diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2024-01-05 20:33:25 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2024-01-06 03:50:23 +0300 |
| commit | 169d7bccc02da43f8574d030502cfcf9308f505f (patch) | |
| tree | 534ffb94b96dc656fa1d901137a4692326046e22 /poky/meta/recipes-connectivity | |
| parent | 3fc1d7253cd91f776585b1866a8fdc1f7cdbb318 (diff) | |
| download | openbmc-169d7bccc02da43f8574d030502cfcf9308f505f.tar.xz | |
subtree updates
meta-raspberrypi: fde68b24f0..4c033eb074:
Harunobu Kurokawa (1):
rpi-cmdline, rpi-u-boot-src: Support USB boot
meta-arm: 0b61cc659a..4d22f982bc:
Debbie Martin (2):
arm-systemready: Add parted dependency and inherit testimage
ci: Add Arm SystemReady firmware and IR ACS builds
Harsimran Singh Tungal (3):
arm-bsp/documentation: corstone1000: fix the steps in the user guide and instructions
corstone1000:arm-bsp/optee: Update optee to v4.0
corstone1000:arm-bsp/tftf: Fix tftf tests on mps3
Jon Mason (5):
arm/trusted-firmware-a: move patch file to bbappend
arm/trusted-firmware-a: update to 2.10
arm/hafnium: update to v2.10
CI: rename meta-secure-core directory
arm/edk2: update to 202311
Ross Burton (1):
CI: switch back to master
poky: 028b6f6226..4675bbb757:
Adrian Freihofer (4):
cmake-qemu.bbclass: make it more usable
oe-selftest: add a cpp-example recipe
oeqa/core/decorator: add skip if not qemu-usermode
oe-selftest: add tests for C and C++ build tools
Alassane Yattara (22):
bitbake: toaster/test: bug-fix on tests/browser/test_all_builds_page
bitbake: toaster/test: from test_no_builds_message.py wait for the empty state div to appear
bitbake: toaster/test: delay driver action until elements to appear
bitbake: toaster/tests: Ensure to kill toaster process create for tests functional
bitbake: toaster/tests: Added functional/utils, contains useful methods using by functional tests
bitbake: toaster/tests: Refactorize tests/functional
bitbake: toaster/tests: Bug fixes, functional tests dependent on each other
bitbake: toaster/tests: Fixes warnings in autobuilder
bitbake: toaster/tests: bug-fix tests writing files into /tmp on the autobuilders
bitbake: toaster/test: fix Copyright
bitbake: toaster/tests: logging warning in console, trying to kill unavailable Runbuilds process
bitbake: toaster/tests: Removed all time.sleep occurrence
bitbake: toaster/tests: Bug-Fix testcase functional/test_project_page_tab_config.py
bitbake: toaster/tests: bug-fix element click intercepted in browser/test_layerdetails_page.py
bitbake: toaster/tests: Update tests/functional/functional_helpers test_functional_basic
bitbake: toaster/tests: Fixes functional tests warning on autobuilder
bitbake: toaster/tests: Bug-fix test_functional_basic, delay driver actions
bitbake: toaster/tests: bug-fix An element matching "#projectstable" should be visible
bitbake: toaster/tests: bug-fix An element matching "#lastest_builds" should be on the page
bitbake: toaster/tests: Skip to show more then 100 item in ToasterTable
bitbake: toaster/tests: Bug-fix "#project-created-notification" should be visible
bitbake: toaster/toastergui: Bug-fix verify given layer path only if import/add local layer
Alex Bennée (1):
qemurunner: more cleanups for output blocking
Alex Kiernan (17):
cargo: Rename MANIFEST_PATH -> CARGO_MANIFEST_PATH
cargo: Move CARGO_MANIFEST_PATH/CARGO_SRC_DIR to cargo_common
rust: cargo: Convert single-valued variables to weak defaults
cargo: Add CARGO_LOCK_PATH for path to Cargo.lock
rust: Upgrade 1.70.0 -> 1.71.0
rust: Upgrade 1.71.0 -> 1.71.1
sstate-cache-management: Rewrite in python
devtool: selftest: Fix test_devtool_modify_git_crates_subpath inequality
devtool: selftest: Fix test_devtool_modify_git_crates_subpath bbappend check
meta-selftest: hello-rs: Simple rust test recipe
devtool: selftest: Swap to hello-rs for crates testing
zvariant: Drop recipe
rust: Upgrade 1.71.1 -> 1.72.0
rust: Upgrade 1.72.0 -> 1.72.1
rust: Upgrade 1.72.1 -> 1.73.0
rust: Upgrade 1.73.0 -> 1.74.0
rust: Upgrade 1.74.0 -> 1.74.1
Alexander Kanavin (21):
selftest/sstatetest: print output from bitbake with actual newlines, not \n
selftest/sstatetests: do not delete custom $TMPDIRs under build-st when testing printdiff
sstatesig/find_siginfo: special-case gcc-source when looking in sstate caches
oeqa/selftest/sstatetests: re-work CDN tests, add local cache tests
gobject-introspection: depend on setuptools to obtain distutils module
libcap-ng-python: depend on setuptools to obtain distutils copy
dnf: remove obsolete python3-gpg dependency (provided by gpgme)
gpgme: disable python support (until upstream fixes 3.12 compatibility)
python3-setuptools-rust: remove distutils dependency
python3-babel: replace distutils with setuptools, as supported by upstream
python3-pip: remove distutils depedency
glib-2.0: replace distutils dependency with setuptools
python3-pytest-runner: remove distutils dependency
python3-numpy: distutils is no longer required
bitbake: bitbake/codeparser.py: address ast module deprecations in py 3.12
glibc-y2038-tests: do not run tests using 32 bit time APIs
bitbake: bitbake/runqueue: add debugging for find_siginfo() calls
bitbake: bitbake-diffsigs/runqueue: adapt to reworked find_siginfo()
bitbake: bitbake/runqueue: prioritize local stamps over sstate signatures in printdiff
sstatesig/find_siginfo: unify a disjointed API
lib/sstatesig/find_siginfo: raise an error instead of returning None when obtaining mtime
Alexander Lussier-Cullen (6):
bitbake: toaster: fix pytest build test execution and test discovery
bitbake: toaster: Add verbose printout for missing chrome(driver) dependencies
bitbake: bitbake: toaster: add functional testing toaster error details
bitbake: toaster/tests: Exit tests on chromedriver creation failure
bitbake: toaster/tests: fix functional tests setup and teardown
bitbake: toaster/tests: fix chrome argument syntax and wait for driver exit
Alexandre Belloni (1):
oeqa/selftest/recipetool: stop looking for md5sum
Anuj Mittal (9):
sqlite3: upgrade 3.44.0 -> 3.44.2
base-passwd: upgrade 3.6.2 -> 3.6.3
bluez5: upgrade 5.70 -> 5.71
glib-2.0: upgrade 2.78.1 -> 2.78.3
glib-networking: upgrade 2.76.1 -> 2.78.0
puzzles: upgrade to latest revision
stress-ng: upgrade 0.17.01 -> 0.17.03
libusb1: fix upstream version check
enchant2: upgrade 2.6.2 -> 2.6.4
Archana Polampalli (1):
bluez5: fix CVE-2023-45866
Bruce Ashfield (31):
linux-yocto/6.5: cfg: split runtime and symbol debug
linux-yocto/6.5: update to v6.5.11
linux-yocto/6.1: update to v6.1.62
linux-yocto-dev: bump to v6.7
linux-yocto/6.5: update to v6.5.12
linux-yocto/6.5: update to v6.5.13
linux-yocto/6.1: update to v6.1.65
linux-yocto/6.1: drop removed IMA option
linux-yocto/6.5: drop removed IMA option
linux-yocto-rt/6.1: update to -rt18
linux-yocto/6.1: update to v6.1.66
linux-yocto/6.1: update to v6.1.67
linux-yocto/6.5: fix AB-INT: QEMU kernel panic: No irq handler for vector
linux-yocto/6.1: update to v6.1.68
oeqa/runtime/parselogs: add qemux86 ACPI ignore for kernel v6.6+
linux-libc-headers: update to v6.6-lts
linux-yocto: introduce 6.6 reference kernel
linux-yocto/6.6: fix AB-INT: QEMU kernel panic: No irq handler for vector
linux-yocto-rt/6.6: fix CVE exclusion include
linux-yocto/6.6: update CVE exclusions
linux-yocto/6.6: update to v6.6.8
linux-yocto/6.1: update to v6.1.69
linux-yocto/6.5: drop 6.5 recipes
linux-yocto-rt/6.6: correct meta data branch
linux-yocto/6.6: update to v6.6.9
linux-yocto/6.6: update CVE exclusions
linux-yocto/6.1: update to v6.1.70
linux-yocto/6.1: update CVE exclusions
linux-yocto/6.6: ARM fix configuration audit warning
linux-yocto/6.6: arm: jitter entropy backport
poky/poky-tiny: make 6.6 the default kernel
Changqing Li (1):
man-pages: remove conflict pages
Chen Qi (1):
devtool: use straight print in check-upgrade-status output
Clay Chang (1):
devtool: deploy: provide max_process to strip_execs
Daniel Ammann (1):
base: Unpack .7z files with p7zip
Deepthi Hemraj (1):
autoconf: Add missing perl modules to RDEPENDS
Dhairya Nagodra (2):
cve-update-nvd2-native: faster requests with API keys
cve-update-nvd2-native: increase the delay between subsequent request failures
Eilís 'pidge' Ní Fhlannagáin (3):
useradd: Fix issues with useradd dependencies
useradd: Add testcase for bugzilla issue (currently disabled)
usergrouptests.py: Add test for switching between static-ids
Enrico Scholz (1):
tcp-wrappers: drop libnsl2 build dependency
Etienne Cordonnier (2):
gdb/systemd: enable minidebuginfo support conditionally
manuals: document minidebuginfo
Fabio Estevam (3):
libdrm: Upgrade to 2.4.119
kmscube: Upgrade to latest revision
bmap-tools: Upgrade to 3.7
Hongxu Jia (2):
socat: 1.7.4.4 -> 1.8.0.0
man-db: 2.11.2 -> 2.12.0
Jason Andryuk (3):
linux-firmware: Package iwlwifi .pnvm files
linux-firmware: Change bnx2 packaging
linux-firmware: Create bnx2x subpackage
Jeremy A. Puhlman (1):
create-spdx-2.2: combine spdx can try to write before dir creation
Jermain Horsman (2):
lib/bblayers/makesetup.py: Remove unused imports
lib/bblayers/buildconf.py: Remove unused imports/variables
Jose Quaresma (2):
go: update 1.20.10 -> 1.20.11
go: update 1.20.11 -> 1.20.12
Joshua Watt (11):
bitbake: bitbake-hashserv: Add description of permissions
bitbake.conf: Add runtimedir
rpcbind: Specify state directory under /run
libinput: Add packageconfig for tests
ipk: Switch to using zstd compression
lib/oe/path.py: Add relsymlink()
lib/packagedata.py: Fix broken symlinks for providers with a '/'
bitbake: contrib/vim: Syntax improvements
classes-global/sstate: Fix variable typo
lib/packagedata.py: Add API to iterate over rprovides
classes-global/insane: Look up all runtime providers for file-rdeps
Julien Stephan (19):
recipetool: create_buildsys_python.py: initialize metadata
recipetool: create: add trailing newlines
recipetool: create: add new optional process_url callback for plugins
recipetool: create_buildsys_python: add pypi support
oeqa/selftest/recipetool: remove spaces on empty lines
oeqa/selftest/recipetool/devtool: add test for pypi class
recipetool: appendsrcfile(s): add dry-run mode
recipeutils: bbappend_recipe: fix undefined variable
recipeutils: bbappend_recipe: fix docstring
recipeutils: bbappend_recipe: add a way to specify the name of the file to add
recipeutils: bbappend_recipe: remove old srcuri entry if parameters are different
recipetool: appendsrcfile(s): use params instead of extraline
recipeutils: bbappend_recipe: allow to patch the recipe itself
recipetool: appendsrcfile(s): add a mode to update the recipe itself
oeqa/selftest/recipetool: appendsrfile: add test for machine
oeqa/selftest/recipetool: appendsrc: add test for update mode
oeqa/selftest/recipetool: add back checksum checks on pypi tests
oeqa/selftest/recipetool: remove left over from development
oeqa/selftest/recipetool: fix metadata corruption on meta layer
Kevin Hao (2):
beaglebone-yocto: Remove the redundant kernel-devicetree
beaglebone-yocto: Remove the obsolete variables for uImage
Khem Raj (13):
tiff: Backport fixes for CVE-2023-6277
kmod: Fix build with latest musl
elfutils: Use own basename API implementation
util-linux: Fix build with latest musl
sysvinit: Include libgen.h for basename API
attr: Fix build with latest musl
opkg: Use own version of portable basename function
util-linux: Delete md-raid tests
gdb: Update to gdb 14.1 release
systemd: Fix build with latest musl
qemu: Fix build with latest musl
qemu: Add packageconfig knob to enable pipewire support
weston: Include libgen.h for basename
Lee Chee Yang (5):
migration-guides: reword fix in release-notes-4.3.1
migration-guides: add release notes for 4.0.15
perlcross: update to 1.5.2
perl: 5.38.0 -> 5.38.2
curl: update to 8.5.0
Lucas Stach (1):
mesa: upgrade 23.2.1 -> 23.3.1
Ludovic Jozeau (1):
image-live.bbclass: LIVE_ROOTFS_TYPE support compression
Lukas Funke (1):
selftest: wic: add test for zerorize option of empty plugin
Malte Schmidt (1):
wic: extend empty plugin with options to write zeros to partiton
Markus Volk (3):
gtk4: upgrade 4.12.3 -> 4.12.4
libadwaita: update 1.4.0 -> 1.4.2
appstream: Upgrade 0.16.3 -> 1.0.0
Marlon Rodriguez Garcia (5):
bitbake: toaster/tests: Update build test
bitbake: toaster: Added new feature to import eventlogs from command line into toaster using replay functionality
bitbake: toaster: remove test and update setup to avoid rebuilding image
bitbake: toaster: Commandline build import table improvements
bitbake: toaster: Added validation to stop import if there is a build in progress
Marta Rybczynska (1):
bitbake: toastergui: verify that an existing layer path is given
Massimiliano Minella (1):
zstd: fix LICENSE statement
Michael Opdenacker (8):
test-manual: text and formatting fixes
test-manual: resource updates
test-manual: use working example
test-manual: add links to python unittest
test-manual: explicit or fix file paths
test-manual: add or improve hyperlinks
dev-manual: runtime-testing: fix test module name
poky.conf: update SANITY_TESTED_DISTROS to match autobuilder
Mikko Rapeli (1):
runqemu: match .rootfs. in addition to -image- for rootfs
Ming Liu (1):
grub: fs/fat: Don't error when mtime is 0
Mingli Yu (2):
python3-license-expression: Fix the ptest failure
ptest-packagelists.inc: Add python3-license-expression
Pavel Zhukov (2):
bitbake: utils: Do not create directories with ${ in the name
oeqa/selftest/bbtests: Add test for unexpanded variables in the dirname
Peter Kjellerstedt (11):
oeqa/selftest/devtool: Correct git clone of local repository
oeqa/selftest/devtool: Avoid global Git hooks when amending a patch
oeqa/selftest/devtool: Make test_devtool_load_plugin more resilient
oeqa/selftest/recipetool: Make test_recipetool_load_plugin more resilient
lib/oe/recipeutils: Avoid wrapping any SRC_URI[sha*sum] variables
recipetool: create: Improve identification of licenses
recipetool: create: Only include the expected SRC_URI checksums
devtool: upgrade: Update all existing checksums for the SRC_URI
devtool: modify: Make --no-extract work again
devtool: modify: Handle recipes with a menuconfig task correctly
dev-manual: Discourage the use of SRC_URI[md5sum]
Peter Marko (1):
dtc: preserve version also from shallow git clones
Philip Balister (1):
sanity.bbclass: Check for additional native perl modules.
