poky: sumo refresh 874976b..45ef387
Update poky to sumo HEAD.
Alexander Kanavin (1):
openssl: fix upstream version check for 1.0 version
Andre McCurdy (19):
openssl_1.1: avoid using += with an over-ride
openssl_1.1: minor recipe formatting tweaks etc
openssl_1.0: merge openssl10.inc into the openssl_1.0.2o.bb recipe
openssl_1.0: minor recipe formatting tweaks etc
openssl_1.0: drop curly brackets from shell local variables
openssl_1.0: fix cryptodev-linux PACKAGECONFIG support
openssl_1.0: drop leading "-" from no-ssl3 config option
openssl_1.0: avoid running make twice for target do_compile()
openssl: remove uclibc remnants
openssl: support musl-x32 build
openssl: minor indent fixes
openssl_1.0: drop obsolete ca.patch
openssl_1.0: drop obsolete exporting of AS, EX_LIBS and DIRS
openssl_1.0: drop unmaintained darwin support
openssl_1.0: add PACKAGECONFIG option to control manpages
openssl_1.0: squash whitespace in CC_INFO
openssl: fix missing dependency on hostperl-runtime-native
openssl_1.0: drop unnecessary dependency on makedepend-native
openssl_1.0: drop unnecessary call to perlpath.pl from do_configure()
Andrej Valek (3):
openssl-1.1: fix c_rehash perl errors
openssl: update 1.0.2o -> 1.0.2p
openssl: update 1.1.0h -> 1.1.0i
Anuj Mittal (1):
wic/qemux86: don't pass ip parameter to kernel in wks
Changqing Li (1):
unzip: fix CVE-2018-1000035
Hongxu Jia (2):
nasm: fix CVE-2018-8883 & CVE-2018-8882 & CVE-2018-10316
patch: fix CVE-2018-6952
Jagadeesh Krishnanjanappa (19):
libvorbis: CVE-2017-14160 CVE-2018-10393
libvorbis: CVE-2018-10392
flac: CVE-2017-6888
libarchive: CVE-2017-14503
libsndfile1: CVE-2017-14245 CVE-2017-14246
libsndfile1: CVE-2017-14634
coreutils: CVE-2017-18018
libgcrypt: CVE-2018-0495
git: CVE-2018-11235
gnupg: CVE-2018-12020
shadow: CVE-2018-7169
procps: CVE-2018-1124
python: CVE-2018-1000030
qemu: CVE-2018-7550
qemu: CVE-2018-12617
perl: CVE-2018-6798
perl: CVE-2018-6797
perl: CVE-2018-6913
perl: CVE-2018-12015
Joshua Watt (2):
alsa-lib: Cleanup packaging
swig: Remove superfluous python dependency
Ovidiu Panait (1):
openssl-nativesdk: Fix "can't open config file" warning
Ross Burton (6):
bzip2: use Yocto Project mirror for SRC_URI
classes: sanity-check LIC_FILES_CHKSUM
openssl: disable ccache usage
unzip: fix symlink problem
bitbake: utils/md5_file: don't iterate line-by-line
bitbake: checksum: sanity check path when recursively checksumming
Change-Id: I262a451f483cb276343ae6f02c272af053d33d7a
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/bitbake/lib/bb/checksum.py b/poky/bitbake/lib/bb/checksum.py
index 8428920..4e1598f 100644
--- a/poky/bitbake/lib/bb/checksum.py
+++ b/poky/bitbake/lib/bb/checksum.py
@@ -97,6 +97,8 @@
def checksum_dir(pth):
# Handle directories recursively
+ if pth == "/":
+ bb.fatal("Refusing to checksum /")
dirchecksums = []
for root, dirs, files in os.walk(pth):
for name in files:
diff --git a/poky/bitbake/lib/bb/utils.py b/poky/bitbake/lib/bb/utils.py
index 378e699..2ff7e82 100644
--- a/poky/bitbake/lib/bb/utils.py
+++ b/poky/bitbake/lib/bb/utils.py
@@ -524,12 +524,17 @@
"""
Return the hex string representation of the MD5 checksum of filename.
"""
- import hashlib
- m = hashlib.md5()
+ import hashlib, mmap
with open(filename, "rb") as f:
- for line in f:
- m.update(line)
+ m = hashlib.md5()
+ try:
+ with mmap.mmap(f.fileno(), 0, access=mmap.ACCESS_READ) as mm:
+ for chunk in iter(lambda: mm.read(8192), b''):
+ m.update(chunk)
+ except ValueError:
+ # You can't mmap() an empty file so silence this exception
+ pass
return m.hexdigest()
def sha256_file(filename):
diff --git a/poky/meta/classes/base.bbclass b/poky/meta/classes/base.bbclass
index bb1f4b7..abb4ead 100644
--- a/poky/meta/classes/base.bbclass
+++ b/poky/meta/classes/base.bbclass
@@ -100,8 +100,8 @@
# We only care about items that are absolute paths since
# any others should be covered by SRC_URI.
try:
- path = bb.fetch.decodeurl(url)[2]
- if not path:
+ (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+ if method != "file" or not path:
raise bb.fetch.MalformedUrl(url)
if path[0] == '/':
diff --git a/poky/meta/classes/license.bbclass b/poky/meta/classes/license.bbclass
index 06dd4a8..5103ed8 100644
--- a/poky/meta/classes/license.bbclass
+++ b/poky/meta/classes/license.bbclass
@@ -480,7 +480,9 @@
for url in lic_files.split():
try:
- (type, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+ (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+ if method != "file" or not path:
+ raise bb.fetch.MalformedUrl()
except bb.fetch.MalformedUrl:
bb.fatal("%s: LIC_FILES_CHKSUM contains an invalid URL: %s" % (d.getVar('PF'), url))
# We want the license filename and path
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
deleted file mode 100644
index fb745e4..0000000
--- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-0.9.8m/apps/CA.pl.in
-===================================================================
---- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000
-+++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000
-@@ -65,6 +65,7 @@
- foreach (@ARGV) {
- if ( /^(-\?|-h|-help)$/ ) {
- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
-+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
- exit 0;
- } elsif (/^-newcert$/) {
- # create a certificate
-@@ -165,6 +166,7 @@
- } else {
- print STDERR "Unknown arg $_\n";
- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
- exit 1;
- }
- }
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/find.pl b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/find.pl
deleted file mode 100644
index 8e1b42c..0000000
--- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/find.pl
+++ /dev/null
@@ -1,54 +0,0 @@
-warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n";
-
-# This library is deprecated and unmaintained. It is included for
-# compatibility with Perl 4 scripts which may use it, but it will be
-# removed in a future version of Perl. Please use the File::Find module
-# instead.
-
-# Usage:
-# require "find.pl";
-#
-# &find('/foo','/bar');
-#
-# sub wanted { ... }
-# where wanted does whatever you want. $dir contains the
-# current directory name, and $_ the current filename within
-# that directory. $name contains "$dir/$_". You are cd'ed
-# to $dir when the function is called. The function may
-# set $prune to prune the tree.
-#
-# For example,
-#
-# find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune
-#
-# corresponds to this
-#
-# sub wanted {
-# /^\.nfs.*$/ &&
-# (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) &&
-# int(-M _) > 7 &&
-# unlink($_)
-# ||
-# ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) &&
-# $dev < 0 &&
-# ($prune = 1);
-# }
-#
-# Set the variable $dont_use_nlink if you're using AFS, since AFS cheats.
-
-use File::Find ();
-
-*name = *File::Find::name;
-*prune = *File::Find::prune;
-*dir = *File::Find::dir;
-*topdir = *File::Find::topdir;
-*topdev = *File::Find::topdev;
-*topino = *File::Find::topino;
-*topmode = *File::Find::topmode;
-*topnlink = *File::Find::topnlink;
-
-sub find {
- &File::Find::find(\&wanted, @_);
-}
-
-1;
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-util-perlpath.pl-cwd.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-util-perlpath.pl-cwd.patch
deleted file mode 100644
index 065b9b1..0000000
--- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-util-perlpath.pl-cwd.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From e427748f3bb5d37e78dc8d70a558c373aa8ababb Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Mon, 19 Sep 2016 22:06:28 -0700
-Subject: [PATCH] util/perlpath.pl: make it work when cwd is not in @INC
-
-Fixed when building on Debian-testing:
-| Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7.
-
-The find.pl is added by oe-core, so once openssl/find.pl is removed,
-then this patch can be dropped.
-
-Upstream-Status: Inappropriate [OE-Specific]
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- util/perlpath.pl | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/util/perlpath.pl b/util/perlpath.pl
-index a1f236b..5599892 100755
---- a/util/perlpath.pl
-+++ b/util/perlpath.pl
-@@ -4,6 +4,8 @@
- # line in all scripts that rely on perl.
- #
-
-+BEGIN { unshift @INC, "."; }
-+
- require "find.pl";
-
- $#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
---
-2.9.0
-
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-Fix-build-with-clang-using-external-assembler.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-Fix-build-with-clang-using-external-assembler.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-Fix-build-with-clang-using-external-assembler.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-Fix-build-with-clang-using-external-assembler.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-allow-manpages-to-be-disabled.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-allow-manpages-to-be-disabled.patch
new file mode 100644
index 0000000..3f7d649
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-allow-manpages-to-be-disabled.patch
@@ -0,0 +1,31 @@
+From e1c39b80b01d4d18feeadfdc6e45a3e1dd110634 Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <armccurdy@gmail.com>
+Date: Fri, 27 Jul 2018 21:41:06 +0000
+Subject: [PATCH] allow manpages to be disabled
+
+Define OE_DISABLE_MANPAGES (via environment or the make command line)
+to skip creation and installation of manpages.
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+---
+ Makefile.org | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.org b/Makefile.org
+index ed98d2a..747d8cb 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -549,7 +549,7 @@ dist:
+ @$(MAKE) SDIRS='$(SDIRS)' clean
+ @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
+
+-install: all install_docs install_sw
++install: all $(if $(OE_DISABLE_MANPAGES),,install_docs) install_sw
+
+ install_sw:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+--
+1.9.1
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-openssl-force-soft-link-to-avoid-rare-race.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-openssl-force-soft-link-to-avoid-rare-race.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-openssl-force-soft-link-to-avoid-rare-race.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-openssl-force-soft-link-to-avoid-rare-race.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Makefiles-ptest.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/Makefiles-ptest.patch
similarity index 87%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Makefiles-ptest.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/Makefiles-ptest.patch
index 2122fa1..1b8402a 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Makefiles-ptest.patch
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/Makefiles-ptest.patch
@@ -11,18 +11,15 @@
Upstream-Status: Pending
---
- Makefile.org | 10 +-
- Makefile.org.orig | 7 +-
- test/Makefile | 13 +-
- test/Makefile.orig | 987 +++++++++++++++++++++++++++++++++++++++++++++++++++++
- 4 files changed, 1009 insertions(+), 8 deletions(-)
- create mode 100644 test/Makefile.orig
-
+ Makefile.org | 10 +++++++++-
+ test/Makefile | 13 +++++++++----
+ 2 files changed, 18 insertions(+), 5 deletions(-)
+
diff --git a/Makefile.org b/Makefile.org
index 111fbba..8e7936c 100644
--- a/Makefile.org
+++ b/Makefile.org
-@@ -468,8 +468,16 @@ rehash.time: certs apps
+@@ -467,8 +467,16 @@ rehash.time: certs apps
test: tests
tests: rehash
@@ -41,7 +38,7 @@
report:
diff --git a/test/Makefile b/test/Makefile
-index a1f7eeb..b2984c4 100644
+index 55a6b50..d46b4d1 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -150,7 +150,7 @@ tests: exe apps $(TESTS)
@@ -55,7 +52,7 @@
test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
@@ -162,6 +162,11 @@ alltests: \
test_constant_time test_verify_extra test_clienthello test_sslv2conftest \
- test_dtls test_bad_dtls test_fatalerr
+ test_dtls test_bad_dtls test_fatalerr test_x509_time
+alltests:
+ @(for i in $(all-tests); do \
@@ -90,4 +87,3 @@
--
2.15.1
-
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Use-SHA256-not-MD5-as-default-digest.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/Use-SHA256-not-MD5-as-default-digest.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Use-SHA256-not-MD5-as-default-digest.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/Use-SHA256-not-MD5-as-default-digest.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-musl-target.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/configure-musl-target.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-musl-target.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/configure-musl-target.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-targets.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/configure-targets.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-targets.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/configure-targets.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/c_rehash-compat.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/c_rehash-compat.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/c_rehash-compat.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/c_rehash-compat.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/debian-targets.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/debian-targets.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/debian-targets.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/debian-targets.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-dir.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/man-dir.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-dir.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/man-dir.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-section.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/man-section.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-section.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/man-section.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-rpath.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/no-rpath.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-rpath.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/no-rpath.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-symbolic.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/no-symbolic.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-symbolic.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/no-symbolic.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/pic.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/pic.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/pic.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/pic.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_digicert_malaysia.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/block_digicert_malaysia.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_digicert_malaysia.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/block_digicert_malaysia.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_diginotar.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/block_diginotar.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_diginotar.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/block_diginotar.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/soname.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/soname.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/soname.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/soname.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/version-script.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/version-script.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/version-script.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/version-script.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/engines-install-in-libdir-ssl.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/engines-install-in-libdir-ssl.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/engines-install-in-libdir-ssl.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/engines-install-in-libdir-ssl.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/oe-ldflags.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/oe-ldflags.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/oe-ldflags.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/oe-ldflags.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-c_rehash.sh b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl-c_rehash.sh
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-c_rehash.sh
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl-c_rehash.sh
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-fix-des.pod-error.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl-fix-des.pod-error.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-fix-des.pod-error.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl-fix-des.pod-error.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl_fix_for_x32.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl_fix_for_x32.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl_fix_for_x32.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl_fix_for_x32.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/parallel.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/parallel.patch
similarity index 92%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/parallel.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/parallel.patch
index e5413bf..41abf3d 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/parallel.patch
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/parallel.patch
@@ -13,24 +13,18 @@
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
---
- Makefile.org | 14 +-
- Makefile.org.orig | 10 +-
- Makefile.shared | 2 +
- Makefile.shared.orig | 655 ++++++++++++++++++++++++++++++++++++++++++++++++++
- crypto/Makefile | 10 +-
- engines/Makefile | 6 +-
- engines/Makefile.orig | 338 ++++++++++++++++++++++++++
- test/Makefile | 92 +++----
- test/Makefile.orig | 88 ++++---
- 9 files changed, 1108 insertions(+), 107 deletions(-)
- create mode 100644 Makefile.shared.orig
- create mode 100644 engines/Makefile.orig
+ Makefile.org | 14 ++--
+ Makefile.shared | 2 +
+ crypto/Makefile | 10 +--
+ engines/Makefile | 6 +-
+ test/Makefile | 94 +++++++++++-----------
+ 5 files changed, 64 insertions(+), 62 deletions(-)
diff --git a/Makefile.org b/Makefile.org
-index 8e7936c..ed98d2a 100644
+index efcfafb..82eab91 100644
--- a/Makefile.org
+++ b/Makefile.org
-@@ -283,17 +283,17 @@ build_libcrypto: build_crypto build_engines libcrypto.pc
+@@ -282,17 +282,17 @@ build_libcrypto: build_crypto build_engines libcrypto.pc
build_libssl: build_ssl libssl.pc
build_crypto:
@@ -54,7 +48,7 @@
all_testapps: build_libs build_testapps
build_testapps:
-@@ -565,7 +565,7 @@ install_sw:
+@@ -564,7 +564,7 @@ install_sw:
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
@@ -64,7 +58,7 @@
do \
if [ -f "$$i" ]; then \
diff --git a/Makefile.shared b/Makefile.shared
-index f6f92e7..8164186 100644
+index bbefb2b..18013a9 100644
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -105,6 +105,7 @@ LINK_SO= \
@@ -84,7 +78,7 @@
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
fi; \
diff --git a/crypto/Makefile b/crypto/Makefile
-index 17a87f8..29c2dcf 100644
+index 875ea1a..c22b683 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -85,11 +85,11 @@ testapps:
@@ -160,7 +154,7 @@
tags:
ctags $(SRC)
diff --git a/test/Makefile b/test/Makefile
-index 40abd60..78d3788 100644
+index 36506cf..c69af8b 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -145,7 +145,7 @@ install:
@@ -172,7 +166,7 @@
apps:
@(cd ..; $(MAKE) DIRS=apps all)
-@@ -444,139 +444,139 @@ BUILD_CMD_STATIC=shlib_target=; \
+@@ -448,142 +448,142 @@ BUILD_CMD_STATIC=shlib_target=; \
link_app.$${shlib_target}
$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
@@ -345,7 +339,11 @@
$(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
@target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD)
-
+
+ $(X509TIMETEST)$(EXE_EXT): $(X509TIMETEST).o
+- @target=$(X509TIMETEST) $(BUILD_CMD)
++ +@target=$(X509TIMETEST) $(BUILD_CMD)
+
$(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
- @target=$(SSLV2CONFTEST) $(BUILD_CMD)
+ +@target=$(SSLV2CONFTEST) $(BUILD_CMD)
@@ -356,7 +354,7 @@
#$(AESTEST).o: $(AESTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -589,7 +589,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
+@@ -596,7 +596,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
# fi
dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest-deps.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/ptest-deps.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest-deps.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/ptest-deps.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest_makefile_deps.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/ptest_makefile_deps.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest_makefile_deps.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/ptest_makefile_deps.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-cflags.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/reproducible-cflags.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-cflags.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/reproducible-cflags.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-mkbuildinf.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/reproducible-mkbuildinf.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-mkbuildinf.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/reproducible-mkbuildinf.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/run-ptest b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/run-ptest
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/run-ptest
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/run-ptest
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/shared-libs.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/shared-libs.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/shared-libs.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/shared-libs.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/environment.d-openssl.sh b/poky/meta/recipes-connectivity/openssl/openssl/environment.d-openssl.sh
new file mode 100644
index 0000000..b9cc24a
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/environment.d-openssl.sh
@@ -0,0 +1 @@
+export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
deleted file mode 100644
index 413ebf3..0000000
--- a/poky/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
+++ /dev/null
@@ -1,64 +0,0 @@
-require openssl10.inc
-
-# For target side versions of openssl enable support for OCF Linux driver
-# if they are available.
