diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2022-10-18 20:51:29 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2022-10-18 20:53:04 +0300 |
| commit | c67ef227fe09ebd2213c47709a37a70784232b12 (patch) | |
| tree | 5fd573a5df398965aa7e7f88b42a8db2144e8a0e /meta-openembedded | |
| parent | 53fdac2b0aee16e297ce86b473c56547ff1330ac (diff) | |
| download | openbmc-c67ef227fe09ebd2213c47709a37a70784232b12.tar.xz | |
subtree updates
poky: 387ab5f18b..eaf8ce9d39:
Alejandro Hernandez Samaniego (1):
rootfs.py: dont try to list installed packages for baremetal images
Alex Stewart (1):
maintainers: update opkg maintainer
Alexander Kanavin (26):
devtool/upgrade: correctly clean up when recipe filename isn't yet known
devtool/upgrade: catch bb.fetch2.decodeurl errors
scripts/oe-setup-builddir: make it known where configurations come from
bluez5: update 5.64 -> 5.65
libwpe: upgrade 1.12.0 -> 1.12.2
ell: upgrade 0.49 -> 0.50
iso-codes: upgrade 4.10.0 -> 4.11.0
libcap: upgrade 2.64 -> 2.65
libwebp: upgrade 1.2.2 -> 1.2.3
mobile-broadband-provider-info: upgrade 20220511 -> 20220725
webkitgtk: upgrade 2.36.4 -> 2.36.5
weston: upgrade 10.0.1 -> 10.0.2
tzdata: upgrade 2022a -> 2022b
xz: update 5.2.5 -> 5.2.6
gdk-pixbuf: upgrade 2.42.6 -> 2.42.8
gdk-pixbuf: update 2.42.8 -> 2.42.9
epiphany: upgrade 42.3 -> 42.4
glib-networking: upgrade 2.72.1 -> 2.72.2
libjpeg-turbo: upgrade 2.1.3 -> 2.1.4
libwebp: upgrade 1.2.3 -> 1.2.4
wireless-regdb: upgrade 2022.06.06 -> 2022.08.12
wpebackend-fdo: upgrade 1.12.0 -> 1.12.1
bind: upgrade 9.18.4 -> 9.18.5
lighttpd: upgrade 1.4.65 -> 1.4.66
rpm: update 4.17.0 -> 4.17.1
tzdata: update to 2022d
Alexandre Belloni (3):
ruby: drop capstone support
runqemu: display host uptime when starting
oeqa/runtime/dnf: fix typo
Andrei Gherzan (4):
linux-yocto: Fix COMPATIBLE_MACHINE regex match
shadow: Enable subid support
rootfspostcommands.py: Cleanup subid backup files generated by shadow-utils
shadow: Avoid nss warning/error with musl
Anuj Mittal (1):
poky.conf: add ubuntu-22.04 to tested distros
Aryaman Gupta (2):
bitbake: bitbake: runqueue: add cpu/io pressure regulation
bitbake: bitbake: runqueue: add memory pressure regulation
Awais Belal (1):
kernel-fitimage.bbclass: only package unique DTBs
Beniamin Sandu (1):
libpam: use /run instead of /var/run in systemd tmpfiles
Bertrand Marquis (1):
sysvinit-inittab/start_getty: Fix respawn too fast
Bruce Ashfield (16):
lttng-modules: fix 5.19+ build
lttng-modules: fix build against mips and v5.19 kernel
lttng-modules: replace mips compaction fix with upstream change
linux-yocto/5.15: update to v5.15.60
linux-yocto/5.15: update to v5.15.62
linux-yocto/5.10: update to v5.10.136
linux-yocto/5.10: update to v5.10.137
linux-yocto/5.10: update to v5.10.141
linux-yocto/5.10: update to v5.10.143
linux-yocto/5.15: update to v5.15.63
linux-yocto/5.15: update to v5.15.65
linux-yocto/5.15: update to v5.15.68
linux-yocto/5.15: cfg: fix ACPI warnings for -tiny
kernel-yocto: allow patch author date to be commit date
kern-tools: fix queue processing in relative TOPDIR configurations
kern-tools: allow 'y' or 'm' to avoid config audit warnings
Changqing Li (1):
apt: fix nativesdk-apt build failure during the second time build
Chee Yang Lee (1):
sqlite: add CVE-2022-35737 patch to SRC_URI
Daiane Angolini (1):
python3-pip: Fix RDEPENDS after the update
Daniel McGregor (1):
coreutils: add openssl PACKAGECONFIG
Denys Dmytriyenko (1):
glibc-locale: explicitly remove empty dirs in ${libdir}
Dmitry Baryshkov (2):
linux-firmware: upgrade 20220708 -> 20220913
linux-firmware: package new Qualcomm firmware
Enrico Scholz (5):
npm: replace 'npm pack' call by 'tar czf'
npm: return content of 'package.json' in 'npm_pack'
npm: take 'version' directly from 'package.json'
lib:npm_registry: initial checkin
npm: use npm_registry to cache package
Ernst Sjöstrand (1):
cve-check: Don't use f-strings
Florin Diaconescu (4):
expat: upgrade 2.4.7 -> 2.4.8
expat: upgrade 2.4.8 -> 2.4.9
rsync: update 3.2.3 -> 3.2.4
rsync: update 3.2.4 -> 3.2.5
Gennaro Iorio (1):
bitbake: fetch2: gitsm: fix incorrect handling of git submodule relative urls
He Zhe (3):
lttng-tools: Disable on qemuriscv32
stress-cpu: disable float128 math on powerpc64 to avoid SIGILL
lttng-tools: Disable on riscv32
Hitendra Prajapati (5):
gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow
gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify
zlib: CVE-2022-37434 a heap-based buffer over-read
libtiff: CVE-2022-34526 A stack overflow was discovered
Revert "gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow"
Jacob Kroon (1):
bitbake: bitbake-user-manual: Correct description of the ??= operator
Jon Mason (2):
ref-manual: add numa to machine features
oeqa/parselogs: add qemuarmv5 arm-charlcd masking
Jose Quaresma (7):
archiver.bbclass: remove unsed do_deploy_archives[dirs]
create-spdx: ignore packing control files from ipk and deb
archiver.bbclass: some recipes that uses the kernelsrc bbclass uses the shared source
linux-yocto: prepend the the value with a space when append to KERNEL_EXTRA_ARGS
bitbake: bitbake: bitbake-user-manual: hashserv can be accessed on a dedicated domain
bitbake: bb/utils: remove: check the path again the expand python glob
bitbake: bb/utils: movefile: use the logger for printing
Joshua Watt (4):
bitbake: utils: Pass lock argument in fileslocked
classes: cve-check: Get shared database lock
oeqa: qemurunner: Report UNIX Epoch timestamp on login
bitbake: siggen: Fix insufficent entropy in sigtask file names
Kai Kang (1):
packagegroup-self-hosted: update for strace
Khem Raj (15):
libxml2: Ignore CVE-2016-3709
connman: Backports for security fixes
cracklib: Drop using register keyword
tcp-wrappers: Fix implicit-function-declaration warnings
xinetd: Pass missing -D_GNU_SOURCE
watchdog: Include needed system header for function decls
pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses
apr: Use correct strerror_r implementation based on libc type
gcr: Define _GNU_SOURCE
apr: Cache configure tests which use AC_TRY_RUN
autoconf: Fix strict prototype errors in generated tests
autoconf: Update K & R stype functions
webkitgtk: Upgrade to 2.36.6 minor update
webkitgtk: Update to 2.36.7
rpm: Remove -Wimplicit-function-declaration warnings
Kristian Amlie (1):
externalsrc: Don't wipe out src dir when EXPORT_FUNCTIONS is used.
LUIS ENRIQUEZ (1):
kernel-fitimage.bbclass: add padding algorithm property in config nodes
Mark Hatle (1):
runqemu: Add missing space on default display option
Martin Beeger (1):
cmake: remove CMAKE_ASM_FLAGS variable in toolchain file
Martin Jansa (2):
libxml2: Port gentest.py to Python-3
create-pull-request: don't switch the git remote protocol to git://
Mateusz Marciniec (1):
util-linux: Remove --enable-raw from EXTRA_OECONF
Michael Opdenacker (7):
migration guides: add missing release notes
bitbake: doc: bitbake-user-manual: add explicit target for crates fetcher
bitbake: doc: bitbake-user-manual: document npm and npmsw fetchers
bitbake: bitbake-user-manual: npm fetcher: improve description of SRC_URI format
poky.yaml.in: update version requirements
migration-guides: add 4.0.4 release notes
dev-manual: fix reference to BitBake user manual
Mihai Lindner (1):
create-spdx: Fix supplier field
Mikko Rapeli (7):
boost: fix install of fiber shared libraries
bitbake: event.py: ignore exceptions from stdout and sterr operations in atexit
u-boot: switch from append to += in SRC_URI
glibc-tests: use += instead of :append
go-native: switch from SRC_URI:append to SRC_URI +=
python3-rfc3986-validator: switch from SRC_URI:append to SRC_URI +=
linux-libc-headers: switch from SRC_URI:append to SRC_URI +=
Ming Liu (1):
meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE
Mingli Yu (1):
busybox: add devmem 128-bit support
Neil Horman (1):
bitbake: Fix npm to use https rather than http
Ola x Nilsson (1):
bitbake: ConfHandler: Remove lingering close
Otavio Salvador (1):
bitbake: toaster: fix kirkstone version
Paul Eggleton (1):
relocate_sdk.py: ensure interpreter size error causes relocation to fail
Pavel Zhukov (4):
package_rpm: Do not replace square brackets in %files
parselogs: Ignore xf86OpenConsole error
core-image.bbclass: Exclude openssh complementary packages
bitbake: gitsm: Error out if submodule refers to parent repo
Peter Bergin (1):
rootfs-postcommands.bbclass: avoid moving ssh host keys if etc is writable
Peter Kjellerstedt (1):
cairo: Adapt the license information based on what is being built
Peter Marko (1):
create-spdx: handle links to inaccessible locations
Rajesh Dangi (2):
linux-yocto/5.15: update genericx86* machines to v5.15.59
linux-yocto/5.10: update genericx86* machines to v5.10.135
Randy MacLeod (1):
vim: update from 9.0.0063 to 9.0.0115
Rasmus Villemoes (1):
bitbake.conf: set BB_DEFAULT_UMASK using ??=
Richard Purdie (25):
nativesdk: Clear TUNE_FEATURES
selftest/wic: Tweak test case to not depend on kernel size
bitbake: runqueue: Change pressure file warning to a note
perf: Fix reproducibility issues with 5.19 onwards
vim: Upgrade 9.0.0115 -> 9.0.0242
vim: Upgrade 9.0.0242 -> 9.0.0341
pseudo: Update to include recent upstream minor fixes
bitbake: runqueue: Fix unihash cache mismatch issues
bitbake: cooker: Drop sre_constants usage
bitbake: ConfHandler/BBHandler: Improve comment error messages and add tests
bitbake: fetch2: Ensure directory exists before creating symlink
gcc-multilib-config: Fix i686 toolchain relocation issues
kernel: Always set CC and LD for the kernel build
kernel: Use consistent make flags for menuconfig
vim: Upgrade 9.0.0341 -> 9.0.0453
build-appliance-image: Update to kirkstone head revision
libpng: upgrade 1.6.37 -> 1.6.38
vim: Upgrade 9.0.453 -> 9.0.541
perf: Fix for recent kernel upgrades
vim: Upgrade 9.0.0541 -> 9.0.0598
bitbake: runqueue: Ensure deferred tasks are sorted by multiconfig
bitbake: runqueue: Improve deadlock warning messages
bitbake: runqueue: Drop deadlock breaking force fail
bitbake: bitbake: Add copyright headers where missing
bitbake: asyncrpc/client: Fix unix domain socket chdir race issues
Robert Joslyn (2):
curl: Backport patch for CVE-2022-35252
tzdata: Update from 2022b to 2022c
Roland Hieber (1):
devtool: error out when workspace is using old override syntax
Ross Burton (8):
oeqa/qemurunner: add run_serial() comment
oeqa/selftest: rename git.py to intercept.py
oeqa/gotoolchain: put writable files in the Go module cache
oeqa/gotoolchain: set CGO_ENABLED=1
wic: add target tools to PATH when executing native commands
wic/bootimg-efi: use cross objcopy when building unified kernel image
wic: depend on cross-binutils
cve-check: close cursors as soon as possible
Ruiqiang Hao (2):
gcc: add arm-v9 support
tune-neoversen2: support tune-neoversen2 base on armv9a
Sakib Sajal (9):
qemu: fix CVE-2021-3507
qemu: fix CVE-2021-3929
qemu: fix CVE-2021-4158
qemu: fix CVE-2022-0358
qemu: fix CVE-2022-0216
u-boot: fix CVE-2022-33103
u-boot: fix CVE-2022-30552
u-boot: fix CVE-2022-33967
go: update v1.17.12 -> v1.17.13
Samuli Piippo (2):
Revert "gcc-cross-canadian: Add symlink to real-ld alongside other symlinks"
gcc-cross-canadian: add default plugin linker
Shubham Kulkarni (1):
sanity: add a comment to ensure CONNECTIVITY_CHECK_URIS is correct
Steve Sakoman (3):
lttng-modules: fix build for kernel 5.10.137
poky.conf: bump version for 4.0.4
system-requirements.rst: Add Ubuntu 22.04 to list of supported distros
Sundeep KOKKONDA (1):
glibc: stable 2.35 branch updates.
