Re: [OE-core] [oe-core][PATCH 1/2] defaultsetup.conf: enable select init manager

[Kang Kai]

On 2019/7/20 上午6:28, richard.pur...@linuxfoundation.org wrote:

On Fri, 2019-07-19 at 22:35 +0100, Burton, Ross wrote:

On Thu, 4 Jul 2019 at 15:40,  wrote:

+++ b/meta/conf/distro/include/init-manager-systemd.inc
@@ -0,0 +1,6 @@
+# Use systemd for system initialization
+DISTRO_FEATURES_append = " systemd"
+DISTRO_FEATURES_BACKFILL_CONSIDERED_append = " sysvinit"
+VIRTUAL-RUNTIME_init_manager = "systemd"
+VIRTUAL-RUNTIME_initscripts = "systemd-compat-units"
+VIRTUAL-RUNTIME_login_manager = "shadow-base"
diff --git a/meta/conf/distro/include/init-manager-sysvinit.inc
b/meta/conf/distro/include/init-manager-sysvinit.inc
new file mode 100644
index 00..7725b30e1e
--- /dev/null
+++ b/meta/conf/distro/include/init-manager-sysvinit.inc
@@ -0,0 +1,6 @@
+# Use sysvinit for system initialization
+DISTRO_FEATURES_append = " sysvinit"
+DISTRO_FEATURES_BACKFILL_CONSIDERED_append = " systemd"
+VIRTUAL-RUNTIME_init_manager = "sysvinit"
+VIRTUAL-RUNTIME_initscripts = "initscripts"
+VIRTUAL-RUNTIME_login_manager = "busybox"

Back when I integrated systemd into oe-core one of the use cases was
a single distro that builds a main image using systemd, and a
rescue/update image using sysv/busybox.  How is this possible with
this system?



Hi Richard,


We're still missing one or two init system setup variants,


What kind of missing variants do you mean?



I was
planning to add those and convert our autobuilder tests over to use
them rather than the fragements that are currently coded into
autobuilder-helper.



I just run oe-selftest -a with this patch after you updated the patch in 
oe-core. But I met some (>15) errors


ERROR: Unable to start bitbake server (None)

But I think it should not be related with init manager changes and will 
change a build machine to test.

Do you have test it again in autobuilder and any failure found? Thanks.

Regards,
Kai





Personally, I'd prefer to see the DISTRO_FEATURE wrangling left out
of those files, and let the user ensure the right features are set.
After all, systemd will refuse to build unless the systemd feature is
enabled.

With the addition of the "none" default, users aren't being forced to
use them so that can do something custom or use a precanned default
which I think gives the best of both worlds?

Cheers,

Richard




--
Kai Kang

--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH] xinput: update to 1.6.3

[Oleksandr Kravchuk]

Signed-off-by: Oleksandr Kravchuk 
---
 .../xorg-app/{xinput_1.6.2.bb => xinput_1.6.3.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-graphics/xorg-app/{xinput_1.6.2.bb => xinput_1.6.3.bb} 
(67%)

diff --git a/meta/recipes-graphics/xorg-app/xinput_1.6.2.bb 
b/meta/recipes-graphics/xorg-app/xinput_1.6.3.bb
similarity index 67%
rename from meta/recipes-graphics/xorg-app/xinput_1.6.2.bb
rename to meta/recipes-graphics/xorg-app/xinput_1.6.3.bb
index 25cd047bc9..ff1f1c9148 100644
--- a/meta/recipes-graphics/xorg-app/xinput_1.6.2.bb
+++ b/meta/recipes-graphics/xorg-app/xinput_1.6.3.bb
@@ -8,5 +8,5 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=881525f89f99cad39c9832bcb72e6fa5"
 
 DEPENDS += " libxi libxrandr libxinerama"
 
-SRC_URI[md5sum] = "6a889412eff2e3c1c6bb19146f6fe84c"
-SRC_URI[sha256sum] = 
"3694d29b4180952fbf13c6d4e59541310cbb11eef5bf888ff3d8b7f4e3aee5c4"
+SRC_URI[md5sum] = "ac6b7432726008b2f50eba82b0e2dbe4"
+SRC_URI[sha256sum] = 
"35a281dd3b9b22ea85e39869bb7670ba78955d5fec17c6ef7165d61e5aeb66ed"
-- 
2.17.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 1/2] iptables: upgrade 1.8.2 -> 1.8.3

[Anuj Mittal]

Remove upstreamed patches and manually package symlinks which aren't
handled by do_split_package.

Changelog:
http://git.netfilter.org/iptables/log/?qt=range=v1.8.3...v1.8.2

Signed-off-by: Anuj Mittal 
---
 ...format-security-fixes-in-libipt_icmp.patch |  61 -
 .../iptables/iptables/CVE-2019-11360.patch| 117 --
 .../{iptables_1.8.2.bb => iptables_1.8.3.bb}  |  13 +-
 3 files changed, 9 insertions(+), 182 deletions(-)
 delete mode 100644 
meta/recipes-extended/iptables/iptables/0003-extensions-format-security-fixes-in-libipt_icmp.patch
 delete mode 100644 meta/recipes-extended/iptables/iptables/CVE-2019-11360.patch
 rename meta/recipes-extended/iptables/{iptables_1.8.2.bb => iptables_1.8.3.bb} 
(84%)

diff --git 
a/meta/recipes-extended/iptables/iptables/0003-extensions-format-security-fixes-in-libipt_icmp.patch
 
b/meta/recipes-extended/iptables/iptables/0003-extensions-format-security-fixes-in-libipt_icmp.patch
deleted file mode 100644
index e26594d19b..00
--- 
a/meta/recipes-extended/iptables/iptables/0003-extensions-format-security-fixes-in-libipt_icmp.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 907e429d7548157016cd51aba4adc5d0c7d9f816 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Adam=20Go=C5=82=C4=99biowski?= 
-Date: Wed, 14 Nov 2018 07:35:28 +0100
-Subject: extensions: format-security fixes in libip[6]t_icmp
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add")
-introduced support for gcc feature to check format string against passed
-argument.  This commit adds missing bits to extenstions's libipt_icmp.c
-and libip6t_icmp6.c that were causing build to fail.
-
-Fixes: 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add")
-Signed-off-by: Adam Gołębiowski 
-Signed-off-by: Pablo Neira Ayuso 
-
-Upstream-Status: Backport

- extensions/libip6t_icmp6.c | 4 ++--
- extensions/libipt_icmp.c   | 2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
-index 45a71875..cc7bfaeb 100644
 a/extensions/libip6t_icmp6.c
-+++ b/extensions/libip6t_icmp6.c
-@@ -230,7 +230,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, 
unsigned int icmptype,
-   type_name = icmp6_type_xlate(icmptype);
- 
-   if (type_name) {
--  xt_xlate_add(xl, type_name);
-+  xt_xlate_add(xl, "%s", type_name);
-   } else {
-   for (i = 0; i < ARRAY_SIZE(icmpv6_codes); ++i)
-   if (icmpv6_codes[i].type == icmptype &&
-@@ -239,7 +239,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, 
unsigned int icmptype,
-   break;
- 
-   if (i != ARRAY_SIZE(icmpv6_codes))
--  xt_xlate_add(xl, icmpv6_codes[i].name);
-+  xt_xlate_add(xl, "%s", icmpv6_codes[i].name);
-   else
-   return 0;
-   }
-diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
-index 54189976..e76257c5 100644
 a/extensions/libipt_icmp.c
-+++ b/extensions/libipt_icmp.c
-@@ -236,7 +236,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, 
unsigned int icmptype,
-   if (icmp_codes[i].type == icmptype &&
-   icmp_codes[i].code_min == code_min &&
-   icmp_codes[i].code_max == code_max) {
--  xt_xlate_add(xl, icmp_codes[i].name);
-+  xt_xlate_add(xl, "%s", icmp_codes[i].name);
-   return 1;
-   }
-   }
--- 
-cgit v1.2.1
-
diff --git a/meta/recipes-extended/iptables/iptables/CVE-2019-11360.patch 
b/meta/recipes-extended/iptables/iptables/CVE-2019-11360.patch
deleted file mode 100644
index f67164fbcc..00
--- a/meta/recipes-extended/iptables/iptables/CVE-2019-11360.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From 2ae1099a42e6a0f06de305ca13a842ac83d4683e Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso 
-Date: Mon, 22 Apr 2019 23:17:27 +0200
-Subject: [PATCH] xshared: check for maximum buffer length in
- add_param_to_argv()
-
-Bail out if we go over the boundary, based on patch from Sebastian.
-
-Reported-by: Sebastian Neef 
-Signed-off-by: Pablo Neira Ayuso 
-
-Upstream-Status: Backport
-CVE: CVE-2019-11360
-Signed-off-by: Li Zhou 

- iptables/xshared.c | 46 --
- 1 file changed, 28 insertions(+), 18 deletions(-)
-
-diff --git a/iptables/xshared.c b/iptables/xshared.c
-index fb186fb1..36a2ec5f 100644
 a/iptables/xshared.c
-+++ b/iptables/xshared.c
-@@ -433,10 +433,24 @@ void save_argv(void)
-   }
- }
- 
-+struct xt_param_buf {
-+  charbuffer[1024];
-+  int len;
-+};
-+
-+static void add_param(struct xt_param_buf *param, const char *curchar)
-+{
-+  param->buffer[param->len++] = *curchar;
-+  

[OE-core] [PATCH 2/2] piglit: fix SRC_URI

[Anuj Mittal]

Fixes build for older versions of git (like on CentOS 7) which don't
follow redirects properly if the .git suffix is missing and cause
errors:

| error: RPC failed; result=22, HTTP code = 404
| fatal: The remote end hung up unexpectedly

Signed-off-by: Anuj Mittal 
---
 meta/recipes-graphics/piglit/piglit_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-graphics/piglit/piglit_git.bb 
b/meta/recipes-graphics/piglit/piglit_git.bb
index 5304f358fa..0b6519e3f8 100644
--- a/meta/recipes-graphics/piglit/piglit_git.bb
+++ b/meta/recipes-graphics/piglit/piglit_git.bb
@@ -2,7 +2,7 @@ SUMMARY = "OpenGL driver testing framework"
 LICENSE = "MIT & LGPLv2+ & GPLv3 & GPLv2+ & BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b2beded7103a3d8a442a2a0391d607b0"
 
-SRC_URI = "git://gitlab.freedesktop.org/mesa/piglit;protocol=https \
+SRC_URI = "git://gitlab.freedesktop.org/mesa/piglit.git;protocol=https \
file://0001-cmake-install-bash-completions-in-the-right-place.patch 
\
file://0001-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch \
"
-- 
2.20.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 3/6] python3-docutils: update to 0.15

[Oleksandr Kravchuk]

Signed-off-by: Oleksandr Kravchuk 
---
 .../{python3-docutils_0.14.bb => python3-docutils_0.15.bb}   | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)
 rename meta/recipes-devtools/python/{python3-docutils_0.14.bb => 
python3-docutils_0.15.bb} (74%)

diff --git a/meta/recipes-devtools/python/python3-docutils_0.14.bb 
b/meta/recipes-devtools/python/python3-docutils_0.15.bb
similarity index 74%
rename from meta/recipes-devtools/python/python3-docutils_0.14.bb
rename to meta/recipes-devtools/python/python3-docutils_0.15.bb
index 81a449d646..f5c3f5d707 100644
--- a/meta/recipes-devtools/python/python3-docutils_0.14.bb
+++ b/meta/recipes-devtools/python/python3-docutils_0.15.bb
@@ -7,12 +7,11 @@ LIC_FILES_CHKSUM = 
"file://COPYING.txt;md5=35a23d42b615470583563132872c97d6"
 DEPENDS = "python3"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/docutils/docutils-${PV}.tar.gz"
-SRC_URI[md5sum] = "c53768d63db3873b7d452833553469de"
-SRC_URI[sha256sum] = 
"51e64ef2ebfb29cae1faa133b3710143496eca21c530f3f71424d77687764274"
+SRC_URI[md5sum] = "f51729f19e70a9dc4837433193a5e798"
+SRC_URI[sha256sum] = 
"c35e87e985f70106f6f97e050f3bed990641e0e104566134b9cd23849a460e96"
 
 S = "${WORKDIR}/docutils-${PV}"
 
 inherit distutils3
 
 BBCLASSEXTEND = "native"
-
-- 
2.17.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 5/6] python3-mako: update to 1.0.14

[Oleksandr Kravchuk]

Got rid of python-git since there is no python2 version of the package.

Signed-off-by: Oleksandr Kravchuk 
---
 meta/recipes-devtools/python/python3-mako_1.0.13.bb | 3 ---
 .../python/{python-mako.inc => python3-mako_1.0.14.bb}  | 6 +++---
 2 files changed, 3 insertions(+), 6 deletions(-)
 delete mode 100644 meta/recipes-devtools/python/python3-mako_1.0.13.bb
 rename meta/recipes-devtools/python/{python-mako.inc => 
python3-mako_1.0.14.bb} (71%)

diff --git a/meta/recipes-devtools/python/python3-mako_1.0.13.bb 
b/meta/recipes-devtools/python/python3-mako_1.0.13.bb
deleted file mode 100644
index 17803f1b00..00
--- a/meta/recipes-devtools/python/python3-mako_1.0.13.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-inherit setuptools3
-require python-mako.inc
-
diff --git a/meta/recipes-devtools/python/python-mako.inc 
b/meta/recipes-devtools/python/python3-mako_1.0.14.bb
similarity index 71%
rename from meta/recipes-devtools/python/python-mako.inc
rename to meta/recipes-devtools/python/python3-mako_1.0.14.bb
index d71df956e8..d2f5188cc4 100644
--- a/meta/recipes-devtools/python/python-mako.inc
+++ b/meta/recipes-devtools/python/python3-mako_1.0.14.bb
@@ -6,10 +6,10 @@ LIC_FILES_CHKSUM = 
"file://LICENSE;md5=df7e6c7c82990acf0228a55e00d29bc9"
 
 PYPI_PACKAGE = "Mako"
 
-inherit pypi
+inherit pypi setuptools3
 
-SRC_URI[md5sum] = "ad6c7dcb5d39c99f4fdf4fec892c5dee"
-SRC_URI[sha256sum] = 
"95ee720cc3453063788515d55bd7ce4a2a77b7b209e4ac70ec5c86091eb02541"
+SRC_URI[md5sum] = "e162578170331f0cc6a4adb063c7c0f6"
+SRC_URI[sha256sum] = 
"f5a642d8c5699269ab62a68b296ff990767eb120f51e2e8f3d6afb16bdb57f4b"
 
 RDEPENDS_${PN} = "${PYTHON_PN}-html \
   ${PYTHON_PN}-netclient \
-- 
2.17.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 4/6] python3-git: update to 2.1.12

[Oleksandr Kravchuk]

Got rid of python-git since there is no python2 version of the package.

Signed-off-by: Oleksandr Kravchuk 
---
 meta/recipes-devtools/python/python3-git_2.1.11.bb | 2 --
 .../python/{python-git.inc => python3-git_2.1.12.bb}   | 7 ---
 2 files changed, 4 insertions(+), 5 deletions(-)
 delete mode 100644 meta/recipes-devtools/python/python3-git_2.1.11.bb
 rename meta/recipes-devtools/python/{python-git.inc => python3-git_2.1.12.bb} 
(86%)

diff --git a/meta/recipes-devtools/python/python3-git_2.1.11.bb 
b/meta/recipes-devtools/python/python3-git_2.1.11.bb
deleted file mode 100644
index ac320fa56b..00
--- a/meta/recipes-devtools/python/python3-git_2.1.11.bb
+++ /dev/null
@@ -1,2 +0,0 @@
-require python-git.inc
-inherit setuptools3
diff --git a/meta/recipes-devtools/python/python-git.inc 
b/meta/recipes-devtools/python/python3-git_2.1.12.bb
similarity index 86%
rename from meta/recipes-devtools/python/python-git.inc
rename to meta/recipes-devtools/python/python3-git_2.1.12.bb
index f973e9f42c..99e59cbb8a 100644
--- a/meta/recipes-devtools/python/python-git.inc
+++ b/meta/recipes-devtools/python/python3-git_2.1.12.bb
@@ -10,10 +10,10 @@ LIC_FILES_CHKSUM = 
"file://LICENSE;md5=8b8d26c37c1d5a04f9b0186edbebc183"
 
 PYPI_PACKAGE = "GitPython"
 
-inherit pypi
+inherit pypi setuptools3
 
-SRC_URI[md5sum] = "cee43a39a1468084d49d1c49fb675204"
-SRC_URI[sha256sum] = 
"8237dc5bfd6f1366abeee5624111b9d6879393d84745a507de0fda86043b65a8"
+SRC_URI[md5sum] = "33bfbc89fe616ca22b6336be80d570f4"
+SRC_URI[sha256sum] = 
"7428f1cc5e72d53e65c3259d5cebc22fb2b07f973c49d95b3c3d26c64890a3c3"
 
 DEPENDS = "${PYTHON_PN}-gitdb"
 
@@ -29,4 +29,5 @@ RDEPENDS_${PN} += " \
${PYTHON_PN}-unixadmin \
git \
 "
+
 BBCLASSEXTEND = "native nativesdk"
-- 
2.17.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 2/6] python3-scons: update to 3.1.0

[Oleksandr Kravchuk]

Signed-off-by: Oleksandr Kravchuk 
---
 ...n3-scons-native_3.0.5.bb => python3-scons-native_3.1.0.bb} | 0
 .../python/{python3-scons_3.0.5.bb => python3-scons_3.1.0.bb} | 4 ++--
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/python/{python3-scons-native_3.0.5.bb => 
python3-scons-native_3.1.0.bb} (100%)
 rename meta/recipes-devtools/python/{python3-scons_3.0.5.bb => 
python3-scons_3.1.0.bb} (82%)

diff --git a/meta/recipes-devtools/python/python3-scons-native_3.0.5.bb 
b/meta/recipes-devtools/python/python3-scons-native_3.1.0.bb
similarity index 100%
rename from meta/recipes-devtools/python/python3-scons-native_3.0.5.bb
rename to meta/recipes-devtools/python/python3-scons-native_3.1.0.bb
diff --git a/meta/recipes-devtools/python/python3-scons_3.0.5.bb 
b/meta/recipes-devtools/python/python3-scons_3.1.0.bb
similarity index 82%
rename from meta/recipes-devtools/python/python3-scons_3.0.5.bb
rename to meta/recipes-devtools/python/python3-scons_3.1.0.bb
index 7fb75a627e..f1545dade6 100644
--- a/meta/recipes-devtools/python/python3-scons_3.0.5.bb
+++ b/meta/recipes-devtools/python/python3-scons_3.1.0.bb
@@ -4,8 +4,8 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=37bb53a08e6beaea0c90e7821d731284"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/scons/scons-${PV}.tar.gz"
-SRC_URI[md5sum] = "9f9c163e8bd48cf8cd92f03e85ca6395"
-SRC_URI[sha256sum] = 
"df676f23dc6d4bfa384fc389d95dcd21ab907e6349d4c848958ba4befb73c73e"
+SRC_URI[md5sum] = "e2fe9d16f81b0285b969238af4b552ff"
+SRC_URI[sha256sum] = 
"f3f548d738d4a2179123ecd744271ec413b2d55735ea7625a59b1b59e6cd132f"
 
 S = "${WORKDIR}/scons-${PV}"
 