-
-CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
-CFLAG_append_class-native = " -fPIC"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"
-
-export DIRS = "crypto ssl apps engines"
-export OE_LDFLAGS="${LDFLAGS}"
-
-SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \
- file://run-ptest \
- file://openssl-c_rehash.sh \
- file://configure-targets.patch \
- file://shared-libs.patch \
- file://oe-ldflags.patch \
- file://engines-install-in-libdir-ssl.patch \
- file://debian1.0.2/block_diginotar.patch \
- file://debian1.0.2/block_digicert_malaysia.patch \
- file://debian/ca.patch \
- file://debian/c_rehash-compat.patch \
- file://debian/debian-targets.patch \
- file://debian/man-dir.patch \
- file://debian/man-section.patch \
- file://debian/no-rpath.patch \
- file://debian/no-symbolic.patch \
- file://debian/pic.patch \
- file://debian1.0.2/version-script.patch \
- file://debian1.0.2/soname.patch \
- file://openssl_fix_for_x32.patch \
- file://openssl-fix-des.pod-error.patch \
- file://Makefiles-ptest.patch \
- file://ptest-deps.patch \
- file://ptest_makefile_deps.patch \
- file://configure-musl-target.patch \
- file://parallel.patch \
- file://openssl-util-perlpath.pl-cwd.patch \
- file://Use-SHA256-not-MD5-as-default-digest.patch \
- file://0001-Fix-build-with-clang-using-external-assembler.patch \
- file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
- "
-
-SRC_URI_append_class-target = "\
- file://reproducible-cflags.patch \
- file://reproducible-mkbuildinf.patch \
- "
-SRC_URI[md5sum] = "44279b8557c3247cbe324e2322ecd114"
-SRC_URI[sha256sum] = "ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d"
-
-PACKAGES =+ "${PN}-engines"
-FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
-
-# The crypto_use_bigint patch means that perl's bignum module needs to be
-# installed, but some distributions (for example Fedora 23) don't ship it by
-# default. As the resulting error is very misleading check for bignum before
-# building.
-do_configure_prepend() {
- if ! perl -Mbigint -e true; then
- bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
- fi
-}
diff --git a/poky/meta/recipes-connectivity/openssl/openssl10.inc b/poky/meta/recipes-connectivity/openssl/openssl_1.0.2p.bb
similarity index 62%
rename from poky/meta/recipes-connectivity/openssl/openssl10.inc
rename to poky/meta/recipes-connectivity/openssl/openssl_1.0.2p.bb
index 645d64e..5d41977 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl10.inc
+++ b/poky/meta/recipes-connectivity/openssl/openssl_1.0.2p.bb
@@ -6,62 +6,100 @@
# "openssl | SSLeay" dual license
LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"
-DEPENDS = "makedepend-native hostperl-runtime-native"
+DEPENDS = "hostperl-runtime-native"
DEPENDS_append_class-target = " openssl-native"
PROVIDES += "openssl10"
SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
- "
-S = "${WORKDIR}/openssl-${PV}"
+ file://run-ptest \
+ file://openssl-c_rehash.sh \
+ file://configure-targets.patch \
+ file://shared-libs.patch \
+ file://oe-ldflags.patch \
+ file://engines-install-in-libdir-ssl.patch \
+ file://debian1.0.2/block_diginotar.patch \
+ file://debian1.0.2/block_digicert_malaysia.patch \
+ file://debian/c_rehash-compat.patch \
+ file://debian/debian-targets.patch \
+ file://debian/man-dir.patch \
+ file://debian/man-section.patch \
+ file://debian/no-rpath.patch \
+ file://debian/no-symbolic.patch \
+ file://debian/pic.patch \
+ file://debian1.0.2/version-script.patch \
+ file://debian1.0.2/soname.patch \
+ file://openssl_fix_for_x32.patch \
+ file://openssl-fix-des.pod-error.patch \
+ file://Makefiles-ptest.patch \
+ file://ptest-deps.patch \
+ file://ptest_makefile_deps.patch \
+ file://configure-musl-target.patch \
+ file://parallel.patch \
+ file://Use-SHA256-not-MD5-as-default-digest.patch \
+ file://0001-Fix-build-with-clang-using-external-assembler.patch \
+ file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
+ file://0001-allow-manpages-to-be-disabled.patch \
+ "
+
+SRC_URI_append_class-target = " \
+ file://reproducible-cflags.patch \
+ file://reproducible-mkbuildinf.patch \
+ "
+
+SRC_URI_append_class-nativesdk = " \
+ file://environment.d-openssl.sh \
+ "
+
+SRC_URI[md5sum] = "ac5eb30bf5798aa14b1ae6d0e7da58df"
+SRC_URI[sha256sum] = "50a98e07b1a89eb8f6a99477f262df71c6fa7bef77df4dc83025a2845c827d00"
+
+UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
+
+inherit pkgconfig siteinfo multilib_header ptest relative_symlinks manpages
PACKAGECONFIG ?= "cryptodev-linux"
-PACKAGECONFIG[perl] = ",,,"
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+
PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
-
-TERMIO_libc-musl = "-DTERMIOS"
-TERMIO ?= "-DTERMIO"
-# Avoid binaries being marked as requiring an executable stack since it
-# doesn't(which causes and this causes issues with SELinux
-CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
- ${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack"
-
-export DIRS = "crypto ssl apps"
-export EX_LIBS = "-lgcc -ldl"
-export AS = "${CC} -c"
-
-inherit pkgconfig siteinfo multilib_header ptest relative_symlinks
-
-PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
-FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
-FILES_libssl = "${libdir}/libssl${SOLIBS}"
-FILES_${PN} =+ " ${libdir}/ssl/*"
-FILES_${PN}-misc = "${libdir}/ssl/misc"
-RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
-
-# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
-# package RRECOMMENDS on this package. This will enable the configuration
-# file to be installed for both the base openssl package and the libcrypto
-# package since the base openssl package depends on the libcrypto package.
-FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
-CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
-RRECOMMENDS_libcrypto += "openssl-conf"
-RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
+PACKAGECONFIG[manpages] = ",,,"
+PACKAGECONFIG[perl] = ",,,"
# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
# vulnerability
-EXTRA_OECONF = " -no-ssl3"
+EXTRA_OECONF = "no-ssl3"
-do_configure_prepend_darwin () {
- sed -i -e '/version-script=openssl\.ld/d' Configure
-}
+EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}"
+
+export OE_LDFLAGS = "${LDFLAGS}"
+
+# openssl fails with ccache: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12810
+CCACHE = ""
+
+TERMIO ?= "-DTERMIO"
+TERMIO_libc-musl = "-DTERMIOS"
+
+CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
+ ${TERMIO} ${CFLAGS} -Wall"
+
+# Avoid binaries being marked as requiring an executable stack since they don't
+# (and it causes issues with SELinux)
+CFLAG += "-Wa,--noexecstack"
+
+CFLAG_append_class-native = " -fPIC"
do_configure () {
- cd util
- perl perlpath.pl ${STAGING_BINDIR_NATIVE}
- cd ..
+ # The crypto_use_bigint patch means that perl's bignum module needs to be
+ # installed, but some distributions (for example Fedora 23) don't ship it by
+ # default. As the resulting error is very misleading check for bignum before
+ # building.
+ if ! perl -Mbigint -e true; then
+ bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
+ fi
+
ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
os=${HOST_OS}
@@ -73,7 +111,7 @@
linux-musl )
os=linux
;;
- *)
+ *)
;;
esac
target="$os-${HOST_ARCH}"
@@ -135,37 +173,29 @@
linux-powerpc64)
target=linux-ppc64
;;
- linux-riscv64)
- target=linux-generic64
- ;;
linux-riscv32)
target=linux-generic32
;;
+ linux-riscv64)
+ target=linux-generic64
+ ;;
linux-supersparc)
target=linux-sparcv8
;;
linux-sparc)
target=linux-sparcv8
;;
- darwin-i386)
- target=darwin-i386-cc
- ;;
esac
+
# inject machine-specific flags
sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
- useprefix=${prefix}
- if [ "x$useprefix" = "x" ]; then
- useprefix=/
- fi
- libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
- perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=${libdirleaf} $target
-}
-do_compile_prepend_class-target () {
- sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
- oe_runmake depend
- cc_sanitized=`echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g'`
- oe_runmake CC_INFO="${cc_sanitized}"
+ useprefix=${prefix}
+ if [ "x$useprefix" = "x" ]; then
+ useprefix=/
+ fi
+ libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
+ perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target
}
do_compile () {
@@ -173,10 +203,14 @@
oe_runmake
}
-do_compile_ptest () {
- # build dependencies for test directory too
- export DIRS="$DIRS test"
+do_compile_class-target () {
+ sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
oe_runmake depend
+ cc_sanitized=$(echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g' -e 's/[ \t]\+/ /g')
+ oe_runmake CC_INFO="$cc_sanitized"
+}
+
+do_compile_ptest () {
oe_runmake buildtest
}
@@ -228,8 +262,8 @@
do_install_ptest () {
cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
- # Replace the path to native perl with the path to target perl
- sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile
+ # Replace the path to native perl with the path to target perl
+ sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile
cp Configure config e_os.h ${D}${PTEST_PATH}
cp -r -L include ${D}${PTEST_PATH}
@@ -268,9 +302,9 @@
# Remove build host references
sed -i \
- -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
- -e 's|${DEBUG_PREFIX_MAP}||g' \
- ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
+ -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
+ -e 's|${DEBUG_PREFIX_MAP}||g' \
+ ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
}
do_install_append_class-native() {
@@ -281,5 +315,30 @@
OPENSSL_ENGINES=${libdir}/ssl/engines
}
-BBCLASSEXTEND = "native nativesdk"
+do_install_append_class-nativesdk() {
+ mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+ install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
+# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
+# package RRECOMMENDS on this package. This will enable the configuration
+# file to be installed for both the base openssl package and the libcrypto
+# package since the base openssl package depends on the libcrypto package.
+
+PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"
+
+FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl${SOLIBS}"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
+FILES_${PN}-misc = "${libdir}/ssl/misc"
+FILES_${PN} =+ "${libdir}/ssl/*"
+FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+
+CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+
+RRECOMMENDS_libcrypto += "openssl-conf"
+RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
+RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
deleted file mode 100644
index 94b75eb..0000000
--- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
+++ /dev/null
@@ -1,161 +0,0 @@
-SUMMARY = "Secure Socket Layer"
-DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
-HOMEPAGE = "http://www.openssl.org/"
-BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
-SECTION = "libs/network"
-
-# "openssl | SSLeay" dual license
-LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
-
-BBCLASSEXTEND = "native nativesdk"
-
-SRC_URI[md5sum] = "5271477e4d93f4ea032b665ef095ff24"
-SRC_URI[sha256sum] = "5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517"
-
-SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
- file://run-ptest \
- file://openssl-c_rehash.sh \
- file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
- "
-
-S = "${WORKDIR}/openssl-${PV}"
-
-inherit lib_package multilib_header ptest
-
-do_configure () {
- os=${HOST_OS}
- case $os in
- linux-uclibc |\
- linux-uclibceabi |\
- linux-gnueabi |\
- linux-uclibcspe |\
- linux-gnuspe |\
- linux-musl*)
- os=linux
- ;;
- *)
- ;;
- esac
- target="$os-${HOST_ARCH}"
- case $target in
- linux-arm)
- target=linux-armv4
- ;;
- linux-armeb)
- target=linux-armv4
- ;;
- linux-aarch64*)
- target=linux-aarch64
- ;;
- linux-sh3)
- target=linux-generic32
- ;;
- linux-sh4)
- target=linux-generic32
- ;;
- linux-i486)
- target=linux-elf
- ;;
- linux-i586 | linux-viac3)
- target=linux-elf
- ;;
- linux-i686)
- target=linux-elf
- ;;
- linux-gnux32-x86_64)
- target=linux-x32
- ;;
- linux-gnu64-x86_64)
- target=linux-x86_64
- ;;
- linux-mips)
- # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
- target="linux-mips32 ${TARGET_CC_ARCH}"
- ;;
- linux-mipsel)
- target="linux-mips32 ${TARGET_CC_ARCH}"
- ;;
- linux-gnun32-mips*)
- target=linux-mips64
- ;;
- linux-*-mips64 | linux-mips64)
- target=linux64-mips64
- ;;
- linux-*-mips64el | linux-mips64el)
- target=linux64-mips64
- ;;
- linux-microblaze*|linux-nios2*)
- target=linux-generic32
- ;;
- linux-powerpc)
- target=linux-ppc
- ;;
- linux-powerpc64)
- target=linux-ppc64
- ;;
- linux-riscv64)
- target=linux-generic64
- ;;
- linux-riscv32)
- target=linux-generic32
- ;;
- linux-supersparc)
- target=linux-sparcv9
- ;;
- linux-sparc)
- target=linux-sparcv9
- ;;
- darwin-i386)
- target=darwin-i386-cc
- ;;
- esac
- useprefix=${prefix}
- if [ "x$useprefix" = "x" ]; then
- useprefix=/
- fi
- libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
- perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdirleaf} $target
-}
-
-#| engines/afalg/e_afalg.c: In function 'eventfd':
-#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function)
-#| return syscall(__NR_eventfd, n);
-#| ^~~~~~~~~~~~
-EXTRA_OECONF_aarch64 += "no-afalgeng"
-
-#| ./libcrypto.so: undefined reference to `getcontext'
-#| ./libcrypto.so: undefined reference to `setcontext'
-#| ./libcrypto.so: undefined reference to `makecontext'
-EXTRA_OECONF_libc-musl += "-DOPENSSL_NO_ASYNC"
-
-do_install () {
- oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
- oe_multilib_header openssl/opensslconf.h
-}
-
-do_install_append_class-native () {
- # Install a custom version of c_rehash that can handle sysroots properly.
- # This version is used for example when installing ca-certificates during
- # image creation.
- install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
- sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
-}
-
-do_install_ptest() {
- cp -r * ${D}${PTEST_PATH}
-
- # Putting .so files in ptest package will mess up the dependencies of the main openssl package
- # so we rename them to .so.ptest and patch the test accordingly
- mv ${D}${PTEST_PATH}/libcrypto.so ${D}${PTEST_PATH}/libcrypto.so.ptest
- mv ${D}${PTEST_PATH}/libssl.so ${D}${PTEST_PATH}/libssl.so.ptest
- sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t
-}
-
-RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python"
-
-FILES_${PN} =+ " ${libdir}/ssl-1.1/*"
-
-PACKAGES =+ "${PN}-engines"
-FILES_${PN}-engines = "${libdir}/engines-1.1"
-
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb
new file mode 100644
index 0000000..e700626
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb
@@ -0,0 +1,170 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+# "openssl | SSLeay" dual license
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
+
+DEPENDS = "hostperl-runtime-native"
+
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+ file://run-ptest \
+ file://openssl-c_rehash.sh \
+ file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
+ "
+
+SRC_URI_append_class-nativesdk = " \
+ file://environment.d-openssl.sh \
+ "
+
+SRC_URI[md5sum] = "9495126aafd2659d357ea66a969c3fe1"
+SRC_URI[sha256sum] = "ebbfc844a8c8cc0ea5dc10b86c9ce97f401837f3fa08c17b2cdadc118253cf99"
+
+inherit lib_package multilib_header ptest
+
+#| engines/afalg/e_afalg.c: In function 'eventfd':
+#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function)
+#| return syscall(__NR_eventfd, n);
+#| ^~~~~~~~~~~~
+EXTRA_OECONF_append_aarch64 = " no-afalgeng"
+
+#| ./libcrypto.so: undefined reference to `getcontext'
+#| ./libcrypto.so: undefined reference to `setcontext'
+#| ./libcrypto.so: undefined reference to `makecontext'
+EXTRA_OECONF_append_libc-musl = " -DOPENSSL_NO_ASYNC"
+
+do_configure () {
+ os=${HOST_OS}
+ case $os in
+ linux-gnueabi |\
+ linux-gnuspe |\
+ linux-musleabi |\
+ linux-muslspe |\
+ linux-musl )
+ os=linux
+ ;;
+ *)
+ ;;
+ esac
+ target="$os-${HOST_ARCH}"
+ case $target in
+ linux-arm)
+ target=linux-armv4
+ ;;
+ linux-armeb)
+ target=linux-armv4
+ ;;
+ linux-aarch64*)
+ target=linux-aarch64
+ ;;
+ linux-sh3)
+ target=linux-generic32
+ ;;
+ linux-sh4)
+ target=linux-generic32
+ ;;
+ linux-i486)
+ target=linux-elf
+ ;;
+ linux-i586 | linux-viac3)
+ target=linux-elf
+ ;;
+ linux-i686)
+ target=linux-elf
+ ;;
+ linux-gnux32-x86_64 | linux-muslx32-x86_64 )
+ target=linux-x32
+ ;;
+ linux-gnu64-x86_64)
+ target=linux-x86_64
+ ;;
+ linux-mips)
+ # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
+ target="linux-mips32 ${TARGET_CC_ARCH}"
+ ;;
+ linux-mipsel)
+ target="linux-mips32 ${TARGET_CC_ARCH}"
+ ;;
+ linux-gnun32-mips*)
+ target=linux-mips64
+ ;;
+ linux-*-mips64 | linux-mips64)
+ target=linux64-mips64
+ ;;
+ linux-*-mips64el | linux-mips64el)
+ target=linux64-mips64
+ ;;
+ linux-microblaze*|linux-nios2*)
+ target=linux-generic32
+ ;;
+ linux-powerpc)
+ target=linux-ppc
+ ;;
+ linux-powerpc64)
+ target=linux-ppc64
+ ;;
+ linux-riscv32)
+ target=linux-generic32
+ ;;
+ linux-riscv64)
+ target=linux-generic64
+ ;;
+ linux-supersparc)
+ target=linux-sparcv9
+ ;;
+ linux-sparc)
+ target=linux-sparcv9
+ ;;
+ darwin-i386)
+ target=darwin-i386-cc
+ ;;
+ esac
+
+ useprefix=${prefix}
+ if [ "x$useprefix" = "x" ]; then
+ useprefix=/
+ fi
+ libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
+ perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=$libdirleaf $target
+}
+
+do_install () {
+ oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
+ oe_multilib_header openssl/opensslconf.h
+}
+
+do_install_append_class-native () {
+ # Install a custom version of c_rehash that can handle sysroots properly.
+ # This version is used for example when installing ca-certificates during
+ # image creation.
+ install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
+ sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
+}
+
+do_install_append_class-nativesdk () {
+ mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+ install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
+
+do_install_ptest() {
+ cp -r * ${D}${PTEST_PATH}
+
+ # Putting .so files in ptest package will mess up the dependencies of the main openssl package
+ # so we rename them to .so.ptest and patch the test accordingly
+ mv ${D}${PTEST_PATH}/libcrypto.so ${D}${PTEST_PATH}/libcrypto.so.ptest
+ mv ${D}${PTEST_PATH}/libssl.so ${D}${PTEST_PATH}/libssl.so.ptest
+ sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t
+}
+
+PACKAGES =+ "${PN}-engines"
+
+FILES_${PN} =+ "${libdir}/ssl-1.1/*"
+FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+FILES_${PN}-engines = "${libdir}/engines-1.1"
+
+RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-1.patch b/poky/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-1.patch
new file mode 100644
index 0000000..6f31eba
--- /dev/null
+++ b/poky/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-1.patch
@@ -0,0 +1,40 @@
+From 7597cfa482e42a00a69fb9577ee523762980a9a2 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Thu, 28 Dec 2017 15:52:42 -0500
+Subject: doc: clarify chown/chgrp --dereference defaults
+
+* doc/coreutils.texi: the documentation for the --dereference
+ flag of chown/chgrp states that it is the default mode of
+ operation. Document that this is only the case when operating
+ non-recursively.
