summaryrefslogtreecommitdiffstats
path: root/external/poky/meta/recipes-core
diff options
context:
space:
mode:
Diffstat (limited to 'external/poky/meta/recipes-core')
-rw-r--r--external/poky/meta/recipes-core/dbus/dbus/CVE-2019-12749.patch127
-rw-r--r--external/poky/meta/recipes-core/dbus/dbus_1.12.10.bb1
-rw-r--r--external/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch47
-rw-r--r--external/poky/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb1
-rw-r--r--external/poky/meta/recipes-core/glibc/glibc-locale.inc3
-rw-r--r--external/poky/meta/recipes-core/glibc/glibc-mtrace.inc3
-rw-r--r--external/poky/meta/recipes-core/glibc/glibc-scripts.inc3
-rw-r--r--external/poky/meta/recipes-core/glibc/glibc/CVE-2016-10739.patch910
-rw-r--r--external/poky/meta/recipes-core/glibc/glibc/CVE-2019-6488.patch274
-rw-r--r--external/poky/meta/recipes-core/glibc/glibc/CVE-2019-7309.patch207
-rw-r--r--external/poky/meta/recipes-core/glibc/glibc_2.28.bb2
-rw-r--r--external/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb2
-rw-r--r--external/poky/meta/recipes-core/meta/cve-update-db-native.bb185
13 files changed, 1761 insertions, 4 deletions
diff --git a/external/poky/meta/recipes-core/dbus/dbus/CVE-2019-12749.patch b/external/poky/meta/recipes-core/dbus/dbus/CVE-2019-12749.patch
new file mode 100644
index 00000000..393c70ca
--- /dev/null
+++ b/external/poky/meta/recipes-core/dbus/dbus/CVE-2019-12749.patch
@@ -0,0 +1,127 @@
+From f0120c5d97a4cc1b659e86d38f2b1f646ca20ea3 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Thu, 30 May 2019 12:53:03 +0100
+Subject: [PATCH] auth: Reject DBUS_COOKIE_SHA1 for users other than the server
+ owner
+
+The DBUS_COOKIE_SHA1 authentication mechanism aims to prove ownership
+of a shared home directory by having the server write a secret "cookie"
+into a .dbus-keyrings subdirectory of the desired identity's home
+directory with 0700 permissions, and having the client prove that it can
+read the cookie. This never actually worked for non-malicious clients in
+the case where server uid != client uid (unless the server and client
+both have privileges, such as Linux CAP_DAC_OVERRIDE or traditional
+Unix uid 0) because an unprivileged server would fail to write out the
+cookie, and an unprivileged client would be unable to read the resulting
+file owned by the server.
+
+Additionally, since dbus 1.7.10 we have checked that ~/.dbus-keyrings
+is owned by the uid of the server (a side-effect of a check added to
+harden our use of XDG_RUNTIME_DIR), further ruling out successful use
+by a non-malicious client with a uid differing from the server's.
+
+Joe Vennix of Apple Information Security discovered that the
+implementation of DBUS_COOKIE_SHA1 was susceptible to a symbolic link
+attack: a malicious client with write access to its own home directory
+could manipulate a ~/.dbus-keyrings symlink to cause the DBusServer to
+read and write in unintended locations. In the worst case this could
+result in the DBusServer reusing a cookie that is known to the
+malicious client, and treating that cookie as evidence that a subsequent
+client connection came from an attacker-chosen uid, allowing
+authentication bypass.
+
+This is mitigated by the fact that by default, the well-known system
+dbus-daemon (since 2003) and the well-known session dbus-daemon (in
+stable releases since dbus 1.10.0 in 2015) only accept the EXTERNAL
+authentication mechanism, and as a result will reject DBUS_COOKIE_SHA1
+at an early stage, before manipulating cookies. As a result, this
+vulnerability only applies to:
+
+* system or session dbus-daemons with non-standard configuration
+* third-party dbus-daemon invocations such as at-spi2-core (although
+ in practice at-spi2-core also only accepts EXTERNAL by default)
+* third-party uses of DBusServer such as the one in Upstart
+
+Avoiding symlink attacks in a portable way is difficult, because APIs
+like openat() and Linux /proc/self/fd are not universally available.
+However, because DBUS_COOKIE_SHA1 already doesn't work in practice for
+a non-matching uid, we can solve this vulnerability in an easier way
+without regressions, by rejecting it early (before looking at
+~/.dbus-keyrings) whenever the requested identity doesn't match the
+identity of the process hosting the DBusServer.
+
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+Closes: https://gitlab.freedesktop.org/dbus/dbus/issues/269
+Closes: CVE-2019-12749
+
+Upstream-Status: Backport
+[https://gitlab.freedesktop.org/dbus/dbus/commit
+/47b1a4c41004bf494b87370987b222c934b19016]
+
+CVE: CVE-2019-12749
+
+Signed-off-by: Kevin Weng <t-keweng@microsoft.com>
+---
+ dbus/dbus-auth.c | 32 ++++++++++++++++++++++++++++++++
+ 1 file changed, 32 insertions(+)
+
+diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
+index 37d8d4c9..7390a9d5 100644
+--- a/dbus/dbus-auth.c
++++ b/dbus/dbus-auth.c
+@@ -529,6 +529,7 @@ sha1_handle_first_client_response (DBusAuth *auth,
+ DBusString tmp2;
+ dbus_bool_t retval = FALSE;
+ DBusError error = DBUS_ERROR_INIT;
++ DBusCredentials *myself = NULL;
+
+ _dbus_string_set_length (&auth->challenge, 0);
+
+@@ -565,6 +566,34 @@ sha1_handle_first_client_response (DBusAuth *auth,
+ return FALSE;
+ }
+
++ myself = _dbus_credentials_new_from_current_process ();
++
++ if (myself == NULL)
++ goto out;
++
++ if (!_dbus_credentials_same_user (myself, auth->desired_identity))
++ {
++ /*
++ * DBUS_COOKIE_SHA1 is not suitable for authenticating that the
++ * client is anyone other than the user owning the process
++ * containing the DBusServer: we probably aren't allowed to write
++ * to other users' home directories. Even if we can (for example
++ * uid 0 on traditional Unix or CAP_DAC_OVERRIDE on Linux), we
++ * must not, because the other user controls their home directory,
++ * and could carry out symlink attacks to make us read from or
++ * write to unintended locations. It's difficult to avoid symlink
++ * attacks in a portable way, so we just don't try. This isn't a
++ * regression, because DBUS_COOKIE_SHA1 never worked for other
++ * users anyway.
++ */
++ _dbus_verbose ("%s: client tried to authenticate as \"%s\", "
++ "but that doesn't match this process",
++ DBUS_AUTH_NAME (auth),
++ _dbus_string_get_const_data (data));
++ retval = send_rejected (auth);
++ goto out;
++ }
++
+ /* we cache the keyring for speed, so here we drop it if it's the
+ * wrong one. FIXME caching the keyring here is useless since we use
+ * a different DBusAuth for every connection.
+@@ -679,6 +708,9 @@ sha1_handle_first_client_response (DBusAuth *auth,
+ _dbus_string_zero (&tmp2);
+ _dbus_string_free (&tmp2);
+
++ if (myself != NULL)
++ _dbus_credentials_unref (myself);
++
+ return retval;
+ }
+
+--
+2.22.0
+
diff --git a/external/poky/meta/recipes-core/dbus/dbus_1.12.10.bb b/external/poky/meta/recipes-core/dbus/dbus_1.12.10.bb
index d71f7f70..d7ad1d8b 100644
--- a/external/poky/meta/recipes-core/dbus/dbus_1.12.10.bb
+++ b/external/poky/meta/recipes-core/dbus/dbus_1.12.10.bb
@@ -16,6 +16,7 @@ SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
file://tmpdir.patch \
file://dbus-1.init \
file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
+ file://CVE-2019-12749.patch \
"
SRC_URI[md5sum] = "c3e12b4206e2a7da39d7cc42567790ef"
diff --git a/external/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch b/external/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch
new file mode 100644
index 00000000..29c5d984
--- /dev/null
+++ b/external/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch
@@ -0,0 +1,47 @@
+From c7f7fd53780f8caebccc903d61ffc21632b46a6c Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Tue, 22 Jan 2019 13:26:31 -0500
+Subject: [PATCH] keyfile settings: Use tighter permissions
+
+When creating directories, create them with 700 permissions,
+instead of 777.
