diff options
Diffstat (limited to 'poky/meta/recipes-support')
68 files changed, 456 insertions, 755 deletions
diff --git a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb b/poky/meta/recipes-support/apr/apr-util_1.6.1.bb index 0dd8f025e..f7d827a1d 100644 --- a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb +++ b/poky/meta/recipes-support/apr/apr-util_1.6.1.bb @@ -19,10 +19,9 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.gz \ SRC_URI[md5sum] = "bd502b9a8670a8012c4d90c31a84955f" SRC_URI[sha256sum] = "b65e40713da57d004123b6319828be7f1273fbc6490e145874ee1177e112c459" -EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ +EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ --without-odbc \ --without-pgsql \ - --with-dbm=gdbm \ --without-sqlite2 \ --with-expat=${STAGING_DIR_HOST}${prefix}" @@ -69,7 +68,7 @@ PACKAGECONFIG ??= "crypto gdbm" PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap" PACKAGECONFIG[crypto] = "--with-openssl=${STAGING_DIR_HOST}${prefix} --with-crypto,--without-crypto,openssl" PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_DIR_HOST}${prefix},--without-sqlite3,sqlite3" -PACKAGECONFIG[gdbm] = "--with-gdbm=${STAGING_DIR_HOST}${prefix},--without-gdbm,gdbm" +PACKAGECONFIG[gdbm] = "--with-dbm=gdbm --with-gdbm=${STAGING_DIR_HOST}${prefix},--without-gdbm,gdbm" #files ${libdir}/apr-util-1/*.so are not symlinks but loadable modules thus they are packaged in ${PN} FILES_${PN} += "${libdir}/apr-util-1/apr*${SOLIBS} ${libdir}/apr-util-1/apr*${SOLIBSDEV}" diff --git a/poky/meta/recipes-support/apr/apr/autoconf270.patch b/poky/meta/recipes-support/apr/apr/autoconf270.patch new file mode 100644 index 000000000..9f7b5c624 --- /dev/null +++ b/poky/meta/recipes-support/apr/apr/autoconf270.patch @@ -0,0 +1,22 @@ +With autoconf 2.70 confdefs.h is already included. Including it twice generates +compiler warnings and since this macros is to error on warnings, it breaks. + +Fix by not including the file. + +Upstream-Status: Pending +RP - 2021/1/28 + +Index: apr-1.7.0/build/apr_common.m4 +=================================================================== +--- apr-1.7.0.orig/build/apr_common.m4 ++++ apr-1.7.0/build/apr_common.m4 +@@ -505,8 +505,7 @@ AC_DEFUN([APR_TRY_COMPILE_NO_WARNING], + fi + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( +- [#include "confdefs.h" +- ] ++ [] + [[$1]] + [int main(int argc, const char *const *argv) {] + [[$2]] diff --git a/poky/meta/recipes-support/apr/apr_1.7.0.bb b/poky/meta/recipes-support/apr/apr_1.7.0.bb index 7073af8c9..f879e2864 100644 --- a/poky/meta/recipes-support/apr/apr_1.7.0.bb +++ b/poky/meta/recipes-support/apr/apr_1.7.0.bb @@ -1,4 +1,8 @@ SUMMARY = "Apache Portable Runtime (APR) library" +DESCRIPTION = "The Apache Portable Runtime (APR) is a supporting library for the \ +Apache web server. It provides a set of APIs that map to the underlying \ +operating system (OS). Where the OS does not support a particular function, \ +APR will provide an emulation." HOMEPAGE = "http://apr.apache.org/" SECTION = "libs" DEPENDS = "util-linux" @@ -19,6 +23,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \ file://libtoolize_check.patch \ file://0001-Add-option-to-disable-timed-dependant-tests.patch \ + file://autoconf270.patch \ " SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7" diff --git a/poky/meta/recipes-support/aspell/aspell_0.60.8.bb b/poky/meta/recipes-support/aspell/aspell_0.60.8.bb index 629987810..f1d931b39 100644 --- a/poky/meta/recipes-support/aspell/aspell_0.60.8.bb +++ b/poky/meta/recipes-support/aspell/aspell_0.60.8.bb @@ -1,4 +1,8 @@ SUMMARY = "GNU Aspell spell-checker" +DESCRIPTION = "GNU Aspell is a spell-checker which can be used either as a \ +standalone application or embedded in other programs. Its main feature is that \ +it does a much better job of suggesting possible spellings than just about any \ +other spell-checker available for the English language" SECTION = "console/utils" LICENSE = "LGPLv2 | LGPLv2.1" diff --git a/poky/meta/recipes-support/atk/at-spi2-core_2.38.0.bb b/poky/meta/recipes-support/atk/at-spi2-core_2.38.0.bb index 88add83dd..a0657950b 100644 --- a/poky/meta/recipes-support/atk/at-spi2-core_2.38.0.bb +++ b/poky/meta/recipes-support/atk/at-spi2-core_2.38.0.bb @@ -1,4 +1,6 @@ SUMMARY = "Assistive Technology Service Provider Interface (dbus core)" +DESCRIPTION = "At-Spi2 is a protocol over DBus, toolkit widgets use it to \ +provide their content to screen readers such as Orca." HOMEPAGE = "https://wiki.linuxfoundation.org/accessibility/d-bus" LICENSE = "LGPL-2.1+" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" diff --git a/poky/meta/recipes-support/attr/acl_2.2.53.bb b/poky/meta/recipes-support/attr/acl_2.2.53.bb index 5bb50f77f..b120c1f16 100644 --- a/poky/meta/recipes-support/attr/acl_2.2.53.bb +++ b/poky/meta/recipes-support/attr/acl_2.2.53.bb @@ -1,5 +1,7 @@ SUMMARY = "Utilities for managing POSIX Access Control Lists" HOMEPAGE = "http://savannah.nongnu.org/projects/acl/" +DESCRIPTION = "ACL allows you to provide different levels of access to files \ +and folders for different users." SECTION = "libs" LICENSE = "LGPLv2.1+ & GPLv2+" diff --git a/poky/meta/recipes-support/attr/attr.inc b/poky/meta/recipes-support/attr/attr.inc index 0c3330a68..97bca4698 100644 --- a/poky/meta/recipes-support/attr/attr.inc +++ b/poky/meta/recipes-support/attr/attr.inc @@ -1,4 +1,8 @@ SUMMARY = "Utilities for manipulating filesystem extended attributes" +DESCRIPTION = "A set of tools for manipulating extended attributes on filesystem \ +objects, in particular getfattr(1) and setfattr(1). An attr(1) command \ +is also provided which is largely compatible with the SGI IRIX tool of \ +the same name." HOMEPAGE = "http://savannah.nongnu.org/projects/attr/" SECTION = "libs" diff --git a/poky/meta/recipes-support/bash-completion/bash-completion_2.11.bb b/poky/meta/recipes-support/bash-completion/bash-completion_2.11.bb index bab8a018c..f00e0fc5b 100644 --- a/poky/meta/recipes-support/bash-completion/bash-completion_2.11.bb +++ b/poky/meta/recipes-support/bash-completion/bash-completion_2.11.bb @@ -1,4 +1,6 @@ SUMMARY = "Programmable Completion for Bash 4" +DESCRIPTION = "bash completion extends bash's standard completion behavior to \ +achieve complex command lines with just a few keystrokes." HOMEPAGE = "https://github.com/scop/bash-completion" BUGTRACKER = "https://github.com/scop/bash-completion/issues" diff --git a/poky/meta/recipes-support/boost/boost-1.74.0.inc b/poky/meta/recipes-support/boost/boost-1.75.0.inc index b47fdaf09..e5a8488c5 100644 --- a/poky/meta/recipes-support/boost/boost-1.74.0.inc +++ b/poky/meta/recipes-support/boost/boost-1.75.0.inc @@ -12,7 +12,7 @@ BOOST_MAJ = "${@"_".join(d.getVar("PV").split(".")[0:2])}" BOOST_P = "boost_${BOOST_VER}" SRC_URI = "https://dl.bintray.com/boostorg/release/${PV}/source/${BOOST_P}.tar.bz2" -SRC_URI[sha256sum] = "83bfc1507731a0906e387fc28b7ef5417d591429e51e788417fe9ff025e116b1" +SRC_URI[sha256sum] = "953db31e016db7bb207f11432bef7df100516eeb746843fa0486a222e3fd49cb" UPSTREAM_CHECK_URI = "http://www.boost.org/users/download/" UPSTREAM_CHECK_REGEX = "boostorg/release/(?P<pver>.*)/source/" diff --git a/poky/meta/recipes-support/boost/boost.inc b/poky/meta/recipes-support/boost/boost.inc index cbf9cad70..c9bb17854 100644 --- a/poky/meta/recipes-support/boost/boost.inc +++ b/poky/meta/recipes-support/boost/boost.inc @@ -59,10 +59,13 @@ PACKAGES = "${PN}-dbg ${BOOST_PACKAGES}" python __anonymous () { packages = [] extras = [] + pn = d.getVar("PN") mlprefix = d.getVar("MLPREFIX") for lib in d.getVar('BOOST_LIBS').split(): extras.append("--with-%s" % lib) pkg = "boost-%s" % (lib.replace("_", "-")) + if "-native" in pn: + pkg = pkg + "-native" packages.append(mlprefix + pkg) if not d.getVar("FILES_%s" % pkg): d.setVar("FILES_%s%s" % (mlprefix, pkg), "${libdir}/libboost_%s*.so.*" % lib) diff --git a/poky/meta/recipes-support/boost/boost/0001-Apply-boost-1.62.0-no-forced-flags.patch.patch b/poky/meta/recipes-support/boost/boost/0001-Apply-boost-1.62.0-no-forced-flags.patch.patch deleted file mode 100644 index 169906344..000000000 --- a/poky/meta/recipes-support/boost/boost/0001-Apply-boost-1.62.0-no-forced-flags.patch.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 8845a786598f1d9e83aa1b7d2966b0d1eb765ba0 Mon Sep 17 00:00:00 2001 -From: Christopher Larson <chris_larson@mentor.com> -Date: Tue, 13 Dec 2016 10:14:31 -0700 -Subject: [PATCH 1/3] Apply boost-1.62.0-no-forced-flags.patch - -Upstream-Status: Inappropriate -Signed-off-by: Christopher Larson <chris_larson@mentor.com> ---- - libs/log/build/Jamfile.v2 | 4 ++-- - libs/log/config/x86-ext/Jamfile.jam | 16 ++++++++-------- - libs/log/src/dump_avx2.cpp | 4 ++++ - libs/log/src/dump_ssse3.cpp | 4 ++++ - 4 files changed, 18 insertions(+), 10 deletions(-) - -diff --git a/libs/log/build/Jamfile.v2 b/libs/log/build/Jamfile.v2 -index 4abbdbc..b3016fc 100644 ---- a/libs/log/build/Jamfile.v2 -+++ b/libs/log/build/Jamfile.v2 -@@ -373,7 +373,7 @@ rule avx2-targets-cond ( properties * ) - } - else if <toolset>clang in $(properties) - { -- result = <cxxflags>"-mavx -mavx2" ; -+ result = <cxxflags> ; - } - else if <toolset>intel in $(properties) - { -@@ -383,7 +383,7 @@ rule avx2-targets-cond ( properties * ) - } - else - { -- result = <cxxflags>"-xCORE-AVX2 -fabi-version=0" ; -+ result = <cxxflags>"-fabi-version=0" ; - } - } - else if <toolset>msvc in $(properties) -diff --git a/libs/log/config/x86-ext/Jamfile.jam b/libs/log/config/x86-ext/Jamfile.jam -index 0e9695a..dcc394d 100644 ---- a/libs/log/config/x86-ext/Jamfile.jam -+++ b/libs/log/config/x86-ext/Jamfile.jam -@@ -15,19 +15,19 @@ project /boost/log/x86-extensions - - obj