From 72956edabebd4188f98e3b0d9f8ce727e8d13ea3 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Fri, 8 Jan 2021 16:11:14 -0600 Subject: meta-openembedded: subtree update:936f2380bb..4599fea881 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Alexander Vickberg (1): mbedtls: upgrade to 2.25.0 Andreas Müller (44): xfce4-panel-profiles: upgrade 1.0.10 -> 1.0.12 mousepad: upgrade 0.4.2 -> 0.5.2 xfce4-screenshooter: upgrade 1.9.7 -> 1.9.8 xfce4-taskmanager: upgrade 1.2.3 -> 1.4.0 xfce4-calculator-plugin: upgrade 0.7.0 -> 0.7.1 xfce4-cpugraph-plugin: upgrade 1.1.0 -> 1.2.0 xfce4-datetime-plugin: upgrade 0.8.0 -> 0.8.1 xfce4-diskperf-plugin: upgrade 2.6.2 -> 2.6.3 xfce4-fsguard-plugin: upgrade 1.1.1 -> 1.1.2 xfce4-smartbookmark-plugin: upgrade 0.5.1 -> 0.5.2 xfce4-systemload-plugin: upgrade 1.2.3 -> 1.2.4 xfce4-verve-plugin: upgrade 2.0.0 -> 2.0.1 xfce4-wavelan-plugin: upgrade 0.6.1 -> 0.6.2 xfce4-whiskermenu-plugin: upgrade 2.4.6 -> 2.5.1 xfce4-xkb-plugin: upgrade 0.8.1 -> 0.8.2 xfce4-mount-plugin: upgrade 1.1.3 -> 1.1.5 xfce4-dev-tools: upgrade 4.14.0 -> 4.16.0 libxfce4util: upgrade 4.14.0 -> 4.16.0 xfconf: upgrade 4.14.3 -> 4.16.0 libxfce4ui: upgrade 4.14.1 -> 4.16.0 exo: upgrade 0.12.11 -> 4.16.0 garcon: upgrade 0.7.0 -> 0.8.0 xfwm4: upgrade 4.14.5 -> 4.16.0 xfce4-settings: upgrade 4.14.3 -> 4.16.0 xfce4-panel: upgrade 4.14.4 -> 4.16.0 xfce4-session: upgrade 4.14.2 -> 4.16.0 xfdesktop: upgrade 4.14.2 -> 4.16.0 xfce4-power-manager: upgrade 1.6.6 -> 4.16.0 tumbler: upgrade 0.3.1 -> 4.16.0 thunar-volman: upgrade 0.9.5 -> 4.16.0 thunar: upgrade 1.8.15 -> 4.16.0 xfce4-appfinder: upgrade 4.14.0 -> 4.16.0 xfce4-terminal: 0.8.9.2 -> 0.8.10 xfce4-screensaver: upgrade 0.1.10 -> 4.16.0 xfce4-taskmanager: remove exo-native from DEPENDS xfce4-closebutton-plugin: upgrade 0.1.0+ -> 4.16.0 xfce4-sensors-plugin: upgrade 1.3.92 -> 1.3.95 xfce4-genmon-plugin: upgrade 4.0.2 -> 4.1.0 xfce4-hotcorner-plugin: remove xfce4-embed-plugin: remove for now xfce4-equake-plugin: remove for now xfce4-notes-plugin: remove for now fluidsynth: upgrade 2.1.5 -> 2.1.6 blueman: upgrade 2.1.3 -> 2.1.4 Bruce Ashfield (1): vboxguestdrivers: fix build against kernel v5.10+ Caio Toledo (3): Add recipe for dbus-cxx Add dbus-cxx to packagegroup-meta-oe Fix dbus-cxx build for musl Changqing Li (1): libssh2: enhance ptest Chen Qi (1): tclap: fix branch Chencheng Zhang (1): tclap: align version to tag v1.2.2 Diego Santa Cruz (2): gssdp: Upgrade to 1.2.2 -> 1.2.3 gupnp: Upgrade to 1.2.2 -> 1.2.4 Dmitry Baryshkov (11): android-tools-conf-configfs: add an alternative to anrdoid-tools-conf android-tools-conf: fix android-tools build-deps warning conf/layer.conf: provide default PREFERRED_PROVIDER_android-tools-conf imlib2: add image manipulation libray from englightenment project feh: imlib2 based image viewer obconf: Openbox configuration tool xterm: install xterm and uxterm desktop files xterm: update to version 362 xterm: provide virtual/x-terminal-emulator layer.conf: add gnome-layer dynamic entry openbox-xdgmenu: Openbox menu generator He Zhe (2): ebtables: Add symbol link /sbin/ebtables lmbench: Fix setting LDLIBS failure Hongxu Jia (2): flatbuffers: add python3 support python3-wrapt: add native support Joe Slater (1): multipath-tools: fix error handling for udev_monitor_set_receive_buffer_size Khem Raj (9): pidgin-sipe: Do not add native libdir to pkgconfig search path sdbus-c++-libsystemd: Fix reallocarray check in meson networkmanager: Fix reallocarray check in meson and configure redis: Update to 6.0.9 python3-matplotlib: Disable LTO on mips/clang cyrus-sasl: Disable ntlm plugin by default postgresql: Use /dev/urandom when openssl is not used xrdp: Upgrade to 0.9.14 iwd: Upgrade to 1.10 Leon Anavi (33): python3-stevedore: Upgrade 3.2.2 -> 3.3.0 python3-pychromecast: Upgrade 7.5.1 -> 7.6.0 python3-humanize: Upgrade 3.1.0 -> 3.2.0 python3-fasteners: Upgrade 0.15 -> 0.16 python3-luma-core: Upgrade 2.0.1 -> 2.2.0 python3-chardet: Upgrade 3.0.4 -> 4.0.0 python3-watchdog: Upgrade 0.10.3 -> 1.0.2 python3-natsort: Upgrade 7.0.1 -> 7.1.0 python3-gmqtt: Upgrade 0.6.8 -> 0.6.9 python3-pymongo: Upgrade 3.11.0 -> 3.11.2 python3-requests: Upgrade 2.25.0 -> 2.25.1 python3-nocasedict: Upgrade 1.0.1 -> 1.0.2 python3-soupsieve: Upgrade 2.0.1 -> 2.1 python3-jsonpatch: Upgrade 1.26 -> 1.28 python3-psutil: Upgrade 5.7.3 -> 5.8.0 python3-argcomplete: Upgrade 1.12.1 -> 1.12.2 python3-multidict: Upgrade 5.0.0 -> 5.1.0 python3-nocaselist: Upgrade 1.0.3 -> 1.0.4 python3-prompt-toolkit: Upgrade 3.0.8 -> 3.0.9 python3-pychromecast: Upgrade 7.6.0 -> 7.7.1 python3-txaio: Upgrade 20.4.1 -> 20.12.1 python3-croniter: Upgrade 0.3.36 -> 0.3.37 python3-pandas: Upgrade 1.1.4 -> 1.2.0 python3-sympy: Upgrade 1.6.2 -> 1.7.1 python3-twine: Upgrade 3.2.0 -> 3.3.0 python3-humanfriendly: Upgrade 8.2 -> 9.1 python3-sqlalchemy: Upgrade 1.3.20 -> 1.3.22 python3-transitions: Upgrade 0.8.5 -> 0.8.6 python3-pytest-metadata: Upgrade 1.10.0 -> 1.11.0 python3-smbus2: Upgrade 0.3.0 -> 0.4.0 python3-cantools: Upgrade 35.5.0 -> 36.1.0 python3-sentry-sdk: Upgrade 0.19.1 -> 0.19.5 python3-babel: Upgrade 2.8.0 -> 2.9.0 Mark Jonas (1): beep: Update to 1.4.9 in new repository Martin Jansa (1): linuxconsole: move jscal to separate package, add to packagegroup Michael Vetter (1): jasper: upgrade 2.0.23 -> 2.0.24 Mingli Yu (3): traceroute: change the ALTERNATIVE_PRIORITY tftp-hpa: change the ALTERNATIVE_PRIORITY python3-astor: switch to python3 Ola X Nilsson (1): python3-idna Remove 2.8 Qi.Chen@windriver.com (1): python3-requests: upgrade to 2.25.0 Ramon Fried (2): bitwise: add new recipe yaml-cpp: add new recipe Roland Hieber (3): openct: remove lines that resulted in a no-op openct: clean up do_install openct: allow building as native package Sean