poky: subtree update:52a625582e..7035b4b21e
Adrian Bunk (9):
squashfs-tools: Upgrade to 4.4
screen: Upgrade 4.6.2 -> 4.7.0
stress-ng: Upgrade 0.10.00 -> 0.10.08
nspr: Upgrade 4.21 -> 4.23
gcc: Remove stale gcc 8 patchfile
gnu-efi: Upgrade 3.0.9 -> 3.0.10
python3-numpy: Stop shipping manual config files
coreutils: Move stdbuf into an own package coreutils-stdbuf
gnu-efi: Upgrade 3.0.10 -> 3.0.11
Alessio Igor Bogani (1):
systemtap: support usrmerge
Alexander Hirsch (1):
libksba: Fix license specification
Alexander Kanavin (6):
gcr: update to 3.34.0
btrfs-tools: update to 5.3
libmodulemd-v1: update to 1.8.16
selftest: skip virgl test on centos 7 entirely
nfs-utils: do not depend on bash unnecessarily
selftest: add a test for gpl3-free images
Alistair Francis (4):
opensbi: Bump from 0.4 to 0.5
u-boot: Bump from 2019.07 to 2019.10
qemuriscv64: Build smode U-Boot
libsdl2: Fix build failure when using mesa 19.2.1
Andreas Müller (4):
adwaita-icon-theme: upgrade 3.32.0 -> 3.34.0
gsettings-desktop-schemas: upgrade 3.32.0 -> 3.34.0
IMAGE_LINGUAS_COMPLEMENTARY: auto-add language packages other than locales
libical: add PACKAGECONFIG glib and enable it by default
André Draszik (10):
testimage.bbclass: support hardware-controlled targets
testimage.bbclass: enable ssh agent forwarding
oeqa/runtime/df: don't fail on long device names
oeqa/core/decorator: add skipIfFeature
oeqa/runtime/opkg: skip install on read-only-rootfs
oeqa/runtime/systemd: skip unit enable/disable on read-only-rootfs
ruby: update to v2.6.4
ruby: some ptest fixes
oeqa/runtime/context.py: ignore more files when loading controllers
connman: mark connman-wait-online as SYSTEMD_PACKAGE
Bruce Ashfield (6):
linux-yocto/4.19: update to v4.19.78
linux-yocto/5.2: update to v5.2.20
perf: fix v5.4+ builds
perf: create directories before copying single files
perf: add 'cap' PACKAGECONFIG
perf: drop 'include' copy
Carlos Rafael Giani (12):
gstreamer1.0: upgrade to version 1.16.1
gstreamer1.0-plugins-base: upgrade to version 1.16.1
gstreamer1.0-plugins-good: upgrade to version 1.16.1
gstreamer1.0-plugins-bad: upgrade to version 1.16.1
gstreamer1.0-plugins-ugly: upgrade to version 1.16.1
gstreamer1.0-libav: upgrade to version 1.16.1
gstreamer1.0-vaapi: upgrade to version 1.16.1
gstreamer1.0-omx: upgrade to version 1.16.1
gstreamer1.0-python: upgrade to version 1.16.1
gstreamer1.0-rtsp-server: upgrade to version 1.16.1
gst-validate: upgrade to version 1.16.1
gstreamer: Change SRC_URI to use HTTPS access instead of HTTP
Changqing Li (4):
qemu: Fix CVE-2019-12068
python: Fix CVE-2019-10160
sudo: fix CVE-2019-14287
mdadm: fix do_package failed when changed local.conf but not cleaned
Chee Yang Lee (2):
wic/help: change 'wic write' help description
wic/engine: use 'linux-swap' for swap file system
Chen Qi (3):
go: fix CVE-2019-16276
python3: fix CVE-2019-16935
python: fix CVE-2019-16935
Chris Laplante via bitbake-devel (2):
bitbake: bitbake: contrib/vim: initial commit, with unmodified code from indent/python.vim
bitbake: bitbake: contrib/vim: Modify Python indentation to work with 'python do_task {'
Christopher Larson (2):
bitbake: fetch2/git: fetch shallow revs when needed
bitbake: tests/fetch: add test for fetching shallow revs
Dan Callaghan (1):
elfutils: add PACKAGECONFIG for compression algorithms
Douglas Royds via Openembedded-core (1):
icecc: Export ICECC_CC and friends via wrapper-script
Eduardo Abinader (1):
devtool: add ssh key option to deploy-target param
Eugene Smirnov (1):
wic/rawcopy: Support files in sub-directories
Ferry Toth (1):
sudo: Fix fetching sources
Frazer Leslie Clews (2):
makedevs: fix format strings in makedevs.c in print statements
makedevs: fix invalidScanfFormatWidth to prevent overflowing usr_buf
George McCollister (1):
openssl: make OPENSSL_ENGINES match install path
Haiqing Bai (1):
unfs3: fixed the issue that unfsd consumes 100% CPU
He Zhe (1):
