From 72956edabebd4188f98e3b0d9f8ce727e8d13ea3 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Fri, 8 Jan 2021 16:11:14 -0600 Subject: meta-openembedded: subtree update:936f2380bb..4599fea881 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Alexander Vickberg (1): mbedtls: upgrade to 2.25.0 Andreas Müller (44): xfce4-panel-profiles: upgrade 1.0.10 -> 1.0.12 mousepad: upgrade 0.4.2 -> 0.5.2 xfce4-screenshooter: upgrade 1.9.7 -> 1.9.8 xfce4-taskmanager: upgrade 1.2.3 -> 1.4.0 xfce4-calculator-plugin: upgrade 0.7.0 -> 0.7.1 xfce4-cpugraph-plugin: upgrade 1.1.0 -> 1.2.0 xfce4-datetime-plugin: upgrade 0.8.0 -> 0.8.1 xfce4-diskperf-plugin: upgrade 2.6.2 -> 2.6.3 xfce4-fsguard-plugin: upgrade 1.1.1 -> 1.1.2 xfce4-smartbookmark-plugin: upgrade 0.5.1 -> 0.5.2 xfce4-systemload-plugin: upgrade 1.2.3 -> 1.2.4 xfce4-verve-plugin: upgrade 2.0.0 -> 2.0.1 xfce4-wavelan-plugin: upgrade 0.6.1 -> 0.6.2 xfce4-whiskermenu-plugin: upgrade 2.4.6 -> 2.5.1 xfce4-xkb-plugin: upgrade 0.8.1 -> 0.8.2 xfce4-mount-plugin: upgrade 1.1.3 -> 1.1.5 xfce4-dev-tools: upgrade 4.14.0 -> 4.16.0 libxfce4util: upgrade 4.14.0 -> 4.16.0 xfconf: upgrade 4.14.3 -> 4.16.0 libxfce4ui: upgrade 4.14.1 -> 4.16.0 exo: upgrade 0.12.11 -> 4.16.0 garcon: upgrade 0.7.0 -> 0.8.0 xfwm4: upgrade 4.14.5 -> 4.16.0 xfce4-settings: upgrade 4.14.3 -> 4.16.0 xfce4-panel: upgrade 4.14.4 -> 4.16.0 xfce4-session: upgrade 4.14.2 -> 4.16.0 xfdesktop: upgrade 4.14.2 -> 4.16.0 xfce4-power-manager: upgrade 1.6.6 -> 4.16.0 tumbler: upgrade 0.3.1 -> 4.16.0 thunar-volman: upgrade 0.9.5 -> 4.16.0 thunar: upgrade 1.8.15 -> 4.16.0 xfce4-appfinder: upgrade 4.14.0 -> 4.16.0 xfce4-terminal: 0.8.9.2 -> 0.8.10 xfce4-screensaver: upgrade 0.1.10 -> 4.16.0 xfce4-taskmanager: remove exo-native from DEPENDS xfce4-closebutton-plugin: upgrade 0.1.0+ -> 4.16.0 xfce4-sensors-plugin: upgrade 1.3.92 -> 1.3.95 xfce4-genmon-plugin: upgrade 4.0.2 -> 4.1.0 xfce4-hotcorner-plugin: remove xfce4-embed-plugin: remove for now xfce4-equake-plugin: remove for now xfce4-notes-plugin: remove for now fluidsynth: upgrade 2.1.5 -> 2.1.6 blueman: upgrade 2.1.3 -> 2.1.4 Bruce Ashfield (1): vboxguestdrivers: fix build against kernel v5.10+ Caio Toledo (3): Add recipe for dbus-cxx Add dbus-cxx to packagegroup-meta-oe Fix dbus-cxx build for musl Changqing Li (1): libssh2: enhance ptest Chen Qi (1): tclap: fix branch Chencheng Zhang (1): tclap: align version to tag v1.2.2 Diego Santa Cruz (2): gssdp: Upgrade to 1.2.2 -> 1.2.3 gupnp: Upgrade to 1.2.2 -> 1.2.4 Dmitry Baryshkov (11): android-tools-conf-configfs: add an alternative to anrdoid-tools-conf android-tools-conf: fix android-tools build-deps warning conf/layer.conf: provide default PREFERRED_PROVIDER_android-tools-conf imlib2: add image manipulation libray from englightenment project feh: imlib2 based image viewer obconf: Openbox configuration tool xterm: install xterm and uxterm desktop files xterm: update to version 362 xterm: provide virtual/x-terminal-emulator layer.conf: add gnome-layer dynamic entry openbox-xdgmenu: Openbox menu generator He Zhe (2): ebtables: Add symbol link /sbin/ebtables lmbench: Fix setting LDLIBS failure Hongxu Jia (2): flatbuffers: add python3 support python3-wrapt: add native support Joe Slater (1): multipath-tools: fix error handling for udev_monitor_set_receive_buffer_size Khem Raj (9): pidgin-sipe: Do not add native libdir to pkgconfig search path sdbus-c++-libsystemd: Fix reallocarray check in meson networkmanager: Fix reallocarray check in meson and configure redis: Update to 6.0.9 python3-matplotlib: Disable LTO on mips/clang cyrus-sasl: Disable ntlm plugin by default postgresql: Use /dev/urandom when openssl is not used xrdp: Upgrade to 0.9.14 iwd: Upgrade to 1.10 Leon Anavi (33): python3-stevedore: Upgrade 3.2.2 -> 3.3.0 python3-pychromecast: Upgrade 7.5.1 -> 7.6.0 python3-humanize: Upgrade 3.1.0 -> 3.2.0 python3-fasteners: Upgrade 0.15 -> 0.16 python3-luma-core: Upgrade 2.0.1 -> 2.2.0 python3-chardet: Upgrade 3.0.4 -> 4.0.0 python3-watchdog: Upgrade 0.10.3 -> 1.0.2 python3-natsort: Upgrade 7.0.1 -> 7.1.0 python3-gmqtt: Upgrade 0.6.8 -> 0.6.9 python3-pymongo: Upgrade 3.11.0 -> 3.11.2 python3-requests: Upgrade 2.25.0 -> 2.25.1 python3-nocasedict: Upgrade 1.0.1 -> 1.0.2 python3-soupsieve: Upgrade 2.0.1 -> 2.1 python3-jsonpatch: Upgrade 1.26 -> 1.28 python3-psutil: Upgrade 5.7.3 -> 5.8.0 python3-argcomplete: Upgrade 1.12.1 -> 1.12.2 python3-multidict: Upgrade 5.0.0 -> 5.1.0 python3-nocaselist: Upgrade 1.0.3 -> 1.0.4 python3-prompt-toolkit: Upgrade 3.0.8 -> 3.0.9 python3-pychromecast: Upgrade 7.6.0 -> 7.7.1 python3-txaio: Upgrade 20.4.1 -> 20.12.1 python3-croniter: Upgrade 0.3.36 -> 0.3.37 python3-pandas: Upgrade 1.1.4 -> 1.2.0 python3-sympy: Upgrade 1.6.2 -> 1.7.1 python3-twine: Upgrade 3.2.0 -> 3.3.0 python3-humanfriendly: Upgrade 8.2 -> 9.1 python3-sqlalchemy: Upgrade 1.3.20 -> 1.3.22 python3-transitions: Upgrade 0.8.5 -> 0.8.6 python3-pytest-metadata: Upgrade 1.10.0 -> 1.11.0 python3-smbus2: Upgrade 0.3.0 -> 0.4.0 python3-cantools: Upgrade 35.5.0 -> 36.1.0 python3-sentry-sdk: Upgrade 0.19.1 -> 0.19.5 python3-babel: Upgrade 2.8.0 -> 2.9.0 Mark Jonas (1): beep: Update to 1.4.9 in new repository Martin Jansa (1): linuxconsole: move jscal to separate package, add to packagegroup Michael Vetter (1): jasper: upgrade 2.0.23 -> 2.0.24 Mingli Yu (3): traceroute: change the ALTERNATIVE_PRIORITY tftp-hpa: change the ALTERNATIVE_PRIORITY python3-astor: switch to python3 Ola X Nilsson (1): python3-idna Remove 2.8 Qi.Chen@windriver.com (1): python3-requests: upgrade to 2.25.0 Ramon Fried (2): bitwise: add new recipe yaml-cpp: add new recipe Roland Hieber (3): openct: remove lines that resulted in a no-op openct: clean up do_install openct: allow building as native package Sean Nyekjaer (1): nodejs: 12.19.1 -> 12.20.1 Stacy Gaikovaia (1): nodejs: 12.19.0 -> 12.19.1 Trevor Woerner (1): glmark2: fix precision handling bugs Wang Mingyu (1): zabbix: CVE-2020-15803 Security Advisory Wenlin Kang (1): syslog-ng: add bison-native to dependencies Yi Zhao (9): ebtables: do not install /etc/ethertypes yaffs2-utils: update to latest git rev f2fs-tools: upgrade 1.13.0 -> 1.14.0 dracut: upgrade 049 -> 051 ebtables: add missing file ebtables.common ebtables: remove upstream ebtables-legacy-save ebtables: do not install /etc/ethertypes tcpdump: add UPSTREAM_CHECK_REGEX phpmyadmin: 5.0.2 -> 5.0.4 Zang Ruochen (5): mcpp: Normalize the patch format of CVE python3-aenum: upgrade 2.2.4 -> 2.2.6 python3-autobahn: upgrade 20.7.1 -> 20.12.3 python3-bandit: upgrade 1.6.2 -> 1.7.0 python3-cachetools: upgrade 4.1.1 -> 4.2.0 Zheng Ruoqin (5): samba: CVE-2020-14318 Security Advisory samba: CVE-2020-14383 Security Advisory php: CVE-2020-7070 php: CVE-2020-7069 poppler: upgrade 20.11.0 -> 20.12.1 changqing.li@windriver.com (3): postgresql: upgrade 12.4 -> 13.1 nginx: upgrade 1.16.1 -> 1.18.0 nginx: upgrade 1.17.8 -> 1.19.6 jabdoa2 (2): libsdl2-mixer: Fix ogg/vorbis support in libsdl2-mixer libsdl2-mixer: set --disable-music-ogg-shared to link statically lumag (2): android-tools: fix package split android-tools: split adbd to the separate package zangrc (35): fuse3: upgrade 3.10.0 -> 3.10.1 openipmi: upgrade 2.0.29 -> 2.0.30 vblade: upgrade 24 -> 25 dumb-init: upgrade 1.2.2 -> 1.2.5 fio: upgrade 3.24 -> 3.25 hwdata: upgrade 0.341 -> 0.342 nano: upgrade 5.3 -> 5.4 ocl-icd: upgrade 2.2.13 -> 2.2.14 ebtables: upgrade 2.0.10-4 -> 2.0.11 iscsi-initiator-utils: upgrade 2.1.2 -> 2.1.3 opencl-headers: upgrade 2020.06.16 -> 2020.12.18 opencl-icd-loader: upgrade 2020.06.16 -> 2020.12.18 c-periphery: upgrade 2.2.5 -> 2.3.0 opencl-clhpp: upgrade 2.0.12 -> 2.0.13 uthash: upgrade 2.1.0 -> 2.2.0 libtalloc: upgrade 2.3.0 -> 2.3.1 libtevent: upgrade 0.10.1 -> 0.10.2 ace: upgrade 6.5.10 -> 6.5.12 python3-ldap: upgrade 3.2.0 -> 3.3.1 wolfssl: upgrade 4.5.0 -> 4.6.0 asio: upgrade 1.18.0 -> 1.18.1 dash: upgrade 0.5.11.2 -> 0.5.11.3 geoclue: upgrade 2.5.6 -> 2.5.7 libmicrohttpd: upgrade 0.9.71 -> 0.9.72 nss: upgrade 3.59 -> 3.60 paho-mqtt-c: upgrade 1.3.7 -> 1.3.8 terminus-font: upgrade 4.48 -> 4.49.1 libnet-ldap-perl: upgrade 0.66 -> 0.67 rdma-core: upgrade 32.0 -> 33.0 can-utils: upgrade 2020.11.0 -> 2020.12.0 cpprest: upgrade 2.10.16 -> 2.10.17 haveged: upgrade 1.9.13 -> 1.9.14 live555: upgrade 20201105 -> 20210101 smartmontools: upgrade 7.1 -> 7.2 openjpeg: upgrade 2.3.1 -> 2.4.0 zhengruoqin (12): pugixml: upgrade 1.11 -> 1.11.2 spdlog: upgrade 1.8.1 -> 1.8.2 spitools: upgrade 0.8.5 -> 0.8.6 uhubctl: upgrade 2.2.0 -> 2.3.0 xserver-xorg-cvt-native: upgrade 1.20.9 -> 1.20.10 zchunk: upgrade 1.1.7 -> 1.1.8 libencode-perl: upgrade 3.07 -> 3.08 bridge-utils: upgrade 1.6 -> 1.7 netplan: upgrade 0.100 -> 0.101 opensaf: upgrade 5.20.08 -> 5.20.11 cppzmq: upgrade 4.7.0 -> 4.7.1 gperftools: upgrade 2.8 -> 2.8.1 Signed-off-by: Andrew Geissler Change-Id: I53939ad487155ca87e27cfd77d65962458d892e0 --- .../10-adbd-configfs.conf | 4 + .../android-gadget-cleanup | 24 +++ .../android-gadget-setup | 35 +++++ .../android-gadget-start | 7 + .../android-tools-conf-configfs_1.0.bb | 35 +++++ .../android-tools/android-tools-conf_1.0.bb | 7 + .../android-tools/android-tools_5.1.1.r37.bb | 13 +- .../flatbuffers/flatbuffers_1.12.0.bb | 12 +- .../mcpp/files/CVE-2019-14274.patch | 34 +++++ .../recipes-devtools/mcpp/files/ice-mcpp.patch | 31 ---- .../meta-oe/recipes-devtools/mcpp/mcpp_2.7.2.bb | 3 +- .../recipes-devtools/nodejs/nodejs_12.19.0.bb | 161 --------------------- .../recipes-devtools/nodejs/nodejs_12.20.1.bb | 161 +++++++++++++++++++++ .../recipes-devtools/php/php/CVE-2020-7069.patch | 158 ++++++++++++++++++++ .../recipes-devtools/php/php/CVE-2020-7070.patch | 24 +++ .../meta-oe/recipes-devtools/php/php_7.4.9.bb | 2 + .../recipes-devtools/pugixml/pugixml_1.11.2.bb | 25 ++++ .../recipes-devtools/pugixml/pugixml_1.11.bb | 25 ---- .../meta-oe/recipes-devtools/tclap/tclap_1.2.2.bb | 4 +- 19 files changed, 541 insertions(+), 224 deletions(-) create mode 100644 meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/10-adbd-configfs.conf create mode 100644 meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-cleanup create mode 100644 meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-setup create mode 100644 meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-start create mode 100644 meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs_1.0.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/mcpp/files/CVE-2019-14274.patch delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.19.0.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.20.1.