poky: subtree update:52a625582e..7035b4b21e
Adrian Bunk (9):
squashfs-tools: Upgrade to 4.4
screen: Upgrade 4.6.2 -> 4.7.0
stress-ng: Upgrade 0.10.00 -> 0.10.08
nspr: Upgrade 4.21 -> 4.23
gcc: Remove stale gcc 8 patchfile
gnu-efi: Upgrade 3.0.9 -> 3.0.10
python3-numpy: Stop shipping manual config files
coreutils: Move stdbuf into an own package coreutils-stdbuf
gnu-efi: Upgrade 3.0.10 -> 3.0.11
Alessio Igor Bogani (1):
systemtap: support usrmerge
Alexander Hirsch (1):
libksba: Fix license specification
Alexander Kanavin (6):
gcr: update to 3.34.0
btrfs-tools: update to 5.3
libmodulemd-v1: update to 1.8.16
selftest: skip virgl test on centos 7 entirely
nfs-utils: do not depend on bash unnecessarily
selftest: add a test for gpl3-free images
Alistair Francis (4):
opensbi: Bump from 0.4 to 0.5
u-boot: Bump from 2019.07 to 2019.10
qemuriscv64: Build smode U-Boot
libsdl2: Fix build failure when using mesa 19.2.1
Andreas Müller (4):
adwaita-icon-theme: upgrade 3.32.0 -> 3.34.0
gsettings-desktop-schemas: upgrade 3.32.0 -> 3.34.0
IMAGE_LINGUAS_COMPLEMENTARY: auto-add language packages other than locales
libical: add PACKAGECONFIG glib and enable it by default
André Draszik (10):
testimage.bbclass: support hardware-controlled targets
testimage.bbclass: enable ssh agent forwarding
oeqa/runtime/df: don't fail on long device names
oeqa/core/decorator: add skipIfFeature
oeqa/runtime/opkg: skip install on read-only-rootfs
oeqa/runtime/systemd: skip unit enable/disable on read-only-rootfs
ruby: update to v2.6.4
ruby: some ptest fixes
oeqa/runtime/context.py: ignore more files when loading controllers
connman: mark connman-wait-online as SYSTEMD_PACKAGE
Bruce Ashfield (6):
linux-yocto/4.19: update to v4.19.78
linux-yocto/5.2: update to v5.2.20
perf: fix v5.4+ builds
perf: create directories before copying single files
perf: add 'cap' PACKAGECONFIG
perf: drop 'include' copy
Carlos Rafael Giani (12):
gstreamer1.0: upgrade to version 1.16.1
gstreamer1.0-plugins-base: upgrade to version 1.16.1
gstreamer1.0-plugins-good: upgrade to version 1.16.1
gstreamer1.0-plugins-bad: upgrade to version 1.16.1
gstreamer1.0-plugins-ugly: upgrade to version 1.16.1
gstreamer1.0-libav: upgrade to version 1.16.1
gstreamer1.0-vaapi: upgrade to version 1.16.1
gstreamer1.0-omx: upgrade to version 1.16.1
gstreamer1.0-python: upgrade to version 1.16.1
gstreamer1.0-rtsp-server: upgrade to version 1.16.1
gst-validate: upgrade to version 1.16.1
gstreamer: Change SRC_URI to use HTTPS access instead of HTTP
Changqing Li (4):
qemu: Fix CVE-2019-12068
python: Fix CVE-2019-10160
sudo: fix CVE-2019-14287
mdadm: fix do_package failed when changed local.conf but not cleaned
Chee Yang Lee (2):
wic/help: change 'wic write' help description
wic/engine: use 'linux-swap' for swap file system
Chen Qi (3):
go: fix CVE-2019-16276
python3: fix CVE-2019-16935
python: fix CVE-2019-16935
Chris Laplante via bitbake-devel (2):
bitbake: bitbake: contrib/vim: initial commit, with unmodified code from indent/python.vim
bitbake: bitbake: contrib/vim: Modify Python indentation to work with 'python do_task {'
Christopher Larson (2):
bitbake: fetch2/git: fetch shallow revs when needed
bitbake: tests/fetch: add test for fetching shallow revs
Dan Callaghan (1):
elfutils: add PACKAGECONFIG for compression algorithms
Douglas Royds via Openembedded-core (1):
icecc: Export ICECC_CC and friends via wrapper-script
Eduardo Abinader (1):
devtool: add ssh key option to deploy-target param
Eugene Smirnov (1):
wic/rawcopy: Support files in sub-directories
Ferry Toth (1):
sudo: Fix fetching sources
Frazer Leslie Clews (2):
makedevs: fix format strings in makedevs.c in print statements
makedevs: fix invalidScanfFormatWidth to prevent overflowing usr_buf
George McCollister (1):
openssl: make OPENSSL_ENGINES match install path
Haiqing Bai (1):
unfs3: fixed the issue that unfsd consumes 100% CPU
He Zhe (1):
