[PATCH 1/8] openssh: upgrade 7.6p1 -> 7.7p1

[PATCH 1/8] openssh: upgrade 7.6p1 -> 7.7p1

[Armin Kuster]

From: Armin Kuster <akuster808@gmail.com>

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../openssh/{openssh_7.6p1.bb => openssh_7.7p1.bb}                    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-connectivity/openssh/{openssh_7.6p1.bb => openssh_7.7p1.bb} (98%)

diff --git a/meta/recipes-connectivity/openssh/openssh_7.6p1.bb b/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
similarity index 98%
rename from meta/recipes-connectivity/openssh/openssh_7.6p1.bb
rename to meta/recipes-connectivity/openssh/openssh_7.7p1.bb
index e11e8d7..691dec6 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.6p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
@@ -30,8 +30,8 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
 
 PAM_SRC_URI = "file://sshd"
 
-SRC_URI[md5sum] = "06a88699018e5fef13d4655abfed1f63"
-SRC_URI[sha256sum] = "a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723"
+SRC_URI[md5sum] = "68ba883aff6958297432e5877e9a0fe2"
+SRC_URI[sha256sum] = "d73be7e684e99efcd024be15a30bffcbe41b012b2f7b3c9084aed621775e6b8f"
 
 inherit useradd update-rc.d update-alternatives systemd
 
-- 
2.7.4

[PATCH 2/8] kexec-tools: upgrade 2.0.16 -> 2.0.17

[Armin Kuster]

From: Armin Kuster <akuster808@gmail.com>

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ...rm64-Set-fno-PIC-along-with-mcmodel-large.patch | 33 ----------------------
 ...kexec-tools_2.0.16.bb => kexec-tools_2.0.17.bb} |  9 ++----
 2 files changed, 3 insertions(+), 39 deletions(-)
 delete mode 100644 meta/recipes-kernel/kexec/kexec-tools/0001-arm64-Set-fno-PIC-along-with-mcmodel-large.patch
 rename meta/recipes-kernel/kexec/{kexec-tools_2.0.16.bb => kexec-tools_2.0.17.bb} (92%)

diff --git a/meta/recipes-kernel/kexec/kexec-tools/0001-arm64-Set-fno-PIC-along-with-mcmodel-large.patch b/meta/recipes-kernel/kexec/kexec-tools/0001-arm64-Set-fno-PIC-along-with-mcmodel-large.patch
deleted file mode 100644
index 786fc0c..0000000
--- a/meta/recipes-kernel/kexec/kexec-tools/0001-arm64-Set-fno-PIC-along-with-mcmodel-large.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From a12dfe9be05f9dee96c7637a20c01e05711c563c Mon Sep 17 00:00:00 2001
-From: David Michael <david.michael@coreos.com>
-Date: Sun, 7 Jan 11:26:57 2018 -0500
-Subject: [PATCH] arm64: Set -fno-PIC along with -mcmodel=large
-
-As seen in GCC's gcc/config/aarch64/aarch64.c, -fPIC with large
-code model is unsupported.  This fixes the "sorry, unimplemented"
-errors when building with compilers defaulting to -fPIC.
-
-Upstream-Status: Backport
-
-Signed-off-by: Simon Horman <horms@verge.net.au>
-Signed-off-by: David Michael <david.michael@coreos.com>
-Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
----
- purgatory/arch/arm64/Makefile | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/purgatory/arch/arm64/Makefile b/purgatory/arch/arm64/Makefile
-index 636abea..80068ca 100644
---- a/purgatory/arch/arm64/Makefile
-+++ b/purgatory/arch/arm64/Makefile
-@@ -1,6 +1,7 @@
- 
- arm64_PURGATORY_EXTRA_CFLAGS = \
- 	-mcmodel=large \
-+	-fno-PIC \
- 	-fno-stack-protector \
- 	-fno-asynchronous-unwind-tables \
- 	-Wundef \
--- 
-2.7.4
-
diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.16.bb b/meta/recipes-kernel/kexec/kexec-tools_2.0.17.bb
similarity index 92%
rename from meta/recipes-kernel/kexec/kexec-tools_2.0.16.bb
rename to meta/recipes-kernel/kexec/kexec-tools_2.0.17.bb
index bd87b37..f4ec586 100644
--- a/meta/recipes-kernel/kexec/kexec-tools_2.0.16.bb
+++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.17.bb
@@ -9,8 +9,6 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ea5bed2f60d357618ca161ad539f7c0a \
                     file://kexec/kexec.c;beginline=1;endline=20;md5=af10f6ae4a8715965e648aa687ad3e09"
 DEPENDS = "zlib xz"
 
-PR = "r1"
-
 SRC_URI = "${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz \
            file://kdump \
            file://kdump.conf \
@@ -20,11 +18,10 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz
            file://0010-kexec-ARM-Fix-add_buffer_phys_virt-align-issue.patch \
            file://kexec-x32.patch \
            file://0001-Disable-PIE-during-link.patch \
-           file://0001-arm64-Set-fno-PIC-along-with-mcmodel-large.patch \
-         "
+           "
 
-SRC_URI[md5sum] = "5198968de79b5ded96f97f3c2ea9637b"
-SRC_URI[sha256sum] = "cf17fc99bf77c9b39f06ee88ac0e86d0349c4a0c3f8214a3cc78eece872f6f3a"
+SRC_URI[md5sum] = "8e071ca473694a71e4ae60ed7ef6f377"
+SRC_URI[sha256sum] = "450c87ba048641eb05f9717f5567aca57f063c266149ae663b58a34e5852deaf"
 
 inherit autotools update-rc.d systemd
 
-- 
2.7.4

[PATCH 3/8] libdmx: upgrade 1.1.3 -> 1.1.4

[Armin Kuster]

From: Armin Kuster <akuster808@gmail.com>

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-graphics/xorg-lib/{libdmx_1.1.3.bb => libdmx_1.1.4.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-graphics/xorg-lib/{libdmx_1.1.3.bb => libdmx_1.1.4.bb} (79%)

diff --git a/meta/recipes-graphics/xorg-lib/libdmx_1.1.3.bb b/meta/recipes-graphics/xorg-lib/libdmx_1.1.4.bb
similarity index 79%
rename from meta/recipes-graphics/xorg-lib/libdmx_1.1.3.bb
rename to meta/recipes-graphics/xorg-lib/libdmx_1.1.4.bb
index c74b706..66172cb 100644
--- a/meta/recipes-graphics/xorg-lib/libdmx_1.1.3.bb
+++ b/meta/recipes-graphics/xorg-lib/libdmx_1.1.4.bb
@@ -15,6 +15,6 @@ DEPENDS += "libxext xorgproto"
 
 PE = "1"
 
-SRC_URI[md5sum] = "ba983eba5a9f05d152a0725b8e863151"
-SRC_URI[sha256sum] = "c97da36d2e56a2d7b6e4f896241785acc95e97eb9557465fd66ba2a155a7b201"
+SRC_URI[md5sum] = "d2f1f0ec68ac3932dd7f1d9aa0a7a11c"
+SRC_URI[sha256sum] = "253f90005d134fa7a209fbcbc5a3024335367c930adf0f3203e754cf32747243"
 
-- 
2.7.4

[PATCH 4/8] xf86-input-libinput: upgrade 0.26.0 -> 0.27.1

[Armin Kuster]

From: Armin Kuster <akuster808@gmail.com>

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../{xf86-input-libinput_0.26.0.bb => xf86-input-libinput_0.27.1.bb}  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-graphics/xorg-driver/{xf86-input-libinput_0.26.0.bb => xf86-input-libinput_0.27.1.bb} (63%)

diff --git a/meta/recipes-graphics/xorg-driver/xf86-input-libinput_0.26.0.bb b/meta/recipes-graphics/xorg-driver/xf86-input-libinput_0.27.1.bb
similarity index 63%
rename from meta/recipes-graphics/xorg-driver/xf86-input-libinput_0.26.0.bb
rename to meta/recipes-graphics/xorg-driver/xf86-input-libinput_0.27.1.bb
index 54c33d7..d31a911 100644
--- a/meta/recipes-graphics/xorg-driver/xf86-input-libinput_0.26.0.bb
+++ b/meta/recipes-graphics/xorg-driver/xf86-input-libinput_0.27.1.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=5e6b20ea2ef94a998145f0ea3f788ee0"
 
 DEPENDS += "libinput"
 
-SRC_URI[md5sum] = "da47ef62eab1d0e922a8fa929ff81758"
-SRC_URI[sha256sum] = "abca558fc2226f295691f1cf3412d4c0edeaa439f677ca25b5c9fab310d2387b"
+SRC_URI[md5sum] = "bdad198a7a9f2ce2c1f90d5e6760462b"
+SRC_URI[sha256sum] = "d4ad8dc5ad6f962a3f15f61ba9e9f8e37fa0b57eee9f484e2bd721d60ca72ee6"
 
 FILES_${PN} += "${datadir}/X11/xorg.conf.d"
-- 
2.7.4

[PATCH 5/8] nss: update to 3.36.1

[Armin Kuster]

From: Armin Kuster <akuster808@gmail.com>

removed patches included in update:
0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch
nss-build-hacl-poly1305-aarch64.patch

