From 821a859c1d68e8cfeea8c50e86f15daa87e71d59 Mon Sep 17 00:00:00 2001 From: Patrick Williams Date: Tue, 2 May 2023 15:26:54 -0500 Subject: subtree updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit meta-openembedded: 744a4b6eda..df452d9d98: Alexander Stein (1): dool: Add patch to fix rebuild Alexander Thoma (1): Fix tigervnc crash due to missing xkbcomp rdepends Andrej Valek (2): grpc: upgrade 1.45.2 -> 1.46.6 grpc: upgrade 1.46.6 -> 1.46.7 Archana Polampalli (2): Nodejs - Upgrade to 16.18.1 Nodejs: Fixed python3 DeprecationWarning BINDU (1): flatbuffers: adapt for cross-compilation environments Carsten Bäcker (1): spdlog: Fix CMake flag Changqing Li (12): zabbix: fix CVE-2022-43515,CVE-2022-46768 redis: 6.2.7 -> 6.2.8 redis: upgrade 7.0.4 to 7.0.5 redis: 7.0.5 -> 7.0.7 liblockfile: fix do_install failure when ldconfig is not installed postgresql: fix CVE-2022-41862 redis: upgrade 7.0.7 -> 7.0.9 redis: upgrade 6.2.8 -> 6.2.11 zabbix: fix CVE-2023-29451 redis: upgrade 6.2.11 -> 6.2.12 redis: upgrade 7.0.9 -> 7.0.10 redis: upgrade 7.0.10 -> 7.0.11 Chase Qi (1): kernel-selftest: install kselftest runner Chee Yang Lee (2): zsh: Fix CVE-2021-45444 cifs-utils: fix CVE-2022-27239 CVE-2022-29869 Dmitry Baryshkov (1): nss: fix cross-compilation error Dragos-Marian Panait (1): phpmyadmin: fix CVE-2023-25727 Gary Huband (1): chrony: add pkgconfig class as pkg-config is explicitly searched for Geoff Parker (1): python3-pillow: add tk to RDEPENDS ptest pkg only if x11 in DISTRO_FEATURES He Zhe (2): protobuf: upgrade 3.19.4 -> 3.19.6 python3-protobuf: upgrade 3.20.0 -> 3.20.3 Hermes Zhang (1): kernel_add_regdb: Change the task order Hitendra Prajapati (5): dhcp: Fix CVE-2022-2928 & CVE-2022-2929 strongswan: CVE-2022-40617 A possible DoS in Using Untrusted URIs for Revocation Checking nginx: CVE-2022-41741, CVE-2022-41742 Memory corruption in the ngx_http_mp4_module net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer Exception krb5: CVE-2022-42898 integer overflow vulnerabilities in PAC parsing Howard Cochran (1): ufw: Fix "could not find required binary 'iptables'" Joe Slater (1): phoronix-test-suite: Fix CVE-2022-40704 Khem Raj (6): mpd: Update to 0.23.8 mpd: Upgrade to 0.23.9 ncmpc: Upgrade to 0.47 mpd: Upgrade to 0.23.12 release monkey: Fix build with musl postfix: Fix build on systems with linux 6.x Manoj Saun (1): postgresql: fix ptest failure of sysviews test Marta Rybczynska (1): jansson: whitelist CVE-2020-36325 Martin Jansa (12): re2: fix branch name from master to main exiv2: fix SRC_URI mdns: use git fetcher monkey: use git fetcher jack: fix compatibility with python-3.11 restinio: fix S variable in multilib builds mongodb: fix chown user for multilib builds pahole: respect libdir lvgl,lv-lib-png,lv-drivers: fix installed-vs-shipped QA issue with multilib lirc: fix do_install with multilib dleyna-{server,renderer}: fix dev-so QA issue with multilib zsh: fix installed-vs-shipped with multilib Mingli Yu (6): php: Upgrade to 8.1.12 mariadb: not use qemu to run cross-compiled binaries mariadb: Upgrade to 10.7.7 php: Upgrade to 8.1.16 mariadb: Upgrade to 10.7.8 mariadb: Fix CVE-2022-47015 Narpat Mali (2): python3-oauthlib: upgrade 3.2.0 -> 3.2.2 Fix collections.abc deprecation warning in downloadutils Warning appears as: Neetika Singh (1): libcroco: Add fix for CVE-2020-12825 Nikhil R (1): duktape: Add ptest Niko Mauno (2): nftables: Fix missing leading whitespace with ':append' Fix missing leading whitespace with ':append' Peter Kjellerstedt (2): chrony: Remove the readline PACKAGECONFIG chrony: Remove the libcap and nss PACKAGECONFIGs Peter Marko (3): ntp: whitelist CVE-2019-11331 c-ares: fix CVE-2022-4904 dnsmasq: fix CVE-2023-28450 Philippe Coval (1): pim435: Relocate sources to eclipse Polampalli, Archana (2): xfce4-settings: 4.16.2 -> 4.16.5 nodejs: Upgrade 16.19.0 -> 16.19.1 Preeti Sachan (1): fluidsynth: update SRC_URI to remove non-existing 2.2.x branch Randy MacLeod (2): python3-pillow: add ptest support python3-pillow: Add distutils, unixadmin for ptest S. Lockwood-Childs (1): multipath-tools: fix QA "dev-so" regression Siddharth Doshi (1): xterm : Fix CVE-2022-45063 code execution via OSC 50 input sequences] CVE-2022-45063 Tim Orling (1): nodejs: upgrade 16.18.1 -> 16.19.0 Tom Hochstein (1): nlohmann-json: Allow empty main package for SDK Urade, Yogita (3): multipath-tools: fix CVE-2022-41974 poppler: fix CVE-2021-30860 dlt-daemon: fix CVE-2023-26257 Wang Mingyu (5): python3-pillow: upgrade 9.2.0 -> 9.3.0 python3-pillow: upgrade 9.3.0 -> 9.4.0 apache2: upgrade 2.4.54 -> 2.4.55 apache2: upgrade 2.4.55 -> 2.4.56 openwsman: Change download branch from master to main. Xu Huan (1): python3-pillow: upgrade 9.0.1 -> 9.1.1 Yi Zhao (5): postfix: upgrade 3.6.5 -> 3.6.7 freeradius: Security fixes for CVE-2022-41860 CVE-2022-41861 frr: Security fix for CVE-2022-42917 apache2: use /run instead of /var/run for systemd volatile config mbedtls: upgrade 2.28.0 -> 2.28.2 Yogita Urade (2): multipath-tools:fix CVE-2022-41973 syslog-ng: fix CVE-2022-38725 Zheng Qiu (1): redis: build with USE_SYSTEMD=yes when systemd is enabled wangmy (1): libcrypt-openssl-rsa-perl: upgrade 0.32 -> 0.33 zhengruoqin (1): python3-pillow: upgrade 9.1.1 -> 9.2.0 meta-raspberrypi: dacad9302a..2a06e4e84b: Zachary T Welch (1): machines: simplify MACHINEOVERRIDES definitions meta-security: c79262a30b..cc20e2af2a: Armin Kuster (2): oeqa/tpm2: fix and cleanup tests oeqa: meta-tpm shut swtpm down before and after testing poky: eaf8ce9d39..4cc0e9438b: Adrian Freihofer (1): own-mirrors: add crate Alejandro Hernandez Samaniego (2): baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES testimage: Fix error message to reflect new syntax Alex Kiernan (3): u-boot: Remove duplicate inherit of cml1 cargo_common.bbclass: Fix typos classes: image: Set empty weak default IMAGE_LINGUAS Alex Stewart (1): lsof: add update-alternatives logic Alexander Kanavin (49): local.conf.sample: correct the location of public hashserv lttng-modules: upgrade 2.13.4 -> 2.13.5 quilt: backport a patch to address grep 3.8 failures lttng-tools: submit determinism.patch upstream groff: submit patches upstream tcl: correct patch status kea: submit patch upstream ovmf: correct patches status libffi: submit patch upstream linux-firmware: upgrade 20220913 -> 20221012 xwayland: upgrade 22.1.3 -> 22.1.4 libffi: upgrade 3.4.2 -> 3.4.4 libical: upgrade 3.0.15 -> 3.0.16 mtd-utils: upgrade 2.1.4 -> 2.1.5 gdk-pixbuf: upgrade 2.42.9 -> 2.42.10 gstreamer1.0: upgrade 1.20.3 -> 1.20.4 libepoxy: convert to git libepoxy: update 1.5.9 -> 1.5.10 vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that gnomebase.bbclass: return the whole version for tarball directory if it is a number libnewt: update 0.52.21 -> 0.52.23 ruby: merge .inc into .bb ruby: update 3.1.2 -> 3.1.3 tzdata: update 2022d -> 2022g devtool/upgrade: correctly handle recipes where S is a subdir of upstream tree libarchive: upgrade 3.6.1 -> 3.6.2 devtool: process local files only for the main branch libksba: update 1.6.2 -> 1.6.3 linux-firmware: upgrade 20221109 -> 20221214 xwayland: upgrade 22.1.5 -> 22.1.7 xserver-xorg: upgrade 21.1.4 -> 21.1.6 selftest/virgl: use pkg-config from the host vulkan-samples: branch rename master -> main gdk-pixbuf: do not use tools from gdk-pixbuf-native when building tests oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with a signal diffutils: update 3.8 -> 3.9 lttng-tools: update 2.13.8 -> 2.13.9 apr: update 1.7.0 -> 1.7.2 apr-util: update 1.6.1 -> 1.6.3 bind: upgrade 9.18.10 -> 9.18.11 libjpeg-turbo: upgrade 2.1.4 -> 2.1.5 linux-firmware: upgrade 20221214 -> 20230117 sudo: upgrade 1.9.12p1 -> 1.9.12p2 vim: update 9.0.1211 -> 9.0.1293 to resolve open CVEs dbus: upgrade 1.14.4 -> 1.14.6 linux-firmware: upgrade 20230117 -> 20230210 wireless-regdb: upgrade 2022.08.12 -> 2023.02.13 devtool/upgrade: do not delete the workspace/recipes directory patchelf: replace a rejected patch with an equivalent uninative.bbclass tweak Alexandre Belloni (1): oeqa/selftest/bbtests: Update message lookup for test_git_unpack_nonetwork_fail Alexey Smirnov (1): classes: make TOOLCHAIN more permissive for kernel Alexis Lothoré (1): oeqa/selftest/resulttooltests: fix minor typo Antonin Godard (2): busybox: always start do_compile with orig config files busybox: rm temporary files if do_compile was interrupted Armin Kuster (1): lttng-modules: Fix for 5.10.163 kernel version Arnout Vandecappelle (1): python3-pytest: depend on python3-tomli instead of python3-toml Bartosz Golaszewski (1): bluez5: add dbus to RDEPENDS Benoît Mauduit (1): lib/oe/reproducible: Use git log without gpg signature Bernhard Rosenkränzer (1): cmake-native: Fix host tool contamination (Bug: 14951) Bhabu Bindu (5): qemu: Fix CVE-2021-3611 curl: Fix CVE-2022-32221 curl: Fix CVE-2022-42916 curl: Fix CVE-2022-42915 qemu: Fix CVE-2022-4144 Bruce Ashfield (34): linux-yocto/5.10: update to v5.10.147 linux-yocto/5.10: update to v5.10.149 linux-yocto/5.15: update to v5.15.72 kern-tools: fix relative path processing linux-yocto/5.15: update to v5.15.74 linux-yocto/5.15: update to v5.15.76 linux-yocto/5.15: update to v5.15.78 linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings kern-tools: integrate ZFS speedup patch linux-yocto/5.10: update to v5.10.152 linux-yocto/5.10: update to v5.10.154 linux-yocto/5.10: update to v5.10.160 linux-yocto/5.15: ltp and squashfs fixes linux-yocto/5.15: fix perf build with clang linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off linux-yocto/5.15: update to v5.15.84 linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy linux-yocto/5.15: update to v5.15.87 linux-yocto/5.15: update to v5.15.89 linux-yocto/5.15: update to v5.15.91 lttng-modules: fix for kernel 6.2+ linux-yocto/5.15: update to v5.15.94 linux-yocto/5.15: update to v5.15.96 linux-yocto-rt/5.15: update to -rt59 linux-yocto/5.10: update to v5.10.162 linux-yocto/5.10: update to v5.10.164 linux-yocto/5.10: update to v5.10.166 linux-yocto/5.10: update to v5.10.168 linux-yocto/5.10: update to v5.10.170 linux-yocto/5.10: update to v5.10.172 linux-yocto/5.10: update to v5.10.175 lttng-modules: update to v2.13.9 linux-yocto/5.15: update to v5.15.98 linux-yocto/5.15: update to v5.15.103 Carlos Alberto Lopez Perez (1): xwayland: libxshmfence is needed when dri3 is enabled Changqing Li (3): base.bbclass: Fix way to check ccache path apt: fix do_package_qa failure libsdl2: fix CVE-2022-4743 Chee Yang Lee (4): dropbear: fix CVE-2021-36369 git: upgrade to 2.35.6 tiff: fix multiple CVEs git: ignore CVE-2023-22743 Chen Qi (10): image_types_wic.bbclass: fix cross binutils dependency openssl: export necessary env vars in SDK kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild resolvconf: make it work dhcpcd: fix to work with systemd psplash: consider the situation of psplash not exist for systemd bc: extend to nativesdk rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work dhcpcd: backport two patches to fix runtime error libseccomp: fix typo in DESCRIPTION Christian Eggers (1): linux-firmware: split rtl8761 firmware Claus Stovgaard (1): gstreamer1.0-libav: fix errors with ffmpeg 5.x Daniel Gomez (1): gtk-icon-cache: Fix GTKIC_CMD if-else condition Diego Sueiro (1): kernel.bbclass: Include randstruct seed assets in STAGING_KERNEL_BUILDDIR Dmitry Baryshkov (4): linux-firmware: upgrade 20221012 -> 20221109 linux-firmware: add new fw file to ${PN}-qcom-adreno-a530 linux-firmware: properly set license for all Qualcomm firmware linux-firmware: add yamato fw files to qcom-adreno-a2xx package Ed Tanous (1): openssl: Upgrade 3.0.5 -> 3.0.7 Enrico Jörns (1): sstatesig: emit more helpful error message when not finding sstate manifest Etienne Cordonnier (2): mirrors.bbclass: use shallow tarball for binutils-native bitbake: siggen: Fix inefficient string concatenation Federico Pellegrin (1): curl: fix dependencies when building with ldap/ldaps Florin Diaconescu (1): python3: upgrade 3.10.8 -> 3.10.9 Frank de Brabander (2): cve-update-db-native: add timeout to urlopen() calls bitbake: bin/utils: Ensure locale en_US.UTF-8 is available on the system Geoffrey GIRY (1): cve-check: Fix false negative version issue Harald Seiler (2): opkg: Set correct info_dir and status_file in opkg.conf bootchart2: Fix usrmerge support He Zhe (3): lttng-tools: Upgrade 2.13.4 -> 2.13.8 lttng-modules: Fix crash on powerpc64 lttng-modules: update 2.13.7 -> 2.13.8 Hitendra Prajapati (14): openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption QEMU: CVE-2022-3165 VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion systemd: CVE-2022-3821 Fix buffer overrun libarchive: CVE-2022-36227 NULL pointer dereference in archive_write.c golang: CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps libxml2: Fix CVE-2022-40303 && CVE-2022-40304 libX11: CVE-2022-3554 & CVE-2022-3555 Fix memory leak systemd: CVE-2022-45873 deadlock in systemd-coredump via a crash with a long backtrace go: fix CVE-2022-41717 Excessive memory use in got server less: backport the fix for CVE-2022-46663 curl: CVE-2023-27533 TELNET option IAC injection curl: CVE-2023-27534 SFTP path resolving discrepancy ruby: CVE-2023-28756 ReDoS vulnerability in Time screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs Hongxu Jia (1): pkgconf: fix CVE-2023-24056 Jagadeesh Krishnanjanappa (1): qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image Jan Kircher (1): toolchain-scripts: compatibility with unbound variable protection Jan-Simon Moeller (1): buildtools-tarball: export certificates to python and curl Jeremy Puhlman (1): qemu-native: Add PACKAGECONFIG option for jack Jermain Horsman (1): cve-check: write the cve manifest to IMGDEPLOYDIR Joe Slater (4): python3: advance to version 3.10.8 nghttp2: never build python bindings python3: fix CVE-2023-24329 go: fix CVE-2022-41724, 41725 John Edward Broadbent (1): externalsrc: git submodule--helper list unsupported Jose Quaresma (7): kernel-yocto: improve fatal error messages of symbol_why.py archiver: avoid using machine variable as it breaks multiconfig sstatesig: skip the rm_work task signature rm_work: exclude the SSTATETASKS from the rm_work tasks sinature sstate: Allow optimisation of do_deploy_archives task dependencies Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test" gstreamer1.0: Fix race conditions in gstbin tests Joshua Watt (6): runqemu: Do not perturb script environment runqemu: Fix gl-es argument from causing other arguments to be ignored qemu-helper-native: Re-write bridge helper as C program qemu-helper-native: Correctly pass program name as argv[0] scripts: convert-overrides: Allow command-line customizations classes/create-spdx: Add SPDX_PRETTY option KARN JYE LAU (1): freetype:update mirror site. Kai Kang (5): libuv: fixup SRC_URI webkitgtk: 2.36.7 -> 2.36.8 qemu: fix compile error xserver-xorg: 21.1.6 -> 21.1.7 python3-git: fix indent error Keiya Nobuta (2): gnutls: Unified package names to lower-case create-spdx: Remove ";name=..." for downloadLocation Kenfe-Mickael Laventure (3): buildtools-tarball: Handle spaces within user $PATH toolchain-scripts: Handle spaces within user $PATH populate_sdk_ext: Handle spaces within user $PATH Khem Raj (10): perf: Depend on native setuptools3 tiff: Add packageconfig knob for webp libtirpc: Check if file exists before operating on it libusb1: Link with latomic only if compiler has no atomic builtins libusb1: Strip trailing whitespaces scons: Pass MAXLINELENGTH to scons invocation scons.bbclass: Make MAXLINELENGTH overridable systemd.bbclass: Add /usr/lib/systemd to searchpaths as well rsync: Add missing prototypes to function declarations rsync: Turn on -pedantic-errors at the end of 'configure' Konrad Weihmann (1): create-spdx: default share_src for shared sources Lee Chee Yang (2): migration-guides: add release-notes for 4.0.7 migration-guides: add release-notes for 4.0.9 Leon Anavi (1): get_module_deps3.py: Check attribute '__file__' Liam Beguin (1): meson: make wrapper options sub-command specific Louis Rannou (1): oeqa/selftest/locales: Add selftest for locale generation/presence Luis (1): rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively Marek Vasut (3): bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware bitbake: fetch2/git: Prevent git fetcher from fetching gitlab repository metadata bitbake: fetch2/git: Clarify the meaning of namespace Marius Kriegerowski (1): bitbake: bitbake-diffsigs: Make PEP8 compliant Mark Hatle (3): insane.bbclass: Allow hashlib version that only accepts on parameter bitbake: utils/ply: Update md5 to better report errors with hashlib openssl: Move microblaze to linux-latomic config Marta Rybczynska (2): efibootmgr: update compilation with musl cve-update-db-native: avoid incomplete updates Martin Jansa (15): vulkan-samples: add lfs=0 to SRC_URI to avoid git smudge errors in do_unpack externalsrc.bbclass: fix git repo detection libsndfile1: Backport fix for CVE-2021-4156 tiff: refresh with devtool tiff: add CVE tag to b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch libxml2: fix test data checksums systemd: backport another change from v252 to fix build with CVE-2022-45873.patch ffmpeg: refresh patches to apply cleanly meta: remove True option to getVar and getVarFlag calls (again) bitbake: fetch2/git: show SRCREV and git repo in error message about fixed SRCREV timezone: use 'tz' subdir instead of ${WORKDIR} directly tzdata: use separate B instead of WORKDIR for zic output tzcode-native: fix build with gcc-13 on host selftest: devtool: set BB_HASHSERVE_UPSTREAM when setting SSTATE_MIRROR bmap-tools: switch to main branch Mateusz Marciniec (1): sstatesig: Improve output hash calculation Mathieu Dubois-Briand (1): dbus: Add missing CVE product name Mauro Queiros (1): image.bbclass: print all QA functions exceptions Michael Halstead (4): uninative: Upgrade to 3.7 to work with glibc 2.36 selftest/runtime_test/virgl: Disable for all Rocky Linux uninative: Upgrade to 3.8.1 to include libgcc uninative: Upgrade to 3.9 to include glibc 2.37 Michael Opdenacker (11): create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED SPDX and CVE documentation updates manuals: add 4.0.5 and 4.0.6 release notes manuals: document SPDX_PRETTY variable dev-manual: fix old override syntax ref-manual: document SSTATE_EXCLUDEDEPS_SYSROOT profile-manual: update WireShark hyperlinks bsp-guide: fix broken git URLs and missing word manuals: update patchwork instance URL dev-manual: common-tasks.rst: add link to FOSDEM 2023 video migration-guides: add 4.0.8 release notes Mikko Rapeli (11): common-tasks.rst: fix oeqa runtime test path oeqa context.py: fix --target-ip comment to include ssh port number oeqa ssh.py: move output prints to new line oeqa ssh.py: add connection keep alive options to ssh client oeqa dump.py: add error counter and stop after 5 failures oeqa qemurunner: read more data at a time from serial oeqa qemurunner.py: add timeout to QMP calls oeqa qemurunner.py: try to avoid reading one character at a time oeqa ssh.py: fix hangs in run() runqemu: kill qemu if it hangs oeqa rtc.py: skip if read-only-rootfs Ming Liu (1): linux: inherit pkgconfig in kernel.bbclass Mingli Yu (4): glslang: branch rename master -> main mdadm: Fix testcase 06wrmostly mdadm: fix tests/02lineargrow mdadm: Fix raid0 tests Narpat Mali (12): wayland: fix CVE-2021-3782 python3-mako: backport fix for CVE-2022-40023 ffmpeg: fix for CVE-2022-3964 ffmpeg: fix for CVE-2022-3965 ffmpeg: fix for CVE-2022-3109 python3-setuptools: fix for CVE-2022-40897 python3-wheel: fix for CVE-2022-40898 python3-git: fix for CVE-2022-24439 ffmpeg: fix for CVE-2022-3341 python3-certifi: fix for CVE-2022-23491 libseccomp: fix for the ptest result format libmicrohttpd: upgrade 0.9.75 -> 0.9.76 Nathan Rossi (4): oeqa/selftest/lic_checksum: Cleanup changes to emptytest include oeqa/selftest/minidebuginfo: Create selftest for minidebuginfo glibc-locale: Do not INHIBIT_DEFAULT_DEPS package: Fix handling of minidebuginfo with newer binutils Niko Mauno (2): systemd: Consider PACKAGECONFIG in RRECOMMENDS Fix missing leading whitespace with ':append' Ovidiu Panait (1): kernel.bbclass: remove empty module directories to prevent QA issues Pavel Zhukov (4): bitbake: gitsm: Fix regression in gitsm submodule path parsing oeqa/rpm.py: Increase timeout and add debug output gcc: Refactor linker patches and fix linker on arm with usrmerge wic: Fix usage of fstype=none in wic Pawan Badganchi (2): curl: Add fix for CVE-2023-23914, CVE-2023-23915 tiff: Add fix for CVE-2022-4645 Pawel Zalewski (1): classes/fs-uuid: Fix command output decoding issue Peter Kjellerstedt (2): externalsrc.bbclass: Remove a trailing slash from ${B} devshell: Do not add scripts/git-intercept to PATH Peter Marko (9): systemd: add group render to udev package meta-selftest/staticids: add render group for systemd externalsrc: fix lookup for .gitmodules oeqa/selftest/externalsrc: add test for srctree_hash_files systemd: add group sgx to udev package systemd: fix CVE-2022-4415 gcc-shared-source: do not use ${S}/.. in deploy_source_date_epoch package.bbclass: correct check for /build in copydebugsources() go: ignore CVE-2022-41716 Petr Kubizňák (1): harfbuzz: remove bindir only if it exists Piotr Łobacz (1): systemd: fix wrong nobody-group assignment Polampalli, Archana (1): libpam: fix CVE-2022-28321 Poonam (1): python3-setuptools-rust-native: Add direct dependency of native python3 modules Qiu, Zheng (3): tiff: Security fix for CVE-2022-3970 vim: upgrade 9.0.0820 -> 9.0.0947 valgrind: remove most hidden tests for arm64 Quentin Schulz (4): cairo: update patch for CVE-2019-6461 with upstream solution docs: migration-4.0: specify variable name change for kernel inclusion in image recipe docs: kernel-dev: faq: update tip on how to not include kernel in image cairo: fix CVE patches assigned wrong CVE number Randy MacLeod (3): valgrind: skip the boost_thread test on arm vim: upgrade 9.0.0947 -> 9.0.1211 vim: upgrade 9.0.1403 -> 9.0.1429 Ranjitsinh Rathod (3): curl: Correct LICENSE from MIT-open-group to curl curl: Add patch to fix CVE-2022-43551 curl: Add patch to fix CVE-2022-43552 Ravula Adhitya Siddartha (2): linux-yocto/5.10: update genericx86* machines to v5.10.149 linux-yocto/5.15: update genericx86* machines to v5.15.72 Richard Purdie (35): bitbake: tests/fetch: Allow handling of a file:// url within a submodule build-appliance-image: Update to kirkstone head revision openssl: Fix SSL_CERT_FILE to match ca-certs location numactl: upgrade 2.0.14 -> 2.0.15 bitbake: runqueue: Fix race issues around hash equivalence and sstate reuse lttng-modules: upgrade 2.13.5 -> 2.13.7 bitbake.conf: Drop export of SOURCE_DATE_EPOCH_FALLBACK gcc-shared-source: Fix source date epoch handling gcc-source: Fix gengtypes race gcc-source: Drop gengtype manipulation gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't change sanity: Drop data finalize call oeqa/selftest/tinfoil: Add test for separate config_data with recipe_parse_file() build-appliance-image: Update to kirkstone head revision yocto-check-layer: Allow OE-Core to be tested oeqa/concurrencytest: Add number of failures to summary output build-appliance-image: Update to kirkstone head revision native: Drop special variable handling kernel/linux-kernel-base: Fix kernel build artefact determinism issues make-mod-scripts: Ensure kernel build output is deterministic libc-locale: Fix on target locale generation build-appliance-image: Update to kirkstone head revision libssh2: Clean up ptest patch/coverage bitbake: utils: Allow to_boolean to support int values bitbake: cookerdata: Remove incorrect SystemExit usage bitbake: cookerdata: Improve early exception handling bitbake: cookerdata: Drop dubious exception handling code binutils: Fix nativesdk ld.so search oeqa/selftest/prservice: Improve debug output for failure staging: Separate out different multiconfig manifests staging/multilib: Fix manifest corruption glibc: Add missing binutils dependency selftest/recipetool: Stop test corrupting tinfoil class base-files: Drop localhost.localdomain from hosts file pybootchartui: Fix python syntax issue Robert Andersson (1): go-crosssdk: avoid host contamination by GOCACHE Robert Yang (1): bitbake: fetch/git: Fix local clone url to make it work with repo Rodolfo Quesada Zumbado (1): tar: CVE-2022-48303 Romuald Jeanne (1): image_types: fix multiubi var init Ross Burton (37): qemu: fix CVE-2022-2962 lighttpd: fix CVE-2022-41556 expat: backport the fix for CVE-2022-43680 scripts/oe-check-sstate: cleanup scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot opkg-utils: use a git clone, not a dynamic snapshot oe/packagemanager/rpm: don't leak file objects glib-2.0: fix rare GFileInfo test case failure pixman: backport fix for CVE-2022-44638 sanity: check for GNU tar specifically qemu: add io_uring PACKAGECONFIG expat: upgrade to 2.5.0 linux-firmware: don't put the firmware into the sysroot tiff: fix a number of CVEs xserver-xorg: backport fixes for CVE-2022-3550 and CVE-2022-3551 lib/buildstats: fix parsing of trees with reduced_proc_pressure directories combo-layer: remove unused import combo-layer: dont use bb.utils.rename combo-layer: add sync-revs command libepoxy: remove upstreamed patch cve-update-db-native: show IP on failure bitbake: bb/utils: include SSL certificate paths in export_proxies ppp: backport fix for CVE-2022-4603 quilt: fix intermittent failure in faildiff.test spirv-headers: set correct branch name quilt: use upstreamed faildiff.test fix git: ignore CVE-2022-41953 buildtools-tarball: set pkg-config search path sdkext/cases/devtool: pass a logger to HTTPService httpserver: add error handler that write to the logger lib/buildstats: handle tasks that never finished shadow: ignore CVE-2016-15024 vim: add missing pkgconfig inherit vim: upgrade to 9.0.1403 vim: set modified-by to the recipe MAINTAINER lib/resulttool: fix typo breaking resulttool log --ptest scripts/lib/buildstats: handle top-level build_stats not being complete Sakib Sajal (3): go: fix CVE-2022-2880 git: upgrade 2.35.6 -> 2.35.7 go: fix CVE-2022-2879 and CVE-2022-41720 Sandeep Gundlupet Raju (2): kernel-fitimage: Adjust order of dtb/dtbo files kernel-fitimage: Allow user to select dtb when multiple dtb exists Saul Wold (3): at: Change when files are copied package.bbclase: Add check for /build in copydebugsources() busybox: Fix depmod patch Schmidt, Adriaan (1): bitbake: bitbake-diffsigs: break on first dependent task difference Sean Anderson (2): kernel: Clear SYSROOT_DIRS instead of replacing sysroot_stage_all uboot-sign: Fix using wrong KEY_REQ_ARGS Sergei Zhmylev (2): wic: honor the SOURCE_DATE_EPOCH in case of updated fstab wic: make ext2/3/4 images reproducible Shubham Kulkarni (3): glibc: Security fix for CVE-2023-0687 go-runtime: Security fix for CVE-2022-41723 go-runtime: Security fix for CVE-2022-41722 Siddharth Doshi (5): openssl: Upgrade 3.0.7 -> 3.0.8 epiphany: Security fix for CVE-2023-26081 harfbuzz: Security fix for CVE-2023-25193 openssl: Security fix for CVE-2023-0464, CVE-2023-0465, CVE-2023-0466 curl: Security fix for CVE-2023-27535, CVE-2023-27536, CVE-2023-27538 Simone Weiss (1): json-c: Add ptest for json-c Steve Sakoman (12): Revert "lttng-tools: Upgrade 2.13.4 -> 2.13.8" poky.conf: bump version for 4.0.5 Revert "expat: backport the fix for CVE-2022-43680" poky.conf: bump version for 4.0.6 Revert "libksba: fix CVE-2022-47629" poky.conf: bump version for 4.0.7 poky.conf: Update SANITY_TESTED_DISTROS to match autobuilder system-requirements.rst: add Fedora 36 and AlmaLinux 8.7 to list of supported distros libgit2: uprade 1.4.3 -> 1.4.4 libgit2: upgrade 1.4.4 -> 1.4.5 poky.conf: bump version for 4.0.8 poky.conf: bump version for 4.0.9 Sundeep KOKKONDA (1): cargo : non vulnerable cve-2022-46176 added to excluded list Teoh Jay Shen (2): tiff: Security fixes CVE-2022-2867,CVE-2022-2868 and CVE-2022-2869 vim: Upgrade 9.0.0598 -> 9.0.0614 Thomas Perrot (2): psplash: add psplash-default in rdepends xserver-xorg: move some recommended dependencies in required Thomas Roos (1): devtool: fix devtool finish when gitmodules file is empty Tim Orling (5): python3: upgrade 3.10.4 -> 3.10.7 git: upgrade 2.35.4 -> 2.35.5 vim: upgrade 9.0.0614 -> 9.0.0820 mirrors.bbclass: update CPAN_MIRROR cracklib: update github branch to 'main' Tom Hochstein (2): meson: Fix wrapper handling of implicit setup command oeqa/sdk: Improve Meson test Trevor Woerner (3): cups: use BUILDROOT instead of DESTDIR cups: check PACKAGECONFIG for pam feature cups: add/fix web interface packaging Ulrich Ölmann (4): recipe_sanity: fix old override syntax lsof: fix old override syntax update-alternatives: fix typos kernel-yocto: fix kernel-meta data detection Vincent Davis Jr (1): linux-firmware: package amdgpu firmware Virendra Thakur (1): qemu: Fix CVE-2021-3750 for qemu Vivek Kumbhar (5): python3: fix CVE-2022-42919 local privilege escalation via the multiprocessing forkserver start method sqlite: fix CVE-2022-46908 safe mode authorizer callback allows disallowed UDFs. openssl: fix CVE-2022-3996 double locking leads to denial of service gnutls: fix CVE-2023-0361 timing side-channel in the TLS RSA key exchange code go: fix CVE-2023-24537 Infinite loop in parsing Vyacheslav Yurkov (3): files: overlayfs-etc: refactor preinit template classes: files: Extend overlayfs-etc class overlayfs: Allow not used mount points Wang Mingyu (19): bind: upgrade 9.18.7 -> 9.18.8 socat: upgrade 1.7.4.3 -> 1.7.4.4 libxcrypt: upgrade 4.4.28 -> 4.4.30 xwayland: upgrade 22.1.4 -> 22.1.5 mobile-broadband-provider-info: upgrade 20220725 -> 20221107 babeltrace: upgrade 1.5.8 -> 1.5.11 iso-codes: upgrade 4.11.0 -> 4.12.0 bind: upgrade 9.18.8 -> 9.18.9 mpfr: upgrade 4.1.0 -> 4.1.1 libxcrypt-compat: upgrade 4.4.30 -> 4.4.33 libpng: upgrade 1.6.38 -> 1.6.39 gstreamer1.0: upgrade 1.20.4 -> 1.20.5 bind: upgrade 9.18.9 -> 9.18.10 libjpeg-turbo: upgrade 2.1.5 -> 2.1.5.1 xwayland: upgrade 22.1.7 -> 22.1.8 iso-codes: upgrade 4.12.0 -> 4.13.0 lua: Fix install conflict when enable multilib. vala: Fix install conflict when enable multilib. dhcpcd: Fix install conflict when enable multilib. Xiangyu Chen (18): qemu: Backport patches from upstream to support float128 on qemu-ppc64 linux-yocto-dev: add qemuarm64 ltp: backport clock_gettime04 fix from upstream dbus: fix CVE-2022-42010 Check brackets in signature nest correctly dbus: fix CVE-2022-42011 dbus-daemon can be crashed by messages with array length inconsistent with element type dbus: fix CVE-2022-42012 dbus-marshal-byteswap: Byte-swap Unix fd indexes if needed lttng-tools: Upgrade 2.13.4 -> 2.13.8 sudo: upgrade 1.9.10 -> sudo 1.9.12p1 bash: backport patch to fix CVE-2022-3715 grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775 dbus: upgrade 1.14.0 -> 1.14.4 sysstat: fix CVE-2022-39377 grub: backport patches to fix CVE-2022-28736 openssh: remove RRECOMMENDS to rng-tools for sshd package numactl: skip test case when target platform doesn't have 2 CPU node dhcpcd: fix dhcpcd start failure on qemuppc64 sudo: update 1.9.12p2 -> 1.9.13p3 shadow: backport patch to fix CVE-2023-29383 Yash Shinde (5): binutils: stable 2.38 branch updates glibc: stable 2.35 branch updates. glibc: stable 2.35 branch updates. binutils : Fix CVE-2023-22608 binutils : Fix CVE-2023-1579 Yash.Shinde@windriver.com (1): binutils : Fix CVE-2022-4285 Yogita Urade (1): libksba: fix CVE-2022-47629 Zheng Qiu (1): tiff: fix CVE-2022-2953 ciarancourtney (1): wic: swap partitions are not added to fstab pawan (2): Revert "qemu: fix CVE-2021-3507" curl: Add fix for CVE-2023-23916 pgowda (1): binutils : Fix CVE-2022-38128 wangmy (9): ifupdown: upgrade 0.8.37 -> 0.8.39 libcap: upgrade 2.65 -> 2.66 libical: upgrade 3.0.14 -> 3.0.15 numactl: upgrade 2.0.15 -> 2.0.16 wpebackend-fdo: upgrade 1.12.1 -> 1.14.0 libksba: upgrade 1.6.0 -> 1.6.2 lttng-ust: upgrade 2.13.3 -> 2.13.4 lttng-ust: upgrade 2.13.4 -> 2.13.5 lighttpd: upgrade 1.4.66 -> 1.4.67 Signed-off-by: Patrick Williams Change-Id: I80cf3cd933dea72160ce87efb2a42fe4d0e5d7d5 --- .../dleyna/dleyna-renderer_0.6.0.bb | 2 +- .../dleyna/dleyna-server_0.6.0.bb | 2 +- .../recipes-multimedia/fluidsynth/fluidsynth.inc | 2 +- .../recipes-multimedia/musicpd/mpd_0.23.12.bb | 101 + .../recipes-multimedia/musicpd/mpd_0.23.6.bb | 101 - ...use-regular-integer-to-fix-Wenum-constexp.patch | 37 + .../recipes-multimedia/musicpd/ncmpc_0.46.bb | 39 - .../recipes-multimedia/musicpd/ncmpc_0.47.bb | 40 + .../classes/kernel_wireless_regdb.bbclass | 2 +- .../recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb | 2 + .../dhcp/files/CVE-2022-2928.patch | 120 + .../dhcp/files/CVE-2022-2929.patch | 40 + .../freeradius/files/CVE-2022-41860.patch | 118 + .../freeradius/files/CVE-2022-41861.patch | 53 + .../freeradius/freeradius_3.0.21.bb | 2 + .../recipes-connectivity/mbedtls/mbedtls_2.28.0.bb | 44 - .../recipes-connectivity/mbedtls/mbedtls_2.28.2.bb | 44 + .../restinio/restinio_0.6.13.bb | 4 +- .../recipes-connectivity/ufw/ufw_0.36.1.bb | 4 +- ...06-makedefs-Account-for-linux-6.x-version.patch | 35 + .../recipes-daemons/postfix/postfix_3.6.5.bb | 17 - .../recipes-daemons/postfix/postfix_3.6.7.bb | 18 + .../recipes-filter/nftables/nftables_1.0.2.bb | 2 +- .../recipes-protocols/frr/frr/CVE-2022-42917.patch | 36 + .../recipes-protocols/frr/frr/frr.pam | 3 +- .../recipes-protocols/frr/frr_8.2.2.bb | 1 + ...subroutine-for-cleaning-recent-interfaces.patch | 59 - .../0001-dns-sd-Include-missing-headers.patch | 41 - .../0001-mdns-include-stddef.h-for-NULL.patch | 40 - ...-subroutine-for-tearing-down-an-interface.patch | 58 - ...-mdns-cross-compilation-fixes-for-bitbake.patch | 145 -- .../files/0003-Track-interface-socket-family.patch | 50 - .../0004-Use-list-for-changed-interfaces.patch | 177 -- .../mdns/files/0006-Remove-unneeded-function.patch | 51 - ...-Mark-deleted-interfaces-as-being-changed.patch | 39 - .../files/0009-Fix-possible-NULL-dereference.patch | 45 - .../0010-Handle-errors-from-socket-calls.patch | 62 - ...dynamic-allocation-to-file-scope-variable.patch | 53 - .../recipes-protocols/mdns/files/mdns.service | 15 - ...subroutine-for-cleaning-recent-interfaces.patch | 59 + .../mdns/0001-dns-sd-Include-missing-headers.patch | 41 + .../mdns/0001-mdns-include-stddef.h-for-NULL.patch | 40 + ...-subroutine-for-tearing-down-an-interface.patch | 58 + ...-mdns-cross-compilation-fixes-for-bitbake.patch | 145 ++ .../mdns/0003-Track-interface-socket-family.patch | 50 + .../0004-Use-list-for-changed-interfaces.patch | 177 ++ .../mdns/mdns/0006-Remove-unneeded-function.patch | 51 + .../mdns/0006-make-Add-top-level-Makefile.patch | 175 ++ ...-Mark-deleted-interfaces-as-being-changed.patch | 39 + .../mdns/0009-Fix-possible-NULL-dereference.patch | 45 + .../0010-Handle-errors-from-socket-calls.patch | 62 + ...dynamic-allocation-to-file-scope-variable.patch | 53 + .../recipes-protocols/mdns/mdns/mdns.service | 15 + .../recipes-protocols/mdns/mdns_1310.140.1.bb | 44 +- .../net-snmp/CVE-2022-44792-CVE-2022-44793.patch | 116 + .../recipes-protocols/net-snmp/net-snmp_5.9.3.bb | 1 + .../recipes-support/chrony/chrony_4.2.bb | 21 +- .../recipes-support/cifs/cifs-utils_6.14.bb | 5 +- .../cifs/files/CVE-2022-27239.patch | 40 + .../cifs/files/CVE-2022-29869.patch | 48 + .../recipes-support/dnsmasq/dnsmasq.inc | 1 + .../dnsmasq/files/CVE-2023-28450.patch | 48 + .../recipes-support/ntp/ntp_4.2.8p15.bb | 2 + .../strongswan/files/CVE-2022-40617.patch | 157 ++ .../recipes-support/strongswan/strongswan_5.9.6.bb | 1 + .../recipes-connectivity/lirc/lirc_0.10.1.bb | 6 +- .../meta-python/recipes-dbs/mongodb/mongodb_git.bb | 2 +- .../phoronix-test-suite/files/CVE-2022-40704.patch | 46 + .../phoronix-test-suite_10.8.2.bb | 6 +- .../krb5/krb5/CVE-2022-42898.patch | 110 + .../recipes-connectivity/krb5/krb5_1.17.2.bb | 1 + .../zabbix/zabbix/CVE-2022-43515.patch | 37 + .../zabbix/zabbix/CVE-2022-46768.patch | 53 + .../zabbix/zabbix/CVE-2023-29451.patch | 116 + .../recipes-connectivity/zabbix/zabbix_5.4.12.bb | 3 + .../recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb | 2 +- .../meta-oe/recipes-core/pim435/pim435_git.bb | 4 +- .../fsverity-utils/fsverity-utils_1.5.bb | 2 +- .../recipes-dbs/mysql/mariadb-native_10.7.4.bb | 20 - .../recipes-dbs/mysql/mariadb-native_10.7.8.bb | 22 + .../meta-oe/recipes-dbs/mysql/mariadb.inc | 24 +- ...a-potential-bug-of-null-pointer-dereferen.patch | 320 +++ ...CMakeLists.txt-fix-gen_lex_hash-not-found.patch | 69 + .../mysql/mariadb/cross-compiling.patch | 34 + .../mysql/mariadb/mariadb-openssl3.patch | 416 ---- .../meta-oe/recipes-dbs/mysql/mariadb_10.7.4.bb | 28 - .../meta-oe/recipes-dbs/mysql/mariadb_10.7.8.bb | 26 + ...LL-terminate-GSS-receive-buffer-on-error-.patch | 50 + ...-postgresql-fix-ptest-failure-of-sysviews.patch | 42 + .../recipes-dbs/postgresql/postgresql_14.5.bb | 2 + .../flatbuffers/flatbuffers_2.0.0.bb | 7 +- .../meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb | 68 - .../meta-oe/recipes-devtools/grpc/grpc_1.46.7.bb | 68 + .../nlohmann-json/nlohmann-json_3.10.5.bb | 2 +- .../nodejs/nodejs-oe-cache-16.14/oe-npm-cache | 77 - .../nodejs/nodejs-oe-cache-16.19/oe-npm-cache | 77 + .../nodejs/nodejs-oe-cache-native_16.14.bb | 21 - .../nodejs/nodejs-oe-cache-native_16.19.bb | 21 + ...001-Nodejs-Fixed-pipes-DeprecationWarning.patch | 35 + .../nodejs/nodejs/0001-Using-native-binaries.patch | 78 + ...0002-Install-both-binaries-and-use-libdir.patch | 96 - .../nodejs/nodejs/0002-Using-native-binaries.patch | 70 - .../0005-add-openssl-legacy-provider-option.patch | 151 -- .../recipes-devtools/nodejs/nodejs_16.14.2.bb | 186 -- .../recipes-devtools/nodejs/nodejs_16.19.1.bb | 185 ++ .../meta-oe/recipes-devtools/pahole/pahole_1.22.bb | 2 +- .../meta-oe/recipes-devtools/php/php_8.1.10.bb | 286 --- .../meta-oe/recipes-devtools/php/php_8.1.16.bb | 286 +++ .../recipes-devtools/protobuf/protobuf_3.19.4.bb | 95 - .../recipes-devtools/protobuf/protobuf_3.19.6.bb | 95 + .../dlt-daemon/0001-Fix-memory-leak.patch | 34 + .../dlt-daemon/dlt-daemon_2.18.8.bb | 1 + .../recipes-extended/duktape/duktape_2.7.0.bb | 22 +- .../recipes-extended/duktape/files/run-ptest | 32 + .../recipes-extended/jansson/jansson_2.13.1.bb | 3 + ...