poky: refresh thud: b904775c2b..7c76c5d78b
Update poky to thud HEAD.
Adam Trhon (1):
icecc-env: don't raise error when icecc not installed
Alexander Kanavin (1):
openssl10: update to 1.0.2q
Armin Kuster (1):
perl: add testdepends for ssh
Bruce Ashfield (2):
linux-yocto/4.18: update to v4.18.26
linux-yocto/4.18: update to v4.18.27
Changqing Li (1):
checklayer: generate locked-sigs.inc under builddir
Dan Dedrick (2):
devtool: remove duplicate overrides
devtool: improve git repo checks before check_commits logic
Daniel Ammann (1):
ref-manual: Typo found and fixed.
Douglas Royds (2):
openssl ptest: Strip build host paths from configdata.pm
openssl: Strip perl version from installed ptest configdata.pm file
Dustin Bain (1):
busybox: update to 1.29.3
Jan Kiszka (1):
oe-git-proxy: Avoid resolving NO_PROXY against local files
Jens Rehsack (1):
avahi: avoid depending on skipped package
Jonas Bonn (1):
keymaps: tighten package write dependency
Kai Kang (1):
selftest/wic: update test case test_qemu
Khem Raj (3):
openssl10: Fix mutliple include assumptions for bn.h in opensslconf.h
send-error-report: Use https instead of http protocol
multilib_header_wrapper.h: Use #pragma once
Leonardo Augusto (1):
scripts/lib/wic/engine: Fix cp's target path for ext* filesystems
Liu Haitao (1):
iw: fix parsing of WEP keys
Mingli Yu (1):
logrotate.py: restore /etc/logrotate.d/wtmp
Otavio Salvador (1):
linux-firmware: Bump to 710963f revision
Ovidiu Panait (1):
ghostscript: Fix CVE-2019-6116
Peter Kjellerstedt (1):
libaio: Extend to native
Richard Purdie (23):
package: Add pkg_postinst_ontarget to PACKAGEVARS
oeqa/runtime/ptest: Avoid traceback for tests with no section
oeqa/utils/logparser: Simplify ptest log parsing code
oeqa/logparser: Further simplification/clarification
oeqa/logparser: Reform the ptest results parser
oeqa/utils/logparser: Add in support for duration, exitcode and logs by section
oeqa/logparser: Improve results handling
oeqa/logparser: Various misc cleanups
oeqa/runtime/ptest: Ensure OOM errors are logged
scripts/contrib/build-perf-test-wrapper.sh: Improve interaction with autobuilder automation
scripts/contrib/build-perf-test.sh: Remove it
oe-build-perf-report: Allow branch without hostname
oe-build-perf-report: Allow commits from different branches
oe-build-perf-report: Improve branch comparision handling
oe-build-perf-report: Fix missing buildstats comparisions
wic/engine: Fix missing parted autobuilder failures
lib/buildstats: Improve error message
scripts/oe-git-archive: Separate out functionality to library function
oe-build-perf-report/gitarchive: Move common useful functions to library
bitbake: runqueue: Fix dependency loop analysis 'hangs'
bitbake: runqueue: Filter out multiconfig dependencies from BB_TASKDEPDATA
bitbake: siggen: Fix multiconfig corner case
bitbake: cooker: Tweak multiconfig dependency resolution
Robert Yang (5):
bluez5: Fix a race issue for tools
yocto-check-layer-wrapper: Fix path for oe-init-build-env
checklayer: Avoid adding the layer if it is already present
runqemu: Let qemuparams override default settings
runqemu: Make QB_MEM easier to set
Ross Burton (3):
e2fsprogs: fix file system generation with large files
linux-firmware: recommend split up packages
linux-firmware: split out liquidio firmware
Scott Rifenbark (2):
poky.ent: Updated "meta-intel" version to "10.1"
overview-manual, mega-manual: Updated Package Feeds diagram
Serhey Popovych (1):
openssl: Skip assembler optimized code for powerpc64 with musl
William Bourque (1):
wic/engine.py: Load paths from PATH environment variable
Xulin Sun (1):
openssl: fix multilib file install conflicts
Zheng Ruoqin (1):
mdadm: add init and service scripts
Change-Id: Ib14c2fb69d25d84aa3d4bf0a6715bba57d1eb900
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch
new file mode 100644
index 0000000..5c1f839
--- /dev/null
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch
@@ -0,0 +1,346 @@
+From 5c49efe24dda0f2dbd2a09b9159e683cce99b6d8 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Fri, 11 Jan 2019 13:36:36 +0000
+Subject: [PATCH 7/7] Remove .forcedef, and harden .force* ops more
+
+Remove .forcedef and replace all uses with a direct call to .forceput instead.
