mirror of
https://git.yoctoproject.org/poky
synced 2026-02-21 08:59:41 +01:00
Compare commits
164 Commits
yocto-1.8.
...
yocto-1.8.
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
c9f0a99050 | ||
|
|
e6b06016bc | ||
|
|
740a2d817a | ||
|
|
5aed3ebfc1 | ||
|
|
3cea047b6c | ||
|
|
8463c06290 | ||
|
|
4d03d1880f | ||
|
|
9b9b8285be | ||
|
|
3a4d269d39 | ||
|
|
e09c0fae90 | ||
|
|
3167b4de2a | ||
|
|
dc77e99b27 | ||
|
|
45e2a649ee | ||
|
|
459a661ff5 | ||
|
|
a8ff4c8f42 | ||
|
|
0c49cef4a6 | ||
|
|
f5a7dd40ff | ||
|
|
1992a76b89 | ||
|
|
5d677d7dba | ||
|
|
dd90a73c51 | ||
|
|
4a9e57795e | ||
|
|
ad7ea213b2 | ||
|
|
2851c970ca | ||
|
|
fd394338ed | ||
|
|
dad3b97a9a | ||
|
|
900d7d6b59 | ||
|
|
3d61b942f7 | ||
|
|
a4f91cb18b | ||
|
|
bf9e5d6ef6 | ||
|
|
be0c978fa1 | ||
|
|
dbb46510cc | ||
|
|
7d663e9c47 | ||
|
|
f98b8b767d | ||
|
|
3aa8ba185b | ||
|
|
2250d4025b | ||
|
|
12cdd6d2b3 | ||
|
|
d4b6c1657b | ||
|
|
854c2e724d | ||
|
|
8ca73f8fa4 | ||
|
|
d25973e203 | ||
|
|
e1a2fb6e85 | ||
|
|
fbe015523f | ||
|
|
2f9a715583 | ||
|
|
d192c62891 | ||
|
|
34c865c7ba | ||
|
|
d9a3e4a5cf | ||
|
|
83af960b7d | ||
|
|
9a6a7150d9 | ||
|
|
37905e7663 | ||
|
|
06d9c89463 | ||
|
|
d7be819eed | ||
|
|
e6fca31dc0 | ||
|
|
b213ada9a7 | ||
|
|
2f1fc8c899 | ||
|
|
c94eb07d53 | ||
|
|
528bdf528d | ||
|
|
db99f58eea | ||
|
|
092903a2ef | ||
|
|
c2f4fe8d0c | ||
|
|
ce70f38442 | ||
|
|
f359ebd78d | ||
|
|
5ddc177fdf | ||
|
|
3c686ae014 | ||
|
|
27aeaab726 | ||
|
|
94c26caff1 | ||
|
|
05f4812d15 | ||
|
|
caa104fd2a | ||
|
|
73941fbc6a | ||
|
|
4d3ce52194 | ||
|
|
f0ecaf46bb | ||
|
|
165fa6ce62 | ||
|
|
1098a7bc0c | ||
|
|
e6d734904d | ||
|
|
b03994fe3b | ||
|
|
ec05eebf8d | ||
|
|
7ff74d177c | ||
|
|
9845a542a7 | ||
|
|
368da33ee7 | ||
|
|
48d9e00913 | ||
|
|
436e204445 | ||
|
|
389549c0bb | ||
|
|
88e28c86c5 | ||
|
|
6abe713244 | ||
|
|
66740c3314 | ||
|
|
2390475894 | ||
|
|
663943a802 | ||
|
|
7aaf773d32 | ||
|
|
9d44210c74 | ||
|
|
d3ad918a71 | ||
|
|
f9e5cc9e16 | ||
|
|
0ed23c1a0a | ||
|
|
5c12661f8c | ||
|
|
c7e2c072c2 | ||
|
|
c1162207c9 | ||
|
|
a690c381ab | ||
|
|
58f6a400d1 | ||
|
|
152e4c11e6 | ||
|
|
2924348da7 | ||
|
|
36ea7bd65f | ||
|
|
619b1c6b7d | ||
|
|
61f5562730 | ||
|
|
7cbff59de8 | ||
|
|
cfd74b00e5 | ||
|
|
01b93fb33d | ||
|
|
6e3eefb997 | ||
|
|
aff2257e0b | ||
|
|
118acdcf67 | ||
|
|
72a8138908 | ||
|
|
e3d6475b07 | ||
|
|
dd2b5c9653 | ||
|
|
31aa514524 | ||
|
|
446295e866 | ||
|
|
2761a2bd8b | ||
|
|
ddb058ca08 | ||
|
|
dfe39ea187 | ||
|
|
4525e29979 | ||
|
|
dbf6599fbe | ||
|
|
442518efac | ||
|
|
afff53db2a | ||
|
|
b8eb509ca5 | ||
|
|
7e9516cb0e | ||
|
|
dc6630b44b | ||
|
|
e0b0824470 | ||
|
|
f251052c88 | ||
|
|
7d2e451823 | ||
|
|
05108aa9c2 | ||
|
|
51246bfae3 | ||
|
|
e3425d4b0d | ||
|
|
5752ef3892 | ||
|
|
fa55b8e505 | ||
|
|
6b421cd7fe | ||
|
|
7b586ea6ff | ||
|
|
cbec5e933e | ||
|
|
ecec6c56b5 | ||
|
|
1aec522aad | ||
|
|
8124686aa2 | ||
|
|
8a19731e4d | ||
|
|
6c97739acb | ||
|
|
0120391b04 | ||
|
|
21469e0ef6 | ||
|
|
a142b2265a | ||
|
|
bbd4bfc061 | ||
|
|
7cf64ab594 | ||
|
|
e00d07ce45 | ||
|
|
7388b9c8d8 | ||
|
|
10228eed0f | ||
|
|
56b13544d7 | ||
|
|
ebec9603e7 | ||
|
|
ddefb0a380 | ||
|
|
f23f27d47e | ||
|
|
45c4f14dcb | ||
|
|
329be1e06d | ||
|
|
68460ed58c | ||
|
|
8ab8646e28 | ||
|
|
be0ea1022d | ||
|
|
fa9b57e6f5 | ||
|
|
e91684be80 | ||
|
|
d5236b6535 | ||
|
|
1025e7fa16 | ||
|
|
fdba15a1e7 | ||
|
|
e934ab58f4 | ||
|
|
2220cca84e | ||
|
|
76d164d5ad | ||
|
|
4d9919646a |
@@ -315,6 +315,7 @@ class URITest(unittest.TestCase):
|
||||
class FetcherTest(unittest.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
self.origdir = os.getcwd()
|
||||
self.d = bb.data.init()
|
||||
self.tempdir = tempfile.mkdtemp()
|
||||
self.dldir = os.path.join(self.tempdir, "download")
|
||||
@@ -326,6 +327,7 @@ class FetcherTest(unittest.TestCase):
|
||||
self.d.setVar("PERSISTENT_DIR", persistdir)
|
||||
|
||||
def tearDown(self):
|
||||
os.chdir(self.origdir)
|
||||
bb.utils.prunedir(self.tempdir)
|
||||
|
||||
class MirrorUriTest(FetcherTest):
|
||||
@@ -618,8 +620,8 @@ class FetchMethodTest(FetcherTest):
|
||||
: "5.0",
|
||||
("xserver-xorg", "http://xorg.freedesktop.org/releases/individual/xserver/xorg-server-1.15.1.tar.bz2", "", "")
|
||||
: "1.15.1",
|
||||
# packages with valid REGEX_URI and REGEX
|
||||
("cups", "http://www.cups.org/software/1.7.2/cups-1.7.2-source.tar.bz2", "http://www.cups.org/software.php", "(?P<name>cups\-)(?P<pver>((\d+[\.\-_]*)+))\-source\.tar\.gz")
|
||||
# packages with valid UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
|
||||
("cups", "http://www.cups.org/software/1.7.2/cups-1.7.2-source.tar.bz2", "https://github.com/apple/cups/releases", "(?P<name>cups\-)(?P<pver>((\d+[\.\-_]*)+))\-source\.tar\.gz")
|
||||
: "2.0.0",
|
||||
("db", "http://download.oracle.com/berkeley-db/db-5.3.21.tar.gz", "http://www.oracle.com/technetwork/products/berkeleydb/downloads/index-082944.html", "http://download.oracle.com/otn/berkeley-db/(?P<name>db-)(?P<pver>((\d+[\.\-_]*)+))\.tar\.gz")
|
||||
: "6.1.19",
|
||||
|
||||
@@ -419,6 +419,11 @@ class ORMWrapper(object):
|
||||
errormsg = ""
|
||||
for p in packagedict:
|
||||
searchname = p
|
||||
if p not in pkgpnmap:
|
||||
logger.warning("Image packages list contains %p, but is"
|
||||
" missing from all packages list where the"
|
||||
" metadata comes from. Skipping...", p)
|
||||
continue
|
||||
if 'OPKGN' in pkgpnmap[p].keys():
|
||||
searchname = pkgpnmap[p]['OPKGN']
|
||||
|
||||
@@ -462,13 +467,20 @@ class ORMWrapper(object):
|
||||
elif deptype == 'recommends':
|
||||
tdeptype = Package_Dependency.TYPE_TRECOMMENDS
|
||||
|
||||
packagedeps_objs.append(Package_Dependency( package = packagedict[p]['object'],
|
||||
depends_on = packagedict[px]['object'],
|
||||
dep_type = tdeptype,
|
||||
target = target_obj))
|
||||
try:
|
||||
packagedeps_objs.append(Package_Dependency(
|
||||
package = packagedict[p]['object'],
|
||||
depends_on = packagedict[px]['object'],
|
||||
dep_type = tdeptype,
|
||||
target = target_obj))
|
||||
except KeyError as e:
|
||||
logger.warn("Could not add dependency to the package %s "
|
||||
"because %s is an unknown package", p, px)
|
||||
|
||||
if len(packagedeps_objs) > 0:
|
||||
Package_Dependency.objects.bulk_create(packagedeps_objs)
|
||||
else:
|
||||
logger.info("No package dependencies created")
|
||||
|
||||
if (len(errormsg) > 0):
|
||||
logger.warn("buildinfohelper: target_package_info could not identify recipes: \n%s" % errormsg)
|
||||
@@ -1015,17 +1027,21 @@ class BuildInfoHelper(object):
|
||||
# for all image targets
|
||||
for target in self.internal_state['targets']:
|
||||
if target.is_image:
|
||||
pkgdata = BuildInfoHelper._get_data_from_event(event)['pkgdata']
|
||||
imgdata = BuildInfoHelper._get_data_from_event(event)['imgdata'][target.target]
|
||||
filedata = BuildInfoHelper._get_data_from_event(event)['filedata'][target.target]
|
||||
|
||||
try:
|
||||
pkgdata = BuildInfoHelper._get_data_from_event(event)['pkgdata']
|
||||
imgdata = BuildInfoHelper._get_data_from_event(event)['imgdata'][target.target]
|
||||
self.orm_wrapper.save_target_package_information(self.internal_state['build'], target, imgdata, pkgdata, self.internal_state['recipes'])
|
||||
filedata = BuildInfoHelper._get_data_from_event(event)['filedata'][target.target]
|
||||
except KeyError as e:
|
||||
logger.warn("KeyError in save_target_package_information"
|
||||
"%s ", e)
|
||||
|
||||
try:
|
||||
self.orm_wrapper.save_target_file_information(self.internal_state['build'], target, filedata)
|
||||
except KeyError:
|
||||
# we must have not got the data for this image, nothing to save
|
||||
pass
|
||||
|
||||
|
||||
except KeyError as e:
|
||||
logger.warn("KeyError in save_target_file_information"
|
||||
"%s ", e)
|
||||
|
||||
def store_dependency_information(self, event):
|
||||
assert '_depgraph' in vars(event)
|
||||
|
||||
@@ -39,40 +39,6 @@ class BuildEnvironment(models.Model):
|
||||
created = models.DateTimeField(auto_now_add = True)
|
||||
updated = models.DateTimeField(auto_now = True)
|
||||
|
||||
|
||||
def get_artifact_type(self, path):
|
||||
if self.betype == BuildEnvironment.TYPE_LOCAL:
|
||||
try:
|
||||
import magic
|
||||
|
||||
# fair warning: this is a mess; there are multiple competeing and incompatible
|
||||
# magic modules floating around, so we try some of the most common combinations
|
||||
|
||||
try: # we try ubuntu's python-magic 5.4
|
||||
m = magic.open(magic.MAGIC_MIME_TYPE)
|
||||
m.load()
|
||||
return m.file(path)
|
||||
except AttributeError:
|
||||
pass
|
||||
|
||||
try: # we try python-magic 0.4.6
|
||||
m = magic.Magic(magic.MAGIC_MIME)
|
||||
return m.from_file(path)
|
||||
except AttributeError:
|
||||
pass
|
||||
|
||||
try: # we try pip filemagic 1.6
|
||||
m = magic.Magic(flags=magic.MAGIC_MIME_TYPE)
|
||||
return m.id_filename(path)
|
||||
except AttributeError:
|
||||
pass
|
||||
|
||||
return "binary/octet-stream"
|
||||
except ImportError:
|
||||
return "binary/octet-stream"
|
||||
raise Exception("FIXME: artifact type not implemented for build environment type %s" % be.get_betype_display())
|
||||
|
||||
|
||||
def get_artifact(self, path):
|
||||
if self.betype == BuildEnvironment.TYPE_LOCAL:
|
||||
return open(path, "r")
|
||||
|
||||
@@ -39,6 +39,22 @@ from datetime import timedelta, datetime, date
|
||||
from django.utils import formats
|
||||
from toastergui.templatetags.projecttags import json as jsonfilter
|
||||
import json
|
||||
import mimetypes
|
||||
|
||||
class MimeTypeFinder(object):
|
||||
# setting this to False enables additional non-standard mimetypes
|
||||
# to be included in the guess
|
||||
_strict = False
|
||||
|
||||
# returns the mimetype for a file path as a string,
|
||||
# or 'application/octet-stream' if the type couldn't be guessed
|
||||
@classmethod
|
||||
def get_mimetype(self, path):
|
||||
guess = mimetypes.guess_type(path, self._strict)
|
||||
guessed_type = guess[0]
|
||||
if guessed_type == None:
|
||||
guessed_type = 'application/octet-stream'
|
||||
return guessed_type
|
||||
|
||||
# all new sessions should come through the landing page;
|
||||
# determine in which mode we are running in, and redirect appropriately
|
||||
@@ -3209,7 +3225,7 @@ if toastermain.settings.MANAGED:
|
||||
if file_name is None:
|
||||
raise Exception("Could not handle artifact %s id %s" % (artifact_type, artifact_id))
|
||||
else:
|
||||
content_type = b.buildrequest.environment.get_artifact_type(file_name)
|
||||
content_type = MimeTypeFinder.get_mimetype(file_name)
|
||||
fsock = b.buildrequest.environment.get_artifact(file_name)
|
||||
file_name = os.path.basename(file_name) # we assume that the build environment system has the same path conventions as host
|
||||
|
||||
|
||||
@@ -1,8 +1,16 @@
|
||||
<?xml version='1.0'?>
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
|
||||
|
||||
<xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<!--
|
||||
|
||||
<xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
-->
|
||||
|
||||
<xsl:include href="../template/permalinks.xsl"/>
|
||||
<xsl:include href="../template/section.title.xsl"/>
|
||||
<xsl:include href="../template/component.title.xsl"/>
|
||||
|
||||
@@ -5,9 +5,17 @@
|
||||
xmlns:fo="http://www.w3.org/1999/XSL/Format"
|
||||
version="1.0">
|
||||
|
||||
<xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
<!--
|
||||
|
||||
<xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
<xsl:import
|
||||
href="http://docbook.sourceforge.net/release/xsl/1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
-->
|
||||
|
||||
<xsl:param name="chunker.output.indent" select="'yes'"/>
|
||||
<xsl:param name="chunk.quietly" select="1"/>
|
||||
<xsl:param name="chunk.first.sections" select="1"/>
|
||||
|
||||
@@ -86,6 +86,16 @@
|
||||
<date>April 2015</date>
|
||||
<revremark>Released with the Yocto Project 1.8 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.8.1</revnumber>
|
||||
<date>November 2015</date>
|
||||
<revremark>Released with the Yocto Project 1.8.1 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.8.2</revnumber>
|
||||
<date>March 2016</date>
|
||||
<revremark>Released with the Yocto Project 1.8.2 Release.</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<copyright>
|
||||
|
||||
@@ -480,8 +480,8 @@
|
||||
and are ideal for experimentation using Yocto Project.
|
||||
For information on the image types you can build using the OpenEmbedded build system,
|
||||
see the
|
||||
"<ulink url='&YOCTO_DOCS_REF_URL;#ref-images'>Images</ulink>" chapter in
|
||||
the Yocto Project Reference Manual.
|
||||
"<ulink url='&YOCTO_DOCS_REF_URL;#ref-images'>Images</ulink>"
|
||||
chapter in the Yocto Project Reference Manual.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
@@ -492,62 +492,28 @@
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Furthermore, if you plan on remotely deploying and debugging your
|
||||
application from within the
|
||||
Eclipse IDE, you must have an image that contains the Yocto Target Communication
|
||||
Framework (TCF) agent (<filename>tcf-agent</filename>).
|
||||
By default, the Yocto Project provides only one type of pre-built
|
||||
image that contains the <filename>tcf-agent</filename>.
|
||||
And, those images are SDK (e.g.<filename>core-image-sato-sdk</filename>).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you want to use a different image type that contains the <filename>tcf-agent</filename>,
|
||||
you can do so one of two ways:
|
||||
<itemizedlist>
|
||||
<listitem><para>Modify the <filename>conf/local.conf</filename> configuration in
|
||||
the <ulink url='&YOCTO_DOCS_DEV_URL;#build-directory'>Build Directory</ulink>
|
||||
and then rebuild the image.
|
||||
With this method, you need to modify the
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-EXTRA_IMAGE_FEATURES'><filename>EXTRA_IMAGE_FEATURES</filename></ulink>
|
||||
variable to have the value of "tools-debug" before rebuilding the image.
|
||||
Once the image is rebuilt, the <filename>tcf-agent</filename> will be included
|
||||
in the image and is launched automatically after the boot.</para></listitem>
|
||||
<listitem><para>Manually build the <filename>tcf-agent</filename>.
|
||||
To build the agent, follow these steps:
|
||||
<orderedlist>
|
||||
<listitem><para>Be sure the ADT is installed as described in the
|
||||
"<link linkend='installing-the-adt'>Installing the ADT and Toolchains</link>" section.
|
||||
</para></listitem>
|
||||
<listitem><para>Set up the cross-development environment as described in the
|
||||
"<link linkend='setting-up-the-cross-development-environment'>Setting
|
||||
Up the Cross-Development Environment</link>" section.</para></listitem>
|
||||
<listitem><para>Get the <filename>tcf-agent</filename> source code using
|
||||
the following commands:
|
||||
<literallayout class='monospaced'>
|
||||
$ git clone http://git.eclipse.org/gitroot/tcf/org.eclipse.tcf.agent.git
|
||||
$ cd org.eclipse.tcf.agent/agent
|
||||
</literallayout></para></listitem>
|
||||
<listitem><para>Locate the
|
||||
<filename>Makefile.inc</filename> file inside the
|
||||
<filename>agent</filename> folder and modify it
|
||||
for the cross-compilation environment by setting the
|
||||
<filename>OPSYS</filename> and
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-MACHINE'><filename>MACHINE</filename></ulink>
|
||||
variables according to your target.
|
||||
</para></listitem>
|
||||
<listitem><para>Use the cross-development tools to build the
|
||||
<filename>tcf-agent</filename>.
|
||||
Before you "Make" the file, be sure your cross-tools are set up first.
|
||||
See the "<link linkend='makefile-based-projects'>Makefile-Based Projects</link>"
|
||||
section for information on how to make sure the cross-tools are set up
|
||||
correctly.</para>
|
||||
<para>If the build is successful, the <filename>tcf-agent</filename> output will
|
||||
be <filename>obj/$(OPSYS)/$(MACHINE)/Debug/agent</filename>.</para></listitem>
|
||||
<listitem><para>Deploy the agent into the image's root filesystem.</para></listitem>
|
||||
</orderedlist>
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
If you plan on remotely deploying and debugging your
|
||||
application from within the Eclipse IDE, you must have an image
|
||||
that contains the Yocto Target Communication Framework (TCF) agent
|
||||
(<filename>tcf-agent</filename>).
|
||||
You can do this by including the <filename>eclipse-debug</filename>
|
||||
image feature.
|
||||
<note>
|
||||
See the
|
||||
"<ulink url='&YOCTO_DOCS_REF_URL;#ref-features-image'>Image Features</ulink>"
|
||||
section in the Yocto Project Reference Manual for information on
|
||||
image features.
|
||||
</note>
|
||||
To include the <filename>eclipse-debug</filename> image feature,
|
||||
modify your <filename>local.conf</filename> file in the
|
||||
<ulink url='&YOCTO_DOCS_DEV_URL;#build-directory'>Build Directory</ulink>
|
||||
so that the
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-EXTRA_IMAGE_FEATURES'><filename>EXTRA_IMAGE_FEATURES</filename></ulink>
|
||||
variable includes the "eclipse-debug" feature.
|
||||
After modifying the configuration file, you can rebuild the image.
|
||||
Once the image is rebuilt, the <filename>tcf-agent</filename>
|
||||
will be included in the image and is launched automatically after
|
||||
the boot.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
@@ -622,50 +588,56 @@
|
||||
|
||||
<para>
|
||||
As an alternative to locating and downloading a toolchain installer,
|
||||
you can build the toolchain installer one of two ways if you have a
|
||||
<ulink url='&YOCTO_DOCS_DEV_URL;#build-directory'>Build Directory</ulink>:
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
Use <filename>bitbake meta-toolchain</filename>.
|
||||
This method requires you to still install the target
|
||||
sysroot by installing and extracting it separately.
|
||||
For information on how to install the sysroot, see the
|
||||
"<link linkend='extracting-the-root-filesystem'>Extracting the Root Filesystem</link>"
|
||||
section.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
Use <filename>bitbake</filename> <replaceable>image</replaceable> <filename>-c populate_sdk</filename>.
|
||||
This method has significant advantages over the previous method
|
||||
because it results in a toolchain installer that contains the
|
||||
sysroot that matches your target root filesystem.
|
||||
</para>
|
||||
you can build the toolchain installer if you have a
|
||||
<ulink url='&YOCTO_DOCS_DEV_URL;#build-directory'>Build Directory</ulink>.
|
||||
<note>
|
||||
Although not the preferred method, it is also possible to use
|
||||
<filename>bitbake meta-toolchain</filename> to build the toolchain
|
||||
installer.
|
||||
If you do use this method, you must separately install and extract
|
||||
the target sysroot.
|
||||
For information on how to install the sysroot, see the
|
||||
"<link linkend='extracting-the-root-filesystem'>Extracting the Root Filesystem</link>"
|
||||
section.
|
||||
</note>
|
||||
</para>
|
||||
|
||||
<para>Another powerful feature is that the toolchain is
|
||||
completely self-contained.
|
||||
The binaries are linked against their own copy of
|
||||
<filename>libc</filename>, which results in no dependencies
|
||||
on the target system.
|
||||
To achieve this, the pointer to the dynamic loader is
|
||||
configured at install time since that path cannot be dynamically
|
||||
altered.
|
||||
This is the reason for a wrapper around the
|
||||
<filename>populate_sdk</filename> archive.</para>
|
||||
<para>
|
||||
To build the toolchain installer and populate the SDK image, use the
|
||||
following command:
|
||||
<literallayout class='monospaced'>
|
||||
$ bitbake <replaceable>image</replaceable> -c populate_sdk
|
||||
</literallayout>
|
||||
The command results in a toolchain installer that contains the sysroot
|
||||
that matches your target root filesystem.
|
||||
</para>
|
||||
|
||||
<para>Another feature is that only one set of cross-canadian
|
||||
toolchain binaries are produced per architecture.
|
||||
This feature takes advantage of the fact that the target
|
||||
hardware can be passed to <filename>gcc</filename> as a set of
|
||||
compiler options.
|
||||
Those options are set up by the environment script and
|
||||
contained in variables such as
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-CC'><filename>CC</filename></ulink>
|
||||
and
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-LD'><filename>LD</filename></ulink>.
|
||||
This reduces the space needed for the tools.
|
||||
Understand, however, that a sysroot is still needed for every
|
||||
target since those binaries are target-specific.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
<para>
|
||||
Another powerful feature is that the toolchain is completely
|
||||
self-contained.
|
||||
The binaries are linked against their own copy of
|
||||
<filename>libc</filename>, which results in no dependencies
|
||||
on the target system.
|
||||
To achieve this, the pointer to the dynamic loader is
|
||||
configured at install time since that path cannot be dynamically
|
||||
altered.
|
||||
This is the reason for a wrapper around the
|
||||
<filename>populate_sdk</filename> archive.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Another feature is that only one set of cross-canadian toolchain
|
||||
binaries are produced per architecture.
|
||||
This feature takes advantage of the fact that the target hardware can
|
||||
be passed to <filename>gcc</filename> as a set of compiler options.
|
||||
Those options are set up by the environment script and contained in
|
||||
variables such as
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-CC'><filename>CC</filename></ulink>
|
||||
and
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-LD'><filename>LD</filename></ulink>.
|
||||
This reduces the space needed for the tools.
|
||||
Understand, however, that a sysroot is still needed for every target
|
||||
since those binaries are target-specific.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
|
||||
@@ -1,8 +1,16 @@
|
||||
<?xml version='1.0'?>
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
|
||||
|
||||
<xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<!--
|
||||
|
||||
<xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
-->
|
||||
|
||||
<xsl:include href="../template/permalinks.xsl"/>
|
||||
<xsl:include href="../template/section.title.xsl"/>
|
||||
<xsl:include href="../template/component.title.xsl"/>
|
||||
|
||||
@@ -5,9 +5,17 @@
|
||||
xmlns:fo="http://www.w3.org/1999/XSL/Format"
|
||||
version="1.0">
|
||||
|
||||
<xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
<!--
|
||||
|
||||
<xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
<xsl:import
|
||||
href="http://docbook.sourceforge.net/release/xsl/1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
-->
|
||||
|
||||
<xsl:param name="chunker.output.indent" select="'yes'"/>
|
||||
<xsl:param name="chunk.quietly" select="1"/>
|
||||
<xsl:param name="chunk.first.sections" select="1"/>
|
||||
|
||||
@@ -98,6 +98,16 @@
|
||||
<date>April 2015</date>
|
||||
<revremark>Released with the Yocto Project 1.8 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.8.1</revnumber>
|
||||
<date>November 2015</date>
|
||||
<revremark>Released with the Yocto Project 1.8.1 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.8.2</revnumber>
|
||||
<date>March 2016</date>
|
||||
<revremark>Released with the Yocto Project 1.8.2 Release.</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<copyright>
|
||||
|
||||
@@ -3317,6 +3317,10 @@
|
||||
<literallayout class='monospaced'>
|
||||
COMPATIBLE_MACHINE = '(qemux86|qemumips)'
|
||||
</literallayout>
|
||||
For more information on <filename>defconfig</filename> files,
|
||||
see the
|
||||
"<ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;#changing-the-configuration'>Changing the Configuration</ulink>"
|
||||
section in the Yocto Project Linux Kernel Development Manual.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
@@ -4620,13 +4624,22 @@
|
||||
<title>Configuring the Kernel</title>
|
||||
|
||||
<para>
|
||||
Configuring the Yocto Project kernel consists of making sure the <filename>.config</filename>
|
||||
file has all the right information in it for the image you are building.
|
||||
You can use the <filename>menuconfig</filename> tool and configuration fragments to
|
||||
make sure your <filename>.config</filename> file is just how you need it.
|
||||
This section describes how to use <filename>menuconfig</filename>, create and use
|
||||
configuration fragments, and how to interactively modify your <filename>.config</filename>
|
||||
file to create the leanest kernel configuration file possible.
|
||||
Configuring the Yocto Project kernel consists of making sure the
|
||||
<filename>.config</filename> file has all the right information
|
||||
in it for the image you are building.
|
||||
You can use the <filename>menuconfig</filename> tool and
|
||||
configuration fragments to make sure your
|
||||
<filename>.config</filename> file is just how you need it.
|
||||
You can also save known configurations in a
|
||||
<filename>defconfig</filename> file that the build system can use
|
||||
for kernel configuration.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This section describes how to use <filename>menuconfig</filename>,
|
||||
create and use configuration fragments, and how to interactively
|
||||
modify your <filename>.config</filename> file to create the
|
||||
leanest kernel configuration file possible.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
@@ -4656,18 +4669,23 @@
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#structure-memres-core-script'><filename>oe-init-build-env-memres</filename></ulink>
|
||||
script found in the
|
||||
<link linkend='build-directory'>Build Directory</link>.
|
||||
The following commands run <filename>menuconfig</filename> assuming the
|
||||
<link linkend='source-directory'>Source Directory</link>
|
||||
top-level folder is <filename>~/poky</filename>:
|
||||
You must also be sure of the state of your build in the
|
||||
<link linkend='source-directory'>Source Directory</link>.
|
||||
The following commands run <filename>menuconfig</filename>
|
||||
assuming the Source Directory's top-level folder is
|
||||
<filename>~/poky</filename>:
|
||||
<literallayout class='monospaced'>
|
||||
$ cd poky
|
||||
$ source oe-init-build-env
|
||||
$ bitbake linux-yocto -c kernel_configme -f
|
||||
$ bitbake linux-yocto -c menuconfig
|
||||
</literallayout>
|
||||
Once <filename>menuconfig</filename> comes up, its standard interface allows you to
|
||||
interactively examine and configure all the kernel configuration parameters.
|
||||
After making your changes, simply exit the tool and save your changes to
|
||||
create an updated version of the <filename>.config</filename> configuration file.
|
||||
Once <filename>menuconfig</filename> comes up, its standard
|
||||
interface allows you to interactively examine and configure
|
||||
all the kernel configuration parameters.
|
||||
After making your changes, simply exit the tool and save your
|
||||
changes to create an updated version of the
|
||||
<filename>.config</filename> configuration file.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
@@ -4748,6 +4766,70 @@
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section id='creating-a-defconfig-file'>
|
||||
<title>Creating a <filename>defconfig</filename> File</title>
|
||||
|
||||
<para>
|
||||
A <filename>defconfig</filename> file is simply a
|
||||
<filename>.config</filename> renamed to "defconfig".
|
||||
You can use a <filename>defconfig</filename> file
|
||||
to retain a known set of kernel configurations from which the
|
||||
OpenEmbedded build system can draw to create the final
|
||||
<filename>.config</filename> file.
|
||||
<note>
|
||||
Out-of-the-box, the Yocto Project never ships a
|
||||
<filename>defconfig</filename> or
|
||||
<filename>.config</filename> file.
|
||||
The OpenEmbedded build system creates the final
|
||||
<filename>.config</filename> file used to configure the
|
||||
kernel.
|
||||
</note>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
To create a <filename>defconfig</filename>, start with a
|
||||
complete, working Linux kernel <filename>.config</filename>
|
||||
file.
|
||||
Copy that file to the appropriate
|
||||
<filename>${</filename><ulink url='&YOCTO_DOCS_REF_URL;#var-PN'><filename>PN</filename></ulink><filename>}</filename>
|
||||
directory in your layer's
|
||||
<filename>recipes-kernel/linux</filename> directory, and rename
|
||||
the copied file to "defconfig".
|
||||
Then, add the following lines to the linux-yocto
|
||||
<filename>.bbappend</filename> file in your layer:
|
||||
<literallayout class='monospaced'>
|
||||
FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
|
||||
SRC_URI += "file://defconfig"
|
||||
</literallayout>
|
||||
The
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-SRC_URI'><filename>SRC_URI</filename></ulink>
|
||||
tells the build system how to search for the file, while the
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-FILESEXTRAPATHS'><filename>FILESEXTRAPATHS</filename></ulink>
|
||||
extends the
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-FILESPATH'><filename>FILESPATH</filename></ulink>
|
||||
variable (search directories) to include the
|
||||
<filename>${PN}</filename> directory you created to hold the
|
||||
configuration changes.
|
||||
<note>
|
||||
The build system applies the configurations from the
|
||||
<filename>defconfig</filename> file before applying any
|
||||
subsequent configuration fragments.
|
||||
The final kernel configuration is a combination of the
|
||||
configurations in the <filename>defconfig</filename>
|
||||
file and any configuration fragments you provide.
|
||||
You need to realize that if you have any configuration
|
||||
fragments, the build system applies these on top of and
|
||||
after applying the existing defconfig file configurations.
|
||||
</note>
|
||||
For more information on configuring the kernel, see the
|
||||
"<ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;#changing-the-configuration'>Changing the Configuration</ulink>"
|
||||
and
|
||||
"<ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;#generating-configuration-files'>Generating Configuration Files</ulink>"
|
||||
sections, both in the Yocto Project Linux Kernel Development
|
||||
Manual.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section id='creating-config-fragments'>
|
||||
<title>Creating Configuration Fragments</title>
|
||||
|
||||
@@ -4771,23 +4853,27 @@
|
||||
$ echo "CONFIG_SMP=y" >> my_smp.cfg
|
||||
</literallayout>
|
||||
<note>
|
||||
All configuration files must use the <filename>.cfg</filename> extension in order
|
||||
for the OpenEmbedded build system to recognize them as a configuration fragment.
|
||||
All configuration fragment files must use the
|
||||
<filename>.cfg</filename> extension in order for the
|
||||
OpenEmbedded build system to recognize them as a
|
||||
configuration fragment.
|
||||
</note>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Where do you put your configuration files?
|
||||
You can place these configuration files in the same area pointed to by
|
||||
Where do you put your configuration fragment files?
|
||||
You can place these files in the same area pointed to by
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-SRC_URI'><filename>SRC_URI</filename></ulink>.
|
||||
The OpenEmbedded build system will pick up the configuration and add it to the
|
||||
kernel's configuration.
|
||||
For example, suppose you had a set of configuration options in a file called
|
||||
<filename>myconfig.cfg</filename>.
|
||||
If you put that file inside a directory named <filename>linux-yocto</filename>
|
||||
that resides in the same directory as the kernel's append file and then add
|
||||
a <filename>SRC_URI</filename> statement such as the following to the kernel's append file,
|
||||
those configuration options will be picked up and applied when the kernel is built.
|
||||
The OpenEmbedded build system picks up the configuration and
|
||||
adds it to the kernel's configuration.
|
||||
For example, suppose you had a set of configuration options
|
||||
in a file called <filename>myconfig.cfg</filename>.
|
||||
If you put that file inside a directory named
|
||||
<filename>linux-yocto</filename> that resides in the same
|
||||
directory as the kernel's append file and then add a
|
||||
<filename>SRC_URI</filename> statement such as the following
|
||||
to the kernel's append file, those configuration options
|
||||
will be picked up and applied when the kernel is built.
|
||||
<literallayout class='monospaced'>
|
||||
SRC_URI += "file://myconfig.cfg"
|
||||
</literallayout>
|
||||
@@ -4843,9 +4929,10 @@
|
||||
|
||||
<para>
|
||||
For each output warning, a message points to the file
|
||||
that contains a list of the options and a pointer to the config
|
||||
fragment that defines them.
|
||||
Collectively, the files are the key to streamlining the configuration.
|
||||
that contains a list of the options and a pointer to the
|
||||
configuration fragment that defines them.
|
||||
Collectively, the files are the key to streamlining the
|
||||
configuration.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
@@ -8656,9 +8743,19 @@
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-BBPATH'><filename>BBPATH</filename></ulink>
|
||||
is extended in the layer's
|
||||
<filename>layer.conf</filename> file as normal).
|
||||
Just remember that filenames need to map directly to test
|
||||
(module) names and that you do not use module names that
|
||||
collide with existing core tests.
|
||||
Just remember the following:
|
||||
<itemizedlist>
|
||||
<listitem><para>Filenames need to map directly to test
|
||||
(module) names.
|
||||
</para></listitem>
|
||||
<listitem><para>Do not use module names that
|
||||
collide with existing core tests.
|
||||
</para></listitem>
|
||||
<listitem><para>Minimally, an empty
|
||||
<filename>__init__.py</filename> file must exist
|
||||
in the runtime directory.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
@@ -9079,6 +9176,14 @@
|
||||
you debug and fix them.
|
||||
This section presents a real-world example of an error encountered
|
||||
on the Yocto Project autobuilder and the process used to fix it.
|
||||
<note>
|
||||
If you cannot properly fix a <filename>make</filename> race
|
||||
condition, you can work around it by clearing either the
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-PARALLEL_MAKE'><filename>PARALLEL_MAKE</filename></ulink>
|
||||
or
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-PARALLEL_MAKEINST'><filename>PARALLEL_MAKEINST</filename></ulink>
|
||||
variables.
|
||||
</note>
|
||||
</para>
|
||||
|
||||
<section id='the-failure'>
|
||||
|
||||
@@ -1,8 +1,16 @@
|
||||
<?xml version='1.0'?>
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
|
||||
|
||||
<xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<!--
|
||||
|
||||
<xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
-->
|
||||
|
||||
<xsl:include href="../template/permalinks.xsl"/>
|
||||
<xsl:include href="../template/section.title.xsl"/>
|
||||
<xsl:include href="../template/component.title.xsl"/>
|
||||
|
||||
@@ -5,9 +5,17 @@
|
||||
xmlns:fo="http://www.w3.org/1999/XSL/Format"
|
||||
version="1.0">
|
||||
|
||||
<xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
<!--
|
||||
|
||||
<xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
<xsl:import
|
||||
href="http://docbook.sourceforge.net/release/xsl/1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
-->
|
||||
|
||||
<xsl:param name="chunker.output.indent" select="'yes'"/>
|
||||
<xsl:param name="chunk.quietly" select="1"/>
|
||||
<xsl:param name="chunk.first.sections" select="1"/>
|
||||
|
||||
@@ -491,28 +491,44 @@
|
||||
changing source files.