-fix-install-failure-on-host-without-ldco.patch | 63 + .../liblockfile/liblockfile_1.14.bb | 1 + .../recipes-extended/openwsman/openwsman_2.6.11.bb | 2 +- .../0006-Define-correct-gregs-for-RISCV32.patch | 20 +- .../recipes-extended/redis/redis-7/redis.service | 1 + .../0006-Define-correct-gregs-for-RISCV32.patch | 15 +- .../meta-oe/recipes-extended/redis/redis_6.2.12.bb | 66 + .../meta-oe/recipes-extended/redis/redis_6.2.7.bb | 66 - .../meta-oe/recipes-extended/redis/redis_7.0.11.bb | 72 + .../meta-oe/recipes-extended/redis/redis_7.0.4.bb | 68 - .../recipes-graphics/lvgl/lv-drivers_7.11.0.bb | 8 +- .../recipes-graphics/lvgl/lv-lib-png_8.0.2.bb | 8 +- .../meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb | 6 +- .../recipes-graphics/tigervnc/tigervnc_1.11.0.bb | 2 +- .../xorg-app/xterm/CVE-2022-45063.patch | 782 +++++++ .../meta-oe/recipes-graphics/xorg-app/xterm_372.bb | 1 + .../kernel-selftest/kernel-selftest.bb | 8 +- ...e-of-U-mode-bit-for-opening-files-in-pyth.patch | 52 + .../recipes-multimedia/jack/jack_1.19.20.bb | 4 +- .../recipes-shells/zsh/zsh/CVE-2021-45444_1.patch | 60 + .../recipes-shells/zsh/zsh/CVE-2021-45444_2.patch | 140 ++ .../recipes-shells/zsh/zsh/CVE-2021-45444_3.patch | 77 + .../meta-oe/recipes-shells/zsh/zsh_5.8.bb | 10 +- .../c-ares/c-ares/CVE-2022-4904.patch | 66 + .../recipes-support/c-ares/c-ares_1.18.1.bb | 4 +- .../dool/dool/0001-Fix-rename-in-docs.patch | 261 +++ .../meta-oe/recipes-support/dool/dool_1.0.0.bb | 1 + .../meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | 2 +- ...ultipath-tools-use-run-instead-of-dev-shm.patch | 159 ++ .../multipath-tools/files/CVE-2022-41974.patch | 164 ++ .../multipath-tools/multipath-tools_0.8.4.bb | 5 + .../nss/0001-nss-fix-support-cross-compiling.patch | 7 +- ...0001-JBIG2Stream-Fix-crash-on-broken-file.patch | 41 + .../recipes-support/poppler/poppler_22.04.0.bb | 1 + .../meta-oe/recipes-support/re2/re2_2020.11.01.bb | 2 +- .../meta-oe/recipes-support/spdlog/spdlog_1.9.2.bb | 4 +- .../syslog-ng/files/CVE-2022-38725-0001.patch | 65 + .../syslog-ng/files/CVE-2022-38725-0002.patch | 150 ++ .../syslog-ng/files/CVE-2022-38725-0003.patch | 77 + .../syslog-ng/files/CVE-2022-38725-0004.patch | 37 + .../syslog-ng/files/CVE-2022-38725-0005.patch | 211 ++ .../syslog-ng/files/CVE-2022-38725-0006.patch | 180 ++ .../syslog-ng/files/CVE-2022-38725-0007.patch | 81 + .../syslog-ng/files/CVE-2022-38725-0008.patch | 45 + .../recipes-support/syslog-ng/syslog-ng_3.36.1.bb | 8 + .../libcrypt/files/0001-Fix-for-Issue-31.patch | 37 - .../libcrypt/libcrypt-openssl-rsa-perl_0.32.bb | 39 - .../libcrypt/libcrypt-openssl-rsa-perl_0.33.bb | 38 + .../python/python3-oauthlib_3.2.0.bb | 22 - .../python/python3-oauthlib_3.2.2.bb | 22 + .../python/python3-pillow/run-ptest | 3 + .../python/python3-pillow_9.0.1.bb | 42 - .../python/python3-pillow_9.4.0.bb | 64 + .../python/python3-protobuf_3.20.0.bb | 39 - .../python/python3-protobuf_3.20.3.bb | 39 + ...ions.abc-deprecation-warning-in-downloadu.patch | 41 + .../python/python3-requests-toolbelt_0.9.1.bb | 5 +- .../recipes-httpd/apache2/apache2_2.4.54.bb | 225 -- .../recipes-httpd/apache2/apache2_2.4.56.bb | 225 ++ .../apache2/files/apache2-volatile.conf | 2 +- ...Use-value-instead-of-address-of-sin6_port.patch | 30 + .../recipes-httpd/monkey/monkey_1.6.9.bb | 6 +- .../files/CVE-2022-41741-CVE-2022-41742.patch | 319 +++ .../recipes-httpd/nginx/nginx_1.20.1.bb | 4 +- .../phpmyadmin/phpmyadmin/CVE-2023-25727.patch | 37 + .../recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb | 1 + .../xfce4-settings/xfce4-settings_4.16.2.bb | 31 - .../xfce4-settings/xfce4-settings_4.16.5.bb | 31 + .../libcroco/libcroco/CVE-2020-12825.patch | 190 ++ .../recipes-support/libcroco/libcroco_0.6.13.bb | 22 + meta-raspberrypi/conf/machine/raspberrypi-cm.conf | 2 +- .../conf/machine/raspberrypi0-2w-64.conf | 4 +- meta-raspberrypi/conf/machine/raspberrypi0-2w.conf | 4 +- meta-raspberrypi/conf/machine/raspberrypi0.conf | 2 +- meta-raspberrypi/conf/machine/raspberrypi3-64.conf | 2 +- meta-raspberrypi/conf/machine/raspberrypi4-64.conf | 2 +- .../meta-tpm/lib/oeqa/runtime/cases/tpm2.py | 27 +- poky/bitbake/bin/bitbake | 3 +- poky/bitbake/bin/bitbake-diffsigs | 49 +- poky/bitbake/bin/bitbake-server | 5 +- poky/bitbake/bin/bitbake-worker | 3 +- .../bitbake-user-manual-fetching.rst | 4 +- poky/bitbake/lib/bb/cookerdata.py | 17 +- poky/bitbake/lib/bb/fetch2/git.py | 19 +- poky/bitbake/lib/bb/fetch2/gitsm.py | 2 +- poky/bitbake/lib/bb/runqueue.py | 36 +- poky/bitbake/lib/bb/siggen.py | 11 +- poky/bitbake/lib/bb/tests/fetch.py | 4 +- poky/bitbake/lib/bb/utils.py | 47 +- poky/bitbake/lib/ply/yacc.py | 7 + poky/documentation/bsp-guide/bsp.rst | 6 +- poky/documentation/conf.py | 1 + poky/documentation/dev-manual/common-tasks.rst | 313 ++- poky/documentation/kernel-dev/faq.rst | 2 +- .../migration-guides/migration-4.0.rst | 3 + .../documentation/migration-guides/release-4.0.rst | 7 + .../migration-guides/release-notes-4.0.5.rst | 196 ++ .../migration-guides/release-notes-4.0.6.rst | 313 +++ .../migration-guides/release-notes-4.0.7.rst | 242 ++ .../migration-guides/release-notes-4.0.8.rst | 217 ++ .../migration-guides/release-notes-4.0.9.rst | 247 ++ poky/documentation/overview-manual/yp-intro.rst | 2 +- poky/documentation/profile-manual/usage.rst | 6 +- poky/documentation/ref-manual/classes.rst | 96 +- .../ref-manual/system-requirements.rst | 4 + poky/documentation/ref-manual/terms.rst | 28 + poky/documentation/ref-manual/variables.rst | 146 +- poky/meta-poky/conf/distro/poky.conf | 4 +- poky/meta-poky/conf/local.conf.sample | 2 +- poky/meta-selftest/files/static-group | 2 + .../recipes-test/devtool/devtool-test-local/file3 | 1 + .../devtool/devtool-test-local_6.03.bb | 3 + .../recipes-test/devtool/devtool-test-localonly.bb | 3 + .../devtool/devtool-test-localonly/file3 | 1 + .../recipes-kernel/linux/linux-yocto_5.10.bbappend | 8 +- .../recipes-kernel/linux/linux-yocto_5.15.bbappend | 8 +- poky/meta/classes/archiver.bbclass | 2 +- poky/meta/classes/baremetal-image.bbclass | 11 + poky/meta/classes/base.bbclass | 2 +- poky/meta/classes/cargo_common.bbclass | 4 +- poky/meta/classes/core-image.bbclass | 2 +- poky/meta/classes/create-spdx.bbclass | 30 +- poky/meta/classes/cve-check.bbclass | 11 +- poky/meta/classes/devshell.bbclass | 2 - poky/meta/classes/externalsrc.bbclass | 25 +- poky/meta/classes/fs-uuid.bbclass | 2 +- poky/meta/classes/gnomebase.bbclass | 2 +- poky/meta/classes/gtk-icon-cache.bbclass | 2 +- poky/meta/classes/image.bbclass | 7 +- poky/meta/classes/image_types.bbclass | 3 + poky/meta/classes/image_types_wic.bbclass | 2 +- poky/meta/classes/insane.bbclass | 5 +- poky/meta/classes/kernel-arch.bbclass | 2 +- poky/meta/classes/kernel-fitimage.bbclass | 21 +- poky/meta/classes/kernel-yocto.bbclass | 12 +- poky/meta/classes/kernel.bbclass | 37 +- poky/meta/classes/libc-package.bbclass | 1 + poky/meta/classes/license_image.bbclass | 2 +- poky/meta/classes/linux-kernel-base.bbclass | 4 + poky/meta/classes/mirrors.bbclass | 4 +- poky/meta/classes/multilib.bbclass | 1 + poky/meta/classes/native.bbclass | 2 +- poky/meta/classes/overlayfs-etc.bbclass | 5 +- poky/meta/classes/overlayfs.bbclass | 6 +- poky/meta/classes/own-mirrors.bbclass | 1 + poky/meta/classes/package.bbclass | 28 +- poky/meta/classes/populate_sdk_ext.bbclass | 4 +- poky/meta/classes/qemuboot.bbclass | 3 +- poky/meta/classes/recipe_sanity.bbclass | 2 +- poky/meta/classes/rm_work.bbclass | 19 +- poky/meta/classes/sanity.bbclass | 21 +- poky/meta/classes/scons.bbclass | 8 +- poky/meta/classes/sstate.bbclass | 2 +- poky/meta/classes/staging.bbclass | 4 + poky/meta/classes/systemd.bbclass | 1 + poky/meta/classes/testimage.bbclass | 2 +- poky/meta/classes/toolchain-scripts.bbclass | 4 +- poky/meta/classes/uboot-sign.bbclass | 2 +- poky/meta/classes/uninative.bbclass | 2 + poky/meta/classes/update-alternatives.bbclass | 6 +- poky/meta/conf/bitbake.conf | 2 +- .../conf/distro/include/cve-extra-exclusions.inc | 5 + .../conf/distro/include/ptest-packagelists.inc | 3 +- poky/meta/conf/distro/include/yocto-uninative.inc | 10 +- poky/meta/files/overlayfs-etc-preinit.sh.in | 23 +- poky/meta/lib/oe/cve_check.py | 39 + poky/meta/lib/oe/overlayfs.py | 6 +- poky/meta/lib/oe/package_manager/deb/__init__.py | 8 +- poky/meta/lib/oe/package_manager/rpm/__init__.py | 33 +- poky/meta/lib/oe/reproducible.py | 3 +- poky/meta/lib/oe/sbom.py | 4 +- poky/meta/lib/oe/sstatesig.py | 16 +- poky/meta/lib/oeqa/core/target/ssh.py | 43 +- poky/meta/lib/oeqa/core/utils/concurrencytest.py | 4 +- poky/meta/lib/oeqa/runtime/cases/rpm.py | 23 +- poky/meta/lib/oeqa/runtime/cases/rtc.py | 8 +- poky/meta/lib/oeqa/runtime/context.py | 4 +- poky/meta/lib/oeqa/sdk/cases/buildepoxy.py | 2 +- poky/meta/lib/oeqa/sdkext/cases/devtool.py | 2 +- poky/meta/lib/oeqa/selftest/cases/bbtests.py | 2 +- poky/meta/lib/oeqa/selftest/cases/cve_check.py | 19 + poky/meta/lib/oeqa/selftest/cases/devtool.py | 1 + poky/meta/lib/oeqa/selftest/cases/externalsrc.py | 44 + poky/meta/lib/oeqa/selftest/cases/lic_checksum.py | 2 + poky/meta/lib/oeqa/selftest/cases/locales.py | 45 + poky/meta/lib/oeqa/selftest/cases/minidebuginfo.py | 49 + poky/meta/lib/oeqa/selftest/cases/prservice.py | 2 +- poky/meta/lib/oeqa/selftest/cases/recipetool.py | 5 +- .../lib/oeqa/selftest/cases/resulttooltests.py | 2 +- poky/meta/lib/oeqa/selftest/cases/runtime_test.py | 5 +- poky/meta/lib/oeqa/selftest/cases/tinfoil.py | 14 + poky/meta/lib/oeqa/utils/dump.py | 23 +- poky/meta/lib/oeqa/utils/httpserver.py | 6 + poky/meta/lib/oeqa/utils/qemurunner.py | 20 +- poky/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb | 2 - ...ze-overflow-in-grub_font_get_glyph_intern.patch | 115 + .../recipes-bsp/grub/files/CVE-2022-2601.patch | 85 + ...er-efi-chainloader-Use-grub_loader_set_ex.patch | 86 + .../recipes-bsp/grub/files/CVE-2022-3775.patch | 95 + ...ds-boot-Add-API-to-pass-context-to-loader.patch | 168 ++ ...efi-chainloader-Simplify-the-loader-state.patch | 129 ++ poky/meta/recipes-bsp/grub/grub2.inc | 6 + poky/meta/recipes-bsp/u-boot/u-boot.inc | 2 +- .../0001-avoid-start-failure-with-bind-user.patch | 27 + ...lwresd-V-and-start-log-hide-build-options.patch | 35 + ...-searching-for-json-headers-searches-sysr.patch | 47 + .../recipes-connectivity/bind/bind-9.18.11/bind9 | 2 + .../bind/bind-9.18.11/conf.patch | 330 +++ .../bind/bind-9.18.11/generate-rndc-key.sh | 8 + .../init.d-add-support-for-read-only-rootfs.patch | 65 + .../make-etc-initd-bind-stop-work.patch | 42 + .../bind/bind-9.18.11/named.service | 22 + .../0001-avoid-start-failure-with-bind-user.patch | 27 - ...lwresd-V-and-start-log-hide-build-options.patch | 35 - ...-searching-for-json-headers-searches-sysr.patch | 47 - .../recipes-connectivity/bind/bind-9.18.7/bind9 | 2 - .../bind/bind-9.18.7/conf.patch | 330 --- .../bind/bind-9.18.7/generate-rndc-key.sh | 8 - .../init.d-add-support-for-read-only-rootfs.patch | 65 - .../make-etc-initd-bind-stop-work.patch | 42 - .../bind/bind-9.18.7/named.service | 22 - .../meta/recipes-connectivity/bind/bind_9.18.11.bb | 114 + poky/meta/recipes-connectivity/bind/bind_9.18.7.bb | 114 - poky/meta/recipes-connectivity/bluez5/bluez5.inc | 3 + .../recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb | 5 + ...onf-improve-the-sitation-of-working-with-.patch | 82 + ...8-Fix-conflict-error-when-enable-multilib.patch | 46 + ...ep-Allow-getrandom-sysctl-for-newer-glibc.patch | 30 + ...ux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch | 34 + ...-privsep-Allow-newfstatat-syscall-as-well.patch | 31 + .../kea/files/fix-multilib-conflict.patch | 2 +- .../recipes-connectivity/libuv/libuv_1.44.2.bb | 2 +- .../mobile-broadband-provider-info_git.bb | 4 +- .../recipes-connectivity/openssh/openssh_8.9p1.bb | 10 +- .../openssl/files/environment.d-openssl.sh | 4 + .../openssl/openssl/CVE-2023-0464.patch | 225 ++ .../openssl/openssl/CVE-2023-0465.patch | 56 + .../openssl/openssl/CVE-2023-0466.patch | 50 + .../recipes-connectivity/openssl/openssl_3.0.7.bb | 258 --- .../recipes-connectivity/openssl/openssl_3.0.8.bb | 261 +++ .../ppp/ppp/CVE-2022-4603.patch | 48 + poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb | 1 + .../0001-avoid-using-m-option-for-readlink.patch | 37 + .../resolvconf/resolvconf_1.91.bb | 9 +- ...c-check-getprotobynumber_r-with-AC_TRY_LI.patch | 35 - .../recipes-connectivity/socat/socat_1.7.4.3.bb | 53 - .../recipes-connectivity/socat/socat_1.7.4.4.bb | 51 + poky/meta/recipes-core/base-files/base-files/hosts | 2 +- poky/meta/recipes-core/busybox/busybox.inc | 26 +- .../0001-depmod-Ignore-.debug-directories.patch | 2 +- poky/meta/recipes-core/dbus/dbus_1.14.0.bb | 183 -- poky/meta/recipes-core/dbus/dbus_1.14.6.bb | 186 ++ poky/meta/recipes-core/dropbear/dropbear.inc | 4 +- .../dropbear/dropbear/CVE-2021-36369.patch | 145 ++ poky/meta/recipes-core/expat/expat_2.4.9.bb | 31 - poky/meta/recipes-core/expat/expat_2.5.0.bb | 31 + ...-file-info-don-t-assume-million-in-one-ev.patch | 51 + poky/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 1 + poky/meta/recipes-core/glibc/glibc-locale.inc | 11 +- poky/meta/recipes-core/glibc/glibc-version.inc | 2 +- poky/meta/recipes-core/glibc/glibc.inc | 4 +- .../recipes-core/glibc/glibc/CVE-2023-0687.patch | 82 + poky/meta/recipes-core/glibc/glibc_2.35.bb | 1 + poky/meta/recipes-core/ifupdown/ifupdown_0.8.37.bb | 57 - poky/meta/recipes-core/ifupdown/ifupdown_0.8.39.bb | 57 + .../images/build-appliance-image_15.0.0.bb | 2 +- .../libxcrypt/libxcrypt-compat_4.4.28.bb | 18 - .../libxcrypt/libxcrypt-compat_4.4.33.bb | 18 + poky/meta/recipes-core/libxcrypt/libxcrypt.inc | 2 +- .../recipes-core/libxcrypt/libxcrypt_4.4.28.bb | 2 - .../recipes-core/libxcrypt/libxcrypt_4.4.30.bb | 2 + .../libxml/libxml2/CVE-2022-40303.patch | 624 +++++ .../libxml/libxml2/CVE-2022-40304.patch | 106 + poky/meta/recipes-core/libxml/libxml2_2.9.14.bb | 6 +- poky/meta/recipes-core/meta/buildtools-tarball.bb | 7 +- .../meta/recipes-core/meta/cve-update-db-native.bb | 93 +- ...0001-ovmf-update-path-to-native-BaseTools.patch | 2 +- ...makefile-adjust-to-build-in-under-bitbake.patch | 7 +- .../psplash/files/psplash-start.service | 1 + .../psplash/files/psplash-systemd.service | 1 + poky/meta/recipes-core/psplash/psplash_git.bb | 2 +- ...-allow-json_variant_dump-to-return-an-err.patch | 60 + .../systemd/systemd/CVE-2022-3821.patch | 45 + .../systemd/systemd/CVE-2022-4415-1.patch | 109 + .../systemd/systemd/CVE-2022-4415-2.patch | 391 ++++ .../systemd/systemd/CVE-2022-45873.patch | 124 + poky/meta/recipes-core/systemd/systemd_250.5.bb | 13 +- poky/meta/recipes-devtools/apt/apt_2.4.5.bb | 1 + .../recipes-devtools/binutils/binutils-2.38.inc | 13 +- ...tivesdk-Search-for-alternative-ld.so.conf.patch | 2 +- .../binutils/binutils/0018-CVE-2022-38128-1.patch | 350 +++ .../binutils/binutils/0018-CVE-2022-38128-2.patch | 436 ++++ .../binutils/binutils/0018-CVE-2022-38128-3.patch | 95 + .../binutils/binutils/0019-CVE-2022-4285.patch | 37 + .../binutils/binutils/0020-CVE-2023-22608-1.patch | 506 +++++ .../binutils/binutils/0020-CVE-2023-22608-2.patch | 210 ++ .../binutils/binutils/0020-CVE-2023-22608-3.patch | 32 + .../binutils/binutils/0021-CVE-2023-1579-1.patch | 459 ++++ .../binutils/binutils/0021-CVE-2023-1579-2.patch | 2127 +++++++++++++++++ .../binutils/binutils/0021-CVE-2023-1579-3.patch | 156 ++ .../binutils/binutils/0021-CVE-2023-1579-4.patch | 37 + .../0001-bootchart2-support-usrmerge.patch | 37 - .../bootchart2/bootchart2_0.14.9.bb | 11 +- .../recipes-devtools/cmake/cmake-native_3.22.3.bb | 1 + poky/meta/recipes-devtools/gcc/gcc-11.3.inc | 1 - .../recipes-devtools/gcc/gcc-shared-source.inc | 10 + poky/meta/recipes-devtools/gcc/gcc-source.inc | 9 +- ...004-arm-add-armv9-a-architecture-to-march.patch | 89 +- ...C_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 269 ++- ...4-pass-fix-v4bx-to-linker-to-support-EABI.patch | 10 +- .../0019-nios2-Define-MUSL_DYNAMIC_LINKER.patch | 25 - poky/meta/recipes-devtools/git/git_2.35.4.bb | 168 -- poky/meta/recipes-devtools/git/git_2.35.7.bb | 172 ++ poky/meta/recipes-devtools/go/go-1.17.13.inc | 16 +- ...-httputil-avoid-query-parameter-smuggling.patch | 178 ++ .../go/go-1.18/CVE-2022-2879.patch | 177 ++ .../go/go-1.18/CVE-2022-41715.patch | 270 +++ .../go/go-1.18/CVE-2022-41717.patch | 89 + .../go/go-1.18/CVE-2022-41720.patch | 514 +++++ .../go/go-1.18/CVE-2022-41722.patch | 103 + .../go/go-1.18/CVE-2022-41723.patch | 156 ++ .../go/go-1.18/CVE-2023-24537.patch | 75 + .../recipes-devtools/go/go-1.19/add_godebug.patch | 84 + .../go/go-1.19/cve-2022-41724.patch | 2391 ++++++++++++++++++++ .../go/go-1.19/cve-2022-41725.patch | 652 ++++++ poky/meta/recipes-devtools/go/go-crosssdk.inc | 2 + poky/meta/recipes-devtools/go/go_1.17.13.bb | 4 +- poky/meta/recipes-devtools/json-c/json-c/run-ptest | 20 + poky/meta/recipes-devtools/json-c/json-c_0.15.bb | 16 +- poky/meta/recipes-devtools/lua/lua_5.4.4.bb | 3 + .../recipes-devtools/meson/meson/meson-wrapper | 20 +- poky/meta/recipes-devtools/mtd/mtd-utils_git.bb | 4 +- .../opkg-utils/opkg-utils_0.5.0.bb | 6 +- poky/meta/recipes-devtools/opkg/opkg_0.5.0.bb | 4 +- .../patchelf/patchelf/handle-read-only-files.patch | 65 - .../recipes-devtools/patchelf/patchelf_0.14.5.bb | 1 - ...for-and-stop-string-processing-on-truncat.patch | 75 + .../meta/recipes-devtools/pkgconf/pkgconf_1.8.0.bb | 1 + .../python/python3-certifi/CVE-2022-23491.patch | 230 ++ .../python/python3-certifi_2021.10.8.bb | 2 + ...thon3-git-CVE-2022-24439-fix-from-PR-1518.patch | 97 + ...thon3-git-CVE-2022-24439-fix-from-PR-1521.patch | 488 ++++ .../recipes-devtools/python/python3-git_3.1.27.bb | 4 + .../python/python3-mako/CVE-2022-40023.patch | 119 + .../recipes-devtools/python/python3-mako_1.1.6.bb | 2 + .../python/python3-pytest_7.1.1.bb | 2 +- .../python/python3-setuptools-rust-native_1.1.2.bb | 4 +- ...mount-of-whitespace-to-search-backtrack.-.patch | 31 + .../python/python3-setuptools_59.5.0.bb | 1 + ...ed-potential-DoS-attack-via-WHEEL_INFO_RE.patch | 32 + .../python/python3-wheel_0.37.1.bb | 4 +- ...001-gh-92036-Fix-gc_fini_untrack-GH-92037.patch | 54 - ...-not-report-missing-dependencies-for-disa.patch | 8 +- .../python/python3/cve-2023-24329.patch | 50 + .../python/python3/get_module_deps3.py | 2 +- .../meta/recipes-devtools/python/python3_3.10.4.bb | 429 ---- .../meta/recipes-devtools/python/python3_3.10.9.bb | 429 ++++ .../qemu/qemu-helper-native_1.0.bb | 6 +- .../qemu/qemu-helper/qemu-oe-bridge-helper | 25 - .../qemu/qemu-helper/qemu-oe-bridge-helper.c | 34 + poky/meta/recipes-devtools/qemu/qemu.inc | 58 +- ...qxl-Have-qxl_log_command-Return-early-if-.patch | 57 + ...qxl-Pass-requested-buffer-size-to-qxl_phy.patch | 217 ++ ...net-tulip-Restrict-DMA-engine-to-memories.patch | 64 + ...t-Extend-float_exception_flags-to-16-bits.patch | 75 + ...-uint32t-for-reply-queue-head-tail-values.patch | 83 + ...02-softfloat-Add-flag-specific-to-Inf-Inf.patch | 59 + ...y_valid_function_take_MemTxAttrs_argument.patch | 60 + ...0003-softfloat-Add-flag-specific-to-Inf-0.patch | 126 ++ ...ory_set_function_take_MemTxAttrs_argument.patch | 98 + ...oat-Add-flags-specific-to-Inf-Inf-and-0-0.patch | 73 + ...relaxed_function_take_MemTxAttrs_argument.patch | 78 + ...float-Add-flag-specific-to-signaling-nans.patch | 121 + ...mory_rw_function_take_MemTxAttrs_argument.patch | 158 ++ ...Update-float_invalid_op_addsub-for-new-fl.patch | 114 + ...d_write_function_take_MemTxAttrs_argument.patch | 1453 ++++++++++++ ...Update-float_invalid_op_mul-for-new-flags.patch | 86 + ...ory_map_function_take_MemTxAttrs_argument.patch | 227 ++ ...Update-float_invalid_op_div-for-new-flags.patch | 99 + ...e_dma_buf_rw_function_take_a_void_pointer.patch | 41 + ...009-target-ppc-Update-fmadd-for-new-flags.patch | 102 + ...d_and_dma_buf_write_functions_take_a_void.patch | 167 ++ .../qemu/0010-target-ppc-Split-out-do_fmadd.patch | 71 + ..._dma_rw_function_take_MemTxAttrs_argument.patch | 91 + ...Fix-xs-max-min-cj-dp-to-use-VSX-registers.patch | 93 + ..._buf_rw_function_take_MemTxAttrs_argument.patch | 65 + ...t-ppc-Move-xs-max-min-cj-dp-to-decodetree.patch | 121 + ...f_write_function_take_MemTxAttrs_argument.patch | 129 ++ ...3-target-ppc-fix-xscvqpdp-register-access.patch | 41 + ...uf_read_function_take_MemTxAttrs_argument.patch | 222 ++ ...14-target-ppc-move-xscvqpdp-to-decodetree.patch | 130 ++ ...dma_buf_rw_function_propagate_MemTxResult.patch | 91 + ...ppc_store_fpscr-doesn-t-update-bits-0-to-.patch | 70 + ...ter_dma_function_take_MemTxAttrs_argument.patch | 120 + ...6-target-ppc-Introduce-TRANS-FLAGS-macros.patch | 133 ++ ...ter_dma_function_take_MemTxAttrs_argument.patch | 151 ++ ...7-target-ppc-Implement-Vector-Expand-Mask.patch | 105 + ...ointer_dma_function_propagate_MemTxResult.patch | 65 + ...-target-ppc-Implement-Vector-Extract-Mask.patch | 141 ++ ...ointer_dma_function_propagate_MemTxResult.patch | 175 ++ ...rget-ppc-Implement-Vector-Mask-Move-insns.patch | 187 ++ ...pci_dma_function_take_MemTxAttrs_argument.patch | 303 +++ ...move-xs-n-madd-am-ds-p-xs-n-msub-am-ds-p-.patch | 258 +++ ...pci_dma_function_take_MemTxAttrs_argument.patch | 271 +++ ...ppc-implement-xs-n-maddqp-o-xs-n-msubqp-o.patch | 174 ++ ...er_pci_dma_function_propagate_MemTxResult.patch | 47 + ...er_pci_dma_function_propagate_MemTxResult.patch | 296 +++ .../qemu/qemu/CVE-2021-3507_1.patch | 92 - .../qemu/qemu/CVE-2021-3507_2.patch | 115 - .../qemu/qemu/CVE-2021-3611_1.patch | 74 + .../qemu/qemu/CVE-2021-3611_2.patch | 43 + .../qemu/qemu/CVE-2021-3750-1.patch | 59 + .../qemu/qemu/CVE-2021-3750-2.patch | 65 + .../qemu/qemu/CVE-2021-3750-3.patch | 156 ++ .../recipes-devtools/qemu/qemu/CVE-2022-3165.patch | 61 + .../recipes-devtools/qemu/qemu/CVE-2022-4144.patch | 99 + poky/meta/recipes-devtools/quilt/quilt.inc | 2 + .../quilt/quilt/faildiff-order.patch | 41 + .../quilt/quilt/fix-grep-3.8.patch | 144 ++ ...ssing-prototypes-to-function-declarations.patch | 173 ++ ...n-pedantic-errors-at-the-end-of-configure.patch | 68 + poky/meta/recipes-devtools/rsync/rsync_3.2.5.bb | 2 + poky/meta/recipes-devtools/ruby/ruby.inc | 39 - .../0001-Remove-dependency-on-libcapstone.patch | 36 - .../ruby/ruby/CVE-2023-28756.patch | 73 + poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb | 108 - poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb | 143 ++ poky/meta/recipes-devtools/rust/rust-common.inc | 2 +- poky/meta/recipes-devtools/rust/rust.inc | 20 +- .../tcltk/tcl/fix_non_native_build_issue.patch | 2 +- poky/meta/recipes-devtools/vala/vala.inc | 13 +- .../valgrind/valgrind/remove-for-aarch64 | 228 +- poky/meta/recipes-extended/at/at_3.2.5.bb | 6 +- .../recipes-extended/bash/bash/CVE-2022-3715.patch | 33 + poky/meta/recipes-extended/bash/bash_5.1.16.bb | 1 + poky/meta/recipes-extended/bc/bc_1.07.1.bb | 2 +- .../recipes-extended/cracklib/cracklib_2.9.8.bb | 2 +- poky/meta/recipes-extended/cups/cups.inc | 16 +- .../0001-Skip-strip-trailing-cr-test-case.patch | 11 +- ...-not-a-standard-layout-so-glibc-and-musl-.patch | 33 - .../recipes-extended/diffutils/diffutils_3.8.bb | 44 - .../recipes-extended/diffutils/diffutils_3.9.bb | 43 + .../0001-Make-manpages-mulitlib-identical.patch | 2 +- .../0001-replace-perl-w-with-use-warnings.patch | 2 +- .../less/less/CVE-2022-46663.patch | 31 + poky/meta/recipes-extended/less/less_600.bb | 1 + .../libarchive/libarchive_3.6.1.bb | 67 - .../libarchive/libarchive_3.6.2.bb | 67 + .../recipes-extended/libtirpc/libtirpc_1.3.2.bb | 2 +- .../recipes-extended/lighttpd/lighttpd_1.4.66.bb | 79 - .../recipes-extended/lighttpd/lighttpd_1.4.67.bb | 79 + poky/meta/recipes-extended/lsof/lsof_4.94.0.bb | 9 + ...me04-set-threshold-based-on-the-clock-res.patch | 89 + poky/meta/recipes-extended/ltp/ltp_20220121.bb | 1 + ...mdadm-Fix-optional-write-behind-parameter.patch | 45 + ...d0-add-a-test-that-validates-raid0-with-l.patch | 41 + ...donly-Run-udevadm-settle-before-setting-r.patch | 39 + ...eargrow-clear-the-superblock-at-every-ite.patch | 33 + ...date-metadata-avoid-passing-chunk-size-to.patch | 41 + ...1-tests-fix-raid0-tests-for-0.90-metadata.patch | 102 + poky/meta/recipes-extended/mdadm/mdadm_4.2.bb | 6 + .../files/0001-detect-gold-as-GNU-linker-too.patch | 14 +- ...2-don-t-ignore-CFLAGS-when-building-snack.patch | 29 - poky/meta/recipes-extended/newt/libnewt_0.52.21.bb | 58 - poky/meta/recipes-extended/newt/libnewt_0.52.23.bb | 56 + .../pam/libpam/CVE-2022-28321-0002.patch | 205 ++ .../screen/screen/CVE-2023-24626.patch | 40 + poky/meta/recipes-extended/screen/screen_4.9.0.bb | 1 + .../shadow/files/0001-Overhaul-valid_field.patch | 65 + .../shadow/files/CVE-2023-29383.patch | 53 + poky/meta/recipes-extended/shadow/shadow.inc | 2 + poky/meta/recipes-extended/shadow/shadow_4.11.1.bb | 3 + ...1-sudo.conf.in-fix-conflict-with-multilib.patch | 21 +- poky/meta/recipes-extended/sudo/sudo.inc | 2 +- poky/meta/recipes-extended/sudo/sudo_1.9.10.bb | 62 - poky/meta/recipes-extended/sudo/sudo_1.9.13p3.bb | 62 + .../sysstat/sysstat/CVE-2022-39377.patch | 93 + .../recipes-extended/sysstat/sysstat_12.4.5.bb | 3 +- .../recipes-extended/tar/tar/CVE-2022-48303.patch | 43 + poky/meta/recipes-extended/tar/tar_1.34.bb | 4 +- poky/meta/recipes-extended/timezone/timezone.inc | 13 +- .../recipes-extended/timezone/tzcode-native.bb | 3 +- .../0001-Fix-C23-related-conformance-bug.patch | 301 +++ poky/meta/recipes-extended/timezone/tzdata.bb | 16 +- poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb | 1 + .../epiphany/files/CVE-2023-26081.patch | 90 + .../0001-Add-use_prebuilt_tools-option.patch | 173 -- ...-allow-a-subset-of-tests-in-cross-compile.patch | 66 + .../recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb | 119 + .../recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb | 132 -- .../cairo/cairo/CVE-2019-6461.patch | 21 +- .../cairo/cairo/CVE-2019-6462.patch | 46 +- .../recipes-graphics/freetype/freetype_2.11.1.bb | 2 +- .../recipes-graphics/glslang/glslang_1.3.204.1.bb | 2 +- .../harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch | 135 ++ .../harfbuzz/harfbuzz/CVE-2023-25193.patch | 185 ++ .../recipes-graphics/harfbuzz/harfbuzz_4.0.1.bb | 10 +- .../recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb | 62 - .../recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb | 62 + ...-dispatch_common.h-define-also-EGL_NO_X11.patch | 27 - .../recipes-graphics/libepoxy/libepoxy_1.5.10.bb | 31 + .../recipes-graphics/libepoxy/libepoxy_1.5.9.bb | 32 - ...otential-memory-leak-in-GLES_CreateTextur.patch | 40 + .../recipes-graphics/libsdl2/libsdl2_2.0.20.bb | 1 + .../spir/spirv-headers_1.3.204.1.bb | 2 +- .../recipes-graphics/vulkan/vulkan-samples_git.bb | 2 +- .../wayland/wayland/CVE-2021-3782.patch | 111 + .../recipes-graphics/wayland/wayland_1.20.0.bb | 2 + .../xorg-lib/libx11/CVE-2022-3554.patch | 58 + .../xorg-lib/libx11/CVE-2022-3555.patch | 40 + .../recipes-graphics/xorg-lib/libx11_1.7.3.1.bb | 2 + .../xorg-lib/pixman/CVE-2022-44638.patch | 33 + .../recipes-graphics/xorg-lib/pixman_0.40.0.bb | 1 + .../recipes-graphics/xorg-xserver/xserver-xorg.inc | 6 +- .../xorg-xserver/xserver-xorg_21.1.4.bb | 28 - .../xorg-xserver/xserver-xorg_21.1.7.bb | 28 + .../recipes-graphics/xwayland/xwayland_22.1.3.bb | 45 - .../recipes-graphics/xwayland/xwayland_22.1.8.bb | 45 + .../kern-tools/kern-tools-native_git.bb | 2 +- .../linux-firmware/linux-firmware_20220913.bb | 1105 --------- .../linux-firmware/linux-firmware_20230210.bb | 1157 ++++++++++ poky/meta/recipes-kernel/linux/linux-yocto-dev.bb | 4 +- .../recipes-kernel/linux/linux-yocto-rt_5.10.bb | 6 +- .../recipes-kernel/linux/linux-yocto-rt_5.15.bb | 6 +- .../recipes-kernel/linux/linux-yocto-tiny_5.10.bb | 8 +- .../recipes-kernel/linux/linux-yocto-tiny_5.15.bb | 6 +- poky/meta/recipes-kernel/linux/linux-yocto.inc | 1 - poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +- poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +- .../meta/recipes-kernel/lttng/babeltrace_1.5.11.bb | 98 + poky/meta/recipes-kernel/lttng/babeltrace_1.5.8.bb | 98 - ...fix-adjust-range-v5.10.137-in-block-probe.patch | 92 - .../lttng/lttng-modules/0001-fix-compaction.patch | 68 - ..._alloc-fix-tracepoint-mm_page_alloc_zone_.patch | 106 - ...-introduce-kfree_skb_reason-v5.15.58.v5.1.patch | 53 - ...ve-flags-parameter-from-aops-write_begin-.patch | 76 - ...ueue-Fix-type-of-cpu-in-trace-event-v5.19.patch | 124 - .../recipes-kernel/lttng/lttng-modules_2.13.4.bb | 48 - .../recipes-kernel/lttng/lttng-modules_2.13.9.bb | 42 + .../lttng/lttng-tools/determinism.patch | 64 - .../recipes-kernel/lttng/lttng-tools_2.13.4.bb | 188 -- .../recipes-kernel/lttng/lttng-tools_2.13.9.bb | 194 ++ poky/meta/recipes-kernel/lttng/lttng-ust_2.13.3.bb | 53 - poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb | 53 + .../make-mod-scripts/make-mod-scripts_1.0.bb | 2 +- poky/meta/recipes-kernel/perf/perf.bb | 2 +- .../wireless-regdb/wireless-regdb_2022.08.12.bb | 43 - .../wireless-regdb/wireless-regdb_2023.02.13.bb | 43 + ...pzaenc-stop-accessing-out-of-bounds-frame.patch | 86 + ...smcenc-stop-accessing-out-of-bounds-frame.patch | 105 + ...codec-vp3-Add-missing-check-for-av_malloc.patch | 42 + ...-nutdec-Add-check-for-avformat_new_stream.patch | 67 + .../meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 5 + .../gstreamer/gst-devtools_1.20.3.bb | 52 - .../gstreamer/gst-devtools_1.20.5.bb | 52 + .../gstreamer/gstreamer1.0-libav_1.20.3.bb | 28 - .../gstreamer/gstreamer1.0-libav_1.20.5.bb | 28 + .../gstreamer/gstreamer1.0-omx_1.20.3.bb | 47 - .../gstreamer/gstreamer1.0-omx_1.20.5.bb | 47 + .../gstreamer/gstreamer1.0-plugins-bad_1.20.3.bb | 166 -- .../gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb | 166 ++ .../gstreamer/gstreamer1.0-plugins-base_1.20.3.bb | 94 - .../gstreamer/gstreamer1.0-plugins-base_1.20.5.bb | 94 + .../gstreamer/gstreamer1.0-plugins-good_1.20.3.bb | 81 - .../gstreamer/gstreamer1.0-plugins-good_1.20.5.bb | 81 + .../gstreamer/gstreamer1.0-plugins-ugly_1.20.3.bb | 46 - .../gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb | 46 + .../gstreamer/gstreamer1.0-python_1.20.3.bb | 30 - .../gstreamer/gstreamer1.0-python_1.20.5.bb | 30 + .../gstreamer/gstreamer1.0-rtsp-server_1.20.3.bb | 31 - .../gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb | 31 + .../gstreamer/gstreamer1.0-vaapi_1.20.3.bb | 53 - .../gstreamer/gstreamer1.0-vaapi_1.20.5.bb | 53 + .../0005-bin-Fix-race-conditions-in-tests.patch | 300 +++ ...e-gstbin-test_watch_for_state_change-test.patch | 107 - .../gstreamer/gstreamer1.0_1.20.3.bb | 73 - .../gstreamer/gstreamer1.0_1.20.5.bb | 73 + .../recipes-multimedia/libpng/libpng_1.6.38.bb | 34 - .../recipes-multimedia/libpng/libpng_1.6.39.bb | 34 + ...0001-flac-Fix-improper-buffer-reusing-732.patch | 29 + .../libsndfile/libsndfile1_1.0.31.bb | 1 + ...dling-of-TIFFTAG_INKNAMES-and-related-TIF.patch | 267 +++ ...1-fix-the-FPE-in-tiffcrop-415-427-and-428.patch | 2 +- ...fix-crash-when-reading-a-file-with-multip.patch | 14 +- ...x-issue-330-and-some-more-from-320-to-349.patch | 607 +++++ ...1-tiffcrop-S-option-Make-decision-simpler.patch | 36 + ...sable-incompatibility-of-Z-X-Y-z-options-.patch | 59 + ...broutines-require-a-larger-buffer-fixes-2.patch | 640 ++++++ ...-global-buffer-overflow-for-ASCII-tags-wh.patch | 13 +- ...x-issue-380-and-382-heap-buffer-overflow-.patch | 14 +- ...hecks-for-return-value-of-limitMalloc-392.patch | 15 +- ...rmalTag-avoid-calling-memcpy-with-a-null-.patch | 16 +- .../tiff/0005-fix-the-FPE-in-tiffcrop-393.patch | 15 +- ...06-fix-heap-buffer-overflow-in-tiffcp-278.patch | 15 +- .../561599c99f987dc32ae110370cfdd7df7975586b.patch | 9 +- .../libtiff/tiff/CVE-2022-1354.patch | 8 +- .../libtiff/tiff/CVE-2022-1355.patch | 8 +- .../libtiff/tiff/CVE-2022-2867.patch | 129 ++ .../libtiff/tiff/CVE-2022-2869.patch | 84 + .../libtiff/tiff/CVE-2022-2953.patch | 87 + .../libtiff/tiff/CVE-2022-34526.patch | 6 +- .../libtiff/tiff/CVE-2022-3970.patch | 38 + .../libtiff/tiff/CVE-2022-48281.patch | 26 + .../tiff/CVE-2023-0800_0801_0802_0803_0804.patch | 128 ++ .../b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch | 46 + .../eecb0712f4c3a5b449f70c57988260a667ddbdef.patch | 9 +- poky/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 14 +- poky/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb | 166 -- poky/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 166 ++ .../recipes-sato/webkit/wpebackend-fdo_1.12.1.bb | 24 - .../recipes-sato/webkit/wpebackend-fdo_1.14.0.bb | 24 + .../apr-util/0001-Fix-error-handling-in-gdbm.patch | 134 -- poky/meta/recipes-support/apr/apr-util_1.6.1.bb | 98 - poky/meta/recipes-support/apr/apr-util_1.6.3.bb | 96 + ...d-option-to-disable-timed-dependant-tests.patch | 20 +- ...AC_CACHE_CHECK-for-strerror_r-return-type.patch | 52 - ...emove-runtime-test-for-mmap-that-can-map-.patch | 26 +- ...workdir-path-references-from-installed-ap.patch | 25 +- ...e.in-configure.in-support-cross-compiling.patch | 63 - ..._t-size-doesn-t-match-in-glibc-when-cross.patch | 76 - .../recipes-support/apr/apr/CVE-2021-35940.patch | 58 - .../meta/recipes-support/apr/apr/autoconf270.patch | 22 - .../recipes-support/apr/apr/libtoolize_check.patch | 21 +- poky/meta/recipes-support/apr/apr_1.7.0.bb | 143 -- poky/meta/recipes-support/apr/apr_1.7.2.bb | 137 ++ .../recipes-support/bmap-tools/bmap-tools_git.bb | 2 +- .../recipes-support/curl/curl/CVE-2022-32221.patch | 28 + .../recipes-support/curl/curl/CVE-2022-42915.patch | 53 + .../recipes-support/curl/curl/CVE-2022-42916.patch | 136 ++ .../recipes-support/curl/curl/CVE-2022-43551.patch | 35 + .../recipes-support/curl/curl/CVE-2022-43552.patch | 80 + .../curl/curl/CVE-2023-23914_5-1.patch | 280 +++ .../curl/curl/CVE-2023-23914_5-2.patch | 23 + .../curl/curl/CVE-2023-23914_5-3.patch | 45 + .../curl/curl/CVE-2023-23914_5-4.patch | 48 + .../curl/curl/CVE-2023-23914_5-5.patch | 118 + .../recipes-support/curl/curl/CVE-2023-23916.patch | 219 ++ .../recipes-support/curl/curl/CVE-2023-27533.patch | 208 ++ .../recipes-support/curl/curl/CVE-2023-27534.patch | 122 + .../curl/curl/CVE-2023-27535-pre1.patch | 196 ++ .../curl/CVE-2023-27535_and_CVE-2023-27538.patch | 170 ++ .../recipes-support/curl/curl/CVE-2023-27536.patch | 52 + poky/meta/recipes-support/curl/curl_7.82.0.bb | 22 +- .../gnutls/gnutls/CVE-2023-0361.patch | 85 + poky/meta/recipes-support/gnutls/gnutls_3.7.4.bb | 3 +- .../recipes-support/iso-codes/iso-codes_4.11.0.bb | 22 - .../recipes-support/iso-codes/iso-codes_4.13.0.bb | 22 + ...ibcap-Raise-the-size-of-arrays-containing.patch | 2 +- poky/meta/recipes-support/libcap/libcap_2.65.bb | 80 - poky/meta/recipes-support/libcap/libcap_2.66.bb | 80 + ...01-arm-sysv-reverted-clang-VFP-mitigation.patch | 8 +- .../recipes-support/libffi/libffi/not-win32.patch | 8 +- poky/meta/recipes-support/libffi/libffi_3.4.2.bb | 36 - poky/meta/recipes-support/libffi/libffi_3.4.4.bb | 36 + poky/meta/recipes-support/libgit2/libgit2_1.4.3.bb | 22 - poky/meta/recipes-support/libgit2/libgit2_1.4.5.bb | 22 + .../meta/recipes-support/libical/libical_3.0.14.bb | 55 - .../meta/recipes-support/libical/libical_3.0.16.bb | 55 + .../libksba/ksba-add-pkgconfig-support.patch | 6 +- poky/meta/recipes-support/libksba/libksba_1.6.0.bb | 34 - poky/meta/recipes-support/libksba/libksba_1.6.3.bb | 34 + .../libmicrohttpd/libmicrohttpd_0.9.75.bb | 30 - .../libmicrohttpd/libmicrohttpd_0.9.76.bb | 30 + .../recipes-support/libseccomp/files/run-ptest | 3 + .../recipes-support/libseccomp/libseccomp_2.5.3.bb | 2 +- ...ost-enviroment-to-decide-if-a-test-is-bui.patch | 44 - poky/meta/recipes-support/libssh2/files/run-ptest | 9 - .../libssh2/libssh2/fix-ssh2-test.patch | 23 + .../meta/recipes-support/libssh2/libssh2/run-ptest | 8 + .../meta/recipes-support/libssh2/libssh2_1.10.0.bb | 3 +- ...c-Link-with-latomic-only-if-no-atomic-bui.patch | 46 + poky/meta/recipes-support/libusb/libusb1_1.0.26.bb | 13 +- poky/meta/recipes-support/mpfr/mpfr_4.1.0.bb | 19 - poky/meta/recipes-support/mpfr/mpfr_4.1.1.bb | 19 + .../meta/recipes-support/nghttp2/nghttp2_1.47.0.bb | 4 + .../numactl/Fix-the-test-output-format.patch | 3 +- .../meta/recipes-support/numactl/numactl/run-ptest | 6 +- poky/meta/recipes-support/numactl/numactl_git.bb | 6 +- .../sqlite/files/CVE-2022-46908.patch | 39 + poky/meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 + poky/meta/recipes-support/vim/vim.inc | 10 +- poky/scripts/combo-layer | 30 +- poky/scripts/contrib/convert-overrides.py | 103 +- poky/scripts/contrib/image-manifest | 2 +- poky/scripts/lib/buildstats.py | 38 +- poky/scripts/lib/checklayer/__init__.py | 11 +- poky/scripts/lib/checklayer/cases/bsp.py | 2 +- poky/scripts/lib/checklayer/cases/common.py | 3 + poky/scripts/lib/checklayer/cases/distro.py | 2 +- poky/scripts/lib/devtool/menuconfig.py | 2 +- poky/scripts/lib/devtool/standard.py | 57 +- poky/scripts/lib/devtool/upgrade.py | 21 +- poky/scripts/lib/resulttool/resultutils.py | 2 +- poky/scripts/lib/wic/partition.py | 31 +- poky/scripts/lib/wic/plugins/imager/direct.py | 5 +- poky/scripts/lib/wic/plugins/source/rootfs.py | 2 +- poky/scripts/oe-check-sstate | 8 +- .../pybootchartgui/pybootchartgui/parsing.py | 2 +- poky/scripts/runqemu | 52 +- poky/scripts/yocto-check-layer | 5 +- 815 files changed, 45784 insertions(+), 12081 deletions(-) create mode 100644 meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb delete mode 100644 meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.6.bb create mode 100644 meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch delete mode 100644 meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb create mode 100644 meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2928.patch create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2929.patch create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.0.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb create mode 100644 meta-openembedded/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch delete mode 100644 meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.5.bb create mode 100644 meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.7.bb create mode 100644 meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch delete mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-Create-subroutine-for-cleaning-recent-interfaces.patch delete mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-dns-sd-Include-missing-headers.patch delete mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-mdns-include-stddef.h-for-NULL.patch delete mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-Create-subroutine-for-tearing-down-an-interface.patch delete mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-mdns-cross-compilation-fixes-for-bitbake.patch delete mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/files/0003-Track-interface-socket-family.patch delete mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/files/0004-Use-list-for-changed-interfaces.patch delete mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/files/0006-Remove-unneeded-function.patch delete mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/files/0008-Mark-deleted-interfaces-as-being-changed.patch delete mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/files/0009-Fix-possible-NULL-dereference.patch delete mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/files/0010-Handle-errors-from-socket-calls.patch delete mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/files/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch delete mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/files/mdns.service create mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-Create-subroutine-for-cleaning-recent-interfaces.patch create mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-dns-sd-Include-missing-headers.patch create mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-mdns-include-stddef.h-for-NULL.patch create mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-Create-subroutine-for-tearing-down-an-interface.patch create mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-mdns-cross-compilation-fixes-for-bitbake.patch create mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0003-Track-interface-socket-family.patch create mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0004-Use-list-for-changed-interfaces.patch create mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-Remove-unneeded-function.patch create mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch create mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0008-Mark-deleted-interfaces-as-being-changed.patch create mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0009-Fix-possible-NULL-dereference.patch create mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0010-Handle-errors-from-socket-calls.patch create mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch create mode 100644 meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/mdns.service create mode 100644 meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch create mode 100644 meta-openembedded/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch create mode 100644 meta-openembedded/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch create mode 100644 meta-openembedded/meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch create mode 100644 meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2022-40617.patch create mode 100644 meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch create mode 100644 meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch create mode 100644 meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch create mode 100644 meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch create mode 100644 meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch delete mode 100644 meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.4.bb create mode 100644 meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.8.bb create mode 100644 meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch create mode 100644 meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch create mode 100644 meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/cross-compiling.patch delete mode 100644 meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch delete mode 100644 meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.7.4.bb create mode 100644 meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.7.8.bb create mode 100644 meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-Properly-NULL-terminate-GSS-receive-buffer-on-error-.patch create mode 100644 meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.46.7.bb delete mode 100755 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache create mode 100755 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.19/oe-npm-cache delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.19.