poky: sumo refresh eebbc00b25..64a257fa22
Update poky to sumo HEAD.
Armin Kuster (1):
dhcp: allow for excluding the external bind
Awais Belal (1):
bitbake: bitbake: toaster: allow OE_ROOT to be provided through environment
Changqing Li (2):
unzip: fix for CVE-2018-18384
curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
Fabien Lahoudere (1):
archiver: Drop unwanted directories
Ioan-Adrian Ratiu (1):
wic: isoimage-isohybrid: fix UEFI spec breakage
Kosta Zertsekel (1):
meta: Use double colon for chown OWNER:GROUP
Matthias Schiffer (1):
base.bbclass: avoid 'find -ignore_readdir_race -delete'
Mohamad Noor Alim Hussin (1):
oeqa/selftest/recipetool: Fix problems from changing upstream source
Peter Kjellerstedt (4):
common-licenses: Correct the FreeType license text
apr: Trim license info extracted from apr_lib.h
apr-util: Trim license info extracted from apu_version.h
pixman: Trim license info extracted from pixman-matrix.c
Richard Purdie (4):
oeqa/selftest/wic: Use a subdir of builddir, not /var/
oeqa/selftest/wic: Ensure initramfs exists for test_iso_image
selftest/wic: Improve error message for test_fixed_size
crosssdk: Remove usage of host flags for cross-compilation
Ross Burton (3):
unzip: actually apply CVE-2018-18384
curl: actually apply latest CVE patches
gnupg: patch gnupg-native to allow path relocation
Scott Rifenbark (1):
kernel-dev: Updated phrasing for what a "defconfig" file is.
Change-Id: I08f7fbe91f3f7ed6f00b6ea691c33ee1e0d3205b
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/classes/archiver.bbclass b/poky/meta/classes/archiver.bbclass
index 31c9b7e..d68add9 100644
--- a/poky/meta/classes/archiver.bbclass
+++ b/poky/meta/classes/archiver.bbclass
@@ -267,6 +267,14 @@
create_tarball(d, srcdir, 'configured', ar_outdir)
}
+def exclude_useless_paths(tarinfo):
+ if tarinfo.isdir():
+ if tarinfo.name.endswith('/temp') or tarinfo.name.endswith('/patches') or tarinfo.name.endswith('/.pc'):
+ return None
+ elif tarinfo.name == 'temp' or tarinfo.name == 'patches' or tarinfo.name == '.pc':
+ return None
+ return tarinfo
+
def create_tarball(d, srcdir, suffix, ar_outdir):
"""
create the tarball from srcdir
@@ -291,7 +299,7 @@
bb.note('Creating %s' % tarname)
tar = tarfile.open(tarname, 'w:gz')
- tar.add(srcdir, arcname=os.path.basename(srcdir))
+ tar.add(srcdir, arcname=os.path.basename(srcdir), filter=exclude_useless_paths)
tar.close()
# creating .diff.gz between source.orig and source
diff --git a/poky/meta/classes/base.bbclass b/poky/meta/classes/base.bbclass
index abb4ead..2a6a6cb 100644
--- a/poky/meta/classes/base.bbclass
+++ b/poky/meta/classes/base.bbclass
@@ -303,7 +303,9 @@
if [ "${CLEANBROKEN}" != "1" -a \( -e Makefile -o -e makefile -o -e GNUmakefile \) ]; then
oe_runmake clean
fi
- find ${B} -ignore_readdir_race -name \*.la -delete
+ # -ignore_readdir_race does not work correctly with -delete;
+ # use xargs to avoid spurious build failures
+ find ${B} -ignore_readdir_race -name \*.la -type f -print0 | xargs -0 rm -f
fi
fi
if [ -n "${CONFIGURESTAMPFILE}" ]; then
diff --git a/poky/meta/classes/crosssdk.bbclass b/poky/meta/classes/crosssdk.bbclass
index ddb98d2..03b0c60 100644
--- a/poky/meta/classes/crosssdk.bbclass
+++ b/poky/meta/classes/crosssdk.bbclass
@@ -21,10 +21,10 @@
TARGET_CC_ARCH = "${SDK_CC_ARCH}"
TARGET_LD_ARCH = "${SDK_LD_ARCH}"
TARGET_AS_ARCH = "${SDK_AS_ARCH}"
-TARGET_CPPFLAGS = "${BUILD_CPPFLAGS}"
-TARGET_CFLAGS = "${BUILD_CFLAGS}"
-TARGET_CXXFLAGS = "${BUILD_CXXFLAGS}"
-TARGET_LDFLAGS = "${BUILD_LDFLAGS}"
+TARGET_CPPFLAGS = ""
+TARGET_CFLAGS = ""
+TARGET_CXXFLAGS = ""
+TARGET_LDFLAGS = ""
TARGET_FPU = ""
diff --git a/poky/meta/files/common-licenses/FreeType b/poky/meta/files/common-licenses/FreeType
index b7d4d11..3666649 100644
--- a/poky/meta/files/common-licenses/FreeType
+++ b/poky/meta/files/common-licenses/FreeType
@@ -48,7 +48,7 @@
encourage you to use the following text:
"""
- Portions of this software are copyright � <year> The FreeType
+ Portions of this software are copyright © <year> The FreeType
Project (www.freetype.org). All rights reserved.
