diff options
35 files changed, 678 insertions, 314 deletions
diff --git a/meta/classes/populate_sdk_base.bbclass b/meta/classes/populate_sdk_base.bbclass index 563582e0a0..cc171d13ad 100644 --- a/meta/classes/populate_sdk_base.bbclass +++ b/meta/classes/populate_sdk_base.bbclass @@ -20,6 +20,9 @@ def complementary_globs(featurevar, d): SDKIMAGE_FEATURES ??= "dev-pkgs dbg-pkgs ${@bb.utils.contains('DISTRO_FEATURES', 'api-documentation', 'doc-pkgs', '', d)}" SDKIMAGE_INSTALL_COMPLEMENTARY = '${@complementary_globs("SDKIMAGE_FEATURES", d)}' +# List of locales to install, or "all" for all of them, or unset for none. +SDKIMAGE_LINGUAS ?= "all" + inherit rootfs_${IMAGE_PKGTYPE} SDK_DIR = "${WORKDIR}/sdk" @@ -39,7 +42,8 @@ TOOLCHAIN_TARGET_TASK_ATTEMPTONLY ?= "" TOOLCHAIN_OUTPUTNAME ?= "${SDK_NAME}-toolchain-${SDK_VERSION}" SDK_RDEPENDS = "${TOOLCHAIN_TARGET_TASK} ${TOOLCHAIN_HOST_TASK}" -SDK_DEPENDS = "virtual/fakeroot-native pixz-native" +SDK_DEPENDS = "virtual/fakeroot-native pixz-native cross-localedef-native" +SDK_DEPENDS_append_libc-glibc = " nativesdk-glibc-locale" # We want the MULTIARCH_TARGET_SYS to point to the TUNE_PKGARCH, not PACKAGE_ARCH as it # could be set to the MACHINE_ARCH diff --git a/meta/classes/populate_sdk_ext.bbclass b/meta/classes/populate_sdk_ext.bbclass index 8b8a341e3e..9be2d47d0d 100644 --- a/meta/classes/populate_sdk_ext.bbclass +++ b/meta/classes/populate_sdk_ext.bbclass @@ -618,7 +618,8 @@ fakeroot python do_populate_sdk_ext() { d.setVar('SDK_REQUIRED_UTILITIES', get_sdk_required_utilities(buildtools_fn, d)) d.setVar('SDK_BUILDTOOLS_INSTALLER', buildtools_fn) d.setVar('SDKDEPLOYDIR', '${SDKEXTDEPLOYDIR}') - + # ESDKs have a libc from the buildtools so ensure we don't ship linguas twice + d.delVar('SDKIMAGE_LINGUAS') populate_sdk_common(d) } diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index e2383d2709..6ebe817ec9 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -458,7 +458,7 @@ HOSTTOOLS_DIR = "${TMPDIR}/hosttools" # Tools needed to run builds with OE-Core HOSTTOOLS += " \ - [ ar as awk basename bash bzip2 cat chgrp chmod chown chrpath cmp cp cpio \ + [ ar as awk basename bash bzip2 cat chgrp chmod chown chrpath cmp comm cp cpio \ cpp cut date dd diff diffstat dirname du echo egrep env expand expr false \ fgrep file find flock g++ gawk gcc getconf getopt git grep gunzip gzip \ head hostname install ld ldd ln ls make makeinfo md5sum mkdir mknod \ diff --git a/meta/conf/distro/include/default-distrovars.inc b/meta/conf/distro/include/default-distrovars.inc index 08542a743f..76d09af726 100644 --- a/meta/conf/distro/include/default-distrovars.inc +++ b/meta/conf/distro/include/default-distrovars.inc @@ -8,6 +8,7 @@ IMAGE_LINGUAS ?= "en-us en-gb" ENABLE_BINARY_LOCALE_GENERATION ?= "1" LOCALE_UTF8_ONLY ?= "0" LOCALE_UTF8_IS_DEFAULT ?= "1" +LOCALE_UTF8_IS_DEFAULT_class-nativesdk = "0" DISTRO_FEATURES_DEFAULT ?= "acl alsa argp bluetooth ext2 irda largefile pcmcia usbgadget usbhost wifi xattr nfs zeroconf pci 3g nfc x11" DISTRO_FEATURES_LIBC_DEFAULT ?= "ipv4 ipv6 libc-backtrace libc-big-macros libc-bsd libc-cxx-tests libc-catgets libc-charsets libc-crypt \ diff --git a/meta/conf/distro/include/world-broken.inc b/meta/conf/distro/include/world-broken.inc index 0166963329..8f561032f5 100644 --- a/meta/conf/distro/include/world-broken.inc +++ b/meta/conf/distro/include/world-broken.inc @@ -28,6 +28,10 @@ EXCLUDE_FROM_WORLD_pn-lttng-tools_libc-musl = "1" EXCLUDE_FROM_WORLD_pn-systemtap_libc-musl = "1" EXCLUDE_FROM_WORLD_pn-systemtap-uprobes_libc-musl = "1" +# portmap.c:488:32: error: 'struct sockaddr_in6' has no member named 'sin_port'; did you mean 'sin6_port'? +# We removed portmap in rocko onwards and it doesn't work with libtirpc +EXCLUDE_FROM_WORLD_pn-portmap_libc-musl = "1" + # error: a parameter list without types is only allowed in a function definition # void (*_function)(sigval_t); EXCLUDE_FROM_WORLD_pn-qemu_libc-musl = "1" diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py index 3a2daadafa..1a2914fedc 100644 --- a/meta/lib/oe/package_manager.py +++ b/meta/lib/oe/package_manager.py @@ -370,6 +370,29 @@ class PackageManager(object, metaclass=ABCMeta): pass """ + Install all packages that match a glob. + """ + def install_glob(self, globs, sdk=False): + # TODO don't have sdk here but have a property on the superclass + # (and respect in install_complementary) + if sdk: + pkgdatadir = self.d.expand("${TMPDIR}/pkgdata/${SDK_SYS}") + else: + pkgdatadir = self.d.getVar("PKGDATA_DIR") + + try: + bb.note("Installing globbed packages...") + cmd = ["oe-pkgdata-util", "-p", pkgdatadir, "list-pkgs", globs] + pkgs = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8") + self.install(pkgs.split(), attempt_only=True) + except subprocess.CalledProcessError as e: + # Return code 1 means no packages matched + if e.returncode != 1: + bb.fatal("Could not compute globbed packages list. Command " + "'%s' returned %d:\n%s" % + (' '.join(cmd), e.returncode, e.output.decode("utf-8"))) + + """ Install complementary packages based upon the list of currently installed packages e.g. locales, *-dev, *-dbg, etc. This will only attempt to install these packages, if they don't exist then no error will occur. Note: every @@ -401,7 +424,7 @@ class PackageManager(object, metaclass=ABCMeta): installed_pkgs.write(output) installed_pkgs.flush() - cmd = [bb.utils.which(os.getenv('PATH'), "oe-pkgdata-util"), + cmd = ["oe-pkgdata-util", "-p", self.d.getVar('PKGDATA_DIR'), "glob", installed_pkgs.name, globs] exclude = self.d.getVar('PACKAGE_EXCLUDE_COMPLEMENTARY') @@ -411,11 +434,11 @@ class PackageManager(object, metaclass=ABCMeta): bb.note("Installing complementary packages ...") bb.note('Running %s' % cmd) complementary_pkgs = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8") + self.install(complementary_pkgs.split(), attempt_only=True) except subprocess.CalledProcessError as e: bb.fatal("Could not compute complementary packages list. Command " "'%s' returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8"))) - self.install(complementary_pkgs.split(), attempt_only=True) def deploy_dir_lock(self): if self.deploy_dir is None: @@ -1055,7 +1078,7 @@ class OpkgPM(OpkgDpkgPM): output = subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT).decode("utf-8") bb.note(output) except subprocess.CalledProcessError as e: - (bb.fatal, bb.note)[attempt_only]("Unable to install packages. " + (bb.fatal, bb.warn)[attempt_only]("Unable to install packages. " "Command '%s' returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8"))) @@ -1354,7 +1377,7 @@ class DpkgPM(OpkgDpkgPM): bb.note("Installing the following packages: %s" % ' '.join(pkgs)) subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: - (bb.fatal, bb.note)[attempt_only]("Unable to install