poky: subtree update:c6bc20857c..b23aa6b753
Anatol Belski (1):
bitbake: bitbake: hashserv: Fix localhost sometimes resolved to a wrong IP
Andrew Geissler (1):
systemd: Upgrade v246.2 -> v246.6
Anibal Limon (1):
mesa: update 20.1.6 -> 20.1.8
Bruce Ashfield (2):
linux-yocto/beaglebone: Switch to sdhci-omap driver
kernel-yocto: add KBUILD_DEFCONFIG search location to failure message
Changqing Li (1):
sysklogd: fix parallel build issue
Charlie Davies (2):
bitbake: bitbake: fetch/git: add support for SRC_URI containing spaces in url
bitbake: bitbake: tests/fetch: add unit tests for SRC_URI with spaces in url
Chee Yang Lee (1):
bash : include patch 17 & 18
Chen Qi (2):
populate_sdk_ext.bbclass: add ESDK_MANIFEST_EXCLUDES
testsdk.py: remove workspace/sources to avoid failure in case of multilib
Chris Laplante (3):
bitbake.conf: add name of multiconfig to BUILDCFG_HEADER when multiconfig is active
cve-check: introduce CVE_CHECK_RECIPE_FILE variable to allow changing of per-recipe check file
cve-check: add CVE_CHECK_REPORT_PATCHED variable to suppress reporting of patched CVEs
Christian Eggers (1):
packagegroup: rrecommend perf also for musl on ARM
De Huo (1):
bash: fix CVE-2019-18276
Jean-Francois Dagenais (2):
bitbake: bitbake: tests/siggen: introduce clean_basepath testcases
bitbake: bitbake: siggen: clean_basepath: improve perfo and readability
Jens Rehsack (1):
image-artifact-names: make variables overridable
Jon Mason (1):
Space-comma Cleanups
Jonathan Richardson (1):
cortex-m0.inc: Add tuning for cortex-m0
Kai Kang (2):
systemd: disable xdg-autostart generator by default
kea: fix conflict between multilibs
Khairul Rohaizzat Jamaluddin (1):
sphinx: ref-variables: Added entry for IMAGE_EFI_BOOT_FILES
Khem Raj (6):
ncurses: Create alternative symlinks for st and st-256color
packagegroups: remove strace and lttng-tools for rv32/musl
qemuboot: Add QB_RNG variable
gettext: Fix ptest failure
ptest-runner: Backport patch to fix inappropriate ioctl error
systemd: Drop 0023-Fix-field-efi_loader_entry_one_shot_stat-has-incompl.patch
Konrad Weihmann (1):
testexport: rename create_tarball method
Leif Middelschulte (2):
bitbake: fetch2: fix handling of `\` in file:// SRC_URI
bitbake: tests/fetch: backslash support in file:// URIs
Mark Jonas (2):
Add license text for PSF-2.0
Map license names PSF and PSFv2 to PSF-2.0
Mingli Yu (3):
kea: create /var/lib/kea and /var/run/kea folder
bind: remove -r option for rndc-confgen
debianutils: update the debian snapshot version
Nicolas Dechesne (3):
sphinx: report errors when dependencies are not met
README: include detailed information about sphinx
sphinx: fix up some trademark and branding issues
Norman Stetter (1):
sstate.bbclass: Check file ownership before doing 'touch -a'
Otavio Salvador (1):
openssh: Allow enable/disable of rng-tools recommendation on sshd
Peter A. Bigot (1):
go-mod.bbclass: use append to add `modcacherw`
Quentin Schulz (2):
docs: static: theme_overrides.css: fix responsive design on <640px screens
docs: fix broken links
Randy MacLeod (1):
curl: Change SRC_URI from http to https
Rasmus Villemoes (1):
kernel.bbclass: ensure symlink_kernsrc task gets run even with externalsrc
Richard Purdie (15):
scripts/oe-build-perf-report: Use python3 from the environment
dropbear/openssh: Lower priority of key generation
oeqa/qemurunner: Increase serial timeout
python3-markupsafe: Import from meta-oe/meta-python
python3-jinja2: Import from meta-oe/meta-python
buildtools-tarball: Add python3-jinja2
buildtools-tarball: Fix conflicts with oe-selftest and other tooling
oeqa/selftest/incompatible_lib: Fix append usage
oeqa/selftest/containerimage: Update to match assumptions in configuration
ssh-pregen-hostkeys: Add a recipe with pregenerated ssh host keys