Teoh Jay Shen (3):
go: fix CVE-2022-27664
inetutils: fix CVE-2022-39028 - remote DoS vulnerability in inetutils-telnetd
bind: upgrade 9.18.6 -> 9.18.7
Ulrich Ölmann (1):
scripts/runqemu.README: fix typos and trailing whitespaces
Xiangyu Chen (1):
ltp: Fix pread02 case trigger the glibc overflow detection
Yang Xu (1):
insane.bbclass: Skip patches not in oe-core by full path
Yongxin Liu (1):
grub2: fix several CVEs
ghassaneben (1):
sqlite: fix CVE-2022-35737
niko.mauno@vaisala.com (2):
systemd: Fix unwritable /var/lock when no sysvinit handling
systemd: Add 'no-dns-fallback' PACKAGECONFIG option
pgowda (3):
binutils : CVE-2022-38533
binutils: fix CVE-2022-38126
binutils : Fix CVE-2022-38127
wangmy (10):
libcap: upgrade 2.63 -> 2.64
libtasn1: upgrade 4.18.0 -> 4.19.0
liburcu: upgrade 0.13.1 -> 0.13.2
libwpe: upgrade 1.12.2 -> 1.12.3
libatomic-ops: upgrade 7.6.12 -> 7.6.14
lz4: upgrade 1.9.3 -> 1.9.4
cracklib: upgrade 2.9.7 -> 2.9.8
vala: upgrade 0.56.2 -> 0.56.3
lighttpd: upgrade 1.4.64 -> 1.4.65
bind: upgrade 9.18.5 -> 9.18.6
meta-raspberrypi: 0135a02ea5..dacad9302a:
Lluis Campos (1):
rpi-cmdline: do_compile: Use pure Python syntax to get `CMDLINE`
Vinicius Aquino (1):
raspberrypi-firmware: Update to 20220830 snapshot
meta-openembedded: acbe748798..744a4b6eda:
Changqing Li (2):
fuse3: support ptest
fuse3: fix ptest test_passthrough_hp failure
Chen Qi (1):
polkit: refresh patch
Enrico Scholz (1):
nodejs-oe-cache-native: initial checkin
Hitendra Prajapati (1):
wireshark: CVE-2022-3190 Infinite loop in legacy style dissector
Hitomi Hasegawa (1):
libsdl: add CVE-2019-14906 to allowlist
Jose Quaresma (2):
wireguard-module: 1.0.20210219 -> 1.0.20220627
wireguard-tools: Add a new package for wg-quick
Justin Bronder (1):
lmdb: only set SONAME on the shared library
Khem Raj (5):
audit: Upgrade to 3.0.8 and fix build with linux 5.17+
ntpsec: Add -D_GNU_SOURCE and fix building with devtool
gd: Fix build with clang-15
safec: Remove unused variable 'len'
audit: Revert the tweak done in configure step in do_install
Lei Maohui (1):
xrdp: Fix buildpaths warning.
Martin Jansa (1):
libcec: fix runtime dependencies for ${PN}-examples
Mingli Yu (1):
postgresql: make sure pam conf installed when pam enabled
Ovidiu Panait (1):
net-snmp: upgrade 5.9.1 -> 5.9.3
Richard Purdie (1):
lmdb: Don't inherit base
Sakib Sajal (1):
minicoredumper: retry elf parsing as long as needed
Saul Wold (10):
libipc-signal-perl: Fix LICENSE string
libdigest-hmac-perl: Fix LICENSE string
libio-socket-ssl-perl: Fix LICENSE string
libdigest-sha1-perl: Fix LICENSE string
libmime-types-perl: Fix LICENSE string
libauthen-sasl-perl: Fix LICENSE string
libnet-ldap-perl: Fix LICENSE string
libxml-libxml-perl: Fix LICENSE string
libnet-telnet-perl: Fix LICENSE string
libproc-waitstat-perl: Fix LICENSE string
Steffen Olsen (1):
postgreql: Fix pg_config not working after buildpaths patch
Wang Mingyu (3):
php: upgrade 8.1.8 -> 8.1.9
postgresql: upgrade 14.4 -> 14.5
tcpreplay: upgrade 4.4.1 -> 4.4.2
Yi Zhao (6):
libldb: upgrade 2.3.3 -> 2.3.4
samba: upgrade 4.14.13 -> 4.14.14
samba: fix buildpaths issue
frr: Security fix CVE-2022-37035
open-vm-tools: Security fix CVE-2022-31676
frr: Security fix CVE-2022-37032
wangmy (2):
php: upgrade 8.1.9 -> 8.1.10
dnsmasq: upgrade 2.86 -> 2.87
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I02f0e5b5dcf292a12933c694a10d0946b0edcbc4
Diffstat (limited to 'meta-openembedded')
66 files changed, 1054 insertions, 384 deletions
diff --git a/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3/0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3/0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch new file mode 100644 index 0000000000..2207408bd2 --- /dev/null +++ b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3/0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch @@ -0,0 +1,45 @@ +From cee6de8d6619aeeb70f3318dfd35f2fdf5e43848 Mon Sep 17 00:00:00 2001 +From: Luis Henriques <luis-henrix@users.noreply.github.com> +Date: Sat, 20 Nov 2021 10:09:25 +0000 +Subject: [PATCH] test/test_syscalls.c: allow EBADF in fcheck_stat() (#631) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Test test/test_examples.py::test_passthrough_hp[False] fails because, on +kernels >= 5.14, fstat() will return -EBADF: + +3 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor +4 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor +5 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor +9 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor +... + +This patch simply whitelists the EBADF errno code. + +Signed-off-by: Luís Henriques <lhenriques@suse.de> +Co-authored-by: Luís Henriques <lhenriques@suse.de> + +Upstream-Status: Backport [https://github.com/libfuse/libfuse/commit/cee6de8d6619aeeb70f3318dfd35f2fdf5e43848] +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + test/test_syscalls.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/test/test_syscalls.c b/test/test_syscalls.c +index 160a2ac..65292ed 100644 +--- a/test/test_syscalls.c ++++ b/test/test_syscalls.c +@@ -277,7 +277,8 @@ static int fcheck_stat(int fd, int flags, struct stat *st) + if (flags & O_PATH) { + // With O_PATH fd, the server does not have to keep + // the inode alive so FUSE inode may be stale or bad +- if (errno == ESTALE || errno == EIO || errno == ENOENT) ++ if (errno == ESTALE || errno == EIO || ++ errno == ENOENT || errno == EBADF) + return 0; + } + PERROR("fstat"); +-- +2.25.1 + diff --git a/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb index e0cf2092a6..0f379afb92 100644 --- a/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb +++ b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb @@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://GPL2.txt;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://LICENSE;md5=a55c12a2d7d742ecb41ca9ae0a6ddc66" SRC_URI = "https://github.com/libfuse/libfuse/releases/download/fuse-${PV}/fuse-${PV}.tar.xz \ + file://0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch \ " SRC_URI[sha256sum] = "b2e283485d47404ac896dd0bb7f7ba81e1470838e677e45f659804c3a3b69666" @@ -35,7 +36,28 @@ RDEPENDS:${PN}-ptest += " \ do_install_ptest() { install -d ${D}${PTEST_PATH}/test + install -d ${D}${PTEST_PATH}/example + install -d ${D}${PTEST_PATH}/util cp -rf ${S}/test/* ${D}${PTEST_PATH}/test/ + + example_excutables=`find ${B}/example -type f -executable` + util_excutables=`find ${B}/util -type f -executable` + test_excutables=`find ${B}/test -type f -executable` + + for e in $example_excutables + do + cp -rf $e ${D}${PTEST_PATH}/example/ + done + + for e in $util_excutables + do + cp -rf $e ${D}${PTEST_PATH}/util/ + done + + for e in $test_excutables + do + cp -rf $e ${D}${PTEST_PATH}/test + done } DEPENDS = "udev" @@ -49,10 +71,6 @@ RRECOMMENDS:${PN}:class-target = "kernel-module-fuse fuse3-utils" FILES:${PN} += "${libdir}/libfuse3.so.*" FILES:${PN}-dev += "${libdir}/libfuse3*.la" -EXTRA_OEMESON += " \ - -Dexamples=false \ -" - # Forbid auto-renaming to libfuse3-utils FILES:fuse3-utils = "${bindir} ${base_sbindir}" DEBIAN_NOAUTONAME:fuse3-utils = "1" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-smbtorture-skip-test-case-tfork_cmd_send.patch b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-smbtorture-skip-test-case-tfork_cmd_send.patch new file mode 100644 index 0000000000..90ee317860 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-smbtorture-skip-test-case-tfork_cmd_send.patch @@ -0,0 +1,38 @@ +From 059b517f9ef6cbdc696e0983ce255b1728042827 Mon Sep 17 00:00:00 2001 +From: Yi Zhao <yi.zhao@windriver.com> +Date: Thu, 25 Aug 2022 16:46:04 +0800 +Subject: [PATCH] smbtorture: skip test case tfork_cmd_send + +The test case tfork_cmd_send fails on target as it requires a script +located in the source directory: + +$ smbtorture ncalrpc:localhost local.tfork.tfork_cmd_send +test: tfork_cmd_send +/buildarea/build/tmp/work/core2-64-poky-linux/samba/4.14.14-r0/samba-4.14.14/testprogs/blackbox/tfork.sh: +Failed to exec child - No such file or directory + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + lib/util/tests/tfork.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/lib/util/tests/tfork.c b/lib/util/tests/tfork.c +index 70ae975..4826ce6 100644 +--- a/lib/util/tests/tfork.c ++++ b/lib/util/tests/tfork.c +@@ -839,10 +839,6 @@ struct torture_suite *torture_local_tfork(TALLOC_CTX *mem_ctx) + "tfork_threads", + test_tfork_threads); + +- torture_suite_add_simple_test(suite, +- "tfork_cmd_send", +- test_tfork_cmd_send); +- + torture_suite_add_simple_test(suite, + "tfork_event_file_handle", + test_tfork_event_file_handle); +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.13.bb b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb index 49e93fc536..53526a26b6 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.13.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb @@ -21,6 +21,7 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ file://0004-Add-options-to-configure-the-use-of-libbsd.patch \ file://0005-samba-build-dnsserver_common-code.patch \ file://0001-Fix-pyext_PATTERN-for-cross-compilation.patch \ + file://0001-smbtorture-skip-test-case-tfork_cmd_send.patch \ " SRC_URI:append:libc-musl = " \ @@ -31,7 +32,7 @@ SRC_URI:append:libc-musl = " \ file://samba-fix-musl-lib-without-innetgr.patch \ " -SRC_URI[sha256sum] = "e1df792818a17d8d21faf33580d32939214694c92b84fb499464210d86a7ff75" +SRC_URI[sha256sum] = "abd5e9e6aa45e55114b188ba189ebdfc8fd3d7718d43f749e477ce7f791e5519" UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.14(\.\d+)+).tar.gz" diff --git a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20210219.bb b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20220627.bb index ce2ba65526..d80bdd87ab 100644 --- a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20210219.bb +++ b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20220627.bb @@ -1,8 +1,8 @@ require wireguard.inc -SRCREV = "122f06bfd8fc7b06a0899fa9adc4ce8e06900d98" +SRCREV = "18fbcd68a35a892527345dc5679d0b2d860ee004" -SRC_URI = "git://git.zx2c4.com/wireguard-linux-compat;branch=master" +SRC_URI = "git://git.zx2c4.com/wireguard-linux-compat;protocol=https;branch=master" inherit module kernel-module-split diff --git a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb index 0c686aae2a..20435338c3 100644 --- a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb +++ b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb @@ -16,11 +16,19 @@ do_install () { install } +PACKAGES += "${PN}-wg-quick" + FILES:${PN} = " \ + ${bindir}/wg \ ${sysconfdir} \ +" +FILES:${PN}-wg-quick = " \ + ${bindir}/wg-quick \ ${systemd_system_unitdir} \ - ${bindir} \ " -RDEPENDS:${PN} = "bash" -RRECOMMENDS:${PN} = "kernel-module-wireguard" +RDEPENDS:${PN}-wg-quick = "${PN} bash" +RRECOMMENDS:${PN} = " \ + kernel-module-wireguard \ + ${PN}-wg-quick \ + " diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch new file mode 100644 index 0000000000..672bc9514a --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch @@ -0,0 +1,42 @@ +From 3c4821679f2362bcd38fcc7803f28a5210441ddb Mon Sep 17 00:00:00 2001 +From: Donald Sharp <sharpd@nvidia.com> +Date: Thu, 21 Jul 2022 08:11:58 -0400 +Subject: [PATCH] bgpd: Make sure hdr length is at a minimum of what is + expected + +Ensure that if the capability length specified is enough data. + +Signed-off-by: Donald Sharp <sharpd@nvidia.com> + +CVE: CVE-2022-37032 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/3c4821679f2362bcd38fcc7803f28a5210441ddb] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + bgpd/bgp_packet.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index 7c92a8d9e..bcd47e32d 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -2440,6 +2440,14 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt, + "%s CAPABILITY has action: %d, code: %u, length %u", + peer->host, action, hdr->code, hdr->length); + ++ if (hdr->length < sizeof(struct capability_mp_data)) { ++ zlog_info( ++ "%s Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d", ++ peer->host, sizeof(struct capability_mp_data), ++ hdr->length); ++ return BGP_Stop; ++ } ++ + /* Capability length check. */ + if ((pnt + hdr->length + 3) > end) { + zlog_info("%s Capability length error", peer->host); +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37035.