|
||||
However, if you have to do this, you make the changes to the files in the
|
||||
Build Directory.</para></listitem>
|
||||
<listitem><para><emphasis>Make kernel configuration changes
|
||||
if applicable</emphasis>:
|
||||
If your situation calls for changing the kernel's configuration, you can
|
||||
use the <filename>yocto-kernel</filename> script or <filename>menuconfig</filename>
|
||||
to enable and disable kernel configurations.
|
||||
Using the script lets you interactively set up kernel configurations.
|
||||
Using <filename>menuconfig</filename> allows you to interactively develop and test the
|
||||
<listitem><para><emphasis>Make kernel configuration changes if applicable</emphasis>:
|
||||
If your situation calls for changing the kernel's
|
||||
configuration, you can use
|
||||
<ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;#generating-configuration-files'><filename>menuconfig</filename></ulink>,
|
||||
which allows you to interactively develop and test the
|
||||
configuration changes you are making to the kernel.
|
||||
When saved, changes using <filename>menuconfig</filename> update the kernel's
|
||||
<filename>.config</filename> file.
|
||||
Try to resist the temptation of directly editing the <filename>.config</filename>
|
||||
file found in the Build Directory at
|
||||
<filename>tmp/sysroots/<machine-name>/kernel</filename>.
|
||||
Doing so, can produce unexpected results when the OpenEmbedded build system
|
||||
regenerates the configuration file.</para>
|
||||
<para>Once you are satisfied with the configuration changes made using
|
||||
<filename>menuconfig</filename>, you can directly compare the
|
||||
<filename>.config</filename> file against a saved original and gather those
|
||||
changes into a config fragment to be referenced from within the kernel's
|
||||
<filename>.bbappend</filename> file.</para></listitem>
|
||||
Saving changes you make with
|
||||
<filename>menuconfig</filename> updates
|
||||
the kernel's <filename>.config</filename> file.
|
||||
<note><title>Warning</title>
|
||||
Try to resist the temptation to directly edit an
|
||||
existing <filename>.config</filename> file, which is
|
||||
found in the Build Directory at
|
||||
<filename>tmp/sysroots/<replaceable>machine-name</replaceable>/kernel</filename>.
|
||||
Doing so, can produce unexpected results when the
|
||||
OpenEmbedded build system regenerates the configuration
|
||||
file.
|
||||
</note>
|
||||
Once you are satisfied with the configuration
|
||||
changes made using <filename>menuconfig</filename>
|
||||
and you have saved them, you can directly compare the
|
||||
resulting <filename>.config</filename> file against an
|
||||
existing original and gather those changes into a
|
||||
<link linkend='creating-config-fragments'>configuration fragment file</link>
|
||||
to be referenced from within the kernel's
|
||||
<filename>.bbappend</filename> file.</para>
|
||||
|
||||
<para>Additionally, if you are working in a BSP layer
|
||||
and need to modify the BSP's kernel's configuration,
|
||||
you can use the
|
||||
<ulink url='&YOCTO_DOCS_BSP_URL;#managing-kernel-patches-and-config-items-with-yocto-kernel'><filename>yocto-kernel</filename></ulink>
|
||||
script as well as <filename>menuconfig</filename>.
|
||||
The <filename>yocto-kernel</filename> script lets
|
||||
you interactively set up kernel configurations.
|
||||
</para></listitem>
|
||||
<listitem><para><emphasis>Rebuild the kernel image with your changes</emphasis>:
|
||||
Rebuilding the kernel image applies your changes.</para></listitem>
|
||||
Rebuilding the kernel image applies your changes.
|
||||
</para></listitem>
|
||||
</orderedlist>
|
||||
</para>
|
||||
</section>
|
||||
|
||||
@@ -76,6 +76,16 @@
|
||||
<date>April 2015</date>
|
||||
<revremark>Released with the Yocto Project 1.8 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.8.1</revnumber>
|
||||
<date>November 2015</date>
|
||||
<revremark>Released with the Yocto Project 1.8.1 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.8.2</revnumber>
|
||||
<date>March 2016</date>
|
||||
<revremark>Released with the Yocto Project 1.8.2 Release.</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<copyright>
|
||||
|
||||
@@ -238,6 +238,65 @@
|
||||
section in the Yocto Project Development Manual.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section id='using-an-in-tree-defconfig-file'>
|
||||
<title>Using an "In-Tree" <filename>defconfig</filename> File</title>
|
||||
|
||||
<para>
|
||||
It might be desirable to have kernel configuration fragment
|
||||
support through a <filename>defconfig</filename> file that
|
||||
is pulled from the kernel source tree for the configured
|
||||
machine.
|
||||
By default, the OpenEmbedded build system looks for
|
||||
<filename>defconfig</filename> files in the layer used for
|
||||
Metadata, which is "out-of-tree", and then configures them
|
||||
using the following:
|
||||
<literallayout class='monospaced'>
|
||||
SRC_URI += "file://defconfig"
|
||||
</literallayout>
|
||||
If you do not want to maintain copies of
|
||||
<filename>defconfig</filename> files in your layer but would
|
||||
rather allow users to use the default configuration from the
|
||||
kernel tree and still be able to add configuration fragments
|
||||
to the
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-SRC_URI'><filename>SRC_URI</filename></ulink>
|
||||
through, for example, append files, you can direct the
|
||||
OpenEmbedded build system to use a
|
||||
<filename>defconfig</filename> file that is "in-tree".
|
||||
</para>
|
||||
|
||||
<para>
|
||||
To specify an "in-tree" <filename>defconfig</filename> file,
|
||||
edit the recipe that builds your kernel so that it has the
|
||||
following command form:
|
||||
<literallayout class='monospaced'>
|
||||
KBUILD_DEFCONFIG_<ulink url='&YOCTO_DOCS_REF_URL;#var-KMACHINE'>KMACHINE</ulink> ?= <replaceable>defconfig_file</replaceable>
|
||||
</literallayout>
|
||||
You need to append the variable with
|
||||
<filename>KMACHINE</filename> and then supply the path to
|
||||
your "in-tree" <filename>defconfig</filename> file.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Aside from modifying your kernel recipe and providing your own
|
||||
<filename>defconfig</filename> file, you need to be sure no
|
||||
files or statements set <filename>SRC_URI</filename> to use a
|
||||
<filename>defconfig</filename> other than your "in-tree"
|
||||
file (e.g. a kernel's <filename>linux-</filename><replaceable>machine</replaceable><filename>.inc</filename>
|
||||
file).
|
||||
In other words, if the build system detects a statement
|
||||
that identifies an "out-of-tree"
|
||||
<filename>defconfig</filename> file, that statement
|
||||
will override your
|
||||
<filename>KBUILD_DEFCONFIG</filename> variable.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
See the
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-KBUILD_DEFCONFIG'><filename>KBUILD_DEFCONFIG</filename></ulink>
|
||||
variable description for more information.
|
||||
</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section id='using-an-iterative-development-process'>
|
||||
@@ -347,7 +406,14 @@
|
||||
configuration task as follows:
|
||||
<literallayout class='monospaced'>
|
||||
$ bitbake linux-yocto -c kernel_configme -f
|
||||
</literallayout></para></listitem>
|
||||
</literallayout>
|
||||
This step ensures that you will be creating a
|
||||
<filename>.config</filename> file from a known state.
|
||||
Because situations exist where your build state might
|
||||
become unknown, it is best to run the previous
|
||||
command prior to starting up
|
||||
<filename>menuconfig</filename>.
|
||||
</para></listitem>
|
||||
<listitem><para>Run the <filename>menuconfig</filename>
|
||||
command:
|
||||
<literallayout class='monospaced'>
|
||||
@@ -565,15 +631,35 @@
|
||||
to store your patches and configuration files (e.g.
|
||||
<filename>linux-yocto-myproject</filename>).
|
||||
</para></listitem>
|
||||
<listitem><para>Make sure you have either a
|
||||
<filename>defconfig</filename> file or configuration
|
||||
fragment files.
|
||||
When you use the <filename>linux-yocto-custom.bb</filename>
|
||||
recipe, you must specify a configuration.
|
||||
If you do not have a <filename>defconfig</filename> file,
|
||||
you can run the following:
|
||||
<literallayout class='monospaced'>
|
||||
$ make defconfig
|
||||
</literallayout>
|
||||
After running the command, copy the resulting
|
||||
<filename>.config</filename> to the
|
||||
<filename>files</filename> directory as "defconfig" and
|
||||
then add it to the
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;#var-SRC_URI'><filename>SRC_URI</filename></ulink>
|
||||
variable in the recipe.
|
||||
</para></listitem>
|
||||
<listitem><para>Edit the following variables in your recipe
|
||||
as appropriate for your project:
|
||||
<itemizedlist>
|
||||
<listitem><para><ulink url='&YOCTO_DOCS_REF_URL;#var-SRC_URI'><filename>SRC_URI</filename></ulink>:
|
||||
The <filename>SRC_URI</filename> should be a Git
|
||||
repository that uses one of the supported Git fetcher
|
||||
protocols (i.e. <filename>file</filename>,
|
||||
The <filename>SRC_URI</filename> should specify
|
||||
a Git repository that uses one of the supported Git
|
||||
fetcher protocols (i.e. <filename>file</filename>,
|
||||
<filename>git</filename>, <filename>http</filename>,
|
||||
and so forth).
|
||||
The <filename>SRC_URI</filename> variable should
|
||||
also specify either a <filename>defconfig</filename>
|
||||
file or some configuration fragment files.
|
||||
The skeleton recipe provides an example
|
||||
<filename>SRC_URI</filename> as a syntax reference.
|
||||
</para></listitem>
|
||||
@@ -649,13 +735,27 @@
|
||||
<section id='building-out-of-tree-modules-on-the-target'>
|
||||
<title>Building Out-of-Tree Modules on the Target</title>
|
||||
|
||||
<para>
|
||||
While the traditional Yocto Project development model would be
|
||||
to include kernel modules as part of the normal build
|
||||
process, you might find it useful to build modules on the
|
||||
target.
|
||||
This could be the case if your target system is capable
|
||||
and powerful enough to handle the necessary compilation.
|
||||
Before deciding to build on your target, however, you should
|
||||
consider the benefits of using a proper cross-development
|
||||
environment from your build host.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you want to be able to build out-of-tree modules on
|
||||
the target, there are some steps you need to take
|
||||
on the target that is running your SDK image.
|
||||
Briefly, the <filename>kernel-dev</filename> package
|
||||
is installed by default on all
|
||||
<filename>*.sdk</filename> images.
|
||||
<filename>*.sdk</filename> images and the
|
||||
<filename>kernel-devsrc</filename> package is installed
|
||||
on many of the <filename>*.sdk</filename> images.
|
||||
However, you need to create some scripts prior to
|
||||
attempting to build the out-of-tree modules on the target
|
||||
that is running that image.
|
||||
@@ -673,7 +773,9 @@
|
||||
Because all SDK image recipes include
|
||||
<filename>dev-pkgs</filename>, the
|
||||
<filename>kernel-dev</filename> packages will be installed
|
||||
as part of the SDK image.
|
||||
as part of the SDK image and the
|
||||
<filename>kernel-devsrc</filename> packages will be installed
|
||||
as part of applicable SDK images.
|
||||
The SDK uses the scripts when building out-of-tree
|
||||
modules.
|
||||
Once you have switched to that directory and created the
|
||||
|
||||
@@ -1,8 +1,16 @@
|
||||
<?xml version='1.0'?>
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
|
||||
|
||||
<xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<!--
|
||||
|
||||
<xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
-->
|
||||
|
||||
<xsl:include href="../template/permalinks.xsl"/>
|
||||
<xsl:include href="../template/section.title.xsl"/>
|
||||
<xsl:include href="../template/component.title.xsl"/>
|
||||
|
||||
@@ -5,9 +5,17 @@
|
||||
xmlns:fo="http://www.w3.org/1999/XSL/Format"
|
||||
version="1.0">
|
||||
|
||||
<xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
<!--
|
||||
|
||||
<xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
<xsl:import
|
||||
href="http://docbook.sourceforge.net/release/xsl/1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
-->
|
||||
|
||||
<xsl:param name="chunker.output.indent" select="'yes'"/>
|
||||
<xsl:param name="chunk.quietly" select="1"/>
|
||||
<xsl:param name="chunk.first.sections" select="1"/>
|
||||
|
||||
@@ -61,6 +61,16 @@
|
||||
<date>April 2015</date>
|
||||
<revremark>Released with the Yocto Project 1.8 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.8.1</revnumber>
|
||||
<date>November 2015</date>
|
||||
<revremark>Released with the Yocto Project 1.8.1 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.8.2</revnumber>
|
||||
<date>March 2016</date>
|
||||
<revremark>Released with the Yocto Project 1.8.2 Release.</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<copyright>
|
||||
|
||||
@@ -1,8 +1,16 @@
|
||||
<?xml version='1.0'?>
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
|
||||
|
||||
<xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<!--
|
||||
|
||||
<xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
-->
|
||||
|
||||
<xsl:param name="generate.toc">
|
||||
appendix toc
|
||||
chapter toc
|
||||
|
||||
@@ -45,6 +45,16 @@
|
||||
<date>April 2015</date>
|
||||
<revremark>Released with the Yocto Project 1.8 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.8.1</revnumber>
|
||||
<date>November 2015</date>
|
||||
<revremark>Released with the Yocto Project 1.8.1 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.8.2</revnumber>
|
||||
<date>March 2016</date>
|
||||
<revremark>Released with the Yocto Project 1.8.2 Release.</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<copyright>
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
<!ENTITY DISTRO "1.8">
|
||||
<!ENTITY DISTRO_COMPRESSED "18">
|
||||
<!ENTITY DISTRO "1.8.2">
|
||||
<!ENTITY DISTRO_COMPRESSED "182">
|
||||
<!ENTITY DISTRO_NAME "fido">
|
||||
<!ENTITY YOCTO_DOC_VERSION "1.8">
|
||||
<!ENTITY POKYVERSION "13.0.0">
|
||||
<!ENTITY POKYVERSION_COMPRESSED "1300">
|
||||
<!ENTITY YOCTO_DOC_VERSION "1.8.2">
|
||||
<!ENTITY POKYVERSION "13.0.2">
|
||||
<!ENTITY POKYVERSION_COMPRESSED "1302">
|
||||
<!ENTITY YOCTO_POKY "poky-&DISTRO_NAME;-&POKYVERSION;">
|
||||
<!ENTITY COPYRIGHT_YEAR "2010-2015">
|
||||
<!ENTITY COPYRIGHT_YEAR "2010-2016">
|
||||
<!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org">
|
||||
<!ENTITY YOCTO_HOME_URL "http://www.yoctoproject.org">
|
||||
<!ENTITY YOCTO_LISTS_URL "http://lists.yoctoproject.org">
|
||||
@@ -14,7 +14,7 @@
|
||||
<!ENTITY YOCTO_AB_URL "http://autobuilder.yoctoproject.org">
|
||||
<!ENTITY YOCTO_GIT_URL "http://git.yoctoproject.org">
|
||||
<!ENTITY YOCTO_ADTREPO_URL "http://adtrepo.yoctoproject.org">
|
||||
<!ENTITY YOCTO_RELEASE_NOTES "&YOCTO_HOME_URL;/download/yocto-project-&DISTRO_COMPRESSED;-poky-&POKYVERSION_COMPRESSED;">
|
||||
<!ENTITY YOCTO_RELEASE_NOTES "&YOCTO_HOME_URL;/downloads/core/&DISTRO_NAME;&DISTRO_COMPRESSED;">
|
||||
<!ENTITY OE_HOME_URL "http://www.openembedded.org">
|
||||
<!ENTITY OE_LISTS_URL "http://lists.openembedded.org/mailman">
|
||||
<!ENTITY OE_DOCS_URL "http://docs.openembedded.org">
|
||||
@@ -62,7 +62,8 @@
|
||||
build-essential chrpath socat">
|
||||
<!ENTITY FEDORA_HOST_PACKAGES_ESSENTIAL "gawk make wget tar bzip2 gzip python unzip perl patch \
|
||||
diffutils diffstat git cpp gcc gcc-c++ glibc-devel texinfo chrpath \
|
||||
ccache perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue socat">
|
||||
ccache perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue socat \
|
||||
findutils which">
|
||||
<!ENTITY OPENSUSE_HOST_PACKAGES_ESSENTIAL "python gcc gcc-c++ git chrpath make wget python-xml \
|
||||
diffstat makeinfo python-curses patch socat">
|
||||
<!ENTITY CENTOS_HOST_PACKAGES_ESSENTIAL "gawk make wget tar bzip2 gzip python unzip perl patch \
|
||||
|
||||
@@ -1,8 +1,16 @@
|
||||
<?xml version='1.0'?>
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
|
||||
|
||||
<xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<!--
|
||||
|
||||
<xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
-->
|
||||
|
||||
<xsl:include href="../template/permalinks.xsl"/>
|
||||
<xsl:include href="../template/section.title.xsl"/>
|
||||
<xsl:include href="../template/component.title.xsl"/>
|
||||
|
||||
@@ -5,9 +5,17 @@
|
||||
xmlns:fo="http://www.w3.org/1999/XSL/Format"
|
||||
version="1.0">
|
||||
|
||||
<xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
<!--
|
||||
|
||||
<xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
<xsl:import
|
||||
href="http://docbook.sourceforge.net/release/xsl/1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
-->
|
||||
|
||||
<xsl:param name="chunker.output.indent" select="'yes'"/>
|
||||
<xsl:param name="chunk.quietly" select="1"/>
|
||||
<xsl:param name="chunk.first.sections" select="1"/>
|
||||
|
||||
@@ -61,6 +61,16 @@
|
||||
<date>April 2015</date>
|
||||
<revremark>Released with the Yocto Project 1.8 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.8.1</revnumber>
|
||||
<date>November 2015</date>
|
||||
<revremark>Released with the Yocto Project 1.8.1 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.8.2</revnumber>
|
||||
<date>March 2016</date>
|
||||
<revremark>Released with the Yocto Project 1.8.2 Release.</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<copyright>
|
||||
|
||||
@@ -1254,7 +1254,7 @@
|
||||
<listitem><para><filename>bb.MalformedUrl</filename>:
|
||||
Use <filename>bb.fetch.MalformedUrl</filename>.
|
||||
</para></listitem>
|
||||
<listitem><para><filename>bb.fetch.encodeurl</filename>:
|
||||
<listitem><para><filename>bb.encodeurl</filename>:
|
||||
Use <filename>bb.fetch.encodeurl</filename>.
|
||||
</para></listitem>
|
||||
<listitem><para><filename>bb.decodeurl</filename>:
|
||||
@@ -1351,8 +1351,7 @@
|
||||
<title><filename>PRINC</filename></title>
|
||||
|
||||
<para>
|
||||
The
|
||||
<link linkend='var-PRINC'><filename>PRINC</filename></link>
|
||||
The <filename>PRINC</filename>
|
||||
variable has been deprecated and triggers a warning if
|
||||
detected during a build.
|
||||
For
|
||||
@@ -1413,6 +1412,35 @@
|
||||
it encounters the variable.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section id='migration-1.6-variable-changes-variable-entry-behavior'>
|
||||
<title>Preprocess and Post Process Command Variable Behavior</title>
|
||||
|
||||
<para>
|
||||
The following variables now expect a semicolon separated
|
||||
list of functions to call and not arbitrary shell commands:
|
||||
<literallayout class='monospaced'>
|
||||
<link linkend='var-ROOTFS_PREPROCESS_COMMAND'>ROOTFS_PREPROCESS_COMMAND</link>
|
||||
<link linkend='var-ROOTFS_POSTPROCESS_COMMAND'>ROOTFS_POSTPROCESS_COMMAND</link>
|
||||
<link linkend='var-SDK_POSTPROCESS_COMMAND'>SDK_POSTPROCESS_COMMAND</link>
|
||||
<link linkend='var-POPULATE_SDK_POST_TARGET_COMMAND'>POPULATE_SDK_POST_TARGET_COMMAND</link>
|
||||
<link linkend='var-POPULATE_SDK_POST_HOST_COMMAND'>POPULATE_SDK_POST_HOST_COMMAND</link>
|
||||
<link linkend='var-IMAGE_POSTPROCESS_COMMAND'>IMAGE_POSTPROCESS_COMMAND</link>
|
||||
<link linkend='var-IMAGE_PREPROCESS_COMMAND'>IMAGE_PREPROCESS_COMMAND</link>
|
||||
<link linkend='var-ROOTFS_POSTUNINSTALL_COMMAND'>ROOTFS_POSTUNINSTALL_COMMAND</link>
|
||||
<link linkend='var-ROOTFS_POSTINSTALL_COMMAND'>ROOTFS_POSTINSTALL_COMMAND</link>
|
||||
</literallayout>
|
||||
For migration purposes, you can simply wrap shell commands in
|
||||
a shell function and then call the function.
|
||||
Here is an example:
|
||||
<literallayout class='monospaced'>
|
||||
my_postprocess_function() {
|
||||
echo "hello" > ${IMAGE_ROOTFS}/hello.txt
|
||||
}
|
||||
ROOTFS_POSTPROCESS_COMMAND += "my_postprocess_function; "
|
||||
</literallayout>
|
||||
</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section id='migration-1.6-directory-layout-changes'>
|
||||
@@ -2218,8 +2246,7 @@
|
||||
The following QA Check and Validation Changes have occurred:
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
Usage of
|
||||
<link linkend='var-PRINC'><filename>PRINC</filename></link>
|
||||
Usage of <filename>PRINC</filename>
|
||||
previously triggered a warning.
|
||||
It now triggers an error.
|
||||
You should remove any remaining usage of
|
||||
|
||||
@@ -77,6 +77,10 @@
|
||||
For more details on the source archiver, see the
|
||||
"<ulink url='&YOCTO_DOCS_DEV_URL;#maintaining-open-source-license-compliance-during-your-products-lifecycle'>Maintaining Open Source License Compliance During Your Product's Lifecycle</ulink>"
|
||||
section in the Yocto Project Development Manual.
|
||||
You can also see the
|
||||
<link linkend='var-ARCHIVER_MODE'><filename>ARCHIVER_MODE</filename></link>
|
||||
variable for information about the variable flags (varflags)
|
||||
that help control archive creation.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
@@ -856,7 +860,7 @@
|
||||
<literallayout class='monospaced'>
|
||||
inherit extrausers
|
||||
EXTRA_USERS_PARAMS = "\
|
||||
useradd -P 1876*18 root; \
|
||||
usermod -P 1876*18 root; \
|
||||
"
|
||||
</literallayout>
|
||||
</para>
|
||||
@@ -2093,7 +2097,8 @@
|
||||
You can create a recipe that builds tools that run on the SDK machine
|
||||
a couple different ways:
|
||||
<itemizedlist>
|
||||
<listitem><para>Create a <replaceable>myrecipe</replaceable><filename>-nativesdk.bb</filename>
|
||||
<listitem><para>Create a
|
||||
<filename>nativesdk-</filename><replaceable>myrecipe</replaceable><filename>.bb</filename>
|
||||
recipe that inherits the <filename>nativesdk</filename> class.
|
||||
If you use this method, you must order the inherit statement
|
||||
in the recipe after all other inherit statements so that the
|
||||
@@ -2132,7 +2137,7 @@
|
||||
</para>
|
||||
|
||||
<para>
|
||||
A number of classes exist that are could be generally useful in
|
||||
A number of classes exist that could be generally useful in
|
||||
OE-Core but are never actually used within OE-Core itself.
|
||||
The <filename>oelint</filename> class is one such example.
|
||||
However, being aware of this class can reduce the proliferation of
|
||||
|
||||
@@ -176,6 +176,12 @@
|
||||
PCMCIA/CompactFlash support.</para></listitem>
|
||||
<listitem><para><emphasis>ppp:</emphasis> Include PPP dialup
|
||||
support.</para></listitem>
|
||||
<listitem><para><emphasis>ptest:</emphasis> Enables building
|
||||
the package tests where supported by individual recipes.
|
||||
For more information on package tests, see the
|
||||
"<ulink url='&YOCTO_DOCS_DEV_URL;#testing-packages-with-ptest'>Testing Packages With ptest</ulink>"
|
||||
section in the Yocto Project Development Manual.
|
||||
</para></listitem>
|
||||
<listitem><para><emphasis>smbfs:</emphasis> Include SMB networks
|
||||
client support (for mounting Samba/Microsoft Windows shares
|
||||
on device).</para></listitem>
|
||||
|
||||
@@ -1,8 +1,16 @@
|
||||
<?xml version='1.0'?>
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
|
||||
|
||||
<xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<!--
|
||||
|
||||
<xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
-->
|
||||
|
||||
<xsl:include href="../template/permalinks.xsl"/>
|
||||
<xsl:include href="../template/section.title.xsl"/>
|
||||
<xsl:include href="../template/component.title.xsl"/>
|
||||
|
||||
@@ -5,9 +5,17 @@
|
||||
xmlns:fo="http://www.w3.org/1999/XSL/Format"
|
||||
version="1.0">
|
||||
|
||||
<xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
<!--
|
||||
|
||||
<xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
<xsl:import
|
||||
href="http://docbook.sourceforge.net/release/xsl/1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
-->
|
||||
|
||||
<xsl:param name="chunker.output.indent" select="'yes'"/>
|
||||
<xsl:param name="chunk.quietly" select="1"/>
|
||||
<xsl:param name="chunk.first.sections" select="1"/>
|
||||
|
||||
@@ -92,6 +92,16 @@
|
||||
<date>April 2015</date>
|
||||
<revremark>Released with the Yocto Project 1.8 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.8.1</revnumber>
|
||||
<date>November 2015</date>
|
||||
<revremark>Released with the Yocto Project 1.8.1 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.8.2</revnumber>
|
||||
<date>March 2016</date>
|
||||
<revremark>Released with the Yocto Project 1.8.2 Release.</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<copyright>
|
||||
|
||||
@@ -216,7 +216,7 @@ can be found then it should be implemented. I can't find one at the moment.
|
||||
<listitem>
|
||||
<para id='qa-issue-dev-so'>
|
||||
<code>
|
||||
non -dev/-dbg/-nativesdk package contains symlink .so: <packagename> path '<path>' [dev-so]
|
||||
non -dev/-dbg/nativesdk- package contains symlink .so: <packagename> path '<path>' [dev-so]
|
||||
</code>
|
||||
</para>
|
||||
|
||||
|
||||
@@ -283,6 +283,49 @@
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-ARCHIVER_MODE'><glossterm>ARCHIVER_MODE</glossterm>
|
||||
<info>
|
||||
ARCHIVER_MODE[doc] = "Controls archive creation used when releasing source files."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
When used with the
|
||||
<link linkend='ref-classes-archiver'><filename>archiver</filename></link>
|
||||
class, determines the type of information used to create
|
||||
a released archive.
|
||||
You can use this variable to create archives of patched
|
||||
source, original source, configured source, and so forth
|
||||
by employing the following variable flags (varflags):
|
||||
<literallayout class='monospaced'>
|
||||
ARCHIVER_MODE[src] = "original" # Uses original (unpacked) source
|
||||
# files.
|
||||
|
||||
ARCHIVER_MODE[src] = "patched" # Uses patched source files. This is
|
||||
# the default.
|
||||
|
||||
ARCHIVER_MODE[src] = "configured" # Uses configured source files.
|
||||
|
||||
ARCHIVER_MODE[diff] = "1" # Uses patches between do_unpack and
|
||||
# do_patch.
|
||||
|
||||
ARCHIVER_MODE[diff-exclude] ?= "<replaceable>file</replaceable> <replaceable>file</replaceable> ..." # Lists files and directories to
|
||||
# exclude from diff.
|
||||
|
||||
ARCHIVER_MODE[dumpdata] = "1" # Uses environment data.
|
||||
|
||||
ARCHIVER_MODE[recipe] = "1" # Uses recipe and include files.
|
||||
|
||||
ARCHIVER_MODE[srpm] = "1" # Uses RPM package files.
|
||||
</literallayout>
|
||||
For information on how the variable works, see the
|
||||
<filename>meta/classes/archiver.bbclass</filename> file
|
||||
in the
|
||||
<ulink url='&YOCTO_DOCS_DEV_URL;#source-directory'>Source Directory</ulink>.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-AS'><glossterm>AS</glossterm>
|
||||
<info>
|
||||
AS[doc] = "Minimal command and arguments to run the assembler."
|
||||
@@ -851,8 +894,26 @@
|
||||
The OpenEmbedded build system automatically configures
|
||||
this variable to be equal to the number of cores on the
|
||||
build system.
|
||||
To gain optimal parallelism, you should not have to
|
||||
override this variable.
|
||||
For example, a system with a dual core processor that
|
||||
also uses hyper-threading causes the
|
||||
<filename>BB_NUMBER_THREADS</filename> variable to default
|
||||
to "4".
|
||||
</para>
|
||||
|
||||
<para>
|
||||
For single socket systems (i.e. one CPU), you should not
|
||||
have to override this variable to gain optimal parallelism
|
||||
during builds.
|
||||
However, if you have very large systems that employ
|
||||
multiple physical CPUs, you might want to make sure the
|
||||
<filename>BB_NUMBER_THREADS</filename> variable is not
|
||||
set higher than "20".
|
||||
</para>
|
||||
|
||||
<para>
|
||||
For more information on speeding up builds, see the
|
||||
"<link linkend='speeding-up-the-build'>Speeding Up the Build</link>"
|
||||
section.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
@@ -3613,7 +3674,12 @@
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
The list of additional features to include in an image.
|
||||
A list of additional features to include in an image.
|
||||
When listing more than one feature, separate them with
|
||||
a space.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Typically, you configure this variable in your
|
||||
<filename>local.conf</filename> file, which is found in the
|
||||
<ulink url='&YOCTO_DOCS_DEV_URL;#build-directory'>Build Directory</ulink>.
|
||||
@@ -4772,9 +4838,10 @@
|
||||
<link linkend='ref-tasks-compile'><filename>do_compile</filename></link>
|
||||
task that specify parallel compilation.
|
||||
This variable usually takes the form of
|
||||
<filename>-j 4</filename>, where the number
|
||||
represents the maximum number of parallel threads
|
||||
<filename>make</filename> can run.
|
||||
"-j <replaceable>x</replaceable>", where
|
||||
<replaceable>x</replaceable> represents the maximum
|
||||
number of parallel threads <filename>make</filename> can
|
||||
run.
|
||||
<note>
|
||||
The options passed affect builds on all enabled
|
||||
machines on the network, which are machines running the
|
||||
@@ -5393,24 +5460,50 @@
|
||||
|
||||
<glossentry id='var-IMAGE_POSTPROCESS_COMMAND'><glossterm>IMAGE_POSTPROCESS_COMMAND</glossterm>
|
||||
<info>
|
||||
IMAGE_POSTPROCESS_COMMAND[doc] = "Added by classes to run post processing commands once the OpenEmbedded build system has created the image."
|
||||
IMAGE_POSTPROCESS_COMMAND[doc] = "Specifies a list of functions to call once the OpenEmbedded build system has created the final image output files."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
Added by classes to run post processing commands once the
|
||||
OpenEmbedded build system has created the image.
|
||||
You can specify shell commands separated by semicolons:
|
||||
Specifies a list of functions to call once the
|
||||
OpenEmbedded build system has created the final image
|
||||
output files.
|
||||
You can specify functions separated by semicolons:
|
||||
<literallayout class='monospaced'>
|
||||
IMAGE_POSTPROCESS_COMMAND += "<replaceable>shell_command</replaceable>; ... "
|
||||
IMAGE_POSTPROCESS_COMMAND += "<replaceable>function</replaceable>; ... "
|
||||
</literallayout>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you need to pass the path to the root filesystem within
|
||||
the command, you can use
|
||||
If you need to pass the root filesystem path to a command
|
||||
within the function, you can use
|
||||
<filename>${IMAGE_ROOTFS}</filename>, which points to
|
||||
the root filesystem image.
|
||||
the directory that becomes the root filesystem image.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-IMAGE_PREPROCESS_COMMAND'><glossterm>IMAGE_PREPROCESS_COMMAND</glossterm>
|
||||
<info>
|
||||
IMAGE_PREPROCESS_COMMAND[doc] = "Specifies a list of functions to call before the OpenEmbedded build system has created the final image output files."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
Specifies a list of functions to call before the
|
||||
OpenEmbedded build system has created the final image
|
||||
output files.
|
||||
You can specify functions separated by semicolons:
|
||||
<literallayout class='monospaced'>
|
||||
IMAGE_PREPROCESS_COMMAND += "<replaceable>function</replaceable>; ... "
|
||||
</literallayout>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you need to pass the root filesystem path to a command
|
||||
within the function, you can use
|
||||
<filename>${IMAGE_ROOTFS}</filename>, which points to
|
||||
the directory that becomes the root filesystem image.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
@@ -6210,6 +6303,58 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-KBUILD_DEFCONFIG'><glossterm>KBUILD_DEFCONFIG</glossterm>
|
||||
<info>
|
||||
KBUILD_DEFCONFIG[doc] = "Specifies an "in-tree" kernel configuration file for use during a kernel build."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
When used with the
|
||||
<link linkend='ref-classes-kernel-yocto'><filename>kernel-yocto</filename></link>
|
||||
class, specifies an "in-tree" kernel configuration file
|
||||
for use during a kernel build.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Typically, when using a <filename>defconfig</filename> to
|
||||
configure a kernel during a build, you place the
|
||||
file in your layer in the same manner as you would
|
||||
patch files and configuration fragment files (i.e.
|
||||
"out-of-tree").
|
||||
However, if you want to use a <filename>defconfig</filename>
|
||||
file that is part of the kernel tree (i.e. "in-tree"),
|
||||
you can use the
|
||||
<filename>KBUILD_DEFCONFIG</filename> variable to point
|
||||
to the <filename>defconfig</filename> file.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
To use the variable, set it in the append file for your
|
||||
kernel recipe using the following form:
|
||||
<literallayout class='monospaced'>
|
||||
KBUILD_DEFCONFIG_<link linkend='var-KMACHINE'>KMACHINE</link> ?= <replaceable>defconfig_file</replaceable>
|
||||
</literallayout>
|
||||
Here is an example from a "raspberrypi2"
|
||||
<filename>KMACHINE</filename> build that uses a
|
||||
<filename>defconfig</filename> file named
|
||||
"bcm2709_defconfig":
|
||||
<literallayout class='monospaced'>
|
||||
KBUILD_DEFCONFIG_raspberrypi2 = "bcm2709_defconfig"
|
||||
</literallayout>
|
||||
As an alternative, you can use the following within your
|
||||
append file:
|
||||
<literallayout class='monospaced'>
|
||||
KBUILD_DEFCONFIG_pn-linux-yocto ?= <replaceable>defconfig_file</replaceable>
|
||||
</literallayout>
|
||||
For more information on how to use the
|
||||
<filename>KBUILD_DEFCONFIG</filename> variable, see the
|
||||
"<ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;#using-an-in-tree-defconfig-file'>Using an "In-Tree" <filename>defconfig</filename> File</ulink>"
|
||||
section.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-KERNEL_EXTRA_ARGS'><glossterm>KERNEL_EXTRA_ARGS</glossterm>
|
||||
<info>
|
||||
KERNEL_EXTRA_ARGS[doc] = "Specifies additional make command-line arguments the OpenEmbedded build system passes on when compiling the kernel."
|
||||
@@ -8468,7 +8613,7 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
|
||||
|
||||
<glossentry id='var-PARALLEL_MAKE'><glossterm>PARALLEL_MAKE</glossterm>
|
||||
<info>
|
||||
PARALLEL_MAKE[doc] = "Specifies extra options that are passed to the make command during the compile tasks. This variable is usually in the form -j 4, where the number represents the maximum number of parallel threads make can run."
|
||||
PARALLEL_MAKE[doc] = "Specifies extra options that are passed to the make command during the compile tasks. This variable is usually in the form -j x, where x represents the maximum number of parallel threads make can run."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
@@ -8478,20 +8623,39 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
|
||||
<link linkend='ref-tasks-compile'><filename>do_compile</filename></link>
|
||||
task in order to specify parallel compilation on the local
|
||||
build host.
|
||||
This variable is usually in the form "-j <x>",
|
||||
where x represents the maximum number of parallel threads
|
||||
<filename>make</filename> can run.
|
||||
This variable is usually in the form "-j <replaceable>x</replaceable>",
|
||||
where <replaceable>x</replaceable> represents the maximum
|
||||
number of parallel threads <filename>make</filename> can
|
||||
run.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The OpenEmbedded build system automatically sets this
|
||||
variable to be equal to the number of cores the build
|
||||
system uses.
|
||||
By default, the OpenEmbedded build system automatically
|
||||
sets this variable to be equal to the number of cores the
|
||||
build system uses.
|
||||
<note>
|
||||
Individual recipes might clear out this variable if
|
||||
the software being built has problems running its
|
||||
<filename>make</filename> process in parallel.
|
||||
If the software being built experiences dependency
|
||||
issues during the <filename>do_compile</filename>
|
||||
task that result in race conditions, you can clear
|
||||
the <filename>PARALLEL_MAKE</filename> variable within
|
||||
the recipe as a workaround.