build-appliance-image: Update to master head revision
bitbake: Revert "bitbake-layers: add signal hander to avoid exception"
staging: Ensure cleaned dependencies are added
oeqa/selftest/devtool: Add sync call to test teardown
bitbake: cooker: Avoid tracebacks if data was never setup
Ross Burton (11):
gettext: no need to depend on bison-native
meta: add/fix invalid Upstream-Status tags
bitbake: taskexp: update for GTK API changes
glibc: make nscd optional
utils: respect scheduler affinity in cpu_count()
rpm: disable libarchive use
sstate: set mode explicitly when creating directories in sstate-cache
rpm: add PACKAGECONFIG for the systemd inhibit plugin
boost: move the build directory outside of S
bitbake: utils: add umask changing context manager
bitbake: siggen: use correct umask when writing siginfo
Saul Wold (2):
testimage: Add testimage_dump_target to kwargs
target/ssh.py: Add dump_target support
Teoh Jay Shen (1):
oeqa/runtime : add test for RTC(Real Time Clock)
Tim Orling (1):
oeqa/selftest/cases/devtool.py: avoid .pyc race
Usama Arif (1):
ref-manual: document authentication key variables
Wang Mingyu (1):
maintainers.inc: Add Zang Ruochen and Wang Mingyu for several recipes
Yi Zhao (4):
dhcpcd: pass --dbdir to EXTRA_OECONF to set database directory
dhcpcd: set --runstatedir to /run
dhcpcd: add dhcpcd user to support priviledge separation
dhcpcd: set service to conflict with connman
akuster (1):
libdrm: fix build failure
zangrc (4):
bind: upgrade 9.16.5 -> 9.16.7
stress-ng: upgrade 0.11.19 -> 0.11.21
pango: upgrade 1.46.1 -> 1.46.2
sudo: upgrade 1.9.2 -> 1.9.3
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I2c19d3b3793ee5a6f42e04817147d75f315943a5
diff --git a/poky/meta/recipes-extended/bash/bash/bash-CVE-2019-18276.patch b/poky/meta/recipes-extended/bash/bash/bash-CVE-2019-18276.patch
new file mode 100644
index 0000000..7b20732
--- /dev/null
+++ b/poky/meta/recipes-extended/bash/bash/bash-CVE-2019-18276.patch
@@ -0,0 +1,386 @@
+From 951bdaad7a18cc0dc1036bba86b18b90874d39ff Mon Sep 17 00:00:00 2001
+From: Chet Ramey <chet.ramey@case.edu>
+Date: Mon, 1 Jul 2019 09:03:53 -0400
+Subject: [PATCH] commit bash-20190628 snapshot
+
+An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11.
+By default, if Bash is run with its effective UID not equal to its real UID,
+it will drop privileges by setting its effective UID to its real UID.
+However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality,
+the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for
+runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore
+regains privileges. However, binaries running with an effective UID of 0 are unaffected.
+
+Get the patch from [1] to fix the issue.
+
+Upstream-Status: Inappropriate [the upstream thinks it doesn't increase the credibility of CVEs in general]
+CVE: CVE-2019-18276
+
+[1] https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=951bdaa
+
+Signed-off-by: De Huo <De.Huo@windriver.com>
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ MANIFEST | 2 ++
+ bashline.c | 50 +-------------------------------------------------
+ builtins/help.def | 2 +-
+ config.h.in | 10 +++++++++-
+ configure.ac | 1 +
+ doc/bash.1 | 3 ++-
+ doc/bashref.texi | 3 ++-
+ lib/glob/glob.c | 5 ++++-
+ pathexp.c | 16 ++++++++++++++--
+ shell.c | 8 ++++++++
+ tests/glob.tests | 2 ++
+ tests/glob6.sub | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ tests/glob7.sub | 11 +++++++++++
+ 14 files changed, 122 insertions(+), 56 deletions(-)
+ create mode 100644 tests/glob6.sub
+ create mode 100644 tests/glob7.sub
+
+diff --git a/MANIFEST b/MANIFEST
+index 03de221..f9ccad7 100644
+--- a/MANIFEST
++++ b/MANIFEST
+@@ -1037,6 +1037,8 @@ tests/extglob3.tests f
+ tests/extglob3.right f