-- 
2.17.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 6/6] python3-pbr: update to 5.4.1

[Oleksandr Kravchuk]

Signed-off-by: Oleksandr Kravchuk 
---
 meta/recipes-devtools/python/python3-pbr_5.4.0.bb | 5 -
 meta/recipes-devtools/python/python3-pbr_5.4.1.bb | 5 +
 2 files changed, 5 insertions(+), 5 deletions(-)
 delete mode 100644 meta/recipes-devtools/python/python3-pbr_5.4.0.bb
 create mode 100644 meta/recipes-devtools/python/python3-pbr_5.4.1.bb

diff --git a/meta/recipes-devtools/python/python3-pbr_5.4.0.bb 
b/meta/recipes-devtools/python/python3-pbr_5.4.0.bb
deleted file mode 100644
index 1f1ec3a420..00
--- a/meta/recipes-devtools/python/python3-pbr_5.4.0.bb
+++ /dev/null
@@ -1,5 +0,0 @@
-inherit setuptools3
-require python-pbr.inc
-
-SRC_URI[md5sum] = "fcf120102d3e4859d41425638122058c"
-SRC_URI[sha256sum] = 
"36ebd78196e8c9588c972f5571230a059ff83783faedecc07be263ccd7e6"
diff --git a/meta/recipes-devtools/python/python3-pbr_5.4.1.bb 
b/meta/recipes-devtools/python/python3-pbr_5.4.1.bb
new file mode 100644
index 00..338ac8b707
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-pbr_5.4.1.bb
@@ -0,0 +1,5 @@
+inherit setuptools3
+require python-pbr.inc
+
+SRC_URI[md5sum] = "ab6e26026ab306989a636ec2d50a435a"
+SRC_URI[sha256sum] = 
"0ca44dc9fd3b04a22297c2a91082d8df2894862e8f4c86a49dac69eae9e85ca0"
-- 
2.17.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 1/6] python-scons: update to 3.1.0

[Oleksandr Kravchuk]

Signed-off-by: Oleksandr Kravchuk 
---
 ...hon-scons-native_3.0.5.bb => python-scons-native_3.1.0.bb} | 0
 .../python/{python-scons_3.0.5.bb => python-scons_3.1.0.bb}   | 4 ++--
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/python/{python-scons-native_3.0.5.bb => 
python-scons-native_3.1.0.bb} (100%)
 rename meta/recipes-devtools/python/{python-scons_3.0.5.bb => 
python-scons_3.1.0.bb} (79%)

diff --git a/meta/recipes-devtools/python/python-scons-native_3.0.5.bb 
b/meta/recipes-devtools/python/python-scons-native_3.1.0.bb
similarity index 100%
rename from meta/recipes-devtools/python/python-scons-native_3.0.5.bb
rename to meta/recipes-devtools/python/python-scons-native_3.1.0.bb
diff --git a/meta/recipes-devtools/python/python-scons_3.0.5.bb 
b/meta/recipes-devtools/python/python-scons_3.1.0.bb
similarity index 79%
rename from meta/recipes-devtools/python/python-scons_3.0.5.bb
rename to meta/recipes-devtools/python/python-scons_3.1.0.bb
index 939c15bcc6..b174050583 100644
--- a/meta/recipes-devtools/python/python-scons_3.0.5.bb
+++ b/meta/recipes-devtools/python/python-scons_3.1.0.bb
@@ -4,8 +4,8 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=37bb53a08e6beaea0c90e7821d731284"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/scons/scons-${PV}.tar.gz"
-SRC_URI[md5sum] = "9f9c163e8bd48cf8cd92f03e85ca6395"
-SRC_URI[sha256sum] = 
"df676f23dc6d4bfa384fc389d95dcd21ab907e6349d4c848958ba4befb73c73e"
+SRC_URI[md5sum] = "e2fe9d16f81b0285b969238af4b552ff"
+SRC_URI[sha256sum] = 
"f3f548d738d4a2179123ecd744271ec413b2d55735ea7625a59b1b59e6cd132f"
 
 S = "${WORKDIR}/scons-${PV}"
 
-- 
2.17.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] Automatically creating tar files for bin_package.bbclass

[Andre McCurdy]

 On Fri, Jul 19, 2019 at 1:09 AM Nicolas Dechesne
 wrote:
>
> hi Andre!

Hi Nico! :-)

> has anything more been done on that topic? I happen to now need
> something similar. E.g. packaging for proprietary content, and google
> led me to this discussion. What's the recommended approach nowadays to
> deal with recipes for proprietary content? The use case is similar,
> when building internally, we want to build all sources, but when we
> distribute, we want to distribute all open source content +
> proprietary as blob, but with minimal (if not none) changes in the
> meta data.

I don't think there was any further public work on this topic. My own
private solution evolved somewhat to the class copied and pasted
below.

In the end it became a self contained solution which doesn't rely on
bin_package.bbclass. Instead it directly creates a tar file of the
proprietary binaries (based on the contents of ${PKGD}) and a
dedicated "mini recipe" to extract it. The party with access to the
proprietary source includes the class in the main recipe which builds
from source and then arranges for the resulting tar file and mini
recipe to be distributed to the parties who don't have source access.
In my case, hooks run on a CI build server pushed the mini recipe to a
meta layer git repo and the tar file to a server accessible via scp.
The consumers of the prebuilts therefore only needed to repo sync the
meta layer to get the latest updates.



DEPLOY_DIR_PREBUILT_RECIPES ?= "${DEPLOY_DIR}/prebuilt-recipes"
DEPLOY_DIR_PREBUILT_TARFILES ?= "${DEPLOY_DIR}/prebuilt-tarfiles"

BASEPV = "${@ d.getVar('PV', True).replace('AUTOINC+', '')}"

PREBUILT_PV ?= "prebuilt-${MACHINE}-${BASEPV}"
PREBUILT_TARFILE_BASENAME ?= "${BPN}-${PREBUILT_PV}"

PREBUILT_RECIPE ?=
"${DEPLOY_DIR_PREBUILT_RECIPES}/${BPN}_prebuilt-${MACHINE}.bb"
PREBUILT_TARFILE ?=
"${DEPLOY_DIR_PREBUILT_TARFILES}/${PREBUILT_TARFILE_BASENAME}.tar.bz2"

PREBUILT_SRC_URI_PREFIX ?= "http://localhost:8000/;
PREBUILT_SRC_URI_PATH ?= ""

PREBUILT_CREATE_TARFILE_DOTDONE ?= "true"

do_genprebuilt[depends] += "pbzip2-native:do_populate_sysroot"
do_genprebuilt[dirs] = "${DEPLOY_DIR_PREBUILT_RECIPES}
${DEPLOY_DIR_PREBUILT_TARFILES} ${WORKDIR}"

do_genprebuilt() {

[ "${CLASSOVERRIDE}" != "class-target" ] && exit 0

find package -type d -empty -o ! -type d | grep -v
'^package/usr/src' | grep -v '\.debug' | LC_ALL=C sort >
${PREBUILT_TARFILE}.files
tar --transform "s|^package|${PREBUILT_TARFILE_BASENAME}|" --owner
0 --group 0 -T ${PREBUILT_TARFILE}.files -cvf - | pbzip2 >
${PREBUILT_TARFILE}
rm ${PREBUILT_TARFILE}.files

[ "${PREBUILT_CREATE_TARFILE_DOTDONE}" = "true" ] && touch
${PREBUILT_TARFILE}.done

# 

s='$''{S}'
d='$''{D}'
bp='$''{BP}'
ma='$''{MACHINE_ARCH}'
pn='$''{PN}'
wd='$''{WORKDIR}'
openbracket='{'
closebracket='}'

md5=`md5sum < ${PREBUILT_TARFILE} | cut -c-32`
sha256=`sha256sum < ${PREBUILT_TARFILE} | cut -c-64`

# 

cat << EOF > ${PREBUILT_RECIPE}

COMPATIBLE_MACHINE = "${MACHINE}"

PV = "${PREBUILT_PV}"

SRC_URI = "${PREBUILT_SRC_URI_PREFIX}${PREBUILT_SRC_URI_PATH}$bp.tar.bz2"

SRC_URI[md5sum] = "$md5"
SRC_URI[sha256sum] = "$sha256"

do_configure[noexec] = "1"
do_compile[noexec] = "1"

do_install () $openbracket
tar -C $s --exclude='./patches' --exclude='./.pc' -cpf - . | tar
-C $d --no-same-owner -xpvf -
$closebracket

PACKAGE_ARCH = "$ma"

INSANE_SKIP_$pn += "already-stripped"
EOF

# 
}

addtask do_genprebuilt after do_package before do_package_qa


-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH V4 3/4] elfutils: Fix eu-* utils builds for musl

[Adrian Bunk]

On Sat, Jul 20, 2019 at 11:00:57AM -0700, Khem Raj wrote:
>...
> ++#if !defined(FNM_EXTMATCH)
> ++# define FNM_EXTMATCH (0)
> ++#endif
>...

As already said in [1] this is expected to result in broken code,
and the upstream testsuite also confirms this.

cu
Adrian

[1] 
http://lists.openembedded.org/pipermail/openembedded-core/2019-May/282787.html

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [thud] 00/30] Platch review for thud-next

[Khem Raj]

On Sun, Jul 21, 2019 at 7:25 AM Armin Kuster  wrote:
>
> Comments regarding this patch series due by Wednesday.
>
> The following changes since commit f162d5bfe6eaeca24f441c83c87252c8d05744fc:
>
>   core-image-sato-sdk-ptest: Tweak size to stay within 4GB limit (2019-05-17 
> 22:05:59 -0700)
>
> are available in the git repository at:
>
>   git://git.openembedded.org/openembedded-core-contrib stable/thud-nmut
>   
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/thud-nmut
>
> Armin Kuster (16):
>   glibc: Security fix CVE-2019-9169
>   elfutils: Security fixes  CVE-2019-7146,7149,7150
>   qemu: Several CVE fixes
>   python: Update to 2.7.16
>   busybox: Security fixes for CVE-2018-20679 CVE-2019-5747
>   sqlite3: Security fixes for CVE-2018-20505 & 20506
>   file: Multiple Secruity fixes
>   go: update to minor update 1.11.10
>   qemu: Security fix for CVE-2018-19489
>   Tar: Security fix CVE-2019-0023
>   glib-2.0: Security fix for CVE-2019-12450
>   wget: Security fix for CVE-2019-5953
>   Curl: Securiyt fix CVE-2019-5435 CVE-2019-5436
>   qemu: Security fix for CVE-2019-12155
>   qemu: Security fixes CVE-2018-20815 CVE-2019-9824
>   glib: Security fix for CVE-2019-9633
>
> Chen Qi (2):
>   cups: upgrade to 2.2.9
>   cups: upgrade to 2.2.10
>
> Hongxu Jia (1):
>   go-target.inc: fix go not found while multilib enabled
>
> Joshua DeWeese (1):
>   wpa_supplicant: Changed systemd template units
>
> Khem Raj (1):
>   go: Upgrade 1.11.1 -> 1.11.4 minor release
>
> Martin Jansa (1):
>   python: add a fix for CVE-2019-9948 and CVE-2019-9636
>
> Richard Purdie (4):
>   go-crosssdk: PN should use SDK_SYS, not TARGET_ARCH
>   yocto-uninative: Update to 2.5 release
>   uninative: Switch from bz2 to xz
>   uninative: Update to 2.6 release
>
> Robert Yang (1):
>   uboot-sign.bbclass: Remove tab indentations in python code
>
> Ross Burton (3):
>   cairo: fix CVE-2018-19876 CVE-2019-6461 CVE-2019-6462
>   lighttpd: fix CVE-2019-11072
>   glibc: backport CVE fixes
>

Looks fine to me


>  meta/classes/uboot-sign.bbclass|  20 +-
>  meta/classes/uninative.bbclass |   4 +-
>  meta/conf/distro/include/yocto-uninative.inc   |   8 +-
>  ...place-systemd-install-Alias-with-WantedBy.patch |  52 
>  .../wpa-supplicant/wpa-supplicant_2.6.bb   |   1 +
>  .../busybox/busybox/CVE-2018-20679.patch   | 142 +
>  .../busybox/busybox/CVE-2019-5747.patch|  60 
>  meta/recipes-core/busybox/busybox_1.29.3.bb|   2 +
>  .../glib-2.0/glib-2.0/CVE-2019-12450.patch |  59 
>  .../glib-2.0/glib-2.0/CVE-2019-9633_p1.patch   | 316 
> +
>  .../glib-2.0/glib-2.0/CVE-2019-9633_p2.patch   | 231 +++
>  meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb  |   3 +
>  meta/recipes-core/glibc/glibc/CVE-2016-10739.patch | 232 +++
>  meta/recipes-core/glibc/glibc/CVE-2018-19591.patch |  48 
>  meta/recipes-core/glibc/glibc/CVE-2019-9169.patch  |  63 
>  meta/recipes-core/glibc/glibc_2.28.bb  |   3 +
>  meta/recipes-devtools/elfutils/elfutils_0.175.bb   |   4 +
>  .../elfutils/files/CVE-2019-7146_p1.patch  |  52 
>  .../elfutils/files/CVE-2019-7146_p2.patch  |  65 +
>  .../elfutils/files/CVE-2019-7149.patch | 148 ++
>  .../elfutils/files/CVE-2019-7150.patch |  51 
>  .../recipes-devtools/file/file/CVE-2019-8904.patch |  30 ++
>  .../file/file/CVE-2019-8905_CVE-2019-8907.patch| 120 
>  .../recipes-devtools/file/file/CVE-2019-8906.patch |  27 ++
>  meta/recipes-devtools/file/file_5.34.bb|   3 +
>  meta/recipes-devtools/go/go-1.11.inc   |   7 +-
>  ...07-cmd-go-make-GOROOT-precious-by-default.patch |   6 +-
>  .../0008-use-GOBUILDMODE-to-set-buildmode.patch|  13 +-
>  meta/recipes-devtools/go/go-crosssdk.inc   |   2 +-
>  meta/recipes-devtools/go/go-target.inc |   2 +-
>  ...on-native_2.7.15.bb => python-native_2.7.16.bb} |   2 -
>  meta/recipes-devtools/python/python.inc|  18 +-
>  ...23-Use-XML_SetHashSalt-in-_elementtree-GH.patch |  96 ---
>  ...ix-test_ssl-when-a-filename-cannot-be-enc.patch |  55 
>  ...LS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch | 120 
>  ...34540-Convert-shutil._call_external_zip-t.patch |  67 -
>  ...dd-missing-closing-wrapper-in-test_tls1_3.patch |  37 ---
>  ...ix-test_ssl.test_options-to-account-for-O.patch |  37 ---
>  ...ix-test_default_ecdh_curve-needs-no-tlsv1.patch |  34 ---
>  .../python/bpo-35907-cve-2019-9948-fix.patch   |  55 
>  .../python/python/bpo-35907-cve-2019-9948.patch|  55 
>  .../python/bpo-36216-cve-2019-9636-fix.patch   |  28 ++
>  .../python/python/bpo-36216-cve-2019-9636.patch| 111 
>  .../python/{python_2.7.15.bb => python_2.7.16.bb}  |   6 +-
>  .../qemu/qemu/CVE-2018-16867.patch |  49 
>  

[OE-core] [thud] 28/30] qemu: Security fixes CVE-2018-20815 CVE-2019-9824

[Armin Kuster]

From: Armin Kuster 

Source: qemu.org
MR: 98623
Type: Security Fix
Disposition: Backport from qemu.org
ChangeID: 03b3f28e5860ef1cb9f58dce89f252bd7ed59f37
Description:

Fixes both CVE-2018-20815 and CVE-2019-9824

Signed-off-by: Armin Kuster 
Signed-off-by: Armin Kuster 
---
 .../qemu/qemu/CVE-2018-20815_p1.patch  | 42 +
 .../qemu/qemu/CVE-2018-20815_p2.patch  | 52 ++
 .../recipes-devtools/qemu/qemu/CVE-2019-9824.patch | 47 +++
 meta/recipes-devtools/qemu/qemu_3.0.0.bb   |  3 ++
 4 files changed, 144 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p1.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p2.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-9824.patch

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p1.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p1.patch
new file mode 100644
index 000..c3a5981
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p1.patch
@@ -0,0 +1,42 @@
+From da885fe1ee8b4589047484bd7fa05a4905b52b17 Mon Sep 17 00:00:00 2001
+From: Peter Maydell 
+Date: Fri, 14 Dec 2018 13:30:52 +
+Subject: [PATCH] device_tree.c: Don't use load_image()
+
+The load_image() function is deprecated, as it does not let the
+caller specify how large the buffer to read the file into is.
+Instead use load_image_size().
+
+Signed-off-by: Peter Maydell 
+Reviewed-by: Richard Henderson 
+Reviewed-by: Stefan Hajnoczi 
+Reviewed-by: Michael S. Tsirkin 
+Reviewed-by: Eric Blake 
+Message-id: 20181130151712.2312-9-peter.mayd...@linaro.org
+
+Upstream-Status: Backport
+CVE: CVE-2018-20815
+affects <= 3.0.1
+
+Signed-off-by: Armin Kuster 
+
+---
+ device_tree.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/device_tree.c b/device_tree.c
+index 6d9c972..296278e 100644
+--- a/device_tree.c
 b/device_tree.c
+@@ -91,7 +91,7 @@ void *load_device_tree(const char *filename_path, int *sizep)
+ /* First allocate space in qemu for device tree */
+ fdt = g_malloc0(dt_size);
+ 
+-dt_file_load_size = load_image(filename_path, fdt);
++dt_file_load_size = load_image_size(filename_path, fdt, dt_size);
+ if (dt_file_load_size < 0) {
+ error_report("Unable to open device tree file '%s'",
+  filename_path);
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p2.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p2.patch
new file mode 100644
index 000..d01e874
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p2.patch
@@ -0,0 +1,52 @@
+From 065e6298a75164b4347682b63381dbe752c2b156 Mon Sep 17 00:00:00 2001
+From: Markus Armbruster 
+Date: Tue, 9 Apr 2019 19:40:18 +0200
+Subject: [PATCH] device_tree: Fix integer overflowing in load_device_tree()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If the value of get_image_size() exceeds INT_MAX / 2 - 1, the
+computation of @dt_size overflows to a negative number, which then
+gets converted to a very large size_t for g_malloc0() and
+load_image_size().  In the (fortunately improbable) case g_malloc0()
+succeeds and load_image_size() survives, we'd assign the negative
+number to *sizep.  What that would do to the callers I can't say, but
+it's unlikely to be good.
+
+Fix by rejecting images whose size would overflow.
+
+Reported-by: Kurtis Miller 
+Signed-off-by: Markus Armbruster 
+Reviewed-by: Philippe Mathieu-Daudé 
+Signed-off-by: Alistair Francis 
+Message-Id: <20190409174018.25798-1-arm...@redhat.com>
+
+Upstream-Status: Backport
+CVE: CVE-2018-20815
+affects <= 3.0.1
+
+Signed-off-by: Armin Kuster 
+
+---
+ device_tree.c | 4 
+ 1 file changed, 4 insertions(+)
+
+diff --git a/device_tree.c b/device_tree.c
+index 296278e..f8b46b3 100644
+--- a/device_tree.c
 b/device_tree.c
+@@ -84,6 +84,10 @@ void *load_device_tree(const char *filename_path, int 
*sizep)
+  filename_path);
+ goto fail;
+ }
++if (dt_size > INT_MAX / 2 - 1) {
++error_report("Device tree file '%s' is too large", filename_path);
++goto fail;
++}
+ 
+ /* Expand to 2x size to give enough room for manipulation.  */
+ dt_size += 1;
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-9824.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2019-9824.patch
new file mode 100644
index 000..7f83006
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-9824.patch
@@ -0,0 +1,47 @@
+From d3222975c7d6cda9e25809dea05241188457b113 Mon Sep 17 00:00:00 2001
+From: William Bowling 
+Date: Fri, 1 Mar 2019 21:45:56 +
+Subject: [PATCH 1/1] slirp: check sscanf result when emulating ident
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+When emulating ident in tcp_emu, if the strchr checks passed but the
+sscanf check 

