diff options
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-support')
22 files changed, 494 insertions, 44 deletions
diff --git a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.19.0.bb b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.19.1.bb index bb19ff1bd3..1440d72711 100644 --- a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.19.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.19.1.bb @@ -6,7 +6,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006" SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https" -SRCREV = "fddf01938d3789e06cc1c3774e4cd0c7d2a89976" +SRCREV = "6360e96b5cf8e5980c887ce58ef727e53d77243a" UPSTREAM_CHECK_GITTAGREGEX = "cares-(?P<pver>\d+_(\d_?)+)" diff --git a/meta-openembedded/meta-oe/recipes-support/fftw/fftw_3.3.10.bb b/meta-openembedded/meta-oe/recipes-support/fftw/fftw_3.3.10.bb index 1fead4d029..33e8279880 100644 --- a/meta-openembedded/meta-oe/recipes-support/fftw/fftw_3.3.10.bb +++ b/meta-openembedded/meta-oe/recipes-support/fftw/fftw_3.3.10.bb @@ -55,7 +55,7 @@ do_configure() { do_compile() { for lib in fftw fftwl fftwf; do cd ${WORKDIR}/build-$lib - sed -i -e 's|${TOOLCHAIN_OPTIONS}||g' config.h + test -n "${TOOLCHAIN_OPTIONS}" && sed -i -e 's|${TOOLCHAIN_OPTIONS}||g' config.h autotools_do_compile done } diff --git a/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2018-12-18.bb b/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2018-12-18.bb index a27968079e..9e09b971c9 100644 --- a/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2018-12-18.bb +++ b/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2018-12-18.bb @@ -13,7 +13,7 @@ LICENSE = "LGPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=56a22a6e5bcce45e2c8ac184f81412b5" SRCREV = "0d6e3307bbdb8df4d56043d5f373eeeffe4cbef3" -SRC_URI = "git://git.savannah.gnu.org/git/gnulib.git;branch=master \ +SRC_URI = "git://git.savannah.gnu.org/git/gnulib.git;branch=master;protocol=https \ " S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-support/iniparser/iniparser/CVE-2023-33461.patch b/meta-openembedded/meta-oe/recipes-support/iniparser/iniparser/CVE-2023-33461.patch new file mode 100644 index 0000000000..ae714c5318 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/iniparser/iniparser/CVE-2023-33461.patch @@ -0,0 +1,52 @@ +From ace9871f65d11b5d73f0b9ee8cf5d2807439442d Mon Sep 17 00:00:00 2001 +From: Antonio <antoniolrt@gmail.com> +Date: Fri, 2 Jun 2023 15:03:10 -0300 +Subject: [PATCH] Handle null return from iniparser_getstring + +Fix handling of NULL returns from iniparser_getstring in +iniparser_getboolean, iniparser_getlongint and iniparser_getdouble, +avoiding a crash. + +CVE: CVE-2023-33461 + +Upstream-Status: Submitted [https://github.com/ndevilla/iniparser/pull/146/commits/ace9871f65d11b5d73f0b9ee8cf5d2807439442d] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + src/iniparser.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/iniparser.c b/src/iniparser.c +index f1d1658..dbceb20 100644 +--- a/src/iniparser.c ++++ b/src/iniparser.c +@@ -456,7 +456,7 @@ long int iniparser_getlongint(const dictionary * d, const char * key, long int n + const char * str ; + + str = iniparser_getstring(d, key, INI_INVALID_KEY); +- if (str==INI_INVALID_KEY) return notfound ; ++ if (str==NULL || str==INI_INVALID_KEY) return notfound ; + return strtol(str, NULL, 0); + } + +@@ -511,7 +511,7 @@ double iniparser_getdouble(const dictionary * d, const char * key, double notfou + const char * str ; + + str = iniparser_getstring(d, key, INI_INVALID_KEY); +- if (str==INI_INVALID_KEY) return notfound ; ++ if (str==NULL || str==INI_INVALID_KEY) return notfound ; + return atof(str); + } + +@@ -553,7 +553,7 @@ int iniparser_getboolean(const dictionary * d, const char * key, int notfound) + const char * c ; + + c = iniparser_getstring(d, key, INI_INVALID_KEY); +- if (c==INI_INVALID_KEY) return