+ tests/extglob4.sub f
+ tests/extglob5.sub f
++tests/glob6.sub f
++tests/glob7.sub f
+ tests/func.tests f
+ tests/func.right f
+ tests/func1.sub f
+diff --git a/bashline.c b/bashline.c
+index 824ea9d..d86b47d 100644
+--- a/bashline.c
++++ b/bashline.c
+@@ -3718,55 +3718,7 @@ static int
+ completion_glob_pattern (string)
+ char *string;
+ {
+- register int c;
+- char *send;
+- int open;
+-
+- DECLARE_MBSTATE;
+-
+- open = 0;
+- send = string + strlen (string);
+-
+- while (c = *string++)
+- {
+- switch (c)
+- {
+- case '?':
+- case '*':
+- return (1);
+-
+- case '[':
+- open++;
+- continue;
+-
+- case ']':
+- if (open)
+- return (1);
+- continue;
+-
+- case '+':
+- case '@':
+- case '!':
+- if (*string == '(') /*)*/
+- return (1);
+- continue;
+-
+- case '\\':
+- if (*string++ == 0)
+- return (0);
+- }
+-
+- /* Advance one fewer byte than an entire multibyte character to
+- account for the auto-increment in the loop above. */
+-#ifdef HANDLE_MULTIBYTE
+- string--;
+- ADVANCE_CHAR_P (string, send - string);
+- string++;
+-#else
+- ADVANCE_CHAR_P (string, send - string);
+-#endif
+- }
+- return (0);
++ return (glob_pattern_p (string) == 1);
+ }
+
+ static char *globtext;
+diff --git a/builtins/help.def b/builtins/help.def
+index 006c4b5..92f9b38 100644
+--- a/builtins/help.def
++++ b/builtins/help.def
+@@ -128,7 +128,7 @@ help_builtin (list)
+
+ /* We should consider making `help bash' do something. */
+
+- if (glob_pattern_p (list->word->word))
++ if (glob_pattern_p (list->word->word) == 1)
+ {
+ printf ("%s", ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1)));
+ print_word_list (list, ", ");
+diff --git a/config.h.in b/config.h.in
+index 8554aec..ad4b1e8 100644
+--- a/config.h.in
++++ b/config.h.in
+@@ -1,6 +1,6 @@
+ /* config.h -- Configuration file for bash. */
+
+-/* Copyright (C) 1987-2009,2011-2012 Free Software Foundation, Inc.
++/* Copyright (C) 1987-2009,2011-2012,2013-2019 Free Software Foundation, Inc.
+
+ This file is part of GNU Bash, the Bourne Again SHell.
+
+@@ -807,6 +807,14 @@
+ #undef HAVE_SETREGID
+ #undef HAVE_DECL_SETREGID
+
++/* Define if you have the setregid function. */
++#undef HAVE_SETRESGID
++#undef HAVE_DECL_SETRESGID
++
++/* Define if you have the setresuid function. */
++#undef HAVE_SETRESUID
++#undef HAVE_DECL_SETRESUID
++
+ /* Define if you have the setvbuf function. */
+ #undef HAVE_SETVBUF
+
+diff --git a/configure.ac b/configure.ac
+index 52b4cdb..549adef 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -810,6 +810,7 @@ AC_CHECK_DECLS([confstr])
+ AC_CHECK_DECLS([printf])
+ AC_CHECK_DECLS([sbrk])
+ AC_CHECK_DECLS([setregid])
++AC_CHECK_DECLS[(setresuid, setresgid])
+ AC_CHECK_DECLS([strcpy])
+ AC_CHECK_DECLS([strsignal])
+
+diff --git a/doc/bash.1 b/doc/bash.1
+index e6cd08d..9e58a0b 100644
+--- a/doc/bash.1
++++ b/doc/bash.1
+@@ -4681,7 +4681,8 @@ above).
+ .PD
+ .SH "SIMPLE COMMAND EXPANSION"
+ When a simple command is executed, the shell performs the following
+-expansions, assignments, and redirections, from left to right.
++expansions, assignments, and redirections, from left to right, in
++the following order.
+ .IP 1.
+ The words that the parser has marked as variable assignments (those
+ preceding the command name) and redirections are saved for later
+diff --git a/doc/bashref.texi b/doc/bashref.texi
+index d33cd57..3065126 100644
+--- a/doc/bashref.texi
++++ b/doc/bashref.texi
+@@ -2964,7 +2964,8 @@ is not specified. If the file does not exist, it is created.
+ @cindex command expansion
+
+ When a simple command is executed, the shell performs the following
+-expansions, assignments, and redirections, from left to right.
++expansions, assignments, and redirections, from left to right, in
++the following order.
