diff options
232 files changed, 8342 insertions, 3951 deletions
diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass index bd0d6e3ca6..3014767b8a 100644 --- a/meta/classes/base.bbclass +++ b/meta/classes/base.bbclass @@ -100,8 +100,8 @@ def get_lic_checksum_file_list(d): # We only care about items that are absolute paths since # any others should be covered by SRC_URI. try: - path = bb.fetch.decodeurl(url)[2] - if not path: + (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url) + if method != "file" or not path: raise bb.fetch.MalformedUrl(url) if path[0] == '/': diff --git a/meta/classes/clutter.bbclass b/meta/classes/clutter.bbclass index 167407dfdc..f5cd04f97f 100644 --- a/meta/classes/clutter.bbclass +++ b/meta/classes/clutter.bbclass @@ -14,7 +14,7 @@ REALNAME = "${@get_real_name("${BPN}")}" CLUTTER_SRC_FTP = "${GNOME_MIRROR}/${REALNAME}/${VERMINOR}/${REALNAME}-${PV}.tar.xz;name=archive" -CLUTTER_SRC_GIT = "git://git.gnome.org/${REALNAME}" +CLUTTER_SRC_GIT = "git://gitlab.gnome.org/GNOME/${REALNAME};protocol=https" SRC_URI = "${CLUTTER_SRC_FTP}" S = "${WORKDIR}/${REALNAME}-${PV}" diff --git a/meta/classes/gio-module-cache.bbclass b/meta/classes/gio-module-cache.bbclass index a8190b7b89..e429bd3197 100644 --- a/meta/classes/gio-module-cache.bbclass +++ b/meta/classes/gio-module-cache.bbclass @@ -9,6 +9,7 @@ if [ "x$D" != "x" ]; then mlprefix=${MLPREFIX} \ binprefix=${MLPREFIX} \ libdir=${libdir} \ + libexecdir=${libexecdir} \ base_libdir=${base_libdir} \ bindir=${bindir} else diff --git a/meta/classes/license.bbclass b/meta/classes/license.bbclass index d353110464..5103ed8533 100644 --- a/meta/classes/license.bbclass +++ b/meta/classes/license.bbclass @@ -226,9 +226,7 @@ def get_deployed_dependencies(d): # The manifest file name contains the arch. Because we are not running # in the recipe context it is necessary to check every arch used. sstate_manifest_dir = d.getVar("SSTATE_MANIFESTS") - sstate_archs = d.getVar("SSTATE_ARCHS") - extra_archs = d.getVar("PACKAGE_EXTRA_ARCHS") - archs = list(set(("%s %s" % (sstate_archs, extra_archs)).split())) + archs = list(set(d.getVar("SSTATE_ARCHS").split())) for dep in depends: # Some recipes have an arch on their own, so we try that first. special_arch = d.getVar("PACKAGE_ARCH_pn-%s" % dep) @@ -336,7 +334,7 @@ def add_package_and_files(d): files = d.getVar('LICENSE_FILES_DIRECTORY') pn = d.getVar('PN') pn_lic = "%s%s" % (pn, d.getVar('LICENSE_PACKAGE_SUFFIX', False)) - if pn_lic in packages: + if pn_lic in packages.split(): bb.warn("%s package already existed in %s." % (pn_lic, pn)) else: # first in PACKAGES to be sure that nothing else gets LICENSE_FILES_DIRECTORY @@ -482,7 +480,9 @@ def find_license_files(d): for url in lic_files.split(): try: - (type, host, path, user, pswd, parm) = bb.fetch.decodeurl(url) + (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url) + if method != "file" or not path: + raise bb.fetch.MalformedUrl() except bb.fetch.MalformedUrl: bb.fatal("%s: LIC_FILES_CHKSUM contains an invalid URL: %s" % (d.getVar('PF'), url)) # We want the license filename and path diff --git a/meta/classes/logging.bbclass b/meta/classes/logging.bbclass index 06c7c31c3e..a0c94e98c7 100644 --- a/meta/classes/logging.bbclass +++ b/meta/classes/logging.bbclass @@ -86,7 +86,7 @@ bbdebug() { # Strip off the debug level and ensure it is an integer DBGLVL=$1; shift - NONDIGITS=$(echo "$DBGLVL" | tr -d [:digit:]) + NONDIGITS=$(echo "$DBGLVL" | tr -d "[:digit:]") if [ "$NONDIGITS" ]; then bbfatal "$USAGE" fi diff --git a/meta/classes/mirrors.bbclass b/meta/classes/mirrors.bbclass index 766f1cb6fa..87bba41472 100644 --- a/meta/classes/mirrors.bbclass +++ b/meta/classes/mirrors.bbclass @@ -1,4 +1,5 @@ MIRRORS += "\ +${DEBIAN_MIRROR} http://snapshot.debian.org/archive/debian/20180310T215105Z/pool \n \ ${DEBIAN_MIRROR} http://snapshot.debian.org/archive/debian-archive/20120328T092752Z/debian/pool \n \ ${DEBIAN_MIRROR} http://snapshot.debian.org/archive/debian-archive/20110127T084257Z/debian/pool \n \ ${DEBIAN_MIRROR} http://snapshot.debian.org/archive/debian-archive/20090802T004153Z/debian/pool \n \ @@ -67,8 +68,8 @@ ${CPAN_MIRROR} http://search.cpan.org/CPAN/ \n \ # where git native protocol fetches may fail due to local firewall rules, etc. MIRRORS += "\ -git://anonscm.debian.org/.* git://anonscm.debian.org/git/PATH;protocol=https \n \ -git://git.gnome.org/.* git://git.gnome.org/browse/PATH;protocol=https \n \ +git://salsa.debian.org/.* git://salsa.debian.org/PATH;protocol=https \n \ +git://git.gnome.org/.* git://gitlab.gnome.org/GNOME/PATH;protocol=https \n \ git://git.savannah.gnu.org/.* git://git.savannah.gnu.org/git/PATH;protocol=https \n \ git://git.yoctoproject.org/.* git://git.yoctoproject.org/git/PATH;protocol=https \n \ git://.*/.* git://HOST/PATH;protocol=https \n \ diff --git a/meta/classes/module-base.bbclass b/meta/classes/module-base.bbclass index 6fe77c01b7..c1fa3ad1c1 100644 --- a/meta/classes/module-base.bbclass +++ b/meta/classes/module-base.bbclass @@ -12,6 +12,8 @@ export CROSS_COMPILE = "${TARGET_PREFIX}" # we didn't pick the name. export KBUILD_OUTPUT = "${STAGING_KERNEL_BUILDDIR}" +DEPENDS += "bc-native" + export KERNEL_VERSION = "${@base_read_file('${STAGING_KERNEL_BUILDDIR}/kernel-abiversion')}" KERNEL_OBJECT_SUFFIX = ".ko" @@ -23,5 +25,6 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" do_make_scripts() { unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS make CC="${KERNEL_CC}" LD="${KERNEL_LD}" AR="${KERNEL_AR}" \ - -C ${STAGING_KERNEL_DIR} O=${STAGING_KERNEL_BUILDDIR} scripts + HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCPP="${BUILD_CPP}" \ + -C ${STAGING_KERNEL_DIR} O=${STAGING_KERNEL_BUILDDIR} scripts prepare } diff --git a/meta/classes/module.bbclass b/meta/classes/module.bbclass index 78d1b21dbd..282900dc6d 100644 --- a/meta/classes/module.bbclass +++ b/meta/classes/module.bbclass @@ -2,7 +2,7 @@ inherit module-base kernel-module-split pkgconfig addtask make_scripts after do_prepare_recipe_sysroot before do_configure do_make_scripts[lockfiles] = "${TMPDIR}/kernel-scripts.lock" -do_make_scripts[depends] += "virtual/kernel:do_shared_workdir" +do_make_scripts[depends] += "virtual/kernel:do_shared_workdir openssl-native:do_populate_sysroot" EXTRA_OEMAKE += "KERNEL_SRC=${STAGING_KERNEL_DIR}" diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass index 2053d46395..2a5d8a5cda 100644 --- a/meta/classes/package.bbclass +++ b/meta/classes/package.bbclass @@ -901,7 +901,7 @@ python split_and_strip_files () { # 16 - kernel module def isELF(path): type = 0 - ret, result = oe.utils.getstatusoutput("file \"%s\"" % path.replace("\"", "\\\"")) + ret, result = oe.utils.getstatusoutput("file -b '%s'" % path) if ret: msg = "split_and_strip_files: 'file %s' failed" % path diff --git a/meta/classes/package_rpm.bbclass b/meta/classes/package_rpm.bbclass index a428d30641..ad5c5e9ef7 100644 --- a/meta/classes/package_rpm.bbclass +++ b/meta/classes/package_rpm.bbclass @@ -665,7 +665,7 @@ python do_package_rpm () { cmd = rpmbuild cmd = cmd + " --noclean --nodeps --short-circuit --target " + pkgarch + " --buildroot " + pkgd cmd = cmd + " --define '_topdir " + workdir + "' --define '_rpmdir " + pkgwritedir + "'" - cmd = cmd + " --define '_builddir " + d.getVar('S') + "'" + cmd = cmd + " --define '_builddir " + d.getVar('B') + "'" cmd = cmd + " --define '_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm'" cmd = cmd + " --define '_use_internal_dependency_generator 0'" cmd = cmd + " --define '_binaries_in_noarch_packages_terminate_build 0'" diff --git a/meta/classes/toolchain-scripts.bbclass b/meta/classes/toolchain-scripts.bbclass index 9bcfe708c7..c9a04dd1d9 100644 --- a/meta/classes/toolchain-scripts.bbclass +++ b/meta/classes/toolchain-scripts.bbclass @@ -62,7 +62,8 @@ toolchain_create_tree_env_script () { script=${TMPDIR}/environment-setup-${REAL_MULTIMACH_TARGET_SYS} rm -f $script touch $script - echo 'export PATH=${STAGING_DIR_NATIVE}/usr/bin:${PATH}' >> $script + echo ". ${COREBASE}/oe-init-build-env ${TOPDIR}" >> $script + echo 'export PATH=${STAGING_DIR_NATIVE}/usr/bin:${STAGING_BINDIR_TOOLCHAIN}:$PATH' >> $script echo 'export PKG_CONFIG_SYSROOT_DIR=${PKG_CONFIG_SYSROOT_DIR}' >> $script echo 'export PKG_CONFIG_PATH=${PKG_CONFIG_PATH}' >> $script echo 'export CONFIG_SITE="${@siteinfo_get_files(d)}"' >> $script diff --git a/meta/classes/uninative.bbclass b/meta/classes/uninative.bbclass index 1723364284..de2221a365 100644 --- a/meta/classes/uninative.bbclass +++ b/meta/classes/uninative.bbclass @@ -8,6 +8,9 @@ UNINATIVE_TARBALL ?= "${BUILD_ARCH}-nativesdk-libc.tar.bz2" #UNINATIVE_CHECKSUM[x86_64] = "dead" UNINATIVE_DLDIR ?= "${DL_DIR}/uninative/" +# Enabling uninative will change the following variables so they need to go the parsing white list to prevent multiple recipe parsing +BB_HASHCONFIG_WHITELIST += "NATIVELSBSTRING SSTATEPOSTUNPACKFUNCS BUILD_LDFLAGS" + addhandler uninative_event_fetchloader uninative_event_fetchloader[eventmask] = "bb.event.BuildStarted" @@ -126,6 +129,9 @@ def enable_uninative(d): d.setVar("NATIVELSBSTRING", "universal%s" % oe.utils.host_gcc_version(d)) d.appendVar("SSTATEPOSTUNPACKFUNCS", " uninative_changeinterp") d.appendVarFlag("SSTATEPOSTUNPACKFUNCS", "vardepvalueexclude", "| uninative_changeinterp") + d.appendVar("BUILD_LDFLAGS", " -Wl,--allow-shlib-undefined -Wl,--dynamic-linker=${UNINATIVE_LOADER}") + d.appendVarFlag("BUILD_LDFLAGS", "vardepvalueexclude", "| -Wl,--allow-shlib-undefined -Wl,--dynamic-linker=${UNINATIVE_LOADER}") + d.appendVarFlag("BUILD_LDFLAGS", "vardepsexclude", "UNINATIVE_LOADER") d.prependVar("PATH", "${STAGING_DIR}-uninative/${BUILD_ARCH}-linux${bindir_native}:") python uninative_changeinterp () { diff --git a/meta/classes/waf.bbclass b/meta/classes/waf.bbclass index acbda278a2..c4698e910a 100644 --- a/meta/classes/waf.bbclass +++ b/meta/classes/waf.bbclass @@ -25,23 +25,8 @@ def get_waf_parallel_make(d): return "" -python waf_preconfigure() { - from distutils.version import StrictVersion - srcsubdir = d.getVar('S') - wafbin = os.path.join(srcsubdir, 'waf') - status, result = oe.utils.getstatusoutput(wafbin + " --version") - if status != 0: - bb.warn("Unable to execute waf --version, exit code %d. Assuming waf version without bindir/libdir support." % status) - return - version = result.split()[1] - if StrictVersion(version) >= StrictVersion("1.8.7"): - d.setVar("WAF_EXTRA_CONF", "--bindir=${bindir} --libdir=${libdir}") -} - -do_configure[prefuncs] += "waf_preconfigure" - waf_do_configure() { - ${S}/waf configure --prefix=${prefix} ${WAF_EXTRA_CONF} ${EXTRA_OECONF} + ${S}/waf configure --prefix=${prefix} ${EXTRA_OECONF} } waf_do_compile() { diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index 1cdbf430a9..d4754dd5bf 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -536,6 +536,7 @@ export MAKE = "make" EXTRA_OEMAKE = "" EXTRA_OECONF = "" export LC_ALL = "en_US.UTF-8" +export TZ = 'UTC' ################################################################## # Patch handling. @@ -619,7 +620,7 @@ BBLAYERS_FETCH_DIR ??= "${COREBASE}" APACHE_MIRROR = "http://archive.apache.org/dist" DEBIAN_MIRROR = "http://ftp.debian.org/debian/pool" GENTOO_MIRROR = "http://distfiles.gentoo.org/distfiles" -GNOME_GIT = "git://git.gnome.org" +GNOME_GIT = "git://gitlab.gnome.org/GNOME" GNOME_MIRROR = "http://ftp.gnome.org/pub/GNOME/sources" GNU_MIRROR = "http://ftp.gnu.org/gnu" GNUPG_MIRROR = "https://www.gnupg.org/ftp/gcrypt" diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc index cd5fc0bfe5..c5b0556cf8 100644 --- a/meta/conf/distro/include/yocto-uninative.inc +++ b/meta/conf/distro/include/yocto-uninative.inc @@ -6,8 +6,9 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.27" +UNINATIVE_MAXGLIBCVERSION = "2.28" + +UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.3/" +UNINATIVE_CHECKSUM[i686] ?= "44253cddbf629082568cea4fff59419106871a0cf81b4845b5d34e7014887b20" +UNINATIVE_CHECKSUM[x86_64] ?= "c6954563dad3c95608117c6fc328099036c832bbd924ebf5fdccb622fc0a8684" -UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/1.8/" -UNINATIVE_CHECKSUM[i686] ?= "427ce522ec97f65c75fd89587d90ef789e8cbca4a617abc4b5822abb01c2d0ae" -UNINATIVE_CHECKSUM[x86_64] ?= "de4947e98e09e1432d069311cc2093974ecb9138a714fd5466f73524de66a693" diff --git a/meta/files/common-licenses/BSD-1-Clause b/meta/files/common-licenses/BSD-1-Clause new file mode 100644 index 0000000000..ded889768f --- /dev/null +++ b/meta/files/common-licenses/BSD-1-Clause @@ -0,0 +1,9 @@ + +Copyright (c) <YEAR>, <OWNER> +All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +THIS SOFTWARE IS PROVIDED BY Berkeley Software Design, Inc. "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL Berkeley Software Design, Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + diff --git a/meta/lib/oe/package.py b/meta/lib/oe/package.py index 1e5c3aa8e1..4f3e21ad40 100644 --- a/meta/lib/oe/package.py +++ b/meta/lib/oe/package.py @@ -72,8 +72,7 @@ def strip_execs(pn, dstdir, strip_cmd, libdir, base_libdir, qa_already_stripped= # 16 - kernel module def is_elf(path): exec_type = 0 - ret, result = oe.utils.getstatusoutput( - "file \"%s\"" % path.replace("\"", "\\\"")) + ret, result = oe.utils.getstatusoutput("file -b '%s'" % path) if ret: bb.error("split_and_strip_files: 'file %s' failed" % path) diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py index ed8fec8509..b2aab15189 100644 --- a/meta/lib/oe/package_manager.py +++ b/meta/lib/oe/package_manager.py @@ -577,7 +577,7 @@ class RpmPM(PackageManager): gpg_opts += 'repo_gpgcheck=1\n' gpg_opts += 'gpgkey=file://%s/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-%s-%s\n' % (self.d.getVar('sysconfdir'), self.d.getVar('DISTRO'), self.d.getVar('DISTRO_CODENAME')) - if self.d.getVar('RPM_SIGN_PACKAGES') == '0': + if self.d.getVar('RPM_SIGN_PACKAGES') != '1': gpg_opts += 'gpgcheck=0\n' bb.utils.mkdirhier(oe.path.join(self.target_rootfs, "etc", "yum.repos.d")) diff --git a/meta/lib/oeqa/runtime/cases/kernelmodule.py b/meta/lib/oeqa/runtime/cases/kernelmodule.py index 11ad7b7f01..de1a5aa445 100644 --- a/meta/lib/oeqa/runtime/cases/kernelmodule.py +++ b/meta/lib/oeqa/runtime/cases/kernelmodule.py @@ -28,7 +28,7 @@ class KernelModuleTest(OERuntimeTestCase): @OETestDepends(['gcc.GccCompileTest.test_gcc_compile']) def test_kernel_module(self): cmds = [ - 'cd /usr/src/kernel && make scripts', + 'cd /usr/src/kernel && make scripts prepare', 'cd /tmp && make', 'cd /tmp && insmod hellomod.ko', 'lsmod | grep hellomod', diff --git a/meta/recipes-bsp/grub/grub-efi_2.02.bb b/meta/recipes-bsp/grub/grub-efi_2.02.bb index 128da162d0..112a99dcfb 100644 --- a/meta/recipes-bsp/grub/grub-efi_2.02.bb +++ b/meta/recipes-bsp/grub/grub-efi_2.02.bb @@ -3,7 +3,7 @@ require grub2.inc GRUBPLATFORM = "efi" DEPENDS_append_class-target = " grub-efi-native" -RDEPENDS_${PN}_class-target = "diffutils freetype" +RDEPENDS_${PN}_class-target = "diffutils freetype grub-common" SRC_URI += " \ file://cfg \ @@ -41,7 +41,9 @@ do_install_class-native() { install -m 755 grub-mkimage ${D}${bindir} } -do_install_append_class-target() { +do_install_class-target() { + oe_runmake 'DESTDIR=${D}' -C grub-core install + # Remove build host references... find "${D}" -name modinfo.sh -type f -exec \ sed -i \ @@ -69,8 +71,7 @@ do_deploy_class-native() { addtask deploy after do_install before do_build -FILES_${PN} += "${libdir}/grub/${GRUB_TARGET}-efi \ - ${datadir}/grub \ +FILES_${PN} = "${libdir}/grub/${GRUB_TARGET}-efi \ " # 64-bit binaries are expected for the bootloader with an x32 userland diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 28f96bb162..79a84e9ac5 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -67,12 +67,4 @@ do_configure_prepend() { ${S}/autogen.sh ) } -# grub and grub-efi's sysroot/${datadir}/grub/grub-mkconfig_lib are -# conflicted, remove it since no one uses it. -SYSROOT_DIRS_BLACKLIST += "${datadir}/grub/grub-mkconfig_lib" - -PACKAGES =+ "${PN}-editenv" - -FILES_${PN}-editenv = "${bindir}/grub-editenv" -RDEPENDS_${PN} += "${PN}-editenv" RDEPENDS_${PN}_class-native = "" diff --git a/meta/recipes-bsp/grub/grub_2.02.bb b/meta/recipes-bsp/grub/grub_2.02.bb index 3e61f6a16d..e0973759fb 100644 --- a/meta/recipes-bsp/grub/grub_2.02.bb +++ b/meta/recipes-bsp/grub/grub_2.02.bb @@ -1,6 +1,18 @@ require grub2.inc -RDEPENDS_${PN} += "diffutils freetype" +RDEPENDS_${PN}-common += "${PN}-editenv" +RDEPENDS_${PN} += "diffutils freetype ${PN}-common" + +RPROVIDES_${PN}-editenv += "${PN}-efi-editenv" + +PACKAGES =+ "${PN}-editenv ${PN}-common" +FILES_${PN}-editenv = "${bindir}/grub-editenv" +FILES_${PN}-common = " \ + ${bindir} \ + ${sysconfdir} \ + ${sbindir} \ + ${datadir}/grub \ +" do_install_append () { install -d ${D}${sysconfdir}/grub.d diff --git a/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch b/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch new file mode 100644 index 0000000000..2b2688cb2f --- /dev/null +++ b/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch @@ -0,0 +1,74 @@ +From 8cfdedee369c26d2869b6ec4a64460b5f5a30934 Mon Sep 17 00:00:00 2001 +From: Thomas Markwalder <tmark@isc.org> +Date: Thu, 7 Dec 2017 11:39:30 -0500 +Subject: [PATCH] [v4_3] Plugs a socket descriptor leak in OMAPI + + Merges in rt46767. + +Upstream-Status: Backport +[https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=5097bc0559f592683faac1f67bf350e1bddf6ed4] + +CVE: CVE-2017-3144 + +Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + RELNOTES | 7 +++++++ + omapip/buffer.c | 9 +++++++++ + omapip/message.c | 2 +- + 3 files changed, 17 insertions(+), 1 deletion(-) + +diff --git a/RELNOTES b/RELNOTES +index dd40aaf..3741b80 100644 +--- a/RELNOTES ++++ b/RELNOTES +@@ -66,6 +66,13 @@ We welcome comments from DHCP users, about this or anything else we do. + Email Vicky Risk, Product Manager at vicky@isc.org or discuss on + dhcp-users@lists.isc.org. + ++- Plugged a socket descriptor leak in OMAPI, that can occur when there is ++ data pending to be written to an OMAPI connection, when the connection ++ is closed by the reader. Thanks to Pavel Zhukov at RedHat for bringing ++ this issue to our attention and whose patch helped guide us in the right ++ direction. ++ [ISc-Bugs #46767] ++ + Changes since 4.3.6b1 + + - None +diff --git a/omapip/buffer.c b/omapip/buffer.c +index f7fdc32..809034d 100644 +--- a/omapip/buffer.c ++++ b/omapip/buffer.c +@@ -566,6 +566,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h) + omapi_buffer_dereference (&buffer, MDL); + } + } ++ ++ /* If we had data left to write when we're told to disconnect, ++ * we need recall disconnect, now that we're done writing. ++ * See rt46767. */ ++ if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) { ++ omapi_disconnect (h, 1); ++ return ISC_R_SHUTTINGDOWN; ++ } ++ + return ISC_R_SUCCESS; + } + +diff --git a/omapip/message.c b/omapip/message.c +index 59ccdc2..21bcfc3 100644 +--- a/omapip/message.c ++++ b/omapip/message.c +@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo) + } + + #ifdef DEBUG_PROTOCOL +-static const char *omapi_message_op_name(int op) { ++const char *omapi_message_op_name(int op) { + switch (op) { + case OMAPI_OP_OPEN: return "OMAPI_OP_OPEN"; + case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH"; +-- +2.7.4 + diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb b/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb index 6615ae2555..cc135493e5 100644 --- a/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb +++ b/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb @@ -12,6 +12,7 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat file://0010-build-shared-libs.patch \ file://0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch \ file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \ + file://CVE-2017-3144.patch \ " SRC_URI[md5sum] = "afa6e9b3eb7539ea048421a82c668adc" diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index dbc578e2d8..57f521a6c4 100644 --- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -7,7 +7,8 @@ SRCREV = "befcbbc9867e742ac16415660b0b7521218a530c" PV = "20170310" PE = "1" -SRC_URI = "git://git.gnome.org/mobile-broadband-provider-info" +SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info;protocol=https" + S = "${WORKDIR}/git" inherit autotools diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-1.0.2a-x32-asm.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-1.0.2a-x32-asm.patch deleted file mode 100644 index 1e5bfa17d6..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-1.0.2a-x32-asm.patch +++ /dev/null @@ -1,46 +0,0 @@ -https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest - -From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger <vapier@gentoo.org> -Date: Sat, 21 Mar 2015 06:01:25 -0400 -Subject: [PATCH] crypto: use bigint in x86-64 perl - -Upstream-Status: Pending -Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> - -When building on x32 systems where the default type is 32bit, make sure -we can transparently represent 64bit integers. Otherwise we end up with -build errors like: -/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s -Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890. -... -ghash-x86_64.s: Assembler messages: -ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression - -We don't enable this globally as there are some cases where we'd get -32bit values interpreted as unsigned when we need them as signed. - -Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh> -URL: https://bugs.gentoo.org/542618 ---- - crypto/perlasm/x86_64-xlate.pl | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl -index aae8288..0bf9774 100755 ---- a/crypto/perlasm/x86_64-xlate.pl -+++ b/crypto/perlasm/x86_64-xlate.pl -@@ -195,6 +195,10 @@ my %globals; - sub out { - my $self = shift; - -+ # When building on x32 ABIs, the expanded hex value might be too -+ # big to fit into 32bits. Enable transparent 64bit support here -+ # so we can safely print it out. -+ use bigint; - if ($gas) { - # Solaris /usr/ccs/bin/as can't handle multiplications - # in $self->{value} --- -2.3.3 - diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-Fix-build-with-clang-using-external-assembler.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-Fix-build-with-clang-using-external-assembler.patch index 2270962a6f..2270962a6f 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-Fix-build-with-clang-using-external-assembler.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-Fix-build-with-clang-using-external-assembler.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-openssl-force-soft-link-to-avoid-rare-race.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-openssl-force-soft-link-to-avoid-rare-race.patch index dd1a9b1dd2..dd1a9b1dd2 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-openssl-force-soft-link-to-avoid-rare-race.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-openssl-force-soft-link-to-avoid-rare-race.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/Makefiles-ptest.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/Makefiles-ptest.patch index 2122fa1fb4..2122fa1fb4 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/Makefiles-ptest.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/Makefiles-ptest.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/Use-SHA256-not-MD5-as-default-digest.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/Use-SHA256-not-MD5-as-default-digest.patch index 58c9ee7844..58c9ee7844 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/Use-SHA256-not-MD5-as-default-digest.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/Use-SHA256-not-MD5-as-default-digest.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-musl-target.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-musl-target.patch index f357b3f59f..f357b3f59f 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-musl-target.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-musl-target.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-targets.patch index 1e01589722..1e01589722 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-targets.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-targets.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/c_rehash-compat.patch index 68e54d561e..3820e3e306 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/c_rehash-compat.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/c_rehash-compat.patch @@ -5,10 +5,10 @@ Subject: [PATCH] also create old hash for compatibility Upstream-Status: Backport [debian] -diff --git a/tools/c_rehash.in b/tools/c_rehash.in -index b086ff9..b777d79 100644 ---- a/tools/c_rehash.in -+++ b/tools/c_rehash.in +Index: openssl-1.0.2n/tools/c_rehash.in +=================================================================== +--- openssl-1.0.2n.orig/tools/c_rehash.in ++++ openssl-1.0.2n/tools/c_rehash.in @@ -8,8 +8,6 @@ my $prefix; my $openssl = $ENV{OPENSSL} || "openssl"; @@ -48,7 +48,7 @@ index b086ff9..b777d79 100644 $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; chomp $hash; -@@ -176,11 +174,21 @@ sub link_hash_cert { +@@ -177,10 +175,20 @@ sub link_hash_cert { $hashlist{$hash} = $fprint; } diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch index fb745e4394..fb745e4394 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/ca.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/debian-targets.patch index 39d4328184..35d92bedb7 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/debian-targets.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/debian-targets.patch @@ -1,12 +1,12 @@ Upstream-Status: Backport [debian] -Index: openssl-1.0.2/Configure +Index: openssl-1.0.2n/Configure =================================================================== ---- openssl-1.0.2.orig/Configure -+++ openssl-1.0.2/Configure -@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic - - my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum"; +--- openssl-1.0.2n.orig/Configure ++++ openssl-1.0.2n/Configure +@@ -133,6 +133,10 @@ my $clang_devteam_warn = "-Wno-unused-pa + # Warn that "make depend" should be run? + my $warn_make_depend = 0; +# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; @@ -15,7 +15,7 @@ Index: openssl-1.0.2/Configure my $strict_warnings = 0; my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; -@@ -343,6 +347,55 @@ my %table=( +@@ -369,6 +373,55 @@ my %table=( "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/man-dir.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-dir.patch index 4085e3b1d7..4085e3b1d7 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/man-dir.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-dir.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/man-section.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-section.patch index 21c1d1a4eb..21c1d1a4eb 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/man-section.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-section.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/no-rpath.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-rpath.patch index 1ccb3b86ee..1ccb3b86ee 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/no-rpath.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-rpath.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/no-symbolic.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-symbolic.patch index cc4408ab7d..cc4408ab7d 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/no-symbolic.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-symbolic.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/pic.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/pic.patch index bfda3888bf..bfda3888bf 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/pic.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/pic.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/block_digicert_malaysia.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_digicert_malaysia.patch index c43bcd1c77..c43bcd1c77 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/block_digicert_malaysia.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_digicert_malaysia.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/block_diginotar.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_diginotar.patch index d81e22cd8d..d81e22cd8d 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/block_diginotar.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_diginotar.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/soname.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/soname.patch index 09dd9eaf86..09dd9eaf86 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/soname.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/soname.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/version-script.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/version-script.patch index e404ee3312..e404ee3312 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/version-script.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/version-script.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/engines-install-in-libdir-ssl.patch index a5746483e6..a5746483e6 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/engines-install-in-libdir-ssl.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/engines-install-in-libdir-ssl.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/find.pl b/meta/recipes-connectivity/openssl/openssl-1.0.2o/find.pl index 8e1b42c88a..8e1b42c88a 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/find.pl +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/find.pl diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/oe-ldflags.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/oe-ldflags.patch index 292e13dc5f..292e13dc5f 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/oe-ldflags.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/oe-ldflags.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-c_rehash.sh index 6620fdcb53..6620fdcb53 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-c_rehash.sh +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-c_rehash.sh diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-fix-des.pod-error.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-fix-des.pod-error.patch index de49729e5e..de49729e5e 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-fix-des.pod-error.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-fix-des.pod-error.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-util-perlpath.pl-cwd.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-util-perlpath.pl-cwd.patch index 065b9b122a..065b9b122a 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-util-perlpath.pl-cwd.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-util-perlpath.pl-cwd.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl_fix_for_x32.patch index 0f08a642f6..0f08a642f6 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl_fix_for_x32.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl_fix_for_x32.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/parallel.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/parallel.patch index e5413bf389..e5413bf389 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/parallel.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/parallel.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/ptest-deps.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest-deps.patch index ef6d17934d..ef6d17934d 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/ptest-deps.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest-deps.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/ptest_makefile_deps.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest_makefile_deps.patch index 4202e61d1e..4202e61d1e 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/ptest_makefile_deps.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest_makefile_deps.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-cflags.patch index 2803cb0393..2803cb0393 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-cflags.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-mkbuildinf.patch index b556731219..b556731219 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-mkbuildinf.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/run-ptest b/meta/recipes-connectivity/openssl/openssl-1.0.2o/run-ptest index 3b20fce1ee..3b20fce1ee 100755 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/run-ptest +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/run-ptest diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/shared-libs.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/shared-libs.patch index a7ca0a3078..a7ca0a3078 100644 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2n/shared-libs.patch +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/shared-libs.patch diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch b/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch deleted file mode 100644 index 736bb39acd..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 3fdb1e2a16ea405c6731447a8994f222808ef7e6 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Fri, 7 Apr 2017 18:01:52 +0300 -Subject: [PATCH] Remove test that requires running as non-root - -Upstream-Status: Inappropriate [oe-core specific] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - test/recipes/40-test_rehash.t | 17 +---------------- - 1 file changed, 1 insertion(+), 16 deletions(-) - -diff --git a/test/recipes/40-test_rehash.t b/test/recipes/40-test_rehash.t -index f902c23..c7567c1 100644 ---- a/test/recipes/40-test_rehash.t -+++ b/test/recipes/40-test_rehash.t -@@ -23,7 +23,7 @@ setup("test_rehash"); - plan skip_all => "test_rehash is not available on this platform" - unless run(app(["openssl", "rehash", "-help"])); - --plan tests => 5; -+plan tests => 3; - - indir "rehash.$$" => sub { - prepare(); -@@ -42,21 +42,6 @@ indir "rehash.$$" => sub { - 'Testing rehash operations on empty directory'); - }, create => 1, cleanup => 1; - --indir "rehash.$$" => sub { -- prepare(); -- chmod 0500, curdir(); -- SKIP: { -- if (!ok(!open(FOO, ">unwritable.txt"), -- "Testing that we aren't running as a privileged user, such as root")) { -- close FOO; -- skip "It's pointless to run the next test as root", 1; -- } -- isnt(run(app(["openssl", "rehash", curdir()])), 1, -- 'Testing rehash operations on readonly directory'); -- } -- chmod 0700, curdir(); # make it writable again, so cleanup works --}, create => 1, cleanup => 1; -- - sub prepare { - my @pemsourcefiles = sort glob(srctop_file('test', "*.pem")); - my @destfiles = (); --- -2.11.0 - diff --git a/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch b/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch deleted file mode 100644 index bb0a1689ed..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch +++ /dev/null @@ -1,88 +0,0 @@ -From bcc096a50811bf0f0c4fd34b2993fed7a7015972 Mon Sep 17 00:00:00 2001 -From: Andy Polyakov <appro@openssl.org> -Date: Fri, 3 Nov 2017 23:30:01 +0100 -Subject: [PATCH] aes/asm/{aes-armv4|bsaes-armv7}.pl: make it work with - binutils-2.29. - -It's not clear if it's a feature or bug, but binutils-2.29[.1] -interprets 'adr' instruction with Thumb2 code reference differently, -in a way that affects calculation of addresses of constants' tables. - -Upstream-Status: Backport - -Reviewed-by: Tim Hudson <tjh@openssl.org> -Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> -Signed-off-by: Stefan Agner <stefan.agner@toradex.com> -(Merged from https://github.com/openssl/openssl/pull/4669) - -(cherry picked from commit b82acc3c1a7f304c9df31841753a0fa76b5b3cda) ---- - crypto/aes/asm/aes-armv4.pl | 6 +++--- - crypto/aes/asm/bsaes-armv7.pl | 6 +++--- - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl -index 16d79aae53..c6474b8aad 100644 ---- a/crypto/aes/asm/aes-armv4.pl -+++ b/crypto/aes/asm/aes-armv4.pl -@@ -200,7 +200,7 @@ AES_encrypt: - #ifndef __thumb2__ - sub r3,pc,#8 @ AES_encrypt - #else -- adr r3,AES_encrypt -+ adr r3,. - #endif - stmdb sp!,{r1,r4-r12,lr} - #ifdef __APPLE__ -@@ -450,7 +450,7 @@ _armv4_AES_set_encrypt_key: - #ifndef __thumb2__ - sub r3,pc,#8 @ AES_set_encrypt_key - #else -- adr r3,AES_set_encrypt_key -+ adr r3,. - #endif - teq r0,#0 - #ifdef __thumb2__ -@@ -976,7 +976,7 @@ AES_decrypt: - #ifndef __thumb2__ - sub r3,pc,#8 @ AES_decrypt - #else -- adr r3,AES_decrypt -+ adr r3,. - #endif - stmdb sp!,{r1,r4-r12,lr} - #ifdef __APPLE__ -diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl -index 9f288660ef..a27bb4a179 100644 ---- a/crypto/aes/asm/bsaes-armv7.pl -+++ b/crypto/aes/asm/bsaes-armv7.pl -@@ -744,7 +744,7 @@ $code.=<<___; - .type _bsaes_decrypt8,%function - .align 4 - _bsaes_decrypt8: -- adr $const,_bsaes_decrypt8 -+ adr $const,. - vldmia $key!, {@XMM[9]} @ round 0 key - #ifdef __APPLE__ - adr $const,.LM0ISR -@@ -843,7 +843,7 @@ _bsaes_const: - .type _bsaes_encrypt8,%function - .align 4 - _bsaes_encrypt8: -- adr $const,_bsaes_encrypt8 -+ adr $const,. - vldmia $key!, {@XMM[9]} @ round 0 key - #ifdef __APPLE__ - adr $const,.LM0SR -@@ -951,7 +951,7 @@ $code.=<<___; - .type _bsaes_key_convert,%function - .align 4 - _bsaes_key_convert: -- adr $const,_bsaes_key_convert -+ adr $const,. - vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key - #ifdef __APPLE__ - adr $const,.LM0 --- -2.15.0 - diff --git a/meta/recipes-connectivity/openssl/openssl10.inc b/meta/recipes-connectivity/openssl/openssl10.inc index 9335b0b8bd..800910aa09 100644 --- a/meta/recipes-connectivity/openssl/openssl10.inc +++ b/meta/recipes-connectivity/openssl/openssl10.inc @@ -151,7 +151,8 @@ do_configure () { if [ "x$useprefix" = "x" ]; then useprefix=/ fi - perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target + libdirleaf="$(echo ${libdir} | sed s:$useprefix::)" + perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=${libdirleaf} $target } do_compile_prepend_class-target () { diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb index f07289dbc6..413ebf37f4 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb @@ -6,7 +6,7 @@ require openssl10.inc CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" CFLAG_append_class-native = " -fPIC" -LIC_FILES_CHKSUM = "file://LICENSE;md5=057d9218c6180e1d9ee407572b2dd225" +LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77" export DIRS = "crypto ssl apps engines" export OE_LDFLAGS="${LDFLAGS}" @@ -34,7 +34,6 @@ SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \ file://openssl-fix-des.pod-error.patch \ file://Makefiles-ptest.patch \ file://ptest-deps.patch \ - file://openssl-1.0.2a-x32-asm.patch \ file://ptest_makefile_deps.patch \ file://configure-musl-target.patch \ file://parallel.patch \ @@ -48,8 +47,8 @@ SRC_URI_append_class-target = "\ file://reproducible-cflags.patch \ file://reproducible-mkbuildinf.patch \ " -SRC_URI[md5sum] = "13bdc1b1d1ff39b6fd42a255e74676a4" -SRC_URI[sha256sum] = "370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe" +SRC_URI[md5sum] = "44279b8557c3247cbe324e2322ecd114" +SRC_URI[sha256sum] = "ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d" PACKAGES =+ "${PN}-engines" FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb index 1649bffaa1..6937cc4649 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb @@ -6,20 +6,18 @@ SECTION = "libs/network" # "openssl | SSLeay" dual license LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=cae6da10f4ffd9703214776d2aabce32" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff" BBCLASSEXTEND = "native nativesdk" -SRC_URI[md5sum] = "ba5f1b8b835b88cadbce9b35ed9531a6" -SRC_URI[sha256sum] = "de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af" +SRC_URI[md5sum] = "5271477e4d93f4ea032b665ef095ff24" +SRC_URI[sha256sum] = "5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517" SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://run-ptest \ file://openssl-c_rehash.sh \ file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \ - file://0001-Remove-test-that-requires-running-as-non-root.patch \ - file://0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch \ - " + " S = "${WORKDIR}/openssl-${PV}" @@ -110,7 +108,8 @@ do_configure () { if [ "x$useprefix" = "x" ]; then useprefix=/ fi - perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=`basename ${libdir}` $target + libdirleaf="$(echo ${libdir} | sed s:$useprefix::)" + perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdirleaf} $target } #| engines/afalg/e_afalg.c: In function 'eventfd': diff --git a/meta/recipes-core/expat/expat.inc b/meta/recipes-core/expat/expat.inc index 0ee6c276d9..b815f736ff 100644 --- a/meta/recipes-core/expat/expat.inc +++ b/meta/recipes-core/expat/expat.inc @@ -9,7 +9,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/expat/expat-${PV}.tar.bz2 \ file://libtool-tag.patch \ " -SRC_URI_append_class-native = " file://no_getrandom.patch" +SRC_URI[md5sum] = "789e297f547980fc9ecc036f9a070d49" +SRC_URI[sha256sum] = "d9dc32efba7e74f788fcc4f212a43216fc37cf5f23f4c2339664d473353aedf6" inherit autotools lib_package diff --git a/meta/recipes-core/expat/expat/no_getrandom.patch b/meta/recipes-core/expat/expat/no_getrandom.patch deleted file mode 100644 index d64f1bf113..0000000000 --- a/meta/recipes-core/expat/expat/no_getrandom.patch +++ /dev/null @@ -1,23 +0,0 @@ -The native version of expat may be used on older systems which dont have glibc 2.25 -and hence don't have getrandom() thanks to uninative. Disable the libc call and -use the syscall instead to avoid a compatibility issue until we have 2.25 everywhere -we support with uninative. - -RP -2017/8/14 - -Upstream-Status: Inappropriate - -Index: expat-2.2.3/configure.ac -=================================================================== ---- expat-2.2.3.orig/configure.ac -+++ expat-2.2.3/configure.ac -@@ -151,7 +151,7 @@ AC_LINK_IFELSE([AC_LANG_SOURCE([ - #include <stdlib.h> /* for NULL */ - #include <sys/random.h> - int main() { -- return getrandom(NULL, 0U, 0U); -+ return getrandomBREAKME(NULL, 0U, 0U); - } - ])], [ - AC_DEFINE([HAVE_GETRANDOM], [1], diff --git a/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb b/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb index 2782bd95c4..0ba6c8d835 100644 --- a/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb +++ b/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb @@ -1,6 +1,6 @@ SUMMARY = "GLib networking extensions" DESCRIPTION = "glib-networking contains the implementations of certain GLib networking features that cannot be implemented directly in GLib itself because of their dependencies." -HOMEPAGE = "http://git.gnome.org/browse/glib-networking/" +HOMEPAGE = "https://gitlab.gnome.org/GNOME/glib-networking/" BUGTRACKER = "http://bugzilla.gnome.org" LICENSE = "LGPLv2" diff --git a/meta/recipes-core/glibc/glibc_2.26.bb b/meta/recipes-core/glibc/glibc_2.26.bb index 9d1e636bbc..a1a4022ebc 100644 --- a/meta/recipes-core/glibc/glibc_2.26.bb +++ b/meta/recipes-core/glibc/glibc_2.26.bb @@ -1,13 +1,13 @@ require glibc.inc -LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \ +LIC_FILES_CHKSUM = "file://LICENSES;md5=ebc14508894997e6daaad1b8ffd53a15\ file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \ file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" DEPENDS += "gperf-native bison-native" -SRCREV ?= "d300041c533a3d837c9f37a099bcc95466860e98" +SRCREV ?= "c9570bd2f54abb68e4e3c767aca3a54e05d2c7f6" SRCBRANCH ?= "release/${PV}/master" diff --git a/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb b/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb index 5654528ae8..e9f3a2aee9 100644 --- a/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb +++ b/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb @@ -6,7 +6,7 @@ the file /etc/network/interfaces." LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" -SRC_URI = "git://anonscm.debian.org/git/collab-maint/ifupdown.git \ +SRC_URI = "git://salsa.debian.org/debian/ifupdown.git;protocol=https \ file://defn2-c-man-don-t-rely-on-dpkg-architecture-to-set-a.patch \ file://inet-6-.defn-fix-inverted-checks-for-loopback.patch \ file://99_network \ diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb index bd441aef62..b24d2cd651 100644 --- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -22,7 +22,7 @@ IMAGE_FSTYPES = "wic.vmdk" inherit core-image module-base setuptools3 -SRCREV ?= "a9588646fcec17e53199e1ea7e7b8dccf140817e" +SRCREV ?= "30c10a3d8bd9bcd909cc1600894815c2fd5400a2" SRC_URI = "git://git.yoctoproject.org/poky;branch=rocko \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ diff --git a/meta/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch b/meta/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch new file mode 100644 index 0000000000..51a9e1935f --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch @@ -0,0 +1,21 @@ +Make sure that Makefile doesn't try to compile these tests again +on the target where the source dependencies won't be available. + +Upstream-Status: Inappropriate [cross-compile specific] + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +Index: libxml2-2.9.7/Makefile.am +=================================================================== +--- libxml2-2.9.7.orig/Makefile.am ++++ libxml2-2.9.7/Makefile.am +@@ -211,8 +211,7 @@ install-ptest: + sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile + $(MAKE) -C python install-ptest + +-runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \ +- testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT) ++runtests: + [ -d test ] || $(LN_S) $(srcdir)/test . + [ -d result ] || $(LN_S) $(srcdir)/result . + $(CHECKER) ./runtest$(EXEEXT) && \ diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch index 3277165618..d9ed1516fe 100644 --- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch +++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch @@ -183,7 +183,7 @@ index 68cd824..5fa0a9b 100644 - echo "*** If you have an old version installed, it is best to remove it, although" - echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ], - [ echo "*** The test program failed to compile or link. See the file config.log for the" -- echo "*** exact error that occured. This usually means LIBXML was incorrectly installed" +- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed" - echo "*** or that you have moved LIBXML since it was installed. In the latter case, you" - echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ]) - CPPFLAGS="$ac_save_CPPFLAGS" diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch deleted file mode 100644 index bb55eed171..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch +++ /dev/null @@ -1,269 +0,0 @@ -libxml2-2.9.4: Fix CVE-2016-4658 - -[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4658 - -xpointer: Disallow namespace nodes in XPointer points and ranges - -Namespace nodes must be copied to avoid use-after-free errors. -But they don't necessarily have a physical representation in a -document, so simply disallow them in XPointer ranges. - -Upstream-Status: Backport - - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b] - - [https://git.gnome.org/browse/libxml2/commit/?id=3f8a91036d338e51c059d54397a42d645f019c65] -CVE: CVE-2016-4658 -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com> - -diff --git a/xpointer.c b/xpointer.c -index 676c510..911680d 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) { - } - - /** -+ * xmlXPtrNewRangeInternal: -+ * @start: the starting node -+ * @startindex: the start index -+ * @end: the ending point -+ * @endindex: the ending index -+ * -+ * Internal function to create a new xmlXPathObjectPtr of type range -+ * -+ * Returns the newly created object. -+ */ -+static xmlXPathObjectPtr -+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex, -+ xmlNodePtr end, int endindex) { -+ xmlXPathObjectPtr ret; -+ -+ /* -+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs). -+ * Disallow them for now. -+ */ -+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL)) -+ return(NULL); -+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL)) -+ return(NULL); -+ -+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -+ if (ret == NULL) { -+ xmlXPtrErrMemory("allocating range"); -+ return(NULL); -+ } -+ memset(ret, 0, sizeof(xmlXPathObject)); -+ ret->type = XPATH_RANGE; -+ ret->user = start; -+ ret->index = startindex; -+ ret->user2 = end; -+ ret->index2 = endindex; -+ return(ret); -+} -+ -+/** - * xmlXPtrNewRange: - * @start: the starting node - * @startindex: the start index -@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex, - if (endindex < 0) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = startindex; -- ret->user2 = end; -- ret->index2 = endindex; -+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) { - if (end->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start->user; -- ret->index = start->index; -- ret->user2 = end->user; -- ret->index2 = end->index; -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user, -+ end->index); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) { - if (start->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start->user; -- ret->index = start->index; -- ret->user2 = end; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) { - if (end->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = end->user; -- ret->index2 = end->index; -+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) { - if (end == NULL) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = end; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { - if (start == NULL) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = NULL; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1); - return(ret); - } - -@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { - */ - xmlXPathObjectPtr - xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { -+ xmlNodePtr endNode; -+ int endIndex; - xmlXPathObjectPtr ret; - - if (start == NULL) -@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - return(NULL); - switch (end->type) { - case XPATH_POINT: -+ endNode = end->user; -+ endIndex = end->index; -+ break; - case XPATH_RANGE: -+ endNode = end->user2; -+ endIndex = end->index2; - break; - case XPATH_NODESET: - /* -@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - */ - if (end->nodesetval->nodeNr <= 0) - return(NULL); -+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; -+ endIndex = -1; - break; - default: - /* TODO */ - return(NULL); - } - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- switch (end->type) { -- case XPATH_POINT: -- ret->user2 = end->user; -- ret->index2 = end->index; -- break; -- case XPATH_RANGE: -- ret->user2 = end->user2; -- ret->index2 = end->index2; -- break; -- case XPATH_NODESET: { -- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; -- ret->index2 = -1; -- break; -- } -- default: -- STRANGE -- return(NULL); -- } -+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -1835,8 +1798,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr ctxt, int nargs) { - case XPATH_RANGE: { - xmlNodePtr node = tmp->user; - if (node != NULL) { -- if (node->type == XML_ATTRIBUTE_NODE) { -- /* TODO: Namespace Nodes ??? */ -+ if ((node->type == XML_ATTRIBUTE_NODE) || -+ (node->type == XML_NAMESPACE_DECL)) { - xmlXPathFreeObject(obj); - xmlXPtrFreeLocationSet(newset); - XP_ERROR(XPTR_SYNTAX_ERROR); -@@ -1931,8 +1894,8 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr ctxt, int nargs) { - case XPATH_RANGE: { - xmlNodePtr node = tmp->user2; - if (node != NULL) { -- if (node->type == XML_ATTRIBUTE_NODE) { -- /* TODO: Namespace Nodes ??? */ -+ if ((node->type == XML_ATTRIBUTE_NODE) || -+ (node->type == XML_NAMESPACE_DECL)) { - xmlXPathFreeObject(obj); - xmlXPtrFreeLocationSet(newset); - XP_ERROR(XPTR_SYNTAX_ERROR); diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch deleted file mode 100644 index 9d47d023a9..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch +++ /dev/null @@ -1,180 +0,0 @@ -From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Tue, 28 Jun 2016 14:22:23 +0200 -Subject: [PATCH] Fix XPointer paths beginning with range-to - -The old code would invoke the broken xmlXPtrRangeToFunction. range-to -isn't really a function but a special kind of location step. Remove -this function and always handle range-to in the XPath code. - -The old xmlXPtrRangeToFunction could also be abused to trigger a -use-after-free error with the potential for remote code execution. - -Found with afl-fuzz. - -Fixes CVE-2016-5131. - -CVE: CVE-2016-5131 -Upstream-Status: Backport -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e - -Signed-off-by: Yi Zhao <yi.zhao@windirver.com> ---- - result/XPath/xptr/vidbase | 13 ++++++++ - test/XPath/xptr/vidbase | 1 + - xpath.c | 7 ++++- - xpointer.c | 76 ++++------------------------------------------- - 4 files changed, 26 insertions(+), 71 deletions(-) - -diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase -index 8b9e92d..f19193e 100644 ---- a/result/XPath/xptr/vidbase -+++ b/result/XPath/xptr/vidbase -@@ -17,3 +17,16 @@ Object is a Location Set: - To node - ELEMENT p - -+ -+======================== -+Expression: xpointer(range-to(id('chapter2'))) -+Object is a Location Set: -+1 : Object is a range : -+ From node -+ / -+ To node -+ ELEMENT chapter -+ ATTRIBUTE id -+ TEXT -+ content=chapter2 -+ -diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase -index b146383..884b106 100644 ---- a/test/XPath/xptr/vidbase -+++ b/test/XPath/xptr/vidbase -@@ -1,2 +1,3 @@ - xpointer(id('chapter1')/p) - xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2])) -+xpointer(range-to(id('chapter2'))) -diff --git a/xpath.c b/xpath.c -index d992841..5a01b1b 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) { - lc = 1; - break; - } else if ((NXT(len) == '(')) { -- /* Note Type or Function */ -+ /* Node Type or Function */ - if (xmlXPathIsNodeType(name)) { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, - "PathExpr: Type search\n"); - #endif - lc = 1; -+#ifdef LIBXML_XPTR_ENABLED -+ } else if (ctxt->xptr && -+ xmlStrEqual(name, BAD_CAST "range-to")) { -+ lc = 1; -+#endif - } else { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, -diff --git a/xpointer.c b/xpointer.c -index 676c510..d74174a 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) { - ret->here = here; - ret->origin = origin; - -- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to", -- xmlXPtrRangeToFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range", - xmlXPtrRangeFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside", -@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) { - * @nargs: the number of args - * - * Implement the range-to() XPointer function -+ * -+ * Obsolete. range-to is not a real function but a special type of location -+ * step which is handled in xpath.c. - */ - void --xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) { -- xmlXPathObjectPtr range; -- const xmlChar *cur; -- xmlXPathObjectPtr res, obj; -- xmlXPathObjectPtr tmp; -- xmlLocationSetPtr newset = NULL; -- xmlNodeSetPtr oldset; -- int i; -- -- if (ctxt == NULL) return; -- CHECK_ARITY(1); -- /* -- * Save the expression pointer since we will have to evaluate -- * it multiple times. Initialize the new set. -- */ -- CHECK_TYPE(XPATH_NODESET); -- obj = valuePop(ctxt); -- oldset = obj->nodesetval; -- ctxt->context->node = NULL; -- -- cur = ctxt->cur; -- newset = xmlXPtrLocationSetCreate(NULL); -- -- for (i = 0; i < oldset->nodeNr; i++) { -- ctxt->cur = cur; -- -- /* -- * Run the evaluation with a node list made of a single item -- * in the nodeset. -- */ -- ctxt->context->node = oldset->nodeTab[i]; -- tmp = xmlXPathNewNodeSet(ctxt->context->node); -- valuePush(ctxt, tmp); -- -- xmlXPathEvalExpr(ctxt); -- CHECK_ERROR; -- -- /* -- * The result of the evaluation need to be tested to -- * decided whether the filter succeeded or not -- */ -- res = valuePop(ctxt); -- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res); -- if (range != NULL) { -- xmlXPtrLocationSetAdd(newset, range); -- } -- -- /* -- * Cleanup -- */ -- if (res != NULL) -- xmlXPathFreeObject(res); -- if (ctxt->value == tmp) { -- res = valuePop(ctxt); -- xmlXPathFreeObject(res); -- } -- -- ctxt->context->node = NULL; -- } -- -- /* -- * The result is used as the new evaluation set. -- */ -- xmlXPathFreeObject(obj); -- ctxt->context->node = NULL; -- ctxt->context->contextSize = -1; -- ctxt->context->proximityPosition = -1; -- valuePush(ctxt, xmlXPtrWrapLocationSet(newset)); -+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, -+ int nargs ATTRIBUTE_UNUSED) { -+ XP_ERROR(XPATH_EXPR_ERROR); - } - - /** --- -2.7.4 - diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch deleted file mode 100644 index 0108265855..