diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2023-06-16 00:18:34 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2023-06-16 01:27:11 +0300 |
commit | 4f6b1c0dcf9f9cb734f71b277af913e0d58c503f (patch) | |
tree | 6ca6709c6d54d63d4f9e1e5a3e2cefbb5cee09ce /poky/meta/recipes-extended | |
parent | fb02b9d8f5c7ab746a92c5f998f48983543d29ce (diff) | |
download | openbmc-4f6b1c0dcf9f9cb734f71b277af913e0d58c503f.tar.xz |
subtree updates
poky: ddb298ce89..fc25449687:
Alex Kiernan (1):
rust: Upgrade 1.68.1 -> 1.68.2
Alexander Kanavin (5):
selftest/distrodata: clean up exception lists in recipe maintainers test
dhcpcd: use git instead of tarballs
perl: patch out build paths from native binaries
libgcrypt: update 1.10.1 -> 1.10.2
rpm: update 4.18.0 -> 4.18.1
Andrew Jeffery (1):
Revert "ipk: Decode byte data to string in manifest handling"
Archana Polampalli (1):
git: ignore CVE-2023-25815
Arslan Ahmad (1):
kernel-fitimage: Fix the default dtb config check
Bruce Ashfield (9):
kernel: improve initramfs bundle processing time
yocto-bsps: update to v5.15.106
linux-yocto/5.15: update to v5.15.109
linux-yocto/5.15: update to v5.15.110
linux-yocto/5.15: update to v5.15.111
linux-yocto/5.15: update to v5.15.112
linux-yocto/5.15: update to v5.15.113
kernel: don't force PAHOLE=false
linux-yocto: move build / debug dependencies to .inc
Chen Qi (1):
staging.bbclass: do not add extend_recipe_sysroot to prefuncs of prepare_recipe_sysroot
Chi Xu (1):
expect: Add ptest support
Daniel Ammann (1):
overview-manual: concepts.rst: Fix a typo
Deepthi Hemraj (1):
binutils: stable 2.40 branch updates
Denys Dmytriyenko (1):
xz: upgrade 5.4.2 -> 5.4.3
Dmitry Baryshkov (1):
linux-firmware: upgrade 20230210 -> 20230404
Eero Aaltonen (1):
avahi: fix D-Bus introspection
Enrico Jörns (1):
package_manager/ipk: fix config path generation in _create_custom_config()
Jan Vermaete (1):
cve-update-nvd2-native: added the missing http import
Joe Slater (1):
ghostscript: fix CVE-2023-28879
Johannes Schrimpf (1):
python3targetconfig.bbclass: Extend PYTHONPATH instead of overwriting
Kai Kang (1):
libnotify: remove dependency dbus
Khem Raj (10):
cargo: Fix build on musl/riscv
gawk: Disable known ptest fails on musl
gawk: Remove redundant patch
gawk: Add skipped.txt to emit test to ignore
libxml2: Disable icu tests on musl
quilt: Fix merge.test race condition
piglit: Fix c++11-narrowing warnings in tests
cpio: Run ptests under ptest user
go: Upgrade 1.20.1 -> 1.20.4
go: Use -no-pie to build target cgo
Lee Chee Yang (3):
release-notes-4.2: update known issues and Repositories/Downloads
migration-guides: add release-notes for 4.1.4
migration-guides: add release notes for 4.2.1
Lorenzo Arena (1):
conf: add nice level to the hash config ignred variables
Luca Ceresoli (2):
ref-manual: classes: kernel: remove incorrect sentence opening
ref-manual: classes: kernel: document automatic defconfig usage
Markus Volk (1):
gtk4: update 4.10.0 -> 4.10.3
Martin Jansa (7):
populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO override
populate_sdk_ext.bbclass: redirect stderr to stdout so that both end in LOGFILE
populate_sdk_base.bbclass: respect MLPREFIX for ptest-pkgs's ptest-runner
binutils: package static libs from gprofng
go.bbclass: don't use test to check output from ls
image-live.bbclass: respect IMAGE_MACHINE_SUFFIX
rpm: drop unused 0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch
Martin Siegumfeldt (1):
systemd-systemctl: fix instance template WantedBy symlink construction
Michael Halstead (2):
uninative: Upgrade to 3.10 to support gcc 13
uninative: Upgrade to 4.0 to include latest gcc 13.1.1
Michael Opdenacker (2):
migration-guides: release-notes-4.2: add doc improvement highlights
releases.svg: fix and explain duration of Hardknott 3.3
Mikko Rapeli (1):
qemurunner: avoid leaking server_socket
Ming Liu (1):
weston: add xwayland to DEPENDS for PACKAGECONFIG xwayland
Otavio Salvador (1):
mesa: 23.0.2 -> 23.0.3
Pablo Saavedra (1):
gstreamer1.0: upgrade 1.22.0 -> 1.22.2
Paul Gortmaker (1):
scripts: fix buildstats diff/summary hard bound to host python3
Pavel Zhukov (1):
lib/terminal.py: Add urxvt terminal
Pawan Badganchi (1):
tiff: Add fix for CVE-2022-4645
Peter Bergin (1):
update-alternatives.bbclass: fix old override syntax
Peter Kjellerstedt (3):
license.bbclass: Include LICENSE in the output when it fails to parse
musl: Correct SRC_URI
xf86-video-intel: Use the HTTPS protocol to fetch the Git repositories
Piotr Łobacz (1):
libarchive: Enable acls, xattr for native as well as target
Qiu Tingting (2):
e2fsprogs: fix ptest bug for second running
e2fsprogs: Fix error SRCDIR when using usrmerge DISTRO_FEATURES
Randy MacLeod (1):
vim: upgrade 9.0.1429 -> 9.0.1527
Ranjitsinh Rathod (2):
libbsd: Add correct license for all packages
kmscube: Correct DEPENDS to avoid overwrite
Richard Purdie (8):
qemu: Add fix for powerpc instruction fallback issue
qemu: Update ppc instruction fix to match revised upstream version
glib-networking: Add test retry to avoid failures
glib-networking: Correct glib error handling in test patch
maintainers.inc: Fix email address typo
maintainers.inc: Move repo to unassigned
recipes: Default to https git protocol where possible
selftest/reproducible: Allow native/cross reuse in test
Ross Burton (5):
connman: backport fix for CVE-2023-28488
cpio: fix appending to archives larger than 2GB
machine/qemuarm*: don't explicitly set vmalloc
gdb: fix crashes when debugging threads with Arm Pointer Authentication enabled
meta: depend on autoconf-archive-native, not autoconf-archive
Steve Sakoman (3):
Revert "xserver-xorg: backport fix for CVE-2023-1393"
poky.conf: bump version for 4.2.1 release
build-appliance-image: Update to mickledore head revision
Sudip Mukherjee (4):
libxfixes: Upgrade to v6.0.1
xwininfo: upgrade to v1.1.6
xinput: upgrade to v1.6.4
libxi: upgrade to v1.8.1
Thomas Roos (3):
oeqa/utils/metadata.py: Fix running oe-selftest running with no distro set