+
+ @enumerate
+ @item
+diff --git a/lib/glob/glob.c b/lib/glob/glob.c
+index 398253b..2eaa33e 100644
+--- a/lib/glob/glob.c
++++ b/lib/glob/glob.c
+@@ -607,6 +607,7 @@ glob_vector (pat, dir, flags)
+ register unsigned int i;
+ int mflags; /* Flags passed to strmatch (). */
+ int pflags; /* flags passed to sh_makepath () */
++ int hasglob; /* return value from glob_pattern_p */
+ int nalloca;
+ struct globval *firstmalloc, *tmplink;
+ char *convfn;
+@@ -648,10 +649,12 @@ glob_vector (pat, dir, flags)
+ patlen = (pat && *pat) ? strlen (pat) : 0;
+
+ /* If the filename pattern (PAT) does not contain any globbing characters,
++ or contains a pattern with only backslash escapes (hasglob == 2),
+ we can dispense with reading the directory, and just see if there is
+ a filename `DIR/PAT'. If there is, and we can access it, just make the
+ vector to return and bail immediately. */
+- if (skip == 0 && glob_pattern_p (pat) == 0)
++ hasglob = 0;
++ if (skip == 0 && (hasglob = glob_pattern_p (pat)) == 0 || hasglob == 2)
+ {
+ int dirlen;
+ struct stat finfo;
+diff --git a/pathexp.c b/pathexp.c
+index c1bf2d8..e6c5392 100644
+--- a/pathexp.c
++++ b/pathexp.c
+@@ -58,7 +58,10 @@ int extended_glob = EXTGLOB_DEFAULT;
+ /* Control enabling special handling of `**' */
+ int glob_star = 0;
+
+-/* Return nonzero if STRING has any unquoted special globbing chars in it. */
++/* Return nonzero if STRING has any unquoted special globbing chars in it.
++ This is supposed to be called when pathname expansion is performed, so
++ it implements the rules in Posix 2.13.3, specifically that an unquoted
++ slash cannot appear in a bracket expression. */
+ int
+ unquoted_glob_pattern_p (string)
+ register char *string;
+@@ -85,10 +88,14 @@ unquoted_glob_pattern_p (string)
+ continue;
+
+ case ']':
+- if (open)
++ if (open) /* XXX - if --open == 0? */
+ return (1);
+ continue;
+
++ case '/':
++ if (open)
++ open = 0;
++
+ case '+':
+ case '@':
+ case '!':
+@@ -106,6 +113,11 @@ unquoted_glob_pattern_p (string)
+ string++;
+ continue;
+ }
++ else if (open && *string == '/')
++ {
++ string++; /* quoted slashes in bracket expressions are ok */
++ continue;
++ }
+ else if (*string == 0)
+ return (0);
+
+diff --git a/shell.c b/shell.c
+index a2b2a55..6adabc8 100644
+--- a/shell.c
++++ b/shell.c
+@@ -1293,7 +1293,11 @@ disable_priv_mode ()
+ {
+ int e;
+
++#if HAVE_DECL_SETRESUID
++ if (setresuid (current_user.uid, current_user.uid, current_user.uid) < 0)
++#else
+ if (setuid (current_user.uid) < 0)
++#endif
+ {
+ e = errno;
+ sys_error (_("cannot set uid to %d: effective uid %d"), current_user.uid, current_user.euid);
+@@ -1302,7 +1306,11 @@ disable_priv_mode ()
+ exit (e);
+ #endif
+ }
++#if HAVE_DECL_SETRESGID
++ if (setresgid (current_user.gid, current_user.gid, current_user.gid) < 0)
++#else
+ if (setgid (current_user.gid) < 0)
++#endif
+ sys_error (_("cannot set gid to %d: effective gid %d"), current_user.gid, current_user.egid);
+
+ current_user.euid = current_user.uid;
+diff --git a/tests/glob.tests b/tests/glob.tests
+index 01913bb..fb012f7 100644
+--- a/tests/glob.tests
++++ b/tests/glob.tests
+@@ -12,6 +12,8 @@ ${THIS_SH} ./glob1.sub
+ ${THIS_SH} ./glob2.sub
+ ${THIS_SH} ./glob3.sub
+ ${THIS_SH} ./glob4.sub
++${THIS_SH} ./glob6.sub
++${THIS_SH} ./glob7.sub
+
+ MYDIR=$PWD # save where we are
+
+diff --git a/tests/glob6.sub b/tests/glob6.sub
+new file mode 100644
+index 0000000..b099811
+--- /dev/null
++++ b/tests/glob6.sub
+@@ -0,0 +1,54 @@
++# tests of the backslash-in-glob-patterns discussion on the austin-group ML
++
++: ${TMPDIR:=/var/tmp}
++
++ORIG=$PWD
++GLOBDIR=$TMPDIR/bash-glob-$$
++mkdir $GLOBDIR && cd $GLOBDIR
++
++# does the pattern matcher allow backslashes as escape characters and remove
++# them as part of matching?