|
||||
For information on addressing race conditions, see the
|
||||
"<ulink url='&YOCTO_DOCS_DEV_URL;#debugging-parallel-make-races'>Debugging Parallel Make Races</ulink>"
|
||||
section in the Yocto Project Development Manual.
|
||||
</note>
|
||||
For single socket systems (i.e. one CPU), you should not
|
||||
have to override this variable to gain optimal parallelism
|
||||
during builds.
|
||||
However, if you have very large systems that employ
|
||||
multiple physical CPUs, you might want to make sure the
|
||||
<filename>PARALLEL_MAKE</filename> variable is not
|
||||
set higher than "-j 20".
|
||||
</para>
|
||||
|
||||
<para>
|
||||
For more information on speeding up builds, see the
|
||||
"<link linkend='speeding-up-the-build'>Speeding Up the Build</link>"
|
||||
section.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
@@ -8510,9 +8674,15 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
|
||||
This variable defaults to the value of
|
||||
<link linkend='var-PARALLEL_MAKE'><filename>PARALLEL_MAKE</filename></link>.
|
||||
<note>
|
||||
Individual recipes might clear out this variable if
|
||||
the software being built has problems running its
|
||||
<filename>make install</filename> process in parallel.
|
||||
If the software being built experiences dependency
|
||||
issues during the
|
||||
<filename>do_install</filename> task that result in
|
||||
race conditions, you can clear the
|
||||
<filename>PARALLEL_MAKEINST</filename> variable within
|
||||
the recipe as a workaround.
|
||||
For information on addressing race conditions, see the
|
||||
"<ulink url='&YOCTO_DOCS_DEV_URL;#debugging-parallel-make-races'>Debugging Parallel Make Races</ulink>"
|
||||
section in the Yocto Project Development Manual.
|
||||
</note>
|
||||
</para>
|
||||
</glossdef>
|
||||
@@ -8883,6 +9053,64 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-POPULATE_SDK_POST_HOST_COMMAND'><glossterm>POPULATE_SDK_POST_HOST_COMMAND</glossterm>
|
||||
<info>
|
||||
POPULATE_SDK_POST_HOST_COMMAND[doc] = "Specifies a list of functions to call once the OpenEmbedded build system has created host part of the SDK."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
Specifies a list of functions to call once the
|
||||
OpenEmbedded build system has created the host part of
|
||||
the SDK.
|
||||
You can specify functions separated by semicolons:
|
||||
<literallayout class='monospaced'>
|
||||
POPULATE_SDK_POST_HOST_COMMAND += "<replaceable>function</replaceable>; ... "
|
||||
</literallayout>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you need to pass the SDK path to a command
|
||||
within a function, you can use
|
||||
<filename>${SDK_DIR}</filename>, which points to
|
||||
the parent directory used by the OpenEmbedded build
|
||||
system when creating SDK output.
|
||||
See the
|
||||
<link linkend='var-SDK_DIR'><filename>SDK_DIR</filename></link>
|
||||
variable for more information.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-POPULATE_SDK_POST_TARGET_COMMAND'><glossterm>POPULATE_SDK_POST_TARGET_COMMAND</glossterm>
|
||||
<info>
|
||||
POPULATE_SDK_POST_TARGET_COMMAND[doc] = "Specifies a list of functions to call once the OpenEmbedded build system has created target part of the SDK."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
Specifies a list of functions to call once the
|
||||
OpenEmbedded build system has created the target part of
|
||||
the SDK.
|
||||
You can specify functions separated by semicolons:
|
||||
<literallayout class='monospaced'>
|
||||
POPULATE_SDK_POST_TARGET_COMMAND += "<replaceable>function</replaceable>; ... "
|
||||
</literallayout>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you need to pass the SDK path to a command
|
||||
within a function, you can use
|
||||
<filename>${SDK_DIR}</filename>, which points to
|
||||
the parent directory used by the OpenEmbedded build
|
||||
system when creating SDK output.
|
||||
See the
|
||||
<link linkend='var-SDK_DIR'><filename>SDK_DIR</filename></link>
|
||||
variable for more information.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-PR'><glossterm>PR</glossterm>
|
||||
<info>
|
||||
PR[doc] = "The revision of the recipe. The default value for this variable is 'r0'."
|
||||
@@ -8995,55 +9223,6 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-PRINC'><glossterm>PRINC</glossterm>
|
||||
<info>
|
||||
PRINC[doc] = "Causes the PR variable of .bbappend files to dynamically increment. This increment minimizes the impact of layer ordering. This variable defaults to '0'."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
The <filename>PRINC</filename> variable has been deprecated
|
||||
and triggers a warning if detected during a build.
|
||||
For
|
||||
<link linkend='var-PR'><filename>PR</filename></link>
|
||||
increments on changes, use the PR service instead.
|
||||
You can find out more about this service in the
|
||||
"<ulink url='&YOCTO_DOCS_DEV_URL;#working-with-a-pr-service'>Working With a PR Service</ulink>"
|
||||
section in the Yocto Project Development Manual.
|
||||
</para>
|
||||
<!--
|
||||
|
||||
<para>
|
||||
Causes the
|
||||
<link linkend='var-PR'><filename>PR</filename></link>
|
||||
variable of <filename>.bbappend</filename> files to
|
||||
dynamically increment.
|
||||
This increment minimizes the impact of layer ordering.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In order to ensure multiple <filename>.bbappend</filename>
|
||||
files can co-exist,
|
||||
<filename>PRINC</filename> should be self-referencing.
|
||||
This variable defaults to 0.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Following is an example that increments
|
||||
<filename>PR</filename> by two:
|
||||
<literallayout class='monospaced'>
|
||||
PRINC := "${@int(PRINC) + 2}"
|
||||
</literallayout>
|
||||
It is advisable not to use strings such as ".= '.1'" with the variable because
|
||||
this usage is very sensitive to layer ordering.
|
||||
You should avoid explicit assignments as they cannot
|
||||
adequately represent multiple
|
||||
<filename>.bbappend</filename> files.
|
||||
</para>
|
||||
-->
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-PRIORITY'><glossterm>PRIORITY</glossterm>
|
||||
<info>
|
||||
PRIORITY[doc] = "Indicates the importance of a package. The default value is 'optional'. Other standard values are 'required', 'standard' and 'extra'."
|
||||
@@ -9626,26 +9805,113 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-ROOTFS_POSTPROCESS_COMMAND'><glossterm>ROOTFS_POSTPROCESS_COMMAND</glossterm>
|
||||
<glossentry id='var-ROOTFS_POSTINSTALL_COMMAND'><glossterm>ROOTFS_POSTINSTALL_COMMAND</glossterm>
|
||||
<info>
|
||||
ROOTFS_POSTPROCESS_COMMAND[doc] = "Added by classes to run post processing commands once the OpenEmbedded build system has created the root filesystem."
|
||||
ROOTFS_POSTINSTALL_COMMAND[doc] = "Specifies a list of functions to call after installing packages."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
Added by classes to run post processing commands once the
|
||||
OpenEmbedded build system has created the root filesystem.
|
||||
You can specify shell commands separated by semicolons:
|
||||
Specifies a list of functions to call after the
|
||||
OpenEmbedded build system has installed packages.
|
||||
You can specify functions separated by semicolons:
|
||||
<literallayout class='monospaced'>
|
||||
ROOTFS_POSTPROCESS_COMMAND += "<replaceable>shell_command</replaceable>; ... "
|
||||
ROOTFS_POSTINSTALL_COMMAND += "<replaceable>function</replaceable>; ... "
|
||||
</literallayout>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you need to pass the path to the root filesystem within
|
||||
the command, you can use
|
||||
If you need to pass the root filesystem path to a command
|
||||
within a function, you can use
|
||||
<filename>${IMAGE_ROOTFS}</filename>, which points to
|
||||
the root filesystem image.
|
||||
the directory that becomes the root filesystem image.
|
||||
See the
|
||||
<link linkend='var-IMAGE_ROOTFS'><filename>IMAGE_ROOTFS</filename></link>
|
||||
variable for more information.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-ROOTFS_POSTPROCESS_COMMAND'><glossterm>ROOTFS_POSTPROCESS_COMMAND</glossterm>
|
||||
<info>
|
||||
ROOTFS_POSTPROCESS_COMMAND[doc] = "Specifies a list of functions to call once the OpenEmbedded build system has created the root filesystem."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
Specifies a list of functions to call once the
|
||||
OpenEmbedded build system has created the root filesystem.
|
||||
You can specify functions separated by semicolons:
|
||||
<literallayout class='monospaced'>
|
||||
ROOTFS_POSTPROCESS_COMMAND += "<replaceable>function</replaceable>; ... "
|
||||
</literallayout>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you need to pass the root filesystem path to a command
|
||||
within a function, you can use
|
||||
<filename>${IMAGE_ROOTFS}</filename>, which points to
|
||||
the directory that becomes the root filesystem image.
|
||||
See the
|
||||
<link linkend='var-IMAGE_ROOTFS'><filename>IMAGE_ROOTFS</filename></link>
|
||||
variable for more information.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-ROOTFS_POSTUNINSTALL_COMMAND'><glossterm>ROOTFS_POSTUNINSTALL_COMMAND</glossterm>
|
||||
<info>
|
||||
ROOTFS_POSTUNINSTALL_COMMAND[doc] = "Specifies a list of functions to call after removal of unneeded packages."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
Specifies a list of functions to call after the
|
||||
OpenEmbedded build system has removed unnecessary
|
||||
packages.
|
||||
When runtime package management is disabled in the
|
||||
image, several packages are removed including
|
||||
<filename>base-passwd</filename>,
|
||||
<filename>shadow</filename>, and
|
||||
<filename>update-alternatives</filename>.
|
||||
You can specify functions separated by semicolons:
|
||||
<literallayout class='monospaced'>
|
||||
ROOTFS_POSTUNINSTALL_COMMAND += "<replaceable>function</replaceable>; ... "
|
||||
</literallayout>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you need to pass the root filesystem path to a command
|
||||
within a function, you can use
|
||||
<filename>${IMAGE_ROOTFS}</filename>, which points to
|
||||
the directory that becomes the root filesystem image.
|
||||
See the
|
||||
<link linkend='var-IMAGE_ROOTFS'><filename>IMAGE_ROOTFS</filename></link>
|
||||
variable for more information.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-ROOTFS_PREPROCESS_COMMAND'><glossterm>ROOTFS_PREPROCESS_COMMAND</glossterm>
|
||||
<info>
|
||||
ROOTFS_PREPROCESS_COMMAND[doc] = "Specifies a list of functions to call before the OpenEmbedded build system has created the root filesystem."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
Specifies a list of functions to call before the
|
||||
OpenEmbedded build system has created the root filesystem.
|
||||
You can specify functions separated by semicolons:
|
||||
<literallayout class='monospaced'>
|
||||
ROOTFS_PREPROCESS_COMMAND += "<replaceable>function</replaceable>; ... "
|
||||
</literallayout>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you need to pass the root filesystem path to a command
|
||||
within a function, you can use
|
||||
<filename>${IMAGE_ROOTFS}</filename>, which points to
|
||||
the directory that becomes the root filesystem image.
|
||||
See the
|
||||
<link linkend='var-IMAGE_ROOTFS'><filename>IMAGE_ROOTFS</filename></link>
|
||||
variable for more information.
|
||||
@@ -9999,6 +10265,39 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-SDK_HOST_MANIFEST'><glossterm>SDK_HOST_MANIFEST</glossterm>
|
||||
<info>
|
||||
SDK_HOST_MANIFEST[doc] = "The manifest file for the host part of the SDK. This file lists all the installed packages that make up the host part of the SDK."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
The manifest file for the host part of the SDK.
|
||||
This file lists all the installed packages that make up
|
||||
the host part of SDK.
|
||||
The file contains package information on a line-per-package
|
||||
basis as follows:
|
||||
<literallayout class='monospaced'>
|
||||
<replaceable>packagename</replaceable> <replaceable>packagearch</replaceable> <replaceable>version</replaceable>
|
||||
</literallayout>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The
|
||||
<link linkend='ref-classes-populate-sdk-*'><filename>populate_sdk_base</filename></link>
|
||||
class defines the manifest file as follows:
|
||||
<literallayout class='monospaced'>
|
||||
SDK_HOST_MANIFEST = "${SDK_DEPLOY}/${TOOLCHAIN_OUTPUTNAME}.host.manifest"
|
||||
</literallayout>
|
||||
The location is derived using the
|
||||
<link linkend='var-SDK_DEPLOY'><filename>SDK_DEPLOY</filename></link>
|
||||
and
|
||||
<link linkend='var-TOOLCHAIN_OUTPUTNAME'><filename>TOOLCHAIN_OUTPUTNAME</filename></link>
|
||||
variables.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-SDK_NAME'><glossterm>SDK_NAME</glossterm>
|
||||
<info>
|
||||
SDK_NAME[doc] = "The base name for SDK output files."
|
||||
@@ -10084,6 +10383,34 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-SDK_POSTPROCESS_COMMAND'><glossterm>SDK_POSTPROCESS_COMMAND</glossterm>
|
||||
<info>
|
||||
SDK_POSTPROCESS_COMMAND[doc] = "Specifies a list of functions to call once the OpenEmbedded build system has created the SDK."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
Specifies a list of functions to call once the
|
||||
OpenEmbedded build system has created the SDK.
|
||||
You can specify functions separated by semicolons:
|
||||
<literallayout class='monospaced'>
|
||||
SDK_POSTPROCESS_COMMAND += "<replaceable>function</replaceable>; ... "
|
||||
</literallayout>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you need to pass an SDK path to a command within a
|
||||
function, you can use
|
||||
<filename>${SDK_DIR}</filename>, which points to
|
||||
the parent directory used by the OpenEmbedded build system
|
||||
when creating SDK output.
|
||||
See the
|
||||
<link linkend='var-SDK_DIR'><filename>SDK_DIR</filename></link>
|
||||
variable for more information.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-SDK_PREFIX'><glossterm>SDK_PREFIX</glossterm>
|
||||
<info>
|
||||
SDK_PREFIX[doc] = "The toolchain binary prefix used for nativesdk recipes."
|
||||
@@ -10125,6 +10452,39 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-SDK_TARGET_MANIFEST'><glossterm>SDK_TARGET_MANIFEST</glossterm>
|
||||
<info>
|
||||
SDK_TARGET_MANIFEST[doc] = "The manifest file for the target part of the SDK. This file lists all the installed packages that make up the target part of the SDK."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
The manifest file for the target part of the SDK.
|
||||
This file lists all the installed packages that make up
|
||||
the target part of the SDK.
|
||||
The file contains package information on a line-per-package
|
||||
basis as follows:
|
||||
<literallayout class='monospaced'>
|
||||
<replaceable>packagename</replaceable> <replaceable>packagearch</replaceable> <replaceable>version</replaceable>
|
||||
</literallayout>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The
|
||||
<link linkend='ref-classes-populate-sdk-*'><filename>populate_sdk_base</filename></link>
|
||||
class defines the manifest file as follows:
|
||||
<literallayout class='monospaced'>
|
||||
SDK_TARGET_MANIFEST = "${SDK_DEPLOY}/${TOOLCHAIN_OUTPUTNAME}.target.manifest"
|
||||
</literallayout>
|
||||
The location is derived using the
|
||||
<link linkend='var-SDK_DEPLOY'><filename>SDK_DEPLOY</filename></link>
|
||||
and
|
||||
<link linkend='var-TOOLCHAIN_OUTPUTNAME'><filename>TOOLCHAIN_OUTPUTNAME</filename></link>
|
||||
variables.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-SDK_VENDOR'><glossterm>SDK_VENDOR</glossterm>
|
||||
<info>
|
||||
SDK_VENDOR[doc] = "Specifies the name of the SDK vendor."
|
||||
@@ -10137,6 +10497,32 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-SDK_VERSION'><glossterm>SDK_VERSION</glossterm>
|
||||
<info>
|
||||
SDK_VERSION[doc] = "Specifies the version for the SDK."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
Specifies the version of the SDK.
|
||||
The distribution configuration file (e.g.
|
||||
<filename>/meta-yocto/conf/distro/poky.conf</filename>)
|
||||
defines the <filename>SDK_VERSION</filename> as follows:
|
||||
<literallayout class='monospaced'>
|
||||
SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}"
|
||||
</literallayout>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
For additional information, see the
|
||||
<link linkend='var-DISTRO_VERSION'><filename>DISTRO_VERSION</filename></link>
|
||||
and
|
||||
<link linkend='var-DATE'><filename>DATE</filename></link>
|
||||
variables.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-SDKIMAGE_FEATURES'><glossterm>SDKIMAGE_FEATURES</glossterm>
|
||||
<info>
|
||||
SDKIMAGE_FEATURES[doc] = "Equivalent to IMAGE_FEATURES. However, this variable applies to the SDK generated from an image using the command 'bitbake -c populate_sdk imagename'."
|
||||
@@ -12529,6 +12915,32 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-TOOLCHAIN_OUTPUTNAME'><glossterm>TOOLCHAIN_OUTPUTNAME</glossterm>
|
||||
<info>
|
||||
TOOLCHAIN_OUTPUTNAME[doc] = "Defines the name used for the toolchain output."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
This variable defines the name used for the toolchain
|
||||
output.
|
||||
The
|
||||
<link linkend='ref-classes-populate-sdk-*'><filename>populate_sdk_base</filename></link>
|
||||
class sets the
|
||||
<filename>TOOLCHAIN_OUTPUTNAME</filename> variable as
|
||||
follows:
|
||||
<literallayout class='monospaced'>
|
||||
TOOLCHAIN_OUTPUTNAME ?= "${SDK_NAME}-toolchain-${SDK_VERSION}"
|
||||
</literallayout>
|
||||
See the
|
||||
<link linkend='var-SDK_NAME'><filename>SDK_NAME</filename></link>
|
||||
and
|
||||
<link linkend='var-SDK_VERSION'><filename>SDK_VERSION</filename></link>
|
||||
variables for additional information.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-TOOLCHAIN_TARGET_TASK'><glossterm>TOOLCHAIN_TARGET_TASK</glossterm>
|
||||
<info>
|
||||
TOOLCHAIN_TARGET_TASK[doc] = "This variable lists packages the OpenEmbedded build system uses when it creates the target part of an SDK, which includes libraries and headers."
|
||||
@@ -13114,6 +13526,42 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-UNKNOWN_CONFIGURE_WHITELIST'><glossterm>UNKNOWN_CONFIGURE_WHITELIST</glossterm>
|
||||
<info>
|
||||
UNKNOWN_CONFIGURE_WHITELIST[doc] = "Specifies a list of options that, if reported by the configure script as being invalid, should not generate a warning during the do_configure task."
|
||||
</info>
|
||||
<glossdef>
|
||||
<para role="glossdeffirst">
|
||||
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
|
||||
Specifies a list of options that, if reported by the
|
||||
configure script as being invalid, should not generate a
|
||||
warning during the
|
||||
<link linkend='ref-tasks-configure'><filename>do_configure</filename></link>
|
||||
task.
|
||||
Normally, invalid configure options are simply not passed
|
||||
to the configure script (e.g. should be removed from
|
||||
<link linkend='var-EXTRA_OECONF'><filename>EXTRA_OECONF</filename></link>).
|
||||
However, common options, for example, exist that are passed
|
||||
to all configure scripts at a class level that might not
|
||||
be valid for some configure scripts.
|
||||
It follows that no benefit exists in seeing a warning about
|
||||
these options.
|
||||
For these cases, the options are added to
|
||||
<filename>UNKNOWN_CONFIGURE_WHITELIST</filename>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The configure arguments check that uses
|
||||
<filename>UNKNOWN_CONFIGURE_WHITELIST</filename> is part
|
||||
of the
|
||||
<link linkend='ref-classes-insane'><filename>insane</filename></link>
|
||||
class and is only enabled if the recipe inherits the
|
||||
<link linkend='ref-classes-autotools'><filename>autotools</filename></link>
|
||||
class.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry id='var-UPDATERCPN'><glossterm>UPDATERCPN</glossterm>
|
||||
<info>
|
||||
UPDATERCPN[doc] = "Specifies the package that contains the initscript that is to be enabled."
|
||||
|
||||
@@ -914,42 +914,51 @@
|
||||
|
||||
<para>
|
||||
Build time can be an issue.
|
||||
By default, the build system uses three simple controls to try and
|
||||
maximize build efficiency:
|
||||
By default, the build system uses simple controls to try and maximize
|
||||
build efficiency.
|
||||
In general, the default settings for all the following variables
|
||||
result in the most efficient build times when dealing with single
|
||||
socket systems (i.e. a single CPU).
|
||||
If you have multiple CPUs, you might try increasing the default
|
||||
values to gain more speed.
|
||||
See the descriptions in the glossary for each variable for more
|
||||
information:
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
<link linkend='var-BB_NUMBER_THREADS'><filename>BB_NUMBER_THREADS</filename></link>
|
||||
<link linkend='var-BB_NUMBER_THREADS'><filename>BB_NUMBER_THREADS</filename>:</link>
|
||||
The maximum number of threads BitBake simultaneously executes.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<ulink url='&YOCTO_DOCS_BB_URL;#var-BB_NUMBER_PARSE_THREADS'><filename>BB_NUMBER_PARSE_THREADS</filename></ulink>
|
||||
<ulink url='&YOCTO_DOCS_BB_URL;#var-BB_NUMBER_PARSE_THREADS'><filename>BB_NUMBER_PARSE_THREADS</filename>:</ulink>
|
||||
The number of threads BitBake uses during parsing.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<link linkend='var-PARALLEL_MAKE'><filename>PARALLEL_MAKE</filename></link>
|
||||
<link linkend='var-PARALLEL_MAKE'><filename>PARALLEL_MAKE</filename>:</link>
|
||||
Extra options passed to the <filename>make</filename> command
|
||||
during the
|
||||
<link linkend='ref-tasks-compile'><filename>do_compile</filename></link>
|
||||
task in order to specify parallel compilation on the
|
||||
local build host.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<link linkend='var-PARALLEL_MAKEINST'><filename>PARALLEL_MAKEINST</filename>:</link>
|
||||
Extra options passed to the <filename>make</filename> command
|
||||
during the
|
||||
<link linkend='ref-tasks-install'><filename>do_install</filename></link>
|
||||
task in order to specify parallel installation on the
|
||||
local build host.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
These three variables all scale to the number of processor cores
|
||||
available on the build system.
|
||||
This auto-scaling ensures that the build system fundamentally takes
|
||||
advantage of potential parallel operations during the build
|
||||
based on the build machine's capabilities.
|
||||
As mentioned, these variables all scale to the number of processor
|
||||
cores available on the build system.
|
||||
For single socket systems, this auto-scaling ensures that the build
|
||||
system fundamentally takes advantage of potential parallel operations
|
||||
during the build based on the build machine's capabilities.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you need to achieve even faster builds than what the build system
|
||||
produces by default, you can consider and implement some of the
|
||||
following:
|
||||
Following are additional factors that can affect build speed:
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
<filename>BB_NUMBER_THREADS</filename>,
|
||||
<filename>BB_NUMBER_PARSE_THREADS</filename>, and
|
||||
<filename>PARALLEL_MAKE</filename>:
|
||||
As previously mentioned, the build system scales the values
|
||||
for these variables so you should probably not override
|
||||
these to try to speed up a build.
|
||||
However, for completeness regarding this list, it is worth
|
||||
mentioning that you can manually override these variables
|
||||
by setting them in your <filename>local.conf</filename> file.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
File system type:
|
||||
The file system type that the build is being performed on can
|
||||
@@ -981,7 +990,9 @@
|
||||
helps.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
Using <filename>/tmp</filename> as a temporary file system:
|
||||
Using <filename>tmpfs</filename> for
|
||||
<link linkend='var-TMPDIR'><filename>TMPDIR</filename></link>
|
||||
as a temporary file system:
|
||||
While this can help speed up the build, the benefits are
|
||||
limited due to the compiler using
|
||||
<filename>-pipe</filename>.
|
||||
@@ -1013,6 +1024,11 @@
|
||||
Aside from the previous list, you should keep some trade offs in
|
||||
mind that can help you speed up the build:
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
Remove items from
|
||||
<link linkend='var-DISTRO_FEATURES'><filename>DISTRO_FEATURES</filename></link>
|
||||
that you might not need.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
Exclude debug symbols and other debug information:
|
||||
If you do not need these symbols and other debug information,
|
||||
|
||||
@@ -1,8 +1,15 @@
|
||||
<?xml version='1.0'?>
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
|
||||
|
||||
<xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<!--
|
||||
|
||||
<xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
|
||||
<!-- <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" /> -->
|
||||
|
||||
-->
|
||||
|
||||
<xsl:include href="../template/permalinks.xsl"/>
|
||||
<xsl:include href="../template/section.title.xsl"/>
|
||||
|
||||
@@ -133,6 +133,11 @@
|
||||
browser by entering the URL of your Toaster instance and
|
||||
adding "<filename>/admin</filename>" to the end of the
|
||||
URL.
|
||||
As an example, if you are running Toaster locally, use
|
||||
the following URL:
|
||||
<literallayout class='monospaced'>
|
||||
http://127.0.0.1:8000/admin
|
||||
</literallayout>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
@@ -214,7 +219,7 @@
|
||||
"name": "Local Yocto Project",
|
||||
"sourcetype": "local",
|
||||
"apiurl": "../../",
|
||||
"branches": ["HEAD", "master", "fido", "dizzy"],
|
||||
"branches": ["HEAD", "fido", "dizzy"],
|
||||
"layers": [
|
||||
{
|
||||
"name": "openembedded-core",
|
||||
@@ -241,13 +246,13 @@
|
||||
"name": "OpenEmbedded",
|
||||
"sourcetype": "layerindex",
|
||||
"apiurl": "http://layers.openembedded.org/layerindex/api/",
|
||||
"branches": ["master", "fido", "dizzy"]
|
||||
"branches": ["fido", "dizzy"]
|
||||
},
|
||||
{
|
||||
"name": "Imported layers",
|
||||
"sourcetype": "imported",
|
||||
"apiurl": "",
|
||||
"branches": ["master", "fido", "dizzy", "HEAD"]
|
||||
"branches": ["fido", "dizzy", "HEAD"]
|
||||
|
||||
}
|
||||
],
|
||||
@@ -263,8 +268,7 @@
|
||||
indicate which branches from your layer source you want
|
||||
to make available through Toaster.
|
||||
For example, the OpenEmbedded layer source makes
|
||||
available only its "master", "fido", and "dizzy"
|
||||
branches.
|
||||
available only its "fido" and "dizzy" branches.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
@@ -382,14 +386,6 @@
|
||||
or
|
||||
<ulink url='http://git.openembedded.org/openembedded-core/commit/?h=fido'></ulink>.
|
||||
</para></listitem>
|
||||
<listitem><para><emphasis>Yocto Project "Master" or OpenEmbedded "Master":</emphasis>
|
||||
This release causes your Toaster Projects to
|
||||
build against the head of the master branch, which is
|
||||
where active development takes place, at
|
||||
<ulink url='&YOCTO_GIT_URL;/cgit/cgit.cgi/poky/log/'></ulink>
|
||||
or
|
||||
<ulink url='http://git.openembedded.org/openembedded-core/log/'></ulink>.
|
||||
</para></listitem>
|
||||
<listitem><para><emphasis>Local Yocto Project or Local OpenEmbedded:</emphasis>
|
||||
This release causes your Toaster Projects to
|
||||
build against the head of the <filename>poky</filename>
|
||||
@@ -436,14 +432,14 @@
|
||||
Git repository.
|
||||
As an example, consider the following snippet from
|
||||
a Toaster JSON configuration file.
|
||||
This BitBake version uses the master branch from the
|
||||
This BitBake version uses the fido branch from the
|
||||
OpenEmbedded repository:
|
||||
<literallayout class='monospaced'>
|
||||
"bitbake" : [
|
||||
{
|
||||
"name": "master",
|
||||
"name": "fido",
|
||||
"giturl": "git://git.openembedded.org/bitbake",
|
||||
"branch": "master",
|
||||
"branch": "1.26",
|
||||
"dirpath": ""
|
||||
}
|
||||
]
|
||||
@@ -484,7 +480,7 @@
|
||||
The branch for the layer source
|
||||
(<filename>branch</filename>) used with the release.
|
||||
For example, for the OpenEmbedded layer source, the
|
||||
"master", "fido", and "dizzy" branches are available.
|
||||
"fido" and "dizzy" branches are available.
|
||||
</para></listitem>
|
||||
<listitem><para><emphasis>Default Layers:</emphasis>
|
||||
The set of default layers
|
||||
@@ -517,8 +513,8 @@
|
||||
<para>
|
||||
To summarize what comprises a release, consider the following
|
||||
example from a Toaster JSON file.
|
||||
The configuration names the release "master" and uses the
|
||||
"master" branch provided by the layer source of type
|
||||
The configuration names the release "fido" and uses the
|
||||
"fido" branch provided by the layer source of type
|
||||
"layerindex", which is called "OpenEmbedded", and sets
|
||||
the <filename>openembedded-core</filename> layer as the one
|
||||
to be added by default to any projects created in Toaster.
|
||||
@@ -527,13 +523,13 @@
|
||||
<literallayout class='monospaced'>
|
||||
"releases": [
|
||||
{
|
||||
"name": "master",
|
||||
"description": "OpenEmbedded master",
|
||||
"bitbake": "master",
|
||||
"branch": "master",
|
||||
"name": "fido",
|
||||
"description": "OpenEmbedded fido",
|
||||
"bitbake": "fido",
|
||||
"branch": "fido",
|
||||
"defaultlayers": [ "openembedded-core" ],
|
||||
"layersourcepriority": { "Imported layers": 99, "Local OpenEmbedded" : 10, "OpenEmbedded" : 0 },
|
||||
"helptext": "Toaster will run your builds using the OpenEmbedded master branch, where active development takes place. This is not a stable branch, so your builds might not work as expected."
|
||||
"helptext": "Toaster will run your builds using the OpenEmbedded fido branch."
|
||||
}
|
||||
]
|
||||
</literallayout>
|
||||
@@ -710,7 +706,7 @@
|
||||
"name": "Local Yocto Project",
|
||||
"sourcetype": "local",
|
||||
"apiurl": "../../",
|
||||
"branches": ["HEAD", "master", "fido", "dizzy"],
|
||||
"branches": ["HEAD", "fido", "dizzy"],
|
||||
"layers": [
|
||||
{
|
||||
"name": "openembedded-core",
|
||||
@@ -737,13 +733,13 @@
|
||||
"name": "OpenEmbedded",
|
||||
"sourcetype": "layerindex",
|
||||
"apiurl": "http://layers.openembedded.org/layerindex/api/",
|
||||
"branches": ["master", "fido", "dizzy"]
|
||||
"branches": ["fido", "dizzy"]
|
||||
},
|
||||
{
|
||||
"name": "Imported layers",
|
||||
"sourcetype": "imported",
|
||||
"apiurl": "",
|
||||
"branches": ["master", "fido", "dizzy", "HEAD"]
|
||||
"branches": ["fido", "dizzy", "HEAD"]
|
||||
|
||||
}
|
||||
],
|
||||
@@ -757,8 +753,8 @@
|
||||
<para>
|
||||
This area of the JSON file defines the version of
|
||||
BitBake Toaster uses.
|
||||
As shipped, Toaster is configured to recognize four
|
||||
versions of BitBake: master, fido, dizzy, and HEAD.
|
||||
As shipped, Toaster is configured to recognize three
|
||||
versions of BitBake: fido, dizzy, and HEAD.
|
||||
<note>
|
||||
HEAD is a special option that builds whatever is
|
||||
available on disk, without checking out any remote
|
||||
@@ -770,12 +766,6 @@
|
||||
Here is the default <filename>bitbake</filename> area:
|
||||
<literallayout class='monospaced'>
|
||||
"bitbake" : [
|
||||
{
|
||||
"name": "master",
|
||||
"giturl": "remote:origin",
|
||||
"branch": "master",
|
||||
"dirpath": "bitbake"
|
||||
},
|
||||
{
|
||||
"name": "fido",
|
||||
"giturl": "remote:origin",
|
||||
@@ -805,14 +795,14 @@
|
||||
<para>
|
||||
This area of the JSON file establishes a default
|
||||
release used by Toaster.
|
||||
As shipped, Toaster uses the "master" release.
|
||||
As shipped, Toaster uses the "fido" release.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Here is the statement in the JSON file that establishes
|
||||
the default release:
|
||||
<literallayout class='monospaced'>
|
||||
"defaultrelease": "master",
|
||||
"defaultrelease": "fido",
|
||||
</literallayout>
|
||||
</para>
|
||||
</section>
|
||||
@@ -833,15 +823,6 @@
|
||||
Here is the default <filename>releases</filename> area:
|
||||
<literallayout class='monospaced'>
|
||||
"releases": [
|
||||
{
|
||||
"name": "master",
|
||||
"description": "Yocto Project master",
|
||||
"bitbake": "master",
|
||||
"branch": "master",
|
||||
"defaultlayers": [ "openembedded-core", "meta-yocto", "meta-yocto-bsp"],
|
||||
"layersourcepriority": { "Imported layers": 99, "Local Yocto Project" : 10, "OpenEmbedded" : 0 },
|
||||
"helptext": "Toaster will run your builds using the tip of the <a href=\"http://git.yoctoproject.org/cgit/cgit.cgi/poky/log/\">Yocto Project master branch</a>, where active development takes place. This is not a stable branch, so your builds might not work as expected."
|
||||
},
|
||||
{
|
||||
"name": "fido",
|
||||
"description": "Yocto Project 1.8 Fido",
|
||||
|
||||
@@ -506,7 +506,7 @@
|
||||
MANAGED="True"
|
||||
</literallayout>
|
||||
</para></listitem>
|
||||
<listitem><para><emphasis>Set Up Toaster for Normal Usage:</emphasis>
|
||||
<!-- <listitem><para><emphasis>Set Up Toaster for Normal Usage:</emphasis>
|
||||
You need to configure each build environment, layer
|
||||
sources, and BitBake versions.</para>
|
||||
<para>Verify that your releases have been loaded correctly by
|
||||
@@ -539,9 +539,9 @@
|
||||
|
||||
# Go to Home, Bitbake Versions, Add bitbake version;
|
||||
# Take version information from: http://git.openembedded.org/bitbake/refs/heads,
|
||||
# This example assumes "master" version.
|
||||
# set Name: master, Giturl git://git.openembedded.org/bitbake
|
||||
# branch master, dirpath /
|
||||
# This example assumes "fido" version.
|
||||
# set Name: fido, Giturl git://git.openembedded.org/bitbake
|
||||
# branch fido, dirpath /
|
||||
# Save your changes and exit
|
||||
</literallayout>
|
||||
You also need to configure the project releases, the
|
||||
@@ -550,19 +550,19 @@
|
||||
Continuing with the example:
|
||||
<literallayout class='monospaced'>
|
||||
# Go to Home, Releases, Add release
|
||||
# set Name: master, Description: Current master release, select Bitbake Version,
|
||||
# and Branch: master
|
||||
# set Name: fido, Description: Current fido release, select Bitbake Version,
|
||||
# and Branch: fido
|
||||
# Save your changes and exit
|
||||
|
||||
# Go to Home, Toaster Settings, select the Setting for DEFAULT_RELEASE
|
||||
# set Helptext: This selects the default release., Value: master
|
||||
# set Helptext: This selects the default release., Value: fido
|
||||
# Save your changes and exit
|
||||
|
||||
# Go to Home, Bitbake Versions, Add bitbake version;
|
||||
# take version information from : http://git.openembedded.org/bitbake/refs/heads,
|
||||
# this manual assumes the master version
|
||||
# set Name: master, Giturl git://git.openembedded.org/bitbake
|
||||
# branch master, dirpath /
|
||||
# this manual assumes the fido version
|
||||
# set Name: fido, Giturl git://git.openembedded.org/bitbake
|
||||
# branch fido, dirpath /
|
||||
# Save your changes and exit
|
||||
|
||||
# Update the information
|
||||
@@ -573,6 +573,7 @@
|
||||
"<link linkend='toaster-useful-commands'>Useful Commands</link>"
|
||||
section.
|
||||
</para></listitem>
|
||||
-->
|
||||
<listitem><para><emphasis>Install and Set up the Database Server:</emphasis>
|
||||
You can use any SQL server out of the box.