ltp: Fix overcommit_memory failure
Hongxu Jia (1):
openssh: fix CVE-2019-16905
Joe Slater (2):
libtiff: fix CVE-2019-17546
libxslt: fix CVE-2019-18197
Kai Kang (1):
bind: fix CVE-2019-6471 and CVE-2018-5743
Liwei Song (1):
util-linux: fix PKNAME name is NULL when use lsblk [LIN1019-2963]
Mattias Hansson (1):
base.bbclass: add dependency on pseudo from do_prepare_recipe_sysroot
Max Tomago (1):
python-native: Remove debug.patch
Maxime Roussin-Bélanger (2):
meta: update and add missing homepage/bugtracker links
meta: add missing description in recipes-gnome
Michael Ho (1):
cmake.bbclass: add HOSTTOOLS_DIR to CMAKE_FIND_ROOT_PATH
Mike Crowe (2):
kernel-fitimage: Cope with non-standard kernel deploy subdirectory
kernel-devicetree: Cope with non-standard kernel deploy subdirectory
Mikko Rapeli (1):
systemd.bbclass: enable all services specified in ${SYSTEMD_SERVICE}
Nicola Lunghi (1):
ofono: tidy up the recipe
Ola x Nilsson (10):
oeqa/selftest/recipetool: Use with to control file handle lifetime
oe.types.path: Use with to control file handle lifetime
lib/oe/packagedata: Use with to control file handle lifetime
lib/oe/package_manager: Use with to control file handle lifetime
report-error.bbclass: Use with to control file handle lifetime
package.bbclass: Use with to manage file handle lifetimes
devtool-source.bbclass: Use with to manage file handle lifetime
libc-package.bbclass: Use with to manage filehandle in do_spit_gconvs
bitbake: bitbake: prserv/serv: Use with while reading pidfile
bitbake: bitbake: ConfHandler: Use with to manage filehandle lifetime
Oleksandr Kravchuk (4):
ell: update to 0.23
ell: update to 0.25
ell: update to 0.26
ofono: update to 1.31
Ricardo Ribalda Delgado (1):
i2c-tools: Add missing RDEPEND
Richard Leitner (1):
kernel-fitimage: introduce FIT_SIGN_ALG
Richard Purdie (4):
tinderclient: Drop obsolete class
meson: Backport fix to assist meta-oe breakage
nfs-utils: Improve handling when no exported fileysystems
qemu: Avoid potential build configuration contamination
Robert Yang (1):
bluez5: Fix for --enable-btpclient
Ross Burton (29):
sanity: check the format of SDK_VENDOR
file: explicitly disable seccomp
python3: -dev should depend on distutils
gawk: add PACKAGECONFIG for readline
python3: alternative name is python3-config not python-config
python3: ensure that all forms of python3-config are in python3-dev
oeqa/selftest: use specialist assert* methods
bluez5: refresh upstreamed patches
xorgproto: fix summary
libx11: upgrade to 1.6.9
xorgproto: upgrade to 2019.2
llvm: add missing Upstream-Status tags
buildhistory-analysis: filter out -src changes by default
squashfs-tools: remove redundant source checksums
squashfs-tools: clean up compile/install tasks
wpa-supplicant: fix CVE-2019-16275
gcr: remove intltool-native
elfutils: disable bzip
cve-check: ensure all known CVEs are in the report
git: some tools are no longer perl, so move to main recipe
git: cleanup man install
qemu-helper-native: add missing option to getopt() call
qemu-helper-native: showing help shouldn't be an error
qemu-helper-native: pass compiler flags
oeqa/selftest: add test for oe-run-native
cve-check: failure to parse versions should be more visible
gst-examples: rename so PV is in filename
sanity: check for more bits of Python
recipeutils-test: use a small dependency in the dummy recipe
Sai Hari Chandana Kalluri (1):
devtool: Add --remove-work option for devtool reset command
Scott Rifenbark (9):
ref-manual: First pass of 2.8 migration changes (WIP)
poky.ent: Updated the release date to October 2019
dev-manual: Added info to "Selecting an Initialization Manager"
ref-manual: 2nd pass 3.0 migration
documenation: Changed "2.8" to "3.0".
ref-manual: Removed deprecated link to ref-classes-bluetooth
ref-manual, dev-manual: Clean up of a commit
ref-manual: Updated the BUSYBOX_SPLIT_SUID variable.
ref-manual, dev-manual: Added CMake toolchain files.
