[oe] [meta-oe][scarthgap][PATCH] squid: workaround a build failure with native gcc10
From: Yoann Congal When build on Debian 11 (gcc10), squid fails to build[0] because of a bug[1] in the configure step (it mixes options between old native compiler and recent target compiler: the former needs the std=c++17 option, the latter doesn't). The workaround is to force the "-std=c++17" option for the native build. NB: Our Buildroot friends have the same workaround[2]. [0]: https://autobuilder.yoctoproject.org/typhoon/#/builders/155/builds/23/steps/28/logs/stdio [1]: https://bugs.squid-cache.org/show_bug.cgi?id=5376 Bug closed as invalid by upstream [2]: https://github.com/buildroot/buildroot/blob/932b52fad87d79d9f26a343edafe2981079de16e/package/squid/squid.mk#L24 Signed-off-by: Yoann Congal Reviewed-by: Alexandre Truong Signed-off-by: Khem Raj Signed-off-by: Armin Kuster --- meta-networking/recipes-daemons/squid/squid_6.9.bb | 5 + 1 file changed, 5 insertions(+) diff --git a/meta-networking/recipes-daemons/squid/squid_6.9.bb b/meta-networking/recipes-daemons/squid/squid_6.9.bb index f0663a5e04..33d286e122 100644 --- a/meta-networking/recipes-daemons/squid/squid_6.9.bb +++ b/meta-networking/recipes-daemons/squid/squid_6.9.bb @@ -68,6 +68,11 @@ EXTRA_OECONF += "--with-default-user=squid \ --with-logdir=${localstatedir}/log/${BPN} \ 'PERL=${USRBINPATH}/env perl'" +# Workaround a build failure when using a native compiler that need -std=c++17 +# with a cross-compiler that doesn't. +# Upstream issue closed as invalid : https://bugs.squid-cache.org/show_bug.cgi?id=5376 +BUILD_CXXFLAGS += "-std=c++17" + export BUILDCXXFLAGS="${BUILD_CXXFLAGS}" TESTDIR = "test-suite" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#110613): https://lists.openembedded.org/g/openembedded-devel/message/110613 Mute This Topic: https://lists.openembedded.org/mt/106368288/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] kirkstone merge request May 28th
The following changes since commit 70b217ecc812296d98e1aa027a7d182a8019dded: python3-pyyaml-include: Drop pytest --automake (2024-05-22 12:50:26 -0700) are available in the Git repository at: https://git.openembedded.org/meta-openembedded kirkstone-next for you to fetch changes up to 0560b848996a0feb410a8cd8ca07c60fe2f3b5bc: ITS#10094 libldap/OpenSSL: fix setting ciphersuites (2024-05-28 06:17:26 -0400) Meenali Gupta (1): nginx: fix CVE-2023-44487 Peter Marko (3): nss: patch CVE-2023-5388 nss: patch CVE-2024-0743 uriparser: upgrade 0.9.6 -> 0.9.8 Priyal Doshi (1): ITS#10094 libldap/OpenSSL: fix setting ciphersuites Soumya Sambu (1): php: upgrade 8.1.22 -> 8.1.28 Vivek Kumbhar (1): nss: Backport fix CVE-2023-0767 Yogita Urade (1): mbedtls: upgrade 2.28.7->2.28.8 akash hadke (1): libeigen: Update GPL-3.0-only to GPL-2.0-only nikhil (1): libssh: Fix CVE CVE-2023-6004 .../mbedtls/{mbedtls_2.28.7.bb => mbedtls_2.28.8.bb} | 4 +- meta-oe/recipes-devtools/php/{php_8.1.22.bb => php_8.1.28.bb} | 2 +- meta-oe/recipes-support/libeigen/libeigen_3.4.0.bb | 2 +- ...1-config-Move-common-parser-functions-to-config_parser.patch | 464 +++ meta-oe/recipes-support/libssh/libssh/001_CVE-2023-6004.patch | 30 ++ meta-oe/recipes-support/libssh/libssh/002_CVE-2023-6004.patch | 83 meta-oe/recipes-support/libssh/libssh/003_CVE-2023-6004.patch | 117 + meta-oe/recipes-support/libssh/libssh/004_CVE-2023-6004.patch | 57 +++ meta-oe/recipes-support/libssh/libssh/005_CVE-2023-6004.patch | 142 ++ meta-oe/recipes-support/libssh/libssh/006_CVE-2023-6004.patch | 117 + meta-oe/recipes-support/libssh/libssh_0.8.9.bb | 7 + ...1-Bug-1780432-CVE-2023-5388-Timing-attack-against-RSA-.patch | 681 ...1-Bug-1867408-add-a-defensive-check-for-large-ssl_DefS.patch | 40 ++ meta-oe/recipes-support/nss/nss/CVE-2023-0767.patch | 102 + meta-oe/recipes-support/nss/nss_3.74.bb | 3 + ...001-ITS-10094-libldap-OpenSSL-fix-setting-ciphersuites.patch | 69 +++ meta-oe/recipes-support/openldap/openldap_2.5.16.bb | 1 + .../uriparser/{uriparser_0.9.6.bb => uriparser_0.9.8.bb} | 2 +- meta-webserver/recipes-httpd/nginx/files/CVE-2023-44487.patch | 79 meta-webserver/recipes-httpd/nginx/nginx.inc | 1 + 20 files changed, 1998 insertions(+), 5 deletions(-) rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_2.28.7.bb => mbedtls_2.28.8.bb} (93%) rename meta-oe/recipes-devtools/php/{php_8.1.22.bb => php_8.1.28.bb} (99%) create mode 100644 meta-oe/recipes-support/libssh/libssh/0001-config-Move-common-parser-functions-to-config_parser.patch create mode 100644 meta-oe/recipes-support/libssh/libssh/001_CVE-2023-6004.patch create mode 100644 meta-oe/recipes-support/libssh/libssh/002_CVE-2023-6004.patch create mode 100644 meta-oe/recipes-support/libssh/libssh/003_CVE-2023-6004.patch create mode 100644 meta-oe/recipes-support/libssh/libssh/004_CVE-2023-6004.patch create mode 100644 meta-oe/recipes-support/libssh/libssh/005_CVE-2023-6004.patch create mode 100644 meta-oe/recipes-support/libssh/libssh/006_CVE-2023-6004.patch create mode 100644 meta-oe/recipes-support/nss/nss/0001-Bug-1780432-CVE-2023-5388-Timing-attack-against-RSA-.patch create mode 100644 meta-oe/recipes-support/nss/nss/0001-Bug-1867408-add-a-defensive-check-for-large-ssl_DefS.patch create mode 100644 meta-oe/recipes-support/nss/nss/CVE-2023-0767.patch create mode 100644 meta-oe/recipes-support/openldap/openldap/0001-ITS-10094-libldap-OpenSSL-fix-setting-ciphersuites.patch rename meta-oe/recipes-support/uriparser/{uriparser_0.9.6.bb => uriparser_0.9.8.bb} (84%) create mode 100644 meta-webserver/recipes-httpd/nginx/files/CVE-2023-44487.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#110584): https://lists.openembedded.org/g/openembedded-devel/message/110584 Mute This Topic: https://lists.openembedded.org/mt/106345882/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe] [meta-oe][kirkstone][PATCH V1] ITS#10094 libldap/OpenSSL: fix setting ciphersuites
Priyal, What versions of openldap does this affect? Do we need this in other branches like master or scarthgap? - armin On 5/13/24 8:20 AM, Priyal Doshi via lists.openembedded.org wrote: From: Priyal Doshi Backport-from: https://git.openldap.org/openldap/openldap/-/merge_requests/654/diffs?commit_id=8c482cec9a68e74b3609b1e44738bee352f6577a Signed-off-by: Priyal Doshi --- ...-libldap-OpenSSL-fix-setting-ciphersuites.patch | 69 ++ .../recipes-support/openldap/openldap_2.5.16.bb| 1 + 2 files changed, 70 insertions(+) create mode 100644 meta-oe/recipes-support/openldap/openldap/0001-ITS-10094-libldap-OpenSSL-fix-setting-ciphersuites.patch diff --git a/meta-oe/recipes-support/openldap/openldap/0001-ITS-10094-libldap-OpenSSL-fix-setting-ciphersuites.patch b/meta-oe/recipes-support/openldap/openldap/0001-ITS-10094-libldap-OpenSSL-fix-setting-ciphersuites.patch new file mode 100644 index 000..211dbe9 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap/0001-ITS-10094-libldap-OpenSSL-fix-setting-ciphersuites.patch @@ -0,0 +1,69 @@ +From 7cee69298857e2393799780ee472dfe0a378ee2d Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Thu, 12 Oct 2023 17:22:48 +0100 +Subject: [PATCH] ITS#10094 libldap/OpenSSL: fix setting ciphersuites + +Don't try old-style ciphersuite list if only v1.3 or newer ciphers were specified + +Upstream-Status: Backport from https://git.openldap.org/openldap/openldap/-/merge_requests/654/diffs?commit_id=8c482cec9a68e74b3609b1e44738bee352f6577a + +Signed-off-by: Priyal Doshi +--- + libraries/libldap/tls_o.c | 16 +--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c +index d6405bc..4123a9b 100644 +--- a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c +@@ -294,7 +294,7 @@ tlso_stecpy( char *dst, const char *src, const char *end ) + * Try to find any TLS1.3 ciphers in the given list of suites. + */ + static void +-tlso_ctx_cipher13( tlso_ctx *ctx, char *suites ) ++tlso_ctx_cipher13( tlso_ctx *ctx, char *suites, char **oldsuites ) + { + char tls13_suites[1024], *ts = tls13_suites, *te = tls13_suites + sizeof(tls13_suites); + char *ptr, *colon, *nptr; +@@ -303,6 +303,8 @@ tlso_ctx_cipher13( tlso_ctx *ctx, char *suites ) + SSL *s = SSL_new( ctx ); + int ret; + ++ *oldsuites = NULL; ++ + if ( !s ) + return; + +@@ -334,8 +336,15 @@ tlso_ctx_cipher13( tlso_ctx *ctx, char *suites ) + if ( tls13_suites[0] ) + ts = tlso_stecpy( ts, ":", te ); + ts = tlso_stecpy( ts, nptr, te ); ++ } else if (! *oldsuites) { ++ /* should never happen, set_ciphersuites should ++ * only succeed for TLSv1.3 and above ++ */ ++ *oldsuites = ptr; + } + } ++ } else if (! *oldsuites) { ++ *oldsuites = ptr; + } + if ( !colon || ts >= te ) + break; +@@ -415,10 +424,11 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) + } + + if ( lo->ldo_tls_ciphersuite ) { ++ char *oldsuites = lt->lt_ciphersuite; + #if OPENSSL_VERSION_NUMBER >= 0x10101000 +- tlso_ctx_cipher13( ctx, lt->lt_ciphersuite ); ++ tlso_ctx_cipher13( ctx, lt->lt_ciphersuite, ); + #endif +- if ( !SSL_CTX_set_cipher_list( ctx, lt->lt_ciphersuite ) ) ++ if ( oldsuites && !SSL_CTX_set_cipher_list( ctx, oldsuites ) ) + { + Debug1( LDAP_DEBUG_ANY, + "TLS: could not set cipher list %s.\n", +-- +2.34.1 + diff --git a/meta-oe/recipes-support/openldap/openldap_2.5.16.bb b/meta-oe/recipes-support/openldap/openldap_2.5.16.bb index 9e9d059..7e1c8fd 100644 --- a/meta-oe/recipes-support/openldap/openldap_2.5.16.bb +++ b/meta-oe/recipes-support/openldap/openldap_2.5.16.bb @@ -20,6 +20,7 @@ SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$ file://slapd.service \ file://remove-user-host-pwd-from-version.patch \ file://0001-build-top.mk-unset-STRIP_OPTS.patch \ +file://0001-ITS-10094-libldap-OpenSSL-fix-setting-ciphersuites.patch \ " SRC_URI[sha256sum] = "546ba591822e8bb0e467d40c4d4a30f89d937c3a507fe83a578f582f6a211327" -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#110392): https://lists.openembedded.org/g/openembedded-devel/message/110392 Mute This Topic: https://lists.openembedded.org/mt/106071184/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org
[oe] kirkstone merge request: April 28th
The following changes since commit 8bb16533532b6abc2eded7d9961ab2a108fd7a5b: dnsmasq: Upgrade 2.87 -> 2.90 (2024-03-25 07:11:05 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded kirkstone-next for you to fetch changes up to 5a6f7925bd2b885955c942573f70a5594f231563: python3-twisted: Add python3-typing-extensions to RDEPENDS (2024-04-28 13:10:23 -0400) Ashish Sharma (1): wireshark: Backport fix for CVE-2024-2955 Derek Straka (1): python3-pyyaml-include: add initial recipe for version 1.3.2 Hains van den Bosch (2): python3-twisted: Add python3-asyncio to RDEPENDS python3-twisted: Add python3-typing-extensions to RDEPENDS Hitendra Prajapati (1): wireshark: fix CVE-2023-6175 Mingli Yu (1): python3-pyyaml-include: Upgrade 1.3.2 -> 1.4.1 Rahul Janani Pandi (3): python3-pillow: Fix CVE-2023-50447 python3-django: fix CVE-2024-24680 python3-aiohttp: Fix CVE-2024-23334 Rohini Sangam (1): xterm: Security fix for CVE-2023-40359 Soumya Sambu (2): iniparser: Fix CVE-2023-33461 apache2: Upgrade v2.4.58 -> v2.4.59 Tim Orling (1): python3-pyyaml-include: switch to pytest --automake Xiangyu Chen (1): bats: fix bats-format-pretty report error when multilib enabled nikhil (1): giflib: Fix CVE CVE-2022-28506 .../recipes-support/wireshark/files/CVE-2023-6175.patch | 246 ++ .../recipes-support/wireshark/files/CVE-2024-2955.patch | 52 meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb | 2 + meta-oe/recipes-devtools/giflib/files/CVE-2022-28506.patch | 40 +++ meta-oe/recipes-devtools/giflib/giflib_5.2.1.bb | 4 +- meta-oe/recipes-graphics/xorg-app/xterm/CVE-2023-40359.patch | 388 meta-oe/recipes-graphics/xorg-app/xterm_372.bb | 1 + .../recipes-support/iniparser/iniparser/CVE-2023-33461.patch | 51 meta-oe/recipes-support/iniparser/iniparser_4.1.bb | 4 +- meta-oe/recipes-test/bats/bats_1.6.1.bb | 1 + .../python/python3-aiohttp/CVE-2024-23334.patch | 222 meta-python/recipes-devtools/python/python3-aiohttp_3.8.6.bb | 3 + .../recipes-devtools/python/python3-django/CVE-2024-24680.patch | 48 meta-python/recipes-devtools/python/python3-django_2.2.28.bb | 1 + .../python/python3-pillow/CVE-2023-50447-1.patch | 29 +++ .../python/python3-pillow/CVE-2023-50447-2.patch | 31 +++ .../python/python3-pillow/CVE-2023-50447-3.patch | 56 .../python/python3-pillow/CVE-2023-50447-4.patch | 66 + meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb | 4 + .../recipes-devtools/python/python3-pyyaml-include/run-ptest | 3 + .../recipes-devtools/python/python3-pyyaml-include_1.4.1.bb | 29 +++ meta-python/recipes-devtools/python/python3-twisted_22.2.0.bb | 2 + .../0004-apache2-log-the-SELinux-context-at-startup.patch | 16 +- .../apache2/0007-apache2-allow-to-disable-selinux-support.patch | 10 +- .../apache2/{apache2_2.4.58.bb => apache2_2.4.59.bb} | 2 +- 25 files changed, 1295 insertions(+), 16 deletions(-) create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2023-6175.patch create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2024-2955.patch create mode 100644 meta-oe/recipes-devtools/giflib/files/CVE-2022-28506.patch create mode 100644 meta-oe/recipes-graphics/xorg-app/xterm/CVE-2023-40359.patch create mode 100644 meta-oe/recipes-support/iniparser/iniparser/CVE-2023-33461.patch create mode 100644 meta-python/recipes-devtools/python/python3-aiohttp/CVE-2024-23334.patch create mode 100644 meta-python/recipes-devtools/python/python3-django/CVE-2024-24680.patch create mode 100644 meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-1.patch create mode 100644 meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-2.patch create mode 100644 meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-3.patch create mode 100644 meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-4.patch create mode 100755 meta-python/recipes-devtools/python/python3-pyyaml-include/run-ptest create mode 100644 meta-python/recipes-devtools/python/python3-pyyaml-include_1.4.1.bb rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.58.bb => apache2_2.4.59.bb} (99%) -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#110162): https://lists.openembedded.org/g/openembedded-devel/message/110162 Mute This Topic: https://lists.openembedded.org/mt/105786043/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe:
Re: [oe][meta-webserver][kirkstone][PATCH 1/1] nginx: upgrade 1.25.2 -> 1.25.3