|
||||
It is recommended that you use
|
||||
|
||||
@@ -36,6 +36,16 @@
|
||||
<date>April 2015</date>
|
||||
<revremark>Released with the Yocto Project 1.8 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.8.1</revnumber>
|
||||
<date>November 2015</date>
|
||||
<revremark>Released with the Yocto Project 1.8.1 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.8.2</revnumber>
|
||||
<date>March 2016</date>
|
||||
<revremark>Released with the Yocto Project 1.8.2 Release.</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<copyright>
|
||||
|
||||
@@ -2,32 +2,32 @@
|
||||
# This style is for manual folders like "yocto-project-qs" and "poky-ref-manual".
|
||||
# This is the old way that did it. Can't do that now that we have "bitbake-user-manual" strings
|
||||
# in the mega-manual.
|
||||
# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/poky-ref-manual\/poky-ref-manual.html#/\"link\" href=\"#/g
|
||||
# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/poky-ref-manual\/poky-ref-manual.html#/\"link\" href=\"#/g
|
||||
|
||||
# Processes all other manuals (<word>-<word> style) except for the BitBake User Manual because
|
||||
# it is not included in the mega-manual.
|
||||
# This style is for manual folders that use two word, which is the standard now (e.g. "ref-manual").
|
||||
# This was the one-liner that worked before we introduced the BitBake User Manual, which is
|
||||
# not in the mega-manual.
|
||||
# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
|
||||
# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
|
||||
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/adt-manual\/adt-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/bsp-guide\/bsp-guide.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/dev-manual\/dev-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/kernel-dev\/kernel-dev.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/profile-manual\/profile-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/ref-manual\/ref-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/toaster-manual\/toaster-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/adt-manual\/adt-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/bsp-guide\/bsp-guide.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/dev-manual\/dev-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/kernel-dev\/kernel-dev.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/profile-manual\/profile-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/ref-manual\/ref-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/toaster-manual\/toaster-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
|
||||
|
||||
# Process cases where just an external manual is referenced without an id anchor
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/adt-manual\/adt-manual.html\" target=\"_top\">Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/toaster-manual\/toaster-manual.html\" target=\"_top\">Toaster User Manual<\/a>/Toaster User Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/adt-manual\/adt-manual.html\" target=\"_top\">Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/toaster-manual\/toaster-manual.html\" target=\"_top\">Toaster User Manual<\/a>/Toaster User Manual/g
|
||||
|
||||
@@ -1,7 +1,16 @@
|
||||
<?xml version='1.0'?>
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
|
||||
|
||||
<xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<!--
|
||||
|
||||
<xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
<xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
|
||||
|
||||
-->
|
||||
|
||||
<xsl:import href="yocto-project-qs-titlepage.xsl"/>
|
||||
|
||||
<xsl:include href="../template/permalinks.xsl"/>
|
||||
|
||||
@@ -5,8 +5,17 @@
|
||||
xmlns:fo="http://www.w3.org/1999/XSL/Format"
|
||||
version="1.0">
|
||||
|
||||
<xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
<!--
|
||||
|
||||
<xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
<xsl:import
|
||||
href="http://docbook.sourceforge.net/release/xsl/1.76.1/eclipse/eclipse3.xsl" />
|
||||
|
||||
-->
|
||||
|
||||
<xsl:import href="yocto-project-qs-titlepage.xsl"/>
|
||||
|
||||
<xsl:param name="chunker.output.indent" select="'yes'"/>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
DISTRO = "poky"
|
||||
DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
|
||||
DISTRO_VERSION = "1.8.1"
|
||||
DISTRO_VERSION = "1.8.2"
|
||||
DISTRO_CODENAME = "fido"
|
||||
SDK_VENDOR = "-pokysdk"
|
||||
SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}"
|
||||
|
||||
@@ -219,11 +219,12 @@ BB_DISKMON_DIRS = "\
|
||||
# Qemu configuration
|
||||
#
|
||||
# By default qemu will build with a builtin VNC server where graphical output can be
|
||||
# seen. The two lines below enable the SDL backend too. This assumes there is a
|
||||
# libsdl library available on your build system.
|
||||
# seen. The two lines below enable the SDL backend too. By default libsdl-native will
|
||||
# be built, if you want to use your host's libSDL instead of the minimal libsdl built
|
||||
# by libsdl-native then uncomment the ASSUME_PROVIDED line below.
|
||||
PACKAGECONFIG_append_pn-qemu-native = " sdl"
|
||||
PACKAGECONFIG_append_pn-nativesdk-qemu = " sdl"
|
||||
ASSUME_PROVIDED += "libsdl-native"
|
||||
#ASSUME_PROVIDED += "libsdl-native"
|
||||
|
||||
|
||||
# CONF_VERSION is increased each time build/conf/ changes incompatibly and is used to
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
"name": "Local Yocto Project",
|
||||
"sourcetype": "local",
|
||||
"apiurl": "../../",
|
||||
"branches": ["HEAD", "master", "fido", "dizzy"],
|
||||
"branches": ["HEAD", "fido", "dizzy"],
|
||||
"layers": [
|
||||
{
|
||||
"name": "openembedded-core",
|
||||
@@ -39,23 +39,17 @@
|
||||
"name": "OpenEmbedded",
|
||||
"sourcetype": "layerindex",
|
||||
"apiurl": "http://layers.openembedded.org/layerindex/api/",
|
||||
"branches": ["master", "fido", "dizzy"]
|
||||
"branches": ["fido", "dizzy"]
|
||||
},
|
||||
{
|
||||
"name": "Imported layers",
|
||||
"sourcetype": "imported",
|
||||
"apiurl": "",
|
||||
"branches": ["master", "fido", "dizzy", "HEAD"]
|
||||
"branches": ["fido", "dizzy", "HEAD"]
|
||||
|
||||
}
|
||||
],
|
||||
"bitbake" : [
|
||||
{
|
||||
"name": "master",
|
||||
"giturl": "remote:origin",
|
||||
"branch": "master",
|
||||
"dirpath": "bitbake"
|
||||
},
|
||||
{
|
||||
"name": "fido",
|
||||
"giturl": "remote:origin",
|
||||
@@ -76,18 +70,9 @@
|
||||
}
|
||||
],
|
||||
|
||||
"defaultrelease": "master",
|
||||
"defaultrelease": "fido",
|
||||
|
||||
"releases": [
|
||||
{
|
||||
"name": "master",
|
||||
"description": "Yocto Project master",
|
||||
"bitbake": "master",
|
||||
"branch": "master",
|
||||
"defaultlayers": [ "openembedded-core", "meta-yocto", "meta-yocto-bsp"],
|
||||
"layersourcepriority": { "Imported layers": 99, "Local Yocto Project" : 10, "OpenEmbedded" : 0 },
|
||||
"helptext": "Toaster will run your builds using the tip of the <a href=\"http://git.yoctoproject.org/cgit/cgit.cgi/poky/log/\">Yocto Project master branch</a>, where active development takes place. This is not a stable branch, so your builds might not work as expected."
|
||||
},
|
||||
{
|
||||
"name": "fido",
|
||||
"description": "Yocto Project 1.8 Fido",
|
||||
|
||||
@@ -27,6 +27,10 @@ python () {
|
||||
d.setVar("PACKAGE_EXTRA_ARCHS", "")
|
||||
d.setVar("SDK_ARCH", "none")
|
||||
d.setVar("SDK_CC_ARCH", "none")
|
||||
d.setVar("TARGET_CPPFLAGS", "none")
|
||||
d.setVar("TARGET_CFLAGS", "none")
|
||||
d.setVar("TARGET_CXXFLAGS", "none")
|
||||
d.setVar("TARGET_LDFLAGS", "none")
|
||||
|
||||
# Avoid this being unnecessarily different due to nuances of
|
||||
# the target machine that aren't important for "all" arch
|
||||
|
||||
@@ -351,7 +351,10 @@ python () {
|
||||
newappends.append(a)
|
||||
elif a.startswith("virtual/"):
|
||||
subs = a.split("/", 1)[1]
|
||||
newappends.append("virtual/" + prefix + subs + extension)
|
||||
if subs.startswith(prefix):
|
||||
newappends.append(a + extension)
|
||||
else:
|
||||
newappends.append("virtual/" + prefix + subs + extension)
|
||||
else:
|
||||
if a.startswith(prefix):
|
||||
newappends.append(a + extension)
|
||||
|
||||
@@ -9,12 +9,23 @@ inherit qemu
|
||||
FONT_PACKAGES ??= "${PN}"
|
||||
FONT_EXTRA_RDEPENDS ?= "fontconfig-utils"
|
||||
FONTCONFIG_CACHE_DIR ?= "${localstatedir}/cache/fontconfig"
|
||||
FONTCONFIG_CACHE_PARAMS ?= "-v"
|
||||
# You can change this to e.g. FC_DEBUG=16 to debug fc-cache issues,
|
||||
# something has to be set, because qemuwrapper is using this variable after -E
|
||||
# multiple variables aren't allowed because for qemu they are separated
|
||||
# by comma and in -n "$D" case they should be separated by space
|
||||
FONTCONFIG_CACHE_ENV ?= "FC_DEBUG=1"
|
||||
fontcache_common() {
|
||||
if [ "x$D" != "x" ] ; then
|
||||
$INTERCEPT_DIR/postinst_intercept update_font_cache ${PKG} mlprefix=${MLPREFIX} bindir=${bindir} \
|
||||
libdir=${libdir} base_libdir=${base_libdir} fontconfigcachedir=${FONTCONFIG_CACHE_DIR}
|
||||
if [ -n "$D" ] ; then
|
||||
$INTERCEPT_DIR/postinst_intercept update_font_cache ${PKG} mlprefix=${MLPREFIX} \
|
||||
'bindir="${bindir}"' \
|
||||
'libdir="${libdir}"' \
|
||||
'base_libdir="${base_libdir}"' \
|
||||
'fontconfigcachedir="${FONTCONFIG_CACHE_DIR}"' \
|
||||
'fontconfigcacheparams="${FONTCONFIG_CACHE_PARAMS}"' \
|
||||
'fontconfigcacheenv="${FONTCONFIG_CACHE_ENV}"'
|
||||
else
|
||||
fc-cache
|
||||
${FONTCONFIG_CACHE_ENV} fc-cache ${FONTCONFIG_CACHE_PARAMS}
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
@@ -51,9 +51,13 @@ base_do_unpack_append () {
|
||||
if s != kernsrc:
|
||||
bb.utils.mkdirhier(kernsrc)
|
||||
bb.utils.remove(kernsrc, recurse=True)
|
||||
import subprocess
|
||||
subprocess.call(d.expand("mv ${S} ${STAGING_KERNEL_DIR}"), shell=True)
|
||||
os.symlink(kernsrc, s)
|
||||
if d.getVar("EXTERNALSRC", True):
|
||||
# With EXTERNALSRC S will not be wiped so we can symlink to it
|
||||
os.symlink(s, kernsrc)
|
||||
else:
|
||||
import shutil
|
||||
shutil.move(s, kernsrc)
|
||||
os.symlink(kernsrc, s)
|
||||
}
|
||||
|
||||
inherit kernel-arch deploy
|
||||
|
||||
@@ -166,7 +166,7 @@ populate_sdk_log_check() {
|
||||
done
|
||||
}
|
||||
|
||||
do_populate_sdk[dirs] = "${TOPDIR}"
|
||||
do_populate_sdk[dirs] = "${PKGDATA_DIR} ${TOPDIR}"
|
||||
do_populate_sdk[depends] += "${@' '.join([x + ':do_populate_sysroot' for x in d.getVar('SDK_DEPENDS', True).split()])} ${@d.getVarFlag('do_rootfs', 'depends', False)}"
|
||||
do_populate_sdk[rdepends] = "${@' '.join([x + ':do_populate_sysroot' for x in d.getVar('SDK_RDEPENDS', True).split()])}"
|
||||
do_populate_sdk[recrdeptask] += "do_packagedata do_package_write_rpm do_package_write_ipk do_package_write_deb"
|
||||
|
||||
@@ -30,8 +30,10 @@ TEST_EXPORT_ONLY ?= "0"
|
||||
|
||||
DEFAULT_TEST_SUITES = "ping auto"
|
||||
DEFAULT_TEST_SUITES_pn-core-image-minimal = "ping"
|
||||
DEFAULT_TEST_SUITES_pn-core-image-sato = "ping ssh df connman syslog xorg scp vnc date rpm smart dmesg python parselogs"
|
||||
DEFAULT_TEST_SUITES_pn-core-image-sato-sdk = "ping ssh df connman syslog xorg scp vnc date perl ldd gcc rpm smart kernelmodule dmesg python parselogs"
|
||||
DEFAULT_TEST_SUITES_pn-core-image-sato = "ping ssh df connman syslog xorg scp vnc date dmesg parselogs \
|
||||
${@bb.utils.contains('IMAGE_PKGTYPE', 'rpm', 'python smart rpm', '', d)}"
|
||||
DEFAULT_TEST_SUITES_pn-core-image-sato-sdk = "ping ssh df connman syslog xorg scp vnc date perl ldd gcc kernelmodule dmesg python parselogs \
|
||||
${@bb.utils.contains('IMAGE_PKGTYPE', 'rpm', 'smart rpm', '', d)}"
|
||||
DEFAULT_TEST_SUITES_pn-meta-toolchain = "auto"
|
||||
|
||||
# aarch64 has no graphics
|
||||
|
||||
@@ -45,5 +45,16 @@ SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
|
||||
gcc-cross-${TARGET_ARCH}->musl \
|
||||
gcc-cross-${TARGET_ARCH}->uclibc \
|
||||
gcc-cross-${TARGET_ARCH}->linux-libc-headers \
|
||||
ppp-dialin->ppp \
|
||||
resolvconf->bash \
|
||||
docbook-xsl-stylesheets->perl \
|
||||
initramfs-framework->busybox \
|
||||
initramfs-framework->systemd \
|
||||
initramfs-framework->udev \
|
||||
liberation-fonts->fontconfig \
|
||||
gnome-icon-theme->librsvg \
|
||||
font-alias->font-util \
|
||||
weston-init->weston \
|
||||
weston-init->kbd \
|
||||
"
|
||||
|
||||
|
||||
@@ -33,7 +33,7 @@ TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'thumb', ' -m${ARM_M_OPT}'
|
||||
OVERRIDES .= "${@bb.utils.contains('TUNE_FEATURES', 'thumb', ':thumb', '', d)}"
|
||||
|
||||
# Add suffix from ARM_THUMB_SUFFIX only if after all this we still set ARM_M_OPT to thumb
|
||||
ARMPKGSFX_THUMB .= "${@ d.getVar('ARM_THUMB_SUFFIX', True) if d.getVar('ARM_M_OPT', True) == 'thumb' else ''}"
|
||||
ARMPKGSFX_THUMB .= "${@bb.utils.contains('TUNE_FEATURES', 'thumb', '${ARM_THUMB_SUFFIX}', '', d) if d.getVar('ARM_M_OPT', True) == 'thumb' else ''}"
|
||||
|
||||
# Whether to compile with code to allow interworking between the two
|
||||
# instruction sets. This allows thumb code to be executed on a primarily
|
||||
|
||||
@@ -0,0 +1,50 @@
|
||||
Upstream-Status: Accepted
|
||||
Signed-off-by: Awais Belal <awais_belal@mentor.com>
|
||||
|
||||
From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001
|
||||
From: Hector Marco-Gisbert <hecmargi@upv.es>
|
||||
Date: Wed, 16 Dec 2015 04:57:18 +0000
|
||||
Subject: Fix security issue when reading username and password
|
||||
|
||||
This patch fixes two integer underflows at:
|
||||
* grub-core/lib/crypto.c
|
||||
* grub-core/normal/auth.c
|
||||
|
||||
CVE-2015-8370
|
||||
|
||||
Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
|
||||
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
|
||||
Also-By: Andrey Borzenkov <arvidjaar@gmail.com>
|
||||
---
|
||||
Index: grub-2.00/grub-core/lib/crypto.c
|
||||
===================================================================
|
||||
--- grub-2.00.orig/grub-core/lib/crypto.c
|
||||
+++ grub-2.00/grub-core/lib/crypto.c
|
||||
@@ -458,7 +458,8 @@ grub_password_get (char buf[], unsigned
|
||||
|
||||
if (key == '\b')
|
||||
{
|
||||
- cur_len--;
|
||||
+ if (cur_len)
|
||||
+ cur_len--;
|
||||
continue;
|
||||
}
|
||||
|
||||
Index: grub-2.00/grub-core/normal/auth.c
|
||||
===================================================================
|
||||
--- grub-2.00.orig/grub-core/normal/auth.c
|
||||
+++ grub-2.00/grub-core/normal/auth.c
|
||||
@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned
|
||||
|
||||
if (key == '\b')
|
||||
{
|
||||
- cur_len--;
|
||||
- grub_printf ("\b");
|
||||
+ if (cur_len)
|
||||
+ {
|
||||
+ cur_len--;
|
||||
+ grub_printf ("\b");
|
||||
+ }
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -25,6 +25,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
|
||||
file://grub-efi-allow-a-compilation-without-mcmodel-large.patch \
|
||||
file://grub-efi-fix-with-glibc-2.20.patch \
|
||||
file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \
|
||||
file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \
|
||||
"
|
||||
|
||||
DEPENDS = "flex-native bison-native xz"
|
||||
|
||||
194
meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch
Normal file
194
meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch
Normal file
@@ -0,0 +1,194 @@
|
||||
responses with a malformed class attribute can trigger an
|
||||
assertion failure in db.c
|
||||
|
||||
[security]
|
||||
Insufficient testing when parsing a message allowed records with
|
||||
an incorrect class to be be accepted, triggering a REQUIRE failure
|
||||
when those records were subsequently cached. (CVE-2015-8000) [RT#4098]
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
[The patch is taken from BIND 9.9.4:
|
||||
https://bugzilla.redhat.com/attachment.cgi?id=1105581]
|
||||
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
---
|
||||
diff --git a/lib/dns/include/dns/message.h b/lib/dns/include/dns/message.h
|
||||
index a6862fa..d999e75 100644
|
||||
--- a/lib/dns/include/dns/message.h
|
||||
+++ b/lib/dns/include/dns/message.h
|
||||
@@ -210,6 +210,8 @@ struct dns_message {
|
||||
unsigned int verify_attempted : 1;
|
||||
unsigned int free_query : 1;
|
||||
unsigned int free_saved : 1;
|
||||
+ unsigned int tkey : 1;
|
||||
+ unsigned int rdclass_set : 1;
|
||||
|
||||
unsigned int opt_reserved;
|
||||
unsigned int sig_reserved;
|
||||
@@ -1374,6 +1376,15 @@ dns_message_buildopt(dns_message_t *msg, dns_rdataset_t **opt,
|
||||
* \li other.
|
||||
*/
|
||||
|
||||
+void
|
||||
+dns_message_setclass(dns_message_t *msg, dns_rdataclass_t rdclass);
|
||||
+/*%<
|
||||
+ * Set the expected class of records in the response.
|
||||
+ *
|
||||
+ * Requires:
|
||||
+ * \li msg be a valid message with parsing intent.
|
||||
+ */
|
||||
+
|
||||
ISC_LANG_ENDDECLS
|
||||
|
||||
#endif /* DNS_MESSAGE_H */
|
||||
diff --git a/lib/dns/message.c b/lib/dns/message.c
|
||||
index 53efc5a..73def73 100644
|
||||
--- a/lib/dns/message.c
|
||||
+++ b/lib/dns/message.c
|
||||
@@ -436,6 +436,8 @@ msginit(dns_message_t *m) {
|
||||
m->saved.base = NULL;
|
||||
m->saved.length = 0;
|
||||
m->free_saved = 0;
|
||||
+ m->tkey = 0;
|
||||
+ m->rdclass_set = 0;
|
||||
m->querytsig = NULL;
|
||||
}
|
||||
|
||||
@@ -1086,13 +1088,19 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
|
||||
* If this class is different than the one we already read,
|
||||
* this is an error.
|
||||
*/
|
||||
- if (msg->state == DNS_SECTION_ANY) {
|
||||
- msg->state = DNS_SECTION_QUESTION;
|
||||
+ if (msg->rdclass_set == 0) {
|
||||
msg->rdclass = rdclass;
|
||||
+ msg->rdclass_set = 1;
|
||||
} else if (msg->rdclass != rdclass)
|
||||
DO_FORMERR;
|
||||
|
||||
/*
|
||||
+ * Is this a TKEY query?
|
||||
+ */
|
||||
+ if (rdtype == dns_rdatatype_tkey)
|
||||
+ msg->tkey = 1;
|
||||
+
|
||||
+ /*
|
||||
* Can't ask the same question twice.
|
||||
*/
|
||||
result = dns_message_find(name, rdclass, rdtype, 0, NULL);
|
||||
@@ -1236,12 +1244,12 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
|
||||
* If there was no question section, we may not yet have
|
||||
* established a class. Do so now.
|
||||
*/
|
||||
- if (msg->state == DNS_SECTION_ANY &&
|
||||
+ if (msg->rdclass_set == 0 &&
|
||||
rdtype != dns_rdatatype_opt && /* class is UDP SIZE */
|
||||
rdtype != dns_rdatatype_tsig && /* class is ANY */
|
||||
rdtype != dns_rdatatype_tkey) { /* class is undefined */
|
||||
msg->rdclass = rdclass;
|
||||
- msg->state = DNS_SECTION_QUESTION;
|
||||
+ msg->rdclass_set = 1;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1251,7 +1259,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
|
||||
if (msg->opcode != dns_opcode_update
|
||||
&& rdtype != dns_rdatatype_tsig
|
||||
&& rdtype != dns_rdatatype_opt
|
||||
- && rdtype != dns_rdatatype_dnskey /* in a TKEY query */
|
||||
+ && rdtype != dns_rdatatype_key /* in a TKEY query */
|
||||
&& rdtype != dns_rdatatype_sig /* SIG(0) */
|
||||
&& rdtype != dns_rdatatype_tkey /* Win2000 TKEY */
|
||||
&& msg->rdclass != dns_rdataclass_any
|
||||
@@ -1259,6 +1267,16 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
|
||||
DO_FORMERR;
|
||||
|
||||
/*
|
||||
+ * If this is not a TKEY query/response then the KEY
|
||||
+ * record's class needs to match.
|
||||
+ */
|
||||
+ if (msg->opcode != dns_opcode_update && !msg->tkey &&
|
||||
+ rdtype == dns_rdatatype_key &&
|
||||
+ msg->rdclass != dns_rdataclass_any &&
|
||||
+ msg->rdclass != rdclass)
|
||||
+ DO_FORMERR;
|
||||
+
|
||||
+ /*
|
||||
* Special type handling for TSIG, OPT, and TKEY.
|
||||
*/
|
||||
if (rdtype == dns_rdatatype_tsig) {
|
||||
@@ -1372,6 +1390,10 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
|
||||
skip_name_search = ISC_TRUE;
|
||||
skip_type_search = ISC_TRUE;
|
||||
issigzero = ISC_TRUE;
|
||||
+ } else {
|
||||
+ if (msg->rdclass != dns_rdataclass_any &&
|
||||
+ msg->rdclass != rdclass)
|
||||
+ DO_FORMERR;
|
||||
}
|
||||
} else
|
||||
covers = 0;
|
||||
@@ -1610,6 +1632,7 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source,
|
||||
msg->counts[DNS_SECTION_ADDITIONAL] = isc_buffer_getuint16(source);
|
||||
|
||||
msg->header_ok = 1;
|
||||
+ msg->state = DNS_SECTION_QUESTION;
|
||||
|
||||
/*
|
||||
* -1 means no EDNS.
|
||||
@@ -3550,3 +3573,15 @@ dns_message_buildopt(dns_message_t *message, dns_rdataset_t **rdatasetp,
|
||||
dns_message_puttemprdatalist(message, &rdatalist);
|
||||
return (result);
|
||||
}
|
||||
+
|
||||
+void
|
||||
+dns_message_setclass(dns_message_t *msg, dns_rdataclass_t rdclass) {
|
||||
+
|
||||
+ REQUIRE(DNS_MESSAGE_VALID(msg));
|
||||
+ REQUIRE(msg->from_to_wire == DNS_MESSAGE_INTENTPARSE);
|
||||
+ REQUIRE(msg->state == DNS_SECTION_ANY);
|
||||
+ REQUIRE(msg->rdclass_set == 0);
|
||||
+
|
||||
+ msg->rdclass = rdclass;
|
||||
+ msg->rdclass_set = 1;
|
||||
+}
|
||||
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
|
||||
index aa23b11..d220986 100644
|
||||
--- a/lib/dns/resolver.c
|
||||
+++ b/lib/dns/resolver.c
|
||||
@@ -6964,6 +6964,8 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
+ dns_message_setclass(message, fctx->res->rdclass);
|
||||
+
|
||||
result = dns_message_parse(message, &devent->buffer, 0);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
switch (result) {
|
||||
@@ -7036,6 +7038,12 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
|
||||
*/
|
||||
log_packet(message, ISC_LOG_DEBUG(10), fctx->res->mctx);
|
||||
|
||||
+ if (message->rdclass != fctx->res->rdclass) {
|
||||
+ resend = ISC_TRUE;
|
||||
+ FCTXTRACE("bad class");
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
/*
|
||||
* Process receive opt record.
|
||||
*/
|
||||
diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
|
||||
index 9ad8960..938373a 100644
|
||||
--- a/lib/dns/xfrin.c
|
||||
+++ b/lib/dns/xfrin.c
|
||||
@@ -1241,6 +1241,8 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) {
|
||||
msg->tsigctx = xfr->tsigctx;
|
||||
xfr->tsigctx = NULL;
|
||||
|
||||
+ dns_message_setclass(msg, xfr->rdclass);
|
||||
+
|
||||
if (xfr->nmsg > 0)
|
||||
msg->tcp_continuation = 1;
|
||||
|
||||
45
meta/recipes-connectivity/bind/bind/CVE-2015-8461.patch
Normal file
45
meta/recipes-connectivity/bind/bind/CVE-2015-8461.patch
Normal file
@@ -0,0 +1,45 @@
|
||||
From adbf81335b67be0cebdcf9f1f4fcb38ef4814f4d Mon Sep 17 00:00:00 2001
|
||||
From: Mark Andrews <marka@isc.org>
|
||||
Date: Thu, 25 Jun 2015 18:36:27 +1000
|
||||
Subject: [PATCH] 4146. [bug] Address reference leak that could
|
||||
prevent a clean shutdown. [RT #37125]
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=adbf81335b67be0cebdcf9f1f4fcb38ef4814f4d
|
||||
|
||||
CVE: CVE-2015-8461
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
---
|
||||
CHANGES | 3 +++
|
||||
lib/dns/resolver.c | 5 +++++
|
||||
2 files changed, 8 insertions(+)
|
||||
|
||||
Index: bind-9.9.5/lib/dns/resolver.c
|
||||
===================================================================
|
||||
--- bind-9.9.5.orig/lib/dns/resolver.c
|
||||
+++ bind-9.9.5/lib/dns/resolver.c
|
||||
@@ -1570,6 +1570,11 @@ fctx_query(fetchctx_t *fctx, dns_adbaddr
|
||||
if (query->dispatch != NULL)
|
||||
dns_dispatch_detach(&query->dispatch);
|
||||
|
||||
+ LOCK(&res->buckets[fctx->bucketnum].lock);
|
||||
+ INSIST(fctx->references > 1);
|
||||
+ fctx->references--;
|
||||
+ UNLOCK(&res->buckets[fctx->bucketnum].lock);
|
||||
+
|
||||
cleanup_query:
|
||||
if (query->connects == 0) {
|
||||
query->magic = 0;
|
||||
Index: bind-9.9.5/CHANGES
|
||||
===================================================================
|
||||
--- bind-9.9.5.orig/CHANGES
|
||||
+++ bind-9.9.5/CHANGES
|
||||
@@ -1,4 +1,7 @@
|
||||
--- 9.9.6-P2 released ---
|
||||
+4146. [bug] Address reference leak that could prevent a clean
|
||||
+ shutdown. [RT #37125]
|
||||
+
|
||||
|
||||
4053. [security] Revoking a managed trust anchor and supplying
|
||||
an untrusted replacement could cause named
|
||||
29
meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
Normal file
29
meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
Normal file
@@ -0,0 +1,29 @@
|
||||
Upstream-Status: Backport
|
||||
|
||||
https://bugzilla.redhat.com/attachment.cgi?id=1115781
|
||||
|
||||
CVE: CVE-2015-8704
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
Index: bind-9.9.5/lib/dns/rdata/in_1/apl_42.c
|
||||
===================================================================
|
||||
--- bind-9.9.5.orig/lib/dns/rdata/in_1/apl_42.c
|
||||
+++ bind-9.9.5/lib/dns/rdata/in_1/apl_42.c
|
||||
@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) {
|
||||
isc_uint8_t len;
|
||||
isc_boolean_t neg;
|
||||
unsigned char buf[16];
|
||||
- char txt[sizeof(" !64000")];
|
||||
+ char txt[sizeof(" !64000:")];
|
||||
const char *sep = "";
|
||||
int n;
|
||||
|
||||
@@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) {
|
||||
isc_region_consume(&sr, 1);
|
||||
INSIST(len <= sr.length);
|
||||
n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
|
||||
- neg ? "!": "", afi);
|
||||
+ neg ? "!" : "", afi);
|
||||
INSIST(n < (int)sizeof(txt));
|
||||
RETERR(str_totext(txt, target));
|
||||
switch (afi) {
|
||||
141
meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
Normal file
141
meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
Normal file
@@ -0,0 +1,141 @@
|
||||
From 31e4657cf246e41d4c5c890315cb6cf89a0db25a Mon Sep 17 00:00:00 2001
|
||||
From: Mark Andrews <marka@isc.org>
|
||||
Date: Thu, 18 Feb 2016 12:11:27 +1100
|
||||
Subject: [PATCH] 4318. [security] Malformed control messages can
|
||||
trigger assertions in named and rndc. (CVE-2016-1285) [RT #41666]
|
||||
|
||||
(cherry picked from commit a2b15b3305acd52179e6f3dc7d073b07fbc40b8e)
|
||||
|
||||
CVE: CVE-2016-1285
|
||||
Upstream-Status: Backport
|
||||
|
||||
[Skipped CHANGES and doc/arm/notes.xml changes.]
|
||||
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
---
|
||||
CHANGES | 3 +++
|
||||
bin/named/control.c | 2 +-
|
||||
bin/named/controlconf.c | 2 +-
|
||||
bin/rndc/rndc.c | 8 ++++----
|
||||
doc/arm/notes.xml | 8 ++++++++
|
||||
lib/isccc/cc.c | 14 +++++++-------
|
||||
6 files changed, 24 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/bin/named/control.c b/bin/named/control.c
|
||||
index 01fbe35..b1b744f 100644
|
||||
--- a/bin/named/control.c
|
||||
+++ b/bin/named/control.c
|
||||
@@ -89,7 +89,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
|
||||
#endif
|
||||
|
||||
data = isccc_alist_lookup(message, "_data");
|
||||
- if (data == NULL) {
|
||||
+ if (!isccc_alist_alistp(data)) {
|
||||
/*
|
||||
* No data section.
|
||||
*/
|
||||
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
|
||||
index 95feaf5..31bdc48 100644
|
||||
--- a/bin/named/controlconf.c
|
||||
+++ b/bin/named/controlconf.c
|
||||
@@ -397,7 +397,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
|
||||
* Limit exposure to replay attacks.
|
||||
*/
|
||||
_ctrl = isccc_alist_lookup(request, "_ctrl");
|
||||
- if (_ctrl == NULL) {
|
||||
+ if (!isccc_alist_alistp(_ctrl)) {
|
||||
log_invalid(&conn->ccmsg, ISC_R_FAILURE);
|
||||
goto cleanup_request;
|
||||
}
|
||||
diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
|
||||
index c7d8fe1..ba3ac3a 100644
|
||||
--- a/bin/rndc/rndc.c
|
||||
+++ b/bin/rndc/rndc.c
|
||||
@@ -249,8 +249,8 @@ rndc_recvdone(isc_task_t *task, isc_event_t *event) {
|
||||
DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
|
||||
|
||||
data = isccc_alist_lookup(response, "_data");
|
||||
- if (data == NULL)
|
||||
- fatal("no data section in response");
|
||||
+ if (!isccc_alist_alistp(data))
|
||||
+ fatal("bad or missing data section in response");
|
||||
result = isccc_cc_lookupstring(data, "err", &errormsg);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
failed = ISC_TRUE;
|
||||
@@ -313,8 +313,8 @@ rndc_recvnonce(isc_task_t *task, isc_event_t *event) {
|
||||
DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
|
||||
|
||||
_ctrl = isccc_alist_lookup(response, "_ctrl");
|
||||
- if (_ctrl == NULL)
|
||||
- fatal("_ctrl section missing");
|
||||
+ if (!isccc_alist_alistp(_ctrl))
|
||||
+ fatal("bad or missing ctrl section in response");
|
||||
nonce = 0;
|
||||
if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS)
|
||||
nonce = 0;
|
||||
|
||||
diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
|
||||
index 9915568..ffcd584 100644
|
||||
--- a/lib/isccc/cc.c
|
||||
+++ b/lib/isccc/cc.c
|
||||
@@ -284,10 +284,10 @@ verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
|
||||
* Extract digest.
|
||||
*/
|
||||
_auth = isccc_alist_lookup(alist, "_auth");
|
||||
- if (_auth == NULL)
|
||||
+ if (!isccc_alist_alistp(_auth))
|
||||
return (ISC_R_FAILURE);
|
||||
hmd5 = isccc_alist_lookup(_auth, "hmd5");
|
||||
- if (hmd5 == NULL)
|
||||
+ if (!isccc_sexpr_binaryp(hmac))
|
||||
return (ISC_R_FAILURE);
|
||||
/*
|
||||
* Compute digest.
|
||||
@@ -540,7 +540,7 @@ isccc_cc_createack(isccc_sexpr_t *message, isc_boolean_t ok,
|
||||
REQUIRE(ackp != NULL && *ackp == NULL);
|
||||
|
||||
_ctrl = isccc_alist_lookup(message, "_ctrl");
|
||||
- if (_ctrl == NULL ||
|
||||
+ if (!isccc_alist_alistp(_ctrl) ||
|
||||
isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
|
||||
isccc_cc_lookupuint32(_ctrl, "_tim", &t) != ISC_R_SUCCESS)
|
||||
return (ISC_R_FAILURE);
|
||||
@@ -584,7 +584,7 @@ isccc_cc_isack(isccc_sexpr_t *message) {
|
||||
isccc_sexpr_t *_ctrl;
|
||||
|
||||
_ctrl = isccc_alist_lookup(message, "_ctrl");
|
||||
- if (_ctrl == NULL)
|
||||
+ if (!isccc_alist_alistp(_ctrl))
|
||||
return (ISC_FALSE);
|
||||
if (isccc_cc_lookupstring(_ctrl, "_ack", NULL) == ISC_R_SUCCESS)
|
||||
return (ISC_TRUE);
|
||||
@@ -596,7 +596,7 @@ isccc_cc_isreply(isccc_sexpr_t *message) {
|
||||
isccc_sexpr_t *_ctrl;
|
||||
|
||||
_ctrl = isccc_alist_lookup(message, "_ctrl");
|
||||
- if (_ctrl == NULL)
|
||||
+ if (!isccc_alist_alistp(_ctrl))
|
||||
return (ISC_FALSE);
|
||||
if (isccc_cc_lookupstring(_ctrl, "_rpl", NULL) == ISC_R_SUCCESS)
|
||||
return (ISC_TRUE);
|
||||
@@ -616,7 +616,7 @@ isccc_cc_createresponse(isccc_sexpr_t *message, isccc_time_t now,
|
||||
|
||||
_ctrl = isccc_alist_lookup(message, "_ctrl");
|
||||
_data = isccc_alist_lookup(message, "_data");
|
||||
- if (_ctrl == NULL || _data == NULL ||
|
||||
+ if (!isccc_alist_alistp(_ctrl) || !isccc_alist_alistp(_data) ||
|
||||
isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
|
||||
isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS)
|
||||
return (ISC_R_FAILURE);
|
||||
@@ -797,7 +797,7 @@ isccc_cc_checkdup(isccc_symtab_t *symtab, isccc_sexpr_t *message,
|
||||
isccc_sexpr_t *_ctrl;
|
||||
|
||||
_ctrl = isccc_alist_lookup(message, "_ctrl");
|
||||
- if (_ctrl == NULL ||
|
||||
+ if (!isccc_alist_alistp(_ctrl) ||
|
||||
isccc_cc_lookupstring(_ctrl, "_ser", &_ser) != ISC_R_SUCCESS ||
|
||||
isccc_cc_lookupstring(_ctrl, "_tim", &_tim) != ISC_R_SUCCESS)
|
||||
return (ISC_R_FAILURE);
|
||||
--
|
||||
1.9.1
|
||||
|
||||
78
meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
Normal file
78
meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
Normal file
@@ -0,0 +1,78 @@
|
||||
From 76c3c9fe9f3f1353b47214b8f98b3d7f53e10bc7 Mon Sep 17 00:00:00 2001
|
||||
From: Mukund Sivaraman <muks@isc.org>
|
||||
Date: Mon, 22 Feb 2016 12:22:43 +0530
|
||||
Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling
|
||||
(CVE-2016-1286) (#41753)
|
||||
|
||||
(cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673)
|
||||
(cherry picked from commit 456e1eadd2a3a2fb9617e60d4db90ef4ba7c6ba3)
|
||||
|
||||
CVE: CVE-2016-1286
|
||||
Upstream-Status: Backport
|
||||
|
||||
[Skipped CHANGES and doc/arm/notes.xml changes.]
|
||||
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
---
|
||||
CHANGES | 4 ++++
|
||||
doc/arm/notes.xml | 7 +++++++
|
||||
lib/dns/resolver.c | 33 ++++++++++++++++++---------------
|
||||
3 files changed, 29 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
|
||||
index 735f7d2..0602070 100644
|
||||
--- a/lib/dns/resolver.c
|
||||
+++ b/lib/dns/resolver.c
|
||||
@@ -6701,21 +6701,26 @@ answer_response(fetchctx_t *fctx) {
|
||||
isc_boolean_t found_dname = ISC_FALSE;
|
||||
dns_name_t *dname_name;
|
||||
|
||||
+ /*
|
||||
+ * Only pass DNAME or RRSIG(DNAME).
|
||||
+ */
|
||||
+ if (rdataset->type != dns_rdatatype_dname &&
|
||||
+ (rdataset->type != dns_rdatatype_rrsig ||
|
||||
+ rdataset->covers != dns_rdatatype_dname))
|
||||
+ continue;
|
||||
+
|
||||
+ /*
|
||||
+ * If we're not chaining, then the DNAME and
|
||||
+ * its signature should not be external.
