reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-extended/procps/procps/0001-Fix-out-of-tree-builds.patch b/poky/meta/recipes-extended/procps/procps/0001-Fix-out-of-tree-builds.patch
new file mode 100644
index 0000000..e548194
--- /dev/null
+++ b/poky/meta/recipes-extended/procps/procps/0001-Fix-out-of-tree-builds.patch
@@ -0,0 +1,24 @@
+From 0825db94fc91fa2150c0e649e92cc8dcc44f4b38 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Wed, 4 Apr 2018 14:09:45 +0300
+Subject: [PATCH] Fix out of tree builds
+
+Upstream-Status: Pending
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ include/nls.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/nls.h b/include/nls.h
+index 1166b7b..f5abe05 100644
+--- a/include/nls.h
++++ b/include/nls.h
+@@ -6,7 +6,7 @@
+ #define PROCPS_NG_NLS_H
+
+ /* programs issuing textdomain() need PACKAGE string */
+-#include "../config.h"
++#include "config.h"
+
+ /* programs issuing bindtextdomain() also need LOCALEDIR string */
+ #ifndef LOCALEDIR
diff --git a/poky/meta/recipes-extended/procps/procps/CVE-2018-1124.patch b/poky/meta/recipes-extended/procps/procps/CVE-2018-1124.patch
deleted file mode 100644
index bc78faf..0000000
--- a/poky/meta/recipes-extended/procps/procps/CVE-2018-1124.patch
+++ /dev/null
@@ -1,176 +0,0 @@
-From bdd058a0e676d2f013027fcfb2b344c313112a50 Mon Sep 17 00:00:00 2001
-From: Qualys Security Advisory <qsa@qualys.com>
-Date: Thu, 1 Jan 1970 00:00:00 +0000
-Subject: [PATCH 074/126] proc/readproc.c: Fix bugs and overflows in
- file2strvec().
-
-Note: this is by far the most important and complex patch of the whole
-series, please review it carefully; thank you very much!
-
-For this patch, we decided to keep the original function's design and
-skeleton, to avoid regressions and behavior changes, while fixing the
-various bugs and overflows. And like the "Harden file2str()" patch, this
-patch does not fail when about to overflow, but truncates instead: there
-is information available about this process, so return it to the caller;
-also, we used INT_MAX as a limit, but a lower limit could be used.
-
-The easy changes:
-
-- Replace sprintf() with snprintf() (and check for truncation).
-
-- Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and
- do break instead of return: it simplifies the code (only one place to
- handle errors), and also guarantees that in the while loop either n or
- tot is > 0 (or both), even if n is reset to 0 when about to overflow.
-
-- Remove the "if (n < 0)" block in the while loop: it is (and was) dead
- code, since we enter the while loop only if n >= 0.
-
-- Rewrite the missing-null-terminator detection: in the original
- function, if the size of the file is a multiple of 2047, a null-
- terminator is appended even if the file is already null-terminated.
-
-- Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)":
- originally, it was equivalent to "if (n < 0)", but we added "tot <= 0"
- to handle the first break of the while loop, and to guarantee that in
- the rest of the function tot is > 0.
-
-- Double-force ("belt and suspenders") the null-termination of rbuf:
- this is (and was) essential to the correctness of the function.
-
-- Replace the final "while" loop with a "for" loop that behaves just
- like the preceding "for" loop: in the original function, this would
- lead to unexpected results (for example, if rbuf is |\0|A|\0|, this
- would return the array {"",NULL} but should return {"","A",NULL}; and
- if rbuf is |A|\0|B| (should never happen because rbuf should be null-
- terminated), this would make room for two pointers in ret, but would
- write three pointers to ret).
-
-The hard changes:
-
-- Prevent the integer overflow of tot in the while loop, but unlike
- file2str(), file2strvec() cannot let tot grow until it almost reaches
- INT_MAX, because it needs more space for the pointers: this is why we
- introduced ARG_LEN, which also guarantees that we can add "align" and
- a few sizeof(char*)s to tot without overflowing.
-
-- Prevent the integer overflow of "tot + c + align": when INT_MAX is
- (almost) reached, we write the maximal safe amount of pointers to ret
- (ARG_LEN guarantees that there is always space for *ret = rbuf and the
- NULL terminator).
