 15 nativesdk-perl-module-file-find \
16 nativesdk-perl-module-file-glob \ 16 nativesdk-perl-module-file-glob \
17 nativesdk-perl-module-file-path \ 17 nativesdk-perl-module-file-path \
18 nativesdk-perl-module-file-spec \
18 nativesdk-perl-module-file-stat \ 19 nativesdk-perl-module-file-stat \
19 nativesdk-perl-module-getopt-long \ 20 nativesdk-perl-module-getopt-long \
20 nativesdk-perl-module-io-file \ 21 nativesdk-perl-module-io-file \
22 nativesdk-perl-module-overloading \
21 nativesdk-perl-module-posix \ 23 nativesdk-perl-module-posix \
22 nativesdk-perl-module-thread-queue \ 24 nativesdk-perl-module-thread-queue \
23 nativesdk-perl-module-threads \ 25 nativesdk-perl-module-threads \
26 nativesdk-perl-module-warnings \
27"
28
29DUMMYPROVIDES = "\
24 /usr/bin/perl \ 30 /usr/bin/perl \
25 " 31 "
26 32
diff --git a/meta/recipes-core/meta/nativesdk-sdk-provides-dummy.bb b/meta/recipes-core/meta/nativesdk-sdk-provides-dummy.bb
index b891efa5ef..29f4dd3633 100644
--- a/meta/recipes-core/meta/nativesdk-sdk-provides-dummy.bb
+++ b/meta/recipes-core/meta/nativesdk-sdk-provides-dummy.bb
@@ -1,10 +1,13 @@
1DUMMYARCH = "sdk-provides-dummy-${SDKPKGSUFFIX}" 1DUMMYARCH = "sdk-provides-dummy-${SDKPKGSUFFIX}"
2 2
3DUMMYPROVIDES_PACKAGES = "\
4 pkgconfig \
5"
6
3# Add /bin/sh? 7# Add /bin/sh?
4DUMMYPROVIDES = "\ 8DUMMYPROVIDES = "\
5 /bin/bash \ 9 /bin/bash \
6 /usr/bin/env \ 10 /usr/bin/env \
7 pkgconfig \
8 libGL.so()(64bit) \ 11 libGL.so()(64bit) \
9 libGL.so \ 12 libGL.so \
10" 13"
diff --git a/meta/recipes-core/meta/target-sdk-provides-dummy.bb b/meta/recipes-core/meta/target-sdk-provides-dummy.bb
index 87b8bfab9c..e3beeb796c 100644
--- a/meta/recipes-core/meta/target-sdk-provides-dummy.bb
+++ b/meta/recipes-core/meta/target-sdk-provides-dummy.bb
@@ -48,7 +48,6 @@ DUMMYPROVIDES_PACKAGES = "\
48" 48"
49 49
50DUMMYPROVIDES = "\ 50DUMMYPROVIDES = "\
51 ${@' '.join([multilib_pkg_extend(d, pkg) for pkg in d.getVar('DUMMYPROVIDES_PACKAGES').split()])} \
52 /bin/sh \ 51 /bin/sh \
53 /bin/bash \ 52 /bin/bash \
54 /usr/bin/env \ 53 /usr/bin/env \
diff --git a/meta/recipes-core/ncurses/ncurses_6.1+20190803.bb b/meta/recipes-core/ncurses/ncurses_6.1+20190803.bb
index e638a3737c..c3a89f1c4f 100644
--- a/meta/recipes-core/ncurses/ncurses_6.1+20190803.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.1+20190803.bb
@@ -10,3 +10,5 @@ SRCREV = "3c9b2677c96c645496997321bf2fe465a5e7e21f"
10S = "${WORKDIR}/git" 10S = "${WORKDIR}/git"
11EXTRA_OECONF += "--with-abi-version=5 --cache-file=${B}/config.cache" 11EXTRA_OECONF += "--with-abi-version=5 --cache-file=${B}/config.cache"
12UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+(\+\d+)*)" 12UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+(\+\d+)*)"
13
14CVE_VERSION = "6.1.${@d.getVar("PV").split('+')[1]}"
diff --git a/meta/recipes-core/systemd/systemd/0001-Merge-branch-polkit-ref-count.patch b/meta/recipes-core/systemd/systemd/0001-Merge-branch-polkit-ref-count.patch
new file mode 100644
index 0000000000..e684ab8755
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/0001-Merge-branch-polkit-ref-count.patch
@@ -0,0 +1,520 @@
1From 0062d795bf29301ae054e1826a7189198a2565c4 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
3Date: Tue, 14 Apr 2020 09:06:53 +0000
4Subject: [PATCH] Merge branch 'polkit-ref-count'
5
6Upsteam-Status: Backport [https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2]
7CVE: CVE-2020-1712
8
9Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
10---
11 TODO | 2 +-
12 man/rules/meson.build | 1 +
13 man/sd_bus_enqueue_for_read.xml | 88 ++++++++++++++++
14 src/libsystemd/libsystemd.sym | 1 +
15 src/libsystemd/sd-bus/sd-bus.c | 24 +++++
16 src/shared/bus-util.c | 179 +++++++++++++++++++++-----------
17 src/systemd/sd-bus.h | 1 +
18 7 files changed, 235 insertions(+), 61 deletions(-)
19 create mode 100644 man/sd_bus_enqueue_for_read.xml
20
21diff --git a/TODO b/TODO
22index c5b5b86057..5c5ea1f568 100644
23--- a/TODO
24+++ b/TODO
25@@ -184,7 +184,7 @@ Features:
26
27 * the a-posteriori stopping of units bound to units that disappeared logic
28 should be reworked: there should be a queue of units, and we should only
29- enqeue stop jobs from a defer event that processes queue instead of
30+ enqueue stop jobs from a defer event that processes queue instead of
31 right-away when we find a unit that is bound to one that doesn't exist
32 anymore. (similar to how the stop-unneeded queue has been reworked the same
33 way)
34diff --git a/man/rules/meson.build b/man/rules/meson.build
35index 3b63311d7b..e80ed98c34 100644
36--- a/man/rules/meson.build
37+++ b/man/rules/meson.build
38@@ -192,6 +192,7 @@ manpages = [
39 'sd_bus_open_user_with_description',
40 'sd_bus_open_with_description'],
41 ''],
42+ ['sd_bus_enqueue_for_read', '3', [], ''],
43 ['sd_bus_error',
44 '3',
45 ['SD_BUS_ERROR_MAKE_CONST',
46diff --git a/man/sd_bus_enqueue_for_read.xml b/man/sd_bus_enqueue_for_read.xml
47new file mode 100644
48index 0000000000..3318a3031b
49--- /dev/null
50+++ b/man/sd_bus_enqueue_for_read.xml
51@@ -0,0 +1,88 @@
52+<?xml version='1.0'?>
53+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
54+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
55+<!-- SPDX-License-Identifier: LGPL-2.1+ -->
56+
57+<refentry id="sd_bus_enqueue_for_read"
58+ xmlns:xi="http://www.w3.org/2001/XInclude">
59+
60+ <refentryinfo>
61+ <title>sd_bus_enqueue_for_read</title>
62+ <productname>systemd</productname>
63+ </refentryinfo>
64+
65+ <refmeta>
66+ <refentrytitle>sd_bus_enqueue_for_read</refentrytitle>
67+ <manvolnum>3</manvolnum>
68+ </refmeta>
69+
70+ <refnamediv>
71+ <refname>sd_bus_enqueue_for_read</refname>
72+
73+ <refpurpose>Re-enqueue a bus message on a bus connection, for reading.</refpurpose>
74+ </refnamediv>
75+
76+ <refsynopsisdiv>
77+ <funcsynopsis>
78+ <funcsynopsisinfo>#include &lt;systemd/sd-bus.h&gt;</funcsynopsisinfo>
79+
80+ <funcprototype>
81+ <funcdef>int <function>sd_bus_enqueue_for_read</function></funcdef>
82+ <paramdef>sd_bus *<parameter>bus</parameter></paramdef>
83+ <paramdef>sd_bus_message *<parameter>message</parameter></paramdef>
84+ </funcprototype>
85+
86+ </funcsynopsis>
87+ </refsynopsisdiv>
88+
89+ <refsect1>
90+ <title>Description</title>
91+
92+ <para><function>sd_bus_enqueue_for_read()</function> may be used to re-enqueue an incoming bus message on
93+ the local read queue, so that it is processed and dispatched locally again, similar to how an incoming
94+ message from the peer is processed. Takes a bus connection object and the message to enqueue. A reference
95+ is taken of the message and the caller's reference thus remains in possession of the caller. The message
96+ is enqueued at the end of the queue, thus will be dispatched after all other already queued messages are
97+ dispatched.</para>
98+
99+ <para>This call is primarily useful for dealing with incoming method calls that may be processed only
100+ after an additional asynchronous operation completes. One example are PolicyKit authorization requests
101+ that are determined to be necessary to authorize a newly incoming method call: when the PolicyKit response
102+ is received the original method call may be re-enqueued to process it again, this time with the
103+ authorization result known.</para>
104+ </refsect1>
105+
106+ <refsect1>
107+ <title>Return Value</title>
108+
109+ <para>On success, this function return 0 or a positive integer. On failure, it returns a negative errno-style
110+ error code.</para>
111+
112+ <refsect2>
113+ <title>Errors</title>
114+
115+ <para>Returned errors may indicate the following problems:</para>
116+
117+ <variablelist>
118+ <varlistentry>
119+ <term><constant>-ECHILD</constant></term>
120+
121+ <listitem><para>The bus connection has been created in a different process.</para></listitem>
122+ </varlistentry>
123+ </variablelist>
124+ </refsect2>
125+ </refsect1>
126+
127+ <xi:include href="libsystemd-pkgconfig.xml" />
128+
129+ <refsect1>
130+ <title>See Also</title>
131+
132+ <para>
133+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
134+ <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
135+ <citerefentry><refentrytitle>sd_bus_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
136+ </para>
137+ </refsect1>
138+
139+</refentry>
140diff --git a/src/libsystemd/libsystemd.sym b/src/libsystemd/libsystemd.sym
141index 5ec42e0f1f..c40f1b7d1a 100644
142--- a/src/libsystemd/libsystemd.sym
143+++ b/src/libsystemd/libsystemd.sym
144@@ -679,6 +679,7 @@ global:
145
146 LIBSYSTEMD_243 {
147 global:
148+ sd_bus_enqueue_for_read;
149 sd_bus_object_vtable_format;
150 sd_event_source_disable_unref;
151 } LIBSYSTEMD_241;
152diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
153index 026ac8cb94..07bc145f37 100644
154--- a/src/libsystemd/sd-bus/sd-bus.c
155+++ b/src/libsystemd/sd-bus/sd-bus.c
156@@ -4194,3 +4194,27 @@ _public_ int sd_bus_get_close_on_exit(sd_bus *bus) {
157
158 return bus->close_on_exit;
159 }
160+
161+_public_ int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m) {
162+ int r;
163+
164+ assert_return(bus, -EINVAL);
165+ assert_return(bus = bus_resolve(bus), -ENOPKG);
166+ assert_return(m, -EINVAL);
167+ assert_return(m->sealed, -EINVAL);
168+ assert_return(!bus_pid_changed(bus), -ECHILD);
169+
170+ if (!BUS_IS_OPEN(bus->state))
171+ return -ENOTCONN;
172+
173+ /* Re-enqueue a message for reading. This is primarily useful for PolicyKit-style authentication,
174+ * where we accept a message, then determine we need to interactively authenticate the user, and then
175+ * we want to process the message again. */
176+
177+ r = bus_rqueue_make_room(bus);
178+ if (r < 0)
179+ return r;
180+
181+ bus->rqueue[bus->rqueue_size++] = bus_message_ref_queued(m, bus);
182+ return 0;
183+}
184diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
185index e9b0b8a99d..88cad9cd0a 100644
186--- a/src/shared/bus-util.c
187+++ b/src/shared/bus-util.c
188@@ -212,6 +212,34 @@ static int check_good_user(sd_bus_message *m, uid_t good_user) {
189 return sender_uid == good_user;
190 }
191
192+#if ENABLE_POLKIT
193+static int bus_message_append_strv_key_value(
194+ sd_bus_message *m,
195+ const char **l) {
196+
197+ const char **k, **v;
198+ int r;
199+
200+ assert(m);
201+
202+ r = sd_bus_message_open_container(m, 'a', "{ss}");
203+ if (r < 0)
204+ return r;
205+
206+ STRV_FOREACH_PAIR(k, v, l) {
207+ r = sd_bus_message_append(m, "{ss}", *k, *v);
208+ if (r < 0)
209+ return r;
210+ }
211+
212+ r = sd_bus_message_close_container(m);
213+ if (r < 0)
214+ return r;
215+
216+ return r;
217+}
218+#endif
219+
220 int bus_test_polkit(
221 sd_bus_message *call,
222 int capability,
223@@ -219,7 +247,7 @@ int bus_test_polkit(
224 const char **details,
225 uid_t good_user,
226 bool *_challenge,
227- sd_bus_error *e) {
228+ sd_bus_error *ret_error) {
229
230 int r;
231
232@@ -242,7 +270,7 @@ int bus_test_polkit(
233 _cleanup_(sd_bus_message_unrefp) sd_bus_message *request = NULL;
234 _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
235 int authorized = false, challenge = false;
236- const char *sender, **k, **v;
237+ const char *sender;
238
239 sender = sd_bus_message_get_sender(call);
240 if (!sender)
241@@ -266,17 +294,7 @@ int bus_test_polkit(
242 if (r < 0)
243 return r;
244
245- r = sd_bus_message_open_container(request, 'a', "{ss}");
246- if (r < 0)
247- return r;
248-
249- STRV_FOREACH_PAIR(k, v, details) {
250- r = sd_bus_message_append(request, "{ss}", *k, *v);
251- if (r < 0)
252- return r;
253- }
254-
255- r = sd_bus_message_close_container(request);
256+ r = bus_message_append_strv_key_value(request, details);
257 if (r < 0)
258 return r;
259
260@@ -284,11 +302,11 @@ int bus_test_polkit(
261 if (r < 0)
262 return r;
263
264- r = sd_bus_call(call->bus, request, 0, e, &reply);
265+ r = sd_bus_call(call->bus, request, 0, ret_error, &reply);
266 if (r < 0) {
267 /* Treat no PK available as access denied */
268- if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN)) {
269- sd_bus_error_free(e);
270+ if (sd_bus_error_has_name(ret_error, SD_BUS_ERROR_SERVICE_UNKNOWN)) {
271+ sd_bus_error_free(ret_error);
272 return -EACCES;
273 }
274
275@@ -319,15 +337,17 @@ int bus_test_polkit(
276 #if ENABLE_POLKIT
277
278 typedef struct AsyncPolkitQuery {
279+ char *action;
280+ char **details;
281+
282 sd_bus_message *request, *reply;
283- sd_bus_message_handler_t callback;
284- void *userdata;
285 sd_bus_slot *slot;
286+
287 Hashmap *registry;
288+ sd_event_source *defer_event_source;
289 } AsyncPolkitQuery;
290
291 static void async_polkit_query_free(AsyncPolkitQuery *q) {
292-
293 if (!q)
294 return;
295
296@@ -339,9 +359,25 @@ static void async_polkit_query_free(AsyncPolkitQuery *q) {
297 sd_bus_message_unref(q->request);
298 sd_bus_message_unref(q->reply);
299
300+ free(q->action);
301+ strv_free(q->details);
302+
303+ sd_event_source_disable_unref(q->defer_event_source);
304 free(q);
305 }
306
307+static int async_polkit_defer(sd_event_source *s, void *userdata) {
308+ AsyncPolkitQuery *q = userdata;
309+
310+ assert(s);
311+
312+ /* This is called as idle event source after we processed the async polkit reply, hopefully after the
313+ * method call we re-enqueued has been properly processed. */
314+
315+ async_polkit_query_free(q);
316+ return 0;
317+}
318+
319 static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) {
320 _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
321 AsyncPolkitQuery *q = userdata;
322@@ -350,21 +386,46 @@ static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_e
323 assert(reply);
324 assert(q);
325
326+ assert(q->slot);
327 q->slot = sd_bus_slot_unref(q->slot);
328+
329+ assert(!q->reply);
330 q->reply = sd_bus_message_ref(reply);
331
332+ /* Now, let's dispatch the original message a second time be re-enqueing. This will then traverse the
333+ * whole message processing again, and thus re-validating and re-retrieving the "userdata" field
334+ * again.
335+ *
336+ * We install an idle event loop event to clean-up the PolicyKit request data when we are idle again,
337+ * i.e. after the second time the message is processed is complete. */
338+
339+ assert(!q->defer_event_source);
340+ r = sd_event_add_defer(sd_bus_get_event(sd_bus_message_get_bus(reply)), &q->defer_event_source, async_polkit_defer, q);
341+ if (r < 0)
342+ goto fail;
343+
344+ r = sd_event_source_set_priority(q->defer_event_source, SD_EVENT_PRIORITY_IDLE);
345+ if (r < 0)
346+ goto fail;
347+
348+ r = sd_event_source_set_enabled(q->defer_event_source, SD_EVENT_ONESHOT);
349+ if (r < 0)
350+ goto fail;
351+
352 r = sd_bus_message_rewind(q->request, true);
353- if (r < 0) {
354- r = sd_bus_reply_method_errno(q->request, r, NULL);
355- goto finish;
356- }
357+ if (r < 0)
358+ goto fail;
359
360- r = q->callback(q->request, q->userdata, &error_buffer);
361- r = bus_maybe_reply_error(q->request, r, &error_buffer);
362+ r = sd_bus_enqueue_for_read(sd_bus_message_get_bus(q->request), q->request);
363+ if (r < 0)
364+ goto fail;
365
366-finish:
367- async_polkit_query_free(q);
368+ return 1;
369
370+fail:
371+ log_debug_errno(r, "Processing asynchronous PolicyKit reply failed, ignoring: %m");
372+ (void) sd_bus_reply_method_errno(q->request, r, NULL);
373+ async_polkit_query_free(q);
374 return r;
375 }
376
377@@ -378,16 +439,14 @@ int bus_verify_polkit_async(
378 bool interactive,
379 uid_t good_user,
380 Hashmap **registry,
381- sd_bus_error *error) {
382+ sd_bus_error *ret_error) {
383
384 #if ENABLE_POLKIT
385 _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL;
386 AsyncPolkitQuery *q;
387- const char *sender, **k, **v;
388- sd_bus_message_handler_t callback;
389- void *userdata;
390 int c;
391 #endif
392+ const char *sender;
393 int r;
394
395 assert(call);
396@@ -403,11 +462,17 @@ int bus_verify_polkit_async(
397 if (q) {
398 int authorized, challenge;
399
400- /* This is the second invocation of this function, and
401- * there's already a response from polkit, let's
402- * process it */
403+ /* This is the second invocation of this function, and there's already a response from
404+ * polkit, let's process it */
405 assert(q->reply);
406
407+ /* If the operation we want to authenticate changed between the first and the second time,
408+ * let's not use this authentication, it might be out of date as the object and context we
409+ * operate on might have changed. */
410+ if (!streq(q->action, action) ||
411+ !strv_equal(q->details, (char**) details))
412+ return -ESTALE;
413+
414 if (sd_bus_message_is_method_error(q->reply, NULL)) {
415 const sd_bus_error *e;
416
417@@ -418,7 +483,7 @@ int bus_verify_polkit_async(
418 return -EACCES;
419
420 /* Copy error from polkit reply */
421- sd_bus_error_copy(error, e);
422+ sd_bus_error_copy(ret_error, e);
423 return -sd_bus_error_get_errno(e);
424 }
425
426@@ -433,7 +498,7 @@ int bus_verify_polkit_async(
427 return 1;
428
429 if (challenge)
430- return sd_bus_error_set(error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
431+ return sd_bus_error_set(ret_error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
432
433 return -EACCES;
434 }
435@@ -445,20 +510,12 @@ int bus_verify_polkit_async(
436 else if (r > 0)
437 return 1;
438
439-#if ENABLE_POLKIT
440- if (sd_bus_get_current_message(call->bus) != call)
441- return -EINVAL;
442-
443- callback = sd_bus_get_current_handler(call->bus);
444- if (!callback)
445- return -EINVAL;
446-
447- userdata = sd_bus_get_current_userdata(call->bus);
448
449 sender = sd_bus_message_get_sender(call);
450 if (!sender)
451 return -EBADMSG;
452
453+#if ENABLE_POLKIT
454 c = sd_bus_message_get_allow_interactive_authorization(call);
455 if (c < 0)
456 return c;
457@@ -487,17 +544,7 @@ int bus_verify_polkit_async(
458 if (r < 0)
459 return r;
460
461- r = sd_bus_message_open_container(pk, 'a', "{ss}");
462- if (r < 0)
463- return r;
464-
465- STRV_FOREACH_PAIR(k, v, details) {
466- r = sd_bus_message_append(pk, "{ss}", *k, *v);
467- if (r < 0)
468- return r;
469- }
470-
471- r = sd_bus_message_close_container(pk);
472+ r = bus_message_append_strv_key_value(pk, details);
473 if (r < 0)
474 return r;
475
476@@ -505,13 +552,25 @@ int bus_verify_polkit_async(
477 if (r < 0)
478 return r;
479
480- q = new0(AsyncPolkitQuery, 1);
481+ q = new(AsyncPolkitQuery, 1);
482 if (!q)
483 return -ENOMEM;
484
485- q->request = sd_bus_message_ref(call);
486- q->callback = callback;
487- q->userdata = userdata;
488+ *q = (AsyncPolkitQuery) {
489+ .request = sd_bus_message_ref(call),
490+ };
491+
492+ q->action = strdup(action);
493+ if (!q->action) {
494+ async_polkit_query_free(q);
495+ return -ENOMEM;
496+ }
497+
498+ q->details = strv_copy((char**) details);
499+ if (!q->details) {
500+ async_polkit_query_free(q);
501+ return -ENOMEM;
502+ }
503
504 r = hashmap_put(*registry, call, q);
505 if (r < 0) {
506diff --git a/src/systemd/sd-bus.h b/src/systemd/sd-bus.h
507index 84ceb62dc7..0e5c761f83 100644
508--- a/src/systemd/sd-bus.h
509+++ b/src/systemd/sd-bus.h
510@@ -201,6 +201,7 @@ int sd_bus_process(sd_bus *bus, sd_bus_message **r);
511 int sd_bus_process_priority(sd_bus *bus, int64_t max_priority, sd_bus_message **r);
512 int sd_bus_wait(sd_bus *bus, uint64_t timeout_usec);
513 int sd_bus_flush(sd_bus *bus);
514+int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m);
515
516 sd_bus_slot* sd_bus_get_current_slot(sd_bus *bus);
517 sd_bus_message* sd_bus_get_current_message(sd_bus *bus);
518--
5192.23.0
520
diff --git a/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch b/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch
new file mode 100644
index 0000000000..7b5e3e7f7a
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch
@@ -0,0 +1,96 @@
1From 156a5fd297b61bce31630d7a52c15614bf784843 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
3Date: Sun, 31 May 2020 18:21:09 +0200
4Subject: [PATCH 1/1] basic/user-util: always use base 10 for user/group
5 numbers
6
7We would parse numbers with base prefixes as user identifiers. For example,
8"0x2b3bfa0" would be interpreted as UID==45334432 and "01750" would be
9interpreted as UID==1000. This parsing was used also in cases where either a
10user/group name or number may be specified. This means that names like
110x2b3bfa0 would be ambiguous: they are a valid user name according to our
12documented relaxed rules, but they would also be parsed as numeric uids.
13
14This behaviour is definitely not expected by users, since tools generally only
15accept decimal numbers (e.g. id, getent passwd), while other tools only accept
16user names and thus will interpret such strings as user names without even
17attempting to convert them to numbers (su, ssh). So let's follow suit and only
18accept numbers in decimal notation. Effectively this means that we will reject
19such strings as a username/uid/groupname/gid where strict mode is used, and try
20to look up a user/group with such a name in relaxed mode.
21
22Since the function changed is fairly low-level and fairly widely used, this
23affects multiple tools: loginctl show-user/enable-linger/disable-linger foo',
24the third argument in sysusers.d, fourth and fifth arguments in tmpfiles.d,
25etc.
26
27Fixes #15985.
28---
29 src/basic/user-util.c | 2 +-
30 src/test/test-user-util.c | 10 ++++++++++
31 2 files changed, 11 insertions(+), 1 deletion(-)
32
33--- end of commit 156a5fd297b61bce31630d7a52c15614bf784843 ---
34
35
36Add definition of safe_atou32_full() from commit b934ac3d6e7dcad114776ef30ee9098693e7ab7e
37
38CVE: CVE-2020-13776
39
40Upstream-Status: Backport [https://github.com/systemd/systemd.git]
41
42Signed-off-by: Joe Slater <joe.slater@windriver.com>
43
44
45
46--- git.orig/src/basic/user-util.c
47+++ git/src/basic/user-util.c
48@@ -49,7 +49,7 @@ int parse_uid(const char *s, uid_t *ret)
49 assert(s);
50
51 assert_cc(sizeof(uid_t) == sizeof(uint32_t));
52- r = safe_atou32(s, &uid);
53+ r = safe_atou32_full(s, 10, &uid);
54 if (r < 0)
55 return r;
56
57--- git.orig/src/test/test-user-util.c
58+++ git/src/test/test-user-util.c
59@@ -48,9 +48,19 @@ static void test_parse_uid(void) {
60
61 r = parse_uid("65535", &uid);
62 assert_se(r == -ENXIO);
63+ assert_se(uid == 100);
64+
65+ r = parse_uid("0x1234", &uid);
66+ assert_se(r == -EINVAL);
67+ assert_se(uid == 100);
68+
69+ r = parse_uid("01234", &uid);
70+ assert_se(r == 0);
71+ assert_se(uid == 1234);
72
73 r = parse_uid("asdsdas", &uid);
74 assert_se(r == -EINVAL);
75+ assert_se(uid == 1234);
76 }
77
78 static void test_uid_ptr(void) {
79--- git.orig/src/basic/parse-util.h
80+++ git/src/basic/parse-util.h
81@@ -45,9 +45,13 @@ static inline int safe_atoux16(const cha
82
83 int safe_atoi16(const char *s, int16_t *ret);
84
85-static inline int safe_atou32(const char *s, uint32_t *ret_u) {
86+static inline int safe_atou32_full(const char *s, unsigned base, uint32_t *ret_u) {
87 assert_cc(sizeof(uint32_t) == sizeof(unsigned));
88- return safe_atou(s, (unsigned*) ret_u);
89+ return safe_atou_full(s, base, (unsigned*) ret_u);
90+}
91+
92+static inline int safe_atou32(const char *s, uint32_t *ret_u) {
93+ return safe_atou32_full(s, 0, (unsigned*) ret_u);
94 }
95
96 static inline int safe_atoi32(const char *s, int32_t *ret_i) {
diff --git a/meta/recipes-core/systemd/systemd_243.2.bb b/meta/recipes-core/systemd/systemd_243.2.bb
index 6e7f95693b..905348176c 100644
--- a/meta/recipes-core/systemd/systemd_243.2.bb
+++ b/meta/recipes-core/systemd/systemd_243.2.bb
@@ -24,6 +24,8 @@ SRC_URI += "file://touchscreen.rules \
24 file://0005-rules-watch-metadata-changes-in-ide-devices.patch \ 24 file://0005-rules-watch-metadata-changes-in-ide-devices.patch \
25 file://0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch \ 25 file://0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch \
26 file://99-default.preset \ 26 file://99-default.preset \
27 file://0001-Merge-branch-polkit-ref-count.patch \
28 file://CVE-2020-13776.patch \
27 " 29 "
28 30
29# patches needed by musl 31# patches needed by musl
diff --git a/meta/recipes-devtools/apt/files/apt.conf b/meta/recipes-devtools/apt/files/apt.conf
index 03351356bc..c95a5b07af 100644
--- a/meta/recipes-devtools/apt/files/apt.conf
+++ b/meta/recipes-devtools/apt/files/apt.conf
@@ -39,4 +39,4 @@ APT
39 }; 39 };
40}; 40};
41 41
42DPkg::Options {"--root=#ROOTFS#";"--admindir=#ROOTFS#/var/lib/dpkg";"--force-all";"--no-debsig"}; 42DPkg::Options {"--root=#ROOTFS#";"--admindir=#ROOTFS#/var/lib/dpkg";"--force-all";"--no-force-overwrite";"--no-debsig"};
diff --git a/meta/recipes-devtools/binutils/binutils/nativesdk-relocation.patch b/meta/recipes-devtools/binutils/binutils/nativesdk-relocation.patch
new file mode 100644
index 0000000000..408f7d18b7
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/nativesdk-relocation.patch
@@ -0,0 +1,80 @@
1We need binutils to look at our ld.so.conf file within the SDK to ensure
2we search the SDK's libdirs as well as those from the host system.
3
4We therefore pass in the directory to the code using a define, then add
5it to a section we relocate in a similar way to the way we relocate the
6gcc internal paths. This ensures that ld works correctly in our buildtools
7tarball.
8
9Standard sysroot relocation doesn't work since we're not in a sysroot,
10we want to use both the host system and SDK libs.
11
12Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
132020/1/17
14Upstream-Status: Inappropriate [OE specific tweak]
15
16Index: git/ld/Makefile.am
17===================================================================
18--- git.orig/ld/Makefile.am
19+++ git/ld/Makefile.am
20@@ -36,7 +36,8 @@ am__skipyacc =
21
22 ELF_CLFAGS=-DELF_LIST_OPTIONS=@elf_list_options@ \
23 -DELF_SHLIB_LIST_OPTIONS=@elf_shlib_list_options@ \
24- -DELF_PLT_UNWIND_LIST_OPTIONS=@elf_plt_unwind_list_options@
25+ -DELF_PLT_UNWIND_LIST_OPTIONS=@elf_plt_unwind_list_options@ \
26+ -DSYSCONFDIR="\"$(sysconfdir)\""
27 WARN_CFLAGS = @WARN_CFLAGS@
28 NO_WERROR = @NO_WERROR@
29 AM_CFLAGS = $(WARN_CFLAGS) $(ELF_CLFAGS)
30Index: git/ld/Makefile.in
31===================================================================
32--- git.orig/ld/Makefile.in
33+++ git/ld/Makefile.in
34@@ -546,7 +546,8 @@ am__skiplex =
35 am__skipyacc =
36 ELF_CLFAGS = -DELF_LIST_OPTIONS=@elf_list_options@ \
37 -DELF_SHLIB_LIST_OPTIONS=@elf_shlib_list_options@ \
38- -DELF_PLT_UNWIND_LIST_OPTIONS=@elf_plt_unwind_list_options@
39+ -DELF_PLT_UNWIND_LIST_OPTIONS=@elf_plt_unwind_list_options@ \
40+ -DSYSCONFDIR="\"$(sysconfdir)\""
41
42 AM_CFLAGS = $(WARN_CFLAGS) $(ELF_CLFAGS)
43 @ENABLE_PLUGINS_FALSE@PLUGIN_C =
44Index: git/ld/emultempl/elf32.em
45===================================================================
46--- git.orig/ld/emultempl/elf32.em
47+++ git/ld/emultempl/elf32.em
48@@ -1024,7 +1024,7 @@ gld${EMULATION_NAME}_check_ld_so_conf (c
49
50 info.path = NULL;
51 info.len = info.alloc = 0;
52- tmppath = concat (ld_sysroot, "${prefix}/etc/ld.so.conf",
53+ tmppath = concat (ld_sysconfdir, "/ld.so.conf",
54 (const char *) NULL);
55 if (!gld${EMULATION_NAME}_parse_ld_so_conf (&info, tmppath))
56 {
57Index: git/ld/ldmain.c
58===================================================================
59--- git.orig/ld/ldmain.c
60+++ git/ld/ldmain.c
61@@ -68,6 +68,7 @@ char *program_name;
62
63 /* The prefix for system library directories. */
64 const char *ld_sysroot;
65+char ld_sysconfdir[4096] __attribute__ ((section (".gccrelocprefix"))) = SYSCONFDIR;
66
67 /* The canonical representation of ld_sysroot. */
68 char *ld_canon_sysroot;
69Index: git/ld/ldmain.h
70===================================================================
71--- git.orig/ld/ldmain.h
72+++ git/ld/ldmain.h
73@@ -23,6 +23,7 @@
74
75 extern char *program_name;
76 extern const char *ld_sysroot;
77+extern char ld_sysconfdir[4096];
78 extern char *ld_canon_sysroot;
79 extern int ld_canon_sysroot_len;
80 extern FILE *saved_script_handle;
diff --git a/meta/recipes-devtools/binutils/binutils_2.32.bb b/meta/recipes-devtools/binutils/binutils_2.32.bb
index 89315915c4..ecdab96658 100644
--- a/meta/recipes-devtools/binutils/binutils_2.32.bb
+++ b/meta/recipes-devtools/binutils/binutils_2.32.bb
@@ -51,5 +51,10 @@ do_install_class-native () {
51PACKAGE_BEFORE_PN += "libbfd" 51PACKAGE_BEFORE_PN += "libbfd"
52FILES_libbfd = "${libdir}/libbfd-*.so" 52FILES_libbfd = "${libdir}/libbfd-*.so"
53 53
54SRC_URI_append_class-nativesdk = "file://nativesdk-relocation.patch"
55
56USE_ALTERNATIVES_FOR_class-nativesdk = ""
57FILES_${PN}_append_class-nativesdk = " ${bindir}"
58
54BBCLASSEXTEND = "native nativesdk" 59BBCLASSEXTEND = "native nativesdk"
55 60
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch
new file mode 100644
index 0000000000..ba4e3a3c97
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch
@@ -0,0 +1,49 @@
1From 71ba13755337e19c9a826dfc874562a36e1b24d3 Mon Sep 17 00:00:00 2001
2From: Theodore Ts'o <tytso@mit.edu>
3Date: Thu, 19 Dec 2019 19:45:06 -0500
4Subject: [PATCH] e2fsck: don't try to rehash a deleted directory
5
6If directory has been deleted in pass1[bcd] processing, then we
7shouldn't try to rehash the directory in pass 3a when we try to
8rehash/reoptimize directories.
9
10Signed-off-by: Theodore Ts'o <tytso@mit.edu>
11
12Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba13755337e19c9a826dfc874562a36e1b24d3]
13Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
14---
15 e2fsck/pass1b.c | 4 ++++
16 e2fsck/rehash.c | 2 ++
17 2 files changed, 6 insertions(+)
18
19diff --git a/e2fsck/pass1b.c b/e2fsck/pass1b.c
20index 5693b9cf..bca701ca 100644
21--- a/e2fsck/pass1b.c
22+++ b/e2fsck/pass1b.c
23@@ -705,6 +705,10 @@ static void delete_file(e2fsck_t ctx, ext2_ino_t ino,
24 fix_problem(ctx, PR_1B_BLOCK_ITERATE, &pctx);
25 if (ctx->inode_bad_map)
26 ext2fs_unmark_inode_bitmap2(ctx->inode_bad_map, ino);
27+ if (ctx->inode_reg_map)
28+ ext2fs_unmark_inode_bitmap2(ctx->inode_reg_map, ino);
29+ ext2fs_unmark_inode_bitmap2(ctx->inode_dir_map, ino);
30+ ext2fs_unmark_inode_bitmap2(ctx->inode_used_map, ino);
31 ext2fs_inode_alloc_stats2(fs, ino, -1, LINUX_S_ISDIR(dp->inode.i_mode));
32 quota_data_sub(ctx->qctx, &dp->inode, ino,
33 pb.dup_blocks * fs->blocksize);
34diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
35index 3dd1e941..2c908be0 100644
36--- a/e2fsck/rehash.c
37+++ b/e2fsck/rehash.c
38@@ -1028,6 +1028,8 @@ void e2fsck_rehash_directories(e2fsck_t ctx)
39 if (!ext2fs_u32_list_iterate(iter, &ino))
40 break;
41 }
42+ if (!ext2fs_test_inode_bitmap2(ctx->inode_dir_map, ino))
43+ continue;
44
45 pctx.dir = ino;
46 if (first) {
47--
482.24.1
49
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch
new file mode 100644
index 0000000000..de4bce0037
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch
@@ -0,0 +1,57 @@
1From 8dd73c149f418238f19791f9d666089ef9734dff Mon Sep 17 00:00:00 2001
2From: Theodore Ts'o <tytso@mit.edu>
3Date: Thu, 19 Dec 2019 19:37:34 -0500
4Subject: [PATCH] e2fsck: abort if there is a corrupted directory block when
5 rehashing
6
7In e2fsck pass 3a, when we are rehashing directories, at least in
8theory, all of the directories should have had corruptions with
9respect to directory entry structure fixed. However, it's possible
10(for example, if the user declined a fix) that we can reach this stage
11of processing with a corrupted directory entries.
12
13So check for that case and don't try to process a corrupted directory
14block so we don't run into trouble in mutate_name() if there is a
15zero-length file name.
16
17Addresses: TALOS-2019-0973
18Addresses: CVE-2019-5188
19Signed-off-by: Theodore Ts'o <tytso@mit.edu>
20
21CVE: CVE-2019-5188
22Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
23Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff]
24---
25 e2fsck/rehash.c | 9 +++++++++
26 1 file changed, 9 insertions(+)
27
28diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
29index a5fc1be1..3dd1e941 100644
30--- a/e2fsck/rehash.c
31+++ b/e2fsck/rehash.c
32@@ -160,6 +160,10 @@ static int fill_dir_block(ext2_filsys fs,
33 dir_offset += rec_len;
34 if (dirent->inode == 0)
35 continue;
36+ if ((name_len) == 0) {
37+ fd->err = EXT2_ET_DIR_CORRUPTED;
38+ return BLOCK_ABORT;
39+ }
40 if (!fd->compress && (name_len == 1) &&
41 (dirent->name[0] == '.'))
42 continue;
43@@ -401,6 +405,11 @@ static int duplicate_search_and_fix(e2fsck_t ctx, ext2_filsys fs,
44 continue;
45 }
46 new_len = ext2fs_dirent_name_len(ent->dir);
47+ if (new_len == 0) {
48+ /* should never happen */
49+ ext2fs_unmark_valid(fs);
50+ continue;
51+ }
52 memcpy(new_name, ent->dir->name, new_len);
53 mutate_name(new_name, &new_len);
54 for (j=0; j < fd->num_array; j++) {
55--
562.24.1
57
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch
new file mode 100644
index 0000000000..342a2b855b
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch
@@ -0,0 +1,76 @@
1From: Wang Shilong <wshilong@ddn.com>
2Date: Mon, 30 Dec 2019 19:52:39 -0500
3Subject: e2fsck: fix use after free in calculate_tree()
4
5The problem is alloc_blocks() will call get_next_block() which might
6reallocate outdir->buf, and memory address could be changed after
7this. To fix this, pointers that point into outdir->buf, such as
8int_limit and root need to be recaulated based on the new starting
9address of outdir->buf.
10
11[ Changed to correctly recalculate int_limit, and to optimize how we
12 reallocate outdir->buf. -TYT ]
13
14Addresses-Debian-Bug: 948517
15Signed-off-by: Wang Shilong <wshilong@ddn.com>
16Signed-off-by: Theodore Ts'o <tytso@mit.edu>
17(cherry picked from commit 101e73e99ccafa0403fcb27dd7413033b587ca01)
18
19Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
20Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=101e73e99ccafa0403fcb27dd7413033b587ca01]
21---
22 e2fsck/rehash.c | 17 ++++++++++++++++-
23 1 file changed, 16 insertions(+), 1 deletion(-)
24
25diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
26index 0a5888a9..2574e151 100644
27--- a/e2fsck/rehash.c
28+++ b/e2fsck/rehash.c
29@@ -295,7 +295,11 @@ static errcode_t get_next_block(ext2_filsys fs, struct out_dir *outdir,
30 errcode_t retval;
31
32 if (outdir->num >= outdir->max) {
33- retval = alloc_size_dir(fs, outdir, outdir->max + 50);
34+ int increment = outdir->max / 10;
35+
36+ if (increment < 50)
37+ increment = 50;
38+ retval = alloc_size_dir(fs, outdir, outdir->max + increment);
39 if (retval)
40 return retval;
41 }
42@@ -637,6 +641,9 @@ static int alloc_blocks(ext2_filsys fs,
43 if (retval)
44 return retval;
45
46+ /* outdir->buf might be reallocated */
47+ *prev_ent = (struct ext2_dx_entry *) (outdir->buf + *prev_offset);
48+
49 *next_ent = set_int_node(fs, block_start);
50 *limit = (struct ext2_dx_countlimit *)(*next_ent);
51 if (next_offset)
52@@ -726,6 +733,9 @@ static errcode_t calculate_tree(ext2_filsys fs,
53 return retval;
54 }
55 if (c3 == 0) {
56+ int delta1 = (char *)int_limit - outdir->buf;
57+ int delta2 = (char *)root - outdir->buf;
58+
59 retval = alloc_blocks(fs, &limit, &int_ent,
60 &dx_ent, &int_offset,
61 NULL, outdir, i, &c2,
62@@ -733,6 +743,11 @@ static errcode_t calculate_tree(ext2_filsys fs,
63 if (retval)
64 return retval;
65
66+ /* outdir->buf might be reallocated */
67+ int_limit = (struct ext2_dx_countlimit *)
68+ (outdir->buf + delta1);
69+ root = (struct ext2_dx_entry *)
70+ (outdir->buf + delta2);
71 }
72 dx_ent->block = ext2fs_cpu_to_le32(i);
73 if (c3 != limit->limit)
74--
752.24.1
76
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
index 14c05a446c..f81defb837 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
@@ -6,6 +6,9 @@ SRC_URI += "file://remove.ldconfig.call.patch \
6 file://mkdir_p.patch \ 6 file://mkdir_p.patch \
7 file://0001-misc-create_inode.c-set-dir-s-mode-correctly.patch \ 7 file://0001-misc-create_inode.c-set-dir-s-mode-correctly.patch \
8 file://CVE-2019-5094.patch \ 8 file://CVE-2019-5094.patch \
9 file://CVE-2019-5188.patch \
10 file://0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch \
11 file://e2fsck-fix-use-after-free-in-calculate_tree.patch \
9 " 12 "
10 13
11SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \ 14SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \
diff --git a/meta/recipes-devtools/file/file_5.37.bb b/meta/recipes-devtools/file/file_5.37.bb
index 60fc66131e..eb0f40b54d 100644
--- a/meta/recipes-devtools/file/file_5.37.bb
+++ b/meta/recipes-devtools/file/file_5.37.bb
@@ -9,7 +9,7 @@ LICENSE = "BSD"
9LIC_FILES_CHKSUM = "file://COPYING;beginline=2;md5=0251eaec1188b20d9a72c502ecfdda1b" 9LIC_FILES_CHKSUM = "file://COPYING;beginline=2;md5=0251eaec1188b20d9a72c502ecfdda1b"
10 10
11DEPENDS = "zlib file-replacement-native" 11DEPENDS = "zlib file-replacement-native"
12DEPENDS_class-native = "zlib-native" 12DEPENDS_class-native = "zlib-native bzip2-replacement-native"
13 13
14# Blacklist a bogus tag in upstream check 14# Blacklist a bogus tag in upstream check
15UPSTREAM_CHECK_GITTAGREGEX = "FILE(?P<pver>(?!6_23).+)" 15UPSTREAM_CHECK_GITTAGREGEX = "FILE(?P<pver>(?!6_23).+)"
diff --git a/meta/recipes-devtools/gcc/gcc-cross-canadian.inc b/meta/recipes-devtools/gcc/gcc-cross-canadian.inc
index f14cbf7152..4aac345bec 100644
--- a/meta/recipes-devtools/gcc/gcc-cross-canadian.inc
+++ b/meta/recipes-devtools/gcc/gcc-cross-canadian.inc
@@ -158,7 +158,7 @@ SYSTEMLIBS1 = "${target_libdir}/"
158EXTRA_OECONF += "--enable-poison-system-directories" 158EXTRA_OECONF += "--enable-poison-system-directories"
159EXTRA_OECONF_remove_elf = "--with-sysroot=/not/exist" 159EXTRA_OECONF_remove_elf = "--with-sysroot=/not/exist"
160EXTRA_OECONF_remove_eabi = "--with-sysroot=/not/exist" 160EXTRA_OECONF_remove_eabi = "--with-sysroot=/not/exist"
161EXTRA_OECONF_append_elf = "--without-headers --with-newlib" 161EXTRA_OECONF_append_elf = " --without-headers --with-newlib"
162EXTRA_OECONF_append_eabi = "--without-headers --with-newlib" 162EXTRA_OECONF_append_eabi = " --without-headers --with-newlib"
163# gcc 4.7 needs -isystem 163# gcc 4.7 needs -isystem
164export ARCH_FLAGS_FOR_TARGET = "--sysroot=${STAGING_DIR_TARGET} -isystem=${target_includedir}" 164export ARCH_FLAGS_FOR_TARGET = "--sysroot=${STAGING_DIR_TARGET} -isystem=${target_includedir}"
diff --git a/meta/recipes-devtools/gcc/gcc-cross.inc b/meta/recipes-devtools/gcc/gcc-cross.inc
index 8855bb1f34..06ba3ccd15 100644
--- a/meta/recipes-devtools/gcc/gcc-cross.inc
+++ b/meta/recipes-devtools/gcc/gcc-cross.inc
@@ -61,6 +61,13 @@ do_compile () {
61 export CXXFLAGS_FOR_TARGET="${TARGET_CXXFLAGS}" 61 export CXXFLAGS_FOR_TARGET="${TARGET_CXXFLAGS}"
62 export LDFLAGS_FOR_TARGET="${TARGET_LDFLAGS}" 62 export LDFLAGS_FOR_TARGET="${TARGET_LDFLAGS}"
63 63
64 # Prevent native/host sysroot path from being used in configargs.h header,
65 # as it will be rewritten when used by other sysroots preventing support
66 # for gcc plugins
67 oe_runmake configure-gcc
68 sed -i 's@${STAGING_DIR_TARGET}@/host@g' ${B}/gcc/configargs.h
69 sed -i 's@${STAGING_DIR_HOST}@/host@g' ${B}/gcc/configargs.h
70
64 oe_runmake all-host configure-target-libgcc 71 oe_runmake all-host configure-target-libgcc
65 (cd ${B}/${TARGET_SYS}/libgcc; oe_runmake enable-execute-stack.c unwind.h md-unwind-support.h sfp-machine.h gthr-default.h) 72 (cd ${B}/${TARGET_SYS}/libgcc; oe_runmake enable-execute-stack.c unwind.h md-unwind-support.h sfp-machine.h gthr-default.h)
66 # now generate script to drive testing 73 # now generate script to drive testing
diff --git a/meta/recipes-devtools/gcc/gcc-runtime.inc b/meta/recipes-devtools/gcc/gcc-runtime.inc
index 2da3c02ef0..536b18d97f 100644
--- a/meta/recipes-devtools/gcc/gcc-runtime.inc
+++ b/meta/recipes-devtools/gcc/gcc-runtime.inc
@@ -302,10 +302,6 @@ do_check() {
302 302
303 # HACK: this works around the configure setting CXX with -nostd* args 303 # HACK: this works around the configure setting CXX with -nostd* args
304 sed -i 's/-nostdinc++ -nostdlib++//g' $(find ${B} -name testsuite_flags | head -1) 304 sed -i 's/-nostdinc++ -nostdlib++//g' $(find ${B} -name testsuite_flags | head -1)
305 # HACK: this works around the de-stashing changes to configargs.h, as well as recipe-sysroot changing the content
306 sed -i '/static const char configuration_arguments/d' ${B}/gcc/configargs.h
307 ${CC} -v 2>&1 | grep "^Configured with:" | \
308 sed 's/Configured with: \(.*\)/static const char configuration_arguments[] = "\1";/g' >> ${B}/gcc/configargs.h
309 305
310 if [ "${TOOLCHAIN_TEST_TARGET}" = "user" ]; then 306 if [ "${TOOLCHAIN_TEST_TARGET}" = "user" ]; then
311 # qemu user has issues allocating large amounts of memory 307 # qemu user has issues allocating large amounts of memory
diff --git a/meta/recipes-devtools/gcc/gcc-target.inc b/meta/recipes-devtools/gcc/gcc-target.inc
index bdc6ff658f..987e88d32c 100644
--- a/meta/recipes-devtools/gcc/gcc-target.inc
+++ b/meta/recipes-devtools/gcc/gcc-target.inc
@@ -137,6 +137,14 @@ FILES_${PN}-doc = "\
137" 137"
138 138
139do_compile () { 139do_compile () {
140 # Prevent full target sysroot path from being used in configargs.h header,
141 # as it will be rewritten when used by other sysroots preventing support
142 # for gcc plugins. Additionally the path is embeddeded into the output
143 # binary, this prevents building a reproducible binary.
144 oe_runmake configure-gcc
145 sed -i 's@${STAGING_DIR_TARGET}@/@g' ${B}/gcc/configargs.h
146 sed -i 's@${STAGING_DIR_HOST}@/@g' ${B}/gcc/configargs.h
147
140 oe_runmake all-host 148 oe_runmake all-host
141} 149}
142 150
diff --git a/meta/recipes-devtools/git/git.inc b/meta/recipes-devtools/git/git.inc
index 6e137432f0..a0ce1626a1 100644
--- a/meta/recipes-devtools/git/git.inc
+++ b/meta/recipes-devtools/git/git.inc
@@ -7,7 +7,21 @@ DEPENDS = "openssl curl zlib expat"
7PROVIDES_append_class-native = " git-replacement-native" 7PROVIDES_append_class-native = " git-replacement-native"
8 8
9SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ 9SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
10 ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages" 10 ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages \
11 file://CVE-2020-5260.patch \
12 file://0001-t-lib-credential-use-test_i18ncmp-to-check-stderr.patch \
13 file://0002-credential-detect-unrepresentable-values-when-parsin.patch \
14 file://0003-fsck-detect-gitmodules-URLs-with-embedded-newlines.patch \
15 file://CVE-2020-11008-1.patch \
16 file://CVE-2020-11008-2.patch \
17 file://CVE-2020-11008-3.patch \
18 file://CVE-2020-11008-4.patch \
19 file://CVE-2020-11008-5.patch \
20 file://CVE-2020-11008-6.patch \
21 file://CVE-2020-11008-7.patch \
22 file://CVE-2020-11008-8.patch \
23 file://CVE-2020-11008-9.patch \
24 "
11 25
12S = "${WORKDIR}/git-${PV}" 26S = "${WORKDIR}/git-${PV}"
13 27
diff --git a/meta/recipes-devtools/git/git/0001-t-lib-credential-use-test_i18ncmp-to-check-stderr.patch b/meta/recipes-devtools/git/git/0001-t-lib-credential-use-test_i18ncmp-to-check-stderr.patch
new file mode 100644
index 0000000000..6eb3c16aef
--- /dev/null
+++ b/meta/recipes-devtools/git/git/0001-t-lib-credential-use-test_i18ncmp-to-check-stderr.patch
@@ -0,0 +1,35 @@
1From 70ef9c6ce884b2d466d3d36563f1d2aa31b56443 Mon Sep 17 00:00:00 2001
2From: Jeff King <peff@peff.net>
3Date: Wed, 11 Mar 2020 18:11:37 -0400
4Subject: [PATCH 01/12] t/lib-credential: use test_i18ncmp to check stderr
5
6The credential tests have a "check" function which feeds some input to
7git-credential and checks the stdout and stderr. We look for exact
8matches in the output. For stdout, this makes sense; the output is
9the credential protocol. But for stderr, we may be showing various
10diagnostic messages, or the prompts fed to the askpass program, which
11could be translated. Let's mark them as such.
12
13Upstream-Status: Backport
14
15Signed-off-by: Li Zhou <li.zhou@windriver.com>
16---
17 t/lib-credential.sh | 2 +-
18 1 file changed, 1 insertion(+), 1 deletion(-)
19
20diff --git a/t/lib-credential.sh b/t/lib-credential.sh
21index 937b831..bb88cc0 100755
22--- a/t/lib-credential.sh
23+++ b/t/lib-credential.sh
24@@ -19,7 +19,7 @@ check() {
25 false
26 fi &&
27 test_cmp expect-stdout stdout &&
28- test_cmp expect-stderr stderr
29+ test_i18ncmp expect-stderr stderr
30 }
31
32 read_chunk() {
33--
341.9.1
35
diff --git a/meta/recipes-devtools/git/git/0002-credential-detect-unrepresentable-values-when-parsin.patch b/meta/recipes-devtools/git/git/0002-credential-detect-unrepresentable-values-when-parsin.patch
new file mode 100644
index 0000000000..a9b7348ef7
--- /dev/null
+++ b/meta/recipes-devtools/git/git/0002-credential-detect-unrepresentable-values-when-parsin.patch
@@ -0,0 +1,156 @@
1From 43803880b954a020dbffa5250a5b7fd893442c7c Mon Sep 17 00:00:00 2001
2From: Jeff King <peff@peff.net>
3Date: Thu, 12 Mar 2020 01:31:11 -0400
4Subject: [PATCH 02/12] credential: detect unrepresentable values when parsing
5 urls
6
7The credential protocol can't represent newlines in values, but URLs can
8embed percent-encoded newlines in various components. A previous commit
9taught the low-level writing routines to die() when encountering this,
10but we can be a little friendlier to the user by detecting them earlier
11and handling them gracefully.
12
13This patch teaches credential_from_url() to notice such components,
14issue a warning, and blank the credential (which will generally result
15in prompting the user for a username and password). We blank the whole
16credential in this case. Another option would be to blank only the
17invalid component. However, we're probably better off not feeding a
18partially-parsed URL result to a credential helper. We don't know how a
19given helper would handle it, so we're better off to err on the side of
20matching nothing rather than something unexpected.
21
22The die() call in credential_write() is _probably_ impossible to reach
23after this patch. Values should end up in credential structs only by URL
24parsing (which is covered here), or by reading credential protocol input
25(which by definition cannot read a newline into a value). But we should
26definitely keep the low-level check, as it's our final and most accurate
27line of defense against protocol injection attacks. Arguably it could
28become a BUG(), but it probably doesn't matter much either way.
29
30Note that the public interface of credential_from_url() grows a little
31more than we need here. We'll use the extra flexibility in a future
32patch to help fsck catch these cases.
33
34Upstream-Status: Backport
35
36Signed-off-by: Li Zhou <li.zhou@windriver.com>
37---
38 credential.c | 36 ++++++++++++++++++++++++++++++++++--
39 credential.h | 16 ++++++++++++++++
40 t/t0300-credentials.sh | 12 ++++++++++--
41 3 files changed, 60 insertions(+), 4 deletions(-)
42
43diff --git a/credential.c b/credential.c
44index a79aff0..2482382 100644
45--- a/credential.c
46+++ b/credential.c
47@@ -324,7 +324,22 @@ void credential_reject(struct credential *c)
48 c->approved = 0;
49 }
50
51-void credential_from_url(struct credential *c, const char *url)
52+static int check_url_component(const char *url, int quiet,
53+ const char *name, const char *value)
54+{
55+ if (!value)
56+ return 0;
57+ if (!strchr(value, '\n'))
58+ return 0;
59+
60+ if (!quiet)
61+ warning(_("url contains a newline in its %s component: %s"),
62+ name, url);
63+ return -1;
64+}
65+
66+int credential_from_url_gently(struct credential *c, const char *url,
67+ int quiet)
68 {
69 const char *at, *colon, *cp, *slash, *host, *proto_end;
70
71@@ -338,7 +353,7 @@ void credential_from_url(struct credential *c, const char *url)
72 */
73 proto_end = strstr(url, "://");
74 if (!proto_end)
75- return;
76+ return 0;
77 cp = proto_end + 3;
78 at = strchr(cp, '@');
79 colon = strchr(cp, ':');
80@@ -373,4 +388,21 @@ void credential_from_url(struct credential *c, const char *url)
81 while (p > c->path && *p == '/')
82 *p-- = '\0';
83 }
84+
85+ if (check_url_component(url, quiet, "username", c->username) < 0 ||
86+ check_url_component(url, quiet, "password", c->password) < 0 ||
87+ check_url_component(url, quiet, "protocol", c->protocol) < 0 ||
88+ check_url_component(url, quiet, "host", c->host) < 0 ||
89+ check_url_component(url, quiet, "path", c->path) < 0)
90+ return -1;
91+
92+ return 0;
93+}
94+
95+void credential_from_url(struct credential *c, const char *url)
96+{
97+ if (credential_from_url_gently(c, url, 0) < 0) {
98+ warning(_("skipping credential lookup for url: %s"), url);
99+ credential_clear(c);
100+ }
101 }
102diff --git a/credential.h b/credential.h
103index 6b0cd16..122a23c 100644
104--- a/credential.h
105+++ b/credential.h
106@@ -28,7 +28,23 @@ struct credential {
107
108 int credential_read(struct credential *, FILE *);
109 void credential_write(const struct credential *, FILE *);
110+
111+/*
112+ * Parse a url into a credential struct, replacing any existing contents.
113+ *
114+ * Ifthe url can't be parsed (e.g., a missing "proto://" component), the
115+ * resulting credential will be empty but we'll still return success from the
116+ * "gently" form.
117+ *
118+ * If we encounter a component which cannot be represented as a credential
119+ * value (e.g., because it contains a newline), the "gently" form will return
120+ * an error but leave the broken state in the credential object for further
121+ * examination. The non-gentle form will issue a warning to stderr and return
122+ * an empty credential.
123+ */
124 void credential_from_url(struct credential *, const char *url);
125+int credential_from_url_gently(struct credential *, const char *url, int quiet);
126+
127 int credential_match(const struct credential *have,
128 const struct credential *want);
129
130diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh
131index 26f3c3a..b9c0f1f 100755
132--- a/t/t0300-credentials.sh
133+++ b/t/t0300-credentials.sh
134@@ -308,9 +308,17 @@ test_expect_success 'empty helper spec resets helper list' '
135 EOF
136 '
137
138-test_expect_success 'url parser rejects embedded newlines' '
139- test_must_fail git credential fill <<-\EOF
140+test_expect_success 'url parser ignores embedded newlines' '
141+ check fill <<-EOF
142 url=https://one.example.com?%0ahost=two.example.com/
143+ --
144+ username=askpass-username
145+ password=askpass-password
146+ --
147+ warning: url contains a newline in its host component: https://one.example.com?%0ahost=two.example.com/
148+ warning: skipping credential lookup for url: https://one.example.com?%0ahost=two.example.com/
149+ askpass: Username:
150+ askpass: Password:
151 EOF
152 '
153
154--
1551.9.1
156
diff --git a/meta/recipes-devtools/git/git/0003-fsck-detect-gitmodules-URLs-with-embedded-newlines.patch b/meta/recipes-devtools/git/git/0003-fsck-detect-gitmodules-URLs-with-embedded-newlines.patch
new file mode 100644
index 0000000000..23931e6313
--- /dev/null
+++ b/meta/recipes-devtools/git/git/0003-fsck-detect-gitmodules-URLs-with-embedded-newlines.patch
@@ -0,0 +1,103 @@
1From 1c9f8cedd34302575db40016231bdf502f17901e Mon Sep 17 00:00:00 2001
2From: Li Zhou <li.zhou@windriver.com>
3Date: Mon, 27 Apr 2020 13:49:39 +0800
4Subject: [PATCH 03/12] fsck: detect gitmodules URLs with embedded newlines
5
6The credential protocol can't handle values with newlines. We already
7detect and block any such URLs from being used with credential helpers,
8but let's also add an fsck check to detect and block gitmodules files
9with such URLs. That will let us notice the problem earlier when
10transfer.fsckObjects is turned on. And in particular it will prevent bad
11objects from spreading, which may protect downstream users running older
12versions of Git.
13
14We'll file this under the existing gitmodulesUrl flag, which covers URLs
15with option injection. There's really no need to distinguish the exact
16flaw in the URL in this context. Likewise, I've expanded the description
17of t7416 to cover all types of bogus URLs.
18
19Upstream-Status: Backport
20
21Signed-off-by: Li Zhou <li.zhou@windriver.com>
22---
23 fsck.c | 16 +++++++++++++++-
24 t/t7416-submodule-dash-url.sh | 18 +++++++++++++++++-
25 2 files changed, 32 insertions(+), 2 deletions(-)
26
27diff --git a/fsck.c b/fsck.c
28index ef8b343..ea46eea 100644
29--- a/fsck.c
30+++ b/fsck.c
31@@ -15,6 +15,7 @@
32 #include "packfile.h"
33 #include "submodule-config.h"
34 #include "config.h"
35+#include "credential.h"
36 #include "help.h"
37
38 static struct oidset gitmodules_found = OIDSET_INIT;
39@@ -947,6 +948,19 @@ static int fsck_tag(struct tag *tag, const char *data,
40 return fsck_tag_buffer(tag, data, size, options);
41 }
42
43+static int check_submodule_url(const char *url)
44+{
45+ struct credential c = CREDENTIAL_INIT;
46+ int ret;
47+
48+ if (looks_like_command_line_option(url))
49+ return -1;
50+
51+ ret = credential_from_url_gently(&c, url, 1);
52+ credential_clear(&c);
53+ return ret;
54+}
55+
56 struct fsck_gitmodules_data {
57 struct object *obj;
58 struct fsck_options *options;
59@@ -971,7 +985,7 @@ static int fsck_gitmodules_fn(const char *var, const char *value, void *vdata)
60 "disallowed submodule name: %s",
61 name);
62 if (!strcmp(key, "url") && value &&
63- looks_like_command_line_option(value))
64+ check_submodule_url(value) < 0)
65 data->ret |= report(data->options, data->obj,
66 FSCK_MSG_GITMODULES_URL,
67 "disallowed submodule url: %s",
68diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh
69index 5ba041f..41431b1 100755
70--- a/t/t7416-submodule-dash-url.sh
71+++ b/t/t7416-submodule-dash-url.sh
72@@ -1,6 +1,6 @@
73 #!/bin/sh
74
75-test_description='check handling of .gitmodule url with dash'
76+test_description='check handling of disallowed .gitmodule urls'
77 . ./test-lib.sh
78
79 test_expect_success 'create submodule with protected dash in url' '
80@@ -60,4 +60,20 @@ test_expect_success 'trailing backslash is handled correctly' '
81 test_i18ngrep ! "unknown option" err
82 '
83
84+test_expect_success 'fsck rejects embedded newline in url' '
85+ # create an orphan branch to avoid existing .gitmodules objects
86+ git checkout --orphan newline &&
87+ cat >.gitmodules <<-\EOF &&
88+ [submodule "foo"]
89+ url = "https://one.example.com?%0ahost=two.example.com/foo.git"
90+ EOF
91+ git add .gitmodules &&
92+ git commit -m "gitmodules with newline" &&
93+ test_when_finished "rm -rf dst" &&
94+ git init --bare dst &&
95+ git -C dst config transfer.fsckObjects true &&
96+ test_must_fail git push dst HEAD 2>err &&
97+ grep gitmodulesUrl err
98+'
99+
100 test_done
101--
1021.9.1
103
diff --git a/meta/recipes-devtools/git/git/CVE-2020-11008-1.patch b/meta/recipes-devtools/git/git/CVE-2020-11008-1.patch
new file mode 100644
index 0000000000..9cf98ea7b4
--- /dev/null
+++ b/meta/recipes-devtools/git/git/CVE-2020-11008-1.patch
@@ -0,0 +1,70 @@
1From 863f8067d8b4012904ca3bb881c659ac9894df97 Mon Sep 17 00:00:00 2001
2From: Li Zhou <li.zhou@windriver.com>
3Date: Mon, 27 Apr 2020 14:36:03 +0800
4Subject: [PATCH 04/12] t0300: make "quit" helper more realistic
5
6We test a toy credential helper that writes "quit=1" and confirms that
7we stop running other helpers. However, that helper is unrealistic in
8that it does not bother to read its stdin at all.
9
10For now we don't send any input to it, because we feed git-credential a
11blank credential. But that will change in the next patch, which will
12cause this test to racily fail, as git-credential will get SIGPIPE
13writing to the helper rather than exiting because it was asked to.
14
15Let's make this one-off helper more like our other sample helpers, and
16have it source the "dump" script. That will read stdin, fixing the
17SIGPIPE problem. But it will also write what it sees to stderr. We can
18make the test more robust by checking that output, which confirms that
19we do run the quit helper, don't run any other helpers, and exit for the
20reason we expected.
21
22Signed-off-by: Jeff King <peff@peff.net>
23Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
24
25Upstream-Status: Backport
26CVE: CVE-2020-11008 (1)
27Signed-off-by: Li Zhou <li.zhou@windriver.com>
28---
29 t/t0300-credentials.sh | 17 ++++++++++++++---
30 1 file changed, 14 insertions(+), 3 deletions(-)
31
32diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh
33index b9c0f1f..0206b3b 100755
34--- a/t/t0300-credentials.sh
35+++ b/t/t0300-credentials.sh
36@@ -22,6 +22,11 @@ test_expect_success 'setup helper scripts' '
37 exit 0
38 EOF
39
40+ write_script git-credential-quit <<-\EOF &&
41+ . ./dump
42+ echo quit=1
43+ EOF
44+
45 write_script git-credential-verbatim <<-\EOF &&
46 user=$1; shift
47 pass=$1; shift
48@@ -291,10 +296,16 @@ test_expect_success 'http paths can be part of context' '
49
50 test_expect_success 'helpers can abort the process' '
51 test_must_fail git \
52- -c credential.helper="!f() { echo quit=1; }; f" \
53+ -c credential.helper=quit \
54 -c credential.helper="verbatim foo bar" \
55- credential fill >stdout &&
56- test_must_be_empty stdout
57+ credential fill >stdout 2>stderr &&
58+ >expect &&
59+ test_cmp expect stdout &&
60+ cat >expect <<-\EOF &&
61+ quit: get
62+ fatal: credential helper '\''quit'\'' told us to quit
63+ EOF
64+ test_i18ncmp expect stderr
65 '
66
67 test_expect_success 'empty helper spec resets helper list' '
68--
691.9.1
70
diff --git a/meta/recipes-devtools/git/git/CVE-2020-11008-2.patch b/meta/recipes-devtools/git/git/CVE-2020-11008-2.patch
new file mode 100644
index 0000000000..c752e3d431
--- /dev/null
+++ b/meta/recipes-devtools/git/git/CVE-2020-11008-2.patch
@@ -0,0 +1,292 @@
1From 5588659069214aa0f7fea75a69687078e2f7a817 Mon Sep 17 00:00:00 2001
2From: Jeff King <peff@peff.net>
3Date: Sat, 18 Apr 2020 20:47:30 -0700
4Subject: [PATCH 05/12] t0300: use more realistic inputs
5
6Many of the tests in t0300 give partial inputs to git-credential,
7omitting a protocol or hostname. We're checking only high-level things
8like whether and how helpers are invoked at all, and we don't care about
9specific hosts. However, in preparation for tightening up the rules
10about when we're willing to run a helper, let's start using input that's
11a bit more realistic: pretend as if http://example.com is being
12examined.
13
14This shouldn't change the point of any of the tests, but do note we have
15to adjust the expected output to accommodate this (filling a credential
16will repeat back the protocol/host fields to stdout, and the helper
17debug messages and askpass prompt will change on stderr).
18
19Signed-off-by: Jeff King <peff@peff.net>
20Reviewed-by: Taylor Blau <me@ttaylorr.com>
21Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
22
23Upstream-Status: Backport
24CVE: CVE-2020-11008 (2)
25Signed-off-by: Li Zhou <li.zhou@windriver.com>
26---
27 t/t0300-credentials.sh | 89 +++++++++++++++++++++++++++++++++++++++++++++++---
28 1 file changed, 85 insertions(+), 4 deletions(-)
29
30diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh
31index 0206b3b..f4c5d7f 100755
32--- a/t/t0300-credentials.sh
33+++ b/t/t0300-credentials.sh
34@@ -40,43 +40,71 @@ test_expect_success 'setup helper scripts' '
35
36 test_expect_success 'credential_fill invokes helper' '
37 check fill "verbatim foo bar" <<-\EOF
38+ protocol=http
39+ host=example.com
40 --
41+ protocol=http
42+ host=example.com
43 username=foo
44 password=bar
45 --
46 verbatim: get
47+ verbatim: protocol=http
48+ verbatim: host=example.com
49 EOF
50 '
51
52 test_expect_success 'credential_fill invokes multiple helpers' '
53 check fill useless "verbatim foo bar" <<-\EOF
54+ protocol=http
55+ host=example.com
56 --
57+ protocol=http
58+ host=example.com
59 username=foo
60 password=bar
61 --
62 useless: get
63+ useless: protocol=http
64+ useless: host=example.com
65 verbatim: get
66+ verbatim: protocol=http
67+ verbatim: host=example.com
68 EOF
69 '
70
71 test_expect_success 'credential_fill stops when we get a full response' '
72 check fill "verbatim one two" "verbatim three four" <<-\EOF
73+ protocol=http
74+ host=example.com
75 --
76+ protocol=http
77+ host=example.com
78 username=one
79 password=two
80 --
81 verbatim: get
82+ verbatim: protocol=http
83+ verbatim: host=example.com
84 EOF
85 '
86
87 test_expect_success 'credential_fill continues through partial response' '
88 check fill "verbatim one \"\"" "verbatim two three" <<-\EOF
89+ protocol=http
90+ host=example.com
91 --
92+ protocol=http
93+ host=example.com
94 username=two
95 password=three
96 --
97 verbatim: get
98+ verbatim: protocol=http
99+ verbatim: host=example.com
100 verbatim: get
101+ verbatim: protocol=http
102+ verbatim: host=example.com
103 verbatim: username=one
104 EOF
105 '
106@@ -102,14 +130,20 @@ test_expect_success 'credential_fill passes along metadata' '
107
108 test_expect_success 'credential_approve calls all helpers' '
109 check approve useless "verbatim one two" <<-\EOF
110+ protocol=http
111+ host=example.com
112 username=foo
113 password=bar
114 --
115 --
116 useless: store
117+ useless: protocol=http
118+ useless: host=example.com
119 useless: username=foo
120 useless: password=bar
121 verbatim: store
122+ verbatim: protocol=http
123+ verbatim: host=example.com
124 verbatim: username=foo
125 verbatim: password=bar
126 EOF
127@@ -117,6 +151,8 @@ test_expect_success 'credential_approve calls all helpers' '
128
129 test_expect_success 'do not bother storing password-less credential' '
130 check approve useless <<-\EOF
131+ protocol=http
132+ host=example.com
133 username=foo
134 --
135 --
136@@ -126,14 +162,20 @@ test_expect_success 'do not bother storing password-less credential' '
137
138 test_expect_success 'credential_reject calls all helpers' '
139 check reject useless "verbatim one two" <<-\EOF
140+ protocol=http
141+ host=example.com
142 username=foo
143 password=bar
144 --
145 --
146 useless: erase
147+ useless: protocol=http
148+ useless: host=example.com
149 useless: username=foo
150 useless: password=bar
151 verbatim: erase
152+ verbatim: protocol=http
153+ verbatim: host=example.com
154 verbatim: username=foo
155 verbatim: password=bar
156 EOF
157@@ -141,33 +183,49 @@ test_expect_success 'credential_reject calls all helpers' '
158
159 test_expect_success 'usernames can be preserved' '
160 check fill "verbatim \"\" three" <<-\EOF
161+ protocol=http
162+ host=example.com
163 username=one
164 --
165+ protocol=http
166+ host=example.com
167 username=one
168 password=three
169 --
170 verbatim: get
171+ verbatim: protocol=http
172+ verbatim: host=example.com
173 verbatim: username=one
174 EOF
175 '
176
177 test_expect_success 'usernames can be overridden' '
178 check fill "verbatim two three" <<-\EOF
179+ protocol=http
180+ host=example.com
181 username=one
182 --
183+ protocol=http
184+ host=example.com
185 username=two
186 password=three
187 --
188 verbatim: get
189+ verbatim: protocol=http
190+ verbatim: host=example.com
191 verbatim: username=one
192 EOF
193 '
194
195 test_expect_success 'do not bother completing already-full credential' '
196 check fill "verbatim three four" <<-\EOF
197+ protocol=http
198+ host=example.com
199 username=one
200 password=two
201 --
202+ protocol=http
203+ host=example.com
204 username=one
205 password=two
206 --
207@@ -179,23 +237,31 @@ test_expect_success 'do not bother completing already-full credential' '
208 # askpass helper is run, we know the internal getpass is working.
209 test_expect_success 'empty helper list falls back to internal getpass' '
210 check fill <<-\EOF
211+ protocol=http
212+ host=example.com
213 --
214+ protocol=http
215+ host=example.com
216 username=askpass-username
217 password=askpass-password
218 --
219- askpass: Username:
220- askpass: Password:
221+ askpass: Username for '\''http://example.com'\'':
222+ askpass: Password for '\''http://askpass-username@example.com'\'':
223 EOF
224 '
225
226 test_expect_success 'internal getpass does not ask for known username' '
227 check fill <<-\EOF
228+ protocol=http
229+ host=example.com
230 username=foo
231 --
232+ protocol=http
233+ host=example.com
234 username=foo
235 password=askpass-password
236 --
237- askpass: Password:
238+ askpass: Password for '\''http://foo@example.com'\'':
239 EOF
240 '
241
242@@ -207,7 +273,11 @@ HELPER="!f() {
243 test_expect_success 'respect configured credentials' '
244 test_config credential.helper "$HELPER" &&
245 check fill <<-\EOF
246+ protocol=http
247+ host=example.com
248 --
249+ protocol=http
250+ host=example.com
251 username=foo
252 password=bar
253 --
254@@ -298,11 +368,16 @@ test_expect_success 'helpers can abort the process' '
255 test_must_fail git \
256 -c credential.helper=quit \
257 -c credential.helper="verbatim foo bar" \
258- credential fill >stdout 2>stderr &&
259+ credential fill >stdout 2>stderr <<-\EOF &&
260+ protocol=http
261+ host=example.com
262+ EOF
263 >expect &&
264 test_cmp expect stdout &&
265 cat >expect <<-\EOF &&
266 quit: get
267+ quit: protocol=http
268+ quit: host=example.com
269 fatal: credential helper '\''quit'\'' told us to quit
270 EOF
271 test_i18ncmp expect stderr
272@@ -311,11 +386,17 @@ test_expect_success 'helpers can abort the process' '
273 test_expect_success 'empty helper spec resets helper list' '
274 test_config credential.helper "verbatim file file" &&
275 check fill "" "verbatim cmdline cmdline" <<-\EOF
276+ protocol=http
277+ host=example.com
278 --
279+ protocol=http
280+ host=example.com
281 username=cmdline
282 password=cmdline
283 --
284 verbatim: get
285+ verbatim: protocol=http
286+ verbatim: host=example.com
287 EOF
288 '
289
290--
2911.9.1
292
diff --git a/meta/recipes-devtools/git/git/CVE-2020-11008-3.patch b/meta/recipes-devtools/git/git/CVE-2020-11008-3.patch
new file mode 100644
index 0000000000..c17e883d6c
--- /dev/null
+++ b/meta/recipes-devtools/git/git/CVE-2020-11008-3.patch
@@ -0,0 +1,97 @@
1From 22f28251ae575dd7a60f7a46853469025d004ca7 Mon Sep 17 00:00:00 2001
2From: Jeff King <peff@peff.net>
3Date: Sat, 18 Apr 2020 20:48:05 -0700
4Subject: [PATCH 06/12] credential: parse URL without host as empty host, not
5 unset
6
7We may feed a URL like "cert:///path/to/cert.pem" into the credential
8machinery to get the key for a client-side certificate. That
9credential has no hostname field, which is about to be disallowed (to
10avoid confusion with protocols where a helper _would_ expect a
11hostname).
12
13This means as of the next patch, credential helpers won't work for
14unlocking certs. Let's fix that by doing two things:
15
16 - when we parse a url with an empty host, set the host field to the
17 empty string (asking only to match stored entries with an empty
18 host) rather than NULL (asking to match _any_ host).
19
20 - when we build a cert:// credential by hand, similarly assign an
21 empty string
22
23It's the latter that is more likely to impact real users in practice,
24since it's what's used for http connections. But we don't have good
25infrastructure to test it.
26
27The url-parsing version will help anybody using git-credential in a
28script, and is easy to test.