+
+CVE: CVE-2017-18018
+Upstream-Status: Backport from v8.30
+
+Signed-off-by: Michael Orlitzky <michael@orlitzky.com>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ doc/coreutils.texi | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff -Naurp coreutils-8.27_org/doc/coreutils.texi coreutils-8.27/doc/coreutils.texi
+--- coreutils-8.27_org/doc/coreutils.texi 2018-07-22 21:09:50.128736692 -0700
++++ coreutils-8.27/doc/coreutils.texi 2018-07-22 21:12:59.972219770 -0700
+@@ -10952,7 +10952,7 @@ chown -h -R --from=OLDUSER NEWUSER /
+ @cindex symbolic links, changing owner
+ @findex lchown
+ Do not act on symbolic links themselves but rather on what they point to.
+-This is the default.
++This is the default when not operating recursively.
+
+ @item -h
+ @itemx --no-dereference
+@@ -11082,7 +11082,7 @@ changed.
+ @cindex symbolic links, changing owner
+ @findex lchown
+ Do not act on symbolic links themselves but rather on what they point to.
+-This is the default.
++This is the default when not operating recursively.
+
+ @item -h
+ @itemx --no-dereference
diff --git a/poky/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-2.patch b/poky/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-2.patch
new file mode 100644
index 0000000..c8f5f54
--- /dev/null
+++ b/poky/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-2.patch
@@ -0,0 +1,83 @@
+From bc2fd9796403e03bb757b064d44c22fab92e6842 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Thu, 4 Jan 2018 11:38:21 -0500
+Subject: doc: warn about following symlinks recursively in chown/chgrp
+
+In both chown and chgrp (which shares its code with chown), operating
+on symlinks recursively has a window of vulnerability where the
+destination user or group can change the target of the operation.
+Warn about combining the --dereference, --recursive, and -L flags.
+
+* doc/coreutils.texi (warnOptDerefWithRec): Add macro.
+(node chown invocation): Add it to --dereference and -L.
+(node chgrp invocation): Likewise.
+
+See also: CVE-2017-18018
+CVE: CVE-2017-18018
+Upstream-Status: Backport from v8.30
+
+Signed-off-by: Michael Orlitzky <michael@orlitzky.com>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ doc/coreutils.texi | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/doc/coreutils.texi b/doc/coreutils.texi
+index 6bb9f09..9f5f95b 100644
+--- a/doc/coreutils.texi
++++ b/doc/coreutils.texi
+@@ -1428,6 +1428,19 @@ a command line argument is a symbolic link to a directory, traverse it.
+ In a recursive traversal, traverse every symbolic link to a directory
+ that is encountered.
+ @end macro
++
++@c Append the following warning to -L where appropriate (e.g. chown).
++@macro warnOptDerefWithRec
++
++Combining this dereferencing option with the @option{--recursive} option
++may create a security risk:
++During the traversal of the directory tree, an attacker may be able to
++introduce a symlink to an arbitrary target; when the tool reaches that,
++the operation will be performed on the target of that symlink,
++possibly allowing the attacker to escalate privileges.
++
++@end macro
++
+ @choptL
+
+ @macro choptP
+@@ -10995,6 +11008,7 @@ chown -h -R --from=OLDUSER NEWUSER /
+ @findex lchown
+ Do not act on symbolic links themselves but rather on what they point to.
+ This is the default when not operating recursively.
++@warnOptDerefWithRec
+
+ @item -h
+ @itemx --no-dereference
+@@ -11051,6 +11065,7 @@ Recursively change ownership of directories and their contents.
+ @xref{Traversing symlinks}.
+
+ @choptL
++@warnOptDerefWithRec
+ @xref{Traversing symlinks}.
+
+ @choptP
+@@ -11125,6 +11140,7 @@ changed.
+ @findex lchown
+ Do not act on symbolic links themselves but rather on what they point to.
+ This is the default when not operating recursively.
++@warnOptDerefWithRec
+
+ @item -h
+ @itemx --no-dereference
+@@ -11180,6 +11196,7 @@ Recursively change the group ownership of directories and their contents.
+ @xref{Traversing symlinks}.
+
+ @choptL
++@warnOptDerefWithRec
+ @xref{Traversing symlinks}.
+
+ @choptP
+--
+cgit v1.0-41-gc330
+
diff --git a/poky/meta/recipes-core/coreutils/coreutils_8.29.bb b/poky/meta/recipes-core/coreutils/coreutils_8.29.bb
index 4704f32..b0572af 100644
--- a/poky/meta/recipes-core/coreutils/coreutils_8.29.bb
+++ b/poky/meta/recipes-core/coreutils/coreutils_8.29.bb
@@ -19,6 +19,8 @@
file://0001-uname-report-processor-and-hardware-correctly.patch \
file://disable-ls-output-quoting.patch \
file://0001-local.mk-fix-cross-compiling-problem.patch \
+ file://CVE-2017-18018-1.patch \
+ file://CVE-2017-18018-2.patch \
"
SRC_URI[md5sum] = "960cfe75a42c9907c71439f8eb436303"
diff --git a/poky/meta/recipes-devtools/git/files/CVE-2018-11235.patch b/poky/meta/recipes-devtools/git/files/CVE-2018-11235.patch
new file mode 100644
index 0000000..c272eac
--- /dev/null
+++ b/poky/meta/recipes-devtools/git/files/CVE-2018-11235.patch
@@ -0,0 +1,288 @@
+From 0383bbb9015898cbc79abd7b64316484d7713b44 Mon Sep 17 00:00:00 2001
+From: Jeff King <peff@peff.net>
+Date: Mon, 30 Apr 2018 03:25:25 -0400
+Subject: [PATCH] submodule-config: verify submodule names as paths
+
+Submodule "names" come from the untrusted .gitmodules file,
+but we blindly append them to $GIT_DIR/modules to create our
+on-disk repo paths. This means you can do bad things by
+putting "../" into the name (among other things).
+
+Let's sanity-check these names to avoid building a path that
+can be exploited. There are two main decisions:
+
+ 1. What should the allowed syntax be?
+
+ It's tempting to reuse verify_path(), since submodule
+ names typically come from in-repo paths. But there are
+ two reasons not to:
+
+ a. It's technically more strict than what we need, as
+ we really care only about breaking out of the
+ $GIT_DIR/modules/ hierarchy. E.g., having a
+ submodule named "foo/.git" isn't actually
+ dangerous, and it's possible that somebody has
+ manually given such a funny name.
+
+ b. Since we'll eventually use this checking logic in
+ fsck to prevent downstream repositories, it should
+ be consistent across platforms. Because
+ verify_path() relies on is_dir_sep(), it wouldn't
+ block "foo\..\bar" on a non-Windows machine.
+
+ 2. Where should we enforce it? These days most of the
+ .gitmodules reads go through submodule-config.c, so
+ I've put it there in the reading step. That should
+ cover all of the C code.
+
+ We also construct the name for "git submodule add"
+ inside the git-submodule.sh script. This is probably
+ not a big deal for security since the name is coming
+ from the user anyway, but it would be polite to remind
+ them if the name they pick is invalid (and we need to
+ expose the name-checker to the shell anyway for our
+ test scripts).
+
+ This patch issues a warning when reading .gitmodules
+ and just ignores the related config entry completely.
+ This will generally end up producing a sensible error,
+ as it works the same as a .gitmodules file which is
+ missing a submodule entry (so "submodule update" will
+ barf, but "git clone --recurse-submodules" will print
+ an error but not abort the clone.
+
+ There is one minor oddity, which is that we print the
+ warning once per malformed config key (since that's how
+ the config subsystem gives us the entries). So in the
+ new test, for example, the user would see three
+ warnings. That's OK, since the intent is that this case
+ should never come up outside of malicious repositories
+ (and then it might even benefit the user to see the
+ message multiple times).
+
+Credit for finding this vulnerability and the proof of
+concept from which the test script was adapted goes to
+Etienne Stalmans.
+
+CVE: CVE-2018-11235
+Upstream-Status: Backport [https://github.com/gitster/git/commit/0383bbb9015898cbc79abd7b64316484d7713b44#diff-1772b951776d1647ca31a2256f7fe88f]
+
+Signed-off-by: Jeff King <peff@peff.net>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ builtin/submodule--helper.c | 24 ++++++++++++++
+ git-submodule.sh | 5 +++
+ submodule-config.c | 31 ++++++++++++++++++
+ submodule-config.h | 7 +++++
+ t/t7415-submodule-names.sh | 76 +++++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 143 insertions(+)
+ create mode 100755 t/t7415-submodule-names.sh
+
+diff --git a/builtin/submodule--helper.c b/builtin/submodule--helper.c
+index cbb17a902..b4b4d29d8 100644
+--- a/builtin/submodule--helper.c
++++ b/builtin/submodule--helper.c
+@@ -1480,6 +1480,29 @@ static int is_active(int argc, const cha
+ return !is_submodule_active(the_repository, argv[1]);
+ }
+
++/*
++ * Exit non-zero if any of the submodule names given on the command line is
++ * invalid. If no names are given, filter stdin to print only valid names
++ * (which is primarily intended for testing).
++ */
++static int check_name(int argc, const char **argv, const char *prefix)
++{
++ if (argc > 1) {
++ while (*++argv) {
++ if (check_submodule_name(*argv) < 0)
++ return 1;
++ }
++ } else {
++ struct strbuf buf = STRBUF_INIT;
++ while (strbuf_getline(&buf, stdin) != EOF) {
++ if (!check_submodule_name(buf.buf))
++ printf("%s\n", buf.buf);
++ }
++ strbuf_release(&buf);
++ }
++ return 0;
++}
++
+ #define SUPPORT_SUPER_PREFIX (1<<0)
+
+ struct cmd_struct {
+@@ -1502,6 +1525,7 @@ static struct cmd_struct commands[] = {
+ {"push-check", push_check, 0},
+ {"absorb-git-dirs", absorb_git_dirs, SUPPORT_SUPER_PREFIX},
+ {"is-active", is_active, 0},
++ {"check-name", check_name, 0},
+ };
+
+ int cmd_submodule__helper(int argc, const char **argv, const char *prefix)
+diff --git a/git-submodule.sh b/git-submodule.sh
+index c0d0e9a4c..92750b9e2 100755
+--- a/git-submodule.sh
++++ b/git-submodule.sh
+@@ -229,6 +229,11 @@ Use -f if you really want to add it." >&
+ sm_name="$sm_path"
+ fi
+
++ if ! git submodule--helper check-name "$sm_name"
++ then
++ die "$(eval_gettext "'$sm_name' is not a valid submodule name")"
++ fi
++
+ # perhaps the path exists and is already a git repo, else clone it
+ if test -e "$sm_path"
+ then
+diff --git a/submodule-config.c b/submodule-config.c
+index 4f58491dd..de54351c6 100644
+--- a/submodule-config.c
++++ b/submodule-config.c
+@@ -190,6 +190,31 @@ static struct submodule *cache_lookup_na
+ return NULL;
+ }
+
++int check_submodule_name(const char *name)
++{
++ /* Disallow empty names */
++ if (!*name)
++ return -1;
++
++ /*
++ * Look for '..' as a path component. Check both '/' and '\\' as
++ * separators rather than is_dir_sep(), because we want the name rules
++ * to be consistent across platforms.
++ */
++ goto in_component; /* always start inside component */
++ while (*name) {
++ char c = *name++;
++ if (c == '/' || c == '\\') {
++in_component:
++ if (name[0] == '.' && name[1] == '.' &&
++ (!name[2] || name[2] == '/' || name[2] == '\\'))
++ return -1;
++ }
++ }
++
++ return 0;
++}
++
+ static int name_and_item_from_var(const char *var, struct strbuf *name,
+ struct strbuf *item)
+ {
+@@ -201,6 +226,12 @@ static int name_and_item_from_var(const
+ return 0;
+
+ strbuf_add(name, subsection, subsection_len);
++ if (check_submodule_name(name->buf) < 0) {
++ warning(_("ignoring suspicious submodule name: %s"), name->buf);
++ strbuf_release(name);
++ return 0;
++ }
++
+ strbuf_addstr(item, key);
+
+ return 1;
+diff --git a/submodule-config.h b/submodule-config.h
+index d434ecdb4..103cc79dd 100644
+--- a/submodule-config.h
++++ b/submodule-config.h
+@@ -48,4 +48,11 @@ extern const struct submodule *submodule
+ const char *key);
+ extern void submodule_free(void);
+
++/*
++ * Returns 0 if the name is syntactically acceptable as a submodule "name"
++ * (e.g., that may be found in the subsection of a .gitmodules file) and -1
++ * otherwise.
++ */
++int check_submodule_name(const char *name);
++
+ #endif /* SUBMODULE_CONFIG_H */
+diff --git a/t/t7415-submodule-names.sh b/t/t7415-submodule-names.sh
+new file mode 100755
+index 000000000..75fa071c6
+--- /dev/null
++++ b/t/t7415-submodule-names.sh
+@@ -0,0 +1,76 @@
++#!/bin/sh
++
++test_description='check handling of .. in submodule names
++
++Exercise the name-checking function on a variety of names, and then give a
++real-world setup that confirms we catch this in practice.
++'
++. ./test-lib.sh
++
++test_expect_success 'check names' '
++ cat >expect <<-\EOF &&
++ valid
++ valid/with/paths
++ EOF
++
++ git submodule--helper check-name >actual <<-\EOF &&
++ valid
++ valid/with/paths
++
++ ../foo
++ /../foo
++ ..\foo
++ \..\foo
++ foo/..
++ foo/../
++ foo\..
++ foo\..\
++ foo/../bar
++ EOF
++
++ test_cmp expect actual
++'
++
++test_expect_success 'create innocent subrepo' '
++ git init innocent &&
++ git -C innocent commit --allow-empty -m foo
++'
++
++test_expect_success 'submodule add refuses invalid names' '
++ test_must_fail \
++ git submodule add --name ../../modules/evil "$PWD/innocent" evil
++'
++
++test_expect_success 'add evil submodule' '
++ git submodule add "$PWD/innocent" evil &&
++
++ mkdir modules &&
++ cp -r .git/modules/evil modules &&
++ write_script modules/evil/hooks/post-checkout <<-\EOF &&
++ echo >&2 "RUNNING POST CHECKOUT"
++ EOF
++
++ git config -f .gitmodules submodule.evil.update checkout &&
++ git config -f .gitmodules --rename-section \
++ submodule.evil submodule.../../modules/evil &&
++ git add modules &&
++ git commit -am evil
++'
++
++# This step seems like it shouldn't be necessary, since the payload is
++# contained entirely in the evil submodule. But due to the vagaries of the
++# submodule code, checking out the evil module will fail unless ".git/modules"
++# exists. Adding another submodule (with a name that sorts before "evil") is an
++# easy way to make sure this is the case in the victim clone.
++test_expect_success 'add other submodule' '
++ git submodule add "$PWD/innocent" another-module &&
++ git add another-module &&
++ git commit -am another
++'
++
++test_expect_success 'clone evil superproject' '
++ git clone --recurse-submodules . victim >output 2>&1 &&
++ ! grep "RUNNING POST CHECKOUT" output
++'
++
++test_done
+--
+2.13.3
+
diff --git a/poky/meta/recipes-devtools/git/git.inc b/poky/meta/recipes-devtools/git/git.inc
index dd9d792..bea23ec 100644
--- a/poky/meta/recipes-devtools/git/git.inc
+++ b/poky/meta/recipes-devtools/git/git.inc
@@ -7,7 +7,8 @@
PROVIDES_append_class-native = " git-replacement-native"
SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
- ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages"
+ ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages \
+ file://CVE-2018-11235.patch"
S = "${WORKDIR}/git-${PV}"
diff --git a/poky/meta/recipes-devtools/nasm/nasm/0001-Verify-that-we-are-not-reading-past-end-of-a-buffer.patch b/poky/meta/recipes-devtools/nasm/nasm/0001-Verify-that-we-are-not-reading-past-end-of-a-buffer.patch
new file mode 100644
index 0000000..a56a08b
--- /dev/null
+++ b/poky/meta/recipes-devtools/nasm/nasm/0001-Verify-that-we-are-not-reading-past-end-of-a-buffer.patch
@@ -0,0 +1,65 @@
+From c5785fdf1d660eaefb9711284414262d0cfe8843 Mon Sep 17 00:00:00 2001
+From: Adam Majer <amajer@suse.de>
+Date: Fri, 17 Aug 2018 14:48:17 +0800
+Subject: [PATCH] Verify that we are not reading past end of a buffer
+
+Simple reproducer is just,
+
+ ret &d:ep
+
+which triggers a buffer overread due to parsing of an invalid
+segment override.
+
+Signed-off-by: Adam Majer <amajer@suse.de>
+
+Upstream-Status: Submitted [https://bugzilla.nasm.us/show_bug.cgi?id=3392447]
+CVE: CVE-2018-8883
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ include/opflags.h | 2 +-
+ include/tables.h | 1 +
+ x86/regs.pl | 3 ++-
+ 3 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/include/opflags.h b/include/opflags.h
+index ef2838c1..8d4b6b1e 100644
+--- a/include/opflags.h
++++ b/include/opflags.h
+@@ -166,7 +166,7 @@
+ #define REG_CLASS_BND GEN_REG_CLASS(9)
+
+ #define is_class(class, op) (!((opflags_t)(class) & ~(opflags_t)(op)))
+-#define is_reg_class(class, reg) is_class((class), nasm_reg_flags[(reg)])
++#define is_reg_class(class, reg) is_class((class), ((reg) < nasm_reg_flags_size ? nasm_reg_flags[(reg)] : 0))
+
+ #define IS_SREG(reg) is_reg_class(REG_SREG, (reg))
+ #define IS_FSGS(reg) is_reg_class(REG_FSGS, (reg))
+diff --git a/include/tables.h b/include/tables.h
+index 24a665e2..458752ce 100644
+--- a/include/tables.h
++++ b/include/tables.h
+@@ -64,6 +64,7 @@ extern const char * const nasm_reg_names[];
+ typedef uint64_t opflags_t;
+ typedef uint16_t decoflags_t;
+ extern const opflags_t nasm_reg_flags[];
++extern const size_t nasm_reg_flags_size;
+ /* regvals.c */
+ extern const int nasm_regvals[];
+
+diff --git a/x86/regs.pl b/x86/regs.pl
+index 3a1b56f5..cb5cea68 100755
+--- a/x86/regs.pl
++++ b/x86/regs.pl
+@@ -158,7 +158,8 @@ if ( $fmt eq 'h' ) {
+ printf " %-15s /* %-5s */\n",
+ $regs{$reg}.',', $reg;
+ }
+- print "};\n";
++ print "};\n\n";
++ print "const size_t nasm_reg_flags_size = sizeof(nasm_reg_flags) / sizeof(opflags_t);\n";
+ } elsif ( $fmt eq 'vc' ) {
+ # Output regvals.c
+ print "/* automatically generated from $file - do not edit */\n\n";
+--
+2.17.1
+
diff --git a/poky/meta/recipes-devtools/nasm/nasm/0001-assemble-Check-global-line-limit.patch b/poky/meta/recipes-devtools/nasm/nasm/0001-assemble-Check-global-line-limit.patch
new file mode 100644
index 0000000..682d4c7
--- /dev/null
+++ b/poky/meta/recipes-devtools/nasm/nasm/0001-assemble-Check-global-line-limit.patch
@@ -0,0 +1,50 @@
+From 7a46d6b9e3a1d8a0ab0d816ef1bf194ad285e082 Mon Sep 17 00:00:00 2001
+From: "Chang S. Bae" <chang.seok.bae@intel.com>
+Date: Fri, 17 Aug 2018 14:26:03 +0800
+Subject: [PATCH] assemble: Check global line limit
+
+Without the limit, the while loop opens to semi-infinite
+that will exhaustively consume the heap space. Also, the
+index value gets into the garbage.