"""
@@ -163,7 +163,7 @@
Our home page can be found at
- http://www.freetype.org
+ https://www.freetype.org
--- end of FTL.TXT ---
diff --git a/poky/meta/lib/oeqa/selftest/cases/recipetool.py b/poky/meta/lib/oeqa/selftest/cases/recipetool.py
index 754ea94..437eb2a 100644
--- a/poky/meta/lib/oeqa/selftest/cases/recipetool.py
+++ b/poky/meta/lib/oeqa/selftest/cases/recipetool.py
@@ -431,12 +431,12 @@
temprecipe = os.path.join(self.tempdir, 'recipe')
os.makedirs(temprecipe)
recipefile = os.path.join(temprecipe, 'navit_0.5.0.bb')
- srcuri = 'http://downloads.sourceforge.net/project/navit/v0.5.0/navit-0.5.0.tar.gz'
+ srcuri = 'http://downloads.yoctoproject.org/mirror/sources/navit-0.5.0.tar.gz'
result = runCmd('recipetool create -o %s %s' % (temprecipe, srcuri))
self.assertTrue(os.path.isfile(recipefile))
checkvars = {}
checkvars['LICENSE'] = set(['Unknown', 'GPLv2', 'LGPLv2'])
- checkvars['SRC_URI'] = 'http://downloads.sourceforge.net/project/navit/v${PV}/navit-${PV}.tar.gz'
+ checkvars['SRC_URI'] = 'http://downloads.yoctoproject.org/mirror/sources/navit-${PV}.tar.gz'
checkvars['SRC_URI[md5sum]'] = '242f398e979a6b8c0f3c802b63435b68'
checkvars['SRC_URI[sha256sum]'] = '13353481d7fc01a4f64e385dda460b51496366bba0fd2cc85a89a0747910e94d'
checkvars['DEPENDS'] = set(['freetype', 'zlib', 'openssl', 'glib-2.0', 'virtual/libgl', 'virtual/egl', 'gtk+', 'libpng', 'libsdl', 'freeglut', 'dbus-glib'])
diff --git a/poky/meta/lib/oeqa/selftest/cases/wic.py b/poky/meta/lib/oeqa/selftest/cases/wic.py
index b84466d..baf3af6 100644
--- a/poky/meta/lib/oeqa/selftest/cases/wic.py
+++ b/poky/meta/lib/oeqa/selftest/cases/wic.py
@@ -64,13 +64,13 @@
class Wic(OESelftestTestCase):
"""Wic test class."""
- resultdir = "/var/tmp/wic.oe-selftest/"
image_is_ready = False
native_sysroot = None
wicenv_cache = {}
def setUpLocal(self):
"""This code is executed before each test method."""
+ self.resultdir = self.builddir + "/wic-tmp/"
super(Wic, self).setUpLocal()
if not self.native_sysroot:
Wic.native_sysroot = get_bb_var('STAGING_DIR_NATIVE', 'wic-tools')
@@ -191,7 +191,7 @@
'MACHINE_FEATURES_append = " efi"\n'\
'DEPENDS_pn-core-image-minimal += "syslinux"\n'
self.append_config(config)
- bitbake('core-image-minimal')
+ bitbake('core-image-minimal core-image-minimal-initramfs')
self.remove_config(config)
cmd = "wic create mkhybridiso --image-name core-image-minimal -o %s" % self.resultdir
self.assertEqual(0, runCmd(cmd).status)
@@ -691,9 +691,7 @@
# verify partition size with wic
res = runCmd("parted -m %s unit mib p 2>/dev/null" % wicimg,
- ignore_status=True,
native_sysroot=self.native_sysroot)
- self.assertEqual(0, res.status)
# parse parted output which looks like this:
# BYT;\n
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp.inc b/poky/meta/recipes-connectivity/dhcp/dhcp.inc
index e943707..44e946c 100644
--- a/poky/meta/recipes-connectivity/dhcp/dhcp.inc
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp.inc
@@ -10,7 +10,7 @@
LICENSE = "ISC"
LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;md5=c5c64d696107f84b56fe337d14da1753"
-DEPENDS = "openssl bind"
+DEPENDS = "openssl"
SRC_URI = "http://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \
file://init-relay file://default-relay \
@@ -48,7 +48,6 @@
--with-srv6-lease-file=${localstatedir}/lib/dhcp/dhcpd6.leases \
--with-cli-lease-file=${localstatedir}/lib/dhcp/dhclient.leases \
--with-cli6-lease-file=${localstatedir}/lib/dhcp/dhclient6.leases \
- --with-libbind=${STAGING_LIBDIR}/ \
--enable-paranoia --disable-static \
--with-randomdev=/dev/random \
"
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch
index 006d18a..a20b5f9 100644
--- a/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch
@@ -20,10 +20,10 @@
server/tests/Makefile.am | 2 +-
8 files changed, 8 insertions(+), 8 deletions(-)
