diff options
Diffstat (limited to 'poky/meta/recipes-extended')
27 files changed, 571 insertions, 67 deletions
diff --git a/poky/meta/recipes-extended/acpica/acpica_20220331.bb b/poky/meta/recipes-extended/acpica/acpica_20230331.bb index 2c554f863a..01b8833f50 100644 --- a/poky/meta/recipes-extended/acpica/acpica_20220331.bb +++ b/poky/meta/recipes-extended/acpica/acpica_20230331.bb @@ -10,14 +10,14 @@ HOMEPAGE = "http://www.acpica.org/" SECTION = "console/tools" LICENSE = "Intel | BSD-3-Clause | GPL-2.0-only" -LIC_FILES_CHKSUM = "file://source/compiler/aslcompile.c;beginline=7;endline=150;md5=41a76b4b1f816240f090cf010fefebf0" +LIC_FILES_CHKSUM = "file://source/compiler/aslcompile.c;beginline=7;endline=150;md5=79a69059b499bccc70a484459549758f" COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux" DEPENDS = "m4-native flex-native bison-native" SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix-${PV}.tar.gz" -SRC_URI[sha256sum] = "acaff68b14f1e0804ebbfc4b97268a4ccbefcfa053b02ed9924f2b14d8a98e21" +SRC_URI[sha256sum] = "0c5d695d605aaa61709f3c63f57a1a99b8902291723998446b0813b57ac310e2" UPSTREAM_CHECK_URI = "https://acpica.org/downloads" diff --git a/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch new file mode 100644 index 0000000000..4b96e4316c --- /dev/null +++ b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch @@ -0,0 +1,39 @@ +From 77ff5f1be394eb2c786df561ff37dde7f982ec76 Mon Sep 17 00:00:00 2001 +From: Stefano Babic <sbabic@denx.de> +Date: Fri, 28 Jul 2017 13:20:52 +0200 +Subject: [PATCH] Wrong CRC with ASCII CRC for large files + +Due to signedness, the checksum is not computed when filesize is bigger +a 2GB. + +Upstream-Status: Submitted [https://lists.gnu.org/archive/html/bug-cpio/2017-07/msg00004.html] +Signed-off-by: Stefano Babic <sbabic@denx.de> +--- + src/copyout.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/copyout.c b/src/copyout.c +index 1f0987a..727aeca 100644 +--- a/src/copyout.c ++++ b/src/copyout.c +@@ -34,13 +34,13 @@ + compute and return a checksum for them. */ + + static uint32_t +-read_for_checksum (int in_file_des, int file_size, char *file_name) ++read_for_checksum (int in_file_des, unsigned int file_size, char *file_name) + { + uint32_t crc; + char buf[BUFSIZ]; +- int bytes_left; +- int bytes_read; +- int i; ++ unsigned int bytes_left; ++ unsigned int bytes_read; ++ unsigned int i; + + crc = 0; + +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/cpio/cpio_2.13.bb b/poky/meta/recipes-extended/cpio/cpio_2.13.bb index 3350ba710e..df5e09cae8 100644 --- a/poky/meta/recipes-extended/cpio/cpio_2.13.bb +++ b/poky/meta/recipes-extended/cpio/cpio_2.13.bb @@ -12,6 +12,7 @@ SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ file://0001-obstack-Fix-a-clang-warning.patch \ file://CVE-2021-38185.patch \ file://0001-Use-__alignof__-with-clang.patch \ + file://0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch \ file://run-ptest \ " diff --git a/poky/meta/recipes-extended/cracklib/cracklib_2.9.10.bb b/poky/meta/recipes-extended/cracklib/cracklib_2.9.11.bb index 8197cdad9e..34ef2b65a1 100644 --- a/poky/meta/recipes-extended/cracklib/cracklib_2.9.10.bb +++ b/poky/meta/recipes-extended/cracklib/cracklib_2.9.11.bb @@ -13,7 +13,7 @@ SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=main \ file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \ " -SRCREV = "e74c539344d024709ee76e2920b0af7f9a5c5556" +SRCREV = "4cf5125250c6325ef0a2dc085eabff875227edc3" S = "${WORKDIR}/git/src" inherit autotools gettext diff --git a/poky/meta/recipes-extended/gawk/gawk/remove-sensitive-tests.patch b/poky/meta/recipes-extended/gawk/gawk/remove-sensitive-tests.patch deleted file mode 100644 index ffae55058b..0000000000 --- a/poky/meta/recipes-extended/gawk/gawk/remove-sensitive-tests.