ssse3 : ssse3.cpp - : -- <toolset>gcc:<cxxflags>"-msse -msse2 -msse3 -mssse3" -- <toolset>clang:<cxxflags>"-msse -msse2 -msse3 -mssse3" -- <toolset>intel-linux:<cxxflags>"-xSSSE3" -- <toolset>intel-darwin:<cxxflags>"-xSSSE3" -+ <toolset>gcc:<cxxflags> -+ <toolset>clang:<cxxflags> -+ <toolset>intel-linux:<cxxflags> -+ <toolset>intel-darwin:<cxxflags> - <toolset>intel-win:<cxxflags>"/QxSSSE3" - ; - - obj avx2 : avx2.cpp - : -- <toolset>gcc:<cxxflags>"-mavx -mavx2 -fabi-version=0" -- <toolset>clang:<cxxflags>"-mavx -mavx2" -- <toolset>intel-linux:<cxxflags>"-xCORE-AVX2 -fabi-version=0" -- <toolset>intel-darwin:<cxxflags>"-xCORE-AVX2 -fabi-version=0" -+ <toolset>gcc:<cxxflags>"-fabi-version=0" -+ <toolset>clang:<cxxflags> -+ <toolset>intel-linux:<cxxflags>"-fabi-version=0" -+ <toolset>intel-darwin:<cxxflags>"-fabi-version=0" - <toolset>intel-win:<cxxflags>"/arch:CORE-AVX2" - <toolset>msvc:<cxxflags>"/arch:AVX" - ; -diff --git a/libs/log/src/dump_avx2.cpp b/libs/log/src/dump_avx2.cpp -index 4ab1250..610fc6d 100644 ---- a/libs/log/src/dump_avx2.cpp -+++ b/libs/log/src/dump_avx2.cpp -@@ -22,6 +22,10 @@ - #include <boost/cstdint.hpp> - #include <boost/log/detail/header.hpp> - -+#if !defined(__AVX2__) -+#error "AVX2 Unsupported!" -+#endif -+ - #if defined(__x86_64) || defined(__x86_64__) || \ - defined(__amd64__) || defined(__amd64) || \ - defined(_M_X64) -diff --git a/libs/log/src/dump_ssse3.cpp b/libs/log/src/dump_ssse3.cpp -index 1325b49..60d4112 100644 ---- a/libs/log/src/dump_ssse3.cpp -+++ b/libs/log/src/dump_ssse3.cpp -@@ -22,6 +22,10 @@ - #include <boost/cstdint.hpp> - #include <boost/log/detail/header.hpp> - -+#if !defined(__SSSE3__) -+#error "SSSE3 Unsupported!" -+#endif -+ - #if defined(__x86_64) || defined(__x86_64__) || \ - defined(__amd64__) || defined(__amd64) || \ - defined(_M_X64) --- -2.8.0 diff --git a/poky/meta/recipes-support/boost/boost/arm-intrinsics.patch b/poky/meta/recipes-support/boost/boost/arm-intrinsics.patch deleted file mode 100644 index fe85c69a8..000000000 --- a/poky/meta/recipes-support/boost/boost/arm-intrinsics.patch +++ /dev/null @@ -1,55 +0,0 @@ -Upstream-Status: Backport - -8/17/2010 - rebased to 1.44 by Qing He <qing.he@intel.com> - -diff --git a/boost/smart_ptr/detail/atomic_count_sync.hpp b/boost/smart_ptr/detail/atomic_count_sync.hpp -index b6359b5..78b1cc2 100644 ---- a/boost/smart_ptr/detail/atomic_count_sync.hpp -+++ b/boost/smart_ptr/detail/atomic_count_sync.hpp -@@ -33,17 +33,46 @@ public: - - long operator++() - { -+#ifdef __ARM_ARCH_7A__ -+ int v1, tmp; -+ asm volatile ("1: \n\t" -+ "ldrex %0, %1 \n\t" -+ "add %0 ,%0, #1 \n\t" -+ "strex %2, %0, %1 \n\t" -+ "cmp %2, #0 \n\t" -+ "bne 1b \n\t" -+ : "=&r" (v1), "+Q"(value_), "=&r"(tmp) -+ ); -+#else - return __sync_add_and_fetch( &value_, 1 ); -+#endif - } - - long operator--() - { -+#ifdef __ARM_ARCH_7A__ -+ int v1, tmp; -+ asm volatile ("1: \n\t" -+ "ldrex %0, %1 \n\t" -+ "sub %0 ,%0, #1 \n\t" -+ "strex %2, %0, %1 \n\t" -+ "cmp %2, #0 \n\t" -+ "bne 1b \n\t" -+ : "=&r" (v1), "+Q"(value_), "=&r"(tmp) -+ ); -+ return value_; -+#else - return __sync_add_and_fetch( &value_, -1 ); -+#endif - } - - operator long() const - { -+#if __ARM_ARCH_7A__ -+ return value_; -+#else - return __sync_fetch_and_add( &value_, 0 ); -+#endif - } - - private: diff --git a/poky/meta/recipes-support/boost/boost_1.74.0.bb b/poky/meta/recipes-support/boost/boost_1.75.0.bb index b01b390a5..23b0ffc67 100644 --- a/poky/meta/recipes-support/boost/boost_1.74.0.bb +++ b/poky/meta/recipes-support/boost/boost_1.75.0.bb @@ -1,10 +1,9 @@ require boost-${PV}.inc require boost.inc -SRC_URI += "file://arm-intrinsics.patch \ +SRC_URI += " \ file://boost-CVE-2012-2677.patch \ file://boost-math-disable-pch-for-gcc.patch \ - file://0001-Apply-boost-1.62.0-no-forced-flags.patch.patch \ file://0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \ file://0001-dont-setup-compiler-flags-m32-m64.patch \ file://0001-fiber-libs-Define-SYS_futex-if-it-does-not-exist.patch \ diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch b/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch deleted file mode 100644 index aa2c85ff4..000000000 --- a/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch +++ /dev/null @@ -1,37 +0,0 @@ -From b6d18ca77f131cdcaa10d0eaa9d303399767edf6 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Wed, 28 Aug 2019 19:18:14 +0200 -Subject: [PATCH] certdata2pem.py: use python3 - -Comments in that file imply it is already py3 compatible. - -Upstream-Status: Pending -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - mozilla/Makefile | 2 +- - mozilla/certdata2pem.py | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/mozilla/Makefile b/mozilla/Makefile -index 6f46118..f98877c 100644 ---- a/mozilla/Makefile -+++ b/mozilla/Makefile -@@ -3,7 +3,7 @@ - # - - all: -- python certdata2pem.py -+ python3 certdata2pem.py - - clean: - -rm -f *.crt -diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py -index 0b02b2a..7d796f1 100644 ---- a/mozilla/certdata2pem.py -+++ b/mozilla/certdata2pem.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python3 - # vim:set et sw=4: - # - # certdata2pem.py - splits certdata.txt into multiple files diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb b/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb index 6f39df798..888a235c1 100644 --- a/poky/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb +++ b/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb @@ -14,7 +14,7 @@ DEPENDS_class-nativesdk = "openssl-native" # Need rehash from openssl and run-parts from debianutils PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" -SRCREV = "b3a8980b781bc9a370e42714a605cd4191bb6c0b" +SRCREV = "181be7ebd169b4a6fb5d90c3e6dc791e90534144" SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \ file://0002-update-ca-certificates-use-SYSROOT.patch \ @@ -23,7 +23,6 @@ SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \ file://default-sysroot.patch \ file://sbindir.patch \ file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \ - file://0001-certdata2pem.py-use-python3.patch \ " UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)" diff --git a/poky/meta/recipes-support/curl/curl_7.73.0.bb b/poky/meta/recipes-support/curl/curl_7.74.0.bb index 0f26b0f1a..873bbe814 100644 --- a/poky/meta/recipes-support/curl/curl_7.73.0.bb +++ b/poky/meta/recipes-support/curl/curl_7.74.0.bb @@ -9,7 +9,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ " -SRC_URI[sha256sum] = "cf34fe0b07b800f1c01a499a6e8b2af548f6d0e044dca4a29d88a4bee146d131" +SRC_URI[sha256sum] = "0f4d63e6681636539dc88fa8e929f934cd3a840c46e0bf28c73be11e521b77a5" # Curl has used many names over the years... CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" diff --git a/poky/meta/recipes-support/diffoscope/diffoscope_161.bb b/poky/meta/recipes-support/diffoscope/diffoscope_164.bb index 0f566a3ec..7707c441c 100644 --- a/poky/meta/recipes-support/diffoscope/diffoscope_161.bb +++ b/poky/meta/recipes-support/diffoscope/diffoscope_164.bb @@ -7,7 +7,7 @@ PYPI_PACKAGE = "diffoscope" inherit pypi setuptools3 -SRC_URI[sha256sum] = "9c27d60a7bf3984b53c8af3fee86eb3d3e2292c4ddb9449c38b6cba068b8e22c" +SRC_URI[sha256sum] = "bc269a39ec72261d9fead55bd951f6cbbe3d2ccce1481f974665999a5b141fff" RDEPENDS_${PN} += "binutils vim squashfs-tools python3-libarchive-c python3-magic" diff --git a/poky/meta/recipes-support/enchant/enchant2_2.2.13.bb b/poky/meta/recipes-support/enchant/enchant2_2.2.15.bb index 3b890e733..05e84fc72 100644 --- a/poky/meta/recipes-support/enchant/enchant2_2.2.13.bb +++ b/poky/meta/recipes-support/enchant/enchant2_2.2.15.bb @@ -9,7 +9,7 @@ DEPENDS = "glib-2.0" inherit autotools pkgconfig SRC_URI = "https://github.com/AbiWord/enchant/releases/download/v${PV}/enchant-${PV}.tar.gz" -SRC_URI[sha256sum] = "eab9f90d79039133660029616e2a684644bd524be5dc43340d4cfc3fb3c68a20" +SRC_URI[sha256sum] = "3b0f2215578115f28e2a6aa549b35128600394304bd79d6f28b0d3b3d6f46c03" UPSTREAM_CHECK_URI = "https://github.com/AbiWord/enchant/releases" diff --git a/poky/meta/recipes-support/gdbm/files/gdbm-fix-link-failure-against-gcc-10.patch b/poky/meta/recipes-support/gdbm/files/gdbm-fix-link-failure-against-gcc-10.patch deleted file mode 100644 index c1580418d..000000000 --- a/poky/meta/recipes-support/gdbm/files/gdbm-fix-link-failure-against-gcc-10.patch +++ /dev/null @@ -1,47 +0,0 @@ -From f993697af81c37df9c55e0ebedeb1b8b880506ae Mon Sep 17 00:00:00 2001 -From: Richard Leitner <richard.leitner@skidata.com> -Date: Tue, 5 May 2020 11:59:42 +0200 -Subject: [PATCH] gdbm: fix link failure against gcc-10 - -Copied from gentoo's solution at https://bugs.gentoo.org/show_bug.cgi?id=705898 -Original patch by Sergei Trofimovich <slyfox@gentoo.org> - -Original description: - -Before the change on gcc-10 link failed as: -``` - CCLD gdbmtool -ld: ./libgdbmapp.a(parseopt.o):(.bss+0x8): multiple definition of `parseopt_program_args'; - gdbmtool.o:(.data.rel.local+0x260): first defined here -ld: ./libgdbmapp.a(parseopt.o):(.bss+0x10): multiple definition of `parseopt_program_doc'; - gdbmtool.o:(.data.rel.local+0x268): first defined here -``` - -gcc-10 will change the default from -fcommon to fno-common: - https://gcc.gnu.org/PR85678. - -The fix is to avoid multiple definition and rely on -declarations only. - -Upstream-Status: Pending -Signed-off-by: Richard Leitner <richard.leitner@skidata.com> ---- - src/parseopt.