poky: refresh thud: b904775c2b..7c76c5d78b
Update poky to thud HEAD.
Adam Trhon (1):
icecc-env: don't raise error when icecc not installed
Alexander Kanavin (1):
openssl10: update to 1.0.2q
Armin Kuster (1):
perl: add testdepends for ssh
Bruce Ashfield (2):
linux-yocto/4.18: update to v4.18.26
linux-yocto/4.18: update to v4.18.27
Changqing Li (1):
checklayer: generate locked-sigs.inc under builddir
Dan Dedrick (2):
devtool: remove duplicate overrides
devtool: improve git repo checks before check_commits logic
Daniel Ammann (1):
ref-manual: Typo found and fixed.
Douglas Royds (2):
openssl ptest: Strip build host paths from configdata.pm
openssl: Strip perl version from installed ptest configdata.pm file
Dustin Bain (1):
busybox: update to 1.29.3
Jan Kiszka (1):
oe-git-proxy: Avoid resolving NO_PROXY against local files
Jens Rehsack (1):
avahi: avoid depending on skipped package
Jonas Bonn (1):
keymaps: tighten package write dependency
Kai Kang (1):
selftest/wic: update test case test_qemu
Khem Raj (3):
openssl10: Fix mutliple include assumptions for bn.h in opensslconf.h
send-error-report: Use https instead of http protocol
multilib_header_wrapper.h: Use #pragma once
Leonardo Augusto (1):
scripts/lib/wic/engine: Fix cp's target path for ext* filesystems
Liu Haitao (1):
iw: fix parsing of WEP keys
Mingli Yu (1):
logrotate.py: restore /etc/logrotate.d/wtmp
Otavio Salvador (1):
linux-firmware: Bump to 710963f revision
Ovidiu Panait (1):
ghostscript: Fix CVE-2019-6116
Peter Kjellerstedt (1):
libaio: Extend to native
Richard Purdie (23):
package: Add pkg_postinst_ontarget to PACKAGEVARS
oeqa/runtime/ptest: Avoid traceback for tests with no section
oeqa/utils/logparser: Simplify ptest log parsing code
oeqa/logparser: Further simplification/clarification
oeqa/logparser: Reform the ptest results parser
oeqa/utils/logparser: Add in support for duration, exitcode and logs by section
oeqa/logparser: Improve results handling
oeqa/logparser: Various misc cleanups
oeqa/runtime/ptest: Ensure OOM errors are logged
scripts/contrib/build-perf-test-wrapper.sh: Improve interaction with autobuilder automation
scripts/contrib/build-perf-test.sh: Remove it
oe-build-perf-report: Allow branch without hostname
oe-build-perf-report: Allow commits from different branches
oe-build-perf-report: Improve branch comparision handling
oe-build-perf-report: Fix missing buildstats comparisions
wic/engine: Fix missing parted autobuilder failures
lib/buildstats: Improve error message
scripts/oe-git-archive: Separate out functionality to library function
oe-build-perf-report/gitarchive: Move common useful functions to library
bitbake: runqueue: Fix dependency loop analysis 'hangs'
bitbake: runqueue: Filter out multiconfig dependencies from BB_TASKDEPDATA
bitbake: siggen: Fix multiconfig corner case
bitbake: cooker: Tweak multiconfig dependency resolution
Robert Yang (5):
bluez5: Fix a race issue for tools
yocto-check-layer-wrapper: Fix path for oe-init-build-env
checklayer: Avoid adding the layer if it is already present
runqemu: Let qemuparams override default settings
runqemu: Make QB_MEM easier to set
Ross Burton (3):
e2fsprogs: fix file system generation with large files
linux-firmware: recommend split up packages
linux-firmware: split out liquidio firmware
Scott Rifenbark (2):
poky.ent: Updated "meta-intel" version to "10.1"
overview-manual, mega-manual: Updated Package Feeds diagram
Serhey Popovych (1):
openssl: Skip assembler optimized code for powerpc64 with musl
William Bourque (1):
wic/engine.py: Load paths from PATH environment variable
Xulin Sun (1):
openssl: fix multilib file install conflicts
Zheng Ruoqin (1):
mdadm: add init and service scripts
Change-Id: Ib14c2fb69d25d84aa3d4bf0a6715bba57d1eb900
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/poky/meta/classes/package.bbclass b/poky/meta/classes/package.bbclass
index 0fe9576..66e423e 100644
--- a/poky/meta/classes/package.bbclass
+++ b/poky/meta/classes/package.bbclass
@@ -2122,7 +2122,7 @@
# Since bitbake can't determine which variables are accessed during package
# iteration, we need to list them here:
-PACKAGEVARS = "FILES RDEPENDS RRECOMMENDS SUMMARY DESCRIPTION RSUGGESTS RPROVIDES RCONFLICTS PKG ALLOW_EMPTY pkg_postinst pkg_postrm INITSCRIPT_NAME INITSCRIPT_PARAMS DEBIAN_NOAUTONAME ALTERNATIVE PKGE PKGV PKGR USERADD_PARAM GROUPADD_PARAM CONFFILES SYSTEMD_SERVICE LICENSE SECTION pkg_preinst pkg_prerm RREPLACES GROUPMEMS_PARAM SYSTEMD_AUTO_ENABLE SKIP_FILEDEPS PRIVATE_LIBS"
+PACKAGEVARS = "FILES RDEPENDS RRECOMMENDS SUMMARY DESCRIPTION RSUGGESTS RPROVIDES RCONFLICTS PKG ALLOW_EMPTY pkg_postinst pkg_postrm pkg_postinst_ontarget INITSCRIPT_NAME INITSCRIPT_PARAMS DEBIAN_NOAUTONAME ALTERNATIVE PKGE PKGV PKGR USERADD_PARAM GROUPADD_PARAM CONFFILES SYSTEMD_SERVICE LICENSE SECTION pkg_preinst pkg_prerm RREPLACES GROUPMEMS_PARAM SYSTEMD_AUTO_ENABLE SKIP_FILEDEPS PRIVATE_LIBS"
def gen_packagevar(d):
ret = []
diff --git a/poky/meta/lib/oeqa/runtime/cases/logrotate.py b/poky/meta/lib/oeqa/runtime/cases/logrotate.py
index db6e695..d266644 100644
--- a/poky/meta/lib/oeqa/runtime/cases/logrotate.py
+++ b/poky/meta/lib/oeqa/runtime/cases/logrotate.py
@@ -9,8 +9,12 @@
class LogrotateTest(OERuntimeTestCase):
@classmethod
+ def setUpClass(cls):
+ cls.tc.target.run('cp /etc/logrotate.d/wtmp $HOME/wtmp.oeqabak')
+
+ @classmethod
def tearDownClass(cls):
- cls.tc.target.run('rm -rf $HOME/logrotate_dir')
+ cls.tc.target.run('mv -f $HOME/wtmp.oeqabak /etc/logrotate.d/wtmp && rm -rf $HOME/logrotate_dir')
@OETestID(1544)
@OETestDepends(['ssh.SSHTest.test_ssh'])
diff --git a/poky/meta/lib/oeqa/runtime/cases/perl.py b/poky/meta/lib/oeqa/runtime/cases/perl.py
index afeeb18..be3287f 100644
--- a/poky/meta/lib/oeqa/runtime/cases/perl.py
+++ b/poky/meta/lib/oeqa/runtime/cases/perl.py
@@ -1,11 +1,13 @@
import os
from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.core.decorator.depends import OETestDepends
from oeqa.core.decorator.oeid import OETestID
from oeqa.runtime.decorator.package import OEHasPackage
class PerlTest(OERuntimeTestCase):
@OETestID(208)
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
@OEHasPackage(['perl'])
def test_perl_works(self):
status, output = self.target.run("perl -e '$_=\"Uryyb, jbeyq\"; tr/a-zA-Z/n-za-mN-ZA-M/;print'")
diff --git a/poky/meta/lib/oeqa/runtime/cases/ptest.py b/poky/meta/lib/oeqa/runtime/cases/ptest.py
index 0972a58..2a28ca5 100644
--- a/poky/meta/lib/oeqa/runtime/cases/ptest.py
+++ b/poky/meta/lib/oeqa/runtime/cases/ptest.py
@@ -1,55 +1,16 @@
import unittest
import pprint
+import datetime
from oeqa.runtime.case import OERuntimeTestCase
from oeqa.core.decorator.depends import OETestDepends
from oeqa.core.decorator.oeid import OETestID
from oeqa.core.decorator.data import skipIfNotFeature
from oeqa.runtime.decorator.package import OEHasPackage
-from oeqa.utils.logparser import Lparser, Result
+from oeqa.utils.logparser import PtestParser
class PtestRunnerTest(OERuntimeTestCase):
- # a ptest log parser
- def parse_ptest(self, logfile):
- parser = Lparser(test_0_pass_regex="^PASS:(.+)",
- test_0_fail_regex="^FAIL:(.+)",
- test_0_skip_regex="^SKIP:(.+)",
- section_0_begin_regex="^BEGIN: .*/(.+)/ptest",
- section_0_end_regex="^END: .*/(.+)/ptest")
- parser.init()
- result = Result()
-
- with open(logfile, errors='replace') as f:
- for line in f:
- result_tuple = parser.parse_line(line)
- if not result_tuple:
- continue
- result_tuple = line_type, category, status, name = parser.parse_line(line)
-
- if line_type == 'section' and status == 'begin':
- current_section = name
- continue
-
- if line_type == 'section' and status == 'end':
- current_section = None
- continue
-
- if line_type == 'test' and status == 'pass':
- result.store(current_section, name, status)
- continue
-
- if line_type == 'test' and status == 'fail':
- result.store(current_section, name, status)
- continue
-
- if line_type == 'test' and status == 'skip':
- result.store(current_section, name, status)
- continue
-
- result.sort_tests()
- return result
-
@OETestID(1600)
@skipIfNotFeature('ptest', 'Test requires ptest to be in DISTRO_FEATURES')
@OETestDepends(['ssh.SSHTest.test_ssh'])
@@ -60,8 +21,6 @@
if status != 0:
self.skipTest("No -ptest packages are installed in the image")
- import datetime
-
test_log_dir = self.td.get('TEST_LOG_DIR', '')
# The TEST_LOG_DIR maybe NULL when testimage is added after
# testdata.json is generated.
@@ -69,9 +28,9 @@
test_log_dir = os.path.join(self.td.get('WORKDIR', ''), 'testimage')
# Don't use self.td.get('DATETIME'), it's from testdata.json, not
# up-to-date, and may cause "File exists" when re-reun.
- datetime = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
+ timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
ptest_log_dir_link = os.path.join(test_log_dir, 'ptest_log')
- ptest_log_dir = '%s.%s' % (ptest_log_dir_link, datetime)
+ ptest_log_dir = '%s.%s' % (ptest_log_dir_link, timestamp)
ptest_runner_log = os.path.join(ptest_log_dir, 'ptest-runner.log')
status, output = self.target.run('ptest-runner', 0)
@@ -88,25 +47,36 @@
extras['ptestresult.rawlogs'] = {'log': output}
# Parse and save results
- parse_result = self.parse_ptest(ptest_runner_log)
- parse_result.log_as_files(ptest_log_dir, test_status = ['pass','fail', 'skip'])
+ parser = PtestParser()
+ results, sections = parser.parse(ptest_runner_log)
+ parser.results_as_files(ptest_log_dir)
if os.path.exists(ptest_log_dir_link):
# Remove the old link to create a new one
os.remove(ptest_log_dir_link)
os.symlink(os.path.basename(ptest_log_dir), ptest_log_dir_link)
+ extras['ptestresult.sections'] = sections
+
trans = str.maketrans("()", "__")
- resmap = {'pass': 'PASSED', 'skip': 'SKIPPED', 'fail': 'FAILED'}
- for section in parse_result.result_dict:
- for test, result in parse_result.result_dict[section]:
- testname = "ptestresult." + section + "." + "_".join(test.translate(trans).split())
- extras[testname] = {'status': resmap[result]}
+ for section in results:
+ for test in results[section]:
+ result = results[section][test]
+ testname = "ptestresult." + (section or "No-section") + "." + "_".join(test.translate(trans).split())
+ extras[testname] = {'status': result}
failed_tests = {}
- for section in parse_result.result_dict:
- failed_testcases = [ "_".join(test.translate(trans).split()) for test, result in parse_result.result_dict[section] if result == 'fail' ]
+ for section in results:
+ failed_testcases = [ "_".join(test.translate(trans).split()) for test in results[section] if results[section][test] == 'fail' ]
if failed_testcases:
failed_tests[section] = failed_testcases
+ failmsg = ""
+ status, output = self.target.run('dmesg | grep "Killed process"', 0)
+ if output:
+ failmsg = "ERROR: Processes were killed by the OOM Killer:\n%s\n" % output
+
if failed_tests:
- self.fail("Failed ptests:\n%s" % pprint.pformat(failed_tests))
+ failmsg = failmsg + "Failed ptests:\n%s" % pprint.pformat(failed_tests)
+
+ if failmsg:
+ self.fail(failmsg)
diff --git a/poky/meta/lib/oeqa/selftest/cases/wic.py b/poky/meta/lib/oeqa/selftest/cases/wic.py
index 36ee5e5..79925f9 100644
--- a/poky/meta/lib/oeqa/selftest/cases/wic.py
+++ b/poky/meta/lib/oeqa/selftest/cases/wic.py
@@ -625,9 +625,11 @@
self.remove_config(config)
with runqemu('wic-image-minimal', ssh=False) as qemu:
- cmd = "mount |grep '^/dev/' | cut -f1,3 -d ' ' | sort"
+ cmd = "mount | grep '^/dev/' | cut -f1,3 -d ' ' | egrep -c -e '/dev/sda1 /boot' " \
+ "-e '/dev/root /|/dev/sda2 /' -e '/dev/sda3 /media' -e '/dev/sda4 /mnt'"
status, output = qemu.run_serial(cmd)
- self.assertEqual(output, '/dev/root /\r\n/dev/sda1 /boot\r\n/dev/sda3 /media\r\n/dev/sda4 /mnt')
+ self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
+ self.assertEqual(output, '4')
cmd = "grep UUID= /etc/fstab"
status, output = qemu.run_serial(cmd)
self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
diff --git a/poky/meta/lib/oeqa/utils/gitarchive.py b/poky/meta/lib/oeqa/utils/gitarchive.py
new file mode 100644
index 0000000..ff614d0
--- /dev/null
+++ b/poky/meta/lib/oeqa/utils/gitarchive.py
@@ -0,0 +1,244 @@
+#
+# Helper functions for committing data to git and pushing upstream
+#
+# Copyright (c) 2017, Intel Corporation.
+# Copyright (c) 2019, Linux Foundation
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms and conditions of the GNU General Public License,
+# version 2, as published by the Free Software Foundation.
+#
+# This program is distributed in the hope it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+# more details.
