diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2023-03-31 17:59:46 +0300 |
|---|---|---|
| committer | Andrew Geissler <geissonator@yahoo.com> | 2023-03-31 18:07:26 +0300 |
| commit | fc113eade321128fc43b0b299e81ad07fc1edf3d (patch) | |
| tree | b3b676c59ea53afe2ab04ec32d919ea11e8269d1 /meta-openembedded/meta-oe/recipes-security | |
| parent | 2daf84b2d486da0b21344da999553c8fa1228195 (diff) | |
| download | openbmc-fc113eade321128fc43b0b299e81ad07fc1edf3d.tar.xz | |
subtree updates: openembedded poky
poky: fb1853c66c..0907793d5e:
Alexander Kanavin (30):
sudo: update 1.9.12p2 -> 1.9.13p2
procps: update 3.3.17 -> 4.0.3
selftest/overlayfs: enable systemd via INIT_MANAGER
systemd: update 252.5 -> 253.1
dpkg: update 1.21.20 -> 1.21.21
libdnf: update 0.69.0 -> 0.70.0
ethtool: update 6.1 -> 6.2
iptables: update 1.8.8 -> 1.8.9
util-macros: do not probe into host triplet when checking manpage section names
encodings: update 1.0.6 -> 1.0.7
font-alias: update 1.0.4 -> 1.0.5
sqlite3: update 3.40.1 -> 3.41.0
enchant2: upgrade 2.3.3 -> 2.3.4
make: upgrade 4.4 -> 4.4.1
vte: upgrade 0.70.2 -> 0.70.3
pango: upgrade 1.50.12 -> 1.50.13
libnotify: upgrade 0.8.1 -> 0.8.2
puzzles: upgrade to latest revision
iproute2: upgrade 6.1.0 -> 6.2.0
bind: upgrade 9.18.11 -> 9.18.12
stress-ng: remove obsolete patch
piglit: upgrade to latest revision
apt: re-enable version check
devtool/upgrade: do not delete the workspace/recipes directory
runqemu: direct mesa to use its own drivers, rather than ones provided by host distro
mesa: allow mesa-native/nativesdk only subject to opengl/vulkan DISTRO_FEATURE
mesa: enable a rich set of drivers for native builds
llvm: allow building libllvm in native builds, subject to PACKAGECONFIG
mesa: do not strip rpaths from dri drivers
mesa: update 22.3.5 -> 23.0.0
Alexandre Belloni (2):
pseudo: Update to pull in fd leak fix
stress-ng: upgrade 0.15.04 -> 0.15.06
Alexis Lothoré (8):
scripts/resulttool: call fixup_ptest_names in regression_common
oeqa/selftest/resulttool: fix ptest filtering tests
oeqa/selftest/resulttool: fix fake data used for testing
scripts/resulttool: fix ptests results containing a non reproducible path
oeqa/selftest/resulttool: add test for error propagation in test name filtering
scripts/resulttool: do not count newly passing tests as regressions
scripts/yocto_testresults_query.py: set proper branches when using resulttool
scripts/yocto_testresults_query.py: fix regression reports for branches with slashes
Andrew Geissler (1):
filemap.py: enforce maximum of 4kb block size
Arturo Buzarra (1):
run-postinsts: Set dependency for ldconfig to avoid boot issues
Bruce Ashfield (12):
perf: fix buildpaths QA warning
lttng-modules: update to v2.13.9
lttng-modules: fix for v6.3+ kernels
linux-yocto/6.1: update to v6.1.15
linux-yocto/5.15: update to v5.15.98
linux-yocto/6.1: update to v6.1.20
linux-yocto/5.15: update to v5.15.103
kernel-devsrc: fix mismatched compiler warning
linux-yocto-dev: bump to v6.3
kernel/kernel-devsrc: powerpc: add elfutils dependency
yocto-bsp/6.1: update reference boards to v6.1.20
yocto-bsp/5.15: update to v5.15.103
Carlos Alberto Lopez Perez (1):
mesa-demos: packageconfig weston should have a dependency on wayland-protocols
Changqing Li (1):
cpio: fix ptest failure
Chen Qi (4):
Revert "systemd-systemctl: Create machine-id with "uninitialized" text in it"
rpm: fix RPM_ETCCONFIGDIR value in SDK
debugedit: add recipe
rpm: add back find-debuginfo support
Clément Péron (2):
qemu: split out qemu-guest-agent, add startup scripts
runqemu: add an option to enable guest-agent virtio device
Daniel Ammann (1):
bitbake: fetch2/sftp: Fix fetching URIs with spaces
Dmitry Baryshkov (1):
mesa: import patch from upstream to fix tools build on musl
Fawzi KHABER (4):
bitbake: doc: ref-variables: add LAYERSERIES_COMPAT to term glossary
bitbake: bitbake-user-manual: update Hello World example
package.bbclass: check packages name conflict in do_package
oeqa/selftest/cases/package.py: adding unittest for package rename conflicts
Frederic Martinsons (7):
cargo.bbclass: use offline mode for building
bitbake: crate.py: authorize crate url with parameters
cargo-update-recipe-crates: generate checksum for each crates
python3-bcrypt: add crates checksums
python3-cryptography: add crates checksums
bitbake: fetch2: Add checksum capability for crate fetcher
bitbake: crate.py: make checksum verification mandatory
Geoffrey GIRY (1):
cve-check: Fix false negative version issue
James R T (1):
bitbake: ConfHandler: Allow the '@' character in variable flag names
Jialing Zhang (5):
class-recipe: add support for loongarch64
Do not remove the -m option for loongarch64
image-uefi: add support for loongarch64
add support for loongarch64
recipes: add support for loongarch64
Jose Quaresma (5):
go: fix some linkshared regression introduced in go 1.20
buildstats-summary: add an option to disable bold
oeqs/selftest: OESelftestTestContext: replace the os.environ after subprocess.check_output
oeqa/selftest: OESelftestTestContext: convert relative to full path when newbuilddir is provided
oeqa/selftest/reproducible: Split different packages from missing packages output
Joshua Watt (1):
runqemu: Fix TypeError when command fails
Kai Kang (1):
grub2: support metadata_csum_seed feature
Kenfe-Mickael Laventure (3):
buildtools-tarball: Handle spaces within user $PATH
toolchain-scripts: Handle spaces within user $PATH
populate_sdk_ext: Handle spaces within user $PATH
Khem Raj (9):
libcomps: Fix callback function prototype for PyCOMPS_hash
rpm: Fix hdr_hash function prototype
binutils: Enable --enable-new-dtags
systemd: Fix musl fix patch
systemd.bbclass: Add /usr/lib/systemd to searchpaths as well