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Nodejs-Fixed-pipes-DeprecationWarning.patch create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.10.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.16.bb delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.19.4.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.19.6.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/0001-Fix-memory-leak.patch create mode 100644 meta-openembedded/meta-oe/recipes-extended/duktape/files/run-ptest create mode 100644 meta-openembedded/meta-oe/recipes-extended/liblockfile/liblockfile/0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch create mode 100644 meta-openembedded/meta-oe/recipes-extended/redis/redis_6.2.12.bb delete mode 100644 meta-openembedded/meta-oe/recipes-extended/redis/redis_6.2.7.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.11.bb delete mode 100644 meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.4.bb create mode 100644 meta-openembedded/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2022-45063.patch create mode 100644 meta-openembedded/meta-oe/recipes-multimedia/jack/jack/0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch create mode 100644 meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch create mode 100644 meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch create mode 100644 meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch create mode 100644 meta-openembedded/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch create mode 100644 meta-openembedded/meta-oe/recipes-support/dool/dool/0001-Fix-rename-in-docs.patch create mode 100644 meta-openembedded/meta-oe/recipes-support/multipath-tools/files/0001-multipath-tools-use-run-instead-of-dev-shm.patch create mode 100644 meta-openembedded/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch create mode 100644 meta-openembedded/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch create mode 100644 meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0001.patch create mode 100644 meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0002.patch create mode 100644 meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0003.patch create mode 100644 meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch create mode 100644 meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0005.patch create mode 100644 meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0006.patch create mode 100644 meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0007.patch create mode 100644 meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0008.patch delete mode 100644 meta-openembedded/meta-perl/recipes-perl/libcrypt/files/0001-Fix-for-Issue-31.patch delete mode 100644 meta-openembedded/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.32.bb create mode 100644 meta-openembedded/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.33.bb delete mode 100644 meta-openembedded/meta-python/recipes-devtools/python/python3-oauthlib_3.2.0.bb create mode 100644 meta-openembedded/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb create mode 100644 meta-openembedded/meta-python/recipes-devtools/python/python3-pillow/run-ptest delete mode 100644 meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.0.1.bb create mode 100644 meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb delete mode 100644 meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_3.20.0.bb create mode 100644 meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_3.20.3.bb create mode 100644 meta-openembedded/meta-python/recipes-devtools/python/python3-requests-toolbelt/0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch delete mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.56.bb create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2022-41741-CVE-2022-41742.patch create mode 100644 meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch delete mode 100644 meta-openembedded/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.2.bb create mode 100644 meta-openembedded/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.5.bb create mode 100644 meta-openembedded/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch create mode 100644 meta-openembedded/meta/recipes-support/libcroco/libcroco_0.6.13.bb create mode 100644 poky/documentation/migration-guides/release-notes-4.0.5.rst create mode 100644 poky/documentation/migration-guides/release-notes-4.0.6.rst create mode 100644 poky/documentation/migration-guides/release-notes-4.0.7.rst create mode 100644 poky/documentation/migration-guides/release-notes-4.0.8.rst create mode 100644 poky/documentation/migration-guides/release-notes-4.0.9.rst create mode 100644 poky/meta-selftest/recipes-test/devtool/devtool-test-local/file3 create mode 100644 poky/meta-selftest/recipes-test/devtool/devtool-test-localonly/file3 create mode 100644 poky/meta/lib/oeqa/selftest/cases/externalsrc.py create mode 100644 poky/meta/lib/oeqa/selftest/cases/locales.py create mode 100644 poky/meta/lib/oeqa/selftest/cases/minidebuginfo.py create mode 100644 poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch create mode 100644 poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch create mode 100644 poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch create mode 100644 poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch create mode 100644 poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch create mode 100644 poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.11/bind9 create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.11/conf.patch create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.11/named.service delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/bind9 delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/named.service create mode 100644 poky/meta/recipes-connectivity/bind/bind_9.18.11.bb delete mode 100644 poky/meta/recipes-connectivity/bind/bind_9.18.7.bb create mode 100644 poky/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch create mode 100644 poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch create mode 100644 poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch create mode 100644 poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch create mode 100644 poky/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch create mode 100644 poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch create mode 100644 poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch create mode 100644 poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch delete mode 100644 poky/meta/recipes-connectivity/openssl/openssl_3.0.7.bb create mode 100644 poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb create mode 100644 poky/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch create mode 100644 poky/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch delete mode 100644 poky/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch delete mode 100644 poky/meta/recipes-connectivity/socat/socat_1.7.4.3.bb create mode 100644 poky/meta/recipes-connectivity/socat/socat_1.7.4.4.bb delete mode 100644 poky/meta/recipes-core/dbus/dbus_1.14.0.bb create mode 100644 poky/meta/recipes-core/dbus/dbus_1.14.6.bb create mode 100644 poky/meta/recipes-core/dropbear/dropbear/CVE-2021-36369.patch delete mode 100644 poky/meta/recipes-core/expat/expat_2.4.9.bb create mode 100644 poky/meta/recipes-core/expat/expat_2.5.0.bb create mode 100644 poky/meta/recipes-core/glib-2.0/glib-2.0/0001-gio-tests-g-file-info-don-t-assume-million-in-one-ev.patch create mode 100644 poky/meta/recipes-core/glibc/glibc/CVE-2023-0687.patch delete mode 100644 poky/meta/recipes-core/ifupdown/ifupdown_0.8.37.bb create mode 100644 poky/meta/recipes-core/ifupdown/ifupdown_0.8.39.bb delete mode 100644 poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.28.bb create mode 100644 poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.33.bb delete mode 100644 poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.28.bb create mode 100644 poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.30.bb create mode 100644 poky/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch create mode 100644 poky/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch create mode 100644 poky/meta/recipes-core/systemd/systemd/0001-shared-json-allow-json_variant_dump-to-return-an-err.patch create mode 100644 poky/meta/recipes-core/systemd/systemd/CVE-2022-3821.patch create mode 100644 poky/meta/recipes-core/systemd/systemd/CVE-2022-4415-1.patch create mode 100644 poky/meta/recipes-core/systemd/systemd/CVE-2022-4415-2.patch create mode 100644 poky/meta/recipes-core/systemd/systemd/CVE-2022-45873.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0018-CVE-2022-38128-1.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0018-CVE-2022-38128-2.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0018-CVE-2022-38128-3.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0020-CVE-2023-22608-1.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0020-CVE-2023-22608-2.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0020-CVE-2023-22608-3.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-1.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-2.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-3.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-4.patch delete mode 100644 poky/meta/recipes-devtools/bootchart2/bootchart2/0001-bootchart2-support-usrmerge.patch delete mode 100644 poky/meta/recipes-devtools/gcc/gcc/0019-nios2-Define-MUSL_DYNAMIC_LINKER.patch delete mode 100644 poky/meta/recipes-devtools/git/git_2.35.4.bb create mode 100644 poky/meta/recipes-devtools/git/git_2.35.7.bb create mode 100644 poky/meta/recipes-devtools/go/go-1.18/0001-net-http-httputil-avoid-query-parameter-smuggling.patch create mode 100644 poky/meta/recipes-devtools/go/go-1.18/CVE-2022-2879.patch create mode 100644 poky/meta/recipes-devtools/go/go-1.18/CVE-2022-41715.patch create mode 100644 poky/meta/recipes-devtools/go/go-1.18/CVE-2022-41717.patch create mode 100644 poky/meta/recipes-devtools/go/go-1.18/CVE-2022-41720.patch create mode 100644 poky/meta/recipes-devtools/go/go-1.18/CVE-2022-41722.patch create mode 100644 poky/meta/recipes-devtools/go/go-1.18/CVE-2022-41723.patch create mode 100644 poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24537.patch create mode 100644 poky/meta/recipes-devtools/go/go-1.19/add_godebug.patch create mode 100644 poky/meta/recipes-devtools/go/go-1.19/cve-2022-41724.patch create mode 100644 poky/meta/recipes-devtools/go/go-1.19/cve-2022-41725.patch create mode 100644 poky/meta/recipes-devtools/json-c/json-c/run-ptest delete mode 100644 poky/meta/recipes-devtools/patchelf/patchelf/handle-read-only-files.patch create mode 100644 poky/meta/recipes-devtools/pkgconf/pkgconf/0001-tuple-test-for-and-stop-string-processing-on-truncat.patch create mode 100644 poky/meta/recipes-devtools/python/python3-certifi/CVE-2022-23491.patch create mode 100644 poky/meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1518.patch create mode 100644 poky/meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1521.patch create mode 100644 poky/meta/recipes-devtools/python/python3-mako/CVE-2022-40023.patch create mode 100644 poky/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch create mode 100644 poky/meta/recipes-devtools/python/python3-wheel/0001-Fixed-potential-DoS-attack-via-WHEEL_INFO_RE.patch delete mode 100644 poky/meta/recipes-devtools/python/python3/0001-gh-92036-Fix-gc_fini_untrack-GH-92037.patch create mode 100644 poky/meta/recipes-devtools/python/python3/cve-2023-24329.patch delete mode 100644 poky/meta/recipes-devtools/python/python3_3.10.4.bb create mode 100644 poky/meta/recipes-devtools/python/python3_3.10.9.bb delete mode 100755 poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper create mode 100644 poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0001-hw-display-qxl-Have-qxl_log_command-Return-early-if-.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0001-hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0001-net-tulip-Restrict-DMA-engine-to-memories.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0001-softfloat-Extend-float_exception_flags-to-16-bits.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0001-use-uint32t-for-reply-queue-head-tail-values.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0002-softfloat-Add-flag-specific-to-Inf-Inf.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0002_let_dma_memory_valid_function_take_MemTxAttrs_argument.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0003-softfloat-Add-flag-specific-to-Inf-0.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0003_let_dma_memory_set_function_take_MemTxAttrs_argument.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0004-softfloat-Add-flags-specific-to-Inf-Inf-and-0-0.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0004_let_dma_memory_rw_relaxed_function_take_MemTxAttrs_argument.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0005-softfloat-Add-flag-specific-to-signaling-nans.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0005_let_dma_memory_rw_function_take_MemTxAttrs_argument.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0006-target-ppc-Update-float_invalid_op_addsub-for-new-fl.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0006_let_dma_memory_read_write_function_take_MemTxAttrs_argument.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0007-target-ppc-Update-float_invalid_op_mul-for-new-flags.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0007_let_dma_memory_map_function_take_MemTxAttrs_argument.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0008-target-ppc-Update-float_invalid_op_div-for-new-flags.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0008_have_dma_buf_rw_function_take_a_void_pointer.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0009-target-ppc-Update-fmadd-for-new-flags.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0009_have_dma_buf_read_and_dma_buf_write_functions_take_a_void.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0010-target-ppc-Split-out-do_fmadd.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0010_let_pci_dma_rw_function_take_MemTxAttrs_argument.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0011-target-ppc-Fix-xs-max-min-cj-dp-to-use-VSX-registers.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0011_let_dma_buf_rw_function_take_MemTxAttrs_argument.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0012-target-ppc-Move-xs-max-min-cj-dp-to-decodetree.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0012_let_dma_buf_write_function_take_MemTxAttrs_argument.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0013-target-ppc-fix-xscvqpdp-register-access.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0013_let_dma_buf_read_function_take_MemTxAttrs_argument.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0014-target-ppc-move-xscvqpdp-to-decodetree.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0014_let_dma_buf_rw_function_propagate_MemTxResult.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0015-target-ppc-ppc_store_fpscr-doesn-t-update-bits-0-to-.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0015_let_st_pointer_dma_function_take_MemTxAttrs_argument.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0016-target-ppc-Introduce-TRANS-FLAGS-macros.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0016_let_ld_pointer_dma_function_take_MemTxAttrs_argument.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0017-target-ppc-Implement-Vector-Expand-Mask.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0017_let_st_pointer_dma_function_propagate_MemTxResult.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0018-target-ppc-Implement-Vector-Extract-Mask.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0018_let_ld_pointer_dma_function_propagate_MemTxResult.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0019-target-ppc-Implement-Vector-Mask-Move-insns.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0019_let_st_pointer_pci_dma_function_take_MemTxAttrs_argument.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0020-target-ppc-move-xs-n-madd-am-ds-p-xs-n-msub-am-ds-p-.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0020_let_ld_pointer_pci_dma_function_take_MemTxAttrs_argument.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0021-target-ppc-implement-xs-n-maddqp-o-xs-n-msubqp-o.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0021_let_st_pointer_pci_dma_function_propagate_MemTxResult.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/0022_let_ld_pointer_pci_dma_function_propagate_MemTxResult.patch delete mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3507_1.patch delete mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3507_2.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3611_1.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3611_2.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3750-1.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3750-2.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3750-3.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch create mode 100644 poky/meta/recipes-devtools/quilt/quilt/faildiff-order.patch create mode 100644 poky/meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch create mode 100644 poky/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch create mode 100644 poky/meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch delete mode 100644 poky/meta/recipes-devtools/ruby/ruby.inc delete mode 100644 poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch create mode 100644 poky/meta/recipes-devtools/ruby/ruby/CVE-2023-28756.patch delete mode 100644 poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb create mode 100644 poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb create mode 100644 poky/meta/recipes-extended/bash/bash/CVE-2022-3715.patch delete mode 100644 poky/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch delete mode 100644 poky/meta/recipes-extended/diffutils/diffutils_3.8.bb create mode 100644 poky/meta/recipes-extended/diffutils/diffutils_3.9.bb create mode 100644 poky/meta/recipes-extended/less/less/CVE-2022-46663.patch delete mode 100644 poky/meta/recipes-extended/libarchive/libarchive_3.6.1.bb create mode 100644 poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb delete mode 100644 poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb create mode 100644 poky/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb create mode 100644 poky/meta/recipes-extended/ltp/ltp/0001-clock_gettime04-set-threshold-based-on-the-clock-res.patch create mode 100644 poky/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch create mode 100644 poky/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch create mode 100644 poky/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch create mode 100644 poky/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch create mode 100644 poky/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch create mode 100644 poky/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch delete mode 100644 poky/meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch delete mode 100644 poky/meta/recipes-extended/newt/libnewt_0.52.21.bb create mode 100644 poky/meta/recipes-extended/newt/libnewt_0.52.23.bb create mode 100644 poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch create mode 100644 poky/meta/recipes-extended/screen/screen/CVE-2023-24626.patch create mode 100644 poky/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch create mode 100644 poky/meta/recipes-extended/shadow/files/CVE-2023-29383.patch delete mode 100644 poky/meta/recipes-extended/sudo/sudo_1.9.10.bb create mode 100644 poky/meta/recipes-extended/sudo/sudo_1.9.13p3.bb create mode 100644 poky/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch create mode 100644 poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch create mode 100644 poky/meta/recipes-extended/timezone/tzcode/0001-Fix-C23-related-conformance-bug.patch create mode 100644 poky/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch delete mode 100644 poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch create mode 100644 poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch create mode 100644 poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb delete mode 100644 poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb create mode 100644 poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch create mode 100644 poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch delete mode 100644 poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb create mode 100644 poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb delete mode 100644 poky/meta/recipes-graphics/libepoxy/files/0001-dispatch_common.h-define-also-EGL_NO_X11.patch create mode 100644 poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb delete mode 100644 poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb create mode 100644 poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Fix-potential-memory-leak-in-GLES_CreateTextur.patch create mode 100644 poky/meta/recipes-graphics/wayland/wayland/CVE-2021-3782.patch create mode 100644 poky/meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3554.patch create mode 100644 poky/meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3555.patch create mode 100644 poky/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch delete mode 100644 poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb create mode 100644 poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb delete mode 100644 poky/meta/recipes-graphics/xwayland/xwayland_22.1.3.bb create mode 100644 poky/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb delete mode 100644 poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb create mode 100644 poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb create mode 100644 poky/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb delete mode 100644 poky/meta/recipes-kernel/lttng/babeltrace_1.5.8.bb delete mode 100644 poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-adjust-range-v5.10.137-in-block-probe.patch delete mode 100644 poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch delete mode 100644 poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch delete mode 100644 poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch delete mode 100644 poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch delete mode 100644 poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch delete mode 100644 poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb create mode 100644 poky/meta/recipes-kernel/lttng/lttng-modules_2.13.9.bb delete mode 100644 poky/meta/recipes-kernel/lttng/lttng-tools/determinism.patch delete mode 100644 poky/meta/recipes-kernel/lttng/lttng-tools_2.13.4.bb create mode 100644 poky/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb delete mode 100644 poky/meta/recipes-kernel/lttng/lttng-ust_2.13.3.bb create mode 100644 poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb delete mode 100644 poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb create mode 100644 poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.02.13.bb create mode 100644 poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch create mode 100644 poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch create mode 100644 poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch create mode 100644 poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch delete mode 100644 poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb create mode 100644 poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb delete mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.3.bb create mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb delete mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.3.bb create mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.5.bb delete mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.3.bb create mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb delete mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.3.bb create mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.5.bb delete mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.3.bb create mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.5.bb delete mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.3.bb create mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb delete mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.3.bb create mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.5.bb delete mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.3.bb create mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb delete mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.3.bb create mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.5.bb create mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch delete mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch delete mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.3.bb create mode 100644 poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb delete mode 100644 poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb create mode 100644 poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb create mode 100644 poky/meta/recipes-multimedia/libsndfile/libsndfile1/0001-flac-Fix-improper-buffer-reusing-732.patch create mode 100644 poky/meta/recipes-multimedia/libtiff/tiff/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch create mode 100644 poky/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch create mode 100644 poky/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-S-option-Make-decision-simpler.patch create mode 100644 poky/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch create mode 100644 poky/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch create mode 100644 poky/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2867.patch create mode 100644 poky/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2869.patch create mode 100644 poky/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch create mode 100644 poky/meta/recipes-multimedia/libtiff/tiff/CVE-2022-3970.patch create mode 100644 poky/meta/recipes-multimedia/libtiff/tiff/CVE-2022-48281.patch create mode 100644 poky/meta/recipes-multimedia/libtiff/tiff/CVE-2023-0800_0801_0802_0803_0804.patch create mode 100644 poky/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch delete mode 100644 poky/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb create mode 100644 poky/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb delete mode 100644 poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb create mode 100644 poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb delete mode 100644 poky/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch delete mode 100644 poky/meta/recipes-support/apr/apr-util_1.6.1.bb create mode 100644 poky/meta/recipes-support/apr/apr-util_1.6.3.bb delete mode 100644 poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch delete mode 100644 poky/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch delete mode 100644 poky/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch delete mode 100644 poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch delete mode 100644 poky/meta/recipes-support/apr/apr/autoconf270.patch delete mode 100644 poky/meta/recipes-support/apr/apr_1.7.0.bb create mode 100644 poky/meta/recipes-support/apr/apr_1.7.2.bb create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2022-32221.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2022-42915.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2022-42916.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2022-43551.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2022-43552.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2023-23914_5-1.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2023-23914_5-2.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2023-23914_5-3.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2023-23914_5-4.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2023-23914_5-5.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2023-23916.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2023-27533.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2023-27534.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2023-27535-pre1.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2023-27535_and_CVE-2023-27538.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2023-27536.patch create mode 100644 poky/meta/recipes-support/gnutls/gnutls/CVE-2023-0361.patch delete mode 100644 poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb create mode 100644 poky/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb delete mode 100644 poky/meta/recipes-support/libcap/libcap_2.65.bb create mode 100644 poky/meta/recipes-support/libcap/libcap_2.66.bb delete mode 100644 poky/meta/recipes-support/libffi/libffi_3.4.2.bb create mode 100644 poky/meta/recipes-support/libffi/libffi_3.4.4.bb delete mode 100644 poky/meta/recipes-support/libgit2/libgit2_1.4.3.bb create mode 100644 poky/meta/recipes-support/libgit2/libgit2_1.4.5.bb delete mode 100644 poky/meta/recipes-support/libical/libical_3.0.14.bb create mode 100644 poky/meta/recipes-support/libical/libical_3.0.16.bb delete mode 100644 poky/meta/recipes-support/libksba/libksba_1.6.0.bb create mode 100644 poky/meta/recipes-support/libksba/libksba_1.6.3.bb delete mode 100644 poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb create mode 100644 poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb delete mode 100644 poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch delete mode 100644 poky/meta/recipes-support/libssh2/files/run-ptest create mode 100644 poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch create mode 100644 poky/meta/recipes-support/libssh2/libssh2/run-ptest create mode 100644 poky/meta/recipes-support/libusb/libusb1/0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch delete mode 100644 poky/meta/recipes-support/mpfr/mpfr_4.1.0.bb create mode 100644 poky/meta/recipes-support/mpfr/mpfr_4.1.1.bb create mode 100644 poky/meta/recipes-support/sqlite/files/CVE-2022-46908.patch diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb index 3e43c0d2a7..e7f918333a 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb @@ -22,4 +22,4 @@ inherit autotools pkgconfig CFLAGS += " -I${S}" FILES:${PN} += "${datadir}/dbus-1" -FILES:${PN}-dev += "${libdir}/${PN}/*.so" +FILES:${PN}-dev += "${libdir}/${BPN}/*.so" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb index b25e446c41..071379758c 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb @@ -19,4 +19,4 @@ S = "${WORKDIR}/git" inherit autotools pkgconfig FILES:${PN} += "${datadir}/dbus-1" -FILES:${PN}-dev += "${libdir}/${PN}/*.so" +FILES:${PN}-dev += "${libdir}/${BPN}/*.so" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc b/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc index 14d09e5f0b..a4590d61a9 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc @@ -4,7 +4,7 @@ SECTION = "libs/multimedia" LICENSE = "LGPL-2.1-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=fc178bcd425090939a8b634d1d6a9594" -SRC_URI = "git://github.com/FluidSynth/fluidsynth.git;branch=2.2.x;protocol=https" +SRC_URI = "git://github.com/FluidSynth/fluidsynth.git;branch=master;protocol=https" SRCREV = "8b00644751578ba67b709a827cbe5133d849d339" S = "${WORKDIR}/git" PV = "2.2.6" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb new file mode 100644 index 0000000000..13938444c8 --- /dev/null +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb @@ -0,0 +1,101 @@ +SUMMARY = "Music Player Daemon" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" + +HOMEPAGE ="http://www.musicpd.org" + +inherit meson useradd systemd pkgconfig + +DEPENDS += " \ + curl \ + sqlite3 \ + ${@bb.utils.filter('DISTRO_FEATURES', 'pulseaudio', d)} \ + yajl \ + boost \ + icu \ + dbus \ + expat \ + fmt \ +" + +SRC_URI = "git://github.com/MusicPlayerDaemon/MPD;branch=v0.23.x;protocol=https \ + file://mpd.conf.in \ + " +SRCREV = "d91da9679801224847c30147f5914785b6f8f240" +S = "${WORKDIR}/git" + +EXTRA_OEMESON += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '-Dsystemd=enabled -Dsystemd_system_unit_dir=${systemd_system_unitdir} -Dsystemd_user_unit_dir=${systemd_system_unitdir}', '-Dsystemd=disabled', d)}" + +PACKAGECONFIG ??= "${@bb.utils.contains("LICENSE_FLAGS_ACCEPTED", "commercial", "aac", "", d)} \ + alsa ao bzip2 daemon \ + ${@bb.utils.contains("LICENSE_FLAGS_ACCEPTED", "commercial", "ffmpeg aac", "", d)} \ + fifo flac fluidsynth iso9660 \ + jack libsamplerate httpd \ + mms mpg123 modplug sndfile \ + upnp openal opus oss recorder \ + vorbis wavpack zlib" + +PACKAGECONFIG[aac] = "-Dfaad=enabled,-Dfaad=disabled,faad2" +PACKAGECONFIG[alsa] = "-Dalsa=enabled,-Dalsa=disabled,alsa-lib" +PACKAGECONFIG[ao] = "-Dao=enabled,-Dao=disabled,libao" +PACKAGECONFIG[audiofile] = "-Daudiofile=enabled,-Daudiofile=disabled,audiofile" +PACKAGECONFIG[bzip2] = "-Dbzip2=enabled,-Dbzip2=disabled,bzip2" +PACKAGECONFIG[cdioparanoia] = "-Dcdio_paranoia=enabled,-Dcdio_paranoia=disabled,libcdio-paranoia" +PACKAGECONFIG[daemon] = "-Ddaemon=true,-Ddaemon=false" +PACKAGECONFIG[ffmpeg] = "-Dffmpeg=enabled,-Dffmpeg=disabled,ffmpeg" +PACKAGECONFIG[fifo] = "-Dfifo=true,-Dfifo=false" +PACKAGECONFIG[flac] = "-Dflac=enabled,-Dflac=disabled,flac" +PACKAGECONFIG[fluidsynth] = "-Dfluidsynth=enabled,-Dfluidsynth=disabled,fluidsynth" +PACKAGECONFIG[httpd] = "-Dhttpd=true,-Dhttpd=false" +PACKAGECONFIG[id3tag] = "-Did3tag=enabled,-Did3tag=disabled,libid3tag" +PACKAGECONFIG[iso9660] = "-Diso9660=enabled,-Diso9660=disabled,libcdio" +PACKAGECONFIG[jack] = "-Djack=enabled,-Djack=disabled,jack" +PACKAGECONFIG[lame] = "-Dlame=enabled,-Dlame=disabled,lame" +PACKAGECONFIG[libsamplerate] = "-Dlibsamplerate=enabled,-Dlibsamplerate=disabled,libsamplerate0" +PACKAGECONFIG[mad] = "-Dmad=enabled,-Dmad=disabled,libmad" +PACKAGECONFIG[mms] = "-Dmms=enabled,-Dmms=disabled,libmms" +PACKAGECONFIG[modplug] = "-Dmodplug=enabled,-Dmodplug=disabled,libmodplug" +PACKAGECONFIG[mpg123] = "-Dmpg123=enabled,-Dmpg123=disabled,mpg123" +PACKAGECONFIG[openal] = "-Dopenal=enabled,-Dopenal=disabled,openal-soft" +PACKAGECONFIG[opus] = "-Dopus=enabled,-Dopus=disabled,libopus libogg" +PACKAGECONFIG[oss] = "-Doss=enabled,-Doss=disabled," +PACKAGECONFIG[recorder] = "-Drecorder=true,-Drecorder=false" +PACKAGECONFIG[smb] = "-Dsmbclient=enabled,-Dsmbclient=disabled,samba" +PACKAGECONFIG[sndfile] = "-Dsndfile=enabled,-Dsndfile=disabled,libsndfile1" +PACKAGECONFIG[upnp] = "-Dupnp=pupnp,-Dupnp=disabled,libupnp" +PACKAGECONFIG[vorbis] = "-Dvorbis=enabled,-Dvorbis=disabled,libvorbis libogg" +PACKAGECONFIG[wavpack] = "-Dwavpack=enabled,-Dwavpack=disabled,wavpack" +PACKAGECONFIG[zlib] = "-Dzlib=enabled,-Dzlib=disabled,zlib" + +do_install:append() { + install -o mpd -d \ + ${D}/${localstatedir}/lib/mpd \ + ${D}/${localstatedir}/lib/mpd/playlists + install -m775 -o mpd -g mpd -d \ + ${D}/${localstatedir}/lib/mpd/music + + install -d ${D}/${sysconfdir} + install -m 644 ${WORKDIR}/mpd.conf.in ${D}/${sysconfdir}/mpd.conf + sed -i \ + -e 's|%music_directory%|${localstatedir}/lib/mpd/music|' \ + -e 's|%playlist_directory%|${localstatedir}/lib/mpd/playlists|' \ + -e 's|%db_file%|${localstatedir}/lib/mpd/mpd.db|' \ + -e 's|%log_file%|${localstatedir}/log/mpd.log|' \ + -e 's|%state_file%|${localstatedir}/lib/mpd/state|' \ + ${D}/${sysconfdir}/mpd.conf + + # we don't need the icon + rm -rf ${D}${datadir}/icons +} + +RPROVIDES:${PN} += "${PN}-systemd" +RREPLACES:${PN} += "${PN}-systemd" +RCONFLICTS:${PN} += "${PN}-systemd" +SYSTEMD_SERVICE:${PN} = "mpd.socket" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = " \ + --system --no-create-home \ + --home ${localstatedir}/lib/mpd \ + --groups audio \ + --user-group mpd" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.6.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.6.bb deleted file mode 100644 index c74f1074cc..0000000000 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.6.bb +++ /dev/null @@ -1,101 +0,0 @@ -SUMMARY = "Music Player Daemon" -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" - -HOMEPAGE ="http://www.musicpd.org" - -inherit meson useradd systemd pkgconfig - -DEPENDS += " \ - curl \ - sqlite3 \ - ${@bb.utils.filter('DISTRO_FEATURES', 'pulseaudio', d)} \ - yajl \ - boost \ - icu \ - dbus \ - expat \ - fmt \ -" - -SRC_URI = "git://github.com/MusicPlayerDaemon/MPD;branch=v0.23.x;protocol=https \ - file://mpd.conf.in \ - " -SRCREV = "f591193ddaa7f9bcb6c85ff5899517fc7b53e35a" -S = "${WORKDIR}/git" - -EXTRA_OEMESON += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '-Dsystemd=enabled -Dsystemd_system_unit_dir=${systemd_system_unitdir} -Dsystemd_user_unit_dir=${systemd_system_unitdir}', '-Dsystemd=disabled', d)}" - -PACKAGECONFIG ??= "${@bb.utils.contains("LICENSE_FLAGS_ACCEPTED", "commercial", "aac", "", d)} \ - alsa ao bzip2 daemon \ - ${@bb.utils.contains("LICENSE_FLAGS_ACCEPTED", "commercial", "ffmpeg aac", "", d)} \ - fifo flac fluidsynth iso9660 \ - jack libsamplerate httpd \ - mms mpg123 modplug sndfile \ - upnp openal opus oss recorder \ - vorbis wavpack zlib" - -PACKAGECONFIG[aac] = "-Dfaad=enabled,-Dfaad=disabled,faad2" -PACKAGECONFIG[alsa] = "-Dalsa=enabled,-Dalsa=disabled,alsa-lib" -PACKAGECONFIG[ao] = "-Dao=enabled,-Dao=disabled,libao" -PACKAGECONFIG[audiofile] = "-Daudiofile=enabled,-Daudiofile=disabled,audiofile" -PACKAGECONFIG[bzip2] = "-Dbzip2=enabled,-Dbzip2=disabled,bzip2" -PACKAGECONFIG[cdioparanoia] = "-Dcdio_paranoia=enabled,-Dcdio_paranoia=disabled,libcdio-paranoia" -PACKAGECONFIG[daemon] = "-Ddaemon=true,-Ddaemon=false" -PACKAGECONFIG[ffmpeg] = "-Dffmpeg=enabled,-Dffmpeg=disabled,ffmpeg" -PACKAGECONFIG[fifo] = "-Dfifo=true,-Dfifo=false" -PACKAGECONFIG[flac] = "-Dflac=enabled,-Dflac=disabled,flac" -PACKAGECONFIG[fluidsynth] = "-Dfluidsynth=enabled,-Dfluidsynth=disabled,fluidsynth" -PACKAGECONFIG[httpd] = "-Dhttpd=true,-Dhttpd=false" -PACKAGECONFIG[id3tag] = "-Did3tag=enabled,-Did3tag=disabled,libid3tag" -PACKAGECONFIG[iso9660] = "-Diso9660=enabled,-Diso9660=disabled,libcdio" -PACKAGECONFIG[jack] = "-Djack=enabled,-Djack=disabled,jack" -PACKAGECONFIG[lame] = "-Dlame=enabled,-Dlame=disabled,lame" -PACKAGECONFIG[libsamplerate] = "-Dlibsamplerate=enabled,-Dlibsamplerate=disabled,libsamplerate0" -PACKAGECONFIG[mad] = "-Dmad=enabled,-Dmad=disabled,libmad" -PACKAGECONFIG[mms] = "-Dmms=enabled,-Dmms=disabled,libmms" -PACKAGECONFIG[modplug] = "-Dmodplug=enabled,-Dmodplug=disabled,libmodplug" -PACKAGECONFIG[mpg123] = "-Dmpg123=enabled,-Dmpg123=disabled,mpg123" -PACKAGECONFIG[openal] = "-Dopenal=enabled,-Dopenal=disabled,openal-soft" -PACKAGECONFIG[opus] = "-Dopus=enabled,-Dopus=disabled,libopus libogg" -PACKAGECONFIG[oss] = "-Doss=enabled,-Doss=disabled," -PACKAGECONFIG[recorder] = "-Drecorder=true,-Drecorder=false" -PACKAGECONFIG[smb] = "-Dsmbclient=enabled,-Dsmbclient=disabled,samba" -PACKAGECONFIG[sndfile] = "-Dsndfile=enabled,-Dsndfile=disabled,libsndfile1" -PACKAGECONFIG[upnp] = "-Dupnp=pupnp,-Dupnp=disabled,libupnp" -PACKAGECONFIG[vorbis] = "-Dvorbis=enabled,-Dvorbis=disabled,libvorbis libogg" -PACKAGECONFIG[wavpack] = "-Dwavpack=enabled,-Dwavpack=disabled,wavpack" -PACKAGECONFIG[zlib] = "-Dzlib=enabled,-Dzlib=disabled,zlib" - -do_install:append() { - install -o mpd -d \ - ${D}/${localstatedir}/lib/mpd \ - ${D}/${localstatedir}/lib/mpd/playlists - install -m775 -o mpd -g mpd -d \ - ${D}/${localstatedir}/lib/mpd/music - - install -d ${D}/${sysconfdir} - install -m 644 ${WORKDIR}/mpd.conf.in ${D}/${sysconfdir}/mpd.conf - sed -i \ - -e 's|%music_directory%|${localstatedir}/lib/mpd/music|' \ - -e 's|%playlist_directory%|${localstatedir}/lib/mpd/playlists|' \ - -e 's|%db_file%|${localstatedir}/lib/mpd/mpd.db|' \ - -e 's|%log_file%|${localstatedir}/log/mpd.log|' \ - -e 's|%state_file%|${localstatedir}/lib/mpd/state|' \ - ${D}/${sysconfdir}/mpd.conf - - # we don't need the icon - rm -rf ${D}${datadir}/icons -} - -RPROVIDES:${PN} += "${PN}-systemd" -RREPLACES:${PN} += "${PN}-systemd" -RCONFLICTS:${PN} += "${PN}-systemd" -SYSTEMD_SERVICE:${PN} = "mpd.socket" - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM:${PN} = " \ - --system --no-create-home \ - --home ${localstatedir}/lib/mpd \ - --groups audio \ - --user-group mpd" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch new file mode 100644 index 0000000000..92094af1f2 --- /dev/null +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch @@ -0,0 +1,37 @@ +From 2e8dc2c28c0938dbbb85ebbac2b9a60be9ccd9f3 Mon Sep 17 00:00:00 2001 +From: Max Kellermann +Date: Wed, 23 Nov 2022 12:25:50 +0100 +Subject: [PATCH] SearchPage: use regular integer to fix -Wenum-constexpr-conversion + +Upstream-Status: Backport [https://github.com/MusicPlayerDaemon/ncmpc/commit/ddd1757907f0376b5843f707bf182b7827ff6591] +--- + src/SearchPage.cxx | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/SearchPage.cxx b/src/SearchPage.cxx +index 2fa5edbc..3f91c4fe 100644 +--- a/src/SearchPage.cxx ++++ b/src/SearchPage.cxx +@@ -81,7 +81,7 @@ search_get_tag_id(const char *name) + } + + struct SearchMode { +- enum mpd_tag_type table; ++ int table; + const char *label; + }; + +@@ -89,8 +89,8 @@ static constexpr SearchMode mode[] = { + { MPD_TAG_TITLE, N_("Title") }, + { MPD_TAG_ARTIST, N_("Artist") }, + { MPD_TAG_ALBUM, N_("Album") }, +- { (enum mpd_tag_type)SEARCH_URI, N_("Filename") }, +- { (enum mpd_tag_type)SEARCH_ARTIST_TITLE, N_("Artist + Title") }, ++ { SEARCH_URI, N_("Filename") }, ++ { SEARCH_ARTIST_TITLE, N_("Artist + Title") }, + { MPD_TAG_COUNT, nullptr } + }; + +-- +2.39.0 + diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb deleted file mode 100644 index a77d4f9783..0000000000 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb +++ /dev/null @@ -1,39 +0,0 @@ -SUMMARY = "A curses client for the Music Player Daemon" -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" -HOMEPAGE = "https://www.musicpd.org/clients/ncmpc/" - -inherit meson pkgconfig - -DEPENDS += " \ - ncurses \ - libpcre2 \ - libmpdclient \ -" - -RDEPENDS:${PN} += "python3-core" - -PACKAGECONFIG ??