diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2021-03-11 23:29:47 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2021-03-13 18:40:38 +0300 |
| commit | 776d5d2fd95e177490624f4f2f1b2f91a20a3e77 (patch) | |
| tree | 817f022609fec946e1a3a978e196b61b472cfad9 /meta-openembedded | |
| parent | b19a422d594a25d91f16f5071b99cf77cd34014a (diff) | |
| download | openbmc-776d5d2fd95e177490624f4f2f1b2f91a20a3e77.tar.xz | |
subtree updates
meta-openembedded: 5bba79488b..346681e7bf:
Andrej Kozemcak (1):
libuv: fix CVE-2020-8252
Dan Murphy (1):
mariadb: Fix 64bit builds if pam is enabled
Dmitry Baryshkov (2):
xterm: install xterm and uxterm desktop files
xterm: provide virtual/x-terminal-emulator
Haiqing Bai (1):
python-urllib3/python3-urllib3: fix CVE-2020-7212
Harpritkaur Bhandari (1):
rapidjson: Upgrade SRCREV to latest
Khem Raj (8):
iscsi-initiator-utils: Upgrade to _2.1.2
iscsi-initiator-utils: Silence a clang warning on 64bit systems
python-grpcio-tools: Add missing space for append
gedit: Inherit python3targetconfig
openipmi: Inherit python3targetconfig
libplist: Inherit python3targetconfig
postgresql: Inherit python3targetconfig
python3-pykwalify: Do not unset _PYTHON_SYSCONFIGDATA_NAME
Leon Anavi (2):
sip3: Consolidate in a single file
sip3: Upgrade 4.19.19 -> 4.19.23
Mario Schuknecht (1):
dnsmasq: Fix systemd service
Martin Jansa (3):
networkd-dispatcher: use git fetcher
wireguard-module: remove PKG assignment
graphviz: use git fetcher instead of gitlab archives
Mikko Rapeli (2):
flatbuffers: whitelist CVE-2020-35864
giflib: apply patch for CVE-2019-15133 and set CVE_PRODUCT
Sean Nyekjaer (1):
gpsd: mark CLEANBROKEN
Søren Andersen (1):
zram: fix sourcing of zram parameters
Vyacheslav Yurkov (1):
python3-aiohttp: added missing RDEPENDs
Zang Ruochen (1):
openldap: upgrade 2.4.50 -> 2.4.51
akuster (2):
enca: Fix SRC_URI
meta-oe/README: add Ubuntu prerequisite information
changqing.li@windriver.com (1):
celt051: update SRC_URI
zangrc (2):
iscsi-initiator-utils: upgrade 2.1.2 -> 2.1.3
openldap: upgrade 2.4.51 -> 2.4.56
zhengruoqin (1):
openldap: upgrade 2.4.56 -> 2.4.57
meta-raspberrypi: 9879932097..77190af02d:
Aurelian Zanoschi (2):
rpi-config: Add support for CM4 host USB
[documentation]Add USB host support in documentation
poky: 7ea41de137..d20ef1f5a5:
Alexander Kanavin (9):
oeqa/ptest: print a warning if ptests failed
ca-certificates: correct upstream version check
bitbake: lib/bb/fetch2/__init__.py: drop _PYTHON_SYSCONFIGDATA_NAME unsetting
p11-kit: upgrade 0.23.20 -> 0.23.21
python3: split python target configuration into own class
python3-pycairo: use python3targetconfig
distutils3-base.bbclass: use python3targetconfig
meta: drop _PYTHON_SYSCONFIGDATA_NAME hacks
gpgme: use python3targetconfig
Anatol Belski (1):
glib-2.0: Rename patch file for CVE-2020-35457
Andrei Gherzan (2):
oe/recipeutils: Fix copying patches when BBLAYERS entries are not normalised
qemu: Backport patch to avoid assertion fails on icache line size
Anuj Mittal (3):
python3: fix CVE-2021-3177
linux-yocto: update genericx86 to v5.4.87
linux-yocto: update genericx86* to v5.4.94
Awais Belal (1):
kernel.bbclass: fix deployment for initramfs images
Bruce Ashfield (5):
linux-yocto/5.4: update to v5.4.90
linux-yocto-rt/5.4: fix 5.4-stable caused build breakage
linux-yocto/5.4: update to v5.4.94
linux-yocto/5.4: update to v5.4.96
linux-yocto/5.4: update to v5.4.98
Chris Laplante (2):
cve-check: introduce CVE_CHECK_RECIPE_FILE variable to allow changing of per-recipe check file
cve-check: add CVE_CHECK_REPORT_PATCHED variable to suppress reporting of patched CVEs
Dorinda (8):
sanity: Verify that user isn't building in PSEUDO_IGNORE_PATHS
sanity.bbclass: sanity check for if bitbake is present in PATH
sanity.bbclass: Check if PSEUDO_IGNORE_PATHS and paths under pseudo control overlap
oe-pkgdata-util: Check if environment script is initialized
meta/recipes-bsp: Add HOMEPAGE / DESCRIPTION
meta/recipes-connectivity: Add HOMEPAGE / DESCRIPTION
meta/recipes-devtools: Add HOMEPAGE / DESCRIPTION
meta/recipes-core: Add HOMEPAGE / DESCRIPTION
Jack Mitchell (1):
distutils3: allow setup.py to be run from a different directory to ${S}
Jan-Simon Möller (2):
package_rpm: Enable use_source_date_epoch_as_buildtime in package_rpm class
reproducible_builds: SOURCE_DATE_EPOCH should not be 0
Joe Slater (1):
pseudo: fix renaming to self
Jon Mason (1):
gcc-9.3.inc: Fix potential runtime crash
Joshua Watt (3):
oeqa: reproducible: Fix SSTATE_MIRRORS variable
oeqa: reproducible: Add more logging
libomxil: Fix up commercial license flag
Julien Massot (1):
rng-tools: fix rngd_jitter initialization
Khem Raj (1):
python3targetconfig.bbclass: Make py3 dep and tasks only for target recipes
Lee Chee Yang (8):
cve-check: replace Looseversion with custom version class
cve_check: add CVE_VERSION_SUFFIX to indicate suffix in versioning
openssl: set CVE_VERSION_SUFFIX
wic/selftest: test_permissions also test bitbake image
p11-kit: upgrade 0.23.21 -> 0.23.22
sudo: 1.8.31 -> 1.8.32
go: update to 1.14.15
libsdl2: fix CVE-2020-14409 CVE-2020-14410
Marek Vasut (1):
weston-init: Fix weston-keyboard path in weston.ini
Mark Hatle (1):
package.bbclass: hash equivalency and pr service
Martin Jansa (5):
base.bbclass: use os.path.normpath instead of just comparing WORKDIR and S as strings
license.bbclass: Add COMMON_LICENSE_DIR and LICENSE_PATH dirs to PSEUDO_IGNORE_PATHS
image_types.bbclass: tar: use posix format instead of gnu
icu: backport fix for rare random genrb segmentation fault
sstatesig.py: show an error instead of warning when sstate manifest isn't found
Matt Hoosier (1):
bitbake: fetch/git: download LFS content too during do_fetch
Mauro Queirós (3):
bitbake: git.py: skip smudging if lfs=0 is set
bitbake: git.py: LFS bitbake note should not be printed if need_lfs is not set.