packages. " + (bb.fatal, bb.warn)[attempt_only]("Unable to install packages. " "Command '%s' returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8"))) diff --git a/meta/lib/oe/sdk.py b/meta/lib/oe/sdk.py index 9fe1687ac3..f89382cd03 100644 --- a/meta/lib/oe/sdk.py +++ b/meta/lib/oe/sdk.py @@ -7,6 +7,51 @@ import shutil import glob import traceback +def generate_locale_archive(d, rootfs): + # Pretty sure we don't need this for SDK archive generation but + # keeping it to be safe... + target_arch = d.getVar('SDK_ARCH') + locale_arch_options = { \ + "arm": ["--uint32-align=4", "--little-endian"], + "armeb": ["--uint32-align=4", "--big-endian"], + "aarch64": ["--uint32-align=4", "--little-endian"], + "aarch64_be": ["--uint32-align=4", "--big-endian"], + "sh4": ["--uint32-align=4", "--big-endian"], + "powerpc": ["--uint32-align=4", "--big-endian"], + "powerpc64": ["--uint32-align=4", "--big-endian"], + "mips": ["--uint32-align=4", "--big-endian"], + "mipsisa32r6": ["--uint32-align=4", "--big-endian"], + "mips64": ["--uint32-align=4", "--big-endian"], + "mipsisa64r6": ["--uint32-align=4", "--big-endian"], + "mipsel": ["--uint32-align=4", "--little-endian"], + "mipsisa32r6el": ["--uint32-align=4", "--little-endian"], + "mips64el": ["--uint32-align=4", "--little-endian"], + "mipsisa64r6el": ["--uint32-align=4", "--little-endian"], + "i586": ["--uint32-align=4", "--little-endian"], + "i686": ["--uint32-align=4", "--little-endian"], + "x86_64": ["--uint32-align=4", "--little-endian"] + } + if target_arch in locale_arch_options: + arch_options = locale_arch_options[target_arch] + else: + bb.error("locale_arch_options not found for target_arch=" + target_arch) + bb.fatal("unknown arch:" + target_arch + " for locale_arch_options") + + localedir = oe.path.join(rootfs, d.getVar("libdir_nativesdk"), "locale") + # Need to set this so cross-localedef knows where the archive is + env = dict(os.environ) + env["LOCALEARCHIVE"] = oe.path.join(localedir, "locale-archive") + + for name in os.listdir(localedir): + path = os.path.join(localedir, name) + if os.path.isdir(path): + try: + cmd = ["cross-localedef", "--verbose"] + cmd += arch_options + cmd += ["--add-to-archive", path] + subprocess.check_output(cmd, env=env, stderr=subprocess.STDOUT) + except Exception as e: + bb.fatal("Cannot create locale archive: %s" % e.output) class Sdk(object, metaclass=ABCMeta): def __init__(self, d, manifest_dir): @@ -84,6 +129,30 @@ class Sdk(object, metaclass=ABCMeta): bb.debug(1, "printing the stack trace\n %s" %traceback.format_exc()) bb.warn("cannot remove SDK dir: %s" % path) + def install_locales(self, pm): + # This is only relevant for glibc + if self.d.getVar("TCLIBC") != "glibc": + return + + linguas = self.d.getVar("SDKIMAGE_LINGUAS") + if linguas: + import fnmatch + # Install the binary locales + if linguas == "all": + pm.install_glob("nativesdk-glibc-binary-localedata-*.utf-8", sdk=True) + else: + for lang in linguas.split(): + pm.install("nativesdk-glibc-binary-localedata-%s.utf-8" % lang) + # Generate a locale archive of them + generate_locale_archive(self.d, oe.path.join(self.sdk_host_sysroot, self.sdk_native_path)) + # And now delete the binary locales + pkgs = fnmatch.filter(pm.list_installed(), "nativesdk-glibc-binary-localedata-*.utf-8") + pm.remove(pkgs, with_dependencies=False) + else: + # No linguas so do nothing + pass + + class RpmSdk(Sdk): def __init__(self, d, manifest_dir=None, rpm_workdir="oe-sdk-repo"): super(RpmSdk, self).__init__(d, manifest_dir) @@ -164,6 +233,7 @@ class RpmSdk(Sdk): bb.note("Installing NATIVESDK packages") self._populate_sysroot(self.host_pm, self.host_manifest) + self.install_locales(self.host_pm) execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_HOST_COMMAND")) @@ -245,6 +315,7 @@ class OpkgSdk(Sdk): bb.note("Installing NATIVESDK packages") self._populate_sysroot(self.host_pm, self.host_manifest) + self.install_locales(self.host_pm) execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_HOST_COMMAND")) @@ -329,6 +400,7 @@ class DpkgSdk(Sdk): bb.note("Installing NATIVESDK packages") self._populate_sysroot(self.host_pm, self.host_manifest) + self.install_locales(self.host_pm) execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_HOST_COMMAND")) diff --git a/meta/recipes-core/glibc/cross-localedef-native_2.25.bb b/meta/recipes-core/glibc/cross-localedef-native_2.25.bb index fae8683eed..62911b4655 100644 --- a/meta/recipes-core/glibc/cross-localedef-native_2.25.bb +++ b/meta/recipes-core/glibc/cross-localedef-native_2.25.bb @@ -37,6 +37,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0024-eglibc-Forward-port-cross-locale-generation-support.patch \ file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \ file://0001-Include-locale_t.h-compatibility-header.patch \ + file://archive-path.patch \ " # Makes for a rather long rev (22 characters), but... # diff --git a/meta/recipes-core/glibc/glibc/0029-bits-siginfo.h-enum-definition-for-TRAP_HWBKPT-is-mi.patch b/meta/recipes-core/glibc/glibc/0029-bits-siginfo.h-enum-definition-for-TRAP_HWBKPT-is-mi.patch new file mode 100644 index 0000000000..bef888742b --- /dev/null +++ b/meta/recipes-core/glibc/glibc/0029-bits-siginfo.h-enum-definition-for-TRAP_HWBKPT-is-mi.patch @@ -0,0 +1,68 @@ +From 297aca56465035dce1f7b91b5cdda54379141957 Mon Sep 17 00:00:00 2001 +From: Pratyush Anand <panand@redhat.com> +Date: Wed, 22 Mar 2017 17:02:38 +0530 +Subject: [PATCH] bits/siginfo.h: enum definition for TRAP_HWBKPT is missing +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Compile following linux kernel test code with latest glibc: + +https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/breakpoints/breakpoint_test_arm64.c + +and we get following error: +breakpoint_test_arm64.c: In function ‘run_test’: +breakpoint_test_arm64.c:171:25: error: ‘TRAP_HWBKPT’ undeclared (first use in this function) + if (siginfo.si_code != TRAP_HWBKPT) { + ^ +I can compile test code by modifying my local +/usr/include/bits/siginfo.h and test works great. Therefore, this patch +will be needed in upstream glibc so that issue is fixed there as well. + +Signed-off-by: Pratyush Anand <panand@redhat.com> + +Upstream-Status: Submitted [https://sourceware.org/bugzilla/show_bug.cgi?id=21286] +--- + bits/siginfo.h | 6 +++++- + sysdeps/unix/sysv/linux/bits/siginfo.h | 6 +++++- + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/bits/siginfo.h b/bits/siginfo.h +index 4919df5..6dc714e 100644 +--- a/bits/siginfo.h ++++ b/bits/siginfo.h +@@ -140,8 +140,12 @@ enum + { + TRAP_BRKPT = 1, /* Process breakpoint. */ + # define TRAP_BRKPT TRAP_BRKPT +- TRAP_TRACE /* Process trace trap. */ ++ TRAP_TRACE, /* Process trace trap. */ + # define TRAP_TRACE TRAP_TRACE ++ TRAP_BRANCH, /* Process branch trap. */ ++# define TRAP_BRANCH TRAP_BRANCH ++ TRAP_HWBKPT /* hardware breakpoint/watchpoint */ ++# define TRAP_HWBKPT TRAP_HWBKPT + }; + # endif + +diff --git a/sysdeps/unix/sysv/linux/bits/siginfo.h b/sysdeps/unix/sysv/linux/bits/siginfo.h +index 7b0d4f6..9cdf42a 100644 +--- a/sysdeps/unix/sysv/linux/bits/siginfo.h ++++ b/sysdeps/unix/sysv/linux/bits/siginfo.h +@@ -235,8 +235,12 @@ enum + { + TRAP_BRKPT = 1, /* Process breakpoint. */ + # define TRAP_BRKPT TRAP_BRKPT +- TRAP_TRACE /* Process trace trap. */ ++ TRAP_TRACE, /* Process trace trap. */ + # define TRAP_TRACE TRAP_TRACE ++ TRAP_BRANCH, /* Process branch trap. */ ++# define TRAP_BRANCH TRAP_BRANCH ++ TRAP_HWBKPT /* hardware breakpoint/watchpoint */ ++# define TRAP_HWBKPT TRAP_HWBKPT + }; + # endif + +-- +2.7.4 + diff --git a/meta/recipes-core/glibc/glibc/archive-path.patch b/meta/recipes-core/glibc/glibc/archive-path.patch new file mode 100644 index 0000000000..b0d3158cfe --- /dev/null +++ b/meta/recipes-core/glibc/glibc/archive-path.patch @@ -0,0 +1,39 @@ +localedef --add-to-archive uses a hard-coded locale path which doesn't exist in +normal use, and there's no way to pass an alternative filename. + +Add a fallback of $LOCALEARCHIVE from the environment, and allow creation of new locale archives that are not the system archive. + +Upstream-Status: Inappropriate (OE-specific) +Signed-off-by: Ross Burton <ross.burton@intel.com> + +diff --git a/locale/programs/locarchive.c b/locale/programs/locarchive.c +index ca332a34..6b7ba9b2 100644 +--- a/locale/programs/locarchive.c ++++ b/locale/programs/locarchive.c +@@ -569,10 +569,13 @@ open_archive (struct locarhandle *ah, bool readonly) + /* If ah has a non-NULL fname open that otherwise open the default. */ + if (archivefname == NULL) + { +- archivefname = default_fname; +- if (output_prefix) +- memcpy (default_fname, output_prefix, prefix_len); +- strcpy (default_fname + prefix_len, ARCHIVE_NAME); ++ archivefname = getenv("LOCALEARCHIVE"); ++ if (archivefname == NULL) { ++ archivefname = default_fname; ++ if (output_prefix) ++ memcpy (default_fname, output_prefix, prefix_len); ++ strcpy (default_fname + prefix_len, ARCHIVE_NAME); ++ } + } + + while (1) +@@ -585,7 +588,7 @@ open_archive (struct locarhandle *ah, bool readonly) + the default locale archive we ignore the failure and + list an empty archive, otherwise we print an error + and exit. */ +- if (errno == ENOENT && archivefname == default_fname) ++ if (errno == ENOENT) + { + if (readonly) + { diff --git a/meta/recipes-core/glibc/glibc/relocate-locales.patch b/meta/recipes-core/glibc/glibc/relocate-locales.patch new file mode 100644 index 0000000000..2aea37f5ca --- /dev/null +++ b/meta/recipes-core/glibc/glibc/relocate-locales.patch @@ -0,0 +1,55 @@ +The glibc locale path is hard-coded to the install prefix, but in SDKs we need +to be able to relocate the binaries. Expand the strings to 4K and put them in a +magic segment that we can relocate at install time. + +Upstream-Status: Inappropriate (OE-specific) +Signed-off-by: Ross Burton <ross.burton@intel.com> + +diff --git a/locale/findlocale.c b/locale/findlocale.c +index 872cadb5..da14fa39 100644 +--- a/locale/findlocale.c ++++ b/locale/findlocale.c +@@ -56,7 +56,7 @@ struct __locale_data *const _nl_C[] attribute_hidden = + which are somehow addressed. */ + struct loaded_l10nfile *_nl_locale_file_list[__LC_LAST]; + +-const char _nl_default_locale_path[] attribute_hidden = COMPLOCALEDIR; ++char _nl_default_locale_path[4096] attribute_hidden __attribute__ ((section (".gccrelocprefix"))) = COMPLOCALEDIR; + + /* Checks if the name is actually present, that is, not NULL and not + empty. */ +@@ -167,7 +167,7 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len, + + /* Nothing in the archive. Set the default path to search below. */ + locale_path = _nl_default_locale_path; +- locale_path_len = sizeof _nl_default_locale_path; ++ locale_path_len = strlen(locale_path) + 1; + } + else + /* We really have to load some data. First see whether the name is +diff --git a/locale/localeinfo.h b/locale/localeinfo.h +index 68822a63..537bc351 100644 +--- a/locale/localeinfo.h ++++ b/locale/localeinfo.h +@@ -325,7 +325,7 @@ _nl_lookup_word (locale_t l, int category, int item) + } + + /* Default search path if no LOCPATH environment variable. */ +-extern const char _nl_default_locale_path[] attribute_hidden; ++extern char _nl_default_locale_path[4096] attribute_hidden; + + /* Load the locale data for CATEGORY from the file specified by *NAME. + If *NAME is "", use environment variables as specified by POSIX, and +diff --git a/locale/loadarchive.c b/locale/loadarchive.c +index 516d30d8..792b37fb 100644 +--- a/locale/loadarchive.c ++++ b/locale/loadarchive.c +@@ -42,7 +43,7 @@ + + + /* Name of the locale archive file. */ +-static const char archfname[] = COMPLOCALEDIR "/locale-archive"; ++static const char archfname[4096] __attribute__ ((section (".gccrelocprefix"))) = COMPLOCALEDIR "/locale-archive"; + + /* Size of initial mapping window, optimal if large enough to + cover the header plus the initial locale. */ diff --git a/meta/recipes-core/glibc/glibc_2.25.bb b/meta/recipes-core/glibc/glibc_2.25.bb index 0f1ec0c142..49fcf0c67e 100644 --- a/meta/recipes-core/glibc/glibc_2.25.bb +++ b/meta/recipes-core/glibc/glibc_2.25.bb @@ -43,6 +43,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0026-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch \ file://0027-locale-fix-hard-coded-reference-to-gcc-E.patch \ file://0028-Rework-fno-omit-frame-pointer-support-on-i386.patch \ + file://0029-bits-siginfo.h-enum-definition-for-TRAP_HWBKPT-is-mi.patch \ " NATIVESDKFIXES ?= "" @@ -51,6 +52,7 @@ NATIVESDKFIXES_class-nativesdk = "\ file://0002-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch \ file://0003-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch \ file://0004-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch \ + file://relocate-locales.patch \ " S = "${WORKDIR}/git" @@ -130,12 +132,6 @@ do_compile () { } -# Use the host locale archive when built for nativesdk so that we don't need to -# ship a complete (100MB) locale set. -do_compile_prepend_class-nativesdk() { - echo "complocaledir=/usr/lib/locale" >> ${S}/configparms -} - require glibc-package.inc BBCLASSEXTEND = "nativesdk" diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb index 045781c21a..7485734f01 100644 --- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -23,7 +23,7 @@ IMAGE_FSTYPES = "vmdk" inherit core-image module-base setuptools3 -SRCREV ?= "b859272ad4053185d4980cac05481b430e05345f" +SRCREV ?= "ebb42af2829edfca1a23c7a51a431c656ffc2090" SRC_URI = "git://git.yoctoproject.org/poky;branch=pyro \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb index abdc7feeb8..474b928c1b 100644 --- a/meta/recipes-core/meta/buildtools-tarball.bb +++ b/meta/recipes-core/meta/buildtools-tarball.bb @@ -21,7 +21,6 @@ TOOLCHAIN_HOST_TASK ?