diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2023-07-21 17:09:43 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2023-08-10 22:22:44 +0300 |
| commit | 8f840685fb701a268141f0fcebc1d34fcd9b01de (patch) | |
| tree | 49f7cc04f8447a72e1bb9f96fa4a1174cea7b435 /poky/meta/recipes-extended/pam | |
| parent | 5eea8d85a2b0bfced71508b4b97030e2dc9a5717 (diff) | |
| download | openbmc-8f840685fb701a268141f0fcebc1d34fcd9b01de.tar.xz | |
subtree updates july 21 2023 poky,openembedded
poky: 13b646c0e1..b398c7653e:
Adrian Freihofer (2):
runqemu-ifdown: catch up with ifup
runqemu: drop uid parameter for ifdown
Alejandro Hernandez Samaniego (3):
baremetal-helloworld: Fix race condition
runqemu: Stop using warn() since its been deprecated
runqemu: Fix automated call to runqemu-ifup
Alex Kiernan (3):
rootfs: Add debugfs package db file copy and cleanup
rpm: Pick debugfs package db files/dirs explicitly
eudev: Add group sgx to eudev package
Alexander Kanavin (27):
insane.bbclass: enable 32 bit time API check (as a warning) on affected architectures
libxcrypt: upgrade 4.4.34 -> 4.4.35
libxml2: update 2.10.4 -> 2.11.4
ovmf: update 202302 -> 202305
lua: update 5.4.4 -> 5.4.6
cargo.bbclass: set up cargo environment in common do_compile
rust-common.bbclass: move musl-specific linking fix from rust-source.inc
python3-cryptography: update 39.0.2 -> 41.0.1
python3-cryptography-vectors: update 39.0.2 -> 41.0.1
python3: update 3.11.3 -> 3.11.4
diffutils: update 3.9 -> 3.10
shadow: remove dependency on pam-plugin-lastlog
libpam: update 1.5.2 -> 1.5.3
librsvg: update 2.56.0 -> 2.56.1
vulkan-validation-layers: update 1.3.243 -> 1.3.250
xcb-util-cursor: add a recipe from meta-oe
weston: update 11.0.1 -> 12.0.1
libdmx: update 1.1.4 -> 1.1.5
xtrans: update 1.4.0 -> 1.5.0
libproxy: fetch from git
libproxy: update 0.4.18 -> 0.5.2
libssh2: update 1.10.0 -> 1.11.0
gstreamer1.0-plugins-base: enable glx/opengl support
webkitgtk: update 2.38.5 -> 2.40.2
python3-cryptography: update a patch to upstream's better followup fix
time64.inc: annotate and clean up recipe-specific Y2038 exceptions
Revert "rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock"
Andrej Valek (3):
cve-check: add option to add additional patched CVEs
oeqa/selftest/cve_check: rework test to new cve status handling
cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS
Anuj Mittal (7):
rpm: backport fix to prevent crashes with latest sqlite
sqlite3: upgrade 3.41.2 -> 3.42.0
vte: upgrade 0.72.1 -> 0.72.2
libpng: upgrade 1.6.39 -> 1.6.40
glib-networking: upgrade 2.76.0 -> 2.76.1
bluez5: upgrade 5.66 -> 5.68
selftest/cases/glibc.py: fix the override syntax
BELOUARGA Mohamed (9):
bitbake: fetch2/npmsw: Add support for the new format of the shrinkwrap file
bitbake: fetch2/npmsw: Don't fetch dev dependencies when they are not demanded
bitbake: fetch2/npm: Remove special caracters that causes recipe tool to fail
recipetool: create: npm: Remove duplicate function to not have future conflicts
classes: npm: Handle peer dependencies for npm packages
recipetool: create: npm: Add support for the new format of the shrinkwrap file
recipetool: create: npm: Add support to handle peer dependencies
classes: npm: Add support for the new format of the shrinkwrap file
classe-recipes: npm: Add support for dependencies and devDependencies
Benjamin Bouvier (1):
util-linux: add alternative links for ipcs,ipcrm
Bruce Ashfield (19):
perf: fix buildpaths QA warning in 6.4+
linux-libc-headers: bump to 6.4
kernel: fix localversion in v6.3+
linux-yocto: introduce 6.4 reference kernel recipes
linux-yocto/6.4: update to latest
linux-yocto/6.4: aufs6 integration
linux-yocto/6.4: refresh configuration
linux-yocto-rt/6.4: integrate -rt6
linux-yocto/6.4: update to v6.4.2
linux-yocto-tiny/6.4: fix configuration warnings (HID)
linux-yocto-tiny/arm: fix configuration warnings (HID)