On 3/28/24 12:16 AM, Meenali Gupta via lists.openembedded.org wrote: Reminder! Kirkstone has three versions of nginx: 1.20.1, 1.21.0 and 1.24.0. This is a package upgrade and I don't want a fourth version. - armin *From:* Khem Raj *Sent:* 14 December 2023 22:16 *To:* Gupta, Meenali *Cc:* openembedded-devel@lists.openembedded.org *Subject:* Re: [oe][meta-webserver][kirkstone][PATCH 1/1] nginx: upgrade 1.25.2 -> 1.25.3 CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe. we need this on master as well. Its good to mention the branches a patch is needed in subject. Its fine to mention more than one if it applied directly to all of the requested branches. I almost ignored it as it said kirkstone alone. On Thu, Dec 14, 2023 at 2:38 AM Meenali Gupta via lists.openembedded.org wrote: > > From: Meenali Gupta > > Changelog: > === > https://nginx.org/en/CHANGES > > *) Change: improved detection of misbehaving clients when using HTTP/2. > > *) Feature: startup speedup when using a large number of locations. > Thanks to Yusuke Nojima. > > *) Bugfix: a segmentation fault might occur in a worker process when > using HTTP/2 without SSL; the bug had appeared in 1.25.1. > > *) Bugfix: the "Status" backend response header line with an empty > reason phrase was handled incorrectly. > > *) Bugfix: memory leak during reconfiguration when using the PCRE2 > library. > Thanks to ZhenZhong Wu. > > *) Bugfixes and improvements in HTTP/3. > > Signed-off-by: Meenali Gupta > --- > .../recipes-httpd/nginx/{nginx_1.25.2.bb => nginx_1.25.3.bb} | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > rename meta-webserver/recipes-httpd/nginx/{nginx_1.25.2.bb => nginx_1.25.3.bb} (51%) > > diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.25.2.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.25.3.bb > similarity index 51% > rename from meta-webserver/recipes-httpd/nginx/nginx_1.25.2.bb > rename to meta-webserver/recipes-httpd/nginx/nginx_1.25.3.bb > index 66eef23895..8aa9fa0267 100644 > --- a/meta-webserver/recipes-httpd/nginx/nginx_1.25.2.bb > +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.25.3.bb > @@ -2,5 +2,5 @@ require nginx.inc > > LIC_FILES_CHKSUM = "file://LICENSE;md5=79ad2eb837299421c4435dedc8897b3d " > > -SRC_URI[sha256sum] = "05dd6d9356d66a74e61035f2a42162f8c754c97cf1ba64e7a801ba158d6c0711" > +SRC_URI[sha256sum] = "64c5b975ca287939e828303fa857d22f142b251f17808dfe41733512d9cded86" > > -- > 2.40.0 > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#110153): https://lists.openembedded.org/g/openembedded-devel/message/110153 Mute This Topic: https://lists.openembedded.org/mt/103167529/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] Dunfell merge request: April 25
The following changes since commit c74ebbddfd9dbe02d3f7422016324451eb218e1e: python3-pillow: Fix for CVE-2023-50447 (2024-03-03 16:38:27 -0500) are available in the Git repository at: https://git.openembedded.org/meta-openembedded dunfell-next for you to fetch changes up to 01358b6d705071cc0ac5aefa7670ab235709729a: wireshark: fix CVE-2023-6175 (2024-04-25 08:27:27 -0400) Ashish Sharma (2): c-ares: Backport fix for CVE-2024-25629 wireshark: Backport fix for CVE-2024-2955 Hitendra Prajapati (2): python3-cryptography: fix CVE-2024-26130 NULL pointer dereference wireshark: fix CVE-2023-6175 Matthias Schmitz (1): postgresql: Update to 12.18 Vijay Anusuri (1): wireshark: Fix for CVE-2023-4511 .../recipes-support/wireshark/files/CVE-2023-4511.patch | 81 + .../recipes-support/wireshark/files/CVE-2023-6175.patch | 246 .../recipes-support/wireshark/files/CVE-2024-2955.patch | 52 ++ meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb | 3 + .../postgresql/{postgresql_12.17.bb => postgresql_12.18.bb} | 4 +- meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch | 32 meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb | 1 + .../python/python3-cryptography/CVE-2024-26130.patch | 66 meta-python/recipes-devtools/python/python3-cryptography_2.8.bb | 1 + 9 files changed, 484 insertions(+), 2 deletions(-) create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2023-4511.patch create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2023-6175.patch create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2024-2955.patch rename meta-oe/recipes-dbs/postgresql/{postgresql_12.17.bb => postgresql_12.18.bb} (51%) create mode 100644 meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch create mode 100644 meta-python/recipes-devtools/python/python3-cryptography/CVE-2024-26130.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#110152): https://lists.openembedded.org/g/openembedded-devel/message/110152 Mute This Topic: https://lists.openembedded.org/mt/105729042/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] kirkstone merge request: Marck 25th
The following changes since commit fda737ec0cc1d2a5217548a560074a8e4d5ec580: mbedtls: Upgrade 3.5.0 -> 3.5.2 (2024-02-28 08:18:18 -0500) are available in the Git repository at: https://git.openembedded.org/meta-openembedded kirkstone-next for you to fetch changes up to 8bb16533532b6abc2eded7d9961ab2a108fd7a5b: dnsmasq: Upgrade 2.87 -> 2.90 (2024-03-25 07:11:05 -0400) Anuj Mittal (1): opencv: fix reproducibility issues Soumya Sambu (4): openvpn: ignore CVE-2023-7235 postgresql: Upgrade to 14.11 unixodbc: Fix CVE-2024-1013 dnsmasq: Upgrade 2.87 -> 2.90 Vivek Kumbhar (1): openjpeg: Backport fix CVE-2021-3575 Yogita Urade (1): c-ares: fix CVE-2024-25629 meta-networking/recipes-support/dnsmasq/dnsmasq.inc | 1 - meta-networking/recipes-support/dnsmasq/dnsmasq/lua.patch | 31 --- meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb | 7 - meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb | 3 + .../recipes-support/dnsmasq/files/CVE-2023-28450.patch | 48 - meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb | 3 + .../0001-configure.ac-bypass-autoconf-2.69-version-check.patch | 6 +- meta-oe/recipes-dbs/postgresql/files/CVE-2023-5868.patch | 125 meta-oe/recipes-dbs/postgresql/files/CVE-2023-5869.patch | 294 meta-oe/recipes-dbs/postgresql/files/CVE-2023-5870.patch | 108 -- .../postgresql/{postgresql_14.9.bb => postgresql_14.11.bb} | 7 +- meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch | 45 + meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb | 1 + meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch | 34 meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb | 1 + meta-oe/recipes-support/opencv/opencv_4.5.5.bb | 34 ++-- meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch | 53 + meta-oe/recipes-support/unixodbc/unixodbc_2.3.9.bb | 1 + 18 files changed, 163 insertions(+), 639 deletions(-) delete mode 100644 meta-networking/recipes-support/dnsmasq/dnsmasq/lua.patch delete mode 100644 meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb create mode 100644 meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb delete mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch delete mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2023-5868.patch delete mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2023-5869.patch delete mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2023-5870.patch rename meta-oe/recipes-dbs/postgresql/{postgresql_14.9.bb => postgresql_14.11.bb} (61%) create mode 100644 meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch create mode 100644 meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch create mode 100644 meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#109576): https://lists.openembedded.org/g/openembedded-devel/message/109576 Mute This Topic: https://lists.openembedded.org/mt/105135690/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][scarthgap][PATCH] meta-openemnedded: Add myself as scarthgap maintainer
Signed-off-by: Armin Kuster --- README.md | 2 +- meta-filesystems/README.md | 10 +- meta-gnome/README.md| 10 +- meta-initramfs/README.md| 8 meta-multimedia/README.md | 10 +- meta-networking/MAINTAINERS | 11 +++ meta-networking/README.md | 8 meta-oe/README.md | 8 meta-perl/README.md | 11 +-- meta-python/README.md | 12 +--- meta-webserver/README.md| 11 +++ meta-xfce/README.md | 11 +-- 12 files changed, 53 insertions(+), 59 deletions(-) diff --git a/README.md b/README.md index 7318f09cdb..82f2e9699a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ Collection of layers for the OE-core universe -Main layer maintainer: Khem Raj +Main layer maintainer: Armin Kuster This repository is a collection of layers to suppliment OE-Core with additional packages, Each layer have designated maintainer diff --git a/meta-filesystems/README.md b/meta-filesystems/README.md index 78a4429ce2..bf48806035 100644 --- a/meta-filesystems/README.md +++ b/meta-filesystems/README.md @@ -11,26 +11,26 @@ This layer depends on: URI: git://git.openembedded.org/openembedded-core layers: meta - branch: master + branch: scarthgap URI: git://git.openembedded.org/meta-openembedded layers: meta-oe - branch: master + branch: scarthgap Patches === Please submit any patches against the filesystems layer to the OpenEmbedded development mailing list (openembedded-devel@lists.openembedded.org) -with '[meta-filesystems]' in the subject. +with '[meta-filesystems][scarthgap]' in the subject. -Layer maintainer: Khem Raj +Layer maintainer: Armin Kuster When sending single patches, please use something like: git send-email -1 -M \ --to openembedded-devel@lists.openembedded.org \ ---subject-prefix='meta-filesystems][PATCH' +--subject-prefix='meta-filesystems][scarthgap][PATCH' Table of Contents diff --git a/meta-gnome/README.md b/meta-gnome/README.md index fbb0d72476..2125c36df3 100644 --- a/meta-gnome/README.md +++ b/meta-gnome/README.md @@ -3,14 +3,14 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/openembedded-core -branch: master +branch: scarthgap URI: git://git.openembedded.org/meta-openembedded -branch: master +branch: scarthgap -Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-gnome]' in the subject' +Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-gnome][scarthgap]' in the subject' When sending single patches, please using something like: -git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-gnome][PATCH' +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-gnome][scarthgap][PATCH' -Layer maintainer: Andreas M??ller +Layer maintainer: Armin Kuster diff --git a/meta-initramfs/README.md b/meta-initramfs/README.md index 119293a741..da7acfca62 100644 --- a/meta-initramfs/README.md +++ b/meta-initramfs/README.md @@ -12,19 +12,19 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/meta-openembedded -branch: master +branch: scarthgap Maintenance --- Send patches / pull requests to openembedded-devel@lists.openembedded.org -with '[meta-initramfs]' in the subject. +with '[meta-initramfs][scarthgap]' in the subject. When sending single patches, please using something like: -git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-initramfs][PATCH' +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-initramfs][scarthgap][PATCH' -Interm layer maintainer: Khem Raj +Interm layer maintainer: Armin Kuster License diff --git a/meta-multimedia/README.md b/meta-multimedia/README.md index 235c34331b..66c139ac9c 100644 --- a/meta-multimedia/README.md +++ b/meta-multimedia/README.md @@ -1,17 +1,17 @@ This layer depends on: URI: git://git.openembedded.org/openembedded-core -branch: master +branch: scarthgap URI: git://git.openembedded.org/meta-openembedded layers: meta-oe -branch: master +branch: scarthgap -Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-multimedia]' in the subject +Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-multimedia][scarthgap]' in the subject When sending single patches, please use something like: -git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-multimedia][PATCH' +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-multimedia][scarthgap][PATCH' You are encouraged to fork the mirror on github https://github.com/openembedded/meta-openembedded to share your patches, this is preferred for patch sets consisting of more than one
[oe] dunfell merge request: March 3rd
The following changes since commit daa4619fe3fbf8c28f342c4a7163a84a330f7653: postgresql: Update to 12.17 (2024-01-16 07:31:14 -0500) are available in the Git repository at: https://git.openembedded.org/meta-openembedded dunfell-next for you to fetch changes up to c74ebbddfd9dbe02d3f7422016324451eb218e1e: python3-pillow: Fix for CVE-2023-50447 (2024-03-03 16:38:27 -0500) Ashish Sharma (1): wireshark: Backport fix for CVE-2023-1992 Changqing Li (1): linuxptp: fix do_compile error Hitendra Prajapati (2): apache2: upgrade 2.4.57 -> 2.4.58 wireshark: fix CVE-2024-0208 GVCP dissector crash Hugo SIMELIERE (1): libuv: fix CVE-2024-24806 Khem Raj (1): gdm: Add polkit to required distro features Vijay Anusuri (4): squid: backport Debian patch for CVE-2023-46728 and CVE-2023-46846 squid: Fix for CVE-2023-49285 and CVE-2023-49286 squid: Backport fix for CVE-2023-50269 python3-pillow: Fix for CVE-2023-50447 Wang Mingyu (1): openwsman: Change download branch from master to main. virendra thakur (1): nodejs: Set CVE_PRODUCT to "node.js" meta-gnome/recipes-gnome/gdm/gdm_3.34.1.bb | 2 +- meta-networking/recipes-daemons/squid/files/CVE-2023-46728.patch | 608 meta-networking/recipes-daemons/squid/files/CVE-2023-46846-pre1.patch | 1154 ++ meta-networking/recipes-daemons/squid/files/CVE-2023-46846.patch | 169 ++ meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch | 35 ++ meta-networking/recipes-daemons/squid/files/CVE-2023-49286.patch | 87 +++ meta-networking/recipes-daemons/squid/files/CVE-2023-50269.patch | 62 ++ meta-networking/recipes-daemons/squid/squid_4.9.bb | 6 + meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch | 62 ++ meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch | 42 ++ meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb | 2 + meta-oe/recipes-connectivity/libuv/libuv/CVE-2024-24806-1.patch | 32 ++ meta-oe/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch | 30 + meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb | 4 +- .../linuxptp/0001-makefile-use-conditional-assignment-for-KBUILD_OUTPU.patch | 42 ++ meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.1.bb | 1 + meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb | 2 + meta-oe/recipes-devtools/nodejs/nodejs_14.18.1.bb | 2 + meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb | 2 +- meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-1.patch | 31 + meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-2.patch | 54 ++ meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-3.patch | 44 ++ meta-python/recipes-devtools/python/python3-pillow_6.2.1.bb | 3 + .../apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch | 31 - meta-webserver/recipes-httpd/apache2/apache2/CVE-2023-45802.patch | 141 - meta-webserver/recipes-httpd/apache2/{apache2_2.4.57.bb => apache2_2.4.58.bb} | 4 +- 26 files changed, 2474 insertions(+), 178 deletions(-) create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2023-46728.patch create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2023-46846-pre1.patch create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2023-46846.patch create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2023-49286.patch create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2023-50269.patch create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch create mode 100644 meta-oe/recipes-connectivity/libuv/libuv/CVE-2024-24806-1.patch create mode 100644 meta-oe/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch create mode 100644 meta-oe/recipes-connectivity/linuxptp/linuxptp/0001-makefile-use-conditional-assignment-for-KBUILD_OUTPU.patch create mode 100644 meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-1.patch create mode 100644 meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-2.patch create mode 100644 meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-3.patch delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2023-45802.patch rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.57.bb => apache2_2.4.58.bb} (97%) -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#109092):