+#
+
+import os
+import re
+import sys
+from operator import attrgetter
+from collections import namedtuple
+from oeqa.utils.git import GitRepo, GitError
+
+class ArchiveError(Exception):
+ """Internal error handling of this script"""
+
+def format_str(string, fields):
+ """Format string using the given fields (dict)"""
+ try:
+ return string.format(**fields)
+ except KeyError as err:
+ raise ArchiveError("Unable to expand string '{}': unknown field {} "
+ "(valid fields are: {})".format(
+ string, err, ', '.join(sorted(fields.keys()))))
+
+
+def init_git_repo(path, no_create, bare, log):
+ """Initialize local Git repository"""
+ path = os.path.abspath(path)
+ if os.path.isfile(path):
+ raise ArchiveError("Invalid Git repo at {}: path exists but is not a "
+ "directory".format(path))
+ if not os.path.isdir(path) or not os.listdir(path):
+ if no_create:
+ raise ArchiveError("No git repo at {}, refusing to create "
+ "one".format(path))
+ if not os.path.isdir(path):
+ try:
+ os.mkdir(path)
+ except (FileNotFoundError, PermissionError) as err:
+ raise ArchiveError("Failed to mkdir {}: {}".format(path, err))
+ if not os.listdir(path):
+ log.info("Initializing a new Git repo at %s", path)
+ repo = GitRepo.init(path, bare)
+ try:
+ repo = GitRepo(path, is_topdir=True)
+ except GitError:
+ raise ArchiveError("Non-empty directory that is not a Git repository "
+ "at {}\nPlease specify an existing Git repository, "
+ "an empty directory or a non-existing directory "
+ "path.".format(path))
+ return repo
+
+
+def git_commit_data(repo, data_dir, branch, message, exclude, notes, log):
+ """Commit data into a Git repository"""
+ log.info("Committing data into to branch %s", branch)
+ tmp_index = os.path.join(repo.git_dir, 'index.oe-git-archive')
+ try:
+ # Create new tree object from the data
+ env_update = {'GIT_INDEX_FILE': tmp_index,
+ 'GIT_WORK_TREE': os.path.abspath(data_dir)}
+ repo.run_cmd('add .', env_update)
+
+ # Remove files that are excluded
+ if exclude:
+ repo.run_cmd(['rm', '--cached'] + [f for f in exclude], env_update)
+
+ tree = repo.run_cmd('write-tree', env_update)
+
+ # Create new commit object from the tree
+ parent = repo.rev_parse(branch)
+ git_cmd = ['commit-tree', tree, '-m', message]
+ if parent:
+ git_cmd += ['-p', parent]
+ commit = repo.run_cmd(git_cmd, env_update)
+
+ # Create git notes
+ for ref, filename in notes:
+ ref = ref.format(branch_name=branch)
+ repo.run_cmd(['notes', '--ref', ref, 'add',
+ '-F', os.path.abspath(filename), commit])
+
+ # Update branch head
+ git_cmd = ['update-ref', 'refs/heads/' + branch, commit]
+ if parent:
+ git_cmd.append(parent)
+ repo.run_cmd(git_cmd)
+
+ # Update current HEAD, if we're on branch 'branch'
+ if not repo.bare and repo.get_current_branch() == branch:
+ log.info("Updating %s HEAD to latest commit", repo.top_dir)
+ repo.run_cmd('reset --hard')
+
+ return commit
+ finally:
+ if os.path.exists(tmp_index):
+ os.unlink(tmp_index)
+
+
+def expand_tag_strings(repo, name_pattern, msg_subj_pattern, msg_body_pattern,
+ keywords):
+ """Generate tag name and message, with support for running id number"""
+ keyws = keywords.copy()
+ # Tag number is handled specially: if not defined, we autoincrement it
+ if 'tag_number' not in keyws:
+ # Fill in all other fields than 'tag_number'
+ keyws['tag_number'] = '{tag_number}'
+ tag_re = format_str(name_pattern, keyws)
+ # Replace parentheses for proper regex matching
+ tag_re = tag_re.replace('(', '\(').replace(')', '\)') + '$'
+ # Inject regex group pattern for 'tag_number'
+ tag_re = tag_re.format(tag_number='(?P<tag_number>[0-9]{1,5})')
+
+ keyws['tag_number'] = 0
+ for existing_tag in repo.run_cmd('tag').splitlines():
+ match = re.match(tag_re, existing_tag)
+
+ if match and int(match.group('tag_number')) >= keyws['tag_number']:
+ keyws['tag_number'] = int(match.group('tag_number')) + 1
+
+ tag_name = format_str(name_pattern, keyws)
+ msg_subj= format_str(msg_subj_pattern.strip(), keyws)
+ msg_body = format_str(msg_body_pattern, keyws)
+ return tag_name, msg_subj + '\n\n' + msg_body
+
+def gitarchive(data_dir, git_dir, no_create, bare, commit_msg_subject, commit_msg_body, branch_name, no_tag, tagname, tag_msg_subject, tag_msg_body, exclude, notes, push, keywords, log):
+
+ if not os.path.isdir(data_dir):
+ raise ArchiveError("Not a directory: {}".format(data_dir))
+
+ data_repo = init_git_repo(git_dir, no_create, bare, log)
+
+ # Expand strings early in order to avoid getting into inconsistent
+ # state (e.g. no tag even if data was committed)
+ commit_msg = format_str(commit_msg_subject.strip(), keywords)
+ commit_msg += '\n\n' + format_str(commit_msg_body, keywords)
+ branch_name = format_str(branch_name, keywords)
+ tag_name = None
+ if not no_tag and tagname:
+ tag_name, tag_msg = expand_tag_strings(data_repo, tagname,
+ tag_msg_subject,
+ tag_msg_body, keywords)
+
+ # Commit data
+ commit = git_commit_data(data_repo, data_dir, branch_name,
+ commit_msg, exclude, notes, log)
+
+ # Create tag
+ if tag_name:
+ log.info("Creating tag %s", tag_name)
+ data_repo.run_cmd(['tag', '-a', '-m', tag_msg, tag_name, commit])
+
+ # Push data to remote
+ if push:
+ cmd = ['push', '--tags']
+ # If no remote is given we push with the default settings from
+ # gitconfig
+ if push is not True:
+ notes_refs = ['refs/notes/' + ref.format(branch_name=branch_name)
+ for ref, _ in notes]
+ cmd.extend([push, branch_name] + notes_refs)
+ log.info("Pushing data to remote")
+ data_repo.run_cmd(cmd)
+
+# Container class for tester revisions
+TestedRev = namedtuple('TestedRev', 'commit commit_number tags')
+
+def get_test_runs(log, repo, tag_name, **kwargs):
+ """Get a sorted list of test runs, matching given pattern"""
+ # First, get field names from the tag name pattern
+ field_names = [m.group(1) for m in re.finditer(r'{(\w+)}', tag_name)]
+ undef_fields = [f for f in field_names if f not in kwargs.keys()]
+
+ # Fields for formatting tag name pattern
+ str_fields = dict([(f, '*') for f in field_names])
+ str_fields.update(kwargs)
+
+ # Get a list of all matching tags
+ tag_pattern = tag_name.format(**str_fields)
+ tags = repo.run_cmd(['tag', '-l', tag_pattern]).splitlines()
+ log.debug("Found %d tags matching pattern '%s'", len(tags), tag_pattern)
+
+ # Parse undefined fields from tag names
+ str_fields = dict([(f, r'(?P<{}>[\w\-.()]+)'.format(f)) for f in field_names])
+ str_fields['branch'] = r'(?P<branch>[\w\-.()/]+)'
+ str_fields['commit'] = '(?P<commit>[0-9a-f]{7,40})'
+ str_fields['commit_number'] = '(?P<commit_number>[0-9]{1,7})'
+ str_fields['tag_number'] = '(?P<tag_number>[0-9]{1,5})'
+ # escape parenthesis in fields in order to not messa up the regexp
+ fixed_fields = dict([(k, v.replace('(', r'\(').replace(')', r'\)')) for k, v in kwargs.items()])
+ str_fields.update(fixed_fields)
+ tag_re = re.compile(tag_name.format(**str_fields))
+
+ # Parse fields from tags
+ revs = []
+ for tag in tags:
+ m = tag_re.match(tag)
+ groups = m.groupdict()
+ revs.append([groups[f] for f in undef_fields] + [tag])
+
+ # Return field names and a sorted list of revs
+ return undef_fields, sorted(revs)
+
+def get_test_revs(log, repo, tag_name, **kwargs):
+ """Get list of all tested revisions"""
+ fields, runs = get_test_runs(log, repo, tag_name, **kwargs)
+
+ revs = {}
+ commit_i = fields.index('commit')
+ commit_num_i = fields.index('commit_number')
+ for run in runs:
+ commit = run[commit_i]
+ commit_num = run[commit_num_i]
+ tag = run[-1]
+ if not commit in revs:
+ revs[commit] = TestedRev(commit, commit_num, [tag])
+ else:
+ assert commit_num == revs[commit].commit_number, "Commit numbers do not match"
+ revs[commit].tags.append(tag)
+
+ # Return in sorted table
+ revs = sorted(revs.values(), key=attrgetter('commit_number'))
+ log.debug("Found %d tested revisions:\n %s", len(revs),
+ "\n ".join(['{} ({})'.format(rev.commit_number, rev.commit) for rev in revs]))
+ return revs
+
+def rev_find(revs, attr, val):
+ """Search from a list of TestedRev"""
+ for i, rev in enumerate(revs):
+ if getattr(rev, attr) == val:
+ return i
+ raise ValueError("Unable to find '{}' value '{}'".format(attr, val))
+
diff --git a/poky/meta/lib/oeqa/utils/logparser.py b/poky/meta/lib/oeqa/utils/logparser.py
index 0670627..32fde14 100644
--- a/poky/meta/lib/oeqa/utils/logparser.py
+++ b/poky/meta/lib/oeqa/utils/logparser.py
@@ -3,124 +3,86 @@
import sys
import os
import re
-from . import ftools
-
# A parser that can be used to identify weather a line is a test result or a section statement.
-class Lparser(object):
-
- def __init__(self, test_0_pass_regex, test_0_fail_regex, test_0_skip_regex, section_0_begin_regex=None, section_0_end_regex=None, **kwargs):
- # Initialize the arguments dictionary
- if kwargs:
- self.args = kwargs
- else:
- self.args = {}
-
- # Add the default args to the dictionary
- self.args['test_0_pass_regex'] = test_0_pass_regex
- self.args['test_0_fail_regex'] = test_0_fail_regex
- self.args['test_0_skip_regex'] = test_0_skip_regex
- if section_0_begin_regex:
- self.args['section_0_begin_regex'] = section_0_begin_regex
- if section_0_end_regex:
- self.args['section_0_end_regex'] = section_0_end_regex
-
- self.test_possible_status = ['pass', 'fail', 'error', 'skip']
- self.section_possible_status = ['begin', 'end']
-
- self.initialized = False
-
-
- # Initialize the parser with the current configuration
- def init(self):
-
- # extra arguments can be added by the user to define new test and section categories. They must follow a pre-defined pattern: <type>_<category_name>_<status>_regex
- self.test_argument_pattern = "^test_(.+?)_(%s)_regex" % '|'.join(map(str, self.test_possible_status))
- self.section_argument_pattern = "^section_(.+?)_(%s)_regex" % '|'.join(map(str, self.section_possible_status))
-
- # Initialize the test and section regex dictionaries
- self.test_regex = {}
- self.section_regex ={}
-
- for arg, value in self.args.items():
- if not value:
- raise Exception('The value of provided argument %s is %s. Should have a valid value.' % (key, value))
- is_test = re.search(self.test_argument_pattern, arg)
- is_section = re.search(self.section_argument_pattern, arg)
- if is_test:
- if not is_test.group(1) in self.test_regex:
- self.test_regex[is_test.group(1)] = {}
- self.test_regex[is_test.group(1)][is_test.group(2)] = re.compile(value)
- elif is_section:
- if not is_section.group(1) in self.section_regex:
- self.section_regex[is_section.group(1)] = {}
- self.section_regex[is_section.group(1)][is_section.group(2)] = re.compile(value)
- else:
- # TODO: Make these call a traceback instead of a simple exception..
- raise Exception("The provided argument name does not correspond to any valid type. Please give one of the following types:\nfor tests: %s\nfor sections: %s" % (self.test_argument_pattern, self.section_argument_pattern))
-
- self.initialized = True
-
- # Parse a line and return a tuple containing the type of result (test/section) and its category, status and name
- def parse_line(self, line):
- if not self.initialized:
- raise Exception("The parser is not initialized..")
-
- for test_category, test_status_list in self.test_regex.items():
- for test_status, status_regex in test_status_list.items():
- test_name = status_regex.search(line)
- if test_name:
- return ['test', test_category, test_status, test_name.group(1)]
-
- for section_category, section_status_list in self.section_regex.items():
- for section_status, status_regex in section_status_list.items():
- section_name = status_regex.search(line)
- if section_name:
- return ['section', section_category, section_status, section_name.group(1)]
- return None
-
-
-class Result(object):
-
+class PtestParser(object):
def __init__(self):
- self.result_dict = {}
+ self.results = {}
+ self.sections = {}
- def store(self, section, test, status):
- if not section in self.result_dict:
- self.result_dict[section] = []
+ def parse(self, logfile):
+ test_regex = {}
+ test_regex['PASSED'] = re.compile(r"^PASS:(.+)")
+ test_regex['FAILED'] = re.compile(r"^FAIL:(.+)")
+ test_regex['SKIPPED'] = re.compile(r"^SKIP:(.+)")
- self.result_dict[section].append((test, status))
+ section_regex = {}
+ section_regex['begin'] = re.compile(r"^BEGIN: .*/(.+)/ptest")
+ section_regex['end'] = re.compile(r"^END: .*/(.+)/ptest")
+ section_regex['duration'] = re.compile(r"^DURATION: (.+)")
+ section_regex['exitcode'] = re.compile(r"^ERROR: Exit status is (.+)")
+ section_regex['timeout'] = re.compile(r"^TIMEOUT: .*/(.+)/ptest")
- # sort tests by the test name(the first element of the tuple), for each section. This can be helpful when using git to diff for changes by making sure they are always in the same order.
- def sort_tests(self):
- for package in self.result_dict:
- sorted_results = sorted(self.result_dict[package], key=lambda tup: tup[0])
- self.result_dict[package] = sorted_results
+ def newsection():
+ return { 'name': "No-section", 'log': "" }
+
+ current_section = newsection()
+
+ with open(logfile, errors='replace') as f:
+ for line in f:
+ result = section_regex['begin'].search(line)
+ if result:
+ current_section['name'] = result.group(1)
+ continue
+
+ result = section_regex['end'].search(line)
+ if result:
+ if current_section['name'] != result.group(1):
+ bb.warn("Ptest END log section mismatch %s vs. %s" % (current_section['name'], result.group(1)))
+ if current_section['name'] in self.sections:
+ bb.warn("Ptest duplicate section for %s" % (current_section['name']))
+ self.sections[current_section['name']] = current_section
+ del self.sections[current_section['name']]['name']
+ current_section = newsection()
+ continue
+
+ result = section_regex['timeout'].search(line)
+ if result:
+ if current_section['name'] != result.group(1):
+ bb.warn("Ptest TIMEOUT log section mismatch %s vs. %s" % (current_section['name'], result.group(1)))
+ current_section['timeout'] = True
+ continue
+
+ for t in ['duration', 'exitcode']:
+ result = section_regex[t].search(line)
+ if result:
+ current_section[t] = result.group(1)
+ continue
+
+ current_section['log'] = current_section['log'] + line
+
+ for t in test_regex:
+ result = test_regex[t].search(line)
+ if result:
+ if current_section['name'] not in self.results:
+ self.results[current_section['name']] = {}
+ self.results[current_section['name']][result.group(1)] = t
+
+ return self.results, self.sections
# Log the results as files. The file name is the section name and the contents are the tests in that section.
- def log_as_files(self, target_dir, test_status):
- status_regex = re.compile('|'.join(map(str, test_status)))
- if not type(test_status) == type([]):
- raise Exception("test_status should be a list. Got " + str(test_status) + " instead.")
+ def results_as_files(self, target_dir):
if not os.path.exists(target_dir):
raise Exception("Target directory does not exist: %s" % target_dir)
- for section, test_results in self.result_dict.items():
- prefix = ''
- for x in test_status:
- prefix +=x+'.'
+ for section in self.results:
+ prefix = 'No-section'
if section:
- prefix += section
+ prefix = section
section_file = os.path.join(target_dir, prefix)
# purge the file contents if it exists
- open(section_file, 'w').close()
- for test_result in test_results:
- (test_name, status) = test_result
- # we log only the tests with status in the test_status list
- match_status = status_regex.search(status)
- if match_status:
- ftools.append_file(section_file, status + ": " + test_name)
+ with open(section_file, 'w') as f:
+ for test_name in sorted(self.results[section]):
+ status = self.results[section][test_name]
+ f.write(status + ": " + test_name + "\n")
- # Not yet implemented!
- def log_to_lava(self):
- pass
diff --git a/poky/meta/recipes-bsp/keymaps/keymaps_1.0.bb b/poky/meta/recipes-bsp/keymaps/keymaps_1.0.bb
index 34b208c..24b13f9 100644
--- a/poky/meta/recipes-bsp/keymaps/keymaps_1.0.bb
+++ b/poky/meta/recipes-bsp/keymaps/keymaps_1.0.bb
@@ -37,7 +37,7 @@
fi
}
-PACKAGE_WRITE_DEPS_append = " ${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd-systemctl-native','',d)}"
+PACKAGE_WRITE_DEPS_append = " ${@bb.utils.contains('DISTRO_FEATURES','systemd sysvinit','systemd-systemctl-native','',d)}"
pkg_postinst_${PN} () {
if ${@bb.utils.contains('DISTRO_FEATURES','systemd sysvinit','true','false',d)}; then
if [ -n "$D" ]; then
diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb
index 3d5f334..2e04d30 100644
--- a/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb
+++ b/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb
@@ -38,7 +38,8 @@
FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib"
FILES_avahi-utils = "${bindir}/avahi-*"
-RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV}) libavahi-client (= ${EXTENDPKGV})"
+RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})"
+RDEPENDS_${PN}-dev += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}"
RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns"
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
index 9d9739e..edb44b2 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -52,6 +52,7 @@
${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
file://0001-test-gatt-Fix-hung-issue.patch \
+ file://0001-Makefile.am-Fix-a-race-issue-for-tools.patch \
"
S = "${WORKDIR}/bluez-${PV}"
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch
new file mode 100644
index 0000000..3c227a8
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch
@@ -0,0 +1,32 @@
+From 048e1844092cb4b3afd23f16fc2cc70dd2e122b7 Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Mon, 24 Dec 2018 17:57:14 -0800
+Subject: [PATCH] Makefile.am: Fix a race issue for tools
+
+Fixed:
+cp ../bluez-5.50/tools/hid2hci.rules tools/97-hid2hci.rules
+cp: cannot create regular file tools/97-hid2hci.rules: No such file or directory
+make[1]: *** [tools/97-hid2hci.rules] Error 1
+
+Upstream-Status: Submitted[https://www.spinics.net/lists/linux-bluetooth/msg78361.html]
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index 6d1ff11..35a01f2 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -504,6 +504,7 @@ src/builtin.h: src/genbuiltin $(builtin_sources)
+ $(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@
+
+ tools/%.rules:
++ [ -e tools ] || $(MKDIR_P) tools
+ $(AM_V_GEN)cp $(srcdir)/$(subst 97-,,$@) $@
+
+ $(lib_libbluetooth_la_OBJECTS): $(local_headers)
+--
+2.10.2
+
diff --git a/poky/meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch b/poky/meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch
new file mode 100644
index 0000000..8cf8f7a
--- /dev/null
+++ b/poky/meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch
@@ -0,0 +1,194 @@
+From 2a6be4166fd718be0694fe8a6e3f1013c125dee2 Mon Sep 17 00:00:00 2001
+From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Date: Tue, 12 Jun 2018 09:01:56 +0300
+Subject: [PATCH] connect: fix parsing of WEP keys
+
+The introduction of MFP options added a bug that causes a
+segmentation fault when parsing WEP keys.
+Fix that.
