summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* bitbake: toaster/widgets.py: avoid divide by zero issuesAwais Belal2018-09-101-7/+12
| | | | | | | | | | | | | | | | | There can be cases where the variables being used to divide in build percentage expressions can be zero. For example, a setup consisting of only local repos will have repos_to_clone=0 and will generate a divide by zero scenario. Fix this by checking the divisor in such cases. [YOCTO #12891] (Bitbake rev: 30702f29928c3b088f199bf8b1609b2956f8c47a) Signed-off-by: Awais Belal <awais_belal@mentor.com> Signed-off-by: David Reyna <David.Reyna@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: bitbake: toaster: allow TOASTER_DIR to be overridden from cmdlineAwais Belal2018-09-101-2/+7
| | | | | | | | | | | | | | | | | | | | | TOASTER_DIR is used for higher level toaster artifacts such the SQL DB and creating toaster internal build directories for projects. Prior to this change it was evaluated as `dirname $BUILDDIR` and user had no control over it. This change allows to override this variable from the command line for more flexibility. The variable defaults to its original setting if the optional argument is not passed. [YOCTO #12891] (Bitbake rev: e073775d3b6980fc8004ae28a3ccc3c5bbf50fb2) (Bitbake rev: 486e571b1caaf7f86f8f969c512566487bcd9841) Signed-off-by: Awais Belal <awais_belal@mentor.com> Signed-off-by: David Reyna <David.Reyna@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: toaster: use a more flexible way to find bitbakeAwais Belal2018-09-101-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | The current mechanism for finding the bitbake binary assumes a directory structure which is identical to poky, where oe-core's meta and bitbake directories are at the same level. There can be a case where bitbake is used from elsewhere and in such cases the above mentioned assumption fails to hold, whereas this is totally allowed by the oe-init-build-env script which can take bitbakedir as an argument. The better approach is to allow bitbake to be derived from PATH, while keeping the older mechanism in place so it can be removed after tests are done in various environments. This makes more sense as toaster has also been launched from the same bitbake instance that is the one in PATH. [YOCTO #12891] (Bitbake rev: 15340edce23e63b060c75114d508e1f76757239c) Signed-off-by: Awais Belal <awais_belal@mentor.com> Signed-off-by: David Reyna <David.Reyna@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: toaster: allow pokydirname to be evaluated when all layers are localAwais Belal2018-09-101-3/+15
| | | | | | | | | | | | | | | | | | | | Toaster depends on pokydirname for identifying the location of the oe-init-build-env script (and there might be other purposes in the future). The problem with current approach is that it only checks/sets the variable with git based repos, whereas toaster provides mechanisms to allow having layers that are all locally available. The evaluation of the variable fails in such scenarios, so use a more flexible mechanism in this case and try to locate poky in the local layers as well, if not already set. [YOCTO #12891] (Bitbake rev: 971c728075af05e71edfd8e5212728c3dd0787b6) Signed-off-by: Awais Belal <awais.belal@mentor.com> Signed-off-by: David Reyna <David.Reyna@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: checksum: sanity check path when recursively checksummingRoss Burton2018-08-291-0/+2
| | | | | | | | | | In case something goes tragically wrong, catch a request to checksum / and refuse. (Bitbake rev: 7444419b7fda34e14d653ba8470f5dfabb5da4f3) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: utils/md5_file: don't iterate line-by-lineRoss Burton2018-08-291-4/+9
| | | | | | | | | | | | | | | Opening a file in binary mode and iterating it seems like the simple solution but will still break on newlines, which for binary files isn't really useful as the size of the chunks could be huge or tiny. Instead, let's be a bit more clever: we'll be MD5ing lots of files, but we don't want to fill up memory: use mmap() to open the file and read the file in 8k blocks. (Bitbake rev: 41e6161c8ce8cc90ebc93d72852673ae60fac923) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* swig: Remove superfluous python dependencyJoshua Watt2018-08-291-1/+1