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37035.patch new file mode 100644 index 0000000000..3d18d0b90d --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37035.patch @@ -0,0 +1,151 @@ +From db24300d56ad5831d9f6e4545ff2999b99e71bac Mon Sep 17 00:00:00 2001 +From: Mark Stapp <mstapp@nvidia.com> +Date: Thu, 8 Sep 2022 16:14:36 -0400 +Subject: [PATCH] bgpd: avoid notify race between io and main pthreads + +The "bgp_notify_" apis in bgp_packet.c generate a notification +to a peer, usually during error handling. The io pthread wants +to send notifications in a couple of cases during early +received-packet validation - but the existing api interacts +with the peer struct itself, and that's not safe. + +Add a new api for use by the io pthread, and adjust the main +notify api so that it can avoid touching the peer struct. + +Signed-off-by: Mark Stapp <mstapp@nvidia.com> + +CVE: CVE-2022-37035 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/71ca5b09bc71e8cbe38177cf41e83fe164e52eee] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + bgpd/bgp_io.c | 17 ++++++++--------- + bgpd/bgp_packet.c | 32 ++++++++++++++++++++++++++++---- + bgpd/bgp_packet.h | 2 ++ + 3 files changed, 38 insertions(+), 13 deletions(-) + +diff --git a/bgpd/bgp_io.c b/bgpd/bgp_io.c +index 9b5a31f28..c736d02db 100644 +--- a/bgpd/bgp_io.c ++++ b/bgpd/bgp_io.c +@@ -37,7 +37,7 @@ + #include "bgpd/bgp_debug.h" // for bgp_debug_neighbor_events, bgp_type_str + #include "bgpd/bgp_errors.h" // for expanded error reference information + #include "bgpd/bgp_fsm.h" // for BGP_EVENT_ADD, bgp_event +-#include "bgpd/bgp_packet.h" // for bgp_notify_send_with_data, bgp_notify... ++#include "bgpd/bgp_packet.h" // for bgp_notify_io_invalid... + #include "bgpd/bgp_trace.h" // for frrtraces + #include "bgpd/bgpd.h" // for peer, BGP_MARKER_SIZE, bgp_master, bm + /* clang-format on */ +@@ -526,8 +526,8 @@ static bool validate_header(struct peer *peer) + return false; + + if (memcmp(m_correct, m_rx, BGP_MARKER_SIZE) != 0) { +- bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR, +- BGP_NOTIFY_HEADER_NOT_SYNC); ++ bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR, ++ BGP_NOTIFY_HEADER_NOT_SYNC, NULL, 0); + return false; + } + +@@ -547,9 +547,8 @@ static bool validate_header(struct peer *peer) + zlog_debug("%s unknown message type 0x%02x", peer->host, + type); + +- bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR, +- BGP_NOTIFY_HEADER_BAD_MESTYPE, &type, +- 1); ++ bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR, ++ BGP_NOTIFY_HEADER_BAD_MESTYPE, &type, 1); + return false; + } + +@@ -574,9 +573,9 @@ static bool validate_header(struct peer *peer) + + uint16_t nsize = htons(size); + +- bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR, +- BGP_NOTIFY_HEADER_BAD_MESLEN, +- (unsigned char *)&nsize, 2); ++ bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR, ++ BGP_NOTIFY_HEADER_BAD_MESLEN, ++ (unsigned char *)&nsize, 2); + return false; + } + +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index 7c92a8d9e..a5ce5a527 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -736,8 +736,9 @@ static void bgp_write_notify(struct peer *peer) + * @param data Data portion + * @param datalen length of data portion + */ +-void bgp_notify_send_with_data(struct peer *peer, uint8_t code, +- uint8_t sub_code, uint8_t *data, size_t datalen) ++static void bgp_notify_send_internal(struct peer *peer, uint8_t code, ++ uint8_t sub_code, uint8_t *data, ++ size_t datalen, bool use_curr) + { + struct stream *s; + +@@ -769,8 +770,11 @@ void bgp_notify_send_with_data(struct peer *peer, uint8_t code, + * If possible, store last packet for debugging purposes. This check is + * in place because we are sometimes called with a doppelganger peer, + * who tends to have a plethora of fields nulled out. ++ * ++ * Some callers should not attempt this - the io pthread for example ++ * should not touch internals of the peer struct. + */ +- if (peer->curr) { ++ if (use_curr && peer->curr) { + size_t packetsize = stream_get_endp(peer->curr); + assert(packetsize <= peer->max_packet_size); + memcpy(peer->last_reset_cause, peer->curr->data, packetsize); +@@ -853,7 +857,27 @@ void bgp_notify_send_with_data(struct peer *peer, uint8_t code, + */ + void bgp_notify_send(struct peer *peer, uint8_t code, uint8_t sub_code) + { +- bgp_notify_send_with_data(peer, code, sub_code, NULL, 0); ++ bgp_notify_send_internal(peer, code, sub_code, NULL, 0, true); ++} ++ ++/* ++ * Enqueue notification; called from the main pthread, peer object access is ok. ++ */ ++void bgp_notify_send_with_data(struct peer *peer, uint8_t code, ++ uint8_t sub_code, uint8_t *data, size_t datalen) ++{ ++ bgp_notify_send_internal(peer, code, sub_code, data, datalen, true); ++} ++ ++/* ++ * For use by the io pthread, queueing a notification but avoiding access to ++ * the peer object. ++ */ ++void bgp_notify_io_invalid(struct peer *peer, uint8_t code, uint8_t sub_code, ++ uint8_t *data, size_t datalen) ++{ ++ /* Avoid touching the peer object */ ++ bgp_notify_send_internal(peer, code, sub_code, data, datalen, false); + } + + /* +diff --git a/bgpd/bgp_packet.h b/bgpd/bgp_packet.h +index 280d3ec17..898f88ff5 100644 +--- a/bgpd/bgp_packet.h ++++ b/bgpd/bgp_packet.h +@@ -62,6 +62,8 @@ extern void bgp_open_send(struct peer *); + extern void bgp_notify_send(struct peer *, uint8_t, uint8_t); + extern void bgp_notify_send_with_data(struct peer *, uint8_t, uint8_t, + uint8_t *, size_t); ++void bgp_notify_io_invalid(struct peer *peer, uint8_t code, uint8_t sub_code, ++ uint8_t *data, size_t datalen); + extern void bgp_route_refresh_send(struct peer *peer, afi_t afi, safi_t safi, + uint8_t orf_type, uint8_t when_to_refresh, + int remove, uint8_t subtype); +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb index 96be49b53f..658731567d 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb @@ -10,6 +10,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://COPYING-LGPLv2.1;md5=4fbd65380cdd255951079008b364516c" SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \ + file://CVE-2022-37035.patch \ + file://CVE-2022-37032.patch \ file://frr.pam \ " diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch index 4cd7290447..0eeddf752c 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch @@ -1,7 +1,8 @@ -From 6f8ea2e841ad45eed193310b599d3f3b410ae91d Mon Sep 17 00:00:00 2001 +From 98c62e24fdd05d7e8bd8149840bad8eb0feb3fb1 Mon Sep 17 00:00:00 2001 From: Mingli Yu <mingli.yu@windriver.com> Date: Fri, 29 Jan 2021 08:49:15 +0000 -Subject: [PATCH] ac_add_search_path.m4: keep consistent between 32bit and 64bit +Subject: [PATCH] ac_add_search_path.m4: keep consistent between 32bit and + 64bit With configure option "--with-openssl=${STAGING_EXECPREFIXDIR}", it behaves differently between 32bit and 64bit system as the openssl lib resides under @@ -15,12 +16,13 @@ So add the patch to fix the gap between 32bit and 64bit system. Upstream-Status: Inappropriate [configuration specific] Signed-off-by: Mingli Yu <mingli.yu@windriver.com> + --- m4/ac_add_search_path.m4 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/m4/ac_add_search_path.m4 b/m4/ac_add_search_path.m4 -index 8e0a819..961f587 100644 +index 8e0a819..e9585bc 100644 --- a/m4/ac_add_search_path.m4 +++ b/m4/ac_add_search_path.m4 @@ -3,8 +3,8 @@ dnl Add a search path to the LIBS and CPPFLAGS variables @@ -34,6 +36,3 @@ index 8e0a819..961f587 100644 fi if test -d $1/include; then CPPFLAGS="-I$1/include $CPPFLAGS" --- -2.29.2 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch index 05a47f61ce..f8a52a63f5 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch @@ -1,4 +1,4 @@ -From 69d4c517c07f55c505090e48d96ace8cd599fb26 Mon Sep 17 00:00:00 2001 +From e86d5fd52f19b85da0b7cce660c6e65ec4c0f9bb Mon Sep 17 00:00:00 2001 From: Li xin <lixin.fnst@cn.fujitsu.com> Date: Fri, 21 Aug 2015 18:23:13 +0900 Subject: [PATCH] config_os_headers: Error Fix @@ -19,7 +19,7 @@ Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.d/config_os_headers b/configure.d/config_os_headers -index f07d512..2363b42 100644 +index 01c3376..6edd85f 100644 --- a/configure.d/config_os_headers +++ b/configure.d/config_os_headers @@ -395,8 +395,8 @@ then diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch index 22e591556a..a7881a8713 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch @@ -1,4 +1,4 @@ -From 2bf1bbe1d428ed06d57aa76b03e394b72ff2216d Mon Sep 17 00:00:00 2001 +From 8097734b27fd146f358a4edd0d1a0d28309bd9a4 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Fri, 22 Jul 2016 18:34:39 +0000 Subject: [PATCH] get_pid_from_inode: Include limit.h @@ -14,7 +14,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 1 file changed, 1 insertion(+) diff --git a/agent/mibgroup/util_funcs/get_pid_from_inode.c b/agent/mibgroup/util_funcs/get_pid_from_inode.c -index aee907d..7abaec2 100644 +index 5788e1d..ea380a6 100644 --- a/agent/mibgroup/util_funcs/get_pid_from_inode.c +++ b/agent/mibgroup/util_funcs/get_pid_from_inode.c @@ -6,6 +6,7 @@ @@ -23,5 +23,5 @@ index aee907d..7abaec2 100644 #include <ctype.h> +#include <limits.h> #include <stdio.h> - #if HAVE_STDLIB_H + #ifdef HAVE_STDLIB_H #include <stdlib.h> diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch deleted file mode 100644 index 4fc9e54b49..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 94ca941e06bef157bf0e13251f8ca1471daa9393 Mon Sep 17 00:00:00 2001 -From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> -Date: Fri, 27 Aug 2021 14:21:45 +0300 -Subject: [PATCH] snmpd: always exit after displaying usage - -Currently, viewing the help text with -h results in snmpd being started -in the background, whereas this does not happen with --help. Similarly, -when an error is detected in command line syntax, the help text is -displayed but sometimes snmpd gets started anyway, depending on the -execution path. - -This patch makes snmpd consistently terminate whenever the usage -function gets called. It also removes the goto statements no longer -needed. - -Upstream-Status: Backport -[https://github.com/net-snmp/net-snmp/commit/94ca941e06bef157bf0e13251f8ca1471daa9393] - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - agent/snmpd.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/agent/snmpd.c b/agent/snmpd.c -index f5aab0af8..90de12d99 100644 ---- a/agent/snmpd.c -+++ b/agent/snmpd.c -@@ -289,6 +289,8 @@ usage(char *prog) - " -S d|i|0-7\t\tuse -Ls <facility> instead\n" - "\n" - ); -+ SOCK_CLEANUP; -+ exit(1); - } - - static void -@@ -494,7 +496,6 @@ main(int argc, char *argv[]) - case '-': - if (strcasecmp(optarg, "help") == 0) { - usage(argv[0]); -- goto out; - } - if (strcasecmp(optarg, "version") == 0) { - version(); -@@ -783,7 +784,6 @@ main(int argc, char *argv[]) - fprintf(stderr, "%s: Illegal argument -X:" - "AgentX support not compiled in.\n", argv[0]); - usage(argv[0]); -- goto out; - #endif - break; - --- -2.25.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch index 42352a6b00..af6334f726 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch @@ -1,4 +1,4 @@ -From f3ff99736b8cccbba77349b0d10a3cee366a4c87 Mon Sep 17 00:00:00 2001 +From f4e1acd4f509dd26cf88da872bd5adcf884f4a5f Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Fri, 18 Sep 2015 00:28:45 -0400 Subject: [PATCH] snmplib/keytools.c: Don't check for return from @@ -17,7 +17,7 @@ Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/snmplib/keytools.c b/snmplib/keytools.c -index 129a7c0..2fc1efc 100644 +index 14a452a..fb1694b 100644 --- a/snmplib/keytools.c +++ b/snmplib/keytools.c @@ -183,10 +183,7 @@ generate_Ku(const oid * hashtype, u_int hashtype_len, diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch deleted file mode 100644 index c973bde721..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 0a02ac779c51a2b4af3b58cb96967bf3eff80367 Mon Sep 17 00:00:00 2001 -From: Wenlin Kang <wenlin.kang@windriver.com> -Date: Wed, 24 May 2017 16:45:34 +0800 -Subject: [PATCH] configure: fix a cc check issue. - -When has "." in cc value, the expression -$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\w\s\/]+).;\s*/$1/);' -can't get corretly the cc's value. - -Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> - ---- - configure.d/config_project_perl_python | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.d/config_project_perl_python b/configure.d/config_project_perl_python -index 475c843..22d2ad3 100644 ---- a/configure.d/config_project_perl_python -+++ b/configure.d/config_project_perl_python -@@ -87,7 +87,7 @@ if test "x$install_perl" != "xno" ; then - if test "x$enable_perl_cc_checks" != "xno" ; then - AC_MSG_CHECKING([for Perl cc]) - changequote(, ) -- PERLCC=`$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\w\s\/]+).;\s*/$1/);'` -+ PERLCC=`$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\.