+
+Closes: #1658
+
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/glib/commit
+/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429]
+
+CVE: CVE-2019-13012
+
+Signed-off-by: Kevin Weng <t-keweng@microsoft.com>
+---
+ gio/gkeyfilesettingsbackend.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
+index a37978e83..580a0b0a1 100644
+--- a/gio/gkeyfilesettingsbackend.c
++++ b/gio/gkeyfilesettingsbackend.c
+@@ -89,7 +89,8 @@ g_keyfile_settings_backend_keyfile_write (GKeyfileSettingsBackend *kfsb)
+
+ contents = g_key_file_to_data (kfsb->keyfile, &length, NULL);
+ g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE,
+- G_FILE_CREATE_REPLACE_DESTINATION,
++ G_FILE_CREATE_REPLACE_DESTINATION |
++ G_FILE_CREATE_PRIVATE,
+ NULL, NULL, NULL);
+
+ compute_checksum (kfsb->digest, contents, length);
+@@ -640,7 +641,7 @@ g_keyfile_settings_backend_new (const gchar *filename,
+
+ kfsb->file = g_file_new_for_path (filename);
+ kfsb->dir = g_file_get_parent (kfsb->file);
+- g_file_make_directory_with_parents (kfsb->dir, NULL, NULL);
++ g_mkdir_with_parents (g_file_peek_path (kfsb->dir), 0700);
+
+ kfsb->file_monitor = g_file_monitor (kfsb->file, 0, NULL, NULL);
+ kfsb->dir_monitor = g_file_monitor (kfsb->dir, 0, NULL, NULL);
+--
+2.22.0
+
diff --git a/external/poky/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb b/external/poky/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb
index f0075969..611abd8e 100644
--- a/external/poky/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb
+++ b/external/poky/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb
@@ -17,6 +17,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
file://CVE-2019-12450.patch \
file://CVE-2019-9633_p1.patch \
file://CVE-2019-9633_p2.patch \
+ file://CVE-2019-13012.patch \
"
SRC_URI_append_class-native = " file://relocate-modules.patch"
diff --git a/external/poky/meta/recipes-core/glibc/glibc-locale.inc b/external/poky/meta/recipes-core/glibc/glibc-locale.inc
index 1b676dc2..97d83cb8 100644
--- a/external/poky/meta/recipes-core/glibc/glibc-locale.inc
+++ b/external/poky/meta/recipes-core/glibc/glibc-locale.inc
@@ -95,3 +95,6 @@ do_install () {
inherit libc-package
BBCLASSEXTEND = "nativesdk"
+
+# Don't scan for CVEs as glibc will be scanned
+CVE_PRODUCT = ""
diff --git a/external/poky/meta/recipes-core/glibc/glibc-mtrace.inc b/external/poky/meta/recipes-core/glibc/glibc-mtrace.inc
index d703c14b..ef9d60ec 100644
--- a/external/poky/meta/recipes-core/glibc/glibc-mtrace.inc
+++ b/external/poky/meta/recipes-core/glibc/glibc-mtrace.inc
@@ -11,3 +11,6 @@ do_install() {
install -d -m 0755 ${D}${bindir}
install -m 0755 ${SRC}/mtrace ${D}${bindir}/
}
+
+# Don't scan for CVEs as glibc will be scanned
+CVE_PRODUCT = ""
diff --git a/external/poky/meta/recipes-core/glibc/glibc-scripts.inc b/external/poky/meta/recipes-core/glibc/glibc-scripts.inc
index 2a2b4150..14a14e45 100644
--- a/external/poky/meta/recipes-core/glibc/glibc-scripts.inc
+++ b/external/poky/meta/recipes-core/glibc/glibc-scripts.inc
@@ -18,3 +18,6 @@ do_install() {
# sotruss script requires sotruss-lib.so (given by libsotruss package),
# to produce trace of the library calls.
RDEPENDS_${PN} += "libsotruss"
+
+# Don't scan for CVEs as glibc will be scanned
+CVE_PRODUCT = ""
diff --git a/external/poky/meta/recipes-core/glibc/glibc/CVE-2016-10739.patch b/external/poky/meta/recipes-core/glibc/glibc/CVE-2016-10739.patch
index 7eb55d66..7dc84288 100644
--- a/external/poky/meta/recipes-core/glibc/glibc/CVE-2016-10739.patch
+++ b/external/poky/meta/recipes-core/glibc/glibc/CVE-2016-10739.patch
@@ -5,12 +5,12 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
From 8e92ca5dd7a7e38a4dddf1ebc4e1e8f0cb27e4aa Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 21 Jan 2019 08:59:42 +0100
-Subject: [PATCH] resolv: Reformat inet_addr, inet_aton to GNU style
+Subject: [PATCH 1/4] resolv: Reformat inet_addr, inet_aton to GNU style
(cherry picked from commit 5e30b8ef0758763effa115634e0ed7d8938e4bc0)
---
ChangeLog | 5 ++
- resolv/inet_addr.c | 192 ++++++++++++++++++++++++++++-------------------------
+ resolv/inet_addr.c | 192 ++++++++++++++++++++++++---------------------
2 files changed, 106 insertions(+), 91 deletions(-)
diff --git a/resolv/inet_addr.c b/resolv/inet_addr.c
@@ -229,4 +229,908 @@ index 022f7ea084..32f58b0e13 100644
weak_alias (__inet_aton, inet_aton)
libc_hidden_def (__inet_aton)
--
-2.11.0
+2.20.1
+
+
+From 37edf1d3f8ab9adefb61cc466ac52b53114fbd5b Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 21 Jan 2019 09:26:41 +0100
+Subject: [PATCH 2/4] resolv: Do not send queries for non-host-names in nss_dns
+ [BZ #24112]
+
+Before this commit, nss_dns would send a query which did not contain a
+host name as the query name (such as invalid\032name.example.com) and
+then reject the answer in getanswer_r and gaih_getanswer_slice, using
+a check based on res_hnok. With this commit, no query is sent, and a
+host-not-found error is returned to NSS without network interaction.
+
+(cherry picked from commit 6ca53a2453598804a2559a548a08424fca96434a)
+---
+ ChangeLog | 9 +++++++++
+ resolv/nss_dns/dns-host.c | 24 ++++++++++++++++++++++--
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index 5dc2829cd1..99c3b61e1c 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -274,11 +274,26 @@ gethostbyname3_context (struct resolv_context *ctx,
+ return status;
+ }
+
++/* Verify that the name looks like a host name. There is no point in
++ sending a query which will not produce a usable name in the
++ response. */
++static enum nss_status
++check_name (const char *name, int *h_errnop)
++{
++ if (res_hnok (name))
++ return NSS_STATUS_SUCCESS;
++ *h_errnop = HOST_NOT_FOUND;
++ return NSS_STATUS_NOTFOUND;
++}
++
+ enum nss_status
+ _nss_dns_gethostbyname2_r (const char *name, int af, struct hostent *result,
+ char *buffer, size_t buflen, int *errnop,
+ int *h_errnop)
+ {
++ enum nss_status status = check_name (name, h_errnop);
++ if (status != NSS_STATUS_SUCCESS)
++ return status;
+ return _nss_dns_gethostbyname3_r (name, af, result, buffer, buflen, errnop,
+ h_errnop, NULL, NULL);
+ }
+@@ -289,6 +304,9 @@ _nss_dns_gethostbyname_r (const char *name, struct hostent *result,
+ char *buffer, size_t buflen, int *errnop,
+ int *h_errnop)
+ {
++ enum nss_status status = check_name (name, h_errnop);
++ if (status != NSS_STATUS_SUCCESS)
++ return status;
+ struct resolv_context *ctx = __resolv_context_get ();
+ if (ctx == NULL)
+ {
+@@ -296,7 +314,7 @@ _nss_dns_gethostbyname_r (const char *name, struct hostent *result,
+ *h_errnop = NETDB_INTERNAL;
+ return NSS_STATUS_UNAVAIL;
+ }
+- enum nss_status status = NSS_STATUS_NOTFOUND;
++ status = NSS_STATUS_NOTFOUND;
+ if (res_use_inet6 ())
+ status = gethostbyname3_context (ctx, name, AF_INET6, result, buffer,
+ buflen, errnop, h_errnop, NULL, NULL);
+@@ -313,6 +331,9 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
+ char *buffer, size_t buflen, int *errnop,
+ int *herrnop, int32_t *ttlp)
+ {
++ enum nss_status status = check_name (name, herrnop);
++ if (status != NSS_STATUS_SUCCESS)
++ return status;
+ struct resolv_context *ctx = __resolv_context_get ();
+ if (ctx == NULL)
+ {
+@@ -347,7 +368,6 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
+ int ans2p_malloced = 0;
+
+ int olderr = errno;
+- enum nss_status status;
+ int n = __res_context_search (ctx, name, C_IN, T_QUERY_A_AND_AAAA,
+ host_buffer.buf->buf, 2048, &host_buffer.ptr,
+ &ans2p, &nans2p, &resplen2, &ans2p_malloced);
+--
+2.20.1
+
+
+From 2373941bd73cb288c8a42a33e23e7f7bb81151e7 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 21 Jan 2019 21:26:03 +0100
+Subject: [PATCH 3/4] CVE-2016-10739: getaddrinfo: Fully parse IPv4 address
+ strings [BZ #20018]
+
+The IPv4 address parser in the getaddrinfo function is changed so that
+it does not ignore trailing whitespace and all characters after it.