notfound ; ++ if (c==NULL || c==INI_INVALID_KEY) return notfound ; + if (c[0]=='y' || c[0]=='Y' || c[0]=='1' || c[0]=='t' || c[0]=='T') { + ret = 1 ; + } else if (c[0]=='n' || c[0]=='N' || c[0]=='0' || c[0]=='f' || c[0]=='F') { +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-support/iniparser/iniparser_4.1.bb b/meta-openembedded/meta-oe/recipes-support/iniparser/iniparser_4.1.bb index f9e1530161..166a74824f 100644 --- a/meta-openembedded/meta-oe/recipes-support/iniparser/iniparser_4.1.bb +++ b/meta-openembedded/meta-oe/recipes-support/iniparser/iniparser_4.1.bb @@ -10,7 +10,8 @@ PV .= "+git${SRCPV}" SRC_URI = "git://github.com/ndevilla/iniparser.git;protocol=https;branch=master \ file://0001-iniparser.pc-Make-libpath-a-variable.patch \ - file://Add-CMake-support.patch" + file://Add-CMake-support.patch \ + file://CVE-2023-33461.patch" SRCREV= "deb85ad4936d4ca32cc2260ce43323d47936410d" diff --git a/meta-openembedded/meta-oe/recipes-support/libcyusbserial/libcyusbserial/0001-CMakeLists.txt-don-t-fall-back-CMAKE_INSTALL_LIBDIR-.patch b/meta-openembedded/meta-oe/recipes-support/libcyusbserial/libcyusbserial/0001-CMakeLists.txt-don-t-fall-back-CMAKE_INSTALL_LIBDIR-.patch new file mode 100644 index 0000000000..d9e10469d3 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/libcyusbserial/libcyusbserial/0001-CMakeLists.txt-don-t-fall-back-CMAKE_INSTALL_LIBDIR-.patch @@ -0,0 +1,43 @@ +From 655c5c32b37a2bea12389ed69c0869215fcf5abe Mon Sep 17 00:00:00 2001 +From: Martin Jansa <Martin.Jansa@gmail.com> +Date: Sun, 3 Sep 2023 11:22:35 +0200 +Subject: [PATCH] CMakeLists.txt: don't fall back CMAKE_INSTALL_LIBDIR to lib + +* testing ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR} existence + doesn't really work in cross compilation and on some hosts was causing: + + ERROR: QA Issue: libcyusbserial: Files/directories were installed but not shipped in any package: + /usr/lib/libcyusbserial.so.1 + /usr/lib/libcyusbserial.so + Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. + libcyusbserial: 2 installed and not shipped files. [installed-vs-shipped] + + with multilib using /usr/lib32 or /usr/lib64 when the same didn't + exist on host. + +Upstream-Status: Pending +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + lib/CMakeLists.txt | 9 --------- + 1 file changed, 9 deletions(-) + +diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt +index 2b031cb..53a7263 100644 +--- a/lib/CMakeLists.txt ++++ b/lib/CMakeLists.txt +@@ -6,15 +6,6 @@ if (NOT CMAKE_INSTALL_LIBDIR) + include(GNUInstallDirs) + endif (NOT CMAKE_INSTALL_LIBDIR) + +-# Fall back to just "lib" if the item provided by GNUInstallDirs doesn't exist +-# For example, on Ubuntu 13.10 with CMake 2.8.11.2, +-# /usr/lib/${CMAKE_LIBRARY_ARCHITECTURE} doesn't exist. +-if (NOT EXISTS "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}") +- message(STATUS "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR} does not exist. Defaulting libcyusbserial install location to ${CMAKE_INSTALL_PREFIX}/lib.") +- set(CMAKE_INSTALL_LIBDIR lib) +-endif() +- +- + ################################################################################ + # Include paths + ################################################################################ diff --git a/meta-openembedded/meta-oe/recipes-support/libcyusbserial/libcyusbserial_git.bb b/meta-openembedded/meta-oe/recipes-support/libcyusbserial/libcyusbserial_git.bb index 81453fb888..a69194996b 100644 --- a/meta-openembedded/meta-oe/recipes-support/libcyusbserial/libcyusbserial_git.bb +++ b/meta-openembedded/meta-oe/recipes-support/libcyusbserial/libcyusbserial_git.bb @@ -8,7 +8,9 @@ DEPENDS = "libusb udev" PV = "1.0.0+git${SRCPV}" SRCREV = "655e2d544183d094f0e2d119c7e0c6206a0ddb3f" -SRC_URI = "git://github.com/cyrozap/${BPN}.git;branch=master;protocol=https" +SRC_URI = "git://github.com/cyrozap/${BPN}.git;branch=master;protocol=https \ + file://0001-CMakeLists.txt-don-t-fall-back-CMAKE_INSTALL_LIBDIR-.patch \ +" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-support/libgpiod/libgpiod-2.0/gpio-tools-test-bats-modify.patch b/meta-openembedded/meta-oe/recipes-support/libgpiod/libgpiod-2.0/gpio-tools-test-bats-modify.patch new file mode 100644 index 0000000000..4d49467968 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/libgpiod/libgpiod-2.0/gpio-tools-test-bats-modify.patch @@ -0,0 +1,67 @@ +From 53f9670d6af1bd0745c1df9c469b269c72607b23 Mon Sep 17 00:00:00 2001 +From: Joe Slater <joe.slater@windriver.com> +Date: Tue, 6 Jun 2023 08:04:27 -0700 +Subject: [PATCH] tools: tests: modify delays in toggle test + +The test "gpioset: toggle (continuous)" uses fixed delays to test +toggling values. This is not reliable, so we switch to looking +for transitions from one value to another. + +We wait for a transition up to 1.5 seconds. + +Signed-off-by: Joe Slater <joe.slater@windriver.com> +Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> + +Upstream-status: accepted + +Signed-off-by: Joe Slater <joe.slater@windriver.com> +--- + tools/gpio-tools-test.bats | 21 ++++++++++++++++----- + 1 file changed, 16 insertions(+), 5 deletions(-) + +diff --git a/tools/gpio-tools-test.bats b/tools/gpio-tools-test.bats +index c83ca7d..929c35a 100755 +--- a/tools/gpio-tools-test.bats ++++ b/tools/gpio-tools-test.bats +@@ -141,6 +141,20 @@ gpiosim_check_value() { + [ "$VAL" = "$EXPECTED" ] + } + ++gpiosim_wait_value() { ++ local OFFSET=$2 ++ local EXPECTED=$3 ++ local DEVNAME=${GPIOSIM_DEV_NAME[$1]} ++ local CHIPNAME=${GPIOSIM_CHIP_NAME[$1]} ++ local PORT=$GPIOSIM_SYSFS/$DEVNAME/$CHIPNAME/sim_gpio$OFFSET/value ++ ++ for i in {1..15}; do ++ [ "$(<$PORT)" = "$EXPECTED" ] && return ++ sleep 0.1 ++ done ++ return 1 ++} ++ + gpiosim_cleanup() { + for CHIP in ${!GPIOSIM_CHIP_NAME[@]} + do +@@ -1567,15 +1581,12 @@ request_release_line() { + gpiosim_check_value sim0 4 0 + gpiosim_check_value sim0 7 0 + +- sleep 1 +- +- gpiosim_check_value sim0 1 0 ++ gpiosim_wait_value sim0 1 0 + gpiosim_check_value sim0 4 1 + gpiosim_check_value sim0 7 1 + +- sleep 1 + +- gpiosim_check_value sim0 1 1 ++ gpiosim_wait_value sim0 1 1 + gpiosim_check_value sim0 4 0 + gpiosim_check_value sim0 7 0 + } +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-support/libgpiod/libgpiod.inc b/meta-openembedded/meta-oe/recipes-support/libgpiod/libgpiod.inc index abb6544ec2..cf6c0ae0f6 100644 --- a/meta-openembedded/meta-oe/recipes-support/libgpiod/libgpiod.inc +++ b/meta-openembedded/meta-oe/recipes-support/libgpiod/libgpiod.inc @@ -38,7 +38,7 @@ FILES:${PN}-ptest += " \ FILES:libgpiodcxx = "${libdir}/libgpiodcxx.so.*" RRECOMMENDS:${PN}-ptest += "coreutils" -RDEPENDS:${PN}-ptest += "bats" +RDEPENDS:${PN}-ptest += "${@bb.utils.contains('PTEST_ENABLED', '1', 'bats', '', d)}" do_install_ptest() { install -d ${D}${PTEST_PATH}/tests/ diff --git a/meta-openembedded/meta-oe/recipes-support/libgpiod/libgpiod_2.0.bb b/meta-openembedded/meta-oe/recipes-support/libgpiod/libgpiod_2.0.bb index 179fe170e2..ee20aaf792 100644 --- a/meta-openembedded/meta-oe/recipes-support/libgpiod/libgpiod_2.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/libgpiod/libgpiod_2.0.bb @@ -11,6 +11,8 @@ SRC_URI[sha256sum] = "f74cbf82038b3cb98ebeb25bce55ee2553be28194002d2a9889b9268cc S = "${WORKDIR}/libgpiod-2.0" +SRC_URI += "file://gpio-tools-test-bats-modify.patch" + # We must enable gpioset-interactive for all gpio-tools tests to pass PACKAGECONFIG[tests] = "--enable-tests --enable-gpioset-interactive,--disable-tests,kmod util-linux glib-2.0 catch2 libedit" PACKAGECONFIG[gpioset-interactive] = "--enable-gpioset-interactive,--disable-gpioset-interactive,libedit" diff --git a/meta-openembedded/meta-oe/recipes-support/libiio/libiio_git.bb b/meta-openembedded/meta-oe/recipes-support/libiio/libiio_git.bb index bb253f421a..612dd897be 100644 --- a/meta-openembedded/meta-oe/recipes-support/libiio/libiio_git.bb +++ b/meta-openembedded/meta-oe/recipes-support/libiio/libiio_git.