= "\ nativesdk-wget \ nativesdk-ca-certificates \ nativesdk-texinfo \ - nativesdk-locale-base-en-us \ " MULTIMACH_TARGET_SYS = "${SDK_ARCH}-nativesdk${SDK_VENDOR}-${SDK_OS}" diff --git a/meta/recipes-devtools/distcc/distcc_3.2.bb b/meta/recipes-devtools/distcc/distcc_3.2.bb index ea3d7c10be..ff0e22f9b4 100644 --- a/meta/recipes-devtools/distcc/distcc_3.2.bb +++ b/meta/recipes-devtools/distcc/distcc_3.2.bb @@ -14,7 +14,7 @@ PACKAGECONFIG[popt] = "--without-included-popt,--with-included-popt,popt" RRECOMMENDS_${PN} = "avahi-daemon" -SRC_URI = "git://github.com/distcc/distcc.git;branch=${PV} \ +SRC_URI = "git://github.com/akuster/distcc.git;branch=${PV} \ file://separatebuilddir.patch \ file://0001-zeroconf-Include-fcntl.h.patch \ file://default \ diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-misc-rename-copy_file_range-to-copy_file_chunk.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-misc-rename-copy_file_range-to-copy_file_chunk.patch new file mode 100644 index 0000000000..3b1d7fe02d --- /dev/null +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-misc-rename-copy_file_range-to-copy_file_chunk.patch @@ -0,0 +1,62 @@ +From ad8078ca2ef35c91bedad61c9e2a6c01bf13a605 Mon Sep 17 00:00:00 2001 +From: Palmer Dabbelt <palmer@dabbelt.com> +Date: Fri, 29 Dec 2017 10:19:51 -0800 +Subject: [PATCH] misc: rename copy_file_range to copy_file_chunk + +As of 2.27, glibc will have a copy_file_range library call to wrap the +new copy_file_range system call. This conflicts with the function in +misc/create_inode.c, which this patch renames _copy_file_range. + +Signed-off-by: Palmer Dabbelt <palmer@dabbelt.com> +Signed-off-by: Theodore Ts'o <tytso@mit.edu> + +Upstream-Status: Backport + +Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> +--- + misc/create_inode.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/misc/create_inode.c b/misc/create_inode.c +index ae22ff6f..ea6fa7e7 100644 +--- a/misc/create_inode.c ++++ b/misc/create_inode.c +@@ -392,7 +392,7 @@ static ssize_t my_pread(int fd, void *buf, size_t count, off_t offset) + } + #endif /* !defined HAVE_PREAD64 && !defined HAVE_PREAD */ + +-static errcode_t copy_file_range(ext2_filsys fs, int fd, ext2_file_t e2_file, ++static errcode_t copy_file_chunk(ext2_filsys fs, int fd, ext2_file_t e2_file, + off_t start, off_t end, char *buf, + char *zerobuf) + { +@@ -466,7 +466,7 @@ static errcode_t try_lseek_copy(ext2_filsys fs, int fd, struct stat *statbuf, + + data_blk = data & ~(fs->blocksize - 1); + hole_blk = (hole + (fs->blocksize - 1)) & ~(fs->blocksize - 1); +- err = copy_file_range(fs, fd, e2_file, data_blk, hole_blk, buf, ++ err = copy_file_chunk(fs, fd, e2_file, data_blk, hole_blk, buf, + zerobuf); + if (err) + return err; +@@ -517,7 +517,7 @@ static errcode_t try_fiemap_copy(ext2_filsys fs, int fd, ext2_file_t e2_file, + goto out; + for (i = 0, ext = ext_buf; i < fiemap_buf->fm_mapped_extents; + i++, ext++) { +- err = copy_file_range(fs, fd, e2_file, ext->fe_logical, ++ err = copy_file_chunk(fs, fd, e2_file, ext->fe_logical, + ext->fe_logical + ext->fe_length, + buf, zerobuf); + if (err) +@@ -570,7 +570,7 @@ static errcode_t copy_file(ext2_filsys fs, int fd, struct stat *statbuf, + goto out; + #endif + +- err = copy_file_range(fs, fd, e2_file, 0, statbuf->st_size, buf, ++ err = copy_file_chunk(fs, fd, e2_file, 0, statbuf->st_size, buf, + zerobuf); + out: + ext2fs_free_mem(&zerobuf); +-- +2.16.2 + diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.4.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.4.bb index 5216c7027c..7aa73a15ed 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.4.bb +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.4.bb @@ -10,6 +10,7 @@ SRC_URI += "file://acinclude.m4 \ file://e2fsprogs-1.43-sysmacros.patch \ file://mkdir_p.patch \ file://0001-e2fsck-exit-with-exit-status-0-if-no-errors-were-fix.patch \ + file://0001-misc-rename-copy_file_range-to-copy_file_chunk.patch \ " SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch" diff --git a/meta/recipes-devtools/gdb/gdb-7.12.1.inc b/meta/recipes-devtools/gdb/gdb-7.12.1.inc index 634756ce45..1d81185a0a 100644 --- a/meta/recipes-devtools/gdb/gdb-7.12.1.inc +++ b/meta/recipes-devtools/gdb/gdb-7.12.1.inc @@ -16,6 +16,7 @@ SRC_URI = "http://ftp.gnu.org/gnu/gdb/gdb-${PV}.tar.xz \ file://0009-Change-order-of-CFLAGS.patch \ file://0010-resolve-restrict-keyword-conflict.patch \ file://package_devel_gdb_patches_120-sigprocmask-invalid-call.patch \ + file://gdb-Fix-ia64-defining-TRAP_HWBKPT-before-including-g.patch \ " SRC_URI[md5sum] = "193453347ddced7acb6b1cd2ee8f2e4b" SRC_URI[sha256sum] = "4607680b973d3ec92c30ad029f1b7dbde3876869e6b3a117d8a7e90081113186" diff --git a/meta/recipes-devtools/gdb/gdb/gdb-Fix-ia64-defining-TRAP_HWBKPT-before-including-g.patch b/meta/recipes-devtools/gdb/gdb/gdb-Fix-ia64-defining-TRAP_HWBKPT-before-including-g.patch new file mode 100644 index 0000000000..9bf99f6beb --- /dev/null +++ b/meta/recipes-devtools/gdb/gdb/gdb-Fix-ia64-defining-TRAP_HWBKPT-before-including-g.patch @@ -0,0 +1,53 @@ +From 49bd068c3acf376a3018c0ebd849bf7f72a1874d Mon Sep 17 00:00:00 2001 +From: James Clarke <jrtc27@jrtc27.com> +Date: Fri, 19 Jan 2018 17:22:49 +0000 +Subject: [PATCH] gdb: Fix ia64 defining TRAP_HWBKPT before including + gdb_wait.h + +On ia64, gdb_wait.h eventually includes siginfo-consts-arch.h, which +contains an enum with TRAP_HWBKPT, along with a #define. Thus we cannot +define TRAP_HWBKPT to 4 beforehand, and so gdb_wait.h must be included +earlier; include it from linux-ptrace.h so it can never come afterwards. + +gdb/ChangeLog: + + * nat/linux-ptrace.c: Remove unnecessary reinclusion of + gdb_ptrace.h, and move including gdb_wait.h ... + * nat/linux-ptrace.h: ... to here. + +Upstream-Status: Accepted [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=5a6c3296a7a90694ad4042f6256f3da6d4fa4ee8] + +Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> +--- + gdb/nat/linux-ptrace.c | 2 -- + gdb/nat/linux-ptrace.h | 1 + + 2 files changed, 1 insertion(+), 2 deletions(-) + +diff --git a/gdb/nat/linux-ptrace.c b/gdb/nat/linux-ptrace.c +index 3447e07..dd3310e 100644 +--- a/gdb/nat/linux-ptrace.c ++++ b/gdb/nat/linux-ptrace.c +@@ -21,8 +21,6 @@ + #include "linux-procfs.h" + #include "linux-waitpid.h" + #include "buffer.h" +-#include "gdb_wait.h" +-#include "gdb_ptrace.h" + #include <sys/procfs.h> + + /* Stores the ptrace options supported by the running kernel. +diff --git a/gdb/nat/linux-ptrace.h b/gdb/nat/linux-ptrace.h +index 5954945..6faa89b 100644 +--- a/gdb/nat/linux-ptrace.h ++++ b/gdb/nat/linux-ptrace.h +@@ -21,6 +21,7 @@ + struct buffer; + + #include "nat/gdb_ptrace.h" ++#include "gdb_wait.h" + + #ifdef __UCLIBC__ + #if !