[warrior 00/19] Pull request

[warrior 00/19] Pull request

[Armin Kuster]

This set passed A-full AB.
Most fo these have already been on the mailing list.

This is last set needed for the next dot release. 

The following changes since commit b6e17afc06d7a44dc9774ee98de7f186580ddf0d:

  uninative: Update to 2.7 release (2019-10-08 07:54:37 -0700)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/warrior-next
  http://cgit.openembedded.org//log/?h=stable/warrior-next

Alexander Kanavin (1):
  linux-yocto: add drm-bochs support

Anuj Mittal (1):
  python: include CVE patches for python-native as well

Armin Kuster (1):
  qemu: update to 3.1.1.1

Bruce Ashfield (6):
  linux-yocto/5.0: bsp: add basic xilinx zynqmp support
  linux-yocto/5.0: make scsi-debug include scsi core configs
  linux-yocto: bsp/beaglebone: support qemu -machine virt
  linux-yocto: arch/x86/boot: use prefix map to avoid embedded paths
  kernel-yocto: import security fragments from meta-security
  linux-yocto/4.19: make drm-bochs feature available

Changqing Li (2):
  python: Fix CVE-2019-10160
  sudo: fix CVE-2019-14287

Chen Qi (2):
  python: CVE-2019-16056
  go: fix CVE-2019-16276

Dmitry Eremin-Solenikov (1):
  kernel.bbclass: fix installation of modules signing certificates

George McCollister (1):
  openssl: make OPENSSL_ENGINES match install path

Muminul Islam (1):
  libcroco: Fix two CVEs

Yi Zhao (2):
  python: add tk-lib as runtime dependency for python-tkinter
  libgcrypt: fix CVE-2019-12904

Zang Ruochen (1):
  gnutls:upgrade 3.6.7 -> 3.6.8

 meta/classes/kernel.bbclass                        |   2 +-
 .../recipes-connectivity/openssl/openssl_1.1.1b.bb |   2 +-
 meta/recipes-devtools/go/go-1.12.inc               |   1 +
 ...nch.go1.12-security-net-textproto-don-t-n.patch | 163 ++++++++++
 meta/recipes-devtools/python/python.inc            |   5 +
 ...55-Dont-parse-domains-containing-GH-13079.patch |  90 ++++++
 .../python/python/bpo-36742-cve-2019-10160.patch   |  81 +++++
 meta/recipes-devtools/python/python3_3.7.4.bb      |   2 +-
 meta/recipes-devtools/python/python_2.7.16.bb      |   9 +-
 ...qemu-native_3.1.0.bb => qemu-native_3.1.1.1.bb} |   0
 ...tive_3.1.0.bb => qemu-system-native_3.1.1.1.bb} |   0
 meta/recipes-devtools/qemu/qemu.inc                |  14 +-
 .../0001-egl-headless-add-egl_create_context.patch |  50 ----
 .../qemu/qemu/0014-fix-CVE-2018-16872.patch        |  85 ------
 .../qemu/qemu/0015-fix-CVE-2018-20124.patch        |  60 ----
 .../qemu/qemu/0016-fix-CVE-2018-20125.patch        |  54 ----
 .../qemu/qemu/0017-fix-CVE-2018-20126.patch        | 113 -------
 .../qemu/qemu/0018-fix-CVE-2018-20191.patch        |  47 ---
 .../qemu/qemu/0019-fix-CVE-2018-20216.patch        |  85 ------
 .../qemu/qemu/CVE-2018-20815.patch                 |  38 ---
 .../recipes-devtools/qemu/qemu/CVE-2019-3812.patch |  39 ---
 .../recipes-devtools/qemu/qemu/CVE-2019-8934.patch | 215 -------------
 .../qemu/{qemu_3.1.0.bb => qemu_3.1.1.1.bb}        |   0
 .../sudo/sudo/CVE-2019-14287-1.patch               | 178 +++++++++++
 .../sudo/sudo/CVE-2019-14287-2.patch               | 112 +++++++
 meta/recipes-extended/sudo/sudo_1.8.27.bb          |   2 +
 meta/recipes-kernel/linux/linux-yocto-dev.bb       |   2 +-
 meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb   |   4 +-
 meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb    |   6 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb |   2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb  |   6 +-
 meta/recipes-kernel/linux/linux-yocto_4.19.bb      |   4 +-
 meta/recipes-kernel/linux/linux-yocto_5.0.bb       |  21 +-
 .../gnutls/{gnutls_3.6.7.bb => gnutls_3.6.8.bb}    |   4 +-
 .../libcroco/libcroco/CVE-2017-8834_71.patch       |  38 +++
 meta/recipes-support/libcroco/libcroco_0.6.12.bb   |   1 +
 .../files/0001-Prefetch-GCM-look-up-tables.patch   |  90 ++++++
 ...ok-up-tables-to-.data-section-and-unshare.patch | 332 +++++++++++++++++++++
 ...ok-up-table-to-.data-section-and-unshare-.patch | 178 +++++++++++
 meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb  |   3 +
 40 files changed, 1307 insertions(+), 831 deletions(-)
 create mode 100644 meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
 create mode 100644 meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
 create mode 100644 meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch
 rename meta/recipes-devtools/qemu/{qemu-native_3.1.0.bb => qemu-native_3.1.1.1.bb} (100%)
 rename meta/recipes-devtools/qemu/{qemu-system-native_3.1.0.bb => qemu-system-native_3.1.1.1.bb} (100%)
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch
 rename meta/recipes-devtools/qemu/{qemu_3.1.0.bb => qemu_3.1.1.1.bb} (100%)
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch
 rename meta/recipes-support/gnutls/{gnutls_3.6.7.bb => gnutls_3.6.8.bb} (93%)
 create mode 100644 meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch
 create mode 100644 meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
 create mode 100644 meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
 create mode 100644 meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch

-- 
2.7.4

[warrior 01/19] kernel.bbclass: fix installation of modules signing certificates

[Armin Kuster]

From: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>

If one has provided external key/certificate for modules signing, Kbuild
will skip creating signing_key.pem and will write only signing_key.x509
certificate. Thus we have to check for .x509 file existence rather than
.pem one.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2527e731eba43bd36d0ea268aca6b03155376134)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/classes/kernel.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index 111a0b2..fb1f493 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -453,7 +453,7 @@ do_shared_workdir () {
 	cp .config $kerneldir/
 	mkdir -p $kerneldir/include/config
 	cp include/config/kernel.release $kerneldir/include/config/kernel.release
-	if [ -e certs/signing_key.pem ]; then
+	if [ -e certs/signing_key.x509 ]; then
 		# The signing_key.* files are stored in the certs/ dir in
 		# newer Linux kernels
 		mkdir -p $kerneldir/certs
-- 
2.7.4

[warrior 02/19] gnutls:upgrade 3.6.7 -> 3.6.8

[Armin Kuster]

From: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>

-Upgrade from gnutls_3.6.7.bb to gnutls_3.6.8.bb.

Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b34486a616ab4d4b30247a5dff58a18ef26ed709)
[Bug fix only update.
Including: CVE-2019-3836 CVE-2019-3829
https://lists.gnupg.org/pipermail/gnutls-help/2019-May/004527.html]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-support/gnutls/{gnutls_3.6.7.bb => gnutls_3.6.8.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-support/gnutls/{gnutls_3.6.7.bb => gnutls_3.6.8.bb} (93%)

diff --git a/meta/recipes-support/gnutls/gnutls_3.6.7.bb b/meta/recipes-support/gnutls/gnutls_3.6.8.bb
similarity index 93%
rename from meta/recipes-support/gnutls/gnutls_3.6.7.bb
rename to meta/recipes-support/gnutls/gnutls_3.6.8.bb
index 01dd23c..bd752d3 100644
--- a/meta/recipes-support/gnutls/gnutls_3.6.7.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.6.8.bb
@@ -21,8 +21,8 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
            file://arm_eabi.patch \
 "
 
-SRC_URI[md5sum] = "c4ac669c500df939d4fbfea722367929"
-SRC_URI[sha256sum] = "5b3409ad5aaf239808730d1ee12fdcd148c0be00262c7edf157af655a8a188e2"
+SRC_URI[md5sum] = "9dcf0aa45d1a42e1b3ca5d39ec7c61a8"
+SRC_URI[sha256sum] = "aa81944e5635de981171772857e72be231a7e0f559ae0292d2737de475383e83"
 
 inherit autotools texinfo pkgconfig gettext lib_package gtk-doc
 
-- 
2.7.4

[warrior 03/19] linux-yocto/5.0: bsp: add basic xilinx zynqmp support

[Armin Kuster]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Zumeng Chen has added core/basic support for the zynqmp that is bootable
using the 5.0 and 5.2-rcX kernels. This makes the fragments available
for future refinement and factoring. A bootlog follows:

    ZynqMP> setenv bootargs console=ttyPS0,115200 root=/dev/mmcblk0p3 rw
    rootwait earlycon=cdns,mmio,0xFF000000 clk_ignore_unused ip=dhcp
    ZynqMP> tftpboot 0x10000000 Image; tftpboot 0x11800000 dtb; booti
    0x10000000 - 0x11800000
    Using ethernet@ff0e0000 device

    Filename 'Image'.
    Load address: 0x10000000
    Loading:
	      ###########
	      11.3 MiB/s
    done
    Bytes transferred = 16378368 (f9ea00 hex)
    Using ethernet@ff0e0000 device
    TFTP from server 128.224.162.211; our IP address is 128.224.162.99
    Filename 'dtb'.
    Load address: 0x11800000
    Loading: ##
	      4.7 MiB/s
    done
    Bytes transferred = 19746 (4d22 hex)
	Booting using the fdt blob at 0x11800000
	Loading Device Tree to 0000000007ff8000, end 0000000007fffd21 ... OK

    Starting kernel ...

