summaryrefslogtreecommitdiffstats
path: root/import-layers/yocto-poky/meta/recipes-core
diff options
context:
space:
mode:
authorBrad Bishop <bradleyb@fuzziesquirrel.com>2018-04-01 22:23:53 -0400
committerBrad Bishop <bradleyb@fuzziesquirrel.com>2018-04-04 13:38:59 +0000
commit001113296d3300ffaf6b6d1578a4232dbf2695c8 (patch)
tree14ddda5f75227063a7dea14becfecda14e67c500 /import-layers/yocto-poky/meta/recipes-core
parent211ccf33fb57ddede03d26cf7cb05924d039b2df (diff)
downloadtalos-openbmc-001113296d3300ffaf6b6d1578a4232dbf2695c8.tar.gz
talos-openbmc-001113296d3300ffaf6b6d1578a4232dbf2695c8.zip
Rocko refresh
poky: 0ec241873367e18f5371a3ad9aca1e2801dcd4ee meta-openembbeded: dacfa2b1920e285531bec55cd2f08743390aaf57 meta-virtualization: bd77388f31929f38e7d4cc9c711f0f83f563007e meta-raspberrypi: b58ccfc696e4fa6b680ae5ca79960312676d7af9 Tested: Built witherspoon, palmetto and qemu images Change-Id: I934ff48674042bb5ce6b7d75642e7adb9668a409 Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-core')
-rw-r--r--import-layers/yocto-poky/meta/recipes-core/busybox/busybox-inittab_1.24.1.bb32
-rw-r--r--import-layers/yocto-poky/meta/recipes-core/busybox/busybox.inc12
-rw-r--r--import-layers/yocto-poky/meta/recipes-core/glibc/cross-localedef-native_2.26.bb3
-rw-r--r--import-layers/yocto-poky/meta/recipes-core/glibc/glibc-package.inc12
-rw-r--r--import-layers/yocto-poky/meta/recipes-core/glibc/glibc/0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch69
-rw-r--r--import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch66
-rw-r--r--import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-16997.patch150
-rw-r--r--import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-17426.patch80
-rw-r--r--import-layers/yocto-poky/meta/recipes-core/glibc/glibc/archive-path.patch39
-rw-r--r--import-layers/yocto-poky/meta/recipes-core/glibc/glibc/relocate-locales.patch55
-rw-r--r--import-layers/yocto-poky/meta/recipes-core/glibc/glibc_2.26.bb16
-rw-r--r--import-layers/yocto-poky/meta/recipes-core/meta/buildtools-tarball.bb1
12 files changed, 208 insertions, 327 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-core/busybox/busybox-inittab_1.24.1.bb b/import-layers/yocto-poky/meta/recipes-core/busybox/busybox-inittab_1.24.1.bb
new file mode 100644
index 000000000..a83620e85
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/busybox/busybox-inittab_1.24.1.bb
@@ -0,0 +1,32 @@
+SUMMARY = "inittab configuration for BusyBox"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+
+SRC_URI = "file://inittab"
+
+S = "${WORKDIR}"
+
+INHIBIT_DEFAULT_DEPS = "1"
+
+do_compile() {
+ :
+}
+
+do_install() {
+ install -d ${D}${sysconfdir}
+ install -D -m 0644 ${WORKDIR}/inittab ${D}${sysconfdir}/inittab
+ tmp="${SERIAL_CONSOLES}"
+ for i in $tmp
+ do
+ j=`echo ${i} | sed s/\;/\ /g`
+ id=`echo ${i} | sed -e 's/^.*;//' -e 's/;.*//'`
+ echo "$id::respawn:${base_sbindir}/getty ${j}" >> ${D}${sysconfdir}/inittab
+ done
+}
+
+# SERIAL_CONSOLES is generally defined by the MACHINE .conf.
+# Set PACKAGE_ARCH appropriately.