bitbake: git.py: Use the correct branch to check if the repository has LFS objects.
Michael Halstead (3):
uninative: Upgrade to 2.10
yocto-uninative.inc: version 2.11 updates glibc to 2.33
yocto-uninative.inc: version 3.0 incorporate seccomp filter workaround
Milan Shah (1):
report-error.bbclass: Add layer and bitbake version info to error report
Mingli Yu (2):
tcl: adapt to potential pseudo changes
bitbake.conf: Exclude ${CCACHE_DIR} from pseudo database
Minjae Kim (2):
bind: fix CVE-2020-8625
librepo: fix CVE-2020-14352
Naveen Saini (1):
linux-yocto: update genericx86* SRCREV for 5.4
Oleksiy Obitotskyy (2):
flex: Fix --noline option behavior
dtc: improve reproducibility
Oleksiy Obitotskyy yIEf0zt.mo (1):
toolchain-shar-relocate.sh: Fix handling files with colons
Ovidiu Panait (1):
timezone: upgrade to 2021a
Paul Barker (8):
bitbake.conf: Prevent pyc file generation in pseudo context
wic: Add workdir argument
wic: Allow exec_native_cmd to run HOSTTOOLS
wic: Ensure internal workdir is not reused
image_types_wic: Move wic working directory
wic: Update pseudo db when excluding content from rootfs
wic: Copy rootfs dir if fstab needs updating
wic: Optimise fstab modification for ext2/3/4 and msdos partitions
Peter Bergin (1):
buildhistory.bbclass: avoid exception for empty BUILDHISTORY_FEATURES variable
Peter Kjellerstedt (5):
pseudo: Simplify pseudo_client_ignore_path_chroot()
lib/oe/path: Add canonicalize()
bitbake.conf: Canonicalize paths in PSEUDO_IGNORE_PATHS
wic: Pass canonicalized paths in PSEUDO_IGNORE_PATHS
asciidoc: Switch to using the main branch
Ricardo Ribalda (1):
classes/image_types_wic: Reorder do_flush_pseudodb
Ricardo Ribalda Delgado (5):
wic: Fix permissions when using exclude or include path
wic: Fix multi images .wks with bitbake
wic: Avoid creating invalid pseudo directory
wic: Add --change-directory argument
oeqa: wic: Add tests for permissions and change-directory
Richard Purdie (63):
pseudo: Switch to oe-core branch in git repo
pseudo: merge in fixes for setfacl issue
pseudo: Update to add OFC fcntl lock updates
pseudo: Ignore mismatched inodes from the db
pseudo: Add support for ignoring paths from the pseudo DB
pseudo: Abort on mismatch patch
psuedo: Add tracking of linked files for fds
pseudo: Fix xattr segfault
pseudo: Add may unlink patch
pseudo: Add pathfix patch
base/bitbake.conf: Enable pseudo path filtering
wic: Handle new PSEUDO_IGNORE_PATHS variable
pseudo: Fix statx function usage
bitbake.conf: Extend PSEUDO_IGNORE_PATHS to ${COREBASE}/meta
abi_version,sanity: Tell users TMPDIR must be clean after pseudo changes
pseudo: Update to account for patches merged on branch
pseudo: Upgrade to include mkostemp64 wrapper
oeqa/selftest/runtime_test: Exclude gpg directory from pseudo database
uninative: Don't use single sstate for pseudo-native
pseudo: Drop patches merged into upstream branch
bitbake.conf: Add /run/ to PSEUDO_IGNORE_PATHS
pseudo: Add lchmod wrapper
pseudo: Update for arm host and memleak fixes/cleanup
ncurses: Don't put terminfo into the sysroot
python3: Avoid installing test data into recipe-sysroot
staging: Clean up files installed into the sysroot
pseudo: Update to include passwd and file renaming fixes
package: Ensure do_packagedata is cleaned correctly
qemu.inc: Should depend on qemu-system-native, not qemu-native
image_types: Ensure tar archives are reproducible
opkg: Fix build reproducibility issue
opkg: Fix patch glitches
build-appliance-image: Update to dunfell head revision
poky.conf: Drop OELAYOUT_ABI poking
pseudo: Update to work with glibc 2.33
pseudo: Update for rename and faccessat fixes
pseudo: Update to include fixes for glibc 2.33
quilt: Be determnistic about column presence
buildtools-extended-tarball: Add glibc-gconvs needed for build
cwautomacros: Ensure version is set deterministically
vim: Improve determinism
vim: Fix a race over creation of the desktop files
watchdog: Fix determinism issue from sendmail host path
watchdog: Avoid reproducibility failures after fixing build
xorg-fonts-minimal: Fix reproducibility
xorg-minimal-fonts: Really fix determinism
xmlto: Fix reproducibility
groff: Fix determinism issue
oeqa/commands: Fix compatibility with python 3.9
selftest/reproducible: Don't call sync between each file compare
bitbake: __init__.py: Fix bitbake debug log handling
linux-firmware: upgrade 20201218 -> 20210208
image: Add directories to PSEUDO_IGNORE_PATHS
populate_sdk: Add directories to PSEUDO_IGNORE_PATHS
bitbake.conf/image: Move image specific PSEUDO_IGNORE_PATHS to image class
bitbake.conf: Split PSEUDO_IGNORE_PATHS to be more readable
maintainers: Update email address for Victor
libevdev: Update patch status to backport
ca-certificates: Clean up two patches and submit upstream
libpcre: Drop old/stale patch
reproducible: Improve SOURCE_DATE_EPOCH_FALLBACK handling
package/package_rpm: Disable font_provides configuration for reproducibilty
cups: Fix reproducibility issues
Ross Burton (3):
flex: fix build with autoconf 2.70
core-image-sato-sdk-ptest: these images need ptest
ovmf-shell-image: image is only buildable on x86-64
Scott Murray (2):
u-boot: fix CVE-2020-8432 and CVE-2020-10648
screen: fix CVE-2021-26937
Sourabh Banerjee (1):
layer.conf: fix sanity error for PATH variable in extensible SDK workflow
Stefan Ghinea (1):
