diff options
Diffstat (limited to 'meta-openembedded')
45 files changed, 636 insertions, 83 deletions
diff --git a/meta-openembedded/meta-gnome/recipes-gnome/tracker/tracker_3.3.0.bb b/meta-openembedded/meta-gnome/recipes-gnome/tracker/tracker_3.3.2.bb index bb2396af7c..eaa0e065d1 100644 --- a/meta-openembedded/meta-gnome/recipes-gnome/tracker/tracker_3.3.0.bb +++ b/meta-openembedded/meta-gnome/recipes-gnome/tracker/tracker_3.3.2.bb @@ -22,7 +22,7 @@ GNOMEBASEBUILDCLASS = "meson" inherit gnomebase gsettings gobject-introspection vala gtk-doc manpages bash-completion features_check python3native -SRC_URI[archive.sha256sum] = "0706f96fe7f95df42acec812c1de7b4593a0d648321ca83506a9d71e22417bda" +SRC_URI[archive.sha256sum] = "0ed2b98918956d6f16429c607dd8a14c84f4da0a48970fd2eb8c93aba3cf9913" # gobject-introspection is mandatory and cannot be configured REQUIRED_DISTRO_FEATURES = "gobject-introspection-data" diff --git a/meta-openembedded/meta-gnome/recipes-support/ibus/ibus.inc b/meta-openembedded/meta-gnome/recipes-support/ibus/ibus.inc index 37a490abe0..bb662f2ec9 100644 --- a/meta-openembedded/meta-gnome/recipes-support/ibus/ibus.inc +++ b/meta-openembedded/meta-gnome/recipes-support/ibus/ibus.inc @@ -10,7 +10,7 @@ PV = "1.5.26" DEPENDS = "unicode-ucd" SRC_URI = " \ - git://github.com/ibus/ibus.git;branch=master;protocol=https \ + git://github.com/ibus/ibus.git;branch=main;protocol=https \ file://0001-Do-not-try-to-start-dbus-we-do-not-have-dbus-lauch.patch \ " SRCREV = "6a70ab0338206bd1c7d01a4e1874ea0ee5b3a9d3" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb index b848b820c3..cb919d79e3 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb @@ -3,7 +3,7 @@ LICENSE = "CC-BY-3.0" # http://www.bigbuckbunny.org/index.php/about/ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/CC-BY-3.0;md5=dfa02b5755629022e267f10b9c0a2ab7" -SRC_URI = "https://www.mediaspip.net/IMG/avi/big_buck_bunny_1080p_surround.avi" +SRC_URI = "http://www.peach.themazzone.com/big_buck_bunny_1080p_surround.avi" SRC_URI[md5sum] = "223991c8b33564eb77988a4c13c1c76a" SRC_URI[sha256sum] = "69fe2cfe7154a6e752688e3a0d7d6b07b1605bbaf75b56f6470dc7b4c20c06ea" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/0001-version.c-don-t-print-build-flags.patch b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/0001-version.c-don-t-print-build-flags.patch new file mode 100644 index 0000000000..697205efe0 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/0001-version.c-don-t-print-build-flags.patch @@ -0,0 +1,41 @@ +From cbc64dcf6aa2a1be63f45ea6dd7d2c49b70a0bee Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Wed, 3 Aug 2022 16:44:29 +0800 +Subject: [PATCH] version.c: don't print build flags + +Don't print the build flags to avoid collecting the build environment info. + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + src/main/version.c | 13 ------------- + 1 file changed, 13 deletions(-) + +diff --git a/src/main/version.c b/src/main/version.c +index 62972d9f53..cf81de72c9 100644 +--- a/src/main/version.c ++++ b/src/main/version.c +@@ -589,19 +589,6 @@ void version_print(void) + DEBUG2(" unknown"); + #endif + +- DEBUG2("Compilation flags:"); +-#ifdef BUILT_WITH_CPPFLAGS +- DEBUG2(" cppflags : " BUILT_WITH_CPPFLAGS); +-#endif +-#ifdef BUILT_WITH_CFLAGS +- DEBUG2(" cflags : " BUILT_WITH_CFLAGS); +-#endif +-#ifdef BUILT_WITH_LDFLAGS +- DEBUG2(" ldflags : " BUILT_WITH_LDFLAGS); +-#endif +-#ifdef BUILT_WITH_LIBS +- DEBUG2(" libs : " BUILT_WITH_LIBS); +-#endif + DEBUG2(" "); + } + INFO("FreeRADIUS Version " RADIUSD_VERSION_STRING); +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb index d6477e340e..1407b798b5 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb @@ -32,6 +32,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0 file://radiusd.service \ file://radiusd-volatiles.conf \ file://check-openssl-cmds-in-script-bootstrap.patch \ + file://0001-version.c-don-t-print-build-flags.patch \ " raddbdir="${sysconfdir}/${MLPREFIX}raddb" diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb index ceb94109de..96be49b53f 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb @@ -73,6 +73,11 @@ SYSTEMD_PACKAGES = "${PN}" SYSTEMD_SERVICE:${PN} = "frr.service" SYSTEMD_AUTO_ENABLE = "disable" +do_compile:prepend () { + sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' \ + -e 's#${RECIPE_SYSROOT}##g' ${S}/lib/version.h +} + do_compile:class-native () { oe_runmake clippy-only } diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb index 5f887b8868..30c0ce74cb 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb @@ -72,6 +72,7 @@ CACHED_CONFIGUREVARS = " \ ac_cv_ETC_MNTTAB=/etc/mtab \ lt_cv_shlibpath_overrides_runpath=yes \ ac_cv_path_UNAMEPROG=${base_bindir}/uname \ + ac_cv_path_PSPROG=${base_bindir}/ps \ ac_cv_file__etc_printcap=no \ NETSNMP_CONFIGURE_OPTIONS= \ " diff --git a/meta-openembedded/meta-networking/recipes-support/ndisc6/ndisc6_git.bb b/meta-openembedded/meta-networking/recipes-support/ndisc6/ndisc6_1.0.6.bb index f5467794e6..6861314a0a 100644 --- a/meta-openembedded/meta-networking/recipes-support/ndisc6/ndisc6_git.bb +++ b/meta-openembedded/meta-networking/recipes-support/ndisc6/ndisc6_1.0.6.bb @@ -5,8 +5,7 @@ HOMEPAGE = "http://www.remlab.net/ndisc6/" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" -PV = "1.0.5" -SRCREV = "b706f5f01aa82aa0db678fffd15a1527f330c507" +SRCREV = "7e314b23329f9c24c4c097b8513673fed7e7158a" SRC_URI = "git://git.remlab.net/git/ndisc6.git;protocol=http;branch=master \ file://0001-autogen-Do-not-symlink-gettext.h-from-build-host.patch \ " diff --git a/meta-openembedded/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb b/meta-openembedded/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb index c61303b81e..8625afaa74 100644 --- a/meta-openembedded/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb +++ b/meta-openembedded/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb @@ -85,6 +85,10 @@ do_configure () { done } +do_compile:append () { + sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' ${S}/swig/perl/OpenIPMI_wrap.c +} + do_install:append () { echo "SAL: D = $D" echo "SAL: libdir = $libdir" diff --git a/meta-openembedded/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch b/meta-openembedded/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch index aeb0bece97..0840cbbd8b 100644 --- a/meta-openembedded/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch +++ b/meta-openembedded/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch @@ -1,3 +1,8 @@ +From 7ff4eba20b5c4fc7365e5ee0dfb775ed29bdd5ce Mon Sep 17 00:00:00 2001 +From: Kai Kang <kai.kang@windriver.com> +Date: Wed, 1 Nov 2017 09:23:41 -0400 +Subject: [PATCH] stunnel: fix compile error when openssl disable des support + Upstream-Status: Pending When openssl disable des support with configure option 'no-des', it doesn't @@ -6,12 +11,17 @@ failed. Fix it by checking macro OPENSSL_NO_DES to use openssl des related library conditionaly. Signed-off-by: Kai Kang <kai.kang@windriver.com> + --- + src/common.h | 2 ++ + src/protocol.c | 6 +++--- + 2 files changed, 5 insertions(+), 3 deletions(-) + diff --git a/src/common.h b/src/common.h -index f7d38b0..bf485af 100644 +index bc37eb5..03ee3e5 100644 --- a/src/common.h +++ b/src/common.h -@@ -478,7 +478,9 @@ extern char *sys_errlist[]; +@@ -486,7 +486,9 @@ extern char *sys_errlist[]; #ifndef OPENSSL_NO_MD4 #include <openssl/md4.h> #endif /* !defined(OPENSSL_NO_MD4) */ @@ -22,19 +32,19 @@ index f7d38b0..bf485af 100644 #include <openssl/dh.h> #if OPENSSL_VERSION_NUMBER<0x10100000L diff --git a/src/protocol.c b/src/protocol.c -index 587df09..8198eb6 100644 +index 804f115..d9b2b50 100644 --- a/src/protocol.c +++ b/src/protocol.c -@@ -67,7 +67,7 @@ NOEXPORT char *imap_server(CLI *, SERVICE_OPTIONS *, const PHASE); +@@ -66,7 +66,7 @@ NOEXPORT char *nntp_client(CLI *, SERVICE_OPTIONS *, const PHASE); NOEXPORT char *ldap_client(CLI *, SERVICE_OPTIONS *, const PHASE); NOEXPORT char *connect_server(CLI *, SERVICE_OPTIONS *, const PHASE); NOEXPORT char *connect_client(CLI *, SERVICE_OPTIONS *, const PHASE); -#ifndef OPENSSL_NO_MD4 +#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DES) NOEXPORT void ntlm(CLI *, SERVICE_OPTIONS *); - NOEXPORT char *ntlm1(); + NOEXPORT char *ntlm1(void); NOEXPORT char *ntlm3(char *, char *, char *, char *); -@@ -1332,7 +1332,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +@@ -1351,7 +1351,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { fd_printf(c, c->remote_fd.fd, "Host: %s", opt->protocol_host); if(opt->protocol_username && opt->protocol_password) { if(!strcasecmp(opt->protocol_authentication, "ntlm")) { @@ -43,7 +53,7 @@ index 587df09..8198eb6 100644 ntlm(c, opt); #else s_log(LOG_ERR, "NTLM authentication is not available"); -@@ -1376,7 +1376,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +@@ -1395,7 +1395,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { return NULL; } diff --git a/meta-openembedded/meta-networking/recipes-support/stunnel/stunnel_5.63.bb b/meta-openembedded/meta-networking/recipes-support/stunnel/stunnel_5.65.bb index 325737e8c9..ab7ff43223 100644 --- a/meta-openembedded/meta-networking/recipes-support/stunnel/stunnel_5.63.bb +++ b/meta-openembedded/meta-networking/recipes-support/stunnel/stunnel_5.65.bb @@ -11,7 +11,7 @@ SRC_URI = "https://stunnel.org/archive/5.x/${BP}.tar.gz \ file://fix-openssl-no-des.patch \ " -SRC_URI[sha256sum] = "c74c4e15144a3ae34b8b890bb31c909207301490bd1e51bfaaa5ffeb0a994617" +SRC_URI[sha256sum] = "60c500063bd1feff2877f5726e38278c086f96c178f03f09d264a2012d6bf7fc" inherit autotools bash-completion pkgconfig diff --git a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb index 7ea728aad4..ff4a16e9f2 100644 --- a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb +++ b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb @@ -45,6 +45,12 @@ SRC_URI:append:toolchain-clang = "\ S = "${WORKDIR}/git" +CVE_CHECK_IGNORE += "\ + CVE-2014-8180 \ + CVE-2017-18381 \ + CVE-2017-2665 \ +" + COMPATIBLE_HOST ?= '(x86_64|i.86|powerpc64|arm|aarch64).*-linux' PACKAGECONFIG ??= "tcmalloc system-pcre" diff --git a/meta-openembedded/meta-oe/recipes-benchmark/glmark2/files/0001-waflib-fix-compatibility-with-python-3.11.patch b/meta-openembedded/meta-oe/recipes-benchmark/glmark2/files/0001-waflib-fix-compatibility-with-python-3.11.patch new file mode 100644 index 0000000000..c56fa64e58 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-benchmark/glmark2/files/0001-waflib-fix-compatibility-with-python-3.11.patch @@ -0,0 +1,76 @@ +From b85ba8c3ff3fb9ae708576ccef03434d2ef73054 Mon Sep 17 00:00:00 2001 +From: Martin Jansa <Martin.Jansa@gmail.com> +Date: Tue, 14 Jun 2022 09:54:18 +0000 +Subject: [PATCH] waflib: fix compatibility with python-3.11 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* https://docs.python.org/3.11/whatsnew/3.11.html#changes-in-the-python-api + + open(), io.open(), codecs.open() and fileinput.FileInput no longer + accept 'U' (“universal newline”) in the file mode. This flag was + deprecated since Python 3.3. In Python 3, the “universal newline” is + used by default when a file is open in text mode. The newline parameter + of open() controls how universal newlines works. (Contributed by Victor + Stinner in bpo-37330.) + +* fixes: +Waf: The wscript in '/OE/build/luneos-langdale/webos-ports/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git' is unreadable +Traceback (most recent call last): + File "/OE/build/luneos-langdale/webos-ports/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Scripting.py", line 104, in waf_entry_point + set_main_module(os.path.normpath(os.path.join(Context.run_dir,Context.WSCRIPT_FILE))) + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/OE/build/luneos-langdale/webos-ports/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Scripting.py", line 135, in set_main_module + Context.g_module=Context.load_module(file_path) + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/OE/build/luneos-langdale/webos-ports/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Context.py", line 343, in load_module + code=Utils.readf(path,m='rU',encoding=encoding) + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/OE/build/luneos-langdale/webos-ports/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Utils.py", line 