Stefan Agner (1):
uninative: check .done file instead of tarball
Tom Benn (1):
dbus: update dbus-1.init to reflect new PID file
Trevor Gamblin (5):
aspell: upgrade from 0.60.7 to 0.60.8
binutils: fix CVE-2019-17450
binutils: fix CVE-2019-17451
ncurses: fix CVE-2019-17594, CVE-2019-17595
libgcrypt: upgrade 1.8.4 -> 1.8.5
Trevor Woerner (1):
libcap-ng: undefined reference to `pthread_atfork'
Wenlin Kang (1):
sysstat: fix CVE-2019-16167
Yann Dirson (1):
mesa: fix meson configure fix when 'dri' is excluded from PACKAGECONFIG
Yeoh Ee Peng (1):
scripts/oe-pkgdata-util: Enable list-pkgs to print ordered packages
Yi Zhao (2):
libsdl2: fix CVE-2019-13616
libgcrypt: fix CVE-2019-12904
Zang Ruochen (6):
bison:upgrade 3.4.1 -> 3.4.2
e2fsprogs:upgrade 1.45.3 -> 1.45.4
libxvmc:upgrade 1.0.11 -> 1.0.12
python3-pip:upgrade 19.2.3 -> 19.3.1
python-setuptools:upgrade 41.2.0 -> 41.4.0
libcap-ng:upgrade 0.7.9 -> 0.7.10
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: I50bc42f74dffdc406ffc0dea034e41462fe6e06b
diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
index d9d9da0..372eebd 100644
--- a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
+++ b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
@@ -12,7 +12,7 @@
inherit native
do_compile() {
- ${CC} tunctl.c -o tunctl
+ ${CC} ${CFLAGS} ${LDFLAGS} -Wall tunctl.c -o tunctl
}
do_install() {
diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper/tunctl.c b/poky/meta/recipes-devtools/qemu/qemu-helper/tunctl.c
index 16e24a2..d745dd0 100644
--- a/poky/meta/recipes-devtools/qemu/qemu-helper/tunctl.c
+++ b/poky/meta/recipes-devtools/qemu/qemu-helper/tunctl.c
@@ -19,7 +19,7 @@
#define TUNSETGROUP _IOW('T', 206, int)
#endif
-static void Usage(char *name)
+static void Usage(char *name, int status)
{
fprintf(stderr, "Create: %s [-b] [-u owner] [-g group] [-t device-name] "
"[-f tun-clone-device]\n", name);
@@ -28,7 +28,7 @@
fprintf(stderr, "The default tun clone device is /dev/net/tun - some systems"
" use\n/dev/misc/net/tun instead\n\n");
fprintf(stderr, "-b will result in brief output (just the device name)\n");
- exit(1);
+ exit(status);
}
int main(int argc, char **argv)
@@ -41,7 +41,7 @@
int tap_fd, opt, delete = 0, brief = 0;
char *tun = "", *file = "/dev/net/tun", *name = argv[0], *end;
- while((opt = getopt(argc, argv, "bd:f:t:u:g:")) > 0){
+ while((opt = getopt(argc, argv, "bd:f:t:u:g:h")) > 0){
switch(opt) {
case 'b':
brief = 1;
@@ -63,7 +63,7 @@
if(*end != '\0'){
fprintf(stderr, "'%s' is neither a username nor a numeric uid.\n",
optarg);
- Usage(name);
+ Usage(name, 1);
}
break;
case 'g':
@@ -76,7 +76,7 @@
if(*end != '\0'){
fprintf(stderr, "'%s' is neither a groupname nor a numeric group.\n",
optarg);
- Usage(name);
+ Usage(name, 1);
}
break;
@@ -84,8 +84,10 @@
tun = optarg;
break;
case 'h':
+ Usage(name, 0);
+ break;
default:
- Usage(name);
+ Usage(name, 1);
}
}
@@ -93,7 +95,7 @@
argc -= optind;
if(argc > 0)
- Usage(name);
+ Usage(name, 1);
if((tap_fd = open(file, O_RDWR)) < 0){
fprintf(stderr, "Failed to open '%s' : ", file);
diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc
index 88ae68a..601fc22 100644
--- a/poky/meta/recipes-devtools/qemu/qemu.inc
+++ b/poky/meta/recipes-devtools/qemu/qemu.inc
@@ -28,6 +28,7 @@
file://0009-Fix-webkitgtk-builds.patch \
file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \
file://CVE-2019-15890.patch \
+ file://CVE-2019-12068.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
@@ -94,6 +95,7 @@
do_configure() {
${S}/configure ${EXTRA_OECONF}
}
+do_configure[cleandirs] += "${B}"
do_install () {
export STRIP=""
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-12068.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-12068.patch
new file mode 100644
index 0000000..f1655e4
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-12068.patch
@@ -0,0 +1,108 @@
+From de594e47659029316bbf9391efb79da0a1a08e08 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Wed, 14 Aug 2019 17:35:21 +0530
+Subject: [PATCH] scsi: lsi: exit infinite loop while executing script
+ (CVE-2019-12068)
+
+When executing script in lsi_execute_script(), the LSI scsi adapter
+emulator advances 's->dsp' index to read next opcode. This can lead
+to an infinite loop if the next opcode is empty. Move the existing
+loop exit after 10k iterations so that it covers no-op opcodes as
+well.