+For backwards compatibility, the getaddrinfo function still recognizes
+legacy name syntax, such as 192.000.002.010 interpreted as 192.0.2.8
+(octal).
+
+This commit does not change the behavior of inet_addr and inet_aton.
+gethostbyname already had additional sanity checks (but is switched
+over to the new __inet_aton_exact function for completeness as well).
+
+To avoid sending the problematic query names over DNS, commit
+6ca53a2453598804a2559a548a08424fca96434a ("resolv: Do not send queries
+for non-host-names in nss_dns [BZ #24112]") is needed.
+
+(cherry picked from commit 108bc4049f8ae82710aec26a92ffdb4b439c83fd)
+---
+ ChangeLog | 33 ++++++++
+ NEWS | 4 +
+ include/arpa/inet.h | 6 +-
+ nscd/gai.c | 1 -
+ nscd/gethstbynm3_r.c | 2 -
+ nss/digits_dots.c | 3 +-
+ resolv/Makefile | 7 ++
+ resolv/Versions | 1 +
+ resolv/inet_addr.c | 62 ++++++++++-----
+ resolv/res_init.c | 17 ++--
+ resolv/tst-aton.c | 35 +++++++--
+ resolv/tst-inet_aton_exact.c | 47 +++++++++++
+ resolv/tst-resolv-nondecimal.c | 139 +++++++++++++++++++++++++++++++++
+ resolv/tst-resolv-trailing.c | 136 ++++++++++++++++++++++++++++++++
+ sysdeps/posix/getaddrinfo.c | 2 +-
+ 15 files changed, 455 insertions(+), 40 deletions(-)
+ create mode 100644 resolv/tst-inet_aton_exact.c
+ create mode 100644 resolv/tst-resolv-nondecimal.c
+ create mode 100644 resolv/tst-resolv-trailing.c
+
+diff --git a/include/arpa/inet.h b/include/arpa/inet.h
+index c3f28f2baa..19aec74275 100644
+--- a/include/arpa/inet.h
++++ b/include/arpa/inet.h
+@@ -1,10 +1,10 @@
+ #include <inet/arpa/inet.h>
+
+ #ifndef _ISOMAC
+-extern int __inet_aton (const char *__cp, struct in_addr *__inp);
+-libc_hidden_proto (__inet_aton)
++/* Variant of inet_aton which rejects trailing garbage. */
++extern int __inet_aton_exact (const char *__cp, struct in_addr *__inp);
++libc_hidden_proto (__inet_aton_exact)
+
+-libc_hidden_proto (inet_aton)
+ libc_hidden_proto (inet_ntop)
+ libc_hidden_proto (inet_pton)
+ extern __typeof (inet_pton) __inet_pton;
+diff --git a/nscd/gai.c b/nscd/gai.c
+index 24bdfee1db..f57f396f57 100644
+--- a/nscd/gai.c
++++ b/nscd/gai.c
+@@ -19,7 +19,6 @@
+
+ /* This file uses the getaddrinfo code but it compiles it without NSCD
+ support. We just need a few symbol renames. */
+-#define __inet_aton inet_aton
+ #define __ioctl ioctl
+ #define __getsockname getsockname
+ #define __socket socket
+diff --git a/nscd/gethstbynm3_r.c b/nscd/gethstbynm3_r.c
+index 7beb9dce9f..f792c4fcd0 100644
+--- a/nscd/gethstbynm3_r.c
++++ b/nscd/gethstbynm3_r.c
+@@ -38,8 +38,6 @@
+ #define HAVE_LOOKUP_BUFFER 1
+ #define HAVE_AF 1
+
+-#define __inet_aton inet_aton
+-
+ /* We are nscd, so we don't want to be talking to ourselves. */
+ #undef USE_NSCD
+
+diff --git a/nss/digits_dots.c b/nss/digits_dots.c
+index 39bff38865..5441bce16e 100644
+--- a/nss/digits_dots.c
++++ b/nss/digits_dots.c
+@@ -29,7 +29,6 @@
+ #include "nsswitch.h"
+
+ #ifdef USE_NSCD
+-# define inet_aton __inet_aton
+ # include <nscd/nscd_proto.h>
+ #endif
+
+@@ -160,7 +159,7 @@ __nss_hostname_digits_dots_context (struct resolv_context *ctx,
+ 255.255.255.255? The test below will succeed
+ spuriously... ??? */
+ if (af == AF_INET)
+- ok = __inet_aton (name, (struct in_addr *) host_addr);
++ ok = __inet_aton_exact (name, (struct in_addr *) host_addr);
+ else
+ {
+ assert (af == AF_INET6);
+diff --git a/resolv/Makefile b/resolv/Makefile
+index ea395ac3eb..d36eedd34a 100644
+--- a/resolv/Makefile
++++ b/resolv/Makefile
+@@ -34,6 +34,9 @@ routines := herror inet_addr inet_ntop inet_pton nsap_addr res_init \
+ tests = tst-aton tst-leaks tst-inet_ntop
+ xtests = tst-leaks2
+
++tests-internal += tst-inet_aton_exact
++
++
+ generate := mtrace-tst-leaks.out tst-leaks.mtrace tst-leaks2.mtrace
+
+ extra-libs := libresolv libnss_dns
+@@ -54,8 +57,10 @@ tests += \
+ tst-resolv-binary \
+ tst-resolv-edns \
+ tst-resolv-network \
++ tst-resolv-nondecimal \
+ tst-resolv-res_init-multi \
+ tst-resolv-search \
++ tst-resolv-trailing \
+
+ # These tests need libdl.
+ ifeq (yes,$(build-shared))
+@@ -190,9 +195,11 @@ $(objpfx)tst-resolv-res_init-multi: $(objpfx)libresolv.so \
+ $(shared-thread-library)
+ $(objpfx)tst-resolv-res_init-thread: $(libdl) $(objpfx)libresolv.so \
+ $(shared-thread-library)
++$(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-search: $(objpfx)libresolv.so $(shared-thread-library)
++$(objpfx)tst-resolv-trailing: $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-threads: \
+ $(libdl) $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-canonname: \
+diff --git a/resolv/Versions b/resolv/Versions
+index b05778d965..9a82704af7 100644
+--- a/resolv/Versions
++++ b/resolv/Versions
+@@ -27,6 +27,7 @@ libc {
+ __h_errno; __resp;
+
+ __res_iclose;
++ __inet_aton_exact;
+ __inet_pton_length;
+ __resolv_context_get;
+ __resolv_context_get_preinit;
+diff --git a/resolv/inet_addr.c b/resolv/inet_addr.c
+index 32f58b0e13..41b6166a5b 100644
+--- a/resolv/inet_addr.c
++++ b/resolv/inet_addr.c
+@@ -96,26 +96,14 @@
+ #include <limits.h>
+ #include <errno.h>
+
+-/* ASCII IPv4 Internet address interpretation routine. The value
+- returned is in network order. */
+-in_addr_t
+-__inet_addr (const char *cp)
+-{
+- struct in_addr val;
+-
+- if (__inet_aton (cp, &val))
+- return val.s_addr;
+- return INADDR_NONE;
+-}
+-weak_alias (__inet_addr, inet_addr)
+-
+ /* Check whether "cp" is a valid ASCII representation of an IPv4
+ Internet address and convert it to a binary address. Returns 1 if
+ the address is valid, 0 if not. This replaces inet_addr, the
+ return value from which cannot distinguish between failure and a
+- local broadcast address. */
+-int
+-__inet_aton (const char *cp, struct in_addr *addr)
++ local broadcast address. Write a pointer to the first
++ non-converted character to *endp. */
++static int
++inet_aton_end (const char *cp, struct in_addr *addr, const char **endp)
+ {
+ static const in_addr_t max[4] = { 0xffffffff, 0xffffff, 0xffff, 0xff };
+ in_addr_t val;
+@@ -180,6 +168,7 @@ __inet_aton (const char *cp, struct in_addr *addr)
+
+ if (addr != NULL)
+ addr->s_addr = res.word | htonl (val);
++ *endp = cp;
+
+ __set_errno (saved_errno);
+ return 1;
+@@ -188,6 +177,41 @@ __inet_aton (const char *cp, struct in_addr *addr)
+ __set_errno (saved_errno);
+ return 0;
+ }
+-weak_alias (__inet_aton, inet_aton)
+-libc_hidden_def (__inet_aton)
+-libc_hidden_weak (inet_aton)
++
++int
++__inet_aton_exact (const char *cp, struct in_addr *addr)
++{
++ struct in_addr val;
++ const char *endp;
++ /* Check that inet_aton_end parsed the entire string. */