117, in readf + f=open(fname,m) + ^^^^^^^^^^^^^ +ValueError: invalid mode: 'rUb' + +Upstream-Status: Submitted [https://github.com/glmark2/glmark2/pull/178] +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + waflib/ConfigSet.py | 2 +- + waflib/Context.py | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/waflib/ConfigSet.py b/waflib/ConfigSet.py +index 16142a2..87de4ad 100644 +--- a/waflib/ConfigSet.py ++++ b/waflib/ConfigSet.py +@@ -140,7 +140,7 @@ class ConfigSet(object): + Utils.writef(filename,''.join(buf)) + def load(self,filename): + tbl=self.table +- code=Utils.readf(filename,m='rU') ++ code=Utils.readf(filename,m='r') + for m in re_imp.finditer(code): + g=m.group + tbl[g(2)]=eval(g(3)) +diff --git a/waflib/Context.py b/waflib/Context.py +index 8f2cbfb..f3e35ae 100644 +--- a/waflib/Context.py ++++ b/waflib/Context.py +@@ -109,7 +109,7 @@ class Context(ctx): + cache[node]=True + self.pre_recurse(node) + try: +- function_code=node.read('rU',encoding) ++ function_code=node.read('r',encoding) + exec(compile(function_code,node.abspath(),'exec'),self.exec_dict) + finally: + self.post_recurse(node) +@@ -340,7 +340,7 @@ def load_module(path,encoding=None): + pass + module=imp.new_module(WSCRIPT_FILE) + try: +- code=Utils.readf(path,m='rU',encoding=encoding) ++ code=Utils.readf(path,encoding=encoding) + except EnvironmentError: + raise Errors.WafError('Could not read the file %r'%path) + module_dir=os.path.dirname(path) diff --git a/meta-openembedded/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb b/meta-openembedded/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb index 1406f68b05..188d4e5bdf 100644 --- a/meta-openembedded/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb +++ b/meta-openembedded/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb @@ -18,7 +18,8 @@ SRC_URI = " \ file://0001-fix-dispmanx-build.patch \ file://0002-run-dispmanx-fullscreen.patch \ file://0001-libmatrix-Include-missing-utility-header.patch \ - " + file://0001-waflib-fix-compatibility-with-python-3.11.patch \ +" SRCREV = "0858b450cd88c84a15b99dda9698d44e7f7e8c70" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb b/meta-openembedded/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb index 2fa24b29b3..28a3e1e77a 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb @@ -11,6 +11,10 @@ SRC_URI = "git://github.com/rakshasa/libtorrent;branch=master;protocol=https \ " SRCREV = "756f70010779927dc0691e1e722ed433d5d295e1" +CVE_CHECK_IGNORE += "\ + CVE-2009-1760 \ +" + PV = "0.13.8" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb b/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb index a5fcb8d72d..2a3a4ebd06 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb @@ -41,3 +41,6 @@ RDEPENDS:${PN} += " ${@bb.utils.contains('PACKAGECONFIG', 'libuv', '${PN}-evlib- RDEPENDS:${PN} += " ${@bb.utils.contains('PACKAGECONFIG', 'libev', '${PN}-evlib-ev', '', d)}" RDEPENDS:${PN}-dev += " ${@bb.utils.contains('PACKAGECONFIG', 'static', '${PN}-staticdev', '', d)}" + +# Avoid absolute paths to end up in the sysroot. +SSTATE_SCAN_FILES += "*.cmake" diff --git a/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb b/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb index 8f9f663a33..4f8bbf0358 100644 --- a/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb +++ b/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb @@ -14,7 +14,6 @@ DEPENDS = " \ libdevmapper \ popt \ util-linux-libuuid \ - libssh \ " DEPENDS:append:libc-musl = " argp-standalone" @@ -39,6 +38,7 @@ PACKAGECONFIG ??= " \ blkid \ luks-adjust-xts-keysize \ openssl \ + ssh-token \ " PACKAGECONFIG:append:class-target = " \ udev \ @@ -69,6 +69,7 @@ PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss" PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel" PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle" PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1" +PACKAGECONFIG[ssh-token] = "--enable-ssh-token,--disable-ssh-token,libssh" EXTRA_OECONF = "--enable-static" # Building without largefile is not supported by upstream @@ -78,6 +79,14 @@ EXTRA_OECONF += "--disable-static-cryptsetup" # There's no recipe for libargon2 yet EXTRA_OECONF += "--disable-libargon2" +do_install:append() { + # The /usr/lib/cryptsetup directory is always created, even when ssh-token + # is disabled. In that case it is empty and causes a packaging error. Since + # there is no reason to distribute the empty directory, the easiest solution + # is to remove it if it is empty. + rmdir -p --ignore-fail-on-non-empty ${D}${libdir}/${BPN} +} + FILES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}" RDEPENDS:${PN} = " \ diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch new file mode 100644 index 0000000000..101a748776 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch @@ -0,0 +1,110 @@ +From b92eebe8b0760fee7bd55c6c22318620c2c07579 Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Mon, 1 Aug 2022 15:44:38 +0800 +Subject: [PATCH] config_info.c: not expose build info + +Don't collect the build information to fix the buildpaths issue. + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + configure.ac | 2 +- + src/common/config_info.c | 68 ---------------------------------------- + 2 files changed, 1 insertion(+), 69 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 0eb595b..508487b 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -23,7 +23,7 @@ AC_COPYRIGHT([Copyright (c) 1996-2021, PostgreSQL Global Development Group]) + AC_CONFIG_SRCDIR([src/backend/access/common/heaptuple.c]) + AC_CONFIG_AUX_DIR(config) + AC_PREFIX_DEFAULT(/usr/local/pgsql) +-AC_DEFINE_UNQUOTED(CONFIGURE_ARGS, ["$ac_configure_args"], [Saved arguments from configure]) ++AC_DEFINE_UNQUOTED(CONFIGURE_ARGS, ["ac_configure_args"], [Saved arguments from configure]) + + [PG_MAJORVERSION=`expr "$PACKAGE_VERSION" : '\([0-9][0-9]*\)'`] + [PG_MINORVERSION=`expr "$PACKAGE_VERSION" : '.*\.