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/src/parseopt.c b/src/parseopt.c -index 268e080..a4c8576 100644 ---- a/src/parseopt.c -+++ b/src/parseopt.c -@@ -255,8 +255,6 @@ print_option_descr (const char *descr, size_t lmargin, size_t rmargin) - } - - char *parseopt_program_name; --char *parseopt_program_doc; --char *parseopt_program_args; - const char *program_bug_address = "<" PACKAGE_BUGREPORT ">"; - void (*parseopt_help_hook) (FILE *stream); - --- -2.26.2 - diff --git a/poky/meta/recipes-support/gdbm/gdbm_1.18.1.bb b/poky/meta/recipes-support/gdbm/gdbm_1.19.bb index fbb1fe72d..1f390a4aa 100644 --- a/poky/meta/recipes-support/gdbm/gdbm_1.18.1.bb +++ b/poky/meta/recipes-support/gdbm/gdbm_1.19.bb @@ -8,11 +8,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=241da1b9fe42e642cbb2c24d5e0c4d24" SRC_URI = "${GNU_MIRROR}/gdbm/gdbm-${PV}.tar.gz \ file://run-ptest \ file://ptest.patch \ - file://gdbm-fix-link-failure-against-gcc-10.patch \ " -SRC_URI[md5sum] = "988dc82182121c7570e0cb8b4fcd5415" -SRC_URI[sha256sum] = "86e613527e5dba544e73208f42b78b7c022d4fa5a6d5498bf18c8d6f745b91dc" +SRC_URI[md5sum] = "aeb29c6a90350a4c959cd1df38cd0a7e" +SRC_URI[sha256sum] = "37ed12214122b972e18a0d94995039e57748191939ef74115b1d41d8811364bc" inherit autotools gettext texinfo lib_package ptest diff --git a/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch index c641a1961..a0af2d48d 100644 --- a/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch +++ b/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch @@ -1,4 +1,4 @@ -From 56343af532389c31eab32c096c9a989c53c78ce0 Mon Sep 17 00:00:00 2001 +From abc5c396aaddaef2e6811362e3e0cc0da28c2b34 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 22 Jan 2018 18:00:21 +0200 Subject: [PATCH] configure.ac: use a custom value for the location of @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 1d05d39..eaaf33c 100644 +index 64cb8c6..3fe9027 100644 --- a/configure.ac +++ b/configure.ac -@@ -1858,7 +1858,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", +@@ -1824,7 +1824,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool]) diff --git a/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch b/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch index 607a09f18..a13b4d5fb 100644 --- a/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch +++ b/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch @@ -1,4 +1,4 @@ -From 9a901dbb1c48685f2db6d7b55916c9484e871f16 Mon Sep 17 00:00:00 2001 +From 6c75656b68cb6e38b039ae532bd39437cd6daec5 Mon Sep 17 00:00:00 2001 From: Saul Wold <sgw@linux.intel.com> Date: Wed, 16 Aug 2017 11:18:01 +0800 Subject: [PATCH] dirmngr uses libgpg error @@ -11,20 +11,18 @@ Rebase to 2.1.23 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- - dirmngr/Makefile.am | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) + dirmngr/Makefile.am | 1 + + 1 file changed, 1 insertion(+) diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am -index 208a813..292c036 100644 +index 00d3c42..450d873 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am -@@ -90,7 +90,8 @@ endif - dirmngr_LDADD = $(libcommonpth) \ +@@ -101,6 +101,7 @@ dirmngr_LDADD = $(libcommonpth) \ $(DNSLIBS) $(LIBASSUAN_LIBS) \ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \ -- $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) -+ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) \ -+ $(GPG_ERROR_LIBS) + $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) \ ++ $(GPG_ERROR_LIBS) \ + $(dirmngr_robj) if USE_LDAP dirmngr_LDADD += $(ldaplibs) - endif diff --git a/poky/meta/recipes-support/gnupg/gnupg/relocate.patch b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch index aa8d1e3cc..7f7812cd4 100644 --- a/poky/meta/recipes-support/gnupg/gnupg/relocate.patch +++ b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch @@ -1,4 +1,4 @@ -From 4005b3342db06749453835720b5a5c2392a90810 Mon Sep 17 00:00:00 2001 +From bd66af2ac7bb6d9294ac8055a55462ba7c4f9c9b Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Wed, 19 Sep 2018 14:44:40 +0100 Subject: [PATCH] Allow the environment to override where gnupg looks for its diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.2.23.bb b/poky/meta/recipes-support/gnupg/gnupg_2.2.27.bb index c624b67a0..8b5fc9983 100644 --- a/poky/meta/recipes-support/gnupg/gnupg_2.2.23.bb +++ b/poky/meta/recipes-support/gnupg/gnupg_2.2.27.bb @@ -20,7 +20,7 @@ SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for- file://relocate.patch" SRC_URI_append_class-nativesdk = " file://relocate.patch" -SRC_URI[sha256sum] = "10b55e49d78b3e49f1edb58d7541ecbdad92ddaeeb885b6f486ed23d1cd1da5c" +SRC_URI[sha256sum] = "34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399" EXTRA_OECONF = "--disable-ldap \ --disable-ccid-driver \ diff --git a/poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch b/poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch index 34c8985c1..6eb1edbdb 100644 --- a/poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch +++ b/poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch @@ -1,3 +1,8 @@ +From 8a5c96057cf305bbeac0d6e0e59ee24fbb9497fe Mon Sep 17 00:00:00 2001 +From: Joe Slater <jslater@windriver.com> +Date: Wed, 25 Jan 2017 13:52:59 -0800 +Subject: [PATCH] gnutls: account for ARM_EABI + Certain syscall's are not availabe for arm-eabi, so we eliminate reference to them. @@ -5,12 +10,18 @@ Upstream-Status: Pending Signed-off-by: Joe Slater <jslater@windriver.com> +--- + tests/seccomp.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tests/seccomp.c b/tests/seccomp.c +index ed14d00..3c5b726 100644 --- a/tests/seccomp.c +++ b/tests/seccomp.c -@@ -49,7 +49,9 @@ int disable_system_calls(void) - } +@@ -53,7 +53,9 @@ int disable_system_calls(void) ADD_SYSCALL(nanosleep, 0); + ADD_SYSCALL(clock_nanosleep, 0); +#if ! defined(__ARM_EABI__) ADD_SYSCALL(time, 0); +#endif diff --git a/poky/meta/recipes-support/gnutls/gnutls_3.6.15.bb b/poky/meta/recipes-support/gnutls/gnutls_3.7.0.bb index b936db50d..e3ca86b93 100644 --- a/poky/meta/recipes-support/gnutls/gnutls_3.6.15.bb +++ b/poky/meta/recipes-support/gnutls/gnutls_3.7.0.bb @@ -21,7 +21,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://arm_eabi.patch \ " -SRC_URI[sha256sum] = "0ea8c3283de8d8335d7ae338ef27c53a916f15f382753b174c18b45ffd481558" +SRC_URI[sha256sum] = "49e2a22691d252c9f24a9829b293a8f359095bc5a818351f05f1c0a5188a1df8" inherit autotools texinfo pkgconfig gettext lib_package gtk-doc diff --git a/poky/meta/recipes-support/gpgme/gpgme/0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch b/poky/meta/recipes-support/gpgme/gpgme/0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch index 0ed4eb681..0c15cc7c3 100644 --- a/poky/meta/recipes-support/gpgme/gpgme/0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch +++ b/poky/meta/recipes-support/gpgme/gpgme/0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch @@ -11,11 +11,11 @@ Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- - src/gpgme.m4 | 58 ++++++++++------------------------------------------------ + src/gpgme.m4 | 58 +++++++++------------------------------------------- 1 file changed, 10 insertions(+), 48 deletions(-) diff --git a/src/gpgme.m4 b/src/gpgme.m4 -index 2a72f18..6c2be44 100644 +index c749a5d..8579146 100644 --- a/src/gpgme.m4 +++ b/src/gpgme.m4 @@ -1,5 +1,5 @@ @@ -29,7 +29,7 @@ index 2a72f18..6c2be44 100644 # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # --# Last-changed: 2018-11-12 +-# Last-changed: 2020-11-20 +# Last-changed: 2014-10-02 @@ -130,5 +130,5 @@ index 2a72f18..6c2be44 100644 ifelse([$2], , :, [$2]) _AM_PATH_GPGME_CONFIG_HOST_CHECK -- -2.7.4 +2.25.1 diff --git a/poky/meta/recipes-support/gpgme/gpgme_1.15.0.bb b/poky/meta/recipes-support/gpgme/gpgme_1.15.1.bb index 9264af8c5..dc38aa8e3 100644 --- a/poky/meta/recipes-support/gpgme/gpgme_1.15.0.bb +++ b/poky/meta/recipes-support/gpgme/gpgme_1.15.1.bb @@ -22,7 +22,7 @@ SRC_URI = "${GNUPG_MIRROR}/gpgme/${BP}.tar.bz2 \ file://0008-do-not-auto-check-var-PYTHON.patch \ " -SRC_URI[sha256sum] = "0b472bc12c7d455906c8a539ec56da0a6480ef1c3a87aa5b74d7125df68d0e5b" +SRC_URI[sha256sum] = "eebc3c1b27f1c8979896ff361ba9bb4778b508b2496c2fc10e3775a40b1de1ad" DEPENDS = "libgpg-error libassuan" RDEPENDS_${PN}-cpp += "libstdc++" diff --git a/poky/meta/recipes-support/icu/icu_68.1.bb b/poky/meta/recipes-support/icu/icu_68.2.bb index 98aa6b7be..1ca87feee 100644 --- a/poky/meta/recipes-support/icu/icu_68.1.bb +++ b/poky/meta/recipes-support/icu/icu_68.2.bb @@ -112,8 +112,8 @@ SRC_URI = "${BASE_SRC_URI};name=code \ SRC_URI_append_class-target = "\ file://0001-Disable-LDFLAGSICUDT-for-Linux.patch \ " -SRC_URI[code.sha256sum] = "a9f2e3d8b4434b8e53878b4308bd1e6ee51c9c7042e2b1a376abefb6fbb29f2d" -SRC_URI[data.sha256sum] = "03ea8b4694155620548c8c0ba20444f1e7db246cc79e3b9c4fc7a960b160d510" +SRC_URI[code.sha256sum] = "c79193dee3907a2199b8296a93b52c5cb74332c26f3d167269487680d479d625" +SRC_URI[data.sha256sum] = "2989b466fa010edc41297e12fdd5ae47c2610ad68b63af1a0bd2a1acfaf497f3" UPSTREAM_CHECK_REGEX = "icu4c-(?P<pver>\d+(_\d+)+)-src" UPSTREAM_CHECK_URI = "https://github.com/unicode-org/icu/releases" diff --git a/poky/meta/recipes-support/itstool/itstool_2.0.6.bb b/poky/meta/recipes-support/itstool/itstool_2.0.6.bb index 5f358f463..c52aa7941 100644 --- a/poky/meta/recipes-support/itstool/itstool_2.0.6.bb +++ b/poky/meta/recipes-support/itstool/itstool_2.0.6.bb @@ -18,4 +18,3 @@ SRC_URI[sha256sum] = "6233cc22726a9a5a83664bf67d1af79549a298c23185d926c3677afa91 BBCLASSEXTEND = "native nativesdk" RDEPENDS_${PN} += "libxml2-python" -RDEPENDS_${PN}_class-native = "" diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.1.bb b/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.2.bb index 43f76dc56..43f76dc56 100644 --- a/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.1.bb +++ b/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.2.bb diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng.inc