++ if (inet_aton_end (cp, &val, &endp) != 0 && *endp == 0)
++ {
++ *addr = val;
++ return 1;
++ }
++ else
++ return 0;
++}
++libc_hidden_def (__inet_aton_exact)
++
++/* inet_aton ignores trailing garbage. */
++int
++__inet_aton_ignore_trailing (const char *cp, struct in_addr *addr)
++{
++ const char *endp;
++ return inet_aton_end (cp, addr, &endp);
++}
++weak_alias (__inet_aton_ignore_trailing, inet_aton)
++
++/* ASCII IPv4 Internet address interpretation routine. The value
++ returned is in network order. */
++in_addr_t
++__inet_addr (const char *cp)
++{
++ struct in_addr val;
++ const char *endp;
++ if (inet_aton_end (cp, &val, &endp))
++ return val.s_addr;
++ return INADDR_NONE;
++}
++weak_alias (__inet_addr, inet_addr)
+diff --git a/resolv/res_init.c b/resolv/res_init.c
+index f5e52cbbb9..94743a252e 100644
+--- a/resolv/res_init.c
++++ b/resolv/res_init.c
+@@ -399,8 +399,16 @@ res_vinit_1 (FILE *fp, struct resolv_conf_parser *parser)
+ cp = parser->buffer + sizeof ("nameserver") - 1;
+ while (*cp == ' ' || *cp == '\t')
+ cp++;
++
++ /* Ignore trailing contents on the name server line. */
++ {
++ char *el;
++ if ((el = strpbrk (cp, " \t\n")) != NULL)
++ *el = '\0';
++ }
++
+ struct sockaddr *sa;
+- if ((*cp != '\0') && (*cp != '\n') && __inet_aton (cp, &a))
++ if ((*cp != '\0') && (*cp != '\n') && __inet_aton_exact (cp, &a))
+ {
+ sa = allocate_address_v4 (a, NAMESERVER_PORT);
+ if (sa == NULL)
+@@ -410,9 +418,6 @@ res_vinit_1 (FILE *fp, struct resolv_conf_parser *parser)
+ {
+ struct in6_addr a6;
+ char *el;
+-
+- if ((el = strpbrk (cp, " \t\n")) != NULL)
+- *el = '\0';
+ if ((el = strchr (cp, SCOPE_DELIMITER)) != NULL)
+ *el = '\0';
+ if ((*cp != '\0') && (__inet_pton (AF_INET6, cp, &a6) > 0))
+@@ -472,7 +477,7 @@ res_vinit_1 (FILE *fp, struct resolv_conf_parser *parser)
+ char separator = *cp;
+ *cp = 0;
+ struct resolv_sortlist_entry e;
+- if (__inet_aton (net, &a))
++ if (__inet_aton_exact (net, &a))
+ {
+ e.addr = a;
+ if (is_sort_mask (separator))
+@@ -484,7 +489,7 @@ res_vinit_1 (FILE *fp, struct resolv_conf_parser *parser)
+ cp++;
+ separator = *cp;
+ *cp = 0;
+- if (__inet_aton (net, &a))
++ if (__inet_aton_exact (net, &a))
+ e.mask = a.s_addr;
+ else
+ e.mask = net_mask (e.addr);
+diff --git a/resolv/tst-aton.c b/resolv/tst-aton.c
+index 08110a007a..eb734d7758 100644
+--- a/resolv/tst-aton.c
++++ b/resolv/tst-aton.c
+@@ -1,11 +1,29 @@
++/* Test legacy IPv4 text-to-address function inet_aton.
++ Copyright (C) 1998-2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <array_length.h>
+ #include <stdio.h>
+ #include <stdint.h>
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+
+-
+-static struct tests
++static const struct tests
+ {
+ const char *input;
+ int valid;
+@@ -16,6 +34,7 @@ static struct tests
+ { "-1", 0, 0 },
+ { "256", 1, 0x00000100 },
+ { "256.", 0, 0 },
++ { "255a", 0, 0 },
+ { "256a", 0, 0 },
+ { "0x100", 1, 0x00000100 },
+ { "0200.0x123456", 1, 0x80123456 },
+@@ -40,7 +59,12 @@ static struct tests
+ { "1.2.256.4", 0, 0 },
+ { "1.2.3.0x100", 0, 0 },
+ { "323543357756889", 0, 0 },
+- { "10.1.2.3.4", 0, 0},
++ { "10.1.2.3.4", 0, 0 },
++ { "192.0.2.1", 1, 0xc0000201 },
++ { "192.0.2.2\nX", 1, 0xc0000202 },
++ { "192.0.2.3 Y", 1, 0xc0000203 },
++ { "192.0.2.3Z", 0, 0 },
++ { "192.000.002.010", 1, 0xc0000208 },
+ };
+
+
+@@ -50,7 +74,7 @@ do_test (void)
+ int result = 0;
+ size_t cnt;
+
+- for (cnt = 0; cnt < sizeof (tests) / sizeof (tests[0]); ++cnt)
++ for (cnt = 0; cnt < array_length (tests); ++cnt)
+ {
+ struct in_addr addr;
+
+@@ -73,5 +97,4 @@ do_test (void)
+ return result;
+ }
+
+-#define TEST_FUNCTION do_test ()
+-#include "../test-skeleton.c"
++#include <support/test-driver.c>
+diff --git a/resolv/tst-inet_aton_exact.c b/resolv/tst-inet_aton_exact.c
+new file mode 100644
+index 0000000000..0fdfa3d6aa
+--- /dev/null
++++ b/resolv/tst-inet_aton_exact.c
+@@ -0,0 +1,47 @@
++/* Test internal legacy IPv4 text-to-address function __inet_aton_exact.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <arpa/inet.h>
++#include <support/check.h>
++
++static int
++do_test (void)
++{
++ struct in_addr addr = { };
++
++ TEST_COMPARE (__inet_aton_exact ("192.0.2.1", &addr), 1);
++ TEST_COMPARE (ntohl (addr.s_addr), 0xC0000201);
++
++ TEST_COMPARE (__inet_aton_exact ("192.000.002.010", &addr), 1);
++ TEST_COMPARE (ntohl (addr.s_addr), 0xC0000208);
++ TEST_COMPARE (__inet_aton_exact ("0xC0000234", &addr), 1);
++ TEST_COMPARE (ntohl (addr.s_addr), 0xC0000234);
++
++ /* Trailing content is not accepted. */
++ TEST_COMPARE (__inet_aton_exact ("192.0.2.2X", &addr), 0);
++ TEST_COMPARE (__inet_aton_exact ("192.0.2.3 Y", &addr), 0);
++ TEST_COMPARE (__inet_aton_exact ("192.0.2.4\nZ", &addr), 0);
++ TEST_COMPARE (__inet_aton_exact ("192.0.2.5\tT", &addr), 0);
++ TEST_COMPARE (__inet_aton_exact ("192.0.2.6 Y", &addr), 0);
++ TEST_COMPARE (__inet_aton_exact ("192.0.2.7\n", &addr), 0);
++ TEST_COMPARE (__inet_aton_exact ("192.0.2.8\t", &addr), 0);
++
++ return 0;
++}
++
++#include <support/test-driver.c>
+diff --git a/resolv/tst-resolv-nondecimal.c b/resolv/tst-resolv-nondecimal.c
+new file mode 100644
+index 0000000000..a0df6f332a
+--- /dev/null
++++ b/resolv/tst-resolv-nondecimal.c
+@@ -0,0 +1,139 @@
++/* Test name resolution behavior for octal, hexadecimal IPv4 addresses.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <netdb.h>
++#include <stdlib.h>
++#include <support/check.h>
++#include <support/check_nss.h>
++#include <support/resolv_test.h>
++#include <support/support.h>
++
++static void
++response (const struct resolv_response_context *ctx,
++ struct resolv_response_builder *b,
++ const char *qname, uint16_t qclass, uint16_t qtype)
++{
++ /* The tests are not supposed send any DNS queries. */
++ FAIL_EXIT1 ("unexpected DNS query for %s/%d/%d", qname, qclass, qtype);
++}
++
++static void
++run_query_addrinfo (const char *query, const char *address)
++{
++ char *quoted_query = support_quote_string (query);
++
++ struct addrinfo *ai;
++ struct addrinfo hints =
++ {
++ .ai_socktype = SOCK_STREAM,
++ .ai_protocol = IPPROTO_TCP,
++ };
++
++ char *context = xasprintf ("getaddrinfo \"%s\" AF_INET", quoted_query);
++ char *expected = xasprintf ("address: STREAM/TCP %s 80\n", address);
++ hints.ai_family = AF_INET;
++ int ret = getaddrinfo (query, "80", &hints, &ai);
++ check_addrinfo (context, ai, ret, expected);
++ if (ret == 0)
++ freeaddrinfo (ai);
++ free (context);
++
++ context = xasprintf ("getaddrinfo \"%s\" AF_UNSPEC", quoted_query);
++ hints.ai_family = AF_UNSPEC;
++ ret = getaddrinfo (query, "80", &hints, &ai);
++ check_addrinfo (context, ai, ret, expected);