Renat Khalikov (1):
python3-maturin: Add missing space appending to CFLAGS
Richard Purdie (41):
bitbake: runqueue: Improve inter setscene task dependency handling
bitbake: bb/toaster: Fix assertEquals deprecation warnings
bitbake: toaster: Fix assertRegexpMatches deprecation warnings
bitbake: toastermain/settings: Avoid python filehandle closure warnings
bitbake: toastergui: Fix regex markup issues
bitbake: bitbake: Move to version 2.6.1 to mark runqueue changes
bitbake: toaster-eventreplay: Remove ordering assumptions
sanity.conf: Require bitbake 2.6.1 for recent runqueue change
sstate: Remove unneeded code from setscene_depvalid() related to useradd
oeqa/runtime/systemd: Ensure test runs only on systemd images
bitbake: toaster: Update to use qemux86-64 machine by default
bitbake: toaster/tests/builds: Add BB_HASHSERVE passthrough
pseudo: Update to pull in syncfs probe fix
useradd: Fix useradd do_populate_sysroot dependency bug
sstate: Fix dir ownership issues in SSTATE_DIR
oeqa/sstatetests: Disable gcc source printdiff test for now
build-appliance-image: Update to master head revision
bitbake: utils: Fix mkdir with PosixPath
bitbake: runqueue: Remove tie between rqexe and starts_worker
build-appliance-image: Update to master head revision
testimage: Exclude wtmp from target-dumper commands
qemurunner: Improve stdout logging handling
qemurunner: Improve handling of serial port output blocking
oeqa/selftest/overlayfs: Don't overwrite DISTRO_FEATURES
testimage: Drop target_dumper and most of monitor_dumper
oeqa/selftest/overlayfs: Fix whitespace
qemu: Clean up DEPENDS
qemu: Ensure pip and the python venv aren't used for meson
curl: Disable two intermittently failing tests
linux/cve-exclusion6.1: Update to latest kernel point release
lib/prservice: Improve lock handling robustness
oeqa/selftest/prservice: Improve test robustness
scripts: Drop shell sstate-cache-management
oeqa/selftest/sstatetests: Update sstate management script tests to python script
curl: Disable test 1091 due to intermittent failures
bitbake: lib/bb: Add workaround for libgcc issues with python 3.8 and 3.9
bitbake: bitbake: Post release version bump to 2.7.0
bitbake: siggen: Ensure version of siggen is verified
bitbake: bitbake: Version bump for find_siginfo chanages
sstatesig: Add version information for find_sigingfo
sanity: Require bitbake 2.7.1
Robert Berger (1):
uninative-tarball.xz - reproducibility fix
Robert Yang (5):
gettext: Upgrade 0.22.3 -> 0.22.4
nfs-utils: Upgrade 2.6.3 -> 2.6.4
archiver.bbclass: Improve work-shared checking
nfs-utils: Update Upstream-Status
archiver.bbclass: Drop tarfile module to improve performance
Ross Burton (23):
avahi: update URL for new project location
oeqa/runtime/parselogs: load ignores from disk
oeqa/runtime/parselogs: migrate ignores
meta-yocto-bsp/oeqa/parselogs: add BSP-specific ignores
linux-yocto: update CVE exclusions
genericx86: remove redundant assignments
images: remove redundant IMAGE_BASENAME assignments
insane: ensure more paths have the workdir removed
tcl: skip timing-dependent tests in run-ptest
qemurunner: remove unused import
go: set vendor in CVE_PRODUCT
runqemu: add qmp socket support
linux-yocto: update CVE exclusions
tcl: skip async and event tests in run-ptest
images: add core-image-initramfs-boot
machine/arch-armv9: remove crc and sve tunes, they are mandatory
python3: re-enable profile guided optimisation
openssl: mark assembler sections as call targets for PAC/BTI support on aarch64
nativesdk: ensure features don't get backfilled
nativesdk: don't unset MACHINE_FEATURES, let machine-sdk/ set it
conf/machine-sdk: declare qemu-usermode SDK_MACHINE_FEATURE
libseccomp: remove redundant PV assignment
oeqa/parselogs-ignores-qemuarmv5: add comments and organise
Saul Wold (1):
package.py: OEHasPackage: Add MLPREFIX to packagename
Shubham Kulkarni (1):
tzdata: Upgrade to 2023d
Simone Weiß (2):
manuals: brief-yoctoprojectqs: align variable order with default local.conf
patchtest: Add test for deprecated CVE_CHECK_IGNORE
Soumya Sambu (1):
ncurses: Fix - tty is hung after reset
Sundeep KOKKONDA (1):
rust: rustdoc reproducibility issue fix - disable PGO
Tim Orling (12):
python3-bcrypt: upgrade 4.0.1 -> 4.1.1
python3-pygments: upgrade 2.16.1 -> 2.17.2
recipetool: pypi: do not clobber SRC_URI checksums
python3-setuptools-rust: BBCLASSEXTEND + nativesdk
python3-maturin: add v1.4.0
python3-maturin: bzip2-sys reproduciblility
classes-recipe: add python_maturin.bbclass
recipetool: add python_maturin support
oe-selfest: add maturn runtime (testimage) test
oeqa: add simple 'maturin' SDK (testsdk) test case
oeqa: add "maturin develop" SDK test case
oeqa: add runtime 'maturin develop' test case
Tom Rini (1):
inetutils: Update to the 2.5 release
Trevor Gamblin (1):
scripts/runqemu: fix regex escape sequences
Victor Kamensky (5):
systemtap: upgrade 4.9 -> 5.0
systemtap: do not install uprobes and uprobes sources
systemtap-uprobes: removed as obsolete
systemtap: explicit handling debuginfod library dependency
systemtap: fix libdebuginfod auto detection logic
Vijay Anusuri (1):
avahi: backport CVE-2023-1981 & CVE's follow-up patches
Viswanath Kraleti (2):
image-uefi.conf: Add EFI_UKI_PATH variable
systemd-boot: Add recipe to compile native
Wang Mingyu (38):
kbd: upgrade 2.6.3 -> 2.6.4
libatomic-ops: upgrade 7.8.0 -> 7.8.2
libnl: upgrade 3.8.0 -> 3.9.0
libseccomp: upgrade 2.5.4 -> 2.5.5
libva-utils: upgrade 2.20.0 -> 2.20.1
dnf: upgrade 4.18.1 -> 4.18.2
gpgme: upgrade 1.23.1 -> 1.23.2
kea: upgrade 2.4.0 -> 2.4.1
opkg-utils: upgrade 0.6.2 -> 0.6.3
repo: upgrade 2.39 -> 2.40
sysstat: upgrade 12.7.4 -> 12.7.5
p11-kit: upgrade 0.25.2 -> 0.25.3
python3-babel: upgrade 2.13.1 -> 2.14.0
python3-dbusmock: upgrade 0.29.1 -> 0.30.0
python3-hatchling: upgrade 1.18.0 -> 1.20.0
python3-hypothesis: upgrade 6.90.0 -> 6.92.1
python3-importlib-metadata: upgrade 6.8.0 -> 7.0.0
python3-license-expression: upgrade 30.1.1 -> 30.2.0
python3-pathspec: upgrade 0.11.2 -> 0.12.1
python3-pip: upgrade 23.3.1 -> 23.3.2
python3-psutil: upgrade 5.9.6 -> 5.9.7
python3-pytest-runner: upgrade 6.0.0 -> 6.0.1
python3-trove-classifiers: upgrade 2023.11.22 -> 2023.11.29
python3-typing-extensions: upgrade 4.8.0 -> 4.9.0
python3-wcwidth: upgrade 0.2.11 -> 0.2.12
ttyrun: upgrade 2.29.0 -> 2.30.0
xwayland: upgrade 23.2.2 -> 23.2.3
diffoscope: upgrade 252 -> 253
iputils: upgrade 20221126 -> 20231222
gstreamer1.0: upgrade 1.22.7 -> 1.22.8
dhcpcd: upgrade 10.0.5 -> 10.0.6
fontconfig: upgrade 2.14.2 -> 2.15.0
python3-setuptools: upgrade 69.0.2 -> 69.0.3
python3-dbusmock: upgrade 0.30.0 -> 0.30.1
python3-hatchling: upgrade 1.20.0 -> 1.21.0
python3-importlib-metadata: upgrade 7.0.0 -> 7.0.1
python3-lxml: upgrade 4.9.3 -> 4.9.4
aspell: upgrade 0.60.8 -> 0.60.8.1
Yash Shinde (1):
rust: Disable rust oe-selftest
Yi Zhao (3):
json-glib: upgrade 1.6.6 -> 1.8.0
psplash: upgrade to latest revision
debianutils: upgrade 5.14 -> 5.15
Yoann Congal (2):
lib/oe/patch: handle creating patches for CRLF sources
strace: Disable bluetooth support by default
Zang Ruochen (2):
ell: upgrade 0.60 -> 0.61
musl: add typedefs for Elf64_Relr and Elf32_Relr
Zoltan Boszormenyi (1):
update_gtk_icon_cache: Fix for GTK4-only builds
venkata pyla (1):
wic: use E2FSPROGS_FAKE_TIME and hash_seed to generate reproducible ext4 images
meta-openembedded: 5ad7203f68..7d8115d550:
Alex Kiernan (7):
mdns: Fix HOMEPAGE URL
mbedtls: Upgrade 3.5.0 -> 3.5.1
c-ares: Upgrade 1.22.1 -> 1.24.0
mdns: Upgrade 2200.40.37.0.1 -> 2200.60.25.0.4
c-ares: Move to tarballs, add ptest and static support
thin-provisioning-tools: Upgrade 1.0.4 -> 1.0.9
bearssl: Upgrade to latest
Alexander Kanavin (29):
python3-pyinotify: remove as unmaintained
python3-supervisor: do not rely on smtpd module
python3-meld3: do not rely on smtpd module
python3-m2crypto: do not rely on smtpd module
python3-uinput: remove as unmaintained
python3-mcrypto: rely on setuptools for distutils copy
python3-joblib: do not rely in distutils
python3-web3: remove distutils dependency
python3-cppy: remove unused distutils dependency
python3-pyroute2: remove unused distutils dependency
python3-eventlet: backport a patch to remove distutils dependency
python3-unoconv: rely on setuptools to obtain distutils copy
python3-astroid: remove unneeded distutils dependency
python3-django: remove unneeded distutils dependency
python3-pillow: remove unneeded distutils dependency
python3-grpcio: update 1.56.2 -> 1.59.3
gstd: correctly delete files in do_install
libplist: fix python 3.12 compatibility
libcamera: skip until upstream resolves python 3.12 compatibility
nodejs: backport (partially) python 3.12 support