| | | | | | | | | | | | | | The actual dependency on native Python and is handled by inheriting python3native (From OE-Core rev: 115a6dea664c9b18fd19b79659029afb52b1a660) (From OE-Core rev: 82b018956763bf85b90d512c8a6bc96d59fa67fd) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* patch: fix CVE-2018-6952Hongxu Jia2018-08-292-0/+37
| | | | | | | | | | | (From OE-Core rev: 1314a6953aa647706107557faaba8574e307d2bd) (From OE-Core rev: 100d7f19b7075b54dcc60f07ef8159e0e4f5be8c) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: CVE-2018-12015Jagadeesh Krishnanjanappa2018-08-292-0/+49
| | | | | | | | | | | | | | | | | | Remove existing files before overwriting them Archive should extract only the latest same-named entry. Extracted regular file should not be writtent into existing block device (or any other one). https://rt.cpan.org/Ticket/Display.html?id=125523 Affects perl <= 5.26.2 (From OE-Core rev: ca005cd857f8e79b135c43526d5b792478a07eb3) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: CVE-2018-6913Jagadeesh Krishnanjanappa2018-08-292-0/+154
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (perl #131844) fix various space calculation issues in pp_pack.c - for the originally reported case, if the start/cur pointer is in the top 75% of the address space the add (cur) + glen addition would overflow, resulting in the condition failing incorrectly. - the addition of the existing space used to the space needed could overflow, resulting in too small an allocation and a buffer overflow. - the scaling for UTF8 could overflow. - the multiply to calculate the space needed for many items could overflow. For the first case, do a space calculation without making new pointers. For the other cases, detect the overflow and croak if there's an overflow. Originally this used Size_t_MAX as the maximum size of a memory allocation, but for -DDEBUGGING builds realloc() throws a panic for allocations over half the address space in size, changing the error reported for the allocation. For non-DEBUGGING builds the Size_t_MAX limit has the small chance of finding a system that has 3GB of contiguous space available, and allocating that space, which could be a denial of servce in some cases. Unfortunately changing the limit to half the address space means that the exact case with the original issue can no longer occur, so the test is no longer testing against the address + length issue that caused the original problem, since the allocation is failing earlier. One option would be to change the test so the size request by pack is just under 2GB, but this has a higher (but still low) probability that the system has the address space available, and will actually try to allocate the memory, so let's not do that. Note: changed plan tests => 14713; to plan tests => 14712; in a/t/op/pack.t to apply this patch on perl 5.24.1. Affects perl < 5.26.2 (From OE-Core rev: 0542779d2f1a8977a732800a8998fd88971c0c1d) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: CVE-2018-6797Jagadeesh Krishnanjanappa2018-08-292-0/+46
| | | | | | | | | | | | | | | (perl #132227) restart a node if we change to uni rules within the node and encounter... This could lead to a buffer overflow. (cherry picked from commit a02c70e35d1313a5f4e245e8f863c810e991172d) Affects perl >= 5.18 && perl <= 5.26 (From OE-Core rev: 109ffd1b3d10753bfd711a14ad59b194ca3ce831) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: CVE-2018-6798Jagadeesh Krishnanjanappa2018-08-293-0/+169
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * CVE-2018-6798-1 The proximal cause is several instances in regexec.c of the code assuming that the input was valid UTF-8, whereas the input was too short for what the start byte claimed it would be. I grepped through the core for any other similar uses, and did not find any. (cherry picked from commit fe7d8ba0a1bf567af8fa8fea128e2b9f4c553e84) * CVE-2018-6798-2 The first patch for 132063 prevented the buffer read overflow when dumping the warning but didn't fix the underlying problem. The next change treats the supplied buffer correctly, preventing the non-UTF-8 SV from being treated as UTF-8, preventing the warning. (cherry picked from commit 1e8b61488f195e1396aa801c685340b156104f4f) Affects perl >= 5.22 && perl <= 5.26 (From OE-Core rev: 4aaf09b9d657b1c2df85bf509008beacd6a00342) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: CVE-2018-12617Jagadeesh Krishnanjanappa2018-08-292-0/+54
