diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2022-05-09 23:27:38 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2022-05-09 23:28:22 +0300 |
commit | 322e9fc9c6aafb1be6757915ca920b5170642aa7 (patch) | |
tree | 860b5f806d45e9fbdece0eee9efabd5b000b64b9 /poky/meta/recipes-devtools | |
parent | e22d42c0b6ed325dcf25896e58673f23556171dd (diff) | |
download | openbmc-322e9fc9c6aafb1be6757915ca920b5170642aa7.tar.xz |
subtree updates
poky: 27de52e402..d84c73d1ef:
Alexander Kanavin (2):
glib: upgrade 2.72.0 -> 2.72.1
libxml2: update patch status
Carlos Rafael Giani (2):
gstreamer1.0-plugins-good: Fix libsoup dependency
gstreamer1.0: Minor documentation addition
Chen Qi (2):
cases/buildepoxy.py: fix typo
go.bbclass: disable the use of the default configuration file
Davide Gardenal (1):
create-spdx: delete virtual/kernel dependency to fix FreeRTOS build
Dmitry Baryshkov (2):
linux-firmware: correct license for ar3k firmware
arch-armv8-2a.inc: fix a typo in TUNEVALID variable
Henning Schild (1):
wic: do not use PARTLABEL for msdos partition tables
Khem Raj (7):
seatd: Disable overflow warning as error on ppc64/musl
musl: Fix build when usrmerge distro feature is enabled
gcompat: Fix build when usrmerge distro feature is enabled
libc-glibc: Use libxcrypt to provide virtual/crypt
qemu.bbclass: Extend ppc/ppc64 extra options
busybox: Use base_bindir instead of hardcoding /bin path
util-linux: Create u-a symlink for findfs utility
Naveen Saini (1):
gstreamer1.0-plugins-bad: drop patch
Nicolas Dechesne (1):
sanity: skip make 4.2.1 warning for debian
Paul Gortmaker (1):
install/devshell: Introduce git intercept script due to fakeroot issues
Peter Kjellerstedt (2):
terminal.py: Restore error output from Terminal
devshell.bbclass: Allow devshell & pydevshell to use the network
Pgowda (1):
glibc: ptest: Fix glibc-tests package issue
Rahul Kumar (1):
neard: Switch SRC_URI to git repo
Richard Purdie (2):
base: Drop git intercept
staging: Ensure we filter out ourselves
Ross Burton (5):
e2fsprogs: fix CVE-2022-1304
python3: ignore CVE-2015-20107
cve_check: skip remote patches that haven't been fetched when searching for CVE tags
subversion: upgrade to 1.14.2
bitbake.conf: mark all directories as safe for git to read
Russ Dill (2):
package.bbclass: Prevent perform_packagecopy from removing /sysroot-only
kernel-yocto.bbclass: Fixup do_kernel_configcheck usage of KMETA
wangmy (1):
apt: upgrade 2.4.4 -> 2.4.5
meta-openembedded: bb2b5b31a8..5357c7a40e:
Carlos Rafael Giani (1):
pipewire: Upgrade to version 0.3.50
Khem Raj (23):
crash: Fix build for mips target
tcsh: Do not install symlinks into /bin with usrmerge
arno-iptables-firewall: Do not use bitbake variable inside S
fluentbit: Fix build with usrmerge distro feature
tomoyo-tools: Define SBINDIR
tomoyo-tools: Drop md5sum
dietsplash: specify install rootdir
linux-atm: Add knob to root prefix
ufw: Fix build with usrmerge distro feature
klibc: Recognise --dyld-prefix clang option
mozjs: Use vendored icu on ppc/clang
boinc-client: Do not overwrite same file when using usrmerge
pam-ssh-agent-auth: Use specific versions of BSD licenses
fwupd: Enable build with musl
lirc: install systemd units only when using systemd distro feature
fluentbit: Disable systemd support when systemd distro feature is disabled
gtksourceview5: Allow wayland or x11
gtkmm3: Allow wayland or x11 in distro features
gparted: Allow wayland or x11 distro features
lirc: Delete systemd unit files on non systemd distros
atkmm: Allow build with wayland
pangomm: Allow building with wayland
boinc-client: Make script install not depend on host install paths
Mingli Yu (2):
crash: Upgrade to 8.0.0
makedumpfile: Upgrade to 1.7.1
Robert Yang (1):
libldb: Fix installed-vs-shipped and rebuild error
Willy Tu (1):
absil-cpp: Update SRC_URI to to the latest google internal sync
wangmy (11):
evince: upgrade 42.1 -> 42.2
gspell: upgrade 1.9.1 -> 1.10.0
gtksourceview5: upgrade 5.4.0 -> 5.4.1
libadwaita: upgrade 1.1.0 -> 1.1.1
nautilus: upgrade 42.0 -> 42.1.1
htpdate: upgrade 1.3.3 -> 1.3.4
hexedit: upgrade 1.5 -> 1.6
lsscsi: upgrade 0.31 -> 0.32