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ...1437734-Use-snprintf-in-sign.c-r-ttaubert.patch | 119 ---------------------
 .../nss/nss/nss-build-hacl-poly1305-aarch64.patch  |  30 ------
 .../nss/{nss_3.35.bb => nss_3.36.1.bb}             |   6 +-
 3 files changed, 2 insertions(+), 153 deletions(-)
 delete mode 100644 meta/recipes-support/nss/nss/0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch
 delete mode 100644 meta/recipes-support/nss/nss/nss-build-hacl-poly1305-aarch64.patch
 rename meta/recipes-support/nss/{nss_3.35.bb => nss_3.36.1.bb} (96%)

diff --git a/meta/recipes-support/nss/nss/0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch b/meta/recipes-support/nss/nss/0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch
deleted file mode 100644
index bc10f33..0000000
--- a/meta/recipes-support/nss/nss/0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From 6f7d7be9997ba6727a5ad7c3800df9051160dc12 Mon Sep 17 00:00:00 2001
-From: Martin Thomson <martin.thomson@gmail.com>
-Date: Tue, 13 Feb 2018 12:30:58 +1100
-Subject: [PATCH] Bug 1437734 - Use snprintf in sign.c, r=ttaubert
-
---HG--
-extra : rebase_source : 97921ece71ff86b18d32b891591608290eed4d83
----
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/0a9078b3cde97add7c825c9d13467a8401ad0c88#diff-b42512151dc137537091f823f7701804.patch]
-
- nss/cmd/signtool/sign.c | 58 ++++++++++++++++++++++++++++++++++++++++---------
- 1 file changed, 48 insertions(+), 10 deletions(-)
-
-diff --git a/nss/cmd/signtool/sign.c b/nss/cmd/signtool/sign.c
-index 6e776069a..6f8e43946 100644
---- a/nss/cmd/signtool/sign.c
-+++ b/nss/cmd/signtool/sign.c
-@@ -43,6 +43,7 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
-     int status;
-     char tempfn[FNSIZE], fullfn[FNSIZE];
-     int keyType = rsaKey;
-+    int count;
- 
-     metafile = meta_file;
-     optimize = _optimize;
-@@ -81,9 +82,18 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
-         }
- 
-         /* rsa/dsa to zip */
--        sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
--                                                                   : "rsa"));
--        sprintf(fullfn, "%s/%s", tree, tempfn);
-+        count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa"));
-+        if (count >= sizeof(tempfn)) {
-+            PR_fprintf(errorFD, "unable to write key metadata\n");
-+            errorCount++;
-+            exit(ERRX);
-+        }
-+        count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
-+        if (count >= sizeof(fullfn)) {
-+            PR_fprintf(errorFD, "unable to write key metadata\n");
-+            errorCount++;
-+            exit(ERRX);
-+        }
-         JzipAdd(fullfn, tempfn, zipfile, compression_level);
- 
-         /* Loop through all files & subdirectories, add to archive */
-@@ -93,20 +103,44 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
-     }
-     /* mf to zip */
-     strcpy(tempfn, "META-INF/manifest.mf");
--    sprintf(fullfn, "%s/%s", tree, tempfn);
-+    count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
-+    if (count >= sizeof(fullfn)) {
-+        PR_fprintf(errorFD, "unable to write manifest\n");
-+        errorCount++;
-+        exit(ERRX);
-+    }
-     JzipAdd(fullfn, tempfn, zipfile, compression_level);
- 
-     /* sf to zip */
--    sprintf(tempfn, "META-INF/%s.sf", base);
--    sprintf(fullfn, "%s/%s", tree, tempfn);
-+    count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.sf", base);
-+    if (count >= sizeof(tempfn)) {
-+        PR_fprintf(errorFD, "unable to write sf metadata\n");
-+        errorCount++;
-+        exit(ERRX);
-+    }
-+    count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
-+    if (count >= sizeof(fullfn)) {
-+        PR_fprintf(errorFD, "unable to write sf metadata\n");
-+        errorCount++;
-+        exit(ERRX);
-+    }
-     JzipAdd(fullfn, tempfn, zipfile, compression_level);
- 
-     /* Add the rsa/dsa file to the zip archive normally */
-     if (!xpi_arc) {
-         /* rsa/dsa to zip */
--        sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
--                                                                   : "rsa"));
--        sprintf(fullfn, "%s/%s", tree, tempfn);
-+        count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa"));
-+        if (count >= sizeof(tempfn)) {
-+            PR_fprintf(errorFD, "unable to write key metadata\n");
-+            errorCount++;
-+            exit(ERRX);
-+        }
-+        count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
-+        if (count >= sizeof(fullfn)) {
-+            PR_fprintf(errorFD, "unable to write key metadata\n");
-+            errorCount++;
-+            exit(ERRX);
-+        }
-         JzipAdd(fullfn, tempfn, zipfile, compression_level);
-     }
- 
-@@ -408,6 +442,7 @@ static int
- manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
- {
-     char fullname[FNSIZE];
-+    int count;
- 
-     if (verbosity >= 0) {
-         PR_fprintf(outputFD, "--> %s\n", relpath);
-@@ -421,7 +456,10 @@ manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, char *filename, voi
-         if (!PL_HashTableLookup(extensions, ext))
-             return 0;
-     }
--    sprintf(fullname, "%s/%s", basedir, relpath);
-+    count = snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath);
-+    if (count >= sizeof(fullname)) {
-+        return 1;
-+    }
-     JzipAdd(fullname, relpath, zipfile, compression_level);
- 
-     return 0;
diff --git a/meta/recipes-support/nss/nss/nss-build-hacl-poly1305-aarch64.patch b/meta/recipes-support/nss/nss/nss-build-hacl-poly1305-aarch64.patch
deleted file mode 100644
index 8276f89..0000000
--- a/meta/recipes-support/nss/nss/nss-build-hacl-poly1305-aarch64.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-# HG changeset patch
-# User Daiki Ueno <dueno@redhat.com>
-# Date 1516710574 -3600
-#      Tue Jan 23 13:29:34 2018 +0100
-# Node ID 27f27ce21c2c6ff5a47fa9e17c438b000366c9c9
-# Parent  be1dca5ac80541d3b81a8da9d42854d8b1cceefb
-Build Hacl_Poly1305_64.o on aarch64 even with make
-
-Upstream-Status: Backport
-https://bug1432455.bmoattachments.org/attachment.cgi?id=8944691
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-Index: nss-3.35/nss/lib/freebl/Makefile
-===================================================================
---- nss-3.35.orig/nss/lib/freebl/Makefile
-+++ nss-3.35/nss/lib/freebl/Makefile
-@@ -533,7 +533,12 @@ ifndef NSS_DISABLE_CHACHAPOLY
-             EXTRA_SRCS += chacha20_vec.c
-         endif
-     else
--        EXTRA_SRCS += poly1305.c
-+        ifeq ($(CPU_ARCH),aarch64)
-+            EXTRA_SRCS += Hacl_Poly1305_64.c
-+        else
-+            EXTRA_SRCS += poly1305.c
-+        endif
-+
-         EXTRA_SRCS += chacha20.c
-         VERIFIED_SRCS += Hacl_Chacha20.c
-     endif # x86_64
diff --git a/meta/recipes-support/nss/nss_3.35.bb b/meta/recipes-support/nss/nss_3.36.1.bb
similarity index 96%
rename from meta/recipes-support/nss/nss_3.35.bb
rename to meta/recipes-support/nss/nss_3.36.1.bb
index 84f1916..f855538 100644
--- a/meta/recipes-support/nss/nss_3.35.bb
+++ b/meta/recipes-support/nss/nss_3.36.1.bb
@@ -26,12 +26,10 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
            file://disable-Wvarargs-with-clang.patch \
            file://pqg.c-ULL_addend.patch \
            file://Fix-compilation-for-X32.patch \
-           file://nss-build-hacl-poly1305-aarch64.patch \
-           file://0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch \
            "
 
-SRC_URI[md5sum] = "9467ec9e65c5aeb3254a50250490f5f7"
-SRC_URI[sha256sum] = "f4127de09bede39f5fd0f789d33c3504c5d261e69ea03022d46b319b3e32f6fa"
+SRC_URI[md5sum] = "814d8fe3ec89006cf62078e2a56cf2f9"
+SRC_URI[sha256sum] = "6025441d528ff6a7f1a4b673b6ee7d3540731ada3f78d5acd5c3b3736b222bff"
 
 UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
 UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes"
-- 
2.7.4

[PATCH 6/8] xserver-xorg: upgrade 1.19.6 -> 1.20.0

[Armin Kuster]

From: Armin Kuster <akuster808@gmail.com>

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ...1-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch | 19 +++++++++----------
 ...{xserver-xorg_1.19.6.bb => xserver-xorg_1.20.0.bb} |  4 ++--
 2 files changed, 11 insertions(+), 12 deletions(-)
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.19.6.bb => xserver-xorg_1.20.0.bb} (89%)

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch
index 16ec3ed..020a1cf 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch
@@ -1,12 +1,13 @@
-Discover monotonic clock using compile-time check
+From 8a91316c4a38f20e7866289f3d779a037d27a129 Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date: Mon, 12 Dec 2016 12:11:39 +0200
+Subject: [PATCH] Discover monotonic clock using compile-time check
 
 monotonic clock check does not work when cross-compiling.
 
 Upstream-Status: Denied [Does not work on OpenBSD]
 Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
 
-
-
 Original patch follows:
 
 When xorg-xserver is being cross-compiled, there is currently no way
@@ -21,15 +22,16 @@ monotonic clock is available. This check can run just fine when we are
 cross-compiling.
 
