diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2022-08-22 23:46:06 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2022-08-22 23:46:57 +0300 |
| commit | 53fdac2b0aee16e297ce86b473c56547ff1330ac (patch) | |
| tree | 2bee75c38a2f8a1c8e1ff5d629a0defab197113f /meta-openembedded/meta-oe | |
| parent | cb2a94c39eddda6e0df65f98fff97cce711c9134 (diff) | |
| download | openbmc-53fdac2b0aee16e297ce86b473c56547ff1330ac.tar.xz | |
subtree updates
poky: e4b5c35fd4..387ab5f18b:
Alex Kiernan (2):
bind: Remove legacy python3 PACKAGECONFIG code
openssh: Add openssh-sftp-server to openssh RDEPENDS
Alexander Kanavin (16):
gnupg: update 2.3.4 -> 2.3.6
xev: update 1.2.4 -> 1.2.5
xmodmap: update 1.0.10 -> 1.0.11
xf86-input-synaptics: update 1.9.1 -> 1.9.2
encodings: update 1.0.5 -> 1.0.6
font-util: update 1.3.2 -> 1.3.3
xserver-xorg: update 21.1.3 -> 21.1.4
linux-firmware: update 20220610 -> 20220708
libuv: upgrade 1.44.1 -> 1.44.2
log4cplus: upgrade 2.0.7 -> 2.0.8
vala: upgrade 0.56.0 -> 0.56.1
vala: upgrade 0.56.1 -> 0.56.2
webkitgtk: upgrade 2.36.3 -> 2.36.4
xwayland: upgrade 22.1.2 -> 22.1.3
epiphany: upgrade 42.2 -> 42.3
lttng-modules: update 2.13.3 -> 2.13.4
Bruce Ashfield (14):
yocto-bsps: update to v5.10.113
yocto-bsps: update to v5.10.128 and buildpaths fixes
yocto-bsps: update to v5.15.52 and buildpaths fixes
yocto-bsps/5.10: fix buildpaths issue with gen-mach-types
yocto-bsps/5.15: fix buildpaths issue with gen-mach-types
yocto-bsps/5.10: fix buildpaths issue with pnmtologo
yocto-bsps/5.15: fix buildpaths issue with pnmtologo
yocto-bsps: update to v5.15.54
yocto-bsps: update to v5.10.130
linux-yocto/5.10: update to v5.10.135
linux-yocto/5.15: update to v5.15.58
linux-yocto-rt/5.15: update to -rt48 (and fix -stable merge)
linux-yocto/5.15: update to v5.15.59
linux-yocto/5.15: fix reproducibility issues
Dmitry Baryshkov (1):
linux-firwmare: restore WHENCE_CHKSUM variable
He Zhe (1):
lttng-modules: Fix build failure for kernel v5.15.58
Hitendra Prajapati (2):
qemu: CVE-2022-35414 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash
libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections
Joshua Watt (1):
sstatesig: Include all dependencies in SPDX task signatures
Khem Raj (3):
lua: Backport fix for CVE-2022-33099
gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so
libgcc: Fix standalone target builds with usrmerge distro feature
Martin Jansa (2):
kernel.bbclass: pass LD also in savedefconfig
glibc: revert one upstream change to work around broken DEBUG_BUILD build
Mihai Lindner (1):
wic/plugins/rootfs: Fix NameError for 'orig_path'
Ming Liu (2):
rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S}
udev-extraconf:mount.sh: fix a umount issue
Mingli Yu (1):
strace: set COMPATIBLE_HOST for riscv32
Naveen (1):
gcc: Backport a fix for gcc bug 105039
Richard Purdie (5):
vim: Upgrade 9.0.0021 -> 9.0.0063
xorg-app: Tweak handling of compression changes in SRC_URI
xwayland: upgrade 22.1.1 -> 22.1.2
base/reproducible: Change Source Date Epoch generation methods
build-appliance-image: Update to kirkstone head revision
Ross Burton (2):
oeqa/runtime: add test that the kernel has CONFIG_PREEMPT_RT enabled
perf: fix reproduciblity in older releases of Linux
Sakib Sajal (3):
dpkg: fix CVE-2022-1664
go: update v1.17.10 -> v1.17.12
git: upgrade v2.35.3 -> v2.35.4
Shruthi Ravichandran (2):
initscripts: run umountnfs as a KILL script
package_manager/ipk: do not pipe stderr to stdout
Steve Sakoman (1):
poky.conf: bump version for 4.0.3
Sundeep KOKKONDA (2):
binutils: stable 2.38 branch updates
glibc : stable 2.35 branch updates
Tom Hochstein (1):
gobject-introspection-data: Disable cache for g-ir-scanner
Yi Zhao (1):
tiff: Security fixes CVE-2022-1354 and CVE-2022-1355
Yue Tao (1):
gnupg: upgrade to 2.3.7 to fix CVE-2022-34903
gr embeter (1):
efivar: fix import functionality
leimaohui (1):
systemd: Added base_bindir into pkg_postinst:udev-hwdb.