systemtap: Disable dangling-pointer warning
glibc: Disable warnings as errors
vte: Upgrade to 0.72.0
Revert "runqemu: Add workaround for APIC hang on pre 4.15 kernels on qemux86"
Lee Chee Yang (2):
migration-guides: add release-notes for 4.0.8
migration-guides: add release-notes for 4.1.3
Maanya Goenka (1):
create-spdx: fix config build by adding dependency to enable reruns
Mark Asselstine (1):
bitbake: build: Make python output print to stdout when running with -v (verbose)
Mark Hatle (3):
bitbake: wget.py: Add catch TimeoutError exception
bitbake: wget.py: Combine urlopener exceptions
tcf-agent: Update to current version
Markus Volk (1):
gtk4: update 4.8.3 -> 4.10.0
Martin Jansa (22):
file: add few more PACKAGECONFIGs to avoid autodetected deps from host
npm.bbclass: avoid DeprecationWarning with new python
timezone: use 'tz' subdir instead of ${WORKDIR} directly
tzdata: use separate B instead of WORKDIR for zic output
git-submodule-test: disable upstream version check
tzcode-native: fix build with gcc-13 on host
selftest: devtool: set BB_HASHSERVE_UPSTREAM when setting SSTATE_MIRROR
selftest: wic: respect IMAGE_LINK_NAME
selftest: wic: respect IMAGE_LINK_NAME also in test_rawcopy_plugin_qemu
selftest: runqemu: respect IMAGE_LINK_NAME
image-artifact-names.bbclass: add INITRAMFS_IMAGE_NAME from kernel.bbclass
selftest: fitimage.py: respect INITRAMFS_IMAGE_NAME and KERNEL_FIT_LINK_NAME
image-artifact-names: add IMAGE_MACHINE_SUFFIX variable
selftest: gdbserver.py: respect IMAGE_LINK_NAME
selftest: minidebuginfo.py respect IMAGE_LINK_NAME
runqemu: get_first_file() rename cmd* to glob*
selftest: imagefeatures.py: respect IMAGE_LINK_NAME for debugfs and manifest as well
oeqa: loader.py: show warning when skipping selected module and abort if all are skipped
bmap-tools: switch to main branch
python3-scons: upgrade to v4.5.2
selftest: systemd_boot.py: respect IMAGE_LINK_NAME
selftest: eSDK rename to esdk
Martin Larsson (1):
libpam: Remove flex dependency
Michael Halstead (1):
selftest/runtime_test/virgl: Disable for all Rocky Linux
Michael Opdenacker (7):
ref-manual: clarify explanations about feature backfilling
overview-manual: add missing link to BitBake User Manual
manuals: simplify references to the BitBake User Manual
poky.yaml.in, system-requirements.rst: update system requirements
ref-manual: system-requirements.rst: simplify supported distro requirements
ref-manual: variables.rst: update LAYERSERIES_COMPAT
bitbake: bitbake-user-manual: fix links to supported release manuals
Mikko Rapeli (1):
oeqa rtc.py: skip if read-only-rootfs
Ming Liu (1):
linux: inherit pkgconfig in kernel.bbclass
Mingli Yu (4):
mdadm: Fix testcase 06wrmostly
mdadm: fix tests/02lineargrow
mdadm: Fix raid0 tests
mdadm: fix tests/00raid0
Ovidiu Panait (1):
gobject-introspection: inherit python3targetconfig
Peter Marko (2):
go: use go as CVE product for all golang recipe veriants
gcc-shared-source: do not use ${S}/.. in deploy_source_date_epoch
Piotr Łobacz (1):
systemd: fix wrong nobody-group assignment
Randy MacLeod (3):
valgrind: Disable drd/tests/bar_bad ptest
openssl: update from 3.0.8 to 3.1.0
vim: upgrade 9.0.1403 -> 9.0.1429
Richard Purdie (52):
gdb: Fix occasional build failure
staging: Separate out different multiconfig manifests
bitbake: server/xmlrpc: Fix after currentAsyncCommand locking changes
gdb: Mark patch as backport
glibc: Add missing binutils dependency
glibc: Update sstate/equiv versions to clean cache
staging/multilib: Fix manifest corruption
m4/opkg/ethtool/attr/libgpg-error: Add missing bash ptest dependency
openssl: Add missing ptest dependency on openssl-bin
valgrind: Add missing utf-32 gconv dependency for ptests
perl: Add missing procps-ps dependency for ptests
acl/attr: ptest fixes and improvements
m4: Add missing ptest dependency
libmodule-build-perl: Fix ptest dependencies
bc: Fix ptest test output naming
findutils: Fix ptest dependency issue
gawk: Fix ptest dependency
libconvert-asn1-perl: Fix ptest dependencies
libxml-sax-perl: Fix ptest dependencies
babeltrace2: Fix ptest execution in minimal images and add debug info
babeltrace: Fix ptest dependency
lttng-tools: Improve ptest debugging and fix dependencies
gettext: Add missing bash ptest dependency
glibc-tests: Add missing bash ptest dependency
opkg: Add missing python module ptest dependencies
libxml-perl: Add missing perl module ptest dependencies
gstreamer1.0: Add missing gconv ptest dependency
gnutls: Add missing python ptest dependency
busybox: Fix ptest dependencies
selftest/recipetool: Stop test corrupting tinfoil class
oeqa/selftest/sstate: Merge sstate test class with tests themselves
oeqa/selftest/sstate: Move common code to base class
oeqa/selftest/sstate: Split classes to allow more parallelism
base-files: Drop localhost.localdomain from hosts file
core-image-ptest: Switch to BBCLASSEXTEND parallel execution
ptest-packagelists: Simplify ptest list/code
scripts/combo-layer: Fix python deprecation warning
pybootchartui: Fix python syntax issue
pybootchart: Fix extents handling to account for cpu/io/mem pressure changes
matchbox-wm: Update 1.2.2 -> 1.2.3
matchbox-panel-2: Update 2.11 -> 2.12
matchbox-desktop-2: Update 2.2 -> 2.3
matchbox-terminal: Update to latest SRCREV
matchbox-config-gtk: Update to latest SRCREV
matchbox-terminal: Fix PV to match standard format
openssl: Fix reproducibility issue
resulttool: Improve overlapping ptest result reporting
poky-bleeding: Update and rework
bitbake: fetch2: Rename __BBSEENSRCREV -> __BBSRCREV_SEEN
bitbake: fetch2: Add autorev warning when it is set too late
abi_version/sstate: Handle pkgconfig output changes and bump output versions
bitbake: fetch2/local: Mention the value of localpath in failure message