    Booting Linux on physical CPU 0x0000000000 [0x410fd034]
    Linux version 5.2.0-rc3-yoctodev-standard (oe-user@oe-host) (gcc version
    9.1.0 (GCC)) #1 SMP PREEMPT Thu Jun 6 00:53:26 UTC 2019
    Machine model: ZynqMP ZCU102 Rev1.0
    earlycon: cdns0 at MMIO 0x00000000ff000000 (options '')
    printk: bootconsole [cdns0] enabled
    efi: Getting EFI parameters from FDT:
    efi: UEFI not found.
    cma: Reserved 16 MiB at 0x000000007ec00000
    psci: probing for conduit method from DT.
    psci: PSCIv1.1 detected in firmware.
    psci: Using standard PSCI v0.2 function IDs
    psci: MIGRATE_INFO_TYPE not supported.
    psci: SMC Calling Convention v1.1
    percpu: Embedded 30 pages/cpu s83416 r8192 d31272 u122880
    Detected VIPT I-cache on CPU0
    CPU features: detected: ARM erratum 845719
    Speculative Store Bypass Disable mitigation not required
    Built 1 zonelists, mobility grouping on.  Total pages: 1031940
    Kernel command line: console=ttyPS0,115200 root=/dev/mmcblk0p3 rw
    rootwait earlycon=cdns,mmio,0xFF000000 clk_ignore_unused ip=dhcp
    Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes)
    Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes)
    software IO TLB: mapped [mem 0x7ac00000-0x7ec00000] (64MB)
    Memory: 4013572K/4193280K available (10748K kernel code, 1210K rwdata,
    2764K rodata, 1216K init, 757K bss, 163324K reserved, 16384K
    cma-reserved)
    SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
    ftrace: allocating 36121 entries in 142 pages
    rcu: Preemptible hierarchical RCU implementation.
    rcu:    RCU restricting CPUs from NR_CPUS=256 to nr_cpu_ids=4.
	     Tasks RCU enabled.
    rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies.
    rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=4
    NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0
    GIC: Adjusting CPU interface base to 0x00000000f902f000
    GIC: Using split EOI/Deactivate mode
    random: get_random_bytes called from start_kernel+0x328/0x4c4 with
    crng_init=0
    arch_timer: cp15 timer(s) running at 99.99MHz (phys).
    clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles:
    0x170f8de2d3, max_idle_ns: 440795206112 ns
    sched_clock: 56 bits at 99MHz, resolution 10ns, wraps every
    4398046511101ns
    Console: colour dummy device 80x25
    Calibrating delay loop (skipped), value calculated using timer
    frequency.. 199.98 BogoMIPS (lpj=399960)
    pid_max: default: 32768 minimum: 301
    LSM: Security Framework initializing
    Mount-cache hash table entries: 8192 (order: 4, 65536 bytes)
    Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes)
    *** VALIDATE proc ***
    *** VALIDATE cgroup1 ***
    *** VALIDATE cgroup2 ***
    ASID allocator initialised with 32768 entries
    rcu: Hierarchical SRCU implementation.
    EFI services will not be available.
    smp: Bringing up secondary CPUs ...
    Detected VIPT I-cache on CPU1
    CPU1: Booted secondary processor 0x0000000001 [0x410fd034]
    Detected VIPT I-cache on CPU2
    CPU2: Booted secondary processor 0x0000000002 [0x410fd034]
    Detected VIPT I-cache on CPU3
    CPU3: Booted secondary processor 0x0000000003 [0x410fd034]
    smp: Brought up 1 node, 4 CPUs
    SMP: Total of 4 processors activated.
    CPU features: detected: 32-bit EL0 Support
    CPU features: detected: CRC32 instructions
    CPU: All CPU(s) started at EL2
    alternatives: patching kernel code
    devtmpfs: initialized
    clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff,
    max_idle_ns: 7645041785100000 ns
    futex hash table entries: 1024 (order: 4, 65536 bytes)
    xor: measuring software checksum speed
	8regs     :  2360.000 MB/sec
	32regs    :  2706.000 MB/sec
	arm64_neon:  2018.000 MB/sec
    xor: using function: 32regs (2706.000 MB/sec)
    DMI not present or invalid.
    NET: Registered protocol family 16
    cpuidle: using governor ladder
    hw-breakpoint: found 6 breakpoint and 4 watchpoint registers.
    DMA: preallocated 256 KiB pool for atomic allocations
    ��ɥ��ѭ console [ttyPS0] enabled 0xff000000 (irq = 33, base_baud =
    6250000) is a xuartps
    printk: console [ttyPS0] enabled
    printk: bootconsole [cdns0] disabled
    printk: bootconsole [cdns0] disabled
    ff010000.serial: ttyPS1 at MMIO 0xff010000 (irq = 34, base_baud =
    6250000) is a xuartps
    HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages
    HugeTLB registered 32.0 MiB page size, pre-allocated 0 pages
    HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages
    HugeTLB registered 64.0 KiB page size, pre-allocated 0 pages
    raid6: neonx8   gen()  1518 MB/s
    raid6: neonx8   xor()  1442 MB/s
    raid6: neonx4   gen()  1471 MB/s
    raid6: neonx4   xor()  1409 MB/s
    raid6: neonx2   gen()  1128 MB/s
    raid6: neonx2   xor()  1175 MB/s
    raid6: neonx1   gen()   737 MB/s
    raid6: neonx1   xor()   887 MB/s
    raid6: int64x8  gen()  1166 MB/s
    raid6: int64x8  xor()   763 MB/s
    raid6: int64x4  gen()   983 MB/s
    raid6: int64x4  xor()   739 MB/s
    raid6: int64x2  gen()   683 MB/s
    raid6: int64x2  xor()   601 MB/s
    raid6: int64x1  gen()   452 MB/s
    raid6: int64x1  xor()   462 MB/s
    raid6: using algorithm neonx8 gen() 1518 MB/s
    raid6: .... xor() 1442 MB/s, rmw enabled
    raid6: using neon recovery algorithm
    vgaarb: loaded
    SCSI subsystem initialized
    usbcore: registered new interface driver usbfs
    usbcore: registered new interface driver hub
    usbcore: registered new device driver usb
    media: Linux media interface: v0.10
    videodev: Linux video capture interface: v2.00
    pps_core: LinuxPPS API ver. 1 registered
    pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti
    <giometti@linux.it>
    PTP clock support registered
    EDAC MC: Ver: 3.0.0
    FPGA manager framework
    clocksource: Switched to clocksource arch_sys_counter
    *** VALIDATE hugetlbfs ***
    NET: Registered protocol family 2
    tcp_listen_portaddr_hash hash table entries: 2048 (order: 3, 32768
    bytes)
    TCP established hash table entries: 32768 (order: 6, 262144 bytes)
    TCP bind hash table entries: 32768 (order: 7, 524288 bytes)
    TCP: Hash tables configured (established 32768 bind 32768)
    UDP hash table entries: 2048 (order: 4, 65536 bytes)
    UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes)
    NET: Registered protocol family 1
    RPC: Registered named UNIX socket transport module.
    RPC: Registered udp transport module.
    RPC: Registered tcp transport module.
    RPC: Registered tcp NFSv4.1 backchannel transport module.
    PCI: CLS 0 bytes, default 64
    hw perfevents: no interrupt-affinity property for /pmu, guessing.
    hw perfevents: enabled with armv8_pmuv3 PMU driver, 7 counters available
    kprobes: failed to populate blacklist: -22
    Please take care of using kprobes.
    workingset: timestamp_bits=46 max_order=20 bucket_order=0
    NFS: Registering the id_resolver key type
    Key type id_resolver registered
    Key type id_legacy registered
    jffs2: version 2.2. �© 2001-2006 Red Hat, Inc.
    Block layer SCSI generic (bsg) driver version 0.4 loaded (major 246)
    io scheduler mq-deadline registered
    io scheduler kyber registered
    nwl-pcie fd0e0000.pcie: Link is DOWN
    nwl-pcie fd0e0000.pcie: host bridge /amba/pcie@fd0e0000 ranges:
    nwl-pcie fd0e0000.pcie:   MEM 0xe0000000..0xefffffff -> 0xe0000000
    nwl-pcie fd0e0000.pcie:   MEM 0x600000000..0x7ffffffff -> 0x600000000
    nwl-pcie fd0e0000.pcie: PCI host bridge to bus 0000:00
    pci_bus 0000:00: root bus resource [bus 00-ff]
    pci_bus 0000:00: root bus resource [mem 0xe0000000-0xefffffff]
    pci_bus 0000:00: root bus resource [mem 0x600000000-0x7ffffffff pref]
    pci 0000:00:00.0: [10ee:d021] type 01 class 0x060400
    pci 0000:00:00.0: PME# supported from D0 D1 D2 D3hot
    pci 0000:00:00.0: PCI bridge to [bus 01-0c]
    pcieport 0000:00:00.0: PME: Signaling with IRQ 37
    xilinx-zynqmp-dma fd500000.dma: ZynqMP DMA driver Probe success
    xilinx-zynqmp-dma fd510000.dma: ZynqMP DMA driver Probe success
    xilinx-zynqmp-dma fd520000.dma: ZynqMP DMA driver Probe success
    xilinx-zynqmp-dma fd530000.dma: ZynqMP DMA driver Probe success
    xilinx-zynqmp-dma fd540000.dma: ZynqMP DMA driver Probe success
    xilinx-zynqmp-dma fd550000.dma: ZynqMP DMA driver Probe success
    xilinx-zynqmp-dma fd560000.dma: ZynqMP DMA driver Probe success
    xilinx-zynqmp-dma fd570000.dma: ZynqMP DMA driver Probe success
    cacheinfo: Unable to detect cache hierarchy for CPU 0
    brd: module loaded
    loop: module loaded
    ahci-ceva fd0c0000.ahci: AHCI 0001.0301 32 slots 2 ports 6 Gbps 0x3 impl
    platform mode
    ahci-ceva fd0c0000.ahci: flags: 64bit ncq sntf pm clo only pmp fbs pio
    slum part ccc sds apst
    scsi host0: ahci-ceva
    scsi host1: ahci-ceva
    ata1: SATA max UDMA/133 mmio [mem 0xfd0c0000-0xfd0c1fff] port 0x100 irq
    31
    ata2: SATA max UDMA/133 mmio [mem 0xfd0c0000-0xfd0c1fff] port 0x180 irq
    31
    libphy: Fixed MDIO Bus: probed
    CAN device driver interface
    libphy: MACB_mii_bus: probed
    Generic PHY ff0e0000.ethernet-ffffffff:0c: attached PHY driver [Generic
    PHY] (mii_bus:phy_addr=ff0e0000.ethernet-ffffffff:0c, irq=POLL)
    macb ff0e0000.ethernet eth0: Cadence GEM rev 0x50070106 at 0xff0e0000
    irq 20 (00:0a:35:04:9a:86)
    dwc3 fe200000.usb: Failed to get clk 'ref': -2
    dwc3 fe200000.usb: Configuration mismatch. dr_mode forced to host
    xhci-hcd xhci-hcd.0.auto: xHCI Host Controller
    xhci-hcd xhci-hcd.0.auto: new USB bus registered, assigned bus number 1
    xhci-hcd xhci-hcd.0.auto: hcc params 0x0238f625 hci version 0x100 quirks
    0x0000000002010010
    xhci-hcd xhci-hcd.0.auto: irq 35, io mem 0xfe200000
    hub 1-0:1.0: USB hub found
    hub 1-0:1.0: 1 port detected
    xhci-hcd xhci-hcd.0.auto: xHCI Host Controller
    xhci-hcd xhci-hcd.0.auto: new USB bus registered, assigned bus number 2
    xhci-hcd xhci-hcd.0.auto: Host supports USB 3.0  SuperSpeed
    usb usb2: We don't know the algorithms for LPM for this host, disabling
    LPM.
    hub 2-0:1.0: USB hub found
    hub 2-0:1.0: 1 port detected
    usbcore: registered new interface driver usb-storage
    rtc_zynqmp ffa60000.rtc: registered as rtc0
    pca953x 0-0020: 0-0020 supply vcc not found, using dummy regulator
    GPIO line 322 (sel0) hogged as output/low
    GPIO line 323 (sel1) hogged as output/high
    GPIO line 324 (sel2) hogged as output/high
    GPIO line 325 (sel3) hogged as output/high
    pca953x 0-0021: 0-0021 supply vcc not found, using dummy regulator
    cdns-i2c ff020000.i2c: 400 kHz mmio ff020000 irq 22
    cdns-i2c ff030000.i2c: 400 kHz mmio ff030000 irq 23
    i2c i2c-0: Added multiplexed i2c bus 2
    i2c i2c-0: Added multiplexed i2c bus 3
    i2c i2c-0: Added multiplexed i2c bus 4
    i2c i2c-0: Added multiplexed i2c bus 5
    pca954x 0-0075: registered 4 multiplexed busses for I2C mux pca9544
    at24 6-0054: 1024 byte 24c08 EEPROM, writable, 1 bytes/write
    i2c i2c-1: Added multiplexed i2c bus 6
    i2c i2c-7: of_i2c: modalias failure on
    /amba/i2c@ff030000/i2c-mux@74/i2c@1/clock-generator@36
    i2c i2c-7: Failed to create I2C device for
    /amba/i2c@ff030000/i2c-mux@74/i2c@1/clock-generator@36
    i2c i2c-1: Added multiplexed i2c bus 7
    si570 8-005d: registered, current frequency 300000000 Hz
    i2c i2c-1: Added multiplexed i2c bus 8
    si570 9-005d: clock registration failed
    si570: probe of 9-005d failed with error -17
    i2c i2c-1: Added multiplexed i2c bus 9
    i2c i2c-10: of_i2c: modalias failure on
    /amba/i2c@ff030000/i2c-mux@74/i2c@4/clock-generator@69
    i2c i2c-10: Failed to create I2C device for
    /amba/i2c@ff030000/i2c-mux@74/i2c@4/clock-generator@69
    i2c i2c-1: Added multiplexed i2c bus 10
    i2c i2c-1: Added multiplexed i2c bus 11
    i2c i2c-1: Added multiplexed i2c bus 12
    i2c i2c-1: Added multiplexed i2c bus 13
    pca954x 1-0074: registered 8 multiplexed busses for I2C switch pca9548
    i2c i2c-1: Added multiplexed i2c bus 14
    i2c i2c-1: Added multiplexed i2c bus 15
    i2c i2c-1: Added multiplexed i2c bus 16
    i2c i2c-1: Added multiplexed i2c bus 17
    i2c i2c-1: Added multiplexed i2c bus 18
    i2c i2c-1: Added multiplexed i2c bus 19
    i2c i2c-1: Added multiplexed i2c bus 20
    i2c i2c-1: Added multiplexed i2c bus 21
    pca954x 1-0075: registered 8 multiplexed busses for I2C switch pca9548
    ina2xx 2-0040: power monitor ina226 (Rshunt = 5000 uOhm)
    ina2xx 2-0041: power monitor ina226 (Rshunt = 5000 uOhm)
    ina2xx 2-0042: power monitor ina226 (Rshunt = 5000 uOhm)
    ata1: SATA link down (SStatus 0 SControl 330)
    ina2xx 2-0043: power monitor ina226 (Rshunt = 5000 uOhm)
    ata2: SATA link down (SStatus 0 SControl 330)
    ina2xx 2-0044: power monitor ina226 (Rshunt = 5000 uOhm)
    ina2xx 2-0045: power monitor ina226 (Rshunt = 5000 uOhm)
    ina2xx 2-0046: power monitor ina226 (Rshunt = 5000 uOhm)
    ina2xx 2-0047: power monitor ina226 (Rshunt = 5000 uOhm)
    ina2xx 2-004a: power monitor ina226 (Rshunt = 5000 uOhm)
    ina2xx 2-004b: power monitor ina226 (Rshunt = 5000 uOhm)
    ina2xx 3-0040: power monitor ina226 (Rshunt = 2000 uOhm)
    ina2xx 3-0041: power monitor ina226 (Rshunt = 5000 uOhm)
    ina2xx 3-0042: power monitor ina226 (Rshunt = 5000 uOhm)
    ina2xx 3-0043: power monitor ina226 (Rshunt = 5000 uOhm)
    ina2xx 3-0044: power monitor ina226 (Rshunt = 5000 uOhm)
    ina2xx 3-0045: power monitor ina226 (Rshunt = 5000 uOhm)
    ina2xx 3-0046: power monitor ina226 (Rshunt = 5000 uOhm)
    ina2xx 3-0047: power monitor ina226 (Rshunt = 5000 uOhm)
    cdns-wdt fd4d0000.watchdog: Xilinx Watchdog Timer at (____ptrval____)
    with timeout 10s
    device-mapper: ioctl: 4.40.0-ioctl (2019-01-18) initialised:
    dm-devel@redhat.com
    EDAC MC: ECC not enabled
    cpu cpu0: failed to get clock: -2
    cpufreq-dt: probe of cpufreq-dt failed with error -2
    sdhci: Secure Digital Host Controller Interface driver
    sdhci: Copyright(c) Pierre Ossman
    sdhci-pltfm: SDHCI platform and OF driver helper
    mmc0: SDHCI controller on ff170000.mmc [ff170000.mmc] using ADMA 64-bit
    usbcore: registered new interface driver usbhid
    usbhid: USB HID core driver
    u32 classifier
	 Actions configured
    NET: Registered protocol family 10
    Segment Routing with IPv6
    sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
    NET: Registered protocol family 17
    can: controller area network core (rev 20170425 abi 9)
    NET: Registered protocol family 29
    can: raw protocol (rev 20170425)
    can: broadcast manager protocol (rev 20170425 t)
    can: netlink gateway (rev 20170425) max_hops=1
    Key type dns_resolver registered
    registered taskstats version 1
    Btrfs loaded, crc32c=crc32c-generic
    Key type encrypted registered
    printk: console [netcon0] enabled
    netconsole: network logging started
    rtc_zynqmp ffa60000.rtc: setting system clock to 2019-06-06T03:39:58 UTC
    (1559792398)
    macb ff0e0000.ethernet eth0: link up (1000/Full)
    pps pps0: new PPS source ptp0
    macb ff0e0000.ethernet: gem-ptp-timer ptp clock registered.
    IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
    mmc0: Problem switching card into high-speed mode!
    mmc0: new SDHC card at address 0001
    mmcblk0: mmc0:0001 SD16G 14.5 GiB
    Sending DHCP requests .
      mmcblk0: p1 p2 p3
    , OK
    IP-Config: Complete:
	  device=eth0, hwaddr=00:0a:35:04:9a:86, ipaddr=xxxxx,
    mask=255.255.254.0
	  host=xxx, domain=corp.ad.wrs.com, nis-domain=swamp
	  bootserver=0.0.0.0, rootserver=0.0.0.0, rootpath=

    clk: Not disabling unused clocks
    md: Waiting for all devices to be available before autodetect
    md: If you don't use raid, use raid=noautodetect
    md: Autodetecting RAID arrays.
    md: autorun ...
    md: ... autorun DONE.
    EXT4-fs (mmcblk0p3): mounted filesystem with ordered data mode. Opts:
    (null)
    VFS: Mounted root (ext4 filesystem) on device 179:3.
    devtmpfs: mounted
    Freeing unused kernel memory: 1216K
    Run /sbin/init as init process
    random: fast init done
    systemd[1]: systemd 242-19-gdb2e367+ running in system mode. (+PAM
    -AUDIT -SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP -LIBCRYPTSETUP
    -GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN
    -)
    systemd[1]: Detected architecture arm64.

    Welcome to Wind River Linux development 19.23 Update 0!

    systemd[1]: Set hostname to <xilinx-zynqmp>.
    random: systemd: uninitialized urandom read (16 bytes read)
    systemd[1]: Initializing machine ID from random generator.
    systemd[1]: Failed to bump fs.file-max, ignoring: Invalid argument
    systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= references
    a path below legacy directory /var/run/, updating
    /var/run/dbus/system_bus_socket �→ /run/dbus/system_bus_socket; please
    update the unit f.
    systemd[1]: /lib/systemd/system/rpcbind.socket:4: ListenStream=
    references a path below legacy directory /var/run/, updating
    /var/run/rpcbind.sock �→ /run/rpcbind.sock; please update the unit file
    accordingly.
    random: systemd: uninitialized urandom read (16 bytes read)
    systemd[1]: Listening on Journal Socket (/dev/log).
    [  OK  ] Listening on Journal Socket (/dev/log).
    random: systemd: uninitialized urandom read (16 bytes read)
    systemd[1]: Listening on Syslog Socket.
    [  OK  ] Listening on Syslog Socket.
    systemd[1]: Listening on udev Kernel Socket.
    [  OK  ] Listening on udev Kernel Socket.
    [  OK  ] Listening on udev Control Socket.
    [  OK  ] Created slice User and Session Slice.
    [  OK  ] Listening on initctl Compatibility Named Pipe.
    [  OK  ] Reached target Swap.
    [  OK  ] Created slice system-serial\x2dgetty.slice.
    [  OK  ] Reached target Slices.
    [  OK  ] Listening on Journal Socket.
	      Starting udev Coldplug all Devices...
	      Mounting POSIX Message Queue File System...
	      Mounting Temporary Directory (/tmp)...
	      Starting Journal Service...
	      Starting Remount Root and Kernel File Systems...
	      Mounting Kernel Debug File System...
    EXT4-fs (mmcblk0p3): re-mounted. Opts: (null)
	      Starting Create list of re�…odes for the current kernel...
    [  OK  ] Started Forward Password R�…uests to Wall Directory Watch.
    [  OK  ] Reached target Remote File Systems.
    [  OK  ] Listening on Network Service Netlink Socket.
	      Starting Apply Kernel Variables...
    [  OK  ] Started Dispatch Password �…ts to Console Directory Watch.
    [  OK  ] Reached target Paths.
    [  OK  ] Created slice system-getty.slice.
	      Mounting Huge Pages File System...
    [  OK  ] Started Journal Service.
    [  OK  ] Mounted POSIX Message Queue File System.
    [  OK  ] Mounted Temporary Directory (/tmp).
    [  OK  ] Started Remount Root and Kernel File Systems.
    [  OK  ] Mounted Kernel Debug File System.
    [  OK  ] Started Create list of req�… nodes for the current kernel.
    [  OK  ] Started Apply Kernel Variables.
    [  OK  ] Mounted Huge Pages File System.
	      Starting Create System Users...
	      Starting Rebuild Hardware Database...
	      Starting Flush Journal to Persistent Storage...
    [  OK  ] Started udev Coldplug all Devices.
    systemd-journald[148]: Received request to flush runtime journal from
    PID 1
    [  OK  ] Started Flush Journal to Persistent Storage.
    [  OK  ] Started Create System Users.
	      Starting Create Static Device Nodes in /dev...
    [  OK  ] Started Create Static Device Nodes in /dev.
    [  OK  ] Reached target Local File Systems (Pre).
	      Mounting /var/volatile...
    [  OK  ] Mounted /var/volatile.
    [  OK  ] Reached target Local File Systems.
	      Starting Create Volatile Files and Directories...
	      Starting Load/Save Random Seed...
    [  OK  ] Started Load/Save Random Seed.
    [  OK  ] Started Create Volatile Files and Directories.
	      Starting Network Time Synchronization...
	      Starting Rebuild Journal Catalog...
	      Starting Update UTMP about System Boot/Shutdown...
	      Starting Run pending postinsts...
    [  OK  ] Started Update UTMP about System Boot/Shutdown.
    [  OK  ] Started Network Time Synchronization.
    [  OK  ] Reached target System Time Set.
    [  OK  ] Reached target System Time Synchronized.
    [  OK  ] Started Rebuild Journal Catalog.
    [  OK  ] Started Run pending postinsts.
    [  OK  ] Started Rebuild Hardware Database.
	      Starting udev Kernel Device Manager...
	      Starting Update is Completed...
    [  OK  ] Started Update is Completed.
    [  OK  ] Started udev Kernel Device Manager.
    [  OK  ] Reached target System Initialization.
	      Starting Console System Startup Logging...
    [  OK  ] Listening on RPCbind Server Activation Socket.
    [  OK  ] Listening on D-Bus System Message Bus Socket.
    [  OK  ] Listening on Avahi mDNS/DNS-SD Stack Activation Socket.
    [  OK  ] Listening on dropbear.socket.
    [  OK  ] Reached target Sockets.
    [  OK  ] Reached target Basic System.
    [  OK  ] Started System Logging Service.
    [  OK  ] Started Dynamic Host Configuration Protocol (DHCP).
    [  OK  ] Started Kernel Logging Service.
	      Starting Login Service...
    [  OK  ] Started D-Bus System Message Bus.
    [  OK  ] Started Xserver startup without a display manager.
    [  OK  ] Started Daily Cleanup of Temporary Directories.
    [  OK  ] Reached target Timers.
	      Starting Telephony service...
	      Starting Network Service...
    [  OK  ] Started Console System Startup Logging.
    [  OK  ] Found device /dev/ttyPS0.
    [  OK  ] Listening on Load/Save RF �…itch Status /dev/rfkill Watch.
    [  OK  ] Started Network Service.
	      Starting Network Name Resolution...
    [  OK  ] Started Login Service.
    [  OK  ] Started Network Name Resolution.
    [  OK  ] Started Telephony service.
    [  OK  ] Reached target Network.
	      Starting Berkeley Internet Name Domain (DNS)...
	      Starting /etc/rc.local Compatibility...
	      Starting Permit User Sessions...
	      Starting Avahi mDNS/DNS-SD Stack...
    [  OK  ] Started /etc/rc.local Compatibility.
    [  OK  ] Started Permit User Sessions.
    [  OK  ] Started Getty on tty1.
    [  OK  ] Started Serial Getty on ttyPS0.
    [  OK  ] Started Avahi mDNS/DNS-SD Stack.
    [  OK  ] Started Berkeley Internet Name Domain (DNS).
    [  OK  ] Reached target Host and Network Name Lookups.

    Wind River Linux development 19.23 Update 0 xilinx-zynqmp ttyPS0

    xilinx-zynqmp login: root
    root@xilinx-zynqmp:~# uname 0a
    uname: extra operand '0a'
    Try 'uname --help' for more information.
    root@xilinx-zynqmp:~# uname -a
    Linux xilinx-zynqmp 5.2.0-rc3-yoctodev-standard #1 SMP PREEMPT Thu Jun 6
    00:53:26 UTC 2019 aarch64 aarch64 aarch64 GNU/Linux

(From OE-Core rev: b0dc58f535a27be6c649dcf336c7dc0cdb23d96b)

Signed-off-by: Zumeng Chen <zchen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb   | 2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto_5.0.bb      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
index 1fe28b1..aa1609c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
@@ -12,7 +12,7 @@ python () {
 }
 
 SRCREV_machine ?= "9c1e84c9b81b6bf1df55f26f2e0517266c37f7eb"
-SRCREV_meta ?= "31de88e51d100f2c3eefb7acb7390b0144bcfc69"
+SRCREV_meta ?= "97eac3146504a2348543b8b8859f44a7b8f0d590"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.0;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
index a9c463c..603c0c5 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine_qemuarm ?= "fabee455f397ba8054f35a3ad5f2250bbad93bef"
 SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_meta ?= "31de88e51d100f2c3eefb7acb7390b0144bcfc69"
+SRCREV_meta ?= "97eac3146504a2348543b8b8859f44a7b8f0d590"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
index da795d9..88eacc2 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
@@ -19,7 +19,7 @@ SRCREV_machine_qemux86 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
 SRCREV_machine_qemux86-64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
 SRCREV_machine_qemumips64 ?= "5a8b27bcc0b16077ab8edfcd3fb25c80dc2c652e"
 SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_meta ?= "31de88e51d100f2c3eefb7acb7390b0144bcfc69"
+SRCREV_meta ?= "97eac3146504a2348543b8b8859f44a7b8f0d590"
 
 # remap qemuarm to qemuarma15 for the 5.0 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
-- 
2.7.4

[warrior 04/19] linux-yocto/5.0: make scsi-debug include scsi core configs

[Armin Kuster]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating the scsi-debug fragment to include the core scsi config
options. This allows standalone use of the fragment, since all
supporting options will be enabled simply by including the top
level config in a BSP.