Re: [oe] [meta-networking][dunfell][PATCH] proftpd: fix CVE-2020-9272 Out-of-bounds read
On 2/26/24 3:55 AM, Anuj Mittal wrote: On Mon, 2024-02-26 at 11:25 +0530, Hitendra Prajapati via lists.openembedded.org wrote: Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/743330874ee19dfcf2405827274015da0663bd2b Signed-off-by: Hitendra Prajapati --- .../proftpd/files/CVE-2020-9272.patch | 2839 + .../recipes-daemons/proftpd/proftpd_1.3.6.bb | 1 + 2 files changed, 2840 insertions(+) create mode 100644 meta-networking/recipes- daemons/proftpd/files/CVE-2020-9272.patch diff --git a/meta-networking/recipes-daemons/proftpd/files/CVE-2020- 9272.patch b/meta-networking/recipes-daemons/proftpd/files/CVE-2020- 9272.patch new file mode 100644 index 00..aa779a0956 --- /dev/null +++ b/meta-networking/recipes-daemons/proftpd/files/CVE-2020- 9272.patch @@ -0,0 +1,2839 @@ +From 743330874ee19dfcf2405827274015da0663bd2b Mon Sep 17 00:00:00 2001 +From: TJ Saunders +Date: Tue, 18 Feb 2020 11:21:38 -0800 +Subject: [PATCH] Issue #902: Update the bundled `libcap` library to the latest + from https://github.com/mhiramat/libcap.git. + +Upstream-Status: Backport [https://github.com/proftpd/proftpd/commit/743330874ee19dfcf240582727 4015da0663bd2b] I think it'd be better to update the recipe to 1.3.6e maintenance release that already has this fix instead of carrying this patch. I agree. - armin http://proftpd.org/docs/RELEASE_NOTES-1.3.6e Thanks, Anuj +CVE: CVE-2020-9272 +Signed-off-by: Hitendra Prajapati +--- + lib/libcap/Makefile | 53 ++- + lib/libcap/_makenames.c | 41 +-- + lib/libcap/cap_alloc.c | 101 +++--- + lib/libcap/cap_extint.c | 71 ++-- + lib/libcap/cap_file.c | 314 +++--- + lib/libcap/cap_flag.c | 99 +++--- + lib/libcap/cap_proc.c | 169 +++--- + lib/libcap/cap_sys.c | 41 --- + lib/libcap/cap_text.c | 301 +++-- + lib/libcap/include/sys/capability.h | 74 +++-- + lib/libcap/include/sys/securebits.h | 22 ++ + lib/libcap/include/uapi/linux/capability.h | 367 + + lib/libcap/include/uapi/linux/prctl.h | 200 +++ + lib/libcap/include/uapi/linux/securebits.h | 60 + lib/libcap/libcap.h | 223 +++-- + 15 files changed, 1538 insertions(+), 598 deletions(-) + delete mode 100644 lib/libcap/cap_sys.c + create mode 100644 lib/libcap/include/sys/securebits.h + create mode 100644 lib/libcap/include/uapi/linux/capability.h + create mode 100644 lib/libcap/include/uapi/linux/prctl.h + create mode 100644 lib/libcap/include/uapi/linux/securebits.h + +diff --git a/lib/libcap/Makefile b/lib/libcap/Makefile +index d5311ce..ff88cfb 100644 +--- a/lib/libcap/Makefile b/lib/libcap/Makefile +@@ -1,5 +1,5 @@ +-## This libcap (for proftpd) is originally from libcap-1.10, +-## at ftp://linux.kernel.org/pub/libs/security/linux-privs. ++## This libcap (for proftpd) is originally from libcap, at: ++## https://github.com/mhiramat/libcap.git. + ## This interface is SPECIFIC TO THE LINUX 2.2 KERNEL!!! IT IS NOT GUARANTEED + ## TO WORK ON ANY PRIOR OR LATER VERSION (ie: 2.1.x or 2.3.x). + ## If this library stops working, please contact c...@proftpd.org. +@@ -9,50 +9,49 @@ + # + topdir=$(shell pwd)/.. + include ../../Make.rules ++ ++KERNEL_HEADERS=/usr/include ++LIBTITLE=libcap ++ + # + # Library version + # +-LIBNAME=libcap.a ++LIBNAME=$(LIBTITLE).so ++STALIBNAME=$(LIBTITLE).a + # + +-FILES=cap_alloc cap_proc cap_extint cap_flag cap_text cap_sys +- +-# for later when there is filesystem support for cap's: +-#FILES += cap_file ++FILES=cap_alloc cap_proc cap_extint cap_flag cap_text cap_file + + INCLS=libcap.h cap_names.h $(INCS) + OBJS=$(addsuffix .o, $(FILES)) + +-all: $(LIBNAME) ++all: $(STALIBNAME) + +-_makenames: _makenames.c cap_names.sed +- $(BUILD_CC) $(CFLAGS) $(LDFLAGS) $< -o $@ ++_makenames: _makenames.c cap_names.list.h ++ $(CC) $(CFLAGS) $< -o $@ + + cap_names.h: _makenames + ./_makenames > cap_names.h + +-cap_names.sed: Makefile /usr/include/linux/capability.h +- @echo "=> making cap_names.c from " +- @sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0- 9]\+/{s/^#define \([^ \t]*\)[ \t]*\([^ \t]*\)/ \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed +-# @sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0- 9]\+/{s/^#define CAP_\([^ \t]*\)[ \t]*\([^ \t]*\)/ \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed ++cap_names.list.h: Makefile $(KERNEL_HEADERS)/linux/capability.h ++ @echo "=> making $@ from $(KERNEL_HEADERS)/linux/capability.h" ++ perl -e 'while ($$l=<>) { if ($$l =~ /^\#define[ \t](CAP[_A- Z]+)[ \t]+([0-9]+)\s+$$/) { $$tok=$$1;
Re: [oe][meta-oe][kirkstone][PATCH 2/4] nodejs: fix CVE-2024-21892
On 2/27/24 6:37 AM, Polampalli, Archana via lists.openembedded.org wrote: Kindly ignore this patch. thanks for letting me know. - Armin Regards, Archana *From:* openembedded-devel@lists.openembedded.org on behalf of Polampalli, Archana via lists.openembedded.org *Sent:* Friday, February 23, 2024 14:06 *To:* openembedded-devel@lists.openembedded.org *Subject:* [oe][meta-oe][kirkstone][PATCH 2/4] nodejs: fix CVE-2024-21892 From: Archana Polampalli On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set. This allows unprivileged users to inject code that inherits the process's elevated privileges. Signed-off-by: Archana Polampalli --- .../nodejs/nodejs/CVE-2024-21892-0001.patch | 97 +++ .../nodejs/nodejs/CVE-2024-21892-0002.patch | 58 +++ .../recipes-devtools/nodejs/nodejs_16.20.2.bb | 2 + 3 files changed, 157 insertions(+) create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-21892-0001.patch create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-21892-0002.patch diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-21892-0001.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-21892-0001.patch new file mode 100644 index 0..0eb988fac --- /dev/null +++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-21892-0001.patch @@ -0,0 +1,97 @@ +From 3f619407fe1e597657b598383d0b5003a064311b Mon Sep 17 00:00:00 2001 +From: Daniel Bevenius +Date: Wed, 17 Mar 2021 13:48:51 +0100 +Subject: [PATCH 2/5] src: allow CAP_NET_BIND_SERVICE in SafeGetenv + +This commit updates SafeGetenv to check if the current process has the +effective capability cap_net_bind_service set, and if so allows +environment variables to be read. + +The motivation for this change is a use-case where Node is run in a +container, and the is a requirement to be able to listen to ports +below 1024. This is done by setting the capability of +cap_net_bind_service. In addition there is a need to set the +environment variable `NODE_EXTRA_CA_CERTS`. But currently this +environment variable will not be read when the capability has been set +on the executable. + +PR-URL: https://github.com/nodejs/node/pull/37727 +Reviewed-By: Anna Henningsen +Reviewed-By: Richard Lau +Reviewed-By: James M Snell +Reviewed-By: Michael Dawson + +CVE: CVE-2024-21892 + +Upstream-Status: Backport [https://github.com/nodejs/node/commit/3f619407fe1e5976] + +Signed-off-by: Archana Polampalli +--- + src/node_credentials.cc | 38 +- + 1 file changed, 37 insertions(+), 1 deletion(-) + +diff --git a/src/node_credentials.cc b/src/node_credentials.cc +index 4c098c9..7688af8 100644 +--- a/src/node_credentials.cc b/src/node_credentials.cc +@@ -12,6 +12,11 @@ + #include // setuid, getuid + #endif + ++#ifdef __linux__ ++#include ++#include ++#endif // __linux__ ++ + namespace node { + + using v8::Array; +@@ -33,14 +38,45 @@ bool linux_at_secure = false; + + namespace credentials { + +-// Look up environment variable unless running as setuid root. ++#if defined(__linux__) ++// Returns true if the current process only has the passed-in capability. ++bool HasOnly(int capability) { ++ DCHECK(cap_valid(capability)); ++ ++ struct __user_cap_data_struct cap_data[2]; ++ struct __user_cap_header_struct cap_header_data = { ++ _LINUX_CAPABILITY_VERSION_3, ++ getpid()}; ++ ++ ++ if (syscall(SYS_capget, _header_data, _data) != 0) { ++ return false; ++ } ++ if (capability < 32) { ++ return cap_data[0].permitted == ++ static_cast(CAP_TO_MASK(capability)); ++ } ++ return cap_data[1].permitted == ++ static_cast(CAP_TO_MASK(capability)); ++} ++#endif ++ ++// Look up the environment variable and allow the lookup if the current ++// process only has the capability CAP_NET_BIND_SERVICE set. If the current ++// process does not have any capabilities set and the process is running as ++// setuid root then lookup will not be allowed. + bool SafeGetenv(const char* key, + std::string* text, + std::shared_ptr env_vars, + v8::Isolate* isolate) { + #if !defined(__CloudABI__) && !defined(_WIN32) ++#if defined(__linux__) ++ if ((!HasOnly(CAP_NET_BIND_SERVICE) && per_process::linux_at_secure) || ++ getuid() != geteuid() || getgid() != getegid()) ++#else + if (per_process::linux_at_secure || getuid() != geteuid() || + getgid() != getegid()) ++#endif + goto fail; + #endif + +-- +2.40.0 diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-21892-0002.patch
[oe] kirkstone-next merge request: Feb 28th
The following changes since commit 8609de00952d65bb813a48c535c937324efeb18a: Revert "libcroco: Add fix for CVE-2020-12825" (2024-02-07 18:41:41 -0500) are available in the Git repository at: https://git.openembedded.org/meta-openembedded kirkstone-next for you to fetch changes up to fda737ec0cc1d2a5217548a560074a8e4d5ec580: mbedtls: Upgrade 3.5.0 -> 3.5.2 (2024-02-28 08:18:18 -0500) Fathi Boudra (1): python3-django: upgrade from 4.2.7 to 4.2.10 Meenali Gupta (1): graphviz: fix CVE-2023-46045 Soumya Sambu (2): mbedtls: upgrade 2.28.5 -> 2.28.7 mbedtls: Upgrade 3.5.0 -> 3.5.2 Vijay Anusuri (1): squid: Backport fix for CVE-2023-49286 and CVE-2023-50269 Yogita Urade (1): mariadb: fix CVE-2023-22084 virendra thakur (1): nodejs: Set CVE_PRODUCT to "node.js" .../mbedtls/{mbedtls_2.28.5.bb => mbedtls_2.28.7.bb} | 6 +- .../mbedtls/{mbedtls_3.5.0.bb => mbedtls_3.5.2.bb} | 7 ++- .../recipes-daemons/squid/files/CVE-2023-49286.patch | 87 +++ .../recipes-daemons/squid/files/CVE-2023-50269.patch | 62 meta-networking/recipes-daemons/squid/squid_4.15.bb | 2 + meta-oe/recipes-dbs/mysql/mariadb.inc | 1 + meta-oe/recipes-dbs/mysql/mariadb/CVE-2023-22084.patch | 91 + meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb | 2 + .../recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch | 38 .../recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch | 39 + .../recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch | 31 ++ meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb | 3 + .../{python3-django_4.2.7.bb => python3-django_4.2.10.bb} | 2 +- 13 files changed, 364 insertions(+), 7 deletions(-) rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_2.28.5.bb => mbedtls_2.28.7.bb} (91%) rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_3.5.0.bb => mbedtls_3.5.2.bb} (93%) create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2023-49286.patch create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2023-50269.patch create mode 100644 meta-oe/recipes-dbs/mysql/mariadb/CVE-2023-22084.patch create mode 100644 meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch create mode 100644 meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch create mode 100644 meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch rename meta-python/recipes-devtools/python/{python3-django_4.2.7.bb => python3-django_4.2.10.bb} (77%) -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#109050): https://lists.openembedded.org/g/openembedded-devel/message/109050 Mute This Topic: https://lists.openembedded.org/mt/104622488/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] nanbield merge request: Jan 24th
The following changes since commit 2da6e1b0e43a8993fd422fee3f83940100b59f4c: poco: fix branch (2024-01-05 07:52:17 -0500) are available in the Git repository at: https://git.openembedded.org/meta-openembedded nanbield-next for you to fetch changes up to da9063bdfbe130f424ba487f167da68e0ce90e7d: libssh: upgrade 0.10.5 -> 0.10.6 (2024-01-16 19:29:51 -0500) Changqing Li (2): postgresql: upgrade 15.4 -> 15.5 redis: upgrade 6.2.13 -> 6.2.14 Khem Raj (1): webkitgtk3: upgrade 2.42.0 -> 2.42.1 Meenali Gupta (1): nginx: upgrade 1.25.2 -> 1.25.3 Mingli Yu (1): mariadb: Upgrade to 10.11.6 Wang Mingyu (5): strongswan: upgrade 5.9.12 -> 5.9.13 webkitgtk3: upgrade 2.42.1 -> 2.42.2 webkitgtk3: upgrade 2.42.2 -> 2.42.3 webkitgtk3: upgrade 2.42.3 -> 2.42.4 libssh: upgrade 0.10.5 -> 0.10.6 Yi Zhao (1): samba: upgrade 4.18.8 -> 4.18.9 .../samba/{samba_4.18.8.bb => samba_4.18.9.bb} | 2 +- .../strongswan/{strongswan_5.9.12.bb => strongswan_5.9.13.bb} | 2 +- .../{mariadb-native_10.11.5.bb => mariadb-native_10.11.6.bb} | 0 meta-oe/recipes-dbs/mysql/mariadb.inc | 3 +- meta-oe/recipes-dbs/mysql/mariadb/libfmt_make_fmt.patch | 68 - .../mysql/{mariadb_10.11.5.bb => mariadb_10.11.6.bb} | 0 .../0001-configure.ac-bypass-autoconf-2.69-version-check.patch | 8 ++-- .../postgresql/{postgresql_15.4.bb => postgresql_15.5.bb} | 2 +- .../recipes-extended/redis/{redis_6.2.13.bb => redis_6.2.14.bb} | 2 +- ...1-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch | 10 ++--- ...1-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch | 10 ++--- .../libssh/{libssh_0.10.5.bb => libssh_0.10.6.bb} | 2 +- .../webkitgtk/{webkitgtk3_2.42.0.bb => webkitgtk3_2.42.4.bb} | 2 +- .../recipes-httpd/nginx/{nginx_1.25.2.bb => nginx_1.25.3.bb} | 2 +- 14 files changed, 20 insertions(+), 93 deletions(-) rename meta-networking/recipes-connectivity/samba/{samba_4.18.8.bb => samba_4.18.9.bb} (99%) rename meta-networking/recipes-support/strongswan/{strongswan_5.9.12.bb => strongswan_5.9.13.bb} (99%) rename meta-oe/recipes-dbs/mysql/{mariadb-native_10.11.5.bb => mariadb-native_10.11.6.bb} (100%) delete mode 100644 meta-oe/recipes-dbs/mysql/mariadb/libfmt_make_fmt.patch rename meta-oe/recipes-dbs/mysql/{mariadb_10.11.5.bb => mariadb_10.11.6.bb} (100%) rename meta-oe/recipes-dbs/postgresql/{postgresql_15.4.bb => postgresql_15.5.bb} (86%) rename meta-oe/recipes-extended/redis/{redis_6.2.13.bb => redis_6.2.14.bb} (96%) rename meta-oe/recipes-support/libssh/{libssh_0.10.5.bb => libssh_0.10.6.bb} (96%) rename meta-oe/recipes-support/webkitgtk/{webkitgtk3_2.42.0.bb => webkitgtk3_2.42.4.bb} (99%) rename meta-webserver/recipes-httpd/nginx/{nginx_1.25.2.bb => nginx_1.25.3.bb} (51%) -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108446): https://lists.openembedded.org/g/openembedded-devel/message/108446 Mute This Topic: https://lists.openembedded.org/mt/103931060/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][kirkstone][PATCH] strongswan: upgrade 5.9.12 -> 5.9.13