Nyekjaer (1): nodejs: 12.19.1 -> 12.20.1 Stacy Gaikovaia (1): nodejs: 12.19.0 -> 12.19.1 Trevor Woerner (1): glmark2: fix precision handling bugs Wang Mingyu (1): zabbix: CVE-2020-15803 Security Advisory Wenlin Kang (1): syslog-ng: add bison-native to dependencies Yi Zhao (9): ebtables: do not install /etc/ethertypes yaffs2-utils: update to latest git rev f2fs-tools: upgrade 1.13.0 -> 1.14.0 dracut: upgrade 049 -> 051 ebtables: add missing file ebtables.common ebtables: remove upstream ebtables-legacy-save ebtables: do not install /etc/ethertypes tcpdump: add UPSTREAM_CHECK_REGEX phpmyadmin: 5.0.2 -> 5.0.4 Zang Ruochen (5): mcpp: Normalize the patch format of CVE python3-aenum: upgrade 2.2.4 -> 2.2.6 python3-autobahn: upgrade 20.7.1 -> 20.12.3 python3-bandit: upgrade 1.6.2 -> 1.7.0 python3-cachetools: upgrade 4.1.1 -> 4.2.0 Zheng Ruoqin (5): samba: CVE-2020-14318 Security Advisory samba: CVE-2020-14383 Security Advisory php: CVE-2020-7070 php: CVE-2020-7069 poppler: upgrade 20.11.0 -> 20.12.1 changqing.li@windriver.com (3): postgresql: upgrade 12.4 -> 13.1 nginx: upgrade 1.16.1 -> 1.18.0 nginx: upgrade 1.17.8 -> 1.19.6 jabdoa2 (2): libsdl2-mixer: Fix ogg/vorbis support in libsdl2-mixer libsdl2-mixer: set --disable-music-ogg-shared to link statically lumag (2): android-tools: fix package split android-tools: split adbd to the separate package zangrc (35): fuse3: upgrade 3.10.0 -> 3.10.1 openipmi: upgrade 2.0.29 -> 2.0.30 vblade: upgrade 24 -> 25 dumb-init: upgrade 1.2.2 -> 1.2.5 fio: upgrade 3.24 -> 3.25 hwdata: upgrade 0.341 -> 0.342 nano: upgrade 5.3 -> 5.4 ocl-icd: upgrade 2.2.13 -> 2.2.14 ebtables: upgrade 2.0.10-4 -> 2.0.11 iscsi-initiator-utils: upgrade 2.1.2 -> 2.1.3 opencl-headers: upgrade 2020.06.16 -> 2020.12.18 opencl-icd-loader: upgrade 2020.06.16 -> 2020.12.18 c-periphery: upgrade 2.2.5 -> 2.3.0 opencl-clhpp: upgrade 2.0.12 -> 2.0.13 uthash: upgrade 2.1.0 -> 2.2.0 libtalloc: upgrade 2.3.0 -> 2.3.1 libtevent: upgrade 0.10.1 -> 0.10.2 ace: upgrade 6.5.10 -> 6.5.12 python3-ldap: upgrade 3.2.0 -> 3.3.1 wolfssl: upgrade 4.5.0 -> 4.6.0 asio: upgrade 1.18.0 -> 1.18.1 dash: upgrade 0.5.11.2 -> 0.5.11.3 geoclue: upgrade 2.5.6 -> 2.5.7 libmicrohttpd: upgrade 0.9.71 -> 0.9.72 nss: upgrade 3.59 -> 3.60 paho-mqtt-c: upgrade 1.3.7 -> 1.3.8 terminus-font: upgrade 4.48 -> 4.49.1 libnet-ldap-perl: upgrade 0.66 -> 0.67 rdma-core: upgrade 32.0 -> 33.0 can-utils: upgrade 2020.11.0 -> 2020.12.0 cpprest: upgrade 2.10.16 -> 2.10.17 haveged: upgrade 1.9.13 -> 1.9.14 live555: upgrade 20201105 -> 20210101 smartmontools: upgrade 7.1 -> 7.2 openjpeg: upgrade 2.3.1 -> 2.4.0 zhengruoqin (12): pugixml: upgrade 1.11 -> 1.11.2 spdlog: upgrade 1.8.1 -> 1.8.2 spitools: upgrade 0.8.5 -> 0.8.6 uhubctl: upgrade 2.2.0 -> 2.3.0 xserver-xorg-cvt-native: upgrade 1.20.9 -> 1.20.10 zchunk: upgrade 1.1.7 -> 1.1.8 libencode-perl: upgrade 3.07 -> 3.08 bridge-utils: upgrade 1.6 -> 1.7 netplan: upgrade 0.100 -> 0.101 opensaf: upgrade 5.20.08 -> 5.20.11 cppzmq: upgrade 4.7.0 -> 4.7.1 gperftools: upgrade 2.8 -> 2.8.1 Signed-off-by: Andrew Geissler Change-Id: I53939ad487155ca87e27cfd77d65962458d892e0 --- .../recipes-connectivity/blueman/blueman_2.1.3.bb | 59 --------- .../recipes-connectivity/blueman/blueman_2.1.4.bb | 59 +++++++++ ...x-incorrect-EOF-check-in-ssl_context_info.patch | 57 --------- .../recipes-connectivity/mbedtls/mbedtls_2.24.0.bb | 45 ------- .../recipes-connectivity/mbedtls/mbedtls_2.25.0.bb | 43 +++++++ .../netplan/0001-dbus-Remove-unused-variabes.patch | 22 ++-- ...1-don-t-fail-if-GLOB_BRACE-is-not-defined.patch | 30 +++++ ...akefile-Exclude-.h-files-from-target-rule.patch | 16 ++- .../recipes-connectivity/netplan/netplan_0.100.bb | 61 --------- .../recipes-connectivity/netplan/netplan_0.101.bb | 62 +++++++++ .../networkmanager/fix_reallocarray_check.patch | 27 ++++ .../networkmanager/networkmanager_1.22.14.bb | 1 + .../samba/samba/CVE-2020-14318.patch | 142 +++++++++++++++++++++ .../samba/samba/CVE-2020-14383.patch | 112 ++++++++++++++++ .../recipes-connectivity/samba/samba_4.10.18.bb | 2 + ...verseWords-available-for-big-and-little-e.patch | 32 ----- .../recipes-connectivity/wolfssl/wolfssl_4.5.0.bb | 23 ---- .../recipes-connectivity/wolfssl/wolfssl_4.6.0.bb | 22 ++++ 18 files changed, 523 insertions(+), 292 deletions(-) delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.1.3.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.1.4.bb delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls/fix-incorrect-EOF-check-in-ssl_context_info.patch delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.24.0.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.25.0.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-don-t-fail-if-GLOB_BRACE-is-not-defined.patch delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.100.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.101.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14318.patch create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl/0001-Make-ByteReverseWords-available-for-big-and-little-e.patch delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_4.5.0.