 Signed-off-by: David James <davidjames at google.com>
+
 ---
  configure.ac | 17 +++++++----------
  1 file changed, 7 insertions(+), 10 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index f7ab48c..26e85cd 100644
+index 2b21667..786e002 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1048,19 +1048,16 @@ if ! test "x$have_clock_gettime" = xno; then
+@@ -984,19 +984,16 @@ if ! test "x$have_clock_gettime" = xno; then
          CPPFLAGS="$CPPFLAGS -D_POSIX_C_SOURCE=200112L"
      fi
  
@@ -54,8 +56,5 @@ index f7ab48c..26e85cd 100644
 -       [MONOTONIC_CLOCK="cross compiling"])
 +]])],[MONOTONIC_CLOCK=yes], [MONOTONIC_CLOCK=no])
  
-     LIBS="$LIBS_SAVE"
-     CPPFLAGS="$CPPFLAGS_SAVE"
--- 
-2.1.4
-
+     if test "$MONOTONIC_CLOCK" = "cross compiling"; then
+         AC_CHECK_DECL([CLOCK_MONOTONIC],[MONOTONIC_CLOCK="guessing yes"],[MONOTONIC_CLOCK=no],[#include <time.h>])
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.6.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.0.bb
similarity index 89%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.6.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.0.bb
index c680cf9..620eb7b 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.6.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.0.bb
@@ -6,8 +6,8 @@ SRC_URI += "file://musl-arm-inb-outb.patch \
             file://0003-Remove-check-for-useSIGIO-option.patch \
             file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
             "
-SRC_URI[md5sum] = "3e47777ff034a331aed2322b078694a8"
-SRC_URI[sha256sum] = "a732502f1db000cf36a376cd0c010ffdbf32ecdd7f1fa08ba7f5bdf9601cc197"
+SRC_URI[md5sum] = "c1ca1ea0a905ea788da03c77cc38b06e"
+SRC_URI[sha256sum] = "9d967d185f05709274ee0c4f861a4672463986e550ca05725ce27974f550d3e6"
 
 # These extensions are now integrated into the server, so declare the migration
 # path for in-place upgrades.
-- 
2.7.4

Re: [PATCH 6/8] xserver-xorg: upgrade 1.19.6 -> 1.20.0

[Burton, Ross]

This is breaking a number of other bits of X:

- xf86-video-intel (was DRI1 removed or disabled in 1.20?)
- xf86-input-mouse
- xf86-video-omapfb

Ross

On 19 May 2018 at 03:13, Armin Kuster <akuster808@gmail.com> wrote:
> From: Armin Kuster <akuster808@gmail.com>
>
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---
>  ...1-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch | 19 +++++++++----------
>  ...{xserver-xorg_1.19.6.bb => xserver-xorg_1.20.0.bb} |  4 ++--
>  2 files changed, 11 insertions(+), 12 deletions(-)
>  rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.19.6.bb => xserver-xorg_1.20.0.bb} (89%)
>
> diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch
> index 16ec3ed..020a1cf 100644
> --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch
> +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch
> @@ -1,12 +1,13 @@
> -Discover monotonic clock using compile-time check
> +From 8a91316c4a38f20e7866289f3d779a037d27a129 Mon Sep 17 00:00:00 2001
> +From: Jussi Kukkonen <jussi.kukkonen@intel.com>
> +Date: Mon, 12 Dec 2016 12:11:39 +0200
> +Subject: [PATCH] Discover monotonic clock using compile-time check
>
>  monotonic clock check does not work when cross-compiling.
>
>  Upstream-Status: Denied [Does not work on OpenBSD]
>  Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
>
> -
> -
>  Original patch follows:
>
>  When xorg-xserver is being cross-compiled, there is currently no way
> @@ -21,15 +22,16 @@ monotonic clock is available. This check can run just fine when we are
>  cross-compiling.
>
>  Signed-off-by: David James <davidjames at google.com>
> +
>  ---
>   configure.ac | 17 +++++++----------
>   1 file changed, 7 insertions(+), 10 deletions(-)
>
>  diff --git a/configure.ac b/configure.ac
> -index f7ab48c..26e85cd 100644
> +index 2b21667..786e002 100644
>  --- a/configure.ac
>  +++ b/configure.ac
> -@@ -1048,19 +1048,16 @@ if ! test "x$have_clock_gettime" = xno; then
> +@@ -984,19 +984,16 @@ if ! test "x$have_clock_gettime" = xno; then
>           CPPFLAGS="$CPPFLAGS -D_POSIX_C_SOURCE=200112L"
>       fi
>
> @@ -54,8 +56,5 @@ index f7ab48c..26e85cd 100644
>  -       [MONOTONIC_CLOCK="cross compiling"])
>  +]])],[MONOTONIC_CLOCK=yes], [MONOTONIC_CLOCK=no])
>
> -     LIBS="$LIBS_SAVE"
> -     CPPFLAGS="$CPPFLAGS_SAVE"
> ---
> -2.1.4
> -
> +     if test "$MONOTONIC_CLOCK" = "cross compiling"; then
> +         AC_CHECK_DECL([CLOCK_MONOTONIC],[MONOTONIC_CLOCK="guessing yes"],[MONOTONIC_CLOCK=no],[#include <time.h>])
> diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.6.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.0.bb
> similarity index 89%
> rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.6.bb
> rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.0.bb
> index c680cf9..620eb7b 100644
> --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.6.bb
> +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.0.bb
> @@ -6,8 +6,8 @@ SRC_URI += "file://musl-arm-inb-outb.patch \
>              file://0003-Remove-check-for-useSIGIO-option.patch \
>              file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
>              "
> -SRC_URI[md5sum] = "3e47777ff034a331aed2322b078694a8"
> -SRC_URI[sha256sum] = "a732502f1db000cf36a376cd0c010ffdbf32ecdd7f1fa08ba7f5bdf9601cc197"
> +SRC_URI[md5sum] = "c1ca1ea0a905ea788da03c77cc38b06e"
> +SRC_URI[sha256sum] = "9d967d185f05709274ee0c4f861a4672463986e550ca05725ce27974f550d3e6"
>
>  # These extensions are now integrated into the server, so declare the migration
>  # path for in-place upgrades.
> --
> 2.7.4
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [PATCH 6/8] xserver-xorg: upgrade 1.19.6 -> 1.20.0

[akuster808]

On 05/23/2018 04:01 AM, Burton, Ross wrote:
> This is breaking a number of other bits of X:
>
> - xf86-video-intel (was DRI1 removed or disabled in 1.20?)
> - xf86-input-mouse
> - xf86-video-omapfb

hmm, will double check

- armin
> Ross
>
> On 19 May 2018 at 03:13, Armin Kuster <akuster808@gmail.com> wrote:
>> From: Armin Kuster <akuster808@gmail.com>
>>
>> Signed-off-by: Armin Kuster <akuster808@gmail.com>
>> ---
>>  ...1-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch | 19 +++++++++----------
>>  ...{xserver-xorg_1.19.6.bb => xserver-xorg_1.20.0.bb} |  4 ++--
>>  2 files changed, 11 insertions(+), 12 deletions(-)
>>  rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.19.6.bb => xserver-xorg_1.20.0.bb} (89%)
>>
>> diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch
>> index 16ec3ed..020a1cf 100644
>> --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch
>> +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch
>> @@ -1,12 +1,13 @@
>> -Discover monotonic clock using compile-time check
>> +From 8a91316c4a38f20e7866289f3d779a037d27a129 Mon Sep 17 00:00:00 2001
>> +From: Jussi Kukkonen <jussi.kukkonen@intel.com>
>> +Date: Mon, 12 Dec 2016 12:11:39 +0200
>> +Subject: [PATCH] Discover monotonic clock using compile-time check
>>
>>  monotonic clock check does not work when cross-compiling.
>>
>>  Upstream-Status: Denied [Does not work on OpenBSD]
>>  Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
>>
>> -
>> -
>>  Original patch follows:
>>
>>  When xorg-xserver is being cross-compiled, there is currently no way
>> @@ -21,15 +22,16 @@ monotonic clock is available. This check can run just fine when we are
>>  cross-compiling.
>>
>>  Signed-off-by: David James <davidjames at google.com>
>> +
>>  ---
>>   configure.ac | 17 +++++++----------
>>   1 file changed, 7 insertions(+), 10 deletions(-)
>>
>>  diff --git a/configure.ac b/configure.ac
>> -index f7ab48c..26e85cd 100644
>> +index 2b21667..786e002 100644
>>  --- a/configure.ac
>>  +++ b/configure.ac
>> -@@ -1048,19 +1048,16 @@ if ! test "x$have_clock_gettime" = xno; then
>> +@@ -984,19 +984,16 @@ if ! test "x$have_clock_gettime" = xno; then
>>           CPPFLAGS="$CPPFLAGS -D_POSIX_C_SOURCE=200112L"
>>       fi
>>
>> @@ -54,8 +56,5 @@ index f7ab48c..26e85cd 100644
>>  -       [MONOTONIC_CLOCK="cross compiling"])
>>  +]])],[MONOTONIC_CLOCK=yes], [MONOTONIC_CLOCK=no])
>>
>> -     LIBS="$LIBS_SAVE"
>> -     CPPFLAGS="$CPPFLAGS_SAVE"
>> ---
>> -2.1.4
>> -
>> +     if test "$MONOTONIC_CLOCK" = "cross compiling"; then
>> +         AC_CHECK_DECL([CLOCK_MONOTONIC],[MONOTONIC_CLOCK="guessing yes"],[MONOTONIC_CLOCK=no],[#include <time.h>])
>> diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.6.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.0.bb
>> similarity index 89%
>> rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.6.bb
>> rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.0.bb
>> index c680cf9..620eb7b 100644
>> --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.6.bb
>> +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.0.bb
>> @@ -6,8 +6,8 @@ SRC_URI += "file://musl-arm-inb-outb.patch \
>>              file://0003-Remove-check-for-useSIGIO-option.patch \
>>              file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
>>              "
>> -SRC_URI[md5sum] = "3e47777ff034a331aed2322b078694a8"
>> -SRC_URI[sha256sum] = "a732502f1db000cf36a376cd0c010ffdbf32ecdd7f1fa08ba7f5bdf9601cc197"
>> +SRC_URI[md5sum] = "c1ca1ea0a905ea788da03c77cc38b06e"
>> +SRC_URI[sha256sum] = "9d967d185f05709274ee0c4f861a4672463986e550ca05725ce27974f550d3e6"
>>
>>  # These extensions are now integrated into the server, so declare the migration
>>  # path for in-place upgrades.
>> --
>> 2.7.4
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [PATCH 6/8] xserver-xorg: upgrade 1.19.6 -> 1.20.0