\([0-9][0-9]*\)'`] +diff --git a/src/common/config_info.c b/src/common/config_info.c +index e72e729..b482c20 100644 +--- a/src/common/config_info.c ++++ b/src/common/config_info.c +@@ -123,74 +123,6 @@ get_configdata(const char *my_exec_path, size_t *configdata_len) + configdata[i].setting = pstrdup(path); + i++; + +- configdata[i].name = pstrdup("CONFIGURE"); +- configdata[i].setting = pstrdup(CONFIGURE_ARGS); +- i++; +- +- configdata[i].name = pstrdup("CC"); +-#ifdef VAL_CC +- configdata[i].setting = pstrdup(VAL_CC); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("CPPFLAGS"); +-#ifdef VAL_CPPFLAGS +- configdata[i].setting = pstrdup(VAL_CPPFLAGS); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("CFLAGS"); +-#ifdef VAL_CFLAGS +- configdata[i].setting = pstrdup(VAL_CFLAGS); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("CFLAGS_SL"); +-#ifdef VAL_CFLAGS_SL +- configdata[i].setting = pstrdup(VAL_CFLAGS_SL); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("LDFLAGS"); +-#ifdef VAL_LDFLAGS +- configdata[i].setting = pstrdup(VAL_LDFLAGS); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("LDFLAGS_EX"); +-#ifdef VAL_LDFLAGS_EX +- configdata[i].setting = pstrdup(VAL_LDFLAGS_EX); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("LDFLAGS_SL"); +-#ifdef VAL_LDFLAGS_SL +- configdata[i].setting = pstrdup(VAL_LDFLAGS_SL); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("LIBS"); +-#ifdef VAL_LIBS +- configdata[i].setting = pstrdup(VAL_LIBS); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- + configdata[i].name = pstrdup("VERSION"); + configdata[i].setting = pstrdup("PostgreSQL " PG_VERSION); + i++; +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc index 00c0107469..bef33e6bb4 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc @@ -215,6 +215,14 @@ do_install:append() { install -m 0644 ${WORKDIR}/postgresql.service ${D}${systemd_unitdir}/system sed -i -e 's,@BINDIR@,${bindir},g' \ ${D}${systemd_unitdir}/system/postgresql.service + # Remove the build path + if [ -f ${D}${libdir}/${BPN}/pgxs/src/Makefile.global ]; then + sed -i -e 's#${RECIPE_SYSROOT}##g' \ + -e 's#${RECIPE_SYSROOT_NATIVE}##g' \ + -e 's#${WORKDIR}##g' \ + -e 's#${TMPDIR}##g' \ + ${D}${libdir}/${BPN}/pgxs/src/Makefile.global + fi } SSTATE_SCAN_FILES += "Makefile.global" diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb index 01a6ee635e..1daab22f92 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb @@ -8,6 +8,11 @@ SRC_URI += "\ file://0001-Improve-reproducibility.patch \ file://0001-configure.ac-bypass-autoconf-2.69-version-check.patch \ file://remove_duplicate.patch \ + file://0001-config_info.c-not-expose-build-info.patch \ " SRC_URI[sha256sum] = "c23b6237c5231c791511bdc79098617d6852e9e3bdf360efd8b5d15a1a3d8f6a" + +CVE_CHECK_IGNORE += "\ + CVE-2017-8806 \ +" diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.7.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.8.bb index e9e8eccf3a..d5cf7d8b21 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.7.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.8.bb @@ -33,7 +33,13 @@ SRC_URI:append:class-target = " \ " S = "${WORKDIR}/php-${PV}" -SRC_URI[sha256sum] = "b816753eb005511e695d90945c27093c3236cc73db1262656d9fadd73ead7e9d" +SRC_URI[sha256sum] = "b8815a5a02431453d4261e3598bd1f28516e4c0354f328c12890f257870e4c01" + +CVE_CHECK_IGNORE += "\ + CVE-2007-2728 \ + CVE-2007-3205 \ + CVE-2007-4596 \ +" inherit autotools pkgconfig python3native gettext diff --git a/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb index e9cb7adb81..df90b629a9 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb @@ -18,6 +18,10 @@ SRC_URI[sha256sum] = "53e15a2b5c1bc80161d42e9f69792a3fa18332b7b771910131004eb520 S = "${WORKDIR}/imap-${PV}" +CVE_CHECK_IGNORE += "\ + CVE-2005-0198 \ +" + PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" PACKAGECONFIG[pam] = ",,libpam" diff --git a/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb index b5cd35ab3a..044fcbea74 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb @@ -22,3 +22,8 @@ CACHED_CONFIGUREVARS = "CCLD_FOR_BUILD='${CC_FOR_BUILD}'" BBCLASSEXTEND = "native" PARALLEL_MAKE = "" + +do_configure:prepend() { + # Don't include $CC (which includes path to sysroot) in generated header. + sed -i -e "s/^echo \"\/\* generated \$ac_cv_stdint_message \*\/\" >>\$ac_stdint$"// ${S}/m4/ax_create_stdint_h.m4 +} diff --git a/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb b/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb index db4f507b7c..daaff00395 100644 --- a/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb +++ b/meta-openembedded/meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb @@ -13,6 +13,12 @@ SRC_URI = "git://github.com/libimobiledevice/libplist;protocol=https;branch=mast S = "${WORKDIR}/git" +CVE_CHECK_IGNORE += "\ + CVE-2017-5834 \ + CVE-2017-5835 \ + CVE-2017-5836 \ +" + do_install:append () { if [ -e ${D}${libdir}/python*/site-packages/plist/_plist.so ]; then chrpath -d ${D}${libdir}/python*/site-packages/plist/_plist.so diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules b/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules new file mode 100644 index 0000000000..2ffa4087a8 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules @@ -0,0 +1,24 @@ +polkit.addRule(function(action, subject) { + var YES = polkit.Result.YES; + var permission = { + // required for udisks1: + "org.freedesktop.udisks.filesystem-mount": YES, + "org.freedesktop.udisks.luks-unlock": YES, + "org.freedesktop.udisks.drive-eject": YES, + "org.freedesktop.udisks.drive-detach": YES, + // required for udisks2: + "org.freedesktop.udisks2.filesystem-mount": YES, + "org.freedesktop.udisks2.encrypted-unlock": YES, + "org.freedesktop.udisks2.eject-media": YES, + "org.freedesktop.udisks2.power-off-drive": YES, + // required for udisks2 if using udiskie from another seat (e.g. systemd): + "org.freedesktop.udisks2.filesystem-mount-other-seat": YES, + "org.freedesktop.udisks2.filesystem-unmount-others": YES, + "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES, + "org.freedesktop.udisks2.eject-media-other-seat": YES, + "org.freedesktop.udisks2.power-off-drive-other-seat": YES + }; + if (subject.isInGroup("plugdev")) { + return