diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2022-10-18 20:51:29 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2022-10-18 20:53:04 +0300 |
commit | c67ef227fe09ebd2213c47709a37a70784232b12 (patch) | |
tree | 5fd573a5df398965aa7e7f88b42a8db2144e8a0e /poky/meta/recipes-extended | |
parent | 53fdac2b0aee16e297ce86b473c56547ff1330ac (diff) | |
download | openbmc-c67ef227fe09ebd2213c47709a37a70784232b12.tar.xz |
subtree updates
poky: 387ab5f18b..eaf8ce9d39:
Alejandro Hernandez Samaniego (1):
rootfs.py: dont try to list installed packages for baremetal images
Alex Stewart (1):
maintainers: update opkg maintainer
Alexander Kanavin (26):
devtool/upgrade: correctly clean up when recipe filename isn't yet known
devtool/upgrade: catch bb.fetch2.decodeurl errors
scripts/oe-setup-builddir: make it known where configurations come from
bluez5: update 5.64 -> 5.65
libwpe: upgrade 1.12.0 -> 1.12.2
ell: upgrade 0.49 -> 0.50
iso-codes: upgrade 4.10.0 -> 4.11.0
libcap: upgrade 2.64 -> 2.65
libwebp: upgrade 1.2.2 -> 1.2.3
mobile-broadband-provider-info: upgrade 20220511 -> 20220725
webkitgtk: upgrade 2.36.4 -> 2.36.5
weston: upgrade 10.0.1 -> 10.0.2
tzdata: upgrade 2022a -> 2022b
xz: update 5.2.5 -> 5.2.6
gdk-pixbuf: upgrade 2.42.6 -> 2.42.8
gdk-pixbuf: update 2.42.8 -> 2.42.9
epiphany: upgrade 42.3 -> 42.4
glib-networking: upgrade 2.72.1 -> 2.72.2
libjpeg-turbo: upgrade 2.1.3 -> 2.1.4
libwebp: upgrade 1.2.3 -> 1.2.4
wireless-regdb: upgrade 2022.06.06 -> 2022.08.12
wpebackend-fdo: upgrade 1.12.0 -> 1.12.1
bind: upgrade 9.18.4 -> 9.18.5
lighttpd: upgrade 1.4.65 -> 1.4.66
rpm: update 4.17.0 -> 4.17.1
tzdata: update to 2022d
Alexandre Belloni (3):
ruby: drop capstone support
runqemu: display host uptime when starting
oeqa/runtime/dnf: fix typo
Andrei Gherzan (4):
linux-yocto: Fix COMPATIBLE_MACHINE regex match
shadow: Enable subid support
rootfspostcommands.py: Cleanup subid backup files generated by shadow-utils
shadow: Avoid nss warning/error with musl
Anuj Mittal (1):
poky.conf: add ubuntu-22.04 to tested distros
Aryaman Gupta (2):
bitbake: bitbake: runqueue: add cpu/io pressure regulation
bitbake: bitbake: runqueue: add memory pressure regulation
Awais Belal (1):
kernel-fitimage.bbclass: only package unique DTBs
Beniamin Sandu (1):
libpam: use /run instead of /var/run in systemd tmpfiles
Bertrand Marquis (1):
sysvinit-inittab/start_getty: Fix respawn too fast
Bruce Ashfield (16):
lttng-modules: fix 5.19+ build
lttng-modules: fix build against mips and v5.19 kernel
lttng-modules: replace mips compaction fix with upstream change
linux-yocto/5.15: update to v5.15.60
linux-yocto/5.15: update to v5.15.62
linux-yocto/5.10: update to v5.10.136
linux-yocto/5.10: update to v5.10.137
linux-yocto/5.10: update to v5.10.141
linux-yocto/5.10: update to v5.10.143
linux-yocto/5.15: update to v5.15.63
linux-yocto/5.15: update to v5.15.65
linux-yocto/5.15: update to v5.15.68
linux-yocto/5.15: cfg: fix ACPI warnings for -tiny
kernel-yocto: allow patch author date to be commit date
kern-tools: fix queue processing in relative TOPDIR configurations
kern-tools: allow 'y' or 'm' to avoid config audit warnings
Changqing Li (1):
apt: fix nativesdk-apt build failure during the second time build
Chee Yang Lee (1):
sqlite: add CVE-2022-35737 patch to SRC_URI
Daiane Angolini (1):
python3-pip: Fix RDEPENDS after the update
Daniel McGregor (1):
coreutils: add openssl PACKAGECONFIG
Denys Dmytriyenko (1):
glibc-locale: explicitly remove empty dirs in ${libdir}
Dmitry Baryshkov (2):
linux-firmware: upgrade 20220708 -> 20220913
linux-firmware: package new Qualcomm firmware
Enrico Scholz (5):
npm: replace 'npm pack' call by 'tar czf'
npm: return content of 'package.json' in 'npm_pack'
npm: take 'version' directly from 'package.json'
lib:npm_registry: initial checkin
npm: use npm_registry to cache package
Ernst Sjöstrand (1):
cve-check: Don't use f-strings
Florin Diaconescu (4):
expat: upgrade 2.4.7 -> 2.4.8
expat: upgrade 2.4.8 -> 2.4.9
rsync: update 3.2.3 -> 3.2.4
rsync: update 3.2.4 -> 3.2.5
Gennaro Iorio (1):
bitbake: fetch2: gitsm: fix incorrect handling of git submodule relative urls
He Zhe (3):
lttng-tools: Disable on qemuriscv32
stress-cpu: disable float128 math on powerpc64 to avoid SIGILL
lttng-tools: Disable on riscv32
Hitendra Prajapati (5):
gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow
gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify
zlib: CVE-2022-37434 a heap-based buffer over-read
libtiff: CVE-2022-34526 A stack overflow was discovered