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 354d24baf7c51977d22ff61ad42e6a2cbd4dc8ac Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@arm.com> -Date: Tue, 21 Dec 2021 17:09:12 +0000 -Subject: [PATCH] gawk: remove load-sensitive tests - -These tests require an unloaded host as otherwise timing sensitive tests can fail -https://bugzilla.yoctoproject.org/show_bug.cgi?id=14371 - -Upstream-Status: Inappropriate -Signed-off-by: Ross Burton <ross.burton@arm.com> - ---- - test/Maketests | 10 ---------- - 1 file changed, 10 deletions(-) - -diff --git a/test/Maketests b/test/Maketests -index 3a667af..f117697 100644 ---- a/test/Maketests -+++ b/test/Maketests -@@ -2137,11 +2137,6 @@ symtab12: - @-AWKPATH="$(srcdir)" $(AWK) -f $@.awk >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ - @-$(CMP) "$(srcdir)"/$@.ok _$@ && rm -f _$@ - --timeout: -- @echo $@ $(ZOS_FAIL) -- @-AWKPATH="$(srcdir)" $(AWK) -f $@.awk >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ -- @-$(CMP) "$(srcdir)"/$@.ok _$@ && rm -f _$@ -- - typedregex1: - @echo $@ - @-AWKPATH="$(srcdir)" $(AWK) -f $@.awk >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ -@@ -2371,11 +2366,6 @@ rwarray: - @-AWKPATH="$(srcdir)" $(AWK) -f $@.awk < "$(srcdir)"/$@.in >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ - @-$(CMP) "$(srcdir)"/$@.ok _$@ && rm -f _$@ - --time: -- @echo $@ -- @-AWKPATH="$(srcdir)" $(AWK) -f $@.awk >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ -- @-$(CMP) "$(srcdir)"/$@.ok _$@ && rm -f _$@ -- - mpfrbigint: - @echo $@ - @-AWKPATH="$(srcdir)" $(AWK) -f $@.awk -M >_$@ 2>&1 || echo EXIT CODE: $$? >>_$@ diff --git a/poky/meta/recipes-extended/gawk/gawk/run-ptest b/poky/meta/recipes-extended/gawk/gawk/run-ptest index 2675650600..f4ef3e7bd4 100644 --- a/poky/meta/recipes-extended/gawk/gawk/run-ptest +++ b/poky/meta/recipes-extended/gawk/gawk/run-ptest @@ -3,6 +3,11 @@ cd test for i in `grep -E "^[a-z0-9_-]*:$" Maketests |awk -F: '{print $1}'`; do unset LANG + grep -q "^$i$" skipped.txt + if [ $? -eq 0 ]; then + echo "SKIP: $i" + continue + fi srcdir=`pwd` AWKPROG=gawk AWK=gawk CMP=cmp make -f Maketests $i >$i.tmp 2>&1 if [ -e _$i ]; then cat _$i diff --git a/poky/meta/recipes-extended/gawk/gawk_5.2.1.bb b/poky/meta/recipes-extended/gawk/gawk_5.2.1.bb index e381bad148..768c8eb364 100644 --- a/poky/meta/recipes-extended/gawk/gawk_5.2.1.bb +++ b/poky/meta/recipes-extended/gawk/gawk_5.2.1.bb @@ -16,7 +16,6 @@ PACKAGECONFIG[readline] = "--with-readline,--without-readline,readline" PACKAGECONFIG[mpfr] = "--with-mpfr,--without-mpfr, mpfr" SRC_URI = "${GNU_MIRROR}/gawk/gawk-${PV}.tar.gz \ - file://remove-sensitive-tests.patch \ file://run-ptest \ " @@ -60,10 +59,29 @@ do_install_ptest() { # https://bugzilla.yoctoproject.org/show_bug.cgi?id=14371 rm -f ${D}${PTEST_PATH}/test/time.* rm -f ${D}${PTEST_PATH}/test/timeout.* + for t in time timeout; do + echo $t >> ${D}${PTEST_PATH}/test/skipped.txt + done +} + +do_install_ptest:append:libc-musl() { + # Reported https://lists.gnu.org/archive/html/bug-gawk/2021-02/msg00005.html + rm -f ${D}${PTEST_PATH}/test/clos1way6.* + # Needs en_US.UTF-8 but then does not work with musl + rm -f ${D}${PTEST_PATH}/test/backsmalls1.* + # Needs en_US.UTF-8 but then does not work with musl + rm -f ${D}${PTEST_PATH}/test/commas.* + # The below two need LANG=C inside the make rule for musl + rm -f ${D}${PTEST_PATH}/test/rebt8b1.* + rm -f ${D}${PTEST_PATH}/test/regx8bit.* + for t in clos1way6 backsmalls1 commas rebt8b1 regx8bit; do + echo $t >> ${D}${PTEST_PATH}/test/skipped.txt + done } -RDEPENDS:${PN}-ptest += "make" +RDEPENDS:${PN}-ptest += "make locale-base-en-us" -RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-en-us locale-base-en-us.iso-8859-1" +RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-en-us.iso-8859-1" +RDEPENDS:${PN}-ptest:append:libc-musl = " musl-locales" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-extended/go-examples/go-helloworld_0.1.bb b/poky/meta/recipes-extended/go-examples/go-helloworld_0.1.bb index d0de035921..5483ecc307 100644 --- a/poky/meta/recipes-extended/go-examples/go-helloworld_0.1.bb +++ b/poky/meta/recipes-extended/go-examples/go-helloworld_0.1.bb @@ -1,4 +1,4 @@ -DESCRIPTION = "This is a simple example recipe that cross-compiles a Go program." +SUMMARY = "This is a simple example recipe that cross-compiles a Go program." SECTION = "examples" HOMEPAGE = "https://golang.org/" diff --git a/poky/meta/recipes-extended/grep/grep_3.9.bb b/poky/meta/recipes-extended/grep/grep_3.10.bb index 3c39a5fb56..33fd64d27e 100644 --- a/poky/meta/recipes-extended/grep/grep_3.9.bb +++ b/poky/meta/recipes-extended/grep/grep_3.10.