permission[action.id]; + } +}); diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb new file mode 100644 index 0000000000..db2ed015b4 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb @@ -0,0 +1,17 @@ +DESCRIPTION = "Polkit rule to allow non-priviledged users mount/umount block devices via udisks2" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +require polkit-group-rule.inc + +# The file originates from https://github.com/coldfix/udiskie/wiki/Permissions +SRC_URI = "file://50-org.freedesktop.udiskie.rules" + +RDEPENDS:${PN} += "udisks2" + +do_install() { + install -m 0755 ${WORKDIR}/50-org.freedesktop.udiskie.rules ${D}${sysconfdir}/polkit-1/rules.d +} + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "--system plugdev" diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch index e44e4f6e4a..b8562f8ce2 100644 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch @@ -1,15 +1,18 @@ -From eaecfb21e1bca42e99321cc731e21dbfc1ea0d0c Mon Sep 17 00:00:00 2001 +From 4af72493cb380ab5ce0dd7c5bcd25a8b5457d770 Mon Sep 17 00:00:00 2001 From: Gustavo Lima Chaves <limachaves@gmail.com> Date: Tue, 25 Jan 2022 09:43:21 +0000 -Subject: [PATCH 3/3] Added support for duktape as JS engine +Subject: [PATCH] Added support for duktape as JS engine Original author: Wu Xiaotian (@yetist) Resurrection author, runaway-killer author: Gustavo Lima Chaves (@limachaves) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> +Upstream-Status: Backport [c7fc4e1b61f0fd82fc697c19c604af7e9fb291a2] +Dropped change to .gitlab-ci.yml and adapted configure.ac due to other +patches in meta-oe. + --- - .gitlab-ci.yml | 1 + buildutil/ax_pthread.m4 | 522 ++++++++ configure.ac | 34 +- docs/man/polkit.xml | 4 +- @@ -23,16 +26,12 @@ Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> .../polkitbackendjsauthority.cpp | 721 +---------- .../etc/polkit-1/rules.d/10-testing.rules | 6 +- .../test-polkitbackendjsauthority.c | 2 +- - 14 files changed, 2399 insertions(+), 678 deletions(-) + 13 files changed, 2398 insertions(+), 678 deletions(-) create mode 100644 buildutil/ax_pthread.m4 create mode 100644 src/polkitbackend/polkitbackendcommon.c create mode 100644 src/polkitbackend/polkitbackendcommon.h create mode 100644 src/polkitbackend/polkitbackendduktapeauthority.c -Upstream-Status: Backport [c7fc4e1b61f0fd82fc697c19c604af7e9fb291a2] -Dropped change to .gitlab-ci.yml and adapted configure.ac due to other -patches in meta-oe. - diff --git a/buildutil/ax_pthread.m4 b/buildutil/ax_pthread.m4 new file mode 100644 index 0000000..9f35d13 @@ -603,7 +602,7 @@ index b625743..bbf4768 100644 +CC="$PTHREAD_CC" +AC_CHECK_FUNCS([pthread_condattr_setclock]) + - AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) + AC_CHECK_FUNCS(clearenv fdatasync) if test "x$GCC" = "xyes"; then @@ -581,6 +598,13 @@ echo " @@ -3458,6 +3457,3 @@ index f97e0e0..2103b17 100644 }, { --- -2.20.1 - diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-make-netgroup-support-optional.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch index 1a268f2d0d..fa273d4503 100644 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-make-netgroup-support-optional.patch +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch @@ -1,36 +1,43 @@ -From 0c1debb380fee7f5b2bc62406e45856dc9c9e1a1 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Wed, 22 May 2019 13:18:55 -0700 -Subject: [PATCH] make netgroup support optional +From 7ef2621ab7adcedc099ed39acfb73c6fa835cbc3 Mon Sep 17 00:00:00 2001 +From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> +Date: Sun, 15 May 2022 05:04:10 +0000 +Subject: [PATCH] Make netgroup support optional -On at least Linux/musl and Linux/uclibc, netgroup -support is not available. PolKit fails to compile on these systems -for that reason. +On at least Linux/musl and Linux/uclibc, netgroup support is not +available. PolKit fails to compile on these systems for that reason. This change makes netgroup support conditional on the presence of the setnetgrent(3) function which is required for the support to work. If that function is not available on the system, an error will be returned to the administrator if unix-netgroup: is specified in configuration. -Fixes bug 50145. +(sam: rebased for Meson and Duktape.) -Closes polkit/polkit#14. +Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/14 +Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/163 +Closes: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/52 Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com> -Signed-off-by: Khem Raj <raj.khem@gmail.com> + +Ported back the change in configure.ac (upstream removed autotools +support). + +Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66] +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> --- - configure.ac | 2 +- - src/polkit/polkitidentity.c | 16 ++++++++++++++++ - src/polkit/polkitunixnetgroup.c | 3 +++ - .../polkitbackendinteractiveauthority.c | 14 ++++++++------ - src/polkitbackend/polkitbackendjsauthority.cpp | 3 +++ - test/polkit/polkitidentitytest.c | 9 ++++++++- - test/polkit/polkitunixnetgrouptest.c | 3 +++ - .../test-polkitbackendjsauthority.c | 2 ++ - 8 files changed, 44 insertions(+), 8 deletions(-) + configure.ac | 2 +- + meson.build | 1 + + src/polkit/polkitidentity.c | 17 +++++++++++++++++ + src/polkit/polkitunixnetgroup.c | 3 +++ + .../polkitbackendinteractiveauthority.c | 14 ++++++++------ + src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++ + test/polkit/polkitidentitytest.c | 8 +++++++- + test/polkit/polkitunixnetgrouptest.c | 2 ++ + .../test-polkitbackendjsauthority.c | 2 ++ + 9 files changed, 43 insertions(+), 8 deletions(-) diff --git a/configure.ac b/configure.ac -index b625743..d807086 100644 +index 59858df..5a7fc11 100644 --- a/configure.ac +++ b/configure.ac @@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], @@ -42,8 +49,20 @@ index b625743..d807086 100644 if test "x$GCC" = "xyes"; then LDFLAGS="-Wl,--as-needed $LDFLAGS" +diff --git a/meson.build b/meson.build +index 733bbff..d840926 100644 +--- a/meson.build ++++ b/meson.build +@@ -82,6 +82,7 @@ config_h.set('_GNU_SOURCE', true) + check_functions = [ + 'clearenv', + 'fdatasync', ++ 