Revert "gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow"
Jacob Kroon (1):
bitbake: bitbake-user-manual: Correct description of the ??= operator
Jon Mason (2):
ref-manual: add numa to machine features
oeqa/parselogs: add qemuarmv5 arm-charlcd masking
Jose Quaresma (7):
archiver.bbclass: remove unsed do_deploy_archives[dirs]
create-spdx: ignore packing control files from ipk and deb
archiver.bbclass: some recipes that uses the kernelsrc bbclass uses the shared source
linux-yocto: prepend the the value with a space when append to KERNEL_EXTRA_ARGS
bitbake: bitbake: bitbake-user-manual: hashserv can be accessed on a dedicated domain
bitbake: bb/utils: remove: check the path again the expand python glob
bitbake: bb/utils: movefile: use the logger for printing
Joshua Watt (4):
bitbake: utils: Pass lock argument in fileslocked
classes: cve-check: Get shared database lock
oeqa: qemurunner: Report UNIX Epoch timestamp on login
bitbake: siggen: Fix insufficent entropy in sigtask file names
Kai Kang (1):
packagegroup-self-hosted: update for strace
Khem Raj (15):
libxml2: Ignore CVE-2016-3709
connman: Backports for security fixes
cracklib: Drop using register keyword
tcp-wrappers: Fix implicit-function-declaration warnings
xinetd: Pass missing -D_GNU_SOURCE
watchdog: Include needed system header for function decls
pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses
apr: Use correct strerror_r implementation based on libc type
gcr: Define _GNU_SOURCE
apr: Cache configure tests which use AC_TRY_RUN
autoconf: Fix strict prototype errors in generated tests
autoconf: Update K & R stype functions
webkitgtk: Upgrade to 2.36.6 minor update
webkitgtk: Update to 2.36.7
rpm: Remove -Wimplicit-function-declaration warnings
Kristian Amlie (1):
externalsrc: Don't wipe out src dir when EXPORT_FUNCTIONS is used.
LUIS ENRIQUEZ (1):
kernel-fitimage.bbclass: add padding algorithm property in config nodes
Mark Hatle (1):
runqemu: Add missing space on default display option
Martin Beeger (1):
cmake: remove CMAKE_ASM_FLAGS variable in toolchain file
Martin Jansa (2):
libxml2: Port gentest.py to Python-3
create-pull-request: don't switch the git remote protocol to git://
Mateusz Marciniec (1):
util-linux: Remove --enable-raw from EXTRA_OECONF
Michael Opdenacker (7):
migration guides: add missing release notes
bitbake: doc: bitbake-user-manual: add explicit target for crates fetcher
bitbake: doc: bitbake-user-manual: document npm and npmsw fetchers
bitbake: bitbake-user-manual: npm fetcher: improve description of SRC_URI format
poky.yaml.in: update version requirements
migration-guides: add 4.0.4 release notes
dev-manual: fix reference to BitBake user manual
Mihai Lindner (1):
create-spdx: Fix supplier field
Mikko Rapeli (7):
boost: fix install of fiber shared libraries
bitbake: event.py: ignore exceptions from stdout and sterr operations in atexit
u-boot: switch from append to += in SRC_URI
glibc-tests: use += instead of :append
go-native: switch from SRC_URI:append to SRC_URI +=
python3-rfc3986-validator: switch from SRC_URI:append to SRC_URI +=
linux-libc-headers: switch from SRC_URI:append to SRC_URI +=
Ming Liu (1):
meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE
Mingli Yu (1):
busybox: add devmem 128-bit support
Neil Horman (1):
bitbake: Fix npm to use https rather than http
Ola x Nilsson (1):
bitbake: ConfHandler: Remove lingering close
Otavio Salvador (1):
bitbake: toaster: fix kirkstone version
Paul Eggleton (1):
relocate_sdk.py: ensure interpreter size error causes relocation to fail
Pavel Zhukov (4):
package_rpm: Do not replace square brackets in %files
parselogs: Ignore xf86OpenConsole error
core-image.bbclass: Exclude openssh complementary packages
bitbake: gitsm: Error out if submodule refers to parent repo
Peter Bergin (1):
rootfs-postcommands.bbclass: avoid moving ssh host keys if etc is writable
Peter Kjellerstedt (1):
cairo: Adapt the license information based on what is being built
Peter Marko (1):
create-spdx: handle links to inaccessible locations
Rajesh Dangi (2):
linux-yocto/5.15: update genericx86* machines to v5.15.59
linux-yocto/5.10: update genericx86* machines to v5.10.135
Randy MacLeod (1):
vim: update from 9.0.0063 to 9.0.0115
Rasmus Villemoes (1):
bitbake.conf: set BB_DEFAULT_UMASK using ??=
Richard Purdie (25):
nativesdk: Clear TUNE_FEATURES
selftest/wic: Tweak test case to not depend on kernel size
bitbake: runqueue: Change pressure file warning to a note
perf: Fix reproducibility issues with 5.19 onwards