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+FILES_${PN} = "${sysconfdir}/inittab"
+CONFFILES_${PN} = "${sysconfdir}/inittab"
diff --git a/import-layers/yocto-poky/meta/recipes-core/busybox/busybox.inc b/import-layers/yocto-poky/meta/recipes-core/busybox/busybox.inc
index 48910ca33..a6bfd46b6 100644
--- a/import-layers/yocto-poky/meta/recipes-core/busybox/busybox.inc
+++ b/import-layers/yocto-poky/meta/recipes-core/busybox/busybox.inc
@@ -48,6 +48,8 @@ CONFFILES_${PN}-mdev = "${sysconfdir}/mdev.conf"
RRECOMMENDS_${PN} = "${PN}-syslog ${PN}-udhcpc"
+RDEPENDS_${PN} = "${@["", "busybox-inittab"][(d.getVar('VIRTUAL-RUNTIME_init_manager') == 'busybox')]}"
+
inherit cml1 systemd update-rc.d ptest
# internal helper
@@ -292,16 +294,6 @@ do_install () {
install -D -m 0777 ${WORKDIR}/rcS ${D}${sysconfdir}/init.d/rcS
install -D -m 0777 ${WORKDIR}/rcK ${D}${sysconfdir}/init.d/rcK
install -D -m 0755 ${WORKDIR}/runlevel ${D}${base_sbindir}/runlevel
- if grep "CONFIG_FEATURE_USE_INITTAB=y" ${B}/.config; then
- install -D -m 0777 ${WORKDIR}/inittab ${D}${sysconfdir}/inittab
- tmp="${SERIAL_CONSOLES}"
- for i in $tmp
- do
- j=`echo ${i} | sed s/\;/\ /g`
- id=`echo ${i} | sed -e 's/^.*;//' -e 's/;.*//'`
- echo "$id::respawn:${base_sbindir}/getty ${j}" >> ${D}${sysconfdir}/inittab
- done
- fi
fi
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/cross-localedef-native_2.26.bb b/import-layers/yocto-poky/meta/recipes-core/glibc/cross-localedef-native_2.26.bb
index fc5d70dbb..744085f41 100644
--- a/import-layers/yocto-poky/meta/recipes-core/glibc/cross-localedef-native_2.26.bb
+++ b/import-layers/yocto-poky/meta/recipes-core/glibc/cross-localedef-native_2.26.bb
@@ -21,7 +21,7 @@ SRCBRANCH ?= "release/${PV}/master"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.\d+)*)"
-SRCREV_glibc ?= "1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369"
+SRCREV_glibc ?= "d300041c533a3d837c9f37a099bcc95466860e98"
SRCREV_localedef ?= "dfb4afe551c6c6e94f9cc85417bd1f582168c843"
SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
@@ -35,6 +35,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0021-eglibc-Install-PIC-archives.patch \
file://0022-eglibc-Forward-port-cross-locale-generation-support.patch \
file://0023-Define-DUMMY_LOCALE_T-if-not-defined.patch \
+ file://archive-path.patch \
"
# Makes for a rather long rev (22 characters), but...
#
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc-package.inc b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc-package.inc
index df3db2cc4..b6d80745c 100644
--- a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc-package.inc
+++ b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc-package.inc
@@ -113,15 +113,15 @@ do_install_append () {
}
do_install_append_aarch64 () {
- if [ "${base_libdir}" != "/lib" ] ; then
+ if [ "${base_libdir}" != "${nonarch_base_libdir}" ]; then
# The aarch64 ABI says the dynamic linker -must- be /lib/ld-linux-aarch64[_be].so.1
- install -d ${D}/lib
+ install -d ${D}${nonarch_base_libdir}
if [ -e ${D}${base_libdir}/ld-linux-aarch64.so.1 ]; then
- ln -s ${@base_path_relative('/lib', '${base_libdir}')}/ld-linux-aarch64.so.1 \
- ${D}/lib/ld-linux-aarch64.so.1
+ ln -s ${@base_path_relative('${nonarch_base_libdir}', '${base_libdir}')}/ld-linux-aarch64.so.1 \
+ ${D}${nonarch_base_libdir}/ld-linux-aarch64.so.1
elif [ -e ${D}${base_libdir}/ld-linux-aarch64_be.so.1 ]; then
- ln -s ${@base_path_relative('/lib', '${base_libdir}')}/ld-linux-aarch64_be.so.1 \
- ${D}/lib/ld-linux-aarch64_be.so.1
+ ln -s ${@base_path_relative('${nonarch_base_libdir}', '${base_libdir}')}/ld-linux-aarch64_be.so.1 \
+ ${D}${nonarch_base_libdir}/ld-linux-aarch64_be.so.1
fi
fi
do_install_armmultilib
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch
new file mode 100644
index 000000000..436c84778
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch
@@ -0,0 +1,69 @@
+From af3054b3856379d353a779801678f330e1b58c9a Mon Sep 17 00:00:00 2001
+Message-Id: <af3054b3856379d353a779801678f330e1b58c9a.1490183611.git.panand@redhat.com>
+From: Pratyush Anand <panand@redhat.com>
+Date: Wed, 22 Mar 2017 17:02:38 +0530
+Subject: [PATCH] bits/siginfo-consts.h: enum definition for TRAP_HWBKPT is missing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Compile following linux kernel test code with latest glibc:
+
+https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/breakpoints/breakpoint_test_arm64.c
+
+and we get following error:
+breakpoint_test_arm64.c: In function ‘run_test’:
+breakpoint_test_arm64.c:171:25: error: ‘TRAP_HWBKPT’ undeclared (first use in this function)
+ if (siginfo.si_code != TRAP_HWBKPT) {
+ ^
+I can compile test code by modifying my local
+/usr/include/bits/siginfo.h and test works great. Therefore, this patch
+will be needed in upstream glibc so that issue is fixed there as well.