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_4.6.0.bb (limited to 'meta-openembedded/meta-networking/recipes-connectivity') diff --git a/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.1.3.bb b/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.1.3.bb deleted file mode 100644 index 9143a67ae..000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.1.3.bb +++ /dev/null @@ -1,59 +0,0 @@ -DESCRIPTION = "Blueman is a GTK+ Bluetooth Manager" -LICENSE = "GPLv3" -LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" - -DEPENDS = "bluez5 python3-pygobject python3-cython-native python3-setuptools-native intltool-native" - -inherit autotools systemd gsettings python3native gtk-icon-cache - -SRC_URI = " \ - https://github.com/blueman-project/blueman/releases/download/${PV}/blueman-${PV}.tar.xz \ - file://0001-Search-for-cython3.patch \ - file://0002-fix-fail-to-enable-bluetooth.patch \ -" -SRC_URI[sha256sum] = "3bd02e0cc9e2c1424df1fc2015da710a280ef4c657515727e47eafabf8c2cfde" - -EXTRA_OECONF = " \ - --disable-appindicator \ - --disable-runtime-deps-check \ - --disable-schemas-compile \ -" - -SYSTEMD_SERVICE_${PN} = "${BPN}-mechanism.service" -SYSTEMD_AUTO_ENABLE_${PN} = "disable" - -RRECOMENDS_${PN} += "adwaita-icon-theme" -RDEPENDS_${PN} += " \ - python3-core \ - python3-dbus \ - packagegroup-tools-bluetooth \ -" - -PACKAGECONFIG ??= "thunar" -PACKAGECONFIG[thunar] = "--enable-thunar-sendto,--disable-thunar-sendto" - -FILES_${PN} += " \ - ${datadir}/dbus-1 \ - ${datadir}/Thunar \ - ${systemd_user_unitdir} \ - ${exec_prefix}${systemd_system_unitdir} \ - ${PYTHON_SITEPACKAGES_DIR} \ -" - -FILES_${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/_blueman.a" - -# In code, path to python is a variable that is replaced with path to native version of it -# during the configure stage, e.g ../recipe-sysroot-native/usr/bin/python3-native/python3. -# Replace it with #!/usr/bin/env python3 -do_install_append() { - sed -i "1s/.*/#!\/usr\/bin\/env python3/" ${D}${prefix}/libexec/blueman-rfcomm-watcher \ - ${D}${prefix}/libexec/blueman-mechanism \ - ${D}${bindir}/blueman-tray \ - ${D}${bindir}/blueman-services \ - ${D}${bindir}/blueman-sendto \ - ${D}${bindir}/blueman-report \ - ${D}${bindir}/blueman-manager \ - ${D}${bindir}/blueman-assistant \ - ${D}${bindir}/blueman-applet \ - ${D}${bindir}/blueman-adapters -} diff --git a/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.1.4.bb b/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.1.4.bb new file mode 100644 index 000000000..29bef230e --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.1.4.bb @@ -0,0 +1,59 @@ +DESCRIPTION = "Blueman is a GTK+ Bluetooth Manager" +LICENSE = "GPLv3" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +DEPENDS = "bluez5 python3-pygobject python3-cython-native python3-setuptools-native intltool-native" + +inherit autotools systemd gsettings python3native gtk-icon-cache + +SRC_URI = " \ + https://github.com/blueman-project/blueman/releases/download/${PV}/blueman-${PV}.tar.xz \ + file://0001-Search-for-cython3.patch \ + file://0002-fix-fail-to-enable-bluetooth.patch \ +" +SRC_URI[sha256sum] = "1d9c3d39a564d88851aa8de509f16bfa586b0b50f4307dc6c6347ba4833664da" + +EXTRA_OECONF = " \ + --disable-appindicator \ + --disable-runtime-deps-check \ + --disable-schemas-compile \ +" + +SYSTEMD_SERVICE_${PN} = "${BPN}-mechanism.service" +SYSTEMD_AUTO_ENABLE_${PN} = "disable" + +RRECOMENDS_${PN} += "adwaita-icon-theme" +RDEPENDS_${PN} += " \ + python3-core \ + python3-dbus \ + packagegroup-tools-bluetooth \ +" + +PACKAGECONFIG ??= "thunar" +PACKAGECONFIG[thunar] = "--enable-thunar-sendto,--disable-thunar-sendto" + +FILES_${PN} += " \ + ${datadir}/dbus-1 \ + ${datadir}/Thunar \ + ${systemd_user_unitdir} \ + ${exec_prefix}${systemd_system_unitdir} \ + ${PYTHON_SITEPACKAGES_DIR} \ +" + +FILES_${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/_blueman.a" + +# In code, path to python is a variable that is replaced with path to native version of it +# during the configure stage, e.g ../recipe-sysroot-native/usr/bin/python3-native/python3. +# Replace it with #!/usr/bin/env python3 +do_install_append() { + sed -i "1s/.*/#!\/usr\/bin\/env python3/" ${D}${prefix}/libexec/blueman-rfcomm-watcher \ + ${D}${prefix}/libexec/blueman-mechanism \ + ${D}${bindir}/blueman-tray \ + ${D}${bindir}/blueman-services \ + ${D}${bindir}/blueman-sendto \ + ${D}${bindir}/blueman-report \ + ${D}${bindir}/blueman-manager \ + ${D}${bindir}/blueman-assistant \ + ${D}${bindir}/blueman-applet \ + ${D}${bindir}/blueman-adapters +} diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls/fix-incorrect-EOF-check-in-ssl_context_info.patch b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls/fix-incorrect-EOF-check-in-ssl_context_info.patch deleted file mode 100644 index 836fce91e..000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls/fix-incorrect-EOF-check-in-ssl_context_info.patch +++ /dev/null @@ -1,57 +0,0 @@ -From d696e7d91e42a190d06760279d2e396392143454 Mon Sep 17 00:00:00 2001 -From: Nayna Jain -Date: Thu, 13 Aug 2020 19:17:53 +0000 -Subject: [PATCH] programs/ssl: Fix incorrect EOF check in ssl_context_info.c - -In `read_next_b64_code()`, the result of fgetc() is stored into a char, -but later compared against EOF, which is generally -1. On platforms -where char is unsigned, this generates a compiler warning/error that the -comparison will never be true (causing a build failure). The value will -never match, with the function ultimately bailing with a "Too many bad -symbols are detected" error. - -On platforms with signed char, EOF is detected, but a file containing a -0xFF character will causes a premature end of file exit of the loop. - -Fix this by changing the result to an int. - -Fixes #3794. - -Signed-off-by: Nayna Jain -Signed-off-by: David Brown ---- - ChangeLog.d/bugfix_3794.txt | 4 ++++ - programs/ssl/ssl_context_info.c | 4 ++-- - 2 files changed, 6 insertions(+), 2 deletions(-) - create mode 100644 ChangeLog.d/bugfix_3794.txt - -diff --git a/ChangeLog.d/bugfix_3794.txt b/ChangeLog.d/bugfix_3794.txt -new file mode 100644 -index 0000000000..a483ea76ae ---- /dev/null -+++ b/ChangeLog.d/bugfix_3794.txt -@@ -0,0 +1,4 @@ -+Bugfix -+ * Fix handling of EOF against 0xff bytes and on platforms with -+ unsigned chars. Fixes a build failure on platforms where char is -+ unsigned. Fixes #3794. -diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c -index df8819a804..d109c1e6f7 100644 ---- a/programs/ssl/ssl_context_info.c -+++ b/programs/ssl/ssl_context_info.c -@@ -377,13 +377,13 @@ size_t read_next_b64_code( uint8_t **b64, size_t *max_len ) - int valid_balance = 0; /* balance between valid and invalid characters */ - size_t len = 0; - char pad = 0; -- char c = 0; -+ int c = 0; - - while( EOF != c ) - { - char c_valid = 0; - -- c = (char) fgetc( b64_file ); -+ c = fgetc( b64_file ); - - if( pad > 0 ) - { diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.24.