29
30Signed-off-by: Jeff King <peff@peff.net>
31Reviewed-by: Taylor Blau <me@ttaylorr.com>
32Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
33
34Upstream-Status: Backport
35CVE: CVE-2020-11008 (3)
36Signed-off-by: Li Zhou <li.zhou@windriver.com>
37---
38 credential.c | 3 +--
39 http.c | 1 +
40 t/t0300-credentials.sh | 17 +++++++++++++++++
41 3 files changed, 19 insertions(+), 2 deletions(-)
42
43diff --git a/credential.c b/credential.c
44index 2482382..f2413ce 100644
45--- a/credential.c
46+++ b/credential.c
47@@ -376,8 +376,7 @@ int credential_from_url_gently(struct credential *c, const char *url,
48
49 if (proto_end - url > 0)
50 c->protocol = xmemdupz(url, proto_end - url);
51- if (slash - host > 0)
52- c->host = url_decode_mem(host, slash - host);
53+ c->host = url_decode_mem(host, slash - host);
54 /* Trim leading and trailing slashes from path */
55 while (*slash == '/')
56 slash++;
57diff --git a/http.c b/http.c
58index 27aa0a3..c4dfdac 100644
59--- a/http.c
60+++ b/http.c
61@@ -558,6 +558,7 @@ static int has_cert_password(void)
62 return 0;
63 if (!cert_auth.password) {
64 cert_auth.protocol = xstrdup("cert");
65+ cert_auth.host = xstrdup("");
66 cert_auth.username = xstrdup("");
67 cert_auth.path = xstrdup(ssl_cert);
68 credential_fill(&cert_auth);
69diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh
70index f4c5d7f..1c1010b 100755
71--- a/t/t0300-credentials.sh
72+++ b/t/t0300-credentials.sh
73@@ -414,4 +414,21 @@ test_expect_success 'url parser ignores embedded newlines' '
74 EOF
75 '
76
77+test_expect_success 'host-less URLs are parsed as empty host' '
78+ check fill "verbatim foo bar" <<-\EOF
79+ url=cert:///path/to/cert.pem
80+ --
81+ protocol=cert
82+ host=
83+ path=path/to/cert.pem
84+ username=foo
85+ password=bar
86+ --
87+ verbatim: get
88+ verbatim: protocol=cert
89+ verbatim: host=
90+ verbatim: path=path/to/cert.pem
91+ EOF
92+'
93+
94 test_done
95--
961.9.1
97
diff --git a/meta/recipes-devtools/git/git/CVE-2020-11008-4.patch b/meta/recipes-devtools/git/git/CVE-2020-11008-4.patch
new file mode 100644
index 0000000000..14e23466d4
--- /dev/null
+++ b/meta/recipes-devtools/git/git/CVE-2020-11008-4.patch
@@ -0,0 +1,173 @@
1From f8bf7099379990ad974c1ca8f51e1f28bf18cf2a Mon Sep 17 00:00:00 2001
2From: Jeff King <peff@peff.net>
3Date: Sat, 18 Apr 2020 20:50:48 -0700
4Subject: [PATCH 07/12] credential: refuse to operate when missing host or
5 protocol
6
7The credential helper protocol was designed to be very flexible: the
8fields it takes as input are treated as a pattern, and any missing
9fields are taken as wildcards. This allows unusual things like:
10
11 echo protocol=https | git credential reject
12
13to delete all stored https credentials (assuming the helpers themselves
14treat the input that way). But when helpers are invoked automatically by
15Git, this flexibility works against us. If for whatever reason we don't
16have a "host" field, then we'd match _any_ host. When you're filling a
17credential to send to a remote server, this is almost certainly not what
18you want.
19
20Prevent this at the layer that writes to the credential helper. Add a
21check to the credential API that the host and protocol are always passed
22in, and add an assertion to the credential_write function that speaks
23credential helper protocol to be doubly sure.
24
25There are a few ways this can be triggered in practice:
26
27 - the "git credential" command passes along arbitrary credential
28 parameters it reads from stdin.
29
30 - until the previous patch, when the host field of a URL is empty, we
31 would leave it unset (rather than setting it to the empty string)
32
33 - a URL like "example.com/foo.git" is treated by curl as if "http://"
34 was present, but our parser sees it as a non-URL and leaves all
35 fields unset
36
37 - the recent fix for URLs with embedded newlines blanks the URL but
38 otherwise continues. Rather than having the desired effect of
39 looking up no credential at all, many helpers will return _any_
40 credential
41
42Our earlier test for an embedded newline didn't catch this because it
43only checked that the credential was cleared, but didn't configure an
44actual helper. Configuring the "verbatim" helper in the test would show
45that it is invoked (it's obviously a silly helper which doesn't look at
46its input, but the point is that it shouldn't be run at all). Since
47we're switching this case to die(), we don't need to bother with a
48helper. We can see the new behavior just by checking that the operation
49fails.
50
51We'll add new tests covering partial input as well (these can be
52triggered through various means with url-parsing, but it's simpler to
53just check them directly, as we know we are covered even if the url
54parser changes behavior in the future).
55
56[jn: changed to die() instead of logging and showing a manual
57 username/password prompt]
58
59Reported-by: Carlo Arenas <carenas@gmail.com>
60Signed-off-by: Jeff King <peff@peff.net>
61Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
62
63Upstream-Status: Backport
64CVE: CVE-2020-11008 (4)
65Signed-off-by: Li Zhou <li.zhou@windriver.com>
66---
67 credential.c | 20 ++++++++++++++------
68 t/t0300-credentials.sh | 34 ++++++++++++++++++++++++++--------
69 2 files changed, 40 insertions(+), 14 deletions(-)
70
71diff --git a/credential.c b/credential.c
72index f2413ce..e08ed84 100644
73--- a/credential.c
74+++ b/credential.c
75@@ -89,6 +89,11 @@ static int proto_is_http(const char *s)
76
77 static void credential_apply_config(struct credential *c)
78 {
79+ if (!c->host)
80+ die(_("refusing to work with credential missing host field"));
81+ if (!c->protocol)
82+ die(_("refusing to work with credential missing protocol field"));
83+
84 if (c->configured)
85 return;
86 git_config(credential_config_callback, c);
87@@ -191,8 +196,11 @@ int credential_read(struct credential *c, FILE *fp)
88 return 0;
89 }
90
91-static void credential_write_item(FILE *fp, const char *key, const char *value)
92+static void credential_write_item(FILE *fp, const char *key, const char *value,
93+ int required)
94 {
95+ if (!value && required)
96+ BUG("credential value for %s is missing", key);
97 if (!value)
98 return;
99 if (strchr(value, '\n'))
100@@ -202,11 +210,11 @@ static void credential_write_item(FILE *fp, const char *key, const char *value)
101
102 void credential_write(const struct credential *c, FILE *fp)
103 {
104- credential_write_item(fp, "protocol", c->protocol);
105- credential_write_item(fp, "host", c->host);
106- credential_write_item(fp, "path", c->path);
107- credential_write_item(fp, "username", c->username);
108- credential_write_item(fp, "password", c->password);
109+ credential_write_item(fp, "protocol", c->protocol, 1);
110+ credential_write_item(fp, "host", c->host, 1);
111+ credential_write_item(fp, "path", c->path, 0);
112+ credential_write_item(fp, "username", c->username, 0);
113+ credential_write_item(fp, "password", c->password, 0);
114 }
115
116 static int run_credential_helper(struct credential *c,
117diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh
118index 1c1010b..646f845 100755
119--- a/t/t0300-credentials.sh
120+++ b/t/t0300-credentials.sh
121@@ -400,18 +400,16 @@ test_expect_success 'empty helper spec resets helper list' '
122 EOF
123 '
124
125-test_expect_success 'url parser ignores embedded newlines' '
126- check fill <<-EOF
127+test_expect_success 'url parser rejects embedded newlines' '
128+ test_must_fail git credential fill 2>stderr <<-\EOF &&
129 url=https://one.example.com?%0ahost=two.example.com/
130- --
131- username=askpass-username
132- password=askpass-password
133- --
134+ EOF
135+ cat >expect <<-\EOF &&
136 warning: url contains a newline in its host component: https://one.example.com?%0ahost=two.example.com/
137 warning: skipping credential lookup for url: https://one.example.com?%0ahost=two.example.com/
138- askpass: Username:
139- askpass: Password:
140+ fatal: refusing to work with credential missing host field
141 EOF
142+ test_i18ncmp expect stderr
143 '
144
145 test_expect_success 'host-less URLs are parsed as empty host' '
146@@ -431,4 +429,24 @@ test_expect_success 'host-less URLs are parsed as empty host' '
147 EOF
148 '
149
150+test_expect_success 'credential system refuses to work with missing host' '
151+ test_must_fail git credential fill 2>stderr <<-\EOF &&
152+ protocol=http
153+ EOF
154+ cat >expect <<-\EOF &&
155+ fatal: refusing to work with credential missing host field
156+ EOF
157+ test_i18ncmp expect stderr
158+'
159+
160+test_expect_success 'credential system refuses to work with missing protocol' '
161+ test_must_fail git credential fill 2>stderr <<-\EOF &&
162+ host=example.com
163+ EOF
164+ cat >expect <<-\EOF &&
165+ fatal: refusing to work with credential missing protocol field
166+ EOF
167+ test_i18ncmp expect stderr
168+'
169+
170 test_done
171--
1721.9.1
173
diff --git a/meta/recipes-devtools/git/git/CVE-2020-11008-5.patch b/meta/recipes-devtools/git/git/CVE-2020-11008-5.patch
new file mode 100644
index 0000000000..60f8d59082
--- /dev/null
+++ b/meta/recipes-devtools/git/git/CVE-2020-11008-5.patch
@@ -0,0 +1,211 @@
1From 3431abe8c0f64f4049a31298c0b1056baa7d81dc Mon Sep 17 00:00:00 2001
2From: Li Zhou <li.zhou@windriver.com>
3Date: Mon, 27 Apr 2020 14:45:49 +0800
4Subject: [PATCH 08/12] fsck: convert gitmodules url to URL passed to curl
5
6In 07259e74ec1 (fsck: detect gitmodules URLs with embedded newlines,
72020-03-11), git fsck learned to check whether URLs in .gitmodules could
8be understood by the credential machinery when they are handled by
9git-remote-curl.
10
11However, the check is overbroad: it checks all URLs instead of only
12URLs that would be passed to git-remote-curl. In principle a git:// or
13file:/// URL does not need to follow the same conventions as an http://
14URL; in particular, git:// and file:// protocols are not succeptible to
15issues in the credential API because they do not support attaching
16credentials.
17
18In the HTTP case, the URL in .gitmodules does not always match the URL
19that would be passed to git-remote-curl and the credential machinery:
20Git's URL syntax allows specifying a remote helper followed by a "::"
21delimiter and a URL to be passed to it, so that
22
23 git ls-remote http::https://example.com/repo.git
24
25invokes git-remote-http with https://example.com/repo.git as its URL
26argument. With today's checks, that distinction does not make a
27difference, but for a check we are about to introduce (for empty URL
28schemes) it will matter.
29
30.gitmodules files also support relative URLs. To ensure coverage for the
31https based embedded-newline attack, urldecode and check them directly
32for embedded newlines.
33
34Helped-by: Jeff King <peff@peff.net>
35Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
36Reviewed-by: Jeff King <peff@peff.net>
37
38Upstream-Status: Backport
39CVE: CVE-2020-11008 (5)
40Signed-off-by: Li Zhou <li.zhou@windriver.com>
41---
42 fsck.c | 94 ++++++++++++++++++++++++++++++++++++++++---
43 t/t7416-submodule-dash-url.sh | 29 +++++++++++++
44 2 files changed, 118 insertions(+), 5 deletions(-)
45
46diff --git a/fsck.c b/fsck.c
47index ea46eea..0f21eb1 100644
48--- a/fsck.c
49+++ b/fsck.c
50@@ -9,6 +9,7 @@
51 #include "tag.h"
52 #include "fsck.h"
53 #include "refs.h"
54+#include "url.h"
55 #include "utf8.h"
56 #include "decorate.h"
57 #include "oidset.h"
58@@ -948,17 +949,100 @@ static int fsck_tag(struct tag *tag, const char *data,
59 return fsck_tag_buffer(tag, data, size, options);
60 }
61
62+/*
63+ * Like builtin/submodule--helper.c's starts_with_dot_slash, but without
64+ * relying on the platform-dependent is_dir_sep helper.
65+ *
66+ * This is for use in checking whether a submodule URL is interpreted as
67+ * relative to the current directory on any platform, since \ is a
68+ * directory separator on Windows but not on other platforms.
69+ */
70+static int starts_with_dot_slash(const char *str)
71+{
72+ return str[0] == '.' && (str[1] == '/' || str[1] == '\\');
73+}
74+
75+/*
76+ * Like starts_with_dot_slash, this is a variant of submodule--helper's
77+ * helper of the same name with the twist that it accepts backslash as a
78+ * directory separator even on non-Windows platforms.
79+ */
80+static int starts_with_dot_dot_slash(const char *str)
81+{
82+ return str[0] == '.' && starts_with_dot_slash(str + 1);
83+}
84+
85+static int submodule_url_is_relative(const char *url)
86+{
87+ return starts_with_dot_slash(url) || starts_with_dot_dot_slash(url);
88+}
89+
90+/*
91+ * Check whether a transport is implemented by git-remote-curl.
92+ *
93+ * If it is, returns 1 and writes the URL that would be passed to
94+ * git-remote-curl to the "out" parameter.
95+ *
96+ * Otherwise, returns 0 and leaves "out" untouched.
97+ *
98+ * Examples:
99+ * http::https://example.com/repo.git -> 1, https://example.com/repo.git
100+ * https://example.com/repo.git -> 1, https://example.com/repo.git
101+ * git://example.com/repo.git -> 0
102+ *
103+ * This is for use in checking for previously exploitable bugs that
104+ * required a submodule URL to be passed to git-remote-curl.
105+ */
106+static int url_to_curl_url(const char *url, const char **out)
107+{
108+ /*
109+ * We don't need to check for case-aliases, "http.exe", and so
110+ * on because in the default configuration, is_transport_allowed
111+ * prevents URLs with those schemes from being cloned
112+ * automatically.
113+ */
114+ if (skip_prefix(url, "http::", out) ||
115+ skip_prefix(url, "https::", out) ||
116+ skip_prefix(url, "ftp::", out) ||
117+ skip_prefix(url, "ftps::", out))
118+ return 1;
119+ if (starts_with(url, "http://") ||
120+ starts_with(url, "https://") ||
121+ starts_with(url, "ftp://") ||
122+ starts_with(url, "ftps://")) {
123+ *out = url;
124+ return 1;
125+ }
126+ return 0;
127+}
128+
129 static int check_submodule_url(const char *url)
130 {
131- struct credential c = CREDENTIAL_INIT;
132- int ret;
133+ const char *curl_url;
134
135 if (looks_like_command_line_option(url))
136 return -1;
137
138- ret = credential_from_url_gently(&c, url, 1);
139- credential_clear(&c);
140- return ret;
141+ if (submodule_url_is_relative(url)) {
142+ /*
143+ * This could be appended to an http URL and url-decoded;
144+ * check for malicious characters.
145+ */
146+ char *decoded = url_decode(url);
147+ int has_nl = !!strchr(decoded, '\n');
148+ free(decoded);
149+ if (has_nl)
150+ return -1;
151+ }
152+
153+ else if (url_to_curl_url(url, &curl_url)) {
154+ struct credential c = CREDENTIAL_INIT;
155+ int ret = credential_from_url_gently(&c, curl_url, 1);
156+ credential_clear(&c);
157+ return ret;
158+ }
159+
160+ return 0;
161 }
162
163 struct fsck_gitmodules_data {
164diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh
165index 41431b1..afdd255 100755
166--- a/t/t7416-submodule-dash-url.sh
167+++ b/t/t7416-submodule-dash-url.sh
168@@ -60,6 +60,20 @@ test_expect_success 'trailing backslash is handled correctly' '
169 test_i18ngrep ! "unknown option" err
170 '
171
172+test_expect_success 'fsck permits embedded newline with unrecognized scheme' '
173+ git checkout --orphan newscheme &&
174+ cat >.gitmodules <<-\EOF &&
175+ [submodule "foo"]
176+ url = "data://acjbkd%0akajfdickajkd"
177+ EOF
178+ git add .gitmodules &&
179+ git commit -m "gitmodules with unrecognized scheme" &&
180+ test_when_finished "rm -rf dst" &&
181+ git init --bare dst &&
182+ git -C dst config transfer.fsckObjects true &&
183+ git push dst HEAD
184+'
185+
186 test_expect_success 'fsck rejects embedded newline in url' '
187 # create an orphan branch to avoid existing .gitmodules objects
188 git checkout --orphan newline &&
189@@ -76,4 +90,19 @@ test_expect_success 'fsck rejects embedded newline in url' '
190 grep gitmodulesUrl err
191 '
192
193+test_expect_success 'fsck rejects embedded newline in relative url' '
194+ git checkout --orphan relative-newline &&
195+ cat >.gitmodules <<-\EOF &&
196+ [submodule "foo"]
197+ url = "./%0ahost=two.example.com/foo.git"
198+ EOF
199+ git add .gitmodules &&
200+ git commit -m "relative url with newline" &&
201+ test_when_finished "rm -rf dst" &&
202+ git init --bare dst &&
203+ git -C dst config transfer.fsckObjects true &&
204+ test_must_fail git push dst HEAD 2>err &&
205+ grep gitmodulesUrl err
206+'
207+
208 test_done
209--
2101.9.1
211
diff --git a/meta/recipes-devtools/git/git/CVE-2020-11008-6.patch b/meta/recipes-devtools/git/git/CVE-2020-11008-6.patch
new file mode 100644
index 0000000000..6b36893030
--- /dev/null
+++ b/meta/recipes-devtools/git/git/CVE-2020-11008-6.patch
@@ -0,0 +1,84 @@
1From 883508bcebe87fbe7fb7392272e930c27c30fdc2 Mon Sep 17 00:00:00 2001
2From: Jeff King <peff@peff.net>
3Date: Sat, 18 Apr 2020 20:53:09 -0700
4Subject: [PATCH 09/12] credential: die() when parsing invalid urls
5
6When we try to initialize credential loading by URL and find that the
7URL is invalid, we set all fields to NULL in order to avoid acting on
8malicious input. Later when we request credentials, we diagonse the
9erroneous input:
10
11 fatal: refusing to work with credential missing host field
12
13This is problematic in two ways:
14
15- The message doesn't tell the user *why* we are missing the host
16 field, so they can't tell from this message alone how to recover.
17 There can be intervening messages after the original warning of
18 bad input, so the user may not have the context to put two and two
19 together.
20
21- The error only occurs when we actually need to get a credential. If
22 the URL permits anonymous access, the only encouragement the user gets
23 to correct their bogus URL is a quiet warning.
24
25 This is inconsistent with the check we perform in fsck, where any use
26 of such a URL as a submodule is an error.
27
28When we see such a bogus URL, let's not try to be nice and continue
29without helpers. Instead, die() immediately. This is simpler and
30obviously safe. And there's very little chance of disrupting a normal
31workflow.
32
33It's _possible_ that somebody has a legitimate URL with a raw newline in
34it. It already wouldn't work with credential helpers, so this patch
35steps that up from an inconvenience to "we will refuse to work with it
36at all". If such a case does exist, we should figure out a way to work
37with it (especially if the newline is only in the path component, which
38we normally don't even pass to helpers). But until we see a real report,
39we're better off being defensive.
40
41Reported-by: Carlo Arenas <carenas@gmail.com>
42Signed-off-by: Jeff King <peff@peff.net>
43Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
44
45Upstream-Status: Backport
46CVE: CVE-2020-11008 (6)
47Signed-off-by: Li Zhou <li.zhou@windriver.com>
48---
49 credential.c | 6 ++----
50 t/t0300-credentials.sh | 3 +--
51 2 files changed, 3 insertions(+), 6 deletions(-)
52
53diff --git a/credential.c b/credential.c
54index e08ed84..22649d5 100644
55--- a/credential.c
56+++ b/credential.c
57@@ -408,8 +408,6 @@ int credential_from_url_gently(struct credential *c, const char *url,
58
59 void credential_from_url(struct credential *c, const char *url)
60 {
61- if (credential_from_url_gently(c, url, 0) < 0) {
62- warning(_("skipping credential lookup for url: %s"), url);
63- credential_clear(c);
64- }
65+ if (credential_from_url_gently(c, url, 0) < 0)
66+ die(_("credential url cannot be parsed: %s"), url);
67 }
68diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh
69index 646f845..efed3ea 100755
70--- a/t/t0300-credentials.sh
71+++ b/t/t0300-credentials.sh
72@@ -406,8 +406,7 @@ test_expect_success 'url parser rejects embedded newlines' '
73 EOF
74 cat >expect <<-\EOF &&
75 warning: url contains a newline in its host component: https://one.example.com?%0ahost=two.example.com/
76- warning: skipping credential lookup for url: https://one.example.com?%0ahost=two.example.com/
77- fatal: refusing to work with credential missing host field
78+ fatal: credential url cannot be parsed: https://one.example.com?%0ahost=two.example.com/
79 EOF
80 test_i18ncmp expect stderr
81 '
82--
831.9.1
84
diff --git a/meta/recipes-devtools/git/git/CVE-2020-11008-7.patch b/meta/recipes-devtools/git/git/CVE-2020-11008-7.patch
new file mode 100644
index 0000000000..5e3b6f1454
--- /dev/null
+++ b/meta/recipes-devtools/git/git/CVE-2020-11008-7.patch
@@ -0,0 +1,206 @@
1From 68acf8724e9cb2f67664dd980581c0022401daf0 Mon Sep 17 00:00:00 2001
2From: Jonathan Nieder <jrnieder@gmail.com>
3Date: Sat, 18 Apr 2020 20:54:13 -0700
4Subject: [PATCH 10/12] credential: treat URL without scheme as invalid
5
6libcurl permits making requests without a URL scheme specified. In
7this case, it guesses the URL from the hostname, so I can run
8
9 git ls-remote http::ftp.example.com/path/to/repo
10
11and it would make an FTP request.
12
13Any user intentionally using such a URL is likely to have made a typo.
14Unfortunately, credential_from_url is not able to determine the host and
15protocol in order to determine appropriate credentials to send, and
16until "credential: refuse to operate when missing host or protocol",
17this resulted in another host's credentials being leaked to the named
18host.
19
20Teach credential_from_url_gently to consider such a URL to be invalid
21so that fsck can detect and block gitmodules files with such URLs,
22allowing server operators to avoid serving them to downstream users
23running older versions of Git.
24
25This also means that when such URLs are passed on the command line, Git
26will print a clearer error so affected users can switch to the simpler
27URL that explicitly specifies the host and protocol they intend.
28
29One subtlety: .gitmodules files can contain relative URLs, representing
30a URL relative to the URL they were cloned from. The relative URL
31resolver used for .gitmodules can follow ".." components out of the path
32part and past the host part of a URL, meaning that such a relative URL
33can be used to traverse from a https://foo.example.com/innocent
34superproject to a https::attacker.example.com/exploit submodule.
35Fortunately a leading ':' in the first path component after a series of
36leading './' and '../' components is unlikely to show up in other
37contexts, so we can catch this by detecting that pattern.
38
39Reported-by: Jeff King <peff@peff.net>
40Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
41Reviewed-by: Jeff King <peff@peff.net>
42
43Upstream-Status: Backport
44CVE: CVE-2020-11008 (7)
45Signed-off-by: Li Zhou <li.zhou@windriver.com>
46---
47 credential.c | 7 +++++--
48 fsck.c | 47 +++++++++++++++++++++++++++++++++++++++++--
49 t/t5550-http-fetch-dumb.sh | 7 ++-----
50 t/t7416-submodule-dash-url.sh | 32 +++++++++++++++++++++++++++++
51 4 files changed, 84 insertions(+), 9 deletions(-)
52
53diff --git a/credential.c b/credential.c
54index 22649d5..1e1aed5 100644
55--- a/credential.c
56+++ b/credential.c
57@@ -360,8 +360,11 @@ int credential_from_url_gently(struct credential *c, const char *url,
58 * (3) proto://<user>:<pass>@<host>/...
59 */
60 proto_end = strstr(url, "://");
61- if (!proto_end)
62- return 0;
63+ if (!proto_end) {
64+ if (!quiet)
65+ warning(_("url has no scheme: %s"), url);
66+ return -1;
67+ }
68 cp = proto_end + 3;
69 at = strchr(cp, '@');
70 colon = strchr(cp, ':');
71diff --git a/fsck.c b/fsck.c
72index 0f21eb1..30eac29 100644
73--- a/fsck.c
74+++ b/fsck.c
75@@ -978,6 +978,34 @@ static int submodule_url_is_relative(const char *url)
76 }
77
78 /*
79+ * Count directory components that a relative submodule URL should chop
80+ * from the remote_url it is to be resolved against.
81+ *
82+ * In other words, this counts "../" components at the start of a
83+ * submodule URL.
84+ *
85+ * Returns the number of directory components to chop and writes a
86+ * pointer to the next character of url after all leading "./" and
87+ * "../" components to out.
88+ */
89+static int count_leading_dotdots(const char *url, const char **out)
90+{
91+ int result = 0;
92+ while (1) {
93+ if (starts_with_dot_dot_slash(url)) {
94+ result++;
95+ url += strlen("../");
96+ continue;
97+ }
98+ if (starts_with_dot_slash(url)) {
99+ url += strlen("./");
100+ continue;
101+ }
102+ *out = url;
103+ return result;
104+ }
105+}
106+/*
107 * Check whether a transport is implemented by git-remote-curl.
108 *
109 * If it is, returns 1 and writes the URL that would be passed to
110@@ -1024,15 +1052,30 @@ static int check_submodule_url(const char *url)
111 return -1;
112
113 if (submodule_url_is_relative(url)) {
114+ char *decoded;
115+ const char *next;
116+ int has_nl;
117+
118 /*
119 * This could be appended to an http URL and url-decoded;
120 * check for malicious characters.
121 */
122- char *decoded = url_decode(url);
123- int has_nl = !!strchr(decoded, '\n');
124+ decoded = url_decode(url);
125+ has_nl = !!strchr(decoded, '\n');
126+
127 free(decoded);
128 if (has_nl)
129 return -1;
130+
131+ /*
132+ * URLs which escape their root via "../" can overwrite
133+ * the host field and previous components, resolving to
134+ * URLs like https::example.com/submodule.git that were
135+ * susceptible to CVE-2020-11008.
136+ */
137+ if (count_leading_dotdots(url, &next) > 0 &&
138+ *next == ':')
139+ return -1;
140 }
141
142 else if (url_to_curl_url(url, &curl_url)) {
143diff --git a/t/t5550-http-fetch-dumb.sh b/t/t5550-http-fetch-dumb.sh
144index b811d89..1c9e5d3 100755
145--- a/t/t5550-http-fetch-dumb.sh
146+++ b/t/t5550-http-fetch-dumb.sh
147@@ -321,11 +321,8 @@ test_expect_success 'git client does not send an empty Accept-Language' '
148 '
149
150 test_expect_success 'remote-http complains cleanly about malformed urls' '
151- # do not actually issue "list" or other commands, as we do not
152- # want to rely on what curl would actually do with such a broken
153- # URL. This is just about making sure we do not segfault during
154- # initialization.
155- test_must_fail git remote-http http::/example.com/repo.git
156+ test_must_fail git remote-http http::/example.com/repo.git 2>stderr &&
157+ test_i18ngrep "url has no scheme" stderr
158 '
159
160 test_expect_success 'redirects can be forbidden/allowed' '
161diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh
162index afdd255..249dc3d 100755
163--- a/t/t7416-submodule-dash-url.sh
164+++ b/t/t7416-submodule-dash-url.sh
165@@ -60,6 +60,38 @@ test_expect_success 'trailing backslash is handled correctly' '
166 test_i18ngrep ! "unknown option" err
167 '
168
169+test_expect_success 'fsck rejects missing URL scheme' '
170+ git checkout --orphan missing-scheme &&
171+ cat >.gitmodules <<-\EOF &&
172+ [submodule "foo"]
173+ url = http::one.example.com/foo.git
174+ EOF
175+ git add .gitmodules &&
176+ test_tick &&
177+ git commit -m "gitmodules with missing URL scheme" &&
178+ test_when_finished "rm -rf dst" &&
179+ git init --bare dst &&
180+ git -C dst config transfer.fsckObjects true &&
181+ test_must_fail git push dst HEAD 2>err &&
182+ grep gitmodulesUrl err
183+'
184+
185+test_expect_success 'fsck rejects relative URL resolving to missing scheme' '
186+ git checkout --orphan relative-missing-scheme &&
187+ cat >.gitmodules <<-\EOF &&
188+ [submodule "foo"]
189+ url = "..\\../.\\../:one.example.com/foo.git"
190+ EOF
191+ git add .gitmodules &&
192+ test_tick &&
193+ git commit -m "gitmodules with relative URL that strips off scheme" &&
194+ test_when_finished "rm -rf dst" &&
195+ git init --bare dst &&
196+ git -C dst config transfer.fsckObjects true &&
197+ test_must_fail git push dst HEAD 2>err &&
198+ grep gitmodulesUrl err
199+'
200+
201 test_expect_success 'fsck permits embedded newline with unrecognized scheme' '
202 git checkout --orphan newscheme &&
203 cat >.gitmodules <<-\EOF &&
204--
2051.9.1
206
diff --git a/meta/recipes-devtools/git/git/CVE-2020-11008-8.patch b/meta/recipes-devtools/git/git/CVE-2020-11008-8.patch
new file mode 100644
index 0000000000..935d47795f
--- /dev/null
+++ b/meta/recipes-devtools/git/git/CVE-2020-11008-8.patch
@@ -0,0 +1,114 @@
1From 5e06d0781a963d62413ae7eab4eb78cc7195af8b Mon Sep 17 00:00:00 2001
2From: Jonathan Nieder <jrnieder@gmail.com>
3Date: Sat, 18 Apr 2020 20:54:57 -0700
4Subject: [PATCH 11/12] credential: treat URL with empty scheme as invalid
5
6Until "credential: refuse to operate when missing host or protocol",
7Git's credential handling code interpreted URLs with empty scheme to
8mean "give me credentials matching this host for any protocol".
9
10Luckily libcurl does not recognize such URLs (it tries to look for a
11protocol named "" and fails). Just in case that changes, let's reject
12them within Git as well. This way, credential_from_url is guaranteed to
13always produce a "struct credential" with protocol and host set.
14
15Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
16
17Upstream-Status: Backport
18CVE: CVE-2020-11008 (8)
19Signed-off-by: Li Zhou <li.zhou@windriver.com>
20---
21 credential.c | 5 ++---
22 t/t5550-http-fetch-dumb.sh | 9 +++++++++
23 t/t7416-submodule-dash-url.sh | 32 ++++++++++++++++++++++++++++++++
24 3 files changed, 43 insertions(+), 3 deletions(-)
25
26diff --git a/credential.c b/credential.c
27index 1e1aed5..cf11cc9 100644
28--- a/credential.c
29+++ b/credential.c
30@@ -360,7 +360,7 @@ int credential_from_url_gently(struct credential *c, const char *url,
31 * (3) proto://<user>:<pass>@<host>/...
32 */
33 proto_end = strstr(url, "://");
34- if (!proto_end) {
35+ if (!proto_end || proto_end == url) {
36 if (!quiet)
37 warning(_("url has no scheme: %s"), url);
38 return -1;
39@@ -385,8 +385,7 @@ int credential_from_url_gently(struct credential *c, const char *url,
40 host = at + 1;
41 }
42
43- if (proto_end - url > 0)
44- c->protocol = xmemdupz(url, proto_end - url);
45+ c->protocol = xmemdupz(url, proto_end - url);
46 c->host = url_decode_mem(host, slash - host);
47 /* Trim leading and trailing slashes from path */
48 while (*slash == '/')
49diff --git a/t/t5550-http-fetch-dumb.sh b/t/t5550-http-fetch-dumb.sh
50index 1c9e5d3..ea2688b 100755
51--- a/t/t5550-http-fetch-dumb.sh
52+++ b/t/t5550-http-fetch-dumb.sh
53@@ -325,6 +325,15 @@ test_expect_success 'remote-http complains cleanly about malformed urls' '
54 test_i18ngrep "url has no scheme" stderr
55 '
56
57+# NEEDSWORK: Writing commands to git-remote-curl can race against the latter
58+# erroring out, producing SIGPIPE. Remove "ok=sigpipe" once transport-helper has
59+# learned to handle early remote helper failures more cleanly.
60+test_expect_success 'remote-http complains cleanly about empty scheme' '
61+ test_must_fail ok=sigpipe git ls-remote \
62+ http::${HTTPD_URL#http}/dumb/repo.git 2>stderr &&
63+ test_i18ngrep "url has no scheme" stderr
64+'
65+
66 test_expect_success 'redirects can be forbidden/allowed' '
67 test_must_fail git -c http.followRedirects=false \
68 clone $HTTPD_URL/dumb-redir/repo.git dumb-redir &&
69diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh
70index 249dc3d..9309040 100755
71--- a/t/t7416-submodule-dash-url.sh
72+++ b/t/t7416-submodule-dash-url.sh
73@@ -92,6 +92,38 @@ test_expect_success 'fsck rejects relative URL resolving to missing scheme' '
74 grep gitmodulesUrl err
75 '
76
77+test_expect_success 'fsck rejects empty URL scheme' '
78+ git checkout --orphan empty-scheme &&
79+ cat >.gitmodules <<-\EOF &&
80+ [submodule "foo"]
81+ url = http::://one.example.com/foo.git
82+ EOF
83+ git add .gitmodules &&
84+ test_tick &&
85+ git commit -m "gitmodules with empty URL scheme" &&
86+ test_when_finished "rm -rf dst" &&
87+ git init --bare dst &&
88+ git -C dst config transfer.fsckObjects true &&
89+ test_must_fail git push dst HEAD 2>err &&
90+ grep gitmodulesUrl err
91+'
92+
93+test_expect_success 'fsck rejects relative URL resolving to empty scheme' '
94+ git checkout --orphan relative-empty-scheme &&
95+ cat >.gitmodules <<-\EOF &&
96+ [submodule "foo"]
97+ url = ../../../:://one.example.com/foo.git
98+ EOF
99+ git add .gitmodules &&
100+ test_tick &&
101+ git commit -m "relative gitmodules URL resolving to empty scheme" &&
102+ test_when_finished "rm -rf dst" &&
103+ git init --bare dst &&
104+ git -C dst config transfer.fsckObjects true &&
105+ test_must_fail git push dst HEAD 2>err &&
106+ grep gitmodulesUrl err
107+'
108+
109 test_expect_success 'fsck permits embedded newline with unrecognized scheme' '
110 git checkout --orphan newscheme &&
111 cat >.gitmodules <<-\EOF &&
112--
1131.9.1
114
diff --git a/meta/recipes-devtools/git/git/CVE-2020-11008-9.patch b/meta/recipes-devtools/git/git/CVE-2020-11008-9.patch
new file mode 100644
index 0000000000..22292dbbbf
--- /dev/null
+++ b/meta/recipes-devtools/git/git/CVE-2020-11008-9.patch
@@ -0,0 +1,114 @@
1From 2e084e25fa454c58a600c9434f776f2150037a76 Mon Sep 17 00:00:00 2001
2From: Jonathan Nieder <jrnieder@gmail.com>
3Date: Sat, 18 Apr 2020 20:57:22 -0700
4Subject: [PATCH 12/12] fsck: reject URL with empty host in .gitmodules
5
6Git's URL parser interprets
7
8 https:///example.com/repo.git
9
10to have no host and a path of "example.com/repo.git". Curl, on the
11other hand, internally redirects it to https://example.com/repo.git. As
12a result, until "credential: parse URL without host as empty host, not
13unset", tricking a user into fetching from such a URL would cause Git to
14send credentials for another host to example.com.
15
16Teach fsck to block and detect .gitmodules files using such a URL to
17prevent sharing them with Git versions that are not yet protected.
18
19A relative URL in a .gitmodules file could also be used to trigger this.
20The relative URL resolver used for .gitmodules does not normalize
21sequences of slashes and can follow ".." components out of the path part
22and to the host part of a URL, meaning that such a relative URL can be
23used to traverse from a https://foo.example.com/innocent superproject to
24a https:///attacker.example.com/exploit submodule. Fortunately,
25redundant extra slashes in .gitmodules are rare, so we can catch this by
26detecting one after a leading sequence of "./" and "../" components.
27
28Helped-by: Jeff King <peff@peff.net>
29Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
30Reviewed-by: Jeff King <peff@peff.net>
31
32Upstream-Status: Backport
33CVE: CVE-2020-11008 (9)
34Signed-off-by: Li Zhou <li.zhou@windriver.com>
35---
36 fsck.c | 10 +++++++---
37 t/t7416-submodule-dash-url.sh | 32 ++++++++++++++++++++++++++++++++
38 2 files changed, 39 insertions(+), 3 deletions(-)
39
40diff --git a/fsck.c b/fsck.c
41index 30eac29..00077b1 100644
42--- a/fsck.c
43+++ b/fsck.c
44@@ -1070,17 +1070,21 @@ static int check_submodule_url(const char *url)
45 /*
46 * URLs which escape their root via "../" can overwrite
47 * the host field and previous components, resolving to
48- * URLs like https::example.com/submodule.git that were
49+ * URLs like https::example.com/submodule.git and
50+ * https:///example.com/submodule.git that were
51 * susceptible to CVE-2020-11008.
52 */
53 if (count_leading_dotdots(url, &next) > 0 &&
54- *next == ':')
55+ (*next == ':' || *next == '/'))
56 return -1;
57 }
58
59 else if (url_to_curl_url(url, &curl_url)) {
60 struct credential c = CREDENTIAL_INIT;
61- int ret = credential_from_url_gently(&c, curl_url, 1);
62+ int ret = 0;
63+ if (credential_from_url_gently(&c, curl_url, 1) ||
64+ !*c.host)
65+ ret = -1;
66 credential_clear(&c);
67 return ret;
68 }
69diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh
70index 9309040..eec96e0 100755
71--- a/t/t7416-submodule-dash-url.sh
72+++ b/t/t7416-submodule-dash-url.sh
73@@ -124,6 +124,38 @@ test_expect_success 'fsck rejects relative URL resolving to empty scheme' '
74 grep gitmodulesUrl err
75 '
76
77+test_expect_success 'fsck rejects empty hostname' '
78+ git checkout --orphan empty-host &&
79+ cat >.gitmodules <<-\EOF &&
80+ [submodule "foo"]
81+ url = http:///one.example.com/foo.git
82+ EOF
83+ git add .gitmodules &&
84+ test_tick &&
85+ git commit -m "gitmodules with extra slashes" &&
86+ test_when_finished "rm -rf dst" &&
87+ git init --bare dst &&
88+ git -C dst config transfer.fsckObjects true &&
89+ test_must_fail git push dst HEAD 2>err &&
90+ grep gitmodulesUrl err
91+'
92+
93+test_expect_success 'fsck rejects relative url that produced empty hostname' '
94+ git checkout --orphan messy-relative &&
95+ cat >.gitmodules <<-\EOF &&
96+ [submodule "foo"]
97+ url = ../../..//one.example.com/foo.git
98+ EOF
99+ git add .gitmodules &&
100+ test_tick &&
101+ git commit -m "gitmodules abusing relative_path" &&
102+ test_when_finished "rm -rf dst" &&
103+ git init --bare dst &&
104+ git -C dst config transfer.fsckObjects true &&
105+ test_must_fail git push dst HEAD 2>err &&
106+ grep gitmodulesUrl err
107+'
108+
109 test_expect_success 'fsck permits embedded newline with unrecognized scheme' '
110 git checkout --orphan newscheme &&
111 cat >.gitmodules <<-\EOF &&
112--
1131.9.1
114
diff --git a/meta/recipes-devtools/git/git/CVE-2020-5260.patch b/meta/recipes-devtools/git/git/CVE-2020-5260.patch
new file mode 100644
index 0000000000..d03e701a8f
--- /dev/null
+++ b/meta/recipes-devtools/git/git/CVE-2020-5260.patch
@@ -0,0 +1,65 @@
1From 9a6bbee8006c24b46a85d29e7b38cfa79e9ab21b Mon Sep 17 00:00:00 2001
2From: Jeff King <peff@peff.net>
3Date: Wed, 11 Mar 2020 17:53:41 -0400
4Subject: [PATCH] credential: avoid writing values with newlines
5
6The credential protocol that we use to speak to helpers can't represent
7values with newlines in them. This was an intentional design choice to
8keep the protocol simple, since none of the values we pass should
9generally have newlines.
10
11However, if we _do_ encounter a newline in a value, we blindly transmit
12it in credential_write(). Such values may break the protocol syntax, or
13worse, inject new valid lines into the protocol stream.
14
15The most likely way for a newline to end up in a credential struct is by
16decoding a URL with a percent-encoded newline. However, since the bug
17occurs at the moment we write the value to the protocol, we'll catch it
18there. That should leave no possibility of accidentally missing a code
19path that can trigger the problem.
20
21At this level of the code we have little choice but to die(). However,
22since we'd not ever expect to see this case outside of a malicious URL,
23that's an acceptable outcome.
24
25Reported-by: Felix Wilhelm <fwilhelm@google.com>
26
27Upstream-Status: Backport
28CVE: CVE-2020-5260
29Signed-off-by: Li Zhou <li.zhou@windriver.com>
30---
31 credential.c | 2 ++
32 t/t0300-credentials.sh | 6 ++++++
33 2 files changed, 8 insertions(+)
34
35diff --git a/credential.c b/credential.c
36index 9747f47..00ee4d6 100644
37--- a/credential.c
38+++ b/credential.c
39@@ -194,6 +194,8 @@ static void credential_write_item(FILE *fp, const char *key, const char *value)
40 {
41 if (!value)
42 return;
43+ if (strchr(value, '\n'))
44+ die("credential value for %s contains newline", key);
45 fprintf(fp, "%s=%s\n", key, value);
46 }
47
48diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh
49index 03bd31e..15cc3c5 100755
50--- a/t/t0300-credentials.sh
51+++ b/t/t0300-credentials.sh
52@@ -309,4 +309,10 @@ test_expect_success 'empty helper spec resets helper list' '
53 EOF
54 '
55
56+test_expect_success 'url parser rejects embedded newlines' '
57+ test_must_fail git credential fill <<-\EOF
58+ url=https://one.example.com?%0ahost=two.example.com/
59+ EOF
60+'
61+
62 test_done
63--
641.9.1
65
diff --git a/meta/recipes-devtools/go/go-1.12.inc b/meta/recipes-devtools/go/go-1.12.inc
index 6aecaad75d..2a0680aeaa 100644
--- a/meta/recipes-devtools/go/go-1.12.inc
+++ b/meta/recipes-devtools/go/go-1.12.inc
@@ -18,6 +18,10 @@ SRC_URI += "\
18 file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ 18 file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
19 file://0001-release-branch.go1.12-security-net-textproto-don-t-n.patch \ 19 file://0001-release-branch.go1.12-security-net-textproto-don-t-n.patch \
20 file://0010-fix-CVE-2019-17596.patch \ 20 file://0010-fix-CVE-2019-17596.patch \
21 file://CVE-2020-15586.patch \
22 file://CVE-2020-16845.patch \
23 file://0001-net-http-cgi-rename-a-test-file-to-be-less-cute.patch \
24 file://CVE-2020-24553.patch \
21" 25"
22SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" 26SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
23 27
diff --git a/meta/recipes-devtools/go/go-1.12/0001-net-http-cgi-rename-a-test-file-to-be-less-cute.patch b/meta/recipes-devtools/go/go-1.12/0001-net-http-cgi-rename-a-test-file-to-be-less-cute.patch
new file mode 100644
index 0000000000..7c07961c03
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.12/0001-net-http-cgi-rename-a-test-file-to-be-less-cute.patch
@@ -0,0 +1,28 @@
1From 8390c478600b852392cb116741b3cb239c94d123 Mon Sep 17 00:00:00 2001
2From: Brad Fitzpatrick <bradfitz@golang.org>
3Date: Wed, 15 Jan 2020 18:08:10 +0000
4Subject: [PATCH] net/http/cgi: rename a test file to be less cute
5
6My fault (from CL 4245070), sorry.
7
8Change-Id: Ib95d3170dc326e74aa74c22421c4e44a8b00f577
9Reviewed-on: https://go-review.googlesource.com/c/go/+/214920
10Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
11TryBot-Result: Gobot Gobot <gobot@golang.org>
12Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
13
14Upstream-Status: Backport
15[lz: Add this patch for merging the patch for CVE-2020-24553]
16Signed-off-by: Li Zhou <li.zhou@windriver.com>
17---
18 src/net/http/cgi/{matryoshka_test.go => integration_test.go} | 0
19 1 file changed, 0 insertions(+), 0 deletions(-)
20 rename src/net/http/cgi/{matryoshka_test.go => integration_test.go} (100%)
21
22diff --git a/src/net/http/cgi/matryoshka_test.go b/src/net/http/cgi/integration_test.go
23similarity index 100%
24rename from src/net/http/cgi/matryoshka_test.go
25rename to src/net/http/cgi/integration_test.go
26--
272.17.1
28
diff --git a/meta/recipes-devtools/go/go-1.12/CVE-2020-15586.patch b/meta/recipes-devtools/go/go-1.12/CVE-2020-15586.patch
new file mode 100644
index 0000000000..ebdc5aec6d
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.12/CVE-2020-15586.patch
@@ -0,0 +1,131 @@
1From fa98f46741f818913a8c11b877520a548715131f Mon Sep 17 00:00:00 2001
2From: Russ Cox <rsc@golang.org>
3Date: Mon, 13 Jul 2020 13:27:22 -0400
4Subject: [PATCH] net/http: synchronize "100 Continue" write and Handler writes
5
6The expectContinueReader writes to the connection on the first
7Request.Body read. Since a Handler might be doing a read in parallel or
8before a write, expectContinueReader needs to synchronize with the
9ResponseWriter, and abort if a response already went out.
10
11The tests will land in a separate CL.
12
13Fixes #34902
14Fixes CVE-2020-15586
15
16Change-Id: Icdd8dd539f45e8863762bd378194bb4741e875fc
17Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/793350
18Reviewed-by: Filippo Valsorda <valsorda@google.com>
19Reviewed-on: https://go-review.googlesource.com/c/go/+/242598
20Run-TryBot: Katie Hockman <katie@golang.org>
21Reviewed-by: Filippo Valsorda <filippo@golang.org>
22TryBot-Result: Gobot Gobot <gobot@golang.org>
23
24Upstream-Status: Backport
25CVE: CVE-2020-15586
26Signed-off-by: Li Zhou <li.zhou@windriver.com>
27---
28 src/net/http/server.go | 43 +++++++++++++++++++++++++++++++++++-------
29 1 file changed, 36 insertions(+), 7 deletions(-)
30
31diff --git a/src/net/http/server.go b/src/net/http/server.go
32index a995a50658..d41b5f6f48 100644
33--- a/src/net/http/server.go
34+++ b/src/net/http/server.go
35@@ -425,6 +425,16 @@ type response struct {
36 wants10KeepAlive bool // HTTP/1.0 w/ Connection "keep-alive"
37 wantsClose bool // HTTP request has Connection "close"
38
39+ // canWriteContinue is a boolean value accessed as an atomic int32
40+ // that says whether or not a 100 Continue header can be written
41+ // to the connection.
42+ // writeContinueMu must be held while writing the header.
43+ // These two fields together synchronize the body reader
44+ // (the expectContinueReader, which wants to write 100 Continue)
45+ // against the main writer.
46+ canWriteContinue atomicBool
47+ writeContinueMu sync.Mutex
48+
49 w *bufio.Writer // buffers output in chunks to chunkWriter
50 cw chunkWriter
51
52@@ -515,6 +525,7 @@ type atomicBool int32
53
54 func (b *atomicBool) isSet() bool { return atomic.LoadInt32((*int32)(b)) != 0 }
55 func (b *atomicBool) setTrue() { atomic.StoreInt32((*int32)(b), 1) }
56+func (b *atomicBool) setFalse() { atomic.StoreInt32((*int32)(b), 0) }
57
58 // declareTrailer is called for each Trailer header when the
59 // response header is written. It notes that a header will need to be
60@@ -878,21 +889,27 @@ type expectContinueReader struct {
61 resp *response
62 readCloser io.ReadCloser
63 closed bool
64- sawEOF bool
65+ sawEOF atomicBool
66 }
67
68 func (ecr *expectContinueReader) Read(p []byte) (n int, err error) {
69 if ecr.closed {
70 return 0, ErrBodyReadAfterClose
71 }
72- if !ecr.resp.wroteContinue && !ecr.resp.conn.hijacked() {
73- ecr.resp.wroteContinue = true
74- ecr.resp.conn.bufw.WriteString("HTTP/1.1 100 Continue\r\n\r\n")
75- ecr.resp.conn.bufw.Flush()
76+ w := ecr.resp
77+ if !w.wroteContinue && w.canWriteContinue.isSet() && !w.conn.hijacked() {
78+ w.wroteContinue = true
79+ w.writeContinueMu.Lock()
80+ if w.canWriteContinue.isSet() {
81+ w.conn.bufw.WriteString("HTTP/1.1 100 Continue\r\n\r\n")
82+ w.conn.bufw.Flush()
83+ w.canWriteContinue.setFalse()
84+ }
85+ w.writeContinueMu.Unlock()
86 }
87 n, err = ecr.readCloser.Read(p)
88 if err == io.EOF {
89- ecr.sawEOF = true
90+ ecr.sawEOF.setTrue()
91 }
92 return
93 }
94@@ -1311,7 +1328,7 @@ func (cw *chunkWriter) writeHeader(p []byte) {
95 // because we don't know if the next bytes on the wire will be
96 // the body-following-the-timer or the subsequent request.
97 // See Issue 11549.
98- if ecr, ok := w.req.Body.(*expectContinueReader); ok && !ecr.sawEOF {
99+ if ecr, ok := w.req.Body.(*expectContinueReader); ok && !ecr.sawEOF.isSet() {
100 w.closeAfterReply = true
101 }
102
103@@ -1561,6 +1578,17 @@ func (w *response) write(lenData int, dataB []byte, dataS string) (n int, err er
104 }
105 return 0, ErrHijacked
106 }
107+
108+ if w.canWriteContinue.isSet() {
109+ // Body reader wants to write 100 Continue but hasn't yet.
110+ // Tell it not to. The store must be done while holding the lock
111+ // because the lock makes sure that there is not an active write
112+ // this very moment.
113+ w.writeContinueMu.Lock()
114+ w.canWriteContinue.setFalse()
115+ w.writeContinueMu.Unlock()
116+ }
117+
118 if !w.wroteHeader {
119 w.WriteHeader(StatusOK)
120 }
121@@ -1872,6 +1900,7 @@ func (c *conn) serve(ctx context.Context) {
122 if req.ProtoAtLeast(1, 1) && req.ContentLength != 0 {
123 // Wrap the Body reader with one that replies on the connection
124 req.Body = &expectContinueReader{readCloser: req.Body, resp: w}
125+ w.canWriteContinue.setTrue()
126 }
127 } else if req.Header.get("Expect") != "" {
128 w.sendExpectationFailed()
129--
1302.17.1
131
diff --git a/meta/recipes-devtools/go/go-1.12/CVE-2020-16845.patch b/meta/recipes-devtools/go/go-1.12/CVE-2020-16845.patch
new file mode 100644
index 0000000000..80f467522f
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.12/CVE-2020-16845.patch
@@ -0,0 +1,110 @@
1From 027d7241ce050d197e7fabea3d541ffbe3487258 Mon Sep 17 00:00:00 2001
2From: Katie Hockman <katie@golang.org>
3Date: Tue, 4 Aug 2020 11:45:32 -0400
4Subject: [PATCH] encoding/binary: read at most MaxVarintLen64 bytes in
5 ReadUvarint
6MIME-Version: 1.0
7Content-Type: text/plain; charset=UTF-8
8Content-Transfer-Encoding: 8bit
9
10This CL ensures that ReadUvarint consumes only a limited
11amount of input (instead of an unbounded amount).
12
13On some inputs, ReadUvarint could read an arbitrary number
14of bytes before deciding to return an overflow error.
15After this CL, ReadUvarint returns that same overflow
16error sooner, after reading at most MaxVarintLen64 bytes.
17
18Fix authored by Robert Griesemer and Filippo Valsorda.
19
20Thanks to Diederik Loerakker, Jonny Rhea, Raúl Kripalani,
21and Preston Van Loon for reporting this.
22
23Fixes #40618
24Fixes CVE-2020-16845
25
26Change-Id: Ie0cb15972f14c38b7cf7af84c45c4ce54909bb8f
27Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/812099
28Reviewed-by: Filippo Valsorda <valsorda@google.com>
29Reviewed-on: https://go-review.googlesource.com/c/go/+/247120
30Run-TryBot: Katie Hockman <katie@golang.org>
31TryBot-Result: Gobot Gobot <gobot@golang.org>
32Reviewed-by: Alexander Rakoczy <alex@golang.org>
33
34Upstream-Status: Backport [https://github.com/golang/go.git]
35CVE: CVE-2020-16845
36Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
37---
38 src/encoding/binary/varint.go | 5 +++--
39 src/encoding/binary/varint_test.go | 18 ++++++++++++------
40 2 files changed, 15 insertions(+), 8 deletions(-)
41
42diff --git a/src/encoding/binary/varint.go b/src/encoding/binary/varint.go
43index bcb8ac9a45..38af61075c 100644
44--- a/src/encoding/binary/varint.go
45+++ b/src/encoding/binary/varint.go
46@@ -106,13 +106,13 @@ var overflow = errors.New("binary: varint overflows a 64-bit integer")
47 func ReadUvarint(r io.ByteReader) (uint64, error) {
48 var x uint64
49 var s uint
50- for i := 0; ; i++ {
51+ for i := 0; i < MaxVarintLen64; i++ {
52 b, err := r.ReadByte()
53 if err != nil {
54 return x, err
55 }
56 if b < 0x80 {
57- if i > 9 || i == 9 && b > 1 {
58+ if i == 9 && b > 1 {
59 return x, overflow
60 }
61 return x | uint64(b)<<s, nil
62@@ -120,6 +120,7 @@ func ReadUvarint(r io.ByteReader) (uint64, error) {
63 x |= uint64(b&0x7f) << s
64 s += 7
65 }
66+ return x, overflow
67 }
68
69 // ReadVarint reads an encoded signed integer from r and returns it as an int64.
70diff --git a/src/encoding/binary/varint_test.go b/src/encoding/binary/varint_test.go
71index ca411ecbd6..6ef4c99505 100644
72--- a/src/encoding/binary/varint_test.go
73+++ b/src/encoding/binary/varint_test.go
74@@ -121,21 +121,27 @@ func TestBufferTooSmall(t *testing.T) {
75 }
76 }
77
78-func testOverflow(t *testing.T, buf []byte, n0 int, err0 error) {
79+func testOverflow(t *testing.T, buf []byte, x0 uint64, n0 int, err0 error) {
80 x, n := Uvarint(buf)
81 if x != 0 || n != n0 {
82 t.Errorf("Uvarint(%v): got x = %d, n = %d; want 0, %d", buf, x, n, n0)
83 }
84
85- x, err := ReadUvarint(bytes.NewReader(buf))
86- if x != 0 || err != err0 {
87- t.Errorf("ReadUvarint(%v): got x = %d, err = %s; want 0, %s", buf, x, err, err0)
88+ r := bytes.NewReader(buf)
89+ len := r.Len()
90+ x, err := ReadUvarint(r)
91+ if x != x0 || err != err0 {
92+ t.Errorf("ReadUvarint(%v): got x = %d, err = %s; want %d, %s", buf, x, err, x0, err0)
93+ }
94+ if read := len - r.Len(); read > MaxVarintLen64 {
95+ t.Errorf("ReadUvarint(%v): read more than MaxVarintLen64 bytes, got %d", buf, read)
96 }
97 }
98
99 func TestOverflow(t *testing.T) {
100- testOverflow(t, []byte{0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x2}, -10, overflow)
101- testOverflow(t, []byte{0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x1, 0, 0}, -13, overflow)
102+ testOverflow(t, []byte{0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x2}, 0, -10, overflow)
103+ testOverflow(t, []byte{0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x1, 0, 0}, 0, -13, overflow)
104+ testOverflow(t, []byte{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 1<<64-1, 0, overflow) // 11 bytes, should overflow
105 }
106
107 func TestNonCanonicalZero(t *testing.T) {
108--
1092.17.0
110
diff --git a/meta/recipes-devtools/go/go-1.12/CVE-2020-24553.patch b/meta/recipes-devtools/go/go-1.12/CVE-2020-24553.patch
new file mode 100644
index 0000000000..18a218bc9a
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.12/CVE-2020-24553.patch
@@ -0,0 +1,429 @@
1From eb07103a083237414145a45f029c873d57037e06 Mon Sep 17 00:00:00 2001
2From: Roberto Clapis <roberto@golang.org>
3Date: Wed, 26 Aug 2020 08:53:03 +0200
4Subject: [PATCH] [release-branch.go1.15-security] net/http/cgi,net/http/fcgi:
5 add Content-Type detection
6
7This CL ensures that responses served via CGI and FastCGI
8have a Content-Type header based on the content of the
9response if not explicitly set by handlers.
10
11If the implementers of the handler did not explicitly
12specify a Content-Type both CGI implementations would default
13to "text/html", potentially causing cross-site scripting.
14
15Thanks to RedTeam Pentesting GmbH for reporting this.
16
17Fixes CVE-2020-24553
18
19Change-Id: I82cfc396309b5ab2e8d6e9a87eda8ea7e3799473
20Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/823217
21Reviewed-by: Russ Cox <rsc@google.com>
22(cherry picked from commit 23d675d07fdc56aafd67c0a0b63d5b7e14708ff0)
23Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/835311
24Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
25
26Upstream-Status: Backport
27CVE: CVE-2020-24553
28Signed-off-by: Li Zhou <li.zhou@windriver.com>
29---
30 src/net/http/cgi/child.go | 36 ++++++++++-----
31 src/net/http/cgi/child_test.go | 69 ++++++++++++++++++++++++++++
32 src/net/http/cgi/integration_test.go | 53 ++++++++++++++++++++-
33 src/net/http/fcgi/child.go | 39 ++++++++++++----
34 src/net/http/fcgi/fcgi_test.go | 52 +++++++++++++++++++++
35 5 files changed, 227 insertions(+), 22 deletions(-)
36
37diff --git a/src/net/http/cgi/child.go b/src/net/http/cgi/child.go
38index 9474175f17..61de6165f6 100644
39--- a/src/net/http/cgi/child.go
40+++ b/src/net/http/cgi/child.go
41@@ -163,10 +163,12 @@ func Serve(handler http.Handler) error {
42 }
43
44 type response struct {
45- req *http.Request
46- header http.Header
47- bufw *bufio.Writer
48- headerSent bool
49+ req *http.Request
50+ header http.Header
51+ code int
52+ wroteHeader bool
53+ wroteCGIHeader bool
54+ bufw *bufio.Writer
55 }
56
57 func (r *response) Flush() {
58@@ -178,26 +180,38 @@ func (r *response) Header() http.Header {
59 }
60
61 func (r *response) Write(p []byte) (n int, err error) {
62- if !r.headerSent {
63+ if !r.wroteHeader {
64 r.WriteHeader(http.StatusOK)
65 }
66+ if !r.wroteCGIHeader {
67+ r.writeCGIHeader(p)
68+ }
69 return r.bufw.Write(p)
70 }
71
72 func (r *response) WriteHeader(code int) {
73- if r.headerSent {
74+ if r.wroteHeader {
75 // Note: explicitly using Stderr, as Stdout is our HTTP output.
76 fmt.Fprintf(os.Stderr, "CGI attempted to write header twice on request for %s", r.req.URL)
77 return
78 }
79- r.headerSent = true
80- fmt.Fprintf(r.bufw, "Status: %d %s\r\n", code, http.StatusText(code))
81+ r.wroteHeader = true
82+ r.code = code
83+}
84
85- // Set a default Content-Type
86+// writeCGIHeader finalizes the header sent to the client and writes it to the output.
87+// p is not written by writeHeader, but is the first chunk of the body
88+// that will be written. It is sniffed for a Content-Type if none is
89+// set explicitly.
90+func (r *response) writeCGIHeader(p []byte) {
91+ if r.wroteCGIHeader {
92+ return
93+ }
94+ r.wroteCGIHeader = true
95+ fmt.Fprintf(r.bufw, "Status: %d %s\r\n", r.code, http.StatusText(r.code))
96 if _, hasType := r.header["Content-Type"]; !hasType {
97- r.header.Add("Content-Type", "text/html; charset=utf-8")
98+ r.header.Set("Content-Type", http.DetectContentType(p))
99 }
100-
101 r.header.Write(r.bufw)
102 r.bufw.WriteString("\r\n")
103 r.bufw.Flush()
104diff --git a/src/net/http/cgi/child_test.go b/src/net/http/cgi/child_test.go
105index 14e0af475f..f6ecb6eb80 100644
106--- a/src/net/http/cgi/child_test.go
107+++ b/src/net/http/cgi/child_test.go
108@@ -7,6 +7,11 @@
109 package cgi
110
111 import (
112+ "bufio"
113+ "bytes"
114+ "net/http"
115+ "net/http/httptest"
116+ "strings"
117 "testing"
118 )
119
120@@ -148,3 +153,67 @@ func TestRequestWithoutRemotePort(t *testing.T) {
121 t.Errorf("RemoteAddr: got %q; want %q", g, e)
122 }
123 }
124+
125+type countingWriter int
126+
127+func (c *countingWriter) Write(p []byte) (int, error) {
128+ *c += countingWriter(len(p))
129+ return len(p), nil
130+}
131+func (c *countingWriter) WriteString(p string) (int, error) {
132+ *c += countingWriter(len(p))
133+ return len(p), nil
134+}
135+
136+func TestResponse(t *testing.T) {
137+ var tests = []struct {
138+ name string
139+ body string
140+ wantCT string
141+ }{
142+ {
143+ name: "no body",
144+ wantCT: "text/plain; charset=utf-8",
145+ },
146+ {
147+ name: "html",
148+ body: "<html><head><title>test page</title></head><body>This is a body</body></html>",
149+ wantCT: "text/html; charset=utf-8",
150+ },
151+ {
152+ name: "text",
153+ body: strings.Repeat("gopher", 86),
154+ wantCT: "text/plain; charset=utf-8",
155+ },
156+ {
157+ name: "jpg",
158+ body: "\xFF\xD8\xFF" + strings.Repeat("B", 1024),
159+ wantCT: "image/jpeg",
160+ },
161+ }
162+ for _, tt := range tests {
163+ t.Run(tt.name, func(t *testing.T) {
164+ var buf bytes.Buffer
165+ resp := response{
166+ req: httptest.NewRequest("GET", "/", nil),
167+ header: http.Header{},
168+ bufw: bufio.NewWriter(&buf),
169+ }
170+ n, err := resp.Write([]byte(tt.body))
171+ if err != nil {
172+ t.Errorf("Write: unexpected %v", err)
173+ }
174+ if want := len(tt.body); n != want {
175+ t.Errorf("reported short Write: got %v want %v", n, want)
176+ }
177+ resp.writeCGIHeader(nil)
178+ resp.Flush()
179+ if got := resp.Header().Get("Content-Type"); got != tt.wantCT {
180+ t.Errorf("wrong content-type: got %q, want %q", got, tt.wantCT)
181+ }
182+ if !bytes.HasSuffix(buf.Bytes(), []byte(tt.body)) {
183+ t.Errorf("body was not correctly written")
184+ }
185+ })
186+ }
187+}
188diff --git a/src/net/http/cgi/integration_test.go b/src/net/http/cgi/integration_test.go
189index 32d59c09a3..295c3b82d4 100644
190--- a/src/net/http/cgi/integration_test.go
191+++ b/src/net/http/cgi/integration_test.go
192@@ -16,7 +16,9 @@ import (
193 "io"
194 "net/http"
195 "net/http/httptest"
196+ "net/url"
197 "os"
198+ "strings"
199 "testing"
200 "time"
201 )
202@@ -52,7 +54,7 @@ func TestHostingOurselves(t *testing.T) {
203 }
204 replay := runCgiTest(t, h, "GET /test.go?foo=bar&a=b HTTP/1.0\nHost: example.com\n\n", expectedMap)
205
206- if expected, got := "text/html; charset=utf-8", replay.Header().Get("Content-Type"); got != expected {
207+ if expected, got := "text/plain; charset=utf-8", replay.Header().Get("Content-Type"); got != expected {
208 t.Errorf("got a Content-Type of %q; expected %q", got, expected)
209 }
210 if expected, got := "X-Test-Value", replay.Header().Get("X-Test-Header"); got != expected {
211@@ -152,6 +154,51 @@ func TestChildOnlyHeaders(t *testing.T) {
212 }
213 }
214
215+func TestChildContentType(t *testing.T) {
216+ testenv.MustHaveExec(t)
217+
218+ h := &Handler{
219+ Path: os.Args[0],
220+ Root: "/test.go",
221+ Args: []string{"-test.run=TestBeChildCGIProcess"},
222+ }
223+ var tests = []struct {
224+ name string
225+ body string
226+ wantCT string
227+ }{
228+ {
229+ name: "no body",
230+ wantCT: "text/plain; charset=utf-8",
231+ },
232+ {
233+ name: "html",
234+ body: "<html><head><title>test page</title></head><body>This is a body</body></html>",
235+ wantCT: "text/html; charset=utf-8",
236+ },
237+ {
238+ name: "text",
239+ body: strings.Repeat("gopher", 86),
240+ wantCT: "text/plain; charset=utf-8",
241+ },
242+ {
243+ name: "jpg",
244+ body: "\xFF\xD8\xFF" + strings.Repeat("B", 1024),
245+ wantCT: "image/jpeg",
246+ },
247+ }
248+ for _, tt := range tests {
249+ t.Run(tt.name, func(t *testing.T) {
250+ expectedMap := map[string]string{"_body": tt.body}
251+ req := fmt.Sprintf("GET /test.go?exact-body=%s HTTP/1.0\nHost: example.com\n\n", url.QueryEscape(tt.body))
252+ replay := runCgiTest(t, h, req, expectedMap)
253+ if got := replay.Header().Get("Content-Type"); got != tt.wantCT {
254+ t.Errorf("got a Content-Type of %q; expected it to start with %q", got, tt.wantCT)
255+ }
256+ })
257+ }
258+}
259+
260 // golang.org/issue/7198
261 func Test500WithNoHeaders(t *testing.T) { want500Test(t, "/immediate-disconnect") }
262 func Test500WithNoContentType(t *testing.T) { want500Test(t, "/no-content-type") }
263@@ -203,6 +250,10 @@ func TestBeChildCGIProcess(t *testing.T) {
264 if req.FormValue("no-body") == "1" {
265 return
266 }
267+ if eb, ok := req.Form["exact-body"]; ok {
268+ io.WriteString(rw, eb[0])
269+ return
270+ }
271 if req.FormValue("write-forever") == "1" {
272 io.Copy(rw, neverEnding('a'))
273 for {
274diff --git a/src/net/http/fcgi/child.go b/src/net/http/fcgi/child.go
275index 30a6b2ce2d..a31273b3ec 100644
276--- a/src/net/http/fcgi/child.go
277+++ b/src/net/http/fcgi/child.go
278@@ -74,10 +74,12 @@ func (r *request) parseParams() {
279
280 // response implements http.ResponseWriter.
281 type response struct {
282- req *request
283- header http.Header
284- w *bufWriter
285- wroteHeader bool
286+ req *request
287+ header http.Header
288+ code int
289+ wroteHeader bool
290+ wroteCGIHeader bool
291+ w *bufWriter
292 }
293
294 func newResponse(c *child, req *request) *response {
295@@ -92,11 +94,14 @@ func (r *response) Header() http.Header {
296 return r.header
297 }
298
299-func (r *response) Write(data []byte) (int, error) {
300+func (r *response) Write(p []byte) (n int, err error) {
301 if !r.wroteHeader {
302 r.WriteHeader(http.StatusOK)
303 }
304- return r.w.Write(data)
305+ if !r.wroteCGIHeader {
306+ r.writeCGIHeader(p)
307+ }
308+ return r.w.Write(p)
309 }
310
311 func (r *response) WriteHeader(code int) {
312@@ -104,22 +109,34 @@ func (r *response) WriteHeader(code int) {
313 return
314 }
315 r.wroteHeader = true
316+ r.code = code
317 if code == http.StatusNotModified {
318 // Must not have body.
319 r.header.Del("Content-Type")
320 r.header.Del("Content-Length")
321 r.header.Del("Transfer-Encoding")
322- } else if r.header.Get("Content-Type") == "" {
323- r.header.Set("Content-Type", "text/html; charset=utf-8")
324 }
325-
326 if r.header.Get("Date") == "" {
327 r.header.Set("Date", time.Now().UTC().Format(http.TimeFormat))
328 }
329+}
330
331- fmt.Fprintf(r.w, "Status: %d %s\r\n", code, http.StatusText(code))
332+// writeCGIHeader finalizes the header sent to the client and writes it to the output.
333+// p is not written by writeHeader, but is the first chunk of the body
334+// that will be written. It is sniffed for a Content-Type if none is
335+// set explicitly.
336+func (r *response) writeCGIHeader(p []byte) {
337+ if r.wroteCGIHeader {
338+ return
339+ }
340+ r.wroteCGIHeader = true
341+ fmt.Fprintf(r.w, "Status: %d %s\r\n", r.code, http.StatusText(r.code))
342+ if _, hasType := r.header["Content-Type"]; r.code != http.StatusNotModified && !hasType {
343+ r.header.Set("Content-Type", http.DetectContentType(p))
344+ }
345 r.header.Write(r.w)
346 r.w.WriteString("\r\n")
347+ r.w.Flush()
348 }
349
350 func (r *response) Flush() {
351@@ -290,6 +307,8 @@ func (c *child) serveRequest(req *request, body io.ReadCloser) {
352 httpReq = httpReq.WithContext(envVarCtx)
353 c.handler.ServeHTTP(r, httpReq)
354 }
355+ // Make sure we serve something even if nothing was written to r
356+ r.Write(nil)
357 r.Close()
358 c.mu.Lock()
359 delete(c.requests, req.reqId)
360diff --git a/src/net/http/fcgi/fcgi_test.go b/src/net/http/fcgi/fcgi_test.go
361index e9d2b34023..4a27a12c35 100644
362--- a/src/net/http/fcgi/fcgi_test.go
363+++ b/src/net/http/fcgi/fcgi_test.go
364@@ -10,6 +10,7 @@ import (
365 "io"
366 "io/ioutil"
367 "net/http"
368+ "strings"
369 "testing"
370 )
371
372@@ -344,3 +345,54 @@ func TestChildServeReadsEnvVars(t *testing.T) {
373 <-done
374 }
375 }
376+
377+func TestResponseWriterSniffsContentType(t *testing.T) {
378+ var tests = []struct {
379+ name string
380+ body string
381+ wantCT string
382+ }{
383+ {
384+ name: "no body",
385+ wantCT: "text/plain; charset=utf-8",
386+ },
387+ {
388+ name: "html",
389+ body: "<html><head><title>test page</title></head><body>This is a body</body></html>",
390+ wantCT: "text/html; charset=utf-8",
391+ },
392+ {
393+ name: "text",
394+ body: strings.Repeat("gopher", 86),
395+ wantCT: "text/plain; charset=utf-8",
396+ },
397+ {
398+ name: "jpg",
399+ body: "\xFF\xD8\xFF" + strings.Repeat("B", 1024),
400+ wantCT: "image/jpeg",
401+ },
402+ }
403+ for _, tt := range tests {
404+ t.Run(tt.name, func(t *testing.T) {
405+ input := make([]byte, len(streamFullRequestStdin))
406+ copy(input, streamFullRequestStdin)
407+ rc := nopWriteCloser{bytes.NewBuffer(input)}
408+ done := make(chan bool)
409+ var resp *response
410+ c := newChild(rc, http.HandlerFunc(func(
411+ w http.ResponseWriter,
412+ r *http.Request,
413+ ) {
414+ io.WriteString(w, tt.body)
415+ resp = w.(*response)
416+ done <- true
417+ }))
418+ defer c.cleanUp()
419+ go c.serve()
420+ <-done
421+ if got := resp.Header().Get("Content-Type"); got != tt.wantCT {
422+ t.Errorf("got a Content-Type of %q; expected it to start with %q", got, tt.wantCT)
423+ }
424+ })
425+ }
426+}
427--
4282.17.1
429
diff --git a/meta/recipes-devtools/mtd/mtd-utils/0001-mtd-utils-Fix-return-value-of-ubiformat.patch b/meta/recipes-devtools/mtd/mtd-utils/0001-mtd-utils-Fix-return-value-of-ubiformat.patch
new file mode 100644
index 0000000000..d43f7e1a7a
--- /dev/null
+++ b/meta/recipes-devtools/mtd/mtd-utils/0001-mtd-utils-Fix-return-value-of-ubiformat.patch
@@ -0,0 +1,62 @@
1From 4d19bffcfd66e25d3ee74536ae2d2da7ad52e8e2 Mon Sep 17 00:00:00 2001
2From: Barry Grussling <barry@grussling.com>
3Date: Sun, 12 Jan 2020 12:33:32 -0800
4Subject: [PATCH] mtd-utils: Fix return value of ubiformat
5Organization: O.S. Systems Software LTDA.
6
7This changeset fixes a feature regression in ubiformat. Older versions of
8ubiformat, when invoked with a flash-image, would return 0 in the case no error
9was encountered. Upon upgrading to latest, it was discovered that ubiformat
10returned 255 even without encountering an error condition.
11
12This changeset corrects the above issue and causes ubiformat, when given an
13image file, to return 0 when no errors are detected.
14
15Tested by running through my loading scripts and verifying ubiformat returned
160.
17
18Upstream-Status: Backport [2.1.2]
19
20Signed-off-by: Barry Grussling <barry@grussling.com>
21Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
22Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
23---
24 ubi-utils/ubiformat.c | 7 +++++--
25 1 file changed, 5 insertions(+), 2 deletions(-)
26
27diff --git a/ubi-utils/ubiformat.c b/ubi-utils/ubiformat.c
28index a90627c..5377b12 100644
29--- a/ubi-utils/ubiformat.c
30+++ b/ubi-utils/ubiformat.c
31@@ -550,6 +550,7 @@ static int format(libmtd_t libmtd, const struct mtd_dev_info *mtd,
32 struct ubi_vtbl_record *vtbl;
33 int eb1 = -1, eb2 = -1;
34 long long ec1 = -1, ec2 = -1;
35+ int ret = -1;
36
37 write_size = UBI_EC_HDR_SIZE + mtd->subpage_size - 1;
38 write_size /= mtd->subpage_size;
39@@ -643,8 +644,10 @@ static int format(libmtd_t libmtd, const struct mtd_dev_info *mtd,
40 if (!args.quiet && !args.verbose)
41 printf("\n");
42
43- if (novtbl)
44+ if (novtbl) {
45+ ret = 0;
46 goto out_free;
47+ }
48
49 if (eb1 == -1 || eb2 == -1) {
50 errmsg("no eraseblocks for volume table");
51@@ -669,7 +672,7 @@ static int format(libmtd_t libmtd, const struct mtd_dev_info *mtd,
52
53 out_free:
54 free(hdr);
55- return -1;
56+ return ret;
57 }
58
59 int main(int argc, char * const argv[])
60--
612.27.0
62
diff --git a/meta/recipes-devtools/mtd/mtd-utils_git.bb b/meta/recipes-devtools/mtd/mtd-utils_git.bb
index 810fe40f4e..d1658a739b 100644
--- a/meta/recipes-devtools/mtd/mtd-utils_git.bb
+++ b/meta/recipes-devtools/mtd/mtd-utils_git.bb
@@ -15,6 +15,7 @@ PV = "2.1.1"
15SRCREV = "4443221ce9b88440cd9f5bb78e6fe95621d36c8a" 15SRCREV = "4443221ce9b88440cd9f5bb78e6fe95621d36c8a"
16SRC_URI = "git://git.infradead.org/mtd-utils.git \ 16SRC_URI = "git://git.infradead.org/mtd-utils.git \
17 file://add-exclusion-to-mkfs-jffs2-git-2.patch \ 17 file://add-exclusion-to-mkfs-jffs2-git-2.patch \
18 file://0001-mtd-utils-Fix-return-value-of-ubiformat.patch \
18" 19"
19 20
20S = "${WORKDIR}/git/" 21S = "${WORKDIR}/git/"
diff --git a/meta/recipes-devtools/patchelf/patchelf/fix-phdrs.patch b/meta/recipes-devtools/patchelf/patchelf/fix-phdrs.patch
new file mode 100644
index 0000000000..d087bd7855
--- /dev/null
+++ b/meta/recipes-devtools/patchelf/patchelf/fix-phdrs.patch
@@ -0,0 +1,37 @@
1When running patchelf on some existing patchelf'd binaries to change to longer
2RPATHS, ldd would report the binaries as invalid. The output of objdump -x on
3those libraryies should show the top of the .dynamic section is getting trashed,
4something like:
5
60x600000001 0x0000000000429000
70x335000 0x0000000000335000
80xc740 0x000000000000c740
90x1000 0x0000000000009098
10SONAME libglib-2.0.so.0
11
12(which should be RPATH and DT_NEEDED entries)
13
14This was tracked down to the code which injects the PT_LOAD section.