| | | | | | | | | | | | | | | | | qga: check bytes count read by guest-file-read While reading file content via 'guest-file-read' command, 'qmp_guest_file_read' routine allocates buffer of count+1 bytes. It could overflow for large values of 'count'. Add check to avoid it. Affects qemu < v3.0.0 (From OE-Core rev: a11c8ee86007f7f7a34b9dc29d01acc323b71873) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: CVE-2018-7550Jagadeesh Krishnanjanappa2018-08-292-0/+63
| | | | | | | | | | | | | | | | | | multiboot: bss_end_addr can be zero The multiboot spec (https://www.gnu.org/software/grub/manual/multiboot/), section 3.1.3, allows for bss_end_addr to be zero. A zero bss_end_addr signifies there is no .bss section. Affects qemu < v2.12.0 (From OE-Core rev: 9f1d026168956e7bf45135577c123f7679a6ebba) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: CVE-2018-1000030Jagadeesh Krishnanjanappa2018-08-293-1/+447
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * CVE-2018-1000030-1 [2.7] bpo-31530: Stop crashes when iterating over a file on multiple threads * CVE-2018-1000030-2 Multiple threads iterating over a file can corrupt the file's internal readahead buffer resulting in crashes. To fix this, cache buffer state thread-locally for the duration of a file_iternext call and only update the file's internal state after reading completes. No attempt is made to define or provide "reasonable" semantics for iterating over a file on multiple threads. (Non-crashing) races are still present. Duplicated, corrupt, and missing data will happen. This was originally fixed by 6401e56, which raised an exception from seek() and next() when concurrent operations were detected. Alas, this simpler solution breaks legitimate use cases such as capturing the standard streams when multiple threads are logging. Affects python <= 2.7.14 (From OE-Core rev: 4b6c84e0f950f839bfb8c40f197197f838d8b733) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* procps: CVE-2018-1124Jagadeesh Krishnanjanappa2018-08-292-0/+177
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | proc/readproc.c: Fix bugs and overflows in file2strvec(). Note: this is by far the most important and complex patch of the whole series, please review it carefully; thank you very much! For this patch, we decided to keep the original function's design and skeleton, to avoid regressions and behavior changes, while fixing the various bugs and overflows. And like the "Harden file2str()" patch, this patch does not fail when about to overflow, but truncates instead: there is information available about this process, so return it to the caller; also, we used INT_MAX as a limit, but a lower limit could be used. The easy changes: - Replace sprintf() with snprintf() (and check for truncation). - Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and do break instead of return: it simplifies the code (only one place to handle errors), and also guarantees that in the while loop either n or tot is > 0 (or both), even if n is reset to 0 when about to overflow. - Remove the "if (n < 0)" block in the while loop: it is (and was) dead code, since we enter the while loop only if n >= 0. - Rewrite the missing-null-terminator detection: in the original function, if the size of the file is a multiple of 2047, a null- terminator is appended even if the file is already null-terminated. - Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)": originally, it was equivalent to "if (n < 0)", but we added "tot <= 0" to handle the first break of the while loop, and to guarantee that in the rest of the function tot is > 0. - Double-force ("belt and suspenders") the null-termination of rbuf: this is (and was) essential to the correctness of the function. - Replace the final "while" loop with a "for" loop that behaves just like the preceding "for" loop: in the original function, this would lead to unexpected results (for example, if rbuf is |\0|A|\0|, this would return the array {"",NULL} but should return {"","A",NULL}; and if rbuf is |A|\0|B| (should never happen because rbuf should be null- terminated), this would make room for two pointers in ret, but would write three pointers to ret). The hard changes: - Prevent