+
+Signed-off-by: Pratyush Anand <panand@redhat.com>
+
+Upstream-Status: Submitted [https://sourceware.org/bugzilla/show_bug.cgi?id=21286]
+---
+ bits/siginfo-consts.h | 6 +++++-
+ sysdeps/unix/sysv/linux/bits/siginfo-consts.h | 6 +++++-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/bits/siginfo-consts.h b/bits/siginfo-consts.h
+index a58ac4b..8448fac 100644
+--- a/bits/siginfo-consts.h
++++ b/bits/siginfo-consts.h
+@@ -106,8 +106,12 @@ enum
+ {
+ TRAP_BRKPT = 1, /* Process breakpoint. */
+ # define TRAP_BRKPT TRAP_BRKPT
+- TRAP_TRACE /* Process trace trap. */
++ TRAP_TRACE, /* Process trace trap. */
+ # define TRAP_TRACE TRAP_TRACE
++ TRAP_BRANCH, /* Process branch trap. */
++# define TRAP_BRANCH TRAP_BRANCH
++ TRAP_HWBKPT /* hardware breakpoint/watchpoint */
++# define TRAP_HWBKPT TRAP_HWBKPT
+ };
+ # endif
+
+diff --git a/sysdeps/unix/sysv/linux/bits/siginfo-consts.h b/sysdeps/unix/sysv/linux/bits/siginfo-consts.h
+index 525840c..57a9edb 100644
+--- a/sysdeps/unix/sysv/linux/bits/siginfo-consts.h
++++ b/sysdeps/unix/sysv/linux/bits/siginfo-consts.h
+@@ -137,8 +137,12 @@ enum
+ {
+ TRAP_BRKPT = 1, /* Process breakpoint. */
+ # define TRAP_BRKPT TRAP_BRKPT
+- TRAP_TRACE /* Process trace trap. */
++ TRAP_TRACE, /* Process trace trap. */
+ # define TRAP_TRACE TRAP_TRACE
++ TRAP_BRANCH, /* Process branch trap. */
++# define TRAP_BRANCH TRAP_BRANCH
++ TRAP_HWBKPT /* hardware breakpoint/watchpoint */
++# define TRAP_HWBKPT TRAP_HWBKPT
+ };
+ # endif
+
+--
+2.7.4
+
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
deleted file mode 100644
index 35692820d..000000000
--- a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From f1cf98b583787cfb6278baea46e286a0ee7567fd Mon Sep 17 00:00:00 2001
-From: Paul Eggert <eggert@cs.ucla.edu>
-Date: Sun, 22 Oct 2017 10:00:57 +0200
-Subject: [PATCH] glob: Fix buffer overflow during GLOB_TILDE unescaping [BZ
- #22332]
-
-(cherry picked from commit a159b53fa059947cc2548e3b0d5bdcf7b9630ba8)
-
-Upstream-Status: Backport
-CVE: CVE-2017-15671
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ChangeLog | 6 ++++++
- NEWS | 4 ++++
- posix/glob.c | 4 ++--
- 3 files changed, 12 insertions(+), 2 deletions(-)
-
-Index: git/NEWS
-===================================================================
---- git.orig/NEWS
-+++ git/NEWS
-@@ -211,6 +211,10 @@ Security related changes:
- on the stack or the heap, depending on the length of the user name).
- Reported by Tim Rühsen.
-
-+ The glob function, when invoked with GLOB_TILDE and without
-+ GLOB_NOESCAPE, could write past the end of a buffer while
-+ unescaping user names. Reported by Tim Rühsen.