15
16The issue is that if the program headers were previously relocated to the end
17of the file which was how patchelf operated previously, the relocation code
18wouldn't work properly on a second run as it now assumes they're located after
19the elf header. This change forces them back to immediately follow the elf
20header which is where the code has made space for them.
21
22Upstream-Status: Submitted [https://github.com/NixOS/patchelf/pull/202]
23Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
24RP 2020/6/2
25
26Index: git/src/patchelf.cc
27===================================================================
28--- git.orig/src/patchelf.cc
29+++ git/src/patchelf.cc
30@@ -762,6 +762,7 @@ void ElfFile<ElfFileParamNames>::rewrite
31 }
32
33 /* Add a segment that maps the replaced sections into memory. */
34+ wri(hdr->e_phoff, sizeof(Elf_Ehdr));
35 phdrs.resize(rdi(hdr->e_phnum) + 1);
36 wri(hdr->e_phnum, rdi(hdr->e_phnum) + 1);
37 Elf_Phdr & phdr = phdrs[rdi(hdr->e_phnum) - 1];
diff --git a/meta/recipes-devtools/patchelf/patchelf_0.10.bb b/meta/recipes-devtools/patchelf/patchelf_0.10.bb
index cc983e033a..e4a604ec70 100644
--- a/meta/recipes-devtools/patchelf/patchelf_0.10.bb
+++ b/meta/recipes-devtools/patchelf/patchelf_0.10.bb
@@ -1,6 +1,7 @@
1SRC_URI = "https://nixos.org/releases/${BPN}/${BPN}-${PV}/${BPN}-${PV}.tar.bz2 \ 1SRC_URI = "https://nixos.org/releases/${BPN}/${BPN}-${PV}/${BPN}-${PV}.tar.bz2 \
2 file://handle-read-only-files.patch \ 2 file://handle-read-only-files.patch \
3 file://fix-adjusting-startPage.patch \ 3 file://fix-adjusting-startPage.patch \
4 file://fix-phdrs.patch \
4 " 5 "
5 6
6LICENSE = "GPLv3" 7LICENSE = "GPLv3"
diff --git a/meta/recipes-devtools/perl/files/0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch b/meta/recipes-devtools/perl/files/0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch
new file mode 100644
index 0000000000..0f3a2c6327
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch
@@ -0,0 +1,27 @@
1From b0d53cfd785f64002128ac5eecc4aed0663d9c30 Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex.kanavin@gmail.com>
3Date: Thu, 9 Jan 2020 17:26:55 +0100
4Subject: [PATCH] tests: adjust to correctly exclude unbuilt extensions
5
6Issue is reported here:
7https://github.com/arsv/perl-cross/issues/85
8
9Upstream-Status: Inappropriate [issue caused by perl-cross]
10Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
11---
12 t/TEST | 2 +-
13 1 file changed, 1 insertion(+), 1 deletion(-)
14
15diff --git a/t/TEST b/t/TEST
16index a9c844f..8d3505f 100755
17--- a/t/TEST
18+++ b/t/TEST
19@@ -419,7 +419,7 @@ sub _tests_from_manifest {
20 while (<MANI>) {
21 if (m!^((?:cpan|dist|ext)/(\S+)/+(?:[^/\s]+\.t|test\.pl)|lib/\S+?(?:\.t|test\.pl))\s!) {
22 my $t = $1;
23- my $extension = $2;
24+ my $extension = $1."/".$2;
25
26 # XXX Generates way too many error lines currently. Skip for
27 # v5.22
diff --git a/meta/recipes-devtools/perl/files/CVE-2020-10543.patch b/meta/recipes-devtools/perl/files/CVE-2020-10543.patch
new file mode 100644
index 0000000000..36dff0aac9
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2020-10543.patch
@@ -0,0 +1,36 @@
1From 897d1f7fd515b828e4b198d8b8bef76c6faf03ed Mon Sep 17 00:00:00 2001
2From: John Lightsey <jd@cpanel.net>
3Date: Wed, 20 Nov 2019 20:02:45 -0600
4Subject: [PATCH] regcomp.c: Prevent integer overflow from nested regex
5 quantifiers.
6
7(CVE-2020-10543) On 32bit systems the size calculations for nested regular
8expression quantifiers could overflow causing heap memory corruption.
9
10Fixes: Perl/perl5-security#125
11(cherry picked from commit bfd31397db5dc1a5c5d3e0a1f753a4f89a736e71)
12
13Upstream-Status: Backport [https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed]
14CVE: CVE-2020-10543
15Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
16---
17 regcomp.c | 6 ++++++
18 1 file changed, 6 insertions(+)
19
20diff --git a/regcomp.c b/regcomp.c
21index 93c8d98fbb0..5f86be8086d 100644
22--- a/regcomp.c
23+++ b/regcomp.c
24@@ -5489,6 +5489,12 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
25 RExC_precomp)));
26 }
27
28+ if ( ( minnext > 0 && mincount >= SSize_t_MAX / minnext )
29+ || min >= SSize_t_MAX - minnext * mincount )
30+ {
31+ FAIL("Regexp out of space");
32+ }
33+
34 min += minnext * mincount;
35 is_inf_internal |= deltanext == SSize_t_MAX
36 || (maxcount == REG_INFTY && minnext + deltanext > 0);
diff --git a/meta/recipes-devtools/perl/files/CVE-2020-10878_1.patch b/meta/recipes-devtools/perl/files/CVE-2020-10878_1.patch
new file mode 100644
index 0000000000..b86085a551
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2020-10878_1.patch
@@ -0,0 +1,152 @@
1From 0a320d753fe7fca03df259a4dfd8e641e51edaa8 Mon Sep 17 00:00:00 2001
2From: Hugo van der Sanden <hv@crypt.org>
3Date: Tue, 18 Feb 2020 13:51:16 +0000
4Subject: [PATCH] study_chunk: extract rck_elide_nothing
5
6(CVE-2020-10878)
7
8(cherry picked from commit 93dee06613d4e1428fb10905ce1c3c96f53113dc)
9
10Upstream-Status: Backport [https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8]
11CVE: CVE-2020-10878
12Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
13---
14 embed.fnc | 1 +
15 embed.h | 1 +
16 proto.h | 3 +++
17 regcomp.c | 70 ++++++++++++++++++++++++++++++++++---------------------
18 4 files changed, 48 insertions(+), 27 deletions(-)
19
20diff --git a/embed.fnc b/embed.fnc
21index aedb4baef19..d7cd04d3fc3 100644
22--- a/embed.fnc
23+++ b/embed.fnc
24@@ -2481,6 +2481,7 @@ Es |SSize_t|study_chunk |NN RExC_state_t *pRExC_state \
25 |I32 stopparen|U32 recursed_depth \
26 |NULLOK regnode_ssc *and_withp \
27 |U32 flags|U32 depth
28+Es |void |rck_elide_nothing|NN regnode *node
29 EsR |SV * |get_ANYOFM_contents|NN const regnode * n
30 EsRn |U32 |add_data |NN RExC_state_t* const pRExC_state \
31 |NN const char* const s|const U32 n
32diff --git a/embed.h b/embed.h
33index 75c91f77f45..356a8b98d96 100644
34--- a/embed.h
35+++ b/embed.h
36@@ -1208,6 +1208,7 @@
37 #define parse_lparen_question_flags(a) S_parse_lparen_question_flags(aTHX_ a)
38 #define parse_uniprop_string(a,b,c,d,e,f,g,h,i) Perl_parse_uniprop_string(aTHX_ a,b,c,d,e,f,g,h,i)
39 #define populate_ANYOF_from_invlist(a,b) S_populate_ANYOF_from_invlist(aTHX_ a,b)
40+#define rck_elide_nothing(a) S_rck_elide_nothing(aTHX_ a)
41 #define reg(a,b,c,d) S_reg(aTHX_ a,b,c,d)
42 #define reg2Lanode(a,b,c,d) S_reg2Lanode(aTHX_ a,b,c,d)
43 #define reg_node(a,b) S_reg_node(aTHX_ a,b)
44diff --git a/proto.h b/proto.h
45index 141ddbaee6d..f316fe134e1 100644
46--- a/proto.h
47+++ b/proto.h
48@@ -5543,6 +5543,9 @@ PERL_CALLCONV SV * Perl_parse_uniprop_string(pTHX_ const char * const name, cons
49 STATIC void S_populate_ANYOF_from_invlist(pTHX_ regnode *node, SV** invlist_ptr);
50 #define PERL_ARGS_ASSERT_POPULATE_ANYOF_FROM_INVLIST \
51 assert(node); assert(invlist_ptr)
52+STATIC void S_rck_elide_nothing(pTHX_ regnode *node);
53+#define PERL_ARGS_ASSERT_RCK_ELIDE_NOTHING \
54+ assert(node)
55 PERL_STATIC_NO_RET void S_re_croak2(pTHX_ bool utf8, const char* pat1, const char* pat2, ...)
56 __attribute__noreturn__;
57 #define PERL_ARGS_ASSERT_RE_CROAK2 \
58diff --git a/regcomp.c b/regcomp.c
59index 5f86be8086d..4ba2980db66 100644
60--- a/regcomp.c
61+++ b/regcomp.c
62@@ -4450,6 +4450,44 @@ S_unwind_scan_frames(pTHX_ const void *p)
63 } while (f);
64 }
65
66+/* Follow the next-chain of the current node and optimize away
67+ all the NOTHINGs from it.
68+ */
69+STATIC void
70+S_rck_elide_nothing(pTHX_ regnode *node)
71+{
72+ dVAR;
73+
74+ PERL_ARGS_ASSERT_RCK_ELIDE_NOTHING;
75+
76+ if (OP(node) != CURLYX) {
77+ const int max = (reg_off_by_arg[OP(node)]
78+ ? I32_MAX
79+ /* I32 may be smaller than U16 on CRAYs! */
80+ : (I32_MAX < U16_MAX ? I32_MAX : U16_MAX));
81+ int off = (reg_off_by_arg[OP(node)] ? ARG(node) : NEXT_OFF(node));
82+ int noff;
83+ regnode *n = node;
84+
85+ /* Skip NOTHING and LONGJMP. */
86+ while (
87+ (n = regnext(n))
88+ && (
89+ (PL_regkind[OP(n)] == NOTHING && (noff = NEXT_OFF(n)))
90+ || ((OP(n) == LONGJMP) && (noff = ARG(n)))
91+ )
92+ && off + noff < max
93+ ) {
94+ off += noff;
95+ }
96+ if (reg_off_by_arg[OP(node)])
97+ ARG(node) = off;
98+ else
99+ NEXT_OFF(node) = off;
100+ }
101+ return;
102+}
103+
104 /* the return from this sub is the minimum length that could possibly match */
105 STATIC SSize_t
106 S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
107@@ -4550,28 +4588,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
108 */
109 JOIN_EXACT(scan,&min_subtract, &unfolded_multi_char, 0);
110
111- /* Follow the next-chain of the current node and optimize
112- away all the NOTHINGs from it. */
113- if (OP(scan) != CURLYX) {
114- const int max = (reg_off_by_arg[OP(scan)]
115- ? I32_MAX
116- /* I32 may be smaller than U16 on CRAYs! */
117- : (I32_MAX < U16_MAX ? I32_MAX : U16_MAX));
118- int off = (reg_off_by_arg[OP(scan)] ? ARG(scan) : NEXT_OFF(scan));
119- int noff;
120- regnode *n = scan;
121-
122- /* Skip NOTHING and LONGJMP. */
123- while ((n = regnext(n))
124- && ((PL_regkind[OP(n)] == NOTHING && (noff = NEXT_OFF(n)))
125- || ((OP(n) == LONGJMP) && (noff = ARG(n))))
126- && off + noff < max)
127- off += noff;
128- if (reg_off_by_arg[OP(scan)])
129- ARG(scan) = off;
130- else
131- NEXT_OFF(scan) = off;
132- }
133+ /* Follow the next-chain of the current node and optimize
134+ away all the NOTHINGs from it.
135+ */
136+ rck_elide_nothing(scan);
137
138 /* The principal pseudo-switch. Cannot be a switch, since we
139 look into several different things. */
140@@ -5745,11 +5765,7 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n",
141 if (data && (fl & SF_HAS_EVAL))
142 data->flags |= SF_HAS_EVAL;
143 optimize_curly_tail:
144- if (OP(oscan) != CURLYX) {
145- while (PL_regkind[OP(next = regnext(oscan))] == NOTHING
146- && NEXT_OFF(next))
147- NEXT_OFF(oscan) += NEXT_OFF(next);
148- }
149+ rck_elide_nothing(oscan);
150 continue;
151
152 default:
diff --git a/meta/recipes-devtools/perl/files/CVE-2020-10878_2.patch b/meta/recipes-devtools/perl/files/CVE-2020-10878_2.patch
new file mode 100644
index 0000000000..0bacd6b192
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2020-10878_2.patch
@@ -0,0 +1,36 @@
1From 3295b48defa0f8570114877b063fe546dd348b3c Mon Sep 17 00:00:00 2001
2From: Karl Williamson <khw@cpan.org>
3Date: Thu, 20 Feb 2020 17:49:36 +0000
4Subject: [PATCH] regcomp: use long jumps if there is any possibility of
5 overflow
6
7(CVE-2020-10878) Be conservative for backporting, we'll aim to do
8something more aggressive for bleadperl.
9
10(cherry picked from commit 9d7759db46f3b31b1d3f79c44266b6ba42a47fc6)
11
12Upstream-Status: Backport [https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c]
13CVE: CVE-2020-10878
14Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
15---
16 regcomp.c | 7 +++++++
17 1 file changed, 7 insertions(+)
18
19diff --git a/regcomp.c b/regcomp.c
20index 4ba2980db66..73c35a67020 100644
21--- a/regcomp.c
22+++ b/regcomp.c
23@@ -7762,6 +7762,13 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count,
24
25 /* We have that number in RExC_npar */
26 RExC_total_parens = RExC_npar;
27+
28+ /* XXX For backporting, use long jumps if there is any possibility of
29+ * overflow */
30+ if (RExC_size > U16_MAX && ! RExC_use_BRANCHJ) {
31+ RExC_use_BRANCHJ = TRUE;
32+ flags |= RESTART_PARSE;
33+ }
34 }
35 else if (! MUST_RESTART(flags)) {
36 ReREFCNT_dec(Rx);
diff --git a/meta/recipes-devtools/perl/files/encodefix.patch b/meta/recipes-devtools/perl/files/encodefix.patch
new file mode 100644
index 0000000000..396ed0d53e
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/encodefix.patch
@@ -0,0 +1,20 @@
1The code is encoding host compiler parameters into target builds. Avoid
2this for our target builds (patch is target specific, not native)
3
4Upstream-Status: Inappropriate [Cross compile hack]
5RP 2020/2/18
6Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
7
8Index: perl-5.30.1/cpan/Encode/bin/enc2xs
9===================================================================
10--- perl-5.30.1.orig/cpan/Encode/bin/enc2xs
11+++ perl-5.30.1/cpan/Encode/bin/enc2xs
12@@ -195,7 +195,7 @@ sub compiler_info {
13 # above becomes false.
14 my $sized = $declaration && !($compat && !$pedantic);
15
16- return ($cpp, $static, $sized);
17+ return (0, 1, 1);
18 }
19
20
diff --git a/meta/recipes-devtools/perl/files/fix-setgroup.patch b/meta/recipes-devtools/perl/files/fix-setgroup.patch
deleted file mode 100644
index 2b490e6067..0000000000
--- a/meta/recipes-devtools/perl/files/fix-setgroup.patch
+++ /dev/null
@@ -1,49 +0,0 @@
1Test script to reproduce the problem:
2
3#!/usr/bin/env perl
4$) = "2 2";
5print $!;
6
7Result from perl 5.28 under strace:
8
9setgroups(1, [2]) = 0
10setresgid(-1, 2, -1) = 0
11
12Result from perl 5.30 under strace:
13
14setgroups(1, [-1]) = -1 EINVAL (Invalid argument)
15setresgid(-1, 2, -1) = 0
16
17Patch which broke this upstream:
18https://perl5.git.perl.org/perl.git/commitdiff/5d4a52b5c68a11bfc97c2e24806993b84a61eade
19
20Issue is that the new function changes the endptr to the end of the
21scanned number and needs to be reset to the end of the string for
22each iteration of the loop.
23
24[YOCTO #13391]
25
26RP
272019/6/14
28Upstream-Status: Pending
29
30Index: perl-5.30.0/mg.c
31===================================================================
32--- perl-5.30.0.orig/mg.c
33+++ perl-5.30.0/mg.c
34@@ -3179,6 +3256,7 @@ Perl_magic_set(pTHX_ SV *sv, MAGIC *mg)
35 const char *p = SvPV_const(sv, len);
36 Groups_t *gary = NULL;
37 const char* endptr = p + len;
38+ const char* realend = p + len;
39 UV uv;
40 #ifdef _SC_NGROUPS_MAX
41 int maxgrp = sysconf(_SC_NGROUPS_MAX);
42@@ -3209,6 +3287,7 @@ Perl_magic_set(pTHX_ SV *sv, MAGIC *mg)
43 Newx(gary, i + 1, Groups_t);
44 else
45 Renew(gary, i + 1, Groups_t);
46+ endptr = realend;
47 if (grok_atoUV(p, &uv, &endptr))
48 gary[i] = (Groups_t)uv;
49 else {
diff --git a/meta/recipes-devtools/perl/files/perl-configpm-switch.patch b/meta/recipes-devtools/perl/files/perl-configpm-switch.patch
index 3c2cecb8c1..80ce4a6de7 100644
--- a/meta/recipes-devtools/perl/files/perl-configpm-switch.patch
+++ b/meta/recipes-devtools/perl/files/perl-configpm-switch.patch
@@ -1,4 +1,4 @@
1From 7f313cac31c55cbe62a4d0cdfa8321cc05a8eb3a Mon Sep 17 00:00:00 2001 1From 5120acaa2be5787d9657f6b91bc8ee3c2d664fbe Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex.kanavin@gmail.com> 2From: Alexander Kanavin <alex.kanavin@gmail.com>
3Date: Sun, 27 May 2007 21:04:11 +0000 3Date: Sun, 27 May 2007 21:04:11 +0000
4Subject: [PATCH] perl: 5.8.7 -> 5.8.8 (from OE) 4Subject: [PATCH] perl: 5.8.7 -> 5.8.8 (from OE)
@@ -20,7 +20,7 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
20 1 file changed, 16 insertions(+), 2 deletions(-) 20 1 file changed, 16 insertions(+), 2 deletions(-)
21 21
22diff --git a/configpm b/configpm 22diff --git a/configpm b/configpm
23index 09c4a3b..6a0a680 100755 23index c8de8bf..204613c 100755
24--- a/configpm 24--- a/configpm
25+++ b/configpm 25+++ b/configpm
26@@ -687,7 +687,7 @@ sub FETCH { 26@@ -687,7 +687,7 @@ sub FETCH {
diff --git a/meta/recipes-devtools/perl/files/racefix.patch b/meta/recipes-devtools/perl/files/racefix.patch
new file mode 100644
index 0000000000..bac42d26ae
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/racefix.patch
@@ -0,0 +1,24 @@
1In our builds Config_heavy.pl sometimes has lines:
2cwarnflags=XXX
3ccstdflags=XXX
4and sometimes does not.
5The reason is that this information is pulled from cflags by configpm and yet
6there is no dependency in the Makefile. Add one to fix this.
7
8Upstream-Status: Submitted [https://github.com/arsv/perl-cross/pull/89]
9RP 2020/2/19
10Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
11
12Index: perl-5.30.1/Makefile
13===================================================================
14--- perl-5.30.1.orig/Makefile
15+++ perl-5.30.1/Makefile
16@@ -204,7 +204,7 @@ configpod: $(CONFIGPOD)
17 git_version.h lib/Config_git.pl: make_patchnum.pl | miniperl$X
18 ./miniperl_top make_patchnum.pl
19
20-lib/Config.pm lib/Config_heavy.pl lib/Config.pod: config.sh \
21+lib/Config.pm lib/Config_heavy.pl lib/Config.pod: config.sh cflags \
22 lib/Config_git.pl Porting/Glossary | miniperl$X
23 ./miniperl_top configpm
24
diff --git a/meta/recipes-devtools/perl/liberror-perl_0.17028.bb b/meta/recipes-devtools/perl/liberror-perl_0.17029.bb
index 8c6bbcba94..038808f0cd 100644
--- a/meta/recipes-devtools/perl/liberror-perl_0.17028.bb
+++ b/meta/recipes-devtools/perl/liberror-perl_0.17029.bb
@@ -32,8 +32,8 @@ RDEPENDS_${PN}-ptest += " \
32 32
33SRC_URI = "http://cpan.metacpan.org/authors/id/S/SH/SHLOMIF/Error-${PV}.tar.gz" 33SRC_URI = "http://cpan.metacpan.org/authors/id/S/SH/SHLOMIF/Error-${PV}.tar.gz"
34 34
35SRC_URI[md5sum] = "ec3522c60a43a368f19c0f89e2205cb1" 35SRC_URI[md5sum] = "6732b1c6207e4a9a3e2987c88368039a"
36SRC_URI[sha256sum] = "3ad85c5e58b31c8903006298424a51bba39f1840e324f5ae612eabc8b935e960" 36SRC_URI[sha256sum] = "1a23f7913032aed6d4b68321373a3899ca66590f4727391a091ec19c95bf7adc"
37 37
38S = "${WORKDIR}/Error-${PV}" 38S = "${WORKDIR}/Error-${PV}"
39 39
diff --git a/meta/recipes-devtools/perl/libmodule-build-perl/run-ptest b/meta/recipes-devtools/perl/libmodule-build-perl/run-ptest
index 0d63d1513b..d802781f9e 100644
--- a/meta/recipes-devtools/perl/libmodule-build-perl/run-ptest
+++ b/meta/recipes-devtools/perl/libmodule-build-perl/run-ptest
@@ -6,8 +6,6 @@ for case in `find t -type f -name '*.t'`; do
6 cat $case.output 6 cat $case.output
7 if [ $ret -ne 0 ]; then 7 if [ $ret -ne 0 ]; then
8 echo "FAIL: ${case%.t}" 8 echo "FAIL: ${case%.t}"
9 elif grep -i 'SKIP' $case.output; then
10 echo "SKIP: ${case%.t}"
11 else 9 else
12 echo "PASS: ${case%.t}" 10 echo "PASS: ${case%.t}"
13 fi 11 fi
diff --git a/meta/recipes-devtools/perl/libmodule-build-perl_0.4229.bb b/meta/recipes-devtools/perl/libmodule-build-perl_0.4229.bb
index f759f862fb..e3ba40d96c 100644
--- a/meta/recipes-devtools/perl/libmodule-build-perl_0.4229.bb
+++ b/meta/recipes-devtools/perl/libmodule-build-perl_0.4229.bb
@@ -36,7 +36,10 @@ do_patch[postfuncs] += "do_patch_module_build"
36do_install_ptest() { 36do_install_ptest() {
37 cp -r ${B}/inc ${D}${PTEST_PATH} 37 cp -r ${B}/inc ${D}${PTEST_PATH}
38 cp -r ${B}/blib ${D}${PTEST_PATH} 38 cp -r ${B}/blib ${D}${PTEST_PATH}
39 cp -r ${B}/_build ${D}${PTEST_PATH}
40 cp -r ${B}/lib ${D}${PTEST_PATH}
39 chown -R root:root ${D}${PTEST_PATH} 41 chown -R root:root ${D}${PTEST_PATH}
42 sed -i -e "s,'perl' => .*,'perl' => '/usr/bin/perl'\,,g" ${D}${PTEST_PATH}/_build/build_params
40} 43}
41 44
42RDEPENDS_${PN} += " \ 45RDEPENDS_${PN} += " \
diff --git a/meta/recipes-devtools/perl/perl_5.30.0.bb b/meta/recipes-devtools/perl/perl_5.30.1.bb
index 838e52c67b..b633acfcea 100644
--- a/meta/recipes-devtools/perl/perl_5.30.0.bb
+++ b/meta/recipes-devtools/perl/perl_5.30.1.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://Copying;md5=5b122a36d0f6dc55279a0ebc69f3c60b \
8 8
9 9
10SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \ 10SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \
11 https://github.com/arsv/perl-cross/releases/download/1.3/perl-cross-1.3.tar.gz;name=perl-cross \ 11 https://github.com/arsv/perl-cross/releases/download/1.3.1/perl-cross-1.3.1.tar.gz;name=perl-cross \
12 file://perl-rdepends.txt \ 12 file://perl-rdepends.txt \
13 file://0001-configure_tool.sh-do-not-quote-the-argument-to-comma.patch \ 13 file://0001-configure_tool.sh-do-not-quote-the-argument-to-comma.patch \
14 file://0001-ExtUtils-MakeMaker-add-LDFLAGS-when-linking-binary-m.patch \ 14 file://0001-ExtUtils-MakeMaker-add-LDFLAGS-when-linking-binary-m.patch \
@@ -18,19 +18,26 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \
18 file://0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch \ 18 file://0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch \
19 file://perl-dynloader.patch \ 19 file://perl-dynloader.patch \
20 file://0001-configure_path.sh-do-not-hardcode-prefix-lib-as-libr.patch \ 20 file://0001-configure_path.sh-do-not-hardcode-prefix-lib-as-libr.patch \
21 file://fix-setgroup.patch \
22 file://0001-enc2xs-Add-environment-variable-to-suppress-comments.patch \ 21 file://0001-enc2xs-Add-environment-variable-to-suppress-comments.patch \
23 file://0002-Constant-Fix-up-shebang.patch \ 22 file://0002-Constant-Fix-up-shebang.patch \
23 file://0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch \
24 file://determinism.patch \ 24 file://determinism.patch \
25 file://racefix.patch \
26 file://CVE-2020-10543.patch \
27 file://CVE-2020-10878_1.patch \
28 file://CVE-2020-10878_2.patch \
25 " 29 "
26SRC_URI_append_class-native = " \ 30SRC_URI_append_class-native = " \
27 file://perl-configpm-switch.patch \ 31 file://perl-configpm-switch.patch \
28" 32"
33SRC_URI_append_class-target = " \
34 file://encodefix.patch \
35"
29 36
30SRC_URI[perl.md5sum] = "9770584cdf9b5631c38097645ce33549" 37SRC_URI[perl.md5sum] = "6438eb7b8db9bbde28e01086de376a46"
31SRC_URI[perl.sha256sum] = "851213c754d98ccff042caa40ba7a796b2cee88c5325f121be5cbb61bbf975f2" 38SRC_URI[perl.sha256sum] = "bf3d25571ff1ee94186177c2cdef87867fd6a14aa5a84f0b1fb7bf798f42f964"
32SRC_URI[perl-cross.md5sum] = "4dda3daf9c4fe42b3d6a5dd052852a48" 39SRC_URI[perl-cross.md5sum] = "1e463b105cfa56d251a86979af23e3a7"
33SRC_URI[perl-cross.sha256sum] = "49edea1ea2cd6c5c47386ca71beda8d150c748835781354dbe7f75b1df27e703" 40SRC_URI[perl-cross.sha256sum] = "edce0b0c2f725e2db3f203d6d8e9f3f7161256f5d1590551e40694f21200141d"
34 41
35S = "${WORKDIR}/perl-${PV}" 42S = "${WORKDIR}/perl-${PV}"
36 43
@@ -113,6 +120,14 @@ print(datetime.fromtimestamp($SOURCE_DATE_EPOCH, timezone.utc).strftime('%a %b %
113 120
114do_compile() { 121do_compile() {
115 oe_runmake 122 oe_runmake
123 # This isn't generated reliably so delete and re-generate.
124 # https://github.com/arsv/perl-cross/issues/86
125
126 if [ -e pod/perltoc.pod ]; then
127 bbnote Rebuilding perltoc.pod
128 rm -f pod/perltoc.pod
129 oe_runmake pod/perltoc.pod
130 fi
116} 131}
117 132
118do_install() { 133do_install() {
@@ -202,6 +217,7 @@ require perl-ptest.inc
202FILES_${PN} = "${bindir}/perl ${bindir}/perl.real ${bindir}/perl${PV} ${libdir}/libperl.so* \ 217FILES_${PN} = "${bindir}/perl ${bindir}/perl.real ${bindir}/perl${PV} ${libdir}/libperl.so* \
203 ${libdir}/perl5/site_perl \ 218 ${libdir}/perl5/site_perl \
204 ${libdir}/perl5/${PV}/Config.pm \ 219 ${libdir}/perl5/${PV}/Config.pm \
220 ${libdir}/perl5/${PV}/${TARGET_ARCH}-linux/Config.pm \
205 ${libdir}/perl5/${PV}/*/Config_git.pl \ 221 ${libdir}/perl5/${PV}/*/Config_git.pl \
206 ${libdir}/perl5/${PV}/*/Config_heavy-target.pl \ 222 ${libdir}/perl5/${PV}/*/Config_heavy-target.pl \
207 ${libdir}/perl5/config.sh \ 223 ${libdir}/perl5/config.sh \
@@ -210,6 +226,9 @@ FILES_${PN} = "${bindir}/perl ${bindir}/perl.real ${bindir}/perl${PV} ${libdir}/
210 ${libdir}/perl5/${PV}/warnings \ 226 ${libdir}/perl5/${PV}/warnings \
211 ${libdir}/perl5/${PV}/vars.pm \ 227 ${libdir}/perl5/${PV}/vars.pm \
212 ${libdir}/perl5/site_perl \ 228 ${libdir}/perl5/site_perl \
229 ${libdir}/perl5/${PV}/ExtUtils/MANIFEST.SKIP \
230 ${libdir}/perl5/${PV}/ExtUtils/xsubpp \
231 ${libdir}/perl5/${PV}/ExtUtils/typemap \
213 " 232 "
214RPROVIDES_${PN} += "perl-module-strict perl-module-vars perl-module-config perl-module-warnings \ 233RPROVIDES_${PN} += "perl-module-strict perl-module-vars perl-module-config perl-module-warnings \
215 perl-module-warnings-register" 234 perl-module-warnings-register"
@@ -220,9 +239,6 @@ FILES_${PN}-dev_append = " ${libdir}/perl5/${PV}/*/CORE"
220 239
221FILES_${PN}-doc_append = " ${libdir}/perl5/${PV}/Unicode/Collate/*.txt \ 240FILES_${PN}-doc_append = " ${libdir}/perl5/${PV}/Unicode/Collate/*.txt \
222 ${libdir}/perl5/${PV}/*/.packlist \ 241 ${libdir}/perl5/${PV}/*/.packlist \
223 ${libdir}/perl5/${PV}/ExtUtils/MANIFEST.SKIP \
224 ${libdir}/perl5/${PV}/ExtUtils/xsubpp \
225 ${libdir}/perl5/${PV}/ExtUtils/typemap \
226 ${libdir}/perl5/${PV}/Encode/encode.h \ 242 ${libdir}/perl5/${PV}/Encode/encode.h \
227 " 243 "
228PACKAGES += "${PN}-misc" 244PACKAGES += "${PN}-misc"
@@ -258,7 +274,7 @@ python split_perl_packages () {
258 do_split_packages(d, libdir, r'Module/([^\/]*)\.pm', '${PN}-module-%s', 'perl module %s', recursive=True, allow_dirs=False, match_path=True, prepend=False) 274 do_split_packages(d, libdir, r'Module/([^\/]*)\.pm', '${PN}-module-%s', 'perl module %s', recursive=True, allow_dirs=False, match_path=True, prepend=False)
259 do_split_packages(d, libdir, r'Module/([^\/]*)/.*', '${PN}-module-%s', 'perl module %s', recursive=True, allow_dirs=False, match_path=True, prepend=False) 275 do_split_packages(d, libdir, r'Module/([^\/]*)/.*', '${PN}-module-%s', 'perl module %s', recursive=True, allow_dirs=False, match_path=True, prepend=False)
260 do_split_packages(d, libdir, r'.*linux/([^\/].*)\.(pm|pl|e2x)', '${PN}-module-%s', 'perl module %s', recursive=True, allow_dirs=False, match_path=True, prepend=False) 276 do_split_packages(d, libdir, r'.*linux/([^\/].*)\.(pm|pl|e2x)', '${PN}-module-%s', 'perl module %s', recursive=True, allow_dirs=False, match_path=True, prepend=False)
261 do_split_packages(d, libdir, r'(^(?!(CPAN\/|CPANPLUS\/|Module\/|unicore\/)[^\/]).*)\.(pm|pl|e2x)', '${PN}-module-%s', 'perl module %s', recursive=True, allow_dirs=False, match_path=True, prepend=False) 277 do_split_packages(d, libdir, r'(^(?!(CPAN\/|CPANPLUS\/|Module\/|unicore\/|.*linux\/)[^\/]).*)\.(pm|pl|e2x)', '${PN}-module-%s', 'perl module %s', recursive=True, allow_dirs=False, match_path=True, prepend=False)
262 278
263 # perl-modules should recommend every perl module, and only the 279 # perl-modules should recommend every perl module, and only the
264 # modules. Don't attempt to use the result of do_split_packages() as some 280 # modules. Don't attempt to use the result of do_split_packages() as some
diff --git a/meta/recipes-devtools/pseudo/pseudo.inc b/meta/recipes-devtools/pseudo/pseudo.inc
index 7ff8e449e9..50e30064bd 100644
--- a/meta/recipes-devtools/pseudo/pseudo.inc
+++ b/meta/recipes-devtools/pseudo/pseudo.inc
@@ -16,6 +16,7 @@ INSANE_SKIP_${PN}-dbg += "libdir"
16PROVIDES += "virtual/fakeroot" 16PROVIDES += "virtual/fakeroot"
17 17
18MAKEOPTS = "" 18MAKEOPTS = ""
19MAKEOPTS_class-native = "'RPATH=-Wl,--rpath=XORIGIN/../../../sqlite3-native/usr/lib/'"
19 20
20inherit siteinfo pkgconfig 21inherit siteinfo pkgconfig
21 22
@@ -115,6 +116,7 @@ do_install () {
115} 116}
116 117
117do_install_append_class-native () { 118do_install_append_class-native () {
119 chrpath ${D}${bindir}/pseudo -r `chrpath ${D}${bindir}/pseudo | cut -d = -f 2 | sed s/XORIGIN/\\$ORIGIN/`
118 install -d ${D}${sysconfdir} 120 install -d ${D}${sysconfdir}
119 # The fallback files should never be modified 121 # The fallback files should never be modified
120 install -m 444 ${WORKDIR}/fallback-passwd ${D}${sysconfdir}/passwd 122 install -m 444 ${WORKDIR}/fallback-passwd ${D}${sysconfdir}/passwd
diff --git a/meta/recipes-devtools/python-numpy/files/aarch64/_numpyconfig.h b/meta/recipes-devtools/python-numpy/files/aarch64/_numpyconfig.h
deleted file mode 100644
index 109deb0435..0000000000
--- a/meta/recipes-devtools/python-numpy/files/aarch64/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
1#define NPY_HAVE_ENDIAN_H 1
2#define NPY_SIZEOF_SHORT SIZEOF_SHORT
3#define NPY_SIZEOF_INT SIZEOF_INT
4#define NPY_SIZEOF_LONG SIZEOF_LONG
5#define NPY_SIZEOF_FLOAT 4
6#define NPY_SIZEOF_COMPLEX_FLOAT 8
7#define NPY_SIZEOF_DOUBLE 8
8#define NPY_SIZEOF_COMPLEX_DOUBLE 16
9#define NPY_SIZEOF_LONGDOUBLE 16
10#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
11#define NPY_SIZEOF_PY_INTPTR_T 8
12#define NPY_SIZEOF_PY_LONG_LONG 8
13#define NPY_SIZEOF_LONGLONG 8
14#define NPY_SIZEOF_OFF_T 8
15#define NPY_NO_SMP 0
16#define NPY_HAVE_DECL_ISNAN
17#define NPY_HAVE_DECL_ISINF
18#define NPY_HAVE_DECL_ISFINITE
19#define NPY_HAVE_DECL_SIGNBIT
20#define NPY_USE_C99_COMPLEX 1
21#define NPY_HAVE_COMPLEX_DOUBLE 1
22#define NPY_HAVE_COMPLEX_FLOAT 1
23#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
24#define NPY_ENABLE_SEPARATE_COMPILATION 1
25#define NPY_USE_C99_FORMATS 1
26#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
27#define NPY_ABI_VERSION 0x01000009
28#define NPY_API_VERSION 0x0000000A
29
30#ifndef __STDC_FORMAT_MACROS
31#define __STDC_FORMAT_MACROS 1
32#endif
diff --git a/meta/recipes-devtools/python-numpy/files/aarch64/config.h b/meta/recipes-devtools/python-numpy/files/aarch64/config.h
deleted file mode 100644
index c30b868f2f..0000000000
--- a/meta/recipes-devtools/python-numpy/files/aarch64/config.h
+++ /dev/null
@@ -1,139 +0,0 @@
1#define HAVE_ENDIAN_H 1
2#define SIZEOF_PY_INTPTR_T 8
3#define SIZEOF_PY_LONG_LONG 8
4#define MATHLIB m
5#define HAVE_SIN 1
6#define HAVE_COS 1
7#define HAVE_TAN 1
8#define HAVE_SINH 1
9#define HAVE_COSH 1
10#define HAVE_TANH 1
11#define HAVE_FABS 1
12#define HAVE_FLOOR 1
13#define HAVE_CEIL 1
14#define HAVE_SQRT 1
15#define HAVE_LOG10 1
16#define HAVE_LOG 1
17#define HAVE_EXP 1
18#define HAVE_ASIN 1
19#define HAVE_ACOS 1
20#define HAVE_ATAN 1
21#define HAVE_FMOD 1
22#define HAVE_MODF 1
23#define HAVE_FREXP 1
24#define HAVE_LDEXP 1
25#define HAVE_RINT 1
26#define HAVE_TRUNC 1
27#define HAVE_EXP2 1
28#define HAVE_LOG2 1
29#define HAVE_ATAN2 1
30#define HAVE_POW 1
31#define HAVE_NEXTAFTER 1
32#define HAVE_SINF 1
33#define HAVE_COSF 1
34#define HAVE_TANF 1
35#define HAVE_SINHF 1
36#define HAVE_COSHF 1
37#define HAVE_TANHF 1
38#define HAVE_FABSF 1
39#define HAVE_FLOORF 1
40#define HAVE_CEILF 1
41#define HAVE_RINTF 1
42#define HAVE_TRUNCF 1
43#define HAVE_SQRTF 1
44#define HAVE_LOG10F 1
45#define HAVE_LOGF 1
46#define HAVE_LOG1PF 1
47#define HAVE_EXPF 1
48#define HAVE_EXPM1F 1
49#define HAVE_ASINF 1
50#define HAVE_ACOSF 1
51#define HAVE_ATANF 1
52#define HAVE_ASINHF 1
53#define HAVE_ACOSHF 1
54#define HAVE_ATANHF 1
55#define HAVE_HYPOTF 1
56#define HAVE_ATAN2F 1
57#define HAVE_POWF 1
58#define HAVE_FMODF 1
59#define HAVE_MODFF 1
60#define HAVE_FREXPF 1
61#define HAVE_LDEXPF 1
62#define HAVE_EXP2F 1
63#define HAVE_LOG2F 1
64#define HAVE_COPYSIGNF 1
65#define HAVE_NEXTAFTERF 1
66#define HAVE_SINL 1
67#define HAVE_COSL 1
68#define HAVE_TANL 1
69#define HAVE_SINHL 1
70#define HAVE_COSHL 1
71#define HAVE_TANHL 1
72#define HAVE_FABSL 1
73#define HAVE_FLOORL 1
74#define HAVE_CEILL 1
75#define HAVE_RINTL 1
76#define HAVE_TRUNCL 1
77#define HAVE_SQRTL 1
78#define HAVE_LOG10L 1
79#define HAVE_LOGL 1
80#define HAVE_LOG1PL 1
81#define HAVE_EXPL 1
82#define HAVE_EXPM1L 1
83#define HAVE_ASINL 1
84#define HAVE_ACOSL 1
85#define HAVE_ATANL 1
86#define HAVE_ASINHL 1
87#define HAVE_ACOSHL 1
88#define HAVE_ATANHL 1
89#define HAVE_HYPOTL 1
90#define HAVE_ATAN2L 1
91#define HAVE_POWL 1
92#define HAVE_FMODL 1
93#define HAVE_MODFL 1
94#define HAVE_FREXPL 1
95#define HAVE_LDEXPL 1
96#define HAVE_EXP2L 1
97#define HAVE_LOG2L 1
98#define HAVE_COPYSIGNL 1
99#define HAVE_NEXTAFTERL 1
100#define HAVE_DECL_SIGNBIT
101#define HAVE_COMPLEX_H 1
102#define HAVE_CREAL 1
103#define HAVE_CIMAG 1
104#define HAVE_CABS 1
105#define HAVE_CARG 1
106#define HAVE_CEXP 1
107#define HAVE_CSQRT 1
108#define HAVE_CLOG 1
109#define HAVE_CCOS 1
110#define HAVE_CSIN 1
111#define HAVE_CPOW 1
112#define HAVE_CREALF 1
113#define HAVE_CIMAGF 1
114#define HAVE_CABSF 1
115#define HAVE_CARGF 1
116#define HAVE_CEXPF 1
117#define HAVE_CSQRTF 1
118#define HAVE_CLOGF 1
119#define HAVE_CCOSF 1
120#define HAVE_CSINF 1
121#define HAVE_CPOWF 1
122#define HAVE_CREALL 1
123#define HAVE_CIMAGL 1
124#define HAVE_CABSL 1
125#define HAVE_CARGL 1
126#define HAVE_CEXPL 1
127#define HAVE_CSQRTL 1
128#define HAVE_CLOGL 1
129#define HAVE_CCOSL 1
130#define HAVE_CSINL 1
131#define HAVE_CPOWL 1
132#define HAVE_LDOUBLE_IEEE_QUAD_LE 1
133#ifndef __cplusplus
134/* #undef inline */
135#endif
136
137#ifndef _NPY_NPY_CONFIG_H_
138#error config.h should never be included directly, include npy_config.h instead
139#endif
diff --git a/meta/recipes-devtools/python-numpy/files/arm/config.h b/meta/recipes-devtools/python-numpy/files/arm/config.h
deleted file mode 100644
index 17ef186d56..0000000000
--- a/meta/recipes-devtools/python-numpy/files/arm/config.h
+++ /dev/null
@@ -1,21 +0,0 @@
1/* ./src.linux-i686-2.5/numpy/core/include/numpy/config.h */
2/* #define SIZEOF_SHORT 2 */
3/* #define SIZEOF_INT 4 */
4/* #define SIZEOF_LONG 4 */
5/* #define SIZEOF_FLOAT 4 */
6/* #define SIZEOF_DOUBLE 8 */
7#define SIZEOF_LONG_DOUBLE 12
8#define SIZEOF_PY_INTPTR_T 4
9/* #define SIZEOF_LONG_LONG 8 */
10#define SIZEOF_PY_LONG_LONG 8
11/* #define CHAR_BIT 8 */
12#define MATHLIB m
13#define HAVE_FLOAT_FUNCS
14#define HAVE_LOG1P
15#define HAVE_EXPM1
16#define HAVE_INVERSE_HYPERBOLIC
17#define HAVE_INVERSE_HYPERBOLIC_FLOAT
18#define HAVE_ISNAN
19#define HAVE_ISINF
20#define HAVE_RINT
21
diff --git a/meta/recipes-devtools/python-numpy/files/arm/numpyconfig.h b/meta/recipes-devtools/python-numpy/files/arm/numpyconfig.h
deleted file mode 100644
index c4bf6547f0..0000000000
--- a/meta/recipes-devtools/python-numpy/files/arm/numpyconfig.h
+++ /dev/null
@@ -1,17 +0,0 @@
1/* cat ./src.linux-i686-2.5/numpy/core/include/numpy/numpyconfig.h */
2/*
3 * * This file is generated by numpy/core/setup.pyc. DO NOT EDIT
4 * */
5#define NPY_SIZEOF_SHORT 2
6#define NPY_SIZEOF_INT 4
7#define NPY_SIZEOF_LONG 4
8#define NPY_SIZEOF_FLOAT 4
9#define NPY_SIZEOF_DOUBLE 8
10#define NPY_SIZEOF_LONGDOUBLE 12
11#define NPY_SIZEOF_PY_INTPTR_T 4
12#define NPY_NO_SMP 0
13
14#define NPY_SIZEOF_LONGLONG 8
15#define NPY_SIZEOF_PY_LONG_LONG 8
16/* #define CHAR_BIT 8 */
17
diff --git a/meta/recipes-devtools/python-numpy/files/armeb/config.h b/meta/recipes-devtools/python-numpy/files/armeb/config.h
deleted file mode 100644
index 17ef186d56..0000000000
--- a/meta/recipes-devtools/python-numpy/files/armeb/config.h
+++ /dev/null
@@ -1,21 +0,0 @@
1/* ./src.linux-i686-2.5/numpy/core/include/numpy/config.h */
2/* #define SIZEOF_SHORT 2 */
3/* #define SIZEOF_INT 4 */
4/* #define SIZEOF_LONG 4 */
5/* #define SIZEOF_FLOAT 4 */
6/* #define SIZEOF_DOUBLE 8 */
7#define SIZEOF_LONG_DOUBLE 12
8#define SIZEOF_PY_INTPTR_T 4
9/* #define SIZEOF_LONG_LONG 8 */
10#define SIZEOF_PY_LONG_LONG 8
11/* #define CHAR_BIT 8 */
12#define MATHLIB m
13#define HAVE_FLOAT_FUNCS
14#define HAVE_LOG1P
15#define HAVE_EXPM1
16#define HAVE_INVERSE_HYPERBOLIC
17#define HAVE_INVERSE_HYPERBOLIC_FLOAT
18#define HAVE_ISNAN
19#define HAVE_ISINF
20#define HAVE_RINT
21
diff --git a/meta/recipes-devtools/python-numpy/files/armeb/numpyconfig.h b/meta/recipes-devtools/python-numpy/files/armeb/numpyconfig.h
deleted file mode 100644
index c4bf6547f0..0000000000
--- a/meta/recipes-devtools/python-numpy/files/armeb/numpyconfig.h
+++ /dev/null
@@ -1,17 +0,0 @@
1/* cat ./src.linux-i686-2.5/numpy/core/include/numpy/numpyconfig.h */
2/*
3 * * This file is generated by numpy/core/setup.pyc. DO NOT EDIT
4 * */
5#define NPY_SIZEOF_SHORT 2
6#define NPY_SIZEOF_INT 4
7#define NPY_SIZEOF_LONG 4
8#define NPY_SIZEOF_FLOAT 4
9#define NPY_SIZEOF_DOUBLE 8
10#define NPY_SIZEOF_LONGDOUBLE 12
11#define NPY_SIZEOF_PY_INTPTR_T 4
12#define NPY_NO_SMP 0
13
14#define NPY_SIZEOF_LONGLONG 8
15#define NPY_SIZEOF_PY_LONG_LONG 8
16/* #define CHAR_BIT 8 */
17
diff --git a/meta/recipes-devtools/python-numpy/files/mipsarchn32eb/_numpyconfig.h b/meta/recipes-devtools/python-numpy/files/mipsarchn32eb/_numpyconfig.h
deleted file mode 100644
index debb390094..0000000000
--- a/meta/recipes-devtools/python-numpy/files/mipsarchn32eb/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
1#define NPY_HAVE_ENDIAN_H 1
2#define NPY_SIZEOF_SHORT SIZEOF_SHORT
3#define NPY_SIZEOF_INT SIZEOF_INT
4#define NPY_SIZEOF_LONG SIZEOF_LONG
5#define NPY_SIZEOF_FLOAT 4
6#define NPY_SIZEOF_COMPLEX_FLOAT 8
7#define NPY_SIZEOF_DOUBLE 8
8#define NPY_SIZEOF_COMPLEX_DOUBLE 16
9#define NPY_SIZEOF_LONGDOUBLE 16
10#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
11#define NPY_ENABLE_SEPARATE_COMPILATION 1
12#define NPY_SIZEOF_PY_INTPTR_T 8
13#define NPY_SIZEOF_PY_LONG_LONG 8
14#define NPY_SIZEOF_LONGLONG 8
15#define NPY_SIZEOF_OFF_T 8
16#define NPY_NO_SMP 0
17#define NPY_HAVE_DECL_ISNAN
18#define NPY_HAVE_DECL_ISINF
19#define NPY_HAVE_DECL_ISFINITE
20#define NPY_HAVE_DECL_SIGNBIT
21#define NPY_USE_C99_COMPLEX 1
22#define NPY_HAVE_COMPLEX_DOUBLE 1
23#define NPY_HAVE_COMPLEX_FLOAT 1
24#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
25#define NPY_USE_C99_FORMATS 1
26#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
27#define NPY_ABI_VERSION 0x01000009
28#define NPY_API_VERSION 0x0000000A
29
30#ifndef __STDC_FORMAT_MACROS
31#define __STDC_FORMAT_MACROS 1
32#endif
diff --git a/meta/recipes-devtools/python-numpy/files/mipsarchn32eb/config.h b/meta/recipes-devtools/python-numpy/files/mipsarchn32eb/config.h
deleted file mode 100644
index c30b868f2f..0000000000
--- a/meta/recipes-devtools/python-numpy/files/mipsarchn32eb/config.h
+++ /dev/null
@@ -1,139 +0,0 @@
1#define HAVE_ENDIAN_H 1
2#define SIZEOF_PY_INTPTR_T 8
3#define SIZEOF_PY_LONG_LONG 8
4#define MATHLIB m
5#define HAVE_SIN 1
6#define HAVE_COS 1
7#define HAVE_TAN 1
8#define HAVE_SINH 1
9#define HAVE_COSH 1
10#define HAVE_TANH 1
11#define HAVE_FABS 1
12#define HAVE_FLOOR 1
13#define HAVE_CEIL 1
14#define HAVE_SQRT 1
15#define HAVE_LOG10 1
16#define HAVE_LOG 1
17#define HAVE_EXP 1
18#define HAVE_ASIN 1
19#define HAVE_ACOS 1
20#define HAVE_ATAN 1
21#define HAVE_FMOD 1
22#define HAVE_MODF 1
23#define HAVE_FREXP 1
24#define HAVE_LDEXP 1
25#define HAVE_RINT 1
26#define HAVE_TRUNC 1
27#define HAVE_EXP2 1
28#define HAVE_LOG2 1
29#define HAVE_ATAN2 1
30#define HAVE_POW 1
31#define HAVE_NEXTAFTER 1
32#define HAVE_SINF 1
33#define HAVE_COSF 1
34#define HAVE_TANF 1
35#define HAVE_SINHF 1
36#define HAVE_COSHF 1
37#define HAVE_TANHF 1
38#define HAVE_FABSF 1
39#define HAVE_FLOORF 1
40#define HAVE_CEILF 1
41#define HAVE_RINTF 1
42#define HAVE_TRUNCF 1
43#define HAVE_SQRTF 1
44#define HAVE_LOG10F 1
45#define HAVE_LOGF 1
46#define HAVE_LOG1PF 1
47#define HAVE_EXPF 1
48#define HAVE_EXPM1F 1
49#define HAVE_ASINF 1
50#define HAVE_ACOSF 1
51#define HAVE_ATANF 1
52#define HAVE_ASINHF 1
53#define HAVE_ACOSHF 1
54#define HAVE_ATANHF 1
55#define HAVE_HYPOTF 1
56#define HAVE_ATAN2F 1
57#define HAVE_POWF 1
58#define HAVE_FMODF 1
59#define HAVE_MODFF 1
60#define HAVE_FREXPF 1
61#define HAVE_LDEXPF 1
62#define HAVE_EXP2F 1
63#define HAVE_LOG2F 1
64#define HAVE_COPYSIGNF 1
65#define HAVE_NEXTAFTERF 1
66#define HAVE_SINL 1
67#define HAVE_COSL 1
68#define HAVE_TANL 1
69#define HAVE_SINHL 1
70#define HAVE_COSHL 1
71#define HAVE_TANHL 1
72#define HAVE_FABSL 1
73#define HAVE_FLOORL 1
74#define HAVE_CEILL 1
75#define HAVE_RINTL 1
76#define HAVE_TRUNCL 1
77#define HAVE_SQRTL 1
78#define HAVE_LOG10L 1
79#define HAVE_LOGL 1
80#define HAVE_LOG1PL 1
81#define HAVE_EXPL 1
82#define HAVE_EXPM1L 1
83#define HAVE_ASINL 1
84#define HAVE_ACOSL 1
85#define HAVE_ATANL 1
86#define HAVE_ASINHL 1
87#define HAVE_ACOSHL 1
88#define HAVE_ATANHL 1
89#define HAVE_HYPOTL 1
90#define HAVE_ATAN2L 1
91#define HAVE_POWL 1
92#define HAVE_FMODL 1
93#define HAVE_MODFL 1
94#define HAVE_FREXPL 1
95#define HAVE_LDEXPL 1
96#define HAVE_EXP2L 1
97#define HAVE_LOG2L 1
98#define HAVE_COPYSIGNL 1
99#define HAVE_NEXTAFTERL 1
100#define HAVE_DECL_SIGNBIT
101#define HAVE_COMPLEX_H 1
102#define HAVE_CREAL 1
103#define HAVE_CIMAG 1
104#define HAVE_CABS 1
105#define HAVE_CARG 1
106#define HAVE_CEXP 1
107#define HAVE_CSQRT 1
108#define HAVE_CLOG 1
109#define HAVE_CCOS 1
110#define HAVE_CSIN 1
111#define HAVE_CPOW 1
112#define HAVE_CREALF 1
113#define HAVE_CIMAGF 1
114#define HAVE_CABSF 1
115#define HAVE_CARGF 1
116#define HAVE_CEXPF 1
117#define HAVE_CSQRTF 1
118#define HAVE_CLOGF 1
119#define HAVE_CCOSF 1
120#define HAVE_CSINF 1
121#define HAVE_CPOWF 1
122#define HAVE_CREALL 1
123#define HAVE_CIMAGL 1
124#define HAVE_CABSL 1
125#define HAVE_CARGL 1
126#define HAVE_CEXPL 1
127#define HAVE_CSQRTL 1
128#define HAVE_CLOGL 1
129#define HAVE_CCOSL 1
130#define HAVE_CSINL 1
131#define HAVE_CPOWL 1
132#define HAVE_LDOUBLE_IEEE_QUAD_LE 1
133#ifndef __cplusplus
134/* #undef inline */
135#endif
136
137#ifndef _NPY_NPY_CONFIG_H_
138#error config.h should never be included directly, include npy_config.h instead
139#endif
diff --git a/meta/recipes-devtools/python-numpy/files/mipsarchn32el/_numpyconfig.h b/meta/recipes-devtools/python-numpy/files/mipsarchn32el/_numpyconfig.h
deleted file mode 100644
index 8e2b5d0940..0000000000
--- a/meta/recipes-devtools/python-numpy/files/mipsarchn32el/_numpyconfig.h
+++ /dev/null
@@ -1,31 +0,0 @@
1#define NPY_HAVE_ENDIAN_H 1
2#define NPY_SIZEOF_SHORT SIZEOF_SHORT
3#define NPY_SIZEOF_INT SIZEOF_INT
4#define NPY_SIZEOF_LONG SIZEOF_LONG
5#define NPY_SIZEOF_FLOAT 4
6#define NPY_SIZEOF_COMPLEX_FLOAT 8
7#define NPY_SIZEOF_DOUBLE 8
8#define NPY_SIZEOF_COMPLEX_DOUBLE 16
9#define NPY_SIZEOF_LONGDOUBLE 16
10#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
11#define NPY_ENABLE_SEPARATE_COMPILATION 1
12#define NPY_SIZEOF_PY_INTPTR_T 8
13#define NPY_SIZEOF_PY_LONG_LONG 8
14#define NPY_SIZEOF_LONGLONG 8
15#define NPY_NO_SMP 0
16#define NPY_HAVE_DECL_ISNAN
17#define NPY_HAVE_DECL_ISINF
18#define NPY_HAVE_DECL_ISFINITE
19#define NPY_HAVE_DECL_SIGNBIT
20#define NPY_USE_C99_COMPLEX 1
21#define NPY_HAVE_COMPLEX_DOUBLE 1
22#define NPY_HAVE_COMPLEX_FLOAT 1
23#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
24#define NPY_USE_C99_FORMATS 1
25#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
26#define NPY_ABI_VERSION 0x01000009
27#define NPY_API_VERSION 0x0000000A
28
29#ifndef __STDC_FORMAT_MACROS
30#define __STDC_FORMAT_MACROS 1
31#endif
diff --git a/meta/recipes-devtools/python-numpy/files/mipsarchn32el/config.h b/meta/recipes-devtools/python-numpy/files/mipsarchn32el/config.h
deleted file mode 100644
index 48727039ae..0000000000
--- a/meta/recipes-devtools/python-numpy/files/mipsarchn32el/config.h
+++ /dev/null
@@ -1,138 +0,0 @@
1#define SIZEOF_PY_INTPTR_T 8
2#define SIZEOF_PY_LONG_LONG 8
3#define MATHLIB m
4#define HAVE_SIN 1
5#define HAVE_COS 1
6#define HAVE_TAN 1
7#define HAVE_SINH 1
8#define HAVE_COSH 1
9#define HAVE_TANH 1
10#define HAVE_FABS 1
11#define HAVE_FLOOR 1
12#define HAVE_CEIL 1
13#define HAVE_SQRT 1
14#define HAVE_LOG10 1
15#define HAVE_LOG 1
16#define HAVE_EXP 1
17#define HAVE_ASIN 1
18#define HAVE_ACOS 1
19#define HAVE_ATAN 1
20#define HAVE_FMOD 1
21#define HAVE_MODF 1
22#define HAVE_FREXP 1
23#define HAVE_LDEXP 1
24#define HAVE_RINT 1
25#define HAVE_TRUNC 1
26#define HAVE_EXP2 1
27#define HAVE_LOG2 1
28#define HAVE_ATAN2 1
29#define HAVE_POW 1
30#define HAVE_NEXTAFTER 1
31#define HAVE_SINF 1
32#define HAVE_COSF 1
33#define HAVE_TANF 1
34#define HAVE_SINHF 1
35#define HAVE_COSHF 1
36#define HAVE_TANHF 1
37#define HAVE_FABSF 1
38#define HAVE_FLOORF 1
39#define HAVE_CEILF 1
40#define HAVE_RINTF 1
41#define HAVE_TRUNCF 1
42#define HAVE_SQRTF 1
43#define HAVE_LOG10F 1
44#define HAVE_LOGF 1
45#define HAVE_LOG1PF 1
46#define HAVE_EXPF 1
47#define HAVE_EXPM1F 1
48#define HAVE_ASINF 1
49#define HAVE_ACOSF 1
50#define HAVE_ATANF 1
51#define HAVE_ASINHF 1
52#define HAVE_ACOSHF 1
53#define HAVE_ATANHF 1
54#define HAVE_HYPOTF 1
55#define HAVE_ATAN2F 1
56#define HAVE_POWF 1
57#define HAVE_FMODF 1
58#define HAVE_MODFF 1
59#define HAVE_FREXPF 1
60#define HAVE_LDEXPF 1
61#define HAVE_EXP2F 1
62#define HAVE_LOG2F 1
63#define HAVE_COPYSIGNF 1
64#define HAVE_NEXTAFTERF 1
65#define HAVE_SINL 1
66#define HAVE_COSL 1
67#define HAVE_TANL 1
68#define HAVE_SINHL 1
69#define HAVE_COSHL 1
70#define HAVE_TANHL 1
71#define HAVE_FABSL 1
72#define HAVE_FLOORL 1
73#define HAVE_CEILL 1
74#define HAVE_RINTL 1
75#define HAVE_TRUNCL 1
76#define HAVE_SQRTL 1
77#define HAVE_LOG10L 1
78#define HAVE_LOGL 1
79#define HAVE_LOG1PL 1
80#define HAVE_EXPL 1
81#define HAVE_EXPM1L 1
82#define HAVE_ASINL 1
83#define HAVE_ACOSL 1
84#define HAVE_ATANL 1
85#define HAVE_ASINHL 1
86#define HAVE_ACOSHL 1
87#define HAVE_ATANHL 1
88#define HAVE_HYPOTL 1
89#define HAVE_ATAN2L 1
90#define HAVE_POWL 1
91#define HAVE_FMODL 1
92#define HAVE_MODFL 1
93#define HAVE_FREXPL 1
94#define HAVE_LDEXPL 1
95#define HAVE_EXP2L 1
96#define HAVE_LOG2L 1
97#define HAVE_COPYSIGNL 1
98#define HAVE_NEXTAFTERL 1
99#define HAVE_DECL_SIGNBIT
100#define HAVE_COMPLEX_H 1
101#define HAVE_CREAL 1
102#define HAVE_CIMAG 1
103#define HAVE_CABS 1
104#define HAVE_CARG 1
105#define HAVE_CEXP 1
106#define HAVE_CSQRT 1
107#define HAVE_CLOG 1
108#define HAVE_CCOS 1
109#define HAVE_CSIN 1
110#define HAVE_CPOW 1
111#define HAVE_CREALF 1
112#define HAVE_CIMAGF 1
113#define HAVE_CABSF 1
114#define HAVE_CARGF 1
115#define HAVE_CEXPF 1
116#define HAVE_CSQRTF 1
117#define HAVE_CLOGF 1
118#define HAVE_CCOSF 1
119#define HAVE_CSINF 1
120#define HAVE_CPOWF 1
121#define HAVE_CREALL 1
122#define HAVE_CIMAGL 1
123#define HAVE_CABSL 1
124#define HAVE_CARGL 1
125#define HAVE_CEXPL 1
126#define HAVE_CSQRTL 1
127#define HAVE_CLOGL 1
128#define HAVE_CCOSL 1
129#define HAVE_CSINL 1
130#define HAVE_CPOWL 1
131#define HAVE_LDOUBLE_IEEE_QUAD_LE 1
132#ifndef __cplusplus
133/* #undef inline */
134#endif
135
136#ifndef _NPY_NPY_CONFIG_H_
137#error config.h should never be included directly, include npy_config.h instead
138#endif
diff --git a/meta/recipes-devtools/python-numpy/files/mipsarchn64eb/_numpyconfig.h b/meta/recipes-devtools/python-numpy/files/mipsarchn64eb/_numpyconfig.h
deleted file mode 100644
index debb390094..0000000000
--- a/meta/recipes-devtools/python-numpy/files/mipsarchn64eb/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
1#define NPY_HAVE_ENDIAN_H 1
2#define NPY_SIZEOF_SHORT SIZEOF_SHORT
3#define NPY_SIZEOF_INT SIZEOF_INT
4#define NPY_SIZEOF_LONG SIZEOF_LONG
5#define NPY_SIZEOF_FLOAT 4
6#define NPY_SIZEOF_COMPLEX_FLOAT 8
7#define NPY_SIZEOF_DOUBLE 8
8#define NPY_SIZEOF_COMPLEX_DOUBLE 16
9#define NPY_SIZEOF_LONGDOUBLE 16
10#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
11#define NPY_ENABLE_SEPARATE_COMPILATION 1
12#define NPY_SIZEOF_PY_INTPTR_T 8
13#define NPY_SIZEOF_PY_LONG_LONG 8
14#define NPY_SIZEOF_LONGLONG 8
15#define NPY_SIZEOF_OFF_T 8
16#define NPY_NO_SMP 0
17#define NPY_HAVE_DECL_ISNAN
18#define NPY_HAVE_DECL_ISINF
19#define NPY_HAVE_DECL_ISFINITE
20#define NPY_HAVE_DECL_SIGNBIT
21#define NPY_USE_C99_COMPLEX 1
22#define NPY_HAVE_COMPLEX_DOUBLE 1
23#define NPY_HAVE_COMPLEX_FLOAT 1
24#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
25#define NPY_USE_C99_FORMATS 1
26#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
27#define NPY_ABI_VERSION 0x01000009
28#define NPY_API_VERSION 0x0000000A
29
30#ifndef __STDC_FORMAT_MACROS
31#define __STDC_FORMAT_MACROS 1
32#endif
diff --git a/meta/recipes-devtools/python-numpy/files/mipsarchn64eb/config.h b/meta/recipes-devtools/python-numpy/files/mipsarchn64eb/config.h
deleted file mode 100644
index c30b868f2f..0000000000
--- a/meta/recipes-devtools/python-numpy/files/mipsarchn64eb/config.h
+++ /dev/null
@@ -1,139 +0,0 @@
1#define HAVE_ENDIAN_H 1
2#define SIZEOF_PY_INTPTR_T 8
3#define SIZEOF_PY_LONG_LONG 8
4#define MATHLIB m
5#define HAVE_SIN 1
6#define HAVE_COS 1
7#define HAVE_TAN 1
8#define HAVE_SINH 1
9#define HAVE_COSH 1
10#define HAVE_TANH 1
11#define HAVE_FABS 1
12#define HAVE_FLOOR 1
13#define HAVE_CEIL 1
14#define HAVE_SQRT 1
15#define HAVE_LOG10 1
16#define HAVE_LOG 1
17#define HAVE_EXP 1
18#define HAVE_ASIN 1
19#define HAVE_ACOS 1
20#define HAVE_ATAN 1
21#define HAVE_FMOD 1
22#define HAVE_MODF 1
23#define HAVE_FREXP 1
24#define HAVE_LDEXP 1
25#define HAVE_RINT 1
26#define HAVE_TRUNC 1
27#define HAVE_EXP2 1
28#define HAVE_LOG2 1
29#define HAVE_ATAN2 1
30#define HAVE_POW 1
31#define HAVE_NEXTAFTER 1
32#define HAVE_SINF 1
33#define HAVE_COSF 1
34#define HAVE_TANF 1
35#define HAVE_SINHF 1
36#define HAVE_COSHF 1
37#define HAVE_TANHF 1
38#define HAVE_FABSF 1
39#define HAVE_FLOORF 1
40#define HAVE_CEILF 1
41#define HAVE_RINTF 1
42#define HAVE_TRUNCF 1
43#define HAVE_SQRTF 1
44#define HAVE_LOG10F 1
45#define HAVE_LOGF 1
46#define HAVE_LOG1PF 1
47#define HAVE_EXPF 1
48#define HAVE_EXPM1F 1
49#define HAVE_ASINF 1
50#define HAVE_ACOSF 1
51#define HAVE_ATANF 1
52#define HAVE_ASINHF 1
53#define HAVE_ACOSHF 1
54#define HAVE_ATANHF 1
55#define HAVE_HYPOTF 1
56#define HAVE_ATAN2F 1
57#define HAVE_POWF 1
58#define HAVE_FMODF 1
59#define HAVE_MODFF 1
60#define HAVE_FREXPF 1
61#define HAVE_LDEXPF 1
62#define HAVE_EXP2F 1
63#define HAVE_LOG2F 1
64#define HAVE_COPYSIGNF 1
65#define HAVE_NEXTAFTERF 1
66#define HAVE_SINL 1
67#define HAVE_COSL 1
68#define HAVE_TANL 1
69#define HAVE_SINHL 1
70#define HAVE_COSHL 1
71#define HAVE_TANHL 1
72#define HAVE_FABSL 1
73#define HAVE_FLOORL 1
74#define HAVE_CEILL 1
75#define HAVE_RINTL 1
76#define HAVE_TRUNCL 1
77#define HAVE_SQRTL 1
78#define HAVE_LOG10L 1
79#define HAVE_LOGL 1
80#define HAVE_LOG1PL 1
81#define HAVE_EXPL 1
82#define HAVE_EXPM1L 1
83#define HAVE_ASINL 1
84#define HAVE_ACOSL 1
85#define HAVE_ATANL 1
86#define HAVE_ASINHL 1
87#define HAVE_ACOSHL 1
88#define HAVE_ATANHL 1
89#define HAVE_HYPOTL 1
90#define HAVE_ATAN2L 1
91#define HAVE_POWL 1
92#define HAVE_FMODL 1
93#define HAVE_MODFL 1
94#define HAVE_FREXPL 1
95#define HAVE_LDEXPL 1
96#define HAVE_EXP2L 1
97#define HAVE_LOG2L 1
98#define HAVE_COPYSIGNL 1
99#define HAVE_NEXTAFTERL 1
100#define HAVE_DECL_SIGNBIT
101#define HAVE_COMPLEX_H 1
102#define HAVE_CREAL 1
103#define HAVE_CIMAG 1
104#define HAVE_CABS 1
105#define HAVE_CARG 1
106#define HAVE_CEXP 1
107#define HAVE_CSQRT 1
108#define HAVE_CLOG 1
109#define HAVE_CCOS 1
110#define HAVE_CSIN 1
111#define HAVE_CPOW 1
112#define HAVE_CREALF 1
113#define HAVE_CIMAGF 1
114#define HAVE_CABSF 1
115#define HAVE_CARGF 1
116#define HAVE_CEXPF 1
117#define HAVE_CSQRTF 1
118#define HAVE_CLOGF 1
119#define HAVE_CCOSF 1
120#define HAVE_CSINF 1
121#define HAVE_CPOWF 1
122#define HAVE_CREALL 1
123#define HAVE_CIMAGL 1
124#define HAVE_CABSL 1
125#define HAVE_CARGL 1
126#define HAVE_CEXPL 1
127#define HAVE_CSQRTL 1
128#define HAVE_CLOGL 1
129#define HAVE_CCOSL 1
130#define HAVE_CSINL 1
131#define HAVE_CPOWL 1
132#define HAVE_LDOUBLE_IEEE_QUAD_LE 1
133#ifndef __cplusplus
134/* #undef inline */
135#endif
136
137#ifndef _NPY_NPY_CONFIG_H_
138#error config.h should never be included directly, include npy_config.h instead
139#endif
diff --git a/meta/recipes-devtools/python-numpy/files/mipsarchn64el/_numpyconfig.h b/meta/recipes-devtools/python-numpy/files/mipsarchn64el/_numpyconfig.h
deleted file mode 100644
index debb390094..0000000000
--- a/meta/recipes-devtools/python-numpy/files/mipsarchn64el/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
1#define NPY_HAVE_ENDIAN_H 1
2#define NPY_SIZEOF_SHORT SIZEOF_SHORT
3#define NPY_SIZEOF_INT SIZEOF_INT
4#define NPY_SIZEOF_LONG SIZEOF_LONG
5#define NPY_SIZEOF_FLOAT 4
6#define NPY_SIZEOF_COMPLEX_FLOAT 8
7#define NPY_SIZEOF_DOUBLE 8
8#define NPY_SIZEOF_COMPLEX_DOUBLE 16
9#define NPY_SIZEOF_LONGDOUBLE 16
10#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
11#define NPY_ENABLE_SEPARATE_COMPILATION 1
12#define NPY_SIZEOF_PY_INTPTR_T 8
13#define NPY_SIZEOF_PY_LONG_LONG 8
14#define NPY_SIZEOF_LONGLONG 8
15#define NPY_SIZEOF_OFF_T 8
16#define NPY_NO_SMP 0
17#define NPY_HAVE_DECL_ISNAN
18#define NPY_HAVE_DECL_ISINF
19#define NPY_HAVE_DECL_ISFINITE
20#define NPY_HAVE_DECL_SIGNBIT
21#define NPY_USE_C99_COMPLEX 1
22#define NPY_HAVE_COMPLEX_DOUBLE 1
23#define NPY_HAVE_COMPLEX_FLOAT 1
24#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
25#define NPY_USE_C99_FORMATS 1
26#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
27#define NPY_ABI_VERSION 0x01000009
28#define NPY_API_VERSION 0x0000000A
29
30#ifndef __STDC_FORMAT_MACROS
31#define __STDC_FORMAT_MACROS 1
32#endif
diff --git a/meta/recipes-devtools/python-numpy/files/mipsarchn64el/config.h b/meta/recipes-devtools/python-numpy/files/mipsarchn64el/config.h
deleted file mode 100644
index 48727039ae..0000000000
--- a/meta/recipes-devtools/python-numpy/files/mipsarchn64el/config.h
+++ /dev/null
@@ -1,138 +0,0 @@
1#define SIZEOF_PY_INTPTR_T 8
2#define SIZEOF_PY_LONG_LONG 8
3#define MATHLIB m
4#define HAVE_SIN 1
5#define HAVE_COS 1
6#define HAVE_TAN 1
7#define HAVE_SINH 1
8#define HAVE_COSH 1
9#define HAVE_TANH 1
10#define HAVE_FABS 1
11#define HAVE_FLOOR 1
12#define HAVE_CEIL 1
13#define HAVE_SQRT 1
14#define HAVE_LOG10 1
15#define HAVE_LOG 1
16#define HAVE_EXP 1
17#define HAVE_ASIN 1
18#define HAVE_ACOS 1
19#define HAVE_ATAN 1
20#define HAVE_FMOD 1
21#define HAVE_MODF 1
22#define HAVE_FREXP 1
23#define HAVE_LDEXP 1
24#define HAVE_RINT 1
25#define HAVE_TRUNC 1
26#define HAVE_EXP2 1
27#define HAVE_LOG2 1
28#define HAVE_ATAN2 1
29#define HAVE_POW 1
30#define HAVE_NEXTAFTER 1
31#define HAVE_SINF 1
32#define HAVE_COSF 1
33#define HAVE_TANF 1
34#define HAVE_SINHF 1
35#define HAVE_COSHF 1
36#define HAVE_TANHF 1
37#define HAVE_FABSF 1
38#define HAVE_FLOORF 1
39#define HAVE_CEILF 1
40#define HAVE_RINTF 1
41#define HAVE_TRUNCF 1
42#define HAVE_SQRTF 1
43#define HAVE_LOG10F 1
44#define HAVE_LOGF 1
45#define HAVE_LOG1PF 1
46#define HAVE_EXPF 1
47#define HAVE_EXPM1F 1
48#define HAVE_ASINF 1
49#define HAVE_ACOSF 1
50#define HAVE_ATANF 1
51#define HAVE_ASINHF 1
52#define HAVE_ACOSHF 1
53#define HAVE_ATANHF 1
54#define HAVE_HYPOTF 1
55#define HAVE_ATAN2F 1
56#define HAVE_POWF 1
57#define HAVE_FMODF 1
58#define HAVE_MODFF 1
59#define HAVE_FREXPF 1
60#define HAVE_LDEXPF 1
61#define HAVE_EXP2F 1
62#define HAVE_LOG2F 1
63#define HAVE_COPYSIGNF 1
64#define HAVE_NEXTAFTERF 1
65#define HAVE_SINL 1
66#define HAVE_COSL 1
67#define HAVE_TANL 1
68#define HAVE_SINHL 1
69#define HAVE_COSHL 1
70#define HAVE_TANHL 1
71#define HAVE_FABSL 1
72#define HAVE_FLOORL 1
73#define HAVE_CEILL 1
74#define HAVE_RINTL 1
75#define HAVE_TRUNCL 1
76#define HAVE_SQRTL 1
77#define HAVE_LOG10L 1
78#define HAVE_LOGL 1
79#define HAVE_LOG1PL 1
80#define HAVE_EXPL 1
81#define HAVE_EXPM1L 1
82#define HAVE_ASINL 1
83#define HAVE_ACOSL 1
84#define HAVE_ATANL 1
85#define HAVE_ASINHL 1
86#define HAVE_ACOSHL 1
87#define HAVE_ATANHL 1
88#define HAVE_HYPOTL 1
89#define HAVE_ATAN2L 1
90#define HAVE_POWL 1
91#define HAVE_FMODL 1
92#define HAVE_MODFL 1
93#define HAVE_FREXPL 1
94#define HAVE_LDEXPL 1
95#define HAVE_EXP2L 1
96#define HAVE_LOG2L 1
97#define HAVE_COPYSIGNL 1
98#define HAVE_NEXTAFTERL 1
99#define HAVE_DECL_SIGNBIT
100#define HAVE_COMPLEX_H 1
101#define HAVE_CREAL 1
102#define HAVE_CIMAG 1
103#define HAVE_CABS 1
104#define HAVE_CARG 1
105#define HAVE_CEXP 1
106#define HAVE_CSQRT 1
107#define HAVE_CLOG 1
108#define HAVE_CCOS 1
109#define HAVE_CSIN 1
110#define HAVE_CPOW 1
111#define HAVE_CREALF 1
112#define HAVE_CIMAGF 1
113#define HAVE_CABSF 1
114#define HAVE_CARGF 1
115#define HAVE_CEXPF 1
116#define HAVE_CSQRTF 1
117#define HAVE_CLOGF 1
118#define HAVE_CCOSF 1
119#define HAVE_CSINF 1
120#define HAVE_CPOWF 1
121#define HAVE_CREALL 1
122#define HAVE_CIMAGL 1
123#define HAVE_CABSL 1
124#define HAVE_CARGL 1
125#define HAVE_CEXPL 1
126#define HAVE_CSQRTL 1
127#define HAVE_CLOGL 1
128#define HAVE_CCOSL 1
129#define HAVE_CSINL 1
130#define HAVE_CPOWL 1
131#define HAVE_LDOUBLE_IEEE_QUAD_LE 1
132#ifndef __cplusplus
133/* #undef inline */
134#endif
135
136#ifndef _NPY_NPY_CONFIG_H_
137#error config.h should never be included directly, include npy_config.h instead
138#endif