b/poky/meta/recipes-support/libcap-ng/libcap-ng.inc index a312b602f..8c52b5d0b 100644 --- a/poky/meta/recipes-support/libcap-ng/libcap-ng.inc +++ b/poky/meta/recipes-support/libcap-ng/libcap-ng.inc @@ -7,10 +7,10 @@ LICENSE = "GPLv2+ & LGPLv2.1+" LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06" -SRC_URI = "http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-${PV}.tar.gz \ +SRC_URI = "https://people.redhat.com/sgrubb/libcap-ng/libcap-ng-${PV}.tar.gz \ file://python.patch \ " -SRC_URI[sha256sum] = "f06b17aaca029e245c9a26c698c6cc8a1cf42b58483d93e94ee02b478bdc1055" +SRC_URI[sha256sum] = "52c083b77c2b0d8449dee141f9c3eba76e6d4c5ad44ef05df25891126cb85ae9" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng_0.8.1.bb b/poky/meta/recipes-support/libcap-ng/libcap-ng_0.8.2.bb index 6e6de4549..6e6de4549 100644 --- a/poky/meta/recipes-support/libcap-ng/libcap-ng_0.8.1.bb +++ b/poky/meta/recipes-support/libcap-ng/libcap-ng_0.8.2.bb diff --git a/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch b/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch index 3c737b884..d2653afb7 100644 --- a/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch +++ b/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch @@ -1,4 +1,4 @@ -From c22c6c16362c7dbc8d6faea06edee5e07759c5fa Mon Sep 17 00:00:00 2001 +From 6aa15fe548e5b1d6ca3b373779beb7521ea95ba9 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Wed, 15 Jan 2020 17:16:28 +0100 Subject: [PATCH] tests: do not statically link a test @@ -7,7 +7,6 @@ This fails on e.g. centos 7 Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> - --- progs/Makefile | 2 +- tests/Makefile | 4 ++-- @@ -27,7 +26,7 @@ index 1d7fc7a..37db8f7 100644 sudotest: test tcapsh-static sudo $(LDPATH) ./quicktest.sh diff --git a/tests/Makefile b/tests/Makefile -index 3431df9..727fb86 100644 +index 01f7589..094ec57 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -22,7 +22,7 @@ ifeq ($(PTHREADS),yes) @@ -36,7 +35,7 @@ index 3431df9..727fb86 100644 else -LDFLAGS += --static +LDFLAGS += - DEPS=../libcap/libcap.a ../progs/tcapsh-static + DEPS=../libcap/libcap.a ifeq ($(PTHREADS),yes) DEPS += ../libcap/libpsx.a @@ -106,7 +106,7 @@ noexploit: exploit.o $(DEPS) @@ -48,3 +47,6 @@ index 3431df9..727fb86 100644 clean: rm -f psx_test libcap_psx_test libcap_launch_test *~ +-- +2.17.1 + diff --git a/poky/meta/recipes-support/libcap/libcap_2.45.bb b/poky/meta/recipes-support/libcap/libcap_2.47.bb index 067ba32d9..bc4754eab 100644 --- a/poky/meta/recipes-support/libcap/libcap_2.45.bb +++ b/poky/meta/recipes-support/libcap/libcap_2.47.bb @@ -12,7 +12,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${ file://0002-tests-do-not-run-target-executables.patch \ file://0001-tests-do-not-statically-link-a-test.patch \ " -SRC_URI[sha256sum] = "d66639f765c0e10557666b00f519caf0bd07a95f867dddaee131cd284fac3286" +SRC_URI[sha256sum] = "af165df45f9fe8b315164ec7143740947489f36ccbe6999b6cdf86e7a8dca04b" UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/" diff --git a/poky/meta/recipes-support/libcroco/files/CVE-2020-12825.patch b/poky/meta/recipes-support/libcroco/files/CVE-2020-12825.patch new file mode 100644 index 000000000..42f92e360 --- /dev/null +++ b/poky/meta/recipes-support/libcroco/files/CVE-2020-12825.patch @@ -0,0 +1,192 @@ +From fdf78a4877afa987ba646a8779b513f258e6d04c Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro <mcatanzaro@gnome.org> +Date: Fri, 31 Jul 2020 15:21:53 -0500 +Subject: [PATCH] libcroco: Limit recursion in block and any productions + + (CVE-2020-12825) + +If we don't have any limits, we can recurse forever and overflow the +stack. + +Fixes #8 +This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8 + +https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404 + +CVE: CVE-2020-12825 +Upstream-Status: Backport [https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a] +Comment: No refreshing changes done. +Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com> + +--- + src/cr-parser.c | 44 +++++++++++++++++++++++++++++--------------- + 1 file changed, 29 insertions(+), 15 deletions(-) + +diff --git a/src/cr-parser.c b/src/cr-parser.c +index 18c9a01..f4a62e3 100644 +--- a/src/cr-parser.c ++++ b/src/cr-parser.c +@@ -136,6 +136,8 @@ struct _CRParserPriv { + + #define CHARS_TAB_SIZE 12 + ++#define RECURSIVE_CALLERS_LIMIT 100 ++ + /** + * IS_NUM: + *@a_char: the char to test. +@@ -344,9 +346,11 @@ static enum CRStatus cr_parser_parse_selector_core (CRParser * a_this); + + static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this); + +-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this); ++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this, ++ guint n_calls); + +-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this); ++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this, ++ guint n_calls); + + static enum CRStatus cr_parser_parse_value_core (CRParser * a_this); + +@@ -784,7 +788,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) + cr_parser_try_to_skip_spaces_and_comments (a_this); + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + } while (status == CR_OK); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, +@@ -795,7 +799,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +- status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, 0); + CHECK_PARSING_STATUS (status, + FALSE); + goto done; +@@ -930,11 +934,11 @@ cr_parser_parse_selector_core (CRParser * a_this) + + RECORD_INITIAL_POS (a_this, &init_pos); + +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + CHECK_PARSING_STATUS (status, FALSE); + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + + } while (status == CR_OK); + +@@ -956,10 +960,12 @@ cr_parser_parse_selector_core (CRParser * a_this) + *in chapter 4.1 of the css2 spec. + *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*; + *@param a_this the current instance of #CRParser. ++ *@param n_calls used to limit recursion depth + *FIXME: code this function. + */ + static enum CRStatus +-cr_parser_parse_block_core (CRParser * a_this) ++cr_parser_parse_block_core (CRParser * a_this, ++ guint n_calls) + { + CRToken *token = NULL; + CRInputPos init_pos; +@@ -967,6 +973,9 @@ cr_parser_parse_block_core (CRParser * a_this) + + g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR); + ++ if (n_calls > RECURSIVE_CALLERS_LIMIT) ++ return CR_ERROR; ++ + RECORD_INITIAL_POS (a_this, &init_pos); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token); +@@ -996,13 +1005,13 @@ cr_parser_parse_block_core (CRParser * a_this) + } else if (token->type == CBO_TK) { + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token); + token = NULL; +- status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, n_calls + 1); + CHECK_PARSING_STATUS (status, FALSE); + goto parse_block_content; + } else { + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token); + token = NULL; +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + CHECK_PARSING_STATUS (status, FALSE); + goto parse_block_content; + } +@@ -1109,7 +1118,7 @@ cr_parser_parse_value_core (CRParser * a_this) + status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +- status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, 0); + CHECK_PARSING_STATUS (status, FALSE); + ref++; + goto continue_parsing; +@@ -1123,7 +1132,7 @@ cr_parser_parse_value_core (CRParser * a_this) + status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + if (status == CR_OK) { + ref++; + goto continue_parsing; +@@ -1162,10 +1171,12 @@ cr_parser_parse_value_core (CRParser * a_this) + * | FUNCTION | DASHMATCH | '(' any* ')' | '[' any* ']' ] S*; + * + *@param a_this the current instance of #CRParser. ++ *@param n_calls used to limit recursion depth + *@return CR_OK upon successfull completion, an error code otherwise. + */ + static enum CRStatus +-cr_parser_parse_any_core (CRParser * a_this) ++cr_parser_parse_any_core (CRParser * a_this, ++ guint n_calls) + { + CRToken *token1 = NULL, + *token2 = NULL; +@@ -1174,6 +1185,9 @@ cr_parser_parse_any_core (CRParser * a_this) + + g_return_val_if_fail (a_this, CR_BAD_PARAM_ERROR); + ++ if (n_calls > RECURSIVE_CALLERS_LIMIT) ++ return CR_ERROR; ++ + RECORD_INITIAL_POS (a_this, &init_pos); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token1); +@@ -1212,7 +1226,7 @@ cr_parser_parse_any_core (CRParser * a_this) + *We consider parameter as being an "any*" production. + */ + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + } while (status == CR_OK); + + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); +@@ -1237,7 +1251,7 @@ cr_parser_parse_any_core (CRParser * a_this) + } + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + } while (status == CR_OK); + + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); +@@ -1265,7 +1279,7 @@ cr_parser_parse_any_core (CRParser * a_this) + } + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + } while (status == CR_OK); + + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); diff --git a/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb b/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb index 9171a9de5..a443ff23f 100644 --- a/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb +++ b/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb @@ -18,3 +18,6 @@ inherit gnomebase gtk-doc binconfig-disabled SRC_URI[archive.md5sum] = "c80c5a8385011a0260dce6bd0da93dce" SRC_URI[archive.sha256sum] = "767ec234ae7aa684695b3a735548224888132e063f92db585759b422570621d4" + +SRC_URI +="file://CVE-2020-12825.patch \ +" diff --git a/poky/meta/recipes-support/libevdev/libevdev_1.10.0.bb b/poky/meta/recipes-support/libevdev/libevdev_1.10.1.bb index 2620cbe9f..353ded6f2 100644 --- a/poky/meta/recipes-support/libevdev/libevdev_1.10.0.bb +++ b/poky/meta/recipes-support/libevdev/libevdev_1.10.1.