Robert Joslyn (1):
curl: Update from 7.88.1 to 8.0.1
Robert Yang (3):
bitbake: fetch/git: Fix local clone url to make it work with repo
bitbake: cache: Make EXCLUDE_FROM_WORLD boolean
bitbake: bitbake: bitbake-user-manual: Update EXCLUDE_FROM_WORLD
Romuald JEANNE (1):
image_types: fix vname var init in multiubi_mkfs() function
Romuald Jeanne (2):
image_types: fix multiubi var init
oeqa/selftest/imagefeatures: set a test for mutliubi in test_image_fstypes
Ross Burton (35):
vim: add missing pkgconfig inherit
shadow: ignore CVE-2016-15024
epiphany: upgrade to 43.1
manpages: use an intercept to run mandb
oeqa/selftest/imagefeatures: add test for man-db
systemd: add ignore for CVE-2022-4415
meson: remove obsolete RPATH stripping patch
poky: set MAINTAINER clearly
vim: set modified-by to the recipe MAINTAINER
vim: upgrade to 9.0.1403
lib/resulttool: fix typo breaking resulttool log --ptest
resulttool: add log --list-ptest
python3-numpy: add missing dependency for the tests
python3: missing ptest dependencies
python3: add missing -modules dependencies
python3-unittest-automake-output: add new recipe for ptest integration
python3-atomicwrites: use python3-unittest-automake-output
python3-bcrypt: use python3-unittest-automake-output
python3-cryptography: use python3-unittest-automake-output
python3-hypothesis: use python3-unittest-automake-output
python3-jinja2: use python3-unittest-automake-output
python3-markupsafe: use python3-unittest-automake-output
python3-more-itertools: use python3-unittest-automake-output
python3-pluggy: use python3-unittest-automake-output
python3-pyasn1: : use python3-unittest-automake-output
python3-pytz: use python3-unittest-automake-output
python3-wcwidth: use python3-unittest-automake-output
python3-webcolors: use python3-unittest-automake-output
python3-jsonpointer: rewrite testing
scripts: add buildstats-summary
quilt: fix non-deterministic ownership in ptest package
scripts/lib/buildstats: handle top-level build_stats not being complete
go: fix CVE-2023-2453
libunwind: fix compile failures on 32-bit arm with Clang 16
tzdata: upgrade to 2023c
Siddharth Doshi (2):
OpenSSL: Security fix for CVE-2023-0464
openssh: upgrade 9.2p1 -> 9.3p1
Sudip Mukherjee (3):
libgit2: update license information
libgit2: upgrade to v1.6.3
cracklib: upgrade to v2.9.10
Sundeep KOKKONDA (1):
rust: added missing runtime dependencies to run rust on target
Thomas Roos (1):
qemuboot-x86.inc: allow overwrite of QB_CPU
Tim Orling (4):
cracklib: update github branch to 'main'
python3-wheel: upgrade 0.38.4 -> 0.40.0
bitbake: toaster: update gen_fixtures.py for mickledore
bitbake: toaster: update fixtures for mickledore
Tom Hochstein (2):
meson: Fix wrapper handling of implicit setup command
oeqa/sdk: Improve Meson test
Trevor Woerner (3):
cups: use BUILDROOT instead of DESTDIR
cups: check PACKAGECONFIG for pam feature
cups: add/fix web interface packaging
Ulrich Ölmann (1):
base: fix typos
Wang Mingyu (24):
autoconf-archive: upgrade 2022.09.03 -> 2023.02.20
font-util: upgrade 1.3.3 -> 1.4.0
harfbuzz: upgrade 7.0.1 -> 7.1.0
iso-codes: upgrade 4.12.0 -> 4.13.0
libmicrohttpd: upgrade 0.9.75 -> 0.9.76
meson: upgrade 1.0.0 -> 1.0.1
glib-2.0: upgrade 2.74.5 -> 2.74.6
python3-cryptography(-vectors): upgrade 39.0.1 -> 39.0.2
python3-setuptools: upgrade 67.3.3 -> 67.4.0
python3-git: upgrade 3.1.30 -> 3.1.31
repo: upgrade 2.31 -> 2.32
strace: upgrade 6.1 -> 6.2
stress-ng: upgrade 0.15.03 -> 0.15.04
lua: Fix install conflict when enable multilib.
vala: Fix install conflict when enable multilib.
dhcpcd: Fix install conflict when enable multilib.
grep: upgrade 3.8 -> 3.9
python3-setuptools: upgrade 67.4.0 -> 67.6.0
python3-poetry-core: upgrade 1.5.1 -> 1.5.2
python3-pytest: upgrade 7.2.1 -> 7.2.2
python3-scons: upgrade 4.4.0 -> 4.5.1
python3-testtools: upgrade 2.5.0 -> 2.6.0
python3-urllib3: upgrade 1.26.14 -> 1.26.15
xcb-proto: Fix install conflict when enable multilib.
Xiangyu Chen (3):
sudo: update 1.9.12p2 -> 1.9.13p3
rng-tools: splitting the rng-tools systemd/sysvinit serivce as a package
package: moving field data process before variable process in process_pkgconfig
Yash Shinde (1):
binutils: Fix CVE-2023-25586
Yoann Congal (1):
ref-manual: Add info on "mixin" layers
Yureka Lilian (1):
systemd: rebase musl patches
Zang Ruochen (1):
maintainers.inc: Modify email address
Zoltan Boszormenyi (2):
piglit: Fix build time dependency
pypi.bbclass: Set SRC_URI downloadfilename with an optional prefix
meta-openembedded: a9b2d1303b..17243e70c8:
AYP (1):
packagegroup-meta-networking: remove ntpdate
Andreas Helbech Kleist (1):
cli11: enable native/nativesdk builds
Archana Polampalli (1):
Nodejs: add missing run_ptest script
Bartosz Golaszewski (3):
libgpiod: update to v2.0
python3-gpiod: update to v2.0
reboot-mode: new package
Changqing Li (5):
rabbitmq-c: upgrade 0.11.0 -> 0.13.0
sg3-utils: upgrade 1.45 -> 1.47
liblockfile: upgrade 1.14 -> 1.17
syslog-ng: upgrade 3.38.1 -> 4.0.1
redis: upgrade 7.0.9 -> 7.0.10
Chen Pei (1):
meta-perl-base:fix SUMMARY
Christophe Vu-Brugier (2):
exfatprogs: add new recipe
exfat-utils: remove recipe
Clément Péron (1):
python3-click-repl: add mising prompt-toolkit runtime dependency
Etienne Cordonnier (8):
android-tools 10: import version from meta-clang
android-tools 10: remove dead code
android-tools 10: move adbd to its own package
android-tools 10: Add flag to enable adbd service
android-tools 10: various fixes
android-tools 10: port some patches from version 5
android-tools: fix TMPDIR
android-tools: update to 29.0.6.r14
Fabio Estevam (2):
iperf3: Update to 3.13
ettercap: Update Upstream-Status
Frederic Martinsons (2):
uutils-coreutils: Add crates checksum and use cargo-update-recipes-crates