|
||||
+ */
|
||||
+ if (!chaining && external) {
|
||||
+ log_formerr(fctx, "external DNAME");
|
||||
+ return (DNS_R_FORMERR);
|
||||
+ }
|
||||
+
|
||||
found = ISC_FALSE;
|
||||
aflag = 0;
|
||||
if (rdataset->type == dns_rdatatype_dname) {
|
||||
- /*
|
||||
- * We're looking for something else,
|
||||
- * but we found a DNAME.
|
||||
- *
|
||||
- * If we're not chaining, then the
|
||||
- * DNAME should not be external.
|
||||
- */
|
||||
- if (!chaining && external) {
|
||||
- log_formerr(fctx,
|
||||
- "external DNAME");
|
||||
- return (DNS_R_FORMERR);
|
||||
- }
|
||||
found = ISC_TRUE;
|
||||
want_chaining = ISC_TRUE;
|
||||
POST(want_chaining);
|
||||
@@ -6744,9 +6749,7 @@ answer_response(fetchctx_t *fctx) {
|
||||
&fctx->domain)) {
|
||||
return (DNS_R_SERVFAIL);
|
||||
}
|
||||
- } else if (rdataset->type == dns_rdatatype_rrsig
|
||||
- && rdataset->covers ==
|
||||
- dns_rdatatype_dname) {
|
||||
+ } else {
|
||||
/*
|
||||
* We've found a signature that
|
||||
* covers the DNAME.
|
||||
--
|
||||
1.9.1
|
||||
|
||||
318
meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
Normal file
318
meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
Normal file
@@ -0,0 +1,318 @@
|
||||
From ce3cd91caee698cb144e1350c6c78292c6be6339 Mon Sep 17 00:00:00 2001
|
||||
From: Mark Andrews <marka@isc.org>
|
||||
Date: Mon, 29 Feb 2016 07:16:48 +1100
|
||||
Subject: [PATCH] Part 2 of: 4319. [security] Fix resolver assertion
|
||||
failure due to improper DNAME handling when parsing
|
||||
fetch reply messages. (CVE-2016-1286) [RT #41753]
|
||||
|
||||
(cherry picked from commit 2de89ee9de8c8da9dc153a754b02dcdbb7fe2374)
|
||||
|
||||
CVE: CVE-2016-1286
|
||||
Upstream-Status: Backport
|
||||
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
---
|
||||
lib/dns/resolver.c | 192 ++++++++++++++++++++++++++---------------------------
|
||||
1 file changed, 93 insertions(+), 99 deletions(-)
|
||||
|
||||
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
|
||||
index 0602070..273e06c 100644
|
||||
--- a/lib/dns/resolver.c
|
||||
+++ b/lib/dns/resolver.c
|
||||
@@ -5808,14 +5808,11 @@ cname_target(dns_rdataset_t *rdataset, dns_name_t *tname) {
|
||||
}
|
||||
|
||||
static inline isc_result_t
|
||||
-dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
|
||||
- dns_name_t *oname, dns_fixedname_t *fixeddname)
|
||||
+dname_target(dns_rdataset_t *rdataset, dns_name_t *qname,
|
||||
+ unsigned int nlabels, dns_fixedname_t *fixeddname)
|
||||
{
|
||||
isc_result_t result;
|
||||
dns_rdata_t rdata = DNS_RDATA_INIT;
|
||||
- unsigned int nlabels;
|
||||
- int order;
|
||||
- dns_namereln_t namereln;
|
||||
dns_rdata_dname_t dname;
|
||||
dns_fixedname_t prefix;
|
||||
|
||||
@@ -5830,21 +5827,6 @@ dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (result);
|
||||
|
||||
- /*
|
||||
- * Get the prefix of qname.
|
||||
- */
|
||||
- namereln = dns_name_fullcompare(qname, oname, &order, &nlabels);
|
||||
- if (namereln != dns_namereln_subdomain) {
|
||||
- char qbuf[DNS_NAME_FORMATSIZE];
|
||||
- char obuf[DNS_NAME_FORMATSIZE];
|
||||
-
|
||||
- dns_rdata_freestruct(&dname);
|
||||
- dns_name_format(qname, qbuf, sizeof(qbuf));
|
||||
- dns_name_format(oname, obuf, sizeof(obuf));
|
||||
- log_formerr(fctx, "unrelated DNAME in answer: "
|
||||
- "%s is not in %s", qbuf, obuf);
|
||||
- return (DNS_R_FORMERR);
|
||||
- }
|
||||
dns_fixedname_init(&prefix);
|
||||
dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
|
||||
dns_fixedname_init(fixeddname);
|
||||
@@ -6470,13 +6452,13 @@ static isc_result_t
|
||||
answer_response(fetchctx_t *fctx) {
|
||||
isc_result_t result;
|
||||
dns_message_t *message;
|
||||
- dns_name_t *name, *qname, tname, *ns_name;
|
||||
+ dns_name_t *name, *dname, *qname, tname, *ns_name;
|
||||
dns_rdataset_t *rdataset, *ns_rdataset;
|
||||
isc_boolean_t done, external, chaining, aa, found, want_chaining;
|
||||
isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
|
||||
unsigned int aflag;
|
||||
dns_rdatatype_t type;
|
||||
- dns_fixedname_t dname, fqname;
|
||||
+ dns_fixedname_t fdname, fqname;
|
||||
dns_view_t *view;
|
||||
|
||||
FCTXTRACE("answer_response");
|
||||
@@ -6504,10 +6486,15 @@ answer_response(fetchctx_t *fctx) {
|
||||
view = fctx->res->view;
|
||||
result = dns_message_firstname(message, DNS_SECTION_ANSWER);
|
||||
while (!done && result == ISC_R_SUCCESS) {
|
||||
+ dns_namereln_t namereln;
|
||||
+ int order;
|
||||
+ unsigned int nlabels;
|
||||
+
|
||||
name = NULL;
|
||||
dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
|
||||
external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
|
||||
- if (dns_name_equal(name, qname)) {
|
||||
+ namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
|
||||
+ if (namereln == dns_namereln_equal) {
|
||||
wanted_chaining = ISC_FALSE;
|
||||
for (rdataset = ISC_LIST_HEAD(name->list);
|
||||
rdataset != NULL;
|
||||
@@ -6632,10 +6619,11 @@ answer_response(fetchctx_t *fctx) {
|
||||
*/
|
||||
INSIST(!external);
|
||||
if (aflag ==
|
||||
- DNS_RDATASETATTR_ANSWER)
|
||||
+ DNS_RDATASETATTR_ANSWER) {
|
||||
have_answer = ISC_TRUE;
|
||||
- name->attributes |=
|
||||
- DNS_NAMEATTR_ANSWER;
|
||||
+ name->attributes |=
|
||||
+ DNS_NAMEATTR_ANSWER;
|
||||
+ }
|
||||
rdataset->attributes |= aflag;
|
||||
if (aa)
|
||||
rdataset->trust =
|
||||
@@ -6690,6 +6678,8 @@ answer_response(fetchctx_t *fctx) {
|
||||
if (wanted_chaining)
|
||||
chaining = ISC_TRUE;
|
||||
} else {
|
||||
+ dns_rdataset_t *dnameset = NULL;
|
||||
+
|
||||
/*
|
||||
* Look for a DNAME (or its SIG). Anything else is
|
||||
* ignored.
|
||||
@@ -6697,10 +6687,8 @@ answer_response(fetchctx_t *fctx) {
|
||||
wanted_chaining = ISC_FALSE;
|
||||
for (rdataset = ISC_LIST_HEAD(name->list);
|
||||
rdataset != NULL;
|
||||
- rdataset = ISC_LIST_NEXT(rdataset, link)) {
|
||||
- isc_boolean_t found_dname = ISC_FALSE;
|
||||
- dns_name_t *dname_name;
|
||||
-
|
||||
+ rdataset = ISC_LIST_NEXT(rdataset, link))
|
||||
+ {
|
||||
/*
|
||||
* Only pass DNAME or RRSIG(DNAME).
|
||||
*/
|
||||
@@ -6714,20 +6702,41 @@ answer_response(fetchctx_t *fctx) {
|
||||
* its signature should not be external.
|
||||
*/
|
||||
if (!chaining && external) {
|
||||
- log_formerr(fctx, "external DNAME");
|
||||
+ char qbuf[DNS_NAME_FORMATSIZE];
|
||||
+ char obuf[DNS_NAME_FORMATSIZE];
|
||||
+
|
||||
+ dns_name_format(name, qbuf,
|
||||
+ sizeof(qbuf));
|
||||
+ dns_name_format(&fctx->domain, obuf,
|
||||
+ sizeof(obuf));
|
||||
+ log_formerr(fctx, "external DNAME or "
|
||||
+ "RRSIG covering DNAME "
|
||||
+ "in answer: %s is "
|
||||
+ "not in %s", qbuf, obuf);
|
||||
+ return (DNS_R_FORMERR);
|
||||
+ }
|
||||
+
|
||||
+ if (namereln != dns_namereln_subdomain) {
|
||||
+ char qbuf[DNS_NAME_FORMATSIZE];
|
||||
+ char obuf[DNS_NAME_FORMATSIZE];
|
||||
+
|
||||
+ dns_name_format(qname, qbuf,
|
||||
+ sizeof(qbuf));
|
||||
+ dns_name_format(name, obuf,
|
||||
+ sizeof(obuf));
|
||||
+ log_formerr(fctx, "unrelated DNAME "
|
||||
+ "in answer: %s is "
|
||||
+ "not in %s", qbuf, obuf);
|
||||
return (DNS_R_FORMERR);
|
||||
}
|
||||
|
||||
- found = ISC_FALSE;
|
||||
aflag = 0;
|
||||
if (rdataset->type == dns_rdatatype_dname) {
|
||||
- found = ISC_TRUE;
|
||||
want_chaining = ISC_TRUE;
|
||||
POST(want_chaining);
|
||||
aflag = DNS_RDATASETATTR_ANSWER;
|
||||
- result = dname_target(fctx, rdataset,
|
||||
- qname, name,
|
||||
- &dname);
|
||||
+ result = dname_target(rdataset, qname,
|
||||
+ nlabels, &fdname);
|
||||
if (result == ISC_R_NOSPACE) {
|
||||
/*
|
||||
* We can't construct the
|
||||
@@ -6739,14 +6748,12 @@ answer_response(fetchctx_t *fctx) {
|
||||
} else if (result != ISC_R_SUCCESS)
|
||||
return (result);
|
||||
else
|
||||
- found_dname = ISC_TRUE;
|
||||
+ dnameset = rdataset;
|
||||
|
||||
- dname_name = dns_fixedname_name(&dname);
|
||||
+ dname = dns_fixedname_name(&fdname);
|
||||
if (!is_answertarget_allowed(view,
|
||||
- qname,
|
||||
- rdataset->type,
|
||||
- dname_name,
|
||||
- &fctx->domain)) {
|
||||
+ qname, rdataset->type,
|
||||
+ dname, &fctx->domain)) {
|
||||
return (DNS_R_SERVFAIL);
|
||||
}
|
||||
} else {
|
||||
@@ -6754,73 +6761,60 @@ answer_response(fetchctx_t *fctx) {
|
||||
* We've found a signature that
|
||||
* covers the DNAME.
|
||||
*/
|
||||
- found = ISC_TRUE;
|
||||
aflag = DNS_RDATASETATTR_ANSWERSIG;
|
||||
}
|
||||
|
||||
- if (found) {
|
||||
+ /*
|
||||
+ * We've found an answer to our
|
||||
+ * question.
|
||||
+ */
|
||||
+ name->attributes |= DNS_NAMEATTR_CACHE;
|
||||
+ rdataset->attributes |= DNS_RDATASETATTR_CACHE;
|
||||
+ rdataset->trust = dns_trust_answer;
|
||||
+ if (!chaining) {
|
||||
/*
|
||||
- * We've found an answer to our
|
||||
- * question.
|
||||
+ * This data is "the" answer to
|
||||
+ * our question only if we're
|
||||
+ * not chaining.
|
||||
*/
|
||||
- name->attributes |=
|
||||
- DNS_NAMEATTR_CACHE;
|
||||
- rdataset->attributes |=
|
||||
- DNS_RDATASETATTR_CACHE;
|
||||
- rdataset->trust = dns_trust_answer;
|
||||
- if (!chaining) {
|
||||
- /*
|
||||
- * This data is "the" answer
|
||||
- * to our question only if
|
||||
- * we're not chaining.
|
||||
- */
|
||||
- INSIST(!external);
|
||||
- if (aflag ==
|
||||
- DNS_RDATASETATTR_ANSWER)
|
||||
- have_answer = ISC_TRUE;
|
||||
+ INSIST(!external);
|
||||
+ if (aflag == DNS_RDATASETATTR_ANSWER) {
|
||||
+ have_answer = ISC_TRUE;
|
||||
name->attributes |=
|
||||
DNS_NAMEATTR_ANSWER;
|
||||
- rdataset->attributes |= aflag;
|
||||
- if (aa)
|
||||
- rdataset->trust =
|
||||
- dns_trust_authanswer;
|
||||
- } else if (external) {
|
||||
- rdataset->attributes |=
|
||||
- DNS_RDATASETATTR_EXTERNAL;
|
||||
- }
|
||||
-
|
||||
- /*
|
||||
- * DNAME chaining.
|
||||
- */
|
||||
- if (found_dname) {
|
||||
- /*
|
||||
- * Copy the dname into the
|
||||
- * qname fixed name.
|
||||
- *
|
||||
- * Although we check for
|
||||
- * failure of the copy
|
||||
- * operation, in practice it
|
||||
- * should never fail since
|
||||
- * we already know that the
|
||||
- * result fits in a fixedname.
|
||||
- */
|
||||
- dns_fixedname_init(&fqname);
|
||||
- result = dns_name_copy(
|
||||
- dns_fixedname_name(&dname),
|
||||
- dns_fixedname_name(&fqname),
|
||||
- NULL);
|
||||
- if (result != ISC_R_SUCCESS)
|
||||
- return (result);
|
||||
- wanted_chaining = ISC_TRUE;
|
||||
- name->attributes |=
|
||||
- DNS_NAMEATTR_CHAINING;
|
||||
- rdataset->attributes |=
|
||||
- DNS_RDATASETATTR_CHAINING;
|
||||
- qname = dns_fixedname_name(
|
||||
- &fqname);
|
||||
}
|
||||
+ rdataset->attributes |= aflag;
|
||||
+ if (aa)
|
||||
+ rdataset->trust =
|
||||
+ dns_trust_authanswer;
|
||||
+ } else if (external) {
|
||||
+ rdataset->attributes |=
|
||||
+ DNS_RDATASETATTR_EXTERNAL;
|
||||
}
|
||||
}
|
||||
+
|
||||
+ /*
|
||||
+ * DNAME chaining.
|
||||
+ */
|
||||
+ if (dnameset != NULL) {
|
||||
+ /*
|
||||
+ * Copy the dname into the qname fixed name.
|
||||
+ *
|
||||
+ * Although we check for failure of the copy
|
||||
+ * operation, in practice it should never fail
|
||||
+ * since we already know that the result fits
|
||||
+ * in a fixedname.
|
||||
+ */
|
||||
+ dns_fixedname_init(&fqname);
|
||||
+ qname = dns_fixedname_name(&fqname);
|
||||
+ result = dns_name_copy(dname, qname, NULL);
|
||||
+ if (result != ISC_R_SUCCESS)
|
||||
+ return (result);
|
||||
+ wanted_chaining = ISC_TRUE;
|
||||
+ name->attributes |= DNS_NAMEATTR_CHAINING;
|
||||
+ dnameset->attributes |=
|
||||
+ DNS_RDATASETATTR_CHAINING;
|
||||
+ }
|
||||
if (wanted_chaining)
|
||||
chaining = ISC_TRUE;
|
||||
}
|
||||
--
|
||||
1.9.1
|
||||
|
||||
@@ -0,0 +1,31 @@
|
||||
From a078c9eeae8c2db7edf2b15ff1d25a3a297c7512 Mon Sep 17 00:00:00 2001
|
||||
From: Evan Hunt <each@isc.org>
|
||||
Date: Wed, 17 Feb 2016 19:13:22 -0800
|
||||
Subject: [PATCH] [v9_9] fix backport error
|
||||
|
||||
This fixes typo in the:
|
||||
CVE-2016-1285.patch [upstream commit 31e4657cf246e41d4c5c890315cb6cf89a0db25a]
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
---
|
||||
lib/isccc/cc.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
|
||||
index ffcd584..9c7d18c 100644
|
||||
--- a/lib/isccc/cc.c
|
||||
+++ b/lib/isccc/cc.c
|
||||
@@ -287,7 +287,7 @@ verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
|
||||
if (!isccc_alist_alistp(_auth))
|
||||
return (ISC_R_FAILURE);
|
||||
hmd5 = isccc_alist_lookup(_auth, "hmd5");
|
||||
- if (!isccc_sexpr_binaryp(hmac))
|
||||
+ if (!isccc_sexpr_binaryp(hmd5))
|
||||
return (ISC_R_FAILURE);
|
||||
/*
|
||||
* Compute digest.
|
||||
--
|
||||
1.9.1
|
||||
|
||||
@@ -25,7 +25,14 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
|
||||
file://CVE-2015-1349.patch \
|
||||
file://CVE-2015-4620.patch \
|
||||
file://CVE-2015-5722.patch \
|
||||
"
|
||||
file://CVE-2015-8000.patch \
|
||||
file://CVE-2015-8704.patch \
|
||||
file://CVE-2015-8461.patch \
|
||||
file://CVE-2016-1285.patch \
|
||||
file://fix-typo-in-CVE-2016-1285.patch \
|
||||
file://CVE-2016-1286_1.patch \
|
||||
file://CVE-2016-1286_2.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"
|
||||
SRC_URI[sha256sum] = "d4b64c1dde442145a316679acff2df4008aa117ae52dfa3a6bc69efecc7840d1"
|
||||
|
||||
101
meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch
Normal file
101
meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch
Normal file
@@ -0,0 +1,101 @@
|
||||
Solves CVE-2015-8605 that caused DoS when an invalid length field in IPv4 UDP
|
||||
was received by the server.
|
||||
|
||||
Upstream-Status: Backport (v4.3.3p1)
|
||||
CVE: CVE-2015-8605
|
||||
|
||||
From: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=4ce21cb6301d665de01c1a6209e40f5f35072c0c
|
||||
|
||||
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
|
||||
|
||||
=======================================================================
|
||||
diff --git a/common/packet.c b/common/packet.c
|
||||
index b530432..e600e37 100644
|
||||
--- a/common/packet.c
|
||||
+++ b/common/packet.c
|
||||
@@ -220,7 +220,28 @@ ssize_t decode_hw_header (interface, buf, bufix, from)
|
||||
}
|
||||
}
|
||||
|
||||
-/* UDP header and IP header decoded together for convenience. */
|
||||
+/*!
|
||||
+ *
|
||||
+ * \brief UDP header and IP header decoded together for convenience.
|
||||
+ *
|
||||
+ * Attempt to decode the UDP and IP headers and, if necessary, checksum
|
||||
+ * the packet.
|
||||
+ *
|
||||
+ * \param inteface - the interface on which the packet was recevied
|
||||
+ * \param buf - a pointer to the buffer for the received packet
|
||||
+ * \param bufix - where to start processing the buffer, previous
|
||||
+ * routines may have processed parts of the buffer already
|
||||
+ * \param from - space to return the address of the packet sender
|
||||
+ * \param buflen - remaining length of the buffer, this will have been
|
||||
+ * decremented by bufix by the caller
|
||||
+ * \param rbuflen - space to return the length of the payload from the udp
|
||||
+ * header
|
||||
+ * \param csum_ready - indication if the checksum is valid for use
|
||||
+ * non-zero indicates the checksum should be validated
|
||||
+ *
|
||||
+ * \return - the index to the first byte of the udp payload (that is the
|
||||
+ * start of the DHCP packet
|
||||
+ */
|
||||
|
||||
ssize_t
|
||||
decode_udp_ip_header(struct interface_info *interface,
|
||||
@@ -231,7 +252,7 @@ decode_udp_ip_header(struct interface_info *interface,
|
||||
unsigned char *data;
|
||||
struct ip ip;
|
||||
struct udphdr udp;
|
||||
- unsigned char *upp, *endbuf;
|
||||
+ unsigned char *upp;
|
||||
u_int32_t ip_len, ulen, pkt_len;
|
||||
static unsigned int ip_packets_seen = 0;
|
||||
static unsigned int ip_packets_bad_checksum = 0;
|
||||
@@ -241,11 +262,8 @@ decode_udp_ip_header(struct interface_info *interface,
|
||||
static unsigned int udp_packets_length_overflow = 0;
|
||||
unsigned len;
|
||||
|
||||
- /* Designate the end of the input buffer for bounds checks. */
|
||||
- endbuf = buf + bufix + buflen;
|
||||
-
|
||||
/* Assure there is at least an IP header there. */
|
||||
- if ((buf + bufix + sizeof(ip)) > endbuf)
|
||||
+ if (sizeof(ip) > buflen)
|
||||
return -1;
|
||||
|
||||
/* Copy the IP header into a stack aligned structure for inspection.
|
||||
@@ -257,13 +275,17 @@ decode_udp_ip_header(struct interface_info *interface,
|
||||
ip_len = (*upp & 0x0f) << 2;
|
||||
upp += ip_len;
|
||||
|
||||
- /* Check the IP packet length. */
|
||||
+ /* Check packet lengths are within the buffer:
|
||||
+ * first the ip header (ip_len)
|
||||
+ * then the packet length from the ip header (pkt_len)
|
||||
+ * then the udp header (ip_len + sizeof(udp)
|
||||
+ * We are liberal in what we accept, the udp payload should fit within
|
||||
+ * pkt_len, but we only check against the full buffer size.
|
||||
+ */
|
||||
pkt_len = ntohs(ip.ip_len);
|
||||
- if (pkt_len > buflen)
|
||||
- return -1;
|
||||
-
|
||||
- /* Assure after ip_len bytes that there is enough room for a UDP header. */
|
||||
- if ((upp + sizeof(udp)) > endbuf)
|
||||
+ if ((ip_len > buflen) ||
|
||||
+ (pkt_len > buflen) ||
|
||||
+ ((ip_len + sizeof(udp)) > buflen))
|
||||
return -1;
|
||||
|
||||
/* Copy the UDP header into a stack aligned structure for inspection. */
|
||||
@@ -284,7 +306,8 @@ decode_udp_ip_header(struct interface_info *interface,
|
||||
return -1;
|
||||
|
||||
udp_packets_length_checked++;
|
||||
- if ((upp + ulen) > endbuf) {
|
||||
+ /* verify that the payload length from the udp packet fits in the buffer */
|
||||
+ if ((ip_len + ulen) > buflen) {
|
||||
udp_packets_length_overflow++;
|
||||
if (((udp_packets_length_checked > 4) &&
|
||||
(udp_packets_length_overflow != 0)) &&
|
||||
131
meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605_1.patch
Normal file
131
meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605_1.patch
Normal file
@@ -0,0 +1,131 @@
|
||||
This patch is needed in order to apply the patch for CVE-2015-8605.
|
||||
|
||||
Upstream-Status: Backport (4.3.2+)
|
||||
|
||||
From: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=0ce1aa94454ce9b50d592c08d7e0c559d38d3bc5
|
||||
|
||||
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
|
||||
---
|
||||
From 0ce1aa94454ce9b50d592c08d7e0c559d38d3bc5 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Markwalder <tmark@isc.org>
|
||||
Date: Mon, 8 Sep 2014 09:31:32 -0400
|
||||
Subject: [PATCH] [master] Corrected error in UDP bad packet logging
|
||||
|
||||
Merges in rt36897
|
||||
---
|
||||
common/packet.c | 55 +++++++++++++++++++++++++++++++++++--------------------
|
||||
1 file changed, 35 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/common/packet.c b/common/packet.c
|
||||
index 45e96e8..7460f3d 100644
|
||||
--- a/common/packet.c
|
||||
+++ b/common/packet.c
|
||||
@@ -3,7 +3,7 @@
|
||||
Packet assembly code, originally contributed by Archie Cobbs. */
|
||||
|
||||
/*
|
||||
- * Copyright (c) 2009,2012 by Internet Systems Consortium, Inc. ("ISC")
|
||||
+ * Copyright (c) 2009,2012,2014 by Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (c) 2004,2005,2007 by Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (c) 1996-2003 by Internet Software Consortium
|
||||
*
|
||||
@@ -234,12 +234,12 @@ decode_udp_ip_header(struct interface_info *interface,
|
||||
unsigned char *upp, *endbuf;
|
||||
u_int32_t ip_len, ulen, pkt_len;
|
||||
u_int32_t sum, usum;
|
||||
- static int ip_packets_seen;
|
||||
- static int ip_packets_bad_checksum;
|
||||
- static int udp_packets_seen;
|
||||
- static int udp_packets_bad_checksum;
|
||||
- static int udp_packets_length_checked;
|
||||
- static int udp_packets_length_overflow;
|
||||
+ static unsigned int ip_packets_seen = 0;
|
||||
+ static unsigned int ip_packets_bad_checksum = 0;
|
||||
+ static unsigned int udp_packets_seen = 0;
|
||||
+ static unsigned int udp_packets_bad_checksum = 0;
|
||||
+ static unsigned int udp_packets_length_checked = 0;
|
||||
+ static unsigned int udp_packets_length_overflow = 0;
|
||||
unsigned len;
|
||||
|
||||
/* Designate the end of the input buffer for bounds checks. */
|
||||
@@ -287,10 +287,10 @@ decode_udp_ip_header(struct interface_info *interface,
|
||||
udp_packets_length_checked++;
|
||||
if ((upp + ulen) > endbuf) {
|
||||
udp_packets_length_overflow++;
|
||||
- if ((udp_packets_length_checked > 4) &&
|
||||
- ((udp_packets_length_checked /
|
||||
- udp_packets_length_overflow) < 2)) {
|
||||
- log_info("%d udp packets in %d too long - dropped",
|
||||
+ if (((udp_packets_length_checked > 4) &&
|
||||
+ (udp_packets_length_overflow != 0)) &&
|
||||
+ ((udp_packets_length_checked / udp_packets_length_overflow) < 2)) {
|
||||
+ log_info("%u udp packets in %u too long - dropped",
|
||||
udp_packets_length_overflow,
|
||||
udp_packets_length_checked);
|
||||
udp_packets_length_overflow = 0;
|
||||
@@ -299,22 +299,31 @@ decode_udp_ip_header(struct interface_info *interface,
|
||||
return -1;
|
||||
}
|
||||
|
||||
- if ((ulen < sizeof(udp)) || ((upp + ulen) > endbuf))
|
||||
- return -1;
|
||||
+ /* If at least 5 with less than 50% bad, start over */
|
||||
+ if (udp_packets_length_checked > 4) {
|
||||
+ udp_packets_length_overflow = 0;
|
||||
+ udp_packets_length_checked = 0;
|
||||
+ }
|
||||
|
||||
/* Check the IP header checksum - it should be zero. */
|
||||
- ++ip_packets_seen;
|
||||
+ ip_packets_seen++;
|
||||
if (wrapsum (checksum (buf + bufix, ip_len, 0))) {
|
||||
++ip_packets_bad_checksum;
|
||||
- if (ip_packets_seen > 4 &&
|
||||
- (ip_packets_seen / ip_packets_bad_checksum) < 2) {
|
||||
- log_info ("%d bad IP checksums seen in %d packets",
|
||||
+ if (((ip_packets_seen > 4) && (ip_packets_bad_checksum != 0)) &&
|
||||
+ ((ip_packets_seen / ip_packets_bad_checksum) < 2)) {
|
||||
+ log_info ("%u bad IP checksums seen in %u packets",
|
||||
ip_packets_bad_checksum, ip_packets_seen);
|
||||
ip_packets_seen = ip_packets_bad_checksum = 0;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ /* If at least 5 with less than 50% bad, start over */
|
||||
+ if (ip_packets_seen > 4) {
|
||||
+ ip_packets_bad_checksum = 0;
|
||||
+ ip_packets_seen = 0;
|
||||
+ }
|
||||
+
|
||||
/* Copy out the IP source address... */
|
||||
memcpy(&from->sin_addr, &ip.ip_src, 4);
|
||||
|
||||
@@ -339,15 +348,21 @@ decode_udp_ip_header(struct interface_info *interface,
|
||||
udp_packets_seen++;
|
||||
if (usum && usum != sum) {
|
||||
udp_packets_bad_checksum++;
|
||||
- if (udp_packets_seen > 4 &&
|
||||
- (udp_packets_seen / udp_packets_bad_checksum) < 2) {
|
||||
- log_info ("%d bad udp checksums in %d packets",
|
||||
+ if (((udp_packets_seen > 4) && (udp_packets_bad_checksum != 0)) &&
|
||||
+ ((udp_packets_seen / udp_packets_bad_checksum) < 2)) {
|
||||
+ log_info ("%u bad udp checksums in %u packets",
|
||||
udp_packets_bad_checksum, udp_packets_seen);
|
||||
udp_packets_seen = udp_packets_bad_checksum = 0;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ /* If at least 5 with less than 50% bad, start over */
|
||||
+ if (udp_packets_seen > 4) {
|
||||
+ udp_packets_bad_checksum = 0;
|
||||
+ udp_packets_seen = 0;
|
||||
+ }
|
||||
+
|
||||
/* Copy out the port... */
|
||||
memcpy (&from -> sin_port, &udp.uh_sport, sizeof udp.uh_sport);
|
||||
|
||||
--
|
||||
2.6.2
|
||||
|
||||
@@ -6,7 +6,9 @@ SRC_URI += "file://dhcp-3.0.3-dhclient-dbus.patch;striplevel=0 \
|
||||
file://fixsepbuild.patch \
|
||||
file://dhclient-script-drop-resolv.conf.dhclient.patch \
|
||||
file://replace-ifconfig-route.patch \
|
||||
file://CVE-2015-8605_1.patch \
|
||||
file://dhcp-xen-checksum.patch \
|
||||
file://CVE-2015-8605.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "b3a42ece3c7f2cd2e74a3e12ca881d20"
|
||||
|
||||
@@ -0,0 +1,50 @@
|
||||
From b47bdee5621f95387c9ac5b999fd859ccb1213a9 Mon Sep 17 00:00:00 2001
|
||||
From: "djm@openbsd.org" <djm@openbsd.org>
|
||||
Date: Sat, 18 Jul 2015 07:57:14 +0000
|
||||
Subject: [PATCH] CVE-2015-5600
|
||||
|
||||
only query each keyboard-interactive device once per
|
||||
authentication request regardless of how many times it is listed; ok markus@
|
||||
|
||||
Source:
|
||||
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c?f=h#rev1.43
|
||||
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r2=1.43&r1=1.42&f=u
|
||||
|
||||
Upstream-Status: Backport
|
||||
---
|
||||
auth2-chall.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/auth2-chall.c b/auth2-chall.c
|
||||
index ea4eb6952f8c13928c3fc595007f2d844dde422f..065361d3ec22f4f131308d1b4497afada3c3cb78 100644
|
||||
--- a/auth2-chall.c
|
||||
+++ b/auth2-chall.c
|
||||
@@ -83,6 +83,7 @@ struct KbdintAuthctxt
|
||||
void *ctxt;
|
||||
KbdintDevice *device;
|
||||
u_int nreq;
|
||||
+ u_int devices_done;
|
||||
};
|
||||
|
||||
#ifdef USE_PAM
|
||||
@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
|
||||
if (len == 0)
|
||||
break;
|
||||
for (i = 0; devices[i]; i++) {
|
||||
- if (!auth2_method_allowed(authctxt,
|
||||
+ if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
|
||||
+ !auth2_method_allowed(authctxt,
|
||||
"keyboard-interactive", devices[i]->name))
|
||||
continue;
|
||||
- if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
|
||||
+ if (strncmp(kbdintctxt->devices, devices[i]->name,
|
||||
+ len) == 0) {
|
||||
kbdintctxt->device = devices[i];
|
||||
+ kbdintctxt->devices_done |= 1 << i;
|
||||
+ }
|
||||
}
|
||||
t = kbdintctxt->devices;
|
||||
kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
|
||||
--
|
||||
2.6.2
|
||||
|
||||
@@ -0,0 +1,56 @@
|
||||
From e6c85f8889c5c9eb04796fdb76d2807636b9eef5 Mon Sep 17 00:00:00 2001
|
||||
From: Damien Miller <djm@mindrot.org>
|
||||
Date: Fri, 15 Jan 2016 01:30:36 +1100
|
||||
Subject: [PATCH] forcibly disable roaming support in the client
|
||||
|
||||
|
||||
Upstream-Status: Backport
|
||||
CVE: CVE-2016-0777
|
||||
CVE: CVE-2016-0778
|
||||
|
||||
[Yocto #8935]
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
---
|
||||
readconf.c | 5 ++---
|
||||
ssh.c | 3 ---
|
||||
2 files changed, 2 insertions(+), 6 deletions(-)
|
||||
|
||||
Index: openssh-6.7p1/readconf.c
|
||||
===================================================================
|
||||
--- openssh-6.7p1.orig/readconf.c
|
||||
+++ openssh-6.7p1/readconf.c
|
||||
@@ -1597,7 +1597,7 @@ initialize_options(Options * options)
|
||||
options->tun_remote = -1;
|
||||
options->local_command = NULL;
|
||||
options->permit_local_command = -1;
|
||||
- options->use_roaming = -1;
|
||||
+ options->use_roaming = 0;
|
||||
options->visual_host_key = -1;
|
||||
options->ip_qos_interactive = -1;
|
||||
options->ip_qos_bulk = -1;
|
||||
@@ -1768,8 +1768,7 @@ fill_default_options(Options * options)
|
||||
options->tun_remote = SSH_TUNID_ANY;
|
||||
if (options->permit_local_command == -1)
|
||||
options->permit_local_command = 0;
|
||||
- if (options->use_roaming == -1)
|
||||
- options->use_roaming = 1;
|
||||
+ options->use_roaming = 0;
|
||||
if (options->visual_host_key == -1)
|
||||
options->visual_host_key = 0;
|
||||
if (options->ip_qos_interactive == -1)
|
||||
Index: openssh-6.7p1/ssh.c
|
||||
===================================================================
|
||||
--- openssh-6.7p1.orig/ssh.c
|
||||
+++ openssh-6.7p1/ssh.c
|
||||
@@ -1800,9 +1800,6 @@ ssh_session2(void)
|
||||
fork_postauth();
|
||||
}
|
||||
|
||||
- if (options.use_roaming)
|
||||
- request_roaming();
|
||||
-
|
||||
return client_loop(tty_flag, tty_flag ?
|
||||
options.escape_char : SSH_ESCAPECHAR_NONE, id);
|
||||
}
|
||||
@@ -25,6 +25,8 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
|
||||
file://CVE-2015-6563.patch \
|
||||
file://CVE-2015-6564.patch \
|
||||
file://CVE-2015-6565.patch \
|
||||
file://CVE-2015-5600.patch \
|
||||
file://CVE-2016-077x.patch \
|
||||
"
|
||||
|
||||
PAM_SRC_URI = "file://sshd"
|
||||
|
||||
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
|
||||
DEPENDS = "perl-native-runtime"
|
||||
DEPENDS_append_class-target = " openssl-native"
|
||||
|
||||
SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
|
||||
SRC_URI = "http://www.openssl.org/source/old/1.0.2/openssl-${PV}.tar.gz \
|
||||
"
|
||||
S = "${WORKDIR}/openssl-${PV}"
|
||||
|
||||
|
||||
@@ -17,15 +17,13 @@ URL: https://bugs.gentoo.org/542618
|
||||
|
||||
Signed-off-By: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
Index: openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl
|
||||
===================================================================
|
||||
--- openssl-1.0.2a.orig/crypto/perlasm/x86_64-xlate.pl
|
||||
+++ openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl
|
||||
@@ -194,7 +194,10 @@ my %globals;
|
||||
}
|
||||
sub out {
|
||||
diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
|
||||
--- a/crypto/perlasm/x86_64-xlate.pl
|
||||
+++ b/crypto/perlasm/x86_64-xlate.pl
|
||||
@@ -196,6 +196,10 @@ my %globals;
|
||||
my $self = shift;
|
||||
-
|
||||
|
||||
$self->{value} =~ s/\b(0b[0-1]+)/oct($1)/eig;
|
||||
+ # When building on x32 ABIs, the expanded hex value might be too
|
||||
+ # big to fit into 32bits. Enable transparent 64bit support here
|
||||
+ # so we can safely print it out.
|
||||
|
||||
@@ -9,14 +9,15 @@ Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
|
||||
Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
|
||||
|
||||
This is not meant as final patch.