+
+Ensure every procedure (named and trasient) that calls .forceput is
+executeonly.
+
+CVE: CVE-2019-6116
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Resource/Init/gs_dps1.ps | 15 +++++++-----
+ Resource/Init/gs_init.ps | 28 ++++++++-------------
+ Resource/Init/gs_lev2.ps | 51 +++++++++++++++++++--------------------
+ Resource/Init/gs_ll3.ps | 5 ++--
+ Resource/Init/gs_res.ps | 29 +++++++++++-----------
+ Resource/Init/gs_statd.ps | 4 +--
+ 6 files changed, 63 insertions(+), 69 deletions(-)
+
+diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
+index 8700c8c..3d2cf7a 100644
+--- a/Resource/Init/gs_dps1.ps
++++ b/Resource/Init/gs_dps1.ps
+@@ -33,14 +33,17 @@ systemdict begin
+
+ /SharedFontDirectory .FontDirectory .gcheck
+ { .currentglobal //false .setglobal
++ currentdict
+ /LocalFontDirectory .FontDirectory dup maxlength dict copy
+- .forcedef % LocalFontDirectory is local, systemdict is global
++ .forceput % LocalFontDirectory is local, systemdict is global
+ .setglobal .FontDirectory
+- }
+- { /LocalFontDirectory .FontDirectory
+- .forcedef % LocalFontDirectory is local, systemdict is global
++ } executeonly
++ {
++ currentdict
++ /LocalFontDirectory .FontDirectory
++ .forceput % LocalFontDirectory is local, systemdict is global
+ 50 dict
+- }
++ }executeonly
+ ifelse def
+
+ end % systemdict
+@@ -55,7 +58,7 @@ level2dict begin
+ { //SharedFontDirectory }
+ { /LocalFontDirectory .systemvar } % can't embed ref to local VM
+ ifelse .forceput pop % LocalFontDirectory is local, systemdict is global
+- } .bind odef
++ } .bind executeonly odef
+ % Don't just copy (load) the definition of .setglobal:
+ % it gets redefined for LL3.
+ /setshared { /.setglobal .systemvar exec } odef
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index d9a0829..45bebf4 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -54,7 +54,7 @@ systemdict exch
+ dup /userdict
+ currentdict dup 200 .setmaxlength % userdict
+ .forceput % userdict is local, systemdict is global
+- }
++ } executeonly
+ if begin
+
+ % Define dummy local/global operators if needed.
+@@ -299,13 +299,6 @@ QUIET not { printgreeting flush } if
+ 1 index exch .makeoperator def
+ } .bind def
+
+-% Define a special version of def for storing local objects into global
+-% dictionaries. Like .forceput, this exists only during initialization.
+-/.forcedef { % <key> <value> .forcedef -
+- 1 .argindex pop % check # of args
+- currentdict 3 1 roll .forceput
+-} .bind odef
+-
+ % Define procedures for accessing variables in systemdict and userdict
+ % regardless of the contents of the dictionary stack.