++ if (ret == 0)
++ freeaddrinfo (ai);
++ free (expected);
++ free (context);
++
++ context = xasprintf ("getaddrinfo \"%s\" AF_INET6", quoted_query);
++ expected = xasprintf ("flags: AI_V4MAPPED\n"
++ "address: STREAM/TCP ::ffff:%s 80\n",
++ address);
++ hints.ai_family = AF_INET6;
++ hints.ai_flags = AI_V4MAPPED;
++ ret = getaddrinfo (query, "80", &hints, &ai);
++ check_addrinfo (context, ai, ret, expected);
++ if (ret == 0)
++ freeaddrinfo (ai);
++ free (expected);
++ free (context);
++
++ free (quoted_query);
++}
++
++static void
++run_query (const char *query, const char *address)
++{
++ char *quoted_query = support_quote_string (query);
++ char *context = xasprintf ("gethostbyname (\"%s\")", quoted_query);
++ char *expected = xasprintf ("name: %s\n"
++ "address: %s\n", query, address);
++ check_hostent (context, gethostbyname (query), expected);
++ free (context);
++
++ context = xasprintf ("gethostbyname_r \"%s\"", quoted_query);
++ struct hostent storage;
++ char buf[4096];
++ struct hostent *e = NULL;
++ TEST_COMPARE (gethostbyname_r (query, &storage, buf, sizeof (buf),
++ &e, &h_errno), 0);
++ check_hostent (context, e, expected);
++ free (context);
++
++ context = xasprintf ("gethostbyname2 (\"%s\", AF_INET)", quoted_query);
++ check_hostent (context, gethostbyname2 (query, AF_INET), expected);
++ free (context);
++
++ context = xasprintf ("gethostbyname2_r \"%s\" AF_INET", quoted_query);
++ e = NULL;
++ TEST_COMPARE (gethostbyname2_r (query, AF_INET, &storage, buf, sizeof (buf),
++ &e, &h_errno), 0);
++ check_hostent (context, e, expected);
++ free (context);
++ free (expected);
++
++ free (quoted_query);
++
++ /* The gethostbyname tests are always valid for getaddrinfo, but not
++ vice versa. */
++ run_query_addrinfo (query, address);
++}
++
++static int
++do_test (void)
++{
++ struct resolv_test *aux = resolv_test_start
++ ((struct resolv_redirect_config)
++ {
++ .response_callback = response,
++ });
++
++ run_query ("192.000.002.010", "192.0.2.8");
++
++ /* Hexadecimal numbers are not accepted by gethostbyname. */
++ run_query_addrinfo ("0xc0000210", "192.0.2.16");
++ run_query_addrinfo ("192.0x234", "192.0.2.52");
++
++ resolv_test_end (aux);
++
++ return 0;
++}
++
++#include <support/test-driver.c>
+diff --git a/resolv/tst-resolv-trailing.c b/resolv/tst-resolv-trailing.c
+new file mode 100644
+index 0000000000..7504bdae57
+--- /dev/null
++++ b/resolv/tst-resolv-trailing.c
+@@ -0,0 +1,136 @@
++/* Test name resolution behavior with trailing characters.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <array_length.h>
++#include <netdb.h>
++#include <support/check.h>
++#include <support/check_nss.h>
++#include <support/resolv_test.h>
++#include <support/support.h>
++
++static void
++response (const struct resolv_response_context *ctx,
++ struct resolv_response_builder *b,
++ const char *qname, uint16_t qclass, uint16_t qtype)
++{
++ /* The tests are not supposed send any DNS queries. */
++ FAIL_EXIT1 ("unexpected DNS query for %s/%d/%d", qname, qclass, qtype);
++}
++
++static int
++do_test (void)
++{
++ struct resolv_test *aux = resolv_test_start
++ ((struct resolv_redirect_config)
++ {
++ .response_callback = response,
++ });
++
++ static const char *const queries[] =
++ {
++ "192.0.2.1 ",
++ "192.0.2.2\t",
++ "192.0.2.3\n",
++ "192.0.2.4 X",
++ "192.0.2.5\tY",
++ "192.0.2.6\nZ",
++ "192.0.2. ",
++ "192.0.2.\t",
++ "192.0.2.\n",
++ "192.0.2. X",
++ "192.0.2.\tY",
++ "192.0.2.\nZ",
++ "2001:db8::1 ",
++ "2001:db8::2\t",
++ "2001:db8::3\n",
++ "2001:db8::4 X",
++ "2001:db8::5\tY",
++ "2001:db8::6\nZ",
++ };
++ for (size_t query_idx = 0; query_idx < array_length (queries); ++query_idx)
++ {
++ const char *query = queries[query_idx];
++ struct hostent storage;
++ char buf[4096];
++ struct hostent *e;
++
++ h_errno = 0;
++ TEST_VERIFY (gethostbyname (query) == NULL);
++ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
++
++ h_errno = 0;
++ e = NULL;
++ TEST_COMPARE (gethostbyname_r (query, &storage, buf, sizeof (buf),
++ &e, &h_errno), 0);
++ TEST_VERIFY (e == NULL);
++ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
++
++ h_errno = 0;
++ TEST_VERIFY (gethostbyname2 (query, AF_INET) == NULL);
++ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
++
++ h_errno = 0;
++ e = NULL;
++ TEST_COMPARE (gethostbyname2_r (query, AF_INET,
++ &storage, buf, sizeof (buf),
++ &e, &h_errno), 0);
++ TEST_VERIFY (e == NULL);
++ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
++
++ h_errno = 0;
++ TEST_VERIFY (gethostbyname2 (query, AF_INET6) == NULL);
++ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
++
++ h_errno = 0;
++ e = NULL;
++ TEST_COMPARE (gethostbyname2_r (query, AF_INET6,
++ &storage, buf, sizeof (buf),
++ &e, &h_errno), 0);
++ TEST_VERIFY (e == NULL);
++ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
++
++ static const int gai_flags[] =
++ {
++ 0,
++ AI_ADDRCONFIG,
++ AI_NUMERICHOST,
++ AI_IDN,
++ AI_IDN | AI_NUMERICHOST,
++ AI_V4MAPPED,
++ AI_V4MAPPED | AI_NUMERICHOST,
++ };
++ for (size_t gai_flags_idx; gai_flags_idx < array_length (gai_flags);
++ ++gai_flags_idx)
++ {
++ struct addrinfo hints = { .ai_flags = gai_flags[gai_flags_idx], };
++ struct addrinfo *ai;
++ hints.ai_family = AF_INET;
++ TEST_COMPARE (getaddrinfo (query, "80", &hints, &ai), EAI_NONAME);
++ hints.ai_family = AF_INET6;
++ TEST_COMPARE (getaddrinfo (query, "80", &hints, &ai), EAI_NONAME);
++ hints.ai_family = AF_UNSPEC;
++ TEST_COMPARE (getaddrinfo (query, "80", &hints, &ai), EAI_NONAME);
++ }
++ };
++
++ resolv_test_end (aux);
++
++ return 0;
++}
++
++#include <support/test-driver.c>
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index 553833d1f2..c91b281e31 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -488,7 +488,7 @@ gaih_inet (const char *name, const struct gaih_service *service,
+ malloc_name = true;
+ }
+
+- if (__inet_aton (name, (struct in_addr *) at->addr) != 0)
++ if (__inet_aton_exact (name, (struct in_addr *) at->addr) != 0)
+ {
+ if (req->ai_family == AF_UNSPEC || req->ai_family == AF_INET)
+ at->family = AF_INET;
+--
+2.20.1
+
+
+From c533244b8e00ae701583ec50aeb43377d292452d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 4 Feb 2019 20:07:18 +0100
+Subject: [PATCH 4/4] nscd: Do not use __inet_aton_exact@GLIBC_PRIVATE [BZ
+ #20018]
+
+This commit avoids referencing the __inet_aton_exact@GLIBC_PRIVATE
+symbol from nscd. In master, the separately-compiled getaddrinfo
+implementation in nscd needs it, however such an internal ABI change
+is not desirable on a release branch if it can be avoided.