ltp: Fix overcommit_memory failure
Hongxu Jia (1):
openssh: fix CVE-2019-16905
Joe Slater (2):
libtiff: fix CVE-2019-17546
libxslt: fix CVE-2019-18197
Kai Kang (1):
bind: fix CVE-2019-6471 and CVE-2018-5743
Liwei Song (1):
util-linux: fix PKNAME name is NULL when use lsblk [LIN1019-2963]
Mattias Hansson (1):
base.bbclass: add dependency on pseudo from do_prepare_recipe_sysroot
Max Tomago (1):
python-native: Remove debug.patch
Maxime Roussin-Bélanger (2):
meta: update and add missing homepage/bugtracker links
meta: add missing description in recipes-gnome
Michael Ho (1):
cmake.bbclass: add HOSTTOOLS_DIR to CMAKE_FIND_ROOT_PATH
Mike Crowe (2):
kernel-fitimage: Cope with non-standard kernel deploy subdirectory
kernel-devicetree: Cope with non-standard kernel deploy subdirectory
Mikko Rapeli (1):
systemd.bbclass: enable all services specified in ${SYSTEMD_SERVICE}
Nicola Lunghi (1):
ofono: tidy up the recipe
Ola x Nilsson (10):
oeqa/selftest/recipetool: Use with to control file handle lifetime
oe.types.path: Use with to control file handle lifetime
lib/oe/packagedata: Use with to control file handle lifetime
lib/oe/package_manager: Use with to control file handle lifetime
report-error.bbclass: Use with to control file handle lifetime
package.bbclass: Use with to manage file handle lifetimes
devtool-source.bbclass: Use with to manage file handle lifetime
libc-package.bbclass: Use with to manage filehandle in do_spit_gconvs
bitbake: bitbake: prserv/serv: Use with while reading pidfile
bitbake: bitbake: ConfHandler: Use with to manage filehandle lifetime
Oleksandr Kravchuk (4):
ell: update to 0.23
ell: update to 0.25
ell: update to 0.26
ofono: update to 1.31
Ricardo Ribalda Delgado (1):
i2c-tools: Add missing RDEPEND
Richard Leitner (1):
kernel-fitimage: introduce FIT_SIGN_ALG
Richard Purdie (4):
tinderclient: Drop obsolete class
meson: Backport fix to assist meta-oe breakage
nfs-utils: Improve handling when no exported fileysystems
qemu: Avoid potential build configuration contamination
Robert Yang (1):
bluez5: Fix for --enable-btpclient
Ross Burton (29):
sanity: check the format of SDK_VENDOR
file: explicitly disable seccomp
python3: -dev should depend on distutils
gawk: add PACKAGECONFIG for readline
python3: alternative name is python3-config not python-config
python3: ensure that all forms of python3-config are in python3-dev
oeqa/selftest: use specialist assert* methods
bluez5: refresh upstreamed patches
xorgproto: fix summary
libx11: upgrade to 1.6.9
xorgproto: upgrade to 2019.2
llvm: add missing Upstream-Status tags
buildhistory-analysis: filter out -src changes by default
squashfs-tools: remove redundant source checksums
squashfs-tools: clean up compile/install tasks
wpa-supplicant: fix CVE-2019-16275
gcr: remove intltool-native
elfutils: disable bzip
cve-check: ensure all known CVEs are in the report
git: some tools are no longer perl, so move to main recipe
git: cleanup man install
qemu-helper-native: add missing option to getopt() call
qemu-helper-native: showing help shouldn't be an error
qemu-helper-native: pass compiler flags
oeqa/selftest: add test for oe-run-native
cve-check: failure to parse versions should be more visible
gst-examples: rename so PV is in filename
sanity: check for more bits of Python
recipeutils-test: use a small dependency in the dummy recipe
Sai Hari Chandana Kalluri (1):
devtool: Add --remove-work option for devtool reset command
Scott Rifenbark (9):
ref-manual: First pass of 2.8 migration changes (WIP)
poky.ent: Updated the release date to October 2019
dev-manual: Added info to "Selecting an Initialization Manager"
ref-manual: 2nd pass 3.0 migration
documenation: Changed "2.8" to "3.0".
ref-manual: Removed deprecated link to ref-classes-bluetooth
ref-manual, dev-manual: Clean up of a commit
ref-manual: Updated the BUSYBOX_SPLIT_SUID variable.
ref-manual, dev-manual: Added CMake toolchain files.
