diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2023-10-04 18:18:08 +0300 |
|---|---|---|
| committer | Andrew Geissler <geissonator@yahoo.com> | 2023-10-10 19:23:18 +0300 |
| commit | 220dafdb7243da3683b8a972c80a3719c2d137ef (patch) | |
| tree | 48989211d9aee03ff7769a3169aac594816f5ef8 /meta-openembedded/meta-networking | |
| parent | 32d5e60788a11425a8b7bb8fc292c72c89ab7f39 (diff) | |
| download | openbmc-220dafdb7243da3683b8a972c80a3719c2d137ef.tar.xz | |
master: subtree updates oct 4 2023
poky: 61531cd395..e444d2bed0:
Adrian Freihofer (3):
lib/oe/utils: Refactor to make multiprocess_launch callable without d
lib/oe/package: Refactor to make strip_execs callable without d
oeqa/selftest/devtool: Refactor runqemu pre-requisites
Alexander Kanavin (69):
cargo-c-native: fix version check
igt-gpu-tools: do not write shortened git commit hash into binaries
curl: build and run the full set of ptests
ptest: report tests that were killed on timeout
perl: use 64 bit integers across all targets
perl: ensure all failures are caught
strace: parallelize ptest
strace: remove from time64.inc exception list
busybox: enable 64 bit shell arithmetic (via long long type)
openssl: parallelize tests
openssl: ensure all ptest fails are caught
glibc-tests: rename to glibc-y2038-tests
sysstat: merge .inc into .bb
sysstat: update 12.6.2 -> 12.7.4
glib-2.0: update 2.76.4 -> 2.78.0
ovmf: update edk2-stable202305 -> edk2-stable202308
libdnf: update 0.70.1 -> 0.71.0
liburi-perl: update 5.17 -> 5.21
python3-pygobject: update 3.44.1 -> 3.46.0
go-helloworld: update to latest revision
gzip: update 1.12 -> 1.13
procps: update 4.0.3 -> 4.0.4
screen: update 4.9.0 -> 4.9.1
gobject-introspection: update 1.76.1 -> 1.78.0
igt-gpu-tools: update 1.27.1 -> 1.28
libva-utils: update 2.19.0 -> 2.20.0
piglit: update to latest revision
groff: add a patch to resolve build races
groff: fix another build race via backport
systemd: upgrade 254 -> 254.4
util-linux: upgrade 2.39.1 -> 2.39.2
cmake: upgrade 3.27.4 -> 3.27.5
jquery: upgrade 3.7.0 -> 3.7.1
python3-setuptools-rust: upgrade 1.6.0 -> 1.7.0
vulkan: upgrade 1.3.250.0 -> 1.3.261.1
libxcb: upgrade 1.15 -> 1.16
xcb-proto: upgrade 1.15.2 -> 1.16.0
boost: upgrade 1.82.0 -> 1.83.0
btrfs-tools: upgrade 6.3.3 -> 6.5.1
createrepo-c: upgrade 0.21.1 -> 1.0.0
debianutils: upgrade 5.12 -> 5.13
diffoscope: upgrade 244 -> 249
ethtool: upgrade 6.3 -> 6.5
font-util: upgrade 1.4.0 -> 1.4.1
freetype: upgrade 2.13.1 -> 2.13.2
ghostscript: upgrade 10.01.2 -> 10.02.0
iproute2: upgrade 6.4.0 -> 6.5.0
json-c: upgrade 0.16 -> 0.17
kmscube: upgrade to latest revision
libarchive: upgrade 3.7.1 -> 3.7.2
libsdl2: upgrade 2.28.0 -> 2.28.3
libsolv: upgrade 0.7.24 -> 0.7.25
man-pages: upgrade 6.04 -> 6.05.01
meson: upgrade 1.1.1 -> 1.2.1
mmc-utils: upgrade to latest revision
mtd-utils: upgrade 2.1.5 -> 2.1.6
puzzles: upgrade to latest revision
python3-dtschema: upgrade 2023.6.1 -> 2023.7
python3-git: upgrade 3.1.35 -> 3.1.36
python3-libarchive-c: upgrade 4.0 -> 5.0
python3-setuptools: upgrade 68.2.1 -> 68.2.2
python3-sphinx: upgrade 7.2.5 -> 7.2.6
seatd: upgrade 0.7.0 -> 0.8.0
sqlite3: upgrade 3.43.0 -> 3.43.1
tiff: upgrade 4.5.1 -> 4.6.0
vala: upgrade 0.56.8 -> 0.56.13
xf86-input-libinput: upgrade 1.3.0 -> 1.4.0
xwayland: upgrade 23.1.2 -> 23.2.1
python3-setuptools-scm: fix upstream version check
Alexandre Belloni (1):
python3: fix SoB on patch
Antoine Lubineau (1):
cve-check: add CVSS vector string to CVE database and reports
Bruce Ashfield (9):
linux-yocto/6.4: update to v6.4.15
linux-yocto/6.1: update to v6.1.52
linux-yocto/6.4: update to v6.4.16
linux-yocto/6.1: update to v6.1.53
linux-yocto/6.1: update to v6.1.55
linux-yocto-dev: update to v6.6-rcX
linux-yocto: introduce 6.5 reference kernel recipes
linux-libc-headers: uprev to v6.5
linux-libc-headers: default to 6.5
Charles-Antoine Couret (1):
systemd-boot-cfg: add .conf suffix to default entry label
Chen Qi (1):
python3: add cpython to CVE_PRODUCT
Daniel Semkowicz (2):
wic: bootimg-partition: Fix file name in debug message
uboot-extlinux-config.bbclass: Add missing variable descriptions
Deepthi Hemraj (2):
binutils: stable 2.41 branch updates.
glibc: stable 2.38 branch updates.
Denys Dmytriyenko (2):
bitbake.conf: add MACHINE to SDK_NAME
spdx: use TOOLCHAIN_OUTPUTNAME for SDK filename prefix
Derek Straka (1):
pypi.bbclass: Update the upstream checks to automatically replace '_' with '-'
Eilís 'pidge' Ní Fhlannagáin (2):
lib/oe/package_managegment: Add nativesdk-intercept PATH
update_mandb: deb fails due to missing man cache
Etienne Cordonnier (1):
bitbake: bitbake-worker/runqueue: Avoid unnecessary bytes object copies
Insu Park (1):
bitbake: data: Add missing dependency handling of remove operator
Jan Garcia (1):
insane.bbclass: Count raw bytes in shebang-size
Joshua Watt (6):
classes/create-spdx-2.2: Add extra debugging for missing package files
nfs-utils: Don't start nfs-statsd.service without exports
nfs-utils: Add StateDirectory for systemd services
bitbake: utils: Add path_is_descendant()
bitbake: fetch2: git: Use path_is_descendant() instead of path for repo check
classes/create-spdx-2.2: Show error if document is not found
Julien Stephan (1):
bitbake: bitbake: cooker: add a new function to retrieve task signatures
Kai Kang (2):
goarch.bbclass: not compatible with riscv32
adwaita-icon-theme: 43 -> 45.0
Khem Raj (25):
perl: Add packageconfig for setlocale functionality differences
libc-test: Run as non-root user
coreutils: Upgrade to 9.4
coreutils: Add config.h to ptest package
gettext: Add missing dependency on gawk autoconf
util-linux: Disable failing tests on musl
Revert "util-linux: scanf_cv_alloc_modifier changed from 'as' -> 'ms'"
util-linux: Fix lscpu on musl
qemu: Add PACKAGECONFIG for dax
llvm: Upgrade to 17.0.1
oeqa: Use 2.14 release of cpio instead of 2.13
musl: Update to latest
bsd-headers: Define __CONCAT and __STRING
mesa: Update clang-17 patch to upstream v2
musl-legacy-error: Add recipe
elfutils: Depend on musl-legacy-error for musl targets
debugedit: Use musl-legacy-error
systemd: Drop two upstreamed musl patches
systemd: Refresh patches to avoid patch-fuzz
glib-2.0: Enable possible locales with musl for ptests
glib-2.0: Remove failing ptests on musl
llvm: Upgrade to 17.0.2
createrepo-c: Fix function declaration bug found with clang
mesa: Simplify llvm-17 patch
mesa: Fix native build on hosts with llvm-dev installed
Lee Chee Yang (2):
bind: update to 9.18.19
cups: fix CVE-2023-4504
Markus Volk (8):
mesa: upgrade 23.1.3 -> 23.1.7
libportal: upgrade 0.6 -> 0.7.1
appstream: import recipe from meta-oe
libadwaita: upgrade 1.3.4 -> 1.4.0
maintainers.inc: add missing entries for appstream and libxmlb
libxmlb: import recipe from meta-oe
pulseaudio: dont include consolekit for systemd
mesa: Upgrade 23.1.7 -> 23.1.8
Marta Rybczynska (3):
python3-ply: add to nativesdk
python3-isodate: add homepage
python3-rdflib: add homepage
Martin Jansa (3):
gcc: backport a fix for ICE caused by CVE-2023-4039.patch
fontcache.bbclass: avoid native recipes depending on target fontconfig
multilib_script.bbclass: expand script name as well
Matthias Schnelte (1):
bitbake: fetch2: Adds vscode devcontainer support
Michael Opdenacker (18):
base: add newline before LICENSE_FLAGS_DETAILS
dev-manual: new-recipe.rst fix inconsistency with contributor guide
contributor-guide: recipe-style-guide: add Upstream-Status
dev-manual: licenses: update license manifest location
dev-manual: licenses: mention SPDX for license compliance
dev-manual: disk-space: improve wording for obsolete sstate cache files
sdk-manual: extensible.rst: fix multiple formatting issues
alsa-lib: upgrade 1.2.9 -> 1.2.10
alsa-utils: upgrade 1.2.9 -> 1.2.10
shadow: fix patch Upstream-Status
libevent: fix patch Upstream-Status
alsa-utils: update patch Upstream-Status
alsa-lib: fix patch Upstream-Status
lib/oe/qa: remove obsolete "Accepted" string for Upstream-Status