libencode-perl: upgrade 3.16 -> 3.17
libextutils-cppguess-perl: upgrade 0.23 -> 0.26
libtest-harness-perl: upgrade 3.42 -> 3.44
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I5475712642467a1ecb4d9cf2c93510a40eb7bf24
Diffstat (limited to 'poky/meta/recipes-devtools')
-rw-r--r-- | poky/meta/recipes-devtools/apt/apt_2.4.5.bb (renamed from poky/meta/recipes-devtools/apt/apt_2.4.4.bb) | 2 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/extents.patch | 56 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb | 1 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3_3.10.4.bb | 3 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/subversion/subversion/disable_macos.patch | 71 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/subversion/subversion_1.14.2.bb (renamed from poky/meta/recipes-devtools/subversion/subversion_1.14.1.bb) | 3 |
6 files changed, 62 insertions, 74 deletions
diff --git a/poky/meta/recipes-devtools/apt/apt_2.4.4.bb b/poky/meta/recipes-devtools/apt/apt_2.4.5.bb index 9faf1e7ea9..95c25e3036 100644 --- a/poky/meta/recipes-devtools/apt/apt_2.4.4.bb +++ b/poky/meta/recipes-devtools/apt/apt_2.4.5.bb @@ -25,7 +25,7 @@ SRC_URI:append:class-nativesdk = " \ file://0001-Revert-always-run-dpkg-configure-a-at-the-end-of-our.patch \ " -SRC_URI[sha256sum] = "d6d83d122ddd7cc83b2c2f839a55940c13ab93e5cf6024a010d6a6b4110dcf0e" +SRC_URI[sha256sum] = "5552f175c3a3924f5cda0c079b821b30f68a2521959f2c30ab164d2ec7993ecf" LIC_FILES_CHKSUM = "file://COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263" # the package is taken from snapshots.debian.org; that source is static and goes stale diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/extents.patch b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/extents.patch new file mode 100644 index 0000000000..ffaecc622a --- /dev/null +++ b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/extents.patch @@ -0,0 +1,56 @@ +CVE: CVE-2022-1304 +Upstream-Status: Submitted [https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczerner@redhat.com/] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 347084c9c1ad20f47dae16f5a3dcd8628d5fc7b0 Mon Sep 17 00:00:00 2001 +From: Lukas Czerner <lczerner@redhat.com> +Date: Thu, 21 Apr 2022 19:31:48 +0200 +Subject: [PATCH] e2fsprogs: add sanity check to extent manipulation + +It is possible to have a corrupted extent tree in such a way that a leaf +node contains zero extents in it. Currently if that happens and we try +to traverse the tree we can end up accessing wrong data, or possibly +even uninitialized memory. Make sure we don't do that. + +Additionally make sure that we have a sane number of bytes passed to +memmove() in ext2fs_extent_delete(). + +Note that e2fsck is currently unable to spot and fix such corruption in +pass1. + +Signed-off-by: Lukas Czerner <lczerner@redhat.com> +Reported-by: Nils Bars <nils_bars@t-online.de> +Addressess: https://bugzilla.redhat.com/show_bug.cgi?id=2068113 +--- + lib/ext2fs/extent.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/lib/ext2fs/extent.c b/lib/ext2fs/extent.c +index b324c7b0..1a206a16 100644 +--- a/lib/ext2fs/extent.c ++++ b/lib/ext2fs/extent.c +@@ -495,6 +495,10 @@ retry: + ext2fs_le16_to_cpu(eh->eh_entries); + newpath->max_entries = ext2fs_le16_to_cpu(eh->eh_max); + ++ /* Make sure there is at least one extent present */ ++ if (newpath->left <= 0) ++ return EXT2_ET_EXTENT_NO_DOWN; ++ + if (path->left > 0) { + ix++; + newpath->end_blk = ext2fs_le32_to_cpu(ix->ei_block); +@@ -1630,6 +1634,10 @@ errcode_t ext2fs_extent_delete(ext2_extent_handle_t handle, int flags) + + cp = path->curr; + ++ /* Sanity check before memmove() */ ++ if (path->left < 0) ++ return EXT2_ET_EXTENT_LEAF_BAD; ++ + if (path->left) { + memmove(cp, cp + sizeof(struct ext3_extent_idx), + path->left * sizeof(struct ext3_extent_idx)); +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb index 16c183eed3..ec48f419c7 100644 --- a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb +++ b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb @@ -4,6 +4,7 @@ SRC_URI += "file://remove.ldconfig.call.patch \ file://run-ptest \ file://ptest.patch \ file://mkdir_p.patch \ + file://extents.patch \ " SRC_URI:append:class-native = " \ file://e2fsprogs-fix-missing-check-for-permission-denied.patch \ diff --git a/poky/meta/recipes-devtools/python/python3_3.10.4.bb b/poky/meta/recipes-devtools/python/python3_3.10.4.bb index 7eaafe34ad..d678d55083 100644 --- a/poky/meta/recipes-devtools/python/python3_3.10.4.bb +++ b/poky/meta/recipes-devtools/python/python3_3.10.4.bb @@ -55,6 +55,9 @@ CVE_CHECK_IGNORE += "CVE-2007-4559" CVE_CHECK_IGNORE += "CVE-2019-18348" # These are specific to Microsoft Windows CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488" +# The mailcap module is insecure by design, so this can't be fixed in a meaningful way. +# The module will be removed in the future and flaws documented. +CVE_CHECK_IGNORE += "CVE-2015-20107" PYTHON_MAJMIN = "3.10" diff --git a/poky/meta/recipes-devtools/subversion/subversion/disable_macos.patch b/poky/meta/recipes-devtools/subversion/subversion/disable_macos.patch deleted file mode 100644 index 8d2d635992..0000000000 --- a/poky/meta/recipes-devtools/subversion/subversion/disable_macos.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 9c350c037ca3489dbeece6ecc2d7e2e5dbb177e9 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Sat, 11 May 2019 15:21:46 +0800 -Subject: [PATCH] These tests don't work in cross compiling, just disable them - for now, we don't build subversion on OS-X at this time. - -RP 1014/7/16 - -Upstream-Status: Pending [needs a rewrite to support a cache value] - -Rebase to 1.12.0 - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - build/ac-macros/macosx.m4 | 31 +------------------------------ - 1 file changed, 1 insertion(+), 30 deletions(-) - -diff --git a/build/ac-macros/macosx.m4 b/build/ac-macros/macosx.m4 -index 92fa58e..a568e1c 100644 ---- a/build/ac-macros/macosx.m4 -+++ b/build/ac-macros/macosx.m4 -@@ -24,21 +24,7 @@ dnl Check for _dyld_image_name and _dyld_image_header availability - AC_DEFUN(SVN_LIB_MACHO_ITERATE, - [ - AC_MSG_CHECKING([for Mach-O dynamic module iteration functions]) -- AC_RUN_IFELSE([AC_LANG_PROGRAM([[ -- #include <mach-o/dyld.h> -- #include <mach-o/loader.h> -- ]],[[ -- const struct mach_header *header = _dyld_get_image_header(0); -- const char *name = _dyld_get_image_name(0); -- if (name && header) return 0; -- return 1; -- ]])],[ -- AC_DEFINE([SVN_HAVE_MACHO_ITERATE], [1], -- [Is Mach-O low-level _dyld API available?]) -- AC_MSG_RESULT([yes]) -- ],[ - AC_MSG_RESULT([no]) -- ]) - ]) - - dnl SVN_LIB_MACOS_PLIST -@@ -46,23 +32,8 @@ dnl Assign variables for Mac OS property list support - AC_DEFUN(SVN_LIB_MACOS_PLIST, - [ - AC_MSG_CHECKING([for Mac OS property list utilities]) -- -- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -- #include <AvailabilityMacros.h> -- #if !defined(MAC_OS_X_VERSION_MAX_ALLOWED) \ -- || !defined(MAC_OS_X_VERSION_10_0) \ -- || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_0) -- #error ProperyList API unavailable. -- #endif -- ]],[[]])],[ -- SVN_MACOS_PLIST_LIBS="-framework CoreFoundation" -- AC_SUBST(SVN_MACOS_PLIST_LIBS) -- AC_DEFINE([SVN_HAVE_MACOS_PLIST], [1], -- [Is Mac OS property list API available?]) -- AC_MSG_RESULT([yes]) -- ],[ -+ AC_SUBST([SVN_MACOS_PLIST_LIBS], [""]) - AC_MSG_RESULT([no]) -- ]) - ]) - - dnl SVN_LIB_MACOS_KEYCHAIN --- -2.7.4 - diff --git a/poky/meta/recipes-devtools/subversion/subversion_1.14.1.bb b/poky/meta/recipes-devtools/subversion/subversion_1.14.2.bb index 71183ac7ce..ba208d922f 100644 --- a/poky/meta/recipes-devtools/subversion/subversion_1.14.1.bb +++ b/poky/meta/recipes-devtools/subversion/subversion_1.14.2.bb @@ -9,11 +9,10 @@ DEPENDS = "apr-util serf sqlite3 file lz4" DEPENDS:append:class-native = " file-replacement-native" SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ - file://disable_macos.patch \ file://serfmacro.patch \ " -SRC_URI[sha256sum] = "2c5da93c255d2e5569fa91d92457fdb65396b0666fad4fd59b22e154d986e1a9" +SRC_URI[sha256sum] = "c9130e8d0b75728a66f0e7038fc77052e671830d785b5616aad53b4810d3cc28" inherit autotools pkgconfig gettext python3native |