oeqa/selftest/cases/devtool.py: skip all tests require folder a git repo
oeqa: adding selftest-hello and use it to speed up tests
Tim Orling (1):
libmodule-build-perl: upgrade 0.4232 -> 0.4234
Tom Hochstein (1):
piglit: Add missing glslang dependencies
Ulrich Ölmann (1):
ref-manual: classes.rst: fix typo
Upgrade Helper (1):
waffle: upgrade 1.7.0 -> 1.7.2
Virendra Thakur (1):
qemu: Whitelist CVE-2023-0664
Wang Mingyu (18):
apr: upgrade 1.7.2 -> 1.7.3
bind: upgrade 9.18.12 -> 9.18.13
cracklib: upgrade 2.9.10 -> 2.9.11
libhandy: upgrade 1.8.1 -> 1.8.2
libpcap: upgrade 1.10.3 -> 1.10.4
libsdl2: upgrade 2.26.3 -> 2.26.5
mpg123: upgrade 1.31.2 -> 1.31.3
man-pages: upgrade 6.03 -> 6.04
mtools: upgrade 4.0.42 -> 4.0.43
pango: upgrade 1.50.13 -> 1.50.14
ruby: upgrade 3.2.1 -> 3.2.2
texinfo: upgrade 7.0.2 -> 7.0.3
wpebackend-fdo: upgrade 1.14.0 -> 1.14.2
xserver-xorg: upgrade 21.1.7 -> 21.1.8
xwayland: upgrade 22.1.8 -> 23.1.1
vala: upgrade 0.56.4 -> 0.56.6
mesa: upgrade 23.0.0 -> 23.0.2
iso-codes: upgrade 4.13.0 -> 4.15.0
Xiangyu Chen (1):
sysstat: Fix CVE-2023-33204
Yoann Congal (1):
cve-extra-exclusions: linux-yocto: ignore fixed CVE-2023-1652 & CVE-2023-1829
Zhixiong Chi (1):
libpam: Fix the xtests/tst-pam_motd[1|3] failures
bkylerussell@gmail.com (1):
kernel-devsrc: depend on python3-core instead of python3
hen Qi (1):
unfs3: fix symlink time setting issue
nikhil (1):
tiff: Remove unused patch from tiff
meta-raspberrypi: bf948e0aa8..aa0aed9a08:
Florin Sarbu (1):
udev-rules-rpi: Use 99-com.rules directly from upstream
Martin Jansa (3):
rpi-libcamera-apps: fix flags used in aarch64 builds
rpi-libcamera-apps: fix version generation on hosts with older python
rpi-libcamera-apps: bump to latest SRCREV and set PV
meta-openembedded: 2d89a469e5..9286582126:
Alexander Amelkin (1):
ipmitool: Update links
Arsalan H. Awan (1):
meta-networking/licenses/netperf: remove unused license
Bartosz Golaszewski (2):
python3-gpiod: add missing run-time dependencies
libgpiod: install the libgpiosim header
Bergin, Peter (1):
freediameter: fix typo and old overide syntax
Bhargav Das (2):
tslib: Add native & nativestdk package support
pointercal: Add native & nativestdk package support
Changqing Li (1):
redis: upgrade 6.2.11 -> 6.2.12
Chen Qi (1):
frr: add CVE_PRODUCT
Jasper Orschulko (1):
python3-gcovr: Add missing runtime dependency
Joe Slater (1):
bats: use baselib
Khem Raj (48):
fwupd: Do not emit build time paths into generated headers
libcereal: Fix TMPDIR leaking into debug_str section
libtimezonemap: Point to a working SRC_URI
unixODBC: Update SRC_URI to use updated location of tarball
unicode-ucd: Update license URI to reflect renamed license
libx86: Point to working SRC_URI
ctapi-common: Point to working SRC_URI locations
netkit-ftp: Update to debian patch 34
nicstat: Use SOURCEFORGE_MIRROR in SRC_URI
rp-pppoe: Point SRC_URI to valid location
ttf-mplus: Point to valid download location for SRC_URI
ttf-lklug: Point SRC_URI to a working location
radiusclient-ng: Point SRC_URI to archive.ubuntu.com
httpfs2: Do not use S during compile/install tasks
p910nd: Switch to using github for SRC_URI
mosh: Point SRC_URI to https://mosh.org/
debootstrap: Update SRC_URI to point to valid URL
debootstrap: Use DEBIAN_MIRROR for SRC_URI
ttf-gentium: Switch to debian archive mirror for SRC_URI
nfacct: Update SRC_URI to point to valid URL
libencode-perl: Remove buildpaths from generated .exh files
enca: Remove buildpaths from target scripts
libirecovery: Add missing build dependency on readline
fftw: Remove hardcoded sysroot into binaries
lmdb: Pass CFLAGS to Makefile
php: Remove buildpaths from scripts and generated headers
uw-imap: Pass CFLAGS from environment
libmad: Add a patch to pass cflags to build
libpeas: Fix reference to TMPDIR in tests
lirc: Define SH_PATH=/bin/sh
mce-inject: Pass CFLAGS to make
nbdkit: Remove buildpaths from binaries
mpv: Remove references to builddir from mpv binary
libnice: Remove buildpaths from binaries
curlpp: Remove references to buildpaths e.g. TMPDIR
unbound: Remove references to buildpaths
uml-utilities: Fix references to TMPDIR
openct: Fix buildpaths being emitted into generated types.h
minifi-cpp: Remove references to buildpaths in generated files
freerdp: Fix reference to TMPDIR in libfreerdp2.so
nautilus: Fix buildpath QA errors
cgdb: Fix buildpaths emitted into cgdb binary
ibus: Point python interpreter to target location
gimp: Fix buildpaths in binaries and scripts
libgphoto2: Edit out sysroot from CC variable in configure
vlan: Pass CFLAGS via CCFLAGS
sgpio: Pass CFLAGS to make
x265: Pass --debug-prefix-map to nasm
Markus Volk (1):
polkit: update SRC_URI
Martin Jansa (16):
lirc: fix do_install with multilib
dleyna-{server,renderer}: fix dev-so QA issue with multilib
libreport: add dependency on libarchive
libxmlb: add missing dependency on glib-2.0 and xz
geoclue: fix build without gobject-introspection-data
appstream: fix build without gobject-introspection-data
ostree: fix build without gobject-introspection-data
rdfind: fix build with -Werror=return-type
spice-gtk: respect gobject-introspection-data
cpulimit: fix do_install with multilib
libnfs: fix installed-vs-shipped issues with multilib
btrfsmaintenance: install to ${datadir}/${BPN}
libtomcrypt: pass LIBPATH to fix installed-vs-shipped with multilib
nanopb: fix installed-vs-shipped with multilib
nv-codec-headers: fix installed-vs-shipped with multilib
zfs: fix installation paths for multilib
Ming Liu (2):
libusbgx: drop hard-coded /usr/bin,/etc
libusbgx: check scripts in /etc/usbgx.d
Mingli Yu (2):
php: Link with libatomic on rv64
minicoredumper: correct the sysvinit service file attribute
Peter Marko (1):
ntp: whitelist CVE-2019-11331
Petr Gotthard (1):
gensio: fix QA issue: non -staticdev package with .a libraries
Valeria Petrov (1):
apache2: upgrade 2.4.56 -> 2.4.57
Virendra Thakur (2):
p7zip: fix for CVE-2018-5996
p7zip: Fix for CVE-2016-9296
Wang Mingyu (6):
redis: upgrade 7.0.10 -> 7.0.11
hdf5: Fix install conflict when enable multilib.