+
+Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+Upstream-Status: Backport
+[https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit/?id=0e39f109c4b8155697a12ef090b59cdb304c8c44]
+Signed-off-by: Liu Haitao <haitao.liu@windriver.com>
+---
+ ap.c | 2 +-
+ connect.c | 7 ++-----
+ ibss.c | 2 +-
+ iw.h | 3 ++-
+ util.c | 36 ++++++++++++++++++------------------
+ 5 files changed, 24 insertions(+), 26 deletions(-)
+
+diff --git a/ap.c b/ap.c
+index 4bab5b9..dcce402 100644
+--- a/ap.c
++++ b/ap.c
+@@ -116,7 +116,7 @@ static int handle_start_ap(struct nl80211_state *state,
+ argv++;
+ argc--;
+
+- return parse_keys(msg, argv, argc);
++ return parse_keys(msg, &argv, &argc);
+ nla_put_failure:
+ return -ENOSPC;
+ }
+diff --git a/connect.c b/connect.c
+index 339fc73..4a847a1 100644
+--- a/connect.c
++++ b/connect.c
+@@ -54,13 +54,10 @@ static int iw_conn(struct nl80211_state *state,
+ argv++;
+ argc--;
+
+- ret = parse_keys(msg, argv, argc);
++ ret = parse_keys(msg, &argv, &argc);
+ if (ret)
+ return ret;
+
+- argc -= 4;
+- argv += 4;
+-
+ if (!argc)
+ return 0;
+
+@@ -228,7 +225,7 @@ static int iw_auth(struct nl80211_state *state,
+ argv++;
+ argc--;
+
+- return parse_keys(msg, argv, argc);
++ return parse_keys(msg, &argv, &argc);
+ nla_put_failure:
+ return -ENOSPC;
+ }
+diff --git a/ibss.c b/ibss.c
+index 84f1e95..d77fc92 100644
+--- a/ibss.c
++++ b/ibss.c
+@@ -115,7 +115,7 @@ static int join_ibss(struct nl80211_state *state,
+ argv++;
+ argc--;
+
+- return parse_keys(msg, argv, argc);
++ return parse_keys(msg, &argv, &argc);
+ nla_put_failure:
+ return -ENOSPC;
+ }
+diff --git a/iw.h b/iw.h
+index ee7ca20..8767ed3 100644
+--- a/iw.h
++++ b/iw.h
+@@ -180,7 +180,8 @@ int parse_hex_mask(char *hexmask, unsigned char **result, size_t *result_len,
+ unsigned char **mask);
+ unsigned char *parse_hex(char *hex, size_t *outlen);
+
+-int parse_keys(struct nl_msg *msg, char **argv, int argc);
++
++int parse_keys(struct nl_msg *msg, char **argv[], int *argc);
+ int parse_freqchan(struct chandef *chandef, bool chan, int argc, char **argv, int *parsed);
+ enum nl80211_chan_width str_to_bw(const char *str);
+ int put_chandef(struct nl_msg *msg, struct chandef *chandef);
+diff --git a/util.c b/util.c
+index 6e0ddff..122c019 100644
+--- a/util.c
++++ b/util.c
+@@ -417,23 +417,23 @@ static int parse_cipher_suite(const char *cipher_str)
+ return -EINVAL;
+ }
+
+-int parse_keys(struct nl_msg *msg, char **argv, int argc)
++int parse_keys(struct nl_msg *msg, char **argv[], int *argc)
+ {
+ struct nlattr *keys;
+ int i = 0;
+ bool have_default = false;
+- char *arg = *argv;
++ char *arg = **argv;
+ char keybuf[13];
+ int pos = 0;
+
+- if (!argc)
++ if (!*argc)
+ return 1;
+
+ if (!memcmp(&arg[pos], "psk", 3)) {
+ char psk_keybuf[32];
+ int cipher_suite, akm_suite;
+
+- if (argc < 4)
++ if (*argc < 4)
+ goto explain;
+
+ pos+=3;
+@@ -451,9 +451,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
+ NLA_PUT(msg, NL80211_ATTR_PMK, 32, psk_keybuf);
+ NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, NL80211_AUTHTYPE_OPEN_SYSTEM);
+
+- argv++;
+- argc--;
+- arg = *argv;
++ *argv += 1;
++ *argc -= 1;
++ arg = **argv;
+
+ akm_suite = parse_akm_suite(arg);
+ if (akm_suite < 0)
+@@ -461,9 +461,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
+
+ NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, akm_suite);
+
+- argv++;
+- argc--;
+- arg = *argv;
++ *argv += 1;
++ *argc -= 1;
++ arg = **argv;
+
+ cipher_suite = parse_cipher_suite(arg);
+ if (cipher_suite < 0)
+@@ -471,9 +471,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
+
+ NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher_suite);
+
+- argv++;
+- argc--;
+- arg = *argv;
++ *argv += 1;
++ *argc -= 1;
++ arg = **argv;
+
+ cipher_suite = parse_cipher_suite(arg);
+ if (cipher_suite < 0)
+@@ -495,7 +495,7 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
+ struct nlattr *key = nla_nest_start(msg, ++i);
+ char *keydata;
+
+- arg = *argv;
++ arg = **argv;
+ pos = 0;
+
+ if (!key)
+@@ -537,15 +537,15 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
+
+ NLA_PUT(msg, NL80211_KEY_DATA, keylen, keydata);
+
+- argv++;
+- argc--;
++ *argv += 1;
++ *argc -= 1;
+
+ /* one key should be TX key */
+- if (!have_default && !argc)
++ if (!have_default && !*argc)
+ NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
+
+ nla_nest_end(msg, key);
+- } while (argc);
++ } while (*argc);
+
+ nla_nest_end(msg, keys);
+
+--
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/iw/iw_4.14.bb b/poky/meta/recipes-connectivity/iw/iw_4.14.bb
index e1b17de..f414a4b 100644
--- a/poky/meta/recipes-connectivity/iw/iw_4.14.bb
+++ b/poky/meta/recipes-connectivity/iw/iw_4.14.bb
@@ -12,6 +12,7 @@
SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \
file://0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch \
file://separate-objdir.patch \
+ file://0001-connect-fix-parsing-of-WEP-keys.patch \
"
SRC_URI[md5sum] = "2067516ca9940fdb8c091ee3250da374"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch b/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch
new file mode 100644
index 0000000..13d39c9
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch
@@ -0,0 +1,33 @@
+From 247b3188cde5f3347091cd54271127386d3aece0 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 6 Feb 2019 22:10:33 -0800
+Subject: [PATCH] Fix BN_LLONG breakage
+
+opensslconf.h is un-defining BN_LLONG only when included from bn.h which
+is not robust at all, especially when include guards are used and
+multiple inclusions of a given header is not allowed. so lets take out
+the nesting constraint and add OPENSSL_SYS_UEFI constraint instead
+
+Upstream-Status: Inappropriate [ fixed differently with OpenSSL 1.1+ ]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ crypto/opensslconf.h.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in
+index 7a1c85d..a10c10f 100644
+--- a/crypto/opensslconf.h.in
++++ b/crypto/opensslconf.h.in
+@@ -56,7 +56,7 @@
+ #endif
+ #endif
+
+-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
++#if !defined(OPENSSL_SYS_UEFI) && !defined(CONFIG_HEADER_BN_H)
+ #define CONFIG_HEADER_BN_H
+ #undef BN_LLONG
+
+--
+2.20.1
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl10/0001-fix-CVE-2018-0734.patch b/poky/meta/recipes-connectivity/openssl/openssl10/0001-fix-CVE-2018-0734.patch
deleted file mode 100644
index b9865a6..0000000
--- a/poky/meta/recipes-connectivity/openssl/openssl10/0001-fix-CVE-2018-0734.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-CVE: CVE-2018-0734
-
-Upstream-Status: Backport
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From 43e6a58d4991a451daf4891ff05a48735df871ac Mon Sep 17 00:00:00 2001
-From: Pauli <paul.dale@oracle.com>
-Date: Mon, 29 Oct 2018 08:24:22 +1000
-Subject: [PATCH] Merge DSA reallocation timing fix CVE-2018-0734.
-
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7513)
----
- crypto/dsa/dsa_ossl.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
-index 2dcfedeeee..100e269268 100644
---- a/crypto/dsa/dsa_ossl.c
-+++ b/crypto/dsa/dsa_ossl.c
-@@ -279,7 +279,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
- goto err;
-
- /* Preallocate space */
-- q_bits = BN_num_bits(dsa->q);
-+ q_bits = BN_num_bits(dsa->q) + sizeof(dsa->q->d[0]) * 16;
- if (!BN_set_bit(&k, q_bits)
- || !BN_set_bit(&l, q_bits)
- || !BN_set_bit(&m, q_bits))
---
-2.17.0
-
diff --git a/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2p.bb b/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
similarity index 97%
rename from poky/meta/recipes-connectivity/openssl/openssl10_1.0.2p.bb
rename to poky/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
index 42f9bcf..355dbdc 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2p.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
@@ -40,7 +40,7 @@
file://0001-Fix-build-with-clang-using-external-assembler.patch \
file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
file://0001-allow-manpages-to-be-disabled.patch \
- file://0001-fix-CVE-2018-0734.patch \
+ file://0001-Fix-BN_LLONG-breakage.patch \
"
SRC_URI_append_class-target = " \
@@ -52,8 +52,8 @@
file://environment.d-openssl.sh \
"
-SRC_URI[md5sum] = "ac5eb30bf5798aa14b1ae6d0e7da58df"
-SRC_URI[sha256sum] = "50a98e07b1a89eb8f6a99477f262df71c6fa7bef77df4dc83025a2845c827d00"
+SRC_URI[md5sum] = "7563e1ce046cb21948eeb6ba1a0eb71c"
+SRC_URI[sha256sum] = "5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684"
S = "${WORKDIR}/openssl-${PV}"
@@ -82,6 +82,7 @@
TERMIO ?= "-DTERMIO"
TERMIO_libc-musl = "-DTERMIOS"
+EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
${TERMIO} ${CFLAGS} -Wall"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
index be31e9f..e9e9fac 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
@@ -34,6 +34,7 @@
#| ./libcrypto.so: undefined reference to `setcontext'
#| ./libcrypto.so: undefined reference to `makecontext'
EXTRA_OECONF_append_libc-musl = " no-async"
+EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
# This prevents openssl from using getrandom() which is not available on older glibc versions
# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
@@ -154,6 +155,8 @@
sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
}
+PTEST_BUILD_HOST_FILES += "configdata.pm"
+PTEST_BUILD_HOST_PATTERN = "perl_version ="
do_install_ptest () {
# Prune the build tree
rm -f ${B}/fuzz/*.* ${B}/test/*.*
@@ -201,3 +204,7 @@
RCONFLICTS_openssl-conf = "openssl10-conf"
BBCLASSEXTEND = "native nativesdk"
+
+inherit multilib_script
+
+MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
diff --git a/poky/meta/recipes-core/busybox/busybox-inittab_1.29.2.bb b/poky/meta/recipes-core/busybox/busybox-inittab_1.29.3.bb
similarity index 100%
rename from poky/meta/recipes-core/busybox/busybox-inittab_1.29.2.bb
rename to poky/meta/recipes-core/busybox/busybox-inittab_1.29.3.bb
diff --git a/poky/meta/recipes-core/busybox/busybox_1.29.2.bb b/poky/meta/recipes-core/busybox/busybox_1.29.3.bb
similarity index 91%
rename from poky/meta/recipes-core/busybox/busybox_1.29.2.bb
rename to poky/meta/recipes-core/busybox/busybox_1.29.3.bb
index df3ea59..6064e9f 100644
--- a/poky/meta/recipes-core/busybox/busybox_1.29.2.bb
+++ b/poky/meta/recipes-core/busybox/busybox_1.29.3.bb
@@ -44,5 +44,5 @@
"
SRC_URI_append_libc-musl = " file://musl.cfg "
-SRC_URI[tarball.md5sum] = "46617af37a39579711d8b36f189cdf1e"
-SRC_URI[tarball.sha256sum] = "67d2fa6e147a45875fe972de62d907ef866fe784c495c363bf34756c444a5d61"
+SRC_URI[tarball.md5sum] = "0a367e19cdfd157e8258d87f893ee516"
+SRC_URI[tarball.sha256sum] = "97648636e579462296478e0218e65e4bc1e9cd69089a3b1aeb810bff7621efb7"
diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-create_inode-fix-copying-large-files.patch b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-create_inode-fix-copying-large-files.patch
new file mode 100644
index 0000000..c89581d
--- /dev/null
+++ b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-create_inode-fix-copying-large-files.patch
@@ -0,0 +1,50 @@
+Upstream-Status: Submitted
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 674ab87b8338372338d20e21a350f88b4ff6c7c8 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Fri, 1 Feb 2019 10:59:59 +0000
+Subject: [PATCH] create_inode: fix copying large files
+
+When copying large files into a ext filesystem at mkfs time the copy fails at
+2^31 bytes in. There are two problems:
+
+copy_file_chunk() passes an offset (off_t, 64-bit typically) to
+ext2fs_file_lseek() which expects a ext2_off_t (typedef to __u32) so the value
+is truncated. Solve by calling ext2fs_file_llseek() which takes a u64 offset
+instead.
+
+try_lseek_copy() rounds the data and hole offsets as found by lseek() to block
+boundaries, but the calculation gets truncated to 32-bits. Solve by casting the
+32-bit blocksize to off_t to ensure this doesn't happen.
+
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+---
+ misc/create_inode.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/misc/create_inode.c b/misc/create_inode.c
+index 05aa6363..f106dcda 100644
+--- a/misc/create_inode.c
++++ b/misc/create_inode.c
+@@ -438,7 +438,7 @@ static errcode_t copy_file_chunk(ext2_filsys fs, int fd, ext2_file_t e2_file,
+ ptr += blen;
+ continue;
+ }
+- err = ext2fs_file_lseek(e2_file, off + bpos,
++ err = ext2fs_file_llseek(e2_file, off + bpos,
+ EXT2_SEEK_SET, NULL);
+ if (err)
+ goto fail;
+@@ -481,7 +481,7 @@ static errcode_t try_lseek_copy(ext2_filsys fs, int fd, struct stat *statbuf,
+ return EXT2_ET_UNIMPLEMENTED;
+
+ data_blk = data & ~(fs->blocksize - 1);
+- hole_blk = (hole + (fs->blocksize - 1)) & ~(fs->blocksize - 1);
++ hole_blk = (hole + (off_t)(fs->blocksize - 1)) & ~(off_t)(fs->blocksize - 1);
+ err = copy_file_chunk(fs, fd, e2_file, data_blk, hole_blk, buf,
+ zerobuf);
+ if (err)
+--
+2.11.0
+
diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.3.bb b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.3.bb
index ce95dec..cffb536 100644
--- a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.3.bb
+++ b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.3.bb
@@ -6,6 +6,7 @@
file://Revert-mke2fs-enable-the-metadata_csum-and-64bit-fea.patch \
file://mkdir_p.patch \
file://0001-misc-create_inode.c-set-dir-s-mode-correctly.patch \
+ file://0001-create_inode-fix-copying-large-files.patch \
"
SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \
diff --git a/poky/meta/recipes-devtools/icecc-toolchain/icecc-toolchain/icecc-env.sh b/poky/meta/recipes-devtools/icecc-toolchain/icecc-toolchain/icecc-env.sh
index 9476007..990d2fb 100644
--- a/poky/meta/recipes-devtools/icecc-toolchain/icecc-toolchain/icecc-env.sh
+++ b/poky/meta/recipes-devtools/icecc-toolchain/icecc-toolchain/icecc-env.sh
@@ -21,7 +21,7 @@
#
if [ -z "$ICECC_PATH" ]; then
- ICECC_PATH=$(which icecc 2> /dev/null)
+ ICECC_PATH=$(which icecc 2> /dev/null || true)
fi
if [ -n "$ICECC_PATH" ]; then
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch
new file mode 100644
index 0000000..b2c1ade
--- /dev/null
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch
@@ -0,0 +1,177 @@
+From c8c77690199b677f70093824382f0881e643e17b Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 5 Dec 2018 12:22:13 +0000
+Subject: [PATCH 1/7] Sanitize op stack for error conditions
+
+We save the stacks to an array and store the array for the error handler to
+access.
+
+For SAFER, we traverse the array, and deep copy any op arrays (procedures). As
+we make these copies, we check for operators that do *not* exist in systemdict,
+when we find one, we replace the operator with a name object (of the form
+"/--opname--").