[akuster808]

On 05/28/2018 07:25 AM, akuster808 wrote:
>
> On 05/23/2018 04:01 AM, Burton, Ross wrote:
>> This is breaking a number of other bits of X:
>>
>> - xf86-video-intel (was DRI1 removed or disabled in 1.20?)
DRI 1 is still there.

>> - xf86-input-mouse
sent fixed for xf86-inout-mount

>> - xf86-video-omapfb
> hmm, will double check
>
> - armin
>> Ross
>>
>> On 19 May 2018 at 03:13, Armin Kuster <akuster808@gmail.com> wrote:
>>> From: Armin Kuster <akuster808@gmail.com>
>>>
>>> Signed-off-by: Armin Kuster <akuster808@gmail.com>
>>> ---
>>>  ...1-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch | 19 +++++++++----------
>>>  ...{xserver-xorg_1.19.6.bb => xserver-xorg_1.20.0.bb} |  4 ++--
>>>  2 files changed, 11 insertions(+), 12 deletions(-)
>>>  rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.19.6.bb => xserver-xorg_1.20.0.bb} (89%)
>>>
>>> diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch
>>> index 16ec3ed..020a1cf 100644
>>> --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch
>>> +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch
>>> @@ -1,12 +1,13 @@
>>> -Discover monotonic clock using compile-time check
>>> +From 8a91316c4a38f20e7866289f3d779a037d27a129 Mon Sep 17 00:00:00 2001
>>> +From: Jussi Kukkonen <jussi.kukkonen@intel.com>
>>> +Date: Mon, 12 Dec 2016 12:11:39 +0200
>>> +Subject: [PATCH] Discover monotonic clock using compile-time check
>>>
>>>  monotonic clock check does not work when cross-compiling.
>>>
>>>  Upstream-Status: Denied [Does not work on OpenBSD]
>>>  Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
>>>
>>> -
>>> -
>>>  Original patch follows:
>>>
>>>  When xorg-xserver is being cross-compiled, there is currently no way
>>> @@ -21,15 +22,16 @@ monotonic clock is available. This check can run just fine when we are
>>>  cross-compiling.
>>>
>>>  Signed-off-by: David James <davidjames at google.com>
>>> +
>>>  ---
>>>   configure.ac | 17 +++++++----------
>>>   1 file changed, 7 insertions(+), 10 deletions(-)
>>>
>>>  diff --git a/configure.ac b/configure.ac
>>> -index f7ab48c..26e85cd 100644
>>> +index 2b21667..786e002 100644
>>>  --- a/configure.ac
>>>  +++ b/configure.ac
>>> -@@ -1048,19 +1048,16 @@ if ! test "x$have_clock_gettime" = xno; then
>>> +@@ -984,19 +984,16 @@ if ! test "x$have_clock_gettime" = xno; then
>>>           CPPFLAGS="$CPPFLAGS -D_POSIX_C_SOURCE=200112L"
>>>       fi
>>>
>>> @@ -54,8 +56,5 @@ index f7ab48c..26e85cd 100644
>>>  -       [MONOTONIC_CLOCK="cross compiling"])
>>>  +]])],[MONOTONIC_CLOCK=yes], [MONOTONIC_CLOCK=no])
>>>
>>> -     LIBS="$LIBS_SAVE"
>>> -     CPPFLAGS="$CPPFLAGS_SAVE"
>>> ---
>>> -2.1.4
>>> -
>>> +     if test "$MONOTONIC_CLOCK" = "cross compiling"; then
>>> +         AC_CHECK_DECL([CLOCK_MONOTONIC],[MONOTONIC_CLOCK="guessing yes"],[MONOTONIC_CLOCK=no],[#include <time.h>])
>>> diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.6.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.0.bb
>>> similarity index 89%
>>> rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.6.bb
>>> rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.0.bb
>>> index c680cf9..620eb7b 100644
>>> --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.6.bb
>>> +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.0.bb
>>> @@ -6,8 +6,8 @@ SRC_URI += "file://musl-arm-inb-outb.patch \
>>>              file://0003-Remove-check-for-useSIGIO-option.patch \
>>>              file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
>>>              "
>>> -SRC_URI[md5sum] = "3e47777ff034a331aed2322b078694a8"
>>> -SRC_URI[sha256sum] = "a732502f1db000cf36a376cd0c010ffdbf32ecdd7f1fa08ba7f5bdf9601cc197"
>>> +SRC_URI[md5sum] = "c1ca1ea0a905ea788da03c77cc38b06e"
>>> +SRC_URI[sha256sum] = "9d967d185f05709274ee0c4f861a4672463986e550ca05725ce27974f550d3e6"
>>>
>>>  # These extensions are now integrated into the server, so declare the migration
>>>  # path for in-place upgrades.
>>> --
>>> 2.7.4
>>>
>>> --
>>> _______________________________________________
>>> Openembedded-core mailing list
>>> Openembedded-core@lists.openembedded.org
>>> http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [PATCH 6/8] xserver-xorg: upgrade 1.19.6 -> 1.20.0

[Burton, Ross]

On 1 June 2018 at 16:15, akuster808 <akuster808@gmail.com> wrote:
>>> - xf86-video-intel (was DRI1 removed or disabled in 1.20?)
> DRI 1 is still there.
>
>>> - xf86-input-mouse
> sent fixed for xf86-inout-mount
>
>>> - xf86-video-omapfb
>> hmm, will double check

Tried it again last night:

omapfb: http://errors.yoctoproject.org/Errors/Details/179606/
intel: http://errors.yoctoproject.org/Errors/Details/179607/

Ross

Re: [PATCH 6/8] xserver-xorg: upgrade 1.19.6 -> 1.20.0

[akuster808]

On 06/13/2018 03:17 AM, Burton, Ross wrote:
> On 1 June 2018 at 16:15, akuster808 <akuster808@gmail.com> wrote:
>>>> - xf86-video-intel (was DRI1 removed or disabled in 1.20?)
>> DRI 1 is still there.
>>
>>>> - xf86-input-mouse
>> sent fixed for xf86-inout-mount
>>
>>>> - xf86-video-omapfb
>>> hmm, will double check
> Tried it again last night:
>
> omapfb: http://errors.yoctoproject.org/Errors/Details/179606/
> intel: http://errors.yoctoproject.org/Errors/Details/179607/

thanks.

please pull the update. fixing those two very old packages may take a while.

- armin
>
> Ross

Re: [PATCH 6/8] xserver-xorg: upgrade 1.19.6 -> 1.20.0

[Burton, Ross]

On 1 June 2018 at 16:15, akuster808 <akuster808@gmail.com> wrote:
>
>
> On 05/28/2018 07:25 AM, akuster808 wrote:
>>
>> On 05/23/2018 04:01 AM, Burton, Ross wrote:
>>> This is breaking a number of other bits of X:
>>>
>>> - xf86-video-intel (was DRI1 removed or disabled in 1.20?)
> DRI 1 is still there.

https://cgit.freedesktop.org/xorg/driver/xf86-video-intel/commit/?id=359477215092ac1b602ad1e2f17a28963d9224c2
claims otherwise.  Trivial enough to disable in our recipe, I'll send
a patch shortly.

Ross

Re: [PATCH 6/8] xserver-xorg: upgrade 1.19.6 -> 1.20.0

[akuster808]

On 06/13/2018 09:34 AM, Burton, Ross wrote:
> On 1 June 2018 at 16:15, akuster808 <akuster808@gmail.com> wrote:
>>
>> On 05/28/2018 07:25 AM, akuster808 wrote:
>>> On 05/23/2018 04:01 AM, Burton, Ross wrote:
>>>> This is breaking a number of other bits of X:
>>>>
>>>> - xf86-video-intel (was DRI1 removed or disabled in 1.20?)
>> DRI 1 is still there.
> https://cgit.freedesktop.org/xorg/driver/xf86-video-intel/commit/?id=359477215092ac1b602ad1e2f17a28963d9224c2
> claims otherwise.  Trivial enough to disable in our recipe, I'll send
> a patch shortly.

xf86-video-intel fails without the update so this is a preexisting condition.  I used the latest git hash with includes that fix and it still fails.