wangmy (4):
bind: upgrade 9.18.2 -> 9.18.3
bind: upgrade 9.18.3 -> 9.18.4
mkfontscale: upgrade 1.2.1 -> 1.2.2
xdpyinfo: upgrade 1.3.2 -> 1.3.3
meta-openembedded: a47ef04661..acbe748798:
Akash Hadke (1):
polkit: Add --shell /bin/nologin to polkitd user
Anuj Mittal (1):
yasm: fix buildpaths warning
Armin Kuster (1):
bigbuckbunny-1080p: update SRC_URI
Aryaman Gupta (1):
rsyslog: update 8.2202->8.2206
Chen Qi (1):
catfish: fix buildpaths issue
Davide Gardenal (6):
libplist: ignore patched CVEs
meta-oe: ignore patched CVEs
mongodb: ignore unrelated CVEs
php: ignore patched CVEs
postgresql: ignore unrelated CVE
openjpeg: ignore CVE-2015-1239
Khem Raj (1):
ibus: Swith to use main branch instead of master
Marta Rybczynska (1):
polkit: update patches for musl compilation
Martin Jansa (1):
glmark2: fix compatibility with python-3.11
Mingli Yu (6):
net-snmp: set ac_cv_path_PSPROG
postgresql: Fix the buildpaths issue
freeradius: Fix buildpaths issue
openipmi: Fix buildpaths issue
apache2: Fix the buildpaths issue
frr: fix buildpaths issue
Peter Kjellerstedt (2):
libwebsockets: Avoid absolute paths in *.cmake files in the sysroot
cryptsetup: Add support for building without SSH tokens
Vyacheslav Yurkov (1):
polkit: add udisks2 rule
Wang Mingyu (3):
php: upgrade 8.1.7 -> 8.1.8
ndisc6: upgrade 1.0.5 -> 1.0.6
tracker: upgrade 3.3.0 -> 3.3.1
Yi Zhao (1):
polkit-group-rule-udisks2: fix override syntax in RDEPENDS
Yue Tao (1):
python3-lxml: Security fix CVE-2022-2309
wangmy (4):
stunnel: upgrade 5.63 -> 5.64
stunnel: upgrade 5.64 -> 5.65
redis: upgrade 7.0.2 -> 7.0.4
tracker: upgrade 3.3.1 -> 3.3.2
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I48e5e47f05b456589a0c3106b5a095f1b43780b0
Diffstat (limited to 'meta-openembedded/meta-oe')
29 files changed, 419 insertions, 69 deletions
diff --git a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb index 7ea728aad4..ff4a16e9f2 100644 --- a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb +++ b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb @@ -45,6 +45,12 @@ SRC_URI:append:toolchain-clang = "\ S = "${WORKDIR}/git" +CVE_CHECK_IGNORE += "\ + CVE-2014-8180 \ + CVE-2017-18381 \ + CVE-2017-2665 \ +" + COMPATIBLE_HOST ?= '(x86_64|i.86|powerpc64|arm|aarch64).*-linux' PACKAGECONFIG ??= "tcmalloc system-pcre" diff --git a/meta-openembedded/meta-oe/recipes-benchmark/glmark2/files/0001-waflib-fix-compatibility-with-python-3.11.patch b/meta-openembedded/meta-oe/recipes-benchmark/glmark2/files/0001-waflib-fix-compatibility-with-python-3.11.patch new file mode 100644 index 0000000000..c56fa64e58 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-benchmark/glmark2/files/0001-waflib-fix-compatibility-with-python-3.11.patch @@ -0,0 +1,76 @@ +From b85ba8c3ff3fb9ae708576ccef03434d2ef73054 Mon Sep 17 00:00:00 2001 +From: Martin Jansa <Martin.Jansa@gmail.com> +Date: Tue, 14 Jun 2022 09:54:18 +0000 +Subject: [PATCH] waflib: fix compatibility with python-3.11 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* https://docs.python.org/3.11/whatsnew/3.11.html#changes-in-the-python-api + + open(), io.open(), codecs.open() and fileinput.FileInput no longer + accept 'U' (“universal newline”) in the file mode. This flag was + deprecated since Python 3.3. In Python 3, the “universal newline” is + used by default when a file is open in text mode. The newline parameter + of open() controls how universal newlines works. (Contributed by Victor + Stinner in bpo-37330.) + +* fixes: +Waf: The wscript in '/OE/build/luneos-langdale/webos-ports/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git' is unreadable +Traceback (most recent call last): + File "/OE/build/luneos-langdale/webos-ports/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Scripting.py", line 104, in waf_entry_point + set_main_module(os.path.normpath(os.path.join(Context.run_dir,Context.WSCRIPT_FILE))) + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/OE/build/luneos-langdale/webos-ports/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Scripting.py", line 135, in set_main_module + Context.g_module=Context.load_module(file_path) + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/OE/build/luneos-langdale/webos-ports/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Context.py", line 343, in load_module + code=Utils.readf(path,m='rU',encoding=encoding) + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/OE/build/luneos-langdale/webos-ports/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Utils.py", line 117, in readf + f=open(fname,m) + ^^^^^^^^^^^^^ +ValueError: invalid mode: 'rUb' + +Upstream-Status: Submitted [https://github.com/glmark2/glmark2/pull/178] +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + waflib/ConfigSet.py | 2 +- + waflib/Context.py | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/waflib/ConfigSet.py b/waflib/ConfigSet.py +index 16142a2..87de4ad 100644 +--- a/waflib/ConfigSet.py ++++ b/waflib/ConfigSet.py +@@ -140,7 +140,7 @@ class ConfigSet(object): + Utils.writef(filename,''.join(buf)) + def load(self,filename): + tbl=self.table +- code=Utils.readf(filename,m='rU') ++ code=Utils.readf(filename,m='r') + for m in re_imp.finditer(code): + g=m.group + tbl[g(2)]=eval(g(3)) +diff --git a/waflib/Context.py b/waflib/Context.py +index 8f2cbfb..f3e35ae 100644 +--- a/waflib/Context.py ++++ b/waflib/Context.py +@@ -109,7 +109,7 @@ class Context(ctx): + cache[node]=True + self.pre_recurse(node) + try: +- function_code=node.read('rU',encoding) ++ function_code=node.read('r',encoding) + exec(compile(function_code,node.abspath(),'exec'),self.exec_dict) + finally: + self.post_recurse(node) +@@ -340,7 +340,7 @@ def load_module(path,encoding=None): + pass + module=imp.new_module(WSCRIPT_FILE) + try: +- code=Utils.readf(path,m='rU',encoding=encoding) ++ code=Utils.readf(path,encoding=encoding) + except EnvironmentError: + raise Errors.WafError('Could not read the file %r'%path) + module_dir=os.path.dirname(path) diff --git a/meta-openembedded/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb b/meta-openembedded/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb index 1406f68b05..188d4e5bdf 100644 --- a/meta-openembedded/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb +++ b/meta-openembedded/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb @@ -18,7 +18,8 @@ SRC_URI = " \ file://0001-fix-dispmanx-build.patch \ file://0002-run-dispmanx-fullscreen.patch \ file://0001-libmatrix-Include-missing-utility-header.patch \ - " + file://0001-waflib-fix-compatibility-with-python-3.11.patch \ +" SRCREV = "0858b450cd88c84a15b99dda9698d44e7f7e8c70" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb b/meta-openembedded/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb index 2fa24b29b3..28a3e1e77a 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb @@ -11,6 +11,10 @@ SRC_URI = "git://github.com/rakshasa/libtorrent;branch=master;protocol=https \ " SRCREV = "756f70010779927dc0691e1e722ed433d5d295e1" +CVE_CHECK_IGNORE += "\ + CVE-2009-1760 \ +" + PV = "0.13.8" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb b/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb index a5fcb8d72d..2a3a4ebd06 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb @@ -41,3 +41,6 @@ RDEPENDS:${PN} += " ${@bb.utils.contains('PACKAGECONFIG', 'libuv', '${PN}-evlib- RDEPENDS:${PN} += " ${@bb.utils.contains('PACKAGECONFIG', 'libev', '${PN}-evlib-ev', '', d)}" RDEPENDS:${PN}-dev += " ${@bb.utils.contains('PACKAGECONFIG', 'static', '${PN}-staticdev', '', d)}" + +# Avoid absolute paths to end up in the sysroot. +SSTATE_SCAN_FILES += "*.cmake" diff --git a/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb b/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb index 8f9f663a33..4f8bbf0358 100644 --- a/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb +++ b/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb @@ -14,7 +14,6 @@ DEPENDS = " \ libdevmapper \ popt \ util-linux-libuuid \ - libssh \ " DEPENDS:append:libc-musl = " argp-standalone" @@ -39,6 +38,7 @@ PACKAGECONFIG ??= " \ blkid \ luks-adjust-xts-keysize \ openssl \ + ssh-token \ " PACKAGECONFIG:append:class-target = " \ udev \ @@ -69,6 +69,7 @@ PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss" PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel" PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle" PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1" +PACKAGECONFIG[ssh-token] = "--enable-ssh-token,--disable-ssh-token,libssh" EXTRA_OECONF = "--enable-static" # Building without largefile is not supported by upstream @@ -78,6 +79,14 @@ EXTRA_OECONF += "--disable-static-cryptsetup" # There's no recipe for libargon2 yet EXTRA_OECONF += "--disable-libargon2" +do_install:append() { + # The /usr/lib/cryptsetup directory is always created, even when ssh-token + # is disabled. In that case it is empty and causes a packaging error. Since + # there is no reason to distribute the empty directory, the easiest solution + # is to remove it if it is empty. + rmdir -p --ignore-fail-on-non-empty ${D}${libdir}/${BPN} +} + FILES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}" RDEPENDS:${PN} = " \ diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch new file mode 100644 index 0000000000..101a748776 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch @@ -0,0 +1,110 @@ +From b92eebe8b0760fee7bd55c6c22318620c2c07579 Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Mon, 1 Aug 2022 15:44:38 +0800 +Subject: [PATCH] config_info.c: not expose build info + +Don't collect the build information to fix the buildpaths issue. + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + configure.ac | 2 +- + src/common/config_info.c | 68 ---------------------------------------- + 2 files changed, 1 insertion(+), 69 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 0eb595b..508487b 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -23,7 +23,7 @@ AC_COPYRIGHT([Copyright (c) 1996-2021, PostgreSQL Global Development Group]) + AC_CONFIG_SRCDIR([src/backend/access/common/heaptuple.c]) + AC_CONFIG_AUX_DIR(config) + AC_PREFIX_DEFAULT(/usr/local/pgsql) +-AC_DEFINE_UNQUOTED(CONFIGURE_ARGS, ["$ac_configure_args"], [Saved arguments from configure]) ++AC_DEFINE_UNQUOTED(CONFIGURE_ARGS, ["ac_configure_args"], [Saved arguments from configure]) + + [PG_MAJORVERSION=`expr "$PACKAGE_VERSION" : '\([0-9][0-9]*\)'`] + [PG_MINORVERSION=`expr "$PACKAGE_VERSION" : '.