Stefan Agner (1):
uninative: check .done file instead of tarball
Tom Benn (1):
dbus: update dbus-1.init to reflect new PID file
Trevor Gamblin (5):
aspell: upgrade from 0.60.7 to 0.60.8
binutils: fix CVE-2019-17450
binutils: fix CVE-2019-17451
ncurses: fix CVE-2019-17594, CVE-2019-17595
libgcrypt: upgrade 1.8.4 -> 1.8.5
Trevor Woerner (1):
libcap-ng: undefined reference to `pthread_atfork'
Wenlin Kang (1):
sysstat: fix CVE-2019-16167
Yann Dirson (1):
mesa: fix meson configure fix when 'dri' is excluded from PACKAGECONFIG
Yeoh Ee Peng (1):
scripts/oe-pkgdata-util: Enable list-pkgs to print ordered packages
Yi Zhao (2):
libsdl2: fix CVE-2019-13616
libgcrypt: fix CVE-2019-12904
Zang Ruochen (6):
bison:upgrade 3.4.1 -> 3.4.2
e2fsprogs:upgrade 1.45.3 -> 1.45.4
libxvmc:upgrade 1.0.11 -> 1.0.12
python3-pip:upgrade 19.2.3 -> 19.3.1
python-setuptools:upgrade 41.2.0 -> 41.4.0
libcap-ng:upgrade 0.7.9 -> 0.7.10
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: I50bc42f74dffdc406ffc0dea034e41462fe6e06b
diff --git a/poky/meta/recipes-bsp/gnu-efi/gnu-efi/parallel-make-archives.patch b/poky/meta/recipes-bsp/gnu-efi/gnu-efi/parallel-make-archives.patch
index a9806cf..8a0138b 100644
--- a/poky/meta/recipes-bsp/gnu-efi/gnu-efi/parallel-make-archives.patch
+++ b/poky/meta/recipes-bsp/gnu-efi/gnu-efi/parallel-make-archives.patch
@@ -19,25 +19,7 @@
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
[Rebased for 3.0.8]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- gnuefi/Makefile | 3 ++-
- lib/Makefile | 2 +-
- 2 files changed, 3 insertions(+), 2 deletions(-)
-diff --git a/gnuefi/Makefile b/gnuefi/Makefile
-index 2a61699..89b560a 100644
---- a/gnuefi/Makefile
-+++ b/gnuefi/Makefile
-@@ -54,7 +54,8 @@ TARGETS = crt0-efi-$(ARCH).o libgnuefi.a
-
- all: $(TARGETS)
-
--libgnuefi.a: $(patsubst %,libgnuefi.a(%),$(OBJS))
-+libgnuefi.a: $(OBJS)
-+ $(AR) $(ARFLAGS) $@ $(OBJS)
-
- clean:
- rm -f $(TARGETS) *~ *.o $(OBJS)
diff --git a/lib/Makefile b/lib/Makefile
index 0e6410d..048751a 100644
--- a/lib/Makefile
diff --git a/poky/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.9.bb b/poky/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.11.bb
similarity index 94%
rename from poky/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.9.bb
rename to poky/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.11.bb
index 6d4c303..9954d7f 100644
--- a/poky/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.9.bb
+++ b/poky/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.11.bb
@@ -18,8 +18,8 @@
file://gnu-efi-3.0.9-fix-clang-build.patch \
"
-SRC_URI[md5sum] = "32af17b917545a693e549af2439c4a99"
-SRC_URI[sha256sum] = "6715ea7eae1c7e4fc5041034bd3f107ec2911962ed284a081e491646b12277f0"
+SRC_URI[md5sum] = "21148bbcccec385a9bfdf5f678959577"
+SRC_URI[sha256sum] = "f28da792a2532e91e18e0101468811739a22cde9eee5eacfd0efb9bf3a61d6b9"
COMPATIBLE_HOST = "(x86_64.*|i.86.*|aarch64.*|arm.*)-linux"
COMPATIBLE_HOST_armv4 = 'null'
diff --git a/poky/meta/recipes-bsp/opensbi/opensbi_0.4.bb b/poky/meta/recipes-bsp/opensbi/opensbi_0.5.bb
similarity index 97%
rename from poky/meta/recipes-bsp/opensbi/opensbi_0.4.bb
rename to poky/meta/recipes-bsp/opensbi/opensbi_0.5.bb
index b030436..759bbbf 100644
--- a/poky/meta/recipes-bsp/opensbi/opensbi_0.4.bb
+++ b/poky/meta/recipes-bsp/opensbi/opensbi_0.5.bb
@@ -8,7 +8,7 @@
inherit autotools-brokensep deploy