+---
+ ChangeLog | 10 ++++++++++
+ nscd/Makefile | 2 +-
+ nscd/gai.c | 6 ++++++
+ nscd/nscd-inet_addr.c | 32 ++++++++++++++++++++++++++++++++
+ 4 files changed, 49 insertions(+), 1 deletion(-)
+ create mode 100644 nscd/nscd-inet_addr.c
+
+diff --git a/nscd/Makefile b/nscd/Makefile
+index b713a84c49..eb23c01a39 100644
+--- a/nscd/Makefile
++++ b/nscd/Makefile
+@@ -36,7 +36,7 @@ nscd-modules := nscd connections pwdcache getpwnam_r getpwuid_r grpcache \
+ getsrvbynm_r getsrvbypt_r servicescache \
+ dbg_log nscd_conf nscd_stat cache mem nscd_setup_thread \
+ xmalloc xstrdup aicache initgrcache gai res_hconf \
+- netgroupcache
++ netgroupcache nscd-inet_addr
+
+ ifeq ($(build-nscd)$(have-thread-library),yesyes)
+
+diff --git a/nscd/gai.c b/nscd/gai.c
+index f57f396f57..68a4abd30e 100644
+--- a/nscd/gai.c
++++ b/nscd/gai.c
+@@ -33,6 +33,12 @@
+ #define __getifaddrs getifaddrs
+ #define __freeifaddrs freeifaddrs
+
++/* We do not want to export __inet_aton_exact. Get the prototype and
++ change its visibility to hidden. */
++#include <arpa/inet.h>
++__typeof__ (__inet_aton_exact) __inet_aton_exact
++ __attribute__ ((visibility ("hidden")));
++
+ /* We are nscd, so we don't want to be talking to ourselves. */
+ #undef USE_NSCD
+
+diff --git a/nscd/nscd-inet_addr.c b/nscd/nscd-inet_addr.c
+new file mode 100644
+index 0000000000..f366b9567d
+--- /dev/null
++++ b/nscd/nscd-inet_addr.c
+@@ -0,0 +1,32 @@
++/* Legacy IPv4 text-to-address functions. Version for nscd.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <arpa/inet.h>
++
++/* We do not want to export __inet_aton_exact. Get the prototype and
++ change the visibility to hidden. */
++#include <arpa/inet.h>
++__typeof__ (__inet_aton_exact) __inet_aton_exact
++ __attribute__ ((visibility ("hidden")));
++
++/* Do not provide definitions of the public symbols exported from
++ libc. */
++#undef weak_alias
++#define weak_alias(from, to)
++
++#include <resolv/inet_addr.c>
+--
+2.20.1
diff --git a/external/poky/meta/recipes-core/glibc/glibc/CVE-2019-6488.patch b/external/poky/meta/recipes-core/glibc/glibc/CVE-2019-6488.patch
new file mode 100644
index 00000000..fa423754
--- /dev/null
+++ b/external/poky/meta/recipes-core/glibc/glibc/CVE-2019-6488.patch
@@ -0,0 +1,274 @@
+From 718016100d889a986c536b595bf6ec0d6ab4b90e Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Fri, 1 Feb 2019 12:17:09 -0800
+Subject: [PATCH] x86-64 memchr/wmemchr: Properly handle the length parameter
+ [BZ #24097]
+Reply-To: muislam@microsoft.com
+
+On x32, the size_t parameter may be passed in the lower 32 bits of a
+64-bit register with the non-zero upper 32 bits. The string/memory
+functions written in assembly can only use the lower 32 bits of a
+64-bit register as length or must clear the upper 32 bits before using
+the full 64-bit register for length.
+
+This pach fixes memchr/wmemchr for x32. Tested on x86-64 and x32. On
+x86-64, libc.so is the same with and withou the fix.
+
+ [BZ #24097]
+ CVE-2019-6488
+ * sysdeps/x86_64/memchr.S: Use RDX_LP for length. Clear the
+ upper 32 bits of RDX register.
+ * sysdeps/x86_64/multiarch/memchr-avx2.S: Likewise.
+ * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memchr and
+ tst-size_t-wmemchr.
+ * sysdeps/x86_64/x32/test-size_t.h: New file.
+ * sysdeps/x86_64/x32/tst-size_t-memchr.c: Likewise.
+ * sysdeps/x86_64/x32/tst-size_t-wmemchr.c: Likewise.
+
+(cherry picked from commit 97700a34f36721b11a754cf37a1cc40695ece1fd)
+
+CVE: CVE-2019-6488
+
+Upstream-Status: Backport
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+---
+ NEWS | 1 -
+ sysdeps/x86_64/memchr.S | 10 ++--
+ sysdeps/x86_64/multiarch/memchr-avx2.S | 8 ++-
+ sysdeps/x86_64/x32/Makefile | 8 +++
+ sysdeps/x86_64/x32/test-size_t.h | 35 ++++++++++++
+ sysdeps/x86_64/x32/tst-size_t-memchr.c | 72 +++++++++++++++++++++++++
+ sysdeps/x86_64/x32/tst-size_t-wmemchr.c | 20 +++++++
+ 7 files changed, 148 insertions(+), 6 deletions(-)
+ create mode 100644 sysdeps/x86_64/x32/test-size_t.h
+ create mode 100644 sysdeps/x86_64/x32/tst-size_t-memchr.c
+ create mode 100644 sysdeps/x86_64/x32/tst-size_t-wmemchr.c
+
+diff --git a/NEWS b/NEWS
+index fd14941128..b158973a30 100644
+--- a/NEWS
++++ b/NEWS
+@@ -17,7 +17,6 @@ The following bugs are resolved with this release:
+ [23606] Missing ENDBR32 in sysdeps/i386/start.S
+ [23679] gethostid: Missing NULL check for gethostbyname_r result
+ [23717] Fix stack overflow in stdlib/tst-setcontext9
+-
+
+ Version 2.28
+
+diff --git a/sysdeps/x86_64/memchr.S b/sysdeps/x86_64/memchr.S
+index feef5d4f24..cb320257a2 100644
+--- a/sysdeps/x86_64/memchr.S
++++ b/sysdeps/x86_64/memchr.S
+@@ -34,12 +34,16 @@ ENTRY(MEMCHR)
+ mov %edi, %ecx
+
+ #ifdef USE_AS_WMEMCHR
+- test %rdx, %rdx
++ test %RDX_LP, %RDX_LP
+ jz L(return_null)
+- shl $2, %rdx
++ shl $2, %RDX_LP
+ #else
++# ifdef __ILP32__
++ /* Clear the upper 32 bits. */
++ movl %edx, %edx
++# endif
+ punpcklbw %xmm1, %xmm1
+- test %rdx, %rdx
++ test %RDX_LP, %RDX_LP
+ jz L(return_null)
+ punpcklbw %xmm1, %xmm1
+ #endif
+diff --git a/sysdeps/x86_64/multiarch/memchr-avx2.S b/sysdeps/x86_64/multiarch/memchr-avx2.S
+index 5f5e772554..c81da19bf0 100644
+--- a/sysdeps/x86_64/multiarch/memchr-avx2.S
++++ b/sysdeps/x86_64/multiarch/memchr-avx2.S
+@@ -40,16 +40,20 @@
+ ENTRY (MEMCHR)
+ # ifndef USE_AS_RAWMEMCHR
+ /* Check for zero length. */
+- testq %rdx, %rdx
++ test %RDX_LP, %RDX_LP
+ jz L(null)
+ # endif
+ movl %edi, %ecx
+ /* Broadcast CHAR to YMM0. */
+ vmovd %esi, %xmm0
+ # ifdef USE_AS_WMEMCHR
+- shl $2, %rdx
++ shl $2, %RDX_LP
+ vpbroadcastd %xmm0, %ymm0
+ # else
++# ifdef __ILP32__
++ /* Clear the upper 32 bits. */
++ movl %edx, %edx
++# endif
+ vpbroadcastb %xmm0, %ymm0
+ # endif
+ /* Check if we may cross page boundary with one vector load. */
+diff --git a/sysdeps/x86_64/x32/Makefile b/sysdeps/x86_64/x32/Makefile
+index f2ebc24fb0..7d528889c6 100644
+--- a/sysdeps/x86_64/x32/Makefile
++++ b/sysdeps/x86_64/x32/Makefile
+@@ -4,3 +4,11 @@ ifeq ($(subdir),math)
+ # 64-bit llround. Add -fno-builtin-lround to silence the compiler.