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.24.0.bb deleted file mode 100644 index e3a016956..000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.24.0.bb +++ /dev/null @@ -1,45 +0,0 @@ -SUMMARY = "Lightweight crypto and SSL/TLS library" -DESCRIPTION = "mbedtls is a lean open source crypto library \ -for providing SSL and TLS support in your programs. It offers \ -an intuitive API and documented header files, so you can actually \ -understand what the code does. It features: \ - \ - - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4, \ - Camellia and XTEA \ - - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5 \ - - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG \ - - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \ - ECDSA and ECDH \ - - SSL v3 and TLS 1.0, 1.1 and 1.2 \ - - Abstraction layers for ciphers, hashes, public key operations, \ - platform abstraction and threading \ -" - -HOMEPAGE = "https://tls.mbed.org/" - -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" - -SECTION = "libs" - -S = "${WORKDIR}/git" -SRCREV = "523f0554b6cdc7ace5d360885c3f5bbcc73ec0e8" -SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=development \ - file://fix-incorrect-EOF-check-in-ssl_context_info.patch \ -" - -inherit cmake - -PACKAGECONFIG ??= "shared-libs programs" -PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF" -PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF" - -EXTRA_OECMAKE = "-DENABLE_TESTING=OFF -DLIB_INSTALL_DIR:STRING=${libdir}" - -PROVIDES += "polarssl" -RPROVIDES_${PN} = "polarssl" - -PACKAGES =+ "${PN}-programs" -FILES_${PN}-programs = "${bindir}/" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.25.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.25.0.bb new file mode 100644 index 000000000..27c1b209d --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.25.0.bb @@ -0,0 +1,43 @@ +SUMMARY = "Lightweight crypto and SSL/TLS library" +DESCRIPTION = "mbedtls is a lean open source crypto library \ +for providing SSL and TLS support in your programs. It offers \ +an intuitive API and documented header files, so you can actually \ +understand what the code does. It features: \ + \ + - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4, \ + Camellia and XTEA \ + - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5 \ + - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG \ + - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \ + ECDSA and ECDH \ + - SSL v3 and TLS 1.0, 1.1 and 1.2 \ + - Abstraction layers for ciphers, hashes, public key operations, \ + platform abstraction and threading \ +" + +HOMEPAGE = "https://tls.mbed.org/" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SECTION = "libs" + +S = "${WORKDIR}/git" +SRCREV = "1c54b5410fd48d6bcada97e30cac417c5c7eea67" +SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=development" + +inherit cmake + +PACKAGECONFIG ??= "shared-libs programs" +PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF" +PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF" + +EXTRA_OECMAKE = "-DENABLE_TESTING=OFF -DLIB_INSTALL_DIR:STRING=${libdir}" + +PROVIDES += "polarssl" +RPROVIDES_${PN} = "polarssl" + +PACKAGES =+ "${PN}-programs" +FILES_${PN}-programs = "${bindir}/" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-dbus-Remove-unused-variabes.patch b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-dbus-Remove-unused-variabes.patch index af28ba71e..407e24ca0 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-dbus-Remove-unused-variabes.patch +++ b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-dbus-Remove-unused-variabes.patch @@ -1,6 +1,3 @@ -From e5bd4c3853fb394edc8cbea17fad82ce23bd0fae Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Fri, 27 Nov 2020 12:21:32 -0800 Subject: [PATCH 1/2] dbus: Remove unused variabes This issue is seen when using clang to compile it @@ -19,11 +16,13 @@ Signed-off-by: Khem Raj src/parse.c | 1 - 3 files changed, 5 deletions(-) +diff --git a/src/dbus.c b/src/dbus.c +index 9606fea..8e1ed9d 100644 --- a/src/dbus.c +++ b/src/dbus.c -@@ -45,9 +45,6 @@ static int method_apply(sd_bus_message * - - static int method_info(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) { +@@ -242,9 +242,6 @@ static int + method_info(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) + { sd_bus_message *reply = NULL; - g_autoptr(GError) err = NULL; - g_autofree gchar *stdout = NULL; @@ -31,9 +30,11 @@ Signed-off-by: Khem Raj gint exit_status = 0; exit_status = sd_bus_message_new_method_return(m, &reply); +diff --git a/src/networkd.c b/src/networkd.c +index 7c86cd6..7200740 100644 --- a/src/networkd.c +++ b/src/networkd.c -@@ -896,7 +896,6 @@ append_wpa_auth_conf(GString* s, const N +@@ -897,7 +897,6 @@ append_wpa_auth_conf(GString* s, const NetplanAuthenticationSettings* auth, cons static void write_wpa_unit(const NetplanNetDefinition* def, const char* rootdir) { @@ -41,9 +42,11 @@ Signed-off-by: Khem Raj g_autofree gchar *stdouth = NULL; stdouth = systemd_escape(def->id); +diff --git a/src/parse.c b/src/parse.c +index 033c657..faca27f 100644 --- a/src/parse.c +++ b/src/parse.c -@@ -1898,7 +1898,6 @@ handle_wireguard_peers(yaml_document_t* +@@ -1899,7 +1899,6 @@ handle_wireguard_peers(yaml_document_t* doc, yaml_node_t* node, const void* _, G } for (yaml_node_item_t *i = node->data.sequence.items.start; i < node->data.sequence.items.top; i++) { @@ -51,3 +54,6 @@ Signed-off-by: Khem Raj yaml_node_t *entry = yaml_document_get_node(doc, *i); assert_type(entry, YAML_MAPPING_NODE); +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-don-t-fail-if-GLOB_BRACE-is-not-defined.patch b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-don-t-fail-if-GLOB_BRACE-is-not-defined.patch new file mode 100644 index 000000000..dab8693c7 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-don-t-fail-if-GLOB_BRACE-is-not-defined.patch @@ -0,0 +1,30 @@ +From ceb4111af317ecc54d97bb21878dcccbfdb2983e Mon Sep 17 00:00:00 2001 +From: Zang Ruochen +Date: Fri, 25 Dec 2020 11:41:43 +0900 +Subject: [PATCH] don't fail if GLOB_BRACE is not defined + +Signed-off-by: Zang Ruochen +--- + src/util.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/util.c b/src/util.c +index 7e59985..eb8e573 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -23,6 +23,12 @@ + + #include "util.h" + ++/* Don't fail if the standard library ++ * doesn't provide brace expansion */ ++#ifndef GLOB_BRACE ++#define GLOB_BRACE 0 ++#endif ++ + GHashTable* wifi_frequency_24; + GHashTable* wifi_frequency_5; + +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0002-Makefile-Exclude-.h-files-from-target-rule.patch b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0002-Makefile-Exclude-.h-files-from-target-rule.patch index cd75d1cb1..68aabd6a4 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0002-Makefile-Exclude-.h-files-from-target-rule.patch +++ b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0002-Makefile-Exclude-.h-files-from-target-rule.patch @@ -1,6 +1,3 @@ -From 5abb6b8343b5d2633844144979b40f398450b544 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Fri, 27 Nov 2020 12:22:32 -0800 Subject: [PATCH 2/2] Makefile: Exclude .h files from target rule This ensures that src/_features.h is not added to compiler cmdline which @@ -17,14 +14,19 @@ Signed-off-by: Khem Raj Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) +diff --git a/Makefile b/Makefile +index 4fa6bd8..567d326 100644 --- a/Makefile +++ b/Makefile -@@ -47,7 +47,7 @@ generate: libnetplan.so.$(NETPLAN_SOVER) +@@ -46,7 +46,7 @@ generate: libnetplan.so.$(NETPLAN_SOVER) nm.o networkd.o openvswitch.o generate. $(CC) $(BUILDFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $^ -L. -lnetplan `pkg-config --cflags --libs glib-2.0 gio-2.0 yaml-0.1 uuid` - netplan-dbus: src/dbus.c src/_features.h -- $(CC) $(BUILDFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $^ `pkg-config --cflags --libs libsystemd glib-2.0` -+ $(CC) $(BUILDFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $(patsubst %.h,,$^) `pkg-config --cflags --libs libsystemd glib-2.0` + netplan-dbus: src/dbus.c src/_features.h util.o +- $(CC) $(BUILDFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $^ `pkg-config --cflags --libs libsystemd glib-2.0 gio-2.0` ++ $(CC) $(BUILDFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $(patsubst %.h,,$^) `pkg-config --cflags --libs libsystemd glib-2.0 gio-2.0` src/_features.h: src/[^_]*.[hc] printf "#include \nstatic const char *feature_flags[] __attribute__((__unused__)) = {\n" > $@ +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.100.bb b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.100.bb deleted file mode 100644 index 2f74a22c0..000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.100.bb +++ /dev/null @@ -1,61 +0,0 @@ -SUMMARY = "The network configuration abstraction renderer" -DESCRIPTION = "Netplan is a utility for easily configuring networking on a \ -linux system. You simply create a YAML description of the required network \ -interfaces and what each should be configured to do. From this description \ -Netplan will generate all the necessary configuration for your chosen renderer \ -tool." -HOMEPAGE = "https://netplan.io" -SECTION = "net/misc" - -LICENSE = "GPLv3" -LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" - -S = "${WORKDIR}/git" -SRCREV = "b7d32aebc880f3161b8f97ee56b729c0c54dd0e4" -PV = "0.100+git${SRCPV}" - -SRC_URI = " \ - git://github.com/CanonicalLtd/netplan.git \ - file://0001-dbus-Remove-unused-variabes.patch \ - file://0002-Makefile-Exclude-.h-files-from-target-rule.patch \ -" - -DEPENDS = "glib-2.0 libyaml ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" - -RDEPENDS_${PN} = "python3 python3-core python3-pyyaml python3-netifaces python3-nose python3-coverage python3-pycodestyle python3-pyflakes util-linux-libuuid libnetplan" - -inherit pkgconfig systemd - -TARGET_CC_ARCH += "${LDFLAGS}" - -EXTRA_OEMAKE = "generate netplan/_features.py" -EXTRA_OEMAKE =+ "${@bb.utils.contains('DISTRO_FEATURES','systemd','netplan-dbus dbus/io.netplan.Netplan.service','',d)}" - -do_install() { - install -d ${D}${sbindir} ${D}${libdir} ${D}${base_libdir}/netplan ${D}${datadir}/netplan/netplan/cli/commands ${D}${sysconfdir}/netplan - install -m 755 ${S}/generate ${D}${base_libdir}/netplan/ - install -m 644 ${S}/netplan/*.py ${D}${datadir}/netplan/netplan - install -m 644 ${S}/netplan/cli/*.py ${D}${datadir}/netplan/netplan/cli - install -m 644 ${S}/netplan/cli/commands/*.py ${D}${datadir}/netplan/netplan/cli/commands - install -m 755 ${S}/src/netplan.script ${D}${datadir}/netplan/ - ln -srf ${D}${datadir}/netplan/netplan.script ${D}${sbindir}/netplan - - install -d ${D}/${systemd_unitdir}/system ${D}${systemd_unitdir}/system-generators - ln -srf ${D}/${base_libdir}/netplan/generate ${D}${systemd_unitdir}/system-generators - - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}${datadir}/dbus-1/system.d ${D}${datadir}/dbus-1/system-services - install -m 755 ${S}/netplan-dbus ${D}${base_libdir}/netplan - install -m 644 ${S}/dbus/io.netplan.Netplan.conf ${D}${datadir}/dbus-1/system.d - install -m 644 ${S}/dbus/io.netplan.Netplan.service ${D}${datadir}/dbus-1/system-services - fi - - install -m 755 ${S}/libnetplan.so.0.0 ${D}${libdir} - ln -rfs ${D}${libdir}/libnetplan.so.0.0 ${D}${libdir}/libnetplan.so -} - -PACKAGES += "${PN}-dbus libnetplan" - -FILES_libnetplan = "${libdir}/libnetplan.so.0.0" -FILES_${PN} = "${sbindir} ${base_libdir}/netplan/generate ${datadir}/netplan ${sysconfdir}/netplan ${systemd_unitdir}" -FILES_${PN}-dbus = "${base_libdir}/netplan/netplan-dbus ${datadir}/dbus-1" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.101.bb b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.101.bb new file mode 100644 index 000000000..a3afcd2d5 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.101.bb @@ -0,0 +1,62 @@ +SUMMARY = "The network configuration abstraction renderer" +DESCRIPTION = "Netplan is a utility for easily configuring networking on a \ +linux system. You simply create a YAML description of the required network \ +interfaces and what each should be configured to do. From this description \ +Netplan will generate all the necessary configuration for your chosen renderer \ +tool." +HOMEPAGE = "https://netplan.io" +SECTION = "net/misc" + +LICENSE = "GPLv3" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +S = "${WORKDIR}/git" +SRCREV = "e445b87b9dff439ec564c245d030b03d61eb0f24" +PV = "0.101+git${SRCPV}" + +SRC_URI = " \ + git://github.com/CanonicalLtd/netplan.git \ + file://0001-dbus-Remove-unused-variabes.patch \ + file://0002-Makefile-Exclude-.h-files-from-target-rule.patch \ +" +SRC_URI_append_libc-musl = " file://0001-don-t-fail-if-GLOB_BRACE-is-not-defined.patch" + +DEPENDS = "glib-2.0 libyaml ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" + +RDEPENDS_${PN} = "python3 python3-core python3-pyyaml python3-netifaces python3-nose python3-coverage python3-pycodestyle python3-pyflakes util-linux-libuuid libnetplan" + +inherit pkgconfig systemd + +TARGET_CC_ARCH += "${LDFLAGS}" + +EXTRA_OEMAKE = "generate netplan/_features.py" +EXTRA_OEMAKE =+ "${@bb.utils.contains('DISTRO_FEATURES','systemd','netplan-dbus dbus/io.netplan.Netplan.service','',d)}" + +do_install() { + install -d ${D}${sbindir} ${D}${libdir} ${D}${base_libdir}/netplan ${D}${datadir}/netplan/netplan/cli/commands ${D}${sysconfdir}/netplan + install -m 755 ${S}/generate ${D}${base_libdir}/netplan/ + install -m 644 ${S}/netplan/*.py ${D}${datadir}/netplan/netplan + install -m 644 ${S}/netplan/cli/*.py ${D}${datadir}/netplan/netplan/cli + install -m 644 ${S}/netplan/cli/commands/*.py ${D}${datadir}/netplan/netplan/cli/commands + install -m 755 ${S}/src/netplan.script ${D}${datadir}/netplan/ + ln -srf ${D}${datadir}/netplan/netplan.script ${D}${sbindir}/netplan + + install -d ${D}/${systemd_unitdir}/system ${D}${systemd_unitdir}/system-generators + ln -srf ${D}/${base_libdir}/netplan/generate ${D}${systemd_unitdir}/system-generators + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${datadir}/dbus-1/system.d ${D}${datadir}/dbus-1/system-services + install -m 755 ${S}/netplan-dbus ${D}${base_libdir}/netplan + install -m 644 ${S}/dbus/io.netplan.Netplan.conf ${D}${datadir}/dbus-1/system.d + install -m 644 ${S}/dbus/io.netplan.Netplan.service ${D}${datadir}/dbus-1/system-services + fi + + install -m 755 ${S}/libnetplan.so.0.0 ${D}${libdir} + ln -rfs ${D}${libdir}/libnetplan.so.0.0 ${D}${libdir}/libnetplan.so +} + +PACKAGES += "${PN}-dbus libnetplan" + +FILES_libnetplan = "${libdir}/libnetplan.so.0.0" +FILES_${PN} = "${sbindir} ${base_libdir}/netplan/generate ${datadir}/netplan ${sysconfdir}/netplan ${systemd_unitdir}" +FILES_${PN}-dbus = "${base_libdir}/netplan/netplan-dbus ${datadir}/dbus-1" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch new file mode 100644 index 000000000..0a8de5410 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch @@ -0,0 +1,27 @@ +reallocarray() is coming from stdlib.h which maybe indirectly included +by malloc.h but not on all libc implementations + +Upstream-Status: Pending +Signed-off-by: Khem Raj +--- a/meson.build ++++ b/meson.build +@@ -114,7 +114,7 @@ config_h.set10('HAVE_GETRANDOM', use_sys + # FIXME secure_getenv check is not useful? + config_h.set('HAVE_SECURE_GETENV', cc.has_function('secure_getenv')) + config_h.set('HAVE___SECURE_GETENV', cc.has_function('__secure_getenv')) +-config_h.set10('HAVE_DECL_REALLOCARRAY', cc.has_function('reallocarray', prefix: '#include ')) ++config_h.set10('HAVE_DECL_REALLOCARRAY', cc.has_function('reallocarray', prefix: '#include ')) + config_h.set10('HAVE_DECL_EXPLICIT_BZERO', cc.has_function('explicit_bzero', prefix: '#include ')) + config_h.set10('HAVE_DECL_MEMFD_CREATE', cc.has_function('memfd_create', prefix: '#include ')) + +--- a/configure.ac ++++ b/configure.ac +@@ -82,7 +82,7 @@ AC_CHECK_DECLS([ + AC_CHECK_DECLS([ + reallocarray], + [], [], [[ +-#include ++#include + ]]) + + AC_CHECK_DECLS([ diff --git a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.14.bb b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.14.bb index 2613076a7..aa8ab899b 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.14.