|
||||
|
||||
|
||||
Upstream-Status: Backport [debian]
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
Index: openssl-1.0.2/crypto/x509/x509_vfy.c
|
||||
Index: openssl-1.0.2g/crypto/x509/x509_vfy.c
|
||||
===================================================================
|
||||
--- openssl-1.0.2.orig/crypto/x509/x509_vfy.c
|
||||
+++ openssl-1.0.2/crypto/x509/x509_vfy.c
|
||||
--- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c
|
||||
+++ openssl-1.0.2g/crypto/x509/x509_vfy.c
|
||||
@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
|
||||
static int check_revocation(X509_STORE_CTX *ctx);
|
||||
static int check_cert(X509_STORE_CTX *ctx);
|
||||
@@ -25,17 +26,17 @@ Index: openssl-1.0.2/crypto/x509/x509_vfy.c
|
||||
|
||||
static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
|
||||
unsigned int *preasons, X509_CRL *crl, X509 *x);
|
||||
@@ -438,6 +439,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
|
||||
@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
|
||||
if (!ok)
|
||||
goto end;
|
||||
goto err;
|
||||
|
||||
+ ok = check_ca_blacklist(ctx);
|
||||
+ if(!ok) goto end;
|
||||
+ if(!ok) goto err;
|
||||
+
|
||||
#ifndef OPENSSL_NO_RFC3779
|
||||
/* RFC 3779 path validation, now that CRL check has been done */
|
||||
ok = v3_asid_validate_path(ctx);
|
||||
@@ -938,6 +942,29 @@ static int check_crl_time(X509_STORE_CTX
|
||||
@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
|
||||
@@ -0,0 +1,4615 @@
|
||||
@@ -0,0 +1,4621 @@
|
||||
+OPENSSL_1.0.0 {
|
||||
+ global:
|
||||
+ BIO_f_ssl;
|
||||
@@ -4631,6 +4631,12 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
|
||||
+ SSL_test_functions;
|
||||
+} OPENSSL_1.0.1d;
|
||||
+
|
||||
+OPENSSL_1.0.2g {
|
||||
+ global:
|
||||
+ SRP_VBASE_get1_by_user;
|
||||
+ SRP_user_pwd_free;
|
||||
+} OPENSSL_1.0.2;
|
||||
+
|
||||
Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
@@ -8,16 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
|
||||
|
||||
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
|
||||
---
|
||||
Index: openssl-1.0.2/crypto/evp/digest.c
|
||||
Index: openssl-1.0.2h/crypto/evp/digest.c
|
||||
===================================================================
|
||||
--- openssl-1.0.2.orig/crypto/evp/digest.c
|
||||
+++ openssl-1.0.2/crypto/evp/digest.c
|
||||
@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
|
||||
return 0;
|
||||
--- openssl-1.0.2h.orig/crypto/evp/digest.c
|
||||
+++ openssl-1.0.2h/crypto/evp/digest.c
|
||||
@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
|
||||
type = ctx->digest;
|
||||
}
|
||||
#endif
|
||||
- if (ctx->digest != type) {
|
||||
+ if (type && (ctx->digest != type)) {
|
||||
if (ctx->digest && ctx->digest->ctx_size)
|
||||
if (ctx->digest && ctx->digest->ctx_size) {
|
||||
OPENSSL_free(ctx->md_data);
|
||||
ctx->digest = type;
|
||||
ctx->md_data = NULL;
|
||||
|
||||
@@ -6,7 +6,7 @@ DEPENDS += "cryptodev-linux"
|
||||
|
||||
CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
|
||||
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
|
||||
|
||||
export DIRS = "crypto ssl apps engines"
|
||||
export OE_LDFLAGS="${LDFLAGS}"
|
||||
@@ -25,7 +25,7 @@ SRC_URI += "file://configure-targets.patch \
|
||||
file://debian/no-rpath.patch \
|
||||
file://debian/no-symbolic.patch \
|
||||
file://debian/pic.patch \
|
||||
file://debian/version-script.patch \
|
||||
file://debian1.0.2/version-script.patch \
|
||||
file://openssl_fix_for_x32.patch \
|
||||
file://fix-cipher-des-ede3-cfb1.patch \
|
||||
file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
|
||||
@@ -37,8 +37,8 @@ SRC_URI += "file://configure-targets.patch \
|
||||
file://crypto_use_bigint_in_x86-64_perl.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a"
|
||||
SRC_URI[sha256sum] = "671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8"
|
||||
SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
|
||||
SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
|
||||
|
||||
PACKAGES =+ " \
|
||||
${PN}-engines \
|
||||
@@ -33,6 +33,7 @@ SRC_URI = "http://hostap.epitest.fi/releases/wpa_supplicant-${PV}.tar.gz \
|
||||
file://0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch \
|
||||
file://0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch \
|
||||
file://0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch \
|
||||
file://0001-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch \
|
||||
"
|
||||
SRC_URI[md5sum] = "f2ed8fef72cf63d8d446a2d0a6da630a"
|
||||
SRC_URI[sha256sum] = "eaaa5bf3055270e521b2dff64f2d203ec8040f71958b8588269a82c00c9d7b6a"
|
||||
|
||||
@@ -0,0 +1,64 @@
|
||||
From c13401c723a039971bcd91b3856d76c6041b15f2 Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <j@w1.fi>
|
||||
Date: Fri, 13 Nov 2015 05:54:18 -0500
|
||||
Subject: [PATCH] NFC: Fix payload length validation in NDEF record parser
|
||||
|
||||
It was possible for the 32-bit record->total_length value to end up
|
||||
wrapping around due to integer overflow if the longer form of payload
|
||||
length field is used and record->payload_length gets a value close to
|
||||
2^32. This could result in ndef_parse_record() accepting a too large
|
||||
payload length value and the record type filter reading up to about 20
|
||||
bytes beyond the end of the buffer and potentially killing the process.
|
||||
This could also result in an attempt to allocate close to 2^32 bytes of
|
||||
heap memory and if that were to succeed, a buffer read overflow of the
|
||||
same length which would most likely result in the process termination.
|
||||
In case of record->total_length ending up getting the value 0, there
|
||||
would be no buffer read overflow, but record parsing would result in an
|
||||
infinite loop in ndef_parse_records().
|
||||
|
||||
Any of these error cases could potentially be used for denial of service
|
||||
attacks over NFC by using a malformed NDEF record on an NFC Tag or
|
||||
sending them during NFC connection handover if the application providing
|
||||
the NDEF message to hostapd/wpa_supplicant did no validation of the
|
||||
received records. While such validation is likely done in the NFC stack
|
||||
that needs to parse the NFC messages before further processing,
|
||||
hostapd/wpa_supplicant better be prepared for any data being included
|
||||
here.
|
||||
|
||||
Fix this by validating record->payload_length value in a way that
|
||||
detects integer overflow. (CID 122668)
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
|
||||
Upstream-Status: Backport [from http://w1.fi/security/2015-5/]
|
||||
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
||||
---
|
||||
src/wps/ndef.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/wps/ndef.c b/src/wps/ndef.c
|
||||
index d45dfc8..f7f729b 100644
|
||||
--- a/src/wps/ndef.c
|
||||
+++ b/src/wps/ndef.c
|
||||
@@ -48,6 +48,8 @@ static int ndef_parse_record(const u8 *data, u32 size,
|
||||
if (size < 6)
|
||||
return -1;
|
||||
record->payload_length = ntohl(*(u32 *)pos);
|
||||
+ if (record->payload_length > size - 6)
|
||||
+ return -1;
|
||||
pos += sizeof(u32);
|
||||
}
|
||||
|
||||
@@ -68,7 +70,8 @@ static int ndef_parse_record(const u8 *data, u32 size,
|
||||
pos += record->payload_length;
|
||||
|
||||
record->total_length = pos - data;
|
||||
- if (record->total_length > size)
|
||||
+ if (record->total_length > size ||
|
||||
+ record->total_length < record->payload_length)
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
1.9.1
|
||||
|
||||
@@ -0,0 +1,34 @@
|
||||
From 4d15068d83054a9f82b3f8842706cd6deb401e25 Mon Sep 17 00:00:00 2001
|
||||
From: Vladislav Grishenko <themiron@mail.ru>
|
||||
Date: Thu, 19 Mar 2015 16:19:35 +0500
|
||||
Subject: [PATCH] zcip: fix wrong comparison of source IP with our IP
|
||||
|
||||
Commit "zcip: fix link-local IP conflict detection" has introduced
|
||||
wrong comparsion of source IP with our IP. This leads to a new IP
|
||||
being picked unnecessarily on every incoming ARP packet.
|
||||
|
||||
Signed-off-by: Vladislav Grishenko <themiron@mail.ru>
|
||||
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
||||
Signed-off-by: Brad Mouring <brad.mouring@ni.com>
|
||||
|
||||
Upstream-Status: Backport (4d15068, added in 1.24)
|
||||
---
|
||||
networking/zcip.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/networking/zcip.c b/networking/zcip.c
|
||||
index a3307c5..962ba2e 100644
|
||||
--- a/networking/zcip.c
|
||||
+++ b/networking/zcip.c
|
||||
@@ -521,7 +521,7 @@ int zcip_main(int argc UNUSED_PARAM, char **argv)
|
||||
target_ip_conflict = 0;
|
||||
|
||||
if (memcmp(&p.arp.arp_sha, ð_addr, ETH_ALEN) != 0) {
|
||||
- if (memcmp(p.arp.arp_spa, &ip.s_addr, sizeof(struct in_addr))) {
|
||||
+ if (memcmp(p.arp.arp_spa, &ip.s_addr, sizeof(struct in_addr)) == 0) {
|
||||
/* A probe or reply with source_ip == chosen ip */
|
||||
source_ip_conflict = 1;
|
||||
}
|
||||
--
|
||||
2.7.3
|
||||
|
||||
@@ -30,6 +30,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
|
||||
file://login-utilities.cfg \
|
||||
file://recognize_connmand.patch \
|
||||
file://busybox-cross-menuconfig.patch \
|
||||
file://0001-zcip-fix-wrong-comparison-of-source-IP-with-our-IP.patch \
|
||||
"
|
||||
|
||||
SRC_URI[tarball.md5sum] = "5c94d6301a964cd91619bd4d74605245"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
require busybox.inc
|
||||
|
||||
SRCREV = "1ecfe811fe2f70380170ef7d820e8150054e88ca"
|
||||
SRCREV = "4d15068d83054a9f82b3f8842706cd6deb401e25"
|
||||
# Lookout for PV bump too when SRCREV is changed
|
||||
PV = "1.23.1+git${SRCPV}"
|
||||
|
||||
|
||||
@@ -1,19 +0,0 @@
|
||||
|
||||
# Pulled from OpenEmbedded
|
||||
#
|
||||
# Commented by: Saul Wold <saul.wold@intel.com>
|
||||
|
||||
Upstream-Status: Inappropriate [licensing]
|
||||
|
||||
diff -ur gettext-0.14.6/gettext-tools/lib/error.h gettext-0.14.6-patched/gettext-tools/lib/error.h
|
||||
--- gettext-0.14.6/gettext-tools/lib/error.h 2005-05-20 16:03:42.000000000 -0500
|
||||
+++ gettext-0.14.6-patched/gettext-tools/lib/error.h 2007-01-13 20:57:24.422168053 -0600
|
||||
@@ -50,7 +50,7 @@
|
||||
/* If NULL, error will flush stdout, then print on stderr the program
|
||||
name, a colon and a space. Otherwise, error will call this
|
||||
function without parameters instead. */
|
||||
-extern DLL_VARIABLE void (*error_print_progname) (void);
|
||||
+void (*error_print_progname) (void);
|
||||
|
||||
/* This variable is incremented each time `error' is called. */
|
||||
extern DLL_VARIABLE unsigned int error_message_count;
|
||||
@@ -21,9 +21,7 @@ SRC_URI = "${GNU_MIRROR}/gettext/gettext-${PV}.tar.gz \
|
||||
file://hardcode_macro_version.patch \
|
||||
"
|
||||
|
||||
|
||||
SRC_URI_append_linux-uclibc = " file://gettext-error_print_progname.patch"
|
||||
SRC_URI_append_linux-uclibceabi = " file://gettext-error_print_progname.patch"
|
||||
LDFLAGS_prepend_libc-uclibc = " -lrt -lpthread "
|
||||
|
||||
SRC_URI[md5sum] = "3d9ad24301c6d6b17ec30704a13fe127"
|
||||
SRC_URI[sha256sum] = "0bf850d1a079fb5a61f0a47b1a9efd35eb44032255375e1cedb0253bc27b376d"
|
||||
|
||||
@@ -0,0 +1,49 @@
|
||||
[AArch64] Fix the big endian loader name
|
||||
|
||||
Signed-off-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
|
||||
|
||||
The patch was imported from the glibc's official git server
|
||||
(https://sourceware.org/git/?p=glibc.git) as of commit id
|
||||
44cb254f9a024db33ba549e59dc9d90355b797c9.
|
||||
|
||||
Fixed conflicts raised on glibc 2.21.
|
||||
|
||||
Upstream-Status: Backport [glibc 2.22]
|
||||
|
||||
Signed-off-by: Adrian Calianu <adrian.calianu@enea.com>
|
||||
---
|
||||
ChangeLog | 5 +++++
|
||||
config.h.in | 3 +++
|
||||
2 files changed, 8 insertions(+)
|
||||
|
||||
diff --git a/ChangeLog b/ChangeLog
|
||||
index dc1ed1b..503ad41 100644
|
||||
--- a/ChangeLog
|
||||
+++ b/ChangeLog
|
||||
@@ -56278,4 +56278,9 @@
|
||||
added check. Only act on the data if no current modification
|
||||
happened.
|
||||
|
||||
+2015-05-01 Szabolcs Nagy <szabolcs.nagy@arm.com>
|
||||
+
|
||||
+ * config.h.in (HAVE_AARCH64_BE): Add.
|
||||
+
|
||||
+
|
||||
See ChangeLog.17 for earlier changes.
|
||||
diff --git a/config.h.in b/config.h.in
|
||||
index 695ca35..85c1761 100644
|
||||
--- a/config.h.in
|
||||
+++ b/config.h.in
|
||||
@@ -114,6 +114,9 @@
|
||||
include/libc-symbols.h that avoid PLT slots in the shared objects. */
|
||||
#undef NO_HIDDEN
|
||||
|
||||
+/* AArch64 big endian ABI */
|
||||
+#undef HAVE_AARCH64_BE
|
||||
+
|
||||
|
||||
/* Defined to some form of __attribute__ ((...)) if the compiler supports
|
||||
a different, more efficient calling convention. */
|
||||
--
|
||||
1.9.1
|
||||
|
||||
633
meta/recipes-core/glibc/glibc/CVE-2015-7547.patch
Normal file
633
meta/recipes-core/glibc/glibc/CVE-2015-7547.patch
Normal file
@@ -0,0 +1,633 @@
|
||||
From: Carlos O'Donell <carlos@systemhalted.org>
|
||||
Date: Wed, 17 Feb 2016 02:26:37 +0000 (-0500)
|
||||
Subject: CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665).
|
||||
X-Git-Url: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff_plain;h=16d0a0ce7613552301786bf05d7eba8784b5732c;hp=014eaa22077fd4759083b1a4619ded513a181f92
|
||||
|
||||
CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665).
|
||||
|
||||
* A stack-based buffer overflow was found in libresolv when invoked from
|
||||
libnss_dns, allowing specially crafted DNS responses to seize control
|
||||
of execution flow in the DNS client. The buffer overflow occurs in
|
||||
the functions send_dg (send datagram) and send_vc (send TCP) for the
|
||||
NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
|
||||
family. The use of AF_UNSPEC triggers the low-level resolver code to
|
||||
send out two parallel queries for A and AAAA. A mismanagement of the
|
||||
buffers used for those queries could result in the response of a query
|
||||
writing beyond the alloca allocated buffer created by
|
||||
_nss_dns_gethostbyname4_r. Buffer management is simplified to remove
|
||||
the overflow. Thanks to the Google Security Team and Red Hat for
|
||||
reporting the security impact of this issue, and Robert Holiday of
|
||||
Ciena for reporting the related bug 18665. (CVE-2015-7547)
|
||||
|
||||
See also:
|
||||
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
|
||||
https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html
|
||||
|
||||
(cherry picked from commit e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca)
|
||||
|
||||
Upstream-Status: Backport
|
||||
CVE: CVE-2015-7547
|
||||
---
|
||||
|
||||
Index: git/ChangeLog
|
||||
===================================================================
|
||||
--- git.orig/ChangeLog
|
||||
+++ git/ChangeLog
|
||||
@@ -1,3 +1,18 @@
|
||||
+2016-02-15 Carlos O'Donell <carlos@redhat.com>
|
||||
+
|
||||
+ [BZ #18665]
|
||||
+ * resolv/nss_dns/dns-host.c (gaih_getanswer_slice): Always set
|
||||
+ *herrno_p.
|
||||
+ (gaih_getanswer): Document functional behviour. Return tryagain
|
||||
+ if any result is tryagain.
|
||||
+ * resolv/res_query.c (__libc_res_nsearch): Set buffer size to zero
|
||||
+ when freed.
|
||||
+ * resolv/res_send.c: Add copyright text.
|
||||
+ (__libc_res_nsend): Document that MAXPACKET is expected.
|
||||
+ (send_vc): Document. Remove buffer reuse.
|
||||
+ (send_dg): Document. Remove buffer reuse. Set *thisanssizp to set the
|
||||
+ size of the buffer. Add Dprint for truncated UDP buffer.
|
||||
+
|
||||
2015-09-26 Paul Pluzhnikov <ppluzhnikov@google.com>
|
||||
|
||||
[BZ #18985]
|
||||
Index: git/NEWS
|
||||
===================================================================
|
||||
--- git.orig/NEWS
|
||||
+++ git/NEWS
|
||||
@@ -27,6 +27,20 @@ Security related changes:
|
||||
17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
|
||||
17892, 18928, 17905.
|
||||
|
||||
+* A stack-based buffer overflow was found in libresolv when invoked from
|
||||
+ libnss_dns, allowing specially crafted DNS responses to seize control
|
||||
+ of execution flow in the DNS client. The buffer overflow occurs in
|
||||
+ the functions send_dg (send datagram) and send_vc (send TCP) for the
|
||||
+ NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
|
||||
+ family. The use of AF_UNSPEC triggers the low-level resolver code to
|
||||
+ send out two parallel queries for A and AAAA. A mismanagement of the
|
||||
+ buffers used for those queries could result in the response of a query
|
||||
+ writing beyond the alloca allocated buffer created by
|
||||
+ _nss_dns_gethostbyname4_r. Buffer management is simplified to remove
|
||||
+ the overflow. Thanks to the Google Security Team and Red Hat for
|
||||
+ reporting the security impact of this issue, and Robert Holiday of
|
||||
+ Ciena for reporting the related bug 18665. (CVE-2015-7547)
|
||||
+
|
||||
* The LD_POINTER_GUARD environment variable can no longer be used to
|
||||
disable the pointer guard feature. It is always enabled.
|
||||
|
||||
Index: git/resolv/nss_dns/dns-host.c
|
||||
===================================================================
|
||||
--- git.orig/resolv/nss_dns/dns-host.c
|
||||
+++ git/resolv/nss_dns/dns-host.c
|
||||
@@ -1032,7 +1032,10 @@ gaih_getanswer_slice (const querybuf *an
|
||||
int h_namelen = 0;
|
||||
|
||||
if (ancount == 0)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
+ {
|
||||
+ *h_errnop = HOST_NOT_FOUND;
|
||||
+ return NSS_STATUS_NOTFOUND;
|
||||
+ }
|
||||
|
||||
while (ancount-- > 0 && cp < end_of_message && had_error == 0)
|
||||
{
|
||||
@@ -1209,7 +1212,14 @@ gaih_getanswer_slice (const querybuf *an
|
||||
/* Special case here: if the resolver sent a result but it only
|
||||
contains a CNAME while we are looking for a T_A or T_AAAA record,
|
||||
we fail with NOTFOUND instead of TRYAGAIN. */
|
||||
- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
|
||||
+ if (canon != NULL)
|
||||
+ {
|
||||
+ *h_errnop = HOST_NOT_FOUND;
|
||||
+ return NSS_STATUS_NOTFOUND;
|
||||
+ }
|
||||
+
|
||||
+ *h_errnop = NETDB_INTERNAL;
|
||||
+ return NSS_STATUS_TRYAGAIN;
|
||||
}
|
||||
|
||||
|
||||
@@ -1223,11 +1233,101 @@ gaih_getanswer (const querybuf *answer1,
|
||||
|
||||
enum nss_status status = NSS_STATUS_NOTFOUND;
|
||||
|
||||
+ /* Combining the NSS status of two distinct queries requires some
|
||||
+ compromise and attention to symmetry (A or AAAA queries can be
|
||||
+ returned in any order). What follows is a breakdown of how this
|
||||
+ code is expected to work and why. We discuss only SUCCESS,
|
||||
+ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns
|
||||
+ that apply (though RETURN and MERGE exist). We make a distinction
|
||||
+ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable).
|
||||
+ A recoverable TRYAGAIN is almost always due to buffer size issues
|
||||
+ and returns ERANGE in errno and the caller is expected to retry
|
||||
+ with a larger buffer.
|
||||
+
|
||||
+ Lastly, you may be tempted to make significant changes to the
|
||||
+ conditions in this code to bring about symmetry between responses.
|
||||
+ Please don't change anything without due consideration for
|
||||
+ expected application behaviour. Some of the synthesized responses
|
||||
+ aren't very well thought out and sometimes appear to imply that
|
||||
+ IPv4 responses are always answer 1, and IPv6 responses are always
|
||||
+ answer 2, but that's not true (see the implementation of send_dg
|
||||
+ and send_vc to see response can arrive in any order, particularly
|
||||
+ for UDP). However, we expect it holds roughly enough of the time
|
||||
+ that this code works, but certainly needs to be fixed to make this
|
||||
+ a more robust implementation.
|
||||
+
|
||||
+ ----------------------------------------------
|
||||
+ | Answer 1 Status / | Synthesized | Reason |
|
||||
+ | Answer 2 Status | Status | |
|
||||
+ |--------------------------------------------|
|
||||
+ | SUCCESS/SUCCESS | SUCCESS | [1] |
|
||||
+ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] |
|
||||
+ | SUCCESS/TRYAGAIN' | SUCCESS | [1] |
|
||||
+ | SUCCESS/NOTFOUND | SUCCESS | [1] |
|
||||
+ | SUCCESS/UNAVAIL | SUCCESS | [1] |
|
||||
+ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] |
|
||||
+ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] |
|
||||
+ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] |
|
||||
+ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] |
|
||||
+ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] |
|
||||
+ | TRYAGAIN'/SUCCESS | SUCCESS | [3] |
|
||||
+ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] |
|
||||
+ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] |
|
||||
+ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] |
|
||||
+ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] |
|
||||
+ | NOTFOUND/SUCCESS | SUCCESS | [3] |
|
||||
+ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] |
|
||||
+ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] |
|
||||
+ | NOTFOUND/NOTFOUND | NOTFOUND | [3] |
|
||||
+ | NOTFOUND/UNAVAIL | UNAVAIL | [3] |
|
||||
+ | UNAVAIL/SUCCESS | UNAVAIL | [4] |
|
||||
+ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] |
|
||||
+ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] |
|
||||
+ | UNAVAIL/NOTFOUND | UNAVAIL | [4] |
|
||||
+ | UNAVAIL/UNAVAIL | UNAVAIL | [4] |
|
||||
+ ----------------------------------------------
|
||||
+
|
||||
+ [1] If the first response is a success we return success.
|
||||
+ This ignores the state of the second answer and in fact
|
||||
+ incorrectly sets errno and h_errno to that of the second
|
||||
+ answer. However because the response is a success we ignore
|
||||
+ *errnop and *h_errnop (though that means you touched errno on
|
||||
+ success). We are being conservative here and returning the
|
||||
+ likely IPv4 response in the first answer as a success.
|
||||
+
|
||||
+ [2] If the first response is a recoverable TRYAGAIN we return
|
||||
+ that instead of looking at the second response. The
|
||||
+ expectation here is that we have failed to get an IPv4 response
|
||||
+ and should retry both queries.
|
||||
+
|
||||
+ [3] If the first response was not a SUCCESS and the second
|
||||
+ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN,
|
||||
+ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the
|
||||
+ result from the second response, otherwise the first responses
|
||||
+ status is used. Again we have some odd side-effects when the
|
||||
+ second response is NOTFOUND because we overwrite *errnop and
|
||||
+ *h_errnop that means that a first answer of NOTFOUND might see
|
||||
+ its *errnop and *h_errnop values altered. Whether it matters
|
||||
+ in practice that a first response NOTFOUND has the wrong
|
||||
+ *errnop and *h_errnop is undecided.
|
||||
+
|
||||
+ [4] If the first response is UNAVAIL we return that instead of
|
||||
+ looking at the second response. The expectation here is that
|
||||
+ it will have failed similarly e.g. configuration failure.
|
||||
+
|
||||
+ [5] Testing this code is complicated by the fact that truncated
|
||||
+ second response buffers might be returned as SUCCESS if the
|
||||
+ first answer is a SUCCESS. To fix this we add symmetry to
|
||||
+ TRYAGAIN with the second response. If the second response
|
||||
+ is a recoverable error we now return TRYAGIN even if the first
|
||||
+ response was SUCCESS. */
|
||||
+
|
||||
if (anslen1 > 0)
|
||||
status = gaih_getanswer_slice(answer1, anslen1, qname,
|
||||
&pat, &buffer, &buflen,
|
||||
errnop, h_errnop, ttlp,
|
||||
&first);
|
||||
+
|
||||
if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND
|
||||
|| (status == NSS_STATUS_TRYAGAIN
|
||||
/* We want to look at the second answer in case of an
|
||||
@@ -1243,8 +1343,15 @@ gaih_getanswer (const querybuf *answer1,
|
||||
&pat, &buffer, &buflen,
|
||||
errnop, h_errnop, ttlp,
|
||||
&first);
|
||||
+ /* Use the second response status in some cases. */
|
||||
if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND)
|
||||
status = status2;
|
||||
+ /* Do not return a truncated second response (unless it was
|
||||
+ unavoidable e.g. unrecoverable TRYAGAIN). */
|
||||
+ if (status == NSS_STATUS_SUCCESS
|
||||
+ && (status2 == NSS_STATUS_TRYAGAIN
|
||||
+ && *errnop == ERANGE && *h_errnop != NO_RECOVERY))
|
||||
+ status = NSS_STATUS_TRYAGAIN;
|
||||
}
|
||||
|
||||
return status;
|
||||
Index: git/resolv/res_query.c
|
||||
===================================================================
|
||||
--- git.orig/resolv/res_query.c
|
||||
+++ git/resolv/res_query.c
|
||||
@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp,
|
||||
{
|
||||
free (*answerp2);
|
||||
*answerp2 = NULL;
|
||||
+ *nanswerp2 = 0;
|
||||
*answerp2_malloced = 0;
|
||||
}
|
||||
}
|
||||
@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp,
|
||||
{
|
||||
free (*answerp2);
|
||||
*answerp2 = NULL;
|
||||
+ *nanswerp2 = 0;
|
||||
*answerp2_malloced = 0;
|
||||
}
|
||||
|
||||
@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp,
|
||||
{
|
||||
free (*answerp2);
|
||||
*answerp2 = NULL;
|
||||
+ *nanswerp2 = 0;
|
||||
*answerp2_malloced = 0;
|
||||
}
|
||||
if (saved_herrno != -1)
|
||||
Index: git/resolv/res_send.c
|
||||
===================================================================
|
||||
--- git.orig/resolv/res_send.c
|
||||
+++ git/resolv/res_send.c
|
||||
@@ -1,3 +1,20 @@
|
||||
+/* Copyright (C) 2016 Free Software Foundation, Inc.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <http://www.gnu.org/licenses/>. */
|
||||
+
|
||||
/*
|
||||
* Copyright (c) 1985, 1989, 1993
|
||||
* The Regents of the University of California. All rights reserved.
|
||||
@@ -361,6 +378,8 @@ __libc_res_nsend(res_state statp, const
|
||||
#ifdef USE_HOOKS
|
||||
if (__glibc_unlikely (statp->qhook || statp->rhook)) {
|
||||
if (anssiz < MAXPACKET && ansp) {
|
||||
+ /* Always allocate MAXPACKET, callers expect
|
||||
+ this specific size. */
|
||||
u_char *buf = malloc (MAXPACKET);
|
||||
if (buf == NULL)
|
||||
return (-1);
|
||||
@@ -660,6 +679,77 @@ libresolv_hidden_def (res_nsend)
|
||||
|
||||
/* Private */
|
||||
|
||||
+/* The send_vc function is responsible for sending a DNS query over TCP
|
||||
+ to the nameserver numbered NS from the res_state STATP i.e.
|
||||
+ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and
|
||||
+ IPv6 queries at the same serially on the same socket.
|
||||
+
|
||||
+ Please note that for TCP there is no way to disable sending both
|
||||
+ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP
|
||||
+ and sends the queries serially and waits for the result after each
|
||||
+ sent query. This implemetnation should be corrected to honour these
|
||||
+ options.
|
||||
+
|
||||
+ Please also note that for TCP we send both queries over the same
|
||||
+ socket one after another. This technically violates best practice
|
||||
+ since the server is allowed to read the first query, respond, and
|
||||
+ then close the socket (to service another client). If the server
|
||||
+ does this, then the remaining second query in the socket data buffer
|
||||
+ will cause the server to send the client an RST which will arrive
|
||||
+ asynchronously and the client's OS will likely tear down the socket
|
||||
+ receive buffer resulting in a potentially short read and lost
|
||||
+ response data. This will force the client to retry the query again,
|
||||
+ and this process may repeat until all servers and connection resets
|
||||
+ are exhausted and then the query will fail. It's not known if this
|
||||
+ happens with any frequency in real DNS server implementations. This
|
||||
+ implementation should be corrected to use two sockets by default for
|
||||
+ parallel queries.
|
||||
+
|
||||
+ The query stored in BUF of BUFLEN length is sent first followed by
|
||||
+ the query stored in BUF2 of BUFLEN2 length. Queries are sent
|
||||
+ serially on the same socket.
|
||||
+
|
||||
+ Answers to the query are stored firstly in *ANSP up to a max of
|
||||
+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
|
||||
+ is non-NULL (to indicate that modifying the answer buffer is allowed)
|
||||
+ then malloc is used to allocate a new response buffer and ANSCP and
|
||||
+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes
|
||||
+ are needed but ANSCP is NULL, then as much of the response as
|
||||
+ possible is read into the buffer, but the results will be truncated.
|
||||
+ When truncation happens because of a small answer buffer the DNS
|
||||
+ packets header field TC will bet set to 1, indicating a truncated
|
||||
+ message and the rest of the socket data will be read and discarded.
|
||||
+
|
||||
+ Answers to the query are stored secondly in *ANSP2 up to a max of
|
||||
+ *ANSSIZP2 bytes, with the actual response length stored in
|
||||
+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
|
||||
+ is non-NULL (required for a second query) then malloc is used to
|
||||
+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer
|
||||
+ size and *ANSP2_MALLOCED is set to 1.
|
||||
+
|
||||
+ The ANSP2_MALLOCED argument will eventually be removed as the
|
||||
+ change in buffer pointer can be used to detect the buffer has
|
||||
+ changed and that the caller should use free on the new buffer.
|
||||
+
|
||||
+ Note that the answers may arrive in any order from the server and
|
||||
+ therefore the first and second answer buffers may not correspond to
|
||||
+ the first and second queries.
|
||||
+
|
||||
+ It is not supported to call this function with a non-NULL ANSP2
|
||||
+ but a NULL ANSCP. Put another way, you can call send_vc with a
|
||||
+ single unmodifiable buffer or two modifiable buffers, but no other
|
||||
+ combination is supported.
|
||||
+
|
||||
+ It is the caller's responsibility to free the malloc allocated
|
||||
+ buffers by detecting that the pointers have changed from their
|
||||
+ original values i.e. *ANSCP or *ANSP2 has changed.
|
||||
+
|
||||
+ If errors are encountered then *TERRNO is set to an appropriate
|
||||
+ errno value and a zero result is returned for a recoverable error,
|
||||
+ and a less-than zero result is returned for a non-recoverable error.
|
||||
+
|
||||
+ If no errors are encountered then *TERRNO is left unmodified and
|
||||
+ a the length of the first response in bytes is returned. */
|
||||
static int
|
||||
send_vc(res_state statp,
|
||||
const u_char *buf, int buflen, const u_char *buf2, int buflen2,
|
||||
@@ -669,11 +759,7 @@ send_vc(res_state statp,
|
||||
{
|
||||
const HEADER *hp = (HEADER *) buf;
|
||||
const HEADER *hp2 = (HEADER *) buf2;
|
||||
- u_char *ans = *ansp;
|
||||
- int orig_anssizp = *anssizp;
|
||||
- // XXX REMOVE
|
||||
- // int anssiz = *anssizp;
|
||||
- HEADER *anhp = (HEADER *) ans;
|
||||
+ HEADER *anhp = (HEADER *) *ansp;
|
||||
struct sockaddr_in6 *nsap = EXT(statp).nsaddrs[ns];
|
||||
int truncating, connreset, n;
|
||||
/* On some architectures compiler might emit a warning indicating
|
||||
@@ -766,6 +852,8 @@ send_vc(res_state statp,
|
||||
* Receive length & response
|
||||
*/
|
||||
int recvresp1 = 0;
|
||||
+ /* Skip the second response if there is no second query.
|
||||
+ To do that we mark the second response as received. */
|
||||
int recvresp2 = buf2 == NULL;
|
||||
uint16_t rlen16;
|
||||
read_len:
|
||||
@@ -802,40 +890,14 @@ send_vc(res_state statp,
|
||||
u_char **thisansp;
|
||||
int *thisresplenp;
|
||||
if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
|
||||
+ /* We have not received any responses
|
||||
+ yet or we only have one response to
|
||||
+ receive. */
|
||||
thisanssizp = anssizp;
|
||||
thisansp = anscp ?: ansp;
|
||||
assert (anscp != NULL || ansp2 == NULL);
|
||||
thisresplenp = &resplen;
|
||||
} else {
|
||||
- if (*anssizp != MAXPACKET) {
|
||||
- /* No buffer allocated for the first
|
||||
- reply. We can try to use the rest
|
||||
- of the user-provided buffer. */
|
||||
-#if __GNUC_PREREQ (4, 7)
|
||||
- DIAG_PUSH_NEEDS_COMMENT;
|
||||
- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
|
||||
-#endif
|
||||
-#if _STRING_ARCH_unaligned
|
||||
- *anssizp2 = orig_anssizp - resplen;
|
||||
- *ansp2 = *ansp + resplen;
|
||||
-#else
|
||||
- int aligned_resplen
|
||||
- = ((resplen + __alignof__ (HEADER) - 1)
|
||||
- & ~(__alignof__ (HEADER) - 1));
|
||||
- *anssizp2 = orig_anssizp - aligned_resplen;
|
||||
- *ansp2 = *ansp + aligned_resplen;
|
||||
-#endif
|
||||
-#if __GNUC_PREREQ (4, 7)
|
||||
- DIAG_POP_NEEDS_COMMENT;
|
||||
-#endif
|
||||
- } else {
|
||||
- /* The first reply did not fit into the
|
||||
- user-provided buffer. Maybe the second
|
||||
- answer will. */
|
||||
- *anssizp2 = orig_anssizp;
|
||||
- *ansp2 = *ansp;
|
||||
- }
|
||||
-
|
||||
thisanssizp = anssizp2;
|
||||
thisansp = ansp2;
|
||||
thisresplenp = resplen2;
|
||||
@@ -843,10 +905,14 @@ send_vc(res_state statp,
|
||||
anhp = (HEADER *) *thisansp;
|
||||
|
||||
*thisresplenp = rlen;
|
||||
- if (rlen > *thisanssizp) {
|
||||
- /* Yes, we test ANSCP here. If we have two buffers
|
||||
- both will be allocatable. */
|
||||
- if (__glibc_likely (anscp != NULL)) {
|
||||
+ /* Is the answer buffer too small? */
|
||||
+ if (*thisanssizp < rlen) {
|
||||
+ /* If the current buffer is not the the static
|
||||
+ user-supplied buffer then we can reallocate
|
||||
+ it. */
|
||||
+ if (thisansp != NULL && thisansp != ansp) {
|
||||
+ /* Always allocate MAXPACKET, callers expect
|
||||
+ this specific size. */
|
||||
u_char *newp = malloc (MAXPACKET);
|
||||
if (newp == NULL) {
|
||||
*terrno = ENOMEM;
|
||||
@@ -858,6 +924,9 @@ send_vc(res_state statp,
|
||||
if (thisansp == ansp2)
|
||||
*ansp2_malloced = 1;
|
||||
anhp = (HEADER *) newp;
|
||||
+ /* A uint16_t can't be larger than MAXPACKET
|
||||
+ thus it's safe to allocate MAXPACKET but
|
||||
+ read RLEN bytes instead. */
|
||||
len = rlen;
|
||||
} else {
|
||||
Dprint(statp->options & RES_DEBUG,
|
||||
@@ -1021,6 +1090,66 @@ reopen (res_state statp, int *terrno, in
|
||||
return 1;
|
||||
}
|
||||
|
||||
+/* The send_dg function is responsible for sending a DNS query over UDP
|
||||
+ to the nameserver numbered NS from the res_state STATP i.e.
|
||||
+ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries
|
||||
+ along with the ability to send the query in parallel for both stacks
|
||||
+ (default) or serially (RES_SINGLKUP). It also supports serial lookup
|
||||
+ with a close and reopen of the socket used to talk to the server
|
||||
+ (RES_SNGLKUPREOP) to work around broken name servers.
|
||||
+
|
||||
+ The query stored in BUF of BUFLEN length is sent first followed by
|
||||
+ the query stored in BUF2 of BUFLEN2 length. Queries are sent
|
||||
+ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP).
|
||||
+
|
||||
+ Answers to the query are stored firstly in *ANSP up to a max of
|
||||
+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
|
||||
+ is non-NULL (to indicate that modifying the answer buffer is allowed)
|
||||
+ then malloc is used to allocate a new response buffer and ANSCP and
|
||||
+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes
|
||||
+ are needed but ANSCP is NULL, then as much of the response as
|
||||
+ possible is read into the buffer, but the results will be truncated.
|
||||
+ When truncation happens because of a small answer buffer the DNS
|
||||
+ packets header field TC will bet set to 1, indicating a truncated
|
||||
+ message, while the rest of the UDP packet is discarded.