-diff --git a/client/Makefile.am b/client/Makefile.am
-index 4730bb3..84d8131 100644
---- a/client/Makefile.am
-+++ b/client/Makefile.am
+Index: dhcp-4.3.6/client/Makefile.am
+===================================================================
+--- dhcp-4.3.6.orig/client/Makefile.am
++++ dhcp-4.3.6/client/Makefile.am
@@ -4,7 +4,7 @@
# production code. Sadly, we are not there yet.
SUBDIRS = . tests
@@ -33,10 +33,10 @@
AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
-DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes
-diff --git a/client/tests/Makefile.am b/client/tests/Makefile.am
-index 5031d0c..a8dfd26 100644
---- a/client/tests/Makefile.am
-+++ b/client/tests/Makefile.am
+Index: dhcp-4.3.6/client/tests/Makefile.am
+===================================================================
+--- dhcp-4.3.6.orig/client/tests/Makefile.am
++++ dhcp-4.3.6/client/tests/Makefile.am
@@ -1,6 +1,6 @@
SUBDIRS = .
@@ -45,10 +45,10 @@
AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir)
-diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am
-index f6a43e4..2f98d22 100644
---- a/common/tests/Makefile.am
-+++ b/common/tests/Makefile.am
+Index: dhcp-4.3.6/common/tests/Makefile.am
+===================================================================
+--- dhcp-4.3.6.orig/common/tests/Makefile.am
++++ dhcp-4.3.6/common/tests/Makefile.am
@@ -1,6 +1,6 @@
SUBDIRS = .
@@ -57,40 +57,40 @@
AM_CPPFLAGS = $(ATF_CFLAGS) -I$(top_srcdir)/includes
-diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
-index ba8dd8b..9b2486e 100644
---- a/dhcpctl/Makefile.am
-+++ b/dhcpctl/Makefile.am
+Index: dhcp-4.3.6/dhcpctl/Makefile.am
+===================================================================
+--- dhcp-4.3.6.orig/dhcpctl/Makefile.am
++++ dhcp-4.3.6/dhcpctl/Makefile.am
@@ -1,4 +1,4 @@
-BINDLIBDIR = @BINDDIR@/lib
+BINDLIBDIR = @BINDDIR@
AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
-diff --git a/omapip/Makefile.am b/omapip/Makefile.am
-index dd1afa0..e4a8599 100644
---- a/omapip/Makefile.am
-+++ b/omapip/Makefile.am
+Index: dhcp-4.3.6/omapip/Makefile.am
+===================================================================
+--- dhcp-4.3.6.orig/omapip/Makefile.am
++++ dhcp-4.3.6/omapip/Makefile.am
@@ -1,4 +1,4 @@
-BINDLIBDIR = @BINDDIR@/lib
+BINDLIBDIR = @BINDDIR@
AM_CPPFLAGS = -I$(top_srcdir)/includes
- lib_LIBRARIES = libomapi.a
-diff --git a/relay/Makefile.am b/relay/Makefile.am
-index 6d652f6..b3bf578 100644
---- a/relay/Makefile.am
-+++ b/relay/Makefile.am
+ lib_LTLIBRARIES = libomapi.la
+Index: dhcp-4.3.6/relay/Makefile.am
+===================================================================
+--- dhcp-4.3.6.orig/relay/Makefile.am
++++ dhcp-4.3.6/relay/Makefile.am
@@ -1,4 +1,4 @@
-BINDLIBDIR = @BINDDIR@/lib
+BINDLIBDIR = @BINDDIR@
AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
-diff --git a/server/Makefile.am b/server/Makefile.am
-index 3990b9c..b5d8c2d 100644
---- a/server/Makefile.am
-+++ b/server/Makefile.am
+Index: dhcp-4.3.6/server/Makefile.am
+===================================================================
+--- dhcp-4.3.6.orig/server/Makefile.am
++++ dhcp-4.3.6/server/Makefile.am
@@ -4,7 +4,7 @@
# production code. Sadly, we are not there yet.
SUBDIRS = . tests
@@ -100,10 +100,10 @@
AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
-diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
-index a87c5e7..9821081 100644
---- a/server/tests/Makefile.am
-+++ b/server/tests/Makefile.am
+Index: dhcp-4.3.6/server/tests/Makefile.am
+===================================================================
+--- dhcp-4.3.6.orig/server/tests/Makefile.am
++++ dhcp-4.3.6/server/tests/Makefile.am
@@ -1,6 +1,6 @@
SUBDIRS = .