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=75aae0d38feea6fda97ca381cb9132eb \ SRC_URI = "http://www.freedesktop.org/software/libevdev/${BP}.tar.xz \ file://determinism.patch" -SRC_URI[sha256sum] = "3522c26e2c148be0ad68ce26fbced408a4185dea90bfe8079dc82b8ace962d4a" +SRC_URI[sha256sum] = "0330fe8357ece915db9366c1b9a6648941aea6f724b73ad6e71401127aa08932" inherit autotools pkgconfig diff --git a/poky/meta/recipes-support/libexif/files/CVE-2020-0198.patch b/poky/meta/recipes-support/libexif/files/CVE-2020-0198.patch new file mode 100644 index 000000000..2a48844cb --- /dev/null +++ b/poky/meta/recipes-support/libexif/files/CVE-2020-0198.patch @@ -0,0 +1,66 @@ +From ca71eda33fe8421f98fbe20eb4392473357c1c43 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Wed, 30 Dec 2020 10:22:47 +0800 +Subject: [PATCH] fixed another unsigned integer overflow + +first fixed by google in android fork, +https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0 + +(use a more generic overflow check method, also check second overflow instance.) + +https://security-tracker.debian.org/tracker/CVE-2020-0198 + +Upstream-Status: Backport[https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c] +CVE: CVE-2020-0198 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + libexif/exif-data.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/libexif/exif-data.c b/libexif/exif-data.c +index 8b280d3..34d58fc 100644 +--- a/libexif/exif-data.c ++++ b/libexif/exif-data.c +@@ -47,6 +47,8 @@ + #undef JPEG_MARKER_APP1 + #define JPEG_MARKER_APP1 0xe1 + ++#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize )) ++ + static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00}; + + struct _ExifDataPrivate +@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d, + exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o); + return; + } +- if (s > ds - o) { ++ if (CHECKOVERFLOW(o,ds,s)) { + exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o); + return; + } +@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, + } + + /* Read the number of entries */ +- if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) { ++ if (CHECKOVERFLOW(offset, ds, 2)) { + exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", +- "Tag data past end of buffer (%u > %u)", offset+2, ds); ++ "Tag data past end of buffer (%u+2 > %u)", offset, ds); + return; + } + n = exif_get_short (d + offset, data->priv->order); +@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, + offset += 2; + + /* Check if we have enough data. */ +- if (offset + 12 * n > ds) { ++ if (CHECKOVERFLOW(offset, ds, 12*n)) { + n = (ds - offset) / 12; + exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", + "Short data; only loading %hu entries...", n); +-- +2.17.1 + diff --git a/poky/meta/recipes-support/libexif/files/CVE-2020-0452.patch b/poky/meta/recipes-support/libexif/files/CVE-2020-0452.patch new file mode 100644 index 000000000..a117b8b36 --- /dev/null +++ b/poky/meta/recipes-support/libexif/files/CVE-2020-0452.patch @@ -0,0 +1,39 @@ +From 302acd49eba0a125b0f20692df6abc6f7f7ca53e Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Wed, 30 Dec 2020 10:18:51 +0800 +Subject: [PATCH] fixed a incorrect overflow check that could be optimized + away. + +inspired by: +https://android.googlesource.com/platform/external/libexif/+/8e7345f3bc0bad06ac369d6cbc1124c8ceaf7d4b + +https://source.android.com/security/bulletin/2020-11-01 + +CVE-2020-0452 + +Upsteam-Status: Backport[https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06] +CVE: CVE-2020-0452 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + libexif/exif-entry.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c +index 5de215f..3a6ce84 100644 +--- a/libexif/exif-entry.c ++++ b/libexif/exif-entry.c +@@ -1371,8 +1371,8 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen) + { + unsigned char *utf16; + +- /* Sanity check the size to prevent overflow */ +- if (e->size+sizeof(uint16_t)+1 < e->size) break; ++ /* Sanity check the size to prevent overflow. Note EXIF files are 64kb at most. */ ++ if (e->size >= 65536 - sizeof(uint16_t)*2) break; + + /* The tag may not be U+0000-terminated , so make a local + U+0000-terminated copy before converting it */ +-- +2.17.1 + diff --git a/poky/meta/recipes-support/libexif/libexif_0.6.22.bb b/poky/meta/recipes-support/libexif/libexif_0.6.22.bb index 2478ba07d..dc30926c5 100644 --- a/poky/meta/recipes-support/libexif/libexif_0.6.22.bb +++ b/poky/meta/recipes-support/libexif/libexif_0.6.22.bb @@ -8,6 +8,8 @@ def version_underscore(v): return "_".join(v.split(".")) SRC_URI = "https://github.com/libexif/libexif/releases/download/libexif-${@version_underscore("${PV}")}-release/libexif-${PV}.tar.xz \ + file://CVE-2020-0198.patch \ + file://CVE-2020-0452.patch \ " SRC_URI[sha256sum] = "5048f1c8fc509cc636c2f97f4b40c293338b6041a5652082d5ee2cf54b530c56" diff --git a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb index 0cad41dfa..7db624a09 100644 --- a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb +++ b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb @@ -28,6 +28,9 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ " SRC_URI[sha256sum] = "03b70f028299561b7034b8966d7dd77ef16ed139c43440925fe8782561974748" +# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro. +CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438" + BINCONFIG = "${bindir}/libgcrypt-config" inherit autotools texinfo binconfig-disabled pkgconfig diff --git a/poky/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch b/poky/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch index ca5f6b5c2..83054a9c4 100644 --- a/poky/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch +++ b/poky/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch @@ -11,18 +11,16 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Refactored for 1.33 Signed-off-by: Armin Kuster <akuster808@gmail.com> - +Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> --- - configure.ac | 1 + - src/gpg-error.m4 | 71 +++-------------------------------------------------- - 4 files changed, 18 insertions(+), 69 deletions(-) - create mode 100644 src/gpg-error.pc.in + src/gpg-error.m4 | 142 +---------------------------------------------- + 1 file changed, 3 insertions(+), 139 deletions(-) -Index: libgpg-error-1.33/src/gpg-error.m4 -=================================================================== ---- libgpg-error-1.33.orig/src/gpg-error.m4 -+++ libgpg-error-1.33/src/gpg-error.m4 -@@ -26,139 +26,13 @@ dnl is added to the gpg_config_script_wa +diff --git a/src/gpg-error.m4 b/src/gpg-error.m4 +index c9b235f..176bd6a 100644 +--- a/src/gpg-error.m4 ++++ b/src/gpg-error.m4 +@@ -26,139 +26,12 @@ dnl is added to the gpg_config_script_warn variable. dnl AC_DEFUN([AM_PATH_GPG_ERROR], [ AC_REQUIRE([AC_CANONICAL_HOST]) @@ -31,12 +29,10 @@ Index: libgpg-error-1.33/src/gpg-error.m4 - dnl since that is consistent with how our three siblings use the directory/ - dnl package name in --with-$dir_name-prefix=PFX. - AC_ARG_WITH(libgpg-error-prefix, -- AC_HELP_STRING([--with-libgpg-error-prefix=PFX], +- AS_HELP_STRING([--with-libgpg-error-prefix=PFX], - [prefix where GPG Error is installed (optional)]), - [gpg_error_config_prefix="$withval"]) -+ min_gpg_error_version=ifelse([$1], ,0.0,$1) -+ PKG_CHECK_MODULES(GPG_ERROR, [gpg-error >= $min_gpg_error_version], [ok=yes], [ok=no]) - +- - dnl Accept --with-gpg-error-prefix and make it work the same as - dnl --with-libgpg-error-prefix above, for backwards compatibility, - dnl but do not document this old, inconsistently-named option. @@ -143,6 +139,8 @@ Index: libgpg-error-1.33/src/gpg-error.m4 - fi - fi - AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version) ++ min_gpg_error_version=ifelse([$1], ,0.0,$1) ++ PKG_CHECK_MODULES(GPG_ERROR, [gpg-error >= $min_gpg_error_version], [ok=yes], [ok=no]) if test $ok = yes; then - GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG --cflags` - GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG --libs` @@ -165,7 +163,7 @@ Index: libgpg-error-1.33/src/gpg-error.m4 fi if test x"$gpg_error_config_host" != xnone ; then if test x"$gpg_error_config_host" != x"$host" ; then -@@ -174,15 +48,6 @@ AC_DEFUN([AM_PATH_GPG_ERROR], +@@ -174,15 +47,6 @@ AC_DEFUN([AM_PATH_GPG_ERROR], fi fi else @@ -181,3 +179,6 @@ Index: libgpg-error-1.33/src/gpg-error.m4 - AC_SUBST(GPG_ERROR_MT_CFLAGS) - AC_SUBST(GPG_ERROR_MT_LIBS) ]) +-- +2.25.1 + diff --git a/poky/meta/recipes-support/libgpg-error/libgpg-error_1.39.bb b/poky/meta/recipes-support/libgpg-error/libgpg-error_1.41.bb index f53056f5c..8205cb455 100644 --- a/poky/meta/recipes-support/libgpg-error/libgpg-error_1.39.bb +++ b/poky/meta/recipes-support/libgpg-error/libgpg-error_1.41.bb @@ -18,7 +18,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgpg-error/libgpg-error-${PV}.tar.bz2 \ file://0001-Do-not-fail-when-testing-config-scripts.patch \ " -SRC_URI[sha256sum] = "4a836edcae592094ef1c5a4834908f44986ab2b82e0824a0344b49df8cdb298f" +SRC_URI[sha256sum] = "64b078b45ac3c3003d7e352a5e05318880a5778c42331ce1ef33d1a0d9922742" BINCONFIG = "${bindir}/gpg-error-config" diff --git a/poky/meta/recipes-support/libjitterentropy/files/0001-Make-man-pages-reproducible.patch b/poky/meta/recipes-support/libjitterentropy/files/0001-Make-man-pages-reproducible.patch deleted file mode 100644 index 57b336c0c..000000000 --- a/poky/meta/recipes-support/libjitterentropy/files/0001-Make-man-pages-reproducible.patch +++ /dev/null @@ -1,30 +0,0 @@ -From ce091718716400119d6be6bd637c0e3f4f6ca315 Mon Sep 17 00:00:00 2001 -From: Joshua Watt <JPEWhacker@gmail.com> -Date: Thu, 21 Nov 2019 08:07:41 -0600 -Subject: [PATCH] Make man pages reproducible - -Instructs the man page to be gzip'ed without the file name or timestamp -so that it builds reproducibly. - -Upstream-Status: Backport [https://github.com/smuellerDD/jitterentropy-library/pull/14] -Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index 2e78607..860b720 100644 ---- a/Makefile -+++ b/Makefile -@@ -60,7 +60,7 @@ cppcheck: - install: - install -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3 - install -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/ -- gzip -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3 -+ gzip -n -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3 - install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR) - $(INSTALL_STRIP) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/ - install -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR) --- -2.23.0 - diff --git a/poky/meta/recipes-support/libjitterentropy/files/0001-Makefile-cleanup-install-for-rebuilds.patch b/poky/meta/recipes-support/libjitterentropy/files/0001-Makefile-cleanup-install-for-rebuilds.patch deleted file mode 100644 index 9af334ce2..000000000 --- a/poky/meta/recipes-support/libjitterentropy/files/0001-Makefile-cleanup-install-for-rebuilds.