vim: Upgrade 9.0.0115 -> 9.0.0242
vim: Upgrade 9.0.0242 -> 9.0.0341
pseudo: Update to include recent upstream minor fixes
bitbake: runqueue: Fix unihash cache mismatch issues
bitbake: cooker: Drop sre_constants usage
bitbake: ConfHandler/BBHandler: Improve comment error messages and add tests
bitbake: fetch2: Ensure directory exists before creating symlink
gcc-multilib-config: Fix i686 toolchain relocation issues
kernel: Always set CC and LD for the kernel build
kernel: Use consistent make flags for menuconfig
vim: Upgrade 9.0.0341 -> 9.0.0453
build-appliance-image: Update to kirkstone head revision
libpng: upgrade 1.6.37 -> 1.6.38
vim: Upgrade 9.0.453 -> 9.0.541
perf: Fix for recent kernel upgrades
vim: Upgrade 9.0.0541 -> 9.0.0598
bitbake: runqueue: Ensure deferred tasks are sorted by multiconfig
bitbake: runqueue: Improve deadlock warning messages
bitbake: runqueue: Drop deadlock breaking force fail
bitbake: bitbake: Add copyright headers where missing
bitbake: asyncrpc/client: Fix unix domain socket chdir race issues
Robert Joslyn (2):
curl: Backport patch for CVE-2022-35252
tzdata: Update from 2022b to 2022c
Roland Hieber (1):
devtool: error out when workspace is using old override syntax
Ross Burton (8):
oeqa/qemurunner: add run_serial() comment
oeqa/selftest: rename git.py to intercept.py
oeqa/gotoolchain: put writable files in the Go module cache
oeqa/gotoolchain: set CGO_ENABLED=1
wic: add target tools to PATH when executing native commands
wic/bootimg-efi: use cross objcopy when building unified kernel image
wic: depend on cross-binutils
cve-check: close cursors as soon as possible
Ruiqiang Hao (2):
gcc: add arm-v9 support
tune-neoversen2: support tune-neoversen2 base on armv9a
Sakib Sajal (9):
qemu: fix CVE-2021-3507
qemu: fix CVE-2021-3929
qemu: fix CVE-2021-4158
qemu: fix CVE-2022-0358
qemu: fix CVE-2022-0216
u-boot: fix CVE-2022-33103
u-boot: fix CVE-2022-30552
u-boot: fix CVE-2022-33967
go: update v1.17.12 -> v1.17.13
Samuli Piippo (2):
Revert "gcc-cross-canadian: Add symlink to real-ld alongside other symlinks"
gcc-cross-canadian: add default plugin linker
Shubham Kulkarni (1):
sanity: add a comment to ensure CONNECTIVITY_CHECK_URIS is correct
Steve Sakoman (3):
lttng-modules: fix build for kernel 5.10.137
poky.conf: bump version for 4.0.4
system-requirements.rst: Add Ubuntu 22.04 to list of supported distros
Sundeep KOKKONDA (1):
glibc: stable 2.35 branch updates.
Teoh Jay Shen (3):
go: fix CVE-2022-27664
inetutils: fix CVE-2022-39028 - remote DoS vulnerability in inetutils-telnetd
bind: upgrade 9.18.6 -> 9.18.7
Ulrich Ölmann (1):
scripts/runqemu.README: fix typos and trailing whitespaces
Xiangyu Chen (1):
ltp: Fix pread02 case trigger the glibc overflow detection
Yang Xu (1):
insane.bbclass: Skip patches not in oe-core by full path
Yongxin Liu (1):
grub2: fix several CVEs
ghassaneben (1):
sqlite: fix CVE-2022-35737
niko.mauno@vaisala.com (2):
systemd: Fix unwritable /var/lock when no sysvinit handling
systemd: Add 'no-dns-fallback' PACKAGECONFIG option
pgowda (3):
binutils : CVE-2022-38533
binutils: fix CVE-2022-38126
binutils : Fix CVE-2022-38127
wangmy (10):
libcap: upgrade 2.63 -> 2.64
libtasn1: upgrade 4.18.0 -> 4.19.0
liburcu: upgrade 0.13.1 -> 0.13.2
libwpe: upgrade 1.12.2 -> 1.12.3
libatomic-ops: upgrade 7.6.12 -> 7.6.14
lz4: upgrade 1.9.3 -> 1.9.4
cracklib: upgrade 2.9.7 -> 2.9.8
vala: upgrade 0.56.2 -> 0.56.3
lighttpd: upgrade 1.4.64 -> 1.4.65
bind: upgrade 9.18.5 -> 9.18.6
meta-raspberrypi: 0135a02ea5..dacad9302a:
Lluis Campos (1):
rpi-cmdline: do_compile: Use pure Python syntax to get `CMDLINE`
Vinicius Aquino (1):
raspberrypi-firmware: Update to 20220830 snapshot
meta-openembedded: acbe748798..744a4b6eda:
Changqing Li (2):
fuse3: support ptest
fuse3: fix ptest test_passthrough_hp failure
Chen Qi (1):
polkit: refresh patch
Enrico Scholz (1):
nodejs-oe-cache-native: initial checkin
Hitendra Prajapati (1):
wireshark: CVE-2022-3190 Infinite loop in legacy style dissector
Hitomi Hasegawa (1):
libsdl: add CVE-2019-14906 to allowlist
Jose Quaresma (2):
wireguard-module: 1.0.20210219 -> 1.0.20220627
wireguard-tools: Add a new package for wg-quick
Justin Bronder (1):
lmdb: only set SONAME on the shared library
Khem Raj (5):
audit: Upgrade to 3.0.8 and fix build with linux 5.17+
ntpsec: Add -D_GNU_SOURCE and fix building with devtool
gd: Fix build with clang-15
safec: Remove unused variable 'len'
audit: Revert the tweak done in configure step in do_install
Lei Maohui (1):
xrdp: Fix buildpaths warning.