[OE-core] [thud] 27/30] glibc: backport CVE fixes

[Armin Kuster]

From: Ross Burton 

Backport the fixes for several CVEs from the 2.28 stable branch:
- CVE-2016-10739
- CVE-2018-19591

Signed-off-by: Ross Burton 
[Dropped CVE-2019-9169 as its in my contrib already]
Signed-off-by: Armin Kuster 
---
 meta/recipes-core/glibc/glibc/CVE-2016-10739.patch | 232 +
 meta/recipes-core/glibc/glibc/CVE-2018-19591.patch |  48 +
 meta/recipes-core/glibc/glibc_2.28.bb  |   2 +
 3 files changed, 282 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2016-10739.patch
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2018-19591.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2016-10739.patch 
b/meta/recipes-core/glibc/glibc/CVE-2016-10739.patch
new file mode 100644
index 000..7eb55d6
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2016-10739.patch
@@ -0,0 +1,232 @@
+CVE: CVE-2016-10739
+Upstream-Status: Backport
+Signed-off-by: Ross Burton 
+
+From 8e92ca5dd7a7e38a4dddf1ebc4e1e8f0cb27e4aa Mon Sep 17 00:00:00 2001
+From: Florian Weimer 
+Date: Mon, 21 Jan 2019 08:59:42 +0100
+Subject: [PATCH] resolv: Reformat inet_addr, inet_aton to GNU style
+
+(cherry picked from commit 5e30b8ef0758763effa115634e0ed7d8938e4bc0)
+---
+ ChangeLog  |   5 ++
+ resolv/inet_addr.c | 192 -
+ 2 files changed, 106 insertions(+), 91 deletions(-)
+
+diff --git a/resolv/inet_addr.c b/resolv/inet_addr.c
+index 022f7ea084..32f58b0e13 100644
+--- a/resolv/inet_addr.c
 b/resolv/inet_addr.c
+@@ -1,3 +1,21 @@
++/* Legacy IPv4 text-to-address functions.
++   Copyright (C) 2019 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   .  */
++
+ /*
+  * Copyright (c) 1983, 1990, 1993
+  *The Regents of the University of California.  All rights reserved.
+@@ -78,105 +96,97 @@
+ #include 
+ #include 
+ 
+-/*
+- * Ascii internet address interpretation routine.
+- * The value returned is in network order.
+- */
++/* ASCII IPv4 Internet address interpretation routine.  The value
++   returned is in network order.  */
+ in_addr_t
+-__inet_addr(const char *cp) {
+-  struct in_addr val;
++__inet_addr (const char *cp)
++{
++  struct in_addr val;
+ 
+-  if (__inet_aton(cp, ))
+-  return (val.s_addr);
+-  return (INADDR_NONE);
++  if (__inet_aton (cp, ))
++return val.s_addr;
++  return INADDR_NONE;
+ }
+ weak_alias (__inet_addr, inet_addr)
+ 
+-/*
+- * Check whether "cp" is a valid ascii representation
+- * of an Internet address and convert to a binary address.
+- * Returns 1 if the address is valid, 0 if not.
+- * This replaces inet_addr, the return value from which
+- * cannot distinguish between failure and a local broadcast address.
+- */
++/* Check whether "cp" is a valid ASCII representation of an IPv4
++   Internet address and convert it to a binary address.  Returns 1 if
++   the address is valid, 0 if not.  This replaces inet_addr, the
++   return value from which cannot distinguish between failure and a
++   local broadcast address.  */
+ int
+-__inet_aton(const char *cp, struct in_addr *addr)
++__inet_aton (const char *cp, struct in_addr *addr)
+ {
+-  static const in_addr_t max[4] = { 0x, 0xff, 0x, 0xff };
+-  in_addr_t val;
+-  char c;
+-  union iaddr {
+-uint8_t bytes[4];
+-uint32_t word;
+-  } res;
+-  uint8_t *pp = res.bytes;
+-  int digit;
+-
+-  int saved_errno = errno;
+-  __set_errno (0);
+-
+-  res.word = 0;
+-
+-  c = *cp;
+-  for (;;) {
+-  /*
+-   * Collect number up to ``.''.
+-   * Values are specified as for C:
+-   * 0x=hex, 0=octal, isdigit=decimal.
+-   */
+-  if (!isdigit(c))
+-  goto ret_0;
+-  {
+-  char *endp;
+-  unsigned long ul = strtoul (cp, (char **) , 0);
+-  if (ul == ULONG_MAX && errno == ERANGE)
+-  goto ret_0;
+-  if (ul > 0xul)
+-  goto ret_0;
+-  val = ul;
+-  digit = cp != endp;
+-  cp = endp;
+-  }
+-  

[OE-core] [thud] 29/30] glib: Security fix for CVE-2019-9633

[Armin Kuster]

From: Armin Kuster 

Source: gnome.org
MR: 98802
Type: Security Fix
Disposition: Backport from 
https://gitlab.gnome.org/GNOME/glib/commit/d553d92d6e9f53cbe5a34166fcb919ba652c6a8e
ChangeID: b73c332f27f47ddc1b1cfd7424f24778acc0c318
Description:

includes supporting patch.
Fixes CVE-2019-9633

Signed-off-by: Armin Kuster 
Signed-off-by: Armin Kuster 
---
 .../glib-2.0/glib-2.0/CVE-2019-9633_p1.patch   | 316 +
 .../glib-2.0/glib-2.0/CVE-2019-9633_p2.patch   | 231 +++
 meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb  |   2 +
 3 files changed, 549 insertions(+)
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-9633_p1.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-9633_p2.patch

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-9633_p1.patch 
b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-9633_p1.patch
new file mode 100644
index 000..f95716a
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-9633_p1.patch
@@ -0,0 +1,316 @@
+From c1e32b90576af11556c8a9178e43902f3394a4b0 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis 
+Date: Mon, 29 Oct 2018 09:53:07 -0400
+Subject: [PATCH] gsocketclient: Improve handling of slow initial connections
+
+Currently a new connection will not be attempted until the previous
+one has timed out and as the current API only exposes a single
+timeout value in practice it often means that it will wait 30 seconds
+(or forever with 0 (the default)) on each connection.
+
+This is unacceptable so we are now trying to follow the behavior
+RFC 8305 recommends by making multiple connection attempts if
+the connection takes longer than 250ms. The first connection
+to make it to completion then wins.
+
+Upstream-Status: Backport
+CVE: CVE-2019-9633 patch 1
+Affects: < 2.59.2
+Signed-off-by: Armin Kuster 
+
+---
+ gio/gsocketclient.c | 176 
+ 1 file changed, 151 insertions(+), 25 deletions(-)
+
+diff --git a/gio/gsocketclient.c b/gio/gsocketclient.c
+index ddd1497..5c6513c 100644
+--- a/gio/gsocketclient.c
 b/gio/gsocketclient.c
+@@ -2,6 +2,7 @@
+  *
+  * Copyright © 2008, 2009 codethink
+  * Copyright © 2009 Red Hat, Inc
++ * Copyright © 2018 Igalia S.L.
+  *
+  * This library is free software; you can redistribute it and/or
+  * modify it under the terms of the GNU Lesser General Public
+@@ -49,6 +50,10 @@
+ #include 
+ #include "glibintl.h"
+ 
++/* As recommended by RFC 8305 this is the time it waits
++ * on a connection before starting another concurrent attempt.
++ */
++#define HAPPY_EYEBALLS_CONNECTION_ATTEMPT_TIMEOUT_MS 250
+ 
+ /**
+  * SECTION:gsocketclient
+@@ -1328,28 +1333,82 @@ typedef struct
+   GSocketConnectable *connectable;
+   GSocketAddressEnumerator *enumerator;
+   GProxyAddress *proxy_addr;
+-  GSocketAddress *current_addr;
+-  GSocket *current_socket;
++  GSocket *socket;
+   GIOStream *connection;
+ 
++  GSList *connection_attempts;
+   GError *last_error;
+ } GSocketClientAsyncConnectData;
+ 
++static void connection_attempt_unref (gpointer attempt);
++
+ static void
+ g_socket_client_async_connect_data_free (GSocketClientAsyncConnectData *data)
+ {
+   g_clear_object (>connectable);
+   g_clear_object (>enumerator);
+   g_clear_object (>proxy_addr);
+-  g_clear_object (>current_addr);
+-  g_clear_object (>current_socket);
++  g_clear_object (>socket);
+   g_clear_object (>connection);
++  g_slist_free_full (data->connection_attempts, connection_attempt_unref);
+ 
+   g_clear_error (>last_error);
+ 
+   g_slice_free (GSocketClientAsyncConnectData, data);
+ }
+ 
++typedef struct
++{
++  GSocketAddress *address;
++  GSocket *socket;
++  GIOStream *connection;
++  GSocketClientAsyncConnectData *data; /* unowned */
++  GSource *timeout_source;
++  GCancellable *cancellable;
++  grefcount ref;
++} ConnectionAttempt;
++
++static ConnectionAttempt *
++connection_attempt_new (void)
++{
++  ConnectionAttempt *attempt = g_new0 (ConnectionAttempt, 1);
++  g_ref_count_init (>ref);
++  return attempt;
++}
++
++static ConnectionAttempt *
++connection_attempt_ref (ConnectionAttempt *attempt)
++{
++  g_ref_count_inc (>ref);
++  return attempt;
++}
++
++static void
++connection_attempt_unref (gpointer pointer)
++{
++  ConnectionAttempt *attempt = pointer;
++  if (g_ref_count_dec (>ref))
++{
++  g_clear_object (>address);
++  g_clear_object (>socket);
++  g_clear_object (>connection);
++  g_clear_object (>cancellable);
++  if (attempt->timeout_source)
++{
++  g_source_destroy (attempt->timeout_source);
++  g_source_unref (attempt->timeout_source);
++}
++  g_free (attempt);
++}
++}
++
++static void
++connection_attempt_remove (ConnectionAttempt *attempt)
++{
++  attempt->data->connection_attempts = g_slist_remove 
(attempt->data->connection_attempts, attempt);
++  connection_attempt_unref (attempt);
++}
++
+ static void
+ g_socket_client_async_connect_complete 

[OE-core] [thud] 30/30] uboot-sign.bbclass: Remove tab indentations in python code

[Armin Kuster]

From: Robert Yang 

Use 4 spaces to replace a tab.

Signed-off-by: Robert Yang 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 meta/classes/uboot-sign.bbclass | 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass
index 8ee904e..afaf46f 100644
--- a/meta/classes/uboot-sign.bbclass
+++ b/meta/classes/uboot-sign.bbclass
@@ -80,16 +80,16 @@ do_concat_dtb () {
 }
 
 python () {
-   uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'
-   if d.getVar('UBOOT_SIGN_ENABLE') == '1' and d.getVar('PN') == uboot_pn:
-   kernel_pn = d.getVar('PREFERRED_PROVIDER_virtual/kernel')
+uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'
+if d.getVar('UBOOT_SIGN_ENABLE') == '1' and d.getVar('PN') == uboot_pn:
+kernel_pn = d.getVar('PREFERRED_PROVIDER_virtual/kernel')
 
-   # u-boot.dtb and u-boot-nodtb.bin are deployed _before_ 
do_deploy
-   # Thus, do_deploy_setscene will also populate them in 
DEPLOY_IMAGE_DIR
-   bb.build.addtask('do_deploy_dtb', 'do_deploy', 'do_compile', d)
+# u-boot.dtb and u-boot-nodtb.bin are deployed _before_ do_deploy
+# Thus, do_deploy_setscene will also populate them in DEPLOY_IMAGE_DIR
+bb.build.addtask('do_deploy_dtb', 'do_deploy', 'do_compile', d)
 
-   # do_concat_dtb is scheduled _before_ do_install as it 
overwrite the
-   # u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR.
-   bb.build.addtask('do_concat_dtb', 'do_install', None, d)
-   d.appendVarFlag('do_concat_dtb', 'depends', ' 
%s:do_assemble_fitimage' % kernel_pn)
+# do_concat_dtb is scheduled _before_ do_install as it overwrite the
+# u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR.
+bb.build.addtask('do_concat_dtb', 'do_install', None, d)
+d.appendVarFlag('do_concat_dtb', 'depends', ' %s:do_assemble_fitimage' 
% kernel_pn)
 }
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 26/30] lighttpd: fix CVE-2019-11072

[Armin Kuster]

From: Ross Burton 

Signed-off-by: Ross Burton 
Signed-off-by: Armin Kuster 
---
 .../lighttpd/lighttpd/fix-http-parseopts.patch | 51 ++
 meta/recipes-extended/lighttpd/lighttpd_1.4.51.bb  |  1 +
 2 files changed, 52 insertions(+)
 create mode 100644 
meta/recipes-extended/lighttpd/lighttpd/fix-http-parseopts.patch

diff --git a/meta/recipes-extended/lighttpd/lighttpd/fix-http-parseopts.patch 
b/meta/recipes-extended/lighttpd/lighttpd/fix-http-parseopts.patch
new file mode 100644
index 000..f3a0402
--- /dev/null
+++ b/meta/recipes-extended/lighttpd/lighttpd/fix-http-parseopts.patch
@@ -0,0 +1,51 @@
+CVE: CVE-2019-11072
+Upstream-Status: Backport
+Signed-off-by: Ross Burton 
+
+From 32120d5b8b3203fc21ccb9eafb0eaf824bb59354 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss 
+Date: Wed, 10 Apr 2019 11:28:10 -0400
+Subject: [PATCH] [core] fix abort in http-parseopts (fixes #2945)
+
+fix abort in server.http-parseopts with url-path-2f-decode enabled
+
+(thx stze)
+
+x-ref:
+  "Security - SIGABRT during GET request handling with url-path-2f-decode 
enabled"
+  https://redmine.lighttpd.net/issues/2945
+---
+ src/burl.c| 6 --
+ src/t/test_burl.c | 2 ++
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/burl.c b/src/burl.c
+index 51182628..c4b928fd 100644
+--- a/src/burl.c
 b/src/burl.c
+@@ -252,8 +252,10 @@ static int burl_normalize_2F_to_slash_fix (buffer *b, int 
qs, int i)
+ }
+ }
+ if (qs >= 0) {
+-memmove(s+j, s+qs, blen - qs);
+-j += blen - qs;
++const int qslen = blen - qs;
++memmove(s+j, s+qs, (size_t)qslen);
++qs = j;
++j += qslen;
+ }
+ buffer_string_set_length(b, j);
+ return qs;
+diff --git a/src/t/test_burl.c b/src/t/test_burl.c
+index 7be9be50..f7a16815 100644
+--- a/src/t/test_burl.c
 b/src/t/test_burl.c
+@@ -97,6 +97,8 @@ static void test_burl_normalize (void) {
+ flags |= HTTP_PARSEOPT_URL_NORMALIZE_PATH_2F_DECODE;
+ run_burl_normalize(psrc, ptmp, flags, __LINE__, 
CONST_STR_LEN("/a/b?c=/"), CONST_STR_LEN("/a/b?c=/"));
+ run_burl_normalize(psrc, ptmp, flags, __LINE__, 
CONST_STR_LEN("/a/b?c=%2f"), CONST_STR_LEN("/a/b?c=/"));
++run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("%2f?"), 
CONST_STR_LEN("/?"));
++run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/%2f?"), 
CONST_STR_LEN("//?"));
+ run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/a%2fb"), 
CONST_STR_LEN("/a/b"));
+ run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/a%2Fb"), 
CONST_STR_LEN("/a/b"));
+ run_burl_normalize(psrc, ptmp, flags, __LINE__, 
CONST_STR_LEN("/a%2fb?c=/"), CONST_STR_LEN("/a/b?c=/"));
diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.51.bb 
b/meta/recipes-extended/lighttpd/lighttpd_1.4.51.bb
index f28fd2f..5c828da 100644
--- a/meta/recipes-extended/lighttpd/lighttpd_1.4.51.bb
+++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.51.bb
@@ -18,6 +18,7 @@ SRC_URI = 
"http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.t
 file://lighttpd \
 file://lighttpd.service \
 file://0001-Use-pkg-config-for-pcre-dependency-instead-of-config.patch 
\
+file://fix-http-parseopts.patch \
 "
 
 SRC_URI[md5sum] = "6e68c19601af332fa3c5f174245f59bf"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 25/30] uninative: Update to 2.6 release

[Armin Kuster]

From: Richard Purdie 

The 2.6 release contains both libcrypt.so.1 and libcrypt.so.2 which fixes
compatibility with recent fedora/suse releases.

The difference is one is built with obsolete APIs enabled and one disabled.
We now ship both in uninative for compatibility regardless of which distro
a binary is built on.

Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 meta/conf/distro/include/yocto-uninative.inc | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/conf/distro/include/yocto-uninative.inc 
b/meta/conf/distro/include/yocto-uninative.inc
index 0bb8f7a..df24346 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -8,7 +8,7 @@
 
 UNINATIVE_MAXGLIBCVERSION = "2.29"
 
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.5/;
-UNINATIVE_CHECKSUM[aarch64] ?= 
"ca977ff95c77f983570141908d451ff7d78add2864471605af404302bb36a1fa"
-UNINATIVE_CHECKSUM[i686] ?= 
"7b5822891c293795faf8a4a80586b36f8cde405387524916a24f9055ea82f7ca"
-UNINATIVE_CHECKSUM[x86_64] ?= 
"ed0ac07c710b711925cb976685dd855fb1d442dd840d00194751c18bf480c4ed"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.6/;
+UNINATIVE_CHECKSUM[aarch64] ?= 
"a37118fc8b423f48146120707b81dd15017512c3e8ef9e6ca2cb3a033f4f4046"
+UNINATIVE_CHECKSUM[i686] ?= 
"3234fc3ded810225071f23a0e9a99f4f8c2480059945a848eff076ce78122ade"
+UNINATIVE_CHECKSUM[x86_64] ?= 
"133387753a9acf3e1b788103c59fac91e968e2ee331d7a4b9498e926ada7be57"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 24/30] uninative: Switch from bz2 to xz

[Armin Kuster]

From: Richard Purdie 

(From OE-Core rev: 29fc9210b973be68de474e75068e4c72371afe5a)

Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 meta/classes/uninative.bbclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/classes/uninative.bbclass b/meta/classes/uninative.bbclass
index ba99fb6..3326c0d 100644
--- a/meta/classes/uninative.bbclass
+++ b/meta/classes/uninative.bbclass
@@ -2,7 +2,7 @@ UNINATIVE_LOADER ?= 
"${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux/lib/
 UNINATIVE_STAGING_DIR ?= "${STAGING_DIR}"
 
 UNINATIVE_URL ?= "unset"
-UNINATIVE_TARBALL ?= "${BUILD_ARCH}-nativesdk-libc.tar.bz2"
+UNINATIVE_TARBALL ?= "${BUILD_ARCH}-nativesdk-libc.tar.xz"
 # Example checksums
 #UNINATIVE_CHECKSUM[aarch64] = "dead"
 #UNINATIVE_CHECKSUM[i686] = "dead"
@@ -89,7 +89,7 @@ python uninative_event_fetchloader() {
 cmd = d.expand("\
 mkdir -p ${UNINATIVE_STAGING_DIR}-uninative; \
 cd ${UNINATIVE_STAGING_DIR}-uninative; \
-tar -xjf ${UNINATIVE_DLDIR}/%s/${UNINATIVE_TARBALL}; \
+tar -xJf ${UNINATIVE_DLDIR}/%s/${UNINATIVE_TARBALL}; \
 ${UNINATIVE_STAGING_DIR}-uninative/relocate_sdk.py \
   ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux \
   ${UNINATIVE_LOADER} \
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 22/30] qemu: Security fix for CVE-2019-12155

[Armin Kuster]

From: Armin Kuster 

Source: qemu.org
MR: 98382
Type: Security Fix
Disposition: Backport from 
https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
ChangeID: e4e5983ec1fa489eb8a0db08d1afa0606e59dde3
Description:

Fixes CVE-2019-12155
Affects: <= 4.0.0
Signed-off-by: Armin Kuster 
---
 .../qemu/qemu/CVE-2019-12155.patch | 38 ++
 meta/recipes-devtools/qemu/qemu_3.0.0.bb   |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch
new file mode 100644
index 000..8a5ece5
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch
@@ -0,0 +1,38 @@
+From d52680fc932efb8a2f334cc6993e705ed1e31e99 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit 
+Date: Thu, 25 Apr 2019 12:05:34 +0530
+Subject: [PATCH] qxl: check release info object
+
+When releasing spice resources in release_resource() routine,
+if release info object 'ext.info' is null, it leads to null
+pointer dereference. Add check to avoid it.
+
+Reported-by: Bugs SysSec 
+Signed-off-by: Prasad J Pandit 
+Message-id: 20190425063534.32747-1-ppan...@redhat.com
+Signed-off-by: Gerd Hoffmann 
+
+Upstream-Status: Backport
+https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
+
+CVE: CVE-2019-12155
+Affects: <= 4.0.0
+Signed-off-by: Armin Kuster 
+---
+ hw/display/qxl.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: qemu-3.0.0/hw/display/qxl.c
+===
+--- qemu-3.0.0.orig/hw/display/qxl.c
 qemu-3.0.0/hw/display/qxl.c
+@@ -764,6 +764,9 @@ static void interface_release_resource(Q
+ QXLReleaseRing *ring;
+ uint64_t *item, id;
+ 
++if (!ext.info) {
++return;
++}
+ if (ext.group_id == MEMSLOT_GROUP_HOST) {
+ /* host group -> vga mode update request */
+ QXLCommandExt *cmdext = (void *)(intptr_t)(ext.info->id);
diff --git a/meta/recipes-devtools/qemu/qemu_3.0.0.bb 
b/meta/recipes-devtools/qemu/qemu_3.0.0.bb
index 992cf7b..63a6468 100644
--- a/meta/recipes-devtools/qemu/qemu_3.0.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_3.0.0.bb
@@ -31,6 +31,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2018-19364_p1.patch \
file://CVE-2018-19364_p2.patch \
file://CVE-2018-19489.patch \
+   file://CVE-2019-12155.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 21/30] Curl: Securiyt fix CVE-2019-5435 CVE-2019-5436

[Armin Kuster]

From: Armin Kuster 

Source: CUrl.org
MR: 98455
Type: Security Fix
Disposition: Backport from https://curl.haxx.se/
ChangeID: 86b094a440ea473b114764e8d64df8142d561609
Description:

Fixes CVE-2019-5435 CVE-2019-5436

Signed-off-by: Armin Kuster 
---
 meta/recipes-support/curl/curl/CVE-2019-5435.patch | 200 +
 meta/recipes-support/curl/curl/CVE-2019-5436.patch |  32 
 meta/recipes-support/curl/curl_7.61.0.bb   |   2 +
 3 files changed, 234 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2019-5435.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2019-5436.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2019-5435.patch 
b/meta/recipes-support/curl/curl/CVE-2019-5435.patch
new file mode 100644
index 000..8ac5554
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2019-5435.patch
@@ -0,0 +1,200 @@
+From 5fc28510a4664f46459d9a40187d81cc08571e60 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg 
+Date: Mon, 29 Apr 2019 08:00:49 +0200
+Subject: [PATCH] CURL_MAX_INPUT_LENGTH: largest acceptable string input size
+
+This limits all accepted input strings passed to libcurl to be less than
+CURL_MAX_INPUT_LENGTH (800) bytes, for these API calls:
+curl_easy_setopt() and curl_url_set().
+
+The 800 number is arbitrary picked and is meant to detect mistakes
+or abuse, not to limit actual practical use cases. By limiting the
+acceptable string lengths we also reduce the risk of integer overflows
+all over.
+
+NOTE: This does not apply to `CURLOPT_POSTFIELDS`.
+
+Test 1559 verifies.
+
+Closes #3805
+
+Upstream-Status: Backport
+Dropped a few changes to apply against this version
+https://github.com/curl/curl/commit/5fc28510a4664f4
+
+CVE: CVE-2019-5435
+affects: libcurl 7.19.4 to and including 7.64.1
+Signed-off-by: Armin Kuster 
+
+---
+ lib/setopt.c   |  7 +
+ lib/urldata.h  |  4 +++
+ 7 files changed, 146 insertions(+), 3 deletions(-)
+ create mode 100644 tests/data/test1559
+ create mode 100644 tests/libtest/lib1559.c
+
+Index: curl-7.61.0/lib/setopt.c
+===
+--- curl-7.61.0.orig/lib/setopt.c
 curl-7.61.0/lib/setopt.c
+@@ -60,6 +60,13 @@ CURLcode Curl_setstropt(char **charp, co
+   if(s) {
+ char *str = strdup(s);
+ 
++if(str) {
++  size_t len = strlen(str);
++  if(len > CURL_MAX_INPUT_LENGTH) {
++free(str);
++return CURLE_BAD_FUNCTION_ARGUMENT;
++  }
++}
+ if(!str)
+   return CURLE_OUT_OF_MEMORY;
+ 
+Index: curl-7.61.0/lib/urldata.h
+===
+--- curl-7.61.0.orig/lib/urldata.h
 curl-7.61.0/lib/urldata.h
+@@ -79,6 +79,10 @@
+ */
+ #define RESP_TIMEOUT (1800*1000)
+ 
++/* Max string intput length is a precaution against abuse and to detect junk
++   input easier and better. */
++#define CURL_MAX_INPUT_LENGTH 800
++
+ #include "cookie.h"
+ #include "psl.h"
+ #include "formdata.h"
+Index: curl-7.61.0/tests/data/test1559
+===
+--- /dev/null
 curl-7.61.0/tests/data/test1559
+@@ -0,0 +1,44 @@
++
++
++
++CURLOPT_URL
++
++
++
++
++
++
++
++
++none
++
++
++# require HTTP so that CURLOPT_POSTFIELDS works as assumed
++
++http
++
++
++lib1559
++
++
++
++Set excessive URL lengths
++
++
++
++#
++# Verify that the test runs to completion without crashing
++
++
++0
++
++
++CURLOPT_URL 1000 bytes URL == 43
++CURLOPT_POSTFIELDS 1000 bytes data == 0
++CURLUPART_URL 1000 bytes URL == 3
++CURLUPART_SCHEME 1000 bytes scheme == 3
++CURLUPART_USER 1000 bytes user == 3
++
++
++
++
+Index: curl-7.61.0/tests/libtest/lib1559.c
+===
+--- /dev/null
 curl-7.61.0/tests/libtest/lib1559.c
+@@ -0,0 +1,78 @@
++/***
++ *  _   _   _
++ *  Project ___| | | |  _ \| |
++ * / __| | | | |_) | |
++ *| (__| |_| |  _ <| |___
++ * \___|\___/|_| \_\_|
++ *
++ * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al.
++ *
++ * This software is licensed as described in the file COPYING, which
++ * you should have received as part of this distribution. The terms
++ * are also available at https://curl.haxx.se/docs/copyright.html.
++ *
++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
++ * copies of the Software, and permit persons to whom the Software is
++ * furnished to do so, under the terms of the COPYING file.
++ *
++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
++ * KIND, either express or implied.
++ *
++ ***/
++#include "test.h"
++
++#include "testutil.h"
++#include "warnless.h"

[OE-core] [thud] 23/30] yocto-uninative: Update to 2.5 release

[Armin Kuster]

From: Richard Purdie 

This includes libstdc++ changes from gcc 9.X.

It also switches uninative from bz2 to xz compression.

Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 meta/conf/distro/include/yocto-uninative.inc | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/conf/distro/include/yocto-uninative.inc 
b/meta/conf/distro/include/yocto-uninative.inc
index 59ccd69..0bb8f7a 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -8,7 +8,7 @@
 
 UNINATIVE_MAXGLIBCVERSION = "2.29"
 
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.4/;
-UNINATIVE_CHECKSUM[aarch64] ?= 
"af2e2faf6cf00ff45cc1bcd5e3fb00cee7f79b3ec7c3be15917ad4ff8c154cfe"
-UNINATIVE_CHECKSUM[i686] ?= 
"fafacfc537a6ce2bd122bd16c146881ab5ac69bd575abf6cb68a0dd33fa70ea2"
-UNINATIVE_CHECKSUM[x86_64] ?= 
"06f91685b782f2ccfedf3070b3ba0fe4a5ba2f0766dad5c9d1642dccf95accd0"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.5/;
+UNINATIVE_CHECKSUM[aarch64] ?= 
"ca977ff95c77f983570141908d451ff7d78add2864471605af404302bb36a1fa"
+UNINATIVE_CHECKSUM[i686] ?= 
"7b5822891c293795faf8a4a80586b36f8cde405387524916a24f9055ea82f7ca"
+UNINATIVE_CHECKSUM[x86_64] ?= 
"ed0ac07c710b711925cb976685dd855fb1d442dd840d00194751c18bf480c4ed"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 20/30] wget: Security fix for CVE-2019-5953

[Armin Kuster]

From: Armin Kuster 

Source: http://git.savannah.gnu.org/cgit/wget.git
MR: 89341
Type: Security Fix
Disposition: Backport from 
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c
ChangeID: 1c19a2fd7ead88cc4ee92d425179d60d4635864b
Description:

Fixes CVE-2019-5953
Affects: < 1.20.1
Signed-off-by: Armin Kuster 
---
 .../recipes-extended/wget/wget/CVE-2019-5953.patch | 51 ++
 meta/recipes-extended/wget/wget_1.19.5.bb  |  1 +
 2 files changed, 52 insertions(+)
 create mode 100644 meta/recipes-extended/wget/wget/CVE-2019-5953.patch

diff --git a/meta/recipes-extended/wget/wget/CVE-2019-5953.patch 
b/meta/recipes-extended/wget/wget/CVE-2019-5953.patch
new file mode 100644
index 000..e43e8e5
--- /dev/null
+++ b/meta/recipes-extended/wget/wget/CVE-2019-5953.patch
@@ -0,0 +1,51 @@
+From 692d5c5215de0db482c252492a92fc424cc6a97c Mon Sep 17 00:00:00 2001
+From: Tim Ruehsen 
+Date: Fri, 5 Apr 2019 11:50:44 +0200
+Subject: [PATCH] Fix a buffer overflow vulnerability
+
+* src/iri.c(do_conversion): Reallocate the output buffer to a larger
+  size if it is already full
+
+Upstream-Status: Backport
+http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c
+CVE: CVE-2019-5953
+Signed-off-by: Armin Kuster 
+
+---
+ src/iri.c | 12 +---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+Index: wget-1.19.5/src/iri.c
+===
+--- wget-1.19.5.orig/src/iri.c
 wget-1.19.5/src/iri.c
+@@ -151,8 +151,11 @@ do_conversion (const char *tocode, const
+   *out = s = xmalloc (outlen + 1);
+   done = 0;
+ 
++  DEBUGP (("iconv %s -> %s\n", tocode, fromcode));
++
+   for (;;)
+ {
++  DEBUGP (("iconv outlen=%d inlen=%d\n", outlen, inlen));
+   if (iconv (cd, (ICONV_CONST char **) , , out, ) != 
(size_t)(-1) &&
+   iconv (cd, NULL, NULL, out, ) != (size_t)(-1))
+ {
+@@ -187,11 +190,14 @@ do_conversion (const char *tocode, const
+ }
+   else if (errno == E2BIG) /* Output buffer full */
+ {
++  logprintf (LOG_VERBOSE,
++_("Reallocate output buffer len=%d outlen=%d 
inlen=%d\n"), len, outlen, inlen);
+   tooshort++;
+   done = len;
+-  len = outlen = done + inlen * 2;
+-  s = xrealloc (s, outlen + 1);
+-  *out = s + done;
++  len = done + inlen * 2;
++  s = xrealloc (s, len + 1);
++  *out = s + done - outlen;
++  outlen += inlen * 2;
+ }
+   else /* Weird, we got an unspecified error */
+ {
diff --git a/meta/recipes-extended/wget/wget_1.19.5.bb 
b/meta/recipes-extended/wget/wget_1.19.5.bb
index e37d8c7..920b74d 100644
--- a/meta/recipes-extended/wget/wget_1.19.5.bb
+++ b/meta/recipes-extended/wget/wget_1.19.5.bb
@@ -1,6 +1,7 @@
 SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
file://0002-improve-reproducibility.patch \
+   file://CVE-2019-5953.patch \
   "
 
 SRC_URI[md5sum] = "2db6f03d655041f82eb64b8c8a1fa7da"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 16/30] wpa_supplicant: Changed systemd template units

[Armin Kuster]

From: Joshua DeWeese 

I goofed up the scissor line on the last attempt. Not sure how much it matters,
but here it is correct this time.

Here it is, updated to work with wpa-supplicant_2.6.bb.

-- >8 --
https://www.freedesktop.org/software/systemd/man/systemd.unit.html#WantedBy=

When building root filesystems with any of the wpa_supplicant systemd
template service files enabled (current default is to have them disabled) the
systemd-native-fake script would not process the line:

Alias=multi-user.target.wants/wpa_supplicant@%i.service

appropriately due the the use of "%i."

According to the systemd documentation "WantedBy=foo.service in a service
bar.service is mostly equivalent to Alias=foo.service.wants/bar.service in
the same file." However, this is not really the intended purpose of install
Aliases.

All lines of the form:

Alias=multi-user.target.wants/*%i.service

Were replaced with the following lines:

WantedBy=multi-user.target

Signed-off-by: Joshua DeWeese 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 ...place-systemd-install-Alias-with-WantedBy.patch | 52 ++
 .../wpa-supplicant/wpa-supplicant_2.6.bb   |  1 +
 2 files changed, 53 insertions(+)
 create mode 100644 
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch

diff --git 
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
 
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
new file mode 100644
index 000..a476cf0
--- /dev/null
+++ 
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
@@ -0,0 +1,52 @@
+From 94c401733a5a3d294cc412671166e6adfb409f53 Mon Sep 17 00:00:00 2001
+From: Joshua DeWeese 
+Date: Wed, 30 Jan 2019 16:19:47 -0500
+Subject: [PATCH] replace systemd install Alias with WantedBy
+
+According to the systemd documentation "WantedBy=foo.service in a
+service bar.service is mostly equivalent to
+Alias=foo.service.wants/bar.service in the same file." However,
+this is not really the intended purpose of install Aliases.
+
+Upstream-Status: Submitted [hos...@lists.infradead.org]
+
+Signed-off-by: Joshua DeWeese 
+---
+ wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | 2 +-
+ wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in   | 2 +-
+ wpa_supplicant/systemd/wpa_supplicant.service.arg.in | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in 
b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
+index 03ac507..da69a87 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
 b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant 
-c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I
+ 
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant-nl80211@%i.service
++WantedBy=multi-user.target
+diff --git a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in 
b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
+index c8a744d..ca3054b 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
 b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant 
-c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I
+ 
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant-wired@%i.service
++WantedBy=multi-user.target
+diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in 
b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+index 7788b38..55d2b9c 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
 b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant 
-c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
+ 
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant@%i.service
++WantedBy=multi-user.target
+-- 
+2.7.4
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb 
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
index aa4c4c2..c92ed4a 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
@@ -33,6 +33,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz  
\
file://key-replay-cve-multiple7.patch \
file://key-replay-cve-multiple8.patch \
file://wpa_supplicant-CVE-2018-14526.patch \
+   file://0001-replace-systemd-install-Alias-with-WantedBy.patch \
   "
 SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"
 SRC_URI[sha256sum] = 
"b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"
-- 
2.7.4

-- 

[OE-core] [thud] 19/30] glib-2.0: Security fix for CVE-2019-12450

[Armin Kuster]

From: Armin Kuster 

Source: glib-2.0
MR: 98443
Type: Security Fix
Disposition: Backport from 
https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
ChangeID: 880b9b349cb8d82c7c1314a3657ec9094baba741
Description:

Signed-off-by: Armin Kuster 
---
 .../glib-2.0/glib-2.0/CVE-2019-12450.patch | 59 ++
 meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb  |  1 +
 2 files changed, 60 insertions(+)
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch 
b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch
new file mode 100644
index 000..37ad580
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch
@@ -0,0 +1,59 @@
+From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy 
+Date: Thu, 23 May 2019 10:41:53 +0200
+Subject: [PATCH] gfile: Limit access to files when copying
+
+file_copy_fallback creates new files with default permissions and
+set the correct permissions after the operation is finished. This
+might cause that the files can be accessible by more users during
+the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
+files to limit access to those files.
+
+Upstream-Status: Backport
+https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
+CVE: CVE-2019-12450
+Signed-off-by: Armin kuster 
+
+---
+ gio/gfile.c | 11 ++-
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/gio/gfile.c b/gio/gfile.c
+index 24b136d..74b5804 100644
+--- a/gio/gfile.c
 b/gio/gfile.c
+@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile  *source,
+ out = (GOutputStream*)_g_local_file_output_stream_replace 
(_g_local_file_get_filename (G_LOCAL_FILE (destination)),
+FALSE, 
NULL,
+flags & 
G_FILE_COPY_BACKUP,
+-   
G_FILE_CREATE_REPLACE_DESTINATION,
+-   info,
++   
G_FILE_CREATE_REPLACE_DESTINATION |
++   
G_FILE_CREATE_PRIVATE, info,
+
cancellable, error);
+   else
+ out = (GOutputStream*)_g_local_file_output_stream_create 
(_g_local_file_get_filename (G_LOCAL_FILE (destination)),
+-  FALSE, 0, 
info,
++  FALSE, 
G_FILE_CREATE_PRIVATE, info,
+   
cancellable, error);
+ }
+   else if (flags & G_FILE_COPY_OVERWRITE)
+@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile  *source,
+   out = (GOutputStream *)g_file_replace (destination,
+  NULL,
+  flags & G_FILE_COPY_BACKUP,
+- 
G_FILE_CREATE_REPLACE_DESTINATION,
++ 
G_FILE_CREATE_REPLACE_DESTINATION |
++ G_FILE_CREATE_PRIVATE,
+  cancellable, error);
+ }
+   else
+ {
+-  out = (GOutputStream *)g_file_create (destination, 0, cancellable, 
error);
++  out = (GOutputStream *)g_file_create (destination, 
G_FILE_CREATE_PRIVATE, cancellable, error);
+ }
+ 
+   if (!out)
+-- 
+2.7.4
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb 
b/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb
index 1271a7c..879bc48 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb
@@ -14,6 +14,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz 
\
file://0001-Do-not-ignore-return-value-of-write.patch \
file://0010-Do-not-hardcode-python-path-into-various-tools.patch \
file://date-lt.patch \
+   file://CVE-2019-12450.patch \
"
 