= "colors locale mouse nls regex help_screen library_screen search_screen song_screen key_screen lyrics_screen outputs_screen" - -PACKAGECONFIG[colors] = "-Dcolors=true,-Dcolors=false" -PACKAGECONFIG[lirc] = "-Dlirc=enabled,-Dlirc=disabled,lirc" -PACKAGECONFIG[locale] = "-Dlocale=enabled,-Dlocale=disabled" -PACKAGECONFIG[mini] = "-Dmini=true,-Dmini=false" -PACKAGECONFIG[mouse] = "-Dmouse=enabled,-Dmouse=disabled" -PACKAGECONFIG[nls] = "-Dnls=enabled,-Dnls=disabled,gettext-native" -PACKAGECONFIG[regex] = "-Dregex=enabled,-Dregex=disabled,pcre" - -PACKAGECONFIG[help_screen] = "-Dhelp_screen=true,-Dhelp_screen=false" -PACKAGECONFIG[library_screen] = "-Dlibrary_screen=true,-Dlibrary_screen=false" -PACKAGECONFIG[search_screen] = "-Dsearch_screen=true,-Dsearch_screen=false" -PACKAGECONFIG[song_screen] = "-Dsong_screen=true,-Dsong_screen=false" -PACKAGECONFIG[key_screen] = "-Dkey_screen=true,-Dkey_screen=false" -PACKAGECONFIG[lyrics_screen] = "-Dlyrics_screen=true,-Dlyrics_screen=false" -PACKAGECONFIG[outputs_screen] = "-Doutputs_screen=true,-Doutputs_screen=false" -PACKAGECONFIG[chat_screen] = "-Dchat_screen=true,-Dchat_screen=false" - -SRC_URI = " \ - git://github.com/MusicPlayerDaemon/ncmpc;branch=master;protocol=https \ -" -SRCREV = "b9b5e11e10d8f66cd672ffb51728aa447f78ecd4" -S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb new file mode 100644 index 0000000000..44046912ed --- /dev/null +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb @@ -0,0 +1,40 @@ +SUMMARY = "A curses client for the Music Player Daemon" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" +HOMEPAGE = "https://www.musicpd.org/clients/ncmpc/" + +inherit meson pkgconfig + +DEPENDS += " \ + ncurses \ + libpcre2 \ + libmpdclient \ +" + +RDEPENDS:${PN} += "python3-core" + +PACKAGECONFIG ??= "colors locale mouse nls regex help_screen library_screen search_screen song_screen key_screen lyrics_screen outputs_screen" + +PACKAGECONFIG[colors] = "-Dcolors=true,-Dcolors=false" +PACKAGECONFIG[lirc] = "-Dlirc=enabled,-Dlirc=disabled,lirc" +PACKAGECONFIG[locale] = "-Dlocale=enabled,-Dlocale=disabled" +PACKAGECONFIG[mini] = "-Dmini=true,-Dmini=false" +PACKAGECONFIG[mouse] = "-Dmouse=enabled,-Dmouse=disabled" +PACKAGECONFIG[nls] = "-Dnls=enabled,-Dnls=disabled,gettext-native" +PACKAGECONFIG[regex] = "-Dregex=enabled,-Dregex=disabled,pcre" + +PACKAGECONFIG[help_screen] = "-Dhelp_screen=true,-Dhelp_screen=false" +PACKAGECONFIG[library_screen] = "-Dlibrary_screen=true,-Dlibrary_screen=false" +PACKAGECONFIG[search_screen] = "-Dsearch_screen=true,-Dsearch_screen=false" +PACKAGECONFIG[song_screen] = "-Dsong_screen=true,-Dsong_screen=false" +PACKAGECONFIG[key_screen] = "-Dkey_screen=true,-Dkey_screen=false" +PACKAGECONFIG[lyrics_screen] = "-Dlyrics_screen=true,-Dlyrics_screen=false" +PACKAGECONFIG[outputs_screen] = "-Doutputs_screen=true,-Doutputs_screen=false" +PACKAGECONFIG[chat_screen] = "-Dchat_screen=true,-Dchat_screen=false" + +SRC_URI = " \ + git://github.com/MusicPlayerDaemon/ncmpc;branch=master;protocol=https \ + file://0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch \ +" +SRCREV = "fc8de01c71acdf10ad07c7aae756dc522b848124" +S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/classes/kernel_wireless_regdb.bbclass b/meta-openembedded/meta-networking/classes/kernel_wireless_regdb.bbclass index 1238172bd4..9ad566c837 100644 --- a/meta-openembedded/meta-networking/classes/kernel_wireless_regdb.bbclass +++ b/meta-openembedded/meta-networking/classes/kernel_wireless_regdb.bbclass @@ -17,4 +17,4 @@ do_kernel_add_regdb() { cp ${STAGING_LIBDIR_NATIVE}/crda/db.txt ${S}/net/wireless/db.txt } do_kernel_add_regdb[dirs] = "${S}" -addtask kernel_add_regdb before do_build after do_configure +addtask kernel_add_regdb before do_compile after do_configure diff --git a/meta-openembedded/meta-networking/recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb b/meta-openembedded/meta-networking/recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb index 92c648708e..499b035040 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb @@ -17,6 +17,8 @@ SRC_URI = "https://downloads.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \ file://0001-Makefile.am-only-build-dhcrelay.patch \ file://0002-bind-Makefile.in-disable-backtrace.patch \ file://0003-bind-Makefile.in-regenerate-configure.patch \ + file://CVE-2022-2928.patch \ + file://CVE-2022-2929.patch \ " SRC_URI[sha256sum] = "0e3ec6b4c2a05ec0148874bcd999a66d05518378d77421f607fb0bc9d0135818" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2928.patch b/meta-openembedded/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2928.patch new file mode 100644 index 0000000000..247e8dec68 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2928.patch @@ -0,0 +1,120 @@ +From 2e08d138ff852820a6e87a09088d2dc2cdd15e56 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati +Date: Mon, 10 Oct 2022 09:57:15 +0530 +Subject: [PATCH 1/2] CVE-2022-2928 + +Upstream-Status: Backport [https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/] +CVE: CVE-2022-2928 +Signed-off-by: Hitendra Prajapati +--- + common/options.c | 7 +++++ + common/tests/option_unittest.c | 54 ++++++++++++++++++++++++++++++++++ + 2 files changed, 61 insertions(+) + +diff --git a/common/options.c b/common/options.c +index 92c8fee..f0959cb 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -4452,6 +4452,8 @@ add_option(struct option_state *options, + if (!option_cache_allocate(&oc, MDL)) { + log_error("No memory for option cache adding %s (option %d).", + option->name, option_num); ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); + return 0; + } + +@@ -4463,6 +4465,8 @@ add_option(struct option_state *options, + MDL)) { + log_error("No memory for constant data adding %s (option %d).", + option->name, option_num); ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); + option_cache_dereference(&oc, MDL); + return 0; + } +@@ -4471,6 +4475,9 @@ add_option(struct option_state *options, + save_option(&dhcp_universe, options, oc); + option_cache_dereference(&oc, MDL); + ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); ++ + return 1; + } + +diff --git a/common/tests/option_unittest.c b/common/tests/option_unittest.c +index 600ebe6..963b566 100644 +--- a/common/tests/option_unittest.c ++++ b/common/tests/option_unittest.c +@@ -213,6 +213,59 @@ ATF_TC_BODY(parse_X, tc) + } + } + ++ATF_TC(add_option_ref_cnt); ++ ++ATF_TC_HEAD(add_option_ref_cnt, tc) ++{ ++ atf_tc_set_md_var(tc, "descr", ++ "Verify add_option() does not leak option ref counts."); ++} ++ ++ATF_TC_BODY(add_option_ref_cnt, tc) ++{ ++ struct option_state *options = NULL; ++ struct option *option = NULL; ++ unsigned int cid_code = DHO_DHCP_CLIENT_IDENTIFIER; ++ char *cid_str = "1234"; ++ int refcnt_before = 0; ++ ++ // Look up the option we're going to add. ++ initialize_common_option_spaces(); ++ if (!option_code_hash_lookup(&option, dhcp_universe.code_hash, ++ &cid_code, 0, MDL)) { ++ atf_tc_fail("cannot find option definition?"); ++ } ++ ++ // Get the option's reference count before we call add_options. ++ refcnt_before = option->refcnt; ++ ++ // Allocate a option_state to which to add an option. ++ if (!option_state_allocate(&options, MDL)) { ++ atf_tc_fail("cannot allocat options state"); ++ } ++ ++ // Call add_option() to add the option to the option state. ++ if (!add_option(options, cid_code, cid_str, strlen(cid_str))) { ++ atf_tc_fail("add_option returned 0"); ++ } ++ ++ // Verify that calling add_option() only adds 1 to the option ref count. ++ if (option->refcnt != (refcnt_before + 1)) { ++ atf_tc_fail("after add_option(), count is wrong, before %d, after: %d", ++ refcnt_before, option->refcnt); ++ } ++ ++ // Derefrence the option_state, this should reduce the ref count to ++ // it's starting value. ++ option_state_dereference(&options, MDL); ++ ++ // Verify that dereferencing option_state restores option ref count. ++ if (option->refcnt != refcnt_before) { ++ atf_tc_fail("after state deref, count is wrong, before %d, after: %d", ++ refcnt_before, option->refcnt); ++ } ++} ++ + /* This macro defines main() method that will call specified + test cases. tp and simple_test_case names can be whatever you want + as long as it is a valid variable identifier. */ +@@ -221,6 +274,7 @@ ATF_TP_ADD_TCS(tp) + ATF_TP_ADD_TC(tp, option_refcnt); + ATF_TP_ADD_TC(tp, pretty_print_option); + ATF_TP_ADD_TC(tp, parse_X); ++ ATF_TP_ADD_TC(tp, add_option_ref_cnt); + + return (atf_no_error()); + } +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2929.patch b/meta-openembedded/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2929.patch new file mode 100644 index 0000000000..faaac4868c --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2929.patch @@ -0,0 +1,40 @@ +From 5436cafe1d7df409a44ff5f610248db57f0677ee Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati +Date: Mon, 10 Oct 2022 09:58:04 +0530 +Subject: [PATCH 2/2] CVE-2022-2929 + +Upstream-Status: Backport [https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/] +CVE: CVE-2022-2929 +Signed-off-by: Hitendra Prajapati +--- + common/options.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/common/options.c b/common/options.c +index f0959cb..25450e1 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -454,16 +454,16 @@ int fqdn_universe_decode (struct option_state *options, + while (s < &bp -> data[0] + length + 2) { + len = *s; + if (len > 63) { +- log_info ("fancy bits in fqdn option"); +- return 0; ++ log_info ("label length exceeds 63 in fqdn option"); ++ goto bad; + } + if (len == 0) { + terminated = 1; + break; + } + if (s + len > &bp -> data [0] + length + 3) { +- log_info ("fqdn tag longer than buffer"); +- return 0; ++ log_info ("fqdn label longer than buffer"); ++ goto bad; + } + + if (first_len == 0) { +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch new file mode 100644 index 0000000000..4ea519c752 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch @@ -0,0 +1,118 @@ +From f1cdbb33ec61c4a64a32e107d4d02f936051c708 Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" +Date: Mon, 7 Feb 2022 22:26:05 -0500 +Subject: [PATCH] it's probably wrong to be completely retarded. Let's fix + that. + +CVE: CVE-2022-41860 + +Upstream-Status: Backport +[https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708] + +Signed-off-by: Yi Zhao +--- + src/modules/rlm_eap/libeap/eapsimlib.c | 69 +++++++++++++++++++------- + 1 file changed, 52 insertions(+), 17 deletions(-) + +diff --git a/src/modules/rlm_eap/libeap/eapsimlib.c b/src/modules/rlm_eap/libeap/eapsimlib.c +index cf1e8a7dd9..e438a844ea 100644 +--- a/src/modules/rlm_eap/libeap/eapsimlib.c ++++ b/src/modules/rlm_eap/libeap/eapsimlib.c +@@ -307,42 +307,77 @@ int unmap_eapsim_basictypes(RADIUS_PACKET *r, + newvp->vp_length = 1; + fr_pair_add(&(r->vps), newvp); + ++ /* ++ * EAP-SIM has a 1 octet of subtype, and 2 octets ++ * reserved. ++ */ + attr += 3; + attrlen -= 3; + +- /* now, loop processing each attribute that we find */ +- while(attrlen > 0) { ++ /* ++ * Loop over each attribute. The format is: ++ * ++ * 1 octet of type ++ * 1 octet of length (value 1..255) ++ * ((4 * length) - 2) octets of data. ++ */ ++ while (attrlen > 0) { + uint8_t *p; + +- if(attrlen < 2) { ++ if (attrlen < 2) { + fr_strerror_printf("EAP-Sim attribute %d too short: %d < 2", es_attribute_count, attrlen); + return 0; + } + ++ if (!attr[1]) { ++ fr_strerror_printf("EAP-Sim attribute %d (no.%d) has no data", eapsim_attribute, ++ es_attribute_count); ++ return 0; ++ } ++ + eapsim_attribute = attr[0]; + eapsim_len = attr[1] * 4; + ++ /* ++ * The length includes the 2-byte header. ++ */ + if (eapsim_len > attrlen) { + fr_strerror_printf("EAP-Sim attribute %d (no.%d) has length longer than data (%d > %d)", + eapsim_attribute, es_attribute_count, eapsim_len, attrlen); + return 0; + } + +- if(eapsim_len > MAX_STRING_LEN) { +- eapsim_len = MAX_STRING_LEN; +- } +- if (eapsim_len < 2) { +- fr_strerror_printf("EAP-Sim attribute %d (no.%d) has length too small", eapsim_attribute, +- es_attribute_count); +- return 0; +- } ++ newvp = fr_pair_afrom_num(r, eapsim_attribute + PW_EAP_SIM_BASE, 0); ++ if (!newvp) { ++ /* ++ * RFC 4186 Section 8.1 says 0..127 are ++ * "non-skippable". If one such ++ * attribute is found and we don't ++ * understand it, the server has to send: ++ * ++ * EAP-Request/SIM/Notification packet with an ++ * (AT_NOTIFICATION code, which implies general failure ("General ++ * failure after authentication" (0), or "General failure" (16384), ++ * depending on the phase of the exchange), which terminates the ++ * authentication exchange. ++ */ ++ if (eapsim_attribute <= 127) { ++ fr_strerror_printf("Unknown mandatory attribute %d, failing", ++ eapsim_attribute); ++ return 0; ++ } + +- newvp = fr_pair_afrom_num(r, eapsim_attribute+PW_EAP_SIM_BASE, 0); +- newvp->vp_length = eapsim_len-2; +- newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length); +- memcpy(p, &attr[2], eapsim_len-2); +- fr_pair_add(&(r->vps), newvp); +- newvp = NULL; ++ } else { ++ /* ++ * It's known, ccount for header, and ++ * copy the value over. ++ */ ++ newvp->vp_length = eapsim_len - 2; ++ ++ newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length); ++ memcpy(p, &attr[2], newvp->vp_length); ++ fr_pair_add(&(r->vps), newvp); ++ } + + /* advance pointers, decrement length */ + attr += eapsim_len; +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch new file mode 100644 index 0000000000..352c02137a --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch @@ -0,0 +1,53 @@ +From 0ec2b39d260e08e4c3464f6b95005821dc559c62 Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" +Date: Mon, 28 Feb 2022 10:34:15 -0500 +Subject: [PATCH] manual port of commit 5906bfa1 + +CVE: CVE-2022-41861 + +Upstream-Status: Backport +[https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62] + +Signed-off-by: Yi Zhao +--- + src/lib/filters.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/lib/filters.c b/src/lib/filters.c +index 4868cd385d..3f3b63daee 100644 +--- a/src/lib/filters.c ++++ b/src/lib/filters.c +@@ -1205,13 +1205,19 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in + } + } + } else if (filter->type == RAD_FILTER_GENERIC) { +- int count; ++ size_t count, masklen; ++ ++ masklen = ntohs(filter->u.generic.len); ++ if (masklen >= sizeof(filter->u.generic.mask)) { ++ *p = '\0'; ++ return; ++ } + + i = snprintf(p, outlen, " %u ", (unsigned int) ntohs(filter->u.generic.offset)); + p += i; + + /* show the mask */ +- for (count = 0; count < ntohs(filter->u.generic.len); count++) { ++ for (count = 0; count < masklen; count++) { + i = snprintf(p, outlen, "%02x", filter->u.generic.mask[count]); + p += i; + outlen -= i; +@@ -1222,7 +1228,7 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in + outlen--; + + /* show the value */ +- for (count = 0; count < ntohs(filter->u.generic.len); count++) { ++ for (count = 0; count < masklen; count++) { + i = snprintf(p, outlen, "%02x", filter->u.generic.value[count]); + p += i; + outlen -= i; +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb index 1407b798b5..db37f65918 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb @@ -33,6 +33,8 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0 file://radiusd-volatiles.conf \ file://check-openssl-cmds-in-script-bootstrap.patch \ file://0001-version.c-don-t-print-build-flags.patch \ + file://CVE-2022-41860.patch \ + file://CVE-2022-41861.patch \ " raddbdir="${sysconfdir}/${MLPREFIX}raddb" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.0.bb deleted file mode 100644 index d4a9c7bf8d..0000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.0.bb +++ /dev/null @@ -1,44 +0,0 @@ -SUMMARY = "Lightweight crypto and SSL/TLS library" -DESCRIPTION = "mbedtls is a lean open source crypto library \ -for providing SSL and TLS support in your programs. It offers \ -an intuitive API and documented header files, so you can actually \ -understand what the code does. It features: \ - \ - - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4, \ - Camellia and XTEA \ - - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5 \ - - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG \ - - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \ - ECDSA and ECDH \ - - SSL v3 and TLS 1.0, 1.1 and 1.2 \ - - Abstraction layers for ciphers, hashes, public key operations, \ - platform abstraction and threading \ -" - -HOMEPAGE = "https://tls.mbed.org/" - -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" - -SECTION = "libs" - -S = "${WORKDIR}/git" -SRCREV = "8b3f26a5ac38d4fdccbc5c5366229f3e01dafcc0" -SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=mbedtls-2.28" - -inherit cmake - -PACKAGECONFIG ??= "shared-libs programs" -PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF" -PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF" -PACKAGECONFIG[werror] = "-DMBEDTLS_FATAL_WARNINGS=ON,-DMBEDTLS_FATAL_WARNINGS=OFF" - -EXTRA_OECMAKE = "-DENABLE_TESTING=OFF -DLIB_INSTALL_DIR:STRING=${libdir}" - -PROVIDES += "polarssl" -RPROVIDES:${PN} = "polarssl" - -PACKAGES =+ "${PN}-programs" -FILES:${PN}-programs = "${bindir}/" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb new file mode 100644 index 0000000000..5696f94b0e --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb @@ -0,0 +1,44 @@ +SUMMARY = "Lightweight crypto and SSL/TLS library" +DESCRIPTION = "mbedtls is a lean open source crypto library \ +for providing SSL and TLS support in your programs. It offers \ +an intuitive API and documented header files, so you can actually \ +understand what the code does. It features: \ + \ + - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4, \ + Camellia and XTEA \ + - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5 \ + - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG \ + - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \ + ECDSA and ECDH \ + - SSL v3 and TLS 1.0, 1.1 and 1.2 \ + - Abstraction layers for ciphers, hashes, public key operations, \ + platform abstraction and threading \ +" + +HOMEPAGE = "https://tls.mbed.org/" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SECTION = "libs" + +S = "${WORKDIR}/git" +SRCREV = "89f040a5c938985c5f30728baed21e49d0846a53" +SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=mbedtls-2.28" + +inherit cmake + +PACKAGECONFIG ??= "shared-libs programs" +PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF" +PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF" +PACKAGECONFIG[werror] = "-DMBEDTLS_FATAL_WARNINGS=ON,-DMBEDTLS_FATAL_WARNINGS=OFF" + +EXTRA_OECMAKE = "-DENABLE_TESTING=OFF -DLIB_INSTALL_DIR:STRING=${libdir}" + +PROVIDES += "polarssl" +RPROVIDES:${PN} = "polarssl" + +PACKAGES =+ "${PN}-programs" +FILES:${PN}-programs = "${bindir}/" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb b/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb index e715135dc3..03eff43dd2 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb @@ -9,11 +9,11 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://../LICENSE;md5=f399b62ce0a152525d1589a5a40c0ff6" DEPENDS = "asio fmt http-parser" -SRC_URI = "https://github.com/Stiffstream/restinio/releases/download/v.${PV}/restinio-${PV}.tar.bz2" +SRC_URI = "https://github.com/Stiffstream/restinio/releases/download/v.${PV}/${BP}.tar.bz2" SRC_URI[md5sum] = "37a4310e98912030a74bdd4ed789f33c" SRC_URI[sha256sum] = "b35d696e6fafd4563ca708fcecf9d0cf6705c846d417b5000f5252e0188848e7" -S = "${WORKDIR}/${PN}-${PV}/dev" +S = "${WORKDIR}/${BP}/dev" inherit cmake diff --git a/meta-openembedded/meta-networking/recipes-connectivity/ufw/ufw_0.36.1.bb b/meta-openembedded/meta-networking/recipes-connectivity/ufw/ufw_0.36.1.bb index b6a768e08a..c479eefba0 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/ufw/ufw_0.36.1.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/ufw/ufw_0.36.1.bb @@ -70,5 +70,5 @@ FILES:${PN} += " \ REQUIRED_DISTRO_FEATURES = "ipv6" -DISTUTILS_BUILD_ARGS:append = " --iptables-dir /usr/sbin" -DISTUTILS_INSTALL_ARGS:append = " --iptables-dir /usr/sbin" +SETUPTOOLS_BUILD_ARGS:append = " --iptables-dir /usr/sbin" +SETUPTOOLS_INSTALL_ARGS:append = " --iptables-dir /usr/sbin" diff --git a/meta-openembedded/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch b/meta-openembedded/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch new file mode 100644 index 0000000000..ad1704520c --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch @@ -0,0 +1,35 @@ +From e5ddcf9575437bacd64c2b68501b413014186a6a Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 19 Oct 2022 10:15:01 -0700 +Subject: [PATCH] makedefs: Account for linux 6.x version + +Major version has bumped to 6 and script needs to know that + +Upstream-Status: Pending +Signed-off-by: Khem Raj +--- + makedefs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/makedefs ++++ b/makedefs +@@ -613,7 +613,7 @@ EOF + : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} + : ${PLUGIN_LD="${CC-gcc} -shared"} + ;; +- Linux.[345].*) SYSTYPE=LINUX$RELEASE_MAJOR ++ Linux.[3-6]*) SYSTYPE=LINUX$RELEASE_MAJOR + case "$CCARGS" in + *-DNO_DB*) ;; + *-DHAS_DB*) ;; +--- a/src/util/sys_defs.h ++++ b/src/util/sys_defs.h +@@ -751,7 +751,7 @@ extern int initgroups(const char *, int) + /* + * LINUX. + */ +-#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) ++#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) || defined(LINUX6) + #define SUPPORTED + #define UINT32_TYPE unsigned int + #define UINT16_TYPE unsigned short diff --git a/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.5.bb b/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.5.bb deleted file mode 100644 index 343a8b2df0..0000000000 --- a/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.5.bb +++ /dev/null @@ -1,17 +0,0 @@ -require postfix.inc - -SRC_URI += "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${PV}.tar.gz \ - file://main.cf \ - file://postfix \ - file://internal_recipient \ - file://postfix.service \ - file://aliasesdb \ - file://check_hostname.sh \ - file://0001-Fix-makedefs.patch \ - file://0002-Change-fixed-postconf-to-a-variable-for-cross-compil.patch \ - file://0003-makedefs-Use-native-compiler-to-build-makedefs.test.patch \ - file://0004-Fix-icu-config.patch \ - file://0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \ - " -SRC_URI[sha256sum] = "300fa8811cea20d01d25c619d359bffab82656e704daa719e0c9afc4ecff4808" -UPSTREAM_CHECK_REGEX = "postfix\-(?P3\.6(\.\d+)+).tar.gz" diff --git a/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.7.bb b/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.7.bb new file mode 100644 index 0000000000..17864b8915 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.7.bb @@ -0,0 +1,18 @@ +require postfix.inc + +SRC_URI += "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${PV}.tar.gz \ + file://main.cf \ + file://postfix \ + file://internal_recipient \ + file://postfix.service \ + file://aliasesdb \ + file://check_hostname.sh \ + file://0001-Fix-makedefs.patch \ + file://0002-Change-fixed-postconf-to-a-variable-for-cross-compil.patch \ + file://0003-makedefs-Use-native-compiler-to-build-makedefs.test.patch \ + file://0004-Fix-icu-config.patch \ + file://0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \ + file://0006-makedefs-Account-for-linux-6.x-version.patch \ + " +SRC_URI[sha256sum] = "e471df7e0eb11c4a1e574b6d7298f635386e2843b6b3584c25a04543d587e07f" +UPSTREAM_CHECK_REGEX = "postfix\-(?P3\.6(\.\d+)+).tar.gz" diff --git a/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb b/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb index e078be79a1..080a0ed85c 100644 --- a/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb +++ b/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb @@ -38,7 +38,7 @@ RDEPENDS:${PN}-ptest += " make bash python3-core python3-ctypes python3-json pyt TESTDIR = "tests" -PRIVATE_LIBS:${PN}-ptest:append = "libnftables.so.1" +PRIVATE_LIBS:${PN}-ptest:append = " libnftables.so.1" do_install_ptest() { cp -rf ${S}/build-aux ${D}${PTEST_PATH} diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch new file mode 100644 index 0000000000..73493bb120 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch @@ -0,0 +1,36 @@ +From 5216a05b32390a64efeb598051411e1776042624 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Fri, 11 Nov 2022 12:26:04 +0100 +Subject: [PATCH] tools: remove backslash from declare check regex + +The backslash in `grep -q '^declare \-a'` is not needed and +causes `grep: warning: stray \ before -` warning in grep-3.8. + +Signed-off-by: Marius Tomaschewski + +CVE: CVE-2022-42917 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/5216a05b32390a64efeb598051411e1776042624] + +Signed-off-by: Yi Zhao +--- + tools/frrcommon.sh.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in +index 61f1abb37..3c16c27c6 100755 +--- a/tools/frrcommon.sh.in ++++ b/tools/frrcommon.sh.in +@@ -335,7 +335,7 @@ if [ -z "$FRR_PATHSPACE" ]; then + load_old_config "/etc/sysconfig/frr" + fi + +-if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare \-a'; then ++if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare -a'; then + log_warning_msg "watchfrr_options contains a bash array value." \ + "The configured value is intentionally ignored since it is likely wrong." \ + "Please remove or fix the setting." +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/frr.pam b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/frr.pam index 3541a975ae..a9ec35dd69 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/frr.pam +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/frr.pam @@ -1,10 +1,11 @@ # -# The PAM configuration file for the quagga `vtysh' service +# The PAM configuration file for the frr `vtysh' service # # This allows root to change user infomation without being # prompted for a password auth sufficient pam_rootok.so +account sufficient pam_rootok.so # The standard Unix authentication modules, used with # NIS (man nsswitch) as well as normal /etc/passwd and diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb index 658731567d..80f4729e1f 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb @@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \ file://CVE-2022-37035.patch \ file://CVE-2022-37032.patch \ + file://CVE-2022-42917.patch \ file://frr.pam \ " diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-Create-subroutine-for-cleaning-recent-interfaces.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-Create-subroutine-for-cleaning-recent-interfaces.patch deleted file mode 100644 index f8efc10448..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-Create-subroutine-for-cleaning-recent-interfaces.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 6d90f9fdaf008f5c3b8fd8d91594fa1461437888 Mon Sep 17 00:00:00 2001 -From: Nate Karstens -Date: Wed, 28 Jun 2017 17:30:00 -0500 -Subject: [PATCH] Create subroutine for cleaning recent interfaces - -Moves functionality for cleaning the list of recent -interfaces into its own subroutine. - -Upstream-Status: Submitted [dts@apple.com] - -Signed-off-by: Nate Karstens ---- - mDNSPosix/mDNSPosix.c | 23 ++++++++++++++--------- - 1 file changed, 14 insertions(+), 9 deletions(-) - -diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c -index a63cd19..7aeee7b 100755 ---- a/mDNSPosix/mDNSPosix.c -+++ b/mDNSPosix/mDNSPosix.c -@@ -1199,6 +1199,19 @@ mDNSlocal int SetupSocket(struct sockaddr *intfAddr, mDNSIPPort port, int interf - return err; - } - -+// Clean up any interfaces that have been hanging around on the RecentInterfaces list for more than a minute -+mDNSlocal void CleanRecentInterfaces(void) -+{ -+ PosixNetworkInterface **ri = &gRecentInterfaces; -+ const mDNSs32 utc = mDNSPlatformUTC(); -+ while (*ri) -+ { -+ PosixNetworkInterface *pi = *ri; -+ if (utc - pi->LastSeen < 60) ri = (PosixNetworkInterface **)&pi->coreIntf.next; -+ else { *ri = (PosixNetworkInterface *)pi->coreIntf.next; free(pi); } -+ } -+} -+ - // Creates a PosixNetworkInterface for the interface whose IP address is - // intfAddr and whose name is intfName and registers it with mDNS core. - mDNSlocal int SetupOneInterface(mDNS *const m, struct sockaddr *intfAddr, struct sockaddr *intfMask, const char *intfName, int intfIndex) -@@ -1388,15 +1401,7 @@ mDNSlocal int SetupInterfaceList(mDNS *const m) - // Clean up. - if (intfList != NULL) freeifaddrs(intfList); - -- // Clean up any interfaces that have been hanging around on the RecentInterfaces list for more than a minute -- PosixNetworkInterface **ri = &gRecentInterfaces; -- const mDNSs32 utc = mDNSPlatformUTC(); -- while (*ri) -- { -- PosixNetworkInterface *pi = *ri; -- if (utc - pi->LastSeen < 60) ri = (PosixNetworkInterface **)&pi->coreIntf.next; -- else { *ri = (PosixNetworkInterface *)pi->coreIntf.next; free(pi); } -- } -+ CleanRecentInterfaces(); - - return err; - } --- -2.20.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-dns-sd-Include-missing-headers.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-dns-sd-Include-missing-headers.patch deleted file mode 100644 index c743b3eddb..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-dns-sd-Include-missing-headers.patch +++ /dev/null @@ -1,41 +0,0 @@ -From ea442b57f7a9bcd41d5b5bd1cafde4dbe5685d41 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Thu, 4 Nov 2021 07:31:32 -0700 -Subject: [PATCH] dns-sd: Include missing headers - -Fixes build on Musl - -Upstream-Status: Pending -Signed-off-by: Khem Raj ---- - Clients/dns-sd.c | 2 ++ - 1 file changed, 2 insertions(+) - ---- a/Clients/dns-sd.c -+++ b/Clients/dns-sd.c -@@ -58,11 +58,13 @@ - //#define TEST_NEW_CLIENTSTUB 1 - - #include -+#include // For va_args - #include // For stdout, stderr - #include // For exit() - #include // For strlen(), strcpy() - #include // For errno, EINTR - #include -+#include // For MIN - #include // For u_char - #ifdef APPLE_OSX_mDNSResponder - #include // For PRId64 ---- a/mDNSPosix/nss_mdns.c -+++ b/mDNSPosix/nss_mdns.c -@@ -89,6 +89,9 @@ - - #include - -+#if !defined(NETDB_INTERNAL) -+# define NETDB_INTERNAL (-1) -+#endif - - //---------- - // Public functions diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-mdns-include-stddef.h-for-NULL.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-mdns-include-stddef.h-for-NULL.patch deleted file mode 100644 index c57ce8fa53..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-mdns-include-stddef.h-for-NULL.patch +++ /dev/null @@ -1,40 +0,0 @@ -From d744609c56f9872e5aa71707f1f71feec9867f51 Mon Sep 17 00:00:00 2001 -From: Mikko Rapeli -Date: Tue, 14 Jul 2020 16:36:29 +0000 -Subject: [PATCH 1/2] mdns: include for NULL - -Fixes build error with version 1096.40.7: - -../mDNSCore/mDNS.c:11385:26: error: 'NULL' undeclared (first use in this function) -11385 | const char *reason = NULL; - | ^~~~ -../mDNSCore/mDNS.c:56:1: note: 'NULL' is defined in header ''; did you forget to '#include '? - 55 | #include "dns_sd_internal.h" - +++ |+#include - 56 | -../mDNSCore/mDNS.c:11385:26: note: each undeclared identifier is reported only once for each function it appears in -11385 | const char *reason = NULL; - | ^~~~ - -Upstream-Status: Pending - -Signed-off-by: Mikko Rapeli ---- - mDNSCore/mDNS.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/mDNSCore/mDNS.c b/mDNSCore/mDNS.c -index 2fbea04..d4b9af5 100755 ---- a/mDNSCore/mDNS.c -+++ b/mDNSCore/mDNS.c -@@ -23,6 +23,7 @@ - * routines, or types (which may or may not be present on any given platform). - */ - -+#include /* for NULL */ - #include "DNSCommon.h" // Defines general DNS utility routines - #include "uDNS.h" // Defines entry points into unicast-specific routines - --- -2.20.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-Create-subroutine-for-tearing-down-an-interface.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-Create-subroutine-for-tearing-down-an-interface.patch deleted file mode 100644 index 21ba318499..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-Create-subroutine-for-tearing-down-an-interface.patch +++ /dev/null @@ -1,58 +0,0 @@ -From a2148df99ddcd122247f95c4cbcce5c4118581a1 Mon Sep 17 00:00:00 2001 -From: Nate Karstens -Date: Wed, 28 Jun 2017 17:30:00 -0500 -Subject: [PATCH 02/11] Create subroutine for tearing down an interface - -Creates a subroutine for tearing down an interface. - -Upstream-Status: Submitted [dts@apple.com] - -Signed-off-by: Nate Karstens ---- - mDNSPosix/mDNSPosix.c | 22 ++++++++++++++++------ - 1 file changed, 16 insertions(+), 6 deletions(-) - -diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c -index ffc9696..5e5b2cd 100644 ---- a/mDNSPosix/mDNSPosix.c -+++ b/mDNSPosix/mDNSPosix.c -@@ -591,6 +591,19 @@ mDNSlocal void FreePosixNetworkInterface(PosixNetworkInterface *intf) - gRecentInterfaces = intf; - } - -+mDNSlocal void TearDownInterface(mDNS *const m, PosixNetworkInterface *intf) -+{ -+ mDNS_DeregisterInterface(m, &intf->coreIntf, NormalActivation); -+ if (gMDNSPlatformPosixVerboseLevel > 0) fprintf(stderr, "Deregistered interface %s\n", intf->intfName); -+ FreePosixNetworkInterface(intf); -+ -+ num_registered_interfaces--; -+ if (num_registered_interfaces == 0) { -+ num_pkts_accepted = 0; -+ num_pkts_rejected = 0; -+ } -+} -+ - // Grab the first interface, deregister it, free it, and repeat until done. - mDNSlocal void ClearInterfaceList(mDNS *const m) - { -@@ -599,13 +612,10 @@ mDNSlocal void ClearInterfaceList(mDNS *const m) - while (m->HostInterfaces) - { - PosixNetworkInterface *intf = (PosixNetworkInterface*)(m->HostInterfaces); -- mDNS_DeregisterInterface(m, &intf->coreIntf, NormalActivation); -- if (gMDNSPlatformPosixVerboseLevel > 0) fprintf(stderr, "Deregistered interface %s\n", intf->intfName); -- FreePosixNetworkInterface(intf); -+ TearDownInterface(m, intf); - } -- num_registered_interfaces = 0; -- num_pkts_accepted = 0; -- num_pkts_rejected = 0; -+ -+ assert(num_registered_interfaces == 0); - } - - // Sets up a send/receive socket. --- -2.17.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-mdns-cross-compilation-fixes-for-bitbake.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-mdns-cross-compilation-fixes-for-bitbake.patch deleted file mode 100644 index 33590ffc57..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-mdns-cross-compilation-fixes-for-bitbake.patch +++ /dev/null @@ -1,145 +0,0 @@ -From 72405143f9d16514e70b88bc4843c9634b88036a Mon Sep 17 00:00:00 2001 -From: Brendan Le Foll -Date: Tue, 3 Mar 2015 11:42:57 +0000 -Subject: [PATCH 2/2] mdns: cross compilation fixes for bitbake - -Fixes several build errors when incorrect compiler or -compiler flags are used. - -Upstream-Status: Inappropriate [OE-specific] - -Signed-off-by: Paul Eggleton -Signed-off-by: Mikko Rapeli ---- - mDNSPosix/Makefile | 44 ++++++++++++++++++++------------------------ - 1 file changed, 20 insertions(+), 24 deletions(-) - -diff --git a/mDNSPosix/Makefile b/mDNSPosix/Makefile -index 78222e0..18a3af5 100755 ---- a/mDNSPosix/Makefile -+++ b/mDNSPosix/Makefile -@@ -50,6 +50,7 @@ - - LIBVERS = 1 - -+POSIXDIR = ../mDNSPosix - COREDIR = ../mDNSCore - SHAREDDIR ?= ../mDNSShared - DSODIR ?= ../DSO -@@ -62,16 +63,16 @@ else ifeq ($(SYSTEM), Linux) - os=linux - endif - --CC = cc --BISON = bison --FLEX = flex --ST = strip --LD = ld -+CC ?= cc -+BISON ?= bison -+FLEX ?= flex -+ST ?= strip -+LD ?= ld - SOOPTS = -shared - CP = cp - RM = rm - LN = ln -s -f --CFLAGS_COMMON = -I$(COREDIR) -I$(SHAREDDIR) -I$(DSODIR) -I$(PROXYDIR) -I$(OBJDIR) -fwrapv -W -Wall -DPID_FILE=\"/var/run/mdnsd.pid\" -DMDNS_UDS_SERVERPATH=\"/var/run/mdnsd\" -+CFLAGS_COMMON = -I$(POSIXDIR) -I$(COREDIR) -I$(SHAREDDIR) -I$(DSODIR) -I$(PROXYDIR) -I$(OBJDIR) -fwrapv -W -Wall -DPID_FILE=\"/var/run/mdnsd.pid\" -DMDNS_UDS_SERVERPATH=\"/var/run/mdnsd\" - CFLAGS_PTHREAD = - LINKOPTS = - LINKOPTS_PTHREAD = -lpthread -@@ -85,6 +86,7 @@ CFLAGS_OPEN_SOURCE= - endif - - # Set up diverging paths for debug vs. prod builds -+DEBUG ?= 1 - ifeq "$(DEBUG)" "1" - CFLAGS_DEBUGGING = -g -DMDNS_DEBUGMSGS=2 - OBJDIR = objects/debug -@@ -101,8 +103,8 @@ else - # 1. We want to make small binaries, suitable for putting into hardware devices - # 2. Some of the code analysis warnings only work when some form of optimization is enabled - CFLAGS_DEBUGGING = -g -DMDNS_DEBUGMSGS=0 --OBJDIR ?= objects/prod --BUILDDIR ?= build/prod -+OBJDIR = objects/prod -+BUILDDIR = build/prod - STRIP = $(ST) -S - endif - endif -@@ -125,7 +127,7 @@ else - # any target that contains the string "linux" - ifeq ($(findstring linux,$(os)),linux) - CFLAGS_OS = -D_GNU_SOURCE -DHAVE_IPV6 -DNOT_HAVE_SA_LEN -DUSES_NETLINK -DHAVE_LINUX -DTARGET_OS_LINUX -ftabstop=4 --LD = $(CC) -+LD ?= $(CC) - SOOPTS = -shared - FLEXFLAGS_OS = -l - JAVACFLAGS_OS += -I$(JDK)/include/linux -@@ -276,8 +278,7 @@ Daemon: setup $(BUILDDIR)/mdnsd - @echo "Responder daemon done" - - $(BUILDDIR)/mdnsd: $(DAEMONOBJS) -- $(CC) -o $@ $+ $(LINKOPTS) -- $(STRIP) $@ -+ $(LD) -o $@ $+ - - # libdns_sd target builds the client library - libdns_sd: setup $(BUILDDIR)/libdns_sd.$(LDSUFFIX) -@@ -286,13 +287,9 @@ libdns_sd: setup $(BUILDDIR)/libdns_sd.$(LDSUFFIX) - CLIENTLIBOBJS = $(OBJDIR)/dnssd_clientlib.c.so.o $(OBJDIR)/dnssd_clientstub.c.so.o $(OBJDIR)/dnssd_ipc.c.so.o - - $(BUILDDIR)/libdns_sd.$(LDSUFFIX): $(CLIENTLIBOBJS) -- $(LD) $(SOOPTS) $(LINKOPTS) -o $@ $+ -- $(STRIP) $@ -- --Clients: setup libdns_sd ../Clients/build/dns-sd -- @echo "Clients done" -+ $(LD) -shared $(LINKOPTS) -Wl,-soname,libdns_sd.