the integer overflow of tot in the while loop, but unlike file2str(), file2strvec() cannot let tot grow until it almost reaches INT_MAX, because it needs more space for the pointers: this is why we introduced ARG_LEN, which also guarantees that we can add "align" and a few sizeof(char*)s to tot without overflowing. - Prevent the integer overflow of "tot + c + align": when INT_MAX is (almost) reached, we write the maximal safe amount of pointers to ret (ARG_LEN guarantees that there is always space for *ret = rbuf and the NULL terminator). Affects procps-ng < 3.3.15 (From OE-Core rev: 82d873a1b73da25ae415afe0e6203693f78b88c9) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: CVE-2018-7169Jagadeesh Krishnanjanappa2018-08-292-0/+187
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | newgidmap: enforce setgroups=deny if self-mapping a group This is necessary to match the kernel-side policy of "self-mapping in a user namespace is fine, but you cannot drop groups" -- a policy that was created in order to stop user namespaces from allowing trivial privilege escalation by dropping supplementary groups that were "blacklisted" from certain paths. This is the simplest fix for the underlying issue, and effectively makes it so that unless a user has a valid mapping set in /etc/subgid (which only administrators can modify) -- and they are currently trying to use that mapping -- then /proc/$pid/setgroups will be set to deny. This workaround is only partial, because ideally it should be possible to set an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow administrators to further restrict newgidmap(1). We also don't write anything in the "allow" case because "allow" is the default, and users may have already written "deny" even if they technically are allowed to use setgroups. And we don't write anything if the setgroups policy is already "deny". Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 Fixes: CVE-2018-7169 Affects shadow <= 4.5 (From OE-Core rev: a875522540372a4fa6658885692e564dfd729f54) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnupg: CVE-2018-12020Jagadeesh Krishnanjanappa2018-08-292-0/+48
| | | | | | | | | | | gpg: Sanitize diagnostic with the original file name. * g10/mainproc.c (proc_plaintext): Sanitize verbose output. (From OE-Core rev: f1c0da2bcb0587ac25176db11365d4a2a15b3d30) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: CVE-2018-11235Jagadeesh Krishnanjanappa2018-08-292-1/+290
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | submodule-config: verify submodule names as paths Submodule "names" come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting "../" into the name (among other things). Let's sanity-check these names to avoid building a path that can be exploited. There are two main decisions: 1. What should the allowed syntax be? It's tempting to reuse verify_path(), since submodule names typically come from in-repo paths. But there are two reasons not to: a. It's technically more strict than what we need, as we really care only about breaking out of the $GIT_DIR/modules/ hierarchy. E.g., having a submodule named "foo/.git" isn't actually dangerous, and it's possible that somebody has manually given such a funny name. b. Since we'll eventually use this checking logic in fsck to prevent downstream repositories, it should be consistent across platforms. Because verify_path() relies on is_dir_sep(), it wouldn't block "foo\..\bar" on a non-Windows machine. 2. Where should we enforce it? These days most of the .gitmodules reads go through submodule-config.c, so I've put it there in the reading step. That should cover all of the C code. We also construct the name for "git submodule add" inside the git-submodule.sh script. This is probably not a big deal for security since the name is coming from the user anyway, but it would be polite to remind them if the name they pick is invalid (and we need to expose the name-checker to the shell anyway for our test scripts). This patch issues a warning when reading .gitmodules and just ignores the related config entry completely. This will generally end up producing a sensible error, as it works the same as a .gitmodules file which is missing a submodule entry (so "submodule update" will barf, but "git clone --recurse-submodules" will print an error but not abort