lib/oe/qa: update guidelines link for Upstream-Status
bsp-guide: bsp.rst: replace reference to wiki
dev-manual: new-recipe.rst: replace reference to wiki
maintainers.inc: add self for flac recipe
Mikko Rapeli (9):
openssh: update Upstream-Status to Denied in test logging patch
openssh: improve banner ptest failure logging
testimage.bbclass: detect slirp from TEST_RUNQEMUPARAMS
oeqa dnf_runtime.py: fix HTTP server IP address and port
oeqa selftest runtime_test.py: append to TEST_RUNQEMUPARAMS
selftest runtime_test.py: add testimage.bbclass slirp test
openssh: capture logs in run-ptest
testimage.bbclass: remove QEMU_USE_SLIRP variable
oeqa/selftest/context.py: check git command return values
Ninad Palsule (1):
kernel-fitImage: Strip path component from dtb
Peter Kjellerstedt (7):
libsoup-2.4: Only specify --cross-file when building for target
libsoup: Only specify --cross-file when building for target
bitbake: tinfoil: Do not fail when logging is disabled and full config is used
bitbake: bitbake-getvar: Make --quiet work with --recipe
bitbake: bitbake-getvar: Make --value imply --quiet
bitbake: bitbake-getvar: Add a (suppressable) error for undefined variables
bitbake: bitbake-getvar: Treat undefined variables as empty with --value
Peter Marko (2):
openssl: Upgrade 3.1.2 -> 3.1.3
json-c: define CVE_VERSION
Qiu Tingting (1):
tar: add ptest support
Richard Purdie (34):
bitbake.conf: Add IMAGE_BASENAME to SDK_NAME
vim: Upgrade 9.0.1664 -> 9.0.1894
defaultsetup: Inherit create-spdx by default
oeqa/selftest/runtime_test: No need to use append with TEST_RUNQEMUPARAMS
devtool/build_sdk: Drop unused imports
bitbake: lib: Drop inotify support and replace with mtime checks
bitbake: server/process: Disable the flush() call in server logging
recipetool/devtool: Ensure server knows about changed files
lttng-tools: Upgrade 2.13.10 -> 2.13.11
oeqa/selftest/wic: Improve assertTrue calls
elfutils: Fix reproducibility issue with bunzip2
bitbake: cooker: Drop unneeded flush calls
sstate: Fix nativesdk entry in SSTATE_ARCHS
multilib: fix SSTATE_ARCHS for multilib usage
license/license_image: Fix license file layout to avoid overlapping files
oeqa/selftest/bbtests: Improve and update test_non_gplv3
create-spdx/sbom: Ensure files don't overlap between machines
sstate: Stop allowing overlapping symlinks from sstate
recipes: Drop remaining PR values from recipes
bitbake.conf: No longer support PR from filename
oeqa/selftest: Fix broken symlink removal handling
oeqa/selftest/reproducible: Avoid oe-selftest startup delays
oeqa: Streamline oe-selftest startup time
oeqa/selftest/oescripts: Avoid variable access at module load
bitbake: codeparser: Update debug variable reference
contributor-guide/style-guide: Refer to recipes, not packages
contributor-guide/style-guide: Add a note about task idempotence
lib: Import packagedata oe module by default
oeqa/runner: Ensure class setup errors are shown to bitbake logging
create-spdx: Ensure it is clear where the message comes from
oeqa/utils/gitarchive: Handle broken commit counts in results repo
python3-numpy: Fix reproducibility issue
scritps/runqemu: Ensure we only have two serial ports
glibc: Pull in stable branch fixes
Robert Joslyn (2):
curl: Update from 8.2.1 to 8.3.0
curl: Skip tests marked flaky
Robert Yang (1):
libxcrypt-compat: Remove libcrypt.so to fix conflict with libcrypt
Roland Hieber (7):
template: fix typo in section header
ref-manual: point outdated link to the new location
contributor-guide: recipe-style-guide: add more patch tagging examples
contributor-guide: recipe-style-guide: add section about CVE patches
contributor-guide: discourage marking patches as Inappropriate
contributor-guide: deprecate "Accepted" patch status
contributor-guide: style-guide: discourage using Pending patch status
Ross Burton (19):
packagegroup-core-x11-xserver: add modesetting driver to default XSERVER
machine/qemu*: add modesetting drivers to XSERVER
beaglebone-yocto: remove redundant XSERVER assignment
gcc: Fix -fstack-protector issue on aarch64
testimage: respect target/server IPs when using slirp
manuals: document LICENSE_FLAGS_DETAILS
linux-yocto: update CVE ignores
libwebp: upgrade to 1.3.2
oeqa/runtime/parselogs: remove unused imports
oeqa/runtime/parselogs: don't bother to show target hardware information
oeqa/runtime/parselogs: remove obsolete LSB testing support
oeqa/runtime/parselogs: inline single-caller functions
oeqa/runtime/parselogs: improve find call
oeqa/runtime/parselogs: don't pass around members
oeqa/runtime/parselogs: move some variables out of global scope
oeqa/runtime/parselogs: select the correct machine-specific ignores early
oeqa/runtime/parselogs: parse the logs with Python, not grep
webkitgtk: reduce size of -dbg package
bitbake: bitbake/lib: spawn server/worker using the current Python interpreter
Samantha Jalabert (14):
python3-isodate: Copy recipe from meta-python
python3-booleanpy: Copy recipe from meta-python
python3-beartype: add recipe
python3-click: Copy recipe from meta-python
ptest-packagelists.inc: add python test click
python3-license-expression: Copy recipe from meta-python
ptest-packagelists.inc: add python test license-expression
python3-rdflib: Copy recipe from meta-python
python3-uritools: add recipe
python3-xmltodict: Copy recipe from meta-python
ptest-packagelists.inc: add python test xmltodict
python3-spdx-tools: add recipe
qa: Add selftest for python3-spdx-tools
maintainers.inc: add python3-spdx-tools and dependencies
Sean Nyekjaer (1):
gcc: depend on zstd
Stefan Tauner (1):
gdb: fix RDEPENDS for PACKAGECONFIG[tui]
Stephan Wurm (1):
python3-jsonschema: Update homepage URL
Tim Orling (1):
python3-cryptography{-vectors}: upgrade to 41.0.4
Trevor Gamblin (6):
patchtest: Add tests from patchtest oe repo
patchtest/selftest: remove configurable target
patchtest: add requirements.txt
patchtest: Add README.md for selftests
python3-ptest: skip test_input_no_stdout_fileno
patchtest/selftest: only split resultlines once
Ulrich Ölmann (1):
packagegroup-base: clean up setting packagegroup-machine-base's SUMMARY
Wang Mingyu (36):
alsa-ucm-conf: upgrade 1.2.9 -> 1.2.10
at-spi2-core: upgrade 2.48.3 -> 2.48.4
dbus: upgrade 1.14.8 -> 1.14.10
debianutils: upgrade 5.8 -> 5.12
dnf: upgrade 4.16.1 -> 4.17.0
harfbuzz: upgrade 8.1.1 -> 8.2.0
kexec-tools: upgrade 2.0.26 -> 2.0.27
libinput: upgrade 1.23.0 -> 1.24.0
libnl: upgrade 3.7.0 -> 3.8.0
nghttp2: upgrade 1.55.1 -> 1.56.0
ccache: upgrade 4.8.2 -> 4.8.3
pkgconf: upgrade 2.0.2 -> 2.0.3
python3-git: upgrade 3.1.34 -> 3.1.35
python3-hypothesis: upgrade 6.84.0 -> 6.84.3
python3-pyelftools: upgrade 0.29 -> 0.30
python3-pytest: upgrade 7.4.1 -> 7.4.2
python3-setuptools: upgrade 68.1.2 -> 68.2.1
strace: upgrade 6.4 -> 6.5
stress-ng: upgrade 0.16.04 -> 0.16.05
wayland-utils: upgrade 1.1.0 -> 1.2.0
wireless-regdb: upgrade 2023.05.03 -> 2023.09.01
at-spi2-core: upgrade 2.48.4 -> 2.50.0
enchant2: upgrade 2.5.0 -> 2.6.1
harfbuzz: upgrade 8.2.0 -> 8.2.1
kbd: upgrade 2.6.2 -> 2.6.3
libsecret: upgrade 0.21.0 -> 0.21.1
gobject-introspection: upgrade 1.78.0 -> 1.78.1
python3-numpy: upgrade 1.25.2 -> 1.26.0
python3-hypothesis: upgrade 6.84.3 -> 6.86.2
python3-pycryptodome: upgrade 3.18.0 -> 3.19.0
python3-pycryptodomex: upgrade 3.18.0 -> 3.19.0
python3-smmap: upgrade 5.0.0 -> 6.0.0
python3-trove-classifiers: upgrade 2023.8.7 -> 2023.9.19
python3-typing-extensions: upgrade 4.7.1 -> 4.8.0
python3-urllib3: upgrade 2.0.4 -> 2.0.5
python3-zipp: upgrade 3.16.2 -> 3.17.0
Yash Shinde (1):
glibc: fix CVE-2023-4527
Yogita Urade (2):
tiff: fix CVE-2023-40745
tiff: fix CVE-2023-41175
meta-openembedded: eff1b182c1..ea42cec2ec:
Alex Kiernan (2):
mdns: Upgrade 1790.80.10 -> 2200.0.8
jq: Upgrade 1.6+git -> 1.7
Archana Polampalli (2):
python3-appdirs: print ptest results in unified format
nodejs: upgrade 18.17.1 -> 20.5.1
Armin Kuster (1):
openldap: update to 2.5.16.