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464" SRC_URI = "${GNU_MIRROR}/grep/grep-${PV}.tar.xz" -SRC_URI[sha256sum] = "abcd11409ee23d4caf35feb422e53bbac867014cfeed313bb5f488aca170b599" +SRC_URI[sha256sum] = "24efa5b595fb5a7100879b51b8868a0bb87a71c183d02c4c602633b88af6855b" inherit autotools gettext texinfo pkgconfig diff --git a/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index f447035b67..aafede3da8 100644 --- a/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb +++ b/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb @@ -7,11 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d499814247adaee08d88080841cb5665" DEPENDS = "e2fsprogs-native" -PACKAGECONFIG ?= "zlib bz2 xz zstd" - -PACKAGECONFIG:append:class-target = "\ - ${@bb.utils.filter('DISTRO_FEATURES', 'acl xattr', d)} \ -" +PACKAGECONFIG ?= "zlib bz2 xz zstd ${@bb.utils.filter('DISTRO_FEATURES', 'acl xattr', d)}" DEPENDS_BZIP2 = "bzip2-replacement-native" DEPENDS_BZIP2:class-target = "bzip2" diff --git a/poky/meta/recipes-extended/libsolv/libsolv_0.7.23.bb b/poky/meta/recipes-extended/libsolv/libsolv_0.7.24.bb index 1256905720..7c8f1fd372 100644 --- a/poky/meta/recipes-extended/libsolv/libsolv_0.7.23.bb +++ b/poky/meta/recipes-extended/libsolv/libsolv_0.7.24.bb @@ -12,7 +12,7 @@ SRC_URI = "git://github.com/openSUSE/libsolv.git;branch=master;protocol=https \ file://0001-utils-Conside-musl-when-wrapping-qsort_r.patch \ " -SRCREV = "6deaca7cf61ec2b32c4a3b494a751c8d15efbe8b" +SRCREV = "4d05dca3974156faf2f025ca4a82b68904848307" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" diff --git a/poky/meta/recipes-extended/logrotate/logrotate/run-ptest b/poky/meta/recipes-extended/logrotate/logrotate/run-ptest new file mode 100755 index 0000000000..b272def65f --- /dev/null +++ b/poky/meta/recipes-extended/logrotate/logrotate/run-ptest @@ -0,0 +1,5 @@ +#!/bin/sh + +set -u + +make -k check diff --git a/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb b/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb index 4e4ea10628..87c0d9ae60 100644 --- a/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb +++ b/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb @@ -10,7 +10,9 @@ DEPENDS="coreutils popt" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.xz" +SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.xz \ + file://run-ptest \ + " SRC_URI[sha256sum] = "8fa12015e3b8415c121fc9c0ca53aa872f7b0702f543afda7e32b6c4900f6516" @@ -44,7 +46,7 @@ EXTRA_OEMAKE = "\ # INSTALL=install and BASEDIR=/usr. OS_NAME = "Linux" -inherit autotools systemd github-releases +inherit autotools systemd github-releases ptest SYSTEMD_SERVICE:${PN} = "\ ${BPN}.service \ @@ -86,3 +88,27 @@ do_install(){ install -p -m 0755 ${S}/examples/logrotate.cron ${D}${sysconfdir}/cron.daily/logrotate fi } + +do_install_ptest() { + cp -r ${S}/test/* ${D}${PTEST_PATH} + cp ${S}/test-driver ${D}${PTEST_PATH} + cp ${B}/test/Makefile ${D}${PTEST_PATH} + + # Do not rebuild Makefile + sed -i 's/^Makefile:/_Makefile:/' ${D}${PTEST_PATH}/Makefile + + # Fix top_builddir and top_srcdir + sed -e 's/^top_builddir = \(.*\)/top_builddir = ./' \ + -e 's/^top_srcdir = \(.