+
+CVE: CVE-2019-6116
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ psi/int.mak | 3 +-
+ psi/interp.c | 8 ++++++
+ psi/istack.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+ psi/istack.h | 3 ++
+ 4 files changed, 91 insertions(+), 1 deletion(-)
+
+diff --git a/psi/int.mak b/psi/int.mak
+index 6ab5bf0..6b349cb 100644
+--- a/psi/int.mak
++++ b/psi/int.mak
+@@ -204,7 +204,8 @@ $(PSOBJ)iparam.$(OBJ) : $(PSSRC)iparam.c $(GH)\
+ $(PSOBJ)istack.$(OBJ) : $(PSSRC)istack.c $(GH) $(memory__h)\
+ $(ierrors_h) $(gsstruct_h) $(gsutil_h)\
+ $(ialloc_h) $(istack_h) $(istkparm_h) $(istruct_h) $(iutil_h) $(ivmspace_h)\
+- $(store_h) $(INT_MAK) $(MAKEDIRS)
++ $(store_h) $(icstate_h) $(iname_h) $(dstack_h) $(idict_h) \
++ $(INT_MAK) $(MAKEDIRS)
+ $(PSCC) $(PSO_)istack.$(OBJ) $(C_) $(PSSRC)istack.c
+
+ $(PSOBJ)iutil.$(OBJ) : $(PSSRC)iutil.c $(GH) $(math__h) $(memory__h) $(string__h)\
+diff --git a/psi/interp.c b/psi/interp.c
+index 6dc0dda..aa5779c 100644
+--- a/psi/interp.c
++++ b/psi/interp.c
+@@ -761,6 +761,7 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr)
+ uint size = ref_stack_count(pstack) - skip;
+ uint save_space = ialloc_space(idmemory);
+ int code, i;
++ ref *safety, *safe;
+
+ if (size > 65535)
+ size = 65535;
+@@ -778,6 +779,13 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr)
+ make_null(&arr->value.refs[i]);
+ }
+ }
++ if (pstack == &o_stack && dict_find_string(systemdict, "SAFETY", &safety) > 0 &&
++ dict_find_string(safety, "safe", &safe) > 0 && r_has_type(safe, t_boolean) &&
++ safe->value.boolval == true) {
++ code = ref_stack_array_sanitize(i_ctx_p, arr, arr);
++ if (code < 0)
++ return code;
++ }
+ ialloc_set_space(idmemory, save_space);
+ return code;
+ }
+diff --git a/psi/istack.c b/psi/istack.c
+index 8fe151f..f1a3e51 100644
+--- a/psi/istack.c
++++ b/psi/istack.c
+@@ -27,6 +27,10 @@
+ #include "iutil.h"
+ #include "ivmspace.h" /* for local/global test */
+ #include "store.h"
++#include "icstate.h"
++#include "iname.h"
++#include "dstack.h"
++#include "idict.h"
+
+ /* Forward references */
+ static void init_block(ref_stack_t *pstack, const ref *pblock_array,
+@@ -294,6 +298,80 @@ ref_stack_store_check(const ref_stack_t *pstack, ref *parray, uint count,
+ return 0;
+ }
+
++int
++ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr)
++{
++ int i, code;
++ ref obj, arr2;
++ ref *pobj2;
++ gs_memory_t *mem = (gs_memory_t *)idmemory->current;
++
++ if (!r_is_array(sarr) || !r_has_type(darr, t_array))
++ return_error(gs_error_typecheck);
++
++ for (i = 0; i < r_size(sarr); i++) {
++ code = array_get(mem, sarr, i, &obj);
++ if (code < 0)
++ make_null(&obj);
++ switch(r_type(&obj)) {
++ case t_operator:
++ {
++ int index = op_index(&obj);
++
++ if (index > 0 && index < op_def_count) {
++ const byte *data = (const byte *)(op_index_def(index)->oname + 1);
++ if (dict_find_string(systemdict, (const char *)data, &pobj2) <= 0) {
++ byte *s = gs_alloc_bytes(mem, strlen((char *)data) + 5, "ref_stack_array_sanitize");
++ if (s) {
++ s[0] = '\0';
++ strcpy((char *)s, "--");
++ strcpy((char *)s + 2, (char *)data);
++ strcpy((char *)s + strlen((char *)data) + 2, "--");
++ }
++ else {
++ s = (byte *)data;
++ }
++ code = name_ref(imemory, s, strlen((char *)s), &obj, 1);
++ if (code < 0) make_null(&obj);
++ if (s != data)
++ gs_free_object(mem, s, "ref_stack_array_sanitize");
++ }
++ }
++ else {
++ make_null(&obj);
++ }
++ ref_assign(darr->value.refs + i, &obj);
++ break;
++ }
++ case t_array:
++ case t_shortarray:
++ case t_mixedarray:
++ {
++ int attrs = r_type_attrs(&obj) & (a_write | a_read | a_execute | a_executable);
++ /* We only want to copy executable arrays */
++ if (attrs & (a_execute | a_executable)) {
++ code = ialloc_ref_array(&arr2, attrs, r_size(&obj), "ref_stack_array_sanitize");
++ if (code < 0) {
++ make_null(&arr2);
++ }
++ else {
++ code = ref_stack_array_sanitize(i_ctx_p, &obj, &arr2);
++ }
++ ref_assign(darr->value.refs + i, &arr2);
++ }
++ else {
++ ref_assign(darr->value.refs + i, &obj);
++ }
++ break;
++ }
++ default:
++ ref_assign(darr->value.refs + i, &obj);
++ }
++ }
++ return 0;
++}
++
++
+ /*
+ * Store the top 'count' elements of a stack, starting 'skip' elements below
+ * the top, into an array, with or without store/undo checking. age=-1 for
+diff --git a/psi/istack.h b/psi/istack.h
+index 051dcbe..54be405 100644
+--- a/psi/istack.h
++++ b/psi/istack.h
+@@ -129,6 +129,9 @@ int ref_stack_store(const ref_stack_t *pstack, ref *parray, uint count,
+ uint skip, int age, bool check,
+ gs_dual_memory_t *idmem, client_name_t cname);
+
++int
++ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr);
++
+ /*
+ * Pop the top N elements off a stack.
+ * The number must not exceed the number of elements in use.
+--
+2.18.1
+
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch
new file mode 100644
index 0000000..97c74e7
--- /dev/null
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch
@@ -0,0 +1,442 @@
+From 20001d2bdf3cc60e76241a6ae72b1df01c5424c5 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 13 Dec 2018 15:28:34 +0000
+Subject: [PATCH 2/7] Any transient procedures that call .force* operators
+
+(i.e. for conditionals or loops) make them executeonly.
+
+CVE: CVE-2019-6116
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Resource/Init/gs_diskn.ps | 2 +-
+ Resource/Init/gs_dps1.ps | 4 ++--
+ Resource/Init/gs_fntem.ps | 4 ++--
+ Resource/Init/gs_fonts.ps | 12 ++++++------
+ Resource/Init/gs_init.ps | 4 ++--
+ Resource/Init/gs_lev2.ps | 11 ++++++-----
+ Resource/Init/gs_pdfwr.ps | 2 +-
+ Resource/Init/gs_res.ps | 4 ++--
+ Resource/Init/gs_setpd.ps | 2 +-
+ Resource/Init/pdf_base.ps | 13 ++++++++-----
+ Resource/Init/pdf_draw.ps | 16 +++++++++-------
+ Resource/Init/pdf_font.ps | 6 +++---
+ Resource/Init/pdf_main.ps | 4 ++--
+ Resource/Init/pdf_ops.ps | 7 ++++---
+ 14 files changed, 49 insertions(+), 42 deletions(-)
+
+diff --git a/Resource/Init/gs_diskn.ps b/Resource/Init/gs_diskn.ps
+index fd694bc..8bf2054 100644
+--- a/Resource/Init/gs_diskn.ps
++++ b/Resource/Init/gs_diskn.ps
+@@ -51,7 +51,7 @@ systemdict begin
+ mark 5 1 roll ] mark exch { { } forall } forall ]
+ //systemdict /.searchabledevs 2 index .forceput
+ exch .setglobal
+- }
++ } executeonly
+ if
+ } .bind executeonly odef % must be bound and hidden for .forceput
+
+diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
+index ec5db61..4fae283 100644
+--- a/Resource/Init/gs_dps1.ps
++++ b/Resource/Init/gs_dps1.ps
+@@ -78,7 +78,7 @@ level2dict begin
+ .currentglobal
+ { % Current mode is global; delete from local directory too.
+ //systemdict /LocalFontDirectory .knownget
+- { 1 index .forceundef } % LocalFontDirectory is readonly
++ { 1 index .forceundef } executeonly % LocalFontDirectory is readonly
+ if
+ }
+ { % Current mode is local; if there was a shadowed global
+@@ -126,7 +126,7 @@ level2dict begin
+ }
+ ifelse
+ } forall
+- pop counttomark 2 idiv { .forceundef } repeat pop % readonly
++ pop counttomark 2 idiv { .forceundef } executeonly repeat pop % readonly
+ }
+ if
+ //SharedFontDirectory exch .forcecopynew pop
+diff --git a/Resource/Init/gs_fntem.ps b/Resource/Init/gs_fntem.ps
+index c1f7651..6eb672a 100644
+--- a/Resource/Init/gs_fntem.ps
++++ b/Resource/Init/gs_fntem.ps
+@@ -401,12 +401,12 @@ currentdict end def
+ .forceput % FontInfo can be read-only.
+ pop % bool <font>
+ exit
+- } if
++ } executeonly if
+ dup /FontInfo get % bool <font> <FI>
+ /GlyphNames2Unicode /Unicode /Decoding findresource
+ .forceput % FontInfo can be read-only.
+ exit
+- } loop
++ } executeonly loop
+ exch setglobal
+ } .bind executeonly odef % must be bound and hidden for .forceput
+
+diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
+index 803faca..290da0c 100644
+--- a/Resource/Init/gs_fonts.ps
++++ b/Resource/Init/gs_fonts.ps
+@@ -374,7 +374,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+ /.setnativefontmapbuilt { % set whether we've been run
+ dup type /booleantype eq {
+ systemdict exch /.nativefontmapbuilt exch .forceput
+- }
++ } executeonly
+ {pop}
+ ifelse
+ } .bind executeonly odef
+@@ -1007,11 +1007,11 @@ $error /SubstituteFont { } put
+ { 2 index gcheck currentglobal
+ 2 copy eq {
+ pop pop .forceput
+- } {
++ } executeonly {
+ 5 1 roll setglobal
+ dup length string copy
+ .forceput setglobal
+- } ifelse
++ } executeonly ifelse
+ } .bind executeonly odef % must be bound and hidden for .forceput
+
+ % Attempt to load a font from a file.
+@@ -1084,7 +1084,7 @@ $error /SubstituteFont { } put
+ .FontDirectory 3 index .forceundef % readonly
+ 1 index (r) file .loadfont .FontDirectory exch
+ /.setglobal .systemvar exec
+- }
++ } executeonly
+ { .loadfont .FontDirectory
+ }
+ ifelse
+@@ -1105,7 +1105,7 @@ $error /SubstituteFont { } put
+ dup 3 index .fontknownget
+ { dup /PathLoad 4 index .putgstringcopy
+ 4 1 roll pop pop pop //true exit
+- } if
++ } executeonly if
+
+ % Maybe the file had a different FontName.
+ % See if we can get a FontName from the file, and if so,
+@@ -1134,7 +1134,7 @@ $error /SubstituteFont { } put
+ ifelse % Stack: origfontname fontdict
+ exch pop //true exit
+ % Stack: fontdict
+- }
++ } executeonly
+ if pop % Stack: origfontname fontdirectory path
+ }
+ if pop pop % Stack: origfontname
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index d733124..56c0bd2 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -2357,7 +2357,7 @@ SAFER { .setsafeglobal } if
+ % Update the copy of the user parameters.
+ mark .currentuserparams counttomark 2 idiv {
+ userparams 3 1 roll .forceput % userparams is read-only
+- } repeat pop
++ } executeonly repeat pop
+ % Turn on idiom recognition, if available.
+ currentuserparams /IdiomRecognition known {
+ /IdiomRecognition //true .definepsuserparam
+@@ -2376,7 +2376,7 @@ SAFER { .setsafeglobal } if
+ % Remove real system params from pssystemparams.
+ mark .currentsystemparams counttomark 2 idiv {
+ pop pssystemparams exch .forceundef
+- } repeat pop
++ } executeonly repeat pop
+ } if
+
+ % Set up AlignToPixels :
+diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps
+index 44fe619..0f0d573 100644
+--- a/Resource/Init/gs_lev2.ps
++++ b/Resource/Init/gs_lev2.ps
+@@ -154,7 +154,8 @@ end
+ % protect top level of parameters that we copied
+ dup type dup /arraytype eq exch /stringtype eq or { readonly } if
+ /userparams .systemvar 3 1 roll .forceput % userparams is read-only
+- } {
++ } executeonly
++ {
+ pop pop
+ } ifelse
+ } forall
+@@ -224,7 +225,7 @@ end
+ % protect top level parameters that we copied
+ dup type dup /arraytype eq exch /stringtype eq or { readonly } if
+ //pssystemparams 3 1 roll .forceput % pssystemparams is read-only
+- }
++ } executeonly
+ { pop pop
+ }
+ ifelse
+@@ -934,7 +935,7 @@ mark
+ dup /PaintProc get
+ 1 index /Implementation known not {
+ 1 index dup /Implementation //null .forceput readonly pop
+- } if
++ } executeonly if
+ exec
+ }.bind odef
+
+@@ -958,7 +959,7 @@ mark
+ dup /PaintProc get
+ 1 index /Implementation known not {
+ 1 index dup /Implementation //null .forceput readonly pop
+- } if
++ } executeonly if
+ /UNROLLFORMS where {/UNROLLFORMS get}{false}ifelse not
+ %% [CTM] <<Form>> PaintProc .beginform -
+ {
+@@ -1005,7 +1006,7 @@ mark
+ %% Form dictioanry using the /Implementation key).
+ 1 dict dup /FormID 4 -1 roll put
+ 1 index exch /Implementation exch .forceput readonly pop
+- }
++ } executeonly
+ ifelse
+ }
+ {
+diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps
+index 58e75d3..b425103 100644
+--- a/Resource/Init/gs_pdfwr.ps
++++ b/Resource/Init/gs_pdfwr.ps
+@@ -650,7 +650,7 @@ currentdict /.pdfmarkparams .undef
+ } ifelse
+ } bind .makeoperator .forceput
+ systemdict /.pdf_hooked_DSC_Creator //true .forceput
+- } if
++ } executeonly if
+ pop
+ } if
+ } {
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index 8eb8bb0..d9b3459 100644
+--- a/Resource/Init/gs_res.ps
++++ b/Resource/Init/gs_res.ps
+@@ -152,7 +152,7 @@ setglobal
+ % use .forceput / .forcedef later to replace the dummy,
+ % empty .Instances dictionary with the real one later.
+ readonly
+- } {
++ }{
+ /defineresource cvx /typecheck signaloperror
+ } ifelse
+ } bind executeonly odef
+@@ -424,7 +424,7 @@ status {
+ % As noted above, Category dictionaries are read-only,
+ % so we have to use .forcedef here.
+ /.Instances 1 index .forcedef % Category dict is read-only
+- } if
++ } executeonly if
+ }
+ { .LocalInstances dup //.emptydict eq
+ { pop 3 dict localinstancedict Category 2 index put
+diff --git a/Resource/Init/gs_setpd.ps b/Resource/Init/gs_setpd.ps
+index e22597e..7875d1f 100644
+--- a/Resource/Init/gs_setpd.ps
++++ b/Resource/Init/gs_setpd.ps
+@@ -634,7 +634,7 @@ NOMEDIAATTRS {
+ SETPDDEBUG { (Rolling back.) = pstack flush } if
+ 3 index 2 index 3 -1 roll .forceput
+ 4 index 1 index .knownget
+- { 4 index 3 1 roll .forceput }
++ { 4 index 3 1 roll .forceput } executeonly
+ { 3 index exch .undef }
+ ifelse
+ } bind executeonly odef
+diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps
+index b45e980..7312729 100644
+--- a/Resource/Init/pdf_base.ps
++++ b/Resource/Init/pdf_base.ps
+@@ -130,26 +130,29 @@ currentdict /num-chars-dict .undef
+
+ /.pdfexectoken { % <count> <opdict> <exectoken> .pdfexectoken ?
+ PDFDEBUG {
+- pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } if
++ pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } executeonly if
+ PDFSTEP {
+ pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse .forceput
+ PDFSTEPcount 1 gt {
+ pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput
+- } {
++ } executeonly
++ {
+ dup ==only
+ ( step # ) print PDFtokencount =only
+ ( ? ) print flush 1 //false .outputpage
+ (%stdin) (r) file 255 string readline {
+ token {
+ exch pop pdfdict /PDFSTEPcount 3 -1 roll .forceput
+- } {
++ } executeonly
++ {
+ pdfdict /PDFSTEPcount 1 .forceput
+- } ifelse % token
++ } executeonly ifelse % token
+ } {
+ pop /PDFSTEP //false def % EOF on stdin
+ } ifelse % readline
+ } ifelse % PDFSTEPcount > 1
+- } {
++ } executeonly
++ {
+ dup ==only () = flush
+ } ifelse % PDFSTEP
+ } if % PDFDEBUG
+diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps
+index 6b0ba93..40c6ac8 100644
+--- a/Resource/Init/pdf_draw.ps
++++ b/Resource/Init/pdf_draw.ps
+@@ -1118,14 +1118,14 @@ currentdict end readonly def
+ pdfdict /.Qqwarning_issued //true .forceput
+ .setglobal
+ pdfformaterror
+- } ifelse
++ } executeonly ifelse
+ }
+ {
+ currentglobal pdfdict gcheck .setglobal
+ pdfdict /.Qqwarning_issued //true .forceput
+ .setglobal
+ pdfformaterror
+- } ifelse
++ } executeonly ifelse
+ end
+ } ifelse
+ } loop
+@@ -1141,14 +1141,14 @@ currentdict end readonly def
+ pdfdict /.Qqwarning_issued //true .forceput
+ .setglobal
+ pdfformaterror
+- } ifelse
++ } executeonly ifelse
+ }
+ {
+ currentglobal pdfdict gcheck .setglobal
+ pdfdict /.Qqwarning_issued //true .forceput
+ .setglobal
+ pdfformaterror
+- } ifelse
++ } executeonly ifelse
+ } if
+ pop
+
+@@ -2350,9 +2350,10 @@ currentdict /last-ditch-bpc-csp undef
+ /IncrementAppearanceNumber {
+ pdfdict /AppearanceNumber .knownget {
+ 1 add pdfdict /AppearanceNumber 3 -1 roll .forceput
+- }{
++ } executeonly
++ {
+ pdfdict /AppearanceNumber 0 .forceput
+- } ifelse
++ } executeonly ifelse
+ }bind executeonly odef
+
+ /MakeAppearanceName {
+@@ -2510,7 +2511,8 @@ currentdict /last-ditch-bpc-csp undef
+ %% want to preserve it.