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 060b9b4147f6e5ff386a8b017796118d783e59fa Mon Sep 17 00:00:00 2001 -From: Matt Weber <matthew.weber@rockwellcollins.com> -Date: Tue, 22 Oct 2019 12:44:30 -0500 -Subject: [PATCH] Makefile: cleanup install for rebuilds - -Support the ability to rebuild and redeploy without a clean. This -required some force linking and man archive creation. - -Provide the ability to override the stripping of the shared lib for -cases where a embedded target build may want to control stripping -or provide cross arch tools. - -Upstream-Status: Backport [060b9b4147f6e5ff386a8b017796118d783e59fa] -Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> -Signed-off-by: Stephan Mueller <smueller@chronox.de> -Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> ---- - Makefile | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/Makefile b/Makefile -index 4ff069b..2e78607 100644 ---- a/Makefile -+++ b/Makefile -@@ -14,6 +14,8 @@ LIBDIR := lib - # include target directory - INCDIR := include - -+INSTALL_STRIP ?= install -s -+ - NAME := jitterentropy - LIBMAJOR=$(shell cat jitterentropy-base.c | grep define | grep MAJVERSION | awk '{print $$3}') - LIBMINOR=$(shell cat jitterentropy-base.c | grep define | grep MINVERSION | awk '{print $$3}') -@@ -58,15 +60,15 @@ cppcheck: - install: - install -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3 - install -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/ -- gzip -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3 -+ gzip -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3 - install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR) -- install -m 0755 -s lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/ -+ $(INSTALL_STRIP) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/ - install -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR) - install -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/ - install -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/ - $(RM) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR) -- ln -s lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR) -- ln -s lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so -+ ln -sf lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR) -+ ln -sf lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so - - clean: - @- $(RM) $(NAME) --- -2.23.0 - diff --git a/poky/meta/recipes-support/libjitterentropy/libjitterentropy_2.2.0.bb b/poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb index 710ef0172..197bb787a 100644 --- a/poky/meta/recipes-support/libjitterentropy/libjitterentropy_2.2.0.bb +++ b/poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb @@ -5,14 +5,12 @@ stamp. It is a small-scale, yet fast entropy source that is viable in almost \ all environments and on a lot of CPU architectures." HOMEPAGE = "http://www.chronox.de/jent.html" LICENSE = "GPLv2+ | BSD" -LIC_FILES_CHKSUM = "file://COPYING;md5=a95aadbdfae7ed812bb2b7b86eb5981c \ +LIC_FILES_CHKSUM = "file://COPYING;md5=c69090e97c8fd6372d03099c0a5bc382 \ file://COPYING.gplv2;md5=eb723b61539feef013de476e68b5c50a \ file://COPYING.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \ " -SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git \ - file://0001-Makefile-cleanup-install-for-rebuilds.patch \ - file://0001-Make-man-pages-reproducible.patch" -SRCREV = "933a44f33ed3d6612f7cfaa7ad1207c8da4886ba" +SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git" +SRCREV = "747bf030b0ea9c44548b4e29bcfab7ae416675fc" S = "${WORKDIR}/git" do_configure[noexec] = "1" diff --git a/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch b/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch index ebb7fa588..af96bd57c 100644 --- a/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch +++ b/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch @@ -1,4 +1,4 @@ -From 7bd2b060e9ea3e2ff11e67d1e98ab882819b28b7 Mon Sep 17 00:00:00 2001 +From 6081640895b6d566fa21123e2de7d111eeab5c4c Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Mon, 3 Dec 2012 18:17:31 +0800 Subject: [PATCH] libksba: add pkgconfig support @@ -11,11 +11,15 @@ They think pkgconfig adds no portability and maintaining them is not worthwhile. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + src/ksba.m4 | 90 +++-------------------------------------------------- + 1 file changed, 4 insertions(+), 86 deletions(-) + diff --git a/src/ksba.m4 b/src/ksba.m4 -index ad8de4f..af903ad 100644 +index 6b55bb8..6e7336f 100644 --- a/src/ksba.m4 +++ b/src/ksba.m4 -@@ -22,37 +22,6 @@ dnl with a changed API. +@@ -23,37 +23,6 @@ dnl with a changed API. dnl AC_DEFUN([AM_PATH_KSBA], [ AC_REQUIRE([AC_CANONICAL_HOST]) @@ -23,7 +27,7 @@ index ad8de4f..af903ad 100644 - dnl since that is consistent with how our three siblings use the directory/ - dnl package name in --with-$dir_name-prefix=PFX. - AC_ARG_WITH(libksba-prefix, -- AC_HELP_STRING([--with-libksba-prefix=PFX], +- AS_HELP_STRING([--with-libksba-prefix=PFX], - [prefix where KSBA is installed (optional)]), - ksba_config_prefix="$withval", ksba_config_prefix="") - @@ -53,7 +57,7 @@ index ad8de4f..af903ad 100644 tmp=ifelse([$1], ,1:1.0.0,$1) if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then -@@ -63,56 +32,13 @@ AC_DEFUN([AM_PATH_KSBA], +@@ -64,56 +33,13 @@ AC_DEFUN([AM_PATH_KSBA], min_ksba_version="$tmp" fi @@ -113,7 +117,7 @@ index ad8de4f..af903ad 100644 if test "$tmp" -gt 0 ; then AC_MSG_CHECKING([KSBA API version]) if test "$req_ksba_api" -eq "$tmp" ; then -@@ -125,14 +51,8 @@ AC_DEFUN([AM_PATH_KSBA], +@@ -126,14 +52,8 @@ AC_DEFUN([AM_PATH_KSBA], fi fi if test $ok = yes; then @@ -129,7 +133,7 @@ index ad8de4f..af903ad 100644 if test x"$libksba_config_host" != xnone ; then if test x"$libksba_config_host" != x"$host" ; then AC_MSG_WARN([[ -@@ -146,8 +66,6 @@ AC_DEFUN([AM_PATH_KSBA], +@@ -147,8 +67,6 @@ AC_DEFUN([AM_PATH_KSBA], fi fi else diff --git a/poky/meta/recipes-support/libksba/libksba_1.4.0.bb b/poky/meta/recipes-support/libksba/libksba_1.5.0.bb index a9daf22d7..005389eab 100644 --- a/poky/meta/recipes-support/libksba/libksba_1.4.0.bb +++ b/poky/meta/recipes-support/libksba/libksba_1.5.0.bb @@ -19,7 +19,7 @@ UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://ksba-add-pkgconfig-support.patch" -SRC_URI[sha256sum] = "bfe6a8e91ff0f54d8a329514db406667000cb207238eded49b599761bfca41b6" +SRC_URI[sha256sum] = "ae4af129216b2d7fdea0b5bf2a788cd458a79c983bb09a43f4d525cc87aba0ba" do_configure_prepend () { # Else these could be used in preference to those in aclocal-copy diff --git a/poky/meta/recipes-support/libpcre/libpcre2_10.35.bb b/poky/meta/recipes-support/libpcre/libpcre2_10.36.bb index 35c019c10..d8077a122 100644 --- a/poky/meta/recipes-support/libpcre/libpcre2_10.35.bb +++ b/poky/meta/recipes-support/libpcre/libpcre2_10.36.bb @@ -8,11 +8,11 @@ SUMMARY = "Perl Compatible Regular Expressions version 2" HOMEPAGE = "http://www.pcre.org" SECTION = "devel" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENCE;md5=a06590e9bd4c229532364727aaeaf084" +LIC_FILES_CHKSUM = "file://LICENCE;md5=60c08fab1357bfe9084b333bc33362d6" SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2" -SRC_URI[sha256sum] = "9ccba8e02b0ce78046cdfb52e5c177f0f445e421059e43becca4359c669d4613" +SRC_URI[sha256sum] = "a9ef39278113542968c7c73a31cfcb81aca1faa64690f400b907e8ab6b4a665c" CVE_PRODUCT = "pcre2" diff --git a/poky/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch b/poky/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch deleted file mode 100644 index fedda9dd9..000000000 --- a/poky/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 2d73469c7a17ebfe4330ac6643b0c8abdc125d05 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Wed, 30 Jan 2019 09:29:44 -0800 -Subject: [PATCH] get-pac-test: Fix build with clang/libc++ - -get-pac-test.cpp:55:10: error: assigning to 'int' from incompatible type '__bind<int &, sockaddr *, unsigned int>' - ret = bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Upstream-Status: Submitted [https://github.com/libproxy/libproxy/pull/97] - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - libproxy/test/get-pac-test.