From 8fc454f9beebdd347403145c991697019a593cff Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Fri, 11 Dec 2020 16:27:59 -0600 Subject: meta-openembedded: subtree update:f623d8b574..936f2380bb Alexander Vickberg (2): libwebsockets: upgrade to 4.1.6 mbedtls: upgrade to 2.24.0 Bartosz Golaszewski (1): libgpiod: update v1.4.5 -> v1.6.2 Beniamin Sandu (1): trace-cmd: create recipe for version 2.9.1 Fabio Berton (2): beep: Add recipe for version 1.2.2 linuxconsole: Add recipe for version 1.7.0 Gianfranco (1): dlt-daemon: add upstream patch to fix CVE-2020-29394 Kai Kang (1): colord: fix installed-vs-shipped error Khem Raj (1): packagegroup-meta-python: Remove packages moved to core Luca Boccassi (3): dbus-broker: rdepend on dbus-common dbus-brocker: upgrade 23 -> 24 dbus-broker: upgrade 24 -> 25 Martin Jansa (1): nanopb: move to dynamic-layers Michael Vetter (1): jasper: upgrade 2.0.22 -> 2.0.23 Philip Balister (1): spdlog: Fix recipe so other recipes can use spdlog with external fmt. Robert Karszniewicz (1): firmwared: add recipe Roland Hieber (5): pcsc-lite: provide pcsc-lite-lib-native explicitly for native build lockfile-progs: use DEBIAN_MIRROR in SRC_URI fbset: use DEBIAN_MIRROR in SRC_URI liboop: use upstream SRC_URI openct: use upstream SRC_URI Senthil Selvaganesan (1): fcgiwrap: add recipe Thomas Perrot (1): openocd: disable the support of ccache Trevor Woerner (4): glmark2: update information glmark2: update to latest glmark2: add support for dispmanx glmark2: revert to previous behaviour Vyacheslav Yurkov (1): python3-aiohttp: added missing RDEPENDs Wang Mingyu (2): gensio: 2.1.4 -> 2.2.0 ser2net: 4.2.0 -> 4.3.0 Zang Ruochen (7): dialog: upgrade 1.3-20200327 -> 1.3-20201126 fmt: upgrade 7.1.2 -> 7.1.3 hidapi: upgrade 0.10.0 -> 0.10.1 opensc: upgrade 0.20.0 -> 0.20.1 pugixml: upgrade 1.10 -> 1.11 satyr: upgrade 0.31 -> 0.35 nanopb: upgrade 0.4.3 -> 0.4.4 zhengruoqin (9): c-periphery: upgrade 2.2.4 -> 2.2.5 crash: upgrade 7.2.8 -> 7.2.9 dfu-util: upgrade 0.9 -> 0.10 monit: upgrade 5.26.0 -> 5.27.1 qpdf: upgrade 10.0.1 -> 10.0.4 tcsh: upgrade 6.22.02 -> 6.22.03 xserver-xorg-cvt-native: upgrade 1.20.5 -> 1.20.9 zchunk: upgrade 1.1.6 -> 1.1.7 libconfig-autoconf-perl: upgrade 0.318 -> 0.319 Signed-off-by: Andrew Geissler Change-Id: I8371eb789fa288193da895bd51ce2160194809d8 --- ...x-incorrect-EOF-check-in-ssl_context_info.patch | 57 ++++++++++++++++++++++ .../recipes-connectivity/mbedtls/mbedtls_2.16.6.bb | 43 ---------------- .../recipes-connectivity/mbedtls/mbedtls_2.24.0.bb | 45 +++++++++++++++++ 3 files changed, 102 insertions(+), 43 deletions(-) create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls/fix-incorrect-EOF-check-in-ssl_context_info.patch delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.16.6.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.24.0.bb (limited to 'meta-openembedded/meta-networking') diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls/fix-incorrect-EOF-check-in-ssl_context_info.patch b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls/fix-incorrect-EOF-check-in-ssl_context_info.patch new file mode 100644 index 0000000000..836fce91e6 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls/fix-incorrect-EOF-check-in-ssl_context_info.patch @@ -0,0 +1,57 @@ +From d696e7d91e42a190d06760279d2e396392143454 Mon Sep 17 00:00:00 2001 +From: Nayna Jain +Date: Thu, 13 Aug 2020 19:17:53 +0000 +Subject: [PATCH] programs/ssl: Fix incorrect EOF check in ssl_context_info.c + +In `read_next_b64_code()`, the result of fgetc() is stored into a char, +but later compared against EOF, which is generally -1. On platforms +where char is unsigned, this generates a compiler warning/error that the +comparison will never be true (causing a build failure). The value will +never match, with the function ultimately bailing with a "Too many bad +symbols are detected" error. + +On platforms with signed char, EOF is detected, but a file containing a +0xFF character will causes a premature end of file exit of the loop. + +Fix this by changing the result to an int. + +Fixes #3794. + +Signed-off-by: Nayna Jain +Signed-off-by: David Brown +--- + ChangeLog.d/bugfix_3794.txt | 4 ++++ + programs/ssl/ssl_context_info.c | 4 ++-- + 2 files changed, 6 insertions(+), 2 deletions(-) + create mode 100644 ChangeLog.d/bugfix_3794.txt + +diff --git