\w\s\/]+).;\s*/$1/);'` - changequote([, ]) - if test "x$PERLCC" != "x" ; then - AC_MSG_RESULT([$PERLCC]) diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch index bfddc63dd7..6e224188a4 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch @@ -1,4 +1,4 @@ -From 011bdcd07f2a289d0cfc1b411c03c0cc7c42dad1 Mon Sep 17 00:00:00 2001 +From 6d655ba677563ac9d62d4d8eee59fdb39d486c02 Mon Sep 17 00:00:00 2001 From: Wenlin Kang <wenlin.kang@windriver.com> Date: Wed, 24 May 2017 17:10:20 +0800 Subject: [PATCH] configure: fix incorrect variable @@ -14,10 +14,10 @@ Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.in b/Makefile.in -index 912f6b2..a53d1b2 100644 +index f1cbbf5..1545be3 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -174,7 +174,7 @@ OTHERCLEANTODOS=perlclean @PYTHONCLEANTARGS@ cleanfeatures perlcleanfeatures pyt +@@ -173,7 +173,7 @@ OTHERCLEANTODOS=perlclean @PYTHONCLEANTARGS@ cleanfeatures perlcleanfeatures pyt # # override LD_RUN_PATH to avoid dependencies on the build directory perlmodules: perlmakefiles subdirs diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch index 26dd014ce4..409c1e03c8 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch @@ -1,4 +1,4 @@ -From 27444fbf8323679ea0551a3bd5f04c365143d8c0 Mon Sep 17 00:00:00 2001 +From ab1d77c52e84746e75506a2870783806bc77f396 Mon Sep 17 00:00:00 2001 From: "Roy.Li" <rongqing.li@windriver.com> Date: Fri, 16 Jan 2015 14:14:01 +0800 Subject: [PATCH] net-snmp: fix "libtool --finish" @@ -20,11 +20,11 @@ Signed-off-by: Roy.Li <rongqing.li@windriver.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.top b/Makefile.top -index 6315401..fc0ee06 100644 +index a962c54..1ba5607 100644 --- a/Makefile.top +++ b/Makefile.top @@ -89,7 +89,7 @@ LIBREVISION = 0 - LIB_LD_CMD = $(LIBTOOL) --mode=link $(LINKCC) $(CFLAGS) -rpath $(libdir) -version-info $(LIBCURRENT):$(LIBREVISION):$(LIBAGE) -o + LIB_LD_CMD = $(LIBTOOL) --mode=link $(LINKCC) $(CFLAGS) -rpath $(libdir) -version-info $(LIBCURRENT):$(LIBREVISION):$(LIBAGE) @LD_NO_UNDEFINED@ -o LIB_EXTENSION = la LIB_VERSION = -LIB_LDCONFIG_CMD = $(LIBTOOL) --mode=finish $(INSTALL_PREFIX)$(libdir) diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch index 022eb958f3..35e93d636e 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch @@ -1,4 +1,4 @@ -From 1e3178835217ba89aa355e2b6b88e490f17be16d Mon Sep 17 00:00:00 2001 +From 5ad4eab43c1ea63ff343bba64d576440e8783e75 Mon Sep 17 00:00:00 2001 From: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Date: Wed, 9 Jun 2021 15:47:30 +0900 Subject: [PATCH] net snmp: fix engineBoots value on SIGHUP @@ -7,6 +7,7 @@ Upstream-Status: Pending Signed-off-by: Marian Florea <marian.florea@windriver.com> Signed-off-by: Li Zhou <li.zhou@windriver.com> +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> --- agent/snmpd.c | 1 + @@ -14,19 +15,19 @@ Signed-off-by: Li Zhou <li.zhou@windriver.com> 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/agent/snmpd.c b/agent/snmpd.c -index 1af439f..355b510 100644 +index 90de12d..1ccc4db 100644 --- a/agent/snmpd.c +++ b/agent/snmpd.c -@@ -1208,6 +1208,7 @@ receive(void) - snmp_log(LOG_INFO, "NET-SNMP version %s restarted\n", - netsnmp_get_version()); - update_config(); -+ snmp_store(app_name); - send_easy_trap(SNMP_TRAP_ENTERPRISESPECIFIC, 3); - #if HAVE_SIGPROCMASK - ret = sigprocmask(SIG_UNBLOCK, &set, NULL); +@@ -1169,6 +1169,7 @@ snmpd_reconfig(void) + snmp_log(LOG_INFO, "NET-SNMP version %s restarted\n", + netsnmp_get_version()); + update_config(); ++ snmp_store(app_name); + send_easy_trap(SNMP_TRAP_ENTERPRISESPECIFIC, 3); + #ifdef HAVE_SIGPROCMASK + ret = sigprocmask(SIG_UNBLOCK, &set, NULL); diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c -index 29c2a0f..ada961c 100644 +index 7b1746b..4a17e0d 100644 --- a/snmplib/snmpv3.c +++ b/snmplib/snmpv3.c @@ -1059,9 +1059,9 @@ init_snmpv3_post_config(int majorid, int minorid, void *serverarg, @@ -41,6 +42,3 @@ index 29c2a0f..ada961c 100644 engineBoots = 1; } --- -2.25.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch index f1ebe2bb61..c5a453abe2 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch @@ -1,4 +1,4 @@ -From e507dcf8b29c55011f85d88bf05400d4717e4074 Mon Sep 17 00:00:00 2001 +From ad65b106d3cb3c6e595381be1c45a73c1ef6eb5e Mon Sep 17 00:00:00 2001 From: Chong Lu <Chong.Lu@windriver.com> Date: Thu, 28 May 2020 09:46:34 -0500 Subject: [PATCH] net-snmp: add knob whether nlist.h are checked @@ -15,7 +15,7 @@ Signed-off-by: Chong Lu <Chong.Lu@windriver.com> 1 file changed, 2 insertions(+) diff --git a/configure.d/config_os_headers b/configure.d/config_os_headers -index 76ef58a..f07d512 100644 +index b9c8c31..01c3376 100644 --- a/configure.d/config_os_headers +++ b/configure.d/config_os_headers @@ -37,6 +37,7 @@ AC_CHECK_HEADERS([getopt.h pthread.h regex.h ] dnl diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch index 2941a36092..c382c02d89 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch @@ -1,4 +1,4 @@ -From 3ca4335ec1d6b7b384c134fc85d7a9e513c68376 Mon Sep 17 00:00:00 2001 +From b1b9980853b1083f0c8b9f628f8b4c3a484d4f91 Mon Sep 17 00:00:00 2001 From: Jackie Huang <jackie.huang@windriver.com> Date: Thu, 22 Jun 2017 10:25:08 +0800 Subject: [PATCH] net-snmp: fix for --disable-des @@ -15,7 +15,7 @@ Signed-off-by: Jackie Huang <jackie.huang@windriver.com> 1 file changed, 2 insertions(+) diff --git a/snmplib/scapi.c b/snmplib/scapi.c -index 00c9174..c6875e1 100644 +index 54fdd5c..0f7e931 100644 --- a/snmplib/scapi.c +++ b/snmplib/scapi.c @@ -85,7 +85,9 @@ netsnmp_feature_child_of(usm_scapi, usm_support); diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch index 807983f612..09ca532a7f 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch @@ -1,4 +1,4 @@ -From 972df16e9599dffddf5d714a4cbf43008c771122 Mon Sep 17 00:00:00 2001 +From 36a5656db7ea75dd15f35a6c1728937c6e2b901c Mon Sep 17 00:00:00 2001 From: Jackie Huang <jackie.huang@windriver.com> Date: Wed, 14 Jan 2015 15:10:06 +0800 Subject: [PATCH] testing: add the output format for ptest diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch index bf1e7bedf2..c0b51c51e3 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch @@ -1,4 +1,4 @@ -From 84e362fe97f50fbad69f083bc2d8fe18f83eb2f7 Mon Sep 17 00:00:00 2001 +From b923cd38e2503b86aedf66b767fd7f51c9f25645 Mon Sep 17 00:00:00 2001 From: "douglas.royds" <douglas.royds@taitradio.com> Date: Wed, 21 Nov 2018 13:52:18 +1300 Subject: [PATCH] net-snmp: Reproducibility: Don't check build host for @@ -13,7 +13,7 @@ set in the environment to "yes" or "no" as appropriate for the target platform. 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.d/config_os_misc4 b/configure.d/config_os_misc4 -index 6f23c8e..8cea75a 100644 +index b6864d9..07ca922 100644 --- a/configure.d/config_os_misc4 +++ b/configure.d/config_os_misc4 @@ -99,9 +99,9 @@ if test x$LPSTAT_PATH != x; then diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb index 30c0ce74cb..7af5147566 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb @@ -21,15 +21,13 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \ file://0001-config_os_headers-Error-Fix.patch \ file://0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch \ file://0001-get_pid_from_inode-Include-limit.h.patch \ - file://0002-configure-fix-a-cc-check-issue.patch \ file://0004-configure-fix-incorrect-variable.patch \ file://net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch \ file://net-snmp-fix-for-disable-des.patch \ file://reproducibility-have-printcap.patch \ file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \ - file://0001-snmpd-always-exit-after-displaying-usage.patch \ " -SRC_URI[sha256sum] = "eb7fd4a44de6cddbffd9a92a85ad1309e5c1054fb9d5a7dd93079c8953f48c3f" +SRC_URI[sha256sum] = "2097f29b7e1bf3f1300b4bae52fa2308d0bb8d5d3998dbe02f9462a413a2ef0a" UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/net-snmp/files/net-snmp/" UPSTREAM_CHECK_REGEX = "/net-snmp/(?P<pver>\d+(\.\d+)+)/" diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc index 136c65d8fd..a8ff21a125 100644 --- a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc +++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc @@ -3,8 +3,9 @@ HOMEPAGE = "http://www.thekelleys.org.uk/dnsmasq/doc.html" SECTION = "net" # GPLv3 was added in version 2.41 as license option LICENSE = "GPL-2.0-only | GPL-3.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \ - file://COPYING-v3;md5=d32239bcb673463ab874e80d47fae504" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://COPYING-v3;md5=d32239bcb673463ab874e80d47fae504 \ + " #at least versions 2.69 and prior are moved to the archive folder on the server SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getVar('PV').split('.')[1]) > 69]}dnsmasq-${PV}.tar.gz;name=dnsmasq-${PV} \ diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch deleted file mode 100644 index 6bd734d756..0000000000 --- a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch +++ /dev/null @@ -1,191 +0,0 @@ -From 3cdecc159e0f417a2f8d43d99632af26beea630f Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Thu, 31 Mar 2022 21:35:20 +0100 -Subject: [PATCH] Fix write-after-free error in DHCPv6 code. CVE-2022-0934 - refers. - -CVE: CVE-2022-0934 - -Upstream-Status: Backport -[https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=03345ecefe] - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - CHANGELOG | 3 +++ - src/rfc3315.c | 48 +++++++++++++++++++++++++++--------------------- - 2 files changed, 30 insertions(+), 21 deletions(-) - -diff --git a/CHANGELOG b/CHANGELOG -index 5e54df9..a28da2a 100644 ---- a/CHANGELOG -+++ b/CHANGELOG -@@ -1,4 +1,7 @@ - version 2.86 -+ Fix write-after-free error in DHCPv6 server code. -+ CVE-2022-0934 refers. -+ - Handle DHCPREBIND requests in the DHCPv6 server code. - Thanks to Aichun Li for spotting this omission, and the initial - patch. -diff --git a/src/rfc3315.c b/src/rfc3315.c -index 5c2ff97..6ecfeeb 100644 ---- a/src/rfc3315.c -+++ b/src/rfc3315.c -@@ -33,9 +33,9 @@ struct state { - unsigned int mac_len, mac_type; - }; - --static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, -+static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, - struct in6_addr *client_addr, int is_unicast, time_t now); --static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now); -+static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now); - static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_opts); - static void log6_packet(struct state *state, char *type, struct in6_addr *addr, char *string); - static void log6_quiet(struct state *state, char *type, struct in6_addr *addr, char *string); -@@ -104,12 +104,12 @@ unsigned short dhcp6_reply(struct dhcp_context *context, int interface, char *if - } - - /* This cost me blood to write, it will probably cost you blood to understand - srk. */ --static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, -+static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, - struct in6_addr *client_addr, int is_unicast, time_t now) - { - void *end = inbuff + sz; - void *opts = inbuff + 34; -- int msg_type = *((unsigned char *)inbuff); -+ int msg_type = *inbuff; - unsigned char *outmsgtypep; - void *opt; - struct dhcp_vendor *vendor; -@@ -259,15 +259,15 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, - return 1; - } - --static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now) -+static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now) - { - void *opt; -- int i, o, o1, start_opts; -+ int i, o, o1, start_opts, start_msg; - struct dhcp_opt *opt_cfg; - struct dhcp_netid *tagif; - struct dhcp_config *config = NULL; - struct dhcp_netid known_id, iface_id, v6_id; -- unsigned char *outmsgtypep; -+ unsigned char outmsgtype; - struct dhcp_vendor *vendor; - struct dhcp_context *context_tmp; - struct dhcp_mac *mac_opt; -@@ -296,12 +296,13 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - v6_id.next = state->tags; - state->tags = &v6_id; - -- /* copy over transaction-id, and save pointer to message type */ -- if (!