+ /.systemvar { % <name> .systemvar <value>
+@@ -347,7 +340,7 @@ DELAYBIND
+ }
+ ifelse
+ } .bind def
+-} if
++} executeonly if
+
+ %**************** BACKWARD COMPATIBILITY ****************
+ /hwsizedict mark /HWSize //null .dicttomark readonly def
+@@ -655,7 +648,7 @@ currentdict /.typenames .undef
+ /ifelse .systemvar
+ ] cvx executeonly
+ exch .setglobal
+-} odef
++} executeonly odef
+ systemdict /internaldict dup .makeinternaldict .makeoperator
+ .forceput % proc is local, systemdict is global
+
+@@ -1093,7 +1086,7 @@ def
+
+ % Define $error. This must be in local VM.
+ .currentglobal //false .setglobal
+-/$error 40 dict .forcedef % $error is local, systemdict is global
++currentdict /$error 40 dict .forceput % $error is local, systemdict is global
+ % newerror, errorname, command, errorinfo,
+ % ostack, estack, dstack, recordstacks,
+ % binary, globalmode,
+@@ -1112,8 +1105,8 @@ end
+ % Define errordict similarly. It has one entry per error name,
+ % plus handleerror. However, some astonishingly badly written PostScript
+ % files require it to have at least one empty slot.
+-/errordict ErrorNames length 3 add dict
+-.forcedef % errordict is local, systemdict is global
++currentdict /errordict ErrorNames length 3 add dict
++.forceput % errordict is local, systemdict is global
+ .setglobal % back to global VM
+ % gserrordict contains all the default error handling methods, but unlike
+ % errordict it is noaccess after creation (also it is in global VM).
+@@ -1273,8 +1266,9 @@ end
+ (END PROCS) VMDEBUG
+
+ % Define the font directory.
++currentdict
+ /FontDirectory //false .setglobal 100 dict //true .setglobal
+-.forcedef % FontDirectory is local, systemdict is global
++.forceput % FontDirectory is local, systemdict is global
+
+ % Define the encoding dictionary.
+ /EncodingDirectory 16 dict def % enough for Level 2 + PDF standard encodings
+@@ -2333,7 +2327,6 @@ SAFER { .setsafeglobal } if
+ //systemdict /UndefinePostScriptOperators get exec
+ //systemdict /UndefinePDFOperators get exec
+ //systemdict /.forcecopynew .forceundef % remove temptation
+- //systemdict /.forcedef .forceundef % ditto
+ //systemdict /.forceput .forceundef % ditto
+ //systemdict /.undef .forceundef % ditto
+ //systemdict /.forceundef .forceundef % ditto
+@@ -2368,9 +2361,9 @@ SAFER { .setsafeglobal } if
+ % (and, if implemented, context switching).
+ .currentglobal //false .setglobal
+ mark userparams { } forall .dicttomark readonly
+- /userparams exch .forcedef % systemdict is read-only
++ currentdict exch /userparams exch .forceput % systemdict is read-only
+ .setglobal
+-} if
++} executeonly if
+ /.currentsystemparams where {
+ pop
+ % Remove real system params from pssystemparams.