I poke at it some more.
Armin

> Ross

Re: [PATCH 6/8] xserver-xorg: upgrade 1.19.6 -> 1.20.0

[Burton, Ross]

I've already got patches for -intel in mut (pretty sure I sent them to
the list, if I didn't then I shall tomorrow).  Personally I think for
omap and omapfb, we just remove them.  I've got patches for that too,
I'll sent them aswell.

Ross

On 17 June 2018 at 20:14, akuster808 <akuster808@gmail.com> wrote:
>
>
> On 06/13/2018 09:34 AM, Burton, Ross wrote:
>> On 1 June 2018 at 16:15, akuster808 <akuster808@gmail.com> wrote:
>>>
>>> On 05/28/2018 07:25 AM, akuster808 wrote:
>>>> On 05/23/2018 04:01 AM, Burton, Ross wrote:
>>>>> This is breaking a number of other bits of X:
>>>>>
>>>>> - xf86-video-intel (was DRI1 removed or disabled in 1.20?)
>>> DRI 1 is still there.
>> https://cgit.freedesktop.org/xorg/driver/xf86-video-intel/commit/?id=359477215092ac1b602ad1e2f17a28963d9224c2
>> claims otherwise.  Trivial enough to disable in our recipe, I'll send
>> a patch shortly.
>
> xf86-video-intel fails without the update so this is a preexisting condition.  I used the latest git hash with includes that fix and it still fails.
>
> I poke at it some more.
> Armin
>
>> Ross
>

[PATCH 7/8] busybox: update to 1.28.3

[Armin Kuster]

From: Armin Kuster <akuster808@gmail.com>

removed patches included in update:
busybox/CVE-2011-5325.patch
busybox/CVE-2017-15873.patch
busybox/busybox-CVE-2017-16544.patch

refactored busybox-udhcpc-no_deconfig.patch for this update

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../busybox/busybox/CVE-2011-5325.patch            | 481 ---------------------
 .../busybox/busybox/CVE-2017-15873.patch           |  95 ----
 .../busybox/busybox/busybox-CVE-2017-16544.patch   |  43 --
 .../busybox/busybox-udhcpc-no_deconfig.patch       |  36 +-
 .../{busybox_1.27.2.bb => busybox_1.28.3.bb}       |   9 +-
 5 files changed, 21 insertions(+), 643 deletions(-)
 delete mode 100755 meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
 delete mode 100644 meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
 delete mode 100644 meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
 rename meta/recipes-core/busybox/{busybox_1.27.2.bb => busybox_1.28.3.bb} (83%)