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7069.patch create mode 100644 meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch create mode 100644 meta-openembedded/meta-oe/recipes-devtools/pugixml/pugixml_1.11.2.bb delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/pugixml/pugixml_1.11.bb (limited to 'meta-openembedded/meta-oe/recipes-devtools') diff --git a/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/10-adbd-configfs.conf b/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/10-adbd-configfs.conf new file mode 100644 index 000000000..ddf155a90 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/10-adbd-configfs.conf @@ -0,0 +1,4 @@ +[Service] +ExecStartPre=/usr/bin/android-gadget-setup +ExecStartPost=/usr/bin/android-gadget-start +ExecStopPost=/usr/bin/android-gadget-cleanup diff --git a/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-cleanup b/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-cleanup new file mode 100644 index 000000000..517227d4a --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-cleanup @@ -0,0 +1,24 @@ +#!/bin/sh + +[ -d /sys/kernel/config/usb_gadget ] || exit 0 + +cd /sys/kernel/config/usb_gadget + +cd adb + +echo "" > UDC || true + +killall adbd || true + +umount /dev/usb-ffs/adb + +rm configs/c.1/ffs.usb0 + +rmdir configs/c.1/strings/0x409 +rmdir configs/c.1 + +rmdir functions/ffs.usb0 +rmdir strings/0x409 + +cd .. +rmdir adb diff --git a/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-setup b/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-setup new file mode 100644 index 000000000..e44d1bacb --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-setup @@ -0,0 +1,35 @@ +#!/bin/sh + +set -e + +manufacturer=RPB +model="Android device" +serial=0123456789ABCDEF + +if [ -r /etc/android-gadget-setup.machine ] ; then + . /etc/android-gadget-setup.machine +fi + +[ -d /sys/kernel/config/usb_gadget ] || modprobe libcomposite + +cd /sys/kernel/config/usb_gadget + +[ -d adb ] && /usr/bin/android-gadget-cleanup || true + +mkdir adb +cd adb + +mkdir configs/c.1 +mkdir functions/ffs.usb0 +mkdir strings/0x409 +mkdir configs/c.1/strings/0x409 +echo 0x18d1 > idVendor +echo 0xd002 > idProduct +echo "$serial" > strings/0x409/serialnumber +echo "$manufacturer" > strings/0x409/manufacturer +echo "$model" > strings/0x409/product +echo "Conf 1" > configs/c.1/strings/0x409/configuration +ln -s functions/ffs.usb0 configs/c.1 + +mkdir -p /dev/usb-ffs/adb +mount -t functionfs usb0 /dev/usb-ffs/adb diff --git a/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-start b/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-start new file mode 100644 index 000000000..ca6c3df27 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs/android-gadget-start @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e + +sleep 3 + +ls /sys/class/udc/ > /sys/kernel/config/usb_gadget/adb/UDC diff --git a/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs_1.0.bb b/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs_1.0.bb new file mode 100644 index 000000000..01dc1bea9 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf-configfs_1.0.bb @@ -0,0 +1,35 @@ +DESCRIPTION = "Different utilities from Android - corressponding configuration files for using ConfigFS" +SECTION = "console/utils" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +SRC_URI = " \ + file://android-gadget-setup \ + file://android-gadget-start \ + file://android-gadget-cleanup \ + file://10-adbd-configfs.conf \ +" + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +do_install() { + install -d ${D}${bindir} + install -m 0755 ${WORKDIR}/android-gadget-setup ${D}${bindir} + install -m 0755 ${WORKDIR}/android-gadget-start ${D}${bindir} + install -m 0755 ${WORKDIR}/android-gadget-cleanup ${D}${bindir} + + if [ -r ${WORKDIR}/android-gadget-setup.machine ] ; then + install -d ${D}${sysconfdir} + install -m 0644 ${WORKDIR}/android-gadget-setup.machine ${D}${sysconfdir} + fi + + install -d ${D}${systemd_unitdir}/system/android-tools-adbd.service.d + install -m 0644 ${WORKDIR}/10-adbd-configfs.conf ${D}${systemd_unitdir}/system/android-tools-adbd.service.d +} + +FILES_${PN} += " \ + ${systemd_unitdir}/system/ \ +" + +PROVIDES += "android-tools-conf" +RPROVIDES_${PN} = "android-tools-conf" diff --git a/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf_1.0.bb b/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf_1.0.bb index af98f92f0..34b1a9bdd 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf_1.0.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools-conf_1.0.bb @@ -11,3 +11,10 @@ do_install() { install -d ${D}${bindir} install -m 0755 ${WORKDIR}/android-gadget-setup ${D}${bindir} } + +python () { + pn = d.getVar('PN') + profprov = d.getVar("PREFERRED_PROVIDER_" + pn) + if profprov and pn != profprov: + raise bb.parse.SkipRecipe("PREFERRED_PROVIDER_%s set to %s, not %s" % (pn, profprov, pn)) +} diff --git a/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb b/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb index fb6125e2a..ae1463942 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb @@ -67,7 +67,8 @@ COMPATIBLE_HOST_powerpc64le = "(null)" inherit systemd -SYSTEMD_SERVICE_${PN} = "android-tools-adbd.service" +SYSTEMD_PACKAGES = "${PN}-adbd" +SYSTEMD_SERVICE_${PN}-adbd = "android-tools-adbd.service" # Find libbsd headers during native builds CC_append_class-native = " -I${STAGING_INCDIR}" @@ -157,9 +158,15 @@ do_install() { fi } -PACKAGES += "${PN}-fstools" +PACKAGES =+ "${PN}-fstools ${PN}-adbd" -RDEPENDS_${BPN} = "${BPN}-conf bash" +RDEPENDS_${BPN}-adbd = "${BPN}-conf" +RDEPENDS_${BPN}-fstools = "bash" + +FILES_${PN}-adbd = "\ + ${bindir}/adbd \ + ${systemd_unitdir}/system/android-tools-adbd.service \ +" FILES_${PN}-fstools = "\ ${bindir}/ext2simg \ diff --git a/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers_1.12.0.bb b/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers_1.12.0.bb index 1abfc8819..fb4be0f16 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers_1.12.0.