linux-yocto/ppc: add elfutils-native to DEPENDS
linux-yocto/6.1: update to v6.1.36
linux-yocto/6.1: update to v6.1.37
linux-yocto/6.1: update to v6.1.38
linux-yocto/6.x: cfg: update ima.cfg to match current meta-integrity
linux-yocto/6.4: update to v6.4.3
kernel: set HOSTPKG_CONFIG to use pkg-config-native
linux-yocto/6.4: fix menuconfig
Changqing Li (2):
dnf: only write the log lock to root for native dnf
rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock
Denys Dmytriyenko (1):
bitbake: runqueue: convert deferral messages from bb.note to bb.debug
Enrico Scholz (1):
shadow-sysroot: add license information
Etienne Cordonnier (2):
libxcrypt: fix hard-coded ".so" extension
qemu: fix typo
Fabio Estevam (3):
u-boot: Update Upstream-Status
u-boot: Upgrade to 2023.07
u-boot: Upgrade to 2023.07.02
Frederic Martinsons (1):
ptest-cargo.bbclass: fix condition to detect test executable
Joe Slater (1):
ghostscript: advance to version 10.01.2
Jose Quaresma (12):
kernel: config modules directories are handled by kernel-module-split
kernel-module-split: install config modules directories only when they are needed
kernel-module-split: use context manager to open files
kernel-module-split: make autoload and probeconf distribution specific
kernel-module-split add systemd modulesloaddir and modprobedir config
pybootchartgui: calcule elapsed_time when starting the loop
pybootchartgui: concatenate the elapsed time with the process
pybootchartgui: fix overlapping argument in render_processes_chart
pybootchartgui: fix width max usage in draw_label_in_box
openssl: add PERLEXTERNAL path to test its existence
openssl: use a glob on the PERLEXTERNAL to track updates on the path
go: update 1.20.5 -> 1.20.6
Julien Stephan (1):
automake: fix buildtest patch
Khem Raj (9):
ffmpeg: Fix build on riscv
libpam: Fix examples build on musl
webkitgtk: Enable JIT on RISCV64
musl: Guard fallocate64 with _LARGEFILE64_SOURCE
alsa-lib: Disable old API symbols
mesa: Fix build with upcoming LLVM 17
meson.bbclass: Point to llvm-config from native sysroot
webkitgtk: Unbreak build on platforms using pvr graphics drivers
python3-lxml: upgrade 4.9.2 -> 4.9.3
Martin Jansa (4):
selftest: multiconfig-image-packager: try to respect IMAGE_LINK_NAME
kernel-devicetree: install dtb files without -${KERNEL_DTB_NAME} suffix
image-artifact-names: include ${IMAGE_NAME_SUFFIX} directly in both ${IMAGE_NAME} and ${IMAGE_LINK_NAME}
cpio: respect MLPREFIX for PACKAGE_WRITE_DEPS
Michael Halstead (1):
resulttool/resultutils: allow index generation despite corrupt json
Mingli Yu (1):
qemu: Add qemu-user-* and qemu-system-* to PACKAGES_DYNAMIC
Natasha Bailey (1):
tiff: backport a fix for CVE-2023-26965
Ovidiu Panait (5):
mdadm: fix util-linux ptest dependency
mdadm: fix 07revert-inplace ptest
mdadm: fix segfaults when running ptests
mdadm: skip running known broken ptests
mdadm: re-add mdadm-ptest to PTESTS_SLOW
Peter Hoyes (5):
bitbake: bitbake: tests/fetch: Mark TestTimeout as not a test suite
bitbake: bitbake: tests/fetch: Rename assertRaisesRegexp to assertRaisesRegex
bitbake: bitbake: tests/fetch: Set git config if not already set
bitbake: bitbake: tests: Use assertLogs to test logging output
bitbake: bitbake: Bootstrap pytest for self-tests
Peter Marko (4):
cve-update-nvd2-native: fix cvssV3 metrics
gcsections: apply section removal also in C++, not only in C
cve-update-nvd2-native: retry all errors and sleep between retries
cve-update-nvd2-native: increase retry count
Piotr Łobacz (1):
bitbake.conf: Add acl distro native features support
Quentin Schulz (1):
uboot-extlinux-config.bbclass: fix old override syntax in comment
Richard Purdie (14):
defaultsetup: Enable largefile and 64bit time_t support systemwide for 32 bit platforms
time64: Disable CFLAGS for strace
bitbake: runqueue: Fix deferred task/multiconfig race issue
strace: Update patches/tests with upstream fixes