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING.txt;md5=7c13b3376cea0ce68d2d2da0a1b3a72c" SRCREV = "92d6a35f3d8d721cda7d6fe664b435311dd368b4" PV = "0.23" -SRC_URI = "git://github.com/analogdevicesinc/libiio.git;protocol=https;branch=master \ +SRC_URI = "git://github.com/analogdevicesinc/libiio.git;protocol=https;branch=main \ file://0001-CMake-Move-include-CheckCSourceCompiles-before-its-m.patch \ " UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" diff --git a/meta-openembedded/meta-oe/recipes-support/mcelog/mcelog_191.bb b/meta-openembedded/meta-oe/recipes-support/mcelog/mcelog_191.bb index e713433469..3c1c451c02 100644 --- a/meta-openembedded/meta-oe/recipes-support/mcelog/mcelog_191.bb +++ b/meta-openembedded/meta-oe/recipes-support/mcelog/mcelog_191.bb @@ -18,11 +18,18 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263" S = "${WORKDIR}/git" -inherit autotools-brokensep ptest +inherit ptest COMPATIBLE_HOST = '(x86_64.*|i.86.*)-linux' -do_install:append() { +EXTRA_OEMAKE += "CFLAGS='${CFLAGS}'" + +do_compile() { + oe_runmake +} + +do_install() { + oe_runmake install DESTDIR=${D} install -d ${D}${sysconfdir}/cron.hourly install -m 0755 ${S}/mcelog.cron ${D}${sysconfdir}/cron.hourly/ sed -i 's/bash/sh/' ${D}${sysconfdir}/cron.hourly/mcelog.cron diff --git a/meta-openembedded/meta-oe/recipes-support/opencv/opencv/CVE-2023-2617.patch b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/CVE-2023-2617.patch new file mode 100644 index 0000000000..92c096e29c --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/opencv/opencv/CVE-2023-2617.patch @@ -0,0 +1,88 @@ +commit ccc277247ac1a7aef0a90353edcdec35fbc5903c +Author: Nano <nanoapezlk@gmail.com> +Date: Wed Apr 26 15:09:52 2023 +0800 + + fix(wechat_qrcode): Init nBytes after the count value is determined (#3480) + + * fix(wechat_qrcode): Initialize nBytes after the count value is determined + + * fix(wechat_qrcode): Incorrect count data repair + + * chore: format expr + + * fix(wechat_qrcode): Avoid null pointer exception + + * fix(wechat_qrcode): return when bytes_ is empty + + * test(wechat_qrcode): add test case + + --------- + + Co-authored-by: GZTime <Time.GZ@outlook.com> + +CVE: CVE-2023-2617 + +Upstream-Status: Backport [https://github.com/opencv/opencv_contrib/commit/ccc277247ac1a7aef0a90353edcdec35fbc5903c] + +Signed-off-by: Soumya <soumya.sambu@windriver.com> +--- + +diff --git a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp +index 05de793c..b3a0a69c 100644 +--- a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp ++++ b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp +@@ -65,7 +65,8 @@ void DecodedBitStreamParser::append(std::string& result, string const& in, + + void DecodedBitStreamParser::append(std::string& result, const char* bufIn, size_t nIn, + ErrorHandler& err_handler) { +- if (err_handler.ErrCode()) return; ++ // avoid null pointer exception ++ if (err_handler.ErrCode() || bufIn == nullptr) return; + #ifndef NO_ICONV_INSIDE + if (nIn == 0) { + return; +@@ -190,16 +191,20 @@ void DecodedBitStreamParser::decodeByteSegment(Ref<BitSource> bits_, string& res + CharacterSetECI* currentCharacterSetECI, + ArrayRef<ArrayRef<char> >& byteSegments, + ErrorHandler& err_handler) { +- int nBytes = count; + BitSource& bits(*bits_); + // Don't crash trying to read more bits than we have available. + int available = bits.available(); + // try to repair count data if count data is invalid + if (count * 8 > available) { +- count = (available + 7 / 8); ++ count = (available + 7) / 8; + } ++ size_t nBytes = count; ++ ++ ArrayRef<char> bytes_(nBytes); ++ // issue https://github.com/opencv/opencv_contrib/issues/3478 ++ if (bytes_->empty()) ++ return; + +- ArrayRef<char> bytes_(count); + char* readBytes = &(*bytes_)[0]; + for (int i = 0; i < count; i++) { + // readBytes[i] = (char) bits.readBits(8); +diff --git a/modules/wechat_qrcode/test/test_qrcode.cpp b/modules/wechat_qrcode/test/test_qrcode.cpp +index d59932b8..ec2559b0 100644 +--- a/modules/wechat_qrcode/test/test_qrcode.cpp ++++ b/modules/wechat_qrcode/test/test_qrcode.cpp +@@ -455,5 +455,16 @@ TEST_P(Objdetect_QRCode_Easy_Multi, regression) { + std::string qrcode_model_path[] = {"", "dnn/wechat_2021-01"}; + INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Easy_Multi, testing::ValuesIn(qrcode_model_path)); + ++TEST(Objdetect_QRCode_bug, issue_3478) { ++ auto detector = wechat_qrcode::WeChatQRCode(); ++ std::string image_path = findDataFile("qrcode/issue_3478.png"); ++ Mat src = imread(image_path, IMREAD_GRAYSCALE); ++ ASSERT_FALSE(src.empty()) << "Can't read image: " << image_path; ++ std::vector<std::string> outs = detector.detectAndDecode(src); ++ ASSERT_EQ(1, (int) outs.size()); ++ ASSERT_EQ(16, (int) outs[0].size()); ++ ASSERT_EQ("KFCVW50 ", outs[0]); ++} ++ + } // namespace + } // namespace opencv_test diff --git a/meta-openembedded/meta-oe/recipes-support/opencv/opencv_4.7.0.bb b/meta-openembedded/meta-oe/recipes-support/opencv/opencv_4.7.0.bb index 361b004308..a1fbaaa091 100644 --- a/meta-openembedded/meta-oe/recipes-support/opencv/opencv_4.7.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/opencv/opencv_4.7.0.bb @@ -31,6 +31,7 @@ SRC_URI = "git://github.com/opencv/opencv.git;name=opencv;branch=master;protocol file://download.patch \ file://0001-Make-ts-module-external.patch \ file://0008-Do-not-embed-build-directory-in-binaries.patch \ + file://CVE-2023-2617.patch;patchdir=contrib \ " SRC_URI:append:riscv64 = " file://0001-Use-Os-to-compile-tinyxml2.cpp.patch;patchdir=contrib" @@ -162,7 +163,7 @@ python populate_packages:prepend () { metapkg = pn d.setVar('ALLOW_EMPTY:' + metapkg, "1") - blacklist = [ metapkg, "libopencv-ts" ] + blacklist = [ metapkg ] metapkg_rdepends = [ ] for pkg in packages[1:]: if not pkg in blacklist and not pkg in metapkg_rdepends and not pkg.endswith('-dev') and not pkg.endswith('-dbg') and not pkg.endswith('-doc') and not pkg.endswith('-locale') and not pkg.endswith('-staticdev'): diff --git a/meta-openembedded/meta-oe/recipes-support/openldap/openldap/0001-configure-Pass-pthread_t-to-pthread_detach.patch b/meta-openembedded/meta-oe/recipes-support/openldap/openldap/0001-configure-Pass-pthread_t-to-pthread_detach.patch deleted file mode 100644 index 6e73f8b382..0000000000 --- a/meta-openembedded/meta-oe/recipes-support/openldap/openldap/0001-configure-Pass-pthread_t-to-pthread_detach.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 7577b120acda087bf3f5f613c2c72663b3864ad8 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sun, 4 Sep 2022 09:43:06 -0700 -Subject: [PATCH] configure: Pass pthread_t to pthread_detach - -This helps compilers when using C2X standard - -Upstream-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - configure.ac | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 0978eeb..58d15f8 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1467,10 +1467,7 @@ pthread_rwlock_t rwlock; - dnl save the flags - AC_LINK_IFELSE([AC_LANG_PROGRAM([[ - #include <pthread.h> --#ifndef NULL --#define NULL (void*)0 --#endif --]], [[pthread_detach(NULL);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no]) -+]], [[pthread_detach((pthread_t)-1);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no]) - ]) - - if test $ol_cv_func_pthread_detach = no ; then --- -2.37.3 - diff --git a/meta-openembedded/meta-oe/recipes-support/openldap/openldap_2.5.13.bb b/meta-openembedded/meta-oe/recipes-support/openldap/openldap_2.5.16.bb index b117677f9b..a56b454dc0 100644 --- a/meta-openembedded/meta-oe/recipes-support/openldap/openldap_2.5.13.bb +++ b/meta-openembedded/meta-oe/recipes-support/openldap/openldap_2.5.16.bb @@ -19,10 +19,9 @@ SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$ file://slapd.service \ file://remove-user-host-pwd-from-version.patch \ file://0001-build-top.mk-unset-STRIP_OPTS.patch \ - file://0001-configure-Pass-pthread_t-to-pthread_detach.patch \ " -SRC_URI[sha256sum] = "ee3c430c4ef7b87c57b622108c7339376d6c27fbbf2767770be3de1df63d008c" +SRC_URI[sha256sum] = "546ba591822e8bb0e467d40c4d4a30f89d937c3a507fe83a578f582f6a211327" DEPENDS = "util-linux groff-native" diff --git a/meta-openembedded/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch b/meta-openembedded/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch new file mode 100644 index 0000000000..165fc316bf --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch @@ -0,0 +1,54 @@ +CVE: CVE-2023-2977 +Upstream-Status: Backport [ https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a ] +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + + +From 81944d1529202bd28359bede57c0a15deb65ba8a Mon Sep 17 00:00:00 2001 +From: fullwaywang <fullwaywang@tencent.com> +Date: Mon, 29 May 2023 10:38:48 +0800 +Subject: [PATCH] pkcs15init: correct left length calculation to fix buffer + overrun bug. Fixes #2785 + +--- + src/pkcs15init/pkcs15-cardos.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/pkcs15init/pkcs15-cardos.c b/src/pkcs15init/pkcs15-cardos.c +index 9715cf390f..f41f73c349 100644 +--- a/src/pkcs15init/pkcs15-cardos.c ++++ b/src/pkcs15init/pkcs15-cardos.c +@@ -872,7 +872,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card) + sc_apdu_t apdu; + u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; + int r; +- const u8 *p = rbuf, *q; ++ const u8 *p = rbuf, *q, *pp; + size_t len, tlen = 0, ilen = 0; + + sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x88); +@@ -888,13 +888,13 @@ static int cardos_have_verifyrc_package(sc_card_t *card) + return 0; + + while (len != 0) { +- p = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen); +- if (p == NULL) ++ pp = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen); ++ if (pp == NULL) + return 0; + if (card->type == SC_CARD_TYPE_CARDOS_M4_3) { + /* the verifyRC package on CardOS 4.3B use Manufacturer ID 0x01 */ + /* and Package Number 0x07 */ +- q = sc_asn1_find_tag(card->ctx, p, tlen, 0x01, &ilen); ++ q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x01, &ilen); + if (q == NULL || ilen != 4) + return 0; + if (q[0] == 0x07) +@@ -902,7 +902,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card) + } else if (card->type == SC_CARD_TYPE_CARDOS_M4_4) { + /* the verifyRC package on CardOS 4.4 use Manufacturer ID 0x03 */ + /* and Package Number 0x02 */ +- q = sc_asn1_find_tag(card->ctx, p, tlen, 0x03, &ilen); ++ q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x03, &ilen); + if (q == NULL || ilen != 4) + return 0; + if (q[0] == 0x02) diff --git a/meta-openembedded/meta-oe/recipes-support/opensc/opensc_0.23.0.bb b/meta-openembedded/meta-oe/recipes-support/opensc/opensc_0.23.0.bb index f68107df87..b3fc1f0458 100644 --- a/meta-openembedded/meta-oe/recipes-support/opensc/opensc_0.23.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/opensc/opensc_0.23.0.bb @@ -16,6 +16,7 @@ SRCREV = "5497519ea6b4af596628f8f8f2f904bacaa3148f" SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \ file://0001-pkcs11-tool-Fix-private-key-import.patch \ file://0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch \ + file://CVE-2023-2977.patch \ " DEPENDS = "virtual/libiconv openssl" diff --git a/meta-openembedded/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch b/meta-openembedded/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch new file mode 100644 index 0000000000..69f164de96 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch @@ -0,0 +1,46 @@ +From 