python3-pyruvate: Add crates checksum and use cargo-update-recipes-crates
Jan Feemers (1):
nodejs: package-split between nodejs and nodejs-npm
Joe Slater (3):
libidn: update to 1.41
re2: move to version 2023-03-01
libreport: update to version 2.17.8
Justin Bronder (1):
tk: inherit pkgconfig
Khem Raj (41):
gnome-commander: Upgrade to 1.16.0 release
python3-lru-dict: Fix function pointer mismatch
hdf5: Upgrade to 1.14.0
python3-h5py: Upgrade to 3.8.0
pkcs11-helper: Update to latest tip of trunk
glm: Update to tip of trunk
libsdl2-ttf: Upgrade to 2.20.2
libsdl-image: Fix build with clang16
gphoto2: Fix build with clang16 + musl
pmdk: Upgrade to 1.12.1
pndk: Add missing dependency on native cmake
libx86-1: Fix build with clang16
mongodb: Upgrade to 4.4.19
glog: Disable 64bit atomics on rv32
mongodb: Fix type mitmatch found with clang16
gegl: Remove openmp dep for rv32 and ppc32
gnome-desktop: Make seccomp dependency optional for rv32
nodejs: Upgrade to 18.14.2
libx86-1: Fix build on 32bit x86
vlc: Upgrade to 3.0.18
redis: Upgrade 6.x recipe to 6.2.11
redis: Upgrade 7.x to 7.0.9
packagegroup-meta-multimedia: mycroft needs pulseaudio
pahole: Upgrade to tip of trunk
sg3-utils: Fix build with musl
gsoap: Upgrade to 2.8.126
waylandpp: Just enforce opengl for target recipe
freeglut: Drop -fcommon and add -Wno-implicit-function-declaration
nodejs: Depend on file-native
lirc: Fix build with usrmerge feature building on ubuntu hosts
rp-pppoe: Define _GNU_SOURCE
libssh: Fix build with clang16
packagegroup-meta-multimedia: Remove library only packages from rdeps
packagegroup-meta-oe: Remove mongodb from rdep list of packagegroup
packagegroup-meta-networking: Set PACKAGE_ARCH = "${MACHINE_ARCH}"
cmocka: Check for previous declaration of uintptr_t
ettercap: Fix build with libcurl >= 8
fluentbit: Disable upstart scripts
xfstests: Fix build with musl
nautilus: Fix build with clang and drop unused patch
gimp: Update to 2.10.34
Lei Maohui (2):
libiodbc: Install *.h files to /usr/include/iodbc to fix conflicts error with unixodbc reference to ubuntu:
pgpool2: Added a new recipe.
Manoj Saun (1):
postgresql: fix ptest failure of sysviews test
Markus Volk (13):
dav1d: add recipe
libavif: add recipe
xdg-dbus-proxy: add recipe
libnice: upgrade 0.1.18 -> 0.1.21
pipewire: update 0.3.66 -> 0.3.67
nv-codec-headers: update 11.1.5.2 -> 12.0.16.0
wireplumber: update 0.4.13 -> 0.4.14
libcamera: update 0.0.1 -> 0.0.4
xdg-desktop-portal: fix bwrap path
gvfs: add more PACKAGECONFIGS
evolution-data-server: update 3.46.3 -> 3.48.0
gtksourceview5: update 5.6.1 -> 5.7.1
libgtop: update 2.40.0 -> 2.41.1
Mingli Yu (4):
php: Upgrade to 8.1.16
opencv: Upgrade to 4.7.0
crash: Upgrade to 8.0.2
mcelog: Upgrade to v191
Peter Johennecken (1):
fluentbit: change of download name
Peter Marko (1):
dnsmasq: fix CVE-2023-28450
Petr Gotthard (4):
openvpn: upgrade 2.6.0 -> 2.6.1
libqmi: upgrade 1.32.2 -> 1.32.4
libmbim: upgrade 1.28.2 -> 1.28.4
modemmanager: upgrade 1.20.4 -> 1.20.6
Randy MacLeod (4):
rsyslog: update from 8.2212.0 to 8.2302.0
rsyslog: add disabled PACKAGECONFIG to drop capabilities
librelp: make inline errors be warnings in debug build
cmocka: update from 1.1.5+ to 1.1.7
Sakib Sajal (1):
libuser: upgrade v0.63 -> v0.64
Stefan Ghinea (1):
redis: fix service redis-server restart not working under sysvinit
Trevor Woerner (3):
cups-filters: remove duplicate configure option
cups-filters: fix ghostscript handling
hplip: add runtime dependency on ghostscript
Wang Mingyu (136):
logcheck: upgrade 1.4.0 -> 1.4.2
byacc: upgrade 20230201 -> 20230219
bubblewrap: upgrade 0.7.0 -> 0.8.0
bats: upgrade 1.8.2 -> 1.9.0
cryptsetup: upgrade 2.6.0 -> 2.6.1
c-ares: upgrade 1.18.1 -> 1.19.0
cukinia: upgrade 0.6.0 -> 0.6.1
python3-coverage: upgrade 7.2.0 -> 7.2.1
python3-decouple: upgrade 3.7 -> 3.8
python3-aiohue: upgrade 4.6.1 -> 4.6.2
python3-fastnumbers: upgrade 4.0.1 -> 5.0.1
python3-haversine: upgrade 2.7.0 -> 2.8.0
python3-google-auth: upgrade 2.16.1 -> 2.16.2
python3-google-api-python-client: upgrade 2.79.0 -> 2.80.0
python3-imageio: upgrade 2.25.1 -> 2.26.0
python3-ipython: upgrade 8.10.0 -> 8.11.0
python3-nocasedict: upgrade 1.1.0 -> 2.0.0
python3-natsort: upgrade 8.2.0 -> 8.3.1
python3-nocaselist: Upgrade 1.1.0 -> 1.1.1
python3-protobuf: upgrade 4.21.12 -> 4.22.0
python3-pydicti: upgrade 1.2.0 -> 1.2.1
python3-watchdog: upgrade 2.3.0-> 2.3.1
python3-pymisp: upgrade 2.4.168 -> 2.4.168.1
python3-wrapt: upgrade 1.14.1 -> 1.15.0
apache2: upgrade 2.4.55 -> 2.4.56
logwatch: upgrade 7.7 -> 7.8
libvpx: upgrade 1.12.0 -> 1.13.0
libjcat: upgrade 0.1.12 -> 0.1.13
librsync: upgrade 2.3.2 -> 2.3.4
lcms: upgrade 2.14 -> 2.15
gsoap: upgrade 2.0.106 -> 2.0.124
hwdata: upgrade 0.367 -> 0.368
ctags: upgrade 6.0.20230212.0 -> 6.0.20230305.0
freerdp: upgrade 2.9.0 -> 2.10.0
python3-mpmath: upgrade 1.2.1 -> 1.3.0
python3-alembic: upgrade 1.9.4 -> 1.10.2
python3-astroid: upgrade 2.14.2 -> 2.15.0
python3-charset-normalizer: upgrade 3.0.1 -> 3.1.0
python3-argcomplete upgrade 2.0.0 -> 2.1.1
python3-fastjsonschema: upgrade 2.16.2 -> 2.16.3
python3-protobuf: upgrade 4.22.0 -> 4.22.1
python3-xmlschema: upgrade 2.2.1 -> 2.2.2
python3-tqdm: upgrade 4.64.1 -> 4.65.0
python3-pyexpect: upgrade 1.0.21 -> 1.0.22
python3-pywbem: upgrade 1.6.0 -> 1.6.1
stunnel: upgrade 5.67 -> 5.69
rp-pppoe: upgrade 3.14 -> 3.15
nbdkit: upgrade 1.33.7 -> 1.33.10
php: update 8.1.16 -> 8.2.3
tcsh: upgrade 6.22.04 -> 6.24.07
monit: upgrade 5.32.0 -> 5.33.0
poppler: upgrade 23.02.0 -> 23.03.0
satyr: upgrade 0.40 -> 0.42
nginx: upgrade 1.20.1 -> 1.23.3
raptor2: upgrade 2.0.15 -> 2.0.16
spawn-fcgi: upgrade 1.6.4 -> 1.6.5
unixodbc: Fix install conflict when enable multilib.