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers_1.12.0.bb @@ -3,9 +3,12 @@ HOMEPAGE = "https://github.com/google/flatbuffers" SECTION = "console/tools" LICENSE = "Apache-2.0" -PACKAGE_BEFORE_PN = "${PN}-compiler" +inherit python3-dir + +PACKAGE_BEFORE_PN = "${PN}-compiler ${PN}-${PYTHON_PN}" RDEPENDS_${PN}-compiler = "${PN}" +RDEPENDS_${PN}-${PYTHON_PN} = "${PN}" RDEPENDS_${PN}-dev += "${PN}-compiler" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b83ef96387f14655fc854ddc3c6bd57" @@ -28,6 +31,13 @@ inherit cmake S = "${WORKDIR}/git" +do_install_append() { + install -d ${D}${PYTHON_SITEPACKAGES_DIR} + cp -rf ${S}/python/flatbuffers ${D}${PYTHON_SITEPACKAGES_DIR} +} + FILES_${PN}-compiler = "${bindir}" +FILES_${PN}-${PYTHON_PN} = "${PYTHON_SITEPACKAGES_DIR}" + BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/CVE-2019-14274.patch b/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/CVE-2019-14274.patch new file mode 100644 index 000000000..a0c6584ec --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/CVE-2019-14274.patch @@ -0,0 +1,34 @@ +From ea453aca2742be6ac43ba4ce0da6f938a7e5a5d8 Mon Sep 17 00:00:00 2001 +From: He Liu +Date: Tue, 4 Feb 2014 11:00:40 -0800 +Subject: [PATCH] line comment bug + +--- + src/support.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/support.c b/src/support.c +index c57eaef..e3357e4 100644 +--- a/src/support.c ++++ b/src/support.c +@@ -188,7 +188,7 @@ static char * append_to_buffer( + size_t length + ) + { +- if (mem_buf_p->bytes_avail < length) { /* Need to allocate more memory */ ++ if (mem_buf_p->bytes_avail < length + 1) { /* Need to allocate more memory */ + size_t size = MAX( BUF_INCR_SIZE, length); + + if (mem_buf_p->buffer == NULL) { /* 1st append */ +@@ -1722,6 +1722,8 @@ com_start: + sp -= 2; + while (*sp != '\n') /* Until end of line */ + mcpp_fputc( *sp++, OUT); ++ mcpp_fputc('\n', OUT); ++ wrong_line = TRUE; + } + goto end_line; + default: /* Not a comment */ +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/ice-mcpp.patch b/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/ice-mcpp.patch index 8103cf092..1df3ae55b 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/ice-mcpp.patch +++ b/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/ice-mcpp.patch @@ -114,37 +114,6 @@ diff -r -c -N ../mcpp-2.7.2-old/src/main.c ./src/main.c } int mcpp_lib_main -diff -r -c -N ../mcpp-2.7.2-old/src/support.c ./src/support.c -*** ../mcpp-2.7.2-old/src/support.c Tue Jun 10 06:02:33 2008 ---- ./src/support.c Fri May 14 12:40:56 2010 -*************** -*** 188,194 **** - size_t length - ) - { -! if (mem_buf_p->bytes_avail < length) { /* Need to allocate more memory */ - size_t size = MAX( BUF_INCR_SIZE, length); - - if (mem_buf_p->buffer == NULL) { /* 1st append */ ---- 188,194 ---- - size_t length - ) - { -! if (mem_buf_p->bytes_avail < length + 1) { /* Need to allocate more memory */ - size_t size = MAX( BUF_INCR_SIZE, length); - - if (mem_buf_p->buffer == NULL) { /* 1st append */ -*************** -*** 1722,1727 **** ---- 1722,1729 ---- - sp -= 2; - while (*sp != '\n') /* Until end of line */ - mcpp_fputc( *sp++, OUT); -+ mcpp_fputc( '\n', OUT); -+ wrong_line = TRUE; - } - goto end_line; - default: /* Not a comment */ diff -r -c -N ../mcpp-2.7.2-old/src/system.c ./src/system.c *** ../mcpp-2.7.2-old/src/system.c 2008-11-26 10:53:51.000000000 +0100 --- ./src/system.c 2011-02-21 16:18:05.678058106 +0100 diff --git a/meta-openembedded/meta-oe/recipes-devtools/mcpp/mcpp_2.7.2.bb b/meta-openembedded/meta-oe/recipes-devtools/mcpp/mcpp_2.7.2.bb index b5ca49566..f8125f72d 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/mcpp/mcpp_2.7.2.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/mcpp/mcpp_2.7.2.bb @@ -4,7 +4,8 @@ LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=5ca370b75ec890321888a00cea9bc1d5" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \ - file://ice-mcpp.patch " + file://ice-mcpp.patch \ + file://CVE-2019-14274.patch" SRC_URI[md5sum] = "512de48c87ab023a69250edc7a0c7b05" SRC_URI[sha256sum] = "3b9b4421888519876c4fc68ade324a3bbd81ceeb7092ecdbbc2055099fcb8864" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.19.0.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.19.0.bb deleted file mode 100644 index 9d1558623..000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.19.0.bb +++ /dev/null @@ -1,161 +0,0 @@ -DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" -HOMEPAGE = "http://nodejs.org" -LICENSE = "MIT & BSD & Artistic-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=30e27bd6830002d9415e4a5da7901f03" - -DEPENDS = "openssl" -DEPENDS_append_class-target = " nodejs-native" - -inherit pkgconfig python3native - -COMPATIBLE_MACHINE_armv4 = "(!.*armv4).*" -COMPATIBLE_MACHINE_armv5 = "(!.*armv5).*" -COMPATIBLE_MACHINE_mips64 = "(!.*mips64).