*\)/top_srcdir = ./' \ + -i ${D}${PTEST_PATH}/Makefile + + # Replace bash with sh + sed -i 's,/bin/bash,/bin/sh,' ${D}${PTEST_PATH}/Makefile + + # Replace gawk with awk + sed -i 's/gawk/awk/' ${D}${PTEST_PATH}/Makefile + ln -s ${sbindir}/logrotate ${D}${PTEST_PATH} +} + +# coreutils is needed to have "readlink" +RDEPENDS:${PN}-ptest += "make coreutils" diff --git a/poky/meta/recipes-extended/man-pages/man-pages_6.03.bb b/poky/meta/recipes-extended/man-pages/man-pages_6.04.bb index bc02597ef7..fee57e3fbd 100644 --- a/poky/meta/recipes-extended/man-pages/man-pages_6.03.bb +++ b/poky/meta/recipes-extended/man-pages/man-pages_6.04.bb @@ -4,7 +4,7 @@ SECTION = "console/utils" HOMEPAGE = "http://www.kernel.org/pub/linux/docs/man-pages" LICENSE = "GPL-2.0-or-later & GPL-2.0-only & GPL-1.0-or-later & BSD-2-Clause & BSD-3-Clause & BSD-4-Clause & MIT" -LIC_FILES_CHKSUM = "file://README;md5=0fdad39ebaa973a50785f79f0f59f87f \ +LIC_FILES_CHKSUM = "file://README;md5=5b7d7488344f5af8841dc13aaec49cdf \ file://LICENSES/BSD-2-Clause.txt;md5=d0f280d1058e77e66264a9b9e10e6c89 \ file://LICENSES/BSD-3-Clause.txt;md5=71f739ef75581cae312e8c711bcdab16 \ file://LICENSES/BSD-4-Clause-UC.txt;md5=1da3cf8ad50cd8d5d1de3cfc53196d01 \ @@ -16,7 +16,7 @@ LIC_FILES_CHKSUM = "file://README;md5=0fdad39ebaa973a50785f79f0f59f87f \ " SRC_URI = "${KERNELORG_MIRROR}/linux/docs/${BPN}/${BP}.tar.gz" -SRC_URI[sha256sum] = "76eca045b42a90dd25d094c46d97ac90187bc0f1bfca358bb5dae5c4337acbb0" +SRC_URI[sha256sum] = "590623b99bf1f8ee958483c35cc0aaef2363e42998c4d927d1f705890d15d51e" inherit manpages diff --git a/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch b/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch new file mode 100644 index 0000000000..94dcb04f0a --- /dev/null +++ b/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch @@ -0,0 +1,108 @@ +From 42404548721c653317c911c83d885e2fc7fbca70 Mon Sep 17 00:00:00 2001 +From: Per Jessen <per@jessen.ch> +Date: Fri, 22 Apr 2022 18:15:36 +0200 +Subject: [PATCH] pam_motd: do not rely on all filesystems providing a filetype + +When using scandir() to look for MOTD files to display, we wrongly +relied on all filesystems providing a filetype. This is a fix to divert +to lstat() when we have no filetype. To maintain MT safety, it isn't +possible to use lstat() in the scandir() filter function, so all of the +filtering has been moved to an additional loop after scanning all the +motd dirs. +Also, remove superfluous alphasort from scandir(), we are doing +a qsort() later. + +Resolves: https://github.com/linux-pam/linux-pam/issues/455 + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/42404548721c653317c911c83d885e2fc7fbca70] + +Signed-off-by: Per Jessen <per@jessen.ch> +Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> +--- + modules/pam_motd/pam_motd.c | 49 ++++++++++++++++++++++++++++++------- + 1 file changed, 40 insertions(+), 9 deletions(-) + +diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c +index 6ac8cba2..5ca486e4 100644 +--- a/modules/pam_motd/pam_motd.c ++++ b/modules/pam_motd/pam_motd.c +@@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b) + } + } + +-static int filter_dirents(const struct dirent *d) +-{ +- return (d->d_type == DT_REG || d->d_type == DT_LNK); +-} +- + static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing) + { +@@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + + for (i = 0; i < num_motd_dirs; i++) { + int rv; +- rv = scandir(motd_dir_path_split[i], &(dirscans[i]), +- filter_dirents, alphasort); ++ rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL); + if (rv < 0) { + if (errno != ENOENT || report_missing) { + pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m", +@@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + if (dirscans_size_total == 0) + goto out; + ++ /* filter out unwanted names, directories, and complement data with lstat() */ ++ for (i = 0; i < num_motd_dirs; i++) { ++ struct dirent **d = dirscans[i]; ++ for (unsigned int j = 0; j < dirscans_sizes[i]; j++) { ++ int rc; ++ char *fullpath; ++ struct stat s; ++ ++ switch(d[j]->d_type) { /* the filetype determines how to proceed */ ++ case DT_REG: /* regular files and */ ++ case DT_LNK: /* symlinks */ ++ continue; /* are good. */ ++ case DT_UNKNOWN: /* for file systems that do not provide */ ++ /* a filetype, we use lstat() */ ++ if (join_dir_strings(&fullpath, motd_dir_path_split[i], ++ d[j]->d_name) <= 0) ++ break; ++ rc = lstat(fullpath, &s); ++ _pam_drop(fullpath); /* free the memory alloc'ed by join_dir_strings */ ++ if (rc != 0) /* if the lstat() somehow failed */ ++ break; ++ ++ if (S_ISREG(s.st_mode) || /* regular