 SRC_URI_append_class-native = " file://relocate-modules.patch"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 17/30] qemu: Security fix for CVE-2018-19489

[Armin Kuster]

From: Armin Kuster 

Source: Qemu.org
MR: 97453
Type: Security Fix
Disposition: Backport from git.qemu.org/gemu.git

ChangeID: a06fcb432d447cec2ed1caf112822dd1b4831ace
Description:

In the spirt of YP Compatible, sending change upstream.

fixes CVE CVE-2018-19489

Affect < = 4.0.0

Signed-off-by: Armin Kuster 
Signed-off-by: Armin Kuster 
---
 .../qemu/qemu/CVE-2018-19489.patch | 83 ++
 meta/recipes-devtools/qemu/qemu_3.0.0.bb   |  1 +
 2 files changed, 84 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-19489.patch

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-19489.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2018-19489.patch
new file mode 100644
index 000..7619e2a
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-19489.patch
@@ -0,0 +1,83 @@
+From 1d20398694a3b67a388d955b7a945ba4aa90a8a8 Mon Sep 17 00:00:00 2001
+From: Greg Kurz 
+Date: Fri, 23 Nov 2018 13:28:03 +0100
+Subject: [PATCH] 9p: fix QEMU crash when renaming files
+
+When using the 9P2000.u version of the protocol, the following shell
+command line in the guest can cause QEMU to crash:
+
+while true; do rm -rf aa; mkdir -p a/b & touch a/b/c & mv a aa; done
+
+With 9P2000.u, file renaming is handled by the WSTAT command. The
+v9fs_wstat() function calls v9fs_complete_rename(), which calls
+v9fs_fix_path() for every fid whose path is affected by the change.
+The involved calls to v9fs_path_copy() may race with any other access
+to the fid path performed by some worker thread, causing a crash like
+shown below:
+
+Thread 12 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
+0x55a25da2 in local_open_nofollow (fs_ctx=0x57d958b8, path=0x0,
+ flags=65536, mode=0) at hw/9pfs/9p-local.c:59
+59  while (*path && fd != -1) {
+(gdb) bt
+#0  0x55a25da2 in local_open_nofollow (fs_ctx=0x57d958b8,
+ path=0x0, flags=65536, mode=0) at hw/9pfs/9p-local.c:59
+#1  0x55a25e0c in local_opendir_nofollow (fs_ctx=0x57d958b8,
+ path=0x0) at hw/9pfs/9p-local.c:92
+#2  0x55a261b8 in local_lstat (fs_ctx=0x57d958b8,
+ fs_path=0x56b56858, stbuf=0x7fff84830ef0) at hw/9pfs/9p-local.c:185
+#3  0x55a2b367 in v9fs_co_lstat (pdu=0x57d97498,
+ path=0x56b56858, stbuf=0x7fff84830ef0) at hw/9pfs/cofile.c:53
+#4  0x55a1e9e2 in v9fs_stat (opaque=0x57d97498)
+ at hw/9pfs/9p.c:1083
+#5  0x55e060a2 in coroutine_trampoline (i0=-669165424, i1=32767)
+ at util/coroutine-ucontext.c:116
+#6  0x7fffef4f5600 in __start_context () at /lib64/libc.so.6
+#7  0x in  ()
+(gdb)
+
+The fix is to take the path write lock when calling v9fs_complete_rename(),
+like in v9fs_rename().
+
+Impact:  DoS triggered by unprivileged guest users.
+
+Fixes: CVE-2018-19489
+Cc: P J P 
+Reported-by: zhibin hu 
+Reviewed-by: Prasad J Pandit 
+Signed-off-by: Greg Kurz 
+
+Upstream-Status: Backport
+Affects: < 4.0.0
+CVE: CVE-2018-19489
+Signed-off-by: Armin Kuster 
+
+---
+ hw/9pfs/9p.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index 267a255..bdf7919 100644
+--- a/hw/9pfs/9p.c
 b/hw/9pfs/9p.c
+@@ -2855,6 +2855,7 @@ static void coroutine_fn v9fs_wstat(void *opaque)
+ struct stat stbuf;
+ V9fsFidState *fidp;
+ V9fsPDU *pdu = opaque;
++V9fsState *s = pdu->s;
+ 
+ v9fs_stat_init();
+ err = pdu_unmarshal(pdu, offset, "dwS", , , );
+@@ -2920,7 +2921,9 @@ static void coroutine_fn v9fs_wstat(void *opaque)
+ }
+ }
+ if (v9stat.name.size != 0) {
++v9fs_path_write_lock(s);
+ err = v9fs_complete_rename(pdu, fidp, -1, );
++v9fs_path_unlock(s);
+ if (err < 0) {
+ goto out;
+ }
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/qemu/qemu_3.0.0.bb 
b/meta/recipes-devtools/qemu/qemu_3.0.0.bb
index 59cfc38..992cf7b 100644
--- a/meta/recipes-devtools/qemu/qemu_3.0.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_3.0.0.bb
@@ -30,6 +30,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2018-18849.patch \
file://CVE-2018-19364_p1.patch \
file://CVE-2018-19364_p2.patch \
+   file://CVE-2018-19489.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 15/30] go: update to minor update 1.11.10

[Armin Kuster]

From: Armin Kuster 

Source: golang.org
MR: 97548,
Type: Security Fix
Disposition: Backport from 
https://github.com/golang/go/issues?q=milestone%3AGo1.11.5
ChangeID: 54377c454f038a41bf35dd447a784e3e66db6268
Description:

Bug fix updates only
https://golang.org/doc/devel/release.html#go1.11

Fixes:
Affects <= 1.11.6
CVE-2019-6486
CVE-2019-9741

Signed-off-by: Armin Kuster 
Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/go/go-1.11.inc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-devtools/go/go-1.11.inc 
b/meta/recipes-devtools/go/go-1.11.inc
index d03e26c..401e71f 100644
--- a/meta/recipes-devtools/go/go-1.11.inc
+++ b/meta/recipes-devtools/go/go-1.11.inc
@@ -1,7 +1,7 @@
 require go-common.inc
 
 GO_BASEVERSION = "1.11"
-GO_MINOR = ".4"
+GO_MINOR = ".10"
 PV .= "${GO_MINOR}"
 FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
 
@@ -19,5 +19,5 @@ SRC_URI += "\
 "
 SRC_URI_append_libc-musl = " 
file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
 
-SRC_URI[main.md5sum] = "a77697673215be465d1b583680ef2318"
-SRC_URI[main.sha256sum] = 
"4cfd42720a6b1e79a8024895fa6607b69972e8e32446df76d6ce79801bbadb15"
+SRC_URI[main.md5sum] = "f2d2e44b9954b827daa8ad4d936a7a82"
+SRC_URI[main.sha256sum] = 
"df27e96a9d1d362c46ecd975f1faa56b8c300f5c529074e9ea79bdd885493c1b"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 13/30] go-crosssdk: PN should use SDK_SYS, not TARGET_ARCH

[Armin Kuster]

From: Richard Purdie 

The crosssdk dependencies are handled using the virtual/ namespace so
this name doesn't matter in the general sense. We want to be able to provide
recipe maintainer information through overrides though, so this standardises it
with the behaviour from gcc-crosssdk and ensures the maintainer overrides work.

Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/go/go-crosssdk.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/go/go-crosssdk.inc 
b/meta/recipes-devtools/go/go-crosssdk.inc
index 4391b32..94f6fb8 100644
--- a/meta/recipes-devtools/go/go-crosssdk.inc
+++ b/meta/recipes-devtools/go/go-crosssdk.inc
@@ -1,7 +1,7 @@
 inherit crosssdk
 
 DEPENDS = "go-native virtual/${TARGET_PREFIX}gcc-crosssdk 
virtual/nativesdk-${TARGET_PREFIX}compilerlibs 
virtual/${TARGET_PREFIX}binutils-crosssdk"
-PN = "go-crosssdk-${TARGET_ARCH}"
+PN = "go-crosssdk-${SDK_SYS}"
 PROVIDES = "virtual/${TARGET_PREFIX}go-crosssdk"
 
 export GOHOSTOS = "${BUILD_GOOS}"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 18/30] Tar: Security fix CVE-2019-0023

[Armin Kuster]

From: Armin Kuster 

Source: tar.git
MR: 97928
Type: Security Fix
Disposition: Backport from 
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
ChangeID: 7aee4c0daf8ce813242fe7b872583560a32bc4e3
Description:

Affects tar < 1.32

fixes CVE-2019-9923

Signed-off-by: Armin Kuster 
Signed-off-by: Armin Kuster 
---
 meta/recipes-extended/tar/tar/CVE-2019-9923.patch | 38 +++
 meta/recipes-extended/tar/tar_1.30.bb |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-extended/tar/tar/CVE-2019-9923.patch

diff --git a/meta/recipes-extended/tar/tar/CVE-2019-9923.patch 
b/meta/recipes-extended/tar/tar/CVE-2019-9923.patch
new file mode 100644
index 000..146cbff
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/CVE-2019-9923.patch
@@ -0,0 +1,38 @@
+From cb07844454d8cc9fb21f53ace75975f91185a120 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff 
+Date: Mon, 14 Jan 2019 15:22:09 +0200
+Subject: [PATCH] Fix possible NULL dereference (savannah bug #55369)
+
+* src/sparse.c (pax_decode_header): Check return from find_next_block.
+
+Upstream-Status: Backport
+CVE:  CVE-2019-9923
+Affects: tar < 1.32
+Signed-off-by: Armin kuster 
+
+---
+ src/sparse.c | 4 
+ 1 file changed, 4 insertions(+)
+
+Index: tar-1.30/src/sparse.c
+===
+--- tar-1.30.orig/src/sparse.c
 tar-1.30/src/sparse.c
+@@ -1231,6 +1231,8 @@ pax_decode_header (struct tar_sparse_fil
+  set_next_block_after (b);   \
+file->dumped_size += BLOCKSIZE; \
+b = find_next_block (); \
++   if (!b) \
++ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive"))); \
+src = b->buffer;\
+  endp = b->buffer + BLOCKSIZE;   \
+} \
+@@ -1243,6 +1245,8 @@ pax_decode_header (struct tar_sparse_fil
+   set_next_block_after (current_header);
+   file->dumped_size += BLOCKSIZE;
+   blk = find_next_block ();
++  if (!blk)
++FATAL_ERROR ((0, 0, _("Unexpected EOF in archive")));
+   p = blk->buffer;
+   COPY_BUF (blk,nbuf,p);
+   if (!decode_num (, nbuf, TYPE_MAXIMUM (size_t)))
diff --git a/meta/recipes-extended/tar/tar_1.30.bb 
b/meta/recipes-extended/tar/tar_1.30.bb
index bd24f47..ab1b33b 100644
--- a/meta/recipes-extended/tar/tar_1.30.bb
+++ b/meta/recipes-extended/tar/tar_1.30.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
file://remove-gets.patch \
file://musl_dirent.patch \
+   file://CVE-2019-9923.patch \
 "
 
 SRC_URI[md5sum] = "8404e4c1fc5a3000228ab2b8ad674a65"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 14/30] go: Upgrade 1.11.1 -> 1.11.4 minor release

[Armin Kuster]

From: Khem Raj 

Source: OpenEmbedded.org
MR: 98328, 98329, 98330
Type: Security Fix
Disposition: Backport from 
https://git.openembedded.org/openembedded-core/commit/meta/recipes-devtools/go?h=warrior=b964551a0d08aa921d4e0ceea2f1e28a5e83510e

ChangeID: 0b4cc69c357ba14c4e7a6c7ff926cfc6f09489b2
Description:
include:
CVE-2018-16873
CVE-2018-16874
CVE-2018-16875

Changes: https://golang.org/doc/devel/release.html#go1.11

Signed-off-by: Khem Raj 
Signed-off-by: Richard Purdie 
[Bug fix only update]
Signed-off-by: Armin Kuster 
Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/go/go-1.11.inc|  7 +++
 .../0007-cmd-go-make-GOROOT-precious-by-default.patch   |  6 +++---
 .../go/go-1.11/0008-use-GOBUILDMODE-to-set-buildmode.patch  | 13 +
 3 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/meta/recipes-devtools/go/go-1.11.inc 
b/meta/recipes-devtools/go/go-1.11.inc
index d626514..d03e26c 100644
--- a/meta/recipes-devtools/go/go-1.11.inc
+++ b/meta/recipes-devtools/go/go-1.11.inc
@@ -1,7 +1,7 @@
 require go-common.inc
 
 GO_BASEVERSION = "1.11"
-GO_MINOR = ".1"
+GO_MINOR = ".4"
 PV .= "${GO_MINOR}"
 FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
 
@@ -17,8 +17,7 @@ SRC_URI += "\
 file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
 file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
 "
-
 SRC_URI_append_libc-musl = " 
file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
 
-SRC_URI[main.md5sum] = "eb9e9792247143705a7aacea9398cde0"
-SRC_URI[main.sha256sum] = 
"558f8c169ae215e25b81421596e8de7572bd3ba824b79add22fba6e284db1117"
+SRC_URI[main.md5sum] = "a77697673215be465d1b583680ef2318"
+SRC_URI[main.sha256sum] = 
"4cfd42720a6b1e79a8024895fa6607b69972e8e32446df76d6ce79801bbadb15"
diff --git 
a/meta/recipes-devtools/go/go-1.11/0007-cmd-go-make-GOROOT-precious-by-default.patch
 
b/meta/recipes-devtools/go/go-1.11/0007-cmd-go-make-GOROOT-precious-by-default.patch
index f317e48..29ef947 100644
--- 
a/meta/recipes-devtools/go/go-1.11/0007-cmd-go-make-GOROOT-precious-by-default.patch
+++ 
b/meta/recipes-devtools/go/go-1.11/0007-cmd-go-make-GOROOT-precious-by-default.patch
@@ -65,8 +65,8 @@ Index: go/src/cmd/go/internal/work/exec.go
 ===
 --- go.orig/src/cmd/go/internal/work/exec.go
 +++ go/src/cmd/go/internal/work/exec.go
-@@ -440,6 +440,23 @@ func (b *Builder) build(a *Action) (err
-   return fmt.Errorf("module requires Go %s", p.Module.GoVersion)
+@@ -436,6 +436,23 @@ func (b *Builder) build(a *Action) (err
+   return fmt.Errorf("missing or invalid binary-only package; 
expected file %q", a.Package.Target)
}
  
 +  if goRootPrecious && (a.Package.Standard || a.Package.Goroot) {
@@ -89,7 +89,7 @@ Index: go/src/cmd/go/internal/work/exec.go
if err := b.Mkdir(a.Objdir); err != nil {
return err
}
-@@ -1435,6 +1452,14 @@ func BuildInstallFunc(b *Builder, a *Act
+@@ -1438,6 +1455,14 @@ func BuildInstallFunc(b *Builder, a *Act
return nil
}
  
diff --git 
a/meta/recipes-devtools/go/go-1.11/0008-use-GOBUILDMODE-to-set-buildmode.patch 
b/meta/recipes-devtools/go/go-1.11/0008-use-GOBUILDMODE-to-set-buildmode.patch
index b6ab504..225cf43 100644
--- 
a/meta/recipes-devtools/go/go-1.11/0008-use-GOBUILDMODE-to-set-buildmode.patch
+++ 
b/meta/recipes-devtools/go/go-1.11/0008-use-GOBUILDMODE-to-set-buildmode.patch
@@ -18,11 +18,11 @@ Signed-off-by: Hongxu Jia 
  src/cmd/go/internal/work/build.go | 6 +-
  1 file changed, 5 insertions(+), 1 deletion(-)
 
-diff --git a/src/cmd/go/internal/work/build.go 
b/src/cmd/go/internal/work/build.go
-index 145b875..595d703 100644
 a/src/cmd/go/internal/work/build.go
-+++ b/src/cmd/go/internal/work/build.go
-@@ -218,7 +218,11 @@ func AddBuildFlags(cmd *base.Command) {
+Index: go/src/cmd/go/internal/work/build.go
+===
+--- go.orig/src/cmd/go/internal/work/build.go
 go/src/cmd/go/internal/work/build.go
+@@ -223,7 +223,11 @@ func AddBuildFlags(cmd *base.Command) {
  
cmd.Flag.Var(, "asmflags", "")
cmd.Flag.Var(buildCompiler{}, "compiler", "")
@@ -35,6 +35,3 @@ index 145b875..595d703 100644
cmd.Flag.Var(, "gcflags", "")
cmd.Flag.Var(, "gccgoflags", "")
cmd.Flag.StringVar(, "mod", "", "")
--- 
-2.7.4
-
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 12/30] go-target.inc: fix go not found while multilib enabled

[Armin Kuster]

From: Hongxu Jia 

Go binaries were installed to ${libdir}/go/bin, and create symlink
in ${bindir}, while enabling multilib, libdir was extended (such as
/usr/lib64), but BASELIB was not (still /lib), so use
baselib (such as /lib64)) to replace

Signed-off-by: Hongxu Jia 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/go/go-target.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/go/go-target.inc 
b/meta/recipes-devtools/go/go-target.inc
index c229ab2..379f87b 100644
--- a/meta/recipes-devtools/go/go-target.inc
+++ b/meta/recipes-devtools/go/go-target.inc
@@ -40,7 +40,7 @@ do_install() {
for f in ${B}/${GO_BUILD_BINDIR}/*; do
name=`basename $f`
install -m 0755 $f ${D}${libdir}/go/bin/
-   ln -sf ../${BASELIB}/go/bin/$name ${D}${bindir}/
+   ln -sf ../${baselib}/go/bin/$name ${D}${bindir}/
done
 }
 
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 11/30] cairo: fix CVE-2018-19876 CVE-2019-6461 CVE-2019-6462

[Armin Kuster]

From: Ross Burton 

Source: OpenEmbedded.org
MR: 97538, 97543
Type: Security Fix
Disposition: Backport from 
https://git.openembedded.org/openembedded-core/commit/meta/recipes-graphics/cairo?h=warrior=078e4d5c2114d942806cd0d5ad501805a011e841
ChangeID: fa8bdd44ad8613bb0679a1f6d9d670c3b47a0677
Description:

CVE-2018-19876 is a backport from upstream.

CVE-2019-6461 and CVE-2019-6462 are patches taken from Clear Linux.