the clone. There is one minor oddity, which is that we print the warning once per malformed config key (since that's how the config subsystem gives us the entries). So in the new test, for example, the user would see three warnings. That's OK, since the intent is that this case should never come up outside of malicious repositories (and then it might even benefit the user to see the message multiple times). Credit for finding this vulnerability and the proof of concept from which the test script was adapted goes to Etienne Stalmans. Affects: git < 2.13.7 and git < 2.14.4 and git < 2.15.2 and git < 2.16.4 and git < 2.17.1 (From OE-Core rev: 229bb7cd70c79944d54696d50f4f34df85a5804a) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgcrypt: CVE-2018-0495Jagadeesh Krishnanjanappa2018-08-292-0/+77
| | | | | | | | | | | | ecc: Add blinding for ECDSA. * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with randomized nonce B. (From OE-Core rev: e05c9b1be8e852293dfc7026f0e3178c3bc5444d) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* coreutils: CVE-2017-18018Jagadeesh Krishnanjanappa2018-08-293-0/+125
| | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2017-18018-1: doc: clarify chown/chgrp --dereference defaults * doc/coreutils.texi: the documentation for the --dereference flag of chown/chgrp states that it is the default mode of operation. Document that this is only the case when operating non-recursively. CVE-2017-18018-2: doc: warn about following symlinks recursively in chown/chgrp In both chown and chgrp (which shares its code with chown), operating on symlinks recursively has a window of vulnerability where the destination user or group can change the target of the operation. Warn about combining the --dereference, --recursive, and -L flags. * doc/coreutils.texi (warnOptDerefWithRec): Add macro. (node chown invocation): Add it to --dereference and -L. (node chgrp invocation): Likewise. Affects coreutils <= 8.29 (From OE-Core rev: a523bc6a2ff7d5b5415a789de02fb055ccd2c077) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: CVE-2017-14634Jagadeesh Krishnanjanappa2018-08-292-0/+43
| | | | | | | | | | | | | | | | | | | | | | | | | double64_init: Check psf->sf.channels against upper bound This prevents division by zero later in the code. While the trivial case to catch this (i.e. sf.channels < 1) has already been covered, a crafted file may report a number of channels that is so high (i.e. > INT_MAX/sizeof(double)) that it "somehow" gets miscalculated to zero (if this makes sense) in the determination of the blockwidth. Since we only support a limited number of channels anyway, make sure to check here as well. CVE-2017-14634 Closes: #318 Affects libsndfile1 = 1.0.28 (From OE-Core rev: 00da7bad24cf78c9dba091b9e480515f25886b48) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: CVE-2017-14245 CVE-2017-14246Jagadeesh Krishnanjanappa2018-08-292-0/+122
| | | | | | | | | | | | | | | | | | | | sfe_copy_data_fp: check value of "max" variable for being normal and check elements of the data[] array for being finite. Both checks use functions provided by the <math.h> header as declared by the C99 standard. Fixes #317 CVE-2017-14245 CVE-2017-14246 Affects libsndfile1 = 1.0.28 (From OE-Core rev: 39b1dc89ce2870d1a2630b2319783a6203cbcb08) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: CVE-2017-14503Jagadeesh Krishnanjanappa2018-08-292-0/+34
| | | | | | | | | | | | Reject LHA archive entries with negative size. Affects libarchive = 3.3.2 (From OE-Core rev: 3e000591928cfc35df192c7eb00db65687930566) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* flac: CVE-2017-6888Jagadeesh Krishnanjanappa2018-08-292-1/+33
| | | | | | | | | | | | | | stream_decoder.c: Fix a memory leak Leak reported by Secunia Research. Affects flac = 1.3.2 (From OE-Core rev: bca64ae1b02717c04edfee6dcc9a89cfa91d0c73) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nasm: fix CVE-2018-8883 & CVE-2018-8882 & CVE-2018-10316Hongxu Jia2018-08-294-0/+148
| | | | | | | | | | | (From OE-Core rev: 10a52e436d2f9a40c04271bc8aeb04c75fb11383) (From OE-Core rev: 058bdd077da005d412fbbcd98d70fbd80fa80555) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: fix CVE-2018-1000035Changqing Li2018-08-292-0/+49