php: upgrade 8.2.4 -> 8.2.5
postgresql: upgrade 15.2 -> 15.3
php: upgrade 8.2.5 -> 8.2.6
nautilus: upgrade 44.0 -> 44.1
Yogita Urade (1):
dlt-daemon: fix CVE-2023-26257
schitrod=cisco.com@lists.openembedded.org (1):
gnulib: Update recipe name to 2018-12-18
meta-security: 53c5cc794f..d7db0a3bd1:
Peter Hoyes (1):
meta-parsec/layer.conf: Insert addpylib declaration
meta-arm: 0b5724266a..8db460fa5d:
Abdellatif El Khlifi (2):
kas: corstone1000: set branches to mickledore
arm-bsp/u-boot: corstone1000: upgrade NVMXIP support
Emekcan Aras (3):
arm-bsp/trusted-firmware-m: Align Capsule Update with GPT changes
arm-bsp/wic: corstone1000: Fix and limit the partition size for corstone1000
arm-bsp/u-boot: corstone1000: enable PSCI reset
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Id8a293d03f6c2320ff407a7aaed4416038ba04ed
Diffstat (limited to 'poky/meta/recipes-extended')
19 files changed, 593 insertions, 68 deletions
diff --git a/poky/meta/recipes-extended/bzip2/bzip2_1.0.8.bb b/poky/meta/recipes-extended/bzip2/bzip2_1.0.8.bb index 78138d1543..4e3a06f240 100644 --- a/poky/meta/recipes-extended/bzip2/bzip2_1.0.8.bb +++ b/poky/meta/recipes-extended/bzip2/bzip2_1.0.8.bb @@ -22,7 +22,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;endline=37;md5=600af43c50f1fcb82e " SRC_URI = "https://sourceware.org/pub/${BPN}/${BPN}-${PV}.tar.gz \ - git://sourceware.org/git/bzip2-tests.git;name=bzip2-tests;branch=master \ + git://sourceware.org/git/bzip2-tests.git;name=bzip2-tests;branch=master;protocol=https \ file://configure.ac;subdir=${BP} \ file://Makefile.am;subdir=${BP} \ file://run-ptest \ diff --git a/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Fix-appending-to-archives-bigger-than-2G.patch b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Fix-appending-to-archives-bigger-than-2G.patch new file mode 100644 index 0000000000..fefd5b2894 --- /dev/null +++ b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Fix-appending-to-archives-bigger-than-2G.patch @@ -0,0 +1,312 @@ +From 0987d63384f0419b4b14aecdc6a61729b75ce86a Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org> +Date: Fri, 28 Apr 2023 15:23:46 +0300 +Subject: [PATCH] Fix appending to archives bigger than 2G + +* src/extern.h (last_header_start): Change type to off_t. +* src/global.c: Likewise. +* src/util.c (prepare_append): Use off_t for file offsets. + +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + src/extern.h | 11 ++++----- + src/global.c | 2 +- + src/util.c | 66 ++++++++++++++++++++++++++-------------------------- + 3 files changed, 39 insertions(+), 40 deletions(-) + +diff --git a/src/extern.h b/src/extern.h +index df7d0ce..6afbdd2 100644 +--- a/src/extern.h ++++ b/src/extern.h +@@ -68,7 +68,7 @@ extern int ignore_dirnlink_option; + + extern bool to_stdout_option; + +-extern int last_header_start; ++extern off_t last_header_start; + extern int copy_matching_files; + extern int numeric_uid; + extern char *pattern_file_name; +@@ -128,7 +128,7 @@ void field_width_error (const char *filename, const char *fieldname, + + /* copypass.c */ + void process_copy_pass (void); +-int link_to_maj_min_ino (char *file_name, int st_dev_maj, ++int link_to_maj_min_ino (char *file_name, int st_dev_maj, + int st_dev_min, ino_t st_ino); + int link_to_name (char const *link_name, char const *link_target); + +@@ -176,7 +176,7 @@ void copy_files_tape_to_disk (int in_des, int out_des, off_t num_bytes); + void copy_files_disk_to_tape (int in_des, int out_des, off_t num_bytes, char *filename); + void copy_files_disk_to_disk (int in_des, int out_des, off_t num_bytes, char *filename); + void warn_if_file_changed (char *file_name, off_t old_file_size, +- time_t old_file_mtime); ++ time_t old_file_mtime); + void create_all_directories (char const *name); + void prepare_append (int out_file_des); + char *find_inode_file (ino_t node_num, +@@ -190,7 +190,7 @@ void set_new_media_message (char *message); + #ifdef HPUX_CDF + char *add_cdf_double_slashes (char *filename); + #endif +-void write_nuls_to_file (off_t num_bytes, int out_des, ++void write_nuls_to_file (off_t num_bytes, int out_des, + void (*writer) (char *in_buf, + int out_des, off_t num_bytes)); + #define DISK_IO_BLOCK_SIZE 512 +@@ -234,6 +234,5 @@ void delay_set_stat (char const *file_name, struct stat *st, + mode_t invert_permissions); + int repair_delayed_set_stat (struct cpio_file_stat *file_hdr); + void apply_delayed_set_stat (void); +- +-int arf_stores_inode_p (enum archive_format arf); + ++int arf_stores_inode_p (enum archive_format arf); +diff --git a/src/global.c b/src/global.c +index d33516f..7c4bca8 100644 +--- a/src/global.c ++++ b/src/global.c +@@ -113,7 +113,7 @@ int debug_flag = false; + + /* File position of last header read. Only used during -A to determine + where the old TRAILER!!! record started. */ +-int last_header_start = 0; ++off_t last_header_start = 0; + + /* With -i; if true, copy only files that match any of the given patterns; + if false, copy only files that do not match any of the patterns. (-f) */ +diff --git a/src/util.c b/src/util.c +index a38333a..7415e10 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -59,8 +59,8 @@ tape_empty_output_buffer (int out_des) + static long output_bytes_before_lseek = 0; + + /* Some tape drivers seem to have a signed internal seek pointer and +- they lose if it overflows and becomes negative (e.g. when writing +- tapes > 2Gb). Doing an lseek (des, 0, SEEK_SET) seems to reset the ++ they lose if it overflows and becomes negative (e.g. when writing ++ tapes > 2Gb). Doing an lseek (des, 0, SEEK_SET) seems to reset the + seek pointer and prevent it from overflowing. */ + if (output_is_special + && ( (output_bytes_before_lseek += output_size) >= 1073741824L) ) +@@ -104,7 +104,7 @@ static ssize_t sparse_write (int fildes, char *buf, size_t nbyte, bool flush); + descriptor OUT_DES and reset `output_size' and `out_buff'. + If `swapping_halfwords' or `swapping_bytes' is set, + do the appropriate swapping first. Our callers have +- to make sure to only set these flags if `output_size' ++ to make sure to only set these flags if `output_size' + is appropriate (a multiple of 4 for `swapping_halfwords', + 2 for `swapping_bytes'). The fact that DISK_IO_BLOCK_SIZE + must always be a multiple of 4 helps us (and our callers) +@@ -186,8 +186,8 @@ tape_fill_input_buffer (int in_des, int num_bytes) + { + #ifdef BROKEN_LONG_TAPE_DRIVER + /* Some tape drivers seem to have a signed internal seek pointer and +- they lose if it overflows and becomes negative (e.g. when writing +- tapes > 4Gb). Doing an lseek (des, 0, SEEK_SET) seems to reset the ++ they lose if it overflows and becomes negative (e.g. when writing ++ tapes > 4Gb). Doing an lseek (des, 0, SEEK_SET) seems to reset the + seek pointer and prevent it from overflowing. */ + if (input_is_special + && ( (input_bytes_before_lseek += num_bytes) >= 1073741824L) ) +@@ -330,8 +330,8 @@ tape_buffered_peek (char *peek_buf, int in_des, int num_bytes) + + #ifdef BROKEN_LONG_TAPE_DRIVER + /* Some tape drivers seem to have a signed internal seek pointer and +- they lose if it overflows and becomes negative (e.g. when writing +- tapes > 4Gb). Doing an lseek (des, 0, SEEK_SET) seems to reset the ++ they lose if it overflows and becomes negative (e.g. when writing ++ tapes > 4Gb). Doing an lseek (des, 0, SEEK_SET) seems to reset the + seek pointer and prevent it from overflowing. */ + if (input_is_special + && ( (input_bytes_before_lseek += num_bytes) >= 1073741824L) ) +@@ -402,7 +402,7 @@ tape_toss_input (int in_des, off_t num_bytes) + + if (crc_i_flag && only_verify_crc_flag) + { +- int k; ++ int k; + for (k = 0; k < space_left; ++k) + crc += in_buff[k] & 0xff; + } +@@ -414,14 +414,14 @@ tape_toss_input (int in_des, off_t num_bytes) + } + + void +-write_nuls_to_file (off_t num_bytes, int out_des, +- void (*writer) (char *in_buf, int out_des, off_t num_bytes)) ++write_nuls_to_file (off_t num_bytes, int out_des, ++ void (*writer) (char *in_buf, int out_des, off_t num_bytes)) + { + off_t blocks; + off_t extra_bytes; + off_t i; + static char zeros_512[512]; +- ++ + blocks = num_bytes / sizeof zeros_512; + extra_bytes = num_bytes % sizeof zeros_512; + for (i = 0; i < blocks; ++i) +@@ -601,7 +601,7 @@ create_all_directories (char const *name) + char *dir; + + dir = dir_name (name); +- ++ + if (dir == NULL) + error (PAXEXIT_FAILURE, 0, _("virtual memory exhausted")); + +@@ -635,9 +635,9 @@ create_all_directories (char const *name) + void + prepare_append (int out_file_des) + { +- int start_of_header; +- int start_of_block; +- int useful_bytes_in_block; ++ off_t start_of_header; ++ off_t start_of_block; ++ size_t useful_bytes_in_block; + char *tmp_buf; + + start_of_header = last_header_start; +@@ -695,8 +695,8 @@ inode_val_compare (const void *val1, const void *val2) + const struct inode_val *ival1 = val1; + const struct inode_val *ival2 = val2; + return ival1->inode == ival2->inode +- && ival1->major_num == ival2->major_num +- && ival1->minor_num == ival2->minor_num; ++ && ival1->major_num == ival2->major_num ++ && ival1->minor_num == ival2->minor_num; + } + + static struct inode_val * +@@ -704,10 +704,10 @@ find_inode_val (ino_t node_num, unsigned long major_num, + unsigned long minor_num) + { + struct inode_val sample; +- ++ + if (!hash_table) + return NULL; +- ++ + sample.inode = node_num; + sample.major_num = major_num; + sample.minor_num = minor_num; +@@ -732,7 +732,7 @@ add_inode (ino_t node_num, char *file_name, unsigned long major_num, + { + struct inode_val *temp; + struct inode_val *e = NULL; +- ++ + /* Create new inode record. */ + temp = (struct inode_val *) xmalloc (sizeof (struct inode_val)); + temp->inode = node_num; +@@ -1003,7 +1003,7 @@ buf_all_zeros (char *buf, int bufsize) + + /* Write NBYTE bytes from BUF to file descriptor FILDES, trying to + create holes instead of writing blockfuls of zeros. +- ++ + Return the number of bytes written (including bytes in zero + regions) on success, -1 on error. + +@@ -1023,7 +1023,7 @@ sparse_write (int fildes, char *buf, size_t nbytes, bool flush) + + enum { begin, in_zeros, not_in_zeros } state = + delayed_seek_count ? in_zeros : begin; +- ++ + while (nbytes) + { + size_t rest = nbytes; +@@ -1038,7 +1038,7 @@ sparse_write (int fildes, char *buf, size_t nbytes, bool flush) + if (state == not_in_zeros) + { + ssize_t bytes = buf - start_ptr + rest; +- ++ + n = write (fildes, start_ptr, bytes); + if (n == -1) + return -1; +@@ -1087,8 +1087,8 @@ sparse_write (int fildes, char *buf, size_t nbytes, bool flush) + if (n != 1) + return n; + delayed_seek_count = 0; +- } +- ++ } ++ + return nwritten + seek_count; + } + +@@ -1226,7 +1226,7 @@ set_perms (int fd, struct cpio_file_stat *header) + if (!no_chown_flag) + { + uid_t uid = CPIO_UID (header->c_uid); +- gid_t gid = CPIO_GID (header->c_gid); ++ gid_t gid = CPIO_GID (header->c_gid); + if ((fchown_or_chown (fd, header->c_name, uid, gid) < 0) + && errno != EPERM) + chown_error_details (header->c_name, uid, gid); +@@ -1243,13 +1243,13 @@ set_file_times (int fd, + const char *name, unsigned long atime, unsigned long mtime) + { + struct timespec ts[2]; +- ++ + memset (&ts, 0, sizeof ts); + + ts[0].tv_sec = atime; + ts[1].tv_sec = mtime; + +- /* Silently ignore EROFS because reading the file won't have upset its ++ /* Silently ignore EROFS because reading the file won't have upset its + timestamp if it's on a read-only filesystem. */ + if (fdutimens (fd, name, ts) < 0 && errno != EROFS) + utime_error (name); +@@ -1301,7 +1301,7 @@ cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names, + + /* This is a simplified form of delayed set_stat used by GNU tar. + With the time, both forms will merge and pass to paxutils +- ++ + List of directories whose statuses we need to extract after we've + finished extracting their subsidiary files. If you consider each + contiguous subsequence of elements of the form [D]?[^D]*, where [D] +@@ -1419,7 +1419,7 @@ cpio_mkdir (struct cpio_file_stat *file_hdr, int *setstat_delayed) + { + int rc; + mode_t mode = file_hdr->c_mode; +- ++ + if (!(file_hdr->c_mode & S_IWUSR)) + { + rc = mkdir (file_hdr->c_name, mode | S_IWUSR); +@@ -1442,10 +1442,10 @@ cpio_create_dir (struct cpio_file_stat *file_hdr, int existing_dir) + { + int res; /* Result of various function calls. */ + int setstat_delayed = 0; +- ++ + if (to_stdout_option) + return 0; +- ++ + /* Strip any trailing `/'s off the filename; tar puts + them on. We might as well do it here in case anybody + else does too, since they cause strange things to happen. */ +@@ -1534,7 +1534,7 @@ arf_stores_inode_p (enum archive_format arf) + } + return 1; + } +- ++ + void + cpio_file_stat_init (struct cpio_file_stat *file_hdr) + { +-- +2.34.1 + diff --git a/poky/meta/recipes-extended/cpio/cpio-2.13/run-ptest b/poky/meta/recipes-extended/cpio/cpio-2.13/run-ptest index f027574e86..f35a756d6b 100644..100755 --- a/poky/meta/recipes-extended/cpio/cpio-2.13/run-ptest +++ b/poky/meta/recipes-extended/cpio/cpio-2.13/run-ptest @@ -1,10 +1,3 @@ #!/bin/sh -# Define cpio test work dir -WORKDIR=@PTEST_PATH@/tests/ - -# Run test -cd ${WORKDIR} -./atconfig ./atlocal ./testsuite - -./testsuite 2>&1 | grep -E '[0-9]{1,3}: ' | sed -e 's/^.....//' -e '/[ok]$/s/^/PASS: /;/FAILED (.*)/s/^/FAIL: /;/skipped (.*)/s/^/SKIP: /;/expected failure/ s/^/PASS: /;/UNEXPECTED PASS/s/^/FAIL: /' -e 's/ok$//g' -e 's/FAILED.*//g' -e 's/skipped.*//g' -e 's/expected failure.*//g' -e 's/UNEXPECTED PASS.*//g' +su -c ./test.sh ptest diff --git a/poky/meta/recipes-extended/cpio/cpio-2.13/test.sh b/poky/meta/recipes-extended/cpio/cpio-2.13/test.sh new file mode 100644 index 0000000000..f027574e86 --- /dev/null +++ b/poky/meta/recipes-extended/cpio/cpio-2.13/test.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +# Define cpio test work dir +WORKDIR=@PTEST_PATH@/tests/ + +# Run test +cd ${WORKDIR} +./atconfig ./atlocal ./testsuite + +./testsuite 2>&1 | grep -E '[0-9]{1,3}: ' | sed -e 's/^.....//' -e '/[ok]$/s/^/PASS: /;/FAILED (.*)/s/^/FAIL: /;/skipped (.*)/s/^/SKIP: /;/expected failure/ s/^/PASS: /;/UNEXPECTED PASS/s/^/FAIL: /' -e 's/ok$//g' -e 's/FAILED.*//g' -e 's/skipped.*//g' -e 's/expected failure.*//g' -e 's/UNEXPECTED PASS.*//g' diff --git a/poky/meta/recipes-extended/cpio/cpio_2.13.bb b/poky/meta/recipes-extended/cpio/cpio_2.13.bb index df5e09cae8..400c6b2f90 100644 --- a/poky/meta/recipes-extended/cpio/cpio_2.13.bb +++ b/poky/meta/recipes-extended/cpio/cpio_2.13.bb @@ -13,7 +13,9 @@ SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ file://CVE-2021-38185.patch \ file://0001-Use-__alignof__-with-clang.patch \ file://0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch \ + file://0001-Fix-appending-to-archives-bigger-than-2G.patch \ file://run-ptest \ + file://test.sh \ " SRC_URI[md5sum] = "389c5452d667c23b5eceb206f5000810" @@ -57,9 +59,24 @@ do_install_ptest() { install --mode=755 ${B}/tests/atlocal ${D}${PTEST_PATH}/tests/ install --mode=755 ${B}/tests/genfile ${D}${PTEST_PATH}/tests/ install --mode=755 ${S}/tests/testsuite ${D}${PTEST_PATH}/tests/ - sed -i "s#@PTEST_PATH@#${PTEST_PATH}#g" ${D}${PTEST_PATH}/run-ptest + install --mode=755 ${WORKDIR}/test.sh ${D}${PTEST_PATH}/test.sh + sed -i "s#@PTEST_PATH@#${PTEST_PATH}#g" ${D}${PTEST_PATH}/test.sh } +# ptest.bbclass currently chowns the ptest directory explicitly, so we need to +# change permission after that has happened so the ptest user can write a +# temporary directory. +do_install_ptest_base:append() { + chgrp -R ptest ${D}${PTEST_PATH}/ + chmod -R g+w ${D}${PTEST_PATH}/ +} + +# The tests need to run as a non-root user, so pull in the ptest user +DEPENDS:append:class-target = "${@bb.utils.contains('PTEST_ENABLED', '1', ' ptest-runner', '', d)}" +PACKAGE_WRITE_DEPS += "ptest-runner" + +RDEPENDS:${PN}-ptest += "ptest-runner" + PACKAGES =+ "${PN}-rmt" FILES:${PN}-rmt = "${sbindir}/rmt*" diff --git a/poky/meta/recipes-extended/cracklib/cracklib_2.9.10.bb b/poky/meta/recipes-extended/cracklib/cracklib_2.9.11.bb index 8197cdad9e..34ef2b65a1 100644 --- a/poky/meta/recipes-extended/cracklib/cracklib_2.9.10.bb +++ b/poky/meta/recipes-extended/cracklib/cracklib_2.9.11.bb @@ -13,7 +13,7 @@ SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=main \ file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \ " -SRCREV = "e74c539344d024709ee76e2920b0af7f9a5c5556" +SRCREV = "4cf5125250c6325ef0a2dc085eabff875227edc3" S = "${WORKDIR}/git/src" inherit autotools gettext diff --git a/poky/meta/recipes-extended/gawk/gawk/remove-sensitive-tests.patch b/poky/meta/recipes-extended/gawk/gawk/remove-sensitive-tests.patch deleted file mode 100644 index ffae55058b..0000000000 --- a/poky/meta/recipes-extended/gawk/gawk/remove-sensitive-tests.