diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2023-06-15 13:43:17 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2023-06-15 19:22:24 +0300 |
| commit | 91c4060797737f563a7b975d726f2efcb088e45f (patch) | |
| tree | 0b2a543533ec0cf03a47e67056a95b0073b51524 /meta-openembedded/meta-oe | |
| parent | 821a859c1d68e8cfeea8c50e86f15daa87e71d59 (diff) | |
| download | openbmc-kirkstone.tar.xz | |
kirkstone: subtree updateskirkstone
meta-raspberrypi: 2a06e4e84b..43683cb14b:
Florin Sarbu (1):
udev-rules-rpi: Use 99-com.rules directly from upstream
meta-openembedded: df452d9d98..f95484417e:
Arsalan H. Awan (1):
meta-networking/licenses/netperf: remove unused license
Bhargav Das (2):
tslib: Add native & nativestdk package support
pointercal: Add native & nativestdk package support
Changqing Li (1):
redis: fix do_patch fuzz warning
Chee Yang Lee (3):
tinyproxy: fix CVE-2022-40468
capnproto: upgrade to 0.9.2
freerdp: fix CVE-2022-39316/39318/39319
Gianluigi Spagnuolo (1):
libbpf: add native and nativesdk BBCLASSEXTEND
Jasper Orschulko (1):
python3-gcovr: Add missing runtime dependency
Jonas Gorski (3):
frr: Security fix CVE-2022-36440 / CVE-2022-40302
frr: Security fix CVE-2022-40318
frr: Security fix CVE-2022-43681
Khem Raj (1):
nodejs: Fix build with gcc13
Martin Jansa (1):
abseil-cpp: backport a fix for build with gcc-13
Narpat Mali (3):
python3-werkzeug: fix for CVE-2023-25577
python3-django: upgrade 4.0.2 -> 4.2.1
python3-m2crypto: fix for CVE-2020-25657
Natasha Bailey (1):
libyang: backport a fix for CVE-2023-26916
Valeria Petrov (1):
apache2: upgrade 2.4.56 -> 2.4.57
Xiangyu Chen (3):
pahole: fix native package build error
Revert "pahole: fix native package build error"
libbpf: installing uapi headers for native package
poky: 4cc0e9438b..43b94d2b84:
Alexander Kanavin (1):
dhcpcd: use git instead of tarballs
Archana Polampalli (4):
nasm: fix CVE-2022-44370
git: fix CVE-2023-29007
git: fix CVE-2023-25652
git: ignore CVE-2023-25815
Arturo Buzarra (1):
run-postinsts: Set dependency for ldconfig to avoid boot issues
Bhabu Bindu (4):
curl: Fix CVE-2023-28319
curl: Fix CVE-2023-28320
curl: Fix CVE-2023-28321
curl: Fix CVE-2023-28322
Bruce Ashfield (9):
linux-yocto/5.15: update to v5.15.106
linux-yocto/5.15: update to v5.15.107
linux-yocto/5.15: update to v5.15.108
kernel: improve initramfs bundle processing time
linux-yocto/5.10: update to v5.10.176
linux-yocto/5.10: update to v5.10.177
linux-yocto/5.10: update to v5.10.178
linux-yocto/5.10: update to v5.10.179
linux-yocto/5.10: update to v5.10.180
C. Andy Martin (1):
systemd-networkd: backport fix for rm unmanaged wifi
Christoph Lauer (1):
populate_sdk_base: add zip options
Daniel Ammann (1):
overview-manual: concepts.rst: Fix a typo
Deepthi Hemraj (5):
glibc: stable 2.35 branch updates.