$(LDSUFFIX).1 -o $@ $+ - --../Clients/build/dns-sd: ../Clients/dns-sd.c -+Clients: setup libdns_sd - $(MAKE) -C ../Clients DEBUG=$(DEBUG) SUPMAKE_CFLAGS="$(MDNSCFLAGS)" - - # nss_mdns target builds the Name Service Switch module -@@ -300,8 +297,7 @@ nss_mdns: setup $(BUILDDIR)/$(NSSLIBFILE) - @echo "Name Service Switch module done" - - $(BUILDDIR)/$(NSSLIBFILE): $(CLIENTLIBOBJS) $(OBJDIR)/nss_mdns.c.so.o -- $(LD) $(SOOPTS) $(LINKOPTS) -o $@ $+ -- $(STRIP) $@ -+ $(LD) -shared $(LINKOPTS) -o $@ $+ - - ############################################################################# - -@@ -494,21 +490,21 @@ dnsextd: setup $(BUILDDIR)/dnsextd - @echo "dnsextd done" - - $(BUILDDIR)/mDNSClientPosix: $(APPOBJ) $(OBJDIR)/Client.c.o -- $(CC) $+ -o $@ $(LINKOPTS) -+ $(CC) $+ -o $@ - - $(BUILDDIR)/mDNSResponderPosix: $(COMMONOBJ) $(OBJDIR)/Responder.c.o -- $(CC) $+ -o $@ $(LINKOPTS) -+ $(CC) $+ -o $@ - - $(BUILDDIR)/mDNSProxyResponderPosix: $(COMMONOBJ) $(OBJDIR)/ProxyResponder.c.o -- $(CC) $+ -o $@ $(LINKOPTS) -+ $(CC) $+ -o $@ - - $(BUILDDIR)/mDNSNetMonitor: $(SPECIALOBJ) $(OBJDIR)/NetMonitor.c.o -- $(CC) $+ -o $@ $(LINKOPTS) -+ $(CC) $+ -o $@ - - $(OBJDIR)/NetMonitor.c.o: $(COREDIR)/mDNS.c # Note: NetMonitor.c textually imports mDNS.c - - $(BUILDDIR)/dnsextd: $(DNSEXTDOBJ) $(OBJDIR)/dnsextd.c.threadsafe.o -- $(CC) $+ -o $@ $(LINKOPTS) $(LINKOPTS_PTHREAD) -+ $(CC) $+ -o $@ $(LINKOPTS_PTHREAD) - - ############################################################################# - --- -2.20.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0003-Track-interface-socket-family.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0003-Track-interface-socket-family.patch deleted file mode 100644 index 8c0e6bf397..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0003-Track-interface-socket-family.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 71a7c728ae0d8143b66aa40decca74ebaa9aa2ce Mon Sep 17 00:00:00 2001 -From: Nate Karstens -Date: Wed, 28 Jun 2017 17:30:00 -0500 -Subject: [PATCH 03/11] Track interface socket family - -Tracks the socket family associated with the interface. - -Upstream-Status: Submitted [dts@apple.com] - -Signed-off-by: Nate Karstens ---- - mDNSPosix/mDNSPosix.c | 1 + - mDNSPosix/mDNSPosix.h | 2 ++ - 2 files changed, 3 insertions(+) - -diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c -index 5e5b2cd..8fe22be 100644 ---- a/mDNSPosix/mDNSPosix.c -+++ b/mDNSPosix/mDNSPosix.c -@@ -918,6 +918,7 @@ mDNSlocal int SetupOneInterface(mDNS *const m, struct sockaddr *intfAddr, struct - // Set up the extra fields in PosixNetworkInterface. - assert(intf->intfName != NULL); // intf->intfName already set up above - intf->index = intfIndex; -+ intf->sa_family = intfAddr->sa_family; - intf->multicastSocket4 = -1; - #if HAVE_IPV6 - intf->multicastSocket6 = -1; -diff --git a/mDNSPosix/mDNSPosix.h b/mDNSPosix/mDNSPosix.h -index ca60d80..f77c185 100644 ---- a/mDNSPosix/mDNSPosix.h -+++ b/mDNSPosix/mDNSPosix.h -@@ -19,6 +19,7 @@ - #define __mDNSPlatformPosix_h - - #include -+#include - #include - - #ifdef __cplusplus -@@ -40,6 +41,7 @@ struct PosixNetworkInterface - const char * intfName; - PosixNetworkInterface * aliasIntf; - int index; -+ sa_family_t sa_family; - int multicastSocket4; - #if HAVE_IPV6 - int multicastSocket6; --- -2.17.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0004-Use-list-for-changed-interfaces.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0004-Use-list-for-changed-interfaces.patch deleted file mode 100644 index db3a63ea48..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0004-Use-list-for-changed-interfaces.patch +++ /dev/null @@ -1,177 +0,0 @@ -From 798bfb5e984845a27874d1a244686db6e384d7b8 Mon Sep 17 00:00:00 2001 -From: Nate Karstens -Date: Thu, 13 Jul 2017 09:00:00 -0500 -Subject: [PATCH 04/11] Use list for changed interfaces - -Uses a linked list to store the index of changed network interfaces -instead of a bitfield. This allows for network interfaces with an -index greater than 31 (an index of 36 was seen on Android). - -Upstream-Status: Submitted [dts@apple.com] - -Signed-off-by: Nate Karstens ---- - mDNSPosix/mDNSPosix.c | 67 +++++++++++++++++++++++++++++++++---------- - 1 file changed, 52 insertions(+), 15 deletions(-) - -diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c -index 195d04b..bb883c1 100755 ---- a/mDNSPosix/mDNSPosix.c -+++ b/mDNSPosix/mDNSPosix.c -@@ -67,6 +67,14 @@ struct IfChangeRec - }; - typedef struct IfChangeRec IfChangeRec; - -+// Used to build a list of network interface indices -+struct NetworkInterfaceIndex -+{ -+ int if_index; -+ struct NetworkInterfaceIndex *Next; -+}; -+typedef struct NetworkInterfaceIndex NetworkInterfaceIndex; -+ - // Note that static data is initialized to zero in (modern) C. - static PosixEventSource *gEventSources; // linked list of PosixEventSource's - static sigset_t gEventSignalSet; // Signals which event loop listens for -@@ -1458,6 +1466,32 @@ mDNSlocal mStatus OpenIfNotifySocket(int *pFD) - return err; - } - -+mDNSlocal mDNSBool ListContainsInterfaceIndex(GenLinkedList *list, int if_index) -+{ -+ NetworkInterfaceIndex *item; -+ -+ for (item = (NetworkInterfaceIndex*)list->Head; item != NULL; item = item->Next) -+ { -+ if (if_index == item->if_index) return mDNStrue; -+ } -+ -+ return mDNSfalse; -+} -+ -+mDNSlocal void AddInterfaceIndexToList(GenLinkedList *list, int if_index) -+{ -+ NetworkInterfaceIndex *item; -+ -+ if (ListContainsInterfaceIndex(list, if_index)) return; -+ -+ item = malloc(sizeof *item); -+ if (item == NULL) return; -+ -+ item->if_index = if_index; -+ item->Next = NULL; -+ AddToTail(list, item); -+} -+ - #if MDNS_DEBUGMSGS - mDNSlocal void PrintNetLinkMsg(const struct nlmsghdr *pNLMsg) - { -@@ -1485,14 +1519,13 @@ mDNSlocal void PrintNetLinkMsg(const struct nlmsghdr *pNLMsg) - } - #endif - --mDNSlocal mDNSu32 ProcessRoutingNotification(int sd) -+mDNSlocal void ProcessRoutingNotification(int sd, GenLinkedList *changedInterfaces) - // Read through the messages on sd and if any indicate that any interface records should - // be torn down and rebuilt, return affected indices as a bitmask. Otherwise return 0. - { - ssize_t readCount; - char buff[4096]; - struct nlmsghdr *pNLMsg = (struct nlmsghdr*) buff; -- mDNSu32 result = 0; - - // The structure here is more complex than it really ought to be because, - // unfortunately, there's no good way to size a buffer in advance large -@@ -1528,9 +1561,9 @@ mDNSlocal mDNSu32 ProcessRoutingNotification(int sd) - - // Process the NetLink message - if (pNLMsg->nlmsg_type == RTM_GETLINK || pNLMsg->nlmsg_type == RTM_NEWLINK) -- result |= 1 << ((struct ifinfomsg*) NLMSG_DATA(pNLMsg))->ifi_index; -+ AddInterfaceIndexToList(changedInterfaces, ((struct ifinfomsg*) NLMSG_DATA(pNLMsg))->ifi_index); - else if (pNLMsg->nlmsg_type == RTM_DELADDR || pNLMsg->nlmsg_type == RTM_NEWADDR) -- result |= 1 << ((struct ifaddrmsg*) NLMSG_DATA(pNLMsg))->ifa_index; -+ AddInterfaceIndexToList(changedInterfaces, ((struct ifaddrmsg*) NLMSG_DATA(pNLMsg))->ifa_index); - - // Advance pNLMsg to the next message in the buffer - if ((pNLMsg->nlmsg_flags & NLM_F_MULTI) != 0 && pNLMsg->nlmsg_type != NLMSG_DONE) -@@ -1541,8 +1574,6 @@ mDNSlocal mDNSu32 ProcessRoutingNotification(int sd) - else - break; // all done! - } -- -- return result; - } - - #else // USES_NETLINK -@@ -1574,14 +1605,13 @@ mDNSlocal void PrintRoutingSocketMsg(const struct ifa_msghdr *pRSMsg) - } - #endif - --mDNSlocal mDNSu32 ProcessRoutingNotification(int sd) -+mDNSlocal void ProcessRoutingNotification(int sd, GenLinkedList *changedInterfaces) - // Read through the messages on sd and if any indicate that any interface records should - // be torn down and rebuilt, return affected indices as a bitmask. Otherwise return 0. - { - ssize_t readCount; - char buff[4096]; - struct ifa_msghdr *pRSMsg = (struct ifa_msghdr*) buff; -- mDNSu32 result = 0; - - readCount = read(sd, buff, sizeof buff); - if (readCount < (ssize_t) sizeof(struct ifa_msghdr)) -@@ -1596,12 +1626,10 @@ mDNSlocal mDNSu32 ProcessRoutingNotification(int sd) - pRSMsg->ifam_type == RTM_IFINFO) - { - if (pRSMsg->ifam_type == RTM_IFINFO) -- result |= 1 << ((struct if_msghdr*) pRSMsg)->ifm_index; -+ AddInterfaceIndexToList(changedInterfaces, ((struct if_msghdr*) pRSMsg)->ifm_index); - else -- result |= 1 << pRSMsg->ifam_index; -+ AddInterfaceIndexToList(changedInterfaces, pRSMsg->ifam_index); - } -- -- return result; - } - - #endif // USES_NETLINK -@@ -1611,7 +1639,8 @@ mDNSlocal void InterfaceChangeCallback(int fd, void *context) - { - IfChangeRec *pChgRec = (IfChangeRec*) context; - fd_set readFDs; -- mDNSu32 changedInterfaces = 0; -+ GenLinkedList changedInterfaces; -+ NetworkInterfaceIndex *changedInterface; - struct timeval zeroTimeout = { 0, 0 }; - - (void)fd; // Unused -@@ -1619,17 +1648,25 @@ mDNSlocal void InterfaceChangeCallback(int fd, void *context) - FD_ZERO(&readFDs); - FD_SET(pChgRec->NotifySD, &readFDs); - -+ InitLinkedList(&changedInterfaces, offsetof(NetworkInterfaceIndex, Next)); -+ - do - { -- changedInterfaces |= ProcessRoutingNotification(pChgRec->NotifySD); -+ ProcessRoutingNotification(pChgRec->NotifySD, &changedInterfaces); - } - while (0 < select(pChgRec->NotifySD + 1, &readFDs, (fd_set*) NULL, (fd_set*) NULL, &zeroTimeout)); - - // Currently we rebuild the entire interface list whenever any interface change is - // detected. If this ever proves to be a performance issue in a multi-homed - // configuration, more care should be paid to changedInterfaces. -- if (changedInterfaces) -+ if (changedInterfaces.Head != NULL) - mDNSPlatformPosixRefreshInterfaceList(pChgRec->mDNS); -+ -+ while ((changedInterface = (NetworkInterfaceIndex*)changedInterfaces.Head) != NULL) -+ { -+ RemoveFromList(&changedInterfaces, changedInterface); -+ free(changedInterface); -+ } - } - - // Register with either a Routing Socket or RtNetLink to listen for interface changes. --- -2.20.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0006-Remove-unneeded-function.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0006-Remove-unneeded-function.patch deleted file mode 100644 index b461a60df7..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0006-Remove-unneeded-function.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 157d67f152777754c059ced7511352102f23ffae Mon Sep 17 00:00:00 2001 -From: Nate Karstens -Date: Mon, 24 Jul 2017 09:39:18 -0500 -Subject: [PATCH 06/11] Remove unneeded function - -Removes a function we no longer need by integrating it into the only -function that calls it. This was originally separated so that we could -only process network interfaces that netlink indicated had been changed, -this has since been extended to test for all network intefaces. - -Upstream-Status: Submitted [dts@apple.com] - -Signed-off-by: Nate Karstens ---- - mDNSPosix/mDNSPosix.c | 13 ++----------- - 1 file changed, 2 insertions(+), 11 deletions(-) - -diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c -index 59a8b8c..3fc5451 100644 ---- a/mDNSPosix/mDNSPosix.c -+++ b/mDNSPosix/mDNSPosix.c -@@ -1079,24 +1079,15 @@ mDNSlocal mStatus OpenIfNotifySocket(int *pFD) - return err; - } - --mDNSlocal mDNSBool ListContainsInterfaceIndex(GenLinkedList *list, int if_index) -+mDNSlocal void AddInterfaceIndexToList(GenLinkedList *list, int if_index) - { - NetworkInterfaceIndex *item; - - for (item = (NetworkInterfaceIndex*)list->Head; item != NULL; item = item->Next) - { -- if (if_index == item->if_index) return mDNStrue; -+ if (if_index == item->if_index) return; - } - -- return mDNSfalse; --} -- --mDNSlocal void AddInterfaceIndexToList(GenLinkedList *list, int if_index) --{ -- NetworkInterfaceIndex *item; -- -- if (ListContainsInterfaceIndex(list, if_index)) return; -- - item = malloc(sizeof *item); - if (item == NULL) return; - --- -2.17.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0008-Mark-deleted-interfaces-as-being-changed.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0008-Mark-deleted-interfaces-as-being-changed.patch deleted file mode 100644 index fdc5105cb9..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0008-Mark-deleted-interfaces-as-being-changed.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0fcc0f210f3a9310a1963de640b384ce866410fd Mon Sep 17 00:00:00 2001 -From: Nate Karstens -Date: Wed, 9 Aug 2017 09:16:58 -0500 -Subject: [PATCH 08/11] Mark deleted interfaces as being changed - -Netlink notification handling ignores messages for deleted links, -RTM_DELLINK. It does handle RTM_GETLINK. According to libnl docu- -mentation (http://www.infradead.org/~tgr/libnl/doc/route.html) -RTM_DELLINK can be sent by the kernel, but RTM_GETLINK cannot. -There was likely a mixup in the original implementation, so this -change replaces handling for RTM_GETLINK with RTM_DELLINK. - -Testing and Verification Instructions: - 1. Use ip-link to add and remove a VLAN interface and verify - that mDNSResponder handles the deleted link. - -Upstream-Status: Submitted [dts@apple.com] - -Signed-off-by: Nate Karstens ---- - mDNSPosix/mDNSPosix.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c -index 798ab10..a8a57df 100644 ---- a/mDNSPosix/mDNSPosix.c -+++ b/mDNSPosix/mDNSPosix.c -@@ -1163,7 +1163,7 @@ mDNSlocal void ProcessRoutingNotification(int sd, GenLinkedList *change - #endif - - // Process the NetLink message -- if (pNLMsg->nlmsg_type == RTM_GETLINK || pNLMsg->nlmsg_type == RTM_NEWLINK) -+ if (pNLMsg->nlmsg_type == RTM_DELLINK || pNLMsg->nlmsg_type == RTM_NEWLINK) - AddInterfaceIndexToList(changedInterfaces, ((struct ifinfomsg*) NLMSG_DATA(pNLMsg))->ifi_index); - else if (pNLMsg->nlmsg_type == RTM_DELADDR || pNLMsg->nlmsg_type == RTM_NEWADDR) - AddInterfaceIndexToList(changedInterfaces, ((struct ifaddrmsg*) NLMSG_DATA(pNLMsg))->ifa_index); --- -2.17.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0009-Fix-possible-NULL-dereference.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0009-Fix-possible-NULL-dereference.patch deleted file mode 100644 index 362d69768e..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0009-Fix-possible-NULL-dereference.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 38cff19781f81586926b02f0fd1cb36c040395e0 Mon Sep 17 00:00:00 2001 -From: Nate Karstens -Date: Thu, 10 Aug 2017 08:21:53 -0500 -Subject: [PATCH 09/11] Fix possible NULL dereference - -Fixes a possible NULL dereference if memory for -the PosixNetworkInterface could not be allocated. -Other logic seems to prevent dereferencing this -variable if NULL, but this instance seems to have -been overlooked. - -Upstream-Status: Submitted [dts@apple.com] - -Signed-off-by: Nate Karstens ---- - mDNSPosix/mDNSPosix.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c -index a8a57df..3243ed4 100644 ---- a/mDNSPosix/mDNSPosix.c -+++ b/mDNSPosix/mDNSPosix.c -@@ -951,12 +951,15 @@ mDNSlocal int SetupOneInterface(mDNS *const m, struct ifi_info *const ifi) - - // If interface is a direct link, address record will be marked as kDNSRecordTypeKnownUnique - // and skip the probe phase of the probe/announce packet sequence. -- intf->coreIntf.DirectLink = mDNSfalse; -+ if (err == 0) -+ { -+ intf->coreIntf.DirectLink = mDNSfalse; - #ifdef DIRECTLINK_INTERFACE_NAME -- if (strcmp(intfName, STRINGIFY(DIRECTLINK_INTERFACE_NAME)) == 0) -- intf->coreIntf.DirectLink = mDNStrue; -+ if (strcmp(intfName, STRINGIFY(DIRECTLINK_INTERFACE_NAME)) == 0) -+ intf->coreIntf.DirectLink = mDNStrue; - #endif -- intf->coreIntf.SupportsUnicastMDNSResponse = mDNStrue; -+ intf->coreIntf.SupportsUnicastMDNSResponse = mDNStrue; -+ } - - // The interface is all ready to go, let's register it with the mDNS core. - if (err == 0) --- -2.17.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0010-Handle-errors-from-socket-calls.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0010-Handle-errors-from-socket-calls.patch deleted file mode 100644 index b9b0157276..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0010-Handle-errors-from-socket-calls.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 382b3b924e43abd1bdc5792918161d0922666691 Mon Sep 17 00:00:00 2001 -From: Nate Karstens -Date: Thu, 10 Aug 2017 08:27:32 -0500 -Subject: [PATCH 10/11] Handle errors from socket calls - -Adds handling for socket() or read() returning a -negative value (indicating an error has occurred). - -Upstream-Status: Submitted [dts@apple.com] - -Signed-off-by: Nate Karstens ---- - mDNSPosix/mDNSPosix.c | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c -index 3243ed4..84af26b 100644 ---- a/mDNSPosix/mDNSPosix.c -+++ b/mDNSPosix/mDNSPosix.c -@@ -1129,7 +1129,7 @@ mDNSlocal void ProcessRoutingNotification(int sd, GenLinkedList *change - // Read through the messages on sd and if any indicate that any interface records should - // be torn down and rebuilt, return affected indices as a bitmask. Otherwise return 0. - { -- ssize_t readCount; -+ ssize_t readVal, readCount; - char buff[4096]; - struct nlmsghdr *pNLMsg = (struct nlmsghdr*) buff; - -@@ -1138,7 +1138,10 @@ mDNSlocal void ProcessRoutingNotification(int sd, GenLinkedList *change - // enough to hold all pending data and so avoid message fragmentation. - // (Note that FIONREAD is not supported on AF_NETLINK.) - -- readCount = read(sd, buff, sizeof buff); -+ readVal = read(sd, buff, sizeof buff); -+ if (readVal < 0) return; -+ readCount = readVal; -+ - while (1) - { - // Make sure we've got an entire nlmsghdr in the buffer, and payload, too. -@@ -1154,7 +1157,9 @@ mDNSlocal void ProcessRoutingNotification(int sd, GenLinkedList *change - pNLMsg = (struct nlmsghdr*) buff; - - // read more data -- readCount += read(sd, buff + readCount, sizeof buff - readCount); -+ readVal = read(sd, buff + readCount, sizeof buff - readCount); -+ if (readVal < 0) return; -+ readCount += readVal; - continue; // spin around and revalidate with new readCount - } - else -@@ -1429,6 +1434,7 @@ mDNSlocal mDNSBool mDNSPlatformInit_CanReceiveUnicast(void) - int err; - int s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); - struct sockaddr_in s5353; -+ if (s < 0) return mDNSfalse; - s5353.sin_family = AF_INET; - s5353.sin_port = MulticastDNSPort.NotAnInteger; - s5353.sin_addr.s_addr = 0; --- -2.17.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch deleted file mode 100644 index d9adde04c2..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 9ff06108cd44e84ba6c68bfa6737e793f117e303 Mon Sep 17 00:00:00 2001 -From: Nate Karstens -Date: Thu, 10 Aug 2017 08:46:03 -0500 -Subject: [PATCH] Change a dynamic allocation to file-scope variable - -Changes a variable from being dynamically-allocated to being -statically-allocated at the file scope. Addresses a Coverity -issue where it appeared that the memory was being leaked. - -Upstream-Status: Submitted [dts@apple.com] - -Signed-off-by: Nate Karstens ---- - mDNSPosix/mDNSPosix.c | 14 ++++---------- - 1 file changed, 4 insertions(+), 10 deletions(-) - -diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c -index 7aeee7b..2d25016 100755 ---- a/mDNSPosix/mDNSPosix.c -+++ b/mDNSPosix/mDNSPosix.c -@@ -81,6 +81,7 @@ static sigset_t gEventSignalSet; // Signals which event loop list - static sigset_t gEventSignals; // Signals which were received while inside loop - - static PosixNetworkInterface *gRecentInterfaces; -+static IfChangeRec gChgRec; - - // *************************************************************************** - // Globals (for debugging) -@@ -1641,18 +1642,11 @@ mDNSlocal void InterfaceChangeCallback(int fd, void *context) - mDNSlocal mStatus WatchForInterfaceChange(mDNS *const m) - { - mStatus err; -- IfChangeRec *pChgRec; - -- pChgRec = (IfChangeRec*) mDNSPlatformMemAllocateClear(sizeof *pChgRec); -- if (pChgRec == NULL) -- return mStatus_NoMemoryErr; -- -- pChgRec->mDNS = m; -- err = OpenIfNotifySocket(&pChgRec->NotifySD); -+ gChgRec.mDNS = m; -+ err = OpenIfNotifySocket(&gChgRec.NotifySD); - if (err == 0) -- err = mDNSPosixAddFDToEventLoop(pChgRec->NotifySD, InterfaceChangeCallback, pChgRec); -- if (err) -- mDNSPlatformMemFree(pChgRec); -+ err = mDNSPosixAddFDToEventLoop(gChgRec.NotifySD, InterfaceChangeCallback, &gChgRec); - - return err; - } --- -2.20.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/mdns.service b/meta-openembedded/meta-networking/recipes-protocols/mdns/files/mdns.service deleted file mode 100644 index 531d142dcd..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/mdns.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Zero-configuration networking -After=network.target - -[Service] -Type=forking -ExecStartPre=/bin/rm -f /var/run/mdnsd.pid -ExecStart=/usr/sbin/mdnsd -ExecReload=/bin/kill -HUP $MAINPID -PIDFile=/var/run/mdnsd.pid -Restart=always -RestartSec=10s - -[Install] -WantedBy=multi-user.target diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-Create-subroutine-for-cleaning-recent-interfaces.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-Create-subroutine-for-cleaning-recent-interfaces.patch new file mode 100644 index 0000000000..f8efc10448 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-Create-subroutine-for-cleaning-recent-interfaces.patch @@ -0,0 +1,59 @@ +From 6d90f9fdaf008f5c3b8fd8d91594fa1461437888 Mon Sep 17 00:00:00 2001 +From: Nate Karstens +Date: Wed, 28 Jun 2017 17:30:00 -0500 +Subject: [PATCH] Create subroutine for cleaning recent interfaces + +Moves functionality for cleaning the list of recent +interfaces into its own subroutine. + +Upstream-Status: Submitted [dts@apple.com] + +Signed-off-by: Nate Karstens +--- + mDNSPosix/mDNSPosix.c | 23 ++++++++++++++--------- + 1 file changed, 14 insertions(+), 9 deletions(-) + +diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c +index a63cd19..7aeee7b 100755 +--- a/mDNSPosix/mDNSPosix.c ++++ b/mDNSPosix/mDNSPosix.c +@@ -1199,6 +1199,19 @@ mDNSlocal int SetupSocket(struct sockaddr *intfAddr, mDNSIPPort port, int interf + return err; + } + ++// Clean up any interfaces that have been hanging around on the RecentInterfaces list for more than a minute ++mDNSlocal void CleanRecentInterfaces(void) ++{ ++ PosixNetworkInterface **ri = &gRecentInterfaces; ++ const mDNSs32 utc = mDNSPlatformUTC(); ++ while (*ri) ++ { ++ PosixNetworkInterface *pi = *ri; ++ if (utc - pi->LastSeen < 60) ri = (PosixNetworkInterface **)&pi->coreIntf.next; ++ else { *ri = (PosixNetworkInterface *)pi->coreIntf.next; free(pi); } ++ } ++} ++ + // Creates a PosixNetworkInterface for the interface whose IP address is + // intfAddr and whose name is intfName and registers it with mDNS core. + mDNSlocal int SetupOneInterface(mDNS *const m, struct sockaddr *intfAddr, struct sockaddr *intfMask, const char *intfName, int intfIndex) +@@ -1388,15 +1401,7 @@ mDNSlocal int SetupInterfaceList(mDNS *const m) + // Clean up. + if (intfList != NULL) freeifaddrs(intfList); + +- // Clean up any interfaces that have been hanging around on the RecentInterfaces list for more than a minute +- PosixNetworkInterface **ri = &gRecentInterfaces; +- const mDNSs32 utc = mDNSPlatformUTC(); +- while (*ri) +- { +- PosixNetworkInterface *pi = *ri; +- if (utc - pi->LastSeen < 60) ri = (PosixNetworkInterface **)&pi->coreIntf.next; +- else { *ri = (PosixNetworkInterface *)pi->coreIntf.next; free(pi); } +- } ++ CleanRecentInterfaces(); + + return err; + } +-- +2.20.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-dns-sd-Include-missing-headers.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-dns-sd-Include-missing-headers.patch new file mode 100644 index 0000000000..c743b3eddb --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-dns-sd-Include-missing-headers.patch @@ -0,0 +1,41 @@ +From ea442b57f7a9bcd41d5b5bd1cafde4dbe5685d41 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Thu, 4 Nov 2021 07:31:32 -0700 +Subject: [PATCH] dns-sd: Include missing headers + +Fixes build on Musl + +Upstream-Status: Pending +Signed-off-by: Khem Raj +--- + Clients/dns-sd.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/Clients/dns-sd.c ++++ b/Clients/dns-sd.c +@@ -58,11 +58,13 @@ + //#define TEST_NEW_CLIENTSTUB 1 + + #include ++#include // For va_args + #include // For stdout, stderr + #include // For exit() + #include // For strlen(), strcpy() + #include // For errno, EINTR + #include ++#include // For MIN + #include // For u_char + #ifdef APPLE_OSX_mDNSResponder + #include // For PRId64 +--- a/mDNSPosix/nss_mdns.c ++++ b/mDNSPosix/nss_mdns.c +@@ -89,6 +89,9 @@ + + #include + ++#if !defined(NETDB_INTERNAL) ++# define NETDB_INTERNAL (-1) ++#endif + + //---------- + // Public functions diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-mdns-include-stddef.h-for-NULL.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-mdns-include-stddef.h-for-NULL.patch new file mode 100644 index 0000000000..c57ce8fa53 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-mdns-include-stddef.h-for-NULL.patch @@ -0,0 +1,40 @@ +From d744609c56f9872e5aa71707f1f71feec9867f51 Mon Sep 17 00:00:00 2001 +From: Mikko Rapeli +Date: Tue, 14 Jul 2020 16:36:29 +0000 +Subject: [PATCH 1/2] mdns: include for NULL + +Fixes build error with version 1096.40.7: + +../mDNSCore/mDNS.c:11385:26: error: 'NULL' undeclared (first use in this function) +11385 | const char *reason = NULL; + | ^~~~ +../mDNSCore/mDNS.c:56:1: note: 'NULL' is defined in header ''; did you forget to '#include '? + 55 | #include "dns_sd_internal.h" + +++ |+#include + 56 | +../mDNSCore/mDNS.c:11385:26: note: each undeclared identifier is reported only once for each function it appears in +11385 | const char *reason = NULL; + | ^~~~ + +Upstream-Status: Pending + +Signed-off-by: Mikko Rapeli +--- + mDNSCore/mDNS.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/mDNSCore/mDNS.c b/mDNSCore/mDNS.c +index 2fbea04..d4b9af5 100755 +--- a/mDNSCore/mDNS.c ++++ b/mDNSCore/mDNS.c +@@ -23,6 +23,7 @@ + * routines, or types (which may or may not be present on any given platform). + */ + ++#include /* for NULL */ + #include "DNSCommon.h" // Defines general DNS utility routines + #include "uDNS.h" // Defines entry points into unicast-specific routines + +-- +2.20.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-Create-subroutine-for-tearing-down-an-interface.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-Create-subroutine-for-tearing-down-an-interface.patch new file mode 100644 index 0000000000..21ba318499 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-Create-subroutine-for-tearing-down-an-interface.patch @@ -0,0 +1,58 @@ +From a2148df99ddcd122247f95c4cbcce5c4118581a1 Mon Sep 17 00:00:00 2001 +From: Nate Karstens +Date: Wed, 28 Jun 2017 17:30:00 -0500 +Subject: [PATCH 02/11] Create subroutine for tearing down an interface + +Creates a subroutine for tearing down an interface. + +Upstream-Status: Submitted [dts@apple.com] + +Signed-off-by: Nate Karstens +--- + mDNSPosix/mDNSPosix.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c +index ffc9696..5e5b2cd 100644 +--- a/mDNSPosix/mDNSPosix.c ++++ b/mDNSPosix/mDNSPosix.c +@@ -591,6 +591,19 @@ mDNSlocal void FreePosixNetworkInterface(PosixNetworkInterface *intf) + gRecentInterfaces = intf; + } + ++mDNSlocal void TearDownInterface(mDNS *const m, PosixNetworkInterface *intf) ++{ ++ mDNS_DeregisterInterface(m, &intf->coreIntf, NormalActivation); ++ if (gMDNSPlatformPosixVerboseLevel > 0) fprintf(stderr, "Deregistered interface %s\n", intf->intfName); ++ FreePosixNetworkInterface(intf); ++ ++ num_registered_interfaces--; ++ if (num_registered_interfaces == 0) { ++ num_pkts_accepted = 0; ++ num_pkts_rejected = 0; ++ } ++} ++ + // Grab the first interface, deregister it, free it, and repeat until done. + mDNSlocal void ClearInterfaceList(mDNS *const m) + { +@@ -599,13 +612,10 @@ mDNSlocal void ClearInterfaceList(mDNS *const m) + while (m->HostInterfaces) + { + PosixNetworkInterface *intf = (PosixNetworkInterface*)(m->HostInterfaces); +- mDNS_DeregisterInterface(m, &intf->coreIntf, NormalActivation); +- if (gMDNSPlatformPosixVerboseLevel > 0) fprintf(stderr, "Deregistered interface %s\n", intf->intfName); +- FreePosixNetworkInterface(intf); ++ TearDownInterface(m, intf); + } +- num_registered_interfaces = 0; +- num_pkts_accepted = 0; +- num_pkts_rejected = 0; ++ ++ assert(num_registered_interfaces == 0); + } + + // Sets up a send/receive socket. +-- +2.17.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-mdns-cross-compilation-fixes-for-bitbake.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-mdns-cross-compilation-fixes-for-bitbake.patch new file mode 100644 index 0000000000..33590ffc57 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-mdns-cross-compilation-fixes-for-bitbake.patch @@ -0,0 +1,145 @@ +From 72405143f9d16514e70b88bc4843c9634b88036a Mon Sep 17 00:00:00 2001 +From: Brendan Le Foll +Date: Tue, 3 Mar 2015 11:42:57 +0000 +Subject: [PATCH 2/2] mdns: cross compilation fixes for bitbake + +Fixes several build errors when incorrect compiler or +compiler flags are used. + +Upstream-Status: Inappropriate [OE-specific] + +Signed-off-by: Paul Eggleton +Signed-off-by: Mikko Rapeli +--- + mDNSPosix/Makefile | 44 ++++++++++++++++++++------------------------ + 1 file changed, 20 insertions(+), 24 deletions(-) + +diff --git a/mDNSPosix/Makefile b/mDNSPosix/Makefile +index 78222e0..18a3af5 100755 +--- a/mDNSPosix/Makefile ++++ b/mDNSPosix/Makefile +@@ -50,6 +50,7 @@ + + LIBVERS = 1 + ++POSIXDIR = ../mDNSPosix + COREDIR = ../mDNSCore + SHAREDDIR ?= ../mDNSShared + DSODIR ?= ../DSO +@@ -62,16 +63,16 @@ else ifeq ($(SYSTEM), Linux) + os=linux + endif + +-CC = cc +-BISON = bison +-FLEX = flex +-ST = strip +-LD = ld ++CC ?= cc ++BISON ?= bison ++FLEX ?= flex ++ST ?= strip ++LD ?= ld + SOOPTS = -shared + CP = cp + RM = rm + LN = ln -s -f +-CFLAGS_COMMON = -I$(COREDIR) -I$(SHAREDDIR) -I$(DSODIR) -I$(PROXYDIR) -I$(OBJDIR) -fwrapv -W -Wall -DPID_FILE=\"/var/run/mdnsd.pid\" -DMDNS_UDS_SERVERPATH=\"/var/run/mdnsd\" ++CFLAGS_COMMON = -I$(POSIXDIR) -I$(COREDIR) -I$(SHAREDDIR) -I$(DSODIR) -I$(PROXYDIR) -I$(OBJDIR) -fwrapv -W -Wall -DPID_FILE=\"/var/run/mdnsd.pid\" -DMDNS_UDS_SERVERPATH=\"/var/run/mdnsd\" + CFLAGS_PTHREAD = + LINKOPTS = + LINKOPTS_PTHREAD = -lpthread +@@ -85,6 +86,7 @@ CFLAGS_OPEN_SOURCE= + endif + + # Set up diverging paths for debug vs. prod builds ++DEBUG ?= 1 + ifeq "$(DEBUG)" "1" + CFLAGS_DEBUGGING = -g -DMDNS_DEBUGMSGS=2 + OBJDIR = objects/debug +@@ -101,8 +103,8 @@ else + # 1. We want to make small binaries, suitable for putting into hardware devices + # 2. Some of the code analysis warnings only work when some form of optimization is enabled + CFLAGS_DEBUGGING = -g -DMDNS_DEBUGMSGS=0 +-OBJDIR ?= objects/prod +-BUILDDIR ?= build/prod ++OBJDIR = objects/prod ++BUILDDIR = build/prod + STRIP = $(ST) -S + endif + endif +@@ -125,7 +127,7 @@ else + # any target that contains the string "linux" + ifeq ($(findstring linux,$(os)),linux) + CFLAGS_OS = -D_GNU_SOURCE -DHAVE_IPV6 -DNOT_HAVE_SA_LEN -DUSES_NETLINK -DHAVE_LINUX -DTARGET_OS_LINUX -ftabstop=4 +-LD = $(CC) ++LD ?= $(CC) + SOOPTS = -shared + FLEXFLAGS_OS = -l + JAVACFLAGS_OS += -I$(JDK)/include/linux +@@ -276,8 +278,7 @@ Daemon: setup $(BUILDDIR)/mdnsd + @echo "Responder daemon done" + + $(BUILDDIR)/mdnsd: $(DAEMONOBJS) +- $(CC) -o $@ $+ $(LINKOPTS) +- $(STRIP) $@ ++ $(LD) -o $@ $+ + + # libdns_sd target builds the client library + libdns_sd: setup $(BUILDDIR)/libdns_sd.$(LDSUFFIX) +@@ -286,13 +287,9 @@ libdns_sd: setup $(BUILDDIR)/libdns_sd.$(LDSUFFIX) + CLIENTLIBOBJS = $(OBJDIR)/dnssd_clientlib.c.so.o $(OBJDIR)/dnssd_clientstub.c.so.o $(OBJDIR)/dnssd_ipc.c.so.o + + $(BUILDDIR)/libdns_sd.$(LDSUFFIX): $(CLIENTLIBOBJS) +- $(LD) $(SOOPTS) $(LINKOPTS) -o $@ $+ +- $(STRIP) $@ +- +-Clients: setup libdns_sd ../Clients/build/dns-sd +- @echo "Clients done" ++ $(LD) -shared $(LINKOPTS) -Wl,-soname,libdns_sd.$(LDSUFFIX).1 -o $@ $+ + +-../Clients/build/dns-sd: ../Clients/dns-sd.c ++Clients: setup libdns_sd + $(MAKE) -C ../Clients DEBUG=$(DEBUG) SUPMAKE_CFLAGS="$(MDNSCFLAGS)" + + # nss_mdns target builds the Name Service Switch module +@@ -300,8 +297,7 @@ nss_mdns: setup $(BUILDDIR)/$(NSSLIBFILE) + @echo "Name Service Switch module done" + + $(BUILDDIR)/$(NSSLIBFILE): $(CLIENTLIBOBJS) $(OBJDIR)/nss_mdns.c.so.o +- $(LD) $(SOOPTS) $(LINKOPTS) -o $@ $+ +- $(STRIP) $@ ++ $(LD) -shared $(LINKOPTS) -o $@ $+ + + ############################################################################# + +@@ -494,21 +490,21 @@ dnsextd: setup $(BUILDDIR)/dnsextd + @echo "dnsextd done" + + $(BUILDDIR)/mDNSClientPosix: $(APPOBJ) $(OBJDIR)/Client.c.o +- $(CC) $+ -o $@ $(LINKOPTS) ++ $(CC) $+ -o $@ + + $(BUILDDIR)/mDNSResponderPosix: $(COMMONOBJ) $(OBJDIR)/Responder.c.o +- $(CC) $+ -o $@ $(LINKOPTS) ++ $(CC) $+ -o $@ + + $(BUILDDIR)/mDNSProxyResponderPosix: $(COMMONOBJ) $(OBJDIR)/ProxyResponder.c.o +- $(CC) $+ -o $@ $(LINKOPTS) ++ $(CC) $+ -o $@ + + $(BUILDDIR)/mDNSNetMonitor: $(SPECIALOBJ) $(OBJDIR)/NetMonitor.c.o +- $(CC) $+ -o $@ $(LINKOPTS) ++ $(CC) $+ -o $@ + + $(OBJDIR)/NetMonitor.c.o: $(COREDIR)/mDNS.c # Note: NetMonitor.c textually imports mDNS.c + + $(BUILDDIR)/dnsextd: $(DNSEXTDOBJ) $(OBJDIR)/dnsextd.c.threadsafe.o +- $(CC) $+ -o $@ $(LINKOPTS) $(LINKOPTS_PTHREAD) ++ $(CC) $+ -o $@ $(LINKOPTS_PTHREAD) + + ############################################################################# + +-- +2.20.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0003-Track-interface-socket-family.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0003-Track-interface-socket-family.patch new file mode 100644 index 0000000000..8c0e6bf397 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0003-Track-interface-socket-family.patch @@ -0,0 +1,50 @@ +From 71a7c728ae0d8143b66aa40decca74ebaa9aa2ce Mon Sep 17 00:00:00 2001 +From: Nate Karstens +Date: Wed, 28 Jun 2017 17:30:00 -0500 +Subject: [PATCH 03/11] Track interface socket family + +Tracks the socket family associated with the interface. + +Upstream-Status: Submitted [dts@apple.com] + +Signed-off-by: Nate Karstens +--- + mDNSPosix/mDNSPosix.c | 1 + + mDNSPosix/mDNSPosix.h | 2 ++ + 2 files changed, 3 insertions(+) + +diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c +index 5e5b2cd..8fe22be 100644 +--- a/mDNSPosix/mDNSPosix.c ++++ b/mDNSPosix/mDNSPosix.c +@@ -918,6 +918,7 @@ mDNSlocal int SetupOneInterface(mDNS *const m, struct sockaddr *intfAddr, struct + // Set up the extra fields in PosixNetworkInterface. + assert(intf->intfName != NULL); // intf->intfName already set up above + intf->index = intfIndex; ++ intf->sa_family = intfAddr->sa_family; + intf->multicastSocket4 = -1; + #if HAVE_IPV6 + intf->multicastSocket6 = -1; +diff --git a/mDNSPosix/mDNSPosix.h b/mDNSPosix/mDNSPosix.h +index ca60d80..f77c185 100644 +--- a/mDNSPosix/mDNSPosix.h ++++ b/mDNSPosix/mDNSPosix.h +@@ -19,6 +19,7 @@ + #define __mDNSPlatformPosix_h + + #include ++#include + #include + + #ifdef __cplusplus +@@ -40,6 +41,7 @@ struct PosixNetworkInterface + const char * intfName; + PosixNetworkInterface * aliasIntf; + int index; ++ sa_family_t sa_family; + int multicastSocket4; + #if HAVE_IPV6 + int multicastSocket6; +-- +2.17.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0004-Use-list-for-changed-interfaces.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0004-Use-list-for-changed-interfaces.patch new file mode 100644 index 0000000000..db3a63ea48 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0004-Use-list-for-changed-interfaces.patch @@ -0,0 +1,177 @@ +From 798bfb5e984845a27874d1a244686db6e384d7b8 Mon Sep 17 00:00:00 2001 +From: Nate Karstens +Date: Thu, 13 Jul 2017 09:00:00 -0500 +Subject: [PATCH 04/11] Use list for changed interfaces + +Uses a linked list to store the index of changed network interfaces +instead of a bitfield. This allows for network interfaces with an +index greater than 31 (an index of 36 was seen on Android). + +Upstream-Status: Submitted [dts@apple.com] + +Signed-off-by: Nate Karstens +--- + mDNSPosix/mDNSPosix.c | 67 +++++++++++++++++++++++++++++++++---------- + 1 file changed, 52 insertions(+), 15 deletions(-) + +diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c +index 195d04b..bb883c1 100755 +--- a/mDNSPosix/mDNSPosix.c ++++ b/mDNSPosix/mDNSPosix.c +@@ -67,6 +67,14 @@ struct IfChangeRec + }; + typedef struct IfChangeRec IfChangeRec; + ++// Used to build a list of network interface indices ++struct NetworkInterfaceIndex ++{ ++ int if_index; ++ struct NetworkInterfaceIndex *Next; ++}; ++typedef struct NetworkInterfaceIndex NetworkInterfaceIndex; ++ + // Note that static data is initialized to zero in (modern) C. + static PosixEventSource *gEventSources; // linked list of PosixEventSource's + static sigset_t gEventSignalSet; // Signals which event loop listens for +@@ -1458,6 +1466,32 @@ mDNSlocal mStatus OpenIfNotifySocket(int *pFD) + return err; + } + ++mDNSlocal mDNSBool ListContainsInterfaceIndex(GenLinkedList *list, int if_index) ++{ ++ NetworkInterfaceIndex *item; ++ ++ for (item = (NetworkInterfaceIndex*)list->Head; item != NULL; item = item->Next) ++ { ++ if (if_index == item->if_index) return mDNStrue; ++ } ++ ++ return mDNSfalse; ++} ++ ++mDNSlocal void AddInterfaceIndexToList(GenLinkedList *list, int if_index) ++{ ++ NetworkInterfaceIndex *item; ++ ++ if (ListContainsInterfaceIndex(list, if_index)) return; ++ ++ item = malloc(sizeof *item); ++ if (item == NULL) return; ++ ++ item->if_index = if_index; ++ item->Next = NULL; ++ AddToTail(list, item); ++} ++ + #if MDNS_DEBUGMSGS + mDNSlocal void PrintNetLinkMsg(const struct nlmsghdr *pNLMsg) + { +@@ -1485,14 +1519,13 @@ mDNSlocal void PrintNetLinkMsg(const struct nlmsghdr *pNLMsg) + } + #endif + +-mDNSlocal mDNSu32 ProcessRoutingNotification(int sd) ++mDNSlocal void ProcessRoutingNotification(int sd, GenLinkedList *changedInterfaces) + // Read through the messages on sd and if any indicate that any interface records should + // be torn down and rebuilt, return affected indices as a bitmask. Otherwise return 0. + { + ssize_t readCount; + char buff[4096]; + struct nlmsghdr *pNLMsg = (struct nlmsghdr*) buff; +- mDNSu32 result = 0; + + // The structure here is more complex than it really ought to be because, + // unfortunately, there's no good way to size a buffer in advance large +@@ -1528,9 +1561,9 @@ mDNSlocal mDNSu32 ProcessRoutingNotification(int sd) + + // Process the NetLink message + if (pNLMsg->nlmsg_type == RTM_GETLINK || pNLMsg->nlmsg_type == RTM_NEWLINK) +- result |= 1 << ((struct ifinfomsg*) NLMSG_DATA(pNLMsg))->ifi_index; ++ AddInterfaceIndexToList(changedInterfaces, ((struct ifinfomsg*) NLMSG_DATA(pNLMsg))->ifi_index); + else if (pNLMsg->nlmsg_type == RTM_DELADDR || pNLMsg->nlmsg_type == RTM_NEWADDR) +- result |= 1 << ((struct ifaddrmsg*) NLMSG_DATA(pNLMsg))->ifa_index; ++ AddInterfaceIndexToList(changedInterfaces, ((struct ifaddrmsg*) NLMSG_DATA(pNLMsg))->ifa_index); + + // Advance pNLMsg to the next message in the buffer + if ((pNLMsg->nlmsg_flags & NLM_F_MULTI) != 0 && pNLMsg->nlmsg_type != NLMSG_DONE) +@@ -1541,8 +1574,6 @@ mDNSlocal mDNSu32 ProcessRoutingNotification(int sd) + else + break; // all done! + } +- +- return result; + } + + #else // USES_NETLINK +@@ -1574,14 +1605,13 @@ mDNSlocal void PrintRoutingSocketMsg(const struct ifa_msghdr *pRSMsg) + } + #endif + +-mDNSlocal mDNSu32 ProcessRoutingNotification(int sd) ++mDNSlocal void ProcessRoutingNotification(int sd, GenLinkedList *changedInterfaces) + // Read through the messages on sd and if any indicate that any interface records should + // be torn down and rebuilt, return affected indices as a bitmask. Otherwise return 0. + { + ssize_t readCount; + char buff[4096]; + struct ifa_msghdr *pRSMsg = (struct ifa_msghdr*) buff; +- mDNSu32 result = 0; + + readCount = read(sd, buff, sizeof buff); + if (readCount < (ssize_t) sizeof(struct ifa_msghdr)) +@@ -1596,12 +1626,10 @@ mDNSlocal mDNSu32 ProcessRoutingNotification(int sd) + pRSMsg->ifam_type == RTM_IFINFO) + { + if (pRSMsg->ifam_type == RTM_IFINFO) +- result |= 1 << ((struct if_msghdr*) pRSMsg)->ifm_index; ++ AddInterfaceIndexToList(changedInterfaces, ((struct if_msghdr*) pRSMsg)->ifm_index); + else +- result |= 1 << pRSMsg->ifam_index; ++ AddInterfaceIndexToList(changedInterfaces, pRSMsg->ifam_index); + } +- +- return result; + } + + #endif // USES_NETLINK +@@ -1611,7 +1639,8 @@ mDNSlocal void InterfaceChangeCallback(int fd, void *context) + { + IfChangeRec *pChgRec = (IfChangeRec*) context; + fd_set readFDs; +- mDNSu32 changedInterfaces = 0; ++ GenLinkedList changedInterfaces; ++ NetworkInterfaceIndex *changedInterface; + struct timeval zeroTimeout = { 0, 0 }; + + (void)fd; // Unused +@@ -1619,17 +1648,25 @@ mDNSlocal void InterfaceChangeCallback(int fd, void *context) + FD_ZERO(&readFDs); + FD_SET(pChgRec->NotifySD, &readFDs); + ++ InitLinkedList(&changedInterfaces, offsetof(NetworkInterfaceIndex, Next)); ++ + do + { +- changedInterfaces |= ProcessRoutingNotification(pChgRec->NotifySD); ++ ProcessRoutingNotification(pChgRec->NotifySD, &changedInterfaces); + } + while (0 < select(pChgRec->NotifySD + 1, &readFDs, (fd_set*) NULL, (fd_set*) NULL, &zeroTimeout)); + + // Currently we rebuild the entire interface list whenever any interface change is + // detected. If this ever proves to be a performance issue in a multi-homed + // configuration, more care should be paid to changedInterfaces. +- if (changedInterfaces) ++ if (changedInterfaces.Head != NULL) + mDNSPlatformPosixRefreshInterfaceList(pChgRec->mDNS); ++ ++ while ((changedInterface = (NetworkInterfaceIndex*)changedInterfaces.Head) != NULL) ++ { ++ RemoveFromList(&changedInterfaces, changedInterface); ++ free(changedInterface); ++ } + } + + // Register with either a Routing Socket or RtNetLink to listen for interface changes. +-- +2.20.