+ CFLAGS-s_llround.c += -fno-builtin-lround
+ endif
++
++ifeq ($(subdir),string)
++tests += tst-size_t-memchr
++endif
++
++ifeq ($(subdir),wcsmbs)
++tests += tst-size_t-wmemchr
++endif
+diff --git a/sysdeps/x86_64/x32/test-size_t.h b/sysdeps/x86_64/x32/test-size_t.h
+new file mode 100644
+index 0000000000..78a940863e
+--- /dev/null
++++ b/sysdeps/x86_64/x32/test-size_t.h
+@@ -0,0 +1,35 @@
++/* Test string/memory functions with size_t in the lower 32 bits of
++ 64-bit register.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#define TEST_MAIN
++#include <string/test-string.h>
++
++/* On x32, parameter_t may be passed in a 64-bit register with the LEN
++ field in the lower 32 bits. When the LEN field of 64-bit register
++ is passed to string/memory function as the size_t parameter, only
++ the lower 32 bits can be used. */
++typedef struct
++{
++ union
++ {
++ size_t len;
++ void (*fn) (void);
++ };
++ void *p;
++} parameter_t;
+diff --git a/sysdeps/x86_64/x32/tst-size_t-memchr.c b/sysdeps/x86_64/x32/tst-size_t-memchr.c
+new file mode 100644
+index 0000000000..29a3daf102
+--- /dev/null
++++ b/sysdeps/x86_64/x32/tst-size_t-memchr.c
+@@ -0,0 +1,72 @@
++/* Test memchr with size_t in the lower 32 bits of 64-bit register.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#ifndef WIDE
++# define TEST_NAME "memchr"
++#else
++# define TEST_NAME "wmemchr"
++#endif /* WIDE */
++#include "test-size_t.h"
++
++#ifndef WIDE
++# define MEMCHR memchr
++# define CHAR char
++# define UCHAR unsigned char
++#else
++# include <wchar.h>
++# define MEMCHR wmemchr
++# define CHAR wchar_t
++# define UCHAR wchar_t
++#endif /* WIDE */
++
++IMPL (MEMCHR, 1)
++
++typedef CHAR * (*proto_t) (const CHAR*, int, size_t);
++
++static CHAR *
++__attribute__ ((noinline, noclone))
++do_memchr (parameter_t a, parameter_t b)
++{
++ return CALL (&b, a.p, (uintptr_t) b.p, a.len);
++}
++
++static int
++test_main (void)
++{
++ test_init ();
++
++ parameter_t src = { { page_size / sizeof (CHAR) }, buf2 };
++ parameter_t c = { { 0 }, (void *) (uintptr_t) 0x12 };
++
++ int ret = 0;
++ FOR_EACH_IMPL (impl, 0)
++ {
++ c.fn = impl->fn;
++ CHAR *res = do_memchr (src, c);
++ if (res)
++ {
++ error (0, 0, "Wrong result in function %s: %p != NULL",
++ impl->name, res);
++ ret = 1;
++ }
++ }
++
++ return ret ? EXIT_FAILURE : EXIT_SUCCESS;
++}
++
++#include <support/test-driver.c>
+diff --git a/sysdeps/x86_64/x32/tst-size_t-wmemchr.c b/sysdeps/x86_64/x32/tst-size_t-wmemchr.c
+new file mode 100644
+index 0000000000..877801d646
+--- /dev/null
++++ b/sysdeps/x86_64/x32/tst-size_t-wmemchr.c
+@@ -0,0 +1,20 @@
++/* Test wmemchr with size_t in the lower 32 bits of 64-bit register.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#define WIDE 1
++#include "tst-size_t-memchr.c"
+--
+2.23.0
+
diff --git a/external/poky/meta/recipes-core/glibc/glibc/CVE-2019-7309.patch b/external/poky/meta/recipes-core/glibc/glibc/CVE-2019-7309.patch
new file mode 100644
index 00000000..04963c29
--- /dev/null
+++ b/external/poky/meta/recipes-core/glibc/glibc/CVE-2019-7309.patch
@@ -0,0 +1,207 @@
+From af7f46c45a60e6df754fb6258b546917e61ae6f1 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Mon, 4 Feb 2019 08:55:52 -0800
+Subject: [PATCH] x86-64 memcmp: Use unsigned Jcc instructions on size [BZ
+ #24155]
+Reply-To: muislam@microsoft.com
+
+Since the size argument is unsigned. we should use unsigned Jcc
+instructions, instead of signed, to check size.
+
+Tested on x86-64 and x32, with and without --disable-multi-arch.
+
+ [BZ #24155]
+ CVE-2019-7309
+ * NEWS: Updated for CVE-2019-7309.
+ * sysdeps/x86_64/memcmp.S: Use RDX_LP for size. Clear the
+ upper 32 bits of RDX register for x32. Use unsigned Jcc
+ instructions, instead of signed.
+ * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memcmp-2.
+ * sysdeps/x86_64/x32/tst-size_t-memcmp-2.c: New test.
+
+(cherry picked from commit 3f635fb43389b54f682fc9ed2acc0b2aaf4a923d)
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+
+CVE: CVE-2019-7309
+
+Upstream-Status: Backport
+---
+ sysdeps/x86_64/memcmp.S | 20 +++---
+ sysdeps/x86_64/x32/Makefile | 2 +-
+ sysdeps/x86_64/x32/tst-size_t-memcmp-2.c | 79 ++++++++++++++++++++++++
+ 3 files changed, 92 insertions(+), 9 deletions(-)
+ create mode 100644 sysdeps/x86_64/x32/tst-size_t-memcmp-2.c
+
+diff --git a/sysdeps/x86_64/memcmp.S b/sysdeps/x86_64/memcmp.S
+index bcb4a2e88d..45918d375a 100644
+--- a/sysdeps/x86_64/memcmp.S
++++ b/sysdeps/x86_64/memcmp.S
+@@ -21,14 +21,18 @@
+
+ .text
+ ENTRY (memcmp)
+- test %rdx, %rdx
++#ifdef __ILP32__
++ /* Clear the upper 32 bits. */
++ movl %edx, %edx
++#endif
++ test %RDX_LP, %RDX_LP
+ jz L(finz)
+ cmpq $1, %rdx
+- jle L(finr1b)
++ jbe L(finr1b)
+ subq %rdi, %rsi
+ movq %rdx, %r10
+ cmpq $32, %r10
+- jge L(gt32)
++ jae L(gt32)
+ /* Handle small chunks and last block of less than 32 bytes. */
+ L(small):
+ testq $1, %r10
+@@ -156,7 +160,7 @@ L(A32):
+ movq %r11, %r10
+ andq $-32, %r10
+ cmpq %r10, %rdi
+- jge L(mt16)
++ jae L(mt16)
+ /* Pre-unroll to be ready for unrolled 64B loop. */
+ testq $32, %rdi
+ jz L(A64)
+@@ -178,7 +182,7 @@ L(A64):
+ movq %r11, %r10
+ andq $-64, %r10
+ cmpq %r10, %rdi
+- jge L(mt32)
++ jae L(mt32)
+
+ L(A64main):
+ movdqu (%rdi,%rsi), %xmm0
+@@ -216,7 +220,7 @@ L(mt32):
+ movq %r11, %r10
+ andq $-32, %r10
+ cmpq %r10, %rdi
+- jge L(mt16)
++ jae L(mt16)
+
+ L(A32main):
+ movdqu (%rdi,%rsi), %xmm0
+@@ -254,7 +258,7 @@ L(ATR):
+ movq %r11, %r10
+ andq $-32, %r10
+ cmpq %r10, %rdi
+- jge L(mt16)
++ jae L(mt16)
+ testq $16, %rdi
+ jz L(ATR32)
+
+@@ -325,7 +329,7 @@ L(ATR64main):
+ movq %r11, %r10
+ andq $-32, %r10
+ cmpq %r10, %rdi
+- jge L(mt16)
++ jae L(mt16)
+
+ L(ATR32res):
+ movdqa (%rdi,%rsi), %xmm0
+diff --git a/sysdeps/x86_64/x32/Makefile b/sysdeps/x86_64/x32/Makefile
+index 7d528889c6..c9850beeb5 100644
+--- a/sysdeps/x86_64/x32/Makefile
++++ b/sysdeps/x86_64/x32/Makefile
+@@ -6,7 +6,7 @@ CFLAGS-s_llround.c += -fno-builtin-lround
+ endif
+
+ ifeq ($(subdir),string)
+-tests += tst-size_t-memchr
++tests += tst-size_t-memchr tst-size_t-memcmp-2
+ endif
+
+ ifeq ($(subdir),wcsmbs)
+diff --git a/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c b/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c
+new file mode 100644
+index 0000000000..d8ae1a0813
+--- /dev/null
++++ b/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c
+@@ -0,0 +1,79 @@
++/* Test memcmp with size_t in the lower 32 bits of 64-bit register.