binutils : Fix CVE-2023-25584
binutils : Fix CVE-2023-25585
binutils : Fix CVE-2023-1972
binutils : Fix CVE-2023-25588
Dmitry Baryshkov (1):
linux-firmware: upgrade 20230210 -> 20230404
Eero Aaltonen (1):
avahi: fix D-Bus introspection
Enrico Jörns (1):
package_manager/ipk: fix config path generation in _create_custom_config()
Hitendra Prajapati (2):
connman: fix CVE-2023-28488 DoS in client.c
sysstat: Fix CVE-2023-33204
Jan Luebbe (1):
p11-kit: add native to BBCLASSEXTEND
Joe Slater (1):
ghostscript: fix CVE-2023-29979
Kai Kang (1):
webkitgtk: fix CVE-2022-32888 & CVE-2022-32923
Khem Raj (2):
gcc-runtime: Use static dummy libstdc++
quilt: Fix merge.test race condition
Lee Chee Yang (1):
migration-guides: add release notes for 4.0.10
Marek Vasut (1):
cpio: Fix wrong CRC with ASCII CRC for large files
Martin Jansa (3):
populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO override
llvm: backport a fix for build with gcc-13
kernel-devicetree: make shell scripts posix compliant
Martin Siegumfeldt (1):
systemd-systemctl: fix instance template WantedBy symlink construction
Michael Halstead (2):
uninative: Upgrade to 3.10 to support gcc 13
uninative: Upgrade to 4.0 to include latest gcc 13.1.1
Michael Opdenacker (2):
conf.py: add macro for Mitre CVE links
migration-guides: use new cve_mitre macro
Ming Liu (1):
weston: add xwayland to DEPENDS for PACKAGECONFIG xwayland
Mingli Yu (1):
ruby: Fix CVE-2023-28755
Narpat Mali (3):
ffmpeg: fix for CVE-2022-48434
python3-cryptography: fix for CVE-2023-23931
python3-requests: fix for CVE-2023-32681
Omkar Patil (1):
curl: Correction for CVE-2023-27536
Pablo Saavedra (1):
gstreamer1.0: upgrade 1.20.5 -> 1.20.6
Pascal Bach (1):
cmake: add CMAKE_SYSROOT to generated toolchain file
Peter Bergin (1):
update-alternatives.bbclass: fix old override syntax
Peter Kjellerstedt (1):
license.bbclass: Include LICENSE in the output when it fails to parse
Peter Marko (2):
libxml2: patch CVE-2023-28484 and CVE-2023-29469
openssl: Upgrade 3.0.8 -> 3.0.9
Piotr Łobacz (1):
libarchive: Enable acls, xattr for native as well as target
Quentin Schulz (1):
Revert "docs: conf.py: fix cve extlinks caption for sphinx <4.0"
Randolph Sapp (4):
wic/bootimg-efi: if fixed-size is set then use that for mkdosfs
kernel-devicetree: allow specification of dtb directory
package: enable recursion on file globs
kernel-devicetree: recursively search for dtbs
Ranjitsinh Rathod (1):
libbsd: Add correct license for all packages
Richard Purdie (3):
maintainers.inc: Fix email address typo
maintainers.inc: Move repo to unassigned
selftest/reproducible: Allow native/cross reuse in test
Riyaz Khan (1):
openssh: Remove BSD-4-clause contents completely from codebase
Ross Burton (1):
xserver-xorg: backport fix for CVE-2023-1393
Sakib Sajal (1):
go: fix CVE-2023-24540
Shubham Kulkarni (1):
go: Security fix for CVE-2023-24538
Soumya (1):
perl: fix CVE-2023-31484
Steve Sakoman (3):
Revert "xserver-xorg: backport fix for CVE-2023-1393"
poky.conf: bump version for 4.0.10
build-appliance-image: Update to kirkstone head revision
Thomas Roos (1):
oeqa/utils/metadata.py: Fix running oe-selftest running with no distro set
Tom Hochstein (2):
piglit: Add PACKAGECONFIG for glx and opencl
piglit: Add missing glslang dependencies
Upgrade Helper (1):
waffle: upgrade 1.7.0 -> 1.7.2
Virendra Thakur (1):
qemu: Whitelist CVE-2023-0664
Vivek Kumbhar (3):
freetype: fix CVE-2023-2004 integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c
go: fix CVE-2023-24534 denial of service from excessive memory allocation
go: fix CVE-2023-24539 html/template improper sanitization of CSS values
Wang Mingyu (2):
wpebackend-fdo: upgrade 1.14.0 -> 1.14.2
xserver-xorg: upgrade 21.1.7 -> 21.1.8
Yoann Congal (1):
linux-yocto: Exclude 121 CVEs already fixed upstream
Yogita Urade (2):
xorg-lib-common: Add variable to set tarball type
libxpm: upgrade 3.5.13 -> 3.5.15
Zhixiong Chi (1):
libpam: Fix the xtests/tst-pam_motd[1|3] failures
Zoltan Boszormenyi (1):
piglit: Fix build time dependency
bkylerussell@gmail.com (1):
kernel-devsrc: depend on python3-core instead of python3
leimaohui (1):
nghttp2: Deleted the entries for -client and -server, and removed a dependency on them from the main package.