wpa-supplicant: fix CVE-2021-0326
Steve Sakoman (2):
documentation: prepare for 3.1.6 release
poky.conf: Bump version for 3.1.6 release
Teoh Jay Shen (1):
oeqa/runlevel : add test for runlevels
Thomas Viehweger (1):
mtd-utils: Remove duplicate assignments to alternative link names
Tomasz Dziendzielski (9):
pseudo: Update to print PSEUDO_LOGFILE in abort message on path mismatches
devtool: Fix source extraction for gcc shared source
externalsrc: Fix parsing error with devtool non-git sources
devtool: Fix file:// fetcher symlink directory structure
selftest/devtool: Add modify_localfiles_only test checking symlink path
externalsrc: Detect code changes in submodules
python3: Use addtask statement instead of task dependencies
lib/oe/patch.py: Ignore scissors line on applying patch
sstatesig: Add descriptive error message to getpwuid/getgrgid "uid/gid not found" KeyError
Vivien Didelot (2):
local.conf.sample.extended: fix double 'of' typo
local.conf.sample.extended: prefer INIT_MANAGER
Vyacheslav Yurkov (1):
npm.bbclass: use python3 for npm config
Wang Mingyu (2):
ca-certificates: upgrade 20190110 -> 20200601
openssl: upgrade 1.1.1i -> 1.1.1j
Wes Lindauer (1):
df.py: Add feature check for read-only-rootfs
Yi Fan Yu (2):
oeqa/selftest/cases/tinfoil.py: increase timeout 10->60s test_wait_event
strace: increase ptest timeout duration 120->240s
Yoann Congal (1):
npm.bbclass: avoid building target nodejs for native npm recipes
Zbigniew Bodek (1):
wpebackend-fdo: Fix missing .so symlink when using dev package
akuster (1):
cve-check.bbclass: add layer to cve log
saloni (2):
libgcrypt: Whitelisted CVEs
libcroco: Added CVE
zangrc (1):
flex: Refresh patch
zhengruoqin (1):
ca-certificates: upgrade 20200601 -> 20210119
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I9ffc795f097a364d73d89d01d893cde9e7946d70
Diffstat (limited to 'meta-openembedded')
31 files changed, 236 insertions, 67 deletions
diff --git a/meta-openembedded/meta-gnome/recipes-gnome/gedit/gedit_3.34.1.bb b/meta-openembedded/meta-gnome/recipes-gnome/gedit/gedit_3.34.1.bb index 850ba4df98..d6c8957dc1 100644 --- a/meta-openembedded/meta-gnome/recipes-gnome/gedit/gedit_3.34.1.bb +++ b/meta-openembedded/meta-gnome/recipes-gnome/gedit/gedit_3.34.1.bb @@ -19,7 +19,7 @@ DEPENDS = " \ gtksourceview4 \ " -inherit gnomebase gsettings itstool gnome-help gobject-introspection gtk-doc vala gettext features_check upstream-version-is-even mime-xdg +inherit gnomebase gsettings itstool gnome-help gobject-introspection gtk-doc vala gettext features_check upstream-version-is-even mime-xdg python3targetconfig REQUIRED_DISTRO_FEATURES = "x11" diff --git a/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0001-Makefile-Do-not-set-Werror.patch b/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0001-Makefile-Do-not-set-Werror.patch new file mode 100644 index 0000000000..d5e0deb899 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0001-Makefile-Do-not-set-Werror.patch @@ -0,0 +1,31 @@ +From 31d88f46bfc67de2659991674253a5d5dfb92afc Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 12 Aug 2020 12:00:29 -0700 +Subject: [PATCH] Makefile: Do not set -Werror + +clang finds more warnings which causes build to fail, disable treating +warning as errors + +Upstream-Status: Inappropriate [OE-Specific] + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + usr/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/usr/Makefile b/usr/Makefile +index 21bb154..0018605 100644 +--- a/usr/Makefile ++++ b/usr/Makefile +@@ -35,7 +35,7 @@ endif + PKG_CONFIG = /usr/bin/pkg-config + + CFLAGS ?= -O2 -g +-WARNFLAGS ?= -Wall -Wextra -Werror -Wstrict-prototypes -fno-common ++WARNFLAGS ?= -Wall -Wextra -Wstrict-prototypes -fno-common + CFLAGS += $(WARNFLAGS) -I../include -I. -D_GNU_SOURCE \ + -I$(TOPDIR)/libopeniscsiusr + CFLAGS += $(shell $(PKG_CONFIG) --cflags libkmod) +-- +2.28.0 + diff --git a/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_2.1.0.bb b/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_2.1.3.bb index 97b5563574..4a9cf9db40 100644 --- a/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_2.1.0.bb +++ b/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_2.1.3.bb @@ -12,9 +12,10 @@ DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d) LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRCREV ?= "549f8987be49583bb06b117a364bea3a8fc5250c" +SRCREV ?= "34e3ffb194f6fa3028c0eb2ff57e7db2d1026771" SRC_URI = "git://github.com/open-iscsi/open-iscsi \ + file://0001-Makefile-Do-not-set-Werror.patch \ file://initd.debian \ file://99_iscsi-initiator-utils \ file://iscsi-initiator \ @@ -23,9 +24,6 @@ SRC_URI = "git://github.com/open-iscsi/open-iscsi \ file://set_initiatorname \ " S = "${WORKDIR}/git" -B = "${WORKDIR}/build" - -PV .