diff --git a/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch b/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
deleted file mode 100755
index 0926107..0000000
--- a/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
+++ /dev/null
@@ -1,481 +0,0 @@
-busybox-1.27.2: Fix CVE-2011-5325
-
-[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=8411
-
-libarchive: do not extract unsafe symlinks
-
-Prevent unsafe links extracting unless env variable $EXTRACT_UNSAFE_SYMLINKS=1
-is not set. Untarring file with -C DESTDIR parameter could be extracted with
-unwanted symlinks. This doesn't feel right, and IIRC GNU tar doesn't do that.
-Include necessary changes from previous commits.
-
-Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=bc9bbeb2b81001e8731cd2ae501c8fccc8d87cc7]
-CVE: CVE-2011-5325
-bug: 8411
-Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com>
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/archival/libarchive/Kbuild.src b/archival/libarchive/Kbuild.src
-index 942e755..e1a8a75 100644
---- a/archival/libarchive/Kbuild.src
-+++ b/archival/libarchive/Kbuild.src
-@@ -12,6 +12,8 @@ COMMON_FILES:= \
- 	data_extract_all.o \
- 	data_extract_to_stdout.o \
- \
-+	unsafe_symlink_target.o \
-+\
- 	filter_accept_all.o \
- 	filter_accept_list.o \
- 	filter_accept_reject_list.o \
-diff --git a/archival/libarchive/data_extract_all.c b/archival/libarchive/data_extract_all.c
-index 1830ffb..b828b65 100644
---- a/archival/libarchive/data_extract_all.c
-+++ b/archival/libarchive/data_extract_all.c
-@@ -128,10 +128,9 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
- 		res = link(hard_link, dst_name);
- 		if (res != 0 && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)) {
- 			/* shared message */
--			bb_perror_msg("can't create %slink "
--					"%s to %s", "hard",
--					dst_name,
--					hard_link);
-+			bb_perror_msg("can't create %slink '%s' to '%s'",
-+					 "hard", dst_name, hard_link
-+			);
- 		}
- 		/* Hardlinks have no separate mode/ownership, skip chown/chmod */
- 		goto ret;
-@@ -178,15 +177,17 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
- 	case S_IFLNK:
- 		/* Symlink */
- //TODO: what if file_header->link_target == NULL (say, corrupted tarball?)
--		res = symlink(file_header->link_target, dst_name);
--		if (res != 0
--		 && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)
--		) {
--			/* shared message */
--			bb_perror_msg("can't create %slink "
--				"%s to %s", "sym",
--				dst_name,
--				file_header->link_target);
-+		if (!unsafe_symlink_target(file_header->link_target)) {
-+			res = symlink(file_header->link_target, dst_name);
-+			if (res != 0
-+				&& !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)
-+			) {
-+						/* shared message */
-+						bb_perror_msg("can't create %slink '%s' to '%s'",
-+							"sym",
-+							dst_name, file_header->link_target
-+						);
-+			}
- 		}
- 		break;
- 	case S_IFSOCK:
-diff --git a/archival/libarchive/unsafe_symlink_target.c b/archival/libarchive/unsafe_symlink_target.c
-new file mode 100644
-index 0000000..ee46e28
---- /dev/null
-+++ b/archival/libarchive/unsafe_symlink_target.c
-@@ -0,0 +1,48 @@
-+/* vi: set sw=4 ts=4: */
-+/*
-+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
-+ */
-+#include "libbb.h"
-+#include "bb_archive.h"
-+
-+int FAST_FUNC unsafe_symlink_target(const char *target)
-+{
-+	const char *dot;
-+
-+	if (target[0] == '/') {
-+		const char *var;
-+unsafe:
-+		var = getenv("EXTRACT_UNSAFE_SYMLINKS");
-+		if (var) {
-+			if (LONE_CHAR(var, '1'))
-+				return 0; /* pretend it's safe */
-+			return 1; /* "UNSAFE!" */
-+		}
-+		bb_error_msg("skipping unsafe symlink to '%s' in archive,"
-+			" set %s=1 to extract",
-+			target,
-+			"EXTRACT_UNSAFE_SYMLINKS"
-+		);
-+		/* Prevent further messages */
-+		setenv("EXTRACT_UNSAFE_SYMLINKS", "0", 0);
-+		return 1; /* "UNSAFE!" */
-+	}
-+
-+	dot = target;
-+	for (;;) {
-+		dot = strchr(dot, '.');
-+			if (!dot)
-+				return 0; /* safe target */
-+
-+			/* Is it a path component starting with ".."? */
-+			if ((dot[1] == '.')
-+				&& (dot == target || dot[-1] == '/')
-+					/* Is it exactly ".."? */
-+				&& (dot[2] == '/' || dot[2] == '\0')
-+			) {
-+				goto unsafe;
-+			}
-+			/* NB: it can even be trailing ".", should only add 1 */
-+			dot += 1;
-+	}
-+}
-\ No newline at end of file
-diff --git a/archival/unzip.c b/archival/unzip.c
-index 9037262..270e261 100644
---- a/archival/unzip.c
-+++ b/archival/unzip.c
-@@ -335,6 +335,44 @@ static void unzip_create_leading_dirs(const char *fn)
- 	free(name);
- }
- 
-+static void unzip_extract_symlink(zip_header_t *zip, const char *dst_fn)
-+{
-+	char *target;
-+
-+	if (zip->fmt.ucmpsize > 0xfff) /* no funny business please */
-+		bb_error_msg_and_die("bad archive");
-+
-+	if (zip->fmt.method == 0) {
-+		/* Method 0 - stored (not compressed) */
-+		target = xzalloc(zip->fmt.ucmpsize + 1);
-+		xread(zip_fd, target, zip->fmt.ucmpsize);
-+	} else {
-+#if 1
-+		bb_error_msg_and_die("compressed symlink is not supported");
-+#else
-+		transformer_state_t xstate;
-+		init_transformer_state(&xstate);
-+		xstate.mem_output_size_max = zip->fmt.ucmpsize;
-+		/* ...unpack... */
-+		if (!xstate.mem_output_buf)
-+			WTF();
-+		target = xstate.mem_output_buf;
-+		target = xrealloc(target, xstate.mem_output_size + 1);
-+		target[xstate.mem_output_size] = '\0';
-+#endif
-+	}
-+	if (!unsafe_symlink_target(target)) {
-+//TODO: libbb candidate
-+		if (symlink(target, dst_fn)) {
-+			/* shared message */
-+			bb_perror_msg_and_die("can't create %slink '%s' to '%s'",
-+				"sym", dst_fn, target
-+			);
-+		}
-+	}
-+	free(target);
-+}
-+
- static void unzip_extract(zip_header_t *zip, int dst_fd)
- {
- 	transformer_state_t xstate;
-@@ -813,7 +851,7 @@ int unzip_main(int argc, char **argv)
- 		}
-  check_file:
- 		/* Extract file */
--		if (stat(dst_fn, &stat_buf) == -1) {
-+		if (lstat(dst_fn, &stat_buf) == -1) {
- 			/* File does not exist */
- 			if (errno != ENOENT) {
- 				bb_perror_msg_and_die("can't stat '%s'", dst_fn);
-@@ -834,6 +872,7 @@ int unzip_main(int argc, char **argv)
- 			goto do_open_and_extract;
- 		printf("replace %s? [y]es, [n]o, [A]ll, [N]one, [r]ename: ", dst_fn);
- 		my_fgets80(key_buf);
-+//TODO: redo lstat + ISREG check! user input could have taken a long time!
- 
- 		switch (key_buf[0]) {
- 		case 'A':
-@@ -842,7 +881,8 @@ int unzip_main(int argc, char **argv)
-  do_open_and_extract:
- 			unzip_create_leading_dirs(dst_fn);
- #if ENABLE_FEATURE_UNZIP_CDF
--			dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
-+			if (!S_ISLNK(file_mode))
-+				dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
- #else
- 			dst_fd = xopen(dst_fn, O_WRONLY | O_CREAT | O_TRUNC);
- #endif
-@@ -852,10 +892,18 @@ int unzip_main(int argc, char **argv)
- 					? " extracting: %s\n"
- 					: */ "  inflating: %s\n", dst_fn);
- 			}
--			unzip_extract(&zip, dst_fd);
--			if (dst_fd != STDOUT_FILENO) {
--				/* closing STDOUT is potentially bad for future business */
--				close(dst_fd);
-+#if ENABLE_FEATURE_UNZIP_CDF
-+			if (S_ISLNK(file_mode)) {
-+				if (dst_fd != STDOUT_FILENO) /* no -p */
-+					unzip_extract_symlink(&zip, dst_fn);
-+			} else
-+#endif
-+			{
-+				unzip_extract(&zip, dst_fd);
-+				if (dst_fd != STDOUT_FILENO) {
-+					/* closing STDOUT is potentially bad for future business */
-+					close(dst_fd);
-+				};
- 			}
- 			break;
- 
-diff --git a/coreutils/link.c b/coreutils/link.c
-index ac3ef85..aab249d 100644
---- a/coreutils/link.c
-+++ b/coreutils/link.c
-@@ -32,9 +32,8 @@ int link_main(int argc UNUSED_PARAM, char **argv)
- 	argv += optind;
- 	if (link(argv[0], argv[1]) != 0) {
- 		/* shared message */
--		bb_perror_msg_and_die("can't create %slink "
--					"%s to %s", "hard",
--					argv[1], argv[0]
-+		bb_perror_msg_and_die("can't create %slink '%s' to '%s'",
-+					"hard",	argv[1], argv[0]
- 		);
- 	}
- 	return EXIT_SUCCESS;
-diff --git a/include/bb_archive.h b/include/bb_archive.h
-index 2b9c5f0..1e4da3c 100644
---- a/include/bb_archive.h
-+++ b/include/bb_archive.h
-@@ -196,6 +196,7 @@ void seek_by_jump(int fd, off_t amount) FAST_FUNC;
- void seek_by_read(int fd, off_t amount) FAST_FUNC;
- 
- const char *strip_unsafe_prefix(const char *str) FAST_FUNC;
-+int unsafe_symlink_target(const char *target) FAST_FUNC;
- 
- void data_align(archive_handle_t *archive_handle, unsigned boundary) FAST_FUNC;
- const llist_t *find_list_entry(const llist_t *list, const char *filename) FAST_FUNC;
-diff --git a/libbb/copy_file.c b/libbb/copy_file.c
-index 23c0f83..be90066 100644
---- a/libbb/copy_file.c
-+++ b/libbb/copy_file.c
-@@ -371,7 +371,10 @@ int FAST_FUNC copy_file(const char *source, const char *dest, int flags)
- 			int r = symlink(lpath, dest);
- 			free(lpath);
- 			if (r < 0) {
--				bb_perror_msg("can't create symlink '%s'", dest);
-+				/* shared message */
-+				bb_perror_msg("can't create %slink '%s' to '%s'",
-+					"sym", dest, lpath
-+				);
- 				return -1;
- 			}
- 			if (flags & FILEUTILS_PRESERVE_STATUS)
-diff --git a/testsuite/tar.tests b/testsuite/tar.tests
-index 9f7ce15..b7cd74c 100755
---- a/testsuite/tar.tests
-+++ b/testsuite/tar.tests
-@@ -10,9 +10,6 @@ unset LC_COLLATE
- unset LC_ALL
- umask 022
- 
--rm -rf tar.tempdir 2>/dev/null
--mkdir tar.tempdir && cd tar.tempdir || exit 1
--
- # testing "test name" "script" "expected result" "file input" "stdin"
- 
- testing "Empty file is not a tarball" '\
-@@ -53,6 +50,7 @@ dd if=/dev/zero bs=512 count=20 2>/dev/null | tar xvf - 2>&1; echo $?
- "" ""
- SKIP=
- 
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # "tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input":
- # GNU tar 1.26 records as hardlinks:
- #  input_hard2 -> input_hard1
-@@ -64,7 +62,6 @@ SKIP=
- # We also don't use "hrw-r--r--" notation for hardlinks in "tar tv" listing.
- optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
- testing "tar hardlinks and repeated files" '\
--rm -rf input_* test.tar 2>/dev/null
- >input_hard1
- ln input_hard1 input_hard2
- mkdir input_dir
-@@ -95,10 +92,11 @@ drwxr-xr-x input_dir
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
- 
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
- testing "tar hardlinks mode" '\
--rm -rf input_* test.tar 2>/dev/null
- >input_hard1
- chmod 741 input_hard1
- ln input_hard1 input_hard2
-@@ -128,10 +126,11 @@ Ok: 0
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
- 
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
- testing "tar symlinks mode" '\
--rm -rf input_* test.tar 2>/dev/null
- >input_file
- chmod 741 input_file
- ln -s input_file input_soft
-@@ -159,10 +158,11 @@ lrwxrwxrwx input_file
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
- 
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- optional FEATURE_TAR_CREATE FEATURE_TAR_LONG_OPTIONS
- testing "tar --overwrite" "\