@@ -112,6 +112,3 @@
AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir)
---
-1.8.3.1
-
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch
index f128731..898b1fc 100644
--- a/poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch
@@ -23,11 +23,11 @@
server/tests/Makefile.am | 7 +++----
8 files changed, 26 insertions(+), 43 deletions(-)
-diff --git a/client/Makefile.am b/client/Makefile.am
-index 84d8131..e776bf0 100644
---- a/client/Makefile.am
-+++ b/client/Makefile.am
-@@ -15,7 +15,7 @@ dhclient_SOURCES = $(srcdir)/clparse.c $(srcdir)/dhclient.c $(srcdir)/dhc6.c \
+Index: dhcp-4.3.6/client/Makefile.am
+===================================================================
+--- dhcp-4.3.6.orig/client/Makefile.am
++++ dhcp-4.3.6/client/Makefile.am
+@@ -15,7 +15,7 @@ dhclient_SOURCES = $(srcdir)/clparse.c $
scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
scripts/netbsd scripts/nextstep scripts/openbsd \
scripts/solaris scripts/openwrt
@@ -37,11 +37,11 @@
+ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc
man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
EXTRA_DIST = $(man_MANS)
-diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am
-index 2f98d22..8745e88 100644
---- a/common/tests/Makefile.am
-+++ b/common/tests/Makefile.am
-@@ -15,26 +15,23 @@ ATF_TESTS += alloc_unittest dns_unittest misc_unittest ns_name_unittest
+Index: dhcp-4.3.6/common/tests/Makefile.am
+===================================================================
+--- dhcp-4.3.6.orig/common/tests/Makefile.am
++++ dhcp-4.3.6/common/tests/Makefile.am
+@@ -15,26 +15,23 @@ ATF_TESTS += alloc_unittest dns_unittest
alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c
alloc_unittest_LDADD = $(ATF_LDFLAGS)
alloc_unittest_LDADD += ../libdhcp.a \
@@ -73,11 +73,11 @@
check: $(ATF_TESTS)
@if test $(top_srcdir) != ${top_builddir}; then \
-diff --git a/configure.ac b/configure.ac
-index 8e9f509..bfe988a 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -47,16 +47,8 @@ AM_CONDITIONAL(CROSS_COMPILING, test "$cross_compiling" = "yes")
+Index: dhcp-4.3.6/configure.ac
+===================================================================
+--- dhcp-4.3.6.orig/configure.ac
++++ dhcp-4.3.6/configure.ac
+@@ -47,16 +47,8 @@ AM_CONDITIONAL(CROSS_COMPILING, test "$c
# Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API.
AC_USE_SYSTEM_EXTENSIONS
@@ -96,11 +96,11 @@
AC_CONFIG_HEADERS([includes/config.h])
-diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
-index 9b2486e..784cdf7 100644
---- a/dhcpctl/Makefile.am
-+++ b/dhcpctl/Makefile.am
-@@ -3,19 +3,17 @@ BINDLIBDIR = @BINDDIR@
+Index: dhcp-4.3.6/dhcpctl/Makefile.am
+===================================================================
+--- dhcp-4.3.6.orig/dhcpctl/Makefile.am
++++ dhcp-4.3.6/dhcpctl/Makefile.am
+@@ -3,19 +3,17 @@ BINDLIBDIR = @BINDDIR@/lib
AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
bin_PROGRAMS = omshell
@@ -126,12 +126,12 @@
- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
+cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \
+ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc
-diff --git a/omapip/Makefile.am b/omapip/Makefile.am
-index e4a8599..c0c7a1e 100644
---- a/omapip/Makefile.am
-+++ b/omapip/Makefile.am
+Index: dhcp-4.3.6/omapip/Makefile.am
+===================================================================
+--- dhcp-4.3.6.orig/omapip/Makefile.am
++++ dhcp-4.3.6/omapip/Makefile.am
@@ -1,10 +1,10 @@
- BINDLIBDIR = @BINDDIR@
+ BINDLIBDIR = @BINDDIR@/lib
AM_CPPFLAGS = -I$(top_srcdir)/includes
-lib_LIBRARIES = libomapi.a
@@ -151,11 +151,11 @@
- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
+svtest_LDADD = libomapi.la -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc
-diff --git a/relay/Makefile.am b/relay/Makefile.am
-index b3bf578..f47009f 100644
---- a/relay/Makefile.am
-+++ b/relay/Makefile.am
-@@ -4,9 +4,8 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
+Index: dhcp-4.3.6/relay/Makefile.am
+===================================================================
+--- dhcp-4.3.6.orig/relay/Makefile.am
++++ dhcp-4.3.6/relay/Makefile.am
+@@ -4,9 +4,8 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
sbin_PROGRAMS = dhcrelay
dhcrelay_SOURCES = dhcrelay.c
@@ -167,11 +167,11 @@
man_MANS = dhcrelay.8
EXTRA_DIST = $(man_MANS)
-diff --git a/server/Makefile.am b/server/Makefile.am
-index b5d8c2d..d7f876d 100644
---- a/server/Makefile.am
-+++ b/server/Makefile.am
-@@ -15,10 +15,9 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \
+Index: dhcp-4.3.6/server/Makefile.am