files and */ ++ S_ISLNK(s.st_mode)) continue; /* symlinks are good */ ++ break; ++ case DT_DIR: /* We don't want directories */ ++ default: /* nor anything else */ ++ break; ++ } ++ _pam_drop(d[j]); /* free memory */ ++ d[j] = NULL; /* indicate this one was dropped */ ++ dirscans_size_total--; ++ } ++ } ++ + /* Allocate space for all file names found in the directories, including duplicates. */ + if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) { + pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array"); +@@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + unsigned int j; + + for (j = 0; j < dirscans_sizes[i]; j++) { +- dirnames_all[i_dirnames] = dirscans[i][j]->d_name; +- i_dirnames++; ++ if (NULL != dirscans[i][j]) { ++ dirnames_all[i_dirnames] = dirscans[i][j]->d_name; ++ i_dirnames++; ++ } + } + } + +-- +2.39.0 + diff --git a/poky/meta/recipes-extended/pam/libpam_1.3.1.bb b/poky/meta/recipes-extended/pam/libpam_1.3.1.bb index db5410a7e5..59ed1749ec 100644 --- a/poky/meta/recipes-extended/pam/libpam_1.3.1.bb +++ b/poky/meta/recipes-extended/pam/libpam_1.3.1.bb @@ -25,7 +25,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \ file://pam-unix-nullok-secure.patch \ file://crypt_configure.patch \ file://pam-volatiles.conf \ - " + " SRC_URI[md5sum] = "558ff53b0fc0563ca97f79e911822165" SRC_URI[sha256sum] = "eff47a4ecd833fbf18de9686632a70ee8d0794b79aecb217ebd0ce11db4cd0db" diff --git a/poky/meta/recipes-extended/screen/screen/signal-permission.patch b/poky/meta/recipes-extended/screen/screen/signal-permission.patch new file mode 100644 index 0000000000..77dc649090 --- /dev/null +++ b/poky/meta/recipes-extended/screen/screen/signal-permission.patch @@ -0,0 +1,40 @@ +From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001 +From: Alexander Naumov <alexander_naumov@opensuse.org> +Date: Mon, 30 Jan 2023 17:22:25 +0200 +Subject: fix: missing signal sending permission check on failed query messages + +Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org> + +CVE: CVE-2023-24626 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + src/socket.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/socket.c b/src/socket.c +index 147dc54..54d8cb8 100644 +--- a/socket.c ++++ b/socket.c +@@ -1285,11 +1285,16 @@ ReceiveMsg() + else + queryflag = -1; + +- Kill(m.m.command.apid, ++ if (CheckPid(m.m.command.apid)) { ++ Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid); ++ } ++ else { ++ Kill(m.m.command.apid, + (queryflag >= 0) + ? SIGCONT + : SIG_BYE); /* Send SIG_BYE if an error happened */ +- queryflag = -1; ++ queryflag = -1; ++ } + } + break; + case MSG_COMMAND: +-- +cgit v1.1 + diff --git a/poky/meta/recipes-extended/screen/screen_4.9.0.bb b/poky/meta/recipes-extended/screen/screen_4.9.0.bb index 77e8000bf3..235cd8c6cf 100644 --- a/poky/meta/recipes-extended/screen/screen_4.9.0.bb +++ b/poky/meta/recipes-extended/screen/screen_4.9.0.bb @@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \ file://0001-fix-for-multijob-build.patch \ file://0001-Remove-more-compatibility-stuff.patch \ file://0001-configure-Add-needed-system-headers-in-checks.patch \ + file://signal-permission.patch \ " SRC_URI[sha256sum] = "f9335281bb4d1538ed078df78a20c2f39d3af9a4e91c57d084271e0289c730f4" diff --git a/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch b/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch new file mode 100644 index 0000000000..37ba5f3dc2 --- /dev/null +++ b/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch @@ -0,0 +1,41 @@ +commit 670cae834827a8f794e6f7464fa57790d911b63c +Author: SoumyaWind <121475834+SoumyaWind@users.noreply.github.com> +Date: Tue Dec 27 17:40:17 2022 +0530 + + shadow: Fix can not print full login timeout message + + Login timed out message prints only first few bytes when write is immediately followed by exit. + Calling exit from new handler provides enough time to display full message. + +Upstream-Status: Accepted [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c] + +diff --git a/src/login.c b/src/login.c +index 116e2cb3..c55f4de0 