bitbake: fetch2/npmsw: Support old and new shrinkwrap formats
ptest-runner: Pull in "runner: Remove threads and mutexes" fix
bitbake: server/process: Show command in timeout message
bitbake: cooker: Log when parsing starts in server log
gcc-testsuite: Fix ppc cpu specification
ptest-runner: Pull in parallel test fixes and output handling
oeqa/selftest/rust: Various fixes to work correctly
bitbake: runqueue: Add pressure change logging
build-appliance-image: Update to master head revision
glibc-testsuite: Fix network restrictions causing test failures
Ross Burton (26):
cve-update-db-native: remove
cve-update-nvd2-native: handle all configuration nodes, not just first
cve-update-nvd2-native: use exact times, don't truncate
ghostscript: remove CVE_CHECK_IGNORE for CVE-2013-6629
pkgconf: update SRC_URI
libjpeg-turbo: upgrade to 3.0.0
cups: upgrade to 2.4.6
tiff: upgrade to 4.5.1
linux-yocto/cve-exclusion: move entries from cve-extra-exclusions
linux-yocto/cve-exclusion: ignore more backported CVEs
python3: fix missing comma in get_module_deps3.py
python3-jsonpointer: upgrade to 2.4
oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case
cml1: add showconfig task to easily find the generated .config file
rootfs_rpm: don't depend on opkg-native for update-alternatives
poky: add Debian 12 to supported distribution list
cve-update-nvd2-native: log a little more
cve-update-nvd2-native: actually use API keys
gcc: don't pass --enable-standard-branch-protection
machine/arch-arm64: add -mbranch-protection=standard
qemuarm: pin kernel to 6.1
libdmx: remove obsolete library
linux-yocto_6.1: ignore backported CVEs
python3: ignore CVE-2023-36632
ltp: add RDEPENDS on findutils
oeqa/ltp: rewrote LTP testcase and parser
Siddharth Doshi (2):
bind: Upgrade 9.18.15 -> 9.18.16
flac: Upgrade 1.4.2 -> 1.4.3
Soumya (1):
perl: Fix CVE-2023-31486
Staffan Rydén (1):
kernel: Fix path comparison in kernel staging dir symlinking
Stéphane Veyret (1):
scripts/oe-setup-builddir: copy conf-notes.txt to build dir
Sudip Mukherjee (1):
libssh2: disable rpath to fix curl-native build
Thomas Roos (1):
testimage/oeqa: Drop testimage_dump_host functionality
Tim Orling (10):
python3-pytest-subtests: upgrade 0.10.0 -> 0.11.0
python3-urllib3: upgrade 2.0.2 -> 2.0.3
python3-typing-extensions: upgrade 4.6.3 -> 4.7.0
python3-hypothesis: upgrade 6.79.2 -> 6.80.0
python3-pygments: upgrade 2.14.0 -> 2.15.1
python3-importlib-metadata: upgrade 6.7.0 -> 6.8.0
python3-typing-extensions: upgrade 4.7.0 -> 4.7.1
python3-cryptography{-vectors}: upgrade 41.0.1 -> 41.0.2
python3-zipp: upgrade 3.15.0 -> 3.16.2
python3-hypothesis: upgrade 6.80.0 -> 6.81.2
Trevor Gamblin (15):
python3: add cgitb, zipapp ptest dependencies
qemu: upgrade 8.0.0 -> 8.0.3
python3: parallelize ptests, add test_cppext dependencies
python3-setuptools: upgrade 67.6.1 -> 68.0.0
diffoscope: upgrade 242 -> 243
p11-kit: upgrade 0.24.1 -> 0.25.0
diffoscope: add missing RDEPENDS and alphabetize
linux-firmware: upgrade 20230515 -> 20230625
python3-trove-classifiers: upgrade 2023.5.24 -> 2023.7.6
python3-cython: upgrade 0.29.35 -> 0.29.36
icu: upgrade 72-1 -> 73-2
python3-editables: add python3-io to RDEPENDS
python3: ensure ptest regression capture
diffoscope: upgrade 243 -> 244
xeyes: upgrade 1.2.0 -> 1.3.0
Wang Mingyu (51):
freetype: upgrade 2.13.0 -> 2.13.1
gstreamer1.0: upgrade 1.22.3 -> 1.22.4
kbd: upgrade 2.5.1 -> 2.6.0
libassuan: upgrade 2.5.5 -> 2.5.6
libksba: upgrade 1.6.3 -> 1.6.4
libmd: upgrade 1.0.4 -> 1.1.0
libsdl2: upgrade 2.26.5 -> 2.28.0
libtraceevent: upgrade 1.7.2 -> 1.7.3
libx11: upgrade 1.8.5 -> 1.8.6
lttng-ust: upgrade 2.13.5 -> 2.13.6
nettle: upgrade 3.9 -> 3.9.1
nghttp2: upgrade 1.53.0 -> 1.54.0
ccache: upgrade 4.8.1 -> 4.8.2
mesa: upgrade 23.1.1 -> 23.1.3
python3-numpy: upgrade 1.24.3 -> 1.25.0
python3-typing-extensions: upgrade 4.6.2 -> 4.6.3
