date:20191006

[OE-core] [PATCH] libxfont2:upgrade 2.0.3 -> 2.0.4

2019-10-06 Thread Zang Ruochen

Signed-off-by: Zang Ruochen 
---
 .../xorg-lib/{libxfont2_2.0.3.bb => libxfont2_2.0.4.bb}   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-graphics/xorg-lib/{libxfont2_2.0.3.bb => 
libxfont2_2.0.4.bb} (81%)

diff --git a/meta/recipes-graphics/xorg-lib/libxfont2_2.0.3.bb 
b/meta/recipes-graphics/xorg-lib/libxfont2_2.0.4.bb
similarity index 81%
rename from meta/recipes-graphics/xorg-lib/libxfont2_2.0.3.bb
rename to meta/recipes-graphics/xorg-lib/libxfont2_2.0.4.bb
index 6994d79..1c9cc0a 100644
--- a/meta/recipes-graphics/xorg-lib/libxfont2_2.0.3.bb
+++ b/meta/recipes-graphics/xorg-lib/libxfont2_2.0.4.bb
@@ -15,8 +15,8 @@ XORG_PN = "libXfont2"
 
 BBCLASSEXTEND = "native"
 
-SRC_URI[md5sum] = "b7ca87dfafeb5205b28a1e91ac3efe85"
-SRC_URI[sha256sum] = 
"0e8ab7fd737ccdfe87e1f02b55f221f0bd4503a1c5f28be4ed6a54586bac9c4e"
+SRC_URI[md5sum] = "00516bed7ec1453d56974560379fff2f"
+SRC_URI[sha256sum] = 
"6d151b3368e5035efede4b6264c0fdc6662c1c99dbc2de425e3480cababc69e6"
 
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
-- 
2.7.4



-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH v4] rpm: make rpm work in toolchain.

2019-10-06 Thread Zheng, Ruoqin

Hi Richard
> 
> This is heading in the right direction but this patch still makes the 
> nativesdk-rpm
> recipe machine specific and we can't do that.
>

In this patch, config file is same as v3 patch, and v3 patch has been accepted, 
but why this  time is " makes the nativesdk-rpm recipe machine specific ".

The config file is processed by script in post-relocate-setup.d/ the same as 
that in  nativesdk-meson.

--
Zheng Ruoqin
Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST)
ADDR.: No.6 Wenzhu Road, Software Avenue,
   Nanjing, 210012, China
MAIL : zhengrq.f...@cn.fujistu.com


> -Original Message-
> From: Richard Purdie [mailto:richard.pur...@linuxfoundation.org]
> Sent: Wednesday, October 02, 2019 4:49 PM
> To: Zheng, Ruoqin/郑 若钦 ; openembedded-
> c...@lists.openembedded.org
> Subject: Re: [OE-core] [PATCH v4] rpm: make rpm work in toolchain.
> 
> On Wed, 2019-09-25 at 07:45 +0800, Zheng Ruoqin wrote:
> > We need to configure rpm to use package architecture from yocto build
> > system.
> >
> > Install rpmrc and rpm/platform to ${SDKTARGETSYSROOT} because config
> > file in host-sysroot as /opt/poky/2.7+snapshot/sysroots/x86_64-
> > pokysdk-linux will be covered by another ARCH which result in previous
> > config settings inefficacy.
> >
> > To resolve it, put config file in target-sysroot like
> > /opt/poky/2.7+snapshot/sysroots/core2-64-poky-linux. As each ARCH has
> > its own target-sysroot, config file will not be covered.
> >
> > Signed-off-by: Zheng Ruoqin 
> > ---
> >  meta/recipes-devtools/rpm/files/rpm-setup.py | 27
> > 
> >  meta/recipes-devtools/rpm/rpm_4.14.2.1.bb| 19 ++
> >  2 files changed, 46 insertions(+)
> >  create mode 100644 meta/recipes-devtools/rpm/files/rpm-setup.py
> >
> > diff --git a/meta/recipes-devtools/rpm/files/rpm-setup.py
> > b/meta/recipes-devtools/rpm/files/rpm-setup.py
> > new file mode 100644
> > index 00..b3e8a1198c
> > --- /dev/null
> > +++ b/meta/recipes-devtools/rpm/files/rpm-setup.py
> > @@ -0,0 +1,27 @@
> > +#!/usr/bin/env python3
> > +
> > +import os
> > +import sys
> > +import shutil
> > +
> > +try:
> > +native_sysroot = os.environ['OECORE_NATIVE_SYSROOT']
> > +sdktarget_sysroot = os.environ['SDKTARGETSYSROOT'] except
> > +KeyError:
> > +print("Not in environment setup, bailing")
> > +sys.exit(1)
> > +
> > +target_etc_dir = os.path.join(sdktarget_sysroot, 'etc/rpm')
> > +
> > +if not os.path.exists(target_etc_dir):
> > +os.makedirs(target_etc_dir)
> > +
> > +template_file = os.path.join(native_sysroot, 'usr/share/rpm/rpmrc')
> > +cross_file = os.path.join(sdktarget_sysroot, 'etc/rpmrc')
> > +shutil.copy(template_file, cross_file)
> > +
> > +template_file = os.path.join(native_sysroot,
> > 'usr/share/rpm/platform')
> > +cross_file = os.path.join(sdktarget_sysroot, 'etc/rpm/platform')
> > +shutil.copy(template_file, cross_file)
> > +
> > +
> > diff --git a/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
> > b/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
> > index c37330eb4c..e1d1951d74 100644
> > --- a/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
> > +++ b/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
> > @@ -44,6 +44,9 @@ SRC_URI = "git://github.com/rpm-software-
> > management/rpm;branch=rpm-4.14.x \
> > file://0001-mono-find-provides-requires-do-not-use-
> > monodis-from-.patch \
> > "
> >
> > +SRC_URI_append_class-nativesdk = "file://rpm-setup.py \
> > + "
> > +
> >  PE = "1"
> >  SRCREV = "4a9440006398646583f0d9ae1837dad2875013aa"
> >
> > @@ -113,6 +116,20 @@ do_install_append_class-nativesdk() {
> >  done
> >
> >  rm -rf ${D}/var
> > +install -d ${D}${datadir}/rpm
> > +
> > +cat >${D}/${datadir}/rpm/rpmrc < > +arch_compat: ${MACHINE_ARCH}: all any noarch ${PACKAGE_EXTRA_ARCHS}
> > +EOF
> > +
> > +# Arch Info should be fixed as '-' is instead of '_'.
> > +sed -i 's/-/_/' ${D}${datadir}/rpm/rpmrc
> > +cat >${D}/${datadir}/rpm/platform < > +${MACHINE_ARCH}-pc-linux EOF
> 
> This is heading in the right direction but this patch still makes the 
> nativesdk-rpm
> recipe machine specific and we can't do that.
> 
> Cheers,
> 
> Richard
> 
> 
> 
> 



-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH] gnu-efi: Do not use gcc-only options when building with clang

2019-10-06 Thread Khem Raj

Signed-off-by: Khem Raj 
---
 .../gnu-efi-3.0.9-fix-clang-build.patch   | 24 +++
 meta/recipes-bsp/gnu-efi/gnu-efi_3.0.9.bb |  1 +
 2 files changed, 25 insertions(+)
 create mode 100644 
meta/recipes-bsp/gnu-efi/gnu-efi/gnu-efi-3.0.9-fix-clang-build.patch

diff --git 
a/meta/recipes-bsp/gnu-efi/gnu-efi/gnu-efi-3.0.9-fix-clang-build.patch 
b/meta/recipes-bsp/gnu-efi/gnu-efi/gnu-efi-3.0.9-fix-clang-build.patch
new file mode 100644
index 00..c6d660095e
--- /dev/null
+++ b/meta/recipes-bsp/gnu-efi/gnu-efi/gnu-efi-3.0.9-fix-clang-build.patch
@@ -0,0 +1,24 @@
+Fix building with CLANG-9.0.0 
+
+Fixes
+clang-9: error: unknown argument: '-maccumulate-outgoing-args'
+
+Upstream-Status: Submitted [https://sourceforge.net/p/gnu-efi/patches/70/]
+Signed-off-by: Khem Raj 
+
+--- a/Make.defaults
 b/Make.defaults
+@@ -110,10 +110,10 @@
+ || ( [ $(GCCVERSION) -eq "4" ]  \
+  && [ $(GCCMINOR) -ge "7" ] ) ) \
+   && echo 1)
+-  ifeq ($(GCCNEWENOUGH),1)
+-CPPFLAGS += -DGNU_EFI_USE_MS_ABI -maccumulate-outgoing-args --std=c11
+-  else ifeq ($(USING_CLANG),clang)
++  ifeq ($(USING_CLANG),clang)
+ CPPFLAGS += -DGNU_EFI_USE_MS_ABI --std=c11
++  else ifeq ($(GCCNEWENOUGH),1)
++CPPFLAGS += -DGNU_EFI_USE_MS_ABI -maccumulate-outgoing-args --std=c11
+   endif
+ 
+   CFLAGS += -mno-red-zone
diff --git a/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.9.bb 
b/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.9.bb
index f844435472..6d4c303353 100644
--- a/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.9.bb
+++ b/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.9.bb
@@ -15,6 +15,7 @@ LIC_FILES_CHKSUM = 
"file://gnuefi/crt0-efi-arm.S;beginline=4;endline=16;md5=e582
 SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2 \
file://parallel-make-archives.patch \
file://lib-Makefile-fix-parallel-issue.patch \
+   file://gnu-efi-3.0.9-fix-clang-build.patch \
"
 
 SRC_URI[md5sum] = "32af17b917545a693e549af2439c4a99"
-- 
2.23.0

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [thud][PATCH v5] gcc: Security fix for CVE:

2019-10-06 Thread akuster808



On 9/19/19 8:07 PM, Muminul Islam wrote:
> Signed-off-by: Muminul Islam 
> ---
>  meta/recipes-devtools/gcc/gcc-8.2.inc |   3 +
>  .../gcc/gcc-8.2/CVE-2019-15847_p1.patch   | 223 ++
>  .../gcc/gcc-8.2/CVE-2019-15847_p2.patch   |  47 
>  .../gcc/gcc-8.2/CVE-2019-15847_p3.patch   |  38 +++
>  4 files changed, 311 insertions(+)
>  create mode 100644 meta/recipes-devtools/gcc/gcc-8.2/CVE-2019-15847_p1.patch
>  create mode 100644 meta/recipes-devtools/gcc/gcc-8.2/CVE-2019-15847_p2.patch
>  create mode 100644 meta/recipes-devtools/gcc/gcc-8.2/CVE-2019-15847_p3.patch

This patch finally got into a build as it needed to be in master and
warrior first.

i am seeing this error. Can you confirm I have the correct patch. I
believe its released to th p1 patch.

| g++   
-isystem/home/akuster/oss/maint/openembedded-core/build/tmp-glibc/work/x86_64-linux/gcc-cross-initial-powerpc/8.2.0-r0/recipe-sysroot-native/usr/include
-O2 -pipe -DIN_GCC  -DCROSS_DIRECTORY_STRUCTURE   -fno-exceptions
-fno-rtti -fasynchronous-unwind-tables -W -Wall -Wno-narrowing
-Wwrite-strings -Wcast-qual -Wmissing-format-attribute
-Woverloaded-virtual -pedantic -Wno-long-long -Wno-variadic-macros
-Wno-overlength-strings   -DHAVE_CONFIG_H -DGENERATOR_FILE -fno-PIE
-static-libstdc++ -static-libgcc
-L/home/akuster/oss/maint/openembedded-core/build/tmp-glibc/work/x86_64-linux/gcc-cross-initial-powerpc/8.2.0-r0/recipe-sysroot-native/usr/lib
-L/home/akuster/oss/maint/openembedded-core/build/tmp-glibc/work/x86_64-linux/gcc-cross-initial-powerpc/8.2.0-r0/recipe-sysroot-native/lib
-Wl,-rpath-link,/home/akuster/oss/maint/openembedded-core/build/tmp-glibc/work/x86_64-linux/gcc-cross-initial-powerpc/8.2.0-r0/recipe-sysroot-native/usr/lib
-Wl,-rpath-link,/home/akuster/oss/maint/openembedded-core/build/tmp-glibc/work/x86_64-linux/gcc-cross-initial-powerpc/8.2.0-r0/recipe-sysroot-native/lib
-Wl,-rpath,/home/akuster/oss/maint/openembedded-core/build/tmp-glibc/work/x86_64-linux/gcc-cross-initial-powerpc/8.2.0-r0/recipe-sysroot-native/usr/lib
-Wl,-rpath,/home/akuster/oss/maint/openembedded-core/build/tmp-glibc/work/x86_64-linux/gcc-cross-initial-powerpc/8.2.0-r0/recipe-sysroot-native/lib
-Wl,-O1 -no-pie -o build/genenums \
| build/genenums.o build/read-md.o build/errors.o
../build-x86_64-linux/libiberty/libiberty.a
| build/genmddeps
../../../../../../../work-shared/gcc-8.2.0-r0/gcc-8.2.0/gcc/common.md
../../../../../../../work-shared/gcc-8.2.0-r0/gcc-8.2.0/gcc/config/rs6000/rs6000.md
> tmp-mddeps
| /bin/bash
../../../../../../../work-shared/gcc-8.2.0-r0/gcc-8.2.0/gcc/../move-if-change
tmp-mddeps mddeps.mk
| echo timestamp > s-mddeps
| build/genconstants
../../../../../../../work-shared/gcc-8.2.0-r0/gcc-8.2.0/gcc/common.md
../../../../../../../work-shared/gcc-8.2.0-r0/gcc-8.2.0/gcc/config/rs6000/rs6000.md
\
|    > tmp-constants.h
| /bin/bash
../../../../../../../work-shared/gcc-8.2.0-r0/gcc-8.2.0/gcc/../move-if-change
tmp-constants.h insn-constants.h
| echo timestamp > s-constants
| build/genenums
../../../../../../../work-shared/gcc-8.2.0-r0/gcc-8.2.0/gcc/common.md
../../../../../../../work-shared/gcc-8.2.0-r0/gcc-8.2.0/gcc/config/rs6000/rs6000.md
\
|    > tmp-enums.c
| /bin/bash
../../../../../../../work-shared/gcc-8.2.0-r0/gcc-8.2.0/gcc/../move-if-change
tmp-enums.c insn-enums.c
| echo timestamp > s-enums
| g++  -c  
-isystem/home/akuster/oss/maint/openembedded-core/build/tmp-glibc/work/x86_64-linux/gcc-cross-initial-powerpc/8.2.0-r0/recipe-sysroot-native/usr/include
-O2 -pipe -DIN_GCC  -DCROSS_DIRECTORY_STRUCTURE   -fno-exceptions
-fno-rtti -fasynchronous-unwind-tables -W -Wall -Wno-narrowing
-Wwrite-strings -Wcast-qual -Wmissing-format-attribute
-Woverloaded-virtual -pedantic -Wno-long-long -Wno-variadic-macros
-Wno-overlength-strings   -DHAVE_CONFIG_H -DGENERATOR_FILE -fno-PIE -I.
-Ibuild -I../../../../../../../work-shared/gcc-8.2.0-r0/gcc-8.2.0/gcc
-I../../../../../../../work-shared/gcc-8.2.0-r0/gcc-8.2.0/gcc/build
-I../../../../../../../work-shared/gcc-8.2.0-r0/gcc-8.2.0/gcc/../include 
-I../../../../../../../work-shared/gcc-8.2.0-r0/gcc-8.2.0/gcc/../libcpp/include
-isystem/home/akuster/oss/maint/openembedded-core/build/tmp-glibc/work/x86_64-linux/gcc-cross-initial-powerpc/8.2.0-r0/recipe-sysroot-native/usr/include
\
|     -o build/gencheck.o
../../../../../../../work-shared/gcc-8.2.0-r0/gcc-8.2.0/gcc/gencheck.c
| /bin/bash
../../../../../../../work-shared/gcc-8.2.0-r0/gcc-8.2.0/gcc/../move-if-change
tmp-gtype.state gtype.state
| build/gengtype  \
| -r gtype.state
| In file included from ./tm.h:23:0,
|  from
../../../../../../../work-shared/gcc-8.2.0-r0/gcc-8.2.0/gcc/gencheck.c:23:
| ./insn-constants.h:377:3: error: expected identifier before numeric
constant
|    75 = 320,
|    ^
| ./insn-constants.h:377:3: error: expected ‘}’ before numeric constant
| ./insn-constants.h:377:3: error: expected unqualified-id before
numeric constant
| ./insn-constants.h:404:1: error: expected

[OE-core] [PATCH] expat:upgrade 2.2.8 -> 2.2.9

2019-10-06 Thread Zang Ruochen

Signed-off-by: Zang Ruochen 
---
 meta/recipes-core/expat/{expat_2.2.8.bb => expat_2.2.9.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-core/expat/{expat_2.2.8.bb => expat_2.2.9.bb} (81%)

diff --git a/meta/recipes-core/expat/expat_2.2.8.bb 
b/meta/recipes-core/expat/expat_2.2.9.bb
similarity index 81%
rename from meta/recipes-core/expat/expat_2.2.8.bb
rename to meta/recipes-core/expat/expat_2.2.9.bb
index 0ea2edc..8f3db41 100644
--- a/meta/recipes-core/expat/expat_2.2.8.bb
+++ b/meta/recipes-core/expat/expat_2.2.9.bb
@@ -10,8 +10,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/expat/expat-${PV}.tar.bz2 \
file://libtool-tag.patch \
  "
 
-SRC_URI[md5sum] = "00858041acfea5757af55e6ee6b86231"
-SRC_URI[sha256sum] = 
"9a130948b05a82da34e4171d5f5ae5d321d9630277af02c8fa51e431f6475102"
+SRC_URI[md5sum] = "875a2c2ff3e8eb9e5a5cd62db2033ab5"
+SRC_URI[sha256sum] = 
"f1063084dc4302a427dabcca499c8312b3a32a29b7d2506653ecc8f950a9a237"
 
 inherit autotools lib_package
 
-- 
2.7.4



-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH] librepo:upgrade 1.10.5 -> 1.10.6

2019-10-06 Thread Zang Ruochen

Signed-off-by: Zang Ruochen 
---
 meta/recipes-devtools/librepo/{librepo_1.10.5.bb => librepo_1.10.6.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/librepo/{librepo_1.10.5.bb => librepo_1.10.6.bb} 
(93%)

diff --git a/meta/recipes-devtools/librepo/librepo_1.10.5.bb 
b/meta/recipes-devtools/librepo/librepo_1.10.6.bb
similarity index 93%
rename from meta/recipes-devtools/librepo/librepo_1.10.5.bb
rename to meta/recipes-devtools/librepo/librepo_1.10.6.bb
index 87d64bf..cf4de22 100644
--- a/meta/recipes-devtools/librepo/librepo_1.10.5.bb
+++ b/meta/recipes-devtools/librepo/librepo_1.10.6.bb
@@ -8,7 +8,7 @@ SRC_URI = "git://github.com/rpm-software-management/librepo.git 
\

file://0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch \
"
 
-SRCREV = "385e2ced1083cac0bcb19e30500311f6923e6dfc"
+SRCREV = "2ec349f1c686c1704dc83da6c118035ff57c8dea"
 
 S = "${WORKDIR}/git"
 
-- 
2.7.4



-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH] msmtp:upgrade 1.8.5 -> 1.8.6

2019-10-06 Thread Zang Ruochen

Signed-off-by: Zang Ruochen 
---
 meta/recipes-extended/msmtp/{msmtp_1.8.5.bb => msmtp_1.8.6.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-extended/msmtp/{msmtp_1.8.5.bb => msmtp_1.8.6.bb} (86%)

diff --git a/meta/recipes-extended/msmtp/msmtp_1.8.5.bb 
b/meta/recipes-extended/msmtp/msmtp_1.8.6.bb
similarity index 86%
rename from meta/recipes-extended/msmtp/msmtp_1.8.5.bb
rename to meta/recipes-extended/msmtp/msmtp_1.8.6.bb
index 4f6b66f..809144b 100644
--- a/meta/recipes-extended/msmtp/msmtp_1.8.5.bb
+++ b/meta/recipes-extended/msmtp/msmtp_1.8.6.bb
@@ -11,8 +11,8 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 UPSTREAM_CHECK_URI = "https://marlam.de/msmtp/download/;
 
 SRC_URI = "https://marlam.de/${BPN}/releases/${BP}.tar.xz;
-SRC_URI[md5sum] = "5d7bb10606fbceeb2e0687379c75234b"
-SRC_URI[sha256sum] = 
"1613daced9c47b8c028224fc076799c2a4d72923e242be4e9e5c984c9f39"
+SRC_URI[md5sum] = "adff4a9992e1b47aa5468b974550304e"
+SRC_URI[sha256sum] = 
"6625f147430c65ba8527f52c4fe5d4d33552d3c0fb6d793ba7df819a3b3042e1"
 
 inherit gettext autotools update-alternatives pkgconfig
 
-- 
2.7.4



-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [thud][PATCH] sqlite3: CVE-2019-8457.patch fix Backport from 3.28.0 Sign off: Shubham Agrawal

2019-10-06 Thread akuster808



On 10/1/19 11:12 AM, shuag...@gmail.com wrote:
> From: Shubham Agrawal 

I cleaned up the patch to conform to the patch guide.

see
https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/thud-nmut=c0c66d213b4b6deb0a5e9a688810d2e9674d3ecf
 
as an example of what was meant.