xdebug: upgrade 3.1.1 -> 3.2.0
postgresql: Fix install conflict when enable multilib.
networkmanager: upgrade 1.42.0 -> 1.42.4
rdma-core: upgrade 44.0 -> 45.0
python3-gcovr: upgrade 5.2 -> 6.0
makeself: upgrade 2.4.5 -> 2.5.0
ctags: upgrade 6.0.20230305.0 -> 6.0.20230312.0
python3-gmqtt: upgrade 0.6.11 -> 0.6.12
python3-google-api-python-client: upgrade 2.80.0 -> 2.81.0
python3-msgpack: upgrade 1.0.4 -> 1.0.5
python3-portion: upgrade 2.3.1 -> 2.4.0
python3-paramiko: upgrade 3.0.0 -> 3.1.0
python3-openpyxl: upgrade 3.1.1 -> 3.1.2
python3-pymisp: upgrade 2.4.168.1 -> 2.4.169
python3-pydantic: upgrade 1.10.5 -> 1.10.6
python3-pytest-xdist: upgrade 3.2.0 -> 3.2.1
python3-pymodbus: upgrade 3.1.3 -> 3.2.0
python3-smpplib: upgrade 2.2.1 -> 2.2.2
python3-twitter: upgrade 4.12.1 -> 4.13.0
python3-unidiff: upgrade 0.7.4 -> 0.7.5
python3-xlsxwriter: upgrade 3.0.8 -> 3.0.9
python3-pykickstart: upgrade 3.44 -> 3.45
python3-web3: upgrade 5.31.3 -> 5.31.4
python3-pymodbus: upgrade 3.2.0 -> 3.2.1
python3-geojson: upgrade 2.5.0 -> 3.0.1
python3-sentry-sdk: upgrade 1.15.0 -> 1.17.0
python3-apt: upgrade 2.5.2 -> 2.5.3
python3-argcomplete: upgrade 2.1.1 -> 3.0.0
python3-cmake: upgrade 3.25.2 -> 3.26.0
python3-coverage: upgrade 7.2.1 -> 7.2.2
python3-eth-typing: upgrade 3.2.0 -> 3.3.0
python3-daemon: upgrade 2.3.2 -> 3.0.1
python3-engineio: upgrade 4.3.4 -> 4.4.0
python3-flask-socketio: upgrade 5.3.2 -> 5.3.3
python3-pykickstart: upgrade 3.45 -> 3.47
python3-pymisp: upgrade 2.4.169 -> 2.4.169.2
python3-simplejson: upgrade 3.18.3 -> 3.18.4
python3-rapidjson: upgrade 1.9 -> 1.10
python3-socketio: upgrade 5.7.2 -> 5.8.0
python3-sqlalchemy: upgrade 2.0.4 -> 2.0.7
python3-tzlocal: upgrade 4.2 -> 4.3
python3-typeguard: upgrade 2.13.3 -> 3.0.1
python3-web3: upgrade 5.31.4 -> 6.0.0
python3-zeroconf: upgrade 0.47.3 -> 0.47.4
tracker: upgrade 3.4.2 -> 3.5.0
xterm: upgrade 378 -> 379
python3-zopeinterface: upgrade 5.5.2 -> 6.0
xf86-video-amdgpu: upgrade 22.0.0 -> 23.0.0
libclass-method-modifiers-perl: upgrade 2.13 -> 2.15
libcompress-raw-bzip2-perl: upgrade 2.201 -> 2.204
libcompress-raw-lzma-perl: upgrade 2.201 -> 2.204
libcompress-raw-zlib-perl: upgrade 2.202 -> 2.204
libio-compress-lzma-perl: upgrade 2.201 -> 2.204
libio-compress-perl: upgrade 2.201 -> 2.204
libtest-deep-perl: upgrade 1.130 -> 1.204
opencl-headers: upgrade 2022.09.30 -> 2023.02.06
php: upgrade 8.2.3 -> 8.2.4
googletest: upgrade 1.12.1 -> 1.13.0
consolation: upgrade 0.0.8 -> 0.0.9
can-utils: upgrade 2021.08.0 -> 2023.03
nbdkit: upgrade 1.33.10 -> 1.33.11
adcli: upgrade 0.9.0 -> 0.9.2
gnome-chess: upgrade 43.1 -> 43.2
xfstests: upgrade 2023.01.01 -> 2023.03.05
gnome-backgrounds: upgrade 43 -> 44.0
libwacom: upgrade 2.5.0 -> 2.6.0
libass: upgrade 0.17.0 -> 0.17.1
libnet-dns-perl: upgrade 1.36 -> 1.37
libadwaita: upgrade 1.2.1 -> 1.3.1
libcgi-perl: upgrade 4.55 -> 4.56
libpeas: upgrade 1.34.0 -> 1.36.0
gvfs: upgrade 1.50.3 -> 1.50.4
gnome-system-monitor: upgrade 42.0 -> 44.0
nautilus: upgrade 43.2 -> 44.0
babl: upgrade 0.1.98 -> 0.1.102
ctags: upgrade 6.0.20230312.0 -> 6.0.20230319.0
folks: upgrade 0.15.5 -> 0.15.6
gegl: upgrade 0.4.40 -> 0.4.42
gnome-autoar: upgrade 0.4.3 -> 0.4.4
Xiangyu Chen (2):
libbpf: upgrade 0.8.0 -> 1.1.0
abseil-cpp: upgrade 20221014.0 -> 20230125.1
Yi Zhao (25):
audit: upgrade 3.0.9 -> 3.1
audit: drop version 2.8.5
frr: add UPSTREAM_CHECK_GITTAGREGEX
quagga: drop recipe
libssh: upgrade 0.8.9 -> 0.10.4
strongswan: 5.9.9 -> 5.9.10
libnfnetlink: upgrade 1.0.1 -> 1.0.2
libnetfilter-cthelper: upgrade 1.0.0 -> 1.0.1
libnetfilter-cttimeout: upgrade 1.0.0 -> 1.0.1
traceroute: upgrade 2.1.1 -> 2.1.2
freeradius: add UPSTREAM_CHECK_GITTAGREGEX
libyang: fix ptest
libyang: upgrade 2.0.194 -> 2.1.30
frr: support more arches
netplan: add missing runtime dependencies
python3-rich: add recipe
packagegroup-meta-networking: add frr
packagegroup-meta-oe: enable build libyang on riscv32/64
libnftnl: upgrade 1.2.4 -> 1.2.5
libldb: upgrade 2.6.1 -> 2.7.1
samba: upgrade 4.17.5 -> 4.18.0
libssh: add ptest
mbedtls: add ptest
libyang: upgrade 2.1.30 -> 2.1.55
tcpreplay: 4.4.2 -> 4.4.3
Yoann Congal (4):
libusb-compat: Revert "libusb-compat: move libraries to base_libdir"
libusb-compat: upgrade sources to fix -native build
libusb-compat: add simple ptest (example programs)
libusb-compat: RDEPENDS on libusb1
Yue Tao (1):
Introduce python3-trustme to fix ptest error of python3-requests-toolbelt
Zhixiong Chi (2):
ntp: drop the deprecated ntpdate
python3-betamax: fix ptest failture of fixture and record modes
Zoltán Böszörményi (13):
opencl-icd-loader: Add RPROVIDES:${PN} = "virtual/opencl-icd"
ocl-icd: Add PROVIDES and RPROVIDES for virtual/opencl-icd
meta-oe/conf/layer.conf: Add PREFERRED_[R]PROVIDER_virtual/opencl-icd
python3-ninja: New recipe
python3-cmake: New recipe
python3-scikit-build: New recipe
python3-pyproject-metadata: New recipe
opencv: Support OpenVINO
python3-executing: New recipe
python3-pure-eval: New recipe
python3-stack-data: New recipe
python3-ipython: Add missing dependency
opencv: Fix PACKAGECONFIG[openvino]
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Idbfcd5f4c03ed5bd9c72558714edbe0200495aad
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-security')
| -rw-r--r-- | meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Add-substitue-functions-for-strndupa-rawmemchr.patch | 133 | ||||
| -rw-r--r-- | meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch | 65 | ||||
| -rw-r--r-- | meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch | 62 | ||||
| -rw-r--r-- | meta-openembedded/meta-oe/recipes-security/audit/audit/0003-Header-definitions-need-to-be-external-when-building.patch | 30 | ||||
| -rw-r--r-- | meta-openembedded/meta-oe/recipes-security/audit/audit_2.8.5.bb | 115 | ||||