xorgproto: upgrade 2022.2 -> 2023.2
python3-hatchling: upgrade 1.17.0 -> 1.18.0
python3-hypothesis: upgrade 6.75.7 -> 6.79.2
python3-importlib-metadata: upgrade 6.6.0 -> 6.7.0
python3-iso8601: upgrade 1.1.0 -> 2.0.0
python3-markupsafe: upgrade 2.1.2 -> 2.1.3
python3-pluggy: upgrade 1.0.0 -> 1.2.0
python3-pycairo: upgrade 1.23.0 -> 1.24.0
python3-pyparsing: upgrade 3.0.9 -> 3.1.0
python3-pytest: upgrade 7.3.1 -> 7.4.0
python3-ruamel-yaml: upgrade 0.17.31 -> 0.17.32
python3-sphinx-rtd-theme: upgrade 1.2.1 -> 1.2.2
xkeyboard-config: upgrade 2.38 -> 2.39
xwayland: upgrade 23.1.1 -> 23.1.2
wayland-protocols: upgrade 1.31 -> 1.32
taglib: upgrade 1.13 -> 1.13.1
libxcrypt: upgrade 4.4.35 -> 4.4.36
msmtp: upgrade 1.8.23 -> 1.8.24
libwebp: upgrade 1.3.0 -> 1.3.1
libuv: upgrade 1.45.0 -> 1.46.0
acpica: upgrade 20230331 -> 20230628
libnss-nis: upgrade 3.1 -> 3.2
harfbuzz: upgrade 7.3.0 -> 8.0.1
libproxy: upgrade 0.5.2 -> 0.5.3
nghttp2: upgrade 1.54.0 -> 1.55.1
debianutils: upgrade 5.7 -> 5.8
glib-2.0: upgrade 2.76.3 -> 2.76.4
python3-pip: upgrade 23.1.2 -> 23.2
opkg: upgrade 0.6.1 -> 0.6.2
opkg-utils: upgrade 0.5.0 -> 0.6.2
python3-editables: upgrade 0.3 -> 0.4
python3-git: upgrade 3.1.31 -> 3.1.32
python3-numpy: upgrade 1.25.0 -> 1.25.1
repo: upgrade 2.34.1 -> 2.35
libva: upgrade to 2.19.0
Yash Shinde (1):
oeqa/selftest: Add rust selftests
Yi Zhao (1):
ifupdown: install missing directories
Yoann Congal (2):
recipetool: Fix inherit in created -native* recipes
oeqa/selftest/devtool: add unit test for "devtool add -b"
Yuta Hayama (1):
systemd-systemctl: fix errors in instance name expansion
meta-openembedded: 2638d458a5..0e3f5e5201:
Alex Kiernan (1):
ostree: Upgrade 2023.4 -> 2023.5
Archana Polampalli (1):
tcpreplay: upgrade 4.4.3 -> 4.4.4
Beniamin Sandu (1):
mbedtls: fix builds with crypto extensions
Bruce Ashfield (1):
vboxguestdrivers: fix compilation against 6.4 kernel / headers
Carlos Rafael Giani (3):
pipewire: Disable libmysofa since it is not available in OE
pipewire: Improve packageconfigs
pipewire: Add dedicated aes67 package and fix rlimits.d package assignment
Chee Yang Lee (1):
rabbitmq-c: Fix CVE-2023-35789
Jasper Orschulko (8):
python3-pytest-cov: Add initial recipe 4.1.0
python3-covdefaults: Add initial recipe 2.3.0
python3-platformdirs: Fix recipe version 3.6.0
python3-distlib: Add initial recipe 0.3.6
python3-filelock: Add initial recipe 3.12.0
python3-virtualenv: Add initial recipe 20.23.0
python3-pyproject-api: Add initial recipe 1.5.1
python3-tox: Add initial recipe 4.6.0
Joe Slater (1):
libgpiod: modify RDEPENDS for ptest
Justin Bronder (2):
python3-asyncinotify: upgrade 3.0.1 -> 4.0.2
python3-pytest-asyncio: upgrade 0.16.0 -> 0.21.1
Kai Kang (2):
libtimezonemap: rename downloaded file name
fltk-native: fix libdl link issue
Khem Raj (33):
gupnp-av: Fix build with libxml2-2.11 and newer
xcb-util-cursor: Delete recipe
pidgin-sipe: Add packageconfig to turn Werror on/off
fbida: Fix build on musl
pcp: Update to 6.0.5
geos: Upgrade to 3.12.0
ctags: Extend to build native package
libcoap: Build linker symbol file explicitly
geos: Use cmake directly
pcp: Fix build race
sblim-sfcc: Fix build with clang17
minifi-cpp: Fix build with clang 17
python3-grpcio-tools: Upgrade to 1.56.0
python3-grpcio: Upgrade to 1.56.0
python3-grpcio: Fix build on musl
python3-grpcio-tools: Fix build with musl
thin-provisioning-tools: Upgrade to 1.0.4
thin-provisioning-tools: Fix build on musl.
pcp: Disable parallel build
crash: Fix build with glibc 2.38+
breakpad: Update to latest trunk
python3-requests-toolbelt: Fix ptest failures seen with urllib3 2.0
ptest-packagelists-meta-oe: Limit mcelog to x86/x86_64
graphviz: Upgrade to 8.1.0 release
emlog: Update to latest to fix build with 6.4 kernel
dlm: Upgrade to 4.2.0
mdio-tools: Update to latest on trunk
dlm: Fix build with linux kernel 6.4+