From: Wang Mingyu Changelog: - Fixes a regression with handling OCSP error responses and adds a new option to specify the length of nonces in OCSP requests. Also adds some other improvements for OCSP handling and fuzzers for OCSP requests/responses. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 5be2e20157f3025f9e2370933267a56fd526c58e) Signed-off-by: Armin Kuster (cherry picked from commit b135007c8ff43c18dd0593b5115d46dc6362675f) Signed-off-by: Armin Kuster --- .../strongswan/{strongswan_5.9.12.bb => strongswan_5.9.13.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-support/strongswan/{strongswan_5.9.12.bb => strongswan_5.9.13.bb} (99%) diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb similarity index 99% rename from meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb rename to meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb index c734b43b64..afa1a684b1 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb @@ -11,7 +11,7 @@ DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \ " -SRC_URI[sha256sum] = "5e6018b07cbe9f72c044c129955a13be3e2f799ceb53f53a4459da6a922b95e5" +SRC_URI[sha256sum] = "56e30effb578fd9426d8457e3b76c8c3728cd8a5589594b55649b2719308ba55" UPSTREAM_CHECK_REGEX = "strongswan-(?P\d+(\.\d+)+)\.tar" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108322): https://lists.openembedded.org/g/openembedded-devel/message/108322 Mute This Topic: https://lists.openembedded.org/mt/103777421/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 11/11] libssh: upgrade 0.10.5 -> 0.10.6
From: Wang Mingyu 0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch 0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch refreshed for 0.10.6 Changelog: == * Fix CVE-2023-6004: Command injection using proxycommand * Fix CVE-2023-48795: Potential downgrade attack using strict kex * Fix CVE-2023-6918: Missing checks for return values of MD functions * Fix ssh_send_issue_banner() for CMD(PowerShell) * Avoid passing other events to callbacks when poll is called recursively (#202) * Allow @ in usernames when parsing from URI composes Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 1bea2e8c3053e7ecffb04adaaded54555f2afa0b) Signed-off-by: Armin Kuster --- ...pt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch | 10 -- ...MakeLists.txt-do-not-search-ssh-sshd-commands.patch | 10 -- .../libssh/{libssh_0.10.5.bb => libssh_0.10.6.bb} | 2 +- 3 files changed, 9 insertions(+), 13 deletions(-) rename meta-oe/recipes-support/libssh/{libssh_0.10.5.bb => libssh_0.10.6.bb} (96%) diff --git a/meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch b/meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch index 19775fa529..d2d1fb5955 100644 --- a/meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch +++ b/meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch @@ -1,4 +1,4 @@ -From 0cade4573334571055127a2d4fe3641e2397948d Mon Sep 17 00:00:00 2001 +From 49a8ae4d6f77434ed9f7a601b9df488b921e4a22 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Mon, 20 Mar 2023 21:59:19 -0700 Subject: [PATCH] libgcrypt.c: Fix prototype of des3_encrypt/des3_decrypt @@ -18,15 +18,16 @@ TOPDIR/build/tmp/work/cortexa15t2hf-neon-yoe-linux-gnueabi/libssh/0.10.4-r0/git/ Upstream-Status: Pending Signed-off-by: Khem Raj + --- src/libgcrypt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libgcrypt.c b/src/libgcrypt.c -index da5588ad..e482b654 100644 +index f410d997..e3f66781 100644 --- a/src/libgcrypt.c +++ b/src/libgcrypt.c -@@ -469,12 +469,12 @@ static int des3_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) { +@@ -416,12 +416,12 @@ static int des3_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) { } static void des3_encrypt(struct ssh_cipher_struct *cipher, void *in, @@ -41,6 +42,3 @@ index da5588ad..e482b654 100644 gcry_cipher_decrypt(cipher->key[0], out, len, in, len); } --- -2.40.0 - diff --git a/meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch b/meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch index 0c7f53029e..d6bc75c3a6 100644 --- a/meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch +++ b/meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch @@ -1,4 +1,4 @@ -From d2525ba0bc7b11de12c54ea1a3d1eb862537136d Mon Sep 17 00:00:00 2001 +From 69a89e8f015802f61637fed0d3791d20a594f298 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Wed, 15 Mar 2023 16:51:58 +0800 Subject: [PATCH] tests/CMakeLists.txt: do not search ssh/sshd commands on host @@ -9,12 +9,13 @@ not required by unittests, we can skip the search. Upstream-Status: Inappropriate [embedded specific] Signed-off-by: Yi Zhao + --- tests/CMakeLists.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt -index 22a36f37..aa32ca2e 100644 +index f5c30061..885c926a 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -86,6 +86,7 @@ set(TEST_TARGET_LIBRARIES @@ -25,7 +26,7 @@ index 22a36f37..aa32ca2e 100644 # OpenSSH Capabilities are required for all unit tests find_program(SSH_EXECUTABLE NAMES ssh) if (SSH_EXECUTABLE) -@@ -293,6 +294,7 @@ if (CLIENT_TESTING OR SERVER_TESTING) +@@ -302,6 +303,7 @@ if (CLIENT_TESTING OR SERVER_TESTING) message(STATUS "TORTURE_ENVIRONMENT=${TORTURE_ENVIRONMENT}") endif () @@ -33,6 +34,3 @@ index 22a36f37..aa32ca2e 100644 configure_file(tests_config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/tests_config.h) --- -2.25.1 - diff --git a/meta-oe/recipes-support/libssh/libssh_0.10.5.bb b/meta-oe/recipes-support/libssh/libssh_0.10.6.bb similarity index 96% rename from meta-oe/recipes-support/libssh/libssh_0.10.5.bb rename to meta-oe/recipes-support/libssh/libssh_0.10.6.bb index f33987acf5..31f29c1b7d 100644 --- a/meta-oe/recipes-support/libssh/libssh_0.10.5.bb +++ b/meta-oe/recipes-support/libssh/libssh_0.10.6.bb @@ -11,7 +11,7 @@ SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable file://0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.
[oe] [meta-oe][nanbield][PATCH 10/11] redis: upgrade 6.2.13 -> 6.2.14
From: Changqing Li Upgrade urgency SECURITY: See security fixes below. Security fixes: (CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup. Signed-off-by: Changqing Li Signed-off-by: Khem Raj (cherry picked from commit 5b34766daadf8f1e8ef3d55b24e0037c4d0727f5) Signed-off-by: Armin Kuster --- .../recipes-extended/redis/{redis_6.2.13.bb => redis_6.2.14.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-extended/redis/{redis_6.2.13.bb => redis_6.2.14.bb} (96%) diff --git a/meta-oe/recipes-extended/redis/redis_6.2.13.bb b/meta-oe/recipes-extended/redis/redis_6.2.14.bb similarity index 96% rename from meta-oe/recipes-extended/redis/redis_6.2.13.bb rename to meta-oe/recipes-extended/redis/redis_6.2.14.bb index 640831c525..fa430ce402 100644 --- a/meta-oe/recipes-extended/redis/redis_6.2.13.bb +++ b/meta-oe/recipes-extended/redis/redis_6.2.14.bb @@ -17,7 +17,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://GNU_SOURCE.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ " -SRC_URI[sha256sum] = "89ff27c80d420456a721ccfb3beb7cc628d883c53059803513749e13214a23d1" +SRC_URI[sha256sum] = "34e74856cbd66fdb3a684fb349d93961d8c7aa668b06f81fd93ff267d09bc277" inherit autotools-brokensep update-rc.d systemd useradd -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108320): https://lists.openembedded.org/g/openembedded-devel/message/108320 Mute This Topic: https://lists.openembedded.org/mt/103777362/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 09/11] samba: upgrade 4.18.8 -> 4.18.9
From: Yi Zhao This is the latest stable release of the Samba 4.18 release series. It contains the security-relevant bugfix CVE-2018-14628: Wrong ntSecurityDescriptor values for "CN=Deleted Objects" allow read of object tombstones over LDAP (Administrator action required!) https://www.samba.org/samba/security/CVE-2018-14628.html Release Notes: https://www.samba.org/samba/history/samba-4.18.9.html Signed-off-by: Yi Zhao Signed-off-by: Khem Raj (cherry picked from commit f4c3c747d6df6015eb1231f2867ffe43ddb9620e) Signed-off-by: Armin Kuster --- .../samba/{samba_4.18.8.bb => samba_4.18.9.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-connectivity/samba/{samba_4.18.8.bb => samba_4.18.9.bb} (99%) diff --git a/meta-networking/recipes-connectivity/samba/samba_4.18.8.bb b/meta-networking/recipes-connectivity/samba/samba_4.18.9.bb similarity index 99% rename from meta-networking/recipes-connectivity/samba/samba_4.18.8.bb rename to meta-networking/recipes-connectivity/samba/samba_4.18.9.bb index f80742640f..73ceb7b754 100644 --- a/meta-networking/recipes-connectivity/samba/samba_4.18.8.bb +++ b/meta-networking/recipes-connectivity/samba/samba_4.18.9.bb @@ -31,7 +31,7 @@ SRC_URI:append:libc-musl = " \ file://samba-4.3.9-remove-getpwent_r.patch \ " -SRC_URI[sha256sum] = "4fb87bceaeb01d832a59046c197a044b7e8e8000581548b5d577a6cda03344d1" +SRC_URI[sha256sum] = "f455c1d6351ed3a36fc2cb6e8ab1bfd0effe54a56686ffd495d64ab52d50f245" UPSTREAM_CHECK_REGEX = "samba\-(?P4\.18(\.\d+)+).tar.gz" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108319): https://lists.openembedded.org/g/openembedded-devel/message/108319 Mute This Topic: https://lists.openembedded.org/mt/103777361/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 08/11] postgresql: upgrade 15.4 -> 15.5
From: Changqing Li Refer https://www.postgresql.org/docs/release/15.5/ Signed-off-by: Changqing Li Signed-off-by: Khem Raj (cherry picked from commit bcedf9f99ca683764ef19ab008e042c82da616ff) Signed-off-by: Armin Kuster --- ...-configure.ac-bypass-autoconf-2.69-version-check.patch | 8 .../postgresql/{postgresql_15.4.bb => postgresql_15.5.bb} | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) rename meta-oe/recipes-dbs/postgresql/{postgresql_15.4.bb => postgresql_15.5.bb} (86%) diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch b/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch index fb70b22720..ab578056ff 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch @@ -1,4 +1,4 @@ -From 5f9dedc91a0a9710033fa155ea759f765ce5b58b Mon Sep 17 00:00:00 2001 +From d44c83ed0f30462a31930d6d925762b3f8412ce2 Mon Sep 17 00:00:00 2001 From: Yi Fan Yu Date: Fri, 5 Feb 2021 17:15:42 -0500 Subject: [PATCH] configure.ac: bypass autoconf 2.69 version check @@ -13,12 +13,12 @@ Signed-off-by: Yi Fan Yu 1 file changed, 4 deletions(-) diff --git a/configure.ac b/configure.ac -index 524fdf1..3bea642 100644 +index e988503..d1b2cfd 100644 --- a/configure.ac +++ b/configure.ac @@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros - AC_INIT([PostgreSQL], [15.4], [pgsql-b...@lists.postgresql.org], [], [https://www.postgresql.org/]) + AC_INIT([PostgreSQL], [15.5], [pgsql-b...@lists.postgresql.org], [], [https://www.postgresql.org/]) -m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required. -Untested combinations of 'autoconf' and PostgreSQL versions are not @@ -28,5 +28,5 @@ index 524fdf1..3bea642 100644 AC_CONFIG_SRCDIR([src/backend/access/common/heaptuple.c]) AC_CONFIG_AUX_DIR(config) -- -2.34.1 +2.25.1 diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_15.4.bb b/meta-oe/recipes-dbs/postgresql/postgresql_15.5.bb similarity index 86% rename from meta-oe/recipes-dbs/postgresql/postgresql_15.4.bb rename to meta-oe/recipes-dbs/postgresql/postgresql_15.5.bb index 3aa2662891..cb90ff930a 100644 --- a/meta-oe/recipes-dbs/postgresql/postgresql_15.4.bb +++ b/meta-oe/recipes-dbs/postgresql/postgresql_15.5.bb @@ -11,6 +11,6 @@ SRC_URI += "\ file://0001-postgresql-fix-ptest-failure-of-sysviews.patch \ " -SRC_URI[sha256sum] = "baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9" +SRC_URI[sha256sum] = "8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6" CVE_STATUS[CVE-2017-8806] = "not-applicable-config: Ddoesn't apply to out configuration of postgresql so we can safely ignore it." -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108318): https://lists.openembedded.org/g/openembedded-devel/message/108318 Mute This Topic: https://lists.openembedded.org/mt/103777360/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 06/11] webkitgtk3: upgrade 2.42.2 -> 2.42.3
From: Wang Mingyu Changelog: === - Fix flickering while playing videos with DMA-BUF sink. - Fix color picker being triggered in the inspector when typing "tan". - Do not special case the "sans" font family name. - Fix build failure with libxml2 version 2.12.0 due to an API change. - Fix several crashes and rendering issues. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 1a474db2702c59702c414f4c8ed4487251f10df6) Signed-off-by: Armin Kuster --- .../webkitgtk/{webkitgtk3_2.42.2.bb => webkitgtk3_2.42.3.bb}| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-support/webkitgtk/{webkitgtk3_2.42.2.bb => webkitgtk3_2.42.3.bb} (99%) diff --git a/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.2.bb b/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.3.bb similarity index 99% rename from meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.2.bb rename to meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.3.bb index ac75afb90e..6149a7ac49 100644 --- a/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.2.bb +++ b/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.3.bb @@ -15,7 +15,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/webkitgtk-${PV}.tar.xz \ file://0d3344e17d258106617b0e6d783d073b188a2548.patch \ file://no-musttail-arm.patch \ " -SRC_URI[sha256sum] = "5720aa3e8627f1b9f63252187d4df0f8233ae71d697b1796ebfbe5ca750bd118" +SRC_URI[sha256sum] = "0a1a4630045628b3a6fe95da72dc47852cff20d66be1ac6fd0d669c88c13d8e2" inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gi-docgen -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108316): https://lists.openembedded.org/g/openembedded-devel/message/108316 Mute This Topic: https://lists.openembedded.org/mt/103777358/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 07/11] webkitgtk3: upgrade 2.42.3 -> 2.42.4