+ pdfdict /.PreservePDFForm false .forceput
+ /q cvx /execform cvx 5 -2 roll
+- }{
++ } executeonly
++ {
+ /q cvx /PDFexecform cvx 5 -2 roll
+ } ifelse
+
+diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps
+index bea9ea9..4cd62b9 100644
+--- a/Resource/Init/pdf_font.ps
++++ b/Resource/Init/pdf_font.ps
+@@ -714,7 +714,7 @@ currentdict end readonly def
+ pop pop pop
+ currentdict /.stackdepth .forceundef
+ currentdict /.dstackdepth .forceundef
+- }
++ } executeonly
+ {pop pop pop}
+ ifelse
+
+@@ -1232,7 +1232,7 @@ currentdict /eexec_pdf_param_dict .undef
+ (\n **** Warning: Type 3 glyph has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n)
+ pdfformatwarning
+ pdfdict /.Qqwarning_issued //true .forceput
+- } if
++ } executeonly if
+ Q
+ } repeat
+ Q
+@@ -2016,7 +2016,7 @@ currentdict /CMap_read_dict undef
+ /CIDFallBack /CIDFont findresource
+ } if
+ exit
+- } if
++ } executeonly if
+ } if
+ } if
+
+diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps
+index 00da47a..37e69b3 100644
+--- a/Resource/Init/pdf_main.ps
++++ b/Resource/Init/pdf_main.ps
+@@ -2701,14 +2701,14 @@ currentdict /PDF2PS_matrix_key undef
+ pdfdict /.Qqwarning_issued //true .forceput
+ .setglobal
+ pdfformaterror
+- } ifelse
++ } executeonly ifelse
+ }
+ {
+ currentglobal pdfdict gcheck .setglobal
+ pdfdict /.Qqwarning_issued //true .forceput
+ .setglobal
+ pdfformaterror
+- } ifelse
++ } executeonly ifelse
+ } if
+ } if
+ pop
+diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps
+index 8672d61..aa09641 100644
+--- a/Resource/Init/pdf_ops.ps
++++ b/Resource/Init/pdf_ops.ps
+@@ -184,14 +184,14 @@ currentdict /gput_always_allow .undef
+ pdfdict /.Qqwarning_issued //true .forceput
+ .setglobal
+ pdfformaterror
+- } ifelse
++ } executeonly ifelse
+ }
+ {
+ currentglobal pdfdict gcheck .setglobal
+ pdfdict /.Qqwarning_issued //true .forceput
+ .setglobal
+ pdfformaterror
+- } ifelse
++ } executeonly ifelse
+ } if
+ } bind executeonly odef
+
+@@ -439,7 +439,8 @@ currentdict /gput_always_allow .undef
+ dup type /booleantype eq {
+ .currentSMask type /dicttype eq {
+ .currentSMask /Processed 2 index .forceput
+- } {
++ } executeonly
++ {
+ .setSMask
+ }ifelse
+ }{
+--
+2.18.1
+
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch
new file mode 100644
index 0000000..02b1dc9
--- /dev/null
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch
@@ -0,0 +1,32 @@
+From 60b77b8bf8b6e4d30519c47724631012b530cf0e Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Sat, 15 Dec 2018 09:08:32 +0000
+Subject: [PATCH 3/7] Bug700317: Fix logic for an older change
+
+Unlike almost every other function in gs, dict_find_string() returns 1 on
+success 0 or <0 on failure. The logic for this case was wrong.
+
+CVE: CVE-2019-6116
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ psi/interp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/psi/interp.c b/psi/interp.c
+index aa5779c..f6c45bb 100644
+--- a/psi/interp.c
++++ b/psi/interp.c
+@@ -703,7 +703,7 @@ again:
+ * i.e. it's an internal operator we have hidden
+ */
+ code = dict_find_string(systemdict, (const char *)bufptr, &tobj);
+- if (code < 0) {
++ if (code <= 0) {
+ buf[0] = buf[1] = buf[rlen + 2] = buf[rlen + 3] = '-';
+ rlen += 4;
+ bufptr = buf;
+--
+2.18.1
+
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch
new file mode 100644
index 0000000..cc15453
--- /dev/null
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch
@@ -0,0 +1,136 @@
+From d739565534e955c4336731e4ea4eebc895c09c5c Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Tue, 18 Dec 2018 10:42:10 +0000
+Subject: [PATCH 4/7] Harden some uses of .force* operators
+
+by adding a few immediate evalutions
+
+CVE: CVE-2019-6116
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Resource/Init/gs_dps1.ps | 4 ++--
+ Resource/Init/gs_fonts.ps | 20 ++++++++++----------
+ Resource/Init/gs_init.ps | 6 +++---
+ 3 files changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
+index 4fae283..b75ea14 100644
+--- a/Resource/Init/gs_dps1.ps
++++ b/Resource/Init/gs_dps1.ps
+@@ -74,7 +74,7 @@ level2dict begin
+ } odef
+ % undefinefont has to take local/global VM into account.
+ /undefinefont % <fontname> undefinefont -
+- { .FontDirectory 1 .argindex .forceundef % FontDirectory is readonly
++ { //.FontDirectory 1 .argindex .forceundef % FontDirectory is readonly
+ .currentglobal
+ { % Current mode is global; delete from local directory too.
+ //systemdict /LocalFontDirectory .knownget
+@@ -85,7 +85,7 @@ level2dict begin
+ % definition, copy it into the local directory.
+ //systemdict /SharedFontDirectory .knownget
+ { 1 index .knownget
+- { .FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
++ { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
+ if
+ }
+ if
+diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
+index 290da0c..c13a2fc 100644
+--- a/Resource/Init/gs_fonts.ps
++++ b/Resource/Init/gs_fonts.ps
+@@ -516,7 +516,7 @@ buildfontdict 3 /.buildfont3 cvx put
+ if
+ }
+ if
+- dup .FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
++ dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
+ % If the font originated as a resource, register it.
+ currentfile .currentresourcefile eq { dup .registerfont } if
+ readonly
+@@ -943,7 +943,7 @@ $error /SubstituteFont { } put
+ % Try to find a font using only the present contents of Fontmap.
+ /.tryfindfont { % <fontname> .tryfindfont <font> true
+ % <fontname> .tryfindfont false
+- .FontDirectory 1 index .fontknownget
++ //.FontDirectory 1 index .fontknownget
+ { % Already loaded
+ exch pop //true
+ }
+@@ -975,7 +975,7 @@ $error /SubstituteFont { } put
+ { % Font with a procedural definition
+ exec % The procedure will load the font.
+ % Check to make sure this really happened.
+- .FontDirectory 1 index .knownget
++ //.FontDirectory 1 index .knownget
+ { exch pop //true exit }
+ if
+ }
+@@ -1081,11 +1081,11 @@ $error /SubstituteFont { } put
+ % because it's different depending on language level.
+ .currentglobal exch /.setglobal .systemvar exec
+ % Remove the fake definition, if any.
+- .FontDirectory 3 index .forceundef % readonly
+- 1 index (r) file .loadfont .FontDirectory exch
++ //.FontDirectory 3 index .forceundef % readonly
++ 1 index (r) file .loadfont //.FontDirectory exch
+ /.setglobal .systemvar exec
+ } executeonly
+- { .loadfont .FontDirectory
++ { .loadfont //.FontDirectory
+ }
+ ifelse
+ % Stack: fontname fontfilename fontdirectory
+@@ -1119,8 +1119,8 @@ $error /SubstituteFont { } put
+ % Stack: origfontname fontdirectory filefontname fontdict
+ 3 -1 roll pop
+ % Stack: origfontname filefontname fontdict
+- dup /FontName get dup FontDirectory exch .forceundef
+- GlobalFontDirectory exch .forceundef
++ dup /FontName get dup //.FontDirectory exch .forceundef
++ /GlobalFontDirectory .systemvar exch .forceundef
+ dup length dict .copydict dup 3 index /FontName exch put
+ 2 index exch definefont
+ exch
+@@ -1176,10 +1176,10 @@ currentdict /.putgstringcopy .undef
+ {
+ {
+ pop dup type /stringtype eq { cvn } if
+- .FontDirectory 1 index known not {
++ //.FontDirectory 1 index known not {
+ 2 dict dup /FontName 3 index put
+ dup /FontType 1 put
+- .FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
++ //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
+ } {
+ pop
+ } ifelse
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index 56c0bd2..d9a0829 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -1168,8 +1168,8 @@ errordict /unknownerror .undef
+ }ifelse
+ }forall
+ noaccess pop
+- systemdict /.setsafeerrors .forceundef
+- systemdict /.SAFERERRORLIST .forceundef
++ //systemdict /.setsafeerrors .forceundef
++ //systemdict /.SAFERERRORLIST .forceundef
+ } bind executeonly odef
+
+ SAFERERRORS {.setsafererrors} if
+@@ -2114,7 +2114,7 @@ currentdict /tempfilepaths undef
+
+ /.locksafe {
+ .locksafe_userparams
+- systemdict /getenv {pop //false} .forceput
++ //systemdict /getenv {pop //false} .forceput
+ % setpagedevice has the side effect of clearing the page, but
+ % we will just document that. Using setpagedevice keeps the device
+ % properties and pagedevice .LockSafetyParams in agreement even
+--
+2.18.1
+
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch
new file mode 100644
index 0000000..db70bba
--- /dev/null
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch
@@ -0,0 +1,250 @@
+From 1e830cafa56c6e3e1b08d246eaf5496fe81a0032 Mon Sep 17 00:00:00 2001
+From: Nancy Durgin <nancy.durgin@artifex.com>
+Date: Tue, 27 Nov 2018 12:36:14 -0800
+Subject: [PATCH 5/7] Undef a bunch of internal things in gs_res.ps
+
+CVE: CVE-2019-6116
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Resource/Init/gs_res.ps | 72 +++++++++++++++++++++++++--------------
+ Resource/Init/gs_resmp.ps | 4 +--
+ 2 files changed, 49 insertions(+), 27 deletions(-)
+
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index d9b3459..18d5452 100644
+--- a/Resource/Init/gs_res.ps
++++ b/Resource/Init/gs_res.ps
+@@ -197,7 +197,7 @@ setglobal
+ /.findresource { % <key> <category> findresource <instance>
+ 2 copy dup /Category eq
+ { pop //Category 0 get begin } { .findcategory } ifelse
+- /FindResource .resourceexec exch pop exch pop
++ /FindResource //.resourceexec exec exch pop exch pop
+ } bind
+ end % .Instances of Category
+ def
+@@ -223,7 +223,7 @@ def
+ not { /defineresource cvx /typecheck signaloperror } if
+ } if
+ } if
+- /DefineResource .resourceexec
++ /DefineResource //.resourceexec exec
+ 4 1 roll pop pop pop
+ } .errorexec
+ } bind executeonly odef
+@@ -252,7 +252,7 @@ def
+ % without the check.
+ /resourcestatus cvx /typecheck signalerror
+ } if
+- 2 copy .findcategory /ResourceStatus .resourceexec
++ 2 copy .findcategory /ResourceStatus //.resourceexec exec
+ { 4 2 roll pop pop //true } { pop pop //false } ifelse
+ } stopped {
+ % Although resourcestatus is an operator, Adobe uses executable name
+@@ -266,7 +266,7 @@ def
+ } if
+ 1 .argindex 1 index % catch stackunderflow
+
+- { .findcategory /UndefineResource .resourceexec pop pop
++ { .findcategory /UndefineResource //.resourceexec exec pop pop
+ } stopped {
+ % Although undefineresource is an operator, Adobe uses executable name
+ % here but uses operator for the errors above. CET 23-33
+@@ -315,10 +315,10 @@ currentdict /pssystemparams known not {
+ /pssystemparams 10 dict readonly def
+ } if
+ pssystemparams begin
+- .default_resource_dir
+- /FontResourceDir (Font) .resource_dir_name
++ //.default_resource_dir exec
++ /FontResourceDir (Font) //.resource_dir_name exec
+ readonly .forcedef % pssys'params is r-o
+- /GenericResourceDir () .resource_dir_name
++ /GenericResourceDir () //.resource_dir_name exec
+ readonly .forcedef % pssys'params is r-o
+ pop % .default_resource_dir
+ /GenericResourcePathSep
+@@ -387,13 +387,13 @@ status {
+ } bind def
+ /.localresourceforall { % <key> <value> <args> .localr'forall -
+ exch pop
+- 2 copy 0 get .stringmatch { .enumerateresource } { pop pop } ifelse
++ 2 copy 0 get .stringmatch { //.enumerateresource exec } { pop pop } ifelse
+ } bind def
+ /.globalresourceforall { % <key> <value> <args> .globalr'forall -
+ exch pop
+ 2 copy 0 get .stringmatch {
+ dup 3 get begin .LocalInstances end 2 index known not {
+- .enumerateresource
++ //.enumerateresource exec
+ } {
+ pop pop
+ } ifelse
+@@ -408,7 +408,7 @@ status {
+ 3 index known {
+ pop pop pop
+ } {
+- 2 index known { pop pop } { .enumerateresource } ifelse
++ 2 index known { pop pop } { //.enumerateresource exec } ifelse
+ } ifelse
+ } bind def
+
+@@ -468,19 +468,19 @@ status {
+ % .knownget doesn't fail on null
+ /findresource cvx /typecheck signaloperror
+ } if
+- dup .getvminstance {
++ dup //.getvminstance exec {
+ exch pop 0 get
+ } {
+ dup ResourceStatus {
+ pop 1 gt {
+- .DoLoadResource .getvminstance not {
+- /findresource cvx .undefinedresource
++ .DoLoadResource //.getvminstance exec not {
++ /findresource cvx //.undefinedresource exec
+ } if 0 get
+ } {
+ .GetInstance pop 0 get
+ } ifelse
+ } {
+- /findresource cvx .undefinedresource
++ /findresource cvx //.undefinedresource exec
+ } ifelse
+ } ifelse
+ } bind executeonly
+@@ -621,7 +621,7 @@ status {
+ .currentglobal not .setglobal
+ vmstatus pop exch pop add
+ } repeat
+-} bind def
++} bind executeonly odef
+ /.DoLoadResource {
+ % .LoadResource may push entries on the operand stack.
+ % It is an undocumented feature of Adobe implementations,
+@@ -633,8 +633,8 @@ status {
+ {.LoadResource} 4 1 roll 4 .execn
+ % Stack: ... count key memused
+ .vmused exch sub
+- 1 index .getvminstance not {
+- pop dup .undefinedresource % didn't load
++ 1 index //.getvminstance exec not {
++ pop dup //.undefinedresource exec % didn't load
+ } if
+ dup 1 1 put
+ 2 3 -1 roll put
+@@ -648,7 +648,7 @@ status {
+ { //true setglobal { .runresource } stopped //false setglobal { stop } if }
+ ifelse
+ }
+- { dup .undefinedresource
++ { dup //.undefinedresource exec
+ }
+ ifelse
+ } bind
+@@ -758,7 +758,7 @@ counttomark 2 idiv
+ /FindResource
+ { .Instances 1 index .knownget
+ { exch pop }
+- { /findresource cvx .undefinedresource }
++ { /findresource cvx //.undefinedresource exec }
+ ifelse
+ } bind executeonly
+ /ResourceStatus
+@@ -862,7 +862,7 @@ userdict /.localcsdefaults //false put
+ 2 copy /Generic /Category findresource /DefineResource get exec
+ exch pop
+ exch //.defaultcsnames exch .knownget {
+- 1 index .definedefaultcs
++ 1 index //.definedefaultcs exec
+ currentglobal not { .userdict /.localcsdefaults //true put } if
+ } if
+ } bind executeonly
+@@ -872,13 +872,13 @@ userdict /.localcsdefaults //false put
+ //.defaultcsnames 1 index .knownget {
+ % Stack: resname index
+ currentglobal {
+- .undefinedefaultcs pop
++ //.undefinedefaultcs exec pop
+ } {
+ % We removed the local definition, but there might be a global one.
+ exch .GetInstance {
+- 0 get .definedefaultcs
++ 0 get //.definedefaultcs exec
+ } {
+- .undefinedefaultcs
++ //.undefinedefaultcs exec
+ } ifelse
+ % Recompute .localcsdefaults by scanning. This is rarely needed.
+ .userdict /.localcsdefaults //false //.defaultcsnames {
+@@ -997,7 +997,7 @@ currentdict /.fontstatusaux .undef
+ /Generic /Category findresource /UndefineResource get exec
+ } bind executeonly
+ /FindResource {
+- dup .getvminstance {
++ dup //.getvminstance exec {
+ exch pop 0 get
+ } {
+ dup ResourceStatus {
+@@ -1024,7 +1024,7 @@ currentdict /.fontstatusaux .undef
+ % stack: name font vmused
+ % findfont has the prerogative of not calling definefont
+ % in certain obscure cases of font substitution.
