From 791bb999eef6da39d2160701f7d308e86113eefd Mon Sep 17 00:00:00 2001 From: Adrian Dudau Date: Fri, 15 Jan 2016 17:17:43 +0100 Subject: initial commit for Enea Linux 5.0-ppc Signed-off-by: Adrian Dudau --- enea-init-build-env | 5 +- meta/files/toolchain-shar-template.sh | 2 + meta/lib/oe/package_manager.py | 83 +++++++++++++++++++++- .../nfs-utils/fix-segfault-in-add_name.patch | 59 +++++++++++++++ .../nfs-utils/nfs-utils_1.3.0.bb | 1 + .../files/add-test-support-for-busybox.patch | 61 ---------------- meta/recipes-connectivity/openssh/files/run-ptest | 7 -- meta/recipes-connectivity/openssh/openssh_6.6p1.bb | 3 +- .../python-2.7.3-CVE-2013-1752-httplib-fix.patch | 2 +- .../gnutls/gnutls/CVE-2015-6251.patch | 27 ------- meta/recipes-support/gnutls/gnutls_3.3.5.bb | 1 - 11 files changed, 147 insertions(+), 104 deletions(-) create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/fix-segfault-in-add_name.patch delete mode 100644 meta/recipes-connectivity/openssh/files/add-test-support-for-busybox.patch delete mode 100755 meta/recipes-connectivity/openssh/files/run-ptest delete mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch diff --git a/enea-init-build-env b/enea-init-build-env index 9bc5bab43f..ba545a9112 100755 --- a/enea-init-build-env +++ b/enea-init-build-env @@ -200,10 +200,7 @@ else echo "*** Info: Inheriting distrodata." fi - echo -e '\nLICENSE_FLAGS_WHITELIST += "non-commercial"\n' >> conf/local.conf - echo "*** Info: Need to set LICENSE_FLAGS_WHITELIST for netperf" - - if [[ -n $DISTRO ]]; then + if [[ -n $DISTRO ]]; then sed -i -e "s|^DISTRO.*|DISTRO ?= \"$DISTRO\"|" conf/local.conf sed -i -e 's|^PACKAGE_CLASSES ?= "package_rpm"|PACKAGE_CLASSES ?= "package_rpm package_ipk"|' conf/local.conf echo "*** Info: Setting PACKAGE_CLASSES to ipk and rpm" diff --git a/meta/files/toolchain-shar-template.sh b/meta/files/toolchain-shar-template.sh index 4a7fbd50c6..b8c5685b4e 100644 --- a/meta/files/toolchain-shar-template.sh +++ b/meta/files/toolchain-shar-template.sh @@ -1,5 +1,7 @@ #!/bin/bash +[ -z "$ENVCLEANED" ] && exec /usr/bin/env -i ENVCLEANED=1 "$0" "$@" + INST_ARCH=$(uname -m | sed -e "s/i[3-6]86/ix86/" -e "s/x86[-_]64/x86_64/") SDK_ARCH=$(echo @SDK_ARCH@ | sed -e "s/i[3-6]86/ix86/" -e "s/x86[-_]64/x86_64/") diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py index 505509543d..e4a935a2c5 100644 --- a/meta/lib/oe/package_manager.py +++ b/meta/lib/oe/package_manager.py @@ -536,12 +536,12 @@ class PackageManager(object): cmd.extend(['-x', exclude]) try: bb.note("Installing complementary packages ...") + bb.note('Running %s' % cmd) complementary_pkgs = subprocess.check_output(cmd, stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: bb.fatal("Could not compute complementary packages list. Command " "'%s' returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output)) - self.install(complementary_pkgs.split(), attempt_only=True) def deploy_dir_lock(self): @@ -952,6 +952,35 @@ class RpmPM(PackageManager): def update(self): self._invoke_smart('update rpmsys') + def get_rdepends_recursively(self, pkgs): + # pkgs will be changed during the loop, so use [:] to make a copy. + for pkg in pkgs[:]: + sub_data = oe.packagedata.read_subpkgdata(pkg, self.d) + sub_rdep = sub_data.get("RDEPENDS_" + pkg) + if not sub_rdep: + continue + done = bb.utils.explode_dep_versions2(sub_rdep).keys() + next = done + # Find all the rdepends on dependency chain + while next: + new = [] + for sub_pkg in next: + sub_data = oe.packagedata.read_subpkgdata(sub_pkg, self.d) + sub_pkg_rdep = sub_data.get("RDEPENDS_" + sub_pkg) + if