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-Remove-unneeded-function.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-Remove-unneeded-function.patch new file mode 100644 index 0000000000..b461a60df7 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-Remove-unneeded-function.patch @@ -0,0 +1,51 @@ +From 157d67f152777754c059ced7511352102f23ffae Mon Sep 17 00:00:00 2001 +From: Nate Karstens +Date: Mon, 24 Jul 2017 09:39:18 -0500 +Subject: [PATCH 06/11] Remove unneeded function + +Removes a function we no longer need by integrating it into the only +function that calls it. This was originally separated so that we could +only process network interfaces that netlink indicated had been changed, +this has since been extended to test for all network intefaces. + +Upstream-Status: Submitted [dts@apple.com] + +Signed-off-by: Nate Karstens +--- + mDNSPosix/mDNSPosix.c | 13 ++----------- + 1 file changed, 2 insertions(+), 11 deletions(-) + +diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c +index 59a8b8c..3fc5451 100644 +--- a/mDNSPosix/mDNSPosix.c ++++ b/mDNSPosix/mDNSPosix.c +@@ -1079,24 +1079,15 @@ mDNSlocal mStatus OpenIfNotifySocket(int *pFD) + return err; + } + +-mDNSlocal mDNSBool ListContainsInterfaceIndex(GenLinkedList *list, int if_index) ++mDNSlocal void AddInterfaceIndexToList(GenLinkedList *list, int if_index) + { + NetworkInterfaceIndex *item; + + for (item = (NetworkInterfaceIndex*)list->Head; item != NULL; item = item->Next) + { +- if (if_index == item->if_index) return mDNStrue; ++ if (if_index == item->if_index) return; + } + +- return mDNSfalse; +-} +- +-mDNSlocal void AddInterfaceIndexToList(GenLinkedList *list, int if_index) +-{ +- NetworkInterfaceIndex *item; +- +- if (ListContainsInterfaceIndex(list, if_index)) return; +- + item = malloc(sizeof *item); + if (item == NULL) return; + +-- +2.17.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch new file mode 100644 index 0000000000..b7d9ad5bba --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch @@ -0,0 +1,175 @@ +From 177abf68e5ac5f82c6261af63528f8b6160bca0f Mon Sep 17 00:00:00 2001 +From: Alex Kiernan +Date: Tue, 6 Dec 2022 13:28:31 +0000 +Subject: [PATCH] make: Add top-level Makefile + +Simple top level Makefile that just delegates to mDNSPosix. + +Upstream-Status: Inappropriate [oe-specific] +Signed-off-by: Alex Kiernan +--- + Makefile | 154 +------------------------------------------------------ + 1 file changed, 2 insertions(+), 152 deletions(-) + +diff --git a/Makefile b/Makefile +index 8b6fa77..feb6ac6 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,152 +1,2 @@ +-# +-# Copyright (c) 2003-2018 Apple Inc. All rights reserved. +-# +-# Top level makefile for Build & Integration (B&I). +-# +-# This file is used to facilitate checking the mDNSResponder project directly from git and submitting to B&I at Apple. +-# +-# The various platform directories contain makefiles or projects specific to that platform. +-# +-# B&I builds must respect the following target: +-# install: +-# installsrc: +-# installhdrs: +-# installapi: +-# clean: +-# +- +-include $(MAKEFILEPATH)/pb_makefiles/platform.make +- +-MVERS = "mDNSResponder-1310.140.1" +- +-VER = +-ifneq ($(strip $(GCC_VERSION)),) +- VER = -- GCC_VERSION=$(GCC_VERSION) +-endif +-echo "VER = $(VER)" +- +-projectdir := $(SRCROOT)/mDNSMacOSX +-buildsettings := OBJROOT=$(OBJROOT) SYMROOT=$(SYMROOT) DSTROOT=$(DSTROOT) MVERS=$(MVERS) SDKROOT=$(SDKROOT) +- +-.PHONY: install installSome installEmpty installExtras SystemLibraries installhdrs installapi installsrc java clean +- +-# Sanitizer support +-# Disable Sanitizer instrumentation in LibSystem contributors. See rdar://problem/29952210. +-UNSUPPORTED_SANITIZER_PROJECTS := mDNSResponderSystemLibraries mDNSResponderSystemLibraries_Sim +-PROJECT_SUPPORTS_SANITIZERS := 1 +-ifneq ($(words $(filter $(UNSUPPORTED_SANITIZER_PROJECTS), $(RC_ProjectName))), 0) +- PROJECT_SUPPORTS_SANITIZERS := 0 +-endif +-ifeq ($(RC_ENABLE_ADDRESS_SANITIZATION),1) +- ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1) +- $(info Enabling Address Sanitizer) +- buildsettings += -enableAddressSanitizer YES +- else +- $(warning WARNING: Address Sanitizer not supported for project $(RC_ProjectName)) +- endif +-endif +-ifeq ($(RC_ENABLE_THREAD_SANITIZATION),1) +- ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1) +- $(info Enabling Thread Sanitizer) +- buildsettings += -enableThreadSanitizer YES +- else +- $(warning WARNING: Thread Sanitizer not supported for project $(RC_ProjectName)) +- endif +-endif +-ifeq ($(RC_ENABLE_UNDEFINED_BEHAVIOR_SANITIZATION),1) +- ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1) +- $(info Enabling Undefined Behavior Sanitizer) +- buildsettings += -enableUndefinedBehaviorSanitizer YES +- else +- $(warning WARNING: Undefined Behavior Sanitizer not supported for project $(RC_ProjectName)) +- endif +-endif +- +-# B&I install build targets +-# +-# For the mDNSResponder build alias, the make target used by B&I depends on the platform: +-# +-# Platform Make Target +-# -------- ----------- +-# osx install +-# ios installSome +-# atv installSome +-# watch installSome +-# +-# For the mDNSResponderSystemLibraries and mDNSResponderSystemLibraries_sim build aliases, B&I uses the SystemLibraries +-# target for all platforms. +- +-install: +-ifeq ($(RC_ProjectName), mDNSResponderServices) +-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx) +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Services-macOS' $(VER) +-else +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Services' $(VER) +-endif +-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim) +- mkdir -p $(DSTROOT)/AppleInternal +-else +- cd '$(projectdir)'; xcodebuild install $(buildsettings) $(VER) +-endif +- +-installSome: +- cd '$(projectdir)'; xcodebuild install $(buildsettings) $(VER) +- +-installEmpty: +- mkdir -p $(DSTROOT)/AppleInternal +- +-installExtras: +-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx) +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-macOS' $(VER) +-else ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), ios) +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-iOS' $(VER) +-else ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), atv) +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-tvOS' $(VER) +-else +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras' $(VER) +-endif +- +-SystemLibraries: +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target SystemLibraries $(VER) +- +-# B&I installhdrs build targets +- +-installhdrs:: +-ifeq ($(RC_ProjectName), mDNSResponderServices) +-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx) +- cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target 'Build Services-macOS' $(VER) +-else +- cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target 'Build Services' $(VER) +-endif +-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim) +- mkdir -p $(DSTROOT)/AppleInternal +-else ifneq ($(findstring SystemLibraries,$(RC_ProjectName)),) +- cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target SystemLibraries $(VER) +-endif +- +-# B&I installapi build targets +- +-installapi: +-ifeq ($(RC_ProjectName), mDNSResponderServices) +-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx) +- cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target 'Build Services-macOS' $(VER) +-else +- cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target 'Build Services' $(VER) +-endif +-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim) +- mkdir -p $(DSTROOT)/AppleInternal +-else ifneq ($(findstring SystemLibraries,$(RC_ProjectName)),) +- cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target SystemLibrariesDynamic $(VER) +-endif +- +-# Misc. targets +- +-installsrc: +- ditto . '$(SRCROOT)' +- rm -rf '$(SRCROOT)/mDNSWindows' '$(SRCROOT)/Clients/FirefoxExtension' +- +-java: +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target libjdns_sd.jnilib $(VER) +- +-clean:: +- echo clean ++all clean: ++ cd mDNSPosix && $(MAKE) $@ +-- +2.38.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0008-Mark-deleted-interfaces-as-being-changed.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0008-Mark-deleted-interfaces-as-being-changed.patch new file mode 100644 index 0000000000..fdc5105cb9 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0008-Mark-deleted-interfaces-as-being-changed.patch @@ -0,0 +1,39 @@ +From 0fcc0f210f3a9310a1963de640b384ce866410fd Mon Sep 17 00:00:00 2001 +From: Nate Karstens +Date: Wed, 9 Aug 2017 09:16:58 -0500 +Subject: [PATCH 08/11] Mark deleted interfaces as being changed + +Netlink notification handling ignores messages for deleted links, +RTM_DELLINK. It does handle RTM_GETLINK. According to libnl docu- +mentation (http://www.infradead.org/~tgr/libnl/doc/route.html) +RTM_DELLINK can be sent by the kernel, but RTM_GETLINK cannot. +There was likely a mixup in the original implementation, so this +change replaces handling for RTM_GETLINK with RTM_DELLINK. + +Testing and Verification Instructions: + 1. Use ip-link to add and remove a VLAN interface and verify + that mDNSResponder handles the deleted link. + +Upstream-Status: Submitted [dts@apple.com] + +Signed-off-by: Nate Karstens +--- + mDNSPosix/mDNSPosix.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c +index 798ab10..a8a57df 100644 +--- a/mDNSPosix/mDNSPosix.c ++++ b/mDNSPosix/mDNSPosix.c +@@ -1163,7 +1163,7 @@ mDNSlocal void ProcessRoutingNotification(int sd, GenLinkedList *change + #endif + + // Process the NetLink message +- if (pNLMsg->nlmsg_type == RTM_GETLINK || pNLMsg->nlmsg_type == RTM_NEWLINK) ++ if (pNLMsg->nlmsg_type == RTM_DELLINK || pNLMsg->nlmsg_type == RTM_NEWLINK) + AddInterfaceIndexToList(changedInterfaces, ((struct ifinfomsg*) NLMSG_DATA(pNLMsg))->ifi_index); + else if (pNLMsg->nlmsg_type == RTM_DELADDR || pNLMsg->nlmsg_type == RTM_NEWADDR) + AddInterfaceIndexToList(changedInterfaces, ((struct ifaddrmsg*) NLMSG_DATA(pNLMsg))->ifa_index); +-- +2.17.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0009-Fix-possible-NULL-dereference.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0009-Fix-possible-NULL-dereference.patch new file mode 100644 index 0000000000..362d69768e --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0009-Fix-possible-NULL-dereference.patch @@ -0,0 +1,45 @@ +From 38cff19781f81586926b02f0fd1cb36c040395e0 Mon Sep 17 00:00:00 2001 +From: Nate Karstens +Date: Thu, 10 Aug 2017 08:21:53 -0500 +Subject: [PATCH 09/11] Fix possible NULL dereference + +Fixes a possible NULL dereference if memory for +the PosixNetworkInterface could not be allocated. +Other logic seems to prevent dereferencing this +variable if NULL, but this instance seems to have +been overlooked. + +Upstream-Status: Submitted [dts@apple.com] + +Signed-off-by: Nate Karstens +--- + mDNSPosix/mDNSPosix.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c +index a8a57df..3243ed4 100644 +--- a/mDNSPosix/mDNSPosix.c ++++ b/mDNSPosix/mDNSPosix.c +@@ -951,12 +951,15 @@ mDNSlocal int SetupOneInterface(mDNS *const m, struct ifi_info *const ifi) + + // If interface is a direct link, address record will be marked as kDNSRecordTypeKnownUnique + // and skip the probe phase of the probe/announce packet sequence. +- intf->coreIntf.DirectLink = mDNSfalse; ++ if (err == 0) ++ { ++ intf->coreIntf.DirectLink = mDNSfalse; + #ifdef DIRECTLINK_INTERFACE_NAME +- if (strcmp(intfName, STRINGIFY(DIRECTLINK_INTERFACE_NAME)) == 0) +- intf->coreIntf.DirectLink = mDNStrue; ++ if (strcmp(intfName, STRINGIFY(DIRECTLINK_INTERFACE_NAME)) == 0) ++ intf->coreIntf.DirectLink = mDNStrue; + #endif +- intf->coreIntf.SupportsUnicastMDNSResponse = mDNStrue; ++ intf->coreIntf.SupportsUnicastMDNSResponse = mDNStrue; ++ } + + // The interface is all ready to go, let's register it with the mDNS core. + if (err == 0) +-- +2.17.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0010-Handle-errors-from-socket-calls.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0010-Handle-errors-from-socket-calls.patch new file mode 100644 index 0000000000..b9b0157276 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0010-Handle-errors-from-socket-calls.patch @@ -0,0 +1,62 @@ +From 382b3b924e43abd1bdc5792918161d0922666691 Mon Sep 17 00:00:00 2001 +From: Nate Karstens +Date: Thu, 10 Aug 2017 08:27:32 -0500 +Subject: [PATCH 10/11] Handle errors from socket calls + +Adds handling for socket() or read() returning a +negative value (indicating an error has occurred). + +Upstream-Status: Submitted [dts@apple.com] + +Signed-off-by: Nate Karstens +--- + mDNSPosix/mDNSPosix.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c +index 3243ed4..84af26b 100644 +--- a/mDNSPosix/mDNSPosix.c ++++ b/mDNSPosix/mDNSPosix.c +@@ -1129,7 +1129,7 @@ mDNSlocal void ProcessRoutingNotification(int sd, GenLinkedList *change + // Read through the messages on sd and if any indicate that any interface records should + // be torn down and rebuilt, return affected indices as a bitmask. Otherwise return 0. + { +- ssize_t readCount; ++ ssize_t readVal, readCount; + char buff[4096]; + struct nlmsghdr *pNLMsg = (struct nlmsghdr*) buff; + +@@ -1138,7 +1138,10 @@ mDNSlocal void ProcessRoutingNotification(int sd, GenLinkedList *change + // enough to hold all pending data and so avoid message fragmentation. + // (Note that FIONREAD is not supported on AF_NETLINK.) + +- readCount = read(sd, buff, sizeof buff); ++ readVal = read(sd, buff, sizeof buff); ++ if (readVal < 0) return; ++ readCount = readVal; ++ + while (1) + { + // Make sure we've got an entire nlmsghdr in the buffer, and payload, too. +@@ -1154,7 +1157,9 @@ mDNSlocal void ProcessRoutingNotification(int sd, GenLinkedList *change + pNLMsg = (struct nlmsghdr*) buff; + + // read more data +- readCount += read(sd, buff + readCount, sizeof buff - readCount); ++ readVal = read(sd, buff + readCount, sizeof buff - readCount); ++ if (readVal < 0) return; ++ readCount += readVal; + continue; // spin around and revalidate with new readCount + } + else +@@ -1429,6 +1434,7 @@ mDNSlocal mDNSBool mDNSPlatformInit_CanReceiveUnicast(void) + int err; + int s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + struct sockaddr_in s5353; ++ if (s < 0) return mDNSfalse; + s5353.sin_family = AF_INET; + s5353.sin_port = MulticastDNSPort.NotAnInteger; + s5353.sin_addr.s_addr = 0; +-- +2.17.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch new file mode 100644 index 0000000000..d9adde04c2 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch @@ -0,0 +1,53 @@ +From 9ff06108cd44e84ba6c68bfa6737e793f117e303 Mon Sep 17 00:00:00 2001 +From: Nate Karstens +Date: Thu, 10 Aug 2017 08:46:03 -0500 +Subject: [PATCH] Change a dynamic allocation to file-scope variable + +Changes a variable from being dynamically-allocated to being +statically-allocated at the file scope. Addresses a Coverity +issue where it appeared that the memory was being leaked. + +Upstream-Status: Submitted [dts@apple.com] + +Signed-off-by: Nate Karstens +--- + mDNSPosix/mDNSPosix.c | 14 ++++---------- + 1 file changed, 4 insertions(+), 10 deletions(-) + +diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c +index 7aeee7b..2d25016 100755 +--- a/mDNSPosix/mDNSPosix.c ++++ b/mDNSPosix/mDNSPosix.c +@@ -81,6 +81,7 @@ static sigset_t gEventSignalSet; // Signals which event loop list + static sigset_t gEventSignals; // Signals which were received while inside loop + + static PosixNetworkInterface *gRecentInterfaces; ++static IfChangeRec gChgRec; + + // *************************************************************************** + // Globals (for debugging) +@@ -1641,18 +1642,11 @@ mDNSlocal void InterfaceChangeCallback(int fd, void *context) + mDNSlocal mStatus WatchForInterfaceChange(mDNS *const m) + { + mStatus err; +- IfChangeRec *pChgRec; + +- pChgRec = (IfChangeRec*) mDNSPlatformMemAllocateClear(sizeof *pChgRec); +- if (pChgRec == NULL) +- return mStatus_NoMemoryErr; +- +- pChgRec->mDNS = m; +- err = OpenIfNotifySocket(&pChgRec->NotifySD); ++ gChgRec.mDNS = m; ++ err = OpenIfNotifySocket(&gChgRec.NotifySD); + if (err == 0) +- err = mDNSPosixAddFDToEventLoop(pChgRec->NotifySD, InterfaceChangeCallback, pChgRec); +- if (err) +- mDNSPlatformMemFree(pChgRec); ++ err = mDNSPosixAddFDToEventLoop(gChgRec.NotifySD, InterfaceChangeCallback, &gChgRec); + + return err; + } +-- +2.20.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/mdns.service b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/mdns.service new file mode 100644 index 0000000000..531d142dcd --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/mdns.service @@ -0,0 +1,15 @@ +[Unit] +Description=Zero-configuration networking +After=network.target + +[Service] +Type=forking +ExecStartPre=/bin/rm -f /var/run/mdnsd.pid +ExecStart=/usr/sbin/mdnsd +ExecReload=/bin/kill -HUP $MAINPID +PIDFile=/var/run/mdnsd.pid +Restart=always +RestartSec=10s + +[Install] +WantedBy=multi-user.target diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb index 205dc929be..65f4847d8f 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb @@ -2,28 +2,31 @@ SUMMARY = "Publishes & browses available services on a link according to the Zer DESCRIPTION = "Bonjour, also known as zero-configuration networking, enables automatic discovery of computers, devices, and services on IP networks." HOMEPAGE = "http://developer.apple.com/networking/bonjour/" LICENSE = "Apache-2.0 & BSD-3-Clause" -LIC_FILES_CHKSUM = "file://../LICENSE;md5=31c50371921e0fb731003bbc665f29bf" +LIC_FILES_CHKSUM = "file://LICENSE;md5=31c50371921e0fb731003bbc665f29bf" DEPENDS:append:libc-musl = " musl-nscd" RPROVIDES:${PN} += "libdns_sd.so" -SRC_URI = "https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-${PV}.tar.gz \ +# matches annotated tag mDNSResponder-1310.140.1 +SRCREV = "1d1de95b98fba2077d34c9d78b839a96aa0e1c77" +BRANCH = "rel/mDNSResponder-1310" +SRC_URI = "git://github.com/apple-oss-distributions/mDNSResponder;protocol=https;branch=${BRANCH} \ file://mdns.service \ - file://0001-mdns-include-stddef.h-for-NULL.patch;patchdir=.. \ - file://0002-mdns-cross-compilation-fixes-for-bitbake.patch;patchdir=.. \ - file://0001-Create-subroutine-for-cleaning-recent-interfaces.patch;patchdir=.. \ - file://0002-Create-subroutine-for-tearing-down-an-interface.patch;patchdir=.. \ - file://0003-Track-interface-socket-family.patch;patchdir=.. \ - file://0004-Use-list-for-changed-interfaces.patch;patchdir=.. \ - file://0006-Remove-unneeded-function.patch;patchdir=.. \ - file://0008-Mark-deleted-interfaces-as-being-changed.patch;patchdir=.. \ - file://0009-Fix-possible-NULL-dereference.patch;patchdir=.. \ - file://0010-Handle-errors-from-socket-calls.patch;patchdir=.. \ - file://0011-Change-a-dynamic-allocation-to-file-scope-variable.patch;patchdir=.. \ - file://0001-dns-sd-Include-missing-headers.patch;patchdir=.. \ + file://0001-mdns-include-stddef.h-for-NULL.patch \ + file://0002-mdns-cross-compilation-fixes-for-bitbake.patch \ + file://0001-Create-subroutine-for-cleaning-recent-interfaces.patch \ + file://0002-Create-subroutine-for-tearing-down-an-interface.patch \ + file://0003-Track-interface-socket-family.patch \ + file://0004-Use-list-for-changed-interfaces.patch \ + file://0006-Remove-unneeded-function.patch \ + file://0008-Mark-deleted-interfaces-as-being-changed.patch \ + file://0009-Fix-possible-NULL-dereference.patch \ + file://0010-Handle-errors-from-socket-calls.patch \ + file://0011-Change-a-dynamic-allocation-to-file-scope-variable.patch \ + file://0001-dns-sd-Include-missing-headers.patch \ + file://0006-make-Add-top-level-Makefile.patch \ " -SRC_URI[sha256sum] = "040f6495c18b9f0557bcf9e00cbcfc82b03405f5ba6963dc147730ca0ca90d6f" CVE_PRODUCT = "apple:mdnsresponder" @@ -42,13 +45,22 @@ CVE_CHECK_IGNORE += "CVE-2007-0613" PARALLEL_MAKE = "" -S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix" +# We install a stub Makefile in the top directory so that the various checks +# in base.bbclass pass their tests for a Makefile, this ensures (that amongst +# other things) the sstate checks will clean the build directory when the +# task hashes changes. +# +# We can't use the approach of setting ${S} to mDNSPosix as we need +# DEBUG_PREFIX_MAP to cover files which come from the Clients directory too. +S = "${WORKDIR}/git" EXTRA_OEMAKE += "os=linux DEBUG=0 'CC=${CC}' 'LD=${CCLD} ${LDFLAGS}'" TARGET_CC_ARCH += "${LDFLAGS}" do_install () { + cd mDNSPosix + install -d ${D}${sbindir} install -m 0755 build/prod/mdnsd ${D}${sbindir} diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch new file mode 100644 index 0000000000..ce7e3422ed --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch @@ -0,0 +1,116 @@ +From 4589352dac3ae111c7621298cf231742209efd9b Mon Sep 17 00:00:00 2001 +From: Bill Fenner +Date: Fri, 25 Nov 2022 08:41:24 -0800 +Subject: [PATCH ] snmp_agent: disallow SET with NULL varbind + +Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57] +CVE: CVE-2022-44792 & CVE-2022-44793 +Signed-off-by: Hitendra Prajapati +--- + agent/snmp_agent.c | 32 +++++++++++++++++++ + apps/snmpset.c | 1 + + .../default/T0142snmpv2csetnull_simple | 31 ++++++++++++++++++ + 3 files changed, 64 insertions(+) + create mode 100644 testing/fulltests/default/T0142snmpv2csetnull_simple + +diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c +index 3376357..f51c252 100644 +--- a/agent/snmp_agent.c ++++ b/agent/snmp_agent.c +@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status) + return 1; + } + ++static int ++check_set_pdu_for_null_varbind(netsnmp_agent_session *asp) ++{ ++ int i; ++ netsnmp_variable_list *v = NULL; ++ ++ for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) { ++ if (v->type == ASN_NULL) { ++ /* ++ * Protect SET implementations that do not protect themselves ++ * against wrong type. ++ */ ++ DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i)); ++ asp->index = i; ++ return SNMP_ERR_WRONGTYPE; ++ } ++ } ++ return SNMP_ERR_NOERROR; ++} ++ + int + handle_pdu(netsnmp_agent_session *asp) + { + int status, inclusives = 0; + netsnmp_variable_list *v = NULL; + ++#ifndef NETSNMP_NO_WRITE_SUPPORT ++ /* ++ * Check for ASN_NULL in SET request ++ */ ++ if (asp->pdu->command == SNMP_MSG_SET) { ++ status = check_set_pdu_for_null_varbind(asp); ++ if (status != SNMP_ERR_NOERROR) { ++ return status; ++ } ++ } ++#endif /* NETSNMP_NO_WRITE_SUPPORT */ ++ + /* + * for illegal requests, mark all nodes as ASN_NULL + */ +diff --git a/apps/snmpset.c b/apps/snmpset.c +index 50f33db..387a51d 100644 +--- a/apps/snmpset.c ++++ b/apps/snmpset.c +@@ -182,6 +182,7 @@ main(int argc, char *argv[]) + case 'x': + case 'd': + case 'b': ++ case 'n': /* undocumented */ + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES + case 'I': + case 'U': +diff --git a/testing/fulltests/default/T0142snmpv2csetnull_simple b/testing/fulltests/default/T0142snmpv2csetnull_simple +new file mode 100644 +index 0000000..0f1b8f3 +--- /dev/null ++++ b/testing/fulltests/default/T0142snmpv2csetnull_simple +@@ -0,0 +1,31 @@ ++#!/bin/sh ++ ++. ../support/simple_eval_tools.sh ++ ++HEADER SNMPv2c set of system.sysContact.0 with NULL varbind ++ ++SKIPIF NETSNMP_DISABLE_SET_SUPPORT ++SKIPIF NETSNMP_NO_WRITE_SUPPORT ++SKIPIF NETSNMP_DISABLE_SNMPV2C ++SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE ++ ++# ++# Begin test ++# ++ ++# standard V2C configuration: testcomunnity ++snmp_write_access='all' ++. ./Sv2cconfig ++STARTAGENT ++ ++CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0" ++ ++CHECK ".1.3.6.1.2.1.1.4.0 = STRING:" ++ ++CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x" ++ ++CHECK "Reason: wrongType" ++ ++STOPAGENT ++ ++FINISHED +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb index 7af5147566..eb8e1599fb 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb @@ -26,6 +26,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \ file://net-snmp-fix-for-disable-des.patch \ file://reproducibility-have-printcap.patch \ file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \ + file://CVE-2022-44792-CVE-2022-44793.patch \ " SRC_URI[sha256sum] = "2097f29b7e1bf3f1300b4bae52fa2308d0bb8d5d3998dbe02f9462a413a2ef0a" diff --git a/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.2.bb b/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.2.bb index 8ce9e1db55..b7d21b7e91 100644 --- a/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.2.bb +++ b/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.2.bb @@ -45,7 +45,7 @@ DEPENDS = "pps-tools" # Note: Despite being built via './configure; make; make install', # chrony does not use GNU Autotools. -inherit update-rc.d systemd +inherit update-rc.d systemd pkgconfig # Add chronyd user if privdrop packageconfig is selected inherit ${@bb.utils.contains('PACKAGECONFIG', 'privdrop', 'useradd', '', d)} @@ -53,14 +53,6 @@ USERADD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '${PN}', ' USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--system -d / -M --shell /bin/nologin chronyd;', '', d)}" # Configuration options: -# - For command line editing support in chronyc, you may specify either -# 'editline' or 'readline' but not both. editline is smaller, but -# many systems already have readline for other purposes so you might want -# to choose that instead. However, beware license incompatibility -# since chrony is GPLv2 and readline versions after 6.0 are GPLv3+. -# You can of course choose neither, but if you're that tight on space -# consider dropping chronyc entirely (you can use it remotely with -# appropriate chrony.conf options). # - Security-related: # - 'sechash' is omitted by default because it pulls in nss which is huge. # - 'privdrop' allows chronyd to run as non-root; would need changes to @@ -70,14 +62,17 @@ USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--sys PACKAGECONFIG ??= "editline \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " -PACKAGECONFIG[readline] = "--without-editline,--without-readline,readline" PACKAGECONFIG[editline] = ",--without-editline,libedit" PACKAGECONFIG[sechash] = "--without-tomcrypt,--disable-sechash,nss" -PACKAGECONFIG[privdrop] = "--with-libcap,--disable-privdrop --without-libcap,libcap" +PACKAGECONFIG[privdrop] = ",--disable-privdrop,libcap" PACKAGECONFIG[scfilter] = "--enable-scfilter,--without-seccomp,libseccomp" PACKAGECONFIG[ipv6] = ",--disable-ipv6," -PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" -PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap" + +# These are left for backwards compatibility, to avoid breaking existing +# configurations. +PACKAGECONFIG[libcap] = "" +PACKAGECONFIG[nss] = "" +PACKAGECONFIG[readline] = "" # --disable-static isn't supported by chrony's configure script. DISABLE_STATIC = "" diff --git a/meta-openembedded/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb b/meta-openembedded/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb index d4cdda0f81..516e467ee4 100644 --- a/meta-openembedded/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb +++ b/meta-openembedded/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb @@ -5,7 +5,10 @@ LICENSE = "GPL-3.0-only & LGPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SRCREV = "8c06dce7d596e478c20bc54bdcec87ad97f80a1b" -SRC_URI = "git://git.samba.org/cifs-utils.git;branch=master" +SRC_URI = "git://git.samba.org/cifs-utils.git;branch=master \ + file://CVE-2022-27239.patch \ + file://CVE-2022-29869.patch \ +" S = "${WORKDIR}/git" DEPENDS += "libtalloc" diff --git a/meta-openembedded/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch b/meta-openembedded/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch new file mode 100644 index 0000000000..77f6745abe --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch @@ -0,0 +1,40 @@ +From 007c07fd91b6d42f8bd45187cf78ebb06801139d Mon Sep 17 00:00:00 2001 +From: Jeffrey Bencteux +Date: Thu, 17 Mar 2022 12:58:52 -0400 +Subject: [PATCH] CVE-2022-27239: mount.cifs: fix length check for ip option + parsing + +Previous check was true whatever the length of the input string was, +leading to a buffer overflow in the subsequent strcpy call. + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=15025 + +Signed-off-by: Jeffrey Bencteux +Reviewed-by: David Disseldorp + +Upstream-Status: Backport [ https://git.samba.org/?p=cifs-utils.git;a=commit;h=007c07fd91b6d42f8bd45187cf78ebb06801139d] +CVE: CVE-2022-27239 +Signed-off-by: Lee Chee Yang +--- + mount.cifs.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 84274c9..3a6b449 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -926,9 +926,10 @@ parse_options(const char *data, struct parsed_mount_info *parsed_info) + if (!value || !*value) { + fprintf(stderr, + "target ip address argument missing\n"); +- } else if (strnlen(value, MAX_ADDRESS_LEN) <= ++ } else if (strnlen(value, MAX_ADDRESS_LEN) < + MAX_ADDRESS_LEN) { +- strcpy(parsed_info->addrlist, value); ++ strlcpy(parsed_info->addrlist, value, ++ MAX_ADDRESS_LEN); + if (parsed_info->verboseflag) + fprintf(stderr, + "ip address %s override specified\n", +-- +2.34.1 diff --git a/meta-openembedded/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch b/meta-openembedded/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch new file mode 100644 index 0000000000..f0c3f37dec --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch @@ -0,0 +1,48 @@ +From 8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379 Mon Sep 17 00:00:00 2001 +From: Jeffrey Bencteux +Date: Sat, 19 Mar 2022 13:41:15 -0400 +Subject: [PATCH] mount.cifs: fix verbose messages on option parsing + +When verbose logging is enabled, invalid credentials file lines may be +dumped to stderr. This may lead to information disclosure in particular +conditions when the credentials file given is sensitive and contains '=' +signs. + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=15026 + +Signed-off-by: Jeffrey Bencteux +Reviewed-by: David Disseldorp + +Upstream-Status: Backport [https://git.samba.org/?p=cifs-utils.git;a=commit;h=8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379] +CVE: CVE-2022-29869 +Signed-off-by: Lee Chee Yang +--- + mount.cifs.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 3a6b449..2278995 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -628,17 +628,13 @@ static int open_cred_file(char *file_name, + goto return_i; + break; + case CRED_DOM: +- if (parsed_info->verboseflag) +- fprintf(stderr, "domain=%s\n", +- temp_val); + strlcpy(parsed_info->domain, temp_val, + sizeof(parsed_info->domain)); + break; + case CRED_UNPARSEABLE: + if (parsed_info->verboseflag) + fprintf(stderr, "Credential formatted " +- "incorrectly: %s\n", +- temp_val ? temp_val : "(null)"); ++ "incorrectly\n"); + break; + } + } +-- +2.34.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc index a8ff21a125..9e0f529ec1 100644 --- a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc +++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc @@ -14,6 +14,7 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV file://dnsmasq-resolvconf.service \ file://dnsmasq-noresolvconf.service \ file://dnsmasq-resolved.conf \ + file://CVE-2023-28450.patch \ " inherit pkgconfig update-rc.d systemd diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch b/meta-openembedded/meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch new file mode 100644 index 0000000000..129c9043e8 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch @@ -0,0 +1,48 @@ +From eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Tue, 7 Mar 2023 22:07:46 +0000 +Subject: [PATCH] Set the default maximum DNS UDP packet size to 1232. + +http://www.dnsflagday.net/2020/ refers. + +Thanks to Xiang Li for the prompt. + +CVE: CVE-2023-28450 +Upstream-Status: Backport [https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5] + +Signed-off-by: Peter Marko +--- + man/dnsmasq.8 | 3 ++- + src/config.h | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 +index 41e2e04..5acb935 100644 +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -183,7 +183,8 @@ to zero completely disables DNS function, leaving only DHCP and/or TFTP. + .TP + .B \-P, --edns-packet-max= + Specify the largest EDNS.0 UDP packet which is supported by the DNS +-forwarder. Defaults to 4096, which is the RFC5625-recommended size. ++forwarder. Defaults to 1232, which is the recommended size following the ++DNS flag day in 2020. Only increase if you know what you are doing. + .TP + .B \-Q, --query-port= + Send outbound DNS queries from, and listen for their replies on, the +diff --git a/src/config.h b/src/config.h +index 1e7b30f..37b374e 100644 +--- a/src/config.h ++++ b/src/config.h +@@ -19,7 +19,7 @@ + #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */ + #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */ + #define TCP_BACKLOG 32 /* kernel backlog limit for TCP connections */ +-#define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */ ++#define EDNS_PKTSZ 1232 /* default max EDNS.0 UDP packet from from /dnsflagday.net/2020 */ + #define SAFE_PKTSZ 1232 /* "go anywhere" UDP packet size, see https://dnsflagday.net/2020/ */ + #define KEYBLOCK_LEN 40 /* choose to minimise fragmentation when storing DNSSEC keys */ + #define DNSSEC_WORK 50 /* Max number of queries to validate one question */ +-- +2.20.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb b/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb index a30f720bb5..91e4945a17 100644 --- a/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb +++ b/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb @@ -29,6 +29,7 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19" # CVE-2016-9312 is only for windows. +# CVE-2019-11331 is inherent to RFC 5905 and cannot be fixed without breaking compatibility # The other CVEs are not correctly identified because cve-check # is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference) CVE_CHECK_IGNORE += "\ @@ -52,6 +53,7 @@ CVE_CHECK_IGNORE += "\ CVE-2016-7433 \ CVE-2016-9310 \ CVE-2016-9311 \ + CVE-2019-11331 \ " diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2022-40617.patch b/meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2022-40617.patch new file mode 100644 index 0000000000..ffef6800eb --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2022-40617.patch @@ -0,0 +1,157 @@ +From 6a6c275534e31b41f6d203cfd92685b7526a45e8 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati +Date: Fri, 11 Nov 2022 10:15:38 +0530 +Subject: [PATCH] CVE-2022-40617 + +Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2022-40617] +CVE: CVE-2022-40617 +Signed-off-by: Hitendra Prajapati + +credential-manager: Do online revocation checks only after + basic trust chain validation + +This avoids querying URLs of potentially untrusted certificates, e.g. if +an attacker sends a specially crafted end-entity and intermediate CA +certificate with a CDP that points to a server that completes the +TCP handshake but then does not send any further data, which will block +the fetcher thread (depending on the plugin) for as long as the default +timeout for TCP. Doing that multiple times will block all worker threads, +leading to a DoS attack. + +The logging during the certificate verification obviously changes. +--- + .../credentials/credential_manager.c | 54 +++++++++++++++---- + 1 file changed, 45 insertions(+), 9 deletions(-) + +diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c +index 3be0190..f65372b 100644 +--- a/src/libstrongswan/credentials/credential_manager.c ++++ b/src/libstrongswan/credentials/credential_manager.c +@@ -555,7 +555,7 @@ static void cache_queue(private_credential_manager_t *this) + */ + static bool check_lifetime(private_credential_manager_t *this, + certificate_t *cert, char *label, +- int pathlen, bool trusted, auth_cfg_t *auth) ++ int pathlen, bool anchor, auth_cfg_t *auth) + { + time_t not_before, not_after; + cert_validator_t *validator; +@@ -570,7 +570,7 @@ static bool check_lifetime(private_credential_manager_t *this, + continue; + } + status = validator->check_lifetime(validator, cert, +- pathlen, trusted, auth); ++ pathlen, anchor, auth); + if (status != NEED_MORE) + { + break; +@@ -603,13 +603,13 @@ static bool check_lifetime(private_credential_manager_t *this, + */ + static bool check_certificate(private_credential_manager_t *this, + certificate_t *subject, certificate_t *issuer, bool online, +- int pathlen, bool trusted, auth_cfg_t *auth) ++ int pathlen, bool anchor, auth_cfg_t *auth) + { + cert_validator_t *validator; + enumerator_t *enumerator; + + if (!check_lifetime(this, subject, "subject", pathlen, FALSE, auth) || +- !check_lifetime(this, issuer, "issuer", pathlen + 1, trusted, auth)) ++ !check_lifetime(this, issuer, "issuer", pathlen + 1, anchor, auth)) + { + return FALSE; + } +@@ -622,7 +622,7 @@ static bool check_certificate(private_credential_manager_t *this, + continue; + } + if (!validator->validate(validator, subject, issuer, +- online, pathlen, trusted, auth)) ++ online, pathlen, anchor, auth)) + { + enumerator->destroy(enumerator); + return FALSE; +@@ -725,6 +725,7 @@ static bool verify_trust_chain(private_credential_manager_t *this, + auth_cfg_t *auth; + signature_params_t *scheme; + int pathlen; ++ bool is_anchor = FALSE; + + auth = auth_cfg_create(); + get_key_strength(subject, auth); +@@ -742,7 +743,7 @@ static bool verify_trust_chain(private_credential_manager_t *this, + auth->add(auth, AUTH_RULE_CA_CERT, issuer->get_ref(issuer)); + DBG1(DBG_CFG, " using trusted ca certificate \"%Y\"", + issuer->get_subject(issuer)); +- trusted = TRUE; ++ trusted = is_anchor = TRUE; + } + else + { +@@ -777,11 +778,18 @@ static bool verify_trust_chain(private_credential_manager_t *this, + DBG1(DBG_CFG, " issuer is \"%Y\"", + current->get_issuer(current)); + call_hook(this, CRED_HOOK_NO_ISSUER, current); ++ if (trusted) ++ { ++ DBG1(DBG_CFG, " reached end of incomplete trust chain for " ++ "trusted certificate \"%Y\"", ++ subject->get_subject(subject)); ++ } + break; + } + } +- if (!check_certificate(this, current, issuer, online, +- pathlen, trusted, auth)) ++ /* don't do online verification here */ ++ if (!check_certificate(this, current, issuer, FALSE, ++ pathlen, is_anchor, auth)) + { + trusted = FALSE; + issuer->destroy(issuer); +@@ -793,7 +801,7 @@ static bool verify_trust_chain(private_credential_manager_t *this, + } + current->destroy(current); + current = issuer; +- if (trusted) ++ if (is_anchor) + { + DBG1(DBG_CFG, " reached self-signed root ca with a " + "path length of %d", pathlen); +@@ -806,6 +814,34 @@ static bool verify_trust_chain(private_credential_manager_t *this, + DBG1(DBG_CFG, "maximum path length of %d exceeded", MAX_TRUST_PATH_LEN); + call_hook(this, CRED_HOOK_EXCEEDED_PATH_LEN, subject); + } ++ else if (trusted && online) ++ { ++ enumerator_t *enumerator; ++ auth_rule_t rule; ++ ++ /* do online revocation checks after basic validation of the chain */ ++ pathlen = 0; ++ current = subject; ++ enumerator = auth->create_enumerator(auth); ++ while (enumerator->enumerate(enumerator, &rule, &issuer)) ++ { ++ if (rule == AUTH_RULE_CA_CERT || rule == AUTH_RULE_IM_CERT) ++ { ++ if (!check_certificate(this, current, issuer, TRUE, pathlen++, ++ rule == AUTH_RULE_CA_CERT, auth)) ++ { ++ trusted = FALSE; ++ break; ++ } ++ else if (rule == AUTH_RULE_CA_CERT) ++ { ++ break; ++ } ++ current = issuer; ++ } ++ } ++ enumerator->destroy(enumerator); ++ } + if (trusted) + { + result->merge(result, auth, FALSE); +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb index 1b82dceac2..b8d44db26b 100644 --- a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb @@ -10,6 +10,7 @@ DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ file://0001-enum-Fix-compiler-warning.patch \ + file://CVE-2022-40617.patch \ " SRC_URI[sha256sum] = "91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7" diff --git a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb index fe9685924b..226543bbd8 100644 --- a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb +++ b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb @@ -49,9 +49,9 @@ do_configure:append() { # Create PYTHON_TARBALL which LIRC needs for install-nodist_pkgdataDATA do_install:prepend() { - rm -rf ${WORKDIR}/${PN}-${PV}/python-pkg/dist/ - mkdir ${WORKDIR}/${PN}-${PV}/python-pkg/dist/ - tar --exclude='${WORKDIR}/${PN}-${PV}/python-pkg/*' -czf ${WORKDIR}/${PN}-${PV}/python-pkg/dist/${PN}-${PV}.tar.gz ${S} + rm -rf ${S}/python-pkg/dist/ + mkdir ${S}/python-pkg/dist/ + tar --exclude='${S}/python-pkg/*' -czf ${S}/python-pkg/dist/${BP}.tar.gz ${S} } # In code, path to python is a variable that is replaced with path to native version of it diff --git a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb index ff4a16e9f2..0969fb6ce2 100644 --- a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb +++ b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb @@ -117,7 +117,7 @@ scons_do_install() { # install mongo data folder install -m 755 -d ${D}${localstatedir}/lib/${BPN} - chown ${PN}:${PN} ${D}${localstatedir}/lib/${BPN} + chown ${BPN}:${BPN} ${D}${localstatedir}/lib/${BPN} # Create /var/log/mongodb in runtime. if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then diff --git a/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch b/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch new file mode 100644 index 0000000000..8b6405b4ad --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch @@ -0,0 +1,46 @@ +From d3880d9d3ba795138444da83f1153c3c3ac27640 Mon Sep 17 00:00:00 2001 +From: Michael Larabel +Date: Sat, 23 Jul 2022 07:32:43 -0500 +Subject: [PATCH] phoromatic: Explicitly check both $_GET abd $_POST in + phoromatic_quit_if_invalid_input_found() + +Fixes: https://github.com/phoronix-test-suite/phoronix-test-suite/issues/650#issuecomment-1193116678 + +Upstream-Status: Backport +CVE: CVE-2022-40704 + +Reference to upstream patch: +https://github.com/phoronix-test-suite/phoronix-test-suite/commit/d3880d9d3ba795138444da83f1153c3c3ac27640 + +Signed-off-by: Li Wang +--- + pts-core/phoromatic/phoromatic_functions.php | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/pts-core/phoromatic/phoromatic_functions.php b/pts-core/phoromatic/phoromatic_functions.php +index 74ccc5444c..c2313dcdea 100644 +--- a/pts-core/phoromatic/phoromatic_functions.php ++++ b/pts-core/phoromatic/phoromatic_functions.php +@@ -37,9 +37,20 @@ function phoromatic_quit_if_invalid_input_found($input_keys = null) + { + foreach($input_keys as $key) + { +- if(isset($_REQUEST[$key]) && !empty($_REQUEST[$key])) ++ if(isset($_GET[$key]) && !empty($_GET[$key])) + { +- foreach(pts_arrays::to_array($_REQUEST[$key]) as $val_to_check) ++ foreach(pts_arrays::to_array($_GET[$key]) as $val_to_check) ++ { ++ if(stripos($val_to_check, $invalid_string) !