-SRCREV = "ce228ee0919deb9957192d723eecc8aaae2697c6"
+SRCREV = "be92da280d87c38a2e0adc5d3f43bab7b5468f09"
SRC_URI = "git://github.com/riscv/opensbi.git \
file://0001-Makefile-Don-t-specify-mabi-or-march.patch \
"
diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-CVE-2019-13103.patch b/poky/meta/recipes-bsp/u-boot/files/0001-CVE-2019-13103.patch
deleted file mode 100644
index 1a5d1eb..0000000
--- a/poky/meta/recipes-bsp/u-boot/files/0001-CVE-2019-13103.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 39a759494f734c4cdc3e2b919671bfb3134b41ae Mon Sep 17 00:00:00 2001
-From: Paul Emge <paulemge@forallsecure.com>
-Date: Mon, 8 Jul 2019 16:37:03 -0700
-Subject: [PATCH 1/9] CVE-2019-13103: disk: stop infinite recursion in DOS
- Partitions
-
-part_get_info_extended and print_partition_extended can recurse infinitely
-while parsing a self-referential filesystem or one with a silly number of
-extended partitions. This patch adds a limit to the number of recursive
-partitions.
-
-Signed-off-by: Paul Emge <paulemge@forallsecure.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
- h=232e2f4fd9a24bf08215ddc8c53ccadffc841fb5]
-
-CVE: CVE-2019-13103
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- disk/part_dos.c | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
-
-diff --git a/disk/part_dos.c b/disk/part_dos.c
-index 936cee0d36..aae9d95906 100644
---- a/disk/part_dos.c
-+++ b/disk/part_dos.c
-@@ -23,6 +23,10 @@
-
- #define DOS_PART_DEFAULT_SECTOR 512
-
-+/* should this be configurable? It looks like it's not very common at all
-+ * to use large numbers of partitions */
-+#define MAX_EXT_PARTS 256
-+
- /* Convert char[4] in little endian format to the host format integer
- */
- static inline unsigned int le32_to_int(unsigned char *le32)
-@@ -126,6 +130,13 @@ static void print_partition_extended(struct blk_desc *dev_desc,
- dos_partition_t *pt;
- int i;
-
-+ /* set a maximum recursion level */
-+ if (part_num > MAX_EXT_PARTS)
-+ {
-+ printf("** Nested DOS partitions detected, stopping **\n");
-+ return;
-+ }
-+
- if (blk_dread(dev_desc, ext_part_sector, 1, (ulong *)buffer) != 1) {
- printf ("** Can't read partition table on %d:" LBAFU " **\n",
- dev_desc->devnum, ext_part_sector);
-@@ -191,6 +202,13 @@ static int part_get_info_extended(struct blk_desc *dev_desc,
- int i;
- int dos_type;
-
-+ /* set a maximum recursion level */
-+ if (part_num > MAX_EXT_PARTS)
-+ {
-+ printf("** Nested DOS partitions detected, stopping **\n");
-+ return -1;
-+ }
-+
- if (blk_dread(dev_desc, ext_part_sector, 1, (ulong *)buffer) != 1) {
- printf ("** Can't read partition table on %d:" LBAFU " **\n",
- dev_desc->devnum, ext_part_sector);
---
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-include-env.h-Ensure-ulong-is-defined.patch b/poky/meta/recipes-bsp/u-boot/files/0001-include-env.h-Ensure-ulong-is-defined.patch
new file mode 100644
index 0000000..b911816
--- /dev/null
+++ b/poky/meta/recipes-bsp/u-boot/files/0001-include-env.h-Ensure-ulong-is-defined.patch
@@ -0,0 +1,31 @@
+From 0565a080d153d5baaaacfeb5045a832e126f4f9e Mon Sep 17 00:00:00 2001
+From: Alistair Francis <alistair.francis@wdc.com>
+Date: Mon, 14 Oct 2019 17:37:30 -0700
+Subject: [PATCH] include/env.h: Ensure ulong is defined
+
+To fix these failures when building with musl:
+ include/env.h:166:1: error: unknown type name 'ulong'; did you mean 'long'?