= "+git${SRCPV}" inherit update-rc.d systemd autotools pkgconfig @@ -34,7 +32,7 @@ EXTRA_OECONF = " \ --host=${BUILD_SYS} \ " -EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', '--without-systemd', d)}" +EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', '--without-systemd NO_SYSTEMD=1', d)}" EXTRA_OEMAKE = ' \ OS="${TARGET_SYS}" \ @@ -43,7 +41,6 @@ EXTRA_OEMAKE = ' \ MANDIR="${mandir}" \ OPTFLAGS="-DNO_SYSTEMD ${CFLAGS}" \ PKG_CONFIG="${STAGING_BINDIR_NATIVE}/pkg-config" \ - NO_SYSTEMD=1 \ ' diff --git a/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.0.1.bb b/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.0.1.bb index 6b73506c2a..61d656b7ca 100644 --- a/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.0.1.bb +++ b/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.0.1.bb @@ -12,9 +12,10 @@ inherit features_check systemd RDEPENDS_${PN} = "python3-pygobject python3-dbus" REQUIRED_DISTRO_FEATURES = "systemd" -SRC_URI = "https://gitlab.com/craftyguy/networkd-dispatcher/-/archive/${PV}/networkd-dispatcher-${PV}.tar.bz2" -SRC_URI[md5sum] = "304d7dcc21331ea295e207f8493cb8d8" -SRC_URI[sha256sum] = "21f84c3646a043329dc64787e4e58dfce592b2559b0e3069af82c469805660c2" +SRCREV = "333ef1ed1d7c7c17264fcf7629e5c2f78ab4112c" +SRC_URI = "git://gitlab.com/craftyguy/networkd-dispatcher;protocol=https" + +S = "${WORKDIR}/git" SYSTEMD_PACKAGES = "${PN}" SYSTEMD_SERVICE_${PN} = "networkd-dispatcher.service" diff --git a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20200401.bb b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20200401.bb index 45324c02a1..e8891c4428 100644 --- a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20200401.bb +++ b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20200401.bb @@ -22,13 +22,6 @@ MAKE_TARGETS = "module" RRECOMMENDS_${PN} = "kernel-module-xt-hashlimit" MODULE_NAME = "wireguard" -# Kernel module packages MUST begin with 'kernel-module-', otherwise -# multilib image generation can fail. -# -# The following line is only necessary if the recipe name does not begin -# with kernel-module-. -PKG_${PN} = "kernel-module-${MODULE_NAME}" - module_do_install() { install -d ${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel/${MODULE_NAME} install -m 0644 ${MODULE_NAME}.ko \ diff --git a/meta-openembedded/meta-networking/recipes-support/celt051/celt051_git.bb b/meta-openembedded/meta-networking/recipes-support/celt051/celt051_git.bb index 12b9124f74..c3e4cbbe6d 100644 --- a/meta-openembedded/meta-networking/recipes-support/celt051/celt051_git.bb +++ b/meta-openembedded/meta-networking/recipes-support/celt051/celt051_git.bb @@ -16,7 +16,7 @@ PV = "0.5.1.3+git${SRCPV}" SRCREV = "5555aae843f57241d005e330b9cb65602d56db0f" -SRC_URI = "git://git.xiph.org/celt.git;branch=compat-v0.5.1;protocol=https \ +SRC_URI = "git://gitlab.xiph.org/xiph/celt.git;branch=compat-v0.5.1;protocol=https \ file://0001-configure.ac-make-tools-support-optional.patch \ file://0001-tests-Include-entcode.c-into-test-sources-to-provide.patch \ " diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/files/dnsmasq-resolvconf.service b/meta-openembedded/meta-networking/recipes-support/dnsmasq/files/dnsmasq-resolvconf.service index 2980f7def6..ef2f3f7e41 100644 --- a/meta-openembedded/meta-networking/recipes-support/dnsmasq/files/dnsmasq-resolvconf.service +++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/files/dnsmasq-resolvconf.service @@ -8,7 +8,7 @@ PIDFile=/run/dnsmasq.pid ExecStartPre=/usr/bin/dnsmasq --test ExecStart=/usr/bin/dnsmasq -x /run/dnsmasq.pid -7 /etc/dnsmasq.d --local-service ExecStartPost=/usr/bin/dnsmasq-resolvconf-helper start -ExecStopPre=/usr/bin/dnsmasq-resolvconf-helper stop +ExecStop=/usr/bin/dnsmasq-resolvconf-helper stop ExecStop=/bin/kill $MAINPID ExecReload=/bin/kill -HUP $MAINPID diff --git a/meta-openembedded/meta-networking/recipes-support/openipmi/openipmi_2.0.29.bb b/meta-openembedded/meta-networking/recipes-support/openipmi/openipmi_2.0.29.bb index 85634a70eb..6918485870 100644 --- a/meta-openembedded/meta-networking/recipes-support/openipmi/openipmi_2.0.29.bb +++ b/meta-openembedded/meta-networking/recipes-support/openipmi/openipmi_2.0.29.bb @@ -38,7 +38,7 @@ S = "${WORKDIR}/OpenIPMI-${PV}" SRC_URI[md5sum] = "46b452e95d69c92e4172b3673ed88d52" SRC_URI[sha256sum] = "2244124579afb14e569f34393e9ac61e658a28b6ffa8e5c0d2c1c12a8ce695cd" -inherit autotools-brokensep pkgconfig python3native perlnative update-rc.d systemd cpan-base +inherit autotools-brokensep pkgconfig python3native perlnative update-rc.d systemd cpan-base python3targetconfig EXTRA_OECONF = "--disable-static \ --with-perl='${STAGING_BINDIR_NATIVE}/perl-native/perl' \ diff --git a/meta-openembedded/meta-oe/README b/meta-openembedded/meta-oe/README index f5a4bda065..972c830356 100644 --- a/meta-openembedded/meta-oe/README +++ b/meta-openembedded/meta-oe/README @@ -14,6 +14,9 @@ e.g. on archlinux based distributions install prerequisites like below pacman -S lib32-gcc-libs lib32-glibc +Ubuntu +sudo apt-get install gcc-multilib + Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-oe][dunfell]' in the subject' When sending single patches, please use something like: diff --git a/meta-openembedded/meta-oe/recipes-connectivity/libuv/libuv/CVE-2020-8252.patch b/meta-openembedded/meta-oe/recipes-connectivity/libuv/libuv/CVE-2020-8252.patch new file mode 100644 index 0000000000..dd99b44873 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/libuv/libuv/CVE-2020-8252.patch @@ -0,0 +1,41 @@ +From 0e6e8620496dff0eb285589ef1e37a7f407f3ddd Mon Sep 17 00:00:00 2001 +From: Ben Noordhuis <info@bnoordhuis.nl> +Date: Mon, 24 Aug 2020 11:42:27 +0200 +Subject: [PATCH] unix: don't use _POSIX_PATH_MAX + +Libuv was using _POSIX_PATH_MAX wrong. Bug introduced in commit b56d279b +("unix: do not require PATH_MAX to be defined") from