+@@ -2458,7 +2451,6 @@ end
+ DELAYBIND not {
+ systemdict /.bindnow .undef % We only need this for DELAYBIND
+ systemdict /.forcecopynew .undef % remove temptation
+- systemdict /.forcedef .undef % ditto
+ systemdict /.forceput .undef % ditto
+ systemdict /.forceundef .undef % ditto
+ } if
+diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps
+index 0f0d573..9c0c3a6 100644
+--- a/Resource/Init/gs_lev2.ps
++++ b/Resource/Init/gs_lev2.ps
+@@ -304,31 +304,30 @@ end
+ psuserparams exch /.checkFilePermitparams load put
+ .setglobal
+
+-pssystemparams begin
+- /CurDisplayList 0 .forcedef
+- /CurFormCache 0 .forcedef
+- /CurInputDevice () .forcedef
+- /CurOutlineCache 0 .forcedef
+- /CurOutputDevice () .forcedef
+- /CurPatternCache 0 .forcedef
+- /CurUPathCache 0 .forcedef
+- /CurScreenStorage 0 .forcedef
+- /CurSourceList 0 .forcedef
+- /DoPrintErrors //false .forcedef
+- /JobTimeout 0 .forcedef
+- /LicenseID (LN-001) .forcedef % bogus
+- /MaxDisplayList 140000 .forcedef
+- /MaxFormCache 100000 .forcedef
+- /MaxImageBuffer 524288 .forcedef
+- /MaxOutlineCache 65000 .forcedef
+- /MaxPatternCache 100000 .forcedef
+- /MaxUPathCache 300000 .forcedef
+- /MaxScreenStorage 84000 .forcedef
+- /MaxSourceList 25000 .forcedef
+- /PrinterName product .forcedef
+- /RamSize 4194304 .forcedef
+- /WaitTimeout 40 .forcedef
+-end
++pssystemparams
++dup /CurDisplayList 0 .forceput
++dup /CurFormCache 0 .forceput
++dup /CurInputDevice () .forceput
++dup /CurOutlineCache 0 .forceput
++dup /CurOutputDevice () .forceput
++dup /CurPatternCache 0 .forceput
++dup /CurUPathCache 0 .forceput
++dup /CurScreenStorage 0 .forceput
++dup /CurSourceList 0 .forceput
++dup /DoPrintErrors //false .forceput
++dup /JobTimeout 0 .forceput
++dup /LicenseID (LN-001) .forceput % bogus
++dup /MaxDisplayList 140000 .forceput
++dup /MaxFormCache 100000 .forceput
++dup /MaxImageBuffer 524288 .forceput
++dup /MaxOutlineCache 65000 .forceput
++dup /MaxPatternCache 100000 .forceput
++dup /MaxUPathCache 300000 .forceput
++dup /MaxScreenStorage 84000 .forceput
++dup /MaxSourceList 25000 .forceput
++dup /PrinterName product .forceput
++dup /RamSize 4194304 .forceput
++ /WaitTimeout 40 .forceput
+
+ % Define the procedures for handling comment scanning. The names
+ % %ProcessComment and %ProcessDSCComment are known to the interpreter.
+@@ -710,7 +709,7 @@ pop % currentsystemparams
+ /statusdict currentdict def
+
+ currentdict end
+-/statusdict exch .forcedef % statusdict is local, systemdict is global
++currentdict exch /statusdict exch .forceput % statusdict is local, systemdict is global
+
+ % The following compatibility operators are in systemdict. They are
+ % defined here, rather than in gs_init.ps, because they require the
+diff --git a/Resource/Init/gs_ll3.ps b/Resource/Init/gs_ll3.ps
+index c86721f..881af44 100644
+--- a/Resource/Init/gs_ll3.ps
++++ b/Resource/Init/gs_ll3.ps
+@@ -521,9 +521,8 @@ end
+ % Define additional user and system parameters.
+ /HalftoneMode 0 .definepsuserparam
+ /MaxSuperScreen 1016 .definepsuserparam
+-pssystemparams begin % read-only, so use .forcedef
+- /MaxDisplayAndSourceList 160000 .forcedef
+-end
++% read-only, so use .forceput
++pssystemparams /MaxDisplayAndSourceList 160000 .forceput
+
+ % Define the IdiomSet resource category.
+ { /IdiomSet } {
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index b016113..89c0ed6 100644
+--- a/Resource/Init/gs_res.ps
++++ b/Resource/Init/gs_res.ps
+@@ -41,10 +41,10 @@ level2dict begin
+ % However, Ed Taft of Adobe says their interpreters don't implement this
+ % either, so we aren't going to worry about it for a while.