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libproxy/test/get-pac-test.cpp b/libproxy/test/get-pac-test.cpp -index 0059dfb..911f296 100644 ---- a/libproxy/test/get-pac-test.cpp -+++ b/libproxy/test/get-pac-test.cpp -@@ -52,7 +52,7 @@ class TestServer { - - setsockopt(m_sock, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i)); - -- ret = bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in)); -+ ret = ::bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in)); - assert(!ret); - - ret = listen(m_sock, 1); --- -2.20.1 - diff --git a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch b/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch deleted file mode 100644 index 3ef7f8545..000000000 --- a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch +++ /dev/null @@ -1,61 +0,0 @@ -From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001 -From: Michael Catanzaro <mcatanzaro@gnome.org> -Date: Wed, 9 Sep 2020 11:12:02 -0500 -Subject: [PATCH] Rewrite url::recvline to be nonrecursive - -This function processes network input. It's semi-trusted, because the -PAC ought to be trusted. But we still shouldn't allow it to control how -far we recurse. A malicious PAC can cause us to overflow the stack by -sending a sufficiently-long line without any '\n' character. - -Also, this function failed to properly handle EINTR, so let's fix that -too, for good measure. - -Fixes #134 - -Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/836c10b60c65e947ff1e10eb02fbcc676d909ffa] -CVE: CVE-2020-25219 -Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> ---- - libproxy/url.cpp | 28 ++++++++++++++++++---------- - 1 file changed, 18 insertions(+), 10 deletions(-) - -diff --git a/libproxy/url.cpp b/libproxy/url.cpp -index ee776b2..68d69cd 100644 ---- a/libproxy/url.cpp -+++ b/libproxy/url.cpp -@@ -388,16 +388,24 @@ string url::to_string() const { - return m_orig; - } - --static inline string recvline(int fd) { -- // Read a character. -- // If we don't get a character, return empty string. -- // If we are at the end of the line, return empty string. -- char c = '\0'; -- -- if (recv(fd, &c, 1, 0) != 1 || c == '\n') -- return ""; -- -- return string(1, c) + recvline(fd); -+static string recvline(int fd) { -+ string line; -+ int ret; -+ -+ // Reserve arbitrary amount of space to avoid small memory reallocations. -+ line.reserve(128); -+ -+ do { -+ char c; -+ ret = recv(fd, &c, 1, 0); -+ if (ret == 1) { -+ if (c == '\n') -+ return line; -+ line += c; -+ } -+ } while (ret == 1 || (ret == -1 && errno == EINTR)); -+ -+ return line; - } - - char* url::get_pac() { diff --git a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch b/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch deleted file mode 100644 index 0ccb99da8..000000000 --- a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 4411b523545b22022b4be7d0cac25aa170ae1d3e Mon Sep 17 00:00:00 2001 -From: Fei Li <lifeibiren@gmail.com> -Date: Fri, 17 Jul 2020 02:18:37 +0800 -Subject: [PATCH] Fix buffer overflow when PAC is enabled - -The bug was found on Windows 10 (MINGW64) when PAC is enabled. It turned -out to be the large PAC file (more than 102400 bytes) returned by a -local proxy program with no content-length present. - -Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/6d342b50366a048d3d543952e2be271b5742c5f8] -CVE: CVE-2020-26154 -Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> - ---- - libproxy/url.cpp | 44 +++++++++++++++++++++++++++++++------------- - 1 file changed, 31 insertions(+), 13 deletions(-) - -diff --git a/libproxy/url.cpp b/libproxy/url.cpp -index ee776b2..8684086 100644 ---- a/libproxy/url.cpp -+++ b/libproxy/url.cpp -@@ -54,7 +54,7 @@ using namespace std; - #define PAC_MIME_TYPE_FB "text/plain" - - // This is the maximum pac size (to avoid memory attacks) --#define PAC_MAX_SIZE 102400 -+#define PAC_MAX_SIZE 0x800000 - // This is the default block size to use when receiving via HTTP - #define PAC_HTTP_BLOCK_SIZE 512 - -@@ -478,15 +478,13 @@ char* url::get_pac() { - } - - // Get content -- unsigned int recvd = 0; -- buffer = new char[PAC_MAX_SIZE]; -- memset(buffer, 0, PAC_MAX_SIZE); -+ std::vector<char> dynamic_buffer; - do { - unsigned int chunk_length; - - if (chunked) { - // Discard the empty line if we received a previous chunk -- if (recvd > 0) recvline(sock); -+ if (!dynamic_buffer.empty()) recvline(sock); - - // Get the chunk-length line as an integer - if (sscanf(recvline(sock).c_str(), "%x", &chunk_length) != 1 || chunk_length == 0) break; -@@ -498,21 +496,41 @@ char* url::get_pac() { - - if (content_length >= PAC_MAX_SIZE) break; - -- while (content_length == 0 || recvd != content_length) { -- int r = recv(sock, buffer + recvd, -- content_length == 0 ? PAC_HTTP_BLOCK_SIZE -- : content_length - recvd, 0); -+ while (content_length == 0 || dynamic_buffer.size() != content_length) { -+ // Calculate length to recv -+ unsigned int length_to_read = PAC_HTTP_BLOCK_SIZE; -+ if (content_length > 0) -+ length_to_read = content_length - dynamic_buffer.size(); -+ -+ // Prepare buffer -+ dynamic_buffer.resize(dynamic_buffer.size() + length_to_read); -+ -+ int r = recv(sock, dynamic_buffer.data() + dynamic_buffer.size() - length_to_read, length_to_read, 0); -+ -+ // Shrink buffer to fit -+ if (r >= 0) -+ dynamic_buffer.resize(dynamic_buffer.size() - length_to_read + r); -+ -+ // PAC size too large, discard -+ if (dynamic_buffer.size() >= PAC_MAX_SIZE) { -+ chunked = false; -+ dynamic_buffer.clear(); -+ break; -+ } -+ - if (r <= 0) { - chunked = false; - break; - } -- recvd += r; - } - } while (chunked); - -- if (content_length != 0 && string(buffer).size() != content_length) { -- delete[] buffer; -- buffer = NULL; -+ if (content_length == 0 || content_length == dynamic_buffer.size()) { -+ buffer = new char[dynamic_buffer.size() + 1]; -+ if (!dynamic_buffer.empty()) { -+ memcpy(buffer, dynamic_buffer.data(), dynamic_buffer.size()); -+ } -+ buffer[dynamic_buffer.size()] = '\0'; - } - } - diff --git a/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb b/poky/meta/recipes-support/libproxy/libproxy_0.4.17.bb index 6f704d7a9..ad81cccf5 100644 --- a/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb +++ b/poky/meta/recipes-support/libproxy/libproxy_0.4.17.bb @@ -8,13 +8,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ DEPENDS = "glib-2.0" -SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz \ - file://0001-get-pac-test-Fix-build-with-clang-libc.patch \ - file://CVE-2020-25219.patch \ - file://CVE-2020-26154.patch \ - " -SRC_URI[md5sum] = "f6b1d2a1e17a99cd3debaae6d04ab152" -SRC_URI[sha256sum] = "654db464120c9534654590b6683c7fa3887b3dad0ca1c4cd412af24fbfca6d4f" +SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz" +SRC_URI[sha256sum] = "bc89f842f654ee1985a31c0ba56dc7e2ce8044a0264ddca84e650f46cd7f8b05" UPSTREAM_CHECK_URI = "https://github.com/libproxy/libproxy/releases" UPSTREAM_CHECK_REGEX = "libproxy-(?P<pver>.*)\.tar" diff --git a/poky/meta/recipes-support/libusb/libusb1_1.0.23.bb b/poky/meta/recipes-support/libusb/libusb1_1.0.24.bb index 2fd658b4e..4c552ae6c 100644 --- a/poky/meta/recipes-support/libusb/libusb1_1.0.23.bb +++ b/poky/meta/recipes-support/libusb/libusb1_1.0.24.bb @@ -12,8 +12,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libusb/libusb-${PV}.tar.bz2 \ file://run-ptest \ " -SRC_URI[md5sum] = "be79ed4a4a440169deec8beaac6aae33" -SRC_URI[sha256sum] = "4fc17b2ef3502757641bf8fe2c14ad86ec86302a2b785abcb0806fd03aa1201f" +SRC_URI[sha256sum] = "7efd2685f7b327326dcfb85cee426d9b871fd70e22caa15bb68d595ce2a2b12a" S = "${WORKDIR}/libusb-${PV}" diff --git a/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb b/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb index e39a7b908..778e09163 100644 --- a/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb +++ b/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb @@ -15,4 +15,7 @@ S = "${WORKDIR}/yaml-${PV}" inherit autotools +DISABLE_STATIC_class-nativesdk = "" +DISABLE_STATIC_class-native = "" + BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/nettle/nettle-3.6/Add-target-to-only-build-tests-not-run-them.patch b/poky/meta/recipes-support/nettle/nettle-3.7/Add-target-to-only-build-tests-not-run-them.patch index e3f5c6de7..e3f5c6de7 100644 --- a/poky/meta/recipes-support/nettle/nettle-3.6/Add-target-to-only-build-tests-not-run-them.patch +++ b/poky/meta/recipes-support/nettle/nettle-3.7/Add-target-to-only-build-tests-not-run-them.patch diff --git a/poky/meta/recipes-support/nettle/nettle-3.6/check-header-files-of-openssl-only-if-enable_.patch b/poky/meta/recipes-support/nettle/nettle-3.7/check-header-files-of-openssl-only-if-enable_.patch index d5f266681..d5f266681 100644 --- a/poky/meta/recipes-support/nettle/nettle-3.6/check-header-files-of-openssl-only-if-enable_.patch +++ b/poky/meta/recipes-support/nettle/nettle-3.7/check-header-files-of-openssl-only-if-enable_.patch diff --git a/poky/meta/recipes-support/nettle/nettle-3.6/dlopen-test.patch b/poky/meta/recipes-support/nettle/nettle-3.7/dlopen-test.patch index ab9b91f88..ab9b91f88 100644 --- a/poky/meta/recipes-support/nettle/nettle-3.6/dlopen-test.patch +++ b/poky/meta/recipes-support/nettle/nettle-3.7/dlopen-test.patch diff --git a/poky/meta/recipes-support/nettle/nettle-3.6/run-ptest b/poky/meta/recipes-support/nettle/nettle-3.7/run-ptest index b90bed66d..b90bed66d 100644 --- a/poky/meta/recipes-support/nettle/nettle-3.6/run-ptest +++ b/poky/meta/recipes-support/nettle/nettle-3.7/run-ptest diff --git a/poky/meta/recipes-support/nettle/nettle_3.6.bb b/poky/meta/recipes-support/nettle/nettle_3.7.bb index 90f8625ae..2c219c2a1 100644 --- a/poky/meta/recipes-support/nettle/nettle_3.6.bb +++ b/poky/meta/recipes-support/nettle/nettle_3.7.bb @@ -1,5 +1,8 @@ SUMMARY = "A low level cryptographic library" HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/" +DESCRIPTION = "It tries to solve a problem of providing a common set of \ +cryptographic algorithms for higher-level applications by implementing a \ +context-independent set of cryptographic algorithms" SECTION = "libs" LICENSE = "LGPLv3+ | GPLv2+" @@ -20,8 +23,7 @@ SRC_URI_append_class-target = "\ file://dlopen-test.patch \ " -SRC_URI[md5sum] = "c45ee24ed7361dcda152a035d396fe8a" -SRC_URI[sha256sum] = "d24c0d0f2abffbc8f4f34dcf114b0f131ec3774895f3555922fe2f40f3d5e3f1" +SRC_URI[sha256sum] = "f001f64eb444bf13dd91bceccbc20acbc60c4311d6e2b20878452eb9a9cec75a" UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-support/p11-kit/p11-kit_0.23.21.bb b/poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb index b1fd2334b..c539ecdbc 100644 --- a/poky/meta/recipes-support/p11-kit/p11-kit_0.23.21.bb +++ b/poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb @@ -2,17 +2,18 @@ SUMMARY = "Provides a way to load and enumerate PKCS#11 modules" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=02933887f609807fbb57aa4237d14a50" -inherit meson gettext pkgconfig gtk-doc bash-completion +inherit meson gettext pkgconfig gtk-doc bash-completion manpages DEPENDS = "libtasn1 libtasn1-native libffi" DEPENDS_append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}" -SRC_URI = "git://github.com/p11-glue/p11-kit" -SRCREV = "fd8b56f3ee971f94dc6fc95411fc01e1c12153ab" +SRC_URI = "git://github.com/p11-glue/p11-kit;branch=0.23" +SRCREV = "bd97afbfe28d5fbbde95ce36ff7a8834fc0291ee" S = "${WORKDIR}/git" PACKAGECONFIG ??