(defined(__UCLIBC_HAS_MMU__) || defined(__ARCH_HAS_MMU__)) +-- +2.7.4 + diff --git a/meta/recipes-devtools/qemu/qemu/memfd.patch b/meta/recipes-devtools/qemu/qemu/memfd.patch new file mode 100644 index 0000000000..62e8d3800b --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/memfd.patch @@ -0,0 +1,57 @@ +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini <pbonzini@redhat.com> +Date: Tue, 28 Nov 2017 11:51:27 +0100 +Subject: [PATCH] memfd: fix configure test +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Recent glibc added memfd_create in sys/mman.h. This conflicts with +the definition in util/memfd.c: + + /builddir/build/BUILD/qemu-2.11.0-rc1/util/memfd.c:40:12: error: static declaration of memfd_create follows non-static declaration + +Fix the configure test, and remove the sys/memfd.h inclusion since the +file actually does not exist---it is a typo in the memfd_create(2) man +page. + +Cc: Marc-André Lureau <marcandre.lureau@redhat.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + configure | 2 +- + util/memfd.c | 4 +--- + 2 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/configure b/configure +index 9c8aa5a98b..99ccc1725a 100755 +--- a/configure ++++ b/configure +@@ -3923,7 +3923,7 @@ fi + # check if memfd is supported + memfd=no + cat > $TMPC << EOF +-#include <sys/memfd.h> ++#include <sys/mman.h> + + int main(void) + { +diff --git a/util/memfd.c b/util/memfd.c +index 4571d1aba8..412e94a405 100644 +--- a/util/memfd.c ++++ b/util/memfd.c +@@ -31,9 +31,7 @@ + + #include "qemu/memfd.h" + +-#ifdef CONFIG_MEMFD +-#include <sys/memfd.h> +-#elif defined CONFIG_LINUX ++#if defined CONFIG_LINUX && !defined CONFIG_MEMFD + #include <sys/syscall.h> + #include <asm/unistd.h> + +-- +2.11.0 diff --git a/meta/recipes-devtools/qemu/qemu_2.8.0.bb b/meta/recipes-devtools/qemu/qemu_2.8.0.bb index fa70009f72..41014f1663 100644 --- a/meta/recipes-devtools/qemu/qemu_2.8.0.bb +++ b/meta/recipes-devtools/qemu/qemu_2.8.0.bb @@ -31,6 +31,7 @@ SRC_URI += " \ file://0004-Add-support-for-VM-suspend-resume-for-TPM-TIS.patch \ file://CVE-2016-9908.patch \ file://CVE-2016-9912.patch \ + file://memfd.patch \ " SRC_URI_append_class-native = " \ diff --git a/meta/recipes-devtools/ruby/ruby.inc b/meta/recipes-devtools/ruby/ruby.inc index d71989889e..9a52a6965f 100644 --- a/meta/recipes-devtools/ruby/ruby.inc +++ b/meta/recipes-devtools/ruby/ruby.inc @@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "\ file://LEGAL;md5=daf349ad59dd19bd8c919171bff3c5d6 \ " -DEPENDS = "ruby-native zlib openssl tcl libyaml db gdbm readline" +DEPENDS = "ruby-native zlib openssl tcl libyaml gdbm readline" DEPENDS_class-native = "openssl-native libyaml-native" SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}" diff --git a/meta/recipes-devtools/ruby/ruby_2.4.0.bb b/meta/recipes-devtools/ruby/ruby_2.4.4.bb index 8cc52d6211..61fcedbf82 100644 --- a/meta/recipes-devtools/ruby/ruby_2.4.0.bb +++ b/meta/recipes-devtools/ruby/ruby_2.4.4.bb @@ -6,11 +6,10 @@ SRC_URI += " \ file://ruby-CVE-2017-9227.patch \ file://ruby-CVE-2017-9228.patch \ file://ruby-CVE-2017-9229.patch \ - file://CVE-2017-14064.patch \ " -SRC_URI[md5sum] = "7e9485dcdb86ff52662728de2003e625" -SRC_URI[sha256sum] = "152fd0bd15a90b4a18213448f485d4b53e9f7662e1508190aa5b702446b29e3d" +SRC_URI[md5sum] = "d50e00ccc1c9cf450f837b92d3ed3e88" +SRC_URI[sha256sum] = "254f1c1a79e4cc814d1e7320bc5bdd995dc57e08727d30a767664619a9c8ae5a" # it's unknown to configure script, but then passed to extconf.rb # maybe it's not really needed as we're hardcoding the result with @@ -21,7 +20,7 @@ PACKAGECONFIG ??= "" PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" PACKAGECONFIG[valgrind] = "--with-valgrind=yes, --with-valgrind=no, valgrind" -PACKAGECONFIG[gpm] = "--with-gmp=yes, --with-gmp=no, gmp" +PACKAGECONFIG[gmp] = "--with-gmp=yes, --with-gmp=no, gmp" PACKAGECONFIG[ipv6] = ",--enable-wide-getaddrinfo," EXTRA_AUTORECONF += "--exclude=aclocal" diff --git a/meta/recipes-extended/byacc/byacc.inc b/meta/recipes-extended/byacc/byacc.inc index adb07193d7..951946d3ac 100644 --- a/meta/recipes-extended/byacc/byacc.inc +++ b/meta/recipes-extended/byacc/byacc.inc @@ -5,7 +5,7 @@ programming language." SECTION = "devel" LICENSE = "PD" -SRC_URI = "ftp://invisible-island.net/byacc/byacc-${PV}.tgz \ +SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/byacc-${PV}.tgz \ file://byacc-open.patch \ file://0001-byacc-do-not-reorder-CC-and-CFLAGS.patch" diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.28.bb b/meta/recipes-multimedia/libpng/libpng_1.6.28.bb index 9cb2967fe6..fa290fa033 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.28.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.28.bb @@ -6,11 +6,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=67d8837410863f9821bbd606536f0329 \ file://png.h;endline=144;md5=abfa0497feb393b5842d3d82c1009520" DEPENDS = "zlib" -SRC_URI = "${GENTOO_MIRROR}/libpng-${PV}.tar.xz \ - " +LIBV = "16" + +SRC_URI = "https://ftp-osl.osuosl.org/pub/${BPN}/src/archive/xz/${BPN}${LIBV}/${BP}.tar.xz" + SRC_URI[md5sum] = "425354f86c392318d31aedca71019372" SRC_URI[sha256sum] = "d8d3ec9de6b5db740fefac702c37ffcf96ae46cb17c18c1544635a3852f78f7a" +MIRRORS += "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/ ${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/older-releases/${PV}/" + BINCONFIG = "${bindir}/libpng-config ${bindir}/libpng16-config" inherit autotools binconfig-disabled pkgconfig diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch new file mode 100644 index 0000000000..4036b966fe --- /dev/null +++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch @@ -0,0 +1,62 @@ +From 39704ce16835e5c019bb03f6a94dc1f0677406c5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org> +Date: Wed, 15 Nov 2017 18:22:59 +0100 +Subject: [PATCH] CVE-2017-14632: vorbis_analysis_header_out: Don't clear opb + if not initialized + +If the number of channels is not within the allowed range +we call oggback_writeclear altough it's not initialized yet. + +This fixes + + =23371== Invalid free() / delete / delete[] / realloc() + ==23371== at 0x4C2CE1B: free (vg_replace_malloc.c:530) + ==23371== by 0x829CA31: oggpack_writeclear (in /usr/lib/x86_64-linux-gnu/libogg.so.0.8.2) + ==23371== by 0x84B96EE: vorbis_analysis_headerout (info.c:652) + ==23371== by 0x9FBCBCC: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so) + ==23371== by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) + ==23371== by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) + ==23371== by 0x10D82A: open_output_file (sox.c:1556) + ==23371== by 0x10D82A: process (sox.c:1753) + ==23371== by 0x10D82A: main (sox.c:3012) + ==23371== Address 0x68768c8 is 488 bytes inside a block of size 880 alloc'd + ==23371== at 0x4C2BB1F: malloc (vg_replace_malloc.c:298) + ==23371== by 0x4C2DE9F: realloc (vg_replace_malloc.c:785) + ==23371== by 0x4E545C2: lsx_realloc (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) + ==23371== by 0x9FBC9A0: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so) + ==23371== by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) + ==23371== by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) + ==23371== by 0x10D82A: open_output_file (sox.c:1556) + ==23371== by 0x10D82A: process (sox.c:1753) + ==23371== by 0x10D82A: main (sox.c:3012) + +as seen when using the testcase from CVE-2017-11333 with +008d23b782be09c8d75ba8190b1794abd66c7121 applied. However the error was +there before. + +Upstream-Status: Backport +CVE: CVE-2017-14632 + +Reference to upstream patch: +https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=c1c2831fc7306d5fbd7bc800324efd12b28d327f + +Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> +--- + lib/info.