not sub_pkg_rdep: + continue + for p in bb.utils.explode_dep_versions2(sub_pkg_rdep): + # Already handled, skip it. + if p in done or p in pkgs: + continue + # It's a new dep + if oe.packagedata.has_subpkgdata(p, self.d): + done.append(p) + new.append(p) + next = new + pkgs.extend(done) + return pkgs + ''' Install pkgs with smart, the pkg name is oe format ''' @@ -960,8 +989,58 @@ class RpmPM(PackageManager): bb.note("Installing the following packages: %s" % ' '.join(pkgs)) if attempt_only and len(pkgs) == 0: return + if not attempt_only: + # Pull in multilib requires since rpm may not pull in them + # correctly, for example, + # lib32-packagegroup-core-standalone-sdk-target requires + # lib32-libc6, but rpm may pull in libc6 rather than lib32-libc6 + # since it doesn't know mlprefix (lib32-), bitbake knows it and + # can handle it well, find out the RDEPENDS on the chain will + # fix the problem. Both do_rootfs and do_populate_sdk have this + # issue. + # The attempt_only packages don't need this since they are + # based on the installed ones. + # + # Separate pkgs into two lists, one is multilib, the other one + # is non-multilib. + ml_pkgs = [] + non_ml_pkgs = pkgs[:] + for pkg in pkgs: + for mlib in (self.d.getVar("MULTILIB_VARIANTS", True) or "").split(): + if pkg.startswith(mlib + '-'): + ml_pkgs.append(pkg) + non_ml_pkgs.remove(pkg) + + if len(ml_pkgs) > 0 and len(non_ml_pkgs) > 0: + # Found both foo and lib-foo + ml_pkgs = self.get_rdepends_recursively(ml_pkgs) + non_ml_pkgs = self.get_rdepends_recursively(non_ml_pkgs) + # Longer list makes smart slower, so only keep the pkgs + # which have the same BPN, and smart can handle others + # correctly. + pkgs_new = [] + for pkg in non_ml_pkgs: + for mlib in (self.d.getVar("MULTILIB_VARIANTS", True) or "").split(): + mlib_pkg = mlib + "-" + pkg + if mlib_pkg in ml_pkgs: + pkgs_new.append(pkg) + pkgs_new.append(mlib_pkg) + for pkg in pkgs: + if pkg not in pkgs_new: + pkgs_new.append(pkg) + pkgs = pkgs_new + new_depends = {} + deps = bb.utils.explode_dep_versions2(" ".join(pkgs)) + for depend in deps: + data = oe.packagedata.read_subpkgdata(depend, self.d) + key = "PKG_%s" % depend + if key in data: + new_depend = data[key] + else: + new_depend = depend + new_depends[new_depend] = deps[depend] + pkgs = bb.utils.join_deps(new_depends, commasep=True).split(', ') pkgs = self._pkg_translate_oe_to_smart(pkgs, attempt_only) - if not attempt_only: bb.note('to be installed: %s' % ' '.join(pkgs)) cmd = "%s %s install -y %s" % \ diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/fix-segfault-in-add_name.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/fix-segfault-in-add_name.patch new file mode 100644 index 0000000000..4ebf2dcee4 --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/fix-segfault-in-add_name.patch @@ -0,0 +1,59 @@ +commit 25e83c2270b2d2966c992885faed0b79be09f474 +Author: Jeff Layton +Date: Thu May 1 11:15:16 2014 -0400 + + mountd: fix segfault in add_name with newer gcc compilers + + I hit a segfault in add_name with a mountd built with gcc-4.9.0. Some + NULL pointer checks got reordered such that a pointer was dereferenced + before checking to see whether it was NULL. The problem was due to + nfs-utils relying on undefined behavior, which tricked gcc into assuming + that the pointer would never be NULL. + + At first I assumed that this was a compiler bug, but Jakub Jelinek and + Jeff Law pointed out: + + "If old is NULL, then: + + strncpy(new, old, cp-old); + + is undefined behavior (even when cp == old == NULL in that case), + therefore