- armin
>
> ---
>  .../sqlite/files/CVE-2019-8457.patch   | 124 
> +
>  meta/recipes-support/sqlite/sqlite3_3.23.1.bb  |   1 +
>  2 files changed, 125 insertions(+)
>  create mode 100644 meta/recipes-support/sqlite/files/CVE-2019-8457.patch
>
> diff --git a/meta/recipes-support/sqlite/files/CVE-2019-8457.patch 
> b/meta/recipes-support/sqlite/files/CVE-2019-8457.patch
> new file mode 100644
> index 000..a103dd8
> --- /dev/null
> +++ b/meta/recipes-support/sqlite/files/CVE-2019-8457.patch
> @@ -0,0 +1,124 @@
> +From fbf2392644f0ae4282fa4583c9bb67260995d983 Mon Sep 17 00:00:00 2001
> +From: Shubham Agrawal 
> +Date: Mon, 23 Sep 2019 20:58:47 +
> +Subject: [PATCH] CVE: CVE-2019-8457 Upstream-Status: Backport
> +
> +Sign off: Shubham Agrawal 
> +---
> + sqlite3.c | 50 +++---
> + 1 file changed, 31 insertions(+), 19 deletions(-)
> +
> +diff --git a/sqlite3.c b/sqlite3.c
> +index 00513d4..5c8c7f4 100644
> +--- a/sqlite3.c
>  b/sqlite3.c
> +@@ -172325,6 +172325,33 @@
> + }
> + 
> + 
> ++/* Allocate and initialize a new dynamic string object */
> ++StrAccum *sqlite3_str_new(sqlite3 *db){
> ++  StrAccum *p = sqlite3DbMallocRaw(db, sizeof(*p));
> ++  if( p ){
> ++sqlite3StrAccumInit(p, db, 0, 0, SQLITE_MAX_LENGTH);
> ++  }
> ++  return p;
> ++}
> ++
> ++/* Finalize a string created using sqlite3_str_new().
> ++*/
> ++
> ++char *sqlite3_str_finish(StrAccum *p){
> ++  char *z;
> ++  if( p ){
> ++z = sqlite3StrAccumFinish(p);
> ++sqlite3DbFree(p->db, p);
> ++  }else{
> ++z = 0;
> ++  }
> ++  return z;
> ++}
> ++/* Return any error code associated with p */
> ++int sqlite3_str_errcode(StrAccum *p){
> ++  return p ? p->accError : SQLITE_NOMEM;
> ++}
> ++
> + /*
> + ** Implementation of a scalar function that decodes r-tree nodes to
> + ** human readable strings. This can be used for debugging and analysis.
> +@@ -172342,49 +172369,53 @@
> + ** *2 coordinates.
> + */
> + static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value 
> **apArg){
> +-  char *zText = 0;
> ++
> +   RtreeNode node;
> +   Rtree tree;
> +   int ii;
> ++  int nData;
> ++  int errCode;
> ++  StrAccum *pOut;
> + 
> +   UNUSED_PARAMETER(nArg);
> +   memset(, 0, sizeof(RtreeNode));
> +   memset(, 0, sizeof(Rtree));
> +   tree.nDim = (u8)sqlite3_value_int(apArg[0]);
> ++  if( tree.nDim<1 || tree.nDim>5 ) return;
> +   tree.nDim2 = tree.nDim*2;
> +   tree.nBytesPerCell = 8 + 8 * tree.nDim;
> +   node.zData = (u8 *)sqlite3_value_blob(apArg[1]);
> ++  nData = sqlite3_value_bytes(apArg[1]);
> ++  if( nData<4 ) return;
> ++  if( nData + 
> ++  pOut = sqlite3_str_new(0);
> +   for(ii=0; ii +-char zCell[512];
> +-int nCell = 0;
> ++
> ++
> + RtreeCell cell;
> + int jj;
> + 
> + nodeGetCell(, , ii, );
> +-sqlite3_snprintf(512-nCell,[nCell],"%lld", cell.iRowid);
> +-nCell = (int)strlen(zCell);
> ++if( ii>0 ) sqlite3StrAccumAppend(pOut, " ", 1);
> ++sqlite3XPrintf(pOut, "{%lld", cell.iRowid);
> ++
> + for(jj=0; jj + #ifndef SQLITE_RTREE_INT_ONLY
> +-  sqlite3_snprintf(512-nCell,[nCell], " %g",
> +-   (double)cell.aCoord[jj].f);
> ++
> ++  sqlite3XPrintf(pOut, " %g", (double)cell.aCoord[jj].f);
> + #else
> +-  sqlite3_snprintf(512-nCell,[nCell], " %d",
> +-   cell.aCoord[jj].i);
> ++
> ++  sqlite3XPrintf(pOut, " %d", cell.aCoord[jj].i);
> + #endif
> +-  nCell = (int)strlen(zCell);
> +-}
> + 
> +-if( zText ){
> +-  char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell);
> +-  sqlite3_free(zText);
> +-  zText = zTextNew;
> +-}else{
> +-  zText = sqlite3_mprintf("{%s}", zCell);
> + }
> ++sqlite3StrAccumAppend(pOut, "}", 1);
> +   }
> +-  
> +-  sqlite3_result_text(ctx, zText, -1, sqlite3_free);
> ++
> ++  errCode = sqlite3_str_errcode(pOut);
> ++  sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free);
> ++  sqlite3_result_error_code(ctx, errCode);
> + }
> + 
> + /* This routine implements an SQL function that returns the "depth" 
> parameter
> +-- 
> +2.7.4
> +
> diff --git a/meta/recipes-support/sqlite/sqlite3_3.23.1.bb 
> b/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
> index d214ea1..7df61cd 100644
> --- a/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
> +++ b/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
> @@ -7,6 +7,7 @@ SRC_URI = "\
>http://www.sqlite.org/2018/sqlite-autoconf-${SQLITE_PV}.tar.gz \
>file://CVE-2018-20505.patch \
>file://CVE-2018-20506.patch \
> +  file://CVE-2019-8457.patch \
>"
>  SRC_URI[md5sum] = "99a51b40a66872872a91c92f6d0134fa"
>  SRC_URI[sha256sum] = 
>

[OE-core] [PATCH] libpcap:upgrade 1.9.0 -> 1.9.1

2019-10-06 Thread Zang Ruochen

-libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch
 Removed since this is included in 1.9.1.

Signed-off-by: Zang Ruochen 
---
 ...nux.c-add-missing-limits.h-for-musl-syste.patch | 29 --
 .../libpcap/{libpcap_1.9.0.bb => libpcap_1.9.1.bb} |  5 ++--
 2 files changed, 2 insertions(+), 32 deletions(-)
 delete mode 100644 
meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch
 rename meta/recipes-connectivity/libpcap/{libpcap_1.9.0.bb => 
libpcap_1.9.1.bb} (88%)

diff --git 
a/meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch
 
b/meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch
deleted file mode 100644
index 0177383..000
--- 
a/meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From aafa3512b7b742f5e66a5543e41974cc5e7eebfa Mon Sep 17 00:00:00 2001
-From: maxice8 
-Date: Sun, 22 Jul 2018 18:54:17 -0300
-Subject: [PATCH] pcap-usb-linux.c: add missing limits.h for musl systems.
-
-fix compilation on musl libc systems like Void Linux and Alpine.
-
-Upstream-Status: Backport 
[https://github.com/the-tcpdump-group/libpcap/commit/d557c98a16dc254aaff03762b694fe624e180bea]
-
-Signed-off-by: Anuj Mittal 

- pcap-usb-linux.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/pcap-usb-linux.c b/pcap-usb-linux.c
-index 6f8adf65..b92c05ea 100644
 a/pcap-usb-linux.c
-+++ b/pcap-usb-linux.c
-@@ -50,6 +50,7 @@
- #include 
- #include 
- #include 
-+#include 
- #include 
- #include 
- #include 
--- 
-2.17.1
-
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.9.0.bb 
b/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb
similarity index 88%
rename from meta/recipes-connectivity/libpcap/libpcap_1.9.0.bb
rename to meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb
index 77bc31a..318e2d7 100644
--- a/meta/recipes-connectivity/libpcap/libpcap_1.9.0.bb
+++ b/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb
@@ -11,10 +11,9 @@ LIC_FILES_CHKSUM = 
"file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
 DEPENDS = "flex-native bison-native"
 
 SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \
-   
file://0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch \
"
-SRC_URI[md5sum] = "dffd65cb14406ab9841f421732eb0f33"
-SRC_URI[sha256sum] = 
"2edb88808e5913fdaa8e9c1fcaf272e19b2485338742b5074b9fe44d68f37019"
+SRC_URI[md5sum] = "21af603d9a591c7d96a6457021d84e6c"
+SRC_URI[sha256sum] = 
"635237637c5b619bcceba91900666b64d56ecb7be63f298f601ec786ce087094"
 
 inherit autotools binconfig-disabled pkgconfig
 
-- 
2.7.4



-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [warrior][PATCH] qemu: fix build issue on new hosts with glibc 2.30