100644 +--- a/src/login.c ++++ b/src/login.c +@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user); + + static void init_env (void); + static void alarm_handler (int); ++static void exit_handler (int); + + /* + * usage - print login command usage and exit +@@ -391,11 +392,16 @@ static void init_env (void) + #endif /* !USE_PAM */ + } + ++static void exit_handler (unused int sig) ++{ ++ _exit (0); ++} + + static void alarm_handler (unused int sig) + { + write (STDERR_FILENO, tmsg, strlen (tmsg)); +- _exit (0); ++ signal(SIGALRM, exit_handler); ++ alarm(2); + } + + #ifdef USE_PAM diff --git a/poky/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch b/poky/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch new file mode 100644 index 0000000000..ac08be515b --- /dev/null +++ b/poky/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch @@ -0,0 +1,65 @@ +From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> +Date: Fri, 31 Mar 2023 14:46:50 +0200 +Subject: [PATCH] Overhaul valid_field() + +e5905c4b ("Added control character check") introduced checking for +control characters but had the logic inverted, so it rejects all +characters that are not control ones. + +Cast the character to `unsigned char` before passing to the character +checking functions to avoid UB. + +Use strpbrk(3) for the illegal character test and return early. + +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d55998386e4ceb4273c19eb4] + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + lib/fields.c | 24 ++++++++++-------------- + 1 file changed, 10 insertions(+), 14 deletions(-) + +diff --git a/lib/fields.c b/lib/fields.c +index fb51b582..53929248 100644 +--- a/lib/fields.c ++++ b/lib/fields.c +@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal) + + /* For each character of field, search if it appears in the list + * of illegal characters. */ ++ if (illegal && NULL != strpbrk (field, illegal)) { ++ return -1; ++ } ++ ++ /* Search if there are non-printable or control characters */ + for (cp = field; '\0' != *cp; cp++) { +- if (strchr (illegal, *cp) != NULL) { ++ unsigned char c = *cp; ++ if (!isprint (c)) { ++ err = 1; ++ } ++ if (iscntrl (c)) { + err = -1; + break; + } + } + +- if (0 == err) { +- /* Search if there are non-printable or control characters */ +- for (cp = field; '\0' != *cp; cp++) { +- if (!isprint (*cp)) { +- err = 1; +- } +- if (!iscntrl (*cp)) { +- err = -1; +- break; +- } +- } +- } +- + return err; + } + +-- +2.34.1 + diff --git a/poky/meta/recipes-extended/shadow/files/CVE-2023-29383.patch b/poky/meta/recipes-extended/shadow/files/CVE-2023-29383.patch new file mode 100644 index 0000000000..f53341d3fc --- /dev/null +++ b/poky/meta/recipes-extended/shadow/files/CVE-2023-29383.patch @@ -0,0 +1,53 @@ +From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001 +From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com> +Date: Thu, 23 Mar 2023 23:39:38 +0000 +Subject: [PATCH] Added control character check + +Added control character check, returning -1 (to "err") if control characters are present. + +CVE: CVE-2023-29383 +Upstream-Status: Backport + +Reference to upstream: +https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + lib/fields.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/lib/fields.c b/lib/fields.c +index 640be931..fb51b582 100644 +--- a/lib/fields.c ++++ b/lib/fields.c +@@ -21,9 +21,9 @@ + * + * The supplied field is scanned for non-printable and other illegal + * characters. +- * + -1 is returned if an illegal character is present. +- * + 1 is returned if no illegal characters are present, but the field +- * contains a non-printable character. ++ * + -1 is returned if an illegal or control character is present. ++ * + 1 is returned if no illegal or control characters are present, ++ * but the field contains a non-printable character. + * + 0 is returned otherwise. + */ + int valid_field (const char *field, const char *illegal) +@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) + } + + if (0 == err) { +- /* Search if there are some