diff options
| author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-10-16 10:47:12 +0800 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-11-18 20:46:35 -0500 |
| commit | 6f8dcde58e2226d5a46f41ab53225134d0e60b4e (patch) | |
| tree | dfbdf8de08982b93dfd42921b548cffc73b4a153 /poky | |
| parent | 10719a5be4799cf3961bdb4754cb389e8e45ede5 (diff) | |
| download | talos-openbmc-6f8dcde58e2226d5a46f41ab53225134d0e60b4e.tar.gz talos-openbmc-6f8dcde58e2226d5a46f41ab53225134d0e60b4e.zip | |
poky: sumo refresh d240b885f2..eebbc00b25
Update poky to sumo HEAD.
Anuj Mittal (1):
perl: skip tests that are not useful
Armin Kuster (4):
tzcode-native: updatet to 2018e
tzdata: update to 2018e
tzcode: update to 2018f
tzdata: update to 2018f
Bruce Ashfield (10):
kernel-yocto/cfg: configuration warning fixes
linux-yocto/4.14/4.18: address kernel configuration warnings
linux-yocto: configuration warning fixes
linux-yocto: tweak RTC configuration
linux-yocto/4.14: fix kernel configuration audit warnings
linux-yocto/4.14: update to v4.14.71
linux-yocto: enable pci and CRYPTO_DEV_VIRTIO
linux-yocto/4.14: fix beaglebone configuration warnings
linux-yocto-rt: fixup 4.14 merge issues
linux-yocto/4.14: update to v4.14.76
Changqing Li (1):
apt: update SRC_URI
Chen Qi (2):
python: backport patch to fix CVE-2018-1000802
python: backport patch to fix CVE-2018-14647
Dan McGregor (2):
os-release: move to nonarch_libdir
base-files: change permissions on /sys and /proc
Derek Straka (1):
python: update to version 2.7.15
Grygorii Tertychnyi (2):
cve-check: Allow multiple entries in CVE_PRODUCT
curl: extend CVE_PRODUCT
Hongxu Jia (2):
valgrind: fix compile ptest failure on mips32
nasm: fix CVE-2018-1000667
Hongzhi.Song (1):
linux-yocto-rt: Add paravirt_kvm support for qemux86-64
Jagadeesh Krishnanjanappa (1):
valgrind: fix ptest compilation for PowerPC64
Peter Kjellerstedt (1):
curl: Include the complete license information
Richard Purdie (2):
yocto-uninative: Upgrade to verson 2.3 which includes glibc 2.28
oeqa/selftest/runtime_test: Ensure we build/use gnupg-native
Ross Burton (2):
python: clean up ptest
python: don't use runtime checks to identify float endianism
Zhixiong Chi (1):
curl: CVE-2018-14618
Change-Id: I4b7aa481ed2a57c3551c4a45d30350f2376444cc
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky')
34 files changed, 851 insertions, 682 deletions
diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass index 12ad3e5c5..743bc08a4 100644 --- a/poky/meta/classes/cve-check.bbclass +++ b/poky/meta/classes/cve-check.bbclass @@ -190,7 +190,8 @@ def check_cves(d, patched_cves): # Write the faux CSV file to be used with cve-check-tool fd, faux = tempfile.mkstemp(prefix="cve-faux-") with os.fdopen(fd, "w") as f: - f.write("%s,%s,%s," % (bpn, pv, cves)) + for pn in bpn.split(): + f.write("%s,%s,%s,\n" % (pn, pv, cves)) cmd.append(faux) output = subprocess.check_output(cmd).decode("utf-8") diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc index 38080c63b..c5b0556cf 100644 --- a/poky/meta/conf/distro/include/yocto-uninative.inc +++ b/poky/meta/conf/distro/include/yocto-uninative.inc @@ -6,9 +6,9 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.27" +UNINATIVE_MAXGLIBCVERSION = "2.28" -UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.2/" -UNINATIVE_CHECKSUM[i686] ?= "036b60092fe4acfa1a321d110673030db20344a2d56f33a4d047f0279498bdad" -UNINATIVE_CHECKSUM[x86_64] ?= "e3b77208169bf1ac4e89496f3cdbf27695f5b18a2694a908a793390f28b67f83" +UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.3/" +UNINATIVE_CHECKSUM[i686] ?= "44253cddbf629082568cea4fff59419106871a0cf81b4845b5d34e7014887b20" +UNINATIVE_CHECKSUM[x86_64] ?= "c6954563dad3c95608117c6fc328099036c832bbd924ebf5fdccb622fc0a8684" diff --git a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py index 9c9b4b341..146daf80b 100644 --- a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py +++ b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py @@ -148,10 +148,12 @@ class TestImage(OESelftestTestCase): features += 'EXTRA_IMAGE_FEATURES += "package-management"\n' features += 'PACKAGE_CLASSES = "package_rpm"\n' + bitbake('gnupg-native -c addto_recipe_sysroot') + # Enable package feed signing self.gpg_home = tempfile.mkdtemp(prefix="oeqa-feed-sign-") signing_key_dir = os.path.join(self.testlayer_path, 'files', 'signing') - runCmd('gpg --batch --homedir %s --import %s' % (self.gpg_home, os.path.join(signing_key_dir, 'key.secret'))) + runCmd('gpg --batch --homedir %s --import %s' % (self.gpg_home, os.path.join(signing_key_dir, 'key.secret')), native_sysroot=get_bb_var("RECIPE_SYSROOT_NATIVE", "gnupg-native")) features += 'INHERIT += "sign_package_feed"\n' features += 'PACKAGE_FEED_GPG_NAME = "testuser"\n' features += 'PACKAGE_FEED_GPG_PASSPHRASE_FILE = "%s"\n' % os.path.join(signing_key_dir, 'key.passphrase') diff --git a/poky/meta/recipes-core/base-files/base-files_3.0.14.bb b/poky/meta/recipes-core/base-files/base-files_3.0.14.bb index 1c0863b1c..a6963ba24 100644 --- a/poky/meta/recipes-core/base-files/base-files_3.0.14.bb +++ b/poky/meta/recipes-core/base-files/base-files_3.0.14.bb @@ -32,15 +32,16 @@ INHIBIT_DEFAULT_DEPS = "1" docdir_append = "/${P}" dirs1777 = "/tmp ${localstatedir}/volatile/tmp" dirs2775 = "" +dirs555 = "/sys /proc" dirs755 = "/boot /dev ${base_bindir} ${base_sbindir} ${base_libdir} \ ${sysconfdir} ${sysconfdir}/default \ - ${sysconfdir}/skel ${nonarch_base_libdir} /mnt /proc ${ROOT_HOME} /run \ + ${sysconfdir}/skel ${nonarch_base_libdir} /mnt ${ROOT_HOME} /run \ ${prefix} ${bindir} ${docdir} /usr/games ${includedir} \ ${libdir} ${sbindir} ${datadir} \ ${datadir}/common-licenses ${datadir}/dict ${infodir} \ ${mandir} ${datadir}/misc ${localstatedir} \ ${localstatedir}/backups ${localstatedir}/lib \ - /sys ${localstatedir}/lib/misc ${localstatedir}/spool \ + ${localstatedir}/lib/misc ${localstatedir}/spool \ ${localstatedir}/volatile \ ${localstatedir}/${@'volatile/' if oe.types.boolean('${VOLATILE_LOG_DIR}') else ''}log \ /home ${prefix}/src ${localstatedir}/local \ @@ -93,6 +94,9 @@ pkg_preinst_${PN} () { } do_install () { + for d in ${dirs555}; do + install -m 0555 -d ${D}$d + done for d in ${dirs755}; do install -m 0755 -d ${D}$d done diff --git a/poky/meta/recipes-core/os-release/os-release.bb b/poky/meta/recipes-core/os-release/os-release.bb index bf4f815a1..7f3d9cba0 100644 --- a/poky/meta/recipes-core/os-release/os-release.bb +++ b/poky/meta/recipes-core/os-release/os-release.bb @@ -42,9 +42,9 @@ python do_compile () { do_compile[vardeps] += "${OS_RELEASE_FIELDS}" do_install () { - install -d ${D}${libdir} ${D}${sysconfdir} - install -m 0644 os-release ${D}${libdir}/ - lnr ${D}${libdir}/os-release ${D}${sysconfdir}/os-release + install -d ${D}${nonarch_libdir} ${D}${sysconfdir} + install -m 0644 os-release ${D}${nonarch_libdir}/ + lnr ${D}${nonarch_libdir}/os-release ${D}${sysconfdir}/os-release } -FILES_${PN} += "${libdir}/os-release" +FILES_${PN} += "${nonarch_libdir}/os-release" diff --git a/poky/meta/recipes-devtools/apt/apt.inc b/poky/meta/recipes-devtools/apt/apt.inc index f1cde3068..50f22c899 100644 --- a/poky/meta/recipes-devtools/apt/apt.inc +++ b/poky/meta/recipes-devtools/apt/apt.inc @@ -2,7 +2,7 @@ SUMMARY = "Advanced front-end for dpkg" LICENSE = "GPLv2.0+" SECTION = "base" -SRC_URI = "http://archive.ubuntu.com/ubuntu/pool/main/a/${BPN}/${BPN}_${PV}.tar.xz \ +SRC_URI = "https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/apt/1.2.24/${BPN}_${PV}.tar.xz \ file://use-host.patch \ file://makerace.patch \ file://no-nls-dpkg.patch \ diff --git a/poky/meta/recipes-devtools/nasm/nasm/0001-preproc-parse_size-Check-for-string-provided.patch b/poky/meta/recipes-devtools/nasm/nasm/0001-preproc-parse_size-Check-for-string-provided.patch new file mode 100644 index 000000000..2121fd17f --- /dev/null +++ b/poky/meta/recipes-devtools/nasm/nasm/0001-preproc-parse_size-Check-for-string-provided.patch @@ -0,0 +1,37 @@ +From a2f43331a853b7cc449cae3361ee1fb54c7fad8d Mon Sep 17 00:00:00 2001 +From: Cyrill Gorcunov <gorcunov@gmail.com> +Date: Sat, 29 Sep 2018 14:30:14 +0300 +Subject: [PATCH] preproc: parse_size -- Check for string provided + +In case if the string is nil we will have sigsegv. + +https://bugzilla.nasm.us/show_bug.cgi?id=3392507 + +Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> + +CVE: CVE-2018-1000667 +Upstream-Status: Backport +https://repo.or.cz/nasm/nasm.git/commit/c713b5f994cf7b29164c3b6838b91f0499591434 + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + asm/preproc.