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/info.c b/lib/info.c +index 81b7557..4d82568 100644 +--- a/lib/info.c ++++ b/lib/info.c +@@ -584,6 +584,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v, + private_state *b=v->backend_state; + + if(!b||vi->channels<=0||vi->channels>256){ ++ b = NULL; + ret=OV_EFAULT; + goto err_out; + } +-- +2.16.2 + diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch new file mode 100644 index 0000000000..9c9e688d43 --- /dev/null +++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch @@ -0,0 +1,42 @@ +From 07eda55f336e5c44dfc0e4a1e21628faed7255fa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org> +Date: Tue, 31 Oct 2017 18:32:46 +0100 +Subject: [PATCH] CVE-2017-14633: Don't allow for more than 256 channels + +Otherwise + + for(i=0;i<vi->channels;i++){ + /* the encoder setup assumes that all the modes used by any + specific bitrate tweaking use the same floor */ + int submap=info->chmuxlist[i]; + +overreads later in mapping0_forward since chmuxlist is a fixed array of +256 elements max. + +Upstream-Status: Backport +CVE: CVE-2017-14633 + +Reference to upstream patch: +https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f + +Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> +--- + lib/info.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/info.c b/lib/info.c +index e447a0c..81b7557 100644 +--- a/lib/info.c ++++ b/lib/info.c +@@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v, + oggpack_buffer opb; + private_state *b=v->backend_state; + +- if(!b||vi->channels<=0){ ++ if(!b||vi->channels<=0||vi->channels>256){ + ret=OV_EFAULT; + goto err_out; + } +-- +2.16.2 + diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch new file mode 100644 index 0000000000..6d4052a872 --- /dev/null +++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch @@ -0,0 +1,100 @@ +From 3a017f591457bf6e80231b563bf83ee583fdbca8 Mon Sep 17 00:00:00 2001 +From: Thomas Daede <daede003@umn.edu> +Date: Thu, 15 Mar 2018 14:15:31 -0700 +Subject: [PATCH] CVE-2018-5146: Prevent out-of-bounds write in codebook + decoding. + +Codebooks that are not an exact divisor of the partition size are now +truncated to fit within the partition. + +Upstream-Status: Backport +CVE: CVE-2018-5146 + +Reference to upstream patch: +https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f + +Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> +--- + lib/codebook.c | 48 ++++++++++-------------------------------------- + 1 file changed, 10 insertions(+), 38 deletions(-) + +diff --git a/lib/codebook.c b/lib/codebook.c +index 8b766e8..7022fd2 100644 +--- a/lib/codebook.c ++++ b/lib/codebook.c +@@ -387,7 +387,7 @@ long vorbis_book_decodevs_add(codebook *book,float *a,oggpack_buffer *b,int n){ + t[i] = book->valuelist+entry[i]*book->dim; + } + for(i=0,o=0;i<book->dim;i++,o+=step) +- for (j=0;j<step;j++) ++ for (j=0;o+j<n && j<step;j++) + a[o+j]+=t[j][i]; + } + return(0); +@@ -399,41 +399,12 @@ long vorbis_book_decodev_add(codebook *book,float *a,oggpack_buffer *b,int n){ + int i,j,entry; + float *t; + +- if(book->dim>8){ +- for(i=0;i<n;){ +- entry = decode_packed_entry_number(book,b); +- if(entry==-1)return(-1); +- t = book->valuelist+entry*book->dim; +- for (j=0;j<book->dim;) +- a[i++]+=t[j++]; +- } +- }else{ +- for(i=0;i<n;){ +- entry = decode_packed_entry_number(book,b); +- if(entry==-1)return(-1); +- t = book->valuelist+entry*book->dim; +- j=0; +- switch((int)book->dim){ +- case 8: +- a[i++]+=t[j++]; +- case 7: +- a[i++]+=t[j++]; +- case 6: +- a[i++]+=t[j++]; +- case 5: +- a[i++]+=t[j++]; +- case 4: +- a[i++]+=t[j++]; +- case 3: +- a[i++]+=t[j++]; +- case 2: +- a[i++]+=t[j++]; +- case 1: +- a[i++]+=t[j++]; +- case 0: +- break; +- } +- } ++ for(i=0;i<n;){ ++ entry = decode_packed_entry_number(book,b); ++ if(entry==-1)return(-1); ++ t = book->valuelist+entry*book->dim; ++ for(j=0;i<n && j<book->dim;) ++ a[i++]+=t[j++]; + } + } + return(0); +@@ -471,12 +442,13 @@ long vorbis_book_decodevv_add(codebook *book,float **a,long offset,int ch, + long i,j,entry; + int chptr=0; + if(book->used_entries>0){ +- for(i=offset/ch;i<(offset+n)/ch;){ ++ int m=(offset+n)/ch; ++ for(i=offset/ch;i<m;){ + entry = decode_packed_entry_number(book,b); + if(entry==-1)return(-1); + { + const float *t = book->valuelist+entry*book->dim; +- for (j=0;j<book->dim;j++){ ++ for (j=0;i<m && j<book->dim;j++){ + a[chptr++][i]+=t[j]; + if(chptr==ch){ + chptr=0; +-- +2.16.2 + diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb index 56c5b0a9cb..20f887c252 100644 --- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb +++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb @@ -12,6 +12,9 @@ DEPENDS = "libogg" SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \ file://0001-configure-Check-for-clang.patch \ + file://CVE-2017-14633.patch \ + file://CVE-2017-14632.patch \ + file://CVE-2018-5146.patch \ " SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f" SRC_URI[sha256sum] = "54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1" diff --git a/meta/recipes-support/libmpc/libmpc_1.0.3.bb b/meta/recipes-support/libmpc/libmpc_1.0.3.bb index 4f1f5242fb..58813244ef 100644 --- a/meta/recipes-support/libmpc/libmpc_1.0.3.bb +++ b/meta/recipes-support/libmpc/libmpc_1.0.3.bb @@ -3,7 +3,7 @@ require libmpc.inc DEPENDS = "gmp mpfr" LIC_FILES_CHKSUM = "file://COPYING.LESSER;md5=e6a600fd5e1d9cbde2d983680233ad02" -SRC_URI = "http://www.multiprecision.org/mpc/download/mpc-${PV}.tar.gz" +SRC_URI = "https://ftp.gnu.org/gnu/mpc/mpc-${PV}.tar.gz" SRC_URI[md5sum] = "d6a1d5f8ddea3abd2cc3e98f58352d26" SRC_URI[sha256sum] = "617decc6ea09889fb08ede330917a00b16809b8db88c29c31bfbb49cbf88ecc3" diff --git a/meta/recipes-support/mpfr/mpfr_3.1.5.bb b/meta/recipes-support/mpfr/mpfr_3.1.5.bb index 2d59c4a1be..1b56f2c066 100644 --- a/meta/recipes-support/mpfr/mpfr_3.1.5.bb +++ b/meta/recipes-support/mpfr/mpfr_3.1.5.