Martin Jansa (1):
libcec: fix runtime dependencies for ${PN}-examples
Mingli Yu (1):
postgresql: make sure pam conf installed when pam enabled
Ovidiu Panait (1):
net-snmp: upgrade 5.9.1 -> 5.9.3
Richard Purdie (1):
lmdb: Don't inherit base
Sakib Sajal (1):
minicoredumper: retry elf parsing as long as needed
Saul Wold (10):
libipc-signal-perl: Fix LICENSE string
libdigest-hmac-perl: Fix LICENSE string
libio-socket-ssl-perl: Fix LICENSE string
libdigest-sha1-perl: Fix LICENSE string
libmime-types-perl: Fix LICENSE string
libauthen-sasl-perl: Fix LICENSE string
libnet-ldap-perl: Fix LICENSE string
libxml-libxml-perl: Fix LICENSE string
libnet-telnet-perl: Fix LICENSE string
libproc-waitstat-perl: Fix LICENSE string
Steffen Olsen (1):
postgreql: Fix pg_config not working after buildpaths patch
Wang Mingyu (3):
php: upgrade 8.1.8 -> 8.1.9
postgresql: upgrade 14.4 -> 14.5
tcpreplay: upgrade 4.4.1 -> 4.4.2
Yi Zhao (6):
libldb: upgrade 2.3.3 -> 2.3.4
samba: upgrade 4.14.13 -> 4.14.14
samba: fix buildpaths issue
frr: Security fix CVE-2022-37035
open-vm-tools: Security fix CVE-2022-31676
frr: Security fix CVE-2022-37032
wangmy (2):
php: upgrade 8.1.9 -> 8.1.10
dnsmasq: upgrade 2.86 -> 2.87
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I02f0e5b5dcf292a12933c694a10d0946b0edcbc4
Diffstat (limited to 'poky/meta/recipes-extended')
17 files changed, 301 insertions, 109 deletions
diff --git a/poky/meta/recipes-extended/cracklib/cracklib_2.9.7.bb b/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb index 629069e844..786940a7e0 100644 --- a/poky/meta/recipes-extended/cracklib/cracklib_2.9.7.bb +++ b/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb @@ -11,9 +11,10 @@ EXTRA_OECONF = "--without-python --libdir=${base_libdir}" SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=master \ file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \ - file://0002-craklib-fix-testnum-and-teststr-failed.patch" + file://0002-craklib-fix-testnum-and-teststr-failed.patch \ + " -SRCREV = "f83934cf3cced0c9600c7d81332f4169f122a2cf" +SRCREV = "d9e8f9f47718539aeba80f90f4e072549926dc9c" S = "${WORKDIR}/git/src" inherit autotools gettext diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.64.bb b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb index 8d2e77e011..801162867c 100644 --- a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.64.bb +++ b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb @@ -19,7 +19,7 @@ SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.t file://lighttpd \ " -SRC_URI[sha256sum] = "e1489d9fa7496fbf2e071c338b593b2300d38c23f1e5967e52c9ef482e1b0e26" +SRC_URI[sha256sum] = "47ac6e60271aa0196e65472d02d019556dc7c6d09df3b65df2c1ab6866348e3b" DEPENDS = "virtual/crypt" diff --git a/poky/meta/recipes-extended/ltp/ltp/0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch b/poky/meta/recipes-extended/ltp/ltp/0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch new file mode 100644 index 0000000000..94dd418f36 --- /dev/null +++ b/poky/meta/recipes-extended/ltp/ltp/0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch @@ -0,0 +1,58 @@ +From de988c9b5605a711b306c4203545b8d761875177 Mon Sep 17 00:00:00 2001 +From: Jan Stancek <jstancek@redhat.com> +Date: Mon, 31 Jan 2022 12:00:46 +0100 +Subject: [PATCH] syscalls/pread02: extend buffer to avoid glibc overflow + detection + +Test started failing with recent glibc (glibc-2.34.9000-38.fc36), +which detects that buffer in pread is potentially too small: + tst_test.c:1431: TINFO: Timeout per run is 0h 05m 00s + *** buffer overflow detected ***: terminated + tst_test.c:1484: TBROK: Test killed by SIGIOT/SIGABRT! + +(gdb) bt + #0 __pthread_kill_implementation at pthread_kill.c:44 + #1 0x00007ffff7e46f73 in __pthread_kill_internal at pthread_kill.c:78 + #2 0x00007ffff7df6a36 in __GI_raise at ../sysdeps/posix/raise.c:26 + #3 0x00007ffff7de082f in __GI_abort () at abort.c:79 + #4 0x00007ffff7e3b01e in __libc_message at ../sysdeps/posix/libc_fatal.c:155 + #5 0x00007ffff7ed945a in __GI___fortify_fail at fortify_fail.c:26 + #6 0x00007ffff7ed7dc6 in __GI___chk_fail () at chk_fail.c:28 + #7 0x00007ffff7ed8214 in __pread_chk at pread_chk.c:26 + #8 0x0000000000404d1a in pread at /usr/include/bits/unistd.h:74 + #9 verify_pread (n=<optimized out>) at pread02.c:44 + #10 0x000000000040dc19 in run_tests () at tst_test.c:1246 + #11 testrun () at tst_test.c:1331 + #12 fork_testrun () at tst_test.c:1462 + #13 0x000000000040e9a1 in tst_run_tcases + #14 0x0000000000404bde in main + +Extend it to number of bytes we are trying to read from fd. + +Upstream-Status: Backport +[https://github.com/linux-test-project/ltp/commit/de988c9b5605a711b306c4203545b8d761875177] + +Signed-off-by: Jan Stancek <jstancek@redhat.com> +Acked-by: Petr Vorel <pvorel@suse.cz> +Reviewed-by: Cyril Hrubis <chrubis@suse.cz> +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + testcases/kernel/syscalls/pread/pread02.