non-printable characters */ ++ /* Search if there are non-printable or control characters */ + for (cp = field; '\0' != *cp; cp++) { + if (!isprint (*cp)) { + err = 1; ++ } ++ if (!iscntrl (*cp)) { ++ err = -1; + break; + } + } +-- +2.34.1 + diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc index 2c70a2d00e..cf05a3af93 100644 --- a/poky/meta/recipes-extended/shadow/shadow.inc +++ b/poky/meta/recipes-extended/shadow/shadow.inc @@ -14,6 +14,9 @@ GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases" SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ file://useradd \ + file://0001-Fix-can-not-print-full-login.patch \ + file://CVE-2023-29383.patch \ + file://0001-Overhaul-valid_field.patch \ " SRC_URI:append:class-target = " \ diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng_0.15.06.bb b/poky/meta/recipes-extended/stress-ng/stress-ng_0.15.07.bb index 31cf2e8987..674c58a6a2 100644 --- a/poky/meta/recipes-extended/stress-ng/stress-ng_0.15.06.bb +++ b/poky/meta/recipes-extended/stress-ng/stress-ng_0.15.07.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRC_URI = "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master \ " -SRCREV = "f2a80e4fdba0aaf71d7d3687acb34e3827e68886" +SRCREV = "83ab1d2d7e39d9accba9d6dd0cc567645bb21d92" S = "${WORKDIR}/git" DEPENDS = "coreutils-native libbsd" diff --git a/poky/meta/recipes-extended/texinfo/texinfo_7.0.2.bb b/poky/meta/recipes-extended/texinfo/texinfo_7.0.3.bb index da455df4bb..b149177b72 100644 --- a/poky/meta/recipes-extended/texinfo/texinfo_7.0.2.bb +++ b/poky/meta/recipes-extended/texinfo/texinfo_7.0.3.bb @@ -35,7 +35,7 @@ SRC_URI = "${GNU_MIRROR}/texinfo/${BP}.tar.gz \ ${TARGET_PATCH} \ " -SRC_URI[sha256sum] = "a9c646bc4f6bb31843f129f8408a3a627334575faf7b22ebc416be5cb1570553" +SRC_URI[sha256sum] = "3cc5706fb086b895e1dc2b407aade9f95a3a233ff856273e2b659b089f117683" tex_texinfo = "texmf/tex/texinfo" diff --git a/poky/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch b/poky/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch new file mode 100644 index 0000000000..b236030108 --- /dev/null +++ b/poky/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch @@ -0,0 +1,145 @@ +xdg-email does not parse mailto uris properly for thunderbird + +When using thunderbird as mailto handler xdg-email translates mailto uris into an 'thunderbird -compose' argument. While to, cc and bcc values are properly enclosed in single quotes this is not the case for subject or body. This breaks functionality and allows to use all thunderbird -compose arguments within a mailto uri, e.g. + +xdg-email 'mailto:test@example.com?subject=Test,attachment=~/.thunderbird/profiles.ini,message=/home/test/test.txt' + +translates into + +thunderbird -compose to='test@example.com,',subject=Test,attachment=~/.thunderbird/profiles.ini,message=/home/test/test.txt + +with working attachment and message. (And, yes, ~ expands to the home directory.) + +Upstream-Status: Submitted [https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205] + +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +CVE: CVE-2022-4055 + + +Index: xdg-utils-1.1.3/scripts/xdg-email.in +=================================================================== +--- xdg-utils-1.1.3.orig/scripts/xdg-email.in ++++ xdg-utils-1.1.3/scripts/xdg-email.in +@@ -30,53 +30,6 @@ _USAGE + + #@xdg-utils-common@ + +-run_thunderbird() +-{ +- local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY +- THUNDERBIRD="$1" +- MAILTO=$(echo "$2" | sed 's/^mailto://') +- echo "$MAILTO" | grep -qs "^?" +- if [ "$?" = "0" ] ; then +- MAILTO=$(echo "$MAILTO" | sed 's/^?//') +- else +- MAILTO=$(echo "$MAILTO" | sed 's/^/to=/' | sed 's/?