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ file://COPYING.LESSER;md5=6a6a8e020838b23406c81b19c1d46df6" DEPENDS = "gmp" -SRC_URI = "http://www.mpfr.org/mpfr-${PV}/mpfr-${PV}.tar.xz \ +SRC_URI = "https://ftp.gnu.org/gnu/${BPN}/mpfr-${PV}.tar.xz \ file://long-long-thumb.patch \ " SRC_URI[md5sum] = "c4ac246cf9795a4491e7766002cd528f" diff --git a/meta/recipes-support/neon/neon_0.30.2.bb b/meta/recipes-support/neon/neon_0.30.2.bb index 5792c56f3a..12a2e0b37c 100644 --- a/meta/recipes-support/neon/neon_0.30.2.bb +++ b/meta/recipes-support/neon/neon_0.30.2.bb @@ -5,7 +5,7 @@ LICENSE = "LGPLv2+" LIC_FILES_CHKSUM = "file://src/COPYING.LIB;md5=f30a9716ef3762e3467a2f62bf790f0a \ file://src/ne_utils.h;beginline=1;endline=20;md5=2caca609538eddaa6f6adf120a218037" -SRC_URI = "http://www.webdav.org/${BPN}/${BPN}-${PV}.tar.gz \ +SRC_URI = "${DEBIAN_MIRROR}/main/n/neon27/neon27_${PV}.orig.tar.gz \ file://pkgconfig.patch \ " diff --git a/scripts/sstate-diff-machines.sh b/scripts/sstate-diff-machines.sh index 056aa0a04c..27c6a33006 100755 --- a/scripts/sstate-diff-machines.sh +++ b/scripts/sstate-diff-machines.sh @@ -118,7 +118,7 @@ for M in ${machines}; do cp -ra ${tmpdir}/stamps/* ${OUTPUT}/${M} find ${OUTPUT}/${M} -name \*sigdata\* | sed "s#${OUTPUT}/${M}/##g" | sort > ${OUTPUT}/${M}/list M_UNDERSCORE=`echo ${M} | sed 's/-/_/g'` - sed "s/${M_UNDERSCORE}/MACHINE/g; s/${M}/MACHINE/g" ${OUTPUT}/${M}/list | sort > ${OUTPUT}/${M}/list.M + sed "s/^${M_UNDERSCORE}-/MACHINE/g" ${OUTPUT}/${M}/list | sort > ${OUTPUT}/${M}/list.M find ${tmpdir}/stamps/ -name \*sigdata\* | xargs rm -f else printf "ERROR: no sigdata files were generated for MACHINE $M in ${tmpdir}/stamps\n"; diff --git a/scripts/sstate-sysroot-cruft.sh b/scripts/sstate-sysroot-cruft.sh index b6166aa1b2..d9917f5152 100755 --- a/scripts/sstate-sysroot-cruft.sh +++ b/scripts/sstate-sysroot-cruft.sh @@ -105,7 +105,9 @@ WHITELIST="${WHITELIST} \ # generated by php WHITELIST="${WHITELIST} \ + .*/usr/lib/php5/php/.channels \ .*/usr/lib/php5/php/.channels/.* \ + .*/usr/lib/php5/php/.registry \ .*/usr/lib/php5/php/.registry/.* \ .*/usr/lib/php5/php/.depdb \ .*/usr/lib/php5/php/.depdblock \ diff --git a/scripts/test-dependencies.sh b/scripts/test-dependencies.sh deleted file mode 100755 index 0b94de8608..0000000000 --- a/scripts/test-dependencies.sh +++ /dev/null @@ -1,286 +0,0 @@ -#!/bin/bash - -# Author: Martin Jansa <martin.jansa@gmail.com> -# -# Copyright (c) 2013 Martin Jansa <Martin.Jansa@gmail.com> - -# Used to detect missing dependencies or automagically -# enabled dependencies which aren't explicitly enabled -# or disabled. Using bash to have PIPESTATUS variable. - -# It does 3 builds of <target> -# 1st to populate sstate-cache directory and sysroot -# 2nd to rebuild each recipe with every possible -# dependency found in sysroot (which stays populated -# from 1st build -# 3rd to rebuild each recipe only with dependencies defined -# in DEPENDS -# 4th (optional) repeat build like 3rd to make sure that -# minimal versions of dependencies defined in DEPENDS -# is also enough - -# Global vars -tmpdir= -targets= -recipes= -buildhistory= -buildtype= -default_targets="world" -default_buildhistory="buildhistory" -default_buildtype="1 2 3 c" - -usage () { - cat << EOF -Welcome to utility to detect missing or autoenabled dependencies. -WARNING: this utility will completely remove your tmpdir (make sure - you don't have important buildhistory or persistent dir there). -$0 <OPTION> - -Options: - -h, --help - Display this help and exit. - - --tmpdir=<tmpdir> - Specify tmpdir, will use the environment variable TMPDIR if it is not specified. - Something like /OE/oe-core/tmp-eglibc (no / at the end). - - --targets=<targets> - List of targets separated by space, will use the environment variable TARGETS if it is not specified. - It will run "bitbake <targets>" to populate sysroots. - Default value is "world". - - --recipes=<recipes> - File with list of recipes we want to rebuild with minimal and maximal sysroot. - Will use the environment variable RECIPES if it is not specified. - Default value will use all packages ever recorded in buildhistory directory. - - --buildhistory=<buildhistory> - Path to buildhistory directory, it needs to be enabled in your config, - because it's used to detect different dependencies and to create list - of recipes to rebuild when it's not specified. - Will use the environment variable BUILDHISTORY if it is not specified. - Default value is "buildhistory" - - --buildtype=<buildtype> - There are 4 types of build: - 1: build to populate sstate-cache directory and sysroot - 2: build to rebuild each recipe with every possible dep - 3: build to rebuild each recipe with minimal dependencies - 4: build to rebuild each recipe again with minimal dependencies - c: compare buildhistory directories from build 2 and 3 - Will use the environment variable BUILDTYPE if it is not specified. - Default value is "1 2 3 c", order is important, type 4 is optional. -EOF -} - -# Print error information and exit. -echo_error () { - echo "ERROR: $1" >&2 - exit 1 -} - -while [ -n "$1" ]; do - case $1 in - --tmpdir=*) - tmpdir=`echo $1 | sed -e 's#^--tmpdir=##' | xargs readlink -e` - [ -d "$tmpdir" ] || echo_error "Invalid argument to --tmpdir" - shift - ;; - --targets=*) - targets=`echo $1 | sed -e 's#^--targets="*\([^"]*\)"*#\1#'` - shift - ;; - --recipes=*) - recipes=`echo $1 | sed -e 's#^--recipes="*\([^"]*\)"*#\1#'` - shift - ;; - --buildhistory=*) - buildhistory=`echo $1 | sed -e 's#^--buildhistory="*\([^"]*\)"*#\1#'` - shift - ;; - --buildtype=*) - buildtype=`echo $1 | sed -e 's#^--buildtype="*\([^"]*\)"*#\1#'` - shift - ;; - --help|-h) - usage - exit 0 - ;; - *) - echo "Invalid arguments $*" - echo_error "Try '$0 -h' for more information." - ;; - esac -done - -# tmpdir directory, use environment variable TMPDIR -# if it was not specified, otherwise, error. -[ -n "$tmpdir" ] || tmpdir=$TMPDIR -[ -n "$tmpdir" ] || echo_error "No tmpdir found!" -[ -d "$tmpdir" ] || echo_error "Invalid tmpdir \"$tmpdir\"" -[ -n "$targets" ] || targets=$TARGETS -[ -n "$targets" ] || targets=$default_targets -[ -n "$recipes" ] || recipes=$RECIPES -[ -n "$recipes" -a ! -f "$recipes" ] && echo_error "Invalid file with list of recipes to rebuild" -[ -n "$recipes" ] || echo "All packages ever recorded in buildhistory directory will be rebuilt" -[ -n "$buildhistory" ] || buildhistory=$BUILDHISTORY -[ -n "$buildhistory" ] || buildhistory=$default_buildhistory -[ -d "$buildhistory" ] || echo_error "Invalid buildhistory directory \"$buildhistory\"" -[ -n "$buildtype" ] || buildtype=$BUILDTYPE -[ -n "$buildtype" ] || buildtype=$default_buildtype -echo "$buildtype" | grep -v '^[1234c ]*$' && echo_error "Invalid buildtype \"$buildtype\", only some combination of 1, 2, 3, 4, c separated by space is allowed" - -OUTPUT_BASE=test-dependencies/`date "+%s"` -declare -i RESULT=0 - -build_all() { - echo "===== 1st build to populate sstate-cache directory and sysroot =====" - OUTPUT1=${OUTPUT_BASE}/${TYPE}_all - mkdir -p ${OUTPUT1} - echo "Logs will be stored in ${OUTPUT1} directory" - bitbake -k $targets 2>&1 | tee -a ${OUTPUT1}/complete.log - RESULT+=${PIPESTATUS[0]} - grep "ERROR: Task.