+
+https://bugzilla.nasm.us/show_bug.cgi?id=3392474
+
+Reported-by : Dongliang Mu <mudongliangabcd@gmail.com>
+Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com>
+Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
+
+Upstream-Status: Backport from upstream [http://repo.or.cz/nasm.git]
+CVE: CVE-2018-10316
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ asm/nasm.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/asm/nasm.c b/asm/nasm.c
+index 8497ec9..81f6cee 100644
+--- a/asm/nasm.c
++++ b/asm/nasm.c
+@@ -99,6 +99,8 @@ static char outname[FILENAME_MAX];
+ static char listname[FILENAME_MAX];
+ static char errname[FILENAME_MAX];
+ static int globallineno; /* for forward-reference tracking */
++#define GLOBALLINENO_MAX INT32_MAX
++
+ /* static int pass = 0; */
+ const struct ofmt *ofmt = &OF_DEFAULT;
+ const struct ofmt_alias *ofmt_alias = NULL;
+@@ -1360,7 +1362,10 @@ static void assemble_file(char *fname, StrList **depend_ptr)
+ location.offset = offs = get_curr_offs();
+
+ while ((line = preproc->getline())) {
+- globallineno++;
++ if (globallineno++ == GLOBALLINENO_MAX)
++ nasm_error(ERR_FATAL,
++ "overall line number reaches the maximum %d\n",
++ GLOBALLINENO_MAX);
+
+ /*
+ * Here we parse our directives; this is not handled by the
+--
+2.7.4
+
diff --git a/poky/meta/recipes-devtools/nasm/nasm/0001-fix-CVE-2018-8882.patch b/poky/meta/recipes-devtools/nasm/nasm/0001-fix-CVE-2018-8882.patch
new file mode 100644
index 0000000..bc706c3
--- /dev/null
+++ b/poky/meta/recipes-devtools/nasm/nasm/0001-fix-CVE-2018-8882.patch
@@ -0,0 +1,30 @@
+From 33438037e00ec750bff020578b1a5b6f75f60555 Mon Sep 17 00:00:00 2001
+From: Adam Majer <amajer@suse.de>
+Date: Fri, 17 Aug 2018 14:41:02 +0800
+Subject: [PATCH] fix CVE-2018-8882
+
+https://bugzilla.nasm.us/show_bug.cgi?id=3392445
+
+Upstream-Status: Submitted [https://bugzilla.nasm.us/show_bug.cgi?id=3392445]
+CVE: CVE-2018-8882
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ asm/float.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/asm/float.c b/asm/float.c
+index dcf69fea..2965d3db 100644
+--- a/asm/float.c
++++ b/asm/float.c
+@@ -608,6 +608,8 @@ static void ieee_shr(fp_limb *mant, int i)
+ if (offs)
+ for (j = MANT_LIMBS-1; j >= offs; j--)
+ mant[j] = mant[j-offs];
++ } else if (MANT_LIMBS-1-offs < 0) {
++ j = MANT_LIMBS-1;
+ } else {
+ n = mant[MANT_LIMBS-1-offs] >> sr;
+ for (j = MANT_LIMBS-1; j > offs; j--) {
+--
+2.17.1
+
diff --git a/poky/meta/recipes-devtools/nasm/nasm_2.13.03.bb b/poky/meta/recipes-devtools/nasm/nasm_2.13.03.bb
index 236d7e5..6a02df4 100644
--- a/poky/meta/recipes-devtools/nasm/nasm_2.13.03.bb
+++ b/poky/meta/recipes-devtools/nasm/nasm_2.13.03.bb
@@ -5,6 +5,9 @@
SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \
file://0001-asmlib-Drop-pure-function-attribute-from-seg_init.patch \
+ file://0001-assemble-Check-global-line-limit.patch \
+ file://0001-fix-CVE-2018-8882.patch \
+ file://0001-Verify-that-we-are-not-reading-past-end-of-a-buffer.patch \
"
SRC_URI[md5sum] = "0c581d482f39d5111879ca9601938f74"
diff --git a/poky/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch b/poky/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch
new file mode 100644
index 0000000..049149e
--- /dev/null
+++ b/poky/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch
@@ -0,0 +1,36 @@
+From 9c986353e420ead6e706262bf204d6e03322c300 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 17 Aug 2018 13:35:40 +0200
+Subject: [PATCH] Fix swapping fake lines in pch_swap
+
+* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a
+blank line in the middle of a context-diff hunk: that empty line stays
+in the middle of the hunk and isn't swapped.
+
+Fixes: https://savannah.gnu.org/bugs/index.php?53133
+Signed-off-by: Andreas Gruenbacher <agruen@gnu.org>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/git/patch.git]
+CVE: CVE-2018-6952
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
+---
+ src/pch.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index e92bc64..a500ad9 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2122,7 +2122,7 @@ pch_swap (void)
+ }
+ if (p_efake >= 0) { /* fix non-freeable ptr range */
+ if (p_efake <= i)
+- n = p_end - i + 1;
++ n = p_end - p_ptrn_lines;
+ else
+ n = -i;
+ p_efake += n;
+--
+2.10.2
+
diff --git a/poky/meta/recipes-devtools/patch/patch_2.7.6.bb b/poky/meta/recipes-devtools/patch/patch_2.7.6.bb
index 823486d..85b0db7 100644
--- a/poky/meta/recipes-devtools/patch/patch_2.7.6.bb
+++ b/poky/meta/recipes-devtools/patch/patch_2.7.6.bb
@@ -5,6 +5,7 @@
file://0002-Fix-segfault-with-mangled-rename-patch.patch \
file://0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch \
file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \
+ file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \
"
SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600"
diff --git a/poky/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch b/poky/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch
new file mode 100644
index 0000000..a33deaf
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch
@@ -0,0 +1,48 @@
+From ae65651eab053fc6dc4590dbb863a268215c1fc5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Fri, 8 Jun 2018 11:45:40 +0100
+Subject: [PATCH] [PATCH] Remove existing files before overwriting them
+
+Archive should extract only the latest same-named entry.
+Extracted regular file should not be writtent into existing block
+device (or any other one).
+
+https://rt.cpan.org/Ticket/Display.html?id=125523
+
+CVE: CVE-2018-12015
+Upstream-Status: Backport [https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5]
+
+Signed-off-by: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ lib/Archive/Tar.pm | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/cpan/Archive-Tar/lib/Archive/Tar.pm b/cpan/Archive-Tar/lib/Archive/Tar.pm
+index 6244369..a83975f 100644
+--- a/cpan/Archive-Tar/lib/Archive/Tar.pm
++++ b/cpan/Archive-Tar/lib/Archive/Tar.pm
+@@ -845,6 +845,20 @@ sub _extract_file {
+ return;
+ }
+
++ ### If a file system already contains a block device with the same name as
++ ### the being extracted regular file, we would write the file's content
++ ### to the block device. So remove the existing file (block device) now.
++ ### If an archive contains multiple same-named entries, the last one
++ ### should replace the previous ones. So remove the old file now.
++ ### If the old entry is a symlink to a file outside of the CWD, the new
++ ### entry would create a file there. This is CVE-2018-12015
++ ### <https://rt.cpan.org/Ticket/Display.html?id=125523>.
++ if (-l $full || -e _) {
++ if (!unlink $full) {
++ $self->_error( qq[Could not remove old file '$full': $!] );
++ return;
++ }
++ }
+ if( length $entry->type && $entry->is_file ) {
+ my $fh = IO::File->new;
+ $fh->open( '>' . $full ) or (
+--
+2.13.3
+
diff --git a/poky/meta/recipes-devtools/perl/perl/CVE-2018-6797.patch b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6797.patch
new file mode 100644
index 0000000..b56ebd3
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6797.patch
@@ -0,0 +1,45 @@
+From abe1e6c568b96bcb382dfa4f61c56d1ab001ea51 Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Fri, 2 Feb 2018 15:14:27 -0700
+Subject: [PATCH] (perl #132227) restart a node if we change to uni rules
+ within the node and encounter a sharp S
+
+This could lead to a buffer overflow.
+
+(cherry picked from commit a02c70e35d1313a5f4e245e8f863c810e991172d)
+
+CVE: CVE-2018-6797
+Upstream-Status: Backport [https://perl5.git.perl.org/perl.git/commitdiff/abe1e6c568b96bcb382dfa4f61c56d1ab001ea51]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ regcomp.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/regcomp.c b/regcomp.c
+index 3b9550b10d..a7dee9a09e 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -13543,6 +13543,18 @@ S_regatom(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth)
+ * /u. This includes the multi-char fold SHARP S to
+ * 'ss' */
+ if (UNLIKELY(ender == LATIN_SMALL_LETTER_SHARP_S)) {
++
++ /* If the node started out having uni rules, we
++ * wouldn't have gotten here. So this means
++ * something in the middle has changed it, but
++ * didn't think it needed to reparse. But this
++ * sharp s now does indicate the need for
++ * reparsing. */
++ if (RExC_uni_semantics) {
++ p = oldp;
++ goto loopdone;
++ }
++
+ RExC_seen_unfolded_sharp_s = 1;
+ maybe_exactfu = FALSE;
+ }
+--
+2.15.1-424-g9478a660812
+
+
diff --git a/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-1.patch b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-1.patch
new file mode 100644
index 0000000..3477162
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-1.patch
@@ -0,0 +1,130 @@
+From 0abf1e8d89aecd32dbdabda5da4d52a2d57a7cff Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Tue, 6 Feb 2018 14:50:48 -0700
+Subject: [PATCH] [perl #132063]: Heap buffer overflow
+
+The proximal cause is several instances in regexec.c of the code
+assuming that the input was valid UTF-8, whereas the input was too short
+for what the start byte claimed it would be.
+
+I grepped through the core for any other similar uses, and did not find
+any.
+
+(cherry picked from commit fe7d8ba0a1bf567af8fa8fea128e2b9f4c553e84)
+
+CVE: CVE-2018-6798
+Upstream-Status: Backport [https://perl5.git.perl.org/perl.git/patch/0abf1e8d89aecd32dbdabda5da4d52a2d57a7cff]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ regexec.c | 29 ++++++++++++++++-------------
+ t/lib/warnings/regexec | 7 +++++++
+ 2 files changed, 23 insertions(+), 13 deletions(-)
+
+diff --git a/regexec.c b/regexec.c
+index 5735b997fd..ea432c39d3 100644
+--- a/regexec.c
++++ b/regexec.c
+@@ -1466,7 +1466,9 @@ Perl_re_intuit_start(pTHX_
+ ? trie_utf8_fold \
+ : trie_latin_utf8_fold)))
+
+-#define REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc, uscan, len, uvc, charid, foldlen, foldbuf, uniflags) \
++/* 'uscan' is set to foldbuf, and incremented, so below the end of uscan is
++ * 'foldbuf+sizeof(foldbuf)' */
++#define REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc, uc_end, uscan, len, uvc, charid, foldlen, foldbuf, uniflags) \
+ STMT_START { \
+ STRLEN skiplen; \
+ U8 flags = FOLD_FLAGS_FULL; \
+@@ -1474,7 +1476,7 @@ STMT_START {
+ case trie_flu8: \
+ _CHECK_AND_WARN_PROBLEMATIC_LOCALE; \
+ if (utf8_target && UTF8_IS_ABOVE_LATIN1(*uc)) { \
+- _CHECK_AND_OUTPUT_WIDE_LOCALE_UTF8_MSG(uc, uc + UTF8SKIP(uc)); \
++ _CHECK_AND_OUTPUT_WIDE_LOCALE_UTF8_MSG(uc, uc_end - uc); \
+ } \
+ goto do_trie_utf8_fold; \
+ case trie_utf8_exactfa_fold: \
+@@ -1483,7 +1485,7 @@ STMT_START {
+ case trie_utf8_fold: \
+ do_trie_utf8_fold: \
+ if ( foldlen>0 ) { \
+- uvc = utf8n_to_uvchr( (const U8*) uscan, UTF8_MAXLEN, &len, uniflags ); \
++ uvc = utf8n_to_uvchr( (const U8*) uscan, foldlen, &len, uniflags ); \
+ foldlen -= len; \
+ uscan += len; \
+ len=0; \
+@@ -1500,7 +1502,7 @@ STMT_START {
+ /* FALLTHROUGH */ \
+ case trie_latin_utf8_fold: \
+ if ( foldlen>0 ) { \
+- uvc = utf8n_to_uvchr( (const U8*) uscan, UTF8_MAXLEN, &len, uniflags ); \
++ uvc = utf8n_to_uvchr( (const U8*) uscan, foldlen, &len, uniflags ); \
+ foldlen -= len; \
+ uscan += len; \
+ len=0; \
+@@ -1519,7 +1521,7 @@ STMT_START {
+ } \
+ /* FALLTHROUGH */ \
+ case trie_utf8: \
+- uvc = utf8n_to_uvchr( (const U8*) uc, UTF8_MAXLEN, &len, uniflags ); \
++ uvc = utf8n_to_uvchr( (const U8*) uc, uc_end - uc, &len, uniflags ); \
+ break; \
+ case trie_plain: \
+ uvc = (UV)*uc; \
+@@ -2599,10 +2601,10 @@ S_find_byclass(pTHX_ regexp * prog, const regnode *c, char *s,
+ }
+ points[pointpos++ % maxlen]= uc;
+ if (foldlen || uc < (U8*)strend) {
+- REXEC_TRIE_READ_CHAR(trie_type, trie,
+- widecharmap, uc,
+- uscan, len, uvc, charid, foldlen,
+- foldbuf, uniflags);
++ REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc,
++ (U8 *) strend, uscan, len, uvc,
++ charid, foldlen, foldbuf,
++ uniflags);
+ DEBUG_TRIE_EXECUTE_r({
+ dump_exec_pos( (char *)uc, c, strend,
+ real_start, s, utf8_target, 0);
+@@ -5511,8 +5513,9 @@ S_regmatch(pTHX_ regmatch_info *reginfo, char *startpos, regnode *prog)
+ if ( base && (foldlen || uc < (U8*)(reginfo->strend))) {
+ I32 offset;
+ REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc,
+- uscan, len, uvc, charid, foldlen,
+- foldbuf, uniflags);
++ (U8 *) reginfo->strend, uscan,
++ len, uvc, charid, foldlen,
++ foldbuf, uniflags);
+ charcount++;
+ if (foldlen>0)
+ ST.longfold = TRUE;
+@@ -5642,8 +5645,8 @@ S_regmatch(pTHX_ regmatch_info *reginfo, char *startpos, regnode *prog)
+ while (foldlen) {
+ if (!--chars)
+ break;
+- uvc = utf8n_to_uvchr(uscan, UTF8_MAXLEN, &len,
+- uniflags);
++ uvc = utf8n_to_uvchr(uscan, foldlen, &len,
++ uniflags);
+ uscan += len;
+ foldlen -= len;
+ }
+diff --git a/t/lib/warnings/regexec b/t/lib/warnings/regexec
+index 900dd6ee7f..6635142dea 100644
+--- a/t/lib/warnings/regexec
++++ b/t/lib/warnings/regexec
+@@ -260,3 +260,10 @@ setlocale(&POSIX::LC_CTYPE, $utf8_locale);
+ "k" =~ /(?[ \N{KELVIN SIGN} ])/i;
+ ":" =~ /(?[ \: ])/;
+ EXPECT
++########
++# NAME perl #132063, read beyond buffer end
++# OPTION fatal
++"\xff" =~ /(?il)\x{100}|\x{100}/;
++EXPECT
++Malformed UTF-8 character: \xff (too short; 1 byte available, need 13) in pattern match (m//) at - line 2.
++Malformed UTF-8 character (fatal) at - line 2.
+--
+2.15.1-424-g9478a660812
+
diff --git a/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-2.patch b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-2.patch
new file mode 100644
index 0000000..fb9b41a
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-2.patch
@@ -0,0 +1,37 @@
+From f65da1ca2eee74696d9c120e9d69af37b4fa1920 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Mon, 19 Feb 2018 15:11:42 +1100
+Subject: [PATCH] (perl #132063) we should no longer warn for this code
+
+The first patch for 132063 prevented the buffer read overflow when
+dumping the warning but didn't fix the underlying problem.
+
+The next change treats the supplied buffer correctly, preventing the
+non-UTF-8 SV from being treated as UTF-8, preventing the warning.
+
+(cherry picked from commit 1e8b61488f195e1396aa801c685340b156104f4f)
+
+CVE: CVE-2018-6798
+Upstream-Status: Backport [https://perl5.git.perl.org/perl.git/commitdiff/f65da1ca2eee74696d9c120e9d69af37b4fa1920]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ t/lib/warnings/regexec | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/t/lib/warnings/regexec b/t/lib/warnings/regexec
+index 6635142dea..c370ddc3c7 100644
+--- a/t/lib/warnings/regexec
++++ b/t/lib/warnings/regexec
+@@ -262,8 +262,5 @@ setlocale(&POSIX::LC_CTYPE, $utf8_locale);
+ EXPECT
+ ########
+ # NAME perl #132063, read beyond buffer end
+-# OPTION fatal
+ "\xff" =~ /(?il)\x{100}|\x{100}/;
+ EXPECT
+-Malformed UTF-8 character: \xff (too short; 1 byte available, need 13) in pattern match (m//) at - line 2.