+===================================================================
+--- dhcp-4.3.6.orig/server/Makefile.am
++++ dhcp-4.3.6/server/Makefile.am
+@@ -15,10 +15,9 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c
dhcpv6.c mdb6.c ldap.c ldap_casa.c leasechain.c ldap_krb_helper.c
dhcpd_CFLAGS = $(LDAP_CFLAGS)
@@ -185,11 +185,11 @@
man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
EXTRA_DIST = $(man_MANS)
-diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
-index 9821081..de95872 100644
---- a/server/tests/Makefile.am
-+++ b/server/tests/Makefile.am
-@@ -19,10 +19,9 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpars.c ../db.c ../class.c \
+Index: dhcp-4.3.6/server/tests/Makefile.am
+===================================================================
+--- dhcp-4.3.6.orig/server/tests/Makefile.am
++++ dhcp-4.3.6/server/tests/Makefile.am
+@@ -19,10 +19,9 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpa
../ddns.c ../dhcpleasequery.c ../dhcpv6.c ../mdb6.c \
../ldap.c ../ldap_casa.c ../dhcpd.c ../leasechain.c
@@ -203,6 +203,3 @@
ATF_TESTS =
if HAVE_ATF
---
-1.8.3.1
-
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb b/poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
index cc13549..8b30579 100644
--- a/poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
@@ -7,7 +7,6 @@
file://0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch \
file://0006-site.h-enable-gentle-shutdown.patch \
file://0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch \
- file://0008-tweak-to-support-external-bind.patch \
file://0009-remove-dhclient-script-bash-dependency.patch \
file://0010-build-shared-libs.patch \
file://0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch \
@@ -15,8 +14,22 @@
file://CVE-2017-3144.patch \
"
+# use internal libisc libraries which are based on bind 9.9.11 - there
+# is a bug in bind 9.10.x (normally supplied by OE) that prevents
+# dhcpd/dhclient from shutting down cleanly on sigterm and from running
+# in the background
+#
+# [https://bugzilla.yoctoproject.org/show_bug.cgi?id=12744]
+#
+# remove "ext-bind" and
+# also set PARALLEL_MAKE = ""
+# [ Yocto 12744 ]
+#
+SRC_URI += "${@bb.utils.contains('PACKAGECONFIG', 'ext-bind', 'file://0008-tweak-to-support-external-bind.patch', '', d)}"
+
SRC_URI[md5sum] = "afa6e9b3eb7539ea048421a82c668adc"
SRC_URI[sha256sum] = "a41eaf6364f1377fe065d35671d9cf82bbbc8f21207819b2b9f33f652aec6f1b"
-PACKAGECONFIG ?= ""
+PACKAGECONFIG ?= "ext-bind"
PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2"
+PACKAGECONFIG[ext-bind] = "--with-libbind=${STAGING_LIBDIR}, --without-libbind, bind"
diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index 1e78f4f..6cb679a 100644
--- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -77,7 +77,7 @@
echo "# export ALL_PROXY=https://proxy.example.com:8080" >> ${IMAGE_ROOTFS}/home/builder/.bashrc
echo "# export ALL_PROXY=socks://socks.example.com:1080" >> ${IMAGE_ROOTFS}/home/builder/.bashrc
- chown -R builder.builder ${IMAGE_ROOTFS}/home/builder/poky
+ chown -R builder:builder ${IMAGE_ROOTFS}/home/builder/poky
chmod -R ug+rw ${IMAGE_ROOTFS}/home/builder/poky
# Assume we will need CDROM to install guest additions
@@ -105,8 +105,8 @@
pip3_install_params="${pip3_install_params} --proxy ${http_proxy}"
fi
pip3 install ${pip3_install_params}
- chown -R builder.builder ${IMAGE_ROOTFS}/home/builder/.local
- chown -R builder.builder ${IMAGE_ROOTFS}/home/builder/.cache
+ chown -R builder:builder ${IMAGE_ROOTFS}/home/builder/.local
+ chown -R builder:builder ${IMAGE_ROOTFS}/home/builder/.cache
}
IMAGE_PREPROCESS_COMMAND += "do_populate_poky_src; "
diff --git a/poky/meta/recipes-core/initscripts/initscripts-1.0/populate-volatile.sh b/poky/meta/recipes-core/initscripts/initscripts-1.0/populate-volatile.sh
index 35316ec..3cf3243 100755
--- a/poky/meta/recipes-core/initscripts/initscripts-1.0/populate-volatile.sh
+++ b/poky/meta/recipes-core/initscripts/initscripts-1.0/populate-volatile.sh
@@ -37,7 +37,7 @@
}
EXEC="
${EXEC}
- chown ${TUSER}.${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1;
+ chown ${TUSER}:${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1;
chmod ${TMODE} $1 || echo \"Failed to set mode -${TMODE}- for -$1-.\" >/dev/tty0 2>&1 "
test "$VOLATILE_ENABLE_CACHE" = yes && echo "$EXEC" >> /etc/volatile.cache.build
@@ -60,7 +60,7 @@
mk_dir() {
EXEC="
mkdir -p \"$1\";
- chown ${TUSER}.${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1;
+ chown ${TUSER}:${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1;
chmod ${TMODE} $1 || echo \"Failed to set mode -${TMODE}- for -$1-.\" >/dev/tty0 2>&1 "