meta-security: cc20e2af2a..d398cc6ea6:
Armin Kuster (1):
apparmor: fix ownership issues
Josh Harley (1):
Add EROFS support to dm-verity-img class
Maciej Borzęcki (1):
dm-verity-img.bbclass: add squashfs images
Peter Marko (1):
tpm2-tss: upgrade to 3.2.2 to fix CVE-2023-22745
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I683201033cfd1b1135738f49b0faf6df2e6348b6
Diffstat (limited to 'meta-openembedded/meta-oe')
15 files changed, 276 insertions, 3 deletions
diff --git a/meta-openembedded/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb b/meta-openembedded/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb index d3e7973329..9b72ffefe4 100644 --- a/meta-openembedded/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb +++ b/meta-openembedded/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb @@ -20,3 +20,5 @@ do_install() { ALLOW_EMPTY:${PN} = "1" PACKAGE_ARCH = "${MACHINE_ARCH}" INHIBIT_DEFAULT_DEPS = "1" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch new file mode 100644 index 0000000000..88f3816b0f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch @@ -0,0 +1,31 @@ +From b436bc4ef31e29d73363d60b84e77eb419f46c50 Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich <slyich@gmail.com> +Date: Fri, 27 May 2022 22:27:58 +0100 +Subject: [PATCH] absl/strings/internal/str_format/extension.h: add missing + <stdint.h> include + +Without the change absl-cpp build fails on this week's gcc-13 snapshot as: + + /build/abseil-cpp/absl/strings/internal/str_format/extension.h:34:33: error: found ':' in nested-name-specifier, expected '::' + 34 | enum class FormatConversionChar : uint8_t; + | ^ + | :: + +Upstream-Status: Backport [20220623.0 36a4b073f1e7e02ed7d1ac140767e36f82f09b7c] +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + absl/strings/internal/str_format/extension.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/absl/strings/internal/str_format/extension.h b/absl/strings/internal/str_format/extension.h +index c47536d6..08c3fbeb 100644 +--- a/absl/strings/internal/str_format/extension.h ++++ b/absl/strings/internal/str_format/extension.h +@@ -17,6 +17,7 @@ + #define ABSL_STRINGS_INTERNAL_STR_FORMAT_EXTENSION_H_ + + #include <limits.h> ++#include <stdint.h> + + #include <cstddef> + #include <cstring> diff --git a/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb index 1bb27d4369..30eef75ffb 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb @@ -14,6 +14,7 @@ SRC_URI = "git://github.com/abseil/abseil-cpp;branch=${BRANCH};protocol=https \ file://0001-absl-always-use-asm-sgidefs.h.patch \ file://0002-Remove-maes-option-from-cross-compilation.patch \ file://abseil-ppc-fixes.patch \ + file://0001-absl-strings-internal-str_format-extension.h-add-mis.patch \ " S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-devtools/capnproto/capnproto_0.9.1.bb b/meta-openembedded/meta-oe/recipes-devtools/capnproto/capnproto_0.9.2.bb index d14bd843ef..d114ad0c63 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/capnproto/capnproto_0.9.1.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/capnproto/capnproto_0.9.2.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://../LICENSE;md5=a05663ae6cca874123bf667a60dca8c9" SRC_URI = "git://github.com/sandstorm-io/capnproto.git;branch=release-${PV};protocol=https \ " -SRCREV = "b49431c48d40490ef979247d308af63345376cee" +SRCREV = "0274bf17374df912ea834687c667bed33bd318db" S = "${WORKDIR}/git/c++" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/gcc13.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/gcc13.patch new file mode 100644 index 0000000000..bff349739c --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/gcc13.patch @@ -0,0 +1,75 @@ +From 576aed71db7b40c90b44c623580629792a606928 Mon Sep 17 00:00:00 2001 +From: Jiawen Geng <technicalcute@gmail.com> +Date: Fri, 14 Oct 2022 09:54:33 +0800 +Subject: [PATCH] deps: V8: cherry-pick c2792e58035f +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Original commit message: + + [base] Fix build with gcc-13 + + See https://gcc.gnu.org/gcc-13/porting_to.html#header-dep-changes. + + Also see Gentoo Linux bug report: https://bugs.gentoo.org/865981 + + Change-Id: I421f396b02ba37e12ee70048ee33e034f8113566 + Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3934140 + Reviewed-by: Clemens Backes <clemensb@chromium.org> + Reviewed-by: Simon Zünd <szuend@chromium.org> + Commit-Queue: Clemens Backes <clemensb@chromium.org> + Cr-Commit-Position: refs/heads/main@{#83587} + +Refs: https://github.com/v8/v8/commit/c2792e58035fcbaa16d0cb70998852fbeb5df4cc +PR-URL: https://github.com/nodejs/node/pull/44961 +Fixes: https://github.com/nodejs/node/issues/43642 +Reviewed-By: Michaël Zasso <targos@protonmail.com> +Reviewed-By: Richard Lau <rlau@redhat.com> +Reviewed-By: Luigi Pinca <luigipinca@gmail.com> +Reviewed-By: Colin Ihrig <cjihrig@gmail.com> + +Upstream-Status: Backport [https://github.com/nodejs/node/commit/0be1c5728173ea9ac42843058e26b6268568acf0] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + deps/v8/AUTHORS | 1 + + deps/v8/src/base/logging.h | 1 + + deps/v8/src/inspector/v8-string-conversions.h | 1 + + 3 files changed, 3 insertions(+) + +diff --git a/deps/v8/AUTHORS b/deps/v8/AUTHORS +index 35c49a01..736d3df9 100644 +--- a/deps/v8/AUTHORS ++++ b/deps/v8/AUTHORS +@@ -236,6 +236,7 @@ Vlad Burlik <vladbph@gmail.com> + Vladimir Krivosheev <develar@gmail.com> + Vladimir Shutoff <vovan@shutoff.ru> + Wael Almattar <waelsy123@gmail.com> ++WANG Xuerui <git@xen0n.name> + Wei Wu <lazyparser@gmail.com> + Wenlu Wang <kingwenlu@gmail.com> + Wenyu Zhao <wenyu.zhao@anu.edu.au> +diff --git a/deps/v8/src/base/logging.h b/deps/v8/src/base/logging.h +index 08db24a9..38be165f 100644 +--- a/deps/v8/src/base/logging.h ++++ b/deps/v8/src/base/logging.h +@@ -5,6 +5,7 @@ + #ifndef V8_BASE_LOGGING_H_ + #define V8_BASE_LOGGING_H_ + ++#include <cstdint> + #include <cstring> + #include <sstream> + #include <string> +diff --git a/deps/v8/src/inspector/v8-string-conversions.h b/deps/v8/src/inspector/v8-string-conversions.h +index c1d69c18..eb33c681 100644 +--- a/deps/v8/src/inspector/v8-string-conversions.h ++++ b/deps/v8/src/inspector/v8-string-conversions.h +@@ -5,6 +5,7 @@ + #ifndef V8_INSPECTOR_V8_STRING_CONVERSIONS_H_ + #define V8_INSPECTOR_V8_STRING_CONVERSIONS_H_ + ++#include <cstdint> + #include <string> + + // Conversion routines between UT8 and UTF16, used by string-16.{h,cc}. You may diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb index 0661fd6f1c..dfc4af3df5 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb @@ -26,6 +26,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://0001-liftoff-Correct-function-signatures.patch \ file://0001-mips-Use-32bit-cast-for-operand-on-mips32.patch \ file://0001-Nodejs-Fixed-pipes-DeprecationWarning.patch \ + file://gcc13.patch \ " SRC_URI:append:class-target = " \ file://0001-Using-native-binaries.patch \ diff --git a/meta-openembedded/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch b/meta-openembedded/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch new file mode 100644 index 0000000000..f3af3dbffd --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch @@ -0,0 +1,57 @@ +From dc668d296f9f05aeab6315d44cff3208641e3096 Mon Sep 17 00:00:00 2001 +From: Michal Vasko <mvasko@cesnet.cz> +Date: Mon, 13 Feb 2023 10:23:13 +0100 +Subject: [PATCH] schema compile UPDATE do not implement 2 same modules + +CVE: CVE-2023-26916 +Upstream-Status: Backport [https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096] + +Refs #1979 +--- + src/schema_compile.c | 20 +++++++------------- + 1 file changed, 7 insertions(+), 13 deletions(-) + +diff --git a/src/schema_compile.c b/src/schema_compile.c +index ed768ba0..68c0d681 100644 +--- a/src/schema_compile.c ++++ b/src/schema_compile.c +@@ -1748,7 +1748,7 @@ lys_has_compiled_import_r(struct lys_module *mod) + LY_ERR + lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unres *unres) + { +- LY_ERR ret; ++ LY_ERR r; + struct lys_module *m; + + assert(!mod->implemented); +@@ -1757,21 +1757,15 @@ lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unr + m = ly_ctx_get_module_implemented(mod->ctx, mod->name); + if (m) { + assert(m != mod); +- if (!strcmp(mod->name, "yang") && (strcmp(m->revision, mod->revision) > 