*" - -COMPATIBLE_HOST_riscv64 = "null" -COMPATIBLE_HOST_riscv32 = "null" - -SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ - file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ - file://0003-Install-both-binaries-and-use-libdir.patch \ - file://0004-v8-don-t-override-ARM-CFLAGS.patch \ - file://big-endian.patch \ - file://mips-warnings.patch \ - file://0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch \ - " -SRC_URI_append_class-target = " \ - file://0002-Using-native-binaries.patch \ - " -SRC_URI[sha256sum] = "3b671c45c493f96d7e018c15110cdbafa4478e5e5cfc9e6eec83cea9e6b551e1" - -S = "${WORKDIR}/node-v${PV}" - -# v8 errors out if you have set CCACHE -CCACHE = "" - -def map_nodejs_arch(a, d): - import re - - if re.match('i.86$', a): return 'ia32' - elif re.match('x86_64$', a): return 'x64' - elif re.match('aarch64$', a): return 'arm64' - elif re.match('(powerpc64|ppc64le)$', a): return 'ppc64' - elif re.match('powerpc$', a): return 'ppc' - return a - -ARCHFLAGS_arm = "${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', '--with-arm-float-abi=hard', '--with-arm-float-abi=softfp', d)} \ - ${@bb.utils.contains('TUNE_FEATURES', 'neon', '--with-arm-fpu=neon', \ - bb.utils.contains('TUNE_FEATURES', 'vfpv3d16', '--with-arm-fpu=vfpv3-d16', \ - bb.utils.contains('TUNE_FEATURES', 'vfpv3', '--with-arm-fpu=vfpv3', \ - '--with-arm-fpu=vfp', d), d), d)}" -GYP_DEFINES_append_mipsel = " mips_arch_variant='r1' " -ARCHFLAGS ?= "" - -PACKAGECONFIG ??= "ares brotli icu zlib" - -PACKAGECONFIG[ares] = "--shared-cares,,c-ares" -PACKAGECONFIG[brotli] = "--shared-brotli,,brotli" -PACKAGECONFIG[icu] = "--with-intl=system-icu,--without-intl,icu" -PACKAGECONFIG[libuv] = "--shared-libuv,,libuv" -PACKAGECONFIG[nghttp2] = "--shared-nghttp2,,nghttp2" -PACKAGECONFIG[shared] = "--shared" -PACKAGECONFIG[zlib] = "--shared-zlib,,zlib" - -# We don't want to cross-compile during target compile, -# and we need to use the right flags during host compile, -# too. -EXTRA_OEMAKE = "\ - CC.host='${CC}' \ - CFLAGS.host='${CPPFLAGS} ${CFLAGS}' \ - CXX.host='${CXX}' \ - CXXFLAGS.host='${CPPFLAGS} ${CXXFLAGS}' \ - LDFLAGS.host='${LDFLAGS}' \ - AR.host='${AR}' \ - \ - builddir_name=./ \ -" - -python do_unpack() { - import shutil - - bb.build.exec_func('base_do_unpack', d) - - shutil.rmtree(d.getVar('S') + '/deps/openssl', True) - if 'ares' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/cares', True) - if 'brotli' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/brotli', True) - if 'libuv' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/uv', True) - if 'nghttp2' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/nghttp2', True) - if 'zlib' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/zlib', True) -} - -# Node is way too cool to use proper autotools, so we install two wrappers to forcefully inject proper arch cflags to workaround gypi -do_configure () { - export LD="${CXX}" - GYP_DEFINES="${GYP_DEFINES}" export GYP_DEFINES - # $TARGET_ARCH settings don't match --dest-cpu settings - python3 configure.py --prefix=${prefix} --cross-compiling --without-snapshot --shared-openssl \ - --without-dtrace \ - --without-etw \ - --dest-cpu="${@map_nodejs_arch(d.getVar('TARGET_ARCH'), d)}" \ - --dest-os=linux \ - --libdir=${D}${libdir} \ - ${ARCHFLAGS} \ - ${PACKAGECONFIG_CONFARGS} -} - -do_compile () { - export LD="${CXX}" - oe_runmake BUILDTYPE=Release -} - -do_install () { - oe_runmake install DESTDIR=${D} - - # wasn't updated since 2009 and is the only thing requiring python2 in runtime - # ERROR: nodejs-12.14.1-r0 do_package_qa: QA Issue: /usr/lib/node_modules/npm/node_modules/node-gyp/gyp/samples/samples contained in package nodejs-npm requires /usr/bin/python, but no providers found in RDEPENDS_nodejs-npm? [file-rdeps] - rm -f ${D}${exec_prefix}/lib/node_modules/npm/node_modules/node-gyp/gyp/samples/samples -} - -do_install_append_class-native() { - # use node from PATH instead of absolute path to sysroot - # node-v0.10.25/tools/install.py is using: - # shebang = os.path.join(node_prefix, 'bin/node') - # update_shebang(link_path, shebang) - # and node_prefix can be very long path to bindir in native sysroot and - # when it exceeds 128 character shebang limit it's stripped to incorrect path - # and npm fails to execute like in this case with 133 characters show in log.do_install: - # updating shebang of /home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/work/x86_64-linux/nodejs-native/0.10.15-r0/image/home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/sysroots/x86_64-linux/usr/bin/npm to /home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/sysroots/x86_64-linux/usr/bin/node - # /usr/bin/npm is symlink to /usr/lib/node_modules/npm/bin/npm-cli.js - # use sed on npm-cli.js because otherwise symlink is replaced with normal file and - # npm-cli.js continues to use old shebang - sed "1s^.*^#\!/usr/bin/env node^g" -i ${D}${exec_prefix}/lib/node_modules/npm/bin/npm-cli.js - - # Install the native binaries to provide it within sysroot for the target compilation - install -d ${D}${bindir} - install -m 0755 ${S}/out/Release/torque ${D}${bindir}/torque - install -m 0755 ${S}/out/Release/bytecode_builtins_list_generator ${D}${bindir}/bytecode_builtins_list_generator - if ${@bb.utils.contains('PACKAGECONFIG','icu','true','false',d)}; then - install -m 0755 ${S}/out/Release/gen-regexp-special-case ${D}${bindir}/gen-regexp-special-case - fi - install -m 0755 ${S}/out/Release/mkcodecache ${D}${bindir}/mkcodecache - install -m 0755 ${S}/out/Release/node_mksnapshot ${D}${bindir}/node_mksnapshot -} - -do_install_append_class-target() { - sed "1s^.*^#\!${bindir}/env node^g" -i ${D}${exec_prefix}/lib/node_modules/npm/bin/npm-cli.js -} - -PACKAGES =+ "${PN}-npm" -FILES_${PN}-npm = "${exec_prefix}/lib/node_modules ${bindir}/npm ${bindir}/npx" -RDEPENDS_${PN}-npm = "bash python3-core python3-shell python3-datetime \ - python3-misc python3-multiprocessing" - -PACKAGES =+ "${PN}-systemtap" -FILES_${PN}-systemtap = "${datadir}/systemtap" - -BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.20.1.