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/asm/preproc.c b/asm/preproc.c +index 475926d..1d770a5 100644 +--- a/asm/preproc.c ++++ b/asm/preproc.c +@@ -2216,8 +2216,7 @@ static int parse_size(const char *str) { + { "byte", "dword", "oword", "qword", "tword", "word", "yword" }; + static const int sizes[] = + { 0, 1, 4, 16, 8, 10, 2, 32 }; +- +- return sizes[bsii(str, size_names, ARRAY_SIZE(size_names))+1]; ++ return str ? sizes[bsii(str, size_names, ARRAY_SIZE(size_names))+1] : 0; + } + + /* +-- +2.8.1 + diff --git a/poky/meta/recipes-devtools/nasm/nasm_2.13.03.bb b/poky/meta/recipes-devtools/nasm/nasm_2.13.03.bb index 730db1d8c..de4c55446 100644 --- a/poky/meta/recipes-devtools/nasm/nasm_2.13.03.bb +++ b/poky/meta/recipes-devtools/nasm/nasm_2.13.03.bb @@ -9,6 +9,7 @@ SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \ file://0001-fix-CVE-2018-8882.patch \ file://0001-Verify-that-we-are-not-reading-past-end-of-a-buffer.patch \ file://0001-eval-Eliminate-division-by-zero.patch \ + file://0001-preproc-parse_size-Check-for-string-provided.patch \ " SRC_URI[md5sum] = "0c581d482f39d5111879ca9601938f74" diff --git a/poky/meta/recipes-devtools/perl/perl/0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch b/poky/meta/recipes-devtools/perl/perl/0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch new file mode 100644 index 000000000..c5db1b706 --- /dev/null +++ b/poky/meta/recipes-devtools/perl/perl/0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch @@ -0,0 +1,126 @@ +From ba6733216202523a95b0b7ee2e534b8e30b6d7df Mon Sep 17 00:00:00 2001 +From: Dominic Hargreaves <dom@earth.li> +Date: Sat, 14 Oct 2017 16:27:53 +0200 +Subject: [PATCH] Skip various tests if PERL_BUILD_PACKAGING is set + +These are tests which tend not to be useful for downstream packagers + +t/porting/customized.t change originally from Todd Rinaldo + +Upstream-Status: Backport[https://perl5.git.perl.org/perl.git/ba6733216202523a95b0b7ee2e534b8e30b6d7df] + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + INSTALL | 3 ++- + MANIFEST | 1 + + PACKAGING | 30 ++++++++++++++++++++++++++++++ + regen/lib_cleanup.pl | 5 +++++ + t/porting/customized.t | 1 + + t/test.pl | 3 +++ + 6 files changed, 42 insertions(+), 1 deletion(-) + create mode 100644 PACKAGING + +diff --git a/INSTALL b/INSTALL +index 636f4bd52f..1285fc69a2 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -2714,4 +2714,5 @@ This document is part of the Perl package and may be distributed under + the same terms as perl itself, with the following additional request: + If you are distributing a modified version of perl (perhaps as part of + a larger package) please B<do> modify these installation instructions +-and the contact information to match your distribution. ++and the contact information to match your distribution. Additional ++information for packagers is in F<PACKAGING>. +diff --git a/MANIFEST b/MANIFEST +index b3207030a9..32de824ca1 100644 +--- a/MANIFEST ++++ b/MANIFEST +@@ -4932,6 +4932,7 @@ os2/perlrexx.c Support perl interpreter embedded in REXX + os2/perlrexx.cmd Test perl interpreter embedded in REXX + overload.h generated overload enum (public) + overload.inc generated overload name table (implementation) ++PACKAGING notes and best practice for packaging perl 5 + packsizetables.inc The generated packprops array used in pp_pack.c + pad.c Scratchpad functions + pad.h Scratchpad headers +diff --git a/PACKAGING b/PACKAGING +new file mode 100644 +index 0000000000..0c69b87ba6 +--- /dev/null ++++ b/PACKAGING +@@ -0,0 +1,30 @@ ++If you read this file _as_is_, just ignore the funny characters you ++see. It is written in the POD format (see pod/perlpod.pod) which is ++specifically designed to be readable as is. ++ ++=head1 NAME ++ ++PACKAGING - notes and best practice for packaging perl 5 ++ ++=head1 SYNOPSIS ++ ++This document is aimed at anyone who is producing their own version of ++perl for distribution to other users. It is intended as a collection ++of useful tips, advice and best practice, rather than being a complete ++packaging manual. The starting point for installing perl remains ++F<INSTALL>. ++ ++=head1 Customizing test running ++ ++A small number of porting tests (those in t/porting) are not well suited ++to typical distribution packaging scenarios. For example, they assume ++they are working in a git clone of the upstream Perl repository, or ++enforce rules which are not relevant to downstream packagers. These can ++be skipped by setting the environment variable PERL_BUILD_PACKAGING. ++A complete list of tests which this applied to can be found by searching ++the codebase for this string. ++ ++An alternative strategy would be to skip all porting tests, but many of ++them are useful if additional patches might be applied. ++ ++=cut +diff --git a/regen/lib_cleanup.pl b/regen/lib_cleanup.pl +index 5e40b405a4..6caf74a563 100644 +--- a/regen/lib_cleanup.pl ++++ b/regen/lib_cleanup.pl +@@ -164,6 +164,11 @@ if ($TAP && !-d '.git' && !-f 'lib/.gitignore') { + exit 0; + } + ++if ($ENV{'PERL_BUILD_PACKAGING'}) { ++ print "ok # skip explicitly disabled git tests by PERL_BUILD_PACKAGING\n"; ++ exit 0; ++} ++ + $fh = open_new('lib/.gitignore', '>', + { by => $0, + from => 'MANIFEST and parsing files in cpan/ dist/ and ext/'}); +diff --git a/t/porting/customized.t b/t/porting/customized.t +index 45fcafb100..5c3739198c 100644 +--- a/t/porting/customized.t ++++ b/t/porting/customized.t +@@ -13,6 +13,7 @@ BEGIN { + @INC = qw(lib Porting t); + require 'test.pl'; + skip_all("pre-computed SHA1 won't match under EBCDIC") if $::IS_EBCDIC; ++ skip_all("This distro may have modified some files in cpan/. Skipping validation.") if $ENV{'PERL_BUILD_PACKAGING'}; + } + + use strict; +diff --git a/t/test.pl b/t/test.pl +index 79e6e25e95..1782dcf73c 100644 +--- a/t/test.pl ++++ b/t/test.pl +@@ -212,6 +212,9 @@ sub find_git_or_skip { + } else { + $reason = 'not being run from a git checkout'; + } ++ if ($ENV{'PERL_BUILD_PACKAGING'}) { ++ $reason = 'PERL_BUILD_PACKAGING is set'; ++ } + skip_all($reason) if $_[0] && $_[0] eq 'all'; + skip($reason, @_); + } +-- +2.17.1 + diff --git a/poky/meta/recipes-devtools/perl/perl/perl-test-customized.patch b/poky/meta/recipes-devtools/perl/perl/perl-test-customized.patch deleted file mode 100644 index 1d9a56d4c..000000000 --- a/poky/meta/recipes-devtools/perl/perl/perl-test-customized.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 64df09205b6ccb5a434a4e53e8e0a32377ab634f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com> -Date: Thu, 24 Nov 2016 10:49:55 -0600 -Subject: [PATCH] The OE core recipies customize some ExtUtils-MakeMaker - modules, which causes their MD5 sum to mismatch the provided table and the - corresponding tests to fail. Also, we patch several test files with a - backported patch. Update list of hashes to reflect the patched files. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Bill Randle <william.c.randle@intel.com> -Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> ---- - t/porting/customized.dat | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/t/porting/customized.dat b/t/porting/customized.dat -index defeae1..b5d3c46 100644 ---- a/t/porting/customized.dat -+++ b/t/porting/customized.dat -@@ -18,12 +18,12 @@ Encode cpan/Encode/bin/unidump 715f47c2fcc661268f3c6cd3de0d27c72b745cd2 - Encode cpan/Encode/Encode.pm e146861ff2e6aaa62defa4887eade68dd7b17c8e - Encode cpan/Encode/encoding.pm 51c19efc9bfe8467d6ae12a4654f6e7f980715bf - ExtUtils::Constant cpan/ExtUtils-Constant/t/Constant.t a0369c919e216fb02767a637666bb4577ad79b02 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/bin/instmodsh 5bc04a0173b8b787f465271b6186220326ae8eef -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/bin/instmodsh 2070fe968fa344d89aea1bdc6a8dbb0c467d0612 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Command.pm e3a372e07392179711ea9972087c1105a2780fad - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Command/MM.pm b72721bd6aa9bf7ec328bda99a8fdb63cac6114d - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist.pm 0e1e4c25eddb999fec6c4dc66593f76db34cfd16 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist/Kid.pm bfd2aa00ca4ed251f342e1d1ad704abbaf5a615e --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm 5529ae3064365eafd99536621305d52f4ab31b45 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist/Kid.pm f1ca5ec247eb69ba13a269f34dc205da37b61244 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm bf9174c70a0e50ff2fee4552c7df89b37d292da1 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker/Config.pm bc88b275af73b8faac6abd59a9aad3f625925810 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker/FAQ.pod 062e5d14a803fbbec8d61803086a3d7997e8a473 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker/Tutorial.pod a8a9cab7d67922ed3d6883c864e1fe29aaa6ad89 -@@ -33,7 +33,7 @@ ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Mkbootstrap.pm 412e95c3 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Mksymlists.pm 8559ef191b4371d0c381472464856a8a73825b2a - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM.pm 09d579ed9daea95c3bf47de2e0b8fe3aa0ff6447 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_AIX.pm f720c13748293b792f7073aa96e7daecb590b183 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Any.pm 243649a399d293ae7ad0f26b7eab2668aa864ce8 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Any.pm ec39f68802a6fee8daaa914fc7131f40533cfc23 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_BeOS.pm b63c90129303b2c17d084fb828aa2c02a2ad85b8 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Cygwin.pm cabd1c97eaa427067811d92807e34c17940c7350 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Darwin.pm 6a185d897a600c34615a6073f4de0ac2f54fef3e -@@ -42,7 +42,7 @@ ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_MacOS.pm 1f5eb772eed - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_NW5.pm de777d7809c0d73e5d4622a29921731c7e5dff48 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_OS2.pm 01e8f08a82b5304009574e3ac0892b4066ff7639 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_QNX.pm 5340052b58557a6764f5ac9f8b807fefec404a06 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm 3c3b93f431b0a51b9592b3d69624dbf5409f6f74 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm 0d6ed5e4bdcdcd28e968e8629a592fdd0cc84818 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_UWIN.pm 40397f4cd2d49700b80b4ef490da98add24c5b37 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_VMS.pm 147e97fbabb74841f0733dbd5d1b9f3fa51f87c1 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_VOS.pm 3f13ed7045ff3443bcb4dd6c95c98b9bd705820f -@@ -51,7 +51,7 @@ ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Win95.pm 48e8a2fe176 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MY.pm 6fefe99045b64459905d4721f3a494d8d50f7ab9 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/testlib.pm 172778ad21c065a89cd270668eb9f99a7364b41c - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/cd.t 0a71fbd646a7be8358b07b6f64f838243cc0aef4 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/echo.t 37aec8f794c52e037540757eb5b2556f79419ff7 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/echo.t 1a93dd8834e4bb0e5facf08204e782807567b2eb - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/lib/MakeMaker/Test/NoXS.pm 371cdff1b2375017907cfbc9c8f4a31f5ad10582 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/prereq.t 53bda2c549fd13a6b6c13a070ca6bc79883081c0 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/vstrings.t 90035a2bdbf45f15b9c3196d072d7cba7e662871 -@@ -165,7 +165,7 @@ bignum cpan/bignum/lib/bigrat.pm 7fccc9df30e43dbbae6e5ea91b26c8046545c9a9 - bignum cpan/bignum/lib/Math/BigFloat/Trace.pm a6b4b995e18f4083252e6dc72e9bef69671893dd - bignum cpan/bignum/lib/Math/BigInt/Trace.pm d9596963673760cae3eeeb752c1eeeec50bb2290 - libnet cpan/libnet/lib/Net/Cmd.pm a44a10c939a4c35f923c4638054178c32f1d283a --libnet cpan/libnet/lib/Net/Config.pm 9bd49bf4de0dc438bceee0ef4baf8ba7a6633327 -+libnet cpan/libnet/lib/Net/Config.pm 2873da5efbffed67934dd297ef6f360b3558cb0b - libnet cpan/libnet/lib/Net/Domain.pm 1bbed50f70fd1ff3e1cdf087b19a9349cddfaced - libnet cpan/libnet/lib/Net/FTP.pm 40dba553c8d44e1530daec2d07a6e50910401f2e - libnet cpan/libnet/lib/Net/FTP/A.pm c570b10730b168990034dcf9cb00e305a100f336 -@@ -176,6 +176,6 @@ libnet cpan/libnet/lib/Net/FTP/L.pm ac1599c775faee0474710e4f75051c8949f13df2 - libnet cpan/libnet/lib/Net/Netrc.pm 009cfc08f8a5bf247257acb64a21e1b6ad8b2c9c - libnet cpan/libnet/lib/Net/NNTP.pm 6325fc05fd9ef81dc8d461a77b2a3f56ad1ae114 - libnet cpan/libnet/lib/Net/POP3.pm 2d8065646df80061dae5a9e3465a36a6557165fd --libnet cpan/libnet/lib/Net/SMTP.pm f3ed7a177b49ee0ba65ac1c414de797cdbbe6886 -+libnet cpan/libnet/lib/Net/SMTP.pm f1beb42bfbef4333ed24ad63d5dd1aa5c67b20c7 - libnet cpan/libnet/lib/Net/Time.pm b3df8bbaa3bc253fbf77e8386c59a1b2aae13627 - version cpan/version/lib/version.pm ff75e2076be10bd4c05133cd979fda0b38ca8653 --- -2.1.4 - diff --git a/poky/meta/recipes-devtools/perl/perl/run-ptest b/poky/meta/recipes-devtools/perl/perl/run-ptest index 1e2dd1b66..dad4d4291 100644 --- a/poky/meta/recipes-devtools/perl/perl/run-ptest +++ b/poky/meta/recipes-devtools/perl/perl/run-ptest @@ -1,2 +1,2 @@ #!/bin/sh -cd t && ./TEST | sed -u -e 's|\(.*\) .* ok$|PASS: \1|' -e 's|\(.*\) .* skipped|SKIP: \1|' -e 's|\(.*\) \.\(.*\)|FAIL: \1|' +cd t && PERL_BUILD_PACKAGING=1 ./TEST | sed -u -e 's|\(.*\) .* ok$|PASS: \1|' -e 's|\(.*\) .* skipped|SKIP: \1|' -e 's|\(.*\) \.\(.*\)|FAIL: \1|' diff --git a/poky/meta/recipes-devtools/perl/perl_5.24.1.bb b/poky/meta/recipes-devtools/perl/perl_5.24.1.bb index 5fed8965c..6e33bb066 100644 --- a/poky/meta/recipes-devtools/perl/perl_5.24.1.bb +++ b/poky/meta/recipes-devtools/perl/perl_5.24.1.bb @@ -62,7 +62,6 @@ SRC_URI += " \ file://perl-PathTools-don-t-filter-out-blib-from-INC.patch \ file://perl-errno-generation-gcc5.patch \ file://perl-fix-conflict-between-skip_all-and-END.patch \ - file://perl-test-customized.patch \ file://perl-5.26.1-guard_old_libcrypt_fix.patch \ file://CVE-2017-12883.patch \ file://CVE-2017-12837.patch \ @@ -77,6 +76,7 @@ SRC_URI += " \ SRC_URI_append_class-target = " \ file://test/dist-threads-t-join.t-adjust-ps-option.patch \ file://test/ext-DynaLoader-t-DynaLoader.t-fix-calling-dl_findfil.patch \ + file://0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch \ " SRC_URI[md5sum] = "af6a84c7c3e2b8b269c105a5db2f6d53" diff --git a/poky/meta/recipes-devtools/python/python-native_2.7.14.bb b/poky/meta/recipes-devtools/python/python-native_2.7.15.bb index b822583c5..7c491fa3e 100644 --- a/poky/meta/recipes-devtools/python/python-native_2.7.14.bb +++ b/poky/meta/recipes-devtools/python/python-native_2.7.15.bb @@ -16,7 +16,6 @@ SRC_URI += "\ file://builddir.patch \ file://parallel-makeinst-create-bindir.patch \ file://revert_use_of_sysconfigdata.patch \ - file://fix-gc-alignment.patch \ " S = "${WORKDIR}/Python-${PV}" diff --git a/poky/meta/recipes-devtools/python/python.inc b/poky/meta/recipes-devtools/python/python.inc index 69542c96c..062a20f68 100644 --- a/poky/meta/recipes-devtools/python/python.inc +++ b/poky/meta/recipes-devtools/python/python.inc @@ -5,14 +5,12 @@ SECTION = "devel/python" # bump this on every change in contrib/python/generate-manifest-2.7.py INC_PR = "r1" -LIC_FILES_CHKSUM = "file://LICENSE;md5=f741e51de91d4eeea5930b9c3c7fa69d" +LIC_FILES_CHKSUM = "file://LICENSE;md5=f257cc14f81685691652a3d3e1b5d754" -SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ - file://CVE-2018-1000030-1.patch \ - file://CVE-2018-1000030-2.patch" +SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz" -SRC_URI[md5sum] = "1f6db41ad91d9eb0a6f0c769b8613c5b" -SRC_URI[sha256sum] = "71ffb26e09e78650e424929b2b457b9c912ac216576e6bd9e7d204ed03296a66" +SRC_URI[md5sum] = "a80ae3cc478460b922242f43a1b4094d" +SRC_URI[sha256sum] = "22d9b1ac5b26135ad2b8c2901a9413537e08749a753356ee913c84dbd2df5574" # python recipe is actually python 2.x # also, exclude pre-releases for both python 2.x and 3.x diff --git a/poky/meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch b/poky/meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch new file mode 100644 index 000000000..42c64caae --- /dev/null +++ b/poky/meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch @@ -0,0 +1,98 @@ +From 3ffc80959f01f9fde548f1632694b9f950c2dd7c Mon Sep 17 00:00:00 2001 +From: Christian Heimes <christian@python.org> +Date: Tue, 18 Sep 2018 15:13:09 +0200 +Subject: [PATCH] [2.7] bpo-34623: Use XML_SetHashSalt in _elementtree + (GH-9146) (GH-9394) + +The C accelerated _elementtree module now initializes hash randomization +salt from _Py_HashSecret instead of libexpat's default CPRNG. + +Signed-off-by: Christian Heimes <christian@python.org> + +https://bugs.python.org/issue34623. +(cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b) + +Co-authored-by: Christian Heimes <christian@python.org> + + + +https://bugs.python.org/issue34623 + +Upstream-Status: Backport + +Fix CVE-2018-14647 + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + Include/pyexpat.h | 4 +++- + Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst | 2 ++ + Modules/_elementtree.c | 5 +++++ + Modules/pyexpat.c | 5 +++++ + 4 files changed, 15 insertions(+), 1 deletion(-) + create mode 100644 Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst + +diff --git a/Include/pyexpat.h b/Include/pyexpat.h +index 5340ef5..3fc5fa5 100644 +--- a/Include/pyexpat.h ++++ b/Include/pyexpat.h +@@ -3,7 +3,7 @@ + + /* note: you must import expat.h before importing this module! */ + +-#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.0" ++#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.1" + #define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI" + + struct PyExpat_CAPI +@@ -43,6 +43,8 @@ struct PyExpat_CAPI + XML_Parser parser, XML_UnknownEncodingHandler handler, + void *encodingHandlerData); + void (*SetUserData)(XML_Parser parser, void *userData); ++ /* might be none for expat < 2.1.0 */ ++ int (*SetHashSalt)(XML_Parser parser, unsigned long hash_salt); + /* always add new stuff to the end! */ + }; + +diff --git a/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst +new file mode 100644 +index 0000000..31ad92e +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst +@@ -0,0 +1,2 @@ ++The C accelerated _elementtree module now initializes hash randomization ++salt from _Py_HashSecret instead of libexpat's default CSPRNG. +diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c +index 1d316a1..a19cbf7 100644 +--- a/Modules/_elementtree.c ++++ b/Modules/_elementtree.c +@@ -2574,6 +2574,11 @@ xmlparser(PyObject* self_, PyObject* args, PyObject* kw) + PyErr_NoMemory(); + return NULL; + } ++ /* expat < 2.1.0 has no XML_SetHashSalt() */ ++ if (EXPAT(SetHashSalt) != NULL) { ++ EXPAT(SetHashSalt)(self->parser, ++ (unsigned long)_Py_HashSecret.prefix); ++ } + + ALLOC(sizeof(XMLParserObject), "create expatparser"); + +diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c +index 2b4d312..1f8c0d7 100644 +--- a/Modules/pyexpat.c ++++ b/Modules/pyexpat.c +@@ -2042,6 +2042,11 @@ MODULE_INITFUNC(void) + capi.SetProcessingInstructionHandler = XML_SetProcessingInstructionHandler; + capi.SetUnknownEncodingHandler = XML_SetUnknownEncodingHandler; + capi.SetUserData = XML_SetUserData; ++#if XML_COMBINED_VERSION >= 20100 ++ capi.SetHashSalt = XML_SetHashSalt; ++#else ++ capi.SetHashSalt = NULL; ++#endif + + /* export using capsule */ + capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL); +-- +2.7.4 + diff --git a/poky/meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch b/poky/meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch new file mode 100644 index 000000000..e6fe5f2cc --- /dev/null +++ b/poky/meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch @@ -0,0 +1,69 @@ +From c7e692c61dc091d07dee573f5f424b6b427ff056 Mon Sep 17 00:00:00 2001 +From: Benjamin Peterson <benjamin@python.org> +Date: Wed, 29 Aug 2018 21:59:21 -0700 +Subject: [PATCH] closes bpo-34540: Convert shutil._call_external_zip to use + subprocess rather than distutils.spawn. (GH-8985) + +Upstream-Status: Backport + +Fix CVE-2018-1000802 + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + Lib/shutil.py | 16 ++++++++++------ + .../Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst | 3 +++ + 2 files changed, 13 insertions(+), 6 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst + +diff --git a/Lib/shutil.py b/Lib/shutil.py +index 3462f7c..0ab1a06 100644 +--- a/Lib/shutil.py ++++ b/Lib/shutil.py +@@ -413,17 +413,21 @@ def _make_tarball(base_name, base_dir, compress="gzip", verbose=0, dry_run=0, + + return archive_name + +-def _call_external_zip(base_dir, zip_filename, verbose=False, dry_run=False): ++def _call_external_zip(base_dir, zip_filename, verbose, dry_run, logger): + # XXX see if we want to keep an external call here + if verbose: + zipoptions = "-r" + else: + zipoptions = "-rq" +- from distutils.errors import DistutilsExecError +- from distutils.spawn import spawn ++ cmd = ["zip", zipoptions, zip_filename, base_dir] ++ if logger is not None: ++ logger.info(' '.join(cmd)) ++ if dry_run: ++ return ++ import subprocess + try: +- spawn(["zip", zipoptions, zip_filename, base_dir], dry_run=dry_run) +- except DistutilsExecError: ++ subprocess.check_call(cmd) ++ except subprocess.CalledProcessError: + # XXX really should distinguish between "couldn't find + # external 'zip' command" and "zip failed". + raise ExecError, \ +@@ -458,7 +462,7 @@ def _make_zipfile(base_name, base_dir, verbose=0, dry_run=0, logger=None): + zipfile = None + + if zipfile is None: +- _call_external_zip(base_dir, zip_filename, verbose, dry_run) ++ _call_external_zip(base_dir, zip_filename, verbose, dry_run, logger) + else: + if logger is not None: + logger.info("creating '%s' and adding '%s' to it", +diff --git a/Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst b/Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst +new file mode 100644 +index 0000000..4f68696 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst +@@ -0,0 +1,3 @@ ++When ``shutil.make_archive`` falls back to the external ``zip`` problem, it ++uses :mod:`subprocess` to invoke it rather than :mod:`distutils.spawn`. This ++closes a possible shell injection vector. +-- +2.7.4 + diff --git a/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-1.patch b/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-1.patch deleted file mode 100644 index 06ad4c695..000000000 --- a/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-1.patch +++ /dev/null @@ -1,138 +0,0 @@ -From 6401e5671781eb217ee1afb4603cc0d1b0367ae6 Mon Sep 17 00:00:00 2001 -From: Serhiy Storchaka <storchaka@gmail.com> -Date: Fri, 10 Nov 2017 12:58:55 +0200 -Subject: [PATCH] [2.7] bpo-31530: Stop crashes when iterating over a file on - multiple threads. (#3672) - -CVE: CVE-2018-1000030 -Upstream-Status: Backport [https://github.com/python/cpython/commit/6401e5671781eb217ee1afb4603cc0d1b0367ae6] - -Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> ---- - Lib/test/test_file2k.py | 32 ++++++++++++++++++++++ - .../2017-09-20-18-28-09.bpo-31530.CdLOM7.rst | 4 +++ - Objects/fileobject.c | 19 +++++++++++-- - 3 files changed, 52 insertions(+), 3 deletions(-) - create mode 100644 Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst - -diff --git a/Lib/test/test_file2k.py b/Lib/test/test_file2k.py -index e39ef7042e..d8966e034e 100644 ---- a/Lib/test/test_file2k.py -+++ b/Lib/test/test_file2k.py -@@ -652,6 +652,38 @@ class FileThreadingTests(unittest.TestCase): - self.f.writelines('') - self._test_close_open_io(io_func) - -+ def test_iteration_torture(self): -+ # bpo-31530: Crash when concurrently iterate over a file. -+ with open(self.filename, "wb") as fp: -+ for i in xrange(2**20): -+ fp.write(b"0"*50 + b"\n") -+ with open(self.filename, "rb") as f: -+ def iterate(): -+ try: -+ for l in f: -+ pass -+ except IOError: -+ pass -+ self._run_workers(iterate, 10) -+ -+ def test_iteration_seek(self): -+ # bpo-31530: Crash when concurrently seek and iterate over a file. -+ with open(self.filename, "wb") as fp: -+ for i in xrange(10000): -+ fp.write(b"0"*50 + b"\n") -+ with open(self.filename, "rb") as f: -+ it = iter([1] + [0]*10) # one thread reads, others seek -+ def iterate(): -+ try: -+ if next(it): -+ for l in f: -+ pass -+ else: -+ for i in range(100): -+ f.seek(i*100, 0) -+ except IOError: -+ pass -+ self._run_workers(iterate, 10) - - @unittest.skipUnless(os.name == 'posix', 'test requires a posix system.') - class TestFileSignalEINTR(unittest.TestCase): -diff --git a/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst b/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst -new file mode 100644 -index 0000000000..a6cb6c9e9b ---- /dev/null -+++ b/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst -@@ -0,0 +1,4 @@ -+Fixed crashes when iterating over a file on multiple threads. -+seek() and next() methods of file objects now raise an exception during -+concurrent operation on the same file object. -+A lock can be used to prevent the error. -diff --git a/Objects/fileobject.c b/Objects/fileobject.c -index 7e07a5376f..2f63c374d1 100644 ---- a/Objects/fileobject.c -+++ b/Objects/fileobject.c -@@ -430,7 +430,7 @@ close_the_file(PyFileObject *f) - if (f->ob_refcnt > 0) { - PyErr_SetString(PyExc_IOError, - "close() called during concurrent " -- "operation on the same file object."); -+ "operation on the same file object"); - } else { - /* This should not happen unless someone is - * carelessly playing with the PyFileObject -@@ -438,7 +438,7 @@ close_the_file(PyFileObject *f) - * pointer. */ - PyErr_SetString(PyExc_SystemError, - "PyFileObject locking error in " -- "destructor (refcnt <= 0 at close)."); -+ "destructor (refcnt <= 0 at close)"); - } - return NULL; - } -@@ -762,6 +762,12 @@ file_seek(PyFileObject *f, PyObject *args) - - if (f->f_fp == NULL) - return err_closed(); -+ if (f->unlocked_count > 0) { -+ PyErr_SetString(PyExc_IOError, -+ "seek() called during concurrent " -+ "operation on the same file object"); -+ return NULL; -+ } - drop_readahead(f); - whence = 0; - if (!PyArg_ParseTuple(args, "O|i:seek", &offobj, &whence)) -@@ -2238,6 +2244,7 @@ readahead(PyFileObject *f, Py_ssize_t bufsize) - { - Py_ssize_t chunksize; - -+ assert(f->unlocked_count == 0); - if (f->f_buf != NULL) { - if( (f->f_bufend - f->f_bufptr) >= 1) - return 0; -@@ -2279,6 +2286,12 @@ readahead_get_line_skip(PyFileObject *f, Py_ssize_t skip, Py_ssize_t bufsize) - char *buf; - Py_ssize_t len; - -+ if (f->unlocked_count > 0) { -+ PyErr_SetString(PyExc_IOError, -+ "next() called during concurrent " -+ "operation on the same file object"); -+ return NULL; -+ } - if (f->f_buf == NULL) - if (readahead(f, bufsize) < 0) - return NULL; -@@ -2692,7 +2705,7 @@ int PyObject_AsFileDescriptor(PyObject *o) - } - else { - PyErr_SetString(PyExc_TypeError, -- "argument must be an int, or have a fileno() method."); -+ "argument must be an int, or have a fileno() method"); - return -1; - } - --- -2.13.3 - diff --git a/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-2.patch b/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-2.patch deleted file mode 100644 index 9b7713be8..000000000 --- a/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-2.patch +++ /dev/null @@ -1,306 +0,0 @@ -From dbf52e02f18dac6f5f0a64f78932f3dc6efc056b Mon Sep 17 00:00:00 2001 -From: Benjamin Peterson <benjamin@python.org> -Date: Tue, 2 Jan 2018 09:25:41 -0800 -Subject: [PATCH] bpo-31530: fix crash when multiple threads iterate over a - file, round 2 (#5060) - -Multiple threads iterating over a file can corrupt the file's internal readahead -buffer resulting in crashes. To fix this, cache buffer state thread-locally for -the duration of a file_iternext call and only update the file's internal state -after reading completes. - -No attempt is made to define or provide "reasonable" semantics for iterating -over a file on multiple threads. (Non-crashing) races are still -present. Duplicated, corrupt, and missing data will happen. - -This was originally fixed by 6401e5671781eb217ee1afb4603cc0d1b0367ae6, which -raised an exception from seek() and next() when concurrent operations were -detected. Alas, this simpler solution breaks legitimate use cases such as -capturing the standard streams when multiple threads are logging. - -CVE: CVE-2018-1000030 -Upstream-Status: Backport [https://github.com/python/cpython/commit/dbf52e02f18dac6f5f0a64f78932f3dc6efc056b] - -Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> - ---- - Lib/test/test_file2k.py | 27 ++--- - .../2017-09-20-18-28-09.bpo-31530.CdLOM7.rst | 3 - - Objects/fileobject.c | 118 ++++++++++++--------- - 3 files changed, 78 insertions(+), 70 deletions(-) - -diff --git a/Lib/test/test_file2k.py b/Lib/test/test_file2k.py -index d8966e034e..c73e8d8dc4 100644 ---- a/Lib/test/test_file2k.py -+++ b/Lib/test/test_file2k.py -@@ -653,18 +653,15 @@ class FileThreadingTests(unittest.TestCase): - self._test_close_open_io(io_func) - - def test_iteration_torture(self): -- # bpo-31530: Crash when concurrently iterate over a file. -+ # bpo-31530 - with open(self.filename, "wb") as fp: - for i in xrange(2**20): - fp.write(b"0"*50 + b"\n") - with open(self.filename, "rb") as f: -- def iterate(): -- try: -- for l in f: -- pass -- except IOError: -+ def it(): -+ for l in f: - pass -- self._run_workers(iterate, 10) -+ self._run_workers(it, 10) - - def test_iteration_seek(self): - # bpo-31530: Crash when concurrently seek and iterate over a file. -@@ -674,17 +671,15 @@ class FileThreadingTests(unittest.TestCase): - with open(self.filename, "rb") as f: - it = iter([1] + [0]*10) # one thread reads, others seek - def iterate(): -- try: -- if next(it): -- for l in f: -- pass -- else: -- for