dlm: Do not pass -fcf-protection=full via Makefile
dlm: Do not use -fcf-protection=full on arm platforms
zfs: Update to 2.2.0 rc1
zfs: Disable builds on aarch64 for now
dhcp-relay: Pass cross configure flags to bind build
Luke Schaefer (1):
nginx: Add stream Signed-off-by: Luke Schaefer <lukeschafer17@gmail.com>
Marek Vasut (4):
lvgl: Factor out and unify lv-drivers configuration
lvgl: Add default input device configuration option
linux-serial-test: Update to latest git revision
libiio: enable c++ bindings
Markus Volk (10):
pipewire: upgrade 0.3.71 -> 0.3.72
pipewire: upgrade 0.3.72 -> 0.3.73
gnome-software: upgrade 44.2 -> 44.3
eog: upgrade 44.2 -> 44.3
spdlog: upgrade 1.11.0 -> 1.12.0
flatpak: update dependencies
gnome-control-center: upgrade 44.2 -> 44.3
gnome-shell: upgrade 44.2 -> 44.3
mutter: upgrade 44.2 -> 44.3
gnome-settings-daemon: upgrade 44.0 -> 44.1
Martin Jansa (4):
nodejs: use PIE for host binaries
gupnp: backport a fix not to use deprecated xmlReadMemory
pidgin-sipe: allow to build with libxml2-2.11
raptor2: backport a fix to build with libxml2-2.11
Michael Haener (1):
nginx: upgrade to 1.24.0 release
Michael Weiß (1):
pv: Show progress bar even if no terminal is set as in 1.6.6
Mingli Yu (1):
snort: Add systemd unit file
Peter Kjellerstedt (1):
cppzmq: Move the version to the recipe file name
Petr Gotthard (2):
python3-pyroute2: upgrade 0.5.19 -> 0.7.9
networkmanager: upgrade 1.42.6 -> 1.42.8
Ricardo Salveti (1):
lshw: bump to b4e0673
Ross Burton (5):
poppler: fix missing include
libpaper: remove redundant autoreconf --install
liblbxutil: remove obsolete library
xsetmode: remove obsolete utility
libxkbui: remove obsolete recipe
Tim Orling (1):
python3-argh: upgrade 0.26.2 -> 0.28.1
Trevor Gamblin (9):
python3-alembic: upgrade 1.10.4 -> 1.11.1
python3-sqlalchemy: upgrade 2.0.15 -> 2.0.19
python3-argcomplete: upgrade 3.1.0 -> 3.1.1
python3-arpeggio: upgrade 2.0.0 -> 2.0.2
python3-astroid: upgrade 2.15.5 -> 2.15.6
python3-autobahn: upgrade 23.6.1 -> 23.6.2
python3-bandit: upgrade 1.7.4 -> 1.7.5
python3-bandit: add python3-rich to RDEPENDS
python3-bitarray: upgrade 2.7.3 -> 2.7.6
Wang Mingyu (44):
cppzmq: upgrade 4.9.0 -> 4.10.0
iwd: upgrade 2.5 -> 2.6
libburn: upgrade 1.5.4 -> 1.5.6
libzip: upgrade 1.9.2 -> 1.10.0
openfortivpn: upgrade 1.20.3 -> 1.20.5
psqlodbc: upgrade 13.02.0000 -> 15.00.0000
python3-aenum: upgrade 3.1.12 -> 3.1.14
python3-can: upgrade 4.2.1 -> 4.2.2
python3-google-api-python-client: upgrade 2.89.0 -> 2.90.0
python3-h5py: upgrade 3.8.0 -> 3.9.0
python3-natsort: upgrade 8.3.1 -> 8.4.0
python3-pymodbus: upgrade 3.3.1 -> 3.3.2
python3-pymongo: upgrade 4.3.3 -> 4.4.0
python3-pyscaffold: upgrade 4.4.1 -> 4.5
python3-pyzstd: upgrade 0.15.7 -> 0.15.9
python3-requests-futures: upgrade 1.0.0 -> 1.0.1
python3-sentry-sdk: upgrade 1.25.1 -> 1.26.0
python3-zeroconf: upgrade 0.68.0 -> 0.69.0
weechat: upgrade 3.8 -> 4.0.0
python3-platformdirs: upgrade 3.6.0 -> 3.8.0
renderdoc: upgrade 1.13 -> 1.27
gegl: upgrade 0.4.44 -> 0.4.46
gvfs: upgrade 1.50.4 -> 1.51.1
weechat: upgrade 4.0.0 -> 4.0.1
avro-c: upgrade 1.11.1 -> 1.11.2
glfw: upgrade 3.3 -> 3.3.8
hwloc: upgrade 2.9.1 -> 2.9.2
minicoredumper: upgrade 2.0.3 -> 2.0.6
thingsboard-gateway: upgrade 3.2 -> 3.3
xterm: upgrade 382 -> 383
passwdqc: upgrade 2.0.2 -> 2.0.3
python3-aenum: upgrade 3.1.14 -> 3.1.15
python3-configargparse : upgrade 1.5.3 -> 1.5.5
python3-elementpath: upgrade 4.1.3 -> 4.1.4
python3-google-api-python-client: upgrade 2.90.0 -> 2.92.0
python3-google-auth: upgrade 2.20.0 -> 2.21.0
python3-joblib: upgrade 1.2.0 -> 1.3.1
python3-pillow: upgrade 9.5.0 -> 10.0.0
python3-redis: upgrade 4.5.5 -> 4.6.0
python3-tox: upgrade 4.6.0 -> 4.6.3
python3-virtualenv: upgrade 20.23.0 -> 20.23.1
python3-zeroconf: upgrade 0.69.0 -> 0.70.0
libyang: Fix install conflict when enable multilib.
php: Fix install conflict when enable multilib.