'setnetgrent', + ] + + foreach func: check_functions diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c -index 3aa1f7f..10e9c17 100644 +index 3aa1f7f..793f17d 100644 --- a/src/polkit/polkitidentity.c +++ b/src/polkit/polkitidentity.c @@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, @@ -62,7 +81,7 @@ index 3aa1f7f..10e9c17 100644 } if (identity == NULL && (error != NULL && *error == NULL)) -@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant *variant, +@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant, GVariant *v; const char *name; @@ -73,10 +92,11 @@ index 3aa1f7f..10e9c17 100644 + "Netgroups are not available on this machine"); + goto out; +#else ++ v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); if (v == NULL) { -@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, +@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, name = g_variant_get_string (v, NULL); ret = polkit_unix_netgroup_new (name); g_variant_unref (v); @@ -144,10 +164,10 @@ index 056d9a8..36c2f3d 100644 } diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp -index ca17108..41d8d5c 100644 +index 5027815..bcb040c 100644 --- a/src/polkitbackend/polkitbackendjsauthority.cpp +++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -1520,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, +@@ -1524,6 +1524,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, JS::CallArgs args = JS::CallArgsFromVp (argc, vp); @@ -155,28 +175,19 @@ index ca17108..41d8d5c 100644 JS::RootedString usrstr (authority->priv->cx); usrstr = args[0].toString(); user = JS_EncodeStringToUTF8 (cx, usrstr); -@@ -1535,6 +1536,8 @@ js_polkit_user_is_in_netgroup (JSContext *cx, +@@ -1538,6 +1539,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, + { is_in_netgroup = true; } - +#endif -+ + ret = true; - args.rval ().setBoolean (is_in_netgroup); diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c -index e91967b..e829aaa 100644 +index e91967b..2635c4c 100644 --- a/test/polkit/polkitidentitytest.c +++ b/test/polkit/polkitidentitytest.c -@@ -19,6 +19,7 @@ - * Author: Nikki VonHollen <vonhollen@google.com> - */ - -+#include "config.h" - #include "glib.h" - #include <polkit/polkit.h> - #include <polkit/polkitprivate.h> -@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = { +@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = { {"unix-group:root", "unix-group:jane", FALSE}, {"unix-group:jane", "unix-group:jane", TRUE}, @@ -192,7 +203,7 @@ index e91967b..e829aaa 100644 {NULL}, }; -@@ -181,11 +186,13 @@ main (int argc, char *argv[]) +@@ -181,11 +185,13 @@ main (int argc, char *argv[]) g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); @@ -208,18 +219,10 @@ index e91967b..e829aaa 100644 add_comparison_tests (); diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c -index 3701ba1..e3352eb 100644 +index 3701ba1..e1d211e 100644 --- a/test/polkit/polkitunixnetgrouptest.c +++ b/test/polkit/polkitunixnetgrouptest.c -@@ -19,6 +19,7 @@ - * Author: Nikki VonHollen <vonhollen@google.com> - */ - -+#include "config.h" - #include "glib.h" - #include <polkit/polkit.h> - #include <string.h> -@@ -69,7 +70,9 @@ int +@@ -69,7 +69,9 @@ int main (int argc, char *argv[]) { g_test_init (&argc, &argv, NULL); diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0005-Make-netgroup-support-optional-duktape.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0005-Make-netgroup-support-optional-duktape.patch new file mode 100644 index 0000000000..12988ad94f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0005-Make-netgroup-support-optional-duktape.patch @@ -0,0 +1,34 @@ +From 792f8e2151c120ec51b50a4098e4f9642409cbec Mon Sep 17 00:00:00 2001 +From: Marta Rybczynska <rybczynska@gmail.com> +Date: Fri, 29 Jul 2022 11:52:59 +0200 +Subject: [PATCH] Make netgroup support optional + +This patch adds a fragment of the netgroup patch to apply on the duktape-related +code. This change is needed to compile with duktape+musl. + +Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66] +Signed-off-by: Marta Rybczynska <martarybczynska@huawei.com> +--- + src/polkitbackend/polkitbackendduktapeauthority.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/polkitbackend/polkitbackendduktapeauthority.c b/src/polkitbackend/polkitbackendduktapeauthority.c +index c89dbcf..58a5936 100644 +--- a/src/polkitbackend/polkitbackendduktapeauthority.c ++++ b/src/polkitbackend/polkitbackendduktapeauthority.c +@@ -1036,6 +1036,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) + user = duk_require_string (cx, 0); + netgroup = duk_require_string (cx, 1); + ++#ifdef HAVE_SETNETGRENT + if (innetgr (netgroup, + NULL, /* host */ + user, +@@ -1043,6 +1044,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) + { + is_in_netgroup = TRUE; + } ++#endif + + duk_push_boolean (cx, is_in_netgroup); + return 1; diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.119.bb b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.119.bb index 66bbf735f0..eff80cd43d 100644 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.119.bb +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.119.bb @@ -24,10 +24,10 @@ PACKAGECONFIG[consolekit] = ",,,consolekit" PAM_SRC_URI = "file://polkit-1_pam.patch" SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - file://0003-make-netgroup-support-optional.patch \ file://0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch \ file://0002-CVE-2021-4115-GHSL-2021-077-fix.patch \ file://0003-Added-support-for-duktape-as-JS-engine.patch \ + file://0004-Make-netgroup-support-optional.patch \ " SRC_URI[sha256sum] = "c8579fdb86e94295404211285fee0722ad04893f0213e571bd75c00972fd1f5c" @@ -58,7 +58,7 @@ FILES:${PN}:append = " \ FILES:${PN}-examples = "${bindir}/*example*" USERADD_PACKAGES = "${PN}" -USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/${BPN}-1 polkitd" +USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/${BPN}-1 --shell /bin/nologin polkitd" SYSTEMD_SERVICE:${PN} = "${BPN}.service" SYSTEMD_AUTO_ENABLE = "disable" diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.2.bb b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.4.bb index b188278e1c..993ff34b10 100644 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.2.bb +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.4.bb @@ -19,7 +19,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://GNU_SOURCE.