gcc assumes that old is never NULL, as otherwise it would be + invalid. + + Just guard + strncpy(new, old, cp-old); + new[cp-old] = 0; + with if (old) { ... }." + + This patch does that. If old is NULL though, then we still need to + ensure that new is NULL terminated, lest the subsequent strcats walk off + the end of it. + + Cc: Jeff Law + Cc: Jakub Jelinek + Signed-off-by: Jeff Layton + Signed-off-by: Steve Dickson + + Upstream-Status:Backport + Signed-off-by: Tudor Florea + +diff --git a/support/export/client.c b/support/export/client.c +index dbf47b9..f85e11c 100644 +--- a/support/export/client.c ++++ b/support/export/client.c +@@ -482,8 +482,12 @@ add_name(char *old, const char *add) + else + cp = cp + strlen(cp); + } +- strncpy(new, old, cp-old); +- new[cp-old] = 0; ++ if (old) { ++ strncpy(new, old, cp-old); ++ new[cp-old] = 0; ++ } else { ++ new[0] = 0; ++ } + if (cp != old && !*cp) + strcat(new, ","); + strcat(new, add); diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.0.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.0.bb index 6e6d09bf42..dcdb35e51c 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.0.bb +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.0.bb @@ -31,6 +31,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x file://nfs-statd.service \ file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \ file://0001-statd-fixed-the-with-statdpath-flag.patch \ + file://fix-segfault-in-add_name.patch \ " SRC_URI[md5sum] = "6e93a7997ca3a1eac56bf219adab72a8" diff --git a/meta/recipes-connectivity/openssh/files/add-test-support-for-busybox.patch b/meta/recipes-connectivity/openssh/files/add-test-support-for-busybox.patch deleted file mode 100644 index 5913597dfd..0000000000 --- a/meta/recipes-connectivity/openssh/files/add-test-support-for-busybox.patch +++ /dev/null @@ -1,61 +0,0 @@ -Adjust test cases to work with busybox. - -- Replace dd parameter "obs" with "bs". -- Replace "head -" with "head -n ". - -Signed-off-by: Björn Stenberg -Upstream-status: Pending - ---- a/regress/cipher-speed.sh 2012-06-30 07:08:53.000000000 +0200 -+++ b/regress/cipher-speed.sh 2013-02-15 11:30:20.670022055 +0100 -@@ -26,7 +26,7 @@ - echon "$c/$m:\t" - ( ${SSH} -o 'compression no' \ - -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \ -- exec sh -c \'"dd of=/dev/null obs=32k"\' \ -+ exec sh -c \'"dd of=/dev/null bs=32k"\' \ - < ${DATA} ) 2>&1 | getbytes - - if [ $? -ne 0 ]; then -@@ -42,7 +42,7 @@ - echon "$c:\t" - ( ${SSH} -o 'compression no' \ - -F $OBJ/ssh_proxy -1 -c $c somehost \ -- exec sh -c \'"dd of=/dev/null obs=32k"\' \ -+ exec sh -c \'"dd of=/dev/null bs=32k"\' \ - < ${DATA} ) 2>&1 | getbytes - if [ $? -ne 0 ]; then - fail "ssh -1 failed with cipher $c" ---- a/regress/transfer.sh 2003-09-04 06:54:40.000000000 +0200 -+++ b/regress/transfer.sh 2013-02-15 11:25:34.666411185 +0100 -@@ -18,7 +18,7 @@ - for s in 10 100 1k 32k 64k 128k 256k; do - trace "proto $p dd-size ${s}" - rm -f ${COPY} -- dd if=$DATA obs=${s} 2> /dev/null | \ -+ dd if=$DATA bs=${s} 2> /dev/null | \ - ${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}" - if [ $? -ne 0 ]; then - fail "ssh cat $DATA failed" ---- a/regress/yes-head.sh 2005-11-28 06:41:03.000000000 +0100 -+++ b/regress/yes-head.sh 2013-02-15 11:55:11.413715068 +0100 -@@ -4,7 +4,7 @@ - tid="yes pipe head" - - for p in 1 2; do -- lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` -+ lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -n 2000"' | (sleep 3 ; wc -l)` - if [ $? -ne 0 ]; then - fail "yes|head test failed" - lines = 