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch +++ /dev/null @@ -1,40 +0,0 @@ -libxml2: Fix CVE-2017-0663 - -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228 - -valid: Fix type confusion in xmlValidateOneNamespace - -Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types -on namespace declarations make no practical sense anyway. - -Fixes bug 780228 - -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66] -CVE: CVE-2017-0663 -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> - -diff --git a/valid.c b/valid.c -index 19f84b8..e03d35e 100644 ---- a/valid.c -+++ b/valid.c -@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { - } - } - -+ /* -+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions -+ * xmlAddID and xmlAddRef for namespace declarations, but it makes -+ * no practical sense to use ID types anyway. -+ */ -+#if 0 - /* Validity Constraint: ID uniqueness */ - if (attrDecl->atype == XML_ATTRIBUTE_ID) { - if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) -@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { - if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) - ret = 0; - } -+#endif - - /* Validity Constraint: Notation Attributes */ - if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) { diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch deleted file mode 100644 index 571b05c087..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch +++ /dev/null @@ -1,62 +0,0 @@ -libxml2-2.9.4: Fix CVE-2017-5969 - -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422 - -valid: Fix NULL pointer deref in xmlDumpElementContent - -Can only be triggered in recovery mode. - -Fixes bug 758422 - -Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882] -CVE: CVE-2017-5969 -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> - -diff --git a/valid.c b/valid.c -index 19f84b8..0a8e58a 100644 ---- a/valid.c -+++ b/valid.c -@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob) - xmlBufferWriteCHAR(buf, content->name); - break; - case XML_ELEMENT_CONTENT_SEQ: -- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || -- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) -+ if ((content->c1 != NULL) && -+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || -+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) - xmlDumpElementContent(buf, content->c1, 1); - else - xmlDumpElementContent(buf, content->c1, 0); - xmlBufferWriteChar(buf, " , "); -- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) || -- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && -- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) -+ if ((content->c2 != NULL) && -+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) || -+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && -+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) - xmlDumpElementContent(buf, content->c2, 1); - else - xmlDumpElementContent(buf, content->c2, 0); - break; - case XML_ELEMENT_CONTENT_OR: -- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || -- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) -+ if ((content->c1 != NULL) && -+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || -+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) - xmlDumpElementContent(buf, content->c1, 1); - else - xmlDumpElementContent(buf, content->c1, 0); - xmlBufferWriteChar(buf, " | "); -- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || -- ((content->c2->type == XML_ELEMENT_CONTENT_OR) && -- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) -+ if ((content->c2 != NULL) && -+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || -+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) && -+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) - xmlDumpElementContent(buf, content->c2, 1); - else - xmlDumpElementContent(buf, content->c2, 0); diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch deleted file mode 100644 index 26779aa572..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch +++ /dev/null @@ -1,37 +0,0 @@ -From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Wed, 23 Aug 2017 16:04:49 +0800 -Subject: [PATCH] fix CVE-2017-8872 - -this makes xmlHaltParser "empty" the buffer, as it resets cur and ava -il too here. - -this seems to cure this specific issue, and also passes the testsuite - -Signed-off-by: Marcus Meissner <meissner@suse.de> - -https://bugzilla.gnome.org/show_bug.cgi?id=775200 -Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff] -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - parser.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/parser.c b/parser.c -index 9506ead..6c07ffd 100644 ---- a/parser.c -+++ b/parser.c -@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) { - } - ctxt->input->cur = BAD_CAST""; - ctxt->input->base = ctxt->input->cur; -+ if (ctxt->input->buf) { -+ xmlBufEmpty (ctxt->input->buf->buffer); -+ } else -+ ctxt->input->length = 0; - } - } - --- -2.7.4 - diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch deleted file mode 100644 index 8b034560fa..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch +++ /dev/null @@ -1,103 +0,0 @@ -libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048 - -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781333 - -- https://bugzilla.gnome.org/show_bug.cgi?id=781701 - -valid: Fix buffer size checks in xmlSnprintfElementContent - -xmlSnprintfElementContent failed to correctly check the available -buffer space in two locations. - -Fixes bug 781333 and bug 781701 - -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74] -CVE: CVE-2017-9047 CVE-2017-9048 -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> - -diff --git a/result/valid/781333.xml b/result/valid/781333.xml -new file mode 100644 -index 0000000..01baf11 ---- /dev/null -+++ b/result/valid/781333.xml -@@ -0,0 +1,5 @@ -+<?xml version="1.0"?> -+<!DOCTYPE a [ -+<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)> -+]> -+<a/> -diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err -new file mode 100644 -index 0000000..2176200 ---- /dev/null -+++ b/result/valid/781333.xml.err -@@ -0,0 +1,3 @@ -+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got -+<a/> -+ ^ -diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr -new file mode 100644 -index 0000000..1195a04 ---- /dev/null -+++ b/result/valid/781333.xml.err.rdr -@@ -0,0 +1,6 @@ -+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got -+<a/> -+ ^ -+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child -+ -+^ -diff --git a/test/valid/781333.xml b/test/valid/781333.xml -new file mode 100644 -index 0000000..bceac9c ---- /dev/null -+++ b/test/valid/781333.xml -@@ -0,0 +1,4 @@ -+<!DOCTYPE a [ -+ <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)> -+]> -+<a/> -diff --git a/valid.c b/valid.c -index 19f84b8..aaa30f6 100644 ---- a/valid.c -+++ b/valid.c -@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int - case XML_ELEMENT_CONTENT_PCDATA: - strcat(buf, "#PCDATA"); - break; -- case XML_ELEMENT_CONTENT_ELEMENT: -+ case XML_ELEMENT_CONTENT_ELEMENT: { -+ int qnameLen = xmlStrlen(content->name); -+ -+ if (content->prefix != NULL) -+ qnameLen += xmlStrlen(content->prefix) + 1; -+ if (size - len < qnameLen + 10) { -+ strcat(buf, " ..."); -+ return; -+ } - if (content->prefix != NULL) { -- if (size - len < xmlStrlen(content->prefix) + 10) { -- strcat(buf, " ..."); -- return; -- } - strcat(buf, (char *) content->prefix); - strcat(buf, ":"); - } -- if (size - len < xmlStrlen(content->name) + 10) { -- strcat(buf, " ..."); -- return; -- } - if (content->name != NULL) - strcat(buf, (char *) content->name); - break; -+ } - case XML_ELEMENT_CONTENT_SEQ: - if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || - (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) -@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int - xmlSnprintfElementContent(buf, size, content->c2, 0); - break; - } -+ if (size - strlen(buf) <= 2) return; - if (englob) - strcat(buf, ")"); - switch (content->ocur) { diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch deleted file mode 100644 index 591075de3c..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch +++ /dev/null @@ -1,291 +0,0 @@ -libxml2-2.9.4: Fix CVE-2017-9049 and CVE-2017-9050 - -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781205 - -- https://bugzilla.gnome.org/show_bug.cgi?id=781361 - -parser: Fix handling of parameter-entity references - -There were two bugs where parameter-entity references could lead to an -unexpected change of the input buffer in xmlParseNameComplex and -xmlDictLookup being called with an invalid pointer. - -Percent sign in DTD Names -========================= - -The NEXTL macro used to call xmlParserHandlePEReference. When parsing -"complex" names inside the DTD, this could result in entity expansion -which created a new input buffer. The fix is to simply remove the call -to xmlParserHandlePEReference from the NEXTL macro. This is safe because -no users of the macro require expansion of parameter entities. - -- xmlParseNameComplex -- xmlParseNCNameComplex -- xmlParseNmtoken - -The percent sign is not allowed in names, which are grammatical tokens. - -- xmlParseEntityValue - -Parameter-entity references in entity values are expanded but this -happens in a separate step in this function. - -- xmlParseSystemLiteral - -Parameter-entity references are ignored in the system literal. - -- xmlParseAttValueComplex -- xmlParseCharDataComplex -- xmlParseCommentComplex -- xmlParsePI -- xmlParseCDSect - -Parameter-entity references are ignored outside the DTD. - -- xmlLoadEntityContent - -This function is only called from xmlStringLenDecodeEntities and -entities are replaced in a separate step immediately after the function -call. - -This bug could also be triggered with an internal subset and double -entity expansion. - -This fixes bug 766956 initially reported by Wei Lei and independently by -Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone -involved. - -xmlParseNameComplex with XML_PARSE_OLD10 -======================================== - -When parsing Names inside an expanded parameter entity with the -XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the -GROW macro if the input buffer was exhausted. At the end of the -parameter entity's replacement text, this function would then call -xmlPopInput which invalidated the input buffer. - -There should be no need to invoke GROW in this situation because the -buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and, -at least for UTF-8, in xmlCurrentChar. This also matches the code path -executed when XML_PARSE_OLD10 is not set. - -This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). -Thanks to Marcel Böhme and Thuan Pham for the report. - -Additional hardening -==================== - -A separate check was added in xmlParseNameComplex to validate the -buffer size. - -Fixes bug 781205 and bug 781361 - -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74] -CVE: CVE-2017-9049 CVE-2017-9050 -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> - -diff --git a/Makefile.am b/Makefile.am -index 9f988b0..dab15a4 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT) - if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \ - rm result.$$name error.$$name ; \ - fi ; fi ; done) -+ @echo "## Error cases regression tests (old 1.0)" -+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \ -+ name=`basename $$i`; \ -+ if [ ! -d $$i ] ; then \ -+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \ -+ echo New test file $$name ; \ -+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \ -+ 2> $(srcdir)/result/errors10/$$name.err \ -+ > $(srcdir)/result/errors10/$$name ; \ -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ -+ else \ -+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \ -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ -+ diff $(srcdir)/result/errors10/$$name result.$$name ; \ -+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \ -+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \ -+ rm result.$$name error.$$name ; \ -+ fi ; fi ; done) - @echo "## Error cases stream regression tests" - -@(for i in $(srcdir)/test/errors/*.xml ; do \ - name=`basename $$i`; \ -diff --git a/parser.c b/parser.c -index 609a270..8e11c12 100644 ---- a/parser.c -+++ b/parser.c -@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) { - ctxt->input->line++; ctxt->input->col = 1; \ - } else ctxt->input->col++; \ - ctxt->input->cur += l; \ -- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \ - } while (0) - - #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l) -@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { - len += l; - NEXTL(l); - c = CUR_CHAR(l); -- if (c == 0) { -- count = 0; -- GROW; -- if (ctxt->instate == XML_PARSER_EOF) -- return(NULL); -- c = CUR_CHAR(l); -- } - } - } - if ((len > XML_MAX_NAME_LENGTH) && -@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { - xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); - return(NULL); - } -+ if (ctxt->input->cur - ctxt->input->base < len) { -+ /* -+ * There were a couple of bugs where PERefs lead to to a change -+ * of the buffer. Check the buffer size to avoid passing an invalid -+ * pointer to xmlDictLookup. -+ */ -+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, -+ "unexpected change of input buffer"); -+ return (NULL); -+ } - if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r')) - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len)); - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len)); -diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml -new file mode 100644 -index 0000000..e69de29 -diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err -new file mode 100644 -index 0000000..da15c3f ---- /dev/null -+++ b/result/errors10/781205.xml.err -@@ -0,0 +1,21 @@ -+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+ -+ %a; -+ ^ -+Entity: line 1: -+<:0000 -+^ -+Entity: line 1: parser error : DOCTYPE improperly terminated -+ %a; -+ ^ -+Entity: line 1: -+<:0000 -+^ -+namespace error : Failed to parse QName ':0000' -+ %a; -+ ^ -+<:0000 -+ ^ -+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1 -+ -+^ -diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml -new file mode 100644 -index 0000000..e69de29 -diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err -new file mode 100644 -index 0000000..655f41a ---- /dev/null -+++ b/result/errors10/781361.xml.err -@@ -0,0 +1,13 @@ -+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected -+ -+^ -+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+ -+ -+^ -+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated -+ -+^ -+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found -+ -+^ -diff --git a/result/valid/766956.xml b/result/valid/766956.xml -new file mode 100644 -index 0000000..e69de29 -diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err -new file mode 100644 -index 0000000..34b1dae ---- /dev/null -+++ b/result/valid/766956.xml.err -@@ -0,0 +1,9 @@ -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' -+%ä%ent; -+ ^ -+Entity: line 1: parser error : Content error in the external subset -+ %ent; -+ ^ -+Entity: line 1: -+value -+^ -diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr -new file mode 100644 -index 0000000..7760346 ---- /dev/null -+++ b/result/valid/766956.xml.err.rdr -@@ -0,0 +1,10 @@ -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' -+%ä%ent; -+ ^ -+Entity: line 1: parser error : Content error in the external subset -+ %ent; -+ ^ -+Entity: line 1: -+value -+^ -+./test/valid/766956.xml : failed to parse -diff --git a/runtest.c b/runtest.c -index bb74d2a..63e8c20 100644 ---- a/runtest.c -+++ b/runtest.c -@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = { - { "Error cases regression tests", - errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err", - 0 }, -+ { "Error cases regression tests (old 1.0)", -+ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err", -+ XML_PARSE_OLD10 }, - #ifdef LIBXML_READER_ENABLED - { "Error cases stream regression tests", - streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str", -diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml -new file mode 100644 -index 0000000..d9e9e83 ---- /dev/null -+++ b/test/errors10/781205.xml -@@ -0,0 +1,3 @@ -+<!DOCTYPE D [ -+ <!ENTITY % a "<:0000"> -+ %a; -diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml -new file mode 100644 -index 0000000..67476bc ---- /dev/null -+++ b/test/errors10/781361.xml -@@ -0,0 +1,3 @@ -+<!DOCTYPE doc [ -+ <!ENTITY % elem "<!ELEMENT e0000000000"> -+ %elem; -diff --git a/test/valid/766956.xml b/test/valid/766956.xml -new file mode 100644 -index 0000000..19a95a0 ---- /dev/null -+++ b/test/valid/766956.xml -@@ -0,0 +1,2 @@ -+<!DOCTYPE test SYSTEM "dtds/766956.dtd"> -+<test/> -diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd -new file mode 100644 -index 0000000..dddde68 ---- /dev/null -+++ b/test/valid/dtds/766956.dtd -@@ -0,0 +1,2 @@ -+<!ENTITY % ent "value"> -+%ä%ent; diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch deleted file mode 100644 index c60e32f656..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch +++ /dev/null @@ -1,45 +0,0 @@ -libxml2-2.9.4: Fix more NULL pointer derefs - -xpointer: Fix more NULL pointer derefs - -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd] -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com> - -diff --git a/xpointer.c b/xpointer.c -index 676c510..074db24 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - /* - * Empty set ... - */ -- if (end->nodesetval->nodeNr <= 0) -+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0)) - return(NULL); - break; - default: -@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) { - */ - xmlNodeSetPtr set; - set = tmp->nodesetval; -- if ((set->nodeNr != 1) || -+ if ((set == NULL) || (set->nodeNr != 1) || - (set->nodeTab[0] != (xmlNodePtr) ctx->doc)) - stack++; - } else -@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) { - xmlXPathFreeObject(set); - XP_ERROR(XPATH_MEMORY_ERROR); - } -- for (i = 0;i < oldset->locNr;i++) { -- xmlXPtrLocationSetAdd(newset, -- xmlXPtrCoveringRange(ctxt, oldset->locTab[i])); -+ if (oldset != NULL) { -+ for (i = 0;i < oldset->locNr;i++) { -+ xmlXPtrLocationSetAdd(newset, -+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i])); -+ } - } - - /* diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch deleted file mode 100644 index faa57701f5..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch +++ /dev/null @@ -1,590 +0,0 @@ -libxml2-2.9.4: Avoid reparsing and simplify control flow in xmlParseStartTag2 - -[No upstream tracking] - -parser: Avoid reparsing in xmlParseStartTag2 - -The code in xmlParseStartTag2 must handle the case that the input -buffer was grown and reallocated which can invalidate pointers to -attribute values. Before, this was handled by detecting changes of -the input buffer "base" pointer and, in case of a change, jumping -back to the beginning of the function and reparsing the start tag. - -The major problem of this approach is that whether an input buffer is -reallocated is nondeterministic, resulting in seemingly random test -failures. See the mailing list thread "runtest mystery bug: name2.xml -error case regression test" from 2012, for example. - -If a reallocation was detected, the code also made no attempts to -continue parsing in case of errors which makes a difference in -the lax "recover" mode. - -Now we store the current input buffer "base" pointer for each (not -separately allocated) attribute in the namespace URI field, which isn't -used until later. After the whole start tag was parsed, the pointers to -the attribute values are reconstructed using the offset between the -new and the old input buffer. This relies on arithmetic on dangling -pointers which is technically undefined behavior. But it seems like -the easiest and most efficient fix and a similar approach is used in -xmlParserInputGrow. - -This changes the error output of several tests, typically making it -more verbose because we try harder to continue parsing in case of errors. - -(Another possible solution is to check not only the "base" pointer -but the size of the input buffer as well. But this would result in -even more reparsing.) - -Remove some goto labels and deduplicate a bit of code after handling -namespaces. - -There were two bugs where parameter-entity references could lead to an -unexpected change of the input buffer in xmlParseNameComplex and -xmlDictLookup being called with an invalid pointer. - - -Upstream-Status: Backport - - [https://git.gnome.org/browse/libxml2/commit/?id=07b7428b69c368611d215a140fe630b2d1e61349] - - [https://git.gnome.org/browse/libxml2/commit/?id=855c19efb7cd30d927d673b3658563c4959ca6f0] -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> - -diff --git a/parser.c b/parser.c -index 609a270..74016e3 100644 ---- a/parser.c -+++ b/parser.c -@@ -43,6 +43,7 @@ - #include <limits.h> - #include <string.h> - #include <stdarg.h> -+#include <stddef.h> - #include <libxml/xmlmemory.h> - #include <libxml/threads.h> - #include <libxml/globals.h> -@@ -9377,8 +9378,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref, - const xmlChar **atts = ctxt->atts; - int maxatts = ctxt->maxatts; - int nratts, nbatts, nbdef; -- int i, j, nbNs, attval, oldline, oldcol, inputNr; -- const xmlChar *base; -+ int i, j, nbNs, attval; - unsigned long cur; - int nsNr = ctxt->nsNr; - -@@ -9392,13 +9392,8 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref, - * The Shrinking is only possible once the full set of attribute - * callbacks have been done. - */ --reparse: - SHRINK; -- base = ctxt->input->base; - cur = ctxt->input->cur - ctxt->input->base; -- inputNr = ctxt->inputNr; -- oldline = ctxt->input->line; -- oldcol = ctxt->input->col; - nbatts = 0; - nratts = 0; - nbdef = 0; -@@ -9422,8 +9417,6 @@ reparse: - */ - SKIP_BLANKS; - GROW; -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) -- goto base_changed; - - while (((RAW != '>') && - ((RAW != '/') || (NXT(1) != '>')) && -@@ -9434,203 +9427,174 @@ reparse: - - attname = xmlParseAttribute2(ctxt, prefix, localname, - &aprefix, &attvalue, &len, &alloc); -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) { -- if ((attvalue != NULL) && (alloc != 0)) -- xmlFree(attvalue); -- attvalue = NULL; -- goto base_changed; -- } -- if ((attname != NULL) && (attvalue != NULL)) { -- if (len < 0) len = xmlStrlen(attvalue); -- if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) { -- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len); -- xmlURIPtr uri; -- -- if (URL == NULL) { -- xmlErrMemory(ctxt, "dictionary allocation failure"); -- if ((attvalue != NULL) && (alloc != 0)) -- xmlFree(attvalue); -- return(NULL); -- } -- if (*URL != 0) { -- uri = xmlParseURI((const char *) URL); -- if (uri == NULL) { -- xmlNsErr(ctxt, XML_WAR_NS_URI, -- "xmlns: '%s' is not a valid URI\n", -- URL, NULL, NULL); -- } else { -- if (uri->scheme == NULL) { -- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE, -- "xmlns: URI %s is not absolute\n", -- URL, NULL, NULL); -- } -- xmlFreeURI(uri); -- } -- if (URL == ctxt->str_xml_ns) { -- if (attname != ctxt->str_xml) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "xml namespace URI cannot be the default namespace\n", -- NULL, NULL, NULL); -- } -- goto skip_default_ns; -- } -- if ((len == 29) && -- (xmlStrEqual(URL, -- BAD_CAST "http://www.w3.org/2000/xmlns/"))) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "reuse of the xmlns namespace name is forbidden\n", -- NULL, NULL, NULL); -- goto skip_default_ns; -- } -- } -- /* -- * check that it's not a defined namespace -- */ -- for (j = 1;j <= nbNs;j++) -- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL) -- break; -- if (j <= nbNs) -- xmlErrAttributeDup(ctxt, NULL, attname); -- else -- if (nsPush(ctxt, NULL, URL) > 0) nbNs++; --skip_default_ns: -- if ((attvalue != NULL) && (alloc != 0)) { -- xmlFree(attvalue); -- attvalue = NULL; -- } -- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>')))) -- break; -- if (!IS_BLANK_CH(RAW)) { -- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED, -- "attributes construct error\n"); -- break; -- } -- SKIP_BLANKS; -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) -- goto base_changed; -- continue; -- } -- if (aprefix == ctxt->str_xmlns) { -- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len); -- xmlURIPtr uri; -- -- if (attname == ctxt->str_xml) { -- if (URL != ctxt->str_xml_ns) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "xml namespace prefix mapped to wrong URI\n", -- NULL, NULL, NULL); -- } -- /* -- * Do not keep a namespace definition node -- */ -- goto skip_ns; -- } -+ if ((attname == NULL) || (attvalue == NULL)) -+ goto next_attr; -+ if (len < 0) len = xmlStrlen(attvalue); -+ -+ if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) { -+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len); -+ xmlURIPtr uri; -+ -+ if (URL == NULL) { -+ xmlErrMemory(ctxt, "dictionary allocation failure"); -+ if ((attvalue != NULL) && (alloc != 0)) -+ xmlFree(attvalue); -+ return(NULL); -+ } -+ if (*URL != 0) { -+ uri = xmlParseURI((const char *) URL); -+ if (uri == NULL) { -+ xmlNsErr(ctxt, XML_WAR_NS_URI, -+ "xmlns: '%s' is not a valid URI\n", -+ URL, NULL, NULL); -+ } else { -+ if (uri->scheme == NULL) { -+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE, -+ "xmlns: URI %s is not absolute\n", -+ URL, NULL, NULL); -+ } -+ xmlFreeURI(uri); -+ } - if (URL == ctxt->str_xml_ns) { -- if (attname != ctxt->str_xml) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "xml namespace URI mapped to wrong prefix\n", -- NULL, NULL, NULL); -- } -- goto skip_ns; -- } -- if (attname == ctxt->str_xmlns) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "redefinition of the xmlns prefix is forbidden\n", -- NULL, NULL, NULL); -- goto skip_ns; -- } -- if ((len == 29) && -- (xmlStrEqual(URL, -- BAD_CAST "http://www.w3.org/2000/xmlns/"))) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "reuse of the xmlns namespace name is forbidden\n", -- NULL, NULL, NULL); -- goto skip_ns; -- } -- if ((URL == NULL) || (URL[0] == 0)) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "xmlns:%s: Empty XML namespace is not allowed\n", -- attname, NULL, NULL); -- goto skip_ns; -- } else { -- uri = xmlParseURI((const char *) URL); -- if (uri == NULL) { -- xmlNsErr(ctxt, XML_WAR_NS_URI, -- "xmlns:%s: '%s' is not a valid URI\n", -- attname, URL, NULL); -- } else { -- if ((ctxt->pedantic) && (uri->scheme == NULL)) { -- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE, -- "xmlns:%s: URI %s is not absolute\n", -- attname, URL, NULL); -- } -- xmlFreeURI(uri); -- } -- } -- -- /* -- * check that it's not a defined namespace -- */ -- for (j = 1;j <= nbNs;j++) -- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname) -- break; -- if (j <= nbNs) -- xmlErrAttributeDup(ctxt, aprefix, attname); -- else -- if (nsPush(ctxt, attname, URL) > 0) nbNs++; --skip_ns: -- if ((attvalue != NULL) && (alloc != 0)) { -- xmlFree(attvalue); -- attvalue = NULL; -- } -- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>')))) -- break; -- if (!IS_BLANK_CH(RAW)) { -- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED, -- "attributes construct error\n"); -- break; -- } -- SKIP_BLANKS; -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) -- goto base_changed; -- continue; -- } -+ if (attname != ctxt->str_xml) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "xml namespace URI cannot be the default namespace\n", -+ NULL, NULL, NULL); -+ } -+ goto next_attr; -+ } -+ if ((len == 29) && -+ (xmlStrEqual(URL, -+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "reuse of the xmlns namespace name is forbidden\n", -+ NULL, NULL, NULL); -+ goto next_attr; -+ } -+ } -+ /* -+ * check that it's not a defined namespace -+ */ -+ for (j = 1;j <= nbNs;j++) -+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL) -+ break; -+ if (j <= nbNs) -+ xmlErrAttributeDup(ctxt, NULL, attname); -+ else -+ if (nsPush(ctxt, NULL, URL) > 0) nbNs++; -+ -+ } else if (aprefix == ctxt->str_xmlns) { -+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len); -+ xmlURIPtr uri; -+ -+ if (attname == ctxt->str_xml) { -+ if (URL != ctxt->str_xml_ns) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "xml namespace prefix mapped to wrong URI\n", -+ NULL, NULL, NULL); -+ } -+ /* -+ * Do not keep a namespace definition node -+ */ -+ goto next_attr; -+ } -+ if (URL == ctxt->str_xml_ns) { -+ if (attname != ctxt->str_xml) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "xml namespace URI mapped to wrong prefix\n", -+ NULL, NULL, NULL); -+ } -+ goto next_attr; -+ } -+ if (attname == ctxt->str_xmlns) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "redefinition of the xmlns prefix is forbidden\n", -+ NULL, NULL, NULL); -+ goto next_attr; -+ } -+ if ((len == 29) && -+ (xmlStrEqual(URL, -+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "reuse of the xmlns namespace name is forbidden\n", -+ NULL, NULL, NULL); -+ goto next_attr; -+ } -+ if ((URL == NULL) || (URL[0] == 0)) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "xmlns:%s: Empty XML namespace is not allowed\n", -+ attname, NULL, NULL); -+ goto next_attr; -+ } else { -+ uri = xmlParseURI((const char *) URL); -+ if (uri == NULL) { -+ xmlNsErr(ctxt, XML_WAR_NS_URI, -+ "xmlns:%s: '%s' is not a valid URI\n", -+ attname, URL, NULL); -+ } else { -+ if ((ctxt->pedantic) && (uri->scheme == NULL)) { -+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE, -+ "xmlns:%s: URI %s is not absolute\n", -+ attname, URL, NULL); -+ } -+ xmlFreeURI(uri); -+ } -+ } - -- /* -- * Add the pair to atts -- */ -- if ((atts == NULL) || (nbatts + 5 > maxatts)) { -- if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) { -- if (attvalue[len] == 0) -- xmlFree(attvalue); -- goto failed; -- } -- maxatts = ctxt->maxatts; -- atts = ctxt->atts; -- } -- ctxt->attallocs[nratts++] = alloc; -- atts[nbatts++] = attname; -- atts[nbatts++] = aprefix; -- atts[nbatts++] = NULL; /* the URI will be fetched later */ -- atts[nbatts++] = attvalue; -- attvalue += len; -- atts[nbatts++] = attvalue; -- /* -- * tag if some deallocation is needed -- */ -- if (alloc != 0) attval = 1; -- } else { -- if ((attvalue != NULL) && (attvalue[len] == 0)) -- xmlFree(attvalue); -- } -+ /* -+ * check that it's not a defined namespace -+ */ -+ for (j = 1;j <= nbNs;j++) -+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname) -+ break; -+ if (j <= nbNs) -+ xmlErrAttributeDup(ctxt, aprefix, attname); -+ else -+ if (nsPush(ctxt, attname, URL) > 0) nbNs++; -+ -+ } else { -+ /* -+ * Add the pair to atts -+ */ -+ if ((atts == NULL) || (nbatts + 5 > maxatts)) { -+ if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) { -+ goto next_attr; -+ } -+ maxatts = ctxt->maxatts; -+ atts = ctxt->atts; -+ } -+ ctxt->attallocs[nratts++] = alloc; -+ atts[nbatts++] = attname; -+ atts[nbatts++] = aprefix; -+ /* -+ * The namespace URI field is used temporarily to point at the -+ * base of the current input buffer for non-alloced attributes. -+ * When the input buffer is reallocated, all the pointers become -+ * invalid, but they can be reconstructed later. -+ */ -+ if (alloc) -+ atts[nbatts++] = NULL; -+ else -+ atts[nbatts++] = ctxt->input->base; -+ atts[nbatts++] = attvalue; -+ attvalue += len; -+ atts[nbatts++] = attvalue; -+ /* -+ * tag if some deallocation is needed -+ */ -+ if (alloc != 0) attval = 1; -+ attvalue = NULL; /* moved into atts */ -+ } - --failed: -+next_attr: -+ if ((attvalue != NULL) && (alloc != 0)) { -+ xmlFree(attvalue); -+ attvalue = NULL; -+ } - - GROW - if (ctxt->instate == XML_PARSER_EOF) - break; -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) -- goto base_changed; - if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>')))) - break; - if (!IS_BLANK_CH(RAW)) { -@@ -9646,8 +9610,20 @@ failed: - break; - } - GROW; -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) -- goto base_changed; -+ } -+ -+ /* Reconstruct attribute value pointers. */ -+ for (i = 0, j = 0; j < nratts; i += 5, j++) { -+ if (atts[i+2] != NULL) { -+ /* -+ * Arithmetic on dangling pointers is technically undefined -+ * behavior, but well... -+ */ -+ ptrdiff_t offset = ctxt->input->base - atts[i+2]; -+ atts[i+2] = NULL; /* Reset repurposed namespace URI */ -+ atts[i+3] += offset; /* value */ -+ atts[i+4] += offset; /* valuend */ -+ } - } - - /* -@@ -9804,34 +9780,6 @@ failed: - } - - return(localname); -- --base_changed: -- /* -- * the attribute strings are valid iif the base didn't changed -- */ -- if (attval != 0) { -- for (i = 3,j = 0; j < nratts;i += 5,j++) -- if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL)) -- xmlFree((xmlChar *) atts[i]); -- } -- -- /* -- * We can't switch from one entity to another in the middle -- * of a start tag -- */ -- if (inputNr != ctxt->inputNr) { -- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY, -- "Start tag doesn't start and stop in the same entity\n"); -- return(NULL); -- } -- -- ctxt->input->cur = ctxt->input->base + cur; -- ctxt->input->line = oldline; -- ctxt->input->col = oldcol; -- if (ctxt->wellFormed == 1) { -- goto reparse; -- } -- return(NULL); - } - - /** -diff --git a/result/errors/759398.xml.err b/result/errors/759398.xml.err -index e08d9bf..f6036a3 100644 ---- a/result/errors/759398.xml.err -+++ b/result/errors/759398.xml.err -@@ -1,9 +1,12 @@ - ./test/errors/759398.xml:210: parser error : StartTag: invalid element name - need to worry about parsers whi<! don't expand PErefs finding - ^ --./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: spec line 50 and termdef -+./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№m line 308 and termdef - and provide access to their content and structure.</termdef> <termdef - ^ --./test/errors/759398.xml:309: parser error : Extra content at the end of the document --and provide access to their content and structure.</termdef> <termdef -- ^ -+./test/errors/759398.xml:314: parser error : Opening and ending tag mismatch: spec line 50 and p -+data and the information it must provide to the application.</p> -+ ^ -+./test/errors/759398.xml:316: parser error : Extra content at the end of the document -+<div2 id='sec-origin-goals'> -+^ -diff --git a/result/errors/attr1.xml.err b/result/errors/attr1.xml.err -index 4f08538..c4c4fc8 100644 ---- a/result/errors/attr1.xml.err -+++ b/result/errors/attr1.xml.err -@@ -1,6 +1,9 @@ - ./test/errors/attr1.xml:2: parser error : AttValue: ' expected - - ^ --./test/errors/attr1.xml:1: parser error : Extra content at the end of the document --<foo foo="oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo -- ^ -+./test/errors/attr1.xml:2: parser error : attributes construct error -+ -+^ -+./test/errors/attr1.xml:2: parser error : Couldn't find end of Start Tag foo line 1 -+ -+^ -diff --git a/result/errors/attr2.xml.err b/result/errors/attr2.xml.err -index c8a9c7d..77e342e 100644 ---- a/result/errors/attr2.xml.err -+++ b/result/errors/attr2.xml.err -@@ -1,6 +1,9 @@ - ./test/errors/attr2.xml:2: parser error : AttValue: ' expected - - ^ --./test/errors/attr2.xml:1: parser error : Extra content at the end of the document --<foo foo=">ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo -- ^ -+./test/errors/attr2.xml:2: parser error : attributes construct error -+ -+^ -+./test/errors/attr2.xml:2: parser error : Couldn't find end of Start Tag foo line 1 -+ -+^ -diff --git a/result/errors/name2.xml.err b/result/errors/name2.xml.err -index a6649a1..8a6acee 100644 ---- a/result/errors/name2.xml.err -+++ b/result/errors/name2.xml.err -@@ -1,6 +1,9 @@ - ./test/errors/name2.xml:2: parser error : Specification mandate value for attribute foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo - - ^ --./test/errors/name2.xml:1: parser error : Extra content at the end of the document --<foo foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo -- ^ -+./test/errors/name2.xml:2: parser error : attributes construct error -+ -+^ -+./test/errors/name2.xml:2: parser error : Couldn't find end of Start Tag foo line 1 -+ -+^ diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch deleted file mode 100644 index 65f6bef1e6..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch +++ /dev/null @@ -1,67 +0,0 @@ -libxml2-2.9.4: Fix comparison with root node in xmlXPathCmpNodes and NULL pointer deref in XPointer - -xpath: - - Check for errors after evaluating first operand. - - Add sanity check for empty stack. - - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes - -Upstream-Status: Backport - - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b] - - [https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8] -CVE: CVE-2016-5131 -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> -Signed-off-by: Pascal Bach <pascal.bach@siemens.com> - -diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror -new file mode 100644 -index 0000000..d589882 ---- /dev/null -+++ b/result/XPath/xptr/viderror -@@ -0,0 +1,4 @@ -+ -+======================== -+Expression: xpointer(non-existing-fn()/range-to(id('chapter2'))) -+Object is empty (NULL) -diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror -new file mode 100644 -index 0000000..da8c53b ---- /dev/null -+++ b/test/XPath/xptr/viderror -@@ -0,0 +1 @@ -+xpointer(non-existing-fn()/range-to(id('chapter2'))) -diff --git a/xpath.c b/xpath.c -index 113bce6..d992841 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) { - * compute depth to root - */ - for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) { -- if (cur == node1) -+ if (cur->parent == node1) - return(1); - depth2++; - } - root = cur; - for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) { -- if (cur == node2) -+ if (cur->parent == node2) - return(-1); - depth1++; - } -@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) - xmlNodeSetPtr oldset; - int i, j; - -- if (op->ch1 != -1) -+ if (op->ch1 != -1) { - total += - xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]); -+ CHECK_ERROR0; -+ } -+ if (ctxt->value == NULL) { -+ XP_ERROR0(XPATH_INVALID_OPERAND); -+ } - if (op->ch2 == -1) - return (total); - diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch b/meta/recipes-core/libxml/libxml2/runtest.patch index 6e56857caf..cb171d5b36 100644 --- a/meta/recipes-core/libxml/libxml2/runtest.patch +++ b/meta/recipes-core/libxml/libxml2/runtest.patch @@ -2,47 +2,29 @@ Add 'install-ptest' rule. Print a standard result line for each test. Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com> -Signed-off-by: Andrej Valek <andrej.valek@enea.com> +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Upstream-Status: Backport diff -uNr a/Makefile.am b/Makefile.am ---- a/Makefile.am 2016-05-22 03:49:02.000000000 +0200 -+++ b/Makefile.am 2017-06-14 10:38:43.381305385 +0200 -@@ -202,10 +202,24 @@ +--- a/Makefile.am 2017-08-28 15:01:14.000000000 +0200 ++++ b/Makefile.am 2017-09-05 08:06:05.752287323 +0200 +@@ -202,6 +202,15 @@ #testOOM_DEPENDENCIES = $(DEPS) #testOOM_LDADD= $(LDADDS) +install-ptest: + @(if [ -d .libs ] ; then cd .libs; fi; \ -+ install $(noinst_PROGRAMS) $(DESTDIR)) ++ install $(check_PROGRAMS) $(DESTDIR)) + cp -r $(srcdir)/test $(DESTDIR) + cp -r $(srcdir)/result $(DESTDIR) + cp -r $(srcdir)/python $(DESTDIR) + cp Makefile $(DESTDIR) + sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile + - runtests: + runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \ + testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT) [ -d test ] || $(LN_S) $(srcdir)/test . - [ -d result ] || $(LN_S) $(srcdir)/result . -- $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT) -+ $(CHECKER) ./runtest$(EXEEXT) && \ -+ $(CHECKER) ./testrecurse$(EXEEXT) && \ -+ ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) ./testapi$(EXEEXT) && \ -+ $(CHECKER) ./testchar$(EXEEXT) && \ -+ $(CHECKER) ./testdict$(EXEEXT) && \ -+ $(CHECKER) ./runxmlconf$(EXEEXT) - @(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \ - $(MAKE) tests ; fi) - -@@ -229,7 +243,7 @@ - - APItests: testapi$(EXEEXT) - @echo "## Running the API regression tests this may take a little while" -- -@($(CHECKER) $(top_builddir)/testapi -q) -+ -@(ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) $(top_builddir)/testapi -q) - - HTMLtests : testHTML$(EXEEXT) - @(echo > .memdump) + diff -uNr a/runsuite.c b/runsuite.c --- a/runsuite.c 2013-04-12 16:17:11.462823238 +0200 +++ b/runsuite.c 2013-04-17 14:07:24.352693211 +0200 diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.5.bb index 9adb29cfdd..27e1a8e7b1 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.5.bb @@ -19,21 +19,12 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \ file://run-ptest \ file://python-sitepackages-dir.patch \ file://libxml-m4-use-pkgconfig.patch \ - file://libxml2-fix_node_comparison.patch \ - file://libxml2-CVE-2016-5131.patch \ - file://libxml2-CVE-2016-4658.patch \ - file://libxml2-fix_NULL_pointer_derefs.patch \ - file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \ - file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \ - file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \ - file://libxml2-CVE-2017-5969.patch \ - file://libxml2-CVE-2017-0663.patch \ - file://libxml2-CVE-2017-8872.patch \ file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \ + file://fix-execution-of-ptests.patch \ " -SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5" -SRC_URI[libtar.sha256sum] = "ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c" +SRC_URI[libtar.md5sum] = "5ce0da9bdaa267b40c4ca36d35363b8b" +SRC_URI[libtar.sha256sum] = "4031c1ecee9ce7ba4f313e91ef6284164885cdb69937a123f6a83bb6a72dcd38" SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a" SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7" @@ -81,6 +72,10 @@ do_configure_prepend () { find ${WORKDIR}/xmlconf/ -type f -exec chmod -x {} \+ } +do_compile_ptest() { + oe_runmake check-am +} + do_install_ptest () { cp -r ${WORKDIR}/xmlconf ${D}${PTEST_PATH} if [ "${@bb.utils.filter('PACKAGECONFIG', 'python', d)}" ]; then diff --git a/meta/recipes-core/ncurses/files/CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch b/meta/recipes-core/ncurses/files/CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch deleted file mode 100644 index a19332c4b2..0000000000 --- a/meta/recipes-core/ncurses/files/CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch +++ /dev/null @@ -1,541 +0,0 @@ -From 4bf72cb8f1d3aa5f33c31eb817a5f0338f4aaf6f Mon Sep 17 00:00:00 2001 -From: Ovidiu Panait <ovidiu.panait@windriver.com> -Date: Wed, 20 Sep 2017 05:02:00 +0000 -Subject: [PATCH] Import upstream patch 20170826 - -20170826 - + fixes for "iterm2" (report by Leonardo Brondani Schenkel) -TD - + corrected a warning from tic about keys which are the same, to skip - over missing/cancelled values. - + add check in tic for unnecessary use of "2" to denote a shifted - special key. - + improve checks in trim_sgr0, comp_parse.c and parse_entry.c, for - cancelled string capabilities. - + add check in _nc_parse_entry() for invalid entry name, setting the - name to "invalid" to avoid problems storing entries. - + add/improve checks in tic's parser to address invalid input - + add a check in comp_scan.c to handle the special case where a - nontext file ending with a NUL rather than newline is given to tic - as input (Redhat #1484274). - + allow for cancelled capabilities in _nc_save_str (Redhat #1484276). - + add validity checks for "use=" target in _nc_parse_entry (Redhat - #1484284). - + check for invalid strings in postprocess_termcap (Redhat #1484285) - + reset secondary pointers on EOF in next_char() (Redhat #1484287). - + guard _nc_safe_strcpy() and _nc_safe_strcat() against calls using - cancelled strings (Redhat #1484291). - + correct typo in curs_memleaks.3x (Sven Joachim). - + improve test/configure checks for some curses variants not based on - X/Open Curses. - + add options for test/configure to disable checks for form, menu and - panel libraries. - -Upstream-Status: Backport -CVE: CVE-2017-13732, CVE-2017-13734, CVE-2017-13730, CVE-2017-13729, CVE-2017-13728, CVE-2017-13731 - - -Author: Sven Joachim <svenjoac@gmx.de> -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - dist.mk | 4 +- - include/ncurses_defs | 4 +- - ncurses/tinfo/alloc_entry.c | 4 +- - ncurses/tinfo/comp_parse.c | 10 ++--- - ncurses/tinfo/comp_scan.c | 6 ++- - ncurses/tinfo/parse_entry.c | 91 ++++++++++++++++++++++++++++++--------------- - ncurses/tinfo/strings.c | 9 +++-- - ncurses/tinfo/trim_sgr0.c | 4 +- - progs/tic.c | 75 ++++++++++++++++++++++++++++++++++++- - 9 files changed, 157 insertions(+), 50 deletions(-) - -diff --git a/dist.mk b/dist.mk -index 9af2699..2c70472 100644 ---- a/dist.mk -+++ b/dist.mk -@@ -25,7 +25,7 @@ - # use or other dealings in this Software without prior written # - # authorization. # - ############################################################################## --# $Id: dist.mk,v 1.1172 2017/07/13 00:15:27 tom Exp $ -+# $Id: dist.mk,v 1.1179 2017/08/20 15:33:41 tom Exp $ - # Makefile for creating ncurses distributions. - # - # This only needs to be used directly as a makefile by developers, but -@@ -37,7 +37,7 @@ SHELL = /bin/sh - # These define the major/minor/patch versions of ncurses. - NCURSES_MAJOR = 6 - NCURSES_MINOR = 0 --NCURSES_PATCH = 20170715 -+NCURSES_PATCH = 20170826 - - # We don't append the patch to the version, since this only applies to releases - VERSION = $(NCURSES_MAJOR).$(NCURSES_MINOR) -diff --git a/include/ncurses_defs b/include/ncurses_defs -index e6611b7..d237db1 100644 ---- a/include/ncurses_defs -+++ b/include/ncurses_defs -@@ -1,4 +1,4 @@ --# $Id: ncurses_defs,v 1.73 2017/06/24 14:20:57 tom Exp $ -+# $Id: ncurses_defs,v 1.75 2017/08/20 16:50:04 tom Exp $ - ############################################################################## - # Copyright (c) 2000-2016,2017 Free Software Foundation, Inc. # - # # -@@ -50,7 +50,9 @@ HAVE_BSD_STRING_H - HAVE_BTOWC - HAVE_BUILTIN_H - HAVE_CHGAT 1 -+HAVE_COLOR_CONTENT 1 - HAVE_COLOR_SET 1 -+HAVE_CURSCR 1 - HAVE_DIRENT_H - HAVE_ERRNO - HAVE_FCNTL_H -diff --git a/ncurses/tinfo/alloc_entry.c b/ncurses/tinfo/alloc_entry.c -index 5de09f1..09374d6 100644 ---- a/ncurses/tinfo/alloc_entry.c -+++ b/ncurses/tinfo/alloc_entry.c -@@ -47,7 +47,7 @@ - - #include <tic.h> - --MODULE_ID("$Id: alloc_entry.c,v 1.60 2017/06/27 23:48:55 tom Exp $") -+MODULE_ID("$Id: alloc_entry.c,v 1.61 2017/08/25 09:09:08 tom Exp $") - - #define ABSENT_OFFSET -1 - #define CANCELLED_OFFSET -2 -@@ -98,7 +98,7 @@ _nc_save_str(const char *const string) - size_t old_next_free = next_free; - size_t len; - -- if (string == 0) -+ if (!VALID_STRING(string)) - return _nc_save_str(""); - len = strlen(string) + 1; - -diff --git a/ncurses/tinfo/comp_parse.c b/ncurses/tinfo/comp_parse.c -index 34e6216..580d4df 100644 ---- a/ncurses/tinfo/comp_parse.c -+++ b/ncurses/tinfo/comp_parse.c -@@ -47,7 +47,7 @@ - - #include <tic.h> - --MODULE_ID("$Id: comp_parse.c,v 1.96 2017/04/15 15:36:58 tom Exp $") -+MODULE_ID("$Id: comp_parse.c,v 1.99 2017/08/26 16:15:50 tom Exp $") - - static void sanity_check2(TERMTYPE2 *, bool); - NCURSES_IMPEXP void NCURSES_API(*_nc_check_termtype2) (TERMTYPE2 *, bool) = sanity_check2; -@@ -510,9 +510,9 @@ static void - fixup_acsc(TERMTYPE2 *tp, int literal) - { - if (!literal) { -- if (acs_chars == 0 -- && enter_alt_charset_mode != 0 -- && exit_alt_charset_mode != 0) -+ if (acs_chars == ABSENT_STRING -+ && PRESENT(enter_alt_charset_mode) -+ && PRESENT(exit_alt_charset_mode)) - acs_chars = strdup(VT_ACSC); - } - } -@@ -568,9 +568,7 @@ sanity_check2(TERMTYPE2 *tp, bool literal) - PAIRED(enter_xon_mode, exit_xon_mode); - PAIRED(enter_am_mode, exit_am_mode); - ANDMISSING(label_off, label_on); --#ifdef remove_clock - PAIRED(display_clock, remove_clock); --#endif - ANDMISSING(set_color_pair, initialize_pair); - } - -diff --git a/ncurses/tinfo/comp_scan.c b/ncurses/tinfo/comp_scan.c -index 40d7f6a..b207257 100644 ---- a/ncurses/tinfo/comp_scan.c -+++ b/ncurses/tinfo/comp_scan.c -@@ -50,7 +50,7 @@ - #include <ctype.h> - #include <tic.h> - --MODULE_ID("$Id: comp_scan.c,v 1.106 2017/04/22 11:41:12 tom Exp $") -+MODULE_ID("$Id: comp_scan.c,v 1.108 2017/08/25 22:57:21 tom Exp $") - - /* - * Maximum length of string capability we'll accept before raising an error. -@@ -168,6 +168,8 @@ next_char(void) - if (result != 0) { - FreeAndNull(result); - FreeAndNull(pushname); -+ bufptr = 0; -+ bufstart = 0; - allocated = 0; - } - /* -@@ -222,6 +224,8 @@ next_char(void) - } - if ((bufptr = bufstart) != 0) { - used = strlen(bufptr); -+ if (used == 0) -+ return (EOF); - while (iswhite(*bufptr)) { - if (*bufptr == '\t') { - _nc_curr_col = (_nc_curr_col | 7) + 1; -diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c -index 3fa2f25..bbbfcb2 100644 ---- a/ncurses/tinfo/parse_entry.c -+++ b/ncurses/tinfo/parse_entry.c -@@ -47,7 +47,7 @@ - #include <ctype.h> - #include <tic.h> - --MODULE_ID("$Id: parse_entry.c,v 1.86 2017/06/28 00:53:12 tom Exp $") -+MODULE_ID("$Id: parse_entry.c,v 1.91 2017/08/26 16:13:34 tom Exp $") - - #ifdef LINT - static short const parametrized[] = -@@ -180,6 +180,20 @@ _nc_extend_names(ENTRY * entryp, char *name, int token_type) - } - #endif /* NCURSES_XNAMES */ - -+static bool -+valid_entryname(const char *name) -+{ -+ bool result = TRUE; -+ int ch; -+ while ((ch = UChar(*name++)) != '\0') { -+ if (ch <= ' ' || ch > '~' || ch == '/') { -+ result = FALSE; -+ break; -+ } -+ } -+ return result; -+} -+ - /* - * int - * _nc_parse_entry(entry, literal, silent) -@@ -211,6 +225,7 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent) - int token_type; - struct name_table_entry const *entry_ptr; - char *ptr, *base; -+ const char *name; - bool bad_tc_usage = FALSE; - - token_type = _nc_get_token(silent); -@@ -261,7 +276,12 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent) - * results in the terminal type getting prematurely set to correspond - * to that of the next entry. - */ -- _nc_set_type(_nc_first_name(entryp->tterm.term_names)); -+ name = _nc_first_name(entryp->tterm.term_names); -+ if (!valid_entryname(name)) { -+ _nc_warning("invalid entry name \"%s\"", name); -+ name = "invalid"; -+ } -+ _nc_set_type(name); - - /* check for overly-long names and aliases */ - for (base = entryp->tterm.term_names; (ptr = strchr(base, '|')) != 0; -@@ -283,13 +303,24 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent) - bool is_use = (strcmp(_nc_curr_token.tk_name, "use") == 0); - bool is_tc = !is_use && (strcmp(_nc_curr_token.tk_name, "tc") == 0); - if (is_use || is_tc) { -+ if (!VALID_STRING(_nc_curr_token.tk_valstring) -+ || _nc_curr_token.tk_valstring[0] == '\0') { -+ _nc_warning("missing name for use-clause"); -+ continue; -+ } else if (!valid_entryname(_nc_curr_token.tk_valstring)) { -+ _nc_warning("invalid name for use-clause \"%s\"", -+ _nc_curr_token.tk_valstring); -+ continue; -+ } else if (entryp->nuses >= MAX_USES) { -+ _nc_warning("too many use-clauses, ignored \"%s\"", -+ _nc_curr_token.tk_valstring); -+ continue; -+ } - entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring); - entryp->uses[entryp->nuses].line = _nc_curr_line; -- if (VALID_STRING(entryp->uses[entryp->nuses].name)) { -- entryp->nuses++; -- if (entryp->nuses > 1 && is_tc) { -- BAD_TC_USAGE -- } -+ entryp->nuses++; -+ if (entryp->nuses > 1 && is_tc) { -+ BAD_TC_USAGE - } - } else { - /* normal token lookup */ -@@ -641,13 +672,6 @@ static const char C_BS[] = "\b"; - static const char C_HT[] = "\t"; - - /* -- * Note that WANTED and PRESENT are not simple inverses! If a capability -- * has been explicitly cancelled, it's not considered WANTED. -- */ --#define WANTED(s) ((s) == ABSENT_STRING) --#define PRESENT(s) (((s) != ABSENT_STRING) && ((s) != CANCELLED_STRING)) -- --/* - * This bit of legerdemain turns all the terminfo variable names into - * references to locations in the arrays Booleans, Numbers, and Strings --- - * precisely what's needed. -@@ -672,10 +696,10 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base) - - /* if there was a tc entry, assume we picked up defaults via that */ - if (!has_base) { -- if (WANTED(init_3string) && termcap_init2) -+ if (WANTED(init_3string) && PRESENT(termcap_init2)) - init_3string = _nc_save_str(termcap_init2); - -- if (WANTED(reset_2string) && termcap_reset) -+ if (WANTED(reset_2string) && PRESENT(termcap_reset)) - reset_2string = _nc_save_str(termcap_reset); - - if (WANTED(carriage_return)) { -@@ -790,7 +814,7 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base) - if (init_tabs != 8 && init_tabs != ABSENT_NUMERIC) - _nc_warning("hardware tabs with a width other than 8: %d", init_tabs); - else { -- if (tab && _nc_capcmp(tab, C_HT)) -+ if (PRESENT(tab) && _nc_capcmp(tab, C_HT)) - _nc_warning("hardware tabs with a non-^I tab string %s", - _nc_visbuf(tab)); - else { -@@ -867,17 +891,22 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base) - * The magic moment -- copy the mapped key string over, - * stripping out padding. - */ -- for (dp = buf2, bp = tp->Strings[from_ptr->nte_index]; *bp; bp++) { -- if (bp[0] == '$' && bp[1] == '<') { -- while (*bp && *bp != '>') { -- ++bp; -- } -- } else -- *dp++ = *bp; -- } -- *dp = '\0'; -+ bp = tp->Strings[from_ptr->nte_index]; -+ if (VALID_STRING(bp)) { -+ for (dp = buf2; *bp; bp++) { -+ if (bp[0] == '$' && bp[1] == '<') { -+ while (*bp && *bp != '>') { -+ ++bp; -+ } -+ } else -+ *dp++ = *bp; -+ } -+ *dp = '\0'; - -- tp->Strings[to_ptr->nte_index] = _nc_save_str(buf2); -+ tp->Strings[to_ptr->nte_index] = _nc_save_str(buf2); -+ } else { -+ tp->Strings[to_ptr->nte_index] = bp; -+ } - } - - /* -@@ -886,7 +915,7 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base) - * got mapped to kich1 and im to kIC to avoid a collision. - * If the description has im but not ic, hack kIC back to kich1. - */ -- if (foundim && WANTED(key_ic) && key_sic) { -+ if (foundim && WANTED(key_ic) && PRESENT(key_sic)) { - key_ic = key_sic; - key_sic = ABSENT_STRING; - } -@@ -938,9 +967,9 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base) - acs_chars = _nc_save_str(buf2); - _nc_warning("acsc string synthesized from XENIX capabilities"); - } -- } else if (acs_chars == 0 -- && enter_alt_charset_mode != 0 -- && exit_alt_charset_mode != 0) { -+ } else if (acs_chars == ABSENT_STRING -+ && PRESENT(enter_alt_charset_mode) -+ && PRESENT(exit_alt_charset_mode)) { - acs_chars = _nc_save_str(VT_ACSC); - } - } -diff --git a/ncurses/tinfo/strings.c b/ncurses/tinfo/strings.c -index 393d8e7..10ec6c8 100644 ---- a/ncurses/tinfo/strings.c -+++ b/ncurses/tinfo/strings.c -@@ -1,5 +1,5 @@ - /**************************************************************************** -- * Copyright (c) 2000-2007,2012 Free Software Foundation, Inc. * -+ * Copyright (c) 2000-2012,2017 Free Software Foundation, Inc. * - * * - * Permission is hereby granted, free of charge, to any person obtaining a * - * copy of this software and associated documentation files (the * -@@ -35,8 +35,9 @@ - **/ - - #include <curses.priv.h> -+#include <tic.h> - --MODULE_ID("$Id: strings.c,v 1.8 2012/02/22 22:34:31 tom Exp $") -+MODULE_ID("$Id: strings.c,v 1.9 2017/08/26 13:16:11 tom Exp $") - - /**************************************************************************** - * Useful string functions (especially for mvcur) -@@ -105,7 +106,7 @@ _nc_str_copy(string_desc * dst, string_desc * src) - NCURSES_EXPORT(bool) - _nc_safe_strcat(string_desc * dst, const char *src) - { -- if (src != 0) { -+ if (PRESENT(src)) { - size_t len = strlen(src); - - if (len < dst->s_size) { -@@ -126,7 +127,7 @@ _nc_safe_strcat(string_desc * dst, const char *src) - NCURSES_EXPORT(bool) - _nc_safe_strcpy(string_desc * dst, const char *src) - { -- if (src != 0) { -+ if (PRESENT(src)) { - size_t len = strlen(src); - - if (len < dst->s_size) { -diff --git a/ncurses/tinfo/trim_sgr0.c b/ncurses/tinfo/trim_sgr0.c -index 4cbcb65..4d92d15 100644 ---- a/ncurses/tinfo/trim_sgr0.c -+++ b/ncurses/tinfo/trim_sgr0.c -@@ -36,7 +36,7 @@ - - #include <tic.h> - --MODULE_ID("$Id: trim_sgr0.c,v 1.16 2017/04/05 22:33:07 tom Exp $") -+MODULE_ID("$Id: trim_sgr0.c,v 1.17 2017/08/26 14:54:16 tom Exp $") - - #undef CUR - #define CUR tp-> -@@ -263,7 +263,7 @@ _nc_trim_sgr0(TERMTYPE2 *tp) - /* - * If rmacs is a substring of sgr(0), remove that chunk. - */ -- if (exit_alt_charset_mode != 0) { -+ if (PRESENT(exit_alt_charset_mode)) { - TR(TRACE_DATABASE, ("scan for rmacs %s", _nc_visbuf(exit_alt_charset_mode))); - j = strlen(off); - k = strlen(exit_alt_charset_mode); -diff --git a/progs/tic.c b/progs/tic.c -index c5d78e5..6dd4678 100644 ---- a/progs/tic.c -+++ b/progs/tic.c -@@ -48,7 +48,7 @@ - #include <parametrized.h> - #include <transform.h> - --MODULE_ID("$Id: tic.c,v 1.233 2017/07/15 17:40:19 tom Exp $") -+MODULE_ID("$Id: tic.c,v 1.243 2017/08/26 20:56:55 tom Exp $") - - #define STDIN_NAME "<stdin>" - -@@ -62,6 +62,10 @@ static bool showsummary = FALSE; - static char **namelst = 0; - static const char *to_remove; - -+#if NCURSES_XNAMES -+static bool using_extensions = FALSE; -+#endif -+ - static void (*save_check_termtype) (TERMTYPE2 *, bool); - static void check_termtype(TERMTYPE2 *tt, bool); - -@@ -850,6 +854,7 @@ main(int argc, char *argv[]) - /* FALLTHRU */ - case 'x': - use_extended_names(TRUE); -+ using_extensions = TRUE; - break; - #endif - default: -@@ -2405,10 +2410,17 @@ check_conflict(TERMTYPE2 *tp) - const char *a = given[j].value; - bool first = TRUE; - -+ if (!VALID_STRING(a)) -+ continue; -+ - for (k = j + 1; given[k].keycode; k++) { - const char *b = given[k].value; -+ -+ if (!VALID_STRING(b)) -+ continue; - if (check[k]) - continue; -+ - if (!