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ " -SRC_URI[sha256sum] = "5e57eafe7d4ac5ecb6a7d64d6b61db775616dbf903293b3fcc660716dbda5eeb" +SRC_URI[sha256sum] = "f0e65fda74c44a3dd4fa9d512d4d4d833dd0939c934e946a5c622a630d057f2f" inherit autotools-brokensep update-rc.d systemd useradd diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.2202.0.bb b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.2206.0.bb index ebb8ecf9bd..a39de3acb5 100644 --- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.2202.0.bb +++ b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.2206.0.bb @@ -31,7 +31,7 @@ SRC_URI:append:libc-musl = " \ file://0001-Include-sys-time-h.patch \ " -SRC_URI[sha256sum] = "e41308a5a171939b3cbc246e9d4bd30be44e801521e04cd95d051fa3867d6738" +SRC_URI[sha256sum] = "a1377218b26c0767a7a3f67d166d5338af7c24b455d35ec99974e18e6845ba27" UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/releases" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)" diff --git a/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb b/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb index ecbfad394d..a59a5c41df 100644 --- a/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb +++ b/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb @@ -21,6 +21,10 @@ SRCREV = "a181e951376d49a82eef17920c8ebedec80b4823" S = "${WORKDIR}/git" +CVE_CHECK_IGNORE += "\ + CVE-2012-5638 \ +" + DEPENDS = "libaio util-linux" inherit setuptools3 useradd diff --git a/meta-openembedded/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb b/meta-openembedded/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb index 7e00f150d3..4b9ae4758f 100644 --- a/meta-openembedded/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb +++ b/meta-openembedded/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb @@ -32,6 +32,10 @@ SRC_URI = "http://downloads.sourceforge.net/sblim/${BP}.tar.bz2 \ SRC_URI[md5sum] = "28021cdabc73690a94f4f9d57254ce30" SRC_URI[sha256sum] = "634a67b2f7ac3b386a79160eb44413d618e33e4e7fc74ae68b0240484af149dd" +CVE_CHECK_IGNORE += "\ + CVE-2012-3381 \ +" + inherit autotools inherit systemd diff --git a/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb b/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb index aa597cd8e4..4c51af669c 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb @@ -31,6 +31,10 @@ SRC_URI:append:class-nativesdk = "\ SRC_URI[sha256sum] = "6b16bf990df114195be669773a1dae975dbbffada45e1de2849ddeb5851bb9a8" +CVE_CHECK_IGNORE += "\ + CVE-2014-9157 \ +" + PACKAGECONFIG ??= "librsvg" PACKAGECONFIG[librsvg] = "--with-librsvg,--without-librsvg,librsvg" diff --git a/meta-openembedded/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-openembedded/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb index 4c17105a99..27dff82df5 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb @@ -6,6 +6,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb" SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master" SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973" +CVE_CHECK_IGNORE += "\ + CVE-2015-8751 \ +" + S = "${WORKDIR}/git" inherit cmake diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb index f248619ec8..42d2b4efb0 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb @@ -15,6 +15,10 @@ SRC_URI = " \ SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505" S = "${WORKDIR}/git" +CVE_CHECK_IGNORE += "\ + CVE-2015-1239 \ +" + inherit cmake # for multilib diff --git a/meta-openembedded/meta-oe/recipes-support/atop/atop_2.4.0.bb b/meta-openembedded/meta-oe/recipes-support/atop/atop_2.4.0.bb index 35540b3b8f..b1d2abde73 100644 --- a/meta-openembedded/meta-oe/recipes-support/atop/atop_2.4.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/atop/atop_2.4.0.bb @@ -24,6 +24,10 @@ SRC_URI = "http://www.atoptool.nl/download/${BP}.tar.gz \ SRC_URI[md5sum] = "1077da884ed94f2bc3c81ac3ab970436" SRC_URI[sha256sum] = "be1c010a77086b7d98376fce96514afcd73c3f20a8d1fe01520899ff69a73d69" +CVE_CHECK_IGNORE += "\ + CVE-2011-3618 \ +" + do_compile() { oe_runmake all } diff --git a/meta-openembedded/meta-oe/recipes-support/emacs/emacs_27.2.bb b/meta-openembedded/meta-oe/recipes-support/emacs/emacs_27.2.bb index b78dc5e450..4a7e7aba5c 100644 --- a/meta-openembedded/meta-oe/recipes-support/emacs/emacs_27.2.bb +++ b/meta-openembedded/meta-oe/recipes-support/emacs/emacs_27.2.bb @@ -11,6 +11,10 @@ SRC_URI:append:class-target = " file://usemake-docfile-native.patch" SRC_URI[sha256sum] = "b4a7cc4e78e63f378624e0919215b910af5bb2a0afc819fad298272e9f40c1b9" +CVE_CHECK_IGNORE = "\ + CVE-2007-6109 \ +" + PACKAGECONFIG[gnutls] = "--with-gnutls=yes,--with-gnutls=no,gnutls" PACKAGECONFIG[kerberos] = "--with-kerberos=yes,--with-kerberos=no,krb5" PACKAGECONFIG[libgmp] = "--with-libgmp=yes,--with-libgmp=no,gmp" diff --git a/meta-openembedded/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb b/meta-openembedded/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb index 14b1aaf01c..3d8a45786d 100644 --- a/meta-openembedded/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb +++ b/meta-openembedded/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb @@ -15,6 +15,11 @@ SRC_URI = "\ SRC_URI[sha256sum] = "19654ad276b149646371fbdac21bc7620742f2975f7399fed0ffc1a18fbaf603" +CVE_CHECK_IGNORE += "\ + CVE-2010-1624 \ + CVE-2011-3594 \ +" + PACKAGECONFIG ??