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
[Dropped CVE-2018-19876, not affected]
Issue was introduced in 1.15.8 by:
commit 721b7ea0a785afaa04b6da63f970c3c57666fdfe

Signed-off-by: Armin Kuster 
Signed-off-by: Armin Kuster 
---
 .../recipes-graphics/cairo/cairo/CVE-2019-6461.patch | 19 +++
 .../recipes-graphics/cairo/cairo/CVE-2019-6462.patch | 20 
 meta/recipes-graphics/cairo/cairo_1.14.12.bb |  2 ++
 3 files changed, 41 insertions(+)
 create mode 100644 meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
 create mode 100644 meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch

diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch 
b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
new file mode 100644
index 000..5232cf7
--- /dev/null
+++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
@@ -0,0 +1,19 @@
+There is a potential infinite-loop in function _arc_error_normalized().
+
+CVE: CVE-2019-6461
+Upstream-Status: Pending
+Signed-off-by: Ross Burton 
+
+diff --git a/src/cairo-arc.c b/src/cairo-arc.c
+index 390397bae..f9249dbeb 100644
+--- a/src/cairo-arc.c
 b/src/cairo-arc.c
+@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
+ do {
+   angle = M_PI / i++;
+   error = _arc_error_normalized (angle);
+-} while (error > tolerance);
++} while (error > tolerance && error > __DBL_EPSILON__);
+ 
+ return angle;
+ }
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch 
b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
new file mode 100644
index 000..4e4598c
--- /dev/null
+++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
@@ -0,0 +1,20 @@
+There is an assertion in function _cairo_arc_in_direction().
+
+CVE: CVE-2019-6462
+Upstream-Status: Pending
+Signed-off-by: Ross Burton 
+
+diff --git a/src/cairo-arc.c b/src/cairo-arc.c
+index 390397bae..1bde774a4 100644
+--- a/src/cairo-arc.c
 b/src/cairo-arc.c
+@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
+ if (cairo_status (cr))
+ return;
+ 
+-assert (angle_max >= angle_min);
++if (angle_max < angle_min)
++   return;
+ 
+ if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
+   angle_max = fmod (angle_max - angle_min, 2 * M_PI);
diff --git a/meta/recipes-graphics/cairo/cairo_1.14.12.bb 
b/meta/recipes-graphics/cairo/cairo_1.14.12.bb
index 18b9479..08026c4 100644
--- a/meta/recipes-graphics/cairo/cairo_1.14.12.bb
+++ b/meta/recipes-graphics/cairo/cairo_1.14.12.bb
@@ -25,6 +25,8 @@ DEPENDS = "fontconfig glib-2.0 libpng pixman zlib"
 SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \
file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \ 
file://0001-cairo-Fix-CVE-2017-9814.patch \
+   file://CVE-2019-6461.patch \
+   file://CVE-2019-6462.patch \
   "
 
 SRC_URI[md5sum] = "9f0db9dbfca0966be8acd682e636d165"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 09/30] cups: upgrade to 2.2.9

[Armin Kuster]

From: Chen Qi 

Source: OpenEmbedded.org
MR: 97351
Type: Integration
Disposition: Backport from 
https://git.openembedded.org/openembedded-core/commit/meta/recipes-extended/cups?h=warrior=ee57d79aec06e9b160cf2713636cda650ba68d5a
ChangeID: ee57d79aec06e9b160cf2713636cda650ba68d5a
Description:

The following patch is rebased.

  0001-don-t-try-to-run-generated-binaries.patch

Signed-off-by: Chen Qi 
Signed-off-by: Richard Purdie 

CUPS 2.2.9 is a bug fix release that addresses issues in the scheduler,
IPP Everywhere support, CUPS library, and USB printer support. Changes include:

Localization changes (Issue #5348, Issue #5362, Issue #5408)
Documentation updates (Issue #5369)
The lpadmin command would create a non-working printer in some error cases
(Issue #5305)
The scheduler would crash if an empty AccessLog directive was specified
(Issue #5309)
Fixed a regression in the changes to ippValidateAttribute (Issue #5322,
Issue #5330)
Fixed a crash bug in the Epson dot matrix driver (Issue #5323)
Automatic debug logging of job errors did not work with systemd (Issue 
#5337)
The web interface did not list the IPP Everywhere "driver" (Issue #5338)
The IPP Everywhere "driver" now properly supports face-up printers
(Issue #5345)
Fixed some typos in the label printer drivers (Issue #5350)
Multi-file jobs could get stuck if the backend failed (Issue #5359,
Issue #5413)
The IPP Everywhere "driver" no longer does local filtering when printing to
a shared CUPS printer (Issue #5361)
The lpadmin command now correctly reports IPP errors when configuring an
IPP Everywhere printer (Issue #5370)
Fixed some memory leaks discovered by Coverity (Issue #5375)
The PPD compiler incorrectly terminated JCL options (Issue #5379)
The cupstestppd utility did not generate errors for missing/mismatched
CloseUI/JCLCloseUI keywords (Issue #5381)
The scheduler now reports the actual location of the log file (Issue #5398)
Added a USB quirk rule (Issue #5420)
The scheduler was being backgrounded on macOS, causing applications to spin
(rdar://40436080)
The scheduler did not validate that required initial request attributes were
in the operation group (rdar://41098178)
Authentication in the web interface did not work on macOS (rdar://4173)
Fixed an issue with HTTP Digest authentication (rdar://41709086)
The scheduler could crash when job history was purged (rdar://42198057)
Dropped non-working RSS subscriptions UI from web interface templates.
Fixed a memory leak for some IPP (extension) syntaxes.

Signed-off-by: Armin Kuster 
Signed-off-by: Armin Kuster 
---
 .../0001-don-t-try-to-run-generated-binaries.patch | 29 +++---
 .../cups/{cups_2.2.8.bb => cups_2.2.9.bb}  |  4 +--
 2 files changed, 17 insertions(+), 16 deletions(-)
 rename meta/recipes-extended/cups/{cups_2.2.8.bb => cups_2.2.9.bb} (40%)

diff --git 
a/meta/recipes-extended/cups/cups/0001-don-t-try-to-run-generated-binaries.patch
 
b/meta/recipes-extended/cups/cups/0001-don-t-try-to-run-generated-binaries.patch
index db013cf..d6a69f2 100644
--- 
a/meta/recipes-extended/cups/cups/0001-don-t-try-to-run-generated-binaries.patch
+++ 
b/meta/recipes-extended/cups/cups/0001-don-t-try-to-run-generated-binaries.patch
@@ -1,20 +1,21 @@
-Upstream-Status: Inappropriate [embedded specific]
-
-From 90069586167b930befce7303aea57078f04b4ed8 Mon Sep 17 00:00:00 2001
+From 1fb07162a9ed187cccf06e34c9bf841d15c6e64e Mon Sep 17 00:00:00 2001
 From: Koen Kooi 
 Date: Sun, 30 Jan 2011 16:37:27 +0100
 Subject: [PATCH] don't try to run generated binaries
 
+Upstream-Status: Inappropriate [embedded specific]
+
 Signed-off-by: Koen Kooi 
+
 ---
- ppdc/Makefile |   30 +++---
- 1 files changed, 15 insertions(+), 15 deletions(-)
+ ppdc/Makefile | 32 
+ 1 file changed, 16 insertions(+), 16 deletions(-)
 
-Index: cups-2.2.6/ppdc/Makefile
-===
 cups-2.2.6.orig/ppdc/Makefile
-+++ cups-2.2.6/ppdc/Makefile
-@@ -228,8 +228,8 @@ genstrings:genstrings.o libcupsppdc.a
+diff --git a/ppdc/Makefile b/ppdc/Makefile
+index e563988..973dd3f 100644
+--- a/ppdc/Makefile
 b/ppdc/Makefile
+@@ -189,8 +189,8 @@ genstrings:genstrings.o libcupsppdc.a 
../cups/$(LIBCUPSSTATIC) \
$(LD_CXX) $(ARCHFLAGS) $(LDFLAGS) -o genstrings genstrings.o \
libcupsppdc.a ../cups/$(LIBCUPSSTATIC) $(LIBGSSAPI) $(SSLLIBS) \
$(DNSSDLIBS) $(COMMONLIBS) $(LIBZ)
@@ -25,10 +26,10 @@ Index: cups-2.2.6/ppdc/Makefile
  
  
  #
-@@ -246,9 +246,9 @@ ppdc-static:   ppdc.o libcupsppdc.a ../cu
-   $(LD_CXX) $(ARCHFLAGS) $(LDFLAGS) -o ppdc-static ppdc.o libcupsppdc.a \
+@@ -209,9 +209,9 @@ ppdc-static:   ppdc.o libcupsppdc.a 
../cups/$(LIBCUPSSTATIC) foo.drv foo-fr.po

[OE-core] [thud] 10/30] cups: upgrade to 2.2.10

[Armin Kuster]

From: Chen Qi 

Source: OpenEmbedded.org
MR: 97351
Type: Security Fix
Disposition: Backport from 
https://git.openembedded.org/openembedded-core/commit/meta/recipes-extended/cups?h=warrior=fbe7a0c9bab7c9be7fd2c0da8b2af61e66de1ebd
ChangeID: fbe7a0c9bab7c9be7fd2c0da8b2af61e66de1ebd
Description:

Signed-off-by: Chen Qi 
Signed-off-by: Richard Purdie 

CUPS 2.2.10 is a bug fix release that addresses issues in the scheduler, IPP 
Everywhere support, CUPS library, and USB printer support. Changes include:

CVE-2018-4300: Linux session cookies used a predictable random number seed.
The lpoptions command now works with IPP Everywhere printers that have not 
yet been added as local queues (Issue #5045)
Added USB quirk rules (Issue #5395, Issue #5443)
The generated PPD files for IPP Everywhere printers did not contain the 
cupsManualCopies keyword (Issue #5433)
Kerberos credentials might be truncated (Issue #5435)
The handling of MaxJobTime 0 did not match the documentation (Issue #5438)
Incorporated the page accounting changes from CUPS 2.3 (Issue #5439)
Fixed a bug adding a queue with the -E option (Issue #5440)
Fixed a crash bug when mapping PPD duplex options to IPP attributes 
(rdar://46183976)

Signed-off-by: Armin Kuster 
Signed-off-by: Armin Kuster 
---
 meta/recipes-extended/cups/{cups_2.2.9.bb => cups_2.2.10.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-extended/cups/{cups_2.2.9.bb => cups_2.2.10.bb} (40%)

diff --git a/meta/recipes-extended/cups/cups_2.2.9.bb 
b/meta/recipes-extended/cups/cups_2.2.10.bb
similarity index 40%
rename from meta/recipes-extended/cups/cups_2.2.9.bb
rename to meta/recipes-extended/cups/cups_2.2.10.bb
index fcd96ef..490c84e 100644
--- a/meta/recipes-extended/cups/cups_2.2.9.bb
+++ b/meta/recipes-extended/cups/cups_2.2.10.bb
@@ -2,5 +2,5 @@ require cups.inc
 
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=f212b4338db0da8cb892e94bf2949460"
 
-SRC_URI[md5sum] = "798e83bb1a240f5417a252903d83ae0c"
-SRC_URI[sha256sum] = 
"6d22d5da253b97643320da0bf95574acd85ff2abe3ec1a51d36093841d891156"
+SRC_URI[md5sum] = "3d22d747403ec5dcd0b66d1332564816"
+SRC_URI[sha256sum] = 
"77c8b2b3bb7fe8b5fbfffc307f2c817b2d7ec67b657f261a1dd1c61ab81205bb"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 07/30] sqlite3: Security fixes for CVE-2018-20505 & 20506

[Armin Kuster]

From: Armin Kuster 

Source: sqlite.org
MR: 97484, 97490
Type: Security Fix
Disposition: Backport from sqilte.org
ChangeID: c6105b5d3ce4fb2c0f38c3cab745b769d2df38f5
Description:

Affects < 3.26.0
fixes:
CVE-2018-20505
CVE-2018-20506

Signed-off-by: Armin Kuster 
Signed-off-by: Armin Kuster 
---
 .../sqlite/files/CVE-2018-20505.patch  |  31 +++
 .../sqlite/files/CVE-2018-20506.patch  | 103 +
 meta/recipes-support/sqlite/sqlite3_3.23.1.bb  |   2 +
 3 files changed, 136 insertions(+)
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2018-20505.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2018-20506.patch

diff --git a/meta/recipes-support/sqlite/files/CVE-2018-20505.patch 
b/meta/recipes-support/sqlite/files/CVE-2018-20505.patch
new file mode 100644
index 000..d1119f3
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2018-20505.patch
@@ -0,0 +1,31 @@
+From: D. Richard Hipp 
+Date: Sat, 3 Nov 2018 13:11:24 + (+)
+Subject: Fix a assert() in the query planner that can arise when doing 
row-value
+X-Git-Tag: version-3.26.0~59
+X-Git-Url: 
https://repo.or.cz/sqlite.git/commitdiff_plain/24298027a30cf7941f16a8cc878d0c1f9f14308f
+
+Fix a assert() in the query planner that can arise when doing row-value
+operations on a PRIMARY KEY that contains duplicate columns.
+Ticket [1a84668dcfdebaf12415d].
+
+https://sqlite.org/src/info/1a84668dcfdebaf12415d
+
+upstream-Status: Backport
+CVE: CVE-2018-20505
+affects <= 3.26.0
+
+Signed-off-by: Armin Kuster 
+
+Index: sqlite-autoconf-3230100/sqlite3.c
+===
+--- sqlite-autoconf-3230100.orig/sqlite3.c
 sqlite-autoconf-3230100/sqlite3.c
+@@ -131231,7 +131231,7 @@ static Expr *removeUnindexableInClauseTe
+ for(i=iEq; inLTerm; i++){
+   if( pLoop->aLTerm[i]->pExpr==pX ){
+ int iField = pLoop->aLTerm[i]->iField - 1;
+-assert( pOrigRhs->a[iField].pExpr!=0 );
++if( pOrigRhs->a[iField].pExpr==0 ) continue; /* Duplicate PK column */
+ pRhs = sqlite3ExprListAppend(pParse, pRhs, pOrigRhs->a[iField].pExpr);
+ pOrigRhs->a[iField].pExpr = 0;
+ assert( pOrigLhs->a[iField].pExpr!=0 );
diff --git a/meta/recipes-support/sqlite/files/CVE-2018-20506.patch 
b/meta/recipes-support/sqlite/files/CVE-2018-20506.patch
new file mode 100644
index 000..7919f9b
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2018-20506.patch
@@ -0,0 +1,103 @@
+From: Dan Kennedy 
+Date: Sat, 3 Nov 2018 16:51:30 + (+)
+Subject: Add extra defenses against strategically corrupt databases to fts3/4.
+X-Git-Tag: version-3.26.0~58
+X-Git-Url: 
https://repo.or.cz/sqlite.git/commitdiff_plain/19816852d4e82e115338b1997540c26a1b794d18
+
+Add extra defenses against strategically corrupt databases to fts3/4.
+
+https://sqlite.org/src/info/940f2adc8541a838
+
+Upstream-Status: Backport
+CVE: CVE-2018-20506
+Affects <= 3.26.0
+
+Signed-off-by: Armin Kuster 
+
+Index: sqlite-autoconf-3230100/sqlite3.c
+===
+--- sqlite-autoconf-3230100.orig/sqlite3.c
 sqlite-autoconf-3230100/sqlite3.c
+@@ -152368,7 +152368,7 @@ static int fts3ScanInteriorNode(
+   const char *zCsr = zNode;   /* Cursor to iterate through node */
+   const char *zEnd = [nNode];/* End of interior node buffer */
+   char *zBuffer = 0;  /* Buffer to load terms into */
+-  int nAlloc = 0; /* Size of allocated buffer */
++  i64 nAlloc = 0; /* Size of allocated buffer */
+   int isFirstTerm = 1;/* True when processing first term on page 
*/
+   sqlite3_int64 iChild;   /* Block id of child node to descend to */
+ 
+@@ -152406,14 +152406,14 @@ static int fts3ScanInteriorNode(
+ zCsr += fts3GetVarint32(zCsr, );
+ 
+ assert( nPrefix>=0 && nSuffix>=0 );
+-if( [nSuffix]>zEnd ){
++if( nPrefix>zCsr-zNode || nSuffix>zEnd-zCsr ){
+   rc = FTS_CORRUPT_VTAB;
+   goto finish_scan;
+ }
+-if( nPrefix+nSuffix>nAlloc ){
++if( (i64)nPrefix+nSuffix>nAlloc ){
+   char *zNew;
+-  nAlloc = (nPrefix+nSuffix) * 2;
+-  zNew = (char *)sqlite3_realloc(zBuffer, nAlloc);
++  nAlloc = ((i64)nPrefix+nSuffix) * 2;
++  zNew = (char *)sqlite3_realloc64(zBuffer, nAlloc);
+   if( !zNew ){
+ rc = SQLITE_NOMEM;
+ goto finish_scan;
+@@ -162012,15 +162012,19 @@ static int fts3SegReaderNext(
+   ** safe (no risk of overread) even if the node data is corrupted. */
+   pNext += fts3GetVarint32(pNext, );
+   pNext += fts3GetVarint32(pNext, );
+-  if( nPrefix<0 || nSuffix<=0 
+-   || [nSuffix]>>aNode[pReader->nNode] 
++  if( nSuffix<=0 
++   || (>aNode[pReader->nNode] - pNext)pReader->nTermAlloc
+   ){
+ return FTS_CORRUPT_VTAB;
+   }
+ 
+-  if( nPrefix+nSuffix>pReader->nTermAlloc ){
+-int nNew = (nPrefix+nSuffix)*2;
+-char *zNew = sqlite3_realloc(pReader->zTerm, 

[OE-core] [thud] 08/30] file: Multiple Secruity fixes

[Armin Kuster]

From: Armin Kuster 

Source: https://github.com/file
MR: 97573, 97578, 97583, 97588
Type: Security Fix
Disposition: Backport from https://github.com/file/file
ChangeID: 159e532d518623f19ba777c8edc24d2dc7e3a4e9
Description:

CVE-2019-8905 is the same fix as CVE-2019-8907

Affects < 5.36.0

Fixes:
CVE-2019-8904
CVE-2019-8906
CVE-2019-8906
CVE-2019-8907

Signed-off-by: Armin Kuster 
Signed-off-by: Armin Kuster 
---
 .../recipes-devtools/file/file/CVE-2019-8904.patch |  30 ++
 .../file/file/CVE-2019-8905_CVE-2019-8907.patch| 120 +
 .../recipes-devtools/file/file/CVE-2019-8906.patch |  27 +
 meta/recipes-devtools/file/file_5.34.bb|   3 +
 4 files changed, 180 insertions(+)
 create mode 100644 meta/recipes-devtools/file/file/CVE-2019-8904.patch
 create mode 100644 
meta/recipes-devtools/file/file/CVE-2019-8905_CVE-2019-8907.patch
 create mode 100644 meta/recipes-devtools/file/file/CVE-2019-8906.patch

diff --git a/meta/recipes-devtools/file/file/CVE-2019-8904.patch 
b/meta/recipes-devtools/file/file/CVE-2019-8904.patch
new file mode 100644
index 000..5c3d6f7
--- /dev/null
+++ b/meta/recipes-devtools/file/file/CVE-2019-8904.patch
@@ -0,0 +1,30 @@
+From 94b7501f48e134e77716e7ebefc73d6bbe72ba55 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas 
+Date: Mon, 18 Feb 2019 17:30:41 +
+Subject: [PATCH] PR/62: spinpx: Avoid non-nul-terminated string read.
+
+Upstream-Status: Backport
+CVE: CVE-2019-8904
+Affects < 5.36
+[Fixup for thud context]
+Signed-off-by: Armin Kuster 
+
+---
+ src/readelf.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+Index: git/src/readelf.c
+===
+--- git.orig/src/readelf.c
 git/src/readelf.c
+@@ -558,8 +558,8 @@ do_bid_note(struct magic_set *ms, unsign
+   }
+   if (namesz == 4 && strcmp((char *)[noff], "Go") == 0 &&
+   type == NT_GO_BUILD_ID && descsz < 128) {
+-  if (file_printf(ms, ", Go BuildID=%s",
+-  (char *)[doff]) == -1)
++  if (file_printf(ms, ", Go BuildID=%.*s",
++  CAST(int, descsz), CAST(char *, [doff])) == -1)
+   return 1;
+   return 1;
+   }
diff --git a/meta/recipes-devtools/file/file/CVE-2019-8905_CVE-2019-8907.patch 
b/meta/recipes-devtools/file/file/CVE-2019-8905_CVE-2019-8907.patch
new file mode 100644
index 000..a55b94c
--- /dev/null
+++ b/meta/recipes-devtools/file/file/CVE-2019-8905_CVE-2019-8907.patch
@@ -0,0 +1,120 @@
+From d65781527c8134a1202b2649695d48d5701ac60b Mon Sep 17 00:00:00 2001
+From: Christos Zoulas 
+Date: Mon, 18 Feb 2019 17:46:56 +
+Subject: [PATCH] PR/62: spinpx: limit size of file_printable.
+
+Upstream-Status: Backport
+CVE: CVE-2019-8905
+CVE: CVE-2019-8907
+affects < 5.36
+
+Signed-off-by: Armin Kuster 
+
+---
+ src/file.h  |  4 ++--
+ src/funcs.c |  9 +
+ src/readelf.c   |  7 ---
+ src/softmagic.c | 14 --
+ 4 files changed, 19 insertions(+), 15 deletions(-)
+
+Index: git/src/file.h
+===
+--- git.orig/src/file.h
 git/src/file.h
+@@ -501,7 +501,7 @@ protected int file_looks_utf8(const unsi
+ size_t *);
+ protected size_t file_pstring_length_size(const struct magic *);
+ protected size_t file_pstring_get_length(const struct magic *, const char *);
+-protected char * file_printable(char *, size_t, const char *);
++protected char * file_printable(char *, size_t, const char *, size_t);
+ #ifdef __EMX__
+ protected int file_os2_apptype(struct magic_set *, const char *, const void *,
+ size_t);
+Index: git/src/funcs.c
+===
+--- git.orig/src/funcs.c
 git/src/funcs.c
+@@ -595,12 +595,13 @@ file_pop_buffer(struct magic_set *ms, fi
+  * convert string to ascii printable format.
+  */
+ protected char *
+-file_printable(char *buf, size_t bufsiz, const char *str)
++file_printable(char *buf, size_t bufsiz, const char *str, size_t slen)
+ {
+-  char *ptr, *eptr;
++  char *ptr, *eptr = buf + bufsiz - 1;
+   const unsigned char *s = (const unsigned char *)str;
++  const unsigned char *es = s + slen;
+ 
+-  for (ptr = buf, eptr = ptr + bufsiz - 1; ptr < eptr && *s; s++) {
++  for (ptr = buf;  ptr < eptr && s < es && *s; s++) {
+   if (isprint(*s)) {
+   *ptr++ = *s;
+   continue;
+Index: git/src/readelf.c
+===
+--- git.orig/src/readelf.c
 git/src/readelf.c
+@@ -750,7 +750,7 @@ do_core_note(struct magic_set *ms, unsig
+   if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
+   "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",
+   file_printable(sbuf, sizeof(sbuf),
+-  CAST(char *, pi.cpi_name)),
++  

[OE-core] [thud] 05/30] python: add a fix for CVE-2019-9948 and CVE-2019-9636

[Armin Kuster]

From: Martin Jansa 

Source: OpenEmbedded.org
MR: 98320, 98319
Type: Security Fix
Disposition: Backport from 
https://git.openembedded.org/openembedded-core/commit/meta/recipes-devtools/python/python_2.7.16.bb?id=9d23b982fa4e0290761b3d15f6959779fed72ad6
ChangeID: e79b6fe3b7b4253bf0d76b029070ae869d5234bd
Description:

Fixes:
CVE-2019-9948
CVE-2019-9636

CVE-2019-9940 is a dup of 9948 per python.org
CVE-2019-9947 appears to be a dup of 9940 per 
https://bugs.python.org/issue30458#msg295067

Signed-off-by: Martin Jansa 
Signed-off-by: Richard Purdie 
[Minor clean up for thud]
Signed-off-by: Armin Kuster 
Signed-off-by: Armin Kuster 
---
 .../python/bpo-35907-cve-2019-9948-fix.patch   |  55 ++
 .../python/python/bpo-35907-cve-2019-9948.patch|  55 ++
 .../python/bpo-36216-cve-2019-9636-fix.patch   |  28 ++
 .../python/python/bpo-36216-cve-2019-9636.patch| 111 +
 meta/recipes-devtools/python/python_2.7.16.bb  |   4 +
 5 files changed, 253 insertions(+)
 create mode 100644 
meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948-fix.patch
 create mode 100644 
meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch
 create mode 100644 
meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch
 create mode 100644 
meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636.patch

diff --git 
a/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948-fix.patch 
b/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948-fix.patch
new file mode 100644
index 000..b267237
--- /dev/null
+++ b/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948-fix.patch
@@ -0,0 +1,55 @@
+From 179a5f75f1121dab271fe8f90eb35145f9dcbbda Mon Sep 17 00:00:00 2001
+From: Sihoon Lee 
+Date: Fri, 17 May 2019 02:41:06 +0900
+Subject: [PATCH] Update test_urllib.py and urllib.py\nchange assertEqual into
+ assertRasies in DummyURLopener test, and simplify mitigation
+
+Upstream-Status: Submitted https://github.com/python/cpython/pull/11842
+
+CVE: CVE-2019-9948
+
+Signed-off-by: Martin Jansa 
+---
+ Lib/test/test_urllib.py | 11 +++
+ Lib/urllib.py   |  4 ++--
+ 2 files changed, 5 insertions(+), 10 deletions(-)
+
+diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
+index e5f210e62a18..1e23dfb0bb16 100644
+--- a/Lib/test/test_urllib.py
 b/Lib/test/test_urllib.py
+@@ -1027,14 +1027,9 @@ def test_local_file_open(self):
+ class DummyURLopener(urllib.URLopener):
+ def open_local_file(self, url):
+ return url
+-self.assertEqual(DummyURLopener().open(
+-'local-file://example'), '//example')
+-self.assertEqual(DummyURLopener().open(
+-'local_file://example'), '//example')
+-self.assertRaises(IOError, urllib.urlopen,
+-'local-file://example')
+-self.assertRaises(IOError, urllib.urlopen,
+-'local_file://example')
++for url in ('local_file://example', 'local-file://example'):
++self.assertRaises(IOError, DummyURLopener().open, url)
++self.assertRaises(IOError, urllib.urlopen, url)
+ 
+ # Just commented them out.
+ # Can't really tell why keep failing in windows and sparc.
+diff --git a/Lib/urllib.py b/Lib/urllib.py
+index a24e9a5c68fb..39b834054e9e 100644
+--- a/Lib/urllib.py
 b/Lib/urllib.py
+@@ -203,10 +203,10 @@ def open(self, fullurl, data=None):
+ name = 'open_' + urltype
+ self.type = urltype
+ name = name.replace('-', '_')
+-
++
+ # bpo-35907: # disallow the file reading with the type not allowed
+ if not hasattr(self, name) or \
+-(self == _urlopener and name == 'open_local_file'):
++getattr(self, name) == self.open_local_file:
+ if proxy:
+ return self.open_unknown_proxy(proxy, fullurl, data)
+ else:
diff --git a/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch 
b/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch
new file mode 100644
index 000..f4c225d
--- /dev/null
+++ b/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch
@@ -0,0 +1,55 @@
+From 8f99cc799e4393bf1112b9395b2342f81b3f45ef Mon Sep 17 00:00:00 2001
+From: push0ebp 
+Date: Thu, 14 Feb 2019 02:05:46 +0900
+Subject: [PATCH] bpo-35907: Avoid file reading as disallowing the unnecessary
+ URL scheme in urllib
+
+Upstream-Status: Submitted https://github.com/python/cpython/pull/11842
+
+CVE: CVE-2019-9948
+
+Signed-off-by: Martin Jansa 
+---
+ Lib/test/test_urllib.py | 12 
+ Lib/urllib.py   |  5 -
+ 2 files changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
+index 1ce9201c0693..e5f210e62a18 100644
+--- a/Lib/test/test_urllib.py
 b/Lib/test/test_urllib.py
+@@ -1023,6 +1023,18 @@ def open_spam(self, url):
+ "spam://c:|windows%/:=&?~#+!$,;'@()*[]|/path/"),
+   

[OE-core] [thud] 06/30] busybox: Security fixes for CVE-2018-20679 CVE-2019-5747

[Armin Kuster]

Source: busybox.git
MR: 97332
Type: Security Fix
Disposition: Backport from busybox.git
ChangeID: ec203c79e7322de1ed5721d08b6f59b1eca67c7d
Description:

Affects < 1.30.0

Fixes:
CVE-2018-20679
CVE-2019-5747

Signed-off-by: Armin Kuster 
---
 .../busybox/busybox/CVE-2018-20679.patch   | 142 +
 .../busybox/busybox/CVE-2019-5747.patch|  60 +
 meta/recipes-core/busybox/busybox_1.29.3.bb|   2 +
 3 files changed, 204 insertions(+)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2018-20679.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2019-5747.patch

diff --git a/meta/recipes-core/busybox/busybox/CVE-2018-20679.patch 
b/meta/recipes-core/busybox/busybox/CVE-2018-20679.patch
new file mode 100644
index 000..e469376
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2018-20679.patch
@@ -0,0 +1,142 @@
+From 6d3b4bb24da9a07c263f3c1acf8df85382ff562c Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko 
+Date: Mon, 17 Dec 2018 18:07:18 +0100
+Subject: [PATCH] udhcpc: check that 4-byte options are indeed 4-byte, closes
+ 11506
+
+function old new   delta
+udhcp_get_option32 -  27 +27
+udhcp_get_option 231 248 +17
+--
+(add/remove: 1/0 grow/shrink: 1/0 up/down: 44/0)   Total: 44 bytes
+
+Signed-off-by: Denys Vlasenko 
+
+Upstream-Status: Backport
+CVE: CVE-2018-20679
+
+Affects < 1.30.0
+
+signed-off-by: Armin Kuster 
+
+---
+ networking/udhcp/common.c | 19 +++
+ networking/udhcp/common.h |  4 
+ networking/udhcp/dhcpc.c  |  6 +++---
+ networking/udhcp/dhcpd.c  |  6 +++---
+ 4 files changed, 29 insertions(+), 6 deletions(-)
+
+Index: busybox-1.29.3/networking/udhcp/common.c
+===
+--- busybox-1.29.3.orig/networking/udhcp/common.c
 busybox-1.29.3/networking/udhcp/common.c
+@@ -270,6 +270,15 @@ uint8_t* FAST_FUNC udhcp_get_option(stru
+   goto complain; /* complain and return NULL */
+ 
+   if (optionptr[OPT_CODE] == code) {
++  if (optionptr[OPT_LEN] == 0) {
++  /* So far no valid option with length 0 known.
++   * Having this check means that searching
++   * for DHCP_MESSAGE_TYPE need not worry
++   * that returned pointer might be unsafe
++   * to dereference.
++   */
++  goto complain; /* complain and return NULL */
++  }
+   log_option("option found", optionptr);
+   return optionptr + OPT_DATA;
+   }
+@@ -287,6 +296,16 @@ uint8_t* FAST_FUNC udhcp_get_option(stru
+   return NULL;
+ }
+ 
++uint8_t* FAST_FUNC udhcp_get_option32(struct dhcp_packet *packet, int code)
++{
++  uint8_t *r = udhcp_get_option(packet, code);
++  if (r) {
++  if (r[-1] != 4)
++  r = NULL;
++  }
++  return r;
++}
++
+ /* Return the position of the 'end' option (no bounds checking) */
+ int FAST_FUNC udhcp_end_option(uint8_t *optionptr)
+ {
+Index: busybox-1.29.3/networking/udhcp/common.h
+===
+--- busybox-1.29.3.orig/networking/udhcp/common.h
 busybox-1.29.3/networking/udhcp/common.h
+@@ -204,6 +204,10 @@ extern const uint8_t dhcp_option_lengths
+ unsigned FAST_FUNC udhcp_option_idx(const char *name, const char 
*option_strings);
+ 
+ uint8_t *udhcp_get_option(struct dhcp_packet *packet, int code) FAST_FUNC;
++/* Same as above + ensures that option length is 4 bytes
++ * (returns NULL if size is different)
++ */
++uint8_t *udhcp_get_option32(struct dhcp_packet *packet, int code) FAST_FUNC;
+ int udhcp_end_option(uint8_t *optionptr) FAST_FUNC;
+ void udhcp_add_binary_option(struct dhcp_packet *packet, uint8_t *addopt) 
FAST_FUNC;
+ #if ENABLE_UDHCPC || ENABLE_UDHCPD
+Index: busybox-1.29.3/networking/udhcp/dhcpc.c
+===
+--- busybox-1.29.3.orig/networking/udhcp/dhcpc.c
 busybox-1.29.3/networking/udhcp/dhcpc.c
+@@ -1694,7 +1694,7 @@ int udhcpc_main(int argc UNUSED_PARAM, c
+  * They say ISC DHCP client supports this case.
+  */
+   server_addr = 0;
+-  temp = udhcp_get_option(, 
DHCP_SERVER_ID);
++  temp = udhcp_get_option32(, 
DHCP_SERVER_ID);
+   if (!temp) {
+   bb_error_msg("no server ID, using 
0.0.0.0");
+   } else {
+@@ -1721,7 +1721,7 @@ int udhcpc_main(int argc UNUSED_PARAM, c

[OE-core] [thud] 04/30] python: Update to 2.7.16

[Armin Kuster]

From: Armin Kuster 

Source: Python.org
MR: 98220
Type: Security Fix & Integration
Disposition: Backport from python.org
ChangeID: 96fdd2dee9fe9317eb72584583ae0100c0be9eaa
Description:

Bug fix update per Python.org
https://www.python.org/downloads/release/python-2716/

drop backported patch

License-update: copyright years

Helps prepare Thud for 2.7 EOL support moving forward.

Update includes:
CVE-CVE-2019-5010
https://github.com/python/cpython/commit/06b15424b0dcacb1c551b2a36e739fffa8d0c595

Signed-off-by: Armin Kuster 
Signed-off-by: Armin Kuster 
---
 ...on-native_2.7.15.bb => python-native_2.7.16.bb} |   2 -
 meta/recipes-devtools/python/python.inc|  18 ++--
 ...23-Use-XML_SetHashSalt-in-_elementtree-GH.patch |  96 -
 ...ix-test_ssl-when-a-filename-cannot-be-enc.patch |  55 --
 ...LS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch | 120 -
 ...34540-Convert-shutil._call_external_zip-t.patch |  67 
 ...dd-missing-closing-wrapper-in-test_tls1_3.patch |  37 ---
 ...ix-test_ssl.test_options-to-account-for-O.patch |  37 ---
 ...ix-test_default_ecdh_curve-needs-no-tlsv1.patch |  34 --
 .../python/{python_2.7.15.bb => python_2.7.16.bb}  |   2 -
 10 files changed, 6 insertions(+), 462 deletions(-)
 rename meta/recipes-devtools/python/{python-native_2.7.15.bb => 
python-native_2.7.16.bb} (96%)
 delete mode 100644 
meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch
 delete mode 100644 
meta/recipes-devtools/python/python/0001-bpo-33354-Fix-test_ssl-when-a-filename-cannot-be-enc.patch
 delete mode 100644 
meta/recipes-devtools/python/python/0001-bpo-33570-TLS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch
 delete mode 100644 
meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch
 delete mode 100644 
meta/recipes-devtools/python/python/0002-bpo-34818-Add-missing-closing-wrapper-in-test_tls1_3.patch
 delete mode 100644 
meta/recipes-devtools/python/python/0003-bpo-34834-Fix-test_ssl.test_options-to-account-for-O.patch
 delete mode 100644 
meta/recipes-devtools/python/python/0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch
 rename meta/recipes-devtools/python/{python_2.7.15.bb => python_2.7.16.bb} 
(98%)

diff --git a/meta/recipes-devtools/python/python-native_2.7.15.bb 
b/meta/recipes-devtools/python/python-native_2.7.16.bb
similarity index 96%
rename from meta/recipes-devtools/python/python-native_2.7.15.bb
rename to meta/recipes-devtools/python/python-native_2.7.16.bb
index 26d67df..b744280 100644
--- a/meta/recipes-devtools/python/python-native_2.7.15.bb
+++ b/meta/recipes-devtools/python/python-native_2.7.16.bb
@@ -1,7 +1,6 @@
 require python.inc
 EXTRANATIVEPATH += "bzip2-native"
 DEPENDS = "openssl-native bzip2-replacement-native zlib-native readline-native 
sqlite3-native expat-native gdbm-native db-native"
-PR = "${INC_PR}.1"
 
 SRC_URI += "\
 file://05-enable-ctypes-cross-build.patch \
@@ -17,7 +16,6 @@ SRC_URI += "\
 file://parallel-makeinst-create-bindir.patch \
 file://revert_use_of_sysconfigdata.patch \
 
file://0001-python-native-fix-one-do_populate_sysroot-warning.patch \
-
file://0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch \
"
 
 S = "${WORKDIR}/Python-${PV}"
diff --git a/meta/recipes-devtools/python/python.inc 
b/meta/recipes-devtools/python/python.inc
index 6692367..e5f1981 100644
--- a/meta/recipes-devtools/python/python.inc
+++ b/meta/recipes-devtools/python/python.inc
@@ -5,18 +5,12 @@ SECTION = "devel/python"
 # bump this on every change in contrib/python/generate-manifest-2.7.py
 INC_PR = "r1"
 
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f257cc14f81685691652a3d3e1b5d754"
-
-SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
-   
file://0001-bpo-33570-TLS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch \
-   
file://0002-bpo-34818-Add-missing-closing-wrapper-in-test_tls1_3.patch \
-   
file://0003-bpo-34834-Fix-test_ssl.test_options-to-account-for-O.patch \
-   
file://0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch \
-   
file://0001-bpo-33354-Fix-test_ssl-when-a-filename-cannot-be-enc.patch \
-   "
-
-SRC_URI[md5sum] = "a80ae3cc478460b922242f43a1b4094d"
-SRC_URI[sha256sum] = 
"22d9b1ac5b26135ad2b8c2901a9413537e08749a753356ee913c84dbd2df5574"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498"
+
+SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz;
+
+SRC_URI[md5sum] = "30157d85a2c0479c09ea2cbe61f2aaf5"
+SRC_URI[sha256sum] = 
"f222ef602647eecb6853681156d32de4450a2c39f4de93bd5b20235f2e660ed7"
 
 # python recipe is actually python 2.x
 # also, exclude pre-releases for both python 2.x and 3.x
diff --git 
a/meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch

[OE-core] [thud] 02/30] elfutils: Security fixes CVE-2019-7146, 7149, 7150

[Armin Kuster]