Bruce Ashfield (2):
zfs: update to v2.2.0-rc4
vboxguestdrivers: fix kernel v6.5 build
Chi Xu (1):
mariadb: Add ptest support
Clément Péron (6):
etcd-cpp-apiv3: upgrade 0.14.3 -> 0.15.3
devtools: grpc: bump to 1.56.2
protobuf: upgrade 4.22.2 -> 4.23.4
protobuf-c: bump to next release to support protobuf 4.23.x
mariadb: add missing <cstdint> in rocksdb string_util.h
etcd-cpp-apiv3: fix build when gRPC is cross compiled
Daniel Semkowicz (2):
cockpit: Move packagekit to a separate package
cockpit: Move apps to a separate package
Derek Straka (54):
python3-absl: Update version 1.4.0 -> 2.0.0
python3-brotli: Update version 1.0.9 -> 1.1.0
python3-cachecontrol: Update version 0.13.0 -> 0.13.1
python3-cantools: Update version 38.0.2 -> 39.2.0
python3-cerberus: Update version 1.3.4 -> 1.3.5
python3-configshell-fb: Update version 1.1.29 -> 1.1.30
python3-custom-inherit: Update version 2.3.1 -> 2.4.1
python3-distlib: Update version 0.3.6 -> 0.3.7
python3-fasteners: Update version 0.18 -> 0.19
python3-filelock: Update version 3.12.0 -> 3.12.4
python3-bleak: Update version 0.20.2 -> 0.21.1
python3-dynamic-dispatch: Correct the upstream regex check for version upgrades
python3-google-api-python-client: Update version 2.99.0 -> 2.100.0
python3-sqlalchemy: Upgrade 2.0.20 -> 2.0.21
python3-netaddr: Update version 0.8.0 -> 0.9.0
python3-msgpack: Update version 1.0.5 -> 1.0.6
python3-protobuf: Update version 4.24.2 -> 4.24.3
python3-gevent: Update version 23.7.0 -> 23.9.1
python3-langtable: Update version 0.0.63 -> 0.0.64
python3-posix-ipc: Update version 1.0.5 -> 1.1.1
python3-websocket-client: Update version 1.5.3 -> 1.6.3
python3-web3: Update version 6.9.0 -> 6.10.0
python3-apiflask: Update version 2.0.1 -> 2.0.2
python3-argh: Update version 0.29.3 -> 0.29.4
python3-async-timeout: remove old version of the library
python3-pydantic: Update version 1.10.7 -> 2.4.1
python3-pyhamcrest: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
python3-pyasn1-modules: Update version 0.2.8 -> 0.3.0
python-pyiface: Update version from git -> 0.0.11
python3-pymysql: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
python3-pymysql: update verion 1.0.2 -> 1.1.0
python3-pyproj: update version 3.6.0 -> 3.6.1
python3-pyproject-api: update version 1.5.1 -> 1.6.1
python3-redis: update version 5.0.0 -> 5.0.1
python3-traitlets: update version 5.9.0 -> 5.10.1
python3-xxhash: update version 3.2.0 -> 3.3.0
python3-pyzmq: update version 25.0.0 -> 25.1.1
python3-cachecontrol: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
python3-flask-babel: update version 2.0.0 -> 3.1.0
python3-idna-ssl: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
python3-ninja-syntax: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
python3-prettytable: update version 3.6.0 -> 3.9.0
python3-pytz-deprecation-shim: Remove outdated recipe meant to be a short lived shim
python3-tzlocal: Remove dependency on pytz_deprecation_shim removed in release 5.0
python3-astroid: update version 2.16.6 -> 3.0.0
python3-flask: update version 2.3.2 -> 2.3.3
python3-google-api-core: update version 2.12.0
python3-google-api-python-client: update version 2.100.0 -> 2.101.0
python3-google-auth: update version 2.23.0 -> 2.23.1
python3-parse-type: update version 0.5.2 -> 0.6.2
python3-nacl: Add recipe for the latest release of PyNaCl
python3-botocore: add recipe for latest version of botocore
python3-boto3: add recipe for latest version of boto3
python3-flask-cors: add initial version of the recipe for 4.0.0
Etienne Cordonnier (1):
uutils-coreutils: upgrade 0.0.20 -> 0.0.21
Gianfranco Costamagna (3):
mosquitto: do not automatically depend on dlt-daemon, it's a non-mandatory logging system
mosquitto: upgrade 2.0.15 -> 2.0.17
mosquitto: upgrade 2.0.17 -> 2.0.18
Jeffrey Pautler (1):
bolt: disable CVE checking for this recipe
Jonas Gorski (1):
frr: upgrade 8.4.4 -> 9.0.1
Julian Haller (1):
openct: Fix typo in SUMMARY variable
Kai Kang (1):
ostree: not compatible with riscv32 when ptest enabled
Khem Raj (25):
vlc: Fix build with gettext 0.22+
usbguard: Enable seccomp if distro features have it
sharutils: Check for intmax_t using configure
poco: Add pass/fail ststus into logs
mongodb: Add rdep on tzdata-core
mongodb: Upgrade to 4.4.24
meta-oe-ptest-image-poco: Increase size tp 1G
poco: Fix ptest runtime errors
poco: Do not enable MongoDB packageconfig by default
plocate: Upgrade to 1.1.19 release
xscreensaver: Add osuosl backup MIRROR
mozjs-115: Apply autoconf tuple mismatch fix
cpp-netlib: Fix build with boost 1.80+
cpp-netlib: Fix buildpaths in generated cmake files
python3-pybluez: Fix patch upstream-status
python3-pynetlinux: Fix patch upstream-status
libnet-idn-encode: Add recipe
libio-socket-ssl-perl: Change libnet-libidn-perl->libnet-idn-encode rdep for ptests
libnfs: Drop -Wno-implicit-function-declaration
webkitgtk3: Do not use musttail with clang on arm
fftw: Fix ptest result reporting
nodejs: Fix ptest result reporting
relayd: Update to latest tip of trunk
relayd: Fix build with clang
kernel-selftest: Build headers before compiling tests
Lee Chee Yang (8):
libsdl: fix CVE-2022-34568
keepalived: 2.2.2 -> 2.2.8
irssi: 1.4.2 -> 1.4.4
iniparser: Fix CVE-2023-33461
opensc: fix CVE-2023-2977
x11vnc: Fix CVE-2020-29074
libvncserver: update to 0.9.14
ntpsec: 1.2.2 -> 1.2.2a
Markus Volk (48):
libei: add recipe
libxmlb: update 0.3.10 -> 0.3.14
appstream: update 0.16.2 -> 0.16.3
webrtc-audio-processing: add recipe for 1.x
pipewire: upgrade 0.3.79 -> 0.3.80
evolution-data-server: upgrade 3.48.3 -> 3.50.0
appstream: remove workaround for cross-compile
libxmlb: fix a reproducibility and runtime issue with ptest
tracker-miners: upgrade 3.5.0 -> 3.6.0
mozjs: upgrade 102.9.0 -> 102.15.0
tecla: add recipe
polkit: upgrade 122 -> 123
tracker: upgrade 3.5.1 -> 3.6.0
libxmlb: remove recipe
appstream: remove recipe
gvfs: upgrade 1.51.90 -> 1.52.0
mutter: upgrade 44.3 -> 45.0
xdg-desktop-portal: upgrade 1.16.0 -> 1.18.0
gnome-boxes: upgrade 44.2 -> 45.0
gnome-session: upgrade 44.0 -> 45.0
gnome-text-editor: upgrade 44.0 -> 45.0
gnome-shell: upgrade 44.3 -> 45.0
eog: upgrade 44.3 -> 45.0
gnome-calculator: upgrade 44.0 -> 45.0
xdg-desktop-portal-gnome: upgrade 44.1 -> 45.0
gnome-calendar: upgrade 44.0 -> 45.0
gnome-software: upgrade 44.4 -> 45.0
zenity: upgrade 3.44.0 -> 3.44.2
gnome-system-monitor: upgrade 44.0 -> 45.0
webkitgtk: upgrade 2.40.5 -> 2.42.0
gnome-control-center: upgrade 44.3 -> 45.0
gnome-settings-daemon: upgrade 44.1 -> 45.0
tracker: add missing Upstream-Status
gdm: upgrade 44.1 -> 45.0.1
gnome-calendar: fix reproducibility issue
exiv2: Upgrade 0.27.6 -> 0.28.0
gexiv: Upgrade 0.14.0 -> 0.14.2
gjs: Upgrade 1.76.1 -> 1.78.0
mozjs: add recipe for v115