i in range(100): -- f.seek(i*100, 0) -- except IOError: -- pass -+ if next(it): -+ for l in f: -+ pass -+ else: -+ for i in xrange(100): -+ f.seek(i*100, 0) - self._run_workers(iterate, 10) - -+ - @unittest.skipUnless(os.name == 'posix', 'test requires a posix system.') - class TestFileSignalEINTR(unittest.TestCase): - def _test_reading(self, data_to_write, read_and_verify_code, method_name, -diff --git a/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst b/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst -index a6cb6c9e9b..beb09b5ae6 100644 ---- a/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst -+++ b/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst -@@ -1,4 +1 @@ - Fixed crashes when iterating over a file on multiple threads. --seek() and next() methods of file objects now raise an exception during --concurrent operation on the same file object. --A lock can be used to prevent the error. -diff --git a/Objects/fileobject.c b/Objects/fileobject.c -index 8d1c5812f0..270b28264a 100644 ---- a/Objects/fileobject.c -+++ b/Objects/fileobject.c -@@ -609,7 +609,12 @@ err_iterbuffered(void) - return NULL; - } - --static void drop_readahead(PyFileObject *); -+static void -+drop_file_readahead(PyFileObject *f) -+{ -+ PyMem_FREE(f->f_buf); -+ f->f_buf = NULL; -+} - - /* Methods */ - -@@ -632,7 +637,7 @@ file_dealloc(PyFileObject *f) - Py_XDECREF(f->f_mode); - Py_XDECREF(f->f_encoding); - Py_XDECREF(f->f_errors); -- drop_readahead(f); -+ drop_file_readahead(f); - Py_TYPE(f)->tp_free((PyObject *)f); - } - -@@ -767,13 +772,7 @@ file_seek(PyFileObject *f, PyObject *args) - - if (f->f_fp == NULL) - return err_closed(); -- if (f->unlocked_count > 0) { -- PyErr_SetString(PyExc_IOError, -- "seek() called during concurrent " -- "operation on the same file object"); -- return NULL; -- } -- drop_readahead(f); -+ drop_file_readahead(f); - whence = 0; - if (!PyArg_ParseTuple(args, "O|i:seek", &offobj, &whence)) - return NULL; -@@ -2242,12 +2241,16 @@ static PyGetSetDef file_getsetlist[] = { - {0}, - }; - -+typedef struct { -+ char *buf, *bufptr, *bufend; -+} readaheadbuffer; -+ - static void --drop_readahead(PyFileObject *f) -+drop_readaheadbuffer(readaheadbuffer *rab) - { -- if (f->f_buf != NULL) { -- PyMem_Free(f->f_buf); -- f->f_buf = NULL; -+ if (rab->buf != NULL) { -+ PyMem_FREE(rab->buf); -+ rab->buf = NULL; - } - } - -@@ -2255,36 +2258,34 @@ drop_readahead(PyFileObject *f) - (unless at EOF) and no more than bufsize. Returns negative value on - error, will set MemoryError if bufsize bytes cannot be allocated. */ - static int --readahead(PyFileObject *f, Py_ssize_t bufsize) -+readahead(PyFileObject *f, readaheadbuffer *rab, Py_ssize_t bufsize) - { - Py_ssize_t chunksize; - -- assert(f->unlocked_count == 0); -- if (f->f_buf != NULL) { -- if( (f->f_bufend - f->f_bufptr) >= 1) -+ if (rab->buf != NULL) { -+ if ((rab->bufend - rab->bufptr) >= 1) - return 0; - else -- drop_readahead(f); -+ drop_readaheadbuffer(rab); - } -- if ((f->f_buf = (char *)PyMem_Malloc(bufsize)) == NULL) { -+ if ((rab->buf = PyMem_MALLOC(bufsize)) == NULL) { - PyErr_NoMemory(); - return -1; - } - FILE_BEGIN_ALLOW_THREADS(f) - errno = 0; -- chunksize = Py_UniversalNewlineFread( -- f->f_buf, bufsize, f->f_fp, (PyObject *)f); -+ chunksize = Py_UniversalNewlineFread(rab->buf, bufsize, f->f_fp, (PyObject *)f); - FILE_END_ALLOW_THREADS(f) - if (chunksize == 0) { - if (ferror(f->f_fp)) { - PyErr_SetFromErrno(PyExc_IOError); - clearerr(f->f_fp); -- drop_readahead(f); -+ drop_readaheadbuffer(rab); - return -1; - } - } -- f->f_bufptr = f->f_buf; -- f->f_bufend = f->f_buf + chunksize; -+ rab->bufptr = rab->buf; -+ rab->bufend = rab->buf + chunksize; - return 0; - } - -@@ -2294,51 +2295,43 @@ readahead(PyFileObject *f, Py_ssize_t bufsize) - logarithmic buffer growth to about 50 even when reading a 1gb line. */ - - static PyStringObject * --readahead_get_line_skip(PyFileObject *f, Py_ssize_t skip, Py_ssize_t bufsize) -+readahead_get_line_skip(PyFileObject *f, readaheadbuffer *rab, Py_ssize_t skip, Py_ssize_t bufsize) - { - PyStringObject* s; - char *bufptr; - char *buf; - Py_ssize_t len; - -- if (f->unlocked_count > 0) { -- PyErr_SetString(PyExc_IOError, -- "next() called during concurrent " -- "operation on the same file object"); -- return NULL; -- } -- if (f->f_buf == NULL) -- if (readahead(f, bufsize) < 0) -+ if (rab->buf == NULL) -+ if (readahead(f, rab, bufsize) < 0) - return NULL; - -- len = f->f_bufend - f->f_bufptr; -+ len = rab->bufend - rab->bufptr; - if (len == 0) -- return (PyStringObject *) -- PyString_FromStringAndSize(NULL, skip); -- bufptr = (char *)memchr(f->f_bufptr, '\n', len); -+ return (PyStringObject *)PyString_FromStringAndSize(NULL, skip); -+ bufptr = (char *)memchr(rab->bufptr, '\n', len); - if (bufptr != NULL) { - bufptr++; /* Count the '\n' */ -- len = bufptr - f->f_bufptr; -- s = (PyStringObject *) -- PyString_FromStringAndSize(NULL, skip + len); -+ len = bufptr - rab->bufptr; -+ s = (PyStringObject *)PyString_FromStringAndSize(NULL, skip + len); - if (s == NULL) - return NULL; -- memcpy(PyString_AS_STRING(s) + skip, f->f_bufptr, len); -- f->f_bufptr = bufptr; -- if (bufptr == f->f_bufend) -- drop_readahead(f); -+ memcpy(PyString_AS_STRING(s) + skip, rab->bufptr, len); -+ rab->bufptr = bufptr; -+ if (bufptr == rab->bufend) -+ drop_readaheadbuffer(rab); - } else { -- bufptr = f->f_bufptr; -- buf = f->f_buf; -- f->f_buf = NULL; /* Force new readahead buffer */ -+ bufptr = rab->bufptr; -+ buf = rab->buf; -+ rab->buf = NULL; /* Force new readahead buffer */ - assert(len <= PY_SSIZE_T_MAX - skip); -- s = readahead_get_line_skip(f, skip + len, bufsize + (bufsize>>2)); -+ s = readahead_get_line_skip(f, rab, skip + len, bufsize + (bufsize>>2)); - if (s == NULL) { -- PyMem_Free(buf); -+ PyMem_FREE(buf); - return NULL; - } - memcpy(PyString_AS_STRING(s) + skip, bufptr, len); -- PyMem_Free(buf); -+ PyMem_FREE(buf); - } - return s; - } -@@ -2356,7 +2349,30 @@ file_iternext(PyFileObject *f) - if (!f->readable) - return err_mode("reading"); - -- l = readahead_get_line_skip(f, 0, READAHEAD_BUFSIZE); -+ { -+ /* -+ Multiple threads can enter this method while the GIL is released -+ during file read and wreak havoc on the file object's readahead -+ buffer. To avoid dealing with cross-thread coordination issues, we -+ cache the file buffer state locally and only set it back on the file -+ object when we're done. -+ */ -+ readaheadbuffer rab = {f->f_buf, f->f_bufptr, f->f_bufend}; -+ f->f_buf = NULL; -+ l = readahead_get_line_skip(f, &rab, 0, READAHEAD_BUFSIZE); -+ /* -+ Make sure the file's internal read buffer is cleared out. This will -+ only do anything if some other thread interleaved with us during -+ readahead. We want to drop any changeling buffer, so we don't leak -+ memory. We may lose data, but that's what you get for reading the same -+ file object in multiple threads. -+ */ -+ drop_file_readahead(f); -+ f->f_buf = rab.buf; -+ f->f_bufptr = rab.bufptr; -+ f->f_bufend = rab.bufend; -+ } -+ - if (l == NULL || PyString_GET_SIZE(l) == 0) { - Py_XDECREF(l); - return NULL; --- -2.13.3 - diff --git a/poky/meta/recipes-devtools/python/python/fix-gc-alignment.patch b/poky/meta/recipes-devtools/python/python/fix-gc-alignment.patch deleted file mode 100644 index b63cd0874..000000000 --- a/poky/meta/recipes-devtools/python/python/fix-gc-alignment.patch +++ /dev/null @@ -1,43 +0,0 @@ -Upstream-Status: Submitted -Signed-off-by: Ross Burton <ross.burton@intel.com> - -Fix for over-aligned GC info -Patch by Florian Weimer - -See: https://bugzilla.redhat.com/show_bug.cgi?id=1540316 -Upstream discussion: https://mail.python.org/pipermail/python-dev/2018-January/152000.html - -diff --git a/Include/objimpl.h b/Include/objimpl.h -index 55e83eced6..aa906144dc 100644 ---- a/Include/objimpl.h -+++ b/Include/objimpl.h -@@ -248,6 +248,18 @@ PyAPI_FUNC(PyVarObject *) _PyObject_GC_Resize(PyVarObject *, Py_ssize_t); - /* for source compatibility with 2.2 */ - #define _PyObject_GC_Del PyObject_GC_Del - -+/* Former over-aligned definition of PyGC_Head, used to compute the -+ size of the padding for the new version below. */ -+union _gc_head; -+union _gc_head_old { -+ struct { -+ union _gc_head *gc_next; -+ union _gc_head *gc_prev; -+ Py_ssize_t gc_refs; -+ } gc; -+ long double dummy; -+}; -+ - /* GC information is stored BEFORE the object structure. */ - typedef union _gc_head { - struct { -@@ -255,7 +267,8 @@ typedef union _gc_head { - union _gc_head *gc_prev; - Py_ssize_t gc_refs; - } gc; -- long double dummy; /* force worst-case alignment */ -+ double dummy; /* force worst-case alignment */ -+ char dummy_padding[sizeof(union _gc_head_old)]; - } PyGC_Head; - - extern PyGC_Head *_PyGC_generation0; -