--rm -rf input_* test.tar 2>/dev/null
- ln input input_hard
- tar cf test.tar input_hard
- echo WRONG >input
-@@ -174,12 +174,13 @@ Ok
- " \
- "Ok\n" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
- 
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- test x"$SKIP_KNOWN_BUGS" = x"" && {
- # Needs to be run under non-root for meaningful test
- optional FEATURE_TAR_CREATE
- testing "tar writing into read-only dir" '\
--rm -rf input_* test.tar 2>/dev/null
- mkdir input_dir
- >input_dir/input_file
- chmod 550 input_dir
-@@ -201,7 +202,9 @@ dr-xr-x--- input_dir
- "" ""
- SKIP=
- }
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
- 
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # Had a bug where on extract autodetect first "switched off" -z
- # and then failed to recognize .tgz extension
- optional FEATURE_TAR_CREATE FEATURE_SEAMLESS_GZ GUNZIP
-@@ -217,7 +220,9 @@ Ok
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
- 
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # Do we detect XZ-compressed data (even w/o .tar.xz or txz extension)?
- # (the uuencoded hello_world.txz contains one empty file named "hello_world")
- optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_XZ
-@@ -236,7 +241,9 @@ AAAEWVo=
- ====
- "
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
- 
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # On extract, everything up to and including last ".." component is stripped
- optional FEATURE_TAR_CREATE
- testing "tar strips /../ on extract" "\
-@@ -255,7 +262,9 @@ Ok
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
- 
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # attack.tar.bz2 has symlink pointing to a system file
- # followed by a regular file with the same name
- # containing "root::0:0::/root:/bin/sh":
-@@ -270,6 +279,7 @@ optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
- testing "tar does not extract into symlinks" "\
- >>/tmp/passwd && uudecode -o input && tar xf input 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
- " "\
-+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
- 0
- " \
- "" "\
-@@ -281,12 +291,15 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
- ====
- "
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-+
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # And same with -k
- optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
- testing "tar -k does not extract into symlinks" "\
- >>/tmp/passwd && uudecode -o input && tar xf input -k 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
- " "\
--tar: can't open 'passwd': File exists
-+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
- 0
- " \
- "" "\
-@@ -298,7 +311,9 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
- ====
- "
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
- 
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- optional UNICODE_SUPPORT FEATURE_TAR_GNU_EXTENSIONS FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT
- testing "Pax-encoded UTF8 names and symlinks" '\
- tar xvf ../tar.utf8.tar.bz2 2>&1; echo $?
-@@ -309,17 +324,45 @@ rm -rf etc usr
- ' "\
- etc/ssl/certs/3b2716e5.0
- etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
-+tar: skipping unsafe symlink to '/usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
- etc/ssl/certs/f80cc7f6.0
- usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
- 0
- etc/ssl/certs/3b2716e5.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
--etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem -> /usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
- etc/ssl/certs/f80cc7f6.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
- 
--
--cd .. && rm -rf tar.tempdir || exit 1
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
-+optional UUDECODE FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT
-+testing "Symlink attack: create symlink and then write through it" '\
-+exec 2>&1
-+uudecode -o input && tar xvf input; echo $?
-+ls /tmp/bb_test_evilfile
-+ls bb_test_evilfile
-+ls symlink/bb_test_evilfile
-+' "\
-+anything.txt
-+symlink
-+tar: skipping unsafe symlink to '/tmp' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
-+symlink/bb_test_evilfile
-+0
-+ls: /tmp/bb_test_evilfile: No such file or directory
-+ls: bb_test_evilfile: No such file or directory
-+symlink/bb_test_evilfile
-+" \
-+"" "\
-+begin-base64 644 tar_symlink_attack.tar.bz2
-+QlpoOTFBWSZTWZgs7bQAALT/hMmQAFBAAf+AEMAGJPPv32AAAIAIMAC5thlR
-+omAjAmCMADQT1BqNE0AEwAAjAEwElTKeo9NTR6h6gaeoA0DQNLVdwZZ5iNTk
-+AQwCAV6S00QFJYhrlfFkVCEDEGtgNVqYrI0uK3ggnt30gqk4e1TTQm5QIAKa
-+SJqzRGSFLMmOloHSAcvLiFxxRiQtQZF+qPxbo173ZDISOAoNoPN4PQPhBhKS
-+n8fYaKlioCTzL2oXYczyUUIP4u5IpwoSEwWdtoA=
-+====
-+"
-+SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
- 
- exit $FAILCOUNT
diff --git a/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch b/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
deleted file mode 100644
index 5a027c9..0000000
--- a/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-busybox-1.27.2: Fix CVE-2017-15873
-
-[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10431
-
-bunzip2: fix runCnt overflow
-
-The get_next_block function in archival/libarchive/decompress_bunzip2.c
-in BusyBox 1.27.2 has an Integer Overflow that may lead to a write 
-access violation.
-
-Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0]
-CVE: CVE-2017-15873
-bug: 10431
-Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com>
-
-diff --git a/archival/libarchive/decompress_bunzip2.c b/archival/libarchive/decompress_bunzip2.c
-index 7cd18f5..bec89ed 100644
---- a/archival/libarchive/decompress_bunzip2.c
-+++ b/archival/libarchive/decompress_bunzip2.c
-@@ -156,15 +156,15 @@ static unsigned get_bits(bunzip_data *bd, int bits_wanted)
- static int get_next_block(bunzip_data *bd)
- {
- 	struct group_data *hufGroup;
--	int dbufCount, dbufSize, groupCount, *base, *limit, selector,
--		i, j, runPos, symCount, symTotal, nSelectors, byteCount[256];
--	int runCnt = runCnt; /* for compiler */
-+	int groupCount, *base, *limit, selector,
-+		i, j, symCount, symTotal, nSelectors, byteCount[256];
- 	uint8_t uc, symToByte[256], mtfSymbol[256], *selectors;
- 	uint32_t *dbuf;
- 	unsigned origPtr, t;
-+	unsigned dbufCount, runPos;
-+	unsigned runCnt = runCnt; /* for compiler */
- 
- 	dbuf = bd->dbuf;
--	dbufSize = bd->dbufSize;
- 	selectors = bd->selectors;
- 
- /* In bbox, we are ok with aborting through setjmp which is set up in start_bunzip */
-@@ -187,7 +187,7 @@ static int get_next_block(bunzip_data *bd)
- 	   it didn't actually work. */
- 	if (get_bits(bd, 1)) return RETVAL_OBSOLETE_INPUT;
- 	origPtr = get_bits(bd, 24);
--	if ((int)origPtr > dbufSize) return RETVAL_DATA_ERROR;
-+	if (origPtr > bd->dbufSize) return RETVAL_DATA_ERROR;
- 
- 	/* mapping table: if some byte values are never used (encoding things
- 	   like ascii text), the compression code removes the gaps to have fewer
-@@ -435,7 +435,14 @@ static int get_next_block(bunzip_data *bd)
- 			   symbols, but a run of length 0 doesn't mean anything in this
- 			   context).  Thus space is saved. */
- 			runCnt += (runPos << nextSym); /* +runPos if RUNA; +2*runPos if RUNB */
--			if (runPos < dbufSize) runPos <<= 1;
-+//The 32-bit overflow of runCnt wasn't yet seen, but probably can happen.
-+//This would be the fix (catches too large count way before it can overflow):
-+//			if (runCnt > bd->dbufSize) {
-+//				dbg("runCnt:%u > dbufSize:%u RETVAL_DATA_ERROR",
-+//						runCnt, bd->dbufSize);
-+//				return RETVAL_DATA_ERROR;
-+//			}
-+			if (runPos < bd->dbufSize) runPos <<= 1;
- 			goto end_of_huffman_loop;
- 		}
- 
-@@ -445,14 +452,15 @@ static int get_next_block(bunzip_data *bd)
- 		   literal used is the one at the head of the mtfSymbol array.) */
- 		if (runPos != 0) {
- 			uint8_t tmp_byte;
--			if (dbufCount + runCnt > dbufSize) {
--				dbg("dbufCount:%d+runCnt:%d %d > dbufSize:%d RETVAL_DATA_ERROR",
--						dbufCount, runCnt, dbufCount + runCnt, dbufSize);
-+			if (dbufCount + runCnt > bd->dbufSize) {
-+				dbg("dbufCount:%u+runCnt:%u %u > dbufSize:%u RETVAL_DATA_ERROR",
-+						dbufCount, runCnt, dbufCount + runCnt, bd->dbufSize);
- 				return RETVAL_DATA_ERROR;
- 			}
- 			tmp_byte = symToByte[mtfSymbol[0]];
- 			byteCount[tmp_byte] += runCnt;
--			while (--runCnt >= 0) dbuf[dbufCount++] = (uint32_t)tmp_byte;
-+			while ((int)--runCnt >= 0)
-+				dbuf[dbufCount++] = (uint32_t)tmp_byte;
- 			runPos = 0;
- 		}
- 
-@@ -466,7 +474,7 @@ static int get_next_block(bunzip_data *bd)
- 		   first symbol in the mtf array, position 0, would have been handled
- 		   as part of a run above.  Therefore 1 unused mtf position minus
- 		   2 non-literal nextSym values equals -1.) */
--		if (dbufCount >= dbufSize) return RETVAL_DATA_ERROR;
-+		if (dbufCount >= bd->dbufSize) return RETVAL_DATA_ERROR;
- 		i = nextSym - 1;
- 		uc = mtfSymbol[i];
- 
--- 
-cgit v0.12
diff --git a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch b/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
deleted file mode 100644
index fc19ee3..0000000
--- a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From c3797d40a1c57352192c6106cc0f435e7d9c11e8 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Tue, 7 Nov 2017 18:09:29 +0100
-Subject: lineedit: do not tab-complete any strings which have control
- characters
-
-function                                             old     new   delta
-add_match                                             41      68     +27
-
-CVE: CVE-2017-16544
-Upstream-Status: Backport
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
----
- libbb/lineedit.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/libbb/lineedit.c b/libbb/lineedit.c
-index c0e35bb..56e8140 100644
---- a/libbb/lineedit.c
-+++ b/libbb/lineedit.c
-@@ -645,6 +645,18 @@ static void free_tab_completion_data(void)
- 
- static void add_match(char *matched)
- {
-+	unsigned char *p = (unsigned char*)matched;
-+	while (*p) {
-+		/* ESC attack fix: drop any string with control chars */
-+		if (*p < ' '
-+		 || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f)
-+		 || (ENABLE_UNICODE_SUPPORT && *p == 0x7f)
-+		) {
-+			free(matched);
-+			return;
-+		}
-+		p++;
-+	}
- 	matches = xrealloc_vector(matches, 4, num_matches);
- 	matches[num_matches] = matched;
- 	num_matches++;
--- 
-cgit v0.12
diff --git a/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch b/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
index 582a258..9e74653 100644
--- a/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
+++ b/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
@@ -31,11 +31,11 @@ Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
  networking/udhcp/dhcpc.c                       | 29 ++++++++++++++++------
  1 file changed, 21 insertions(+), 8 deletions(-)
 