(outmsgtypep = put_opt6(inbuff, 4))) -+ start_msg = save_counter(-1); -+ /* copy over transaction-id */ -+ if (!put_opt6(inbuff, 4)) - return 0; - start_opts = save_counter(-1); -- state->xid = outmsgtypep[3] | outmsgtypep[2] << 8 | outmsgtypep[1] << 16; -- -+ state->xid = inbuff[3] | inbuff[2] << 8 | inbuff[1] << 16; -+ - /* We're going to be linking tags from all context we use. - mark them as unused so we don't link one twice and break the list */ - for (context_tmp = state->context; context_tmp; context_tmp = context_tmp->current) -@@ -347,7 +348,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - (msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE)) - - { -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - o1 = new_opt6(OPTION6_STATUS_CODE); - put_opt6_short(DHCP6USEMULTI); - put_opt6_string("Use multicast"); -@@ -619,11 +620,11 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - struct dhcp_netid *solicit_tags; - struct dhcp_context *c; - -- *outmsgtypep = DHCP6ADVERTISE; -+ outmsgtype = DHCP6ADVERTISE; - - if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0)) - { -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - state->lease_allocate = 1; - o = new_opt6(OPTION6_RAPID_COMMIT); - end_opt6(o); -@@ -809,7 +810,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - int start = save_counter(-1); - - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - state->lease_allocate = 1; - - log6_quiet(state, "DHCPREQUEST", NULL, ignore ? _("ignored") : NULL); -@@ -924,7 +925,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - int address_assigned = 0; - - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - - log6_quiet(state, msg_type == DHCP6RENEW ? "DHCPRENEW" : "DHCPREBIND", NULL, NULL); - -@@ -1057,7 +1058,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - int good_addr = 0; - - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - - log6_quiet(state, "DHCPCONFIRM", NULL, NULL); - -@@ -1121,7 +1122,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - log6_quiet(state, "DHCPINFORMATION-REQUEST", NULL, ignore ? _("ignored") : state->hostname); - if (ignore) - return 0; -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - tagif = add_options(state, 1); - break; - } -@@ -1130,7 +1131,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - case DHCP6RELEASE: - { - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - - log6_quiet(state, "DHCPRELEASE", NULL, NULL); - -@@ -1195,7 +1196,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - case DHCP6DECLINE: - { - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - - log6_quiet(state, "DHCPDECLINE", NULL, NULL); - -@@ -1275,7 +1276,12 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - } - - } -- -+ -+ /* Fill in the message type. Note that we store the offset, -+ not a direct pointer, since the packet memory may have been -+ reallocated. */ -+ ((unsigned char *)(daemon->outpacket.iov_base))[start_msg] = outmsgtype; -+ - log_tags(tagif, state->xid); - log6_opts(0, state->xid, daemon->outpacket.iov_base + start_opts, daemon->outpacket.iov_base + save_counter(-1)); - --- -2.25.1 - diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb deleted file mode 100644 index 0f7880ce8c..0000000000 --- a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb +++ /dev/null @@ -1,8 +0,0 @@ -require dnsmasq.inc - -SRC_URI[dnsmasq-2.86.sha256sum] = "ef15f608a83ee2b1d1d2c1f11d089a7e0ac401ffb0991de73fc01ce5f290e512" -SRC_URI += "\ - file://lua.patch \ - file://CVE-2022-0934.patch \ -" - diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb new file mode 100644 index 0000000000..793b61d712 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb @@ -0,0 +1,7 @@ +require dnsmasq.inc + +SRC_URI[dnsmasq-2.87.sha256sum] = "ae39bffde9c37e4d64849b528afeb060be6bad6d1044a3bd94a49fce41357284" +SRC_URI += "\ + file://lua.patch \ +" + diff --git a/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.3.3.bb b/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.3.4.bb index 6dd3ec3a9a..af5f0427d4 100644 --- a/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.3.3.bb +++ b/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.3.4.bb @@ -32,8 +32,8 @@ LIC_FILES_CHKSUM = "file://pyldb.h;endline=24;md5=dfbd238cecad76957f7f860fbe9ada file://man/ldb.3.xml;beginline=261;endline=262;md5=137f9fd61040c1505d1aa1019663fd08 \ file://tools/ldbdump.c;endline=19;md5=a7d4fc5d1f75676b49df491575a86a42" -SRC_URI[md5sum] = "6824f69ea3bb58cb8a3be4c179e7569a" -SRC_URI[sha256sum] = "9ef39700ff05b3e8f5801d2a39fe1ba023218650f81c9d377caca22f49076807" +SRC_URI[md5sum] = "b01d6913a06901c22c5bc6caedc548ac" +SRC_URI[sha256sum] = "f2e88dcab7b6007d92724b62f8a16e7c6e77275885c60eb4f87097e4aa4082c1" inherit pkgconfig waf-samba diff --git a/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch b/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch new file mode 100644 index 0000000000..98c62eed49 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch @@ -0,0 +1,29 @@ +From 9a7dead72f41e79979625c9bdef2fb638427d3d6 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 22 Aug 2022 20:54:17 -0700 +Subject: [PATCH] wscript: Widen the search for tags + +Default is to look for annotated tags, howveer when using devtool we +create our own git tree from release tarballs which will have tags but +they are not annotated, therefore broaden the search to include all tags + +Upstream-Status: Inappropriate [OE-specific] + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + wscript | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/wscript b/wscript +index 879ded1..dff835d 100644 +--- a/wscript ++++ b/wscript +@@ -177,7 +177,7 @@ def configure(ctx): + if build_desc: + build_desc = ' ' + build_desc + if ctx.env.BIN_GIT: +- cmd = ctx.env.BIN_GIT + shlex.split("describe --dirty") ++ cmd = ctx.env.BIN_GIT + shlex.split("describe --tags --dirty") + git_short_hash = ctx.cmd_and_log(cmd).strip() + git_short_hash = '-'.join(git_short_hash.split('-')[1:]) + diff --git a/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb b/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb index 3efac7d983..bed0e2e108 100644 --- a/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb +++ b/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb @@ -16,7 +16,9 @@ SRC_URI = "https://ftp.ntpsec.org/pub/releases/ntpsec-${PV}.tar.gz \ file://0001-ntpd-ntp_sandbox.c-allow-clone3-for-glibc-2.34-in-se.patch \ file://0001-ntpd-ntp_sandbox.c-allow-newfstatat-on-all-archs-for.patch \ file://0002-ntpd-ntp_sandbox.c-match-riscv-to-aarch-in-seccomp-f.patch \ - file://volatiles.ntpsec" + file://volatiles.ntpsec \ + file://0001-wscript-Widen-the-search-for-tags.patch \ + " SRC_URI[sha256sum] = "f2684835116c80b8f21782a5959a805ba3c44e3a681dd6c17c7cb00cc242c27a" @@ -54,7 +56,7 @@ export PYTAG = "cpython${@ d.getVar('PYTHON_BASEVERSION').replace('.', '')}" export pyext_PATTERN = "%s.so" export PYTHON_LDFLAGS = "-lpthread -ldl" -CFLAGS:append = " -I${PYTHON_INCLUDE_DIR}" +CFLAGS:append = " -I${PYTHON_INCLUDE_DIR} -D_GNU_SOURCE" EXTRA_OECONF = "--cross-compiler='${CC}' \ --cross-cflags='${CFLAGS}' \ diff --git a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch new file mode 100644 index 0000000000..4140c46d07 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch @@ -0,0 +1,43 @@ +From 70a74758bfe0042c27f15ce590fb21a2bc54d745 Mon Sep 17 00:00:00 2001 +From: John Wolfe <jwolfe@vmware.com> +Date: Sun, 21 Aug 2022 07:56:49 -0700 +Subject: [PATCH] Properly check authorization on incoming guestOps requests. + +Fix public pipe request checks. Only a SessionRequest type should +be accepted on the public pipe. + +CVE: CVE-2022-31676 + +Upstream-Status: Backport +[https://github.com/vmware/open-vm-tools/commit/70a74758bfe0042c27f15ce590fb21a2bc54d745] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + open-vm-tools/vgauth/serviceImpl/proto.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/open-vm-tools/vgauth/serviceImpl/proto.c b/open-vm-tools/vgauth/serviceImpl/proto.c +index db7159ee..6c672601 100644 +--- a/open-vm-tools/vgauth/serviceImpl/proto.c ++++ b/open-vm-tools/vgauth/serviceImpl/proto.c +@@ -1,5 +1,5 @@ + /********************************************************* +- * Copyright (C) 2011-2016,2019-2021 VMware, Inc. All rights reserved. ++ * Copyright (C) 2011-2016,2019-2022 VMware, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as published +@@ -1201,6 +1201,10 @@ Proto_SecurityCheckRequest(ServiceConnection *conn, + VGAuthError err; + gboolean isSecure = ServiceNetworkIsConnectionPrivateSuperUser(conn); + ++ if (conn->isPublic && req->reqType != PROTO_REQUEST_SESSION_REQ) { ++ return VGAUTH_E_PERMISSION_DENIED; ++ } ++ + switch (req->reqType) { + /* + * This comes over the public connection; alwsys let it through. +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb index 1c3545f960..4670a85a67 100644 --- a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb +++ b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb @@ -44,6 +44,7 @@ SRC_URI = "git://github.com/vmware/open-vm-tools.git;protocol=https;branch=maste file://0001-Make-HgfsConvertFromNtTimeNsec-aware-of-64-bit-time_.patch;patchdir=.. \ file://0002-hgfsServerLinux-Consider-64bit-time_t-possibility.patch;patchdir=.. \ file://0001-open-vm-tools-Correct-include-path-for-poll.h.patch;patchdir=.. \ + file://0001-Properly-check-authorization-on-incoming-guestOps-re.patch;patchdir=.. \ " UPSTREAM_CHECK_GITTAGREGEX = "stable-(?P<pver>\d+(\.\d+)+)" diff --git a/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.1.bb b/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb index 56db66b8eb..165a0e735b 100644 --- a/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.1.bb +++ b/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8" SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz" -SRC_URI[sha256sum] = "cb67b6491a618867fc4f9848f586019f1bb2ebd149f393afac5544ee55e4544f" +SRC_URI[sha256sum] = "5b272cd83b67d6288a234ea15f89ecd93b4fadda65eddc44e7b5fcb2f395b615" UPSTREAM_CHECK_URI = "https://github.com/appneta/tcpreplay/releases" diff --git a/meta-openembedded/meta-networking/recipes-support/wireshark/files/CVE-2022-3190.patch b/meta-openembedded/meta-networking/recipes-support/wireshark/files/CVE-2022-3190.patch new file mode 100644 index 0000000000..0b987700f5 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/wireshark/files/CVE-2022-3190.patch @@ -0,0 +1,145 @@ +From 4585d515b962f3b3a5e81caa64e13e8d9ed2e431 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Mon, 26 Sep 2022 12:47:00 +0530 +Subject: [PATCH] CVE-2022-3190 + +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/67326401a595fffbc67eeed48eb6c55d66a55f67] +CVE : CVE-2022-3190 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + epan/dissectors/packet-f5ethtrailer.c | 108 +++++++++++++------------- + 1 file changed, 56 insertions(+), 52 deletions(-) + +diff --git a/epan/dissectors/packet-f5ethtrailer.c b/epan/dissectors/packet-f5ethtrailer.c +index ed77dfd..b15b0d4 100644 +--- a/epan/dissectors/packet-f5ethtrailer.c ++++ b/epan/dissectors/packet-f5ethtrailer.c +@@ -2741,69 +2741,73 @@ dissect_dpt_trailer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *d + static gint + dissect_old_trailer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) + { +- proto_tree *type_tree = NULL; +- proto_item *ti = NULL; + guint offset = 0; +- guint processed = 0; +- f5eth_tap_data_t *tdata = (f5eth_tap_data_t *)data; +- guint8 type; +- guint8 len; +- guint8 ver; + + /* While we still have data in the trailer. For old format trailers, this needs + * type, length, version (3 bytes) and for new format trailers, the magic header (4 bytes). + * All old format trailers are at least 4 bytes long, so just check for length of magic. + */ +- while (tvb_reported_length_remaining(tvb, offset)) { +- type = tvb_get_guint8(tvb, offset); +- len = tvb_get_guint8(tvb, offset + F5_OFF_LENGTH) + F5_OFF_VERSION; +- ver = tvb_get_guint8(tvb, offset + F5_OFF_VERSION); +- +- if (len <= tvb_reported_length_remaining(tvb, offset) && type >= F5TYPE_LOW +- && type <= F5TYPE_HIGH && len >= F5_MIN_SANE && len <= F5_MAX_SANE +- && ver <= F5TRAILER_VER_MAX) { +- /* Parse out the specified trailer. */ +- switch (type) { +- case F5TYPE_LOW: +- ti = proto_tree_add_item(tree, hf_low_id, tvb, offset, len, ENC_NA); +- type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_low); +- +- processed = dissect_low_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); +- if (processed > 0) { +- tdata->trailer_len += processed; +- tdata->noise_low = 1; +- } +- break; +- case F5TYPE_MED: +- ti = proto_tree_add_item(tree, hf_med_id, tvb, offset, len, ENC_NA); +- type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_med); +- +- processed = dissect_med_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); +- if (processed > 0) { +- tdata->trailer_len += processed; +- tdata->noise_med = 1; +- } +- break; +- case F5TYPE_HIGH: +- ti = proto_tree_add_item(tree, hf_high_id, tvb, offset, len, ENC_NA); +- type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_high); +- +- processed = +- dissect_high_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); +- if (processed > 0) { +- tdata->trailer_len += processed; +- tdata->noise_high = 1; +- } +- break; ++ while (tvb_reported_length_remaining(tvb, offset) >= F5_MIN_SANE) { ++ /* length field does not include the type and length bytes. Add them back in */ ++ guint8 len = tvb_get_guint8(tvb, offset + F5_OFF_LENGTH) + F5_OFF_VERSION; ++ if (len > tvb_reported_length_remaining(tvb, offset) ++ || len < F5_MIN_SANE || len > F5_MAX_SANE) { ++ /* Invalid length - either a malformed trailer, corrupt packet, or not f5ethtrailer */ ++ return offset; ++ } ++ guint8 type = tvb_get_guint8(tvb, offset); ++ guint8 ver = tvb_get_guint8(tvb, offset + F5_OFF_VERSION); ++ ++ /* Parse out the specified trailer. */ ++ proto_tree *type_tree = NULL; ++ proto_item *ti = NULL; ++ f5eth_tap_data_t *tdata = (f5eth_tap_data_t *)data; ++ guint processed = 0; ++ ++ switch (type) { ++ case F5TYPE_LOW: ++ ti = proto_tree_add_item(tree, hf_low_id, tvb, offset, len, ENC_NA); ++ type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_low); ++ ++ processed = dissect_low_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); ++ if (processed > 0) { ++ tdata->trailer_len += processed; ++ tdata->noise_low = 1; + } +- if (processed == 0) { +- proto_item_set_len(ti, 1); +- return offset; ++ break; ++ case F5TYPE_MED: ++ ti = proto_tree_add_item(tree, hf_med_id, tvb, offset, len, ENC_NA); ++ type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_med); ++ ++ processed = dissect_med_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); ++ if (processed > 0) { ++ tdata->trailer_len += processed; ++ tdata->noise_med = 1; ++ } ++ break; ++ case F5TYPE_HIGH: ++ ti = proto_tree_add_item(tree, hf_high_id, tvb, offset, len, ENC_NA); ++ type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_high); ++ ++ processed = ++ dissect_high_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); ++ if (processed > 0) { ++ tdata->trailer_len += processed; ++ tdata->noise_high = 1; + } ++ break; ++ default: ++ /* Unknown type - malformed trailer, corrupt packet, or not f5ethtrailer - bali out*/ ++ return offset; ++ } ++ if (processed == 0) { ++ /* couldn't process trailer - bali out */ ++ proto_item_set_len(ti, 1); ++ return offset; + } + offset += processed; + } +-return offset; ++ return offset; + } /* dissect_old_trailer() */ + + /*---------------------------------------------------------------------------*/ +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb index 38fdbce892..1a4aedc139 100644 --- a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb +++ b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb @@ -15,6 +15,7 @@ SRC_URI += " \ file://0002-flex-Remove-line-directives.patch \ file://0003-bison-Remove-line-directives.patch \ file://0004-lemon-Remove-line-directives.patch \ + file://CVE-2022-3190.patch \ " UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" diff --git a/meta-openembedded/meta-oe/recipes-core/safec/safec/0001-strpbrk_s-Remove-unused-variable-len.patch b/meta-openembedded/meta-oe/recipes-core/safec/safec/0001-strpbrk_s-Remove-unused-variable-len.patch new file mode 100644 index 0000000000..4fd36ab8ab --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-core/safec/safec/0001-strpbrk_s-Remove-unused-variable-len.patch @@ -0,0 +1,42 @@ +From b1d7cc6495c541cdd99399b4d1a835997376dcbf Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 22 Aug 2022 23:42:33 -0700 +Subject: [PATCH] strpbrk_s: Remove unused variable len + +Fixes +error: variable 'len' set but not used [-Werror,-Wunused-but-set-variable] + +Upstream-Status: Submitted [https://github.com/rurban/safeclib/pull/123] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/extstr/strpbrk_s.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/extstr/strpbrk_s.c b/src/extstr/strpbrk_s.c +index 5bb7a0f8..2cf8a8be 100644 +--- a/src/extstr/strpbrk_s.c ++++ b/src/extstr/strpbrk_s.c +@@ -79,7 +79,6 @@ EXPORT errno_t _strpbrk_s_chk(char *dest, rsize_t dmax, char *src, rsize_t slen, + #endif + { + char *ps; +- rsize_t len; + + CHK_SRC_NULL("strpbrk_s", firstp) + *firstp = NULL; +@@ -121,7 +120,6 @@ EXPORT errno_t _strpbrk_s_chk(char *dest, rsize_t dmax, char *src, rsize_t slen, + while (*dest && dmax) { + + ps = src; +- len = slen; + while (*ps) { + + /* check for a match with the substring */ +@@ -130,7 +128,6 @@ EXPORT errno_t _strpbrk_s_chk(char *dest, rsize_t dmax, char *src, rsize_t slen, + return RCNEGATE(EOK); + } + ps++; +- len--; + } + dest++; + dmax--; diff --git a/meta-openembedded/meta-oe/recipes-core/safec/safec_3.7.1.bb b/meta-openembedded/meta-oe/recipes-core/safec/safec_3.7.1.bb index 5ffe7d7528..9dd6f1c7cc 100644 --- a/meta-openembedded/meta-oe/recipes-core/safec/safec_3.7.1.bb +++ b/meta-openembedded/meta-oe/recipes-core/safec/safec_3.7.1.bb @@ -9,7 +9,8 @@ inherit autotools pkgconfig S = "${WORKDIR}/git" SRCREV = "f9add9245b97c7bda6e28cceb0ee37fb7e254fd8" SRC_URI = "git://github.com/rurban/safeclib.git;branch=master;protocol=https \ -" + file://0001-strpbrk_s-Remove-unused-variable-len.patch \ + " COMPATIBLE_HOST = '(x86_64|i.86|powerpc|powerpc64|arm|aarch64|mips).*-linux' diff --git a/meta-openembedded/meta-oe/recipes-dbs/lmdb/files/0001-make-set-soname-on-liblmdb.patch b/meta-openembedded/meta-oe/recipes-dbs/lmdb/files/0001-make-set-soname-on-liblmdb.patch new file mode 100644 index 0000000000..312809d1d2 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/lmdb/files/0001-make-set-soname-on-liblmdb.patch @@ -0,0 +1,22 @@ +From b4d418bf3f78748d84e3cfb110833443eef34284 Mon Sep 17 00:00:00 2001 +From: Justin Bronder <jsbronder@cold-front.org> +Date: Thu, 25 Aug 2022 17:22:20 -0400 +Subject: [PATCH] make: set soname on liblmdb + +--- + libraries/liblmdb/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libraries/liblmdb/Makefile b/libraries/liblmdb/Makefile +index 1ec74e6..ea08cd6 100644 +--- a/libraries/liblmdb/Makefile ++++ b/libraries/liblmdb/Makefile +@@ -66,7 +66,7 @@ liblmdb.a: mdb.o midl.o + + liblmdb$(SOEXT): mdb.lo midl.lo + # $(CC) $(LDFLAGS) -pthread -shared -Wl,-Bsymbolic -o $@ mdb.o midl.o $(SOLIBS) +- $(CC) $(LDFLAGS) -pthread -shared -o $@ mdb.lo midl.lo $(SOLIBS) ++ $(CC) $(LDFLAGS) -pthread -shared -Wl,-soname,$@ -o $@ mdb.lo midl.lo $(SOLIBS) + + mdb_stat: mdb_stat.o liblmdb.a + mdb_copy: mdb_copy.o liblmdb.a diff --git a/meta-openembedded/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb b/meta-openembedded/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb index b58a36c446..a76d388d70 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb @@ -11,16 +11,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=153d07ef052c4a37a8fac23bc6031972" SRC_URI = "git://github.com/LMDB/lmdb.git;nobranch=1;protocol=https \ file://run-ptest \ file://0001-Makefile-use-libprefix-instead-of-libdir.patch \ + file://0001-make-set-soname-on-liblmdb.patch;patchdir=../.. \ " SRCREV = "8ad7be2510414b9506ec9f9e24f24d04d9b04a1a" -inherit base ptest +inherit ptest S = "${WORKDIR}/git/libraries/liblmdb" -LDFLAGS += "-Wl,-soname,lib${PN}.so.${PV}" - do_compile() { oe_runmake CC="${CC}" SOEXT=".so.${PV}" LDFLAGS="${LDFLAGS}" } diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch index 101a748776..52ca276da6 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch @@ -30,7 +30,16 @@ diff --git a/src/common/config_info.c b/src/common/config_info.c index e72e729..b482c20 100644 --- a/src/common/config_info.c +++ b/src/common/config_info.c -@@ -123,74 +123,6 @@ get_configdata(const char *my_exec_path, size_t *configdata_len) +@@ -38,7 +38,7 @@ + int i = 0; + + /* Adjust this to match the number of items filled below */ +- *configdata_len = 23; ++ *configdata_len = 14; + configdata = (ConfigData *) palloc(*configdata_len * sizeof(ConfigData)); + + configdata[i].name = pstrdup("BINDIR"); +@@ -123,74 +123,6 @@ configdata[i].setting = pstrdup(path); i++; diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch index 2256bccece..4a576d7172 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch @@ -1,4 +1,4 @@ -From 07e605015fad0621c3e67133ff9330a5c6318daa Mon Sep 17 00:00:00 2001 +From 258c6bd2ad96f2c42f1cb5f4c84e4ca5865059f0 Mon Sep 17 00:00:00 2001 From: Yi Fan Yu <yifan.yu@windriver.com> Date: Fri, 5 Feb 2021 17:15:42 -0500 Subject: [PATCH] configure.ac: bypass autoconf 2.69 version check @@ -14,12 +14,12 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> 1 file changed, 4 deletions(-) diff --git a/configure.ac b/configure.ac -index 04ef7be..0eb595b 100644 +index ffe878e..c39799b 100644 --- a/configure.ac +++ b/configure.ac @@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros - AC_INIT([PostgreSQL], [14.4], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) + AC_INIT([PostgreSQL], [14.5], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) -m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required. -Untested combinations of 'autoconf' and PostgreSQL versions are not diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc index bef33e6bb4..60d44ce979 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc @@ -205,7 +205,7 @@ do_install:append() { # multiple server config directory install -d -m 700 ${D}${sysconfdir}/default/${BPN} - if [ "${@d.getVar('enable_pam')}" = "pam" ]; then + if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/pam.d install -m 644 ${WORKDIR}/postgresql.pam ${D}${sysconfdir}/pam.d/postgresql fi diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb index 1daab22f92..1551d34053 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb @@ -11,7 +11,7 @@ SRC_URI += "\ file://0001-config_info.c-not-expose-build-info.patch \ " -SRC_URI[sha256sum] = "c23b6237c5231c791511bdc79098617d6852e9e3bdf360efd8b5d15a1a3d8f6a" +SRC_URI[sha256sum] = "d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30" CVE_CHECK_IGNORE += "\ CVE-2017-8806 \ diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache new file mode 100755 index 0000000000..f596207648 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache @@ -0,0 +1,77 @@ +#!/usr/bin/env node + +/// Usage: oe-npm-cache <cache-dir> <type> <key> <file-name> +/// <type> ... meta - metainformation about package +/// tgz - tarball + +const process = require("node:process"); + +module.paths.unshift("@@libdir@@/node_modules/npm/node_modules"); + +const cacache = require('cacache') +const fs = require('fs') + +// argv[0] is 'node', argv[1] is this script +const cache_dir = process.argv[2] +const type = process.argv[3] +const key = process.argv[4] +const file = process.argv[5] + +const data = fs.readFileSync(file) + +// metadata content is highly nodejs dependent; when cache entries are not +// found, place debug statements in 'make-fetch-happen/lib/cache/policy.js' +// (CachePolicy::satisfies()) +const xlate = { + 'meta': { + 'key_prefix': 'make-fetch-happen:request-cache:', + 'metadata': function() { + return { + time: Date.now(), + url: key, + reqHeaders: { + 'accept': 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*', + }, + resHeaders: { + "content-type": "application/json", + "status": 200, + }, + options: { + compress: true, + } + }; + }, + }, + + 'tgz': { + 'key_prefix': 'make-fetch-happen:request-cache:', + 'metadata': function() { + return { + time: Date.now(), + url: key, + reqHeaders: { + 'accept': '*/*', + }, + resHeaders: { + "content-type": "application/octet-stream", + "status": 200, + }, + options: { + compress: true, + }, + }; + }, + }, +}; + +const info = xlate[type]; +let opts = {} + +if (info.metadata) { + opts['metadata'] = info.metadata(); +} + +cacache.put(cache_dir, info.key_prefix + key, data, opts) + .then(integrity => { + console.log(`Saved content of ${key} (${file}).