|
||||
+
|
||||
+ Answers to the query are stored secondly in *ANSP2 up to a max of
|
||||
+ *ANSSIZP2 bytes, with the actual response length stored in
|
||||
+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
|
||||
+ is non-NULL (required for a second query) then malloc is used to
|
||||
+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer
|
||||
+ size and *ANSP2_MALLOCED is set to 1.
|
||||
+
|
||||
+ The ANSP2_MALLOCED argument will eventually be removed as the
|
||||
+ change in buffer pointer can be used to detect the buffer has
|
||||
+ changed and that the caller should use free on the new buffer.
|
||||
+
|
||||
+ Note that the answers may arrive in any order from the server and
|
||||
+ therefore the first and second answer buffers may not correspond to
|
||||
+ the first and second queries.
|
||||
+
|
||||
+ It is not supported to call this function with a non-NULL ANSP2
|
||||
+ but a NULL ANSCP. Put another way, you can call send_vc with a
|
||||
+ single unmodifiable buffer or two modifiable buffers, but no other
|
||||
+ combination is supported.
|
||||
+
|
||||
+ It is the caller's responsibility to free the malloc allocated
|
||||
+ buffers by detecting that the pointers have changed from their
|
||||
+ original values i.e. *ANSCP or *ANSP2 has changed.
|
||||
+
|
||||
+ If an answer is truncated because of UDP datagram DNS limits then
|
||||
+ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to
|
||||
+ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1
|
||||
+ if any progress was made reading a response from the nameserver and
|
||||
+ is used by the caller to distinguish between ECONNREFUSED and
|
||||
+ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1).
|
||||
+
|
||||
+ If errors are encountered then *TERRNO is set to an appropriate
|
||||
+ errno value and a zero result is returned for a recoverable error,
|
||||
+ and a less-than zero result is returned for a non-recoverable error.
|
||||
+
|
||||
+ If no errors are encountered then *TERRNO is left unmodified and
|
||||
+ a the length of the first response in bytes is returned. */
|
||||
static int
|
||||
send_dg(res_state statp,
|
||||
const u_char *buf, int buflen, const u_char *buf2, int buflen2,
|
||||
@@ -1030,8 +1159,6 @@ send_dg(res_state statp,
|
||||
{
|
||||
const HEADER *hp = (HEADER *) buf;
|
||||
const HEADER *hp2 = (HEADER *) buf2;
|
||||
- u_char *ans = *ansp;
|
||||
- int orig_anssizp = *anssizp;
|
||||
struct timespec now, timeout, finish;
|
||||
struct pollfd pfd[1];
|
||||
int ptimeout;
|
||||
@@ -1064,6 +1191,8 @@ send_dg(res_state statp,
|
||||
int need_recompute = 0;
|
||||
int nwritten = 0;
|
||||
int recvresp1 = 0;
|
||||
+ /* Skip the second response if there is no second query.
|
||||
+ To do that we mark the second response as received. */
|
||||
int recvresp2 = buf2 == NULL;
|
||||
pfd[0].fd = EXT(statp).nssocks[ns];
|
||||
pfd[0].events = POLLOUT;
|
||||
@@ -1227,55 +1356,56 @@ send_dg(res_state statp,
|
||||
int *thisresplenp;
|
||||
|
||||
if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
|
||||
+ /* We have not received any responses
|
||||
+ yet or we only have one response to
|
||||
+ receive. */
|
||||
thisanssizp = anssizp;
|
||||
thisansp = anscp ?: ansp;
|
||||
assert (anscp != NULL || ansp2 == NULL);
|
||||
thisresplenp = &resplen;
|
||||
} else {
|
||||
- if (*anssizp != MAXPACKET) {
|
||||
- /* No buffer allocated for the first
|
||||
- reply. We can try to use the rest
|
||||
- of the user-provided buffer. */
|
||||
-#if _STRING_ARCH_unaligned
|
||||
- *anssizp2 = orig_anssizp - resplen;
|
||||
- *ansp2 = *ansp + resplen;
|
||||
-#else
|
||||
- int aligned_resplen
|
||||
- = ((resplen + __alignof__ (HEADER) - 1)
|
||||
- & ~(__alignof__ (HEADER) - 1));
|
||||
- *anssizp2 = orig_anssizp - aligned_resplen;
|
||||
- *ansp2 = *ansp + aligned_resplen;
|
||||
-#endif
|
||||
- } else {
|
||||
- /* The first reply did not fit into the
|
||||
- user-provided buffer. Maybe the second
|
||||
- answer will. */
|
||||
- *anssizp2 = orig_anssizp;
|
||||
- *ansp2 = *ansp;
|
||||
- }
|
||||
-
|
||||
thisanssizp = anssizp2;
|
||||
thisansp = ansp2;
|
||||
thisresplenp = resplen2;
|
||||
}
|
||||
|
||||
if (*thisanssizp < MAXPACKET
|
||||
- /* Yes, we test ANSCP here. If we have two buffers
|
||||
- both will be allocatable. */
|
||||
- && anscp
|
||||
+ /* If the current buffer is not the the static
|
||||
+ user-supplied buffer then we can reallocate
|
||||
+ it. */
|
||||
+ && (thisansp != NULL && thisansp != ansp)
|
||||
#ifdef FIONREAD
|
||||
+ /* Is the size too small? */
|
||||
&& (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0
|
||||
|| *thisanssizp < *thisresplenp)
|
||||
#endif
|
||||
) {
|
||||
+ /* Always allocate MAXPACKET, callers expect
|
||||
+ this specific size. */
|
||||
u_char *newp = malloc (MAXPACKET);
|
||||
if (newp != NULL) {
|
||||
- *anssizp = MAXPACKET;
|
||||
- *thisansp = ans = newp;
|
||||
+ *thisanssizp = MAXPACKET;
|
||||
+ *thisansp = newp;
|
||||
if (thisansp == ansp2)
|
||||
*ansp2_malloced = 1;
|
||||
}
|
||||
}
|
||||
+ /* We could end up with truncation if anscp was NULL
|
||||
+ (not allowed to change caller's buffer) and the
|
||||
+ response buffer size is too small. This isn't a
|
||||
+ reliable way to detect truncation because the ioctl
|
||||
+ may be an inaccurate report of the UDP message size.
|
||||
+ Therefore we use this only to issue debug output.
|
||||
+ To do truncation accurately with UDP we need
|
||||
+ MSG_TRUNC which is only available on Linux. We
|
||||
+ can abstract out the Linux-specific feature in the
|
||||
+ future to detect truncation. */
|
||||
+ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) {
|
||||
+ Dprint(statp->options & RES_DEBUG,
|
||||
+ (stdout, ";; response may be truncated (UDP)\n")
|
||||
+ );
|
||||
+ }
|
||||
+
|
||||
HEADER *anhp = (HEADER *) *thisansp;
|
||||
socklen_t fromlen = sizeof(struct sockaddr_in6);
|
||||
assert (sizeof(from) <= fromlen);
|
||||
155
meta/recipes-core/glibc/glibc/CVE-2015-8776.patch
Normal file
155
meta/recipes-core/glibc/glibc/CVE-2015-8776.patch
Normal file
@@ -0,0 +1,155 @@
|
||||
From d36c75fc0d44deec29635dd239b0fbd206ca49b7 Mon Sep 17 00:00:00 2001
|
||||
From: Paul Pluzhnikov <ppluzhnikov@google.com>
|
||||
Date: Sat, 26 Sep 2015 13:27:48 -0700
|
||||
Subject: [PATCH] Fix BZ #18985 -- out of range data to strftime() causes a
|
||||
segfault
|
||||
|
||||
Upstream-Status: Backport
|
||||
CVE: CVE-2015-8776
|
||||
[Yocto # 8980]
|
||||
|
||||
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d36c75fc0d44deec29635dd239b0fbd206ca49b7
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
---
|
||||
ChangeLog | 8 ++++++++
|
||||
NEWS | 2 +-
|
||||
time/strftime_l.c | 20 +++++++++++++-------
|
||||
time/tst-strftime.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++-
|
||||
4 files changed, 73 insertions(+), 9 deletions(-)
|
||||
|
||||
Index: git/ChangeLog
|
||||
===================================================================
|
||||
--- git.orig/ChangeLog
|
||||
+++ git/ChangeLog
|
||||
@@ -1,3 +1,11 @@
|
||||
+2015-09-26 Paul Pluzhnikov <ppluzhnikov@google.com>
|
||||
+
|
||||
+ [BZ #18985]
|
||||
+ * time/strftime_l.c (a_wkday, f_wkday, a_month, f_month): Range check.
|
||||
+ (__strftime_internal): Likewise.
|
||||
+ * time/tst-strftime.c (do_bz18985): New test.
|
||||
+ (do_test): Call it.
|
||||
+
|
||||
2015-12-04 Joseph Myers <joseph@codesourcery.com>
|
||||
|
||||
[BZ #16961]
|
||||
Index: git/time/strftime_l.c
|
||||
===================================================================
|
||||
--- git.orig/time/strftime_l.c
|
||||
+++ git/time/strftime_l.c
|
||||
@@ -514,13 +514,17 @@ __strftime_internal (s, maxsize, format,
|
||||
only a few elements. Dereference the pointers only if the format
|
||||
requires this. Then it is ok to fail if the pointers are invalid. */
|
||||
# define a_wkday \
|
||||
- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(ABDAY_1) + tp->tm_wday))
|
||||
+ ((const CHAR_T *) (tp->tm_wday < 0 || tp->tm_wday > 6 \
|
||||
+ ? "?" : _NL_CURRENT (LC_TIME, NLW(ABDAY_1) + tp->tm_wday)))
|
||||
# define f_wkday \
|
||||
- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(DAY_1) + tp->tm_wday))
|
||||
+ ((const CHAR_T *) (tp->tm_wday < 0 || tp->tm_wday > 6 \
|
||||
+ ? "?" : _NL_CURRENT (LC_TIME, NLW(DAY_1) + tp->tm_wday)))
|
||||
# define a_month \
|
||||
- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(ABMON_1) + tp->tm_mon))
|
||||
+ ((const CHAR_T *) (tp->tm_mon < 0 || tp->tm_mon > 11 \
|
||||
+ ? "?" : _NL_CURRENT (LC_TIME, NLW(ABMON_1) + tp->tm_mon)))
|
||||
# define f_month \
|
||||
- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(MON_1) + tp->tm_mon))
|
||||
+ ((const CHAR_T *) (tp->tm_mon < 0 || tp->tm_mon > 11 \
|
||||
+ ? "?" : _NL_CURRENT (LC_TIME, NLW(MON_1) + tp->tm_mon)))
|
||||
# define ampm \
|
||||
((const CHAR_T *) _NL_CURRENT (LC_TIME, tp->tm_hour > 11 \
|
||||
? NLW(PM_STR) : NLW(AM_STR)))
|
||||
@@ -530,8 +534,10 @@ __strftime_internal (s, maxsize, format,
|
||||
# define ap_len STRLEN (ampm)
|
||||
#else
|
||||
# if !HAVE_STRFTIME
|
||||
-# define f_wkday (weekday_name[tp->tm_wday])
|
||||
-# define f_month (month_name[tp->tm_mon])
|
||||
+# define f_wkday (tp->tm_wday < 0 || tp->tm_wday > 6 \
|
||||
+ ? "?" : weekday_name[tp->tm_wday])
|
||||
+# define f_month (tp->tm_mon < 0 || tp->tm_mon > 11 \
|
||||
+ ? "?" : month_name[tp->tm_mon])
|
||||
# define a_wkday f_wkday
|
||||
# define a_month f_month
|
||||
# define ampm (L_("AMPM") + 2 * (tp->tm_hour > 11))
|
||||
@@ -1325,7 +1331,7 @@ __strftime_internal (s, maxsize, format,
|
||||
*tzset_called = true;
|
||||
}
|
||||
# endif
|
||||
- zone = tzname[tp->tm_isdst];
|
||||
+ zone = tp->tm_isdst <= 1 ? tzname[tp->tm_isdst] : "?";
|
||||
}
|
||||
#endif
|
||||
if (! zone)
|
||||
Index: git/time/tst-strftime.c
|
||||
===================================================================
|
||||
--- git.orig/time/tst-strftime.c
|
||||
+++ git/time/tst-strftime.c
|
||||
@@ -4,6 +4,56 @@
|
||||
#include <time.h>
|
||||
|
||||
|
||||
+static int
|
||||
+do_bz18985 (void)
|
||||
+{
|
||||
+ char buf[1000];
|
||||
+ struct tm ttm;
|
||||
+ int rc, ret = 0;
|
||||
+
|
||||
+ memset (&ttm, 1, sizeof (ttm));
|
||||
+ ttm.tm_zone = NULL; /* Dereferenced directly if non-NULL. */
|
||||
+ rc = strftime (buf, sizeof (buf), "%a %A %b %B %c %z %Z", &ttm);
|
||||
+
|
||||
+ if (rc == 66)
|
||||
+ {
|
||||
+ const char expected[]
|
||||
+ = "? ? ? ? ? ? 16843009 16843009:16843009:16843009 16844909 +467836 ?";
|
||||
+ if (0 != strcmp (buf, expected))
|
||||
+ {
|
||||
+ printf ("expected:\n %s\ngot:\n %s\n", expected, buf);
|
||||
+ ret += 1;
|
||||
+ }
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ printf ("expected 66, got %d\n", rc);
|
||||
+ ret += 1;
|
||||
+ }
|
||||
+
|
||||
+ /* Check negative values as well. */
|
||||
+ memset (&ttm, 0xFF, sizeof (ttm));
|
||||
+ ttm.tm_zone = NULL; /* Dereferenced directly if non-NULL. */
|
||||
+ rc = strftime (buf, sizeof (buf), "%a %A %b %B %c %z %Z", &ttm);
|
||||
+
|
||||
+ if (rc == 30)
|
||||
+ {
|
||||
+ const char expected[] = "? ? ? ? ? ? -1 -1:-1:-1 1899 ";
|
||||
+ if (0 != strcmp (buf, expected))
|
||||
+ {
|
||||
+ printf ("expected:\n %s\ngot:\n %s\n", expected, buf);
|
||||
+ ret += 1;
|
||||
+ }
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ printf ("expected 30, got %d\n", rc);
|
||||
+ ret += 1;
|
||||
+ }
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
static struct
|
||||
{
|
||||
const char *fmt;
|
||||
@@ -104,7 +154,7 @@ do_test (void)
|
||||
}
|
||||
}
|
||||
|
||||
- return result;
|
||||
+ return result + do_bz18985 ();
|
||||
}
|
||||
|
||||
#define TEST_FUNCTION do_test ()
|
||||
122
meta/recipes-core/glibc/glibc/CVE-2015-8777.patch
Normal file
122
meta/recipes-core/glibc/glibc/CVE-2015-8777.patch
Normal file
@@ -0,0 +1,122 @@
|
||||
From a014cecd82b71b70a6a843e250e06b541ad524f7 Mon Sep 17 00:00:00 2001
|
||||
From: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Thu, 15 Oct 2015 09:23:07 +0200
|
||||
Subject: [PATCH] Always enable pointer guard [BZ #18928]
|
||||
|
||||
Honoring the LD_POINTER_GUARD environment variable in AT_SECURE mode
|
||||
has security implications. This commit enables pointer guard
|
||||
unconditionally, and the environment variable is now ignored.
|
||||
|
||||
[BZ #18928]
|
||||
* sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
|
||||
_dl_pointer_guard member.
|
||||
* elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard
|
||||
initializer.
|
||||
(security_init): Always set up pointer guard.
|
||||
(process_envvars): Do not process LD_POINTER_GUARD.
|
||||
|
||||
Upstream-Status: Backport
|
||||
CVE: CVE-2015-8777
|
||||
[Yocto # 8980]
|
||||
|
||||
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a014cecd82b71b70a6a843e250e06b541ad524f7
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
---
|
||||
ChangeLog | 10 ++++++++++
|
||||
NEWS | 13 ++++++++-----
|
||||
elf/rtld.c | 15 ++++-----------
|
||||
sysdeps/generic/ldsodefs.h | 3 ---
|
||||
4 files changed, 22 insertions(+), 19 deletions(-)
|
||||
|
||||
Index: git/elf/rtld.c
|
||||
===================================================================
|
||||
--- git.orig/elf/rtld.c
|
||||
+++ git/elf/rtld.c
|
||||
@@ -163,7 +163,6 @@ struct rtld_global_ro _rtld_global_ro at
|
||||
._dl_hwcap_mask = HWCAP_IMPORTANT,
|
||||
._dl_lazy = 1,
|
||||
._dl_fpu_control = _FPU_DEFAULT,
|
||||
- ._dl_pointer_guard = 1,
|
||||
._dl_pagesize = EXEC_PAGESIZE,
|
||||
._dl_inhibit_cache = 0,
|
||||
|
||||
@@ -710,15 +709,12 @@ security_init (void)
|
||||
#endif
|
||||
|
||||
/* Set up the pointer guard as well, if necessary. */
|
||||
- if (GLRO(dl_pointer_guard))
|
||||
- {
|
||||
- uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random,
|
||||
- stack_chk_guard);
|
||||
+ uintptr_t pointer_chk_guard
|
||||
+ = _dl_setup_pointer_guard (_dl_random, stack_chk_guard);
|
||||
#ifdef THREAD_SET_POINTER_GUARD
|
||||
- THREAD_SET_POINTER_GUARD (pointer_chk_guard);
|
||||
+ THREAD_SET_POINTER_GUARD (pointer_chk_guard);
|
||||
#endif
|
||||
- __pointer_chk_guard_local = pointer_chk_guard;
|
||||
- }
|
||||
+ __pointer_chk_guard_local = pointer_chk_guard;
|
||||
|
||||
/* We do not need the _dl_random value anymore. The less
|
||||
information we leave behind, the better, so clear the
|
||||
@@ -2478,9 +2474,6 @@ process_envvars (enum mode *modep)
|
||||
GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0;
|
||||
break;
|
||||
}
|
||||
-
|
||||
- if (memcmp (envline, "POINTER_GUARD", 13) == 0)
|
||||
- GLRO(dl_pointer_guard) = envline[14] != '0';
|
||||
break;
|
||||
|
||||
case 14:
|
||||
Index: git/sysdeps/generic/ldsodefs.h
|
||||
===================================================================
|
||||
--- git.orig/sysdeps/generic/ldsodefs.h
|
||||
+++ git/sysdeps/generic/ldsodefs.h
|
||||
@@ -590,9 +590,6 @@ struct rtld_global_ro
|
||||
/* List of auditing interfaces. */
|
||||
struct audit_ifaces *_dl_audit;
|
||||
unsigned int _dl_naudit;
|
||||
-
|
||||
- /* 0 if internal pointer values should not be guarded, 1 if they should. */
|
||||
- EXTERN int _dl_pointer_guard;
|
||||
};
|
||||
# define __rtld_global_attribute__
|
||||
# if IS_IN (rtld)
|
||||
Index: git/ChangeLog
|
||||
===================================================================
|
||||
--- git.orig/ChangeLog
|
||||
+++ git/ChangeLog
|
||||
@@ -1,3 +1,13 @@
|
||||
+2015-10-15 Florian Weimer <fweimer@redhat.com>
|
||||
+
|
||||
+ [BZ #18928]
|
||||
+ * sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
|
||||
+ _dl_pointer_guard member.
|
||||
+ * elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard
|
||||
+ initializer.
|
||||
+ (security_init): Always set up pointer guard.
|
||||
+ (process_envvars): Do not process LD_POINTER_GUARD.
|
||||
+
|
||||
2015-02-06 Carlos O'Donell <carlos@systemhalted.org>
|
||||
|
||||
* version.h (RELEASE): Set to "stable".
|
||||
Index: git/NEWS
|
||||
===================================================================
|
||||
--- git.orig/NEWS
|
||||
+++ git/NEWS
|
||||
@@ -19,7 +19,10 @@ Version 2.21
|
||||
17722, 17723, 17724, 17725, 17732, 17733, 17744, 17745, 17746, 17747,
|
||||
17748, 17775, 17777, 17780, 17781, 17782, 17791, 17793, 17796, 17797,
|
||||
17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
|
||||
- 17892.
|
||||
+ 17892, 18928.
|
||||
+
|
||||
+* The LD_POINTER_GUARD environment variable can no longer be used to
|
||||
+ disable the pointer guard feature. It is always enabled.
|
||||
|
||||
* CVE-2015-1472 Under certain conditions wscanf can allocate too little
|
||||
memory for the to-be-scanned arguments and overflow the allocated
|
||||
262
meta/recipes-core/glibc/glibc/CVE-2015-8779.patch
Normal file
262
meta/recipes-core/glibc/glibc/CVE-2015-8779.patch
Normal file
@@ -0,0 +1,262 @@
|
||||
From 0f58539030e436449f79189b6edab17d7479796e Mon Sep 17 00:00:00 2001
|
||||
From: Paul Pluzhnikov <ppluzhnikov@google.com>
|
||||
Date: Sat, 8 Aug 2015 15:53:03 -0700
|
||||
Subject: [PATCH] Fix BZ #17905
|
||||
|
||||
Upstream-Status: Backport
|
||||
CVE: CVE-2015-8779
|
||||
[Yocto # 8980]
|
||||
|
||||
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f58539030e436449f79189b6edab17d7479796e
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
---
|
||||
ChangeLog | 8 ++++++++
|
||||
NEWS | 2 +-
|
||||
catgets/Makefile | 9 ++++++++-
|
||||
catgets/catgets.c | 19 ++++++++++++-------
|
||||
catgets/open_catalog.c | 23 ++++++++++++++---------
|
||||
catgets/tst-catgets.c | 31 +++++++++++++++++++++++++++++++
|
||||
6 files changed, 74 insertions(+), 18 deletions(-)
|
||||
|
||||
Index: git/catgets/Makefile
|
||||
===================================================================
|
||||
--- git.orig/catgets/Makefile
|
||||
+++ git/catgets/Makefile
|
||||
@@ -37,6 +37,7 @@ ifeq (y,$(OPTION_EGLIBC_CATGETS))
|
||||
ifeq ($(run-built-tests),yes)
|
||||
tests-special += $(objpfx)de/libc.cat $(objpfx)test1.cat $(objpfx)test2.cat \
|
||||
$(objpfx)sample.SJIS.cat $(objpfx)test-gencat.out
|
||||
+tests-special += $(objpfx)tst-catgets-mem.out
|
||||
endif
|
||||
endif
|
||||
gencat-modules = xmalloc
|
||||
@@ -53,9 +54,11 @@ catgets-CPPFLAGS := -DNLSPATH='"$(msgcat
|
||||
|
||||
generated += de.msg test1.cat test1.h test2.cat test2.h sample.SJIS.cat \
|
||||
test-gencat.h
|
||||
+generated += tst-catgets.mtrace tst-catgets-mem.out
|
||||
+
|
||||
generated-dirs += de
|
||||
|
||||
-tst-catgets-ENV = NLSPATH="$(objpfx)%l/%N.cat" LANG=de
|
||||
+tst-catgets-ENV = NLSPATH="$(objpfx)%l/%N.cat" LANG=de MALLOC_TRACE=$(objpfx)tst-catgets.mtrace
|
||||
|
||||
ifeq ($(run-built-tests),yes)
|
||||
# This test just checks whether the program produces any error or not.
|
||||
@@ -89,4 +92,8 @@ $(objpfx)test-gencat.out: test-gencat.sh
|
||||
$(objpfx)sample.SJIS.cat: sample.SJIS $(objpfx)gencat
|
||||
$(built-program-cmd) -H $(objpfx)test-gencat.h < $(word 1,$^) > $@; \
|
||||
$(evaluate-test)
|
||||
+
|
||||
+$(objpfx)tst-catgets-mem.out: $(objpfx)tst-catgets.out
|
||||
+ $(common-objpfx)malloc/mtrace $(objpfx)tst-catgets.mtrace > $@; \
|
||||
+ $(evaluate-test)
|
||||
endif
|
||||
Index: git/catgets/catgets.c
|
||||
===================================================================
|
||||
--- git.orig/catgets/catgets.c
|
||||
+++ git/catgets/catgets.c
|
||||
@@ -16,7 +16,6 @@
|
||||
License along with the GNU C Library; if not, see
|
||||
<http://www.gnu.org/licenses/>. */
|
||||
|
||||
-#include <alloca.h>
|
||||
#include <errno.h>
|
||||
#include <locale.h>
|
||||
#include <nl_types.h>
|
||||
@@ -35,6 +34,7 @@ catopen (const char *cat_name, int flag)
|
||||
__nl_catd result;
|
||||
const char *env_var = NULL;
|
||||
const char *nlspath = NULL;
|
||||
+ char *tmp = NULL;
|
||||
|
||||
if (strchr (cat_name, '/') == NULL)
|
||||
{
|
||||
@@ -54,7 +54,10 @@ catopen (const char *cat_name, int flag)
|
||||
{
|
||||
/* Append the system dependent directory. */
|
||||
size_t len = strlen (nlspath) + 1 + sizeof NLSPATH;
|
||||
- char *tmp = alloca (len);
|
||||
+ tmp = malloc (len);
|
||||
+
|
||||
+ if (__glibc_unlikely (tmp == NULL))
|
||||
+ return (nl_catd) -1;
|
||||
|
||||
__stpcpy (__stpcpy (__stpcpy (tmp, nlspath), ":"), NLSPATH);
|
||||
nlspath = tmp;
|
||||
@@ -65,16 +68,18 @@ catopen (const char *cat_name, int flag)
|
||||
|
||||
result = (__nl_catd) malloc (sizeof (*result));
|
||||
if (result == NULL)
|
||||
- /* We cannot get enough memory. */
|
||||
- return (nl_catd) -1;
|
||||
-
|
||||
- if (__open_catalog (cat_name, nlspath, env_var, result) != 0)
|
||||
+ {
|
||||
+ /* We cannot get enough memory. */
|
||||
+ result = (nl_catd) -1;
|
||||
+ }
|
||||
+ else if (__open_catalog (cat_name, nlspath, env_var, result) != 0)
|
||||
{
|
||||
/* Couldn't open the file. */
|
||||
free ((void *) result);
|
||||
- return (nl_catd) -1;
|
||||
+ result = (nl_catd) -1;
|
||||
}
|
||||
|
||||
+ free (tmp);
|
||||
return (nl_catd) result;
|
||||
}
|
||||
|
||||
Index: git/catgets/open_catalog.c
|
||||
===================================================================
|
||||
--- git.orig/catgets/open_catalog.c
|
||||
+++ git/catgets/open_catalog.c
|
||||
@@ -47,6 +47,7 @@ __open_catalog (const char *cat_name, co
|
||||
size_t tab_size;
|
||||
const char *lastp;
|
||||
int result = -1;
|
||||
+ char *buf = NULL;
|
||||
|
||||
if (strchr (cat_name, '/') != NULL || nlspath == NULL)
|
||||
fd = open_not_cancel_2 (cat_name, O_RDONLY);
|
||||
@@ -57,23 +58,23 @@ __open_catalog (const char *cat_name, co
|
||||
if (__glibc_unlikely (bufact + (n) >= bufmax)) \
|
||||
{ \
|
||||
char *old_buf = buf; \
|
||||
- bufmax += 256 + (n); \
|
||||
- buf = (char *) alloca (bufmax); \
|
||||
- memcpy (buf, old_buf, bufact); \
|
||||
+ bufmax += (bufmax < 256 + (n)) ? 256 + (n) : bufmax; \
|
||||
+ buf = realloc (buf, bufmax); \
|
||||
+ if (__glibc_unlikely (buf == NULL)) \
|
||||
+ { \
|
||||
+ free (old_buf); \
|
||||
+ return -1; \
|
||||
+ } \
|
||||
}
|
||||
|
||||
/* The RUN_NLSPATH variable contains a colon separated list of
|
||||
descriptions where we expect to find catalogs. We have to
|
||||
recognize certain % substitutions and stop when we found the
|
||||
first existing file. */
|
||||
- char *buf;
|
||||
size_t bufact;
|
||||
- size_t bufmax;
|
||||
+ size_t bufmax = 0;
|
||||
size_t len;
|
||||
|
||||
- buf = NULL;
|
||||
- bufmax = 0;
|
||||
-
|
||||
fd = -1;
|
||||
while (*run_nlspath != '\0')
|
||||
{
|
||||
@@ -188,7 +189,10 @@ __open_catalog (const char *cat_name, co
|
||||
|
||||
/* Avoid dealing with directories and block devices */
|
||||
if (__builtin_expect (fd, 0) < 0)
|
||||
- return -1;
|
||||
+ {
|
||||
+ free (buf);
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
if (__builtin_expect (__fxstat64 (_STAT_VER, fd, &st), 0) < 0)
|
||||
goto close_unlock_return;
|
||||
@@ -325,6 +329,7 @@ __open_catalog (const char *cat_name, co
|
||||
/* Release the lock again. */
|
||||
close_unlock_return:
|
||||
close_not_cancel_no_status (fd);
|
||||
+ free (buf);
|
||||
|
||||
return result;
|
||||
}
|
||||
Index: git/catgets/tst-catgets.c
|
||||
===================================================================
|
||||
--- git.orig/catgets/tst-catgets.c
|
||||
+++ git/catgets/tst-catgets.c
|
||||
@@ -1,7 +1,10 @@
|
||||
+#include <assert.h>
|
||||
#include <mcheck.h>
|
||||
#include <nl_types.h>
|
||||
#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
#include <string.h>
|
||||
+#include <sys/resource.h>
|
||||
|
||||
|
||||
static const char *msgs[] =
|
||||
@@ -12,6 +15,33 @@ static const char *msgs[] =
|
||||
};
|
||||
#define nmsgs (sizeof (msgs) / sizeof (msgs[0]))
|
||||
|
||||
+
|
||||
+/* Test for unbounded alloca. */
|
||||
+static int
|
||||
+do_bz17905 (void)
|
||||
+{
|
||||
+ char *buf;
|
||||
+ struct rlimit rl;
|
||||
+ nl_catd result;
|
||||
+
|
||||
+ const int sz = 1024 * 1024;
|
||||
+
|
||||
+ getrlimit (RLIMIT_STACK, &rl);
|
||||
+ rl.rlim_cur = sz;
|
||||
+ setrlimit (RLIMIT_STACK, &rl);
|
||||
+
|
||||
+ buf = malloc (sz + 1);
|
||||
+ memset (buf, 'A', sz);
|
||||
+ buf[sz] = '\0';
|
||||
+ setenv ("NLSPATH", buf, 1);
|
||||
+
|
||||
+ result = catopen (buf, NL_CAT_LOCALE);
|
||||
+ assert (result == (nl_catd) -1);
|
||||
+
|
||||
+ free (buf);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
#define ROUNDS 5
|
||||
|
||||
static int
|
||||
@@ -62,6 +92,7 @@ do_test (void)
|
||||
}
|
||||
}
|
||||
|
||||
+ result += do_bz17905 ();
|
||||
return result;
|
||||
}
|
||||
|
||||
Index: git/ChangeLog
|
||||
===================================================================
|
||||
--- git.orig/ChangeLog
|
||||
+++ git/ChangeLog
|
||||
@@ -1,3 +1,11 @@
|
||||
+2015-08-08 Paul Pluzhnikov <ppluzhnikov@google.com>
|
||||
+
|
||||
+ [BZ #17905]
|
||||
+ * catgets/Makefile (tst-catgets-mem): New test.
|
||||
+ * catgets/catgets.c (catopen): Don't use unbounded alloca.
|
||||
+ * catgets/open_catalog.c (__open_catalog): Likewise.
|
||||
+ * catgets/tst-catgets.c (do_bz17905): Test unbounded alloca.
|
||||
+
|
||||
2015-10-15 Florian Weimer <fweimer@redhat.com>
|
||||
|
||||
[BZ #18928]
|
||||
Index: git/NEWS
|
||||
===================================================================
|
||||
--- git.orig/NEWS
|
||||
+++ git/NEWS
|
||||
@@ -19,7 +19,7 @@ Version 2.21
|
||||
17722, 17723, 17724, 17725, 17732, 17733, 17744, 17745, 17746, 17747,
|
||||
17748, 17775, 17777, 17780, 17781, 17782, 17791, 17793, 17796, 17797,
|
||||
17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
|
||||
- 17892, 18928.
|
||||
+ 17892, 18928, 17905.
|
||||
|
||||
* The LD_POINTER_GUARD environment variable can no longer be used to
|
||||
disable the pointer guard feature. It is always enabled.
|
||||
1039
meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
Normal file
1039
meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
Normal file
File diff suppressed because it is too large
Load Diff
388
meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
Normal file
388
meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
Normal file
@@ -0,0 +1,388 @@
|
||||
From 8f5e8b01a1da2a207228f2072c934fa5918554b8 Mon Sep 17 00:00:00 2001
|
||||
From: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Fri, 4 Dec 2015 20:36:28 +0000
|
||||
Subject: [PATCH] Fix nan functions handling of payload strings (bug 16961, bug
|
||||
16962).
|
||||
|
||||
The nan, nanf and nanl functions handle payload strings by doing e.g.:
|
||||
|
||||
if (tagp[0] != '\0')
|
||||
{
|
||||
char buf[6 + strlen (tagp)];
|
||||
sprintf (buf, "NAN(%s)", tagp);
|
||||
return strtod (buf, NULL);
|
||||
}
|
||||
|
||||
This is an unbounded stack allocation based on the length of the
|
||||
argument. Furthermore, if the argument starts with an n-char-sequence
|
||||
followed by ')', that n-char-sequence is wrongly treated as
|
||||
significant for determining the payload of the resulting NaN, when ISO
|
||||
C says the call should be equivalent to strtod ("NAN", NULL), without
|
||||
being affected by that initial n-char-sequence. This patch fixes both
|
||||
those problems by using the __strtod_nan etc. functions recently
|
||||
factored out of strtod etc. for that purpose, with those functions
|
||||
being exported from libc at version GLIBC_PRIVATE.
|
||||
|
||||
Tested for x86_64, x86, mips64 and powerpc.
|
||||
|
||||
[BZ #16961]
|
||||
[BZ #16962]
|
||||
* math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
|
||||
string on the stack for strtod.
|
||||
* math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
|
||||
a string on the stack for strtof.
|
||||
* math/s_nanl.c (__nanl): Use __strtold_nan instead of
|
||||
constructing a string on the stack for strtold.
|
||||
* stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
|
||||
__strtold_nan to GLIBC_PRIVATE.
|
||||
* math/test-nan-overflow.c: New file.
|
||||
* math/test-nan-payload.c: Likewise.
|
||||
* math/Makefile (tests): Add test-nan-overflow and
|
||||
test-nan-payload.
|
||||
|
||||
Upstream-Status: Backport
|
||||
CVE: CVE-2015-9761 patch #2
|
||||
[Yocto # 8980]
|
||||
|
||||
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
---
|
||||
ChangeLog | 17 +++++++
|
||||
NEWS | 6 +++
|
||||
math/Makefile | 3 +-
|
||||
math/s_nan.c | 9 +---
|
||||
math/s_nanf.c | 9 +---
|
||||
math/s_nanl.c | 9 +---
|
||||
math/test-nan-overflow.c | 66 +++++++++++++++++++++++++
|
||||
math/test-nan-payload.c | 122 +++++++++++++++++++++++++++++++++++++++++++++++
|
||||
stdlib/Versions | 1 +
|
||||
9 files changed, 217 insertions(+), 25 deletions(-)
|
||||
create mode 100644 math/test-nan-overflow.c
|
||||
create mode 100644 math/test-nan-payload.c
|
||||
|
||||
Index: git/ChangeLog
|
||||
===================================================================
|
||||
--- git.orig/ChangeLog
|
||||
+++ git/ChangeLog
|
||||
@@ -1,3 +1,20 @@
|
||||
+2015-12-04 Joseph Myers <joseph@codesourcery.com>
|
||||
+
|
||||
+ [BZ #16961]
|
||||
+ [BZ #16962]
|
||||
+ * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
|
||||
+ string on the stack for strtod.
|
||||
+ * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
|
||||
+ a string on the stack for strtof.
|
||||
+ * math/s_nanl.c (__nanl): Use __strtold_nan instead of
|
||||
+ constructing a string on the stack for strtold.
|
||||
+ * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
|
||||
+ __strtold_nan to GLIBC_PRIVATE.
|
||||
+ * math/test-nan-overflow.c: New file.
|
||||
+ * math/test-nan-payload.c: Likewise.
|
||||
+ * math/Makefile (tests): Add test-nan-overflow and
|
||||
+ test-nan-payload.
|
||||
+
|
||||
2015-11-24 Joseph Myers <joseph@codesourcery.com>
|
||||
|
||||
* stdlib/strtod_nan.c: New file.
|
||||
Index: git/NEWS
|
||||
===================================================================
|
||||
--- git.orig/NEWS
|
||||
+++ git/NEWS
|
||||
@@ -7,6 +7,12 @@ using `glibc' in the "product" field.
|
||||
|
||||
Version 2.21
|
||||
|
||||
+Security related changes:
|
||||
+
|
||||
+* The nan, nanf and nanl functions no longer have unbounded stack usage
|
||||
+ depending on the length of the string passed as an argument to the
|
||||
+ functions. Reported by Joseph Myers.