evince: Upgrade 44.2 -> 45.0
Nautilus: Upgrade 44.2.1 -> 45.0
gedit: Upgrade 44.2 -> 46.1
tepl: Upgrade 6.4.0 -> 6.8.0
libblockdev: Upgrade 2.28 -> 3.03
udisks2: Upgrade 2.9.4 -> 2.10.1
mozjs: Upgrade 102.15.0 -> 102.15.1
libnfs: dont install libnfs-config.cmake
gnome-remote-desktop: Upgrade 44.2 -> 45.0
Martin Jansa (20):
webrtc-audio-processing: Fix build with -Werror=return-type
freeglut: return x11 to REQUIRED_DISTRO_FEATURES
packagegroup-meta-multimedia: restore x11 restriction for projucer
btrfsmaintenance: move btrfs-tools dependency from build-time to run-time
btrfsmaintenance: drop allarch
ttf-google-fira: exclude siggen dependency on fontconfig
cukinia: drop allarch
mdio-tools: exclude siggen dependency on mdio-netlink
ot-br-posix: exclude siggen dependency on ipset
mongodb: add and fix Upstream-Status
mongodb: Fix build on 32bit
gupnp: fix build with meson-1.2.0
minifi-cpp, mozjs-115, redis-7.2.1, pv: add missing Upstream-Status
mozjs: fix filename in MULTILIB_SCRIPTS
gupnp-tools: fix build with meson-1.2.0
gnome-tweaks, networkmanager-fortisslvpn, libesmtp, json-schema-validator, python3-pybluez, python3-pynetlinux, apache2: Fix Malformed Upstream-Status
mozjs: use PV in MULTILIB_SCRIPTS
mosquitto, etcd-cpp-apiv3: add missing Upstream-Status
meta-oe/dynamic-layers: add Upstream-Status where missing
meta-oe/dynamic-layers: add one more missing Upstream-Status and fix one malformed
Michał Iwanicki (1):
python3-pyu2f: add recipe
Mingli Yu (4):
minifi-cpp: Remove the buildpath issue
hdf5: Upgrade to 1.14.2
vlock: Use EXTRA_CFLAGS
mozjs-102: Remove the buildpath
Richard Leitner (2):
python3-shellingham: add recipe for v1.5.3
python3-autoflake: add recipe for v2.2.1
Ross Burton (1):
webkitgtk3: reduce size of -dbg package
Sam Van Den Berge (6):
python3-flask-jwt-extended: add recipe
python3-flask-marshmallow: add recipe
python3-apispec: add recipe
python3-flask-httpauth: add recipe
python3-webargs: add recipe
python3-apiflask: add recipe
Samantha Jalabert (6):
Remove python3-rdflib
Remove python3-license-expression
Remove python3-xmltodict
Remove python3-booleanpy
Remove python3-click
Remove python3-isodate
Samuli Piippo (1):
protobuf: stage protoc binary to sysroot
Sanjay Chitroda (1):
netkit-telnet: Fix CVE-2022-39028
Trevor Gamblin (1):
python3-aiofiles: upgrade 23.1.0 -> 23.2.1
Vyacheslav Yurkov (3):
overlayfs-tools: Drop unneeded dependency
overlayfs-tools: Bump up the version
overlayfs-tools: Install fsck binary
Wang Mingyu (42):
freerdp: upgrade 2.10.0 -> 2.11.0
boost-sml: upgrade 1.1.8 -> 1.1.9
ctags: upgrade 6.0.20230827.0 -> 6.0.20230917.0
dovecot: upgrade 2.3.20 -> 2.3.21
freerdp: upgrade 2.11.0 -> 2.11.1
gensio: upgrade 2.7.5 -> 2.7.6
geoclue: upgrade 2.7.0 -> 2.7.1
hwloc: upgrade 2.9.2 -> 2.9.3
iperf3: upgrade 3.14 -> 3.15
libcloudproviders: upgrade 0.3.2 -> 0.3.4
libdeflate: upgrade 1.18 -> 1.19
libglvnd: upgrade 1.6.0 -> 1.7.0
libtommath: upgrade 1.2.0 -> 1.2.1
libcoap: upgrade 4.3.1 -> 4.3.3
python3-antlr4-runtime: upgrade 4.13.0 -> 4.13.1
python3-lazy: upgrade 1.5 -> 1.6
python3-pyfanotify: upgrade 0.2.0 -> 0.2.1
psqlodbc: upgrade 15.00.0000 -> 16.00.0000
python3-argcomplete: upgrade 3.1.1 -> 3.1.2
python3-bitstring: upgrade 4.1.1 -> 4.1.2
python3-cmake: upgrade 3.27.4.1 -> 3.27.5
python3-coverage: upgrade 7.3.0 -> 7.3.1
python3-engineio: upgrade 4.7.0 -> 4.7.1
python3-eth-utils: upgrade 2.2.0 -> 2.2.1
python3-flask-migrate: upgrade 4.0.4 -> 4.0.5
python3-flask-socketio: upgrade 5.3.5 -> 5.3.6
python3-google-api-python-client: upgrade 2.97.0 -> 2.99.0
python3-google-auth: upgrade 2.22.0 -> 2.23.0
python3-pillow: upgrade 10.0.0 -> 10.0.1
python3-pymisp: upgrade 2.4.175 -> 2.4.176
python3-pymodbus: upgrade 3.5.0 -> 3.5.2
python3-rapidjson: upgrade 1.10 -> 1.11
python3-rich: upgrade 13.5.2 -> 13.5.3
python3-term: upgrade 2.4 -> 2.5
python3-tox: upgrade 4.11.1 -> 4.11.3
python3-typeguard: upgrade 4.1.3 -> 4.1.5
python3-types-setuptools: upgrade 68.1.0.1 -> 68.2.0.0
python3-virtualenv: upgrade 20.24.4 -> 20.24.5
python3-xlsxwriter: upgrade 3.1.2 -> 3.1.3
python3-zeroconf: upgrade 0.97.0 -> 0.112.0
redis: upgrade 7.2.0 -> 7.2.1
remmina: upgrade 1.4.31 -> 1.4.32
Xiangyu Chen (3):
mosh: add support of protobuf 4.22.x
protobuf: upgrade 3.21.12 -> 4.22.2
protobuf-c: add support of protobuf 4.22.x
Yi Zhao (1):
audit: upgrade 3.1.1 -> 3.1.2
meta-arm: bd0953cc60..95789365f7:
Abdellatif El Khlifi (2):
arm-bsp/trusted-firmware-a: corstone1000: enable ERRATA_A35_855472
arm-bsp/u-boot: corstone1000: purge U-Boot specific DT nodes before Linux
Adam Johnston (1):
arm-bsp/trusted-firmware-a: Fix BL32 path if usrmerge enabled
Divin Raj (1):
ci,doc,kas,arm-bsp,arm: Remove support for fvp-baser-aemv8r64 machine
Emekcan Aras (6):
arm-bsp/optee-os: corstone1000: Handling logging syscall correctly
CI: Add meta-secure-core
CI: Include meta-secure-core in corstone1000
kas: corstone1000: add meta-secure-core
arm-bsp/u-boot: corstone1000: introduce authenticated capsule update
arm-bsp/trusted-firmware-m: Enable authenticated capsule update
Javier Tia (2):
optee-client: start tee-supplicant.service when teeprivX dev is detected
libts: tee-udev.rules: Change ownership to tee group
Jon Mason (5):
arm/edk2: update to edk2-stable202308
arm/trusted-firmware-m: update to 1.8.1
arm/opencsd: update to v1.4.1
arm/scp-firmware: update to v2.13.0
README: remove reference to meta-arm-autonomy
Khem Raj (1):
layer.conf: update LAYERSERIES_COMPAT for nanbield
Mariam Elshakfy (2):
arm-bsp/optee-os: N1SDP upgrade optee-os to 3.22
arm-bsp/optee-os: N1SDP upgrade tadevkit and optee-test to 3.22
Peter Hoyes (2):
CI: Allow a GitHub container registry mirror to be specified
CI: Make update-repos more resilient to network issues
Ross Burton (15):
arm/generic-arm64: move SERIAL_CONSOLES to generic-arm64
arm/qemu-generic-arm64: force off KVM in qemu
arm/generic-arm64: set XSERVER to install the modesetting driver
CI: remove redundant variables in testimage.yml
arm-bsp: change port mapping for SSH to port 2222
arm/apply_local_src_patches: allow use in multiple directories
arm/trusted-services: pass through CMake generator
arm/trusted-services: add missing pkgconfig inherit
arm/trusted-services/ts-remote-test: move binary to $bindir
arm/trusted-services/ts-sp-env-test: add missing DEPENDS
arm/trusted-services/ts-sp-env-test: remove
arm/trusted-services: use apply_local_src_patches
arm/trusted-services: upgrade nanopb and fix build races
CI: use a venv for sphinx
CI: upgrade to Kas 4 container
Xueliang Zhong (2):
arm-bsp/n1sdp: update to linux yocto kernel 6.4
arm-bsp/corstone1000: bump kernel version to v6.4
meta-security: 1856a7cf43..aca6d4a9e7:
Armin Kuster (10):
suricata: fix build issue.