nodejs: backport (partially) python 3.12 support
polkit: remove long obsolete 0.119 version
mozjs-115: split the way-too-long PYTHONPATH line
polkit: update mozjs dependency 102 -> 115
mozjs-115: backport py 3.12 compatibility
mozjs-102: remove the recipe
gthumb: update 3.12.2 -> 3.12.4
flatpak: do not rely on executables from the host
bolt: package systemd units
Archana Polampalli (1):
cjson: upgrade 1.7.16 -> 1.7.17
Bruce Ashfield (1):
zfs: update to 2.2.2
Changqing Li (2):
postgresql: upgrade 15.4 -> 15.5
redis: upgrade 6.2.13 -> 6.2.14
Derek Straka (70):
python3-greenlet: update to version 3.0.2
python3-ujson: update to version 5.9.0
python3-termcolor: update to version 2.4.0
python3-cmake: update to version 3.28.0
python3-pint: upgrade to 0.23
python3-gnupg: update to 0.5.2
python3-pyzmq: update to 25.1.2
python3-tox: update to version 4.11.4
python3-olefile: update to version 0.47
python3-distlib: update to version 0.3.8
python3-colorlog: update to version 6.8.0
python3-pymongo: update version to 4.6.1
python3-bandit: update to version 1.7.6
python3-gmqtt: update to version 0.6.13
python3-portion: update to version 2.4.2
python3-prompt-toolkit: update to version 3.0.43
python3-asyncinotify: update to version 4.0.4
python3-bitstring: update to version 4.1.4
python3-ipython: update to version 8.18.1
nginx: update versions for both the stable branch and mainline
python3-portalocker: update to version 2.8.2
python3-astroid: update to version 3.0.2
python3-alembic: update to version 1.13.1
python3-pymisp: update to verion 2.4.182
python3-ninja: update to version 1.11.1.1
python3-coverage: update to version 7.3.4
python3-pdm: update to version 2.11.1
python3-paramiko: update to version 3.4.0
python3-zeroconf: update to version 0.131.0
python3-wtforms: update to version 3.1.1
python3-isort: update to version 5.13.2
python3-protobuf: update to version 4.25.1
python3-lazy-object-proxy: update to version 1.10.0
python3-cantools: update to version 39.4.0
python3-sentry-sdk: update to version 1.39.1
python3-xmlschema: update to version 2.5.1
python3-apiflask: update to version 2.1.0
python3-rapidjson: update to version 1.14
python3-bitarray: update to version 2.9.0
python3-pyfanotify: update to version 0.2.2
python3-eventlet: update to version 0.34.1
python3-flask-wtf: update to version 1.2.1
python3-grpcio: update to version 1.60.0
python3-grpcio-tools: update to version 1.60.0
python3-cmake: update to version 3.28.1
python3-flask-sqlalchemy: fix upstream uri check
python3-wtforms: fix upstream uri and version check
gyp: update to the latest commit
python3-ipython-genutils: fix upstream uri and version check
python3-flask: fix upstream uri and version check
python3-wpa-supplicant: fix upstream uri and version check
python3-uswid: update to version 0.4.7
python3-flask-wtf: fix upstream uri and version check
python3-gspread: update to version 5.12.3
python3-pytest-html: update to version 4.1.1
python3-setuptools-scm-git-archive: remove obsolete package
python3-pyroute2: update to version 0.7.10
python3-constantly: update to version 23.10.4
python3-mypy: update to version 1.8.0
python3-flask-jwt-extended: update to version 4.6.0
python3-greenlet: update to version 3.0.3
python3-web3: update to version 6.13.0
python3-parse: update to version 1.20.0
python3-kmod: add comment about update to version 0.9.2
python3-engineio: update to version 4.8.1
python3-sqlalchemy: update to version 2.0.24
python3-pdm-backend: update to version 2.1.8
python3-cantools: update to version 39.4.1
python3-argh: update to version 0.30.5
python3-dominate: update to version 2.9.1
Dmitry Baryshkov (2):
android-tools: remove two Debianisms
networkmanager: drop libnewt dependency
Frederic Martinsons (3):
crash: factorize recipe with inc file to prepare cross-canadian version
crash: add cross canadian version
crash: update to 8.0.4
Jan Vermaete (1):
netdata: added Python as rdepends
Jean-Marc BOUCHE (1):
terminus-font: build compressed archives with -n
Jose Quaresma (1):
ostree: Upgrade 2023.7 -> 2023.8
Joshua Watt (1):
redis: Create state directory in systemd service
Jörg Sommer (1):
i2cdev: New recipe with i2c tools
Kai Kang (1):
lvm2: 2.03.16 -> 2.03.22
Khem Raj (3):
Revert "nodejs: backport (partially) python 3.12 support"
Revert "libcamera: skip until upstream resolves python 3.12 compatibility"
libcamera: Fix build with python 3.12
Leon Anavi (11):
sip: Upgrade 6.7.12 -> 6.8.0
python3-expandvars: add recipe
python3-frozenlist: upgrade 1.4.0 -> 1.4.1
python3-yarl: upgrade 1.9.2 -> 1.9.4
python3-coverage: upgrade 7.3.2 -> 7.3.3
python3-cycler: upgrade 0.11.0 -> 0.12.1
python3-aiohue: upgrade 4.6.2 -> 4.7.0
python3-sdbus: upgrade 0.11.0 -> 0.11.1
python3-zeroconf: upgrade 0.128.4 -> 0.130.0
python3-dominate: upgrade 2.8.0 -> 2.9.0
python3-rlp: upgrade 3.0.0 -> 4.0.0
Marek Vasut (1):
faad2: Upgrade 2.10.0 -> 2.11.1
Markus Volk (3):
wireplumber: update 0.4.15 -> 0.4.17
tracker: dont inherit gsettings
gnome-software: update 45.1 -> 45.2
Martin Jansa (4):
monocypher: pass LIBDIR to fix installed-vs-shipped QA issue with multilib
rygel: fix build with gtk+3 PACKAGECONFIG disabled
rygel: add x11 to DISTRO_FEATURES
driverctl: fix installed-vs-shipped
Meenali Gupta (1):
nginx: upgrade 1.25.2 -> 1.25.3
Mingli Yu (2):
mariadb: Upgrade to 10.11.6
tk: Remove buildpath issue
Nathan BRIENT (1):
cyaml: new recipe
Niko Mauno (1):
pkcs11-provider: Add recipe
Ny Antra Ranaivoarison (1):
python3-click-spinner: backport patch that fixes deprecated methods
Patrick Wicki (1):
poco: upgrade 1.12.4 -> 1.12.5p2
Petr Chernikov (1):
abseil-cpp: remove -Dcmake_cxx_standard=14 flag from extra_oecmake
Robert Yang (1):
minifi-cpp: Fix do_configure error builder aarch64
Ross Burton (13):
Remove unused SRC_DISTRIBUTE_LICENSES
gspell: inherit gtk-doc
gspell: update DEPENDS, switch iso-codes for icu
librest: remove spurious build dependencies
librest: inherit gtk-doc
keybinder: use autotools-brokensep instead of setting B
keybinder: disable gtk-doc documentation
gtksourceview3: remove obsolete DEPENDS
libgsf: remove obsolete DEPENDS
evolution-data-server: remove obsolete intltool DEPENDS
php: remove lemon-native build dependency
lemon: upgrade to 3.44.2
renderdoc: no need to depend on vim-native
Samuli Piippo (1):
jasper: enable opengl only wih x11
Theodore A. Roth (1):
python3-flask-sqlalchemy: upgrade 2.5.1 -> 3.1.1
Thomas Perrot (2):
networkmanager: add missing modemmanager rdepends
networkmanager: fix some missing pkgconfig
Tim Orling (8):
python3-pydantic-core: add v2.14.5
python3-annotated-types: add v0.6.0
python3-pydantic: fix RDEPENDS
python3-dirty-equals: add v0.7.1
python3-pydantic-core: enable ptest
python3-cloudpickle: add v3.0.0
python3-pydantic: enable ptest
python3-yappi: upgrade 1.4.0 -> 1.6.0; fix ptests
Wang Mingyu (61):
python3-alembic: upgrade 1.12.1 -> 1.13.0
python3-ansi2html: upgrade 1.8.0 -> 1.9.1
python3-argcomplete: upgrade 3.1.6 -> 3.2.1
python3-dbus-fast: upgrade 2.15.0 -> 2.21.0
python3-django: upgrade 4.2.7 -> 5.0
python3-flask-restx: upgrade 1.2.0 -> 1.3.0
python3-google-api-core: upgrade 2.14.0 -> 2.15.0
python3-google-api-python-client: upgrade 2.108.0 -> 2.111.0
python3-googleapis-common-protos: upgrade 1.61.0 -> 1.62.0
python3-google-auth: upgrade 2.23.4 -> 2.25.2
python3-imageio: upgrade 2.33.0 -> 2.33.1
python3-isort: upgrade 5.12.0 -> 5.13.1
python3-path: upgrade 16.7.1 -> 16.9.0
python3-platformdirs: upgrade 4.0.0 -> 4.1.0
python3-pytest-asyncio: upgrade 0.22.0 -> 0.23.2
python3-sentry-sdk: upgrade 1.37.1 -> 1.39.0
python3-bitarray: upgrade 2.8.3 -> 2.8.5
python3-eth-keyfile: upgrade 0.6.1 -> 0.7.0
python3-eth-rlp: upgrade 0.3.0 -> 1.0.0
python3-fastnumbers: upgrade 5.0.1 -> 5.1.0
python3-pylint: upgrade 3.0.2 -> 3.0.3
python3-tornado: upgrade 6.3.3 -> 6.4
python3-traitlets: upgrade 5.13.0 -> 5.14.0
python3-types-setuptools: upgrade 68.2.0.2 -> 69.0.0.0
python3-virtualenv: upgrade 20.24.7 -> 20.25.0
python3-web3: upgrade 6.11.3 -> 6.12.0
python3-websocket-client: upgrade 1.6.4 -> 1.7.0
python3-zeroconf: upgrade 0.127.0 -> 0.128.4
ctags: upgrade 6.0.20231126.0 -> 6.0.20231210.0
gensio: upgrade 2.8.0 -> 2.8.2
hwdata: upgrade 0.376 -> 0.377
lvgl: upgrade 8.3.10 -> 8.3.11
gjs: upgrade 1.78.0 -> 1.78.1
ifenslave: upgrade 2.13 -> 2.14
libei: upgrade 1.1.0 -> 1.2.0
pkcs11-helper: upgrade 1.29.0 -> 1.30.0
strongswan: upgrade 5.9.12 -> 5.9.13
webkitgtk3: upgrade 2.42.2 -> 2.42.3
sip: upgrade 6.8.0 -> 6.8.1
paho-mqtt-cpp: upgrade 1.3.1 -> 1.3.2
dbus-cxx: upgrade 2.4.0 -> 2.5.0
exiftool: upgrade 12.70 -> 12.71
uftp: upgrade 5.0.2 -> 5.0.3
ctags: upgrade 6.0.20231210.0 -> 6.0.20231224.0
jasper: Fix install conflict when enable multilib.