+ensure that ulong is defined.
+
+Upstream-Status: Pending
+Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
+---
+ include/env.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/include/env.h b/include/env.h
+index b72239f6a5..5ca49a3456 100644
+--- a/include/env.h
++++ b/include/env.h
+@@ -13,6 +13,8 @@
+ #include <stdbool.h>
+ #include <linux/types.h>
+
++typedef unsigned long ulong;
++
+ struct environment_s;
+
+ /* Value for environment validity */
+--
+2.23.0
+
diff --git a/poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch b/poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch
deleted file mode 100644
index de122b2..0000000
--- a/poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 1d36545e43003f4b1bb3a303a3b468abd482fa2f Mon Sep 17 00:00:00 2001
-From: Paul Emge <paulemge@forallsecure.com>
-Date: Mon, 8 Jul 2019 16:37:05 -0700
-Subject: [PATCH 2/9] CVE-2019-13104: ext4: check for underflow in
- ext4fs_read_file
-
-in ext4fs_read_file, it is possible for a broken/malicious file
-system to cause a memcpy of a negative number of bytes, which
-overflows all memory. This patch fixes the issue by checking for
-a negative length.
-
-Signed-off-by: Paul Emge <paulemge@forallsecure.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
- h=878269dbe74229005dd7f27aca66c554e31dad8e]
-
-CVE: CVE-2019-13104
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- fs/ext4/ext4fs.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
-index 26db677a1f..c8c8655ed8 100644
---- a/fs/ext4/ext4fs.c
-+++ b/fs/ext4/ext4fs.c
-@@ -66,13 +66,15 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
-
- ext_cache_init(&cache);
-
-- if (blocksize <= 0)
-- return -1;
--
- /* Adjust len so it we can't read past the end of the file. */
- if (len + pos > filesize)
- len = (filesize - pos);
-
-+ if (blocksize <= 0 || len <= 0) {
-+ ext_cache_fini(&cache);
-+ return -1;
-+ }
-+
- blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize);
-
- for (i = lldiv(pos, blocksize); i < blockcnt; i++) {
---
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch b/poky/meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch
deleted file mode 100644
index f525147..0000000
--- a/poky/meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 4e937d0de669ee69cf41c20494cbf66c339c3174 Mon Sep 17 00:00:00 2001
-From: Paul Emge <paulemge@forallsecure.com>
-Date: Mon, 8 Jul 2019 16:37:04 -0700
-Subject: [PATCH 3/9] CVE-2019-13105: ext4: fix double-free in ext4_cache_read
-
-ext_cache_read doesn't null cache->buf, after freeing, which results
-in a later function double-freeing it. This patch fixes
-ext_cache_read to call ext_cache_fini instead of free.
-
-Signed-off-by: Paul Emge <paulemge@forallsecure.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
- h=6e5a79de658cb1c8012c86e0837379aa6eabd024]
-
-CVE: CVE-2019-13105
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- fs/ext4/ext4fs.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
-index c8c8655ed8..e2b740cac4 100644
---- a/fs/ext4/ext4fs.c
-+++ b/fs/ext4/ext4fs.c
-@@ -288,7 +288,7 @@ int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size)
- if (!cache->buf)
- return 0;
- if (!ext4fs_devread(block, 0, size, cache->buf)) {
-- free(cache->buf);
-+ ext_cache_fini(cache);
- return 0;
- }
- cache->block = block;
---
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/files/0004-CVE-2019-13106.patch b/poky/meta/recipes-bsp/u-boot/files/0004-CVE-2019-13106.patch
deleted file mode 100644
index 8e1a1a9..0000000
--- a/poky/meta/recipes-bsp/u-boot/files/0004-CVE-2019-13106.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 1307dabf5422372483f840dda3963f9dbd2e8e6f Mon Sep 17 00:00:00 2001
-From: Paul Emge <paulemge@forallsecure.com>
-Date: Mon, 8 Jul 2019 16:37:07 -0700
-Subject: [PATCH 4/9] CVE-2019-13106: ext4: fix out-of-bounds memset
-
-In ext4fs_read_file in ext4fs.c, a memset can overwrite the bounds of
-the destination memory region. This patch adds a check to disallow
-this.