= "gnutls consoleui avahi dbus idn nss \ ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 gtk startup-notification', '', d)} \ " diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-lxml/CVE-2022-2309.patch b/meta-openembedded/meta-python/recipes-devtools/python/python3-lxml/CVE-2022-2309.patch new file mode 100644 index 0000000000..5ec55dfd2a --- /dev/null +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-lxml/CVE-2022-2309.patch @@ -0,0 +1,99 @@ +From 86368e9cf70a0ad23cccd5ee32de847149af0c6f Mon Sep 17 00:00:00 2001 +From: Stefan Behnel <stefan_ml@behnel.de> +Date: Fri, 1 Jul 2022 21:06:10 +0200 +Subject: [PATCH] Fix a crash when incorrect parser input occurs together with + usages of iterwalk() on trees generated by the same parser. + +CVE: CVE-2022-2309 + +Upstream-Status: Backport +[https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f] + +Signed-off-by: Yue Tao <yue.tao@windriver.com> + +--- + src/lxml/apihelpers.pxi | 7 ++++--- + src/lxml/iterparse.pxi | 11 ++++++----- + src/lxml/tests/test_etree.py | 20 ++++++++++++++++++++ + 3 files changed, 30 insertions(+), 8 deletions(-) + +diff --git a/src/lxml/apihelpers.pxi b/src/lxml/apihelpers.pxi +index c1662762..9fae9fb1 100644 +--- a/src/lxml/apihelpers.pxi ++++ b/src/lxml/apihelpers.pxi +@@ -246,9 +246,10 @@ cdef dict _build_nsmap(xmlNode* c_node): + while c_node is not NULL and c_node.type == tree.XML_ELEMENT_NODE: + c_ns = c_node.nsDef + while c_ns is not NULL: +- prefix = funicodeOrNone(c_ns.prefix) +- if prefix not in nsmap: +- nsmap[prefix] = funicodeOrNone(c_ns.href) ++ if c_ns.prefix or c_ns.href: ++ prefix = funicodeOrNone(c_ns.prefix) ++ if prefix not in nsmap: ++ nsmap[prefix] = funicodeOrNone(c_ns.href) + c_ns = c_ns.next + c_node = c_node.parent + return nsmap +diff --git a/src/lxml/iterparse.pxi b/src/lxml/iterparse.pxi +index 138c23a6..a7299da6 100644 +--- a/src/lxml/iterparse.pxi ++++ b/src/lxml/iterparse.pxi +@@ -420,7 +420,7 @@ cdef int _countNsDefs(xmlNode* c_node): + count = 0 + c_ns = c_node.nsDef + while c_ns is not NULL: +- count += 1 ++ count += (c_ns.href is not NULL) + c_ns = c_ns.next + return count + +@@ -431,9 +431,10 @@ cdef int _appendStartNsEvents(xmlNode* c_node, list event_list) except -1: + count = 0 + c_ns = c_node.nsDef + while c_ns is not NULL: +- ns_tuple = (funicode(c_ns.prefix) if c_ns.prefix is not NULL else '', +- funicode(c_ns.href)) +- event_list.append( (u"start-ns", ns_tuple) ) +- count += 1 ++ if c_ns.href: ++ ns_tuple = (funicodeOrEmpty(c_ns.prefix), ++ funicode(c_ns.href)) ++ event_list.append( (u"start-ns", ns_tuple) ) ++ count += 1 + c_ns = c_ns.next + return count +diff --git a/src/lxml/tests/test_etree.py b/src/lxml/tests/test_etree.py +index e5f08469..285313f6 100644 +--- a/src/lxml/tests/test_etree.py ++++ b/src/lxml/tests/test_etree.py +@@ -1460,6 +1460,26 @@ class ETreeOnlyTestCase(HelperTestCase): + [1,2,1,4], + counts) + ++ def test_walk_after_parse_failure(self): ++ # This used to be an issue because libxml2 can leak empty namespaces ++ # between failed parser runs. iterwalk() failed to handle such a tree. ++ try: ++ etree.XML('''<anot xmlns="1">''') ++ except etree.XMLSyntaxError: ++ pass ++ else: ++ assert False, "invalid input did not fail to parse" ++ ++ et = etree.XML('''<root> </root>''') ++ try: ++ ns = next(etree.iterwalk(et, events=('start-ns',))) ++ except StopIteration: ++ # This would be the expected result, because there was no namespace ++ pass ++ else: ++ # This is a bug in libxml2 ++ assert not ns, repr(ns) ++ + def test_itertext_comment_pi(self): + # https://bugs.launchpad.net/lxml/+bug/1844674 + XML = self.etree.XML +-- +2.17.1 + diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb index c4d4df383a..0c78d97abd 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb @@ -20,7 +20,8 @@ DEPENDS += "libxml2 libxslt" SRC_URI[sha256sum] = "f63f62fc60e6228a4ca9abae28228f35e1bd3ce675013d1dfb828688d50c6e23" -SRC_URI += "${PYPI_SRC_URI}" +SRC_URI += "${PYPI_SRC_URI} \ + file://CVE-2022-2309.patch " inherit pkgconfig pypi setuptools3 # {standard input}: Assembler messages: diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-make_exports.awk-not-expose-the-path.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-make_exports.awk-not-expose-the-path.patch new file mode 100644 index 0000000000..78f23f0f2d --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-make_exports.awk-not-expose-the-path.patch @@ -0,0 +1,32 @@ +From 5b5eae9cdf3bae91756c717349f2f33a31888f24 Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Wed, 3 Aug 2022 12:35:16 +0800 +Subject: [PATCH] make_exports.awk: not expose the path + +Don't print the full path in the comment line. + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + build/make_exports.awk | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/build/make_exports.awk b/build/make_exports.awk +index 1cf0568..44d93c5 100644 +--- a/build/make_exports.awk ++++ b/build/make_exports.awk +@@ -47,7 +47,9 @@ function push(line) { + + function do_output() { + printf("/*\n") +- printf(" * %s\n", FILENAME) ++ file = FILENAME ++ sub("([^/]*[/])*", "", file) ++ printf(" * %s\n", file) + printf(" */\n") + + for (i = 0; i < stackptr; i++) { +-- +2.25.1 + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb index 4b0ed2f622..37d498f52e 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb @@ -15,6 +15,7 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \ file://0007-apache2-allow-to-disable-selinux-support.patch \ file://0008-Fix-perl-install-directory-to-usr-bin.patch \ file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \ + file://0001-make_exports.awk-not-expose-the-path.patch \ " SRC_URI:append:class-target = " \ diff --git a/meta-openembedded/meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb b/meta-openembedded/meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb index 98cd251d2d..8fe879b816 100644 --- a/meta-openembedded/meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb +++ b/meta-openembedded/meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb @@ -12,3 +12,12 @@ SRC_URI[sha256sum] = "e9a99a62d10981391508dd43f3cbfa2d50a69bd6b7d1eeef7d30ba4c67 FILES:${PN} += "${datadir}/metainfo" RDEPENDS:${PN} += "python3-pygobject python3-dbus" + +do_install:append() { + # + # Until catfish upstream figures out a way to overcome this buildpath issue, we need to do such adjustments here. + # + sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' ${D}${datadir}/applications/org.xfce.Catfish.desktop + sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' ${D}${PYTHON_SITEPACKAGES_DIR}/catfish_lib/catfishconfig.py + rm -f ${D}${PYTHON_SITEPACKAGES_DIR}/catfish_lib/__pycache__/catfishconfig.*.pyc +} |