From: Wang Mingyu Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 466370a087534eded974a1eef2a4431dda6900b3) Signed-off-by: Armin Kuster --- .../webkitgtk/{webkitgtk3_2.42.3.bb => webkitgtk3_2.42.4.bb}| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-support/webkitgtk/{webkitgtk3_2.42.3.bb => webkitgtk3_2.42.4.bb} (99%) diff --git a/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.3.bb b/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.4.bb similarity index 99% rename from meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.3.bb rename to meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.4.bb index 6149a7ac49..3c6b7db811 100644 --- a/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.3.bb +++ b/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.4.bb @@ -15,7 +15,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/webkitgtk-${PV}.tar.xz \ file://0d3344e17d258106617b0e6d783d073b188a2548.patch \ file://no-musttail-arm.patch \ " -SRC_URI[sha256sum] = "0a1a4630045628b3a6fe95da72dc47852cff20d66be1ac6fd0d669c88c13d8e2" +SRC_URI[sha256sum] = "52288b30bda22373442cecb86f9c9a569ad8d4769a1f97b352290ed92a67ed86" inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gi-docgen -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108317): https://lists.openembedded.org/g/openembedded-devel/message/108317 Mute This Topic: https://lists.openembedded.org/mt/103777359/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 05/11] webkitgtk3: upgrade 2.42.1 -> 2.42.2
From: Wang Mingyu Changelog: == - Bump Safari version in user agent header. - Fix CSP regression that broke Unity WebGL applications. - Fix the build with GBM disabled. - Fix several crashes and rendering issues. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 700e3a36fbc70ef7ecd5fa2bc820f0922df5a528) Signed-off-by: Armin Kuster --- .../webkitgtk/{webkitgtk3_2.42.1.bb => webkitgtk3_2.42.2.bb}| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-support/webkitgtk/{webkitgtk3_2.42.1.bb => webkitgtk3_2.42.2.bb} (99%) diff --git a/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.1.bb b/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.2.bb similarity index 99% rename from meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.1.bb rename to meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.2.bb index 9aabfb123c..ac75afb90e 100644 --- a/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.1.bb +++ b/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.2.bb @@ -15,7 +15,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/webkitgtk-${PV}.tar.xz \ file://0d3344e17d258106617b0e6d783d073b188a2548.patch \ file://no-musttail-arm.patch \ " -SRC_URI[sha256sum] = "6f41fac9989d3ee51c08c48de1d439cdeddecbc757e34b6180987d99b16d2499" +SRC_URI[sha256sum] = "5720aa3e8627f1b9f63252187d4df0f8233ae71d697b1796ebfbe5ca750bd118" inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gi-docgen -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108314): https://lists.openembedded.org/g/openembedded-devel/message/108314 Mute This Topic: https://lists.openembedded.org/mt/103777356/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 04/11] webkitgtk3: upgrade 2.42.0 -> 2.42.1
From: Khem Raj Signed-off-by: Khem Raj (cherry picked from commit 32bae13bb8b8edf6b4af12ee7057493101c5fb14) Signed-off-by: Armin Kuster --- .../webkitgtk/{webkitgtk3_2.42.0.bb => webkitgtk3_2.42.1.bb}| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-support/webkitgtk/{webkitgtk3_2.42.0.bb => webkitgtk3_2.42.1.bb} (99%) diff --git a/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.0.bb b/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.1.bb similarity index 99% rename from meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.0.bb rename to meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.1.bb index f682cd9f03..9aabfb123c 100644 --- a/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.0.bb +++ b/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.42.1.bb @@ -15,7 +15,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/webkitgtk-${PV}.tar.xz \ file://0d3344e17d258106617b0e6d783d073b188a2548.patch \ file://no-musttail-arm.patch \ " -SRC_URI[sha256sum] = "828f95935861fae583fb8f2ae58cf64c63c178ae2b7c2d6f73070813ad64ed1b" +SRC_URI[sha256sum] = "6f41fac9989d3ee51c08c48de1d439cdeddecbc757e34b6180987d99b16d2499" inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gi-docgen -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108315): https://lists.openembedded.org/g/openembedded-devel/message/108315 Mute This Topic: https://lists.openembedded.org/mt/103777357/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 01/11] strongswan: upgrade 5.9.12 -> 5.9.13
From: Wang Mingyu Changelog: - Fixes a regression with handling OCSP error responses and adds a new option to specify the length of nonces in OCSP requests. Also adds some other improvements for OCSP handling and fuzzers for OCSP requests/responses. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 5be2e20157f3025f9e2370933267a56fd526c58e) Signed-off-by: Armin Kuster --- .../strongswan/{strongswan_5.9.12.bb => strongswan_5.9.13.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-support/strongswan/{strongswan_5.9.12.bb => strongswan_5.9.13.bb} (99%) diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb similarity index 99% rename from meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb rename to meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb index 87d12bc6c8..4523187af2 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb @@ -11,7 +11,7 @@ DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \ " -SRC_URI[sha256sum] = "5e6018b07cbe9f72c044c129955a13be3e2f799ceb53f53a4459da6a922b95e5" +SRC_URI[sha256sum] = "56e30effb578fd9426d8457e3b76c8c3728cd8a5589594b55649b2719308ba55" UPSTREAM_CHECK_REGEX = "strongswan-(?P\d+(\.\d+)+)\.tar" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108311): https://lists.openembedded.org/g/openembedded-devel/message/108311 Mute This Topic: https://lists.openembedded.org/mt/103777352/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 02/11] nginx: upgrade 1.25.2 -> 1.25.3
From: Meenali Gupta Changelog: === https://nginx.org/en/CHANGES *) Change: improved detection of misbehaving clients when using HTTP/2. *) Feature: startup speedup when using a large number of locations. Thanks to Yusuke Nojima. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 without SSL; the bug had appeared in 1.25.1. *) Bugfix: the "Status" backend response header line with an empty reason phrase was handled incorrectly. *) Bugfix: memory leak during reconfiguration when using the PCRE2 library. Thanks to ZhenZhong Wu. *) Bugfixes and improvements in HTTP/3. Signed-off-by: Meenali Gupta Signed-off-by: Khem Raj (cherry picked from commit dc4bef4648ea5ff73230ff2d343f498c93bd333b) Signed-off-by: Armin Kuster --- .../recipes-httpd/nginx/{nginx_1.25.2.bb => nginx_1.25.3.bb}| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-webserver/recipes-httpd/nginx/{nginx_1.25.2.bb => nginx_1.25.3.bb} (51%) diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.25.2.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.25.3.bb similarity index 51% rename from meta-webserver/recipes-httpd/nginx/nginx_1.25.2.bb rename to meta-webserver/recipes-httpd/nginx/nginx_1.25.3.bb index 66eef23895..8aa9fa0267 100644 --- a/meta-webserver/recipes-httpd/nginx/nginx_1.25.2.bb +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.25.3.bb @@ -2,5 +2,5 @@ require nginx.inc LIC_FILES_CHKSUM = "file://LICENSE;md5=79ad2eb837299421c4435dedc8897b3d" -SRC_URI[sha256sum] = "05dd6d9356d66a74e61035f2a42162f8c754c97cf1ba64e7a801ba158d6c0711" +SRC_URI[sha256sum] = "64c5b975ca287939e828303fa857d22f142b251f17808dfe41733512d9cded86" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108312): https://lists.openembedded.org/g/openembedded-devel/message/108312 Mute This Topic: https://lists.openembedded.org/mt/103777354/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 03/11] mariadb: Upgrade to 10.11.6
From: Mingli Yu Remove one patch as the logic is included in the new version [1] [2]. Upgrade mariadb to 10.11.6 [3]. [1] https://github.com/MariaDB/server/commit/f4cec369a392c8a6056207012992ad4a5639965a [2] https://github.com/MariaDB/server/commit/cd5808eb8da13c5626d4bdeb452cef6ada29cb1d [3] https://mariadb.com/kb/en/mariadb-10-11-6-release-notes/ Signed-off-by: Mingli Yu Signed-off-by: Khem Raj (cherry picked from commit 702cf1dc114d7c65cde4fe1d3f19a3314fccb7ff) Signed-off-by: Armin Kuster --- ...e_10.11.5.bb => mariadb-native_10.11.6.bb} | 0 meta-oe/recipes-dbs/mysql/mariadb.inc | 3 +- .../mysql/mariadb/libfmt_make_fmt.patch | 68 --- ...{mariadb_10.11.5.bb => mariadb_10.11.6.bb} | 0 4 files changed, 1 insertion(+), 70 deletions(-) rename meta-oe/recipes-dbs/mysql/{mariadb-native_10.11.5.bb => mariadb-native_10.11.6.bb} (100%) delete mode 100644 meta-oe/recipes-dbs/mysql/mariadb/libfmt_make_fmt.patch rename meta-oe/recipes-dbs/mysql/{mariadb_10.11.5.bb => mariadb_10.11.6.bb} (100%) diff --git a/meta-oe/recipes-dbs/mysql/mariadb-native_10.11.5.bb b/meta-oe/recipes-dbs/mysql/mariadb-native_10.11.6.bb similarity index 100% rename from meta-oe/recipes-dbs/mysql/mariadb-native_10.11.5.bb rename to meta-oe/recipes-dbs/mysql/mariadb-native_10.11.6.bb diff --git a/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-oe/recipes-dbs/mysql/mariadb.inc index d64d5b0e42..7e6ef42bc3 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb.inc +++ b/meta-oe/recipes-dbs/mysql/mariadb.inc @@ -23,10 +23,9 @@ SRC_URI = "https://archive.mariadb.org/${BP}/source/${BP}.tar.gz \ file://0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch \ file://lfs64.patch \ file://0001-Add-missing-includes-cstdint-and-cstdio.patch \ - file://libfmt_make_fmt.patch \ " SRC_URI:append:libc-musl = " file://ppc-remove-glibc-dep.patch" -SRC_URI[sha256sum] = "4c9484048d4d0c71dd076ab33fc2a9ce8510bdf762886de0d63fe52496f3dbbb" +SRC_URI[sha256sum] = "1c0163463e98d71f4780741611a40981eee2bc44d392601ca49bbf948d04dd67" UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/releases; diff --git a/meta-oe/recipes-dbs/mysql/mariadb/libfmt_make_fmt.patch b/meta-oe/recipes-dbs/mysql/mariadb/libfmt_make_fmt.patch deleted file mode 100644 index 4d5f4a611b..00 --- a/meta-oe/recipes-dbs/mysql/mariadb/libfmt_make_fmt.patch +++ /dev/null @@ -1,68 +0,0 @@ -Make make_arg work with libfmt 10.1+ - -This ensures that compiler can find the correct template to use -Fixes - -mariadb-10.11.5/sql/item_strfunc.cc:1429:22: error: no matching functi -on for call to 'make_arg' -| 1429 | vargs[carg-1]= fmt::detail::make_arg(args[carg]->val_int()); -| | ^~ -| /mnt/b/yoe/master/build/tmp/work/cortexa72-cortexa53-crypto-yoe-linux/mariadb/10.11.5/recipe-sysroot/usr/include/fmt/core.h:1588:20: note: candidate functio -n [with Context = fmt::basic_format_context, T = long long] not viable: expects an lvalue for 1st argument -| 1588 | FMT_CONSTEXPR auto make_arg(T& val) -> basic_format_arg { -| |^~~ -| /mnt/b/yoe/master/build/tmp/work/cortexa72-cortexa53-crypto-yoe-linux/mariadb/10.11.5/recipe-sysroot/usr/include/fmt/core.h:1559:31: note: candidate templat -e ignored: invalid explicitly-specified argument for template parameter 'PACKED' -| 1559 | FMT_CONSTEXPR FMT_INLINE auto make_arg(T& [ 46%] Building C object mysys/CMakeFiles/mysys.dir/my_likely.c.o -| val) -> value { -| | ^ -| /mnt/b/yoe/master/build/tmp/work/cortexa72-cortexa53-crypto-yoe-linux/mariadb/10.11.5/recipe-sysroot/usr/include/fmt/core.h:1596:27: note: candidate templat -e ignored: invalid explicitly-specified argument for template parameter 'PACKED' -| 1596 | FMT_CONSTEXPR inline auto make_arg(T& val) -> basic_format_arg { -| | ^ - -Upstream-Status: Pending -Signed-off-by: Khem Raj - a/cmake/libfmt.cmake -+++ b/cmake/libfmt.cmake -@@ -33,8 +33,9 @@ MACRO (CHECK_LIBFMT) - #include - #include - int main() { -+ int val = 42; -fmt::format_args::format_arg arg= -- fmt::detail::make_arg(42); -+ fmt::detail::make_arg(val); - std::cout << fmt::vformat(\"The answer is {}.\", -fmt::format_args(, 1)); - }" HAVE_SYSTEM_LIBFMT) a/sql/item_strfunc.cc -+++ b/sql/item_strfunc.cc -@@ -1426,14 +1426,22 @@ String *Item_func_sformat::val_str(Strin - switch (args[carg]->result_type()) - { - case INT_RESULT: -- vargs[carg-1]= fmt::detail::make_arg(args[carg]->val_int()); -+ int intval; -+ intval = args[carg]->val_int(); -+ vargs[carg-1]= fmt::detail::make_arg(intval); - break; - case DECIMAL_
[oe] Dunfell merge request: Jan 16th
The following changes since commit fc632d5bb0936e91e4e0191547b9aa8ca47b4ffe: wireshark: fix CVE-2022-4345 multiple (BPv6, OpenFlow, and Kafka protocol) dissector infinite loops (2023-12-17 15:36:42 -0500) are available in the Git repository at: https://git.openembedded.org/meta-openembedded dunfell-next for you to fetch changes up to daa4619fe3fbf8c28f342c4a7163a84a330f7653: postgresql: Update to 12.17 (2024-01-16 07:31:14 -0500) Hitendra Prajapati (1): proftpd: Fix CVE-2023-51713 Out-of-bounds buffer read Robert Joslyn (1): postgresql: Update to 12.17 Vijay Anusuri (1): strongswan: Backport fix for CVE-2023-41913 virendra thakur (2): opensc: Fix CVE-2023-40660 opensc: Fix CVE-2023-40661 .../recipes-daemons/proftpd/files/CVE-2023-51713.patch | 278 meta-networking/recipes-daemons/proftpd/proftpd_1.3.6.bb | 1 + .../recipes-support/strongswan/files/CVE-2023-41913.patch | 46 + meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb | 1 + .../postgresql/{postgresql_12.16.bb => postgresql_12.17.bb} | 2 +- meta-oe/recipes-support/opensc/opensc/CVE-2023-40660.patch | 55 ++ meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-1.patch | 47 + meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-2.patch | 32 meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-3.patch | 31 meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-4.patch | 28 +++ meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-5.patch | 30 +++ meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-6.patch | 30 +++ meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-7.patch | 40 meta-oe/recipes-support/opensc/opensc_0.20.0.bb | 8 + 14 files changed, 628 insertions(+), 1 deletion(-) create mode 100644 meta-networking/recipes-daemons/proftpd/files/CVE-2023-51713.patch create mode 100644 meta-networking/recipes-support/strongswan/files/CVE-2023-41913.patch rename meta-oe/recipes-dbs/postgresql/{postgresql_12.16.bb => postgresql_12.17.bb} (73%) create mode 100644 meta-oe/recipes-support/opensc/opensc/CVE-2023-40660.patch create mode 100644 meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-1.patch create mode 100644 meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-2.patch create mode 100644 meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-3.patch create mode 100644 meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-4.patch create mode 100644 meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-5.patch create mode 100644 meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-6.patch create mode 100644 meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-7.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108301): https://lists.openembedded.org/g/openembedded-devel/message/108301 Mute This Topic: https://lists.openembedded.org/mt/103760463/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] kirkstone merge request: Jan 13th