-
-Signed-off-by: Paul Emge <paulemge@forallsecure.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
- h=e205896c5383c938274262524adceb2775fb03ba]
-
-CVE: CVE-2019-13106
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- fs/ext4/ext4fs.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
-index e2b740cac4..37b31d9f0f 100644
---- a/fs/ext4/ext4fs.c
-+++ b/fs/ext4/ext4fs.c
-@@ -61,6 +61,7 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
- lbaint_t delayed_skipfirst = 0;
- lbaint_t delayed_next = 0;
- char *delayed_buf = NULL;
-+ char *start_buf = buf;
- short status;
- struct ext_block_cache cache;
-
-@@ -139,6 +140,7 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
- }
- } else {
- int n;
-+ int n_left;
- if (previous_block_number != -1) {
- /* spill */
- status = ext4fs_devread(delayed_start,
-@@ -153,8 +155,9 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
- }
- /* Zero no more than `len' bytes. */
- n = blocksize - skipfirst;
-- if (n > len)
-- n = len;
-+ n_left = len - ( buf - start_buf );
-+ if (n > n_left)
-+ n = n_left;
- memset(buf, 0, n);
- }
- buf += blocksize - skipfirst;
---
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/files/0005-CVE-2019-14192-14193-14199.patch b/poky/meta/recipes-bsp/u-boot/files/0005-CVE-2019-14192-14193-14199.patch
deleted file mode 100644
index a19545a..0000000
--- a/poky/meta/recipes-bsp/u-boot/files/0005-CVE-2019-14192-14193-14199.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From e8e602f4a4b2aacfb3da32bb8a838be15ea70e7b Mon Sep 17 00:00:00 2001
-From: "liucheng (G)" <liucheng32@huawei.com>
-Date: Thu, 29 Aug 2019 13:47:33 +0000
-Subject: [PATCH 5/9] CVE: net: fix unbounded memcpy of UDP packet
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This patch adds a check to udp_len to fix unbounded memcpy for
-CVE-2019-14192, CVE-2019-14193 and CVE-2019-14199.
-
-Signed-off-by: Cheng Liu <liucheng32@huawei.com>
-Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
-Reported-by: Fermín Serna <fermin@semmle.com>
-Acked-by: Joe Hershberger <joe.hershberger@ni.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
- h=fe7288069d2e6659117049f7d27e261b550bb725]
-
-CVE: CVE-2019-14192, CVE-2019-14193 and CVE-2019-14199
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- net/net.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/net/net.c b/net/net.c
-index 58b0417cbe..38105f1142 100644
---- a/net/net.c
-+++ b/net/net.c
-@@ -1252,6 +1252,9 @@ void net_process_received_packet(uchar *in_packet, int len)
- return;
- }
-
-+ if (ntohs(ip->udp_len) < UDP_HDR_SIZE || ntohs(ip->udp_len) > ntohs(ip->ip_len))
-+ return;
-+
- debug_cond(DEBUG_DEV_PKT,
- "received UDP (to=%pI4, from=%pI4, len=%d)\n",
- &dst_ip, &src_ip, len);
---
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/files/0006-CVE-2019-14197-14200-14201-14202-14203-14204.patch b/poky/meta/recipes-bsp/u-boot/files/0006-CVE-2019-14197-14200-14201-14202-14203-14204.patch
deleted file mode 100644
index 04a09e4..0000000
--- a/poky/meta/recipes-bsp/u-boot/files/0006-CVE-2019-14197-14200-14201-14202-14203-14204.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 261658ddaf24bb35edd477cf09ec055569fd9894 Mon Sep 17 00:00:00 2001
-From: "liucheng (G)" <liucheng32@huawei.com>
-Date: Thu, 29 Aug 2019 13:47:40 +0000
-Subject: [PATCH 6/9] CVE: nfs: fix stack-based buffer overflow in some
- nfs_handler reply helper functions
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This patch adds a check to nfs_handler to fix buffer overflow for CVE-2019-14197,
-CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203 and CVE-2019-14204.