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/testcases/kernel/syscalls/pread/pread02.c b/testcases/kernel/syscalls/pread/pread02.c +index de2a81fff..fda5fd190 100644 +--- a/testcases/kernel/syscalls/pread/pread02.c ++++ b/testcases/kernel/syscalls/pread/pread02.c +@@ -39,7 +39,7 @@ struct test_case_t { + static void verify_pread(unsigned int n) + { + struct test_case_t *tc = &tcases[n]; +- char buf; ++ char buf[K1]; + + TST_EXP_FAIL2(pread(*tc->fd, &buf, tc->nb, tc->offst), tc->exp_errno, + "pread(%d, %zu, %ld) %s", *tc->fd, tc->nb, tc->offst, tc->desc); +-- +2.34.1 + diff --git a/poky/meta/recipes-extended/ltp/ltp_20220121.bb b/poky/meta/recipes-extended/ltp/ltp_20220121.bb index 8a13dcf9d0..4ae54492f3 100644 --- a/poky/meta/recipes-extended/ltp/ltp_20220121.bb +++ b/poky/meta/recipes-extended/ltp/ltp_20220121.bb @@ -28,6 +28,7 @@ SRC_URI = "git://github.com/linux-test-project/ltp.git;branch=master;protocol=ht file://0001-Remove-OOM-tests-from-runtest-mm.patch \ file://0001-metadata-parse.sh-sort-filelist-for-reproducibility.patch \ file://disable_hanging_tests.patch \ + file://0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-extended/pam/libpam/99_pam b/poky/meta/recipes-extended/pam/libpam/99_pam index 97e990d10b..a88247be13 100644 --- a/poky/meta/recipes-extended/pam/libpam/99_pam +++ b/poky/meta/recipes-extended/pam/libpam/99_pam @@ -1 +1 @@ -d root root 0755 /var/run/sepermit none +d root root 0755 /run/sepermit none diff --git a/poky/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch b/poky/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch new file mode 100644 index 0000000000..6c04769713 --- /dev/null +++ b/poky/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch @@ -0,0 +1,27 @@ +From aed5a184401fbbe901cb825be4004ced885b6f9a Mon Sep 17 00:00:00 2001 +From: Andrei Gherzan <andrei.gherzan@huawei.com> +Date: Wed, 24 Aug 2022 00:54:47 +0200 +Subject: [PATCH] Drop nsswitch.conf message when not in place - eg. musl + +Upstream-Status: Inappropriate [issue reported at https://github.com/shadow-maint/shadow/issues/557] +Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com> +--- + lib/nss.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/nss.c b/lib/nss.c +index af3e95a..74e0e16 100644 +--- a/lib/nss.c ++++ b/lib/nss.c +@@ -57,7 +57,7 @@ void nss_init(char *nsswitch_path) { + // subid: files + nssfp = fopen(nsswitch_path, "r"); + if (!nssfp) { +- fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path); ++ //fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path); + atomic_store(&nss_init_completed, true); + return; + } +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc index f5fdf436f7..5106b95571 100644 --- a/poky/meta/recipes-extended/shadow/shadow.inc +++ b/poky/meta/recipes-extended/shadow/shadow.inc @@ -26,6 +26,7 @@ SRC_URI:append:class-target = " \ SRC_URI:append:class-native = " \ file://0001-Disable-use-of-syslog-for-sysroot.patch \ file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ + file://0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch \ " SRC_URI:append:class-nativesdk = " \ file://0001-Disable-use-of-syslog-for-sysroot.patch \ @@ -33,6 +34,7 @@ SRC_URI:append:class-nativesdk = " \ SRC_URI[sha256sum] = "f262089be6a1011d50ec7849e14571b7b2e788334368f3dccb718513f17935ed" + # Additional Policy files for PAM PAM_SRC_URI = "file://pam.d/chfn \ file://pam.d/chpasswd \ @@ -149,6 +151,13 @@ do_install:append() { # Handle link properly after rename, otherwise missing files would # lead rpm failed dependencies. ln -sf newgrp.