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 354d24baf7c51977d22ff61ad42e6a2cbd4dc8ac Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@arm.com> -Date: Tue, 21 Dec 2021 17:09:12 +0000 -Subject: [PATCH] gawk: remove load-sensitive tests - -These tests require an unloaded host as otherwise timing sensitive tests can fail -https://bugzilla.yoctoproject.org/show_bug.cgi?id=14371 - -Upstream-Status: Inappropriate -Signed-off-by: Ross Burton <ross.burton@arm.com> - ---- - test/Maketests | 10 ---------- - 1 file changed, 10 deletions(-) - -diff --git a/test/Maketests b/test/Maketests -index 3a667af..f117697 100644 ---- a/test/Maketests -+++ b/test/Maketests -@@ -2137,11 +2137,6 @@ symtab12: - @-AWKPATH="$(srcdir)" $(AWK) -f $@.awk >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ - @-$(CMP) "$(srcdir)"/$@.ok _$@ && rm -f _$@ - --timeout: -- @echo $@ $(ZOS_FAIL) -- @-AWKPATH="$(srcdir)" $(AWK) -f $@.awk >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ -- @-$(CMP) "$(srcdir)"/$@.ok _$@ && rm -f _$@ -- - typedregex1: - @echo $@ - @-AWKPATH="$(srcdir)" $(AWK) -f $@.awk >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ -@@ -2371,11 +2366,6 @@ rwarray: - @-AWKPATH="$(srcdir)" $(AWK) -f $@.awk < "$(srcdir)"/$@.in >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ - @-$(CMP) "$(srcdir)"/$@.ok _$@ && rm -f _$@ - --time: -- @echo $@ -- @-AWKPATH="$(srcdir)" $(AWK) -f $@.awk >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ -- @-$(CMP) "$(srcdir)"/$@.ok _$@ && rm -f _$@ -- - mpfrbigint: - @echo $@ - @-AWKPATH="$(srcdir)" $(AWK) -f $@.awk -M >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ diff --git a/poky/meta/recipes-extended/gawk/gawk/run-ptest b/poky/meta/recipes-extended/gawk/gawk/run-ptest index 2675650600..f4ef3e7bd4 100644 --- a/poky/meta/recipes-extended/gawk/gawk/run-ptest +++ b/poky/meta/recipes-extended/gawk/gawk/run-ptest @@ -3,6 +3,11 @@ cd test for i in `grep -E "^[a-z0-9_-]*:$" Maketests |awk -F: '{print $1}'`; do unset LANG + grep -q "^$i$" skipped.txt + if [ $? -eq 0 ]; then + echo "SKIP: $i" + continue + fi srcdir=`pwd` AWKPROG=gawk AWK=gawk CMP=cmp make -f Maketests $i >$i.tmp 2>&1 if [ -e _$i ]; then cat _$i diff --git a/poky/meta/recipes-extended/gawk/gawk_5.2.1.bb b/poky/meta/recipes-extended/gawk/gawk_5.2.1.bb index e381bad148..768c8eb364 100644 --- a/poky/meta/recipes-extended/gawk/gawk_5.2.1.bb +++ b/poky/meta/recipes-extended/gawk/gawk_5.2.1.bb @@ -16,7 +16,6 @@ PACKAGECONFIG[readline] = "--with-readline,--without-readline,readline" PACKAGECONFIG[mpfr] = "--with-mpfr,--without-mpfr, mpfr" SRC_URI = "${GNU_MIRROR}/gawk/gawk-${PV}.tar.gz \ - file://remove-sensitive-tests.patch \ file://run-ptest \ " @@ -60,10 +59,29 @@ do_install_ptest() { # https://bugzilla.yoctoproject.org/show_bug.cgi?id=14371 rm -f ${D}${PTEST_PATH}/test/time.* rm -f ${D}${PTEST_PATH}/test/timeout.* + for t in time timeout; do + echo $t >> ${D}${PTEST_PATH}/test/skipped.txt + done +} + +do_install_ptest:append:libc-musl() { + # Reported https://lists.gnu.org/archive/html/bug-gawk/2021-02/msg00005.html + rm -f ${D}${PTEST_PATH}/test/clos1way6.* + # Needs en_US.UTF-8 but then does not work with musl + rm -f ${D}${PTEST_PATH}/test/backsmalls1.* + # Needs en_US.UTF-8 but then does not work with musl + rm -f ${D}${PTEST_PATH}/test/commas.* + # The below two need LANG=C inside the make rule for musl + rm -f ${D}${PTEST_PATH}/test/rebt8b1.* + rm -f ${D}${PTEST_PATH}/test/regx8bit.* + for t in clos1way6 backsmalls1 commas rebt8b1 regx8bit; do + echo $t >> ${D}${PTEST_PATH}/test/skipped.txt + done } -RDEPENDS:${PN}-ptest += "make" +RDEPENDS:${PN}-ptest += "make locale-base-en-us" -RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-en-us locale-base-en-us.iso-8859-1" +RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-en-us.iso-8859-1" +RDEPENDS:${PN}-ptest:append:libc-musl = " musl-locales" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch new file mode 100644 index 0000000000..604b927521 --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch @@ -0,0 +1,60 @@ +From 37ed5022cecd584de868933b5b60da2e995b3179 Mon Sep 17 00:00:00 2001 +From: Ken Sharp <ken.sharp@artifex.com> +Date: Fri, 24 Mar 2023 13:19:57 +0000 +Subject: [PATCH] Graphics library - prevent buffer overrun in (T)BCP encoding + +Bug #706494 "Buffer Overflow in s_xBCPE_process" + +As described in detail in the bug report, if the write buffer is filled +to one byte less than full, and we then try to write an escaped +character, we overrun the buffer because we don't check before +writing two bytes to it. + +This just checks if we have two bytes before starting to write an +escaped character and exits if we don't (replacing the consumed byte +of the input). + +Up for further discussion; why do we even permit a BCP encoding filter +anyway ? I think we should remove this, at least when SAFER is true. +--- +CVE: CVE-2023-28879 + +Upstream-Status: Backport [see text] + +git://git.ghostscript.com/ghostpdl +cherry-pick + +Signed-off-by: Joe Slater <joe.slater@windriver.com. + +--- + base/sbcp.