Wolfgang Meyer (4):
fbida: Switch to git fetcher
fbida: build with meson
fbida: SRC_REV bump ac9005b..eb769e3
fbida: make fbpdf build optional
Yi Zhao (6):
conntrack-tools: add systemd unit file
conntrack-tools: add required kernel modules to RRECOMMENDS
frr: upgrade 8.4.2 -> 8.4.4
mbedtls: upgrade 2.28.2 -> 2.28.3
open-vm-tools: Security fix CVE-2023-20867
samba: upgrade 4.18.3 -> 4.18.4
Zoltán Böszörményi (1):
opencv: 4.8.0
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I48c2ba4573ee81b637b1ba890c312f491004f666
Diffstat (limited to 'poky/meta/recipes-extended/pam')
| -rw-r--r-- | poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch | 39 | ||||
| -rw-r--r-- | poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch | 108 | ||||
| -rw-r--r-- | poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch | 65 | ||||
| -rw-r--r-- | poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch | 205 | ||||
| -rw-r--r-- | poky/meta/recipes-extended/pam/libpam_1.5.3.bb (renamed from poky/meta/recipes-extended/pam/libpam_1.5.2.bb) | 6 |
5 files changed, 41 insertions, 382 deletions
diff --git a/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch b/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch new file mode 100644 index 0000000000..95c437df4f --- /dev/null +++ b/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch @@ -0,0 +1,39 @@ +From 9b96fcfa5748934b8b6a4db4ee25a5e3165905c0 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sat, 1 Jul 2023 07:48:17 -0700 +Subject: [PATCH] examples: Replace use of termio.h with termios.h + +Fixes build with musl and makes it portable + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/5374f677e4cae669eb9accf2449178b602e8a40a] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + examples/tty_conv.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/examples/tty_conv.c b/examples/tty_conv.c +index 23f0684..db22500 100644 +--- a/examples/tty_conv.c ++++ b/examples/tty_conv.c +@@ -6,7 +6,8 @@ + #include <string.h> + #include <errno.h> + #include <unistd.h> +-#include <termio.h> ++#include <termios.h> ++#include <sys/ioctl.h> + #include <security/pam_appl.h> + + /*************************************** +@@ -16,7 +17,7 @@ + ***************************************/ + static void echoOff(int fd, int off) + { +- struct termio tty; ++ struct termios tty; + if (ioctl(fd, TCGETA, &tty) < 0) + { + fprintf(stderr, "TCGETA failed: %s\n", strerror(errno)); +-- +2.41.0 + diff --git a/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch b/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch deleted file mode 100644 index 94dcb04f0a..0000000000 --- a/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 42404548721c653317c911c83d885e2fc7fbca70 Mon Sep 17 00:00:00 2001 -From: Per Jessen <per@jessen.ch> -Date: Fri, 22 Apr 2022 18:15:36 +0200 -Subject: [PATCH] pam_motd: do not rely on all filesystems providing a filetype - -When using scandir() to look for MOTD files to display, we wrongly -relied on all filesystems providing a filetype. This is a fix to divert -to lstat() when we have no filetype. To maintain MT safety, it isn't -possible to use lstat() in the scandir() filter function, so all of the -filtering has been moved to an additional loop after scanning all the -motd dirs. -Also, remove superfluous alphasort from scandir(), we are doing -a qsort() later. - -Resolves: https://github.com/linux-pam/linux-pam/issues/455 - -Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/42404548721c653317c911c83d885e2fc7fbca70] - -Signed-off-by: Per Jessen <per@jessen.ch> -Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> ---- - modules/pam_motd/pam_motd.c | 49 ++++++++++++++++++++++++++++++------- - 1 file changed, 40 insertions(+), 9 deletions(-) - -diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c -index 6ac8cba2..5ca486e4 100644 ---- a/modules/pam_motd/pam_motd.c -+++ b/modules/pam_motd/pam_motd.c -@@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b) - } - } - --static int filter_dirents(const struct dirent *d) --{ -- return (d->d_type == DT_REG || d->d_type == DT_LNK); --} -- - static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing) - { -@@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - - for (i = 0; i < num_motd_dirs; i++) { - int rv; -- rv = scandir(motd_dir_path_split[i], &(dirscans[i]), -- filter_dirents, alphasort); -+ rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL); - if (rv < 0) { - if (errno != ENOENT || report_missing) { - pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m", -@@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - if (dirscans_size_total == 0) - goto out; - -+ /* filter out unwanted names, directories, and complement data with lstat() */ -+ for (i = 0; i < num_motd_dirs; i++) { -+ struct dirent **d = dirscans[i]; -+ for (unsigned int j = 0; j < dirscans_sizes[i]; j++) { -+ int rc; -+ char *fullpath; -+ struct stat s; -+ -+ switch(d[j]->d_type) { /* the filetype determines how to proceed */ -+ case DT_REG: /* regular files and */ -+ case DT_LNK: /* symlinks */ -+ continue; /* are good. */ -+ case DT_UNKNOWN: /* for file systems that do not provide */ -+ /* a filetype, we use