The following changes since commit 402affcc073db39f782c1ebfd718edd5f11eed4c: squid: fix CVE-2023-46847 Denial of Service in HTTP Digest Authentication (2023-12-13 13:35:51 -0500) are available in the Git repository at: https://git.openembedded.org/meta-openembedded kirkstone-next for you to fetch changes up to 730e44900a0a86265bad93a16b5a5ff344a07266: proftpd: Fix CVE-2023-51713 Out-of-bounds buffer read (2024-01-12 07:14:16 -0500) Archana Polampalli (3): strongswan: upgrade 5.9.6 -> 5.9.12 cjson: upgrade 1.7.15 -> 1.7.17 samba: fix CVE-2023-42669 Hitendra Prajapati (1): proftpd: Fix CVE-2023-51713 Out-of-bounds buffer read Jeffrey Pautler (1): apache2: add vendor to product name used for CVE checking Martin Jansa (1): glmark2: inherit python3native to fix build with python-3.12 on build host Narpat Mali (4): python3-django: Fix for CVE-2023-43665 and CVE-2023-46695 python3-django: upgrade 3.2.21 -> 3.2.23 python3-django: upgrade 4.2.5 -> 4.2.7 apache2: upgrade 2.4.57 -> 2.4.58 Rob Woolley (2): sip3: Add sipconfig.py sip3: Add py_ssize_t_clean argument Soumya (1): yasm: fix CVE-2023-37732 Wentao Zhang (1): libbytesize: update github branch to 'main' dnyandev (1): python3-pillow: Fix CVE-2023-44271 vkumbhar (2): wireshark: fix CVE-2023-1992 RPCoRDMA dissector crash wireshark: fix CVE-2022-4345 multiple (BPv6, OpenFlow, and Kafka protocol) dissector infinite loops .../recipes-connectivity/samba/samba/CVE-2023-42669.patch | 94 + meta-networking/recipes-connectivity/samba/samba_4.14.14.bb | 1 + .../recipes-daemons/proftpd/files/CVE-2023-51713.patch | 277 + meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb | 1 + .../strongswan/{strongswan_5.9.6.bb => strongswan_5.9.12.bb} | 12 +- .../recipes-support/wireshark/files/CVE-2022-4345.patch | 52 + .../recipes-support/wireshark/files/CVE-2023-1992.patch | 61 + meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb | 2 + meta-oe/recipes-benchmark/glmark2/glmark2_git.bb | 2 +- .../recipes-devtools/cjson/{cjson_1.7.15.bb => cjson_1.7.17.bb} | 2 +- ...-the-py_ssize_t_clean-argument-to-the-module-directive.patch | 17679 ++ meta-oe/recipes-devtools/sip/sip3_4.19.23.bb | 21 +- meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch | 41 + meta-oe/recipes-devtools/yasm/yasm_git.bb | 1 + meta-oe/recipes-support/libbytesize/libbytesize_2.6.bb | 2 +- .../recipes-devtools/python/python3-django/CVE-2023-43665.patch | 199 + .../recipes-devtools/python/python3-django/CVE-2023-46695.patch | 90 + meta-python/recipes-devtools/python/python3-django_2.2.28.bb | 2 + .../{python3-django_3.2.21.bb => python3-django_3.2.23.bb} | 4 +- .../python/{python3-django_4.2.5.bb => python3-django_4.2.7.bb} | 4 +- .../recipes-devtools/python/python3-pillow/CVE-2023-44271.patch | 156 + meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb | 1 + ...1-modules-mappers-config9.m4-Add-server-directory-to-i.patch | 31 - .../apache2/{apache2_2.4.57.bb => apache2_2.4.58.bb} | 5 +- 24 files changed, 18693 insertions(+), 47 deletions(-) create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch create mode 100644 meta-networking/recipes-daemons/proftpd/files/CVE-2023-51713.patch rename meta-networking/recipes-support/strongswan/{strongswan_5.9.6.bb => strongswan_5.9.12.bb} (96%) create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch rename meta-oe/recipes-devtools/cjson/{cjson_1.7.15.bb => cjson_1.7.17.bb} (91%) create mode 100644 meta-oe/recipes-devtools/sip/sip3/added-the-py_ssize_t_clean-argument-to-the-module-directive.patch create mode 100644 meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch create mode 100644 meta-python/recipes-devtools/python/python3-django/CVE-2023-43665.patch create mode 100644 meta-python/recipes-devtools/python/python3-django/CVE-2023-46695.patch rename meta-python/recipes-devtools/python/{python3-django_3.2.21.bb => python3-django_3.2.23.bb} (61%) rename meta-python/recipes-devtools/python/{python3-django_4.2.5.bb => python3-django_4.2.7.bb} (61%) create mode 100644 meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.57.bb => apache2_2.4.58.bb} (97%) -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108265): https://lists.openembedded.org/g/openembedded-devel/message/108265 Mute This Topic:
Re: [oe][meta-networking][dunfell][PATCH] wireshark: Backport fix for CVE-2023-1992 RPCoRDMA: Frame end cleanup for global write offsets
On 1/5/24 4:06 AM, Ashish Sharma via lists.openembedded.org wrote: Upstream-Status: Backport from [https://gitlab.com/colin.mcinnes/wireshark/-/commit/3c8be14c827f1587da3c2b3bb0d9c04faff57413] Signed-off-by: Ashish Sharma Please rebase against current Dunfell. BR, Armin --- .../wireshark/files/CVE-2023-1992.patch | 62 +++ .../wireshark/wireshark_3.2.18.bb | 1 + 2 files changed, 63 insertions(+) create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch new file mode 100644 index 00..2fbef6bae0 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch @@ -0,0 +1,62 @@ +From 3c8be14c827f1587da3c2b3bb0d9c04faff57413 Mon Sep 17 00:00:00 2001 +From: John Thacker +Date: Sun, 19 Mar 2023 15:16:39 -0400 +Subject: [PATCH] RPCoRDMA: Frame end cleanup for global write offsets + +Add a frame end routine for a global which is assigned to packet +scoped memory. It really should be made proto data, but is used +in a function in the header (that doesn't take the packet info +struct as an argument) and this fix needs to be made in stable +branches. + +Fix #18852 +--- +Upstream-Status: Backport from [https://gitlab.com/colin.mcinnes/wireshark/-/commit/3c8be14c827f1587da3c2b3bb0d9c04faff57413] +CVE: CVE-2023-1992 +Signed-off-by: Ashish Sharma + + epan/dissectors/packet-rpcrdma.c | 14 ++ + 1 file changed, 14 insertions(+) + +diff --git a/epan/dissectors/packet-rpcrdma.c b/epan/dissectors/packet-rpcrdma.c +index 680187b2653..3f250f0ea1c 100644 +--- a/epan/dissectors/packet-rpcrdma.c b/epan/dissectors/packet-rpcrdma.c +@@ -24,6 +24,7 @@ + #include + + #include "packet-rpcrdma.h" ++#include "packet-frame.h" + #include "packet-infiniband.h" + #include "packet-iwarp-ddp-rdmap.h" + +@@ -285,6 +286,18 @@ void rpcrdma_insert_offset(gint offset) + wmem_array_append_one(gp_rdma_write_offsets, offset); + } + ++/* ++ * Reset the array of write offsets at the end of the frame. These ++ * are packet scoped, so they don't need to be freed, but we want ++ * to ensure that the global doesn't point to no longer allocated ++ * memory in a later packet. ++ */ ++static void ++reset_write_offsets(void) ++{ ++gp_rdma_write_offsets = NULL; ++} ++ + /* Get conversation state, it is created if it does not exist */ + static rdma_conv_info_t *get_rdma_conv_info(packet_info *pinfo) + { +@@ -1600,6 +1613,7 @@ dissect_rpcrdma(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data + if (write_size > 0 && !pinfo->fd->visited) { + /* Initialize array of write chunk offsets */ + gp_rdma_write_offsets = wmem_array_new(wmem_packet_scope(), sizeof(gint)); ++register_frame_end_routine(pinfo, reset_write_offsets); + TRY { + /* + * Call the upper layer dissector to get a list of offsets +-- +GitLab + diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb index 64e436df38..eb43574f9f 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb @@ -18,6 +18,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz file://CVE-2023-0667.patch \ file://CVE-2023-0668.patch \ file://CVE-2023-2906.patch \ + file://CVE-2023-1992.patch \ " UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src; -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108078): https://lists.openembedded.org/g/openembedded-devel/message/108078 Mute This Topic: https://lists.openembedded.org/mt/103539863/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][kirkstone][PATCH] apache2: add vendor to product name used for CVE checking
From: Jeffrey Pautler This recipe sets the product name used for CVE checking to "http_server". However, the cve-check logic matches that name to all products in the CVE database regardless of vendor. Currently, it is matching to products from vendors other than apache. As a result, CVE checking incorrectly reports CVEs for those vendors' products for this package. Signed-off-by: Jeffrey Pautler Signed-off-by: Khem Raj (cherry picked from commit 51f70eaaa5973e385645f574093ee860f5648f88) Signed-off-by: Armin Kuster --- meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb index 9ffdf3265a..3fbc975fca 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb @@ -36,7 +36,7 @@ inherit autotools update-rc.d pkgconfig systemd update-alternatives DEPENDS = "openssl expat pcre apr apr-util apache2-native " -CVE_PRODUCT = "http_server" +CVE_PRODUCT = "apache:http_server" SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108076): https://lists.openembedded.org/g/openembedded-devel/message/108076 Mute This Topic: https://lists.openembedded.org/mt/103582535/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] mickledore merge request: Jan 7th
The following changes since commit f29290563cb821fae95340ba959749641c69ed7f: python3-django: move to version 4.2.7 (2023-12-04 09:47:03 -0500) are available in the Git repository at: https://git.openembedded.org/meta-openembedded mickledore-next for you to fetch changes up to 8e1f0fa6bfac0e96fedc666fe9066f92c85afb27: nginx: fix CVE-2023-44487 (2024-01-07 13:15:11 -0500) Alexandre Belloni (1): poco: fix branch Meenali Gupta (1): nginx: fix CVE-2023-44487 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108075): https://lists.openembedded.org/g/openembedded-devel/message/108075 Mute This Topic: https://lists.openembedded.org/mt/103582035/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] nanbield merge request: Jan 5th
The following changes since commit 1750c66ae8e4268c472c0b2b94748a59d6ef866d: emlog: Add PV (2023-11-01 08:16:30 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded nanbield-next for you to fetch changes up to 2da6e1b0e43a8993fd422fee3f83940100b59f4c: poco: fix branch (2024-01-05 07:52:17 -0500) Alexandre Belloni (1): poco: fix branch Christian Eggers (1): python3-gcovr: switch to main branch Dylan Turner (1): apache2: v2.4.57 to v2.4.58 to fix CVE-2023-43622 Edi Feschiyan (1): libbytesize: update SRC_URI Fabio Estevam (3): openocd: Use https for github python3-piccata: Use https for github multipath-tools: Use https for github Jeffrey Pautler (1): apache2: add vendor to product name used for CVE checking Jonas Gorski (1): frr: fix CVEs CVE-2023-4675{2,3} and CVE-2023-4723{4,5} Khem Raj (3): hwdata: upgrade 0.370 -> 0.375 openvpn: upgrade 2.6.3 -> 2.6.6 python3-scapy: upgrade to latest revision Ross Burton (1): yajl: fix CVE-2017-16516, CVE-2022-24795, CVE-2023-33460 Wang Mingyu (3): hdf5: Fix install conflict when enable multilib. dnf-plugin-tui: Recover BBCLASSEXTEND variants strongswan: upgrade 5.9.11 -> 5.9.12 Zoltán Böszörményi (3): python3-ninja-syntax: Set BBCLASSEXTEND = "native nativesdk" python3-ninja: Set BBCLASSEXTEND = "native nativesdk" geos: Fix packaging meta-networking/recipes-devtools/python/python3-scapy_2.5.0.bb | 2 +- meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch | 125 meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch | 117 ++ meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch | 95 + meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch | 112 + meta-networking/recipes-protocols/frr/frr_9.0.1.bb | 6 ++ .../openvpn/{openvpn_2.6.3.bb => openvpn_2.6.6.bb} | 4 +- .../strongswan/{strongswan_5.9.11.bb => strongswan_5.9.12.bb} | 2 +- meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb | 2 + meta-oe/recipes-devtools/openocd/openocd_git.bb | 2 +- meta-oe/recipes-devtools/yajl/yajl/CVE-2017-16516.patch | 37 meta-oe/recipes-devtools/yajl/yajl/CVE-2022-24795.patch | 59 + meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch | 35 meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb | 6 +- meta-oe/recipes-navigation/geos/geos_3.12.0.bb | 2 +- meta-oe/recipes-support/hdf5/hdf5_1.14.2.bb | 6 +- .../recipes-support/hwdata/{hwdata_0.370.bb => hwdata_0.375.bb} | 2 +- meta-oe/recipes-support/libbytesize/libbytesize_2.10.bb | 2 +- .../recipes-support/multipath-tools/multipath-tools_0.9.3.bb | 2 +- meta-oe/recipes-support/poco/poco_1.12.4.bb | 4 +- meta-python/recipes-devtools/python/python3-gcovr_6.0.bb | 2 +- .../recipes-devtools/python/python3-ninja-syntax_1.7.2.bb | 4 +- meta-python/recipes-devtools/python/python3-ninja_1.11.1.bb | 1 + .../recipes-devtools/python3-piccata/python3-piccata_2.0.3.bb | 2 +- ...1-modules-mappers-config9.m4-Add-server-directory-to-i.patch | 31 --- .../apache2/{apache2_2.4.57.bb => apache2_2.4.58.bb} | 5 +- 26 files changed, 617 insertions(+), 50 deletions(-) create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch rename meta-networking/recipes-support/openvpn/{openvpn_2.6.3.bb => openvpn_2.6.6.bb} (95%) rename meta-networking/recipes-support/strongswan/{strongswan_5.9.11.bb => strongswan_5.9.12.bb} (99%) create mode 100644 meta-oe/recipes-devtools/yajl/yajl/CVE-2017-16516.patch create mode 100644 meta-oe/recipes-devtools/yajl/yajl/CVE-2022-24795.patch create mode 100644 meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch rename meta-oe/recipes-support/hwdata/{hwdata_0.370.bb => hwdata_0.375.bb} (91%) delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.57.bb => apache2_2.4.58.bb} (98%) -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108046): https://lists.openembedded.org/g/openembedded-devel/message/108046 Mute This Topic: https://lists.openembedded.org/mt/103541634/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe:
[oe] [meta-oe][nanbield][PATCH 17/17] apache2: v2.4.57 to v2.4.58 to fix CVE-2023-43622