test "$VOLATILE_ENABLE_CACHE" = yes && echo "$EXEC" >> /etc/volatile.cache.build
diff --git a/poky/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb b/poky/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb
index ad65819..89b1b69 100644
--- a/poky/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb
+++ b/poky/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb
@@ -104,6 +104,6 @@
install -d ${D}${sysconfdir}/default/volatiles
install -m 0644 ${WORKDIR}/01_bootlogd ${D}${sysconfdir}/default/volatiles
- chown root.shutdown ${D}${base_sbindir}/halt ${D}${base_sbindir}/shutdown
+ chown root:shutdown ${D}${base_sbindir}/halt ${D}${base_sbindir}/shutdown
chmod o-x,u+s ${D}${base_sbindir}/halt ${D}${base_sbindir}/shutdown
}
diff --git a/poky/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch b/poky/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch
new file mode 100644
index 0000000..cc9e2c1
--- /dev/null
+++ b/poky/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch
@@ -0,0 +1,39 @@
+Upstream-Status: Backport [https://sourceforge.net/p/infozip/bugs/53/]
+CVE: CVE-2018-18384
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+--- unzip60/list.c
++++ unzip60/list.c
+@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type
+ {
+ int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
+ #ifndef WINDLL
+- char sgn, cfactorstr[10];
++ char sgn, cfactorstr[1+10+1+1]; /* <sgn><int>%NUL */
+ int longhdr=(uO.vflag>1);
+ #endif
+ int date_format;
+@@ -389,9 +389,9 @@ int list_files(__G) /* return PK-type
+ }
+ #else /* !WINDLL */
+ if (cfactor == 100)
+- sprintf(cfactorstr, LoadFarString(CompFactor100));
++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
+ else
+- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
+ if (longhdr)
+ Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats),
+ FmZofft(G.crec.ucsize, "8", "u"), methbuf,
+@@ -471,9 +471,9 @@ int list_files(__G) /* return PK-type
+
+ #else /* !WINDLL */
+ if (cfactor == 100)
+- sprintf(cfactorstr, LoadFarString(CompFactor100));
++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
+ else
+- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
+ if (longhdr) {
+ Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer),
+ FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"),
diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
index a47491e..f6a4cb6 100644
--- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -21,6 +21,7 @@
file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \
file://symlink.patch \
file://0001-unzip-fix-CVE-2018-1000035.patch \
+ file://CVE-2018-18384.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
diff --git a/poky/meta/recipes-graphics/xorg-lib/pixman_0.34.0.bb b/poky/meta/recipes-graphics/xorg-lib/pixman_0.34.0.bb
index c4ca621..c290fa4 100644
--- a/poky/meta/recipes-graphics/xorg-lib/pixman_0.34.0.bb
+++ b/poky/meta/recipes-graphics/xorg-lib/pixman_0.34.0.bb
@@ -12,7 +12,7 @@
LICENSE = "MIT & MIT-style & PD"
LIC_FILES_CHKSUM = "file://COPYING;md5=14096c769ae0cbb5fcb94ec468be11b3 \
- file://pixman/pixman-matrix.c;endline=25;md5=ba6e8769bfaaee2c41698755af04c4be \
+ file://pixman/pixman-matrix.c;endline=21;md5=4a018dff3e4e25302724c88ff95c2456 \
file://pixman/pixman-arm-neon-asm.h;endline=24;md5=9a9cc1e51abbf1da58f4d9528ec9d49b \
"
DEPENDS += "zlib libpng"
diff --git a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb b/poky/meta/recipes-support/apr/apr-util_1.6.1.bb
index 12d71cb..0c90f8d 100644
--- a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb
+++ b/poky/meta/recipes-support/apr/apr-util_1.6.1.bb
@@ -7,7 +7,7 @@
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=158aa0b1efe0c12f23d4b007ddb9a5db \
- file://include/apu_version.h;endline=17;md5=806685a84e71f10c80144c48eb35df42"
+ file://include/apu_version.h;endline=15;md5=823b3d1a7225df8f7b68a69c3c2b4c71"
SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.gz \
file://configfix.patch \
diff --git a/poky/meta/recipes-support/apr/apr_1.6.3.bb b/poky/meta/recipes-support/apr/apr_1.6.3.bb
index 87b8787..7563a38 100644
--- a/poky/meta/recipes-support/apr/apr_1.6.3.bb
+++ b/poky/meta/recipes-support/apr/apr_1.6.3.bb
@@ -5,7 +5,7 @@
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=4dfd4cd216828c8cae5de5a12f3844c8 \
- file://include/apr_lib.h;endline=17;md5=ee42fa7575dc40580a9e01c1b75fae96"
+ file://include/apr_lib.h;endline=15;md5=823b3d1a7225df8f7b68a69c3c2b4c71"
BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2018-16839.patch b/poky/meta/recipes-support/curl/curl/CVE-2018-16839.patch