+
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08]
+CVE: CVE-2019-12068
+
+Reported-by: Bugs SysSec <bugs-syssec@rub.de>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ hw/scsi/lsi53c895a.c | 41 +++++++++++++++++++++++++++--------------
+ 1 file changed, 27 insertions(+), 14 deletions(-)
+
+diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
+index 222a286..ec53b14 100644
+--- a/hw/scsi/lsi53c895a.c
++++ b/hw/scsi/lsi53c895a.c
+@@ -186,6 +186,9 @@ static const char *names[] = {
+ /* Flag set if this is a tagged command. */
+ #define LSI_TAG_VALID (1 << 16)
+
++/* Maximum instructions to process. */
++#define LSI_MAX_INSN 10000
++
+ typedef struct lsi_request {
+ SCSIRequest *req;
+ uint32_t tag;
+@@ -1133,7 +1136,21 @@ static void lsi_execute_script(LSIState *s)
+
+ s->istat1 |= LSI_ISTAT1_SRUN;
+ again:
+- insn_processed++;
++ if (++insn_processed > LSI_MAX_INSN) {
++ /* Some windows drivers make the device spin waiting for a memory
++ location to change. If we have been executed a lot of code then
++ assume this is the case and force an unexpected device disconnect.
++ This is apparently sufficient to beat the drivers into submission.
++ */
++ if (!(s->sien0 & LSI_SIST0_UDC)) {
++ qemu_log_mask(LOG_GUEST_ERROR,
++ "lsi_scsi: inf. loop with UDC masked");
++ }
++ lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
++ lsi_disconnect(s);
++ trace_lsi_execute_script_stop();
++ return;
++ }
+ insn = read_dword(s, s->dsp);
+ if (!insn) {
+ /* If we receive an empty opcode increment the DSP by 4 bytes
+@@ -1570,19 +1587,7 @@ again:
+ }
+ }
+ }
+- if (insn_processed > 10000 && s->waiting == LSI_NOWAIT) {
+- /* Some windows drivers make the device spin waiting for a memory
+- location to change. If we have been executed a lot of code then
+- assume this is the case and force an unexpected device disconnect.
+- This is apparently sufficient to beat the drivers into submission.
+- */
+- if (!(s->sien0 & LSI_SIST0_UDC)) {
+- qemu_log_mask(LOG_GUEST_ERROR,
+- "lsi_scsi: inf. loop with UDC masked");
+- }
+- lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
+- lsi_disconnect(s);
+- } else if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) {
++ if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) {
+ if (s->dcntl & LSI_DCNTL_SSM) {
+ lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
+ } else {
+@@ -1970,6 +1975,10 @@ static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
+ case 0x2f: /* DSP[24:31] */
+ s->dsp &= 0x00ffffff;
+ s->dsp |= val << 24;
++ /*
++ * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one
++ * instruction. Is this correct?
++ */
+ if ((s->dmode & LSI_DMODE_MAN) == 0
+ && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
+ lsi_execute_script(s);
+@@ -1988,6 +1997,10 @@ static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
+ break;
+ case 0x3b: /* DCNTL */
+ s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
++ /*
++ * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one
++ * instruction. Is this correct?
++ */
+ if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
+ lsi_execute_script(s);
+ break;
+--
+2.7.4
+