\ No newline at end of file diff --git a/poky/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch b/poky/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch deleted file mode 100644 index 60d782cd2..000000000 --- a/poky/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch +++ /dev/null @@ -1,34 +0,0 @@ -Add 'build-test' and 'runtest-TESTS' targets to Makefile, to build and run tests -cross-compiled. - -Signed-off-by: Tudor Florea <tudor.florea@enea.com> -Upstream-Status: Pending ---- -Index: Python-2.7.14/Makefile.pre.in -=================================================================== ---- Python-2.7.14.orig/Makefile.pre.in -+++ Python-2.7.14/Makefile.pre.in -@@ -846,14 +846,19 @@ $(LIBRARY_OBJS) $(MODOBJS) Modules/pytho - - .PHONY: test testall testuniversal buildbottest pythoninfo - --TESTOPTS= -l $(EXTRATESTOPTS) -+TESTOPTS= -l -v $(EXTRATESTOPTS) - TESTPROG= $(srcdir)/Lib/test/regrtest.py --TESTPYTHON= $(RUNSHARED) ./$(BUILDPYTHON) -Wd -3 -E -tt $(TESTPYTHONOPTS) --test: @DEF_MAKE_RULE@ platform -- -find $(srcdir)/Lib -name '*.py[co]' -print | xargs rm -f -+TESTPYTHON= $(RUNSHARED) $(BUILDPYTHON) -Wd -3 -E -tt $(TESTPYTHONOPTS) -+test: build-test -+ $(MAKE) runtest-TESTS -+ -+runtest-TESTS: -+ -find $(srcdir) -name '*.py[co]' -print | xargs rm -f - -$(TESTPYTHON) $(TESTPROG) $(TESTOPTS) - $(TESTPYTHON) $(TESTPROG) $(TESTOPTS) - -+build-test: @DEF_MAKE_RULE@ platform -+ - testall: @DEF_MAKE_RULE@ platform - -find $(srcdir)/Lib -name '*.py[co]' -print | xargs rm -f - $(TESTPYTHON) $(srcdir)/Lib/compileall.py diff --git a/poky/meta/recipes-devtools/python/python/float-endian.patch b/poky/meta/recipes-devtools/python/python/float-endian.patch new file mode 100644 index 000000000..8a5c90aec --- /dev/null +++ b/poky/meta/recipes-devtools/python/python/float-endian.patch @@ -0,0 +1,216 @@ +Python uses AC_RUN_IFELSE to determine the byte order for floats and doubles, +and falls back onto "I don't know" if it can't run code. This results in +crippled floating point numbers in Python, and the regression tests fail. + +Instead of running code, take a macro from autoconf-archive which compiles C +with a special double in which has an ASCII representation, and then greps the +binary to identify the format. + +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From 253f47b28120c42cfe53a4e2f5ed0ab0ed469deb Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross@burtonini.com> +Date: Wed, 19 Sep 2018 07:25:48 +0100 +Subject: [PATCH] closes bpo-34585: Don't do runtime test to get float byte + order. (GH-9085) + +Currently configure.ac uses AC_RUN_IFELSE to determine the byte order of doubles, but this silently fails under cross compilation and Python doesn't do floats properly. + +Instead, steal a macro from autoconf-archive which compiles code using magic doubles (which encode to ASCII) and grep for the representation in the binary. + +RFC because this doesn't yet handle the weird ancient ARMv4 OABI 'mixed-endian' encoding properly. This encoding is ancient and I don't believe the union of "Python 3.8 users" and "OABI users" has anything in. Should the support for this just be dropped too? Alternatively, someone will need to find an OABI toolchain to verify the encoding of the magic double. + +Signed-off-by: Ross Burton <ross.burton@intel.com> +--- + .../Build/2018-09-18-16-28-31.bpo-34585.CGMu0h.rst | 3 + + configure.ac | 76 ++++---------------- + m4/ax_c_float_words_bigendian.m4 | 83 ++++++++++++++++++++++ + 3 files changed, 99 insertions(+), 63 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2018-09-18-16-28-31.bpo-34585.CGMu0h.rst + create mode 100644 m4/ax_c_float_words_bigendian.m4 + +diff --git a/configure.ac b/configure.ac +index 913d5469d0..7672735396 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -3835,74 +3835,24 @@ fi], + # * Check for various properties of floating point * + # ************************************************** + +-AC_MSG_CHECKING(whether C doubles are little-endian IEEE 754 binary64) +-AC_CACHE_VAL(ac_cv_little_endian_double, [ +-AC_RUN_IFELSE([AC_LANG_SOURCE([[ +-#include <string.h> +-int main() { +- double x = 9006104071832581.0; +- if (memcmp(&x, "\x05\x04\x03\x02\x01\xff\x3f\x43", 8) == 0) +- return 0; +- else +- return 1; +-} +-]])], +-[ac_cv_little_endian_double=yes], +-[ac_cv_little_endian_double=no], +-[ac_cv_little_endian_double=no])]) +-AC_MSG_RESULT($ac_cv_little_endian_double) +-if test "$ac_cv_little_endian_double" = yes +-then +- AC_DEFINE(DOUBLE_IS_LITTLE_ENDIAN_IEEE754, 1, +- [Define if C doubles are 64-bit IEEE 754 binary format, stored +- with the least significant byte first]) +-fi +- +-AC_MSG_CHECKING(whether C doubles are big-endian IEEE 754 binary64) +-AC_CACHE_VAL(ac_cv_big_endian_double, [ +-AC_RUN_IFELSE([AC_LANG_SOURCE([[ +-#include <string.h> +-int main() { +- double x = 9006104071832581.0; +- if (memcmp(&x, "\x43\x3f\xff\x01\x02\x03\x04\x05", 8) == 0) +- return 0; +- else +- return 1; +-} +-]])], +-[ac_cv_big_endian_double=yes], +-[ac_cv_big_endian_double=no], +-[ac_cv_big_endian_double=no])]) +-AC_MSG_RESULT($ac_cv_big_endian_double) +-if test "$ac_cv_big_endian_double" = yes ++AX_C_FLOAT_WORDS_BIGENDIAN ++if test "$ax_cv_c_float_words_bigendian" = "yes" + then + AC_DEFINE(DOUBLE_IS_BIG_ENDIAN_IEEE754, 1, + [Define if C doubles are 64-bit IEEE 754 binary format, stored + with the most significant byte first]) +-fi +- +-# Some ARM platforms use a mixed-endian representation for doubles. +-# While Python doesn't currently have full support for these platforms +-# (see e.g., issue 1762561), we can at least make sure that float <-> string +-# conversions work. +-AC_MSG_CHECKING(whether C doubles are ARM mixed-endian IEEE 754 binary64) +-AC_CACHE_VAL(ac_cv_mixed_endian_double, [ +-AC_RUN_IFELSE([AC_LANG_SOURCE([[ +-#include <string.h> +-int main() { +- double x = 9006104071832581.0; +- if (memcmp(&x, "\x01\xff\x3f\x43\x05\x04\x03\x02", 8) == 0) +- return 0; +- else +- return 1; +-} +-]])], +-[ac_cv_mixed_endian_double=yes], +-[ac_cv_mixed_endian_double=no], +-[ac_cv_mixed_endian_double=no])]) +-AC_MSG_RESULT($ac_cv_mixed_endian_double) +-if test "$ac_cv_mixed_endian_double" = yes ++elif test "$ax_cv_c_float_words_bigendian" = "no" + then ++ AC_DEFINE(DOUBLE_IS_LITTLE_ENDIAN_IEEE754, 1, ++ [Define if C doubles are 64-bit IEEE 754 binary format, stored ++ with the least significant byte first]) ++else ++ # Some ARM platforms use a mixed-endian representation for doubles. ++ # While Python doesn't currently have full support for these platforms ++ # (see e.g., issue 1762561), we can at least make sure that float <-> string ++ # conversions work. ++ # FLOAT_WORDS_BIGENDIAN doesnt actually detect this case, but if it's not big ++ # or little, then it must be this? + AC_DEFINE(DOUBLE_IS_ARM_MIXED_ENDIAN_IEEE754, 1, + [Define if C doubles are 64-bit IEEE 754 binary format, stored + in ARM mixed-endian order (byte order 45670123)]) +diff --git a/m4/ax_c_float_words_bigendian.m4 b/m4/ax_c_float_words_bigendian.m4 +new file mode 100644 +index 0000000000..216b90d803 +--- /dev/null ++++ b/m4/ax_c_float_words_bigendian.m4 +@@ -0,0 +1,83 @@ ++# =============================================================================== ++# https://www.gnu.org/software/autoconf-archive/ax_c_float_words_bigendian.html ++# =============================================================================== ++# ++# SYNOPSIS ++# ++# AX_C_FLOAT_WORDS_BIGENDIAN([ACTION-IF-TRUE], [ACTION-IF-FALSE], [ACTION-IF-UNKNOWN]) ++# ++# DESCRIPTION ++# ++# Checks the ordering of words within a multi-word float. This check is ++# necessary because on some systems (e.g. certain ARM systems), the float ++# word ordering can be different from the byte ordering. In a multi-word ++# float context, "big-endian" implies that the word containing the sign ++# bit is found in the memory location with the lowest address. This ++# implementation was inspired by the AC_C_BIGENDIAN macro in autoconf. ++# ++# The endianness is detected by first compiling C code that contains a ++# special double float value, then grepping the resulting object file for ++# certain strings of ASCII values. The double is specially crafted to have ++# a binary representation that corresponds with a simple string. In this ++# implementation, the string "noonsees" was selected because the ++# individual word values ("noon" and "sees") are palindromes, thus making ++# this test byte-order agnostic. If grep finds the string "noonsees" in ++# the object file, the target platform stores float words in big-endian ++# order. If grep finds "seesnoon", float words are in little-endian order. ++# If neither value is found, the user is instructed to specify the ++# ordering. ++# ++# LICENSE ++# ++# Copyright (c) 2008 Daniel Amelang <dan@amelang.net> ++# ++# Copying and distribution of this file, with or without modification, are ++# permitted in any medium without royalty provided the copyright notice ++# and this notice are preserved. This file is offered as-is, without any ++# warranty. ++ ++#serial 11 ++ ++AC_DEFUN([AX_C_FLOAT_WORDS_BIGENDIAN], ++ [AC_CACHE_CHECK(whether float word ordering is bigendian, ++ ax_cv_c_float_words_bigendian, [ ++ ++ax_cv_c_float_words_bigendian=unknown ++AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ ++ ++double d = 90904234967036810337470478905505011476211692735615632014797120844053488865816695273723469097858056257517020191247487429516932130503560650002327564517570778480236724525140520121371739201496540132640109977779420565776568942592.0; ++ ++]])], [ ++ ++if grep noonsees conftest.$ac_objext >/dev/null ; then ++ ax_cv_c_float_words_bigendian=yes ++fi ++if grep seesnoon conftest.$ac_objext >/dev/null ; then ++ if test "$ax_cv_c_float_words_bigendian" = unknown; then ++ ax_cv_c_float_words_bigendian=no ++ else ++ ax_cv_c_float_words_bigendian=unknown ++ fi ++fi ++ ++])]) ++ ++case $ax_cv_c_float_words_bigendian in ++ yes) ++ m4_default([$1], ++ [AC_DEFINE([FLOAT_WORDS_BIGENDIAN], 1, ++ [Define to 1 if your system stores words within floats ++ with the most significant word first])]) ;; ++ no) ++ $2 ;; ++ *) ++ m4_default([$3], ++ [AC_MSG_ERROR([ ++ ++Unknown float word ordering. You need to manually preset ++ax_cv_c_float_words_bigendian=no (or yes) according to your system. ++ ++ ])]) ;; ++esac ++ ++])# AX_C_FLOAT_WORDS_BIGENDIAN +-- +2.11.0 + diff --git a/poky/meta/recipes-devtools/python/python/run-ptest b/poky/meta/recipes-devtools/python/python/run-ptest index a2f9eed44..832551a12 100644 --- a/poky/meta/recipes-devtools/python/python/run-ptest +++ b/poky/meta/recipes-devtools/python/python/run-ptest @@ -1,5 +1,3 @@ #!