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.20.1.bb new file mode 100644 index 000000000..0673a3202 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.20.1.bb @@ -0,0 +1,161 @@ +DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" +HOMEPAGE = "http://nodejs.org" +LICENSE = "MIT & BSD & Artistic-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=8c66ff8861d9f96076a7cb61e3d75f54" + +DEPENDS = "openssl" +DEPENDS_append_class-target = " nodejs-native" + +inherit pkgconfig python3native + +COMPATIBLE_MACHINE_armv4 = "(!.*armv4).*" +COMPATIBLE_MACHINE_armv5 = "(!.*armv5).*" +COMPATIBLE_MACHINE_mips64 = "(!.*mips64).*" + +COMPATIBLE_HOST_riscv64 = "null" +COMPATIBLE_HOST_riscv32 = "null" + +SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ + file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ + file://0003-Install-both-binaries-and-use-libdir.patch \ + file://0004-v8-don-t-override-ARM-CFLAGS.patch \ + file://big-endian.patch \ + file://mips-warnings.patch \ + file://0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch \ + " +SRC_URI_append_class-target = " \ + file://0002-Using-native-binaries.patch \ + " +SRC_URI[sha256sum] = "e00eee325d705b2bfa9929b7d061eb2315402d7e8548945eac9870bf84321853" + +S = "${WORKDIR}/node-v${PV}" + +# v8 errors out if you have set CCACHE +CCACHE = "" + +def map_nodejs_arch(a, d): + import re + + if re.match('i.86$', a): return 'ia32' + elif re.match('x86_64$', a): return 'x64' + elif re.match('aarch64$', a): return 'arm64' + elif re.match('(powerpc64|ppc64le)$', a): return 'ppc64' + elif re.match('powerpc$', a): return 'ppc' + return a + +ARCHFLAGS_arm = "${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', '--with-arm-float-abi=hard', '--with-arm-float-abi=softfp', d)} \ + ${@bb.utils.contains('TUNE_FEATURES', 'neon', '--with-arm-fpu=neon', \ + bb.utils.contains('TUNE_FEATURES', 'vfpv3d16', '--with-arm-fpu=vfpv3-d16', \ + bb.utils.contains('TUNE_FEATURES', 'vfpv3', '--with-arm-fpu=vfpv3', \ + '--with-arm-fpu=vfp', d), d), d)}" +GYP_DEFINES_append_mipsel = " mips_arch_variant='r1' " +ARCHFLAGS ?= "" + +PACKAGECONFIG ??= "ares brotli icu zlib" + +PACKAGECONFIG[ares] = "--shared-cares,,c-ares" +PACKAGECONFIG[brotli] = "--shared-brotli,,brotli" +PACKAGECONFIG[icu] = "--with-intl=system-icu,--without-intl,icu" +PACKAGECONFIG[libuv] = "--shared-libuv,,libuv" +PACKAGECONFIG[nghttp2] = "--shared-nghttp2,,nghttp2" +PACKAGECONFIG[shared] = "--shared" +PACKAGECONFIG[zlib] = "--shared-zlib,,zlib" + +# We don't want to cross-compile during target compile, +# and we need to use the right flags during host compile, +# too. +EXTRA_OEMAKE = "\ + CC.host='${CC}' \ + CFLAGS.host='${CPPFLAGS} ${CFLAGS}' \ + CXX.host='${CXX}' \ + CXXFLAGS.host='${CPPFLAGS} ${CXXFLAGS}' \ + LDFLAGS.host='${LDFLAGS}' \ + AR.host='${AR}' \ + \ + builddir_name=./ \ +" + +python do_unpack() { + import shutil + + bb.build.exec_func('base_do_unpack', d) + + shutil.rmtree(d.getVar('S') + '/deps/openssl', True) + if 'ares' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/cares', True) + if 'brotli' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/brotli', True) + if 'libuv' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/uv', True) + if 'nghttp2' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/nghttp2', True) + if 'zlib' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/zlib', True) +} + +# Node is way too cool to use proper autotools, so we install two wrappers to forcefully inject proper arch cflags to workaround gypi +do_configure () { + export LD="${CXX}" + GYP_DEFINES="${GYP_DEFINES}" export GYP_DEFINES + # $TARGET_ARCH settings don't match --dest-cpu settings + python3 configure.py --prefix=${prefix} --cross-compiling --without-snapshot --shared-openssl \ + --without-dtrace \ + --without-etw \ + --dest-cpu="${@map_nodejs_arch(d.getVar('TARGET_ARCH'), d)}" \ + --dest-os=linux \ + --libdir=${D}${libdir} \ + ${ARCHFLAGS} \ + ${PACKAGECONFIG_CONFARGS} +} + +do_compile () { + export LD="${CXX}" + oe_runmake BUILDTYPE=Release +} + +do_install () { + oe_runmake install DESTDIR=${D} + + # wasn't updated since 2009 and is the only thing requiring python2 in runtime + # ERROR: nodejs-12.14.1-r0 do_package_qa: QA Issue: /usr/lib/node_modules/npm/node_modules/node-gyp/gyp/samples/samples contained in package nodejs-npm requires /usr/bin/python, but no providers found in RDEPENDS_nodejs-npm? [file-rdeps] + rm -f ${D}${exec_prefix}/lib/node_modules/npm/node_modules/node-gyp/gyp/samples/samples +} + +do_install_append_class-native() { + # use node from PATH instead of absolute path to sysroot + # node-v0.10.25/tools/install.py is using: + # shebang = os.path.join(node_prefix, 'bin/node') + # update_shebang(link_path, shebang) + # and node_prefix can be very long path to bindir in native sysroot and + # when it exceeds 128 character shebang limit it's stripped to incorrect path + # and npm fails to execute like in this case with 133 characters show in log.do_install: + # updating shebang of /home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/work/x86_64-linux/nodejs-native/0.10.15-r0/image/home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/sysroots/x86_64-linux/usr/bin/npm to /home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/sysroots/x86_64-linux/usr/bin/node + # /usr/bin/npm is symlink to /usr/lib/node_modules/npm/bin/npm-cli.js + # use sed on npm-cli.js because otherwise symlink is replaced with normal file and + # npm-cli.js continues to use old shebang + sed "1s^.