suricata: Update to 7.0.0
sssd: Update to 2.9.2
openscap: update to 1.3.9
python3-privacyidea: update to 3.8.1
lkrg-module: update to 0.9.7
libhtp: update to 0.5.45
swtpm: update 0.8.1
lynis: Update to 3.0.9
scap-security-guide: Drop Poky patch and update to tip
John Broadbent (1):
libhoth: Update
meta-raspberrypi: 6501ec892c..482d864b8f:
Joshua Watt (1):
rpi-base: Fix wic image kernel dependency
Khem Raj (5):
userland: Update to trunk from 20230419
linux-raspberrypi: Upgrade 6.1 release to latest point release 6.1.54
linux-firmware-rpidistro: Update to 20230210-5_bpo11+1
bluez-firmware-rpidistro: Update to 1.2-4+rpt10
raspberrypi-firmware: Update to 20230509~buster
Martin Jansa (1):
layer.conf: update LAYERSERIES_COMPAT for nanbield
Change-Id: Id75112a3b0be4bd150dc5d9a28c01982ed48200e
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'meta-openembedded/meta-networking')
28 files changed, 276 insertions, 400 deletions
diff --git a/meta-openembedded/meta-networking/conf/layer.conf b/meta-openembedded/meta-networking/conf/layer.conf index 12ce08c8a1..2343179a62 100644 --- a/meta-openembedded/meta-networking/conf/layer.conf +++ b/meta-openembedded/meta-networking/conf/layer.conf @@ -22,6 +22,8 @@ LICENSE_PATH += "${LAYERDIR}/licenses" SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ wireguard-tools->wireguard-module \ + mdio-tools->mdio-netlink \ + ot-br-posix->ipset \ " BBFILES_DYNAMIC += " \ meta-python:${LAYERDIR}/dynamic-layers/meta-python/recipes-*/*/*.bb \ diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/2894.patch b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/2894.patch new file mode 100644 index 0000000000..7374cbd26f --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/2894.patch @@ -0,0 +1,25 @@ +From: Joachim Zobel <jz-2017@heute-morgen.de> +Date: Wed, 13 Sep 2023 09:55:34 +0200 +Subject: [PATCH] Link correctly with shared websockets library if needed see: + https://github.com/eclipse/mosquitto/pull/2751 + +Patch contributed by Joachim Zobel <jz-2017@heute-morgen.de> and Daniel Engberg <daniel.engberg.lists@pyret.net> +--- +Upstream-Status: Pending + + src/CMakeLists.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index 9380a04..dce8313 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -200,7 +200,7 @@ if (WITH_WEBSOCKETS) + link_directories(${mosquitto_SOURCE_DIR}) + endif (WIN32) + else (STATIC_WEBSOCKETS) +- set (MOSQ_LIBS ${MOSQ_LIBS} websockets) ++ set (MOSQ_LIBS ${MOSQ_LIBS} websockets_shared) + endif (STATIC_WEBSOCKETS) + endif (WITH_WEBSOCKETS) + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/2895.patch b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/2895.patch new file mode 100644 index 0000000000..853f881754 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/2895.patch @@ -0,0 +1,27 @@ +From: Joachim Zobel <jz-2017@heute-morgen.de> +Date: Wed, 13 Sep 2023 10:05:43 +0200 +Subject: [PATCH] Mosquitto now waits for network-online when starting + (Closes: #1036450) + +See: https://github.com/eclipse/mosquitto/issues/2878 +--- +Upstream-Status: Pending + + service/systemd/mosquitto.service.simple | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/service/systemd/mosquitto.service.simple b/service/systemd/mosquitto.service.simple +index 15ee0d6..c2a330b 100644 +--- a/service/systemd/mosquitto.service.simple ++++ b/service/systemd/mosquitto.service.simple +@@ -1,8 +1,8 @@ + [Unit] + Description=Mosquitto MQTT Broker + Documentation=man:mosquitto.conf(5) man:mosquitto(8) +-After=network.target +-Wants=network.target ++After=network-online.target ++Wants=network-online.target + + [Service] + ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init index 9d5963c418..d0da219d6d 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init +++ b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init @@ -1,18 +1,18 @@ -#! /bin/sh +#!/bin/sh # Based on the Debian initscript for mosquitto ### BEGIN INIT INFO -# Provides: mosquitto -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: mosquitto MQTT message broker -# Description: -# This is a message broker that supports version 3.1/3.1.1 of the MQ Telemetry +# Provides: mosquitto +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: mosquitto MQTT 3.1/3.1.1 message broker +# Description: +# This is a message broker that supports version 3.1 of the MQ Telemetry # Transport (MQTT) protocol. -# +# # MQTT provides a method of carrying out messaging using a publish/subscribe # model. It is lightweight, both in terms of bandwidth usage and ease of # implementation. This makes it particularly useful at the edge of the network diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.15.bb b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.18.bb index d06dd2d9ca..0c9ccc810d 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.15.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.18.bb @@ -17,13 +17,15 @@ DEPENDS = "uthash cjson" SRC_URI = "http://mosquitto.org/files/source/mosquitto-${PV}.tar.gz \ file://mosquitto.init \ file://1571.patch \ + file://2894.patch \ + file://2895.patch \ " -SRC_URI[sha256sum] = "4735b1d32e3f91c7a8896741d88a3022e89730a1ee897946decfa0df27039ac6" +SRC_URI[sha256sum] = "d665fe7d0032881b1371a47f34169ee4edab67903b2cd2b4c083822823f4448a" inherit systemd update-rc.d useradd cmake pkgconfig -PACKAGECONFIG ??= "ssl dlt websockets \ +PACKAGECONFIG ??= "ssl websockets \ ${@bb.utils.filter('DISTRO_FEATURES','systemd', d)} \ " diff --git a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager-fortisslvpn/0001-fix-ppp-2.5.0-build.patch b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager-fortisslvpn/0001-fix-ppp-2.5.0-build.patch index 0a568fa23c..2e84a334f0 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager-fortisslvpn/0001-fix-ppp-2.5.0-build.patch +++ b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager-fortisslvpn/0001-fix-ppp-2.5.0-build.patch @@ -7,7 +7,7 @@ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -Upstream-Status: Accepted +Upstream-Status: Backport Signed-off-by: Eivind Næss <eivnaes@yahoo.com> --- Makefile.am | 5 +- diff --git a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager-fortisslvpn/0002-fix-ppp-2.5.0-build.patch b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager-fortisslvpn/0002-fix-ppp-2.5.0-build.patch index 798a57b0da..6ac8f2b643 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager-fortisslvpn/0002-fix-ppp-2.5.0-build.patch +++ b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager-fortisslvpn/0002-fix-ppp-2.5.0-build.patch @@ -6,7 +6,7 @@ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -Upstream-Status: Accepted +Upstream-Status: Backport Signed-off-by: Eivind Næss <eivnaes@yahoo.com> --- configure.ac | 6 +----- diff --git a/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd/0001-rtnl_flush-Error-on-failed-write.patch b/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd/0001-rtnl_flush-Error-on-failed-write.patch deleted file mode 100644 index eaaf30460f..0000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd/0001-rtnl_flush-Error-on-failed-write.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 2fa326b26dc479942367dc4283e2f87372403988 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sat, 17 Jun 2017 09:32:04 -0700 -Subject: [PATCH] rtnl_flush: Error on failed write() - -Fixes -route.c:45:2: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result] -| write(fd, "-1", 2); -| ^~~~~~~~~~~~~~~~~~ - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- -Upstream-Status: Submitted - - route.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/route.c b/route.c -index c552d1f..fc5c31e 100644 ---- a/route.c -+++ b/route.c -@@ -42,7 +42,8 @@ static void rtnl_flush(void) - if (fd < 0) - return; - -- write(fd, "-1", 2); -+ if (write(fd, "-1", 2) < 0 ) -+ perror("write"); - close(fd); - } - --- -2.13.1 - diff --git a/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd_git.bb b/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd_git.bb index 1da18d7ca0..79e1743fdf 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd_git.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd_git.bb @@ -5,11 +5,9 @@ LIC_FILES_CHKSUM = "file://main.c;endline=17;md5=86aad799085683e0a2e1c2684a20bab DEPENDS = "libubox" -SRC_URI = "git://git.openwrt.org/project/relayd.git;branch=master \ - file://0001-rtnl_flush-Error-on-failed-write.patch \ -" +SRC_URI = "git://git.openwrt.org/project/relayd.git;branch=master" -SRCREV = "f4d759be54ceb37714e9a6ca320d5b50c95e9ce9" +SRCREV = "f646ba40489371e69f624f2dee2fc4e19ceec00e" PV = "0.0.1+git${SRCPV}" UPSTREAM_CHECK_COMMITS = "1" @@ -17,3 +15,5 @@ UPSTREAM_CHECK_COMMITS = "1" S = "${WORKDIR}/git" inherit cmake + +CFLAGS:append:toolchain-clang = " -Wno-error=gnu-variable-sized-type-not-at-end" diff --git a/meta-openembedded/meta-networking/recipes-daemons/keepalived/keepalived/0001-layer4-Change-order-of-include-files.patch b/meta-openembedded/meta-networking/recipes-daemons/keepalived/keepalived/0001-layer4-Change-order-of-include-files.patch deleted file mode 100644 index 678a208ac3..0000000000 --- a/meta-openembedded/meta-networking/recipes-daemons/keepalived/keepalived/0001-layer4-Change-order-of-include-files.patch +++ /dev/null @@ -1,60 +0,0 @@ -From a85ca79143a87286f793957e803ee3daf03c2b57 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Tue, 6 Jul 2021 14:06:44 -0700 -Subject: [PATCH] layer4: Change order of include files - -curent order to include standard headers first is causing an isue with -glibc 2.34 + kernel-headers 5.13+ where order of including netinet/in.h -and linux/in.h matters and it does not define __UAPI_DEF_IN_IPPROTO -before including linux/in.h and then later includes netinet/in.h which -then means lot