From: Dylan Turner Note that patch 0011-modules... is no longer needed as it's included in the upgrade as well. CVE: CVE-2023-43622 Signed-off-by: Dylan Turner Signed-off-by: Khem Raj (cherry picked from commit 9f0b5053410d5958e089351b93199efd3473d3de) Signed-off-by: Armin Kuster --- ...config9.m4-Add-server-directory-to-i.patch | 31 --- .../{apache2_2.4.57.bb => apache2_2.4.58.bb} | 3 +- 2 files changed, 1 insertion(+), 33 deletions(-) delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.57.bb => apache2_2.4.58.bb} (98%) diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch b/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch deleted file mode 100644 index 9accbf18a1..00 --- a/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 5c9257fa34335ff83f7c01581cf953111072a457 Mon Sep 17 00:00:00 2001 -From: Valeria Petrov -Date: Tue, 18 Apr 2023 15:38:53 +0200 -Subject: [PATCH] * modules/mappers/config9.m4: Add 'server' directory to - include path if mod_rewrite is enabled. - -Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision=1909241] - - modules/mappers/config9.m4 | 5 + - 1 file changed, 5 insertions(+) - -diff --git a/modules/mappers/config9.m4 b/modules/mappers/config9.m4 -index 55a97ab993..7120b729b7 100644 a/modules/mappers/config9.m4 -+++ b/modules/mappers/config9.m4 -@@ -14,6 +14,11 @@ APACHE_MODULE(userdir, mapping of requests to user-specific directories, , , mos - APACHE_MODULE(alias, mapping of requests to different filesystem parts, , , yes) - APACHE_MODULE(rewrite, rule based URL manipulation, , , most) - -+if test "x$enable_rewrite" != "xno"; then -+# mod_rewrite needs test_char.h -+APR_ADDTO(INCLUDES, [-I\$(top_builddir)/server]) -+fi -+ - APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current]) - - APACHE_MODPATH_FINISH --- -2.25.1 - diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb similarity index 98% rename from meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb rename to meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb index bbc1c6c48a..e4f7e1ceb8 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb @@ -16,7 +16,6 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \ file://0008-Fix-perl-install-directory-to-usr-bin.patch \ file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \ file://0001-make_exports.awk-not-expose-the-path.patch \ - file://0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch \ " SRC_URI:append:class-target = " \ @@ -28,7 +27,7 @@ SRC_URI:append:class-target = " \ " LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" -SRC_URI[sha256sum] = "dbccb84aee95e095edfbb81e5eb926ccd24e6ada55dcd83caecb262e5cf94d2a" +SRC_URI[sha256sum] = "fa16d72a078210a54c47dd5bef2f8b9b8a01d94909a51453956b3ec6442ea4c5" S = "${WORKDIR}/httpd-${PV}" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107899): https://lists.openembedded.org/g/openembedded-devel/message/107899 Mute This Topic: https://lists.openembedded.org/mt/103421505/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 16/17] frr: fix CVEs CVE-2023-4675{2,3} and CVE-2023-4723{4,5}
From: Jonas Gorski Add patches fixing CVE CVE-2023-46752, CVE-2023-46753, CVE-2023-47234, and CVE-2023-47235 to FRR 9.0. Patch order is commit order, not CVE numerical order, to avoid fuzz / need for rebasing of the patches. References: https://nvd.nist.gov/vuln/detail/CVE-2023-46752 https://nvd.nist.gov/vuln/detail/CVE-2023-46753 https://nvd.nist.gov/vuln/detail/CVE-2023-47234 https://nvd.nist.gov/vuln/detail/CVE-2023-47235 Signed-off-by: Jonas Gorski Signed-off-by: Khem Raj (cherry picked from commit 00e928bcb7e933ada8e67f3bfa887988d1ca9d61) Signed-off-by: Armin Kuster --- .../frr/frr/CVE-2023-46752.patch | 125 ++ .../frr/frr/CVE-2023-46753.patch | 117 .../frr/frr/CVE-2023-47234.patch | 95 + .../frr/frr/CVE-2023-47235.patch | 112 .../recipes-protocols/frr/frr_9.0.1.bb| 6 + 5 files changed, 455 insertions(+) create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch new file mode 100644 index 00..e1f30248ca --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch @@ -0,0 +1,125 @@ +From b08afc81c60607a4f736f418f2e3eb06087f1a35 Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis +Date: Fri, 20 Oct 2023 17:49:18 +0300 +Subject: [PATCH] bgpd: Handle MP_REACH_NLRI malformed packets with session + reset + +Avoid crashing bgpd. + +``` +(gdb) +bgp_mp_reach_parse (args=, mp_update=0x7fffe140) at bgpd/bgp_attr.c:2341 +2341 stream_get(>mp_nexthop_global, s, IPV6_MAX_BYTELEN); +(gdb) +stream_get (dst=0x7fffe1ac, s=0x70006e80, size=16) at lib/stream.c:320 +320{ +(gdb) +321STREAM_VERIFY_SANE(s); +(gdb) +323if (STREAM_READABLE(s) < size) { +(gdb) +34 return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); +(gdb) + +Thread 1 "bgpd" received signal SIGSEGV, Segmentation fault. +0x556e37be in route_set_aspath_prepend (rule=0x55aac0d0, prefix=0x7fffe050, +object=0x7fffdb00) at bgpd/bgp_routemap.c:2282 +2282 if (path->attr->aspath->refcnt) +(gdb) +``` + +With the configuration: + +``` + neighbor 127.0.0.1 remote-as external + neighbor 127.0.0.1 passive + neighbor 127.0.0.1 ebgp-multihop + neighbor 127.0.0.1 disable-connected-check + neighbor 127.0.0.1 update-source 127.0.0.2 + neighbor 127.0.0.1 timers 3 90 + neighbor 127.0.0.1 timers connect 1 + address-family ipv4 unicast + redistribute connected + neighbor 127.0.0.1 default-originate + neighbor 127.0.0.1 route-map RM_IN in + exit-address-family +! +route-map RM_IN permit 10 + set as-path prepend 200 +exit +``` + +Reported-by: Iggy Frankovic +Signed-off-by: Donatas Abraitis +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/b08afc81c60607a4f736f418f2e3eb06087f1a35] +CVE: CVE-2023-46752 +Signed-off-by: Jonas Gorski +--- + bgpd/bgp_attr.c | 6 +- + bgpd/bgp_attr.h | 1 - + bgpd/bgp_packet.c | 6 +- + 3 files changed, 2 insertions(+), 11 deletions(-) + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index 6925aff727e2..e7bb42a5d989 100644 +--- a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +@@ -2421,7 +2421,7 @@ int bgp_mp_reach_parse(struct bgp_attr_parser_args *args, + + mp_update->afi = afi; + mp_update->safi = safi; +- return BGP_ATTR_PARSE_EOR; ++ return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_MAL_ATTR, 0); + } + + mp_update->afi = afi; +@@ -3759,10 +3759,6 @@ enum bgp_attr_parse_ret bgp_attr_parse(struct peer *peer, struct attr *attr, + goto done; + } + +- if (ret == BGP_ATTR_PARSE_EOR) { +- goto done; +- } +- + if (ret == BGP_ATTR_PARSE_ERROR) { + flog_warn(EC_BGP_ATTRIBUTE_PARSE_ERROR, + "%s: Attribute %s, parse error", peer->host, +diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h +index 961e5f122470..fc347e7a1b4b 100644 +--- a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h +@@ -364,7 +364,6 @@ enum bgp_attr_parse_ret { + /* only used internally, send notify + convert to BGP_ATTR_PARSE_ERROR +*/ + BGP_ATTR_PARSE_ERROR_NOTIFYPLS = -3, +- BGP_ATTR_PARSE_EOR = -4, + }; + + struct bpacket_attr_vec_arr; +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index b585591e2f69..5ecf343b6657 100644 +--- a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +@@ -2397,8
[oe] [meta-oe][nanbield][PATCH 15/17] strongswan: upgrade 5.9.11 -> 5.9.12
From: Wang Mingyu Changelog: == - Fixed a vulnerability in charon-tkm related to processing DH public values that can lead to a buffer overflow and potentially remote code execution. - The new `pki --ocsp` command produces OCSP responses based on certificate status information provided by plugins. - The cert-enroll script handles the initial enrollment of an X.509 host certificate with a PKI server via the EST or SCEP protocols. - The --priv argument for charon-cmd allows using any type of private key. - Support for nameConstraints of type iPAddress has been added (the openssl plugin previously didn't support nameConstraints at all). - SANs of type uniformResourceIdentifier can now be encoded in certificates. - Password-less PKCS#12 and PKCS#8 files are supported. - A new global option allows preventing peers from authenticating with trusted end-entity certificates (i.e. local certificates). - ECDSA public keys that encode curve parameters explicitly are now rejected by all plugins that support ECDSA. - charon-nm now actually uses the XFRM interfaces added with 5.9.10, it can also use the name in connection.interface-name. - The resolve plugin tries to maintain the order of installed DNS servers. - The kernel-libipsec plugin always installs routes even if no address is found in the local traffic selectors. - Increased the default receive buffer size for Netlink sockets to 8 MiB and simplified its configuration. - Copy the issuer's subjectKeyIdentifier as authorityKeyIdentifier instead of always generating a hash of the subjectPublicKey. - Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with unrelated traffic selectors. - Fixed a possible infinite loop issue in watcher_t and removed WATCHER_EXCEPT, instead callbacks are always invoked even if only errors are signaled. - Fixed a regression in the IKE_SA_INIT tracking code added with 5.9.6 when handling invalid messages. - Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs. - Correctly encode SPI from REKEY_SA notify in CHILD_SA_NOT_FOUND notify if CHILD_SA is not found during rekeying. - The testing environment is now based on Debian 12 (bookworm), by default. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 077489fda8f27336942457da1eaa022804f327c2) Signed-off-by: Armin Kuster --- .../strongswan/{strongswan_5.9.11.bb => strongswan_5.9.12.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-support/strongswan/{strongswan_5.9.11.bb => strongswan_5.9.12.bb} (99%) diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.11.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb similarity index 99% rename from meta-networking/recipes-support/strongswan/strongswan_5.9.11.bb rename to meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb index fb1bea2d87..87d12bc6c8 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.11.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb @@ -11,7 +11,7 @@ DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \ " -SRC_URI[sha256sum] = "ddf53f1f26ad26979d5f55e8da95bd389552f5de3682e35593f9a70b2584ed2d" +SRC_URI[sha256sum] = "5e6018b07cbe9f72c044c129955a13be3e2f799ceb53f53a4459da6a922b95e5" UPSTREAM_CHECK_REGEX = "strongswan-(?P\d+(\.\d+)+)\.tar" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107897): https://lists.openembedded.org/g/openembedded-devel/message/107897 Mute This Topic: https://lists.openembedded.org/mt/103421502/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 14/17] apache2: add vendor to product name used for CVE checking
From: Jeffrey Pautler This recipe sets the product name used for CVE checking to "http_server". However, the cve-check logic matches that name to all products in the CVE database regardless of vendor. Currently, it is matching to products from vendors other than apache. As a result, CVE checking incorrectly reports CVEs for those vendors' products for this package. Signed-off-by: Jeffrey Pautler Signed-off-by: Khem Raj (cherry picked from commit 51f70eaaa5973e385645f574093ee860f5648f88) Signed-off-by: Armin Kuster --- meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb index 00f8aaa415..bbc1c6c48a 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb @@ -36,7 +36,7 @@ inherit autotools update-rc.d pkgconfig systemd update-alternatives DEPENDS = "openssl expat pcre apr apr-util apache2-native " -CVE_PRODUCT = "http_server" +CVE_PRODUCT = "apache:http_server" SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107896): https://lists.openembedded.org/g/openembedded-devel/message/107896 Mute This Topic: https://lists.openembedded.org/mt/103421501/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 13/17] geos: Fix packaging
From: Zoltán Böszörményi Due to the library file name change, the subpackage "geoslib" does not get generated, and the main geos package has unsatisfied dependencies. Signed-off-by: Zoltán Böszörményi Signed-off-by: Khem Raj (cherry picked from commit 405ee461078cfed493bd6ca06f922860be5081d0) Signed-off-by: Armin Kuster --- meta-oe/recipes-navigation/geos/geos_3.12.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-navigation/geos/geos_3.12.0.bb b/meta-oe/recipes-navigation/geos/geos_3.12.0.bb index 95cb29775a..0382e6bdfe 100644 --- a/meta-oe/recipes-navigation/geos/geos_3.12.0.bb +++ b/meta-oe/recipes-navigation/geos/geos_3.12.0.bb @@ -13,7 +13,7 @@ inherit cmake pkgconfig binconfig PACKAGES =+ "geoslib ${PN}-c1" DESCRIPTION:${PN}lib = "Geometry engine for Geographic Information Systems - C++ Library" -FILES:${PN}lib += "${libdir}/libgeos-${PV}.so" +FILES:${PN}lib += "${libdir}/libgeos.so.*" DESCRIPTION:${PN}-c1 = "Geometry engine for Geographic Information Systems - C Library" FILES:${PN}-c1 += "${libdir}/libgeos_c.so.*" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107895): https://lists.openembedded.org/g/openembedded-devel/message/107895 Mute This Topic: https://lists.openembedded.org/mt/103421500/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 12/17] libbytesize: update SRC_URI
From: Edi Feschiyan GitHub has been redirecting for a while, so switch SRC_URI from github.com/rhinstaller/libbytesize to github.com/storaged-project/libbytesize instead without redirects. Signed-off-by: Edi Feschiyan Signed-off-by: Khem Raj (cherry picked from commit 75bb23b3b03e225aa012be8bd5998223ae8f9b2f) Signed-off-by: Armin Kuster --- meta-oe/recipes-support/libbytesize/libbytesize_2.10.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-support/libbytesize/libbytesize_2.10.bb b/meta-oe/recipes-support/libbytesize/libbytesize_2.10.bb index 926a603b81..28e40f66e3 100644 --- a/meta-oe/recipes-support/libbytesize/libbytesize_2.10.bb +++ b/meta-oe/recipes-support/libbytesize/libbytesize_2.10.bb @@ -10,7 +10,7 @@ S = "${WORKDIR}/git" B = "${S}" SRCREV = "6e83cc6f6dff4f126fc79284e0c3c1c50123380d" -SRC_URI = "git://github.com/rhinstaller/libbytesize;branch=main;protocol=https" +SRC_URI = "git://github.com/storaged-project/libbytesize;branch=main;protocol=https" inherit gettext autotools pkgconfig python3native -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107894): https://lists.openembedded.org/g/openembedded-devel/message/107894 Mute This Topic: https://lists.openembedded.org/mt/103421498/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 11/17] dnf-plugin-tui: Recover BBCLASSEXTEND variants