2019-10-06 Thread Armin Kuster

Affects <= qemu 3.1.0

[Yocto #13577]

This fixes the following error:

TOPDIR/tmp/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/linux-user/syscall.c:254:16:
 error: static declaration of ‘gettid’ follows non-static declaration
 254 | _syscall0(int, gettid)
 |^~
 
TOPDIR/tmp/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/linux-user/syscall.c:185:13:
 note: in definition of macro ‘_syscall0’
 185 | static type name (void)   \
 | ^~~~
 In file included from /usr/include/unistd.h:1170,
 from 
TOPDIR/tmp/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/include/qemu/osdep.h:90,
 from 
TOPDIR/tmp/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/linux-user/syscall.c:20:
 /usr/include/bits/unistd_ext.h:34:16: note: previous declaration of ‘gettid’ 
was here
 34 | extern __pid_t gettid (void) __THROW;
 |^~

Signed-off-by: Armin Kuster 
---
 ...nux-user-assume-__NR_gettid-always-exists.patch | 49 +++
 ...rename-gettid-to-sys_gettid-to-avoid-clas.patch | 95 ++
 2 files changed, 144 insertions(+)
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch

diff --git 
a/meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch
 
b/meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch
new file mode 100644
index 000..b09ddbe
--- /dev/null
+++ 
b/meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch
@@ -0,0 +1,49 @@
+From 184943d827ce09375284e6fbb9fd5eeb9e369529 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= 
+Date: Wed, 20 Mar 2019 16:18:41 +
+Subject: [PATCH] linux-user: assume __NR_gettid always exists
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The gettid syscall was introduced in Linux 2.4.11. This is old enough
+that we can assume it always exists and thus not bother with the
+conditional backcompat logic.
+
+Signed-off-by: Daniel P. Berrangé 
+Reviewed-by: Richard Henderson 
+Reviewed-by: Laurent Vivier 
+Message-Id: <20190320161842.13908-2-berra...@redhat.com>
+Signed-off-by: Laurent Vivier 
+
+Upstream-Status: Backport
+dependancy patch for fix
+
+Signed-off-by: Armin Kuster 
+
+---
+
+
+ linux-user/syscall.c | 8 
+ 1 file changed, 8 deletions(-)
+
+Index: qemu-3.1.0/linux-user/syscall.c
+===
+--- qemu-3.1.0.orig/linux-user/syscall.c
 qemu-3.1.0/linux-user/syscall.c
+@@ -250,15 +250,7 @@ static type name (type1 arg1,type2 arg2,
+ #define TARGET_NR__llseek TARGET_NR_llseek
+ #endif
+ 
+-#ifdef __NR_gettid
+ _syscall0(int, gettid)
+-#else
+-/* This is a replacement for the host gettid() and must return a host
+-   errno. */
+-static int gettid(void) {
+-return -ENOSYS;
+-}
+-#endif
+ 
+ /* For the 64-bit guest on 32-bit host case we must emulate
+  * getdents using getdents64, because otherwise the host
diff --git 
a/meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
 
b/meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
new file mode 100644
index 000..86d7678
--- /dev/null
+++ 
b/meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
@@ -0,0 +1,95 @@
+From 71ba74f67eaca21b0cc9d96f534ad3b9a7161400 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= 
+Date: Wed, 20 Mar 2019 16:18:42 +
+Subject: [PATCH] linux-user: rename gettid() to sys_gettid() to avoid clash
+ with glibc
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The glibc-2.29.9000-6.fc31.x86_64 package finally includes the gettid()
+function as part of unistd.h when __USE_GNU is defined. This clashes
+with linux-user code which unconditionally defines this function name
+itself.
+
+/home/berrange/src/virt/qemu/linux-user/syscall.c:253:16: error: static 
declaration of ‘gettid’ follows non-static declaration
+  253 | _syscall0(int, gettid)
+  |^~
+/home/berrange/src/virt/qemu/linux-user/syscall.c:184:13: note: in definition 
of macro ‘_syscall0’
+  184 | static type name (void)   \
+  | ^~~~
+In file included from /usr/include/unistd.h:1170,
+ from /home/berrange/src/virt/qemu/include/qemu/osdep.h:107,
+ from /home/berrange/src/virt/qemu/linux-user/syscall.c:20:
+/usr/include/bits/unistd_ext.h:34:16: note: previous declaration of ‘gettid’ 
was here
+   34 | extern __pid_t gettid (void) __THROW;
+  |^~
+  CC  aarch64-linux-user/linux-user/signal.o
+make[1]: *** [/home/berrange/src/virt/qemu/rules.mak:69: linux-user/syscall.o] 
Error 1
+make[1]: ***

[OE-core] [PATCH] perl: Handle PACKAGES_DYNAMIC for perl-native

2019-10-06 Thread Khem Raj

A perl module recipe extending to provide native version causes target
perl dependencies to be pulled into native build if the module recipe
has RDEPENDS_${PN} = "perl-module-" e.g. libxml-sax-base-perl
recipe.

The reason is that native bbclass empties out PACKAGES_DYNAMIC and
perl's PACKAGES_DYNAMIC_class-target is greedy enough to usurp native
modules as well.

Eventually we end up with errors like when sstate is used across
machines

* ERROR: libxml-sax-base-perl-native different signature for task 
do_populate_sysroot.sigdata between qemux86copy and qemuarm

Therefore, to fix this native case needs to handled specially when
re-assigning module dependencies in split_perl_packages(), where the
modules are named correctly for native case and have a single dependency
on perl-native, secondly, PACKAGES_DYNAMIC for target case needs to be
reined in to spare, -native modules, thirdly, let perl-native take over
the case for providing native modules

This will fix several sstate signature errors like above with external
perl modules providing native variants and having runtime dependencies on
modules which are provided by perl proper

Signed-off-by: Khem Raj 
---
 meta/recipes-devtools/perl/perl_5.30.0.bb | 13 +
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-devtools/perl/perl_5.30.0.bb 
b/meta/recipes-devtools/perl/perl_5.30.0.bb
index a221bce52b..9614477982 100644
--- a/meta/recipes-devtools/perl/perl_5.30.0.bb
+++ b/meta/recipes-devtools/perl/perl_5.30.0.bb
@@ -265,13 +265,18 @@ python split_perl_packages () {
 # Read the pre-generated dependency file, and use it to set module 
dependecies
 for line in open(d.expand("${WORKDIR}") + 
'/perl-rdepends.txt').readlines():
 splitline = line.split()
-module = splitline[0].replace("RDEPENDS_perl", "RDEPENDS_${PN}")
-depends = splitline[2].strip('"').replace("perl-module", 
"${PN}-module")
+if bb.data.inherits_class('native', d):
+module = splitline[0] + '-native'
+depends = "perl-native"
+else:
+module = splitline[0].replace("RDEPENDS_perl", "RDEPENDS_${PN}")
+depends = splitline[2].strip('"').replace("perl-module", 
"${PN}-module")
 d.appendVar(d.expand(module), " " + depends)
 }
 
-PACKAGES_DYNAMIC_class-target += "^perl-module-.*"
-PACKAGES_DYNAMIC_class-nativesdk += "^nativesdk-perl-module-.*"
+PACKAGES_DYNAMIC_class-native_forcevariable = "^perl-module-.*-native$"
+PACKAGES_DYNAMIC_class-target = "^perl-module-.*(?http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] ✗ patchtest: failure for qemu: fix build issue on new hosts with glibc 2.30

2019-10-06 Thread Patchwork

== Series Details ==

Series: qemu: fix build issue on new hosts with glibc 2.30
Revision: 1
URL   : https://patchwork.openembedded.org/series/20318/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Issue Upstream-Status is in incorrect format 
[test_upstream_status_presence_format] 
  Suggested fixFix Upstream-Status format in 
0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
  Current  Upstream-status: Backport
  Standard format  Upstream-Status: 
  Valid status Pending, Accepted, Backport, Denied, Inappropriate [reason], 
Submitted [where]



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines: 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [warrior] 8/8] qemu: fix build issue on new hosts with glibc 2.30

2019-10-06 Thread Armin Kuster

This fixes the following error:

TOPDIR/tmp/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/linux-user/syscall.c:254:16:
 error: static declaration of ‘gettid’ follows non-static declaration
 254 | _syscall0(int, gettid)
 |^~
 
TOPDIR/tmp/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/linux-user/syscall.c:185:13:
 note: in definition of macro ‘_syscall0’
 185 | static type name (void)   \
 | ^~~~
 In file included from /usr/include/unistd.h:1170,
 from 
TOPDIR/tmp/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/include/qemu/osdep.h:90,
 from 
TOPDIR/tmp/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/linux-user/syscall.c:20:
 /usr/include/bits/unistd_ext.h:34:16: note: previous declaration of ‘gettid’ 
was here
 34 | extern __pid_t gettid (void) __THROW;
 |^~

Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/qemu/qemu.inc|  2 +
 ...nux-user-assume-__NR_gettid-always-exists.patch | 49 +++
 ...rename-gettid-to-sys_gettid-to-avoid-clas.patch | 95 ++
 3 files changed, 146 insertions(+)
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index e720ddf..40c3174 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -33,6 +33,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \

file://0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch \
file://CVE-2018-20815.patch \
file://CVE-2019-8934.patch \
+   file://0001-linux-user-assume-__NR_gettid-always-exists.patch \
+   
file://0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
diff --git 
a/meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch
 
b/meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch
new file mode 100644
index 000..b09ddbe
--- /dev/null
+++ 
b/meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch
@@ -0,0 +1,49 @@
+From 184943d827ce09375284e6fbb9fd5eeb9e369529 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= 
+Date: Wed, 20 Mar 2019 16:18:41 +
+Subject: [PATCH] linux-user: assume __NR_gettid always exists
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The gettid syscall was introduced in Linux 2.4.11. This is old enough
+that we can assume it always exists and thus not bother with the
+conditional backcompat logic.
+
+Signed-off-by: Daniel P. Berrangé 
+Reviewed-by: Richard Henderson 
+Reviewed-by: Laurent Vivier 
+Message-Id: <20190320161842.13908-2-berra...@redhat.com>
+Signed-off-by: Laurent Vivier 
+
+Upstream-Status: Backport
+dependancy patch for fix
+
+Signed-off-by: Armin Kuster 
+
+---
+
+
+ linux-user/syscall.c | 8 
+ 1 file changed, 8 deletions(-)
+
+Index: qemu-3.1.0/linux-user/syscall.c
+===
+--- qemu-3.1.0.orig/linux-user/syscall.c
 qemu-3.1.0/linux-user/syscall.c
+@@ -250,15 +250,7 @@ static type name (type1 arg1,type2 arg2,
+ #define TARGET_NR__llseek TARGET_NR_llseek
+ #endif
+ 
+-#ifdef __NR_gettid
+ _syscall0(int, gettid)
+-#else
+-/* This is a replacement for the host gettid() and must return a host
+-   errno. */
+-static int gettid(void) {
+-return -ENOSYS;
+-}
+-#endif
+ 
+ /* For the 64-bit guest on 32-bit host case we must emulate
+  * getdents using getdents64, because otherwise the host
diff --git 
a/meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
 
b/meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
new file mode 100644
index 000..86d7678
--- /dev/null
+++ 
b/meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
@@ -0,0 +1,95 @@
+From 71ba74f67eaca21b0cc9d96f534ad3b9a7161400 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= 
+Date: Wed, 20 Mar 2019 16:18:42 +
+Subject: [PATCH] linux-user: rename gettid() to sys_gettid() to avoid clash
+ with glibc
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The glibc-2.29.9000-6.fc31.x86_64 package finally includes the gettid()
+function as part of unistd.h when __USE_GNU is defined. This clashes
+with linux-user code which unconditionally defines this function name
+itself.
+
+/home/berrange/src/virt/qemu/linux-user/syscall.c:253:16: error: static 
declaration of ‘gettid’ follows non-static declaration
+  253 | _syscall0(int, gettid)
+  |

[OE-core] [warrior] 4/8] qemu: Fix CVE-2019-8934

2019-10-06 Thread Armin Kuster

Signed-off-by: Dan Tran 
[Fix up against lastest warrior]
Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/qemu/qemu.inc|   1 +
 .../recipes-devtools/qemu/qemu/CVE-2019-8934.patch | 215 +
 2 files changed, 216 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index 3de87d3..e720ddf 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -32,6 +32,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2019-3812.patch \

file://0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch \
file://CVE-2018-20815.patch \
+   file://CVE-2019-8934.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch
new file mode 100644
index 000..d1d7d23
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch
@@ -0,0 +1,215 @@
+From 8c2e30a92d95d89e2cf45d229bce274881026cf7 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit 
+Date: Mon, 18 Feb 2019 23:43:49 +0530
+Subject: [PATCH] ppc: add host-serial and host-model machine attributes
+ (CVE-2019-8934)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On ppc hosts, hypervisor shares following system attributes
+
+  - /proc/device-tree/system-id
+  - /proc/device-tree/model
+
+with a guest. This could lead to information leakage and misuse.[*]
+Add machine attributes to control such system information exposure
+to a guest.
+
+[*] https://wiki.openstack.org/wiki/OSSN/OSSN-0028
+
+Reported-by: Daniel P. Berrangé 
+Fix-suggested-by: Daniel P. Berrangé 
+Signed-off-by: Prasad J Pandit 
+Message-Id: <20190218181349.23885-1-ppan...@redhat.com>
+Reviewed-by: Daniel P. Berrangé 
+Reviewed-by: Greg Kurz 
+Signed-off-by: David Gibson 
+
+CVE: CVE-2019-8934
+Upstream-Status: Backport
+[https://github.com/qemu/qemu/commit/27461d69a0f108dea756419251acc3ea65198f1b]
+
+Signed-off-by: Dan Tran 
+---
+ hw/ppc/spapr.c | 128 ++---
+ include/hw/ppc/spapr.h |   2 +
+ 2 files changed, 123 insertions(+), 7 deletions(-)
+
+diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
+index 7afd1a175b..bcee7c162d 100644
+--- a/hw/ppc/spapr.c
 b/hw/ppc/spapr.c
+@@ -1244,13 +1244,30 @@ static void *spapr_build_fdt(sPAPRMachineState *spapr,
+  * Add info to guest to indentify which host is it being run on
+  * and what is the uuid of the guest
+  */
+-if (kvmppc_get_host_model()) {
+-_FDT(fdt_setprop_string(fdt, 0, "host-model", buf));
+-g_free(buf);
++if (spapr->host_model && !g_str_equal(spapr->host_model, "none")) {
++if (g_str_equal(spapr->host_model, "passthrough")) {
++/* -M host-model=passthrough */
++if (kvmppc_get_host_model()) {
++_FDT(fdt_setprop_string(fdt, 0, "host-model", buf));
++g_free(buf);
++}
++} else {
++/* -M host-model= */
++_FDT(fdt_setprop_string(fdt, 0, "host-model", spapr->host_model));
++}
+ }
+-if (kvmppc_get_host_serial()) {
+-_FDT(fdt_setprop_string(fdt, 0, "host-serial", buf));
+-g_free(buf);
++
++if (spapr->host_serial && !g_str_equal(spapr->host_serial, "none")) {
++if (g_str_equal(spapr->host_serial, "passthrough")) {
++/* -M host-serial=passthrough */
++if (kvmppc_get_host_serial()) {
++_FDT(fdt_setprop_string(fdt, 0, "host-serial", buf));
++g_free(buf);
++}
++} else {
++/* -M host-serial= */
++_FDT(fdt_setprop_string(fdt, 0, "host-serial", 
spapr->host_serial));
++}
+ }
+ 
+ buf = qemu_uuid_unparse_strdup(_uuid);
+@@ -3031,6 +3048,73 @@ static void spapr_set_vsmt(Object *obj, Visitor *v, 
const char *name,
+ visit_type_uint32(v, name, (uint32_t *)opaque, errp);
+ }
+ 
++static char *spapr_get_ic_mode(Object *obj, Error **errp)
++{
++sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
++
++if (spapr->irq == _irq_xics_legacy) {
++return g_strdup("legacy");
++} else if (spapr->irq == _irq_xics) {
++return g_strdup("xics");
++} else if (spapr->irq == _irq_xive) {
++return g_strdup("xive");
++} else if (spapr->irq == _irq_dual) {
++return g_strdup("dual");
++}
++g_assert_not_reached();
++}
++
++static void spapr_set_ic_mode(Object *obj, const char *value, Error **errp)
++{
++sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
++
++if (SPAPR_MACHINE_GET_CLASS(spapr)->legacy_irq_allocation) {
++error_setg(errp, "This machine only uses the legacy XICS backend, 
don't pass ic-mode");
++return;
++}
++

[OE-core] [warrior] 7/8] systemd: update SRCREV for systemd v241-stable

2019-10-06 Thread Armin Kuster

From: Jan Klare 

Currently systemd 241 does break for kernels 5.2+ with the error described here:
* https://github.com/systemd/systemd/issues/12784

The issue has been fixed in master and will be fixed in the release 243. The
necessary patches have been backported to systemd/systemd-stable in the branch
v241-stable, but currently in warrior an old version of that branch is pulled
in.

This patch updates the SRCREV to the latest commit from that branch and
therefore pulls in the needed fix to run systemd 241 on 5.2+ kernels.

Signed-off-by: Jan Klare 
Signed-off-by: Armin Kuster 
---
 meta/recipes-core/systemd/systemd.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/systemd/systemd.inc 
b/meta/recipes-core/systemd/systemd.inc
index 5bd88ed..2b9c291 100644
--- a/meta/recipes-core/systemd/systemd.inc
+++ b/meta/recipes-core/systemd/systemd.inc
@@ -14,7 +14,7 @@ LICENSE = "GPLv2 & LGPLv2.1"
 LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
 
file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
 
-SRCREV = "c1f8ff8d0de7e303b8004b02a0a47d4cc103a7f8"
+SRCREV = "511646b8ac5c82f210b16920044465756913d238"
 SRCBRANCH = "v241-stable"
 SRC_URI = 
"git://github.com/systemd/systemd-stable.git;protocol=git;branch=${SRCBRANCH}"
 
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [warrior] 5/8] unzip: Fix CVE-2019-13232

2019-10-06 Thread Armin Kuster

From: Dan Tran 

Signed-off-by: Dan Tran 
Signed-off-by: Armin Kuster 
---
 .../unzip/unzip/CVE-2019-13232_p1.patch|  33 ++
 .../unzip/unzip/CVE-2019-13232_p2.patch| 356 +
 .../unzip/unzip/CVE-2019-13232_p3.patch| 121 +++
 meta/recipes-extended/unzip/unzip_6.0.bb   |   3 +
 4 files changed, 513 insertions(+)
 create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch
 create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch
 create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2019-13232_p3.patch