/\&/') +- fi +- +- MAILTO=$(echo "$MAILTO" | sed 's/&/\n/g') +- TO=$(/bin/echo -e $(echo "$MAILTO" | grep '^to=' | sed 's/^to=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- CC=$(/bin/echo -e $(echo "$MAILTO" | grep '^cc=' | sed 's/^cc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- BCC=$(/bin/echo -e $(echo "$MAILTO" | grep '^bcc=' | sed 's/^bcc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- SUBJECT=$(echo "$MAILTO" | grep '^subject=' | tail -n 1) +- BODY=$(echo "$MAILTO" | grep '^body=' | tail -n 1) +- +- if [ -z "$TO" ] ; then +- NEWMAILTO= +- else +- NEWMAILTO="to='$TO'" +- fi +- if [ -n "$CC" ] ; then +- NEWMAILTO="${NEWMAILTO},cc='$CC'" +- fi +- if [ -n "$BCC" ] ; then +- NEWMAILTO="${NEWMAILTO},bcc='$BCC'" +- fi +- if [ -n "$SUBJECT" ] ; then +- NEWMAILTO="${NEWMAILTO},$SUBJECT" +- fi +- if [ -n "$BODY" ] ; then +- NEWMAILTO="${NEWMAILTO},$BODY" +- fi +- +- NEWMAILTO=$(echo "$NEWMAILTO" | sed 's/^,//') +- DEBUG 1 "Running $THUNDERBIRD -compose \"$NEWMAILTO\"" +- "$THUNDERBIRD" -compose "$NEWMAILTO" +- if [ $? -eq 0 ]; then +- exit_success +- else +- exit_failure_operation_failed +- fi +-} +- + open_kde() + { + if [ -n "$KDE_SESSION_VERSION" ] && [ "$KDE_SESSION_VERSION" -ge 5 ]; then +@@ -130,15 +83,6 @@ open_kde() + + open_gnome3() + { +- local client +- local desktop +- desktop=`xdg-mime query default "x-scheme-handler/mailto"` +- client=`desktop_file_to_binary "$desktop"` +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + if gio help open 2>/dev/null 1>&2; then + DEBUG 1 "Running gio open \"$1\"" + gio open "$1" +@@ -159,13 +103,6 @@ open_gnome3() + + open_gnome() + { +- local client +- client=`gconftool-2 --get /desktop/gnome/url-handlers/mailto/command | cut -d ' ' -f 1` || "" +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + if gio help open 2>/dev/null 1>&2; then + DEBUG 1 "Running gio open \"$1\"" + gio open "$1" +@@ -231,15 +168,6 @@ open_flatpak() + + open_generic() + { +- local client +- local desktop +- desktop=`xdg-mime query default "x-scheme-handler/mailto"` +- client=`desktop_file_to_binary "$desktop"` +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + xdg-open "$1" + local ret=$? + +@@ -364,21 +292,6 @@ while [ $# -gt 0 ] ; do + shift + ;; + +- --attach) +- if [ -z "$1" ] ; then +- exit_failure_syntax "file argument missing for --attach option" +- fi +- check_input_file "$1" +- file=`readlink -f "$1"` # Normalize path +- if [ -z "$file" ] || [ ! -f "$file" ] ; then +- exit_failure_file_missing "file '$1' does not exist" +- fi +- +- url_encode "$file" +- options="${options}attach=${result}&" +- shift +- ;; +- + -*) + exit_failure_syntax "unexpected option '$parm'" + ;; diff --git a/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb b/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb index 73acf6b744..4d93180535 100644 --- a/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb +++ b/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb @@ -21,6 +21,7 @@ SRC_URI = "https://portland.freedesktop.org/download/${BPN}-${PV}.tar.gz \ file://0001-Reinstate-xdg-terminal.patch \ file://0001-Don-t-build-the-in-script-manual.patch \ file://1f199813e0eb0246f63b54e9e154970e609575af.patch \ + file://CVE-2022-4055.patch \ " SRC_URI[md5sum] = "902042508b626027a3709d105f0b63ff" diff --git a/poky/meta/recipes-extended/xz/xz_5.4.1.bb b/poky/meta/recipes-extended/xz/xz_5.4.2.bb index 71bf4b540a..87f9602bf6 100644 --- a/poky/meta/recipes-extended/xz/xz_5.4.1.bb +++ b/poky/meta/recipes-extended/xz/xz_5.4.2.bb @@ -17,15 +17,15 @@ LICENSE:${PN}-dbg = "GPL-2.0-or-later" LICENSE:${PN}-locale = "GPL-2.0-or-later" LICENSE:liblzma = "PD" -LIC_FILES_CHKSUM = "file://COPYING;md5=97d554a32881fee0aa283d96e47cb24a \ +LIC_FILES_CHKSUM = "file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \ file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://COPYING.GPLv3;md5=d32239bcb673463ab874e80d47fae504 \ + file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \ file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c \ file://lib/getopt.c;endline=23;md5=2069b0ee710572c03bb3114e4532cd84 \ " SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz" -SRC_URI[sha256sum] = "e4b0f81582efa155ccf27bb88275254a429d44968e488fc94b806f2a61cd3e22" +SRC_URI[sha256sum] = "87947679abcf77cc509d8d1b474218fd16b72281e2797360e909deaee1ac9d05" UPSTREAM_CHECK_REGEX = "xz-(?P<pver>\d+(\.\d+)+)\.tar" CACHED_CONFIGUREVARS += "gl_cv_posix_shell=/bin/sh" |