diff --git a/meta/recipes-devtools/python-numpy/files/mipsarcho32eb/_numpyconfig.h b/meta/recipes-devtools/python-numpy/files/mipsarcho32eb/_numpyconfig.h
deleted file mode 100644
index 4c465c216c..0000000000
--- a/meta/recipes-devtools/python-numpy/files/mipsarcho32eb/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
1#define NPY_HAVE_ENDIAN_H 1
2#define NPY_SIZEOF_SHORT SIZEOF_SHORT
3#define NPY_SIZEOF_INT SIZEOF_INT
4#define NPY_SIZEOF_LONG SIZEOF_LONG
5#define NPY_SIZEOF_FLOAT 4
6#define NPY_SIZEOF_COMPLEX_FLOAT 8
7#define NPY_SIZEOF_DOUBLE 8
8#define NPY_SIZEOF_COMPLEX_DOUBLE 16
9#define NPY_SIZEOF_LONGDOUBLE 8
10#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 16
11#define NPY_ENABLE_SEPARATE_COMPILATION 1
12#define NPY_SIZEOF_PY_INTPTR_T 4
13#define NPY_SIZEOF_PY_LONG_LONG 8
14#define NPY_SIZEOF_LONGLONG 8
15#define NPY_SIZEOF_OFF_T 8
16#define NPY_NO_SMP 0
17#define NPY_HAVE_DECL_ISNAN
18#define NPY_HAVE_DECL_ISINF
19#define NPY_HAVE_DECL_ISFINITE
20#define NPY_HAVE_DECL_SIGNBIT
21#define NPY_USE_C99_COMPLEX 1
22#define NPY_HAVE_COMPLEX_DOUBLE 1
23#define NPY_HAVE_COMPLEX_FLOAT 1
24#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
25#define NPY_USE_C99_FORMATS 1
26#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
27#define NPY_ABI_VERSION 0x01000009
28#define NPY_API_VERSION 0x0000000A
29
30#ifndef __STDC_FORMAT_MACROS
31#define __STDC_FORMAT_MACROS 1
32#endif
diff --git a/meta/recipes-devtools/python-numpy/files/mipsarcho32eb/config.h b/meta/recipes-devtools/python-numpy/files/mipsarcho32eb/config.h
deleted file mode 100644
index 2f6135adce..0000000000
--- a/meta/recipes-devtools/python-numpy/files/mipsarcho32eb/config.h
+++ /dev/null
@@ -1,139 +0,0 @@
1#define HAVE_ENDIAN_H 1
2#define SIZEOF_PY_INTPTR_T 4
3#define SIZEOF_PY_LONG_LONG 8
4#define MATHLIB m
5#define HAVE_SIN 1
6#define HAVE_COS 1
7#define HAVE_TAN 1
8#define HAVE_SINH 1
9#define HAVE_COSH 1
10#define HAVE_TANH 1
11#define HAVE_FABS 1
12#define HAVE_FLOOR 1
13#define HAVE_CEIL 1
14#define HAVE_SQRT 1
15#define HAVE_LOG10 1
16#define HAVE_LOG 1
17#define HAVE_EXP 1
18#define HAVE_ASIN 1
19#define HAVE_ACOS 1
20#define HAVE_ATAN 1
21#define HAVE_FMOD 1
22#define HAVE_MODF 1
23#define HAVE_FREXP 1
24#define HAVE_LDEXP 1
25#define HAVE_RINT 1
26#define HAVE_TRUNC 1
27#define HAVE_EXP2 1
28#define HAVE_LOG2 1
29#define HAVE_ATAN2 1
30#define HAVE_POW 1
31#define HAVE_NEXTAFTER 1
32#define HAVE_SINF 1
33#define HAVE_COSF 1
34#define HAVE_TANF 1
35#define HAVE_SINHF 1
36#define HAVE_COSHF 1
37#define HAVE_TANHF 1
38#define HAVE_FABSF 1
39#define HAVE_FLOORF 1
40#define HAVE_CEILF 1
41#define HAVE_RINTF 1
42#define HAVE_TRUNCF 1
43#define HAVE_SQRTF 1
44#define HAVE_LOG10F 1
45#define HAVE_LOGF 1
46#define HAVE_LOG1PF 1
47#define HAVE_EXPF 1
48#define HAVE_EXPM1F 1
49#define HAVE_ASINF 1
50#define HAVE_ACOSF 1
51#define HAVE_ATANF 1
52#define HAVE_ASINHF 1
53#define HAVE_ACOSHF 1
54#define HAVE_ATANHF 1
55#define HAVE_HYPOTF 1
56#define HAVE_ATAN2F 1
57#define HAVE_POWF 1
58#define HAVE_FMODF 1
59#define HAVE_MODFF 1
60#define HAVE_FREXPF 1
61#define HAVE_LDEXPF 1
62#define HAVE_EXP2F 1
63#define HAVE_LOG2F 1
64#define HAVE_COPYSIGNF 1
65#define HAVE_NEXTAFTERF 1
66#define HAVE_SINL 1
67#define HAVE_COSL 1
68#define HAVE_TANL 1
69#define HAVE_SINHL 1
70#define HAVE_COSHL 1
71#define HAVE_TANHL 1
72#define HAVE_FABSL 1
73#define HAVE_FLOORL 1
74#define HAVE_CEILL 1
75#define HAVE_RINTL 1
76#define HAVE_TRUNCL 1
77#define HAVE_SQRTL 1
78#define HAVE_LOG10L 1
79#define HAVE_LOGL 1
80#define HAVE_LOG1PL 1
81#define HAVE_EXPL 1
82#define HAVE_EXPM1L 1
83#define HAVE_ASINL 1
84#define HAVE_ACOSL 1
85#define HAVE_ATANL 1
86#define HAVE_ASINHL 1
87#define HAVE_ACOSHL 1
88#define HAVE_ATANHL 1
89#define HAVE_HYPOTL 1
90#define HAVE_ATAN2L 1
91#define HAVE_POWL 1
92#define HAVE_FMODL 1
93#define HAVE_MODFL 1
94#define HAVE_FREXPL 1
95#define HAVE_LDEXPL 1
96#define HAVE_EXP2L 1
97#define HAVE_LOG2L 1
98#define HAVE_COPYSIGNL 1
99#define HAVE_NEXTAFTERL 1
100#define HAVE_DECL_SIGNBIT
101#define HAVE_COMPLEX_H 1
102#define HAVE_CREAL 1
103#define HAVE_CIMAG 1
104#define HAVE_CABS 1
105#define HAVE_CARG 1
106#define HAVE_CEXP 1
107#define HAVE_CSQRT 1
108#define HAVE_CLOG 1
109#define HAVE_CCOS 1
110#define HAVE_CSIN 1
111#define HAVE_CPOW 1
112#define HAVE_CREALF 1
113#define HAVE_CIMAGF 1
114#define HAVE_CABSF 1
115#define HAVE_CARGF 1
116#define HAVE_CEXPF 1
117#define HAVE_CSQRTF 1
118#define HAVE_CLOGF 1
119#define HAVE_CCOSF 1
120#define HAVE_CSINF 1
121#define HAVE_CPOWF 1
122#define HAVE_CREALL 1
123#define HAVE_CIMAGL 1
124#define HAVE_CABSL 1
125#define HAVE_CARGL 1
126#define HAVE_CEXPL 1
127#define HAVE_CSQRTL 1
128#define HAVE_CLOGL 1
129#define HAVE_CCOSL 1
130#define HAVE_CSINL 1
131#define HAVE_CPOWL 1
132#define HAVE_LDOUBLE_IEEE_DOUBLE_BE 1
133#ifndef __cplusplus
134/* #undef inline */
135#endif
136
137#ifndef _NPY_NPY_CONFIG_H_
138#error config.h should never be included directly, include npy_config.h instead
139#endif
diff --git a/meta/recipes-devtools/python-numpy/files/mipsarcho32el/config.h b/meta/recipes-devtools/python-numpy/files/mipsarcho32el/config.h
deleted file mode 100644
index 17ef186d56..0000000000
--- a/meta/recipes-devtools/python-numpy/files/mipsarcho32el/config.h
+++ /dev/null
@@ -1,21 +0,0 @@
1/* ./src.linux-i686-2.5/numpy/core/include/numpy/config.h */
2/* #define SIZEOF_SHORT 2 */
3/* #define SIZEOF_INT 4 */
4/* #define SIZEOF_LONG 4 */
5/* #define SIZEOF_FLOAT 4 */
6/* #define SIZEOF_DOUBLE 8 */
7#define SIZEOF_LONG_DOUBLE 12
8#define SIZEOF_PY_INTPTR_T 4
9/* #define SIZEOF_LONG_LONG 8 */
10#define SIZEOF_PY_LONG_LONG 8
11/* #define CHAR_BIT 8 */
12#define MATHLIB m
13#define HAVE_FLOAT_FUNCS
14#define HAVE_LOG1P
15#define HAVE_EXPM1
16#define HAVE_INVERSE_HYPERBOLIC
17#define HAVE_INVERSE_HYPERBOLIC_FLOAT
18#define HAVE_ISNAN
19#define HAVE_ISINF
20#define HAVE_RINT
21
diff --git a/meta/recipes-devtools/python-numpy/files/mipsarcho32el/numpyconfig.h b/meta/recipes-devtools/python-numpy/files/mipsarcho32el/numpyconfig.h
deleted file mode 100644
index 0b7cd51af4..0000000000
--- a/meta/recipes-devtools/python-numpy/files/mipsarcho32el/numpyconfig.h
+++ /dev/null
@@ -1,18 +0,0 @@
1/* cat ./src.linux-i686-2.5/numpy/core/include/numpy/numpyconfig.h */
2/*
3 * * This file is generated by numpy/core/setup.pyc. DO NOT EDIT
4 * */
5#define NPY_SIZEOF_SHORT 2
6#define NPY_SIZEOF_INT 4
7#define NPY_SIZEOF_LONG 4
8#define NPY_SIZEOF_FLOAT 4
9#define NPY_SIZEOF_DOUBLE 8
10#define NPY_SIZEOF_LONGDOUBLE 12
11#define NPY_SIZEOF_PY_INTPTR_T 4
12#define NPY_NO_SMP 0
13
14#define NPY_SIZEOF_LONGLONG 8
15#define NPY_SIZEOF_PY_LONG_LONG 8
16#define NPY_SIZEOF_OFF_T 8
17/* #define CHAR_BIT 8 */
18
diff --git a/meta/recipes-devtools/python-numpy/files/powerpc/_numpyconfig.h b/meta/recipes-devtools/python-numpy/files/powerpc/_numpyconfig.h
deleted file mode 100644
index 6e7262ad91..0000000000
--- a/meta/recipes-devtools/python-numpy/files/powerpc/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
1#define NPY_HAVE_ENDIAN_H 1
2#define NPY_SIZEOF_SHORT SIZEOF_SHORT
3#define NPY_SIZEOF_INT SIZEOF_INT
4#define NPY_SIZEOF_LONG SIZEOF_LONG
5#define NPY_SIZEOF_FLOAT 4
6#define NPY_SIZEOF_COMPLEX_FLOAT 8
7#define NPY_SIZEOF_DOUBLE 8
8#define NPY_SIZEOF_COMPLEX_DOUBLE 16
9#define NPY_SIZEOF_LONGDOUBLE 16
10#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
11#define NPY_ENABLE_SEPARATE_COMPILATION 1
12#define NPY_SIZEOF_PY_INTPTR_T 4
13#define NPY_SIZEOF_PY_LONG_LONG 8
14#define NPY_SIZEOF_LONGLONG 8
15#define NPY_SIZEOF_OFF_T 8
16#define NPY_NO_SMP 0
17#define NPY_HAVE_DECL_ISNAN
18#define NPY_HAVE_DECL_ISINF
19#define NPY_HAVE_DECL_ISFINITE
20#define NPY_HAVE_DECL_SIGNBIT
21#define NPY_USE_C99_COMPLEX 1
22#define NPY_HAVE_COMPLEX_DOUBLE 1
23#define NPY_HAVE_COMPLEX_FLOAT 1
24#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
25#define NPY_USE_C99_FORMATS 1
26#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
27#define NPY_ABI_VERSION 0x01000009
28#define NPY_API_VERSION 0x0000000A
29
30#ifndef __STDC_FORMAT_MACROS
31#define __STDC_FORMAT_MACROS 1
32#endif
diff --git a/meta/recipes-devtools/python-numpy/files/powerpc/config.h b/meta/recipes-devtools/python-numpy/files/powerpc/config.h
deleted file mode 100644
index f65d39d5de..0000000000
--- a/meta/recipes-devtools/python-numpy/files/powerpc/config.h
+++ /dev/null
@@ -1,139 +0,0 @@
1#define HAVE_ENDIAN_H 1
2#define SIZEOF_PY_INTPTR_T 4
3#define SIZEOF_PY_LONG_LONG 8
4#define MATHLIB m
5#define HAVE_SIN 1
6#define HAVE_COS 1
7#define HAVE_TAN 1
8#define HAVE_SINH 1
9#define HAVE_COSH 1
10#define HAVE_TANH 1
11#define HAVE_FABS 1
12#define HAVE_FLOOR 1
13#define HAVE_CEIL 1
14#define HAVE_SQRT 1
15#define HAVE_LOG10 1
16#define HAVE_LOG 1
17#define HAVE_EXP 1
18#define HAVE_ASIN 1
19#define HAVE_ACOS 1
20#define HAVE_ATAN 1
21#define HAVE_FMOD 1
22#define HAVE_MODF 1
23#define HAVE_FREXP 1
24#define HAVE_LDEXP 1
25#define HAVE_RINT 1
26#define HAVE_TRUNC 1
27#define HAVE_EXP2 1
28#define HAVE_LOG2 1
29#define HAVE_ATAN2 1
30#define HAVE_POW 1
31#define HAVE_NEXTAFTER 1
32#define HAVE_SINF 1
33#define HAVE_COSF 1
34#define HAVE_TANF 1
35#define HAVE_SINHF 1
36#define HAVE_COSHF 1
37#define HAVE_TANHF 1
38#define HAVE_FABSF 1
39#define HAVE_FLOORF 1
40#define HAVE_CEILF 1
41#define HAVE_RINTF 1
42#define HAVE_TRUNCF 1
43#define HAVE_SQRTF 1
44#define HAVE_LOG10F 1
45#define HAVE_LOGF 1
46#define HAVE_LOG1PF 1
47#define HAVE_EXPF 1
48#define HAVE_EXPM1F 1
49#define HAVE_ASINF 1
50#define HAVE_ACOSF 1
51#define HAVE_ATANF 1
52#define HAVE_ASINHF 1
53#define HAVE_ACOSHF 1
54#define HAVE_ATANHF 1
55#define HAVE_HYPOTF 1
56#define HAVE_ATAN2F 1
57#define HAVE_POWF 1
58#define HAVE_FMODF 1
59#define HAVE_MODFF 1
60#define HAVE_FREXPF 1
61#define HAVE_LDEXPF 1
62#define HAVE_EXP2F 1
63#define HAVE_LOG2F 1
64#define HAVE_COPYSIGNF 1
65#define HAVE_NEXTAFTERF 1
66#define HAVE_SINL 1
67#define HAVE_COSL 1
68#define HAVE_TANL 1
69#define HAVE_SINHL 1
70#define HAVE_COSHL 1
71#define HAVE_TANHL 1
72#define HAVE_FABSL 1
73#define HAVE_FLOORL 1
74#define HAVE_CEILL 1
75#define HAVE_RINTL 1
76#define HAVE_TRUNCL 1
77#define HAVE_SQRTL 1
78#define HAVE_LOG10L 1
79#define HAVE_LOGL 1
80#define HAVE_LOG1PL 1
81#define HAVE_EXPL 1
82#define HAVE_EXPM1L 1
83#define HAVE_ASINL 1
84#define HAVE_ACOSL 1
85#define HAVE_ATANL 1
86#define HAVE_ASINHL 1
87#define HAVE_ACOSHL 1
88#define HAVE_ATANHL 1
89#define HAVE_HYPOTL 1
90#define HAVE_ATAN2L 1
91#define HAVE_POWL 1
92#define HAVE_FMODL 1
93#define HAVE_MODFL 1
94#define HAVE_FREXPL 1
95#define HAVE_LDEXPL 1
96#define HAVE_EXP2L 1
97#define HAVE_LOG2L 1
98#define HAVE_COPYSIGNL 1
99#define HAVE_NEXTAFTERL 1
100#define HAVE_DECL_SIGNBIT
101#define HAVE_COMPLEX_H 1
102#define HAVE_CREAL 1
103#define HAVE_CIMAG 1
104#define HAVE_CABS 1
105#define HAVE_CARG 1
106#define HAVE_CEXP 1
107#define HAVE_CSQRT 1
108#define HAVE_CLOG 1
109#define HAVE_CCOS 1
110#define HAVE_CSIN 1
111#define HAVE_CPOW 1
112#define HAVE_CREALF 1
113#define HAVE_CIMAGF 1
114#define HAVE_CABSF 1
115#define HAVE_CARGF 1
116#define HAVE_CEXPF 1
117#define HAVE_CSQRTF 1
118#define HAVE_CLOGF 1
119#define HAVE_CCOSF 1
120#define HAVE_CSINF 1
121#define HAVE_CPOWF 1
122#define HAVE_CREALL 1
123#define HAVE_CIMAGL 1
124#define HAVE_CABSL 1
125#define HAVE_CARGL 1
126#define HAVE_CEXPL 1
127#define HAVE_CSQRTL 1
128#define HAVE_CLOGL 1
129#define HAVE_CCOSL 1
130#define HAVE_CSINL 1
131#define HAVE_CPOWL 1
132#define HAVE_LDOUBLE_DOUBLE_DOUBLE_BE 1
133#ifndef __cplusplus
134/* #undef inline */
135#endif
136
137#ifndef _NPY_NPY_CONFIG_H_
138#error config.h should never be included directly, include npy_config.h instead
139#endif
diff --git a/meta/recipes-devtools/python-numpy/files/powerpc64/_numpyconfig.h b/meta/recipes-devtools/python-numpy/files/powerpc64/_numpyconfig.h
deleted file mode 100644
index debb390094..0000000000
--- a/meta/recipes-devtools/python-numpy/files/powerpc64/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
1#define NPY_HAVE_ENDIAN_H 1
2#define NPY_SIZEOF_SHORT SIZEOF_SHORT
3#define NPY_SIZEOF_INT SIZEOF_INT
4#define NPY_SIZEOF_LONG SIZEOF_LONG
5#define NPY_SIZEOF_FLOAT 4
6#define NPY_SIZEOF_COMPLEX_FLOAT 8
7#define NPY_SIZEOF_DOUBLE 8
8#define NPY_SIZEOF_COMPLEX_DOUBLE 16
9#define NPY_SIZEOF_LONGDOUBLE 16
10#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
11#define NPY_ENABLE_SEPARATE_COMPILATION 1
12#define NPY_SIZEOF_PY_INTPTR_T 8
13#define NPY_SIZEOF_PY_LONG_LONG 8
14#define NPY_SIZEOF_LONGLONG 8
15#define NPY_SIZEOF_OFF_T 8
16#define NPY_NO_SMP 0
17#define NPY_HAVE_DECL_ISNAN
18#define NPY_HAVE_DECL_ISINF
19#define NPY_HAVE_DECL_ISFINITE
20#define NPY_HAVE_DECL_SIGNBIT
21#define NPY_USE_C99_COMPLEX 1
22#define NPY_HAVE_COMPLEX_DOUBLE 1
23#define NPY_HAVE_COMPLEX_FLOAT 1
24#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
25#define NPY_USE_C99_FORMATS 1
26#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
27#define NPY_ABI_VERSION 0x01000009
28#define NPY_API_VERSION 0x0000000A
29
30#ifndef __STDC_FORMAT_MACROS
31#define __STDC_FORMAT_MACROS 1
32#endif
diff --git a/meta/recipes-devtools/python-numpy/files/powerpc64/config.h b/meta/recipes-devtools/python-numpy/files/powerpc64/config.h
deleted file mode 100644
index c30b868f2f..0000000000
--- a/meta/recipes-devtools/python-numpy/files/powerpc64/config.h
+++ /dev/null
@@ -1,139 +0,0 @@
1#define HAVE_ENDIAN_H 1
2#define SIZEOF_PY_INTPTR_T 8
3#define SIZEOF_PY_LONG_LONG 8
4#define MATHLIB m
5#define HAVE_SIN 1
6#define HAVE_COS 1
7#define HAVE_TAN 1
8#define HAVE_SINH 1
9#define HAVE_COSH 1
10#define HAVE_TANH 1
11#define HAVE_FABS 1
12#define HAVE_FLOOR 1
13#define HAVE_CEIL 1
14#define HAVE_SQRT 1
15#define HAVE_LOG10 1
16#define HAVE_LOG 1
17#define HAVE_EXP 1
18#define HAVE_ASIN 1
19#define HAVE_ACOS 1
20#define HAVE_ATAN 1
21#define HAVE_FMOD 1
22#define HAVE_MODF 1
23#define HAVE_FREXP 1
24#define HAVE_LDEXP 1
25#define HAVE_RINT 1
26#define HAVE_TRUNC 1
27#define HAVE_EXP2 1
28#define HAVE_LOG2 1
29#define HAVE_ATAN2 1
30#define HAVE_POW 1
31#define HAVE_NEXTAFTER 1
32#define HAVE_SINF 1
33#define HAVE_COSF 1
34#define HAVE_TANF 1
35#define HAVE_SINHF 1
36#define HAVE_COSHF 1
37#define HAVE_TANHF 1
38#define HAVE_FABSF 1
39#define HAVE_FLOORF 1
40#define HAVE_CEILF 1
41#define HAVE_RINTF 1
42#define HAVE_TRUNCF 1
43#define HAVE_SQRTF 1
44#define HAVE_LOG10F 1
45#define HAVE_LOGF 1
46#define HAVE_LOG1PF 1
47#define HAVE_EXPF 1
48#define HAVE_EXPM1F 1
49#define HAVE_ASINF 1
50#define HAVE_ACOSF 1
51#define HAVE_ATANF 1
52#define HAVE_ASINHF 1
53#define HAVE_ACOSHF 1
54#define HAVE_ATANHF 1
55#define HAVE_HYPOTF 1
56#define HAVE_ATAN2F 1
57#define HAVE_POWF 1
58#define HAVE_FMODF 1
59#define HAVE_MODFF 1
60#define HAVE_FREXPF 1
61#define HAVE_LDEXPF 1
62#define HAVE_EXP2F 1
63#define HAVE_LOG2F 1
64#define HAVE_COPYSIGNF 1
65#define HAVE_NEXTAFTERF 1
66#define HAVE_SINL 1
67#define HAVE_COSL 1
68#define HAVE_TANL 1
69#define HAVE_SINHL 1
70#define HAVE_COSHL 1
71#define HAVE_TANHL 1
72#define HAVE_FABSL 1
73#define HAVE_FLOORL 1
74#define HAVE_CEILL 1
75#define HAVE_RINTL 1
76#define HAVE_TRUNCL 1
77#define HAVE_SQRTL 1
78#define HAVE_LOG10L 1
79#define HAVE_LOGL 1
80#define HAVE_LOG1PL 1
81#define HAVE_EXPL 1
82#define HAVE_EXPM1L 1
83#define HAVE_ASINL 1
84#define HAVE_ACOSL 1
85#define HAVE_ATANL 1
86#define HAVE_ASINHL 1
87#define HAVE_ACOSHL 1
88#define HAVE_ATANHL 1
89#define HAVE_HYPOTL 1
90#define HAVE_ATAN2L 1
91#define HAVE_POWL 1
92#define HAVE_FMODL 1
93#define HAVE_MODFL 1
94#define HAVE_FREXPL 1
95#define HAVE_LDEXPL 1
96#define HAVE_EXP2L 1
97#define HAVE_LOG2L 1
98#define HAVE_COPYSIGNL 1
99#define HAVE_NEXTAFTERL 1
100#define HAVE_DECL_SIGNBIT
101#define HAVE_COMPLEX_H 1
102#define HAVE_CREAL 1
103#define HAVE_CIMAG 1
104#define HAVE_CABS 1
105#define HAVE_CARG 1
106#define HAVE_CEXP 1
107#define HAVE_CSQRT 1
108#define HAVE_CLOG 1
109#define HAVE_CCOS 1
110#define HAVE_CSIN 1
111#define HAVE_CPOW 1
112#define HAVE_CREALF 1
113#define HAVE_CIMAGF 1
114#define HAVE_CABSF 1
115#define HAVE_CARGF 1
116#define HAVE_CEXPF 1
117#define HAVE_CSQRTF 1
118#define HAVE_CLOGF 1
119#define HAVE_CCOSF 1
120#define HAVE_CSINF 1
121#define HAVE_CPOWF 1
122#define HAVE_CREALL 1
123#define HAVE_CIMAGL 1
124#define HAVE_CABSL 1
125#define HAVE_CARGL 1
126#define HAVE_CEXPL 1
127#define HAVE_CSQRTL 1
128#define HAVE_CLOGL 1
129#define HAVE_CCOSL 1
130#define HAVE_CSINL 1
131#define HAVE_CPOWL 1
132#define HAVE_LDOUBLE_IEEE_QUAD_LE 1
133#ifndef __cplusplus
134/* #undef inline */
135#endif
136
137#ifndef _NPY_NPY_CONFIG_H_
138#error config.h should never be included directly, include npy_config.h instead
139#endif
diff --git a/meta/recipes-devtools/python-numpy/files/riscv64/_numpyconfig.h b/meta/recipes-devtools/python-numpy/files/riscv64/_numpyconfig.h
deleted file mode 100644
index 109deb0435..0000000000
--- a/meta/recipes-devtools/python-numpy/files/riscv64/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
1#define NPY_HAVE_ENDIAN_H 1
2#define NPY_SIZEOF_SHORT SIZEOF_SHORT
3#define NPY_SIZEOF_INT SIZEOF_INT
4#define NPY_SIZEOF_LONG SIZEOF_LONG
5#define NPY_SIZEOF_FLOAT 4
6#define NPY_SIZEOF_COMPLEX_FLOAT 8
7#define NPY_SIZEOF_DOUBLE 8
8#define NPY_SIZEOF_COMPLEX_DOUBLE 16
9#define NPY_SIZEOF_LONGDOUBLE 16
10#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
11#define NPY_SIZEOF_PY_INTPTR_T 8
12#define NPY_SIZEOF_PY_LONG_LONG 8
13#define NPY_SIZEOF_LONGLONG 8
14#define NPY_SIZEOF_OFF_T 8
15#define NPY_NO_SMP 0
16#define NPY_HAVE_DECL_ISNAN
17#define NPY_HAVE_DECL_ISINF
18#define NPY_HAVE_DECL_ISFINITE
19#define NPY_HAVE_DECL_SIGNBIT
20#define NPY_USE_C99_COMPLEX 1
21#define NPY_HAVE_COMPLEX_DOUBLE 1
22#define NPY_HAVE_COMPLEX_FLOAT 1
23#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
24#define NPY_ENABLE_SEPARATE_COMPILATION 1
25#define NPY_USE_C99_FORMATS 1
26#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
27#define NPY_ABI_VERSION 0x01000009
28#define NPY_API_VERSION 0x0000000A
29
30#ifndef __STDC_FORMAT_MACROS
31#define __STDC_FORMAT_MACROS 1
32#endif
diff --git a/meta/recipes-devtools/python-numpy/files/riscv64/config.h b/meta/recipes-devtools/python-numpy/files/riscv64/config.h
deleted file mode 100644
index c30b868f2f..0000000000
--- a/meta/recipes-devtools/python-numpy/files/riscv64/config.h
+++ /dev/null
@@ -1,139 +0,0 @@
1#define HAVE_ENDIAN_H 1
2#define SIZEOF_PY_INTPTR_T 8
3#define SIZEOF_PY_LONG_LONG 8
4#define MATHLIB m
5#define HAVE_SIN 1
6#define HAVE_COS 1
7#define HAVE_TAN 1
8#define HAVE_SINH 1
9#define HAVE_COSH 1
10#define HAVE_TANH 1
11#define HAVE_FABS 1
12#define HAVE_FLOOR 1
13#define HAVE_CEIL 1
14#define HAVE_SQRT 1
15#define HAVE_LOG10 1
16#define HAVE_LOG 1
17#define HAVE_EXP 1
18#define HAVE_ASIN 1
19#define HAVE_ACOS 1
20#define HAVE_ATAN 1
21#define HAVE_FMOD 1
22#define HAVE_MODF 1
23#define HAVE_FREXP 1
24#define HAVE_LDEXP 1
25#define HAVE_RINT 1
26#define HAVE_TRUNC 1
27#define HAVE_EXP2 1
28#define HAVE_LOG2 1
29#define HAVE_ATAN2 1
30#define HAVE_POW 1
31#define HAVE_NEXTAFTER 1
32#define HAVE_SINF 1
33#define HAVE_COSF 1
34#define HAVE_TANF 1
35#define HAVE_SINHF 1
36#define HAVE_COSHF 1
37#define HAVE_TANHF 1
38#define HAVE_FABSF 1
39#define HAVE_FLOORF 1
40#define HAVE_CEILF 1
41#define HAVE_RINTF 1
42#define HAVE_TRUNCF 1
43#define HAVE_SQRTF 1
44#define HAVE_LOG10F 1
45#define HAVE_LOGF 1
46#define HAVE_LOG1PF 1
47#define HAVE_EXPF 1
48#define HAVE_EXPM1F 1
49#define HAVE_ASINF 1
50#define HAVE_ACOSF 1
51#define HAVE_ATANF 1
52#define HAVE_ASINHF 1
53#define HAVE_ACOSHF 1
54#define HAVE_ATANHF 1
55#define HAVE_HYPOTF 1
56#define HAVE_ATAN2F 1
57#define HAVE_POWF 1
58#define HAVE_FMODF 1
59#define HAVE_MODFF 1
60#define HAVE_FREXPF 1
61#define HAVE_LDEXPF 1
62#define HAVE_EXP2F 1
63#define HAVE_LOG2F 1
64#define HAVE_COPYSIGNF 1
65#define HAVE_NEXTAFTERF 1
66#define HAVE_SINL 1
67#define HAVE_COSL 1
68#define HAVE_TANL 1
69#define HAVE_SINHL 1
70#define HAVE_COSHL 1
71#define HAVE_TANHL 1
72#define HAVE_FABSL 1
73#define HAVE_FLOORL 1
74#define HAVE_CEILL 1
75#define HAVE_RINTL 1
76#define HAVE_TRUNCL 1
77#define HAVE_SQRTL 1
78#define HAVE_LOG10L 1
79#define HAVE_LOGL 1
80#define HAVE_LOG1PL 1
81#define HAVE_EXPL 1
82#define HAVE_EXPM1L 1
83#define HAVE_ASINL 1
84#define HAVE_ACOSL 1
85#define HAVE_ATANL 1
86#define HAVE_ASINHL 1
87#define HAVE_ACOSHL 1
88#define HAVE_ATANHL 1
89#define HAVE_HYPOTL 1
90#define HAVE_ATAN2L 1
91#define HAVE_POWL 1
92#define HAVE_FMODL 1
93#define HAVE_MODFL 1
94#define HAVE_FREXPL 1
95#define HAVE_LDEXPL 1
96#define HAVE_EXP2L 1
97#define HAVE_LOG2L 1
98#define HAVE_COPYSIGNL 1
99#define HAVE_NEXTAFTERL 1
100#define HAVE_DECL_SIGNBIT
101#define HAVE_COMPLEX_H 1
102#define HAVE_CREAL 1
103#define HAVE_CIMAG 1
104#define HAVE_CABS 1
105#define HAVE_CARG 1
106#define HAVE_CEXP 1
107#define HAVE_CSQRT 1
108#define HAVE_CLOG 1
109#define HAVE_CCOS 1
110#define HAVE_CSIN 1
111#define HAVE_CPOW 1
112#define HAVE_CREALF 1
113#define HAVE_CIMAGF 1
114#define HAVE_CABSF 1
115#define HAVE_CARGF 1
116#define HAVE_CEXPF 1
117#define HAVE_CSQRTF 1
118#define HAVE_CLOGF 1
119#define HAVE_CCOSF 1
120#define HAVE_CSINF 1
121#define HAVE_CPOWF 1
122#define HAVE_CREALL 1
123#define HAVE_CIMAGL 1
124#define HAVE_CABSL 1
125#define HAVE_CARGL 1
126#define HAVE_CEXPL 1
127#define HAVE_CSQRTL 1
128#define HAVE_CLOGL 1
129#define HAVE_CCOSL 1
130#define HAVE_CSINL 1
131#define HAVE_CPOWL 1
132#define HAVE_LDOUBLE_IEEE_QUAD_LE 1
133#ifndef __cplusplus
134/* #undef inline */
135#endif
136
137#ifndef _NPY_NPY_CONFIG_H_
138#error config.h should never be included directly, include npy_config.h instead
139#endif
diff --git a/meta/recipes-devtools/python-numpy/files/x86-64/_numpyconfig.h b/meta/recipes-devtools/python-numpy/files/x86-64/_numpyconfig.h
deleted file mode 100644
index b330361649..0000000000
--- a/meta/recipes-devtools/python-numpy/files/x86-64/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
1#define NPY_HAVE_ENDIAN_H 1
2#define NPY_SIZEOF_SHORT SIZEOF_SHORT
3#define NPY_SIZEOF_INT SIZEOF_INT
4#define NPY_SIZEOF_LONG SIZEOF_LONG
5#define NPY_SIZEOF_FLOAT 4
6#define NPY_SIZEOF_COMPLEX_FLOAT 8
7#define NPY_SIZEOF_DOUBLE 8
8#define NPY_SIZEOF_OFF_T 8
9#define NPY_SIZEOF_COMPLEX_DOUBLE 16
10#define NPY_SIZEOF_LONGDOUBLE 16
11#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
12#define NPY_ENABLE_SEPARATE_COMPILATION 1
13#define NPY_SIZEOF_PY_INTPTR_T 8
14#define NPY_SIZEOF_PY_LONG_LONG 8
15#define NPY_SIZEOF_LONGLONG 8
16#define NPY_NO_SMP 0
17#define NPY_HAVE_DECL_ISNAN
18#define NPY_HAVE_DECL_ISINF
19#define NPY_HAVE_DECL_ISFINITE
20#define NPY_HAVE_DECL_SIGNBIT
21#define NPY_USE_C99_COMPLEX 1
22#define NPY_HAVE_COMPLEX_DOUBLE 1
23#define NPY_HAVE_COMPLEX_FLOAT 1
24#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
25#define NPY_USE_C99_FORMATS 1
26#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
27#define NPY_ABI_VERSION 0x01000009
28#define NPY_API_VERSION 0x0000000A
29
30#ifndef __STDC_FORMAT_MACROS
31#define __STDC_FORMAT_MACROS 1
32#endif
diff --git a/meta/recipes-devtools/python-numpy/files/x86-64/config.h b/meta/recipes-devtools/python-numpy/files/x86-64/config.h
deleted file mode 100644
index 0ce63b7d22..0000000000
--- a/meta/recipes-devtools/python-numpy/files/x86-64/config.h
+++ /dev/null
@@ -1,139 +0,0 @@
1#define HAVE_ENDIAN_H 1
2#define SIZEOF_PY_INTPTR_T 8
3#define SIZEOF_PY_LONG_LONG 8
4#define MATHLIB m
5#define HAVE_SIN 1
6#define HAVE_COS 1
7#define HAVE_TAN 1
8#define HAVE_SINH 1
9#define HAVE_COSH 1
10#define HAVE_TANH 1
11#define HAVE_FABS 1
12#define HAVE_FLOOR 1
13#define HAVE_CEIL 1
14#define HAVE_SQRT 1
15#define HAVE_LOG10 1
16#define HAVE_LOG 1
17#define HAVE_EXP 1
18#define HAVE_ASIN 1
19#define HAVE_ACOS 1
20#define HAVE_ATAN 1
21#define HAVE_FMOD 1
22#define HAVE_MODF 1
23#define HAVE_FREXP 1
24#define HAVE_LDEXP 1
25#define HAVE_RINT 1
26#define HAVE_TRUNC 1
27#define HAVE_EXP2 1
28#define HAVE_LOG2 1
29#define HAVE_ATAN2 1
30#define HAVE_POW 1
31#define HAVE_NEXTAFTER 1
32#define HAVE_SINF 1
33#define HAVE_COSF 1
34#define HAVE_TANF 1
35#define HAVE_SINHF 1
36#define HAVE_COSHF 1
37#define HAVE_TANHF 1
38#define HAVE_FABSF 1
39#define HAVE_FLOORF 1
40#define HAVE_CEILF 1
41#define HAVE_RINTF 1
42#define HAVE_TRUNCF 1
43#define HAVE_SQRTF 1
44#define HAVE_LOG10F 1
45#define HAVE_LOGF 1
46#define HAVE_LOG1PF 1
47#define HAVE_EXPF 1
48#define HAVE_EXPM1F 1
49#define HAVE_ASINF 1
50#define HAVE_ACOSF 1
51#define HAVE_ATANF 1
52#define HAVE_ASINHF 1
53#define HAVE_ACOSHF 1
54#define HAVE_ATANHF 1
55#define HAVE_HYPOTF 1
56#define HAVE_ATAN2F 1
57#define HAVE_POWF 1
58#define HAVE_FMODF 1
59#define HAVE_MODFF 1
60#define HAVE_FREXPF 1
61#define HAVE_LDEXPF 1
62#define HAVE_EXP2F 1
63#define HAVE_LOG2F 1
64#define HAVE_COPYSIGNF 1
65#define HAVE_NEXTAFTERF 1
66#define HAVE_SINL 1
67#define HAVE_COSL 1
68#define HAVE_TANL 1
69#define HAVE_SINHL 1
70#define HAVE_COSHL 1
71#define HAVE_TANHL 1
72#define HAVE_FABSL 1
73#define HAVE_FLOORL 1
74#define HAVE_CEILL 1
75#define HAVE_RINTL 1
76#define HAVE_TRUNCL 1
77#define HAVE_SQRTL 1
78#define HAVE_LOG10L 1
79#define HAVE_LOGL 1
80#define HAVE_LOG1PL 1
81#define HAVE_EXPL 1
82#define HAVE_EXPM1L 1
83#define HAVE_ASINL 1
84#define HAVE_ACOSL 1
85#define HAVE_ATANL 1
86#define HAVE_ASINHL 1
87#define HAVE_ACOSHL 1
88#define HAVE_ATANHL 1
89#define HAVE_HYPOTL 1
90#define HAVE_ATAN2L 1
91#define HAVE_POWL 1
92#define HAVE_FMODL 1
93#define HAVE_MODFL 1
94#define HAVE_FREXPL 1
95#define HAVE_LDEXPL 1
96#define HAVE_EXP2L 1
97#define HAVE_LOG2L 1
98#define HAVE_COPYSIGNL 1
99#define HAVE_NEXTAFTERL 1
100#define HAVE_DECL_SIGNBIT
101#define HAVE_COMPLEX_H 1
102#define HAVE_CREAL 1
103#define HAVE_CIMAG 1
104#define HAVE_CABS 1
105#define HAVE_CARG 1
106#define HAVE_CEXP 1
107#define HAVE_CSQRT 1
108#define HAVE_CLOG 1
109#define HAVE_CCOS 1
110#define HAVE_CSIN 1
111#define HAVE_CPOW 1
112#define HAVE_CREALF 1
113#define HAVE_CIMAGF 1
114#define HAVE_CABSF 1
115#define HAVE_CARGF 1
116#define HAVE_CEXPF 1
117#define HAVE_CSQRTF 1
118#define HAVE_CLOGF 1
119#define HAVE_CCOSF 1
120#define HAVE_CSINF 1
121#define HAVE_CPOWF 1
122#define HAVE_CREALL 1
123#define HAVE_CIMAGL 1
124#define HAVE_CABSL 1
125#define HAVE_CARGL 1
126#define HAVE_CEXPL 1
127#define HAVE_CSQRTL 1
128#define HAVE_CLOGL 1
129#define HAVE_CCOSL 1
130#define HAVE_CSINL 1
131#define HAVE_CPOWL 1
132#define HAVE_LDOUBLE_INTEL_EXTENDED_16_BYTES_LE 1
133#ifndef __cplusplus
134/* #undef inline */
135#endif
136
137#ifndef _NPY_NPY_CONFIG_H_
138#error config.h should never be included directly, include npy_config.h instead
139#endif
diff --git a/meta/recipes-devtools/python-numpy/files/x86/config.h b/meta/recipes-devtools/python-numpy/files/x86/config.h
deleted file mode 100644
index 08e41e3d99..0000000000
--- a/meta/recipes-devtools/python-numpy/files/x86/config.h
+++ /dev/null
@@ -1,108 +0,0 @@
1#define SIZEOF_PY_INTPTR_T 4
2#define SIZEOF_PY_LONG_LONG 8
3#define MATHLIB m
4#define HAVE_SIN
5#define HAVE_COS
6#define HAVE_TAN
7#define HAVE_SINH
8#define HAVE_COSH
9#define HAVE_TANH
10#define HAVE_FABS
11#define HAVE_FLOOR
12#define HAVE_CEIL
13#define HAVE_SQRT
14#define HAVE_LOG10
15#define HAVE_LOG
16#define HAVE_EXP
17#define HAVE_ASIN
18#define HAVE_ACOS
19#define HAVE_ATAN
20#define HAVE_FMOD
21#define HAVE_MODF
22#define HAVE_FREXP
23#define HAVE_LDEXP
24#define HAVE_RINT
25#define HAVE_TRUNC
26#define HAVE_EXP2
27#define HAVE_LOG2
28#define HAVE_ATAN2
29#define HAVE_POW
30#define HAVE_NEXTAFTER
31#define HAVE_SINF
32#define HAVE_COSF
33#define HAVE_TANF
34#define HAVE_SINHF
35#define HAVE_COSHF
36#define HAVE_TANHF
37#define HAVE_FABSF
38#define HAVE_FLOORF
39#define HAVE_CEILF
40#define HAVE_RINTF
41#define HAVE_TRUNCF
42#define HAVE_SQRTF
43#define HAVE_LOG10F
44#define HAVE_LOGF
45#define HAVE_LOG1PF
46#define HAVE_EXPF
47#define HAVE_EXPM1F
48#define HAVE_ASINF
49#define HAVE_ACOSF
50#define HAVE_ATANF
51#define HAVE_ASINHF
52#define HAVE_ACOSHF
53#define HAVE_ATANHF
54#define HAVE_HYPOTF
55#define HAVE_ATAN2F
56#define HAVE_POWF
57#define HAVE_FMODF
58#define HAVE_MODFF
59#define HAVE_FREXPF
60#define HAVE_LDEXPF
61#define HAVE_EXP2F
62#define HAVE_LOG2F
63#define HAVE_COPYSIGNF
64#define HAVE_NEXTAFTERF
65#define HAVE_SINL
66#define HAVE_COSL
67#define HAVE_TANL
68#define HAVE_SINHL
69#define HAVE_COSHL
70#define HAVE_TANHL
71#define HAVE_FABSL
72#define HAVE_FLOORL
73#define HAVE_CEILL
74#define HAVE_RINTL
75#define HAVE_TRUNCL
76#define HAVE_SQRTL
77#define HAVE_LOG10L
78#define HAVE_LOGL
79#define HAVE_LOG1PL
80#define HAVE_EXPL
81#define HAVE_EXPM1L
82#define HAVE_ASINL
83#define HAVE_ACOSL
84#define HAVE_ATANL
85#define HAVE_ASINHL
86#define HAVE_ACOSHL
87#define HAVE_ATANHL
88#define HAVE_HYPOTL
89#define HAVE_ATAN2L
90#define HAVE_POWL
91#define HAVE_FMODL
92#define HAVE_MODFL
93#define HAVE_FREXPL
94#define HAVE_LDEXPL
95#define HAVE_EXP2L
96#define HAVE_LOG2L
97#define HAVE_COPYSIGNL
98#define HAVE_NEXTAFTERL
99#define HAVE_DECL_SIGNBIT
100#define HAVE_COMPLEX_H
101#define HAVE_LDOUBLE_INTEL_EXTENDED_12_BYTES_LE 1
102#ifndef __cplusplus
103/* #undef inline */
104#endif
105
106#ifndef _NPY_NPY_CONFIG_H_
107#error config.h should never be included directly, include npy_config.h instead
108#endif
diff --git a/meta/recipes-devtools/python-numpy/files/x86/numpyconfig.h b/meta/recipes-devtools/python-numpy/files/x86/numpyconfig.h
deleted file mode 100644
index ff7938cd96..0000000000
--- a/meta/recipes-devtools/python-numpy/files/x86/numpyconfig.h
+++ /dev/null
@@ -1,24 +0,0 @@
1#ifndef _NPY_NUMPYCONFIG_H_
2#define _NPY_NUMPYCONFIG_H_
3
4#include "_numpyconfig.h"
5
6/*
7 * On Mac OS X, because there is only one configuration stage for all the archs
8 * in universal builds, any macro which depends on the arch needs to be
9 * harcoded
10 */
11#ifdef __APPLE__
12 #undef NPY_SIZEOF_LONG
13 #undef NPY_SIZEOF_PY_INTPTR_T
14
15 #ifdef __LP64__
16 #define NPY_SIZEOF_LONG 8
17 #define NPY_SIZEOF_PY_INTPTR_T 8
18 #else
19 #define NPY_SIZEOF_LONG 4
20 #define NPY_SIZEOF_PY_INTPTR_T 4
21 #endif
22#endif
23
24#endif
diff --git a/meta/recipes-devtools/python-numpy/python-numpy.inc b/meta/recipes-devtools/python-numpy/python-numpy.inc
index a12e72f964..f68b90e6b9 100644
--- a/meta/recipes-devtools/python-numpy/python-numpy.inc
+++ b/meta/recipes-devtools/python-numpy/python-numpy.inc
@@ -8,7 +8,6 @@ SRCNAME = "numpy"
8SRC_URI = "https://github.com/${SRCNAME}/${SRCNAME}/releases/download/v${PV}/${SRCNAME}-${PV}.tar.gz \ 8SRC_URI = "https://github.com/${SRCNAME}/${SRCNAME}/releases/download/v${PV}/${SRCNAME}-${PV}.tar.gz \
9 file://0001-Don-t-search-usr-and-so-on-for-libraries-by-default-.patch \ 9 file://0001-Don-t-search-usr-and-so-on-for-libraries-by-default-.patch \
10 file://0001-npy_cpu-Add-riscv-support.patch \ 10 file://0001-npy_cpu-Add-riscv-support.patch \
11 ${CONFIGFILESURI} \
12 file://0001-numpy-random-setup.py-remove-the-detection-of-x86-ta.patch \ 11 file://0001-numpy-random-setup.py-remove-the-detection-of-x86-ta.patch \
13 " 12 "
14SRC_URI[md5sum] = "c48b2ad785f82cdfe28c907ce35e2a71" 13SRC_URI[md5sum] = "c48b2ad785f82cdfe28c907ce35e2a71"
@@ -20,77 +19,10 @@ UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar"
20# Needed for building with gcc 4.x from centos 7 19# Needed for building with gcc 4.x from centos 7
21CFLAGS_append_class-native = " -std=c99" 20CFLAGS_append_class-native = " -std=c99"
22 21
23CONFIGFILESURI ?= ""
24
25CONFIGFILESURI_aarch64 = " \
26 file://config.h \
27 file://_numpyconfig.h \
28"
29CONFIGFILESURI_arm = " \
30 file://config.h \
31 file://numpyconfig.h \
32"
33CONFIGFILESURI_armeb = " \
34 file://config.h \
35 file://numpyconfig.h \
36"
37CONFIGFILESURI_mipsarcho32el = " \
38 file://config.h \
39 file://numpyconfig.h \
40"
41CONFIGFILESURI_x86 = " \
42 file://config.h \
43 file://numpyconfig.h \
44"
45CONFIGFILESURI_x86-64 = " \
46 file://config.h \
47 file://_numpyconfig.h \
48"
49CONFIGFILESURI_mipsarcho32eb = " \
50 file://config.h \
51 file://_numpyconfig.h \
52"
53CONFIGFILESURI_powerpc = " \
54 file://config.h \
55 file://_numpyconfig.h \
56"
57CONFIGFILESURI_powerpc64 = " \
58 file://config.h \
59 file://_numpyconfig.h \
60"
61CONFIGFILESURI_mipsarchn64eb = " \
62 file://config.h \
63 file://_numpyconfig.h \
64"
65CONFIGFILESURI_mipsarchn64el = " \
66 file://config.h \
67 file://_numpyconfig.h \
68"
69CONFIGFILESURI_mipsarchn32eb = " \
70 file://config.h \
71 file://_numpyconfig.h \
72"
73CONFIGFILESURI_mipsarchn32el = " \
74 file://config.h \
75 file://_numpyconfig.h \
76"
77CONFIGFILESURI_riscv64 = " \
78 file://config.h \
79 file://_numpyconfig.h \
80"
81
82S = "${WORKDIR}/numpy-${PV}" 22S = "${WORKDIR}/numpy-${PV}"
83 23
84CLEANBROKEN = "1" 24CLEANBROKEN = "1"
85 25
86# Make the build fail and replace *config.h with proper one
87# This is a ugly, ugly hack - Koen
88do_compile_prepend_class-target() {
89 ${STAGING_BINDIR_NATIVE}/${PYTHON_PN}-native/${PYTHON_PN} setup.py build ${DISTUTILS_BUILD_ARGS} || \
90 true
91 cp ${WORKDIR}/*config.h ${S}/build/$(ls ${S}/build | grep src)/numpy/core/include/numpy/
92}
93
94FILES_${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/numpy/core/lib/*.a" 26FILES_${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/numpy/core/lib/*.a"
95 27
96# install what is needed for numpy.test() 28# install what is needed for numpy.test()
diff --git a/meta/recipes-devtools/python/python-native_2.7.17.bb b/meta/recipes-devtools/python/python-native_2.7.18.bb
index 335318bab8..335318bab8 100644
--- a/meta/recipes-devtools/python/python-native_2.7.17.bb
+++ b/meta/recipes-devtools/python/python-native_2.7.18.bb
diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc
index 19a2f3e743..fe281586fc 100644
--- a/meta/recipes-devtools/python/python.inc
+++ b/meta/recipes-devtools/python/python.inc
@@ -5,13 +5,13 @@ SECTION = "devel/python"
5# bump this on every change in contrib/python/generate-manifest-2.7.py 5# bump this on every change in contrib/python/generate-manifest-2.7.py
6INC_PR = "r1" 6INC_PR = "r1"
7 7
8LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498" 8LIC_FILES_CHKSUM = "file://LICENSE;md5=203a6dbc802ee896020a47161e759642"
9 9
10SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ 10SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
11 " 11 "
12 12
13SRC_URI[md5sum] = "b3b6d2c92f42a60667814358ab9f0cfd" 13SRC_URI[md5sum] = "fd6cc8ec0a78c44036f825e739f36e5a"
14SRC_URI[sha256sum] = "4d43f033cdbd0aa7b7023c81b0e986fd11e653b5248dac9144d508f11812ba41" 14SRC_URI[sha256sum] = "b62c0e7937551d0cc02b8fd5cb0f544f9405bafc9a54d3808ed4594812edef43"
15 15
16# python recipe is actually python 2.x 16# python recipe is actually python 2.x
17# also, exclude pre-releases for both python 2.x and 3.x 17# also, exclude pre-releases for both python 2.x and 3.x
diff --git a/meta/recipes-devtools/python/python3-testtools/no_traceback2.patch b/meta/recipes-devtools/python/python3-testtools/no_traceback2.patch
new file mode 100644
index 0000000000..594510342b
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-testtools/no_traceback2.patch
@@ -0,0 +1,23 @@
1traceback2 adds traceback for python2. Rather than depend on traceback2, we're
2python3 only so just use traceback.
3This caused breakage in oe-selftest -j which uses testtools on the autobuilder
4using buildtools-tarball.
5
6Upstream-Status: Inappropriate [Our recipe is python3 specific]
7(Once py2 is EOL upstream probably could/should take this)
8Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
9
10Index: testtools-2.3.0/testtools/content.py
11===================================================================
12--- testtools-2.3.0.orig/testtools/content.py
13+++ testtools-2.3.0/testtools/content.py
14@@ -19,8 +19,7 @@ import os
15 import sys
16
17 from extras import try_import
18-# To let setup.py work, make this a conditional import.
19-traceback = try_import('traceback2')
20+import traceback
21
22 from testtools.compat import (
23 _b,
diff --git a/meta/recipes-devtools/python/python3-testtools_2.3.0.bb b/meta/recipes-devtools/python/python3-testtools_2.3.0.bb
index 896ecee65c..a254b90a75 100644
--- a/meta/recipes-devtools/python/python3-testtools_2.3.0.bb
+++ b/meta/recipes-devtools/python/python3-testtools_2.3.0.bb
@@ -1,2 +1,4 @@
1inherit setuptools3 1inherit setuptools3
2require python-testtools.inc 2require python-testtools.inc
3
4SRC_URI += "file://no_traceback2.patch"
diff --git a/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch b/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch
new file mode 100644
index 0000000000..acf8e1e9b5
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch
@@ -0,0 +1,29 @@
1From 85e8f86ad2b7dec0848cd55b8e810a5e2722b20a Mon Sep 17 00:00:00 2001
2From: Jeremy Puhlman <jpuhlman@mvista.com>
3Date: Wed, 4 Mar 2020 00:06:42 +0000
4Subject: [PATCH] Don't search system for headers/libraries
5
6Upstream-Status: Inappropriate [oe-core specific]
7Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
8---
9 setup.py | 4 ++--
10 1 file changed, 2 insertions(+), 2 deletions(-)
11
12diff --git a/setup.py b/setup.py
13index 9da1b3a..59782c0 100644
14--- a/setup.py
15+++ b/setup.py
16@@ -674,8 +674,8 @@ class PyBuildExt(build_ext):
17 add_dir_to_list(self.compiler.include_dirs,
18 sysconfig.get_config_var("INCLUDEDIR"))
19
20- system_lib_dirs = ['/lib64', '/usr/lib64', '/lib', '/usr/lib']
21- system_include_dirs = ['/usr/include']
22+ system_lib_dirs = []
23+ system_include_dirs = []
24 # lib_dirs and inc_dirs are used to search for files;
25 # if a file is found in one of those directories, it can
26 # be assumed that no additional -I,-L directives are needed.
27--
282.24.1
29
diff --git a/meta/recipes-devtools/python/python3/0017-setup.py-do-not-report-missing-dependencies-for-disa.patch b/meta/recipes-devtools/python/python3/0017-setup.py-do-not-report-missing-dependencies-for-disa.patch
new file mode 100644
index 0000000000..c15295c034
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/0017-setup.py-do-not-report-missing-dependencies-for-disa.patch
@@ -0,0 +1,31 @@
1From e3b59cb9658e1d3efa3535840939a0fa92a70a5a Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex.kanavin@gmail.com>
3Date: Mon, 7 Oct 2019 13:22:14 +0200
4Subject: [PATCH] setup.py: do not report missing dependencies for disabled
5 modules
6
7Reporting those missing dependencies is misleading as the modules would not
8have been built anyway. This particularly matters in oe-core's automated
9build completeness checker which relies on the report.
10
11Upstream-Status: Inappropriate [oe-core specific]
12Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
13---
14 setup.py | 4 ++++
15 1 file changed, 4 insertions(+)
16
17diff --git a/setup.py b/setup.py
18index 4b53668..0097643 100644
19--- a/setup.py
20+++ b/setup.py
21@@ -365,6 +365,10 @@ class PyBuildExt(build_ext):
22 print("%-*s %-*s %-*s" % (longest, e, longest, f,
23 longest, g))
24
25+ # There is no need to report missing module dependencies,
26+ # if the modules have been disabled in the first place.
27+ missing = list(set(missing) - set(sysconf_dis))
28+
29 if missing:
30 print()
31 print("Python build finished successfully!")
diff --git a/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch b/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
index 0bafec73c0..d49604ba4d 100644
--- a/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
+++ b/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
@@ -1,4 +1,4 @@
1From 6229502e5ae6cbb22240594f002638e9ef78f831 Mon Sep 17 00:00:00 2001 1From a274ba778838824efcacaba57c415b7262f779ec Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com> 2From: Khem Raj <raj.khem@gmail.com>
3Date: Tue, 14 May 2013 15:00:26 -0700 3Date: Tue, 14 May 2013 15:00:26 -0700
4Subject: [PATCH] python3: Add target and native recipes 4Subject: [PATCH] python3: Add target and native recipes
diff --git a/meta/recipes-devtools/python/python3/CVE-2020-14422.patch b/meta/recipes-devtools/python/python3/CVE-2020-14422.patch
new file mode 100644
index 0000000000..31ad82d7c5
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2020-14422.patch
@@ -0,0 +1,79 @@
1From b98e7790c77a4378ec4b1c71b84138cb930b69b7 Mon Sep 17 00:00:00 2001
2From: Tapas Kundu <39723251+tapakund@users.noreply.github.com>
3Date: Wed, 1 Jul 2020 00:50:21 +0530
4Subject: [PATCH] [3.7] bpo-41004: Resolve hash collisions for IPv4Interface
5 and IPv6Interface (GH-21033) (GH-21231)
6
7CVE-2020-14422
8The __hash__() methods of classes IPv4Interface and IPv6Interface had issue
9of generating constant hash values of 32 and 128 respectively causing hash collisions.
10The fix uses the hash() function to generate hash values for the objects
11instead of XOR operation
12(cherry picked from commit b30ee26e366bf509b7538d79bfec6c6d38d53f28)
13
14Co-authored-by: Ravi Teja P <rvteja92@gmail.com>
15
16Signed-off-by: Tapas Kundu <tkundu@vmware.com>
17
18Upstream-Status: Backport [https://github.com/python/cpython/commit/b98e7790c77a4378ec4b1c71b84138cb930b69b7]
19CVE: CVE-2020-14422
20Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
21
22---
23 Lib/ipaddress.py | 4 ++--
24 Lib/test/test_ipaddress.py | 11 +++++++++++
25 .../Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst | 1 +
26 3 files changed, 14 insertions(+), 2 deletions(-)
27 create mode 100644 Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
28
29diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py
30index 80249288d73ab..54882934c3dc1 100644
31--- a/Lib/ipaddress.py
32+++ b/Lib/ipaddress.py
33@@ -1442,7 +1442,7 @@ def __lt__(self, other):
34 return False
35
36 def __hash__(self):
37- return self._ip ^ self._prefixlen ^ int(self.network.network_address)
38+ return hash((self._ip, self._prefixlen, int(self.network.network_address)))
39
40 __reduce__ = _IPAddressBase.__reduce__
41
42@@ -2088,7 +2088,7 @@ def __lt__(self, other):
43 return False
44
45 def __hash__(self):
46- return self._ip ^ self._prefixlen ^ int(self.network.network_address)
47+ return hash((self._ip, self._prefixlen, int(self.network.network_address)))
48
49 __reduce__ = _IPAddressBase.__reduce__
50
51diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py
52index 455b893fb126f..1fb6a929dc2d9 100644
53--- a/Lib/test/test_ipaddress.py
54+++ b/Lib/test/test_ipaddress.py
55@@ -2091,6 +2091,17 @@ def testsixtofour(self):
56 sixtofouraddr.sixtofour)
57 self.assertFalse(bad_addr.sixtofour)
58
59+ # issue41004 Hash collisions in IPv4Interface and IPv6Interface
60+ def testV4HashIsNotConstant(self):
61+ ipv4_address1 = ipaddress.IPv4Interface("1.2.3.4")
62+ ipv4_address2 = ipaddress.IPv4Interface("2.3.4.5")
63+ self.assertNotEqual(ipv4_address1.__hash__(), ipv4_address2.__hash__())
64+
65+ # issue41004 Hash collisions in IPv4Interface and IPv6Interface
66+ def testV6HashIsNotConstant(self):
67+ ipv6_address1 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:1")
68+ ipv6_address2 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:2")
69+ self.assertNotEqual(ipv6_address1.__hash__(), ipv6_address2.__hash__())
70
71 if __name__ == '__main__':
72 unittest.main()
73diff --git a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
74new file mode 100644
75index 0000000000000..f5a9db52fff52
76--- /dev/null
77+++ b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
78@@ -0,0 +1 @@
79+CVE-2020-14422: The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).
diff --git a/meta/recipes-devtools/python/python3_3.7.6.bb b/meta/recipes-devtools/python/python3_3.7.8.bb
index b33b7028d4..b18b3cd47d 100644
--- a/meta/recipes-devtools/python/python3_3.7.6.bb
+++ b/meta/recipes-devtools/python/python3_3.7.8.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "http://www.python.org"
3LICENSE = "PSFv2" 3LICENSE = "PSFv2"
4SECTION = "devel/python" 4SECTION = "devel/python"
5 5
6LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498" 6LIC_FILES_CHKSUM = "file://LICENSE;md5=203a6dbc802ee896020a47161e759642"
7 7
8SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ 8SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
9 file://run-ptest \ 9 file://run-ptest \
@@ -28,18 +28,21 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
28 file://reformat_sysconfig.py \ 28 file://reformat_sysconfig.py \
29 file://0001-Use-FLAG_REF-always-for-interned-strings.patch \ 29 file://0001-Use-FLAG_REF-always-for-interned-strings.patch \
30 file://0001-test_locale.py-correct-the-test-output-format.patch \ 30 file://0001-test_locale.py-correct-the-test-output-format.patch \
31 file://0017-setup.py-do-not-report-missing-dependencies-for-disa.patch \
32 file://CVE-2020-14422.patch \
31 " 33 "
32 34
33SRC_URI_append_class-native = " \ 35SRC_URI_append_class-native = " \
34 file://0001-distutils-sysconfig-append-STAGING_LIBDIR-python-sys.patch \ 36 file://0001-distutils-sysconfig-append-STAGING_LIBDIR-python-sys.patch \
35 file://12-distutils-prefix-is-inside-staging-area.patch \ 37 file://12-distutils-prefix-is-inside-staging-area.patch \
38 file://0001-Don-t-search-system-for-headers-libraries.patch \
36 " 39 "
37SRC_URI_append_class-nativesdk = " \ 40SRC_URI_append_class-nativesdk = " \
38 file://0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch \ 41 file://0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch \
39 " 42 "
40 43
41SRC_URI[md5sum] = "c08fbee72ad5c2c95b0f4e44bf6fd72c" 44SRC_URI[md5sum] = "a224ef2249a18824f48fba9812f4006f"
42SRC_URI[sha256sum] = "55a2cce72049f0794e9a11a84862e9039af9183603b78bc60d89539f82cf533f" 45SRC_URI[sha256sum] = "43a543404b363f0037f89df8478f19db2dbc0d6f3ffee310bc2997fa71854a63"
43 46
44# exclude pre-releases for both python 2.x and 3.x 47# exclude pre-releases for both python 2.x and 3.x
45UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" 48UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
@@ -65,7 +68,7 @@ ALTERNATIVE_LINK_NAME[python-config] = "${bindir}/python${PYTHON_BINABI}-config"
65ALTERNATIVE_TARGET[python-config] = "${bindir}/python${PYTHON_BINABI}-config-${MULTILIB_SUFFIX}" 68ALTERNATIVE_TARGET[python-config] = "${bindir}/python${PYTHON_BINABI}-config-${MULTILIB_SUFFIX}"
66 69
67 70
68DEPENDS = "bzip2-replacement-native libffi bzip2 gdbm openssl sqlite3 zlib virtual/libintl xz virtual/crypt util-linux libtirpc libnsl2" 71DEPENDS = "bzip2-replacement-native libffi bzip2 openssl sqlite3 zlib virtual/libintl xz virtual/crypt util-linux libtirpc libnsl2"
69DEPENDS_append_class-target = " python3-native" 72DEPENDS_append_class-target = " python3-native"
70DEPENDS_append_class-nativesdk = " python3-native" 73DEPENDS_append_class-nativesdk = " python3-native"
71 74
@@ -90,13 +93,23 @@ python() {
90 d.setVar('PACKAGECONFIG_PGO', '') 93 d.setVar('PACKAGECONFIG_PGO', '')
91} 94}
92 95
93PACKAGECONFIG_class-target ??= "readline ${PACKAGECONFIG_PGO}" 96PACKAGECONFIG_class-target ??= "readline ${PACKAGECONFIG_PGO} gdbm"
94PACKAGECONFIG_class-native ??= "readline" 97PACKAGECONFIG_class-native ??= "readline gdbm"
95PACKAGECONFIG_class-nativesdk ??= "readline" 98PACKAGECONFIG_class-nativesdk ??= "readline gdbm"
96PACKAGECONFIG[readline] = ",,readline" 99PACKAGECONFIG[readline] = ",,readline"
97# Use profile guided optimisation by running PyBench inside qemu-user 100# Use profile guided optimisation by running PyBench inside qemu-user
98PACKAGECONFIG[pgo] = "--enable-optimizations,,qemu-native" 101PACKAGECONFIG[pgo] = "--enable-optimizations,,qemu-native"
99PACKAGECONFIG[tk] = ",,tk" 102PACKAGECONFIG[tk] = ",,tk"
103PACKAGECONFIG[gdbm] = ",,gdbm"
104
105do_configure_prepend () {
106 mkdir -p ${B}/Modules
107 cat > ${B}/Modules/Setup.local << EOF
108*disabled*
109${@bb.utils.contains('PACKAGECONFIG', 'gdbm', '', '_gdbm _dbm', d)}
110${@bb.utils.contains('PACKAGECONFIG', 'readline', '', 'readline', d)}
111EOF
112}
100 113
101CPPFLAGS_append = " -I${STAGING_INCDIR}/ncursesw -I${STAGING_INCDIR}/uuid" 114CPPFLAGS_append = " -I${STAGING_INCDIR}/ncursesw -I${STAGING_INCDIR}/uuid"
102 115
diff --git a/meta/recipes-devtools/python/python_2.7.17.bb b/meta/recipes-devtools/python/python_2.7.18.bb
index 5b856a5097..5b856a5097 100644
--- a/meta/recipes-devtools/python/python_2.7.17.bb
+++ b/meta/recipes-devtools/python/python_2.7.18.bb
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index bb444b63d9..ec32c90ad5 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -27,9 +27,23 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
27 file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \ 27 file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
28 file://0009-Fix-webkitgtk-builds.patch \ 28 file://0009-Fix-webkitgtk-builds.patch \
29 file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \ 29 file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \
30 file://0011-linux-user-remove-host-stime-syscall.patch \
30 file://CVE-2019-15890.patch \ 31 file://CVE-2019-15890.patch \
31 file://CVE-2019-12068.patch \ 32 file://CVE-2019-12068.patch \
32 " 33 file://CVE-2020-1711.patch \
34 file://CVE-2019-20382.patch \
35 file://CVE-2020-7039-1.patch \
36 file://CVE-2020-7039-2.patch \
37 file://CVE-2020-7039-3.patch \
38 file://CVE-2020-7211.patch \
39 file://CVE-2020-11869.patch \
40 file://CVE-2020-13765.patch \
41 file://CVE-2020-10702.patch \
42 file://CVE-2020-16092.patch \
43 file://CVE-2020-10756.patch \
44 file://CVE-2020-15863.patch \
45 file://CVE-2020-14364.patch \
46 "
33UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" 47UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
34 48
35SRC_URI[md5sum] = "cdf2b5ca52b9abac9bacb5842fa420f8" 49SRC_URI[md5sum] = "cdf2b5ca52b9abac9bacb5842fa420f8"
@@ -164,6 +178,7 @@ PACKAGECONFIG[spice] = "--enable-spice,--disable-spice,spice"
164# usbredir will be in meta-networking layer 178# usbredir will be in meta-networking layer
165PACKAGECONFIG[usb-redir] = "--enable-usb-redir,--disable-usb-redir,usbredir" 179PACKAGECONFIG[usb-redir] = "--enable-usb-redir,--disable-usb-redir,usbredir"
166PACKAGECONFIG[snappy] = "--enable-snappy,--disable-snappy,snappy" 180PACKAGECONFIG[snappy] = "--enable-snappy,--disable-snappy,snappy"
181PACKAGECONFIG[glusterfs] = "--enable-glusterfs,--disable-glusterfs,glusterfs"
167 182
168INSANE_SKIP_${PN} = "arch" 183INSANE_SKIP_${PN} = "arch"
169 184
diff --git a/meta/recipes-devtools/qemu/qemu/0011-linux-user-remove-host-stime-syscall.patch b/meta/recipes-devtools/qemu/qemu/0011-linux-user-remove-host-stime-syscall.patch
new file mode 100644
index 0000000000..659e6be45d
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0011-linux-user-remove-host-stime-syscall.patch
@@ -0,0 +1,61 @@
1From 0f1f2d4596aee037d3ccbcf10592466daa54107f Mon Sep 17 00:00:00 2001
2From: Laurent Vivier <laurent@vivier.eu>
3Date: Tue, 12 Nov 2019 15:25:56 +0100
4Subject: [PATCH] linux-user: remove host stime() syscall
5
6stime() has been withdrawn from glibc
7(12cbde1dae6f "Use clock_settime to implement stime; withdraw stime.")
8
9Implement the target stime() syscall using host
10clock_settime(CLOCK_REALTIME, ...) as it is done internally in glibc.
11
12Tested qemu-ppc/x86_64 with:
13
14 #include <time.h>
15 #include <stdio.h>
16
17 int main(void)
18 {
19 time_t t;
20 int ret;
21
22 /* date -u -d"2019-11-12T15:11:00" "+%s" */
23 t = 1573571460;
24 ret = stime(&t);
25 printf("ret %d\n", ret);
26 return 0;
27 }
28
29 # date; ./stime; date
30 Tue Nov 12 14:18:32 UTC 2019
31 ret 0
32 Tue Nov 12 15:11:00 UTC 2019
33
34Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=0f1f2d4596aee037d3ccbcf10592466daa54107f]
35Buglink: https://bugs.launchpad.net/qemu/+bug/1852115
36Reported-by: Cole Robinson <crobinso@redhat.com>
37Signed-off-by: Laurent Vivier <laurent@vivier.eu>
38Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
39Message-Id: <20191112142556.6335-1-laurent@vivier.eu>
40---
41 linux-user/syscall.c | 8 +++++---
42 1 file changed, 5 insertions(+), 3 deletions(-)
43
44--- a/linux-user/syscall.c
45+++ b/linux-user/syscall.c
46@@ -7651,10 +7651,12 @@ static abi_long do_syscall1(void *cpu_en
47 #ifdef TARGET_NR_stime /* not on alpha */
48 case TARGET_NR_stime:
49 {
50- time_t host_time;
51- if (get_user_sal(host_time, arg1))
52+ struct timespec ts;
53+ ts.tv_nsec = 0;
54+ if (get_user_sal(ts.tv_sec, arg1)) {
55 return -TARGET_EFAULT;
56- return get_errno(stime(&host_time));
57+ }
58+ return get_errno(clock_settime(CLOCK_REALTIME, &ts));
59 }
60 #endif
61 #ifdef TARGET_NR_alarm /* not on alpha */
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-20382.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-20382.patch
new file mode 100644
index 0000000000..183d100398
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-20382.patch
@@ -0,0 +1,1018 @@
1From 6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0 Mon Sep 17 00:00:00 2001
2From: Li Qiang <liq3ea@163.com>
3Date: Sat, 31 Aug 2019 08:39:22 -0700
4Subject: [PATCH] vnc: fix memory leak when vnc disconnect
5
6Currently when qemu receives a vnc connect, it creates a 'VncState' to
7represent this connection. In 'vnc_worker_thread_loop' it creates a
8local 'VncState'. The connection 'VcnState' and local 'VncState' exchange
9data in 'vnc_async_encoding_start' and 'vnc_async_encoding_end'.
10In 'zrle_compress_data' it calls 'deflateInit2' to allocate the libz library
11opaque data. The 'VncState' used in 'zrle_compress_data' is the local
12'VncState'. In 'vnc_zrle_clear' it calls 'deflateEnd' to free the libz
13library opaque data. The 'VncState' used in 'vnc_zrle_clear' is the connection
14'VncState'. In currently implementation there will be a memory leak when the
15vnc disconnect. Following is the asan output backtrack:
16
17Direct leak of 29760 byte(s) in 5 object(s) allocated from:
18 0 0xffffa67ef3c3 in __interceptor_calloc (/lib64/libasan.so.4+0xd33c3)
19 1 0xffffa65071cb in g_malloc0 (/lib64/libglib-2.0.so.0+0x571cb)
20 2 0xffffa5e968f7 in deflateInit2_ (/lib64/libz.so.1+0x78f7)
21 3 0xaaaacec58613 in zrle_compress_data ui/vnc-enc-zrle.c:87
22 4 0xaaaacec58613 in zrle_send_framebuffer_update ui/vnc-enc-zrle.c:344
23 5 0xaaaacec34e77 in vnc_send_framebuffer_update ui/vnc.c:919
24 6 0xaaaacec5e023 in vnc_worker_thread_loop ui/vnc-jobs.c:271
25 7 0xaaaacec5e5e7 in vnc_worker_thread ui/vnc-jobs.c:340
26 8 0xaaaacee4d3c3 in qemu_thread_start util/qemu-thread-posix.c:502
27 9 0xffffa544e8bb in start_thread (/lib64/libpthread.so.0+0x78bb)
28 10 0xffffa53965cb in thread_start (/lib64/libc.so.6+0xd55cb)
29
30This is because the opaque allocated in 'deflateInit2' is not freed in
31'deflateEnd'. The reason is that the 'deflateEnd' calls 'deflateStateCheck'
32and in the latter will check whether 's->strm != strm'(libz's data structure).
33This check will be true so in 'deflateEnd' it just return 'Z_STREAM_ERROR' and
34not free the data allocated in 'deflateInit2'.
35
36The reason this happens is that the 'VncState' contains the whole 'VncZrle',
37so when calling 'deflateInit2', the 's->strm' will be the local address.
38So 's->strm != strm' will be true.
39
40To fix this issue, we need to make 'zrle' of 'VncState' to be a pointer.
41Then the connection 'VncState' and local 'VncState' exchange mechanism will
42work as expection. The 'tight' of 'VncState' has the same issue, let's also turn
43it to a pointer.