591235c8b6c65a2eee88991b9ae73490fd9afdfe Sep 17 00:00:00 2001 +From: Albert Astals Cid <aacid@kde.org> +Date: Fri, 18 Aug 2023 09:17:07 +0000 +Subject: [PATCH] OutlineItem::open: Fix crash on malformed files + +Fixes #1399 + +CVE: CVE-2023-34872 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + poppler/Outline.cc | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/poppler/Outline.cc b/poppler/Outline.cc +index cbb6cb4..4c68be9 100644 +--- a/poppler/Outline.cc ++++ b/poppler/Outline.cc +@@ -14,7 +14,7 @@ + // under GPL version 2 or later + // + // Copyright (C) 2005 Marco Pesenti Gritti <mpg@redhat.com> +-// Copyright (C) 2008, 2016-2019, 2021 Albert Astals Cid <aacid@kde.org> ++// Copyright (C) 2008, 2016-2019, 2021, 2023 Albert Astals Cid <aacid@kde.org> + // Copyright (C) 2009 Nick Jones <nick.jones@network-box.com> + // Copyright (C) 2016 Jason Crain <jason@aquaticape.us> + // Copyright (C) 2017 Adrian Johnson <ajohnson@redneon.com> +@@ -483,8 +483,12 @@ void OutlineItem::open() + { + if (!kids) { + Object itemDict = xref->fetch(ref); +- const Object &firstRef = itemDict.dictLookupNF("First"); +- kids = readItemList(this, &firstRef, xref, doc); ++ if (itemDict.isDict()) { ++ const Object &firstRef = itemDict.dictLookupNF("First"); ++ kids = readItemList(this, &firstRef, xref, doc); ++ } else { ++ kids = new std::vector<OutlineItem *>(); ++ } + } + } + +-- +2.35.5 diff --git a/meta-openembedded/meta-oe/recipes-support/poppler/poppler_23.03.0.bb b/meta-openembedded/meta-oe/recipes-support/poppler/poppler_23.03.0.bb index 165e155ec9..81e776d8f6 100644 --- a/meta-openembedded/meta-oe/recipes-support/poppler/poppler_23.03.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/poppler/poppler_23.03.0.bb @@ -7,6 +7,7 @@ SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \ file://0001-Do-not-overwrite-all-our-build-flags.patch \ file://basename-include.patch \ file://0001-cmake-Do-not-use-isystem.patch \ + file://CVE-2023-34872.patch \ " SRC_URI[sha256sum] = "b04148bf849c1965ada7eff6be4685130e3a18a84e0cce73bf9bc472ec32f2b4" diff --git a/meta-openembedded/meta-oe/recipes-support/yaml-cpp/yaml-cpp/0001-Fix-CMake-export-files-1077.patch b/meta-openembedded/meta-oe/recipes-support/yaml-cpp/yaml-cpp/0001-Fix-CMake-export-files-1077.patch new file mode 100644 index 0000000000..b6c4a3b883 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/yaml-cpp/yaml-cpp/0001-Fix-CMake-export-files-1077.patch @@ -0,0 +1,117 @@ +From 3d436f6cfc2dfe52fc1533c01f57c25ae7ffac9c Mon Sep 17 00:00:00 2001 +From: Felix Schwitzer <flx107809@gmail.com> +Date: Fri, 1 Apr 2022 05:26:47 +0200 +Subject: [PATCH] Fix CMake export files (#1077) + +After configuring the file `yaml-cpp-config.cmake.in`, the result ends up with +empty variables. (see also the discussion in #774). + +Rework this file and the call to `configure_package_config_file` according the +cmake documentation +(https://cmake.org/cmake/help/v3.22/module/CMakePackageConfigHelpers.html?highlight=configure_package_config#command:configure_package_config_file) +to overcome this issue and allow a simple `find_package` after install. + +As there was some discussion about the place where to install the +`yaml-cpp-config.cmake` file, e.g. #1055, factor out the install location into +an extra variable to make it easier changing this location in the future. + +Also untabify CMakeLists.txt in some places to align with the other code parts in this file. + +Upstream-Status: Accepted [https://github.com/jbeder/yaml-cpp/pull/1077] + +Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu> +--- + CMakeLists.txt | 29 ++++++++++++++++++----------- + yaml-cpp-config.cmake.in | 10 ++++++---- + 2 files changed, 24 insertions(+), 15 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index b230b9e..983d1a4 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -127,10 +127,16 @@ set_target_properties(yaml-cpp