jq: upgrade 1.7 -> 1.7.1
libmbim: upgrade 1.31.1 -> 1.31.2
libqmi: upgrade 1.34.0 -> 1.35.1
opencl-headers: upgrade 2023.04.17 -> 2023.12.14
valijson: upgrade 1.0.1 -> 1.0.2
python3-apispec: upgrade 6.3.0 -> 6.3.1
python3-asyncinotify: upgrade 4.0.4 -> 4.0.5
python3-bitarray: upgrade 2.9.0 -> 2.9.1
python3-cassandra-driver: upgrade 3.28.0 -> 3.29.0
python3-ipython: upgrade 8.18.1 -> 8.19.0
python3-pydantic: upgrade 2.5.2 -> 2.5.3
python3-regex: upgrade 2023.10.3 -> 2023.12.25
opencl-icd-loader: upgrade 2023.04.17 -> 2023.12.14
python3-distro: upgrade 1.8.0 -> 1.9.0
zchunk: upgrade 1.3.2 -> 1.4.0
python3-eventlet: upgrade 0.34.1 -> 0.34.2
William Lyu (1):
networkmanager: Improved SUMMARY and added DESCRIPTION
Xiangyu Chen (1):
layer.conf: add libbpf to NON_MULTILIB_RECIPES
Yi Zhao (2):
open-vm-tools: upgrade 12.1.5 -> 12.3.5
samba: upgrade 4.18.8 -> 4.18.9
Zoltán Böszörményi (2):
mutter: Make gnome-desktop and libcanberra dependencies optional
zenity: Upgrade to 4.0.0
alperak (29):
jasper: upgrade 2.0.33 -> 4.1.1
xcursorgen: upgrade 1.0.7 -> 1.0.8
xstdcmap: upgrade 1.0.4 -> 1.0.5
xlsclients: upgrade 1.1.4 -> 1.1.5
xlsatoms: upgrade 1.1.3 -> 1.1.4
xkbevd: upgrade 1.1.4 -> 1.1.5
xgamma: upgrade 1.0.6 -> 1.0.7
sessreg: upgrade 1.1.2 -> 1.1.3
xbitmaps: upgrade 1.1.2 -> 1.1.3
xcursor-themes: add recipe
xorg-docs: add recipe
xorg-sgml-doctools: update summary depends and inc file
xf86-video-ati: upgrade 19.1.0 -> 22.0.0
xf86-input-void: upgrade 1.4.1 -> 1.4.2
libxaw: upgrade 1.0.14 -> 1.0.15
xf86-video-mga: upgrade 2.0.0 -> 2.0.1
snappy: upgrade 1.1.9 -> 1.1.10
xsetroot: upgrade 1.1.2 -> 1.1.3
libbytesize: Removed unnecessary setting of B
libmxml: use autotools-brokensep instead of setting B
libsombok3: use autotools-brokensep instead of setting B
pgpool2: use autotools-brokensep instead of setting B
qpdf: upgrade 11.6.3 -> 11.6.4
cpprest: upgrade 2.10.18 -> 2.10.19
avro-c: upgrade 1.11.2 -> 1.11.3
dool: upgrade 1.1.0 -> 1.3.1
driverctl: upgrade 0.111 -> 0.115
hstr: upgrade 2.5.0 -> 3.1.0
libharu: upgrade 2.3.0 -> 2.4.4
meta-security: 070a1e82cc..b2e1511338:
Armin Kuster (6):
libgssglue: update to 0.8
python3-privacyidea: Update to 3.9.1
lynis: Update SRC_URI to improve updater
layers: Move READMEs to markdown format
arpwatch: adjust CONFIGURE params to allow to build again.
python3-pyinotify: fail2ban needs this module
Dawid Dabrowski (1):
libhoth recipe update
Erik Schilling (2):
dm-verity-img.bbclass: use bc-native
dm-verity-img.bbclass: remove IMAGE_NAME_SUFFIX
Mikko Rapeli (2):
tpm2-tss: support native builds
dm-verity-img.bbclass: add DM_VERITY_DEPLOY_DIR
Change-Id: I94d7f1ee5ff2da4555c05fbf63a1293ec8f249c2
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Diffstat (limited to 'poky/meta/recipes-connectivity')
31 files changed, 428 insertions, 995 deletions
diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb index 910da3c9cc..1f18d4491d 100644 --- a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -6,7 +6,7 @@ IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \ configuration from the link-local 169.254.0.0/16 range without the need for a central \ server.' HOMEPAGE = "http://avahi.org" -BUGTRACKER = "https://github.com/lathiat/avahi/issues" +BUGTRACKER = "https://github.com/avahi/avahi/issues" SECTION = "network" # major part is under LGPL-2.1-or-later, but several .dtd, .xsl, initscripts and @@ -26,15 +26,18 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ file://handle-hup.patch \ file://local-ping.patch \ file://invalid-service.patch \ - file://CVE-2023-38469.patch \ - file://CVE-2023-38470.patch \ - file://CVE-2023-38471.patch \ + file://CVE-2023-1981.patch \ + file://CVE-2023-38469-1.patch \ + file://CVE-2023-38469-2.patch \ + file://CVE-2023-38470-1.patch \ + file://CVE-2023-38470-2.patch \ + file://CVE-2023-38471-1.patch \ + file://CVE-2023-38471-2.patch \ file://CVE-2023-38472.patch \ file://CVE-2023-38473.patch \ " -GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/" -SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7" +GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda" CVE_STATUS[CVE-2021-26720] = "not-applicable-platform: Issue only affects Debian/SUSE" diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch new file mode 100644 index 0000000000..4d7924d13a --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch @@ -0,0 +1,58 @@ +From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> +Date: Thu, 17 Nov 2022 01:51:53 +0100 +Subject: [PATCH] Emit error if requested service is not found + +It currently just crashes instead of replying with error. Check return +value and emit error instead of passing NULL pointer to reply. + +Fixes #375 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f] +CVE: CVE-2023-1981 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c +index 70d7687bc..406d0b441 100644 +--- a/avahi-daemon/dbus-protocol.c ++++ b/avahi-daemon/dbus-protocol.c +@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM + } + + t = avahi_alternative_host_name(n); +- avahi_dbus_respond_string(c, m, t); +- avahi_free(t); ++ if (t) { ++ avahi_dbus_respond_string(c, m, t); ++ avahi_free(t); + +- return DBUS_HANDLER_RESULT_HANDLED; ++ return DBUS_HANDLER_RESULT_HANDLED; ++ } else { ++ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found"); ++ } + } + + static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) { +@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB + } + + t = avahi_alternative_service_name(n); +- avahi_dbus_respond_string(c, m, t); +- avahi_free(t); ++ if (t) { ++ avahi_dbus_respond_string(c, m, t); ++ avahi_free(t); + +- return DBUS_HANDLER_RESULT_HANDLED; ++ return DBUS_HANDLER_RESULT_HANDLED; ++ } else { ++ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found"); ++ } + } + + static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) { diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch index a078f66102..a078f66102 100644 --- a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch new file mode 100644 index 0000000000..f8f60ddca1 --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch @@ -0,0 +1,65 @@ +From c6cab87df290448a63323c8ca759baa516166237 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Wed, 25 Oct 2023 18:15:42 +0000 +Subject: [PATCH] tests: pass overly long TXT resource records + +to make sure they don't crash avahi any more. +It reproduces https://github.com/lathiat/avahi/issues/455 + +Canonical notes: +nickgalanis> removed first hunk since there is no .github dir in this release + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-2.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237] +CVE: CVE-2023-38469 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-client/client-test.c | 14 ++++++++++++++ + 1 files changed, 14 insertions(+) + +Index: avahi-0.8/avahi-client/client-test.c +=================================================================== +--- avahi-0.8.orig/avahi-client/client-test.c ++++ avahi-0.8/avahi-client/client-test.c +@@ -22,6 +22,7 @@ + #endif + + #include <stdio.h> ++#include <string.h> + #include <assert.h> + + #include <avahi-client/client.h> +@@ -33,6 +34,8 @@ + #include <avahi-common/malloc.h> + #include <avahi-common/timeval.h> + ++#include <avahi-core/dns.h> ++ + static const AvahiPoll *poll_api = NULL; + static AvahiSimplePoll *simple_poll = NULL; + +@@ -222,6 +225,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA + uint32_t cookie; + struct timeval tv; + AvahiAddress a; ++ uint8_t rdata[AVAHI_DNS_RDATA_MAX+1]; ++ AvahiStringList *txt = NULL; ++ int r; + + simple_poll = avahi_simple_poll_new(); + poll_api = avahi_simple_poll_get(simple_poll); +@@ -258,6 +264,14 @@ int main (AVAHI_GCC_UNUSED int argc, AVA + printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL))); + printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6)); + ++ memset(rdata, 1, sizeof(rdata)); ++ r = avahi_string_list_parse(rdata, sizeof(rdata), &txt); ++ assert(r >= 0); ++ assert(avahi_string_list_serialize(txt, NULL, 0) == sizeof(rdata)); ++ error = avahi_entry_group_add_service_strlst(group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", "_qotd._tcp", NULL, NULL, 123, txt); ++ assert(error == AVAHI_ERR_INVALID_RECORD); ++ avahi_string_list_free(txt); ++ + avahi_entry_group_commit (group); + + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch index 91f9e677ac..91f9e677ac 100644 --- a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch new file mode 100644 index 0000000000..e0736bf210 --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch @@ -0,0 +1,52 @@ +From 20dec84b2480821704258bc908e7b2bd2e883b24 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Tue, 19 Sep 2023 03:21:25 +0000 +Subject: [PATCH] [common] bail out when escaped labels can't fit into ret + +Fixes: +``` +==93410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f9e76f14c16 at pc 0x00000047208d bp 0x7ffee90a6a00 sp 0x7ffee90a61c8 +READ of size 1110 at 0x7f9e76f14c16 thread T0 + #0 0x47208c in __interceptor_strlen (out/fuzz-domain+0x47208c) (BuildId: 731b20c1eef22c2104e75a6496a399b10cfc7cba) + #1 0x534eb0 in avahi_strdup avahi/avahi-common/malloc.c:167:12 + #2 0x53862c in avahi_normalize_name_strdup avahi/avahi-common/domain.c:226:12 +``` +and +``` +fuzz-domain: fuzz/fuzz-domain.c:38: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `avahi_domain_equal(s, t)' failed. +==101571== ERROR: libFuzzer: deadly signal + #0 0x501175 in __sanitizer_print_stack_trace (/home/vagrant/avahi/out/fuzz-domain+0x501175) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) + #1 0x45ad2c in fuzzer::PrintStackTrace() (/home/vagrant/avahi/out/fuzz-domain+0x45ad2c) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) + #2 0x43fc07 in fuzzer::Fuzzer::CrashCallback() (/home/vagrant/avahi/out/fuzz-domain+0x43fc07) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) + #3 0x7f1581d7ebaf (/lib64/libc.so.6+0x3dbaf) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #4 0x7f1581dcf883 in __pthread_kill_implementation (/lib64/libc.so.6+0x8e883) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #5 0x7f1581d7eafd in gsignal (/lib64/libc.so.6+0x3dafd) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #6 0x7f1581d6787e in abort (/lib64/libc.so.6+0x2687e) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #7 0x7f1581d6779a in __assert_fail_base.cold (/lib64/libc.so.6+0x2679a) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #8 0x7f1581d77186 in __assert_fail (/lib64/libc.so.6+0x36186) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #9 0x5344a4 in LLVMFuzzerTestOneInput /home/vagrant/avahi/fuzz/fuzz-domain.c:38:9 +``` + +It's a follow-up to 94cb6489114636940ac683515417990b55b5d66c + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38470-2.patch?h=ubuntu/jammy-security +CVE: CVE-2023-38470 #Follow-up patch +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-common/domain.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: avahi-0.8/avahi-common/domain.c +=================================================================== +--- avahi-0.8.orig/avahi-common/domain.c ++++ avahi-0.8/avahi-common/domain.c +@@ -210,7 +210,8 @@ char *avahi_normalize_name(const char *s + } else + empty = 0; + +- avahi_escape_label(label, strlen(label), &r, &size); ++ if (!(avahi_escape_label(label, strlen(label), &r, &size))) ++ return NULL; + } + + return ret_s; diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch index b3f716495d..b3f716495d 100644 --- a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471.patch +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch new file mode 100644 index 0000000000..44737bfc2e --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch @@ -0,0 +1,52 @@ +From b675f70739f404342f7f78635d6e2dcd85a13460 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Tue, 24 Oct 2023 22:04:51 +0000 +Subject: [PATCH] core: return errors from avahi_server_set_host_name properly + +It's a follow-up to 894f085f402e023a98cbb6f5a3d117bd88d93b09 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-2.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460] +CVE: CVE-2023-38471 #Follow-up Patch +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-core/server.