_nc_capcmp(a, b)) { - check[j] = 1; - check[k] = 1; -@@ -2431,6 +2443,67 @@ check_conflict(TERMTYPE2 *tp) - if (!first) - fprintf(stderr, "\n"); - } -+#if NCURSES_XNAMES -+ if (using_extensions) { -+ /* *INDENT-OFF* */ -+ static struct { -+ const char *xcurses; -+ const char *shifted; -+ } table[] = { -+ { "kDC", NULL }, -+ { "kDN", "kind" }, -+ { "kEND", NULL }, -+ { "kHOM", NULL }, -+ { "kLFT", NULL }, -+ { "kNXT", NULL }, -+ { "kPRV", NULL }, -+ { "kRIT", NULL }, -+ { "kUP", "kri" }, -+ { NULL, NULL }, -+ }; -+ /* *INDENT-ON* */ -+ -+ /* -+ * SVr4 curses defines the "xcurses" names listed above except for -+ * the special cases in the "shifted" column. When using these -+ * names for xterm's extensions, that was confusing, and resulted -+ * in adding extended capabilities with "2" (shift) suffix. This -+ * check warns about unnecessary use of extensions for this quirk. -+ */ -+ for (j = 0; given[j].keycode; ++j) { -+ const char *find = given[j].name; -+ int value; -+ char ch; -+ -+ if (!VALID_STRING(given[j].value)) -+ continue; -+ -+ for (k = 0; table[k].xcurses; ++k) { -+ const char *test = table[k].xcurses; -+ size_t size = strlen(test); -+ -+ if (!strncmp(find, test, size) && strcmp(find, test)) { -+ switch (sscanf(find + size, "%d%c", &value, &ch)) { -+ case 1: -+ if (value == 2) { -+ _nc_warning("expected '%s' rather than '%s'", -+ (table[k].shifted -+ ? table[k].shifted -+ : test), find); -+ } else if (value < 2 || value > 15) { -+ _nc_warning("expected numeric 2..15 '%s'", find); -+ } -+ break; -+ default: -+ _nc_warning("expected numeric suffix for '%s'", find); -+ break; -+ } -+ break; -+ } -+ } -+ } -+ } -+#endif - free(given); - free(check); - } --- -2.10.2 - diff --git a/meta/recipes-core/ncurses/ncurses.inc b/meta/recipes-core/ncurses/ncurses.inc index 1f21cd413d..01e41d5f73 100644 --- a/meta/recipes-core/ncurses/ncurses.inc +++ b/meta/recipes-core/ncurses/ncurses.inc @@ -13,7 +13,7 @@ BINCONFIG = "${bindir}/ncurses5-config ${bindir}/ncursesw5-config \ inherit autotools binconfig-disabled multilib_header pkgconfig # Upstream has useful patches at times at ftp://invisible-island.net/ncurses/ -SRC_URI = "git://anonscm.debian.org/collab-maint/ncurses.git" +SRC_URI = "git://salsa.debian.org/debian/ncurses.git;protocol=https" EXTRA_AUTORECONF = "-I m4" CONFIG_SITE =+ "${WORKDIR}/config.cache" @@ -59,6 +59,7 @@ EX_TERMCAP_class-nativesdk = ":/etc/termcap:/usr/share/misc/termcap" EX_TERMINFO = "" EX_TERMINFO_class-native = ":/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo" EX_TERMINFO_class-nativesdk = ":/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo" +EX_TERMLIB ?= "tinfo" # Helper function for do_configure to allow multiple configurations # $1 the directory to run configure in @@ -80,7 +81,7 @@ ncurses_configure() { --disable-big-core \ --program-prefix= \ --with-ticlib \ - --with-termlib=tinfo \ + --with-termlib=${EX_TERMLIB} \ --enable-sigwinch \ --enable-pc-files \ --disable-rpath-hack \ @@ -201,7 +202,10 @@ do_install() { ln -sf xterm-color ${D}${sysconfdir}/terminfo/x/xterm fi - rm -f ${D}${libdir}/terminfo + # When changing ${libdir} to e.g. /usr/lib/myawesomelib/ ncurses + # still installs '/usr/lib/terminfo', so try to rm both + # the proper path and a slightly hardcoded one + rm -f ${D}${libdir}/terminfo ${D}${prefix}/lib/terminfo # create linker scripts for libcurses.so and libncurses to # link against -ltinfo when needed. Some builds might break @@ -227,7 +231,7 @@ do_install() { if [ ! -d "${D}${base_libdir}" ]; then # Setting base_libdir to libdir as is done in the -native # case will skip this code - mkdir ${D}${base_libdir} + mkdir -p ${D}${base_libdir} mv ${D}${libdir}/libncurses.so.* ${D}${base_libdir} ! ${ENABLE_WIDEC} || \ mv ${D}${libdir}/libncursesw.so.* ${D}${base_libdir} diff --git a/meta/recipes-core/ncurses/ncurses_6.0+20170715.bb b/meta/recipes-core/ncurses/ncurses_6.0+20171125.bb index d1da5d16e0..6c4b96f428 100644 --- a/meta/recipes-core/ncurses/ncurses_6.0+20170715.bb +++ b/meta/recipes-core/ncurses/ncurses_6.0+20171125.bb @@ -3,10 +3,9 @@ require ncurses.inc SRC_URI += "file://0001-tic-hang.patch \ file://0002-configure-reproducible.patch \ file://config.cache \ - file://CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch \ " # commit id corresponds to the revision in package version -SRCREV = "52681a6a1a18b4d6eb1a716512d0dd827bd71c87" +SRCREV = "5d849e836052459901cfe0b85a0b2939ff8d2b2a" S = "${WORKDIR}/git" EXTRA_OECONF += "--with-abi-version=5" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+(\+\d+)*)" diff --git a/meta/recipes-core/os-release/os-release.bb b/meta/recipes-core/os-release/os-release.bb index f988704756..7f3d9cba00 100644 --- a/meta/recipes-core/os-release/os-release.bb +++ b/meta/recipes-core/os-release/os-release.bb @@ -1,7 +1,7 @@ inherit allarch SUMMARY = "Operating system identification" -DESCRIPTION = "The /etc/os-release file contains operating system identification data." +DESCRIPTION = "The /usr/lib/os-release file contains operating system identification data." LICENSE = "MIT" INHIBIT_DEFAULT_DEPS = "1" @@ -42,6 +42,9 @@ python do_compile () { do_compile[vardeps] += "${OS_RELEASE_FIELDS}" do_install () { - install -d ${D}${sysconfdir} - install -m 0644 os-release ${D}${sysconfdir}/ + install -d ${D}${nonarch_libdir} ${D}${sysconfdir} + install -m 0644 os-release ${D}${nonarch_libdir}/ + lnr ${D}${nonarch_libdir}/os-release ${D}${sysconfdir}/os-release } + +FILES_${PN} += "${nonarch_libdir}/os-release" diff --git a/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch b/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch new file mode 100644 index 0000000000..342fcc6231 --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch @@ -0,0 +1,71 @@ +From 9fce4bab014b9aa618060eba13d6dd04b0fa1b70 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek <lersek@redhat.com> +Date: Fri, 2 Mar 2018 17:11:52 +0100 +Subject: [PATCH 1/4] BaseTools/header.makefile: add "-Wno-stringop-truncation" + +gcc-8 (which is part of Fedora 28) enables the new warning +"-Wstringop-truncation" in "-Wall". This warning is documented in detail +at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the +introduction says + +> Warn for calls to bounded string manipulation functions such as strncat, +> strncpy, and stpncpy that may either truncate the copied string or leave +> the destination unchanged. + +It breaks the BaseTools build with: + +> EfiUtilityMsgs.c: In function 'PrintMessage': +> EfiUtilityMsgs.c:484:9: error: 'strncat' output may be truncated copying +> between 0 and 511 bytes from a string of length 511 +> [-Werror=stringop-truncation] +> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> EfiUtilityMsgs.c:469:9: error: 'strncat' output may be truncated copying +> between 0 and 511 bytes from a string of length 511 +> [-Werror=stringop-truncation] +> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> EfiUtilityMsgs.c:511:5: error: 'strncat' output may be truncated copying +> between 0 and 511 bytes from a string of length 511 +> [-Werror=stringop-truncation] +> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The right way to fix the warning would be to implement string concat with +snprintf(). However, Microsoft does not appear to support snprintf() +before VS2015 +<https://stackoverflow.com/questions/2915672/snprintf-and-visual-studio-2010>, +so we just have to shut up the warning. The strncat() calls flagged above +are valid BTW. + +Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Cc: Cole Robinson <crobinso@redhat.com> +Cc: Liming Gao <liming.gao@intel.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: Yonghong Zhu <yonghong.zhu@intel.com> +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Liming Gao <liming.gao@intel.com> +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport + + BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: git/BaseTools/Source/C/Makefiles/header.makefile +=================================================================== +--- git.orig/BaseTools/Source/C/Makefiles/header.makefile ++++ git/BaseTools/Source/C/Makefiles/header.makefile +@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) + BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
+ endif
+ BUILD_LFLAGS = $(LDFLAGS)
+ BUILD_CXXFLAGS += -Wno-unused-result
diff --git a/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch new file mode 100644 index 0000000000..a076665c33 --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch @@ -0,0 +1,102 @@ +From 86dbdac5a25bd23deb4a0e0a97b527407e02184d Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek <lersek@redhat.com> +Date: Fri, 2 Mar 2018 17:11:52 +0100 +Subject: [PATCH 2/4] BaseTools/header.makefile: add "-Wno-restrict" + +gcc-8 (which is part of Fedora 28) enables the new warning +"-Wrestrict" in "-Wall". This warning is documented in detail +at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the +introduction says + +> Warn when an object referenced by a restrict-qualified parameter (or, in +> C++, a __restrict-qualified parameter) is aliased by another argument, +> or when copies between such objects overlap. + +It breaks the BaseTools build (in the Brotli compression library) with: + +> In function 'ProcessCommandsInternal', +> inlined from 'ProcessCommands' at dec/decode.c:1828:10: +> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631 +> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at +> offset 16 [-Werror=restrict] +> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16)); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> In function 'ProcessCommandsInternal', +> inlined from 'SafeProcessCommands' at dec/decode.c:1833:10: +> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631 +> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at +> offset 16 [-Werror=restrict] +> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16)); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Paolo Bonzini <pbonzini@redhat.com> analyzed the Brotli source in detail, +and concluded that the warning is a false positive: + +> This seems safe to me, because it's preceded by: +> +> uint8_t* copy_dst = &s->ringbuffer[pos]; +> uint8_t* copy_src = &s->ringbuffer[src_start]; +> int dst_end = pos + i; +> int src_end = src_start + i; +> if (src_end > pos && dst_end > src_start) { +> /* Regions intersect. */ +> goto CommandPostWrapCopy; +> } +> +> If [src_start, src_start + i) and [pos, pos + i) don't intersect, then +> neither do [src_start + 16, src_start + i) and [pos + 16, pos + i). +> +> The if seems okay: +> +> (src_start + i > pos && pos + i > src_start) +> +> which can be rewritten to: +> +> (pos < src_start + i && src_start < pos + i) +> +> Then the numbers are in one of these two orders: +> +> pos <= src_start < pos + i <= src_start + i +> src_start <= pos < src_start + i <= pos + i +> +> These two would be allowed by the "if", but they can only happen if pos +> == src_start so they degenerate to the same two orders above: +> +> pos <= src_start < src_start + i <= pos + i +> src_start <= pos < pos + i <= src_start + i +> +> So it is a false positive in GCC. + +Disable the warning for now. + +Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Cc: Cole Robinson <crobinso@redhat.com> +Cc: Liming Gao <liming.gao@intel.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: Yonghong Zhu <yonghong.zhu@intel.com> +Reported-by: Cole Robinson <crobinso@redhat.com> +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Liming Gao <liming.gao@intel.com> +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport + BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: git/BaseTools/Source/C/Makefiles/header.makefile +=================================================================== +--- git.orig/BaseTools/Source/C/Makefiles/header.makefile ++++ git/BaseTools/Source/C/Makefiles/header.makefile +@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) + BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
+ endif
+ BUILD_LFLAGS = $(LDFLAGS)
+ BUILD_CXXFLAGS += -Wno-unused-result
diff --git a/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch b/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch new file mode 100644 index 0000000000..920723e326 --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch @@ -0,0 +1,53 @@ +From 6866325dd9c17412e555974dde41f9631224db52 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek <lersek@redhat.com> +Date: Wed, 7 Mar 2018 10:17:28 +0100 +Subject: [PATCH 3/4] BaseTools/header.makefile: revert gcc-8 "-Wno-xxx" + options on OSX + +I recently added the gcc-8 specific "-Wno-stringop-truncation" and +"-Wno-restrict" options to BUILD_CFLAGS, both for "Darwin" (XCODE5 / +clang, OSX) and otherwise (gcc, Linux / Cygwin). + +I also regression-tested the change with gcc-4.8 on Linux -- gcc-4.8 does +not know either of the (gcc-8 specific) "-Wno-stringop-truncation" and +"-Wno-restrict" options, yet the build completed fine (by GCC design). + +Regarding OSX, my expectation was that + +- XCODE5 / clang would either recognize these warnings options (because + clang does recognize most -W options of gcc), + +- or, similarly to gcc, clang would simply ignore the "-Wno-xxx" flags + that it didn't recognize. + +Neither is the case; the new flags have broken the BaseTools build on OSX. +Revert them (for OSX only). + +Cc: Liming Gao <liming.gao@intel.com> +Cc: Yonghong Zhu <yonghong.zhu@intel.com> +Reported-by: Liming Gao <liming.gao@intel.com> +Fixes: 1d212a83df0eaf32a6f5d4159beb2d77832e0231 +Fixes: 9222154ae7b3eef75ae88cdb56158256227cb929 +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Liming Gao <liming.gao@intel.com> +Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport + BaseTools/Source/C/Makefiles/header.makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: git/BaseTools/Source/C/Makefiles/header.makefile +=================================================================== +--- git.orig/BaseTools/Source/C/Makefiles/header.makefile ++++ git/BaseTools/Source/C/Makefiles/header.makefile +@@ -47,7 +47,7 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) + BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+ BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
+ endif
diff --git a/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch b/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch new file mode 100644 index 0000000000..7ad7cdf0ce --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch @@ -0,0 +1,66 @@ +From dfb42a5bff78d9239a80731e337855234badef3e Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek <lersek@redhat.com> +Date: Fri, 2 Mar 2018 17:11:52 +0100 +Subject: [PATCH 4/4] BaseTools/GenVtf: silence false "stringop-overflow" + warning with memcpy() + +gcc-8 (which is part of Fedora 28) enables the new warning +"-Wstringop-overflow" in "-Wall". This warning is documented in detail at +<https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the +introduction says + +> Warn for calls to string manipulation functions such as memcpy and +> strcpy that are determined to overflow the destination buffer. + +It breaks the BaseTools build with: + +> GenVtf.c: In function 'ConvertVersionInfo': +> GenVtf.c:132:7: error: 'strncpy' specified bound depends on the length +> of the source argument [-Werror=stringop-overflow=] +> strncpy (TemStr + 4 - Length, Str, Length); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> GenVtf.c:130:14: note: length computed here +> Length = strlen(Str); +> ^~~~~~~~~~~ + +It is a false positive because, while the bound equals the length of the +source argument, the destination pointer is moved back towards the +beginning of the destination buffer by the same amount (and this amount is +range-checked first, so we can't precede the start of the dest buffer). + +Replace both strncpy() calls with memcpy(). + +Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Cc: Cole Robinson <crobinso@redhat.com> +Cc: Liming Gao <liming.gao@intel.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: Yonghong Zhu <yonghong.zhu@intel.com> +Reported-by: Cole Robinson <crobinso@redhat.com> +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Liming Gao <liming.gao@intel.com> +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport + BaseTools/Source/C/GenVtf/GenVtf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/BaseTools/Source/C/GenVtf/GenVtf.c b/BaseTools/Source/C/GenVtf/GenVtf.c +index 2ae9a7be2c..0cd33e71e9 100644 +--- a/BaseTools/Source/C/GenVtf/GenVtf.c ++++ b/BaseTools/Source/C/GenVtf/GenVtf.c +@@ -129,9 +129,9 @@ Returns: + } else {
+ Length = strlen(Str);
+ if (Length < 4) {
+- strncpy (TemStr + 4 - Length, Str, Length);
++ memcpy (TemStr + 4 - Length, Str, Length);
+ } else {
+- strncpy (TemStr, Str + Length - 4, 4);
++ memcpy (TemStr, Str + Length - 4, 4);
+ }
+
+ sscanf (
+-- +2.17.0 + diff --git a/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch b/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch index 959b1c649c..25e5b58e70 100644 --- a/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch +++ b/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch @@ -17,4 +17,4 @@ Index: git/BaseTools/Conf/tools_def.template +DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -fno-stack-protector -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -fno-PIE -no-pie
DEFINE GCC44_X64_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables
- DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20
+ DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20 -no-pie
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index fa0d66291d..fe0850cc03 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb @@ -19,6 +19,10 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \ file://0004-ovmf-enable-long-path-file.patch \ file://VfrCompile-increase-path-length-limit.patch \ file://no-stack-protector-all-archs.patch \ + file://0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch \ + file://0002-BaseTools-header.makefile-add-Wno-restrict.patch \ + file://0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch \ + file://0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" @@ -35,7 +39,7 @@ SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6eb inherit deploy -PARALLEL_MAKE_class-native = "" +PARALLEL_MAKE = "" S = "${WORKDIR}/git" diff --git a/meta/recipes-core/systemd/systemd_234.bb b/meta/recipes-core/systemd/systemd_234.bb index 9ce27bf67a..6c248e8828 100644 --- a/meta/recipes-core/systemd/systemd_234.bb +++ b/meta/recipes-core/systemd/systemd_234.bb @@ -344,7 +344,7 @@ USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--sys USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /bin/nologin systemd-coredump;', '', d)}" USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'resolved', '--system -d / -M --shell /bin/nologin systemd-resolve;', '', d)}" USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;', '', d)}" -GROUPADD_PARAM_${PN} = "-r lock; -r systemd-journal" +GROUPADD_PARAM_${PN} = "-r systemd-journal" USERADD_PARAM_${PN}-extra-utils += "--system -d / -M --shell /bin/nologin systemd-bus-proxy;" FILES_${PN}-analyze = "${bindir}/systemd-analyze" diff --git a/meta/recipes-core/util-linux/util-linux/no_getrandom.patch b/meta/recipes-core/util-linux/util-linux/no_getrandom.patch deleted file mode 100644 index b9fa1cace4..0000000000 --- a/meta/recipes-core/util-linux/util-linux/no_getrandom.patch +++ /dev/null @@ -1,21 +0,0 @@ -getrandom() is only available in glibc 2.25+ and uninative may relocate -binaries onto systems that don't have this function. For now, force the -code to the older codepath until we can come up with a better solution -for this kind of issue. - -Upstream-Status: Inappropriate -RP -2016/8/15 - -Index: util-linux-2.30/configure.ac -=================================================================== ---- util-linux-2.30.orig/configure.ac -+++ util-linux-2.30/configure.ac -@@ -399,7 +399,6 @@ AC_CHECK_FUNCS([ \ - getdtablesize \ - getexecname \ - getmntinfo \ -- getrandom \ - getrlimit \ - getsgnam \ - inotify_init \ diff --git a/meta/recipes-core/util-linux/util-linux_2.30.bb b/meta/recipes-core/util-linux/util-linux_2.30.bb index 39449d9ac9..6b309b555f 100644 --- a/meta/recipes-core/util-linux/util-linux_2.30.bb +++ b/meta/recipes-core/util-linux/util-linux_2.30.bb @@ -15,7 +15,6 @@ SRC_URI += "file://configure-sbindir.patch \ file://display_testname_for_subtest.patch \ file://avoid_parallel_tests.patch \ " -SRC_URI_append_class-native = " file://no_getrandom.patch" SRC_URI[md5sum] = "eaa3429150268027908a1b8ae6ee9a62" SRC_URI[sha256sum] = "c208a4ff6906cb7f57940aa5bc3a6eed146e50a7cc0a092f52ef2ab65057a08d" diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index 07a72e2b5a..eccb12828e 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc @@ -18,7 +18,7 @@ BINUPV = "${@binutils_branch_version(d)}" UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)" -SRCREV ?= "90276f15379d380761fc499da2ba24cfb3c12a94" +SRCREV ?= "8efd17cb25686c51b9db6531ae2fbeb2e6ef2399" BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=binutils-${BINUPV}-branch;protocol=git" SRC_URI = "\ ${BINUTILS_GIT_URI} \ @@ -35,6 +35,48 @@ SRC_URI = "\ file://0013-fix-the-incorrect-assembling-for-ppc-wait-mnemonic.patch \ file://0014-Detect-64-bit-MIPS-targets.patch \ file://0015-sync-with-OE-libtool-changes.patch \ + file://CVE-2017-17124.patch \ + file://CVE-2017-14930.patch \ + file://CVE-2017-14932.patch \ + file://CVE-2017-14933_p1.patch \ + file://CVE-2017-14933_p2.patch \ + file://CVE-2017-14934.patch \ + file://CVE-2017-14938.patch \ + file://CVE-2017-14939.patch \ + file://CVE-2017-14940.patch \ + file://CVE-2017-15021.patch \ + file://CVE-2017-15022.patch \ + file://CVE-2017-15023.patch \ + file://CVE-2017-15024.patch \ + file://CVE-2017-15025.patch \ + file://CVE-2017-15225.patch \ + file://CVE-2017-15939.patch \ + file://CVE-2017-15996.patch \ + file://CVE-2017-16826.patch \ + file://CVE-2017-16827.patch \ + file://CVE-2017-16828_p1.patch \ + file://CVE-2017-16828_p2.patch \ + file://CVE-2017-16829.patch \ + file://CVE-2017-16830.patch \ + file://CVE-2017-16831.patch \ + file://CVE-2017-16832.patch \ + file://CVE-2017-17080.patch \ + file://CVE-2017-17121.patch \ + file://CVE-2017-17122.patch \ + file://CVE-2017-17125.patch \ + file://CVE-2017-17123.patch \ + file://CVE-2018-10372.patch \ + file://CVE-2018-10373.patch \ + file://CVE-2018-10534.patch \ + file://CVE-2018-10535.patch \ + file://CVE-2018-13033.patch \ + file://CVE-2018-6323.patch \ + file://CVE-2018-6759.patch \ + file://CVE-2018-7208.patch \ + file://CVE-2018-7568_p1.patch \ + file://CVE-2018-7568_p2.patch \ + file://CVE-2018-7569.patch \ + file://CVE-2018-7642.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14930.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14930.patch new file mode 100644 index 0000000000..bbd267a959 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14930.patch @@ -0,0 +1,53 @@ +From a26a013f22a19e2c16729e64f40ef8a7dfcc086e Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 17:10:14 +0930 +Subject: [PATCH] PR22191, memory leak in dwarf2.c + +table->sequences is a linked list before it is replaced by a bfd_alloc +array in sort_line_sequences. + + PR 22191 + * dwarf2.c (decode_line_info): Properly free line sequences on error. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14930 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/dwarf2.c | 8 ++++++-- + 2 files changed, 11 insertions(+), 2 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -2473,8 +2473,12 @@ decode_line_info (struct comp_unit *unit + return table; + + fail: +- if (table->sequences != NULL) +- free (table->sequences); ++ while (table->sequences != NULL) ++ { ++ struct line_sequence* seq = table->sequences; ++ table->sequences = table->sequences->prev_sequence; ++ free (seq); ++ } + if (table->files != NULL) + free (table->files); + if (table->dirs != NULL) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,8 @@ ++2017-09-24 Alan Modra <amodra@gmail.com> ++ ++ PR 22191 ++ * dwarf2.c (decode_line_info): Properly free line sequences on error. ++ + 2017-11-28 Nick Clifton <nickc@redhat.com> + + PR 22507 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14932.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14932.patch new file mode 100644 index 0000000000..a436031dc2 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14932.patch @@ -0,0 +1,46 @@ +From e338894dc2e603683bed2172e8e9f25b29051005 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 26 Sep 2017 09:32:18 +0930 +Subject: [PATCH] PR22204, Lack of DW_LNE_end_sequence causes "infinite" loop + + PR 22204 + * dwarf2.c (decode_line_info): Ensure line_ptr stays within + bounds in inner loop. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14932 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/dwarf2.c | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -2269,7 +2269,7 @@ decode_line_info (struct comp_unit *unit + bfd_vma high_pc = 0; + + /* Decode the table. */ +- while (! end_sequence) ++ while (!end_sequence && line_ptr < line_end) + { + op_code = read_1_byte (abfd, line_ptr, line_end); + line_ptr += 1; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-09-26 Alan Modra <amodra@gmail.com> ++ ++ PR 22204 ++ * dwarf2.c (decode_line_info): Ensure line_ptr stays within ++ bounds in inner loop. ++ + 2017-09-24 Alan Modra <amodra@gmail.com> + + PR 22191 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch new file mode 100644 index 0000000000..9df8138401 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch @@ -0,0 +1,58 @@ +From 30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 26 Sep 2017 14:37:47 +0100 +Subject: [PATCH] Avoid needless resource usage when processing a corrupt DWARF + directory or file name table. + + PR 22210 + * dwarf2.c (read_formatted_entries): Fail early if we know that + the loop parsing data entries will overflow the end of the + section. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14933 #1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/dwarf2.c | 10 ++++++++++ + 2 files changed, 17 insertions(+) + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-26 Nick Clifton <nickc@redhat.com> ++ ++ PR 22210 ++ * dwarf2.c (read_formatted_entries): Fail early if we know that ++ the loop parsing data entries will overflow the end of the ++ section. ++ + 2017-09-26 Alan Modra <amodra@gmail.com> + + PR 22204 +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -1933,6 +1933,17 @@ read_formatted_entries (struct comp_unit + + data_count = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, buf_end); + buf += bytes_read; ++ ++ /* PR 22210. Paranoia check. Don't bother running the loop ++ if we know that we are going to run out of buffer. */ ++ if (data_count > (bfd_vma) (buf_end - buf)) ++ { ++ _bfd_error_handler (_("Dwarf Error: data count (%Lx) larger than buffer size."), ++ data_count); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } ++ + for (datai = 0; datai < data_count; datai++) + { + bfd_byte *format = format_header_data; diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch new file mode 100644 index 0000000000..607d92f3d4 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch @@ -0,0 +1,102 @@ +From 33e0a9a056bd23e923b929a4f2ab049ade0b1c32 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 26 Sep 2017 23:20:06 +0930 +Subject: [PATCH] Tidy reading data in read_formatted_entries + +Using read_attribute_value accomplishes two things: It checks for +unexpected formats, and ensures the buffer pointer always increments. + + PR 22210 + * dwarf2.c (read_formatted_entries): Use read_attribute_value to + read data. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14933 #2 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/dwarf2.c | 37 +++++++------------------------------ + 2 files changed, 13 insertions(+), 30 deletions(-) + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-09-26 Alan Modra <amodra@gmail.com> ++ ++ PR 22210 ++ * dwarf2.c (read_formatted_entries): Use read_attribute_value to ++ read data. ++ + 2017-09-26 Nick Clifton <nickc@redhat.com> + + PR 22210 +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -1955,6 +1955,7 @@ read_formatted_entries (struct comp_unit + char *string_trash; + char **stringp = &string_trash; + unsigned int uint_trash, *uintp = &uint_trash; ++ struct attribute attr; + + content_type = _bfd_safe_read_leb128 (abfd, format, &bytes_read, + FALSE, buf_end); +@@ -1986,47 +1987,23 @@ read_formatted_entries (struct comp_unit + form = _bfd_safe_read_leb128 (abfd, format, &bytes_read, FALSE, + buf_end); + format += bytes_read; ++ ++ buf = read_attribute_value (&attr, form, 0, unit, buf, buf_end); ++ if (buf == NULL) ++ return FALSE; + switch (form) + { + case DW_FORM_string: +- *stringp = read_string (abfd, buf, buf_end, &bytes_read); +- buf += bytes_read; +- break; +- + case DW_FORM_line_strp: +- *stringp = read_indirect_line_string (unit, buf, buf_end, &bytes_read); +- buf += bytes_read; ++ *stringp = attr.u.str; + break; + + case DW_FORM_data1: +- *uintp = read_1_byte (abfd, buf, buf_end); +- buf += 1; +- break; +- + case DW_FORM_data2: +- *uintp = read_2_bytes (abfd, buf, buf_end); +- buf += 2; +- break; +- + case DW_FORM_data4: +- *uintp = read_4_bytes (abfd, buf, buf_end); +- buf += 4; +- break; +- + case DW_FORM_data8: +- *uintp = read_8_bytes (abfd, buf, buf_end); +- buf += 8; +- break; +- + case DW_FORM_udata: +- *uintp = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, +- buf_end); +- buf += bytes_read; +- break; +- +- case DW_FORM_block: +- /* It is valid only for DW_LNCT_timestamp which is ignored by +- current GDB. */ ++ *uintp = attr.u.val; + break; + } + } diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch new file mode 100644 index 0000000000..57733f08cf --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch @@ -0,0 +1,63 @@ +From 19485196044b2521af979f1e5c4a89bfb90fba0b Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 27 Sep 2017 10:42:51 +0100 +Subject: [PATCH] Prevent an infinite loop in the DWARF parsing code when + encountering a CU structure with a small negative size. + + PR 22219 + * dwarf.c (process_debug_info): Add a check for a negative + cu_length field. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14934 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 6 ++++++ + binutils/dwarf.c | 11 ++++++++++- + 2 files changed, 16 insertions(+), 1 deletion(-) + +Index: git/binutils/dwarf.c +=================================================================== +--- git.orig/binutils/dwarf.c ++++ git/binutils/dwarf.c +@@ -2547,7 +2547,7 @@ process_debug_info (struct dwarf_section + int level, last_level, saved_level; + dwarf_vma cu_offset; + unsigned int offset_size; +- int initial_length_size; ++ unsigned int initial_length_size; + dwarf_vma signature_high = 0; + dwarf_vma signature_low = 0; + dwarf_vma type_offset = 0; +@@ -2695,6 +2695,15 @@ process_debug_info (struct dwarf_section + num_units = unit; + break; + } ++ else if (compunit.cu_length + initial_length_size < initial_length_size) ++ { ++ warn (_("Debug info is corrupted, length of CU at %s is negative (%s)\n"), ++ dwarf_vmatoa ("x", cu_offset), ++ dwarf_vmatoa ("x", compunit.cu_length)); ++ num_units = unit; ++ break; ++ } ++ + tags = hdrptr; + start += compunit.cu_length + initial_length_size; + +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,9 @@ ++2017-09-27 Nick Clifton <nickc@redhat.com> ++ ++ PR 22219 ++ * dwarf.c (process_debug_info): Add a check for a negative ++ cu_length field. ++ + 2017-11-01 Alan Modra <amodra@gmail.com> + + Apply from master diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch new file mode 100644 index 0000000000..e62c73c06d --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch @@ -0,0 +1,64 @@ +From bd61e135492ecf624880e6b78e5fcde3c9716df6 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 14:34:57 +0930 +Subject: [PATCH] PR22166, SHT_GNU_verneed memory allocation + +The sanity check covers the previous minimim size, plus that the size +is at least enough for sh_info verneed entries. + +Also, since we write all verneed fields or exit with an error, there +isn't any need to zero the memory allocated for verneed entries. + + PR 22166 + * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on + SHT_GNU_verneed section for sanity. Don't zalloc memory for + verref. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14938 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/elf.c | 5 +++-- + 2 files changed, 10 insertions(+), 2 deletions(-) + +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c ++++ git/bfd/elf.c +@@ -8198,7 +8198,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd + + hdr = &elf_tdata (abfd)->dynverref_hdr; + +- if (hdr->sh_info == 0 || hdr->sh_size < sizeof (Elf_External_Verneed)) ++ if (hdr->sh_info == 0 ++ || hdr->sh_info > hdr->sh_size / sizeof (Elf_External_Verneed)) + { + error_return_bad_verref: + _bfd_error_handler +@@ -8219,7 +8220,7 @@ error_return_verref: + goto error_return_verref; + + elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) +- bfd_zalloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed)); ++ bfd_alloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed)); + + if (elf_tdata (abfd)->verref == NULL) + goto error_return_verref; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-24 Alan Modra <amodra@gmail.com> ++ ++ PR 22166 ++ * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on ++ SHT_GNU_verneed section for sanity. Don't zalloc memory for ++ verref. ++ + 2017-09-26 Alan Modra <amodra@gmail.com> + + PR 22210 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14939.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14939.patch new file mode 100644 index 0000000000..d1e4c3e609 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14939.patch @@ -0,0 +1,56 @@ +From 515f23e63c0074ab531bc954f84ca40c6281a724 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 14:36:16 +0930 +Subject: [PATCH] PR22169, heap-based buffer overflow in read_1_byte + +The .debug_line header length field doesn't include the length field +itself, ie. it's the size of the rest of .debug_line. + + PR 22169 + * dwarf2.c (decode_line_info): Correct .debug_line unit_length check. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14939 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/dwarf2.c | 7 ++++--- + 2 files changed, 9 insertions(+), 3 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -2084,12 +2084,13 @@ decode_line_info (struct comp_unit *unit + offset_size = 8; + } + +- if (unit->line_offset + lh.total_length > stash->dwarf_line_size) ++ if (lh.total_length > (size_t) (line_end - line_ptr)) + { + _bfd_error_handler + /* xgettext: c-format */ +- (_("Dwarf Error: Line info data is bigger (%#Lx) than the space remaining in the section (%#Lx)"), +- lh.total_length, stash->dwarf_line_size - unit->line_offset); ++ (_("Dwarf Error: Line info data is bigger (%#Lx)" ++ " than the space remaining in the section (%#lx)"), ++ lh.total_length, (unsigned long) (line_end - line_ptr)); + bfd_set_error (bfd_error_bad_value); + return NULL; + } +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,9 @@ + 2017-09-24 Alan Modra <amodra@gmail.com> ++ ++ PR 22169 ++ * dwarf2.c (decode_line_info): Correct .debug_line unit_length check. ++ ++2017-09-24 Alan Modra <amodra@gmail.com> + + PR 22166 + * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14940.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14940.patch new file mode 100644 index 0000000000..49b0bdc546 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14940.patch @@ -0,0 +1,47 @@ +From 0d76029f92182c3682d8be2c833d45bc9a2068fe Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 14:35:33 +0930 +Subject: [PATCH] PR22167, NULL pointer dereference in scan_unit_for_symbols + + PR 22167 + * dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14940 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/dwarf2.c | 3 ++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -3202,7 +3202,8 @@ scan_unit_for_symbols (struct comp_unit + case DW_FORM_block2: + case DW_FORM_block4: + case DW_FORM_exprloc: +- if (*attr.u.blk->data == DW_OP_addr) ++ if (attr.u.blk->data != NULL ++ && *attr.u.blk->data == DW_OP_addr) + { + var->stack = 0; + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,5 +1,10 @@ + 2017-09-24 Alan Modra <amodra@gmail.com> + ++ PR 22167 ++ * dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL. ++ ++2017-09-24 Alan Modra <amodra@gmail.com> ++ + PR 22169 + * dwarf2.c (decode_line_info): Correct .debug_line unit_length check. + diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch new file mode 100644 index 0000000000..caca7b107e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch @@ -0,0 +1,48 @@ +From 52b36c51e5bf6d7600fdc6ba115b170b0e78e31d Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 21:36:18 +0930 +Subject: [PATCH] PR22197, buffer overflow in bfd_get_debug_link_info_1 + + PR 22197 + * opncls.c (bfd_get_debug_link_info_1): Properly check that crc is + within section bounds. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15021 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/opncls.c | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +Index: git/bfd/opncls.c +=================================================================== +--- git.orig/bfd/opncls.c ++++ git/bfd/opncls.c +@@ -1200,7 +1200,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo + /* PR 17597: avoid reading off the end of the buffer. */ + crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1; + crc_offset = (crc_offset + 3) & ~3; +- if (crc_offset >= bfd_get_section_size (sect)) ++ if (crc_offset + 4 > bfd_get_section_size (sect)) + return NULL; + + *crc32 = bfd_get_32 (abfd, contents + crc_offset); +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,5 +1,11 @@ + 2017-09-24 Alan Modra <amodra@gmail.com> + ++ PR 22197 ++ * opncls.c (bfd_get_debug_link_info_1): Properly check that crc is ++ within section bounds. ++ ++2017-09-24 Alan Modra <amodra@gmail.com> ++ + PR 22167 + * dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL. + diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15022.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15022.patch new file mode 100644 index 0000000000..c9acfa7853 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15022.patch @@ -0,0 +1,61 @@ +From 11855d8a1f11b102a702ab76e95b22082cccf2f8 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Mon, 25 Sep 2017 19:46:34 +0930 +Subject: [PATCH] PR22201, DW_AT_name with out of bounds reference + +DW_AT_name ought to always have a string value. + + PR 22201 + * dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it + has string form. + (parse_comp_unit): Likewise. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15022 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/dwarf2.c | 6 ++++-- + 2 files changed, 11 insertions(+), 2 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -3177,7 +3177,8 @@ scan_unit_for_symbols (struct comp_unit + switch (attr.name) + { + case DW_AT_name: +- var->name = attr.u.str; ++ if (is_str_attr (attr.form)) ++ var->name = attr.u.str; + break; + + case DW_AT_decl_file: +@@ -3429,7 +3430,8 @@ parse_comp_unit (struct dwarf2_debug *st + break; + + case DW_AT_name: +- unit->name = attr.u.str; ++ if (is_str_attr (attr.form)) ++ unit->name = attr.u.str; + break; + + case DW_AT_low_pc: +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-25 Alan Modra <amodra@gmail.com> ++ ++ PR 22201 ++ * dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it ++ has string form. ++ (parse_comp_unit): Likewise. ++ + 2017-09-24 Alan Modra <amodra@gmail.com> + + PR 22197 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch new file mode 100644 index 0000000000..9439b7b55f --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch @@ -0,0 +1,52 @@ +From c361faae8d964db951b7100cada4dcdc983df1bf Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Mon, 25 Sep 2017 19:03:46 +0930 +Subject: [PATCH] PR22200, DWARF5 .debug_line sanity check + +The format_count entry can't be zero unless the count is also zero. + + PR 22200 + * dwarf2.c (read_formatted_entries): Error on format_count zero. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15023 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/dwarf2.c | 7 +++++++ + 2 files changed, 12 insertions(+) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -1934,6 +1934,13 @@ read_formatted_entries (struct comp_unit + data_count = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, buf_end); + buf += bytes_read; + ++ if (format_count == 0 && data_count != 0) ++ { ++ _bfd_error_handler (_("Dwarf Error: Zero format count.")); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } ++ + /* PR 22210. Paranoia check. Don't bother running the loop + if we know that we are going to run out of buffer. */ + if (data_count > (bfd_vma) (buf_end - buf)) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,9 @@ + 2017-09-25 Alan Modra <amodra@gmail.com> ++ ++ PR 22200 ++ * dwarf2.c (read_formatted_entries): Error on format_count zero. ++ ++2017-09-25 Alan Modra <amodra@gmail.com> + + PR 22201 + * dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch new file mode 100644 index 0000000000..53b072ebaf --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch @@ -0,0 +1,227 @@ +From 52a93b95ec0771c97e26f0bb28630a271a667bd2 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 14:37:16 +0930 +Subject: [PATCH] PR22187, infinite loop in find_abstract_instance_name + +This patch prevents the simple case of infinite recursion in +find_abstract_instance_name by ensuring that the attributes being +processed are not the same as the previous call. + +The patch also does a little cleanup, and leaves in place some changes +to the nested_funcs array that I made when I wrongly thought looping +might occur in scan_unit_for_symbols. + + PR 22187 + * dwarf2.c (find_abstract_instance_name): Add orig_info_ptr and + pname param. Return status. Make name const. Don't abort, + return an error. Formatting. Exit if current info_ptr matches + orig_info_ptr. Update callers. + (scan_unit_for_symbols): Start at nesting_level of zero. Make + nested_funcs an array of structs for extensibility. Formatting. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15024 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 10 ++++++++ + bfd/dwarf2.c | 76 +++++++++++++++++++++++++++++++++++++++-------------------- + 2 files changed, 61 insertions(+), 25 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -2823,9 +2823,11 @@ lookup_symbol_in_variable_table (struct + return FALSE; + } + +-static char * ++static bfd_boolean + find_abstract_instance_name (struct comp_unit *unit, ++ bfd_byte *orig_info_ptr, + struct attribute *attr_ptr, ++ const char **pname, + bfd_boolean *is_linkage) + { + bfd *abfd = unit->abfd; +@@ -2835,7 +2837,7 @@ find_abstract_instance_name (struct comp + struct abbrev_info *abbrev; + bfd_uint64_t die_ref = attr_ptr->u.val; + struct attribute attr; +- char *name = NULL; ++ const char *name = NULL; + + /* DW_FORM_ref_addr can reference an entry in a different CU. It + is an offset from the .debug_info section, not the current CU. */ +@@ -2844,7 +2846,12 @@ find_abstract_instance_name (struct comp + /* We only support DW_FORM_ref_addr within the same file, so + any relocations should be resolved already. */ + if (!die_ref) +- abort (); ++ { ++ _bfd_error_handler ++ (_("Dwarf Error: Abstract instance DIE ref zero.")); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } + + info_ptr = unit->sec_info_ptr + die_ref; + info_ptr_end = unit->end_ptr; +@@ -2879,9 +2886,10 @@ find_abstract_instance_name (struct comp + _bfd_error_handler + (_("Dwarf Error: Unable to read alt ref %u."), die_ref); + bfd_set_error (bfd_error_bad_value); +- return NULL; ++ return FALSE; + } +- info_ptr_end = unit->stash->alt_dwarf_info_buffer + unit->stash->alt_dwarf_info_size; ++ info_ptr_end = (unit->stash->alt_dwarf_info_buffer ++ + unit->stash->alt_dwarf_info_size); + + /* FIXME: Do we need to locate the correct CU, in a similar + fashion to the code in the DW_FORM_ref_addr case above ? */ +@@ -2904,6 +2912,7 @@ find_abstract_instance_name (struct comp + _bfd_error_handler + (_("Dwarf Error: Could not find abbrev number %u."), abbrev_number); + bfd_set_error (bfd_error_bad_value); ++ return FALSE; + } + else + { +@@ -2913,6 +2922,15 @@ find_abstract_instance_name (struct comp + info_ptr, info_ptr_end); + if (info_ptr == NULL) + break; ++ /* It doesn't ever make sense for DW_AT_specification to ++ refer to the same DIE. Stop simple recursion. */ ++ if (info_ptr == orig_info_ptr) ++ { ++ _bfd_error_handler ++ (_("Dwarf Error: Abstract instance recursion detected.")); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } + switch (attr.name) + { + case DW_AT_name: +@@ -2926,7 +2944,9 @@ find_abstract_instance_name (struct comp + } + break; + case DW_AT_specification: +- name = find_abstract_instance_name (unit, &attr, is_linkage); ++ if (!find_abstract_instance_name (unit, info_ptr, &attr, ++ pname, is_linkage)) ++ return FALSE; + break; + case DW_AT_linkage_name: + case DW_AT_MIPS_linkage_name: +@@ -2944,7 +2964,8 @@ find_abstract_instance_name (struct comp + } + } + } +- return name; ++ *pname = name; ++ return TRUE; + } + + static bfd_boolean +@@ -3005,20 +3026,22 @@ scan_unit_for_symbols (struct comp_unit + bfd *abfd = unit->abfd; + bfd_byte *info_ptr = unit->first_child_die_ptr; + bfd_byte *info_ptr_end = unit->stash->info_ptr_end; +- int nesting_level = 1; +- struct funcinfo **nested_funcs; ++ int nesting_level = 0; ++ struct nest_funcinfo { ++ struct funcinfo *func; ++ } *nested_funcs; + int nested_funcs_size; + + /* Maintain a stack of in-scope functions and inlined functions, which we + can use to set the caller_func field. */ + nested_funcs_size = 32; +- nested_funcs = (struct funcinfo **) +- bfd_malloc (nested_funcs_size * sizeof (struct funcinfo *)); ++ nested_funcs = (struct nest_funcinfo *) ++ bfd_malloc (nested_funcs_size * sizeof (*nested_funcs)); + if (nested_funcs == NULL) + return FALSE; +- nested_funcs[nesting_level] = 0; ++ nested_funcs[nesting_level].func = 0; + +- while (nesting_level) ++ while (nesting_level >= 0) + { + unsigned int abbrev_number, bytes_read, i; + struct abbrev_info *abbrev; +@@ -3076,13 +3099,13 @@ scan_unit_for_symbols (struct comp_unit + BFD_ASSERT (!unit->cached); + + if (func->tag == DW_TAG_inlined_subroutine) +- for (i = nesting_level - 1; i >= 1; i--) +- if (nested_funcs[i]) ++ for (i = nesting_level; i-- != 0; ) ++ if (nested_funcs[i].func) + { +- func->caller_func = nested_funcs[i]; ++ func->caller_func = nested_funcs[i].func; + break; + } +- nested_funcs[nesting_level] = func; ++ nested_funcs[nesting_level].func = func; + } + else + { +@@ -3102,12 +3125,13 @@ scan_unit_for_symbols (struct comp_unit + } + + /* No inline function in scope at this nesting level. */ +- nested_funcs[nesting_level] = 0; ++ nested_funcs[nesting_level].func = 0; + } + + for (i = 0; i < abbrev->num_attrs; ++i) + { +- info_ptr = read_attribute (&attr, &abbrev->attrs[i], unit, info_ptr, info_ptr_end); ++ info_ptr = read_attribute (&attr, &abbrev->attrs[i], ++ unit, info_ptr, info_ptr_end); + if (info_ptr == NULL) + goto fail; + +@@ -3126,8 +3150,10 @@ scan_unit_for_symbols (struct comp_unit + + case DW_AT_abstract_origin: + case DW_AT_specification: +- func->name = find_abstract_instance_name (unit, &attr, +- &func->is_linkage); ++ if (!find_abstract_instance_name (unit, info_ptr, &attr, ++ &func->name, ++ &func->is_linkage)) ++ goto fail; + break; + + case DW_AT_name: +@@ -3254,17 +3280,17 @@ scan_unit_for_symbols (struct comp_unit + + if (nesting_level >= nested_funcs_size) + { +- struct funcinfo **tmp; ++ struct nest_funcinfo *tmp; + + nested_funcs_size *= 2; +- tmp = (struct funcinfo **) ++ tmp = (struct nest_funcinfo *) + bfd_realloc (nested_funcs, +- nested_funcs_size * sizeof (struct funcinfo *)); ++ nested_funcs_size * sizeof (*nested_funcs)); + if (tmp == NULL) + goto fail; + nested_funcs = tmp; + } +- nested_funcs[nesting_level] = 0; ++ nested_funcs[nesting_level].func = 0; + } + } + diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15025.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15025.patch new file mode 100644 index 0000000000..ce5315976a --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15025.patch @@ -0,0 +1,47 @@ +From d8010d3e75ec7194a4703774090b27486b742d48 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 14:36:48 +0930 +Subject: [PATCH] PR22186, divide-by-zero in decode_line_info + + PR 22186 + * dwarf2.c (decode_line_info): Fail on lh.line_range of zero + rather than dividing by zero. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15025 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/dwarf2.c | 2 ++ + 2 files changed, 8 insertions(+) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -2432,6 +2432,8 @@ decode_line_info (struct comp_unit *unit + case DW_LNS_set_basic_block: + break; + case DW_LNS_const_add_pc: ++ if (lh.line_range == 0) ++ goto line_fail; + if (lh.maximum_ops_per_insn == 1) + address += (lh.minimum_instruction_length + * ((255 - lh.opcode_base) / lh.line_range)); +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-24 Alan Modra <amodra@gmail.com> ++ ++ PR 22186 ++ * dwarf2.c (decode_line_info): Fail on lh.line_range of zero ++ rather than dividing by zero. ++ ++ + 2017-09-25 Alan Modra <amodra@gmail.com> + + PR 22200 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15225.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15225.patch new file mode 100644 index 0000000000..2ef3f53737 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15225.patch @@ -0,0 +1,48 @@ +From b55ec8b676ed05d93ee49d6c79ae0403616c4fb0 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Mon, 9 Oct 2017 13:21:44 +1030 +Subject: [PATCH] PR22212, memory leak in nm + + PR 22212 + * dwarf2.c (_bfd_dwarf2_cleanup_debug_info): Free + funcinfo_hash_table and varinfo_hash_table. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15225 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/dwarf2.c | 4 ++++ + 2 files changed, 10 insertions(+) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -4932,6 +4932,10 @@ _bfd_dwarf2_cleanup_debug_info (bfd *abf + } + } + ++ if (stash->funcinfo_hash_table) ++ bfd_hash_table_free (&stash->funcinfo_hash_table->base); ++ if (stash->varinfo_hash_table) ++ bfd_hash_table_free (&stash->varinfo_hash_table->base); + if (stash->dwarf_abbrev_buffer) + free (stash->dwarf_abbrev_buffer); + if (stash->dwarf_line_buffer) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-10-09 Alan Modra <amodra@gmail.com> ++ ++ PR 22212 ++ * dwarf2.c (_bfd_dwarf2_cleanup_debug_info): Free ++ funcinfo_hash_table and varinfo_hash_table. ++ + 2017-09-24 Alan Modra <amodra@gmail.com> + + PR 22186 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15939.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15939.patch new file mode 100644 index 0000000000..bccad763f4 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15939.patch @@ -0,0 +1,113 @@ +From a54018b72d75abf2e74bf36016702da06399c1d9 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 26 Sep 2017 09:38:26 +0930 +Subject: [PATCH] PR22205, .debug_line file table NULL filename + +The PR22200 fuzzer testcase found one way to put NULLs into .debug_line +file tables. PR22205 finds another. This patch gives up on trying to +prevent NULL files in the file table and instead just copes with them. +Arguably, this is better than giving up and showing no info from +.debug_line. I've also fixed a case where the fairly recent DWARF5 +support in handling broken DWARG could result in uninitialized memory +reads, and made a small tidy. + + PR 22205 + * dwarf2.c (concat_filename): Return "<unknown>" on NULL filename. + (read_formatted_entries): Init "fe". + (decode_line_info <DW_LNE_define_file>): Use line_info_add_file_name. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15939 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/dwarf2.c | 35 +++++++++++++---------------------- + 2 files changed, 20 insertions(+), 22 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -1597,6 +1597,8 @@ concat_filename (struct line_info_table + } + + filename = table->files[file - 1].name; ++ if (filename == NULL) ++ return strdup ("<unknown>"); + + if (!IS_ABSOLUTE_PATH (filename)) + { +@@ -1956,6 +1958,7 @@ read_formatted_entries (struct comp_unit + bfd_byte *format = format_header_data; + struct fileinfo fe; + ++ memset (&fe, 0, sizeof fe); + for (formati = 0; formati < format_count; formati++) + { + bfd_vma content_type, form; +@@ -2256,6 +2259,7 @@ decode_line_info (struct comp_unit *unit + unsigned int discriminator = 0; + int is_stmt = lh.default_is_stmt; + int end_sequence = 0; ++ unsigned int dir, xtime, size; + /* eraxxon@alumni.rice.edu: Against the DWARF2 specs, some + compilers generate address sequences that are wildly out of + order using DW_LNE_set_address (e.g. Intel C++ 6.0 compiler +@@ -2330,31 +2334,18 @@ decode_line_info (struct comp_unit *unit + case DW_LNE_define_file: + cur_file = read_string (abfd, line_ptr, line_end, &bytes_read); + line_ptr += bytes_read; +- if ((table->num_files % FILE_ALLOC_CHUNK) == 0) +- { +- struct fileinfo *tmp; +- +- amt = table->num_files + FILE_ALLOC_CHUNK; +- amt *= sizeof (struct fileinfo); +- tmp = (struct fileinfo *) bfd_realloc (table->files, amt); +- if (tmp == NULL) +- goto line_fail; +- table->files = tmp; +- } +- table->files[table->num_files].name = cur_file; +- table->files[table->num_files].dir = +- _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, +- FALSE, line_end); ++ dir = _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, ++ FALSE, line_end); + line_ptr += bytes_read; +- table->files[table->num_files].time = +- _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, +- FALSE, line_end); ++ xtime = _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, ++ FALSE, line_end); + line_ptr += bytes_read; +- table->files[table->num_files].size = +- _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, +- FALSE, line_end); ++ size = _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, ++ FALSE, line_end); + line_ptr += bytes_read; +- table->num_files++; ++ if (!line_info_add_file_name (table, cur_file, dir, ++ xtime, size)) ++ goto line_fail; + break; + case DW_LNE_set_discriminator: + discriminator = +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-26 Alan Modra <amodra@gmail.com> ++ ++ PR 22205 ++ * dwarf2.c (concat_filename): Return "<unknown>" on NULL filename. ++ (read_formatted_entries): Init "fe". ++ (decode_line_info <DW_LNE_define_file>): Use line_info_add_file_name. ++ + 2017-10-09 Alan Modra <amodra@gmail.com> + + PR 22212 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15996.