++ Copyright (C) 2019 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#define TEST_MAIN
++#ifdef WIDE
++# define TEST_NAME "wmemcmp"
++#else
++# define TEST_NAME "memcmp"
++#endif
++
++#include "test-size_t.h"
++
++#ifdef WIDE
++# include <inttypes.h>
++# include <wchar.h>
++
++# define MEMCMP wmemcmp
++# define CHAR wchar_t
++#else
++# define MEMCMP memcmp
++# define CHAR char
++#endif
++
++IMPL (MEMCMP, 1)
++
++typedef int (*proto_t) (const CHAR *, const CHAR *, size_t);
++
++static int
++__attribute__ ((noinline, noclone))
++do_memcmp (parameter_t a, parameter_t b)
++{
++ return CALL (&b, a.p, b.p, a.len);
++}
++
++static int
++test_main (void)
++{
++ test_init ();
++
++ parameter_t dest = { { page_size / sizeof (CHAR) }, buf1 };
++ parameter_t src = { { 0 }, buf2 };
++
++ memcpy (buf1, buf2, page_size);
++
++ CHAR *p = (CHAR *) buf1;
++ p[page_size / sizeof (CHAR) - 1] = (CHAR) 1;
++
++ int ret = 0;
++ FOR_EACH_IMPL (impl, 0)
++ {
++ src.fn = impl->fn;
++ int res = do_memcmp (dest, src);
++ if (res >= 0)
++ {
++ error (0, 0, "Wrong result in function %s: %i >= 0",
++ impl->name, res);
++ ret = 1;
++ }
++ }
++
++ return ret ? EXIT_FAILURE : EXIT_SUCCESS;
++}
++
++#include <support/test-driver.c>
+--
+2.23.0
+
diff --git a/external/poky/meta/recipes-core/glibc/glibc_2.28.bb b/external/poky/meta/recipes-core/glibc/glibc_2.28.bb
index 0839fa12..4e6ee4dc 100644
--- a/external/poky/meta/recipes-core/glibc/glibc_2.28.bb
+++ b/external/poky/meta/recipes-core/glibc/glibc_2.28.bb
@@ -50,6 +50,8 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://CVE-2019-9169.patch \
file://CVE-2016-10739.patch \
file://CVE-2018-19591.patch \
+ file://CVE-2019-6488.patch \
+ file://CVE-2019-7309.patch \
"
NATIVESDKFIXES ?= ""
diff --git a/external/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/external/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index d9d6c1e4..2099a124 100644
--- a/external/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/external/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -22,7 +22,7 @@ IMAGE_FSTYPES = "wic.vmdk"
inherit core-image module-base setuptools3
-SRCREV ?= "9dfebdaf7af11b69006996f3253e435bce0dfbfb"
+SRCREV ?= "2c5af52109bca8c0452b1539589cf073f6f0064a"
SRC_URI = "git://git.yoctoproject.org/poky;branch=thud \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
diff --git a/external/poky/meta/recipes-core/meta/cve-update-db-native.bb b/external/poky/meta/recipes-core/meta/cve-update-db-native.bb
new file mode 100644
index 00000000..db1d69a2
--- /dev/null
+++ b/external/poky/meta/recipes-core/meta/cve-update-db-native.bb
@@ -0,0 +1,185 @@
+SUMMARY = "Updates the NVD CVE database"
+LICENSE = "MIT"
+
+INHIBIT_DEFAULT_DEPS = "1"
+
+inherit native
+
+deltask do_unpack
+deltask do_patch
+deltask do_configure
+deltask do_compile
+deltask do_install
+deltask do_populate_sysroot
+
+python () {
+ if not d.getVar("CVE_CHECK_DB_FILE"):
+ raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
+}
+
+python do_populate_cve_db() {
+ """
+ Update NVD database with json data feed
+ """
+ import bb.utils
+ import sqlite3, urllib, urllib.parse, shutil, gzip
+ from datetime import date
+
+ bb.utils.export_proxies(d)
+
+ BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"
+ YEAR_START = 2002
+
+ db_file = d.getVar("CVE_CHECK_DB_FILE")
+ db_dir = os.path.dirname(db_file)
+ json_tmpfile = os.path.join(db_dir, 'nvd.json.gz')
+
+ # Don't refresh the database more than once an hour
+ try:
+ import time
+ if time.time() - os.path.getmtime(db_file) < (60*60):
+ return
+ except OSError:
+ pass
+
+ cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a')
+
+ if not os.path.isdir(db_dir):
+ os.mkdir(db_dir)
+
+ # Connect to database
+ conn = sqlite3.connect(db_file)
+ c = conn.cursor()
+
+ initialize_db(c)
+
+ for year in range(YEAR_START, date.today().year + 1):
+ year_url = BASE_URL + str(year)
+ meta_url = year_url + ".meta"
+ json_url = year_url + ".json.gz"
+
+ # Retrieve meta last modified date
+ response = urllib.request.urlopen(meta_url)
+ if response:
+ for l in response.read().decode("utf-8").splitlines():
+ key, value = l.split(":", 1)
+ if key == "lastModifiedDate":
+ last_modified = value
+ break
+ else:
+ bb.warn("Cannot parse CVE metadata, update failed")
+ return
+
+ # Compare with current db last modified date
+ c.execute("select DATE from META where YEAR = ?", (year,))
+ meta = c.fetchone()
+ if not meta or meta[0] != last_modified:
+ # Clear products table entries corresponding to current year
+ c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,))
+
+ # Update db with current year json file
+ try:
+ response = urllib.request.urlopen(json_url)
+ if response:
+ update_db(c, gzip.decompress(response.read()).decode('utf-8'))
+ c.execute("insert or replace into META values (?, ?)", [year, last_modified])
+ except urllib.error.URLError as e:
+ cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
+ bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
+ return
+
+ # Update success, set the date to cve_check file.
+ if year == date.today().year:
+ cve_f.write('CVE database update : %s\n\n' % date.today())
+
+ cve_f.close()
+ conn.commit()
+ conn.close()
+}
+
+def initialize_db(c):
+ c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
+
+ c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
+ SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
+
+ c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
+ VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
+ VERSION_END TEXT, OPERATOR_END TEXT)")
+ c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);")
+
+def parse_node_and_insert(c, node, cveId):
+ # Parse children node if needed
+ for child in node.get('children', ()):
+ parse_node_and_insert(c, child, cveId)
+
+ def cpe_generator():
+ for cpe in node.get('cpe_match', ()):
+ if not cpe['vulnerable']:
+ return
+ cpe23 = cpe['cpe23Uri'].split(':')
+ vendor = cpe23[3]
+ product = cpe23[4]
+ version = cpe23[5]
+
+ if version != '*':
+ # Version is defined, this is a '=' match
+ yield [cveId, vendor, product, version, '=', '', '']
+ else:
+ # Parse start version, end version and operators
+ op_start = ''
+ op_end = ''
+ v_start = ''
+ v_end = ''
+
+ if 'versionStartIncluding' in cpe:
+ op_start = '>='
+ v_start = cpe['versionStartIncluding']
+
+ if 'versionStartExcluding' in cpe:
+ op_start = '>'
+ v_start = cpe['versionStartExcluding']
+
+ if 'versionEndIncluding' in cpe:
+ op_end = '<='
+ v_end = cpe['versionEndIncluding']
+
+ if 'versionEndExcluding' in cpe:
+ op_end = '<'
+ v_end = cpe['versionEndExcluding']
+
+ yield [cveId, vendor, product, v_start, op_start, v_end, op_end]
+
+ c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())
+
+def update_db(c, jsondata):
+ import json
+ root = json.loads(jsondata)
+
+ for elt in root['CVE_Items']:
+ if not elt['impact']:
+ continue
+
+ cveId = elt['cve']['CVE_data_meta']['ID']
+ cveDesc = elt['cve']['description']['description_data'][0]['value']
+ date = elt['lastModifiedDate']
+ accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
+ cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
+
+ try:
+ cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
+ except:
+ cvssv3 = 0.0
+
+ c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
+ [cveId, cveDesc, cvssv2, cvssv3, date, accessVector])
+
+ configurations = elt['configurations']['nodes']
+ for config in configurations:
+ parse_node_and_insert(c, config, cveId)
+
+
+addtask do_populate_cve_db before do_fetch
+do_populate_cve_db[nostamp] = "1"
+
+EXCLUDE_FROM_WORLD = "1"