== false) ++ { ++ echo 'Exited due to invalid input ( ' . $invalid_string . ') attempted: ' . htmlspecialchars($val_to_check); ++ exit; ++ } ++ } ++ } ++ if(isset($_POST[$key]) && !empty($_POST[$key])) ++ { ++ foreach(pts_arrays::to_array($_POST[$key]) as $val_to_check) + { + if(stripos($val_to_check, $invalid_string) !== false) + { diff --git a/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb b/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb index 825f7024e7..44f2249bc9 100644 --- a/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb +++ b/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb @@ -5,7 +5,11 @@ LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SECTION = "console/tests" -SRC_URI = "http://www.phoronix-test-suite.com/releases/${BP}.tar.gz" +SRC_URI = "http://www.phoronix-test-suite.com/releases/${BP}.tar.gz \ + file://CVE-2022-40704.patch \ + " + + SRC_URI[md5sum] = "459c3c45b39bb3d720ddc8ba5f944332" SRC_URI[sha256sum] = "86681343d20415831ab16ef6c3d1c317e2345e771925e0698ae920a03a9eaab6" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch b/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch new file mode 100644 index 0000000000..6d04bf8980 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch @@ -0,0 +1,110 @@ +From 4e661f0085ec5f969c76c0896a34322c6c432de4 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Mon, 17 Oct 2022 20:25:11 -0400 +Subject: [PATCH] Fix integer overflows in PAC parsing + +In krb5_parse_pac(), check for buffer counts large enough to threaten +integer overflow in the header length and memory length calculations. +Avoid potential integer overflows when checking the length of each +buffer. Credit to OSS-Fuzz for discovering one of the issues. + +CVE-2022-42898: + +In MIT krb5 releases 1.8 and later, an authenticated attacker may be +able to cause a KDC or kadmind process to crash by reading beyond the +bounds of allocated memory, creating a denial of service. A +privileged attacker may similarly be able to cause a Kerberos or GSS +application service to crash. On 32-bit platforms, an attacker can +also cause insufficient memory to be allocated for the result, +potentially leading to remote code execution in a KDC, kadmind, or GSS +or Kerberos application server process. An attacker with the +privileges of a cross-realm KDC may be able to extract secrets from a +KDC process's memory by having them copied into the PAC of a new +ticket. + +(cherry picked from commit ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583) + +ticket: 9074 +version_fixed: 1.19.4 + +Upstream-Status: Backport [https://github.com/krb5/krb5/commit/4e661f0085ec5f969c76c0896a34322c6c432de4] +CVE: CVE-2022-42898 +Signed-off-by: Hitendra Prajapati +--- + src/lib/krb5/krb/pac.c | 9 +++++++-- + src/lib/krb5/krb/t_pac.c | 18 ++++++++++++++++++ + 2 files changed, 25 insertions(+), 2 deletions(-) + +diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c +index cc74f37..70428a1 100644 +--- a/src/lib/krb5/krb/pac.c ++++ b/src/lib/krb5/krb/pac.c +@@ -27,6 +27,8 @@ + #include "k5-int.h" + #include "authdata.h" + ++#define MAX_BUFFERS 4096 ++ + /* draft-brezak-win2k-krb-authz-00 */ + + /* +@@ -316,6 +318,9 @@ krb5_pac_parse(krb5_context context, + if (version != 0) + return EINVAL; + ++ if (cbuffers < 1 || cbuffers > MAX_BUFFERS) ++ return ERANGE; ++ + header_len = PACTYPE_LENGTH + (cbuffers * PAC_INFO_BUFFER_LENGTH); + if (len < header_len) + return ERANGE; +@@ -348,8 +353,8 @@ krb5_pac_parse(krb5_context context, + krb5_pac_free(context, pac); + return EINVAL; + } +- if (buffer->Offset < header_len || +- buffer->Offset + buffer->cbBufferSize > len) { ++ if (buffer->Offset < header_len || buffer->Offset > len || ++ buffer->cbBufferSize > len - buffer->Offset) { + krb5_pac_free(context, pac); + return ERANGE; + } +diff --git a/src/lib/krb5/krb/t_pac.c b/src/lib/krb5/krb/t_pac.c +index 7b756a2..2353e9f 100644 +--- a/src/lib/krb5/krb/t_pac.c ++++ b/src/lib/krb5/krb/t_pac.c +@@ -431,6 +431,16 @@ static const unsigned char s4u_pac_ent_xrealm[] = { + 0x8a, 0x81, 0x9c, 0x9c, 0x00, 0x00, 0x00, 0x00 + }; + ++static const unsigned char fuzz1[] = { ++ 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, ++ 0x06, 0xff, 0xff, 0xff, 0x00, 0x00, 0xf5 ++}; ++ ++static const unsigned char fuzz2[] = { ++ 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, ++ 0x20, 0x20 ++}; ++ + static const char *s4u_principal = "w2k8u@ACME.COM"; + static const char *s4u_enterprise = "w2k8u@abc@ACME.COM"; + +@@ -646,6 +656,14 @@ main(int argc, char **argv) + krb5_free_principal(context, sep); + } + ++ /* Check problematic PACs found by fuzzing. */ ++ ret = krb5_pac_parse(context, fuzz1, sizeof(fuzz1), &pac); ++ if (!ret) ++ err(context, ret, "krb5_pac_parse should have failed"); ++ ret = krb5_pac_parse(context, fuzz2, sizeof(fuzz2), &pac); ++ if (!ret) ++ err(context, ret, "krb5_pac_parse should have failed"); ++ + /* + * Test empty free + */ +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb b/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb index 6e0b2fdacb..cabae374e1 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb @@ -32,6 +32,7 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \ file://krb5-admin-server.service \ file://CVE-2021-36222.patch;striplevel=2 \ file://CVE-2021-37750.patch;striplevel=2 \ + file://CVE-2022-42898.patch;striplevel=2 \ " SRC_URI[md5sum] = "aa4337fffa3b61f22dbd0167f708818f" SRC_URI[sha256sum] = "1a4bba94df92f6d39a197a10687653e8bfbc9a2076e129f6eb92766974f86134" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch new file mode 100644 index 0000000000..6028520923 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch @@ -0,0 +1,37 @@ +From 6b5dfdb31aa503bb0358784c632ff3a04e7a8ff4 Mon Sep 17 00:00:00 2001 +From: Changqing Li +Date: Wed, 4 Jan 2023 13:51:03 +0800 +Subject: [PATCH] [DEV-2301] fixed spoofing X-Forwarded-For request header + allows to access Frontend in maintenace mode + +Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/50668e9d64af32cdc67a45082c556699ff86565e] +CVE: CVE-2022-43515 + +Signed-off-by: Changqing Li +--- + ui/include/classes/user/CWebUser.php | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/ui/include/classes/user/CWebUser.php b/ui/include/classes/user/CWebUser.php +index e6e651e..bfacce7 100644 +--- a/ui/include/classes/user/CWebUser.php ++++ b/ui/include/classes/user/CWebUser.php +@@ -231,13 +231,11 @@ class CWebUser { + } + + /** +- * Get user ip address. ++ * Get user IP address. + * + * @return string + */ + public static function getIp(): string { +- return (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && $_SERVER['HTTP_X_FORWARDED_FOR'] !== '') +- ? $_SERVER['HTTP_X_FORWARDED_FOR'] +- : $_SERVER['REMOTE_ADDR']; ++ return $_SERVER['REMOTE_ADDR']; + } + } +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch new file mode 100644 index 0000000000..debd0aaa8e --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch @@ -0,0 +1,53 @@ +From 7373f92c80eb89941428468cd6b9d5c8879a7f93 Mon Sep 17 00:00:00 2001 +From: Changqing Li +Date: Wed, 4 Jan 2023 14:23:34 +0800 +Subject: [PATCH] [DEV-2283] added validation of the scheduled report + generation URL to zabbix-web-service + +Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/fdb03971867] +CVE: CVE-2022-46768 + +Signed-off-by: Changqing Li +--- + .../zabbix_web_service/pdf_report_creator.go | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go +index 391b58b..8452a3d 100644 +--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go ++++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go +@@ -29,6 +29,7 @@ import ( + "net/http" + "net/url" + "strconv" ++ "strings" + "time" + + "github.com/chromedp/cdproto/emulation" +@@ -123,6 +124,23 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) { + return + } + ++ if u.Scheme != "http" && u.Scheme != "https" { ++ logAndWriteError(w, fmt.Sprintf("Unexpected URL scheme: \"%s\"", u.Scheme), http.StatusBadRequest) ++ return ++ } ++ ++ if !strings.HasSuffix(u.Path, "/zabbix.php") { ++ logAndWriteError(w, fmt.Sprintf("Unexpected URL path: \"%s\"", u.Path), http.StatusBadRequest) ++ return ++ } ++ ++ queryParams := u.Query() ++ ++ if queryParams.Get("action") != "dashboard.print" { ++ logAndWriteError(w, fmt.Sprintf("Unexpected URL action: \"%s\"", queryParams.Get("action")), http.StatusBadRequest) ++ return ++ } ++ + log.Tracef( + "making chrome headless request with parameters url: %s, width: %s, height: %s for report request from %s", + u.String(), req.Parameters["width"], req.Parameters["height"], r.RemoteAddr) +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch new file mode 100644 index 0000000000..453f67a920 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch @@ -0,0 +1,116 @@ +From 90274a56b2505997cd1677f0bd6a8b89b21df163 Mon Sep 17 00:00:00 2001 +From: Changqing Li +Date: Wed, 26 Apr 2023 15:00:07 +0800 +Subject: [PATCH] Fix CVE-2023-29451 + +.......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character + +Merge in ZBX/zabbix from feature/DEV-2450-6.0 to release/6.0 + +* commit '97efb4ed5069d4febe825671e2c3d106478d082d': + .......PS. [DEV-2450] added mock test + .......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character + .......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character + +Upstream-Status: Backport +[https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/3b6a8c84612a67daaf89879226349420104bff24] +CVE: CVE-2023-29451 + +Signed-off-by: Changqing Li +--- + src/libs/zbxdiag/diag.c | 3 ++- + src/libs/zbxjson/json.c | 2 +- + src/libs/zbxjson/json.h | 1 + + src/libs/zbxjson/json_parser.c | 15 +++++---------- + src/zabbix_server/reporter/report_protocol.c | 3 ++- + 5 files changed, 11 insertions(+), 13 deletions(-) + +diff --git a/src/libs/zbxdiag/diag.c b/src/libs/zbxdiag/diag.c +index 6fc5509..dc47407 100644 +--- a/src/libs/zbxdiag/diag.c ++++ b/src/libs/zbxdiag/diag.c +@@ -673,7 +673,8 @@ static void diag_get_simple_values(const struct zbx_json_parse *jp, char **msg) + { + if (FAIL == zbx_json_brackets_open(pnext, &jp_value)) + { +- zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, &type); ++ if (NULL == zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, &type)) ++ type = ZBX_JSON_TYPE_NULL; + + if (0 != msg_offset) + zbx_chrcpy_alloc(msg, &msg_alloc, &msg_offset, ' '); +diff --git a/src/libs/zbxjson/json.c b/src/libs/zbxjson/json.c +index 4161ef0..c043d7e 100644 +--- a/src/libs/zbxjson/json.c ++++ b/src/libs/zbxjson/json.c +@@ -764,7 +764,7 @@ static unsigned int zbx_hex2num(char c) + * 0 on error (invalid escape sequence) * + * * + ******************************************************************************/ +-static unsigned int zbx_json_decode_character(const char **p, unsigned char *bytes) ++unsigned int zbx_json_decode_character(const char **p, unsigned char *bytes) + { + bytes[0] = '\0'; + +diff --git a/src/libs/zbxjson/json.h b/src/libs/zbxjson/json.h +index c59646a..4008411 100644 +--- a/src/libs/zbxjson/json.h ++++ b/src/libs/zbxjson/json.h +@@ -29,5 +29,6 @@ + SKIP_WHITESPACE(src) + + void zbx_set_json_strerror(const char *fmt, ...) __zbx_attr_format_printf(1, 2); ++unsigned int zbx_json_decode_character(const char **p, unsigned char *bytes); + + #endif +diff --git a/src/libs/zbxjson/json_parser.c b/src/libs/zbxjson/json_parser.c +index c8dcee4..64d24cf 100644 +--- a/src/libs/zbxjson/json_parser.c ++++ b/src/libs/zbxjson/json_parser.c +@@ -88,7 +88,7 @@ static zbx_int64_t json_parse_string(const char *start, char **error) + if ('\\' == *ptr) + { + const char *escape_start = ptr; +- int i; ++ unsigned char uc[4]; /* decoded Unicode character takes 1-4 bytes in UTF-8 */ + + /* unexpected end of string data, failing */ + if ('\0' == *(++ptr)) +@@ -107,16 +107,11 @@ static zbx_int64_t json_parse_string(const char *start, char **error) + break; + case 'u': + /* check if the \u is followed with 4 hex digits */ +- for (i = 0; i < 4; i++) +- { +- if (0 == isxdigit((unsigned char)*(++ptr))) +- { +- return json_error("invalid escape sequence in string", +- escape_start, error); +- } ++ if (0 == zbx_json_decode_character(&ptr, uc)) { ++ return json_error("invalid escape sequence in string", ++ escape_start, error); + } +- +- break; ++ continue; + default: + return json_error("invalid escape sequence in string data", + escape_start, error); +diff --git a/src/zabbix_server/reporter/report_protocol.c b/src/zabbix_server/reporter/report_protocol.c +index 5f55f51..ee0e02e 100644 +--- a/src/zabbix_server/reporter/report_protocol.c ++++ b/src/zabbix_server/reporter/report_protocol.c +@@ -421,7 +421,8 @@ void zbx_report_test(const struct zbx_json_parse *jp, zbx_uint64_t userid, struc + size_t value_alloc = 0; + zbx_ptr_pair_t pair; + +- zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, NULL); ++ if (NULL == zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, NULL)) ++ continue; + pair.first = zbx_strdup(NULL, key); + pair.second = value; + zbx_vector_ptr_pair_append(¶ms, pair); +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb index f5d89d6c3d..7f530a5529 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb @@ -26,6 +26,9 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" SRC_URI = "https://cdn.zabbix.com/zabbix/sources/stable/5.4/${BPN}-${PV}.tar.gz \ file://0001-Fix-configure.ac.patch \ file://zabbix-agent.service \ + file://CVE-2022-43515.patch \ + file://CVE-2022-46768.patch \ + file://CVE-2023-29451.patch \ " SRC_URI[md5sum] = "f295fd2df86143d72f6ff26e47d9e39e" diff --git a/meta-openembedded/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb b/meta-openembedded/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb index c8dabc5ead..44804545de 100644 --- a/meta-openembedded/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb +++ b/meta-openembedded/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb @@ -9,7 +9,7 @@ SRC_URI = "git://github.com/dbus-cxx/dbus-cxx.git;branch=master;protocol=https \ file://0001-Include-typeinfo-for-typeid.patch \ file://0001-include-utility-header.patch \ " -SRC_URI:append:libc-musl = "file://fix_build_musl.patch" +SRC_URI:append:libc-musl = " file://fix_build_musl.patch" SRCREV = "73532d6a5faae9c721c2cc9535b8ef32d4d18264" DEPENDS = "\ diff --git a/meta-openembedded/meta-oe/recipes-core/pim435/pim435_git.bb b/meta-openembedded/meta-oe/recipes-core/pim435/pim435_git.bb index f73a0fd54e..80e3cc6298 100644 --- a/meta-openembedded/meta-oe/recipes-core/pim435/pim435_git.bb +++ b/meta-openembedded/meta-oe/recipes-core/pim435/pim435_git.bb @@ -9,8 +9,8 @@ written in C" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSES/MIT.txt;md5=7dda4e90ded66ab88b86f76169f28663" -SRC_URI = "git://booting.oniroproject.org/distro/components/pim435;protocol=https;branch=main" -SRCREV = "ee07a83de4d0ecdf4b5de20a7e374d36a9a6f5d5" +SRC_URI = "git://gitlab.eclipse.org/eclipse/oniro-blueprints/core/pim435;protocol=https;branch=main" +SRCREV = "445ed623ec8d3ecbb1d566900b4ef3fb3031d689" S = "${WORKDIR}/git" DEPENDS = "i2c-tools" diff --git a/meta-openembedded/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb b/meta-openembedded/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb index c95a5b2d32..1c2c6e21e0 100644 --- a/meta-openembedded/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb +++ b/meta-openembedded/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb @@ -16,7 +16,7 @@ S = "${WORKDIR}/git" DEPENDS = "openssl" -EXTRA_OEMAKE:append = "PREFIX=${prefix} LIBDIR=${libdir} USE_SHARED_LIB=1" +EXTRA_OEMAKE:append = " PREFIX=${prefix} LIBDIR=${libdir} USE_SHARED_LIB=1" # We want to statically link the binary to libfsverity on native Windows EXTRA_OEMAKE:remove:mingw32:class-nativesdk = "USE_SHARED_LIB=1" EXTRA_OEMAKE:remove:mingw32:class-native = "USE_SHARED_LIB=1" diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.4.bb b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.4.bb deleted file mode 100644 index e38726d3f9..0000000000 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.4.bb +++ /dev/null @@ -1,20 +0,0 @@ -require mariadb.inc -inherit native - -PROVIDES += "mysql5-native" -DEPENDS = "ncurses-native zlib-native bison-native libpcre2-native" - -RDEPENDS:${PN} = "" -PACKAGES = "" -EXTRA_OEMAKE = "" - -do_install() { - oe_runmake 'DESTDIR=${D}' install - - install -d ${D}${bindir} - install -m 0755 sql/gen_lex_hash ${D}${bindir}/ - install -m 0755 sql/gen_lex_token ${D}${bindir}/ - install -m 0755 extra/comp_err ${D}${bindir}/ - install -m 0755 scripts/comp_sql ${D}${bindir}/ -} - diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.8.bb b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.8.bb new file mode 100644 index 0000000000..17a06349b0 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.8.bb @@ -0,0 +1,22 @@ +require mariadb.inc +inherit native + +PROVIDES += "mysql5-native" +DEPENDS = "ncurses-native zlib-native bison-native libpcre2-native \ +gnutls-native fmt-native \ +" + +RDEPENDS:${PN} = "" +PACKAGES = "" +EXTRA_OEMAKE = "" + +do_install() { + oe_runmake 'DESTDIR=${D}' install + + install -d ${D}${bindir} + install -m 0755 sql/gen_lex_hash ${D}${bindir}/ + install -m 0755 sql/gen_lex_token ${D}${bindir}/ + install -m 0755 extra/comp_err ${D}${bindir}/ + install -m 0755 scripts/comp_sql ${D}${bindir}/ +} + diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc index 922373b633..a84f8d134f 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc @@ -19,11 +19,13 @@ SRC_URI = "https://archive.mariadb.org/${BP}/source/${BP}.tar.gz \ file://ssize_t.patch \ file://mm_malloc.patch \ file://sys_futex.patch \ - file://mariadb-openssl3.patch \ + file://cross-compiling.patch \ + file://0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch \ + file://0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch \ " SRC_URI:append:libc-musl = " file://ppc-remove-glibc-dep.patch" -SRC_URI[sha256sum] = "73dd9c9d325520f20ca5e0ef16f94b7be1146bed7e4a78e735c20daebf3a4173" +SRC_URI[sha256sum] = "f8c69d9080d85eafb3e3a84837bfa566a7f5527a8af6f9a081429d4de0de4778" UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/releases" @@ -61,6 +63,8 @@ FILES:${PN}-setupdb = "${sysconfdir}/init.d/install_db \ ${bindir}/mysql-systemd-start \ " +EXTRA_OEMAKE = "'GEN_LEX_HASH=${STAGING_BINDIR_NATIVE}/gen_lex_hash'" + PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} openssl" PACKAGECONFIG:class-native = "" PACKAGECONFIG[pam] = ",-DWITHOUT_AUTH_PAM=TRUE,libpam" @@ -95,9 +99,9 @@ EXTRA_OECMAKE = "-DWITH_EMBEDDED_SERVER=ON \ -DINSTALL_SYSCONFDIR:PATH=${sysconfdir} \ -DMYSQL_DATADIR:PATH=/var/mysql \ -DCAT_EXECUTABLE=`which cat` \ + -DSTACK_DIRECTION=1 \ -DCMAKE_AR:FILEPATH=${AR}" -EXTRA_OECMAKE:prepend:class-target = "-DCMAKE_CROSSCOMPILING_EMULATOR=${WORKDIR}/qemuwrapper " # With Ninja it fails with: # make: *** No rule to make target `install'. Stop. @@ -121,18 +125,12 @@ do_generate_toolchain_file:append:class-native () { sed -i "/set( CMAKE_SYSTEM_PROCESSOR/d" ${WORKDIR}/toolchain.cmake } -do_configure:prepend:class-target () { - # Write out a qemu wrapper that will be used by cmake - # so that it can run target helper binaries through that. - qemu_binary="${@qemu_wrapper_cmdline(d, d.getVar('STAGING_DIR_HOST'), [d.expand('${STAGING_DIR_HOST}${libdir}'),d.expand('${STAGING_DIR_HOST}${base_libdir}')])}" - cat > ${WORKDIR}/qemuwrapper << EOF -#!/bin/sh -$qemu_binary "\$@" -EOF - chmod +x ${WORKDIR}/qemuwrapper -} do_compile:prepend:class-target () { + # These need to be in-tree or make will think they need to be built, + # and since we're cross-compiling that is disabled + cp ${STAGING_BINDIR_NATIVE}/comp_err ${S}/extra + cp ${STAGING_BINDIR_NATIVE}/comp_sql ${S}/scripts if [ "${@bb.utils.contains('PACKAGECONFIG', 'krb5', 'yes', 'no', d)}" = "no" ]; then if ! [ -e ${B}/include/openssl/kssl.h ] ; then mkdir -p ${B}/include/openssl diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch new file mode 100644 index 0000000000..2fe768d754 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch @@ -0,0 +1,320 @@ +From b98375f9df0b024857c03c03bc3e73e8ced8d772 Mon Sep 17 00:00:00 2001 +From: Nayuta Yanagisawa +Date: Tue, 27 Sep 2022 15:22:57 +0900 +Subject: [PATCH] MDEV-29644 a potential bug of null pointer dereference in + spider_db_mbase::print_warnings() + +The function spider_db_mbase::print_warnings() can potentially result +in a null pointer dereference. + +Remove the null pointer dereference by cleaning up the function. + +Some small changes to the original commit +422fb63a9bbee35c50b6c7be19d199afe0bc98fa. + +CVE: CVE-2022-47015 + +Upstream-Status: Backport [https://github.com/MariaDB/server/commit/b98375f9df0] + +Co-Authored-By: Yuchen Pei +Signed-off-by: Mingli Yu +--- + .../spider/bugfix/r/mdev_29644.result | 41 ++++++ + .../mysql-test/spider/bugfix/t/mdev_29644.cnf | 3 + + .../spider/bugfix/t/mdev_29644.test | 56 ++++++++ + storage/spider/spd_db_mysql.cc | 124 ++++++++---------- + storage/spider/spd_db_mysql.h | 2 +- + 5 files changed, 154 insertions(+), 72 deletions(-) + create mode 100644 storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result + create mode 100644 storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf + create mode 100644 storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test + +diff --git a/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result b/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result +new file mode 100644 +index 00000000000..b52cecc5bb7 +--- /dev/null ++++ b/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result +@@ -0,0 +1,41 @@ ++# ++# MDEV-29644 a potential bug of null pointer dereference in spider_db_mbase::print_warnings() ++# ++for master_1 ++for child2 ++child2_1 ++child2_2 ++child2_3 ++for child3 ++connection child2_1; ++CREATE DATABASE auto_test_remote; ++USE auto_test_remote; ++CREATE TABLE tbl_a ( ++a CHAR(5) ++) ENGINE=InnoDB DEFAULT CHARSET=utf8; ++SET GLOBAL sql_mode=''; ++connection master_1; ++CREATE DATABASE auto_test_local; ++USE auto_test_local; ++CREATE TABLE tbl_a ( ++a CHAR(255) ++) ENGINE=Spider DEFAULT CHARSET=utf8 COMMENT='table "tbl_a", srv "s_2_1"'; ++SET sql_mode=''; ++INSERT INTO tbl_a VALUES ("this will be truncated"); ++NOT FOUND /\[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*/ in mysqld.1.1.err ++SET GLOBAL spider_log_result_errors=4; ++INSERT INTO tbl_a VALUES ("this will be truncated"); ++FOUND 1 /\[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*/ in mysqld.1.1.err ++connection master_1; ++SET GLOBAL spider_log_result_errors=DEFAULT; ++SET sql_mode=DEFAULT; ++DROP DATABASE IF EXISTS auto_test_local; ++connection child2_1; ++SET GLOBAL sql_mode=DEFAULT; ++DROP DATABASE IF EXISTS auto_test_remote; ++for master_1 ++for child2 ++child2_1 ++child2_2 ++child2_3 ++for child3 +diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf +new file mode 100644 +index 00000000000..05dfd8a0bce +--- /dev/null ++++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf +@@ -0,0 +1,3 @@ ++!include include/default_mysqld.cnf ++!include ../my_1_1.cnf ++!include ../my_2_1.cnf +diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test +new file mode 100644 +index 00000000000..3a8fbb251e1 +--- /dev/null ++++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test +@@ -0,0 +1,56 @@ ++--echo # ++--echo # MDEV-29644 a potential bug of null pointer dereference in spider_db_mbase::print_warnings() ++--echo # ++ ++# The test case below does not cause the potential null pointer dereference. ++# It is just for checking spider_db_mbase::fetch_and_print_warnings() works. ++ ++--disable_query_log ++--disable_result_log ++--source ../../t/test_init.inc ++--enable_result_log ++--enable_query_log ++ ++--connection child2_1 ++CREATE DATABASE auto_test_remote; ++USE auto_test_remote; ++eval CREATE TABLE tbl_a ( ++ a CHAR(5) ++) $CHILD2_1_ENGINE $CHILD2_1_CHARSET; ++ ++SET GLOBAL sql_mode=''; ++ ++--connection master_1 ++CREATE DATABASE auto_test_local; ++USE auto_test_local; ++eval CREATE TABLE tbl_a ( ++ a CHAR(255) ++) $MASTER_1_ENGINE $MASTER_1_CHARSET COMMENT='table "tbl_a", srv "s_2_1"'; ++ ++SET sql_mode=''; ++ ++let SEARCH_FILE= $MYSQLTEST_VARDIR/log/mysqld.1.1.err; ++let SEARCH_PATTERN= \[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*; ++ ++INSERT INTO tbl_a VALUES ("this will be truncated"); ++--source include/search_pattern_in_file.inc # should not find ++ ++SET GLOBAL spider_log_result_errors=4; ++ ++INSERT INTO tbl_a VALUES ("this will be truncated"); ++--source include/search_pattern_in_file.inc # should find ++ ++--connection master_1 ++SET GLOBAL spider_log_result_errors=DEFAULT; ++SET sql_mode=DEFAULT; ++DROP DATABASE IF EXISTS auto_test_local; ++ ++--connection child2_1 ++SET GLOBAL sql_mode=DEFAULT; ++DROP DATABASE IF EXISTS auto_test_remote; ++ ++--disable_query_log ++--disable_result_log ++--source ../t/test_deinit.inc ++--enable_query_log ++--enable_result_log +diff --git a/storage/spider/spd_db_mysql.cc b/storage/spider/spd_db_mysql.cc +index d377d2bd807..bc8383017f7 100644 +--- a/storage/spider/spd_db_mysql.cc ++++ b/storage/spider/spd_db_mysql.cc +@@ -2207,7 +2207,7 @@ int spider_db_mbase::exec_query( + db_conn->affected_rows, db_conn->insert_id, + db_conn->server_status, db_conn->warning_count); + if (spider_param_log_result_errors() >= 3) +- print_warnings(l_time); ++ fetch_and_print_warnings(l_time); + } else if (log_result_errors >= 4) + { + time_t cur_time = (time_t) time((time_t*) 0); +@@ -2289,81 +2289,63 @@ bool spider_db_mbase::is_xa_nota_error( + DBUG_RETURN(xa_nota); + } + +-int spider_db_mbase::print_warnings( +- struct tm *l_time +-) { ++int spider_db_mbase::fetch_and_print_warnings(struct tm *l_time) ++{ + int error_num = 0; +- DBUG_ENTER("spider_db_mbase::print_warnings"); ++ DBUG_ENTER("spider_db_mbase::fetch_and_print_warnings"); + DBUG_PRINT("info",("spider this=%p", this)); +- if (db_conn->status == MYSQL_STATUS_READY) ++ ++ if (spider_param_dry_access() || db_conn->status != MYSQL_STATUS_READY || ++ db_conn->server_status & SERVER_MORE_RESULTS_EXISTS || ++ !db_conn->warning_count) ++ DBUG_RETURN(0); ++ ++ if (mysql_real_query(db_conn, SPIDER_SQL_SHOW_WARNINGS_STR, ++ SPIDER_SQL_SHOW_WARNINGS_LEN)) ++ DBUG_RETURN(0); ++ ++ MYSQL_RES *res= mysql_store_result(db_conn); ++ if (!res) ++ DBUG_RETURN(0); ++ ++ uint num_fields= mysql_num_fields(res); ++ if (num_fields != 3) + { +- if ( +-#if MYSQL_VERSION_ID < 50500 +- !(db_conn->last_used_con->server_status & SERVER_MORE_RESULTS_EXISTS) && +- db_conn->last_used_con->warning_count +-#else +- !(db_conn->server_status & SERVER_MORE_RESULTS_EXISTS) && +- db_conn->warning_count +-#endif +- ) { +- if ( +- spider_param_dry_access() || +- !mysql_real_query(db_conn, SPIDER_SQL_SHOW_WARNINGS_STR, +- SPIDER_SQL_SHOW_WARNINGS_LEN) +- ) { +- MYSQL_RES *res = NULL; +- MYSQL_ROW row = NULL; +- uint num_fields; +- if ( +- spider_param_dry_access() || +- !(res = mysql_store_result(db_conn)) || +- !(row = mysql_fetch_row(res)) +- ) { +- if (mysql_errno(db_conn)) +- { +- if (res) +- mysql_free_result(res); +- DBUG_RETURN(0); +- } +- /* no record is ok */ +- } +- num_fields = mysql_num_fields(res); +- if (num_fields != 3) +- { +- mysql_free_result(res); +- DBUG_RETURN(0); +- } +- if (l_time) +- { +- while (row) +- { +- fprintf(stderr, "%04d%02d%02d %02d:%02d:%02d [WARN SPIDER RESULT] " +- "from [%s] %ld to %ld: %s %s %s\n", ++ mysql_free_result(res); ++ DBUG_RETURN(0); ++ } ++ ++ MYSQL_ROW row= mysql_fetch_row(res); ++ if (l_time) ++ { ++ while (row) ++ { ++ fprintf(stderr, ++ "%04d%02d%02d %02d:%02d:%02d [WARN SPIDER RESULT] from [%s] %ld " ++ "to %ld: %s %s %s\n", + l_time->tm_year + 1900, l_time->tm_mon + 1, l_time->tm_mday, +- l_time->tm_hour, l_time->tm_min, l_time->tm_sec, +- conn->tgt_host, (ulong) db_conn->thread_id, +- (ulong) current_thd->thread_id, row[0], row[1], row[2]); +- row = mysql_fetch_row(res); +- } +- } else { +- while (row) +- { +- DBUG_PRINT("info",("spider row[0]=%s", row[0])); +- DBUG_PRINT("info",("spider row[1]=%s", row[1])); +- DBUG_PRINT("info",("spider row[2]=%s", row[2])); +- longlong res_num = +- (longlong) my_strtoll10(row[1], (char**) NULL, &error_num); +- DBUG_PRINT("info",("spider res_num=%lld", res_num)); +- my_printf_error((int) res_num, row[2], MYF(0)); +- error_num = (int) res_num; +- row = mysql_fetch_row(res); +- } +- } +- if (res) +- mysql_free_result(res); +- } ++ l_time->tm_hour, l_time->tm_min, l_time->tm_sec, conn->tgt_host, ++ (ulong) db_conn->thread_id, (ulong) current_thd->thread_id, row[0], ++ row[1], row[2]); ++ row= mysql_fetch_row(res); ++ } ++ } else { ++ while (row) ++ { ++ DBUG_PRINT("info",("spider row[0]=%s", row[0])); ++ DBUG_PRINT("info",("spider row[1]=%s", row[1])); ++ DBUG_PRINT("info",("spider row[2]=%s", row[2])); ++ longlong res_num = ++ (longlong) my_strtoll10(row[1], (char**) NULL, &error_num); ++ DBUG_PRINT("info",("spider res_num=%lld", res_num)); ++ my_printf_error((int) res_num, row[2], MYF(0)); ++ error_num = (int) res_num; ++ row = mysql_fetch_row(res); + } + } ++ ++ mysql_free_result(res); ++ + DBUG_RETURN(error_num); + } + +@@ -14668,7 +14650,7 @@ int spider_mbase_handler::show_table_status( + DBUG_RETURN(error_num); + } + } +- if ((error_num = ((spider_db_mbase *) conn->db_conn)->print_warnings(NULL))) ++ if ((error_num = ((spider_db_mbase *) conn->db_conn)->fetch_and_print_warnings(NULL))) + { + DBUG_RETURN(error_num); + } +diff --git a/storage/spider/spd_db_mysql.h b/storage/spider/spd_db_mysql.h +index e90461ea278..a2012352f21 100644 +--- a/storage/spider/spd_db_mysql.h ++++ b/storage/spider/spd_db_mysql.h +@@ -442,7 +442,7 @@ class spider_db_mbase: public spider_db_conn + bool is_xa_nota_error( + int error_num + ); +- int print_warnings( ++ int fetch_and_print_warnings( + struct tm *l_time + ); + spider_db_result *store_result( +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch new file mode 100644 index 0000000000..456a2bad64 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch @@ -0,0 +1,69 @@ +From f92f657973997df30afdb0032c88ad3a14ead46b Mon Sep 17 00:00:00 2001 +From: Mingli Yu +Date: Fri, 23 Sep 2022 15:48:21 +0800 +Subject: [PATCH] sql/CMakeLists.txt: fix gen_lex_hash not found + +Fix the below do_compile issue in cross-compiling env. +| make[2]: *** No rule to make target '/build/tmp/work/aarch64-poky-linux/mariadb/10.3.13-r0/mariadb-10.3.13/sql/gen_lex_hash', needed by 'sql/lex_hash.h'. Stop. +| make[2]: *** No rule to make target '/build/tmp/work/aarch64-poky-linux/mariadb/10.3.13-r0/mariadb-10.3.13/sql/gen_lex_token', needed by 'sql/lex_token.h'. Stop. + +Upstream-Status: Inappropriate [oe build specific] + +Signed-off-by: Mingli Yu +--- + sql/CMakeLists.txt | 30 ++++++++++++++++++++++-------- + 1 file changed, 22 insertions(+), 8 deletions(-) + +diff --git a/sql/CMakeLists.txt b/sql/CMakeLists.txt +index 241b482..27a3991 100644 +--- a/sql/CMakeLists.txt ++++ b/sql/CMakeLists.txt +@@ -60,11 +60,18 @@ ${CMAKE_BINARY_DIR}/sql + ${CMAKE_SOURCE_DIR}/tpool + ) + +-ADD_CUSTOM_COMMAND( +- OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_token.h +- COMMAND gen_lex_token > lex_token.h +- DEPENDS gen_lex_token ++IF(NOT CMAKE_CROSSCOMPILING) ++ ADD_CUSTOM_COMMAND( ++ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_token.h ++ COMMAND gen_lex_token > lex_token.h ++ DEPENDS gen_lex_token ++) ++ELSE() ++ ADD_CUSTOM_COMMAND( ++ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_token.h ++ COMMAND gen_lex_token > lex_token.h + ) ++ENDIF() + + FIND_PACKAGE(BISON 2.4) + +@@ -372,11 +379,18 @@ IF(NOT CMAKE_CROSSCOMPILING OR DEFINED CMAKE_CROSSCOMPILING_EMULATOR) + ADD_EXECUTABLE(gen_lex_hash gen_lex_hash.cc) + ENDIF() + +-ADD_CUSTOM_COMMAND( +- OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_hash.h +- COMMAND gen_lex_hash > lex_hash.h +- DEPENDS gen_lex_hash ++IF(NOT CMAKE_CROSSCOMPILING) ++ ADD_CUSTOM_COMMAND( ++ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_hash.h ++ COMMAND gen_lex_hash > lex_hash.h ++ DEPENDS gen_lex_hash ++) ++ELSE() ++ ADD_CUSTOM_COMMAND( ++ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_hash.h ++ COMMAND gen_lex_hash > lex_hash.h + ) ++ENDIF() + + MYSQL_ADD_EXECUTABLE(mariadb-tzinfo-to-sql tztime.cc) + SET_TARGET_PROPERTIES(mariadb-tzinfo-to-sql PROPERTIES COMPILE_FLAGS "-DTZINFO2SQL") +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/cross-compiling.