0)) { +- /* special case for newer internal module, continue */ +- LOGVRB("Internal module \"%s@%s\" is already implemented in revision \"%s\", using it instead.", +- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); +- } else { +- LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".", +- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); +- return LY_EDENIED; +- } ++ LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".", ++ mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); ++ return LY_EDENIED; + } + + /* set features */ +- ret = lys_set_features(mod->parsed, features); +- if (ret && (ret != LY_EEXIST)) { +- return ret; ++ r = lys_set_features(mod->parsed, features); ++ if (r && (r != LY_EEXIST)) { ++ return r; + } + + /* +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb b/meta-openembedded/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb index 2817be7c86..7875c1ef79 100644 --- a/meta-openembedded/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb +++ b/meta-openembedded/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb @@ -11,6 +11,7 @@ SRCREV = "a0cc89516ab5eca84d01c85309f320a94752a64c" SRC_URI = "git://github.com/CESNET/libyang.git;branch=master;protocol=https \ file://libyang-add-stdint-h.patch \ file://run-ptest \ + file://CVE-2023-26916.patch \ " S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE.patch b/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE-7.patch index 6e07c25c6a..6e07c25c6a 100644 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE.patch +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE-7.patch diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.11.bb b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.11.bb index e6bfa227a0..4626044781 100644 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.11.bb +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.11.bb @@ -6,7 +6,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=8ffdd6c926faaece928cf9d9640132d2" DEPENDS = "readline lua ncurses" -FILESPATH =. "${FILE_DIRNAME}/${PN}-7:" +FILESPATH =. "${FILE_DIRNAME}/${BPN}-7:" SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://redis.conf \ @@ -16,7 +16,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://lua-update-Makefile-to-use-environment-build-setting.patch \ file://oe-use-libc-malloc.patch \ file://0001-src-Do-not-reset-FINAL_LIBS.patch \ - file://GNU_SOURCE.patch \ + file://GNU_SOURCE-7.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ " SRC_URI[sha256sum] = "ce250d1fba042c613de38a15d40889b78f7cb6d5461a27e35017ba39b07221e3" diff --git a/meta-openembedded/meta-oe/recipes-graphics/tslib/tslib_1.22.bb b/meta-openembedded/meta-oe/recipes-graphics/tslib/tslib_1.22.bb index c2000b264b..cb2563225f 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/tslib/tslib_1.22.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/tslib/tslib_1.22.bb @@ -81,3 +81,5 @@ FILES:tslib-uinput += "${bindir}/ts_uinput" FILES:tslib-tests = "${bindir}/ts_harvest ${bindir}/ts_print ${bindir}/ts_print_raw ${bindir}/ts_print_mt \ ${bindir}/ts_test ${bindir}/ts_test_mt ${bindir}/ts_verify ${bindir}/ts_finddev ${bindir}/ts_conf" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb b/meta-openembedded/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb index 461e6b05ed..5f687b27b3 100644 --- a/meta-openembedded/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb +++ b/meta-openembedded/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb @@ -17,6 +17,7 @@ COMPATIBLE_HOST = "(x86_64|i.86|aarch64|riscv64|powerpc64).*-linux" S = "${WORKDIR}/git/src" EXTRA_OEMAKE += "DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir}" +EXTRA_OEMAKE:append:class-native = " UAPIDIR=${includedir}" inherit pkgconfig @@ -27,3 +28,9 @@ do_compile() { do_install() { oe_runmake install } + +do_install:append:class-native() { + oe_runmake install_uapi_headers +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch new file mode 100644 index 0000000000..a60b2854c8 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch @@ -0,0 +1,53 @@ +https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0 +CVE: CVE-2022-39316 +Upstream-Status: Backport +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + +From e865c24efc40ebc52e75979c94cdd4ee2c1495b0 Mon Sep 17 00:00:00 2001 +From: akallabeth <akallabeth@posteo.net> +Date: Thu, 13 Oct 2022 09:09:28 +0200 +Subject: [PATCH] Added missing length checks in zgfx_decompress_segment + +(cherry picked from commit 64716b335858109d14f27b51acc4c4d71a92a816) +--- + libfreerdp/codec/zgfx.