0; ---- a/regress/key-options.sh 2008-07-04 09:08:58.000000000 +0200 -+++ b/regress/key-options.sh 2013-02-15 12:06:05.109486098 +0100 -@@ -54,7 +54,7 @@ - fi - - sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys -- from=`head -1 $authkeys | cut -f1 -d ' '` -+ from=`head -n 1 $authkeys | cut -f1 -d ' '` - verbose "key option proto $p $from" - r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'` - if [ "$r" = "true" ]; then diff --git a/meta/recipes-connectivity/openssh/files/run-ptest b/meta/recipes-connectivity/openssh/files/run-ptest deleted file mode 100755 index 3e725cf282..0000000000 --- a/meta/recipes-connectivity/openssh/files/run-ptest +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -export TEST_SHELL=sh - -cd regress -make -k .OBJDIR=`pwd` .CURDIR=`pwd` tests \ - | sed -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g' diff --git a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb b/meta/recipes-connectivity/openssh/openssh_6.6p1.bb index f575665e4c..3807583d95 100644 --- a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_6.6p1.bb @@ -25,7 +25,8 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar. file://run-ptest \ file://openssh-CVE-2014-2532.patch \ file://openssh-CVE-2014-2653.patch \ - file://auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch" + file://auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch \ + file://openssh-ptest-fix-sshconnect.patch" PAM_SRC_URI = "file://sshd" diff --git a/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-httplib-fix.patch b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-httplib-fix.patch index e68f53f4bc..c9abe853a0 100644 --- a/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-httplib-fix.patch +++ b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-httplib-fix.patch @@ -1,6 +1,6 @@ Upstream-Status: Backport -CVE-2013-1752: httplib: HTTPMessage.readheaders() raises an HTTPException +CVE-2013-1752: httplib: HTTPMessage.readheaders() raises an HTTPException when more than 100 headers are read. Patch by Jyrki Pulliainen and Daniel Eriksson. diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch b/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch deleted file mode 100644 index 5a29a9671e..0000000000 --- a/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 272854367efc130fbd4f1a51840d80c630214e12 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Mon, 20 Jul 2015 21:49:28 +0200 -Subject: [PATCH] Reset the output value on error in _gnutls_x509_dn_to_string() - -Fixes CVE-2015-6251. -Upstream-Status: Backport - -Signed-off-by: Sona Sarmadi ---- - lib/x509/common.c | 1 + - 1 file changed, 1 insertion(+), 0 deletions(-) - -diff --git a/lib/x509/common.c b/lib/x509/common.c -index 94b6bbc..9a4b96f 100644 ---- a/lib/x509/common.c -+++ b/lib/x509/common.c -@@ -469,6 +469,7 @@ _gnutls_x509_dn_to_string(const char *oid, void *value, - if (ret < 0) { - gnutls_assert(); - gnutls_free(str->data); -+ str->data = NULL; - return ret; - } - str->size = size; --- -libgit2 0.23.4 diff --git a/meta/recipes-support/gnutls/gnutls_3.3.5.bb b/meta/recipes-support/gnutls/gnutls_3.3.5.bb index ce1da890f6..9f26470f41 100644 --- a/meta/recipes-support/gnutls/gnutls_3.3.5.bb +++ b/meta/recipes-support/gnutls/gnutls_3.3.5.bb @@ -3,7 +3,6 @@ require gnutls.inc SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \ file://eliminated-double-free-CVE-2015-3308.patch \ file://better-fix-for-double-free-CVE-2015-3308.patch \ - file://CVE-2015-6251.patch \ " SRC_URI[md5sum] = "1f396dcf3c14ea67de7243821006d1a2" -- cgit v1.2.3-54-g00ecf