-+
- The following bugs are resolved with this release:
-
- [984] network: Respond to changed resolv.conf in gethostbyname
-Index: git/posix/glob.c
-===================================================================
---- git.orig/posix/glob.c
-+++ git/posix/glob.c
-@@ -823,11 +823,11 @@ glob (const char *pattern, int flags, in
- char *p = mempcpy (newp, dirname + 1,
- unescape - dirname - 1);
- char *q = unescape;
-- while (*q != '\0')
-+ while (q != end_name)
- {
- if (*q == '\\')
- {
-- if (q[1] == '\0')
-+ if (q + 1 == end_name)
- {
- /* "~fo\\o\\" unescape to user_name "foo\\",
- but "~fo\\o\\/" unescape to user_name
-Index: git/ChangeLog
-===================================================================
---- git.orig/ChangeLog
-+++ git/ChangeLog
-@@ -1,5 +1,10 @@
-+
- 2017-10-20 Paul Eggert <eggert@cs.ucla.edu>
-
-+ [BZ #22332]
-+ * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE
-+ unescaping.
-+
- [BZ #22320]
- CVE-2017-15670
- * posix/glob.c (__glob): Fix one-byte overflow.
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-16997.patch b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-16997.patch
deleted file mode 100644
index 38731e412..000000000
--- a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-16997.patch
+++ /dev/null
@@ -1,150 +0,0 @@
-From 4ebd0c4191c6073cc8a7c5fdcf1d182c4719bcbb Mon Sep 17 00:00:00 2001
-From: Aurelien Jarno <aurelien@aurel32.net>
-Date: Sat, 30 Dec 2017 10:54:23 +0100
-Subject: [PATCH] elf: Check for empty tokens before dynamic string token
- expansion [BZ #22625]
-
-The fillin_rpath function in elf/dl-load.c loops over each RPATH or
-RUNPATH tokens and interprets empty tokens as the current directory
-("./"). In practice the check for empty token is done *after* the
-dynamic string token expansion. The expansion process can return an
-empty string for the $ORIGIN token if __libc_enable_secure is set
-or if the path of the binary can not be determined (/proc not mounted).
-
-Fix that by moving the check for empty tokens before the dynamic string
-token expansion. In addition, check for NULL pointer or empty strings
-return by expand_dynamic_string_token.
-
-The above changes highlighted a bug in decompose_rpath, an empty array
-is represented by the first element being NULL at the fillin_rpath
-level, but by using a -1 pointer in decompose_rpath and other functions.
-
-Changelog:
- [BZ #22625]
- * elf/dl-load.c (fillin_rpath): Check for empty tokens before dynamic
- string token expansion. Check for NULL pointer or empty string possibly
- returned by expand_dynamic_string_token.
- (decompose_rpath): Check for empty path after dynamic string
- token expansion.
-(cherry picked from commit 3e3c904daef69b8bf7d5cc07f793c9f07c3553ef)
-
-Upstream-Status: Backport
-CVE: CVE-2017-16997
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ChangeLog | 10 ++++++++++
- NEWS | 4 ++++
- elf/dl-load.c | 49 +++++++++++++++++++++++++++++++++----------------
- 3 files changed, 47 insertions(+), 16 deletions(-)
-
-Index: git/NEWS
-===================================================================
---- git.orig/NEWS
-+++ git/NEWS
-@@ -215,6 +215,10 @@ Security related changes:
- GLOB_NOESCAPE, could write past the end of a buffer while
- unescaping user names. Reported by Tim Rühsen.
-
-+ CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN
-+ for AT_SECURE or SUID binaries could be used to load libraries from the
-+ current directory.