`); +}) diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb new file mode 100644 index 0000000000..a61dd5018f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb @@ -0,0 +1,21 @@ +DESCRIPTION = "OE helper for manipulating npm cache" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +SRC_URI = "\ + file://oe-npm-cache \ +" + +inherit native + +B = "${WORKDIR}/build" + +do_configure() { + sed -e 's!@@libdir@@!${libdir}!g' < '${WORKDIR}/oe-npm-cache' > '${B}/oe-npm-cache' +} + +do_install() { + install -D -p -m 0755 ${B}/oe-npm-cache ${D}${bindir}/oe-npm-cache +} + +RDEPENDS:${PN} = "nodejs-native" diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.8.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.10.bb index d5cf7d8b21..624ab2621a 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.8.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.10.bb @@ -33,7 +33,7 @@ SRC_URI:append:class-target = " \ " S = "${WORKDIR}/php-${PV}" -SRC_URI[sha256sum] = "b8815a5a02431453d4261e3598bd1f28516e4c0354f328c12890f257870e4c01" +SRC_URI[sha256sum] = "2de8e0402285f7c56887defe651922308aded58ba60befcf3b77720209e31f10" CVE_CHECK_IGNORE += "\ CVE-2007-2728 \ diff --git a/meta-openembedded/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb b/meta-openembedded/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb index cd586897a4..599416cb2a 100644 --- a/meta-openembedded/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb +++ b/meta-openembedded/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb @@ -29,6 +29,9 @@ EXTRA_OECMAKE += "${PLATFORM_CMAKE_FLAGS}" PACKAGE_BEFORE_PN += "${PN}-examples-python ${PN}-examples" FILES:${PN}-examples-python = "${bindir}/py*" FILES:${PN}-examples = "${bindir}" +# cec-client doesn't link with libcec, but uses LibCecInitialise to dlopen libcec, so do_package +# cannot add the runtime dependency automatically +RDEPENDS:${PN}-examples = "${PN}" RDEPENDS:${PN}-examples-python = "python3-${BPN} python3-core" # Create the wrapper for python3 diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch index fa273d4503..218c860fbd 100644 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch @@ -1,4 +1,4 @@ -From 7ef2621ab7adcedc099ed39acfb73c6fa835cbc3 Mon Sep 17 00:00:00 2001 +From 5cf1a5fe6f8a24f1c95a749e3f347eeed2f591dd Mon Sep 17 00:00:00 2001 From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> Date: Sun, 15 May 2022 05:04:10 +0000 Subject: [PATCH] Make netgroup support optional @@ -37,12 +37,12 @@ Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> 9 files changed, 43 insertions(+), 8 deletions(-) diff --git a/configure.ac b/configure.ac -index 59858df..5a7fc11 100644 +index 18e4223..0f87ea0 100644 --- a/configure.ac +++ b/configure.ac -@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], - [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) - AC_SUBST(EXPAT_LIBS) +@@ -117,7 +117,7 @@ CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + CC="$PTHREAD_CC" + AC_CHECK_FUNCS([pthread_condattr_setclock]) -AC_CHECK_FUNCS(clearenv fdatasync) +AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) @@ -50,7 +50,7 @@ index 59858df..5a7fc11 100644 if test "x$GCC" = "xyes"; then LDFLAGS="-Wl,--as-needed $LDFLAGS" diff --git a/meson.build b/meson.build -index 733bbff..d840926 100644 +index 7506231..2d9d67a 100644 --- a/meson.build +++ b/meson.build @@ -82,6 +82,7 @@ config_h.set('_GNU_SOURCE', true) @@ -164,10 +164,10 @@ index 056d9a8..36c2f3d 100644 } diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp -index 5027815..bcb040c 100644 +index 11e91c0..9ee0391 100644 --- a/src/polkitbackend/polkitbackendjsauthority.cpp +++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -1524,6 +1524,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, +@@ -1291,6 +1291,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, JS::CallArgs args = JS::CallArgsFromVp (argc, vp); @@ -175,7 +175,7 @@ index 5027815..bcb040c 100644 JS::RootedString usrstr (authority->priv->cx); usrstr = args[0].toString(); user = JS_EncodeStringToUTF8 (cx, usrstr); -@@ -1538,6 +1539,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, +@@ -1305,6 +1306,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, { is_in_netgroup = true; } @@ -233,7 +233,7 @@ index 3701ba1..e1d211e 100644 return g_test_run (); } diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c -index f97e0e0..fc52149 100644 +index 2103b17..b187a2f 100644 --- a/test/polkitbackend/test-polkitbackendjsauthority.c +++ b/test/polkitbackend/test-polkitbackendjsauthority.c @@ -137,12 +137,14 @@ test_get_admin_identities (void) diff --git a/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb b/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb index 9085c6d2fe..4ec0dc6ca3 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb @@ -82,3 +82,6 @@ do_configure:prepend() { } BBCLASSEXTEND = "native nativesdk" + +#CVE-2019-14906 is a RHEL specific vulnerability. +CVE_CHECK_IGNORE += "CVE-2019-14906" diff --git a/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/files/0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch b/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/files/0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch new file mode 100644 index 0000000000..8d5b8b6cbb --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/files/0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch @@ -0,0 +1,128 @@ +From 7a8c6a06c86e133e4346b1dc66483bd8d0d3c716 Mon Sep 17 00:00:00 2001 +From: John Ogness <john.ogness@linutronix.de> +Date: Tue, 24 Aug 2021 21:10:43 +0200 +Subject: [PATCH] minicoredumper: retry elf parsing as long as needed + +As was reported in github issue #2 ("maximum number of tries +insufficient, in rare cases, for elf parse"), the number of retries +for parsing a process may be insufficient. Rather than setting an +upper limit on the maximum number of retries, track the number of +headers seen. As long as the number of seen headers is greater than +the previous try, try again. + +In order to avoid introducing any new issues, preserve the behavior +of retrying at least 10 times, even if no new headers are seen. + +Reported-by: github.com/ssajal-wr +Signed-off-by: John Ogness <john.ogness@linutronix.de> + +Upstream-Status: Backport [7a8c6a06c86e133e4346b1dc66483bd8d0d3c716] + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + src/minicoredumper/corestripper.c | 30 +++++++++++++++++++++++------- + 1 file changed, 23 insertions(+), 7 deletions(-) + +diff --git a/src/minicoredumper/corestripper.c b/src/minicoredumper/corestripper.c +index d96d1df..c96b350 100644 +--- a/src/minicoredumper/corestripper.c ++++ b/src/minicoredumper/corestripper.c +@@ -761,7 +761,7 @@ static int init_log(struct dump_info *di) + typedef int elf_parse_cb(struct dump_info *di, Elf *elf, GElf_Phdr *phdr); + + static int do_elf_ph_parse(struct dump_info *di, GElf_Phdr *type, +- elf_parse_cb *callback) ++ elf_parse_cb *callback, size_t *phnum_found) + { + GElf_Ehdr ehdr_mem; + GElf_Ehdr *ehdr; +@@ -770,6 +770,9 @@ static int do_elf_ph_parse(struct dump_info *di, GElf_Phdr *type, + size_t phnum; + size_t cnt; + ++ if (phnum_found) ++ *phnum_found = 0; ++ + /* start from beginning of core */ + if (lseek64(di->elf_fd, 0, SEEK_SET) == -1) { + info("lseek failed: %s", strerror(errno)); +@@ -809,6 +812,9 @@ static int do_elf_ph_parse(struct dump_info *di, GElf_Phdr *type, + goto out; + } + ++ if (phnum_found) ++ *phnum_found = phnum; ++ + for (cnt = 0; cnt < phnum; cnt++) { + GElf_Phdr phdr_mem; + GElf_Phdr *phdr; +@@ -891,7 +897,7 @@ static int vma_cb(struct dump_info *di, Elf *elf, GElf_Phdr *phdr) + /* + * Tries to parse the found ELF headers and reads all vmas from it. + */ +-static int parse_vma_info(struct dump_info *di) ++static int parse_vma_info(struct dump_info *di, size_t *phnum_found) + { + unsigned long min_off = ULONG_MAX; + unsigned long max_len = 0; +@@ -911,7 +917,7 @@ static int parse_vma_info(struct dump_info *di) + memset(&type, 0, sizeof(type)); + type.p_type = PT_LOAD; + type.p_flags = PF_R; +- if (do_elf_ph_parse(di, &type, vma_cb) != 0) ++ if (do_elf_ph_parse(di, &type, vma_cb, phnum_found) != 0) + return -1; + + for (v = di->vma; v; v = v->next) { +@@ -1614,8 +1620,10 @@ int add_core_data(struct dump_info *di, off64_t dest_offset, size_t len, + */ + static int init_src_core(struct dump_info *di, int src) + { ++ size_t last_phnum = 0; + int tries = 0; + int ret = -1; ++ size_t phnum; + size_t len; + char *buf; + long pos; +@@ -1642,7 +1650,7 @@ again: + goto out; + + /* try to elf-parse the core to read vma info */ +- ret = parse_vma_info(di); ++ ret = parse_vma_info(di, &phnum); + + /* restore our position */ + if (lseek64(di->elf_fd, pos, SEEK_SET) == -1) +@@ -1653,9 +1661,17 @@ again: + + tries++; + +- /* maybe try again */ +- if (tries < 10) ++ if (phnum > last_phnum) { ++ /* new headers found, keep trying */ ++ last_phnum = phnum; + goto again; ++ } else if (tries < 10) { ++ /* ++ * even if no new headers are found, ++ * retry at least 10 times ++ */ ++ goto again; ++ } + + goto out; + } +@@ -2106,7 +2122,7 @@ static int dump_stacks(struct dump_info *di) + /* find and set the first task */ + memset(&type, 0, sizeof(type)); + type.p_type = PT_NOTE; +- do_elf_ph_parse(di, &type, note_cb); ++ do_elf_ph_parse(di, &type, note_cb, NULL); + } + + if (di->first_pid) +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb b/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb index bf99152942..0b934ee2d8 100644 --- a/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb +++ b/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb @@ -17,6 +17,7 @@ SRC_URI = "git://github.com/diamon/minicoredumper;protocol=https;branch=master \ file://0001-replace-pthread_mutexattr_setrobust_np-with-pthread_.patch \ file://minicoredumper.service \ file://minicoredumper.init \ + file://0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch \ " S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch index 740bcb5a7f..b023c80ae4 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch @@ -18,11 +18,9 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> bindings/swig/src/auditswig.i | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) -diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am -index dd9d934..61b486d 100644 --- a/bindings/swig/python3/Makefile.am +++ b/bindings/swig/python3/Makefile.am -@@ -22,6 +22,7 @@ +@@ -23,6 +23,7 @@ CONFIG_CLEAN_FILES = *.loT *.rej *.orig AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing $(PYTHON3_CFLAGS) AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) @@ -30,7 +28,7 @@ index dd9d934..61b486d 100644 LIBS = $(top_builddir)/lib/libaudit.la SWIG_FLAGS = -python -py3 -modern SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) -@@ -36,7 +37,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi +@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/li _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la nodist__audit_la_SOURCES = audit_wrap.c audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i @@ -39,8 +37,6 @@ index dd9d934..61b486d 100644 CLEANFILES = audit.py* audit_wrap.c *~ -diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i -index 21aafca..dd0f62c 100644 --- a/bindings/swig/src/auditswig.i +++ b/bindings/swig/src/auditswig.i @@ -39,7 +39,7 @@ signed @@ -48,10 +44,7 @@ index 21aafca..dd0f62c 100644 typedef unsigned __u32; typedef unsigned uid_t; -%include "/usr/include/linux/audit.h" -+%include "linux/audit.h" ++%include "../lib/audit.h" #define __extension__ /*nothing*/ %include <stdint.i> %include "../lib/libaudit.h" --- -2.17.1 - diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.7.