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.14.bb @@ -27,6 +27,7 @@ SRC_URI = " \ file://0001-Fixed-configure.ac-Fix-pkgconfig-sysroot-locations.patch \ file://0002-Do-not-create-settings-settings-property-documentati.patch \ file://0001-install-firewalld-to-var-libdir-rather-than-hardcod-.patch \ + file://fix_reallocarray_check.patch \ " SRC_URI_append_libc-musl = " \ file://musl/0001-Fix-build-with-musl-systemd-specific.patch \ diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14318.patch b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14318.patch new file mode 100644 index 000000000..ff1225db0 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14318.patch @@ -0,0 +1,142 @@ +From ccf53dfdcd39f3526dbc2f20e1245674155380ff Mon Sep 17 00:00:00 2001 +From: Zheng Ruoqin +Date: Fri, 11 Dec 2020 11:32:44 +0900 +Subject: [PATCH] s4: torture: Add smb2.notify.handle-permissions test. + +s3: smbd: Ensure change notifies can't get set unless the + directory handle is open for SEC_DIR_LIST. + +CVE-2020-14318 + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14434 + +Signed-off-by: Jeremy Allison + +Signed-off-by: Zheng Ruoqin +--- + source3/smbd/notify.c | 8 ++++ + source4/torture/smb2/notify.c | 82 ++++++++++++++++++++++++++++++++++- + 2 files changed, 89 insertions(+), 1 deletion(-) + +diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c +index 44c0b09..d23c03b 100644 +--- a/source3/smbd/notify.c ++++ b/source3/smbd/notify.c +@@ -283,6 +283,14 @@ NTSTATUS change_notify_create(struct files_struct *fsp, uint32_t filter, + char fullpath[len+1]; + NTSTATUS status = NT_STATUS_NOT_IMPLEMENTED; + ++ /* ++ * Setting a changenotify needs READ/LIST access ++ * on the directory handle. ++ */ ++ if (!(fsp->access_mask & SEC_DIR_LIST)) { ++ return NT_STATUS_ACCESS_DENIED; ++ } ++ + if (fsp->notify != NULL) { + DEBUG(1, ("change_notify_create: fsp->notify != NULL, " + "fname = %s\n", fsp->fsp_name->base_name)); +diff --git a/source4/torture/smb2/notify.c b/source4/torture/smb2/notify.c +index ebb4f8a..a5c9b94 100644 +--- a/source4/torture/smb2/notify.c ++++ b/source4/torture/smb2/notify.c +@@ -2569,6 +2569,83 @@ done: + return ok; + } + ++/* ++ Test asking for a change notify on a handle without permissions. ++*/ ++ ++#define BASEDIR_HPERM BASEDIR "_HPERM" ++ ++static bool torture_smb2_notify_handle_permissions( ++ struct torture_context *torture, ++ struct smb2_tree *tree) ++{ ++ bool ret = true; ++ NTSTATUS status; ++ union smb_notify notify; ++ union smb_open io; ++ struct smb2_handle h1 = {{0}}; ++ struct smb2_request *req; ++ ++ smb2_deltree(tree, BASEDIR_HPERM); ++ smb2_util_rmdir(tree, BASEDIR_HPERM); ++ ++ torture_comment(torture, ++ "TESTING CHANGE NOTIFY " ++ "ON A HANDLE WITHOUT PERMISSIONS\n"); ++ ++ /* ++ get a handle on the directory ++ */ ++ ZERO_STRUCT(io.smb2); ++ io.generic.level = RAW_OPEN_SMB2; ++ io.smb2.in.create_flags = 0; ++ io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE; ++ io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY; ++ io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL; ++ io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ | ++ NTCREATEX_SHARE_ACCESS_WRITE; ++ io.smb2.in.alloc_size = 0; ++ io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE; ++ io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS; ++ io.smb2.in.security_flags = 0; ++ io.smb2.in.fname = BASEDIR_HPERM; ++ ++ status = smb2_create(tree, torture, &io.smb2); ++ CHECK_STATUS(status, NT_STATUS_OK); ++ h1 = io.smb2.out.file.handle; ++ ++ /* ask for a change notify, ++ on file or directory name changes */ ++ ZERO_STRUCT(notify.smb2); ++ notify.smb2.level = RAW_NOTIFY_SMB2; ++ notify.smb2.in.buffer_size = 1000; ++ notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME; ++ notify.smb2.in.file.handle = h1; ++ notify.smb2.in.recursive = true; ++ ++ req = smb2_notify_send(tree, ¬ify.smb2); ++ torture_assert_goto(torture, ++ req != NULL, ++ ret, ++ done, ++ "smb2_notify_send failed\n"); ++ ++ /* ++ * Cancel it, we don't really want to wait. ++ */ ++ smb2_cancel(req); ++ status = smb2_notify_recv(req, torture, ¬ify.smb2); ++ /* Handle h1 doesn't have permissions for ChangeNotify. */ ++ CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); ++ ++done: ++ if (!smb2_util_handle_empty(h1)) { ++ smb2_util_close(tree, h1); ++ } ++ smb2_deltree(tree, BASEDIR_HPERM); ++ return ret; ++} ++ + /* + basic testing of SMB2 change notify + */ +@@ -2602,7 +2679,10 @@ struct torture_suite *torture_smb2_notify_init(TALLOC_CTX *ctx) + torture_smb2_notify_rmdir3); + torture_suite_add_2smb2_test(suite, "rmdir4", + torture_smb2_notify_rmdir4); +- ++ torture_suite_add_1smb2_test(suite, ++ "handle-permissions", ++ torture_smb2_notify_handle_permissions); ++ + suite->description = talloc_strdup(suite, "SMB2-NOTIFY tests"); + + return suite; +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch new file mode 100644 index 000000000..3341b80a3 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch @@ -0,0 +1,112 @@ +From ff17443fe761eda864d13957bec45f5bac478fe3 Mon Sep 17 00:00:00 2001 +From: Zheng Ruoqin +Date: Fri, 11 Dec 2020 14:34:31 +0900 +Subject: [PATCH] CVE-2020-14383: s4/dns: Ensure variable initialization with + NULL. do not crash when additional data not found +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by Francis Brosnan Blázquez . +Based on patches from Francis Brosnan Blázquez +and Jeremy Allison + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14472 +BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795 + +Signed-off-by: Douglas Bagnall +Reviewed-by: Jeremy Allison + +Autobuild-User(master): Douglas Bagnall +Autobuild-Date(master): Mon Aug 24 00:21:41 UTC 2020 on sn-devel-184 + +(based on commit df98e7db04c901259dd089e20cd557bdbdeaf379) +(based on commit 7afe449e7201be92bed8e53cbb37b74af720ef4e + +Signed-off-by: Zheng Ruoqin +--- + .../rpc_server/dnsserver/dcerpc_dnsserver.c | 31 ++++++++++--------- + 1 file changed, 17 insertions(+), 14 deletions(-) + +diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c +index 910de9a1..618c7096 100644 +--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c ++++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c +@@ -1754,15 +1754,17 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, + TALLOC_CTX *tmp_ctx; + char *name; + const char * const attrs[] = { "name", "dnsRecord", NULL }; +- struct ldb_result *res; +- struct DNS_RPC_RECORDS_ARRAY *recs; ++ struct ldb_result *res = NULL; ++ struct DNS_RPC_RECORDS_ARRAY *recs = NULL; + char **add_names = NULL; +- char *rname; ++ char *rname = NULL; + const char *preference_name = NULL; + int add_count = 0; + int i, ret, len; + WERROR status; +- struct dns_tree *tree, *base, *node; ++ struct dns_tree *tree = NULL; ++ struct dns_tree *base = NULL; ++ struct dns_tree *node = NULL; + + tmp_ctx = talloc_new(mem_ctx); + W_ERROR_HAVE_NO_MEMORY(tmp_ctx); +@@ -1845,15 +1847,15 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, + } + } + +- talloc_free(res); +- talloc_free(tree); +- talloc_free(name); ++ TALLOC_FREE(res); ++ TALLOC_FREE(tree); ++ TALLOC_FREE(name); + + /* Add any additional records */ + if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) { + for (i=0; izones; z2; z2 = z2->next) { + char *encoded_name; +@@ -1865,14 +1867,15 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, + LDB_SCOPE_ONELEVEL, attrs, + "(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))", + encoded_name); +- talloc_free(name); ++ TALLOC_FREE(name); + if (ret != LDB_SUCCESS) { + continue; + } + if (res->count == 1) { ++ msg = res->msgs[0]; + break; + } else { +- talloc_free(res); ++ TALLOC_FREE(res); + continue; + } + } +@@ -1885,10 +1888,10 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, + } + status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A, + select_flag, rname, +- res->msgs[0], 0, recs, ++ msg, 0, recs, + NULL, NULL); +- talloc_free(rname); +- talloc_free(res); ++ TALLOC_FREE(rname); ++ TALLOC_FREE(res); + } + } + +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb index b5085c913..1a982368e 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb @@ -28,6 +28,8 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ file://0002-util_sec.c-Move-__thread-variable-to-global-scope.patch \ file://0001-Add-options-to-configure-the-use-of-libbsd.patch \ file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \ + file://CVE-2020-14318.patch \ + file://CVE-2020-14383.patch \ " SRC_URI_append_libc-musl = " \ file://samba-pam.patch \ diff --git a/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl/0001-Make-ByteReverseWords-available-for-big-and-little-e.patch b/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl/0001-Make-ByteReverseWords-available-for-big-and-little-e.patch deleted file mode 100644 index 4676769a4..000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl/0001-Make-ByteReverseWords-available-for-big-and-little-e.patch +++ /dev/null @@ -1,32 +0,0 @@ -From b90acc91d0cd276befe7f08f87ba2dc5ee7122ff Mon Sep 17 00:00:00 2001 -From: Tesfa Mael -Date: Wed, 26 Aug 2020 10:13:06 -0700 -Subject: [PATCH] Make ByteReverseWords available for big and little endian - ---- - wolfcrypt/src/misc.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c -index fe66ee0a1..23bfa1adc 100644 ---- a/wolfcrypt/src/misc.c -+++ b/wolfcrypt/src/misc.c -@@ -120,7 +120,6 @@ WC_STATIC WC_INLINE word32 ByteReverseWord32(word32 value) - return rotlFixed(value, 16U); - #endif - } --#if defined(LITTLE_ENDIAN_ORDER) - /* This routine performs a byte swap of words array of a given count. */ - WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in, - word32 byteCount) -@@ -131,7 +130,6 @@ WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in, - out[i] = ByteReverseWord32(in[i]); - - } --#endif /* LITTLE_ENDIAN_ORDER */ - - #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS) - --- -2.25.1 - diff --git a/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_4.5.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_4.5.0.bb deleted file mode 100644 index 61cf1cc62..000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_4.5.0.bb +++ /dev/null @@ -1,23 +0,0 @@ -SUMMARY = "wolfSSL Lightweight Embedded SSL/TLS Library" -DESCRIPTION = "wolfSSL, formerly CyaSSL, is a lightweight SSL library written \ - in C and optimized for embedded and RTOS environments. It can \ - be up to 20 times smaller than OpenSSL while still supporting \ - a full TLS client and server, up to TLS 1.3" -HOMEPAGE = "https://www.wolfssl.com/products/wolfssl" -BUGTRACKER = "https://github.com/wolfssl/wolfssl/issues" -SECTION = "libs" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" - -PROVIDES += "cyassl" -RPROVIDES_${PN} = "cyassl" - -SRC_URI = "git://github.com/wolfSSL/wolfssl.git;protocol=https \ - file://0001-Make-ByteReverseWords-available-for-big-and-little-e.patch \ -" -SRCREV = "0fa5af9929ce2ee99e8789996a3048f41a99830e" -S = "${WORKDIR}/git" - -inherit autotools - -BBCLASSEXTEND += "native nativesdk" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_4.6.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_4.6.0.bb new file mode 100644 index 000000000..ad7e92341 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_4.6.0.bb @@ -0,0 +1,22 @@ +SUMMARY = "wolfSSL Lightweight Embedded SSL/TLS Library" +DESCRIPTION = "wolfSSL, formerly CyaSSL, is a lightweight SSL library written \ + in C and optimized for embedded and RTOS environments. It can \ + be up to 20 times smaller than OpenSSL while still supporting \ + a full TLS client and server, up to TLS 1.3" +HOMEPAGE = "https://www.wolfssl.com/products/wolfssl" +BUGTRACKER = "https://github.com/wolfssl/wolfssl/issues" +SECTION = "libs" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +PROVIDES += "cyassl" +RPROVIDES_${PN} = "cyassl" + +SRC_URI = "git://github.com/wolfSSL/wolfssl.git;protocol=https \ +" +SRCREV = "9c87f979a7f1d3a6d786b260653d566c1d31a1c4" +S = "${WORKDIR}/git" + +inherit autotools + +BBCLASSEXTEND += "native nativesdk" -- cgit v1.2.3