new file mode 100644
index 0000000..bf972d2
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2018-16839.patch
@@ -0,0 +1,35 @@
+From 55b90532f9190dce40a325b3312d014c66dc3ae1 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 1 Nov 2018 15:27:35 +0800
+Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check
+
+CVE-2018-16839
+Reported-by: Harry Sintonen
+Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit
+/f3a24d7916b9173c69a3e0ee790102993833d6c5?diff=unified]
+
+CVE: CVE-2018-16839
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ lib/vauth/cleartext.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
+index 5d61ce6..1367143 100644
+--- a/lib/vauth/cleartext.c
++++ b/lib/vauth/cleartext.c
+@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
+ plen = strlen(passwdp);
+
+ /* Compute binary message length. Check for overflows. */
+- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
++ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
+ return CURLE_OUT_OF_MEMORY;
+ plainlen = 2 * ulen + plen + 2;
+
+--
+2.7.4
+
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2018-16840.patch b/poky/meta/recipes-support/curl/curl/CVE-2018-16840.patch
new file mode 100644
index 0000000..3d086c4
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2018-16840.patch
@@ -0,0 +1,43 @@
+From 3c2846bec008e03d456e181d9ab55686da83f140 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 1 Nov 2018 15:33:35 +0800
+Subject: [PATCH] Curl_close: clear data->multi_easy on free to avoid
+ use-after-free
+
+Regression from b46cfbc (7.59.0)
+CVE-2018-16840
+Reported-by: Brian Carpenter (Geeknik Labs)
+
+Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/
+81d135d67155c5295b1033679c606165d4e28f3f]
+
+CVE: CVE-2018-16840
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ lib/url.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index 27b2c1e..7ef7c20 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -320,10 +320,12 @@ CURLcode Curl_close(struct Curl_easy *data)
+ and detach this handle from there. */
+ curl_multi_remove_handle(data->multi, data);
+
+- if(data->multi_easy)
++ if(data->multi_easy) {
+ /* when curl_easy_perform() is used, it creates its own multi handle to
+ use and this is the one */
+ curl_multi_cleanup(data->multi_easy);
++ data->multi_easy = NULL;
++ }
+
+ /* Destroy the timeout list that is held in the easy handle. It is
+ /normally/ done by curl_multi_remove_handle() but this is "just in
+--
+2.7.4
+
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2018-16842.patch b/poky/meta/recipes-support/curl/curl/CVE-2018-16842.patch
new file mode 100644
index 0000000..82e7557
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2018-16842.patch
@@ -0,0 +1,35 @@
+From 0e4a6058b130f07cfa52fde8a3cb6f2abfe4c700 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 1 Nov 2018 15:30:56 +0800
+Subject: [PATCH] voutf: fix bad arethmetic when outputting warnings to stderr
+
+CVE-2018-16842
+Reported-by: Brian Carpenter
+Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit
+/d530e92f59ae9bb2d47066c3c460b25d2ffeb211]
+
+CVE: CVE-2018-16842
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/tool_msgs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tool_msgs.c b/src/tool_msgs.c
+index 9cce806..05bec39 100644
+--- a/src/tool_msgs.c
++++ b/src/tool_msgs.c
+@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config,
+ (void)fwrite(ptr, cut + 1, 1, config->errors);
+ fputs("\n", config->errors);
+ ptr += cut + 1; /* skip the space too */
+- len -= cut;
++ len -= cut + 1;
+ }
+ else {
+ fputs(ptr, config->errors);
+--
+2.7.4
+
diff --git a/poky/meta/recipes-support/curl/curl_7.61.0.bb b/poky/meta/recipes-support/curl/curl_7.61.0.bb
index 31d5d9b..2078379 100644
--- a/poky/meta/recipes-support/curl/curl_7.61.0.bb
+++ b/poky/meta/recipes-support/curl/curl_7.61.0.bb
@@ -8,6 +8,9 @@
SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://0001-replace-krb5-config-with-pkg-config.patch \
file://CVE-2018-14618.patch \
+ file://CVE-2018-16839.patch \
+ file://CVE-2018-16840.patch \
+ file://CVE-2018-16842.patch \
"
SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a"
diff --git a/poky/meta/recipes-support/gnupg/gnupg/relocate.patch b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch
new file mode 100644
index 0000000..87ec409
--- /dev/null
+++ b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch
@@ -0,0 +1,81 @@
+Allow the environment to override where gnupg looks for its own files. Useful in native builds.