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15996.patch new file mode 100644 index 0000000000..dab8380e33 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15996.patch @@ -0,0 +1,84 @@ +From d91f0b20e561e326ee91a09a76206257bde8438b Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sat, 28 Oct 2017 21:31:16 +1030 +Subject: [PATCH] PR22361 readelf buffer overflow on fuzzed archive header + + PR 22361 + * readelf.c (process_archive_index_and_symbols): Ensure ar_size + field is zero terminated for strtoul. + (setup_archive, get_archive_member_name): Likewise. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15996 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 7 +++++++ + binutils/elfcomm.c | 11 +++++++++++ + 2 files changed, 18 insertions(+) + +Index: git/binutils/elfcomm.c +=================================================================== +--- git.orig/binutils/elfcomm.c ++++ git/binutils/elfcomm.c +@@ -466,8 +466,12 @@ process_archive_index_and_symbols (struc + { + size_t got; + unsigned long size; ++ char fmag_save; + ++ fmag_save = arch->arhdr.ar_fmag[0]; ++ arch->arhdr.ar_fmag[0] = 0; + size = strtoul (arch->arhdr.ar_size, NULL, 10); ++ arch->arhdr.ar_fmag[0] = fmag_save; + /* PR 17531: file: 912bd7de. */ + if ((signed long) size < 0) + { +@@ -655,7 +659,10 @@ setup_archive (struct archive_info *arch + if (const_strneq (arch->arhdr.ar_name, "// ")) + { + /* This is the archive string table holding long member names. */ ++ char fmag_save = arch->arhdr.ar_fmag[0]; ++ arch->arhdr.ar_fmag[0] = 0; + arch->longnames_size = strtoul (arch->arhdr.ar_size, NULL, 10); ++ arch->arhdr.ar_fmag[0] = fmag_save; + /* PR 17531: file: 01068045. */ + if (arch->longnames_size < 8) + { +@@ -758,6 +765,7 @@ get_archive_member_name (struct archive_ + char *endp; + char *member_file_name; + char *member_name; ++ char fmag_save; + + if (arch->longnames == NULL || arch->longnames_size == 0) + { +@@ -766,9 +774,12 @@ get_archive_member_name (struct archive_ + } + + arch->nested_member_origin = 0; ++ fmag_save = arch->arhdr.ar_fmag[0]; ++ arch->arhdr.ar_fmag[0] = 0; + k = j = strtoul (arch->arhdr.ar_name + 1, &endp, 10); + if (arch->is_thin_archive && endp != NULL && * endp == ':') + arch->nested_member_origin = strtoul (endp + 1, NULL, 10); ++ arch->arhdr.ar_fmag[0] = fmag_save; + + if (j > arch->longnames_size) + { +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-10-28 Alan Modra <amodra@gmail.com> ++ ++ PR 22361 ++ * readelf.c (process_archive_index_and_symbols): Ensure ar_size ++ field is zero terminated for strtoul. ++ (setup_archive, get_archive_member_name): Likewise. ++ + 2017-09-26 Alan Modra <amodra@gmail.com> + + PR 22205 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch new file mode 100644 index 0000000000..bb24ba8834 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch @@ -0,0 +1,53 @@ +From a67d66eb97e7613a38ffe6622d837303b3ecd31d Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 1 Nov 2017 15:21:46 +0000 +Subject: [PATCH] Prevent illegal memory accesses when attempting to read + excessively large COFF line number tables. + + PR 22376 + * coffcode.h (coff_slurp_line_table): Check for an excessively + large line number count. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16826 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/coffcode.h | 8 ++++++++ + 2 files changed, 14 insertions(+) + +Index: git/bfd/coffcode.h +=================================================================== +--- git.orig/bfd/coffcode.h ++++ git/bfd/coffcode.h +@@ -4578,6 +4578,14 @@ coff_slurp_line_table (bfd *abfd, asecti + + BFD_ASSERT (asect->lineno == NULL); + ++ if (asect->lineno_count > asect->size) ++ { ++ _bfd_error_handler ++ (_("%B: warning: line number count (%#lx) exceeds section size (%#lx)"), ++ abfd, (unsigned long) asect->lineno_count, (unsigned long) asect->size); ++ return FALSE; ++ } ++ + amt = ((bfd_size_type) asect->lineno_count + 1) * sizeof (alent); + lineno_cache = (alent *) bfd_alloc (abfd, amt); + if (lineno_cache == NULL) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-11-01 Nick Clifton <nickc@redhat.com> ++ ++ PR 22376 ++ * coffcode.h (coff_slurp_line_table): Check for an excessively ++ large line number count. ++ + 2017-10-28 Alan Modra <amodra@gmail.com> + + PR 22361 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16827.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16827.patch new file mode 100644 index 0000000000..dbc577c8e0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16827.patch @@ -0,0 +1,95 @@ +From 0301ce1486b1450f219202677f30d0fa97335419 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 17 Oct 2017 16:43:47 +1030 +Subject: [PATCH] PR22306, Invalid free() in slurp_symtab() + + PR 22306 + * aoutx.h (aout_get_external_symbols): Handle stringsize of zero, + and error for any other size that doesn't cover the header word. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16827 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/aoutx.h | 45 ++++++++++++++++++++++++++++++--------------- + 2 files changed, 36 insertions(+), 15 deletions(-) + +Index: git/bfd/aoutx.h +=================================================================== +--- git.orig/bfd/aoutx.h ++++ git/bfd/aoutx.h +@@ -1352,27 +1352,42 @@ aout_get_external_symbols (bfd *abfd) + || bfd_bread ((void *) string_chars, amt, abfd) != amt) + return FALSE; + stringsize = GET_WORD (abfd, string_chars); ++ if (stringsize == 0) ++ stringsize = 1; ++ else if (stringsize < BYTES_IN_WORD ++ || (size_t) stringsize != stringsize) ++ { ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } + + #ifdef USE_MMAP +- if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize, +- &obj_aout_string_window (abfd), TRUE)) +- return FALSE; +- strings = (char *) obj_aout_string_window (abfd).data; +-#else +- strings = (char *) bfd_malloc (stringsize + 1); +- if (strings == NULL) +- return FALSE; +- +- /* Skip space for the string count in the buffer for convenience +- when using indexes. */ +- amt = stringsize - BYTES_IN_WORD; +- if (bfd_bread (strings + BYTES_IN_WORD, amt, abfd) != amt) ++ if (stringsize >= BYTES_IN_WORD) + { +- free (strings); +- return FALSE; ++ if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize, ++ &obj_aout_string_window (abfd), TRUE)) ++ return FALSE; ++ strings = (char *) obj_aout_string_window (abfd).data; + } ++ else + #endif ++ { ++ strings = (char *) bfd_malloc (stringsize); ++ if (strings == NULL) ++ return FALSE; + ++ if (stringsize >= BYTES_IN_WORD) ++ { ++ /* Keep the string count in the buffer for convenience ++ when indexing with e_strx. */ ++ amt = stringsize - BYTES_IN_WORD; ++ if (bfd_bread (strings + BYTES_IN_WORD, amt, abfd) != amt) ++ { ++ free (strings); ++ return FALSE; ++ } ++ } ++ } + /* Ensure that a zero index yields an empty string. */ + strings[0] = '\0'; + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-10-17 Alan Modra <amodra@gmail.com> ++ ++ PR 22306 ++ * aoutx.h (aout_get_external_symbols): Handle stringsize of zero, ++ and error for any other size that doesn't cover the header word. ++ + 2017-11-01 Nick Clifton <nickc@redhat.com> + + PR 22376 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p1.patch new file mode 100644 index 0000000000..310908f86d --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p1.patch @@ -0,0 +1,79 @@ +From 9c0f3d3f2017829ffd908c9893b85094985c3b58 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Thu, 5 Oct 2017 17:32:18 +1030 +Subject: [PATCH] PR22239 - invalid memory read in display_debug_frames + +Pointer comparisons have traps for the unwary. After adding a large +unknown value to "start", the test "start < end" depends on where +"start" is originally in memory. + + PR 22239 + * dwarf.c (read_cie): Don't compare "start" and "end" pointers + after adding a possibly wild length to "start", compare the length + to the difference of the pointers instead. Remove now redundant + "negative" length test. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16828 patch1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 8 ++++++++ + binutils/dwarf.c | 15 ++++----------- + 2 files changed, 12 insertions(+), 11 deletions(-) + +Index: git/binutils/dwarf.c +=================================================================== +--- git.orig/binutils/dwarf.c ++++ git/binutils/dwarf.c +@@ -6652,14 +6652,14 @@ read_cie (unsigned char *start, unsigned + { + READ_ULEB (augmentation_data_len); + augmentation_data = start; +- start += augmentation_data_len; + /* PR 17512: file: 11042-2589-0.004. */ +- if (start > end) ++ if (augmentation_data_len > (size_t) (end - start)) + { + warn (_("Augmentation data too long: %#lx, expected at most %#lx\n"), +- augmentation_data_len, (long)((end - start) + augmentation_data_len)); ++ augmentation_data_len, (unsigned long) (end - start)); + return end; + } ++ start += augmentation_data_len; + } + + if (augmentation_data_len) +@@ -6672,14 +6672,7 @@ read_cie (unsigned char *start, unsigned + q = augmentation_data; + qend = q + augmentation_data_len; + +- /* PR 17531: file: 015adfaa. */ +- if (qend < q) +- { +- warn (_("Negative augmentation data length: 0x%lx"), augmentation_data_len); +- augmentation_data_len = 0; +- } +- +- while (p < end && q < augmentation_data + augmentation_data_len) ++ while (p < end && q < qend) + { + if (*p == 'L') + q++; +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,11 @@ ++2017-10-05 Alan Modra <amodra@gmail.com> ++ ++ PR 22239 ++ * dwarf.c (read_cie): Don't compare "start" and "end" pointers ++ after adding a possibly wild length to "start", compare the length ++ to the difference of the pointers instead. Remove now redundant ++ "negative" length test. ++ + 2017-09-27 Nick Clifton <nickc@redhat.com> + + PR 22219 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p2.patch new file mode 100644 index 0000000000..5073d31ce0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p2.patch @@ -0,0 +1,149 @@ +From bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Fri, 3 Nov 2017 13:57:15 +0000 +Subject: [PATCH] Fix integer overflow problems when reading an ELF binary with + corrupt augmentation data. + + PR 22386 + * dwarf.c (read_cie): Use bfd_size_type for + augmentation_data_len. + (display_augmentation_data): New function. + (display_debug_frames): Use it. + Check for integer overflow when testing augmentation_data_len. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16828 patch2 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 10 +++++++++ + binutils/dwarf.c | 65 +++++++++++++++++++++++++++++++++--------------------- + 2 files changed, 50 insertions(+), 25 deletions(-) + +Index: git/binutils/dwarf.c +=================================================================== +--- git.orig/binutils/dwarf.c ++++ git/binutils/dwarf.c +@@ -6577,13 +6577,13 @@ frame_display_row (Frame_Chunk *fc, int + static unsigned char * + read_cie (unsigned char *start, unsigned char *end, + Frame_Chunk **p_cie, int *p_version, +- unsigned long *p_aug_len, unsigned char **p_aug) ++ bfd_size_type *p_aug_len, unsigned char **p_aug) + { + int version; + Frame_Chunk *fc; + unsigned int length_return; + unsigned char *augmentation_data = NULL; +- unsigned long augmentation_data_len = 0; ++ bfd_size_type augmentation_data_len = 0; + + * p_cie = NULL; + /* PR 17512: file: 001-228113-0.004. */ +@@ -6653,10 +6653,11 @@ read_cie (unsigned char *start, unsigned + READ_ULEB (augmentation_data_len); + augmentation_data = start; + /* PR 17512: file: 11042-2589-0.004. */ +- if (augmentation_data_len > (size_t) (end - start)) ++ if (augmentation_data_len > (bfd_size_type) (end - start)) + { +- warn (_("Augmentation data too long: %#lx, expected at most %#lx\n"), +- augmentation_data_len, (unsigned long) (end - start)); ++ warn (_("Augmentation data too long: 0x%s, expected at most %#lx\n"), ++ dwarf_vmatoa ("x", augmentation_data_len), ++ (unsigned long) (end - start)); + return end; + } + start += augmentation_data_len; +@@ -6701,6 +6702,31 @@ read_cie (unsigned char *start, unsigned + return start; + } + ++/* Prints out the contents on the augmentation data array. ++ If do_wide is not enabled, then formats the output to fit into 80 columns. */ ++ ++static void ++display_augmentation_data (const unsigned char * data, const bfd_size_type len) ++{ ++ bfd_size_type i; ++ ++ i = printf (_(" Augmentation data: ")); ++ ++ if (do_wide || len < ((80 - i) / 3)) ++ for (i = 0; i < len; ++i) ++ printf (" %02x", data[i]); ++ else ++ { ++ for (i = 0; i < len; ++i) ++ { ++ if (i % (80 / 3) == 0) ++ putchar ('\n'); ++ printf (" %02x", data[i]); ++ } ++ } ++ putchar ('\n'); ++} ++ + static int + display_debug_frames (struct dwarf_section *section, + void *file ATTRIBUTE_UNUSED) +@@ -6729,7 +6755,7 @@ display_debug_frames (struct dwarf_secti + Frame_Chunk *cie; + int need_col_headers = 1; + unsigned char *augmentation_data = NULL; +- unsigned long augmentation_data_len = 0; ++ bfd_size_type augmentation_data_len = 0; + unsigned int encoded_ptr_size = saved_eh_addr_size; + unsigned int offset_size; + unsigned int initial_length_size; +@@ -6823,16 +6849,8 @@ display_debug_frames (struct dwarf_secti + printf (" Return address column: %d\n", fc->ra); + + if (augmentation_data_len) +- { +- unsigned long i; ++ display_augmentation_data (augmentation_data, augmentation_data_len); + +- printf (" Augmentation data: "); +- for (i = 0; i < augmentation_data_len; ++i) +- /* FIXME: If do_wide is FALSE, then we should +- add carriage returns at 80 columns... */ +- printf (" %02x", augmentation_data[i]); +- putchar ('\n'); +- } + putchar ('\n'); + } + } +@@ -6988,11 +7006,13 @@ display_debug_frames (struct dwarf_secti + READ_ULEB (augmentation_data_len); + augmentation_data = start; + start += augmentation_data_len; +- /* PR 17512: file: 722-8446-0.004. */ +- if (start >= end || ((signed long) augmentation_data_len) < 0) ++ /* PR 17512 file: 722-8446-0.004 and PR 22386. */ ++ if (start >= end ++ || ((bfd_signed_vma) augmentation_data_len) < 0 ++ || augmentation_data > start) + { +- warn (_("Corrupt augmentation data length: %lx\n"), +- augmentation_data_len); ++ warn (_("Corrupt augmentation data length: 0x%s\n"), ++ dwarf_vmatoa ("x", augmentation_data_len)); + start = end; + augmentation_data = NULL; + augmentation_data_len = 0; +@@ -7014,12 +7034,7 @@ display_debug_frames (struct dwarf_secti + + if (! do_debug_frames_interp && augmentation_data_len) + { +- unsigned long i; +- +- printf (" Augmentation data: "); +- for (i = 0; i < augmentation_data_len; ++i) +- printf (" %02x", augmentation_data[i]); +- putchar ('\n'); ++ display_augmentation_data (augmentation_data, augmentation_data_len); + putchar ('\n'); + } + } diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16829.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16829.patch new file mode 100644 index 0000000000..f9410e2728 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16829.patch @@ -0,0 +1,82 @@ +From cf54ebff3b7361989712fd9c0128a9b255578163 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 17 Oct 2017 21:57:29 +1030 +Subject: [PATCH] PR22307, Heap out of bounds read in + _bfd_elf_parse_gnu_properties + +When adding an unbounded increment to a pointer, you can't just check +against the end of the buffer but also must check that overflow +doesn't result in "negative" pointer movement. Pointer comparisons +are signed. Better, check the increment against the space left using +an unsigned comparison. + + PR 22307 + * elf-properties.c (_bfd_elf_parse_gnu_properties): Compare datasz + against size left rather than comparing pointers. Reorganise loop. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16829 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/elf-properties.c | 18 +++++++++--------- + 2 files changed, 15 insertions(+), 9 deletions(-) + +Index: git/bfd/elf-properties.c +=================================================================== +--- git.orig/bfd/elf-properties.c ++++ git/bfd/elf-properties.c +@@ -93,15 +93,20 @@ bad_size: + return FALSE; + } + +- while (1) ++ while (ptr != ptr_end) + { +- unsigned int type = bfd_h_get_32 (abfd, ptr); +- unsigned int datasz = bfd_h_get_32 (abfd, ptr + 4); ++ unsigned int type; ++ unsigned int datasz; + elf_property *prop; + ++ if ((size_t) (ptr_end - ptr) < 8) ++ goto bad_size; ++ ++ type = bfd_h_get_32 (abfd, ptr); ++ datasz = bfd_h_get_32 (abfd, ptr + 4); + ptr += 8; + +- if ((ptr + datasz) > ptr_end) ++ if (datasz > (size_t) (ptr_end - ptr)) + { + _bfd_error_handler + (_("warning: %B: corrupt GNU_PROPERTY_TYPE (%ld) type (0x%x) datasz: 0x%x"), +@@ -182,11 +187,6 @@ bad_size: + + next: + ptr += (datasz + (align_size - 1)) & ~ (align_size - 1); +- if (ptr == ptr_end) +- break; +- +- if (ptr > (ptr_end - 8)) +- goto bad_size; + } + + return TRUE; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,10 @@ + 2017-10-17 Alan Modra <amodra@gmail.com> ++ ++ PR 22307 ++ * elf-properties.c (_bfd_elf_parse_gnu_properties): Compare datasz ++ against size left rather than comparing pointers. Reorganise loop. ++ ++2017-10-17 Alan Modra <amodra@gmail.com> + + PR 22306 + * aoutx.h (aout_get_external_symbols): Handle stringsize of zero, diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch new file mode 100644 index 0000000000..1382c8e3e7 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch @@ -0,0 +1,91 @@ +From 6ab2c4ed51f9c4243691755e1b1d2149c6a426f4 Mon Sep 17 00:00:00 2001 +From: Mingi Cho <mgcho.minic@gmail.com> +Date: Thu, 2 Nov 2017 17:01:08 +0000 +Subject: [PATCH] Work around integer overflows when readelf is checking for + corrupt ELF notes when run on a 32-bit host. + + PR 22384 + * readelf.c (print_gnu_property_note): Improve overflow checks so + that they will work on a 32-bit host. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16830 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 6 ++++++ + binutils/readelf.c | 33 +++++++++++++++++---------------- + 2 files changed, 23 insertions(+), 16 deletions(-) + +Index: git/binutils/readelf.c +=================================================================== +--- git.orig/binutils/readelf.c ++++ git/binutils/readelf.c +@@ -16431,15 +16431,24 @@ print_gnu_property_note (Elf_Internal_No + return; + } + +- while (1) ++ while (ptr < ptr_end) + { + unsigned int j; +- unsigned int type = byte_get (ptr, 4); +- unsigned int datasz = byte_get (ptr + 4, 4); ++ unsigned int type; ++ unsigned int datasz; ++ ++ if ((size_t) (ptr_end - ptr) < 8) ++ { ++ printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz); ++ break; ++ } ++ ++ type = byte_get (ptr, 4); ++ datasz = byte_get (ptr + 4, 4); + + ptr += 8; + +- if ((ptr + datasz) > ptr_end) ++ if (datasz > (size_t) (ptr_end - ptr)) + { + printf (_("<corrupt type (%#x) datasz: %#x>\n"), + type, datasz); +@@ -16520,19 +16529,11 @@ next: + ptr += ((datasz + (size - 1)) & ~ (size - 1)); + if (ptr == ptr_end) + break; +- else +- { +- if (do_wide) +- printf (", "); +- else +- printf ("\n\t"); +- } + +- if (ptr > (ptr_end - 8)) +- { +- printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz); +- break; +- } ++ if (do_wide) ++ printf (", "); ++ else ++ printf ("\n\t"); + } + + printf ("\n"); +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,9 @@ ++2017-11-02 Mingi Cho <mgcho.minic@gmail.com> ++ ++ PR 22384 ++ * readelf.c (print_gnu_property_note): Improve overflow checks so ++ that they will work on a 32-bit host. ++ + 2017-10-05 Alan Modra <amodra@gmail.com> + + PR 22239 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16831.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16831.patch new file mode 100644 index 0000000000..7acd5e0f2f --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16831.patch @@ -0,0 +1,77 @@ +From 6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Fri, 3 Nov 2017 11:55:21 +0000 +Subject: [PATCH] Fix excessive memory allocation attempts and possible integer + overfloaws when attempting to read a COFF binary with a corrupt symbol count. + + PR 22385 + * coffgen.c (_bfd_coff_get_external_symbols): Check for an + overlarge raw syment count. + (coff_get_normalized_symtab): Likewise. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16831 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 8 ++++++++ + bfd/coffgen.c | 17 +++++++++++++++-- + 2 files changed, 23 insertions(+), 2 deletions(-) + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,11 @@ ++2017-11-03 Mingi Cho <mgcho.minic@gmail.com> ++ Nick Clifton <nickc@redhat.com> ++ ++ PR 22385 ++ * coffgen.c (_bfd_coff_get_external_symbols): Check for an ++ overlarge raw syment count. ++ (coff_get_normalized_symtab): Likewise. ++ + 2017-10-17 Alan Modra <amodra@gmail.com> + + PR 22307 +Index: git/bfd/coffgen.c +=================================================================== +--- git.orig/bfd/coffgen.c ++++ git/bfd/coffgen.c +@@ -1640,13 +1640,23 @@ _bfd_coff_get_external_symbols (bfd *abf + size = obj_raw_syment_count (abfd) * symesz; + if (size == 0) + return TRUE; ++ /* Check for integer overflow and for unreasonable symbol counts. */ ++ if (size < obj_raw_syment_count (abfd) ++ || (bfd_get_file_size (abfd) > 0 ++ && size > bfd_get_file_size (abfd))) ++ ++ { ++ _bfd_error_handler (_("%B: corrupt symbol count: %#Lx"), ++ abfd, obj_raw_syment_count (abfd)); ++ return FALSE; ++ } + + syms = bfd_malloc (size); + if (syms == NULL) + { + /* PR 21013: Provide an error message when the alloc fails. */ +- _bfd_error_handler (_("%B: Not enough memory to allocate space for %lu symbols"), +- abfd, size); ++ _bfd_error_handler (_("%B: not enough memory to allocate space for %#Lx symbols of size %#Lx"), ++ abfd, obj_raw_syment_count (abfd), symesz); + return FALSE; + } + +@@ -1790,6 +1800,9 @@ coff_get_normalized_symtab (bfd *abfd) + return NULL; + + size = obj_raw_syment_count (abfd) * sizeof (combined_entry_type); ++ /* Check for integer overflow. */ ++ if (size < obj_raw_syment_count (abfd)) ++ return NULL; + internal = (combined_entry_type *) bfd_zalloc (abfd, size); + if (internal == NULL && size != 0) + return NULL; diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch new file mode 100644 index 0000000000..9044bccf95 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch @@ -0,0 +1,61 @@ +From 0bb6961f18b8e832d88b490d421ca56cea16c45b Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 31 Oct 2017 14:29:40 +0000 +Subject: [PATCH] Fix illegal memory access triggered when parsing a PE binary + with a corrupt data dictionary. + + PR 22373 + * peicode.h (pe_bfd_read_buildid): Check for invalid size and data + offset values. + +Upstrem-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16832 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/peicode.h | 9 ++++++--- + 2 files changed, 12 insertions(+), 3 deletions(-) + +Index: git/bfd/peicode.h +=================================================================== +--- git.orig/bfd/peicode.h ++++ git/bfd/peicode.h +@@ -1303,7 +1303,6 @@ pe_bfd_read_buildid (bfd *abfd) + bfd_byte *data = 0; + bfd_size_type dataoff; + unsigned int i; +- + bfd_vma addr = extra->DataDirectory[PE_DEBUG_DATA].VirtualAddress; + bfd_size_type size = extra->DataDirectory[PE_DEBUG_DATA].Size; + +@@ -1327,8 +1326,12 @@ pe_bfd_read_buildid (bfd *abfd) + + dataoff = addr - section->vma; + +- /* PR 20605: Make sure that the data is really there. */ +- if (dataoff + size > section->size) ++ /* PR 20605 and 22373: Make sure that the data is really there. ++ Note - since we are dealing with unsigned quantities we have ++ to be careful to check for potential overflows. */ ++ if (dataoff > section->size ++ || size > section->size ++ || dataoff + size > section->size) + { + _bfd_error_handler (_("%B: Error: Debug Data ends beyond end of debug directory."), + abfd); +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-10-31 Nick Clifton <nickc@redhat.com> ++ ++ PR 22373 ++ * peicode.h (pe_bfd_read_buildid): Check for invalid size and data ++ offset values. ++ + 2017-11-03 Mingi Cho <mgcho.minic@gmail.com> + Nick Clifton <nickc@redhat.com> + diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch new file mode 100644 index 0000000000..611a276def --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch @@ -0,0 +1,78 @@ +From 80a0437873045cc08753fcac4af154e2931a99fd Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Thu, 16 Nov 2017 14:53:32 +0000 +Subject: [PATCH] Prevent illegal memory accesses when parsing incorrecctly + formated core notes. + + PR 22421 + * elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough. + (elfcore_grok_openbsd_procinfo): Likewise. + (elfcore_grok_nto_status): Likewise. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-17080 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/elf.c | 10 ++++++++++ + 2 files changed, 17 insertions(+) + +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c ++++ git/bfd/elf.c +@@ -9862,6 +9862,7 @@ elfcore_grok_freebsd_psinfo (bfd *abfd, + /* Check for version 1 in pr_version. */ + if (bfd_h_get_32 (abfd, (bfd_byte *) note->descdata) != 1) + return FALSE; ++ + offset = 4; + + /* Skip over pr_psinfosz. */ +@@ -10030,6 +10031,9 @@ elfcore_netbsd_get_lwpid (Elf_Internal_N + static bfd_boolean + elfcore_grok_netbsd_procinfo (bfd *abfd, Elf_Internal_Note *note) + { ++ if (note->descsz <= 0x7c + 31) ++ return FALSE; ++ + /* Signal number at offset 0x08. */ + elf_tdata (abfd)->core->signal + = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08); +@@ -10114,6 +10118,9 @@ elfcore_grok_netbsd_note (bfd *abfd, Elf + static bfd_boolean + elfcore_grok_openbsd_procinfo (bfd *abfd, Elf_Internal_Note *note) + { ++ if (note->descsz <= 0x48 + 31) ++ return FALSE; ++ + /* Signal number at offset 0x08. */ + elf_tdata (abfd)->core->signal + = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08); +@@ -10185,6 +10192,9 @@ elfcore_grok_nto_status (bfd *abfd, Elf_ + short sig; + unsigned flags; + ++ if (note->descsz < 16) ++ return FALSE; ++ + /* nto_procfs_status 'pid' field is at offset 0. */ + elf_tdata (abfd)->core->pid = bfd_get_32 (abfd, (bfd_byte *) ddata); + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-11-16 Nick Clifton <nickc@redhat.com> ++ ++ PR 22421 ++ * elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough. ++ (elfcore_grok_openbsd_procinfo): Likewise. ++ (elfcore_grok_nto_status): Likewise. ++ + 2017-10-31 Nick Clifton <nickc@redhat.com> + + PR 22373 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17121.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17121.patch new file mode 100644 index 0000000000..4b675f7b72 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17121.patch @@ -0,0 +1,366 @@ +From b23dc97fe237a1d9e850d7cbeee066183a00630b Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 28 Nov 2017 13:20:31 +0000 +Subject: [PATCH] Fix a memory access violation when attempting to parse a + corrupt COFF binary with a relocation that points beyond the end of the + section to be relocated. + + PR 22506 + * reloc.c (reloc_offset_in_range): Rename to + bfd_reloc_offset_in_range and export. + (bfd_perform_relocation): Rename function invocation. + (bfd_install_relocation): Likewise. + (bfd_final_link_relocate): Likewise. + * bfd-in2.h: Regenerate. + * coff-arm.c (coff_arm_reloc): Use bfd_reloc_offset_in_range. + * coff-i386.c (coff_i386_reloc): Likewise. + * coff-i860.c (coff_i860_reloc): Likewise. + * coff-m68k.c (mk68kcoff_common_addend_special_fn): Likewise. + * coff-m88k.c (m88k_special_reloc): Likewise. + * coff-mips.c (mips_reflo_reloc): Likewise. + * coff-x86_64.c (coff_amd64_reloc): Likewise. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-17121 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 17 +++++++++++++++ + bfd/bfd-in2.h | 6 +++++ + bfd/coff-arm.c | 65 ++++++++++++++++++++++++++++++------------------------- + bfd/coff-i386.c | 5 +++++ + bfd/coff-i860.c | 5 +++++ + bfd/coff-m68k.c | 5 +++++ + bfd/coff-m88k.c | 9 +++++++- + bfd/coff-mips.c | 6 +++++ + bfd/coff-x86_64.c | 16 +++++--------- + bfd/reloc.c | 40 +++++++++++++++++++++++++++++----- + 10 files changed, 126 insertions(+), 48 deletions(-) + +Index: git/bfd/bfd-in2.h +=================================================================== +--- git.orig/bfd/bfd-in2.h ++++ git/bfd/bfd-in2.h +@@ -2661,6 +2661,12 @@ bfd_reloc_status_type bfd_check_overflow + unsigned int addrsize, + bfd_vma relocation); + ++bfd_boolean bfd_reloc_offset_in_range ++ (reloc_howto_type *howto, ++ bfd *abfd, ++ asection *section, ++ bfd_size_type offset); ++ + bfd_reloc_status_type bfd_perform_relocation + (bfd *abfd, + arelent *reloc_entry, +Index: git/bfd/coff-arm.c +=================================================================== +--- git.orig/bfd/coff-arm.c ++++ git/bfd/coff-arm.c +@@ -109,41 +109,46 @@ coff_arm_reloc (bfd *abfd, + x = ((x & ~howto->dst_mask) \ + | (((x & howto->src_mask) + diff) & howto->dst_mask)) + +- if (diff != 0) +- { +- reloc_howto_type *howto = reloc_entry->howto; +- unsigned char *addr = (unsigned char *) data + reloc_entry->address; ++ if (diff != 0) ++ { ++ reloc_howto_type *howto = reloc_entry->howto; ++ unsigned char *addr = (unsigned char *) data + reloc_entry->address; ++ ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ ++ switch (howto->size) ++ { ++ case 0: ++ { ++ char x = bfd_get_8 (abfd, addr); ++ DOIT (x); ++ bfd_put_8 (abfd, x, addr); ++ } ++ break; + +- switch (howto->size) ++ case 1: + { +- case 0: +- { +- char x = bfd_get_8 (abfd, addr); +- DOIT (x); +- bfd_put_8 (abfd, x, addr); +- } +- break; +- +- case 1: +- { +- short x = bfd_get_16 (abfd, addr); +- DOIT (x); +- bfd_put_16 (abfd, (bfd_vma) x, addr); +- } +- break; +- +- case 2: +- { +- long x = bfd_get_32 (abfd, addr); +- DOIT (x); +- bfd_put_32 (abfd, (bfd_vma) x, addr); +- } +- break; ++ short x = bfd_get_16 (abfd, addr); ++ DOIT (x); ++ bfd_put_16 (abfd, (bfd_vma) x, addr); ++ } ++ break; + +- default: +- abort (); ++ case 2: ++ { ++ long x = bfd_get_32 (abfd, addr); ++ DOIT (x); ++ bfd_put_32 (abfd, (bfd_vma) x, addr); + } +- } ++ break; ++ ++ default: ++ abort (); ++ } ++ } + + /* Now let bfd_perform_relocation finish everything up. */ + return bfd_reloc_continue; +Index: git/bfd/coff-i386.c +=================================================================== +--- git.orig/bfd/coff-i386.c ++++ git/bfd/coff-i386.c +@@ -144,6 +144,11 @@ coff_i386_reloc (bfd *abfd, + reloc_howto_type *howto = reloc_entry->howto; + unsigned char *addr = (unsigned char *) data + reloc_entry->address; + ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ + switch (howto->size) + { + case 0: +Index: git/bfd/coff-i860.c +=================================================================== +--- git.orig/bfd/coff-i860.c ++++ git/bfd/coff-i860.c +@@ -95,6 +95,11 @@ coff_i860_reloc (bfd *abfd, + reloc_howto_type *howto = reloc_entry->howto; + unsigned char *addr = (unsigned char *) data + reloc_entry->address; + ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ + switch (howto->size) + { + case 0: +Index: git/bfd/coff-m68k.c +=================================================================== +--- git.orig/bfd/coff-m68k.c ++++ git/bfd/coff-m68k.c +@@ -305,6 +305,11 @@ m68kcoff_common_addend_special_fn (bfd * + reloc_howto_type *howto = reloc_entry->howto; + unsigned char *addr = (unsigned char *) data + reloc_entry->address; + ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ + switch (howto->size) + { + case 0: +Index: git/bfd/coff-m88k.c +=================================================================== +--- git.orig/bfd/coff-m88k.c ++++ git/bfd/coff-m88k.c +@@ -72,10 +72,17 @@ m88k_special_reloc (bfd *abfd, + { + bfd_vma output_base = 0; + bfd_vma addr = reloc_entry->address; +- bfd_vma x = bfd_get_16 (abfd, (bfd_byte *) data + addr); ++ bfd_vma x; + asection *reloc_target_output_section; + long relocation = 0; + ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ ++ x = bfd_get_16 (abfd, (bfd_byte *) data + addr); ++ + /* Work out which section the relocation is targeted at and the + initial relocation command value. */ + +Index: git/bfd/coff-mips.c +=================================================================== +--- git.orig/bfd/coff-mips.c ++++ git/bfd/coff-mips.c +@@ -504,6 +504,12 @@ mips_reflo_reloc (bfd *abfd ATTRIBUTE_UN + unsigned long vallo; + struct mips_hi *next; + ++ if (! bfd_reloc_offset_in_range (reloc_entry->howto, abfd, ++ input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ + /* Do the REFHI relocation. Note that we actually don't + need to know anything about the REFLO itself, except + where to find the low 16 bits of the addend needed by the +Index: git/bfd/coff-x86_64.c +=================================================================== +--- git.orig/bfd/coff-x86_64.c ++++ git/bfd/coff-x86_64.c +@@ -143,16 +143,10 @@ coff_amd64_reloc (bfd *abfd, + reloc_howto_type *howto = reloc_entry->howto; + unsigned char *addr = (unsigned char *) data + reloc_entry->address; + +- /* FIXME: We do not have an end address for data, so we cannot +- accurately range check any addresses computed against it. +- cf: PR binutils/17512: file: 1085-1761-0.004. +- For now we do the best that we can. */ +- if (addr < (unsigned char *) data +- || addr > ((unsigned char *) data) + input_section->size) +- { +- bfd_set_error (bfd_error_bad_value); +- return bfd_reloc_notsupported; +- } ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; + + switch (howto->size) + { +Index: git/bfd/reloc.c +=================================================================== +--- git.orig/bfd/reloc.c ++++ git/bfd/reloc.c +@@ -538,12 +538,31 @@ bfd_check_overflow (enum complain_overfl + return flag; + } + ++/* ++FUNCTION ++ bfd_reloc_offset_in_range ++ ++SYNOPSIS ++ bfd_boolean bfd_reloc_offset_in_range ++ (reloc_howto_type *howto, ++ bfd *abfd, ++ asection *section, ++ bfd_size_type offset); ++ ++DESCRIPTION ++ Returns TRUE if the reloc described by @var{HOWTO} can be ++ applied at @var{OFFSET} octets in @var{SECTION}. ++ ++*/ ++ + /* HOWTO describes a relocation, at offset OCTET. Return whether the + relocation field is within SECTION of ABFD. */ + +-static bfd_boolean +-reloc_offset_in_range (reloc_howto_type *howto, bfd *abfd, +- asection *section, bfd_size_type octet) ++bfd_boolean ++bfd_reloc_offset_in_range (reloc_howto_type *howto, ++ bfd *abfd, ++ asection *section, ++ bfd_size_type octet) + { + bfd_size_type octet_end = bfd_get_section_limit_octets (abfd, section); + bfd_size_type reloc_size = bfd_get_reloc_size (howto); +@@ -617,6 +636,11 @@ bfd_perform_relocation (bfd *abfd, + if (howto && howto->special_function) + { + bfd_reloc_status_type cont; ++ ++ /* Note - we do not call bfd_reloc_offset_in_range here as the ++ reloc_entry->address field might actually be valid for the ++ backend concerned. It is up to the special_function itself ++ to call bfd_reloc_offset_in_range if needed. */ + cont = howto->special_function (abfd, reloc_entry, symbol, data, + input_section, output_bfd, + error_message); +@@ -637,7 +661,7 @@ bfd_perform_relocation (bfd *abfd, + + /* Is the address of the relocation really within the section? */ + octets = reloc_entry->address * bfd_octets_per_byte (abfd); +- if (!reloc_offset_in_range (howto, abfd, input_section, octets)) ++ if (!bfd_reloc_offset_in_range (howto, abfd, input_section, octets)) + return bfd_reloc_outofrange; + + /* Work out which section the relocation is targeted at and the +@@ -1003,6 +1027,10 @@ bfd_install_relocation (bfd *abfd, + { + bfd_reloc_status_type cont; + ++ /* Note - we do not call bfd_reloc_offset_in_range here as the ++ reloc_entry->address field might actually be valid for the ++ backend concerned. It is up to the special_function itself ++ to call bfd_reloc_offset_in_range if needed. */ + /* XXX - The special_function calls haven't been fixed up to deal + with creating new relocations and section contents. */ + cont = howto->special_function (abfd, reloc_entry, symbol, +@@ -1025,7 +1053,7 @@ bfd_install_relocation (bfd *abfd, + + /* Is the address of the relocation really within the section? */ + octets = reloc_entry->address * bfd_octets_per_byte (abfd); +- if (!reloc_offset_in_range (howto, abfd, input_section, octets)) ++ if (!bfd_reloc_offset_in_range (howto, abfd, input_section, octets)) + return bfd_reloc_outofrange; + + /* Work out which section the relocation is targeted at and the +@@ -1363,7 +1391,7 @@ _bfd_final_link_relocate (reloc_howto_ty + bfd_size_type octets = address * bfd_octets_per_byte (input_bfd); + + /* Sanity check the address. */ +- if (!reloc_offset_in_range (howto, input_bfd, input_section, octets)) ++ if (!bfd_reloc_offset_in_range (howto, input_bfd, input_section, octets)) + return bfd_reloc_outofrange; + + /* This function assumes that we are dealing with a basic relocation +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,20 @@ ++2017-11-28 Nick Clifton <nickc@redhat.com> ++ ++ PR 22506 ++ * reloc.c (reloc_offset_in_range): Rename to ++ bfd_reloc_offset_in_range and export. ++ (bfd_perform_relocation): Rename function invocation. ++ (bfd_install_relocation): Likewise. ++ (bfd_final_link_relocate): Likewise. ++ * bfd-in2.h: Regenerate. ++ * coff-arm.c (coff_arm_reloc): Use bfd_reloc_offset_in_range. ++ * coff-i386.c (coff_i386_reloc): Likewise. ++ * coff-i860.c (coff_i860_reloc): Likewise. ++ * coff-m68k.c (mk68kcoff_common_addend_special_fn): Likewise. ++ * coff-m88k.c (m88k_special_reloc): Likewise. ++ * coff-mips.c (mips_reflo_reloc): Likewise. ++ * coff-x86_64.c (coff_amd64_reloc): Likewise. ++ + 2017-11-16 Nick Clifton <nickc@redhat.com> + + PR 22421 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch new file mode 100644 index 0000000000..5ae749bcca --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch @@ -0,0 +1,58 @@ +From d785b7d4b877ed465d04072e17ca19d0f47d840f Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 29 Nov 2017 12:40:43 +0000 +Subject: [PATCH] Stop objdump from attempting to allocate a huge chunk of + memory when parsing relocs in a corrupt file. + + PR 22508 + * objdump.c (dump_relocs_in_section): Also check the section's + relocation count to make sure that it is reasonable before + attempting to allocate space for the relocs. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-17122 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 7 +++++++ + binutils/objdump.c | 11 ++++++++++- + 2 files changed, 17 insertions(+), 1 deletion(-) + +Index: git/binutils/objdump.c +=================================================================== +--- git.orig/binutils/objdump.c ++++ git/binutils/objdump.c +@@ -3381,7 +3381,16 @@ dump_relocs_in_section (bfd *abfd, + } + + if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0 +- && (ufile_ptr) relsize > bfd_get_file_size (abfd)) ++ && (((ufile_ptr) relsize > bfd_get_file_size (abfd)) ++ /* Also check the section's reloc count since if this is negative ++ (or very large) the computation in bfd_get_reloc_upper_bound ++ may have resulted in returning a small, positive integer. ++ See PR 22508 for a reproducer. ++ ++ Note - we check against file size rather than section size as ++ it is possible for there to be more relocs that apply to a ++ section than there are bytes in that section. */ ++ || (section->reloc_count > bfd_get_file_size (abfd)))) + { + printf (" (too many: 0x%x)\n", section->reloc_count); + bfd_set_error (bfd_error_file_truncated); +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,10 @@ ++2017-11-29 Nick Clifton <nickc@redhat.com> ++ ++ PR 22508 ++ * objdump.c (dump_relocs_in_section): Also check the section's ++ relocation count to make sure that it is reasonable before ++ attempting to allocate space for the relocs. ++ + 2017-11-02 Mingi Cho <mgcho.minic@gmail.com> + + PR 22384 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17123.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17123.patch new file mode 100644 index 0000000000..08412108da --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17123.patch @@ -0,0 +1,33 @@ +From 4581a1c7d304ce14e714b27522ebf3d0188d6543 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 29 Nov 2017 17:12:12 +0000 +Subject: [PATCH] Check for a NULL symbol pointer when reading relocs from a + COFF based file. + + PR 22509 + * coffcode.h (coff_slurp_reloc_table): Check for a NULL symbol + pointer when processing relocs. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-17123 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/coffcode.h | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +Index: git/bfd/coffcode.h +=================================================================== +--- git.orig/bfd/coffcode.h ++++ git/bfd/coffcode.h +@@ -5326,7 +5326,7 @@ coff_slurp_reloc_table (bfd * abfd, sec_ + #else + cache_ptr->address = dst.r_vaddr; + +- if (dst.r_symndx != -1) ++ if (dst.r_symndx != -1 && symbols != NULL) + { + if (dst.r_symndx < 0 || dst.r_symndx >= obj_conv_table_size (abfd)) + { diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17124.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17124.patch new file mode 100644 index 0000000000..16f0768d95 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17124.patch @@ -0,0 +1,47 @@ +From b0029dce6867de1a2828293177b0e030d2f0f03c Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 28 Nov 2017 18:00:29 +0000 +Subject: [PATCH] Prevent a memory exhaustion problem when trying to read in + strings from a COFF binary with a corrupt string table size. + + PR 22507 + * coffgen.c (_bfd_coff_read_string_table): Check for an excessive + size of the external string table. + +Upstream-Status: Backport +Affects binutls <= 2.29.1 +CVE: CVE-2017-17124 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/coffgen.c | 4 ++-- + 2 files changed, 8 insertions(+), 2 deletions(-) + +Index: git/bfd/coffgen.c +=================================================================== +--- git.orig/bfd/coffgen.c ++++ git/bfd/coffgen.c +@@ -1709,7 +1709,7 @@ _bfd_coff_read_string_table (bfd *abfd) + #endif + } + +- if (strsize < STRING_SIZE_SIZE) ++ if (strsize < STRING_SIZE_SIZE || strsize > bfd_get_file_size (abfd)) + { + _bfd_error_handler + /* xgettext: c-format */ +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-11-28 Nick Clifton <nickc@redhat.com> ++ ++ PR 22507 ++ * coffgen.c (_bfd_coff_read_string_table): Check for an excessive ++ size of the external string table. ++ + 2018-03-28 Eric Botcazou <ebotcazou@adacore.com> + + PR ld/22972 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch new file mode 100644 index 0000000000..30dc6d5727 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch @@ -0,0 +1,129 @@ +From 160b1a618ad94988410dc81fce9189fcda5b7ff4 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sat, 18 Nov 2017 23:18:22 +1030 +Subject: [PATCH] PR22443, Global buffer overflow in + _bfd_elf_get_symbol_version_string + +Symbols like *ABS* defined in bfd/section.c:global_syms are not +elf_symbol_type. They can appear on relocs and perhaps other places +in an ELF bfd, so a number of places in nm.c and objdump.c are wrong +to cast an asymbol based on the bfd being ELF. I think we lose +nothing by excluding all section symbols, not just the global_syms. + + PR 22443 + * nm.c (sort_symbols_by_size): Don't attempt to access + section symbol internal_elf_sym. + (print_symbol): Likewise. Don't call bfd_get_symbol_version_string + for section symbols. + * objdump.c (compare_symbols): Don't attempt to access + section symbol internal_elf_sym. + (objdump_print_symname): Don't call bfd_get_symbol_version_string + for section symbols. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-17125 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 12 ++++++++++++ + binutils/nm.c | 17 ++++++++++------- + binutils/objdump.c | 6 +++--- + 3 files changed, 25 insertions(+), 10 deletions(-) + +Index: git/binutils/nm.c +=================================================================== +--- git.orig/binutils/nm.c ++++ git/binutils/nm.c +@@ -765,7 +765,6 @@ sort_symbols_by_size (bfd *abfd, bfd_boo + asection *sec; + bfd_vma sz; + asymbol *temp; +- int synthetic = (sym->flags & BSF_SYNTHETIC); + + if (from + size < fromend) + { +@@ -782,10 +781,13 @@ sort_symbols_by_size (bfd *abfd, bfd_boo + sec = bfd_get_section (sym); + + /* Synthetic symbols don't have a full type set of data available, thus +- we can't rely on that information for the symbol size. */ +- if (!synthetic && bfd_get_flavour (abfd) == bfd_target_elf_flavour) ++ we can't rely on that information for the symbol size. Ditto for ++ bfd/section.c:global_syms like *ABS*. */ ++ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0 ++ && bfd_get_flavour (abfd) == bfd_target_elf_flavour) + sz = ((elf_symbol_type *) sym)->internal_elf_sym.st_size; +- else if (!synthetic && bfd_is_com_section (sec)) ++ else if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0 ++ && bfd_is_com_section (sec)) + sz = sym->value; + else + { +@@ -874,8 +876,9 @@ print_symbol (bfd * abfd, + + info.sinfo = &syminfo; + info.ssize = ssize; +- /* Synthetic symbols do not have a full symbol type set of data available. */ +- if ((sym->flags & BSF_SYNTHETIC) != 0) ++ /* Synthetic symbols do not have a full symbol type set of data available. ++ Nor do bfd/section.c:global_syms like *ABS*. */ ++ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) != 0) + { + info.elfinfo = NULL; + info.coffinfo = NULL; +@@ -893,7 +896,7 @@ print_symbol (bfd * abfd, + const char * version_string = NULL; + bfd_boolean hidden = FALSE; + +- if ((sym->flags & BSF_SYNTHETIC) == 0) ++ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) + version_string = bfd_get_symbol_version_string (abfd, sym, &hidden); + + if (bfd_is_und_section (bfd_get_section (sym))) +Index: git/binutils/objdump.c +=================================================================== +--- git.orig/binutils/objdump.c ++++ git/binutils/objdump.c +@@ -799,10 +799,10 @@ compare_symbols (const void *ap, const v + bfd_vma asz, bsz; + + asz = 0; +- if ((a->flags & BSF_SYNTHETIC) == 0) ++ if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) + asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size; + bsz = 0; +- if ((b->flags & BSF_SYNTHETIC) == 0) ++ if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) + bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size; + if (asz != bsz) + return asz > bsz ? -1 : 1; +@@ -888,7 +888,7 @@ objdump_print_symname (bfd *abfd, struct + name = alloc; + } + +- if ((sym->flags & BSF_SYNTHETIC) == 0) ++ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) + version_string = bfd_get_symbol_version_string (abfd, sym, &hidden); + + if (bfd_is_und_section (bfd_get_section (sym))) +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,15 @@ ++2017-11-18 Alan Modra <amodra@gmail.com> ++ ++ PR 22443 ++ * nm.c (sort_symbols_by_size): Don't attempt to access ++ section symbol internal_elf_sym. ++ (print_symbol): Likewise. Don't call bfd_get_symbol_version_string ++ for section symbols. ++ * objdump.c (compare_symbols): Don't attempt to access ++ section symbol internal_elf_sym. ++ (objdump_print_symname): Don't call bfd_get_symbol_version_string ++ for section symbols. ++ + 2017-11-29 Nick Clifton <nickc@redhat.com> + + PR 22508 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch new file mode 100644 index 0000000000..caaaf2317e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch @@ -0,0 +1,58 @@ +From 6aea08d9f3e3d6475a65454da488a0c51f5dc97d Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 17 Apr 2018 12:35:55 +0100 +Subject: [PATCH] Fix illegal memory access when parsing corrupt DWARF + information. + + PR 23064 + * dwarf.c (process_cu_tu_index): Test for a potential buffer + overrun before copying signature pointer. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-10372 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 6 ++++++ + binutils/dwarf.c | 13 ++++++++++++- + 2 files changed, 18 insertions(+), 1 deletion(-) + +Index: git/binutils/dwarf.c +=================================================================== +--- git.orig/binutils/dwarf.c ++++ git/binutils/dwarf.c +@@ -8526,7 +8526,18 @@ process_cu_tu_index (struct dwarf_sectio + } + + if (!do_display) +- memcpy (&this_set[row - 1].signature, ph, sizeof (uint64_t)); ++ { ++ size_t num_copy = sizeof (uint64_t); ++ ++ /* PR 23064: Beware of buffer overflow. */ ++ if (ph + num_copy < limit) ++ memcpy (&this_set[row - 1].signature, ph, num_copy); ++ else ++ { ++ warn (_("Signature (%p) extends beyond end of space in section\n"), ph); ++ return 0; ++ } ++ } + + prow = poffsets + (row - 1) * ncols * 4; + /* PR 17531: file: b8ce60a8. */ +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,9 @@ ++2018-04-17 Nick Clifton <nickc@redhat.com> ++ ++ PR 23064 ++ * dwarf.c (process_cu_tu_index): Test for a potential buffer ++ overrun before copying signature pointer. ++ + 2017-11-18 Alan Modra <amodra@gmail.com> + + PR 22443 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch new file mode 100644 index 0000000000..963d767f84 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch @@ -0,0 +1,45 @@ +From 6327533b1fd29fa86f6bf34e61c332c010e3c689 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 17 Apr 2018 14:30:07 +0100 +Subject: [PATCH] Add a check for a NULL table pointer before attempting to + compute a DWARF filename. + + PR 23065 + * dwarf2.c (concat_filename): Check for a NULL table pointer. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-10373 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/dwarf2.c | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -1587,7 +1587,7 @@ concat_filename (struct line_info_table + { + char *filename; + +- if (file - 1 >= table->num_files) ++ if (table == NULL || file - 1 >= table->num_files) + { + /* FILE == 0 means unknown. */ + if (file) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,8 @@ ++2018-04-17 Nick Clifton <nickc@redhat.com> ++ ++ PR 23065 ++ * dwarf2.c (concat_filename): Check for a NULL table pointer. ++ + 2017-11-28 Nick Clifton <nickc@redhat.com> + + PR 22506 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch new file mode 100644 index 0000000000..27e86285a2 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch @@ -0,0 +1,2443 @@ +From aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 24 Apr 2018 16:31:27 +0100 +Subject: [PATCH] Fix an illegal memory access when copying a PE format file + with corrupt debug information. + + PR 23110 + * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for + a negative PE_DEBUG_DATA size before iterating over the debug data. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-10534 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 + + bfd/peXXigen.c | 9 + + bfd/po/bfd.pot | 5631 ++++++++++++++++++++++++++------------------------------ + 3 files changed, 2662 insertions(+), 2984 deletions(-) + +Index: git/bfd/peXXigen.c +=================================================================== +--- git.orig/bfd/peXXigen.c ++++ git/bfd/peXXigen.c +@@ -2991,6 +2991,15 @@ _bfd_XX_bfd_copy_private_bfd_data_common + bfd_get_section_size (section) - (addr - section->vma)); + return FALSE; + } ++ /* PR 23110. */ ++ else if (ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size < 0) ++ { ++ /* xgettext:c-format */ ++ _bfd_error_handler ++ (_("%pB: Data Directory size (%#lx) is negative"), ++ obfd, ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size); ++ return FALSE; ++ } + + for (i = 0; i < ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size + / sizeof (struct external_IMAGE_DEBUG_DIRECTORY); i++) +Index: git/bfd/po/bfd.pot +=================================================================== +--- git.orig/bfd/po/bfd.pot ++++ git/bfd/po/bfd.pot +@@ -6119,1961 +6119,1932 @@ msgstr "" + #. Rotate. + #. Redefine symbol to current location. + #. Define a literal. +-#: vms-alpha.c:2115 vms-alpha.c:2146 vms-alpha.c:2237 vms-alpha.c:2395 ++#: vms-alpha.c:2116 vms-alpha.c:2147 vms-alpha.c:2238 vms-alpha.c:2396 + #, c-format + msgid "%s: not supported" + msgstr "" + +-#: vms-alpha.c:2121 ++#: vms-alpha.c:2122 + #, c-format + msgid "%s: not implemented" + msgstr "" + +-#: vms-alpha.c:2379 ++#: vms-alpha.c:2380 + #, c-format + msgid "invalid use of %s with contexts" + msgstr "" + +-#: vms-alpha.c:2413 ++#: vms-alpha.c:2414 + #, c-format + msgid "reserved cmd %d" + msgstr "" + +-#: vms-alpha.c:2497 +-msgid "Corrupt EEOM record - size is too small" ++#: vms-alpha.c:2498 ++msgid "corrupt EEOM record - size is too small" + msgstr "" + +-#: vms-alpha.c:2506 +-msgid "Object module NOT error-free !\n" ++#: vms-alpha.c:2507 ++msgid "object module not error-free !" + msgstr "" + +-#: vms-alpha.c:3830 ++#: vms-alpha.c:3831 + #, c-format +-msgid "SEC_RELOC with no relocs in section %A" ++msgid "SEC_RELOC with no relocs in section %pA" + msgstr "" + +-#: vms-alpha.c:3882 vms-alpha.c:4095 ++#: vms-alpha.c:3883 vms-alpha.c:4096 + #, c-format +-msgid "Size error in section %A" ++msgid "size error in section %pA" + msgstr "" + +-#: vms-alpha.c:4041 +-msgid "Spurious ALPHA_R_BSR reloc" ++#: vms-alpha.c:4042 ++msgid "spurious ALPHA_R_BSR reloc" + msgstr "" + +-#: vms-alpha.c:4082 ++#: vms-alpha.c:4083 + #, c-format +-msgid "Unhandled relocation %s" ++msgid "unhandled relocation %s" + msgstr "" + +-#: vms-alpha.c:4375 ++#: vms-alpha.c:4376 + #, c-format + msgid "unknown source command %d" + msgstr "" + +-#: vms-alpha.c:4436 +-msgid "DST__K_SET_LINUM_INCR not implemented" +-msgstr "" +- +-#: vms-alpha.c:4442 +-msgid "DST__K_SET_LINUM_INCR_W not implemented" +-msgstr "" +- +-#: vms-alpha.c:4448 +-msgid "DST__K_RESET_LINUM_INCR not implemented" +-msgstr "" +- +-#: vms-alpha.c:4454 +-msgid "DST__K_BEG_STMT_MODE not implemented" +-msgstr "" +- +-#: vms-alpha.c:4460 +-msgid "DST__K_END_STMT_MODE not implemented" +-msgstr "" +- +-#: vms-alpha.c:4487 +-msgid "DST__K_SET_PC not implemented" +-msgstr "" +- +-#: vms-alpha.c:4493 +-msgid "DST__K_SET_PC_W not implemented" +-msgstr "" +- +-#: vms-alpha.c:4499 +-msgid "DST__K_SET_PC_L not implemented" +-msgstr "" +- +-#: vms-alpha.c:4505 +-msgid "DST__K_SET_STMTNUM not implemented" ++#: vms-alpha.c:4437 vms-alpha.c:4443 vms-alpha.c:4449 vms-alpha.c:4455 ++#: vms-alpha.c:4461 vms-alpha.c:4488 vms-alpha.c:4494 vms-alpha.c:4500 ++#: vms-alpha.c:4506 ++#, c-format ++msgid "%s not implemented" + msgstr "" + +-#: vms-alpha.c:4548 ++#: vms-alpha.c:4549 + #, c-format + msgid "unknown line command %d" + msgstr "" + +-#: vms-alpha.c:5008 vms-alpha.c:5026 vms-alpha.c:5041 vms-alpha.c:5057 +-#: vms-alpha.c:5070 vms-alpha.c:5082 vms-alpha.c:5095 ++#: vms-alpha.c:5009 vms-alpha.c:5027 vms-alpha.c:5042 vms-alpha.c:5058 ++#: vms-alpha.c:5071 vms-alpha.c:5083 vms-alpha.c:5096 + #, c-format +-msgid "Unknown reloc %s + %s" ++msgid "unknown reloc %s + %s" + msgstr "" + +-#: vms-alpha.c:5150 ++#: vms-alpha.c:5151 + #, c-format +-msgid "Unknown reloc %s" ++msgid "unknown reloc %s" + msgstr "" + +-#: vms-alpha.c:5163 +-msgid "Invalid section index in ETIR" ++#: vms-alpha.c:5164 ++msgid "invalid section index in ETIR" + msgstr "" + +-#: vms-alpha.c:5172 +-msgid "Relocation for non-REL psect" ++#: vms-alpha.c:5173 ++msgid "relocation for non-REL psect" + msgstr "" + +-#: vms-alpha.c:5219 ++#: vms-alpha.c:5220 + #, c-format +-msgid "Unknown symbol in command %s" ++msgid "unknown symbol in command %s" + msgstr "" + +-#: vms-alpha.c:5629 ++#: vms-alpha.c:5630 + #, c-format + msgid "reloc (%d) is *UNKNOWN*" + msgstr "" + +-#: vms-alpha.c:5745 ++#: vms-alpha.c:5746 + #, c-format + msgid " EMH %u (len=%u): " + msgstr "" + +-#: vms-alpha.c:5750 ++#: vms-alpha.c:5751 + #, c-format + msgid " Error: The length is less than the length of an EMH record\n" + msgstr "" + +-#: vms-alpha.c:5767 ++#: vms-alpha.c:5768 + #, c-format + msgid "" + " Error: The record length is less than the size of an EMH_MHD record\n" + msgstr "" + +-#: vms-alpha.c:5770 ++#: vms-alpha.c:5771 + #, c-format + msgid "Module header\n" + msgstr "" + +-#: vms-alpha.c:5771 ++#: vms-alpha.c:5772 + #, c-format + msgid " structure level: %u\n" + msgstr "" + +-#: vms-alpha.c:5772 ++#: vms-alpha.c:5773 + #, c-format + msgid " max record size: %u\n" + msgstr "" + +-#: vms-alpha.c:5778 ++#: vms-alpha.c:5779 + #, c-format + msgid " Error: The module name is missing\n" + msgstr "" + +-#: vms-alpha.c:5784 ++#: vms-alpha.c:5785 + #, c-format + msgid " Error: The module name is too long\n" + msgstr "" + +-#: vms-alpha.c:5787 ++#: vms-alpha.c:5788 + #, c-format + msgid " module name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:5791 ++#: vms-alpha.c:5792 + #, c-format + msgid " Error: The module version is missing\n" + msgstr "" + +-#: vms-alpha.c:5797 ++#: vms-alpha.c:5798 + #, c-format + msgid " Error: The module version is too long\n" + msgstr "" + +-#: vms-alpha.c:5800 ++#: vms-alpha.c:5801 + #, c-format + msgid " module version : %.