|
||||
+
|
||||
* The following bugs are resolved with this release:
|
||||
|
||||
6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498,
|
||||
Index: git/math/s_nan.c
|
||||
===================================================================
|
||||
--- git.orig/math/s_nan.c
|
||||
+++ git/math/s_nan.c
|
||||
@@ -28,14 +28,7 @@
|
||||
double
|
||||
__nan (const char *tagp)
|
||||
{
|
||||
- if (tagp[0] != '\0')
|
||||
- {
|
||||
- char buf[6 + strlen (tagp)];
|
||||
- sprintf (buf, "NAN(%s)", tagp);
|
||||
- return strtod (buf, NULL);
|
||||
- }
|
||||
-
|
||||
- return NAN;
|
||||
+ return __strtod_nan (tagp, NULL, 0);
|
||||
}
|
||||
weak_alias (__nan, nan)
|
||||
#ifdef NO_LONG_DOUBLE
|
||||
Index: git/math/s_nanf.c
|
||||
===================================================================
|
||||
--- git.orig/math/s_nanf.c
|
||||
+++ git/math/s_nanf.c
|
||||
@@ -28,13 +28,6 @@
|
||||
float
|
||||
__nanf (const char *tagp)
|
||||
{
|
||||
- if (tagp[0] != '\0')
|
||||
- {
|
||||
- char buf[6 + strlen (tagp)];
|
||||
- sprintf (buf, "NAN(%s)", tagp);
|
||||
- return strtof (buf, NULL);
|
||||
- }
|
||||
-
|
||||
- return NAN;
|
||||
+ return __strtof_nan (tagp, NULL, 0);
|
||||
}
|
||||
weak_alias (__nanf, nanf)
|
||||
Index: git/math/s_nanl.c
|
||||
===================================================================
|
||||
--- git.orig/math/s_nanl.c
|
||||
+++ git/math/s_nanl.c
|
||||
@@ -28,13 +28,6 @@
|
||||
long double
|
||||
__nanl (const char *tagp)
|
||||
{
|
||||
- if (tagp[0] != '\0')
|
||||
- {
|
||||
- char buf[6 + strlen (tagp)];
|
||||
- sprintf (buf, "NAN(%s)", tagp);
|
||||
- return strtold (buf, NULL);
|
||||
- }
|
||||
-
|
||||
- return NAN;
|
||||
+ return __strtold_nan (tagp, NULL, 0);
|
||||
}
|
||||
weak_alias (__nanl, nanl)
|
||||
Index: git/math/test-nan-overflow.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/math/test-nan-overflow.c
|
||||
@@ -0,0 +1,66 @@
|
||||
+/* Test nan functions stack overflow (bug 16962).
|
||||
+ Copyright (C) 2015 Free Software Foundation, Inc.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <http://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include <math.h>
|
||||
+#include <stdio.h>
|
||||
+#include <string.h>
|
||||
+#include <sys/resource.h>
|
||||
+
|
||||
+#define STACK_LIM 1048576
|
||||
+#define STRING_SIZE (2 * STACK_LIM)
|
||||
+
|
||||
+static int
|
||||
+do_test (void)
|
||||
+{
|
||||
+ int result = 0;
|
||||
+ struct rlimit lim;
|
||||
+ getrlimit (RLIMIT_STACK, &lim);
|
||||
+ lim.rlim_cur = STACK_LIM;
|
||||
+ setrlimit (RLIMIT_STACK, &lim);
|
||||
+ char *nanstr = malloc (STRING_SIZE);
|
||||
+ if (nanstr == NULL)
|
||||
+ {
|
||||
+ puts ("malloc failed, cannot test");
|
||||
+ return 77;
|
||||
+ }
|
||||
+ memset (nanstr, '0', STRING_SIZE - 1);
|
||||
+ nanstr[STRING_SIZE - 1] = 0;
|
||||
+#define NAN_TEST(TYPE, FUNC) \
|
||||
+ do \
|
||||
+ { \
|
||||
+ char *volatile p = nanstr; \
|
||||
+ volatile TYPE v = FUNC (p); \
|
||||
+ if (isnan (v)) \
|
||||
+ puts ("PASS: " #FUNC); \
|
||||
+ else \
|
||||
+ { \
|
||||
+ puts ("FAIL: " #FUNC); \
|
||||
+ result = 1; \
|
||||
+ } \
|
||||
+ } \
|
||||
+ while (0)
|
||||
+ NAN_TEST (float, nanf);
|
||||
+ NAN_TEST (double, nan);
|
||||
+#ifndef NO_LONG_DOUBLE
|
||||
+ NAN_TEST (long double, nanl);
|
||||
+#endif
|
||||
+ return result;
|
||||
+}
|
||||
+
|
||||
+#define TEST_FUNCTION do_test ()
|
||||
+#include "../test-skeleton.c"
|
||||
Index: git/math/test-nan-payload.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/math/test-nan-payload.c
|
||||
@@ -0,0 +1,122 @@
|
||||
+/* Test nan functions payload handling (bug 16961).
|
||||
+ Copyright (C) 2015 Free Software Foundation, Inc.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <http://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include <float.h>
|
||||
+#include <math.h>
|
||||
+#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <string.h>
|
||||
+
|
||||
+/* Avoid built-in functions. */
|
||||
+#define WRAP_NAN(FUNC, STR) \
|
||||
+ ({ const char *volatile wns = (STR); FUNC (wns); })
|
||||
+#define WRAP_STRTO(FUNC, STR) \
|
||||
+ ({ const char *volatile wss = (STR); FUNC (wss, NULL); })
|
||||
+
|
||||
+#define CHECK_IS_NAN(TYPE, A) \
|
||||
+ do \
|
||||
+ { \
|
||||
+ if (isnan (A)) \
|
||||
+ puts ("PASS: " #TYPE " " #A); \
|
||||
+ else \
|
||||
+ { \
|
||||
+ puts ("FAIL: " #TYPE " " #A); \
|
||||
+ result = 1; \
|
||||
+ } \
|
||||
+ } \
|
||||
+ while (0)
|
||||
+
|
||||
+#define CHECK_SAME_NAN(TYPE, A, B) \
|
||||
+ do \
|
||||
+ { \
|
||||
+ if (memcmp (&(A), &(B), sizeof (A)) == 0) \
|
||||
+ puts ("PASS: " #TYPE " " #A " = " #B); \
|
||||
+ else \
|
||||
+ { \
|
||||
+ puts ("FAIL: " #TYPE " " #A " = " #B); \
|
||||
+ result = 1; \
|
||||
+ } \
|
||||
+ } \
|
||||
+ while (0)
|
||||
+
|
||||
+#define CHECK_DIFF_NAN(TYPE, A, B) \
|
||||
+ do \
|
||||
+ { \
|
||||
+ if (memcmp (&(A), &(B), sizeof (A)) != 0) \
|
||||
+ puts ("PASS: " #TYPE " " #A " != " #B); \
|
||||
+ else \
|
||||
+ { \
|
||||
+ puts ("FAIL: " #TYPE " " #A " != " #B); \
|
||||
+ result = 1; \
|
||||
+ } \
|
||||
+ } \
|
||||
+ while (0)
|
||||
+
|
||||
+/* Cannot test payloads by memcmp for formats where NaNs have padding
|
||||
+ bits. */
|
||||
+#define CAN_TEST_EQ(MANT_DIG) ((MANT_DIG) != 64 && (MANT_DIG) != 106)
|
||||
+
|
||||
+#define RUN_TESTS(TYPE, SFUNC, FUNC, MANT_DIG) \
|
||||
+ do \
|
||||
+ { \
|
||||
+ TYPE n123 = WRAP_NAN (FUNC, "123"); \
|
||||
+ CHECK_IS_NAN (TYPE, n123); \
|
||||
+ TYPE s123 = WRAP_STRTO (SFUNC, "NAN(123)"); \
|
||||
+ CHECK_IS_NAN (TYPE, s123); \
|
||||
+ TYPE n456 = WRAP_NAN (FUNC, "456"); \
|
||||
+ CHECK_IS_NAN (TYPE, n456); \
|
||||
+ TYPE s456 = WRAP_STRTO (SFUNC, "NAN(456)"); \
|
||||
+ CHECK_IS_NAN (TYPE, s456); \
|
||||
+ TYPE n123x = WRAP_NAN (FUNC, "123)"); \
|
||||
+ CHECK_IS_NAN (TYPE, n123x); \
|
||||
+ TYPE nemp = WRAP_NAN (FUNC, ""); \
|
||||
+ CHECK_IS_NAN (TYPE, nemp); \
|
||||
+ TYPE semp = WRAP_STRTO (SFUNC, "NAN()"); \
|
||||
+ CHECK_IS_NAN (TYPE, semp); \
|
||||
+ TYPE sx = WRAP_STRTO (SFUNC, "NAN"); \
|
||||
+ CHECK_IS_NAN (TYPE, sx); \
|
||||
+ if (CAN_TEST_EQ (MANT_DIG)) \
|
||||
+ CHECK_SAME_NAN (TYPE, n123, s123); \
|
||||
+ if (CAN_TEST_EQ (MANT_DIG)) \
|
||||
+ CHECK_SAME_NAN (TYPE, n456, s456); \
|
||||
+ if (CAN_TEST_EQ (MANT_DIG)) \
|
||||
+ CHECK_SAME_NAN (TYPE, nemp, semp); \
|
||||
+ if (CAN_TEST_EQ (MANT_DIG)) \
|
||||
+ CHECK_SAME_NAN (TYPE, n123x, sx); \
|
||||
+ CHECK_DIFF_NAN (TYPE, n123, n456); \
|
||||
+ CHECK_DIFF_NAN (TYPE, n123, nemp); \
|
||||
+ CHECK_DIFF_NAN (TYPE, n123, n123x); \
|
||||
+ CHECK_DIFF_NAN (TYPE, n456, nemp); \
|
||||
+ CHECK_DIFF_NAN (TYPE, n456, n123x); \
|
||||
+ } \
|
||||
+ while (0)
|
||||
+
|
||||
+static int
|
||||
+do_test (void)
|
||||
+{
|
||||
+ int result = 0;
|
||||
+ RUN_TESTS (float, strtof, nanf, FLT_MANT_DIG);
|
||||
+ RUN_TESTS (double, strtod, nan, DBL_MANT_DIG);
|
||||
+#ifndef NO_LONG_DOUBLE
|
||||
+ RUN_TESTS (long double, strtold, nanl, LDBL_MANT_DIG);
|
||||
+#endif
|
||||
+ return result;
|
||||
+}
|
||||
+
|
||||
+#define TEST_FUNCTION do_test ()
|
||||
+#include "../test-skeleton.c"
|
||||
Index: git/stdlib/Versions
|
||||
===================================================================
|
||||
--- git.orig/stdlib/Versions
|
||||
+++ git/stdlib/Versions
|
||||
@@ -118,5 +118,6 @@ libc {
|
||||
# Used from other libraries
|
||||
__libc_secure_getenv;
|
||||
__call_tls_dtors;
|
||||
+ __strtof_nan; __strtod_nan; __strtold_nan;
|
||||
}
|
||||
}
|
||||
Index: git/math/Makefile
|
||||
===================================================================
|
||||
--- git.orig/math/Makefile
|
||||
+++ git/math/Makefile
|
||||
@@ -92,7 +92,9 @@ tests = test-matherr test-fenv atest-exp
|
||||
test-misc test-fpucw test-fpucw-ieee tst-definitions test-tgmath \
|
||||
test-tgmath-ret bug-nextafter bug-nexttoward bug-tgmath1 \
|
||||
test-tgmath-int test-tgmath2 test-powl tst-CMPLX tst-CMPLX2 test-snan \
|
||||
- test-fenv-tls test-fenv-preserve test-fenv-return $(tests-static)
|
||||
+ test-fenv-tls test-fenv-preserve test-fenv-return \
|
||||
+ test-nan-overflow test-nan-payload \
|
||||
+ $(tests-static)
|
||||
tests-static = test-fpucw-static test-fpucw-ieee-static
|
||||
# We do the `long double' tests only if this data type is available and
|
||||
# distinct from `double'.
|
||||
@@ -30,6 +30,7 @@ SRC_URI = "git://sourceware.org/git/glibc.git;branch=${BRANCH} \
|
||||
file://Fix-__memcpy_chk-on-non-SSE2-CPUs.patch \
|
||||
${EGLIBCPATCHES} \
|
||||
${CVEPATCHES} \
|
||||
file://AArch64-Fix-the-big-endian-loader-name.patch \
|
||||
"
|
||||
EGLIBCPATCHES = "\
|
||||
file://timezone-re-written-tzselect-as-posix-sh.patch \
|
||||
@@ -47,6 +48,12 @@ EGLIBCPATCHES = "\
|
||||
#
|
||||
CVEPATCHES = "\
|
||||
file://CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch \
|
||||
file://CVE-2015-8777.patch \
|
||||
file://CVE-2015-8779.patch \
|
||||
file://CVE-2015-9761_1.patch \
|
||||
file://CVE-2015-9761_2.patch \
|
||||
file://CVE-2015-8776.patch \
|
||||
file://CVE-2015-7547.patch \
|
||||
"
|
||||
|
||||
LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
|
||||
|
||||
@@ -21,7 +21,7 @@ IMAGE_FSTYPES = "vmdk"
|
||||
|
||||
inherit core-image
|
||||
|
||||
SRCREV ?= "963a0c2f76bd93f44df39c7476df01cef30a2731"
|
||||
SRCREV ?= "e6b06016bcad22d79ad67cc8193af490027c2dd0"
|
||||
SRC_URI = "git://git.yoctoproject.org/poky;branch=fido \
|
||||
file://Yocto_Build_Appliance.vmx \
|
||||
file://Yocto_Build_Appliance.vmxf \
|
||||
|
||||
@@ -97,7 +97,11 @@ rm -f /etc/udev/scripts/mount*
|
||||
umount /dev/${device}* 2> /dev/null || /bin/true
|
||||
|
||||
mkdir -p /tmp
|
||||
cat /proc/mounts > /etc/mtab
|
||||
|
||||
# Create /etc/mtab if not present
|
||||
if [ ! -e /etc/mtab ]; then
|
||||
cat /proc/mounts > /etc/mtab
|
||||
fi
|
||||
|
||||
disk_size=$(parted /dev/${device} unit mb print | grep Disk | cut -d" " -f 3 | sed -e "s/MB//")
|
||||
|
||||
|
||||
@@ -23,6 +23,22 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
|
||||
file://libxml-m4-use-pkgconfig.patch \
|
||||
file://configure.ac-fix-cross-compiling-warning.patch \
|
||||
file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \
|
||||
file://CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch \
|
||||
file://CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch \
|
||||
file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \
|
||||
file://CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch \
|
||||
file://CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch \
|
||||
file://0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch \
|
||||
file://CVE-2015-7498-Avoid-processing-entities-after-encoding-conversion-.patch \
|
||||
file://0001-CVE-2015-7497-Avoid-an-heap-buffer-overflow-in-xmlDi.patch \
|
||||
file://CVE-2015-7499-1-Add-xmlHaltParser-to-stop-the-parser.patch \
|
||||
file://CVE-2015-7499-2-Detect-incoherency-on-GROW.patch \
|
||||
file://0001-Fix-a-bug-on-name-parsing-at-the-end-of-current-inpu.patch \
|
||||
file://0001-CVE-2015-7500-Fix-memory-access-error-due-to-incorre.patch \
|
||||
file://0001-CVE-2015-8242-Buffer-overead-with-HTML-parser-in-pus.patch \
|
||||
file://0001-CVE-2015-5312-Another-entity-expansion-issue.patch \
|
||||
file://CVE-2015-8241.patch \
|
||||
file://CVE-2015-8710.patch \
|
||||
"
|
||||
|
||||
BINCONFIG = "${bindir}/xml2-config"
|
||||
|
||||
@@ -0,0 +1,39 @@
|
||||
From 69030714cde66d525a8884bda01b9e8f0abf8e1e Mon Sep 17 00:00:00 2001
|
||||
From: David Drysdale <drysdale@google.com>
|
||||
Date: Fri, 20 Nov 2015 11:13:45 +0800
|
||||
Subject: [PATCH] CVE-2015-5312 Another entity expansion issue
|
||||
|
||||
For https://bugzilla.gnome.org/show_bug.cgi?id=756733
|
||||
It is one case where the code in place to detect entities expansions
|
||||
failed to exit when the situation was detected, leading to DoS
|
||||
Problem reported by Kostya Serebryany @ Google
|
||||
Patch provided by David Drysdale @ Google
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
CVE-2015-5312
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
---
|
||||
parser.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/parser.c b/parser.c
|
||||
index b7b6668..da6e729 100644
|
||||
--- a/parser.c
|
||||
+++ b/parser.c
|
||||
@@ -2806,6 +2806,10 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
|
||||
0, 0, 0);
|
||||
ctxt->depth--;
|
||||
|
||||
+ if ((ctxt->lastError.code == XML_ERR_ENTITY_LOOP) ||
|
||||
+ (ctxt->lastError.code == XML_ERR_INTERNAL_ERROR))
|
||||
+ goto int_error;
|
||||
+
|
||||
if (rep != NULL) {
|
||||
current = rep;
|
||||
while (*current != 0) { /* non input consuming loop */
|
||||
--
|
||||
2.3.5
|
||||
|
||||
@@ -0,0 +1,40 @@
|
||||
From 6360a31a84efe69d155ed96306b9a931a40beab9 Mon Sep 17 00:00:00 2001
|
||||
From: David Drysdale <drysdale@google.com>
|
||||
Date: Fri, 20 Nov 2015 10:47:12 +0800
|
||||
Subject: [PATCH] CVE-2015-7497 Avoid an heap buffer overflow in
|
||||
xmlDictComputeFastQKey
|
||||
|
||||
For https://bugzilla.gnome.org/show_bug.cgi?id=756528
|
||||
It was possible to hit a negative offset in the name indexing
|
||||
used to randomize the dictionary key generation
|
||||
Reported and fix provided by David Drysdale @ Google
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
CVE-2015-7497
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
---
|
||||
dict.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/dict.c b/dict.c
|
||||
index 5f71d55..8c8f931 100644
|
||||
--- a/dict.c
|
||||
+++ b/dict.c
|
||||
@@ -486,7 +486,10 @@ xmlDictComputeFastQKey(const xmlChar *prefix, int plen,
|
||||
value += 30 * (*prefix);
|
||||
|
||||
if (len > 10) {
|
||||
- value += name[len - (plen + 1 + 1)];
|
||||
+ int offset = len - (plen + 1 + 1);
|
||||
+ if (offset < 0)
|
||||
+ offset = len - (10 + 1);
|
||||
+ value += name[offset];
|
||||
len = 10;
|
||||
if (plen > 10)
|
||||
plen = 10;
|
||||
--
|
||||
2.3.5
|
||||
|
||||
@@ -0,0 +1,131 @@
|
||||
From f1063fdbe7fa66332bbb76874101c2a7b51b519f Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Veillard <veillard@redhat.com>
|
||||
Date: Fri, 20 Nov 2015 16:06:59 +0800
|
||||
Subject: [PATCH] CVE-2015-7500 Fix memory access error due to incorrect
|
||||
entities boundaries
|
||||
|
||||
For https://bugzilla.gnome.org/show_bug.cgi?id=756525
|
||||
handle properly the case where we popped out of the current entity
|
||||
while processing a start tag
|
||||
Reported by Kostya Serebryany @ Google
|
||||
|
||||
This slightly modifies the output of 754946 in regression tests
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
CVE-2015-7500
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
---
|
||||
parser.c | 28 ++++++++++++++++++++++------
|
||||
result/errors/754946.xml.err | 7 +++++--
|
||||
2 files changed, 27 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/parser.c b/parser.c
|
||||
index c7e4574..c5741e3 100644
|
||||
--- a/parser.c
|
||||
+++ b/parser.c
|
||||
@@ -9348,7 +9348,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
|
||||
const xmlChar **atts = ctxt->atts;
|
||||
int maxatts = ctxt->maxatts;
|
||||
int nratts, nbatts, nbdef;
|
||||
- int i, j, nbNs, attval, oldline, oldcol;
|
||||
+ int i, j, nbNs, attval, oldline, oldcol, inputNr;
|
||||
const xmlChar *base;
|
||||
unsigned long cur;
|
||||
int nsNr = ctxt->nsNr;
|
||||
@@ -9367,6 +9367,7 @@ reparse:
|
||||
SHRINK;
|
||||
base = ctxt->input->base;
|
||||
cur = ctxt->input->cur - ctxt->input->base;
|
||||
+ inputNr = ctxt->inputNr;
|
||||
oldline = ctxt->input->line;
|
||||
oldcol = ctxt->input->col;
|
||||
nbatts = 0;
|
||||
@@ -9392,7 +9393,8 @@ reparse:
|
||||
*/
|
||||
SKIP_BLANKS;
|
||||
GROW;
|
||||
- if (ctxt->input->base != base) goto base_changed;
|
||||
+ if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
|
||||
+ goto base_changed;
|
||||
|
||||
while (((RAW != '>') &&
|
||||
((RAW != '/') || (NXT(1) != '>')) &&
|
||||
@@ -9403,7 +9405,7 @@ reparse:
|
||||
|
||||
attname = xmlParseAttribute2(ctxt, prefix, localname,
|
||||
&aprefix, &attvalue, &len, &alloc);
|
||||
- if (ctxt->input->base != base) {
|
||||
+ if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
|
||||
if ((attvalue != NULL) && (alloc != 0))
|
||||
xmlFree(attvalue);
|
||||
attvalue = NULL;
|
||||
@@ -9552,7 +9554,8 @@ skip_ns:
|
||||
break;
|
||||
}
|
||||
SKIP_BLANKS;
|
||||
- if (ctxt->input->base != base) goto base_changed;
|
||||
+ if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
|
||||
+ goto base_changed;
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -9589,7 +9592,8 @@ failed:
|
||||
GROW
|
||||
if (ctxt->instate == XML_PARSER_EOF)
|
||||
break;
|
||||
- if (ctxt->input->base != base) goto base_changed;
|
||||
+ if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
|
||||
+ goto base_changed;
|
||||
if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
|
||||
break;
|
||||
if (!IS_BLANK_CH(RAW)) {
|
||||
@@ -9605,7 +9609,8 @@ failed:
|
||||
break;
|
||||
}
|
||||
GROW;
|
||||
- if (ctxt->input->base != base) goto base_changed;
|
||||
+ if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
|
||||
+ goto base_changed;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -9772,6 +9777,17 @@ base_changed:
|
||||
if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
|
||||
xmlFree((xmlChar *) atts[i]);
|
||||
}
|
||||
+
|
||||
+ /*
|
||||
+ * We can't switch from one entity to another in the middle
|
||||
+ * of a start tag
|
||||
+ */
|
||||
+ if (inputNr != ctxt->inputNr) {
|
||||
+ xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
|
||||
+ "Start tag doesn't start and stop in the same entity\n");
|
||||
+ return(NULL);
|
||||
+ }
|
||||
+
|
||||
ctxt->input->cur = ctxt->input->base + cur;
|
||||
ctxt->input->line = oldline;
|
||||
ctxt->input->col = oldcol;
|
||||
diff --git a/result/errors/754946.xml.err b/result/errors/754946.xml.err
|
||||
index 423dff5..a75088b 100644
|
||||
--- a/result/errors/754946.xml.err
|
||||
+++ b/result/errors/754946.xml.err
|
||||
@@ -11,6 +11,9 @@ Entity: line 1: parser error : DOCTYPE improperly terminated
|
||||
Entity: line 1:
|
||||
A<lbbbbbbbbbbbbbbbbbbb_
|
||||
^
|
||||
+./test/errors/754946.xml:1: parser error : Start tag doesn't start and stop in the same entity
|
||||
+>%SYSTEM;<![
|
||||
+ ^
|
||||
./test/errors/754946.xml:1: parser error : Extra content at the end of the document
|
||||
-<!DOCTYPEA[<!ENTITY %
|
||||
- ^
|
||||
+>%SYSTEM;<![
|
||||
+ ^
|
||||
--
|
||||
2.3.5
|
||||
|
||||
@@ -0,0 +1,38 @@
|
||||
From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Veillard <veillard@redhat.com>
|
||||
Date: Tue, 3 Nov 2015 15:31:25 +0800
|
||||
Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop
|
||||
|
||||
For https://bugzilla.gnome.org/show_bug.cgi?id=757466
|
||||
DoS when parsing specially crafted XML document if XZ support
|
||||
is compiled in (which wasn't the case for 2.9.2 and master since
|
||||
Nov 2013, fixed in next commit !)
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
CVE-2015-8035
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
---
|
||||
xzlib.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/xzlib.c b/xzlib.c
|
||||
index 0dcb9f4..1fab546 100644
|
||||
--- a/xzlib.c
|
||||
+++ b/xzlib.c
|
||||
@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
|
||||
xz_error(state, LZMA_DATA_ERROR, "compressed data error");
|
||||
return -1;
|
||||
}
|
||||
+ if (ret == LZMA_PROG_ERROR) {
|
||||
+ xz_error(state, LZMA_PROG_ERROR, "compression error");
|
||||
+ return -1;
|
||||
+ }
|
||||
} while (strm->avail_out && ret != LZMA_STREAM_END);
|
||||
|
||||
/* update available output and crc check value */
|
||||
--
|
||||
2.3.5
|
||||
|
||||
@@ -0,0 +1,49 @@
|
||||
From 8fb4a770075628d6441fb17a1e435100e2f3b1a2 Mon Sep 17 00:00:00 2001
|
||||
From: Hugh Davenport <hugh@allthethings.co.nz>
|
||||
Date: Fri, 20 Nov 2015 17:16:06 +0800
|
||||
Subject: [PATCH] CVE-2015-8242 Buffer overead with HTML parser in push mode
|
||||
|
||||
For https://bugzilla.gnome.org/show_bug.cgi?id=756372
|
||||
Error in the code pointing to the codepoint in the stack for the
|
||||
current char value instead of the pointer in the input that the SAX
|
||||
callback expects
|
||||
Reported and fixed by Hugh Davenport
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
CVE-2015-8242
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
---
|
||||
HTMLparser.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/HTMLparser.c b/HTMLparser.c
|
||||
index bdf7807..b729197 100644
|
||||
--- a/HTMLparser.c
|
||||
+++ b/HTMLparser.c
|
||||
@@ -5735,17 +5735,17 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) {
|
||||
if (ctxt->keepBlanks) {
|
||||
if (ctxt->sax->characters != NULL)
|
||||
ctxt->sax->characters(
|
||||
- ctxt->userData, &cur, 1);
|
||||
+ ctxt->userData, &in->cur[0], 1);
|
||||
} else {
|
||||
if (ctxt->sax->ignorableWhitespace != NULL)
|
||||
ctxt->sax->ignorableWhitespace(
|
||||
- ctxt->userData, &cur, 1);
|
||||
+ ctxt->userData, &in->cur[0], 1);
|
||||
}
|
||||
} else {
|
||||
htmlCheckParagraph(ctxt);
|
||||
if (ctxt->sax->characters != NULL)
|
||||
ctxt->sax->characters(
|
||||
- ctxt->userData, &cur, 1);
|
||||
+ ctxt->userData, &in->cur[0], 1);
|
||||
}
|
||||
}
|
||||
ctxt->token = 0;
|
||||
--
|
||||
2.3.5
|
||||
|
||||
@@ -0,0 +1,138 @@
|
||||
From 51f02b0a03ea1fa6c65b3f9fd88cf60fb5803783 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Veillard <veillard@redhat.com>
|
||||
Date: Tue, 15 Sep 2015 16:50:32 +0800
|
||||
Subject: [PATCH] Fix a bug on name parsing at the end of current input buffer
|
||||
|
||||
For https://bugzilla.gnome.org/show_bug.cgi?id=754946
|
||||
|
||||
When hitting the end of the current input buffer while parsing
|
||||
a name we could end up loosing the beginning of the name, which
|
||||
led to various issues.
|
||||
|
||||
Upstream-Status: backport
|
||||
|
||||
Depend patch for CVE-2015-7500
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
---
|
||||
parser.c | 29 ++++++++++++++++++++---------
|
||||
result/errors/754946.xml | 0
|
||||
result/errors/754946.xml.err | 16 ++++++++++++++++
|
||||
result/errors/754946.xml.str | 4 ++++
|
||||
test/errors/754946.xml | 1 +
|
||||
5 files changed, 41 insertions(+), 9 deletions(-)
|
||||
create mode 100644 result/errors/754946.xml
|
||||
create mode 100644 result/errors/754946.xml.err
|
||||
create mode 100644 result/errors/754946.xml.str
|
||||
create mode 100644 test/errors/754946.xml
|
||||
|
||||
diff --git a/parser.c b/parser.c
|
||||
index 0edd53b..fd29a39 100644
|
||||
--- a/parser.c
|
||||
+++ b/parser.c
|
||||
@@ -3491,7 +3491,14 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
|
||||
c = CUR_CHAR(l);
|
||||
if (c == 0) {
|
||||
count = 0;
|
||||
+ /*
|
||||
+ * when shrinking to extend the buffer we really need to preserve
|
||||
+ * the part of the name we already parsed. Hence rolling back
|
||||
+ * by current lenght.
|
||||
+ */
|
||||
+ ctxt->input->cur -= l;
|
||||
GROW;
|
||||
+ ctxt->input->cur += l;
|
||||
if (ctxt->instate == XML_PARSER_EOF)
|
||||
return(NULL);
|
||||
end = ctxt->input->cur;
|
||||
@@ -3523,7 +3530,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
|
||||
|
||||
static const xmlChar *
|
||||
xmlParseNCName(xmlParserCtxtPtr ctxt) {
|
||||
- const xmlChar *in;
|
||||
+ const xmlChar *in, *e;
|
||||
const xmlChar *ret;
|
||||
int count = 0;
|
||||
|
||||
@@ -3535,16 +3542,19 @@ xmlParseNCName(xmlParserCtxtPtr ctxt) {
|
||||
* Accelerator for simple ASCII names
|
||||
*/
|
||||
in = ctxt->input->cur;
|
||||
- if (((*in >= 0x61) && (*in <= 0x7A)) ||
|
||||
- ((*in >= 0x41) && (*in <= 0x5A)) ||
|
||||
- (*in == '_')) {
|
||||
+ e = ctxt->input->end;
|
||||
+ if ((((*in >= 0x61) && (*in <= 0x7A)) ||
|
||||
+ ((*in >= 0x41) && (*in <= 0x5A)) ||
|
||||
+ (*in == '_')) && (in < e)) {
|
||||
in++;
|
||||
- while (((*in >= 0x61) && (*in <= 0x7A)) ||
|
||||
- ((*in >= 0x41) && (*in <= 0x5A)) ||
|
||||
- ((*in >= 0x30) && (*in <= 0x39)) ||
|
||||
- (*in == '_') || (*in == '-') ||
|
||||
- (*in == '.'))
|
||||
+ while ((((*in >= 0x61) && (*in <= 0x7A)) ||
|
||||
+ ((*in >= 0x41) && (*in <= 0x5A)) ||
|
||||
+ ((*in >= 0x30) && (*in <= 0x39)) ||
|
||||
+ (*in == '_') || (*in == '-') ||
|
||||
+ (*in == '.')) && (in < e))
|
||||
in++;
|
||||
+ if (in >= e)
|
||||
+ goto complex;
|
||||
if ((*in > 0) && (*in < 0x80)) {
|
||||
count = in - ctxt->input->cur;
|
||||
if ((count > XML_MAX_NAME_LENGTH) &&
|
||||
@@ -3562,6 +3572,7 @@ xmlParseNCName(xmlParserCtxtPtr ctxt) {
|
||||
return(ret);
|
||||
}
|
||||
}
|
||||
+complex:
|
||||
return(xmlParseNCNameComplex(ctxt));
|
||||
}
|
||||
|
||||
diff --git a/result/errors/754946.xml b/result/errors/754946.xml
|
||||
new file mode 100644
|
||||
index 0000000..e69de29
|
||||
diff --git a/result/errors/754946.xml.err b/result/errors/754946.xml.err
|
||||
new file mode 100644
|
||||
index 0000000..423dff5
|
||||
--- /dev/null
|
||||
+++ b/result/errors/754946.xml.err
|
||||
@@ -0,0 +1,16 @@
|
||||
+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
|
||||
+
|
||||
+ %SYSTEM;
|
||||
+ ^
|
||||
+Entity: line 1:
|
||||
+A<lbbbbbbbbbbbbbbbbbbb_
|
||||
+^
|
||||
+Entity: line 1: parser error : DOCTYPE improperly terminated
|
||||
+ %SYSTEM;
|
||||
+ ^
|
||||
+Entity: line 1:
|
||||
+A<lbbbbbbbbbbbbbbbbbbb_
|
||||
+^
|
||||
+./test/errors/754946.xml:1: parser error : Extra content at the end of the document
|
||||
+<!DOCTYPEA[<!ENTITY %
|
||||
+ ^
|
||||
diff --git a/result/errors/754946.xml.str b/result/errors/754946.xml.str
|
||||
new file mode 100644
|
||||
index 0000000..3b748cc
|
||||
--- /dev/null
|
||||
+++ b/result/errors/754946.xml.str
|
||||
@@ -0,0 +1,4 @@
|
||||
+./test/errors/754946.xml:1: parser error : Extra content at the end of the document
|
||||
+<!DOCTYPEA[<!ENTITY %
|
||||
+ ^
|
||||
+./test/errors/754946.xml : failed to parse
|
||||
diff --git a/test/errors/754946.xml b/test/errors/754946.xml
|
||||
new file mode 100644
|
||||
index 0000000..6b5f9b0
|
||||
--- /dev/null
|
||||
+++ b/test/errors/754946.xml
|
||||
@@ -0,0 +1 @@
|
||||
+<!DOCTYPEA[<!ENTITY %
|
||||
|
||||
SYSTEM "A<lbbbbbbbbbbbbbbbbbbb_"
|
||||
>%SYSTEM;<![
|
||||
\ No newline at end of file
|
||||
@@ -0,0 +1,89 @@
|
||||
From afd27c21f6b36e22682b7da20d726bce2dcb2f43 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Veillard <veillard@redhat.com>
|
||||
Date: Mon, 9 Nov 2015 18:07:18 +0800
|
||||
Subject: [PATCH] Avoid processing entities after encoding conversion failures
|
||||
|
||||
For https://bugzilla.gnome.org/show_bug.cgi?id=756527
|
||||
and was also raised by Chromium team in the past
|
||||
|
||||
When we hit a convwersion failure when switching encoding
|
||||
it is bestter to stop parsing there, this was treated as a
|
||||
fatal error but the parser was continuing to process to extract
|
||||
more errors, unfortunately that makes little sense as the data
|
||||
is obviously corrupt and can potentially lead to unexpected behaviour.
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
CVE-2015-7498
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
---
|
||||
parser.c | 7 +++++--
|
||||
parserInternals.c | 11 ++++++++++-
|
||||
2 files changed, 15 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/parser.c b/parser.c
|
||||
index 134afe7..c79b4e8 100644
|
||||
--- a/parser.c
|
||||
+++ b/parser.c
|
||||
@@ -10665,7 +10665,8 @@ xmlParseXMLDecl(xmlParserCtxtPtr ctxt) {
|
||||
xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED, "Blank needed here\n");
|
||||
}
|
||||
xmlParseEncodingDecl(ctxt);
|
||||
- if (ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) {
|
||||
+ if ((ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) ||
|
||||
+ (ctxt->instate == XML_PARSER_EOF)) {
|
||||
/*
|
||||
* The XML REC instructs us to stop parsing right here
|
||||
*/
|
||||
@@ -10789,6 +10790,7 @@ xmlParseDocument(xmlParserCtxtPtr ctxt) {
|
||||
|
||||
if (CUR == 0) {
|
||||
xmlFatalErr(ctxt, XML_ERR_DOCUMENT_EMPTY, NULL);
|
||||
+ return(-1);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -10806,7 +10808,8 @@ xmlParseDocument(xmlParserCtxtPtr ctxt) {
|
||||
* Note that we will switch encoding on the fly.
|
||||
*/
|
||||
xmlParseXMLDecl(ctxt);
|
||||
- if (ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) {
|
||||
+ if ((ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) ||
|
||||
+ (ctxt->instate == XML_PARSER_EOF)) {
|
||||
/*
|
||||
* The XML REC instructs us to stop parsing right here
|
||||
*/
|
||||
diff --git a/parserInternals.c b/parserInternals.c
|
||||
index df204fd..c8230c1 100644
|
||||
--- a/parserInternals.c
|
||||
+++ b/parserInternals.c
|
||||
@@ -937,6 +937,7 @@ xmlSwitchEncoding(xmlParserCtxtPtr ctxt, xmlCharEncoding enc)
|
||||
{
|
||||
xmlCharEncodingHandlerPtr handler;
|
||||
int len = -1;
|
||||
+ int ret;
|
||||
|
||||
if (ctxt == NULL) return(-1);
|
||||
switch (enc) {
|
||||
@@ -1097,7 +1098,15 @@ xmlSwitchEncoding(xmlParserCtxtPtr ctxt, xmlCharEncoding enc)
|
||||
if (handler == NULL)
|
||||
return(-1);
|
||||
ctxt->charset = XML_CHAR_ENCODING_UTF8;
|
||||
- return(xmlSwitchToEncodingInt(ctxt, handler, len));
|
||||
+ ret = xmlSwitchToEncodingInt(ctxt, handler, len);
|
||||
+ if ((ret < 0) || (ctxt->errNo == XML_I18N_CONV_FAILED)) {
|
||||
+ /*
|
||||
+ * on encoding conversion errors, stop the parser
|
||||
+ */
|
||||
+ xmlStopParser(ctxt);
|
||||
+ ctxt->errNo = XML_I18N_CONV_FAILED;
|
||||
+ }
|
||||
+ return(ret);
|
||||
}
|
||||
|
||||
/**
|
||||
--
|
||||
2.3.5
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user