44
45Reported-by: Ying Fang <fangying1@huawei.com>
46Signed-off-by: Li Qiang <liq3ea@163.com>
47Message-id: 20190831153922.121308-1-liq3ea@163.com
48Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
49
50Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0]
51CVE: CVE-2019-20382
52Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
53
54---
55 ui/vnc-enc-tight.c | 219 +++++++++++++++++++++++++-------------------------
56 ui/vnc-enc-zlib.c | 11 +--
57 ui/vnc-enc-zrle.c | 68 ++++++++--------
58 ui/vnc-enc-zrle.inc.c | 2 +-
59 ui/vnc.c | 28 ++++---
60 ui/vnc.h | 4 +-
61 6 files changed, 170 insertions(+), 162 deletions(-)
62
63diff --git a/ui/vnc-enc-tight.c b/ui/vnc-enc-tight.c
64index 9084c22..1e08518 100644
65--- a/ui/vnc-enc-tight.c
66+++ b/ui/vnc-enc-tight.c
67@@ -116,7 +116,7 @@ static int send_png_rect(VncState *vs, int x, int y, int w, int h,
68
69 static bool tight_can_send_png_rect(VncState *vs, int w, int h)
70 {
71- if (vs->tight.type != VNC_ENCODING_TIGHT_PNG) {
72+ if (vs->tight->type != VNC_ENCODING_TIGHT_PNG) {
73 return false;
74 }
75
76@@ -144,7 +144,7 @@ tight_detect_smooth_image24(VncState *vs, int w, int h)
77 int pixels = 0;
78 int pix, left[3];
79 unsigned int errors;
80- unsigned char *buf = vs->tight.tight.buffer;
81+ unsigned char *buf = vs->tight->tight.buffer;
82
83 /*
84 * If client is big-endian, color samples begin from the second
85@@ -215,7 +215,7 @@ tight_detect_smooth_image24(VncState *vs, int w, int h)
86 int pixels = 0; \
87 int sample, sum, left[3]; \
88 unsigned int errors; \
89- unsigned char *buf = vs->tight.tight.buffer; \
90+ unsigned char *buf = vs->tight->tight.buffer; \
91 \
92 endian = 0; /* FIXME */ \
93 \
94@@ -296,8 +296,8 @@ static int
95 tight_detect_smooth_image(VncState *vs, int w, int h)
96 {
97 unsigned int errors;
98- int compression = vs->tight.compression;
99- int quality = vs->tight.quality;
100+ int compression = vs->tight->compression;
101+ int quality = vs->tight->quality;
102
103 if (!vs->vd->lossy) {
104 return 0;
105@@ -309,7 +309,7 @@ tight_detect_smooth_image(VncState *vs, int w, int h)
106 return 0;
107 }
108
109- if (vs->tight.quality != (uint8_t)-1) {
110+ if (vs->tight->quality != (uint8_t)-1) {
111 if (w * h < VNC_TIGHT_JPEG_MIN_RECT_SIZE) {
112 return 0;
113 }
114@@ -320,9 +320,9 @@ tight_detect_smooth_image(VncState *vs, int w, int h)
115 }
116
117 if (vs->client_pf.bytes_per_pixel == 4) {
118- if (vs->tight.pixel24) {
119+ if (vs->tight->pixel24) {
120 errors = tight_detect_smooth_image24(vs, w, h);
121- if (vs->tight.quality != (uint8_t)-1) {
122+ if (vs->tight->quality != (uint8_t)-1) {
123 return (errors < tight_conf[quality].jpeg_threshold24);
124 }
125 return (errors < tight_conf[compression].gradient_threshold24);
126@@ -352,7 +352,7 @@ tight_detect_smooth_image(VncState *vs, int w, int h)
127 uint##bpp##_t c0, c1, ci; \
128 int i, n0, n1; \
129 \
130- data = (uint##bpp##_t *)vs->tight.tight.buffer; \
131+ data = (uint##bpp##_t *)vs->tight->tight.buffer; \
132 \
133 c0 = data[0]; \
134 i = 1; \
135@@ -423,9 +423,9 @@ static int tight_fill_palette(VncState *vs, int x, int y,
136 {
137 int max;
138
139- max = count / tight_conf[vs->tight.compression].idx_max_colors_divisor;
140+ max = count / tight_conf[vs->tight->compression].idx_max_colors_divisor;
141 if (max < 2 &&
142- count >= tight_conf[vs->tight.compression].mono_min_rect_size) {
143+ count >= tight_conf[vs->tight->compression].mono_min_rect_size) {
144 max = 2;
145 }
146 if (max >= 256) {
147@@ -558,7 +558,7 @@ tight_filter_gradient24(VncState *vs, uint8_t *buf, int w, int h)
148 int x, y, c;
149
150 buf32 = (uint32_t *)buf;
151- memset(vs->tight.gradient.buffer, 0, w * 3 * sizeof(int));
152+ memset(vs->tight->gradient.buffer, 0, w * 3 * sizeof(int));
153
154 if (1 /* FIXME */) {
155 shift[0] = vs->client_pf.rshift;
156@@ -575,7 +575,7 @@ tight_filter_gradient24(VncState *vs, uint8_t *buf, int w, int h)
157 upper[c] = 0;
158 here[c] = 0;
159 }
160- prev = (int *)vs->tight.gradient.buffer;
161+ prev = (int *)vs->tight->gradient.buffer;
162 for (x = 0; x < w; x++) {
163 pix32 = *buf32++;
164 for (c = 0; c < 3; c++) {
165@@ -615,7 +615,7 @@ tight_filter_gradient24(VncState *vs, uint8_t *buf, int w, int h)
166 int prediction; \
167 int x, y, c; \
168 \
169- memset (vs->tight.gradient.buffer, 0, w * 3 * sizeof(int)); \
170+ memset(vs->tight->gradient.buffer, 0, w * 3 * sizeof(int)); \
171 \
172 endian = 0; /* FIXME */ \
173 \
174@@ -631,7 +631,7 @@ tight_filter_gradient24(VncState *vs, uint8_t *buf, int w, int h)
175 upper[c] = 0; \
176 here[c] = 0; \
177 } \
178- prev = (int *)vs->tight.gradient.buffer; \
179+ prev = (int *)vs->tight->gradient.buffer; \
180 for (x = 0; x < w; x++) { \
181 pix = *buf; \
182 if (endian) { \
183@@ -785,7 +785,7 @@ static void extend_solid_area(VncState *vs, int x, int y, int w, int h,
184 static int tight_init_stream(VncState *vs, int stream_id,
185 int level, int strategy)
186 {
187- z_streamp zstream = &vs->tight.stream[stream_id];
188+ z_streamp zstream = &vs->tight->stream[stream_id];
189
190 if (zstream->opaque == NULL) {
191 int err;
192@@ -803,15 +803,15 @@ static int tight_init_stream(VncState *vs, int stream_id,
193 return -1;
194 }
195
196- vs->tight.levels[stream_id] = level;
197+ vs->tight->levels[stream_id] = level;
198 zstream->opaque = vs;
199 }
200
201- if (vs->tight.levels[stream_id] != level) {
202+ if (vs->tight->levels[stream_id] != level) {
203 if (deflateParams(zstream, level, strategy) != Z_OK) {
204 return -1;
205 }
206- vs->tight.levels[stream_id] = level;
207+ vs->tight->levels[stream_id] = level;
208 }
209 return 0;
210 }
211@@ -839,11 +839,11 @@ static void tight_send_compact_size(VncState *vs, size_t len)
212 static int tight_compress_data(VncState *vs, int stream_id, size_t bytes,
213 int level, int strategy)
214 {
215- z_streamp zstream = &vs->tight.stream[stream_id];
216+ z_streamp zstream = &vs->tight->stream[stream_id];
217 int previous_out;
218
219 if (bytes < VNC_TIGHT_MIN_TO_COMPRESS) {
220- vnc_write(vs, vs->tight.tight.buffer, vs->tight.tight.offset);
221+ vnc_write(vs, vs->tight->tight.buffer, vs->tight->tight.offset);
222 return bytes;
223 }
224
225@@ -852,13 +852,13 @@ static int tight_compress_data(VncState *vs, int stream_id, size_t bytes,
226 }
227
228 /* reserve memory in output buffer */
229- buffer_reserve(&vs->tight.zlib, bytes + 64);
230+ buffer_reserve(&vs->tight->zlib, bytes + 64);
231
232 /* set pointers */
233- zstream->next_in = vs->tight.tight.buffer;
234- zstream->avail_in = vs->tight.tight.offset;
235- zstream->next_out = vs->tight.zlib.buffer + vs->tight.zlib.offset;
236- zstream->avail_out = vs->tight.zlib.capacity - vs->tight.zlib.offset;
237+ zstream->next_in = vs->tight->tight.buffer;
238+ zstream->avail_in = vs->tight->tight.offset;
239+ zstream->next_out = vs->tight->zlib.buffer + vs->tight->zlib.offset;
240+ zstream->avail_out = vs->tight->zlib.capacity - vs->tight->zlib.offset;
241 previous_out = zstream->avail_out;
242 zstream->data_type = Z_BINARY;
243
244@@ -868,14 +868,14 @@ static int tight_compress_data(VncState *vs, int stream_id, size_t bytes,
245 return -1;
246 }
247
248- vs->tight.zlib.offset = vs->tight.zlib.capacity - zstream->avail_out;
249+ vs->tight->zlib.offset = vs->tight->zlib.capacity - zstream->avail_out;
250 /* ...how much data has actually been produced by deflate() */
251 bytes = previous_out - zstream->avail_out;
252
253 tight_send_compact_size(vs, bytes);
254- vnc_write(vs, vs->tight.zlib.buffer, bytes);
255+ vnc_write(vs, vs->tight->zlib.buffer, bytes);
256
257- buffer_reset(&vs->tight.zlib);
258+ buffer_reset(&vs->tight->zlib);
259
260 return bytes;
261 }
262@@ -927,16 +927,17 @@ static int send_full_color_rect(VncState *vs, int x, int y, int w, int h)
263
264 vnc_write_u8(vs, stream << 4); /* no flushing, no filter */
265
266- if (vs->tight.pixel24) {
267- tight_pack24(vs, vs->tight.tight.buffer, w * h, &vs->tight.tight.offset);
268+ if (vs->tight->pixel24) {
269+ tight_pack24(vs, vs->tight->tight.buffer, w * h,
270+ &vs->tight->tight.offset);
271 bytes = 3;
272 } else {
273 bytes = vs->client_pf.bytes_per_pixel;
274 }
275
276 bytes = tight_compress_data(vs, stream, w * h * bytes,
277- tight_conf[vs->tight.compression].raw_zlib_level,
278- Z_DEFAULT_STRATEGY);
279+ tight_conf[vs->tight->compression].raw_zlib_level,
280+ Z_DEFAULT_STRATEGY);
281
282 return (bytes >= 0);
283 }
284@@ -947,14 +948,14 @@ static int send_solid_rect(VncState *vs)
285
286 vnc_write_u8(vs, VNC_TIGHT_FILL << 4); /* no flushing, no filter */
287
288- if (vs->tight.pixel24) {
289- tight_pack24(vs, vs->tight.tight.buffer, 1, &vs->tight.tight.offset);
290+ if (vs->tight->pixel24) {
291+ tight_pack24(vs, vs->tight->tight.buffer, 1, &vs->tight->tight.offset);
292 bytes = 3;
293 } else {
294 bytes = vs->client_pf.bytes_per_pixel;
295 }
296
297- vnc_write(vs, vs->tight.tight.buffer, bytes);
298+ vnc_write(vs, vs->tight->tight.buffer, bytes);
299 return 1;
300 }
301
302@@ -963,7 +964,7 @@ static int send_mono_rect(VncState *vs, int x, int y,
303 {
304 ssize_t bytes;
305 int stream = 1;
306- int level = tight_conf[vs->tight.compression].mono_zlib_level;
307+ int level = tight_conf[vs->tight->compression].mono_zlib_level;
308
309 #ifdef CONFIG_VNC_PNG
310 if (tight_can_send_png_rect(vs, w, h)) {
311@@ -991,26 +992,26 @@ static int send_mono_rect(VncState *vs, int x, int y,
312 uint32_t buf[2] = {bg, fg};
313 size_t ret = sizeof (buf);
314
315- if (vs->tight.pixel24) {
316+ if (vs->tight->pixel24) {
317 tight_pack24(vs, (unsigned char*)buf, 2, &ret);
318 }
319 vnc_write(vs, buf, ret);
320
321- tight_encode_mono_rect32(vs->tight.tight.buffer, w, h, bg, fg);
322+ tight_encode_mono_rect32(vs->tight->tight.buffer, w, h, bg, fg);
323 break;
324 }
325 case 2:
326 vnc_write(vs, &bg, 2);
327 vnc_write(vs, &fg, 2);
328- tight_encode_mono_rect16(vs->tight.tight.buffer, w, h, bg, fg);
329+ tight_encode_mono_rect16(vs->tight->tight.buffer, w, h, bg, fg);
330 break;
331 default:
332 vnc_write_u8(vs, bg);
333 vnc_write_u8(vs, fg);
334- tight_encode_mono_rect8(vs->tight.tight.buffer, w, h, bg, fg);
335+ tight_encode_mono_rect8(vs->tight->tight.buffer, w, h, bg, fg);
336 break;
337 }
338- vs->tight.tight.offset = bytes;
339+ vs->tight->tight.offset = bytes;
340
341 bytes = tight_compress_data(vs, stream, bytes, level, Z_DEFAULT_STRATEGY);
342 return (bytes >= 0);
343@@ -1040,7 +1041,7 @@ static void write_palette(int idx, uint32_t color, void *opaque)
344 static bool send_gradient_rect(VncState *vs, int x, int y, int w, int h)
345 {
346 int stream = 3;
347- int level = tight_conf[vs->tight.compression].gradient_zlib_level;
348+ int level = tight_conf[vs->tight->compression].gradient_zlib_level;
349 ssize_t bytes;
350
351 if (vs->client_pf.bytes_per_pixel == 1) {
352@@ -1050,23 +1051,23 @@ static bool send_gradient_rect(VncState *vs, int x, int y, int w, int h)
353 vnc_write_u8(vs, (stream | VNC_TIGHT_EXPLICIT_FILTER) << 4);
354 vnc_write_u8(vs, VNC_TIGHT_FILTER_GRADIENT);
355
356- buffer_reserve(&vs->tight.gradient, w * 3 * sizeof (int));
357+ buffer_reserve(&vs->tight->gradient, w * 3 * sizeof(int));
358
359- if (vs->tight.pixel24) {
360- tight_filter_gradient24(vs, vs->tight.tight.buffer, w, h);
361+ if (vs->tight->pixel24) {
362+ tight_filter_gradient24(vs, vs->tight->tight.buffer, w, h);
363 bytes = 3;
364 } else if (vs->client_pf.bytes_per_pixel == 4) {
365- tight_filter_gradient32(vs, (uint32_t *)vs->tight.tight.buffer, w, h);
366+ tight_filter_gradient32(vs, (uint32_t *)vs->tight->tight.buffer, w, h);
367 bytes = 4;
368 } else {
369- tight_filter_gradient16(vs, (uint16_t *)vs->tight.tight.buffer, w, h);
370+ tight_filter_gradient16(vs, (uint16_t *)vs->tight->tight.buffer, w, h);
371 bytes = 2;
372 }
373
374- buffer_reset(&vs->tight.gradient);
375+ buffer_reset(&vs->tight->gradient);
376
377 bytes = w * h * bytes;
378- vs->tight.tight.offset = bytes;
379+ vs->tight->tight.offset = bytes;
380
381 bytes = tight_compress_data(vs, stream, bytes,
382 level, Z_FILTERED);
383@@ -1077,7 +1078,7 @@ static int send_palette_rect(VncState *vs, int x, int y,
384 int w, int h, VncPalette *palette)
385 {
386 int stream = 2;
387- int level = tight_conf[vs->tight.compression].idx_zlib_level;
388+ int level = tight_conf[vs->tight->compression].idx_zlib_level;
389 int colors;
390 ssize_t bytes;
391
392@@ -1104,12 +1105,12 @@ static int send_palette_rect(VncState *vs, int x, int y,
393 palette_iter(palette, write_palette, &priv);
394 vnc_write(vs, header, sizeof(header));
395
396- if (vs->tight.pixel24) {
397+ if (vs->tight->pixel24) {
398 tight_pack24(vs, vs->output.buffer + old_offset, colors, &offset);
399 vs->output.offset = old_offset + offset;
400 }
401
402- tight_encode_indexed_rect32(vs->tight.tight.buffer, w * h, palette);
403+ tight_encode_indexed_rect32(vs->tight->tight.buffer, w * h, palette);
404 break;
405 }
406 case 2:
407@@ -1119,7 +1120,7 @@ static int send_palette_rect(VncState *vs, int x, int y,
408
409 palette_iter(palette, write_palette, &priv);
410 vnc_write(vs, header, sizeof(header));
411- tight_encode_indexed_rect16(vs->tight.tight.buffer, w * h, palette);
412+ tight_encode_indexed_rect16(vs->tight->tight.buffer, w * h, palette);
413 break;
414 }
415 default:
416@@ -1127,7 +1128,7 @@ static int send_palette_rect(VncState *vs, int x, int y,
417 break;
418 }
419 bytes = w * h;
420- vs->tight.tight.offset = bytes;
421+ vs->tight->tight.offset = bytes;
422
423 bytes = tight_compress_data(vs, stream, bytes,
424 level, Z_DEFAULT_STRATEGY);
425@@ -1146,7 +1147,7 @@ static int send_palette_rect(VncState *vs, int x, int y,
426 static void jpeg_init_destination(j_compress_ptr cinfo)
427 {
428 VncState *vs = cinfo->client_data;
429- Buffer *buffer = &vs->tight.jpeg;
430+ Buffer *buffer = &vs->tight->jpeg;
431
432 cinfo->dest->next_output_byte = (JOCTET *)buffer->buffer + buffer->offset;
433 cinfo->dest->free_in_buffer = (size_t)(buffer->capacity - buffer->offset);
434@@ -1156,7 +1157,7 @@ static void jpeg_init_destination(j_compress_ptr cinfo)
435 static boolean jpeg_empty_output_buffer(j_compress_ptr cinfo)
436 {
437 VncState *vs = cinfo->client_data;
438- Buffer *buffer = &vs->tight.jpeg;
439+ Buffer *buffer = &vs->tight->jpeg;
440
441 buffer->offset = buffer->capacity;
442 buffer_reserve(buffer, 2048);
443@@ -1168,7 +1169,7 @@ static boolean jpeg_empty_output_buffer(j_compress_ptr cinfo)
444 static void jpeg_term_destination(j_compress_ptr cinfo)
445 {
446 VncState *vs = cinfo->client_data;
447- Buffer *buffer = &vs->tight.jpeg;
448+ Buffer *buffer = &vs->tight->jpeg;
449
450 buffer->offset = buffer->capacity - cinfo->dest->free_in_buffer;
451 }
452@@ -1187,7 +1188,7 @@ static int send_jpeg_rect(VncState *vs, int x, int y, int w, int h, int quality)
453 return send_full_color_rect(vs, x, y, w, h);
454 }
455
456- buffer_reserve(&vs->tight.jpeg, 2048);
457+ buffer_reserve(&vs->tight->jpeg, 2048);
458
459 cinfo.err = jpeg_std_error(&jerr);
460 jpeg_create_compress(&cinfo);
461@@ -1222,9 +1223,9 @@ static int send_jpeg_rect(VncState *vs, int x, int y, int w, int h, int quality)
462
463 vnc_write_u8(vs, VNC_TIGHT_JPEG << 4);
464
465- tight_send_compact_size(vs, vs->tight.jpeg.offset);
466- vnc_write(vs, vs->tight.jpeg.buffer, vs->tight.jpeg.offset);
467- buffer_reset(&vs->tight.jpeg);
468+ tight_send_compact_size(vs, vs->tight->jpeg.offset);
469+ vnc_write(vs, vs->tight->jpeg.buffer, vs->tight->jpeg.offset);
470+ buffer_reset(&vs->tight->jpeg);
471
472 return 1;
473 }
474@@ -1240,7 +1241,7 @@ static void write_png_palette(int idx, uint32_t pix, void *opaque)
475 VncState *vs = priv->vs;
476 png_colorp color = &priv->png_palette[idx];
477
478- if (vs->tight.pixel24)
479+ if (vs->tight->pixel24)
480 {
481 color->red = (pix >> vs->client_pf.rshift) & vs->client_pf.rmax;
482 color->green = (pix >> vs->client_pf.gshift) & vs->client_pf.gmax;
483@@ -1267,10 +1268,10 @@ static void png_write_data(png_structp png_ptr, png_bytep data,
484 {
485 VncState *vs = png_get_io_ptr(png_ptr);
486
487- buffer_reserve(&vs->tight.png, vs->tight.png.offset + length);
488- memcpy(vs->tight.png.buffer + vs->tight.png.offset, data, length);
489+ buffer_reserve(&vs->tight->png, vs->tight->png.offset + length);
490+ memcpy(vs->tight->png.buffer + vs->tight->png.offset, data, length);
491
492- vs->tight.png.offset += length;
493+ vs->tight->png.offset += length;
494 }
495
496 static void png_flush_data(png_structp png_ptr)
497@@ -1295,8 +1296,8 @@ static int send_png_rect(VncState *vs, int x, int y, int w, int h,
498 png_infop info_ptr;
499 png_colorp png_palette = NULL;
500 pixman_image_t *linebuf;
501- int level = tight_png_conf[vs->tight.compression].png_zlib_level;
502- int filters = tight_png_conf[vs->tight.compression].png_filters;
503+ int level = tight_png_conf[vs->tight->compression].png_zlib_level;
504+ int filters = tight_png_conf[vs->tight->compression].png_filters;
505 uint8_t *buf;
506 int dy;
507
508@@ -1340,21 +1341,23 @@ static int send_png_rect(VncState *vs, int x, int y, int w, int h,
509 png_set_PLTE(png_ptr, info_ptr, png_palette, palette_size(palette));
510
511 if (vs->client_pf.bytes_per_pixel == 4) {
512- tight_encode_indexed_rect32(vs->tight.tight.buffer, w * h, palette);
513+ tight_encode_indexed_rect32(vs->tight->tight.buffer, w * h,
514+ palette);
515 } else {
516- tight_encode_indexed_rect16(vs->tight.tight.buffer, w * h, palette);
517+ tight_encode_indexed_rect16(vs->tight->tight.buffer, w * h,
518+ palette);
519 }
520 }
521
522 png_write_info(png_ptr, info_ptr);
523
524- buffer_reserve(&vs->tight.png, 2048);
525+ buffer_reserve(&vs->tight->png, 2048);
526 linebuf = qemu_pixman_linebuf_create(PIXMAN_BE_r8g8b8, w);
527 buf = (uint8_t *)pixman_image_get_data(linebuf);
528 for (dy = 0; dy < h; dy++)
529 {
530 if (color_type == PNG_COLOR_TYPE_PALETTE) {
531- memcpy(buf, vs->tight.tight.buffer + (dy * w), w);
532+ memcpy(buf, vs->tight->tight.buffer + (dy * w), w);
533 } else {
534 qemu_pixman_linebuf_fill(linebuf, vs->vd->server, w, x, y + dy);
535 }
536@@ -1372,27 +1375,27 @@ static int send_png_rect(VncState *vs, int x, int y, int w, int h,
537
538 vnc_write_u8(vs, VNC_TIGHT_PNG << 4);
539
540- tight_send_compact_size(vs, vs->tight.png.offset);
541- vnc_write(vs, vs->tight.png.buffer, vs->tight.png.offset);
542- buffer_reset(&vs->tight.png);
543+ tight_send_compact_size(vs, vs->tight->png.offset);
544+ vnc_write(vs, vs->tight->png.buffer, vs->tight->png.offset);
545+ buffer_reset(&vs->tight->png);
546 return 1;
547 }
548 #endif /* CONFIG_VNC_PNG */
549
550 static void vnc_tight_start(VncState *vs)
551 {
552- buffer_reset(&vs->tight.tight);
553+ buffer_reset(&vs->tight->tight);
554
555 // make the output buffer be the zlib buffer, so we can compress it later
556- vs->tight.tmp = vs->output;
557- vs->output = vs->tight.tight;
558+ vs->tight->tmp = vs->output;
559+ vs->output = vs->tight->tight;
560 }
561
562 static void vnc_tight_stop(VncState *vs)
563 {
564 // switch back to normal output/zlib buffers
565- vs->tight.tight = vs->output;
566- vs->output = vs->tight.tmp;
567+ vs->tight->tight = vs->output;
568+ vs->output = vs->tight->tmp;
569 }
570
571 static int send_sub_rect_nojpeg(VncState *vs, int x, int y, int w, int h,
572@@ -1426,9 +1429,9 @@ static int send_sub_rect_jpeg(VncState *vs, int x, int y, int w, int h,
573 int ret;
574
575 if (colors == 0) {
576- if (force || (tight_jpeg_conf[vs->tight.quality].jpeg_full &&
577+ if (force || (tight_jpeg_conf[vs->tight->quality].jpeg_full &&
578 tight_detect_smooth_image(vs, w, h))) {
579- int quality = tight_conf[vs->tight.quality].jpeg_quality;
580+ int quality = tight_conf[vs->tight->quality].jpeg_quality;
581
582 ret = send_jpeg_rect(vs, x, y, w, h, quality);
583 } else {
584@@ -1440,9 +1443,9 @@ static int send_sub_rect_jpeg(VncState *vs, int x, int y, int w, int h,
585 ret = send_mono_rect(vs, x, y, w, h, bg, fg);
586 } else if (colors <= 256) {
587 if (force || (colors > 96 &&
588- tight_jpeg_conf[vs->tight.quality].jpeg_idx &&
589+ tight_jpeg_conf[vs->tight->quality].jpeg_idx &&
590 tight_detect_smooth_image(vs, w, h))) {
591- int quality = tight_conf[vs->tight.quality].jpeg_quality;
592+ int quality = tight_conf[vs->tight->quality].jpeg_quality;
593
594 ret = send_jpeg_rect(vs, x, y, w, h, quality);
595 } else {
596@@ -1480,20 +1483,20 @@ static int send_sub_rect(VncState *vs, int x, int y, int w, int h)
597 qemu_thread_atexit_add(&vnc_tight_cleanup_notifier);
598 }
599
600- vnc_framebuffer_update(vs, x, y, w, h, vs->tight.type);
601+ vnc_framebuffer_update(vs, x, y, w, h, vs->tight->type);
602
603 vnc_tight_start(vs);
604 vnc_raw_send_framebuffer_update(vs, x, y, w, h);
605 vnc_tight_stop(vs);
606
607 #ifdef CONFIG_VNC_JPEG
608- if (!vs->vd->non_adaptive && vs->tight.quality != (uint8_t)-1) {
609+ if (!vs->vd->non_adaptive && vs->tight->quality != (uint8_t)-1) {
610 double freq = vnc_update_freq(vs, x, y, w, h);
611
612- if (freq < tight_jpeg_conf[vs->tight.quality].jpeg_freq_min) {
613+ if (freq < tight_jpeg_conf[vs->tight->quality].jpeg_freq_min) {
614 allow_jpeg = false;
615 }
616- if (freq >= tight_jpeg_conf[vs->tight.quality].jpeg_freq_threshold) {
617+ if (freq >= tight_jpeg_conf[vs->tight->quality].jpeg_freq_threshold) {
618 force_jpeg = true;
619 vnc_sent_lossy_rect(vs, x, y, w, h);
620 }
621@@ -1503,7 +1506,7 @@ static int send_sub_rect(VncState *vs, int x, int y, int w, int h)
622 colors = tight_fill_palette(vs, x, y, w * h, &bg, &fg, color_count_palette);
623
624 #ifdef CONFIG_VNC_JPEG
625- if (allow_jpeg && vs->tight.quality != (uint8_t)-1) {
626+ if (allow_jpeg && vs->tight->quality != (uint8_t)-1) {
627 ret = send_sub_rect_jpeg(vs, x, y, w, h, bg, fg, colors,
628 color_count_palette, force_jpeg);
629 } else {
630@@ -1520,7 +1523,7 @@ static int send_sub_rect(VncState *vs, int x, int y, int w, int h)
631
632 static int send_sub_rect_solid(VncState *vs, int x, int y, int w, int h)
633 {
634- vnc_framebuffer_update(vs, x, y, w, h, vs->tight.type);
635+ vnc_framebuffer_update(vs, x, y, w, h, vs->tight->type);
636
637 vnc_tight_start(vs);
638 vnc_raw_send_framebuffer_update(vs, x, y, w, h);
639@@ -1538,8 +1541,8 @@ static int send_rect_simple(VncState *vs, int x, int y, int w, int h,
640 int rw, rh;
641 int n = 0;
642
643- max_size = tight_conf[vs->tight.compression].max_rect_size;
644- max_width = tight_conf[vs->tight.compression].max_rect_width;
645+ max_size = tight_conf[vs->tight->compression].max_rect_size;
646+ max_width = tight_conf[vs->tight->compression].max_rect_width;
647
648 if (split && (w > max_width || w * h > max_size)) {
649 max_sub_width = (w > max_width) ? max_width : w;
650@@ -1648,16 +1651,16 @@ static int tight_send_framebuffer_update(VncState *vs, int x, int y,
651
652 if (vs->client_pf.bytes_per_pixel == 4 && vs->client_pf.rmax == 0xFF &&
653 vs->client_pf.bmax == 0xFF && vs->client_pf.gmax == 0xFF) {
654- vs->tight.pixel24 = true;
655+ vs->tight->pixel24 = true;
656 } else {
657- vs->tight.pixel24 = false;
658+ vs->tight->pixel24 = false;
659 }
660
661 #ifdef CONFIG_VNC_JPEG
662- if (vs->tight.quality != (uint8_t)-1) {
663+ if (vs->tight->quality != (uint8_t)-1) {
664 double freq = vnc_update_freq(vs, x, y, w, h);
665
666- if (freq > tight_jpeg_conf[vs->tight.quality].jpeg_freq_threshold) {
667+ if (freq > tight_jpeg_conf[vs->tight->quality].jpeg_freq_threshold) {
668 return send_rect_simple(vs, x, y, w, h, false);
669 }
670 }
671@@ -1669,8 +1672,8 @@ static int tight_send_framebuffer_update(VncState *vs, int x, int y,
672
673 /* Calculate maximum number of rows in one non-solid rectangle. */
674
675- max_rows = tight_conf[vs->tight.compression].max_rect_size;
676- max_rows /= MIN(tight_conf[vs->tight.compression].max_rect_width, w);
677+ max_rows = tight_conf[vs->tight->compression].max_rect_size;
678+ max_rows /= MIN(tight_conf[vs->tight->compression].max_rect_width, w);
679
680 return find_large_solid_color_rect(vs, x, y, w, h, max_rows);
681 }
682@@ -1678,33 +1681,33 @@ static int tight_send_framebuffer_update(VncState *vs, int x, int y,
683 int vnc_tight_send_framebuffer_update(VncState *vs, int x, int y,
684 int w, int h)
685 {
686- vs->tight.type = VNC_ENCODING_TIGHT;
687+ vs->tight->type = VNC_ENCODING_TIGHT;
688 return tight_send_framebuffer_update(vs, x, y, w, h);
689 }
690
691 int vnc_tight_png_send_framebuffer_update(VncState *vs, int x, int y,
692 int w, int h)
693 {
694- vs->tight.type = VNC_ENCODING_TIGHT_PNG;
695+ vs->tight->type = VNC_ENCODING_TIGHT_PNG;
696 return tight_send_framebuffer_update(vs, x, y, w, h);
697 }
698
699 void vnc_tight_clear(VncState *vs)
700 {
701 int i;
702- for (i=0; i<ARRAY_SIZE(vs->tight.stream); i++) {
703- if (vs->tight.stream[i].opaque) {
704- deflateEnd(&vs->tight.stream[i]);
705+ for (i = 0; i < ARRAY_SIZE(vs->tight->stream); i++) {
706+ if (vs->tight->stream[i].opaque) {
707+ deflateEnd(&vs->tight->stream[i]);
708 }
709 }
710
711- buffer_free(&vs->tight.tight);
712- buffer_free(&vs->tight.zlib);
713- buffer_free(&vs->tight.gradient);
714+ buffer_free(&vs->tight->tight);
715+ buffer_free(&vs->tight->zlib);
716+ buffer_free(&vs->tight->gradient);
717 #ifdef CONFIG_VNC_JPEG
718- buffer_free(&vs->tight.jpeg);
719+ buffer_free(&vs->tight->jpeg);
720 #endif
721 #ifdef CONFIG_VNC_PNG
722- buffer_free(&vs->tight.png);
723+ buffer_free(&vs->tight->png);
724 #endif
725 }
726diff --git a/ui/vnc-enc-zlib.c b/ui/vnc-enc-zlib.c
727index 33e9df2..900ae5b 100644
728--- a/ui/vnc-enc-zlib.c
729+++ b/ui/vnc-enc-zlib.c
730@@ -76,7 +76,8 @@ static int vnc_zlib_stop(VncState *vs)
731 zstream->zalloc = vnc_zlib_zalloc;
732 zstream->zfree = vnc_zlib_zfree;
733
734- err = deflateInit2(zstream, vs->tight.compression, Z_DEFLATED, MAX_WBITS,
735+ err = deflateInit2(zstream, vs->tight->compression, Z_DEFLATED,
736+ MAX_WBITS,
737 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
738
739 if (err != Z_OK) {
740@@ -84,16 +85,16 @@ static int vnc_zlib_stop(VncState *vs)
741 return -1;
742 }
743
744- vs->zlib.level = vs->tight.compression;
745+ vs->zlib.level = vs->tight->compression;
746 zstream->opaque = vs;
747 }
748
749- if (vs->tight.compression != vs->zlib.level) {
750- if (deflateParams(zstream, vs->tight.compression,
751+ if (vs->tight->compression != vs->zlib.level) {
752+ if (deflateParams(zstream, vs->tight->compression,
753 Z_DEFAULT_STRATEGY) != Z_OK) {
754 return -1;
755 }
756- vs->zlib.level = vs->tight.compression;
757+ vs->zlib.level = vs->tight->compression;
758 }
759
760 // reserve memory in output buffer
761diff --git a/ui/vnc-enc-zrle.c b/ui/vnc-enc-zrle.c
762index 7493a84..17fd28a 100644
763--- a/ui/vnc-enc-zrle.c
764+++ b/ui/vnc-enc-zrle.c
765@@ -37,18 +37,18 @@ static const int bits_per_packed_pixel[] = {
766
767 static void vnc_zrle_start(VncState *vs)
768 {
769- buffer_reset(&vs->zrle.zrle);
770+ buffer_reset(&vs->zrle->zrle);
771
772 /* make the output buffer be the zlib buffer, so we can compress it later */
773- vs->zrle.tmp = vs->output;
774- vs->output = vs->zrle.zrle;
775+ vs->zrle->tmp = vs->output;
776+ vs->output = vs->zrle->zrle;
777 }
778
779 static void vnc_zrle_stop(VncState *vs)
780 {
781 /* switch back to normal output/zlib buffers */
782- vs->zrle.zrle = vs->output;
783- vs->output = vs->zrle.tmp;
784+ vs->zrle->zrle = vs->output;
785+ vs->output = vs->zrle->tmp;
786 }
787
788 static void *zrle_convert_fb(VncState *vs, int x, int y, int w, int h,
789@@ -56,24 +56,24 @@ static void *zrle_convert_fb(VncState *vs, int x, int y, int w, int h,
790 {
791 Buffer tmp;
792
793- buffer_reset(&vs->zrle.fb);
794- buffer_reserve(&vs->zrle.fb, w * h * bpp + bpp);
795+ buffer_reset(&vs->zrle->fb);
796+ buffer_reserve(&vs->zrle->fb, w * h * bpp + bpp);
797
798 tmp = vs->output;
799- vs->output = vs->zrle.fb;
800+ vs->output = vs->zrle->fb;
801
802 vnc_raw_send_framebuffer_update(vs, x, y, w, h);
803
804- vs->zrle.fb = vs->output;
805+ vs->zrle->fb = vs->output;
806 vs->output = tmp;
807- return vs->zrle.fb.buffer;
808+ return vs->zrle->fb.buffer;
809 }
810
811 static int zrle_compress_data(VncState *vs, int level)
812 {
813- z_streamp zstream = &vs->zrle.stream;
814+ z_streamp zstream = &vs->zrle->stream;
815
816- buffer_reset(&vs->zrle.zlib);
817+ buffer_reset(&vs->zrle->zlib);
818
819 if (zstream->opaque != vs) {
820 int err;
821@@ -93,13 +93,13 @@ static int zrle_compress_data(VncState *vs, int level)
822 }
823
824 /* reserve memory in output buffer */
825- buffer_reserve(&vs->zrle.zlib, vs->zrle.zrle.offset + 64);
826+ buffer_reserve(&vs->zrle->zlib, vs->zrle->zrle.offset + 64);
827
828 /* set pointers */
829- zstream->next_in = vs->zrle.zrle.buffer;
830- zstream->avail_in = vs->zrle.zrle.offset;
831- zstream->next_out = vs->zrle.zlib.buffer + vs->zrle.zlib.offset;
832- zstream->avail_out = vs->zrle.zlib.capacity - vs->zrle.zlib.offset;
833+ zstream->next_in = vs->zrle->zrle.buffer;
834+ zstream->avail_in = vs->zrle->zrle.offset;
835+ zstream->next_out = vs->zrle->zlib.buffer + vs->zrle->zlib.offset;
836+ zstream->avail_out = vs->zrle->zlib.capacity - vs->zrle->zlib.offset;
837 zstream->data_type = Z_BINARY;
838
839 /* start encoding */
840@@ -108,8 +108,8 @@ static int zrle_compress_data(VncState *vs, int level)
841 return -1;
842 }
843
844- vs->zrle.zlib.offset = vs->zrle.zlib.capacity - zstream->avail_out;
845- return vs->zrle.zlib.offset;
846+ vs->zrle->zlib.offset = vs->zrle->zlib.capacity - zstream->avail_out;
847+ return vs->zrle->zlib.offset;
848 }
849
850 /* Try to work out whether to use RLE and/or a palette. We do this by
851@@ -259,14 +259,14 @@ static int zrle_send_framebuffer_update(VncState *vs, int x, int y,
852 size_t bytes;
853 int zywrle_level;
854
855- if (vs->zrle.type == VNC_ENCODING_ZYWRLE) {
856- if (!vs->vd->lossy || vs->tight.quality == (uint8_t)-1
857- || vs->tight.quality == 9) {
858+ if (vs->zrle->type == VNC_ENCODING_ZYWRLE) {
859+ if (!vs->vd->lossy || vs->tight->quality == (uint8_t)-1
860+ || vs->tight->quality == 9) {
861 zywrle_level = 0;
862- vs->zrle.type = VNC_ENCODING_ZRLE;
863- } else if (vs->tight.quality < 3) {
864+ vs->zrle->type = VNC_ENCODING_ZRLE;
865+ } else if (vs->tight->quality < 3) {
866 zywrle_level = 3;
867- } else if (vs->tight.quality < 6) {
868+ } else if (vs->tight->quality < 6) {
869 zywrle_level = 2;
870 } else {
871 zywrle_level = 1;
872@@ -337,30 +337,30 @@ static int zrle_send_framebuffer_update(VncState *vs, int x, int y,
873
874 vnc_zrle_stop(vs);
875 bytes = zrle_compress_data(vs, Z_DEFAULT_COMPRESSION);
876- vnc_framebuffer_update(vs, x, y, w, h, vs->zrle.type);
877+ vnc_framebuffer_update(vs, x, y, w, h, vs->zrle->type);
878 vnc_write_u32(vs, bytes);
879- vnc_write(vs, vs->zrle.zlib.buffer, vs->zrle.zlib.offset);
880+ vnc_write(vs, vs->zrle->zlib.buffer, vs->zrle->zlib.offset);
881 return 1;
882 }
883
884 int vnc_zrle_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
885 {
886- vs->zrle.type = VNC_ENCODING_ZRLE;
887+ vs->zrle->type = VNC_ENCODING_ZRLE;
888 return zrle_send_framebuffer_update(vs, x, y, w, h);
889 }
890
891 int vnc_zywrle_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
892 {
893- vs->zrle.type = VNC_ENCODING_ZYWRLE;
894+ vs->zrle->type = VNC_ENCODING_ZYWRLE;
895 return zrle_send_framebuffer_update(vs, x, y, w, h);
896 }
897
898 void vnc_zrle_clear(VncState *vs)
899 {
900- if (vs->zrle.stream.opaque) {
901- deflateEnd(&vs->zrle.stream);
902+ if (vs->zrle->stream.opaque) {
903+ deflateEnd(&vs->zrle->stream);
904 }
905- buffer_free(&vs->zrle.zrle);
906- buffer_free(&vs->zrle.fb);
907- buffer_free(&vs->zrle.zlib);
908+ buffer_free(&vs->zrle->zrle);
909+ buffer_free(&vs->zrle->fb);
910+ buffer_free(&vs->zrle->zlib);
911 }
912diff --git a/ui/vnc-enc-zrle.inc.c b/ui/vnc-enc-zrle.inc.c
913index abf6b86..c107d8a 100644
914--- a/ui/vnc-enc-zrle.inc.c
915+++ b/ui/vnc-enc-zrle.inc.c
916@@ -96,7 +96,7 @@ static void ZRLE_ENCODE(VncState *vs, int x, int y, int w, int h,
917 static void ZRLE_ENCODE_TILE(VncState *vs, ZRLE_PIXEL *data, int w, int h,
918 int zywrle_level)
919 {
920- VncPalette *palette = &vs->zrle.palette;
921+ VncPalette *palette = &vs->zrle->palette;
922
923 int runs = 0;
924 int single_pixels = 0;
925diff --git a/ui/vnc.c b/ui/vnc.c
926index bc43c4c..87b8045 100644
927--- a/ui/vnc.c
928+++ b/ui/vnc.c
929@@ -1307,6 +1307,8 @@ void vnc_disconnect_finish(VncState *vs)
930 object_unref(OBJECT(vs->sioc));
931 vs->sioc = NULL;
932 vs->magic = 0;
933+ g_free(vs->zrle);
934+ g_free(vs->tight);
935 g_free(vs);
936 }
937
938@@ -2058,8 +2060,8 @@ static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
939
940 vs->features = 0;
941 vs->vnc_encoding = 0;
942- vs->tight.compression = 9;
943- vs->tight.quality = -1; /* Lossless by default */
944+ vs->tight->compression = 9;
945+ vs->tight->quality = -1; /* Lossless by default */
946 vs->absolute = -1;
947
948 /*
949@@ -2127,11 +2129,11 @@ static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
950 vs->features |= VNC_FEATURE_LED_STATE_MASK;
951 break;
952 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
953- vs->tight.compression = (enc & 0x0F);
954+ vs->tight->compression = (enc & 0x0F);
955 break;
956 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
957 if (vs->vd->lossy) {
958- vs->tight.quality = (enc & 0x0F);
959+ vs->tight->quality = (enc & 0x0F);
960 }
961 break;
962 default:
963@@ -3034,6 +3036,8 @@ static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
964 int i;
965
966 trace_vnc_client_connect(vs, sioc);
967+ vs->zrle = g_new0(VncZrle, 1);
968+ vs->tight = g_new0(VncTight, 1);
969 vs->magic = VNC_MAGIC;
970 vs->sioc = sioc;
971 object_ref(OBJECT(vs->sioc));
972@@ -3045,19 +3049,19 @@ static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
973 buffer_init(&vs->output, "vnc-output/%p", sioc);
974 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
975
976- buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
977- buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
978- buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
979+ buffer_init(&vs->tight->tight, "vnc-tight/%p", sioc);
980+ buffer_init(&vs->tight->zlib, "vnc-tight-zlib/%p", sioc);
981+ buffer_init(&vs->tight->gradient, "vnc-tight-gradient/%p", sioc);
982 #ifdef CONFIG_VNC_JPEG
983- buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
984+ buffer_init(&vs->tight->jpeg, "vnc-tight-jpeg/%p", sioc);
985 #endif
986 #ifdef CONFIG_VNC_PNG
987- buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
988+ buffer_init(&vs->tight->png, "vnc-tight-png/%p", sioc);
989 #endif
990 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
991- buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
992- buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
993- buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
994+ buffer_init(&vs->zrle->zrle, "vnc-zrle/%p", sioc);
995+ buffer_init(&vs->zrle->fb, "vnc-zrle-fb/%p", sioc);
996+ buffer_init(&vs->zrle->zlib, "vnc-zrle-zlib/%p", sioc);
997
998 if (skipauth) {
999 vs->auth = VNC_AUTH_NONE;
1000diff --git a/ui/vnc.h b/ui/vnc.h
1001index 8643860..fea79c2 100644
1002--- a/ui/vnc.h
1003+++ b/ui/vnc.h
1004@@ -338,10 +338,10 @@ struct VncState
1005 /* Encoding specific, if you add something here, don't forget to
1006 * update vnc_async_encoding_start()
1007 */
1008- VncTight tight;
1009+ VncTight *tight;
1010 VncZlib zlib;
1011 VncHextile hextile;
1012- VncZrle zrle;
1013+ VncZrle *zrle;
1014 VncZywrle zywrle;
1015
1016 Notifier mouse_mode_notifier;
1017--
10181.8.3.1
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-10702.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-10702.patch
new file mode 100644
index 0000000000..21a3ceb30d
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-10702.patch
@@ -0,0 +1,52 @@
1From de0b1bae6461f67243282555475f88b2384a1eb9 Mon Sep 17 00:00:00 2001
2From: Vincent Dehors <vincent.dehors@smile.fr>
3Date: Thu, 23 Jan 2020 15:22:38 +0000
4Subject: [PATCH] target/arm: Fix PAuth sbox functions
5
6In the PAC computation, sbox was applied over wrong bits.
7As this is a 4-bit sbox, bit index should be incremented by 4 instead of 16.
8
9Test vector from QARMA paper (https://eprint.iacr.org/2016/444.pdf) was
10used to verify one computation of the pauth_computepac() function which
11uses sbox2.
12
13Launchpad: https://bugs.launchpad.net/bugs/1859713
14Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
15Signed-off-by: Vincent DEHORS <vincent.dehors@smile.fr>
16Signed-off-by: Adrien GRASSEIN <adrien.grassein@smile.fr>
17Message-id: 20200116230809.19078-2-richard.henderson@linaro.org
18Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
19Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20
21Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=patch;h=de0b1bae6461f67243282555475f88b2384a1eb9]
22CVE: CVE-2020-10702
23Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
24---
25 target/arm/pauth_helper.c | 4 ++--
26 1 file changed, 2 insertions(+), 2 deletions(-)
27
28diff --git a/target/arm/pauth_helper.c b/target/arm/pauth_helper.c
29index d3194f2..0a5f41e 100644
30--- a/target/arm/pauth_helper.c
31+++ b/target/arm/pauth_helper.c
32@@ -89,7 +89,7 @@ static uint64_t pac_sub(uint64_t i)
33 uint64_t o = 0;
34 int b;
35
36- for (b = 0; b < 64; b += 16) {
37+ for (b = 0; b < 64; b += 4) {
38 o |= (uint64_t)sub[(i >> b) & 0xf] << b;
39 }
40 return o;
41@@ -104,7 +104,7 @@ static uint64_t pac_inv_sub(uint64_t i)
42 uint64_t o = 0;
43 int b;
44
45- for (b = 0; b < 64; b += 16) {
46+ for (b = 0; b < 64; b += 4) {
47 o |= (uint64_t)inv_sub[(i >> b) & 0xf] << b;
48 }
49 return o;
50--
511.8.3.1
52
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-10756.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-10756.patch
new file mode 100644
index 0000000000..306aef061b
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-10756.patch
@@ -0,0 +1,40 @@
1From c7ede54cbd2e2b25385325600958ba0124e31cc0 Mon Sep 17 00:00:00 2001
2From: Ralf Haferkamp <rhafer@suse.com>
3Date: Fri, 3 Jul 2020 14:51:16 +0200
4Subject: [PATCH] Drop bogus IPv6 messages
5
6Drop IPv6 message shorter than what's mentioned in the payload
7length header (+ the size of the IPv6 header). They're invalid an could
8lead to data leakage in icmp6_send_echoreply().
9
10CVE: CVE-2020-10756
11Upstream-Status: Backport
12https://gitlab.freedesktop.org/slirp/libslirp/-/commit/c7ede54cbd2e2b25385325600958ba0124e31cc0
13
14[SG: Based on libslirp commit c7ede54cbd2e2b25385325600958ba0124e31cc0 and adjusted context]
15Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
16---
17 slirp/src/ip6_input.c | 7 +++++++
18 1 file changed, 7 insertions(+)
19
20diff --git a/slirp/src/ip6_input.c b/slirp/src/ip6_input.c
21index d9d2b7e9..0f2b1785 100644
22--- a/slirp/src/ip6_input.c
23+++ b/slirp/src/ip6_input.c
24@@ -49,6 +49,13 @@ void ip6_input(struct mbuf *m)
25 goto bad;
26 }
27
28+ // Check if the message size is big enough to hold what's
29+ // set in the payload length header. If not this is an invalid
30+ // packet
31+ if (m->m_len < ntohs(ip6->ip_pl) + sizeof(struct ip6)) {
32+ goto bad;
33+ }
34+
35 /* check ip_ttl for a correct ICMP reply */
36 if (ip6->ip_hl == 0) {
37 icmp6_send_error(m, ICMP6_TIMXCEED, ICMP6_TIMXCEED_INTRANS);
38--
392.17.1
40
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-11869.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-11869.patch
new file mode 100644
index 0000000000..ca7ffed934
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-11869.patch
@@ -0,0 +1,97 @@
1From ac2071c3791b67fc7af78b8ceb320c01ca1b5df7 Mon Sep 17 00:00:00 2001
2From: BALATON Zoltan <balaton@eik.bme.hu>
3Date: Mon, 6 Apr 2020 22:34:26 +0200
4Subject: [PATCH] ati-vga: Fix checks in ati_2d_blt() to avoid crash
5
6In some corner cases (that never happen during normal operation but a
7malicious guest could program wrong values) pixman functions were
8called with parameters that result in a crash. Fix this and add more
9checks to disallow such cases.
10
11Reported-by: Ziming Zhang <ezrakiez@gmail.com>
12Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
13Message-id: 20200406204029.19559747D5D@zero.eik.bme.hu
14Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
15
16Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7]
17CVE: CVE-2020-11869
18Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
19---
20 hw/display/ati_2d.c | 37 ++++++++++++++++++++++++++-----------
21 1 file changed, 26 insertions(+), 11 deletions(-)
22
23diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c
24index 42e8231..23a8ae0 100644
25--- a/hw/display/ati_2d.c
26+++ b/hw/display/ati_2d.c
27@@ -53,12 +53,20 @@ void ati_2d_blt(ATIVGAState *s)
28 s->vga.vbe_start_addr, surface_data(ds), surface_stride(ds),
29 surface_bits_per_pixel(ds),
30 (s->regs.dp_mix & GMC_ROP3_MASK) >> 16);
31- int dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
32- s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width);
33- int dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
34- s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height);
35+ unsigned dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
36+ s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width);
37+ unsigned dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
38+ s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height);
39 int bpp = ati_bpp_from_datatype(s);
40+ if (!bpp) {
41+ qemu_log_mask(LOG_GUEST_ERROR, "Invalid bpp\n");
42+ return;
43+ }
44 int dst_stride = DEFAULT_CNTL ? s->regs.dst_pitch : s->regs.default_pitch;
45+ if (!dst_stride) {
46+ qemu_log_mask(LOG_GUEST_ERROR, "Zero dest pitch\n");
47+ return;
48+ }
49 uint8_t *dst_bits = s->vga.vram_ptr + (DEFAULT_CNTL ?
50 s->regs.dst_offset : s->regs.default_offset);
51
52@@ -82,12 +90,16 @@ void ati_2d_blt(ATIVGAState *s)
53 switch (s->regs.dp_mix & GMC_ROP3_MASK) {
54 case ROP3_SRCCOPY:
55 {
56- int src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
57- s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width);
58- int src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
59- s->regs.src_y : s->regs.src_y + 1 - s->regs.dst_height);
60+ unsigned src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
61+ s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width);
62+ unsigned src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
63+ s->regs.src_y : s->regs.src_y + 1 - s->regs.dst_height);
64 int src_stride = DEFAULT_CNTL ?
65 s->regs.src_pitch : s->regs.default_pitch;
66+ if (!src_stride) {
67+ qemu_log_mask(LOG_GUEST_ERROR, "Zero source pitch\n");
68+ return;
69+ }
70 uint8_t *src_bits = s->vga.vram_ptr + (DEFAULT_CNTL ?
71 s->regs.src_offset : s->regs.default_offset);
72
73@@ -137,8 +149,10 @@ void ati_2d_blt(ATIVGAState *s)
74 dst_y * surface_stride(ds),
75 s->regs.dst_height * surface_stride(ds));
76 }
77- s->regs.dst_x += s->regs.dst_width;
78- s->regs.dst_y += s->regs.dst_height;
79+ s->regs.dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
80+ dst_x + s->regs.dst_width : dst_x);
81+ s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
82+ dst_y + s->regs.dst_height : dst_y);
83 break;
84 }
85 case ROP3_PATCOPY:
86@@ -179,7 +193,8 @@ void ati_2d_blt(ATIVGAState *s)
87 dst_y * surface_stride(ds),
88 s->regs.dst_height * surface_stride(ds));
89 }
90- s->regs.dst_y += s->regs.dst_height;
91+ s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
92+ dst_y + s->regs.dst_height : dst_y);
93 break;
94 }
95 default:
96--
971.8.3.1
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-13765.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-13765.patch
new file mode 100644
index 0000000000..9014ba0f13
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-13765.patch
@@ -0,0 +1,48 @@
1From e423455c4f23a1a828901c78fe6d03b7dde79319 Mon Sep 17 00:00:00 2001
2From: Thomas Huth <thuth@redhat.com>
3Date: Wed, 25 Sep 2019 14:16:43 +0200
4Subject: [PATCH] hw/core/loader: Fix possible crash in rom_copy()
5
6Both, "rom->addr" and "addr" are derived from the binary image
7that can be loaded with the "-kernel" paramer. The code in
8rom_copy() then calculates:
9
10 d = dest + (rom->addr - addr);
11
12and uses "d" as destination in a memcpy() some lines later. Now with
13bad kernel images, it is possible that rom->addr is smaller than addr,
14thus "rom->addr - addr" gets negative and the memcpy() then tries to
15copy contents from the image to a bad memory location. This could
16maybe be used to inject code from a kernel image into the QEMU binary,
17so we better fix it with an additional sanity check here.
18
19Cc: qemu-stable@nongnu.org
20Reported-by: Guangming Liu
21Buglink: https://bugs.launchpad.net/qemu/+bug/1844635
22Message-Id: <20190925130331.27825-1-thuth@redhat.com>
23Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
24Signed-off-by: Thomas Huth <thuth@redhat.com>
25
26Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=patch;h=e423455c4f23a1a828901c78fe6d03b7dde79319]
27CVE: CVE-2020-13765
28Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
29---
30 hw/core/loader.c | 2 +-
31 1 file changed, 1 insertion(+), 1 deletion(-)
32
33diff --git a/hw/core/loader.c b/hw/core/loader.c
34index 0d60219..5099f27 100644
35--- a/hw/core/loader.c
36+++ b/hw/core/loader.c
37@@ -1281,7 +1281,7 @@ int rom_copy(uint8_t *dest, hwaddr addr, size_t size)
38 if (rom->addr + rom->romsize < addr) {
39 continue;
40 }
41- if (rom->addr > end) {
42+ if (rom->addr > end || rom->addr < addr) {
43 break;
44 }
45
46--
471.8.3.1
48
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-14364.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-14364.patch
new file mode 100644
index 0000000000..a109ac08d6
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-14364.patch
@@ -0,0 +1,93 @@
1From b946434f2659a182afc17e155be6791ebfb302eb Mon Sep 17 00:00:00 2001
2From: Gerd Hoffmann <kraxel@redhat.com>
3Date: Tue, 25 Aug 2020 07:36:36 +0200
4Subject: [PATCH] usb: fix setup_len init (CVE-2020-14364)
5
6Store calculated setup_len in a local variable, verify it, and only
7write it to the struct (USBDevice->setup_len) in case it passed the
8sanity checks.
9
10This prevents other code (do_token_{in,out} functions specifically)
11from working with invalid USBDevice->setup_len values and overrunning
12the USBDevice->setup_buf[] buffer.
13
14Fixes: CVE-2020-14364
15Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
16Tested-by: Gonglei <arei.gonglei@huawei.com>
17Reviewed-by: Li Qiang <liq3ea@gmail.com>
18Message-id: 20200825053636.29648-1-kraxel@redhat.com
19
20Upstream-Status: Backport
21CVE: CVE-2020-14364
22[https://git.qemu.org/?p=qemu.git;a=patch;h=b946434f2659a182afc17e155be6791ebfb302eb]
23Signed-off-by: Li Wang <li.wang@windriver.com>
24---
25 hw/usb/core.c | 16 ++++++++++------
26 1 file changed, 10 insertions(+), 6 deletions(-)
27
28diff --git a/hw/usb/core.c b/hw/usb/core.c
29index 5abd128..5234dcc 100644
30--- a/hw/usb/core.c
31+++ b/hw/usb/core.c
32@@ -129,6 +129,7 @@ void usb_wakeup(USBEndpoint *ep, unsigned int stream)
33 static void do_token_setup(USBDevice *s, USBPacket *p)
34 {
35 int request, value, index;
36+ unsigned int setup_len;
37
38 if (p->iov.size != 8) {
39 p->status = USB_RET_STALL;
40@@ -138,14 +139,15 @@ static void do_token_setup(USBDevice *s, USBPacket *p)
41 usb_packet_copy(p, s->setup_buf, p->iov.size);
42 s->setup_index = 0;
43 p->actual_length = 0;
44- s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
45- if (s->setup_len > sizeof(s->data_buf)) {
46+ setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
47+ if (setup_len > sizeof(s->data_buf)) {
48 fprintf(stderr,
49 "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n",
50- s->setup_len, sizeof(s->data_buf));
51+ setup_len, sizeof(s->data_buf));
52 p->status = USB_RET_STALL;
53 return;
54 }
55+ s->setup_len = setup_len;
56
57 request = (s->setup_buf[0] << 8) | s->setup_buf[1];
58 value = (s->setup_buf[3] << 8) | s->setup_buf[2];
59@@ -259,26 +261,28 @@ static void do_token_out(USBDevice *s, USBPacket *p)
60 static void do_parameter(USBDevice *s, USBPacket *p)
61 {
62 int i, request, value, index;
63+ unsigned int setup_len;
64
65 for (i = 0; i < 8; i++) {
66 s->setup_buf[i] = p->parameter >> (i*8);
67 }
68
69 s->setup_state = SETUP_STATE_PARAM;
70- s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
71 s->setup_index = 0;
72
73 request = (s->setup_buf[0] << 8) | s->setup_buf[1];
74 value = (s->setup_buf[3] << 8) | s->setup_buf[2];
75 index = (s->setup_buf[5] << 8) | s->setup_buf[4];
76
77- if (s->setup_len > sizeof(s->data_buf)) {
78+ setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
79+ if (setup_len > sizeof(s->data_buf)) {
80 fprintf(stderr,
81 "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n",
82- s->setup_len, sizeof(s->data_buf));
83+ setup_len, sizeof(s->data_buf));
84 p->status = USB_RET_STALL;
85 return;
86 }
87+ s->setup_len = setup_len;
88
89 if (p->pid == USB_TOKEN_OUT) {
90 usb_packet_copy(p, s->data_buf, s->setup_len);
91--
922.17.1
93
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-15863.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-15863.patch
new file mode 100644
index 0000000000..9927584d11
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-15863.patch
@@ -0,0 +1,64 @@
1From 5519724a13664b43e225ca05351c60b4468e4555 Mon Sep 17 00:00:00 2001
2From: Mauro Matteo Cascella <mcascell@redhat.com>
3Date: Fri, 10 Jul 2020 11:19:41 +0200
4Subject: [PATCH] hw/net/xgmac: Fix buffer overflow in xgmac_enet_send()
5
6A buffer overflow issue was reported by Mr. Ziming Zhang, CC'd here. It
7occurs while sending an Ethernet frame due to missing break statements
8and improper checking of the buffer size.
9
10Reported-by: Ziming Zhang <ezrakiez@gmail.com>
11Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
12Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
13Signed-off-by: Jason Wang <jasowang@redhat.com>
14
15CVE: CVE-2020-15863
16Upstream-Status: Backport
17[https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555]
18Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
19Signed-off-by: Li Wang <li.wang@windriver.com>
20---
21 hw/net/xgmac.c | 14 ++++++++++++--
22 1 file changed, 12 insertions(+), 2 deletions(-)
23
24diff --git a/hw/net/xgmac.c b/hw/net/xgmac.c
25index f49df95..f496f7e 100644
26--- a/hw/net/xgmac.c
27+++ b/hw/net/xgmac.c
28@@ -217,21 +217,31 @@ static void xgmac_enet_send(XgmacState *s)
29 }
30 len = (bd.buffer1_size & 0xfff) + (bd.buffer2_size & 0xfff);
31
32+ /*
33+ * FIXME: these cases of malformed tx descriptors (bad sizes)
34+ * should probably be reported back to the guest somehow
35+ * rather than simply silently stopping processing, but we
36+ * don't know what the hardware does in this situation.
37+ * This will only happen for buggy guests anyway.
38+ */
39 if ((bd.buffer1_size & 0xfff) > 2048) {
40 DEBUGF_BRK("qemu:%s:ERROR...ERROR...ERROR... -- "
41 "xgmac buffer 1 len on send > 2048 (0x%x)\n",
42 __func__, bd.buffer1_size & 0xfff);
43+ break;
44 }
45 if ((bd.buffer2_size & 0xfff) != 0) {
46 DEBUGF_BRK("qemu:%s:ERROR...ERROR...ERROR... -- "
47 "xgmac buffer 2 len on send != 0 (0x%x)\n",
48 __func__, bd.buffer2_size & 0xfff);
49+ break;
50 }
51- if (len >= sizeof(frame)) {
52+ if (frame_size + len >= sizeof(frame)) {
53 DEBUGF_BRK("qemu:%s: buffer overflow %d read into %zu "
54- "buffer\n" , __func__, len, sizeof(frame));
55+ "buffer\n" , __func__, frame_size + len, sizeof(frame));
56 DEBUGF_BRK("qemu:%s: buffer1.size=%d; buffer2.size=%d\n",
57 __func__, bd.buffer1_size, bd.buffer2_size);
58+ break;
59 }
60
61 cpu_physical_memory_read(bd.buffer1_addr, ptr, len);
62--
631.9.1
64
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-16092.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-16092.patch
new file mode 100644
index 0000000000..8ce01e26ad
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-16092.patch
@@ -0,0 +1,49 @@
1From 035e69b063835a5fd23cacabd63690a3d84532a8 Mon Sep 17 00:00:00 2001
2From: Mauro Matteo Cascella <mcascell@redhat.com>
3Date: Sat, 1 Aug 2020 18:42:38 +0200
4Subject: [PATCH] hw/net/net_tx_pkt: fix assertion failure in
5 net_tx_pkt_add_raw_fragment()
6
7An assertion failure issue was found in the code that processes network
8packets
9while adding data fragments into the packet context. It could be abused
10by a
11malicious guest to abort the QEMU process on the host. This patch
12replaces the
13affected assert() with a conditional statement, returning false if the
14current
15data fragment exceeds max_raw_frags.
16
17Reported-by: Alexander Bulekov <alxndr@bu.edu>
18Reported-by: Ziming Zhang <ezrakiez@gmail.com>
19Reviewed-by: Dmitry Fleytman <dmitry.fleytman@gmail.com>
20Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
21Signed-off-by: Jason Wang <jasowang@redhat.com>
22
23Upstream-Status: Backport
24CVE: CVE-2020-16092
25[https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8]
26Signed-off-by: Li Wang <li.wang@windriver.com>
27---
28 hw/net/net_tx_pkt.c | 5 ++++-
29 1 file changed, 4 insertions(+), 1 deletion(-)
30
31diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
32index 162f802..54d4c3b 100644
33--- a/hw/net/net_tx_pkt.c
34+++ b/hw/net/net_tx_pkt.c
35@@ -379,7 +379,10 @@ bool net_tx_pkt_add_raw_fragment(struct NetTxPkt *pkt, hwaddr pa,
36 hwaddr mapped_len = 0;
37 struct iovec *ventry;
38 assert(pkt);
39- assert(pkt->max_raw_frags > pkt->raw_frags);
40+
41+ if (pkt->raw_frags >= pkt->max_raw_frags) {
42+ return false;
43+ }
44
45 if (!len) {
46 return true;
47--
482.17.1
49
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch
new file mode 100644
index 0000000000..aa7bc82329
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch
@@ -0,0 +1,64 @@
1From 693fd2acdf14dd86c0bf852610f1c2cca80a74dc Mon Sep 17 00:00:00 2001
2From: Felipe Franciosi <felipe@nutanix.com>
3Date: Thu, 23 Jan 2020 12:44:59 +0000
4Subject: [PATCH] iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711)
5
6When querying an iSCSI server for the provisioning status of blocks (via
7GET LBA STATUS), Qemu only validates that the response descriptor zero's
8LBA matches the one requested. Given the SCSI spec allows servers to
9respond with the status of blocks beyond the end of the LUN, Qemu may
10have its heap corrupted by clearing/setting too many bits at the end of
11its allocmap for the LUN.
12
13A malicious guest in control of the iSCSI server could carefully program
14Qemu's heap (by selectively setting the bitmap) and then smash it.
15
16This limits the number of bits that iscsi_co_block_status() will try to
17update in the allocmap so it can't overflow the bitmap.
18
19Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=patch;h=693fd2acdf14dd86c0bf852610f1c2cca80a74dc]
20CVE: CVE-2020-1711
21
22Fixes: CVE-2020-1711
23Cc: qemu-stable@nongnu.org
24Signed-off-by: Felipe Franciosi <felipe@nutanix.com>
25Signed-off-by: Peter Turschmid <peter.turschm@nutanix.com>
26Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
27Signed-off-by: Kevin Wolf <kwolf@redhat.com>
28Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
29---
30 block/iscsi.c | 5 +++--
31 1 file changed, 3 insertions(+), 2 deletions(-)
32
33diff --git a/block/iscsi.c b/block/iscsi.c
34index 2aea7e3..cbd5729 100644
35--- a/block/iscsi.c
36+++ b/block/iscsi.c
37@@ -701,7 +701,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs,
38 struct scsi_get_lba_status *lbas = NULL;
39 struct scsi_lba_status_descriptor *lbasd = NULL;
40 struct IscsiTask iTask;
41- uint64_t lba;
42+ uint64_t lba, max_bytes;
43 int ret;
44
45 iscsi_co_init_iscsitask(iscsilun, &iTask);
46@@ -721,6 +721,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs,
47 }
48
49 lba = offset / iscsilun->block_size;
50+ max_bytes = (iscsilun->num_blocks - lba) * iscsilun->block_size;
51
52 qemu_mutex_lock(&iscsilun->mutex);
53 retry:
54@@ -764,7 +765,7 @@ retry:
55 goto out_unlock;
56 }
57
58- *pnum = (int64_t) lbasd->num_blocks * iscsilun->block_size;
59+ *pnum = MIN((int64_t) lbasd->num_blocks * iscsilun->block_size, max_bytes);
60
61 if (lbasd->provisioning == SCSI_PROVISIONING_TYPE_DEALLOCATED ||
62 lbasd->provisioning == SCSI_PROVISIONING_TYPE_ANCHORED) {
63--
641.8.3.1
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-1.patch
new file mode 100644
index 0000000000..df6bca6db6
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-1.patch
@@ -0,0 +1,44 @@
1From b2663d527a1992ba98c0266458b21ada3b9d0d2e Mon Sep 17 00:00:00 2001
2From: Changqing Li <changqing.li@windriver.com>
3Date: Thu, 27 Feb 2020 12:07:35 +0800
4Subject: [PATCH] tcp_emu: Fix oob access
5
6The main loop only checks for one available byte, while we sometimes
7need two bytes.
8
9CVE: CVE-2020-7039
10Upstream-Status: Backport
11[https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289]
12
13Signed-off-by: Changqing Li <changqing.li@windriver.com>
14---
15 slirp/src/tcp_subr.c | 6 ++++++
16 1 file changed, 6 insertions(+)
17
18diff --git a/slirp/src/tcp_subr.c b/slirp/src/tcp_subr.c
19index d6dd133..4bea2d4 100644
20--- a/slirp/src/tcp_subr.c
21+++ b/slirp/src/tcp_subr.c
22@@ -886,6 +886,8 @@ int tcp_emu(struct socket *so, struct mbuf *m)
23 break;
24
25 case 5:
26+ if (bptr == m->m_data + m->m_len - 1)
27+ return 1; /* We need two bytes */
28 /*
29 * The difference between versions 1.0 and
30 * 2.0 is here. For future versions of
31@@ -901,6 +903,10 @@ int tcp_emu(struct socket *so, struct mbuf *m)
32 /* This is the field containing the port
33 * number that RA-player is listening to.
34 */
35+
36+ if (bptr == m->m_data + m->m_len - 1)
37+ return 1; /* We need two bytes */
38+
39 lport = (((uint8_t *)bptr)[0] << 8) + ((uint8_t *)bptr)[1];
40 if (lport < 6970)
41 lport += 256; /* don't know why */
42--
432.7.4
44
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-2.patch
new file mode 100644
index 0000000000..4a00fa2afd
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-2.patch
@@ -0,0 +1,59 @@
1From 8f67e76e4148e37f3d8d2bcbdee7417fdedb7669 Mon Sep 17 00:00:00 2001
2From: Changqing Li <changqing.li@windriver.com>
3Date: Thu, 27 Feb 2020 12:10:34 +0800
4Subject: [PATCH] slirp: use correct size while emulating commands
5
6While emulating services in tcp_emu(), it uses 'mbuf' size
7'm->m_size' to write commands via snprintf(3). Use M_FREEROOM(m)
8size to avoid possible OOB access.
9Signed-off-by: default avatarPrasad J Pandit <pjp@fedoraproject.org>
10Signed-off-by: Samuel Thibault's avatarSamuel Thibault
11<samuel.thibault@ens-lyon.org>
12Message-Id: <20200109094228.79764-3-ppandit@redhat.com>
13
14CVE: CVE-2020-7039
15Upstream-Status: Backport
16[https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80]
17
18Signed-off-by: Changqing Li <changqing.li@windriver.com>
19---
20 slirp/src/tcp_subr.c | 9 ++++-----
21 1 file changed, 4 insertions(+), 5 deletions(-)
22
23diff --git a/slirp/src/tcp_subr.c b/slirp/src/tcp_subr.c
24index 4bea2d4..e8ed4ef 100644
25--- a/slirp/src/tcp_subr.c
26+++ b/slirp/src/tcp_subr.c
27@@ -696,7 +696,7 @@ int tcp_emu(struct socket *so, struct mbuf *m)
28 n4 = (laddr & 0xff);
29
30 m->m_len = bptr - m->m_data; /* Adjust length */
31- m->m_len += snprintf(bptr, m->m_size - m->m_len,
32+ m->m_len += snprintf(bptr, M_FREEROOM(m),
33 "ORT %d,%d,%d,%d,%d,%d\r\n%s", n1, n2, n3, n4,
34 n5, n6, x == 7 ? buff : "");
35 return 1;
36@@ -731,8 +731,7 @@ int tcp_emu(struct socket *so, struct mbuf *m)
37 n4 = (laddr & 0xff);
38
39 m->m_len = bptr - m->m_data; /* Adjust length */
40- m->m_len +=
41- snprintf(bptr, m->m_size - m->m_len,
42+ m->m_len += snprintf(bptr, M_FREEROOM(m),
43 "27 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n%s",
44 n1, n2, n3, n4, n5, n6, x == 7 ? buff : "");
45
46@@ -758,8 +757,8 @@ int tcp_emu(struct socket *so, struct mbuf *m)
47 if (m->m_data[m->m_len - 1] == '\0' && lport != 0 &&
48 (so = tcp_listen(slirp, INADDR_ANY, 0, so->so_laddr.s_addr,
49 htons(lport), SS_FACCEPTONCE)) != NULL)
50- m->m_len =
51- snprintf(m->m_data, m->m_size, "%d", ntohs(so->so_fport)) + 1;
52+ m->m_len = snprintf(m->m_data, M_ROOM(m),
53+ "%d", ntohs(so->so_fport)) + 1;
54 return 1;
55
56 case EMU_IRC:
57--
582.7.4
59
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-3.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-3.patch
new file mode 100644
index 0000000000..70ce480d80
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-3.patch
@@ -0,0 +1,64 @@
1From 0b03959b72036afce151783720d9e54988cf76ef Mon Sep 17 00:00:00 2001
2From: Changqing Li <changqing.li@windriver.com>
3Date: Thu, 27 Feb 2020 12:15:04 +0800
4Subject: [PATCH] slirp: use correct size while emulating IRC commands
5
6While emulating IRC DCC commands, tcp_emu() uses 'mbuf' size
7'm->m_size' to write DCC commands via snprintf(3). This may
8lead to OOB write access, because 'bptr' points somewhere in
9the middle of 'mbuf' buffer, not at the start. Use M_FREEROOM(m)
10size to avoid OOB access.
11Reported-by: default avatarVishnu Dev TJ <vishnudevtj@gmail.com>
12Signed-off-by: default avatarPrasad J Pandit <pjp@fedoraproject.org>
13Reviewed-by: Samuel Thibault's avatarSamuel Thibault
14<samuel.thibault@ens-lyon.org>
15Message-Id: <20200109094228.79764-2-ppandit@redhat.com>
16
17CVE: CVE-2020-7039
18Upstream-Status: Backport
19[https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9]
20
21Signed-off-by: Changqing Li <changqing.li@windriver.com>
22---
23 slirp/src/tcp_subr.c | 11 ++++++-----
24 1 file changed, 6 insertions(+), 5 deletions(-)
25
26diff --git a/slirp/src/tcp_subr.c b/slirp/src/tcp_subr.c
27index e8ed4ef..3a4a8ee 100644
28--- a/slirp/src/tcp_subr.c
29+++ b/slirp/src/tcp_subr.c
30@@ -777,7 +777,8 @@ int tcp_emu(struct socket *so, struct mbuf *m)
31 return 1;
32 }
33 m->m_len = bptr - m->m_data; /* Adjust length */
34- m->m_len += snprintf(bptr, m->m_size, "DCC CHAT chat %lu %u%c\n",
35+ m->m_len += snprintf(bptr, M_FREEROOM(m),
36+ "DCC CHAT chat %lu %u%c\n",
37 (unsigned long)ntohl(so->so_faddr.s_addr),
38 ntohs(so->so_fport), 1);
39 } else if (sscanf(bptr, "DCC SEND %256s %u %u %u", buff, &laddr, &lport,
40@@ -787,8 +788,8 @@ int tcp_emu(struct socket *so, struct mbuf *m)
41 return 1;
42 }
43 m->m_len = bptr - m->m_data; /* Adjust length */
44- m->m_len +=
45- snprintf(bptr, m->m_size, "DCC SEND %s %lu %u %u%c\n", buff,
46+ m->m_len += snprintf(bptr, M_FREEROOM(m),
47+ "DCC SEND %s %lu %u %u%c\n", buff,
48 (unsigned long)ntohl(so->so_faddr.s_addr),
49 ntohs(so->so_fport), n1, 1);
50 } else if (sscanf(bptr, "DCC MOVE %256s %u %u %u", buff, &laddr, &lport,
51@@ -798,8 +799,8 @@ int tcp_emu(struct socket *so, struct mbuf *m)
52 return 1;
53 }
54 m->m_len = bptr - m->m_data; /* Adjust length */
55- m->m_len +=
56- snprintf(bptr, m->m_size, "DCC MOVE %s %lu %u %u%c\n", buff,
57+ m->m_len += snprintf(bptr, M_FREEROOM(m),
58+ "DCC MOVE %s %lu %u %u%c\n", buff,
59 (unsigned long)ntohl(so->so_faddr.s_addr),
60 ntohs(so->so_fport), n1, 1);
61 }
62--
632.7.4
64
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-7211.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-7211.patch
new file mode 100644
index 0000000000..11be4c92e7
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-7211.patch
@@ -0,0 +1,46 @@
1From 14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 Mon Sep 17 00:00:00 2001
2From: Prasad J Pandit <pjp@fedoraproject.org>
3Date: Mon, 13 Jan 2020 17:44:31 +0530
4Subject: [PATCH] slirp: tftp: restrict relative path access
5
6tftp restricts relative or directory path access on Linux systems.
7Apply same restrictions on Windows systems too. It helps to avoid
8directory traversal issue.