*s\n" + msgstr "" + +-#: vms-alpha.c:5803 ++#: vms-alpha.c:5804 + #, c-format + msgid " Error: The compile date is truncated\n" + msgstr "" + +-#: vms-alpha.c:5805 ++#: vms-alpha.c:5806 + #, c-format + msgid " compile date : %.17s\n" + msgstr "" + +-#: vms-alpha.c:5810 ++#: vms-alpha.c:5811 + #, c-format + msgid "Language Processor Name\n" + msgstr "" + +-#: vms-alpha.c:5811 ++#: vms-alpha.c:5812 + #, c-format + msgid " language name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:5815 ++#: vms-alpha.c:5816 + #, c-format + msgid "Source Files Header\n" + msgstr "" + +-#: vms-alpha.c:5816 ++#: vms-alpha.c:5817 + #, c-format + msgid " file: %.*s\n" + msgstr "" + +-#: vms-alpha.c:5820 ++#: vms-alpha.c:5821 + #, c-format + msgid "Title Text Header\n" + msgstr "" + +-#: vms-alpha.c:5821 ++#: vms-alpha.c:5822 + #, c-format + msgid " title: %.*s\n" + msgstr "" + +-#: vms-alpha.c:5825 ++#: vms-alpha.c:5826 + #, c-format + msgid "Copyright Header\n" + msgstr "" + +-#: vms-alpha.c:5826 ++#: vms-alpha.c:5827 + #, c-format + msgid " copyright: %.*s\n" + msgstr "" + +-#: vms-alpha.c:5830 ++#: vms-alpha.c:5831 + #, c-format + msgid "unhandled emh subtype %u\n" + msgstr "" + +-#: vms-alpha.c:5840 ++#: vms-alpha.c:5841 + #, c-format + msgid " EEOM (len=%u):\n" + msgstr "" + +-#: vms-alpha.c:5845 ++#: vms-alpha.c:5846 + #, c-format + msgid " Error: The length is less than the length of an EEOM record\n" + msgstr "" + +-#: vms-alpha.c:5849 ++#: vms-alpha.c:5850 + #, c-format + msgid " number of cond linkage pairs: %u\n" + msgstr "" + +-#: vms-alpha.c:5851 ++#: vms-alpha.c:5852 + #, c-format + msgid " completion code: %u\n" + msgstr "" + +-#: vms-alpha.c:5855 ++#: vms-alpha.c:5856 + #, c-format + msgid " transfer addr flags: 0x%02x\n" + msgstr "" + +-#: vms-alpha.c:5856 ++#: vms-alpha.c:5857 + #, c-format + msgid " transfer addr psect: %u\n" + msgstr "" + +-#: vms-alpha.c:5858 ++#: vms-alpha.c:5859 + #, c-format + msgid " transfer address : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:5867 ++#: vms-alpha.c:5868 + msgid " WEAK" + msgstr "" + +-#: vms-alpha.c:5869 ++#: vms-alpha.c:5870 + msgid " DEF" + msgstr "" + +-#: vms-alpha.c:5871 ++#: vms-alpha.c:5872 + msgid " UNI" + msgstr "" + +-#: vms-alpha.c:5873 vms-alpha.c:5894 ++#: vms-alpha.c:5874 vms-alpha.c:5895 + msgid " REL" + msgstr "" + +-#: vms-alpha.c:5875 ++#: vms-alpha.c:5876 + msgid " COMM" + msgstr "" + +-#: vms-alpha.c:5877 ++#: vms-alpha.c:5878 + msgid " VECEP" + msgstr "" + +-#: vms-alpha.c:5879 ++#: vms-alpha.c:5880 + msgid " NORM" + msgstr "" + +-#: vms-alpha.c:5881 ++#: vms-alpha.c:5882 + msgid " QVAL" + msgstr "" + +-#: vms-alpha.c:5888 ++#: vms-alpha.c:5889 + msgid " PIC" + msgstr "" + +-#: vms-alpha.c:5890 ++#: vms-alpha.c:5891 + msgid " LIB" + msgstr "" + +-#: vms-alpha.c:5892 ++#: vms-alpha.c:5893 + msgid " OVR" + msgstr "" + +-#: vms-alpha.c:5896 ++#: vms-alpha.c:5897 + msgid " GBL" + msgstr "" + +-#: vms-alpha.c:5898 ++#: vms-alpha.c:5899 + msgid " SHR" + msgstr "" + +-#: vms-alpha.c:5900 ++#: vms-alpha.c:5901 + msgid " EXE" + msgstr "" + +-#: vms-alpha.c:5902 ++#: vms-alpha.c:5903 + msgid " RD" + msgstr "" + +-#: vms-alpha.c:5904 ++#: vms-alpha.c:5905 + msgid " WRT" + msgstr "" + +-#: vms-alpha.c:5906 ++#: vms-alpha.c:5907 + msgid " VEC" + msgstr "" + +-#: vms-alpha.c:5908 ++#: vms-alpha.c:5909 + msgid " NOMOD" + msgstr "" + +-#: vms-alpha.c:5910 ++#: vms-alpha.c:5911 + msgid " COM" + msgstr "" + +-#: vms-alpha.c:5912 ++#: vms-alpha.c:5913 + msgid " 64B" + msgstr "" + +-#: vms-alpha.c:5921 ++#: vms-alpha.c:5922 + #, c-format + msgid " EGSD (len=%u):\n" + msgstr "" + +-#: vms-alpha.c:5934 ++#: vms-alpha.c:5935 + #, c-format + msgid " EGSD entry %2u (type: %u, len: %u): " + msgstr "" + +-#: vms-alpha.c:5940 vms-alpha.c:6191 ++#: vms-alpha.c:5941 vms-alpha.c:6192 + #, c-format + msgid " Error: length larger than remaining space in record\n" + msgstr "" + +-#: vms-alpha.c:5952 ++#: vms-alpha.c:5953 + #, c-format + msgid "PSC - Program section definition\n" + msgstr "" + +-#: vms-alpha.c:5953 vms-alpha.c:5970 ++#: vms-alpha.c:5954 vms-alpha.c:5971 + #, c-format + msgid " alignment : 2**%u\n" + msgstr "" + +-#: vms-alpha.c:5954 vms-alpha.c:5971 ++#: vms-alpha.c:5955 vms-alpha.c:5972 + #, c-format + msgid " flags : 0x%04x" + msgstr "" + +-#: vms-alpha.c:5958 ++#: vms-alpha.c:5959 + #, c-format + msgid " alloc (len): %u (0x%08x)\n" + msgstr "" + +-#: vms-alpha.c:5959 vms-alpha.c:6016 vms-alpha.c:6065 ++#: vms-alpha.c:5960 vms-alpha.c:6017 vms-alpha.c:6066 + #, c-format + msgid " name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:5969 ++#: vms-alpha.c:5970 + #, c-format + msgid "SPSC - Shared Image Program section def\n" + msgstr "" + +-#: vms-alpha.c:5975 ++#: vms-alpha.c:5976 + #, c-format + msgid " alloc (len) : %u (0x%08x)\n" + msgstr "" + +-#: vms-alpha.c:5976 ++#: vms-alpha.c:5977 + #, c-format + msgid " image offset : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:5978 ++#: vms-alpha.c:5979 + #, c-format + msgid " symvec offset : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:5980 ++#: vms-alpha.c:5981 + #, c-format + msgid " name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:5993 ++#: vms-alpha.c:5994 + #, c-format + msgid "SYM - Global symbol definition\n" + msgstr "" + +-#: vms-alpha.c:5994 vms-alpha.c:6054 vms-alpha.c:6075 vms-alpha.c:6094 ++#: vms-alpha.c:5995 vms-alpha.c:6055 vms-alpha.c:6076 vms-alpha.c:6095 + #, c-format + msgid " flags: 0x%04x" + msgstr "" + +-#: vms-alpha.c:5997 ++#: vms-alpha.c:5998 + #, c-format + msgid " psect offset: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6001 ++#: vms-alpha.c:6002 + #, c-format + msgid " code address: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6003 ++#: vms-alpha.c:6004 + #, c-format + msgid " psect index for entry point : %u\n" + msgstr "" + +-#: vms-alpha.c:6006 vms-alpha.c:6082 vms-alpha.c:6101 ++#: vms-alpha.c:6007 vms-alpha.c:6083 vms-alpha.c:6102 + #, c-format + msgid " psect index : %u\n" + msgstr "" + +-#: vms-alpha.c:6008 vms-alpha.c:6084 vms-alpha.c:6103 ++#: vms-alpha.c:6009 vms-alpha.c:6085 vms-alpha.c:6104 + #, c-format + msgid " name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:6015 ++#: vms-alpha.c:6016 + #, c-format + msgid "SYM - Global symbol reference\n" + msgstr "" + +-#: vms-alpha.c:6027 ++#: vms-alpha.c:6028 + #, c-format + msgid "IDC - Ident Consistency check\n" + msgstr "" + +-#: vms-alpha.c:6028 ++#: vms-alpha.c:6029 + #, c-format + msgid " flags : 0x%08x" + msgstr "" + +-#: vms-alpha.c:6032 ++#: vms-alpha.c:6033 + #, c-format + msgid " id match : %x\n" + msgstr "" + +-#: vms-alpha.c:6034 ++#: vms-alpha.c:6035 + #, c-format + msgid " error severity: %x\n" + msgstr "" + +-#: vms-alpha.c:6037 ++#: vms-alpha.c:6038 + #, c-format + msgid " entity name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:6039 ++#: vms-alpha.c:6040 + #, c-format + msgid " object name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:6042 ++#: vms-alpha.c:6043 + #, c-format + msgid " binary ident : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6045 ++#: vms-alpha.c:6046 + #, c-format + msgid " ascii ident : %.*s\n" + msgstr "" + +-#: vms-alpha.c:6053 ++#: vms-alpha.c:6054 + #, c-format + msgid "SYMG - Universal symbol definition\n" + msgstr "" + +-#: vms-alpha.c:6057 ++#: vms-alpha.c:6058 + #, c-format + msgid " symbol vector offset: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6059 ++#: vms-alpha.c:6060 + #, c-format + msgid " entry point: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6061 ++#: vms-alpha.c:6062 + #, c-format + msgid " proc descr : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6063 ++#: vms-alpha.c:6064 + #, c-format + msgid " psect index: %u\n" + msgstr "" + +-#: vms-alpha.c:6074 ++#: vms-alpha.c:6075 + #, c-format + msgid "SYMV - Vectored symbol definition\n" + msgstr "" + +-#: vms-alpha.c:6078 ++#: vms-alpha.c:6079 + #, c-format + msgid " vector : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6080 vms-alpha.c:6099 ++#: vms-alpha.c:6081 vms-alpha.c:6100 + #, c-format + msgid " psect offset: %u\n" + msgstr "" + +-#: vms-alpha.c:6093 ++#: vms-alpha.c:6094 + #, c-format + msgid "SYMM - Global symbol definition with version\n" + msgstr "" + +-#: vms-alpha.c:6097 ++#: vms-alpha.c:6098 + #, c-format + msgid " version mask: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6108 ++#: vms-alpha.c:6109 + #, c-format + msgid "unhandled egsd entry type %u\n" + msgstr "" + +-#: vms-alpha.c:6143 ++#: vms-alpha.c:6144 + #, c-format + msgid " linkage index: %u, replacement insn: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6147 ++#: vms-alpha.c:6148 + #, c-format + msgid " psect idx 1: %u, offset 1: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6152 ++#: vms-alpha.c:6153 + #, c-format + msgid " psect idx 2: %u, offset 2: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6158 ++#: vms-alpha.c:6159 + #, c-format + msgid " psect idx 3: %u, offset 3: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6163 ++#: vms-alpha.c:6164 + #, c-format + msgid " global name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:6174 ++#: vms-alpha.c:6175 + #, c-format + msgid " %s (len=%u+%u):\n" + msgstr "" + +-#: vms-alpha.c:6196 ++#: vms-alpha.c:6197 + #, c-format + msgid " (type: %3u, size: 4+%3u): " + msgstr "" + +-#: vms-alpha.c:6200 ++#: vms-alpha.c:6201 + #, c-format + msgid "STA_GBL (stack global) %.*s\n" + msgstr "" + +-#: vms-alpha.c:6204 ++#: vms-alpha.c:6205 + #, c-format + msgid "STA_LW (stack longword) 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6208 ++#: vms-alpha.c:6209 + #, c-format + msgid "STA_QW (stack quadword) 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6213 ++#: vms-alpha.c:6214 + #, c-format + msgid "STA_PQ (stack psect base + offset)\n" + msgstr "" + +-#: vms-alpha.c:6215 ++#: vms-alpha.c:6216 + #, c-format + msgid " psect: %u, offset: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6221 ++#: vms-alpha.c:6222 + #, c-format + msgid "STA_LI (stack literal)\n" + msgstr "" + +-#: vms-alpha.c:6224 ++#: vms-alpha.c:6225 + #, c-format + msgid "STA_MOD (stack module)\n" + msgstr "" + +-#: vms-alpha.c:6227 ++#: vms-alpha.c:6228 + #, c-format + msgid "STA_CKARG (compare procedure argument)\n" + msgstr "" + +-#: vms-alpha.c:6231 ++#: vms-alpha.c:6232 + #, c-format + msgid "STO_B (store byte)\n" + msgstr "" + +-#: vms-alpha.c:6234 ++#: vms-alpha.c:6235 + #, c-format + msgid "STO_W (store word)\n" + msgstr "" + +-#: vms-alpha.c:6237 ++#: vms-alpha.c:6238 + #, c-format + msgid "STO_LW (store longword)\n" + msgstr "" + +-#: vms-alpha.c:6240 ++#: vms-alpha.c:6241 + #, c-format + msgid "STO_QW (store quadword)\n" + msgstr "" + +-#: vms-alpha.c:6246 ++#: vms-alpha.c:6247 + #, c-format + msgid "STO_IMMR (store immediate repeat) %u bytes\n" + msgstr "" + +-#: vms-alpha.c:6253 ++#: vms-alpha.c:6254 + #, c-format + msgid "STO_GBL (store global) %.*s\n" + msgstr "" + +-#: vms-alpha.c:6257 ++#: vms-alpha.c:6258 + #, c-format + msgid "STO_CA (store code address) %.*s\n" + msgstr "" + +-#: vms-alpha.c:6261 ++#: vms-alpha.c:6262 + #, c-format + msgid "STO_RB (store relative branch)\n" + msgstr "" + +-#: vms-alpha.c:6264 ++#: vms-alpha.c:6265 + #, c-format + msgid "STO_AB (store absolute branch)\n" + msgstr "" + +-#: vms-alpha.c:6267 ++#: vms-alpha.c:6268 + #, c-format + msgid "STO_OFF (store offset to psect)\n" + msgstr "" + +-#: vms-alpha.c:6273 ++#: vms-alpha.c:6274 + #, c-format + msgid "STO_IMM (store immediate) %u bytes\n" + msgstr "" + +-#: vms-alpha.c:6280 ++#: vms-alpha.c:6281 + #, c-format + msgid "STO_GBL_LW (store global longword) %.*s\n" + msgstr "" + +-#: vms-alpha.c:6284 ++#: vms-alpha.c:6285 + #, c-format + msgid "STO_OFF (store LP with procedure signature)\n" + msgstr "" + +-#: vms-alpha.c:6287 ++#: vms-alpha.c:6288 + #, c-format + msgid "STO_BR_GBL (store branch global) *todo*\n" + msgstr "" + +-#: vms-alpha.c:6290 ++#: vms-alpha.c:6291 + #, c-format + msgid "STO_BR_PS (store branch psect + offset) *todo*\n" + msgstr "" + +-#: vms-alpha.c:6294 ++#: vms-alpha.c:6295 + #, c-format + msgid "OPR_NOP (no-operation)\n" + msgstr "" + +-#: vms-alpha.c:6297 ++#: vms-alpha.c:6298 + #, c-format + msgid "OPR_ADD (add)\n" + msgstr "" + +-#: vms-alpha.c:6300 ++#: vms-alpha.c:6301 + #, c-format + msgid "OPR_SUB (subtract)\n" + msgstr "" + +-#: vms-alpha.c:6303 ++#: vms-alpha.c:6304 + #, c-format + msgid "OPR_MUL (multiply)\n" + msgstr "" + +-#: vms-alpha.c:6306 ++#: vms-alpha.c:6307 + #, c-format + msgid "OPR_DIV (divide)\n" + msgstr "" + +-#: vms-alpha.c:6309 ++#: vms-alpha.c:6310 + #, c-format + msgid "OPR_AND (logical and)\n" + msgstr "" + +-#: vms-alpha.c:6312 ++#: vms-alpha.c:6313 + #, c-format + msgid "OPR_IOR (logical inclusive or)\n" + msgstr "" + +-#: vms-alpha.c:6315 ++#: vms-alpha.c:6316 + #, c-format + msgid "OPR_EOR (logical exclusive or)\n" + msgstr "" + +-#: vms-alpha.c:6318 ++#: vms-alpha.c:6319 + #, c-format + msgid "OPR_NEG (negate)\n" + msgstr "" + +-#: vms-alpha.c:6321 ++#: vms-alpha.c:6322 + #, c-format + msgid "OPR_COM (complement)\n" + msgstr "" + +-#: vms-alpha.c:6324 ++#: vms-alpha.c:6325 + #, c-format + msgid "OPR_INSV (insert field)\n" + msgstr "" + +-#: vms-alpha.c:6327 ++#: vms-alpha.c:6328 + #, c-format + msgid "OPR_ASH (arithmetic shift)\n" + msgstr "" + +-#: vms-alpha.c:6330 ++#: vms-alpha.c:6331 + #, c-format + msgid "OPR_USH (unsigned shift)\n" + msgstr "" + +-#: vms-alpha.c:6333 ++#: vms-alpha.c:6334 + #, c-format + msgid "OPR_ROT (rotate)\n" + msgstr "" + +-#: vms-alpha.c:6336 ++#: vms-alpha.c:6337 + #, c-format + msgid "OPR_SEL (select)\n" + msgstr "" + +-#: vms-alpha.c:6339 ++#: vms-alpha.c:6340 + #, c-format + msgid "OPR_REDEF (redefine symbol to curr location)\n" + msgstr "" + +-#: vms-alpha.c:6342 ++#: vms-alpha.c:6343 + #, c-format + msgid "OPR_REDEF (define a literal)\n" + msgstr "" + +-#: vms-alpha.c:6346 ++#: vms-alpha.c:6347 + #, c-format + msgid "STC_LP (store cond linkage pair)\n" + msgstr "" + +-#: vms-alpha.c:6350 ++#: vms-alpha.c:6351 + #, c-format + msgid "STC_LP_PSB (store cond linkage pair + signature)\n" + msgstr "" + +-#: vms-alpha.c:6352 ++#: vms-alpha.c:6353 + #, c-format + msgid " linkage index: %u, procedure: %.*s\n" + msgstr "" + +-#: vms-alpha.c:6355 ++#: vms-alpha.c:6356 + #, c-format + msgid " signature: %.*s\n" + msgstr "" + +-#: vms-alpha.c:6358 ++#: vms-alpha.c:6359 + #, c-format + msgid "STC_GBL (store cond global)\n" + msgstr "" + +-#: vms-alpha.c:6360 ++#: vms-alpha.c:6361 + #, c-format + msgid " linkage index: %u, global: %.*s\n" + msgstr "" + +-#: vms-alpha.c:6364 ++#: vms-alpha.c:6365 + #, c-format + msgid "STC_GCA (store cond code address)\n" + msgstr "" + +-#: vms-alpha.c:6366 ++#: vms-alpha.c:6367 + #, c-format + msgid " linkage index: %u, procedure name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:6370 ++#: vms-alpha.c:6371 + #, c-format + msgid "STC_PS (store cond psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6373 ++#: vms-alpha.c:6374 + #, c-format + msgid " linkage index: %u, psect: %u, offset: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6380 ++#: vms-alpha.c:6381 + #, c-format + msgid "STC_NOP_GBL (store cond NOP at global addr)\n" + msgstr "" + +-#: vms-alpha.c:6384 ++#: vms-alpha.c:6385 + #, c-format + msgid "STC_NOP_PS (store cond NOP at psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6388 ++#: vms-alpha.c:6389 + #, c-format + msgid "STC_BSR_GBL (store cond BSR at global addr)\n" + msgstr "" + +-#: vms-alpha.c:6392 ++#: vms-alpha.c:6393 + #, c-format + msgid "STC_BSR_PS (store cond BSR at psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6396 ++#: vms-alpha.c:6397 + #, c-format + msgid "STC_LDA_GBL (store cond LDA at global addr)\n" + msgstr "" + +-#: vms-alpha.c:6400 ++#: vms-alpha.c:6401 + #, c-format + msgid "STC_LDA_PS (store cond LDA at psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6404 ++#: vms-alpha.c:6405 + #, c-format + msgid "STC_BOH_GBL (store cond BOH at global addr)\n" + msgstr "" + +-#: vms-alpha.c:6408 ++#: vms-alpha.c:6409 + #, c-format + msgid "STC_BOH_PS (store cond BOH at psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6413 ++#: vms-alpha.c:6414 + #, c-format + msgid "STC_NBH_GBL (store cond or hint at global addr)\n" + msgstr "" + +-#: vms-alpha.c:6417 ++#: vms-alpha.c:6418 + #, c-format + msgid "STC_NBH_PS (store cond or hint at psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6421 ++#: vms-alpha.c:6422 + #, c-format + msgid "CTL_SETRB (set relocation base)\n" + msgstr "" + +-#: vms-alpha.c:6427 ++#: vms-alpha.c:6428 + #, c-format + msgid "CTL_AUGRB (augment relocation base) %u\n" + msgstr "" + +-#: vms-alpha.c:6431 ++#: vms-alpha.c:6432 + #, c-format + msgid "CTL_DFLOC (define location)\n" + msgstr "" + +-#: vms-alpha.c:6434 ++#: vms-alpha.c:6435 + #, c-format + msgid "CTL_STLOC (set location)\n" + msgstr "" + +-#: vms-alpha.c:6437 ++#: vms-alpha.c:6438 + #, c-format + msgid "CTL_STKDL (stack defined location)\n" + msgstr "" + +-#: vms-alpha.c:6440 vms-alpha.c:6864 vms-alpha.c:6990 ++#: vms-alpha.c:6441 vms-alpha.c:6865 vms-alpha.c:6991 + #, c-format + msgid "*unhandled*\n" + msgstr "" + +-#: vms-alpha.c:6470 vms-alpha.c:6509 ++#: vms-alpha.c:6471 vms-alpha.c:6510 + #, c-format + msgid "cannot read GST record length\n" + msgstr "" + + #. Ill-formed. +-#: vms-alpha.c:6491 ++#: vms-alpha.c:6492 + #, c-format + msgid "cannot find EMH in first GST record\n" + msgstr "" + +-#: vms-alpha.c:6517 ++#: vms-alpha.c:6518 + #, c-format + msgid "cannot read GST record header\n" + msgstr "" + +-#: vms-alpha.c:6530 ++#: vms-alpha.c:6531 + #, c-format + msgid " corrupted GST\n" + msgstr "" + +-#: vms-alpha.c:6538 ++#: vms-alpha.c:6539 + #, c-format + msgid "cannot read GST record\n" + msgstr "" + +-#: vms-alpha.c:6567 ++#: vms-alpha.c:6568 + #, c-format + msgid " unhandled EOBJ record type %u\n" + msgstr "" + +-#: vms-alpha.c:6591 ++#: vms-alpha.c:6592 + #, c-format + msgid " bitcount: %u, base addr: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6605 ++#: vms-alpha.c:6606 + #, c-format + msgid " bitmap: 0x%08x (count: %u):\n" + msgstr "" + +-#: vms-alpha.c:6612 ++#: vms-alpha.c:6613 + #, c-format + msgid " %08x" + msgstr "" + +-#: vms-alpha.c:6638 ++#: vms-alpha.c:6639 + #, c-format + msgid " image %u (%u entries)\n" + msgstr "" + +-#: vms-alpha.c:6644 ++#: vms-alpha.c:6645 + #, c-format + msgid " offset: 0x%08x, val: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6666 ++#: vms-alpha.c:6667 + #, c-format + msgid " image %u (%u entries), offsets:\n" + msgstr "" + +-#: vms-alpha.c:6673 ++#: vms-alpha.c:6674 + #, c-format + msgid " 0x%08x" + msgstr "" + + #. 64 bits. +-#: vms-alpha.c:6795 ++#: vms-alpha.c:6796 + #, c-format + msgid "64 bits *unhandled*\n" + msgstr "" + +-#: vms-alpha.c:6800 ++#: vms-alpha.c:6801 + #, c-format + msgid "class: %u, dtype: %u, length: %u, pointer: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6811 ++#: vms-alpha.c:6812 + #, c-format + msgid "non-contiguous array of %s\n" + msgstr "" + +-#: vms-alpha.c:6816 ++#: vms-alpha.c:6817 + #, c-format + msgid "dimct: %u, aflags: 0x%02x, digits: %u, scale: %u\n" + msgstr "" + +-#: vms-alpha.c:6821 ++#: vms-alpha.c:6822 + #, c-format + msgid "arsize: %u, a0: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6825 ++#: vms-alpha.c:6826 + #, c-format + msgid "Strides:\n" + msgstr "" + +-#: vms-alpha.c:6835 ++#: vms-alpha.c:6836 + #, c-format + msgid "Bounds:\n" + msgstr "" + +-#: vms-alpha.c:6841 ++#: vms-alpha.c:6842 + #, c-format + msgid "[%u]: Lower: %u, upper: %u\n" + msgstr "" + +-#: vms-alpha.c:6853 ++#: vms-alpha.c:6854 + #, c-format + msgid "unaligned bit-string of %s\n" + msgstr "" + +-#: vms-alpha.c:6858 ++#: vms-alpha.c:6859 + #, c-format + msgid "base: %u, pos: %u\n" + msgstr "" + +-#: vms-alpha.c:6879 ++#: vms-alpha.c:6880 + #, c-format + msgid "vflags: 0x%02x, value: 0x%08x " + msgstr "" + +-#: vms-alpha.c:6885 ++#: vms-alpha.c:6886 + #, c-format + msgid "(no value)\n" + msgstr "" + +-#: vms-alpha.c:6888 ++#: vms-alpha.c:6889 + #, c-format + msgid "(not active)\n" + msgstr "" + +-#: vms-alpha.c:6891 ++#: vms-alpha.c:6892 + #, c-format + msgid "(not allocated)\n" + msgstr "" + +-#: vms-alpha.c:6894 ++#: vms-alpha.c:6895 + #, c-format + msgid "(descriptor)\n" + msgstr "" + +-#: vms-alpha.c:6898 ++#: vms-alpha.c:6899 + #, c-format + msgid "(trailing value)\n" + msgstr "" + +-#: vms-alpha.c:6901 ++#: vms-alpha.c:6902 + #, c-format + msgid "(value spec follows)\n" + msgstr "" + +-#: vms-alpha.c:6904 ++#: vms-alpha.c:6905 + #, c-format + msgid "(at bit offset %u)\n" + msgstr "" + +-#: vms-alpha.c:6908 ++#: vms-alpha.c:6909 + #, c-format + msgid "(reg: %u, disp: %u, indir: %u, kind: " + msgstr "" + +-#: vms-alpha.c:6915 ++#: vms-alpha.c:6916 + msgid "literal" + msgstr "" + +-#: vms-alpha.c:6918 ++#: vms-alpha.c:6919 + msgid "address" + msgstr "" + +-#: vms-alpha.c:6921 ++#: vms-alpha.c:6922 + msgid "desc" + msgstr "" + +-#: vms-alpha.c:6924 ++#: vms-alpha.c:6925 + msgid "reg" + msgstr "" + +-#: vms-alpha.c:6941 ++#: vms-alpha.c:6942 + #, c-format + msgid "len: %2u, kind: %2u " + msgstr "" + +-#: vms-alpha.c:6947 ++#: vms-alpha.c:6948 + #, c-format + msgid "atomic, type=0x%02x %s\n" + msgstr "" + +-#: vms-alpha.c:6951 ++#: vms-alpha.c:6952 + #, c-format + msgid "indirect, defined at 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6955 ++#: vms-alpha.c:6956 + #, c-format + msgid "typed pointer\n" + msgstr "" + +-#: vms-alpha.c:6959 ++#: vms-alpha.c:6960 + #, c-format + msgid "pointer\n" + msgstr "" + +-#: vms-alpha.c:6967 ++#: vms-alpha.c:6968 + #, c-format + msgid "array, dim: %u, bitmap: " + msgstr "" + +-#: vms-alpha.c:6974 ++#: vms-alpha.c:6975 + #, c-format + msgid "array descriptor:\n" + msgstr "" + +-#: vms-alpha.c:6981 ++#: vms-alpha.c:6982 + #, c-format + msgid "type spec for element:\n" + msgstr "" + +-#: vms-alpha.c:6983 ++#: vms-alpha.c:6984 + #, c-format + msgid "type spec for subscript %u:\n" + msgstr "" + +-#: vms-alpha.c:7001 ++#: vms-alpha.c:7002 + #, c-format + msgid "Debug symbol table:\n" + msgstr "" + +-#: vms-alpha.c:7012 ++#: vms-alpha.c:7013 + #, c-format + msgid "cannot read DST header\n" + msgstr "" + +-#: vms-alpha.c:7018 ++#: vms-alpha.c:7019 + #, c-format + msgid " type: %3u, len: %3u (at 0x%08x): " + msgstr "" + +-#: vms-alpha.c:7032 ++#: vms-alpha.c:7033 + #, c-format + msgid "cannot read DST symbol\n" + msgstr "" + +-#: vms-alpha.c:7075 ++#: vms-alpha.c:7076 + #, c-format + msgid "standard data: %s\n" + msgstr "" + +-#: vms-alpha.c:7078 vms-alpha.c:7166 ++#: vms-alpha.c:7079 vms-alpha.c:7167 + #, c-format + msgid " name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7085 ++#: vms-alpha.c:7086 + #, c-format + msgid "modbeg\n" + msgstr "" + +-#: vms-alpha.c:7087 ++#: vms-alpha.c:7088 + #, c-format + msgid " flags: %d, language: %u, major: %u, minor: %u\n" + msgstr "" + +-#: vms-alpha.c:7093 vms-alpha.c:7367 ++#: vms-alpha.c:7094 vms-alpha.c:7368 + #, c-format + msgid " module name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7096 ++#: vms-alpha.c:7097 + #, c-format + msgid " compiler : %.*s\n" + msgstr "" + +-#: vms-alpha.c:7101 ++#: vms-alpha.c:7102 + #, c-format + msgid "modend\n" + msgstr "" + +-#: vms-alpha.c:7108 ++#: vms-alpha.c:7109 + msgid "rtnbeg\n" + msgstr "" + +-#: vms-alpha.c:7110 ++#: vms-alpha.c:7111 + #, c-format + msgid " flags: %u, address: 0x%08x, pd-address: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7115 ++#: vms-alpha.c:7116 + #, c-format + msgid " routine name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7123 ++#: vms-alpha.c:7124 + #, c-format + msgid "rtnend: size 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7131 ++#: vms-alpha.c:7132 + #, c-format + msgid "prolog: bkpt address 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7140 ++#: vms-alpha.c:7141 + #, c-format + msgid "epilog: flags: %u, count: %u\n" + msgstr "" + +-#: vms-alpha.c:7150 ++#: vms-alpha.c:7151 + #, c-format + msgid "blkbeg: address: 0x%08x, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7159 ++#: vms-alpha.c:7160 + #, c-format + msgid "blkend: size: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7165 ++#: vms-alpha.c:7166 + #, c-format + msgid "typspec (len: %u)\n" + msgstr "" + +-#: vms-alpha.c:7172 ++#: vms-alpha.c:7173 + #, c-format + msgid "septyp, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7181 ++#: vms-alpha.c:7182 + #, c-format + msgid "recbeg: name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7183 ++#: vms-alpha.c:7184 + #, c-format + msgid " len: %u bits\n" + msgstr "" + +-#: vms-alpha.c:7188 ++#: vms-alpha.c:7189 + #, c-format + msgid "recend\n" + msgstr "" + +-#: vms-alpha.c:7192 ++#: vms-alpha.c:7193 + #, c-format + msgid "enumbeg, len: %u, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7196 ++#: vms-alpha.c:7197 + #, c-format + msgid "enumelt, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7200 ++#: vms-alpha.c:7201 + #, c-format + msgid "enumend\n" + msgstr "" + +-#: vms-alpha.c:7205 ++#: vms-alpha.c:7206 + #, c-format + msgid "label, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7207 ++#: vms-alpha.c:7208 + #, c-format + msgid " address: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7217 ++#: vms-alpha.c:7218 + #, c-format + msgid "discontiguous range (nbr: %u)\n" + msgstr "" + +-#: vms-alpha.c:7220 ++#: vms-alpha.c:7221 + #, c-format + msgid " address: 0x%08x, size: %u\n" + msgstr "" + +-#: vms-alpha.c:7230 ++#: vms-alpha.c:7231 + #, c-format + msgid "line num (len: %u)\n" + msgstr "" + +-#: vms-alpha.c:7247 ++#: vms-alpha.c:7248 + #, c-format + msgid "delta_pc_w %u\n" + msgstr "" + +-#: vms-alpha.c:7254 ++#: vms-alpha.c:7255 + #, c-format + msgid "incr_linum(b): +%u\n" + msgstr "" + +-#: vms-alpha.c:7260 ++#: vms-alpha.c:7261 + #, c-format + msgid "incr_linum_w: +%u\n" + msgstr "" + +-#: vms-alpha.c:7266 ++#: vms-alpha.c:7267 + #, c-format + msgid "incr_linum_l: +%u\n" + msgstr "" + +-#: vms-alpha.c:7272 ++#: vms-alpha.c:7273 + #, c-format + msgid "set_line_num(w) %u\n" + msgstr "" + +-#: vms-alpha.c:7277 ++#: vms-alpha.c:7278 + #, c-format + msgid "set_line_num_b %u\n" + msgstr "" + +-#: vms-alpha.c:7282 ++#: vms-alpha.c:7283 + #, c-format + msgid "set_line_num_l %u\n" + msgstr "" + +-#: vms-alpha.c:7287 ++#: vms-alpha.c:7288 + #, c-format + msgid "set_abs_pc: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7291 ++#: vms-alpha.c:7292 + #, c-format + msgid "delta_pc_l: +0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7296 ++#: vms-alpha.c:7297 + #, c-format + msgid "term(b): 0x%02x" + msgstr "" + +-#: vms-alpha.c:7298 ++#: vms-alpha.c:7299 + #, c-format + msgid " pc: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7303 ++#: vms-alpha.c:7304 + #, c-format + msgid "term_w: 0x%04x" + msgstr "" + +-#: vms-alpha.c:7305 ++#: vms-alpha.c:7306 + #, c-format + msgid " pc: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7311 ++#: vms-alpha.c:7312 + #, c-format + msgid "delta pc +%-4d" + msgstr "" + +-#: vms-alpha.c:7315 ++#: vms-alpha.c:7316 + #, c-format + msgid " pc: 0x%08x line: %5u\n" + msgstr "" + +-#: vms-alpha.c:7320 ++#: vms-alpha.c:7321 + #, c-format + msgid " *unhandled* cmd %u\n" + msgstr "" + +-#: vms-alpha.c:7335 ++#: vms-alpha.c:7336 + #, c-format + msgid "source (len: %u)\n" + msgstr "" + +-#: vms-alpha.c:7350 ++#: vms-alpha.c:7351 + #, c-format + msgid " declfile: len: %u, flags: %u, fileid: %u\n" + msgstr "" + +-#: vms-alpha.c:7355 ++#: vms-alpha.c:7356 + #, c-format + msgid " rms: cdt: 0x%08x %08x, ebk: 0x%08x, ffb: 0x%04x, rfo: %u\n" + msgstr "" + +-#: vms-alpha.c:7364 ++#: vms-alpha.c:7365 + #, c-format + msgid " filename : %.*s\n" + msgstr "" + +-#: vms-alpha.c:7373 ++#: vms-alpha.c:7374 + #, c-format + msgid " setfile %u\n" + msgstr "" + +-#: vms-alpha.c:7378 vms-alpha.c:7383 ++#: vms-alpha.c:7379 vms-alpha.c:7384 + #, c-format + msgid " setrec %u\n" + msgstr "" + +-#: vms-alpha.c:7388 vms-alpha.c:7393 ++#: vms-alpha.c:7389 vms-alpha.c:7394 + #, c-format + msgid " setlnum %u\n" + msgstr "" + +-#: vms-alpha.c:7398 vms-alpha.c:7403 ++#: vms-alpha.c:7399 vms-alpha.c:7404 + #, c-format + msgid " deflines %u\n" + msgstr "" + +-#: vms-alpha.c:7407 ++#: vms-alpha.c:7408 + #, c-format + msgid " formfeed\n" + msgstr "" + +-#: vms-alpha.c:7411 ++#: vms-alpha.c:7412 + #, c-format + msgid " *unhandled* cmd %u\n" + msgstr "" + +-#: vms-alpha.c:7423 ++#: vms-alpha.c:7424 + #, c-format + msgid "*unhandled* dst type %u\n" + msgstr "" + +-#: vms-alpha.c:7455 ++#: vms-alpha.c:7456 + #, c-format + msgid "cannot read EIHD\n" + msgstr "" + +-#: vms-alpha.c:7459 ++#: vms-alpha.c:7460 + #, c-format + msgid "EIHD: (size: %u, nbr blocks: %u)\n" + msgstr "" + +-#: vms-alpha.c:7463 ++#: vms-alpha.c:7464 + #, c-format + msgid " majorid: %u, minorid: %u\n" + msgstr "" + +-#: vms-alpha.c:7471 ++#: vms-alpha.c:7472 + msgid "executable" + msgstr "" + +-#: vms-alpha.c:7474 ++#: vms-alpha.c:7475 + msgid "linkable image" + msgstr "" + +-#: vms-alpha.c:7481 ++#: vms-alpha.c:7482 + #, c-format + msgid " image type: %u (%s)" + msgstr "" + +-#: vms-alpha.c:7487 ++#: vms-alpha.c:7488 + msgid "native" + msgstr "" + +-#: vms-alpha.c:7490 ++#: vms-alpha.c:7491 + msgid "CLI" + msgstr "" + +-#: vms-alpha.c:7497 ++#: vms-alpha.c:7498 + #, c-format + msgid ", subtype: %u (%s)\n" + msgstr "" + +-#: vms-alpha.c:7504 ++#: vms-alpha.c:7505 + #, c-format + msgid " offsets: isd: %u, activ: %u, symdbg: %u, imgid: %u, patch: %u\n" + msgstr "" + +-#: vms-alpha.c:7508 ++#: vms-alpha.c:7509 + #, c-format + msgid " fixup info rva: " + msgstr "" + +-#: vms-alpha.c:7510 ++#: vms-alpha.c:7511 + #, c-format + msgid ", symbol vector rva: " + msgstr "" + +-#: vms-alpha.c:7513 ++#: vms-alpha.c:7514 + #, c-format + msgid "" + "\n" + " version array off: %u\n" + msgstr "" + +-#: vms-alpha.c:7518 ++#: vms-alpha.c:7519 + #, c-format + msgid " img I/O count: %u, nbr channels: %u, req pri: %08x%08x\n" + msgstr "" + +-#: vms-alpha.c:7524 ++#: vms-alpha.c:7525 + #, c-format + msgid " linker flags: %08x:" + msgstr "" + +-#: vms-alpha.c:7555 ++#: vms-alpha.c:7556 + #, c-format + msgid " ident: 0x%08x, sysver: 0x%08x, match ctrl: %u, symvect_size: %u\n" + msgstr "" + +-#: vms-alpha.c:7561 ++#: vms-alpha.c:7562 + #, c-format + msgid " BPAGE: %u" + msgstr "" + +-#: vms-alpha.c:7568 ++#: vms-alpha.c:7569 + #, c-format + msgid ", ext fixup offset: %u, no_opt psect off: %u" + msgstr "" + +-#: vms-alpha.c:7571 ++#: vms-alpha.c:7572 + #, c-format + msgid ", alias: %u\n" + msgstr "" + +-#: vms-alpha.c:7579 ++#: vms-alpha.c:7580 + #, c-format + msgid "system version array information:\n" + msgstr "" + +-#: vms-alpha.c:7583 ++#: vms-alpha.c:7584 + #, c-format + msgid "cannot read EIHVN header\n" + msgstr "" + +-#: vms-alpha.c:7593 ++#: vms-alpha.c:7594 + #, c-format + msgid "cannot read EIHVN version\n" + msgstr "" + +-#: vms-alpha.c:7596 ++#: vms-alpha.c:7597 + #, c-format + msgid " %02u " + msgstr "" + +-#: vms-alpha.c:7600 ++#: vms-alpha.c:7601 + msgid "BASE_IMAGE " + msgstr "" + +-#: vms-alpha.c:7603 ++#: vms-alpha.c:7604 + msgid "MEMORY_MANAGEMENT" + msgstr "" + +-#: vms-alpha.c:7606 ++#: vms-alpha.c:7607 + msgid "IO " + msgstr "" + +-#: vms-alpha.c:7609 ++#: vms-alpha.c:7610 + msgid "FILES_VOLUMES " + msgstr "" + +-#: vms-alpha.c:7612 ++#: vms-alpha.c:7613 + msgid "PROCESS_SCHED " + msgstr "" + +-#: vms-alpha.c:7615 ++#: vms-alpha.c:7616 + msgid "SYSGEN " + msgstr "" + +-#: vms-alpha.c:7618 ++#: vms-alpha.c:7619 + msgid "CLUSTERS_LOCKMGR " + msgstr "" + +-#: vms-alpha.c:7621 ++#: vms-alpha.c:7622 + msgid "LOGICAL_NAMES " + msgstr "" + +-#: vms-alpha.c:7624 ++#: vms-alpha.c:7625 + msgid "SECURITY " + msgstr "" + +-#: vms-alpha.c:7627 ++#: vms-alpha.c:7628 + msgid "IMAGE_ACTIVATOR " + msgstr "" + +-#: vms-alpha.c:7630 ++#: vms-alpha.c:7631 + msgid "NETWORKS " + msgstr "" + +-#: vms-alpha.c:7633 ++#: vms-alpha.c:7634 + msgid "COUNTERS " + msgstr "" + +-#: vms-alpha.c:7636 ++#: vms-alpha.c:7637 + msgid "STABLE " + msgstr "" + +-#: vms-alpha.c:7639 ++#: vms-alpha.c:7640 + msgid "MISC " + msgstr "" + +-#: vms-alpha.c:7642 ++#: vms-alpha.c:7643 + msgid "CPU " + msgstr "" + +-#: vms-alpha.c:7645 ++#: vms-alpha.c:7646 + msgid "VOLATILE " + msgstr "" + +-#: vms-alpha.c:7648 ++#: vms-alpha.c:7649 + msgid "SHELL " + msgstr "" + +-#: vms-alpha.c:7651 ++#: vms-alpha.c:7652 + msgid "POSIX " + msgstr "" + +-#: vms-alpha.c:7654 ++#: vms-alpha.c:7655 + msgid "MULTI_PROCESSING " + msgstr "" + +-#: vms-alpha.c:7657 ++#: vms-alpha.c:7658 + msgid "GALAXY " + msgstr "" + +-#: vms-alpha.c:7660 ++#: vms-alpha.c:7661 + msgid "*unknown* " + msgstr "" + +-#: vms-alpha.c:7676 vms-alpha.c:7951 ++#: vms-alpha.c:7677 vms-alpha.c:7952 + #, c-format + msgid "cannot read EIHA\n" + msgstr "" + +-#: vms-alpha.c:7679 ++#: vms-alpha.c:7680 + #, c-format + msgid "Image activation: (size=%u)\n" + msgstr "" + +-#: vms-alpha.c:7682 ++#: vms-alpha.c:7683 + #, c-format + msgid " First address : 0x%08x 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7686 ++#: vms-alpha.c:7687 + #, c-format + msgid " Second address: 0x%08x 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7690 ++#: vms-alpha.c:7691 + #, c-format + msgid " Third address : 0x%08x 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7694 ++#: vms-alpha.c:7695 + #, c-format + msgid " Fourth address: 0x%08x 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7698 ++#: vms-alpha.c:7699 + #, c-format + msgid " Shared image : 0x%08x 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7709 ++#: vms-alpha.c:7710 + #, c-format + msgid "cannot read EIHI\n" + msgstr "" + +-#: vms-alpha.c:7713 ++#: vms-alpha.c:7714 + #, c-format + msgid "Image identification: (major: %u, minor: %u)\n" + msgstr "" + +-#: vms-alpha.c:7716 ++#: vms-alpha.c:7717 + #, c-format + msgid " image name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:7718 ++#: vms-alpha.c:7719 + #, c-format + msgid " link time : %s\n" + msgstr "" + +-#: vms-alpha.c:7720 ++#: vms-alpha.c:7721 + #, c-format + msgid " image ident : %.*s\n" + msgstr "" + +-#: vms-alpha.c:7722 ++#: vms-alpha.c:7723 + #, c-format + msgid " linker ident : %.*s\n" + msgstr "" + +-#: vms-alpha.c:7724 ++#: vms-alpha.c:7725 + #, c-format + msgid " image build ident: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7734 ++#: vms-alpha.c:7735 + #, c-format + msgid "cannot read EIHS\n" + msgstr "" + +-#: vms-alpha.c:7738 ++#: vms-alpha.c:7739 + #, c-format + msgid "Image symbol & debug table: (major: %u, minor: %u)\n" + msgstr "" + +-#: vms-alpha.c:7744 ++#: vms-alpha.c:7745 + #, c-format + msgid " debug symbol table : vbn: %u, size: %u (0x%x)\n" + msgstr "" + +-#: vms-alpha.c:7749 ++#: vms-alpha.c:7750 + #, c-format + msgid " global symbol table: vbn: %u, records: %u\n" + msgstr "" + +-#: vms-alpha.c:7754 ++#: vms-alpha.c:7755 + #, c-format + msgid " debug module table : vbn: %u, size: %u\n" + msgstr "" + +-#: vms-alpha.c:7767 ++#: vms-alpha.c:7768 + #, c-format + msgid "cannot read EISD\n" + msgstr "" + +-#: vms-alpha.c:7778 ++#: vms-alpha.c:7779 + #, c-format + msgid "" + "Image section descriptor: (major: %u, minor: %u, size: %u, offset: %u)\n" + msgstr "" + +-#: vms-alpha.c:7786 ++#: vms-alpha.c:7787 + #, c-format + msgid " section: base: 0x%08x%08x size: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7791 ++#: vms-alpha.c:7792 + #, c-format + msgid " flags: 0x%04x" + msgstr "" + +-#: vms-alpha.c:7829 ++#: vms-alpha.c:7830 + #, c-format + msgid " vbn: %u, pfc: %u, matchctl: %u type: %u (" + msgstr "" + +-#: vms-alpha.c:7835 ++#: vms-alpha.c:7836 + msgid "NORMAL" + msgstr "" + +-#: vms-alpha.c:7838 ++#: vms-alpha.c:7839 + msgid "SHRFXD" + msgstr "" + +-#: vms-alpha.c:7841 ++#: vms-alpha.c:7842 + msgid "PRVFXD" + msgstr "" + +-#: vms-alpha.c:7844 ++#: vms-alpha.c:7845 + msgid "SHRPIC" + msgstr "" + +-#: vms-alpha.c:7847 ++#: vms-alpha.c:7848 + msgid "PRVPIC" + msgstr "" + +-#: vms-alpha.c:7850 ++#: vms-alpha.c:7851 + msgid "USRSTACK" + msgstr "" + +-#: vms-alpha.c:7856 ++#: vms-alpha.c:7857 + msgid ")\n" + msgstr "" + +-#: vms-alpha.c:7859 ++#: vms-alpha.c:7860 + #, c-format + msgid " ident: 0x%08x, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7869 ++#: vms-alpha.c:7870 + #, c-format + msgid "cannot read DMT\n" + msgstr "" + +-#: vms-alpha.c:7873 ++#: vms-alpha.c:7874 + #, c-format + msgid "Debug module table:\n" + msgstr "" + +-#: vms-alpha.c:7882 ++#: vms-alpha.c:7883 + #, c-format + msgid "cannot read DMT header\n" + msgstr "" + +-#: vms-alpha.c:7888 ++#: vms-alpha.c:7889 + #, c-format + msgid " module offset: 0x%08x, size: 0x%08x, (%u psects)\n" + msgstr "" + +-#: vms-alpha.c:7898 ++#: vms-alpha.c:7899 + #, c-format + msgid "cannot read DMT psect\n" + msgstr "" + +-#: vms-alpha.c:7902 ++#: vms-alpha.c:7903 + #, c-format + msgid " psect start: 0x%08x, length: %u\n" + msgstr "" + +-#: vms-alpha.c:7915 ++#: vms-alpha.c:7916 + #, c-format + msgid "cannot read DST\n" + msgstr "" + +-#: vms-alpha.c:7925 ++#: vms-alpha.c:7926 + #, c-format + msgid "cannot read GST\n" + msgstr "" + +-#: vms-alpha.c:7929 ++#: vms-alpha.c:7930 + #, c-format + msgid "Global symbol table:\n" + msgstr "" + +-#: vms-alpha.c:7958 ++#: vms-alpha.c:7959 + #, c-format + msgid "Image activator fixup: (major: %u, minor: %u)\n" + msgstr "" + +-#: vms-alpha.c:7962 ++#: vms-alpha.c:7963 + #, c-format + msgid " iaflink : 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:7966 ++#: vms-alpha.c:7967 + #, c-format + msgid " fixuplnk: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:7969 ++#: vms-alpha.c:7970 + #, c-format + msgid " size : %u\n" + msgstr "" + +-#: vms-alpha.c:7971 ++#: vms-alpha.c:7972 + #, c-format + msgid " flags: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7976 ++#: vms-alpha.c:7977 + #, c-format + msgid " qrelfixoff: %5u, lrelfixoff: %5u\n" + msgstr "" + +-#: vms-alpha.c:7981 ++#: vms-alpha.c:7982 + #, c-format + msgid " qdotadroff: %5u, ldotadroff: %5u\n" + msgstr "" + +-#: vms-alpha.c:7986 ++#: vms-alpha.c:7987 + #, c-format + msgid " codeadroff: %5u, lpfixoff : %5u\n" + msgstr "" + +-#: vms-alpha.c:7989 ++#: vms-alpha.c:7990 + #, c-format + msgid " chgprtoff : %5u\n" + msgstr "" + +-#: vms-alpha.c:7993 ++#: vms-alpha.c:7994 + #, c-format + msgid " shlstoff : %5u, shrimgcnt : %5u\n" + msgstr "" + +-#: vms-alpha.c:7996 ++#: vms-alpha.c:7997 + #, c-format + msgid " shlextra : %5u, permctx : %5u\n" + msgstr "" + +-#: vms-alpha.c:7999 ++#: vms-alpha.c:8000 + #, c-format + msgid " base_va : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:8001 ++#: vms-alpha.c:8002 + #, c-format + msgid " lppsbfixoff: %5u\n" + msgstr "" + +-#: vms-alpha.c:8009 ++#: vms-alpha.c:8010 + #, c-format + msgid " Shareable images:\n" + msgstr "" + +-#: vms-alpha.c:8014 ++#: vms-alpha.c:8015 + #, c-format + msgid " %u: size: %u, flags: 0x%02x, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:8021 ++#: vms-alpha.c:8022 + #, c-format + msgid " quad-word relocation fixups:\n" + msgstr "" + +-#: vms-alpha.c:8026 ++#: vms-alpha.c:8027 + #, c-format + msgid " long-word relocation fixups:\n" + msgstr "" + +-#: vms-alpha.c:8031 ++#: vms-alpha.c:8032 + #, c-format + msgid " quad-word .address reference fixups:\n" + msgstr "" + +-#: vms-alpha.c:8036 ++#: vms-alpha.c:8037 + #, c-format + msgid " long-word .address reference fixups:\n" + msgstr "" + +-#: vms-alpha.c:8041 ++#: vms-alpha.c:8042 + #, c-format + msgid " Code Address Reference Fixups:\n" + msgstr "" + +-#: vms-alpha.c:8046 ++#: vms-alpha.c:8047 + #, c-format + msgid " Linkage Pairs Reference Fixups:\n" + msgstr "" + +-#: vms-alpha.c:8055 ++#: vms-alpha.c:8056 + #, c-format + msgid " Change Protection (%u entries):\n" + msgstr "" + +-#: vms-alpha.c:8061 ++#: vms-alpha.c:8062 + #, c-format + msgid " base: 0x%08x %08x, size: 0x%08x, prot: 0x%08x " + msgstr "" + + #. FIXME: we do not yet support relocatable link. It is not obvious + #. how to do it for debug infos. +-#: vms-alpha.c:8901 ++#: vms-alpha.c:8902 + msgid "%P: relocatable link is not supported\n" + msgstr "" + +-#: vms-alpha.c:8972 ++#: vms-alpha.c:8973 + #, c-format +-msgid "%P: multiple entry points: in modules %B and %B\n" ++msgid "%P: multiple entry points: in modules %pB and %pB\n" + msgstr "" + + #: vms-lib.c:1445 +@@ -8537,7 +8508,7 @@ msgstr "" + #: peigen.c:1906 peigen.c:2103 pepigen.c:1906 pepigen.c:2103 pex64igen.c:1906 + #: pex64igen.c:2103 + #, c-format +-msgid "Warning, .pdata section size (%ld) is not a multiple of %d\n" ++msgid "warning, .pdata section size (%ld) is not a multiple of %d\n" + msgstr "" + + #: peigen.c:1910 peigen.c:2107 pepigen.c:1910 pepigen.c:2107 pex64igen.c:1910 +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2018-04-24 Nick Clifton <nickc@redhat.com> ++ ++ PR 23110 ++ * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for ++ a negative PE_DEBUG_DATA size before iterating over the debug data. ++ + 2018-04-17 Nick Clifton <nickc@redhat.com> + + PR 23065 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch new file mode 100644 index 0000000000..29b834337e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch @@ -0,0 +1,63 @@ +From db0c309f4011ca94a4abc8458e27f3734dab92ac Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 24 Apr 2018 16:57:04 +0100 +Subject: [PATCH] Fix an illegal memory access when trying to copy an ELF + binary with corrupt section symbols. + + PR 23113 + * elf.c (ignore_section_sym): Check for the output_section pointer + being NULL before dereferencing it. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-10535 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 4 ++++ + bfd/elf.c | 9 ++++++++- + 2 files changed, 12 insertions(+), 1 deletion(-) + +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c ++++ git/bfd/elf.c +@@ -3994,15 +3994,22 @@ ignore_section_sym (bfd *abfd, asymbol * + { + elf_symbol_type *type_ptr; + ++ if (sym == NULL) ++ return FALSE; ++ + if ((sym->flags & BSF_SECTION_SYM) == 0) + return FALSE; + ++ if (sym->section == NULL) ++ return TRUE; ++ + type_ptr = elf_symbol_from (abfd, sym); + return ((type_ptr != NULL + && type_ptr->internal_elf_sym.st_shndx != 0 + && bfd_is_abs_section (sym->section)) + || !(sym->section->owner == abfd +- || (sym->section->output_section->owner == abfd ++ || (sym->section->output_section != NULL ++ && sym->section->output_section->owner == abfd + && sym->section->output_offset == 0) + || bfd_is_abs_section (sym->section))); + } +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,10 @@ + 2018-04-24 Nick Clifton <nickc@redhat.com> ++ ++ PR 23113 ++ * elf.c (ignore_section_sym): Check for the output_section pointer ++ being NULL before dereferencing it. ++ ++2018-04-24 Nick Clifton <nickc@redhat.com> + + PR 23110 + * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-13033.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-13033.patch new file mode 100644 index 0000000000..3fa852c951 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-13033.patch @@ -0,0 +1,71 @@ +From 95a6d23566165208853a68d9cd3c6eedca840ec6 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 8 May 2018 12:51:06 +0100 +Subject: [PATCH] Prevent a memory exhaustion failure when running objdump on a + fuzzed input file with corrupt string and attribute sections. + + PR 22809 + * elf.c (bfd_elf_get_str_section): Check for an excessively large + string section. + * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the + attribute section is larger than the size of the file. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-13033 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 8 ++++++++ + bfd/elf-attrs.c | 9 +++++++++ + bfd/elf.c | 1 + + 3 files changed, 18 insertions(+) + +Index: git/bfd/elf-attrs.c +=================================================================== +--- git.orig/bfd/elf-attrs.c ++++ git/bfd/elf-attrs.c +@@ -438,6 +438,15 @@ _bfd_elf_parse_attributes (bfd *abfd, El + /* PR 17512: file: 2844a11d. */ + if (hdr->sh_size == 0) + return; ++ if (hdr->sh_size > bfd_get_file_size (abfd)) ++ { ++ /* xgettext:c-format */ ++ _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"), ++ abfd, hdr->bfd_section, (long long) hdr->sh_size); ++ bfd_set_error (bfd_error_invalid_operation); ++ return; ++ } ++ + contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1); + if (!contents) + return; +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c ++++ git/bfd/elf.c +@@ -297,6 +297,7 @@ bfd_elf_get_str_section (bfd *abfd, unsi + /* Allocate and clear an extra byte at the end, to prevent crashes + in case the string table is not terminated. */ + if (shstrtabsize + 1 <= 1 ++ || shstrtabsize > bfd_get_file_size (abfd) + || bfd_seek (abfd, offset, SEEK_SET) != 0 + || (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL) + shstrtab = NULL; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,11 @@ ++2018-05-08 Nick Clifton <nickc@redhat.com> ++ ++ PR 22809 ++ * elf.c (bfd_elf_get_str_section): Check for an excessively large ++ string section. ++ * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the ++ attribute section is larger than the size of the file. ++ + 2018-04-24 Nick Clifton <nickc@redhat.com> + + PR 23113 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch new file mode 100644 index 0000000000..2c6b1b2427 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch @@ -0,0 +1,55 @@ +From 38e64b0ecc7f4ee64a02514b8d532782ac057fa2 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Thu, 25 Jan 2018 21:47:41 +1030 +Subject: [PATCH] PR22746, crash when running 32-bit objdump on corrupted file + +Avoid unsigned int overflow by performing bfd_size_type multiplication. + + PR 22746 + * elfcode.h (elf_object_p): Avoid integer overflow. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2018-6323 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/elfcode.h | 4 ++-- + 2 files changed, 7 insertions(+), 2 deletions(-) + +Index: git/bfd/elfcode.h +=================================================================== +--- git.orig/bfd/elfcode.h ++++ git/bfd/elfcode.h +@@ -680,7 +680,7 @@ elf_object_p (bfd *abfd) + if (i_ehdrp->e_shnum > ((bfd_size_type) -1) / sizeof (*i_shdrp)) + goto got_wrong_format_error; + #endif +- amt = sizeof (*i_shdrp) * i_ehdrp->e_shnum; ++ amt = sizeof (*i_shdrp) * (bfd_size_type) i_ehdrp->e_shnum; + i_shdrp = (Elf_Internal_Shdr *) bfd_alloc (abfd, amt); + if (!i_shdrp) + goto got_no_match; +@@ -776,7 +776,7 @@ elf_object_p (bfd *abfd) + if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr)) + goto got_wrong_format_error; + #endif +- amt = i_ehdrp->e_phnum * sizeof (*i_phdr); ++ amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr); + elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt); + if (elf_tdata (abfd)->phdr == NULL) + goto got_no_match; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,8 @@ ++2018-01-25 Alan Modra <amodra@gmail.com> ++ ++ PR 22746 ++ * elfcode.h (elf_object_p): Avoid integer overflow. ++ + 2018-05-08 Nick Clifton <nickc@redhat.com> + + PR 22809 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch new file mode 100644 index 0000000000..3b0e98a0a3 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch @@ -0,0 +1,108 @@ +From 64e234d417d5685a4aec0edc618114d9991c031b Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 6 Feb 2018 15:48:29 +0000 +Subject: [PATCH] Prevent attempts to call strncpy with a zero-length field by + chacking the size of debuglink sections. + + PR 22794 + * opncls.c (bfd_get_debug_link_info_1): Check the size of the + section before attempting to read it in. + (bfd_get_alt_debug_link_info): Likewise. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-6759 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/opncls.c | 22 +++++++++++++++++----- + 2 files changed, 24 insertions(+), 5 deletions(-) + +Index: git/bfd/opncls.c +=================================================================== +--- git.orig/bfd/opncls.c ++++ git/bfd/opncls.c +@@ -1179,6 +1179,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo + bfd_byte *contents; + unsigned int crc_offset; + char *name; ++ bfd_size_type size; + + BFD_ASSERT (abfd); + BFD_ASSERT (crc32_out); +@@ -1188,6 +1189,12 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo + if (sect == NULL) + return NULL; + ++ size = bfd_get_section_size (sect); ++ ++ /* PR 22794: Make sure that the section has a reasonable size. */ ++ if (size < 8 || size >= bfd_get_size (abfd)) ++ return NULL; ++ + if (!bfd_malloc_and_get_section (abfd, sect, &contents)) + { + if (contents != NULL) +@@ -1197,10 +1204,10 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo + + /* CRC value is stored after the filename, aligned up to 4 bytes. */ + name = (char *) contents; +- /* PR 17597: avoid reading off the end of the buffer. */ +- crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1; ++ /* PR 17597: Avoid reading off the end of the buffer. */ ++ crc_offset = strnlen (name, size) + 1; + crc_offset = (crc_offset + 3) & ~3; +- if (crc_offset + 4 > bfd_get_section_size (sect)) ++ if (crc_offset + 4 > size) + return NULL; + + *crc32 = bfd_get_32 (abfd, contents + crc_offset); +@@ -1261,6 +1268,7 @@ bfd_get_alt_debug_link_info (bfd * abfd, + bfd_byte *contents; + unsigned int buildid_offset; + char *name; ++ bfd_size_type size; + + BFD_ASSERT (abfd); + BFD_ASSERT (buildid_len); +@@ -1271,6 +1279,10 @@ bfd_get_alt_debug_link_info (bfd * abfd, + if (sect == NULL) + return NULL; + ++ size = bfd_get_section_size (sect); ++ if (size < 8 || size >= bfd_get_size (abfd)) ++ return NULL; ++ + if (!bfd_malloc_and_get_section (abfd, sect, & contents)) + { + if (contents != NULL) +@@ -1280,11 +1292,11 @@ bfd_get_alt_debug_link_info (bfd * abfd, + + /* BuildID value is stored after the filename. */ + name = (char *) contents; +- buildid_offset = strnlen (name, bfd_get_section_size (sect)) + 1; ++ buildid_offset = strnlen (name, size) + 1; + if (buildid_offset >= bfd_get_section_size (sect)) + return NULL; + +- *buildid_len = bfd_get_section_size (sect) - buildid_offset; ++ *buildid_len = size - buildid_offset; + *buildid_out = bfd_malloc (*buildid_len); + memcpy (*buildid_out, contents + buildid_offset, *buildid_len); + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2018-02-06 Nick Clifton <nickc@redhat.com> ++ ++ PR 22794 ++ * opncls.c (bfd_get_debug_link_info_1): Check the size of the ++ section before attempting to read it in. ++ (bfd_get_alt_debug_link_info): Likewise. ++ + 2018-01-25 Alan Modra <amodra@gmail.com> + + PR 22746 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch new file mode 100644 index 0000000000..7d78db7eb3 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch @@ -0,0 +1,47 @@ +From eb77f6a4621795367a39cdd30957903af9dbb815 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sat, 27 Jan 2018 08:19:33 +1030 +Subject: [PATCH] PR22741, objcopy segfault on fuzzed COFF object + + PR 22741 + * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in + range before converting to a symbol table pointer. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-7208 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/coffgen.c | 3 ++- + 2 files changed, 8 insertions(+), 1 deletion(-) + +Index: git/bfd/coffgen.c +=================================================================== +--- git.orig/bfd/coffgen.c ++++ git/bfd/coffgen.c +@@ -1555,7 +1555,8 @@ coff_pointerize_aux (bfd *abfd, + } + /* A negative tagndx is meaningless, but the SCO 3.2v4 cc can + generate one, so we must be careful to ignore it. */ +- if (auxent->u.auxent.x_sym.x_tagndx.l > 0) ++ if ((unsigned long) auxent->u.auxent.x_sym.x_tagndx.l ++ < obj_raw_syment_count (abfd)) + { + auxent->u.auxent.x_sym.x_tagndx.p = + table_base + auxent->u.auxent.x_sym.x_tagndx.l; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2018-01-29 Alan Modra <amodra@gmail.com> ++ ++ PR 22741 ++ * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in ++ range before converting to a symbol table pointer. ++ + 2018-02-06 Nick Clifton <nickc@redhat.com> + + PR 22794 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p1.patch new file mode 100644 index 0000000000..b014080a7e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p1.patch @@ -0,0 +1,161 @@ +From 1da5c9a485f3dcac4c45e96ef4b7dae5948314b5 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Mon, 25 Sep 2017 20:20:38 +0930 +Subject: [PATCH] PR22202, buffer overflow in parse_die + +There was a complete lack of sanity checking in dwarf1.c + + PR 22202 + * dwarf1.c (parse_die): Sanity check pointer against section limit + before dereferencing. + (parse_line_table): Likewise. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-7568 patch1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/dwarf1.c | 56 ++++++++++++++++++++++++++++++++++++++------------------ + 2 files changed, 45 insertions(+), 18 deletions(-) + +Index: git/bfd/dwarf1.c +=================================================================== +--- git.orig/bfd/dwarf1.c ++++ git/bfd/dwarf1.c +@@ -189,11 +189,14 @@ parse_die (bfd * abfd, + memset (aDieInfo, 0, sizeof (* aDieInfo)); + + /* First comes the length. */ +- aDieInfo->length = bfd_get_32 (abfd, (bfd_byte *) xptr); ++ if (xptr + 4 > aDiePtrEnd) ++ return FALSE; ++ aDieInfo->length = bfd_get_32 (abfd, xptr); + xptr += 4; + if (aDieInfo->length == 0 +- || (this_die + aDieInfo->length) >= aDiePtrEnd) ++ || this_die + aDieInfo->length > aDiePtrEnd) + return FALSE; ++ aDiePtrEnd = this_die + aDieInfo->length; + if (aDieInfo->length < 6) + { + /* Just padding bytes. */ +@@ -202,18 +205,20 @@ parse_die (bfd * abfd, + } + + /* Then the tag. */ +- aDieInfo->tag = bfd_get_16 (abfd, (bfd_byte *) xptr); ++ if (xptr + 2 > aDiePtrEnd) ++ return FALSE; ++ aDieInfo->tag = bfd_get_16 (abfd, xptr); + xptr += 2; + + /* Then the attributes. */ +- while (xptr < (this_die + aDieInfo->length)) ++ while (xptr + 2 <= aDiePtrEnd) + { + unsigned short attr; + + /* Parse the attribute based on its form. This section + must handle all dwarf1 forms, but need only handle the + actual attributes that we care about. */ +- attr = bfd_get_16 (abfd, (bfd_byte *) xptr); ++ attr = bfd_get_16 (abfd, xptr); + xptr += 2; + + switch (FORM_FROM_ATTR (attr)) +@@ -223,12 +228,15 @@ parse_die (bfd * abfd, + break; + case FORM_DATA4: + case FORM_REF: +- if (attr == AT_sibling) +- aDieInfo->sibling = bfd_get_32 (abfd, (bfd_byte *) xptr); +- else if (attr == AT_stmt_list) ++ if (xptr + 4 <= aDiePtrEnd) + { +- aDieInfo->stmt_list_offset = bfd_get_32 (abfd, (bfd_byte *) xptr); +- aDieInfo->has_stmt_list = 1; ++ if (attr == AT_sibling) ++ aDieInfo->sibling = bfd_get_32 (abfd, xptr); ++ else if (attr == AT_stmt_list) ++ { ++ aDieInfo->stmt_list_offset = bfd_get_32 (abfd, xptr); ++ aDieInfo->has_stmt_list = 1; ++ } + } + xptr += 4; + break; +@@ -236,22 +244,29 @@ parse_die (bfd * abfd, + xptr += 8; + break; + case FORM_ADDR: +- if (attr == AT_low_pc) +- aDieInfo->low_pc = bfd_get_32 (abfd, (bfd_byte *) xptr); +- else if (attr == AT_high_pc) +- aDieInfo->high_pc = bfd_get_32 (abfd, (bfd_byte *) xptr); ++ if (xptr + 4 <= aDiePtrEnd) ++ { ++ if (attr == AT_low_pc) ++ aDieInfo->low_pc = bfd_get_32 (abfd, xptr); ++ else if (attr == AT_high_pc) ++ aDieInfo->high_pc = bfd_get_32 (abfd, xptr); ++ } + xptr += 4; + break; + case FORM_BLOCK2: +- xptr += 2 + bfd_get_16 (abfd, (bfd_byte *) xptr); ++ if (xptr + 2 <= aDiePtrEnd) ++ xptr += bfd_get_16 (abfd, xptr); ++ xptr += 2; + break; + case FORM_BLOCK4: +- xptr += 4 + bfd_get_32 (abfd, (bfd_byte *) xptr); ++ if (xptr + 4 <= aDiePtrEnd) ++ xptr += bfd_get_32 (abfd, xptr); ++ xptr += 4; + break; + case FORM_STRING: + if (attr == AT_name) + aDieInfo->name = (char *) xptr; +- xptr += strlen ((char *) xptr) + 1; ++ xptr += strnlen ((char *) xptr, aDiePtrEnd - xptr) + 1; + break; + } + } +@@ -290,7 +305,7 @@ parse_line_table (struct dwarf1_debug* s + } + + xptr = stash->line_section + aUnit->stmt_list_offset; +- if (xptr < stash->line_section_end) ++ if (xptr + 8 <= stash->line_section_end) + { + unsigned long eachLine; + bfd_byte *tblend; +@@ -318,6 +333,11 @@ parse_line_table (struct dwarf1_debug* s + + for (eachLine = 0; eachLine < aUnit->line_count; eachLine++) + { ++ if (xptr + 10 > stash->line_section_end) ++ { ++ aUnit->line_count = eachLine; ++ break; ++ } + /* A line number. */ + aUnit->linenumber_table[eachLine].linenumber + = bfd_get_32 (stash->abfd, (bfd_byte *) xptr); +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-25 Alan Modra <amodra@gmail.com> ++ ++ PR 22202 ++ * dwarf1.c (parse_die): Sanity check pointer against section limit ++ before dereferencing. ++ (parse_line_table): Likewise. ++ + 2018-01-29 Alan Modra <amodra@gmail.com> + + PR 22741 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p2.patch new file mode 100644 index 0000000000..b5511d7d8a --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p2.patch @@ -0,0 +1,73 @@ +From eef104664efb52965d85a28bc3fc7c77e52e48e2 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 28 Feb 2018 10:13:54 +0000 +Subject: [PATCH] Fix potential integer overflow when reading corrupt dwarf1 + debug information. + + PR 22894 + * dwarf1.c (parse_die): Check the length of form blocks before + advancing the data pointer. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-7568 patch2 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/dwarf1.c | 17 +++++++++++++++-- + 2 files changed, 21 insertions(+), 2 deletions(-) + +Index: git/bfd/dwarf1.c +=================================================================== +--- git.orig/bfd/dwarf1.c ++++ git/bfd/dwarf1.c +@@ -213,6 +213,7 @@ parse_die (bfd * abfd, + /* Then the attributes. */ + while (xptr + 2 <= aDiePtrEnd) + { ++ unsigned int block_len; + unsigned short attr; + + /* Parse the attribute based on its form. This section +@@ -255,12 +256,24 @@ parse_die (bfd * abfd, + break; + case FORM_BLOCK2: + if (xptr + 2 <= aDiePtrEnd) +- xptr += bfd_get_16 (abfd, xptr); ++ { ++ block_len = bfd_get_16 (abfd, xptr); ++ if (xptr + block_len > aDiePtrEnd ++ || xptr + block_len < xptr) ++ return FALSE; ++ xptr += block_len; ++ } + xptr += 2; + break; + case FORM_BLOCK4: + if (xptr + 4 <= aDiePtrEnd) +- xptr += bfd_get_32 (abfd, xptr); ++ { ++ block_len = bfd_get_32 (abfd, xptr); ++ if (xptr + block_len > aDiePtrEnd ++ || xptr + block_len < xptr) ++ return FALSE; ++ xptr += block_len; ++ } + xptr += 4; + break; + case FORM_STRING: +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2018-02-28 Nick Clifton <nickc@redhat.com> ++ ++ PR 22894 ++ * dwarf1.c (parse_die): Check the length of form blocks before ++ advancing the data pointer. ++ + 2017-09-25 Alan Modra <amodra@gmail.com> + + PR 22202 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch new file mode 100644 index 0000000000..e77118bc13 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch @@ -0,0 +1,120 @@ +From 12c963421d045a127c413a0722062b9932c50aa9 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 28 Feb 2018 11:50:49 +0000 +Subject: [PATCH] Catch integer overflows/underflows when parsing corrupt DWARF + FORM blocks. + + PR 22895 + PR 22893 + * dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block + pointer. Drop unused abfd parameter. Check the size of the block + before initialising the data field. Return the end pointer if the + size is invalid. + (read_attribute_value): Adjust invocations of read_n_bytes. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-7569 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 8 ++++++++ + bfd/dwarf2.c | 36 +++++++++++++++++++++--------------- + 2 files changed, 29 insertions(+), 15 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -649,14 +649,24 @@ read_8_bytes (bfd *abfd, bfd_byte *buf, + } + + static bfd_byte * +-read_n_bytes (bfd *abfd ATTRIBUTE_UNUSED, +- bfd_byte *buf, +- bfd_byte *end, +- unsigned int size ATTRIBUTE_UNUSED) +-{ +- if (buf + size > end) +- return NULL; +- return buf; ++read_n_bytes (bfd_byte * buf, ++ bfd_byte * end, ++ struct dwarf_block * block) ++{ ++ unsigned int size = block->size; ++ bfd_byte * block_end = buf + size; ++ ++ if (block_end > end || block_end < buf) ++ { ++ block->data = NULL; ++ block->size = 0; ++ return end; ++ } ++ else ++ { ++ block->data = buf; ++ return block_end; ++ } + } + + /* Scans a NUL terminated string starting at BUF, returning a pointer to it. +@@ -1154,8 +1164,7 @@ read_attribute_value (struct attribute * + return NULL; + blk->size = read_2_bytes (abfd, info_ptr, info_ptr_end); + info_ptr += 2; +- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); +- info_ptr += blk->size; ++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); + attr->u.blk = blk; + break; + case DW_FORM_block4: +@@ -1165,8 +1174,7 @@ read_attribute_value (struct attribute * + return NULL; + blk->size = read_4_bytes (abfd, info_ptr, info_ptr_end); + info_ptr += 4; +- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); +- info_ptr += blk->size; ++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); + attr->u.blk = blk; + break; + case DW_FORM_data2: +@@ -1206,8 +1214,7 @@ read_attribute_value (struct attribute * + blk->size = _bfd_safe_read_leb128 (abfd, info_ptr, &bytes_read, + FALSE, info_ptr_end); + info_ptr += bytes_read; +- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); +- info_ptr += blk->size; ++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); + attr->u.blk = blk; + break; + case DW_FORM_block1: +@@ -1217,8 +1224,7 @@ read_attribute_value (struct attribute * + return NULL; + blk->size = read_1_byte (abfd, info_ptr, info_ptr_end); + info_ptr += 1; +- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); +- info_ptr += blk->size; ++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); + attr->u.blk = blk; + break; + case DW_FORM_data1: +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,14 @@ + 2018-02-28 Nick Clifton <nickc@redhat.com> ++ ++ PR 22895 ++ PR 22893 ++ * dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block ++ pointer. Drop unused abfd parameter. Check the size of the block ++ before initialising the data field. Return the end pointer if the ++ size is invalid. ++ (read_attribute_value): Adjust invocations of read_n_bytes. ++ ++2018-02-28 Nick Clifton <nickc@redhat.com> + + PR 22894 + * dwarf1.c (parse_die): Check the length of form blocks before diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch new file mode 100644 index 0000000000..14b233e2c1 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch @@ -0,0 +1,51 @@ +From 116acb2c268c89c89186673a7c92620d21825b25 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Wed, 28 Feb 2018 22:09:50 +1030 +Subject: [PATCH] PR22887, null pointer dereference in + aout_32_swap_std_reloc_out + + PR 22887 + * aoutx.h (swap_std_reloc_in): Correct r_index bound check. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-7642 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/aoutx.h | 6 ++++-- + 2 files changed, 9 insertions(+), 2 deletions(-) + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,8 @@ ++2018-02-28 Alan Modra <amodra@gmail.com> ++ ++ PR 22887 ++ * aoutx.h (swap_std_reloc_in): Correct r_index bound check. ++ + 2018-02-28 Nick Clifton <nickc@redhat.com> + + PR 22895 +Index: git/bfd/aoutx.h +=================================================================== +--- git.orig/bfd/aoutx.h ++++ git/bfd/aoutx.h +@@ -2211,10 +2211,12 @@ NAME (aout, swap_ext_reloc_in) (bfd *abf + || r_type == (unsigned int) RELOC_BASE22) + r_extern = 1; + +- if (r_extern && r_index > symcount) ++ if (r_extern && r_index >= symcount) + { + /* We could arrange to return an error, but it might be useful +- to see the file even if it is bad. */ ++ to see the file even if it is bad. FIXME: Of course this ++ means that objdump -r *doesn't* see the actual reloc, and ++ objcopy silently writes a different reloc. */ + r_extern = 0; + r_index = N_ABS; + } diff --git a/meta/recipes-devtools/chrpath/chrpath_0.16.bb b/meta/recipes-devtools/chrpath/chrpath_0.16.bb index b61eef9c8b..8de8850576 100644 --- a/meta/recipes-devtools/chrpath/chrpath_0.16.bb +++ b/meta/recipes-devtools/chrpath/chrpath_0.16.bb @@ -7,14 +7,12 @@ BUGTRACKER = "http://alioth.debian.org/tracker/?atid=412807&group_id=31052" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552" -SRC_URI = "https://alioth.debian.org/frs/download.php/file/3979/chrpath-0.16.tar.gz \ +SRC_URI = "${DEBIAN_MIRROR}/main/c/${BPN}/${BPN}_${PV}.orig.tar.gz \ file://standarddoc.patch" SRC_URI[md5sum] = "2bf8d1d1ee345fc8a7915576f5649982" SRC_URI[sha256sum] = "bb0d4c54bac2990e1bdf8132f2c9477ae752859d523e141e72b3b11a12c26e7b" -UPSTREAM_CHECK_URI = "http://alioth.debian.org/frs/?group_id=31052" - inherit autotools # We don't have a staged chrpath-native for ensuring our binary is diff --git a/meta/recipes-devtools/distcc/distcc_3.2.bb b/meta/recipes-devtools/distcc/distcc_3.2.bb index e6f159c7cd..fe64c5b793 100644 --- a/meta/recipes-devtools/distcc/distcc_3.2.bb +++ b/meta/recipes-devtools/distcc/distcc_3.2.bb @@ -41,7 +41,9 @@ INITSCRIPT_NAME = "distcc" SYSTEMD_PACKAGES = "${PN}" SYSTEMD_SERVICE_${PN} = "distcc.service" -do_install_append() { +do_install() { + # Improve reproducibility: compress w/o timestamps + oe_runmake 'DESTDIR=${D}' "GZIP_BIN=gzip -n" install install -d ${D}${sysconfdir}/init.d/ install -d ${D}${sysconfdir}/default install -m 0755 ${WORKDIR}/distcc ${D}${sysconfdir}/init.d/ diff --git a/meta/recipes-devtools/make/make.inc b/meta/recipes-devtools/make/make.inc index 849b74299c..b8905bc6d3 100644 --- a/meta/recipes-devtools/make/make.inc +++ b/meta/recipes-devtools/make/make.inc @@ -5,7 +5,10 @@ called the makefile, which lists each of the non-source files and how to compute HOMEPAGE = "http://www.gnu.org/software/make/" SECTION = "devel" -SRC_URI = "${GNU_MIRROR}/make/make-${PV}.tar.bz2" +SRC_URI = "${GNU_MIRROR}/make/make-${PV}.tar.bz2 \ + file://0001-glob-Do-not-assume-glibc-glob-internals.patch \ + file://0002-glob-Do-not-assume-glibc-glob-internals.patch \ + " inherit autotools gettext pkgconfig texinfo diff --git a/meta/recipes-devtools/make/make/0001-glob-Do-not-assume-glibc-glob-internals.patch b/meta/recipes-devtools/make/make/0001-glob-Do-not-assume-glibc-glob-internals.patch new file mode 100644 index 0000000000..2b6e4d40c3 --- /dev/null +++ b/meta/recipes-devtools/make/make/0001-glob-Do-not-assume-glibc-glob-internals.patch @@ -0,0 +1,70 @@ +From c90a7dda6c572f79b8e78da44b6ebf8704edef65 Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun, 24 Sep 2017 09:12:58 -0400 +Subject: [PATCH 1/2] glob: Do not assume glibc glob internals. + +It has been proposed that glibc glob start using gl_lstat, +which the API allows it to do. GNU 'make' should not get in +the way of this. See: +https://sourceware.org/ml/libc-alpha/2017-09/msg00409.html + +* dir.c (local_lstat): New function, like local_stat. +(dir_setup_glob): Use it to initialize gl_lstat too, as the API +requires. +--- +Upstream-Status: Backport +Signed-off-by: Khem Raj <raj.khem@gmail.com> + + dir.c | 29 +++++++++++++++++++++++++++-- + 1 file changed, 27 insertions(+), 2 deletions(-) + +diff --git a/dir.c b/dir.c +index f34bbf5..12eef30 100644 +--- a/dir.c ++++ b/dir.c +@@ -1299,15 +1299,40 @@ local_stat (const char *path, struct stat *buf) + } + #endif + ++/* Similarly for lstat. */ ++#if !defined(lstat) && !defined(WINDOWS32) || defined(VMS) ++# ifndef VMS ++# ifndef HAVE_SYS_STAT_H ++int lstat (const char *path, struct stat *sbuf); ++# endif ++# else ++ /* We are done with the fake lstat. Go back to the real lstat */ ++# ifdef lstat ++# undef lstat ++# endif ++# endif ++# define local_lstat lstat ++#elif defined(WINDOWS32) ++/* Windows doesn't support lstat(). */ ++# define local_lstat local_stat ++#else ++static int ++local_lstat (const char *path, struct stat *buf) ++{ ++ int e; ++ EINTRLOOP (e, lstat (path, buf)); ++ return e; ++} ++#endif ++ + void + dir_setup_glob (glob_t *gl) + { + gl->gl_opendir = open_dirstream; + gl->gl_readdir = read_dirstream; + gl->gl_closedir = free; ++ gl->gl_lstat = local_lstat; + gl->gl_stat = local_stat; +- /* We don't bother setting gl_lstat, since glob never calls it. +- The slot is only there for compatibility with 4.4 BSD. */ + } + + void +-- +2.16.1 + diff --git a/meta/recipes-devtools/make/make/0002-glob-Do-not-assume-glibc-glob-internals.patch b/meta/recipes-devtools/make/make/0002-glob-Do-not-assume-glibc-glob-internals.patch new file mode 100644 index 0000000000..d49acd9f6e --- /dev/null +++ b/meta/recipes-devtools/make/make/0002-glob-Do-not-assume-glibc-glob-internals.patch @@ -0,0 +1,38 @@ +From 9858702dbd1e137262c06765919937660879f63c Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun, 24 Sep 2017 09:12:58 -0400 +Subject: [PATCH 2/2] glob: Do not assume glibc glob internals. + +It has been proposed that glibc glob start using gl_lstat, +which the API allows it to do. GNU 'make' should not get in +the way of this. See: +https://sourceware.org/ml/libc-alpha/2017-09/msg00409.html + +* dir.c (local_lstat): New function, like local_stat. +(dir_setup_glob): Use it to initialize gl_lstat too, as the API +requires. +--- +Upstream-Status: Backport + + configure.ac | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 64ec870..e87901c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -399,10 +399,9 @@ AC_CACHE_CHECK([if system libc has GNU glob], [make_cv_sys_gnu_glob], + #include <glob.h> + #include <fnmatch.h> + +-#define GLOB_INTERFACE_VERSION 1 + #if !defined _LIBC && defined __GNU_LIBRARY__ && __GNU_LIBRARY__ > 1 + # include <gnu-versions.h> +-# if _GNU_GLOB_INTERFACE_VERSION == GLOB_INTERFACE_VERSION ++if _GNU_GLOB_INTERFACE_VERSION == 1 || _GNU_GLOB_INTERFACE_VERSION == 2 + gnu glob + # endif + #endif], +-- +2.16.1 + diff --git a/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch b/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch new file mode 100644 index 0000000000..049149eb9e --- /dev/null +++ b/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch @@ -0,0 +1,36 @@ +From 9c986353e420ead6e706262bf204d6e03322c300 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agruen@gnu.org> +Date: Fri, 17 Aug 2018 13:35:40 +0200 +Subject: [PATCH] Fix swapping fake lines in pch_swap + +* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a +blank line in the middle of a context-diff hunk: that empty line stays +in the middle of the hunk and isn't swapped. + +Fixes: https://savannah.gnu.org/bugs/index.php?53133 +Signed-off-by: Andreas Gruenbacher <agruen@gnu.org> + +Upstream-Status: Backport [https://git.savannah.gnu.org/git/patch.git] +CVE: CVE-2018-6952 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + +--- + src/pch.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pch.c b/src/pch.c +index e92bc64..a500ad9 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -2122,7 +2122,7 @@ pch_swap (void) + } + if (p_efake >= 0) { /* fix non-freeable ptr range */ + if (p_efake <= i) +- n = p_end - i + 1; ++ n = p_end - p_ptrn_lines; + else + n = -i; + p_efake += n; +-- +2.10.2 + diff --git a/meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch b/meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch new file mode 100644 index 0000000000..b0bd6fa83a --- /dev/null +++ b/meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch @@ -0,0 +1,35 @@ +From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agruen@gnu.org> +Date: Mon, 12 Feb 2018 16:48:24 +0100 +Subject: [PATCH] Fix segfault with mangled rename patch + +http://savannah.gnu.org/bugs/?53132 +* src/pch.c (intuit_diff_type): Ensure that two filenames are specified +for renames and copies (fix the existing check). + +Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a] +CVE: CVE-2018-6951 + +Signed-off-by: Jackie Huang <jackie.huang@windriver.com> + +--- + src/pch.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/pch.c b/src/pch.c +index ff9ed2c..bc6278c 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type) + if ((pch_rename () || pch_copy ()) + && ! inname + && ! ((i == OLD || i == NEW) && +- p_name[! reverse] && ++ p_name[reverse] && p_name[! reverse] && ++ name_is_valid (p_name[reverse]) && + name_is_valid (p_name[! reverse]))) + { + say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy"); +-- +2.7.4 + diff --git a/meta/recipes-devtools/patch/patch/0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch b/meta/recipes-devtools/patch/patch/0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch new file mode 100644 index 0000000000..2a09d0c03b --- /dev/null +++ b/meta/recipes-devtools/patch/patch/0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch @@ -0,0 +1,38 @@ +From b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agruen@gnu.org> +Date: Fri, 6 Apr 2018 11:34:51 +0200 +Subject: [PATCH] Allow input files to be missing for ed-style patches + +* src/pch.c (do_ed_script): Allow input files to be missing so that new +files will be created as with non-ed-style patches. + +Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1] +CVE: CVE-2018-1000156 + +Signed-off-by: Jackie Huang <jackie.huang@windriver.com> +--- + src/pch.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/pch.c b/src/pch.c +index bc6278c..0c5cc26 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname, + + if (! dry_run && ! skip_rest_of_patch) { + int exclusive = *outname_needs_removal ? 0 : O_EXCL; +- assert (! inerrno); +- *outname_needs_removal = true; +- copy_file (inname, outname, 0, exclusive, instat.st_mode, true); ++ if (inerrno != ENOENT) ++ { ++ *outname_needs_removal = true; ++ copy_file (inname, outname, 0, exclusive, instat.st_mode, true); ++ } + sprintf (buf, "%s %s%s", editor_program, + verbosity == VERBOSE ? "" : "- ", + outname); +-- +2.7.4 + diff --git a/meta/recipes-devtools/patch/patch/0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch b/meta/recipes-devtools/patch/patch/0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch new file mode 100644 index 0000000000..d74c2f182e --- /dev/null +++ b/meta/recipes-devtools/patch/patch/0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch @@ -0,0 +1,215 @@ +From 123eaff0d5d1aebe128295959435b9ca5909c26d Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agruen@gnu.org> +Date: Fri, 6 Apr 2018 12:14:49 +0200 +Subject: [PATCH] Fix arbitrary command execution in ed-style patches (CVE-2018-1000156) + +* src/pch.c (do_ed_script): Write ed script to a temporary file instead +of piping it to ed: this will cause ed to abort on invalid commands +instead of rejecting them and carrying on. +* tests/ed-style: New test case. +* tests/Makefile.am (TESTS): Add test case. + +Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=123eaff0d5d1aebe128295959435b9ca5909c26d] +CVE: CVE-2018-1000156 + +Signed-off-by: Jackie Huang <jackie.huang@windriver.com> +--- + src/pch.c | 91 ++++++++++++++++++++++++++++++++++++++++--------------- + tests/Makefile.am | 1 + + tests/ed-style | 41 +++++++++++++++++++++++++ + 3 files changed, 108 insertions(+), 25 deletions(-) + create mode 100644 tests/ed-style + +diff --git a/src/pch.c b/src/pch.c +index 0c5cc26..4fd5a05 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -33,6 +33,7 @@ + # include <io.h> + #endif + #include <safe.h> ++#include <sys/wait.h> + + #define INITHUNKMAX 125 /* initial dynamic allocation size */ + +@@ -2389,24 +2390,28 @@ do_ed_script (char const *inname, char const *outname, + static char const editor_program[] = EDITOR_PROGRAM; + + file_offset beginning_of_this_line; +- FILE *pipefp = 0; + size_t chars_read; ++ FILE *tmpfp = 0; ++ char const *tmpname; ++ int tmpfd; ++ pid_t pid; ++ ++ if (! dry_run && ! skip_rest_of_patch) ++ { ++ /* Write ed script to a temporary file. This causes ed to abort on ++ invalid commands such as when line numbers or ranges exceed the ++ number of available lines. When ed reads from a pipe, it rejects ++ invalid commands and treats the next line as a new command, which ++ can lead to arbitrary command execution. */ ++ ++ tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0); ++ if (tmpfd == -1) ++ pfatal ("Can't create temporary file %s", quotearg (tmpname)); ++ tmpfp = fdopen (tmpfd, "w+b"); ++ if (! tmpfp) ++ pfatal ("Can't open stream for file %s", quotearg (tmpname)); ++ } + +- if (! dry_run && ! skip_rest_of_patch) { +- int exclusive = *outname_needs_removal ? 0 : O_EXCL; +- if (inerrno != ENOENT) +- { +- *outname_needs_removal = true; +- copy_file (inname, outname, 0, exclusive, instat.st_mode, true); +- } +- sprintf (buf, "%s %s%s", editor_program, +- verbosity == VERBOSE ? "" : "- ", +- outname); +- fflush (stdout); +- pipefp = popen(buf, binary_transput ? "wb" : "w"); +- if (!pipefp) +- pfatal ("Can't open pipe to %s", quotearg (buf)); +- } + for (;;) { + char ed_command_letter; + beginning_of_this_line = file_tell (pfp); +@@ -2417,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname, + } + ed_command_letter = get_ed_command_letter (buf); + if (ed_command_letter) { +- if (pipefp) +- if (! fwrite (buf, sizeof *buf, chars_read, pipefp)) ++ if (tmpfp) ++ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp)) + write_fatal (); + if (ed_command_letter != 'd' && ed_command_letter != 's') { + p_pass_comments_through = true; + while ((chars_read = get_line ()) != 0) { +- if (pipefp) +- if (! fwrite (buf, sizeof *buf, chars_read, pipefp)) ++ if (tmpfp) ++ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp)) + write_fatal (); + if (chars_read == 2 && strEQ (buf, ".\n")) + break; +@@ -2437,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname, + break; + } + } +- if (!pipefp) ++ if (!tmpfp) + return; +- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0 +- || fflush (pipefp) != 0) ++ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0 ++ || fflush (tmpfp) != 0) + write_fatal (); +- if (pclose (pipefp) != 0) +- fatal ("%s FAILED", editor_program); ++ ++ if (lseek (tmpfd, 0, SEEK_SET) == -1) ++ pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname)); ++ ++ if (! dry_run && ! skip_rest_of_patch) { ++ int exclusive = *outname_needs_removal ? 0 : O_EXCL; ++ *outname_needs_removal = true; ++ if (inerrno != ENOENT) ++ { ++ *outname_needs_removal = true; ++ copy_file (inname, outname, 0, exclusive, instat.st_mode, true); ++ } ++ sprintf (buf, "%s %s%s", editor_program, ++ verbosity == VERBOSE ? "" : "- ", ++ outname); ++ fflush (stdout); ++ ++ pid = fork(); ++ if (pid == -1) ++ pfatal ("Can't fork"); ++ else if (pid == 0) ++ { ++ dup2 (tmpfd, 0); ++ execl ("/bin/sh", "sh", "-c", buf, (char *) 0); ++ _exit (2); ++ } ++ else ++ { ++ int wstatus; ++ if (waitpid (pid, &wstatus, 0) == -1 ++ || ! WIFEXITED (wstatus) ++ || WEXITSTATUS (wstatus) != 0) ++ fatal ("%s FAILED", editor_program); ++ } ++ } ++ ++ fclose (tmpfp); ++ safe_unlink (tmpname); + + if (ofp) + { +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 6b6df63..16f8693 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -32,6 +32,7 @@ TESTS = \ + crlf-handling \ + dash-o-append \ + deep-directories \ ++ ed-style \ + empty-files \ + false-match \ + fifo \ +diff --git a/tests/ed-style b/tests/ed-style +new file mode 100644 +index 0000000..d8c0689 +--- /dev/null ++++ b/tests/ed-style +@@ -0,0 +1,41 @@ ++# Copyright (C) 2018 Free Software Foundation, Inc. ++# ++# Copying and distribution of this file, with or without modification, ++# in any medium, are permitted without royalty provided the copyright ++# notice and this notice are preserved. ++ ++. $srcdir/test-lib.sh ++ ++require cat ++use_local_patch ++use_tmpdir ++ ++# ============================================================== ++ ++cat > ed1.diff <<EOF ++0a ++foo ++. ++EOF ++ ++check 'patch -e foo -i ed1.diff' <<EOF ++EOF ++ ++check 'cat foo' <<EOF ++foo ++EOF ++ ++cat > ed2.diff <<EOF ++1337a ++r !echo bar ++,p ++EOF ++ ++check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF ++? ++Status: 2 ++EOF ++ ++check 'cat foo' <<EOF ++foo ++EOF +-- +2.7.4 + diff --git a/meta/recipes-devtools/patch/patch_2.7.5.bb b/meta/recipes-devtools/patch/patch_2.7.5.bb deleted file mode 100644 index 151f021b2c..0000000000 --- a/meta/recipes-devtools/patch/patch_2.7.5.bb +++ /dev/null @@ -1,15 +0,0 @@ -require patch.inc -LICENSE = "GPLv3" - -SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch" - -SRC_URI[md5sum] = "ed4d5674ef4543b4eb463db168886dc7" -SRC_URI[sha256sum] = "7436f5a19f93c3ca83153ce9c5cbe4847e97c5d956e57a220121e741f6e7968f" - -LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" - -acpaths = "-I ${S}/m4 " - -PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'xattr', d)}" -PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr," - diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb b/meta/recipes-devtools/patch/patch_2.7.6.bb new file mode 100644 index 0000000000..85b0db7333 --- /dev/null +++ b/meta/recipes-devtools/patch/patch_2.7.6.bb @@ -0,0 +1,20 @@ +require patch.inc +LICENSE = "GPLv3" + +SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ + file://0002-Fix-segfault-with-mangled-rename-patch.patch \ + file://0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch \ + file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \ + file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \ +" + +SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600" +SRC_URI[sha256sum] = "8cf86e00ad3aaa6d26aca30640e86b0e3e1f395ed99f189b06d4c9f74bc58a4e" + +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +acpaths = "-I ${S}/m4 " + +PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'xattr', d)}" +PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr," + diff --git a/meta/recipes-devtools/perl/perl-native_5.24.1.bb b/meta/recipes-devtools/perl/perl-native_5.24.1.bb index 6c56a7d701..2f5dffd65b 100644 --- a/meta/recipes-devtools/perl/perl-native_5.24.1.bb +++ b/meta/recipes-devtools/perl/perl-native_5.24.1.bb @@ -16,6 +16,7 @@ SRC_URI += "\ file://dynaloaderhack.patch \ file://perl-PathTools-don-t-filter-out-blib-from-INC.patch \ file://0001-Configure-Remove-fstack-protector-strong-for-native-.patch \ + file://perl-5.26.1-guard_old_libcrypt_fix.patch \ " SRC_URI[md5sum] = "af6a84c7c3e2b8b269c105a5db2f6d53" diff --git a/meta/recipes-devtools/perl/perl/0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch b/meta/recipes-devtools/perl/perl/0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch new file mode 100644 index 0000000000..c5db1b7060 --- /dev/null +++ b/meta/recipes-devtools/perl/perl/0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch @@ -0,0 +1,126 @@ +From ba6733216202523a95b0b7ee2e534b8e30b6d7df Mon Sep 17 00:00:00 2001 +From: Dominic Hargreaves <dom@earth.li> +Date: Sat, 14 Oct 2017 16:27:53 +0200 +Subject: [PATCH] Skip various tests if PERL_BUILD_PACKAGING is set + +These are tests which tend not to be useful for downstream packagers + +t/porting/customized.t change originally from Todd Rinaldo + +Upstream-Status: Backport[https://perl5.git.perl.org/perl.git/ba6733216202523a95b0b7ee2e534b8e30b6d7df] + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + INSTALL | 3 ++- + MANIFEST | 1 + + PACKAGING | 30 ++++++++++++++++++++++++++++++ + regen/lib_cleanup.pl | 5 +++++ + t/porting/customized.t | 1 + + t/test.pl | 3 +++ + 6 files changed, 42 insertions(+), 1 deletion(-) + create mode 100644 PACKAGING + +diff --git a/INSTALL b/INSTALL +index 636f4bd52f..1285fc69a2 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -2714,4 +2714,5 @@ This document is part of the Perl package and may be distributed under + the same terms as perl itself, with the following additional request: + If you are distributing a modified version of perl (perhaps as part of + a larger package) please B<do> modify these installation instructions +-and the contact information to match your distribution. ++and the contact information to match your distribution. Additional ++information for packagers is in F<PACKAGING>. +diff --git a/MANIFEST b/MANIFEST +index b3207030a9..32de824ca1 100644 +--- a/MANIFEST ++++ b/MANIFEST +@@ -4932,6 +4932,7 @@ os2/perlrexx.c Support perl interpreter embedded in REXX + os2/perlrexx.cmd Test perl interpreter embedded in REXX + overload.h generated overload enum (public) + overload.inc generated overload name table (implementation) ++PACKAGING notes and best practice for packaging perl 5 + packsizetables.inc The generated packprops array used in pp_pack.c + pad.c Scratchpad functions + pad.h Scratchpad headers +diff --git a/PACKAGING b/PACKAGING +new file mode 100644 +index 0000000000..0c69b87ba6 +--- /dev/null ++++ b/PACKAGING +@@ -0,0 +1,30 @@ ++If you read this file _as_is_, just ignore the funny characters you ++see. It is written in the POD format (see pod/perlpod.pod) which is ++specifically designed to be readable as is. ++ ++=head1 NAME ++ ++PACKAGING - notes and best practice for packaging perl 5 ++ ++=head1 SYNOPSIS ++ ++This document is aimed at anyone who is producing their own version of ++perl for distribution to other users. It is intended as a collection ++of useful tips, advice and best practice, rather than being a complete ++packaging manual. The starting point for installing perl remains ++F<INSTALL>. ++ ++=head1 Customizing test running ++ ++A small number of porting tests (those in t/porting) are not well suited ++to typical distribution packaging scenarios. For example, they assume ++they are working in a git clone of the upstream Perl repository, or ++enforce rules which are not relevant to downstream packagers. These can ++be skipped by setting the environment variable PERL_BUILD_PACKAGING. ++A complete list of tests which this applied to can be found by searching ++the codebase for this string. ++ ++An alternative strategy would be to skip all porting tests, but many of ++them are useful if additional patches might be applied. ++ ++=cut +diff --git a/regen/lib_cleanup.pl b/regen/lib_cleanup.pl +index 5e40b405a4..6caf74a563 100644 +--- a/regen/lib_cleanup.pl ++++ b/regen/lib_cleanup.pl +@@ -164,6 +164,11 @@ if ($TAP && !-d '.git' && !-f 'lib/.gitignore') { + exit 0; + } + ++if ($ENV{'PERL_BUILD_PACKAGING'}) { ++ print "ok # skip explicitly disabled git tests by PERL_BUILD_PACKAGING\n"; ++ exit 0; ++} ++ + $fh = open_new('lib/.gitignore', '>', + { by => $0, + from => 'MANIFEST and parsing files in cpan/ dist/ and ext/'}); +diff --git a/t/porting/customized.t b/t/porting/customized.t +index 45fcafb100..5c3739198c 100644 +--- a/t/porting/customized.t ++++ b/t/porting/customized.t +@@ -13,6 +13,7 @@ BEGIN { + @INC = qw(lib Porting t); + require 'test.pl'; + skip_all("pre-computed SHA1 won't match under EBCDIC") if $::IS_EBCDIC; ++ skip_all("This distro may have modified some files in cpan/. Skipping validation.") if $ENV{'PERL_BUILD_PACKAGING'}; + } + + use strict; +diff --git a/t/test.pl b/t/test.pl +index 79e6e25e95..1782dcf73c 100644 +--- a/t/test.pl ++++ b/t/test.pl +@@ -212,6 +212,9 @@ sub find_git_or_skip { + } else { + $reason = 'not being run from a git checkout'; + } ++ if ($ENV{'PERL_BUILD_PACKAGING'}) { ++ $reason = 'PERL_BUILD_PACKAGING is set'; ++ } + skip_all($reason) if $_[0] && $_[0] eq 'all'; + skip($reason, @_); + } +-- +2.17.1 + diff --git a/meta/recipes-devtools/perl/perl/CVE-2017-12837.patch b/meta/recipes-devtools/perl/perl/CVE-2017-12837.patch new file mode 100644 index 0000000000..0b59fcda3e --- /dev/null +++ b/meta/recipes-devtools/perl/perl/CVE-2017-12837.patch @@ -0,0 +1,32 @@ +From 73d7247ecab863ef26b5687a37ccc75d6144ad0f Mon Sep 17 00:00:00 2001 +From: Karl Williamson <khw@cpan.org> +Date: Tue, 17 Oct 2017 13:49:14 +0800 +Subject: [PATCH] fix CVE-2017-12837 + +Signed-off-by: Karl Williamson <khw@cpan.org> +Signed-off-by: Steve Hay <steve.m.hay@googlemail.com> + +CVE: CVE-2017-12837 +Upstream-Status: Backport +https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5 + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + regcomp.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/regcomp.c b/regcomp.c +index 5498d14..31ec383 100644 +--- a/regcomp.c ++++ b/regcomp.c +@@ -13021,6 +13021,7 @@ S_regatom(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth) + goto loopdone; + } + p = RExC_parse; ++ RExC_parse = parse_start; + if (ender > 0xff) { + REQUIRE_UTF8(flagp); + } +-- +1.8.3.1 + diff --git a/meta/recipes-devtools/perl/perl/CVE-2017-12883.patch b/meta/recipes-devtools/perl/perl/CVE-2017-12883.patch new file mode 100644 index 0000000000..5c1805f9e7 --- /dev/null +++ b/meta/recipes-devtools/perl/perl/CVE-2017-12883.patch @@ -0,0 +1,44 @@ +From 40b3cdad3649334585cee8f4630ec9a025e62be6 Mon Sep 17 00:00:00 2001 +From: Karl Williamson <khw@cpan.org> +Date: Fri, 25 Aug 2017 11:33:58 -0600 +Subject: [PATCH] PATCH: [perl #131598] + +The cause of this is that the vFAIL macro uses RExC_parse, and that +variable has just been changed in preparation for code after the vFAIL. +The solution is to not change RExC_parse until after the vFAIL. + +This is a case where the macro hides stuff that can bite you. + +(cherry picked from commit 2be4edede4ae226e2eebd4eff28cedd2041f300f) + +Upstream-Status: Backport +CVE: CVE-2017-12833 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + regcomp.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +Index: perl-5.24.1/regcomp.c +=================================================================== +--- perl-5.24.1.orig/regcomp.c ++++ perl-5.24.1/regcomp.c +@@ -11918,14 +11918,16 @@ S_grok_bslash_N(pTHX_ RExC_state_t *pREx + } + sv_catpv(substitute_parse, ")"); + +- RExC_parse = RExC_start = RExC_adjusted_start = SvPV(substitute_parse, +- len); ++ len = SvCUR(substitute_parse); + + /* Don't allow empty number */ + if (len < (STRLEN) 8) { + RExC_parse = endbrace; + vFAIL("Invalid hexadecimal number in \\N{U+...}"); + } ++ ++ RExC_parse = RExC_start = RExC_adjusted_start ++ = SvPV_nolen(substitute_parse); + RExC_end = RExC_parse + len; + + /* The values are Unicode, and therefore not subject to recoding, but diff --git a/meta/recipes-devtools/perl/perl/perl-5.26.1-guard_old_libcrypt_fix.patch b/meta/recipes-devtools/perl/perl/perl-5.26.1-guard_old_libcrypt_fix.patch new file mode 100644 index 0000000000..bb6c573c9a --- /dev/null +++ b/meta/recipes-devtools/perl/perl/perl-5.26.1-guard_old_libcrypt_fix.patch @@ -0,0 +1,28 @@ +commit 13e70b397dcb0d1bf4a869b670f041c1d7b730d0 +Author: Bjรถrn Esser <besser82@fedoraproject.org> +Date: Sat Jan 20 20:22:53 2018 +0100 + + pp: Guard fix for really old bug in glibc libcrypt + +Upstream-Status: Pending +Signed-off-by Richard Purdie <richard.purdie@linuxfoundation.org> + +diff --git a/pp.c b/pp.c +index d50ad7ddbf..6510c7b15c 100644 +--- a/pp.c ++++ b/pp.c +@@ -3650,8 +3650,12 @@ PP(pp_crypt) + #if defined(__GLIBC__) || defined(__EMX__) + if (PL_reentrant_buffer->_crypt_struct_buffer) { + PL_reentrant_buffer->_crypt_struct_buffer->initialized = 0; +- /* work around glibc-2.2.5 bug */ ++#if (defined(__GLIBC__) && __GLIBC__ == 2) && \ ++ (defined(__GLIBC_MINOR__) && __GLIBC_MINOR__ >= 2 && __GLIBC_MINOR__ < 4) ++ /* work around glibc-2.2.5 bug, has been fixed at some ++ * time in glibc-2.3.X */ + PL_reentrant_buffer->_crypt_struct_buffer->current_saltbits = 0; ++#endif + } + #endif + } + diff --git a/meta/recipes-devtools/perl/perl/perl-test-customized.patch b/meta/recipes-devtools/perl/perl/perl-test-customized.patch deleted file mode 100644 index 90e4dcd5fb..0000000000 --- a/meta/recipes-devtools/perl/perl/perl-test-customized.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 64df09205b6ccb5a434a4e53e8e0a32377ab634f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com> -Date: Thu, 24 Nov 2016 10:49:55 -0600 -Subject: [PATCH] The OE core recipies customize some ExtUtils-MakeMaker - modules, which causes their MD5 sum to mismatch the provided table and the - corresponding tests to fail. Also, we patch several test files with a - backported patch. Update list of hashes to reflect the patched files. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Bill Randle <william.c.randle@intel.com> -Signed-off-by: AnÃbal Limón <anibal.limon@linux.intel.com> ---- - t/porting/customized.dat | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/t/porting/customized.dat b/t/porting/customized.dat -index defeae1..b5d3c46 100644 ---- a/t/porting/customized.dat -+++ b/t/porting/customized.dat -@@ -18,12 +18,12 @@ Encode cpan/Encode/bin/unidump 715f47c2fcc661268f3c6cd3de0d27c72b745cd2 - Encode cpan/Encode/Encode.pm e146861ff2e6aaa62defa4887eade68dd7b17c8e - Encode cpan/Encode/encoding.pm 51c19efc9bfe8467d6ae12a4654f6e7f980715bf - ExtUtils::Constant cpan/ExtUtils-Constant/t/Constant.t a0369c919e216fb02767a637666bb4577ad79b02 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/bin/instmodsh 5bc04a0173b8b787f465271b6186220326ae8eef -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/bin/instmodsh 2070fe968fa344d89aea1bdc6a8dbb0c467d0612 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Command.pm e3a372e07392179711ea9972087c1105a2780fad - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Command/MM.pm b72721bd6aa9bf7ec328bda99a8fdb63cac6114d - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist.pm 0e1e4c25eddb999fec6c4dc66593f76db34cfd16 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist/Kid.pm bfd2aa00ca4ed251f342e1d1ad704abbaf5a615e --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm 5529ae3064365eafd99536621305d52f4ab31b45 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist/Kid.pm d593d8fdc5c0ebcb6d3701c70fc6640c50d93455 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm bf9174c70a0e50ff2fee4552c7df89b37d292da1 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker/Config.pm bc88b275af73b8faac6abd59a9aad3f625925810 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker/FAQ.pod 062e5d14a803fbbec8d61803086a3d7997e8a473 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker/Tutorial.pod a8a9cab7d67922ed3d6883c864e1fe29aaa6ad89 -@@ -33,7 +33,7 @@ ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Mkbootstrap.pm 412e95c3 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Mksymlists.pm 8559ef191b4371d0c381472464856a8a73825b2a - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM.pm 09d579ed9daea95c3bf47de2e0b8fe3aa0ff6447 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_AIX.pm f720c13748293b792f7073aa96e7daecb590b183 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Any.pm 243649a399d293ae7ad0f26b7eab2668aa864ce8 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Any.pm ec39f68802a6fee8daaa914fc7131f40533cfc23 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_BeOS.pm b63c90129303b2c17d084fb828aa2c02a2ad85b8 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Cygwin.pm cabd1c97eaa427067811d92807e34c17940c7350 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Darwin.pm 6a185d897a600c34615a6073f4de0ac2f54fef3e -@@ -42,7 +42,7 @@ ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_MacOS.pm 1f5eb772eed - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_NW5.pm de777d7809c0d73e5d4622a29921731c7e5dff48 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_OS2.pm 01e8f08a82b5304009574e3ac0892b4066ff7639 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_QNX.pm 5340052b58557a6764f5ac9f8b807fefec404a06 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm 3c3b93f431b0a51b9592b3d69624dbf5409f6f74 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm 0d6ed5e4bdcdcd28e968e8629a592fdd0cc84818 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_UWIN.pm 40397f4cd2d49700b80b4ef490da98add24c5b37 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_VMS.pm 147e97fbabb74841f0733dbd5d1b9f3fa51f87c1 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_VOS.pm 3f13ed7045ff3443bcb4dd6c95c98b9bd705820f -@@ -51,7 +51,7 @@ ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Win95.pm 48e8a2fe176 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MY.pm 6fefe99045b64459905d4721f3a494d8d50f7ab9 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/testlib.pm 172778ad21c065a89cd270668eb9f99a7364b41c - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/cd.t 0a71fbd646a7be8358b07b6f64f838243cc0aef4 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/echo.t 37aec8f794c52e037540757eb5b2556f79419ff7 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/echo.t 1a93dd8834e4bb0e5facf08204e782807567b2eb - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/lib/MakeMaker/Test/NoXS.pm 371cdff1b2375017907cfbc9c8f4a31f5ad10582 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/prereq.t 53bda2c549fd13a6b6c13a070ca6bc79883081c0 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/vstrings.t 90035a2bdbf45f15b9c3196d072d7cba7e662871 -@@ -165,7 +165,7 @@ bignum cpan/bignum/lib/bigrat.pm 7fccc9df30e43dbbae6e5ea91b26c8046545c9a9 - bignum cpan/bignum/lib/Math/BigFloat/Trace.pm a6b4b995e18f4083252e6dc72e9bef69671893dd - bignum cpan/bignum/lib/Math/BigInt/Trace.pm d9596963673760cae3eeeb752c1eeeec50bb2290 - libnet cpan/libnet/lib/Net/Cmd.pm a44a10c939a4c35f923c4638054178c32f1d283a --libnet cpan/libnet/lib/Net/Config.pm 9bd49bf4de0dc438bceee0ef4baf8ba7a6633327 -+libnet cpan/libnet/lib/Net/Config.pm 2873da5efbffed67934dd297ef6f360b3558cb0b - libnet cpan/libnet/lib/Net/Domain.pm 1bbed50f70fd1ff3e1cdf087b19a9349cddfaced - libnet cpan/libnet/lib/Net/FTP.pm 40dba553c8d44e1530daec2d07a6e50910401f2e - libnet cpan/libnet/lib/Net/FTP/A.pm c570b10730b168990034dcf9cb00e305a100f336 -@@ -176,6 +176,6 @@ libnet cpan/libnet/lib/Net/FTP/L.pm ac1599c775faee0474710e4f75051c8949f13df2 - libnet cpan/libnet/lib/Net/Netrc.pm 009cfc08f8a5bf247257acb64a21e1b6ad8b2c9c - libnet cpan/libnet/lib/Net/NNTP.pm 6325fc05fd9ef81dc8d461a77b2a3f56ad1ae114 - libnet cpan/libnet/lib/Net/POP3.pm 2d8065646df80061dae5a9e3465a36a6557165fd --libnet cpan/libnet/lib/Net/SMTP.pm f3ed7a177b49ee0ba65ac1c414de797cdbbe6886 -+libnet cpan/libnet/lib/Net/SMTP.pm f1beb42bfbef4333ed24ad63d5dd1aa5c67b20c7 - libnet cpan/libnet/lib/Net/Time.pm b3df8bbaa3bc253fbf77e8386c59a1b2aae13627 - version cpan/version/lib/version.pm ff75e2076be10bd4c05133cd979fda0b38ca8653 --- -2.1.4 - diff --git a/meta/recipes-devtools/perl/perl/run-ptest b/meta/recipes-devtools/perl/perl/run-ptest index 1e2dd1b66d..dad4d42916 100644 --- a/meta/recipes-devtools/perl/perl/run-ptest +++ b/meta/recipes-devtools/perl/perl/run-ptest @@ -1,2 +1,2 @@ #!/bin/sh -cd t && ./TEST | sed -u -e 's|\(.*\) .* ok$|PASS: \1|' -e 's|\(.*\) .* skipped|SKIP: \1|' -e 's|\(.*\) \.\(.*\)|FAIL: \1|' +cd t && PERL_BUILD_PACKAGING=1 ./TEST | sed -u -e 's|\(.*\) .* ok$|PASS: \1|' -e 's|\(.*\) .* skipped|SKIP: \1|' -e 's|\(.*\) \.\(.*\)|FAIL: \1|' diff --git a/meta/recipes-devtools/perl/perl_5.24.1.bb b/meta/recipes-devtools/perl/perl_5.24.1.bb index b55d2223e2..1a9b8d1c3e 100644 --- a/meta/recipes-devtools/perl/perl_5.24.1.bb +++ b/meta/recipes-devtools/perl/perl_5.24.1.bb @@ -64,13 +64,16 @@ SRC_URI += " \ file://perl-PathTools-don-t-filter-out-blib-from-INC.patch \ file://perl-errno-generation-gcc5.patch \ file://perl-fix-conflict-between-skip_all-and-END.patch \ - file://perl-test-customized.patch \ + file://perl-5.26.1-guard_old_libcrypt_fix.patch \ + file://CVE-2017-12883.patch \ + file://CVE-2017-12837.patch \ " # Fix test case issues SRC_URI_append_class-target = " \ file://test/dist-threads-t-join.t-adjust-ps-option.patch \ file://test/ext-DynaLoader-t-DynaLoader.t-fix-calling-dl_findfil.patch \ + file://0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch \ " SRC_URI[md5sum] = "af6a84c7c3e2b8b269c105a5db2f6d53" diff --git a/meta/recipes-devtools/python/python-3.5-manifest.inc b/meta/recipes-devtools/python/python-3.5-manifest.inc index 0260e87e75..710b22eaa3 100644 --- a/meta/recipes-devtools/python/python-3.5-manifest.inc +++ b/meta/recipes-devtools/python/python-3.5-manifest.inc @@ -194,7 +194,7 @@ FILES_${PN}-readline="${libdir}/python3.5/lib-dynload/readline.*.so ${libdir}/py SUMMARY_${PN}-reprlib="Python alternate repr() implementation" RDEPENDS_${PN}-reprlib="${PN}-core" -FILES_${PN}-reprlib="${libdir}/python3.5/reprlib.py ${libdir}/python3.5/__pycache__/reprlib.py " +FILES_${PN}-reprlib="${libdir}/python3.5/reprlib.* ${libdir}/python3.5/__pycache__/reprlib.* " SUMMARY_${PN}-resource="Python resource control interface" RDEPENDS_${PN}-resource="${PN}-core" diff --git a/meta/recipes-devtools/python/python-native_2.7.13.bb b/meta/recipes-devtools/python/python-native_2.7.14.bb index 7edf153489..5373ce6690 100644 --- a/meta/recipes-devtools/python/python-native_2.7.13.bb +++ b/meta/recipes-devtools/python/python-native_2.7.14.bb @@ -1,7 +1,7 @@ require python.inc EXTRANATIVEPATH += "bzip2-native" -DEPENDS = "openssl-native bzip2-replacement-native zlib-native readline-native sqlite3-native expat-native" +DEPENDS = "openssl-native bzip2-replacement-native zlib-native readline-native sqlite3-native expat-native gdbm-native db-native" PR = "${INC_PR}.1" SRC_URI += "\ @@ -17,6 +17,7 @@ SRC_URI += "\ file://builddir.patch \ file://parallel-makeinst-create-bindir.patch \ file://revert_use_of_sysconfigdata.patch \ + file://fix-gc-alignment.patch \ " S = "${WORKDIR}/Python-${PV}" @@ -39,6 +40,12 @@ do_configure_append() { autoreconf --verbose --install --force --exclude=autopoint ../Python-${PV}/Modules/_ctypes/libffi } +# Regenerate all of the generated files +# This ensures that pgen and friends get created during the compile phase +do_compile_prepend() { + oe_runmake regen-all +} + do_install() { oe_runmake 'DESTDIR=${D}' install install -d ${D}${bindir}/${PN} diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc index b40f551ab3..979b601bf1 100644 --- a/meta/recipes-devtools/python/python.inc +++ b/meta/recipes-devtools/python/python.inc @@ -5,12 +5,12 @@ SECTION = "devel/python" # bump this on every change in contrib/python/generate-manifest-2.7.py INC_PR = "r1" -LIC_FILES_CHKSUM = "file://LICENSE;md5=6b60258130e4ed10d3101517eb5b9385" +LIC_FILES_CHKSUM = "file://LICENSE;md5=f741e51de91d4eeea5930b9c3c7fa69d" SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz" -SRC_URI[md5sum] = "53b43534153bb2a0363f08bae8b9d990" -SRC_URI[sha256sum] = "35d543986882f78261f97787fd3e06274bfa6df29fac9b4a94f73930ff98f731" +SRC_URI[md5sum] = "1f6db41ad91d9eb0a6f0c769b8613c5b" +SRC_URI[sha256sum] = "71ffb26e09e78650e424929b2b457b9c912ac216576e6bd9e7d204ed03296a66" # python recipe is actually python 2.x # also, exclude pre-releases for both python 2.x and 3.x diff --git a/meta/recipes-devtools/python/python/01-use-proper-tools-for-cross-build.patch b/meta/recipes-devtools/python/python/01-use-proper-tools-for-cross-build.patch index 366ce3e400..e795a74b91 100644 --- a/meta/recipes-devtools/python/python/01-use-proper-tools-for-cross-build.patch +++ b/meta/recipes-devtools/python/python/01-use-proper-tools-for-cross-build.patch @@ -9,6 +9,9 @@ Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Rebased for python-2.7.9 Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> +Rebased for python-2.7.14 +Signed-off-by: Derek Straka <derek@asterius.io> + Index: Python-2.7.13/Makefile.pre.in =================================================================== --- Python-2.7.13.orig/Makefile.pre.in @@ -30,14 +33,14 @@ Index: Python-2.7.13/Makefile.pre.in # Create build directory and generate the sysconfig build-time data there. # pybuilddir.txt contains the name of the build dir and is used for -@@ -681,7 +682,7 @@ Modules/pwdmodule.o: $(srcdir)/Modules/p - - $(GRAMMAR_H): @GENERATED_COMMENT@ $(GRAMMAR_INPUT) $(PGEN) +@@ -663,7 +663,7 @@ + # Regenerate Include/graminit.h and Python/graminit.c + # from Grammar/Grammar using pgen @$(MKDIR_P) Include -- $(PGEN) $(GRAMMAR_INPUT) $(GRAMMAR_H) $(GRAMMAR_C) -+ $(HOSTPGEN) $(GRAMMAR_INPUT) $(GRAMMAR_H) $(GRAMMAR_C) - $(GRAMMAR_C): @GENERATED_COMMENT@ $(GRAMMAR_H) - touch $(GRAMMAR_C) +- $(PGEN) $(srcdir)/Grammar/Grammar \ ++ $(HOSTPGEN) $(srcdir)/Grammar/Grammar \ + $(srcdir)/Include/graminit.h \ + $(srcdir)/Python/graminit.c @@ -1121,27 +1122,27 @@ libinstall: build_all $(srcdir)/Lib/$(PL $(DESTDIR)$(LIBDEST)/distutils/tests ; \ diff --git a/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch b/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch deleted file mode 100644 index 38e53778dc..0000000000 --- a/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch +++ /dev/null @@ -1,41 +0,0 @@ -Upstream-Status: Backport - -Signed-off-by: Andreas Oberritter <obi@opendreambox.org> - -From 905d1b30ac7cb0e31c57cec0533825c8f170b942 Mon Sep 17 00:00:00 2001 -From: Victor Stinner <victor.stinner@gmail.com> -Date: Mon, 9 Jan 2017 11:10:41 +0100 -Subject: [PATCH] Don't use getentropy() on Linux - -Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but -read from /dev/urandom to get random bytes, for example in os.urandom(). On -Linux, getentropy() is implemented which getrandom() is blocking mode, whereas -os.urandom() should not block. - -(cherry picked from commit 2687486756721e39164fa9f597e468c35d495227) ---- - Python/random.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/Python/random.c b/Python/random.c -index b4bc1f3..f3f5d14 100644 ---- a/Python/random.c -+++ b/Python/random.c -@@ -94,8 +94,15 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) - } - - /* Issue #25003: Don't use getentropy() on Solaris (available since -- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ --#elif defined(HAVE_GETENTROPY) && !defined(sun) -+ Solaris 11.3), it is blocking whereas os.urandom() should not block. -+ -+ Issue #29188: Don't use getentropy() on Linux since the glibc 2.24 -+ implements it with the getrandom() syscall which can fail with ENOSYS, -+ and this error is not supported in py_getentropy() and getrandom() is called -+ with flags=0 which blocks until system urandom is initialized, which is not -+ the desired behaviour to seed the Python hash secret nor for os.urandom(): -+ see the PEP 524 which was only implemented in Python 3.6. */ -+#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux) - #define PY_GETENTROPY 1 - - /* Fill buffer with size pseudo-random bytes generated by getentropy(). diff --git a/meta/recipes-devtools/python/python/fix-gc-alignment.patch b/meta/recipes-devtools/python/python/fix-gc-alignment.patch new file mode 100644 index 0000000000..b63cd08747 --- /dev/null +++ b/meta/recipes-devtools/python/python/fix-gc-alignment.patch @@ -0,0 +1,43 @@ +Upstream-Status: Submitted +Signed-off-by: Ross Burton <ross.burton@intel.com> + +Fix for over-aligned GC info +Patch by Florian Weimer + +See: https://bugzilla.redhat.com/show_bug.cgi?id=1540316 +Upstream discussion: https://mail.python.org/pipermail/python-dev/2018-January/152000.html + +diff --git a/Include/objimpl.h b/Include/objimpl.h +index 55e83eced6..aa906144dc 100644 +--- a/Include/objimpl.h ++++ b/Include/objimpl.h +@@ -248,6 +248,18 @@ PyAPI_FUNC(PyVarObject *) _PyObject_GC_Resize(PyVarObject *, Py_ssize_t); + /* for source compatibility with 2.2 */ + #define _PyObject_GC_Del PyObject_GC_Del + ++/* Former over-aligned definition of PyGC_Head, used to compute the ++ size of the padding for the new version below. */ ++union _gc_head; ++union _gc_head_old { ++ struct { ++ union _gc_head *gc_next; ++ union _gc_head *gc_prev; ++ Py_ssize_t gc_refs; ++ } gc; ++ long double dummy; ++}; ++ + /* GC information is stored BEFORE the object structure. */ + typedef union _gc_head { + struct { +@@ -255,7 +267,8 @@ typedef union _gc_head { + union _gc_head *gc_prev; + Py_ssize_t gc_refs; + } gc; +- long double dummy; /* force worst-case alignment */ ++ double dummy; /* force worst-case alignment */ ++ char dummy_padding[sizeof(union _gc_head_old)]; + } PyGC_Head; + + extern PyGC_Head *_PyGC_generation0; +