of definitions will be defined twice and compile would -fail. Re-ordering the local headers to appear first solves the issue -amicably, and I think this is right order too - -Upsteam-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- -Upstream-Status: Pending - - keepalived/core/layer4.c | 21 ++++++++++----------- - 1 file changed, 10 insertions(+), 11 deletions(-) - -diff --git a/keepalived/core/layer4.c b/keepalived/core/layer4.c -index 90cdc84..c122c29 100644 ---- a/keepalived/core/layer4.c -+++ b/keepalived/core/layer4.c -@@ -23,6 +23,16 @@ - - #include "config.h" - -+#include "layer4.h" -+#include "logger.h" -+#include "scheduler.h" -+#ifdef _WITH_LVS_ -+#include "check_api.h" -+#endif -+#include "bitops.h" -+#include "utils.h" -+#include "align.h" -+ - #include <stdio.h> - #include <errno.h> - #include <unistd.h> -@@ -33,17 +43,6 @@ - #include <sys/time.h> - #endif - #include <linux/errqueue.h> --#include <netinet/in.h> -- --#include "layer4.h" --#include "logger.h" --#include "scheduler.h" --#ifdef _WITH_LVS_ --#include "check_api.h" --#endif --#include "bitops.h" --#include "utils.h" --#include "align.h" - - // #define ICMP_DEBUG 1 - diff --git a/meta-openembedded/meta-networking/recipes-daemons/keepalived/keepalived_2.2.2.bb b/meta-openembedded/meta-networking/recipes-daemons/keepalived/keepalived_2.2.8.bb index 204d2fd116..dd193b12fc 100644 --- a/meta-openembedded/meta-networking/recipes-daemons/keepalived/keepalived_2.2.2.bb +++ b/meta-openembedded/meta-networking/recipes-daemons/keepalived/keepalived_2.2.8.bb @@ -11,9 +11,8 @@ LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRC_URI = "http://www.keepalived.org/software/${BP}.tar.gz \ - file://0001-layer4-Change-order-of-include-files.patch \ " -SRC_URI[sha256sum] = "103692bd5345a4ed9f4581632ea636214fdf53e45682e200aab122c4fa674ece" +SRC_URI[sha256sum] = "85882eb62974f395d4c631be990a41a839594a7e62fbfebcb5649a937a7a1bb6" UPSTREAM_CHECK_URI = "https://github.com/acassen/keepalived/releases" DEPENDS = "libnfnetlink openssl" @@ -29,6 +28,8 @@ PACKAGECONFIG[systemd] = "--with-init=systemd --with-systemdsystemunitdir=${syst EXTRA_OEMAKE = "initdir=${sysconfdir}/init.d" +export EXTRA_CFLAGS = "${CFLAGS}" + do_install:append() { if [ -f ${D}${sysconfdir}/init.d/${BPN} ]; then chmod 0755 ${D}${sysconfdir}/init.d/${BPN} diff --git a/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.1.bb b/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.3.bb index efea3fab74..6e5bc07c59 100644 --- a/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.1.bb +++ b/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.3.bb @@ -4,13 +4,13 @@ devices that are constrained their resources such as computing power, \ RF range, memory, bandwith, or network packet sizes." HOMEPAGE ="https://libcoap.net/" -LICENSE = "BSD-2-Clause & BSD-1-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=0fbe4435d52b2d27a16f980ffc8ffc80" +LICENSE = "BSD-2-Clause & BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=1978dbc41673ab1c20e64b287c8317bc" SRC_URI = "git://github.com/obgm/libcoap.git;branch=main;protocol=https \ file://run-ptest \ " -SRCREV = "02b76470ab9168947152c78ad50835bf043d7c84" +SRCREV = "9cde7cdee171e3f47486c6e70d479fdf49f3d2d6" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch new file mode 100644 index 0000000000..e8c3f1d84b --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch @@ -0,0 +1,53 @@ +From 4133a888aa256312186962ab70d4a36eed5920c1 Mon Sep 17 00:00:00 2001 +From: Brooks Davis <brooks@FreeBSD.org> +Date: Mon, 26 Sep 2022 18:56:51 +0100 +Subject: [PATCH] telnetd: fix two-byte input crash + +Move initialization of the slc table earlier so it doesn't get +accessed before that happens. + +For details on the issue, see: +https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html + +Reviewed by: cy +Obtained from: NetBSD via cy +Differential Revision: https://reviews.freebsd.org/D36680 + +CVE: CVE-2022-39028 +Upstream-Status: Backport [https://cgit.freebsd.org/src/commit/?id=6914ffef4e23] + +(cherry picked from commit 6914ffef4e2318ca1d0ead28eafb6f06055ce0f8) +Signed-off-by: Sanjay Chitroda <sanjay.chitroda@einfochips.com> + +--- + telnetd/telnetd.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/telnetd/telnetd.c b/telnetd/telnetd.c +index f36f505..efa0fe1 100644 +--- a/telnetd/telnetd.c ++++ b/telnetd/telnetd.c +@@ -615,6 +615,11 @@ doit(struct sockaddr_in *who) + int level; + char user_name[256]; + ++ /* ++ * Initialize the slc mapping table. ++ */ ++ get_slc_defaults(); ++ + /* + * Find an available pty to use. + */ +@@ -698,11 +703,6 @@ void telnet(int f, int p) + char *HE; + const char *IM; + +- /* +- * Initialize the slc mapping table. +- */ +- get_slc_defaults(); +- + /* + * Do some tests where it is desireable to wait for a response. + * Rather than doing them slowly, one at a time, do them all diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb index e28eeae491..d3de038d16 100644 --- a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb +++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb @@ -16,6 +16,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/netkit-telnet_${PV}.orig.tar.gz file://0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch \ file://0001-utility-Include-time.h-form-time-and-strftime-protot.patch \ file://0001-Drop-using-register-keyword.patch \ + file://CVE-2022-39028.patch \ " UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/" diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch deleted file mode 100644 index 872a67c784..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch +++ /dev/null @@ -1,33 +0,0 @@ -From a82d704b1ec6ece47b01d12e0e067d4b62b10894 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex@linutronix.de> -Date: Wed, 9 Nov 2022 20:24:45 +0100 -Subject: [PATCH] m4/ax_python.m4: check for python-x.y-emded.pc, not - python-x.y.pc - -Only the embed version includes necessary linker flags to link -with libpython. - -Upstream-Status: Backport -[https://github.com/FRRouting/frr/commit/a82d704b1ec6ece47b01d12e0e067d4b62b10894] - -Signed-off-by: Alexander Kanavin <alex@linutronix.de> ---- - m4/ax_python.m4 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/m4/ax_python.m4 b/m4/ax_python.m4 -index 91d12b99b..f5e603b96 100644 ---- a/m4/ax_python.m4 -+++ b/m4/ax_python.m4 -@@ -206,7 +206,7 @@ AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl - AC_MSG_CHECKING([whether pkg-config python-${tryver} is available]) - unset PYTHON_CFLAGS - unset PYTHON_LIBS -- pkg="python-${tryver}" -+ pkg="python-${tryver}-embed" - pkg="${pkg%-}" - _PKG_CONFIG([PYTHON_CFLAGS], [cflags], [${pkg}]) - _PKG_CONFIG([PYTHON_LIBS], [libs], [${pkg}]) --- -2.25.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-tools-make-quiet-actually-suppress-output.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-tools-make-quiet-actually-suppress-output.patch new file mode 100644 index 0000000000..3e93cf3c47 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-tools-make-quiet-actually-suppress-output.patch @@ -0,0 +1,58 @@ +From 312d5ee1592f8c5b616d330233d1de2643f759e2 Mon Sep 17 00:00:00 2001 +From: Jonas Gorski <jonas.gorski@bisdn.de> +Date: Thu, 14 Sep 2023 17:04:16 +0200 +Subject: [PATCH] tools: make --quiet actually suppress output + +When calling daemon_stop() with --quiet and e.g. the pidfile is empty, +it won't return early since while "$fail" is set, "$2" is "--quiet", so +the if condition isn't met and it will continue executing, resulting +in error messages in the log: + +> Sep 14 14:48:33 localhost watchfrr[2085]: [YFT0P-5Q5YX] Forked background command [pid 2086]: /usr/lib/frr/watchfrr.sh restart all +> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec +> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec +> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec + +Fix this by moving the --quiet check into the block to log_failure_msg(), +and also add the check to all other invocations of log_*_msg() to make +--quiet properly suppress output. + +Fixes: 19a99d89f088 ("tools: suppress unuseful warnings during restarting frr") +Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/312d5ee1592f8c5b616d330233d1de2643f759e2] +--- + tools/frrcommon.sh.in | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in +index f1f70119097e..00b63a78e2bc 100755 +--- a/tools/frrcommon.sh.in ++++ b/tools/frrcommon.sh.in +@@ -207,8 +207,8 @@ daemon_stop() { + [ -z "$fail" -a -z "$pid" ] && fail="pid file is empty" + [ -n "$fail" ] || kill -0 "$pid" 2>/dev/null || fail="pid $pid not running" + +- if [ -n "$fail" ] && [ "$2" != "--quiet" ]; then +- log_failure_msg "Cannot stop $dmninst: $fail" ++ if [ -n "$fail" ]; then ++ [ "$2" = "--quiet" ] || log_failure_msg "Cannot stop $dmninst: $fail" + return 1 + fi + +@@ -220,11 +220,11 @@ daemon_stop() { + [ $(( cnt -= 1 )) -gt 0 ] || break + done + if kill -0 "$pid" 2>/dev/null; then +- log_failure_msg "Failed to stop $dmninst, pid $pid still running" ++ [ "$2" = "--quiet" ] || log_failure_msg "Failed to stop $dmninst, pid $pid still running" + still_running=1 + return 1 + else +- log_success_msg "Stopped $dmninst" ++ [ "$2" = "--quiet" ] || log_success_msg "Stopped $dmninst" + rm -f "$pidfile" + return 0 + fi +-- +2.42.0 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-3748.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-3748.patch deleted file mode 100644 index 4a8a7e1afd..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-3748.patch +++ /dev/null @@ -1,54 +0,0 @@ -From e61593f2ded104c4c7f01eb93e2b404e93e0c560 Mon Sep 17 00:00:00 2001 -From: harryreps <harryreps@gmail.com> -Date: Fri, 3 Mar 2023 23:17:14 +0000 -Subject: [PATCH] babeld: fix #11808 to avoid infinite loops - -Replacing continue in loops to goto done so that index of packet buffer -increases. - -Signed-off-by: harryreps <harryreps@gmail.com> - -CVE: CVE-2023-3748 - -Upstream-Status: Backport -[https://github.com/FRRouting/frr/commit/ae1e0e1fed77716bc06f181ad68c4433fb5523d0] - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - babeld/message.