9
10Fixes: https://bugs.launchpad.net/qemu/+bug/1812451
11Reported-by: Peter Maydell <peter.maydell@linaro.org>
12Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
13Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
14Message-Id: <20200113121431.156708-1-ppandit@redhat.com>
15
16Upstream-Status: Backport [https://gitlab.freedesktop.org/slirp/libslirp/-/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4.patch]
17CVE: CVE-2020-7211
18Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
19
20---
21 slirp/src/tftp.c | 9 +++++++--
22 1 file changed, 7 insertions(+), 2 deletions(-)
23
24diff --git a/slirp/src/tftp.c b/slirp/src/tftp.c
25index 093c2e0..e52e71b 100644
26--- a/slirp/src/tftp.c
27+++ b/slirp/src/tftp.c
28@@ -344,8 +344,13 @@ static void tftp_handle_rrq(Slirp *slirp, struct sockaddr_storage *srcsas,
29 k += 6; /* skipping octet */
30
31 /* do sanity checks on the filename */
32- if (!strncmp(req_fname, "../", 3) ||
33- req_fname[strlen(req_fname) - 1] == '/' || strstr(req_fname, "/../")) {
34+ if (
35+#ifdef G_OS_WIN32
36+ strstr(req_fname, "..\\") ||
37+ req_fname[strlen(req_fname) - 1] == '\\' ||
38+#endif
39+ strstr(req_fname, "../") ||
40+ req_fname[strlen(req_fname) - 1] == '/') {
41 tftp_send_error(spt, 2, "Access violation", tp);
42 return;
43 }
44--
452.24.1
46
diff --git a/meta/recipes-devtools/ruby/ruby/fix-CVE-2019-16254.patch b/meta/recipes-devtools/ruby/ruby/fix-CVE-2019-16254.patch
new file mode 100644
index 0000000000..704c850c50
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/fix-CVE-2019-16254.patch
@@ -0,0 +1,106 @@
1From 18d5289b4579822e391b3f5c16541e6552e9f06c Mon Sep 17 00:00:00 2001
2From: Yusuke Endoh <mame@ruby-lang.org>
3Date: Tue, 1 Oct 2019 12:29:18 +0900
4Subject: [PATCH] WEBrick: prevent response splitting and header injection
5
6This is a follow up to d9d4a28f1cdd05a0e8dabb36d747d40bbcc30f16.
7The commit prevented CRLR, but did not address an isolated CR or an
8isolated LF.
9
10Upstream-Status: Backport https://github.com/ruby/ruby/commit/3ce238b5f9795581eb84114dcfbdf4aa086bfecc
11CVE: CVE-2019-16254
12
13Co-Authored-By: NARUSE, Yui <naruse@airemix.jp>
14Signed-off-by: Rahul Chauhan <rahulchauhankitps@gmail.com>
15---
16 lib/webrick/httpresponse.rb | 3 ++-
17 test/webrick/test_httpresponse.rb | 46 +++++++++++++++++++++++++++++++++++++--
18 2 files changed, 46 insertions(+), 3 deletions(-)
19
20diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb
21index 6d77692..d26324c 100644
22--- a/lib/webrick/httpresponse.rb
23+++ b/lib/webrick/httpresponse.rb
24@@ -367,7 +367,8 @@ def set_error(ex, backtrace=false)
25 private
26
27 def check_header(header_value)
28- if header_value =~ /\r\n/
29+ header_value = header_value.to_s
30+ if /[\r\n]/ =~ header_value
31 raise InvalidHeader
32 else
33 header_value
34diff --git a/test/webrick/test_httpresponse.rb b/test/webrick/test_httpresponse.rb
35index 6263e0a..24a6968 100644
36--- a/test/webrick/test_httpresponse.rb
37+++ b/test/webrick/test_httpresponse.rb
38@@ -29,7 +29,7 @@ def setup
39 @res.keep_alive = true
40 end
41
42- def test_prevent_response_splitting_headers
43+ def test_prevent_response_splitting_headers_crlf
44 res['X-header'] = "malicious\r\nCookie: hack"
45 io = StringIO.new
46 res.send_response io
47@@ -39,7 +39,7 @@ def test_prevent_response_splitting_headers
48 refute_match 'hack', io.string
49 end
50
51- def test_prevent_response_splitting_cookie_headers
52+ def test_prevent_response_splitting_cookie_headers_crlf
53 user_input = "malicious\r\nCookie: hack"
54 res.cookies << WEBrick::Cookie.new('author', user_input)
55 io = StringIO.new
56@@ -50,6 +50,48 @@ def test_prevent_response_splitting_cookie_headers
57 refute_match 'hack', io.string
58 end
59
60+ def test_prevent_response_splitting_headers_cr
61+ res['X-header'] = "malicious\rCookie: hack"
62+ io = StringIO.new
63+ res.send_response io
64+ io.rewind
65+ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
66+ assert_equal '500', res.code
67+ refute_match 'hack', io.string
68+ end
69+
70+ def test_prevent_response_splitting_cookie_headers_cr
71+ user_input = "malicious\rCookie: hack"
72+ res.cookies << WEBrick::Cookie.new('author', user_input)
73+ io = StringIO.new
74+ res.send_response io
75+ io.rewind
76+ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
77+ assert_equal '500', res.code
78+ refute_match 'hack', io.string
79+ end
80+
81+ def test_prevent_response_splitting_headers_lf
82+ res['X-header'] = "malicious\nCookie: hack"
83+ io = StringIO.new
84+ res.send_response io
85+ io.rewind
86+ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
87+ assert_equal '500', res.code
88+ refute_match 'hack', io.string
89+ end
90+
91+ def test_prevent_response_splitting_cookie_headers_lf
92+ user_input = "malicious\nCookie: hack"
93+ res.cookies << WEBrick::Cookie.new('author', user_input)
94+ io = StringIO.new
95+ res.send_response io
96+ io.rewind
97+ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
98+ assert_equal '500', res.code
99+ refute_match 'hack', io.string
100+ end
101+
102 def test_304_does_not_log_warning
103 res.status = 304
104 res.setup_header
105--
1062.7.4
diff --git a/meta/recipes-devtools/ruby/ruby_2.5.5.bb b/meta/recipes-devtools/ruby/ruby_2.5.5.bb
index 223b0371eb..58bb97f4bd 100644
--- a/meta/recipes-devtools/ruby/ruby_2.5.5.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.5.5.bb
@@ -3,6 +3,7 @@ require ruby.inc
3SRC_URI += " \ 3SRC_URI += " \
4 file://0001-configure.ac-check-finite-isinf-isnan-as-macros-firs.patch \ 4 file://0001-configure.ac-check-finite-isinf-isnan-as-macros-firs.patch \
5 file://run-ptest \ 5 file://run-ptest \
6 file://fix-CVE-2019-16254.patch \
6 " 7 "
7 8
8SRC_URI[md5sum] = "7e156fb526b8f4bb1b30a3dd8a7ce400" 9SRC_URI[md5sum] = "7e156fb526b8f4bb1b30a3dd8a7ce400"
diff --git a/meta/recipes-devtools/strace/strace/Makefile-ptest.patch b/meta/recipes-devtools/strace/strace/Makefile-ptest.patch
index 08fa5c53b8..36e93a2dcf 100644
--- a/meta/recipes-devtools/strace/strace/Makefile-ptest.patch
+++ b/meta/recipes-devtools/strace/strace/Makefile-ptest.patch
@@ -44,6 +44,6 @@ index 825c989..4623c48 100644
44+ done 44+ done
45+ for file in $(EXTRA_DIST); do \ 45+ for file in $(EXTRA_DIST); do \
46+ install $(srcdir)/$$file $(DESTDIR)/$(TESTDIR); \ 46+ install $(srcdir)/$$file $(DESTDIR)/$(TESTDIR); \
47+ sed -i -e 's/$${srcdir=.}/./g' $(DESTDIR)/$(TESTDIR)/$$file; \ 47+ #sed -i -e 's/$${srcdir=.}/./g' $(DESTDIR)/$(TESTDIR)/$$file; \
48+ done 48+ done
49+ for i in net scm_rights-fd rt_sigaction; do sed -i -e 's/$$srcdir/./g' $(DESTDIR)/$(TESTDIR)/$$i.test; done 49+ for i in net scm_rights-fd rt_sigaction; do sed -i -e 's/$$srcdir/./g' $(DESTDIR)/$(TESTDIR)/$$i.test; done
diff --git a/meta/recipes-devtools/strace/strace/run-ptest b/meta/recipes-devtools/strace/strace/run-ptest
index 2fed984e90..4660207220 100755
--- a/meta/recipes-devtools/strace/strace/run-ptest
+++ b/meta/recipes-devtools/strace/strace/run-ptest
@@ -1,3 +1,6 @@
1#!/bin/sh 1#!/bin/sh
2export TIMEOUT_DURATION=30 2export TIMEOUT_DURATION=120
3make -B -C tests -k test-suite.log 3chown nobody tests
4chown nobody tests/*
5chown nobody ../ptest
6su nobody -c "make -B -C tests -k test-suite.log"
diff --git a/meta/recipes-extended/bash/bash/bash-CVE-2019-18276.patch b/meta/recipes-extended/bash/bash/bash-CVE-2019-18276.patch
deleted file mode 100644
index 78dcc1b636..0000000000
--- a/meta/recipes-extended/bash/bash/bash-CVE-2019-18276.patch
+++ /dev/null
@@ -1,402 +0,0 @@
1From 951bdaad7a18cc0dc1036bba86b18b90874d39ff Mon Sep 17 00:00:00 2001
2From: Chet Ramey <chet.ramey@case.edu>
3Date: Mon, 1 Jul 2019 09:03:53 -0400
4Subject: [PATCH] commit bash-20190628 snapshot
5
6An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11.
7By default, if Bash is run with its effective UID not equal to its real UID,
8it will drop privileges by setting its effective UID to its real UID.
9However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality,
10the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for
11runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore
12regains privileges. However, binaries running with an effective UID of 0 are unaffected.
13
14Upstream-Status: Backport [https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff]
15CVE: CVE-2019-18276
16Signed-off-by: Chet Ramey <chet.ramey@case.edu>
17Signed-off-by: De Huo <De.Huo@windriver.com>
18---
19 MANIFEST | 2 ++
20 bashline.c | 50 +-------------------------------------------------
21 builtins/help.def | 2 +-
22 config.h.in | 10 +++++++++-
23 configure | 11 +++++++++++
24 configure.ac | 1 +
25 doc/bash.1 | 3 ++-
26 doc/bashref.texi | 3 ++-
27 lib/glob/glob.c | 5 ++++-
28 pathexp.c | 16 ++++++++++++++--
29 shell.c | 8 ++++++++
30 tests/glob.tests | 2 ++
31 tests/glob6.sub | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
32 tests/glob7.sub | 11 +++++++++++
33 14 files changed, 122 insertions(+), 56 deletions(-)
34 create mode 100644 tests/glob6.sub
35 create mode 100644 tests/glob7.sub
36
37diff --git a/MANIFEST b/MANIFEST
38index 03de221..f9ccad7 100644
39--- a/MANIFEST
40+++ b/MANIFEST
41@@ -1037,6 +1037,8 @@ tests/extglob3.tests f
42 tests/extglob3.right f
43 tests/extglob4.sub f
44 tests/extglob5.sub f
45+tests/glob6.sub f
46+tests/glob7.sub f
47 tests/func.tests f
48 tests/func.right f
49 tests/func1.sub f
50diff --git a/bashline.c b/bashline.c
51index 824ea9d..d86b47d 100644
52--- a/bashline.c
53+++ b/bashline.c
54@@ -3718,55 +3718,7 @@ static int
55 completion_glob_pattern (string)
56 char *string;
57 {
58- register int c;
59- char *send;
60- int open;
61-
62- DECLARE_MBSTATE;
63-
64- open = 0;
65- send = string + strlen (string);
66-
67- while (c = *string++)
68- {
69- switch (c)
70- {
71- case '?':
72- case '*':
73- return (1);
74-
75- case '[':
76- open++;
77- continue;
78-
79- case ']':
80- if (open)
81- return (1);
82- continue;
83-
84- case '+':
85- case '@':
86- case '!':
87- if (*string == '(') /*)*/
88- return (1);
89- continue;
90-
91- case '\\':
92- if (*string++ == 0)
93- return (0);
94- }
95-
96- /* Advance one fewer byte than an entire multibyte character to
97- account for the auto-increment in the loop above. */
98-#ifdef HANDLE_MULTIBYTE
99- string--;
100- ADVANCE_CHAR_P (string, send - string);
101- string++;
102-#else
103- ADVANCE_CHAR_P (string, send - string);
104-#endif
105- }
106- return (0);
107+ return (glob_pattern_p (string) == 1);
108 }
109
110 static char *globtext;
111diff --git a/builtins/help.def b/builtins/help.def
112index 006c4b5..92f9b38 100644
113--- a/builtins/help.def
114+++ b/builtins/help.def
115@@ -128,7 +128,7 @@ help_builtin (list)
116
117 /* We should consider making `help bash' do something. */
118
119- if (glob_pattern_p (list->word->word))
120+ if (glob_pattern_p (list->word->word) == 1)
121 {
122 printf ("%s", ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1)));
123 print_word_list (list, ", ");
124diff --git a/config.h.in b/config.h.in
125index 8554aec..ad4b1e8 100644
126--- a/config.h.in
127+++ b/config.h.in
128@@ -1,6 +1,6 @@
129 /* config.h -- Configuration file for bash. */
130
131-/* Copyright (C) 1987-2009,2011-2012 Free Software Foundation, Inc.
132+/* Copyright (C) 1987-2009,2011-2012,2013-2019 Free Software Foundation, Inc.
133
134 This file is part of GNU Bash, the Bourne Again SHell.
135
136@@ -807,6 +807,14 @@
137 #undef HAVE_SETREGID
138 #undef HAVE_DECL_SETREGID
139
140+/* Define if you have the setregid function. */
141+#undef HAVE_SETRESGID
142+#undef HAVE_DECL_SETRESGID
143+
144+/* Define if you have the setresuid function. */
145+#undef HAVE_SETRESUID
146+#undef HAVE_DECL_SETRESUID
147+
148 /* Define if you have the setvbuf function. */
149 #undef HAVE_SETVBUF
150
151diff --git a/configure b/configure
152index 2f62662..b3321c9 100755
153--- a/configure
154+++ b/configure
155@@ -10281,6 +10281,17 @@ cat >>confdefs.h <<_ACEOF
156 #define HAVE_DECL_SETREGID $ac_have_decl
157 _ACEOF
158
159+ac_fn_c_check_decl "$LINENO" "" "ac_cv_have_decl_" "$ac_includes_default"
160+if test "x$ac_cv_have_decl_" = xyes; then :
161+ ac_have_decl=1
162+else
163+ ac_have_decl=0
164+fi
165+
166+cat >>confdefs.h <<_ACEOF
167+#define HAVE_DECL_ $ac_have_decl
168+_ACEOF
169+(setresuid, setresgid)
170 ac_fn_c_check_decl "$LINENO" "strcpy" "ac_cv_have_decl_strcpy" "$ac_includes_default"
171 if test "x$ac_cv_have_decl_strcpy" = xyes; then :
172 ac_have_decl=1
173diff --git a/configure.ac b/configure.ac
174index 52b4cdb..549adef 100644
175--- a/configure.ac
176+++ b/configure.ac
177@@ -810,6 +810,7 @@ AC_CHECK_DECLS([confstr])
178 AC_CHECK_DECLS([printf])
179 AC_CHECK_DECLS([sbrk])
180 AC_CHECK_DECLS([setregid])
181+AC_CHECK_DECLS[(setresuid, setresgid])
182 AC_CHECK_DECLS([strcpy])
183 AC_CHECK_DECLS([strsignal])
184
185diff --git a/doc/bash.1 b/doc/bash.1
186index e6cd08d..9e58a0b 100644
187--- a/doc/bash.1
188+++ b/doc/bash.1
189@@ -4681,7 +4681,8 @@ above).
190 .PD
191 .SH "SIMPLE COMMAND EXPANSION"
192 When a simple command is executed, the shell performs the following
193-expansions, assignments, and redirections, from left to right.
194+expansions, assignments, and redirections, from left to right, in
195+the following order.
196 .IP 1.
197 The words that the parser has marked as variable assignments (those
198 preceding the command name) and redirections are saved for later
199diff --git a/doc/bashref.texi b/doc/bashref.texi
200index d33cd57..3065126 100644
201--- a/doc/bashref.texi
202+++ b/doc/bashref.texi
203@@ -2964,7 +2964,8 @@ is not specified. If the file does not exist, it is created.
204 @cindex command expansion
205
206 When a simple command is executed, the shell performs the following
207-expansions, assignments, and redirections, from left to right.
208+expansions, assignments, and redirections, from left to right, in
209+the following order.
210
211 @enumerate
212 @item
213diff --git a/lib/glob/glob.c b/lib/glob/glob.c
214index 398253b..2eaa33e 100644
215--- a/lib/glob/glob.c
216+++ b/lib/glob/glob.c
217@@ -607,6 +607,7 @@ glob_vector (pat, dir, flags)
218 register unsigned int i;
219 int mflags; /* Flags passed to strmatch (). */
220 int pflags; /* flags passed to sh_makepath () */
221+ int hasglob; /* return value from glob_pattern_p */
222 int nalloca;
223 struct globval *firstmalloc, *tmplink;
224 char *convfn;
225@@ -648,10 +649,12 @@ glob_vector (pat, dir, flags)
226 patlen = (pat && *pat) ? strlen (pat) : 0;
227
228 /* If the filename pattern (PAT) does not contain any globbing characters,
229+ or contains a pattern with only backslash escapes (hasglob == 2),
230 we can dispense with reading the directory, and just see if there is
231 a filename `DIR/PAT'. If there is, and we can access it, just make the
232 vector to return and bail immediately. */
233- if (skip == 0 && glob_pattern_p (pat) == 0)
234+ hasglob = 0;
235+ if (skip == 0 && (hasglob = glob_pattern_p (pat)) == 0 || hasglob == 2)
236 {
237 int dirlen;
238 struct stat finfo;
239diff --git a/pathexp.c b/pathexp.c
240index c1bf2d8..e6c5392 100644
241--- a/pathexp.c
242+++ b/pathexp.c
243@@ -58,7 +58,10 @@ int extended_glob = EXTGLOB_DEFAULT;
244 /* Control enabling special handling of `**' */
245 int glob_star = 0;
246
247-/* Return nonzero if STRING has any unquoted special globbing chars in it. */
248+/* Return nonzero if STRING has any unquoted special globbing chars in it.
249+ This is supposed to be called when pathname expansion is performed, so
250+ it implements the rules in Posix 2.13.3, specifically that an unquoted
251+ slash cannot appear in a bracket expression. */
252 int
253 unquoted_glob_pattern_p (string)
254 register char *string;
255@@ -85,10 +88,14 @@ unquoted_glob_pattern_p (string)
256 continue;
257
258 case ']':
259- if (open)
260+ if (open) /* XXX - if --open == 0? */
261 return (1);
262 continue;
263
264+ case '/':
265+ if (open)
266+ open = 0;
267+
268 case '+':
269 case '@':
270 case '!':
271@@ -106,6 +113,11 @@ unquoted_glob_pattern_p (string)
272 string++;
273 continue;
274 }
275+ else if (open && *string == '/')
276+ {
277+ string++; /* quoted slashes in bracket expressions are ok */
278+ continue;
279+ }
280 else if (*string == 0)
281 return (0);
282
283diff --git a/shell.c b/shell.c
284index a2b2a55..6adabc8 100644
285--- a/shell.c
286+++ b/shell.c
287@@ -1293,7 +1293,11 @@ disable_priv_mode ()
288 {
289 int e;
290
291+#if HAVE_DECL_SETRESUID
292+ if (setresuid (current_user.uid, current_user.uid, current_user.uid) < 0)
293+#else
294 if (setuid (current_user.uid) < 0)
295+#endif
296 {
297 e = errno;
298 sys_error (_("cannot set uid to %d: effective uid %d"), current_user.uid, current_user.euid);
299@@ -1302,7 +1306,11 @@ disable_priv_mode ()
300 exit (e);
301 #endif
302 }
303+#if HAVE_DECL_SETRESGID
304+ if (setresgid (current_user.gid, current_user.gid, current_user.gid) < 0)
305+#else
306 if (setgid (current_user.gid) < 0)
307+#endif
308 sys_error (_("cannot set gid to %d: effective gid %d"), current_user.gid, current_user.egid);
309
310 current_user.euid = current_user.uid;
311diff --git a/tests/glob.tests b/tests/glob.tests
312index 01913bb..fb012f7 100644
313--- a/tests/glob.tests
314+++ b/tests/glob.tests
315@@ -12,6 +12,8 @@ ${THIS_SH} ./glob1.sub
316 ${THIS_SH} ./glob2.sub
317 ${THIS_SH} ./glob3.sub
318 ${THIS_SH} ./glob4.sub
319+${THIS_SH} ./glob6.sub
320+${THIS_SH} ./glob7.sub
321
322 MYDIR=$PWD # save where we are
323
324diff --git a/tests/glob6.sub b/tests/glob6.sub
325new file mode 100644
326index 0000000..b099811
327--- /dev/null
328+++ b/tests/glob6.sub
329@@ -0,0 +1,54 @@
330+# tests of the backslash-in-glob-patterns discussion on the austin-group ML
331+
332+: ${TMPDIR:=/var/tmp}
333+
334+ORIG=$PWD
335+GLOBDIR=$TMPDIR/bash-glob-$$
336+mkdir $GLOBDIR && cd $GLOBDIR
337+
338+# does the pattern matcher allow backslashes as escape characters and remove
339+# them as part of matching?
340+touch abcdefg
341+pat='ab\cd*'
342+printf '<%s>\n' $pat
343+pat='\.'
344+printf '<%s>\n' $pat
345+rm abcdefg
346+
347+# how about when escaping pattern characters?
348+touch '*abc.c'
349+a='\**.c'
350+printf '%s\n' $a
351+rm -f '*abc.c'
352+
353+# how about when making the distinction between readable and searchable path
354+# components?
355+mkdir -m a=x searchable
356+mkdir -m a=r readable
357+
358+p='searchable/\.'
359+printf "%s\n" $p
360+
361+p='searchable/\./.'
362+printf "%s\n" $p
363+
364+p='readable/\.'
365+printf "%s\n" $p
366+
367+p='readable/\./.'
368+printf "%s\n" $p
369+
370+printf "%s\n" 'searchable/\.'
371+printf "%s\n" 'readable/\.'
372+
373+echo */.
374+
375+p='*/\.'
376+echo $p
377+
378+echo */'.'
379+
380+rmdir searchable readable
381+
382+cd $ORIG
383+rmdir $GLOBDIR
384diff --git a/tests/glob7.sub b/tests/glob7.sub
385new file mode 100644
386index 0000000..0212b8e
387--- /dev/null
388+++ b/tests/glob7.sub
389@@ -0,0 +1,11 @@
390+# according to Posix 2.13.3, a slash in a bracket expression renders that
391+# bracket expression invalid
392+shopt -s nullglob
393+
394+echo 1: [qwe/qwe]
395+echo 2: [qwe/
396+echo 3: [qwe/]
397+
398+echo 4: [qwe\/qwe]
399+echo 5: [qwe\/
400+echo 6: [qwe\/]
401--
4021.9.1
diff --git a/meta/recipes-extended/bash/bash_5.0.bb b/meta/recipes-extended/bash/bash_5.0.bb
index 1b7058746f..eadc82279d 100644
--- a/meta/recipes-extended/bash/bash_5.0.bb
+++ b/meta/recipes-extended/bash/bash_5.0.bb
@@ -19,7 +19,6 @@ SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \
19 file://run-ptest \ 19 file://run-ptest \
20 file://run-bash-ptests \ 20 file://run-bash-ptests \
21 file://fix-run-builtins.patch \ 21 file://fix-run-builtins.patch \
22 file://bash-CVE-2019-18276.patch \
23 " 22 "
24 23
25SRC_URI[tarball.md5sum] = "2b44b47b905be16f45709648f671820b" 24SRC_URI[tarball.md5sum] = "2b44b47b905be16f45709648f671820b"
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-10216.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-10216.patch
new file mode 100644
index 0000000000..9bec7343f5
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-10216.patch
@@ -0,0 +1,53 @@
1From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001
2From: Chris Liddell <chris.liddell@artifex.com>
3Date: Fri, 2 Aug 2019 15:18:26 +0100
4Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly
5
6Upstream-Status: Backport [http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19]
7CVE: CVE-2019-10216
8Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
9
10---
11 Resource/Init/gs_type1.ps | 14 +++++++-------
12 1 file changed, 7 insertions(+), 7 deletions(-)
13
14diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
15index 6c7735bc0..a039ccee3 100644
16--- a/Resource/Init/gs_type1.ps
17+++ b/Resource/Init/gs_type1.ps
18@@ -118,25 +118,25 @@
19 ( to be the same as glyph: ) print 1 index //== exec } if
20 3 index exch 3 index .forceput
21 % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
22- }
23+ }executeonly
24 {pop} ifelse
25- } forall
26+ } executeonly forall
27 pop pop
28- }
29+ } executeonly
30 {
31 pop pop pop
32 } ifelse
33- }
34+ } executeonly
35 {
36 % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
37 pop pop
38 } ifelse
39- } forall
40+ } executeonly forall
41 3 1 roll pop pop
42- } if
43+ } executeonly if
44 pop
45 dup /.AGLprocessed~GS //true .forceput
46- } if
47+ } executeonly if
48
49 %% We need to excute the C .buildfont1 in a stopped context so that, if there
50 %% are errors we can put the stack back sanely and exit. Otherwise callers won't
51--
522.17.1
53
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.27.bb b/meta/recipes-extended/ghostscript/ghostscript_9.27.bb
index 32f938f254..bbd17104e1 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.27.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.27.bb
@@ -29,6 +29,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
29 file://CVE-2019-14817-0001.patch \ 29 file://CVE-2019-14817-0001.patch \
30 file://CVE-2019-14817-0002.patch \ 30 file://CVE-2019-14817-0002.patch \
31 file://CVE-2019-14869-0001.patch \ 31 file://CVE-2019-14869-0001.patch \
32 file://CVE-2019-10216.patch \
32" 33"
33 34
34SRC_URI = "${SRC_URI_BASE} \ 35SRC_URI = "${SRC_URI_BASE} \
diff --git a/meta/recipes-extended/libarchive/libarchive/0001-RAR5-reader-reject-files-that-declare-invalid-header.patch b/meta/recipes-extended/libarchive/libarchive/0001-RAR5-reader-reject-files-that-declare-invalid-header.patch
new file mode 100644
index 0000000000..a84c1f1f76
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/0001-RAR5-reader-reject-files-that-declare-invalid-header.patch
@@ -0,0 +1,124 @@
1From c1fe0a8cc8dde8ba3eae3d17e34060d2d6e4eb96 Mon Sep 17 00:00:00 2001
2From: Grzegorz Antoniak <ga@anadoxin.org>
3Date: Sun, 2 Feb 2020 08:04:41 +0100
4Subject: [PATCH] RAR5 reader: reject files that declare invalid header flags
5
6One of the fields in RAR5's base block structure is the size of the
7header. Some invalid files declare a 0 header size setting, which can
8confuse the unpacker. Minimum header size for RAR5 base blocks is 7
9bytes (4 bytes for CRC, and 3 bytes for the rest), so block size of 0
10bytes should be rejected at header parsing stage.
11
12The fix adds an error condition if header size of 0 bytes is detected.
13In this case, the unpacker will not attempt to unpack the file, as the
14header is corrupted.
15
16The commit also adds OSSFuzz #20459 sample to test further regressions
17in this area.
18
19Upstream-Status: Backport[https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a]
20CVE: CVE-2020-9308
21
22Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
23---
24 Makefile.am | 1 +
25 libarchive/archive_read_support_format_rar5.c | 17 +++++++++++++++--
26 libarchive/test/test_read_format_rar5.c | 15 +++++++++++++++
27 ...d_format_rar5_block_size_is_too_small.rar.uu | 8 ++++++++
28 4 files changed, 39 insertions(+), 2 deletions(-)
29 create mode 100644 libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu
30
31diff --git a/Makefile.am b/Makefile.am
32index da78b24..01abf20 100644
33--- a/Makefile.am
34+++ b/Makefile.am
35@@ -863,6 +863,7 @@ libarchive_test_EXTRA_DIST=\
36 libarchive/test/test_read_format_rar5_symlink.rar.uu \
37 libarchive/test/test_read_format_rar5_truncated_huff.rar.uu \
38 libarchive/test/test_read_format_rar5_win32.rar.uu \
39+ libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu \
40 libarchive/test/test_read_format_raw.bufr.uu \
41 libarchive/test/test_read_format_raw.data.gz.uu \
42 libarchive/test/test_read_format_raw.data.Z.uu \
43diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c
44index 7c24627..f73393c 100644
45--- a/libarchive/archive_read_support_format_rar5.c
46+++ b/libarchive/archive_read_support_format_rar5.c
47@@ -2034,6 +2034,8 @@ static int scan_for_signature(struct archive_read* a);
48 static int process_base_block(struct archive_read* a,
49 struct archive_entry* entry)
50 {
51+ const size_t SMALLEST_RAR5_BLOCK_SIZE = 3;
52+
53 struct rar5* rar = get_context(a);
54 uint32_t hdr_crc, computed_crc;
55 size_t raw_hdr_size = 0, hdr_size_len, hdr_size;
56@@ -2057,15 +2059,26 @@ static int process_base_block(struct archive_read* a,
57 return ARCHIVE_EOF;
58 }
59
60+ hdr_size = raw_hdr_size + hdr_size_len;
61+
62 /* Sanity check, maximum header size for RAR5 is 2MB. */
63- if(raw_hdr_size > (2 * 1024 * 1024)) {
64+ if(hdr_size > (2 * 1024 * 1024)) {
65 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
66 "Base block header is too large");
67
68 return ARCHIVE_FATAL;
69 }
70
71- hdr_size = raw_hdr_size + hdr_size_len;
72+ /* Additional sanity checks to weed out invalid files. */
73+ if(raw_hdr_size == 0 || hdr_size_len == 0 ||
74+ hdr_size < SMALLEST_RAR5_BLOCK_SIZE)
75+ {
76+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
77+ "Too small block encountered (%ld bytes)",
78+ raw_hdr_size);
79+
80+ return ARCHIVE_FATAL;
81+ }
82
83 /* Read the whole header data into memory, maximum memory use here is
84 * 2MB. */
85diff --git a/libarchive/test/test_read_format_rar5.c b/libarchive/test/test_read_format_rar5.c
86index 1408f37..32e7ed8 100644
87--- a/libarchive/test/test_read_format_rar5.c
88+++ b/libarchive/test/test_read_format_rar5.c
89@@ -1194,3 +1194,18 @@ DEFINE_TEST(test_read_format_rar5_fileattr)
90
91 EPILOGUE();
92 }
93+
94+DEFINE_TEST(test_read_format_rar5_block_size_is_too_small)
95+{
96+ char buf[4096];
97+ PROLOGUE("test_read_format_rar5_block_size_is_too_small.rar");
98+
99+ /* This file is damaged, so those functions should return failure.
100+ * Additionally, SIGSEGV shouldn't be raised during execution
101+ * of those functions. */
102+
103+ assertA(archive_read_next_header(a, &ae) != ARCHIVE_OK);
104+ assertA(archive_read_data(a, buf, sizeof(buf)) <= 0);
105+
106+ EPILOGUE();
107+}
108diff --git a/libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu b/libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu
109new file mode 100644
110index 0000000..5cad219
111--- /dev/null
112+++ b/libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu
113@@ -0,0 +1,8 @@
114+begin 644 test_read_format_rar5_block_size_is_too_small.rar
115+M4F%R(1H'`0"-[P+2``+'(!P,("`@N`,!`B`@("`@("`@("`@("`@("#_("`@
116+M("`@("`@("`@((:Q;2!4-'-^4B`!((WO`M(``O\@$/\@-R`@("`@("`@("`@
117+M``X@("`@("`@____("`@("`@(/\@("`@("`@("`@("#_(+6U,2"UM;6UM[CU
118+M)B`@*(0G(`!.`#D\3R``(/__(,+_````-0#_($&%*/HE=C+N`"```"```"`D
119+J`)$#("#_("#__P`@__\@_R#_("`@("`@("#_("#__R`@(/__("#__R`"
120+`
121+end
122--
1232.23.0
124
diff --git a/meta/recipes-extended/libarchive/libarchive_3.4.0.bb b/meta/recipes-extended/libarchive/libarchive_3.4.0.bb
index c196382b07..db45ccf654 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.4.0.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.4.0.bb
@@ -33,6 +33,7 @@ EXTRA_OECONF += "--enable-largefile"
33 33
34SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ 34SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
35 file://CVE-2019-19221.patch \ 35 file://CVE-2019-19221.patch \
36 file://0001-RAR5-reader-reject-files-that-declare-invalid-header.patch \
36" 37"
37 38
38SRC_URI[md5sum] = "6046396255bd7cf6d0f6603a9bda39ac" 39SRC_URI[md5sum] = "6046396255bd7cf6d0f6603a9bda39ac"
diff --git a/meta/recipes-extended/pam/libpam/pam.d/common-password b/meta/recipes-extended/pam/libpam/pam.d/common-password
index 3896057328..52478dae77 100644
--- a/meta/recipes-extended/pam/libpam/pam.d/common-password
+++ b/meta/recipes-extended/pam/libpam/pam.d/common-password
@@ -10,13 +10,10 @@
10# The "sha512" option enables salted SHA512 passwords. Without this option, 10# The "sha512" option enables salted SHA512 passwords. Without this option,
11# the default is Unix crypt. Prior releases used the option "md5". 11# the default is Unix crypt. Prior releases used the option "md5".
12# 12#
13# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
14# login.defs.
15#
16# See the pam_unix manpage for other options. 13# See the pam_unix manpage for other options.
17 14
18# here are the per-package modules (the "Primary" block) 15# here are the per-package modules (the "Primary" block)
19password [success=1 default=ignore] pam_unix.so obscure sha512 16password [success=1 default=ignore] pam_unix.so sha512
20# here's the fallback if no module succeeds 17# here's the fallback if no module succeeds
21password requisite pam_deny.so 18password requisite pam_deny.so
22# prime the stack with a positive return value if there isn't one already; 19# prime the stack with a positive return value if there isn't one already;
diff --git a/meta/recipes-extended/screen/screen/CVE-2020-9366.patch b/meta/recipes-extended/screen/screen/CVE-2020-9366.patch
new file mode 100644
index 0000000000..a52b9e6e68
--- /dev/null
+++ b/meta/recipes-extended/screen/screen/CVE-2020-9366.patch
@@ -0,0 +1,48 @@
1From 8ce90c1d3d5bece150479d8bc9303fd9d9f45e03 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net>
3Date: Thu, 30 Jan 2020 17:56:27 +0100
4Subject: [PATCH] Fix out of bounds access when setting w_xtermosc after OSC 49
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net>
10MIME-Version: 1.0
11Content-Type: text/plain; charset=UTF-8
12Content-Transfer-Encoding: 8bit
13
14echo -e "\e]49\e; \n\ec"
15crashes screen.
16
17This happens because 49 is divided by 10 and used as table index
18resulting in access to w_xtermosc[4], which is out of bounds with table
19itself being size 4. Increase size of table by 1 to 5, which is enough
20for all current uses.
21
22As this overwrites memory based on user input it is potential security
23issue.
24
25Reported-by: pippin@gimp.org
26Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
27
28Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/screen.git/commit/?h=v.4.8.0&id=68386dfb1fa33471372a8cd2e74686758a2f527b]
29CVE: CVE-2020-9366
30Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
31
32---
33 window.h | 2 +-
34 1 file changed, 1 insertion(+), 1 deletion(-)
35
36diff --git a/window.h b/window.h
37index bd10dcd..a8afa19 100644
38--- a/window.h
39+++ b/window.h
40@@ -237,7 +237,7 @@ struct win
41 char w_vbwait;
42 char w_norefresh; /* dont redisplay when switching to that win */
43 #ifdef RXVT_OSC
44- char w_xtermosc[4][MAXSTR]; /* special xterm/rxvt escapes */
45+ char w_xtermosc[5][MAXSTR]; /* special xterm/rxvt escapes */
46 #endif
47 int w_mouse; /* mouse mode 0,9,1000 */
48 #ifdef HAVE_BRAILLE
diff --git a/meta/recipes-extended/screen/screen_4.6.2.bb b/meta/recipes-extended/screen/screen_4.6.2.bb
index 21b476ddb0..d00b849021 100644
--- a/meta/recipes-extended/screen/screen_4.6.2.bb
+++ b/meta/recipes-extended/screen/screen_4.6.2.bb
@@ -25,6 +25,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
25 file://0001-fix-for-multijob-build.patch \ 25 file://0001-fix-for-multijob-build.patch \
26 file://0001-configure.ac-fix-configure-failed-while-build-dir-ha.patch \ 26 file://0001-configure.ac-fix-configure-failed-while-build-dir-ha.patch \
27 file://0001-Remove-more-compatibility-stuff.patch \ 27 file://0001-Remove-more-compatibility-stuff.patch \
28 file://CVE-2020-9366.patch \
28 " 29 "
29 30
30SRC_URI[md5sum] = "a0f529d3333b128dfaa324d978ba73a8" 31SRC_URI[md5sum] = "a0f529d3333b128dfaa324d978ba73a8"
diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index f6bab1acb4..e542290c3c 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -4,7 +4,7 @@ SECTION = "base"
4LICENSE = "PD & BSD & BSD-3-Clause" 4LICENSE = "PD & BSD & BSD-3-Clause"
5LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" 5LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
6 6
7PV = "2019c" 7PV = "2020a"
8 8
9SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \ 9SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
10 http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \ 10 http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \
@@ -12,7 +12,7 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
12 12
13UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" 13UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
14 14
15SRC_URI[tzcode.md5sum] = "195a17454c5db05cab96595380650391" 15SRC_URI[tzcode.md5sum] = "f87c3477e85a5c4b00df0def6c6a0055"
16SRC_URI[tzcode.sha256sum] = "f6ebd3668e02d5ed223d3b7b1947561bf2d2da2f4bd1db61efefd9e06c167ed4" 16SRC_URI[tzcode.sha256sum] = "7d2af7120ee03df71fbca24031ccaf42404752e639196fe93c79a41b38a6d669"
17SRC_URI[tzdata.md5sum] = "f6987e6dfdb2eb83a1b5076a50b80894" 17SRC_URI[tzdata.md5sum] = "96a985bb8eeab535fb8aa2132296763a"
18SRC_URI[tzdata.sha256sum] = "79c7806dab09072308da0e3d22c37d3b245015a591891ea147d3b133b60ffc7c" 18SRC_URI[tzdata.sha256sum] = "547161eca24d344e0b5f96aff6a76b454da295dc14ed4ca50c2355043fb899a2"
diff --git a/meta/recipes-gnome/gcr/gcr_3.28.1.bb b/meta/recipes-gnome/gcr/gcr_3.28.1.bb
index 2299199c31..64b0569f04 100644
--- a/meta/recipes-gnome/gcr/gcr_3.28.1.bb
+++ b/meta/recipes-gnome/gcr/gcr_3.28.1.bb
@@ -5,7 +5,7 @@ BUGTRACKER = "https://bugzilla.gnome.org/"
5LICENSE = "GPLv2" 5LICENSE = "GPLv2"
6LIC_FILES_CHKSUM = "file://COPYING;md5=55ca817ccb7d5b5b66355690e9abc605" 6LIC_FILES_CHKSUM = "file://COPYING;md5=55ca817ccb7d5b5b66355690e9abc605"
7 7
8DEPENDS = "intltool-native gtk+3 p11-kit glib-2.0 libgcrypt \ 8DEPENDS = "intltool-native gtk+3 p11-kit glib-2.0 libgcrypt gnupg-native \
9 ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'libxslt-native', '', d)}" 9 ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'libxslt-native', '', d)}"
10 10
11inherit gnomebase gtk-icon-cache gtk-doc distro_features_check upstream-version-is-even vala gobject-introspection 11inherit gnomebase gtk-icon-cache gtk-doc distro_features_check upstream-version-is-even vala gobject-introspection
diff --git a/meta/recipes-graphics/jpeg/files/0001-rdppm.c-Fix-buf-overrun-caused-by-bad-binary-PPM.patch b/meta/recipes-graphics/jpeg/files/0001-rdppm.c-Fix-buf-overrun-caused-by-bad-binary-PPM.patch
new file mode 100644
index 0000000000..03b6dba153
--- /dev/null
+++ b/meta/recipes-graphics/jpeg/files/0001-rdppm.c-Fix-buf-overrun-caused-by-bad-binary-PPM.patch
@@ -0,0 +1,81 @@
1From ade1818b7542ef9e11ece5ce98df91fab45d674c Mon Sep 17 00:00:00 2001
2From: DRC <information@libjpeg-turbo.org>
3Date: Tue, 2 Jun 2020 14:15:37 -0500
4Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
5
6This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
7include binary PPM files with maximum values < 255, thus preventing a
8malformed binary PPM input file with those specifications from
9triggering an overrun of the rescale array and potentially crashing
10cjpeg, TJBench, or any program that uses the tjLoadImage() function.
11
12Fixes #433
13
14CVE: CVE-2020-13790
15
16Signed-off-by: Liu Haitao <haitao.liu@windriver.com>
17---
18 ChangeLog.md | 20 ++++++++++++++++----
19 rdppm.c | 4 ++--
20 2 files changed, 18 insertions(+), 6 deletions(-)
21
22diff --git a/ChangeLog.md b/ChangeLog.md
23index 3667d12..198c7b8 100644
24--- a/ChangeLog.md
25+++ b/ChangeLog.md
26@@ -1,3 +1,15 @@
27+2.0.4
28+=====
29+
30+### Significant changes relative to 2.0.3:
31+
32+1. Fixed an issue in the PPM reader that caused a buffer overrun in cjpeg,
33+TJBench, or the `tjLoadImage()` function if one of the values in a binary
34+PPM/PGM input file exceeded the maximum value defined in the file's header and
35+that maximum value was less than 255. libjpeg-turbo 1.5.0 already included a
36+similar fix for binary PPM/PGM files with maximum values greater than 255.
37+
38+
39 2.0.3
40 =====
41
42@@ -520,10 +532,10 @@ application was linked against.
43
44 3. Fixed a couple of issues in the PPM reader that would cause buffer overruns
45 in cjpeg if one of the values in a binary PPM/PGM input file exceeded the
46-maximum value defined in the file's header. libjpeg-turbo 1.4.2 already
47-included a similar fix for ASCII PPM/PGM files. Note that these issues were
48-not security bugs, since they were confined to the cjpeg program and did not
49-affect any of the libjpeg-turbo libraries.
50+maximum value defined in the file's header and that maximum value was greater
51+than 255. libjpeg-turbo 1.4.2 already included a similar fix for ASCII PPM/PGM
52+files. Note that these issues were not security bugs, since they were confined
53+to the cjpeg program and did not affect any of the libjpeg-turbo libraries.
54
55 4. Fixed an issue whereby attempting to decompress a JPEG file with a corrupt
56 header using the `tjDecompressToYUV2()` function would cause the function to
57diff --git a/rdppm.c b/rdppm.c
58index 87bc330..a8507b9 100644
59--- a/rdppm.c
60+++ b/rdppm.c
61@@ -5,7 +5,7 @@
62 * Copyright (C) 1991-1997, Thomas G. Lane.
63 * Modified 2009 by Bill Allombert, Guido Vollbeding.
64 * libjpeg-turbo Modifications:
65- * Copyright (C) 2015-2017, D. R. Commander.
66+ * Copyright (C) 2015-2017, 2020, D. R. Commander.
67 * For conditions of distribution and use, see the accompanying README.ijg
68 * file.
69 *
70@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
71 /* On 16-bit-int machines we have to be careful of maxval = 65535 */
72 source->rescale = (JSAMPLE *)
73 (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
74- (size_t)(((long)maxval + 1L) *
75+ (size_t)(((long)MAX(maxval, 255) + 1L) *
76 sizeof(JSAMPLE)));
77 half_maxval = maxval / 2;
78 for (val = 0; val <= (long)maxval; val++) {
79--
802.17.0
81
diff --git a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb
index 1cf854de62..8ea81f386f 100644
--- a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb
+++ b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb
@@ -12,6 +12,7 @@ DEPENDS_append_x86_class-target = " nasm-native"
12 12
13SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \ 13SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \
14 file://0001-libjpeg-turbo-fix-package_qa-error.patch \ 14 file://0001-libjpeg-turbo-fix-package_qa-error.patch \
15 file://0001-rdppm.c-Fix-buf-overrun-caused-by-bad-binary-PPM.patch \
15 " 16 "
16 17
17SRC_URI[md5sum] = "bd07fddf26f9def7bab02739eb655116" 18SRC_URI[md5sum] = "bd07fddf26f9def7bab02739eb655116"
diff --git a/meta/recipes-graphics/mesa/files/0003-Allow-enable-DRI-without-DRI-drivers.patch b/meta/recipes-graphics/mesa/files/0003-Allow-enable-DRI-without-DRI-drivers.patch
index 3458c19199..346b217585 100644
--- a/meta/recipes-graphics/mesa/files/0003-Allow-enable-DRI-without-DRI-drivers.patch
+++ b/meta/recipes-graphics/mesa/files/0003-Allow-enable-DRI-without-DRI-drivers.patch
@@ -23,7 +23,7 @@ index 0e50bb26c0a..de065c290d6 100644
23 with_dri_swrast = dri_drivers.contains('swrast') 23 with_dri_swrast = dri_drivers.contains('swrast')
24 24
25-with_dri = dri_drivers.length() != 0 and dri_drivers != [''] 25-with_dri = dri_drivers.length() != 0 and dri_drivers != ['']
26+with_dri = get_option('dri') or (_drivers.length() != 0 and _drivers != ['']) 26+with_dri = get_option('dri') or (dri_drivers.length() != 0 and dri_drivers != [''])
27 27
28 gallium_drivers = get_option('gallium-drivers') 28 gallium_drivers = get_option('gallium-drivers')
29 if gallium_drivers.contains('auto') 29 if gallium_drivers.contains('auto')
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch
new file mode 100644
index 0000000000..ad61c95be3
--- /dev/null
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch
@@ -0,0 +1,66 @@
1From 24f67de7a9088a873844a39be03cee6882260ac9 Mon Sep 17 00:00:00 2001
2From: Gert Wollny <gert.wollny@collabora.com>
3Date: Mon, 7 Oct 2019 10:59:56 +0200
4Subject: [PATCH] vrend: check info formats in blits
5
6Closes #141
7Closes #142
8
9v2 : drop colon in error description (Emil)
10
11Signed-off-by: Gert Wollny <gert.wollny@collabora.com>
12Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
13
14Upstream-Status: Backport
15[https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9]
16CVE: CVE-2019-18390
17Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
18---
19 src/virgl_hw.h | 1 +
20 src/vrend_renderer.c | 11 +++++++++++
21 2 files changed, 12 insertions(+)
22
23diff --git a/src/virgl_hw.h b/src/virgl_hw.h
24index 145780bf..5ccf3073 100644
25--- a/src/virgl_hw.h
26+++ b/src/virgl_hw.h
27@@ -426,6 +426,7 @@ enum virgl_ctx_errors {
28 VIRGL_ERROR_CTX_ILLEGAL_CMD_BUFFER,
29 VIRGL_ERROR_CTX_GLES_HAVE_TES_BUT_MISS_TCS,
30 VIRGL_ERROR_GL_ANY_SAMPLES_PASSED,
31+ VIRGL_ERROR_CTX_ILLEGAL_FORMAT,
32 };
33
34 #define VIRGL_RESOURCE_Y_0_TOP (1 << 0)
35diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
36index 14fefb38..aa6a89c1 100644
37--- a/src/vrend_renderer.c
38+++ b/src/vrend_renderer.c
39@@ -758,6 +758,7 @@ static const char *vrend_ctx_error_strings[] = {
40 [VIRGL_ERROR_CTX_ILLEGAL_CMD_BUFFER] = "Illegal command buffer",
41 [VIRGL_ERROR_CTX_GLES_HAVE_TES_BUT_MISS_TCS] = "On GLES context and shader program has tesselation evaluation shader but no tesselation control shader",
42 [VIRGL_ERROR_GL_ANY_SAMPLES_PASSED] = "Query for ANY_SAMPLES_PASSED not supported",
43+ [VIRGL_ERROR_CTX_ILLEGAL_FORMAT] = "Illegal format ID",
44 };
45
46 static void __report_context_error(const char *fname, struct vrend_context *ctx,
47@@ -8492,6 +8493,16 @@ void vrend_renderer_blit(struct vrend_context *ctx,
48 if (ctx->in_error)
49 return;
50
51+ if (!info->src.format || (enum virgl_formats)info->src.format >= VIRGL_FORMAT_MAX) {
52+ report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_FORMAT, info->src.format);
53+ return;
54+ }
55+
56+ if (!info->dst.format || (enum virgl_formats)info->dst.format >= VIRGL_FORMAT_MAX) {
57+ report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_FORMAT, info->dst.format);
58+ return;
59+ }
60+
61 if (info->render_condition_enable == false)
62 vrend_pause_render_condition(ctx, true);
63
64--
652.24.1
66
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18391.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18391.patch
new file mode 100644
index 0000000000..cc641d8293
--- /dev/null
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18391.patch
@@ -0,0 +1,51 @@
1From 2abeb1802e3c005b17a7123e382171b3fb665971 Mon Sep 17 00:00:00 2001
2From: Gert Wollny <gert.wollny@collabora.com>
3Date: Tue, 8 Oct 2019 17:27:01 +0200
4Subject: [PATCH] vrend: check that the transfer iov holds enough data for the
5 data upload
6
7Closes #140
8
9Signed-off-by: Gert Wollny <gert.wollny@collabora.com>
10Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
11
12Upstream-Status: Backport
13[https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971]
14CVE: CVE-2019-18391
15Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
16---
17 src/vrend_renderer.c | 11 +++++++++--
18 1 file changed, 9 insertions(+), 2 deletions(-)
19
20diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
21index 694e1d0e..fe23846b 100644
22--- a/src/vrend_renderer.c
23+++ b/src/vrend_renderer.c
24@@ -7005,15 +7005,22 @@ static int vrend_renderer_transfer_write_iov(struct vrend_context *ctx,
25 invert = true;
26 }
27
28+ send_size = util_format_get_nblocks(res->base.format, info->box->width,
29+ info->box->height) * elsize;
30+ if (res->target == GL_TEXTURE_3D ||
31+ res->target == GL_TEXTURE_2D_ARRAY ||
32+ res->target == GL_TEXTURE_CUBE_MAP_ARRAY)
33+ send_size *= info->box->depth;
34+
35 if (need_temp) {
36- send_size = util_format_get_nblocks(res->base.format, info->box->width,
37- info->box->height) * elsize * info->box->depth;
38 data = malloc(send_size);
39 if (!data)
40 return ENOMEM;
41 read_transfer_data(iov, num_iovs, data, res->base.format, info->offset,
42 stride, layer_stride, info->box, invert);
43 } else {
44+ if (send_size > iov[0].iov_len - info->offset)
45+ return EINVAL;
46 data = (char*)iov[0].iov_base + info->offset;
47 }
48
49--
502.24.1
51
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2020-8002.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2020-8002.patch
new file mode 100644
index 0000000000..925f2c8eb0
--- /dev/null
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2020-8002.patch
@@ -0,0 +1,39 @@
1From 63bcca251f093d83da7e290ab4bbd38ae69089b5 Mon Sep 17 00:00:00 2001
2From: Gert Wollny <gert.wollny@collabora.com>
3Date: Wed, 15 Jan 2020 13:43:58 +0100
4Subject: [PATCH] vrend: Don't try launching a grid if no CS is available
5
6Closes #155
7
8Signed-off-by: Gert Wollny <gert.wollny@collabora.com>
9Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
10
11Upstream-Status: Backport
12[https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5.patch]
13CVE: CVE-2020-8002
14Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
15---
16 src/vrend_renderer.c | 7 +++++++
17 1 file changed, 7 insertions(+)
18
19diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
20index a054bad8..2280fc43 100644
21--- a/src/vrend_renderer.c
22+++ b/src/vrend_renderer.c
23@@ -4604,6 +4604,13 @@ void vrend_launch_grid(struct vrend_context *ctx,
24 }
25 ctx->sub->shader_dirty = true;
26 }
27+
28+ if (!ctx->sub->prog) {
29+ vrend_printf("%s: Skipping compute shader execution due to missing shaders: %s\n",
30+ __func__, ctx->debug_name);
31+ return;
32+ }
33+
34 vrend_use_program(ctx, ctx->sub->prog->id);
35
36 vrend_draw_bind_ubo_shader(ctx, PIPE_SHADER_COMPUTE, 0);
37--
382.24.1
39
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb b/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb
index d2b11c103a..e91ccc6c57 100644
--- a/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb
@@ -8,6 +8,9 @@ DEPENDS = "libdrm mesa libepoxy"
8SRCREV = "48cc96c9aebb9d0164830a157efc8916f08f00c0" 8SRCREV = "48cc96c9aebb9d0164830a157efc8916f08f00c0"
9SRC_URI = "git://anongit.freedesktop.org/virglrenderer \ 9SRC_URI = "git://anongit.freedesktop.org/virglrenderer \
10 file://0001-gallium-Expand-libc-check-to-be-platform-OS-check.patch \ 10 file://0001-gallium-Expand-libc-check-to-be-platform-OS-check.patch \
11 file://CVE-2019-18390.patch \
12 file://CVE-2019-18391.patch \
13 file://CVE-2020-8002.patch \
11 " 14 "
12 15
13S = "${WORKDIR}/git" 16S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/waffle/waffle_1.6.0.bb b/meta/recipes-graphics/waffle/waffle_1.6.0.bb
index 8a1d5748f6..82cead9ad1 100644
--- a/meta/recipes-graphics/waffle/waffle_1.6.0.bb
+++ b/meta/recipes-graphics/waffle/waffle_1.6.0.bb
@@ -35,3 +35,8 @@ PACKAGECONFIG[x11-egl] = "-Dx11_egl=enabled,-Dx11_egl=disabled,virtual/${MLPREFI
35PACKAGECONFIG[surfaceless-egl] = "-Dsurfaceless_egl=enabled,-Dsurfaceless_egl=disabled,virtual/${MLPREFIX}libgl" 35PACKAGECONFIG[surfaceless-egl] = "-Dsurfaceless_egl=enabled,-Dsurfaceless_egl=disabled,virtual/${MLPREFIX}libgl"
36 36
37# TODO: optionally build manpages and examples 37# TODO: optionally build manpages and examples
38
39# Unset these to stop python trying to report the target Python setup
40_PYTHON_SYSCONFIGDATA_NAME[unexport] = "1"
41STAGING_INCDIR[unexport] = "1"
42STAGING_LIBDIR[unexport] = "1"
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf b/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf
new file mode 100644
index 0000000000..7ab7460816
--- /dev/null
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf
@@ -0,0 +1,2 @@
1cap_sys_admin @USER@
2none *
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
index 6c548551b8..116bb278bc 100755
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
@@ -38,6 +38,14 @@ case "$1" in
38 if [ -e /dev/hidraw0 ]; then 38 if [ -e /dev/hidraw0 ]; then
39 chmod o+rw /dev/hidraw* 39 chmod o+rw /dev/hidraw*
40 fi 40 fi
41 # Make sure that the Xorg has the cap_sys_admin capability which is
42 # needed for setting the drm master
43 if ! grep -q "^auth.*pam_cap\.so" /etc/pam.d/su; then
44 echo "auth optional pam_cap.so" >>/etc/pam.d/su
45 fi
46 if ! /usr/sbin/getcap $XSERVER | grep -q cap_sys_admin; then
47 /usr/sbin/setcap cap_sys_admin+eip $XSERVER
48 fi
41 fi 49 fi
42 50
43 # Using su rather than sudo as latest 1.8.1 cause failure [YOCTO #1211] 51 # Using su rather than sudo as latest 1.8.1 cause failure [YOCTO #1211]
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb b/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
index a77c56445c..7f4e1e29f1 100644
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
@@ -10,6 +10,7 @@ SRC_URI = "file://xserver-nodm \
10 file://gplv2-license.patch \ 10 file://gplv2-license.patch \
11 file://xserver-nodm.service.in \ 11 file://xserver-nodm.service.in \
12 file://xserver-nodm.conf.in \ 12 file://xserver-nodm.conf.in \
13 file://capability.conf \
13" 14"
14 15
15S = "${WORKDIR}" 16S = "${WORKDIR}"
@@ -19,7 +20,7 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
19 20
20inherit update-rc.d systemd distro_features_check 21inherit update-rc.d systemd distro_features_check
21 22
22REQUIRED_DISTRO_FEATURES = "x11" 23REQUIRED_DISTRO_FEATURES = "x11 ${@oe.utils.conditional('ROOTLESS_X', '1', 'pam', '', d)}"
23 24
24PACKAGECONFIG ??= "blank" 25PACKAGECONFIG ??= "blank"
25# dpms and screen saver will be on only if 'blank' is in PACKAGECONFIG 26# dpms and screen saver will be on only if 'blank' is in PACKAGECONFIG
@@ -40,6 +41,8 @@ do_install() {
40 if [ "${ROOTLESS_X}" = "1" ] ; then 41 if [ "${ROOTLESS_X}" = "1" ] ; then
41 XUSER_HOME="/home/xuser" 42 XUSER_HOME="/home/xuser"
42 XUSER="xuser" 43 XUSER="xuser"
44 install -D capability.conf ${D}${sysconfdir}/security/capability.conf
45 sed -i "s:@USER@:${XUSER}:" ${D}${sysconfdir}/security/capability.conf
43 else 46 else
44 XUSER_HOME=${ROOT_HOME} 47 XUSER_HOME=${ROOT_HOME}
45 XUSER="root" 48 XUSER="root"
@@ -60,7 +63,7 @@ do_install() {
60 fi 63 fi
61} 64}
62 65
63RDEPENDS_${PN} = "xinit ${@oe.utils.conditional('ROOTLESS_X', '1', 'xuser-account', '', d)}" 66RDEPENDS_${PN} = "xinit ${@oe.utils.conditional('ROOTLESS_X', '1', 'xuser-account libcap libcap-bin', '', d)}"
64 67
65INITSCRIPT_NAME = "xserver-nodm" 68INITSCRIPT_NAME = "xserver-nodm"
66INITSCRIPT_PARAMS = "start 9 5 . stop 20 0 1 2 3 6 ." 69INITSCRIPT_PARAMS = "start 9 5 . stop 20 0 1 2 3 6 ."
diff --git a/meta/recipes-graphics/xorg-font/encodings_1.0.5.bb b/meta/recipes-graphics/xorg-font/encodings_1.0.5.bb
index a39609b5da..74014ff91b 100644
--- a/meta/recipes-graphics/xorg-font/encodings_1.0.5.bb
+++ b/meta/recipes-graphics/xorg-font/encodings_1.0.5.bb
@@ -19,3 +19,7 @@ SRC_URI[sha256sum] = "bd96e16143a044b19e87f217cf6a3763a70c561d1076aad6f6d862ec41
19inherit allarch 19inherit allarch
20 20
21EXTRA_OECONF += "--with-encodingsdir=${datadir}/fonts/X11/encodings" 21EXTRA_OECONF += "--with-encodingsdir=${datadir}/fonts/X11/encodings"
22
23# postinst from .inc doesn't apply to this recipe
24pkg_postinst_${PN} () {
25}
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
new file mode 100644
index 0000000000..20a604869b
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
@@ -0,0 +1,37 @@
1From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
2From: Matthieu Herrb <matthieu@herrb.eu>
3Date: Sat, 25 Jul 2020 19:33:50 +0200
4Subject: [PATCH] fix for ZDI-11426
5
6Avoid leaking un-initalized memory to clients by zeroing the
7whole pixmap on initial allocation.
8
9This vulnerability was discovered by:
10Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
11
12Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
13Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
14
15Upstream-Status: Backport
16CVE: CVE-2020-14347
17Signed-off-by: Li Zhou <li.zhou@windriver.com>
18---
19 dix/pixmap.c | 2 +-
20 1 file changed, 1 insertion(+), 1 deletion(-)
21
22diff --git a/dix/pixmap.c b/dix/pixmap.c
23index 1186d7dbb..5a0146bbb 100644
24--- a/dix/pixmap.c
25+++ b/dix/pixmap.c
26@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
27 if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
28 return NullPixmap;
29
30- pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
31+ pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
32 if (!pPixmap)
33 return NullPixmap;
34
35--
362.17.1
37
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.5.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.5.bb
index 3de6d22e57..f0f15a2584 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.5.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.5.bb
@@ -5,6 +5,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
5 file://0001-test-xtest-Initialize-array-with-braces.patch \ 5 file://0001-test-xtest-Initialize-array-with-braces.patch \
6 file://0001-compiler.h-Do-not-include-sys-io.h-on-ARM-with-glibc.patch \ 6 file://0001-compiler.h-Do-not-include-sys-io.h-on-ARM-with-glibc.patch \
7 file://sdksyms-no-build-path.patch \ 7 file://sdksyms-no-build-path.patch \
8 file://CVE-2020-14347.patch \
8 " 9 "
9SRC_URI[md5sum] = "c9fc7e21e11286dbedd22c00df652130" 10SRC_URI[md5sum] = "c9fc7e21e11286dbedd22c00df652130"
10SRC_URI[sha256sum] = "a81d8243f37e75a03d4f8c55f96d0bc25802be6ec45c3bfa5cb614c6d01bac9d" 11SRC_URI[sha256sum] = "a81d8243f37e75a03d4f8c55f96d0bc25802be6ec45c3bfa5cb614c6d01bac9d"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
index b6e0a1e9e2..93c4472316 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
@@ -11,13 +11,13 @@ python () {
11 raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") 11 raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
12} 12}
13 13
14SRCREV_machine ?= "2fbf678238302f33b3aec5a2cba829f260744f24" 14SRCREV_machine ?= "40e34fdcb540e35b1a97e8e52c11dfe52bd68b16"
15SRCREV_meta ?= "4f5d761316a9cf14605e5d0cc91b53c1b2e9dc6a" 15SRCREV_meta ?= "7cb520d405cd5ca8f21a333941fbc0861bbb36b0"
16 16
17SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ 17SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
18 git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA}" 18 git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA}"
19 19
20LINUX_VERSION ?= "4.19.87" 20LINUX_VERSION ?= "4.19.107"
21 21
22LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" 22LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
23 23
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb
index 5391e052c5..a23a5e6f93 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb
@@ -11,13 +11,13 @@ python () {
11 raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") 11 raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
12} 12}
13 13
14SRCREV_machine ?= "e2d396270864afd14f5882ce8921d8fb562f5665" 14SRCREV_machine ?= "78e147f949b5b18524aa7bd72f1cc8f7ae8039f8"
15SRCREV_meta ?= "dd6019025cbb701b9818102f267c26e87031a59b" 15SRCREV_meta ?= "bb2776d6beaae64b1a0fc902b64376f082085498"
16 16
17SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ 17SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
18 git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.2;destsuffix=${KMETA}" 18 git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.2;destsuffix=${KMETA}"
19 19
20LINUX_VERSION ?= "5.2.28" 20LINUX_VERSION ?= "5.2.32"
21 21
22LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" 22LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
23 23
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
index e2626ab4c9..76b2467ef5 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
6 6
7require recipes-kernel/linux/linux-yocto.inc 7require recipes-kernel/linux/linux-yocto.inc
8 8
9LINUX_VERSION ?= "4.19.87" 9LINUX_VERSION ?= "4.19.107"
10LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" 10LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
11 11
12DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" 12DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
15KMETA = "kernel-meta" 15KMETA = "kernel-meta"
16KCONF_BSP_AUDIT_LEVEL = "2" 16KCONF_BSP_AUDIT_LEVEL = "2"
17 17
18SRCREV_machine_qemuarm ?= "bd239fb802a15c2759ea456dd1f09f5e106fc88a" 18SRCREV_machine_qemuarm ?= "e2c947b59c650f2aa2f0f88d6af90f9dfb336e04"
19SRCREV_machine ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656" 19SRCREV_machine ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
20SRCREV_meta ?= "4f5d761316a9cf14605e5d0cc91b53c1b2e9dc6a" 20SRCREV_meta ?= "7cb520d405cd5ca8f21a333941fbc0861bbb36b0"
21 21
22PV = "${LINUX_VERSION}+git${SRCPV}" 22PV = "${LINUX_VERSION}+git${SRCPV}"
23 23
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb
index 986dd6e351..ac9904f415 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
6 6
7require recipes-kernel/linux/linux-yocto.inc 7require recipes-kernel/linux/linux-yocto.inc
8 8
9LINUX_VERSION ?= "5.2.28" 9LINUX_VERSION ?= "5.2.32"
10LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" 10LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
11 11
12DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" 12DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
15KMETA = "kernel-meta" 15KMETA = "kernel-meta"
16KCONF_BSP_AUDIT_LEVEL = "2" 16KCONF_BSP_AUDIT_LEVEL = "2"
17 17
18SRCREV_machine_qemuarm ?= "d79fa780eef7c3b08fcff8a44070c211afa91214" 18SRCREV_machine_qemuarm ?= "e0a3a01b24070b15121e938ea19755091bf0d662"
19SRCREV_machine ?= "992280855e88289b7e7019ee2cf9dff867c58b94" 19SRCREV_machine ?= "73b12de4c879e4569bef3b2d0ee9c783a9788b27"
20SRCREV_meta ?= "dd6019025cbb701b9818102f267c26e87031a59b" 20SRCREV_meta ?= "bb2776d6beaae64b1a0fc902b64376f082085498"
21 21
22PV = "${LINUX_VERSION}+git${SRCPV}" 22PV = "${LINUX_VERSION}+git${SRCPV}"
23 23
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.19.bb b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
index c6e482a984..6e3b00e0e5 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
@@ -11,22 +11,22 @@ KBRANCH_qemux86 ?= "v4.19/standard/base"
11KBRANCH_qemux86-64 ?= "v4.19/standard/base" 11KBRANCH_qemux86-64 ?= "v4.19/standard/base"
12KBRANCH_qemumips64 ?= "v4.19/standard/mti-malta64" 12KBRANCH_qemumips64 ?= "v4.19/standard/mti-malta64"
13 13
14SRCREV_machine_qemuarm ?= "19fa1657d1d82d01647c6f73a2bbf39305505294" 14SRCREV_machine_qemuarm ?= "c8b87f4d12eb957d8a95442a928ef4820037bb55"
15SRCREV_machine_qemuarm64 ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656" 15SRCREV_machine_qemuarm64 ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
16SRCREV_machine_qemumips ?= "8fb7ab96b84852ee3d9e1d9d9e7bc35e1249b653" 16SRCREV_machine_qemumips ?= "94f102eaca76ffdcc3d47ea94b47486d7157c531"
17SRCREV_machine_qemuppc ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656" 17SRCREV_machine_qemuppc ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
18SRCREV_machine_qemux86 ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656" 18SRCREV_machine_qemux86 ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
19SRCREV_machine_qemux86-64 ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656" 19SRCREV_machine_qemux86-64 ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
20SRCREV_machine_qemumips64 ?= "c8a036abd7d469013dddab15a23e0d2dde1d0000" 20SRCREV_machine_qemumips64 ?= "98288b7e79bc8130c2a889d763c9c1aa15ff4939"
21SRCREV_machine ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656" 21SRCREV_machine ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
22SRCREV_meta ?= "4f5d761316a9cf14605e5d0cc91b53c1b2e9dc6a" 22SRCREV_meta ?= "7cb520d405cd5ca8f21a333941fbc0861bbb36b0"
23 23
24SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \ 24SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
25 git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA} \ 25 git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA} \
26 " 26 "
27 27
28LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" 28LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
29LINUX_VERSION ?= "4.19.87" 29LINUX_VERSION ?= "4.19.107"
30 30
31DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" 31DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
32DEPENDS += "openssl-native util-linux-native" 32DEPENDS += "openssl-native util-linux-native"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.2.bb b/meta/recipes-kernel/linux/linux-yocto_5.2.bb
index 358c0ad80a..eab142e1c6 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.2.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.2.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.2/standard/base"
12KBRANCH_qemux86-64 ?= "v5.2/standard/base" 12KBRANCH_qemux86-64 ?= "v5.2/standard/base"
13KBRANCH_qemumips64 ?= "v5.2/standard/mti-malta64" 13KBRANCH_qemumips64 ?= "v5.2/standard/mti-malta64"
14 14
15SRCREV_machine_qemuarm ?= "ed43b791f2cca6e87928fa47556e540333385187" 15SRCREV_machine_qemuarm ?= "fdb7cd1bb5e4238e5b3d120ce9db31119ec2b5ee"
16SRCREV_machine_qemuarm64 ?= "992280855e88289b7e7019ee2cf9dff867c58b94" 16SRCREV_machine_qemuarm64 ?= "73b12de4c879e4569bef3b2d0ee9c783a9788b27"
17SRCREV_machine_qemumips ?= "5d47f37ab0b7bcd5c0aaf0ecbd6d00bb8a22ddf4" 17SRCREV_machine_qemumips ?= "eb7faee13cfce200e9add4ba1852a3fe5d8b92e6"
18SRCREV_machine_qemuppc ?= "992280855e88289b7e7019ee2cf9dff867c58b94" 18SRCREV_machine_qemuppc ?= "73b12de4c879e4569bef3b2d0ee9c783a9788b27"
19SRCREV_machine_qemuriscv64 ?= "992280855e88289b7e7019ee2cf9dff867c58b94" 19SRCREV_machine_qemuriscv64 ?= "73b12de4c879e4569bef3b2d0ee9c783a9788b27"
20SRCREV_machine_qemux86 ?= "992280855e88289b7e7019ee2cf9dff867c58b94" 20SRCREV_machine_qemux86 ?= "73b12de4c879e4569bef3b2d0ee9c783a9788b27"
21SRCREV_machine_qemux86-64 ?= "992280855e88289b7e7019ee2cf9dff867c58b94" 21SRCREV_machine_qemux86-64 ?= "73b12de4c879e4569bef3b2d0ee9c783a9788b27"
22SRCREV_machine_qemumips64 ?= "894ee953d9c4036003f41e0800315efe3bab8492" 22SRCREV_machine_qemumips64 ?= "8e3bfeb7e9b5aa92c5bea941d361ff5b081a2aaa"
23SRCREV_machine ?= "992280855e88289b7e7019ee2cf9dff867c58b94" 23SRCREV_machine ?= "73b12de4c879e4569bef3b2d0ee9c783a9788b27"
24SRCREV_meta ?= "dd6019025cbb701b9818102f267c26e87031a59b" 24SRCREV_meta ?= "bb2776d6beaae64b1a0fc902b64376f082085498"
25 25
26# remap qemuarm to qemuarma15 for the 5.2 kernel 26# remap qemuarm to qemuarma15 for the 5.2 kernel
27# KMACHINE_qemuarm ?= "qemuarma15" 27# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
30 git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.2;destsuffix=${KMETA}" 30 git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.2;destsuffix=${KMETA}"
31 31
32LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" 32LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
33LINUX_VERSION ?= "5.2.28" 33LINUX_VERSION ?= "5.2.32"
34 34
35DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" 35DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
36DEPENDS += "openssl-native util-linux-native" 36DEPENDS += "openssl-native util-linux-native"
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-SUNRPC-Fix-oops-when-trace-sunrpc_task-events-in.patch b/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-SUNRPC-Fix-oops-when-trace-sunrpc_task-events-in.patch
deleted file mode 100644
index bdbc4f811e..0000000000
--- a/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-SUNRPC-Fix-oops-when-trace-sunrpc_task-events-in.patch
+++ /dev/null
@@ -1,94 +0,0 @@
1From 1ff7013bcf7f068cf4371d12d758f9c0fd16a619 Mon Sep 17 00:00:00 2001
2From: Quanyang Wang <quanyang.wang@windriver.com>
3Date: Thu, 5 Dec 2019 15:35:32 +0800
4Subject: [PATCH 1/4] Fix: SUNRPC: Fix oops when trace sunrpc_task events in
5 nfs client
6
7See upstream commit :
8
9 commit 2ca310fc4160ed0420da65534a21ae77b24326a8
10 Author: Ditang Chen <chendt.fnst@cn.fujitsu.com>
11 Date: Fri, 7 Mar 2014 13:27:57 +0800
12 Subject: SUNRPC: Fix oops when trace sunrpc_task events in nfs client
13
14 When tracking sunrpc_task events in nfs client, the clnt pointer may be NULL.
15
16 [ 139.269266] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
17 [ 139.269915] IP: [<ffffffffa026f216>] ftrace_raw_event_rpc_task_running+0x86/0xf0 [sunrpc]
18 [ 139.269915] PGD 1d293067 PUD 1d294067 PMD 0
19 [ 139.269915] Oops: 0000 [#1] SMP
20 [ 139.269915] Modules linked in: nfsv4 dns_resolver nfs lockd sunrpc fscache sg ppdev e1000
21 serio_raw pcspkr parport_pc parport i2c_piix4 i2c_core microcode xfs libcrc32c sd_mod sr_mod
22 cdrom ata_generic crc_t10dif crct10dif_common pata_acpi ahci libahci ata_piix libata dm_mirror
23 dm_region_hash dm_log dm_mod
24 [ 139.269915] CPU: 0 PID: 59 Comm: kworker/0:2 Not tainted 3.10.0-84.el7.x86_64 #1
25 [ 139.269915] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
26 [ 139.269915] Workqueue: rpciod rpc_async_schedule [sunrpc]
27 [ 139.269915] task: ffff88001b598000 ti: ffff88001b632000 task.ti: ffff88001b632000
28 [ 139.269915] RIP: 0010:[<ffffffffa026f216>] [<ffffffffa026f216>] ftrace_raw_event_rpc_task_running+0x86/0xf0 [sunrpc]
29 [ 139.269915] RSP: 0018:ffff88001b633d70 EFLAGS: 00010206
30 [ 139.269915] RAX: ffff88001dfc5338 RBX: ffff88001cc37a00 RCX: ffff88001dfc5334
31 [ 139.269915] RDX: ffff88001dfc5338 RSI: 0000000000000000 RDI: ffff88001dfc533c
32 [ 139.269915] RBP: ffff88001b633db0 R08: 000000000000002c R09: 000000000000000a
33 [ 139.269915] R10: 0000000000062180 R11: 00000020759fb9dc R12: ffffffffa0292c20
34 [ 139.269915] R13: ffff88001dfc5334 R14: 0000000000000000 R15: 0000000000000000
35 [ 139.269915] FS: 0000000000000000(0000) GS:ffff88001fc00000(0000) knlGS:0000000000000000
36 [ 139.269915] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
37 [ 139.269915] CR2: 0000000000000004 CR3: 000000001d290000 CR4: 00000000000006f0
38 [ 139.269915] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
39 [ 139.269915] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
40 [ 139.269915] Stack:
41 [ 139.269915] 000000001b633d98 0000000000000246 ffff88001df1dc00 ffff88001cc37a00
42 [ 139.269915] ffff88001bc35e60 0000000000000000 ffff88001ffa0a48 ffff88001bc35ee0
43 [ 139.269915] ffff88001b633e08 ffffffffa02704b5 0000000000010000 ffff88001cc37a70
44 [ 139.269915] Call Trace:
45 [ 139.269915] [<ffffffffa02704b5>] __rpc_execute+0x1d5/0x400 [sunrpc]
46 [ 139.269915] [<ffffffffa0270706>] rpc_async_schedule+0x26/0x30 [sunrpc]
47 [ 139.269915] [<ffffffff8107867b>] process_one_work+0x17b/0x460
48 [ 139.269915] [<ffffffff8107942b>] worker_thread+0x11b/0x400
49 [ 139.269915] [<ffffffff81079310>] ? rescuer_thread+0x3e0/0x3e0
50 [ 139.269915] [<ffffffff8107fc80>] kthread+0xc0/0xd0
51 [ 139.269915] [<ffffffff8107fbc0>] ? kthread_create_on_node+0x110/0x110
52 [ 139.269915] [<ffffffff815d122c>] ret_from_fork+0x7c/0xb0
53 [ 139.269915] [<ffffffff8107fbc0>] ? kthread_create_on_node+0x110/0x110
54 [ 139.269915] Code: 4c 8b 45 c8 48 8d 7d d0 89 4d c4 41 89 c9 b9 28 00 00 00 e8 9d b4 e9
55 e0 48 85 c0 49 89 c5 74 a2 48 89 c7 e8 9d 3f e9 e0 48 89 c2 <41> 8b 46 04 48 8b 7d d0 4c
56 89 e9 4c 89 e6 89 42 0c 0f b7 83 d4
57 [ 139.269915] RIP [<ffffffffa026f216>] ftrace_raw_event_rpc_task_running+0x86/0xf0 [sunrpc]
58 [ 139.269915] RSP <ffff88001b633d70>
59 [ 139.269915] CR2: 0000000000000004
60 [ 140.946406] ---[ end trace ba486328b98d7622 ]---
61
62Upstream-Status: Backport [https://github.com/lttng/lttng-modules/commit/2b228b503cad10bf0c5a99b42a908ca906eab5b9]
63
64Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com>
65Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
66---
67 instrumentation/events/lttng-module/rpc.h | 4 ++--
68 1 file changed, 2 insertions(+), 2 deletions(-)
69
70diff --git a/instrumentation/events/lttng-module/rpc.h b/instrumentation/events/lttng-module/rpc.h
71index 3798e8e..fb13106 100644
72--- a/instrumentation/events/lttng-module/rpc.h
73+++ b/instrumentation/events/lttng-module/rpc.h
74@@ -139,7 +139,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_running,
75
76 TP_FIELDS(
77 ctf_integer(unsigned int, task_id, task->tk_pid)
78- ctf_integer(unsigned int, client_id, task->tk_client->cl_clid)
79+ ctf_integer(unsigned int, client_id, task->tk_client ? task->tk_client->cl_clid : -1)
80 ctf_integer_hex(const void *, action, action)
81 ctf_integer(unsigned long, runstate, task->tk_runstate)
82 ctf_integer(int, status, task->tk_status)
83@@ -208,7 +208,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_running,
84
85 TP_FIELDS(
86 ctf_integer(unsigned int, task_id, task->tk_pid)
87- ctf_integer(unsigned int, client_id, task->tk_client->cl_clid)
88+ ctf_integer(unsigned int, client_id, task->tk_client ? task->tk_client->cl_clid : -1)
89 ctf_integer_hex(const void *, action, action)
90 ctf_integer(unsigned long, runstate, task->tk_runstate)
91 ctf_integer(int, status, task->tk_status)
92--
932.17.1
94
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0002-Fix-sunrpc-null-rpc_clnt-dereference-in-rpc_task_que.patch b/meta/recipes-kernel/lttng/lttng-modules/0002-Fix-sunrpc-null-rpc_clnt-dereference-in-rpc_task_que.patch
deleted file mode 100644
index 03264bac68..0000000000
--- a/meta/recipes-kernel/lttng/lttng-modules/0002-Fix-sunrpc-null-rpc_clnt-dereference-in-rpc_task_que.patch
+++ /dev/null
@@ -1,44 +0,0 @@
1From 032a74d83b263c4faead8e4c25d497fb8ea07b6e Mon Sep 17 00:00:00 2001
2From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
3Date: Thu, 12 Dec 2019 10:29:02 -0500
4Subject: [PATCH 2/4] Fix: sunrpc: null rpc_clnt dereference in rpc_task_queued
5 tracepoint
6
7Based on upstream Linux commit:
8
9commit 0be283f676a1e7b208db0c992283197ef8b52158
10Author: Benjamin Coddington <bcodding@redhat.com>
11Date: Tue Jan 23 09:32:35 2018 -0500
12
13 SUNRPC: Fix null rpc_clnt dereference in rpc_task_queued tracepoint
14
15 Backchannel tasks will not have a reference to the rpc_clnt. Return -1 for
16 cl_clid in that case.