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +Index: avahi-0.8/avahi-core/server.c +=================================================================== +--- avahi-0.8.orig/avahi-core/server.c ++++ avahi-0.8/avahi-core/server.c +@@ -1309,10 +1309,13 @@ int avahi_server_set_host_name(AvahiServ + else + hn = avahi_normalize_name_strdup(host_name); + ++ if (!hn) ++ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); ++ + h = hn; + if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { + avahi_free(h); +- return AVAHI_ERR_INVALID_HOST_NAME; ++ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); + } + + avahi_free(h); +@@ -1320,7 +1323,7 @@ int avahi_server_set_host_name(AvahiServ + h = label_escaped; + len = sizeof(label_escaped); + if (!avahi_escape_label(label, strlen(label), &h, &len)) +- return AVAHI_ERR_INVALID_HOST_NAME; ++ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); + + if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) + return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); +@@ -1330,7 +1333,7 @@ int avahi_server_set_host_name(AvahiServ + avahi_free(s->host_name); + s->host_name = avahi_strdup(label_escaped); + if (!s->host_name) +- return AVAHI_ERR_NO_MEMORY; ++ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); + + update_fqdn(s); + diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch index a1de8e2a5a..85dbded73b 100644 --- a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch +++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch @@ -1,46 +1,46 @@ -From 8cf606779dc356768afc6b70e53f2808a9655143 Mon Sep 17 00:00:00 2001 +From b024ae5749f4aeba03478e6391687c3c9c8dee40 Mon Sep 17 00:00:00 2001 From: Michal Sekletar <msekleta@redhat.com> Date: Thu, 19 Oct 2023 17:36:44 +0200 -Subject: [PATCH] avahi: core: make sure there is rdata to process before - parsing it +Subject: [PATCH] core: make sure there is rdata to process before parsing it Fixes #452 -Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40] -CVE: CVE-2023-38472 +CVE-2023-38472 +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38472.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40] +CVE: CVE-2023-38472 Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> --- avahi-client/client-test.c | 3 +++ avahi-daemon/dbus-entry-group.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) -diff --git a/avahi-client/client-test.c b/avahi-client/client-test.c -index 7d04a6a..57750a4 100644 ---- a/avahi-client/client-test.c -+++ b/avahi-client/client-test.c -@@ -258,6 +258,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { - printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL))); - printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6)); - +Index: avahi-0.8/avahi-client/client-test.c +=================================================================== +--- avahi-0.8.orig/avahi-client/client-test.c ++++ avahi-0.8/avahi-client/client-test.c +@@ -272,6 +272,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA + assert(error == AVAHI_ERR_INVALID_RECORD); + avahi_string_list_free(txt); + + error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0); + assert(error != AVAHI_OK); + avahi_entry_group_commit (group); - + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); -diff --git a/avahi-daemon/dbus-entry-group.c b/avahi-daemon/dbus-entry-group.c -index 4e879a5..aa23d4b 100644 ---- a/avahi-daemon/dbus-entry-group.c -+++ b/avahi-daemon/dbus-entry-group.c -@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_group_impl(DBusConnection *c, DBusMessage +Index: avahi-0.8/avahi-daemon/dbus-entry-group.c +=================================================================== +--- avahi-0.8.orig/avahi-daemon/dbus-entry-group.c ++++ avahi-0.8/avahi-daemon/dbus-entry-group.c +@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_g if (!(r = avahi_record_new_full (name, clazz, type, ttl))) return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL); - + - if (avahi_rdata_parse (r, rdata, size) < 0) { + if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) { avahi_record_unref (r); return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL); } --- -2.40.0 diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index a23e4e58a6..e10158a6e5 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -55,7 +55,6 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ file://0001-test-gatt-Fix-hung-issue.patch \ file://0004-src-shared-util.c-include-linux-limits.h.patch \ - file://0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch index 06ebf1cde6..3546c7c305 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch @@ -1,4 +1,4 @@ -From 7dcc5f46a31ac4eaa67c0ab3aaae38005db7458f Mon Sep 17 00:00:00 2001 +From e8808a2f5e17d375411c7409eaffb17e72f65022 Mon Sep 17 00:00:00 2001 From: Mingli Yu <Mingli.Yu@windriver.com> Date: Fri, 24 Aug 2018 12:04:03 +0800 Subject: [PATCH] test-gatt: Fix hung issue diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch index 7c47cc1a1e..be05093551 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch @@ -1,4 +1,4 @@ -From a657fddd13a2e756b0af315301f1c44081e2f668 Mon Sep 17 00:00:00 2001 +From 3724958858b0ee430f37fb83388c3737d2039a3a Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Fri, 1 Apr 2016 17:07:34 +0300 Subject: [PATCH] tests: add a target for building tests without running them @@ -11,10 +11,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 3 insertions(+) diff --git a/Makefile.am b/Makefile.am -index 7041f8e..25966cd 100644 +index e7221bd..9595fd1 100644 --- a/Makefile.am +++ b/Makefile.am -@@ -594,6 +594,9 @@ endif +@@ -710,6 +710,9 @@ endif TESTS = $(unit_tests) AM_TESTS_ENVIRONMENT = MALLOC_CHECK_=3 MALLOC_PERTURB_=69 diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch deleted file mode 100644 index d0884338db..0000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch +++ /dev/null @@ -1,313 +0,0 @@ -From 3a9c637010f8dc1ba3e8382abe01065761d4f5bb Mon Sep 17 00:00:00 2001 -From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> -Date: Tue, 10 Oct 2023 12:38:29 -0700 -Subject: [PATCH 02/40] input: Fix .device_probe failing if SDP record is not - found - -Due to changes introduced by 67a26abe53bf -("profile: Add probe_on_discover flag") profiles may get probed when -their profile UUID are discovered, rather than resolved, which means -the SDP record may not be available. - -Fixes: https://github.com/bluez/bluez/issues/614 - -Upstream-Status: Backport [https://github.com/bluez/bluez/commit/3a9c637010f8dc1ba3e8382abe01065761d4f5bb] ---- - profiles/input/device.c | 182 +++++++++++++++++++--------------------- - 1 file changed, 84 insertions(+), 98 deletions(-) - -diff --git a/profiles/input/device.c b/profiles/input/device.c -index e2ac6ea60..4a50ea992 100644 ---- a/profiles/input/device.c -+++ b/profiles/input/device.c -@@ -60,7 +60,7 @@ struct input_device { - char *path; - bdaddr_t src; - bdaddr_t dst; -- uint32_t handle; -+ const sdp_record_t *rec; - GIOChannel *ctrl_io; - GIOChannel *intr_io; - guint ctrl_watch; -@@ -754,7 +754,8 @@ static void epox_endian_quirk(unsigned char *data, int size) - } - } - --static int create_hid_dev_name(sdp_record_t *rec, struct hidp_connadd_req *req) -+static int create_hid_dev_name(const sdp_record_t *rec, -+ struct hidp_connadd_req *req) - { - char sdesc[sizeof(req->name) / 2]; - -@@ -776,7 +777,7 @@ static int create_hid_dev_name(sdp_record_t *rec, struct hidp_connadd_req *req) - - /* See HID profile specification v1.0, "7.11.6 HIDDescriptorList" for details - * on the attribute format. */ --static int extract_hid_desc_data(sdp_record_t *rec, -+static int extract_hid_desc_data(const sdp_record_t *rec, - struct hidp_connadd_req *req) - { - sdp_data_t *d; -@@ -817,36 +818,40 @@ invalid_desc: - return -EINVAL; - } - --static int extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req) -+static int extract_hid_record(struct input_device *idev, -+ struct hidp_connadd_req *req) - { - sdp_data_t *pdlist; - uint8_t attr_val; - int err; - -- err = create_hid_dev_name(rec, req); -+ if (!idev->rec) -+ return -ENOENT; -+ -+ err = create_hid_dev_name(idev->rec, req); - if (err < 0) - DBG("No valid Service Name or Service Description found"); - -- pdlist = sdp_data_get(rec, SDP_ATTR_HID_PARSER_VERSION); -+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_PARSER_VERSION); - req->parser = pdlist ? pdlist->val.uint16 : 0x0100; - -- pdlist = sdp_data_get(rec, SDP_ATTR_HID_DEVICE_SUBCLASS); -+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_DEVICE_SUBCLASS); - req->subclass = pdlist ? pdlist->val.uint8 : 0; - -- pdlist = sdp_data_get(rec, SDP_ATTR_HID_COUNTRY_CODE); -+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_COUNTRY_CODE); - req->country = pdlist ? pdlist->val.uint8 : 0; - -- pdlist = sdp_data_get(rec, SDP_ATTR_HID_VIRTUAL_CABLE); -+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_VIRTUAL_CABLE); - attr_val = pdlist ? pdlist->val.uint8 : 0; - if (attr_val) - req->flags |= (1 << HIDP_VIRTUAL_CABLE_UNPLUG); - -- pdlist = sdp_data_get(rec, SDP_ATTR_HID_BOOT_DEVICE); -+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_BOOT_DEVICE); - attr_val = pdlist ? pdlist->val.uint8 : 0; - if (attr_val) - req->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); - -- err = extract_hid_desc_data(rec, req); -+ err = extract_hid_desc_data(idev->rec, req); - if (err < 0) - return err; - -@@ -1035,11 +1040,6 @@ static gboolean encrypt_notify(GIOChannel *io, GIOCondition condition, - static int hidp_add_connection(struct input_device *idev) - { - struct hidp_connadd_req *req; -- sdp_record_t *rec; -- char src_addr[18], dst_addr[18]; -- char filename[PATH_MAX]; -- GKeyFile *key_file; -- char handle[11], *str; - GError *gerr = NULL; - int err; - -@@ -1049,33 +1049,7 @@ static int hidp_add_connection(struct input_device *idev) - req->flags = 0; - req->idle_to = idle_timeout; - -- ba2str(&idev->src, src_addr); -- ba2str(&idev->dst, dst_addr); -- -- snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s", src_addr, -- dst_addr); -- sprintf(handle, "0x%8.8X", idev->handle); -- -- key_file = g_key_file_new(); -- if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) { -- error("Unable to load key file from %s: (%s)", filename, -- gerr->message); -- g_clear_error(&gerr); -- } -- str = g_key_file_get_string(key_file, "ServiceRecords", handle, NULL); -- g_key_file_free(key_file); -- -- if (!str) { -- error("Rejected connection from unknown device %s", dst_addr); -- err = -EPERM; -- goto cleanup; -- } -- -- rec = record_from_string(str); -- g_free(str); -- -- err = extract_hid_record(rec, req); -- sdp_record_free(rec); -+ err = extract_hid_record(idev, req); - if (err < 0) { - error("Could not parse HID SDP record: %s (%d)", strerror(-err), - -err); -@@ -1091,7 +1065,7 @@ static int hidp_add_connection(struct input_device *idev) - - /* Make sure the device is bonded if required */ - if (classic_bonded_only && !input_device_bonded(idev)) { -- error("Rejected connection from !bonded device %s", dst_addr); -+ error("Rejected connection from !bonded device %s", idev->path); - goto cleanup; - } - -@@ -1161,6 +1135,68 @@ static int connection_disconnect(struct input_device *idev, uint32_t flags) - return ioctl_disconnect(idev, flags); - } - -+static bool is_device_sdp_disable(const sdp_record_t *rec) -+{ -+ sdp_data_t *data; -+ -+ data = sdp_data_get(rec, SDP_ATTR_HID_SDP_DISABLE); -+ -+ return data && data->val.uint8; -+} -+ -+static enum reconnect_mode_t hid_reconnection_mode(bool reconnect_initiate, -+ bool normally_connectable) -+{ -+ if (!reconnect_initiate && !normally_connectable) -+ return RECONNECT_NONE; -+ else if (!reconnect_initiate && normally_connectable) -+ return RECONNECT_HOST; -+ else if (reconnect_initiate && !normally_connectable) -+ return RECONNECT_DEVICE; -+ else /* (reconnect_initiate && normally_connectable) */ -+ return RECONNECT_ANY; -+} -+ -+static void extract_hid_props(struct input_device *idev, -+ const sdp_record_t *rec) -+{ -+ /* Extract HID connectability */ -+ bool reconnect_initiate, normally_connectable; -+ sdp_data_t *pdlist; -+ -+ /* HIDNormallyConnectable is optional and assumed FALSE if not -+ * present. -+ */ -+ pdlist = sdp_data_get(rec, SDP_ATTR_HID_RECONNECT_INITIATE); -+ reconnect_initiate = pdlist ? pdlist->val.uint8 : TRUE; -+ -+ pdlist = sdp_data_get(rec, SDP_ATTR_HID_NORMALLY_CONNECTABLE); -+ normally_connectable = pdlist ? pdlist->val.uint8 : FALSE; -+ -+ /* Update local values */ -+ idev->reconnect_mode = -+ hid_reconnection_mode(reconnect_initiate, normally_connectable); -+} -+ -+static void input_device_update_rec(struct input_device *idev) -+{ -+ struct btd_profile *p = btd_service_get_profile(idev->service); -+ const sdp_record_t *rec; -+ -+ rec = btd_device_get_record(idev->device, p->remote_uuid); -+ if (!rec || idev->rec == rec) -+ return; -+ -+ idev->rec = rec; -+ idev->disable_sdp = is_device_sdp_disable(rec); -+ -+ /* Initialize device properties */ -+ extract_hid_props(idev, rec); -+ -+ if (idev->disable_sdp) -+ device_set_refresh_discovery(idev->device, false); -+} -+ - static int input_device_connected(struct input_device *idev) - { - int err; -@@ -1168,6 +1204,9 @@ static int input_device_connected(struct input_device *idev) - if (idev->intr_io == NULL || idev->ctrl_io == NULL) - return -ENOTCONN; - -+ /* Attempt to update SDP record if it had changed */ -+ input_device_update_rec(idev); -+ - err = hidp_add_connection(idev); - if (err < 0) - return err; -@@ -1411,74 +1450,21 @@ int input_device_disconnect(struct btd_service *service) - return 0; - } - --static bool is_device_sdp_disable(const sdp_record_t *rec) --{ -- sdp_data_t *data; -- -- data = sdp_data_get(rec, SDP_ATTR_HID_SDP_DISABLE); -- -- return data && data->val.uint8; --} -- --static enum reconnect_mode_t hid_reconnection_mode(bool reconnect_initiate, -- bool normally_connectable) --{ -- if (!reconnect_initiate && !normally_connectable) -- return RECONNECT_NONE; -- else if (!reconnect_initiate && normally_connectable) -- return RECONNECT_HOST; -- else if (reconnect_initiate && !normally_connectable) -- return RECONNECT_DEVICE; -- else /* (reconnect_initiate && normally_connectable) */ -- return RECONNECT_ANY; --} -- --static void extract_hid_props(struct input_device *idev, -- const sdp_record_t *rec) --{ -- /* Extract HID connectability */ -- bool reconnect_initiate, normally_connectable; -- sdp_data_t *pdlist; -- -- /* HIDNormallyConnectable is optional and assumed FALSE -- * if not present. */ -- pdlist = sdp_data_get(rec, SDP_ATTR_HID_RECONNECT_INITIATE); -- reconnect_initiate = pdlist ? pdlist->val.uint8 : TRUE; -- -- pdlist = sdp_data_get(rec, SDP_ATTR_HID_NORMALLY_CONNECTABLE); -- normally_connectable = pdlist ? pdlist->val.uint8 : FALSE; -- -- /* Update local values */ -- idev->reconnect_mode = -- hid_reconnection_mode(reconnect_initiate, normally_connectable); --} -- - static struct input_device *input_device_new(struct btd_service *service) - { - struct btd_device *device = btd_service_get_device(service); -- struct btd_profile *p = btd_service_get_profile(service); - const char *path = device_get_path(device); -- const sdp_record_t *rec = btd_device_get_record(device, p->remote_uuid); - struct btd_adapter *adapter = device_get_adapter(device); - struct input_device *idev; - -- if (!rec) -- return NULL; -- - idev = g_new0(struct input_device, 1); - bacpy(&idev->src, btd_adapter_get_address(adapter)); - bacpy(&idev->dst, device_get_address(device)); - idev->service = btd_service_ref(service); - idev->device = btd_device_ref(device); - idev->path = g_strdup(path); -- idev->handle = rec->handle; -- idev->disable_sdp = is_device_sdp_disable(rec); -- -- /* Initialize device properties */ -- extract_hid_props(idev, rec); - -- if (idev->disable_sdp) -- device_set_refresh_discovery(device, false); -+ input_device_update_rec(idev); - - return idev; - } --- -2.42.0 - diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch index f954f6dab2..6ef135327d 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch @@ -1,4 +1,4 @@ -From 51584158b9a2e58f3790f8a7387b5cf167eca88b Mon Sep 17 00:00:00 2001 +From ad069fadfcce2cf70f45b1c4a42665448675297e Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex@linutronix.de> Date: Mon, 12 Dec 2022 13:10:19 +0100 Subject: [PATCH] src/shared/util.c: include linux/limits.h @@ -8,15 +8,16 @@ systems such as those using musl. Upstream-Status: Submitted [to linux-bluetooth@vger.kernel.org,luiz.von.dentz@intel.com,frederic.danis@collabora.com] Signed-off-by: Alexander Kanavin <alex@linutronix.de> + --- src/shared/util.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/shared/util.c b/src/shared/util.c -index 0a0308c..1f61314 100644 +index 34491f4..412f3ad 100644 --- a/src/shared/util.c +++ b/src/shared/util.c -@@ -22,6 +22,7 @@ +@@ -23,6 +23,7 @@ #include <unistd.h> #include <dirent.h> #include <limits.h> diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.70.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.71.bb index 2e3b782e6e..b9bc3dd1b6 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.70.bb +++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.71.bb @@ -1,6 +1,6 @@ require bluez5.inc -SRC_URI[sha256sum] = "37e372e916955e144cb882f888e4be40898f10ae3b7c213ddcdd55ee9c009278" +SRC_URI[sha256sum] = "b828d418c93ced1f55b616fb5482cf01537440bfb34fbda1a564f3ece94735d8" CVE_STATUS[CVE-2020-24490] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes" diff --git a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.5.bb b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb index c2dee267ba..6bde9b1f51 100644 --- a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.5.bb +++ b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb @@ -17,7 +17,7 @@ SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=ma file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \ " -SRCREV = "6baf4df467aaae89b026a089122d155c6eec3f19" +SRCREV = "1c8ae59836fa87b4c63c598087f0460ec20ed862" S = "${WORKDIR}/git" inherit pkgconfig autotools-brokensep systemd useradd diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch index 12998aada4..461d04bd1d 100644 --- a/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch +++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch @@ -1,4 +1,4 @@ -From 4915a7e52fcea8fe283a842890a1e726b1e26b10 Mon Sep 17 00:00:00 2001 +From 5d5ba8a2b8010db6bee68bd712f829cb737c9ac1 Mon Sep 17 00:00:00 2001 From: Lei Maohui <leimaohui@fujitsu.com> Date: Fri, 10 Mar 2023 03:48:46 +0000 Subject: [PATCH] dhcpcd.8: Fix conflict error when enable multilib. @@ -24,15 +24,16 @@ versions. Upstream-Status: Inappropriate [oe specific] Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> + --- src/dhcpcd.8.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/dhcpcd.8.in b/src/dhcpcd.8.in -index bc6b3b5..791f2ba 100644 +index 93232840..09930a31 100644 --- a/src/dhcpcd.8.in +++ b/src/dhcpcd.8.in -@@ -821,7 +821,7 @@ Configuration file for dhcpcd. +@@ -824,7 +824,7 @@ Configuration file for dhcpcd. If you always use the same options, put them here. .It Pa @SCRIPT@ Bourne shell script that is run to configure or de-configure an interface. @@ -41,6 +42,3 @@ index bc6b3b5..791f2ba 100644 Linux .Pa /dev management modules. --- -2.34.1 - diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch index 37d2344438..c54942be4b 100644 --- a/poky/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch +++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch @@ -1,4 +1,4 @@ -From aa9e3982c1e75ad49945a62f5e262279c7a905a4 Mon Sep 17 00:00:00 2001 +From ec9fc4e6086e1dbe0ac2f94a8a088a571596a581 Mon Sep 17 00:00:00 2001 From: Stefano Cappa <stefano.cappa.ks89@gmail.com> Date: Sun, 13 Jan 2019 01:50:52 +0100 Subject: [PATCH] remove INCLUDEDIR to prevent build issues @@ -6,15 +6,16 @@ Subject: [PATCH] remove INCLUDEDIR to prevent build issues Upstream-Status: Pending Signed-off-by: Stefano Cappa <stefano.cappa.ks89@gmail.com> + --- configure | 5 ----- 1 file changed, 5 deletions(-) diff --git a/configure b/configure -index 6c81e0db..32dea2b4 100755 +index 5237b0e2..7220718b 100755 --- a/configure +++ b/configure -@@ -20,7 +20,6 @@ BUILD= +@@ -26,7 +26,6 @@ BUILD= HOST= HOSTCC= TARGET= @@ -22,7 +23,7 @@ index 6c81e0db..32dea2b4 100755 DEBUG= FORK= STATIC= -@@ -72,7 +71,6 @@ for x do +@@ -86,7 +85,6 @@ for x do --mandir) MANDIR=$var;; --datadir) DATADIR=$var;; --with-ccopts|CFLAGS) CFLAGS=$var;; @@ -30,7 +31,7 @@ index 6c81e0db..32dea2b4 100755 CC) CC=$var;; CPPFLAGS) CPPFLAGS=$var;; PKG_CONFIG) PKG_CONFIG=$var;; -@@ -309,9 +307,6 @@ if [ -n "$CPPFLAGS" ]; then +@@ -343,9 +341,6 @@ if [ -n "$CPPFLAGS" ]; then echo "CPPFLAGS=" >>$CONFIG_MK echo "CPPFLAGS+= $CPPFLAGS" >>$CONFIG_MK fi @@ -40,6 +41,3 @@ index 6c81e0db..32dea2b4 100755 if [ -n "$LDFLAGS" ]; then echo "LDFLAGS=" >>$CONFIG_MK echo "LDFLAGS+= $LDFLAGS" >>$CONFIG_MK --- -2.17.2 (Apple Git-113) - diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch deleted file mode 100644 index 70bd98897d..0000000000 --- a/poky/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch +++ /dev/null @@ -1,279 +0,0 @@ -From 703418fe9d2e3b1e8d594df5788d8001a8116265 Mon Sep 17 00:00:00 2001 -From: Jeffrey Bencteux <jeffbencteux@gmail.com> -Date: Fri, 30 Jun 2023 19:02:45 +0200 -Subject: [PATCH] CVE-2023-40303: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check - set*id() return values - -Several setuid(), setgid(), seteuid() and setguid() return values -were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially -leading to potential security issues. - -CVE: CVE-2023-40303 -Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6] -Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com> -Signed-off-by: Simon Josefsson <simon@josefsson.org> -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - ftpd/ftpd.c | 10 +++++++--- - src/rcp.c | 39 +++++++++++++++++++++++++++++++++------ - src/rlogin.c | 11 +++++++++-- - src/rsh.c | 25 +++++++++++++++++++++---- - src/rshd.c | 20 +++++++++++++++++--- - src/uucpd.c | 15 +++++++++++++-- - 6 files changed, 100 insertions(+), 20 deletions(-) - -diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c -index 92b2cca5..28dd523f 100644 ---- a/ftpd/ftpd.c -+++ b/ftpd/ftpd.c -@@ -862,7 +862,9 @@ end_login (struct credentials *pcred) - char *remotehost = pcred->remotehost; - int atype = pcred->auth_type; - -- seteuid ((uid_t) 0); -+ if (seteuid ((uid_t) 0) == -1) -+ _exit (EXIT_FAILURE); -+ - if (pcred->logged_in) - { - logwtmp_keep_open (ttyline, "", ""); -@@ -1151,7 +1153,8 @@ getdatasock (const char *mode) - - if (data >= 0) - return fdopen (data, mode); -- seteuid ((uid_t) 0); -+ if (seteuid ((uid_t) 0) == -1) -+ _exit (EXIT_FAILURE); - s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0); - if (s < 0) - goto bad; -@@ -1978,7 +1981,8 @@ passive (int epsv, int af) - else /* !AF_INET6 */ - ((struct sockaddr_in *) &pasv_addr)->sin_port = 0; - -- seteuid ((uid_t) 0); -+ if (seteuid ((uid_t) 0) == -1) -+ _exit (EXIT_FAILURE); - if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0) - { - if (seteuid ((uid_t) cred.uid)) -diff --git a/src/rcp.c b/src/rcp.c -index 75adb253..cdcf8500 100644 ---- a/src/rcp.c -+++ b/src/rcp.c -@@ -345,14 +345,23 @@ main (int argc, char *argv[]) - if (from_option) - { /* Follow "protocol", send data. */ - response (); -- setuid (userid); -+ -+ if (setuid (userid) == -1) -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -+ } -+ - source (argc, argv); - exit (errs); - } - - if (to_option) - { /* Receive data. */ -- setuid (userid); -+ if (setuid (userid) == -1) -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -+ } -+ - sink (argc, argv); - exit (errs); - } -@@ -537,7 +546,11 @@ toremote (char *targ, int argc, char *argv[]) - if (response () < 0) - exit (EXIT_FAILURE); - free (bp); -- setuid (userid); -+ -+ if (setuid (userid) == -1) -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -+ } - } - source (1, argv + i); - close (rem); -@@ -630,7 +643,12 @@ tolocal (int argc, char *argv[]) - ++errs; - continue; - } -- seteuid (userid); -+ -+ if (seteuid (userid) == -1) -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); -+ } -+ - #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT - sslen = sizeof (ss); - (void) getpeername (rem, (struct sockaddr *) &ss, &sslen); -@@ -643,7 +661,12 @@ tolocal (int argc, char *argv[]) - #endif - vect[0] = target; - sink (1, vect); -- seteuid (effuid); -+ -+ if (seteuid (effuid) == -1) -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); -+ } -+ - close (rem); - rem = -1; - #ifdef SHISHI -@@ -1441,7 +1464,11 @@ susystem (char *s, int userid) - return (127); - - case 0: -- setuid (userid); -+ if (setuid (userid) == -1) -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -+ } -+ - execl (PATH_BSHELL, "sh", "-c", s, NULL); - _exit (127); - } -diff --git a/src/rlogin.c b/src/rlogin.c -index aa6426fb..c543de0c 100644 ---- a/src/rlogin.c -+++ b/src/rlogin.c -@@ -647,8 +647,15 @@ try_connect: - /* Now change to the real user ID. We have to be set-user-ID root - to get the privileged port that rcmd () uses. We now want, however, - to run as the real user who invoked us. */ -- seteuid (uid); -- setuid (uid); -+ if (seteuid (uid) == -1) -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); -+ } -+ -+ if (setuid (uid) == -1) -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -+ } - - doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */ - -diff --git a/src/rsh.c b/src/rsh.c -index 2d622ca4..6f60667d 100644 ---- a/src/rsh.c -+++ b/src/rsh.c -@@ -276,8 +276,17 @@ main (int argc, char **argv) - { - if (asrsh) - *argv = (char *) "rlogin"; -- seteuid (getuid ()); -- setuid (getuid ()); -+ -+ if (seteuid (getuid ()) == -1) -+ { -+ error (EXIT_FAILURE, errno, "seteuid() failed"); -+ } -+ -+ if (setuid (getuid ()) == -1) -+ { -+ error (EXIT_FAILURE, errno, "setuid() failed"); -+ } -+ - execv (PATH_RLOGIN, argv); - error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN); - } -@@ -541,8 +550,16 @@ try_connect: - error (0, errno, "setsockopt DEBUG (ignored)"); - } - -- seteuid (uid); -- setuid (uid); -+ if (seteuid (uid) == -1) -+ { -+ error (EXIT_FAILURE, errno, "seteuid() failed"); -+ } -+ -+ if (setuid (uid) == -1) -+ { -+ error (EXIT_FAILURE, errno, "setuid() failed"); -+ } -+ - #ifdef HAVE_SIGACTION - sigemptyset (&sigs); - sigaddset (&sigs, SIGINT); -diff --git a/src/rshd.c b/src/rshd.c -index d1c0d0cd..707790e7 100644 ---- a/src/rshd.c -+++ b/src/rshd.c -@@ -1847,8 +1847,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) - pwd->pw_shell = PATH_BSHELL; - - /* Set the gid, then uid to become the user specified by "locuser" */ -- setegid ((gid_t) pwd->pw_gid); -- setgid ((gid_t) pwd->pw_gid); -+ if (setegid ((gid_t) pwd->pw_gid) == -1) -+ { -+ rshd_error ("Cannot drop privileges (setegid() failed)\n"); -+ exit (EXIT_FAILURE); -+ } -+ -+ if (setgid ((gid_t) pwd->pw_gid) == -1) -+ { -+ rshd_error ("Cannot drop privileges (setgid() failed)\n"); -+ exit (EXIT_FAILURE); -+ } -+ - #ifdef HAVE_INITGROUPS - initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */ - #endif -@@ -1870,7 +1880,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) - } - #endif /* WITH_PAM */ - -- setuid ((uid_t) pwd->pw_uid); -+ if (setuid ((uid_t) pwd->pw_uid) == -1) -+ { -+ rshd_error ("Cannot drop privileges (setuid() failed)\n"); -+ exit (EXIT_FAILURE); -+ } - - /* We'll execute the client's command in the home directory - * of locuser. Note, that the chdir must be executed after -diff --git a/src/uucpd.c b/src/uucpd.c -index 107589e1..29cfce35 100644 ---- a/src/uucpd.c -+++ b/src/uucpd.c -@@ -252,7 +252,12 @@ doit (struct sockaddr *sap, socklen_t salen) - snprintf (Username, sizeof (Username), "USER=%s", user); - snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user); - dologin (pw, sap, salen); -- setgid (pw->pw_gid); -+ -+ if (setgid (pw->pw_gid) == -1) -+ { -+ fprintf (stderr, "setgid() failed"); -+ return; -+ } - #ifdef HAVE_INITGROUPS - initgroups (pw->pw_name, pw->pw_gid); - #endif -@@ -261,7 +266,13 @@ doit (struct sockaddr *sap, socklen_t salen) - fprintf (stderr, "Login incorrect."); - return; - } -- setuid (pw->pw_uid); -+ -+ if (setuid (pw->pw_uid) == -1) -+ { -+ fprintf (stderr, "setuid() failed"); -+ return; -+ } -+ - execl (uucico_location, "uucico", NULL); - perror ("uucico server: execl"); - } diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch deleted file mode 100644 index 1b972aac29..0000000000 --- a/poky/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch +++ /dev/null @@ -1,253 +0,0 @@ -From 70fe022f9dac760eaece0228cad17e3d29a57fb8 Mon Sep 17 00:00:00 2001 -From: Simon Josefsson <simon@josefsson.org> -Date: Mon, 31 Jul 2023 13:59:05 +0200 -Subject: [PATCH] CVE-2023-40303: Indent changes in previous commit. - -CVE: CVE-2023-40303 -Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - src/rcp.c | 42 ++++++++++++++++++++++++------------------ - src/rlogin.c | 12 ++++++------ - src/rsh.c | 24 ++++++++++++------------ - src/rshd.c | 24 ++++++++++++------------ - src/uucpd.c | 16 ++++++++-------- - 5 files changed, 62 insertions(+), 56 deletions(-) - -diff --git a/src/rcp.c b/src/rcp.c -index cdcf8500..652f22e6 100644 ---- a/src/rcp.c -+++ b/src/rcp.c -@@ -347,9 +347,10 @@ main (int argc, char *argv[]) - response (); - - if (setuid (userid) == -1) -- { -- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -- } -+ { -+ error (EXIT_FAILURE, 0, -+ "Could not drop privileges (setuid() failed)"); -+ } - - source (argc, argv); - exit (errs); -@@ -358,9 +359,10 @@ main (int argc, char *argv[]) - if (to_option) - { /* Receive data. */ - if (setuid (userid) == -1) -- { -- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -- } -+ { -+ error (EXIT_FAILURE, 0, -+ "Could not drop privileges (setuid() failed)"); -+ } - - sink (argc, argv); - exit (errs); -@@ -548,9 +550,10 @@ toremote (char *targ, int argc, char *argv[]) - free (bp); - - if (setuid (userid) == -1) -- { -- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -- } -+ { -+ error (EXIT_FAILURE, 0, -+ "Could not drop privileges (setuid() failed)"); -+ } - } - source (1, argv + i); - close (rem); -@@ -645,9 +648,10 @@ tolocal (int argc, char *argv[]) - } - - if (seteuid (userid) == -1) -- { -- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); -- } -+ { -+ error (EXIT_FAILURE, 0, -+ "Could not drop privileges (seteuid() failed)"); -+ } - - #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT - sslen = sizeof (ss); -@@ -663,9 +667,10 @@ tolocal (int argc, char *argv[]) - sink (1, vect); - - if (seteuid (effuid) == -1) -- { -- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); -- } -+ { -+ error (EXIT_FAILURE, 0, -+ "Could not drop privileges (seteuid() failed)"); -+ } - - close (rem); - rem = -1; -@@ -1465,9 +1470,10 @@ susystem (char *s, int userid) - - case 0: - if (setuid (userid) == -1) -- { -- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -- } -+ { -+ error (EXIT_FAILURE, 0, -+ "Could not drop privileges (setuid() failed)"); -+ } - - execl (PATH_BSHELL, "sh", "-c", s, NULL); - _exit (127); -diff --git a/src/rlogin.c b/src/rlogin.c -index c543de0c..4360202f 100644 ---- a/src/rlogin.c -+++ b/src/rlogin.c -@@ -648,14 +648,14 @@ try_connect: - to get the privileged port that rcmd () uses. We now want, however, - to run as the real user who invoked us. */ - if (seteuid (uid) == -1) -- { -- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); -- } -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); -+ } - - if (setuid (uid) == -1) -- { -- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -- } -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -+ } - - doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */ - -diff --git a/src/rsh.c b/src/rsh.c -index 6f60667d..179b47cd 100644 ---- a/src/rsh.c -+++ b/src/rsh.c -@@ -278,14 +278,14 @@ main (int argc, char **argv) - *argv = (char *) "rlogin"; - - if (seteuid (getuid ()) == -1) -- { -- error (EXIT_FAILURE, errno, "seteuid() failed"); -- } -+ { -+ error (EXIT_FAILURE, errno, "seteuid() failed"); -+ } - - if (setuid (getuid ()) == -1) -- { -- error (EXIT_FAILURE, errno, "setuid() failed"); -- } -+ { -+ error (EXIT_FAILURE, errno, "setuid() failed"); -+ } - - execv (PATH_RLOGIN, argv); - error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN); -@@ -551,14 +551,14 @@ try_connect: - } - - if (seteuid (uid) == -1) -- { -- error (EXIT_FAILURE, errno, "seteuid() failed"); -- } -+ { -+ error (EXIT_FAILURE, errno, "seteuid() failed"); -+ } - - if (setuid (uid) == -1) -- { -- error (EXIT_FAILURE, errno, "setuid() failed"); -- } -+ { -+ error (EXIT_FAILURE, errno, "setuid() failed"); -+ } - - #ifdef HAVE_SIGACTION - sigemptyset (&sigs); -diff --git a/src/rshd.c b/src/rshd.c -index 707790e7..3a153a18 100644 ---- a/src/rshd.c -+++ b/src/rshd.c -@@ -1848,16 +1848,16 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) - - /* Set the gid, then uid to become the user specified by "locuser" */ - if (setegid ((gid_t) pwd->pw_gid) == -1) -- { -- rshd_error ("Cannot drop privileges (setegid() failed)\n"); -- exit (EXIT_FAILURE); -- } -+ { -+ rshd_error ("Cannot drop privileges (setegid() failed)\n"); -+ exit (EXIT_FAILURE); -+ } - - if (setgid ((gid_t) pwd->pw_gid) == -1) -- { -- rshd_error ("Cannot drop privileges (setgid() failed)\n"); -- exit (EXIT_FAILURE); -- } -+ { -+ rshd_error ("Cannot drop privileges (setgid() failed)\n"); -+ exit (EXIT_FAILURE); -+ } - - #ifdef HAVE_INITGROUPS - initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */ -@@ -1881,10 +1881,10 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) - #endif /* WITH_PAM */ - - if (setuid ((uid_t) pwd->pw_uid) == -1) -- { -- rshd_error ("Cannot drop privileges (setuid() failed)\n"); -- exit (EXIT_FAILURE); -- } -+ { -+ rshd_error ("Cannot drop privileges (setuid() failed)\n"); -+ exit (EXIT_FAILURE); -+ } - - /* We'll execute the client's command in the home directory - * of locuser. Note, that the chdir must be executed after -diff --git a/src/uucpd.c b/src/uucpd.c -index 29cfce35..fde7b9c9 100644 ---- a/src/uucpd.c -+++ b/src/uucpd.c -@@ -254,10 +254,10 @@ doit (struct sockaddr *sap, socklen_t salen) - dologin (pw, sap, salen); - - if (setgid (pw->pw_gid) == -1) -- { -- fprintf (stderr, "setgid() failed"); -- return; -- } -+ { -+ fprintf (stderr, "setgid() failed"); -+ return; -+ } - #ifdef HAVE_INITGROUPS - initgroups (pw->pw_name, pw->pw_gid); - #endif -@@ -268,10 +268,10 @@ doit (struct sockaddr *sap, socklen_t salen) - } - - if (setuid (pw->pw_uid) == -1) -- { -- fprintf (stderr, "setuid() failed"); -- return; -- } -+ { -+ fprintf (stderr, "setuid() failed"); -+ return; -+ } - - execl (uucico_location, "uucico", NULL); - perror ("uucico server: execl"); diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_2.5.bb index 957f1feac6..0f1a0736bd 100644 --- a/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb +++ b/poky/meta/recipes-connectivity/inetutils/inetutils_2.5.bb @@ -11,15 +11,13 @@ LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" -SRC_URI[sha256sum] = "1789d6b1b1a57dfe2a7ab7b533ee9f5dfd9cbf5b59bb1bb3c2612ed08d0f68b2" +SRC_URI[sha256sum] = "87697d60a31e10b5cb86a9f0651e1ec7bee98320d048c0739431aac3d5764fb6" SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://rexec.xinetd.inetutils \ file://rlogin.xinetd.inetutils \ file://rsh.xinetd.inetutils \ file://telnet.xinetd.inetutils \ file://tftpd.xinetd.inetutils \ - file://0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch \ - file://0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch \ " inherit autotools gettext update-alternatives texinfo diff --git a/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch index 451b409c88..5b135b3aee 100644 --- a/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch +++ b/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch @@ -1,4 +1,4 @@ -From d027b1d85a8c1a0193b6e4a00083d3038d699a59 Mon Sep 17 00:00:00 2001 +From 06ebd1b2ced426c420ed162980eca194f9f918ae Mon Sep 17 00:00:00 2001 From: Kai Kang <kai.kang@windriver.com> Date: Tue, 22 Sep 2020 15:02:33 +0800 Subject: [PATCH] There are conflict of config files between kea and lib32-kea: @@ -35,10 +35,10 @@ index e6ae8b8..50a3092 100644 // "param1": "foo" // } diff --git a/src/bin/keactrl/kea-dhcp4.conf.pre b/src/bin/keactrl/kea-dhcp4.conf.pre -index 26bf163..49ddb0a 100644 +index 6edb8a1..b2a7385 100644 --- a/src/bin/keactrl/kea-dhcp4.conf.pre +++ b/src/bin/keactrl/kea-dhcp4.conf.pre -@@ -252,7 +252,7 @@ +@@ -255,7 +255,7 @@ // // of all devices serviced by Kea, including their identifiers // // (like MAC