diff --git a/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch 
b/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch
new file mode 100644
index 000..d485a1b
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch
@@ -0,0 +1,33 @@
+From 080d52c3c9416c731f637f9c6e003961ef43f079 Mon Sep 17 00:00:00 2001
+From: Mark Adler 
+Date: Mon, 27 May 2019 08:20:32 -0700
+Subject: [PATCH 1/3] Fix bug in undefer_input() that misplaced the input
+ state.
+
+CVE: CVE-2019-13232
+Upstream-Status: Backport
+[https://github.com/madler/unzip/commit/41beb477c5744bc396fa1162ee0c14218ec12213]
+
+Signed-off-by: Dan Tran 
+---
+ fileio.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/fileio.c b/fileio.c
+index 7605a29..14460f3 100644
+--- a/fileio.c
 b/fileio.c
+@@ -532,8 +532,10 @@ void undefer_input(__G)
+  * This condition was checked when G.incnt_leftover was set > 0 in
+  * defer_leftover_input(), and it is NOT allowed to touch G.csize
+  * before calling undefer_input() when (G.incnt_leftover > 0)
+- * (single exception: see read_byte()'s  "G.csize <= 0" handling) !!
++ * (single exception: see readbyte()'s  "G.csize <= 0" handling) !!
+  */
++if (G.csize < 0L)
++G.csize = 0L;
+ G.incnt = G.incnt_leftover + (int)G.csize;
+ G.inptr = G.inptr_leftover - (int)G.csize;
+ G.incnt_leftover = 0;
+-- 
+2.22.0.vfs.1.1.57.gbaf16c8
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch 
b/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch
new file mode 100644
index 000..41037a8
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch
@@ -0,0 +1,356 @@
+From 1aae47fa8935654a84403768f32c03ecbb1be470 Mon Sep 17 00:00:00 2001
+From: Mark Adler 
+Date: Tue, 11 Jun 2019 22:01:18 -0700
+Subject: [PATCH 2/3] Detect and reject a zip bomb using overlapped entries.
+
+This detects an invalid zip file that has at least one entry that
+overlaps with another entry or with the central directory to the
+end of the file. A Fifield zip bomb uses overlapped local entries
+to vastly increase the potential inflation ratio. Such an invalid
+zip file is rejected.
+
+See https://www.bamsoftware.com/hacks/zipbomb/ for David Fifield's
+analysis, construction, and examples of such zip bombs.
+
+The detection maintains a list of covered spans of the zip files
+so far, where the central directory to the end of the file and any
+bytes preceding the first entry at zip file offset zero are
+considered covered initially. Then as each entry is decompressed
+or tested, it is considered covered. When a new entry is about to
+be processed, its initial offset is checked to see if it is
+contained by a covered span. If so, the zip file is rejected as
+invalid.
+
+This commit depends on a preceding commit: "Fix bug in
+undefer_input() that misplaced the input state."
+
+CVE: CVE-2019-13232
+Upstream-Status: Backport
+[https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c]
+
+Signed-off-by: Dan Tran 
+---
+ extract.c | 190 +-
+ globals.c |   1 +
+ globals.h |   3 +
+ process.c |  10 +++
+ unzip.h   |   1 +
+ 5 files changed, 204 insertions(+), 1 deletion(-)
+
+diff --git a/extract.c b/extract.c
+index 24db2a8..2bb72ba 100644
+--- a/extract.c
 b/extract.c
+@@ -321,6 +321,125 @@ static ZCONST char Far UnsupportedExtraField[] =
+   "\nerror:  unsupported extra-field compression type (%u)--skipping\n";
+ static ZCONST char Far BadExtraFieldCRC[] =
+   "error [%s]:  bad extra-field CRC %08lx (should be %08lx)\n";
++static ZCONST char Far NotEnoughMemCover[] =
++  "error: not enough memory for bomb detection\n";
++static ZCONST char Far OverlappedComponents[] =
++  "error: invalid zip file with overlapped components (possible zip bomb)\n";
++
++
++
++
++
++/* A growable list of spans. */
++typedef zoff_t bound_t;
++typedef struct {
++bound_t beg;/* start of the span */
++bound_t end;/* one past the end of the span */
++} span_t;
++typedef struct {
++span_t *span;   /* allocated, distinct, and sorted list of spans */
++size_t num; /* number of spans in the list */
++size_t max; /* allocated number of spans (num <= max) */
++} cover_t;
++

[OE-core] [warrior] 1/8] python: update to 3.7.3

2019-10-06 Thread Armin Kuster

From: Alexander Kanavin 

License-update: copyright years

Signed-off-by: Alexander Kanavin 
Signed-off-by: Richard Purdie 
[ Backported patches removed. ]
Signed-off-by: Adrian Bunk 
[Bug fix only update]
Signed-off-by: Armin Kuster 
---
 ...ysconfig-append-STAGING_LIBDIR-python-sys.patch |   2 +-
 ...2-distutils-prefix-is-inside-staging-area.patch |   2 +-
 .../python/python3/CVE-2018-20852.patch| 124 -
 .../python/python3/CVE-2019-9636.patch | 154 -
 .../python/{python3_3.7.2.bb => python3_3.7.3.bb}  |   8 +-
 5 files changed, 5 insertions(+), 285 deletions(-)
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2018-20852.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2019-9636.patch
 rename meta/recipes-devtools/python/{python3_3.7.2.bb => python3_3.7.3.bb} 
(97%)

diff --git 
a/meta/recipes-devtools/python/python3/0001-distutils-sysconfig-append-STAGING_LIBDIR-python-sys.patch
 
b/meta/recipes-devtools/python/python3/0001-distutils-sysconfig-append-STAGING_LIBDIR-python-sys.patch
index 8083345..1741f57 100644
--- 
a/meta/recipes-devtools/python/python3/0001-distutils-sysconfig-append-STAGING_LIBDIR-python-sys.patch
+++ 
b/meta/recipes-devtools/python/python3/0001-distutils-sysconfig-append-STAGING_LIBDIR-python-sys.patch
@@ -1,4 +1,4 @@
-From 4865615a2bc2b78c739e4c33f536712c7f9af061 Mon Sep 17 00:00:00 2001
+From 17796e353acf08acd604610f34840a4a9d2f4b54 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin 
 Date: Thu, 31 Jan 2019 16:46:30 +0100
 Subject: [PATCH] distutils/sysconfig: append
diff --git 
a/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
 
b/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
index dcc0932..3521317 100644
--- 
a/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
+++ 
b/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
@@ -1,4 +1,4 @@
-From 1397979ee445ff6826aa5469511e003539f77bb2 Mon Sep 17 00:00:00 2001
+From 12900d498bb77bcc990868a80eaf0ab257b88fff Mon Sep 17 00:00:00 2001
 From: Khem Raj 
 Date: Tue, 14 May 2013 15:00:26 -0700
 Subject: [PATCH] python3: Add target and native recipes
diff --git a/meta/recipes-devtools/python/python3/CVE-2018-20852.patch 
b/meta/recipes-devtools/python/python3/CVE-2018-20852.patch
deleted file mode 100644
index ff671d3..000
--- a/meta/recipes-devtools/python/python3/CVE-2018-20852.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-From e5123d81ffb3be35a1b2767d6ced1a097aaf77be Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-isling...@users.noreply.github.com>
-Date: Sat, 9 Mar 2019 18:58:25 -0800
-Subject: [PATCH] bpo-35121: prefix dot in domain for proper subdomain
- validation (GH-10258) (GH-12261)
-
-Don't send cookies of domain A without Domain attribute to domain B when 
domain A is a suffix match of domain B while using a cookiejar with 
`http.cookiejar.DefaultCookiePolicy` policy.  Patch by Karthikeyan Singaravelan.
-(cherry picked from commit ca7fe5063593958e5efdf90f068582837f07bd14)
-
-Co-authored-by: Xtreak 
-Upstream-Status: Backport
-CVE: CVE-2018-20852
-Signed-off-by: Anuj Mittal  

- Lib/http/cookiejar.py | 13 ++--
- Lib/test/test_http_cookiejar.py   | 30 +++
- .../2018-10-31-15-39-17.bpo-35121.EgHv9k.rst  |  4 +++
- 3 files changed, 45 insertions(+), 2 deletions(-)
- create mode 100644 
Misc/NEWS.d/next/Security/2018-10-31-15-39-17.bpo-35121.EgHv9k.rst
-
-diff --git a/Lib/http/cookiejar.py b/Lib/http/cookiejar.py
-index e0f1032b2816..00cb1250a07e 100644
 a/Lib/http/cookiejar.py
-+++ b/Lib/http/cookiejar.py
-@@ -1145,6 +1145,11 @@ def return_ok_domain(self, cookie, request):
- req_host, erhn = eff_request_host(request)
- domain = cookie.domain
- 
-+if domain and not domain.startswith("."):
-+dotdomain = "." + domain
-+else:
-+dotdomain = domain
-+
- # strict check of non-domain cookies: Mozilla does this, MSIE5 doesn't
- if (cookie.version == 0 and
- (self.strict_ns_domain & self.DomainStrictNonDomain) and
-@@ -1157,7 +1162,7 @@ def return_ok_domain(self, cookie, request):
- _debug("   effective request-host name %s does not domain-match "
-"RFC 2965 cookie domain %s", erhn, domain)
- return False
--if cookie.version == 0 and not ("."+erhn).endswith(domain):
-+if cookie.version == 0 and not ("."+erhn).endswith(dotdomain):
- _debug("   request-host %s does not match Netscape cookie domain "
-"%s", req_host, domain)
- return False
-@@ -1171,7 +1176,11 @@ def domain_return_ok(self, domain, request):
- req_host = "."+req_host
- if not erhn.startswith("."):
- erhn = "."+erhn
--if not

[OE-core] [warrior] 2/8] python3: upgrade 3.7.3 -> 3.7.4

2019-10-06 Thread Armin Kuster

From: Anuj Mittal 

Also fixes CVE-2019-9740, CVE-2019-9948. For details, see:

https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-4-final

Signed-off-by: Anuj Mittal 
Signed-off-by: Richard Purdie 
[ Backported patch removed. ]
Signed-off-by: Adrian Bunk 
[Bug fix only update]
Signed-off-by: Armin Kuster 
---
 .../python/python3/CVE-2019-9740.patch | 151 -
 .../python/{python3_3.7.3.bb => python3_3.7.4.bb}  |   5 +-
 2 files changed, 2 insertions(+), 154 deletions(-)
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2019-9740.patch
 rename meta/recipes-devtools/python/{python3_3.7.3.bb => python3_3.7.4.bb} 
(98%)

diff --git a/meta/recipes-devtools/python/python3/CVE-2019-9740.patch 
b/meta/recipes-devtools/python/python3/CVE-2019-9740.patch
deleted file mode 100644
index 9bb336d..000
--- a/meta/recipes-devtools/python/python3/CVE-2019-9740.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-From 7e200e0763f5b71c199aaf98bd5588f291585619 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= 
-Date: Tue, 7 May 2019 17:28:47 +0200
-Subject: [PATCH] bpo-30458: Disallow control chars in http URLs. (GH-12755)
- (GH-13154)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Disallow control chars in http URLs in urllib.urlopen.  This addresses a 
potential security problem for applications that do not sanity check their URLs 
where http request headers could be injected.
-
-Disable https related urllib tests on a build without ssl (GH-13032)
-These tests require an SSL enabled build. Skip these tests when python is 
built without SSL to fix test failures.
-
-Use http.client.InvalidURL instead of ValueError as the new error case's 
exception. (GH-13044)
-
-Backport Co-Authored-By: Miro Hrončok 
-Upstream-Status: 
Backport[https://github.com/python/cpython/commit/7e200e0763f5b71c199aaf98bd5588f291585619]
-CVE: CVE-2019-9740
-CVE: CVE-2019-9947
-Signed-off-by: Anuj Mittal 