*^#\!/usr/bin/env node^g" -i ${D}${exec_prefix}/lib/node_modules/npm/bin/npm-cli.js + + # Install the native binaries to provide it within sysroot for the target compilation + install -d ${D}${bindir} + install -m 0755 ${S}/out/Release/torque ${D}${bindir}/torque + install -m 0755 ${S}/out/Release/bytecode_builtins_list_generator ${D}${bindir}/bytecode_builtins_list_generator + if ${@bb.utils.contains('PACKAGECONFIG','icu','true','false',d)}; then + install -m 0755 ${S}/out/Release/gen-regexp-special-case ${D}${bindir}/gen-regexp-special-case + fi + install -m 0755 ${S}/out/Release/mkcodecache ${D}${bindir}/mkcodecache + install -m 0755 ${S}/out/Release/node_mksnapshot ${D}${bindir}/node_mksnapshot +} + +do_install_append_class-target() { + sed "1s^.*^#\!${bindir}/env node^g" -i ${D}${exec_prefix}/lib/node_modules/npm/bin/npm-cli.js +} + +PACKAGES =+ "${PN}-npm" +FILES_${PN}-npm = "${exec_prefix}/lib/node_modules ${bindir}/npm ${bindir}/npx" +RDEPENDS_${PN}-npm = "bash python3-core python3-shell python3-datetime \ + python3-misc python3-multiprocessing" + +PACKAGES =+ "${PN}-systemtap" +FILES_${PN}-systemtap = "${datadir}/systemtap" + +BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7069.patch b/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7069.patch new file mode 100644 index 000000000..0cf4d5ed6 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7069.patch @@ -0,0 +1,158 @@ +Subject: Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption + for a 12 bytes IV) + +--- + ext/openssl/openssl.c | 10 ++++----- + ext/openssl/tests/cipher_tests.inc | 21 +++++++++++++++++ + ext/openssl/tests/openssl_decrypt_ccm.phpt | 22 +++++++++++------- + ext/openssl/tests/openssl_encrypt_ccm.phpt | 26 ++++++++++++++-------- + 4 files changed, 57 insertions(+), 22 deletions(-) + +diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c +index 04cb9b0f..fdad2c3b 100644 +--- a/ext/openssl/openssl.c ++++ b/ext/openssl/openssl.c +@@ -6521,11 +6521,6 @@ static int php_openssl_validate_iv(char **piv, size_t *piv_len, size_t iv_requir + { + char *iv_new; + +- /* Best case scenario, user behaved */ +- if (*piv_len == iv_required_len) { +- return SUCCESS; +- } +- + if (mode->is_aead) { + if (EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_ivlen_flag, *piv_len, NULL) != 1) { + php_error_docref(NULL, E_WARNING, "Setting of IV length for AEAD mode failed"); +@@ -6534,6 +6529,11 @@ static int php_openssl_validate_iv(char **piv, size_t *piv_len, size_t iv_requir + return SUCCESS; + } + ++ /* Best case scenario, user behaved */ ++ if (*piv_len == iv_required_len) { ++ return SUCCESS; ++ } ++ + iv_new = ecalloc(1, iv_required_len + 1); + + if (*piv_len == 0) { +diff --git a/ext/openssl/tests/cipher_tests.inc b/ext/openssl/tests/cipher_tests.inc +index b1e46b41..779bfa85 100644 +--- a/ext/openssl/tests/cipher_tests.inc ++++ b/ext/openssl/tests/cipher_tests.inc +@@ -1,5 +1,26 @@ + array( ++ array( ++ 'key' => '404142434445464748494a4b4c4d4e4f', ++ 'iv' => '1011121314151617', ++ 'aad' => '000102030405060708090a0b0c0d0e0f', ++ 'tag' => '1fc64fbfaccd', ++ 'pt' => '202122232425262728292a2b2c2d2e2f', ++ 'ct' => 'd2a1f0e051ea5f62081a7792073d593d', ++ ), ++ array( ++ 'key' => '404142434445464748494a4b4c4d4e4f', ++ 'iv' => '101112131415161718191a1b', ++ 'aad' => '000102030405060708090a0b0c0d0e0f' . ++ '10111213', ++ 'tag' => '484392fbc1b09951', ++ 'pt' => '202122232425262728292a2b2c2d2e2f' . ++ '3031323334353637', ++ 'ct' => 'e3b201a9f5b71a7a9b1ceaeccd97e70b' . ++ '6176aad9a4428aa5', ++ ), ++ ), + 'aes-256-ccm' => array( + array( + 'key' => '1bde3251d41a8b5ea013c195ae128b21' . +diff --git a/ext/openssl/tests/openssl_decrypt_ccm.phpt b/ext/openssl/tests/openssl_decrypt_ccm.phpt +index a5f01b87..08ef5bb7 100644 +--- a/ext/openssl/tests/openssl_decrypt_ccm.phpt ++++ b/ext/openssl/tests/openssl_decrypt_ccm.phpt +@@ -10,14 +10,16 @@ if (!in_array('aes-256-ccm', openssl_get_cipher_methods())) + --FILE-- + $test) { +- echo "TEST $idx\n"; +- $pt = openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA, +- $test['iv'], $test['tag'], $test['aad']); +- var_dump($test['pt'] === $pt); ++foreach ($methods as $method) { ++ $tests = openssl_get_cipher_tests($method); ++ foreach ($tests as $idx => $test) { ++ echo "$method - TEST $idx\n"; ++ $pt = openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA, ++ $test['iv'], $test['tag'], $test['aad']); ++ var_dump($test['pt'] === $pt); ++ } + } + + // no IV +@@ -32,7 +34,11 @@ var_dump(openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA, + + ?> + --EXPECTF-- +-TEST 0 ++aes-128-ccm - TEST 0 ++bool(true) ++aes-128-ccm - TEST 1 ++bool(true) ++aes-256-ccm - TEST 0 + bool(true) + + Warning: openssl_decrypt(): Setting of IV length for AEAD mode failed in %s on line %d +diff --git a/ext/openssl/tests/openssl_encrypt_ccm.phpt b/ext/openssl/tests/openssl_encrypt_ccm.phpt +index fb5dbbc8..8c4c41f8 100644 +--- a/ext/openssl/tests/openssl_encrypt_ccm.phpt ++++ b/ext/openssl/tests/openssl_encrypt_ccm.phpt +@@ -10,15 +10,17 @@ if (!in_array('aes-256-ccm', openssl_get_cipher_methods())) + --FILE-- + $test) { +- echo "TEST $idx\n"; +- $ct = openssl_encrypt($test['pt'], $method, $test['key'], OPENSSL_RAW_DATA, +- $test['iv'], $tag, $test['aad'], strlen($test['tag'])); +- var_dump($test['ct'] === $ct); +- var_dump($test['tag'] === $tag); ++foreach ($methods as $method) { ++ $tests = openssl_get_cipher_tests($method); ++ foreach ($tests as $idx => $test) { ++ echo "$method - TEST $idx\n"; ++ $ct = openssl_encrypt($test['pt'], $method, $test['key'], OPENSSL_RAW_DATA, ++ $test['iv'], $tag, $test['aad'], strlen($test['tag'])); ++ var_dump($test['ct'] === $ct); ++ var_dump($test['tag'] === $tag); ++ } + } + + // Empty IV error +@@ -32,7 +34,13 @@ var_dump(strlen($tag)); + var_dump(openssl_encrypt('data', $method, 'password', 0, str_repeat('x', 16), $tag, '', 1024)); + ?