-[carnil: backport for 3.3.9: Add include for limits.h and use of MAX_INT]
-
-CVE: CVE-2018-1124
-Upstream-Status: Backport [https://gitlab.com/procps-ng/procps/commit/36c350f07c75aabf747fb833f52a234ae5781b20]
-
-Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
----
- proc/readproc.c | 53 ++++++++++++++++++++++++++++++++---------------------
- 1 file changed, 32 insertions(+), 21 deletions(-)
-
-diff -Naurp procps-ng-3.3.12_org/proc/readproc.c procps-ng-3.3.12/proc/readproc.c
---- procps-ng-3.3.12_org/proc/readproc.c 2016-07-09 14:49:25.825306872 -0700
-+++ procps-ng-3.3.12/proc/readproc.c 2018-07-24 00:46:49.366202531 -0700
-@@ -37,6 +37,7 @@
- #include <dirent.h>
- #include <sys/types.h>
- #include <sys/stat.h>
-+#include <limits.h>
- #ifdef WITH_SYSTEMD
- #include <systemd/sd-login.h>
- #endif
---- a/proc/readproc.c
-+++ b/proc/readproc.c
-@@ -600,11 +601,12 @@ static int file2str(const char *director
-
- static char** file2strvec(const char* directory, const char* what) {
- char buf[2048]; /* read buf bytes at a time */
-- char *p, *rbuf = 0, *endbuf, **q, **ret;
-+ char *p, *rbuf = 0, *endbuf, **q, **ret, *strp;
- int fd, tot = 0, n, c, end_of_file = 0;
- int align;
-
-- sprintf(buf, "%s/%s", directory, what);
-+ const int len = snprintf(buf, sizeof buf, "%s/%s", directory, what);
-+ if(len <= 0 || (size_t)len >= sizeof buf) return NULL;
- fd = open(buf, O_RDONLY, 0);
- if(fd==-1) return NULL;
-
-@@ -612,18 +614,23 @@ static char** file2strvec(const char* di
- while ((n = read(fd, buf, sizeof buf - 1)) >= 0) {
- if (n < (int)(sizeof buf - 1))
- end_of_file = 1;
-- if (n == 0 && rbuf == 0) {
-- close(fd);
-- return NULL; /* process died between our open and read */
-+ if (n <= 0 && tot <= 0) { /* nothing read now, nothing read before */
-+ break; /* process died between our open and read */
- }
-- if (n < 0) {
-- if (rbuf)
-- free(rbuf);
-- close(fd);
-- return NULL; /* read error */
-+ /* ARG_LEN is our guesstimated median length of a command-line argument
-+ or environment variable (the minimum is 1, the maximum is 131072) */
-+ #define ARG_LEN 64
-+ if (tot >= INT_MAX / (ARG_LEN + (int)sizeof(char*)) * ARG_LEN - n) {
-+ end_of_file = 1; /* integer overflow: null-terminate and break */
-+ n = 0; /* but tot > 0 */
- }
-- if (end_of_file && (n == 0 || buf[n-1]))/* last read char not null */
-+ #undef ARG_LEN
-+ if (end_of_file &&
-+ ((n > 0 && buf[n-1] != '\0') || /* last read char not null */
-+ (n <= 0 && rbuf[tot-1] != '\0'))) /* last read char not null */
- buf[n++] = '\0'; /* so append null-terminator */
-+
-+ if (n <= 0) break; /* unneeded (end_of_file = 1) but avoid realloc */
- rbuf = xrealloc(rbuf, tot + n); /* allocate more memory */
- memcpy(rbuf + tot, buf, n); /* copy buffer into it */
- tot += n; /* increment total byte ctr */
-@@ -631,29 +638,34 @@ static char** file2strvec(const char* di
- break;
- }
- close(fd);
-- if (n <= 0 && !end_of_file) {
-+ if (n < 0 || tot <= 0) { /* error, or nothing read */
- if (rbuf) free(rbuf);
- return NULL; /* read error */
- }
-+ rbuf[tot-1] = '\0'; /* belt and suspenders (the while loop did it, too) */
- endbuf = rbuf + tot; /* count space for pointers */
- align = (sizeof(char*)-1) - ((tot + sizeof(char*)-1) & (sizeof(char*)-1));
-- for (c = 0, p = rbuf; p < endbuf; p++) {
-- if (!*p || *p == '\n')
-+ c = sizeof(char*); /* one extra for NULL term */
-+ for (p = rbuf; p < endbuf; p++) {
-+ if (!*p || *p == '\n') {
-+ if (c >= INT_MAX - (tot + (int)sizeof(char*) + align)) break;
- c += sizeof(char*);
-+ }
- if (*p == '\n')
- *p = 0;
- }
-- c += sizeof(char*); /* one extra for NULL term */
-
- rbuf = xrealloc(rbuf, tot + c + align); /* make room for ptrs AT END */
- endbuf = rbuf + tot; /* addr just past data buf */
- q = ret = (char**) (endbuf+align); /* ==> free(*ret) to dealloc */
-- *q++ = p = rbuf; /* point ptrs to the strings */
-- endbuf--; /* do not traverse final NUL */
-- while (++p < endbuf)
-- if (!*p) /* NUL char implies that */
-- *q++ = p+1; /* next string -> next char */
--
-+ for (strp = p = rbuf; p < endbuf; p++) {
-+ if (!*p) { /* NUL char implies that */
-+ if (c < 2 * (int)sizeof(char*)) break;
-+ c -= sizeof(char*);
-+ *q++ = strp; /* point ptrs to the strings */
-+ strp = p+1; /* next string -> next char */
-+ }
-+ }
- *q = 0; /* null ptr list terminator */
- return ret;
- }
diff --git a/poky/meta/recipes-extended/procps/procps_3.3.12.bb b/poky/meta/recipes-extended/procps/procps_3.3.15.bb
similarity index 91%
rename from poky/meta/recipes-extended/procps/procps_3.3.12.bb
rename to poky/meta/recipes-extended/procps/procps_3.3.15.bb
index 6e15b0a..9756db0 100644
--- a/poky/meta/recipes-extended/procps/procps_3.3.12.bb
+++ b/poky/meta/recipes-extended/procps/procps_3.3.15.bb
@@ -14,11 +14,11 @@
SRC_URI = "http://downloads.sourceforge.net/project/procps-ng/Production/procps-ng-${PV}.tar.xz \
file://sysctl.conf \
- file://CVE-2018-1124.patch \
- "
+ file://0001-Fix-out-of-tree-builds.patch \
+ "
-SRC_URI[md5sum] = "957e42e8b193490b2111252e4a2b443c"
-SRC_URI[sha256sum] = "6ed65ab86318f37904e8f9014415a098bec5bc53653e5d9ab404f95ca5e1a7d4"
+SRC_URI[md5sum] = "2b0717a7cb474b3d6dfdeedfbad2eccc"
+SRC_URI[sha256sum] = "10bd744ffcb3de2d591d2f6acf1a54a7ba070fdcc432a855931a5057149f0465"
S = "${WORKDIR}/procps-ng-${PV}"