+
+-currentglobal //false setglobal systemdict begin
+- /localinstancedict 5 dict
+- .forcedef % localinstancedict is local, systemdict is global
+-end //true setglobal
++currentglobal //false setglobal
++ systemdict /localinstancedict 5 dict
++ .forceput % localinstancedict is local, systemdict is global
++//true setglobal
+ /.emptydict 0 dict readonly def
+ setglobal
+
+@@ -149,7 +149,7 @@ setglobal
+ dup [ exch 0 -1 ] exch
+ .Instances 4 2 roll put
+ % Make the Category dictionary read-only. We will have to
+- % use .forceput / .forcedef later to replace the dummy,
++ % use .forceput / .forceput later to replace the dummy,
+ % empty .Instances dictionary with the real one later.
+ readonly
+ }{
+@@ -304,7 +304,8 @@ systemdict begin
+ dup () ne {
+ .file_name_directory_separator concatstrings
+ } if
+- 2 index exch //false .file_name_combine not {
++ 2 index exch //false
++ .file_name_combine not {
+ (Error: .default_resource_dir returned ) print exch print ( that can't combine with ) print =
+ /.default_resource_dir cvx /configurationerror signalerror
+ } if
+@@ -317,14 +318,14 @@ currentdict /pssystemparams known not {
+ pssystemparams begin
+ //.default_resource_dir exec
+ /FontResourceDir (Font) //.resource_dir_name exec
+- readonly .forcedef % pssys'params is r-o
++ readonly currentdict 3 1 roll .forceput % pssys'params is r-o
+ /GenericResourceDir () //.resource_dir_name exec
+- readonly .forcedef % pssys'params is r-o
++ readonly currentdict 3 1 roll .forceput % pssys'params is r-o
+ pop % .default_resource_dir
+ /GenericResourcePathSep
+- .file_name_separator readonly .forcedef % pssys'params is r-o
+- (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forcedef % pssys'params is r-o
+- (%diskGenericResourceDir) cvn (/Resource/) readonly .forcedef % pssys'params is r-o
++ .file_name_separator readonly currentdict 3 1 roll .forceput % pssys'params is r-o
++ currentdict (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forceput % pssys'params is r-o
++ currentdict (%diskGenericResourceDir) cvn (/Resource/) readonly .forceput % pssys'params is r-o
+ end
+ end
+
+@@ -422,8 +423,8 @@ status {
+ .Instances dup //.emptydict eq {
+ pop 3 dict
+ % As noted above, Category dictionaries are read-only,
+- % so we have to use .forcedef here.
+- /.Instances 1 index .forcedef % Category dict is read-only
++ % so we have to use .forceput here.
++ currentdict /.Instances 2 index .forceput % Category dict is read-only
+ } executeonly if
+ }
+ { .LocalInstances dup //.emptydict eq
+@@ -441,7 +442,7 @@ status {
+ { /defineresource cvx /typecheck signaloperror
+ }
+ ifelse
+-} .bind executeonly .makeoperator % executeonly to prevent access to .forcedef
++} .bind executeonly .makeoperator % executeonly to prevent access to .forceput
+ /UndefineResource
+ { { dup 2 index .knownget
+ { dup 1 get 1 ge
+diff --git a/Resource/Init/gs_statd.ps b/Resource/Init/gs_statd.ps
+index 20d4c96..b6a7659 100644
+--- a/Resource/Init/gs_statd.ps
++++ b/Resource/Init/gs_statd.ps
+@@ -21,10 +21,10 @@ systemdict begin
+ % We make statusdict a little larger for Level 2 stuff.
+ % Note that it must be allocated in local VM.
+ .currentglobal //false .setglobal
+- /statusdict 91 dict .forcedef % statusdict is local, sys'dict global
++ currentdict /statusdict 91 dict .forceput % statusdict is local, sys'dict global
+ % To support the Level 2 job control features,
+ % serverdict must also be in local VM.
+- /serverdict 10 dict .forcedef % serverdict is local, sys'dict global
++ currentdict /serverdict 10 dict .forceput % serverdict is local, sys'dict global
+ .setglobal
+ end
+
+--
+2.18.1
+