| -rw-r--r-- | meta-openembedded/meta-oe/recipes-security/audit/audit_3.1.bb (renamed from meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.9.bb) | 8 | ||||
| -rw-r--r-- | meta-openembedded/meta-oe/recipes-security/bubblewrap/bubblewrap_0.8.0.bb (renamed from meta-openembedded/meta-oe/recipes-security/bubblewrap/bubblewrap_0.7.0.bb) | 2 |
7 files changed, 5 insertions, 410 deletions
diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Add-substitue-functions-for-strndupa-rawmemchr.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Add-substitue-functions-for-strndupa-rawmemchr.patch deleted file mode 100644 index ed1c0e2b57..0000000000 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Add-substitue-functions-for-strndupa-rawmemchr.patch +++ /dev/null @@ -1,133 +0,0 @@ -From d5a4b800a696b8b8d2c0f0bad098b1a8ff94333f Mon Sep 17 00:00:00 2001 -From: Steve Grubb <sgrubb@redhat.com> -Date: Tue, 26 Feb 2019 18:33:33 -0500 -Subject: [PATCH] Add substitue functions for strndupa & rawmemchr - -Upstream-Status: Backport -[https://github.com/linux-audit/audit-userspace/commit/d579a08bb1cde71f939c13ac6b2261052ae9f77e] ---- - auparse/auparse.c | 12 +++++++++++- - auparse/interpret.c | 9 ++++++++- - configure.ac | 14 +++++++++++++- - src/ausearch-lol.c | 12 +++++++++++- - 4 files changed, 43 insertions(+), 4 deletions(-) - -diff --git a/auparse/auparse.c b/auparse/auparse.c -index 650db02..2e1c737 100644 ---- a/auparse/auparse.c -+++ b/auparse/auparse.c -@@ -1,5 +1,5 @@ - /* auparse.c -- -- * Copyright 2006-08,2012-17 Red Hat Inc., Durham, North Carolina. -+ * Copyright 2006-08,2012-19 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or -@@ -1118,6 +1118,16 @@ static int str2event(char *s, au_event_t *e) - return 0; - } - -+#ifndef HAVE_STRNDUPA -+static inline char *strndupa(const char *old, size_t n) -+{ -+ size_t len = strnlen(old, n); -+ char *tmp = alloca(len + 1); -+ tmp[len] = 0; -+ return memcpy(tmp, old, len); -+} -+#endif -+ - /* Returns 0 on success and 1 on error */ - static int extract_timestamp(const char *b, au_event_t *e) - { -diff --git a/auparse/interpret.c b/auparse/interpret.c -index 51c4a5e..67b7b77 100644 ---- a/auparse/interpret.c -+++ b/auparse/interpret.c -@@ -853,6 +853,13 @@ err_out: - return print_escaped(id->val); - } - -+// rawmemchr is faster. Let's use it if we have it. -+#ifdef HAVE_RAWMEMCHR -+#define STRCHR rawmemchr -+#else -+#define STRCHR strchr -+#endif -+ - static const char *print_proctitle(const char *val) - { - char *out = (char *)print_escaped(val); -@@ -863,7 +870,7 @@ static const char *print_proctitle(const char *val) - // Proctitle has arguments separated by NUL bytes - // We need to write over the NUL bytes with a space - // so that we can see the arguments -- while ((ptr = rawmemchr(ptr, '\0'))) { -+ while ((ptr = STRCHR(ptr, '\0'))) { - if (ptr >= end) - break; - *ptr = ' '; -diff --git a/configure.ac b/configure.ac -index 6e345f1..6f3007e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1,7 +1,7 @@ - dnl - define([AC_INIT_NOTICE], - [### Generated automatically using autoconf version] AC_ACVERSION [ --### Copyright 2005-18 Steve Grubb <sgrubb@redhat.com> -+### Copyright 2005-19 Steve Grubb <sgrubb@redhat.com> - ### - ### Permission is hereby granted, free of charge, to any person obtaining a - ### copy of this software and associated documentation files (the "Software"), -@@ -72,6 +72,18 @@ dnl; posix_fallocate is used in audisp-remote - AC_CHECK_FUNCS([posix_fallocate]) - dnl; signalfd is needed for libev - AC_CHECK_FUNC([signalfd], [], [ AC_MSG_ERROR([The signalfd system call is necessary for auditd]) ]) -+dnl; check if rawmemchr is available -+AC_CHECK_FUNCS([rawmemchr]) -+dnl; check if strndupa is available -+AC_LINK_IFELSE( -+ [AC_LANG_SOURCE( -+ [[ -+ #define _GNU_SOURCE -+ #include <string.h> -+ int main() { (void) strndupa("test", 10); return 0; }]])], -+ [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])], -+ [] -+) - - ALLWARNS="" - ALLDEBUG="-g" -diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c -index 5d17a72..758c33e 100644 ---- a/src/ausearch-lol.c -+++ b/src/ausearch-lol.c -@@ -1,6 +1,6 @@ - /* - * ausearch-lol.c - linked list of linked lists library --* Copyright (c) 2008,2010,2014,2016 Red Hat Inc., Durham, North Carolina. -+* Copyright (c) 2008,2010,2014,2016,2019 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This software may be freely redistributed and/or modified under the -@@ -152,6 +152,16 @@ static int compare_event_time(event *e1, event *e2) - return 0; - } - -+#ifndef HAVE_STRNDUPA -+static inline char *strndupa(const char *old, size_t n) -+{ -+ size_t len = strnlen(old, n); -+ char *tmp = alloca(len + 1); -+ tmp[len] = 0; -+ return memcpy(tmp, old, len); -+} -+#endif -+ - /* - * This function will look at the line and pick out pieces of it. - */ --- -2.17.1 - diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch deleted file mode 100644 index 054f50ab23..0000000000 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 6b09724c69d91668418ddb3af00da6db6755208c Mon Sep 17 00:00:00 2001 -From: Steve Grubb <sgrubb@redhat.com> -Date: Thu, 2 Sep 2021 15:01:12 -0400 -Subject: [PATCH] Make IPX packet interpretation dependent on the ipx header - file existing - -Upstream-Status: Backport [https://github.com/linux-audit/audit-userspace/commit/6b09724c69d91668418ddb3af00da6db6755208c.patch] -Comment: Remove one hunk from changelog file and refresh rest hunks as per codebase of audit_2.8.5 -Signed-off-by: Akash Hadke <akash.hadke@kpit.com> ---- - auparse/interpret.c | 8 ++++++-- - configure.ac | 6 ++++++ - 2 files changed, 12 insertions(+), 2 deletions(-) - -diff --git a/auparse/interpret.c b/auparse/interpret.c -index 63829aa0e..6c316456d 100644 ---- a/auparse/interpret.c 2022-10-14 11:22:20.833880000 +0200 -+++ b/auparse/interpret.c 2022-10-14 11:35:13.196455950 +0200 -@@ -44,8 +44,10 @@ - #include <linux/ax25.h> - #include <linux/atm.h> - #include <linux/x25.h> --#include <linux/if.h> // FIXME: remove when ipx.h is fixed --#include <linux/ipx.h> -+#ifdef HAVE_IPX_HEADERS -+ #include <linux/if.h> // FIXME: remove when ipx.h is fixed -+ #include <linux/ipx.h> -+#endif - #include <linux/capability.h> - #include <sys/personality.h> - #include <sys/prctl.h> -@@ -1158,6 +1160,7 @@ - x->sax25_call.ax25_call[6]); - } - break; -+#ifdef HAVE_IPX_HEADERS - case AF_IPX: - { - const struct sockaddr_ipx *ip = -@@ -1167,6 +1170,7 @@ - str, ip->sipx_port, ip->sipx_network); - } - break; -+#endif - case AF_ATMPVC: - { - const struct sockaddr_atmpvc* at = -diff --git a/configure.ac b/configure.ac -index 8f541e4c0..005eb0b5b 100644 ---- a/configure.ac 2022-10-14 11:22:20.833880000 +0200 -+++ b/configure.ac 2022-10-14 11:36:32.391044084 +0200 -@@ -414,6 +414,12 @@ - AC_DEFINE_UNQUOTED(HAVE_LIBWRAP, [], Define if tcp_wrappers support is enabled ) - fi - -+# linux/ipx.h - deprecated in 2018 -+AC_CHECK_HEADER(linux/ipx.h, ipx_headers=yes, ipx_headers=no) -+if test $ipx_headers = yes ; then -+ AC_DEFINE(HAVE_IPX_HEADERS,1,[IPX packet interpretation]) -+fi -+ - # See if we want to support lower capabilities for plugins - LIBCAP_NG_PATH - - diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch deleted file mode 100644 index 39a090c83b..0000000000 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 3467abce1f3cfc96f9bdace7c09d95218cbcaeb1 Mon Sep 17 00:00:00 2001 -From: Li xin <lixin.fnst@cn.fujitsu.com> -Date: Sun, 19 Jul 2015 02:42:58 +0900 -Subject: [PATCH] audit: Fixed swig host contamination issue - -The audit build uses swig to generate a python wrapper. -Unfortunately, the swig info file references host include -directories. Some of these were previously noticed and -eliminated, but the one fixed here was not. - -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com> -Signed-off-by: Joe Slater <jslater@windriver.com> -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> - -Comment: Refresh hunk from auditswig.i to fix build with linux 5.17+ -Reference-Commit: ee3c680c3 audit: Upgrade to 3.0.8 and fix build with linux 5.17+ -Signed-off-by: Akash Hadke <akash.hadke@kpit.com> -Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> ---- - bindings/swig/python3/Makefile.am | 3 ++- - bindings/swig/src/auditswig.i | 2 +- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am -index 9938418..fa46aac 100644 ---- a/bindings/swig/python3/Makefile.am -+++ b/bindings/swig/python3/Makefile.am -@@ -22,6 +22,7 @@ - CONFIG_CLEAN_FILES = *.loT *.rej *.orig - AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing $(PYTHON3_CFLAGS) - AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) -+STDINC ?= /usr/include - LIBS = $(top_builddir)/lib/libaudit.la - SWIG_FLAGS = -python -py3 -modern - SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) -@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi - _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la - nodist__audit_la_SOURCES = audit_wrap.c - audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i -- swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} ${srcdir}/../src/auditswig.i -+ swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} -I$(STDINC) ${srcdir}/../src/auditswig.i - - CLEANFILES = audit.py* audit_wrap.c *~ - -diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i -index 7ebb373..424fb68 100644 ---- a/bindings/swig/src/auditswig.i -+++ b/bindings/swig/src/auditswig.i -@@ -39,7 +39,7 @@ - #define __attribute(X) /*nothing*/ - typedef unsigned __u32; - typedef unsigned uid_t; --%include "/usr/include/linux/audit.h" -+%include "../lib/audit.h" - #define __extension__ /*nothing*/ - #include <stdint.h> - %include "../lib/libaudit.h" --- -2.17.1 - diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0003-Header-definitions-need-to-be-external-when-building.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0003-Header-definitions-need-to-be-external-when-building.patch deleted file mode 100644 index f209e560bd..0000000000 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit/0003-Header-definitions-need-to-be-external-when-building.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 2938f46d318df4a09565db837b60bafd0300f858 Mon Sep 17 00:00:00 2001 -From: Steve Grubb <sgrubb@redhat.com> -Date: Fri, 10 Jan 2020 21:13:50 -0500 -Subject: [PATCH] Header definitions need to be external when building with - -fno-common (which is default in GCC 10) - Tony Jones - -Upstream-Status: Backport -[https://github.com/linux-audit/audit-userspace/commit/017e6c6ab95df55f34e339d2139def83e5dada1f] - -Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> ---- - src/ausearch-common.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/ausearch-common.h b/src/ausearch-common.h -index 6669203..3040547 100644 ---- a/src/ausearch-common.h -+++ b/src/ausearch-common.h -@@ -50,7 +50,7 @@ extern pid_t event_pid; - extern int event_exact_match; - extern uid_t event_uid, event_euid, event_loginuid; - extern const char *event_tuid, *event_teuid, *event_tauid; --slist *event_node_list; -+extern slist *event_node_list; - extern const char *event_comm; - extern const char *event_filename; - extern const char *event_hostname; --- -2.17.1 - diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_2.8.5.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_2.8.5.bb deleted file mode 100644 index f846b27f90..0000000000 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit_2.8.5.bb +++ /dev/null @@ -1,115 +0,0 @@ -SUMMARY = "User space tools for kernel auditing" -DESCRIPTION = "The audit package contains the user space utilities for \ -storing and searching the audit records generated by the audit subsystem \ -in the Linux kernel." -HOMEPAGE = "http://people.redhat.com/sgrubb/audit/" -SECTION = "base" -LICENSE = "GPL-2.0-or-later & LGPL-2.