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/babeld/message.c b/babeld/message.c -index 7d45d91bf..2bf233796 100644 ---- a/babeld/message.c -+++ b/babeld/message.c -@@ -439,7 +439,7 @@ parse_packet(const unsigned char *from, struct interface *ifp, - debugf(BABEL_DEBUG_COMMON, - "Received Hello from %s on %s that does not have all 0's in the unused section of flags, ignoring", - format_address(from), ifp->name); -- continue; -+ goto done; - } - - /* -@@ -451,7 +451,7 @@ parse_packet(const unsigned char *from, struct interface *ifp, - debugf(BABEL_DEBUG_COMMON, - "Received Unicast Hello from %s on %s that FRR is not prepared to understand yet", - format_address(from), ifp->name); -- continue; -+ goto done; - } - - DO_NTOHS(seqno, message + 4); -@@ -469,7 +469,7 @@ parse_packet(const unsigned char *from, struct interface *ifp, - debugf(BABEL_DEBUG_COMMON, - "Received hello from %s on %s should be ignored as that this version of FRR does not know how to properly handle interval == 0", - format_address(from), ifp->name); -- continue; -+ goto done; - } - - changed = update_neighbour(neigh, seqno, interval); --- -2.25.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch deleted file mode 100644 index 59633ef699..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch +++ /dev/null @@ -1,106 +0,0 @@ -From 9efd9a47db4f13ebf88c2ffe14301d7441bcb40d Mon Sep 17 00:00:00 2001 -From: Donatas Abraitis <donatas@opensourcerouting.org> -Date: Tue, 22 Aug 2023 22:52:04 +0300 -Subject: [PATCH 1/2] bgpd: Do not process NLRIs if the attribute length is - zero - -``` -3 0x00007f423aa42476 in __GI_raise (sig=sig@entry=11) at ../sysdeps/posix/raise.c:26 -4 0x00007f423aef9740 in core_handler (signo=11, siginfo=0x7fffc414deb0, context=<optimized out>) at lib/sigevent.c:246 -5 <signal handler called> -6 0x0000564dea2fc71e in route_set_aspath_prepend (rule=0x564debd66d50, prefix=0x7fffc414ea30, object=0x7fffc414e400) - at bgpd/bgp_routemap.c:2258 -7 0x00007f423aeec7e0 in route_map_apply_ext (map=<optimized out>, prefix=prefix@entry=0x7fffc414ea30, - match_object=match_object@entry=0x7fffc414e400, set_object=set_object@entry=0x7fffc414e400, pref=pref@entry=0x0) at lib/routemap.c:2690 -8 0x0000564dea2d277e in bgp_input_modifier (peer=peer@entry=0x7f4238f59010, p=p@entry=0x7fffc414ea30, attr=attr@entry=0x7fffc414e770, - afi=afi@entry=AFI_IP, safi=safi@entry=SAFI_UNICAST, rmap_name=rmap_name@entry=0x0, label=0x0, num_labels=0, dest=0x564debdd5130) - at bgpd/bgp_route.c:1772 -9 0x0000564dea2df762 in bgp_update (peer=peer@entry=0x7f4238f59010, p=p@entry=0x7fffc414ea30, addpath_id=addpath_id@entry=0, - attr=0x7fffc414eb50, afi=afi@entry=AFI_IP, safi=<optimized out>, safi@entry=SAFI_UNICAST, type=9, sub_type=0, prd=0x0, label=0x0, - num_labels=0, soft_reconfig=0, evpn=0x0) at bgpd/bgp_route.c:4374 -10 0x0000564dea2e2047 in bgp_nlri_parse_ip (peer=0x7f4238f59010, attr=attr@entry=0x7fffc414eb50, packet=0x7fffc414eaf0) - at bgpd/bgp_route.c:6249 -11 0x0000564dea2c5a58 in bgp_nlri_parse (peer=peer@entry=0x7f4238f59010, attr=attr@entry=0x7fffc414eb50, - packet=packet@entry=0x7fffc414eaf0, mp_withdraw=mp_withdraw@entry=false) at bgpd/bgp_packet.c:339 -12 0x0000564dea2c5d66 in bgp_update_receive (peer=peer@entry=0x7f4238f59010, size=size@entry=109) at bgpd/bgp_packet.c:2024 -13 0x0000564dea2c901d in bgp_process_packet (thread=<optimized out>) at bgpd/bgp_packet.c:2933 -14 0x00007f423af0bf71 in event_call (thread=thread@entry=0x7fffc414ee40) at lib/event.c:1995 -15 0x00007f423aebb198 in frr_run (master=0x564deb73c670) at lib/libfrr.c:1213 -16 0x0000564dea261b83 in main (argc=<optimized out>, argv=<optimized out>) at bgpd/bgp_main.c:505 -``` - -With the configuration: - -``` -frr version 9.1-dev-MyOwnFRRVersion -frr defaults traditional -hostname ip-172-31-13-140 -log file /tmp/debug.log -log syslog -service integrated-vtysh-config -! -debug bgp keepalives -debug bgp neighbor-events -debug bgp updates in -debug bgp updates out -! -router bgp 100 - bgp router-id 9.9.9.9 - no bgp ebgp-requires-policy - bgp bestpath aigp - neighbor 172.31.2.47 remote-as 200 - ! - address-family ipv4 unicast - neighbor 172.31.2.47 default-originate - neighbor 172.31.2.47 route-map RM_IN in - exit-address-family -exit -! -route-map RM_IN permit 10 - set as-path prepend 200 -exit -! -``` - -The issue is that we try to process NLRIs even if the attribute length is 0. - -Later bgp_update() will handle route-maps and a crash occurs because all the -attributes are NULL, including aspath, where we dereference. - -According to the RFC 4271: - -A value of 0 indicates that neither the Network Layer - Reachability Information field nor the Path Attribute field is - present in this UPDATE message. - -But with a fuzzed UPDATE message this can be faked. I think it's reasonable -to skip processing NLRIs if both update_len and attribute_len are 0. - -Reported-by: Iggy Frankovic <iggyfran@amazon.com> -Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org> - -Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/28ccc24d38df1d51ed8a563507e5d6f6171fdd38] - -CVE: CVE-2023-41358 - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> ---- - bgpd/bgp_packet.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c -index ec54943f3..3c2e73c59 100644 ---- a/bgpd/bgp_packet.c -+++ b/bgpd/bgp_packet.c -@@ -1951,7 +1951,7 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size) - /* Network Layer Reachability Information. */ - update_len = end - stream_pnt(s); - -- if (update_len) { -+ if (update_len && attribute_len) { - /* Set NLRI portion to structure. */ - nlris[NLRI_UPDATE].afi = AFI_IP; - nlris[NLRI_UPDATE].safi = SAFI_UNICAST; --- -2.35.5 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-41360.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-41360.patch deleted file mode 100644 index 8ee3985b42..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-41360.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 9ecacf2176d2bac4b90e17d49facb8712c1b467a Mon Sep 17 00:00:00 2001 -From: Donatas Abraitis <donatas@opensourcerouting.org> -Date: Sun, 20 Aug 2023 22:15:27 +0300 -Subject: [PATCH 2/2] bgpd: Don't read the first byte of ORF header if we are - ahead of stream - -Reported-by: Iggy Frankovic iggyfran@amazon.com -Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org> - -Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/9b855a692e68e0d16467e190b466b4ecb6853702] - -CVE: CVE-2023-41360 - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> ---- - bgpd/bgp_packet.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c -index 3c2e73c59..f1d0e54c0 100644 ---- a/bgpd/bgp_packet.c -+++ b/bgpd/bgp_packet.c -@@ -2375,7 +2375,8 @@ static int bgp_route_refresh_receive(struct peer *peer, bgp_size_t size) - * and 7 bytes of ORF Address-filter entry from - * the stream - */ -- if (*p_pnt & ORF_COMMON_PART_REMOVE_ALL) { -+ if (p_pnt < p_end && -+ *p_pnt & ORF_COMMON_PART_REMOVE_ALL) { - if (bgp_debug_neighbor_events(peer)) - zlog_debug( - "%pBP rcvd Remove-All pfxlist ORF request", --- -2.35.5 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.4.4.bb b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_9.0.1.bb index 826b687806..bddc08aebb 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.4.4.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_9.0.1.bb @@ -6,18 +6,15 @@ HOMEPAGE = "https://frrouting.org/" SECTION = "net" LICENSE = "GPL-2.0-only & LGPL-2.1-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://COPYING-LGPLv2.1;md5=4fbd65380cdd255951079008b364516c" +LIC_FILES_CHKSUM = "file://doc/licenses/GPL-2.0;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://doc/licenses/LGPL-2.1;md5=4fbd65380cdd255951079008b364516c" -SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.4 \ +SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/9.0 \ file://frr.pam \ - file://0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch \ - file://CVE-2023-3748.patch \ - file://CVE-2023-41358.patch \ - file://CVE-2023-41360.patch \ + file://0001-tools-make-quiet-actually-suppress-output.patch \ " -SRCREV = "45e36c0c00a517ad1606135b18c5753e210cfc0d" +SRCREV = "31ed3dd753d62b5d8916998bc32814007e91364b" UPSTREAM_CHECK_GITTAGREGEX = "frr-(?P<pver>\d+(\.\d+)+)$" @@ -28,7 +25,7 @@ S = "${WORKDIR}/git" inherit autotools-brokensep python3native pkgconfig useradd systemd DEPENDS:class-native = "bison-native elfutils-native" -DEPENDS:class-target = "bison-native json-c readline c-ares libyang frr-native" +DEPENDS:class-target = "bison-native json-c readline c-ares libyang frr-native protobuf-c-native protobuf-c" RDEPENDS:${PN}:class-target = "iproute2 python3-core bash" @@ -64,6 +61,9 @@ EXTRA_OECONF:class-target = "--sbindir=${libdir}/frr \ CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'" +# https://github.com/FRRouting/frr/issues/14469 +DEBUG_PREFIX_MAP:remove = "-fcanon-prefix-map" + LDFLAGS:append:mips = " -latomic" LDFLAGS:append:mipsel = " -latomic" LDFLAGS:append:powerpc = " -latomic" diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-Handle-interface-without-ifa_addr.