> + --EXPECTF-- +-TEST 0 ++aes-128-ccm - TEST 0 ++bool(true) ++bool(true) ++aes-128-ccm - TEST 1 ++bool(true) ++bool(true) ++aes-256-ccm - TEST 0 + bool(true) + bool(true) + +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch b/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch new file mode 100644 index 000000000..e5b527f98 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch @@ -0,0 +1,24 @@ +Subject: Patch fix-urldecode for HTTP related Bug #79699 + +--- + main/php_variables.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/main/php_variables.c b/main/php_variables.c +index 1a40c2a1..cbdc7cf1 100644 +--- a/main/php_variables.c ++++ b/main/php_variables.c +@@ -514,7 +514,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data) + } + + val = estrndup(val, val_len); +- php_url_decode(var, strlen(var)); ++ if (arg != PARSE_COOKIE) { ++ php_url_decode(var, strlen(var)); ++ } + if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) { + php_register_variable_safe(var, val, new_val_len, &array); + } +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_7.4.9.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_7.4.9.bb index 1da560783..25b813792 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/php/php_7.4.9.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php_7.4.9.bb @@ -30,6 +30,8 @@ SRC_URI_append_class-target = " \ file://phar-makefile.patch \ file://0001-opcache-config.m4-enable-opcache.patch \ file://xfail_two_bug_tests.patch \ + file://CVE-2020-7070.patch \ + file://CVE-2020-7069.patch \ " S = "${WORKDIR}/php-${PV}" diff --git a/meta-openembedded/meta-oe/recipes-devtools/pugixml/pugixml_1.11.2.bb b/meta-openembedded/meta-oe/recipes-devtools/pugixml/pugixml_1.11.2.bb new file mode 100644 index 000000000..09abbd9c3 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/pugixml/pugixml_1.11.2.bb @@ -0,0 +1,25 @@ +SUMMARY = "Light-weight C++ XML Processing Library" +DESCRIPTION = "pugixml is a C++ XML processing library, which consists of a \ +DOM-like interface with rich traversal/modification capabilities, \ +an extremely fast XML parser which constructs the DOM tree from \ +n XML file/buffer, and an XPath 1.0 implementation for complex \ +data-driven tree queries." +HOMEPAGE = "https://pugixml.org/" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://readme.txt;beginline=29;endline=52;md5=d5ee91fb74cbb64223b3693fd64eb169" + +SRC_URI = "https://github.com/zeux/${BPN}/releases/download/v${PV}/${BP}.tar.gz" +SRC_URI[md5sum] = "2d0be30b843eb9d1893c1ba9ad334946" +SRC_URI[sha256sum] = "599eabdf8976aad86ac092a198920d8c127623d1376842bc6d683b12a37fb74f" + +UPSTREAM_CHECK_URI = "https://github.com/zeux/${BPN}/releases" + +inherit cmake + +EXTRA_OECMAKE += "-DBUILD_PKGCONFIG=ON \ + -DBUILD_SHARED_LIBS=ON \ + -DCMAKE_BUILD_TYPE=Release \ + " + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-devtools/pugixml/pugixml_1.11.bb b/meta-openembedded/meta-oe/recipes-devtools/pugixml/pugixml_1.11.bb deleted file mode 100644 index b5e63cd35..000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/pugixml/pugixml_1.11.bb +++ /dev/null @@ -1,25 +0,0 @@ -SUMMARY = "Light-weight C++ XML Processing Library" -DESCRIPTION = "pugixml is a C++ XML processing library, which consists of a \ -DOM-like interface with rich traversal/modification capabilities, \ -an extremely fast XML parser which constructs the DOM tree from \ -n XML file/buffer, and an XPath 1.0 implementation for complex \ -data-driven tree queries." -HOMEPAGE = "https://pugixml.org/" - -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://readme.txt;beginline=29;endline=52;md5=d5ee91fb74cbb64223b3693fd64eb169" - -SRC_URI = "https://github.com/zeux/${BPN}/releases/download/v${PV}/${BP}.tar.gz" -SRC_URI[md5sum] = "93540f4644fd4e4b02049554ef37fb90" -SRC_URI[sha256sum] = "26913d3e63b9c07431401cf826df17ed832a20d19333d043991e611d23beaa2c" - -UPSTREAM_CHECK_URI = "https://github.com/zeux/${BPN}/releases" - -inherit cmake - -EXTRA_OECMAKE += "-DBUILD_PKGCONFIG=ON \ - -DBUILD_SHARED_LIBS=ON \ - -DCMAKE_BUILD_TYPE=Release \ - " - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-devtools/tclap/tclap_1.2.2.bb b/meta-openembedded/meta-oe/recipes-devtools/tclap/tclap_1.2.2.bb index 46a940803..bba8d5c21 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/tclap/tclap_1.2.2.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/tclap/tclap_1.2.2.bb @@ -3,8 +3,8 @@ HOMEPAGE = "http://tclap.sourceforge.net/" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=0ca8b9c5c5445cfa7af7e78fd27e60ed" -SRCREV = "75f440bcac1276c847f5351e14216f6e91def44d" -SRC_URI = "git://git.code.sf.net/p/tclap/code \ +SRCREV = "ec3ddcfe41b0544a4551a57439b6b3682fe31479" +SRC_URI = "git://git.code.sf.net/p/tclap/code;branch=1.2 \ file://Makefile.am-disable-docs.patch \ " -- cgit v1.2.3