${BPN} ${D}${bindir}/sg + + # usermod requires the subuid/subgid files to be in place before being + # able to use the -v/-V flags otherwise it fails: + # usermod: /etc/subuid does not exist, you cannot use the flags -v or -V + install -d ${D}${sysconfdir} + touch ${D}${sysconfdir}/subuid + touch ${D}${sysconfdir}/subgid } PACKAGES =+ "${PN}-base" diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch b/poky/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch new file mode 100644 index 0000000000..bb35b3030a --- /dev/null +++ b/poky/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch @@ -0,0 +1,43 @@ +From ea9ee4dd64ee88e03a959b2c694aa8feb53c7e78 Mon Sep 17 00:00:00 2001 +From: He Zhe <zhe.he@windriver.com> +Date: Wed, 28 Sep 2022 16:47:24 +0800 +Subject: [PATCH] stress-cpu: disable float128 math on powerpc64 to avoid + SIGILL + +float128 requires instructions of xsmaddqp and xsmsubqp which are added to +qemu since v7.0 by the following commit. +https://github.com/qemu/qemu/commit/3bb1aed246d7b59ceee625a82628f7369d492a8f + +While kirkstone is still at v6.2 and thus experiences SIGILL as follow +root@qemuppc64:~# stress-ng --cpu 2 --timeout 30s +stress-ng: info: [972] setting to a 30 second run per stressor +stress-ng: info: [972] dispatching hogs: 2 cpu +stress-ng: info: [973] stressor terminated with unexpected signal signal 4 'SIGILL' +<snip> + +Upstream-Status: Inappropriate [This is specific to kirkstone since qemu on +master branch has upgraded to v7.1.] + +Signed-off-by: He Zhe <zhe.he@windriver.com> +--- + stress-cpu.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/stress-cpu.c b/stress-cpu.c +index 0a08f1d1..2849e715 100644 +--- a/stress-cpu.c ++++ b/stress-cpu.c +@@ -41,6 +41,10 @@ + #undef HAVE_FLOAT_DECIMAL128 + #endif + ++#if defined(STRESS_ARCH_PPC64) ++#undef HAVE_FLOAT128 ++#endif ++ + #define GAMMA (0.57721566490153286060651209008240243104215933593992L) + #define OMEGA (0.56714329040978387299996866221035554975381578718651L) + #define PSI (3.35988566624317755317201130291892717968890513373197L) +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb b/poky/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb index fe177a4de0..807ecd3466 100644 --- a/poky/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb +++ b/poky/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb @@ -5,7 +5,9 @@ HOMEPAGE = "https://github.com/ColinIanKing/stress-ng#readme" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master" +SRC_URI = "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master \ + file://0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch \ + " SRCREV = "f59bcb2fe1e25042e77d5e4942f72bfa026fa305" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch b/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch new file mode 100644 index 0000000000..ec793ac8ff --- /dev/null +++ b/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch @@ -0,0 +1,109 @@ +From 9c97b5db237a793e0d1b6b0241570bdc6e35ee24 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 7 Aug 2022 17:42:24 -0700 +Subject: [PATCH] Fix implicit-function-declaration warnings + +These are seen with clang-15+ + +Upstream-Status: Inappropriate [upstream is dead] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + hosts_access.c | 3 +++ + safe_finger.c | 1 + + shell_cmd.c | 3 +++ + tcpd.c | 2 +- + tcpdchk.c | 1 + + workarounds.c | 1 + + 6 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/hosts_access.c b/hosts_access.c +index 0133e5e..58697ea 100644 +--- a/hosts_access.c ++++ b/hosts_access.c +@@ -33,6 +33,7 @@ static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22"; + #endif + #include <netinet/in.h> + #include <arpa/inet.h> ++#include <rpcsvc/ypclnt.h> + #include <stdio.h> + #include <stdlib.h> + #include <syslog.h> +@@ -45,6 +46,8 @@ static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22"; + #endif + + extern int errno; ++extern int match_pattern_ylo(const char *s, const char *pattern); ++extern unsigned long cidr_mask_addr(char* str); + + #ifndef INADDR_NONE + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ +diff --git a/safe_finger.c b/safe_finger.c +index 23afab1..a6458fb 100644 +--- a/safe_finger.c ++++ b/safe_finger.c +@@ -34,6 +34,7 @@ static char sccsid[] = "@(#) safe_finger.c 1.4 94/12/28 17:42:41"; + #include <syslog.h> + + extern void exit(); ++extern int pipe_stdin(char **argv); + + /* Local stuff */ + +diff --git a/shell_cmd.c b/shell_cmd.c +index 62d31bc..a566092 100644 +--- a/shell_cmd.c ++++ b/shell_cmd.c +@@ -16,10 +16,13 @@ static char sccsid[] = "@(#) shell_cmd.c 1.5 94/12/28 17:42:44"; + + #include <sys/types.h> + #include <sys/param.h> ++#include <sys/wait.h> ++#include <fcntl.h> + #include <signal.h> + #include <stdio.h> + #include <syslog.h> + #include <string.h> ++#include <unistd.h> + + extern void exit(); + +diff --git a/tcpd.c b/tcpd.c +index dc9ff17..4353caa 100644 +--- a/tcpd.c ++++ b/tcpd.c +@@ -46,7 +46,7 @@ void fix_options(struct request_info *); + int allow_severity = SEVERITY; /* run-time adjustable */ + int deny_severity = LOG_WARNING; /* ditto */ + +-main(argc, argv) ++void main(argc, argv) + int argc; + char **argv; + { +diff --git a/tcpdchk.c b/tcpdchk.c +index 