- Lib/http/client.py| 15 ++
- Lib/test/test_urllib.py   | 53 +++
- Lib/test/test_xmlrpc.py   |  7 ++-
- .../2019-04-10-08-53-30.bpo-30458.51E-DA.rst  |  1 +
- 4 files changed, 75 insertions(+), 1 deletion(-)
- create mode 100644 
Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst
-
-diff --git a/Lib/http/client.py b/Lib/http/client.py
-index 1de151c38e92..2afd452fe30f 100644
 a/Lib/http/client.py
-+++ b/Lib/http/client.py
-@@ -140,6 +140,16 @@
- _is_legal_header_name = re.compile(rb'[^:\s][^:\r\n]*').fullmatch
- _is_illegal_header_value = re.compile(rb'\n(?![ \t])|\r(?![ \t\n])').search
- 
-+# These characters are not allowed within HTTP URL paths.
-+#  See https://tools.ietf.org/html/rfc3986#section-3.3 and the
-+#  https://tools.ietf.org/html/rfc3986#appendix-A pchar definition.
-+# Prevents CVE-2019-9740.  Includes control characters such as \r\n.
-+# We don't restrict chars above \x7f as putrequest() limits us to ASCII.
-+_contains_disallowed_url_pchar_re = re.compile('[\x00-\x20\x7f]')
-+# Arguably only these _should_ allowed:
-+#  _is_allowed_url_pchars_re = 
re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$")
-+# We are more lenient for assumed real world compatibility purposes.
-+
- # We always set the Content-Length header for these methods because some
- # servers will otherwise respond with a 411
- _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'}
-@@ -1101,6 +,11 @@ def putrequest(self, method, url, skip_host=False,
- self._method = method
- if not url:
- url = '/'
-+# Prevent CVE-2019-9740.
-+match = _contains_disallowed_url_pchar_re.search(url)
-+if match:
-+raise InvalidURL(f"URL can't contain control characters. {url!r} "
-+ f"(found at least {match.group()!r})")
- request = '%s %s %s' % (method, url, self._http_vsn_str)
- 
- # Non-ASCII characters should have been eliminated earlier
-diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
-index 2ac73b58d832..7214492eca9d 100644
 a/Lib/test/test_urllib.py
-+++ b/Lib/test/test_urllib.py
-@@ -329,6 +329,59 @@ def test_willclose(self):
- finally:
- self.unfakehttp()
- 
-+@unittest.skipUnless(ssl, "ssl module required")
-+def test_url_with_control_char_rejected(self):
-+for char_no in list(range(0, 0x21)) + [0x7f]:
-+char = chr(char_no)
-+schemeless_url = f"//localhost:/test{char}/"
-+self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.")
-+try:
-+# We explicitly test urllib.request.urlopen() instead of the 
top
-+# level 'def urlopen()' function defined in this... (quite 
ugly)
-+# test suite.  They use different url opening codepaths.  
Plain
-+# urlopen uses FancyURLOpener which goes via a codepath that
-+

[OE-core] [warrior] 3/8] json-c: Don't --enable-rdrand

2019-10-06 Thread Armin Kuster

From: Adrian Bunk 

In recent years AMD CPUs have had various problems with RDRAND
giving either non-random data or no result at all, which is
problematic if either build or target machine has a CPU with
this problem.

The fallback is /dev/urandom, and I'd trust the kernel here.

--enable-rdrand was added in an upgrade to a new upstream
version without mentioning any reason.

[YOCTO #13534]

Signed-off-by: Adrian Bunk 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/json-c/json-c_0.13.1.bb | 2 --
 1 file changed, 2 deletions(-)

diff --git a/meta/recipes-devtools/json-c/json-c_0.13.1.bb 
b/meta/recipes-devtools/json-c/json-c_0.13.1.bb
index 5b10e68..e6a3899 100644
--- a/meta/recipes-devtools/json-c/json-c_0.13.1.bb
+++ b/meta/recipes-devtools/json-c/json-c_0.13.1.bb
@@ -20,8 +20,6 @@ RPROVIDES_${PN} = "libjson"
 
 inherit autotools
 
-EXTRA_OECONF = "--enable-rdrand"
-
 do_configure_prepend() {
 # Clean up autoconf cruft that should not be in the tarball
 rm -f ${S}/config.status
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [warrior] 0/8] Patch review

2019-10-06 Thread Armin Kuster

Next series to review.

Please comment by Monday.
All these have already been sent to the list so short review period.


The following changes since commit acc0f4a6a99fe9367e57a5c2a4f995b6f4db4a9f:

  runqemu: Add support for kvm on aarch64 (2019-10-01 10:48:46 +0100)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/warrior-nmut
  http://cgit.openembedded.org//log/?h=stable/warrior-nmut

Adrian Bunk (1):
  json-c: Don't --enable-rdrand

Alexander Kanavin (1):
  python: update to 3.7.3

Andrii Bordunov via Openembedded-core (1):
  classes/image-live.bbclass: Don't hardcode cpio.gz

Anuj Mittal (1):
  python3: upgrade 3.7.3 -> 3.7.4

Armin Kuster (2):
  qemu: Fix CVE-2019-8934
  qemu: fix build issue on new hosts with glibc 2.30

Dan Tran (1):
  unzip: Fix CVE-2019-13232

Jan Klare (1):
  systemd: update SRCREV for systemd v241-stable

 meta/classes/image-live.bbclass|   2 +-
 meta/recipes-core/systemd/systemd.inc  |   2 +-
 meta/recipes-devtools/json-c/json-c_0.13.1.bb  |   2 -
 ...ysconfig-append-STAGING_LIBDIR-python-sys.patch |   2 +-
 ...2-distutils-prefix-is-inside-staging-area.patch |   2 +-
 .../python/python3/CVE-2018-20852.patch| 124 ---
 .../python/python3/CVE-2019-9636.patch | 154 -
 .../python/python3/CVE-2019-9740.patch | 151 -
 .../python/{python3_3.7.2.bb => python3_3.7.4.bb}  |   9 +-
 meta/recipes-devtools/qemu/qemu.inc|   3 +
 ...nux-user-assume-__NR_gettid-always-exists.patch |  49 +++
 ...rename-gettid-to-sys_gettid-to-avoid-clas.patch |  95 ++
 .../recipes-devtools/qemu/qemu/CVE-2019-8934.patch | 215 +
 .../unzip/unzip/CVE-2019-13232_p1.patch|  33 ++
 .../unzip/unzip/CVE-2019-13232_p2.patch| 356 +
 .../unzip/unzip/CVE-2019-13232_p3.patch| 121 +++
 meta/recipes-extended/unzip/unzip_6.0.bb   |   3 +
 17 files changed, 882 insertions(+), 441 deletions(-)
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2018-20852.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2019-9636.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2019-9740.patch
 rename meta/recipes-devtools/python/{python3_3.7.2.bb => python3_3.7.4.bb} 
(97%)
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch
 create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch
 create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch
 create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2019-13232_p3.patch

-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [warrior] 6/8] classes/image-live.bbclass: Don't hardcode cpio.gz

2019-10-06 Thread Armin Kuster

From: Andrii Bordunov via Openembedded-core 


There's INITRAMFS_FSTYPES that can be set differently.

Signed-off-by: Böszörményi Zoltán 
Signed-off-by: Armin Kuster 
---
 meta/classes/image-live.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/image-live.bbclass b/meta/classes/image-live.bbclass
index af71be5..54058b3 100644
--- a/meta/classes/image-live.bbclass
+++ b/meta/classes/image-live.bbclass
@@ -37,7 +37,7 @@ do_bootimg[depends] += "dosfstools-native:do_populate_sysroot 
\
 LABELS_LIVE ?= "boot install"
 ROOT_LIVE ?= "root=/dev/ram0"
 INITRD_IMAGE_LIVE ?= "${MLPREFIX}core-image-minimal-initramfs"
-INITRD_LIVE ?= "${DEPLOY_DIR_IMAGE}/${INITRD_IMAGE_LIVE}-${MACHINE}.cpio.gz"
+INITRD_LIVE ?= 
"${DEPLOY_DIR_IMAGE}/${INITRD_IMAGE_LIVE}-${MACHINE}.${INITRAMFS_FSTYPES}"
 
 LIVE_ROOTFS_TYPE ?= "ext4"
 ROOTFS ?= "${IMGDEPLOYDIR}/${IMAGE_LINK_NAME}.${LIVE_ROOTFS_TYPE}"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [warrior] 0/8] Patch review

2019-10-06 Thread Martin Jansa

Can you please add:
http://git.openembedded.org/openembedded-core/commit/?id=f7a470531d4bcc2888cbb9a7b197b86174f3aba2

it does apply cleanly in warrior.

