Cannot update Yocto Bitbake Recipe for Bzip2 from 1.0.6 to 1.0.7 for CVE-2019-12900 for Nvidia Jetson Nano

On Ubuntu 18.04 I am trying to build a Yocto SD Card Image for the Nvidia Jetson Nano using the "meta-tegra" layer. I ran into the recent bzip2 issue that requires the latest bzip2 ( 1.0.7 ) to fix as detailed in these forum posts:

I found the latest bzip2 source here:

I tried playing with ${WORKDIR}, ${S}, do_compile_append, and do_install_append, however I keep getting errors related to the wrong source directory. I basically took the OE Bzip2 1.0.6 recipe and change the version source and checksums.

Please help me fix this build issue with yocto - thanks!

Bitbake Failure:

Initialising tasks: 100% |##########################################################################| Time: 0:00:00
Sstate summary: Wanted 382 Found 0 Missed 382 Current 45 (0% match, 10% complete)
NOTE: Executing SetScene Tasks
NOTE: Executing RunQueue Tasks
ERROR: bzip2-native-1.0.7-r5 do_compile: oe_runmake failed
ERROR: bzip2-native-1.0.7-r5 do_compile: Function failed: do_compile (log file is located at /home/ubuntu/Desktop/mts-jetson-yocto/build/tmp/work/x86_64-linux/bzip2-native/1.0.7-r5/temp/log.do_compile.115964)
ERROR: Logfile of failure stored in: /home/ubuntu/Desktop/mts-jetson-yocto/build/tmp/work/x86_64-linux/bzip2-native/1.0.7-r5/temp/log.do_compile.115964
Log data follows:
| DEBUG: Executing shell function do_compile
| NOTE: make -j 128
| make: *** No targets specified and no makefile found.  Stop.
| ERROR: oe_runmake failed
| WARNING: exit code 1 from a shell command.
| ERROR: Function failed: do_compile (log file is located at /home/ubuntu/Desktop/mts-jetson-yocto/build/tmp/work/x86_64-linux/bzip2-native/1.0.7-r5/temp/log.do_compile.115964)
ERROR: Task (virtual:native:/home/ubuntu/Desktop/mts-jetson-yocto/layers/meta-mts/recipes-extended/bzip2/ failed with exit code '1'

Second Keyboard Interrupt, stopping...

Summary: 1 task failed:
Summary: There were 2 ERROR messages shown, returning a non-zero exit code.

Current Broken Bitbake recipe:

SECTION = "console/utils"
LICENSE = "bzip2"
LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;endline=37;md5=39406315f540c69bd05b1531daedd2ae"
PR = "r5"

SRC_URI = " \

#WORKDIR = "${WORKDIR}/bzip-1.0.7"
#S = "${WORKDIR}/bzip2-1.0.7"

#do_compile_prepend() {
#       cd ../

#do_install_prepend() {
#       cd ../

SRC_URI[md5sum] = "1a6a61cc867be4f3d6549037a09bf13e"
SRC_URI[sha256sum] = "e768a87c5b1a79511499beb41500bcc4caf203726fff46a6f5f9ad27fe08ab2b"


PACKAGES =+ "libbz2"

CFLAGS_append = " -fPIC -fpic -Winline -fno-strength-reduce -D_FILE_OFFSET_BITS=64"

inherit autotools update-alternatives ptest relative_symlinks

ALTERNATIVE_${PN} = "bunzip2 bzcat bzip2"

#install binaries to bzip2-native under sysroot for replacement-native
EXTRA_OECONF_append_class-native = " --bindir=${STAGING_BINDIR_NATIVE}/${PN}"

do_install_ptest () {
        sed -i -e "s|^Makefile:|_Makefile:|" ${D}${PTEST_PATH}/Makefile

FILES_libbz2 = "${libdir}/lib*${SOLIBS}"

PROVIDES_append_class-native = " bzip2-replacement-native"
BBCLASSEXTEND = "native nativesdk"

#addtask fix_path before do_compile


  • Two ideas:

    1. Just apply the patch for the security issue, much easier. This patch is already on the oe-core list.
    2. Take the upgrade patch that is also on the list