\ No newline at end of file diff --git a/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch b/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch index 669112dab0..90dcd57c04 100644 --- a/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch +++ b/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch @@ -15,7 +15,7 @@ diff -ruN a/Makefile.pre.in b/Makefile.pre.in +TESTOPTS= -l -v $(EXTRATESTOPTS) TESTPROG= $(srcdir)/Lib/test/regrtest.py -TESTPYTHON= $(RUNSHARED) ./$(BUILDPYTHON) -Wd -3 -E -tt $(TESTPYTHONOPTS) --test: all platform +-test: @DEF_MAKE_RULE@ platform - -find $(srcdir)/Lib -name '*.py[co]' -print | xargs rm -f +TESTPYTHON= $(RUNSHARED) $(BUILDPYTHON) -Wd -3 -E -tt $(TESTPYTHONOPTS) +test: build-test @@ -26,8 +26,8 @@ diff -ruN a/Makefile.pre.in b/Makefile.pre.in -$(TESTPYTHON) $(TESTPROG) $(TESTOPTS) $(TESTPYTHON) $(TESTPROG) $(TESTOPTS) -+build-test: all platform ++build-test: @DEF_MAKE_RULE@ platform + - testall: all platform + testall: @DEF_MAKE_RULE@ platform -find $(srcdir)/Lib -name '*.py[co]' -print | xargs rm -f $(TESTPYTHON) $(srcdir)/Lib/compileall.py diff --git a/meta/recipes-devtools/python/python/parallel-makeinst-create-bindir.patch b/meta/recipes-devtools/python/python/parallel-makeinst-create-bindir.patch index 951cb466ff..abab41e957 100644 --- a/meta/recipes-devtools/python/python/parallel-makeinst-create-bindir.patch +++ b/meta/recipes-devtools/python/python/parallel-makeinst-create-bindir.patch @@ -8,12 +8,12 @@ Upstream-Status: Pending --- Python-2.7.3.orig/Makefile.pre.in +++ Python-2.7.3/Makefile.pre.in -@@ -1008,7 +1008,7 @@ LIBPL= $(LIBP)/config +@@ -1187,7 +1187,7 @@ LIBPC= $(LIBDIR)/pkgconfig - - libainstall: all python-config + + libainstall: @DEF_MAKE_RULE@ python-config - @for i in $(LIBDIR) $(LIBP) $(LIBPL) $(LIBPC); \ + @for i in $(LIBDIR) $(LIBP) $(LIBPL) $(LIBPC) $(BINDIR); \ - do \ - if test ! -d $(DESTDIR)$$i; then \ - echo "Creating directory $$i"; \ + do \ + if test ! -d $(DESTDIR)$$i; then \ + echo "Creating directory $$i"; \ diff --git a/meta/recipes-devtools/python/python3-native_3.5.3.bb b/meta/recipes-devtools/python/python3-native_3.5.3.bb index 8cd9c88a82..1da87ca4e4 100644 --- a/meta/recipes-devtools/python/python3-native_3.5.3.bb +++ b/meta/recipes-devtools/python/python3-native_3.5.3.bb @@ -45,7 +45,7 @@ inherit native require python-native-${PYTHON_MAJMIN}-manifest.inc # uninative may be used on pre glibc 2.25 systems which don't have getentropy -EXTRA_OECONF_append = " --bindir=${bindir}/${PN} --without-ensurepip ac_cv_func_getentropy=no" +EXTRA_OECONF_append = " --bindir=${bindir}/${PN} --without-ensurepip" EXTRA_OEMAKE = '\ LIBC="" \ diff --git a/meta/recipes-devtools/python/python_2.7.13.bb b/meta/recipes-devtools/python/python_2.7.14.bb index 754c029097..35b6324970 100644 --- a/meta/recipes-devtools/python/python_2.7.13.bb +++ b/meta/recipes-devtools/python/python_2.7.14.bb @@ -26,9 +26,9 @@ SRC_URI += "\ file://parallel-makeinst-create-bindir.patch \ file://use_sysroot_ncurses_instead_of_host.patch \ file://add-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch \ - file://Don-t-use-getentropy-on-Linux.patch \ file://pass-missing-libraries-to-Extension-for-mul.patch \ file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \ + file://fix-gc-alignment.patch \ " S = "${WORKDIR}/Python-${PV}" diff --git a/meta/recipes-devtools/rsync/rsync_3.1.2.bb b/meta/recipes-devtools/rsync/rsync_3.1.3.bb index 103198487b..84a02586be 100644 --- a/meta/recipes-devtools/rsync/rsync_3.1.2.bb +++ b/meta/recipes-devtools/rsync/rsync_3.1.3.bb @@ -2,8 +2,8 @@ require rsync.inc SRC_URI += "file://makefile-no-rebuild.patch" -SRC_URI[md5sum] = "0f758d7e000c0f7f7d3792610fad70cb" -SRC_URI[sha256sum] = "ecfa62a7fa3c4c18b9eccd8c16eaddee4bd308a76ea50b5c02a5840f09c0a1c2" +SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf" +SRC_URI[sha256sum] = "55cc554efec5fdaad70de921cd5a5eeb6c29a95524c715f3bbf849235b0800c0" # GPLv2+ (<< 3.0.0), GPLv3+ (>= 3.0.0) LICENSE = "GPLv3+" diff --git a/meta/recipes-devtools/ruby/ruby.inc b/meta/recipes-devtools/ruby/ruby.inc index d71989889e..9a52a6965f 100644 --- a/meta/recipes-devtools/ruby/ruby.inc +++ b/meta/recipes-devtools/ruby/ruby.inc @@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "\ file://LEGAL;md5=daf349ad59dd19bd8c919171bff3c5d6 \ " -DEPENDS = "ruby-native zlib openssl tcl libyaml db gdbm readline" +DEPENDS = "ruby-native zlib openssl tcl libyaml gdbm readline" DEPENDS_class-native = "openssl-native libyaml-native" SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}" diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch deleted file mode 100644 index 88e693c94e..0000000000 --- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 8f782fd8e181d9cfe9387ded43a5ca9692266b85 Mon Sep 17 00:00:00 2001 -From: Florian Frank <flori@ping.de> -Date: Thu, 2 Mar 2017 12:12:33 +0100 -Subject: [PATCH] Fix arbitrary heap exposure problem - -Upstream-Status: Backport -CVE: CVE-2017-14064 - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - ext/json/generator/generator.c | 12 ++++++------ - ext/json/generator/generator.h | 1 - - 2 files changed, 6 insertions(+), 7 deletions(-) - -diff --git a/ext/json/generator/generator.c b/ext/json/generator/generator.c -index ef85bb7..c88818c 100644 ---- a/ext/json/generator/generator.c -+++ b/ext/json/generator/generator.c -@@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, unsigned long len) { - char *result; - if (len <= 0) return NULL; - result = ALLOC_N(char, len); -- memccpy(result, ptr, 0, len); -+ memcpy(result, ptr, len); - return result; - } - -@@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent) - } - } else { - if (state->indent) ruby_xfree(state->indent); -- state->indent = strdup(RSTRING_PTR(indent)); -+ state->indent = fstrndup(RSTRING_PTR(indent), len); - state->indent_len = len; - } - return Qnil; -@@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self, VALUE space) - } - } else { - if (state->space) ruby_xfree(state->space); -- state->space = strdup(RSTRING_PTR(space)); -+ state->space = fstrndup(RSTRING_PTR(space), len); - state->space_len = len; - } - return Qnil; -@@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before) - } - } else { - if (state->space_before) ruby_xfree(state->space_before); -- state->space_before = strdup(RSTRING_PTR(space_before)); -+ state->space_before = fstrndup(RSTRING_PTR(space_before), len); - state->space_before_len = len; - } - return Qnil; -@@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl) - } - } else { - if (state->object_nl) ruby_xfree(state->object_nl); -- state->object_nl = strdup(RSTRING_PTR(object_nl)); -+ state->object_nl = fstrndup(RSTRING_PTR(object_nl), len); - state->object_nl_len = len; - } - return Qnil; -@@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl) - } - } else { - if (state->array_nl) ruby_xfree(state->array_nl); -- state->array_nl = strdup(RSTRING_PTR(array_nl)); -+ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len); - state->array_nl_len = len; - } - return Qnil; -diff --git a/ext/json/generator/generator.h b/ext/json/generator/generator.h -index 900b4d5..c367a62 100644 ---- a/ext/json/generator/generator.h -+++ b/ext/json/generator/generator.h -@@ -1,7 +1,6 @@ - #ifndef _GENERATOR_H_ - #define _GENERATOR_H_ - --#include <string.h> - #include <math.h> - #include <ctype.h> - --- -2.10.2 - diff --git a/meta/recipes-devtools/ruby/ruby_2.4.1.bb b/meta/recipes-devtools/ruby/ruby_2.4.4.bb index 7d27ac84ec..61fcedbf82 100644 --- a/meta/recipes-devtools/ruby/ruby_2.4.1.bb +++ b/meta/recipes-devtools/ruby/ruby_2.4.4.bb @@ -6,11 +6,10 @@ SRC_URI += " \ file://ruby-CVE-2017-9227.patch \ file://ruby-CVE-2017-9228.patch \ file://ruby-CVE-2017-9229.patch \ - file://ruby-CVE-2017-14064.patch \ " -SRC_URI[md5sum] = "782bca562e474dd25956dd0017d92677" -SRC_URI[sha256sum] = "a330e10d5cb5e53b3a0078326c5731888bb55e32c4abfeb27d9e7f8e5d000250" +SRC_URI[md5sum] = "d50e00ccc1c9cf450f837b92d3ed3e88" +SRC_URI[sha256sum] = "254f1c1a79e4cc814d1e7320bc5bdd995dc57e08727d30a767664619a9c8ae5a" # it's unknown to configure script, but then passed to extconf.rb # maybe it's not really needed as we're hardcoding the result with @@ -21,7 +20,7 @@ PACKAGECONFIG ??= "" PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" PACKAGECONFIG[valgrind] = "--with-valgrind=yes, --with-valgrind=no, valgrind" -PACKAGECONFIG[gpm] = "--with-gmp=yes, --with-gmp=no, gmp" +PACKAGECONFIG[gmp] = "--with-gmp=yes, --with-gmp=no, gmp" PACKAGECONFIG[ipv6] = ",--enable-wide-getaddrinfo," EXTRA_AUTORECONF += "--exclude=aclocal" diff --git a/meta/recipes-devtools/valgrind/valgrind/0001-fix-opcode-not-supported-on-mips32-linux.patch b/meta/recipes-devtools/valgrind/valgrind/0001-fix-opcode-not-supported-on-mips32-linux.patch new file mode 100644 index 0000000000..39b624d9f6 --- /dev/null +++ b/meta/recipes-devtools/valgrind/valgrind/0001-fix-opcode-not-supported-on-mips32-linux.patch @@ -0,0 +1,82 @@ +From fb5362f205b37c5060fcd764a7ed393abe4f2f3d Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Fri, 27 Jul 2018 17:39:37 +0800 +Subject: [PATCH 1/2] fix opcode not supported on mips32-linux + +While build tests(`make check') on mips32-linux, there are +serial failures such as: +[snip] +| mips-wrsmllib32-linux-gcc -meb -mabi=32 -mhard-float -c +-o atomic_incs-atomic_incs.o `test -f 'atomic_incs.c' || echo +'../../../valgrind-3.13.0/memcheck/tests/'`atomic_incs.c +| /tmp/ccqrmINN.s: Assembler messages: +| /tmp/ccqrmINN.s:247: Error: opcode not supported on this +processor: mips1 (mips1) `ll $t3,0($t1)' +| /tmp/ccqrmINN.s:249: Error: opcode not supported on this +processor: mips1 (mips1) `sc $t3,0($t1)' +[snip] + +Since the following commit applied, it defines CLFAGS for mips32, +but missed to pass them to tests which caused the above failure +... +3e344c57f Merge in a port for mips32-linux +... + +Upstream-Status: Submitted [https://bugs.kde.org/show_bug.cgi?id=396905] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + helgrind/tests/Makefile.am | 5 +++++ + memcheck/tests/Makefile.am | 5 +++++ + none/tests/mips32/Makefile.am | 4 ++++ + 3 files changed, 14 insertions(+) + +diff --git a/helgrind/tests/Makefile.am b/helgrind/tests/Makefile.am +index ad1af191a..6209d35a7 100644 +--- a/helgrind/tests/Makefile.am ++++ b/helgrind/tests/Makefile.am +@@ -214,6 +214,11 @@ check_PROGRAMS += annotate_rwlock + endif + + AM_CFLAGS += $(AM_FLAG_M3264_PRI) ++ ++if VGCONF_PLATFORMS_INCLUDE_MIPS32_LINUX ++AM_CFLAGS += $(AM_CFLAGS_MIPS32_LINUX) ++endif ++ + AM_CXXFLAGS += $(AM_FLAG_M3264_PRI) + + LDADD = -lpthread +diff --git a/memcheck/tests/Makefile.am b/memcheck/tests/Makefile.am +index 84e49405f..aff861a32 100644 +--- a/memcheck/tests/Makefile.am ++++ b/memcheck/tests/Makefile.am +@@ -443,6 +443,11 @@ check_PROGRAMS += reach_thread_register + endif + + AM_CFLAGS += $(AM_FLAG_M3264_PRI) ++ ++if VGCONF_PLATFORMS_INCLUDE_MIPS32_LINUX ++AM_CFLAGS += $(AM_CFLAGS_MIPS32_LINUX) ++endif ++ + AM_CXXFLAGS += $(AM_FLAG_M3264_PRI) + + if VGCONF_PLATFORMS_INCLUDE_ARM_LINUX +diff --git a/none/tests/mips32/Makefile.am b/none/tests/mips32/Makefile.am +index d11591d45..602cd26f6 100644 +--- a/none/tests/mips32/Makefile.am ++++ b/none/tests/mips32/Makefile.am +@@ -99,6 +99,10 @@ check_PROGRAMS = \ + round_fpu64 \ + fpu_branches + ++if VGCONF_PLATFORMS_INCLUDE_MIPS32_LINUX ++AM_CFLAGS += $(AM_CFLAGS_MIPS32_LINUX) ++endif ++ + AM_CFLAGS += @FLAG_M32@ + AM_CXXFLAGS += @FLAG_M32@ + AM_CCASFLAGS += @FLAG_M32@ +-- +2.17.1 + diff --git a/meta/recipes-devtools/valgrind/valgrind/0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch b/meta/recipes-devtools/valgrind/valgrind/0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch new file mode 100644 index 0000000000..6df295f8a2 --- /dev/null +++ b/meta/recipes-devtools/valgrind/valgrind/0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch @@ -0,0 +1,47 @@ +From 63ce36396348e7c4c021cffa652d2e3d20f7963a Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Fri, 27 Jul 2018 17:51:54 +0800 +Subject: [PATCH 2/2] fix broken inline asm in tests on mips32-linux + +While build tests(`make check') with gcc 8.1.0 on mips32-linux, +there is a failure +[snip] +|mips-wrsmllib32-linux-gcc -meb -mabi=32 -mhard-float -march=mips32 +-c -o tc08_hbl2-tc08_hbl2.o `test -f 'tc08_hbl2.c' || echo '../../../ +valgrind-3.13.0/helgrind/tests/'`tc08_hbl2.c +|/tmp/cc37aJxQ.s: Assembler messages: +|/tmp/cc37aJxQ.s:275: Error: symbol `L1xyzzy1main' is already defined +|Makefile:1323: recipe for target 'tc08_hbl2-tc08_hbl2.o' failed +[snip] + +Remove the duplicated L1xyzzy1main, and use local symbol to replace. +http://tigcc.ticalc.org/doc/gnuasm.html#SEC46 + +Upstream-Status: Submitted [https://bugs.kde.org/show_bug.cgi?id=396906] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + helgrind/tests/tc08_hbl2.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/helgrind/tests/tc08_hbl2.c b/helgrind/tests/tc08_hbl2.c +index 2a757a008..f660d82dd 100644 +--- a/helgrind/tests/tc08_hbl2.c ++++ b/helgrind/tests/tc08_hbl2.c +@@ -121,12 +121,12 @@ + #elif defined(PLAT_mips32_linux) || defined(PLAT_mips64_linux) + # define INC(_lval,_lqual) \ + __asm__ __volatile__ ( \ +- "L1xyzzy1" _lqual":\n" \ ++ "1:\n" \ + " move $t0, %0\n" \ + " ll $t1, 0($t0)\n" \ + " addiu $t1, $t1, 1\n" \ + " sc $t1, 0($t0)\n" \ +- " beqz $t1, L1xyzzy1" _lqual \ ++ " beqz $t1, 1b\n" \ + : /*out*/ : /*in*/ "r"(&(_lval)) \ + : /*trash*/ "t0", "t1", "memory" \ + ) +-- +2.17.1 + diff --git a/meta/recipes-devtools/valgrind/valgrind/0002-remove-rpath.patch b/meta/recipes-devtools/valgrind/valgrind/0002-remove-rpath.patch deleted file mode 100644 index e9112da0cb..0000000000 --- a/meta/recipes-devtools/valgrind/valgrind/0002-remove-rpath.patch +++ /dev/null @@ -1,35 +0,0 @@ -From f96cf1f4eaa72860ab8b5e18ad10fdc704d78c5f Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Tue, 15 Dec 2015 15:01:34 +0200 -Subject: [PATCH 2/5] remove rpath - -Upstream-Status: Inappropriate [embedded config] -Signed-off-by: Saul Wold <sgw@linux.intel.com> ---- - none/tests/Makefile.am | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/none/tests/Makefile.am b/none/tests/Makefile.am -index 54f2a7e..25b0f49 100644 ---- a/none/tests/Makefile.am -+++ b/none/tests/Makefile.am -@@ -326,7 +326,6 @@ threadederrno_CFLAGS += --std=c99 - endif - tls_SOURCES = tls.c tls2.c - tls_DEPENDENCIES = tls.so tls2.so --tls_LDFLAGS = -Wl,-rpath,$(abs_top_builddir)/none/tests - tls_LDADD = tls.so tls2.so -lpthread - tls_so_SOURCES = tls_so.c - tls_so_DEPENDENCIES = tls2.so -@@ -334,7 +333,7 @@ if VGCONF_OS_IS_DARWIN - tls_so_LDFLAGS = -dynamic -dynamiclib -all_load -fpic - tls_so_LDADD = `pwd`/tls2.so - else -- tls_so_LDFLAGS = -Wl,-rpath,$(abs_top_builddir)/none/tests -shared -fPIC -+ tls_so_LDFLAGS = -shared -fPIC - tls_so_LDADD = tls2.so - endif - tls_so_CFLAGS = $(AM_CFLAGS) -fPIC --- -2.6.2 - diff --git a/meta/recipes-devtools/valgrind/valgrind/mask-CPUID-support-in-HWCAP-on-aarch64.patch b/meta/recipes-devtools/valgrind/valgrind/mask-CPUID-support-in-HWCAP-on-aarch64.patch new file mode 100644 index 0000000000..89a95b82fe --- /dev/null +++ b/meta/recipes-devtools/valgrind/valgrind/mask-CPUID-support-in-HWCAP-on-aarch64.patch @@ -0,0 +1,36 @@ +Fix runtime Valgrind failure + +This patch is derived from +https://bugzilla.redhat.com/show_bug.cgi?id=1464211 + +At runtime it will fails like this: + +ARM64 front end: branch_etc +disInstr(arm64): unhandled instruction 0xD5380001 +disInstr(arm64): 1101'0101 0011'1000 0000'0000 0000'0001 ==2082== +valgrind: Unrecognised instruction at address 0x4014e64. + +This patch is a workaround by masking all HWCAP + +Upstream-Status: Pending + +Signed-off-by: Manjukumar Matha <manjukumar.harthikote-matha@xilinx.com> + +Index: valgrind-3.13.0/coregrind/m_initimg/initimg-linux.c +=================================================================== + +--- valgrind-3.13.0.orig/coregrind/m_initimg/initimg-linux.c 2018-03-04 22:22:17.698572675 -0800 ++++ valgrind-3.13.0/coregrind/m_initimg/initimg-linux.c 2018-03-04 22:23:25.727815624 -0800 +@@ -703,6 +703,12 @@ + (and anything above) are not supported by Valgrind. */ + auxv->u.a_val &= VKI_HWCAP_S390_TE - 1; + } ++# elif defined(VGP_arm64_linux) ++ { ++ /* Linux 4.11 started populating this for arm64, but we ++ currently don't support any. */ ++ auxv->u.a_val = 0; ++ } + # endif + break; + # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux) diff --git a/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch b/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch index 51259db001..4b531b42ea 100644 --- a/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch +++ b/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch @@ -12,6 +12,11 @@ The #ifdef HAS_VSX guard is wrongly placed. It makes the standard include headers not be used. Causing a build failure. Fix by moving the #ifdef HAS_VSX after the standard includes. +[v2 changes] +- Add #ifdef HAS_VSX guard correctly for ppc64 test_isa_2_06_partx.c + test cases. The changes are similar to what was done for ppc32. + +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Index: none/tests/ppc32/test_isa_2_06_part3.c =================================================================== --- a/none/tests/ppc32/test_isa_2_06_part3.c (revision 16449) @@ -85,3 +90,76 @@ Index: none/tests/ppc32/test_isa_2_06_part2.c #ifndef __powerpc64__ typedef uint32_t HWord_t; #else +Index: none/tests/ppc64/test_isa_2_06_part3.c +=================================================================== +--- a/none/tests/ppc64/test_isa_2_06_part3.c (revision 16449) ++++ b/none/tests/ppc64/test_isa_2_06_part3.c (revision 16450) +@@ -20,17 +20,18 @@ + The GNU General Public License is contained in the file COPYING. + */ + +-#ifdef HAS_VSX +- + #include <stdio.h> + #include <stdint.h> + #include <stdlib.h> + #include <string.h> + #include <malloc.h> +-#include <altivec.h> + #include <math.h> + #include <unistd.h> // getopt + ++#ifdef HAS_VSX ++ ++#include <altivec.h> ++ + #ifndef __powerpc64__ + typedef uint32_t HWord_t; + #else +Index: none/tests/ppc64/test_isa_2_06_part1.c +=================================================================== +--- a/none/tests/ppc64/test_isa_2_06_part1.c (revision 16449) ++++ b/none/tests/ppc64/test_isa_2_06_part1.c (revision 16450) +@@ -20,13 +20,14 @@ + The GNU General Public License is contained in the file COPYING. + */ + +-#ifdef HAS_VSX +- + #include <stdio.h> + #include <stdint.h> + #include <stdlib.h> + #include <string.h> + #include <malloc.h> ++ ++#ifdef HAS_VSX ++ + #include <altivec.h> + + #ifndef __powerpc64__ +Index: none/tests/ppc64/test_isa_2_06_part2.c +=================================================================== +--- a/none/tests/ppc64/test_isa_2_06_part2.c (revision 16449) ++++ b/none/tests/ppc64/test_isa_2_06_part2.c (revision 16450) +@@ -20,17 +20,18 @@ + The GNU General Public License is contained in the file COPYING. + */ + +-#ifdef HAS_VSX +- + #include <stdio.h> + #include <stdint.h> + #include <stdlib.h> + #include <string.h> + #include <malloc.h> +-#include <altivec.h> + #include <math.h> + #include <unistd.h> // getopt + ++#ifdef HAS_VSX ++ ++#include <altivec.h> ++ + #ifndef __powerpc64__ + typedef uint32_t HWord_t; + #else diff --git a/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb b/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb index bf3cfd7f36..39ec6f5cc8 100644 --- a/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb +++ b/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb @@ -16,7 +16,6 @@ SRC_URI = "ftp://sourceware.org/pub/valgrind/valgrind-${PV}.tar.bz2 \ file://fixed-perl-path.patch \ file://Added-support-for-PPC-instructions-mfatbu-mfatbl.patch \ file://run-ptest \ - file://0002-remove-rpath.patch \ file://0004-Fix-out-of-tree-builds.patch \ file://0005-Modify-vg_test-wrapper-to-support-PTEST-formats.patch \ file://0001-Remove-tests-that-fail-to-build-on-some-PPC32-config.patch \ @@ -37,6 +36,9 @@ SRC_URI = "ftp://sourceware.org/pub/valgrind/valgrind-${PV}.tar.bz2 \ file://0003-tests-seg_override-Replace-__modify_ldt-with-syscall.patch \ file://link-gz-tests.patch \ file://ppc-headers.patch \ + file://mask-CPUID-support-in-HWCAP-on-aarch64.patch \ + file://0001-fix-opcode-not-supported-on-mips32-linux.patch \ + file://0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch \ " SRC_URI[md5sum] = "817dd08f1e8a66336b9ff206400a5369" SRC_URI[sha256sum] = "d76680ef03f00cd5e970bbdcd4e57fb1f6df7d2e2c071635ef2be74790190c3b" @@ -54,7 +56,6 @@ COMPATIBLE_HOST_linux-gnux32 = 'null' COMPATIBLE_HOST_linux-muslx32 = 'null' # Disable for some MIPS variants -COMPATIBLE_HOST_mipsarchn32 = 'null' COMPATIBLE_HOST_mipsarchr6 = 'null' inherit autotools ptest multilib_header @@ -86,6 +87,8 @@ def get_mcpu(d): do_configure_prepend () { rm -rf ${S}/config.h + sed -i -e 's:$(abs_top_builddir):$(pkglibdir)/ptest:g' ${S}/none/tests/Makefile.am + sed -i -e 's:$(top_builddir):$(pkglibdir)/ptest:g' ${S}/memcheck/tests/Makefile.am } do_install_append () { diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb index de668d6d2b..acbf80a685 100644 --- a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb +++ b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb @@ -2,13 +2,13 @@ SUMMARY = "Very high-quality data compression program" DESCRIPTION = "bzip2 compresses files using the Burrows-Wheeler block-sorting text compression algorithm, and \ Huffman coding. Compression is generally considerably better than that achieved by more conventional \ LZ77/LZ78-based compressors, and approaches the performance of the PPM family of statistical compressors." -HOMEPAGE = "http://www.bzip.org/" +HOMEPAGE = "https://sourceware.org/bzip2/" SECTION = "console/utils" LICENSE = "bzip2" LIC_FILES_CHKSUM = "file://LICENSE;beginline=8;endline=37;md5=40d9d1eb05736d1bfc86cfdd9106e6b2" PR = "r5" -SRC_URI = "http://www.bzip.org/${PV}/${BP}.tar.gz \ +SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/${BP}.tar.gz \ file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \ file://configure.ac;subdir=${BP} \ file://Makefile.am;subdir=${BP} \ @@ -19,7 +19,7 @@ SRC_URI = "http://www.bzip.org/${PV}/${BP}.tar.gz \ SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b" SRC_URI[sha256sum] = "a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd" -UPSTREAM_CHECK_URI = "http://www.bzip.org/downloads.html" +UPSTREAM_CHECK_URI = "https://www.sourceware.org/bzip2/" PACKAGES =+ "libbz2" diff --git a/meta/recipes-extended/lsb/lsbtest/packages_list b/meta/recipes-extended/lsb/lsbtest/packages_list index 959f931504..1a6c11699a 100644 --- a/meta/recipes-extended/lsb/lsbtest/packages_list +++ b/meta/recipes-extended/lsb/lsbtest/packages_list @@ -1,7 +1,7 @@ LSB_RELEASE="released-5.0" LSB_ARCH="lsbarch" -BASE_PACKAGES_LIST="lsb-setup-4.1.0-1.noarch.rpm" +BASE_PACKAGES_LIST="lsb-setup-5.0.0-2.noarch.rpm" RUNTIME_BASE_PACKAGES_LIST="lsb-dist-checker-5.0.0.1-1.targetarch.rpm \ lsb-tet3-lite-3.7-27.lsb5.targetarch.rpm \ diff --git a/meta/recipes-extended/lsof/lsof_4.89.bb b/meta/recipes-extended/lsof/lsof_4.89.bb index 14546db23c..b58b8281f9 100644 --- a/meta/recipes-extended/lsof/lsof_4.89.bb +++ b/meta/recipes-extended/lsof/lsof_4.89.bb @@ -11,12 +11,12 @@ LIC_FILES_CHKSUM = "file://00README;beginline=645;endline=679;md5=964df275d26429 # https://people.freebsd.org/~abe/ ). http://www.mirrorservice.org seems to be # the most commonly used alternative. -SRC_URI = "http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_${PV}.tar.bz2 \ +SRC_URI = "http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/OLD/lsof_${PV}.tar.gz \ file://lsof-remove-host-information.patch \ " -SRC_URI[md5sum] = "1b9cd34f3fb86856a125abbf2be3a386" -SRC_URI[sha256sum] = "81ac2fc5fdc944793baf41a14002b6deb5a29096b387744e28f8c30a360a3718" +SRC_URI[md5sum] = "8afbaff3ee308edc130bdc5df0801c8f" +SRC_URI[sha256sum] = "5d08da7ebe049c9d9a6472d6afb81aa5af54c4733a3f8822cbc22b57867633c9" LOCALSRC = "file://${WORKDIR}/lsof_${PV}/lsof_${PV}_src.tar" diff --git a/meta/recipes-extended/minicom/minicom_2.7.1.bb b/meta/recipes-extended/minicom/minicom_2.7.1.bb index 1a31a872d6..78edffaf4c 100644 --- a/meta/recipes-extended/minicom/minicom_2.7.1.bb +++ b/meta/recipes-extended/minicom/minicom_2.7.1.bb @@ -7,7 +7,7 @@ LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=420477abc567404debca0a2a1cb6b645 \ file://src/minicom.h;beginline=1;endline=12;md5=a58838cb709f0db517f4e42730c49e81" -SRC_URI = "https://alioth.debian.org/frs/download.php/latestfile/3/${BP}.tar.gz \ +SRC_URI = "${DEBIAN_MIRROR}/main/m/${BPN}/${BPN}_${PV}.orig.tar.gz \ file://allow.to.disable.lockdev.patch \ file://0001-fix-minicom-h-v-return-value-is-not-0.patch \ file://0001-Fix-build-issus-surfaced-due-to-musl.patch \ diff --git a/meta/recipes-extended/shadow/files/CVE-2016-6252.patch b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch new file mode 100644 index 0000000000..bdaba5eecd --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch @@ -0,0 +1,48 @@ +From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001 +From: Sebastian Krahmer <krahmer@suse.com> +Date: Wed, 3 Aug 2016 11:51:07 -0500 +Subject: [PATCH] Simplify getulong + +Use strtoul to read an unsigned long, rather than reading +a signed long long and casting it. + +https://bugzilla.suse.com/show_bug.cgi?id=979282 + +Upstream-Status: Backport +Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> +--- + lib/getulong.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/lib/getulong.c b/lib/getulong.c +index 61579ca..08d2c1a 100644 +--- a/lib/getulong.c ++++ b/lib/getulong.c +@@ -44,22 +44,19 @@ + */ + int getulong (const char *numstr, /*@out@*/unsigned long int *result) + { +- long long int val; ++ unsigned long int val; + char *endptr; + + errno = 0; +- val = strtoll (numstr, &endptr, 0); ++ val = strtoul (numstr, &endptr, 0); + if ( ('\0' == *numstr) + || ('\0' != *endptr) + || (ERANGE == errno) +- /*@+ignoresigns@*/ +- || (val != (unsigned long int)val) +- /*@=ignoresigns@*/ + ) { + return 0; + } + +- *result = (unsigned long int)val; ++ *result = val; + return 1; + } + +-- +1.9.1 diff --git a/meta/recipes-extended/shadow/files/CVE-2017-2616.patch b/meta/recipes-extended/shadow/files/CVE-2017-2616.patch new file mode 100644 index 0000000000..ee728f0952 --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2017-2616.patch @@ -0,0 +1,64 @@ +shadow-4.2.1: Fix CVE-2017-2616 + +[No upstream tracking] -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943 + +su: properly clear child PID + +If su is compiled with PAM support, it is possible for any local user +to send SIGKILL to other processes with root privileges. There are +only two conditions. First, the user must be able to perform su with +a successful login. This does NOT have to be the root user, even using +su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL +can only be sent to processes which were executed after the su process. +It is not possible to send SIGKILL to processes which were already +running. I consider this as a security vulnerability, because I was +able to write a proof of concept which unlocked a screen saver of +another user this way. + +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686] +CVE: CVE-2017-2616 +bug: 855943 +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> + +diff --git a/src/su.c b/src/su.c +index 3704217..1efcd61 100644 +--- a/src/su.c ++++ b/src/su.c +@@ -363,20 +363,35 @@ static void prepare_pam_close_session (void) + /* wake child when resumed */ + kill (pid, SIGCONT); + stop = false; ++ } else { ++ pid_child = 0; + } + } while (!stop); + } + +- if (0 != caught) { ++ if (0 != caught && 0 != pid_child) { + (void) fputs ("\n", stderr); + (void) fputs (_("Session terminated, terminating shell..."), + stderr); + (void) kill (-pid_child, caught); + + (void) signal (SIGALRM, kill_child); ++ (void) signal (SIGCHLD, catch_signals); + (void) alarm (2); + +- (void) wait (&status); ++ sigemptyset (&ourset); ++ if ((sigaddset (&ourset, SIGALRM) != 0) ++ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) { ++ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog); ++ kill_child (0); ++ } else { ++ while (0 == waitpid (pid_child, &status, WNOHANG)) { ++ sigsuspend (&ourset); ++ } ++ pid_child = 0; ++ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL); ++ } ++ + (void) fputs (_(" ...terminated.\n"), stderr); + } + diff --git a/meta/recipes-extended/shadow/files/CVE-2018-7169.patch b/meta/recipes-extended/shadow/files/CVE-2018-7169.patch new file mode 100644 index 0000000000..36887d44ee --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2018-7169.patch @@ -0,0 +1,186 @@ +From fb28c99b8a66ff2605c5cb96abc0a4d975f92de0 Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai <asarai@suse.de> +Date: Thu, 15 Feb 2018 23:49:40 +1100 +Subject: [PATCH] newgidmap: enforce setgroups=deny if self-mapping a group + +This is necessary to match the kernel-side policy of "self-mapping in a +user namespace is fine, but you cannot drop groups" -- a policy that was +created in order to stop user namespaces from allowing trivial privilege +escalation by dropping supplementary groups that were "blacklisted" from +certain paths. + +This is the simplest fix for the underlying issue, and effectively makes +it so that unless a user has a valid mapping set in /etc/subgid (which +only administrators can modify) -- and they are currently trying to use +that mapping -- then /proc/$pid/setgroups will be set to deny. This +workaround is only partial, because ideally it should be possible to set +an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow +administrators to further restrict newgidmap(1). + +We also don't write anything in the "allow" case because "allow" is the +default, and users may have already written "deny" even if they +technically are allowed to use setgroups. And we don't write anything if +the setgroups policy is already "deny". + +Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 +Fixes: CVE-2018-7169 + +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/fb28c99b8a66ff2605c5cb96abc0a4d975f92de0] +Reported-by: Craig Furman <craig.furman89@gmail.com> +Signed-off-by: Aleksa Sarai <asarai@suse.de> +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + src/newgidmap.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 80 insertions(+), 9 deletions(-) + +diff --git a/src/newgidmap.c b/src/newgidmap.c +index b1e33513..59a2e75c 100644 +--- a/src/newgidmap.c ++++ b/src/newgidmap.c +@@ -46,32 +46,37 @@ + */ + const char *Prog; + +-static bool verify_range(struct passwd *pw, struct map_range *range) ++ ++static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups) + { + /* An empty range is invalid */ + if (range->count == 0) + return false; + +- /* Test /etc/subgid */ +- if (have_sub_gids(pw->pw_name, range->lower, range->count)) ++ /* Test /etc/subgid. If the mapping is valid then we allow setgroups. */ ++ if (have_sub_gids(pw->pw_name, range->lower, range->count)) { ++ *allow_setgroups = true; + return true; ++ } + +- /* Allow a process to map it's own gid */ +- if ((range->count == 1) && (pw->pw_gid == range->lower)) ++ /* Allow a process to map its own gid. */ ++ if ((range->count == 1) && (pw->pw_gid == range->lower)) { ++ /* noop -- if setgroups is enabled already we won't disable it. */ + return true; ++ } + + return false; + } + + static void verify_ranges(struct passwd *pw, int ranges, +- struct map_range *mappings) ++ struct map_range *mappings, bool *allow_setgroups) + { + struct map_range *mapping; + int idx; + + mapping = mappings; + for (idx = 0; idx < ranges; idx++, mapping++) { +- if (!verify_range(pw, mapping)) { ++ if (!verify_range(pw, mapping, allow_setgroups)) { + fprintf(stderr, _( "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"), + Prog, + mapping->upper, +@@ -89,6 +94,70 @@ static void usage(void) + exit(EXIT_FAILURE); + } + ++void write_setgroups(int proc_dir_fd, bool allow_setgroups) ++{ ++ int setgroups_fd; ++ char *policy, policy_buffer[4096]; ++ ++ /* ++ * Default is "deny", and any "allow" will out-rank a "deny". We don't ++ * forcefully write an "allow" here because the process we are writing ++ * mappings for may have already set themselves to "deny" (and "allow" ++ * is the default anyway). So allow_setgroups == true is a noop. ++ */ ++ policy = "deny\n"; ++ if (allow_setgroups) ++ return; ++ ++ setgroups_fd = openat(proc_dir_fd, "setgroups", O_RDWR|O_CLOEXEC); ++ if (setgroups_fd < 0) { ++ /* ++ * If it's an ENOENT then we are on too old a kernel for the setgroups ++ * code to exist. Emit a warning and bail on this. ++ */ ++ if (ENOENT == errno) { ++ fprintf(stderr, _("%s: kernel doesn't support setgroups restrictions\n"), Prog); ++ goto out; ++ } ++ fprintf(stderr, _("%s: couldn't open process setgroups: %s\n"), ++ Prog, ++ strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ ++ /* ++ * Check whether the policy is already what we want. /proc/self/setgroups ++ * is write-once, so attempting to write after it's already written to will ++ * fail. ++ */ ++ if (read(setgroups_fd, policy_buffer, sizeof(policy_buffer)) < 0) { ++ fprintf(stderr, _("%s: failed to read setgroups: %s\n"), ++ Prog, ++ strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ if (!strncmp(policy_buffer, policy, strlen(policy))) ++ goto out; ++ ++ /* Write the policy. */ ++ if (lseek(setgroups_fd, 0, SEEK_SET) < 0) { ++ fprintf(stderr, _("%s: failed to seek setgroups: %s\n"), ++ Prog, ++ strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ if (dprintf(setgroups_fd, "%s", policy) < 0) { ++ fprintf(stderr, _("%s: failed to setgroups %s policy: %s\n"), ++ Prog, ++ policy, ++ strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ ++out: ++ close(setgroups_fd); ++} ++ + /* + * newgidmap - Set the gid_map for the specified process + */ +@@ -103,6 +172,7 @@ int main(int argc, char **argv) + struct stat st; + struct passwd *pw; + int written; ++ bool allow_setgroups = false; + + Prog = Basename (argv[0]); + +@@ -145,7 +215,7 @@ int main(int argc, char **argv) + (unsigned long) getuid ())); + return EXIT_FAILURE; + } +- ++ + /* Get the effective uid and effective gid of the target process */ + if (fstat(proc_dir_fd, &st) < 0) { + fprintf(stderr, _("%s: Could not stat directory for target %u\n"), +@@ -177,8 +247,9 @@ int main(int argc, char **argv) + if (!mappings) + usage(); + +- verify_ranges(pw, ranges, mappings); ++ verify_ranges(pw, ranges, mappings, &allow_setgroups); + ++ write_setgroups(proc_dir_fd, allow_setgroups); + write_mapping(proc_dir_fd, ranges, mappings, "gid_map"); + sub_gid_close(); + +-- +2.13.3 + diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index cc189649b2..f3f5bf6f07 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -9,7 +9,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ DEPENDS_class-native = "" DEPENDS_class-nativesdk = "" -SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ +UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases" + +SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/${BP}.tar.xz \ file://shadow-4.1.3-dots-in-usernames.patch \ file://usermod-fix-compilation-failure-with-subids-disabled.patch \ file://fix-installation-failure-with-subids-disabled.patch \ @@ -17,7 +19,10 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \ file://0001-useradd-copy-extended-attributes-of-home.patch \ file://0001-shadow-CVE-2017-12424 \ + file://CVE-2017-2616.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://CVE-2018-7169.patch \ + file://CVE-2016-6252.patch \ " SRC_URI_append_class-target = " \ @@ -128,7 +133,8 @@ do_install_append() { # Ensure that the image has as a /var/spool/mail dir so shadow can # put mailboxes there if the user reconfigures shadow to its # defaults (see sed below). - install -d ${D}${localstatedir}/spool/mail + install -m 0775 -d ${D}${localstatedir}/spool/mail + chown root:mail ${D}${localstatedir}/spool/mail if [ -e ${WORKDIR}/pam.d ]; then install -d ${D}${sysconfdir}/pam.d/ diff --git a/meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch b/meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch deleted file mode 100644 index e49fa09647..0000000000 --- a/meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch +++ /dev/null @@ -1,174 +0,0 @@ -From b520d20b8122a783f99f088758b78d928f70ee34 Mon Sep 17 00:00:00 2001 -From: Paul Eggert <eggert@cs.ucla.edu> -Date: Mon, 23 Oct 2017 11:42:45 -0700 -Subject: [PATCH] Fix Makefile quoting bug - -Problem with INSTALLARGS reported by Zefram in: -https://mm.icann.org/pipermail/tz/2017-October/025360.html -Fix similar problems too. -* Makefile (ZIC_INSTALL, VALIDATE_ENV, CC, install) -(INSTALL, version, INSTALLARGS, right_posix, posix_right) -(check_public): Use apostrophes to prevent undesirable -interpretation of names by the shell. We still do not support -directory names containing apostrophes or newlines, but this is -good enough. - -Upstream-Status: Backport -Signed-off-by: Armin Kuster <akuster@mvista.com> - -* NEWS: Mention this. ---- - Makefile | 64 ++++++++++++++++++++++++++++++++-------------------------------- - NEWS | 8 ++++++++ - 2 files changed, 40 insertions(+), 32 deletions(-) - -diff --git a/Makefile b/Makefile -index c92edc0..97649ca 100644 ---- a/Makefile -+++ b/Makefile -@@ -313,7 +313,7 @@ ZFLAGS= - - # How to use zic to install tz binary files. - --ZIC_INSTALL= $(ZIC) -d $(DESTDIR)$(TZDIR) $(LEAPSECONDS) -+ZIC_INSTALL= $(ZIC) -d '$(DESTDIR)$(TZDIR)' $(LEAPSECONDS) - - # The name of a Posix-compliant 'awk' on your system. - AWK= awk -@@ -341,8 +341,8 @@ SGML_CATALOG_FILES= \ - VALIDATE = nsgmls - VALIDATE_FLAGS = -s -B -wall -wno-unused-param - VALIDATE_ENV = \ -- SGML_CATALOG_FILES=$(SGML_CATALOG_FILES) \ -- SGML_SEARCH_PATH=$(SGML_SEARCH_PATH) \ -+ SGML_CATALOG_FILES='$(SGML_CATALOG_FILES)' \ -+ SGML_SEARCH_PATH='$(SGML_SEARCH_PATH)' \ - SP_CHARSET_FIXED=YES \ - SP_ENCODING=UTF-8 - -@@ -396,7 +396,7 @@ GZIPFLAGS= -9n - #MAKE= make - - cc= cc --CC= $(cc) -DTZDIR=\"$(TZDIR)\" -+CC= $(cc) -DTZDIR='"$(TZDIR)"' - - AR= ar - -@@ -473,29 +473,29 @@ all: tzselect yearistype zic zdump libtz.a $(TABDATA) - ALL: all date $(ENCHILADA) - - install: all $(DATA) $(REDO) $(MANS) -- mkdir -p $(DESTDIR)$(ETCDIR) $(DESTDIR)$(TZDIR) \ -- $(DESTDIR)$(LIBDIR) \ -- $(DESTDIR)$(MANDIR)/man3 $(DESTDIR)$(MANDIR)/man5 \ -- $(DESTDIR)$(MANDIR)/man8 -+ mkdir -p '$(DESTDIR)$(ETCDIR)' '$(DESTDIR)$(TZDIR)' \ -+ '$(DESTDIR)$(LIBDIR)' \ -+ '$(DESTDIR)$(MANDIR)/man3' '$(DESTDIR)$(MANDIR)/man5' \ -+ '$(DESTDIR)$(MANDIR)/man8' - $(ZIC_INSTALL) -l $(LOCALTIME) -p $(POSIXRULES) -- cp -f $(TABDATA) $(DESTDIR)$(TZDIR)/. -- cp tzselect zic zdump $(DESTDIR)$(ETCDIR)/. -- cp libtz.a $(DESTDIR)$(LIBDIR)/. -- $(RANLIB) $(DESTDIR)$(LIBDIR)/libtz.a -- cp -f newctime.3 newtzset.3 $(DESTDIR)$(MANDIR)/man3/. -- cp -f tzfile.5 $(DESTDIR)$(MANDIR)/man5/. -- cp -f tzselect.8 zdump.8 zic.8 $(DESTDIR)$(MANDIR)/man8/. -+ cp -f $(TABDATA) '$(DESTDIR)$(TZDIR)/.' -+ cp tzselect zic zdump '$(DESTDIR)$(ETCDIR)/.' -+ cp libtz.a '$(DESTDIR)$(LIBDIR)/.' -+ $(RANLIB) '$(DESTDIR)$(LIBDIR)/libtz.a' -+ cp -f newctime.3 newtzset.3 '$(DESTDIR)$(MANDIR)/man3/.' -+ cp -f tzfile.5 '$(DESTDIR)$(MANDIR)/man5/.' -+ cp -f tzselect.8 zdump.8 zic.8 '$(DESTDIR)$(MANDIR)/man8/.' - - INSTALL: ALL install date.1 -- mkdir -p $(DESTDIR)$(BINDIR) $(DESTDIR)$(MANDIR)/man1 -- cp date $(DESTDIR)$(BINDIR)/. -- cp -f date.1 $(DESTDIR)$(MANDIR)/man1/. -+ mkdir -p '$(DESTDIR)$(BINDIR)' '$(DESTDIR)$(MANDIR)/man1' -+ cp date '$(DESTDIR)$(BINDIR)/.' -+ cp -f date.1 '$(DESTDIR)$(MANDIR)/man1/.' - - version: $(VERSION_DEPS) - { (type git) >/dev/null 2>&1 && \ - V=`git describe --match '[0-9][0-9][0-9][0-9][a-z]*' \ - --abbrev=7 --dirty` || \ -- V=$(VERSION); } && \ -+ V='$(VERSION)'; } && \ - printf '%s\n' "$$V" >$@.out - mv $@.out $@ - -@@ -529,12 +529,12 @@ leapseconds: $(LEAP_DEPS) - # Arguments to pass to submakes of install_data. - # They can be overridden by later submake arguments. - INSTALLARGS = \ -- BACKWARD=$(BACKWARD) \ -- DESTDIR=$(DESTDIR) \ -+ BACKWARD='$(BACKWARD)' \ -+ DESTDIR='$(DESTDIR)' \ - LEAPSECONDS='$(LEAPSECONDS)' \ - PACKRATDATA='$(PACKRATDATA)' \ -- TZDIR=$(TZDIR) \ -- YEARISTYPE=$(YEARISTYPE) \ -+ TZDIR='$(TZDIR)' \ -+ YEARISTYPE='$(YEARISTYPE)' \ - ZIC='$(ZIC)' - - # 'make install_data' installs one set of tz binary files. -@@ -558,16 +558,16 @@ right_only: - # You must replace all of $(TZDIR) to switch from not using leap seconds - # to using them, or vice versa. - right_posix: right_only -- rm -fr $(DESTDIR)$(TZDIR)-leaps -- ln -s $(TZDIR_BASENAME) $(DESTDIR)$(TZDIR)-leaps || \ -- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-leaps right_only -- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-posix posix_only -+ rm -fr '$(DESTDIR)$(TZDIR)-leaps' -+ ln -s '$(TZDIR_BASENAME)' '$(DESTDIR)$(TZDIR)-leaps' || \ -+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-leaps' right_only -+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-posix' posix_only - - posix_right: posix_only -- rm -fr $(DESTDIR)$(TZDIR)-posix -- ln -s $(TZDIR_BASENAME) $(DESTDIR)$(TZDIR)-posix || \ -- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-posix posix_only -- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-leaps right_only -+ rm -fr '$(DESTDIR)$(TZDIR)-posix' -+ ln -s '$(TZDIR_BASENAME)' '$(DESTDIR)$(TZDIR)-posix' || \ -+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-posix' posix_only -+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-leaps' right_only - - # This obsolescent rule is present for backwards compatibility with - # tz releases 2014g through 2015g. It should go away eventually. -@@ -764,7 +764,7 @@ set-timestamps.out: $(ENCHILADA) - - check_public: - $(MAKE) maintainer-clean -- $(MAKE) "CFLAGS=$(GCC_DEBUG_FLAGS)" ALL -+ $(MAKE) CFLAGS='$(GCC_DEBUG_FLAGS)' ALL - mkdir -p public.dir - for i in $(TDATA) tzdata.zi; do \ - $(zic) -v -d public.dir $$i 2>&1 || exit; \ -diff --git a/NEWS b/NEWS -index bd2bec2..75ab095 100644 ---- a/NEWS -+++ b/NEWS -@@ -1,5 +1,13 @@ - News for the tz database - -+Unreleased, experimental changes -+ -+ Changes to build procedure -+ -+ The Makefile now quotes values like BACKWARD more carefully when -+ passing them to the shell. (Problem reported by Zefram.) -+ -+ - Release 2017c - 2017-10-20 14:49:34 -0700 - - Briefly: --- -2.7.4 - diff --git a/meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch b/meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch deleted file mode 100644 index 87afe47694..0000000000 --- a/meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch +++ /dev/null @@ -1,115 +0,0 @@ -From e231da4fb2beb17c60b4b1a5c276366d6a6e433f Mon Sep 17 00:00:00 2001 -From: Paul Eggert <eggert@cs.ucla.edu> -Date: Mon, 23 Oct 2017 17:58:36 -0700 -Subject: [PATCH] Port zdump to C90 + snprintf -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Problem reported by Jon Skeet in: -https://mm.icann.org/pipermail/tz/2017-October/025362.html -* NEWS: Mention this. -* zdump.c (my_snprintf): New macro or function. If a macro, it is -just snprintf. If a function, it is the same as the old snprintf -static function, with an ATTRIBUTE_FORMAT to pacify modern GCC. -All uses of snprintf changed to use my_snprintf. This way, -installers don’t need to specify -DHAVE_SNPRINTF if they are using -a pre-C99 compiler with a library that has snprintf. - -Upstream-Status: Backport -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - NEWS | 4 ++++ - zdump.c | 29 ++++++++++++++++------------- - 2 files changed, 20 insertions(+), 13 deletions(-) - -diff --git a/NEWS b/NEWS -index 75ab095..dea08b8 100644 ---- a/NEWS -+++ b/NEWS -@@ -7,6 +7,10 @@ Unreleased, experimental changes - The Makefile now quotes values like BACKWARD more carefully when - passing them to the shell. (Problem reported by Zefram.) - -+ Builders no longer need to specify -DHAVE_SNPRINTF on platforms -+ that have snprintf and use pre-C99 compilers. (Problem reported -+ by Jon Skeet.) -+ - - Release 2017c - 2017-10-20 14:49:34 -0700 - -diff --git a/zdump.c b/zdump.c -index 8e3bf3e..d4e6084 100644 ---- a/zdump.c -+++ b/zdump.c -@@ -795,12 +795,14 @@ show(timezone_t tz, char *zone, time_t t, bool v) - abbrok(abbr(tmp), zone); - } - --#if !HAVE_SNPRINTF -+#if HAVE_SNPRINTF -+# define my_snprintf snprintf -+#else - # include <stdarg.h> - - /* A substitute for snprintf that is good enough for zdump. */ --static int --snprintf(char *s, size_t size, char const *format, ...) -+static int ATTRIBUTE_FORMAT((printf, 3, 4)) -+my_snprintf(char *s, size_t size, char const *format, ...) - { - int n; - va_list args; -@@ -839,10 +841,10 @@ format_local_time(char *buf, size_t size, struct tm const *tm) - { - int ss = tm->tm_sec, mm = tm->tm_min, hh = tm->tm_hour; - return (ss -- ? snprintf(buf, size, "%02d:%02d:%02d", hh, mm, ss) -+ ? my_snprintf(buf, size, "%02d:%02d:%02d", hh, mm, ss) - : mm -- ? snprintf(buf, size, "%02d:%02d", hh, mm) -- : snprintf(buf, size, "%02d", hh)); -+ ? my_snprintf(buf, size, "%02d:%02d", hh, mm) -+ : my_snprintf(buf, size, "%02d", hh)); - } - - /* Store into BUF, of size SIZE, a formatted UTC offset for the -@@ -877,10 +879,10 @@ format_utc_offset(char *buf, size_t size, struct tm const *tm, time_t t) - mm = off / 60 % 60; - hh = off / 60 / 60; - return (ss || 100 <= hh -- ? snprintf(buf, size, "%c%02ld%02d%02d", sign, hh, mm, ss) -+ ? my_snprintf(buf, size, "%c%02ld%02d%02d", sign, hh, mm, ss) - : mm -- ? snprintf(buf, size, "%c%02ld%02d", sign, hh, mm) -- : snprintf(buf, size, "%c%02ld", sign, hh)); -+ ? my_snprintf(buf, size, "%c%02ld%02d", sign, hh, mm) -+ : my_snprintf(buf, size, "%c%02ld", sign, hh)); - } - - /* Store into BUF (of size SIZE) a quoted string representation of P. -@@ -983,15 +985,16 @@ istrftime(char *buf, size_t size, char const *time_fmt, - for (abp = ab; is_alpha(*abp); abp++) - continue; - len = (!*abp && *ab -- ? snprintf(b, s, "%s", ab) -+ ? my_snprintf(b, s, "%s", ab) - : format_quoted_string(b, s, ab)); - if (s <= len) - return false; - b += len, s -= len; - } -- formatted_len = (tm->tm_isdst -- ? snprintf(b, s, &"\t\t%d"[show_abbr], tm->tm_isdst) -- : 0); -+ formatted_len -+ = (tm->tm_isdst -+ ? my_snprintf(b, s, &"\t\t%d"[show_abbr], tm->tm_isdst) -+ : 0); - } - break; - } --- -2.7.4 - diff --git a/meta/recipes-extended/tzcode/tzcode-native_2018c.bb b/meta/recipes-extended/tzcode/tzcode-native_2018f.bb index 85e9b70ace..816e34d00f 100644 --- a/meta/recipes-extended/tzcode/tzcode-native_2018c.bb +++ b/meta/recipes-extended/tzcode/tzcode-native_2018f.bb @@ -11,10 +11,10 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.md5sum] = "e6e0d4b2ce3fa6906f303157bed2612e" -SRC_URI[tzcode.sha256sum] = "31fa7fc0f94a6ff2d6bc878c0a35e8ab8b5aa0e8b01445a1d4a8f14777d0e665" -SRC_URI[tzdata.md5sum] = "c412b1531adef1be7a645ab734f86acc" -SRC_URI[tzdata.sha256sum] = "2825c3e4b7ef520f24d393bcc02942f9762ffd3e7fc9b23850789ed8f22933f6" +SRC_URI[tzdata.md5sum] = "e5e84f00f9d18bd6ebc8b1affec91b15" +SRC_URI[tzdata.sha256sum] = "0af6a85fc4ea95832f76524f35696a61abb3992fd3f8db33e5a1f95653e043f2" +SRC_URI[tzcode.md5sum] = "011d394b70e6ee3823fd77010b99737f" +SRC_URI[tzcode.sha256sum] = "4ec74f8a84372570135ea4be16a042442fafe100f5598cb1017bfd30af6aaa70" S = "${WORKDIR}" diff --git a/meta/recipes-extended/tzdata/tzdata_2018c.bb b/meta/recipes-extended/tzdata/tzdata_2018f.bb index ff5ec1cc43..b167540608 100644 --- a/meta/recipes-extended/tzdata/tzdata_2018c.bb +++ b/meta/recipes-extended/tzdata/tzdata_2018f.bb @@ -9,8 +9,8 @@ DEPENDS = "tzcode-native" SRC_URI = "http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata" UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzdata.md5sum] = "c412b1531adef1be7a645ab734f86acc" -SRC_URI[tzdata.sha256sum] = "2825c3e4b7ef520f24d393bcc02942f9762ffd3e7fc9b23850789ed8f22933f6" +SRC_URI[tzdata.md5sum] = "e5e84f00f9d18bd6ebc8b1affec91b15" +SRC_URI[tzdata.sha256sum] = "0af6a85fc4ea95832f76524f35696a61abb3992fd3f8db33e5a1f95653e043f2" inherit allarch @@ -171,7 +171,7 @@ FILES_${PN} += "${datadir}/zoneinfo/Pacific/Honolulu \ ${datadir}/zoneinfo/Asia/Dubai \ ${datadir}/zoneinfo/Asia/Karachi \ ${datadir}/zoneinfo/Asia/Dhaka \ - ${datadir}/zoneinfo/Asia/Bankok \ + ${datadir}/zoneinfo/Asia/Bangkok \ ${datadir}/zoneinfo/Asia/Hong_Kong \ ${datadir}/zoneinfo/Asia/Tokyo \ ${datadir}/zoneinfo/Australia/Darwin \ diff --git a/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb b/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb index c71ab1165d..9d8fb28281 100644 --- a/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb +++ b/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb @@ -5,7 +5,7 @@ DESCRIPTION = "The Cantarell font typeface is designed as a \ on-screen reading; in particular, reading web pages on an \ HTC Dream mobile phone." -HOMEPAGE = "https://git.gnome.org/browse/cantarell-fonts/" +HOMEPAGE = "https://gitlab.gnome.org/GNOME/cantarell-fonts/" SECTION = "fonts" LICENSE = "OFL-1.1" LIC_FILES_CHKSUM = "file://COPYING;md5=df91e3ffcab8cfb972a66bf11255188d" @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=df91e3ffcab8cfb972a66bf11255188d" PV = "0.0.24" SRCREV = "07b6ea2cbbebfc360aa4668612a376be5e214eaa" -SRC_URI = "git://git.gnome.org/cantarell-fonts;protocol=git;branch=master" +SRC_URI = "git://gitlab.gnome.org/GNOME/cantarell-fonts;protocol=https;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(?!0\.13)(?!0\.10\.1)\d+\.\d+(\.\d+)+)" S = "${WORKDIR}/git" diff --git a/meta/recipes-graphics/xorg-lib/libxcursor/CVE-2017-16612.patch b/meta/recipes-graphics/xorg-lib/libxcursor/CVE-2017-16612.patch new file mode 100644 index 0000000000..9a1b12e4f4 --- /dev/null +++ b/meta/recipes-graphics/xorg-lib/libxcursor/CVE-2017-16612.patch @@ -0,0 +1,75 @@ +From 4794b5dd34688158fb51a2943032569d3780c4b8 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sat, 21 Oct 2017 23:47:52 +0200 +Subject: Fix heap overflows when parsing malicious files. (CVE-2017-16612) + +It is possible to trigger heap overflows due to an integer overflow +while parsing images and a signedness issue while parsing comments. + +The integer overflow occurs because the chosen limit 0x10000 for +dimensions is too large for 32 bit systems, because each pixel takes +4 bytes. Properly chosen values allow an overflow which in turn will +lead to less allocated memory than needed for subsequent reads. + +The signedness bug is triggered by reading the length of a comment +as unsigned int, but casting it to int when calling the function +XcursorCommentCreate. Turning length into a negative value allows the +check against XCURSOR_COMMENT_MAX_LEN to pass, and the following +addition of sizeof (XcursorComment) + 1 makes it possible to allocate +less memory than needed for subsequent reads. + +Upstream-Status: Backport from v1.1.15 +CVE: CVE-2017-16612 + +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + src/file.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/file.c b/src/file.c +index 43163c2..da16277 100644 +--- a/src/file.c ++++ b/src/file.c +@@ -29,6 +29,11 @@ XcursorImageCreate (int width, int height) + { + XcursorImage *image; + ++ if (width < 0 || height < 0) ++ return NULL; ++ if (width > XCURSOR_IMAGE_MAX_SIZE || height > XCURSOR_IMAGE_MAX_SIZE) ++ return NULL; ++ + image = malloc (sizeof (XcursorImage) + + width * height * sizeof (XcursorPixel)); + if (!image) +@@ -101,7 +106,7 @@ XcursorCommentCreate (XcursorUInt comment_type, int length) + { + XcursorComment *comment; + +- if (length > XCURSOR_COMMENT_MAX_LEN) ++ if (length < 0 || length > XCURSOR_COMMENT_MAX_LEN) + return NULL; + + comment = malloc (sizeof (XcursorComment) + length + 1); +@@ -448,7 +453,8 @@ _XcursorReadImage (XcursorFile *file, + if (!_XcursorReadUInt (file, &head.delay)) + return NULL; + /* sanity check data */ +- if (head.width >= 0x10000 || head.height > 0x10000) ++ if (head.width > XCURSOR_IMAGE_MAX_SIZE || ++ head.height > XCURSOR_IMAGE_MAX_SIZE) + return NULL; + if (head.width == 0 || head.height == 0) + return NULL; +@@ -457,6 +463,8 @@ _XcursorReadImage (XcursorFile *file, + + /* Create the image and initialize it */ + image = XcursorImageCreate (head.width, head.height); ++ if (image == NULL) ++ return NULL; + if (chunkHeader.version < image->version) + image->version = chunkHeader.version; + image->size = chunkHeader.subtype; +-- +cgit v1.1 + diff --git a/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb b/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb index 17629047b7..ccc4347820 100644 --- a/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb +++ b/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb @@ -16,6 +16,8 @@ BBCLASSEXTEND = "native nativesdk" PE = "1" +SRC_URI += "file://CVE-2017-16612.patch" + XORG_PN = "libXcursor" SRC_URI[md5sum] = "1e7c17afbbce83e2215917047c57d1b3" diff --git a/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb b/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb index 552eb6abaa..6052650c95 100644 --- a/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb +++ b/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb @@ -9,6 +9,8 @@ DEPENDS += "cryptodev-linux" SRC_URI += " \ file://0001-Disable-installing-header-file-provided-by-another-p.patch \ +file://0001-ioctl.c-Fix-build-with-linux-4.13.patch \ +file://0001-ioctl.c-Fix-build-with-linux-4.17.patch \ " EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"' diff --git a/meta/recipes-kernel/cryptodev/cryptodev.inc b/meta/recipes-kernel/cryptodev/cryptodev.inc index 50366e7202..ab15bc1d97 100644 --- a/meta/recipes-kernel/cryptodev/cryptodev.inc +++ b/meta/recipes-kernel/cryptodev/cryptodev.inc @@ -3,11 +3,9 @@ HOMEPAGE = "http://cryptodev-linux.org/" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "http://nwl.cc/pub/cryptodev-linux/cryptodev-linux-${PV}.tar.gz" +SRC_URI = "git://github.com/cryptodev-linux/cryptodev-linux" +SRCREV = "87d959d9a279c055b361de8e730fab6a7144edd7" -SRC_URI[md5sum] = "cb4e0ed9e5937716c7c8a7be84895b6d" -SRC_URI[sha256sum] = "9f4c0b49b30e267d776f79455d09c70cc9c12c86eee400a0d0a0cd1d8e467950" - -S = "${WORKDIR}/cryptodev-linux-${PV}" +S = "${WORKDIR}/git" CLEANBROKEN = "1" diff --git a/meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch b/meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch index 3f0298b0b0..84fd27e681 100644 --- a/meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch +++ b/meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch @@ -14,37 +14,37 @@ Upstream-Status: Pending tests/Makefile | 8 ++++++++ 2 files changed, 14 insertions(+), 0 deletions(-) -diff --git a/Makefile b/Makefile -index 31c4b3f..2ecf2a9 100644 ---- a/Makefile -+++ b/Makefile -@@ -34,6 +34,9 @@ modules_install: - @echo "Installing cryptodev.h in $(PREFIX)/usr/include/crypto ..." - @install -D crypto/cryptodev.h $(PREFIX)/usr/include/crypto/cryptodev.h +Index: git/Makefile +=================================================================== +--- git.orig/Makefile ++++ git/Makefile +@@ -35,6 +35,9 @@ modules_install: + $(MAKE) $(KERNEL_MAKE_OPTS) modules_install + install -m 644 -D crypto/cryptodev.h $(DESTDIR)/$(includedir)/crypto/cryptodev.h +install_tests: + make -C tests install DESTDIR=$(PREFIX) + clean: - make -C $(KERNEL_DIR) SUBDIRS=`pwd` clean + $(MAKE) $(KERNEL_MAKE_OPTS) clean rm -f $(hostprogs) *~ -@@ -42,6 +45,9 @@ clean: +@@ -43,6 +46,9 @@ clean: check: - CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) make -C tests check + CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) $(MAKE) -C tests check +testprogs: + KERNEL_DIR=$(KERNEL_DIR) make -C tests testprogs + CPOPTS = - ifneq (${SHOW_TYPES},) + ifneq ($(SHOW_TYPES),) CPOPTS += --show-types -diff --git a/tests/Makefile b/tests/Makefile -index c9f04e8..cd202af 100644 ---- a/tests/Makefile -+++ b/tests/Makefile -@@ -19,6 +19,12 @@ example-async-hmac-objs := async_hmac.o - example-async-speed-objs := async_speed.o - example-hashcrypt-speed-objs := hashcrypt_speed.c +Index: git/tests/Makefile +=================================================================== +--- git.orig/tests/Makefile ++++ git/tests/Makefile +@@ -23,6 +23,12 @@ bindir = $(execprefix)/bin + + all: $(hostprogs) +install: + install -d $(DESTDIR)/usr/bin/tests_cryptodev @@ -55,9 +55,9 @@ index c9f04e8..cd202af 100644 check: $(hostprogs) ./cipher ./hmac -@@ -28,6 +34,8 @@ check: $(hostprogs) - ./cipher-gcm - ./cipher-aead +@@ -38,6 +44,8 @@ install: + install -m 755 $$prog $(DESTDIR)/$(bindir); \ + done +testprogs: $(hostprogs) + diff --git a/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.13.patch b/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.13.patch new file mode 100644 index 0000000000..a41efacdd9 --- /dev/null +++ b/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.13.patch @@ -0,0 +1,49 @@ +From f0d69774afb27ffc62bf353465fba145e70cb85a Mon Sep 17 00:00:00 2001 +From: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com> +Date: Mon, 4 Sep 2017 11:05:08 +0200 +Subject: [PATCH] ioctl.c: Fix build with linux 4.13 + +git/ioctl.c:1127:3: error: positional initialization of field in 'struct' declared with 'designated_init' attribute [-Werror=designated-init] + {0, }, + ^ +note: (near initialization for 'verbosity_ctl_dir[1]') +git/ioctl.c:1136:3: error: positional initialization of field in 'struct' declared with 'designated_init' attribute [-Werror=designated-init] + {0, }, + ^ + +Linux kernel has added -Werror=designated-init around 4.11 (c834f0e8a8b) +triggering build errors with gcc 5 and 6 (but not with gcc 4) + +Upstream-Status: Backport + +Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com> +Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> +--- + ioctl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index 0385203..8d4a162 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -1124,7 +1124,7 @@ static struct ctl_table verbosity_ctl_dir[] = { + .mode = 0644, + .proc_handler = proc_dointvec, + }, +- {0, }, ++ {}, + }; + + static struct ctl_table verbosity_ctl_root[] = { +@@ -1133,7 +1133,7 @@ static struct ctl_table verbosity_ctl_root[] = { + .mode = 0555, + .child = verbosity_ctl_dir, + }, +- {0, }, ++ {}, + }; + static struct ctl_table_header *verbosity_sysctl_header; + static int __init init_cryptodev(void) +-- +2.7.4 + diff --git a/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch b/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch new file mode 100644 index 0000000000..5881d1c4ee --- /dev/null +++ b/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch @@ -0,0 +1,43 @@ +From f60aa08c63fc02780554a0a12180a478ca27d49f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Horia=20Geant=C4=83?= <horia.geanta@nxp.com> +Date: Wed, 23 May 2018 18:43:39 +0300 +Subject: [PATCH] ioctl.c: Fix build with linux 4.17 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since kernel 4.17-rc1, sys_* syscalls can no longer be called directly: +819671ff849b ("syscalls: define and explain goal to not call syscalls in the kernel") + +Since cryptodev uses sys_close() - and this has been removed in commit: +2ca2a09d6215 ("fs: add ksys_close() wrapper; remove in-kernel calls to sys_close()") +cryptodev has to be updated to use the ksys_close() wrapper. + +Signed-off-by: Horia Geantă <horia.geanta@nxp.com> + +Upstream-Status: Backport + +Signed-off-by: He Zhe <zhe.he@windriver.com> +--- + ioctl.