This also removes a configuration warning on qemuarm, since we
will no longer have missing / unavailable options during the
config audit.

(From OE-Core rev: c65826e96a77928938fef69fc0cbc65ec7431cb2)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb   | 2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto_5.0.bb      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
index aa1609c..cc6ffd5 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
@@ -12,7 +12,7 @@ python () {
 }
 
 SRCREV_machine ?= "9c1e84c9b81b6bf1df55f26f2e0517266c37f7eb"
-SRCREV_meta ?= "97eac3146504a2348543b8b8859f44a7b8f0d590"
+SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.0;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
index 603c0c5..a3a9315 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine_qemuarm ?= "fabee455f397ba8054f35a3ad5f2250bbad93bef"
 SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_meta ?= "97eac3146504a2348543b8b8859f44a7b8f0d590"
+SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
index 88eacc2..b106a37 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
@@ -19,7 +19,7 @@ SRCREV_machine_qemux86 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
 SRCREV_machine_qemux86-64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
 SRCREV_machine_qemumips64 ?= "5a8b27bcc0b16077ab8edfcd3fb25c80dc2c652e"
 SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_meta ?= "97eac3146504a2348543b8b8859f44a7b8f0d590"
+SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012"
 
 # remap qemuarm to qemuarma15 for the 5.0 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
-- 
2.7.4

[warrior 05/19] linux-yocto: bsp/beaglebone: support qemu -machine virt

[Armin Kuster]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

While we don't normally do a dual h/w and virt BSP (since they
tend to have conflicting requirements over time). A minimal overhead
option to do this was submitted to linux-yocto. Since it has no
impact on the h/w reference, has SDK testing value and can serve
as a template on how to do this for other arm boards, it is worth
making the configuration available.

The original commit log follows:

[

   If the kernel supports Qemu's virt machine, runqemu works almost for free.
   The device tree for machine virt is included in Qemu, which simplifies
   everything quite a bit.
   This change adds ARCH_VIRT=y and some drivers to the beaglebone kernel
   configuration which allows to:

     export MACHINE="beaglebone-yocto"
     bitbake core-image-minimale
     runqemu

   This also works out of an eSDK. Whithout this feature usually two
   different SDKs need to be compiled and maintained. One SDK is used for development
   in Qemu, another one is used to develop for the real target hardware.

   Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
]

(From OE-Core rev: cc1fca6d464775daa15032f11c02d16b99759407)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb   | 2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto_5.0.bb      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
index cc6ffd5..d7b3b38 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
@@ -12,7 +12,7 @@ python () {
 }
 
 SRCREV_machine ?= "9c1e84c9b81b6bf1df55f26f2e0517266c37f7eb"
-SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012"
+SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.0;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
index a3a9315..c0caed3 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine_qemuarm ?= "fabee455f397ba8054f35a3ad5f2250bbad93bef"
 SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012"
+SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
index b106a37..895cb15 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
@@ -19,7 +19,7 @@ SRCREV_machine_qemux86 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
 SRCREV_machine_qemux86-64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
 SRCREV_machine_qemumips64 ?= "5a8b27bcc0b16077ab8edfcd3fb25c80dc2c652e"
 SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012"
+SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447"
 
 # remap qemuarm to qemuarma15 for the 5.0 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
-- 
2.7.4

[warrior 06/19] linux-yocto: arch/x86/boot: use prefix map to avoid embedded paths

[Armin Kuster]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

From the kernel patch:

[
    It was observed that the kernel embeds the path in the x86 boot
    artifacts.

    From https://bugzilla.yoctoproject.org/show_bug.cgi?id=13458:

    [
       If you turn on the buildpaths QA test, or try a reproducible build, you
       discover that the kernel image contains build paths.

       $ strings bzImage-5.0.19-yocto-standard |grep tmp/
       out of pgt_buf in
       /data/poky-tmp/reproducible/tmp/work-shared/qemux86-64/kernel-source/arch/x86/boot/compressed/kaslr_64.c!?

       But what's this in the top-level Makefile:

       $ git grep prefix-map
       Makefile:KBUILD_CFLAGS  += $(call
       cc-option,-fmacro-prefix-map=$(srctree)/=)

       So the __FILE__ shouldn't be using the full path.  However
       arch/x86/boot/compressed/Makefile has this:

       KBUILD_CFLAGS := -m$(BITS) -O2

       So that clears KBUILD_FLAGS, removing the -fmacro-prefix-map option.
    ]

    Other architectures do not clear the flags, but instead prune before
    adding boot or specific options. There's no obvious reason why x86 isn't
    doing the same thing (pruning vs clearing) and no build or boot issues
    have been observed.

    So we make x86 can do the same thing, and we no longer have embedded paths.
]

This issue has been reported upstream, and a patch submission is
pending, but for now, we'll soak the proposed patch in linux-yocto to
see if any issues are found

[YOCTO: #13458]

(From OE-Core rev: 78b0ff5960814af935a8089ec49c51d76f148149)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb   |  4 ++--
 meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb |  6 +++---
 meta/recipes-kernel/linux/linux-yocto_5.0.bb      | 19 ++++++++++---------
 3 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
index d7b3b38..d1adf0c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
@@ -11,8 +11,8 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "9c1e84c9b81b6bf1df55f26f2e0517266c37f7eb"
-SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447"
+SRCREV_machine ?= "e6cb812b5532630b6fc6dfd7778d57a4907d3180"
+SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.0;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
index c0caed3..7d49de6 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "fabee455f397ba8054f35a3ad5f2250bbad93bef"
-SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447"
+SRCREV_machine_qemuarm ?= "b9001287984b0066814c8739f38d629de73739b7"
+SRCREV_machine ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
+SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
index 895cb15..35088da 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
@@ -11,15 +11,16 @@ KBRANCH_qemux86  ?= "v5.0/standard/base"
 KBRANCH_qemux86-64 ?= "v5.0/standard/base"
 KBRANCH_qemumips64 ?= "v5.0/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "9161b2fa2f1cec0ba02976c389c788445858e0de"
-SRCREV_machine_qemuarm64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_machine_qemumips ?= "7de9b8f0db98e51a666477c8e2b64f1964b45410"
-SRCREV_machine_qemuppc ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_machine_qemux86 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_machine_qemux86-64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_machine_qemumips64 ?= "5a8b27bcc0b16077ab8edfcd3fb25c80dc2c652e"
-SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447"
+SRCREV_machine_qemuarm ?= "d1ed980ad989252d42386c8bc63b2f5f11985ea4"
+SRCREV_machine_qemuarm64 ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
+SRCREV_machine_qemumips ?= "1520e78195e64f27be46a46a8d6711c8470fb083"
+SRCREV_machine_qemuppc ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
+SRCREV_machine_qemuriscv64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
+SRCREV_machine_qemux86 ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
+SRCREV_machine_qemux86-64 ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
+SRCREV_machine_qemumips64 ?= "9d4105b32cf123a861bc754377d2f2e156278a7e"
+SRCREV_machine ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
+SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729"
 
 # remap qemuarm to qemuarma15 for the 5.0 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
-- 
2.7.4

[warrior 07/19] kernel-yocto: import security fragments from meta-security

[Armin Kuster]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Adding the following fragments from meta-security to make them
centrally available and easier to maintain:

   283939d5c9e kernel-cache: add yama security fragments
   0b86f3fa241 kernel-cache: add ima fragments
   731b466654d kernel-cache: add smack
   813afe8ff47 kernel-cache: add apparmor fragments

(From OE-Core rev: 3063d64984e993d3e7dc2f4c80fb74005f5d6d7e)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb   | 2 +-
 meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb    | 2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb  | 2 +-
 meta/recipes-kernel/linux/linux-yocto_4.19.bb      | 2 +-
 meta/recipes-kernel/linux/linux-yocto_5.0.bb       | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
index 213a21e..958f0ee 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
@@ -12,7 +12,7 @@ python () {
 }
 
 SRCREV_machine ?= "ca2e3322f4c5678eaef6434c808d0842c805d74d"
-SRCREV_meta ?= "960be4218436fbbb3500e019f7abf02fa94e6aac"
+SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
index d1adf0c..abc8b0c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
@@ -12,7 +12,7 @@ python () {
 }
 
 SRCREV_machine ?= "e6cb812b5532630b6fc6dfd7778d57a4907d3180"
-SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729"
+SRCREV_meta ?= "7f6e97c357746382d4339e7e0463637e715acd4b"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.0;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
index a4be4b5..0178947 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine_qemuarm ?= "b5a2efa31290f31384971494031285d394635938"
 SRCREV_machine ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
-SRCREV_meta ?= "960be4218436fbbb3500e019f7abf02fa94e6aac"
+SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
index 7d49de6..9b5e69d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine_qemuarm ?= "b9001287984b0066814c8739f38d629de73739b7"
 SRCREV_machine ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
-SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729"
+SRCREV_meta ?= "7f6e97c357746382d4339e7e0463637e715acd4b"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.19.bb b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
index 9c794ba..f5e03da 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
@@ -19,7 +19,7 @@ SRCREV_machine_qemux86 ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
 SRCREV_machine_qemux86-64 ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
 SRCREV_machine_qemumips64 ?= "ca47368b698795cd5cada84dbfcceda1f47da1aa"
 SRCREV_machine ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
-SRCREV_meta ?= "960be4218436fbbb3500e019f7abf02fa94e6aac"
+SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA} \
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
index 35088da..6008e3d 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
@@ -20,7 +20,7 @@ SRCREV_machine_qemux86 ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
 SRCREV_machine_qemux86-64 ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
 SRCREV_machine_qemumips64 ?= "9d4105b32cf123a861bc754377d2f2e156278a7e"
 SRCREV_machine ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
-SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729"
+SRCREV_meta ?= "7f6e97c357746382d4339e7e0463637e715acd4b"
 
 # remap qemuarm to qemuarma15 for the 5.0 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
-- 
2.7.4

[warrior 08/19] linux-yocto/4.19: make drm-bochs feature available

[Armin Kuster]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

The other active kernel versions have this feature available. To
consistently enable the same video output for qemu, we can cherry
pick the feature to 4.19.

(From OE-Core rev: a777e0f34e106455f963bd58fd8728a16c588c4d)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb   | 2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto_4.19.bb      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
index 958f0ee..db7ade9 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
@@ -12,7 +12,7 @@ python () {
 }
 
 SRCREV_machine ?= "ca2e3322f4c5678eaef6434c808d0842c805d74d"
-SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f"
+SRCREV_meta ?= "20a6158aa35dbf11819382ef1eeb28915afea765"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
index 0178947..cadf1a7 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine_qemuarm ?= "b5a2efa31290f31384971494031285d394635938"
 SRCREV_machine ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
-SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f"
+SRCREV_meta ?= "20a6158aa35dbf11819382ef1eeb28915afea765"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.19.bb b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
index f5e03da..d200e4d 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
@@ -19,7 +19,7 @@ SRCREV_machine_qemux86 ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
 SRCREV_machine_qemux86-64 ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
 SRCREV_machine_qemumips64 ?= "ca47368b698795cd5cada84dbfcceda1f47da1aa"
 SRCREV_machine ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
-SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f"
+SRCREV_meta ?= "20a6158aa35dbf11819382ef1eeb28915afea765"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA} \
-- 
2.7.4

[warrior 09/19] linux-yocto: add drm-bochs support

[Armin Kuster]

From: Alexander Kanavin <alex.kanavin@gmail.com>

This allows better modesetting support for the '-vga std'
emulated hardware provided by Qemu, which we want to
standardize on.

See here for background:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=13466

(From OE-Core rev: 569d3f5d0454ed31f2f6df29f1703246a3dcd715)

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-kernel/linux/linux-yocto-dev.bb     | 2 +-
 meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb  | 2 +-
 meta/recipes-kernel/linux/linux-yocto_4.19.bb    | 2 +-
 meta/recipes-kernel/linux/linux-yocto_5.0.bb     | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-dev.bb b/meta/recipes-kernel/linux/linux-yocto-dev.bb
index ae8c343..f6ffb1f 100644
--- a/meta/recipes-kernel/linux/linux-yocto-dev.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-dev.bb
@@ -46,7 +46,7 @@ KERNEL_DEVICETREE_qemuarm = "versatile-pb.dtb"
 # Functionality flags
 KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc features/taskstats/taskstats.scc"
 KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}"
-KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc"
+KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc"
 KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
 KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc"
 KERNEL_FEATURES_append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "" ,d)}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
index db7ade9..da87d47 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
@@ -38,6 +38,6 @@ KERNEL_DEVICETREE_qemuarm = "versatile-pb.dtb"
 # Functionality flags
 KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc features/taskstats/taskstats.scc"
 KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}"
-KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc"
+KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc"
 KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
 KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
index abc8b0c..928d140 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
@@ -38,6 +38,6 @@ KERNEL_DEVICETREE_qemuarm = "versatile-pb.dtb"
 # Functionality flags
 KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc features/taskstats/taskstats.scc"
 KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}"
-KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc"
+KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc"
 KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
 KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.19.bb b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
index d200e4d..5edb97f 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
@@ -43,7 +43,7 @@ COMPATIBLE_MACHINE = "qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemumips|qemum
 # Functionality flags
 KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc"
 KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}"
-KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc"
+KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc"
 KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
 KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
 KERNEL_FEATURES_append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "" ,d)}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
index 6008e3d..d415a4a 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
@@ -47,7 +47,7 @@ COMPATIBLE_MACHINE = "qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemumips|qemum
 # Functionality flags
 KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc"
 KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}"
-KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc"
+KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc"
 KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
 KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
 KERNEL_FEATURES_append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "" ,d)}"
-- 
2.7.4

[warrior 10/19] libcroco: Fix two CVEs

[Armin Kuster]

From: Muminul Islam <misla011@fiu.edu>

CVE: CVE-2017-8834 CVE-2017-8871

Signed-off-by: Muminul Islam <muislam@microsoft.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../libcroco/libcroco/CVE-2017-8834_71.patch       | 38 ++++++++++++++++++++++
 meta/recipes-support/libcroco/libcroco_0.6.12.bb   |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch

diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch b/meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch
new file mode 100644
index 0000000..cdfc9cf
--- /dev/null
+++ b/meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch
@@ -0,0 +1,38 @@
+From 38bdf8e956218dd6a72942229cf39ef8e45dd28f Mon Sep 17 00:00:00 2001
+From: Mike Gorse <mgorse@alum.wpi.edu>
+Date: Thu, 2 May 2019 10:54:43 -0500
+Subject: [PATCH] cr_utils_read_char_from_utf8_buf: move past invalid UTF-8
+Reply-To: muislam@microsoft.com; Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Otherwise, the offending character is never consumed, possibly leading
+to an infinite loop.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=782647
+
+CVE: CVE-2017-8834 CVE-2017-8871
+
+Upstream-Status: Backport
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+
+Upstream commit: https://bug782647.bugzilla-attachments.gnome.org/attachment.cgi?id=374219
+---
+ src/cr-utils.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/cr-utils.c b/src/cr-utils.c
+index 2420cec..6cf4849 100644
+--- a/src/cr-utils.c
++++ b/src/cr-utils.c
+@@ -505,6 +505,7 @@ cr_utils_read_char_from_utf8_buf (const guchar * a_in,
+ 
+         } else {
+                 /*BAD ENCODING */
++                nb_bytes_2_decode = 1;
+                 goto end;
+         }
+ 
+-- 
+2.23.0
+
diff --git a/meta/recipes-support/libcroco/libcroco_0.6.12.bb b/meta/recipes-support/libcroco/libcroco_0.6.12.bb
index f95a583..85a120d 100644
--- a/meta/recipes-support/libcroco/libcroco_0.6.12.bb
+++ b/meta/recipes-support/libcroco/libcroco_0.6.12.bb
@@ -18,6 +18,7 @@ inherit gnomebase gtk-doc binconfig-disabled
 
 SRC_URI += "file://CVE-2017-7960.patch \
             file://CVE-2017-7961.patch \
+            file://CVE-2017-8834_71.patch \
             "
 
 SRC_URI[archive.md5sum] = "bc0984fce078ba2ce29f9500c6b9ddce"
-- 
2.7.4

[warrior 11/19] python: include CVE patches for python-native as well

[Armin Kuster]

From: Anuj Mittal <anuj.mittal@intel.com>

Also avoids maintaining a different set of patches for both.