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" - -SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintenance;protocol=https \ - file://0001-Add-substitue-functions-for-strndupa-rawmemchr.patch \ - file://0002-Fixed-swig-host-contamination-issue.patch \ - file://0003-Header-definitions-need-to-be-external-when-building.patch \ - file://auditd \ - file://auditd.service \ - file://audit-volatile.conf \ - file://0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch \ -" - -S = "${WORKDIR}/git" -SRCREV = "5fae55c1ad15b3cefe6890eba7311af163e9133c" - -inherit autotools python3native update-rc.d systemd - -UPDATERCPN = "auditd" -INITSCRIPT_NAME = "auditd" -INITSCRIPT_PARAMS = "defaults" - -SYSTEMD_PACKAGES = "auditd" -SYSTEMD_SERVICE:auditd = "auditd.service" - -DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native" - -EXTRA_OECONF = "--without-prelude \ - --with-libwrap \ - --enable-gssapi-krb5=no \ - --with-libcap-ng=yes \ - --with-python3=yes \ - --libdir=${base_libdir} \ - --sbindir=${base_sbindir} \ - --without-python \ - --without-golang \ - --disable-zos-remote \ - --with-arm=yes \ - --with-aarch64=yes \ - " - -EXTRA_OEMAKE = "PYLIBVER='python${PYTHON_BASEVERSION}' \ - PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \ - pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \ - STDINC='${STAGING_INCDIR}' \ - pkgconfigdir=${libdir}/pkgconfig \ - " - -SUMMARY:audispd-plugins = "Plugins for the audit event dispatcher" -DESCRIPTION:audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ -interface to the audit system, audispd. These plugins can do things \ -like relay events to remote machines or analyze events for suspicious \ -behavior." - -PACKAGES =+ "audispd-plugins" -PACKAGES += "auditd ${PN}-python" - -FILES:${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" -FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*" -FILES:audispd-plugins = "${sysconfdir}/audisp/audisp-remote.conf \ - ${sysconfdir}/audisp/plugins.d/au-remote.conf \ - ${base_sbindir}/audisp-remote ${localstatedir}/spool/audit \ - " -FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" -FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" - -CONFFILES:auditd = "${sysconfdir}/audit/audit.rules" -RDEPENDS:auditd = "bash" - -do_configure:prepend() { - sed -e 's|buf\[];|buf[0];|g' ${STAGING_INCDIR}/linux/audit.h > ${S}/lib/audit.h - sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g' ${S}/lib/libaudit.h -} - -do_install:append() { - rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a - rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la - - # reuse auditd config - [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default - mv ${D}/etc/sysconfig/auditd ${D}/etc/default - rmdir ${D}/etc/sysconfig/ - - # replace init.d - install -D -m 0755 ${WORKDIR}/auditd ${D}/etc/init.d/auditd - rm -rf ${D}/etc/rc.d - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - # install systemd unit files - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system - - install -d ${D}${sysconfdir}/tmpfiles.d/ - install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ - fi - - # audit-2.5 doesn't install any rules by default, so we do that here - mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d - cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules - - chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d - chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules - - # Based on the audit.spec "Copy default rules into place on new installation" - cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules - - # Create /var/spool/audit directory for audisp-remote - install -m 0700 -d ${D}${localstatedir}/spool/audit -} diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.9.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.1.bb index 9621d9e335..8bd81791ed 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.9.bb +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.1.bb @@ -16,9 +16,9 @@ SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master;proto " S = "${WORKDIR}/git" -SRCREV = "81fa28e0e8b4be83ddba03de8b816a3df510c17e" +SRCREV = "81c813fc4ebb11bf1eca8b8bdb5b253dff31e68e" -inherit autotools python3native python3targetconfig update-rc.d systemd +inherit autotools python3targetconfig update-rc.d systemd UPDATERCPN = "auditd" INITSCRIPT_NAME = "auditd" @@ -74,11 +74,11 @@ CONFFILES:auditd = "${sysconfdir}/audit/audit.rules" do_configure:prepend() { sed -e 's|buf\[];|buf[0];|g' ${STAGING_INCDIR}/linux/audit.h > ${S}/lib/audit.h - sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g' ${S}/lib/libaudit.h + sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g' ${S}/lib/libaudit.h } do_install:append() { - sed -i -e 's|#include "audit.h"|#include <linux/audit.h>|g' ${D}${includedir}/libaudit.h + sed -i -e 's|#include "audit.h"|#include <linux/audit.h>|g' ${D}${includedir}/libaudit.h rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la diff --git a/meta-openembedded/meta-oe/recipes-security/bubblewrap/bubblewrap_0.7.0.bb b/meta-openembedded/meta-oe/recipes-security/bubblewrap/bubblewrap_0.8.0.bb index 4d053b54cb..06c42addbf 100644 --- a/meta-openembedded/meta-oe/recipes-security/bubblewrap/bubblewrap_0.7.0.bb +++ b/meta-openembedded/meta-oe/recipes-security/bubblewrap/bubblewrap_0.8.0.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2" DEPENDS = "libcap" SRC_URI = "https://github.com/containers/${BPN}/releases/download/v${PV}/${BP}.tar.xz" -SRC_URI[sha256sum] = "764ab7100bd037ea53d440d362e099d7a425966bc62d1f00ab26b8fbb882a9dc" +SRC_URI[sha256sum] = "957ad1149db9033db88e988b12bcebe349a445e1efc8a9b59ad2939a113d333a" inherit autotools bash-completion github-releases manpages pkgconfig |