+
+Upstream-Status: Inappropriate [OE-specific]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/common/homedir.c b/common/homedir.c
+index e9e75d01e..19140aa0d 100644
+--- a/common/homedir.c
++++ b/common/homedir.c
+@@ -760,7 +760,7 @@ gnupg_socketdir (void)
+ if (!name)
+ {
+ unsigned int dummy;
+- name = _gnupg_socketdir_internal (0, &dummy);
++ name = getenv("GNUPG_SOCKETDIR") ?: _gnupg_socketdir_internal (0, &dummy);
+ }
+
+ return name;
+@@ -786,7 +786,7 @@ gnupg_sysconfdir (void)
+ }
+ return name;
+ #else /*!HAVE_W32_SYSTEM*/
+- return GNUPG_SYSCONFDIR;
++ return getenv("GNUPG_SYSCONFDIR") ?: GNUPG_SYSCONFDIR;
+ #endif /*!HAVE_W32_SYSTEM*/
+ }
+
+@@ -815,7 +815,7 @@ gnupg_bindir (void)
+ else
+ return rdir;
+ #else /*!HAVE_W32_SYSTEM*/
+- return GNUPG_BINDIR;
++ return getenv("GNUPG_BINDIR") ?: GNUPG_BINDIR;
+ #endif /*!HAVE_W32_SYSTEM*/
+ }
+
+@@ -828,7 +828,7 @@ gnupg_libexecdir (void)
+ #ifdef HAVE_W32_SYSTEM
+ return gnupg_bindir ();
+ #else /*!HAVE_W32_SYSTEM*/
+- return GNUPG_LIBEXECDIR;
++ return getenv("GNUPG_LIBEXECDIR") ?: GNUPG_LIBEXECDIR;
+ #endif /*!HAVE_W32_SYSTEM*/
+ }
+
+@@ -842,7 +842,7 @@ gnupg_libdir (void)
+ name = xstrconcat (w32_rootdir (), DIRSEP_S "lib" DIRSEP_S "gnupg", NULL);
+ return name;
+ #else /*!HAVE_W32_SYSTEM*/
+- return GNUPG_LIBDIR;
++ return getenv("GNUPG_LIBDIR") ?: GNUPG_LIBDIR;
+ #endif /*!HAVE_W32_SYSTEM*/
+ }
+
+@@ -856,7 +856,7 @@ gnupg_datadir (void)
+ name = xstrconcat (w32_rootdir (), DIRSEP_S "share" DIRSEP_S "gnupg", NULL);
+ return name;
+ #else /*!HAVE_W32_SYSTEM*/
+- return GNUPG_DATADIR;
++ return getenv("GNUPG_DATADIR") ?: GNUPG_DATADIR;
+ #endif /*!HAVE_W32_SYSTEM*/
+ }
+
+@@ -872,7 +872,7 @@ gnupg_localedir (void)
+ NULL);
+ return name;
+ #else /*!HAVE_W32_SYSTEM*/
+- return LOCALEDIR;
++ return getenv("LOCALEDIR") ?: LOCALEDIR;
+ #endif /*!HAVE_W32_SYSTEM*/
+ }
+
+@@ -940,7 +940,7 @@ gnupg_cachedir (void)
+ }
+ return dir;
+ #else /*!HAVE_W32_SYSTEM*/
+- return GNUPG_LOCALSTATEDIR "/cache/" PACKAGE_NAME;
++ return getenv("GNUPG_LOCALSTATEDIR") ?: GNUPG_LOCALSTATEDIR "/cache/" PACKAGE_NAME;
+ #endif /*!HAVE_W32_SYSTEM*/
+ }
+
diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb b/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb
index d777fcb..5a3688a 100644
--- a/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb
+++ b/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb
@@ -17,7 +17,8 @@
file://CVE-2018-12020.patch \
file://CVE-2018-9234.patch \
"
-SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch"
+SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \
+ file://relocate.patch"
SRC_URI[md5sum] = "709e5af5bba84d251c520222e720972f"
@@ -45,6 +46,10 @@
ln -sf gpgv2 ${D}${bindir}/gpgv
}
+do_install_append_class-native() {
+ create_wrapper ${D}${bindir}/gpg2 GNUPG_BINDIR=${STAGING_BINDIR_NATIVE}
+}
+
PACKAGECONFIG ??= "gnutls"
PACKAGECONFIG[gnutls] = "--enable-gnutls, --disable-gnutls, gnutls"
PACKAGECONFIG[sqlite3] = "--enable-sqlite, --disable-sqlite, sqlite3"