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b3b1c00cc46b33ddbf7e008267032220e1e298af)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-devtools/python/python.inc       | 5 +++++
 meta/recipes-devtools/python/python_2.7.16.bb | 5 -----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc
index 779df53..8d0e908 100644
--- a/meta/recipes-devtools/python/python.inc
+++ b/meta/recipes-devtools/python/python.inc
@@ -8,6 +8,11 @@ INC_PR = "r1"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498"
 
 SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
+           file://bpo-35907-cve-2019-9948.patch \
+           file://bpo-35907-cve-2019-9948-fix.patch \
+           file://bpo-36216-cve-2019-9636.patch \
+           file://bpo-36216-cve-2019-9636-fix.patch \
+           file://CVE-2019-9740.patch \
            "
 
 SRC_URI[md5sum] = "30157d85a2c0479c09ea2cbe61f2aaf5"
diff --git a/meta/recipes-devtools/python/python_2.7.16.bb b/meta/recipes-devtools/python/python_2.7.16.bb
index c6160ae..a02a628 100644
--- a/meta/recipes-devtools/python/python_2.7.16.bb
+++ b/meta/recipes-devtools/python/python_2.7.16.bb
@@ -30,11 +30,6 @@ SRC_URI += " \
            file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \
            file://float-endian.patch \
            file://0001-python2-use-cc_basename-to-replace-CC-for-checking-c.patch \
-    file://bpo-35907-cve-2019-9948.patch \
-    file://bpo-35907-cve-2019-9948-fix.patch \
-    file://bpo-36216-cve-2019-9636.patch \
-    file://bpo-36216-cve-2019-9636-fix.patch \
-    file://CVE-2019-9740.patch \
 "
 
 S = "${WORKDIR}/Python-${PV}"
-- 
2.7.4

[warrior 12/19] python: add tk-lib as runtime dependency for python-tkinter

[Armin Kuster]

From: Yi Zhao <yi.zhao@windriver.com>

Fixes:
ERROR: python-2.7.16-r0 do_package_qa: QA Issue:
/usr/lib/python2.7/lib-dynload/_tkinter.so contained in package
python-tkinter requires libtk8.6.so, but no providers found in
RDEPENDS_python-tkinter? [file-rdeps]

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit f78248a2380bbbbf271b5bb02c762f5bc7a3a92e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-devtools/python/python3_3.7.4.bb | 2 +-
 meta/recipes-devtools/python/python_2.7.16.bb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/python/python3_3.7.4.bb b/meta/recipes-devtools/python/python3_3.7.4.bb
index dd16351..af3c325 100644
--- a/meta/recipes-devtools/python/python3_3.7.4.bb
+++ b/meta/recipes-devtools/python/python3_3.7.4.bb
@@ -294,6 +294,6 @@ FILES_${PN}-man = "${datadir}/man"
 
 RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests unzip bzip2 libgcc tzdata-europe coreutils sed"
 RDEPENDS_${PN}-ptest_append_libc-glibc = " locale-base-tr-tr.iso-8859-9"
-RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk', '', d)}"
+RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk tk-lib', '', d)}"
 RDEPENDS_${PN}-dev = ""
 
diff --git a/meta/recipes-devtools/python/python_2.7.16.bb b/meta/recipes-devtools/python/python_2.7.16.bb
index a02a628..ec724c3 100644
--- a/meta/recipes-devtools/python/python_2.7.16.bb
+++ b/meta/recipes-devtools/python/python_2.7.16.bb
@@ -173,7 +173,7 @@ RDEPENDS_${PN}-modules += "${PN}-misc"
 
 # ptest
 RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests unzip tzdata-europe coreutils sed"
-RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk', '', d)}"
+RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk tk-lib', '', d)}"
 # catch manpage
 PACKAGES += "${PN}-man"
 FILES_${PN}-man = "${datadir}/man"
-- 
2.7.4

[warrior 13/19] python: CVE-2019-16056

[Armin Kuster]

From: Chen Qi <Qi.Chen@windriver.com>

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 27be9cf71a6fe906a23e81b56f1cc18a6fc9ef97)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ...55-Dont-parse-domains-containing-GH-13079.patch | 90 ++++++++++++++++++++++
 meta/recipes-devtools/python/python_2.7.16.bb      |  1 +
 2 files changed, 91 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch

diff --git a/meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch b/meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
new file mode 100644
index 0000000..5415472
--- /dev/null
+++ b/meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
@@ -0,0 +1,90 @@
+From 532ed09c5454bb789a301bb6f1339a0818255610 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Roberto=20C=2E=20S=C3=A1nchez?= <roberto@connexer.com>
+Date: Sat, 14 Sep 2019 13:26:38 -0400
+Subject: [PATCH] [2.7] bpo-34155: Dont parse domains containing @ (GH-13079)
+ (GH-16006)
+
+This change skips parsing of email addresses where domains include a "@" character, which can be maliciously used since the local part is returned as a complete address.
+
+(cherry picked from commit 8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9)
+
+Excludes changes to Lib/email/_header_value_parser.py, which did not
+exist in 2.7.
+
+Co-authored-by: jpic <jpic@users.noreply.github.com>
+
+https://bugs.python.org/issue34155
+
+Upstream-Status: Backport [https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9]
+
+CVE: CVE-2019-16056
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ Lib/email/_parseaddr.py                            | 11 ++++++++++-
+ Lib/email/test/test_email.py                       | 14 ++++++++++++++
+ .../2019-05-04-13-33-37.bpo-34155.MJll68.rst       |  1 +
+ 3 files changed, 25 insertions(+), 1 deletion(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
+
+diff --git a/Lib/email/_parseaddr.py b/Lib/email/_parseaddr.py
+index 690db2c22d..dc49d2e45a 100644
+--- a/Lib/email/_parseaddr.py
++++ b/Lib/email/_parseaddr.py
+@@ -336,7 +336,12 @@ class AddrlistClass:
+         aslist.append('@')
+         self.pos += 1
+         self.gotonext()
+-        return EMPTYSTRING.join(aslist) + self.getdomain()
++        domain = self.getdomain()
++        if not domain:
++            # Invalid domain, return an empty address instead of returning a
++            # local part to denote failed parsing.
++            return EMPTYSTRING
++        return EMPTYSTRING.join(aslist) + domain
+ 
+     def getdomain(self):
+         """Get the complete domain name from an address."""
+@@ -351,6 +356,10 @@ class AddrlistClass:
+             elif self.field[self.pos] == '.':
+                 self.pos += 1
+                 sdlist.append('.')
++            elif self.field[self.pos] == '@':
++                # bpo-34155: Don't parse domains with two `@` like
++                # `a@malicious.org@important.com`.
++                return EMPTYSTRING
+             elif self.field[self.pos] in self.atomends:
+                 break
+             else:
+diff --git a/Lib/email/test/test_email.py b/Lib/email/test/test_email.py
+index 4b4dee3d34..2efe44ac5a 100644
+--- a/Lib/email/test/test_email.py
++++ b/Lib/email/test/test_email.py
+@@ -2306,6 +2306,20 @@ class TestMiscellaneous(TestEmailBase):
+         self.assertEqual(Utils.parseaddr('<>'), ('', ''))
+         self.assertEqual(Utils.formataddr(Utils.parseaddr('<>')), '')
+ 
++    def test_parseaddr_multiple_domains(self):
++        self.assertEqual(
++            Utils.parseaddr('a@b@c'),
++            ('', '')
++        )
++        self.assertEqual(
++            Utils.parseaddr('a@b.c@c'),
++            ('', '')
++        )
++        self.assertEqual(
++            Utils.parseaddr('a@172.17.0.1@c'),
++            ('', '')
++        )
++
+     def test_noquote_dump(self):
+         self.assertEqual(
+             Utils.formataddr(('A Silly Person', 'person@dom.ain')),
+diff --git a/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
+new file mode 100644
+index 0000000000..50292e29ed
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
+@@ -0,0 +1 @@
++Fix parsing of invalid email addresses with more than one ``@`` (e.g. a@b@c.com.) to not return the part before 2nd ``@`` as valid email address. Patch by maxking & jpic.
diff --git a/meta/recipes-devtools/python/python_2.7.16.bb b/meta/recipes-devtools/python/python_2.7.16.bb
index ec724c3..b263e72 100644
--- a/meta/recipes-devtools/python/python_2.7.16.bb
+++ b/meta/recipes-devtools/python/python_2.7.16.bb
@@ -30,6 +30,7 @@ SRC_URI += " \
            file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \
            file://float-endian.patch \
            file://0001-python2-use-cc_basename-to-replace-CC-for-checking-c.patch \
+           file://0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch \
 "
 
 S = "${WORKDIR}/Python-${PV}"
-- 
2.7.4

[warrior 14/19] python: Fix CVE-2019-10160

[Armin Kuster]

From: Changqing Li <changqing.li@windriver.com>

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit b4240b585d7fcac2fdbf33a8e72d48cb732eb696)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 10d87a3085665a959a5fda64ae3895cb27ddf343)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../python/python/bpo-36742-cve-2019-10160.patch   | 81 ++++++++++++++++++++++
 meta/recipes-devtools/python/python_2.7.16.bb      |  1 +
 2 files changed, 82 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch

diff --git a/meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch b/meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch
new file mode 100644
index 0000000..1b6cb8c
--- /dev/null
+++ b/meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch
@@ -0,0 +1,81 @@
+From 5a1033fe5be764a135adcfff2fdc14edc3e5f327 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 10 Oct 2019 16:32:19 +0800
+Subject: [PATCH] bpo-36742: Fixes handling of pre-normalization characters in
+ urlsplit() bpo-36742: Corrects fix to handle decomposition in usernames
+
+Upstream-Status: Backport
+
+https://github.com/python/cpython/commit/98a4dcefbbc3bce5ab07e7c0830a183157250259
+https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de#diff-b577545d73dd0cdb2c337a4c5f89e1d7
+
+CVE: CVE-2019-10160
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ Lib/test/test_urlparse.py | 19 +++++++++++++------
+ Lib/urlparse.py           | 14 +++++++++-----
+ 2 files changed, 22 insertions(+), 11 deletions(-)
+
+diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
+index 1830d0b..857ed96 100644
+--- a/Lib/test/test_urlparse.py
++++ b/Lib/test/test_urlparse.py
+@@ -641,13 +641,20 @@ class UrlParseTestCase(unittest.TestCase):
+         self.assertIn(u'\u2100', denorm_chars)
+         self.assertIn(u'\uFF03', denorm_chars)
+ 
++        # bpo-36742: Verify port separators are ignored when they
++        # existed prior to decomposition
++        urlparse.urlsplit(u'http://\u30d5\u309a:80')
++        with self.assertRaises(ValueError):
++            urlparse.urlsplit(u'http://\u30d5\u309a\ufe1380')
++
+         for scheme in [u"http", u"https", u"ftp"]:
+-            for c in denorm_chars:
+-                url = u"{}://netloc{}false.netloc/path".format(scheme, c)
+-                if test_support.verbose:
+-                    print "Checking %r" % url
+-                with self.assertRaises(ValueError):
+-                    urlparse.urlsplit(url)
++            for netloc in [u"netloc{}false.netloc", u"n{}user@netloc"]:
++                for c in denorm_chars:
++                    url = u"{}://{}/path".format(scheme, netloc.format(c))
++                    if test_support.verbose:
++                        print "Checking %r" % url
++                    with self.assertRaises(ValueError):
++                        urlparse.urlsplit(url)
+ 
+ def test_main():
+     test_support.run_unittest(UrlParseTestCase)
+diff --git a/Lib/urlparse.py b/Lib/urlparse.py
+index 54eda08..e34b368 100644
+--- a/Lib/urlparse.py
++++ b/Lib/urlparse.py
+@@ -171,14 +171,18 @@ def _checknetloc(netloc):
+     # looking for characters like \u2100 that expand to 'a/c'
+     # IDNA uses NFKC equivalence, so normalize for this check
+     import unicodedata
+-    netloc2 = unicodedata.normalize('NFKC', netloc)
+-    if netloc == netloc2:
++    n = netloc.replace(u'@', u'') # ignore characters already included
++    n = n.replace(u':', u'')      # but not the surrounding text
++    n = n.replace(u'#', u'')
++    n = n.replace(u'?', u'')
++
++    netloc2 = unicodedata.normalize('NFKC', n)
++    if n == netloc2:
+         return
+-    _, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay
+     for c in '/?#@:':
+         if c in netloc2:
+-            raise ValueError("netloc '" + netloc2 + "' contains invalid " +
+-                             "characters under NFKC normalization")
++            raise ValueError(u"netloc '" + netloc + u"' contains invalid " +
++                             u"characters under NFKC normalization")
+ 
+ def urlsplit(url, scheme='', allow_fragments=True):
+     """Parse a URL into 5 components:
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/python/python_2.7.16.bb b/meta/recipes-devtools/python/python_2.7.16.bb
index b263e72..1c7c581 100644
--- a/meta/recipes-devtools/python/python_2.7.16.bb
+++ b/meta/recipes-devtools/python/python_2.7.16.bb
@@ -31,6 +31,7 @@ SRC_URI += " \
            file://float-endian.patch \
            file://0001-python2-use-cc_basename-to-replace-CC-for-checking-c.patch \
            file://0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch \
+           file://bpo-36742-cve-2019-10160.patch \
 "
 
 S = "${WORKDIR}/Python-${PV}"
-- 
2.7.4

[warrior 15/19] openssl: make OPENSSL_ENGINES match install path

[Armin Kuster]

From: George McCollister <george.mccollister@gmail.com>

Set OPENSSL_ENGINES to the path where engines are actually installed.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 59565fec0b3f3e24eb01c03b671913599cd3134d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 578f41124565a7cda738c7fe3d25702ee41b08ed)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-connectivity/openssl/openssl_1.1.1b.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb
index df2698f..9e36df8 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb
@@ -148,7 +148,7 @@ do_install_append_class-native () {
 	    OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
 	    SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
 	    SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
-	    OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
+	    OPENSSL_ENGINES=${libdir}/engines-1.1
 }
 
 do_install_append_class-nativesdk () {
-- 
2.7.4

[warrior 16/19] libgcrypt: fix CVE-2019-12904

[Armin Kuster]

From: Yi Zhao <yi.zhao@windriver.com>

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a
flush-and-reload side-channel attack because physical addresses are
available to other processes. (The C implementation is used on platforms
where an assembly-language implementation is unavailable.)

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-12904

Patches from:
https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705
https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 37e390ff05b6a4509019db358ed496731d80cc51)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 4c207cb1ad46c0d2005ab3eae70d78c937e084b5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../files/0001-Prefetch-GCM-look-up-tables.patch   |  90 ++++++
 ...ok-up-tables-to-.data-section-and-unshare.patch | 332 +++++++++++++++++++++
 ...ok-up-table-to-.data-section-and-unshare-.patch | 178 +++++++++++
 meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb  |   3 +
 4 files changed, 603 insertions(+)
 create mode 100644 meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
 create mode 100644 meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
 create mode 100644 meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch

diff --git a/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch b/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
new file mode 100644
index 0000000..4df96f0
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
@@ -0,0 +1,90 @@
+From 1374254c2904ab5b18ba4a890856824a102d4705 Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Sat, 27 Apr 2019 19:33:28 +0300
+Subject: [PATCH 1/3] Prefetch GCM look-up tables
+
+* cipher/cipher-gcm.c (prefetch_table, do_prefetch_tables)
+(prefetch_tables): New.
+(ghash_internal): Call prefetch_tables.
+--
+
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+Upstream-Status: Backport
+[https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705]
+
+CVE: CVE-2019-12904
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ cipher/cipher-gcm.c | 33 +++++++++++++++++++++++++++++++++
+ 1 file changed, 33 insertions(+)
+
+diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
+index c19f09f..11f119a 100644
+--- a/cipher/cipher-gcm.c
++++ b/cipher/cipher-gcm.c
+@@ -118,6 +118,34 @@ static const u16 gcmR[256] = {
+   0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
+ };
+ 
++static inline
++void prefetch_table(const void *tab, size_t len)
++{
++  const volatile byte *vtab = tab;
++  size_t i;
++
++  for (i = 0; i < len; i += 8 * 32)
++    {
++      (void)vtab[i + 0 * 32];
++      (void)vtab[i + 1 * 32];
++      (void)vtab[i + 2 * 32];
++      (void)vtab[i + 3 * 32];
++      (void)vtab[i + 4 * 32];
++      (void)vtab[i + 5 * 32];
++      (void)vtab[i + 6 * 32];
++      (void)vtab[i + 7 * 32];
++    }
++
++  (void)vtab[len - 1];
++}
++
++static inline void
++do_prefetch_tables (const void *gcmM, size_t gcmM_size)
++{
++  prefetch_table(gcmM, gcmM_size);
++  prefetch_table(gcmR, sizeof(gcmR));
++}
++
+ #ifdef GCM_TABLES_USE_U64
+ static void
+ bshift (u64 * b0, u64 * b1)
+@@ -365,6 +393,8 @@ do_ghash (unsigned char *result, const unsigned char *buf, const u32 *gcmM)
+ #define fillM(c) \
+   do_fillM (c->u_mode.gcm.u_ghash_key.key, c->u_mode.gcm.gcm_table)
+ #define GHASH(c, result, buf) do_ghash (result, buf, c->u_mode.gcm.gcm_table)
++#define prefetch_tables(c) \
++  do_prefetch_tables(c->u_mode.gcm.gcm_table, sizeof(c->u_mode.gcm.gcm_table))
+ 
+ #else
+ 
+@@ -430,6 +460,7 @@ do_ghash (unsigned char *hsub, unsigned char *result, const unsigned char *buf)
+ 
+ #define fillM(c) do { } while (0)
+ #define GHASH(c, result, buf) do_ghash (c->u_mode.gcm.u_ghash_key.key, result, buf)
++#define prefetch_tables(c) do {} while (0)
+ 
+ #endif /* !GCM_USE_TABLES */
+ 
+@@ -441,6 +472,8 @@ ghash_internal (gcry_cipher_hd_t c, byte *result, const byte *buf,
+   const unsigned int blocksize = GCRY_GCM_BLOCK_LEN;
+   unsigned int burn = 0;
+ 
++  prefetch_tables (c);
++
+   while (nblocks)
+     {
+       burn = GHASH (c, result, buf);
+-- 
+2.7.4
+
diff --git a/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch b/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
new file mode 100644
index 0000000..c82c5b5
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
@@ -0,0 +1,332 @@
+From 119348dd9aa52ab229afb5e2d3342d2b76fe81bf Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Fri, 31 May 2019 17:18:09 +0300
+Subject: [PATCH 2/3] AES: move look-up tables to .data section and unshare between
+ processes
+
+* cipher/rijndael-internal.h (ATTR_ALIGNED_64): New.
+* cipher/rijndael-tables.h (encT): Move to 'enc_tables' structure.
+(enc_tables): New structure for encryption table with counters before
+and after.
+(encT): New macro.
+(dec_tables): Add counters before and after encryption table; Move
+from .rodata to .data section.
+(do_encrypt): Change 'encT' to 'enc_tables.T'.
+(do_decrypt): Change '&dec_tables' to 'dec_tables.T'.
+* cipher/cipher-gcm.c (prefetch_table): Make inline; Handle input
+with length not multiple of 256.
+(prefetch_enc, prefetch_dec): Modify pre- and post-table counters
+to unshare look-up table pages between processes.
+--
+
+GnuPG-bug-id: 4541
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+Upstream-Status: Backport
+[https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762]
+
+CVE: CVE-2019-12904
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ cipher/rijndael-internal.h |   4 +-
+ cipher/rijndael-tables.h   | 155 +++++++++++++++++++++++++--------------------
+ cipher/rijndael.c          |  35 ++++++++--
+ 3 files changed, 118 insertions(+), 76 deletions(-)
+
+diff --git a/cipher/rijndael-internal.h b/cipher/rijndael-internal.h
+index 160fb8c..a62d4b7 100644
+--- a/cipher/rijndael-internal.h
++++ b/cipher/rijndael-internal.h
+@@ -29,11 +29,13 @@
+ #define BLOCKSIZE               (128/8)
+ 
+ 
+-/* Helper macro to force alignment to 16 bytes.  */
++/* Helper macro to force alignment to 16 or 64 bytes.  */
+ #ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
+ # define ATTR_ALIGNED_16  __attribute__ ((aligned (16)))
++# define ATTR_ALIGNED_64  __attribute__ ((aligned (64)))
+ #else
+ # define ATTR_ALIGNED_16
++# define ATTR_ALIGNED_64
+ #endif
+ 
+ 
+diff --git a/cipher/rijndael-tables.h b/cipher/rijndael-tables.h
+index 8359470..b54d959 100644
+--- a/cipher/rijndael-tables.h
++++ b/cipher/rijndael-tables.h
+@@ -21,80 +21,98 @@
+ /* To keep the actual implementation at a readable size we use this
+    include file to define the tables.  */
+ 
+-static const u32 encT[256] =
++static struct
++{
++  volatile u32 counter_head;
++  u32 cacheline_align[64 / 4 - 1];
++  u32 T[256];
++  volatile u32 counter_tail;
++} enc_tables ATTR_ALIGNED_64 =
+   {
+-    0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
+-    0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
+-    0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
+-    0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
+-    0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
+-    0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
+-    0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
+-    0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
+-    0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
+-    0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
+-    0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
+-    0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
+-    0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
+-    0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
+-    0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
+-    0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
+-    0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
+-    0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
+-    0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
+-    0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
+-    0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
+-    0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
+-    0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
+-    0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
+-    0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
+-    0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
+-    0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
+-    0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
+-    0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
+-    0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
+-    0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
+-    0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
+-    0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
+-    0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
+-    0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
+-    0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
+-    0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
+-    0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
+-    0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
+-    0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
+-    0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
+-    0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
+-    0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
+-    0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
+-    0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
+-    0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
+-    0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
+-    0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
+-    0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
+-    0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
+-    0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
+-    0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
+-    0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
+-    0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
+-    0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
+-    0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
+-    0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
+-    0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
+-    0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
+-    0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
+-    0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
+-    0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
+-    0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
+-    0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c
++    0,
++    { 0, },
++    {
++      0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
++      0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
++      0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
++      0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
++      0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
++      0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
++      0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
++      0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
++      0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
++      0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
++      0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
++      0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
++      0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
++      0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
++      0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
++      0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
++      0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
++      0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
++      0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
++      0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
++      0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
++      0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
++      0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
++      0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
++      0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
++      0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
++      0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
++      0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
++      0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
++      0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
++      0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
++      0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
++      0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
++      0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
++      0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
++      0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
++      0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
++      0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
++      0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
++      0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
++      0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
++      0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
++      0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
++      0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
++      0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
++      0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
++      0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
++      0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
++      0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
++      0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
++      0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
++      0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
++      0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
++      0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
++      0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
++      0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
++      0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
++      0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
++      0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
++      0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
++      0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
++      0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
++      0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
++      0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c
++    },
++    0
+   };
+ 
+-static const struct
++#define encT enc_tables.T
++
++static struct
+ {
++  volatile u32 counter_head;
++  u32 cacheline_align[64 / 4 - 1];
+   u32 T[256];
+   byte inv_sbox[256];
+-} dec_tables =
++  volatile u32 counter_tail;
++} dec_tables ATTR_ALIGNED_64 =
+   {
++    0,
++    { 0, },
+     {
+       0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
+       0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
+@@ -194,7 +212,8 @@ static const struct
+       0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
+       0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
+       0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
+-    }
++    },
++    0
+   };
+ 
+ #define decT dec_tables.T
+diff --git a/cipher/rijndael.c b/cipher/rijndael.c
+index 8637195..d0edab2 100644
+--- a/cipher/rijndael.c
++++ b/cipher/rijndael.c
+@@ -227,11 +227,11 @@ static const char *selftest(void);
+ 
+ \f
+ /* Prefetching for encryption/decryption tables. */
+-static void prefetch_table(const volatile byte *tab, size_t len)
++static inline void prefetch_table(const volatile byte *tab, size_t len)
+ {
+   size_t i;
+ 
+-  for (i = 0; i < len; i += 8 * 32)
++  for (i = 0; len - i >= 8 * 32; i += 8 * 32)
+     {
+       (void)tab[i + 0 * 32];
+       (void)tab[i + 1 * 32];
+@@ -242,17 +242,37 @@ static void prefetch_table(const volatile byte *tab, size_t len)
+       (void)tab[i + 6 * 32];
+       (void)tab[i + 7 * 32];
+     }
++  for (; i < len; i += 32)
++    {
++      (void)tab[i];
++    }
+ 
+   (void)tab[len - 1];
+ }
+ 
+ static void prefetch_enc(void)
+ {
+-  prefetch_table((const void *)encT, sizeof(encT));
++  /* Modify counters to trigger copy-on-write and unsharing if physical pages
++   * of look-up table are shared between processes.  Modifying counters also
++   * causes checksums for pages to change and hint same-page merging algorithm
++   * that these pages are frequently changing.  */
++  enc_tables.counter_head++;
++  enc_tables.counter_tail++;
++
++  /* Prefetch look-up tables to cache.  */
++  prefetch_table((const void *)&enc_tables, sizeof(enc_tables));
+ }
+ 
+ static void prefetch_dec(void)
+ {
++  /* Modify counters to trigger copy-on-write and unsharing if physical pages
++   * of look-up table are shared between processes.  Modifying counters also
++   * causes checksums for pages to change and hint same-page merging algorithm
++   * that these pages are frequently changing.  */
++  dec_tables.counter_head++;
++  dec_tables.counter_tail++;
++
++  /* Prefetch look-up tables to cache.  */
+   prefetch_table((const void *)&dec_tables, sizeof(dec_tables));
+ }
+ 
+@@ -737,7 +757,7 @@ do_encrypt (const RIJNDAEL_context *ctx,
+ #ifdef USE_AMD64_ASM
+ # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS
+   return _gcry_aes_amd64_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds,
+-				       encT);
++				       enc_tables.T);
+ # else
+   /* Call SystemV ABI function without storing non-volatile XMM registers,
+    * as target function does not use vector instruction sets. */
+@@ -757,7 +777,8 @@ do_encrypt (const RIJNDAEL_context *ctx,
+   return ret;
+ # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */
+ #elif defined(USE_ARM_ASM)
+-  return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, encT);
++  return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds,
++				     enc_tables.T);
+ #else
+   return do_encrypt_fn (ctx, bx, ax);
+ #endif /* !USE_ARM_ASM && !USE_AMD64_ASM*/
+@@ -1120,7 +1141,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx,
+ #ifdef USE_AMD64_ASM
+ # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS
+   return _gcry_aes_amd64_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds,
+-				       &dec_tables);
++				       dec_tables.T);
+ # else
+   /* Call SystemV ABI function without storing non-volatile XMM registers,
+    * as target function does not use vector instruction sets. */
+@@ -1141,7 +1162,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx,
+ # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */
+ #elif defined(USE_ARM_ASM)
+   return _gcry_aes_arm_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds,
+-				     &dec_tables);
++				     dec_tables.T);
+ #else
+   return do_decrypt_fn (ctx, bx, ax);
+ #endif /*!USE_ARM_ASM && !USE_AMD64_ASM*/
+-- 
+2.7.4
+
diff --git a/meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch b/meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch
new file mode 100644
index 0000000..b580b7b
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch
@@ -0,0 +1,178 @@
+From a4c561aab1014c3630bc88faf6f5246fee16b020 Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Fri, 31 May 2019 17:27:25 +0300
+Subject: [PATCH 3/3] GCM: move look-up table to .data section and unshare
+ between processes
+
+* cipher/cipher-gcm.c (ATTR_ALIGNED_64): New.
+(gcmR): Move to 'gcm_table' structure.
+(gcm_table): New structure for look-up table with counters before and
+after.
+(gcmR): New macro.
+(prefetch_table): Handle input with length not multiple of 256.
+(do_prefetch_tables): Modify pre- and post-table counters to unshare
+look-up table pages between processes.
+--
+
+GnuPG-bug-id: 4541
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+Upstream-Status: Backport
+[https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020]
+
+CVE: CVE-2019-12904
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ cipher/cipher-gcm.c | 106 ++++++++++++++++++++++++++++++++++------------------
+ 1 file changed, 70 insertions(+), 36 deletions(-)
+
+diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
+index 11f119a..194e2ec 100644
+--- a/cipher/cipher-gcm.c
++++ b/cipher/cipher-gcm.c
+@@ -30,6 +30,14 @@
+ #include "./cipher-internal.h"
+ 
+ 
++/* Helper macro to force alignment to 16 or 64 bytes.  */
++#ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
++# define ATTR_ALIGNED_64  __attribute__ ((aligned (64)))
++#else
++# define ATTR_ALIGNED_64
++#endif
++
++
+ #ifdef GCM_USE_INTEL_PCLMUL
+ extern void _gcry_ghash_setup_intel_pclmul (gcry_cipher_hd_t c);
+ 
+@@ -83,40 +91,54 @@ ghash_armv7_neon (gcry_cipher_hd_t c, byte *result, const byte *buf,
+ 
+ 
+ #ifdef GCM_USE_TABLES
+-static const u16 gcmR[256] = {
+-  0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e,
+-  0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e,
+-  0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e,
+-  0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e,
+-  0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e,
+-  0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e,
+-  0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e,
+-  0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e,
+-  0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce,
+-  0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde,
+-  0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee,
+-  0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe,
+-  0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e,
+-  0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e,
+-  0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae,
+-  0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe,
+-  0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e,
+-  0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e,
+-  0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e,
+-  0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e,
+-  0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e,
+-  0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e,
+-  0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e,
+-  0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e,
+-  0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce,
+-  0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade,
+-  0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee,
+-  0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe,
+-  0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e,
+-  0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e,
+-  0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae,
+-  0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
+-};
++static struct
++{
++  volatile u32 counter_head;
++  u32 cacheline_align[64 / 4 - 1];
++  u16 R[256];
++  volatile u32 counter_tail;
++} gcm_table ATTR_ALIGNED_64 =
++  {
++    0,
++    { 0, },
++    {
++      0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e,
++      0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e,
++      0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e,
++      0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e,
++      0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e,
++      0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e,
++      0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e,
++      0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e,
++      0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce,
++      0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde,
++      0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee,
++      0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe,
++      0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e,
++      0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e,
++      0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae,
++      0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe,
++      0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e,
++      0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e,
++      0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e,
++      0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e,
++      0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e,
++      0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e,
++      0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e,
++      0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e,
++      0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce,
++      0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade,
++      0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee,
++      0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe,
++      0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e,
++      0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e,
++      0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae,
++      0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
++    },
++    0
++  };
++
++#define gcmR gcm_table.R
+ 
+ static inline
+ void prefetch_table(const void *tab, size_t len)
+@@ -124,7 +146,7 @@ void prefetch_table(const void *tab, size_t len)
+   const volatile byte *vtab = tab;
+   size_t i;
+ 
+-  for (i = 0; i < len; i += 8 * 32)
++  for (i = 0; len - i >= 8 * 32; i += 8 * 32)
+     {
+       (void)vtab[i + 0 * 32];
+       (void)vtab[i + 1 * 32];
+@@ -135,6 +157,10 @@ void prefetch_table(const void *tab, size_t len)
+       (void)vtab[i + 6 * 32];
+       (void)vtab[i + 7 * 32];
+     }
++  for (; i < len; i += 32)
++    {
++      (void)vtab[i];
++    }
+ 
+   (void)vtab[len - 1];
+ }
+@@ -142,8 +168,16 @@ void prefetch_table(const void *tab, size_t len)
+ static inline void
+ do_prefetch_tables (const void *gcmM, size_t gcmM_size)
+ {
++  /* Modify counters to trigger copy-on-write and unsharing if physical pages
++   * of look-up table are shared between processes.  Modifying counters also
++   * causes checksums for pages to change and hint same-page merging algorithm
++   * that these pages are frequently changing.  */
++  gcm_table.counter_head++;
++  gcm_table.counter_tail++;
++
++  /* Prefetch look-up tables to cache.  */
+   prefetch_table(gcmM, gcmM_size);
+-  prefetch_table(gcmR, sizeof(gcmR));
++  prefetch_table(&gcm_table, sizeof(gcm_table));
+ }
+ 
+ #ifdef GCM_TABLES_USE_U64
+-- 
+2.7.4
+
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb
index fda68a2..11d078d 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb
@@ -21,6 +21,9 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
            file://0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch \
            file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \
            file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \
+           file://0001-Prefetch-GCM-look-up-tables.patch \
+           file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \
+           file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \
 "
 SRC_URI[md5sum] = "fbfdaebbbc6d7e5fbbf6ffdb3e139573"
 SRC_URI[sha256sum] = "f638143a0672628fde0cad745e9b14deb85dffb175709cacc1f4fe24b93f2227"
-- 
2.7.4

[warrior 17/19] sudo: fix CVE-2019-14287

[Armin Kuster]

From: Changqing Li <changqing.li@windriver.com>

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer
account can bypass certain policy blacklists and session PAM modules,
and can cause incorrect logging, by invoking sudo with a crafted user
ID. For example, this allows bypass of !root configuration, and USER=
logging, for a "sudo -u \#$((0xffffffff))" command.

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4e11cd561f2bdaa6807cf02ee7c9870881826308)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit b1e0149c41e3c344a0496e64ab3b0c9dd4685ea4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../sudo/sudo/CVE-2019-14287-1.patch               | 178 +++++++++++++++++++++
 .../sudo/sudo/CVE-2019-14287-2.patch               | 112 +++++++++++++
 meta/recipes-extended/sudo/sudo_1.8.27.bb          |   2 +
 3 files changed, 292 insertions(+)
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch

diff --git a/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch b/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
new file mode 100644
index 0000000..2a11e3f
--- /dev/null
+++ b/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
@@ -0,0 +1,178 @@
+From f752ae5cee163253730ff7cdf293e34a91aa5520 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Thu, 10 Oct 2019 10:04:13 -0600
+Subject: [PATCH] Treat an ID of -1 as invalid since that means "no change".
+ Fixes CVE-2019-14287. Found by Joe Vennix from Apple Information Security.
+
+Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/f752ae5cee163253730ff7cdf293e34a91aa5520]
+CVE: CVE-2019-14287
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+---
+ lib/util/strtoid.c | 100 ++++++++++++++++++++++++++++-------------------------
+ 1 files changed, 53 insertions(+), 46 deletions(-)
+
+diff --git a/lib/util/strtoid.c b/lib/util/strtoid.c
+index 2dfce75..6b3916b 100644
+--- a/lib/util/strtoid.c
++++ b/lib/util/strtoid.c
+@@ -49,6 +49,27 @@
+ #include "sudo_util.h"
+ 
+ /*
++ * Make sure that the ID ends with a valid separator char.
++ */
++static bool
++valid_separator(const char *p, const char *ep, const char *sep)
++{
++    bool valid = false;
++    debug_decl(valid_separator, SUDO_DEBUG_UTIL)
++
++    if (ep != p) {
++	/* check for valid separator (including '\0') */
++	if (sep == NULL)
++	    sep = "";
++	do {
++	    if (*ep == *sep)
++		valid = true;
++	} while (*sep++ != '\0');
++    }
++    debug_return_bool(valid);
++}
++
++/*
+  * Parse a uid/gid in string form.
+  * If sep is non-NULL, it contains valid separator characters (e.g. comma, space)
+  * If endp is non-NULL it is set to the next char after the ID.
+@@ -62,36 +83,33 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr
+     char *ep;
+     id_t ret = 0;
+     long long llval;
+-    bool valid = false;
+     debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+ 
+     /* skip leading space so we can pick up the sign, if any */
+     while (isspace((unsigned char)*p))
+ 	p++;
+-    if (sep == NULL)
+-	sep = "";
++
++    /* While id_t may be 64-bit signed, uid_t and gid_t are 32-bit unsigned. */
+     errno = 0;
+     llval = strtoll(p, &ep, 10);
+-    if (ep != p) {
+-	/* check for valid separator (including '\0') */
+-	do {
+-	    if (*ep == *sep)
+-		valid = true;
+-	} while (*sep++ != '\0');
++    if ((errno == ERANGE && llval == LLONG_MAX) || llval > (id_t)UINT_MAX) {
++	errno = ERANGE;
++	if (errstr != NULL)
++	    *errstr = N_("value too large");
++	goto done;
+     }
+-    if (!valid) {
++    if ((errno == ERANGE && llval == LLONG_MIN) || llval < INT_MIN) {
++	errno = ERANGE;
+ 	if (errstr != NULL)
+-	    *errstr = N_("invalid value");
+-	errno = EINVAL;
++	    *errstr = N_("value too small");
+ 	goto done;
+     }
+-    if (errno == ERANGE) {
+-	if (errstr != NULL) {
+-	    if (llval == LLONG_MAX)
+-		*errstr = N_("value too large");
+-	    else
+-		*errstr = N_("value too small");
+-	}
++
++    /* Disallow id -1, which means "no change". */
++    if (!valid_separator(p, ep, sep) || llval == -1 || llval == (id_t)UINT_MAX) {
++	if (errstr != NULL)
++	    *errstr = N_("invalid value");
++	errno = EINVAL;
+ 	goto done;
+     }
+     ret = (id_t)llval;
+@@ -108,30 +126,15 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr
+ {
+     char *ep;
+     id_t ret = 0;
+-    bool valid = false;
+     debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+ 
+     /* skip leading space so we can pick up the sign, if any */
+     while (isspace((unsigned char)*p))
+ 	p++;
+-    if (sep == NULL)
+-	sep = "";
++
+     errno = 0;
+     if (*p == '-') {
+ 	long lval = strtol(p, &ep, 10);
+-	if (ep != p) {
+-	    /* check for valid separator (including '\0') */
+-	    do {
+-		if (*ep == *sep)
+-		    valid = true;
+-	    } while (*sep++ != '\0');
+-	}
+-	if (!valid) {
+-	    if (errstr != NULL)
+-		*errstr = N_("invalid value");
+-	    errno = EINVAL;
+-	    goto done;
+-	}
+ 	if ((errno == ERANGE && lval == LONG_MAX) || lval > INT_MAX) {
+ 	    errno = ERANGE;
+ 	    if (errstr != NULL)
+@@ -144,28 +147,31 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr
+ 		*errstr = N_("value too small");
+ 	    goto done;
+ 	}
+-	ret = (id_t)lval;
+-    } else {
+-	unsigned long ulval = strtoul(p, &ep, 10);
+-	if (ep != p) {
+-	    /* check for valid separator (including '\0') */
+-	    do {
+-		if (*ep == *sep)
+-		    valid = true;
+-	    } while (*sep++ != '\0');
+-	}
+-	if (!valid) {
++
++	/* Disallow id -1, which means "no change". */
++	if (!valid_separator(p, ep, sep) || lval == -1) {
+ 	    if (errstr != NULL)
+ 		*errstr = N_("invalid value");
+ 	    errno = EINVAL;
+ 	    goto done;
+ 	}
++	ret = (id_t)lval;
++    } else {
++	unsigned long ulval = strtoul(p, &ep, 10);
+ 	if ((errno == ERANGE && ulval == ULONG_MAX) || ulval > UINT_MAX) {
+ 	    errno = ERANGE;
+ 	    if (errstr != NULL)
+ 		*errstr = N_("value too large");
+ 	    goto done;
+ 	}
++
++	/* Disallow id -1, which means "no change". */
++	if (!valid_separator(p, ep, sep) || ulval == UINT_MAX) {
++	    if (errstr != NULL)
++		*errstr = N_("invalid value");
++	    errno = EINVAL;
++	    goto done;
++	}
+ 	ret = (id_t)ulval;
+     }
+     if (errstr != NULL)
+-- 
+2.7.4
+
diff --git a/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch b/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch
new file mode 100644
index 0000000..453a8b0
--- /dev/null
+++ b/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch
@@ -0,0 +1,112 @@
+From 396bc57feff3e360007634f62448b64e0626390c Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Thu, 10 Oct 2019 10:04:13 -0600
+Subject: [PATCH] Add sudo_strtoid() tests for -1 and range errors. Also adjust
+ testsudoers/test5 which relied upon gid -1 parsing.
+
+Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/396bc57]
+CVE: CVE-2019-14287
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+---
+ lib/util/regress/atofoo/atofoo_test.c            | 36 ++++++++++++++++------
+ plugins/sudoers/regress/testsudoers/test5.out.ok |  2 +-
+ plugins/sudoers/regress/testsudoers/test5.sh     |  2 +-
+ 3 files changed, 29 insertions(+), 11 deletions(-)
+
+diff --git a/lib/util/regress/atofoo/atofoo_test.c b/lib/util/regress/atofoo/atofoo_test.c
+index 031a7ed..fb41c1a 100644
+--- a/lib/util/regress/atofoo/atofoo_test.c
++++ b/lib/util/regress/atofoo/atofoo_test.c
+@@ -26,6 +26,7 @@
+ #else
+ # include "compat/stdbool.h"
+ #endif
++#include <errno.h>
+ 
+ #include "sudo_compat.h"
+ #include "sudo_util.h"
+@@ -80,15 +81,20 @@ static struct strtoid_data {
+     id_t id;
+     const char *sep;
+     const char *ep;
++    int errnum;
+ } strtoid_data[] = {
+-    { "0,1", 0, ",", "," },
+-    { "10", 10, NULL, NULL },
+-    { "-2", -2, NULL, NULL },
++    { "0,1", 0, ",", ",", 0 },
++    { "10", 10, NULL, NULL, 0 },
++    { "-1", 0, NULL, NULL, EINVAL },
++    { "4294967295", 0, NULL, NULL, EINVAL },
++    { "4294967296", 0, NULL, NULL, ERANGE },
++    { "-2147483649", 0, NULL, NULL, ERANGE },
++    { "-2", -2, NULL, NULL, 0 },
+ #if SIZEOF_ID_T != SIZEOF_LONG_LONG
+-    { "-2", (id_t)4294967294U, NULL, NULL },
++    { "-2", (id_t)4294967294U, NULL, NULL, 0 },
+ #endif
+-    { "4294967294", (id_t)4294967294U, NULL, NULL },
+-    { NULL, 0, NULL, NULL }
++    { "4294967294", (id_t)4294967294U, NULL, NULL, 0 },
++    { NULL, 0, NULL, NULL, 0 }
+ };
+ 
+ static int
+@@ -104,11 +110,23 @@ test_strtoid(int *ntests)
+ 	(*ntests)++;
+ 	errstr = "some error";
+ 	value = sudo_strtoid(d->idstr, d->sep, &ep, &errstr);
+-	if (errstr != NULL) {
+-	    if (d->id != (id_t)-1) {
+-		sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
++	if (d->errnum != 0) {
++	    if (errstr == NULL) {
++		sudo_warnx_nodebug("FAIL: %s: missing errstr for errno %d",
++		    d->idstr, d->errnum);
++		errors++;
++	    } else if (value != 0) {
++		sudo_warnx_nodebug("FAIL: %s should return 0 on error",
++		    d->idstr);
++		errors++;
++	    } else if (errno != d->errnum) {
++		sudo_warnx_nodebug("FAIL: %s: errno mismatch, %d != %d",
++		    d->idstr, errno, d->errnum);
+ 		errors++;
+ 	    }
++	} else if (errstr != NULL) {
++	    sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
++	    errors++;
+ 	} else if (value != d->id) {
+ 	    sudo_warnx_nodebug("FAIL: %s != %u", d->idstr, (unsigned int)d->id);
+ 	    errors++;
+diff --git a/plugins/sudoers/regress/testsudoers/test5.out.ok b/plugins/sudoers/regress/testsudoers/test5.out.ok
+index 5e319c9..cecf700 100644
+--- a/plugins/sudoers/regress/testsudoers/test5.out.ok
++++ b/plugins/sudoers/regress/testsudoers/test5.out.ok
+@@ -4,7 +4,7 @@ Parse error in sudoers near line 1.
+ Entries for user root:
+ 
+ Command unmatched
+-testsudoers: test5.inc should be owned by gid 4294967295
++testsudoers: test5.inc should be owned by gid 4294967294
+ Parse error in sudoers near line 1.
+ 
+ Entries for user root:
+diff --git a/plugins/sudoers/regress/testsudoers/test5.sh b/plugins/sudoers/regress/testsudoers/test5.sh
+index 9e690a6..94d585c 100755
+--- a/plugins/sudoers/regress/testsudoers/test5.sh
++++ b/plugins/sudoers/regress/testsudoers/test5.sh
+@@ -24,7 +24,7 @@ EOF
+ 
+ # Test group writable
+ chmod 664 $TESTFILE
+-./testsudoers -U $MYUID -G -1 root id <<EOF
++./testsudoers -U $MYUID -G -2 root id <<EOF
+ #include $TESTFILE
+ EOF
+ 
+-- 
+2.7.4
+
diff --git a/meta/recipes-extended/sudo/sudo_1.8.27.bb b/meta/recipes-extended/sudo/sudo_1.8.27.bb
index 4a34393..7460a5b 100644
--- a/meta/recipes-extended/sudo/sudo_1.8.27.bb
+++ b/meta/recipes-extended/sudo/sudo_1.8.27.bb
@@ -3,6 +3,8 @@ require sudo.inc
 SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \
            ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
            file://0001-Include-sys-types.h-for-id_t-definition.patch \
+           file://CVE-2019-14287-1.patch \
+           file://CVE-2019-14287-2.patch \
            "
 
 PAM_SRC_URI = "file://sudo.pam"
-- 
2.7.4

[warrior 18/19] go: fix CVE-2019-16276

[Armin Kuster]

From: Chen Qi <Qi.Chen@windriver.com>

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e31f87e289dfd3bbca961e927447a9c7ba816d3f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit e02e8fa2e82cceaaa6a433466f52f97b0984762a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-devtools/go/go-1.12.inc               |   1 +
 ...nch.go1.12-security-net-textproto-don-t-n.patch | 163 +++++++++++++++++++++
 2 files changed, 164 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch

diff --git a/meta/recipes-devtools/go/go-1.12.inc b/meta/recipes-devtools/go/go-1.12.inc
index 0cf0a63..66df500 100644
--- a/meta/recipes-devtools/go/go-1.12.inc
+++ b/meta/recipes-devtools/go/go-1.12.inc
@@ -16,6 +16,7 @@ SRC_URI += "\
     file://0006-cmd-dist-separate-host-and-target-builds.patch \
     file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
     file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
+    file://0001-release-branch.go1.12-security-net-textproto-don-t-n.patch \
 "
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
 
diff --git a/meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch b/meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
new file mode 100644
index 0000000..7b39dbd
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
@@ -0,0 +1,163 @@
+From 265b691ac440bfb711d8de323346f7d72e620efe Mon Sep 17 00:00:00 2001
+From: Filippo Valsorda <filippo@golang.org>
+Date: Thu, 12 Sep 2019 12:37:36 -0400
+Subject: [PATCH] [release-branch.go1.12-security] net/textproto: don't
+ normalize headers with spaces before the colon
+
+RFC 7230 is clear about headers with a space before the colon, like
+
+X-Answer : 42
+
+being invalid, but we've been accepting and normalizing them for compatibility
+purposes since CL 5690059 in 2012.
+
+On the client side, this is harmless and indeed most browsers behave the same
+to this day. On the server side, this becomes a security issue when the
+behavior doesn't match that of a reverse proxy sitting in front of the server.
+
+For example, if a WAF accepts them without normalizing them, it might be
+possible to bypass its filters, because the Go server would interpret the
+header differently. Worse, if the reverse proxy coalesces requests onto a
+single HTTP/1.1 connection to a Go server, the understanding of the request
+boundaries can get out of sync between them, allowing an attacker to tack an
+arbitrary method and path onto a request by other clients, including
+authentication headers unknown to the attacker.
+
+This was recently presented at multiple security conferences:
+https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn
+
+net/http servers already reject header keys with invalid characters.
+Simply stop normalizing extra spaces in net/textproto, let it return them
+unchanged like it does for other invalid headers, and let net/http enforce
+RFC 7230, which is HTTP specific. This loses us normalization on the client
+side, but there's no right answer on the client side anyway, and hiding the
+issue sounds worse than letting the application decide.
+
+Fixes CVE-2019-16276
+
+Change-Id: I6d272de827e0870da85d93df770d6a0e161bbcf1
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/549719
+Reviewed-by: Brad Fitzpatrick <bradfitz@google.com>
+(cherry picked from commit 1280b868e82bf173ea3e988be3092d160ee66082)
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/558776
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+
+CVE: CVE-2019-16276
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/net/http/serve_test.go       |  4 ++++
+ src/net/http/transport_test.go   | 27 +++++++++++++++++++++++++++
+ src/net/textproto/reader.go      | 10 ++--------
+ src/net/textproto/reader_test.go | 13 ++++++-------
+ 4 files changed, 39 insertions(+), 15 deletions(-)
+
+diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go
+index 6eb0088a96..89bfdfbb82 100644
+--- a/src/net/http/serve_test.go
++++ b/src/net/http/serve_test.go
+@@ -4748,6 +4748,10 @@ func TestServerValidatesHeaders(t *testing.T) {
+ 		{"foo\xffbar: foo\r\n", 400},                         // binary in header
+ 		{"foo\x00bar: foo\r\n", 400},                         // binary in header
+ 		{"Foo: " + strings.Repeat("x", 1<<21) + "\r\n", 431}, // header too large
++		// Spaces between the header key and colon are not allowed.
++		// See RFC 7230, Section 3.2.4.
++		{"Foo : bar\r\n", 400},
++		{"Foo\t: bar\r\n", 400},
+ 
+ 		{"foo: foo foo\r\n", 200},    // LWS space is okay
+ 		{"foo: foo\tfoo\r\n", 200},   // LWS tab is okay
+diff --git a/src/net/http/transport_test.go b/src/net/http/transport_test.go
+index 5c329543e2..5e5438a708 100644
+--- a/src/net/http/transport_test.go
++++ b/src/net/http/transport_test.go
+@@ -5133,3 +5133,30 @@ func TestTransportIgnores408(t *testing.T) {
+ 	}
+ 	t.Fatalf("timeout after %v waiting for Transport connections to die off", time.Since(t0))
+ }
++
++func TestInvalidHeaderResponse(t *testing.T) {
++	setParallel(t)
++	defer afterTest(t)
++	cst := newClientServerTest(t, h1Mode, HandlerFunc(func(w ResponseWriter, r *Request) {
++		conn, buf, _ := w.(Hijacker).Hijack()
++		buf.Write([]byte("HTTP/1.1 200 OK\r\n" +
++			"Date: Wed, 30 Aug 2017 19:09:27 GMT\r\n" +
++			"Content-Type: text/html; charset=utf-8\r\n" +
++			"Content-Length: 0\r\n" +
++			"Foo : bar\r\n\r\n"))
++		buf.Flush()
++		conn.Close()
++	}))
++	defer cst.close()
++	res, err := cst.c.Get(cst.ts.URL)
++	if err != nil {
++		t.Fatal(err)
++	}
++	defer res.Body.Close()
++	if v := res.Header.Get("Foo"); v != "" {
++		t.Errorf(`unexpected "Foo" header: %q`, v)
++	}
++	if v := res.Header.Get("Foo "); v != "bar" {
++		t.Errorf(`bad "Foo " header value: %q, want %q`, v, "bar")
++	}
++}
+diff --git a/src/net/textproto/reader.go b/src/net/textproto/reader.go
+index 2c4f25d5ae..1a5e364cf7 100644
+--- a/src/net/textproto/reader.go
++++ b/src/net/textproto/reader.go
+@@ -493,18 +493,12 @@ func (r *Reader) ReadMIMEHeader() (MIMEHeader, error) {
+ 			return m, err
+ 		}
+ 
+-		// Key ends at first colon; should not have trailing spaces
+-		// but they appear in the wild, violating specs, so we remove
+-		// them if present.
++		// Key ends at first colon.
+ 		i := bytes.IndexByte(kv, ':')
+ 		if i < 0 {
+ 			return m, ProtocolError("malformed MIME header line: " + string(kv))
+ 		}
+-		endKey := i
+-		for endKey > 0 && kv[endKey-1] == ' ' {
+-			endKey--
+-		}
+-		key := canonicalMIMEHeaderKey(kv[:endKey])
++		key := canonicalMIMEHeaderKey(kv[:i])
+ 
+ 		// As per RFC 7230 field-name is a token, tokens consist of one or more chars.
+ 		// We could return a ProtocolError here, but better to be liberal in what we
+diff --git a/src/net/textproto/reader_test.go b/src/net/textproto/reader_test.go
+index f85fbdc36d..b92fdcd3c7 100644
+--- a/src/net/textproto/reader_test.go
++++ b/src/net/textproto/reader_test.go
+@@ -188,11 +188,10 @@ func TestLargeReadMIMEHeader(t *testing.T) {
+ 	}
+ }
+ 
+-// Test that we read slightly-bogus MIME headers seen in the wild,
+-// with spaces before colons, and spaces in keys.
++// TestReadMIMEHeaderNonCompliant checks that we don't normalize headers
++// with spaces before colons, and accept spaces in keys.
+ func TestReadMIMEHeaderNonCompliant(t *testing.T) {
+-	// Invalid HTTP response header as sent by an Axis security
+-	// camera: (this is handled by IE, Firefox, Chrome, curl, etc.)
++	// These invalid headers will be rejected by net/http according to RFC 7230.
+ 	r := reader("Foo: bar\r\n" +
+ 		"Content-Language: en\r\n" +
+ 		"SID : 0\r\n" +
+@@ -202,9 +201,9 @@ func TestReadMIMEHeaderNonCompliant(t *testing.T) {
+ 	want := MIMEHeader{
+ 		"Foo":              {"bar"},
+ 		"Content-Language": {"en"},
+-		"Sid":              {"0"},
+-		"Audio Mode":       {"None"},
+-		"Privilege":        {"127"},
++		"SID ":             {"0"},
++		"Audio Mode ":      {"None"},
++		"Privilege ":       {"127"},
+ 	}
+ 	if !reflect.DeepEqual(m, want) || err != nil {
+ 		t.Fatalf("ReadMIMEHeader =\n%v, %v; want:\n%v", m, err, want)
-- 
2.7.4

[warrior 19/19] qemu: update to 3.1.1.1

[Armin Kuster]

bug fix only update.

Drop patches included in update.