17
18 Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
19 Signed-off-by: Trond Myklebust <trondmy@gmail.com>
20
21Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
22Upstream-Status: Backport [https://github.com/lttng/lttng-modules/commit/8f83a9103dcdf4f6b73783427fc5ded4869309d5]
23Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com>
24---
25 instrumentation/events/lttng-module/rpc.h | 3 ++-
26 1 file changed, 2 insertions(+), 1 deletion(-)
27
28diff --git a/instrumentation/events/lttng-module/rpc.h b/instrumentation/events/lttng-module/rpc.h
29index fb13106..68c622c 100644
30--- a/instrumentation/events/lttng-module/rpc.h
31+++ b/instrumentation/events/lttng-module/rpc.h
32@@ -176,7 +176,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_queued,
33
34 TP_FIELDS(
35 ctf_integer(unsigned int, task_id, task->tk_pid)
36- ctf_integer(unsigned int, client_id, task->tk_client->cl_clid)
37+ ctf_integer(unsigned int, client_id, task->tk_client ?
38+ task->tk_client->cl_clid : -1)
39 ctf_integer(unsigned long, timeout, task->tk_timeout)
40 ctf_integer(unsigned long, runstate, task->tk_runstate)
41 ctf_integer(int, status, task->tk_status)
42--
432.17.1
44
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0003-Fix-sunrpc-use-signed-integer-for-client-id.patch b/meta/recipes-kernel/lttng/lttng-modules/0003-Fix-sunrpc-use-signed-integer-for-client-id.patch
deleted file mode 100644
index c7529f16dd..0000000000
--- a/meta/recipes-kernel/lttng/lttng-modules/0003-Fix-sunrpc-use-signed-integer-for-client-id.patch
+++ /dev/null
@@ -1,105 +0,0 @@
1From 70389e422dd3146161089d454f525367c9046ecd Mon Sep 17 00:00:00 2001
2From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
3Date: Thu, 12 Dec 2019 10:29:37 -0500
4Subject: [PATCH 3/4] Fix: sunrpc: use signed integer for client id
5
6Within include/linux/sunrpc/clnt.h:struct rpc_cltn, the cl_clid field
7is an unsigned integer, which is the type expected by the tracepoint
8signature.
9
10However, looking into net/sunrpc/clnt.c:rpc_alloc_clid(), its allocation
11considers negative signed integer as errors.
12
13Therefore, in order to properly show "-1" in the trace output (rather
14than MAX_INT) when called with a NULL task->tk_client, move to a
15signed integer as backing type for the client_id field.
16
17Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
18Upstream-Status: Backport [https://github.com/lttng/lttng-modules/commit/cc7bb0aa52cae22255581d67841449bb8ea36fda]
19Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com>
20---
21 instrumentation/events/lttng-module/rpc.h | 19 +++++++++++--------
22 1 file changed, 11 insertions(+), 8 deletions(-)
23
24diff --git a/instrumentation/events/lttng-module/rpc.h b/instrumentation/events/lttng-module/rpc.h
25index 68c622c..2d06e55 100644
26--- a/instrumentation/events/lttng-module/rpc.h
27+++ b/instrumentation/events/lttng-module/rpc.h
28@@ -18,7 +18,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_status,
29
30 TP_FIELDS(
31 ctf_integer(unsigned int, task_id, task->tk_pid)
32- ctf_integer(unsigned int, client_id, task->tk_client->cl_clid)
33+ ctf_integer(int, client_id, task->tk_client->cl_clid)
34 ctf_integer(int, status, task->tk_status)
35 )
36 )
37@@ -43,7 +43,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_status,
38
39 TP_FIELDS(
40 ctf_integer(unsigned int, task_id, task->tk_pid)
41- ctf_integer(unsigned int, client_id, task->tk_client->cl_clid)
42+ ctf_integer(int, client_id, task->tk_client->cl_clid)
43 ctf_integer(int, status, task->tk_status)
44 )
45 )
46@@ -100,7 +100,7 @@ LTTNG_TRACEPOINT_EVENT(rpc_connect_status,
47
48 TP_FIELDS(
49 ctf_integer(unsigned int, task_id, task->tk_pid)
50- ctf_integer(unsigned int, client_id, task->tk_client->cl_clid)
51+ ctf_integer(int, client_id, task->tk_client->cl_clid)
52 ctf_integer(int, status, task->tk_status)
53 )
54 )
55@@ -112,7 +112,7 @@ LTTNG_TRACEPOINT_EVENT(rpc_connect_status,
56
57 TP_FIELDS(
58 ctf_integer(unsigned int, task_id, task->tk_pid)
59- ctf_integer(unsigned int, client_id, task->tk_client->cl_clid)
60+ ctf_integer(int, client_id, task->tk_client->cl_clid)
61 ctf_integer(int, status, status)
62 )
63 )
64@@ -139,7 +139,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_running,
65
66 TP_FIELDS(
67 ctf_integer(unsigned int, task_id, task->tk_pid)
68- ctf_integer(unsigned int, client_id, task->tk_client ? task->tk_client->cl_clid : -1)
69+ ctf_integer(int, client_id, task->tk_client ?
70+ task->tk_client->cl_clid : -1)
71 ctf_integer_hex(const void *, action, action)
72 ctf_integer(unsigned long, runstate, task->tk_runstate)
73 ctf_integer(int, status, task->tk_status)
74@@ -176,7 +177,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_queued,
75
76 TP_FIELDS(
77 ctf_integer(unsigned int, task_id, task->tk_pid)
78- ctf_integer(unsigned int, client_id, task->tk_client ?
79+ ctf_integer(int, client_id, task->tk_client ?
80 task->tk_client->cl_clid : -1)
81 ctf_integer(unsigned long, timeout, task->tk_timeout)
82 ctf_integer(unsigned long, runstate, task->tk_runstate)
83@@ -209,7 +210,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_running,
84
85 TP_FIELDS(
86 ctf_integer(unsigned int, task_id, task->tk_pid)
87- ctf_integer(unsigned int, client_id, task->tk_client ? task->tk_client->cl_clid : -1)
88+ ctf_integer(int, client_id, task->tk_client ?
89+ task->tk_client->cl_clid : -1)
90 ctf_integer_hex(const void *, action, action)
91 ctf_integer(unsigned long, runstate, task->tk_runstate)
92 ctf_integer(int, status, task->tk_status)
93@@ -246,7 +248,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_queued,
94
95 TP_FIELDS(
96 ctf_integer(unsigned int, task_id, task->tk_pid)
97- ctf_integer(unsigned int, client_id, task->tk_client->cl_clid)
98+ ctf_integer(int, client_id, task->tk_client ?
99+ task->tk_client->cl_clid : -1)
100 ctf_integer(unsigned long, timeout, task->tk_timeout)
101 ctf_integer(unsigned long, runstate, task->tk_runstate)
102 ctf_integer(int, status, task->tk_status)
103--
1042.17.1
105
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0004-sunrpc-introduce-lttng_get_clid-helper.patch b/meta/recipes-kernel/lttng/lttng-modules/0004-sunrpc-introduce-lttng_get_clid-helper.patch
deleted file mode 100644
index 4dd726cf2c..0000000000
--- a/meta/recipes-kernel/lttng/lttng-modules/0004-sunrpc-introduce-lttng_get_clid-helper.patch
+++ /dev/null
@@ -1,130 +0,0 @@
1From b6903d57e4c3234ec5b1c7f72e232023cdee0fab Mon Sep 17 00:00:00 2001
2From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
3Date: Thu, 12 Dec 2019 10:39:38 -0500
4Subject: [PATCH 4/4] sunrpc: introduce lttng_get_clid helper
5
6Introduce the lttng_get_clid helper to always check for NULL pointer
7when getting the client id. While not always strictly needed depending
8on the tracepoint callsite, prefer robustness of instrumentation and
9always check for NULL rather than play whack-a-mole.
10
11Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
12Upstream-Status: Backport [https://github.com/lttng/lttng-modules/commit/1330a091a687a406513c3a326c2fc2a0dbe75536]
13Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com>
14---
15 instrumentation/events/lttng-module/rpc.h | 43 ++++++++++++++++-------
16 1 file changed, 31 insertions(+), 12 deletions(-)
17
18diff --git a/instrumentation/events/lttng-module/rpc.h b/instrumentation/events/lttng-module/rpc.h
19index 2d06e55..ceaf9db 100644
20--- a/instrumentation/events/lttng-module/rpc.h
21+++ b/instrumentation/events/lttng-module/rpc.h
22@@ -9,6 +9,29 @@
23 #include <linux/sunrpc/sched.h>
24 #include <linux/sunrpc/clnt.h>
25
26+#ifndef ONCE_LTTNG_RPC_H
27+#define ONCE_LTTNG_RPC_H
28+
29+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,12,0))
30+static inline
31+int lttng_get_clid(const struct rpc_task *task)
32+{
33+ struct rpc_clnt *tk_client;
34+
35+ tk_client = task->tk_client;
36+ if (!tk_client)
37+ return -1;
38+ /*
39+ * The cl_clid field is always initialized to positive signed
40+ * integers. Negative signed integer values are treated as
41+ * errors.
42+ */
43+ return (int) tk_client->cl_clid;
44+}
45+#endif /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,12,0)) */
46+
47+#endif /* ONCE_LTTNG_RPC_H */
48+
49 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(5,0,0))
50 LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_status,
51
52@@ -18,7 +41,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_status,
53
54 TP_FIELDS(
55 ctf_integer(unsigned int, task_id, task->tk_pid)
56- ctf_integer(int, client_id, task->tk_client->cl_clid)
57+ ctf_integer(int, client_id, lttng_get_clid(task))
58 ctf_integer(int, status, task->tk_status)
59 )
60 )
61@@ -43,7 +66,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_status,
62
63 TP_FIELDS(
64 ctf_integer(unsigned int, task_id, task->tk_pid)
65- ctf_integer(int, client_id, task->tk_client->cl_clid)
66+ ctf_integer(int, client_id, lttng_get_clid(task))
67 ctf_integer(int, status, task->tk_status)
68 )
69 )
70@@ -100,7 +123,7 @@ LTTNG_TRACEPOINT_EVENT(rpc_connect_status,
71
72 TP_FIELDS(
73 ctf_integer(unsigned int, task_id, task->tk_pid)
74- ctf_integer(int, client_id, task->tk_client->cl_clid)
75+ ctf_integer(int, client_id, lttng_get_clid(task))
76 ctf_integer(int, status, task->tk_status)
77 )
78 )
79@@ -112,7 +135,7 @@ LTTNG_TRACEPOINT_EVENT(rpc_connect_status,
80
81 TP_FIELDS(
82 ctf_integer(unsigned int, task_id, task->tk_pid)
83- ctf_integer(int, client_id, task->tk_client->cl_clid)
84+ ctf_integer(int, client_id, lttng_get_clid(task))
85 ctf_integer(int, status, status)
86 )
87 )
88@@ -139,8 +162,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_running,
89
90 TP_FIELDS(
91 ctf_integer(unsigned int, task_id, task->tk_pid)
92- ctf_integer(int, client_id, task->tk_client ?
93- task->tk_client->cl_clid : -1)
94+ ctf_integer(int, client_id, lttng_get_clid(task))
95 ctf_integer_hex(const void *, action, action)
96 ctf_integer(unsigned long, runstate, task->tk_runstate)
97 ctf_integer(int, status, task->tk_status)
98@@ -177,8 +199,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_queued,
99
100 TP_FIELDS(
101 ctf_integer(unsigned int, task_id, task->tk_pid)
102- ctf_integer(int, client_id, task->tk_client ?
103- task->tk_client->cl_clid : -1)
104+ ctf_integer(int, client_id, lttng_get_clid(task))
105 ctf_integer(unsigned long, timeout, task->tk_timeout)
106 ctf_integer(unsigned long, runstate, task->tk_runstate)
107 ctf_integer(int, status, task->tk_status)
108@@ -210,8 +231,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_running,
109
110 TP_FIELDS(
111 ctf_integer(unsigned int, task_id, task->tk_pid)
112- ctf_integer(int, client_id, task->tk_client ?
113- task->tk_client->cl_clid : -1)
114+ ctf_integer(int, client_id, lttng_get_clid(task))
115 ctf_integer_hex(const void *, action, action)
116 ctf_integer(unsigned long, runstate, task->tk_runstate)
117 ctf_integer(int, status, task->tk_status)
118@@ -248,8 +268,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(rpc_task_queued,
119
120 TP_FIELDS(
121 ctf_integer(unsigned int, task_id, task->tk_pid)
122- ctf_integer(int, client_id, task->tk_client ?
123- task->tk_client->cl_clid : -1)
124+ ctf_integer(int, client_id, lttng_get_clid(task))
125 ctf_integer(unsigned long, timeout, task->tk_timeout)
126 ctf_integer(unsigned long, runstate, task->tk_runstate)
127 ctf_integer(int, status, task->tk_status)
128--
1292.17.1
130
diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.10.11.bb b/meta/recipes-kernel/lttng/lttng-modules_2.10.14.bb
index cc4f44519a..1c24e94902 100644
--- a/meta/recipes-kernel/lttng/lttng-modules_2.10.11.bb
+++ b/meta/recipes-kernel/lttng/lttng-modules_2.10.14.bb
@@ -14,14 +14,10 @@ COMPATIBLE_HOST = '(x86_64|i.86|powerpc|aarch64|mips|nios2|arm|riscv).*-linux'
14SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \ 14SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \
15 file://Makefile-Do-not-fail-if-CONFIG_TRACEPOINTS-is-not-en.patch \ 15 file://Makefile-Do-not-fail-if-CONFIG_TRACEPOINTS-is-not-en.patch \
16 file://BUILD_RUNTIME_BUG_ON-vs-gcc7.patch \ 16 file://BUILD_RUNTIME_BUG_ON-vs-gcc7.patch \
17 file://0001-Fix-SUNRPC-Fix-oops-when-trace-sunrpc_task-events-in.patch \
18 file://0002-Fix-sunrpc-null-rpc_clnt-dereference-in-rpc_task_que.patch \
19 file://0003-Fix-sunrpc-use-signed-integer-for-client-id.patch \
20 file://0004-sunrpc-introduce-lttng_get_clid-helper.patch \
21 " 17 "
22 18
23SRC_URI[md5sum] = "c618fb646514dfc1bf910cfd7cda4256" 19SRC_URI[md5sum] = "3e9ed67a2da17edf93194f8a5e75a246"
24SRC_URI[sha256sum] = "7f91e39b2e8e46d8bbba2b4c8c1614f1fb380611cd1a1fccc1d1859be26112f1" 20SRC_URI[sha256sum] = "d0ba614a9cac3daf8ac034837f8b786e6be2ce0242aeecef7096bed5e03b762c"
25 21
26export INSTALL_MOD_DIR="kernel/lttng-modules" 22export INSTALL_MOD_DIR="kernel/lttng-modules"
27 23
@@ -44,7 +40,7 @@ SRC_URI_class-devupstream = "git://git.lttng.org/lttng-modules;branch=stable-2.1
44 file://Makefile-Do-not-fail-if-CONFIG_TRACEPOINTS-is-not-en.patch \ 40 file://Makefile-Do-not-fail-if-CONFIG_TRACEPOINTS-is-not-en.patch \
45 file://BUILD_RUNTIME_BUG_ON-vs-gcc7.patch \ 41 file://BUILD_RUNTIME_BUG_ON-vs-gcc7.patch \
46 " 42 "
47SRCREV_class-devupstream = "624aca5d7507fbd11ea4a1a474c3aa1031bd9a31" 43SRCREV_class-devupstream = "b34304f146ea234ea764580d7ce1b03d05a215f9"
48PV_class-devupstream = "2.10.10+git${SRCPV}" 44PV_class-devupstream = "2.10.14+git${SRCPV}"
49S_class-devupstream = "${WORKDIR}/git" 45S_class-devupstream = "${WORKDIR}/git"
50SRCREV_FORMAT ?= "lttng_git" 46SRCREV_FORMAT ?= "lttng_git"
diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb
index 8201c0cb60..904aca95de 100644
--- a/meta/recipes-kernel/perf/perf.bb
+++ b/meta/recipes-kernel/perf/perf.bb
@@ -51,7 +51,7 @@ export PYTHON_SITEPACKAGES_DIR
51#kernel 3.1+ supports WERROR to disable warnings as errors 51#kernel 3.1+ supports WERROR to disable warnings as errors
52export WERROR = "0" 52export WERROR = "0"
53 53
54do_populate_lic[depends] += "virtual/kernel:do_patch" 54do_populate_lic[depends] += "virtual/kernel:do_shared_workdir"
55 55
56# needed for building the tools/perf Perl binding 56# needed for building the tools/perf Perl binding
57include ${@bb.utils.contains('PACKAGECONFIG', 'scripting', 'perf-perl.inc', '', d)} 57include ${@bb.utils.contains('PACKAGECONFIG', 'scripting', 'perf-perl.inc', '', d)}
@@ -233,10 +233,8 @@ do_configure_prepend () {
233 fi 233 fi
234 234
235 # use /usr/bin/env instead of version specific python 235 # use /usr/bin/env instead of version specific python
236 for s in `find ${S}/tools/perf/ -name '*.py'`; do 236 for s in `find ${S}/tools/perf/ -name '*.py'` `find ${S}/scripts/ -name 'bpf_helpers_doc.py'`; do
237 sed -i 's,/usr/bin/python,/usr/bin/env python3,' "${s}" 237 sed -i -e "s,#!.*python.*,#!${USRBINPATH}/env python3," ${s}
238 sed -i 's,/usr/bin/python2,/usr/bin/env python3,' "${s}"
239 sed -i 's,/usr/bin/env python2,/usr/bin/env python3,' "${s}"
240 done 238 done
241 239
242 # unistd.h can be out of sync between libc-headers and the captured version in the perf source 240 # unistd.h can be out of sync between libc-headers and the captured version in the perf source
diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2019.06.03.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2020.04.29.bb
index 9076d94601..a5827b9ef0 100644
--- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2019.06.03.bb
+++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2020.04.29.bb
@@ -5,8 +5,7 @@ LICENSE = "ISC"
5LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" 5LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c"
6 6
7SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" 7SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz"
8SRC_URI[md5sum] = "4b5ba3f089db7fdb7b9daae6a7c1f2cb" 8SRC_URI[sha256sum] = "89fd031aed5977c219a71501e144375a10e7c90d1005d5d086ea7972886a2c7a"
9SRC_URI[sha256sum] = "cd917ed86b63ce8d93947979f1f18948f03a4ac0ad89ec25227b36ac00dc54bf"
10 9
11inherit bin_package allarch 10inherit bin_package allarch
12 11
diff --git a/meta/recipes-multimedia/gstreamer/gst-validate_1.16.1.bb b/meta/recipes-multimedia/gstreamer/gst-validate_1.16.2.bb
index 7d602eabc6..35492fe861 100644
--- a/meta/recipes-multimedia/gstreamer/gst-validate_1.16.1.bb
+++ b/meta/recipes-multimedia/gstreamer/gst-validate_1.16.2.bb
@@ -9,8 +9,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
9SRC_URI = "https://gstreamer.freedesktop.org/src/${BPN}/${BP}.tar.xz \ 9SRC_URI = "https://gstreamer.freedesktop.org/src/${BPN}/${BP}.tar.xz \
10 file://0001-connect-has-a-different-signature-on-musl.patch \ 10 file://0001-connect-has-a-different-signature-on-musl.patch \
11 " 11 "
12SRC_URI[md5sum] = "793e75f4717f718ad204c554d577b160" 12SRC_URI[md5sum] = "688f42c52d62e8c5e506df911553fb2c"
13SRC_URI[sha256sum] = "7f079b9b2a127604b98e297037dc8847ef50f4ce2b508aa2df0cac5b77562899" 13SRC_URI[sha256sum] = "4861ccb9326200e74d98007e316b387d48dd49f072e0b78cb9d3303fdecfeeca"
14 14
15DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base" 15DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base"
16RRECOMMENDS_${PN} = "git" 16RRECOMMENDS_${PN} = "git"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.1.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.2.bb
index 10955ff161..b57b744a80 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.1.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.2.bb
@@ -19,8 +19,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.x
19 file://0001-configure-check-for-armv7ve-variant.patch \ 19 file://0001-configure-check-for-armv7ve-variant.patch \
20 file://0001-fix-host-contamination.patch \ 20 file://0001-fix-host-contamination.patch \
21 " 21 "
22SRC_URI[md5sum] = "58023f4c71bbd711061e350fcd76c09d" 22SRC_URI[md5sum] = "eacebd0136ede3a9bd3672eeb338806b"
23SRC_URI[sha256sum] = "e8a5748ae9a4a7be9696512182ea9ffa6efe0be9b7976916548e9d4381ca61c4" 23SRC_URI[sha256sum] = "c724f612700c15a933c7356fbeabb0bb9571fb5538f8b1b54d4d2d94188deef2"
24 24
25S = "${WORKDIR}/gst-libav-${PV}" 25S = "${WORKDIR}/gst-libav-${PV}"
26 26
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.1.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.2.bb
index cb2f7045a8..c0acf46c22 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.1.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.2.bb
@@ -9,8 +9,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
9 9
10SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz" 10SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz"
11 11
12SRC_URI[md5sum] = "89772e7a277fd0abfc250eaf8e4e9ce9" 12SRC_URI[md5sum] = "6362786d2b6cce34de08c86b7847f782"
13SRC_URI[sha256sum] = "cbf54121a2cba575d460833e8132265781252ce32cf5b8f9fa8753e42ab24bb2" 13SRC_URI[sha256sum] = "11ed411a2eba75610d72331eeb14ff05e2df28f4fd05cb69225a88bec6d27439"
14 14
15S = "${WORKDIR}/gst-omx-${PV}" 15S = "${WORKDIR}/gst-omx-${PV}"
16 16
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.1.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.2.bb
index 1731be8441..756b823e7d 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.1.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.2.bb
@@ -8,8 +8,8 @@ SRC_URI = " \
8 file://ensure-valid-sentinels-for-gst_structure_get-etc.patch \ 8 file://ensure-valid-sentinels-for-gst_structure_get-etc.patch \
9 file://0001-introspection.m4-prefix-pkgconfig-paths-with-PKG_CON.patch \ 9 file://0001-introspection.m4-prefix-pkgconfig-paths-with-PKG_CON.patch \
10" 10"
11SRC_URI[md5sum] = "24d4d30ecc67d5cbc77c0475bcea1210" 11SRC_URI[md5sum] = "ccc7404230afddec723bbdb63c89feec"
12SRC_URI[sha256sum] = "56481c95339b8985af13bac19b18bc8da7118c2a7d9440ed70e7dcd799c2adb5" 12SRC_URI[sha256sum] = "f1cb7aa2389569a5343661aae473f0a940a90b872001824bc47fa8072a041e74"
13 13
14S = "${WORKDIR}/gst-plugins-bad-${PV}" 14S = "${WORKDIR}/gst-plugins-bad-${PV}"
15 15
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.1.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.2.bb
index cb99fba5ff..95d3a3679e 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.1.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.2.bb
@@ -18,8 +18,8 @@ SRC_URI = " \
18 file://0001-gstreamer-gl.pc.in-don-t-append-GL_CFLAGS-to-CFLAGS.patch \ 18 file://0001-gstreamer-gl.pc.in-don-t-append-GL_CFLAGS-to-CFLAGS.patch \
19 file://link-with-libvchostif.patch \ 19 file://link-with-libvchostif.patch \
20 " 20 "
21SRC_URI[md5sum] = "b5eb0651bab70bf1714f103bdd66ce47" 21SRC_URI[md5sum] = "3fdb32823535799a748c1fc14f978e2c"
22SRC_URI[sha256sum] = "5c3cc489933d0597087c9bc6ba251c93693d64554bcc563539a084fa2d5fcb2b" 22SRC_URI[sha256sum] = "b13e73e2fe74a4166552f9577c3dcb24bed077021b9c7fa600d910ec6987816a"
23 23
24S = "${WORKDIR}/gst-plugins-base-${PV}" 24S = "${WORKDIR}/gst-plugins-base-${PV}"
25 25
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.1.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.2.bb
index 0fa7b86ffe..ea0cbddc72 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.1.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.2.bb
@@ -5,8 +5,8 @@ SRC_URI = " \
5 file://0001-introspection.m4-prefix-pkgconfig-paths-with-PKG_CON.patch \ 5 file://0001-introspection.m4-prefix-pkgconfig-paths-with-PKG_CON.patch \
6 " 6 "
7 7
8SRC_URI[md5sum] = "515987ee763256840a11bd8ea098f2bf" 8SRC_URI[md5sum] = "bd025f8f14974f94b75ac69a9d1b9c93"
9SRC_URI[sha256sum] = "9fbabe69018fcec707df0b71150168776040cde6c1a26bb5a82a136755fa8f1f" 9SRC_URI[sha256sum] = "40bb3bafda25c0b739c8fc36e48380fccf61c4d3f83747e97ac3f9b0171b1319"
10 10
11S = "${WORKDIR}/gst-plugins-good-${PV}" 11S = "${WORKDIR}/gst-plugins-good-${PV}"
12 12
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.1.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.2.bb
index ecab318899..94abc33542 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.1.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.2.bb
@@ -10,8 +10,8 @@ SRC_URI = " \
10 https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \ 10 https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \
11 file://0001-introspection.m4-prefix-pkgconfig-paths-with-PKG_CON.patch \ 11 file://0001-introspection.m4-prefix-pkgconfig-paths-with-PKG_CON.patch \
12 " 12 "
13SRC_URI[md5sum] = "668795903cb4971fba9aa89abdea8369" 13SRC_URI[md5sum] = "10283ff5ef1e34d462dde77042e329bd"
14SRC_URI[sha256sum] = "4bf913b2ca5195ac3b53b5e3ade2dc7c45d2258507552ddc850c5fa425968a1d" 14SRC_URI[sha256sum] = "5500415b865e8b62775d4742cbb9f37146a50caecfc0e7a6fc0160d3c560fbca"
15 15
16S = "${WORKDIR}/gst-plugins-ugly-${PV}" 16S = "${WORKDIR}/gst-plugins-ugly-${PV}"
17 17
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins.inc b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins.inc
index bc24b05fec..92b473add6 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins.inc
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins.inc
@@ -3,7 +3,7 @@ HOMEPAGE = "http://gstreamer.freedesktop.org/"
3BUGTRACKER = "https://bugzilla.gnome.org/enter_bug.cgi?product=Gstreamer" 3BUGTRACKER = "https://bugzilla.gnome.org/enter_bug.cgi?product=Gstreamer"
4SECTION = "multimedia" 4SECTION = "multimedia"
5 5
6DEPENDS = "gstreamer1.0 glib-2.0-native" 6DEPENDS = "gstreamer1.0 glib-2.0-native make-native"
7 7
8SRC_URI_append = " file://gtk-doc-tweaks.patch" 8SRC_URI_append = " file://gtk-doc-tweaks.patch"
9 9
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python/0001-meson.build-fix-builds-with-python-3.8.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python/0001-meson.build-fix-builds-with-python-3.8.patch
new file mode 100644
index 0000000000..053108ad50
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python/0001-meson.build-fix-builds-with-python-3.8.patch
@@ -0,0 +1,24 @@
1From 61cfd1b49dc82baf14bb36d88b6c5be7b8c3d23a Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex.kanavin@gmail.com>
3Date: Mon, 2 Dec 2019 18:16:41 +0100
4Subject: [PATCH] meson.build: fix builds with python 3.8
5
6Upstream-Status: Submitted [https://gitlab.freedesktop.org/gstreamer/gst-python/merge_requests/14]
7Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
8---
9 meson.build | 2 +-
10 1 file changed, 1 insertion(+), 1 deletion(-)
11
12diff --git a/meson.build b/meson.build
13index 1da81d5..3e0db38 100644
14--- a/meson.build
15+++ b/meson.build
16@@ -24,7 +24,7 @@ pygobject_dep = dependency('pygobject-3.0', fallback: ['pygobject', 'pygobject_d
17
18 pymod = import('python')
19 python = pymod.find_installation(get_option('python'))
20-python_dep = python.dependency(required : true)
21+python_dep = dependency('python3-embed', required : true)
22
23 python_abi_flags = python.get_variable('ABIFLAGS', '')
24 pylib_loc = get_option('libpython-dir')
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.1.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.2.bb
index 5a950f183c..989556ce8b 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.1.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.2.bb
@@ -5,9 +5,11 @@ SECTION = "multimedia"
5LICENSE = "LGPLv2.1" 5LICENSE = "LGPLv2.1"
6LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740" 6LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740"
7 7
8SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" 8SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz \
9SRC_URI[md5sum] = "499645fbd1790c5845c02a3998dccc1b" 9 file://0001-meson.build-fix-builds-with-python-3.8.patch \
10SRC_URI[sha256sum] = "b469c8955126f41b8ce0bf689b7029f182cd305f422b3a8df35b780bd8347489" 10 "
11SRC_URI[md5sum] = "6ac709767334d8d0a71cb4e016f6abeb"
12SRC_URI[sha256sum] = "208df3148d73d9f416d016564737585d8ea763d91201732d44b5fe688c6288a8"
11 13
12DEPENDS = "gstreamer1.0 python3-pygobject" 14DEPENDS = "gstreamer1.0 python3-pygobject"
13RDEPENDS_${PN} += "gstreamer1.0 python3-pygobject" 15RDEPENDS_${PN} += "gstreamer1.0 python3-pygobject"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.1.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.2.bb
index 45302ef4f6..b7470b0047 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.1.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.2.bb
@@ -4,7 +4,7 @@ SECTION = "multimedia"
4LICENSE = "LGPLv2" 4LICENSE = "LGPLv2"
5LIC_FILES_CHKSUM = "file://COPYING;md5=6762ed442b3822387a51c92d928ead0d" 5LIC_FILES_CHKSUM = "file://COPYING;md5=6762ed442b3822387a51c92d928ead0d"
6 6
7DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base" 7DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base make-native"
8 8
9PNREAL = "gst-rtsp-server" 9PNREAL = "gst-rtsp-server"
10 10
@@ -13,8 +13,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.x
13 file://gtk-doc-tweaks.patch \ 13 file://gtk-doc-tweaks.patch \
14 " 14 "
15 15
16SRC_URI[md5sum] = "380d6a42e856c32fcefa508ad57129e0" 16SRC_URI[md5sum] = "8a998725820c771ba45be6e18bfdf73a"
17SRC_URI[sha256sum] = "b0abacad2f86f60d63781d2b24443c5668733e8b08664bbef94124906d700144" 17SRC_URI[sha256sum] = "de07a2837b3b04820ce68264a4909f70c221b85dbff0cede7926e9cdbb1dc26e"
18 18
19S = "${WORKDIR}/${PNREAL}-${PV}" 19S = "${WORKDIR}/${PNREAL}-${PV}"
20 20
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.1.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.2.bb
index 61cf705fd8..3170218abd 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.1.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.2.bb
@@ -13,8 +13,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.x
13 file://0001-vaapsink-downgrade-to-marginal.patch \ 13 file://0001-vaapsink-downgrade-to-marginal.patch \
14 " 14 "
15 15
16SRC_URI[md5sum] = "15b08f76777359d87b0b4a561db05f1f" 16SRC_URI[md5sum] = "13f7cb6a64bde24e67f563377487dcce"
17SRC_URI[sha256sum] = "cb570f6f1e78cb364fbe3c4fb8751824ee9db0c942ba61b62380b9b5abb7603a" 17SRC_URI[sha256sum] = "191de7b0ab64a85dd0875c990721e7be95518f60e2a9106beca162004ed7c601"
18 18
19S = "${WORKDIR}/${REALPN}-${PV}" 19S = "${WORKDIR}/${REALPN}-${PV}"
20DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad" 20DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.1.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb
index ff92f63bac..96a6ade22b 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.1.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb
@@ -6,7 +6,7 @@ BUGTRACKER = "https://bugzilla.gnome.org/enter_bug.cgi?product=Gstreamer"
6SECTION = "multimedia" 6SECTION = "multimedia"
7LICENSE = "LGPLv2+" 7LICENSE = "LGPLv2+"
8 8
9DEPENDS = "glib-2.0 glib-2.0-native libcap libxml2 bison-native flex-native" 9DEPENDS = "glib-2.0 glib-2.0-native libcap libxml2 bison-native flex-native make-native"
10 10
11inherit autotools pkgconfig gettext upstream-version-is-even gobject-introspection gtk-doc ptest 11inherit autotools pkgconfig gettext upstream-version-is-even gobject-introspection gtk-doc ptest
12 12
@@ -27,8 +27,8 @@ SRC_URI = " \
27 file://add-a-target-to-compile-tests.patch \ 27 file://add-a-target-to-compile-tests.patch \
28 file://run-ptest \ 28 file://run-ptest \
29" 29"
30SRC_URI[md5sum] = "c505fb818b36988daaa846e9e63eabe8" 30SRC_URI[md5sum] = "0e661ed5bdf1d8996e430228d022628e"
31SRC_URI[sha256sum] = "02211c3447c4daa55919c5c0f43a82a6fbb51740d57fc3af0639d46f1cf4377d" 31SRC_URI[sha256sum] = "e3f044246783fd685439647373fa13ba14f7ab0b346eadd06437092f8419e94e"
32 32
33PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \ 33PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \
34 " 34 "
diff --git a/meta/recipes-support/aspell/aspell/CVE-2019-20433-0001.patch b/meta/recipes-support/aspell/aspell/CVE-2019-20433-0001.patch
new file mode 100644
index 0000000000..fd68461e32
--- /dev/null
+++ b/meta/recipes-support/aspell/aspell/CVE-2019-20433-0001.patch
@@ -0,0 +1,999 @@
1From de29341638833ba7717bd6b5e6850998454b044b Mon Sep 17 00:00:00 2001
2From: Kevin Atkinson <kevina@gnu.org>
3Date: Sat, 17 Aug 2019 17:06:53 -0400
4Subject: [PATCH 1/2] Don't allow null-terminated UCS-2/4 strings using the
5 original API.
6
7Detect if the encoding is UCS-2/4 and the length is -1 in affected API
8functions and refuse to convert the string. If the string ends up
9being converted somehow, abort with an error message in DecodeDirect
10and ConvDirect. To convert a null terminated string in
11Decode/ConvDirect, a negative number corresponding to the width of the
12underlying character type for the encoding is expected; for example,
13if the encoding is "ucs-2" then a the size is expected to be -2.
14
15Also fix a 1-3 byte over-read in DecodeDirect when reading UCS-2/4
16strings when a size is provided (found by OSS-Fuzz).
17
18Also fix a bug in DecodeDirect that caused DocumentChecker to return
19the wrong offsets when working with UCS-2/4 strings.
20
21CVE: CVE-2019-20433
22Upstream-Status: Backport [https://github.com/GNUAspell/aspell/commit/de29341638833ba7717bd6b5e6850998454b044b]
23
24[SG: - adjusted context
25 - discarded test changes as test framework is not available
26 - discarded manual entry changes for features that aren't backported]
27Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
28---
29 auto/MkSrc/CcHelper.pm | 99 ++++++++++++++++++++++++++++++++++---
30 auto/MkSrc/Create.pm | 5 +-
31 auto/MkSrc/Info.pm | 5 +-
32 auto/MkSrc/ProcCc.pm | 24 +++++----
33 auto/MkSrc/ProcImpl.pm | 57 +++++++++++++++------
34 auto/MkSrc/Read.pm | 4 +-
35 auto/mk-src.in | 44 +++++++++++++++--
36 common/convert.cpp | 39 ++++++++++++---
37 common/convert.hpp | 38 +++++++++++++-
38 common/document_checker.cpp | 17 ++++++-
39 common/document_checker.hpp | 1 +
40 common/version.cpp | 15 ++++--
41 configure.ac | 8 +++
42 manual/aspell.texi | 58 ++++++++++++++++------
43 manual/readme.texi | 70 +++++++++++++++++++++-----
44 15 files changed, 409 insertions(+), 75 deletions(-)
45
46diff --git a/auto/MkSrc/CcHelper.pm b/auto/MkSrc/CcHelper.pm
47index f2de991..0044335 100644
48--- a/auto/MkSrc/CcHelper.pm
49+++ b/auto/MkSrc/CcHelper.pm
50@@ -10,8 +10,8 @@ BEGIN {
51 use Exporter;
52 our @ISA = qw(Exporter);
53 our @EXPORT = qw(to_c_return_type c_error_cond
54- to_type_name make_desc make_func call_func
55- make_c_method call_c_method form_c_method
56+ to_type_name make_desc make_func call_func get_c_func_name
57+ make_c_method make_wide_macro call_c_method form_c_method
58 make_cxx_method);
59 }
60
61@@ -90,6 +90,69 @@ sub make_func ( $ \@ $ ; \% ) {
62 ')'));
63 }
64
65+=item make_wide_version NAME @TYPES PARMS ; %ACCUM
66+
67+Creates the wide character version of the function if needed
68+
69+=cut
70+
71+sub make_wide_version ( $ \@ $ ; \% ) {
72+ my ($name, $d, $p, $accum) = @_;
73+ my @d = @$d;
74+ shift @d;
75+ return '' unless grep {$_->{type} eq 'encoded string'} @d;
76+ $accum->{sys_headers}{'stddef.h'} = true;
77+ $accum->{suffix}[5] = <<'---';
78+
79+/******************* private implemantion details *********************/
80+
81+#ifdef __cplusplus
82+# define aspell_cast_(type, expr) (static_cast<type>(expr))
83+# define aspell_cast_from_wide_(str) (static_cast<const void *>(str))
84+#else
85+# define aspell_cast_(type, expr) ((type)(expr))
86+# define aspell_cast_from_wide_(str) ((const char *)(str))
87+#endif
88+---
89+ my @parms = map {$_->{type} eq 'encoded string'
90+ ? ($_->{name}, $_->{name}.'_size')
91+ : $_->{name}} @d;
92+ $name = to_lower $name;
93+ $accum->{suffix}[0] = <<'---';
94+/**********************************************************************/
95+
96+#ifdef ASPELL_ENCODE_SETTING_SECURE
97+---
98+ $accum->{suffix}[2] = "#endif\n";
99+ my @args = map {$_->{type} eq 'encoded string'
100+ ? ($_->{name}, "$_->{name}_size", '-1')
101+ : $_->{name}} @d;
102+ $accum->{suffix}[1] .=
103+ (join '',
104+ "#define $name",
105+ '(', join(', ', @parms), ')',
106+ "\\\n ",
107+ $name, '_wide',
108+ '(', join(', ', @args), ')',
109+ "\n");
110+ @args = map {$_->{type} eq 'encoded string'
111+ ? ("aspell_cast_from_wide_($_->{name})",
112+ "$_->{name}_size*aspell_cast_(int,sizeof(*($_->{name})))",
113+ "sizeof(*($_->{name}))")
114+ : $_->{name}} @d;
115+ return (join '',
116+ "\n",
117+ "/* version of $name that is safe to use with (null terminated) wide characters */\n",
118+ '#define ',
119+ $name, '_w',
120+ '(', join(', ', @parms), ')',
121+ "\\\n ",
122+ $name, '_wide',
123+ '(', join(', ', @args), ')',
124+ "\n");
125+}
126+
127+
128 =item call_func NAME @TYPES PARMS ; %ACCUM
129
130 Return a string to call a func. Will prefix the function with return
131@@ -103,7 +166,6 @@ Parms can be any of:
132
133 sub call_func ( $ \@ $ ; \% ) {
134 my ($name, $d, $p, $accum) = @_;
135- $accum = {} unless defined $accum;
136 my @d = @$d;
137 my $func_ret = to_type_name(shift @d, {%$p,pos=>'return'}, %$accum);
138 return (join '',
139@@ -148,8 +210,14 @@ sub to_type_name ( $ $ ; \% ) {
140 my $name = $t->{name};
141 my $type = $t->{type};
142
143- return ( (to_type_name {%$d, type=>'string'}, $p, %$accum) ,
144- (to_type_name {%$d, type=>'int', name=>"$d->{name}_size"}, $p, %$accum) )
145+ if ($name eq 'encoded string' && $is_cc && $pos eq 'parm') {
146+ my @types = ((to_type_name {%$d, type=>($p->{wide}?'const void pointer':'string')}, $p, %$accum),
147+ (to_type_name {%$d, type=>'int', name=>"$d->{name}_size"}, $p, %$accum));
148+ push @types, (to_type_name {%$d, type=>'int', name=>"$d->{name}_type_width"}, $p, %$accum) if $p->{wide};
149+ return @types;
150+ }
151+ return ( (to_type_name {%$d, type=>($p->{wide}?'const void pointer':'string')}, $p, %$accum) ,
152+ (to_type_name {%$d, type=>'int', name=>"$d->{name}_size"}, $p, %$accum) )
153 if $name eq 'encoded string' && $is_cc && $pos eq 'parm';
154
155 my $str;
156@@ -174,7 +242,7 @@ sub to_type_name ( $ $ ; \% ) {
157 $str .= "String";
158 }
159 } elsif ($name eq 'encoded string') {
160- $str .= "const char *";
161+ $str .= $p->{wide} ? "const void *" : "const char *";
162 } elsif ($name eq '') {
163 $str .= "void";
164 } elsif ($name eq 'bool' && $is_cc) {
165@@ -186,7 +254,7 @@ sub to_type_name ( $ $ ; \% ) {
166 if ($t->{pointer}) {
167 $accum->{types}->{$name} = $t;
168 } else {
169- $accum->{headers}->{$t->{created_in}} = true;
170+ $accum->{headers}->{$t->{created_in}} = true unless $mode eq 'cc';
171 }
172 $str .= "$c_type Aspell" if $mode eq 'cc';
173 $str .= to_mixed($name);
174@@ -214,6 +282,7 @@ sub to_type_name ( $ $ ; \% ) {
175 return $str;
176 }
177
178+
179 =item make_desc DESC ; LEVEL
180
181 Make a C comment out of DESC optionally indenting it LEVEL spaces.
182@@ -286,6 +355,7 @@ sub form_c_method ($ $ $ ; \% )
183 } else {
184 $func = "aspell $class $name";
185 }
186+ $func .= " wide" if $p->{wide};
187 if (exists $d->{'const'}) {
188 splice @data, 1, 0, {type => "const $class", name=> $this_name};
189 } else {
190@@ -306,6 +376,21 @@ sub make_c_method ($ $ $ ; \%)
191 return &make_func(@ret);
192 }
193
194+sub get_c_func_name ($ $ $)
195+{
196+ my @ret = &form_c_method(@_);
197+ return undef unless @ret > 0;
198+ return to_lower $ret[0];
199+}
200+
201+sub make_wide_macro ($ $ $ ; \%)
202+{
203+ my @ret = &form_c_method(@_);
204+ return undef unless @ret > 0;
205+ my $str = &make_wide_version(@ret);
206+ return $str;
207+}
208+
209 sub call_c_method ($ $ $ ; \%)
210 {
211 my @ret = &form_c_method(@_);
212diff --git a/auto/MkSrc/Create.pm b/auto/MkSrc/Create.pm
213index d39b60e..630ede5 100644
214--- a/auto/MkSrc/Create.pm
215+++ b/auto/MkSrc/Create.pm
216@@ -77,8 +77,10 @@ sub create_cc_file ( % ) {
217 $file .= "#include \"aspell.h\"\n" if $p{type} eq 'cxx';
218 $file .= "#include \"settings.h\"\n" if $p{type} eq 'native_impl' && $p{name} eq 'errors';
219 $file .= "#include \"gettext.h\"\n" if $p{type} eq 'native_impl' && $p{name} eq 'errors';
220+ $file .= cmap {"#include <$_>\n"} sort keys %{$accum{sys_headers}};
221 $file .= cmap {"#include \"".to_lower($_).".hpp\"\n"} sort keys %{$accum{headers}};
222- $file .= "#ifdef __cplusplus\nextern \"C\" {\n#endif\n" if $p{header} && !$p{cxx};
223+ $file .= "\n#ifdef __cplusplus\nextern \"C\" {\n#endif\n" if $p{header} && !$p{cxx};
224+ $file .= join('', grep {defined $_} @{$accum{prefix}});
225 $file .= "\nnamespace $p{namespace} {\n\n" if $p{cxx};
226 if (defined $info{forward}{proc}{$p{type}}) {
227 my @types = sort {$a->{name} cmp $b->{name}} (values %{$accum{types}});
228@@ -86,6 +88,7 @@ sub create_cc_file ( % ) {
229 }
230 $file .= "\n";
231 $file .= $body;
232+ $file .= join('', grep {defined $_} @{$accum{suffix}});
233 $file .= "\n\n}\n\n" if $p{cxx};
234 $file .= "#ifdef __cplusplus\n}\n#endif\n" if $p{header} && !$p{cxx};
235 $file .= "#endif /* $hm */\n" if $p{header};
236diff --git a/auto/MkSrc/Info.pm b/auto/MkSrc/Info.pm
237index c644028..ace8e21 100644
238--- a/auto/MkSrc/Info.pm
239+++ b/auto/MkSrc/Info.pm
240@@ -60,6 +60,7 @@ each proc sub should take the following argv
241 the object from which it is a member of
242 no native: do not attempt to create a native implementation
243 treat as object: treat as a object rather than a pointer
244+ no conv: do not converted an encoded string
245
246 The %info structure is initialized as follows:
247
248@@ -104,8 +105,8 @@ The %info structure is initialized as follows:
249 errors => {}, # possible errors
250 method => {
251 # A class method
252- options => ['desc', 'posib err', 'c func', 'const',
253- 'c only', 'c impl', 'cxx impl'],
254+ options => ['desc', 'posib err', 'c func', 'const', 'no conv', 'on conv error',
255+ 'c only', 'c impl', 'cxx impl', 'cc extra'],
256 groups => undef},
257 constructor => {
258 # A class constructor
259diff --git a/auto/MkSrc/ProcCc.pm b/auto/MkSrc/ProcCc.pm
260index 47c4338..98cc435 100644
261--- a/auto/MkSrc/ProcCc.pm
262+++ b/auto/MkSrc/ProcCc.pm
263@@ -23,7 +23,7 @@ use MkSrc::Info;
264 sub make_c_object ( $ @ );
265
266 $info{group}{proc}{cc} = sub {
267- my ($data) = @_;
268+ my ($data,@rest) = @_;
269 my $ret;
270 my $stars = (70 - length $data->{name})/2;
271 $ret .= "/";
272@@ -33,14 +33,14 @@ $info{group}{proc}{cc} = sub {
273 $ret .= "/\n";
274 foreach my $d (@{$data->{data}}) {
275 $ret .= "\n\n";
276- $ret .= $info{$d->{type}}{proc}{cc}->($d);
277+ $ret .= $info{$d->{type}}{proc}{cc}->($d,@rest);
278 }
279 $ret .= "\n\n";
280 return $ret;
281 };
282
283 $info{enum}{proc}{cc} = sub {
284- my ($d) = @_;
285+ my ($d,@rest) = @_;
286 my $n = "Aspell".to_mixed($d->{name});
287 return ("\n".
288 make_desc($d->{desc}).
289@@ -58,21 +58,26 @@ $info{struct}{proc}{cc} = sub {
290 };
291
292 $info{union}{proc}{cc} = sub {
293- return make_c_object "union", $_[0];
294+ return make_c_object "union", @_;
295 };
296
297 $info{class}{proc}{cc} = sub {
298- my ($d) = @_;
299+ my ($d,$accum) = @_;
300 my $class = $d->{name};
301 my $classname = "Aspell".to_mixed($class);
302 my $ret = "";
303 $ret .= "typedef struct $classname $classname;\n\n";
304 foreach (@{$d->{data}}) {
305- my $s = make_c_method($class, $_, {mode=>'cc'});
306+ my $s = make_c_method($class, $_, {mode=>'cc'}, %$accum);
307 next unless defined $s;
308 $ret .= "\n";
309 $ret .= make_desc($_->{desc});
310- $ret .= make_c_method($class, $_, {mode=>'cc'}).";\n";
311+ $ret .= make_c_method($class, $_, {mode=>'cc'}, %$accum).";\n";
312+ if (grep {$_->{type} eq 'encoded string'} @{$_->{data}}) {
313+ $ret .= make_c_method($class, $_, {mode=>'cc', wide=>true}, %$accum).";\n";
314+ $ret .= make_wide_macro($class, $_, {mode=>'cc'}, %$accum);
315+ }
316+ $ret .= "\n".$_->{'cc extra'}."\n" if defined $_->{'cc extra'};
317 }
318 $ret .= "\n";
319 return $ret;
320@@ -105,7 +110,8 @@ $info{errors}{proc}{cc} = sub {
321 };
322
323 sub make_c_object ( $ @ ) {
324- my ($t, $d) = @_;
325+ my ($t, $d, $accum) = @_;
326+ $accum = {} unless defined $accum;
327 my $struct;
328 $struct .= "Aspell";
329 $struct .= to_mixed($d->{name});
330@@ -120,7 +126,7 @@ sub make_c_object ( $ @ ) {
331 "\n};\n"),
332 "typedef $t $struct $struct;",
333 join ("\n",
334- map {make_c_method($d->{name}, $_, {mode=>'cc'}).";"}
335+ map {make_c_method($d->{name}, $_, {mode=>'cc'}, %$accum).";"}
336 grep {$_->{type} eq 'method'}
337 @{$d->{data}})
338 )."\n";
339diff --git a/auto/MkSrc/ProcImpl.pm b/auto/MkSrc/ProcImpl.pm
340index b8628fd..3d0f220 100644
341--- a/auto/MkSrc/ProcImpl.pm
342+++ b/auto/MkSrc/ProcImpl.pm
343@@ -45,10 +45,13 @@ $info{class}{proc}{impl} = sub {
344 foreach (grep {$_ ne ''} split /\s*,\s*/, $data->{'c impl headers'}) {
345 $accum->{headers}{$_} = true;
346 }
347- foreach my $d (@{$data->{data}}) {
348+ my @d = @{$data->{data}};
349+ while (@d) {
350+ my $d = shift @d;
351+ my $need_wide = false;
352 next unless one_of $d->{type}, qw(method constructor destructor);
353 my @parms = @{$d->{data}} if exists $d->{data};
354- my $m = make_c_method $data->{name}, $d, {mode=>'cc_cxx', use_name=>true}, %$accum;
355+ my $m = make_c_method $data->{name}, $d, {mode=>'cc_cxx', use_name=>true, wide=>$d->{wide}}, %$accum;
356 next unless defined $m;
357 $ret .= "extern \"C\" $m\n";
358 $ret .= "{\n";
359@@ -57,24 +60,49 @@ $info{class}{proc}{impl} = sub {
360 } else {
361 if ($d->{type} eq 'method') {
362 my $ret_type = shift @parms;
363- my $ret_native = to_type_name $ret_type, {mode=>'native_no_err', pos=>'return'}, %$accum;
364+ my $ret_native = to_type_name $ret_type, {mode=>'native_no_err', pos=>'return', wide=>$d->{wide}}, %$accum;
365 my $snum = 0;
366+ my $call_fun = $d->{name};
367+ my @call_parms;
368 foreach (@parms) {
369 my $n = to_lower($_->{name});
370- if ($_->{type} eq 'encoded string') {
371- $accum->{headers}{'mutable string'} = true;
372- $accum->{headers}{'convert'} = true;
373- $ret .= " ths->temp_str_$snum.clear();\n";
374- $ret .= " ths->to_internal_->convert($n, ${n}_size, ths->temp_str_$snum);\n";
375- $ret .= " unsigned int s$snum = ths->temp_str_$snum.size();\n";
376- $_ = "MutableString(ths->temp_str_$snum.mstr(), s$snum)";
377- $snum++;
378+ if ($_->{type} eq 'encoded string' && !exists($d->{'no conv'})) {
379+ $need_wide = true unless $d->{wide};
380+ die unless exists $d->{'posib err'};
381+ $accum->{headers}{'mutable string'} = true;
382+ $accum->{headers}{'convert'} = true;
383+ my $name = get_c_func_name $data->{name}, $d, {mode=>'cc_cxx', use_name=>true, wide=>$d->{wide}};
384+ $ret .= " ths->temp_str_$snum.clear();\n";
385+ if ($d->{wide}) {
386+ $ret .= " ${n}_size = get_correct_size(\"$name\", ths->to_internal_->in_type_width(), ${n}_size, ${n}_type_width);\n";
387+ } else {
388+ $ret .= " PosibErr<int> ${n}_fixed_size = get_correct_size(\"$name\", ths->to_internal_->in_type_width(), ${n}_size);\n";
389+ if (exists($d->{'on conv error'})) {
390+ $ret .= " if (${n}_fixed_size.get_err()) {\n";
391+ $ret .= " ".$d->{'on conv error'}."\n";
392+ $ret .= " } else {\n";
393+ $ret .= " ${n}_size = ${n}_fixed_size;\n";
394+ $ret .= " }\n";
395+ } else {
396+ $ret .= " ths->err_.reset(${n}_fixed_size.release_err());\n";
397+ $ret .= " if (ths->err_ != 0) return ".(c_error_cond $ret_type).";\n";
398+ }
399+ }
400+ $ret .= " ths->to_internal_->convert($n, ${n}_size, ths->temp_str_$snum);\n";
401+ $ret .= " unsigned int s$snum = ths->temp_str_$snum.size();\n";
402+ push @call_parms, "MutableString(ths->temp_str_$snum.mstr(), s$snum)";
403+ $snum++;
404+ } elsif ($_->{type} eq 'encoded string') {
405+ $need_wide = true unless $d->{wide};
406+ push @call_parms, $n, "${n}_size";
407+ push @call_parms, "${n}_type_width" if $d->{wide};
408+ $call_fun .= " wide" if $d->{wide};
409 } else {
410- $_ = $n;
411+ push @call_parms, $n;
412 }
413 }
414- my $parms = '('.(join ', ', @parms).')';
415- my $exp = "ths->".to_lower($d->{name})."$parms";
416+ my $parms = '('.(join ', ', @call_parms).')';
417+ my $exp = "ths->".to_lower($call_fun)."$parms";
418 if (exists $d->{'posib err'}) {
419 $accum->{headers}{'posib err'} = true;
420 $ret .= " PosibErr<$ret_native> ret = $exp;\n";
421@@ -118,6 +146,7 @@ $info{class}{proc}{impl} = sub {
422 }
423 }
424 $ret .= "}\n\n";
425+ unshift @d,{%$d, wide=>true} if $need_wide;
426 }
427 return $ret;
428 };
429diff --git a/auto/MkSrc/Read.pm b/auto/MkSrc/Read.pm
430index 4b3d1d0..4bf640e 100644
431--- a/auto/MkSrc/Read.pm
432+++ b/auto/MkSrc/Read.pm
433@@ -88,13 +88,13 @@ sub advance ( ) {
434 $in_pod = $1 if $line =~ /^\=(\w+)/;
435 $line = '' if $in_pod;
436 $in_pod = undef if $in_pod && $in_pod eq 'cut';
437- $line =~ s/\#.*$//;
438+ $line =~ s/(?<!\\)\#.*$//;
439 $line =~ s/^(\t*)//;
440 $level = $base_level + length($1);
441 $line =~ s/\s*$//;
442 ++$base_level if $line =~ s/^\{$//;
443 --$base_level if $line =~ s/^\}$//;
444- $line =~ s/\\([{}])/$1/g;
445+ $line =~ s/\\([{}#\\])/$1/g;
446 } while ($line eq '');
447 #print "$level:$line\n";
448 }
449diff --git a/auto/mk-src.in b/auto/mk-src.in
450index 0e7833a..eb3353f 100644
451--- a/auto/mk-src.in
452+++ b/auto/mk-src.in
453@@ -608,6 +608,7 @@ errors:
454 invalid expression
455 mesg => "%expression" is not a valid regular expression.
456 parms => expression
457+
458 }
459 group: speller
460 {
461@@ -650,6 +651,7 @@ class: speller
462 posib err
463 desc => Returns 0 if it is not in the dictionary,
464 1 if it is, or -1 on error.
465+ on conv error => return 0;
466 /
467 bool
468 encoded string: word
469@@ -715,6 +717,8 @@ class: speller
470 desc => Return NULL on error.
471 The word list returned by suggest is only
472 valid until the next call to suggest.
473+ on conv error =>
474+ word = NULL; word_size = 0;
475 /
476 const word list
477 encoded string: word
478@@ -840,7 +844,6 @@ class: document checker
479 void
480
481 method: process
482-
483 desc => Process a string.
484 The string passed in should only be split on
485 white space characters. Furthermore, between
486@@ -849,10 +852,10 @@ class: document checker
487 in the document. Passing in strings out of
488 order, skipping strings or passing them in
489 more than once may lead to undefined results.
490+ no conv
491 /
492 void
493- string: str
494- int: size
495+ encoded string: str
496
497 method: next misspelling
498
499@@ -860,9 +863,23 @@ class: document checker
500 processed string. If there are no more
501 misspelled words, then token.word will be
502 NULL and token.size will be 0
503+ cc extra =>
504+ \#define aspell_document_checker_next_misspelling_w(type, ths) \\
505+ aspell_document_checker_next_misspelling_adj(ths, sizeof(type))
506 /
507 token object
508
509+ method: next misspelling adj
510+ desc => internal: do not use
511+ c impl =>
512+ Token res = ths->next_misspelling();
513+ res.offset /= type_width;
514+ res.len /= type_width;
515+ return res;
516+ /
517+ token object
518+ int: type_width
519+
520 method: filter
521
522 desc => Returns the underlying filter class.
523@@ -922,9 +939,30 @@ class: string enumeration
524 ths->from_internal_->append_null(ths->temp_str);
525 return ths->temp_str.data();
526 \}
527+ cc extra =>
528+ \#define aspell_string_enumeration_next_w(type, ths) \\
529+ aspell_cast_(const type *, aspell_string_enumeration_next_wide(ths, sizeof(type)))
530 /
531 const string
532
533+ method: next wide
534+ c impl =>
535+ const char * s = ths->next();
536+ if (s == 0) {
537+ return s;
538+ } else if (ths->from_internal_ == 0) \{
539+ assert(type_width == 1);
540+ return s;
541+ \} else \{
542+ assert(type_width == ths->from_internal_->out_type_width());
543+ ths->temp_str.clear();
544+ ths->from_internal_->convert(s,-1,ths->temp_str);
545+ ths->from_internal_->append_null(ths->temp_str);
546+ return ths->temp_str.data();
547+ \}
548+ /
549+ const void pointer
550+ int: type_width
551 }
552 group: info
553 {
554diff --git a/common/convert.cpp b/common/convert.cpp
555index 1add95a..7ae0317 100644
556--- a/common/convert.cpp
557+++ b/common/convert.cpp
558@@ -541,18 +541,25 @@ namespace acommon {
559 // Trivial Conversion
560 //
561
562+ const char * unsupported_null_term_wide_string_msg =
563+ "Null-terminated wide-character strings unsupported when used this way.";
564+
565 template <typename Chr>
566 struct DecodeDirect : public Decode
567 {
568+ DecodeDirect() {type_width = sizeof(Chr);}
569 void decode(const char * in0, int size, FilterCharVector & out) const {
570 const Chr * in = reinterpret_cast<const Chr *>(in0);
571- if (size == -1) {
572+ if (size == -sizeof(Chr)) {
573 for (;*in; ++in)
574- out.append(*in);
575+ out.append(*in, sizeof(Chr));
576+ } else if (size <= -1) {
577+ fprintf(stderr, "%s\n", unsupported_null_term_wide_string_msg);
578+ abort();
579 } else {
580- const Chr * stop = reinterpret_cast<const Chr *>(in0 +size);
581+ const Chr * stop = reinterpret_cast<const Chr *>(in0) + size/sizeof(Chr);
582 for (;in != stop; ++in)
583- out.append(*in);
584+ out.append(*in, sizeof(Chr));
585 }
586 }
587 PosibErr<void> decode_ec(const char * in0, int size,
588@@ -565,6 +572,7 @@ namespace acommon {
589 template <typename Chr>
590 struct EncodeDirect : public Encode
591 {
592+ EncodeDirect() {type_width = sizeof(Chr);}
593 void encode(const FilterChar * in, const FilterChar * stop,
594 CharVector & out) const {
595 for (; in != stop; ++in) {
596@@ -594,11 +602,15 @@ namespace acommon {
597 template <typename Chr>
598 struct ConvDirect : public DirectConv
599 {
600+ ConvDirect() {type_width = sizeof(Chr);}
601 void convert(const char * in0, int size, CharVector & out) const {
602- if (size == -1) {
603+ if (size == -sizeof(Chr)) {
604 const Chr * in = reinterpret_cast<const Chr *>(in0);
605 for (;*in != 0; ++in)
606 out.append(in, sizeof(Chr));
607+ } else if (size <= -1) {
608+ fprintf(stderr, "%s\n", unsupported_null_term_wide_string_msg);
609+ abort();
610 } else {
611 out.append(in0, size);
612 }
613@@ -1121,5 +1133,20 @@ namespace acommon {
614 }
615 return 0;
616 }
617-
618+
619+ PosibErr<void> unsupported_null_term_wide_string_err_(const char * func) {
620+ static bool reported_to_stderr = false;
621+ PosibErr<void> err = make_err(other_error, unsupported_null_term_wide_string_msg);
622+ if (!reported_to_stderr) {
623+ CERR.printf("ERROR: %s: %s\n", func, unsupported_null_term_wide_string_msg);
624+ reported_to_stderr = true;
625+ }
626+ return err;
627+ }
628+
629+ void unsupported_null_term_wide_string_abort_(const char * func) {
630+ CERR.printf("%s: %s\n", unsupported_null_term_wide_string_msg);
631+ abort();
632+ }
633+
634 }
635diff --git a/common/convert.hpp b/common/convert.hpp
636index 76332ee..c948973 100644
637--- a/common/convert.hpp
638+++ b/common/convert.hpp
639@@ -7,6 +7,8 @@
640 #ifndef ASPELL_CONVERT__HPP
641 #define ASPELL_CONVERT__HPP
642
643+#include "settings.h"
644+
645 #include "string.hpp"
646 #include "posib_err.hpp"
647 #include "char_vector.hpp"
648@@ -25,8 +27,9 @@ namespace acommon {
649 typedef const Config CacheConfig;
650 typedef const char * CacheKey;
651 String key;
652+ int type_width; // type width in bytes
653 bool cache_key_eq(const char * l) const {return key == l;}
654- ConvBase() {}
655+ ConvBase() : type_width(1) {}
656 private:
657 ConvBase(const ConvBase &);
658 void operator=(const ConvBase &);
659@@ -56,6 +59,8 @@ namespace acommon {
660 virtual ~Encode() {}
661 };
662 struct DirectConv { // convert directly from in_code to out_code.
663+ int type_width; // type width in bytes
664+ DirectConv() : type_width(1) {}
665 // should not take ownership of decode and encode.
666 // decode and encode guaranteed to stick around for the life
667 // of the object.
668@@ -126,6 +131,9 @@ namespace acommon {
669 const char * in_code() const {return decode_->key.c_str();}
670 const char * out_code() const {return encode_->key.c_str();}
671
672+ int in_type_width() const {return decode_->type_width;}
673+ int out_type_width() const {return encode_->type_width;}
674+
675 void append_null(CharVector & out) const
676 {
677 const char nul[4] = {0,0,0,0}; // 4 should be enough
678@@ -191,6 +199,10 @@ namespace acommon {
679 }
680 }
681
682+ void convert(const void * in, int size, CharVector & out) {
683+ convert(static_cast<const char *>(in), size, out);
684+ }
685+
686 void generic_convert(const char * in, int size, CharVector & out);
687
688 };
689@@ -412,6 +424,30 @@ namespace acommon {
690 return operator()(str, str + byte_size);}
691 };
692
693+#ifdef SLOPPY_NULL_TERM_STRINGS
694+ static const bool sloppy_null_term_strings = true;
695+#else
696+ static const bool sloppy_null_term_strings = false;
697+#endif
698+
699+ PosibErr<void> unsupported_null_term_wide_string_err_(const char * func);
700+ void unsupported_null_term_wide_string_abort_(const char * func);
701+
702+ static inline PosibErr<int> get_correct_size(const char * func, int conv_type_width, int size) {
703+ if (sloppy_null_term_strings && size <= -1)
704+ return -conv_type_width;
705+ if (size <= -1 && -conv_type_width != size)
706+ return unsupported_null_term_wide_string_err_(func);
707+ return size;
708+ }
709+ static inline int get_correct_size(const char * func, int conv_type_width, int size, int type_width) {
710+ if ((sloppy_null_term_strings || type_width <= -1) && size <= -1)
711+ return -conv_type_width;
712+ if (size <= -1 && conv_type_width != type_width)
713+ unsupported_null_term_wide_string_abort_(func);
714+ return size;
715+ }
716+
717 }
718
719 #endif
720diff --git a/common/document_checker.cpp b/common/document_checker.cpp
721index 5e510c4..0ccf1cd 100644
722--- a/common/document_checker.cpp
723+++ b/common/document_checker.cpp
724@@ -44,7 +44,9 @@ namespace acommon {
725 void DocumentChecker::process(const char * str, int size)
726 {
727 proc_str_.clear();
728- conv_->decode(str, size, proc_str_);
729+ PosibErr<int> fixed_size = get_correct_size("aspell_document_checker_process", conv_->in_type_width(), size);
730+ if (!fixed_size.has_err())
731+ conv_->decode(str, fixed_size, proc_str_);
732 proc_str_.append(0);
733 FilterChar * begin = proc_str_.pbegin();
734 FilterChar * end = proc_str_.pend() - 1;
735@@ -53,6 +55,19 @@ namespace acommon {
736 tokenizer_->reset(begin, end);
737 }
738
739+ void DocumentChecker::process_wide(const void * str, int size, int type_width)
740+ {
741+ proc_str_.clear();
742+ int fixed_size = get_correct_size("aspell_document_checker_process", conv_->in_type_width(), size, type_width);
743+ conv_->decode(static_cast<const char *>(str), fixed_size, proc_str_);
744+ proc_str_.append(0);
745+ FilterChar * begin = proc_str_.pbegin();
746+ FilterChar * end = proc_str_.pend() - 1;
747+ if (filter_)
748+ filter_->process(begin, end);
749+ tokenizer_->reset(begin, end);
750+ }
751+
752 Token DocumentChecker::next_misspelling()
753 {
754 bool correct;
755diff --git a/common/document_checker.hpp b/common/document_checker.hpp
756index d35bb88..11a3c73 100644
757--- a/common/document_checker.hpp
758+++ b/common/document_checker.hpp
759@@ -36,6 +36,7 @@ namespace acommon {
760 PosibErr<void> setup(Tokenizer *, Speller *, Filter *);
761 void reset();
762 void process(const char * str, int size);
763+ void process_wide(const void * str, int size, int type_width);
764 Token next_misspelling();
765
766 Filter * filter() {return filter_;}
767diff --git a/common/version.cpp b/common/version.cpp
768index 414d938..9e60b75 100644
769--- a/common/version.cpp
770+++ b/common/version.cpp
771@@ -1,8 +1,17 @@
772 #include "settings.h"
773
774-extern "C" const char * aspell_version_string() {
775 #ifdef NDEBUG
776- return VERSION " NDEBUG";
777+# define NDEBUG_STR " NDEBUG"
778+#else
779+# define NDEBUG_STR
780+#endif
781+
782+#ifdef SLOPPY_NULL_TERM_STRINGS
783+# define SLOPPY_STR " SLOPPY"
784+#else
785+# define SLOPPY_STR
786 #endif
787- return VERSION;
788+
789+extern "C" const char * aspell_version_string() {
790+ return VERSION NDEBUG_STR SLOPPY_STR;
791 }
792diff --git a/configure.ac b/configure.ac
793index 60e3b39..a5d51e3 100644
794--- a/configure.ac
795+++ b/configure.ac
796@@ -73,6 +73,9 @@ AC_ARG_ENABLE(filter-version-control,
797 AC_ARG_ENABLE(32-bit-hash-fun,
798 AS_HELP_STRING([--enable-32-bit-hash-fun],[use 32-bit hash function for compiled dictionaries]))
799
800+AC_ARG_ENABLE(sloppy-null-term-strings,
801+ AS_HELP_STRING([--enable-sloppy-null-term-strings],[allows allow null terminated UCS-2 and UCS-4 strings]))
802+
803 AC_ARG_ENABLE(pspell-compatibility,
804 AS_HELP_STRING([--disable-pspell-compatibility],[don't install pspell compatibility libraries]))
805
806@@ -141,6 +144,11 @@ then
807 AC_DEFINE(USE_32_BIT_HASH_FUN, 1, [Defined if 32-bit hash function should be used for compiled dictionaries.])
808 fi
809
810+if test "$enable_sloppy_null_term_strings" = "yes"
811+then
812+ AC_DEFINE(SLOPPY_NULL_TERM_STRINGS, 1, [Defined if null-terminated UCS-2 and UCS-4 strings should always be allowed.])
813+fi
814+
815 AM_CONDITIONAL(PSPELL_COMPATIBILITY,
816 [test "$enable_pspell_compatibility" != "no"])
817 AM_CONDITIONAL(INCREMENTED_SONAME,
818diff --git a/manual/aspell.texi b/manual/aspell.texi
819index 45fa091..f400e06 100644
820--- a/manual/aspell.texi
821+++ b/manual/aspell.texi
822@@ -158,7 +158,8 @@ Installing
823
824 * Generic Install Instructions::
825 * HTML Manuals and "make clean"::
826-* Curses Notes::
827+* Curses Notes::
828+* Upgrading from Aspell 0.60.7::
829 * Loadable Filter Notes::
830 * Upgrading from Aspell 0.50::
831 * Upgrading from Aspell .33/Pspell .12::
832@@ -2206,18 +2207,26 @@ int correct = aspell_speller_check(spell_checker, @var{word}, @var{size});
833 @end smallexample
834
835 @noindent
836-@var{word} is expected to be a @code{const char *} character
837-string. If the encoding is set to be @code{ucs-2} or
838-@code{ucs-4} @var{word} is expected to be a cast
839-from either @code{const u16int *} or @code{const u32int *}
840-respectively. @code{u16int} and @code{u32int} are generally
841-@code{unsigned short} and @code{unsigned int} respectively.
842-@var{size} is the length of the string or @code{-1} if the string
843-is null terminated. If the string is a cast from @code{const u16int
844-*} or @code{const u32int *} then @code{@i{size}} is the amount of
845-space in bytes the string takes up after being cast to @code{const
846-char *} and not the true size of the string. @code{sspell_speller_check}
847-will return @code{0} if it is not found and non-zero otherwise.
848+@var{word} is expected to be a @code{const char *} character string.
849+@var{size} is the length of the string or @code{-1} if the string is
850+null terminated. @code{aspell_speller_check} will return @code{0} if it is not found
851+and non-zero otherwise.
852+
853+If you are using the @code{ucs-2} or @code{ucs-4} encoding then the
854+string is expected to be either a 2 or 4 byte wide integer
855+(respectively) and the @code{_w} macro vesion should be used:
856+
857+@smallexample
858+int correct = aspell_speller_check_w(spell_checker, @var{word}, @var{size});
859+@end smallexample
860+
861+The macro will cast the string to to the correct type and convert
862+@var{size} into bytes for you and then a call the special wide version of the
863+function that will make sure the encoding is correct for the type
864+passed in. For compatibility with older versions of Aspell the normal
865+non-wide functions can still be used provided that the size of the
866+string, in bytes, is also passed in. Null terminated @code{ucs-2} or
867+@code{ucs-4} are no longer supported when using the non-wide functions.
868
869 If the word is not correct, then the @code{suggest} method can be used
870 to come up with likely replacements.
871@@ -2236,7 +2245,28 @@ delete_aspell_string_enumeration(elements);
872
873 Notice how @code{elements} is deleted but @code{suggestions} is not.
874 The value returned by @code{suggestions} is only valid to the next
875-call to @code{suggest}. Once a replacement is made the
876+call to @code{suggest}.
877+
878+If you are using the @code{ucs-2} or @code{ucs-4} encoding then, in
879+addition to using the @code{_w} macro for the @code{suggest} method, you
880+should also use the @code{_w} macro with the @code{next} method which
881+will cast the string to the correct type for you. For example, if you
882+are using the @code{ucs-2} encoding and the string is a @code{const
883+uint16_t *} then you should use:
884+
885+@smallexample
886+AspellWordList * suggestions = aspell_speller_suggest_w(spell_checker,
887+ @var{word}, @var{size});
888+AspellStringEnumeration * elements = aspell_word_list_elements(suggestions);
889+const uint16_t * word;
890+while ( (word = aspell_string_enumeration_next_w(uint16_t, aspell_elements)) != NULL )
891+@{
892+ // add to suggestion list
893+@}
894+delete_aspell_string_enumeration(elements);
895+@end smallexample
896+
897+Once a replacement is made the
898 @code{store_repl} method should be used to communicate the replacement
899 pair back to the spell checker (for the reason, @pxref{Notes on
900 Storing Replacement Pairs}). Its usage is as follows:
901diff --git a/manual/readme.texi b/manual/readme.texi
902index 669ab8e..531721f 100644
903--- a/manual/readme.texi
904+++ b/manual/readme.texi
905@@ -15,15 +15,16 @@ The latest version can always be found at GNU Aspell's home page at
906 @uref{http://aspell.net}.
907
908 @menu
909-* Generic Install Instructions::
910-* HTML Manuals and "make clean"::
911-* Curses Notes::
912-* Loadable Filter Notes::
913-* Using 32-Bit Dictionaries on a 64-Bit System::
914-* Upgrading from Aspell 0.50::
915-* Upgrading from Aspell .33/Pspell .12::
916-* Upgrading from a Pre-0.50 snapshot::
917-* WIN32 Notes::
918+* Generic Install Instructions::
919+* HTML Manuals and "make clean"::
920+* Curses Notes::
921+* Upgrading from Aspell 0.60.7::
922+* Loadable Filter Notes::
923+* Using 32-Bit Dictionaries on a 64-Bit System::
924+* Upgrading from Aspell 0.50::
925+* Upgrading from Aspell .33/Pspell .12::
926+* Upgrading from a Pre-0.50 snapshot::
927+* WIN32 Notes::
928 @end menu
929
930 @node Generic Install Instructions
931@@ -121,17 +122,62 @@ In addition your system must also support the @code{mblen} function.