-+
- The following bugs are resolved with this release:
-
- [984] network: Respond to changed resolv.conf in gethostbyname
-Index: git/elf/dl-load.c
-===================================================================
---- git.orig/elf/dl-load.c
-+++ git/elf/dl-load.c
-@@ -433,32 +433,41 @@ fillin_rpath (char *rpath, struct r_sear
- {
- char *cp;
- size_t nelems = 0;
-- char *to_free;
-
- while ((cp = __strsep (&rpath, sep)) != NULL)
- {
- struct r_search_path_elem *dirp;
-+ char *to_free = NULL;
-+ size_t len = 0;
-
-- to_free = cp = expand_dynamic_string_token (l, cp, 1);
-+ /* `strsep' can pass an empty string. */
-+ if (*cp != '\0')
-+ {
-+ to_free = cp = expand_dynamic_string_token (l, cp, 1);
-
-- size_t len = strlen (cp);
-+ /* expand_dynamic_string_token can return NULL in case of empty
-+ path or memory allocation failure. */
-+ if (cp == NULL)
-+ continue;
-+
-+ /* Compute the length after dynamic string token expansion and
-+ ignore empty paths. */
-+ len = strlen (cp);
-+ if (len == 0)
-+ {
-+ free (to_free);
-+ continue;
-+ }
-
-- /* `strsep' can pass an empty string. This has to be
-- interpreted as `use the current directory'. */
-- if (len == 0)
-- {
-- static const char curwd[] = "./";
-- cp = (char *) curwd;
-+ /* Remove trailing slashes (except for "/"). */
-+ while (len > 1 && cp[len - 1] == '/')
-+ --len;
-+
-+ /* Now add one if there is none so far. */
-+ if (len > 0 && cp[len - 1] != '/')
-+ cp[len++] = '/';
- }
-
-- /* Remove trailing slashes (except for "/"). */
-- while (len > 1 && cp[len - 1] == '/')
-- --len;
--
-- /* Now add one if there is none so far. */
-- if (len > 0 && cp[len - 1] != '/')
-- cp[len++] = '/';
--
- /* Make sure we don't use untrusted directories if we run SUID. */
- if (__glibc_unlikely (check_trusted) && !is_trusted_path (cp, len))
- {
-@@ -621,6 +630,14 @@ decompose_rpath (struct r_search_path_st
- necessary. */
- free (copy);
-
-+ /* There is no path after expansion. */
-+ if (result[0] == NULL)
-+ {
-+ free (result);
-+ sps->dirs = (struct r_search_path_elem **) -1;
-+ return false;
-+ }
-+
- sps->dirs = result;
- /* The caller will change this value if we haven't used a real malloc. */
- sps->malloced = 1;
-Index: git/ChangeLog
-===================================================================
---- git.orig/ChangeLog
-+++ git/ChangeLog
-@@ -1,3 +1,12 @@
-+2017-12-30 Aurelien Jarno <aurelien@aurel32.net>
-+ Dmitry V. Levin <ldv@altlinux.org>
-+
-+ [BZ #22625]
-+ * elf/dl-load.c (fillin_rpath): Check for empty tokens before dynamic
-+ string token expansion. Check for NULL pointer or empty string possibly
-+ returned by expand_dynamic_string_token.
-+ (decompose_rpath): Check for empty path after dynamic string
-+ token expansion.
-
- 2017-10-20 Paul Eggert <eggert@cs.ucla.edu>
-
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-17426.patch b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-17426.patch
deleted file mode 100644
index c7d1cb86d..000000000
--- a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/CVE-2017-17426.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From df8c219cb987cfe85c550efa693a1383a11e38aa Mon Sep 17 00:00:00 2001
-From: Arjun Shankar <arjun@redhat.com>
-Date: Thu, 30 Nov 2017 13:31:45 +0100
-Subject: [PATCH] Fix integer overflow in malloc when tcache is enabled [BZ
- #22375]
-
-When the per-thread cache is enabled, __libc_malloc uses request2size (which
-does not perform an overflow check) to calculate the chunk size from the
-requested allocation size. This leads to an integer overflow causing malloc
-to incorrectly return the last successfully allocated block when called with
-a very large size argument (close to SIZE_MAX).
-
-This commit uses checked_request2size instead, removing the overflow.
-
-(cherry picked from commit 34697694e8a93b325b18f25f7dcded55d6baeaf6)
-
-Upstream-Status: Backport
-CVE: CVE-2017-17426
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ChangeLog | 7 +++++++
- NEWS | 6 ++++++
- malloc/malloc.c | 3 ++-
- 3 files changed, 15 insertions(+), 1 deletion(-)
-
-Index: git/NEWS
-===================================================================
---- git.orig/NEWS
-+++ git/NEWS
-@@ -4,6 +4,8 @@ See the end for copying conditions.
-
- Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
- using `glibc' in the "product" field.
-+
-+[22375] malloc returns pointer from tcache instead of NULL (CVE-2017-17426)
-
- Version 2.26
-
-@@ -215,6 +217,11 @@ Security related changes:
- for AT_SECURE or SUID binaries could be used to load libraries from the
- current directory.