| | | | | | | | | | | (From OE-Core rev: f75289b9215580030540245cd0b5f945bfb05ffa) (From OE-Core rev: 97a52df900519b0c7fbb9e92a3168a542d68aba6) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: fix symlink problemRoss Burton2018-08-292-0/+27
| | | | | | | | | | | | | Large zip files can cause unzip to crash, take a patch from Fedora to fix it. (From OE-Core rev: a001833b7c7a0a6eef88e053fe65e2a0c91ca7bc) (From OE-Core rev: 61235238157b747d47728f6c3d9ad8241dde0102) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update 1.1.0h -> 1.1.0iAndrej Valek2018-08-292-32/+2
| | | | | | | | | | | | | | | | Please see this security advisory: https://www.openssl.org/news/secadv/20180612.txt Remove obsolete patch. (From OE-Core rev: 0d19caefeeca14f44c80ccb716c30b17f14255a5) (From OE-Core rev: 784059db22d763ca9f579a10a34fd90c68542e82) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update 1.0.2o -> 1.0.2pAndrej Valek2018-08-2931-34/+28
| | | | | | | | | | | | | | | | Please see this security advisory: https://www.openssl.org/news/secadv/20180612.txt Refresh patches (From OE-Core rev: ff3db93e53c4f9d56807d3755c799459944e9a87) (From OE-Core rev: 84233553e963e26ca5f9f983662d4bd133176bb9) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl-1.1: fix c_rehash perl errorsAndrej Valek2018-08-292-0/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | Patch original c_rehash script with Debian patch instead of overriding it with own version. Error output from c_reshah without patching: Unknown regexp modifier "/b" at ./c_rehash line 15, at end of line Unknown regexp modifier "/W" at ./c_rehash line 28, at end of line Unknown regexp modifier "/3" at ./c_rehash line 28, at end of line Unknown regexp modifier "/2" at ./c_rehash line 28, at end of line No such class installdir at ./c_rehash line 63, near "Prefix our installdir" (Might be a runaway multi-line // string starting on line 28) syntax error at ./c_rehash line 63, near "Prefix our installdir" Can't redeclare "my" in "my" at ./c_rehash line 68, near "" Execution of ./c_rehash aborted due to compilation errors. (From OE-Core rev: f8a826f497073533a3e4c390255ae197d65d6ef3) (From OE-Core rev: 4524d1f916b55db6d280ff51a41933b8ec9046b0) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Marko Peter <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl_1.0: drop unnecessary call to perlpath.pl from do_configure()Andre McCurdy2018-08-293-93/+0
| | | | | | | | | | | | | | | | | | The perlpath.pl script is used to patch the #! lines in all perl scripts in the utils directory. However, as these scripts are run via e.g. "perl foo.pl", they don't actually rely on the #! path to be correct (which can be confirmed by the observation that the path is currently being set to ${STAGING_BINDIR_NATIVE}/perl, which doesn't exist). (From OE-Core rev: ba88fe46d47846042518a5a1017d782ba548202c) (From OE-Core rev: 1b0dcca0f083081295f32f09b408ab6c6c10f66f) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl_1.0: drop unnecessary dependency on makedepend-nativeAndre McCurdy2018-08-291-1/+1
| | | | | | | | | | | | | | | | | | | | The openssl Configure script will only select standalone makedepend (vs running "$CC -M") when building with gcc < 3.x or with an Apple Xcode version which predates the switch to clang (in approx 2010?). Neither of these cases are possible when building under OE, therefore the dependency on makedepend-native can be dropped (ie align the openssl 1.0 recipe with the 1.1 recipe, which has dropped the makedepend-native dependency already). (From OE-Core rev: 4c5bd69e5cb203c8a4c2f3716c941661c0afc830) (From OE-Core rev: 74524ec2a0f5a4210dd6680afb4b685a69f96a71) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix missing dependency on hostperl-runtime-nativeAndre McCurdy2018-08-291-0/+2
| | | | | | | | | | | | | | | Openssl 1.1 requires perl in order to build (just as openssl 1.0 does). The missing dependency has gone unnoticed up to now since hostperl-runtime-native is included in ASSUME_PROVIDED. (From OE-Core rev: ed5f8bb582453e7d8a1636ad1463380076209bd2) (From OE-Core rev: 33a9519040b6e5cd9e83bb76589f75b00f1cd1c2) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl_1.0: squash whitespace in CC_INFOAndre McCurdy2018-08-291-1/+1