/bin/sh -# -#This script is used to run python test suites -make -f LIBDIR/python/ptest/Makefile -k runtest-TESTS srcdir=LIBDIR/python2.7 TESTPROG=LIBDIR/python2.7/test/regrtest.py | sed -e '/\.\.\. ok/ s/^/PASS: /g' -e '/\.\.\. [ERROR|FAIL]/ s/^/FAIL: /g' -e '/\.\.\. skipped/ s/^/SKIP: /g' -e 's/ \.\.\. ok//g' -e 's/ \.\.\. ERROR//g' -e 's/ \.\.\. FAIL//g' -e 's/ \.\.\. skipped//g' +python -m test.regrtest -v | sed -e '/\.\.\. ok/ s/^/PASS: /g' -e '/\.\.\. [ERROR|FAIL]/ s/^/FAIL: /g' -e '/\.\.\. skipped/ s/^/SKIP: /g' -e 's/ \.\.\. ok//g' -e 's/ \.\.\. ERROR//g' -e 's/ \.\.\. FAIL//g' -e 's/ \.\.\. skipped//g' diff --git a/poky/meta/recipes-devtools/python/python_2.7.14.bb b/poky/meta/recipes-devtools/python/python_2.7.15.bb index ea54fb9e7..0b3958d41 100644 --- a/poky/meta/recipes-devtools/python/python_2.7.14.bb +++ b/poky/meta/recipes-devtools/python/python_2.7.15.bb @@ -23,19 +23,20 @@ SRC_URI += "\ file://avoid_warning_about_tkinter.patch \ file://avoid_warning_for_sunos_specific_module.patch \ file://python-2.7.3-remove-bsdb-rpath.patch \ - file://fix-makefile-for-ptest.patch \ file://run-ptest \ file://parallel-makeinst-create-bindir.patch \ file://use_sysroot_ncurses_instead_of_host.patch \ file://add-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch \ file://pass-missing-libraries-to-Extension-for-mul.patch \ file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \ - file://fix-gc-alignment.patch \ + file://float-endian.patch \ + file://0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch \ + file://0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch \ " S = "${WORKDIR}/Python-${PV}" -inherit autotools multilib_header python-dir pythonnative +inherit autotools multilib_header python-dir pythonnative ptest CONFIGUREOPTS += " --with-system-ffi " @@ -168,27 +169,7 @@ FILES_${PN}-misc = "${libdir}/python${PYTHON_MAJMIN}" RDEPENDS_${PN}-modules += "${PN}-misc" # ptest -RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests" -#inherit ptest after "require python-${PYTHON_MAJMIN}-manifest.inc" so PACKAGES doesn't get overwritten -inherit ptest - -# This must come after inherit ptest for the override to take effect -do_install_ptest() { - cp ${B}/Makefile ${D}${PTEST_PATH} - sed -e s:LIBDIR/python/ptest:${PTEST_PATH}:g \ - -e s:LIBDIR:${libdir}:g \ - -i ${D}${PTEST_PATH}/run-ptest - - #Remove build host references - sed -i \ - -e 's:--with-libtool-sysroot=${STAGING_DIR_TARGET}'::g \ - -e 's:--sysroot=${STAGING_DIR_TARGET}::g' \ - -e 's|${DEBUG_PREFIX_MAP}||g' \ - -e 's:${HOSTTOOLS_DIR}/::g' \ - -e 's:${RECIPE_SYSROOT}::g' \ - -e 's:${BASE_WORKDIR}/${MULTIMACH_TARGET_SYS}::g' \ - ${D}/${PTEST_PATH}/Makefile -} +RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests unzip" # catch manpage PACKAGES += "${PN}-man" diff --git a/poky/meta/recipes-devtools/valgrind/valgrind/0001-fix-opcode-not-supported-on-mips32-linux.patch b/poky/meta/recipes-devtools/valgrind/valgrind/0001-fix-opcode-not-supported-on-mips32-linux.patch new file mode 100644 index 000000000..39b624d9f --- /dev/null +++ b/poky/meta/recipes-devtools/valgrind/valgrind/0001-fix-opcode-not-supported-on-mips32-linux.patch @@ -0,0 +1,82 @@ +From fb5362f205b37c5060fcd764a7ed393abe4f2f3d Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Fri, 27 Jul 2018 17:39:37 +0800 +Subject: [PATCH 1/2] fix opcode not supported on mips32-linux + +While build tests(`make check') on mips32-linux, there are +serial failures such as: +[snip] +| mips-wrsmllib32-linux-gcc -meb -mabi=32 -mhard-float -c +-o atomic_incs-atomic_incs.o `test -f 'atomic_incs.c' || echo +'../../../valgrind-3.13.0/memcheck/tests/'`atomic_incs.c +| /tmp/ccqrmINN.s: Assembler messages: +| /tmp/ccqrmINN.s:247: Error: opcode not supported on this +processor: mips1 (mips1) `ll $t3,0($t1)' +| /tmp/ccqrmINN.s:249: Error: opcode not supported on this +processor: mips1 (mips1) `sc $t3,0($t1)' +[snip] + +Since the following commit applied, it defines CLFAGS for mips32, +but missed to pass them to tests which caused the above failure +... +3e344c57f Merge in a port for mips32-linux +... + +Upstream-Status: Submitted [https://bugs.kde.org/show_bug.cgi?id=396905] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + helgrind/tests/Makefile.am | 5 +++++ + memcheck/tests/Makefile.am | 5 +++++ + none/tests/mips32/Makefile.am | 4 ++++ + 3 files changed, 14 insertions(+) + +diff --git a/helgrind/tests/Makefile.am b/helgrind/tests/Makefile.am +index ad1af191a..6209d35a7 100644 +--- a/helgrind/tests/Makefile.am ++++ b/helgrind/tests/Makefile.am +@@ -214,6 +214,11 @@ check_PROGRAMS += annotate_rwlock + endif + + AM_CFLAGS += $(AM_FLAG_M3264_PRI) ++ ++if VGCONF_PLATFORMS_INCLUDE_MIPS32_LINUX ++AM_CFLAGS += $(AM_CFLAGS_MIPS32_LINUX) ++endif ++ + AM_CXXFLAGS += $(AM_FLAG_M3264_PRI) + + LDADD = -lpthread +diff --git a/memcheck/tests/Makefile.am b/memcheck/tests/Makefile.am +index 84e49405f..aff861a32 100644 +--- a/memcheck/tests/Makefile.am ++++ b/memcheck/tests/Makefile.am +@@ -443,6 +443,11 @@ check_PROGRAMS += reach_thread_register + endif + + AM_CFLAGS += $(AM_FLAG_M3264_PRI) ++ ++if VGCONF_PLATFORMS_INCLUDE_MIPS32_LINUX ++AM_CFLAGS += $(AM_CFLAGS_MIPS32_LINUX) ++endif ++ + AM_CXXFLAGS += $(AM_FLAG_M3264_PRI) + + if VGCONF_PLATFORMS_INCLUDE_ARM_LINUX +diff --git a/none/tests/mips32/Makefile.am b/none/tests/mips32/Makefile.am +index d11591d45..602cd26f6 100644 +--- a/none/tests/mips32/Makefile.am ++++ b/none/tests/mips32/Makefile.am +@@ -99,6 +99,10 @@ check_PROGRAMS = \ + round_fpu64 \ + fpu_branches + ++if VGCONF_PLATFORMS_INCLUDE_MIPS32_LINUX ++AM_CFLAGS += $(AM_CFLAGS_MIPS32_LINUX) ++endif ++ + AM_CFLAGS += @FLAG_M32@ + AM_CXXFLAGS += @FLAG_M32@ + AM_CCASFLAGS += @FLAG_M32@ +-- +2.17.1 + diff --git a/poky/meta/recipes-devtools/valgrind/valgrind/0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch b/poky/meta/recipes-devtools/valgrind/valgrind/0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch new file mode 100644 index 000000000..6df295f8a --- /dev/null +++ b/poky/meta/recipes-devtools/valgrind/valgrind/0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch @@ -0,0 +1,47 @@ +From 63ce36396348e7c4c021cffa652d2e3d20f7963a Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Fri, 27 Jul 2018 17:51:54 +0800 +Subject: [PATCH 2/2] fix broken inline asm in tests on mips32-linux + +While build tests(`make check') with gcc 8.1.0 on mips32-linux, +there is a failure +[snip] +|mips-wrsmllib32-linux-gcc -meb -mabi=32 -mhard-float -march=mips32 +-c -o tc08_hbl2-tc08_hbl2.o `test -f 'tc08_hbl2.c' || echo '../../../ +valgrind-3.13.0/helgrind/tests/'`tc08_hbl2.c +|/tmp/cc37aJxQ.s: Assembler messages: +|/tmp/cc37aJxQ.s:275: Error: symbol `L1xyzzy1main' is already defined +|Makefile:1323: recipe for target 'tc08_hbl2-tc08_hbl2.o' failed +[snip] + +Remove the duplicated L1xyzzy1main, and use local symbol to replace. +http://tigcc.ticalc.org/doc/gnuasm.html#SEC46 + +Upstream-Status: Submitted [https://bugs.kde.org/show_bug.cgi?id=396906] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + helgrind/tests/tc08_hbl2.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/helgrind/tests/tc08_hbl2.c b/helgrind/tests/tc08_hbl2.c +index 2a757a008..f660d82dd 100644 +--- a/helgrind/tests/tc08_hbl2.c ++++ b/helgrind/tests/tc08_hbl2.c +@@ -121,12 +121,12 @@ + #elif defined(PLAT_mips32_linux) || defined(PLAT_mips64_linux) + # define INC(_lval,_lqual) \ + __asm__ __volatile__ ( \ +- "L1xyzzy1" _lqual":\n" \ ++ "1:\n" \ + " move $t0, %0\n" \ + " ll $t1, 0($t0)\n" \ + " addiu $t1, $t1, 1\n" \ + " sc $t1, 0($t0)\n" \ +- " beqz $t1, L1xyzzy1" _lqual \ ++ " beqz $t1, 1b\n" \ + : /*out*/ : /*in*/ "r"(&(_lval)) \ + : /*trash*/ "t0", "t1", "memory" \ + ) +-- +2.17.1 + diff --git a/poky/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch b/poky/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch index 51259db00..4b531b42e 100644 --- a/poky/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch +++ b/poky/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch @@ -12,6 +12,11 @@ The #ifdef HAS_VSX guard is wrongly placed. It makes the standard include headers not be used. Causing a build failure. Fix by moving the #ifdef HAS_VSX after the standard includes. +[v2 changes] +- Add #ifdef HAS_VSX guard correctly for ppc64 test_isa_2_06_partx.c + test cases. The changes are similar to what was done for ppc32. + +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Index: none/tests/ppc32/test_isa_2_06_part3.c =================================================================== --- a/none/tests/ppc32/test_isa_2_06_part3.c (revision 16449) @@ -85,3 +90,76 @@ Index: none/tests/ppc32/test_isa_2_06_part2.c #ifndef __powerpc64__ typedef uint32_t HWord_t; #else +Index: none/tests/ppc64/test_isa_2_06_part3.c +=================================================================== +--- a/none/tests/ppc64/test_isa_2_06_part3.c (revision 16449) ++++ b/none/tests/ppc64/test_isa_2_06_part3.c (revision 16450) +@@ -20,17 +20,18 @@ + The GNU General Public License is contained in the file COPYING. + */ + +-#ifdef HAS_VSX +- + #include <stdio.h> + #include <stdint.h> + #include <stdlib.h> + #include <string.h> + #include <malloc.h> +-#include <altivec.h> + #include <math.h> + #include <unistd.h> // getopt + ++#ifdef HAS_VSX ++ ++#include <altivec.h> ++ + #ifndef __powerpc64__ + typedef uint32_t HWord_t; + #else +Index: none/tests/ppc64/test_isa_2_06_part1.c +=================================================================== +--- a/none/tests/ppc64/test_isa_2_06_part1.c (revision 16449) ++++ b/none/tests/ppc64/test_isa_2_06_part1.c (revision 16450) +@@ -20,13 +20,14 @@ + The GNU General Public License is contained in the file COPYING. + */ + +-#ifdef HAS_VSX +- + #include <stdio.h> + #include <stdint.h> + #include <stdlib.h> + #include <string.h> + #include <malloc.h> ++ ++#ifdef HAS_VSX ++ + #include <altivec.h> + + #ifndef __powerpc64__ +Index: none/tests/ppc64/test_isa_2_06_part2.c +=================================================================== +--- a/none/tests/ppc64/test_isa_2_06_part2.c (revision 16449) ++++ b/none/tests/ppc64/test_isa_2_06_part2.c (revision 16450) +@@ -20,17 +20,18 @@ + The GNU General Public License is contained in the file COPYING. + */ + +-#ifdef HAS_VSX +- + #include <stdio.h> + #include <stdint.h> + #include <stdlib.h> + #include <string.h> + #include <malloc.h> +-#include <altivec.h> + #include <math.h> + #include <unistd.h> // getopt + ++#ifdef HAS_VSX ++ ++#include <altivec.h> ++ + #ifndef __powerpc64__ + typedef uint32_t HWord_t; + #else diff --git a/poky/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb b/poky/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb index d3af35e7f..39ec6f5cc 100644 --- a/poky/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb +++ b/poky/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb @@ -37,6 +37,8 @@ SRC_URI = "ftp://sourceware.org/pub/valgrind/valgrind-${PV}.tar.bz2 \ file://link-gz-tests.patch \ file://ppc-headers.patch \ file://mask-CPUID-support-in-HWCAP-on-aarch64.patch \ + file://0001-fix-opcode-not-supported-on-mips32-linux.patch \ + file://0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch \ " SRC_URI[md5sum] = "817dd08f1e8a66336b9ff206400a5369" SRC_URI[sha256sum] = "d76680ef03f00cd5e970bbdcd4e57fb1f6df7d2e2c071635ef2be74790190c3b" @@ -54,7 +56,6 @@ COMPATIBLE_HOST_linux-gnux32 = 'null' COMPATIBLE_HOST_linux-muslx32 = 'null' # Disable for some MIPS variants -COMPATIBLE_HOST_mipsarchn32 = 'null' COMPATIBLE_HOST_mipsarchr6 = 'null' inherit autotools ptest multilib_header diff --git a/poky/meta/recipes-extended/tzcode/tzcode-native_2018d.bb b/poky/meta/recipes-extended/tzcode/tzcode-native_2018f.bb index 7933a5df9..816e34d00 100644 --- a/poky/meta/recipes-extended/tzcode/tzcode-native_2018d.bb +++ b/poky/meta/recipes-extended/tzcode/tzcode-native_2018f.bb @@ -11,10 +11,10 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.md5sum] = "96612b4f5d7e8804fd9a0981c021be90" -SRC_URI[tzcode.sha256sum] = "7de44e85baad748d217e3fd60706f599f9aec68bce6356b163f52b0dbd40a8d9" -SRC_URI[tzdata.md5sum] = "871a7ef808eb42ebc551acdb3d661554" -SRC_URI[tzdata.sha256sum] = "5106eddceb5f1ae3a91dbd3960e1b8b11ba0dc08579a31cf0724a7691b10c054" +SRC_URI[tzdata.md5sum] = "e5e84f00f9d18bd6ebc8b1affec91b15" +SRC_URI[tzdata.sha256sum] = "0af6a85fc4ea95832f76524f35696a61abb3992fd3f8db33e5a1f95653e043f2" +SRC_URI[tzcode.md5sum] = "011d394b70e6ee3823fd77010b99737f" +SRC_URI[tzcode.sha256sum] = "4ec74f8a84372570135ea4be16a042442fafe100f5598cb1017bfd30af6aaa70" S = "${WORKDIR}" diff --git a/poky/meta/recipes-extended/tzdata/tzdata_2018d.bb b/poky/meta/recipes-extended/tzdata/tzdata_2018f.bb index f7fce80b7..b16754060 100644 --- a/poky/meta/recipes-extended/tzdata/tzdata_2018d.bb +++ b/poky/meta/recipes-extended/tzdata/tzdata_2018f.bb @@ -9,8 +9,8 @@ DEPENDS = "tzcode-native" SRC_URI = "http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata" UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzdata.md5sum] = "871a7ef808eb42ebc551acdb3d661554" -SRC_URI[tzdata.sha256sum] = "5106eddceb5f1ae3a91dbd3960e1b8b11ba0dc08579a31cf0724a7691b10c054" +SRC_URI[tzdata.md5sum] = "e5e84f00f9d18bd6ebc8b1affec91b15" +SRC_URI[tzdata.sha256sum] = "0af6a85fc4ea95832f76524f35696a61abb3992fd3f8db33e5a1f95653e043f2" inherit allarch diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb index d5b285e7b..d6d37ed31 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "af1b926c9160b0dbf2bbe41b166a8a7b07191fd2" -SRCREV_meta ?= "c43c9e19a22367b48c0f62764c8555643d2a6844" +SRCREV_machine ?= "eafe398ca1404953c2a01559c83d3a983f8717b1" +SRCREV_meta ?= "3435617380af107e31ec4e36173b9cf1f8a371a0" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.14;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.14.67" +LINUX_VERSION ?= "4.14.76" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" @@ -38,4 +38,4 @@ KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc features/taskstats/ta KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}" KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc" KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc" -KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc" +KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb index c9e6e412b..d613ff05f 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb @@ -4,7 +4,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "4.14.67" +LINUX_VERSION ?= "4.14.76" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" @@ -12,8 +12,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "74ecbeb03ebfc2b9a73a6554924b043b903295f5" -SRCREV_meta ?= "c43c9e19a22367b48c0f62764c8555643d2a6844" +SRCREV_machine ?= "c5aca000e387da12ce375251c829f653503d32b4" +SRCREV_meta ?= "3435617380af107e31ec4e36173b9cf1f8a371a0" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_4.14.bb b/poky/meta/recipes-kernel/linux/linux-yocto_4.14.bb index 91a2845a7..cb4a66b71 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_4.14.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_4.14.bb @@ -11,20 +11,20 @@ KBRANCH_qemux86 ?= "v4.14/standard/base" KBRANCH_qemux86-64 ?= "v4.14/standard/base" KBRANCH_qemumips64 ?= "v4.14/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "93d58c0c59d1dcdba6ff76ef093de7de339414a8" -SRCREV_machine_qemuarm64 ?= "888066bc1b9cc5f596da8237cbf74417106e8f22" -SRCREV_machine_qemumips ?= "a9d862bb92707f39c0cf2b2cc6f1645e88a99eb9" -SRCREV_machine_qemuppc ?= "d8ced31602b65fb92487865502da595bd113a329" -SRCREV_machine_qemux86 ?= "084af9624d268ddf4fd65b2f9e8e50ca2f22e62b" -SRCREV_machine_qemux86-64 ?= "084af9624d268ddf4fd65b2f9e8e50ca2f22e62b" -SRCREV_machine_qemumips64 ?= "44e1719a8f4fe10e88c13b9ec6c1fa1d041efaed" -SRCREV_machine ?= "084af9624d268ddf4fd65b2f9e8e50ca2f22e62b" -SRCREV_meta ?= "c43c9e19a22367b48c0f62764c8555643d2a6844" +SRCREV_machine_qemuarm ?= "91251c7c3d5e9ba9bb527130db440c00bec30fe6" +SRCREV_machine_qemuarm64 ?= "72e2b6e07170fd84a93469830c69c31c9fa1c1dd" +SRCREV_machine_qemumips ?= "fe1a03895bd26473b6e60e76ed54d021561374a7" +SRCREV_machine_qemuppc ?= "e1d81834af552e5caf6c968d2f755866cee19d4e" +SRCREV_machine_qemux86 ?= "2c5caa7e84311f2a0097974a697ac1f59030530e" +SRCREV_machine_qemux86-64 ?= "2c5caa7e84311f2a0097974a697ac1f59030530e" +SRCREV_machine_qemumips64 ?= "512b0a8df98e49746548444cc4c9543ef0c23369" +SRCREV_machine ?= "2c5caa7e84311f2a0097974a697ac1f59030530e" +SRCREV_meta ?= "3435617380af107e31ec4e36173b9cf1f8a371a0" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.14;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.14.67" +LINUX_VERSION ?= "4.14.76" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/poky/meta/recipes-support/curl/curl/CVE-2018-14618.patch b/poky/meta/recipes-support/curl/curl/CVE-2018-14618.patch new file mode 100644 index 000000000..db07b436d --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2018-14618.patch @@ -0,0 +1,37 @@ +From 57d299a499155d4b327e341c6024e293b0418243 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 13 Aug 2018 10:35:52 +0200 +Subject: [PATCH] Curl_ntlm_core_mk_nt_hash: return error on too long password + +... since it would cause an integer overflow if longer than (max size_t +/ 2). + +This is CVE-2018-14618 + +Bug: https://curl.haxx.se/docs/CVE-2018-14618.html +Closes #2756 +Reported-by: Zhaoyang Wu + +CVE: CVE-2018-14618 +Upstream-Status: Backport +Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> +--- + lib/curl_ntlm_core.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c +index e27cab353c..922e85a926 100644 +--- a/lib/curl_ntlm_core.c ++++ b/lib/curl_ntlm_core.c +@@ -557,8 +557,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, + unsigned char *ntbuffer /* 21 bytes */) + { + size_t len = strlen(password); +- unsigned char *pw = len ? malloc(len * 2) : strdup(""); ++ unsigned char *pw; + CURLcode result; ++ if(len > SIZE_T_MAX/2) /* avoid integer overflow */ ++ return CURLE_OUT_OF_MEMORY; ++ pw = len ? malloc(len * 2) : strdup(""); + if(!pw) + return CURLE_OUT_OF_MEMORY; diff --git a/poky/meta/recipes-support/curl/curl_7.61.0.bb b/poky/meta/recipes-support/curl/curl_7.61.0.bb index d118c3ff9..31d5d9bda 100644 --- a/poky/meta/recipes-support/curl/curl_7.61.0.bb +++ b/poky/meta/recipes-support/curl/curl_7.61.0.bb @@ -3,16 +3,17 @@ HOMEPAGE = "http://curl.haxx.se/" BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker" SECTION = "console/network" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://COPYING;beginline=8;md5=3a34942f4ae3fbf1a303160714e664ac" +LIC_FILES_CHKSUM = "file://COPYING;md5=ef889a37a5a874490ac7ce116396f29a" SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ + file://CVE-2018-14618.patch \ " SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a" SRC_URI[sha256sum] = "5f6f336921cf5b84de56afbd08dfb70adeef2303751ffb3e570c936c6d656c9c" -CVE_PRODUCT = "libcurl" +CVE_PRODUCT = "curl libcurl" inherit autotools pkgconfig binconfig multilib_header PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls proxy threaded-resolver zlib" |