+-Malformed UTF-8 character (fatal) at - line 2.
+--
+2.15.1-424-g9478a660812
+
diff --git a/poky/meta/recipes-devtools/perl/perl/CVE-2018-6913.patch b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6913.patch
new file mode 100644
index 0000000..157af7b
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6913.patch
@@ -0,0 +1,153 @@
+From f17fed5006177dce8ac48229c424a2da0d6ba492 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Tue, 8 Aug 2017 09:32:58 +1000
+Subject: [PATCH] (perl #131844) fix various space calculation issues in
+ pp_pack.c
+
+- for the originally reported case, if the start/cur pointer is in the
+ top 75% of the address space the add (cur) + glen addition would
+ overflow, resulting in the condition failing incorrectly.
+
+- the addition of the existing space used to the space needed could
+ overflow, resulting in too small an allocation and a buffer overflow.
+
+- the scaling for UTF8 could overflow.
+
+- the multiply to calculate the space needed for many items could
+ overflow.
+
+For the first case, do a space calculation without making new pointers.
+
+For the other cases, detect the overflow and croak if there's an
+overflow.
+
+Originally this used Size_t_MAX as the maximum size of a memory
+allocation, but for -DDEBUGGING builds realloc() throws a panic for
+allocations over half the address space in size, changing the error
+reported for the allocation.
+
+For non-DEBUGGING builds the Size_t_MAX limit has the small chance
+of finding a system that has 3GB of contiguous space available, and
+allocating that space, which could be a denial of servce in some cases.
+
+Unfortunately changing the limit to half the address space means that
+the exact case with the original issue can no longer occur, so the
+test is no longer testing against the address + length issue that
+caused the original problem, since the allocation is failing earlier.
+
+One option would be to change the test so the size request by pack is
+just under 2GB, but this has a higher (but still low) probability that
+the system has the address space available, and will actually try to
+allocate the memory, so let's not do that.
+
+Note: changed
+plan tests => 14713;
+to
+plan tests => 14712;
+in a/t/op/pack.t
+to apply this patch on perl 5.24.1.
+
+CVE: CVE-2018-6913
+Upstream-Status: Backport [https://perl5.git.perl.org/perl.git/commitdiff/f17fed5006177dce8ac48229c424a2da0d6ba492]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ pp_pack.c | 25 +++++++++++++++++++++----
+ t/op/pack.t | 24 +++++++++++++++++++++++-
+ 2 files changed, 44 insertions(+), 5 deletions(-)
+
+diff --git a/pp_pack.c b/pp_pack.c
+index 8937d6d715..5e9cc64301 100644
+--- a/pp_pack.c
++++ b/pp_pack.c
+@@ -357,11 +357,28 @@ STMT_START { \
+ } \
+ } STMT_END
+
++#define SAFE_UTF8_EXPAND(var) \
++STMT_START { \
++ if ((var) > SSize_t_MAX / UTF8_EXPAND) \
++ Perl_croak(aTHX_ "%s", "Out of memory during pack()"); \
++ (var) = (var) * UTF8_EXPAND; \
++} STMT_END
++
++#define GROWING2(utf8, cat, start, cur, item_size, item_count) \
++STMT_START { \
++ if (SSize_t_MAX / (item_size) < (item_count)) \
++ Perl_croak(aTHX_ "%s", "Out of memory during pack()"); \
++ GROWING((utf8), (cat), (start), (cur), (item_size) * (item_count)); \
++} STMT_END
++
+ #define GROWING(utf8, cat, start, cur, in_len) \
+ STMT_START { \
+ STRLEN glen = (in_len); \
+- if (utf8) glen *= UTF8_EXPAND; \
+- if ((cur) + glen >= (start) + SvLEN(cat)) { \
++ STRLEN catcur = (STRLEN)((cur) - (start)); \
++ if (utf8) SAFE_UTF8_EXPAND(glen); \
++ if (SSize_t_MAX - glen < catcur) \
++ Perl_croak(aTHX_ "%s", "Out of memory during pack()"); \
++ if (catcur + glen >= SvLEN(cat)) { \
+ (start) = sv_exp_grow(cat, glen); \
+ (cur) = (start) + SvCUR(cat); \
+ } \
+@@ -372,7 +389,7 @@ STMT_START { \
+ STMT_START { \
+ const STRLEN glen = (in_len); \
+ STRLEN gl = glen; \
+- if (utf8) gl *= UTF8_EXPAND; \
++ if (utf8) SAFE_UTF8_EXPAND(gl); \
+ if ((cur) + gl >= (start) + SvLEN(cat)) { \
+ *cur = '\0'; \
+ SvCUR_set((cat), (cur) - (start)); \
+@@ -2126,7 +2143,7 @@ S_pack_rec(pTHX_ SV *cat, tempsym_t* sym
+ if (props && !(props & PACK_SIZE_UNPREDICTABLE)) {
+ /* We can process this letter. */
+ STRLEN size = props & PACK_SIZE_MASK;
+- GROWING(utf8, cat, start, cur, (STRLEN) len * size);
++ GROWING2(utf8, cat, start, cur, size, (STRLEN)len);
+ }
+ }
+
+diff --git a/t/op/pack.t b/t/op/pack.t
+index 664aaaf1b0..cf0e286509 100644
+--- a/t/op/pack.t
++++ b/t/op/pack.t
+@@ -12,7 +12,7 @@ my $no_endianness = $] > 5.009 ? '' :
+ my $no_signedness = $] > 5.009 ? '' :
+ "Signed/unsigned pack modifiers not available on this perl";
+
+-plan tests => 14712;
++plan tests => 14717;
+
+ use strict;
+ use warnings qw(FATAL all);
+@@ -2044,3 +2044,25 @@ ok(1, "argument underflow did not crash"
+ is(pack("H40", $up_nul), $twenty_nuls,
+ "check pack H zero fills (utf8 source)");
+ }
++
++SKIP:
++{
++ # [perl #131844] pointer addition overflow
++ $Config{ptrsize} == 4
++ or skip "[perl #131844] need 32-bit build for this test", 4;
++ # prevent ASAN just crashing on the allocation failure
++ local $ENV{ASAN_OPTIONS} = $ENV{ASAN_OPTIONS};
++ $ENV{ASAN_OPTIONS} .= ",allocator_may_return_null=1";
++ fresh_perl_like('pack "f999999999"', qr/Out of memory during pack/, { stderr => 1 },
++ "pointer addition overflow");
++
++ # integer (STRLEN) overflow from addition of glen to current length
++ fresh_perl_like('pack "c10f1073741823"', qr/Out of memory during pack/, { stderr => 1 },
++ "integer overflow calculating allocation (addition)");
++
++ fresh_perl_like('pack "W10f536870913", 256', qr/Out of memory during pack/, { stderr => 1 },
++ "integer overflow calculating allocation (utf8)");
++
++ fresh_perl_like('pack "c10f1073741824"', qr/Out of memory during pack/, { stderr => 1 },
++ "integer overflow calculating allocation (multiply)");
++}
+--
+2.15.1-424-g9478a660812
+
diff --git a/poky/meta/recipes-devtools/perl/perl_5.24.1.bb b/poky/meta/recipes-devtools/perl/perl_5.24.1.bb
index 91f310d..5fed896 100644
--- a/poky/meta/recipes-devtools/perl/perl_5.24.1.bb
+++ b/poky/meta/recipes-devtools/perl/perl_5.24.1.bb
@@ -66,6 +66,11 @@
file://perl-5.26.1-guard_old_libcrypt_fix.patch \
file://CVE-2017-12883.patch \
file://CVE-2017-12837.patch \
+ file://CVE-2018-6798-1.patch \
+ file://CVE-2018-6798-2.patch \
+ file://CVE-2018-6797.patch \
+ file://CVE-2018-6913.patch \
+ file://CVE-2018-12015.patch \
"
# Fix test case issues
diff --git a/poky/meta/recipes-devtools/python/python.inc b/poky/meta/recipes-devtools/python/python.inc
index 979b601..69542c9 100644
--- a/poky/meta/recipes-devtools/python/python.inc
+++ b/poky/meta/recipes-devtools/python/python.inc
@@ -7,7 +7,9 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=f741e51de91d4eeea5930b9c3c7fa69d"
-SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz"
+SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
+ file://CVE-2018-1000030-1.patch \
+ file://CVE-2018-1000030-2.patch"
SRC_URI[md5sum] = "1f6db41ad91d9eb0a6f0c769b8613c5b"
SRC_URI[sha256sum] = "71ffb26e09e78650e424929b2b457b9c912ac216576e6bd9e7d204ed03296a66"
diff --git a/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-1.patch b/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-1.patch
new file mode 100644
index 0000000..06ad4c6
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-1.patch
@@ -0,0 +1,138 @@
+From 6401e5671781eb217ee1afb4603cc0d1b0367ae6 Mon Sep 17 00:00:00 2001
+From: Serhiy Storchaka <storchaka@gmail.com>
+Date: Fri, 10 Nov 2017 12:58:55 +0200
+Subject: [PATCH] [2.7] bpo-31530: Stop crashes when iterating over a file on
+ multiple threads. (#3672)
+
+CVE: CVE-2018-1000030
+Upstream-Status: Backport [https://github.com/python/cpython/commit/6401e5671781eb217ee1afb4603cc0d1b0367ae6]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ Lib/test/test_file2k.py | 32 ++++++++++++++++++++++
+ .../2017-09-20-18-28-09.bpo-31530.CdLOM7.rst | 4 +++
+ Objects/fileobject.c | 19 +++++++++++--
+ 3 files changed, 52 insertions(+), 3 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst
+
+diff --git a/Lib/test/test_file2k.py b/Lib/test/test_file2k.py
+index e39ef7042e..d8966e034e 100644
+--- a/Lib/test/test_file2k.py
++++ b/Lib/test/test_file2k.py
+@@ -652,6 +652,38 @@ class FileThreadingTests(unittest.TestCase):
+ self.f.writelines('')
+ self._test_close_open_io(io_func)
+
++ def test_iteration_torture(self):
++ # bpo-31530: Crash when concurrently iterate over a file.
++ with open(self.filename, "wb") as fp:
++ for i in xrange(2**20):
++ fp.write(b"0"*50 + b"\n")
++ with open(self.filename, "rb") as f:
++ def iterate():
++ try:
++ for l in f:
++ pass
++ except IOError:
++ pass
++ self._run_workers(iterate, 10)
++
++ def test_iteration_seek(self):
++ # bpo-31530: Crash when concurrently seek and iterate over a file.
++ with open(self.filename, "wb") as fp:
++ for i in xrange(10000):
++ fp.write(b"0"*50 + b"\n")
++ with open(self.filename, "rb") as f:
++ it = iter([1] + [0]*10) # one thread reads, others seek
++ def iterate():
++ try:
++ if next(it):
++ for l in f:
++ pass
++ else:
++ for i in range(100):
++ f.seek(i*100, 0)
++ except IOError:
++ pass
++ self._run_workers(iterate, 10)
+
+ @unittest.skipUnless(os.name == 'posix', 'test requires a posix system.')
+ class TestFileSignalEINTR(unittest.TestCase):
+diff --git a/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst b/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst
+new file mode 100644
+index 0000000000..a6cb6c9e9b
+--- /dev/null
++++ b/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst
+@@ -0,0 +1,4 @@
++Fixed crashes when iterating over a file on multiple threads.
++seek() and next() methods of file objects now raise an exception during
++concurrent operation on the same file object.
++A lock can be used to prevent the error.
+diff --git a/Objects/fileobject.c b/Objects/fileobject.c
+index 7e07a5376f..2f63c374d1 100644
+--- a/Objects/fileobject.c
++++ b/Objects/fileobject.c
+@@ -430,7 +430,7 @@ close_the_file(PyFileObject *f)
+ if (f->ob_refcnt > 0) {
+ PyErr_SetString(PyExc_IOError,
+ "close() called during concurrent "
+- "operation on the same file object.");
++ "operation on the same file object");
+ } else {
+ /* This should not happen unless someone is
+ * carelessly playing with the PyFileObject
+@@ -438,7 +438,7 @@ close_the_file(PyFileObject *f)
+ * pointer. */
+ PyErr_SetString(PyExc_SystemError,
+ "PyFileObject locking error in "
+- "destructor (refcnt <= 0 at close).");
++ "destructor (refcnt <= 0 at close)");
+ }
+ return NULL;
+ }
+@@ -762,6 +762,12 @@ file_seek(PyFileObject *f, PyObject *args)
+
+ if (f->f_fp == NULL)
+ return err_closed();
++ if (f->unlocked_count > 0) {
++ PyErr_SetString(PyExc_IOError,
++ "seek() called during concurrent "
++ "operation on the same file object");
++ return NULL;
++ }
+ drop_readahead(f);
+ whence = 0;
+ if (!PyArg_ParseTuple(args, "O|i:seek", &offobj, &whence))
+@@ -2238,6 +2244,7 @@ readahead(PyFileObject *f, Py_ssize_t bufsize)
+ {
+ Py_ssize_t chunksize;
+
++ assert(f->unlocked_count == 0);
+ if (f->f_buf != NULL) {
+ if( (f->f_bufend - f->f_bufptr) >= 1)
+ return 0;
+@@ -2279,6 +2286,12 @@ readahead_get_line_skip(PyFileObject *f, Py_ssize_t skip, Py_ssize_t bufsize)
+ char *buf;
+ Py_ssize_t len;
+
++ if (f->unlocked_count > 0) {
++ PyErr_SetString(PyExc_IOError,
++ "next() called during concurrent "
++ "operation on the same file object");
++ return NULL;
++ }
+ if (f->f_buf == NULL)
+ if (readahead(f, bufsize) < 0)
+ return NULL;
+@@ -2692,7 +2705,7 @@ int PyObject_AsFileDescriptor(PyObject *o)
+ }
+ else {
+ PyErr_SetString(PyExc_TypeError,
+- "argument must be an int, or have a fileno() method.");
++ "argument must be an int, or have a fileno() method");
+ return -1;
+ }
+
+--
+2.13.3
+
diff --git a/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-2.patch b/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-2.patch
new file mode 100644
index 0000000..9b7713b
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-2.patch
@@ -0,0 +1,306 @@
+From dbf52e02f18dac6f5f0a64f78932f3dc6efc056b Mon Sep 17 00:00:00 2001
+From: Benjamin Peterson <benjamin@python.org>
+Date: Tue, 2 Jan 2018 09:25:41 -0800
+Subject: [PATCH] bpo-31530: fix crash when multiple threads iterate over a
+ file, round 2 (#5060)
+
+Multiple threads iterating over a file can corrupt the file's internal readahead
+buffer resulting in crashes. To fix this, cache buffer state thread-locally for
+the duration of a file_iternext call and only update the file's internal state
+after reading completes.
+
+No attempt is made to define or provide "reasonable" semantics for iterating
+over a file on multiple threads. (Non-crashing) races are still
+present. Duplicated, corrupt, and missing data will happen.
+
+This was originally fixed by 6401e5671781eb217ee1afb4603cc0d1b0367ae6, which
+raised an exception from seek() and next() when concurrent operations were
+detected. Alas, this simpler solution breaks legitimate use cases such as
+capturing the standard streams when multiple threads are logging.
+
+CVE: CVE-2018-1000030
+Upstream-Status: Backport [https://github.com/python/cpython/commit/dbf52e02f18dac6f5f0a64f78932f3dc6efc056b]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+
+---
+ Lib/test/test_file2k.py | 27 ++---
+ .../2017-09-20-18-28-09.bpo-31530.CdLOM7.rst | 3 -
+ Objects/fileobject.c | 118 ++++++++++++---------
+ 3 files changed, 78 insertions(+), 70 deletions(-)
+
+diff --git a/Lib/test/test_file2k.py b/Lib/test/test_file2k.py
+index d8966e034e..c73e8d8dc4 100644
+--- a/Lib/test/test_file2k.py
++++ b/Lib/test/test_file2k.py
+@@ -653,18 +653,15 @@ class FileThreadingTests(unittest.TestCase):
+ self._test_close_open_io(io_func)
+
+ def test_iteration_torture(self):
+- # bpo-31530: Crash when concurrently iterate over a file.
++ # bpo-31530
+ with open(self.filename, "wb") as fp:
+ for i in xrange(2**20):
+ fp.write(b"0"*50 + b"\n")
+ with open(self.filename, "rb") as f:
+- def iterate():
+- try:
+- for l in f:
+- pass
+- except IOError:
++ def it():
++ for l in f:
+ pass
+- self._run_workers(iterate, 10)
++ self._run_workers(it, 10)
+
+ def test_iteration_seek(self):
+ # bpo-31530: Crash when concurrently seek and iterate over a file.
+@@ -674,17 +671,15 @@ class FileThreadingTests(unittest.TestCase):
+ with open(self.filename, "rb") as f:
+ it = iter([1] + [0]*10) # one thread reads, others seek
+ def iterate():
+- try:
+- if next(it):
+- for l in f:
+- pass
+- else:
+- for i in range(100):
+- f.seek(i*100, 0)
+- except IOError:
+- pass
++ if next(it):
++ for l in f:
++ pass
++ else:
++ for i in xrange(100):
++ f.seek(i*100, 0)
+ self._run_workers(iterate, 10)
+
++
+ @unittest.skipUnless(os.name == 'posix', 'test requires a posix system.')
+ class TestFileSignalEINTR(unittest.TestCase):
+ def _test_reading(self, data_to_write, read_and_verify_code, method_name,
+diff --git a/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst b/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst
+index a6cb6c9e9b..beb09b5ae6 100644
+--- a/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst
++++ b/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst
+@@ -1,4 +1 @@
+ Fixed crashes when iterating over a file on multiple threads.
+-seek() and next() methods of file objects now raise an exception during
+-concurrent operation on the same file object.
+-A lock can be used to prevent the error.