For full set of changes, see: https://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/tags/v3.1.1.1

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ...qemu-native_3.1.0.bb => qemu-native_3.1.1.1.bb} |   0
 ...tive_3.1.0.bb => qemu-system-native_3.1.1.1.bb} |   0
 meta/recipes-devtools/qemu/qemu.inc                |  14 +-
 .../0001-egl-headless-add-egl_create_context.patch |  50 -----
 .../qemu/qemu/0014-fix-CVE-2018-16872.patch        |  85 --------
 .../qemu/qemu/0015-fix-CVE-2018-20124.patch        |  60 ------
 .../qemu/qemu/0016-fix-CVE-2018-20125.patch        |  54 ------
 .../qemu/qemu/0017-fix-CVE-2018-20126.patch        | 113 -----------
 .../qemu/qemu/0018-fix-CVE-2018-20191.patch        |  47 -----
 .../qemu/qemu/0019-fix-CVE-2018-20216.patch        |  85 --------
 .../qemu/qemu/CVE-2018-20815.patch                 |  38 ----
 .../recipes-devtools/qemu/qemu/CVE-2019-3812.patch |  39 ----
 .../recipes-devtools/qemu/qemu/CVE-2019-8934.patch | 215 ---------------------
 .../qemu/{qemu_3.1.0.bb => qemu_3.1.1.1.bb}        |   0
 14 files changed, 2 insertions(+), 798 deletions(-)
 rename meta/recipes-devtools/qemu/{qemu-native_3.1.0.bb => qemu-native_3.1.1.1.bb} (100%)
 rename meta/recipes-devtools/qemu/{qemu-system-native_3.1.0.bb => qemu-system-native_3.1.1.1.bb} (100%)
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch
 rename meta/recipes-devtools/qemu/{qemu_3.1.0.bb => qemu_3.1.1.1.bb} (100%)

diff --git a/meta/recipes-devtools/qemu/qemu-native_3.1.0.bb b/meta/recipes-devtools/qemu/qemu-native_3.1.1.1.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu-native_3.1.0.bb
rename to meta/recipes-devtools/qemu/qemu-native_3.1.1.1.bb
diff --git a/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb b/meta/recipes-devtools/qemu/qemu-system-native_3.1.1.1.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb
rename to meta/recipes-devtools/qemu/qemu-system-native_3.1.1.1.bb
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 40c3174..202134b 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -22,24 +22,14 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
            file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
            file://0001-Add-a-missing-X11-include.patch \
-           file://0001-egl-headless-add-egl_create_context.patch \
-           file://0014-fix-CVE-2018-16872.patch \
-           file://0015-fix-CVE-2018-20124.patch \
-           file://0016-fix-CVE-2018-20125.patch \
-           file://0017-fix-CVE-2018-20126.patch \
-           file://0018-fix-CVE-2018-20191.patch \
-           file://0019-fix-CVE-2018-20216.patch \
-           file://CVE-2019-3812.patch \
            file://0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch \
-           file://CVE-2018-20815.patch \
-           file://CVE-2019-8934.patch \
            file://0001-linux-user-assume-__NR_gettid-always-exists.patch \
            file://0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
-SRC_URI[md5sum] = "fb687ce0b02d3bf4327e36d3b99427a8"
-SRC_URI[sha256sum] = "6a0508df079a0a33c2487ca936a56c12122f105b8a96a44374704bef6c69abfc"
+SRC_URI[md5sum] = "aafb005c252eb3a667c2468868348c0a"
+SRC_URI[sha256sum] = "b148fc3c7382c5addd915db433383160ca7b840bc6ea90bb0d35c6b253526d56"
 
 COMPATIBLE_HOST_mipsarchn32 = "null"
 COMPATIBLE_HOST_mipsarchn64 = "null"
diff --git a/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch b/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
deleted file mode 100644
index d9326c0..0000000
--- a/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 952e5d584f5aabe41298c278065fe628f3f7aa7a Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Thu, 29 Nov 2018 13:35:02 +0100
-Subject: [PATCH] egl-headless: add egl_create_context
-
-We must set the correct context (via eglMakeCurrent) before
-calling qemu_egl_create_context, so we need a thin wrapper and can't
-hook qemu_egl_create_context directly as ->dpy_gl_ctx_create callback.
-
-Reported-by: Frederik Carlier <frederik.carlier@quamotion.mobi>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Message-id: 20181129123502.30129-1-kraxel@redhat.com
-
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=952e5d584f5aabe41298c278065fe628f3f7aa7a]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- ui/egl-headless.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/ui/egl-headless.c b/ui/egl-headless.c
-index 4cf3bbc0e4..519e7bad32 100644
---- a/ui/egl-headless.c
-+++ b/ui/egl-headless.c
-@@ -38,6 +38,14 @@ static void egl_gfx_switch(DisplayChangeListener *dcl,
-     edpy->ds = new_surface;
- }
- 
-+static QEMUGLContext egl_create_context(DisplayChangeListener *dcl,
-+                                        QEMUGLParams *params)
-+{
-+    eglMakeCurrent(qemu_egl_display, EGL_NO_SURFACE, EGL_NO_SURFACE,
-+                   qemu_egl_rn_ctx);
-+    return qemu_egl_create_context(dcl, params);
-+}
-+
- static void egl_scanout_disable(DisplayChangeListener *dcl)
- {
-     egl_dpy *edpy = container_of(dcl, egl_dpy, dcl);
-@@ -150,7 +158,7 @@ static const DisplayChangeListenerOps egl_ops = {
-     .dpy_gfx_update          = egl_gfx_update,
-     .dpy_gfx_switch          = egl_gfx_switch,
- 
--    .dpy_gl_ctx_create       = qemu_egl_create_context,
-+    .dpy_gl_ctx_create       = egl_create_context,
-     .dpy_gl_ctx_destroy      = qemu_egl_destroy_context,
-     .dpy_gl_ctx_make_current = qemu_egl_make_context_current,
-     .dpy_gl_ctx_get_current  = qemu_egl_get_current_context,
--- 
-2.17.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch b/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
deleted file mode 100644
index 412aa16..0000000
--- a/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-CVE: CVE-2018-16872
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=bab9df35]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From bab9df35ce73d1c8e19a37e2737717ea1c984dc1 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Thu, 13 Dec 2018 13:25:11 +0100
-Subject: [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC.
-
-Open files and directories with O_NOFOLLOW to avoid symlinks attacks.
-While being at it also add O_CLOEXEC.
-
-usb-mtp only handles regular files and directories and ignores
-everything else, so users should not see a difference.
-
-Because qemu ignores symlinks, carrying out a successful symlink attack
-requires swapping an existing file or directory below rootdir for a
-symlink and winning the race against the inotify notification to qemu.
-
-Fixes: CVE-2018-16872
-Cc: Prasad J Pandit <ppandit@redhat.com>
-Cc: Bandan Das <bsd@redhat.com>
-Reported-by: Michael Hanselmann <public@hansmi.ch>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Michael Hanselmann <public@hansmi.ch>
-Message-id: 20181213122511.13853-1-kraxel@redhat.com
----
- hw/usb/dev-mtp.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
-index 100b7171f4..36c43b8c20 100644
---- a/hw/usb/dev-mtp.c
-+++ b/hw/usb/dev-mtp.c
-@@ -653,13 +653,18 @@ static void usb_mtp_object_readdir(MTPState *s, MTPObject *o)
- {
-     struct dirent *entry;
-     DIR *dir;
-+    int fd;
- 
-     if (o->have_children) {
-         return;
-     }
-     o->have_children = true;
- 
--    dir = opendir(o->path);
-+    fd = open(o->path, O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
-+    if (fd < 0) {
-+        return;
-+    }
-+    dir = fdopendir(fd);
-     if (!dir) {
-         return;
-     }
-@@ -1007,7 +1012,7 @@ static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c,
- 
-     trace_usb_mtp_op_get_object(s->dev.addr, o->handle, o->path);
- 
--    d->fd = open(o->path, O_RDONLY);
-+    d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
-     if (d->fd == -1) {
-         usb_mtp_data_free(d);
-         return NULL;
-@@ -1031,7 +1036,7 @@ static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c,
-                                         c->argv[1], c->argv[2]);
- 
-     d = usb_mtp_data_alloc(c);
--    d->fd = open(o->path, O_RDONLY);
-+    d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
-     if (d->fd == -1) {
-         usb_mtp_data_free(d);
-         return NULL;
-@@ -1658,7 +1663,7 @@ static void usb_mtp_write_data(MTPState *s)
-                                  0, 0, 0, 0);
-             goto done;
-         }
--        d->fd = open(path, O_CREAT | O_WRONLY, mask);
-+        d->fd = open(path, O_CREAT | O_WRONLY | O_CLOEXEC | O_NOFOLLOW, mask);
-         if (d->fd == -1) {
-             usb_mtp_queue_result(s, RES_STORE_FULL, d->trans,
-                                  0, 0, 0, 0);
--- 
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch b/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
deleted file mode 100644
index 985b819..0000000
--- a/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-CVE: CVE-2018-20124
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=0e68373]
-
-Backport patch to fix CVE-2018-20124. Update context and stay with current
-function comp_handler() which has been replaced with complete_work() in latest
-git repo.
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From 0e68373cc2b3a063ce067bc0cc3edaf370752890 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 13 Dec 2018 01:00:34 +0530
-Subject: [PATCH] rdma: check num_sge does not exceed MAX_SGE
-
-rdma back-end has scatter/gather array ibv_sge[MAX_SGE=4] set
-to have 4 elements. A guest could send a 'PvrdmaSqWqe' ring element
-with 'num_sge' set to > MAX_SGE, which may lead to OOB access issue.
-Add check to avoid it.
-
-Reported-by: Saar Amar <saaramar5@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
-Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
----
- hw/rdma/rdma_backend.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c
-index d7a4bbd9..7f8028f8 100644
---- a/hw/rdma/rdma_backend.c
-+++ b/hw/rdma/rdma_backend.c
-@@ -311,9 +311,9 @@ void rdma_backend_post_send(RdmaBackendDev *backend_dev,
-     }
- 
-     pr_dbg("num_sge=%d\n", num_sge);
--    if (!num_sge) {
--        pr_dbg("num_sge=0\n");
--        comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
-+    if (!num_sge || num_sge > MAX_SGE) {
-+        pr_dbg("invalid num_sge=%d\n", num_sge);
-+        comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
-         return;
-     }
- 
-@@ -390,9 +390,9 @@ void rdma_backend_post_recv(RdmaBackendDev *backend_dev,
-     }
- 
-     pr_dbg("num_sge=%d\n", num_sge);
--    if (!num_sge) {
--        pr_dbg("num_sge=0\n");
--        comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
-+    if (!num_sge || num_sge > MAX_SGE) {
-+        pr_dbg("invalid num_sge=%d\n", num_sge);
-+        comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
-         return;
-     }
- 
--- 
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch b/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
deleted file mode 100644
index 56559c8..0000000
--- a/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-CVE: CVE-2018-20125
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=2c858ce]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From 2c858ce5da8ae6689c75182b73bc455a291cad41 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 13 Dec 2018 01:00:36 +0530
-Subject: [PATCH] pvrdma: check number of pages when creating rings
-
-When creating CQ/QP rings, an object can have up to
-PVRDMA_MAX_FAST_REG_PAGES 8 pages. Check 'npages' parameter
-to avoid excessive memory allocation or a null dereference.
-
-Reported-by: Li Qiang <liq3ea@163.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
-Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
----
- hw/rdma/vmw/pvrdma_cmd.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
-index 3b94545761..f236ac4795 100644
---- a/hw/rdma/vmw/pvrdma_cmd.c
-+++ b/hw/rdma/vmw/pvrdma_cmd.c
-@@ -259,6 +259,11 @@ static int create_cq_ring(PCIDevice *pci_dev , PvrdmaRing **ring,
-     int rc = -EINVAL;
-     char ring_name[MAX_RING_NAME_SZ];
- 
-+    if (!nchunks || nchunks > PVRDMA_MAX_FAST_REG_PAGES) {
-+        pr_dbg("invalid nchunks: %d\n", nchunks);
-+        return rc;
-+    }
-+
-     pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma);
-     dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE);
-     if (!dir) {
-@@ -372,6 +377,12 @@ static int create_qp_rings(PCIDevice *pci_dev, uint64_t pdir_dma,
-     char ring_name[MAX_RING_NAME_SZ];
-     uint32_t wqe_sz;
- 
-+    if (!spages || spages > PVRDMA_MAX_FAST_REG_PAGES
-+        || !rpages || rpages > PVRDMA_MAX_FAST_REG_PAGES) {
-+        pr_dbg("invalid pages: %d, %d\n", spages, rpages);
-+        return rc;
-+    }
-+
-     pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma);
-     dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE);
-     if (!dir) {
--- 
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch b/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
deleted file mode 100644
index 8329f2c..0000000
--- a/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-CVE: CVE-2018-20126
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=509f57c]
-
-Backport and rebase patch to fix CVE-2018-20126.
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From 509f57c98e7536905bb4902363d0cba66ce7e089 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 13 Dec 2018 01:00:37 +0530
-Subject: [PATCH] pvrdma: release ring object in case of an error
-
-create_cq and create_qp routines allocate ring object, but it's
-not released in case of an error, leading to memory leakage.
-
-Reported-by: Li Qiang <liq3ea@163.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
-Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
----
- hw/rdma/vmw/pvrdma_cmd.c | 41 ++++++++++++++++++++++++++++++-----------
- 1 file changed, 30 insertions(+), 11 deletions(-)
-
-diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
-index 4faeb21..9b6796f 100644
---- a/hw/rdma/vmw/pvrdma_cmd.c
-+++ b/hw/rdma/vmw/pvrdma_cmd.c
-@@ -310,6 +310,14 @@ out:
-     return rc;
- }
- 
-+static void destroy_cq_ring(PvrdmaRing *ring)
-+{
-+    pvrdma_ring_free(ring);
-+    /* ring_state was in slot 1, not 0 so need to jump back */
-+    rdma_pci_dma_unmap(ring->dev, --ring->ring_state, TARGET_PAGE_SIZE);
-+    g_free(ring);
-+}
-+
- static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
-                      union pvrdma_cmd_resp *rsp)
- {
-@@ -333,6 +341,10 @@ static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
- 
-     resp->hdr.err = rdma_rm_alloc_cq(&dev->rdma_dev_res, &dev->backend_dev,
-                                      cmd->cqe, &resp->cq_handle, ring);
-+    if (resp->hdr.err) {
-+        destroy_cq_ring(ring);
-+    }
-+
-     resp->cqe = cmd->cqe;
- 
- out:
-@@ -356,10 +368,7 @@ static int destroy_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
-     }
- 
-     ring = (PvrdmaRing *)cq->opaque;
--    pvrdma_ring_free(ring);
--    /* ring_state was in slot 1, not 0 so need to jump back */
--    rdma_pci_dma_unmap(PCI_DEVICE(dev), --ring->ring_state, TARGET_PAGE_SIZE);
--    g_free(ring);
-+    destroy_cq_ring(ring);
- 
-     rdma_rm_dealloc_cq(&dev->rdma_dev_res, cmd->cq_handle);
- 
-@@ -451,6 +460,17 @@ out:
-     return rc;
- }
- 
-+static void destroy_qp_rings(PvrdmaRing *ring)
-+{
-+    pr_dbg("sring=%p\n", &ring[0]);
-+    pvrdma_ring_free(&ring[0]);
-+    pr_dbg("rring=%p\n", &ring[1]);
-+    pvrdma_ring_free(&ring[1]);
-+
-+    rdma_pci_dma_unmap(ring->dev, ring->ring_state, TARGET_PAGE_SIZE);
-+    g_free(ring);
-+}
-+
- static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
-                      union pvrdma_cmd_resp *rsp)
- {
-@@ -482,6 +502,11 @@ static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
-                                      cmd->max_recv_wr, cmd->max_recv_sge,
-                                      cmd->recv_cq_handle, rings, &resp->qpn);
- 
-+    if (resp->hdr.err) {
-+        destroy_qp_rings(rings);
-+        return resp->hdr.err;
-+    }
-+
-     resp->max_send_wr = cmd->max_send_wr;
-     resp->max_recv_wr = cmd->max_recv_wr;
-     resp->max_send_sge = cmd->max_send_sge;
-@@ -555,13 +580,7 @@ static int destroy_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
-     rdma_rm_dealloc_qp(&dev->rdma_dev_res, cmd->qp_handle);
- 
-     ring = (PvrdmaRing *)qp->opaque;
--    pr_dbg("sring=%p\n", &ring[0]);
--    pvrdma_ring_free(&ring[0]);
--    pr_dbg("rring=%p\n", &ring[1]);
--    pvrdma_ring_free(&ring[1]);
--
--    rdma_pci_dma_unmap(PCI_DEVICE(dev), ring->ring_state, TARGET_PAGE_SIZE);
--    g_free(ring);
-+    destroy_qp_rings(ring);
- 
-     return 0;
- }
--- 
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch b/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
deleted file mode 100644
index 8f8ff05..0000000
--- a/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-CVE: CVE-2018-20191
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=2aa8645]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From 2aa86456fb938a11f2b7bd57c8643c213218681c Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 13 Dec 2018 01:00:35 +0530
-Subject: [PATCH] pvrdma: add uar_read routine
-
-Define skeleton 'uar_read' routine. Avoid NULL dereference.
-
-Reported-by: Li Qiang <liq3ea@163.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Reviewed-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
-Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
----
- hw/rdma/vmw/pvrdma_main.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
-index 64de16fb52..838ad8a949 100644
---- a/hw/rdma/vmw/pvrdma_main.c
-+++ b/hw/rdma/vmw/pvrdma_main.c
-@@ -448,6 +448,11 @@ static const MemoryRegionOps regs_ops = {
-     },
- };
- 
-+static uint64_t uar_read(void *opaque, hwaddr addr, unsigned size)
-+{
-+    return 0xffffffff;
-+}
-+
- static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
- {
-     PVRDMADev *dev = opaque;
-@@ -489,6 +494,7 @@ static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
- }
- 
- static const MemoryRegionOps uar_ops = {
-+    .read = uar_read,
-     .write = uar_write,
-     .endianness = DEVICE_LITTLE_ENDIAN,
-     .impl = {
--- 
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch b/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
deleted file mode 100644
index c02bad3..0000000
--- a/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-CVE: CVE-2018-20216
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=f1e2e38]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From f1e2e38ee0136b7710a2caa347049818afd57a1b Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 13 Dec 2018 01:00:39 +0530
-Subject: [PATCH] pvrdma: check return value from pvrdma_idx_ring_has_ routines
-
-pvrdma_idx_ring_has_[data/space] routines also return invalid
-index PVRDMA_INVALID_IDX[=-1], if ring has no data/space. Check
-return value from these routines to avoid plausible infinite loops.
-
-Reported-by: Li Qiang <liq3ea@163.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
-Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
----
- hw/rdma/vmw/pvrdma_dev_ring.c | 29 +++++++++++------------------
- 1 file changed, 11 insertions(+), 18 deletions(-)
-
-diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c
-index 01247fc041..e8e5b502f6 100644
---- a/hw/rdma/vmw/pvrdma_dev_ring.c
-+++ b/hw/rdma/vmw/pvrdma_dev_ring.c
-@@ -73,23 +73,16 @@ out:
- 
- void *pvrdma_ring_next_elem_read(PvrdmaRing *ring)
- {
-+    int e;
-     unsigned int idx = 0, offset;
- 
--    /*
--    pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail,
--           ring->ring_state->cons_head);
--    */
--
--    if (!pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx)) {
-+    e = pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx);
-+    if (e <= 0) {
-         pr_dbg("No more data in ring\n");
-         return NULL;
-     }
- 
-     offset = idx * ring->elem_sz;
--    /*
--    pr_dbg("idx=%d\n", idx);
--    pr_dbg("offset=%d\n", offset);
--    */
-     return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE);
- }
- 
-@@ -105,20 +98,20 @@ void pvrdma_ring_read_inc(PvrdmaRing *ring)
- 
- void *pvrdma_ring_next_elem_write(PvrdmaRing *ring)
- {
--    unsigned int idx, offset, tail;
-+    int idx;
-+    unsigned int offset, tail;
- 
--    /*
--    pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail,
--           ring->ring_state->cons_head);
--    */
--
--    if (!pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail)) {
-+    idx = pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail);
-+    if (idx <= 0) {
-         pr_dbg("CQ is full\n");
-         return NULL;
-     }
- 
-     idx = pvrdma_idx(&ring->ring_state->prod_tail, ring->max_elems);
--    /* TODO: tail == idx */
-+    if (idx < 0 || tail != idx) {
-+        pr_dbg("invalid idx\n");
-+        return NULL;
-+    }
- 
-     offset = idx * ring->elem_sz;
-     return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE);
--- 
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch
deleted file mode 100644
index c9508d9..0000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 8bb018af1a7f2b9965f872a4b1121864e73e1b61 Mon Sep 17 00:00:00 2001
-From: Peter Maydell <peter.maydell@linaro.org>
-Date: Fri, 14 Dec 2018 13:30:52 +0000
-Subject: [PATCH] device_tree.c: Don't use load_image()
-
-The load_image() function is deprecated, as it does not let the
-caller specify how large the buffer to read the file into is.
-Instead use load_image_size().
-
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Message-id: 20181130151712.2312-9-peter.maydell@linaro.org
-
-Upstream-Status: Backport [https://github.com/qemu/qemu/commit/da885fe1ee8b4589047484bd7fa05a4905b52b17]
-CVE: CVE-2018-20815
-Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
----
- device_tree.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/device_tree.c b/device_tree.c
-index 6d9c9726f6..296278e12a 100644
---- a/device_tree.c
-+++ b/device_tree.c
-@@ -91,7 +91,7 @@ void *load_device_tree(const char *filename_path, int *sizep)
-     /* First allocate space in qemu for device tree */
-     fdt = g_malloc0(dt_size);
- 
--    dt_file_load_size = load_image(filename_path, fdt);
-+    dt_file_load_size = load_image_size(filename_path, fdt, dt_size);
-     if (dt_file_load_size < 0) {
-         error_report("Unable to open device tree file '%s'",
-                      filename_path);
--- 
-2.17.1
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
deleted file mode 100644
index 7de5882..0000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an
-out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc()
-function. A local attacker with permission to execute i2c commands could exploit
-this to read stack memory of the qemu process on the host.
-
-CVE: CVE-2019-3812
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 8 Jan 2019 11:23:01 +0100
-Subject: [PATCH] i2c-ddc: fix oob read
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Suggested-by: Michael Hanselmann <public@hansmi.ch>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Michael Hanselmann <public@hansmi.ch>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20190108102301.1957-1-kraxel@redhat.com
----
- hw/i2c/i2c-ddc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c
-index be34fe072cf..0a0367ff38f 100644
---- a/hw/i2c/i2c-ddc.c
-+++ b/hw/i2c/i2c-ddc.c
-@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c)
-     I2CDDCState *s = I2CDDC(i2c);
- 
-     int value;
--    value = s->edid_blob[s->reg];
-+    value = s->edid_blob[s->reg % sizeof(s->edid_blob)];
-     s->reg++;
-     return value;
- }
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch
deleted file mode 100644
index d1d7d23..0000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch
+++ /dev/null
@@ -1,215 +0,0 @@
-From 8c2e30a92d95d89e2cf45d229bce274881026cf7 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Mon, 18 Feb 2019 23:43:49 +0530
-Subject: [PATCH] ppc: add host-serial and host-model machine attributes
- (CVE-2019-8934)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-On ppc hosts, hypervisor shares following system attributes
-
-  - /proc/device-tree/system-id
-  - /proc/device-tree/model
-
-with a guest. This could lead to information leakage and misuse.[*]
-Add machine attributes to control such system information exposure
-to a guest.
-
-[*] https://wiki.openstack.org/wiki/OSSN/OSSN-0028
-
-Reported-by: Daniel P. Berrangé <berrange@redhat.com>
-Fix-suggested-by: Daniel P. Berrangé <berrange@redhat.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-Id: <20190218181349.23885-1-ppandit@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-Reviewed-by: Greg Kurz <groug@kaod.org>
-Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
-
-CVE: CVE-2019-8934
-Upstream-Status: Backport
-[https://github.com/qemu/qemu/commit/27461d69a0f108dea756419251acc3ea65198f1b]
-
-Signed-off-by: Dan Tran <dantran@microsoft.com>
----
- hw/ppc/spapr.c         | 128 ++++++++++++++++++++++++++++++++++++++---
- include/hw/ppc/spapr.h |   2 +
- 2 files changed, 123 insertions(+), 7 deletions(-)
-
-diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
-index 7afd1a175b..bcee7c162d 100644
---- a/hw/ppc/spapr.c
-+++ b/hw/ppc/spapr.c
-@@ -1244,13 +1244,30 @@ static void *spapr_build_fdt(sPAPRMachineState *spapr,
-      * Add info to guest to indentify which host is it being run on
-      * and what is the uuid of the guest
-      */
--    if (kvmppc_get_host_model(&buf)) {
--        _FDT(fdt_setprop_string(fdt, 0, "host-model", buf));
--        g_free(buf);
-+    if (spapr->host_model && !g_str_equal(spapr->host_model, "none")) {
-+        if (g_str_equal(spapr->host_model, "passthrough")) {
-+            /* -M host-model=passthrough */
-+            if (kvmppc_get_host_model(&buf)) {
-+                _FDT(fdt_setprop_string(fdt, 0, "host-model", buf));
-+                g_free(buf);
-+            }
-+        } else {
-+            /* -M host-model=<user-string> */
-+            _FDT(fdt_setprop_string(fdt, 0, "host-model", spapr->host_model));
-+        }
-     }
--    if (kvmppc_get_host_serial(&buf)) {
--        _FDT(fdt_setprop_string(fdt, 0, "host-serial", buf));
--        g_free(buf);
-+
-+    if (spapr->host_serial && !g_str_equal(spapr->host_serial, "none")) {
-+        if (g_str_equal(spapr->host_serial, "passthrough")) {
-+            /* -M host-serial=passthrough */
-+            if (kvmppc_get_host_serial(&buf)) {
-+                _FDT(fdt_setprop_string(fdt, 0, "host-serial", buf));
-+                g_free(buf);
-+            }
-+        } else {
-+            /* -M host-serial=<user-string> */
-+            _FDT(fdt_setprop_string(fdt, 0, "host-serial", spapr->host_serial));
-+        }
-     }
- 
-     buf = qemu_uuid_unparse_strdup(&qemu_uuid);
-@@ -3031,6 +3048,73 @@ static void spapr_set_vsmt(Object *obj, Visitor *v, const char *name,
-     visit_type_uint32(v, name, (uint32_t *)opaque, errp);
- }
- 
-+static char *spapr_get_ic_mode(Object *obj, Error **errp)
-+{
-+    sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
-+
-+    if (spapr->irq == &spapr_irq_xics_legacy) {
-+        return g_strdup("legacy");
-+    } else if (spapr->irq == &spapr_irq_xics) {
-+        return g_strdup("xics");
-+    } else if (spapr->irq == &spapr_irq_xive) {
-+        return g_strdup("xive");
-+    } else if (spapr->irq == &spapr_irq_dual) {
-+        return g_strdup("dual");
-+    }
-+    g_assert_not_reached();
-+}
-+
-+static void spapr_set_ic_mode(Object *obj, const char *value, Error **errp)
-+{
-+    sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
-+
-+    if (SPAPR_MACHINE_GET_CLASS(spapr)->legacy_irq_allocation) {
-+        error_setg(errp, "This machine only uses the legacy XICS backend, don't pass ic-mode");
-+        return;
-+    }
-+
-+    /* The legacy IRQ backend can not be set */
-+    if (strcmp(value, "xics") == 0) {
-+        spapr->irq = &spapr_irq_xics;
-+    } else if (strcmp(value, "xive") == 0) {
-+        spapr->irq = &spapr_irq_xive;
-+    } else if (strcmp(value, "dual") == 0) {
-+        spapr->irq = &spapr_irq_dual;
-+    } else {
-+        error_setg(errp, "Bad value for \"ic-mode\" property");
-+    }
-+}
-+
-+static char *spapr_get_host_model(Object *obj, Error **errp)
-+{
-+    sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
-+
-+    return g_strdup(spapr->host_model);
-+}
-+
-+static void spapr_set_host_model(Object *obj, const char *value, Error **errp)
-+{
-+    sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
-+
-+    g_free(spapr->host_model);
-+    spapr->host_model = g_strdup(value);
-+}
-+
-+static char *spapr_get_host_serial(Object *obj, Error **errp)
-+{
-+    sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
-+
-+    return g_strdup(spapr->host_serial);
-+}
-+
-+static void spapr_set_host_serial(Object *obj, const char *value, Error **errp)
-+{
-+    sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
-+
-+    g_free(spapr->host_serial);
-+    spapr->host_serial = g_strdup(value);
-+}
-+
- static void spapr_instance_init(Object *obj)
- {
-     sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
-@@ -3067,6 +3151,25 @@ static void spapr_instance_init(Object *obj)
-                                     " the host's SMT mode", &error_abort);
-     object_property_add_bool(obj, "vfio-no-msix-emulation",
-                              spapr_get_msix_emulation, NULL, NULL);
-+
-+    /* The machine class defines the default interrupt controller mode */
-+    spapr->irq = smc->irq;
-+    object_property_add_str(obj, "ic-mode", spapr_get_ic_mode,
-+                            spapr_set_ic_mode, NULL);
-+    object_property_set_description(obj, "ic-mode",
-+                 "Specifies the interrupt controller mode (xics, xive, dual)",
-+                 NULL);
-+
-+    object_property_add_str(obj, "host-model",
-+        spapr_get_host_model, spapr_set_host_model,
-+        &error_abort);
-+    object_property_set_description(obj, "host-model",
-+        "Set host's model-id to use - none|passthrough|string", &error_abort);
-+    object_property_add_str(obj, "host-serial",
-+        spapr_get_host_serial, spapr_set_host_serial,
-+        &error_abort);
-+    object_property_set_description(obj, "host-serial",
-+        "Set host's system-id to use - none|passthrough|string", &error_abort);
- }
- 
- static void spapr_machine_finalizefn(Object *obj)
-@@ -3965,7 +4068,18 @@ static void spapr_machine_3_1_instance_options(MachineState *machine)
- 
- static void spapr_machine_3_1_class_options(MachineClass *mc)
- {
--    /* Defaults for the latest behaviour inherited from the base class */
-+    sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
-+    static GlobalProperty compat[] = {
-+        { TYPE_SPAPR_MACHINE, "host-model", "passthrough" },
-+        { TYPE_SPAPR_MACHINE, "host-serial", "passthrough" },
-+    };
-+
-+    spapr_machine_4_0_class_options(mc);
-+    compat_props_add(mc->compat_props, hw_compat_3_1, hw_compat_3_1_len);
-+    compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat));
-+
-+    mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power8_v2.0");
-+    smc->update_dt_enabled = false;
- }
- 
- DEFINE_SPAPR_MACHINE(3_1, "3.1", true);
-diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
-index 6279711fe8..63692a13bd 100644
---- a/include/hw/ppc/spapr.h
-+++ b/include/hw/ppc/spapr.h
-@@ -171,6 +171,8 @@ struct sPAPRMachineState {
- 
-     /*< public >*/
-     char *kvm_type;
-+    char *host_model;
-+    char *host_serial;
- 
-     const char *icp_type;
-     int32_t irq_map_nr;
--- 
-2.22.0.vfs.1.1.57.gbaf16c8
-
diff --git a/meta/recipes-devtools/qemu/qemu_3.1.0.bb b/meta/recipes-devtools/qemu/qemu_3.1.1.1.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu_3.1.0.bb
rename to meta/recipes-devtools/qemu/qemu_3.1.1.1.bb
-- 
2.7.4