-
-+ CVE-2017-17426: The malloc function, when called with an object size near
-+ the value SIZE_MAX, would return a pointer to a buffer which is too small,
-+ instead of NULL. This was a regression introduced with the new malloc
-+ thread cache in glibc 2.26. Reported by Iain Buclaw.
-+
- The following bugs are resolved with this release:
-
- [984] network: Respond to changed resolv.conf in gethostbyname
-Index: git/malloc/malloc.c
-===================================================================
---- git.orig/malloc/malloc.c
-+++ git/malloc/malloc.c
-@@ -3050,7 +3050,8 @@ __libc_malloc (size_t bytes)
- return (*hook)(bytes, RETURN_ADDRESS (0));
- #if USE_TCACHE
- /* int_free also calls request2size, be careful to not pad twice. */
-- size_t tbytes = request2size (bytes);
-+ size_t tbytes;
-+ checked_request2size (bytes, tbytes);
- size_t tc_idx = csize2tidx (tbytes);
-
- MAYBE_INIT_TCACHE ();
-Index: git/ChangeLog
-===================================================================
---- git.orig/ChangeLog
-+++ git/ChangeLog
-@@ -1,3 +1,10 @@
-+2017-11-30 Arjun Shankar <arjun@redhat.com>
-+
-+ [BZ #22375]
-+ CVE-2017-17426
-+ * malloc/malloc.c (__libc_malloc): Use checked_request2size
-+ instead of request2size.
-+
- 2017-12-30 Aurelien Jarno <aurelien@aurel32.net>
- Dmitry V. Levin <ldv@altlinux.org>
-
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/archive-path.patch b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/archive-path.patch
new file mode 100644
index 000000000..b0d3158cf
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/archive-path.patch
@@ -0,0 +1,39 @@
+localedef --add-to-archive uses a hard-coded locale path which doesn't exist in
+normal use, and there's no way to pass an alternative filename.
+
+Add a fallback of $LOCALEARCHIVE from the environment, and allow creation of new locale archives that are not the system archive.
+
+Upstream-Status: Inappropriate (OE-specific)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/locale/programs/locarchive.c b/locale/programs/locarchive.c
+index ca332a34..6b7ba9b2 100644
+--- a/locale/programs/locarchive.c
++++ b/locale/programs/locarchive.c
+@@ -569,10 +569,13 @@ open_archive (struct locarhandle *ah, bool readonly)
+ /* If ah has a non-NULL fname open that otherwise open the default. */
+ if (archivefname == NULL)
+ {
+- archivefname = default_fname;
+- if (output_prefix)
+- memcpy (default_fname, output_prefix, prefix_len);
+- strcpy (default_fname + prefix_len, ARCHIVE_NAME);
++ archivefname = getenv("LOCALEARCHIVE");
++ if (archivefname == NULL) {
++ archivefname = default_fname;
++ if (output_prefix)
++ memcpy (default_fname, output_prefix, prefix_len);
++ strcpy (default_fname + prefix_len, ARCHIVE_NAME);
++ }
+ }
+
+ while (1)
+@@ -585,7 +588,7 @@ open_archive (struct locarhandle *ah, bool readonly)
+ the default locale archive we ignore the failure and
+ list an empty archive, otherwise we print an error
+ and exit. */
+- if (errno == ENOENT && archivefname == default_fname)
++ if (errno == ENOENT)
+ {
+ if (readonly)
+ {
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/relocate-locales.patch b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/relocate-locales.patch
new file mode 100644
index 000000000..2aea37f5c
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc/relocate-locales.patch
@@ -0,0 +1,55 @@
+The glibc locale path is hard-coded to the install prefix, but in SDKs we need
+to be able to relocate the binaries. Expand the strings to 4K and put them in a
+magic segment that we can relocate at install time.