+diff --git a/Objects/fileobject.c b/Objects/fileobject.c
+index 8d1c5812f0..270b28264a 100644
+--- a/Objects/fileobject.c
++++ b/Objects/fileobject.c
+@@ -609,7 +609,12 @@ err_iterbuffered(void)
+ return NULL;
+ }
+
+-static void drop_readahead(PyFileObject *);
++static void
++drop_file_readahead(PyFileObject *f)
++{
++ PyMem_FREE(f->f_buf);
++ f->f_buf = NULL;
++}
+
+ /* Methods */
+
+@@ -632,7 +637,7 @@ file_dealloc(PyFileObject *f)
+ Py_XDECREF(f->f_mode);
+ Py_XDECREF(f->f_encoding);
+ Py_XDECREF(f->f_errors);
+- drop_readahead(f);
++ drop_file_readahead(f);
+ Py_TYPE(f)->tp_free((PyObject *)f);
+ }
+
+@@ -767,13 +772,7 @@ file_seek(PyFileObject *f, PyObject *args)
+
+ if (f->f_fp == NULL)
+ return err_closed();
+- if (f->unlocked_count > 0) {
+- PyErr_SetString(PyExc_IOError,
+- "seek() called during concurrent "
+- "operation on the same file object");
+- return NULL;
+- }
+- drop_readahead(f);
++ drop_file_readahead(f);
+ whence = 0;
+ if (!PyArg_ParseTuple(args, "O|i:seek", &offobj, &whence))
+ return NULL;
+@@ -2242,12 +2241,16 @@ static PyGetSetDef file_getsetlist[] = {
+ {0},
+ };
+
++typedef struct {
++ char *buf, *bufptr, *bufend;
++} readaheadbuffer;
++
+ static void
+-drop_readahead(PyFileObject *f)
++drop_readaheadbuffer(readaheadbuffer *rab)
+ {
+- if (f->f_buf != NULL) {
+- PyMem_Free(f->f_buf);
+- f->f_buf = NULL;
++ if (rab->buf != NULL) {
++ PyMem_FREE(rab->buf);
++ rab->buf = NULL;
+ }
+ }
+
+@@ -2255,36 +2258,34 @@ drop_readahead(PyFileObject *f)
+ (unless at EOF) and no more than bufsize. Returns negative value on
+ error, will set MemoryError if bufsize bytes cannot be allocated. */
+ static int
+-readahead(PyFileObject *f, Py_ssize_t bufsize)
++readahead(PyFileObject *f, readaheadbuffer *rab, Py_ssize_t bufsize)
+ {
+ Py_ssize_t chunksize;
+
+- assert(f->unlocked_count == 0);
+- if (f->f_buf != NULL) {
+- if( (f->f_bufend - f->f_bufptr) >= 1)
++ if (rab->buf != NULL) {
++ if ((rab->bufend - rab->bufptr) >= 1)
+ return 0;
+ else
+- drop_readahead(f);
++ drop_readaheadbuffer(rab);
+ }
+- if ((f->f_buf = (char *)PyMem_Malloc(bufsize)) == NULL) {
++ if ((rab->buf = PyMem_MALLOC(bufsize)) == NULL) {
+ PyErr_NoMemory();
+ return -1;
+ }
+ FILE_BEGIN_ALLOW_THREADS(f)
+ errno = 0;
+- chunksize = Py_UniversalNewlineFread(
+- f->f_buf, bufsize, f->f_fp, (PyObject *)f);
++ chunksize = Py_UniversalNewlineFread(rab->buf, bufsize, f->f_fp, (PyObject *)f);
+ FILE_END_ALLOW_THREADS(f)
+ if (chunksize == 0) {
+ if (ferror(f->f_fp)) {
+ PyErr_SetFromErrno(PyExc_IOError);
+ clearerr(f->f_fp);
+- drop_readahead(f);
++ drop_readaheadbuffer(rab);
+ return -1;
+ }
+ }
+- f->f_bufptr = f->f_buf;
+- f->f_bufend = f->f_buf + chunksize;
++ rab->bufptr = rab->buf;
++ rab->bufend = rab->buf + chunksize;
+ return 0;
+ }
+
+@@ -2294,51 +2295,43 @@ readahead(PyFileObject *f, Py_ssize_t bufsize)
+ logarithmic buffer growth to about 50 even when reading a 1gb line. */
+
+ static PyStringObject *
+-readahead_get_line_skip(PyFileObject *f, Py_ssize_t skip, Py_ssize_t bufsize)
++readahead_get_line_skip(PyFileObject *f, readaheadbuffer *rab, Py_ssize_t skip, Py_ssize_t bufsize)
+ {
+ PyStringObject* s;
+ char *bufptr;
+ char *buf;
+ Py_ssize_t len;
+
+- if (f->unlocked_count > 0) {
+- PyErr_SetString(PyExc_IOError,
+- "next() called during concurrent "
+- "operation on the same file object");
+- return NULL;
+- }
+- if (f->f_buf == NULL)
+- if (readahead(f, bufsize) < 0)
++ if (rab->buf == NULL)
++ if (readahead(f, rab, bufsize) < 0)
+ return NULL;
+
+- len = f->f_bufend - f->f_bufptr;
++ len = rab->bufend - rab->bufptr;
+ if (len == 0)
+- return (PyStringObject *)
+- PyString_FromStringAndSize(NULL, skip);
+- bufptr = (char *)memchr(f->f_bufptr, '\n', len);
++ return (PyStringObject *)PyString_FromStringAndSize(NULL, skip);
++ bufptr = (char *)memchr(rab->bufptr, '\n', len);
+ if (bufptr != NULL) {
+ bufptr++; /* Count the '\n' */
+- len = bufptr - f->f_bufptr;
+- s = (PyStringObject *)
+- PyString_FromStringAndSize(NULL, skip + len);
++ len = bufptr - rab->bufptr;
++ s = (PyStringObject *)PyString_FromStringAndSize(NULL, skip + len);
+ if (s == NULL)
+ return NULL;
+- memcpy(PyString_AS_STRING(s) + skip, f->f_bufptr, len);
+- f->f_bufptr = bufptr;
+- if (bufptr == f->f_bufend)
+- drop_readahead(f);
++ memcpy(PyString_AS_STRING(s) + skip, rab->bufptr, len);
++ rab->bufptr = bufptr;
++ if (bufptr == rab->bufend)
++ drop_readaheadbuffer(rab);
+ } else {
+- bufptr = f->f_bufptr;
+- buf = f->f_buf;
+- f->f_buf = NULL; /* Force new readahead buffer */
++ bufptr = rab->bufptr;
++ buf = rab->buf;
++ rab->buf = NULL; /* Force new readahead buffer */
+ assert(len <= PY_SSIZE_T_MAX - skip);
+- s = readahead_get_line_skip(f, skip + len, bufsize + (bufsize>>2));
++ s = readahead_get_line_skip(f, rab, skip + len, bufsize + (bufsize>>2));
+ if (s == NULL) {
+- PyMem_Free(buf);
++ PyMem_FREE(buf);
+ return NULL;
+ }
+ memcpy(PyString_AS_STRING(s) + skip, bufptr, len);
+- PyMem_Free(buf);
++ PyMem_FREE(buf);
+ }
+ return s;
+ }
+@@ -2356,7 +2349,30 @@ file_iternext(PyFileObject *f)
+ if (!f->readable)
+ return err_mode("reading");
+
+- l = readahead_get_line_skip(f, 0, READAHEAD_BUFSIZE);
++ {
++ /*
++ Multiple threads can enter this method while the GIL is released
++ during file read and wreak havoc on the file object's readahead
++ buffer. To avoid dealing with cross-thread coordination issues, we
++ cache the file buffer state locally and only set it back on the file
++ object when we're done.
++ */
++ readaheadbuffer rab = {f->f_buf, f->f_bufptr, f->f_bufend};
++ f->f_buf = NULL;
++ l = readahead_get_line_skip(f, &rab, 0, READAHEAD_BUFSIZE);
++ /*
++ Make sure the file's internal read buffer is cleared out. This will
++ only do anything if some other thread interleaved with us during
++ readahead. We want to drop any changeling buffer, so we don't leak
++ memory. We may lose data, but that's what you get for reading the same
++ file object in multiple threads.
++ */
++ drop_file_readahead(f);
++ f->f_buf = rab.buf;
++ f->f_bufptr = rab.bufptr;
++ f->f_bufend = rab.bufend;
++ }
++
+ if (l == NULL || PyString_GET_SIZE(l) == 0) {
+ Py_XDECREF(l);
+ return NULL;
+--
+2.13.3
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-12617.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-12617.patch
new file mode 100644
index 0000000..c89f189
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-12617.patch
@@ -0,0 +1,53 @@
+From 141b197408ab398c4f474ac1a728ab316e921f2b Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Wed, 13 Jun 2018 11:46:57 +0530
+Subject: [PATCH] qga: check bytes count read by guest-file-read
+
+While reading file content via 'guest-file-read' command,
+'qmp_guest_file_read' routine allocates buffer of count+1
+bytes. It could overflow for large values of 'count'.
+Add check to avoid it.
+
+Reported-by: Fakhri Zulkifli <mohdfakhrizulkifli@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
+
+CVE: CVE-2018-12617
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commitdiff;h=141b197408ab398c4f474ac1a728ab316e921f2b]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ qga/commands-posix.c | 2 +-
+ qga/commands-win32.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/qga/commands-posix.c b/qga/commands-posix.c
+index 594d21ef3e..9284e71666 100644
+--- a/qga/commands-posix.c
++++ b/qga/commands-posix.c
+@@ -458,7 +458,7 @@ struct GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count,
+
+ if (!has_count) {
+ count = QGA_READ_COUNT_DEFAULT;
+- } else if (count < 0) {
++ } else if (count < 0 || count >= UINT32_MAX) {
+ error_setg(errp, "value '%" PRId64 "' is invalid for argument count",
+ count);
+ return NULL;
+diff --git a/qga/commands-win32.c b/qga/commands-win32.c
+index 70ee5379f6..73f31fa8c2 100644
+--- a/qga/commands-win32.c
++++ b/qga/commands-win32.c
+@@ -318,7 +318,7 @@ GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count,
+ }
+ if (!has_count) {
+ count = QGA_READ_COUNT_DEFAULT;
+- } else if (count < 0) {
++ } else if (count < 0 || count >= UINT32_MAX) {
+ error_setg(errp, "value '%" PRId64
+ "' is invalid for argument count", count);
+ return NULL;
+--
+2.13.3
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-7550.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-7550.patch
new file mode 100644
index 0000000..9923d12
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-7550.patch
@@ -0,0 +1,62 @@
+From 2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8 Mon Sep 17 00:00:00 2001
+From: Jack Schwartz <jack.schwartz@oracle.com>
+Date: Thu, 21 Dec 2017 09:25:15 -0800
+Subject: [PATCH] multiboot: bss_end_addr can be zero
+
+The multiboot spec (https://www.gnu.org/software/grub/manual/multiboot/),
+section 3.1.3, allows for bss_end_addr to be zero.
+
+A zero bss_end_addr signifies there is no .bss section.
+
+CVE: CVE-2018-7550
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8]
+
+Suggested-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Jack Schwartz <jack.schwartz@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ hw/i386/multiboot.c | 18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
+index 46d9c68bf5..bb8d8e4629 100644
+--- a/hw/i386/multiboot.c
++++ b/hw/i386/multiboot.c
+@@ -233,12 +233,6 @@ int load_multiboot(FWCfgState *fw_cfg,
+ mh_entry_addr = ldl_p(header+i+28);
+
+ if (mh_load_end_addr) {
+- if (mh_bss_end_addr < mh_load_addr) {
+- fprintf(stderr, "invalid mh_bss_end_addr address\n");
+- exit(1);
+- }
+- mb_kernel_size = mh_bss_end_addr - mh_load_addr;
+-
+ if (mh_load_end_addr < mh_load_addr) {
+ fprintf(stderr, "invalid mh_load_end_addr address\n");
+ exit(1);
+@@ -249,8 +243,16 @@ int load_multiboot(FWCfgState *fw_cfg,
+ fprintf(stderr, "invalid kernel_file_size\n");
+ exit(1);
+ }
+- mb_kernel_size = kernel_file_size - mb_kernel_text_offset;
+- mb_load_size = mb_kernel_size;
++ mb_load_size = kernel_file_size - mb_kernel_text_offset;
++ }
++ if (mh_bss_end_addr) {
++ if (mh_bss_end_addr < (mh_load_addr + mb_load_size)) {
++ fprintf(stderr, "invalid mh_bss_end_addr address\n");
++ exit(1);
++ }
++ mb_kernel_size = mh_bss_end_addr - mh_load_addr;
++ } else {
++ mb_kernel_size = mb_load_size;
+ }
+
+ /* Valid if mh_flags sets MULTIBOOT_HEADER_HAS_VBE.
+--
+2.13.3
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb b/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb
index 7de21ac..a447dc7 100644
--- a/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb
+++ b/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb
@@ -24,6 +24,8 @@
file://0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch \
file://0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch \
file://0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch \
+ file://CVE-2018-7550.patch \
+ file://CVE-2018-12617.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+\..*)\.tar"
diff --git a/poky/meta/recipes-devtools/swig/swig.inc b/poky/meta/recipes-devtools/swig/swig.inc
index bf61b02..aec5449 100644
--- a/poky/meta/recipes-devtools/swig/swig.inc
+++ b/poky/meta/recipes-devtools/swig/swig.inc
@@ -7,7 +7,7 @@
SECTION = "devel"
-DEPENDS = "libpcre python3"
+DEPENDS = "libpcre"
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz"
diff --git a/poky/meta/recipes-extended/bzip2/bzip2_1.0.6.bb b/poky/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
index de668d6..acbf80a 100644
--- a/poky/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
+++ b/poky/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
@@ -2,13 +2,13 @@
DESCRIPTION = "bzip2 compresses files using the Burrows-Wheeler block-sorting text compression algorithm, and \
Huffman coding. Compression is generally considerably better than that achieved by more conventional \
LZ77/LZ78-based compressors, and approaches the performance of the PPM family of statistical compressors."
-HOMEPAGE = "http://www.bzip.org/"
+HOMEPAGE = "https://sourceware.org/bzip2/"
SECTION = "console/utils"
LICENSE = "bzip2"
LIC_FILES_CHKSUM = "file://LICENSE;beginline=8;endline=37;md5=40d9d1eb05736d1bfc86cfdd9106e6b2"
PR = "r5"
-SRC_URI = "http://www.bzip.org/${PV}/${BP}.tar.gz \
+SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/${BP}.tar.gz \
file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \
file://configure.ac;subdir=${BP} \
file://Makefile.am;subdir=${BP} \
@@ -19,7 +19,7 @@
SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b"
SRC_URI[sha256sum] = "a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd"
-UPSTREAM_CHECK_URI = "http://www.bzip.org/downloads.html"
+UPSTREAM_CHECK_URI = "https://www.sourceware.org/bzip2/"
PACKAGES =+ "libbz2"
diff --git a/poky/meta/recipes-extended/libarchive/libarchive/CVE-2017-14503.patch b/poky/meta/recipes-extended/libarchive/libarchive/CVE-2017-14503.patch
new file mode 100644
index 0000000..42fa68c
--- /dev/null
+++ b/poky/meta/recipes-extended/libarchive/libarchive/CVE-2017-14503.patch
@@ -0,0 +1,33 @@
+From 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Mon Sep 17 00:00:00 2001
+From: Joerg Sonnenberger <joerg@bec.de>
+Date: Thu, 19 Jul 2018 21:14:53 +0200
+Subject: [PATCH] Reject LHA archive entries with negative size.
+
+CVE: CVE-2017-14503
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/2c8c83b9731ff822fad6cc8c670ea5519c366a14]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ libarchive/archive_read_support_format_lha.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
+index b8ef4ae1..95c99bb1 100644
+--- a/libarchive/archive_read_support_format_lha.c
++++ b/libarchive/archive_read_support_format_lha.c
+@@ -701,6 +701,12 @@ archive_read_format_lha_read_header(struct archive_read *a,
+ * Prepare variables used to read a file content.
+ */
+ lha->entry_bytes_remaining = lha->compsize;
++ if (lha->entry_bytes_remaining < 0) {
++ archive_set_error(&a->archive,
++ ARCHIVE_ERRNO_FILE_FORMAT,
++ "Invalid LHa entry size");
++ return (ARCHIVE_FATAL);
++ }
+ lha->entry_offset = 0;
+ lha->entry_crc_calculated = 0;
+
+--
+2.13.3
+
diff --git a/poky/meta/recipes-extended/libarchive/libarchive_3.3.2.bb b/poky/meta/recipes-extended/libarchive/libarchive_3.3.2.bb
index 5daca27..3269716 100644
--- a/poky/meta/recipes-extended/libarchive/libarchive_3.3.2.bb
+++ b/poky/meta/recipes-extended/libarchive/libarchive_3.3.2.bb
@@ -36,6 +36,7 @@
file://CVE-2017-14166.patch \
file://CVE-2017-14502.patch \
file://non-recursive-extract-and-list.patch \
+ file://CVE-2017-14503.patch \
"
SRC_URI[md5sum] = "4583bd6b2ebf7e0e8963d90879eb1b27"
diff --git a/poky/meta/recipes-extended/procps/procps/CVE-2018-1124.patch b/poky/meta/recipes-extended/procps/procps/CVE-2018-1124.patch
new file mode 100644
index 0000000..bc78faf
--- /dev/null
+++ b/poky/meta/recipes-extended/procps/procps/CVE-2018-1124.patch
@@ -0,0 +1,176 @@
+From bdd058a0e676d2f013027fcfb2b344c313112a50 Mon Sep 17 00:00:00 2001
+From: Qualys Security Advisory <qsa@qualys.com>
+Date: Thu, 1 Jan 1970 00:00:00 +0000
+Subject: [PATCH 074/126] proc/readproc.c: Fix bugs and overflows in
+ file2strvec().
+
+Note: this is by far the most important and complex patch of the whole
+series, please review it carefully; thank you very much!
+
+For this patch, we decided to keep the original function's design and
+skeleton, to avoid regressions and behavior changes, while fixing the
+various bugs and overflows. And like the "Harden file2str()" patch, this
+patch does not fail when about to overflow, but truncates instead: there
+is information available about this process, so return it to the caller;
+also, we used INT_MAX as a limit, but a lower limit could be used.
+
+The easy changes:
+
+- Replace sprintf() with snprintf() (and check for truncation).
+
+- Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and
+ do break instead of return: it simplifies the code (only one place to
+ handle errors), and also guarantees that in the while loop either n or
+ tot is > 0 (or both), even if n is reset to 0 when about to overflow.
+
+- Remove the "if (n < 0)" block in the while loop: it is (and was) dead
+ code, since we enter the while loop only if n >= 0.
+
+- Rewrite the missing-null-terminator detection: in the original
+ function, if the size of the file is a multiple of 2047, a null-
+ terminator is appended even if the file is already null-terminated.
+
+- Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)":
+ originally, it was equivalent to "if (n < 0)", but we added "tot <= 0"
+ to handle the first break of the while loop, and to guarantee that in
+ the rest of the function tot is > 0.
+
+- Double-force ("belt and suspenders") the null-termination of rbuf:
+ this is (and was) essential to the correctness of the function.
+
+- Replace the final "while" loop with a "for" loop that behaves just
+ like the preceding "for" loop: in the original function, this would
+ lead to unexpected results (for example, if rbuf is |\0|A|\0|, this
+ would return the array {"",NULL} but should return {"","A",NULL}; and
+ if rbuf is |A|\0|B| (should never happen because rbuf should be null-
+ terminated), this would make room for two pointers in ret, but would
+ write three pointers to ret).