Thanks

On Sun, Oct 6, 2019 at 5:24 PM Armin Kuster  wrote:

> Next series to review.
>
> Please comment by Monday.
> All these have already been sent to the list so short review period.
>
>
> The following changes since commit
> acc0f4a6a99fe9367e57a5c2a4f995b6f4db4a9f:
>
>   runqemu: Add support for kvm on aarch64 (2019-10-01 10:48:46 +0100)
>
> are available in the git repository at:
>
>   git://git.openembedded.org/openembedded-core-contrib stable/warrior-nmut
>   http://cgit.openembedded.org//log/?h=stable/warrior-nmut
>
> Adrian Bunk (1):
>   json-c: Don't --enable-rdrand
>
> Alexander Kanavin (1):
>   python: update to 3.7.3
>
> Andrii Bordunov via Openembedded-core (1):
>   classes/image-live.bbclass: Don't hardcode cpio.gz
>
> Anuj Mittal (1):
>   python3: upgrade 3.7.3 -> 3.7.4
>
> Armin Kuster (2):
>   qemu: Fix CVE-2019-8934
>   qemu: fix build issue on new hosts with glibc 2.30
>
> Dan Tran (1):
>   unzip: Fix CVE-2019-13232
>
> Jan Klare (1):
>   systemd: update SRCREV for systemd v241-stable
>
>  meta/classes/image-live.bbclass|   2 +-
>  meta/recipes-core/systemd/systemd.inc  |   2 +-
>  meta/recipes-devtools/json-c/json-c_0.13.1.bb  |   2 -
>  ...ysconfig-append-STAGING_LIBDIR-python-sys.patch |   2 +-
>  ...2-distutils-prefix-is-inside-staging-area.patch |   2 +-
>  .../python/python3/CVE-2018-20852.patch| 124 ---
>  .../python/python3/CVE-2019-9636.patch | 154 -
>  .../python/python3/CVE-2019-9740.patch | 151 -
>  .../python/{python3_3.7.2.bb => python3_3.7.4.bb}  |   9 +-
>  meta/recipes-devtools/qemu/qemu.inc|   3 +
>  ...nux-user-assume-__NR_gettid-always-exists.patch |  49 +++
>  ...rename-gettid-to-sys_gettid-to-avoid-clas.patch |  95 ++
>  .../recipes-devtools/qemu/qemu/CVE-2019-8934.patch | 215 +
>  .../unzip/unzip/CVE-2019-13232_p1.patch|  33 ++
>  .../unzip/unzip/CVE-2019-13232_p2.patch| 356
> +
>  .../unzip/unzip/CVE-2019-13232_p3.patch| 121 +++
>  meta/recipes-extended/unzip/unzip_6.0.bb   |   3 +
>  17 files changed, 882 insertions(+), 441 deletions(-)
>  delete mode 100644
> meta/recipes-devtools/python/python3/CVE-2018-20852.patch
>  delete mode 100644
> meta/recipes-devtools/python/python3/CVE-2019-9636.patch
>  delete mode 100644
> meta/recipes-devtools/python/python3/CVE-2019-9740.patch
>  rename meta/recipes-devtools/python/{python3_3.7.2.bb => python3_3.7.4.bb}
> (97%)
>  create mode 100644
> meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch
>  create mode 100644
> meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
>  create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch
>  create mode 100644
> meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch
>  create mode 100644
> meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch
>  create mode 100644
> meta/recipes-extended/unzip/unzip/CVE-2019-13232_p3.patch
>
> --
> 2.7.4
>
> --
> ___
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [warrior] 0/8] Patch review

2019-10-06 Thread akuster808



On 10/6/19 9:38 AM, Martin Jansa wrote:
> Can you please add:
> http://git.openembedded.org/openembedded-core/commit/?id=f7a470531d4bcc2888cbb9a7b197b86174f3aba2
>
> it does apply cleanly in warrior.

queued up.

thanks

>
> Thanks
>
> On Sun, Oct 6, 2019 at 5:24 PM Armin Kuster  > wrote:
>
> Next series to review.
>
> Please comment by Monday.
> All these have already been sent to the list so short review period.
>
>
> The following changes since commit
> acc0f4a6a99fe9367e57a5c2a4f995b6f4db4a9f:
>
>   runqemu: Add support for kvm on aarch64 (2019-10-01 10:48:46 +0100)
>
> are available in the git repository at:
>
>   git://git.openembedded.org/openembedded-core-contrib
> 
> stable/warrior-nmut
>   http://cgit.openembedded.org//log/?h=stable/warrior-nmut
>
> Adrian Bunk (1):
>   json-c: Don't --enable-rdrand
>
> Alexander Kanavin (1):
>   python: update to 3.7.3
>
> Andrii Bordunov via Openembedded-core (1):
>   classes/image-live.bbclass: Don't hardcode cpio.gz
>
> Anuj Mittal (1):
>   python3: upgrade 3.7.3 -> 3.7.4
>
> Armin Kuster (2):
>   qemu: Fix CVE-2019-8934
>   qemu: fix build issue on new hosts with glibc 2.30
>
> Dan Tran (1):
>   unzip: Fix CVE-2019-13232
>
> Jan Klare (1):
>   systemd: update SRCREV for systemd v241-stable
>
>  meta/classes/image-live.bbclass                    |   2 +-
>  meta/recipes-core/systemd/systemd.inc              |   2 +-
>  meta/recipes-devtools/json-c/json-c_0.13.1.bb
>       |   2 -
>  ...ysconfig-append-STAGING_LIBDIR-python-sys.patch |   2 +-
>  ...2-distutils-prefix-is-inside-staging-area.patch |   2 +-
>  .../python/python3/CVE-2018-20852.patch            | 124 ---
>  .../python/python3/CVE-2019-9636.patch             | 154 -
>  .../python/python3/CVE-2019-9740.patch             | 151 -
>  .../python/{python3_3.7.2.bb  =>
> python3_3.7.4.bb }  |   9 +-
>  meta/recipes-devtools/qemu/qemu.inc                |   3 +
>  ...nux-user-assume-__NR_gettid-always-exists.patch |  49 +++
>  ...rename-gettid-to-sys_gettid-to-avoid-clas.patch |  95 ++
>  .../recipes-devtools/qemu/qemu/CVE-2019-8934.patch | 215
> +
>  .../unzip/unzip/CVE-2019-13232_p1.patch            |  33 ++
>  .../unzip/unzip/CVE-2019-13232_p2.patch            | 356
> +
>  .../unzip/unzip/CVE-2019-13232_p3.patch            | 121 +++
>  meta/recipes-extended/unzip/unzip_6.0.bb    
>        |   3 +
>  17 files changed, 882 insertions(+), 441 deletions(-)
>  delete mode 100644
> meta/recipes-devtools/python/python3/CVE-2018-20852.patch
>  delete mode 100644
> meta/recipes-devtools/python/python3/CVE-2019-9636.patch
>  delete mode 100644
> meta/recipes-devtools/python/python3/CVE-2019-9740.patch
>  rename meta/recipes-devtools/python/{python3_3.7.2.bb
>  => python3_3.7.4.bb
> } (97%)
>  create mode 100644
> 
> meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch
>  create mode 100644
> 
> meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
>  create mode 100644
> meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch
>  create mode 100644
> meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch
>  create mode 100644
> meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch
>  create mode 100644
> meta/recipes-extended/unzip/unzip/CVE-2019-13232_p3.patch
>
> -- 
> 2.7.4
>
> -- 
> ___
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> 
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [warrior][PATCH] systemd: Expose resolv-conf alternative only when resolved is built

2019-10-06 Thread akuster808




On 10/4/19 12:47 AM, Alexandre Bard wrote:
> When systemd is built without internal resolver, it does not make
> sense to expose it as a resolv-conf alternative and can even break
> images where this alternative would be chosen, because of an
> invalid symlink.
Does Master have this issue?

- armin
>
> Signed-off-by: Alexandre Bard 
> ---
>  meta/recipes-core/systemd/systemd_241.bb | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-core/systemd/systemd_241.bb 
> b/meta/recipes-core/systemd/systemd_241.bb
> index eb3242d624..0add384a7b 100644
> --- a/meta/recipes-core/systemd/systemd_241.bb
> +++ b/meta/recipes-core/systemd/systemd_241.bb
> @@ -601,7 +601,7 @@ python __anonymous() {
>  d.setVar("INHIBIT_UPDATERCD_BBCLASS", "1")
>  }
>  
> -ALTERNATIVE_${PN} = "halt reboot shutdown poweroff runlevel resolv-conf"
> +ALTERNATIVE_${PN} = "halt reboot shutdown poweroff runlevel 
> ${@bb.utils.contains('PACKAGECONFIG', 'resolved', 'resolv-conf', '', d)}"
>  
>  ALTERNATIVE_TARGET[resolv-conf] = "${sysconfdir}/resolv-conf.systemd"
>  ALTERNATIVE_LINK_NAME[resolv-conf] = "${sysconfdir}/resolv.conf"

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH] libxfont2:upgrade 2.0.3 -> 2.0.4

Re: [OE-core] [PATCH v4] rpm: make rpm work in toolchain.

[OE-core] [PATCH] gnu-efi: Do not use gcc-only options when building with clang

Re: [OE-core] [thud][PATCH v5] gcc: Security fix for CVE:

[OE-core] [PATCH] expat:upgrade 2.2.8 -> 2.2.9

[OE-core] [PATCH] librepo:upgrade 1.10.5 -> 1.10.6

[OE-core] [PATCH] msmtp:upgrade 1.8.5 -> 1.8.6

Re: [OE-core] [thud][PATCH] sqlite3: CVE-2019-8457.patch fix Backport from 3.28.0 Sign off: Shubham Agrawal

[OE-core] [PATCH] libpcap:upgrade 1.9.0 -> 1.9.1

[OE-core] [warrior][PATCH] qemu: fix build issue on new hosts with glibc 2.30

[OE-core] [PATCH] perl: Handle PACKAGES_DYNAMIC for perl-native

[OE-core] ✗ patchtest: failure for qemu: fix build issue on new hosts with glibc 2.30

[OE-core] [warrior] 8/8] qemu: fix build issue on new hosts with glibc 2.30

[OE-core] [warrior] 4/8] qemu: Fix CVE-2019-8934

[OE-core] [warrior] 7/8] systemd: update SRCREV for systemd v241-stable

[OE-core] [warrior] 5/8] unzip: Fix CVE-2019-13232

[OE-core] [warrior] 1/8] python: update to 3.7.3

[OE-core] [warrior] 2/8] python3: upgrade 3.7.3 -> 3.7.4

[OE-core] [warrior] 3/8] json-c: Don't --enable-rdrand

[OE-core] [warrior] 0/8] Patch review

[OE-core] [warrior] 6/8] classes/image-live.bbclass: Don't hardcode cpio.gz

Re: [OE-core] [warrior] 0/8] Patch review

Re: [OE-core] [warrior] 0/8] Patch review

Re: [OE-core] [warrior][PATCH] systemd: Expose resolv-conf alternative only when resolved is built

24 matches

Site Navigation

Mail list logo

Footer information