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/base/sbcp.c b/base/sbcp.c +index 979ae0992..47fc233ec 100644 +--- a/base/sbcp.c ++++ b/base/sbcp.c +@@ -1,4 +1,4 @@ +-/* Copyright (C) 2001-2021 Artifex Software, Inc. ++/* Copyright (C) 2001-2023 Artifex Software, Inc. + All Rights Reserved. + + This software is provided AS-IS with no warranty, either express or +@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr, + byte ch = *++p; + + if (ch <= 31 && escaped[ch]) { ++ /* Make sure we have space to store two characters in the write buffer, ++ * if we don't then exit without consuming the input character, we'll process ++ * that on the next time round. ++ */ ++ if (pw->limit - q < 2) { ++ p--; ++ break; ++ } + if (p == rlimit) { + p--; + break; +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb index 56a93632e2..86ecdbe24a 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb +++ b/poky/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb @@ -34,6 +34,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://avoid-host-contamination.patch \ file://mkdir-p.patch \ file://cross-compile.patch \ + file://cve-2023-28879.patch \ " SRC_URI = "${SRC_URI_BASE} \ diff --git a/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index f447035b67..aafede3da8 100644 --- a/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb +++ b/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb @@ -7,11 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d499814247adaee08d88080841cb5665" DEPENDS = "e2fsprogs-native" -PACKAGECONFIG ?= "zlib bz2 xz zstd" - -PACKAGECONFIG:append:class-target = "\ - ${@bb.utils.filter('DISTRO_FEATURES', 'acl xattr', d)} \ -" +PACKAGECONFIG ?= "zlib bz2 xz zstd ${@bb.utils.filter('DISTRO_FEATURES', 'acl xattr', d)}" DEPENDS_BZIP2 = "bzip2-replacement-native" DEPENDS_BZIP2:class-target = "bzip2" diff --git a/poky/meta/recipes-extended/man-pages/man-pages_6.03.bb b/poky/meta/recipes-extended/man-pages/man-pages_6.04.bb index bc02597ef7..fee57e3fbd 100644 --- a/poky/meta/recipes-extended/man-pages/man-pages_6.03.bb +++ b/poky/meta/recipes-extended/man-pages/man-pages_6.04.bb @@ -4,7 +4,7 @@ SECTION = "console/utils" HOMEPAGE = "http://www.kernel.org/pub/linux/docs/man-pages" LICENSE = "GPL-2.0-or-later & GPL-2.0-only & GPL-1.0-or-later & BSD-2-Clause & BSD-3-Clause & BSD-4-Clause & MIT" -LIC_FILES_CHKSUM = "file://README;md5=0fdad39ebaa973a50785f79f0f59f87f \ +LIC_FILES_CHKSUM = "file://README;md5=5b7d7488344f5af8841dc13aaec49cdf \ file://LICENSES/BSD-2-Clause.txt;md5=d0f280d1058e77e66264a9b9e10e6c89 \ file://LICENSES/BSD-3-Clause.txt;md5=71f739ef75581cae312e8c711bcdab16 \ file://LICENSES/BSD-4-Clause-UC.txt;md5=1da3cf8ad50cd8d5d1de3cfc53196d01 \ @@ -16,7 +16,7 @@ LIC_FILES_CHKSUM = "file://README;md5=0fdad39ebaa973a50785f79f0f59f87f \ " SRC_URI = "${KERNELORG_MIRROR}/linux/docs/${BPN}/${BP}.tar.gz" -SRC_URI[sha256sum] = "76eca045b42a90dd25d094c46d97ac90187bc0f1bfca358bb5dae5c4337acbb0" +SRC_URI[sha256sum] = "590623b99bf1f8ee958483c35cc0aaef2363e42998c4d927d1f705890d15d51e" inherit manpages diff --git a/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch b/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch new file mode 100644 index 0000000000..94dcb04f0a --- /dev/null +++ b/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch @@ -0,0 +1,108 @@ +From 42404548721c653317c911c83d885e2fc7fbca70 Mon Sep 17 00:00:00 2001 +From: Per Jessen <per@jessen.ch> +Date: Fri, 22 Apr 2022 18:15:36 +0200 +Subject: [PATCH] pam_motd: do not rely on all filesystems providing a filetype + +When using scandir() to look for MOTD files to display, we wrongly +relied on all filesystems providing a filetype. This is a fix to divert +to lstat() when we have no filetype. To maintain MT safety, it isn't +possible to use lstat() in the scandir() filter function, so all of the +filtering has been moved to an additional loop after scanning all the +motd dirs. +Also, remove superfluous alphasort from scandir(), we are doing +a qsort() later. + +Resolves: https://github.com/linux-pam/linux-pam/issues/455 + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/42404548721c653317c911c83d885e2fc7fbca70] + +Signed-off-by: Per Jessen <per@jessen.ch> +Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> +--- + modules/pam_motd/pam_motd.c | 49 ++++++++++++++++++++++++++++++------- + 1 file changed, 40 insertions(+), 9 deletions(-) + +diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c +index 6ac8cba2..5ca486e4 100644 +--- a/modules/pam_motd/pam_motd.c ++++ b/modules/pam_motd/pam_motd.c +@@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b) + } + } + +-static int filter_dirents(const struct dirent *d) +-{ +- return (d->d_type == DT_REG || d->d_type == DT_LNK); +-} +- + static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing) + { +@@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + + for (i = 0; i < num_motd_dirs; i++) { + int rv; +- rv = scandir(motd_dir_path_split[i], &(dirscans[i]), +- filter_dirents, alphasort); ++ rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL); + if (rv < 0) { + if (errno != ENOENT || report_missing) { + pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m", +@@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + if (dirscans_size_total == 0) + goto out; + ++ /* filter out unwanted names, directories, and complement data with lstat() */ ++ for (i = 0; i < num_motd_dirs; i++) { ++ struct dirent **d = dirscans[i]; ++ for (unsigned int j = 0; j < dirscans_sizes[i]; j++) { ++ int rc; ++ char *fullpath; ++ struct stat s; ++ ++ switch(d[j]->d_type) { /* the filetype determines how to proceed */ ++ case DT_REG: /* regular files and */ ++ case DT_LNK: /* symlinks */ ++ continue; /* are good. */ ++ case DT_UNKNOWN: /* for file systems that do not provide */ ++ /* a filetype, we use lstat() */ ++ if (join_dir_strings(&fullpath, motd_dir_path_split[i], ++ d[j]->d_name) <= 0) ++ break; ++ rc = lstat(fullpath, &s); ++ _pam_drop(fullpath); /* free the memory alloc'ed by join_dir_strings */ ++ if (rc != 0) /* if the lstat() somehow failed */ ++ break; ++ ++ if (S_ISREG(s.st_mode) || /* regular files and */ ++ S_ISLNK(s.st_mode)) continue; /* symlinks are good */ ++ break; ++ case DT_DIR: /* We don't want directories */ ++ default: /* nor anything else */ ++ break; ++ } ++ _pam_drop(d[j]); /* free memory */ ++ d[j] = NULL; /* indicate this one was dropped */ ++ dirscans_size_total--; ++ } ++ } ++ + /* Allocate space for all file names found in the directories, including duplicates. */ + if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) { + pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array"); +@@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + unsigned int j; + + for (j = 0; j < dirscans_sizes[i]; j++) { +- dirnames_all[i_dirnames] = dirscans[i][j]->d_name; +- i_dirnames++; ++ if (NULL != dirscans[i][j]) { ++ dirnames_all[i_dirnames] = dirscans[i][j]->d_name; ++ i_dirnames++; ++ } + } + } + +-- +2.39.0 + diff --git a/poky/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch b/poky/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch new file mode 100644 index 0000000000..a7b51f3217 --- /dev/null +++ b/poky/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch @@ -0,0 +1,46 @@ +From 0764cb56df4a5afdf04980c9eb6735f789f5aa42 Mon Sep 17 00:00:00 2001 +From: Pavel Kopylov <pkopylov@cloudlinux.com> +Date: Wed, 17 May 2023 11:33:45 +0200 +Subject: [PATCH] Fix an overflow which is still possible for some values. + +CVE: CVE-2023-33204 +Upstream-Status: Backport [https://github.com/sysstat/sysstat/commit/954ff2e2673c] + +Backport Changes: +Adopt additional changes as per following merge commit of pull request: +https://github.com/sysstat/sysstat/commit/6f8dc568e6ab + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +Signed-off-by: Sanjay Chitroda <schitrod@cisco.com> +--- + common.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/common.c b/common.c +index a3d31a5..138920c 100644 +--- a/common.c ++++ b/common.c +@@ -447,15 +447,17 @@ int check_dir(char *dirname) + void check_overflow(unsigned int val1, unsigned int val2, + unsigned int val3) + { +- if ((unsigned long long) val1 * (unsigned long long) val2 * +- (unsigned long long) val3 > UINT_MAX) { ++ if ((val1 != 0) && (val2 != 0) && (val3 != 0) && ++ (((unsigned long long)UINT_MAX / (unsigned long long)val1 < ++ (unsigned long long)val2) || ++ ((unsigned long long)UINT_MAX / ((unsigned long long)val1 * ++ (unsigned long long)val2) < (unsigned long long)val3))) { + #ifdef DEBUG +- fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", +- __FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 * +- (unsigned long long) val3); ++ fprintf(stderr, "%s: Overflow detected (%u,%u,%u). Aborting...\n", ++ __FUNCTION__, val1, val2, val3); + #endif + exit(4); +- } ++ } + } + + #ifndef SOURCE_SADC diff --git a/poky/meta/recipes-extended/sysstat/sysstat_12.6.2.bb b/poky/meta/recipes-extended/sysstat/sysstat_12.6.2.bb index f9e5778e76..b5014eaefb 100644 --- a/poky/meta/recipes-extended/sysstat/sysstat_12.6.2.bb +++ b/poky/meta/recipes-extended/sysstat/sysstat_12.6.2.bb @@ -2,6 +2,8 @@ require sysstat.inc LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" -SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch" +SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \ + file://CVE-2023-33204.patch \ + " SRC_URI[sha256sum] = "3e77134aedaa6fc57d9745da67edfd8990e19adee71ac47196229261c563fb48" diff --git a/poky/meta/recipes-extended/texinfo/texinfo_7.0.2.bb b/poky/meta/recipes-extended/texinfo/texinfo_7.0.3.bb index da455df4bb..b149177b72 100644 --- a/poky/meta/recipes-extended/texinfo/texinfo_7.0.2.bb +++ b/poky/meta/recipes-extended/texinfo/texinfo_7.0.3.bb @@ -35,7 +35,7 @@ SRC_URI = "${GNU_MIRROR}/texinfo/${BP}.tar.gz \ ${TARGET_PATCH} \ " -SRC_URI[sha256sum] = "a9c646bc4f6bb31843f129f8408a3a627334575faf7b22ebc416be5cb1570553" +SRC_URI[sha256sum] = "3cc5706fb086b895e1dc2b407aade9f95a3a233ff856273e2b659b089f117683" tex_texinfo = "texmf/tex/texinfo" diff --git a/poky/meta/recipes-extended/wget/wget.inc b/poky/meta/recipes-extended/wget/wget.inc index 58cb5ca73d..d31756dbc8 100644 --- a/poky/meta/recipes-extended/wget/wget.inc +++ b/poky/meta/recipes-extended/wget/wget.inc @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c678957b0c8e964aa6c70fd77641a71e" inherit autotools gettext texinfo update-alternatives pkgconfig -DEPENDS += "autoconf-archive" +DEPENDS += "autoconf-archive-native" EXTRA_OECONF = "--without-libgnutls-prefix --without-libssl-prefix \ --disable-rpath" diff --git a/poky/meta/recipes-extended/xz/xz_5.4.2.bb b/poky/meta/recipes-extended/xz/xz_5.4.3.bb index 87f9602bf6..e1cdac3014 100644 --- a/poky/meta/recipes-extended/xz/xz_5.4.2.bb +++ b/poky/meta/recipes-extended/xz/xz_5.4.3.bb @@ -25,7 +25,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \ " SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz" -SRC_URI[sha256sum] = "87947679abcf77cc509d8d1b474218fd16b72281e2797360e909deaee1ac9d05" +SRC_URI[sha256sum] = "1c382e0bc2e4e0af58398a903dd62fff7e510171d2de47a1ebe06d1528e9b7e9" UPSTREAM_CHECK_REGEX = "xz-(?P<pver>\d+(\.\d+)+)\.tar" CACHED_CONFIGUREVARS += "gl_cv_posix_shell=/bin/sh" |