*\.\([0-9][0-9]*\)'`] +diff --git a/src/common/config_info.c b/src/common/config_info.c +index e72e729..b482c20 100644 +--- a/src/common/config_info.c ++++ b/src/common/config_info.c +@@ -123,74 +123,6 @@ get_configdata(const char *my_exec_path, size_t *configdata_len) + configdata[i].setting = pstrdup(path); + i++; + +- configdata[i].name = pstrdup("CONFIGURE"); +- configdata[i].setting = pstrdup(CONFIGURE_ARGS); +- i++; +- +- configdata[i].name = pstrdup("CC"); +-#ifdef VAL_CC +- configdata[i].setting = pstrdup(VAL_CC); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("CPPFLAGS"); +-#ifdef VAL_CPPFLAGS +- configdata[i].setting = pstrdup(VAL_CPPFLAGS); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("CFLAGS"); +-#ifdef VAL_CFLAGS +- configdata[i].setting = pstrdup(VAL_CFLAGS); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("CFLAGS_SL"); +-#ifdef VAL_CFLAGS_SL +- configdata[i].setting = pstrdup(VAL_CFLAGS_SL); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("LDFLAGS"); +-#ifdef VAL_LDFLAGS +- configdata[i].setting = pstrdup(VAL_LDFLAGS); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("LDFLAGS_EX"); +-#ifdef VAL_LDFLAGS_EX +- configdata[i].setting = pstrdup(VAL_LDFLAGS_EX); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("LDFLAGS_SL"); +-#ifdef VAL_LDFLAGS_SL +- configdata[i].setting = pstrdup(VAL_LDFLAGS_SL); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("LIBS"); +-#ifdef VAL_LIBS +- configdata[i].setting = pstrdup(VAL_LIBS); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- + configdata[i].name = pstrdup("VERSION"); + configdata[i].setting = pstrdup("PostgreSQL " PG_VERSION); + i++; +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc index 00c0107469..bef33e6bb4 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc @@ -215,6 +215,14 @@ do_install:append() { install -m 0644 ${WORKDIR}/postgresql.service ${D}${systemd_unitdir}/system sed -i -e 's,@BINDIR@,${bindir},g' \ ${D}${systemd_unitdir}/system/postgresql.service + # Remove the build path + if [ -f ${D}${libdir}/${BPN}/pgxs/src/Makefile.global ]; then + sed -i -e 's#${RECIPE_SYSROOT}##g' \ + -e 's#${RECIPE_SYSROOT_NATIVE}##g' \ + -e 's#${WORKDIR}##g' \ + -e 's#${TMPDIR}##g' \ + ${D}${libdir}/${BPN}/pgxs/src/Makefile.global + fi } SSTATE_SCAN_FILES += "Makefile.global" diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb index 01a6ee635e..1daab22f92 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb @@ -8,6 +8,11 @@ SRC_URI += "\ file://0001-Improve-reproducibility.patch \ file://0001-configure.ac-bypass-autoconf-2.69-version-check.patch \ file://remove_duplicate.patch \ + file://0001-config_info.c-not-expose-build-info.patch \ " SRC_URI[sha256sum] = "c23b6237c5231c791511bdc79098617d6852e9e3bdf360efd8b5d15a1a3d8f6a" + +CVE_CHECK_IGNORE += "\ + CVE-2017-8806 \ +" diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.7.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.8.bb index e9e8eccf3a..d5cf7d8b21 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.7.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.8.bb @@ -33,7 +33,13 @@ SRC_URI:append:class-target = " \ " S = "${WORKDIR}/php-${PV}" -SRC_URI[sha256sum] = "b816753eb005511e695d90945c27093c3236cc73db1262656d9fadd73ead7e9d" +SRC_URI[sha256sum] = "b8815a5a02431453d4261e3598bd1f28516e4c0354f328c12890f257870e4c01" + +CVE_CHECK_IGNORE += "\ + CVE-2007-2728 \ + CVE-2007-3205 \ + CVE-2007-4596 \ +" inherit autotools pkgconfig python3native gettext diff --git a/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb index e9cb7adb81..df90b629a9 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb @@ -18,6 +18,10 @@ SRC_URI[sha256sum] = "53e15a2b5c1bc80161d42e9f69792a3fa18332b7b771910131004eb520 S = "${WORKDIR}/imap-${PV}" +CVE_CHECK_IGNORE += "\ + CVE-2005-0198 \ +" + PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" PACKAGECONFIG[pam] = ",,libpam" diff --git a/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb index b5cd35ab3a..044fcbea74 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb @@ -22,3 +22,8 @@ CACHED_CONFIGUREVARS = "CCLD_FOR_BUILD='${CC_FOR_BUILD}'" BBCLASSEXTEND = "native" PARALLEL_MAKE = "" + +do_configure:prepend() { + # Don't include $CC (which includes path to sysroot) in generated header. + sed -i -e "s/^echo \"\/\* generated \$ac_cv_stdint_message \*\/\" >>\$ac_stdint$"// ${S}/m4/ax_create_stdint_h.m4 +} diff --git a/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb b/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb index db4f507b7c..daaff00395 100644 --- a/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb +++ b/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb @@ -13,6 +13,12 @@ SRC_URI = "git://github.com/libimobiledevice/libplist;protocol=https;branch=mast S = "${WORKDIR}/git" +CVE_CHECK_IGNORE += "\ + CVE-2017-5834 \ + CVE-2017-5835 \ + CVE-2017-5836 \ +" + do_install:append () { if [ -e ${D}${libdir}/python*/site-packages/plist/_plist.so ]; then chrpath -d ${D}${libdir}/python*/site-packages/plist/_plist.so diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules b/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules new file mode 100644 index 0000000000..2ffa4087a8 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules @@ -0,0 +1,24 @@ +polkit.addRule(function(action, subject) { + var YES = polkit.Result.YES; + var permission = { + // required for udisks1: + "org.freedesktop.udisks.filesystem-mount": YES, + "org.freedesktop.udisks.luks-unlock": YES, + "org.freedesktop.udisks.drive-eject": YES, + "org.freedesktop.udisks.drive-detach": YES, + // required for udisks2: + "org.freedesktop.udisks2.filesystem-mount": YES, + "org.freedesktop.udisks2.encrypted-unlock": YES, + "org.freedesktop.udisks2.eject-media": YES, + "org.freedesktop.udisks2.power-off-drive": YES, + // required for udisks2 if using udiskie from another seat (e.g. systemd): + "org.freedesktop.udisks2.filesystem-mount-other-seat": YES, + "org.freedesktop.udisks2.filesystem-unmount-others": YES, + "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES, + "org.freedesktop.udisks2.eject-media-other-seat": YES, + "org.freedesktop.udisks2.power-off-drive-other-seat": YES + }; + if (subject.isInGroup("plugdev")) { + return permission[action.id]; + } +}); diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb new file mode 100644 index 0000000000..db2ed015b4 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb @@ -0,0 +1,17 @@ +DESCRIPTION = "Polkit rule to allow non-priviledged users mount/umount block devices via udisks2" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +require polkit-group-rule.inc + +# The file originates from https://github.com/coldfix/udiskie/wiki/Permissions +SRC_URI = "file://50-org.freedesktop.udiskie.rules" + +RDEPENDS:${PN} += "udisks2" + +do_install() { + install -m 0755 ${WORKDIR}/50-org.freedesktop.udiskie.rules ${D}${sysconfdir}/polkit-1/rules.d +} + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "--system plugdev" diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch index e44e4f6e4a..b8562f8ce2 100644 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch @@ -1,15 +1,18 @@ -From eaecfb21e1bca42e99321cc731e21dbfc1ea0d0c Mon Sep 17 00:00:00 2001 +From 4af72493cb380ab5ce0dd7c5bcd25a8b5457d770 Mon Sep 17 00:00:00 2001 From: Gustavo Lima Chaves <limachaves@gmail.com> Date: Tue, 25 Jan 2022 09:43:21 +0000 -Subject: [PATCH 3/3] Added support for duktape as JS engine +Subject: [PATCH] Added support for duktape as JS engine Original author: Wu Xiaotian (@yetist) Resurrection author, runaway-killer author: Gustavo Lima Chaves (@limachaves) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> +Upstream-Status: Backport [c7fc4e1b61f0fd82fc697c19c604af7e9fb291a2] +Dropped change to .gitlab-ci.yml and adapted configure.ac due to other +patches in meta-oe. + --- - .gitlab-ci.yml | 1 + buildutil/ax_pthread.m4 | 522 ++++++++ configure.ac | 34 +- docs/man/polkit.xml | 4 +- @@ -23,16 +26,12 @@ Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> .../polkitbackendjsauthority.cpp | 721 +---------- .../etc/polkit-1/rules.d/10-testing.rules | 6 +- .../test-polkitbackendjsauthority.c | 2 +- - 14 files changed, 2399 insertions(+), 678 deletions(-) + 13 files changed, 2398 insertions(+), 678 deletions(-) create mode 100644 buildutil/ax_pthread.m4 create mode 100644 src/polkitbackend/polkitbackendcommon.c create mode 100644 src/polkitbackend/polkitbackendcommon.h create mode 100644 src/polkitbackend/polkitbackendduktapeauthority.c -Upstream-Status: Backport [c7fc4e1b61f0fd82fc697c19c604af7e9fb291a2] -Dropped change to .gitlab-ci.yml and adapted configure.ac due to other -patches in meta-oe. - diff --git a/buildutil/ax_pthread.m4 b/buildutil/ax_pthread.m4 new file mode 100644 index 0000000..9f35d13 @@ -603,7 +602,7 @@ index b625743..bbf4768 100644 +CC="$PTHREAD_CC" +AC_CHECK_FUNCS([pthread_condattr_setclock]) + - AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) + AC_CHECK_FUNCS(clearenv fdatasync) if test "x$GCC" = "xyes"; then @@ -581,6 +598,13 @@ echo " @@ -3458,6 +3457,3 @@ index f97e0e0..2103b17 100644 }, { --- -2.20.1 - diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-make-netgroup-support-optional.