+
+The hard changes:
+
+- Prevent the integer overflow of tot in the while loop, but unlike
+ file2str(), file2strvec() cannot let tot grow until it almost reaches
+ INT_MAX, because it needs more space for the pointers: this is why we
+ introduced ARG_LEN, which also guarantees that we can add "align" and
+ a few sizeof(char*)s to tot without overflowing.
+
+- Prevent the integer overflow of "tot + c + align": when INT_MAX is
+ (almost) reached, we write the maximal safe amount of pointers to ret
+ (ARG_LEN guarantees that there is always space for *ret = rbuf and the
+ NULL terminator).
+[carnil: backport for 3.3.9: Add include for limits.h and use of MAX_INT]
+
+CVE: CVE-2018-1124
+Upstream-Status: Backport [https://gitlab.com/procps-ng/procps/commit/36c350f07c75aabf747fb833f52a234ae5781b20]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ proc/readproc.c | 53 ++++++++++++++++++++++++++++++++---------------------
+ 1 file changed, 32 insertions(+), 21 deletions(-)
+
+diff -Naurp procps-ng-3.3.12_org/proc/readproc.c procps-ng-3.3.12/proc/readproc.c
+--- procps-ng-3.3.12_org/proc/readproc.c 2016-07-09 14:49:25.825306872 -0700
++++ procps-ng-3.3.12/proc/readproc.c 2018-07-24 00:46:49.366202531 -0700
+@@ -37,6 +37,7 @@
+ #include <dirent.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <limits.h>
+ #ifdef WITH_SYSTEMD
+ #include <systemd/sd-login.h>
+ #endif
+--- a/proc/readproc.c
++++ b/proc/readproc.c
+@@ -600,11 +601,12 @@ static int file2str(const char *director
+
+ static char** file2strvec(const char* directory, const char* what) {
+ char buf[2048]; /* read buf bytes at a time */
+- char *p, *rbuf = 0, *endbuf, **q, **ret;
++ char *p, *rbuf = 0, *endbuf, **q, **ret, *strp;
+ int fd, tot = 0, n, c, end_of_file = 0;
+ int align;
+
+- sprintf(buf, "%s/%s", directory, what);
++ const int len = snprintf(buf, sizeof buf, "%s/%s", directory, what);
++ if(len <= 0 || (size_t)len >= sizeof buf) return NULL;
+ fd = open(buf, O_RDONLY, 0);
+ if(fd==-1) return NULL;
+
+@@ -612,18 +614,23 @@ static char** file2strvec(const char* di
+ while ((n = read(fd, buf, sizeof buf - 1)) >= 0) {
+ if (n < (int)(sizeof buf - 1))
+ end_of_file = 1;
+- if (n == 0 && rbuf == 0) {
+- close(fd);
+- return NULL; /* process died between our open and read */
++ if (n <= 0 && tot <= 0) { /* nothing read now, nothing read before */
++ break; /* process died between our open and read */
+ }
+- if (n < 0) {
+- if (rbuf)
+- free(rbuf);
+- close(fd);
+- return NULL; /* read error */
++ /* ARG_LEN is our guesstimated median length of a command-line argument
++ or environment variable (the minimum is 1, the maximum is 131072) */
++ #define ARG_LEN 64
++ if (tot >= INT_MAX / (ARG_LEN + (int)sizeof(char*)) * ARG_LEN - n) {
++ end_of_file = 1; /* integer overflow: null-terminate and break */
++ n = 0; /* but tot > 0 */
+ }
+- if (end_of_file && (n == 0 || buf[n-1]))/* last read char not null */
++ #undef ARG_LEN
++ if (end_of_file &&
++ ((n > 0 && buf[n-1] != '\0') || /* last read char not null */
++ (n <= 0 && rbuf[tot-1] != '\0'))) /* last read char not null */
+ buf[n++] = '\0'; /* so append null-terminator */
++
++ if (n <= 0) break; /* unneeded (end_of_file = 1) but avoid realloc */
+ rbuf = xrealloc(rbuf, tot + n); /* allocate more memory */
+ memcpy(rbuf + tot, buf, n); /* copy buffer into it */
+ tot += n; /* increment total byte ctr */
+@@ -631,29 +638,34 @@ static char** file2strvec(const char* di
+ break;
+ }
+ close(fd);
+- if (n <= 0 && !end_of_file) {
++ if (n < 0 || tot <= 0) { /* error, or nothing read */
+ if (rbuf) free(rbuf);
+ return NULL; /* read error */
+ }
++ rbuf[tot-1] = '\0'; /* belt and suspenders (the while loop did it, too) */
+ endbuf = rbuf + tot; /* count space for pointers */
+ align = (sizeof(char*)-1) - ((tot + sizeof(char*)-1) & (sizeof(char*)-1));
+- for (c = 0, p = rbuf; p < endbuf; p++) {
+- if (!*p || *p == '\n')
++ c = sizeof(char*); /* one extra for NULL term */
++ for (p = rbuf; p < endbuf; p++) {
++ if (!*p || *p == '\n') {
++ if (c >= INT_MAX - (tot + (int)sizeof(char*) + align)) break;
+ c += sizeof(char*);
++ }
+ if (*p == '\n')
+ *p = 0;
+ }
+- c += sizeof(char*); /* one extra for NULL term */
+
+ rbuf = xrealloc(rbuf, tot + c + align); /* make room for ptrs AT END */
+ endbuf = rbuf + tot; /* addr just past data buf */
+ q = ret = (char**) (endbuf+align); /* ==> free(*ret) to dealloc */
+- *q++ = p = rbuf; /* point ptrs to the strings */
+- endbuf--; /* do not traverse final NUL */
+- while (++p < endbuf)
+- if (!*p) /* NUL char implies that */
+- *q++ = p+1; /* next string -> next char */
+-
++ for (strp = p = rbuf; p < endbuf; p++) {
++ if (!*p) { /* NUL char implies that */
++ if (c < 2 * (int)sizeof(char*)) break;
++ c -= sizeof(char*);
++ *q++ = strp; /* point ptrs to the strings */
++ strp = p+1; /* next string -> next char */
++ }
++ }
+ *q = 0; /* null ptr list terminator */
+ return ret;
+ }
diff --git a/poky/meta/recipes-extended/procps/procps_3.3.12.bb b/poky/meta/recipes-extended/procps/procps_3.3.12.bb
index ecf215f..6e15b0a 100644
--- a/poky/meta/recipes-extended/procps/procps_3.3.12.bb
+++ b/poky/meta/recipes-extended/procps/procps_3.3.12.bb
@@ -14,6 +14,7 @@
SRC_URI = "http://downloads.sourceforge.net/project/procps-ng/Production/procps-ng-${PV}.tar.xz \
file://sysctl.conf \
+ file://CVE-2018-1124.patch \
"
SRC_URI[md5sum] = "957e42e8b193490b2111252e4a2b443c"
diff --git a/poky/meta/recipes-extended/shadow/files/CVE-2018-7169.patch b/poky/meta/recipes-extended/shadow/files/CVE-2018-7169.patch
new file mode 100644
index 0000000..36887d4
--- /dev/null
+++ b/poky/meta/recipes-extended/shadow/files/CVE-2018-7169.patch
@@ -0,0 +1,186 @@
+From fb28c99b8a66ff2605c5cb96abc0a4d975f92de0 Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai <asarai@suse.de>
+Date: Thu, 15 Feb 2018 23:49:40 +1100
+Subject: [PATCH] newgidmap: enforce setgroups=deny if self-mapping a group
+
+This is necessary to match the kernel-side policy of "self-mapping in a
+user namespace is fine, but you cannot drop groups" -- a policy that was
+created in order to stop user namespaces from allowing trivial privilege
+escalation by dropping supplementary groups that were "blacklisted" from
+certain paths.
+
+This is the simplest fix for the underlying issue, and effectively makes
+it so that unless a user has a valid mapping set in /etc/subgid (which
+only administrators can modify) -- and they are currently trying to use
+that mapping -- then /proc/$pid/setgroups will be set to deny. This
+workaround is only partial, because ideally it should be possible to set
+an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow
+administrators to further restrict newgidmap(1).
+
+We also don't write anything in the "allow" case because "allow" is the
+default, and users may have already written "deny" even if they
+technically are allowed to use setgroups. And we don't write anything if
+the setgroups policy is already "deny".
+
+Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
+Fixes: CVE-2018-7169
+
+Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/fb28c99b8a66ff2605c5cb96abc0a4d975f92de0]
+Reported-by: Craig Furman <craig.furman89@gmail.com>
+Signed-off-by: Aleksa Sarai <asarai@suse.de>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ src/newgidmap.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++------
+ 1 file changed, 80 insertions(+), 9 deletions(-)
+
+diff --git a/src/newgidmap.c b/src/newgidmap.c
+index b1e33513..59a2e75c 100644
+--- a/src/newgidmap.c
++++ b/src/newgidmap.c
+@@ -46,32 +46,37 @@
+ */
+ const char *Prog;
+
+-static bool verify_range(struct passwd *pw, struct map_range *range)
++
++static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups)
+ {
+ /* An empty range is invalid */
+ if (range->count == 0)
+ return false;
+
+- /* Test /etc/subgid */
+- if (have_sub_gids(pw->pw_name, range->lower, range->count))
++ /* Test /etc/subgid. If the mapping is valid then we allow setgroups. */
++ if (have_sub_gids(pw->pw_name, range->lower, range->count)) {
++ *allow_setgroups = true;
+ return true;
++ }
+
+- /* Allow a process to map it's own gid */
+- if ((range->count == 1) && (pw->pw_gid == range->lower))
++ /* Allow a process to map its own gid. */
++ if ((range->count == 1) && (pw->pw_gid == range->lower)) {
++ /* noop -- if setgroups is enabled already we won't disable it. */
+ return true;
++ }
+
+ return false;
+ }
+
+ static void verify_ranges(struct passwd *pw, int ranges,
+- struct map_range *mappings)
++ struct map_range *mappings, bool *allow_setgroups)
+ {
+ struct map_range *mapping;
+ int idx;
+
+ mapping = mappings;
+ for (idx = 0; idx < ranges; idx++, mapping++) {
+- if (!verify_range(pw, mapping)) {
++ if (!verify_range(pw, mapping, allow_setgroups)) {
+ fprintf(stderr, _( "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"),
+ Prog,
+ mapping->upper,
+@@ -89,6 +94,70 @@ static void usage(void)
+ exit(EXIT_FAILURE);
+ }
+
++void write_setgroups(int proc_dir_fd, bool allow_setgroups)
++{
++ int setgroups_fd;
++ char *policy, policy_buffer[4096];
++
++ /*
++ * Default is "deny", and any "allow" will out-rank a "deny". We don't
++ * forcefully write an "allow" here because the process we are writing
++ * mappings for may have already set themselves to "deny" (and "allow"
++ * is the default anyway). So allow_setgroups == true is a noop.
++ */
++ policy = "deny\n";
++ if (allow_setgroups)
++ return;
++
++ setgroups_fd = openat(proc_dir_fd, "setgroups", O_RDWR|O_CLOEXEC);
++ if (setgroups_fd < 0) {
++ /*
++ * If it's an ENOENT then we are on too old a kernel for the setgroups
++ * code to exist. Emit a warning and bail on this.
++ */
++ if (ENOENT == errno) {
++ fprintf(stderr, _("%s: kernel doesn't support setgroups restrictions\n"), Prog);
++ goto out;
++ }
++ fprintf(stderr, _("%s: couldn't open process setgroups: %s\n"),
++ Prog,
++ strerror(errno));
++ exit(EXIT_FAILURE);
++ }
++
++ /*
++ * Check whether the policy is already what we want. /proc/self/setgroups
++ * is write-once, so attempting to write after it's already written to will
++ * fail.
++ */
++ if (read(setgroups_fd, policy_buffer, sizeof(policy_buffer)) < 0) {
++ fprintf(stderr, _("%s: failed to read setgroups: %s\n"),
++ Prog,
++ strerror(errno));
++ exit(EXIT_FAILURE);
++ }
++ if (!strncmp(policy_buffer, policy, strlen(policy)))
++ goto out;
++
++ /* Write the policy. */
++ if (lseek(setgroups_fd, 0, SEEK_SET) < 0) {
++ fprintf(stderr, _("%s: failed to seek setgroups: %s\n"),
++ Prog,
++ strerror(errno));
++ exit(EXIT_FAILURE);
++ }
++ if (dprintf(setgroups_fd, "%s", policy) < 0) {
++ fprintf(stderr, _("%s: failed to setgroups %s policy: %s\n"),
++ Prog,
++ policy,
++ strerror(errno));
++ exit(EXIT_FAILURE);
++ }
++
++out:
++ close(setgroups_fd);
++}
++
+ /*
+ * newgidmap - Set the gid_map for the specified process
+ */
+@@ -103,6 +172,7 @@ int main(int argc, char **argv)
+ struct stat st;
+ struct passwd *pw;
+ int written;
++ bool allow_setgroups = false;
+
+ Prog = Basename (argv[0]);
+
+@@ -145,7 +215,7 @@ int main(int argc, char **argv)
+ (unsigned long) getuid ()));
+ return EXIT_FAILURE;
+ }
+-
++
+ /* Get the effective uid and effective gid of the target process */
+ if (fstat(proc_dir_fd, &st) < 0) {
+ fprintf(stderr, _("%s: Could not stat directory for target %u\n"),
+@@ -177,8 +247,9 @@ int main(int argc, char **argv)
+ if (!mappings)
+ usage();
+
+- verify_ranges(pw, ranges, mappings);
++ verify_ranges(pw, ranges, mappings, &allow_setgroups);
+
++ write_setgroups(proc_dir_fd, allow_setgroups);
+ write_mapping(proc_dir_fd, ranges, mappings, "gid_map");
+ sub_gid_close();
+
+--
+2.13.3
+
diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc
index 6efe4a9..9691c38 100644
--- a/poky/meta/recipes-extended/shadow/shadow.inc
+++ b/poky/meta/recipes-extended/shadow/shadow.inc
@@ -20,6 +20,7 @@
file://0001-shadow-CVE-2017-12424 \
file://CVE-2017-2616.patch \
${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
+ file://CVE-2018-7169.patch \
"
SRC_URI_append_class-target = " \
diff --git a/poky/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch b/poky/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch
new file mode 100644
index 0000000..37289d1
--- /dev/null
+++ b/poky/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch
@@ -0,0 +1,48 @@
+From 349f566e6e757458843fa164a0f0584280e1501e Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 15 Aug 2018 16:20:53 +0800
+Subject: [PATCH] unzip: fix CVE-2018-1000035
+
+Upstream-Status: Backport
+
+CVE: CVE-2018-1000035
+
+backport from unzip6.10c23
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ fileio.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/fileio.c b/fileio.c
+index 36bfea3..7605a29 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -1582,6 +1582,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
+ int r = IZ_PW_ENTERED;
+ char *m;
+ char *prompt;
++ char *ep;
++ char *zp;
+
+ #ifndef REENTRANT
+ /* tell picky compilers to shut up about "unused variable" warnings */
+@@ -1590,9 +1592,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
+
+ if (*rcnt == 0) { /* First call for current entry */
+ *rcnt = 2;
+- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
+- sprintf(prompt, LoadFarString(PasswPrompt),
+- FnFilter1(zfn), FnFilter2(efn));
++ zp = FnFilter1( zfn);
++ ep = FnFilter2( efn);
++ prompt = (char *)malloc( /* Slightly too long (2* "%s"). */
++ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep));
++ if (prompt != (char *)NULL) {
++ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep);
+ m = prompt;
+ } else
+ m = (char *)LoadFarString(PasswPrompt2);
+--
+2.7.4
+
diff --git a/poky/meta/recipes-extended/unzip/unzip/symlink.patch b/poky/meta/recipes-extended/unzip/unzip/symlink.patch
new file mode 100644
index 0000000..a38f6f1
--- /dev/null
+++ b/poky/meta/recipes-extended/unzip/unzip/symlink.patch
@@ -0,0 +1,26 @@
+Unzip doesn't handle large zip files well and crashes:
+
+"This only happens if you have more then 16k entries and when one of
+the 16k entry infos is reused it happend to be previously used for
+a symlink entry."
+
+This patch is taken from Fedora (https://bugzilla.redhat.com/show_bug.cgi?id=972427)
+
+Upstream-Status: Pending (upstream is dead)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+--- unzip60/process.c.sav 2013-06-09 12:08:57.070392264 +0200
++++ unzip60/process.c 2013-06-09 12:10:08.641696988 +0200
+@@ -1751,6 +1751,12 @@
+ = (G.crec.general_purpose_bit_flag & (1 << 11)) == (1 << 11);
+ #endif
+
++#ifdef SYMLINKS
++ /* Initialize the symlink flag, may be set by the platform-specific
++ mapattr function. */
++ G.pInfo->symlink = 0;
++#endif
++
+ return PK_COOL;
+
+ } /* end function process_cdir_file_hdr() */
diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
index 105d048..a47491e 100644
--- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -19,6 +19,8 @@
file://fix-security-format.patch \
file://18-cve-2014-9913-unzip-buffer-overflow.patch \
file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \
+ file://symlink.patch \
+ file://0001-unzip-fix-CVE-2018-1000035.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
diff --git a/poky/meta/recipes-multimedia/alsa/alsa-lib_1.1.5.bb b/poky/meta/recipes-multimedia/alsa/alsa-lib_1.1.5.bb
index c5bf107..0f1e2db 100644
--- a/poky/meta/recipes-multimedia/alsa/alsa-lib_1.1.5.bb
+++ b/poky/meta/recipes-multimedia/alsa/alsa-lib_1.1.5.bb
@@ -19,18 +19,17 @@
EXTRA_OECONF += "--disable-python"
-PACKAGES =+ "alsa-server libasound alsa-conf alsa-doc"
-FILES_libasound = "${libdir}/libasound.so.*"
+PACKAGES =+ "alsa-server alsa-conf alsa-doc"
FILES_alsa-server = "${bindir}/*"
FILES_alsa-conf = "${datadir}/alsa/"
-RDEPENDS_libasound = "alsa-conf"
-
-# alsa-lib gets automatically added to alsa-lib-dev dependencies, but the
-# alsa-lib package doesn't exist. libasound is the real library package.
-RDEPENDS_${PN}-dev = "libasound"
+RDEPENDS_${PN}_class-target = "alsa-conf"
# upgrade path
+RPROVIDES_${PN} = "libasound"
+RREPLACES_${PN} = "libasound"
+RCONFLICTS_${PN} = "libasound"
+
RPROVIDES_${PN}-dev = "alsa-dev"
RREPLACES_${PN}-dev = "alsa-dev"
RCONFLICTS_${PN}-dev = "alsa-dev"
diff --git a/poky/meta/recipes-multimedia/flac/files/CVE-2017-6888.patch b/poky/meta/recipes-multimedia/flac/files/CVE-2017-6888.patch
new file mode 100644
index 0000000..389ab96
--- /dev/null
+++ b/poky/meta/recipes-multimedia/flac/files/CVE-2017-6888.patch
@@ -0,0 +1,31 @@
+From 4f47b63e9c971e6391590caf00a0f2a5ed612e67 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Sat, 8 Apr 2017 18:34:49 +1000
+Subject: [PATCH] stream_decoder.c: Fix a memory leak
+
+Leak reported by Secunia Research.