September 2018. + +_POSIX_PATH_MAX is the minimum max path size guaranteed by POSIX, not +the actual max path size of the system libuv runs on. _POSIX_PATH_MAX +is always 256, the real max is often much bigger. + +This commit fixes buffer overruns when processing very long paths in +uv_fs_readlink() and uv_fs_realpath() because libuv was not allocating +enough memory to store the result. + +Fixes: https://github.com/libuv/libuv/issues/2965 +PR-URL: https://github.com/libuv/libuv/pull/2966 + +Upstream-Status: Backport [https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd] +CVE: CVE-2020-8252 +Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> +--- + src/unix/internal.h | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/unix/internal.h b/src/unix/internal.h +index 30711673e0..9d3c2297f8 100644 +--- a/src/unix/internal.h ++++ b/src/unix/internal.h +@@ -62,9 +62,7 @@ + # include <AvailabilityMacros.h> + #endif + +-#if defined(_POSIX_PATH_MAX) +-# define UV__PATH_MAX _POSIX_PATH_MAX +-#elif defined(PATH_MAX) ++#if defined(PATH_MAX) + # define UV__PATH_MAX PATH_MAX + #else + # define UV__PATH_MAX 8192 diff --git a/meta-openembedded/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb b/meta-openembedded/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb index deeaa2b15c..7577207318 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb @@ -5,7 +5,8 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=a68902a430e32200263d182d44924d47" SRCREV = "533b738838ad8407032e14b6772b29ef9af63cfa" -SRC_URI = "git://github.com/libuv/libuv;branch=v1.x" +SRC_URI = "git://github.com/libuv/libuv;branch=v1.x \ + file://CVE-2020-8252.patch" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc index 1a86bc0446..9f7203c40d 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc @@ -167,8 +167,12 @@ do_install() { mv ${D}${datadir}/doc/README ${D}${datadir}/doc/${PN}/ fi if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then - mv ${D}/lib/security ${D}/${libdir} - rmdir --ignore-fail-on-non-empty ${D}/lib + pam_so=$(find ${D} -name pam_user_map.so) + if [ x"${pam_so}" != x ]; then + pam_dir=$(dirname ${pam_so}) + mv ${pam_dir} ${D}/${libdir} + rmdir --ignore-fail-on-non-empty ${pam_dir%security} + fi fi } diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc index 5b5bfb0886..2294a3de42 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc @@ -36,7 +36,7 @@ LEAD_SONAME = "libpq.so" # LDFLAGS for shared libraries export LDFLAGS_SL = "${LDFLAGS}" -inherit autotools pkgconfig perlnative python3native useradd update-rc.d systemd gettext cpan-base +inherit autotools pkgconfig perlnative python3native python3targetconfig useradd update-rc.d systemd gettext cpan-base CFLAGS += "-I${STAGING_INCDIR}/${PYTHON_DIR} -I${STAGING_INCDIR}/tcl8.6" diff --git a/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers_1.12.0.bb b/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers_1.12.0.bb index c31cef63cf..7b8d47d8df 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers_1.12.0.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers_1.12.0.bb @@ -14,6 +14,9 @@ SRCREV = "6df40a2471737b27271bdd9b900ab5f3aec746c7" SRC_URI = "git://github.com/google/flatbuffers.git" +# affects only flatbuffers rust crate +CVE_CHECK_WHITELIST += "CVE-2020-35864" + # Make sure C++11 is used, required for example for GCC 4.9 CXXFLAGS += "-std=c++11 -fPIC" BUILD_CXXFLAGS += "-std=c++11 -fPIC" diff --git a/meta-openembedded/meta-oe/recipes-devtools/giflib/files/CVE-2019-15133.patch b/meta-openembedded/meta-oe/recipes-devtools/giflib/files/CVE-2019-15133.patch new file mode 100644 index 0000000000..9957be82f3 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/giflib/files/CVE-2019-15133.patch @@ -0,0 +1,23 @@ +From 799eb6a3af8a3dd81e2429bf11a72a57e541f908 Mon Sep 17 00:00:00 2001 +From: "Eric S. Raymond" <esr@thyrsus.com> +Date: Sun, 17 Mar 2019 12:37:21 -0400 +Subject: [PATCH] Address SF bug #119: MemorySanitizer: FPE on unknown address + +--- + dgif_lib.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Upstream-status: Backport [https://sourceforge.net/p/giflib/code/ci/799eb6a3af8a3dd81e2429bf11a72a57e541f908/] +CVE: CVE-2019-15133 + +--- a/lib/dgif_lib.c 2021-01-13 19:28:18.923493586 +0100 ++++ b/lib/dgif_lib.c 2021-01-13 19:28:55.245863085 +0100 +@@ -1099,7 +1099,7 @@ DGifSlurp(GifFileType *GifFile) + + sp = &GifFile->SavedImages[GifFile->ImageCount - 1]; + /* Allocate memory for the image */ +- if (sp->ImageDesc.Width < 0 && sp->ImageDesc.Height < 0 && ++ if (sp->ImageDesc.Width <= 0 && sp->ImageDesc.Height <= 0 && + sp->ImageDesc.Width > (INT_MAX / sp->ImageDesc.Height)) { + return GIF_ERROR; + } diff --git a/meta-openembedded/meta-oe/recipes-devtools/giflib/giflib_5.1.4.bb b/meta-openembedded/meta-oe/recipes-devtools/giflib/giflib_5.1.4.bb index 21fa352cdc..1871bab46e 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/giflib/giflib_5.1.4.