address), their location in the network, times // // when they were active etc. @@ -47,7 +47,7 @@ index 26bf163..49ddb0a 100644 // "parameters": { // "path": "/var/lib/kea", // "base-name": "kea-forensic4" -@@ -269,7 +269,7 @@ +@@ -272,7 +272,7 @@ // // of specific options or perhaps even a combination of several // // options and fields to uniquely identify a client. Those scenarios // // are addressed by the Flexible Identifiers hook application. diff --git a/poky/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch b/poky/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch index b7c2fd4f0d..63a6a2805b 100644 --- a/poky/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch +++ b/poky/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch @@ -1,4 +1,4 @@ -From 18f4f6206c248d6169aa67b3ecf16bf54e9292e8 Mon Sep 17 00:00:00 2001 +From c878a356712606549f7f188b62f7d1cae08a176e Mon Sep 17 00:00:00 2001 From: Armin kuster <akuster808@gmail.com> Date: Wed, 14 Oct 2020 22:48:31 -0700 Subject: [PATCH] Busybox does not support ps -p so use pgrep @@ -13,10 +13,10 @@ Signed-off-by: Armin kuster <akuster808@gmail.com> 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/bin/keactrl/keactrl.in b/src/bin/keactrl/keactrl.in -index ae5bd8e..e9f9b73 100644 +index 450e997..c353ca9 100644 --- a/src/bin/keactrl/keactrl.in +++ b/src/bin/keactrl/keactrl.in -@@ -151,8 +151,8 @@ check_running() { +@@ -149,8 +149,8 @@ check_running() { # Get the PID from the PID file (if it exists) get_pid_from_file "${proc_name}" if [ ${_pid} -gt 0 ]; then diff --git a/poky/meta/recipes-connectivity/kea/kea_2.4.0.bb b/poky/meta/recipes-connectivity/kea/kea_2.4.1.bb index 316468754e..c3aa4dc8f0 100644 --- a/poky/meta/recipes-connectivity/kea/kea_2.4.0.bb +++ b/poky/meta/recipes-connectivity/kea/kea_2.4.1.bb @@ -19,7 +19,7 @@ SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \ file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \ file://0001-kea-fix-reproducible-build-failure.patch \ " -SRC_URI[sha256sum] = "3a33cd08dc3319ff544e6bbf2c0429042106f4051ebe115dc1bb2625c95003f7" +SRC_URI[sha256sum] = "815c61f5c271caa4a1db31dd656eb50a7f6ea973da3690f7c8581408e180131a" inherit autotools systemd update-rc.d upstream-version-is-even diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch deleted file mode 100644 index 5afc714f19..0000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch +++ /dev/null @@ -1,80 +0,0 @@ -From b62a3fe424026b73ec6b1934483b16863c7dff23 Mon Sep 17 00:00:00 2001 -From: Wiktor Jaskulski <wjaskulski@adva.com> -Date: Thu, 11 May 2023 15:28:23 -0400 -Subject: [PATCH] configure.ac: libevent and libsqlite3 checked when nfsv4 is - disabled - -Upstream-Status: Backport -(http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=bc4a5deef9f820c55fdac3c0070364c17cd91cca) - -Signed-off-by: Steve Dickson <steved@redhat.com> -Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> ---- - configure.ac | 38 +++++++++++++++----------------------- - 1 file changed, 15 insertions(+), 23 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 4ade528d..519cacbf 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -335,42 +335,34 @@ AC_CHECK_HEADER(rpc/rpc.h, , - AC_MSG_ERROR([Header file rpc/rpc.h not found - maybe try building with --enable-tirpc])) - CPPFLAGS="${nfsutils_save_CPPFLAGS}" - -+dnl check for libevent libraries and headers -+AC_LIBEVENT -+ -+dnl Check for sqlite3 -+AC_SQLITE3_VERS -+ -+case $libsqlite3_cv_is_recent in -+yes) ;; -+unknown) -+ dnl do not fail when cross-compiling -+ AC_MSG_WARN([assuming sqlite is at least v3.3]) ;; -+*) -+ AC_MSG_ERROR([nfsdcld requires sqlite-devel]) ;; -+esac -+ - if test "$enable_nfsv4" = yes; then -- dnl check for libevent libraries and headers -- AC_LIBEVENT - - dnl check for the keyutils libraries and headers - AC_KEYUTILS - -- dnl Check for sqlite3 -- AC_SQLITE3_VERS -- - if test "$enable_nfsdcld" = "yes"; then - AC_CHECK_HEADERS([libgen.h sys/inotify.h], , - AC_MSG_ERROR([Cannot find header needed for nfsdcld])) -- -- case $libsqlite3_cv_is_recent in -- yes) ;; -- unknown) -- dnl do not fail when cross-compiling -- AC_MSG_WARN([assuming sqlite is at least v3.3]) ;; -- *) -- AC_MSG_ERROR([nfsdcld requires sqlite-devel]) ;; -- esac - fi - - if test "$enable_nfsdcltrack" = "yes"; then - AC_CHECK_HEADERS([libgen.h sys/inotify.h], , - AC_MSG_ERROR([Cannot find header needed for nfsdcltrack])) -- -- case $libsqlite3_cv_is_recent in -- yes) ;; -- unknown) -- dnl do not fail when cross-compiling -- AC_MSG_WARN([assuming sqlite is at least v3.3]) ;; -- *) -- AC_MSG_ERROR([nfsdcltrack requires sqlite-devel]) ;; -- esac - fi - - else --- -2.41.0 - diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch new file mode 100644 index 0000000000..57d4660571 --- /dev/null +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch @@ -0,0 +1,34 @@ +From 45597a58e98f351b18db8444292b1cf6dd0cd810 Mon Sep 17 00:00:00 2001 +From: Robert Yang <liezhi.yang@windriver.com> +Date: Sat, 9 Dec 2023 23:34:08 -0800 +Subject: [PATCH] reexport.h: Include unistd.h to compile with musl + +Fixed error when compile with musl +reexport.c: In function 'reexpdb_init': +reexport.c:62:17: error: implicit declaration of function 'sleep' [-Werror=implicit-function-declaration] + 62 | sleep(1); + + +Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=170254661824522&w=2] + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> +--- + support/reexport/reexport.h | 1 + + 1 files changed, 1 insertions(+) + +diff --git a/support/reexport/reexport.h b/support/reexport/reexport.h +index 85fd59c..02f8684 100644 +--- a/support/reexport/reexport.h ++++ b/support/reexport/reexport.h +@@ -1,6 +1,8 @@ + #ifndef REEXPORT_H + #define REEXPORT_H + ++#include <unistd.h> ++ + #include "nfslib.h" + + enum { +-- +2.42.0 + diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.3.bb b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb index 35cf6af6d4..2f2644f9a8 100644 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.3.bb +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb @@ -30,11 +30,11 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x file://bugfix-adjust-statd-service-name.patch \ file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \ file://clang-warnings.patch \ - file://0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch \ - file://0001-locktest-Makefile.am-Do-not-use-build-flags.patch \ - file://0001-tools-locktest-Use-intmax_t-to-print-off_t.patch \ + file://0001-locktest-Makefile.am-Do-not-use-build-flags.patch \ + file://0001-tools-locktest-Use-intmax_t-to-print-off_t.patch \ + file://0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch \ " -SRC_URI[sha256sum] = "38d89e853a71d3c560ff026af3d969d75e24f782ff68324e76261fe0344459e1" +SRC_URI[sha256sum] = "01b3b0fb9c7d0bbabf5114c736542030748c788ec2fd9734744201e9b0a1119d" # Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will # pull in the remainder of the dependencies. diff --git a/poky/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch b/poky/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch new file mode 100644 index 0000000000..2a16debb76 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch @@ -0,0 +1,35 @@ +From ad347c9ff0fd93bdd2fa2085611c65b88e94829f Mon Sep 17 00:00:00 2001 +From: "fangming.fang" <fangming.fang@arm.com> +Date: Thu, 7 Dec 2023 06:17:51 +0000 +Subject: [PATCH] Enable BTI feature for md5 on aarch64 + +Fixes: #22959 + +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/22971) + +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + crypto/md5/asm/md5-aarch64.pl | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/crypto/md5/asm/md5-aarch64.pl b/crypto/md5/asm/md5-aarch64.pl +index 3200a0fa9bff0..5a8608069691d 100755 +--- a/crypto/md5/asm/md5-aarch64.pl ++++ b/crypto/md5/asm/md5-aarch64.pl +@@ -28,10 +28,13 @@ + *STDOUT=*OUT; + + $code .= <<EOF; ++#include "arm_arch.h" ++ + .text + .globl ossl_md5_block_asm_data_order + .type ossl_md5_block_asm_data_order,\@function + ossl_md5_block_asm_data_order: ++ AARCH64_VALID_CALL_TARGET + // Save all callee-saved registers + stp x19,x20,[sp,#-80]! + stp x21,x22,[sp,#16] diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.2.0.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.2.0.bb index ab0562bd73..d041d2d214 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl_3.2.0.bb +++ b/poky/meta/recipes-connectivity/openssl/openssl_3.2.0.bb @@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ file://0001-Added-handshake-history-reporting-when-test-fails.patch \ + file://aarch64-bti.patch \ " SRC_URI:append:class-nativesdk = " \ diff --git a/poky/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch b/poky/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch new file mode 100644 index 0000000000..9051ae1abe --- /dev/null +++ b/poky/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch @@ -0,0 +1,62 @@ +From 4f887cc665c9a48b83e20ef4abe57afa7e365e0e Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@eng.windriver.com> +Date: Tue, 5 Dec 2023 23:02:22 -0800 +Subject: [PATCH v2] fix compile procan.c failed + +1. Compile socat failed if out of tree build (build dir != source dir) +... +gcc -c -D CC="gcc" -o procan.o procan.c +cc1: fatal error: procan.c: No such file or directory +... +Explicitly add $srcdir to makefile rule + +2. Compile socat failed if multiple words in $(CC), such as CC="gcc -m64" +... +from ../socat-1.8.0.0/procan.c:10: +../socat-1.8.0.0/sysincludes.h:18:10: fatal error: inttypes.h: No such file or directory + 18 | #include <inttypes.h> /* uint16_t */ +... + +In commit [Procan: print umask, CC, and couple more new infos][1], +it defeines marcro CC in C source, the space in CC will break +C source compile. Use first word of $(CC) to defeine marco CC + +[1] https://repo.or.cz/socat.git/commit/cd5673dbd0786c94e0b3ace7e35fab14c01e3185 + +Upstream-Status: Submitted [socat@dest-unreach.org] +Signed-off-by: Hongxu Jia <hongxu.jia@eng.windriver.com> +--- + Makefile.in | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index c01b1a4..48dad69 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -109,8 +109,8 @@ depend: $(CFILES) $(HFILES) + socat: socat.o libxio.a + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ socat.o libxio.a $(CLIBS) + +-procan.o: procan.c +- $(CC) $(CFLAGS) -c -D CC=\"$(CC)\" -o $@ procan.c ++procan.o: $(srcdir)/procan.c ++ $(CC) $(CFLAGS) -c -D CC=\"$(firstword $(CC))\" -o $@ $(srcdir)/procan.c + + PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o + procan: $(PROCAN_OBJS) +@@ -132,9 +132,9 @@ install: progs $(srcdir)/doc/socat.1 + mkdir -p $(DESTDIR)$(BINDEST) + $(INSTALL) -m 755 socat $(DESTDIR)$(BINDEST)/socat1 + ln -sf socat1 $(DESTDIR)$(BINDEST)/socat +- $(INSTALL) -m 755 socat-chain.sh $(DESTDIR)$(BINDEST) +- $(INSTALL) -m 755 socat-mux.sh $(DESTDIR)$(BINDEST) +- $(INSTALL) -m 755 socat-broker.sh $(DESTDIR)$(BINDEST) ++ $(INSTALL) -m 755 $(srcdir)/socat-chain.sh $(DESTDIR)$(BINDEST) ++ $(INSTALL) -m 755 $(srcdir)/socat-mux.sh $(DESTDIR)$(BINDEST) ++ $(INSTALL) -m 755 $(srcdir)/socat-broker.sh $(DESTDIR)$(BINDEST) + $(INSTALL) -m 755 procan $(DESTDIR)$(BINDEST) + $(INSTALL) -m 755 filan $(DESTDIR)$(BINDEST) + mkdir -p $(DESTDIR)$(MANDEST)/man1 +-- +2.42.0 + diff --git a/poky/meta/recipes-connectivity/socat/socat_1.7.4.4.bb b/poky/meta/recipes-connectivity/socat/socat_1.8.0.0.bb index 5a379380d1..912605c95c 100644 --- a/poky/meta/recipes-connectivity/socat/socat_1.7.4.4.bb +++ b/poky/meta/recipes-connectivity/socat/socat_1.8.0.0.bb @@ -7,11 +7,13 @@ SECTION = "console/network" LICENSE = "GPL-2.0-with-OpenSSL-exception" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://README;beginline=257;endline=287;md5=82520b052f322ac2b5b3dfdc7c7eea86" + file://README;beginline=241;endline=271;md5=338c05eadd013872abb1d6e198e10a3f" -SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2" +SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ + file://0001-fix-compile-procan.c-failed.patch \ +" -SRC_URI[sha256sum] = "fbd42bd2f0e54a3af6d01bdf15385384ab82dbc0e4f1a5e153b3e0be1b6380ac" +SRC_URI[sha256sum] = "e1de683dd22ee0e3a6c6bbff269abe18ab0c9d7eb650204f125155b9005faca7" inherit autotools |