-Index: busybox-1.27.2/networking/udhcp/dhcpc.c
+Index: busybox-1.28.3/networking/udhcp/dhcpc.c
 ===================================================================
---- busybox-1.27.2.orig/networking/udhcp/dhcpc.c
-+++ busybox-1.27.2/networking/udhcp/dhcpc.c
-@@ -49,6 +49,8 @@ struct tpacket_auxdata {
+--- busybox-1.28.3.orig/networking/udhcp/dhcpc.c
++++ busybox-1.28.3/networking/udhcp/dhcpc.c
+@@ -48,6 +48,8 @@ struct tpacket_auxdata {
  };
  #endif
  
@@ -44,7 +44,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
  
  /* "struct client_config_t client_config" is in bb_common_bufsiz1 */
  
-@@ -104,8 +106,9 @@ enum {
+@@ -103,8 +105,9 @@ enum {
  	OPT_x = 1 << 18,
  	OPT_f = 1 << 19,
  	OPT_B = 1 << 20,
@@ -55,7 +55,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
  	USE_FOR_MMU(             OPTBIT_b,)
  	IF_FEATURE_UDHCPC_ARPING(OPTBIT_a,)
  	IF_FEATURE_UDHCP_PORT(   OPTBIT_P,)
-@@ -1110,7 +1113,8 @@ static void perform_renew(void)
+@@ -1122,7 +1125,8 @@ static void perform_renew(void)
  		state = RENEW_REQUESTED;
  		break;
  	case RENEW_REQUESTED: /* impatient are we? fine, square 1 */
@@ -65,7 +65,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
  	case REQUESTING:
  	case RELEASED:
  		change_listen_mode(LISTEN_RAW);
-@@ -1146,7 +1150,8 @@ static void perform_release(uint32_t server_addr, uint32_t requested_ip)
+@@ -1158,7 +1162,8 @@ static void perform_release(uint32_t ser
   * Users requested to be notified in all cases, even if not in one
   * of the states above.
   */
@@ -75,16 +75,16 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
  
  	change_listen_mode(LISTEN_NONE);
  	state = RELEASED;
-@@ -1298,7 +1303,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
- 	/* O,x: list; -T,-t,-A take numeric param */
- 	IF_UDHCP_VERBOSE(opt_complementary = "vv";)
- 	IF_LONG_OPTS(applet_long_options = udhcpc_longopts;)
--	opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB"
-+	opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD"
+@@ -1270,7 +1275,7 @@ int udhcpc_main(int argc UNUSED_PARAM, c
+ 	/* Parse command line */
+ 	opt = getopt32long(argv, "^"
+ 		/* O,x: list; -T,-t,-A take numeric param */
+-		"CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB"
++		"CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD"
  		USE_FOR_MMU("b")
  		IF_FEATURE_UDHCPC_ARPING("a::")
  		IF_FEATURE_UDHCP_PORT("P:")
-@@ -1409,6 +1414,10 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1384,6 +1389,10 @@ int udhcpc_main(int argc UNUSED_PARAM, c
  		logmode |= LOGMODE_SYSLOG;
  	}
  
@@ -95,7 +95,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
  	/* Make sure fd 0,1,2 are open */
  	bb_sanitize_stdio();
  	/* Equivalent of doing a fflush after every \n */
-@@ -1423,7 +1432,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1398,7 +1407,8 @@ int udhcpc_main(int argc UNUSED_PARAM, c
  	srand(monotonic_us());
  
  	state = INIT_SELECTING;
@@ -105,7 +105,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
  	change_listen_mode(LISTEN_RAW);
  	packet_num = 0;
  	timeout = 0;
-@@ -1577,7 +1587,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1565,7 +1575,8 @@ int udhcpc_main(int argc UNUSED_PARAM, c
  				}
  				/* Timed out, enter init state */
  				bb_error_msg("lease lost, entering init state");
@@ -115,7 +115,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
  				state = INIT_SELECTING;
  				client_config.first_secs = 0; /* make secs field count from 0 */
  				/*timeout = 0; - already is */
-@@ -1770,7 +1781,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1757,7 +1768,8 @@ int udhcpc_main(int argc UNUSED_PARAM, c
  						send_decline(/*xid,*/ server_addr, packet.yiaddr);
  
  						if (state != REQUESTING)
@@ -125,7 +125,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
  						change_listen_mode(LISTEN_RAW);
  						state = INIT_SELECTING;
  						client_config.first_secs = 0; /* make secs field count from 0 */
-@@ -1840,7 +1852,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1827,7 +1839,8 @@ int udhcpc_main(int argc UNUSED_PARAM, c
  				bb_error_msg("received %s", "DHCP NAK");
  				udhcp_run_script(&packet, "nak");
  				if (state != REQUESTING)
diff --git a/meta/recipes-core/busybox/busybox_1.27.2.bb b/meta/recipes-core/busybox/busybox_1.28.3.bb
similarity index 83%
rename from meta/recipes-core/busybox/busybox_1.27.2.bb
rename to meta/recipes-core/busybox/busybox_1.28.3.bb
index 36a6342..6afd9f2 100644
--- a/meta/recipes-core/busybox/busybox_1.27.2.bb
+++ b/meta/recipes-core/busybox/busybox_1.28.3.bb
@@ -1,7 +1,6 @@
 require busybox.inc
 
 SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
-           file://busybox-udhcpc-no_deconfig.patch \
            file://find-touchscreen.sh \
            file://busybox-cron \
            file://busybox-httpd \
@@ -42,11 +41,9 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://rcK \
            file://runlevel \
            file://makefile-libbb-race.patch \
-           file://CVE-2011-5325.patch \
-           file://CVE-2017-15873.patch \
-           file://busybox-CVE-2017-16544.patch \
 "
 SRC_URI_append_libc-musl = " file://musl.cfg "
 
-SRC_URI[tarball.md5sum] = "476186f4bab81781dab2369bfd42734e"
-SRC_URI[tarball.sha256sum] = "9d4be516b61e6480f156b11eb42577a13529f75d3383850bb75c50c285de63df"
+#file://busybox-udhcpc-no_deconfig.patch
+SRC_URI[tarball.md5sum] = "82e5ad09ae4a07c266fc179492b51757"
+SRC_URI[tarball.sha256sum] = "ad0d22033f23e696f9a71a4c2f9210194dda39b024a79151f4ac278995332a6e"
-- 
2.7.4

Re: [PATCH 7/8] busybox: update to 1.28.3

[Anuj Mittal]

On 05/19/2018 10:13 AM, Armin Kuster wrote:
>  SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
> -           file://busybox-udhcpc-no_deconfig.patch \
>             file://find-touchscreen.sh \
>             file://busybox-cron \
>             file://busybox-httpd \
> @@ -42,11 +41,9 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
>             file://rcK \
>             file://runlevel \
>             file://makefile-libbb-race.patch \
> -           file://CVE-2011-5325.patch \
> -           file://CVE-2017-15873.patch \
> -           file://busybox-CVE-2017-16544.patch \
>  "
>  SRC_URI_append_libc-musl = " file://musl.cfg "
>  
> -SRC_URI[tarball.md5sum] = "476186f4bab81781dab2369bfd42734e"
> -SRC_URI[tarball.sha256sum] = "9d4be516b61e6480f156b11eb42577a13529f75d3383850bb75c50c285de63df"
> +#file://busybox-udhcpc-no_deconfig.patch

Why has this been removed and commented out? Is this intentional?

Thanks.

Re: [PATCH 7/8] busybox: update to 1.28.3

[akuster808]

On 05/18/2018 07:30 PM, Anuj Mittal wrote:
> On 05/19/2018 10:13 AM, Armin Kuster wrote:
>>  SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
>> -           file://busybox-udhcpc-no_deconfig.patch \
>>             file://find-touchscreen.sh \
>>             file://busybox-cron \
>>             file://busybox-httpd \
>> @@ -42,11 +41,9 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
>>             file://rcK \
>>             file://runlevel \
>>             file://makefile-libbb-race.patch \
>> -           file://CVE-2011-5325.patch \
>> -           file://CVE-2017-15873.patch \
>> -           file://busybox-CVE-2017-16544.patch \
>>  "
>>  SRC_URI_append_libc-musl = " file://musl.cfg "
>>  
>> -SRC_URI[tarball.md5sum] = "476186f4bab81781dab2369bfd42734e"
>> -SRC_URI[tarball.sha256sum] = "9d4be516b61e6480f156b11eb42577a13529f75d3383850bb75c50c285de63df"
>> +#file://busybox-udhcpc-no_deconfig.patch
> Why has this been removed and commented out? Is this intentional?
No, just being a goof. sad thing is I believe I re factored that patch.

thanks for catching this.
armin

>
> Thanks.

[PATCH 8/8] openssh: fix some ptest exec issues

[Armin Kuster]

From: Armin Kuster <akuster808@gmail.com>

SUDO needs to be empty to run some of the tests on the target.
compile check-perm which is needed for some tests.
skip "unit" tests in regress/Makefile

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-connectivity/openssh/openssh/run-ptest | 2 +-
 meta/recipes-connectivity/openssh/openssh_7.7p1.bb  | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-connectivity/openssh/openssh/run-ptest b/meta/recipes-connectivity/openssh/openssh/run-ptest
index 36a3d2a..39fb521 100755
--- a/meta/recipes-connectivity/openssh/openssh/run-ptest
+++ b/meta/recipes-connectivity/openssh/openssh/run-ptest
@@ -4,7 +4,7 @@ export TEST_SHELL=sh
 
 cd regress
 sed -i "/\t\tagent-ptrace /d" Makefile
-make -k .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \
+make -k .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="" tests \
         | sed -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g'
 
 SSHAGENT=`which ssh-agent`
diff --git a/meta/recipes-connectivity/openssh/openssh_7.7p1.bb b/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
index 691dec6..40e0fb0 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
@@ -84,7 +84,7 @@ do_configure_prepend () {
 do_compile_ptest() {
         # skip regress/unittests/ binaries: this will silently skip
         # unittests in run-ptests which is good because they are so slow.
-        oe_runmake regress/modpipe regress/setuid-allowed regress/netcat
+        oe_runmake regress/modpipe regress/setuid-allowed regress/netcat regress/check-perm
 }
 
 do_install_append () {
@@ -132,6 +132,7 @@ do_install_append () {
 
 do_install_ptest () {
 	sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh
+	sed -i -e "s|EGRESS_TARGETS=./*unit|EGRESS_TARGETS=|" regress/Makefile
 	cp -r regress ${D}${PTEST_PATH}
 }
 
-- 
2.7.4