5dca8bd..67c12ce 100644 +--- a/tcpdchk.c ++++ b/tcpdchk.c +@@ -38,6 +38,7 @@ static char sccsid[] = "@(#) tcpdchk.c 1.8 97/02/12 02:13:25"; + + extern int errno; + extern void exit(); ++extern unsigned long cidr_mask_addr(char* str); + extern int optind; + extern char *optarg; + +diff --git a/workarounds.c b/workarounds.c +index b22b378..6335049 100644 +--- a/workarounds.c ++++ b/workarounds.c +@@ -21,6 +21,7 @@ char sccsid[] = "@(#) workarounds.c 1.6 96/03/19 16:22:25"; + #include <stdio.h> + #include <syslog.h> + #include <string.h> ++#include <unistd.h> + + extern int errno; + +-- +2.37.1 + diff --git a/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb b/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb index 814d7fd913..8137d257c8 100644 --- a/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb +++ b/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb @@ -50,6 +50,7 @@ SRC_URI = "http://ftp.porcupine.org/pub/security/tcp_wrappers_${PV}.tar.gz \ file://fix_warnings.patch \ file://fix_warnings2.patch \ file://0001-Remove-fgets-extern-declaration.patch \ + file://0001-Fix-implicit-function-declaration-warnings.patch \ " SRC_URI[md5sum] = "e6fa25f71226d090f34de3f6b122fb5a" diff --git a/poky/meta/recipes-extended/timezone/timezone.inc b/poky/meta/recipes-extended/timezone/timezone.inc index cdd1a2ac3c..d3c78e9157 100644 --- a/poky/meta/recipes-extended/timezone/timezone.inc +++ b/poky/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2022a" +PV = "2022d" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \ @@ -14,6 +14,6 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "f8575e7e33be9ee265df2081092526b81c80abac3f4a04399ae9d4d91cdadac7" -SRC_URI[tzdata.sha256sum] = "ef7fffd9f4f50f4f58328b35022a32a5a056b245c5cb3d6791dddb342f871664" +SRC_URI[tzcode.sha256sum] = "d644ba0f938899374ea8cb554e35fb4afa0f7bd7b716c61777cd00500b8759e0" +SRC_URI[tzdata.sha256sum] = "6ecdbee27fa43dcfa49f3d4fd8bb1dfef54c90da1abcd82c9abcf2dc4f321de0" diff --git a/poky/meta/recipes-extended/watchdog/watchdog/0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch b/poky/meta/recipes-extended/watchdog/watchdog/0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch new file mode 100644 index 0000000000..8c419e1d11 --- /dev/null +++ b/poky/meta/recipes-extended/watchdog/watchdog/0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch @@ -0,0 +1,37 @@ +From ca1d379fa13c4055d42d2ff3a647b4397768efcd Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 23 Aug 2022 19:23:26 -0700 +Subject: [PATCH] shutdown: Do not guard sys/quota.h sys/swap.h and + sys/reboot.h with __GLIBC__ + +These headers are provided by uclibc/musl/glibc and bionic so we can +assume they are not needed to be glibc specific includes. This also +ensures that we get proper declaration of reboot() API + +Upstream-Status: Submitted [https://sourceforge.net/p/watchdog/patches/12/] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/shutdown.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/src/shutdown.c b/src/shutdown.c +index 1d9a857..6aea0d0 100644 +--- a/src/shutdown.c ++++ b/src/shutdown.c +@@ -29,13 +29,9 @@ + #include "extern.h" + #include "ext2_mnt.h" + +-#if defined __GLIBC__ + #include <sys/quota.h> + #include <sys/swap.h> + #include <sys/reboot.h> +-#else /* __GLIBC__ */ +-#include <linux/quota.h> +-#endif /* __GLIBC__ */ + + #include <unistd.h> + +-- +2.37.2 + diff --git a/poky/meta/recipes-extended/watchdog/watchdog_5.16.bb b/poky/meta/recipes-extended/watchdog/watchdog_5.16.bb index 1163846ed8..26fcc10487 100644 --- a/poky/meta/recipes-extended/watchdog/watchdog_5.16.bb +++ b/poky/meta/recipes-extended/watchdog/watchdog_5.16.bb @@ -13,6 +13,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/watchdog/watchdog-${PV}.tar.gz \ file://watchdog.init \ file://wd_keepalive.init \ file://0001-wd_keepalive.service-use-run-instead-of-var-run.patch \ + file://0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch \ " SRC_URI[md5sum] = "1b4f51cabc64d1bee2fce7cdd626831f" diff --git a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb index 62ee70d244..897417314d 100644 --- a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb +++ b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb @@ -30,6 +30,8 @@ INITSCRIPT_PARAMS = "defaults" PACKAGECONFIG ??