-
-Signed-off-by: Cheng Liu <liucheng32@huawei.com>
-Reported-by: Fermín Serna <fermin@semmle.com>
-Acked-by: Joe Hershberger <joe.hershberger@ni.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
- h=741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21]
-
-CVE: CVE-2019-14197, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202,
- CVE-2019-14203 and CVE-2019-14204
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- net/nfs.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/net/nfs.c b/net/nfs.c
-index d6a7f8e827..b7cf3b3a18 100644
---- a/net/nfs.c
-+++ b/net/nfs.c
-@@ -732,6 +732,9 @@ static void nfs_handler(uchar *pkt, unsigned dest, struct in_addr sip,
-
- debug("%s\n", __func__);
-
-+ if (len > sizeof(struct rpc_t))
-+ return;
-+
- if (dest != nfs_our_port)
- return;
-
---
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/files/0007-CVE-2019-14194-14198.patch b/poky/meta/recipes-bsp/u-boot/files/0007-CVE-2019-14194-14198.patch
deleted file mode 100644
index b3e3b72..0000000
--- a/poky/meta/recipes-bsp/u-boot/files/0007-CVE-2019-14194-14198.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From fb6dc193bf2685b7574b218f7ca558aa54659e11 Mon Sep 17 00:00:00 2001
-From: "liucheng (G)" <liucheng32@huawei.com>
-Date: Thu, 29 Aug 2019 13:47:48 +0000
-Subject: [PATCH 7/9] CVE-2019-14194/CVE-2019-14198: nfs: fix unbounded memcpy
- with a failed length check at nfs_read_reply
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This patch adds a check to rpc_pkt.u.reply.data at nfs_read_reply.
-
-Signed-off-by: Cheng Liu <liucheng32@huawei.com>
-Reported-by: Fermín Serna <fermin@semmle.com>
-Acked-by: Joe Hershberger <joe.hershberger@ni.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
- h=aa207cf3a6d68f39d64cd29057a4fb63943e9078]
-
-CVE: CVE-2019-14194 and CVE-2019-14198
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- net/nfs.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/net/nfs.c b/net/nfs.c
-index b7cf3b3a18..11941fad1a 100644
---- a/net/nfs.c
-+++ b/net/nfs.c
-@@ -701,6 +701,9 @@ static int nfs_read_reply(uchar *pkt, unsigned len)
- &(rpc_pkt.u.reply.data[4 + nfsv3_data_offset]);
- }
-
-+ if (((uchar *)&(rpc_pkt.u.reply.data[0]) - (uchar *)(&rpc_pkt) + rlen) > len)
-+ return -9999;
-+
- if (store_block(data_ptr, nfs_offset, rlen))
- return -9999;
-
---
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/files/0008-CVE-2019-14195.patch b/poky/meta/recipes-bsp/u-boot/files/0008-CVE-2019-14195.patch
deleted file mode 100644
index bf9fb0e..0000000
--- a/poky/meta/recipes-bsp/u-boot/files/0008-CVE-2019-14195.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 2236973b8a173ff54ae1ebf8ec2300928e69bd1b Mon Sep 17 00:00:00 2001
-From: "liucheng (G)" <liucheng32@huawei.com>
-Date: Thu, 29 Aug 2019 13:47:54 +0000
-Subject: [PATCH 8/9] CVE-2019-14195: nfs: fix unbounded memcpy with
- unvalidated length at nfs_readlink_reply
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This patch adds a check to rpc_pkt.u.reply.data at nfs_readlink_reply.
-
-Signed-off-by: Cheng Liu <liucheng32@huawei.com>
-Reported-by: Fermín Serna <fermin@semmle.com>
-Acked-by: Joe Hershberger <joe.hershberger@ni.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
- h=cf3a4f1e86ecdd24f87b615051b49d8e1968c230]
-
-CVE: CVE-2019-14195
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- net/nfs.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/net/nfs.c b/net/nfs.c
-index 11941fad1a..915acd95cf 100644
---- a/net/nfs.c
-+++ b/net/nfs.c
-@@ -634,6 +634,9 @@ static int nfs_readlink_reply(uchar *pkt, unsigned len)
- /* new path length */
- rlen = ntohl(rpc_pkt.u.reply.data[1 + nfsv3_data_offset]);
-
-+ if (((uchar *)&(rpc_pkt.u.reply.data[0]) - (uchar *)(&rpc_pkt) + rlen) > len)
-+ return -NFS_RPC_DROP;
-+
- if (*((char *)&(rpc_pkt.u.reply.data[2 + nfsv3_data_offset])) != '/') {
- int pathlen;
-
---
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/files/0009-CVE-2019-14196.patch b/poky/meta/recipes-bsp/u-boot/files/0009-CVE-2019-14196.patch
deleted file mode 100644
index f06e025..0000000
--- a/poky/meta/recipes-bsp/u-boot/files/0009-CVE-2019-14196.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 74c468caa95c86cdb12c4b8073e154c435ac0bf7 Mon Sep 17 00:00:00 2001
-From: "liucheng (G)" <liucheng32@huawei.com>
-Date: Thu, 29 Aug 2019 13:48:02 +0000
-Subject: [PATCH 9/9] CVE-2019-14196: nfs: fix unbounded memcpy with a failed
- length check at nfs_lookup_reply
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This patch adds a check to rpc_pkt.u.reply.data at nfs_lookup_reply.