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.8.bb index d77aec2964..c17899d4f6 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.7.bb +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.8.bb @@ -15,7 +15,7 @@ SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master;proto " S = "${WORKDIR}/git" -SRCREV = "f60b2d8f55c74be798a7f5bcbd6c587987f2578a" +SRCREV = "54a62e78792fe583267cf80da717ee480b8f42bc" inherit autotools python3native update-rc.d systemd @@ -71,7 +71,14 @@ FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" CONFFILES:auditd = "${sysconfdir}/audit/audit.rules" +do_configure:prepend() { + sed -e 's|buf\[];|buf[0];|g' ${STAGING_INCDIR}/linux/audit.h > ${S}/lib/audit.h + sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g' ${S}/lib/libaudit.h +} + do_install:append() { + sed -i -e 's|#include "audit.h"|#include <linux/audit.h>|g' ${D}${includedir}/libaudit.h + rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la diff --git a/meta-openembedded/meta-oe/recipes-support/gd/gd/0001-Fix-deprecared-function-prototypes.patch b/meta-openembedded/meta-oe/recipes-support/gd/gd/0001-Fix-deprecared-function-prototypes.patch new file mode 100644 index 0000000000..5ac5170721 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/gd/gd/0001-Fix-deprecared-function-prototypes.patch @@ -0,0 +1,115 @@ +From 6379331cd0647fc6f149f55e4505a9a92e4f159f Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 22 Aug 2022 22:43:26 -0700 +Subject: [PATCH] Fix deprecared function prototypes + +Fixes following errors: +error: a function definition without a prototype is deprecated in all versions of C and is not supported in C2x [-Werror,-Wdeprecated-non-prototype] + +Upstream-Status: Submitted [https://github.com/libgd/libgd/pull/835] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/gd_nnquant.c | 32 +++++++------------------------- + src/gd_tiff.c | 4 +--- + 2 files changed, 8 insertions(+), 28 deletions(-) + +diff --git a/src/gd_nnquant.c b/src/gd_nnquant.c +index 8b9aa794..013f7160 100644 +--- a/src/gd_nnquant.c ++++ b/src/gd_nnquant.c +@@ -112,12 +112,7 @@ typedef struct { + + /* Initialise network in range (0,0,0,0) to (255,255,255,255) and set parameters + ----------------------------------------------------------------------- */ +-static void initnet(nnq, thepic, len, sample, colours) +-nn_quant *nnq; +-unsigned char *thepic; +-int len; +-int sample; +-int colours; ++static void initnet(nn_quant *nnq, unsigned char *thepic, int len, int sample, int colours) + { + register int i; + register int *p; +@@ -163,9 +158,7 @@ static void unbiasnet(nn_quant *nnq) + } + + /* Output colormap to unsigned char ptr in RGBA format */ +-static void getcolormap(nnq, map) +-nn_quant *nnq; +-unsigned char *map; ++static void getcolormap(nn_quant *nnq, unsigned char *map) + { + int i,j; + for(j=0; j < nnq->netsize; j++) { +@@ -232,9 +225,7 @@ static void inxbuild(nn_quant *nnq) + + /* Search for ABGR values 0..255 (after net is unbiased) and return colour index + ---------------------------------------------------------------------------- */ +-static unsigned int inxsearch(nnq, al,b,g,r) +-nn_quant *nnq; +-register int al, b, g, r; ++static unsigned int inxsearch(nn_quant *nnq, int al, int b, int g, int r) + { + register int i, j, dist, a, bestd; + register int *p; +@@ -306,9 +297,7 @@ register int al, b, g, r; + + /* Search for biased ABGR values + ---------------------------- */ +-static int contest(nnq, al,b,g,r) +-nn_quant *nnq; +-register int al,b,g,r; ++static int contest(nn_quant *nnq, int al, int b, int g, int r) + { + /* finds closest neuron (min dist) and updates freq */ + /* finds best neuron (min dist-bias) and returns position */ +@@ -362,9 +351,7 @@ register int al,b,g,r; + /* Move neuron i towards biased (a,b,g,r) by factor alpha + ---------------------------------------------------- */ + +-static void altersingle(nnq, alpha,i,al,b,g,r) +-nn_quant *nnq; +-register int alpha,i,al,b,g,r; ++static void altersingle(nn_quant *nnq, int alpha, int i,int al, int b, int g, int r) + { + register int *n; + +@@ -382,10 +369,7 @@ register int alpha,i,al,b,g,r; + /* Move adjacent neurons by precomputed alpha*(1-((i-j)^2/[r]^2)) in radpower[|i-j|] + --------------------------------------------------------------------------------- */ + +-static void alterneigh(nnq, rad,i,al,b,g,r) +-nn_quant *nnq; +-int rad,i; +-register int al,b,g,r; ++static void alterneigh(nn_quant *nnq, int rad, int i, int al,int b,int g, int r) + { + register int j,k,lo,hi,a; + register int *p, *q; +@@ -429,9 +413,7 @@ register int al,b,g,r; + /* Main Learning Loop + ------------------ */ + +-static void learn(nnq, verbose) /* Stu: N.B. added parameter so that main() could control verbosity. */ +-nn_quant *nnq; +-int verbose; ++static void learn(nn_quant *nnq, int verbose) /* Stu: N.B. added parameter so that main() could control verbosity. */ + { + register int i,j,al,b,g,r; + int radius,rad,alpha,step,delta,samplepixels; +diff --git a/src/gd_tiff.c b/src/gd_tiff.c +index 7f72b610..3d90e61a 100644 +--- a/src/gd_tiff.c ++++ b/src/gd_tiff.c +@@ -446,9 +446,7 @@ BGD_DECLARE(void) gdImageTiffCtx(gdImagePtr image, gdIOCtx *out) + } + + /* Check if we are really in 8bit mode */ +-static int checkColorMap(n, r, g, b) +-int n; +-uint16_t *r, *g, *b; ++static int checkColorMap(int n, uint16_t *r, uint16_t *g, uint16_t *b) + { + while (n-- > 0) + if (*r++ >= 256 || *g++ >= 256 || *b++ >= 256) diff --git a/meta-openembedded/meta-oe/recipes-support/gd/gd_2.3.3.bb b/meta-openembedded/meta-oe/recipes-support/gd/gd_2.3.3.bb index 9d4ee1fe4b..cc2c1571e6 100644 --- a/meta-openembedded/meta-oe/recipes-support/gd/gd_2.3.3.bb +++ b/meta-openembedded/meta-oe/recipes-support/gd/gd_2.3.3.bb @@ -14,6 +14,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ace63adfdac78400fc30fa22ee9c1bb1" DEPENDS = "freetype libpng jpeg zlib tiff" SRC_URI = "git://github.com/libgd/libgd.git;nobranch=1;protocol=https \ + file://0001-Fix-deprecared-function-prototypes.patch \ " SRCREV = "b5319a41286107b53daa0e08e402aa1819764bdc" diff --git a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb index 7ec6ae15f6..947ca75388 100644 --- a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb +++ b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb @@ -49,6 +49,7 @@ do_configure:prepend() { do_compile:prepend() { sed -i 's/(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am/(MAKE) $(AM_MAKEFLAGS) install-exec-am/g' ${S}/keygen/Makefile.in + echo "" > ${B}/xrdp_configure_options.h } do_install:append() { diff --git a/meta-openembedded/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.16.bb b/meta-openembedded/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.16.bb index 8545eb50f7..a9eec69502 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.16.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.16.bb @@ -5,7 +5,7 @@ protocols should be able to share." HOMEPAGE = "http://search.cpan.org/dist/Authen-SASL/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://lib/Authen/SASL/Perl.pm;beginline=1;endline=3;md5=17123315bbcda19f484c07227594a609" DEPENDS = "perl" diff --git a/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-hmac-perl_1.03.bb b/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-hmac-perl_1.03.bb index 51a2ad3498..43b7f4d5a9 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-hmac-perl_1.03.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-hmac-perl_1.03.bb @@ -3,7 +3,7 @@ DESCRIPTION = "Keyed-Hashing for Message Authentication" HOMEPAGE = "http://search.cpan.org/~gaas/Digest-HMAC-1.03/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=13;endline=17;md5=da980cdc026faa065e5d5004115334e6" RDEPENDS:${PN} = "libdigest-sha1-perl perl-module-extutils-makemaker perl-module-digest-md5" diff --git a/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-sha1-perl_2.13.bb b/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-sha1-perl_2.13.bb index cd63675128..df89c9bcdb 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-sha1-perl_2.13.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-sha1-perl_2.13.bb @@ -3,7 +3,7 @@ DESCRIPTION = "Digest::SHA1 - Perl interface to the SHA-1 algorithm" HOMEPAGE = "http://search.cpan.org/~gaas/Digest-SHA1-2.13/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=10;endline=14;md5=ff5867ebb4bc1103a7a416aef2fce00a" SRC_URI = "http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/Digest-SHA1-${PV}.tar.gz \ diff --git a/meta-openembedded/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb b/meta-openembedded/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb index 1d04f0054f..6249fd1d78 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb @@ -9,7 +9,7 @@ mod_perl." HOMEPAGE = "http://search.cpan.org/dist/IO-Socket-SSL/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://META.yml;beginline=12;endline=12;md5=963ce28228347875ace682de56eef8e8" RDEPENDS:${PN} += "\ diff --git a/meta-openembedded/meta-perl/recipes-perl/libipc/libipc-signal-perl_1.00.bb b/meta-openembedded/meta-perl/recipes-perl/libipc/libipc-signal-perl_1.00.bb index 389be2c16c..203db7b10c 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libipc/libipc-signal-perl_1.00.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libipc/libipc-signal-perl_1.00.bb @@ -5,7 +5,7 @@ dealing with signals." HOMEPAGE = "http://search.cpan.org/~rosch/IPC-Signal-1.00/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=16;endline=18;md5=f36550f59a0ae5e6e3b0be6a4da60d26" S = "${WORKDIR}/IPC-Signal-${PV}" diff --git a/meta-openembedded/meta-perl/recipes-perl/libmime/libmime-types-perl_2.17.bb b/meta-openembedded/meta-perl/recipes-perl/libmime/libmime-types-perl_2.17.bb index 2c06728ed2..d1f6f8c59c 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libmime/libmime-types-perl_2.17.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libmime/libmime-types-perl_2.17.bb @@ -8,7 +8,7 @@ one known mime type." HOMEPAGE = "http://search.cpan.org/~markov/MIME-Types-${PV}" SECTION = "libraries" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://META.yml;beginline=11;endline=11;md5=963ce28228347875ace682de56eef8e8" SRC_URI = "http://search.cpan.org/CPAN/authors/id/M/MA/MARKOV/MIME-Types-${PV}.tar.gz \ diff --git a/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb b/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb index 293f421205..dcc5ea88b1 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb @@ -6,7 +6,7 @@ deleting or modifying entries." SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=3;endline=5;md5=4d6588c2fa0d38ae162f6314d201d89e" SRC_URI = "${CPAN_MIRROR}/authors/id/M/MA/MARSCHAP/perl-ldap-${PV}.tar.gz" diff --git a/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-telnet-perl_3.05.bb b/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-telnet-perl_3.05.bb index d7d4201048..d1365f269c 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-telnet-perl_3.05.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-telnet-perl_3.05.bb @@ -11,7 +11,7 @@ shell." HOMEPAGE = "http://search.cpan.org/dist/Net-Telnet/" SECTION = "Development/Libraries" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=4;endline=7;md5=e94ab3b72335e3cdadd6c1ff736dd714" SRC_URI = "http://search.cpan.org/CPAN/authors/id/J/JR/JROGERS/Net-Telnet-${PV}.tar.gz" diff --git a/meta-openembedded/meta-perl/recipes-perl/libproc/libproc-waitstat-perl_1.00.bb b/meta-openembedded/meta-perl/recipes-perl/libproc/libproc-waitstat-perl_1.00.bb index ffd87ed0b5..643a704a1d 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libproc/libproc-waitstat-perl_1.00.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libproc/libproc-waitstat-perl_1.00.bb @@ -5,7 +5,7 @@ on wait status values." HOMEPAGE = "http://search.cpan.org/~rosch/Proc-WaitStat/" SECTION = "libraries" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=21;endline=23;md5=f36550f59a0ae5e6e3b0be6a4da60d26" RDEPENDS:${PN} += "perl libipc-signal-perl" diff --git a/meta-openembedded/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0134.bb b/meta-openembedded/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0134.bb index c2898a9012..c2ea47ae5b 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0134.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0134.bb @@ -8,7 +8,7 @@ your programs." HOMEPAGE = "http://search.cpan.org/dist/XML-LibXML-1.99/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" DEPENDS += "libxml2 \ libxml-sax-perl-native \ zlib \ |