+CVE: CVE-2017-6888
+Upstream-Status: Backport [https://git.xiph.org/?p=flac.git;a=commitdiff;h=4f47b63e9c971e6391590caf00a0f2a5ed612e67]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ src/libFLAC/stream_decoder.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
+index 14d5fe7f..a5527511 100644
+--- a/src/libFLAC/stream_decoder.c
++++ b/src/libFLAC/stream_decoder.c
+@@ -1753,6 +1753,9 @@ FLAC__bool read_metadata_vorbiscomment_(FLAC__StreamDecoder *decoder, FLAC__Stre
+ }
+ memset (obj->comments[i].entry, 0, obj->comments[i].length) ;
+ if (!FLAC__bitreader_read_byte_block_aligned_no_crc(decoder->private_->input, obj->comments[i].entry, obj->comments[i].length)) {
++ /* Current i-th entry is bad, so we delete it. */
++ free (obj->comments[i].entry) ;
++ obj->comments[i].entry = NULL ;
+ obj->num_comments = i;
+ goto skip;
+ }
+--
+2.13.3
+
diff --git a/poky/meta/recipes-multimedia/flac/flac_1.3.2.bb b/poky/meta/recipes-multimedia/flac/flac_1.3.2.bb
index 8315ab5..028a429 100644
--- a/poky/meta/recipes-multimedia/flac/flac_1.3.2.bb
+++ b/poky/meta/recipes-multimedia/flac/flac_1.3.2.bb
@@ -14,7 +14,8 @@
file://include/FLAC/all.h;beginline=65;endline=70;md5=64474f2b22e9e77b28d8b8b25c983a48"
DEPENDS = "libogg"
-SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz"
+SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz \
+ file://CVE-2017-6888.patch"
SRC_URI[md5sum] = "454f1bfa3f93cc708098d7890d0499bd"
SRC_URI[sha256sum] = "91cfc3ed61dc40f47f050a109b08610667d73477af6ef36dcad31c31a4a8d53f"
diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14245-14246.patch b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14245-14246.patch
new file mode 100644
index 0000000..a17ec21
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14245-14246.patch
@@ -0,0 +1,121 @@
+From 2d54514a4f6437b67829717c05472d2e3300a258 Mon Sep 17 00:00:00 2001
+From: Fabian Greffrath <fabian@greffrath.com>
+Date: Wed, 27 Sep 2017 14:46:17 +0200
+Subject: [PATCH] sfe_copy_data_fp: check value of "max" variable for being
+ normal
+
+and check elements of the data[] array for being finite.
+
+Both checks use functions provided by the <math.h> header as declared
+by the C99 standard.
+
+Fixes #317
+CVE: CVE-2017-14245
+CVE: CVE-2017-14246
+
+Upstream-Status: Backport [https://github.com/fabiangreffrath/libsndfile/commit/2d54514a4f6437b67829717c05472d2e3300a258]
+
+Signed-off-by: Fabian Greffrath <fabian@greffrath.com>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ programs/common.c | 20 ++++++++++++++++----
+ programs/common.h | 2 +-
+ programs/sndfile-convert.c | 6 +++++-
+ 3 files changed, 22 insertions(+), 6 deletions(-)
+
+diff --git a/programs/common.c b/programs/common.c
+index a21e62c..a249a58 100644
+--- a/programs/common.c
++++ b/programs/common.c
+@@ -36,6 +36,7 @@
+ #include <string.h>
+ #include <ctype.h>
+ #include <stdint.h>
++#include <math.h>
+
+ #include <sndfile.h>
+
+@@ -45,7 +46,7 @@
+
+ #define MIN(x, y) ((x) < (y) ? (x) : (y))
+
+-void
++int
+ sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize)
+ { static double data [BUFFER_LEN], max ;
+ int frames, readcount, k ;
+@@ -54,6 +55,8 @@ sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize
+ readcount = frames ;
+
+ sf_command (infile, SFC_CALC_SIGNAL_MAX, &max, sizeof (max)) ;
++ if (!isnormal (max)) /* neither zero, subnormal, infinite, nor NaN */
++ return 1 ;
+
+ if (!normalize && max < 1.0)
+ { while (readcount > 0)
+@@ -67,12 +70,16 @@ sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize
+ while (readcount > 0)
+ { readcount = sf_readf_double (infile, data, frames) ;
+ for (k = 0 ; k < readcount * channels ; k++)
+- data [k] /= max ;
++ { data [k] /= max ;
++
++ if (!isfinite (data [k])) /* infinite or NaN */
++ return 1;
++ }
+ sf_writef_double (outfile, data, readcount) ;
+ } ;
+ } ;
+
+- return ;
++ return 0 ;
+ } /* sfe_copy_data_fp */
+
+ void
+@@ -252,7 +259,12 @@ sfe_apply_metadata_changes (const char * filenames [2], const METADATA_INFO * in
+
+ /* If the input file is not the same as the output file, copy the data. */
+ if ((infileminor == SF_FORMAT_DOUBLE) || (infileminor == SF_FORMAT_FLOAT))
+- sfe_copy_data_fp (outfile, infile, sfinfo.channels, SF_FALSE) ;
++ { if (sfe_copy_data_fp (outfile, infile, sfinfo.channels, SF_FALSE) != 0)
++ { printf ("Error : Not able to decode input file '%s'\n", filenames [0]) ;
++ error_code = 1 ;
++ goto cleanup_exit ;
++ } ;
++ }
+ else
+ sfe_copy_data_int (outfile, infile, sfinfo.channels) ;
+ } ;
+diff --git a/programs/common.h b/programs/common.h
+index eda2d7d..986277e 100644
+--- a/programs/common.h
++++ b/programs/common.h
+@@ -62,7 +62,7 @@ typedef SF_BROADCAST_INFO_VAR (2048) SF_BROADCAST_INFO_2K ;
+
+ void sfe_apply_metadata_changes (const char * filenames [2], const METADATA_INFO * info) ;
+
+-void sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize) ;
++int sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize) ;
+
+ void sfe_copy_data_int (SNDFILE *outfile, SNDFILE *infile, int channels) ;
+
+diff --git a/programs/sndfile-convert.c b/programs/sndfile-convert.c
+index dff7f79..e6de593 100644
+--- a/programs/sndfile-convert.c
++++ b/programs/sndfile-convert.c
+@@ -335,7 +335,11 @@ main (int argc, char * argv [])
+ || (outfileminor == SF_FORMAT_DOUBLE) || (outfileminor == SF_FORMAT_FLOAT)
+ || (infileminor == SF_FORMAT_DOUBLE) || (infileminor == SF_FORMAT_FLOAT)
+ || (infileminor == SF_FORMAT_VORBIS) || (outfileminor == SF_FORMAT_VORBIS))
+- sfe_copy_data_fp (outfile, infile, sfinfo.channels, normalize) ;
++ { if (sfe_copy_data_fp (outfile, infile, sfinfo.channels, normalize) != 0)
++ { printf ("Error : Not able to decode input file %s.\n", infilename) ;
++ return 1 ;
++ } ;
++ }
+ else
+ sfe_copy_data_int (outfile, infile, sfinfo.channels) ;
+
+--
+2.7.4
+
diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14634.patch b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14634.patch
new file mode 100644
index 0000000..39b4ec1
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14634.patch
@@ -0,0 +1,42 @@
+From 85c877d5072866aadbe8ed0c3e0590fbb5e16788 Mon Sep 17 00:00:00 2001
+From: Fabian Greffrath <fabian@greffrath.com>
+Date: Thu, 28 Sep 2017 12:15:04 +0200
+Subject: [PATCH] double64_init: Check psf->sf.channels against upper bound
+
+This prevents division by zero later in the code.
+
+While the trivial case to catch this (i.e. sf.channels < 1) has already
+been covered, a crafted file may report a number of channels that is
+so high (i.e. > INT_MAX/sizeof(double)) that it "somehow" gets
+miscalculated to zero (if this makes sense) in the determination of the
+blockwidth. Since we only support a limited number of channels anyway,
+make sure to check here as well.
+
+CVE: CVE-2017-14634
+
+Closes: https://github.com/erikd/libsndfile/issues/318
+
+Upstream-Status: Backport [https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788]
+
+Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ src/double64.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/double64.c b/src/double64.c
+index b318ea8..78dfef7 100644
+--- a/src/double64.c
++++ b/src/double64.c
+@@ -91,7 +91,7 @@ int
+ double64_init (SF_PRIVATE *psf)
+ { static int double64_caps ;
+
+- if (psf->sf.channels < 1)
++ if (psf->sf.channels < 1 || psf->sf.channels > SF_MAX_CHANNELS)
+ { psf_log_printf (psf, "double64_init : internal error : channels = %d\n", psf->sf.channels) ;
+ return SFE_INTERNAL ;
+ } ;
+--
+2.13.3
+
diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index 281ac82..ed43b74 100644
--- a/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -10,6 +10,8 @@
file://CVE-2017-8361-8365.patch \
file://CVE-2017-8362.patch \
file://CVE-2017-8363.patch \
+ file://CVE-2017-14245-14246.patch \
+ file://CVE-2017-14634.patch \
"
SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch
new file mode 100644
index 0000000..7564d92
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch
@@ -0,0 +1,33 @@
+From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001
+From: Thomas Daede <daede003@umn.edu>
+Date: Wed, 9 May 2018 14:56:59 -0700
+Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates.
+
+CVE: CVE-2017-14160
+CVE: CVE-2018-10393
+Upstream-Status: Backport from https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
+
+Signed-off-by: Thomas Daede <daede003@umn.edu>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ lib/psy.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/psy.c b/lib/psy.c
+index 422c6f1..1310123 100644
+--- a/lib/psy.c
++++ b/lib/psy.c
+@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
+ for (i = 0, x = 0.f;; i++, x += 1.f) {
+
+ lo = b[i] >> 16;
+- if( lo>=0 ) break;
+ hi = b[i] & 0xffff;
++ if( lo>=0 ) break;
++ if( hi>=n ) break;
+
+ tN = N[hi] + N[-lo];
+ tX = X[hi] - X[-lo];
+--
+2.7.4
+
diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch
new file mode 100644
index 0000000..f1ef6fb
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch
@@ -0,0 +1,29 @@
+From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001
+From: Thomas Daede <daede003@umn.edu>
+Date: Thu, 17 May 2018 16:19:19 -0700
+Subject: [PATCH] Sanity check number of channels in setup.
+
+Fixes #2335.
+CVE: CVE-2018-10392
+Upstream-Status: Backport [https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ lib/vorbisenc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
+index 4fc7b62..64a51b5 100644
+--- a/lib/vorbisenc.c
++++ b/lib/vorbisenc.c
+@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){
+ highlevel_encode_setup *hi=&ci->hi;
+
+ if(ci==NULL)return(OV_EINVAL);
++ if(vi->channels<1||vi->channels>255)return(OV_EINVAL);
+ if(!hi->impulse_block_p)i0=1;
+
+ /* too low/high an ATH floater is nonsensical, but doesn't break anything */
+--
+2.13.3
+
diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb b/poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
index 20f887c..615b539 100644
--- a/poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
+++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
@@ -9,12 +9,15 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=7d2c487d2fc7dd3e3c7c465a5b7f6217 \
file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=d1c1d138863d6315131193d4046d81cb"
DEPENDS = "libogg"
+PR = "r1"
SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \
file://0001-configure-Check-for-clang.patch \
file://CVE-2017-14633.patch \
file://CVE-2017-14632.patch \
file://CVE-2018-5146.patch \
+ file://CVE-2017-14160.patch \
+ file://CVE-2018-10392.patch \
"
SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f"
SRC_URI[sha256sum] = "54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1"
diff --git a/poky/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch b/poky/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch
new file mode 100644
index 0000000..14698db
--- /dev/null
+++ b/poky/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch
@@ -0,0 +1,47 @@
+From 13f135c7a252cc46cff96e75968d92b6dc8dce1b Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Fri, 8 Jun 2018 10:45:21 +0200
+Subject: [PATCH] gpg: Sanitize diagnostic with the original file name.
+
+* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
+--
+
+This fixes a forgotten sanitation of user supplied data in a verbose
+mode diagnostic. The mention CVE is about using this to inject
+status-fd lines into the stderr output. Other harm good as well be
+done. Note that GPGME based applications are not affected because
+GPGME does not fold status output into stderr.
+
+CVE-id: CVE-2018-12020
+GnuPG-bug-id: 4012
+
+Upstream-Status: Backport [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=13f135c7a252cc46cff96e75968d92b6dc8dce1b]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ g10/mainproc.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/g10/mainproc.c b/g10/mainproc.c
+index d2ceec2fd..a9da08f74 100644
+--- a/g10/mainproc.c
++++ b/g10/mainproc.c
+@@ -851,7 +851,14 @@ proc_plaintext( CTX c, PACKET *pkt )
+ if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8))
+ log_info (_("Note: sender requested \"for-your-eyes-only\"\n"));
+ else if (opt.verbose)
+- log_info (_("original file name='%.*s'\n"), pt->namelen, pt->name);
++ {
++ /* We don't use print_utf8_buffer because that would require a
++ * string change which we don't want in 2.2. It is also not
++ * clear whether the filename is always utf-8 encoded. */
++ char *tmp = make_printable_string (pt->name, pt->namelen, 0);
++ log_info (_("original file name='%.*s'\n"), (int)strlen (tmp), tmp);
++ xfree (tmp);
++ }
+
+ free_md_filter_context (&c->mfx);
+ if (gcry_md_open (&c->mfx.md, 0, 0))
+--
+2.13.3
+
diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb b/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb
index d3f1a8f..d6bfaff 100644
--- a/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb
+++ b/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb
@@ -14,6 +14,7 @@
file://0002-use-pkgconfig-instead-of-npth-config.patch \
file://0003-dirmngr-uses-libgpg-error.patch \
file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \
+ file://CVE-2018-12020.patch \
"
SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch"
diff --git a/poky/meta/recipes-support/libgcrypt/files/CVE-2018-0495.patch b/poky/meta/recipes-support/libgcrypt/files/CVE-2018-0495.patch
new file mode 100644
index 0000000..c16bd3a
--- /dev/null
+++ b/poky/meta/recipes-support/libgcrypt/files/CVE-2018-0495.patch
@@ -0,0 +1,76 @@
+From 9010d1576e278a4274ad3f4aa15776c28f6ba965 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 13 Jun 2018 15:28:58 +0900
+Subject: [PATCH] ecc: Add blinding for ECDSA.
+
+* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with
+randomized nonce B.
+
+--
+
+Reported-by: Keegan Ryan <Keegan.Ryan@nccgroup.trust>
+CVE-id: CVE-2018-0495
+
+Upstream-Status: Backport [http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965]
+
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ cipher/ecc-ecdsa.c | 20 ++++++++++++++++++--
+ 1 file changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/cipher/ecc-ecdsa.c b/cipher/ecc-ecdsa.c
+index 1484830b..140e8c09 100644
+--- a/cipher/ecc-ecdsa.c
++++ b/cipher/ecc-ecdsa.c
+@@ -50,6 +50,8 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
+ const void *abuf;
+ unsigned int abits, qbits;
+ mpi_ec_t ctx;
++ gcry_mpi_t b; /* Random number needed for blinding. */
++ gcry_mpi_t bi; /* multiplicative inverse of B. */
+
+ if (DBG_CIPHER)
+ log_mpidump ("ecdsa sign hash ", input );
+@@ -61,6 +63,15 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
+ if (rc)
+ return rc;
+
++ b = mpi_snew (qbits);
++ bi = mpi_snew (qbits);
++ do
++ {
++ _gcry_mpi_randomize (b, qbits, GCRY_WEAK_RANDOM);
++ mpi_mod (b, b, skey->E.n);
++ }
++ while (!mpi_invm (bi, b, skey->E.n));
++
+ k = NULL;
+ dr = mpi_alloc (0);
+ sum = mpi_alloc (0);
+@@ -115,8 +126,11 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
+ }
+ while (!mpi_cmp_ui (r, 0));
+
+- mpi_mulm (dr, skey->d, r, skey->E.n); /* dr = d*r mod n */
+- mpi_addm (sum, hash, dr, skey->E.n); /* sum = hash + (d*r) mod n */
++ mpi_mulm (dr, b, skey->d, skey->E.n);
++ mpi_mulm (dr, dr, r, skey->E.n); /* dr = d*r mod n (blinded with b) */
++ mpi_mulm (sum, b, hash, skey->E.n);
++ mpi_addm (sum, sum, dr, skey->E.n); /* sum = hash + (d*r) mod n (blinded with b) */
++ mpi_mulm (sum, bi, sum, skey->E.n); /* undo blinding by b^-1 */
+ mpi_invm (k_1, k, skey->E.n); /* k_1 = k^(-1) mod n */
+ mpi_mulm (s, k_1, sum, skey->E.n); /* s = k^(-1)*(hash+(d*r)) mod n */
+ }
+@@ -129,6 +143,8 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
+ }
+
+ leave:
++ mpi_free (b);
++ mpi_free (bi);
+ _gcry_mpi_ec_free (ctx);
+ point_free (&I);
+ mpi_free (x);
+--
+2.13.3
+
diff --git a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.2.bb b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.2.bb
index b36e653..9d036c8 100644
--- a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.2.bb
+++ b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.2.bb
@@ -20,6 +20,7 @@
file://0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch \
file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \
file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \
+ file://CVE-2018-0495.patch \
"
SRC_URI[md5sum] = "cfb0b5c79eab07686b6898160a407139"
SRC_URI[sha256sum] = "c8064cae7558144b13ef0eb87093412380efa16c4ee30ad12ecb54886a524c07"
diff --git a/poky/scripts/lib/wic/canned-wks/qemux86-directdisk.wks b/poky/scripts/lib/wic/canned-wks/qemux86-directdisk.wks
index cfa32bd..be51c4e 100644
--- a/poky/scripts/lib/wic/canned-wks/qemux86-directdisk.wks
+++ b/poky/scripts/lib/wic/canned-wks/qemux86-directdisk.wks
@@ -4,5 +4,5 @@
include common.wks.inc
-bootloader --timeout=0 --append="vga=0 rw mem=256M ip=192.168.7.2::192.168.7.1:255.255.255.0 oprofile.timer=1 rootfstype=ext4 "
+bootloader --timeout=0 --append="vga=0 rw mem=256M oprofile.timer=1 rootfstype=ext4 "