+- 2 index .getvminstance {
++ 2 index //.getvminstance exec {
+ dup 1 1 put
+ 2 3 -1 roll put
+ } {
+@@ -1159,3 +1159,25 @@ end % level2dict
+
+ %% Replace 1 (gs_resmp.ps)
+ (gs_resmp.ps) dup runlibfile VMDEBUG
++
++[
++ /.default_resource_dir
++ /.resource_dir_name
++]
++{systemdict exch .forceundef} forall
++
++[
++ /.definedefaultcs
++ /.undefinedefaultcs
++ /.defaultcsnames
++ /.enumerateresource
++ /.externalresourceforall
++ /.getvminstance
++ /.globalresourceforall
++ /.localresourceforall
++ /resourceforall1
++ /.resourceexec
++ /.undefinedresource
++ /.vmused
++]
++{level2dict exch .forceundef} forall
+diff --git a/Resource/Init/gs_resmp.ps b/Resource/Init/gs_resmp.ps
+index 9bb4263..cb948d1 100644
+--- a/Resource/Init/gs_resmp.ps
++++ b/Resource/Init/gs_resmp.ps
+@@ -230,7 +230,7 @@ currentpacking //false setpacking
+ } {
+ dup dup .map exch .knownget { % /Name /Name <<record>>
+ dup dup /RecordVirtualMethods get /IsActive get exec {
+- 1 index .getvminstance { % /Name /Name <<record>> holder
++ 1 index //.getvminstance exec { % /Name /Name <<record>> holder
+ 1 get 1 eq
+ } {
+ //true
+@@ -242,7 +242,7 @@ currentpacking //false setpacking
+ DefineResource exec % size bStatusIs1 /Name Instance
+ % Make ResourceStatus to return correct values for this instance :
+ % Hack: we replace status values in the instance holder :
+- exch .getvminstance pop % size bStatusIs1 Instance holder
++ exch //.getvminstance exec pop % size bStatusIs1 Instance holder
+ dup 5 -1 roll 2 exch put % bStatusIs1 Instance holder
+ 3 2 roll { % Instance holder
+ 1 1 put % Instance
+--
+2.18.1
+
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch
new file mode 100644
index 0000000..79e640b
--- /dev/null
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch
@@ -0,0 +1,596 @@
+From 97f9052ce49e6844b06a49ff9e4b8fc1eaf6bd10 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 9 Jan 2019 14:24:07 +0000
+Subject: [PATCH 6/7] Undefine a bunch of gs_fonts.ps specific procs
+
+Also reorder and add some immediate evaluation, so it still works with the
+undefining.
+
+CVE: CVE-2019-6116
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Resource/Init/gs_dps1.ps | 3 +-
+ Resource/Init/gs_fonts.ps | 275 +++++++++++++++++++++-----------------
+ Resource/Init/gs_res.ps | 7 +-
+ 3 files changed, 157 insertions(+), 128 deletions(-)
+
+diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
+index b75ea14..8700c8c 100644
+--- a/Resource/Init/gs_dps1.ps
++++ b/Resource/Init/gs_dps1.ps
+@@ -67,7 +67,8 @@ level2dict begin
+
+ /selectfont % <fontname> <size> selectfont -
+ {
+- { 1 .argindex findfont
++ {
++ 1 .argindex findfont
+ 1 index dup type /arraytype eq { makefont } { scalefont } ifelse
+ setfont pop pop
+ } stopped { /selectfont .systemvar $error /errorname get signalerror } if
+diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
+index c13a2fc..0562235 100644
+--- a/Resource/Init/gs_fonts.ps
++++ b/Resource/Init/gs_fonts.ps
+@@ -100,7 +100,7 @@ userdict /.nativeFontmap .FontDirectory maxlength dict put
+ { 2 index token not
+ { (Fontmap entry for ) print 1 index =only
+ ( ends prematurely! Giving up.) = flush
+- {.loadFontmap} 0 get 1 .quit
++ {//.loadFontmap exec} 0 get 1 .quit
+ } if
+ dup /; eq { pop 3 index 3 1 roll .growput exit } if
+ pop
+@@ -202,6 +202,14 @@ NOFONTPATH { /FONTPATH () def } if
+ { pop }
+ { /FONTPATH (GS_FONTPATH) getenv not { () } if def }
+ ifelse
++
++% The following are dummy definitions that, if we have a FONTPATH, will
++% be replaced in the following section.
++% They are here so immediately evaulation will work, and allow them to
++% undefined at the bottom of the file.
++/.scanfontbegin{} bind def
++/.scanfontdir {} bind def
++
+ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+ /FONTPATH [ FONTPATH .pathlist ] def
+
+@@ -242,12 +250,12 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+ /.scanfontbegin
+ { % Construct the table of all file names already in Fontmap.
+ currentglobal //true setglobal
+- .scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength
++ //.scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength
+ Fontmap
+ { exch pop
+ { dup type /stringtype eq
+- { .splitfilename pop .fonttempstring copy .lowerstring cvn
+- .scanfontdict exch //true put
++ { //.splitfilename exec pop //.fonttempstring copy //.lowerstring exec cvn
++ //.scanfontdict exch //true put
+ }
+ { pop
+ }
+@@ -280,9 +288,9 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+ /txt //true
+ .dicttomark def
+ /.scan1fontstring 8192 string def
+-% %%BeginFont: is not per Adobe documentation, but a few fonts have it.
++% BeginFont: is not per Adobe documentation, but a few fonts have it.
+ /.scanfontheaders [(%!PS-Adobe*) (%!FontType*) (%%BeginFont:*)] def
+-0 .scanfontheaders { length .max } forall 6 add % extra for PFB header
++0 //.scanfontheaders { length .max } forall 6 add % extra for PFB header
+ /.scan1fontfirst exch string def
+ /.scanfontdir % <dirname> .scanfontdir -
+ { currentglobal exch //true setglobal
+@@ -291,10 +299,10 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+ 0 0 0 4 -1 roll % found scanned files
+ { % stack: <fontcount> <scancount> <filecount> <filename>
+ exch 1 add exch % increment filecount
+- dup .splitfilename .fonttempstring copy .lowerstring
++ dup //.splitfilename exec //.fonttempstring copy //.lowerstring exec
+ % stack: <fontcount> <scancount> <filecount+1> <filename>
+ % <BASE> <ext>
+- .scanfontskip exch known exch .scanfontdict exch known or
++ //.scanfontskip exch known exch //.scanfontdict exch known or
+ { pop
+ % stack: <fontcount> <scancount> <filecount+1>
+ }
+@@ -309,7 +317,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+ % On some platforms, the file operator will open directories,
+ % but an error will occur if we try to read from one.
+ % Handle this possibility here.
+- dup .scan1fontfirst { readstring } .internalstopped
++ dup //.scan1fontfirst { readstring } .internalstopped
+ { pop pop () }
+ { pop }
+ ifelse
+@@ -322,7 +330,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+ { dup length 6 sub 6 exch getinterval }
+ if
+ % Check for font file headers.
+- //false .scanfontheaders
++ //false //.scanfontheaders
+ { 2 index exch .stringmatch or
+ }
+ forall exch pop
+@@ -335,7 +343,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+ { exch copystring exch
+ DEBUG { ( ) print dup =only flush } if
+ 1 index .definenativefontmap
+- .splitfilename pop //true .scanfontdict 3 1 roll .growput
++ //.splitfilename exec pop //true //.scanfontdict 3 1 roll .growput
+ % Increment fontcount.
+ 3 -1 roll 1 add 3 1 roll
+ }
+@@ -352,7 +360,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+ }
+ ifelse
+ }
+- .scan1fontstring filenameforall
++ //.scan1fontstring filenameforall
+ QUIET
+ { pop pop pop }
+ { ( ) print =only ( files, ) print =only ( scanned, ) print
+@@ -422,7 +430,6 @@ systemdict /NONATIVEFONTMAP known .setnativefontmapbuilt
+ //true .setnativefontmapbuilt
+ } ifelse
+ } bind def
+-currentdict /.setnativefontmapbuilt .forceundef
+
+ % Create the dictionary that registers the .buildfont procedure
+ % (called by definefont) for each FontType.
+@@ -526,7 +533,8 @@ buildfontdict 3 /.buildfont3 cvx put
+ % We use this only for explicitly aliased fonts, not substituted fonts:
+ % we think this matches the observed behavior of Adobe interpreters.
+ /.aliasfont % <name> <font> .aliasfont <newFont>
+- { .currentglobal 3 1 roll dup .gcheck .setglobal
++ {
++ currentglobal 3 1 roll dup gcheck setglobal
+ % <bool> <name> <font>
+ dup length 2 add dict % <bool> <name> <font> <dict>
+ dup 3 -1 roll % <bool> <name> <dict> <dict> <font>
+@@ -541,7 +549,7 @@ buildfontdict 3 /.buildfont3 cvx put
+ % whose FontName is a local non-string, if someone passed a
+ % garbage value to findfont. In this case, just don't
+ % call definefont at all.
+- 2 index dup type /stringtype eq exch .gcheck or 1 index .gcheck not or
++ 2 index dup type /stringtype eq exch gcheck or 1 index gcheck not or
+ { pop % <bool> <name> <dict>
+ 1 index dup type /stringtype eq { cvn } if
+ % <bool> <name> <dict> <name1>
+@@ -566,10 +574,11 @@ buildfontdict 3 /.buildfont3 cvx put
+ % Don't bind in definefont, since Level 2 redefines it.
+ /definefont .systemvar exec
+ }
+- { /findfont cvx {.completefont} .errorexec pop exch pop
++ {
++ /findfont cvx {.completefont} //.errorexec exec pop exch pop
+ }
+ ifelse
+- exch .setglobal
++ exch setglobal
+ } odef % so findfont will bind it
+
+ % Define .loadfontfile for loading a font. If we recognize Type 1 and/or
+@@ -669,10 +678,19 @@ buildfontdict 3 /.buildfont3 cvx put
+ [(Cn) 4] [(Cond) 4] [(Narrow) 4] [(Pkg) 4] [(Compr) 4]
+ [(Serif) 8] [(Sans) -8]
+ ] readonly def
++
++/.fontnamestring { % <fontname> .fontnamestring <string|name>
++ dup type dup /nametype eq {
++ pop .namestring
++ } {
++ /stringtype ne { pop () } if
++ } ifelse
++} bind def
++
+ /.fontnameproperties { % <int> <string|name> .fontnameproperties
+ % <int'>
+- .fontnamestring
+- .substituteproperties {
++ //.fontnamestring exec
++ //.substituteproperties {
+ 2 copy 0 get search {
+ pop pop pop dup length 1 sub 1 exch getinterval 3 -1 roll exch {
+ dup 0 ge { or } { neg not and } ifelse
+@@ -710,13 +728,7 @@ buildfontdict 3 /.buildfont3 cvx put
+ % <other> .nametostring <other>
+ dup type /nametype eq { .namestring } if
+ } bind def
+-/.fontnamestring { % <fontname> .fontnamestring <string|name>
+- dup type dup /nametype eq {
+- pop .namestring
+- } {
+- /stringtype ne { pop () } if
+- } ifelse
+-} bind def
++
+ /.substitutefontname { % <fontname> <properties> .substitutefontname
+ % <altname|null>
+ % Look for properties and/or a face name in the font name.
+@@ -724,7 +736,7 @@ buildfontdict 3 /.buildfont3 cvx put
+ % base font; otherwise, use the default font.
+ % Note that the "substituted" font name may be the same as
+ % the requested one; the caller must check this.
+- exch .fontnamestring {
++ exch //.fontnamestring exec {
+ defaultfontname /Helvetica-Oblique /Helvetica-Bold /Helvetica-BoldOblique
+ /Helvetica-Narrow /Helvetica-Narrow-Oblique
+ /Helvetica-Narrow-Bold /Helvetica-Narrow-BoldOblique
+@@ -734,12 +746,12 @@ buildfontdict 3 /.buildfont3 cvx put
+ } 3 1 roll
+ % Stack: facelist properties fontname
+ % Look for a face name.
+- .substitutefaces {
++ //.substitutefaces {
+ 2 copy 0 get search {
+ pop pop pop
+ % Stack: facelist properties fontname [(pattern) family properties]
+ dup 2 get 4 -1 roll or 3 1 roll
+- 1 get .substitutefamilies exch get
++ 1 get //.substitutefamilies exch get
+ 4 -1 roll pop 3 1 roll
+ } {
+ pop pop
+@@ -748,7 +760,7 @@ buildfontdict 3 /.buildfont3 cvx put
+ 1 index length mod get exec
+ } bind def
+ /.substitutefont { % <fontname> .substitutefont <altname>
+- dup 0 exch .fontnameproperties .substitutefontname
++ dup 0 exch //.fontnameproperties exec .substitutefontname
+ % Only accept fonts known in the Fontmap.
+ Fontmap 1 index known not
+ {
+@@ -814,7 +826,7 @@ FAKEFONTS not { (%END FAKEFONTS) .skipeof } if
+ counttomark 1 sub { .aliasfont } repeat end
+ % <fontname> mark <font>
+ exch pop exch pop
+-} odef
++} bind odef
+ /findfont {
+ .findfont
+ } bind def
+@@ -860,7 +872,7 @@ FAKEFONTS not { (%END FAKEFONTS) .skipeof } if
+ } {
+ dup .substitutefont
+ 2 copy eq { pop defaultfontname } if
+- .checkalias
++ //.checkalias exec
+ QUIET not {
+ SHORTERRORS {
+ (%%[) print 1 index =only
+@@ -886,8 +898,8 @@ $error /SubstituteFont { } put
+ //null 0 1 FONTPATH length 1 sub {
+ FONTPATH 1 index get //null ne { exch pop exit } if pop
+ } for dup //null ne {
+- dup 0 eq { .scanfontbegin } if
+- FONTPATH 1 index get .scanfontdir
++ dup 0 eq { //.scanfontbegin exec} if
++ FONTPATH 1 index get //.scanfontdir exec
+ FONTPATH exch //null put //true
+ } {
+ pop //false
+@@ -897,11 +909,10 @@ $error /SubstituteFont { } put
+ % scanning of FONTPATH.
+ /.dofindfont { % mark <fontname> .dofindfont % mark <alias> ... <font>
+ .tryfindfont not {
+-
+ % We didn't find the font. If we haven't scanned
+ % all the directories in FONTPATH, scan the next one
+ % now and look for the font again.
+- .scannextfontdir {
++ //.scannextfontdir exec {
+ % Start over with an empty alias list.
+ counttomark 1 sub { pop } repeat % mark <fontname>
+ .dofindfont
+@@ -927,6 +938,7 @@ $error /SubstituteFont { } put
+ } if
+ % Substitute for the font. Don't alias.
+ % Same stack as at the beginning of .dofindfont.
++
+ $error /SubstituteFont get exec
+ %
+ % igorm: I guess the surrounding code assumes that .stdsubstfont
+@@ -935,72 +947,11 @@ $error /SubstituteFont { } put
+ % used in .dofindfont and through .stdsubstfont
+ % just to represent a simple iteration,
+ % which accumulates the aliases after the mark.
+- .stdsubstfont
++ //.stdsubstfont exec
+ } ifelse
+ } ifelse
+ } if
+ } bind def
+-% Try to find a font using only the present contents of Fontmap.
+-/.tryfindfont { % <fontname> .tryfindfont <font> true
+- % <fontname> .tryfindfont false
+- //.FontDirectory 1 index .fontknownget
+- { % Already loaded
+- exch pop //true
+- }
+- {
+- dup Fontmap exch .knownget
+- { //true //true }
+- { % Unknown font name. Look for a file with the
+- % same name as the requested font.
+- dup .tryloadfont
+- { exch pop //true //false }
+- {
+- % if we can't load by name check the native font map
+- dup .nativeFontmap exch .knownget
+- { //true //true }
+- { //false //false } ifelse
+- } ifelse
+- } ifelse
+-
+- { % Try each element of the Fontmap in turn.
+- pop
+- //false exch % (in case we exhaust the list)
+- % Stack: fontname false fontmaplist
+- { exch pop
+- dup type /nametype eq
+- { % Font alias
+- .checkalias .tryfindfont exit
+- }
+- { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and
+- { % Font with a procedural definition
+- exec % The procedure will load the font.
+- % Check to make sure this really happened.
+- //.FontDirectory 1 index .knownget
+- { exch pop //true exit }
+- if
+- }
+- { % Font file name
+- //true .loadfontloop { //true exit } if
+- }
+- ifelse
+- }
+- ifelse //false
+- }
+- forall
+- % Stack: font true -or- fontname false
+- { //true
+- }
+- { % None of the Fontmap entries worked.
+- % Try loading a file with the same name
+- % as the requested font.
+- .tryloadfont
+- }
+- ifelse
+- }
+- if
+- }
+- ifelse
+- } bind def
+
+ % any user of .putgstringcopy must use bind and executeonly
+ /.putgstringcopy % <dict> <name> <string> .putgstringcopy -
+@@ -1014,25 +965,6 @@ $error /SubstituteFont { } put
+ } executeonly ifelse
+ } .bind executeonly odef % must be bound and hidden for .forceput
+
+-% Attempt to load a font from a file.
+-/.tryloadfont { % <fontname> .tryloadfont <font> true
+- % <fontname> .tryloadfont false
+- dup .nametostring
+- % Hack: check for the presence of the resource machinery.
+- /.genericrfn where {
+- pop
+- pop dup .fonttempstring /FontResourceDir getsystemparam .genericrfn
+- {//false .loadfontloop} .internalstopped {//false} if {
+- //true
+- } {
+- dup .nametostring
+- {//true .loadfontloop} .internalstopped {//false} if
+- } ifelse
+- } {
+- {//true .loadfontloop} .internalstopped {//false} if
+- } ifelse
+-} bind def
+-
+ /.loadfontloop { % <fontname> <filename> <libflag> .loadfontloop
+ % <font> true
+ % -or-
+@@ -1102,7 +1034,7 @@ $error /SubstituteFont { } put
+ } if
+
+ % Check to make sure the font was actually loaded.