+
+Upstream-Status: Inappropriate (OE-specific)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/locale/findlocale.c b/locale/findlocale.c
+index 872cadb5..da14fa39 100644
+--- a/locale/findlocale.c
++++ b/locale/findlocale.c
+@@ -56,7 +56,7 @@ struct __locale_data *const _nl_C[] attribute_hidden =
+ which are somehow addressed. */
+ struct loaded_l10nfile *_nl_locale_file_list[__LC_LAST];
+
+-const char _nl_default_locale_path[] attribute_hidden = COMPLOCALEDIR;
++char _nl_default_locale_path[4096] attribute_hidden __attribute__ ((section (".gccrelocprefix"))) = COMPLOCALEDIR;
+
+ /* Checks if the name is actually present, that is, not NULL and not
+ empty. */
+@@ -167,7 +167,7 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len,
+
+ /* Nothing in the archive. Set the default path to search below. */
+ locale_path = _nl_default_locale_path;
+- locale_path_len = sizeof _nl_default_locale_path;
++ locale_path_len = strlen(locale_path) + 1;
+ }
+ else
+ /* We really have to load some data. First see whether the name is
+diff --git a/locale/localeinfo.h b/locale/localeinfo.h
+index 68822a63..537bc351 100644
+--- a/locale/localeinfo.h
++++ b/locale/localeinfo.h
+@@ -325,7 +325,7 @@ _nl_lookup_word (locale_t l, int category, int item)
+ }
+
+ /* Default search path if no LOCPATH environment variable. */
+-extern const char _nl_default_locale_path[] attribute_hidden;
++extern char _nl_default_locale_path[4096] attribute_hidden;
+
+ /* Load the locale data for CATEGORY from the file specified by *NAME.
+ If *NAME is "", use environment variables as specified by POSIX, and
+diff --git a/locale/loadarchive.c b/locale/loadarchive.c
+index 516d30d8..792b37fb 100644
+--- a/locale/loadarchive.c
++++ b/locale/loadarchive.c
+@@ -42,7 +43,7 @@
+
+
+ /* Name of the locale archive file. */
+-static const char archfname[] = COMPLOCALEDIR "/locale-archive";
++static const char archfname[4096] __attribute__ ((section (".gccrelocprefix"))) = COMPLOCALEDIR "/locale-archive";
+
+ /* Size of initial mapping window, optimal if large enough to
+ cover the header plus the initial locale. */
diff --git a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc_2.26.bb b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc_2.26.bb
index 8c0eb98af..9d1e636bb 100644
--- a/import-layers/yocto-poky/meta/recipes-core/glibc/glibc_2.26.bb
+++ b/import-layers/yocto-poky/meta/recipes-core/glibc/glibc_2.26.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
DEPENDS += "gperf-native bison-native"
-SRCREV ?= "1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369"
+SRCREV ?= "d300041c533a3d837c9f37a099bcc95466860e98"
SRCBRANCH ?= "release/${PV}/master"
@@ -40,14 +40,9 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0023-Define-DUMMY_LOCALE_T-if-not-defined.patch \
file://0024-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch \
file://0025-locale-fix-hard-coded-reference-to-gcc-E.patch \
- file://0026-assert-Suppress-pedantic-warning-caused-by-statement.patch \
file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \
file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \
- file://CVE-2017-15670.patch \
- file://CVE-2017-15671.patch \
- file://0029-assert-Support-types-without-operator-int-BZ-21972.patch \
- file://CVE-2017-16997.patch \
- file://CVE-2017-17426.patch \
+ file://0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch \
"
NATIVESDKFIXES ?= ""
@@ -56,6 +51,7 @@ NATIVESDKFIXES_class-nativesdk = "\
file://0002-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch \
file://0003-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch \
file://0004-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch \
+ file://relocate-locales.patch \
"
S = "${WORKDIR}/git"
@@ -143,12 +139,6 @@ do_compile () {
}
-# Use the host locale archive when built for nativesdk so that we don't need to
-# ship a complete (100MB) locale set.
-do_compile_prepend_class-nativesdk() {
- echo "complocaledir=/usr/lib/locale" >> ${S}/configparms
-}
-
require glibc-package.inc
BBCLASSEXTEND = "nativesdk"
diff --git a/import-layers/yocto-poky/meta/recipes-core/meta/buildtools-tarball.bb b/import-layers/yocto-poky/meta/recipes-core/meta/buildtools-tarball.bb
index be37c4421..d98a9c901 100644
--- a/import-layers/yocto-poky/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/import-layers/yocto-poky/meta/recipes-core/meta/buildtools-tarball.bb
@@ -21,7 +21,6 @@ TOOLCHAIN_HOST_TASK ?= "\
nativesdk-wget \
nativesdk-ca-certificates \
nativesdk-texinfo \
- nativesdk-locale-base-en-us \
"
MULTIMACH_TARGET_SYS = "${SDK_ARCH}-nativesdk${SDK_VENDOR}-${SDK_OS}"
OpenPOWER on IntegriCloud