lstat() */ -+ if (join_dir_strings(&fullpath, motd_dir_path_split[i], -+ d[j]->d_name) <= 0) -+ break; -+ rc = lstat(fullpath, &s); -+ _pam_drop(fullpath); /* free the memory alloc'ed by join_dir_strings */ -+ if (rc != 0) /* if the lstat() somehow failed */ -+ break; -+ -+ if (S_ISREG(s.st_mode) || /* regular files and */ -+ S_ISLNK(s.st_mode)) continue; /* symlinks are good */ -+ break; -+ case DT_DIR: /* We don't want directories */ -+ default: /* nor anything else */ -+ break; -+ } -+ _pam_drop(d[j]); /* free memory */ -+ d[j] = NULL; /* indicate this one was dropped */ -+ dirscans_size_total--; -+ } -+ } -+ - /* Allocate space for all file names found in the directories, including duplicates. */ - if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) { - pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array"); -@@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - unsigned int j; - - for (j = 0; j < dirscans_sizes[i]; j++) { -- dirnames_all[i_dirnames] = dirscans[i][j]->d_name; -- i_dirnames++; -+ if (NULL != dirscans[i][j]) { -+ dirnames_all[i_dirnames] = dirscans[i][j]->d_name; -+ i_dirnames++; -+ } - } - } - --- -2.39.0 - diff --git a/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch b/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch deleted file mode 100644 index 40040a873a..0000000000 --- a/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch +++ /dev/null @@ -1,65 +0,0 @@ -From e8e8ccfd57e0274b431bc5717bf37c488285b07b Mon Sep 17 00:00:00 2001 -From: Mingli Yu <mingli.yu@windriver.com> -Date: Wed, 27 Oct 2021 10:30:46 +0800 -Subject: [PATCH] run-xtests.sh: check whether files exist - -Fixes: - # ./run-xtests.sh . tst-pam_access1 - mv: cannot stat '/etc/security/opasswd': No such file or directory - PASS: tst-pam_access1 - mv: cannot stat '/etc/security/opasswd-pam-xtests': No such file or directory - ================== - 1 tests passed - 0 tests not run - ================== - -Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/e8e8ccfd57e0274b431bc5717bf37c488285b07b] - -Signed-off-by: Mingli Yu <mingli.yu@windriver.com> ---- - xtests/run-xtests.sh | 20 +++++++++++++------- - 1 file changed, 13 insertions(+), 7 deletions(-) - -diff --git a/xtests/run-xtests.sh b/xtests/run-xtests.sh -index 14f585d9..ff9a4dc1 100755 ---- a/xtests/run-xtests.sh -+++ b/xtests/run-xtests.sh -@@ -18,10 +18,12 @@ all=0 - - mkdir -p /etc/security - for config in access.conf group.conf time.conf limits.conf ; do -- cp /etc/security/$config /etc/security/$config-pam-xtests -+ [ -f "/etc/security/$config" ] && -+ mv /etc/security/$config /etc/security/$config-pam-xtests - install -m 644 "${SRCDIR}"/$config /etc/security/$config - done --mv /etc/security/opasswd /etc/security/opasswd-pam-xtests -+[ -f /etc/security/opasswd ] && -+ mv /etc/security/opasswd /etc/security/opasswd-pam-xtests - - for testname in $XTESTS ; do - for cfg in "${SRCDIR}"/$testname*.pamd ; do -@@ -47,11 +49,15 @@ for testname in $XTESTS ; do - all=`expr $all + 1` - rm -f /etc/pam.d/$testname* - done --mv /etc/security/access.conf-pam-xtests /etc/security/access.conf --mv /etc/security/group.conf-pam-xtests /etc/security/group.conf --mv /etc/security/time.conf-pam-xtests /etc/security/time.conf --mv /etc/security/limits.conf-pam-xtests /etc/security/limits.conf --mv /etc/security/opasswd-pam-xtests /etc/security/opasswd -+ -+for config in access.conf group.conf time.conf limits.conf opasswd ; do -+ if [ -f "/etc/security/$config-pam-xtests" ]; then -+ mv /etc/security/$config-pam-xtests /etc/security/$config -+ else -+ rm -f /etc/security/$config -+ fi -+done -+ - if test "$failed" -ne 0; then - echo "===================" - echo "$failed of $all tests failed" --- -2.32.0 - diff --git a/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch b/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch deleted file mode 100644 index e7bf03f9f7..0000000000 --- a/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch +++ /dev/null @@ -1,205 +0,0 @@ -From 23393bef92c1e768eda329813d7af55481c6ca9f Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk <kukuk@suse.com> -Date: Thu, 24 Feb 2022 10:37:32 +0100 -Subject: [PATCH 2/2] pam_access: handle hostnames in access.conf - -According to the manual page, the following entry is valid but does not -work: --:root:ALL EXCEPT localhost - -See https://bugzilla.suse.com/show_bug.cgi?id=1019866 - -Patched is based on PR#226 from Josef Moellers - -Upstream-Status: Backport -CVE: CVE-2022-28321 - -Reference to upstream patch: -[https://github.com/linux-pam/linux-pam/commit/23393bef92c1e768eda329813d7af55481c6ca9f] - -Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> ---- - modules/pam_access/pam_access.c | 95 ++++++++++++++++++++++++++------- - 1 file changed, 76 insertions(+), 19 deletions(-) - -diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c -index 277192b..bca424f 100644 ---- a/modules/pam_access/pam_access.c -+++ b/modules/pam_access/pam_access.c -@@ -637,7 +637,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) - if ((str_len = strlen(string)) > tok_len - && strcasecmp(tok, string + str_len - tok_len) == 0) - return YES; -- } else if (tok[tok_len - 