PROPERTIES + PROJECT_LABEL "yaml-cpp ${yaml-cpp-label-postfix}" + DEBUG_POSTFIX "${CMAKE_DEBUG_POSTFIX}") + ++# FIXME(felix2012): A more common place for the cmake export would be ++# `CMAKE_INSTALL_LIBDIR`, as e.g. done in ubuntu or in this project for GTest ++set(CONFIG_EXPORT_DIR "${CMAKE_INSTALL_DATADIR}/cmake/yaml-cpp") ++set(EXPORT_TARGETS yaml-cpp) + configure_package_config_file( + "${PROJECT_SOURCE_DIR}/yaml-cpp-config.cmake.in" + "${PROJECT_BINARY_DIR}/yaml-cpp-config.cmake" +- INSTALL_DESTINATION "${CMAKE_INSTALL_DATADIR}/cmake/yaml-cpp") ++ INSTALL_DESTINATION "${CONFIG_EXPORT_DIR}" ++ PATH_VARS CMAKE_INSTALL_INCLUDEDIR CONFIG_EXPORT_DIR) ++unset(EXPORT_TARGETS) + + write_basic_package_version_file( + "${PROJECT_BINARY_DIR}/yaml-cpp-config-version.cmake" +@@ -139,30 +145,31 @@ write_basic_package_version_file( + configure_file(yaml-cpp.pc.in yaml-cpp.pc @ONLY) + + if (YAML_CPP_INSTALL) +- install(TARGETS yaml-cpp ++ install(TARGETS yaml-cpp + EXPORT yaml-cpp-targets + RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} + LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} + ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}) +- install(DIRECTORY ${PROJECT_SOURCE_DIR}/include/ ++ install(DIRECTORY ${PROJECT_SOURCE_DIR}/include/ + DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} +- FILES_MATCHING PATTERN "*.h") ++ FILES_MATCHING PATTERN "*.h") + install(EXPORT yaml-cpp-targets +- DESTINATION "${CMAKE_INSTALL_DATADIR}/cmake/yaml-cpp") +- install(FILES +- "${PROJECT_BINARY_DIR}/yaml-cpp-config.cmake" +- "${PROJECT_BINARY_DIR}/yaml-cpp-config-version.cmake" +- DESTINATION "${CMAKE_INSTALL_DATADIR}/cmake/yaml-cpp") ++ DESTINATION "${CONFIG_EXPORT_DIR}") ++ install(FILES ++ "${PROJECT_BINARY_DIR}/yaml-cpp-config.cmake" ++ "${PROJECT_BINARY_DIR}/yaml-cpp-config-version.cmake" ++ DESTINATION "${CONFIG_EXPORT_DIR}") + install(FILES "${PROJECT_BINARY_DIR}/yaml-cpp.pc" + DESTINATION ${CMAKE_INSTALL_DATADIR}/pkgconfig) + endif() ++unset(CONFIG_EXPORT_DIR) + + if(YAML_CPP_BUILD_TESTS) +- add_subdirectory(test) ++ add_subdirectory(test) + endif() + + if(YAML_CPP_BUILD_TOOLS) +- add_subdirectory(util) ++ add_subdirectory(util) + endif() + + if (YAML_CPP_CLANG_FORMAT_EXE) +diff --git a/yaml-cpp-config.cmake.in b/yaml-cpp-config.cmake.in +index 7b41e3f..a7ace3d 100644 +--- a/yaml-cpp-config.cmake.in ++++ b/yaml-cpp-config.cmake.in +@@ -3,12 +3,14 @@ + # YAML_CPP_INCLUDE_DIR - include directory + # YAML_CPP_LIBRARIES - libraries to link against + +-# Compute paths +-get_filename_component(YAML_CPP_CMAKE_DIR "${CMAKE_CURRENT_LIST_FILE}" PATH) +-set(YAML_CPP_INCLUDE_DIR "@CONFIG_INCLUDE_DIRS@") ++@PACKAGE_INIT@ ++ ++set_and_check(YAML_CPP_INCLUDE_DIR "@PACKAGE_CMAKE_INSTALL_INCLUDEDIR@") + + # Our library dependencies (contains definitions for IMPORTED targets) +-include("${YAML_CPP_CMAKE_DIR}/yaml-cpp-targets.cmake") ++include(@PACKAGE_CONFIG_EXPORT_DIR@/yaml-cpp-targets.cmake) + + # These are IMPORTED targets created by yaml-cpp-targets.cmake + set(YAML_CPP_LIBRARIES "@EXPORT_TARGETS@") ++ ++check_required_components(@EXPORT_TARGETS@) +-- +2.39.2 + diff --git a/meta-openembedded/meta-oe/recipes-support/yaml-cpp/yaml-cpp_0.7.0.bb b/meta-openembedded/meta-oe/recipes-support/yaml-cpp/yaml-cpp_0.7.0.bb index d3984abe8b..e04d4705a4 100644 --- a/meta-openembedded/meta-oe/recipes-support/yaml-cpp/yaml-cpp_0.7.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/yaml-cpp/yaml-cpp_0.7.0.bb @@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=6a8aaf0595c2efc1a9c2e0913e9c1a2c" # yaml-cpp releases are stored as archive files in github. # download the exact revision of release SRC_URI = "git://github.com/jbeder/yaml-cpp.git;branch=master;protocol=https" +SRC_URI += "file://0001-Fix-CMake-export-files-1077.patch" SRCREV = "0579ae3d976091d7d664aa9d2527e0d0cff25763" S = "${WORKDIR}/git" |