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch index 1a268f2d0d..fa273d4503 100644 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-make-netgroup-support-optional.patch +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch @@ -1,36 +1,43 @@ -From 0c1debb380fee7f5b2bc62406e45856dc9c9e1a1 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Wed, 22 May 2019 13:18:55 -0700 -Subject: [PATCH] make netgroup support optional +From 7ef2621ab7adcedc099ed39acfb73c6fa835cbc3 Mon Sep 17 00:00:00 2001 +From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> +Date: Sun, 15 May 2022 05:04:10 +0000 +Subject: [PATCH] Make netgroup support optional -On at least Linux/musl and Linux/uclibc, netgroup -support is not available. PolKit fails to compile on these systems -for that reason. +On at least Linux/musl and Linux/uclibc, netgroup support is not +available. PolKit fails to compile on these systems for that reason. This change makes netgroup support conditional on the presence of the setnetgrent(3) function which is required for the support to work. If that function is not available on the system, an error will be returned to the administrator if unix-netgroup: is specified in configuration. -Fixes bug 50145. +(sam: rebased for Meson and Duktape.) -Closes polkit/polkit#14. +Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/14 +Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/163 +Closes: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/52 Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com> -Signed-off-by: Khem Raj <raj.khem@gmail.com> + +Ported back the change in configure.ac (upstream removed autotools +support). + +Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66] +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> --- - configure.ac | 2 +- - src/polkit/polkitidentity.c | 16 ++++++++++++++++ - src/polkit/polkitunixnetgroup.c | 3 +++ - .../polkitbackendinteractiveauthority.c | 14 ++++++++------ - src/polkitbackend/polkitbackendjsauthority.cpp | 3 +++ - test/polkit/polkitidentitytest.c | 9 ++++++++- - test/polkit/polkitunixnetgrouptest.c | 3 +++ - .../test-polkitbackendjsauthority.c | 2 ++ - 8 files changed, 44 insertions(+), 8 deletions(-) + configure.ac | 2 +- + meson.build | 1 + + src/polkit/polkitidentity.c | 17 +++++++++++++++++ + src/polkit/polkitunixnetgroup.c | 3 +++ + .../polkitbackendinteractiveauthority.c | 14 ++++++++------ + src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++ + test/polkit/polkitidentitytest.c | 8 +++++++- + test/polkit/polkitunixnetgrouptest.c | 2 ++ + .../test-polkitbackendjsauthority.c | 2 ++ + 9 files changed, 43 insertions(+), 8 deletions(-) diff --git a/configure.ac b/configure.ac -index b625743..d807086 100644 +index 59858df..5a7fc11 100644 --- a/configure.ac +++ b/configure.ac @@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], @@ -42,8 +49,20 @@ index b625743..d807086 100644 if test "x$GCC" = "xyes"; then LDFLAGS="-Wl,--as-needed $LDFLAGS" +diff --git a/meson.build b/meson.build +index 733bbff..d840926 100644 +--- a/meson.build ++++ b/meson.build +@@ -82,6 +82,7 @@ config_h.set('_GNU_SOURCE', true) + check_functions = [ + 'clearenv', + 'fdatasync', ++ 'setnetgrent', + ] + + foreach func: check_functions diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c -index 3aa1f7f..10e9c17 100644 +index 3aa1f7f..793f17d 100644 --- a/src/polkit/polkitidentity.c +++ b/src/polkit/polkitidentity.c @@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, @@ -62,7 +81,7 @@ index 3aa1f7f..10e9c17 100644 } if (identity == NULL && (error != NULL && *error == NULL)) -@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant *variant, +@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant, GVariant *v; const char *name; @@ -73,10 +92,11 @@ index 3aa1f7f..10e9c17 100644 + "Netgroups are not available on this machine"); + goto out; +#else ++ v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); if (v == NULL) { -@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, +@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, name = g_variant_get_string (v, NULL); ret = polkit_unix_netgroup_new (name); g_variant_unref (v); @@ -144,10 +164,10 @@ index 056d9a8..36c2f3d 100644 } diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp -index ca17108..41d8d5c 100644 +index 5027815..bcb040c 100644 --- a/src/polkitbackend/polkitbackendjsauthority.cpp +++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -1520,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, +@@ -1524,6 +1524,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, JS::CallArgs args = JS::CallArgsFromVp (argc, vp); @@ -155,28 +175,19 @@ index ca17108..41d8d5c 100644 JS::RootedString usrstr (authority->priv->cx); usrstr = args[0].toString(); user = JS_EncodeStringToUTF8 (cx, usrstr); -@@ -1535,6 +1536,8 @@ js_polkit_user_is_in_netgroup (JSContext *cx, +@@ -1538,6 +1539,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, + { is_in_netgroup = true; } - +#endif -+ + ret = true; - args.rval ().setBoolean (is_in_netgroup); diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c -index e91967b..e829aaa 100644 +index e91967b..2635c4c 100644 --- a/test/polkit/polkitidentitytest.c +++ b/test/polkit/polkitidentitytest.c -@@ -19,6 +19,7 @@ - * Author: Nikki VonHollen <vonhollen@google.com> - */ - -+#include "config.h" - #include "glib.h" - #include <polkit/polkit.h> - #include <polkit/polkitprivate.h> -@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = { +@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = { {"unix-group:root", "unix-group:jane", FALSE}, {"unix-group:jane", "unix-group:jane", TRUE}, @@ -192,7 +203,7 @@ index e91967b..e829aaa 100644 {NULL}, }; -@@ -181,11 +186,13 @@ main (int argc, char *argv[]) +@@ -181,11 +185,13 @@ main (int argc, char *argv[]) g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); @@ -208,18 +219,10 @@ index e91967b..e829aaa 100644 add_comparison_tests (); diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c -index 3701ba1..e3352eb 100644 +index 3701ba1..e1d211e 100644 --- a/test/polkit/polkitunixnetgrouptest.c +++ b/test/polkit/polkitunixnetgrouptest.c -@@ -19,6 +19,7 @@ - * Author: Nikki VonHollen <vonhollen@google.com> - */ - -+#include "config.h" - #include "glib.h" - #include <polkit/polkit.h> - #include <string.h> -@@ -69,7 +70,9 @@ int +@@ -69,7 +69,9 @@ int main (int argc, char *argv[]) { g_test_init (&argc, &argv, NULL); diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0005-Make-netgroup-support-optional-duktape.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0005-Make-netgroup-support-optional-duktape.patch new file mode 100644 index 0000000000..12988ad94f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0005-Make-netgroup-support-optional-duktape.patch @@ -0,0 +1,34 @@ +From 792f8e2151c120ec51b50a4098e4f9642409cbec Mon Sep 17 00:00:00 2001 +From: Marta Rybczynska <rybczynska@gmail.com> +Date: Fri, 29 Jul 2022 11:52:59 +0200 +Subject: [PATCH] Make netgroup support optional + +This patch adds a fragment of the netgroup patch to apply on the duktape-related +code. This change is needed to compile with duktape+musl. + +Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66] +Signed-off-by: Marta Rybczynska <martarybczynska@huawei.com> +--- + src/polkitbackend/polkitbackendduktapeauthority.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/polkitbackend/polkitbackendduktapeauthority.c b/src/polkitbackend/polkitbackendduktapeauthority.c +index c89dbcf..58a5936 100644 +--- a/src/polkitbackend/polkitbackendduktapeauthority.c ++++ b/src/polkitbackend/polkitbackendduktapeauthority.c +@@ -1036,6 +1036,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) + user = duk_require_string (cx, 0); + netgroup = duk_require_string (cx, 1); + ++#ifdef HAVE_SETNETGRENT + if (innetgr (netgroup, + NULL, /* host */ + user, +@@ -1043,6 +1044,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) + { + is_in_netgroup = TRUE; + } ++#endif + + duk_push_boolean (cx, is_in_netgroup); + return 1; diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.119.bb b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.119.bb index 66bbf735f0..eff80cd43d 100644 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.119.bb +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.119.bb @@ -24,10 +24,10 @@ PACKAGECONFIG[consolekit] = ",,,consolekit" PAM_SRC_URI = "file://polkit-1_pam.patch" SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - file://0003-make-netgroup-support-optional.patch \ file://0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch \ file://0002-CVE-2021-4115-GHSL-2021-077-fix.patch \ file://0003-Added-support-for-duktape-as-JS-engine.patch \ + file://0004-Make-netgroup-support-optional.patch \ " SRC_URI[sha256sum] = "c8579fdb86e94295404211285fee0722ad04893f0213e571bd75c00972fd1f5c" @@ -58,7 +58,7 @@ FILES:${PN}:append = " \ FILES:${PN}-examples = "${bindir}/*example*" USERADD_PACKAGES = "${PN}" -USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/${BPN}-1 polkitd" +USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/${BPN}-1 --shell /bin/nologin polkitd" SYSTEMD_SERVICE:${PN} = "${BPN}.service" SYSTEMD_AUTO_ENABLE = "disable" diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.2.bb b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.4.bb index b188278e1c..993ff34b10 100644 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.2.bb +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.4.bb @@ -19,7 +19,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://GNU_SOURCE.