+- dup 3 index .fontknownget
++ dup 3 index //.fontknownget exec
+ { dup /PathLoad 4 index .putgstringcopy
+ 4 1 roll pop pop pop //true exit
+ } executeonly if
+@@ -1113,7 +1045,7 @@ $error /SubstituteFont { } put
+ exch dup % Stack: origfontname fontdirectory path path
+ (r) file .findfontname
+ { % Stack: origfontname fontdirectory path filefontname
+- 2 index 1 index .fontknownget
++ 2 index 1 index //.fontknownget exec
+ { % Yes. Stack: origfontname fontdirectory path filefontname fontdict
+ dup 4 -1 roll /PathLoad exch .putgstringcopy
+ % Stack: origfontname fontdirectory filefontname fontdict
+@@ -1136,7 +1068,7 @@ $error /SubstituteFont { } put
+ % Stack: fontdict
+ } executeonly
+ if pop % Stack: origfontname fontdirectory path
+- }
++ } executeonly
+ if pop pop % Stack: origfontname
+
+ % The font definitely did not load correctly.
+@@ -1150,7 +1082,87 @@ $error /SubstituteFont { } put
+
+ } bind executeonly odef % must be bound and hidden for .putgstringcopy
+
+-currentdict /.putgstringcopy .undef
++% Attempt to load a font from a file.
++/.tryloadfont { % <fontname> .tryloadfont <font> true
++ % <fontname> .tryloadfont false
++ dup //.nametostring exec
++ % Hack: check for the presence of the resource machinery.
++ /.genericrfn where {
++ pop
++ pop dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn
++ {//false .loadfontloop} .internalstopped {//false} if {
++ //true
++ } {
++ dup //.nametostring exec
++ {//true .loadfontloop} .internalstopped {//false} if
++ } ifelse
++ } {
++ {//true .loadfontloop} .internalstopped {//false} if
++ } ifelse
++} bind def
++
++% Try to find a font using only the present contents of Fontmap.
++/.tryfindfont { % <fontname> .tryfindfont <font> true
++ % <fontname> .tryfindfont false
++ //.FontDirectory 1 index //.fontknownget exec
++ { % Already loaded
++ exch pop //true
++ }
++ {
++ dup Fontmap exch .knownget
++ { //true //true }
++ { % Unknown font name. Look for a file with the
++ % same name as the requested font.
++ dup //.tryloadfont exec
++ { exch pop //true //false }
++ {
++ % if we can't load by name check the native font map
++ dup .nativeFontmap exch .knownget
++ { //true //true }
++ { //false //false } ifelse
++ } ifelse
++ } ifelse
++
++ { % Try each element of the Fontmap in turn.
++ pop
++ //false exch % (in case we exhaust the list)
++ % Stack: fontname false fontmaplist
++ { exch pop
++ dup type /nametype eq
++ { % Font alias
++ //.checkalias exec
++ .tryfindfont exit
++ }
++ { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and
++ { % Font with a procedural definition
++ exec % The procedure will load the font.
++ % Check to make sure this really happened.
++ //.FontDirectory 1 index .knownget
++ { exch pop //true exit }
++ if
++ }
++ { % Font file name
++ //true .loadfontloop { //true exit } if
++ }
++ ifelse
++ }
++ ifelse //false
++ }
++ forall
++ % Stack: font true -or- fontname false
++ { //true
++ }
++ { % None of the Fontmap entries worked.
++ % Try loading a file with the same name
++ % as the requested font.
++ //.tryloadfont exec
++ }
++ ifelse
++ }
++ if
++ }
++ ifelse
++ } bind def
+
+ % Define a procedure to load all known fonts.
+ % This isn't likely to be very useful.
+@@ -1192,9 +1204,9 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined
+ /.loadinitialfonts
+ { NOFONTMAP not
+ { /FONTMAP where
+- { pop [ FONTMAP .pathlist ]
++ { pop [ FONTMAP //.pathlist exec]
+ { dup VMDEBUG findlibfile
+- { exch pop .loadFontmap }
++ { exch pop //.loadFontmap exec }
+ { /undefinedfilename signalerror }
+ ifelse
+ }
+@@ -1208,7 +1220,7 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined
+ pop pop
+ defaultfontmap_content { .definefontmap } forall
+ } {
+- .loadFontmap
++ //.loadFontmap exec
+ } ifelse
+ } {
+ pop pop
+@@ -1272,3 +1284,18 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined
+ { .makemodifiedfont
+ dup /FontName get exch definefont pop
+ } bind def
++
++% Undef these, not needed outside this file
++[
++ % /.fonttempstring /.scannextfontdir - are also used in gs_res.ps, so are undefined there
++ % /.fontnameproperties - is used in pdf_font.ps
++ % /.scanfontheaders - used in gs_cff.ps, gs_ttf.ps
++ /.loadfontloop /.tryloadfont /.findfont /.pathlist /.loadFontmap /.lowerstring
++ /.splitfilename /.scanfontdict /.scanfontbegin
++ /.scanfontskip /.scan1fontstring
++ /.scan1fontfirst /.scanfontdir
++ /.setnativefontmapbuilt /.aliasfont
++ /.setloadingfont /.substitutefaces /.substituteproperties /.substitutefamilies
++ /.nametostring /.fontnamestring /.checkalias /.fontknownget /.stdsubstfont
++ /.putgstringcopy
++] {systemdict exch .forceundef} forall
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index 18d5452..b016113 100644
+--- a/Resource/Init/gs_res.ps
++++ b/Resource/Init/gs_res.ps
+@@ -961,7 +961,7 @@ userdict /.localcsdefaults //false put
+ dup type /nametype eq { .namestring } if
+ dup type /stringtype ne { //false exit } if
+ % Check the resource directory.
+- dup .fonttempstring /FontResourceDir getsystemparam .genericrfn
++ dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn
+ status {
+ pop pop pop pop //true exit
+ } if
+@@ -969,7 +969,7 @@ userdict /.localcsdefaults //false put
+ % as the font.
+ findlibfile { closefile //true exit } if
+ % Scan a FONTPATH directory and try again.
+- .scannextfontdir not { //false exit } if
++ //.scannextfontdir exec not { //false exit } if
+ } loop
+ } bind def
+
+@@ -1008,7 +1008,7 @@ currentdict /.fontstatusaux .undef
+ } ifelse
+ } bind executeonly
+ /ResourceForAll {
+- { .scannextfontdir not { exit } if } loop
++ { //.scannextfontdir exec not { exit } if } loop
+ /Generic /Category findresource /ResourceForAll get exec
+ } bind executeonly
+ /.ResourceFileStatus {
+@@ -1163,6 +1163,7 @@ end % level2dict
+ [
+ /.default_resource_dir
+ /.resource_dir_name
++ /.fonttempstring /.scannextfontdir % from gs_fonts.ps
+ ]
+ {systemdict exch .forceundef} forall
+
+--
+2.18.1
+
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch
new file mode 100644
index 0000000..5c1f839
--- /dev/null
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch
@@ -0,0 +1,346 @@
+From 5c49efe24dda0f2dbd2a09b9159e683cce99b6d8 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Fri, 11 Jan 2019 13:36:36 +0000
+Subject: [PATCH 7/7] Remove .forcedef, and harden .force* ops more
+
+Remove .forcedef and replace all uses with a direct call to .forceput instead.
+
+Ensure every procedure (named and trasient) that calls .forceput is
+executeonly.
+
+CVE: CVE-2019-6116
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Resource/Init/gs_dps1.ps | 15 +++++++-----
+ Resource/Init/gs_init.ps | 28 ++++++++-------------
+ Resource/Init/gs_lev2.ps | 51 +++++++++++++++++++--------------------
+ Resource/Init/gs_ll3.ps | 5 ++--
+ Resource/Init/gs_res.ps | 29 +++++++++++-----------
+ Resource/Init/gs_statd.ps | 4 +--
+ 6 files changed, 63 insertions(+), 69 deletions(-)
+
+diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
+index 8700c8c..3d2cf7a 100644
+--- a/Resource/Init/gs_dps1.ps
++++ b/Resource/Init/gs_dps1.ps
+@@ -33,14 +33,17 @@ systemdict begin
+
+ /SharedFontDirectory .FontDirectory .gcheck
+ { .currentglobal //false .setglobal
++ currentdict
+ /LocalFontDirectory .FontDirectory dup maxlength dict copy
+- .forcedef % LocalFontDirectory is local, systemdict is global
++ .forceput % LocalFontDirectory is local, systemdict is global
+ .setglobal .FontDirectory
+- }
+- { /LocalFontDirectory .FontDirectory
+- .forcedef % LocalFontDirectory is local, systemdict is global
++ } executeonly
++ {
++ currentdict
++ /LocalFontDirectory .FontDirectory
++ .forceput % LocalFontDirectory is local, systemdict is global
+ 50 dict
+- }
++ }executeonly
+ ifelse def
+
+ end % systemdict
+@@ -55,7 +58,7 @@ level2dict begin
+ { //SharedFontDirectory }
+ { /LocalFontDirectory .systemvar } % can't embed ref to local VM
+ ifelse .forceput pop % LocalFontDirectory is local, systemdict is global
+- } .bind odef
++ } .bind executeonly odef
+ % Don't just copy (load) the definition of .setglobal:
+ % it gets redefined for LL3.
+ /setshared { /.setglobal .systemvar exec } odef
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index d9a0829..45bebf4 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -54,7 +54,7 @@ systemdict exch
+ dup /userdict
+ currentdict dup 200 .setmaxlength % userdict
+ .forceput % userdict is local, systemdict is global
+- }
++ } executeonly
+ if begin
+
+ % Define dummy local/global operators if needed.
+@@ -299,13 +299,6 @@ QUIET not { printgreeting flush } if
+ 1 index exch .makeoperator def
+ } .bind def
+
+-% Define a special version of def for storing local objects into global
+-% dictionaries. Like .forceput, this exists only during initialization.
+-/.forcedef { % <key> <value> .forcedef -
+- 1 .argindex pop % check # of args
+- currentdict 3 1 roll .forceput
+-} .bind odef
+-
+ % Define procedures for accessing variables in systemdict and userdict
+ % regardless of the contents of the dictionary stack.
+ /.systemvar { % <name> .systemvar <value>
+@@ -347,7 +340,7 @@ DELAYBIND
+ }
+ ifelse
+ } .bind def
+-} if
++} executeonly if
+
+ %**************** BACKWARD COMPATIBILITY ****************
+ /hwsizedict mark /HWSize //null .dicttomark readonly def
+@@ -655,7 +648,7 @@ currentdict /.typenames .undef
+ /ifelse .systemvar
+ ] cvx executeonly
+ exch .setglobal
+-} odef
++} executeonly odef
+ systemdict /internaldict dup .makeinternaldict .makeoperator
+ .forceput % proc is local, systemdict is global
+
+@@ -1093,7 +1086,7 @@ def
+
+ % Define $error. This must be in local VM.
+ .currentglobal //false .setglobal
+-/$error 40 dict .forcedef % $error is local, systemdict is global
++currentdict /$error 40 dict .forceput % $error is local, systemdict is global
+ % newerror, errorname, command, errorinfo,
+ % ostack, estack, dstack, recordstacks,
+ % binary, globalmode,
+@@ -1112,8 +1105,8 @@ end
+ % Define errordict similarly. It has one entry per error name,
+ % plus handleerror. However, some astonishingly badly written PostScript
+ % files require it to have at least one empty slot.
+-/errordict ErrorNames length 3 add dict
+-.forcedef % errordict is local, systemdict is global
++currentdict /errordict ErrorNames length 3 add dict
++.forceput % errordict is local, systemdict is global
+ .setglobal % back to global VM
+ % gserrordict contains all the default error handling methods, but unlike
+ % errordict it is noaccess after creation (also it is in global VM).
+@@ -1273,8 +1266,9 @@ end
+ (END PROCS) VMDEBUG
+
+ % Define the font directory.
++currentdict
+ /FontDirectory //false .setglobal 100 dict //true .setglobal
+-.forcedef % FontDirectory is local, systemdict is global
++.forceput % FontDirectory is local, systemdict is global
+
+ % Define the encoding dictionary.
+ /EncodingDirectory 16 dict def % enough for Level 2 + PDF standard encodings
+@@ -2333,7 +2327,6 @@ SAFER { .setsafeglobal } if
+ //systemdict /UndefinePostScriptOperators get exec
+ //systemdict /UndefinePDFOperators get exec
+ //systemdict /.forcecopynew .forceundef % remove temptation
+- //systemdict /.forcedef .forceundef % ditto
+ //systemdict /.forceput .forceundef % ditto
+ //systemdict /.undef .forceundef % ditto
+ //systemdict /.forceundef .forceundef % ditto
+@@ -2368,9 +2361,9 @@ SAFER { .setsafeglobal } if
+ % (and, if implemented, context switching).
+ .currentglobal //false .setglobal
+ mark userparams { } forall .dicttomark readonly
+- /userparams exch .forcedef % systemdict is read-only
++ currentdict exch /userparams exch .forceput % systemdict is read-only
+ .setglobal
+-} if
++} executeonly if
+ /.currentsystemparams where {
+ pop
+ % Remove real system params from pssystemparams.
+@@ -2458,7 +2451,6 @@ end
+ DELAYBIND not {
+ systemdict /.bindnow .undef % We only need this for DELAYBIND
+ systemdict /.forcecopynew .undef % remove temptation
+- systemdict /.forcedef .undef % ditto
+ systemdict /.forceput .undef % ditto
+ systemdict /.forceundef .undef % ditto
+ } if
+diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps
+index 0f0d573..9c0c3a6 100644
+--- a/Resource/Init/gs_lev2.ps
++++ b/Resource/Init/gs_lev2.ps
+@@ -304,31 +304,30 @@ end
+ psuserparams exch /.checkFilePermitparams load put
+ .setglobal
+
+-pssystemparams begin
+- /CurDisplayList 0 .forcedef
+- /CurFormCache 0 .forcedef
+- /CurInputDevice () .forcedef
+- /CurOutlineCache 0 .forcedef
+- /CurOutputDevice () .forcedef
+- /CurPatternCache 0 .forcedef
+- /CurUPathCache 0 .forcedef
+- /CurScreenStorage 0 .forcedef
+- /CurSourceList 0 .forcedef
+- /DoPrintErrors //false .forcedef
+- /JobTimeout 0 .forcedef
+- /LicenseID (LN-001) .forcedef % bogus
+- /MaxDisplayList 140000 .forcedef
+- /MaxFormCache 100000 .forcedef
+- /MaxImageBuffer 524288 .forcedef
+- /MaxOutlineCache 65000 .forcedef
+- /MaxPatternCache 100000 .forcedef
+- /MaxUPathCache 300000 .forcedef
+- /MaxScreenStorage 84000 .forcedef
+- /MaxSourceList 25000 .forcedef
+- /PrinterName product .forcedef
+- /RamSize 4194304 .forcedef
+- /WaitTimeout 40 .forcedef
+-end
++pssystemparams
++dup /CurDisplayList 0 .forceput
++dup /CurFormCache 0 .forceput
++dup /CurInputDevice () .forceput
++dup /CurOutlineCache 0 .forceput
++dup /CurOutputDevice () .forceput
++dup /CurPatternCache 0 .forceput
++dup /CurUPathCache 0 .forceput
++dup /CurScreenStorage 0 .forceput
++dup /CurSourceList 0 .forceput
++dup /DoPrintErrors //false .forceput
++dup /JobTimeout 0 .forceput
++dup /LicenseID (LN-001) .forceput % bogus
++dup /MaxDisplayList 140000 .forceput
++dup /MaxFormCache 100000 .forceput
++dup /MaxImageBuffer 524288 .forceput
++dup /MaxOutlineCache 65000 .forceput
++dup /MaxPatternCache 100000 .forceput
++dup /MaxUPathCache 300000 .forceput
++dup /MaxScreenStorage 84000 .forceput
++dup /MaxSourceList 25000 .forceput
++dup /PrinterName product .forceput
++dup /RamSize 4194304 .forceput
++ /WaitTimeout 40 .forceput
+
+ % Define the procedures for handling comment scanning. The names
+ % %ProcessComment and %ProcessDSCComment are known to the interpreter.
+@@ -710,7 +709,7 @@ pop % currentsystemparams
+ /statusdict currentdict def
+
+ currentdict end
+-/statusdict exch .forcedef % statusdict is local, systemdict is global
++currentdict exch /statusdict exch .forceput % statusdict is local, systemdict is global
+
+ % The following compatibility operators are in systemdict. They are
+ % defined here, rather than in gs_init.ps, because they require the
+diff --git a/Resource/Init/gs_ll3.ps b/Resource/Init/gs_ll3.ps
+index c86721f..881af44 100644
+--- a/Resource/Init/gs_ll3.ps
++++ b/Resource/Init/gs_ll3.ps
+@@ -521,9 +521,8 @@ end
+ % Define additional user and system parameters.
+ /HalftoneMode 0 .definepsuserparam
+ /MaxSuperScreen 1016 .definepsuserparam
+-pssystemparams begin % read-only, so use .forcedef
+- /MaxDisplayAndSourceList 160000 .forcedef
+-end
++% read-only, so use .forceput
++pssystemparams /MaxDisplayAndSourceList 160000 .forceput
+
+ % Define the IdiomSet resource category.
+ { /IdiomSet } {
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index b016113..89c0ed6 100644
+--- a/Resource/Init/gs_res.ps
++++ b/Resource/Init/gs_res.ps
+@@ -41,10 +41,10 @@ level2dict begin
+ % However, Ed Taft of Adobe says their interpreters don't implement this
+ % either, so we aren't going to worry about it for a while.