a/ChangeLog.d/bugfix_3794.txt b/ChangeLog.d/bugfix_3794.txt +new file mode 100644 +index 0000000000..a483ea76ae +--- /dev/null ++++ b/ChangeLog.d/bugfix_3794.txt +@@ -0,0 +1,4 @@ ++Bugfix ++ * Fix handling of EOF against 0xff bytes and on platforms with ++ unsigned chars. Fixes a build failure on platforms where char is ++ unsigned. Fixes #3794. +diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c +index df8819a804..d109c1e6f7 100644 +--- a/programs/ssl/ssl_context_info.c ++++ b/programs/ssl/ssl_context_info.c +@@ -377,13 +377,13 @@ size_t read_next_b64_code( uint8_t **b64, size_t *max_len ) + int valid_balance = 0; /* balance between valid and invalid characters */ + size_t len = 0; + char pad = 0; +- char c = 0; ++ int c = 0; + + while( EOF != c ) + { + char c_valid = 0; + +- c = (char) fgetc( b64_file ); ++ c = fgetc( b64_file ); + + if( pad > 0 ) + { diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.16.6.bb b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.16.6.bb deleted file mode 100644 index 8e4b6c86c5..0000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.16.6.bb +++ /dev/null @@ -1,43 +0,0 @@ -SUMMARY = "Lightweight crypto and SSL/TLS library" -DESCRIPTION = "mbedtls is a lean open source crypto library \ -for providing SSL and TLS support in your programs. It offers \ -an intuitive API and documented header files, so you can actually \ -understand what the code does. It features: \ - \ - - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4, \ - Camellia and XTEA \ - - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5 \ - - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG \ - - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \ - ECDSA and ECDH \ - - SSL v3 and TLS 1.0, 1.1 and 1.2 \ - - Abstraction layers for ciphers, hashes, public key operations, \ - platform abstraction and threading \ -" - -HOMEPAGE = "https://tls.mbed.org/" - -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=302d50a6369f5f22efdb674db908167a" - -SECTION = "libs" - -SRC_URI = "https://tls.mbed.org/download/mbedtls-${PV}-apache.tgz" -SRC_URI[md5sum] = "1f629a43c166de2eca808f3e30aa961d" -SRC_URI[sha256sum] = "66455e23a6190a30142cdc1113f7418158839331a9d8e6b0778631d077281770" - -inherit cmake - -PACKAGECONFIG ??= "shared-libs programs" -PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF" -PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF" - -EXTRA_OECMAKE = "-DENABLE_TESTING=OFF -DLIB_INSTALL_DIR:STRING=${libdir}" - -PROVIDES += "polarssl" -RPROVIDES_${PN} = "polarssl" - -PACKAGES =+ "${PN}-programs" -FILES_${PN}-programs = "${bindir}/" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.24.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.24.0.bb new file mode 100644 index 0000000000..e3a0169566 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.24.0.bb @@ -0,0 +1,45 @@ +SUMMARY = "Lightweight crypto and SSL/TLS library" +DESCRIPTION = "mbedtls is a lean open source crypto library \ +for providing SSL and TLS support in your programs. It offers \ +an intuitive API and documented header files, so you can actually \ +understand what the code does. It features: \ + \ + - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4, \ + Camellia and XTEA \ + - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5 \ + - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG \ + - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \ + ECDSA and ECDH \ + - SSL v3 and TLS 1.0, 1.1 and 1.2 \ + - Abstraction layers for ciphers, hashes, public key operations, \ + platform abstraction and threading \ +" + +HOMEPAGE = "https://tls.mbed.org/" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SECTION = "libs" + +S = "${WORKDIR}/git" +SRCREV = "523f0554b6cdc7ace5d360885c3f5bbcc73ec0e8" +SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=development \ + file://fix-incorrect-EOF-check-in-ssl_context_info.patch \ +" + +inherit cmake + +PACKAGECONFIG ??= "shared-libs programs" +PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF" +PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF" + +EXTRA_OECMAKE = "-DENABLE_TESTING=OFF -DLIB_INSTALL_DIR:STRING=${libdir}" + +PROVIDES += "polarssl" +RPROVIDES_${PN} = "polarssl" + +PACKAGES =+ "${PN}-programs" +FILES_${PN}-programs = "${bindir}/" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3