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/libfreerdp/codec/zgfx.c b/libfreerdp/codec/zgfx.c +index 20fbd354571..e260aa6e28a 100644 +--- a/libfreerdp/codec/zgfx.c ++++ b/libfreerdp/codec/zgfx.c +@@ -230,19 +230,19 @@ static BOOL zgfx_decompress_segment(ZGFX_CONTEXT* zgfx, wStream* stream, size_t + BYTE* pbSegment; + size_t cbSegment; + +- if (!zgfx || !stream) ++ if (!zgfx || !stream || (segmentSize < 2)) + return FALSE; + + cbSegment = segmentSize - 1; + +- if ((Stream_GetRemainingLength(stream) < segmentSize) || (segmentSize < 1) || +- (segmentSize > UINT32_MAX)) ++ if ((Stream_GetRemainingLength(stream) < segmentSize) || (segmentSize > UINT32_MAX)) + return FALSE; + + Stream_Read_UINT8(stream, flags); /* header (1 byte) */ + zgfx->OutputCount = 0; + pbSegment = Stream_Pointer(stream); +- Stream_Seek(stream, cbSegment); ++ if (!Stream_SafeSeek(stream, cbSegment)) ++ return FALSE; + + if (!(flags & PACKET_COMPRESSED)) + { +@@ -346,6 +346,9 @@ static BOOL zgfx_decompress_segment(ZGFX_CONTEXT* zgfx, wStream* stream, size_t + if (count > sizeof(zgfx->OutputBuffer) - zgfx->OutputCount) + return FALSE; + ++ if (count > zgfx->cBitsRemaining / 8) ++ return FALSE; ++ + CopyMemory(&(zgfx->OutputBuffer[zgfx->OutputCount]), zgfx->pbInputCurrent, + count); + zgfx_history_buffer_ring_write(zgfx, zgfx->pbInputCurrent, count); diff --git a/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch new file mode 100644 index 0000000000..76a9e00dd3 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch @@ -0,0 +1,41 @@ +https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea +CVE: CVE-2022-39318 CVE-2022-39319 +Upstream-Status: Backport +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + +From 80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea Mon Sep 17 00:00:00 2001 +From: akallabeth <akallabeth@posteo.net> +Date: Thu, 13 Oct 2022 08:27:41 +0200 +Subject: [PATCH] Fixed division by zero in urbdrc + +(cherry picked from commit 731f8419d04b481d7160de1f34062d630ed48765) +--- + channels/urbdrc/client/libusb/libusb_udevice.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/channels/urbdrc/client/libusb/libusb_udevice.c b/channels/urbdrc/client/libusb/libusb_udevice.c +index 505c31d7b55..ef87f195f38 100644 +--- a/channels/urbdrc/client/libusb/libusb_udevice.c ++++ b/channels/urbdrc/client/libusb/libusb_udevice.c +@@ -1221,12 +1221,18 @@ static int libusb_udev_isoch_transfer(IUDEVICE* idev, URBDRC_CHANNEL_CALLBACK* c + if (!Buffer) + Stream_Seek(user_data->data, (NumberOfPackets * 12)); + +- iso_packet_size = BufferSize / NumberOfPackets; +- iso_transfer = libusb_alloc_transfer(NumberOfPackets); ++ if (NumberOfPackets > 0) ++ { ++ iso_packet_size = BufferSize / NumberOfPackets; ++ iso_transfer = libusb_alloc_transfer((int)NumberOfPackets); ++ } + + if (iso_transfer == NULL) + { +- WLog_Print(urbdrc->log, WLOG_ERROR, "Error: libusb_alloc_transfer."); ++ WLog_Print(urbdrc->log, WLOG_ERROR, ++ "Error: libusb_alloc_transfer [NumberOfPackets=%" PRIu32 ", BufferSize=%" PRIu32 ++ " ]", ++ NumberOfPackets, BufferSize); + async_transfer_user_data_free(user_data); + return -1; + } diff --git a/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb index ece2f56960..9da8b27c0d 100644 --- a/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb +++ b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb @@ -16,6 +16,8 @@ PKGV = "${GITPKGVTAG}" SRCREV = "658a72980f6e93241d927c46cfa664bf2547b8b1" SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https \ file://winpr-makecert-Build-with-install-RPATH.patch \ + file://CVE-2022-39316.patch \ + file://CVE-2022-39318-39319.patch \ " S = "${WORKDIR}/git" |