932 Although this function was defined in the ISO C89 standard (ANSI
933 X3.159-1989), not all systems have it.
934
935+@node Upgrading from Aspell 0.60.7
936+@appendixsec Upgrading from Aspell 0.60.7
937+
938+To prevent a potentially unbounded buffer over-read, Aspell no longer
939+supports null-terminated UCS-2 and UCS-4 encoded strings with the
940+original C API. Null-termianted 8-bit or UTF-8 encoded strings are
941+still supported, as are UCS-2 and UCS-4 encoded strings when the
942+length is passed in.
943+
944+As of Aspell 0.60.8 a function from the original API that expects an
945+encoded string as a parameter will return meaningless results (or an
946+error code) if string is null terminated and the encoding is set to
947+@code{ucs-2} or @code{ucs-4}. In addition, a single:
948+@example
949+ERROR: aspell_speller_check: Null-terminated wide-character strings unsupported when used this way.
950+@end example
951+will be printed to standard error the first time one of those
952+functions is called.
953+
954+Application that use null-terminated UCS-2/4 strings should either (1)
955+use the interface intended for working with wide-characters
956+(@xref{Through the C API}); or (2) define
957+@code{ASPELL_ENCODE_SETTING_SECURE} before including @code{aspell.h}.
958+In the latter case is is important that the application explicitly
959+sets the encoding to a known value. Defining
960+@code{ASPELL_ENCODE_SETTING_SECURE} and not setting the encoding
961+explicitly or allowing user of the application to set the encoding
962+could result in an unbounded buffer over-read.
963+
964+If it is necessary to preserve binary compatibility with older
965+versions of Aspell, the easiest thing would be to determine the length
966+of the UCS-2/4 string---in bytes---and pass that in. Due to an
967+implemenation detail, existing API functions can be made to work with
968+null-terminated UCS-2/4 strings safely by passing in either @code{-2}
969+or @code{-4} (corresponding to the width of the character type) as the
970+size. Doing so, however, will cause a buffer over-read for unpatched
971+version of Aspell. To avoid this it will be necessary to parse the
972+version string to determine the correct value to use. However, no
973+official support will be provided for the latter method.
974+
975+If the application can not be recompiled, then Aspell can be configured
976+to preserve the old behavior by passing
977+@option{--enable-sloppy-null-term-strings} to @command{configure}. When Aspell
978+is compiled this way the version string will include the string
979+@samp{ SLOPPY}.
980+
981 @node Loadable Filter Notes
982 @appendixsec Loadable Filter Notes
983-
984+
985 Support for being able to load additional filter modules at run-time
986 has only been verified to work on Linux platforms. If you get linker
987 errors when trying to use a filter, then it is likely that loadable
988 filter support is not working yet on your platform. Thus, in order to
989 get Aspell to work correctly you will need to avoid compiling the
990 filters as individual modules by using the
991-@option{--enable-compile-in-filters} when configuring Aspell with
992-@command{./configure}.
993+@option{--enable-compile-in-filters} @command{configure} option.
994
995 @node Using 32-Bit Dictionaries on a 64-Bit System
996 @appendixsec Using 32-Bit Dictionaries on a 64-Bit System
997--
9982.17.1
999
diff --git a/meta/recipes-support/aspell/aspell/CVE-2019-20433-0002.patch b/meta/recipes-support/aspell/aspell/CVE-2019-20433-0002.patch
new file mode 100644
index 0000000000..9569ddeebe
--- /dev/null
+++ b/meta/recipes-support/aspell/aspell/CVE-2019-20433-0002.patch
@@ -0,0 +1,68 @@
1From cefd447e5528b08bb0cd6656bc52b4255692cefc Mon Sep 17 00:00:00 2001
2From: Kevin Atkinson <kevina@gnu.org>
3Date: Sat, 17 Aug 2019 20:25:21 -0400
4Subject: [PATCH 2/2] Increment library version to reflect API changes.
5
6CVE: CVE-2019-20433
7Upstream-Status: Backport [https://github.com/GNUAspell/aspell/commit/cefd447e5528b08bb0cd6656bc52b4255692cefc]
8
9Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
10---
11 Makefile.am | 31 +++++++++++++++++--------------
12 1 file changed, 17 insertions(+), 14 deletions(-)
13
14diff --git a/Makefile.am b/Makefile.am
15index 7e15851..19dc044 100644
16--- a/Makefile.am
17+++ b/Makefile.am
18@@ -94,18 +94,25 @@ libaspell_la_SOURCES =\
19
20 libaspell_la_LIBADD = $(LTLIBINTL) $(PTHREAD_LIB)
21
22-## Libtool to so name
23-## C:R:A => (C-A).(A).(R)
24-## 16:5:0 => 16.0.5
25-## 16:5:1 => 15.1.5
26-## 18:0:2 => 16.2.0
27-## 17:0:2 => 15.2.0
28-
29+## The version string is current[:revision[:age]]
30+##
31+## Before a release that has changed the source code at all
32+## increment revision.
33+##
34+## After merging changes that have changed the API in a backwards
35+## comptable way set revision to 0 and bump both current and age.
36+##
37+## Do not change the API in a backwards incompatible way.
38+##
39+## See "Libtool: Updating version info"
40+## (https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html)
41+## for more into
42+##
43 if INCREMENTED_SONAME
44-libaspell_la_LDFLAGS = -version-info 18:0:2 -no-undefined
45+libaspell_la_LDFLAGS = -version-info 19:0:3 -no-undefined
46 else
47 ## Use C-1:R:A
48-libaspell_la_LDFLAGS = -version-info 17:0:2 -no-undefined
49+libaspell_la_LDFLAGS = -version-info 18:0:3 -no-undefined
50 endif
51
52 if PSPELL_COMPATIBILITY
53@@ -113,11 +120,7 @@ libpspell_la_SOURCES = lib/dummy.cpp
54
55 libpspell_la_LIBADD = libaspell.la
56
57-if INCREMENTED_SONAME
58-libpspell_la_LDFLAGS = -version-info 18:0:2 -no-undefined
59-else
60-libpspell_la_LDFLAGS = -version-info 17:0:2 -no-undefined
61-endif
62+libpspell_la_LDFLAGS = $(libaspell_la_LDFLAGS)
63
64 endif
65
66--
672.17.1
68
diff --git a/meta/recipes-support/aspell/aspell_0.60.7.bb b/meta/recipes-support/aspell/aspell_0.60.7.bb
index b565cb3c6e..1e104c263c 100644
--- a/meta/recipes-support/aspell/aspell_0.60.7.bb
+++ b/meta/recipes-support/aspell/aspell_0.60.7.bb
@@ -8,6 +8,8 @@ PR = "r1"
8 8
9SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz \ 9SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz \
10 file://0001-Fix-various-bugs-found-by-OSS-Fuze.patch \ 10 file://0001-Fix-various-bugs-found-by-OSS-Fuze.patch \
11 file://CVE-2019-20433-0001.patch \
12 file://CVE-2019-20433-0002.patch \
11 " 13 "
12SRC_URI[md5sum] = "8ef2252609c511cd2bb26f3a3932ef28" 14SRC_URI[md5sum] = "8ef2252609c511cd2bb26f3a3932ef28"
13SRC_URI[sha256sum] = "5ca8fc8cb0370cc6c9eb5b64c6d1bc5d57b3750dbf17887726c3407d833b70e4" 15SRC_URI[sha256sum] = "5ca8fc8cb0370cc6c9eb5b64c6d1bc5d57b3750dbf17887726c3407d833b70e4"
diff --git a/meta/recipes-support/attr/acl_2.2.52.bb b/meta/recipes-support/attr/acl_2.2.52.bb
index 6bc77d868d..31ec64a43d 100644
--- a/meta/recipes-support/attr/acl_2.2.52.bb
+++ b/meta/recipes-support/attr/acl_2.2.52.bb
@@ -25,6 +25,9 @@ SRC_URI[sha256sum] = "179074bb0580c06c4b4137be4c5a92a701583277967acdb5546043c787
25 25
26require ea-acl.inc 26require ea-acl.inc
27 27
28# Has issues with newer versions of make
29PARALLEL_MAKEINST = ""
30
28# avoid RPATH hardcode to staging dir 31# avoid RPATH hardcode to staging dir
29do_configure_append() { 32do_configure_append() {
30 sed -i ${S}/config.status -e s,^\\\(hardcode_into_libs=\\\).*$,\\1\'no\', 33 sed -i ${S}/config.status -e s,^\\\(hardcode_into_libs=\\\).*$,\\1\'no\',
diff --git a/meta/recipes-support/attr/attr_2.4.47.bb b/meta/recipes-support/attr/attr_2.4.47.bb
index fc88bef830..c3da66a0c7 100644
--- a/meta/recipes-support/attr/attr_2.4.47.bb
+++ b/meta/recipes-support/attr/attr_2.4.47.bb
@@ -12,4 +12,7 @@ SRC_URI += "file://attr-Missing-configure.ac.patch \
12SRC_URI[md5sum] = "84f58dec00b60f2dc8fd1c9709291cc7" 12SRC_URI[md5sum] = "84f58dec00b60f2dc8fd1c9709291cc7"
13SRC_URI[sha256sum] = "25772f653ac5b2e3ceeb89df50e4688891e21f723c460636548971652af0a859" 13SRC_URI[sha256sum] = "25772f653ac5b2e3ceeb89df50e4688891e21f723c460636548971652af0a859"
14 14
15# Has issues with newer versions of make
16PARALLEL_MAKEINST = ""
17
15BBCLASSEXTEND = "native nativesdk" 18BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-support/gnupg/gnupg_2.2.17.bb b/meta/recipes-support/gnupg/gnupg_2.2.19.bb
index 689cf8a75e..a0577d61d3 100644
--- a/meta/recipes-support/gnupg/gnupg_2.2.17.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.2.19.bb
@@ -19,8 +19,8 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
19SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \ 19SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \
20 file://relocate.patch" 20 file://relocate.patch"
21 21
22SRC_URI[md5sum] = "1ba2d9b70c377f8e967742064c27a19c" 22SRC_URI[md5sum] = "cb3b373d08ba078c325299945a7f2818"
23SRC_URI[sha256sum] = "afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514" 23SRC_URI[sha256sum] = "242554c0e06f3a83c420b052f750b65ead711cc3fddddb5e7274fcdbb4e9dec0"
24 24
25EXTRA_OECONF = "--disable-ldap \ 25EXTRA_OECONF = "--disable-ldap \
26 --disable-ccid-driver \ 26 --disable-ccid-driver \
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-a.patch b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-a.patch
new file mode 100644
index 0000000000..1811afc2ff
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-a.patch
@@ -0,0 +1,90 @@
1From 6e798091d057de6b7f94b9dede4c5c919ec41f89 Mon Sep 17 00:00:00 2001
2From: Daiki Ueno <ueno@gnu.org>
3Date: Tue, 2 Jun 2020 20:53:11 +0200
4Subject: [PATCH 1/3] stek: differentiate initial state from valid time window
5 of TOTP
6
7commit c2646aeee94e71cb15c90a3147cf3b5b0ca158ca from https://gitlab.com/gnutls/gnutls.git
8
9There was a confusion in the TOTP implementation in stek.c. When the
10mechanism is initialized at the first time, it records the timestamp
11but doesn't initialize the key. This removes the timestamp recording
12at the initialization phase, so the key is properly set later.
13
14Upstream-Status: Backport
15
16Signed-off-by: Daiki Ueno <ueno@gnu.org>
17Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
18---
19 lib/stek.c | 17 +++++------------
20 tests/resume-with-previous-stek.c | 4 ++--
21 tests/tls13/prf-early.c | 8 ++++----
22 3 files changed, 11 insertions(+), 18 deletions(-)
23
24diff --git a/lib/stek.c b/lib/stek.c
25index 2f885ce..5ab9e7d 100644
26--- a/lib/stek.c
27+++ b/lib/stek.c
28@@ -323,20 +323,13 @@ int _gnutls_initialize_session_ticket_key_rotation(gnutls_session_t session, con
29 if (unlikely(session == NULL || key == NULL))
30 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
31
32- if (session->key.totp.last_result == 0) {
33- int64_t t;
34- memcpy(session->key.initial_stek, key->data, key->size);
35- t = totp_next(session);
36- if (t < 0)
37- return gnutls_assert_val(t);
38+ if (unlikely(session->key.totp.last_result != 0))
39+ return GNUTLS_E_INVALID_REQUEST;
40
41- session->key.totp.last_result = t;
42- session->key.totp.was_rotated = 0;
43-
44- return GNUTLS_E_SUCCESS;
45- }
46+ memcpy(session->key.initial_stek, key->data, key->size);
47
48- return GNUTLS_E_INVALID_REQUEST;
49+ session->key.totp.was_rotated = 0;
50+ return 0;
51 }
52
53 /*
54diff --git a/tests/resume-with-previous-stek.c b/tests/resume-with-previous-stek.c
55index f212b18..05c1c90 100644
56--- a/tests/resume-with-previous-stek.c
57+++ b/tests/resume-with-previous-stek.c
58@@ -196,8 +196,8 @@ static void server(int fd, unsigned rounds, const char *prio)
59 serverx509cred = NULL;
60 }
61
62- if (num_stek_rotations != 2)
63- fail("STEK should be rotated exactly twice (%d)!\n", num_stek_rotations);
64+ if (num_stek_rotations != 3)
65+ fail("STEK should be rotated exactly three times (%d)!\n", num_stek_rotations);
66
67 if (serverx509cred)
68 gnutls_certificate_free_credentials(serverx509cred);
69diff --git a/tests/tls13/prf-early.c b/tests/tls13/prf-early.c
70index 414b1db..bc31962 100644
71--- a/tests/tls13/prf-early.c
72+++ b/tests/tls13/prf-early.c
73@@ -123,10 +123,10 @@ static void dump(const char *name, const uint8_t *data, unsigned data_size)
74 } \
75 }
76
77-#define KEY_EXP_VALUE "\xc0\x1e\xc2\xa4\xb7\xb4\x04\xaa\x91\x5d\xaf\xe8\xf7\x4d\x19\xdf\xd0\xe6\x08\xd6\xb4\x3b\xcf\xca\xc9\x32\x75\x3b\xe3\x11\x19\xb1\xac\x68"
78-#define HELLO_VALUE "\x77\xdb\x10\x0b\xe8\xd0\xb9\x38\xbc\x49\xe6\xbe\xf2\x47\x2a\xcc\x6b\xea\xce\x85\x04\xd3\x9e\xd8\x06\x16\xad\xff\xcd\xbf\x4b"
79-#define CONTEXT_VALUE "\xf2\x17\x9f\xf2\x66\x56\x87\x66\xf9\x5c\x8a\xd7\x4e\x1d\x46\xee\x0e\x44\x41\x4c\xcd\xac\xcb\xc0\x31\x41\x2a\xb6\xd7\x01\x62"
80-#define NULL_CONTEXT_VALUE "\xcd\x79\x07\x93\xeb\x96\x07\x3e\xec\x78\x90\x89\xf7\x16\x42\x6d\x27\x87\x56\x7c\x7b\x60\x2b\x20\x44\xd1\xea\x0c\x89\xfb\x8b"
81+#define KEY_EXP_VALUE "\xc1\x6b\x6c\xb9\x88\x33\xd5\x28\x80\xec\x27\x87\xa2\x6f\x4b\xd0\x01\x5e\x7f\xca\xd7\xd4\x8a\x3f\xe2\x48\x92\xef\x02\x14\xfb\x81\x90\x04"
82+#define HELLO_VALUE "\x2a\x73\xd9\x74\x04\x4e\x0a\x5f\x41\x8a\x09\xcb\x45\x33\x1a\xec\xd3\xfc\xdc\x1b\x2c\x67\x26\xe4\x9c\xfe\x1f\xa5\x74\xf1\x4f"
83+#define CONTEXT_VALUE "\x87\xf6\x88\xe3\xd7\xf2\x05\xbc\xa4\x10\xa3\x48\x9f\xf5\xcf\x97\x06\x22\x4e\xfd\x18\x32\x52\x1d\xbd\x26\xf5\x5b\x21\x20\xec"
84+#define NULL_CONTEXT_VALUE "\xf9\xca\xfe\x45\x44\x96\xdb\xc5\x41\x8f\x7e\x8e\xd7\xb0\x7d\x19\x45\xaf\x09\xbc\x1e\x82\x94\xac\x55\xe5\xb9\xb4\x3b\xe8\xc0"
85
86 static int handshake_callback_called;
87
88--
892.17.1
90
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-b.patch b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-b.patch
new file mode 100644
index 0000000000..12486e1710
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-b.patch
@@ -0,0 +1,137 @@
1From 6c7f9703e42bc5278d0a4a6f0a39d07d62123ea3 Mon Sep 17 00:00:00 2001
2From: Daiki Ueno <dueno@redhat.com>
3Date: Tue, 31 Mar 2020 06:58:48 +0200
4Subject: [PATCH 2/3] build: use valgrind client request to detect undefined
5 memory use
6
7commit 50ad8778a81f9421effa4c5a3b457f98e559b178 from https://gitlab.com/gnutls/gnutls.git
8
9This tightens the check introduced in
10ac2f71b892d13a7ab4cc39086eef179042c7e23c, by using the valgrind client
11request to explicitly mark the "uninitialized but initialization is
12needed before use" regions. With this patch and the
13fix (c01011c2d8533dbbbe754e49e256c109cb848d0d) reverted, you will see
14the following error when running dtls_hello_random_value under
15valgrind:
16
17 $ valgrind ./dtls_hello_random_value
18 testing: default
19 ==520145== Conditional jump or move depends on uninitialised value(s)
20 ==520145== at 0x4025F5: hello_callback (dtls_hello_random_value.c:90)
21 ==520145== by 0x488BF97: _gnutls_call_hook_func (handshake.c:1215)
22 ==520145== by 0x488C1AA: _gnutls_send_handshake2 (handshake.c:1332)
23 ==520145== by 0x488FC7E: send_client_hello (handshake.c:2290)
24 ==520145== by 0x48902A1: handshake_client (handshake.c:2908)
25 ==520145== by 0x48902A1: gnutls_handshake (handshake.c:2740)
26 ==520145== by 0x402CB3: client (dtls_hello_random_value.c:153)
27 ==520145== by 0x402CB3: start (dtls_hello_random_value.c:317)
28 ==520145== by 0x402EFE: doit (dtls_hello_random_value.c:331)
29 ==520145== by 0x4023D4: main (utils.c:254)
30 ==520145==
31
32Upstream-Status: Backport
33
34Signed-off-by: Daiki Ueno <dueno@redhat.com>
35Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
36---
37 configure.ac | 2 ++
38 lib/handshake.c | 15 +++++++++++++++
39 lib/state.c | 21 ++++++++++++++++++---
40 3 files changed, 35 insertions(+), 3 deletions(-)
41
42diff --git a/configure.ac b/configure.ac
43index 172cf42..12da283 100644
44--- a/configure.ac
45+++ b/configure.ac
46@@ -233,6 +233,8 @@ AS_IF([test "$ac_cv_search___atomic_load_4" = "none required" || test "$ac_cv_se
47 dnl We use its presence to detect C11 threads
48 AC_CHECK_HEADERS([threads.h])
49
50+AC_CHECK_HEADERS([valgrind/memcheck.h])
51+
52 AC_ARG_ENABLE(padlock,
53 AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]),
54 use_padlock=$enableval)
55diff --git a/lib/handshake.c b/lib/handshake.c
56index 84a0e52..8d58fa4 100644
57--- a/lib/handshake.c
58+++ b/lib/handshake.c
59@@ -57,6 +57,9 @@
60 #include "secrets.h"
61 #include "tls13/session_ticket.h"
62 #include "locks.h"
63+#ifdef HAVE_VALGRIND_MEMCHECK_H
64+#include <valgrind/memcheck.h>
65+#endif
66
67 #define TRUE 1
68 #define FALSE 0
69@@ -242,6 +245,12 @@ int _gnutls_gen_client_random(gnutls_session_t session)
70 return gnutls_assert_val(ret);
71 }
72
73+#ifdef HAVE_VALGRIND_MEMCHECK_H
74+ if (RUNNING_ON_VALGRIND)
75+ VALGRIND_MAKE_MEM_DEFINED(session->security_parameters.client_random,
76+ GNUTLS_RANDOM_SIZE);
77+#endif
78+
79 return 0;
80 }
81
82@@ -320,6 +329,12 @@ int _gnutls_gen_server_random(gnutls_session_t session, int version)
83 return ret;
84 }
85
86+#ifdef HAVE_VALGRIND_MEMCHECK_H
87+ if (RUNNING_ON_VALGRIND)
88+ VALGRIND_MAKE_MEM_DEFINED(session->security_parameters.server_random,
89+ GNUTLS_RANDOM_SIZE);
90+#endif
91+
92 return 0;
93 }
94
95diff --git a/lib/state.c b/lib/state.c
96index 0e1d155..98900c1 100644
97--- a/lib/state.c
98+++ b/lib/state.c
99@@ -55,6 +55,9 @@
100 #include "ext/cert_types.h"
101 #include "locks.h"
102 #include "kx.h"
103+#ifdef HAVE_VALGRIND_MEMCHECK_H
104+#include <valgrind/memcheck.h>
105+#endif
106
107 /* to be used by supplemental data support to disable TLS1.3
108 * when supplemental data have been globally registered */
109@@ -564,10 +567,22 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags)
110 UINT32_MAX;
111 }
112
113- /* everything else not initialized here is initialized
114- * as NULL or 0. This is why calloc is used.
115+ /* Everything else not initialized here is initialized as NULL
116+ * or 0. This is why calloc is used. However, we want to
117+ * ensure that certain portions of data are initialized at
118+ * runtime before being used. Mark such regions with a
119+ * valgrind client request as undefined.
120 */
121-
122+#ifdef HAVE_VALGRIND_MEMCHECK_H
123+ if (RUNNING_ON_VALGRIND) {
124+ if (flags & GNUTLS_CLIENT)
125+ VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.client_random,
126+ GNUTLS_RANDOM_SIZE);
127+ if (flags & GNUTLS_SERVER)
128+ VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.server_random,
129+ GNUTLS_RANDOM_SIZE);
130+ }
131+#endif
132 handshake_internal_state_clear1(*session);
133
134 #ifdef HAVE_WRITEV
135--
1362.17.1
137
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-c.patch b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-c.patch
new file mode 100644
index 0000000000..2d8efeb889
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-c.patch
@@ -0,0 +1,68 @@
1From b34da057dc9eb01df30b436ba9cb047c21fb0151 Mon Sep 17 00:00:00 2001
2From: Daiki Ueno <ueno@gnu.org>
3Date: Tue, 2 Jun 2020 21:45:17 +0200
4Subject: [PATCH 3/3] valgrind: check if session ticket key is used without
5 initialization
6
7commit 3d7fae761e65e9d0f16d7247ee8a464d4fe002da from https://gitlab.com/gnutls/gnutls.git
8
9This adds a valgrind client request for
10session->key.session_ticket_key to make sure that it is not used
11without initialization.
12
13Upstream-Status: Backport
14
15Signed-off-by: Daiki Ueno <ueno@gnu.org>
16Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
17---
18 lib/state.c | 5 ++++-
19 lib/stek.c | 8 ++++++++
20 2 files changed, 12 insertions(+), 1 deletion(-)
21
22diff --git a/lib/state.c b/lib/state.c
23index 98900c1..cabdf7d 100644
24--- a/lib/state.c
25+++ b/lib/state.c
26@@ -578,9 +578,12 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags)
27 if (flags & GNUTLS_CLIENT)
28 VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.client_random,
29 GNUTLS_RANDOM_SIZE);
30- if (flags & GNUTLS_SERVER)
31+ if (flags & GNUTLS_SERVER) {
32 VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.server_random,
33 GNUTLS_RANDOM_SIZE);
34+ VALGRIND_MAKE_MEM_UNDEFINED((*session)->key.session_ticket_key,
35+ TICKET_MASTER_KEY_SIZE);
36+ }
37 }
38 #endif
39 handshake_internal_state_clear1(*session);
40diff --git a/lib/stek.c b/lib/stek.c
41index 5ab9e7d..316555b 100644
42--- a/lib/stek.c
43+++ b/lib/stek.c
44@@ -21,6 +21,9 @@
45 */
46 #include "gnutls_int.h"
47 #include "stek.h"
48+#ifdef HAVE_VALGRIND_MEMCHECK_H
49+#include <valgrind/memcheck.h>
50+#endif
51
52 #define NAME_POS (0)
53 #define KEY_POS (TICKET_KEY_NAME_SIZE)
54@@ -143,6 +146,11 @@ static int rotate(gnutls_session_t session)
55 call_rotation_callback(session, key, t);
56 session->key.totp.last_result = t;
57 memcpy(session->key.session_ticket_key, key, sizeof(key));
58+#ifdef HAVE_VALGRIND_MEMCHECK_H
59+ if (RUNNING_ON_VALGRIND)
60+ VALGRIND_MAKE_MEM_DEFINED(session->key.session_ticket_key,
61+ TICKET_MASTER_KEY_SIZE);
62+#endif
63
64 session->key.totp.was_rotated = 1;
65 } else if (t < 0) {
66--
672.17.1
68
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch b/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch
new file mode 100644
index 0000000000..1702325e66
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch
@@ -0,0 +1,117 @@
1From 29ee67c205855e848a0a26e6d0e4f65b6b943e0a Mon Sep 17 00:00:00 2001
2From: Daiki Ueno <ueno@gnu.org>
3Date: Sat, 22 Aug 2020 17:19:39 +0200
4Subject: [PATCH] handshake: reject no_renegotiation alert if handshake is
5 incomplete
6
7If the initial handshake is incomplete and the server sends a
8no_renegotiation alert, the client should treat it as a fatal error
9even if its level is warning. Otherwise the same handshake
10state (e.g., DHE parameters) are reused in the next gnutls_handshake
11call, if it is called in the loop idiom:
12
13 do {
14 ret = gnutls_handshake(session);
15 } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
16
17Signed-off-by: Daiki Ueno <ueno@gnu.org>
18CVE: CVE-2020-24659
19Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls.git]
20Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
21---
22 lib/gnutls_int.h | 1 +
23 lib/handshake.c | 48 +++++++++++++-----
24 2 files changed, 36 insertions(+), 13 deletions(-)
25
26diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
27index bb6c19713..31cec5c0c 100644
28--- a/lib/gnutls_int.h
29+++ b/lib/gnutls_int.h
30@@ -1370,6 +1370,7 @@ typedef struct {
31 #define HSK_RECORD_SIZE_LIMIT_RECEIVED (1<<26) /* server: record_size_limit extension was seen but not accepted yet */
32 #define HSK_OCSP_REQUESTED (1<<27) /* server: client requested OCSP stapling */
33 #define HSK_CLIENT_OCSP_REQUESTED (1<<28) /* client: server requested OCSP stapling */
34+#define HSK_SERVER_HELLO_RECEIVED (1<<29) /* client: Server Hello message has been received */
35
36 /* The hsk_flags are for use within the ongoing handshake;
37 * they are reset to zero prior to handshake start by gnutls_handshake. */
38diff --git a/lib/handshake.c b/lib/handshake.c
39index b40f84b3d..ce2d160e2 100644
40--- a/lib/handshake.c
41+++ b/lib/handshake.c
42@@ -2051,6 +2051,8 @@ read_server_hello(gnutls_session_t session,
43 if (ret < 0)
44 return gnutls_assert_val(ret);
45
46+ session->internals.hsk_flags |= HSK_SERVER_HELLO_RECEIVED;
47+
48 return 0;
49 }
50
51@@ -2575,16 +2577,42 @@ int gnutls_rehandshake(gnutls_session_t session)
52 return 0;
53 }
54
55+/* This function checks whether the error code should be treated fatal
56+ * or not, and also does the necessary state transition. In
57+ * particular, in the case of a rehandshake abort it resets the
58+ * handshake's internal state.
59+ */
60 inline static int
61 _gnutls_abort_handshake(gnutls_session_t session, int ret)
62 {
63- if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
64- (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION))
65- || ret == GNUTLS_E_GOT_APPLICATION_DATA)
66- return 0;
67+ switch (ret) {
68+ case GNUTLS_E_WARNING_ALERT_RECEIVED:
69+ if (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION) {
70+ /* The server always toleretes a "no_renegotiation" alert. */
71+ if (session->security_parameters.entity == GNUTLS_SERVER) {
72+ STATE = STATE0;
73+ return ret;
74+ }
75+
76+ /* The client should tolerete a "no_renegotiation" alert only if:
77+ * - the initial handshake has completed, or
78+ * - a Server Hello is not yet received
79+ */
80+ if (session->internals.initial_negotiation_completed ||
81+ !(session->internals.hsk_flags & HSK_SERVER_HELLO_RECEIVED)) {
82+ STATE = STATE0;
83+ return ret;
84+ }
85
86- /* this doesn't matter */
87- return GNUTLS_E_INTERNAL_ERROR;
88+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
89+ }
90+ return ret;
91+ case GNUTLS_E_GOT_APPLICATION_DATA:
92+ STATE = STATE0;
93+ return ret;
94+ default:
95+ return ret;
96+ }
97 }
98
99
100@@ -2747,13 +2774,7 @@ int gnutls_handshake(gnutls_session_t session)
101 }
102
103 if (ret < 0) {
104- /* In the case of a rehandshake abort
105- * we should reset the handshake's internal state.
106- */
107- if (_gnutls_abort_handshake(session, ret) == 0)
108- STATE = STATE0;
109-
110- return ret;
111+ return _gnutls_abort_handshake(session, ret);
112 }
113
114 /* clear handshake buffer */
115--
1162.17.0
117
diff --git a/meta/recipes-support/gnutls/gnutls/posix-shell.patch b/meta/recipes-support/gnutls/gnutls/posix-shell.patch
deleted file mode 100644
index 938e2d1e18..0000000000
--- a/meta/recipes-support/gnutls/gnutls/posix-shell.patch
+++ /dev/null
@@ -1,39 +0,0 @@
1Don't embed the path to the build-time POSIX shell as this will be
2$TMPDIR/hosttools/bash, which is no good on the target.
3
4Instead default to /bin/sh but allow it to be set in the environment.
5
6This isn't really upstreamable but I filed a bug at
7https://gitlab.com/gnutls/gnutls/issues/807 and hope a proper fix will be
8integrated.
9
10Upstream-Status: Inappropriate
11Signed-off-by: Ross Burton <ross.burton@intel.com>
12
13diff --git a/src/libopts/m4/libopts.m4 b/src/libopts/m4/libopts.m4
14index c6ad738..a62faca 100644
15--- a/src/libopts/m4/libopts.m4
16+++ b/src/libopts/m4/libopts.m4
17@@ -112,21 +112,7 @@ AC_DEFUN([INVOKE_LIBOPTS_MACROS_FIRST],[
18 AC_CHECK_FUNCS([mmap canonicalize_file_name snprintf strdup strchr \
19 strrchr strsignal fchmod fstat chmod])
20 AC_PROG_SED
21- [while :
22- do
23- POSIX_SHELL=`which bash`
24- test -x "$POSIX_SHELL" && break
25- POSIX_SHELL=`which dash`
26- test -x "$POSIX_SHELL" && break
27- POSIX_SHELL=/usr/xpg4/bin/sh
28- test -x "$POSIX_SHELL" && break
29- POSIX_SHELL=`/bin/sh -c '
30- exec 2>/dev/null
31- if ! true ; then exit 1 ; fi
32- echo /bin/sh'`
33- test -x "$POSIX_SHELL" && break
34- ]AC_MSG_ERROR([cannot locate a working POSIX shell])[
35- done]
36+ POSIX_SHELL="${POSIX_SHELL:-/bin/sh}"
37 AC_DEFINE_UNQUOTED([POSIX_SHELL], ["${POSIX_SHELL}"],
38 [define to a working POSIX compliant shell])
39 AC_SUBST([POSIX_SHELL])
diff --git a/meta/recipes-support/gnutls/gnutls_3.6.8.bb b/meta/recipes-support/gnutls/gnutls_3.6.13.bb
index c927063f0a..2ed012f9d6 100644
--- a/meta/recipes-support/gnutls/gnutls_3.6.8.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.6.13.bb
@@ -19,11 +19,14 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
19 19
20SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ 20SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \
21 file://arm_eabi.patch \ 21 file://arm_eabi.patch \
22 file://posix-shell.patch \ 22 file://CVE-2020-13777-a.patch \
23 file://CVE-2020-13777-b.patch \
24 file://CVE-2020-13777-c.patch \
25 file://CVE-2020-24659.patch \
23" 26"
24 27
25SRC_URI[md5sum] = "9dcf0aa45d1a42e1b3ca5d39ec7c61a8" 28SRC_URI[md5sum] = "bb1fe696a11543433785b4fc70ca225f"
26SRC_URI[sha256sum] = "aa81944e5635de981171772857e72be231a7e0f559ae0292d2737de475383e83" 29SRC_URI[sha256sum] = "32041df447d9f4644570cf573c9f60358e865637d69b7e59d1159b7240b52f38"
27 30
28inherit autotools texinfo pkgconfig gettext lib_package gtk-doc 31inherit autotools texinfo pkgconfig gettext lib_package gtk-doc
29 32
diff --git a/meta/recipes-support/icu/icu/CVE-2020-10531.patch b/meta/recipes-support/icu/icu/CVE-2020-10531.patch
new file mode 100644
index 0000000000..56303fc0f2
--- /dev/null
+++ b/meta/recipes-support/icu/icu/CVE-2020-10531.patch
@@ -0,0 +1,122 @@
1From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001
2From: Frank Tang <ftang@chromium.org>
3Date: Sat, 1 Feb 2020 02:39:04 +0000
4Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append
5
6See #971
7
8Upstream-Status: Backport [https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca]
9CVE: CVE-2020-10531
10Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
11---
12 icu4c/source/common/unistr.cpp | 6 ++-
13 icu4c/source/test/intltest/ustrtest.cpp | 62 +++++++++++++++++++++++++
14 icu4c/source/test/intltest/ustrtest.h | 1 +
15 3 files changed, 68 insertions(+), 1 deletion(-)
16
17diff --git a/icu4c/source/common/unistr.cpp b/icu4c/source/common/unistr.cpp
18index 901bb3358ba..077b4d6ef20 100644
19--- a/icu4c/source/common/unistr.cpp
20+++ b/icu4c/source/common/unistr.cpp
21@@ -1563,7 +1563,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng
22 }
23
24 int32_t oldLength = length();
25- int32_t newLength = oldLength + srcLength;
26+ int32_t newLength;
27+ if (uprv_add32_overflow(oldLength, srcLength, &newLength)) {
28+ setToBogus();
29+ return *this;
30+ }
31
32 // Check for append onto ourself
33 const UChar* oldArray = getArrayStart();
34diff --git a/icu4c/source/test/intltest/ustrtest.cpp b/icu4c/source/test/intltest/ustrtest.cpp
35index b6515ea813c..ad38bdf53a3 100644
36--- a/icu4c/source/test/intltest/ustrtest.cpp
37+++ b/icu4c/source/test/intltest/ustrtest.cpp
38@@ -67,6 +67,7 @@ void UnicodeStringTest::runIndexedTest( int32_t index, UBool exec, const char* &
39 TESTCASE_AUTO(TestWCharPointers);
40 TESTCASE_AUTO(TestNullPointers);
41 TESTCASE_AUTO(TestUnicodeStringInsertAppendToSelf);
42+ TESTCASE_AUTO(TestLargeAppend);
43 TESTCASE_AUTO_END;
44 }
45
46@@ -2310,3 +2311,64 @@ void UnicodeStringTest::TestUnicodeStringInsertAppendToSelf() {
47 str.insert(2, sub);
48 assertEquals("", u"abbcdcde", str);
49 }
50+
51+void UnicodeStringTest::TestLargeAppend() {
52+ if(quick) return;
53+
54+ IcuTestErrorCode status(*this, "TestLargeAppend");
55+ // Make a large UnicodeString
56+ int32_t len = 0xAFFFFFF;
57+ UnicodeString str;
58+ char16_t *buf = str.getBuffer(len);
59+ // A fast way to set buffer to valid Unicode.
60+ // 4E4E is a valid unicode character
61+ uprv_memset(buf, 0x4e, len * 2);
62+ str.releaseBuffer(len);
63+ UnicodeString dest;
64+ // Append it 16 times
65+ // 0xAFFFFFF times 16 is 0xA4FFFFF1,
66+ // which is greater than INT32_MAX, which is 0x7FFFFFFF.
67+ int64_t total = 0;
68+ for (int32_t i = 0; i < 16; i++) {
69+ dest.append(str);
70+ total += len;
71+ if (total <= INT32_MAX) {
72+ assertFalse("dest is not bogus", dest.isBogus());
73+ } else {
74+ assertTrue("dest should be bogus", dest.isBogus());
75+ }
76+ }
77+ dest.remove();
78+ total = 0;
79+ for (int32_t i = 0; i < 16; i++) {
80+ dest.append(str);
81+ total += len;
82+ if (total + len <= INT32_MAX) {
83+ assertFalse("dest is not bogus", dest.isBogus());
84+ } else if (total <= INT32_MAX) {
85+ // Check that a string of exactly the maximum size works
86+ UnicodeString str2;
87+ int32_t remain = INT32_MAX - total;
88+ char16_t *buf2 = str2.getBuffer(remain);
89+ if (buf2 == nullptr) {
90+ // if somehow memory allocation fail, return the test
91+ return;
92+ }
93+ uprv_memset(buf2, 0x4e, remain * 2);
94+ str2.releaseBuffer(remain);
95+ dest.append(str2);
96+ total += remain;
97+ assertEquals("When a string of exactly the maximum size works", (int64_t)INT32_MAX, total);
98+ assertEquals("When a string of exactly the maximum size works", INT32_MAX, dest.length());
99+ assertFalse("dest is not bogus", dest.isBogus());
100+
101+ // Check that a string size+1 goes bogus
102+ str2.truncate(1);
103+ dest.append(str2);
104+ total++;
105+ assertTrue("dest should be bogus", dest.isBogus());
106+ } else {
107+ assertTrue("dest should be bogus", dest.isBogus());
108+ }
109+ }
110+}
111diff --git a/icu4c/source/test/intltest/ustrtest.h b/icu4c/source/test/intltest/ustrtest.h
112index 218befdcc68..4a356a92c7a 100644
113--- a/icu4c/source/test/intltest/ustrtest.h
114+++ b/icu4c/source/test/intltest/ustrtest.h
115@@ -97,6 +97,7 @@ class UnicodeStringTest: public IntlTest {
116 void TestWCharPointers();
117 void TestNullPointers();
118 void TestUnicodeStringInsertAppendToSelf();
119+ void TestLargeAppend();
120 };
121
122 #endif
diff --git a/meta/recipes-support/icu/icu_64.2.bb b/meta/recipes-support/icu/icu_64.2.bb
index 10bac7aac0..d09776f4bc 100644
--- a/meta/recipes-support/icu/icu_64.2.bb
+++ b/meta/recipes-support/icu/icu_64.2.bb
@@ -6,18 +6,24 @@ def icu_download_version(d):
6 pvsplit = d.getVar('PV').split('.') 6 pvsplit = d.getVar('PV').split('.')
7 return pvsplit[0] + "_" + pvsplit[1] 7 return pvsplit[0] + "_" + pvsplit[1]
8 8
9def icu_download_folder(d):
10 pvsplit = d.getVar('PV').split('.')
11 return pvsplit[0] + "-" + pvsplit[1]
12
9ICU_PV = "${@icu_download_version(d)}" 13ICU_PV = "${@icu_download_version(d)}"
14ICU_FOLDER = "${@icu_download_folder(d)}"
10 15
11# http://errors.yoctoproject.org/Errors/Details/20486/ 16# http://errors.yoctoproject.org/Errors/Details/20486/
12ARM_INSTRUCTION_SET_armv4 = "arm" 17ARM_INSTRUCTION_SET_armv4 = "arm"
13ARM_INSTRUCTION_SET_armv5 = "arm" 18ARM_INSTRUCTION_SET_armv5 = "arm"
14 19
15BASE_SRC_URI = "http://download.icu-project.org/files/icu4c/${PV}/icu4c-${ICU_PV}-src.tgz" 20BASE_SRC_URI = "https://github.com/unicode-org/icu/releases/download/release-${ICU_FOLDER}/icu4c-${ICU_PV}-src.tgz"
16SRC_URI = "${BASE_SRC_URI} \ 21SRC_URI = "${BASE_SRC_URI} \
17 file://icu-pkgdata-large-cmd.patch \ 22 file://icu-pkgdata-large-cmd.patch \
18 file://fix-install-manx.patch \ 23 file://fix-install-manx.patch \
19 file://0001-Fix-big-endian-build.patch \ 24 file://0001-Fix-big-endian-build.patch \
20 file://0001-icu-Added-armeb-support.patch \ 25 file://0001-icu-Added-armeb-support.patch \
26 file://CVE-2020-10531.patch;striplevel=3 \
21 " 27 "
22 28
23SRC_URI_append_class-target = "\ 29SRC_URI_append_class-target = "\
@@ -26,5 +32,5 @@ SRC_URI_append_class-target = "\
26SRC_URI[md5sum] = "a3d18213beec454e3cdec9a3116d6b05" 32SRC_URI[md5sum] = "a3d18213beec454e3cdec9a3116d6b05"
27SRC_URI[sha256sum] = "627d5d8478e6d96fc8c90fed4851239079a561a6a8b9e48b0892f24e82d31d6c" 33SRC_URI[sha256sum] = "627d5d8478e6d96fc8c90fed4851239079a561a6a8b9e48b0892f24e82d31d6c"
28 34
29UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)/" 35UPSTREAM_CHECK_REGEX = "icu4c-(?P<pver>\d+(_\d+)+)-src"
30UPSTREAM_CHECK_URI = "http://download.icu-project.org/files/icu4c/" 36UPSTREAM_CHECK_URI = "https://github.com/unicode-org/icu/releases"
diff --git a/meta/recipes-support/iso-codes/iso-codes_4.3.bb b/meta/recipes-support/iso-codes/iso-codes_4.3.bb
index 5651a96c66..566c147690 100644
--- a/meta/recipes-support/iso-codes/iso-codes_4.3.bb
+++ b/meta/recipes-support/iso-codes/iso-codes_4.3.bb
@@ -5,7 +5,7 @@ BUGTRACKER = "https://salsa.debian.org/iso-codes-team/iso-codes/issues"
5LICENSE = "LGPLv2.1" 5LICENSE = "LGPLv2.1"
6LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" 6LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
7 7
8SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=http" 8SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=http;branch=main;"
9SRCREV = "43398a317371e309361ce43072603863cb2f57e1" 9SRCREV = "43398a317371e309361ce43072603863cb2f57e1"
10 10
11# inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which 11# inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which
diff --git a/meta/recipes-support/libexif/libexif/CVE-2020-13114.patch b/meta/recipes-support/libexif/libexif/CVE-2020-13114.patch
new file mode 100644
index 0000000000..06b8b46c21
--- /dev/null
+++ b/meta/recipes-support/libexif/libexif/CVE-2020-13114.patch
@@ -0,0 +1,73 @@
1From 47f51be021f4dfd800d4ff4630659887378baa3a Mon Sep 17 00:00:00 2001
2From: Dan Fandrich <dan@coneharvesters.com>
3Date: Sat, 16 May 2020 19:32:30 +0200
4Subject: [PATCH] Add a failsafe on the maximum number of Canon MakerNote
5
6 subtags.
7
8A malicious file could be crafted to cause extremely large values in some
9tags without tripping any buffer range checks. This is bad with the libexif
10representation of Canon MakerNotes because some arrays are turned into
11individual tags that the application must loop around.
12
13The largest value I've seen for failsafe_size in a (very small) sample of valid
14Canon files is <5000. The limit is set two orders of magnitude larger to avoid
15tripping up falsely in case some models use much larger values.
16
17Patch from Google.
18
19CVE-2020-13114
20
21Upstream-Status: Backport [https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab]
22CVE: CVE-2020-13114
23Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
24---
25 libexif/canon/exif-mnote-data-canon.c | 21 +++++++++++++++++++++
26 1 file changed, 21 insertions(+)
27
28diff --git a/libexif/canon/exif-mnote-data-canon.c b/libexif/canon/exif-mnote-data-canon.c
29index eb53598..72fd7a3 100644
30--- a/libexif/canon/exif-mnote-data-canon.c
31+++ b/libexif/canon/exif-mnote-data-canon.c
32@@ -32,6 +32,9 @@
33
34 #define DEBUG
35
36+/* Total size limit to prevent abuse by DoS */
37+#define FAILSAFE_SIZE_MAX 1000000L
38+
39 static void
40 exif_mnote_data_canon_clear (ExifMnoteDataCanon *n)
41 {
42@@ -202,6 +205,7 @@ exif_mnote_data_canon_load (ExifMnoteData *ne,
43 ExifMnoteDataCanon *n = (ExifMnoteDataCanon *) ne;
44 ExifShort c;
45 size_t i, tcount, o, datao;
46+ long failsafe_size = 0;
47
48 if (!n || !buf || !buf_size) {
49 exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
50@@ -280,6 +284,23 @@ exif_mnote_data_canon_load (ExifMnoteData *ne,
51 memcpy (n->entries[tcount].data, buf + dataofs, s);
52 }
53
54+ /* Track the size of decoded tag data. A malicious file could
55+ * be crafted to cause extremely large values here without
56+ * tripping any buffer range checks. This is especially bad
57+ * with the libexif representation of Canon MakerNotes because
58+ * some arrays are turned into individual tags that the
59+ * application must loop around. */
60+ failsafe_size += mnote_canon_entry_count_values(&n->entries[tcount]);
61+
62+ if (failsafe_size > FAILSAFE_SIZE_MAX) {
63+ /* Abort if the total size of the data in the tags extraordinarily large, */
64+ exif_mem_free (ne->mem, n->entries[tcount].data);
65+ exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
66+ "ExifMnoteCanon", "Failsafe tag size overflow (%lu > %ld)",
67+ failsafe_size, FAILSAFE_SIZE_MAX);
68+ break;
69+ }
70+
71 /* Tag was successfully parsed */
72 ++tcount;
73 }
diff --git a/meta/recipes-support/libexif/libexif_0.6.21.bb b/meta/recipes-support/libexif/libexif_0.6.21.bb
index d847beab18..3f6fa32b25 100644
--- a/meta/recipes-support/libexif/libexif_0.6.21.bb
+++ b/meta/recipes-support/libexif/libexif_0.6.21.bb
@@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad"
7SRC_URI = "${SOURCEFORGE_MIRROR}/libexif/libexif-${PV}.tar.bz2 \ 7SRC_URI = "${SOURCEFORGE_MIRROR}/libexif/libexif-${PV}.tar.bz2 \
8 file://CVE-2017-7544.patch \ 8 file://CVE-2017-7544.patch \
9 file://CVE-2016-6328.patch \ 9 file://CVE-2016-6328.patch \
10 file://CVE-2018-20030.patch" 10 file://CVE-2018-20030.patch \
11 file://CVE-2020-13114.patch \
12"
11 13
12SRC_URI[md5sum] = "27339b89850f28c8f1c237f233e05b27" 14SRC_URI[md5sum] = "27339b89850f28c8f1c237f233e05b27"
13SRC_URI[sha256sum] = "16cdaeb62eb3e6dfab2435f7d7bccd2f37438d21c5218ec4e58efa9157d4d41a" 15SRC_URI[sha256sum] = "16cdaeb62eb3e6dfab2435f7d7bccd2f37438d21c5218ec4e58efa9157d4d41a"
diff --git a/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
new file mode 100644
index 0000000000..183512fd7d
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
@@ -0,0 +1,41 @@
1--- pcre-8.43/pcre_compile.c 2020-07-05 22:26:25.310501521 +0530
2+++ pcre-8.43/pcre_compile1.c 2020-07-05 22:30:22.254489562 +0530
3
4CVE: CVE-2020-14155
5Upstream-Status: Backport [https://vcs.pcre.org/pcre/code/trunk/pcre_compile.c?view=patch&r1=1761&r2=1760&pathrev=1761]
6Signed-off-by: Rahul Taya<Rahul.Taya@kpit.com>
7
8@@ -6,7 +6,7 @@
9 and semantics are as close as possible to those of the Perl 5 language.
10
11 Written by Philip Hazel
12- Copyright (c) 1997-2018 University of Cambridge
13+ Copyright (c) 1997-2020 University of Cambridge
14
15 -----------------------------------------------------------------------------
16 Redistribution and use in source and binary forms, with or without
17@@ -7130,17 +7130,19 @@
18 int n = 0;
19 ptr++;
20 while(IS_DIGIT(*ptr))
21+ {
22 n = n * 10 + *ptr++ - CHAR_0;
23+ if (n > 255)
24+ {
25+ *errorcodeptr = ERR38;
26+ goto FAILED;
27+ }
28+ }
29 if (*ptr != CHAR_RIGHT_PARENTHESIS)
30 {
31 *errorcodeptr = ERR39;
32 goto FAILED;
33 }
34- if (n > 255)
35- {
36- *errorcodeptr = ERR38;
37- goto FAILED;
38- }
39 *code++ = n;
40 PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
41 PUT(code, LINK_SIZE, 0); /* Default length */
diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch
new file mode 100644
index 0000000000..51f95a7097
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch
@@ -0,0 +1,19 @@
1Upstream-Status: Backport [https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_jit_compile.c?r1=1092&r2=1091&pathrev=1092]
2CVE: CVE-2020-8002
3Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
4
5--- pcre2-10.30/src/pcre2_jit_compile.c 2019/05/13 16:26:17 1091
6+++ pcre2-10.30/src/pcre2_jit_compile.c 2019/05/13 16:38:18 1092
7@@ -8571,7 +8571,10 @@
8 PCRE2_SPTR bptr;
9 uint32_t c;
10
11-GETCHARINC(c, cc);
12+/* Patch by PH */
13+/* GETCHARINC(c, cc); */
14+
15+c = *cc++;
16 #if PCRE2_CODE_UNIT_WIDTH == 32
17 if (c >= 0x110000)
18 return NULL;
19
diff --git a/meta/recipes-support/libpcre/libpcre2_10.33.bb b/meta/recipes-support/libpcre/libpcre2_10.33.bb
index 50b26753b4..1020df99b8 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.33.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.33.bb
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b1588d3bb4cb0e1f5a597d908f8c5b37"
12 12
13SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \ 13SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \
14 file://pcre-cross.patch \ 14 file://pcre-cross.patch \
15 file://CVE-2019-20454.patch \
15" 16"
16 17
17SRC_URI[md5sum] = "80b355f2dce909a2e2424f5c79eddb44" 18SRC_URI[md5sum] = "80b355f2dce909a2e2424f5c79eddb44"
diff --git a/meta/recipes-support/libpcre/libpcre_8.43.bb b/meta/recipes-support/libpcre/libpcre_8.43.bb
index b97af08b25..60ece64504 100644
--- a/meta/recipes-support/libpcre/libpcre_8.43.bb
+++ b/meta/recipes-support/libpcre/libpcre_8.43.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \
12 file://out-of-tree.patch \ 12 file://out-of-tree.patch \
13 file://run-ptest \ 13 file://run-ptest \
14 file://Makefile \ 14 file://Makefile \
15 file://CVE-2020-14155.patch \
15" 16"
16 17
17SRC_URI[md5sum] = "636222e79e392c3d95dcc545f24f98c4" 18SRC_URI[md5sum] = "636222e79e392c3d95dcc545f24f98c4"
diff --git a/meta/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch b/meta/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch
new file mode 100644
index 0000000000..517c277ae0
--- /dev/null
+++ b/meta/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch
@@ -0,0 +1,110 @@
1From 5942c26888ba12ad5e0d92fb62f23d7cde6dc159 Mon Sep 17 00:00:00 2001
2From: Ovidiu Panait <ovidiu.panait@windriver.com>
3Date: Mon, 13 Jul 2020 06:25:56 +0000
4Subject: [PATCH] Bug 1631576 - Force a fixed length for DSA exponentiation
5 r=pereida,bbrumley
6
7Differential Revision: https://phabricator.services.mozilla.com/D72011
8
9Upstream-Status: Backport [https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e]
10
11Authored-by: Robert Relyea <rrelyea@redhat.com>
12Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
13---
14 nss/lib/freebl/dsa.c | 45 ++++++++++++++++++++++++++++++++++----------
15 1 file changed, 35 insertions(+), 10 deletions(-)
16
17diff --git a/nss/lib/freebl/dsa.c b/nss/lib/freebl/dsa.c
18index aef3539..389c9de 100644
19--- a/nss/lib/freebl/dsa.c
20+++ b/nss/lib/freebl/dsa.c
21@@ -313,13 +313,14 @@ DSA_NewKeyFromSeed(const PQGParams *params,
22
23 static SECStatus
24 dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
25- const unsigned char *kb)
26+ const unsigned char *kbytes)
27 {
28 mp_int p, q, g; /* PQG parameters */
29 mp_int x, k; /* private key & pseudo-random integer */
30 mp_int r, s; /* tuple (r, s) is signature) */
31 mp_int t; /* holding tmp values */
32 mp_int ar; /* holding blinding values */
33+ mp_digit fuzz; /* blinding multiplier for q */
34 mp_err err = MP_OKAY;
35 SECStatus rv = SECSuccess;
36 unsigned int dsa_subprime_len, dsa_signature_len, offset;
37@@ -373,6 +374,7 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
38 CHECK_MPI_OK(mp_init(&s));
39 CHECK_MPI_OK(mp_init(&t));
40 CHECK_MPI_OK(mp_init(&ar));
41+
42 /*
43 ** Convert stored PQG and private key into MPI integers.
44 */
45@@ -380,14 +382,28 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
46 SECITEM_TO_MPINT(key->params.subPrime, &q);
47 SECITEM_TO_MPINT(key->params.base, &g);
48 SECITEM_TO_MPINT(key->privateValue, &x);
49- OCTETS_TO_MPINT(kb, &k, dsa_subprime_len);
50+ OCTETS_TO_MPINT(kbytes, &k, dsa_subprime_len);
51+
52+ /* k blinding create a single value that has the high bit set in
53+ * the mp_digit*/
54+ if (RNG_GenerateGlobalRandomBytes(&fuzz, sizeof(mp_digit)) != SECSuccess) {
55+ PORT_SetError(SEC_ERROR_NEED_RANDOM);
56+ rv = SECFailure;
57+ goto cleanup;
58+ }
59+ fuzz |= 1ULL << ((sizeof(mp_digit) * PR_BITS_PER_BYTE - 1));
60 /*
61 ** FIPS 186-1, Section 5, Step 1
62 **
63 ** r = (g**k mod p) mod q
64 */
65- CHECK_MPI_OK(mp_exptmod(&g, &k, &p, &r)); /* r = g**k mod p */
66- CHECK_MPI_OK(mp_mod(&r, &q, &r)); /* r = r mod q */
67+ CHECK_MPI_OK(mp_mul_d(&q, fuzz, &t)); /* t = q*fuzz */
68+ CHECK_MPI_OK(mp_add(&k, &t, &t)); /* t = k+q*fuzz */
69+ /* length of t is now fixed, bits in k have been blinded */
70+ CHECK_MPI_OK(mp_exptmod(&g, &t, &p, &r)); /* r = g**t mod p */
71+ /* r is now g**(k+q*fuzz) == g**k mod p */
72+ CHECK_MPI_OK(mp_mod(&r, &q, &r)); /* r = r mod q */
73+
74 /*
75 ** FIPS 186-1, Section 5, Step 2
76 **
77@@ -411,15 +427,24 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
78 /* Using mp_invmod on k directly would leak bits from k. */
79 CHECK_MPI_OK(mp_mul(&k, &ar, &k)); /* k = k * ar */
80 CHECK_MPI_OK(mp_mulmod(&k, &t, &q, &k)); /* k = k * t mod q */
81- CHECK_MPI_OK(mp_invmod(&k, &q, &k)); /* k = k**-1 mod q */
82+ /* k is now k*t*ar */
83+ CHECK_MPI_OK(mp_invmod(&k, &q, &k)); /* k = k**-1 mod q */
84+ /* k is now (k*t*ar)**-1 */
85 CHECK_MPI_OK(mp_mulmod(&k, &t, &q, &k)); /* k = k * t mod q */
86- SECITEM_TO_MPINT(localDigest, &s); /* s = HASH(M) */
87+ /* k is now (k*ar)**-1 */
88+ SECITEM_TO_MPINT(localDigest, &s); /* s = HASH(M) */
89 /* To avoid leaking secret bits here the addition is blinded. */
90- CHECK_MPI_OK(mp_mul(&x, &ar, &x)); /* x = x * ar */
91- CHECK_MPI_OK(mp_mulmod(&x, &r, &q, &x)); /* x = x * r mod q */
92+ CHECK_MPI_OK(mp_mul(&x, &ar, &x)); /* x = x * ar */
93+ /* x is now x*ar */
94+ CHECK_MPI_OK(mp_mulmod(&x, &r, &q, &x)); /* x = x * r mod q */
95+ /* x is now x*r*ar */
96 CHECK_MPI_OK(mp_mulmod(&s, &ar, &q, &t)); /* t = s * ar mod q */
97- CHECK_MPI_OK(mp_add(&t, &x, &s)); /* s = t + x */
98- CHECK_MPI_OK(mp_mulmod(&s, &k, &q, &s)); /* s = s * k mod q */
99+ /* t is now hash(M)*ar */
100+ CHECK_MPI_OK(mp_add(&t, &x, &s)); /* s = t + x */
101+ /* s is now (HASH(M)+x*r)*ar */
102+ CHECK_MPI_OK(mp_mulmod(&s, &k, &q, &s)); /* s = s * k mod q */
103+ /* s is now (HASH(M)+x*r)*ar*(k*ar)**-1 = (k**-1)*(HASH(M)+x*r) */
104+
105 /*
106 ** verify r != 0 and s != 0
107 ** mentioned as optional in FIPS 186-1.
108--
1092.18.1
110
diff --git a/meta/recipes-support/nss/nss_3.45.bb b/meta/recipes-support/nss/nss_3.45.bb
index c8005a5b3a..9fe27af5db 100644
--- a/meta/recipes-support/nss/nss_3.45.bb
+++ b/meta/recipes-support/nss/nss_3.45.bb
@@ -32,6 +32,7 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
32 file://blank-cert9.db \ 32 file://blank-cert9.db \
33 file://blank-key4.db \ 33 file://blank-key4.db \
34 file://system-pkcs11.txt \ 34 file://system-pkcs11.txt \
35 file://0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch \
35 " 36 "
36 37
37SRC_URI[md5sum] = "f1752d7223ee9d910d551e57264bafa8" 38SRC_URI[md5sum] = "f1752d7223ee9d910d551e57264bafa8"
diff --git a/meta/recipes-support/sqlite/files/CVE-2020-11655.patch b/meta/recipes-support/sqlite/files/CVE-2020-11655.patch
new file mode 100644
index 0000000000..c2360cb867
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-11655.patch
@@ -0,0 +1,32 @@
1From a4601326d61bf1a11151ac6b78b50804bfd03b4d Mon Sep 17 00:00:00 2001
2From: Sakib Sajal <sakib.sajal@windriver.com>
3Date: Thu, 30 Apr 2020 10:46:16 -0700
4Subject: [PATCH 2/2] In the event of a semantic error in an aggregate query,
5 early-out the resetAccumulator() function to prevent problems due to
6 incomplete or incorrect initialization of the AggInfo object. Fix for ticket
7 [af4556bb5c285c08].
8
9FossilOrigin-Name: 4a302b42c7bf5e11ddb5522ca999f74aba397d3a7eb91b1844bb02852f772441
10Upstream-Status: Backport [c415d91007e1680e4eb17def583b202c3c83c718]
11
12CVE: CVE-2020-11655
13Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
14---
15 sqlite3.c | 1 +
16 1 file changed, 1 insertion(+)
17
18diff --git a/sqlite3.c b/sqlite3.c
19index 1df6633..726adf7 100644
20--- a/sqlite3.c
21+++ b/sqlite3.c
22@@ -133242,6 +133242,7 @@ static void resetAccumulator(Parse *pParse, AggInfo *pAggInfo){
23 struct AggInfo_func *pFunc;
24 int nReg = pAggInfo->nFunc + pAggInfo->nColumn;
25 if( nReg==0 ) return;
26+ if( pParse->nErr ) return;
27 #ifdef SQLITE_DEBUG
28 /* Verify that all AggInfo registers are within the range specified by
29 ** AggInfo.mnReg..AggInfo.mxReg */
30--
312.17.1
32
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19244.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19244.patch
new file mode 100644
index 0000000000..3f70979acc
--- /dev/null
+++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19244.patch
@@ -0,0 +1,33 @@
1CVE: CVE-2019-19244
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@intel.com>
4
5From 0f690d4ae5ffe656762fdbb7f36cc4c2dcbb2d9d Mon Sep 17 00:00:00 2001
6From: dan <dan@noemail.net>
7Date: Fri, 22 Nov 2019 10:14:01 +0000
8Subject: [PATCH] Fix a crash that could occur if a sub-select that uses both
9 DISTINCT and window functions also used an ORDER BY that is the same as its
10 select list.
11
12Amalgamation version of the patch:
13FossilOrigin-Name: bcdd66c1691955c697f3d756c2b035acfe98f6aad72e90b0021bab6e9023b3ba
14---
15 sqlite3.c | 5 +++--
16 sqlite3.h | 2 +-
17 2 files changed, 4 insertions(+), 3 deletions(-)
18
19diff --git a/sqlite3.c b/sqlite3.c
20index 8fd740b..db1c649 100644
21--- a/sqlite3.c
22+++ b/sqlite3.c
23@@ -131679,6 +131679,7 @@ SQLITE_PRIVATE int sqlite3Select(
24 */
25 if( (p->selFlags & (SF_Distinct|SF_Aggregate))==SF_Distinct
26 && sqlite3ExprListCompare(sSort.pOrderBy, pEList, -1)==0
27+ && p->pWin==0
28 ){
29 p->selFlags &= ~SF_Distinct;
30 pGroupBy = p->pGroupBy = sqlite3ExprListDup(db, pEList, 0);
31--
322.24.1
33
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19923.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19923.patch
new file mode 100644
index 0000000000..b1b866b250
--- /dev/null
+++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19923.patch
@@ -0,0 +1,50 @@
1CVE: CVE-2019-19923
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@intel.com>
4
5From b64463719dc53bde98b0ce3930b10a32560c3a02 Mon Sep 17 00:00:00 2001
6From: "D. Richard Hipp" <drh@hwaci.com>
7Date: Wed, 18 Dec 2019 20:51:58 +0000
8Subject: [PATCH] Continue to back away from the LEFT JOIN optimization of
9 check-in [41c27bc0ff1d3135] by disallowing query flattening if the outer
10 query is DISTINCT. Without this fix, if an index scan is run on the table
11 within the view on the right-hand side of the LEFT JOIN, stale result
12 registers might be accessed yielding incorrect results, and/or an
13 OP_IfNullRow opcode might be invoked on the un-opened table, resulting in a
14 NULL-pointer dereference. This problem was found by the Yongheng and Rui
15 fuzzer.
16
17FossilOrigin-Name: 862974312edf00e9d1068115d1a39b7235b7db68b6d86b81d38a12f025a4748e
18---
19 sqlite3.c | 10 +++++++---
20 1 file changed, 7 insertions(+), 3 deletions(-)
21
22diff --git a/sqlite3.c b/sqlite3.c
23index d29da07..5bc06c8 100644
24--- a/sqlite3.c
25+++ b/sqlite3.c
26@@ -129216,6 +129216,7 @@ static void substSelect(
27 ** (3b) the FROM clause of the subquery may not contain a virtual
28 ** table and
29 ** (3c) the outer query may not be an aggregate.
30+** (3d) the outer query may not be DISTINCT.
31 **
32 ** (4) The subquery can not be DISTINCT.
33 **
34@@ -129412,8 +129413,11 @@ static int flattenSubquery(
35 */
36 if( (pSubitem->fg.jointype & JT_OUTER)!=0 ){
37 isLeftJoin = 1;
38- if( pSubSrc->nSrc>1 || isAgg || IsVirtual(pSubSrc->a[0].pTab) ){
39- /* (3a) (3c) (3b) */
40+ if( pSubSrc->nSrc>1 /* (3a) */
41+ || isAgg /* (3b) */
42+ || IsVirtual(pSubSrc->a[0].pTab) /* (3c) */
43+ || (p->selFlags & SF_Distinct)!=0 /* (3d) */
44+ ){
45 return 0;
46 }
47 }
48--
492.24.1
50
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19924.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19924.patch
new file mode 100644
index 0000000000..80d5edbb0c
--- /dev/null
+++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19924.patch
@@ -0,0 +1,65 @@
1CVE: CVE-2019-19924
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@intel.com>
4
5From 854fe21e8a987f84da81f6bb9e90abc5355c6621 Mon Sep 17 00:00:00 2001
6From: "D. Richard Hipp" <drh@hwaci.com>
7Date: Thu, 19 Dec 2019 20:37:32 +0000
8Subject: [PATCH] When an error occurs while rewriting the parser tree for
9 window functions in the sqlite3WindowRewrite() routine, make sure that
10 pParse->nErr is set, and make sure that this shuts down any subsequent code
11 generation that might depend on the transformations that were implemented.
12 This fixes a problem discovered by the Yongheng and Rui fuzzer.
13
14Amalgamation format of backported patch
15FossilOrigin-Name: e2bddcd4c55ba3cbe0130332679ff4b048630d0ced9a8899982edb5a3569ba7f
16---
17 sqlite3.c | 16 +++++++++++-----
18 sqlite3.h | 2 +-
19 2 files changed, 12 insertions(+), 6 deletions(-)
20
21diff --git a/sqlite3.c b/sqlite3.c
22index 408ec4c..857c28e 100644
23--- a/sqlite3.c
24+++ b/sqlite3.c
25@@ -77798,7 +77798,8 @@ SQLITE_PRIVATE void sqlite3VdbeSetP4KeyInfo(Parse *pParse, Index *pIdx){
26 */
27 static void vdbeVComment(Vdbe *p, const char *zFormat, va_list ap){
28 assert( p->nOp>0 || p->aOp==0 );
29- assert( p->aOp==0 || p->aOp[p->nOp-1].zComment==0 || p->db->mallocFailed );
30+ assert( p->aOp==0 || p->aOp[p->nOp-1].zComment==0 || p->db->mallocFailed
31+ || p->pParse->nErr>0 );
32 if( p->nOp ){
33 assert( p->aOp );
34 sqlite3DbFree(p->db, p->aOp[p->nOp-1].zComment);
35@@ -97872,6 +97873,7 @@ static int codeCompare(
36 int addr;
37 CollSeq *p4;
38
39+ if( pParse->nErr ) return 0;
40 p4 = sqlite3BinaryCompareCollSeq(pParse, pLeft, pRight);
41 p5 = binaryCompareP5(pLeft, pRight, jumpIfNull);
42 addr = sqlite3VdbeAddOp4(pParse->pVdbe, opcode, in2, dest, in1,
43@@ -147627,7 +147629,7 @@ SQLITE_PRIVATE int sqlite3WindowRewrite(Parse *pParse, Select *p){
44
45 pTab = sqlite3DbMallocZero(db, sizeof(Table));
46 if( pTab==0 ){
47- return SQLITE_NOMEM;
48+ return sqlite3ErrorToParser(db, SQLITE_NOMEM);
49 }
50
51 p->pSrc = 0;
52@@ -147731,6 +147733,10 @@ SQLITE_PRIVATE int sqlite3WindowRewrite(Parse *pParse, Select *p){
53 sqlite3DbFree(db, pTab);
54 }
55
56+ if( rc && pParse->nErr==0 ){
57+ assert( pParse->db->mallocFailed );
58+ return sqlite3ErrorToParser(pParse->db, SQLITE_NOMEM);
59+ }
60 return rc;
61 }
62
63--
642.24.1
65
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch
new file mode 100644
index 0000000000..ffc2c6afff
--- /dev/null
+++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch
@@ -0,0 +1,33 @@
1CVE: CVE-2019-19925
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@intel.com>
4
5From e92580434d2cdca228649d32f76167492de4f512 Mon Sep 17 00:00:00 2001
6From: "D. Richard Hipp" <drh@hwaci.com>
7Date: Thu, 19 Dec 2019 15:15:40 +0000
8Subject: [PATCH] Fix the zipfile extension so that INSERT works even if the
9 pathname of the file being inserted is a NULL. Bug discovered by the
10 Yongheng and Rui fuzzer.
11
12FossilOrigin-Name: a80f84b511231204658304226de3e075a55afc2e3f39ac063716f7a57f585c06
13---
14 shell.c | 1 +
15 sqlite3.c | 4 ++--
16 sqlite3.h | 2 +-
17 3 files changed, 4 insertions(+), 3 deletions(-)
18
19diff --git a/shell.c b/shell.c
20index 053180c..404a8d4 100644
21--- a/shell.c
22+++ b/shell.c
23@@ -5827,6 +5827,7 @@ static int zipfileUpdate(
24
25 if( rc==SQLITE_OK ){
26 zPath = (const char*)sqlite3_value_text(apVal[2]);
27+ if( zPath==0 ) zPath = "";
28 nPath = (int)strlen(zPath);
29 mTime = zipfileGetTime(apVal[4]);
30 }
31--
322.24.1
33
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19926.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19926.patch
new file mode 100644
index 0000000000..92bc7908bc
--- /dev/null
+++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19926.patch
@@ -0,0 +1,31 @@
1CVE: CVE-2019-19926
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@intel.com>
4
5From 4165b1e1e0001165ace9051a70f938099505eadc Mon Sep 17 00:00:00 2001
6From: "D. Richard Hipp" <drh@hwaci.com>
7Date: Thu, 19 Dec 2019 22:08:19 +0000
8Subject: [PATCH] Continuation of [e2bddcd4c55ba3cb]: Add another spot where it
9 is necessary to abort early due to prior errors in sqlite3WindowRewrite().
10
11FossilOrigin-Name: cba2a2a44cdf138a629109bb0ad088ed4ef67fc66bed3e0373554681a39615d2
12---
13 sqlite3.c | 7 ++++---
14 sqlite3.h | 2 +-
15 2 files changed, 5 insertions(+), 4 deletions(-)
16
17diff --git a/sqlite3.c b/sqlite3.c
18index 857c28e..19a474d 100644
19--- a/sqlite3.c
20+++ b/sqlite3.c
21@@ -128427,6 +128427,7 @@ static int multiSelect(
22 }
23 #endif
24 }
25+ if( pParse->nErr ) goto multi_select_end;
26
27 /* Compute collating sequences used by
28 ** temporary tables needed to implement the compound select.
29--
302.24.1
31
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19959.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19959.patch
new file mode 100644
index 0000000000..cba8ec9d30
--- /dev/null
+++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19959.patch
@@ -0,0 +1,46 @@
1CVE: CVE-2019-19959
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@intel.com>
4
5From f83f7e8141ee7cbbf7f2dc8985279a7372b259b6 Mon Sep 17 00:00:00 2001
6From: "D. Richard Hipp" <drh@hwaci.com>
7Date: Mon, 23 Dec 2019 21:04:33 +0000
8Subject: [PATCH] Fix the zipfile() function in the zipfile extension so that
9 it is able to deal with goofy filenames that contain embedded zeros.
10
11FossilOrigin-Name: cc0fb00a128fd0773db5ff7891f7aa577a3671d570166d2cbb30df922344adcf
12---
13 shell.c | 4 ++--
14 sqlite3.c | 4 ++--
15 sqlite3.h | 2 +-
16 3 files changed, 5 insertions(+), 5 deletions(-)
17
18diff --git a/shell.c b/shell.c
19index 404a8d4..48065e9 100644
20--- a/shell.c
21+++ b/shell.c
22@@ -5841,7 +5841,7 @@ static int zipfileUpdate(
23 zFree = sqlite3_mprintf("%s/", zPath);
24 if( zFree==0 ){ rc = SQLITE_NOMEM; }
25 zPath = (const char*)zFree;
26- nPath++;
27+ nPath = (int)strlen(zPath);
28 }
29 }
30
31@@ -6242,11 +6242,11 @@ void zipfileStep(sqlite3_context *pCtx, int nVal, sqlite3_value **apVal){
32 }else{
33 if( zName[nName-1]!='/' ){
34 zName = zFree = sqlite3_mprintf("%s/", zName);
35- nName++;
36 if( zName==0 ){
37 rc = SQLITE_NOMEM;
38 goto zipfile_step_out;
39 }
40+ nName = (int)strlen(zName);
41 }else{
42 while( nName>1 && zName[nName-2]=='/' ) nName--;
43 }
44--
452.24.1
46
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-20218.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-20218.patch
new file mode 100644
index 0000000000..fb6cd6df2d
--- /dev/null
+++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-20218.patch
@@ -0,0 +1,31 @@
1CVE: CVE-2019-20218
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@intel.com>
4
5From 6bbd76d34f29f61483791231f2ce579dcadab8a5 Mon Sep 17 00:00:00 2001
6From: Dan Kennedy <danielk1977@gmail.com>
7Date: Fri, 27 Dec 2019 20:54:42 +0000
8Subject: [PATCH] Do not attempt to unwind the WITH stack in the Parse object
9 following an error. This fixes a separate case to [de6e6d68].
10
11FossilOrigin-Name: d29edef93451cc67a5d69c1cce1b1832d9ca8fff1f600afdd51338b74d077b92
12---
13 sqlite3.c | 2 +-
14 1 file changed, 1 insertion(+), 1 deletion(-)
15
16diff --git a/sqlite3.c b/sqlite3.c
17index 5bc06c8..408ec4c 100644
18--- a/sqlite3.c
19+++ b/sqlite3.c
20@@ -130570,7 +130570,7 @@ static int selectExpander(Walker *pWalker, Select *p){
21
22 /* Process NATURAL keywords, and ON and USING clauses of joins.
23 */
24- if( db->mallocFailed || sqliteProcessJoin(pParse, p) ){
25+ if( pParse->nErr || db->mallocFailed || sqliteProcessJoin(pParse, p) ){
26 return WRC_Abort;
27 }
28
29--
302.24.1
31
diff --git a/meta/recipes-support/sqlite/sqlite3_3.29.0.bb b/meta/recipes-support/sqlite/sqlite3_3.29.0.bb
index 34066fbe89..95e1174b07 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.29.0.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.29.0.bb
@@ -4,6 +4,15 @@ LICENSE = "PD"
4LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" 4LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
5 5
6SRC_URI = "http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \ 6SRC_URI = "http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \
7 file://0001-Fix-CVE-2019-16168.patch" 7 file://0001-Fix-CVE-2019-16168.patch \
8 file://CVE-2019-19244.patch \
9 file://CVE-2019-19923.patch \
10 file://CVE-2019-19924.patch \
11 file://CVE-2019-19925.patch \
12 file://CVE-2019-19926.patch \
13 file://CVE-2019-19959.patch \
14 file://CVE-2019-20218.patch \
15 file://CVE-2020-11655.patch \
16"
8SRC_URI[md5sum] = "8f3dfe83387e62ecb91c7c5c09c688dc" 17SRC_URI[md5sum] = "8f3dfe83387e62ecb91c7c5c09c688dc"
9SRC_URI[sha256sum] = "8e7c1e2950b5b04c5944a981cb31fffbf9d2ddda939d536838ebc854481afd5b" 18SRC_URI[sha256sum] = "8e7c1e2950b5b04c5944a981cb31fffbf9d2ddda939d536838ebc854481afd5b"
diff --git a/meta/recipes-support/vim/vim_8.1.1518.bb b/meta/recipes-support/vim/vim_8.1.1518.bb
index 60946a181f..709b6ddb55 100644
--- a/meta/recipes-support/vim/vim_8.1.1518.bb
+++ b/meta/recipes-support/vim/vim_8.1.1518.bb
@@ -8,3 +8,8 @@ BBCLASSEXTEND = "native"
8ALTERNATIVE_${PN}_append = " xxd" 8ALTERNATIVE_${PN}_append = " xxd"
9ALTERNATIVE_TARGET[xxd] = "${bindir}/xxd" 9ALTERNATIVE_TARGET[xxd] = "${bindir}/xxd"
10ALTERNATIVE_LINK_NAME[xxd] = "${bindir}/xxd" 10ALTERNATIVE_LINK_NAME[xxd] = "${bindir}/xxd"
11
12# We override the default in security_flags.inc because vim (not vim-tiny!) will abort
13# in many places for _FORTIFY_SOURCE=2. Security flags become part of CC.
14#
15lcl_maybe_fortify = "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=1',d)}"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-04-27 06:56:38 +0000