++touch abcdefg
++pat='ab\cd*'
++printf '<%s>\n' $pat
++pat='\.'
++printf '<%s>\n' $pat
++rm abcdefg
++
++# how about when escaping pattern characters?
++touch '*abc.c'
++a='\**.c'
++printf '%s\n' $a
++rm -f '*abc.c'
++
++# how about when making the distinction between readable and searchable path
++# components?
++mkdir -m a=x searchable
++mkdir -m a=r readable
++
++p='searchable/\.'
++printf "%s\n" $p
++
++p='searchable/\./.'
++printf "%s\n" $p
++
++p='readable/\.'
++printf "%s\n" $p
++
++p='readable/\./.'
++printf "%s\n" $p
++
++printf "%s\n" 'searchable/\.'
++printf "%s\n" 'readable/\.'
++
++echo */.
++
++p='*/\.'
++echo $p
++
++echo */'.'
++
++rmdir searchable readable
++
++cd $ORIG
++rmdir $GLOBDIR
+diff --git a/tests/glob7.sub b/tests/glob7.sub
+new file mode 100644
+index 0000000..0212b8e
+--- /dev/null
++++ b/tests/glob7.sub
+@@ -0,0 +1,11 @@
++# according to Posix 2.13.3, a slash in a bracket expression renders that
++# bracket expression invalid
++shopt -s nullglob
++
++echo 1: [qwe/qwe]
++echo 2: [qwe/
++echo 3: [qwe/]
++
++echo 4: [qwe\/qwe]
++echo 5: [qwe\/
++echo 6: [qwe\/]
+--
+1.9.1
+
diff --git a/poky/meta/recipes-extended/bash/bash_5.0.bb b/poky/meta/recipes-extended/bash/bash_5.0.bb
index 8ff9e6e..257a03b 100644
--- a/poky/meta/recipes-extended/bash/bash_5.0.bb
+++ b/poky/meta/recipes-extended/bash/bash_5.0.bb
@@ -21,6 +21,8 @@
${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-014;apply=yes;striplevel=0;name=patch014 \
${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-015;apply=yes;striplevel=0;name=patch015 \
${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-016;apply=yes;striplevel=0;name=patch016 \
+ ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-017;apply=yes;striplevel=0;name=patch017 \
+ ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-018;apply=yes;striplevel=0;name=patch018 \
file://execute_cmd.patch \
file://mkbuiltins_have_stringize.patch \
file://build-tests.patch \
@@ -28,6 +30,7 @@
file://run-ptest \
file://run-bash-ptests \
file://fix-run-builtins.patch \
+ file://bash-CVE-2019-18276.patch \
"
SRC_URI[tarball.md5sum] = "2b44b47b905be16f45709648f671820b"
@@ -65,6 +68,11 @@
SRC_URI[patch015.sha256sum] = "a517df2dda93b26d5cbf00effefea93e3a4ccd6652f152f4109170544ebfa05e"
SRC_URI[patch016.md5sum] = "a682ed6fa2c2e7a7c3ba6bdeada07fb5"
SRC_URI[patch016.sha256sum] = "ffd1d7a54a99fa7f5b1825e4f7e95d8c8876bc2ca151f150e751d429c650b06d"
+SRC_URI[patch017.md5sum] = "d9dcaa1d8e7a24850449a1aac43a12a9"
+SRC_URI[patch017.sha256sum] = "4cf3b9fafb8a66d411dd5fc9120032533a4012df1dc6ee024c7833373e2ddc31"
+SRC_URI[patch018.md5sum] = "a64d950d5de72ae590455b13e6afefcb"
+SRC_URI[patch018.sha256sum] = "7c314e375a105a6642e8ed44f3808b9def89d15f7492fe2029a21ba9c0de81d3"
+
DEBUG_OPTIMIZATION_append_armv4 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}"
DEBUG_OPTIMIZATION_append_armv5 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}"