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ " -SRC_URI[sha256sum] = "5e57eafe7d4ac5ecb6a7d64d6b61db775616dbf903293b3fcc660716dbda5eeb" +SRC_URI[sha256sum] = "f0e65fda74c44a3dd4fa9d512d4d4d833dd0939c934e946a5c622a630d057f2f" inherit autotools-brokensep update-rc.d systemd useradd diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.2202.0.bb b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.2206.0.bb index ebb8ecf9bd..a39de3acb5 100644 --- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.2202.0.bb +++ b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.2206.0.bb @@ -31,7 +31,7 @@ SRC_URI:append:libc-musl = " \ file://0001-Include-sys-time-h.patch \ " -SRC_URI[sha256sum] = "e41308a5a171939b3cbc246e9d4bd30be44e801521e04cd95d051fa3867d6738" +SRC_URI[sha256sum] = "a1377218b26c0767a7a3f67d166d5338af7c24b455d35ec99974e18e6845ba27" UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/releases" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)" diff --git a/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb b/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb index ecbfad394d..a59a5c41df 100644 --- a/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb +++ b/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb @@ -21,6 +21,10 @@ SRCREV = "a181e951376d49a82eef17920c8ebedec80b4823" S = "${WORKDIR}/git" +CVE_CHECK_IGNORE += "\ + CVE-2012-5638 \ +" + DEPENDS = "libaio util-linux" inherit setuptools3 useradd diff --git a/meta-openembedded/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb b/meta-openembedded/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb index 7e00f150d3..4b9ae4758f 100644 --- a/meta-openembedded/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb +++ b/meta-openembedded/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb @@ -32,6 +32,10 @@ SRC_URI = "http://downloads.sourceforge.net/sblim/${BP}.tar.bz2 \ SRC_URI[md5sum] = "28021cdabc73690a94f4f9d57254ce30" SRC_URI[sha256sum] = "634a67b2f7ac3b386a79160eb44413d618e33e4e7fc74ae68b0240484af149dd" +CVE_CHECK_IGNORE += "\ + CVE-2012-3381 \ +" + inherit autotools inherit systemd diff --git a/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb b/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb index aa597cd8e4..4c51af669c 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb @@ -31,6 +31,10 @@ SRC_URI:append:class-nativesdk = "\ SRC_URI[sha256sum] = "6b16bf990df114195be669773a1dae975dbbffada45e1de2849ddeb5851bb9a8" +CVE_CHECK_IGNORE += "\ + CVE-2014-9157 \ +" + PACKAGECONFIG ??= "librsvg" PACKAGECONFIG[librsvg] = "--with-librsvg,--without-librsvg,librsvg" diff --git a/meta-openembedded/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-openembedded/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb index 4c17105a99..27dff82df5 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb @@ -6,6 +6,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb" SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master" SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973" +CVE_CHECK_IGNORE += "\ + CVE-2015-8751 \ +" + S = "${WORKDIR}/git" inherit cmake diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb index f248619ec8..42d2b4efb0 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb @@ -15,6 +15,10 @@ SRC_URI = " \ SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505" S = "${WORKDIR}/git" +CVE_CHECK_IGNORE += "\ + CVE-2015-1239 \ +" + inherit cmake # for multilib diff --git a/meta-openembedded/meta-oe/recipes-support/atop/atop_2.4.0.bb b/meta-openembedded/meta-oe/recipes-support/atop/atop_2.4.0.bb index 35540b3b8f..b1d2abde73 100644 --- a/meta-openembedded/meta-oe/recipes-support/atop/atop_2.4.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/atop/atop_2.4.0.bb @@ -24,6 +24,10 @@ SRC_URI = "http://www.atoptool.nl/download/${BP}.tar.gz \ SRC_URI[md5sum] = "1077da884ed94f2bc3c81ac3ab970436" SRC_URI[sha256sum] = "be1c010a77086b7d98376fce96514afcd73c3f20a8d1fe01520899ff69a73d69" +CVE_CHECK_IGNORE += "\ + CVE-2011-3618 \ +" + do_compile() { oe_runmake all } diff --git a/meta-openembedded/meta-oe/recipes-support/emacs/emacs_27.2.bb b/meta-openembedded/meta-oe/recipes-support/emacs/emacs_27.2.bb index b78dc5e450..4a7e7aba5c 100644 --- a/meta-openembedded/meta-oe/recipes-support/emacs/emacs_27.2.bb +++ b/meta-openembedded/meta-oe/recipes-support/emacs/emacs_27.2.bb @@ -11,6 +11,10 @@ SRC_URI:append:class-target = " file://usemake-docfile-native.patch" SRC_URI[sha256sum] = "b4a7cc4e78e63f378624e0919215b910af5bb2a0afc819fad298272e9f40c1b9" +CVE_CHECK_IGNORE = "\ + CVE-2007-6109 \ +" + PACKAGECONFIG[gnutls] = "--with-gnutls=yes,--with-gnutls=no,gnutls" PACKAGECONFIG[kerberos] = "--with-kerberos=yes,--with-kerberos=no,krb5" PACKAGECONFIG[libgmp] = "--with-libgmp=yes,--with-libgmp=no,gmp" diff --git a/meta-openembedded/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb b/meta-openembedded/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb index 14b1aaf01c..3d8a45786d 100644 --- a/meta-openembedded/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb +++ b/meta-openembedded/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb @@ -15,6 +15,11 @@ SRC_URI = "\ SRC_URI[sha256sum] = "19654ad276b149646371fbdac21bc7620742f2975f7399fed0ffc1a18fbaf603" +CVE_CHECK_IGNORE += "\ + CVE-2010-1624 \ + CVE-2011-3594 \ +" + PACKAGECONFIG ??= "gnutls consoleui avahi dbus idn nss \ ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 gtk startup-notification', '', d)} \ " |