1] == '.') { -+ } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */ - struct addrinfo hint; - - memset (&hint, '\0', sizeof (hint)); -@@ -678,7 +678,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) - return NO; - } - -- /* Assume network/netmask with an IP of a host. */ -+ /* Assume network/netmask, IP address or hostname. */ - return network_netmask_match(pamh, tok, string, item); - } - -@@ -696,7 +696,7 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, - /* - * If the token has the magic value "ALL" the match always succeeds. - * Otherwise, return YES if the token fully matches the string. -- * "NONE" token matches NULL string. -+ * "NONE" token matches NULL string. - */ - - if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ -@@ -714,7 +714,8 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, - - /* network_netmask_match - match a string against one token - * where string is a hostname or ip (v4,v6) address and tok -- * represents either a single ip (v4,v6) address or a network/netmask -+ * represents either a hostname, a single ip (v4,v6) address -+ * or a network/netmask - */ - static int - network_netmask_match (pam_handle_t *pamh, -@@ -723,10 +724,12 @@ network_netmask_match (pam_handle_t *pamh, - char *netmask_ptr; - char netmask_string[MAXHOSTNAMELEN + 1]; - int addr_type; -+ struct addrinfo *ai = NULL; - - if (item->debug) -- pam_syslog (pamh, LOG_DEBUG, -+ pam_syslog (pamh, LOG_DEBUG, - "network_netmask_match: tok=%s, item=%s", tok, string); -+ - /* OK, check if tok is of type addr/mask */ - if ((netmask_ptr = strchr(tok, '/')) != NULL) - { -@@ -760,54 +763,108 @@ network_netmask_match (pam_handle_t *pamh, - netmask_ptr = number_to_netmask(netmask, addr_type, - netmask_string, MAXHOSTNAMELEN); - } -- } -+ -+ /* -+ * Construct an addrinfo list from the IP address. -+ * This should not fail as the input is a correct IP address... -+ */ -+ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) -+ { -+ return NO; -+ } -+ } - else -- /* NO, then check if it is only an addr */ -- if (isipaddr(tok, NULL, NULL) != YES) -+ { -+ /* -+ * It is either an IP address or a hostname. -+ * Let getaddrinfo sort everything out -+ */ -+ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) - { -+ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok); -+ - return NO; - } -+ netmask_ptr = NULL; -+ } - - if (isipaddr(string, NULL, NULL) != YES) - { -- /* Assume network/netmask with a name of a host. */ - struct addrinfo hint; - -+ /* Assume network/netmask with a name of a host. */ - memset (&hint, '\0', sizeof (hint)); - hint.ai_flags = AI_CANONNAME; - hint.ai_family = AF_UNSPEC; - - if (item->gai_rv != 0) -+ { -+ freeaddrinfo(ai); - return NO; -+ } - else if (!item->res && - (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0) -+ { -+ freeaddrinfo(ai); - return NO; -+ } - else - { - struct addrinfo *runp = item->res; -+ struct addrinfo *runp1; - - while (runp != NULL) - { - char buf[INET6_ADDRSTRLEN]; - -- DIAG_PUSH_IGNORE_CAST_ALIGN; -- inet_ntop (runp->ai_family, -- runp->ai_family == AF_INET -- ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr -- : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr, -- buf, sizeof (buf)); -- DIAG_POP_IGNORE_CAST_ALIGN; -+ if (getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) != 0) -+ { -+ freeaddrinfo(ai); -+ return NO; -+ } - -- if (are_addresses_equal(buf, tok, netmask_ptr)) -+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) - { -- return YES; -+ char buf1[INET6_ADDRSTRLEN]; -+ -+ if (runp->ai_family != runp1->ai_family) -+ continue; -+ -+ if (getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST) != 0) -+ { -+ freeaddrinfo(ai); -+ return NO; -+ } -+ -+ if (are_addresses_equal (buf, buf1, netmask_ptr)) -+ { -+ freeaddrinfo(ai); -+ return YES; -+ } - } - runp = runp->ai_next; - } - } - } - else -- return (are_addresses_equal(string, tok, netmask_ptr)); -+ { -+ struct addrinfo *runp1; -+ -+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) -+ { -+ char buf1[INET6_ADDRSTRLEN]; -+ -+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); -+ -+ if (are_addresses_equal(string, buf1, netmask_ptr)) -+ { -+ freeaddrinfo(ai); -+ return YES; -+ } -+ } -+ } -+ -+ freeaddrinfo(ai); - - return NO; - } --- -2.37.3 - diff --git a/poky/meta/recipes-extended/pam/libpam_1.5.2.bb b/poky/meta/recipes-extended/pam/libpam_1.5.3.bb index bec47ab836..eafb5aae43 100644 --- a/poky/meta/recipes-extended/pam/libpam_1.5.2.bb +++ b/poky/meta/recipes-extended/pam/libpam_1.5.3.bb @@ -21,14 +21,12 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \ file://pam.d/common-session-noninteractive \ file://pam.d/other \ file://libpam-xtests.patch \ - file://0001-run-xtests.sh-check-whether-files-exist.patch \ + file://0001-examples-Replace-use-of-termio.h-with-termios.h.patch \ file://run-ptest \ file://pam-volatiles.conf \ - file://CVE-2022-28321-0002.patch \ - file://0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch \ " -SRC_URI[sha256sum] = "e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d" +SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283" DEPENDS = "bison-native flex-native cracklib libxml2-native virtual/crypt" |