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/giflib/giflib_5.1.4.bb @@ -3,7 +3,12 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=ae11c61b04b2917be39b11f78d71519a" -SRC_URI = "${SOURCEFORGE_MIRROR}/giflib/${BP}.tar.bz2" +SRC_URI = " \ + ${SOURCEFORGE_MIRROR}/giflib/${BP}.tar.bz2 \ + file://CVE-2019-15133.patch \ +" + +CVE_PRODUCT = "giflib_project:giflib" inherit autotools diff --git a/meta-openembedded/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb b/meta-openembedded/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb index e3ed9c6a17..5b5c8b2570 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb @@ -4,10 +4,9 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://license.txt;md5=ba04aa8f65de1396a7e59d1d746c2125" -SRC_URI = "git://github.com/miloyip/rapidjson.git;nobranch=1 \ - file://0001-CMake-remove-hardcoded-CMAKECONFIG_INSTALL_DIR-path.patch" +SRC_URI = "git://github.com/miloyip/rapidjson.git;nobranch=1" -SRCREV = "6a905f9311f82d306da77bd963ec5aa5da07da9c" +SRCREV = "0ccdbf364c577803e2a751f5aededce935314313" PV = "1.1.0+git${SRCPV}" diff --git a/meta-openembedded/meta-oe/recipes-devtools/sip/sip3_4.19.19.bb b/meta-openembedded/meta-oe/recipes-devtools/sip/sip3_4.19.19.bb deleted file mode 100644 index 010fa30fe3..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/sip/sip3_4.19.19.bb +++ /dev/null @@ -1,11 +0,0 @@ -require sip.inc - -DEPENDS = "python3" - -inherit python3-dir python3native - -PACKAGES += "python3-sip3" - -FILES_python3-sip3 = "${libdir}/${PYTHON_DIR}/site-packages/" -FILES_${PN}-dbg += "${libdir}/${PYTHON_DIR}/site-packages/.debug" - diff --git a/meta-openembedded/meta-oe/recipes-devtools/sip/sip.inc b/meta-openembedded/meta-oe/recipes-devtools/sip/sip3_4.19.23.bb index d8e32a7687..320755b844 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/sip/sip.inc +++ b/meta-openembedded/meta-oe/recipes-devtools/sip/sip3_4.19.23.bb @@ -1,16 +1,22 @@ SUMMARY = "SIP is a C++/Python Wrapper Generator" -HOMEPAGE = "http://www.riverbankcomputing.co.uk/sip" +HOMEPAGE = "https://riverbankcomputing.com/software/sip/" SECTION = "devel" LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://LICENSE-GPL2;md5=e91355d8a6f8bd8f7c699d62863c7303" SRC_URI = "https://www.riverbankcomputing.com/static/Downloads/sip/${PV}/sip-${PV}.tar.gz \ " -SRC_URI[md5sum] = "98111479309dc472410f26080d6d4a88" -SRC_URI[sha256sum] = "5436b61a78f48c7e8078e93a6b59453ad33780f80c644e5f3af39f94be1ede44" +SRC_URI[md5sum] = "70adc0c9734e2d9dcd241d3f931dfc74" +SRC_URI[sha256sum] = "22ca9bcec5388114e40d4aafd7ccd0c4fe072297b628d0c5cdfa2f010c0bc7e7" + +inherit python3-dir python3native S = "${WORKDIR}/sip-${PV}" +DEPENDS = "python3" + +PACKAGES += "python3-sip3" + BBCLASSEXTEND = "native" do_configure_prepend_class-target() { @@ -22,6 +28,7 @@ do_configure_prepend_class-target() { echo "sip_sip_dir = ${D}/${datadir}/sip" >> sip.cfg ${PYTHON} configure.py --configuration sip.cfg --sip-module PyQt5.sip --sysroot ${STAGING_DIR_HOST} CC="${CC}" CXX="${CXX}" LINK="${CXX}" STRIP="" LINK_SHLIB="${CXX}" CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" LFLAGS="${LDFLAGS}" } + do_configure_prepend_class-native() { echo "py_platform = linux" > sip.cfg echo "py_inc_dir = ${includedir}/python%(py_major).%(py_minor)${PYTHON_ABI}" >> sip.cfg @@ -31,6 +38,10 @@ do_configure_prepend_class-native() { echo "sip_sip_dir = ${D}/${datadir}/sip" >> sip.cfg ${PYTHON} configure.py --configuration sip.cfg --sip-module PyQt5.sip --sysroot=${STAGING_DIR_NATIVE} } + do_install() { oe_runmake install } + +FILES_python3-sip3 = "${libdir}/${PYTHON_DIR}/site-packages/" +FILES_${PN}-dbg += "${libdir}/${PYTHON_DIR}/site-packages/.debug" diff --git a/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_2.1.0.bb b/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_2.1.0.bb index 36659e752d..a990deb91f 100644 --- a/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_2.1.0.bb +++ b/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_2.1.0.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ebb5c50ab7cab4baeffba14977030c07 \ DEPENDS = "libxml2 glib-2.0 swig python3" -inherit autotools pkgconfig python3native +inherit autotools pkgconfig python3native python3targetconfig SRCREV = "3df02d4d0e9008771e8622fdc10de8333b3f0d85" SRC_URI = "git://github.com/libimobiledevice/libplist;protocol=https \ diff --git a/meta-openembedded/meta-oe/recipes-extended/zram/zram/zram-swap-init b/meta-openembedded/meta-oe/recipes-extended/zram/zram/zram-swap-init index 0643dbca23..ccc3aafe3a 100755 --- a/meta-openembedded/meta-oe/recipes-extended/zram/zram/zram-swap-init +++ b/meta-openembedded/meta-oe/recipes-extended/zram/zram/zram-swap-init @@ -14,7 +14,7 @@ fi ZRAM_SIZE_PERCENT=100 ZRAM_ALGORITHM=lz4 -[ -f /etc/default/zram ] && ./etc/default/zram || true +[ -f /etc/default/zram ] && . /etc/default/zram || true memtotal=$(grep MemTotal /proc/meminfo | awk ' { print $2 } ') memzram=$(($memtotal*${ZRAM_SIZE_PERCENT}/100)) diff --git a/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_2.40.1.bb b/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_2.40.1.bb index 12ecb99091..d393ae2a1c 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_2.40.1.