*failed" ${OUTPUT1}/complete.log > ${OUTPUT1}/failed-tasks.log - cat ${OUTPUT1}/failed-tasks.log | sed 's@.*/@@g; s@_.*@@g; s@\.bb, .*@@g; s@\.bb:.*@@g' | sort -u > ${OUTPUT1}/failed-recipes.log -} - -build_every_recipe() { - if [ "${TYPE}" = "2" ] ; then - echo "===== 2nd build to rebuild each recipe with every possible dep =====" - OUTPUT_MAX=${OUTPUT_BASE}/${TYPE}_max - OUTPUTB=${OUTPUT_MAX} - else - echo "===== 3rd or 4th build to rebuild each recipe with minimal dependencies =====" - OUTPUT_MIN=${OUTPUT_BASE}/${TYPE}_min - OUTPUTB=${OUTPUT_MIN} - fi - - mkdir -p ${OUTPUTB} ${OUTPUTB}/failed ${OUTPUTB}/ok - echo "Logs will be stored in ${OUTPUTB} directory" - if [ -z "$recipes" ]; then - ls -d $buildhistory/packages/*/* | xargs -n 1 basename | sort -u > ${OUTPUTB}/recipe.list - recipes=${OUTPUTB}/recipe.list - fi - if [ "${TYPE}" != "2" ] ; then - echo "!!!Removing tmpdir \"$tmpdir\"!!!" - rm -rf $tmpdir/deploy $tmpdir/pkgdata $tmpdir/sstate-control $tmpdir/stamps $tmpdir/sysroots $tmpdir/work $tmpdir/work-shared 2>/dev/null - fi - i=1 - count=`cat $recipes ${OUTPUT1}/failed-recipes.log | sort -u | wc -l` - for recipe in `cat $recipes ${OUTPUT1}/failed-recipes.log | sort -u`; do - echo "Building recipe: ${recipe} ($i/$count)" - declare -i RECIPE_RESULT=0 - bitbake -c cleansstate ${recipe} > ${OUTPUTB}/${recipe}.log 2>&1; - RECIPE_RESULT+=$? - bitbake ${recipe} >> ${OUTPUTB}/${recipe}.log 2>&1; - RECIPE_RESULT+=$? - if [ "${RECIPE_RESULT}" != "0" ] ; then - RESULT+=${RECIPE_RESULT} - mv ${OUTPUTB}/${recipe}.log ${OUTPUTB}/failed/ - grep "ERROR: Task.*failed" ${OUTPUTB}/failed/${recipe}.log | tee -a ${OUTPUTB}/failed-tasks.log - grep "ERROR: Task.*failed" ${OUTPUTB}/failed/${recipe}.log | sed 's@.*/@@g; s@_.*@@g; s@\.bb, .*@@g; s@\.bb:.*@@g' >> ${OUTPUTB}/failed-recipes.log - # and append also ${recipe} in case the failed task was from some dependency - echo ${recipe} >> ${OUTPUTB}/failed-recipes.log - else - mv ${OUTPUTB}/${recipe}.log ${OUTPUTB}/ok/ - fi - if [ "${TYPE}" != "2" ] ; then - rm -rf $tmpdir/deploy $tmpdir/pkgdata $tmpdir/sstate-control $tmpdir/stamps $tmpdir/sysroots $tmpdir/work $tmpdir/work-shared 2>/dev/null - fi - i=`expr $i + 1` - done - echo "Copying buildhistory/packages to ${OUTPUTB}" - cp -ra $buildhistory/packages ${OUTPUTB} - # This will be usefull to see which library is pulling new dependency - echo "Copying do_package logs to ${OUTPUTB}/do_package/" - mkdir ${OUTPUTB}/do_package - find $tmpdir/work/ -name log.do_package 2>/dev/null| while read f; do - # pn is 3 levels back, but we don't know if there is just one log per pn (only one arch and version) - # dest=`echo $f | sed 's#^.*/\([^/]*\)/\([^/]*\)/\([^/]*\)/log.do_package#\1#g'` - dest=`echo $f | sed "s#$tmpdir/work/##g; s#/#_#g"` - cp $f ${OUTPUTB}/do_package/$dest - done -} - -compare_deps() { - # you can run just compare task with command like this - # OUTPUT_BASE=test-dependencies/1373140172 \ - # OUTPUT_MAX=${OUTPUT_BASE}/2_max \ - # OUTPUT_MIN=${OUTPUT_BASE}/3_min \ - # openembedded-core/scripts/test-dependencies.sh --tmpdir=tmp-eglibc --targets=glib-2.0 --recipes=recipe_list --buildtype=c - echo "===== Compare dependencies recorded in \"${OUTPUT_MAX}\" and \"${OUTPUT_MIN}\" =====" - [ -n "${OUTPUTC}" ] || OUTPUTC=${OUTPUT_BASE}/comp - mkdir -p ${OUTPUTC} - OUTPUT_FILE=${OUTPUTC}/dependency-changes - echo "Differences will be stored in ${OUTPUT_FILE}, dot is shown for every 100 of checked packages" - echo > ${OUTPUT_FILE} - - [ -d ${OUTPUT_MAX} ] || echo_error "Directory with output from build 2 \"${OUTPUT_MAX}\" does not exist" - [ -d ${OUTPUT_MIN} ] || echo_error "Directory with output from build 3 \"${OUTPUT_MIN}\" does not exist" - [ -d ${OUTPUT_MAX}/packages/ ] || echo_error "Directory with packages from build 2 \"${OUTPUT_MAX}/packages/\" does not exist" - [ -d ${OUTPUT_MIN}/packages/ ] || echo_error "Directory with packages from build 3 \"${OUTPUT_MIN}/packages/\" does not exist" - i=0 - find ${OUTPUT_MAX}/packages/ -name latest | sed "s#${OUTPUT_MAX}/##g" | while read pkg; do - max_pkg=${OUTPUT_MAX}/${pkg} - min_pkg=${OUTPUT_MIN}/${pkg} - # pkg=packages/armv5te-oe-linux-gnueabi/libungif/libungif/latest - recipe=`echo "${pkg}" | sed 's#packages/[^/]*/\([^/]*\)/\([^/]*\)/latest#\1#g'` - package=`echo "${pkg}" | sed 's#packages/[^/]*/\([^/]*\)/\([^/]*\)/latest#\2#g'` - if [ ! -f "${min_pkg}" ] ; then - echo "ERROR: ${recipe}: ${package} package isn't created when building with minimal dependencies?" | tee -a ${OUTPUT_FILE} - echo ${recipe} >> ${OUTPUTC}/failed-recipes.log - continue - fi - # strip version information in parenthesis - max_deps=`grep "^RDEPENDS = " ${max_pkg} | sed 's/^RDEPENDS = / /g; s/$/ /g; s/([^(]*)//g'` - min_deps=`grep "^RDEPENDS = " ${min_pkg} | sed 's/^RDEPENDS = / /g; s/$/ /g; s/([^(]*)//g'` - if [ "$i" = 100 ] ; then - echo -n "." # cheap progressbar - i=0 - fi - if [ "${max_deps}" = "${min_deps}" ] ; then - # it's annoying long, but at least it's showing some progress, warnings are grepped at the end - echo "NOTE: ${recipe}: ${package} rdepends weren't changed" >> ${OUTPUT_FILE} - else - missing_deps= - for dep in ${max_deps}; do - if ! echo "${min_deps}" | grep -q " ${dep} " ; then - missing_deps="${missing_deps} ${dep}" - echo # to get rid of dots on last line - echo "WARN: ${recipe}: ${package} rdepends on ${dep}, but it isn't a build dependency?" | tee -a ${OUTPUT_FILE} - fi - done - if [ -n "${missing_deps}" ] ; then - echo ${recipe} >> ${OUTPUTC}/failed-recipes.log - fi - fi - i=`expr $i + 1` - done - echo # to get rid of dots on last line - echo "Found differences: " - grep "^WARN: " ${OUTPUT_FILE} | tee ${OUTPUT_FILE}.warn.log - echo "Found errors: " - grep "^ERROR: " ${OUTPUT_FILE} | tee ${OUTPUT_FILE}.error.log - RESULT+=`cat ${OUTPUT_FILE}.warn.log | wc -l` - RESULT+=`cat ${OUTPUT_FILE}.error.log | wc -l` -} - -for TYPE in $buildtype; do - case ${TYPE} in - 1) build_all;; - 2) build_every_recipe;; - 3) build_every_recipe;; - 4) build_every_recipe;; - c) compare_deps;; - *) echo_error "Invalid buildtype \"$TYPE\"" - esac -done - -cat ${OUTPUT_BASE}/*/failed-recipes.log | sort -u >> ${OUTPUT_BASE}/failed-recipes.log - -if [ "${RESULT}" != "0" ] ; then - echo "ERROR: ${RESULT} issues were found in these recipes: `cat ${OUTPUT_BASE}/failed-recipes.log | xargs`" -fi - -echo "INFO: Output written in: ${OUTPUT_BASE}" -exit ${RESULT} |