-
-Signed-off-by: Cheng Liu <liucheng32@huawei.com>
-Reported-by: Fermín Serna <fermin@semmle.com>
-Acked-by: Joe Hershberger <joe.hershberger@ni.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
- h=5d14ee4e53a81055d34ba280cb8fd90330f22a96]
-
-CVE: CVE-2019-14196
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- net/nfs.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/net/nfs.c b/net/nfs.c
-index 915acd95cf..89952aeb66 100644
---- a/net/nfs.c
-+++ b/net/nfs.c
-@@ -566,11 +566,15 @@ static int nfs_lookup_reply(uchar *pkt, unsigned len)
- }
-
- if (supported_nfs_versions & NFSV2_FLAG) {
-+ if (((uchar *)&(rpc_pkt.u.reply.data[0]) - (uchar *)(&rpc_pkt) + NFS_FHSIZE) > len)
-+ return -NFS_RPC_DROP;
- memcpy(filefh, rpc_pkt.u.reply.data + 1, NFS_FHSIZE);
- } else { /* NFSV3_FLAG */
- filefh3_length = ntohl(rpc_pkt.u.reply.data[1]);
- if (filefh3_length > NFS3_FHSIZE)
- filefh3_length = NFS3_FHSIZE;
-+ if (((uchar *)&(rpc_pkt.u.reply.data[0]) - (uchar *)(&rpc_pkt) + filefh3_length) > len)
-+ return -NFS_RPC_DROP;
- memcpy(filefh, rpc_pkt.u.reply.data + 2, filefh3_length);
- }
-
---
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc
index f63dfa3..c3e458e 100644
--- a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc
+++ b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc
@@ -12,18 +12,9 @@
# We use the revision in order to avoid having to fetch it from the
# repo during parse
-SRCREV = "e5aee22e4be75e75a854ab64503fc80598bc2004"
+SRCREV = "61ba1244b548463dbfb3c5285b6b22e7c772c5bd"
SRC_URI = "git://git.denx.de/u-boot.git \
- file://0001-CVE-2019-13103.patch \
- file://0002-CVE-2019-13104.patch \
- file://0003-CVE-2019-13105.patch \
- file://0004-CVE-2019-13106.patch \
- file://0005-CVE-2019-14192-14193-14199.patch \
- file://0006-CVE-2019-14197-14200-14201-14202-14203-14204.patch \
- file://0007-CVE-2019-14194-14198.patch \
- file://0008-CVE-2019-14195.patch \
- file://0009-CVE-2019-14196.patch \
-"
+ "
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-fw-utils_2019.07.bb b/poky/meta/recipes-bsp/u-boot/u-boot-fw-utils_2019.10.bb
similarity index 93%
rename from poky/meta/recipes-bsp/u-boot/u-boot-fw-utils_2019.07.bb
rename to poky/meta/recipes-bsp/u-boot/u-boot-fw-utils_2019.10.bb
index b5ce568..04321b7 100644
--- a/poky/meta/recipes-bsp/u-boot/u-boot-fw-utils_2019.07.bb
+++ b/poky/meta/recipes-bsp/u-boot/u-boot-fw-utils_2019.10.bb
@@ -3,6 +3,8 @@
SUMMARY = "U-Boot bootloader fw_printenv/setenv utilities"
DEPENDS += "mtd-utils"
+SRC_URI += "file://0001-include-env.h-Ensure-ulong-is-defined.patch"
+
INSANE_SKIP_${PN} = "already-stripped"
EXTRA_OEMAKE_class-target = 'CROSS_COMPILE=${TARGET_PREFIX} CC="${CC} ${CFLAGS} ${LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" V=1'
EXTRA_OEMAKE_class-cross = 'HOSTCC="${CC} ${CFLAGS} ${LDFLAGS}" V=1'
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2019.07.bb b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2019.10.bb
similarity index 100%
rename from poky/meta/recipes-bsp/u-boot/u-boot-tools_2019.07.bb
rename to poky/meta/recipes-bsp/u-boot/u-boot-tools_2019.10.bb
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot_2019.07.bb b/poky/meta/recipes-bsp/u-boot/u-boot_2019.10.bb
similarity index 100%
rename from poky/meta/recipes-bsp/u-boot/u-boot_2019.07.bb
rename to poky/meta/recipes-bsp/u-boot/u-boot_2019.10.bb