From: Armin Kuster 

Source: http://sourceware.org/git/elfutils.git
MR: 97563, 97568, 97558
Type: Security Fix
Disposition: Backport from http://sourceware.org/git/elfutils.git
ChangeID: 6183c2a25d5e32eec1846a428dd165e1de659f24
Description:

Affects <= 0.175

Fixes:
CVE-2019-7146
CVE-2019-7149
CVE-2019-7150

Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/elfutils/elfutils_0.175.bb   |   4 +
 .../elfutils/files/CVE-2019-7146_p1.patch  |  52 
 .../elfutils/files/CVE-2019-7146_p2.patch  |  65 +
 .../elfutils/files/CVE-2019-7149.patch | 148 +
 .../elfutils/files/CVE-2019-7150.patch |  51 +++
 5 files changed, 320 insertions(+)
 create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch
 create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2019-7146_p2.patch
 create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2019-7149.patch
 create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch

diff --git a/meta/recipes-devtools/elfutils/elfutils_0.175.bb 
b/meta/recipes-devtools/elfutils/elfutils_0.175.bb
index b0b9ddc..e94a48e 100644
--- a/meta/recipes-devtools/elfutils/elfutils_0.175.bb
+++ b/meta/recipes-devtools/elfutils/elfutils_0.175.bb
@@ -27,6 +27,10 @@ SRC_URI = 
"https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
file://debian/hurd_path.patch \
file://debian/ignore_strmerge.diff \
file://debian/disable_werror.patch \
+   file://CVE-2019-7149.patch \
+   file://CVE-2019-7150.patch \
+   file://CVE-2019-7146_p1.patch \
+   file://CVE-2019-7146_p2.patch \
"
 SRC_URI_append_libc-musl = " 
file://0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch"
 
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch 
b/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch
new file mode 100644
index 000..b6cd29a
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch
@@ -0,0 +1,52 @@
+From 012018907ca05eb0ab51d424a596ef38fc87cae1 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard 
+Date: Wed, 16 Jan 2019 11:57:35 +0100
+Subject: [PATCH] libebl: Check GNU property note pr_datasz fits inside note
+ description.
+
+Before printing the data values, make sure pr_datasz doesn't go beyond
+the end of the note description data.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=24075
+
+Signed-off-by: Mark Wielaard 
+
+Upstream-Status: Backport
+CVE: CVE-2019-7146 patch #1
+Signed-off-by: Armin Kuster 
+
+---
+ libebl/ChangeLog| 4 
+ libebl/eblobjnote.c | 7 +++
+ 2 files changed, 11 insertions(+)
+
+Index: elfutils-0.175/libebl/eblobjnote.c
+===
+--- elfutils-0.175.orig/libebl/eblobjnote.c
 elfutils-0.175/libebl/eblobjnote.c
+@@ -350,6 +350,13 @@ ebl_object_note (Ebl *ebl, uint32_t name
+ desc += 8;
+ descsz -= 8;
+ 
++if (prop.pr_datasz > descsz)
++  {
++printf ("BAD property datasz: %" PRId32 "\n",
++prop.pr_datasz);
++return;
++  }
++
+ int elfclass = gelf_getclass (ebl->elf);
+ char *elfident = elf_getident (ebl->elf, NULL);
+ GElf_Ehdr ehdr;
+Index: elfutils-0.175/libebl/ChangeLog
+===
+--- elfutils-0.175.orig/libebl/ChangeLog
 elfutils-0.175/libebl/ChangeLog
+@@ -1,3 +1,7 @@
++2019-01-16  Mark Wielaard  
++
++   * eblobjnte.c (ebl_object_note): Check pr_datasz isn't too large.
++
+ 2018-11-15  Mark Wielaard  
+ 
+   * eblobjnotetypename.c (ebl_object_note_type_name): Don't update
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p2.patch 
b/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p2.patch
new file mode 100644
index 000..4434b36
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7146_p2.patch
@@ -0,0 +1,65 @@
+From cd7ded3df43f655af945c869976401a602e46fcd Mon Sep 17 00:00:00 2001
+From: Mark Wielaard 
+Date: Wed, 30 Jan 2019 00:04:11 +0100
+Subject: [PATCH] libebl: Check GNU property note data padding fits inside
+ note.
+
+The GNU property note data is padded. Make sure the extra padding
+still fits in the note description.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=24075
+
+Signed-off-by: Mark Wielaard 
+
+Upstream-Status: Backport
+CVE: CVE-2019-7146 patch #2
+Signed-off-by: Armin Kuster 
+
+---
+ libebl/ChangeLog|  5 +
+ libebl/eblobjnote.c | 17 +
+ 2 files changed, 14 insertions(+), 8 deletions(-)
+
+Index: elfutils-0.175/libebl/ChangeLog
+===
+--- elfutils-0.175.orig/libebl/ChangeLog
 elfutils-0.175/libebl/ChangeLog
+@@ -1,3 +1,8 @@
++2019-01-29  Mark 

[OE-core] [thud] 01/30] glibc: Security fix CVE-2019-9169

[Armin Kuster]

From: Armin Kuster 

Signed-off-by: Armin Kuster 
---
 meta/recipes-core/glibc/glibc/CVE-2019-9169.patch | 63 +++
 meta/recipes-core/glibc/glibc_2.28.bb |  1 +
 2 files changed, 64 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2019-9169.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch 
b/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch
new file mode 100644
index 000..14cfaa3
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch
@@ -0,0 +1,63 @@
+From 583dd860d5b833037175247230a328f0050dbfe9 Mon Sep 17 00:00:00 2001
+From: Paul Eggert 
+Date: Mon, 21 Jan 2019 11:08:13 -0800
+Subject: [PATCH] regex: fix read overrun [BZ #24114]
+
+Problem found by AddressSanitizer, reported by Hongxu Chen in:
+https://debbugs.gnu.org/34140
+* posix/regexec.c (proceed_next_node):
+Do not read past end of input buffer.
+
+Upstream-Status: Backport 
+https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9
+
+CVE: CVE-2019-9169
+Signed-off-by: Armin Kuster 
+
+---
+ ChangeLog   | 10 +-
+ posix/regexec.c |  6 --
+ 2 files changed, 13 insertions(+), 3 deletions(-)
+
+Index: git/ChangeLog
+===
+--- git.orig/ChangeLog
 git/ChangeLog
+@@ -1,3 +1,11 @@
++2019-01-31  Paul Eggert  
++
++   regex: fix read overrun [BZ #24114]
++   Problem found by AddressSanitizer, reported by Hongxu Chen in:
++   https://debbugs.gnu.org/34140
++   * posix/regexec.c (proceed_next_node):
++   Do not read past end of input buffer.
++
+ 2018-09-30  Martin Jansa  
+   Partial fix for [BZ #23716]
+   * locale/weight.h: Fix build with -Os.
+@@ -10917,7 +10925,7 @@
+   (CFLAGS-wcstof_l.c): Likewise.
+   (CPPFLAGS-tst-wchar-h.c): Likewise.
+   (CPPFLAGS-wcstold_l.c): Likewise.
+
++
+ 2017-12-11  Paul A. Clarke  
+ 
+   * sysdeps/ieee754/flt-32/s_cosf.c: New implementation.
+Index: git/posix/regexec.c
+===
+--- git.orig/posix/regexec.c
 git/posix/regexec.c
+@@ -1289,8 +1289,10 @@ proceed_next_node (const re_match_contex
+ else if (naccepted)
+   {
+ char *buf = (char *) re_string_get_buffer (>input);
+-if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
+-naccepted) != 0)
++if (mctx->input.valid_len - *pidx < naccepted
++|| (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
++naccepted)
++!= 0))
+   return -1;
+   }
+   }
diff --git a/meta/recipes-core/glibc/glibc_2.28.bb 
b/meta/recipes-core/glibc/glibc_2.28.bb
index 72cee04..1bcec3e 100644
--- a/meta/recipes-core/glibc/glibc_2.28.bb
+++ b/meta/recipes-core/glibc/glibc_2.28.bb
@@ -47,6 +47,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \

file://0032-sysdeps-ieee754-soft-fp-ignore-maybe-uninitialized-w.patch \

file://0033-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
file://0034-inject-file-assembly-directives.patch \
+   file://CVE-2019-9169.patch \
 "
 
 NATIVESDKFIXES ?= ""
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud] 03/30] qemu: Several CVE fixes

[Armin Kuster]

From: Armin Kuster 

Source: qemu.org
MR: 97258, 97342, 97438, 97443
Type: Security Fix
Disposition: Backport from git.qemu.org/qemu.git
ChangeID: a5e9fd03ca5bebc880dcc3c4567e10a9ae47dba5
Description:

These issues affect qemu < 3.1.0

Fixes:
CVE-2018-16867
CVE-2018-16872
CVE-2018-18849
CVE-2018-19364

Signed-off-by: Armin Kuster 
Signed-off-by: Armin Kuster 
---
 .../qemu/qemu/CVE-2018-16867.patch |  49 +
 .../qemu/qemu/CVE-2018-16872.patch |  89 
 .../qemu/qemu/CVE-2018-18849.patch |  86 +++
 .../qemu/qemu/CVE-2018-19364_p1.patch  |  51 +
 .../qemu/qemu/CVE-2018-19364_p2.patch  | 115 +
 meta/recipes-devtools/qemu/qemu_3.0.0.bb   |   5 +
 6 files changed, 395 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-16867.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-16872.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-18849.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-19364_p1.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-19364_p2.patch

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-16867.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2018-16867.patch
new file mode 100644
index 000..644459e
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-16867.patch
@@ -0,0 +1,49 @@
+From 61f87388af0af72ad61dee00ddd267b8047049f2 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann 
+Date: Mon, 3 Dec 2018 11:10:45 +0100
+Subject: [PATCH] usb-mtp: outlaw slashes in filenames
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Slash is unix directory separator, so they are not allowed in filenames.
+Note this also stops the classic escape via "../".
+
+Fixes: CVE-2018-16867
+Reported-by: Michael Hanselmann 
+Signed-off-by: Gerd Hoffmann 
+Reviewed-by: Philippe Mathieu-Daudé 
+Message-id: 20181203101045.27976-3-kra...@redhat.com
+(cherry picked from commit c52d46e041b42bb1ee6f692e00a0abe37a9659f6)
+Signed-off-by: Michael Roth 
+
+Upstream-Status: Backport
+CVE: CVE-2018-16867
+Affects: < 3.1.0
+
+Signed-off-by: Armin Kuster 
+
+---
+ hw/usb/dev-mtp.c | 6 ++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
+index 1ded7ac..899c8a3 100644
+--- a/hw/usb/dev-mtp.c
 b/hw/usb/dev-mtp.c
+@@ -1667,6 +1667,12 @@ static void usb_mtp_write_metadata(MTPState *s)
+ 
+ utf16_to_str(dataset->length, dataset->filename, filename);
+ 
++if (strchr(filename, '/')) {
++usb_mtp_queue_result(s, RES_PARAMETER_NOT_SUPPORTED, d->trans,
++ 0, 0, 0, 0);
++return;
++}
++
+ o = usb_mtp_object_lookup_name(p, filename, dataset->length);
+ if (o != NULL) {
+ next_handle = o->handle;
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-16872.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2018-16872.patch
new file mode 100644
index 000..9f2c5d3
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-16872.patch
@@ -0,0 +1,89 @@
+From 7347a04da35ec6284ce83e8bcd72dc4177d17b10 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann 
+Date: Thu, 13 Dec 2018 13:25:11 +0100
+Subject: [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC.
+
+Open files and directories with O_NOFOLLOW to avoid symlinks attacks.
+While being at it also add O_CLOEXEC.
+
+usb-mtp only handles regular files and directories and ignores
+everything else, so users should not see a difference.
+
+Because qemu ignores symlinks, carrying out a successful symlink attack
+requires swapping an existing file or directory below rootdir for a
+symlink and winning the race against the inotify notification to qemu.
+
+Fixes: CVE-2018-16872
+Cc: Prasad J Pandit 
+Cc: Bandan Das 
+Reported-by: Michael Hanselmann 
+Signed-off-by: Gerd Hoffmann 
+Reviewed-by: Michael Hanselmann 
+Message-id: 20181213122511.13853-1-kra...@redhat.com
+(cherry picked from commit bab9df35ce73d1c8e19a37e2737717ea1c984dc1)
+Signed-off-by: Michael Roth 
+
+Upstream-Status: Backport
+CVE: CVE-2018-16872
+Affects: < 3.1.0
+
+Signed-off-by: Armin Kuster 
+
+---
+ hw/usb/dev-mtp.c | 13 +
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
+index 899c8a3..f4223fb 100644
+--- a/hw/usb/dev-mtp.c
 b/hw/usb/dev-mtp.c
+@@ -649,13 +649,18 @@ static void usb_mtp_object_readdir(MTPState *s, 
MTPObject *o)
+ {
+ struct dirent *entry;
+ DIR *dir;
++int fd;
+ 
+ if (o->have_children) {
+ return;
+ }
+ o->have_children = true;
+ 
+-dir = opendir(o->path);
++fd = open(o->path, O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
++if (fd < 0) {
++return;
++}
++dir = fdopendir(fd);
+ if (!dir) {
+ return;
+ }
+@@ -1003,7 +1008,7 @@ static MTPData *usb_mtp_get_object(MTPState *s, 
MTPControl *c,
+ 
+ 

[OE-core] [thud] 00/30] Platch review for thud-next

[Armin Kuster]

Comments regarding this patch series due by Wednesday.

The following changes since commit f162d5bfe6eaeca24f441c83c87252c8d05744fc:

  core-image-sato-sdk-ptest: Tweak size to stay within 4GB limit (2019-05-17 
22:05:59 -0700)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/thud-nmut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/thud-nmut

Armin Kuster (16):
  glibc: Security fix CVE-2019-9169
  elfutils: Security fixes  CVE-2019-7146,7149,7150
  qemu: Several CVE fixes
  python: Update to 2.7.16
  busybox: Security fixes for CVE-2018-20679 CVE-2019-5747
  sqlite3: Security fixes for CVE-2018-20505 & 20506
  file: Multiple Secruity fixes
  go: update to minor update 1.11.10
  qemu: Security fix for CVE-2018-19489
  Tar: Security fix CVE-2019-0023
  glib-2.0: Security fix for CVE-2019-12450
  wget: Security fix for CVE-2019-5953
  Curl: Securiyt fix CVE-2019-5435 CVE-2019-5436
  qemu: Security fix for CVE-2019-12155
  qemu: Security fixes CVE-2018-20815 CVE-2019-9824
  glib: Security fix for CVE-2019-9633

Chen Qi (2):
  cups: upgrade to 2.2.9
  cups: upgrade to 2.2.10

Hongxu Jia (1):
  go-target.inc: fix go not found while multilib enabled

Joshua DeWeese (1):
  wpa_supplicant: Changed systemd template units

Khem Raj (1):
  go: Upgrade 1.11.1 -> 1.11.4 minor release

Martin Jansa (1):
  python: add a fix for CVE-2019-9948 and CVE-2019-9636

Richard Purdie (4):
  go-crosssdk: PN should use SDK_SYS, not TARGET_ARCH
  yocto-uninative: Update to 2.5 release
  uninative: Switch from bz2 to xz
  uninative: Update to 2.6 release

Robert Yang (1):
  uboot-sign.bbclass: Remove tab indentations in python code

Ross Burton (3):
  cairo: fix CVE-2018-19876 CVE-2019-6461 CVE-2019-6462
  lighttpd: fix CVE-2019-11072
  glibc: backport CVE fixes

 meta/classes/uboot-sign.bbclass|  20 +-
 meta/classes/uninative.bbclass |   4 +-
 meta/conf/distro/include/yocto-uninative.inc   |   8 +-
 ...place-systemd-install-Alias-with-WantedBy.patch |  52 
 .../wpa-supplicant/wpa-supplicant_2.6.bb   |   1 +
 .../busybox/busybox/CVE-2018-20679.patch   | 142 +
 .../busybox/busybox/CVE-2019-5747.patch|  60 
 meta/recipes-core/busybox/busybox_1.29.3.bb|   2 +
 .../glib-2.0/glib-2.0/CVE-2019-12450.patch |  59 
 .../glib-2.0/glib-2.0/CVE-2019-9633_p1.patch   | 316 +
 .../glib-2.0/glib-2.0/CVE-2019-9633_p2.patch   | 231 +++
 meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb  |   3 +
 meta/recipes-core/glibc/glibc/CVE-2016-10739.patch | 232 +++
 meta/recipes-core/glibc/glibc/CVE-2018-19591.patch |  48 
 meta/recipes-core/glibc/glibc/CVE-2019-9169.patch  |  63 
 meta/recipes-core/glibc/glibc_2.28.bb  |   3 +
 meta/recipes-devtools/elfutils/elfutils_0.175.bb   |   4 +
 .../elfutils/files/CVE-2019-7146_p1.patch  |  52 
 .../elfutils/files/CVE-2019-7146_p2.patch  |  65 +
 .../elfutils/files/CVE-2019-7149.patch | 148 ++
 .../elfutils/files/CVE-2019-7150.patch |  51 
 .../recipes-devtools/file/file/CVE-2019-8904.patch |  30 ++
 .../file/file/CVE-2019-8905_CVE-2019-8907.patch| 120 
 .../recipes-devtools/file/file/CVE-2019-8906.patch |  27 ++
 meta/recipes-devtools/file/file_5.34.bb|   3 +
 meta/recipes-devtools/go/go-1.11.inc   |   7 +-
 ...07-cmd-go-make-GOROOT-precious-by-default.patch |   6 +-
 .../0008-use-GOBUILDMODE-to-set-buildmode.patch|  13 +-
 meta/recipes-devtools/go/go-crosssdk.inc   |   2 +-
 meta/recipes-devtools/go/go-target.inc |   2 +-
 ...on-native_2.7.15.bb => python-native_2.7.16.bb} |   2 -
 meta/recipes-devtools/python/python.inc|  18 +-
 ...23-Use-XML_SetHashSalt-in-_elementtree-GH.patch |  96 ---
 ...ix-test_ssl-when-a-filename-cannot-be-enc.patch |  55 
 ...LS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch | 120 
 ...34540-Convert-shutil._call_external_zip-t.patch |  67 -
 ...dd-missing-closing-wrapper-in-test_tls1_3.patch |  37 ---
 ...ix-test_ssl.test_options-to-account-for-O.patch |  37 ---
 ...ix-test_default_ecdh_curve-needs-no-tlsv1.patch |  34 ---
 .../python/bpo-35907-cve-2019-9948-fix.patch   |  55 
 .../python/python/bpo-35907-cve-2019-9948.patch|  55 
 .../python/bpo-36216-cve-2019-9636-fix.patch   |  28 ++
 .../python/python/bpo-36216-cve-2019-9636.patch| 111 
 .../python/{python_2.7.15.bb => python_2.7.16.bb}  |   6 +-
 .../qemu/qemu/CVE-2018-16867.patch |  49 
 .../qemu/qemu/CVE-2018-16872.patch |  89 ++
 .../qemu/qemu/CVE-2018-18849.patch |  86 ++
 .../qemu/qemu/CVE-2018-19364_p1.patch  |  51 
 .../qemu/qemu/CVE-2018-19364_p2.patch  | 115 
 .../qemu/qemu/CVE-2018-19489.patch