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-Handle-interface-without-ifa_addr.patch new file mode 100644 index 0000000000..daee318ae4 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-Handle-interface-without-ifa_addr.patch @@ -0,0 +1,38 @@ +From 1cc54320306e07c1fc0eed98e7fbcbb07a2f3b28 Mon Sep 17 00:00:00 2001 +From: Stefan Agner <stefan@agner.ch> +Date: Fri, 23 Jun 2023 10:10:00 +0200 +Subject: [PATCH] Handle interface without `ifa_addr` + +It seems that certain interface types may have `ifa_addr` set to null. +Handle this case gracefully. + +Upstream-Status: Submitted [https://github.com/apple-oss-distributions/mDNSResponder/pull/2/commits/11b410d4d683c90e693c40315997bb3e8ec90e9a] + +Signed-off-by: Stefan Agner <stefan@agner.ch> +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + mDNSPosix/mDNSPosix.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c +index d7f31cc4d5cf..f10301253f58 100644 +--- a/mDNSPosix/mDNSPosix.c ++++ b/mDNSPosix/mDNSPosix.c +@@ -1895,6 +1895,7 @@ mDNSlocal void InterfaceChangeCallback(int fd, void *context) + continue; + + if ((ifa_loop4 == NULL) && ++ ((*ifi)->ifa_addr != NULL) && + ((*ifi)->ifa_addr->sa_family == AF_INET) && + ((*ifi)->ifa_flags & IFF_UP) && + ((*ifi)->ifa_flags & IFF_LOOPBACK)) +@@ -1903,7 +1904,8 @@ mDNSlocal void InterfaceChangeCallback(int fd, void *context) + continue; + } + +- if ( (((*ifi)->ifa_addr->sa_family == AF_INET) ++ if ( ((*ifi)->ifa_addr != NULL) && ++ (((*ifi)->ifa_addr->sa_family == AF_INET) + #if HAVE_IPV6 + || ((*ifi)->ifa_addr->sa_family == AF_INET6) + #endif diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0003-mDNSShared-Drop-MacOS-specific-__block-qualifier.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0003-mDNSShared-Drop-MacOS-specific-__block-qualifier.patch deleted file mode 100644 index 0ac0bb6a45..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0003-mDNSShared-Drop-MacOS-specific-__block-qualifier.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 4c0954f77ba05d77192ee1519929a39fbc978321 Mon Sep 17 00:00:00 2001 -From: Alex Kiernan <alex.kiernan@gmail.com> -Date: Mon, 5 Dec 2022 15:14:22 +0000 -Subject: [PATCH 3/6] mDNSShared: Drop MacOS specific __block qualifier - -Support for this extension only exists in MacOS/Clang, also it's not -actually used here, so we can just drop it. - -Upstream-Status: Pending -Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> ---- - mDNSShared/uds_daemon.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/mDNSShared/uds_daemon.c b/mDNSShared/uds_daemon.c -index 9ae5f78542d6..8c006b71a4ea 100644 ---- a/mDNSShared/uds_daemon.c -+++ b/mDNSShared/uds_daemon.c -@@ -2912,7 +2912,7 @@ exit: - mDNSlocal mStatus add_domain_to_browser(request_state *info, const domainname *d) - { - browser_t *b, *p; -- __block mStatus err; -+ mStatus err; - - for (p = info->u.browser.browsers; p; p = p->next) - { --- -2.35.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0005-mDNSCore-Fix-broken-debug-parameter.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0005-mDNSCore-Fix-broken-debug-parameter.patch index 39e67cdf48..4cda71bdb1 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0005-mDNSCore-Fix-broken-debug-parameter.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0005-mDNSCore-Fix-broken-debug-parameter.patch @@ -1,28 +1,25 @@ -From 60533a8947af714cc593bae6b20d47f3a4828589 Mon Sep 17 00:00:00 2001 +From 764b6202402e9e5687ff873330e5ad6be6f69df7 Mon Sep 17 00:00:00 2001 From: Alex Kiernan <alex.kiernan@gmail.com> Date: Mon, 5 Dec 2022 22:49:49 +0000 -Subject: [PATCH 5/6] mDNSCore: Fix broken debug parameter +Subject: [PATCH] mDNSCore: Fix broken debug parameter -Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> ---- Upstream-Status: Pending +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- mDNSCore/mDNS.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mDNSCore/mDNS.c b/mDNSCore/mDNS.c -index 66979587ee82..e0a982fa1762 100644 +index eecd7daa724e..1e843c081938 100644 --- a/mDNSCore/mDNS.c +++ b/mDNSCore/mDNS.c -@@ -9831,7 +9831,7 @@ mDNSlocal void mDNSCoreReceiveNoUnicastAnswers(mDNS *const m, const DNSMessage * +@@ -10210,7 +10210,7 @@ mDNSlocal void mDNSCoreReceiveNoUnicastAnswers(mDNS *const m, const DNSMessage * #else const DNSServRef dnsserv = qptr->qDNSServer; #endif -- debugf("mDNSCoreReceiveNoUnicastAnswers making negative cache entry TTL %d for %##s (%s)", negttl, name->c, DNSTypeName(q.qtype)); +- debugf("mDNSCoreReceiveNoUnicastAnswers making negative cache entry TTL %d for %##s (%s)", negttl, currentQName, DNSTypeName(q.qtype)); + debugf("mDNSCoreReceiveNoUnicastAnswers making negative cache entry TTL %d for %##s (%s)", negttl, currentQName->c, DNSTypeName(q.qtype)); // Create a negative record for the current name in the CNAME chain. MakeNegativeCacheRecord(m, &m->rec.r, currentQName, currentQNameHash, q.qtype, q.qclass, negttl, mDNSInterface_Any, dnsserv, response->h.flags); --- -2.35.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0015-Add-missing-limits.h.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0015-Add-missing-limits.h.patch new file mode 100644 index 0000000000..9fe721ff07 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0015-Add-missing-limits.h.patch @@ -0,0 +1,23 @@ +From 9fc45a2cf3b78573a568abf538a6e6f4bd30b2d7 Mon Sep 17 00:00:00 2001 +From: Alex Kiernan <alex.kiernan@gmail.com> +Date: Wed, 27 Sep 2023 11:45:26 +0100 +Subject: [PATCH] Add missing limits.h + +Upstream-Status: Pending +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + mDNSShared/PlatformCommon.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/mDNSShared/PlatformCommon.c b/mDNSShared/PlatformCommon.c +index 9ce15468e217..c308af3e8b0e 100644 +--- a/mDNSShared/PlatformCommon.c ++++ b/mDNSShared/PlatformCommon.c +@@ -32,6 +32,7 @@ + #include <time.h> + #include <sys/time.h> // Needed for #include <sys/time.h>(). + #include <assert.h> ++#include <limits.h> + + + #include "mDNSEmbeddedAPI.h" // Defines the interface provided to the client layer above diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1790.80.10.bb b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_2200.0.8.bb index aff7954f50..8370ed50c0 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1790.80.10.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_2200.0.8.bb @@ -6,10 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=31c50371921e0fb731003bbc665f29bf" DEPENDS:append:libc-musl = " musl-nscd" -SRC_URI = "git://github.com/apple-oss-distributions/mDNSResponder;protocol=https;branch=rel/mDNSResponder-1790 \ +SRC_URI = "git://github.com/apple-oss-distributions/mDNSResponder;protocol=https;branch=main \ file://0001-dns-sd-Include-missing-headers.patch \ file://0002-make-Set-libdns_sd.so-soname-correctly.patch \ - file://0003-mDNSShared-Drop-MacOS-specific-__block-qualifier.patch \ file://0004-make-Separate-TLS-targets-from-libraries.patch \ file://0005-mDNSCore-Fix-broken-debug-parameter.patch \ file://0006-make-Add-top-level-Makefile.patch \ @@ -23,8 +22,10 @@ SRC_URI = "git://github.com/apple-oss-distributions/mDNSResponder;protocol=https file://0008-Handle-errors-from-socket-calls.patch \ file://0009-remove-unneeded-headers.patch \ file://mdns.service \ + file://0015-Add-missing-limits.h.patch \ + file://0001-Handle-interface-without-ifa_addr.patch \ " -SRCREV = "8769ab51605e465425d33d757f602ce5905ca639" +SRCREV = "d5029b5dff8aa59d1fc07ed796e994106ef58dee" # We install a stub Makefile in the top directory so that the various checks # in base.bbclass pass their tests for a Makefile, this ensures (that amongst diff --git a/meta-openembedded/meta-networking/recipes-support/dovecot/dovecot_2.3.20.bb b/meta-openembedded/meta-networking/recipes-support/dovecot/dovecot_2.3.21.bb index e41dd93f5d..17fbd789b6 100644 --- a/meta-openembedded/meta-networking/recipes-support/dovecot/dovecot_2.3.20.bb +++ b/meta-openembedded/meta-networking/recipes-support/dovecot/dovecot_2.3.21.bb @@ -12,7 +12,7 @@ SRC_URI = "http://dovecot.org/releases/2.3/dovecot-${PV}.tar.gz \ file://0001-not-check-pandoc.patch \ file://0001-m4-Check-for-libunwind-instead-of-libunwind-generic.patch \ " -SRC_URI[sha256sum] = "caa832eb968148abdf35ee9d0f534b779fa732c0ce4a913d9ab8c3469b218552" +SRC_URI[sha256sum] = "05b11093a71c237c2ef309ad587510721cc93bbee6828251549fc1586c36502d" DEPENDS = "openssl xz zlib bzip2 libcap icu libtirpc bison-native" CFLAGS += "-I${STAGING_INCDIR}/tirpc" diff --git a/meta-openembedded/meta-networking/recipes-support/libesmtp/libesmtp/0001-Add-build-option-for-NTLM-support.patch b/meta-openembedded/meta-networking/recipes-support/libesmtp/libesmtp/0001-Add-build-option-for-NTLM-support.patch index 64938a4820..dbdd644830 100644 --- a/meta-openembedded/meta-networking/recipes-support/libesmtp/libesmtp/0001-Add-build-option-for-NTLM-support.patch +++ b/meta-openembedded/meta-networking/recipes-support/libesmtp/libesmtp/0001-Add-build-option-for-NTLM-support.patch @@ -11,7 +11,7 @@ disabled by default. Like 1.0.6, it will check openssl MD4 algorithm support as MD4 is insecure and modern systems may drop MD4 support. -Upstream-Status: Accepted [https://github.com/libesmtp/libESMTP/commit/1c304e7886a08fb56485e41614ff3f8685afb59d] +Upstream-Status: Backport [https://github.com/libesmtp/libESMTP/commit/1c304e7886a08fb56485e41614ff3f8685afb59d] Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com> --- meson.build | 13 ++++++++++--- diff --git a/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.2.bb b/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.2a.bb index d11ada67ee..af41d4989d 100644 --- a/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.2.bb +++ b/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.2a.bb @@ -17,7 +17,7 @@ SRC_URI = "https://ftp.ntpsec.org/pub/releases/ntpsec-${PV}.tar.gz \ file://0001-wscript-Add-BISONFLAGS-support.patch \ " -SRC_URI[sha256sum] = "2f2848760b915dfe185b9217f777738b36ceeb78a7fc208b7e74e039dec22df5" +SRC_URI[sha256sum] = "e0ce93af222a0a9860e6f5a51aadba9bb5ca601d80b2aea118a62f0a3226950e" UPSTREAM_CHECK_URI = "ftp://ftp.ntpsec.org/pub/releases/" |