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/ioctl.c b/ioctl.c +index d831b0c..2571034 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -828,7 +828,11 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + fd = clonefd(filp); + ret = put_user(fd, p); + if (unlikely(ret)) { ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0)) + sys_close(fd); ++#else ++ ksys_close(fd); ++#endif + return ret; + } + return ret; +-- +2.7.4 + diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb index 9054b33cc0..2c3f8cd323 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb @@ -37,6 +37,7 @@ LICENSE = "\ & Firmware-ath9k-htc \ & Firmware-phanfw \ & Firmware-qat \ + & Firmware-qcom \ & Firmware-qla1280 \ & Firmware-qla2xxx \ & Firmware-qualcommAthos_ar3k \ @@ -90,12 +91,13 @@ LIC_FILES_CHKSUM = "\ file://LICENCE.Marvell;md5=9ddea1734a4baf3c78d845151f42a37a \ file://LICENCE.moxa;md5=1086614767d8ccf744a923289d3d4261 \ file://LICENCE.myri10ge_firmware;md5=42e32fb89f6b959ca222e25ac8df8fed \ - file://LICENCE.Netronome;md5=cd2a3e6effe3cdf42731575b8e9477ed \ + file://LICENCE.Netronome;md5=4add08f2577086d44447996503cddf5f \ file://LICENCE.nvidia;md5=4428a922ed3ba2ceec95f076a488ce07 \ file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \ file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \ file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \ file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ + file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \ file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \ file://LICENCE.qla2xxx;md5=505855e921b75f1be4a437ad9b79dff0 \ file://LICENSE.QualcommAtheros_ar3k;md5=b5fe244fb2b532311de1472a3bc06da5 \ @@ -116,7 +118,7 @@ LIC_FILES_CHKSUM = "\ file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \ file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \ file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \ - file://WHENCE;md5=038edbc9e744171d8b6235e0224028ba \ + file://WHENCE;md5=6f46986f4e913ef16b765c2319cc5141 \ " # These are not common licenses, set NO_GENERIC_LICENSE for them @@ -156,6 +158,7 @@ NO_GENERIC_LICENSE[Firmware-OLPC] = "LICENCE.OLPC" NO_GENERIC_LICENSE[Firmware-ath9k-htc] = "LICENCE.open-ath9k-htc-firmware" NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw" NO_GENERIC_LICENSE[Firmware-qat] = "LICENCE.qat_firmware" +NO_GENERIC_LICENSE[Firmware-qcom] = "LICENSE.qcom" NO_GENERIC_LICENSE[Firmware-qla1280] = "LICENCE.qla1280" NO_GENERIC_LICENSE[Firmware-qla2xxx] = "LICENCE.qla2xxx" NO_GENERIC_LICENSE[Firmware-qualcommAthos_ar3k] = "LICENSE.QualcommAtheros_ar3k" @@ -178,7 +181,7 @@ NO_GENERIC_LICENSE[Firmware-xc5000] = "LICENCE.xc5000" NO_GENERIC_LICENSE[Firmware-xc5000c] = "LICENCE.xc5000c" NO_GENERIC_LICENSE[WHENCE] = "WHENCE" -SRCREV = "bf04291309d3169c0ad3b8db52564235bbd08e30" +SRCREV = "8fc2d4e55685bf73b6f7752383da9067404a74bb" PE = "1" PV = "0.0+git${SRCPV}" @@ -229,6 +232,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-ti-connectivity-license ${PN}-wl12xx ${PN}-wl18xx \ ${PN}-vt6656-license ${PN}-vt6656 \ ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \ + ${PN}-rtl8168 \ ${PN}-broadcom-license \ ${PN}-bcm4329 ${PN}-bcm4330 ${PN}-bcm4334 ${PN}-bcm43340 \ ${PN}-bcm43362 ${PN}-bcm4339 ${PN}-bcm43430 ${PN}-bcm4354 \ @@ -249,14 +253,19 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-iwlwifi-7260 \ ${PN}-iwlwifi-7265 \ ${PN}-iwlwifi-7265d ${PN}-iwlwifi-8000c ${PN}-iwlwifi-8265 \ + ${PN}-iwlwifi-9000 \ ${PN}-iwlwifi-misc \ ${PN}-ibt-license ${PN}-ibt ${PN}-ibt-misc \ ${PN}-ibt-11-5 ${PN}-ibt-12-16 ${PN}-ibt-hw-37-7 ${PN}-ibt-hw-37-8 \ + ${PN}-ibt-17 \ ${PN}-i915-license ${PN}-i915 \ ${PN}-adsp-sst-license ${PN}-adsp-sst \ ${PN}-bnx2-mips \ ${PN}-netronome-license ${PN}-netronome \ ${PN}-qat ${PN}-qat-license \ + ${PN}-qcom-license \ + ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 \ + ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a530 \ ${PN}-whence-license \ ${PN}-license \ " @@ -432,6 +441,7 @@ LICENSE_${PN}-rtl8192su = "Firmware-rtlwifi_firmware" LICENSE_${PN}-rtl8723 = "Firmware-rtlwifi_firmware" LICENSE_${PN}-rtl8821 = "Firmware-rtlwifi_firmware" LICENSE_${PN}-rtl-license = "Firmware-rtlwifi_firmware" +LICENSE_${PN}-rtl8168 = "WHENCE" FILES_${PN}-rtl-license = " \ ${nonarch_base_libdir}/firmware/LICENCE.rtlwifi_firmware.txt \ @@ -454,6 +464,9 @@ FILES_${PN}-rtl8723 = " \ FILES_${PN}-rtl8821 = " \ ${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \ " +FILES_${PN}-rtl8168 = " \ + ${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \ +" RDEPENDS_${PN}-rtl8188 += "${PN}-rtl-license" RDEPENDS_${PN}-rtl8192ce += "${PN}-rtl-license" @@ -461,6 +474,7 @@ RDEPENDS_${PN}-rtl8192cu += "${PN}-rtl-license" RDEPENDS_${PN}-rtl8192su = "${PN}-rtl-license" RDEPENDS_${PN}-rtl8723 += "${PN}-rtl-license" RDEPENDS_${PN}-rtl8821 += "${PN}-rtl-license" +RDEPENDS_${PN}-rtl8168 += "${PN}-whence-license" # For ti-connectivity LICENSE_${PN}-wl12xx = "Firmware-ti-connectivity" @@ -596,6 +610,7 @@ LICENSE_${PN}-iwlwifi-7265 = "Firmware-iwlwifi_firmware" LICENSE_${PN}-iwlwifi-7265d = "Firmware-iwlwifi_firmware" LICENSE_${PN}-iwlwifi-8000c = "Firmware-iwlwifi_firmware" LICENSE_${PN}-iwlwifi-8265 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-9000 = "Firmware-iwlwifi_firmware" LICENSE_${PN}-iwlwifi-misc = "Firmware-iwlwifi_firmware" LICENSE_${PN}-iwlwifi-license = "Firmware-iwlwifi_firmware" @@ -622,6 +637,7 @@ FILES_${PN}-iwlwifi-7265 = "${nonarch_base_libdir}/firmware/iwlwifi-7265-*.uco FILES_${PN}-iwlwifi-7265d = "${nonarch_base_libdir}/firmware/iwlwifi-7265D-*.ucode" FILES_${PN}-iwlwifi-8000c = "${nonarch_base_libdir}/firmware/iwlwifi-8000C-*.ucode" FILES_${PN}-iwlwifi-8265 = "${nonarch_base_libdir}/firmware/iwlwifi-8265-*.ucode" +FILES_${PN}-iwlwifi-9000 = "${nonarch_base_libdir}/firmware/iwlwifi-9000-*.ucode" FILES_${PN}-iwlwifi-misc = "${nonarch_base_libdir}/firmware/iwlwifi-*.ucode" RDEPENDS_${PN}-iwlwifi-135-6 = "${PN}-iwlwifi-license" @@ -645,6 +661,7 @@ RDEPENDS_${PN}-iwlwifi-7265 = "${PN}-iwlwifi-license" RDEPENDS_${PN}-iwlwifi-7265d = "${PN}-iwlwifi-license" RDEPENDS_${PN}-iwlwifi-8000c = "${PN}-iwlwifi-license" RDEPENDS_${PN}-iwlwifi-8265 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-9000 = "${PN}-iwlwifi-license" RDEPENDS_${PN}-iwlwifi-misc = "${PN}-iwlwifi-license" # -iwlwifi-misc is a "catch all" package that includes all the iwlwifi @@ -670,6 +687,7 @@ LICENSE_${PN}-ibt-hw-37-7 = "Firmware-ibt_firmware" LICENSE_${PN}-ibt-hw-37-8 = "Firmware-ibt_firmware" LICENSE_${PN}-ibt-11-5 = "Firmware-ibt_firmware" LICENSE_${PN}-ibt-12-16 = "Firmware-ibt_firmware" +LICENSE_${PN}-ibt-17 = "Firmware-ibt_firmware" LICENSE_${PN}-ibt-misc = "Firmware-ibt_firmware" FILES_${PN}-ibt-license = "${nonarch_base_libdir}/firmware/LICENCE.ibt_firmware" @@ -677,12 +695,14 @@ FILES_${PN}-ibt-hw-37-7 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.7*.bs FILES_${PN}-ibt-hw-37-8 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.8*.bseq" FILES_${PN}-ibt-11-5 = "${nonarch_base_libdir}/firmware/intel/ibt-11-5.sfi /lib/firmware/intel/ibt-11-5.ddc" FILES_${PN}-ibt-12-16 = "${nonarch_base_libdir}/firmware/intel/ibt-12-16.sfi /lib/firmware/intel/ibt-12-16.ddc" +FILES_${PN}-ibt-17 = "${nonarch_base_libdir}/firmware/intel/ibt-17-*.sfi /lib/firmware/intel/ibt-17-*.ddc" FILES_${PN}-ibt-misc = "${nonarch_base_libdir}/firmware/ibt-*" RDEPENDS_${PN}-ibt-hw-37-7 = "${PN}-ibt-license" RDEPENDS_${PN}-ibt-hw-37.8 = "${PN}-ibt-license" RDEPENDS_${PN}-ibt-11-5 = "${PN}-ibt-license" RDEPENDS_${PN}-ibt-12-16 = "${PN}-ibt-license" +RDEPENDS_${PN}-ibt-17 = "${PN}-ibt-license" RDEPENDS_${PN}-ibt-misc = "${PN}-ibt-license" ALLOW_EMPTY_${PN}-ibt= "1" @@ -707,6 +727,18 @@ FILES_${PN}-qat-license = "${nonarch_base_libdir}/firmware/LICENCE.qat_firmwar FILES_${PN}-qat = "${nonarch_base_libdir}/firmware/qat*.bin" RDEPENDS_${PN}-qat = "${PN}-qat-license" +# For QCOM VPU/GPU +LICENSE_${PN}-qcom-license = "Firmware-qcom" +FILES_${PN}-qcom-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt" +FILES_${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*" +FILES_${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*" +FILES_${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a300_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw" +FILES_${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*" +RDEPENDS_${PN}-qcom-venus-1.8 = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-venus-4.2 = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-adreno-a3xx = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-adreno-a530 = "${PN}-qcom-license" + # For other firmwares # Maybe split out to separate packages when needed. LICENSE_${PN} = "\ @@ -737,6 +769,7 @@ LICENSE_${PN} = "\ & Firmware-ath9k-htc \ & Firmware-phanfw \ & Firmware-qat \ + & Firmware-qcom \ & Firmware-qla1280 \ & Firmware-qla2xxx \ & Firmware-r8a779x_usb3 \ diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb b/meta/recipes-kernel/linux/kernel-devsrc.bb index c1b5b7786d..8bbfa23e4b 100644 --- a/meta/recipes-kernel/linux/kernel-devsrc.bb +++ b/meta/recipes-kernel/linux/kernel-devsrc.bb @@ -69,6 +69,13 @@ do_install() { cp ${B}/arch/powerpc/lib/crtsavres.o $kerneldir/arch/powerpc/lib/crtsavres.o fi + # Remove fixdep/objtool as they won't be target binaries + for i in fixdep objtool; do + if [ -e $kerneldir/tools/objtool/$i ]; then + rm -rf $kerneldir/tools/objtool/$i + fi + done + chown -R root:root ${D} } # Ensure we don't race against "make scripts" during cpio diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb index 64b1da1eab..e6061f7293 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "da775aa9aab41e8a2b4e9b44ffe268446c51759f" -SRCREV_meta ?= "4f825eeb783a279216ee45ed3b9a63dd6837f7d7" +SRCREV_machine ?= "ef88c3326f62cec4b98340324ddbe7f7f7704fd5" +SRCREV_meta ?= "2ae65226f64ed5c888d60eef76b6249db678d060" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.12.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.12;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.12.20" +LINUX_VERSION ?= "4.12.28" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb index 97538e28bb..cd6e0aa17b 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "d5efeeeb928a0111fc187fd1e8d03d2e4e35d4a0" -SRCREV_meta ?= "b149d14ccae8349ab33e101f6af233a12f4b17ba" +SRCREV_machine ?= "515e72c4bbb5d99964669052220fe459177b7329" +SRCREV_meta ?= "69ebea34250696ebe2d8c87c553480974e56d922" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.4.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.4.113" +LINUX_VERSION ?= "4.4.162" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb index 5c016ed7c2..539865cae7 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "90d1ffa36cbd36722638c97c1bb46a5874dbe28e" -SRCREV_meta ?= "0774eacea2a7d3a150594533b8c80d0c0bfdfded" +SRCREV_machine ?= "3ba839d695fd3681e6920373fc260a2a3f812b8f" +SRCREV_meta ?= "5e993963afb54bdc82a02077c29ecdbc0b12368e" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.9.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.9;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.9.82" +LINUX_VERSION ?= "4.9.113" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb index 0bbd8e28db..cb4ef3a659 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb @@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "4.12.20" +LINUX_VERSION ?= "4.12.28" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "60b649971940737dc7e3a7f247c62ffbd7c82e4c" -SRCREV_meta ?= "4f825eeb783a279216ee45ed3b9a63dd6837f7d7" +SRCREV_machine ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_meta ?= "2ae65226f64ed5c888d60eef76b6249db678d060" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb index 8a98189d4c..fcf0c6a68c 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb @@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "4.4.113" +LINUX_VERSION ?= "4.4.162" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_meta ?= "b149d14ccae8349ab33e101f6af233a12f4b17ba" +SRCREV_machine ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_meta ?= "69ebea34250696ebe2d8c87c553480974e56d922" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb index 4d4680254d..78b2a9640e 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb @@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "4.9.82" +LINUX_VERSION ?= "4.9.113" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_meta ?= "0774eacea2a7d3a150594533b8c80d0c0bfdfded" +SRCREV_machine ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_meta ?= "5e993963afb54bdc82a02077c29ecdbc0b12368e" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_4.12.bb b/meta/recipes-kernel/linux/linux-yocto_4.12.bb index fabf0f554b..0aea05b83f 100644 --- a/meta/recipes-kernel/linux/linux-yocto_4.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto_4.12.bb @@ -11,20 +11,22 @@ KBRANCH_qemux86 ?= "standard/base" KBRANCH_qemux86-64 ?= "standard/base" KBRANCH_qemumips64 ?= "standard/mti-malta64" -SRCREV_machine_qemuarm ?= "42cf4d6a1bc84b90681cb82ad95c129387d76b4b" -SRCREV_machine_qemuarm64 ?= "60b649971940737dc7e3a7f247c62ffbd7c82e4c" -SRCREV_machine_qemumips ?= "571315a5526b9e22262cf99bae7c0dd6e5bd204c" -SRCREV_machine_qemuppc ?= "60b649971940737dc7e3a7f247c62ffbd7c82e4c" -SRCREV_machine_qemux86 ?= "60b649971940737dc7e3a7f247c62ffbd7c82e4c" -SRCREV_machine_qemux86-64 ?= "60b649971940737dc7e3a7f247c62ffbd7c82e4c" -SRCREV_machine_qemumips64 ?= "e7889ba18f060368d4ab35e70b076728d73ba622" -SRCREV_machine ?= "60b649971940737dc7e3a7f247c62ffbd7c82e4c" -SRCREV_meta ?= "4f825eeb783a279216ee45ed3b9a63dd6837f7d7" +SRCREV_machine_qemuarm ?= "b84ecefc243a6ed67d8b6020394963de1240a9f0" +SRCREV_machine_qemuarm64 ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_machine_qemumips ?= "15b1ab68f73fa60dd95a74c640e87e05fad1716d" +SRCREV_machine_qemuppc ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_machine_qemux86 ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_machine_qemux86-64 ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_machine_qemumips64 ?= "57a3f72a020fc84f2da5b0b4c5de4cdbc22b3284" +SRCREV_machine ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_meta ?= "2ae65226f64ed5c888d60eef76b6249db678d060" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.12.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.12;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.12.20" +DEPENDS += "openssl-native util-linux-native" + +LINUX_VERSION ?= "4.12.28" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_4.4.bb b/meta/recipes-kernel/linux/linux-yocto_4.4.bb index 97c16d59dd..9d0724712a 100644 --- a/meta/recipes-kernel/linux/linux-yocto_4.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto_4.4.bb @@ -11,20 +11,20 @@ KBRANCH_qemux86 ?= "standard/base" KBRANCH_qemux86-64 ?= "standard/base" KBRANCH_qemumips64 ?= "standard/mti-malta64" -SRCREV_machine_qemuarm ?= "400c0f39b954cd8fffdf53e6ec97852b73fea7af" -SRCREV_machine_qemuarm64 ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_machine_qemumips ?= "fb03a9472367b6c177729ac631326aafd5d17c92" -SRCREV_machine_qemuppc ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_machine_qemux86 ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_machine_qemux86-64 ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_machine_qemumips64 ?= "26b8ba186a6d39728fc1510bd2264110c75842f5" -SRCREV_machine ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_meta ?= "b149d14ccae8349ab33e101f6af233a12f4b17ba" +SRCREV_machine_qemuarm ?= "a68a73dbd3c37ec21239dd97060eef308f1ff958" +SRCREV_machine_qemuarm64 ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_machine_qemumips ?= "3c0e62ea8803a1757e389dcd6233e3d6acba8d2c" +SRCREV_machine_qemuppc ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_machine_qemux86 ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_machine_qemux86-64 ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_machine_qemumips64 ?= "eaed2a94a20c7f65afa342d9243f19337f63b434" +SRCREV_machine ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_meta ?= "69ebea34250696ebe2d8c87c553480974e56d922" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.4.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.4.113" +LINUX_VERSION ?= "4.4.162" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_4.9.bb b/meta/recipes-kernel/linux/linux-yocto_4.9.bb index a5a165f760..5826ba6e2a 100644 --- a/meta/recipes-kernel/linux/linux-yocto_4.9.bb +++ b/meta/recipes-kernel/linux/linux-yocto_4.9.bb @@ -11,20 +11,20 @@ KBRANCH_qemux86 ?= "standard/base" KBRANCH_qemux86-64 ?= "standard/base" KBRANCH_qemumips64 ?= "standard/mti-malta64" -SRCREV_machine_qemuarm ?= "23369eb7e07c839fa73a8c1e85aba37a07bf14c1" -SRCREV_machine_qemuarm64 ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_machine_qemumips ?= "cab9e059447878f5383f91a05db12813f69cbfc1" -SRCREV_machine_qemuppc ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_machine_qemux86 ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_machine_qemux86-64 ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_machine_qemumips64 ?= "c2e5ef83b612d50f50fafeed9930dbea302fbe8c" -SRCREV_machine ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_meta ?= "0774eacea2a7d3a150594533b8c80d0c0bfdfded" +SRCREV_machine_qemuarm ?= "cd831469d8eb4d900fe65985921d2003c59f3a86" +SRCREV_machine_qemuarm64 ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_machine_qemumips ?= "24b020741e8762ec8aeb5be95f842332083b2028" +SRCREV_machine_qemuppc ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_machine_qemux86 ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_machine_qemux86-64 ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_machine_qemumips64 ?= "100a1682529e34d118d5552c9db773635cd2c621" +SRCREV_machine ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_meta ?= "5e993963afb54bdc82a02077c29ecdbc0b12368e" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.9.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.9;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.9.82" +LINUX_VERSION ?= "4.9.113" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb index b79b973947..6fd23d63e3 100644 --- a/meta/recipes-kernel/perf/perf.bb +++ b/meta/recipes-kernel/perf/perf.bb @@ -22,6 +22,9 @@ PACKAGECONFIG[libnuma] = ",NO_LIBNUMA=1" PACKAGECONFIG[systemtap] = ",NO_SDT=1,systemtap" PACKAGECONFIG[jvmti] = ",NO_JVMTI=1" +# libaudit support would need scripting to be enabled +PACKAGECONFIG[audit] = ",NO_LIBAUDIT=1,audit" + DEPENDS = " \ virtual/${MLPREFIX}libc \ ${MLPREFIX}elfutils \ @@ -56,7 +59,7 @@ export PERL_ARCHLIB = "${STAGING_LIBDIR}${PERL_OWN_DIR}/perl/${@get_perl_version inherit kernelsrc -B = "${WORKDIR}/${BPN}-${PV}" +S = "${WORKDIR}/${BP}" SPDX_S = "${S}/tools/perf" # The LDFLAGS is required or some old kernels fails due missing @@ -92,6 +95,24 @@ EXTRA_OEMAKE += "\ 'infodir=${@os.path.relpath(infodir, prefix)}' \ " +# During do_configure, we might run a 'make clean'. That often breaks +# when done in parallel, so disable parallelism for do_configure. Note +# that it has to be done this way rather than by passing -j1, since +# perf's build system by default ignores any -j argument, but does +# honour a JOBS variable. +EXTRA_OEMAKE_append_task-configure = " JOBS=1" + +PERF_SRC ?= "Makefile \ + include \ + tools/arch \ + tools/build \ + tools/include \ + tools/lib \ + tools/Makefile \ + tools/perf \ + tools/scripts \ +" + PERF_EXTRA_LDFLAGS = "" # MIPS N32 @@ -114,11 +135,22 @@ do_install() { fi } -do_configure_prepend () { - # Fix for rebuilding - rm -rf ${B}/ - mkdir -p ${B}/ +do_configure[prefuncs] += "copy_perf_source_from_kernel" +python copy_perf_source_from_kernel() { + sources = (d.getVar("PERF_SRC") or "").split() + src_dir = d.getVar("STAGING_KERNEL_DIR") + dest_dir = d.getVar("S") + bb.utils.mkdirhier(dest_dir) + for s in sources: + src = oe.path.join(src_dir, s) + dest = oe.path.join(dest_dir, s) + if os.path.isdir(src): + oe.path.copyhardlinktree(src, dest) + else: + bb.utils.copyfile(src, dest) +} +do_configure_prepend () { # If building a multlib based perf, the incorrect library path will be # detected by perf, since it triggers via: ifeq ($(ARCH),x86_64). In a 32 bit # build, with a 64 bit multilib, the arch won't match and the detection of a @@ -214,7 +246,7 @@ PACKAGES =+ "${PN}-archive ${PN}-tests ${PN}-perl ${PN}-python" RDEPENDS_${PN} += "elfutils bash" RDEPENDS_${PN}-doc += "man" RDEPENDS_${PN}-archive =+ "bash" -RDEPENDS_${PN}-python =+ "bash python python-modules" +RDEPENDS_${PN}-python =+ "bash python python-modules ${@bb.utils.contains('PACKAGECONFIG', 'audit', 'audit-python', '', d)}" RDEPENDS_${PN}-perl =+ "bash perl perl-modules" RDEPENDS_${PN}-tests =+ "python" diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch new file mode 100644 index 0000000000..7564d92879 --- /dev/null +++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch @@ -0,0 +1,33 @@ +From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001 +From: Thomas Daede <daede003@umn.edu> +Date: Wed, 9 May 2018 14:56:59 -0700 +Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates. + +CVE: CVE-2017-14160 +CVE: CVE-2018-10393 +Upstream-Status: Backport from https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25 + +Signed-off-by: Thomas Daede <daede003@umn.edu> +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + lib/psy.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/psy.c b/lib/psy.c +index 422c6f1..1310123 100644 +--- a/lib/psy.c ++++ b/lib/psy.c +@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b, + for (i = 0, x = 0.f;; i++, x += 1.f) { + + lo = b[i] >> 16; +- if( lo>=0 ) break; + hi = b[i] & 0xffff; ++ if( lo>=0 ) break; ++ if( hi>=n ) break; + + tN = N[hi] + N[-lo]; + tX = X[hi] - X[-lo]; +-- +2.7.4 + diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch new file mode 100644 index 0000000000..f1ef6fb9c7 --- /dev/null +++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch @@ -0,0 +1,29 @@ +From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001 +From: Thomas Daede <daede003@umn.edu> +Date: Thu, 17 May 2018 16:19:19 -0700 +Subject: [PATCH] Sanity check number of channels in setup. + +Fixes #2335. +CVE: CVE-2018-10392 +Upstream-Status: Backport [https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b] + +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + lib/vorbisenc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c +index 4fc7b62..64a51b5 100644 +--- a/lib/vorbisenc.c ++++ b/lib/vorbisenc.c +@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){ + highlevel_encode_setup *hi=&ci->hi; + + if(ci==NULL)return(OV_EINVAL); ++ if(vi->channels<1||vi->channels>255)return(OV_EINVAL); + if(!hi->impulse_block_p)i0=1; + + /* too low/high an ATH floater is nonsensical, but doesn't break anything */ +-- +2.13.3 + diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch new file mode 100644 index 0000000000..6d4052a872 --- /dev/null +++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch @@ -0,0 +1,100 @@ +From 3a017f591457bf6e80231b563bf83ee583fdbca8 Mon Sep 17 00:00:00 2001 +From: Thomas Daede <daede003@umn.edu> +Date: Thu, 15 Mar 2018 14:15:31 -0700 +Subject: [PATCH] CVE-2018-5146: Prevent out-of-bounds write in codebook + decoding. + +Codebooks that are not an exact divisor of the partition size are now +truncated to fit within the partition. + +Upstream-Status: Backport +CVE: CVE-2018-5146 + +Reference to upstream patch: +https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f + +Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> +--- + lib/codebook.c | 48 ++++++++++-------------------------------------- + 1 file changed, 10 insertions(+), 38 deletions(-) + +diff --git a/lib/codebook.c b/lib/codebook.c +index 8b766e8..7022fd2 100644 +--- a/lib/codebook.c ++++ b/lib/codebook.c +@@ -387,7 +387,7 @@ long vorbis_book_decodevs_add(codebook *book,float *a,oggpack_buffer *b,int n){ + t[i] = book->valuelist+entry[i]*book->dim; + } + for(i=0,o=0;i<book->dim;i++,o+=step) +- for (j=0;j<step;j++) ++ for (j=0;o+j<n && j<step;j++) + a[o+j]+=t[j][i]; + } + return(0); +@@ -399,41 +399,12 @@ long vorbis_book_decodev_add(codebook *book,float *a,oggpack_buffer *b,int n){ + int i,j,entry; + float *t; + +- if(book->dim>8){ +- for(i=0;i<n;){ +- entry = decode_packed_entry_number(book,b); +- if(entry==-1)return(-1); +- t = book->valuelist+entry*book->dim; +- for (j=0;j<book->dim;) +- a[i++]+=t[j++]; +- } +- }else{ +- for(i=0;i<n;){ +- entry = decode_packed_entry_number(book,b); +- if(entry==-1)return(-1); +- t = book->valuelist+entry*book->dim; +- j=0; +- switch((int)book->dim){ +- case 8: +- a[i++]+=t[j++]; +- case 7: +- a[i++]+=t[j++]; +- case 6: +- a[i++]+=t[j++]; +- case 5: +- a[i++]+=t[j++]; +- case 4: +- a[i++]+=t[j++]; +- case 3: +- a[i++]+=t[j++]; +- case 2: +- a[i++]+=t[j++]; +- case 1: +- a[i++]+=t[j++]; +- case 0: +- break; +- } +- } ++ for(i=0;i<n;){ ++ entry = decode_packed_entry_number(book,b); ++ if(entry==-1)return(-1); ++ t = book->valuelist+entry*book->dim; ++ for(j=0;i<n && j<book->dim;) ++ a[i++]+=t[j++]; + } + } + return(0); +@@ -471,12 +442,13 @@ long vorbis_book_decodevv_add(codebook *book,float **a,long offset,int ch, + long i,j,entry; + int chptr=0; + if(book->used_entries>0){ +- for(i=offset/ch;i<(offset+n)/ch;){ ++ int m=(offset+n)/ch; ++ for(i=offset/ch;i<m;){ + entry = decode_packed_entry_number(book,b); + if(entry==-1)return(-1); + { + const float *t = book->valuelist+entry*book->dim; +- for (j=0;j<book->dim;j++){ ++ for (j=0;i<m && j<book->dim;j++){ + a[chptr++][i]+=t[j]; + if(chptr==ch){ + chptr=0; +-- +2.16.2 + diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb index 32e92f009a..615b53963b 100644 --- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb +++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb @@ -9,11 +9,15 @@ LICENSE = "BSD" LIC_FILES_CHKSUM = "file://COPYING;md5=7d2c487d2fc7dd3e3c7c465a5b7f6217 \ file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=d1c1d138863d6315131193d4046d81cb" DEPENDS = "libogg" +PR = "r1" SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \ file://0001-configure-Check-for-clang.patch \ file://CVE-2017-14633.patch \ file://CVE-2017-14632.patch \ + file://CVE-2018-5146.patch \ + file://CVE-2017-14160.patch \ + file://CVE-2018-10392.patch \ " SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f" SRC_URI[sha256sum] = "54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1" diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20170717.bb b/meta/recipes-support/ca-certificates/ca-certificates_20170717.bb index e4ffbd34d5..b92ece9663 100644 --- a/meta/recipes-support/ca-certificates/ca-certificates_20170717.bb +++ b/meta/recipes-support/ca-certificates/ca-certificates_20170717.bb @@ -16,7 +16,7 @@ PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" SRCREV = "34b8e19e541b8af4076616b2e170c7a70cdaded0" -SRC_URI = "git://anonscm.debian.org/collab-maint/ca-certificates.git \ +SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \ file://0002-update-ca-certificates-use-SYSROOT.patch \ file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \ file://update-ca-certificates-support-Toybox.patch \ diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000099.patch b/meta/recipes-support/curl/curl/CVE-2017-1000099.patch deleted file mode 100644 index 96ff1b064b..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2017-1000099.patch +++ /dev/null @@ -1,41 +0,0 @@ -From c9332fa5e84f24da300b42b1a931ade929d3e27d Mon Sep 17 00:00:00 2001 -From: Even Rouault <even.rouault@spatialys.com> -Date: Tue, 1 Aug 2017 17:17:06 +0200 -Subject: [PATCH] file: output the correct buffer to the user - -Regression brought by 7c312f84ea930d8 (April 2017) - -CVE: CVE-2017-1000099 - -Bug: https://curl.haxx.se/docs/adv_20170809C.html - -Credit to OSS-Fuzz for the discovery - -Upstream-Status: Backport -https://github.com/curl/curl/commit/c9332fa5e84f24da300b42b1a931ade929d3e27d - -Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> ---- - lib/file.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/file.c b/lib/file.c -index bd426eac2..666cbe75b 100644 ---- a/lib/file.c -+++ b/lib/file.c -@@ -499,11 +499,11 @@ static CURLcode file_do(struct connectdata *conn, bool *done) - Curl_month[tm->tm_mon], - tm->tm_year + 1900, - tm->tm_hour, - tm->tm_min, - tm->tm_sec); -- result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0); -+ result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0); - if(!result) - /* set the file size to make it available post transfer */ - Curl_pgrsSetDownloadSize(data, expected_size); - return result; - } --- -2.13.3 - diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000100.patch b/meta/recipes-support/curl/curl/CVE-2017-1000100.patch deleted file mode 100644 index f74f1dd896..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2017-1000100.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 358b2b131ad6c095696f20dcfa62b8305263f898 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Tue, 1 Aug 2017 17:16:46 +0200 -Subject: [PATCH] tftp: reject file name lengths that don't fit - -... and thereby avoid telling send() to send off more bytes than the -size of the buffer! - -CVE: CVE-2017-1000100 - -Bug: https://curl.haxx.se/docs/adv_20170809B.html -Reported-by: Even Rouault - -Credit to OSS-Fuzz for the discovery - -Upstream-Status: Backport -https://github.com/curl/curl/commit/358b2b131ad6c095696f20dcfa62b8305263f898 - -Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> ---- - lib/tftp.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/lib/tftp.c b/lib/tftp.c -index 02bd842..f6f4bce 100644 ---- a/lib/tftp.c -+++ b/lib/tftp.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. -+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -491,6 +491,11 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event) - if(result) - return result; - -+ if(strlen(filename) > (state->blksize - strlen(mode) - 4)) { -+ failf(data, "TFTP file name too long\n"); -+ return CURLE_TFTP_ILLEGAL; /* too long file name field */ -+ } -+ - snprintf((char *)state->spacket.data+2, - state->blksize, - "%s%c%s%c", filename, '\0', mode, '\0'); --- -1.7.9.5 - diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000101.patch b/meta/recipes-support/curl/curl/CVE-2017-1000101.patch deleted file mode 100644 index c300fff00c..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2017-1000101.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 453e7a7a03a2cec749abd3878a48e728c515cca7 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Tue, 1 Aug 2017 17:16:07 +0200 -Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow - range - -Added test 1289 to verify. - -CVE: CVE-2017-1000101 - -Bug: https://curl.haxx.se/docs/adv_20170809A.html -Reported-by: Brian Carpenter - -Upstream-Status: Backport -https://github.com/curl/curl/commit/453e7a7a03a2cec749abd3878a48e728c515cca7 - -Rebase the tests/data/Makefile.inc changes for curl 7.54.1. - -Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> ---- - src/tool_urlglob.c | 5 ++++- - tests/data/Makefile.inc | 2 +- - tests/data/test1289 | 35 +++++++++++++++++++++++++++++++++++ - 3 files changed, 40 insertions(+), 2 deletions(-) - create mode 100644 tests/data/test1289 - -diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c -index 6b1ece0..d56dcd9 100644 ---- a/src/tool_urlglob.c -+++ b/src/tool_urlglob.c -@@ -273,7 +273,10 @@ static CURLcode glob_range(URLGlob *glob, char **patternp, - } - errno = 0; - max_n = strtoul(pattern, &endp, 10); -- if(errno || (*endp == ':')) { -+ if(errno) -+ /* overflow */ -+ endp = NULL; -+ else if(*endp == ':') { - pattern = endp+1; - errno = 0; - step_n = strtoul(pattern, &endp, 10); -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index 155320a..7adbee6 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -132,7 +132,7 @@ test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \ - test1260 test1261 test1262 \ - \ - test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 \ --test1288 \ -+test1288 test1289 \ - \ - test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \ - test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \ -diff --git a/tests/data/test1289 b/tests/data/test1289 -new file mode 100644 -index 0000000..d679cc0 ---- /dev/null -+++ b/tests/data/test1289 -@@ -0,0 +1,35 @@ -+<testcase> -+<info> -+<keywords> -+HTTP -+HTTP GET -+globbing -+</keywords> -+</info> -+ -+# -+# Server-side -+<reply> -+</reply> -+ -+# Client-side -+<client> -+<server> -+http -+</server> -+<name> -+globbing with overflow and bad syntxx -+</name> -+<command> -+http://ur%20[0-60000000000000000000 -+</command> -+</client> -+ -+# Verify data after the test has been "shot" -+<verify> -+# curl: (3) [globbing] bad range in column -+<errorcode> -+3 -+</errorcode> -+</verify> -+</testcase> --- -2.11.0 - diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000254.patch b/meta/recipes-support/curl/curl/CVE-2017-1000254.patch deleted file mode 100644 index 2b0798b929..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2017-1000254.patch +++ /dev/null @@ -1,138 +0,0 @@ -From 1b2eba6f9745c064f7283e0ada8f46df9d9d6e42 Mon Sep 17 00:00:00 2001 -From: Li Zhou <li.zhou@windriver.com> -Date: Mon, 23 Oct 2017 00:26:50 -0700 -Subject: [PATCH] FTP: zero terminate the entry path even on bad input - -... a single double quote could leave the entry path buffer without a zero -terminating byte. CVE-2017-1000254 - -Test 1152 added to verify. - -Reported-by: Max Dymond -Bug: https://curl.haxx.se/docs/adv_20171004.html - -Upstream-Status: Backport -CVE: CVE-2017-1000254 -Signed-off-by: Li Zhou <li.zhou@windriver.com> ---- - lib/ftp.c | 7 ++++-- - tests/data/Makefile.inc | 2 ++ - tests/data/test1152 | 61 +++++++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 68 insertions(+), 2 deletions(-) - create mode 100644 tests/data/test1152 - -diff --git a/lib/ftp.c b/lib/ftp.c -index 5edec37..493dbf9 100644 ---- a/lib/ftp.c -+++ b/lib/ftp.c -@@ -2826,6 +2826,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn) - const size_t buf_size = data->set.buffer_size; - char *dir; - char *store; -+ bool entry_extracted = FALSE; - - dir = malloc(nread + 1); - if(!dir) -@@ -2857,7 +2858,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn) - } - else { - /* end of path */ -- *store = '\0'; /* zero terminate */ -+ entry_extracted = TRUE; - break; /* get out of this loop */ - } - } -@@ -2866,7 +2867,9 @@ static CURLcode ftp_statemach_act(struct connectdata *conn) - store++; - ptr++; - } -- -+ *store = '\0'; /* zero terminate */ -+ } -+ if(entry_extracted) { - /* If the path name does not look like an absolute path (i.e.: it - does not start with a '/'), we probably need some server-dependent - adjustments. For example, this is the case when connecting to -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index 7adbee6..5284654 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -121,6 +121,8 @@ test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 \ - test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \ - test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \ - test1144 test1145 test1146 \ -+test1152 \ -+\ - test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \ - test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \ - test1216 test1217 test1218 test1219 \ -diff --git a/tests/data/test1152 b/tests/data/test1152 -new file mode 100644 -index 0000000..aa8c0a7 ---- /dev/null -+++ b/tests/data/test1152 -@@ -0,0 +1,61 @@ -+<testcase> -+<info> -+<keywords> -+FTP -+PASV -+LIST -+</keywords> -+</info> -+# -+# Server-side -+<reply> -+<servercmd> -+REPLY PWD 257 "just one -+</servercmd> -+ -+# When doing LIST, we get the default list output hard-coded in the test -+# FTP server -+<data mode="text"> -+total 20 -+drwxr-xr-x 8 98 98 512 Oct 22 13:06 . -+drwxr-xr-x 8 98 98 512 Oct 22 13:06 .. -+drwxr-xr-x 2 98 98 512 May 2 1996 curl-releases -+-r--r--r-- 1 0 1 35 Jul 16 1996 README -+lrwxrwxrwx 1 0 1 7 Dec 9 1999 bin -> usr/bin -+dr-xr-xr-x 2 0 1 512 Oct 1 1997 dev -+drwxrwxrwx 2 98 98 512 May 29 16:04 download.html -+dr-xr-xr-x 2 0 1 512 Nov 30 1995 etc -+drwxrwxrwx 2 98 1 512 Oct 30 14:33 pub -+dr-xr-xr-x 5 0 1 512 Oct 1 1997 usr -+</data> -+</reply> -+ -+# -+# Client-side -+<client> -+<server> -+ftp -+</server> -+ <name> -+FTP with uneven quote in PWD response -+ </name> -+ <command> -+ftp://%HOSTIP:%FTPPORT/test-1152/ -+</command> -+</client> -+ -+# -+# Verify data after the test has been "shot" -+<verify> -+<protocol> -+USER anonymous -+PASS ftp@example.com -+PWD -+CWD test-1152 -+EPSV -+TYPE A -+LIST -+QUIT -+</protocol> -+</verify> -+</testcase> --- -2.11.0 - diff --git a/meta/recipes-support/curl/curl/reproducible-mkhelp.patch b/meta/recipes-support/curl/curl/reproducible-mkhelp.patch deleted file mode 100644 index 268bbebf09..0000000000 --- a/meta/recipes-support/curl/curl/reproducible-mkhelp.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 1fe92fd3dd64c7228f6ff41e3fc16c4f2392471a Mon Sep 17 00:00:00 2001 -From: Juro Bystricky <juro.bystricky@intel.com> -Date: Fri, 27 Oct 2017 08:28:25 -0700 -Subject: mkhelp.pl: support reproducible build - -Do not generate line with the current date, such as: - -* Generation time: Tue Oct-24 18:01:41 2017 - -This will improve reproducibility. The generated string is only -part of a comment, so there should be no adverse consequences. - -Upstream-Status: Submitted [ https://github.com/curl/curl/pull/2026 ] - -Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> - -diff --git a/src/mkhelp.pl b/src/mkhelp.pl -index 270daa2..757f024 100755 ---- a/src/mkhelp.pl -+++ b/src/mkhelp.pl -@@ -102,11 +102,9 @@ while(<READ>) { - } - close(READ); - --$now = localtime; - print <<HEAD - /* - * NEVER EVER edit this manually, fix the mkhelp.pl script instead! -- * Generation time: $now - */ - #ifdef USE_MANUAL - #include "tool_hugehelp.h" diff --git a/meta/recipes-support/curl/curl_7.54.1.bb b/meta/recipes-support/curl/curl_7.58.0.bb index 58f05316fe..d2d0180268 100644 --- a/meta/recipes-support/curl/curl_7.54.1.bb +++ b/meta/recipes-support/curl/curl_7.58.0.bb @@ -7,23 +7,16 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=8;md5=3a34942f4ae3fbf1a303160714e66 SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ - file://CVE-2017-1000099.patch \ - file://CVE-2017-1000100.patch \ - file://CVE-2017-1000101.patch \ - file://CVE-2017-1000254.patch \ " -SRC_URI_append_class-target = " \ - file://reproducible-mkhelp.patch \ -" # curl likes to set -g0 in CFLAGS, so we stop it # from mucking around with debug options # SRC_URI += " file://configure_ac.patch" -SRC_URI[md5sum] = "6b6eb722f512e7a24855ff084f54fe55" -SRC_URI[sha256sum] = "fdfc4df2d001ee0c44ec071186e770046249263c491fcae48df0e1a3ca8f25a0" +SRC_URI[md5sum] = "fa049f9f90c1ae473a2a7bcfa14de976" +SRC_URI[sha256sum] = "1cb081f97807c01e3ed747b6e1c9fee7a01cb10048f1cd0b5f56cfe0209de731" CVE_PRODUCT = "libcurl" inherit autotools pkgconfig binconfig multilib_header @@ -41,7 +34,7 @@ PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," -PACKAGECONFIG[libidn] = "--with-libidn,--without-libidn,libidn" +PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," @@ -64,9 +57,6 @@ EXTRA_OECONF = " \ --without-libpsl \ " -do_install_append() { - oe_multilib_header curl/curlbuild.h -} do_install_append_class-target() { # cleanup buildpaths from curl-config diff --git a/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/update-output-syntax.patch b/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/update-output-syntax.patch index 5a178e2ef1..19c524b0ac 100644 --- a/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/update-output-syntax.patch +++ b/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/update-output-syntax.patch @@ -3,7 +3,7 @@ The terms `FAIL` instead of `FAILED` and `SKIP` instead of `SKIPPED` match what Automake does Upstream-Status: Accepted -[ https://git.gnome.org/browse/gnome-desktop-testing/commit/?id=048850731a640532ef55a61df7357fcc6d2ad501 ] +[ https://gitlab.gnome.org/GNOME/gnome-desktop-testing/commit/048850731a640532ef55a61df7357fcc6d2ad501 ] Signed-off-by: Maxin B. John <maxin.john@intel.com> --- diff --git a/meta/recipes-support/libnl/libnl/lib-check-for-integer-overflow-in-nlmsg_reserve.patch b/meta/recipes-support/libnl/libnl/lib-check-for-integer-overflow-in-nlmsg_reserve.patch new file mode 100644 index 0000000000..594dd0616a --- /dev/null +++ b/meta/recipes-support/libnl/libnl/lib-check-for-integer-overflow-in-nlmsg_reserve.patch @@ -0,0 +1,43 @@ +From 3e18948f17148e6a3c4255bdeaaf01ef6081ceeb Mon Sep 17 00:00:00 2001 +From: Thomas Haller <thaller@redhat.com> +Date: Mon, 6 Feb 2017 22:23:52 +0100 +Subject: [PATCH] lib: check for integer-overflow in nlmsg_reserve() + +In general, libnl functions are not robust against calling with +invalid arguments. Thus, never call libnl functions with invalid +arguments. In case of nlmsg_reserve() this means never provide +a @len argument that causes overflow. + +Still, add an additional safeguard to avoid exploiting such bugs. + +Assume that @pad is a trusted, small integer. +Assume that n->nm_size is a valid number of allocated bytes (and thus +much smaller then SIZE_T_MAX). +Assume, that @len may be set to an untrusted value. Then the patch +avoids an integer overflow resulting in reserving too few bytes. + +Upstream-Status: Backport [https://github.com/thom311/libnl/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb] +CVE: CVE-2017-0553 + +Signed-off-by: Andre McCurdy <armccurdy@gmail.com> +--- + lib/msg.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/lib/msg.c b/lib/msg.c +index 9af3f3a..3e27d4e 100644 +--- a/lib/msg.c ++++ b/lib/msg.c +@@ -411,6 +411,9 @@ void *nlmsg_reserve(struct nl_msg *n, size_t len, int pad) + size_t nlmsg_len = n->nm_nlh->nlmsg_len; + size_t tlen; + ++ if (len > n->nm_size) ++ return NULL; ++ + tlen = pad ? ((len + (pad - 1)) & ~(pad - 1)) : len; + + if ((tlen + nlmsg_len) > n->nm_size) +-- +1.9.1 + diff --git a/meta/recipes-support/libnl/libnl_3.2.29.bb b/meta/recipes-support/libnl/libnl_3.2.29.bb index 7d4839ba50..4ce80e871b 100644 --- a/meta/recipes-support/libnl/libnl_3.2.29.bb +++ b/meta/recipes-support/libnl/libnl_3.2.29.bb @@ -12,7 +12,9 @@ DEPENDS = "flex-native bison-native" SRC_URI = "https://github.com/thom311/${BPN}/releases/download/${BPN}${@d.getVar('PV').replace('.','_')}/${BP}.tar.gz \ file://fix-pktloc_syntax_h-race.patch \ file://fix-pc-file.patch \ + file://lib-check-for-integer-overflow-in-nlmsg_reserve.patch \ " + UPSTREAM_CHECK_URI = "https://github.com/thom311/${BPN}/releases" SRC_URI[md5sum] = "a8ba62a5c4f883f4e493a46d1f3733fe" diff --git a/meta/recipes-support/libpcre/libpcre_8.41.bb b/meta/recipes-support/libpcre/libpcre_8.41.bb index 0eaed1808a..0187c08f50 100644 --- a/meta/recipes-support/libpcre/libpcre_8.41.bb +++ b/meta/recipes-support/libpcre/libpcre_8.41.bb @@ -80,4 +80,8 @@ do_install_ptest() { for i in RunTest RunGrepTest test-driver; \ do cp ${S}/$i $t; \ done + # Skip the fr_FR locale test. If the locale fr_FR is found, it is tested. + # If not found, the test is skipped. The test program assumes fr_FR is non-UTF-8 + # locale so the test fails if fr_FR is UTF-8 locale. + sed -i -e 's:do3=yes:do3=no:g' ${D}${PTEST_PATH}/RunTest } diff --git a/meta/recipes-support/mpfr/mpfr_3.1.5.bb b/meta/recipes-support/mpfr/mpfr_3.1.5.bb index 2d59c4a1be..1b56f2c066 100644 --- a/meta/recipes-support/mpfr/mpfr_3.1.5.bb +++ b/meta/recipes-support/mpfr/mpfr_3.1.5.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ file://COPYING.LESSER;md5=6a6a8e020838b23406c81b19c1d46df6" DEPENDS = "gmp" -SRC_URI = "http://www.mpfr.org/mpfr-${PV}/mpfr-${PV}.tar.xz \ +SRC_URI = "https://ftp.gnu.org/gnu/${BPN}/mpfr-${PV}.tar.xz \ file://long-long-thumb.patch \ " SRC_URI[md5sum] = "c4ac246cf9795a4491e7766002cd528f" diff --git a/meta/recipes-support/popt/popt_1.16.bb b/meta/recipes-support/popt/popt_1.16.bb index 478288f9bf..377d108449 100644 --- a/meta/recipes-support/popt/popt_1.16.bb +++ b/meta/recipes-support/popt/popt_1.16.bb @@ -8,7 +8,7 @@ PR = "r3" DEPENDS = "virtual/libiconv" -SRC_URI = "http://rpm5.org/files/popt/popt-${PV}.tar.gz \ +SRC_URI = "https://fossies.org/linux/misc/popt-${PV}.tar.gz \ file://pkgconfig_fix.patch \ file://popt_fix_for_automake-1.12.patch \ file://disable_tests.patch \ diff --git a/scripts/contrib/python/generate-manifest-3.5.py b/scripts/contrib/python/generate-manifest-3.5.py index 6352f8f120..750d4fc754 100755 --- a/scripts/contrib/python/generate-manifest-3.5.py +++ b/scripts/contrib/python/generate-manifest-3.5.py @@ -371,7 +371,7 @@ if __name__ == "__main__": "lib-dynload/readline.*.so rlcompleter.*" ) m.addPackage( "${PN}-reprlib", "Python alternate repr() implementation", "${PN}-core", - "reprlib.py" ) + "reprlib.*" ) m.addPackage( "${PN}-resource", "Python resource control interface", "${PN}-core", "lib-dynload/resource.*.so" ) diff --git a/scripts/lib/devtool/sdk.py b/scripts/lib/devtool/sdk.py index f46577c2ab..4616753797 100644 --- a/scripts/lib/devtool/sdk.py +++ b/scripts/lib/devtool/sdk.py @@ -145,6 +145,9 @@ def sdk_update(args, config, basepath, workspace): # Fetch manifest from server tmpmanifest = os.path.join(tmpsdk_dir, 'conf', 'sdk-conf-manifest') ret = subprocess.call("wget -q -O %s %s/conf/sdk-conf-manifest" % (tmpmanifest, updateserver), shell=True) + if ret != 0: + logger.error("Cannot dowload files from %s" % updateserver) + return ret changedfiles = check_manifest(tmpmanifest, basepath) if not changedfiles: logger.info("Already up-to-date") diff --git a/scripts/lib/wic/filemap.py b/scripts/lib/wic/filemap.py index 77e32b9add..a72fa09ef5 100644 --- a/scripts/lib/wic/filemap.py +++ b/scripts/lib/wic/filemap.py @@ -37,7 +37,15 @@ def get_block_size(file_obj): # Get the block size of the host file-system for the image file by calling # the FIGETBSZ ioctl (number 2). binary_data = fcntl.ioctl(file_obj, 2, struct.pack('I', 0)) - return struct.unpack('I', binary_data)[0] + bsize = struct.unpack('I', binary_data)[0] + if not bsize: + import os + stat = os.fstat(file_obj.fileno()) + if hasattr(stat, 'st_blksize'): + bsize = stat.st_blksize + else: + raise IOError("Unable to determine block size") + return bsize class ErrorNotSupp(Exception): """ diff --git a/scripts/multilib_header_wrapper.h b/scripts/multilib_header_wrapper.h index f516673b63..9660225fdd 100644 --- a/scripts/multilib_header_wrapper.h +++ b/scripts/multilib_header_wrapper.h @@ -22,7 +22,9 @@ */ -#if defined (__arm__) +#if defined (__bpf__) +#define __MHWORDSIZE 64 +#elif defined (__arm__) #define __MHWORDSIZE 32 #elif defined (__aarch64__) && defined ( __LP64__) #define __MHWORDSIZE 64 diff --git a/scripts/test-dependencies.sh b/scripts/test-dependencies.sh deleted file mode 100755 index 0b94de8608..0000000000 --- a/scripts/test-dependencies.sh +++ /dev/null @@ -1,286 +0,0 @@ -#!/bin/bash - -# Author: Martin Jansa <martin.jansa@gmail.com> -# -# Copyright (c) 2013 Martin Jansa <Martin.Jansa@gmail.com> - -# Used to detect missing dependencies or automagically -# enabled dependencies which aren't explicitly enabled -# or disabled. Using bash to have PIPESTATUS variable. - -# It does 3 builds of <target> -# 1st to populate sstate-cache directory and sysroot -# 2nd to rebuild each recipe with every possible -# dependency found in sysroot (which stays populated -# from 1st build -# 3rd to rebuild each recipe only with dependencies defined -# in DEPENDS -# 4th (optional) repeat build like 3rd to make sure that -# minimal versions of dependencies defined in DEPENDS -# is also enough - -# Global vars -tmpdir= -targets= -recipes= -buildhistory= -buildtype= -default_targets="world" -default_buildhistory="buildhistory" -default_buildtype="1 2 3 c" - -usage () { - cat << EOF -Welcome to utility to detect missing or autoenabled dependencies. -WARNING: this utility will completely remove your tmpdir (make sure - you don't have important buildhistory or persistent dir there). -$0 <OPTION> - -Options: - -h, --help - Display this help and exit. - - --tmpdir=<tmpdir> - Specify tmpdir, will use the environment variable TMPDIR if it is not specified. - Something like /OE/oe-core/tmp-eglibc (no / at the end). - - --targets=<targets> - List of targets separated by space, will use the environment variable TARGETS if it is not specified. - It will run "bitbake <targets>" to populate sysroots. - Default value is "world". - - --recipes=<recipes> - File with list of recipes we want to rebuild with minimal and maximal sysroot. - Will use the environment variable RECIPES if it is not specified. - Default value will use all packages ever recorded in buildhistory directory. - - --buildhistory=<buildhistory> - Path to buildhistory directory, it needs to be enabled in your config, - because it's used to detect different dependencies and to create list - of recipes to rebuild when it's not specified. - Will use the environment variable BUILDHISTORY if it is not specified. - Default value is "buildhistory" - - --buildtype=<buildtype> - There are 4 types of build: - 1: build to populate sstate-cache directory and sysroot - 2: build to rebuild each recipe with every possible dep - 3: build to rebuild each recipe with minimal dependencies - 4: build to rebuild each recipe again with minimal dependencies - c: compare buildhistory directories from build 2 and 3 - Will use the environment variable BUILDTYPE if it is not specified. - Default value is "1 2 3 c", order is important, type 4 is optional. -EOF -} - -# Print error information and exit. -echo_error () { - echo "ERROR: $1" >&2 - exit 1 -} - -while [ -n "$1" ]; do - case $1 in - --tmpdir=*) - tmpdir=`echo $1 | sed -e 's#^--tmpdir=##' | xargs readlink -e` - [ -d "$tmpdir" ] || echo_error "Invalid argument to --tmpdir" - shift - ;; - --targets=*) - targets=`echo $1 | sed -e 's#^--targets="*\([^"]*\)"*#\1#'` - shift - ;; - --recipes=*) - recipes=`echo $1 | sed -e 's#^--recipes="*\([^"]*\)"*#\1#'` - shift - ;; - --buildhistory=*) - buildhistory=`echo $1 | sed -e 's#^--buildhistory="*\([^"]*\)"*#\1#'` - shift - ;; - --buildtype=*) - buildtype=`echo $1 | sed -e 's#^--buildtype="*\([^"]*\)"*#\1#'` - shift - ;; - --help|-h) - usage - exit 0 - ;; - *) - echo "Invalid arguments $*" - echo_error "Try '$0 -h' for more information." - ;; - esac -done - -# tmpdir directory, use environment variable TMPDIR -# if it was not specified, otherwise, error. -[ -n "$tmpdir" ] || tmpdir=$TMPDIR -[ -n "$tmpdir" ] || echo_error "No tmpdir found!" -[ -d "$tmpdir" ] || echo_error "Invalid tmpdir \"$tmpdir\"" -[ -n "$targets" ] || targets=$TARGETS -[ -n "$targets" ] || targets=$default_targets -[ -n "$recipes" ] || recipes=$RECIPES -[ -n "$recipes" -a ! -f "$recipes" ] && echo_error "Invalid file with list of recipes to rebuild" -[ -n "$recipes" ] || echo "All packages ever recorded in buildhistory directory will be rebuilt" -[ -n "$buildhistory" ] || buildhistory=$BUILDHISTORY -[ -n "$buildhistory" ] || buildhistory=$default_buildhistory -[ -d "$buildhistory" ] || echo_error "Invalid buildhistory directory \"$buildhistory\"" -[ -n "$buildtype" ] || buildtype=$BUILDTYPE -[ -n "$buildtype" ] || buildtype=$default_buildtype -echo "$buildtype" | grep -v '^[1234c ]*$' && echo_error "Invalid buildtype \"$buildtype\", only some combination of 1, 2, 3, 4, c separated by space is allowed" - -OUTPUT_BASE=test-dependencies/`date "+%s"` -declare -i RESULT=0 - -build_all() { - echo "===== 1st build to populate sstate-cache directory and sysroot =====" - OUTPUT1=${OUTPUT_BASE}/${TYPE}_all - mkdir -p ${OUTPUT1} - echo "Logs will be stored in ${OUTPUT1} directory" - bitbake -k $targets 2>&1 | tee -a ${OUTPUT1}/complete.log - RESULT+=${PIPESTATUS[0]} - grep "ERROR: Task.*failed" ${OUTPUT1}/complete.log > ${OUTPUT1}/failed-tasks.log - cat ${OUTPUT1}/failed-tasks.log | sed 's@.*/@@g; s@_.*@@g; s@\.bb, .*@@g; s@\.bb:.*@@g' | sort -u > ${OUTPUT1}/failed-recipes.log -} - -build_every_recipe() { - if [ "${TYPE}" = "2" ] ; then - echo "===== 2nd build to rebuild each recipe with every possible dep =====" - OUTPUT_MAX=${OUTPUT_BASE}/${TYPE}_max - OUTPUTB=${OUTPUT_MAX} - else - echo "===== 3rd or 4th build to rebuild each recipe with minimal dependencies =====" - OUTPUT_MIN=${OUTPUT_BASE}/${TYPE}_min - OUTPUTB=${OUTPUT_MIN} - fi - - mkdir -p ${OUTPUTB} ${OUTPUTB}/failed ${OUTPUTB}/ok - echo "Logs will be stored in ${OUTPUTB} directory" - if [ -z "$recipes" ]; then - ls -d $buildhistory/packages/*/* | xargs -n 1 basename | sort -u > ${OUTPUTB}/recipe.list - recipes=${OUTPUTB}/recipe.list - fi - if [ "${TYPE}" != "2" ] ; then - echo "!!!Removing tmpdir \"$tmpdir\"!!!" - rm -rf $tmpdir/deploy $tmpdir/pkgdata $tmpdir/sstate-control $tmpdir/stamps $tmpdir/sysroots $tmpdir/work $tmpdir/work-shared 2>/dev/null - fi - i=1 - count=`cat $recipes ${OUTPUT1}/failed-recipes.log | sort -u | wc -l` - for recipe in `cat $recipes ${OUTPUT1}/failed-recipes.log | sort -u`; do - echo "Building recipe: ${recipe} ($i/$count)" - declare -i RECIPE_RESULT=0 - bitbake -c cleansstate ${recipe} > ${OUTPUTB}/${recipe}.log 2>&1; - RECIPE_RESULT+=$? - bitbake ${recipe} >> ${OUTPUTB}/${recipe}.log 2>&1; - RECIPE_RESULT+=$? - if [ "${RECIPE_RESULT}" != "0" ] ; then - RESULT+=${RECIPE_RESULT} - mv ${OUTPUTB}/${recipe}.log ${OUTPUTB}/failed/ - grep "ERROR: Task.*failed" ${OUTPUTB}/failed/${recipe}.log | tee -a ${OUTPUTB}/failed-tasks.log - grep "ERROR: Task.*failed" ${OUTPUTB}/failed/${recipe}.log | sed 's@.*/@@g; s@_.*@@g; s@\.bb, .*@@g; s@\.bb:.*@@g' >> ${OUTPUTB}/failed-recipes.log - # and append also ${recipe} in case the failed task was from some dependency - echo ${recipe} >> ${OUTPUTB}/failed-recipes.log - else - mv ${OUTPUTB}/${recipe}.log ${OUTPUTB}/ok/ - fi - if [ "${TYPE}" != "2" ] ; then - rm -rf $tmpdir/deploy $tmpdir/pkgdata $tmpdir/sstate-control $tmpdir/stamps $tmpdir/sysroots $tmpdir/work $tmpdir/work-shared 2>/dev/null - fi - i=`expr $i + 1` - done - echo "Copying buildhistory/packages to ${OUTPUTB}" - cp -ra $buildhistory/packages ${OUTPUTB} - # This will be usefull to see which library is pulling new dependency - echo "Copying do_package logs to ${OUTPUTB}/do_package/" - mkdir ${OUTPUTB}/do_package - find $tmpdir/work/ -name log.do_package 2>/dev/null| while read f; do - # pn is 3 levels back, but we don't know if there is just one log per pn (only one arch and version) - # dest=`echo $f | sed 's#^.*/\([^/]*\)/\([^/]*\)/\([^/]*\)/log.do_package#\1#g'` - dest=`echo $f | sed "s#$tmpdir/work/##g; s#/#_#g"` - cp $f ${OUTPUTB}/do_package/$dest - done -} - -compare_deps() { - # you can run just compare task with command like this - # OUTPUT_BASE=test-dependencies/1373140172 \ - # OUTPUT_MAX=${OUTPUT_BASE}/2_max \ - # OUTPUT_MIN=${OUTPUT_BASE}/3_min \ - # openembedded-core/scripts/test-dependencies.sh --tmpdir=tmp-eglibc --targets=glib-2.0 --recipes=recipe_list --buildtype=c - echo "===== Compare dependencies recorded in \"${OUTPUT_MAX}\" and \"${OUTPUT_MIN}\" =====" - [ -n "${OUTPUTC}" ] || OUTPUTC=${OUTPUT_BASE}/comp - mkdir -p ${OUTPUTC} - OUTPUT_FILE=${OUTPUTC}/dependency-changes - echo "Differences will be stored in ${OUTPUT_FILE}, dot is shown for every 100 of checked packages" - echo > ${OUTPUT_FILE} - - [ -d ${OUTPUT_MAX} ] || echo_error "Directory with output from build 2 \"${OUTPUT_MAX}\" does not exist" - [ -d ${OUTPUT_MIN} ] || echo_error "Directory with output from build 3 \"${OUTPUT_MIN}\" does not exist" - [ -d ${OUTPUT_MAX}/packages/ ] || echo_error "Directory with packages from build 2 \"${OUTPUT_MAX}/packages/\" does not exist" - [ -d ${OUTPUT_MIN}/packages/ ] || echo_error "Directory with packages from build 3 \"${OUTPUT_MIN}/packages/\" does not exist" - i=0 - find ${OUTPUT_MAX}/packages/ -name latest | sed "s#${OUTPUT_MAX}/##g" | while read pkg; do - max_pkg=${OUTPUT_MAX}/${pkg} - min_pkg=${OUTPUT_MIN}/${pkg} - # pkg=packages/armv5te-oe-linux-gnueabi/libungif/libungif/latest - recipe=`echo "${pkg}" | sed 's#packages/[^/]*/\([^/]*\)/\([^/]*\)/latest#\1#g'` - package=`echo "${pkg}" | sed 's#packages/[^/]*/\([^/]*\)/\([^/]*\)/latest#\2#g'` - if [ ! -f "${min_pkg}" ] ; then - echo "ERROR: ${recipe}: ${package} package isn't created when building with minimal dependencies?" | tee -a ${OUTPUT_FILE} - echo ${recipe} >> ${OUTPUTC}/failed-recipes.log - continue - fi - # strip version information in parenthesis - max_deps=`grep "^RDEPENDS = " ${max_pkg} | sed 's/^RDEPENDS = / /g; s/$/ /g; s/([^(]*)//g'` - min_deps=`grep "^RDEPENDS = " ${min_pkg} | sed 's/^RDEPENDS = / /g; s/$/ /g; s/([^(]*)//g'` - if [ "$i" = 100 ] ; then - echo -n "." # cheap progressbar - i=0 - fi - if [ "${max_deps}" = "${min_deps}" ] ; then - # it's annoying long, but at least it's showing some progress, warnings are grepped at the end - echo "NOTE: ${recipe}: ${package} rdepends weren't changed" >> ${OUTPUT_FILE} - else - missing_deps= - for dep in ${max_deps}; do - if ! echo "${min_deps}" | grep -q " ${dep} " ; then - missing_deps="${missing_deps} ${dep}" - echo # to get rid of dots on last line - echo "WARN: ${recipe}: ${package} rdepends on ${dep}, but it isn't a build dependency?" | tee -a ${OUTPUT_FILE} - fi - done - if [ -n "${missing_deps}" ] ; then - echo ${recipe} >> ${OUTPUTC}/failed-recipes.log - fi - fi - i=`expr $i + 1` - done - echo # to get rid of dots on last line - echo "Found differences: " - grep "^WARN: " ${OUTPUT_FILE} | tee ${OUTPUT_FILE}.warn.log - echo "Found errors: " - grep "^ERROR: " ${OUTPUT_FILE} | tee ${OUTPUT_FILE}.error.log - RESULT+=`cat ${OUTPUT_FILE}.warn.log | wc -l` - RESULT+=`cat ${OUTPUT_FILE}.error.log | wc -l` -} - -for TYPE in $buildtype; do - case ${TYPE} in - 1) build_all;; - 2) build_every_recipe;; - 3) build_every_recipe;; - 4) build_every_recipe;; - c) compare_deps;; - *) echo_error "Invalid buildtype \"$TYPE\"" - esac -done - -cat ${OUTPUT_BASE}/*/failed-recipes.log | sort -u >> ${OUTPUT_BASE}/failed-recipes.log - -if [ "${RESULT}" != "0" ] ; then - echo "ERROR: ${RESULT} issues were found in these recipes: `cat ${OUTPUT_BASE}/failed-recipes.log | xargs`" -fi - -echo "INFO: Output written in: ${OUTPUT_BASE}" -exit ${RESULT} |