= "tcp-wrappers" PACKAGECONFIG[tcp-wrappers] = "--with-libwrap,,tcp-wrappers" +CFLAGS += "-D_GNU_SOURCE" + CONFFILES:${PN} = "${sysconfdir}/xinetd.conf" do_install:append() { diff --git a/poky/meta/recipes-extended/xz/xz/CVE-2022-1271.patch b/poky/meta/recipes-extended/xz/xz/CVE-2022-1271.patch deleted file mode 100644 index e43e73cf12..0000000000 --- a/poky/meta/recipes-extended/xz/xz/CVE-2022-1271.patch +++ /dev/null @@ -1,96 +0,0 @@ -From dc932a1e9c0d9f1db71be11a9b82496e3a72f112 Mon Sep 17 00:00:00 2001 -From: Lasse Collin <lasse.collin@tukaani.org> -Date: Tue, 29 Mar 2022 19:19:12 +0300 -Subject: [PATCH] xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587). - -Malicious filenames can make xzgrep to write to arbitrary files -or (with a GNU sed extension) lead to arbitrary code execution. - -xzgrep from XZ Utils versions up to and including 5.2.5 are -affected. 5.3.1alpha and 5.3.2alpha are affected as well. -This patch works for all of them. - -This bug was inherited from gzip's zgrep. gzip 1.12 includes -a fix for zgrep. - -The issue with the old sed script is that with multiple newlines, -the N-command will read the second line of input, then the -s-commands will be skipped because it's not the end of the -file yet, then a new sed cycle starts and the pattern space -is printed and emptied. So only the last line or two get escaped. - -One way to fix this would be to read all lines into the pattern -space first. However, the included fix is even simpler: All lines -except the last line get a backslash appended at the end. To ensure -that shell command substitution doesn't eat a possible trailing -newline, a colon is appended to the filename before escaping. -The colon is later used to separate the filename from the grep -output so it is fine to add it here instead of a few lines later. - -The old code also wasn't POSIX compliant as it used \n in the -replacement section of the s-command. Using \<newline> is the -POSIX compatible method. - -LC_ALL=C was added to the two critical sed commands. POSIX sed -manual recommends it when using sed to manipulate pathnames -because in other locales invalid multibyte sequences might -cause issues with some sed implementations. In case of GNU sed, -these particular sed scripts wouldn't have such problems but some -other scripts could have, see: - - info '(sed)Locale Considerations' - -This vulnerability was discovered by: -cleemy desu wayo working with Trend Micro Zero Day Initiative - -Thanks to Jim Meyering and Paul Eggert discussing the different -ways to fix this and for coordinating the patch release schedule -with gzip. - -Upstream-Status: Backport [https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch] -CVE: CVE-2022-1271 - -Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> ---- - src/scripts/xzgrep.in | 20 ++++++++++++-------- - 1 file changed, 12 insertions(+), 8 deletions(-) - -diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in -index 9db5c3a..f64dddb 100644 ---- a/src/scripts/xzgrep.in -+++ b/src/scripts/xzgrep.in -@@ -179,22 +179,26 @@ for i; do - { test $# -eq 1 || test $no_filename -eq 1; }; then - eval "$grep" - else -+ # Append a colon so that the last character will never be a newline -+ # which would otherwise get lost in shell command substitution. -+ i="$i:" -+ -+ # Escape & \ | and newlines only if such characters are present -+ # (speed optimization). - case $i in - (*' - '* | *'&'* | *'\'* | *'|'*) -- i=$(printf '%s\n' "$i" | -- sed ' -- $!N -- $s/[&\|]/\\&/g -- $s/\n/\\n/g -- ');; -+ i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');; - esac -- sed_script="s|^|$i:|" -+ -+ # $i already ends with a colon so don't add it here. -+ sed_script="s|^|$i|" - - # Fail if grep or sed fails. - r=$( - exec 4>&1 -- (eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&- -+ (eval "$grep" 4>&-; echo $? >&4) 3>&- | -+ LC_ALL=C sed "$sed_script" >&3 4>&- - ) || r=2 - exit $r - fi >&3 5>&- diff --git a/poky/meta/recipes-extended/xz/xz_5.2.5.bb b/poky/meta/recipes-extended/xz/xz_5.2.6.bb index 720e070f4a..3482622471 100644 --- a/poky/meta/recipes-extended/xz/xz_5.2.5.bb +++ b/poky/meta/recipes-extended/xz/xz_5.2.6.bb @@ -24,11 +24,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=97d554a32881fee0aa283d96e47cb24a \ file://lib/getopt.c;endline=23;md5=2069b0ee710572c03bb3114e4532cd84 \ " -SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz \ - file://CVE-2022-1271.patch \ - " -SRC_URI[md5sum] = "0d270c997aff29708c74d53f599ef717" -SRC_URI[sha256sum] = "f6f4910fd033078738bd82bfba4f49219d03b17eb0794eb91efbae419f4aba10" +SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz" +SRC_URI[sha256sum] = "a2105abee17bcd2ebd15ced31b4f5eda6e17efd6b10f921a01cda4a44c91b3a0" UPSTREAM_CHECK_REGEX = "xz-(?P<pver>\d+(\.\d+)+)\.tar" CACHED_CONFIGUREVARS += "gl_cv_posix_shell=/bin/sh" |