| | | | | | | | | | | | | | | | Squash whitespace in CC_INFO to avoid recipe whitespace changes to CFLAG affecting the final openssl binaries (the value of CC_INFO gets embedded in libcrypto, via buildinf.h). (From OE-Core rev: 2227c51896d4399daac9d85f40d7510b7c8ae03f) (From OE-Core rev: 0bda7fda8ce11b9b8c4c69aee1afbda30c3eadd5) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl_1.0: add PACKAGECONFIG option to control manpagesAndre McCurdy2018-08-292-2/+37
| | | | | | | | | | | | | | | | | | | Creating the openssl manpages, which happens as part of do_install(), can take a significant amount of time (e.g. ~50 seconds on a quad core laptop). Provide a PACKAGECONFIG option to allow creation of the manpages to be skipped completely if not required and inherit the manpages class to automatically control the PACKAGECONFIG option (based on the "api-documentation" distro feature). (From OE-Core rev: 1ddca1872f64c566fd812a6ec44f2d4e4d84f58f) (From OE-Core rev: 061c17ff22f4df573bccbf4b66f2fdf5501c3617) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl_1.0: drop unmaintained darwin supportAndre McCurdy2018-08-291-7/+0
| | | | | | | | | | | | | | | | The fact that the darwin support only appears to consider x86 (and not x86_64) suggests that it's not maintained or tested. In general oe-core doesn't support building on darwin. (From OE-Core rev: 9c7f37bb1345c38211acd137c00b9d07f92601a7) (From OE-Core rev: ebe53ed0e34b88c7d7fef22e1a5ad4959517fdab) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl_1.0: drop obsolete exporting of AS, EX_LIBS and DIRSAndre McCurdy2018-08-291-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | Previously (when EXTRA_OEMAKE contained -e) exporting these variables over-rode default values in the top-level openssl Makefile. However, since -e was removed from EXTRA_OEMAKE as part of: http://git.openembedded.org/openembedded-core/commit/?id=537a404cfbb811fcb526cdb5f2e059257de6ef13 exporting these variables does nothing. The comment from that commit that only AR is affected by removing -e wasn't correct, but the effects of letting the openssl Makefile also control AS, EX_LIBS and DIRS seem to be either benign or beneficial. Since without -e make ignores DIRS from the environment and always runs for all subdirs (including "test"), adding "test" to DIRS and calling "make depend" again from do_compile_ptest() can be dropped. (From OE-Core rev: b3e81e3cf86dd8736b62a6b88d6a6dbe518c9e5e) (From OE-Core rev: 8aa33c15b7c71cda8de3e3571879a5d39c915adb) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl_1.0: drop obsolete ca.patchAndre McCurdy2018-08-292-23/+0
| | | | | | | | | | | | | | | | | | This patch adds a second line to the -help output of the CA.pl script (which lists almost the same command line options as the line above it but in a slightly different order). Although it's tagged as a Debian backport, there's no patch like it in recent Debian patch sets for openssl 1.0.2. (From OE-Core rev: 9b3af406747a3d565d12d948400d44fb12ab0d96) (From OE-Core rev: 4a136f8b2cfb6cdd5ba16a2ebbe9b418fead1c76) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: minor indent fixesAndre McCurdy2018-08-291-34/+35
| | | | | | | | | | | | | | | Fix inconsistent indent (and also make the openssl 1.1 recipe more consistent and consistent with the openssl 1.0 recipe). (From OE-Core rev: 69844643aa1b829c27f144db634c8223c18c783f) (From OE-Core rev: 3e0290b51da404761ac6a7d2657fd10693bf21b9) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: support musl-x32 buildAndre McCurdy2018-08-291-2/+4
| | | | | | | | | | | | | | | | Align the openssl 1.1 recipe with changes made to openssl 1.0: http://git.openembedded.org/openembedded-core/commit/?id=a072d4620db462c5d3459441d5684cfd99938400 (From OE-Core rev: 24e745aaa2354432a9112879450263cab742c85b) (From OE-Core rev: ec24fcc63e33b9c808b81968bad94e497051d350) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: remove uclibc remnantsAndre McCurdy2018-08-291-3/+0
| | | | | | | | | | | | | | | | Align the openssl 1.1 recipe with changes made to openssl 1.0: http://git.openembedded.org/openembedded-core/commit/?id=e01e7c543a559c8926d72159b5cd55db0c661434 (From OE-Core rev: 35cf2c1266927b609e0022be2c7bd8e08410a456) (From OE-Core rev: 7a5fd1ca7d4b3aa0060134e7ea2af57bb9f2fe07) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl_1.0: avoid running make twice for target do_compile()Andre McCurdy2018-08-291-6/+6