+
+-currentglobal //false setglobal systemdict begin
+- /localinstancedict 5 dict
+- .forcedef % localinstancedict is local, systemdict is global
+-end //true setglobal
++currentglobal //false setglobal
++ systemdict /localinstancedict 5 dict
++ .forceput % localinstancedict is local, systemdict is global
++//true setglobal
+ /.emptydict 0 dict readonly def
+ setglobal
+
+@@ -149,7 +149,7 @@ setglobal
+ dup [ exch 0 -1 ] exch
+ .Instances 4 2 roll put
+ % Make the Category dictionary read-only. We will have to
+- % use .forceput / .forcedef later to replace the dummy,
++ % use .forceput / .forceput later to replace the dummy,
+ % empty .Instances dictionary with the real one later.
+ readonly
+ }{
+@@ -304,7 +304,8 @@ systemdict begin
+ dup () ne {
+ .file_name_directory_separator concatstrings
+ } if
+- 2 index exch //false .file_name_combine not {
++ 2 index exch //false
++ .file_name_combine not {
+ (Error: .default_resource_dir returned ) print exch print ( that can't combine with ) print =
+ /.default_resource_dir cvx /configurationerror signalerror
+ } if
+@@ -317,14 +318,14 @@ currentdict /pssystemparams known not {
+ pssystemparams begin
+ //.default_resource_dir exec
+ /FontResourceDir (Font) //.resource_dir_name exec
+- readonly .forcedef % pssys'params is r-o
++ readonly currentdict 3 1 roll .forceput % pssys'params is r-o
+ /GenericResourceDir () //.resource_dir_name exec
+- readonly .forcedef % pssys'params is r-o
++ readonly currentdict 3 1 roll .forceput % pssys'params is r-o
+ pop % .default_resource_dir
+ /GenericResourcePathSep
+- .file_name_separator readonly .forcedef % pssys'params is r-o
+- (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forcedef % pssys'params is r-o
+- (%diskGenericResourceDir) cvn (/Resource/) readonly .forcedef % pssys'params is r-o
++ .file_name_separator readonly currentdict 3 1 roll .forceput % pssys'params is r-o
++ currentdict (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forceput % pssys'params is r-o
++ currentdict (%diskGenericResourceDir) cvn (/Resource/) readonly .forceput % pssys'params is r-o
+ end
+ end
+
+@@ -422,8 +423,8 @@ status {
+ .Instances dup //.emptydict eq {
+ pop 3 dict
+ % As noted above, Category dictionaries are read-only,
+- % so we have to use .forcedef here.
+- /.Instances 1 index .forcedef % Category dict is read-only
++ % so we have to use .forceput here.
++ currentdict /.Instances 2 index .forceput % Category dict is read-only
+ } executeonly if
+ }
+ { .LocalInstances dup //.emptydict eq
+@@ -441,7 +442,7 @@ status {
+ { /defineresource cvx /typecheck signaloperror
+ }
+ ifelse
+-} .bind executeonly .makeoperator % executeonly to prevent access to .forcedef
++} .bind executeonly .makeoperator % executeonly to prevent access to .forceput
+ /UndefineResource
+ { { dup 2 index .knownget
+ { dup 1 get 1 ge
+diff --git a/Resource/Init/gs_statd.ps b/Resource/Init/gs_statd.ps
+index 20d4c96..b6a7659 100644
+--- a/Resource/Init/gs_statd.ps
++++ b/Resource/Init/gs_statd.ps
+@@ -21,10 +21,10 @@ systemdict begin
+ % We make statusdict a little larger for Level 2 stuff.
+ % Note that it must be allocated in local VM.
+ .currentglobal //false .setglobal
+- /statusdict 91 dict .forcedef % statusdict is local, sys'dict global
++ currentdict /statusdict 91 dict .forceput % statusdict is local, sys'dict global
+ % To support the Level 2 job control features,
+ % serverdict must also be in local VM.
+- /serverdict 10 dict .forcedef % serverdict is local, sys'dict global
++ currentdict /serverdict 10 dict .forceput % serverdict is local, sys'dict global
+ .setglobal
+ end
+
+--
+2.18.1
+
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_9.26.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_9.26.bb
index 5ca978f..ad4c5e1 100644
--- a/poky/meta/recipes-extended/ghostscript/ghostscript_9.26.bb
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript_9.26.bb
@@ -32,6 +32,13 @@
file://ghostscript-9.02-genarch.patch \
file://objarch.h \
file://cups-no-gcrypt.patch \
+ file://CVE-2019-6116-0001.patch \
+ file://CVE-2019-6116-0002.patch \
+ file://CVE-2019-6116-0003.patch \
+ file://CVE-2019-6116-0004.patch \
+ file://CVE-2019-6116-0005.patch \
+ file://CVE-2019-6116-0006.patch \
+ file://CVE-2019-6116-0007.patch \
"
SRC_URI_class-native = "${SRC_URI_BASE} \
diff --git a/poky/meta/recipes-extended/libaio/libaio_0.3.111.bb b/poky/meta/recipes-extended/libaio/libaio_0.3.111.bb
index 04b50b6..8e1cd34 100644
--- a/poky/meta/recipes-extended/libaio/libaio_0.3.111.bb
+++ b/poky/meta/recipes-extended/libaio/libaio_0.3.111.bb
@@ -20,4 +20,4 @@
oe_runmake install DESTDIR=${D}
}
-BBCLASSEXTEND = "nativesdk"
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-extended/mdadm/files/mdadm.init b/poky/meta/recipes-extended/mdadm/files/mdadm.init
new file mode 100644
index 0000000..cab91b9
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/mdadm.init
@@ -0,0 +1,72 @@
+#!/bin/sh
+#
+# Start the MD monitor daemon for all active MD arrays if desired.
+#
+### BEGIN INIT INFO
+# Provides: mdadm
+# Required-Start: $local_fs $syslog mdadm-raid
+# Required-Stop: $local_fs $syslog mdadm-raid
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: MD monitoring daemon
+# Description: mdadm provides a monitor mode, in which it will scan for
+# problems with the MD devices. If a problem is found, the
+# administrator is alerted via email, or a custom script is
+# run.
+### END INIT INFO
+#
+
+MDADM=/sbin/mdadm
+RUNDIR=/var/run/mdadm
+PIDFILE=$RUNDIR/monitor.pid
+DEBIANCONFIG=/etc/default/mdadm
+
+test -x "$MDADM" || exit 0
+
+test -f /proc/mdstat || exit 0
+
+START_DAEMON=true
+test -f $DEBIANCONFIG && . $DEBIANCONFIG
+
+. /lib/lsb/init-functions
+
+# Include functions
+. /etc/init.d/functions
+
+case "${1:-}" in
+ start)
+ if is_true $START_DAEMON; then
+ log_daemon_msg "Starting MD monitoring service" "mdadm --monitor"
+ mkdir -p $RUNDIR
+ start-stop-daemon -S -p $PIDFILE -x $MDADM -- \
+ --monitor --pid-file $PIDFILE --daemonise --scan ${DAEMON_OPTIONS:-}
+ RETVAL=$?
+ log_end_msg $RETVAL
+ exit $RETVAL
+ fi
+ ;;
+ stop)
+ if [ -f $PIDFILE ] ; then
+ log_daemon_msg "Stopping MD monitoring service" "mdadm --monitor"
+ start-stop-daemon -K -p $PIDFILE -x $MDADM
+ RETVAL=$?
+ rm -f $PIDFILE
+ log_end_msg $RETVAL
+ exit $RETVAL
+ fi
+ ;;
+ status)
+ status -p $PIDFILE "$MDADM" && exit 0 || exit $?
+ ;;
+ restart|reload|force-reload)
+ ${0:-} stop
+ ${0:-} start
+ ;;
+ *)
+ echo "Usage: ${0:-} {start|stop|status|restart|reload|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
+
diff --git a/poky/meta/recipes-extended/mdadm/files/mdmonitor.service b/poky/meta/recipes-extended/mdadm/files/mdmonitor.service
new file mode 100644
index 0000000..bd243b4
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/mdmonitor.service
@@ -0,0 +1,19 @@
+# This file is part of mdadm.
+#
+# mdadm is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Software RAID monitoring and management
+ConditionPathExists=/etc/mdadm.conf
+
+[Service]
+Type=forking
+PIDFile=/var/run/mdadm/mdadm.pid
+EnvironmentFile=-/etc/sysconfig/mdmonitor
+ExecStart=/sbin/mdadm --monitor --scan -f --pid-file=/var/run/mdadm/mdadm.pid
+
+[Install]
+WantedBy=multi-user.target
diff --git a/poky/meta/recipes-extended/mdadm/mdadm_4.0.bb b/poky/meta/recipes-extended/mdadm/mdadm_4.0.bb
index 2c4d88a..8155ae4 100644
--- a/poky/meta/recipes-extended/mdadm/mdadm_4.0.bb
+++ b/poky/meta/recipes-extended/mdadm/mdadm_4.0.bb
@@ -24,12 +24,14 @@
file://0001-Use-CC-to-check-for-implicit-fallthrough-warning-sup.patch \
file://0001-use-memmove-instead-of-memcpy-on-overlapping-region.patch \
file://0001-Disable-gcc8-warnings.patch \
+ file://mdadm.init \
+ file://mdmonitor.service \
"
SRC_URI[md5sum] = "2cb4feffea9167ba71b5f346a0c0a40d"
SRC_URI[sha256sum] = "1d6ae7f24ced3a0fa7b5613b32f4a589bb4881e3946a5a2c3724056254ada3a9"
CFLAGS += "-fno-strict-aliasing"
-inherit autotools-brokensep
+inherit autotools-brokensep systemd
EXTRA_OEMAKE = 'CHECK_RUN_DIR=0 CXFLAGS="${CFLAGS}"'
# PPC64 and MIPS64 uses long long for u64 in the kernel, but powerpc's asm/types.h
@@ -51,7 +53,17 @@
autotools_do_install
}
-inherit ptest
+do_install_append() {
+ install -d ${D}/${sysconfdir}/
+ install -m 644 ${S}/mdadm.conf-example ${D}${sysconfdir}/mdadm.conf
+ install -d ${D}/${systemd_unitdir}/system
+ install -m 644 ${S}/systemd/mdmonitor.service ${D}/${systemd_unitdir}/system
+ install -d ${D}/${sysconfdir}/init.d
+ install -m 755 ${WORKDIR}/mdadm.init ${D}${sysconfdir}/init.d/mdmonitor
+}
+
+SYSTEMD_SERVICE_${PN} = "mdmonitor.service"
+SYSTEMD_AUTO_ENABLE = "disable"
do_compile_ptest() {
oe_runmake test
@@ -67,6 +79,7 @@
install -D -m 755 $prg ${D}${PTEST_PATH}/
done
}
+
RDEPENDS_${PN}-ptest += "bash"
RRECOMMENDS_${PN}-ptest += " \
coreutils \
diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
index ef8bae9..fdf8f19 100644
--- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
+++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
@@ -66,7 +66,7 @@
file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
- file://LICENSE.amdgpu;md5=88b865bc74f3ffcc54640b4ea8540b46 \
+ file://LICENSE.amdgpu;md5=ab515ef6495ab5c5a3b08ab2db62df11 \
file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \
file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \
file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \
@@ -122,7 +122,7 @@
file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
- file://WHENCE;md5=cecb9bd279516f42a589647557e806f2 \
+ file://WHENCE;md5=66abf0fb69b09d6f3d2db6088594c808 \
"
# These are not common licenses, set NO_GENERIC_LICENSE for them
@@ -188,7 +188,7 @@
NO_GENERIC_LICENSE[Firmware-xc5000c] = "LICENCE.xc5000c"
NO_GENERIC_LICENSE[WHENCE] = "WHENCE"
-SRCREV = "1baa34868b2c0a004dc595b20678145e3fff83e7"
+SRCREV = "710963fe53ee3f227556d36839df3858daf6e232"
PE = "1"
PV = "0.0+git${SRCPV}"
@@ -300,6 +300,7 @@
${PN}-i915-license ${PN}-i915 \
${PN}-adsp-sst-license ${PN}-adsp-sst \
${PN}-bnx2-mips \
+ ${PN}-liquidio \
${PN}-netronome-license ${PN}-netronome \
${PN}-qat ${PN}-qat-license \
${PN}-qcom-license \
@@ -860,6 +861,8 @@
RDEPENDS_${PN}-qcom-adreno-a3xx = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-adreno-a530 = "${PN}-qcom-license"
+FILES_${PN}-liquidio = "${nonarch_base_libdir}/firmware/liquidio"
+
# For other firmwares
# Maybe split out to separate packages when needed.
LICENSE_${PN} = "\
@@ -920,13 +923,13 @@
# Make linux-firmware-ibt depend on all of the split-out ibt packages.
python populate_packages_prepend () {
firmware_pkgs = oe.utils.packages_filter_out_system(d)
- d.appendVar('RDEPENDS_linux-firmware', ' ' + ' '.join(firmware_pkgs))
+ d.appendVar('RRECOMMENDS_linux-firmware', ' ' + ' '.join(firmware_pkgs))
iwlwifi_pkgs = filter(lambda x: x.find('-iwlwifi-') != -1, firmware_pkgs)
- d.appendVar('RDEPENDS_linux-firmware-iwlwifi', ' ' + ' '.join(iwlwifi_pkgs))
+ d.appendVar('RRECOMMENDS_linux-firmware-iwlwifi', ' ' + ' '.join(iwlwifi_pkgs))
ibt_pkgs = filter(lambda x: x.find('-ibt-') != -1, firmware_pkgs)
- d.appendVar('RDEPENDS_linux-firmware-ibt', ' ' + ' '.join(ibt_pkgs))
+ d.appendVar('RRECOMMENDS_linux-firmware-ibt', ' ' + ' '.join(ibt_pkgs))
}
# Firmware files are generally not ran on the CPU, so they can be
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.18.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.18.bb
index d4a21a0..9b8609b 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.18.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.18.bb
@@ -11,13 +11,13 @@
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "5cc3fddf0e2a9f390b00d50f27c726a5aea86d85"
-SRCREV_meta ?= "ce063086f1a9bd2f8d361f91757755df83aa1f13"
+SRCREV_machine ?= "917ee880b11f569d7a1118dc3575fd24d8ff349b"
+SRCREV_meta ?= "9e348b6f9db185cb60a34d18fd14a18b5def2c31"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.18;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.18.25"
+LINUX_VERSION ?= "4.18.27"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.18.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.18.bb
index 2efa40f..0be7f08 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.18.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.18.bb
@@ -6,7 +6,7 @@
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "4.18.25"
+LINUX_VERSION ?= "4.18.27"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "214d5273e58b56f89795bf384068e7b8c21c0f8d"
-SRCREV_machine ?= "28e7781d57a59227bf1c08c7f3dbdfee16aa0dc2"
-SRCREV_meta ?= "ce063086f1a9bd2f8d361f91757755df83aa1f13"
+SRCREV_machine_qemuarm ?= "8f59516428463985f2a636b024b6c3f1b2178855"
+SRCREV_machine ?= "62f0a3acffffd555f68ed97d5e4faade2b28f3c0"
+SRCREV_meta ?= "9e348b6f9db185cb60a34d18fd14a18b5def2c31"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_4.18.bb b/poky/meta/recipes-kernel/linux/linux-yocto_4.18.bb
index 1ecbec9..4a9febc 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_4.18.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_4.18.bb
@@ -11,21 +11,21 @@
KBRANCH_qemux86-64 ?= "v4.18/standard/base"
KBRANCH_qemumips64 ?= "v4.18/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "0002e7595bd75ecb2c1561d4b5c025130ccd31f3"
-SRCREV_machine_qemuarm64 ?= "28e7781d57a59227bf1c08c7f3dbdfee16aa0dc2"
-SRCREV_machine_qemumips ?= "28983ad3c7a64c15c154c1edf1d11472abb778f7"
-SRCREV_machine_qemuppc ?= "28e7781d57a59227bf1c08c7f3dbdfee16aa0dc2"
-SRCREV_machine_qemux86 ?= "28e7781d57a59227bf1c08c7f3dbdfee16aa0dc2"
-SRCREV_machine_qemux86-64 ?= "28e7781d57a59227bf1c08c7f3dbdfee16aa0dc2"
-SRCREV_machine_qemumips64 ?= "3be07269ed012fb6d148bd641ee40a40cb6cb13f"
-SRCREV_machine ?= "28e7781d57a59227bf1c08c7f3dbdfee16aa0dc2"
-SRCREV_meta ?= "ce063086f1a9bd2f8d361f91757755df83aa1f13"
+SRCREV_machine_qemuarm ?= "e66e05d38c1a0eda0db1f34090ecf7155226fa4c"
+SRCREV_machine_qemuarm64 ?= "62f0a3acffffd555f68ed97d5e4faade2b28f3c0"
+SRCREV_machine_qemumips ?= "5fb9275fdd72ccd5f61cbbce5fef842fbcf3c957"
+SRCREV_machine_qemuppc ?= "62f0a3acffffd555f68ed97d5e4faade2b28f3c0"
+SRCREV_machine_qemux86 ?= "62f0a3acffffd555f68ed97d5e4faade2b28f3c0"
+SRCREV_machine_qemux86-64 ?= "62f0a3acffffd555f68ed97d5e4faade2b28f3c0"
+SRCREV_machine_qemumips64 ?= "19cccc092a7fe2337153c65045bded55ae4d5e4b"
+SRCREV_machine ?= "62f0a3acffffd555f68ed97d5e4faade2b28f3c0"
+SRCREV_meta ?= "9e348b6f9db185cb60a34d18fd14a18b5def2c31"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.18;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "4.18.25"
+LINUX_VERSION ?= "4.18.27"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"