Re: [warrior 18/19] go: fix CVE-2019-16276

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 2381 bytes --]

I've reported the same yesterday:
http://lists.openembedded.org/pipermail/openembedded-core/2019-October/288638.html

and sent upgrade to match the minor version used in warrior to the one in
zeus (which resolves the patch to apply cleanly):
http://lists.openembedded.org/pipermail/openembedded-core/2019-October/288656.html

I don't use go for anything, but go 1.11 was also updated in thud:
http://lists.openembedded.org/pipermail/openembedded-core/2019-October/287724.html
so I was assuming that this minor upgrade in 1.12 should be safe enough for
warrior as well.

Regards,

On Fri, Nov 1, 2019 at 6:40 PM Khem Raj <raj.khem@gmail.com> wrote:

> On Fri, Nov 1, 2019 at 10:33 AM Andrey Zhizhikin <andrey.z@gmail.com>
> wrote:
> >
> > Hello Armin,
> >
> > On Tue, Oct 29, 2019 at 10:50 AM Armin Kuster <akuster808@gmail.com>
> wrote:
> > >
> > > From: Chen Qi <Qi.Chen@windriver.com>
> > >
> > > Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
> > > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > > (cherry picked from commit e31f87e289dfd3bbca961e927447a9c7ba816d3f)
> > > Signed-off-by: Armin Kuster <akuster808@gmail.com>
> > > (cherry picked from commit e02e8fa2e82cceaaa6a433466f52f97b0984762a)
> > > Signed-off-by: Armin Kuster <akuster808@gmail.com>
> > > ---
> >
> > This  patch didn't apply clean on warrior, but same patch on master
> > seems to be OK. I got a hunk in transport_test.go which has been
> > resolved by build, but since this is security-related patch I wanted
> > to bring some attention here.
> >
>
> if its failing in testcase as a last report we can drop that if that
> hunk is not backportable.
> > >
> > > --
> > > _______________________________________________
> > > Openembedded-core mailing list
> > > Openembedded-core@lists.openembedded.org
> > > http://lists.openembedded.org/mailman/listinfo/openembedded-core
> >
> > --
> > Regards,
> > Andrey.
> > --
> > _______________________________________________
> > Openembedded-core mailing list
> > Openembedded-core@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-core
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>

[-- Attachment #2: Type: text/html, Size: 4337 bytes --]

Re: [warrior 18/19] go: fix CVE-2019-16276

[Andrey Zhizhikin]

Hello Armin,

On Tue, Oct 29, 2019 at 10:50 AM Armin Kuster <akuster808@gmail.com> wrote:
>
> From: Chen Qi <Qi.Chen@windriver.com>
>
> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit e31f87e289dfd3bbca961e927447a9c7ba816d3f)
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> (cherry picked from commit e02e8fa2e82cceaaa6a433466f52f97b0984762a)
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---

This  patch didn't apply clean on warrior, but same patch on master
seems to be OK. I got a hunk in transport_test.go which has been
resolved by build, but since this is security-related patch I wanted
to bring some attention here.

>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

--
Regards,
Andrey.

Re: [warrior 18/19] go: fix CVE-2019-16276

[Khem Raj]

On Fri, Nov 1, 2019 at 10:33 AM Andrey Zhizhikin <andrey.z@gmail.com> wrote:
>
> Hello Armin,
>
> On Tue, Oct 29, 2019 at 10:50 AM Armin Kuster <akuster808@gmail.com> wrote:
> >
> > From: Chen Qi <Qi.Chen@windriver.com>
> >
> > Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > (cherry picked from commit e31f87e289dfd3bbca961e927447a9c7ba816d3f)
> > Signed-off-by: Armin Kuster <akuster808@gmail.com>
> > (cherry picked from commit e02e8fa2e82cceaaa6a433466f52f97b0984762a)
> > Signed-off-by: Armin Kuster <akuster808@gmail.com>
> > ---
>
> This  patch didn't apply clean on warrior, but same patch on master
> seems to be OK. I got a hunk in transport_test.go which has been
> resolved by build, but since this is security-related patch I wanted
> to bring some attention here.
>

if its failing in testcase as a last report we can drop that if that
hunk is not backportable.
> >
> > --
> > _______________________________________________
> > Openembedded-core mailing list
> > Openembedded-core@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
> --
> Regards,
> Andrey.
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [warrior 18/19] go: fix CVE-2019-16276

[Andrey Zhizhikin]

On Fri, Nov 1, 2019 at 7:12 PM Martin Jansa <martin.jansa@gmail.com> wrote:
>
> I've reported the same yesterday:
> http://lists.openembedded.org/pipermail/openembedded-core/2019-October/288638.html
>
> and sent upgrade to match the minor version used in warrior to the one in zeus (which resolves the patch to apply cleanly):
> http://lists.openembedded.org/pipermail/openembedded-core/2019-October/288656.html

I've actually just found your upgrade patches from yesterday, and they
should solve the issue. I guess it was just the fact that upgrade to
1.12.9 didn't make it to warrior yet - I've ended up with the state
where I had 1.12.1 in warrior for recipe, and patch from 1.12.9.

Once your patches would land in warrior repo - this hunk would be
resolved, since the patch is actually made for 1.12.9 and that is why
there are no complaints from master now.

>
> I don't use go for anything, but go 1.11 was also updated in thud:
> http://lists.openembedded.org/pipermail/openembedded-core/2019-October/287724.html
> so I was assuming that this minor upgrade in 1.12 should be safe enough for warrior as well.
>
> Regards,
>
> On Fri, Nov 1, 2019 at 6:40 PM Khem Raj <raj.khem@gmail.com> wrote:
>>
>> On Fri, Nov 1, 2019 at 10:33 AM Andrey Zhizhikin <andrey.z@gmail.com> wrote:
>> >
>> > Hello Armin,
>> >
>> > On Tue, Oct 29, 2019 at 10:50 AM Armin Kuster <akuster808@gmail.com> wrote:
>> > >
>> > > From: Chen Qi <Qi.Chen@windriver.com>
>> > >
>> > > Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
>> > > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>> > > (cherry picked from commit e31f87e289dfd3bbca961e927447a9c7ba816d3f)
>> > > Signed-off-by: Armin Kuster <akuster808@gmail.com>
>> > > (cherry picked from commit e02e8fa2e82cceaaa6a433466f52f97b0984762a)
>> > > Signed-off-by: Armin Kuster <akuster808@gmail.com>
>> > > ---
>> >
>> > This  patch didn't apply clean on warrior, but same patch on master
>> > seems to be OK. I got a hunk in transport_test.go which has been
>> > resolved by build, but since this is security-related patch I wanted
>> > to bring some attention here.
>> >
>>
>> if its failing in testcase as a last report we can drop that if that
>> hunk is not backportable.
>> > >
>> > > --
>> > > _______________________________________________
>> > > Openembedded-core mailing list
>> > > Openembedded-core@lists.openembedded.org
>> > > http://lists.openembedded.org/mailman/listinfo/openembedded-core
>> >
>> > --
>> > Regards,
>> > Andrey.
>> > --
>> > _______________________________________________
>> > Openembedded-core mailing list
>> > Openembedded-core@lists.openembedded.org
>> > http://lists.openembedded.org/mailman/listinfo/openembedded-core
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core

-- 
Regards,
Andrey.