| | | | | | | | | | | | | | | | | Currently target builds call make twice as part of do_compile(). It appears to be an accidental side effect of needing to only pass CC_INFO on the make command line for target builds, since CC_INFO is only referenced by the reproducible build patches. (From OE-Core rev: 6c4942b5c771876ad0e62e56923f59cc71776157) (From OE-Core rev: 1aaca6b00c083eba25eb8502bbdffef4e45fafd8) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl_1.0: drop leading "-" from no-ssl3 config optionAndre McCurdy2018-08-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | Although passing -no-ssl3 works, comments in the openssl Configure script suggest doing so isn't really correct: s /^-no-/no-/; # some people just can't read the instructions The documented way to pass no-<cipher> config options is without a leading "-" https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/INSTALL (From OE-Core rev: 369927de1d94a295671d3750c95b70a497b13425) (From OE-Core rev: 3936fafb3bd85499361f32abef4919ad3c74d83f) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl_1.0: fix cryptodev-linux PACKAGECONFIG supportAndre McCurdy2018-08-292-6/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since openssl isn't an autotools recipe, defining cryptodev-linux related config options via PACKAGECONFIG hasn't worked correctly since PACKAGECONFIG_CONFARGS stopped being automatically appended to EXTRA_OECONF in 2016: http://git.openembedded.org/openembedded-core/commit/?id=c98fb5f5129e71829ffab4449b3d28082bc95ab4 The issue appears to have been hidden as the flags are also hardcoded in CFLAG - and therefore always enabled, regardless of the state of the PACKAGECONFIG option. Fix by passing both EXTRA_OECONF and PACKAGECONFIG_CONFARGS when running the openssl Configure script. Although the openssl 1.1 recipe doesn't contain any PACKAGECONFIG options yet, pre-emptively make the same fix there too. Also only enable cryptodev-linux by default for target builds (based on the historical comments in the recipe, that seems to have been the original intention). (From OE-Core rev: 6fee11b04b979a5b3237902d947db7118cafca2b) (From OE-Core rev: 201f4a889c0e4b3d13369e38662bf97ed8a9a8e1) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl_1.0: drop curly brackets from shell local variablesAndre McCurdy2018-08-291-2/+2
| | | | | | | | | | | | | | Make clear distinction between local variables and bitbake variables. (From OE-Core rev: d1e441db511faf9c170733c01ded8c56faac9ab6) (From OE-Core rev: cf9f9657eefd65817094f220af92f2791a8cb68e) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl_1.0: minor recipe formatting tweaks etcAndre McCurdy2018-08-291-60/+61
| | | | | | | | | | | | | | | | Drop redundant setting of S to its default value, fix inconsistent indent and re-order variables to align more closely to the OE style-guide. (From OE-Core rev: c36637a0304551bf2736bb15796947d9aaf00076) (From OE-Core rev: 67cde33115798b298f7840cad34d8ef91b3b7fa2) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl_1.0: merge openssl10.inc into the openssl_1.0.2o.bb recipeAndre McCurdy2018-08-292-306/+300
| | | | | | | | | | | | | | | | The openssl10.inc include file only has one user, so we can improve maintainability by merging the include file into the recipe which uses it. (From OE-Core rev: f5568740d5ff72090c3ca894ddfdc3078169da25) (From OE-Core rev: 5b4ffcbcdc28aec506a21f5abd76848c1de24011) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl_1.1: minor recipe formatting tweaks etcAndre McCurdy2018-08-291-27/+23
| | | | | | | | | | | | | | Drop redundant setting of S to its default value and re-order variables to align more closely to the OE style-guide. (From OE-Core rev: 4871481e66449dd2b054119b37d0baedb166b72c) (From OE-Core rev: 5da668175ee7c56067c1272e7a701d5c38e94524) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl_1.1: avoid using += with an over-rideAndre McCurdy2018-08-291-2/+2
| | | | | | | | | | | | | | | | | Using += with an over-ride can be a source of confusion so try to avoid the construct in core recipes. The current usage is incorrect and prevents the aarch64 and musl specific config options from being active together. (From OE-Core rev: 2a30a9ecab6465892698f7fc9d14a430d8a26f0c) (From OE-Core rev: 000da57cc858f5432153be849faba3862e4e9ed5) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>