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/cross-compiling.patch new file mode 100644 index 0000000000..d0d6e3c730 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/cross-compiling.patch @@ -0,0 +1,34 @@ +From 80be37351d995654f86b838f6b5ed47e8a90261b Mon Sep 17 00:00:00 2001 +From: Mingli Yu +Date: Fri, 23 Sep 2022 12:05:17 +0800 +Subject: [PATCH] CMakeLists.txt: not include import_executables.cmake + +building failed since native does not generate import_executables.cmake +In fact, our building system will export the needed commands. + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Mingli Yu +--- + CMakeLists.txt | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index f9e2b1b..34924ba 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -394,11 +394,6 @@ CHECK_LIBFMT() + ADD_SUBDIRECTORY(tpool) + CHECK_SYSTEMD() + +-IF(CMAKE_CROSSCOMPILING AND NOT DEFINED CMAKE_CROSSCOMPILING_EMULATOR) +- SET(IMPORT_EXECUTABLES "IMPORTFILE-NOTFOUND" CACHE FILEPATH "Path to import_executables.cmake from a native build") +- INCLUDE(${IMPORT_EXECUTABLES}) +-ENDIF() +- + # + # Setup maintainer mode options. Platform checks are + # not run with the warning options as to not perturb fragile checks +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch deleted file mode 100644 index 878675f30d..0000000000 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch +++ /dev/null @@ -1,416 +0,0 @@ -From 1626955f3a2107ec4c7fd927ebfa3c6c1d2b09b8 Mon Sep 17 00:00:00 2001 -From: Vladislav Vaintroub -Date: Mon, 8 Nov 2021 18:48:19 +0100 -Subject: [PATCH] MDEV-25785 Add support for OpenSSL 3.0 - -Summary of changes - -- MD_CTX_SIZE is increased - -- EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points - to nobody knows where. The assumption made previously was that - (since the function does not seem to be documented) - was that it points to the last partial source block. - Add own partial block buffer for NOPAD encryption instead - -- SECLEVEL in CipherString in openssl.cnf - had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible - -- Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers, - in addition to what was set in --ssl-cipher - -- ctx_buf buffer now must be aligned to 16 bytes with openssl( - previously with WolfSSL only), ot crashes will happen - -- updated aes-t , to be better debuggable - using function, rather than a huge multiline macro - added test that does "nopad" encryption piece-wise, to test - replacement of EVP_CIPHER_CTX_buf_noconst - -Patch from Fedora https://src.fedoraproject.org/rpms/mariadb/raw/rawhide/f/mariadb-openssl3.patch - -Upstream-Status: Backport [https://github.com/MariaDB/server/commit/d42c2efbaa06a0307c2f0fd8fa87819ff50bbd7e] -Signed-off-by: Khem Raj -Signed-off-by: Mingli Yu ---- - cmake/ssl.cmake | 21 +++++- - include/mysql/service_my_crypt.h | 2 +- - include/ssl_compat.h | 3 +- - mysql-test/lib/openssl.cnf | 2 +- - mysql-test/main/ssl_cipher.result | 6 +- - mysql-test/main/ssl_cipher.test | 2 +- - mysys_ssl/my_crypt.cc | 46 +++++++----- - unittest/mysys/aes-t.c | 121 ++++++++++++++++++++++-------- - 8 files changed, 143 insertions(+), 60 deletions(-) - -diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake -index a6793cf3..64c93ff9 100644 ---- a/cmake/ssl.cmake -+++ b/cmake/ssl.cmake -@@ -118,7 +118,7 @@ MACRO (MYSQL_CHECK_SSL) - ENDIF() - FIND_PACKAGE(OpenSSL) - SET_PACKAGE_PROPERTIES(OpenSSL PROPERTIES TYPE RECOMMENDED) -- IF(OPENSSL_FOUND AND OPENSSL_VERSION AND OPENSSL_VERSION VERSION_LESS "3.0.0") -+ IF(OPENSSL_FOUND) - SET(OPENSSL_LIBRARY ${OPENSSL_SSL_LIBRARY}) - INCLUDE(CheckSymbolExists) - SET(SSL_SOURCES "") -@@ -139,9 +139,20 @@ MACRO (MYSQL_CHECK_SSL) - SET(SSL_INTERNAL_INCLUDE_DIRS "") - SET(SSL_DEFINES "-DHAVE_OPENSSL") - -+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS) -+ SET(SAVE_CMAKE_REQUIRED_${x} ${CMAKE_REQUIRED_${x}}) -+ ENDFOREACH() -+ -+ # Silence "deprecated in OpenSSL 3.0" -+ IF((NOT OPENSSL_VERSION) # 3.0 not determined by older cmake -+ OR NOT(OPENSSL_VERSION VERSION_LESS "3.0.0")) -+ SET(SSL_DEFINES "${SSL_DEFINES} -DOPENSSL_API_COMPAT=0x10100000L") -+ SET(CMAKE_REQUIRED_DEFINITIONS -DOPENSSL_API_COMPAT=0x10100000L) -+ ENDIF() -+ - SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) - SET(CMAKE_REQUIRED_LIBRARIES ${SSL_LIBRARIES}) -- SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) -+ - CHECK_SYMBOL_EXISTS(ERR_remove_thread_state "openssl/err.h" - HAVE_ERR_remove_thread_state) - CHECK_SYMBOL_EXISTS(EVP_aes_128_ctr "openssl/evp.h" -@@ -150,8 +161,10 @@ MACRO (MYSQL_CHECK_SSL) - HAVE_EncryptAes128Gcm) - CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h" - HAVE_X509_check_host) -- SET(CMAKE_REQUIRED_INCLUDES) -- SET(CMAKE_REQUIRED_LIBRARIES) -+ -+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS) -+ SET(CMAKE_REQUIRED_${x} ${SAVE_CMAKE_REQUIRED_${x}}) -+ ENDFOREACH() - ELSE() - IF(WITH_SSL STREQUAL "system") - MESSAGE(FATAL_ERROR "Cannot find appropriate system libraries for SSL. Use WITH_SSL=bundled to enable SSL support") -diff --git a/include/mysql/service_my_crypt.h b/include/mysql/service_my_crypt.h -index 2a232117..bb038aaa 100644 ---- a/include/mysql/service_my_crypt.h -+++ b/include/mysql/service_my_crypt.h -@@ -45,7 +45,7 @@ extern "C" { - /* The max key length of all supported algorithms */ - #define MY_AES_MAX_KEY_LENGTH 32 - --#define MY_AES_CTX_SIZE 656 -+#define MY_AES_CTX_SIZE 672 - - enum my_aes_mode { - MY_AES_ECB, MY_AES_CBC -diff --git a/include/ssl_compat.h b/include/ssl_compat.h -index 8dc12254..6db1baab 100644 ---- a/include/ssl_compat.h -+++ b/include/ssl_compat.h -@@ -24,7 +24,7 @@ - #define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION) - #define ERR_remove_state(X) ERR_clear_error() - #define EVP_CIPHER_CTX_SIZE 176 --#define EVP_MD_CTX_SIZE 48 -+#define EVP_MD_CTX_SIZE 72 - #undef EVP_MD_CTX_init - #define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0) - #undef EVP_CIPHER_CTX_init -@@ -77,7 +77,6 @@ - #define DH_set0_pqg(D,P,Q,G) ((D)->p= (P), (D)->g= (G)) - #endif - --#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf) - #define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt) - #define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX) - -diff --git a/mysql-test/lib/openssl.cnf b/mysql-test/lib/openssl.cnf -index b9ab37ac..7cd6f748 100644 ---- a/mysql-test/lib/openssl.cnf -+++ b/mysql-test/lib/openssl.cnf -@@ -9,4 +9,4 @@ ssl_conf = ssl_section - system_default = system_default_section - - [system_default_section] --CipherString = ALL:@SECLEVEL=1 -+CipherString = ALL:@SECLEVEL=0 -diff --git a/mysql-test/main/ssl_cipher.result b/mysql-test/main/ssl_cipher.result -index 930d384e..66d817b7 100644 ---- a/mysql-test/main/ssl_cipher.result -+++ b/mysql-test/main/ssl_cipher.result -@@ -61,8 +61,8 @@ connect ssl_con,localhost,root,,,,,SSL; - SHOW STATUS LIKE 'Ssl_cipher'; - Variable_name Value - Ssl_cipher AES128-SHA --SHOW STATUS LIKE 'Ssl_cipher_list'; --Variable_name Value --Ssl_cipher_list AES128-SHA -+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list'; -+VARIABLE_VALUE like '%AES128-SHA%' -+1 - disconnect ssl_con; - connection default; -diff --git a/mysql-test/main/ssl_cipher.test b/mysql-test/main/ssl_cipher.test -index 36549d76..d4cdcffb 100644 ---- a/mysql-test/main/ssl_cipher.test -+++ b/mysql-test/main/ssl_cipher.test -@@ -98,6 +98,6 @@ let $restart_parameters=--ssl-cipher=AES128-SHA; - source include/restart_mysqld.inc; - connect (ssl_con,localhost,root,,,,,SSL); - SHOW STATUS LIKE 'Ssl_cipher'; --SHOW STATUS LIKE 'Ssl_cipher_list'; -+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list'; - disconnect ssl_con; - connection default; -diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc -index e512eee9..4d7ebc7b 100644 ---- a/mysys_ssl/my_crypt.cc -+++ b/mysys_ssl/my_crypt.cc -@@ -29,11 +29,7 @@ - #include - #include - --#ifdef HAVE_WOLFSSL - #define CTX_ALIGN 16 --#else --#define CTX_ALIGN 0 --#endif - - class MyCTX - { -@@ -100,8 +96,9 @@ class MyCTX_nopad : public MyCTX - { - public: - const uchar *key; -- uint klen, buf_len; -+ uint klen, source_tail_len; - uchar oiv[MY_AES_BLOCK_SIZE]; -+ uchar source_tail[MY_AES_BLOCK_SIZE]; - - MyCTX_nopad() : MyCTX() { } - ~MyCTX_nopad() { } -@@ -112,7 +109,7 @@ class MyCTX_nopad : public MyCTX - compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad)); - this->key= key; - this->klen= klen; -- this->buf_len= 0; -+ this->source_tail_len= 0; - if (ivlen) - memcpy(oiv, iv, ivlen); - DBUG_ASSERT(ivlen == 0 || ivlen == sizeof(oiv)); -@@ -123,26 +120,41 @@ class MyCTX_nopad : public MyCTX - return res; - } - -+ /** Update last partial source block, stored in source_tail array. */ -+ void update_source_tail(const uchar* src, uint slen) -+ { -+ if (!slen) -+ return; -+ uint new_tail_len= (source_tail_len + slen) % MY_AES_BLOCK_SIZE; -+ if (new_tail_len) -+ { -+ if (slen + source_tail_len < MY_AES_BLOCK_SIZE) -+ { -+ memcpy(source_tail + source_tail_len, src, slen); -+ } -+ else -+ { -+ DBUG_ASSERT(slen > new_tail_len); -+ memcpy(source_tail, src + slen - new_tail_len, new_tail_len); -+ } -+ } -+ source_tail_len= new_tail_len; -+ } -+ - int update(const uchar *src, uint slen, uchar *dst, uint *dlen) - { -- buf_len+= slen; -+ update_source_tail(src, slen); - return MyCTX::update(src, slen, dst, dlen); - } - - int finish(uchar *dst, uint *dlen) - { -- buf_len %= MY_AES_BLOCK_SIZE; -- if (buf_len) -+ if (source_tail_len) - { -- uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx); - /* - Not much we can do, block ciphers cannot encrypt data that aren't - a multiple of the block length. At least not without padding. - Let's do something CTR-like for the last partial block. -- -- NOTE this assumes that there are only buf_len bytes in the buf. -- If OpenSSL will change that, we'll need to change the implementation -- of this class too. - */ - uchar mask[MY_AES_BLOCK_SIZE]; - uint mlen; -@@ -154,10 +166,10 @@ class MyCTX_nopad : public MyCTX - return rc; - DBUG_ASSERT(mlen == sizeof(mask)); - -- for (uint i=0; i < buf_len; i++) -- dst[i]= buf[i] ^ mask[i]; -+ for (uint i=0; i < source_tail_len; i++) -+ dst[i]= source_tail[i] ^ mask[i]; - } -- *dlen= buf_len; -+ *dlen= source_tail_len; - return MY_AES_OK; - } - }; -diff --git a/unittest/mysys/aes-t.c b/unittest/mysys/aes-t.c -index 34704e06..cbec2760 100644 ---- a/unittest/mysys/aes-t.c -+++ b/unittest/mysys/aes-t.c -@@ -21,27 +21,96 @@ - #include - #include - --#define DO_TEST(mode, nopad, slen, fill, dlen, hash) \ -- SKIP_BLOCK_IF(mode == 0xDEADBEAF, nopad ? 4 : 5, #mode " not supported") \ -- { \ -- memset(src, fill, src_len= slen); \ -- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, \ -- src, src_len, dst, &dst_len, \ -- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \ -- "encrypt " #mode " %u %s", src_len, nopad ? "nopad" : "pad"); \ -- if (!nopad) \ -- ok (dst_len == my_aes_get_size(mode, src_len), "my_aes_get_size");\ -- my_md5(md5, (char*)dst, dst_len); \ -- ok(dst_len == dlen && memcmp(md5, hash, sizeof(md5)) == 0, "md5"); \ -- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, \ -- dst, dst_len, ddst, &ddst_len, \ -- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \ -- "decrypt " #mode " %u", dst_len); \ -- ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); \ -+ -+/** Test streaming encryption, bytewise update.*/ -+static int aes_crypt_bytewise(enum my_aes_mode mode, int flags, const unsigned char *src, -+ unsigned int slen, unsigned char *dst, unsigned int *dlen, -+ const unsigned char *key, unsigned int klen, -+ const unsigned char *iv, unsigned int ivlen) -+{ -+ /* Allocate context on odd address on stack, in order to -+ catch misalignment errors.*/ -+ void *ctx= (char *)alloca(MY_AES_CTX_SIZE+1)+1; -+ -+ int res1, res2; -+ uint d1= 0, d2; -+ uint i; -+ -+ if ((res1= my_aes_crypt_init(ctx, mode, flags, key, klen, iv, ivlen))) -+ return res1; -+ for (i= 0; i < slen; i++) -+ { -+ uint tmp_d1=0; -+ res1= my_aes_crypt_update(ctx, src+i,1, dst, &tmp_d1); -+ if (res1) -+ return res1; -+ d1+= tmp_d1; -+ dst+= tmp_d1; -+ } -+ res2= my_aes_crypt_finish(ctx, dst, &d2); -+ *dlen= d1 + d2; -+ return res1 ? res1 : res2; -+} -+ -+ -+#ifndef HAVE_EncryptAes128Ctr -+const uint MY_AES_CTR=0xDEADBEAF; -+#endif -+#ifndef HAVE_EncryptAes128Gcm -+const uint MY_AES_GCM=0xDEADBEAF; -+#endif -+ -+#define MY_AES_UNSUPPORTED(x) (x == 0xDEADBEAF) -+ -+static void do_test(uint mode, const char *mode_str, int nopad, uint slen, -+ char fill, size_t dlen, const char *hash) -+{ -+ uchar key[16]= {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6}; -+ uchar iv[16]= {2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7}; -+ uchar src[1000], dst[1100], dst2[1100], ddst[1000]; -+ uchar md5[MY_MD5_HASH_SIZE]; -+ uint src_len, dst_len, dst_len2, ddst_len; -+ int result; -+ -+ if (MY_AES_UNSUPPORTED(mode)) -+ { -+ skip(nopad?7:6, "%s not supported", mode_str); -+ return; -+ } -+ memset(src, fill, src_len= slen); -+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, src_len, -+ dst, &dst_len, key, sizeof(key), iv, sizeof(iv)); -+ ok(result == MY_AES_OK, "encrypt %s %u %s", mode_str, src_len, -+ nopad ? "nopad" : "pad"); -+ -+ if (nopad) -+ { -+ result= aes_crypt_bytewise(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, -+ src_len, dst2, &dst_len2, key, sizeof(key), -+ iv, sizeof(iv)); -+ ok(result == MY_AES_OK, "encrypt bytewise %s %u", mode_str, src_len); -+ /* Compare with non-bytewise encryption result*/ -+ ok(dst_len == dst_len2 && memcmp(dst, dst2, dst_len) == 0, -+ "memcmp bytewise %s %u", mode_str, src_len); -+ } -+ else -+ { -+ int dst_len_real= my_aes_get_size(mode, src_len); -+ ok(dst_len_real= dst_len, "my_aes_get_size"); - } -+ my_md5(md5, (char *) dst, dst_len); -+ ok(dst_len == dlen, "md5 len"); -+ ok(memcmp(md5, hash, sizeof(md5)) == 0, "md5"); -+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, -+ dst, dst_len, ddst, &ddst_len, key, sizeof(key), iv, -+ sizeof(iv)); -+ -+ ok(result == MY_AES_OK, "decrypt %s %u", mode_str, dst_len); -+ ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); -+} - --#define DO_TEST_P(M,S,F,D,H) DO_TEST(M,0,S,F,D,H) --#define DO_TEST_N(M,S,F,D,H) DO_TEST(M,ENCRYPTION_FLAG_NOPAD,S,F,D,H) -+#define DO_TEST_P(M, S, F, D, H) do_test(M, #M, 0, S, F, D, H) -+#define DO_TEST_N(M, S, F, D, H) do_test(M, #M, ENCRYPTION_FLAG_NOPAD, S, F, D, H) - - /* useful macro for debugging */ - #define PRINT_MD5() \ -@@ -53,25 +122,15 @@ - printf("\"\n"); \ - } while(0); - --#ifndef HAVE_EncryptAes128Ctr --const uint MY_AES_CTR=0xDEADBEAF; --#endif --#ifndef HAVE_EncryptAes128Gcm --const uint MY_AES_GCM=0xDEADBEAF; --#endif - - int - main(int argc __attribute__((unused)),char *argv[]) - { -- uchar key[16]= {1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6}; -- uchar iv[16]= {2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7}; -- uchar src[1000], dst[1100], ddst[1000]; -- uchar md5[MY_MD5_HASH_SIZE]; -- uint src_len, dst_len, ddst_len; - - MY_INIT(argv[0]); - -- plan(87); -+ plan(122); -+ - DO_TEST_P(MY_AES_ECB, 200, '.', 208, "\xd8\x73\x8e\x3a\xbc\x66\x99\x13\x7f\x90\x23\x52\xee\x97\x6f\x9a"); - DO_TEST_P(MY_AES_ECB, 128, '?', 144, "\x19\x58\x33\x85\x4c\xaa\x7f\x06\xd1\xb2\xec\xd7\xb7\x6a\xa9\x5b"); - DO_TEST_P(MY_AES_CBC, 159, '%', 160, "\x4b\x03\x18\x3d\xf1\xa7\xcd\xa1\x46\xb3\xc6\x8a\x92\xc0\x0f\xc9"); --- -2.25.1 - diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.7.4.bb b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.7.4.bb deleted file mode 100644 index c800c4c56c..0000000000 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.7.4.bb +++ /dev/null @@ -1,28 +0,0 @@ -require mariadb.inc - -inherit qemu - -DEPENDS += "qemu-native bison-native boost libpcre2 curl ncurses \ - zlib libaio libedit libevent libxml2 gnutls fmt lzo" - -PROVIDES += "mysql5 libmysqlclient" - -RPROVIDES:${PN} += "mysql5" -RREPLACES:${PN} += "mysql5" -RCONFLICTS:${PN} += "mysql5" - -RPROVIDES:${PN}-dbg += "mysql5-dbg" -RREPLACES:${PN}-dbg += "mysql5-dbg" -RCONFLICTS:${PN}-dbg += "mysql5-dbg" - -RPROVIDES:${PN}-leftovers += "mysql5-leftovers" -RREPLACES:${PN}-leftovers += "mysql5-leftovers" -RCONFLICTS:${PN}-leftovers += "mysql5-leftovers" - -RPROVIDES:${PN}-client += "mysql5-client" -RREPLACES:${PN}-client += "mysql5-client" -RCONFLICTS:${PN}-client += "mysql5-client" - -RPROVIDES:${PN}-server += "mysql5-server" -RREPLACES:${PN}-server += "mysql5-server" -RCONFLICTS:${PN}-server += "mysql5-server" diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.7.8.bb b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.7.8.bb new file mode 100644 index 0000000000..87faabfa27 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.7.8.bb @@ -0,0 +1,26 @@ +require mariadb.inc + +DEPENDS += "mariadb-native bison-native boost libpcre2 curl ncurses \ + zlib libaio libedit libevent libxml2 gnutls fmt lzo zstd" + +PROVIDES += "mysql5 libmysqlclient" + +RPROVIDES:${PN} += "mysql5" +RREPLACES:${PN} += "mysql5" +RCONFLICTS:${PN} += "mysql5" + +RPROVIDES:${PN}-dbg += "mysql5-dbg" +RREPLACES:${PN}-dbg += "mysql5-dbg" +RCONFLICTS:${PN}-dbg += "mysql5-dbg" + +RPROVIDES:${PN}-leftovers += "mysql5-leftovers" +RREPLACES:${PN}-leftovers += "mysql5-leftovers" +RCONFLICTS:${PN}-leftovers += "mysql5-leftovers" + +RPROVIDES:${PN}-client += "mysql5-client" +RREPLACES:${PN}-client += "mysql5-client" +RCONFLICTS:${PN}-client += "mysql5-client" + +RPROVIDES:${PN}-server += "mysql5-server" +RREPLACES:${PN}-server += "mysql5-server" +RCONFLICTS:${PN}-server += "mysql5-server" diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-Properly-NULL-terminate-GSS-receive-buffer-on-error-.patch b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-Properly-NULL-terminate-GSS-receive-buffer-on-error-.patch new file mode 100644 index 0000000000..2d11b18883 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-Properly-NULL-terminate-GSS-receive-buffer-on-error-.patch @@ -0,0 +1,50 @@ +From 586b074026d703c29057b04b1318e984701fe195 Mon Sep 17 00:00:00 2001 +From: Changqing Li +Date: Thu, 2 Mar 2023 19:10:47 +0800 +Subject: [PATCH] Properly NULL-terminate GSS receive buffer on error packet + reception + +pqsecure_open_gss() includes a code path handling error messages with +v2-style protocol messages coming from the server. The client-side +buffer holding the error message does not force a NULL-termination, with +the data of the server getting copied to the errorMessage of the +connection. Hence, it would be possible for a server to send an +unterminated string and copy arbitrary bytes in the buffer receiving the +error message in the client, opening the door to a crash or even data +exposure. + +As at this stage of the authentication process the exchange has not been +completed yet, this could be abused by an attacker without Kerberos +credentials. Clients that have a valid kerberos cache are vulnerable as +libpq opportunistically requests for it except if gssencmode is +disabled. + +Author: Jacob Champion +Backpatch-through: 12 +Security: CVE-2022-41862 + +Upstream-Status: Backport [https://github.com/postgres/postgres/commit/71c37797d7bd78266146a5829ab62b3687c47295] +CVE: CVE-2022-41862 + +Signed-off-by: Changqing Li +--- + src/interfaces/libpq/fe-secure-gssapi.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/interfaces/libpq/fe-secure-gssapi.c b/src/interfaces/libpq/fe-secure-gssapi.c +index c783a53..a42ebc0 100644 +--- a/src/interfaces/libpq/fe-secure-gssapi.c ++++ b/src/interfaces/libpq/fe-secure-gssapi.c +@@ -577,7 +577,8 @@ pqsecure_open_gss(PGconn *conn) + return result; + + PqGSSRecvLength += ret; +- ++ Assert(PqGSSRecvLength < PQ_GSS_RECV_BUFFER_SIZE); ++ PqGSSRecvBuffer[PqGSSRecvLength] = '\0'; + appendPQExpBuffer(&conn->errorMessage, "%s\n", PqGSSRecvBuffer + 1); + + return PGRES_POLLING_FAILED; +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch new file mode 100644 index 0000000000..4db36d26fd --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch @@ -0,0 +1,42 @@ +From 9f81377dddfe32d950844d7053020a36b40fce08 Mon Sep 17 00:00:00 2001 +From: Manoj Saun +Date: Wed, 22 Mar 2023 08:07:26 +0000 +Subject: [PATCH] postgresql: fix ptest failure of sysviews + +The patch "0001-config_info.c-not-expose-build-info.patch" hides the debug info +in pg_config table which reduces the count of rows from pg_config and leads to +sysviews test failure. +To fix it we need to reduce the count of parameters in sysviews test. +Also we need to reduce the row count in expected result of sysview test +to make the test output shown as pass. + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Manoj Saun +--- + src/test/regress/expected/sysviews.out | 2 +- + src/test/regress/sql/sysviews.sql | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/src/test/regress/expected/sysviews.out ++++ b/src/test/regress/expected/sysviews.out +@@ -29,7 +29,7 @@ select name, ident, parent, level, total + (1 row) + + -- At introduction, pg_config had 23 entries; it may grow +-select count(*) > 20 as ok from pg_config; ++select count(*) > 13 as ok from pg_config; + ok + ---- + t +--- a/src/test/regress/sql/sysviews.sql ++++ b/src/test/regress/sql/sysviews.sql +@@ -18,7 +18,7 @@ select name, ident, parent, level, total + from pg_backend_memory_contexts where level = 0; + + -- At introduction, pg_config had 23 entries; it may grow +-select count(*) > 20 as ok from pg_config; ++select count(*) > 13 as ok from pg_config; + + -- We expect no cursors in this test; see also portals.sql + select count(*) = 0 as ok from pg_cursors; diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb index 1551d34053..fbc08d64f3 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb @@ -9,6 +9,8 @@ SRC_URI += "\ file://0001-configure.ac-bypass-autoconf-2.69-version-check.patch \ file://remove_duplicate.patch \ file://0001-config_info.c-not-expose-build-info.patch \ + file://0001-Properly-NULL-terminate-GSS-receive-buffer-on-error-.patch \ + file://0001-postgresql-fix-ptest-failure-of-sysviews.patch \ " SRC_URI[sha256sum] = "d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30" diff --git a/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb b/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb index bf74f1229f..44478ea0b2 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb @@ -25,12 +25,17 @@ BUILD_CXXFLAGS += "-fPIC" # BUILD_TYPE=Release is required, otherwise flatc is not installed EXTRA_OECMAKE += "\ -DCMAKE_BUILD_TYPE=Release \ - -DFLATBUFFERS_BUILD_TESTS=OFF \ + -DFLATBUFFERS_BUILD_TESTS=OFF \ -DFLATBUFFERS_BUILD_SHAREDLIB=ON \ " inherit cmake +rm_flatc_cmaketarget_for_target() { + rm -f "${SYSROOT_DESTDIR}/${libdir}/cmake/flatbuffers/FlatcTargets.cmake" +} +SYSROOT_PREPROCESS_FUNCS:class-target += "rm_flatc_cmaketarget_for_target" + do_install:append() { install -d ${D}${PYTHON_SITEPACKAGES_DIR} cp -rf ${S}/python/flatbuffers ${D}${PYTHON_SITEPACKAGES_DIR} diff --git a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb deleted file mode 100644 index c2f952fc64..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb +++ /dev/null @@ -1,68 +0,0 @@ -DESCRIPTION = "A high performance, open source, general-purpose RPC framework. \ -Provides gRPC libraries for multiple languages written on top of shared C core library \ -(C++, Node.js, Python, Ruby, Objective-C, PHP, C#)" -HOMEPAGE = "https://github.com/grpc/grpc" -SECTION = "libs" -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=6e4cf218112648d22420a84281b68b88" - -DEPENDS = "c-ares protobuf protobuf-native protobuf-c protobuf-c-native openssl libnsl2 abseil-cpp re2" -DEPENDS:append:class-target = " googletest grpc-native " -DEPENDS:append:class-nativesdk = " grpc-native " - -PACKAGE_BEFORE_PN = "${PN}-compiler" - -RDEPENDS:${PN}-compiler = "${PN}" -RDEPENDS:${PN}-dev:append:class-native = " ${PN}-compiler" -# Configuration above allows to cross-compile gRPC applications -# In order to compile applications on the target, use the dependency below -# Both dependencies are mutually exclusive -# RDEPENDS:${PN}-dev += "${PN}-compiler" - -S = "${WORKDIR}/git" -SRCREV_grpc = "b39ffcc425ea990a537f98ec6fe6a1dcb90470d7" -BRANCH = "v1.45.x" -SRC_URI = "git://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BRANCH} \ - file://0001-Revert-Changed-GRPCPP_ABSEIL_SYNC-to-GPR_ABSEIL_SYNC.patch \ - file://0001-cmake-add-separate-export-for-plugin-targets.patch \ - file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \ - " -# Fixes build with older compilers 4.8 especially on ubuntu 14.04 -CXXFLAGS:append:class-native = " -Wl,--no-as-needed" - -inherit cmake pkgconfig - -EXTRA_OECMAKE = " \ - -DgRPC_CARES_PROVIDER=package \ - -DgRPC_ZLIB_PROVIDER=package \ - -DgRPC_SSL_PROVIDER=package \ - -DgRPC_PROTOBUF_PROVIDER=package \ - -DgRPC_ABSL_PROVIDER=package \ - -DgRPC_RE2_PROVIDER=package \ - -DgRPC_INSTALL=ON \ - -DCMAKE_CROSSCOMPILING=ON \ - -DgRPC_INSTALL_LIBDIR=${baselib} \ - -DgRPC_INSTALL_CMAKEDIR=${baselib}/cmake/${BPN} \ - " - -PACKAGECONFIG ??= "cpp shared" -PACKAGECONFIG[cpp] = "-DgRPC_BUILD_GRPC_CPP_PLUGIN=ON,-DgRPC_BUILD_GRPC_CPP_PLUGIN=OFF" -PACKAGECONFIG[csharp] = "-DgRPC_BUILD_GRPC_CSHARP_PLUGIN=ON,-DgRPC_BUILD_GRPC_CSHARP_PLUGIN=OFF" -PACKAGECONFIG[node] = "-DgRPC_BUILD_GRPC_NODE_PLUGIN=ON,-DgRPC_BUILD_GRPC_NODE_PLUGIN=OFF" -PACKAGECONFIG[objective-c] = "-DgRPC_BUILD_GRPC_OBJECTIVE_C_PLUGIN=ON,-DgRPC_BUILD_GRPC_OBJECTIVE_C_PLUGIN=OFF" -PACKAGECONFIG[php] = "-DgRPC_BUILD_GRPC_PHP_PLUGIN=ON,-DgRPC_BUILD_GRPC_PHP_PLUGIN=OFF" -PACKAGECONFIG[python] = "-DgRPC_BUILD_GRPC_PYTHON_PLUGIN=ON,-DgRPC_BUILD_GRPC_PYTHON_PLUGIN=OFF" -PACKAGECONFIG[ruby] = "-DgRPC_BUILD_GRPC_RUBY_PLUGIN=ON,-DgRPC_BUILD_GRPC_RUBY_PLUGIN=OFF" -PACKAGECONFIG[protobuf-lite] = "-DgRPC_USE_PROTO_LITE=ON,-DgRPC_USE_PROTO_LITE=OFF,protobuf-lite" -PACKAGECONFIG[shared] = "-DBUILD_SHARED_LIBS=ON,-DBUILD_SHARED_LIBS=OFF,," - -do_configure:prepend() { - sed -i -e "s#lib/pkgconfig/#${baselib}/pkgconfig/#g" ${S}/CMakeLists.txt -} - -BBCLASSEXTEND = "native nativesdk" - -FILES:${PN}-compiler += " \ - ${bindir} \ - ${libdir}/libgrpc_plugin_support${SOLIBS} \ - " diff --git a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.46.7.bb b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.46.7.bb new file mode 100644 index 0000000000..15bf05919b --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.46.7.bb @@ -0,0 +1,68 @@ +DESCRIPTION = "A high performance, open source, general-purpose RPC framework. \ +Provides gRPC libraries for multiple languages written on top of shared C core library \ +(C++, Node.js, Python, Ruby, Objective-C, PHP, C#)" +HOMEPAGE = "https://github.com/grpc/grpc" +SECTION = "libs" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=6e4cf218112648d22420a84281b68b88" + +DEPENDS = "c-ares protobuf protobuf-native protobuf-c protobuf-c-native openssl libnsl2 abseil-cpp re2" +DEPENDS:append:class-target = " googletest grpc-native " +DEPENDS:append:class-nativesdk = " grpc-native " + +PACKAGE_BEFORE_PN = "${PN}-compiler" + +RDEPENDS:${PN}-compiler = "${PN}" +RDEPENDS:${PN}-dev:append:class-native = " ${PN}-compiler" +# Configuration above allows to cross-compile gRPC applications +# In order to compile applications on the target, use the dependency below +# Both dependencies are mutually exclusive +# RDEPENDS:${PN}-dev += "${PN}-compiler" + +S = "${WORKDIR}/git" +SRCREV_grpc = "02384e39185f109bd299eb8482306229967dc970" +BRANCH = "v1.46.x" +SRC_URI = "git://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BRANCH} \ + file://0001-Revert-Changed-GRPCPP_ABSEIL_SYNC-to-GPR_ABSEIL_SYNC.patch \ + file://0001-cmake-add-separate-export-for-plugin-targets.patch \ + file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \ + " +# Fixes build with older compilers 4.8 especially on ubuntu 14.04 +CXXFLAGS:append:class-native = " -Wl,--no-as-needed" + +inherit cmake pkgconfig + +EXTRA_OECMAKE = " \ + -DgRPC_CARES_PROVIDER=package \ + -DgRPC_ZLIB_PROVIDER=package \ + -DgRPC_SSL_PROVIDER=package \ + -DgRPC_PROTOBUF_PROVIDER=package \ + -DgRPC_ABSL_PROVIDER=package \ + -DgRPC_RE2_PROVIDER=package \ + -DgRPC_INSTALL=ON \ + -DCMAKE_CROSSCOMPILING=ON \ + -DgRPC_INSTALL_LIBDIR=${baselib} \ + -DgRPC_INSTALL_CMAKEDIR=${baselib}/cmake/${BPN} \ + " + +PACKAGECONFIG ??= "cpp shared" +PACKAGECONFIG[cpp] = "-DgRPC_BUILD_GRPC_CPP_PLUGIN=ON,-DgRPC_BUILD_GRPC_CPP_PLUGIN=OFF" +PACKAGECONFIG[csharp] = "-DgRPC_BUILD_GRPC_CSHARP_PLUGIN=ON,-DgRPC_BUILD_GRPC_CSHARP_PLUGIN=OFF" +PACKAGECONFIG[node] = "-DgRPC_BUILD_GRPC_NODE_PLUGIN=ON,-DgRPC_BUILD_GRPC_NODE_PLUGIN=OFF" +PACKAGECONFIG[objective-c] = "-DgRPC_BUILD_GRPC_OBJECTIVE_C_PLUGIN=ON,-DgRPC_BUILD_GRPC_OBJECTIVE_C_PLUGIN=OFF" +PACKAGECONFIG[php] = "-DgRPC_BUILD_GRPC_PHP_PLUGIN=ON,-DgRPC_BUILD_GRPC_PHP_PLUGIN=OFF" +PACKAGECONFIG[python] = "-DgRPC_BUILD_GRPC_PYTHON_PLUGIN=ON,-DgRPC_BUILD_GRPC_PYTHON_PLUGIN=OFF" +PACKAGECONFIG[ruby] = "-DgRPC_BUILD_GRPC_RUBY_PLUGIN=ON,-DgRPC_BUILD_GRPC_RUBY_PLUGIN=OFF" +PACKAGECONFIG[protobuf-lite] = "-DgRPC_USE_PROTO_LITE=ON,-DgRPC_USE_PROTO_LITE=OFF,protobuf-lite" +PACKAGECONFIG[shared] = "-DBUILD_SHARED_LIBS=ON,-DBUILD_SHARED_LIBS=OFF,," + +do_configure:prepend() { + sed -i -e "s#lib/pkgconfig/#${baselib}/pkgconfig/#g" ${S}/CMakeLists.txt +} + +BBCLASSEXTEND = "native nativesdk" + +FILES:${PN}-compiler += " \ + ${bindir} \ + ${libdir}/libgrpc_plugin_support${SOLIBS} \ + " diff --git a/meta-openembedded/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb b/meta-openembedded/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb index 0cf6fd36bc..4fa2aacdfc 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb @@ -18,7 +18,7 @@ inherit cmake EXTRA_OECMAKE += "-DJSON_BuildTests=OFF" # nlohmann-json is a header only C++ library, so the main package will be empty. - +ALLOW_EMPTY:${PN} = "1" RDEPENDS:${PN}-dev = "" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache deleted file mode 100755 index f596207648..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache +++ /dev/null @@ -1,77 +0,0 @@ -#!/usr/bin/env node - -/// Usage: oe-npm-cache -/// ... meta - metainformation about package -/// tgz - tarball - -const process = require("node:process"); - -module.paths.unshift("@@libdir@@/node_modules/npm/node_modules"); - -const cacache = require('cacache') -const fs = require('fs') - -// argv[0] is 'node', argv[1] is this script -const cache_dir = process.argv[2] -const type = process.argv[3] -const key = process.argv[4] -const file = process.argv[5] - -const data = fs.readFileSync(file) - -// metadata content is highly nodejs dependent; when cache entries are not -// found, place debug statements in 'make-fetch-happen/lib/cache/policy.js' -// (CachePolicy::satisfies()) -const xlate = { - 'meta': { - 'key_prefix': 'make-fetch-happen:request-cache:', - 'metadata': function() { - return { - time: Date.now(), - url: key, - reqHeaders: { - 'accept': 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*', - }, - resHeaders: { - "content-type": "application/json", - "status": 200, - }, - options: { - compress: true, - } - }; - }, - }, - - 'tgz': { - 'key_prefix': 'make-fetch-happen:request-cache:', - 'metadata': function() { - return { - time: Date.now(), - url: key, - reqHeaders: { - 'accept': '*/*', - }, - resHeaders: { - "content-type": "application/octet-stream", - "status": 200, - }, - options: { - compress: true, - }, - }; - }, - }, -}; - -const info = xlate[type]; -let opts = {} - -if (info.metadata) { - opts['metadata'] = info.metadata(); -} - -cacache.put(cache_dir, info.key_prefix + key, data, opts) - .then(integrity => { - console.log(`Saved content of ${key} (${file}).`); -}) diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.19/oe-npm-cache b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.19/oe-npm-cache new file mode 100755 index 0000000000..f596207648 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.19/oe-npm-cache @@ -0,0 +1,77 @@ +#!/usr/bin/env node + +/// Usage: oe-npm-cache +/// ... meta - metainformation about package +/// tgz - tarball + +const process = require("node:process"); + +module.paths.unshift("@@libdir@@/node_modules/npm/node_modules"); + +const cacache = require('cacache') +const fs = require('fs') + +// argv[0] is 'node', argv[1] is this script +const cache_dir = process.argv[2] +const type = process.argv[3] +const key = process.argv[4] +const file = process.argv[5] + +const data = fs.readFileSync(file) + +// metadata content is highly nodejs dependent; when cache entries are not +// found, place debug statements in 'make-fetch-happen/lib/cache/policy.js' +// (CachePolicy::satisfies()) +const xlate = { + 'meta': { + 'key_prefix': 'make-fetch-happen:request-cache:', + 'metadata': function() { + return { + time: Date.now(), + url: key, + reqHeaders: { + 'accept': 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*', + }, + resHeaders: { + "content-type": "application/json", + "status": 200, + }, + options: { + compress: true, + } + }; + }, + }, + + 'tgz': { + 'key_prefix': 'make-fetch-happen:request-cache:', + 'metadata': function() { + return { + time: Date.now(), + url: key, + reqHeaders: { + 'accept': '*/*', + }, + resHeaders: { + "content-type": "application/octet-stream", + "status": 200, + }, + options: { + compress: true, + }, + }; + }, + }, +}; + +const info = xlate[type]; +let opts = {} + +if (info.metadata) { + opts['metadata'] = info.metadata(); +} + +cacache.put(cache_dir, info.key_prefix + key, data, opts) + .then(integrity => { + console.log(`Saved content of ${key} (${file}).`); +}) diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb deleted file mode 100644 index a61dd5018f..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb +++ /dev/null @@ -1,21 +0,0 @@ -DESCRIPTION = "OE helper for manipulating npm cache" -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" - -SRC_URI = "\ - file://oe-npm-cache \ -" - -inherit native - -B = "${WORKDIR}/build" - -do_configure() { - sed -e 's!@@libdir@@!${libdir}!g' < '${WORKDIR}/oe-npm-cache' > '${B}/oe-npm-cache' -} - -do_install() { - install -D -p -m 0755 ${B}/oe-npm-cache ${D}${bindir}/oe-npm-cache -} - -RDEPENDS:${PN} = "nodejs-native" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.19.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.19.bb new file mode 100644 index 0000000000..a61dd5018f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.19.bb @@ -0,0 +1,21 @@ +DESCRIPTION = "OE helper for manipulating npm cache" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +SRC_URI = "\ + file://oe-npm-cache \ +" + +inherit native + +B = "${WORKDIR}/build" + +do_configure() { + sed -e 's!@@libdir@@!${libdir}!g' < '${WORKDIR}/oe-npm-cache' > '${B}/oe-npm-cache' +} + +do_install() { + install -D -p -m 0755 ${B}/oe-npm-cache ${D}${bindir}/oe-npm-cache +} + +RDEPENDS:${PN} = "nodejs-native" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Nodejs-Fixed-pipes-DeprecationWarning.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Nodejs-Fixed-pipes-DeprecationWarning.patch new file mode 100644 index 0000000000..1f54d444d7 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Nodejs-Fixed-pipes-DeprecationWarning.patch @@ -0,0 +1,35 @@ +From 70a008c59992b0ac6a868530bc3e249b7777ab95 Mon Sep 17 00:00:00 2001 +From: Archana Polampalli +Date: Fri, 16 Dec 2022 05:19:06 +0000 +Subject: [PATCH] Nodejs: Fixed pipes DeprecationWarning + +DeprecationWarning: 'pipes' is deprecated and slated for removal in Python 3.13 + +Signed-off-by: Archana Polampalli +--- + configure.py | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/configure.py b/configure.py +index d3192ca04c..8d279220fd 100755 +--- a/configure.py ++++ b/configure.py +@@ -5,7 +5,6 @@ import sys + import errno + import argparse + import os +-import pipes + import pprint + import re + import shlex +@@ -2041,7 +2040,7 @@ write('config.gypi', do_not_edit + + pprint.pformat(output, indent=2, width=1024) + '\n') + + write('config.status', '#!/bin/sh\nset -x\nexec ./configure ' + +- ' '.join([pipes.quote(arg) for arg in original_argv]) + '\n') ++ ' '.join([shlex.quote(arg) for arg in original_argv]) + '\n') + os.chmod('config.status', 0o775) + + +-- +2.34.1 diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch new file mode 100644 index 0000000000..445aaf8398 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch @@ -0,0 +1,78 @@ +From 6c3ac20477a4bac643088f24df3c042e627fafa9 Mon Sep 17 00:00:00 2001 +From: Guillaume Burel +Date: Fri, 3 Jan 2020 11:25:54 +0100 +Subject: [PATCH] Using native binaries + +Signed-off-by: Archana Polampalli +--- + node.gyp | 2 ++ + tools/v8_gypfiles/v8.gyp | 5 +++++ + 2 files changed, 7 insertions(+) + +diff --git a/node.gyp b/node.gyp +index 24505da7ba..7d41bd52db 100644 +--- a/node.gyp ++++ b/node.gyp +@@ -319,6 +319,7 @@ + 'action_name': 'run_mkcodecache', + 'process_outputs_as_sources': 1, + 'inputs': [ ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', + '<(mkcodecache_exec)', + ], + 'outputs': [ +@@ -366,6 +367,7 @@ + 'action_name': 'node_mksnapshot', + 'process_outputs_as_sources': 1, + 'inputs': [ ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', + '<(node_mksnapshot_exec)', + ], + 'outputs': [ +diff --git a/tools/v8_gypfiles/v8.gyp b/tools/v8_gypfiles/v8.gyp +index ed042f8829..371b8e02c2 100644 +--- a/tools/v8_gypfiles/v8.gyp ++++ b/tools/v8_gypfiles/v8.gyp +@@ -68,6 +68,7 @@ + { + 'action_name': 'run_torque_action', + 'inputs': [ # Order matters. ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', + '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)torque<(EXECUTABLE_SUFFIX)', + '<@(torque_files)', + ], +@@ -99,6 +100,7 @@ + '<@(torque_outputs_inc)', + ], + 'action': [ ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', + '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)torque<(EXECUTABLE_SUFFIX)', + '-o', '<(SHARED_INTERMEDIATE_DIR)/torque-generated', + '-v8-root', '<(V8_ROOT)', +@@ -211,6 +213,7 @@ + { + 'action_name': 'generate_bytecode_builtins_list_action', + 'inputs': [ ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', + '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)bytecode_builtins_list_generator<(EXECUTABLE_SUFFIX)', + ], + 'outputs': [ +@@ -395,6 +398,7 @@ + ], + }, + 'inputs': [ ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', + '<(mksnapshot_exec)', + ], + 'outputs': [ +@@ -1513,6 +1517,7 @@ + { + 'action_name': 'run_gen-regexp-special-case_action', + 'inputs': [ ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', + '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)gen-regexp-special-case<(EXECUTABLE_SUFFIX)', + ], + 'outputs': [ +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch deleted file mode 100644 index 5cb2e97015..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 62ddf8499747fb1e366477d666c0634ad50039a9 Mon Sep 17 00:00:00 2001 -From: Elliott Sales de Andrade -Date: Tue, 19 Mar 2019 23:22:40 -0400 -Subject: [PATCH 2/2] Install both binaries and use libdir. - -This allows us to build with a shared library for other users while -still providing the normal executable. - -Taken from - https://src.fedoraproject.org/rpms/nodejs/raw/rawhide/f/0002-Install-both-binaries-and-use-libdir.patch - -Upstream-Status: Pending - -Signed-off-by: Elliott Sales de Andrade -Signed-off-by: Andreas Müller -Signed-off-by: Khem Raj ---- - configure.py | 7 +++++++ - tools/install.py | 21 +++++++++------------ - 2 files changed, 16 insertions(+), 12 deletions(-) - -diff --git a/configure.py b/configure.py -index 6efb98c2316f089f3167e486282593245373af3f..a6d2ec939e4480dfae703f3978067537abf9f0f0 100755 ---- a/configure.py -+++ b/configure.py -@@ -721,10 +721,16 @@ parser.add_argument('--shared', - dest='shared', - default=None, - help='compile shared library for embedding node in another project. ' + - '(This mode is not officially supported for regular applications)') - -+parser.add_argument('--libdir', -+ action='store', -+ dest='libdir', -+ default='lib', -+ help='a directory to install the shared library into') -+ - parser.add_argument('--without-v8-platform', - action='store_true', - dest='without_v8_platform', - default=False, - help='do not initialize v8 platform during node.js startup. ' + -@@ -1305,10 +1311,11 @@ def configure_node(o): - o['variables']['debug_nghttp2'] = 'false' - - o['variables']['node_no_browser_globals'] = b(options.no_browser_globals) - - o['variables']['node_shared'] = b(options.shared) -+ o['variables']['libdir'] = options.libdir - node_module_version = getmoduleversion.get_version() - - if options.dest_os == 'android': - shlib_suffix = 'so' - elif sys.platform == 'darwin': -diff --git a/tools/install.py b/tools/install.py -index 41cc1cbc60a9480cc08df3aa0ebe582c2becc3a2..11208f9e7166ab60da46d5ace2257c239a7e9263 100755 ---- a/tools/install.py -+++ b/tools/install.py -@@ -128,26 +128,23 @@ def subdir_files(path, dest, action): - for subdir, files_in_path in ret.items(): - action(files_in_path, subdir + '/') - - def files(action): - is_windows = sys.platform == 'win32' -- output_file = 'node' - output_prefix = 'out/Release/' -+ output_libprefix = output_prefix - -- if 'false' == variables.get('node_shared'): -- if is_windows: -- output_file += '.exe' -+ if is_windows: -+ output_bin = 'node.exe' -+ output_lib = 'node.dll' - else: -- if is_windows: -- output_file += '.dll' -- else: -- output_file = 'lib' + output_file + '.' + variables.get('shlib_suffix') -+ output_bin = 'node' -+ output_lib = 'libnode.' + variables.get('shlib_suffix') - -- if 'false' == variables.get('node_shared'): -- action([output_prefix + output_file], 'bin/' + output_file) -- else: -- action([output_prefix + output_file], 'lib/' + output_file) -+ action([output_prefix + output_bin], 'bin/' + output_bin) -+ if 'true' == variables.get('node_shared'): -+ action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib) - - if 'true' == variables.get('node_use_dtrace'): - action(['out/Release/node.d'], 'lib/dtrace/node.d') - - # behave similarly for systemtap --- -2.33.0 - diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch deleted file mode 100644 index 8db1f1dd54..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 6c3ac20477a4bac643088f24df3c042e627fafa9 Mon Sep 17 00:00:00 2001 -From: Guillaume Burel -Date: Fri, 3 Jan 2020 11:25:54 +0100 -Subject: [PATCH] Using native binaries - ---- - node.gyp | 4 ++-- - tools/v8_gypfiles/v8.gyp | 11 ++++------- - 2 files changed, 6 insertions(+), 9 deletions(-) - ---- a/node.gyp -+++ b/node.gyp -@@ -294,6 +294,7 @@ - 'action_name': 'run_mkcodecache', - 'process_outputs_as_sources': 1, - 'inputs': [ -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', - '<(mkcodecache_exec)', - ], - 'outputs': [ -@@ -319,6 +320,7 @@ - 'action_name': 'node_mksnapshot', - 'process_outputs_as_sources': 1, - 'inputs': [ -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', - '<(node_mksnapshot_exec)', - ], - 'outputs': [ ---- a/tools/v8_gypfiles/v8.gyp -+++ b/tools/v8_gypfiles/v8.gyp -@@ -68,6 +68,7 @@ - { - 'action_name': 'run_torque_action', - 'inputs': [ # Order matters. -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', - '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)torque<(EXECUTABLE_SUFFIX)', - '<@(torque_files)', - ], -@@ -99,6 +100,7 @@ - '<@(torque_outputs_inc)', - ], - 'action': [ -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', - '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)torque<(EXECUTABLE_SUFFIX)', - '-o', '<(SHARED_INTERMEDIATE_DIR)/torque-generated', - '-v8-root', '<(V8_ROOT)', -@@ -225,6 +227,7 @@ - { - 'action_name': 'generate_bytecode_builtins_list_action', - 'inputs': [ -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', - '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)bytecode_builtins_list_generator<(EXECUTABLE_SUFFIX)', - ], - 'outputs': [ -@@ -415,6 +418,7 @@ - ], - }, - 'inputs': [ -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', - '<(mksnapshot_exec)', - ], - 'outputs': [ -@@ -1548,6 +1552,7 @@ - { - 'action_name': 'run_gen-regexp-special-case_action', - 'inputs': [ -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', - '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)gen-regexp-special-case<(EXECUTABLE_SUFFIX)', - ], - 'outputs': [ diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch deleted file mode 100644 index 4d238c03f4..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001 -From: Daniel Bevenius -Date: Sat, 16 Oct 2021 08:50:16 +0200 -Subject: [PATCH] src: add --openssl-legacy-provider option - -This commit adds an option to Node.js named --openssl-legacy-provider -and if specified will load OpenSSL 3.0 Legacy provider. - -$ ./node --help -... ---openssl-legacy-provider enable OpenSSL 3.0 legacy provider - -Example usage: - -$ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' -Hash { - _options: undefined, - [Symbol(kHandle)]: Hash {}, - [Symbol(kState)]: { [Symbol(kFinalized)]: false } -} - -Co-authored-by: Richard Lau -Signed-off-by: Signed-off-by: Andrej Valek -Upstream-Status: Backport [https://github.com/nodejs/node/issues/40455] ---- - doc/api/cli.md | 10 ++++++++++ - src/crypto/crypto_util.cc | 10 ++++++++++ - src/node_options.cc | 10 ++++++++++ - src/node_options.h | 7 +++++++ - .../test-process-env-allowed-flags-are-documented.js | 5 +++++ - 5 files changed, 42 insertions(+) - -diff --git a/doc/api/cli.md b/doc/api/cli.md -index 74057706bf8d..608b9cdeddf1 100644 ---- a/doc/api/cli.md -+++ b/doc/api/cli.md -@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be - used to enable FIPS-compliant crypto if Node.js is built - against FIPS-enabled OpenSSL. - -+### `--openssl-legacy-provider` -+ -+ -+Enable OpenSSL 3.0 legacy provider. For more information please see -+[providers readme][]. -+ - ### `--pending-deprecation` - -