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_2.40.1.bb @@ -19,13 +19,12 @@ DEPENDS_append_class-target = " ${BPN}-native" inherit autotools-brokensep pkgconfig gettext -# The source tarball suggested at -# https://graphviz.gitlab.io/_pages/Download/Download_source.html has no -# version in its name. So once graphviz is updgraded, only first time users will -# get checksum errors. Fedora people seem to expect same so they use a versioned -# source - see https://src.fedoraproject.org/cgit/rpms/graphviz.git/tree/graphviz.spec - -SRC_URI = "https://gitlab.com/graphviz/graphviz/-/archive/stable_release_${PV}/graphviz-stable_release_${PV}.tar.gz \ +# it was already moved from github.com/ellson/graphviz to https://gitlab.com/graphviz/graphviz/ +# but the later doesn't have stable_release_2.40.1 tag (anymore?), but it has corresponding commit: +# https://github.com/ellson/MOTHBALLED-graphviz/releases/tag/stable_release_2.40.1 +# https://gitlab.com/graphviz/graphviz/-/commit/67cd2e5121379a38e0801cc05cce5033f8a2a609 +SRCREV = "67cd2e5121379a38e0801cc05cce5033f8a2a609" +SRC_URI = "git://gitlab.com/${BPN}/${BPN}.git \ file://0001-plugin-pango-Include-freetype-headers-explicitly.patch \ " # Use native mkdefs @@ -33,10 +32,7 @@ SRC_URI_append_class-target = "\ file://0001-Use-native-mkdefs.patch \ file://0001-Set-use_tcl-to-be-empty-string-if-tcl-is-disabled.patch \ " -SRC_URI[md5sum] = "2acf30ca8e6cc8b001b0334db65fd072" -SRC_URI[sha256sum] = "e6c3f8dbfde1c4523055403927bef29f97f9fc12715c1042b5dcf648a2c1c62a" - -S = "${WORKDIR}/${BPN}-stable_release_${PV}" +S = "${WORKDIR}/git" EXTRA_OECONF_class-target = "\ --with-expatincludedir=${STAGING_INCDIR} \ diff --git a/meta-openembedded/meta-oe/recipes-graphics/xorg-app/xterm_353.bb b/meta-openembedded/meta-oe/recipes-graphics/xorg-app/xterm_353.bb index 6de704d0b7..06c285924d 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/xorg-app/xterm_353.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/xorg-app/xterm_353.bb @@ -1,6 +1,6 @@ require recipes-graphics/xorg-app/xorg-app-common.inc SUMMARY = "xterm is the standard terminal emulator for the X Window System" -DEPENDS = "libxaw xorgproto libxext libxau libxinerama libxpm ncurses" +DEPENDS = "libxaw xorgproto libxext libxau libxinerama libxpm ncurses desktop-file-utils-native" LIC_FILES_CHKSUM = "file://xterm.h;beginline=3;endline=31;md5=996b1ce0584c0747b17b57654cc81e8e" @@ -13,6 +13,9 @@ SRC_URI[sha256sum] = "e521d3ee9def61f5d5c911afc74dd5c3a56ce147c7071c74023ea24cac PACKAGECONFIG ?= "" PACKAGECONFIG[xft] = "--enable-freetype,--disable-freetype,libxft fontconfig freetype-native" +# Let xterm install .desktop files +inherit mime-xdg + EXTRA_OECONF = " --x-includes=${STAGING_INCDIR} \ --x-libraries=${STAGING_LIBDIR} \ FREETYPE_CONFIG=${STAGING_BINDIR_CROSS}/freetype-config \ @@ -30,7 +33,16 @@ do_configure() { oe_runconf } +do_install_append() { + oe_runmake install-desktop DESTDIR="${D}" DESKTOP_FLAGS="--dir=${D}${DESKTOPDIR}" +} + +RPROVIDES_${PN} = "virtual/x-terminal-emulator" + # busybox can supply resize too inherit update-alternatives -ALTERNATIVE_${PN} = "resize" +ALTERNATIVE_${PN} = "resize x-terminal-emulator" +ALTERNATIVE_TARGET[x-terminal-emulator] = "${bindir}/xterm" +# rxvt-unicode defaults to priority 10. Let's be one point lower to let it override xterm. +ALTERNATIVE_PRIORITY[x-terminal-emulator] = "9" diff --git a/meta-openembedded/meta-oe/recipes-navigation/gpsd/gpsd_3.19.bb b/meta-openembedded/meta-oe/recipes-navigation/gpsd/gpsd_3.19.bb index f74ebda5f1..05fbed6227 100644 --- a/meta-openembedded/meta-oe/recipes-navigation/gpsd/gpsd_3.19.bb +++ b/meta-openembedded/meta-oe/recipes-navigation/gpsd/gpsd_3.19.bb @@ -23,6 +23,8 @@ SYSTEMD_OESCONS = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'f export STAGING_INCDIR export STAGING_LIBDIR +CLEANBROKEN = "1" + PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} usb" PACKAGECONFIG[bluez] = "bluez='true',bluez='false',bluez5" PACKAGECONFIG[qt] = "qt='yes' qt_versioned=5,qt='no',qtbase" diff --git a/meta-openembedded/meta-oe/recipes-support/enca/enca_1.9.bb b/meta-openembedded/meta-oe/recipes-support/enca/enca_1.9.bb index bf19843b2f..b0ba3aedef 100644 --- a/meta-openembedded/meta-oe/recipes-support/enca/enca_1.9.bb +++ b/meta-openembedded/meta-oe/recipes-support/enca/enca_1.9.bb @@ -1,21 +1,20 @@ SUMMARY = "Enca is an Extremely Naive Charset Analyser" SECTION = "libs" -HOMEPAGE = "http://trific.ath.cx/software/enca/" +HOMEPAGE = "https://cihar.com/software/enca/" DEPENDS += "gettext-native" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=24b9569831c46d4818450b55282476b4" -SRC_URI = "http://www.sourcefiles.org/Networking/Tools/Miscellanenous/enca-${PV}.tar.bz2 \ +SRC_URI = "https://dl.cihar.com/enca/enca-${PV}.tar.gz \ file://configure-hack.patch \ file://dont-run-tests.patch \ file://configure-remove-dumbness.patch \ file://makefile-remove-tools.patch \ file://libenca-003-iconv.patch " -SRC_URI[md5sum] = "b3581e28d68d452286fb0bfe58bed3b3" -SRC_URI[sha256sum] = "02acfef2b24a9c842612da49338138311f909f1cd33933520c07b8b26c410f4d" +SRC_URI[sha256sum] = "75a38ed23bac37cc12166cc5edc8335c3af862adc202f84823d3aef3e2208e47" inherit autotools diff --git a/meta-openembedded/meta-oe/recipes-support/openldap/openldap_2.4.50.bb b/meta-openembedded/meta-oe/recipes-support/openldap/openldap_2.4.57.bb index 3a130f970c..a282523a3c 100644 --- a/meta-openembedded/meta-oe/recipes-support/openldap/openldap_2.4.50.bb +++ b/meta-openembedded/meta-oe/recipes-support/openldap/openldap_2.4.57.bb @@ -7,7 +7,7 @@ HOMEPAGE = "http://www.OpenLDAP.org/license.html" # basically BSD. opensource.org does not record this license # at present (so it is apparently not OSI certified). LICENSE = "OpenLDAP" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=5391b559d23a2237bdb21e7a62dae7c3 \ +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=b6dea6c170362fc46381fe3690c722cb \ file://LICENSE;md5=153d07ef052c4a37a8fac23bc6031972 \ " SECTION = "libs" @@ -25,8 +25,8 @@ SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$ file://remove-user-host-pwd-from-version.patch \ " -SRC_URI[md5sum] = "f9ed44ef373abed04c9e4c8586260f9e" -SRC_URI[sha256sum] = "5cb57d958bf5c55a678c6a0f06821e0e5504d5a92e6a33240841fbca1db586b8" +SRC_URI[md5sum] = "e3349456c3a66e5e6155be7ddc3f042c" +SRC_URI[sha256sum] = "c7ba47e1e6ecb5b436f3d43281df57abeffa99262141aec822628bc220f6b45a" DEPENDS = "util-linux groff-native" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python-grpcio-tools.inc b/meta-openembedded/meta-python/recipes-devtools/python/python-grpcio-tools.inc index 1a15c48de0..6675f904c1 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python-grpcio-tools.inc +++ b/meta-openembedded/meta-python/recipes-devtools/python/python-grpcio-tools.inc @@ -2,7 +2,7 @@ DESCRIPTION = "Google gRPC tools" HOMEPAGE = "http://www.grpc.io/" SECTION = "devel/python" -DEPENDS_append = "${PYTHON_PN}-grpcio" +DEPENDS_append = " ${PYTHON_PN}-grpcio" RDEPENDS_${PN} = "${PYTHON_PN}-grpcio" LICENSE = "Apache-2.0" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-aiohttp_3.6.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-aiohttp_3.6.2.bb index 121447cdb7..24eb021de8 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-aiohttp_3.6.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-aiohttp_3.6.2.bb @@ -13,9 +13,11 @@ RDEPENDS_${PN} = "\ ${PYTHON_PN}-async-timeout \ ${PYTHON_PN}-attrs \ ${PYTHON_PN}-chardet \ + ${PYTHON_PN}-html \ ${PYTHON_PN}-idna-ssl \ + ${PYTHON_PN}-json \ ${PYTHON_PN}-misc \ ${PYTHON_PN}-multidict \ - ${PYTHON_PN}-typing \ + ${PYTHON_PN}-netserver \ ${PYTHON_PN}-yarl \ " diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pykwalify_1.7.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pykwalify_1.7.0.bb index 1bbde6986a..9251eccebe 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pykwalify_1.7.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pykwalify_1.7.0.bb @@ -10,8 +10,8 @@ SRC_URI[sha256sum] = "7e8b39c5a3a10bc176682b3bd9a7422c39ca247482df198b402e8015de SRC_URI += "file://0001-rule.py-fix-missing-comma.patch" PYPI_PACKAGE = "pykwalify" + inherit setuptools3 pypi -unset _PYTHON_SYSCONFIGDATA_NAME RDEPENDS_${PN} = "\ ${PYTHON_PN}-dateutil \ diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3/CVE-2020-7212.patch b/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3/CVE-2020-7212.patch new file mode 100644 index 0000000000..df234e442b --- /dev/null +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3/CVE-2020-7212.patch @@ -0,0 +1,55 @@ +From aff951b7a41eb5b958b32c49eaa00da02adc9c2d Mon Sep 17 00:00:00 2001 +From: Quentin Pradet <quentin.pradet@gmail.com> +Date: Tue, 21 Jan 2020 22:32:56 +0400 +Subject: [PATCH] Optimize _encode_invalid_chars (#1787) + +Co-authored-by: Seth Michael Larson <sethmichaellarson@gmail.com> + +Upstream-Status: Backport +[from git://github.com/urllib3/urllib3.git commit:a2697e7c6b] +CVE: CVE-2020-7212 +Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> +--- + src/urllib3/util/url.py | 15 ++++++--------- + 1 file changed, 6 insertions(+), 9 deletions(-) + +diff --git a/src/urllib3/util/url.py b/src/urllib3/util/url.py +index 9675f74..e353937 100644 +--- a/src/urllib3/util/url.py ++++ b/src/urllib3/util/url.py +@@ -216,18 +216,15 @@ def _encode_invalid_chars(component, allowed_chars, encoding="utf-8"): + + component = six.ensure_text(component) + ++ # Normalize existing percent-encoded bytes. + # Try to see if the component we're encoding is already percent-encoded + # so we can skip all '%' characters but still encode all others. +- percent_encodings = PERCENT_RE.findall(component) +- +- # Normalize existing percent-encoded bytes. +- for enc in percent_encodings: +- if not enc.isupper(): +- component = component.replace(enc, enc.upper()) ++ component, percent_encodings = PERCENT_RE.subn( ++ lambda match: match.group(0).upper(), component ++ ) + + uri_bytes = component.encode("utf-8", "surrogatepass") +- is_percent_encoded = len(percent_encodings) == uri_bytes.count(b"%") +- ++ is_percent_encoded = percent_encodings == uri_bytes.count(b"%") + encoded_component = bytearray() + + for i in range(0, len(uri_bytes)): +@@ -237,7 +234,7 @@ def _encode_invalid_chars(component, allowed_chars, encoding="utf-8"): + if (is_percent_encoded and byte == b"%") or ( + byte_ord < 128 and byte.decode() in allowed_chars + ): +- encoded_component.extend(byte) ++ encoded_component += byte + continue + encoded_component.extend(b"%" + (hex(byte_ord)[2:].encode().zfill(2).upper())) + +-- +2.23.0 + diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3_1.25.7.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3_1.25.7.bb index 34c15b6c24..8d987a1f30 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3_1.25.7.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3_1.25.7.bb @@ -8,6 +8,8 @@ SRC_URI[sha256sum] = "f3c5fd51747d450d4dcf6f923c81f78f811aab8205fda64b0aba34a4e4 inherit pypi setuptools3 +SRC_URI += "file://CVE-2020-7212.patch" + RDEPENDS_${PN} += "\ ${PYTHON_PN}-certifi \ ${PYTHON_PN}-cryptography \ |