= "" +PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false,libxslt-native" PACKAGECONFIG[trust-paths] = "-Dtrust_paths=/etc/ssl/certs/ca-certificates.crt,,,ca-certificates" GTKDOC_MESON_OPTION = 'gtk_doc' diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/0001-rngd-fix-debug-to-also-filter-syslog-calls.patch b/poky/meta/recipes-support/rng-tools/rng-tools/0001-rngd-fix-debug-to-also-filter-syslog-calls.patch deleted file mode 100644 index 073337866..000000000 --- a/poky/meta/recipes-support/rng-tools/rng-tools/0001-rngd-fix-debug-to-also-filter-syslog-calls.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 213a869e8315ead2c739acfcbde712358a842dee Mon Sep 17 00:00:00 2001 -From: Yann Dirson <yann@blade-group.com> -Date: Fri, 9 Oct 2020 15:12:26 +0200 -Subject: [PATCH] rngd: fix --debug to also filter syslog() calls - -Debug logs were only controlled by --debug flag while in --foreground -mode. In --daemon mode /var/log/message got stuffed with details of -entropy pool refilling, which is useless in production, and hamful -when log rotation then gets rid of the more useful logs. This is -especially true for embedded systems. - -This change makes the two modes consistently only produce debug logs when ---debug is specified. - -Upstream-Status: Backport [213a869e8315ead2c739acfcbde712358a842dee] - -Signed-off-by: Yann Dirson <yann@blade-group.com> ---- - rngd.h | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/rngd.h b/rngd.h -index 901b6f1..a79ea0f 100644 ---- a/rngd.h -+++ b/rngd.h -@@ -166,13 +166,13 @@ extern bool quiet; - #define message(priority,fmt,args...) do { \ - if (quiet) \ - break;\ -+ if (arguments->debug == false && LOG_PRI(priority) == LOG_DEBUG) \ -+ break;\ - if (am_daemon) { \ - syslog((priority), fmt, ##args); \ - } else if (!msg_squash) { \ -- if ((LOG_PRI(priority) != LOG_DEBUG) || (arguments->debug == true)) {\ -- fprintf(stderr, fmt, ##args); \ -- fflush(stderr); \ -- } \ -+ fprintf(stderr, fmt, ##args); \ -+ fflush(stderr); \ - } \ - } while (0) - --- -2.28.0 - diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch b/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch deleted file mode 100644 index 96301617b..000000000 --- a/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch +++ /dev/null @@ -1,42 +0,0 @@ -From a4b6d9ce64f132e463b9091d0536913ddaf11516 Mon Sep 17 00:00:00 2001 -From: Neil Horman <nhorman@tuxdriver.com> -Date: Thu, 30 Apr 2020 16:57:35 -0400 -Subject: [PATCH] Remove name conflict with libc encrypt -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Forgot to fixup the funciton name conflict with libcs encrypt() function -on power systems - -Upstream-Status: Backport [https://github.com/nhorman/rng-tools/commit/a4b6d9ce64f132e463b9091d0536913ddaf11516] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> -Signed-off-by: Neil Horman <nhorman@tuxdriver.com> -Reported-by: Natanael Copa <ncopa@alpinelinux.org> -Reported-by: "Milan P. Stanić" <mps@arvanta.net> ---- - rngd_darn.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/rngd_darn.c b/rngd_darn.c -index 35df7a1..9345895 100644 ---- a/rngd_darn.c -+++ b/rngd_darn.c -@@ -109,7 +109,7 @@ static int init_openssl(struct rng *ent_src) - return 0; - } - --int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, -+static int osslencrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, - unsigned char *iv, unsigned char *ciphertext) - { - int len; -@@ -150,7 +150,7 @@ static inline int openssl_mangle(unsigned char *tmp, struct rng *ent_src) - unsigned char ciphertext[CHUNK_SIZE * RDRAND_ROUNDS]; - - /* Encrypt the plaintext */ -- ciphertext_len = encrypt (tmp, strlen(tmp), key, iv_buf, -+ ciphertext_len = osslencrypt (tmp, strlen(tmp), key, iv_buf, - ciphertext); - printf("Calling mangle with len %d\n", ciphertext_len); - if (!ciphertext_len) diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch b/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch deleted file mode 100644 index 93103ef79..000000000 --- a/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch +++ /dev/null @@ -1,51 +0,0 @@ -From dab16a5fd4efde8ef569b358e19b1fcbc7d0d938 Mon Sep 17 00:00:00 2001 -From: Fabrice Fontaine <fontaine.fabrice@gmail.com> -Date: Mon, 30 Mar 2020 00:10:46 +0200 -Subject: [PATCH] rngd_jitter: disambiguate call to encrypt - -Commit 0f184ea7e792427fb20afe81d471b565aee96f0b disambiguate the call to -encrypt in rngd_rdrand.c but did not update rngd_jitter.c. - -This raise the following build failure: - -rngd_jitter.c:75:12: error: conflicting types for 'encrypt' - static int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, - ^~~~~~~ -In file included from rngd_jitter.c:27: -/home/dawncrow/buildroot-test/scripts/instance-0/output-1/host/powerpc-buildroot-linux-uclibc/sysroot/usr/include/unistd.h:1132:13: note: previous declaration of 'encrypt' was here - extern void encrypt (char *__block, int __edflag) __THROW __nonnull ((1)); - ^~~~~~~ -Makefile:770: recipe for target 'rngd-rngd_jitter.o' failed - -Fixes: - - http://autobuild.buildroot.org/results/0ca6bf16e3acbc94065b88c4442d6595424b77cb - -Upstream-Status: Backport [https://github.com/nhorman/rng-tools/commit/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> -Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> ---- - rngd_jitter.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/rngd_jitter.c b/rngd_jitter.c -index c1b1aca..49a3825 100644 ---- a/rngd_jitter.c -+++ b/rngd_jitter.c -@@ -72,7 +72,7 @@ unsigned char *aes_buf; - char key[AES_BLOCK]; - static unsigned char iv_buf[CHUNK_SIZE] __attribute__((aligned(128))); - --static int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, -+static int osslencrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, - unsigned char *iv, unsigned char *ciphertext) - { - EVP_CIPHER_CTX *ctx; -@@ -122,7 +122,7 @@ static inline int openssl_mangle(unsigned char *tmp, struct rng *ent_src) - unsigned char ciphertext[CHUNK_SIZE * RDRAND_ROUNDS]; - - /* Encrypt the plaintext */ -- ciphertext_len = encrypt (tmp, strlen(tmp), key, iv_buf, -+ ciphertext_len = osslencrypt (tmp, strlen(tmp), key, iv_buf, - ciphertext); - if (!ciphertext_len) - return -1; diff --git a/poky/meta/recipes-support/rng-tools/rng-tools_6.10.bb b/poky/meta/recipes-support/rng-tools/rng-tools_6.11.bb index 40ec5ad67..61a0cef2e 100644 --- a/poky/meta/recipes-support/rng-tools/rng-tools_6.10.bb +++ b/poky/meta/recipes-support/rng-tools/rng-tools_6.11.bb @@ -10,14 +10,11 @@ DEPENDS = "sysfsutils openssl" SRC_URI = "\ git://github.com/nhorman/rng-tools.git \ - file://a4b6d9ce64f132e463b9091d0536913ddaf11516.patch \ - file://dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch \ - file://0001-rngd-fix-debug-to-also-filter-syslog-calls.patch \ file://init \ file://default \ file://rngd.service \ " -SRCREV = "0be82200a66d9321451e0a0785bfae350b9cffdc" +SRCREV = "2ea13473fd5bfea3c861dc0e23bd65e2afe8007b" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb index e82c818e5..5509c99c4 100644 --- a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb +++ b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb @@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS = "libxml2 itstool-native glib-2.0 shared-mime-info-native xmlto-native" SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https" -SRCREV = "ef58b2b2f7ad4070171c6e45e3b3764daa3ff2c1" -PV = "2.0" +SRCREV = "18e558fa1c8b90b86757ade09a4ba4d6a6cf8f70" +PV = "2.1" S = "${WORKDIR}/git" inherit meson pkgconfig gettext python3native mime diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.33.0.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.34.1.bb index 33f041a16..fe5adb221 100644 --- a/poky/meta/recipes-support/sqlite/sqlite3_3.33.0.bb +++ b/poky/meta/recipes-support/sqlite/sqlite3_3.34.1.bb @@ -3,8 +3,8 @@ require sqlite3.inc LICENSE = "PD" LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" -SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz" -SRC_URI[sha256sum] = "106a2c48c7f75a298a7557bcc0d5f4f454e5b43811cc738b7ca294d6956bbb15" +SRC_URI = "http://www.sqlite.org/2021/sqlite-autoconf-${SQLITE_PV}.tar.gz" +SRC_URI[sha256sum] = "2a3bca581117b3b88e5361d0ef3803ba6d8da604b1c1a47d902ef785c1b53e89" # -19242 is only an issue in specific development branch commits CVE_CHECK_WHITELIST += "CVE-2019-19242" |