From: Wang Mingyu dnf-plugin-tui must work on nativesdk environment. Now there's no warning when run the command "bitbake universe -c fetch". Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 5211242d3f9d4a03cbe9e8af9beed4096a344958) Signed-off-by: Armin Kuster --- meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb b/meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb index a5d614961a..8db456b99c 100644 --- a/meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb +++ b/meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb @@ -42,4 +42,6 @@ RDEPENDS:${PN} += " \ dnf \ libnewt-python \ " +BBCLASSEXTEND = "nativesdk" + SKIP_RECIPE[dnf-plugin-tui] ?= "${@bb.utils.contains('PACKAGE_CLASSES', 'package_rpm', '', 'does not build correctly without package_rpm in PACKAGE_CLASSES', d)}" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107893): https://lists.openembedded.org/g/openembedded-devel/message/107893 Mute This Topic: https://lists.openembedded.org/mt/103421497/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 10/17] yajl: fix CVE-2017-16516, CVE-2022-24795, CVE-2023-33460
From: Ross Burton Take three CVE fixes from Fedora, as the upstream repository is now dead. Signed-off-by: Ross Burton Signed-off-by: Khem Raj (cherry picked from commit 458fd00233a73d75d43b21b86b1425d75947b154) Signed-off-by: Armin Kuster --- .../yajl/yajl/CVE-2017-16516.patch| 37 .../yajl/yajl/CVE-2022-24795.patch| 59 +++ .../yajl/yajl/CVE-2023-33460.patch| 35 +++ meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb | 6 +- 4 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-devtools/yajl/yajl/CVE-2017-16516.patch create mode 100644 meta-oe/recipes-devtools/yajl/yajl/CVE-2022-24795.patch create mode 100644 meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch diff --git a/meta-oe/recipes-devtools/yajl/yajl/CVE-2017-16516.patch b/meta-oe/recipes-devtools/yajl/yajl/CVE-2017-16516.patch new file mode 100644 index 00..1241ff9e31 --- /dev/null +++ b/meta-oe/recipes-devtools/yajl/yajl/CVE-2017-16516.patch @@ -0,0 +1,37 @@ +From 0b5e73c4321de0ba1d495fdc0967054b2a77931c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Mon, 10 Jul 2023 13:36:10 +0100 +Subject: [PATCH] Fix for CVE-2017-16516 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Description: Fix for CVE-2017-16516 + Potential buffer overread: A JSON file can cause denial of service. +Origin: https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce + +CVE: CVE-2017-16516 +Upstream-Status: Submitted [https://github.com/lloyd/yajl/issues/248] +Signed-off-by: Ross Burton +--- + src/yajl_encode.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/yajl_encode.c b/src/yajl_encode.c +index fd08258..0d97cc5 100644 +--- a/src/yajl_encode.c b/src/yajl_encode.c +@@ -139,8 +139,8 @@ void yajl_string_decode(yajl_buf buf, const unsigned char * str, + end+=3; + /* check if this is a surrogate */ + if ((codepoint & 0xFC00) == 0xD800) { +-end++; +-if (str[end] == '\\' && str[end + 1] == 'u') { ++if (end + 2 < len && str[end + 1] == '\\' && str[end + 2] == 'u') { ++end++; + unsigned int surrogate = 0; + hexToDigit(, str + end + 2); + codepoint = +-- +2.34.1 + diff --git a/meta-oe/recipes-devtools/yajl/yajl/CVE-2022-24795.patch b/meta-oe/recipes-devtools/yajl/yajl/CVE-2022-24795.patch new file mode 100644 index 00..0dc859099d --- /dev/null +++ b/meta-oe/recipes-devtools/yajl/yajl/CVE-2022-24795.patch @@ -0,0 +1,59 @@ +From 17de4d15687aa30c49660dc4b792b1fb4d38b569 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Thu, 7 Apr 2022 17:29:54 +0200 +Subject: [PATCH] Fix CVE-2022-24795 + +There was an integer overflow in yajl_buf_ensure_available() leading +to allocating less memory than requested. Then data were written past +the allocated heap buffer in yajl_buf_append(), the only caller of +yajl_buf_ensure_available(). Another result of the overflow was an +infinite loop without a return from yajl_buf_ensure_available(). + +yajl-ruby project, which bundles yajl, fixed it +<https://github.com/brianmario/yajl-ruby/pull/211> by checking for the +integer overflow, fortifying buffer allocations, and report the +failures to a caller. But then the caller yajl_buf_append() skips +a memory write if yajl_buf_ensure_available() failed leading to a data +corruption. + +A yajl fork mainter recommended calling memory allocation callbacks with +the large memory request and let them to handle it. But that has the +problem that it's not possible pass the overely large size to the +callbacks. + +This patch catches the integer overflow and terminates the process +with abort(). + +CVE: CVE-2022-24795 +Upstream-Status: Submitted [https://github.com/lloyd/yajl/issues/239] +Signed-off-by: Ross Burton +--- + src/yajl_buf.c | 12 +++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/src/yajl_buf.c b/src/yajl_buf.c +index 1aeafde..55c11ad 100644 +--- a/src/yajl_buf.c b/src/yajl_buf.c +@@ -45,7 +45,17 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want) + + need = buf->len; + +-while (want >= (need - buf->used)) need <<= 1; ++if (((buf->used > want) ? buf->used : want) > (size_t)(buf->used + want)) { ++/* We cannot allocate more memory than SIZE_MAX. */ ++abort(); ++} ++while (want >= (need - buf->used)) { ++if (need >= (size_t)((size_t)(-1)<<1)>>1) { ++/* need would overflow. */ ++abort(); ++} ++need <<= 1; ++} + + if (need
[oe] [meta-oe][nanbield][PATCH 08/17] python3-ninja-syntax: Set BBCLASSEXTEND = "native nativesdk"
From: Zoltán Böszörményi python3-ninja is used as a build dependency by other modules. For that, python3-ninja and all its dependencies must be built in native mode. Signed-off-by: Zoltán Böszörményi Signed-off-by: Khem Raj (cherry picked from commit 0010c0c0553acb8a360b9743cec655950009d6b6) Signed-off-by: Armin Kuster --- .../recipes-devtools/python/python3-ninja-syntax_1.7.2.bb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta-python/recipes-devtools/python/python3-ninja-syntax_1.7.2.bb b/meta-python/recipes-devtools/python/python3-ninja-syntax_1.7.2.bb index ec7747307d..2f94f7a6a5 100644 --- a/meta-python/recipes-devtools/python/python3-ninja-syntax_1.7.2.bb +++ b/meta-python/recipes-devtools/python/python3-ninja-syntax_1.7.2.bb @@ -9,4 +9,6 @@ inherit pypi setuptools3 PYPI_PACKAGE = "ninja_syntax" UPSTREAM_CHECK_URI = "https://pypi.python.org/pypi/ninja_syntax/; -UPSTREAM_CHECK_REGEX = "/ninja_syntax/(?P(\d+[\.\-_]*)+)" \ No newline at end of file +UPSTREAM_CHECK_REGEX = "/ninja_syntax/(?P(\d+[\.\-_]*)+)" + +BBCLASSEXTEND = "native nativesdk" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107890): https://lists.openembedded.org/g/openembedded-devel/message/107890 Mute This Topic: https://lists.openembedded.org/mt/103421494/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 09/17] python3-ninja: Set BBCLASSEXTEND = "native nativesdk"
From: Zoltán Böszörményi python3-ninja is a build dependency for other python modules. For this, python3-ninja must be built for native mode. This partially reverts d4aa17dc436beb96a804860bc6d18cf72283709e ("meta-python: Drop broken BBCLASSEXTEND variants") Signed-off-by: Zoltán Böszörményi Signed-off-by: Khem Raj (cherry picked from commit 9b5ee4b0b2bf1a2abb181983a960a3802bca688f) Signed-off-by: Armin Kuster --- meta-python/recipes-devtools/python/python3-ninja_1.11.1.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-python/recipes-devtools/python/python3-ninja_1.11.1.bb b/meta-python/recipes-devtools/python/python3-ninja_1.11.1.bb index dd07968f03..3b9077f326 100644 --- a/meta-python/recipes-devtools/python/python3-ninja_1.11.1.bb +++ b/meta-python/recipes-devtools/python/python3-ninja_1.11.1.bb @@ -22,3 +22,4 @@ RDEPENDS:${PN} = " \ python3-ninja-syntax \ " +BBCLASSEXTEND = "native nativesdk" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107891): https://lists.openembedded.org/g/openembedded-devel/message/107891 Mute This Topic: https://lists.openembedded.org/mt/103421495/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 07/17] hdf5: Fix install conflict when enable multilib.
From: Wang Mingyu Error: Transaction test error: file /usr/bin/h5cc conflicts between attempted installs of lib32-hdf5-1.14.2-r0.armv7ahf_neon and hdf5-1.14.2-r0.cortexa57 file /usr/bin/h5hlcc conflicts between attempted installs of lib32-hdf5-1.14.2-r0.armv7ahf_neon and hdf5-1.14.2-r0.cortexa57 The differences of h5cc are as follows: @@ -44,7 +44,7 @@ exit $status ;; *) - /usr/bin/arm-pokymllib32-linux-gnueabi/arm-pokymllib32-linux-gnueabi-clang $@ `pkg-config --define-variable=prefix=$dir --cflags --libs hdf5` + /usr/bin/aarch64-poky-linux/aarch64-poky-linux-clang $@ `pkg-config --define-variable=prefix=$dir --cflags --libs hdf5` status=$? exit $status ;; The differences of h5hlcc are as follows: @@ -44,7 +44,7 @@ exit $status ;; *) - /usr/bin/arm-pokymllib32-linux-gnueabi/arm-pokymllib32-linux-gnueabi-clang $@ `pkg-config --define-variable=prefix=$dir --cflags --libs hdf5_hl` + /usr/bin/aarch64-poky-linux/aarch64-poky-linux-clang $@ `pkg-config --define-variable=prefix=$dir --cflags --libs hdf5_hl` status=$? exit $status ;; Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit fc7666e5bc01ddcdc16d9d3b838be5c35d84fda2) Signed-off-by: Armin Kuster --- meta-oe/recipes-support/hdf5/hdf5_1.14.2.bb | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/meta-oe/recipes-support/hdf5/hdf5_1.14.2.bb b/meta-oe/recipes-support/hdf5/hdf5_1.14.2.bb index 68b91c0b0c..e716430673 100644 --- a/meta-oe/recipes-support/hdf5/hdf5_1.14.2.bb +++ b/meta-oe/recipes-support/hdf5/hdf5_1.14.2.bb @@ -7,7 +7,7 @@ SECTION = "libs" LICENSE = "HDF5" LIC_FILES_CHKSUM = "file://COPYING;md5=9ba0f3d878ab6c2403c86e9b0362d998" -inherit cmake siteinfo qemu multilib_header +inherit cmake siteinfo qemu multilib_header multilib_script DEPENDS += "qemu-native zlib" @@ -40,6 +40,10 @@ EOF do_unpack[postfuncs] += "gen_emu" +MULTILIB_SCRIPTS += "${PN}:${bindir}/h5cc \ + ${PN}:${bindir}/h5hlcc \ +" + do_install:append() { # Used for generating config files on target install -m 755 ${B}/bin/H5detect ${D}${bindir} -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107889): https://lists.openembedded.org/g/openembedded-devel/message/107889 Mute This Topic: https://lists.openembedded.org/mt/103421493/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 06/17] python3-scapy: upgrade to latest revision
From: Khem Raj Signed-off-by: Khem Raj (cherry picked from commit ca49f2025e65713811e73e894c60cb78be1ed34c) Signed-off-by: Armin Kuster --- meta-networking/recipes-devtools/python/python3-scapy_2.5.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-networking/recipes-devtools/python/python3-scapy_2.5.0.bb b/meta-networking/recipes-devtools/python/python3-scapy_2.5.0.bb index cc3f2ee1dd..4858e4e579 100644 --- a/meta-networking/recipes-devtools/python/python3-scapy_2.5.0.bb +++ b/meta-networking/recipes-devtools/python/python3-scapy_2.5.0.bb @@ -16,7 +16,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263" # If you want ptest support, use the git repo # UTscapy does not exist in the pypi pkg # -SRCREV = "9473f77d8b548c8e478e52838bdd4c12f5d4f4ff" +SRCREV = "0474c37bf1d147c969173d52ab3ac76d2404d981" SRC_URI = "git://github.com/secdev/scapy.git;branch=master;protocol=https \ file://run-ptest" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107888): https://lists.openembedded.org/g/openembedded-devel/message/107888 Mute This Topic: https://lists.openembedded.org/mt/103421492/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 04/17] hwdata: upgrade 0.370 -> 0.375
From: Khem Raj Signed-off-by: Khem Raj (cherry picked from commit 730a12716efce66263da55045eac69554c24bc1b) Signed-off-by: Armin Kuster --- .../recipes-support/hwdata/{hwdata_0.370.bb => hwdata_0.375.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-support/hwdata/{hwdata_0.370.bb => hwdata_0.375.bb} (91%) diff --git a/meta-oe/recipes-support/hwdata/hwdata_0.370.bb b/meta-oe/recipes-support/hwdata/hwdata_0.375.bb similarity index 91% rename from meta-oe/recipes-support/hwdata/hwdata_0.370.bb rename to meta-oe/recipes-support/hwdata/hwdata_0.375.bb index 56d4253772..b834069733 100644 --- a/meta-oe/recipes-support/hwdata/hwdata_0.370.bb +++ b/meta-oe/recipes-support/hwdata/hwdata_0.375.bb @@ -5,7 +5,7 @@ SECTION = "System/Base" LICENSE = "GPL-2.0-or-later | XFree86-1.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=1556547711e8246992b999edd9445a57" -SRCREV = "21cb47beb1716545b25dfe8ae1b9e079c73b85d9" +SRCREV = "b9ba5bc9eecbeeff441806695b227c3c3de4755c" SRC_URI = "git://github.com/vcrhonek/${BPN}.git;branch=master;protocol=https" S = "${WORKDIR}/git" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107886): https://lists.openembedded.org/g/openembedded-devel/message/107886 Mute This Topic: https://lists.openembedded.org/mt/103421489/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 05/17] openvpn: upgrade 2.6.3 -> 2.6.6
From: Khem Raj License-Update: Added Apache2 linking exception Signed-off-by: Khem Raj (cherry picked from commit 45ad525348569f8f5f694a88bb311dbf83998304) Signed-off-by: Armin Kuster --- .../openvpn/{openvpn_2.6.3.bb => openvpn_2.6.6.bb}| 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-networking/recipes-support/openvpn/{openvpn_2.6.3.bb => openvpn_2.6.6.bb} (95%) diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.6.3.bb b/meta-networking/recipes-support/openvpn/openvpn_2.6.6.bb similarity index 95% rename from meta-networking/recipes-support/openvpn/openvpn_2.6.3.bb rename to meta-networking/recipes-support/openvpn/openvpn_2.6.6.bb index a5fc158749..3688ce4091 100644 --- a/meta-networking/recipes-support/openvpn/openvpn_2.6.3.bb +++ b/meta-networking/recipes-support/openvpn/openvpn_2.6.6.bb @@ -2,7 +2,7 @@ SUMMARY = "A full-featured SSL VPN solution via tun device." HOMEPAGE = "https://openvpn.net/; SECTION = "net" LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=3170e982baae61dbb8de963317d1ac94" +LIC_FILES_CHKSUM = "file://COPYING;md5=d8d34ce6390552676e4ce8279f13c48a" DEPENDS = "lzo lz4 openssl iproute2 libcap-ng ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" inherit autotools systemd update-rc.d pkgconfig @@ -14,7 +14,7 @@ SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \ UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads; -SRC_URI[sha256sum] = "13b207a376d8880507c74ff78aabc3778a9da47c89f1e247dcee3c7237138ff6" +SRC_URI[sha256sum] = "3b074f392818b31aa529b84f76e8b5e4ad03fca764924f46d906bceaaf421034" CVE_STATUS[CVE-2020-27569] = "not-applicable-config: Applies only Aviatrix OpenVPN client, not openvpn" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107887): https://lists.openembedded.org/g/openembedded-devel/message/107887 Mute This Topic: https://lists.openembedded.org/mt/103421491/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 03/17] multipath-tools: Use https for github
From: Fabio Estevam Per convert-srcuri.py script, github repos should be accessed via https. Change it accordingly. Signed-off-by: Fabio Estevam Signed-off-by: Khem Raj (cherry picked from commit 4cef1e68ea59510d85b778e11179a2dac47c658b) Signed-off-by: Armin Kuster --- .../recipes-support/multipath-tools/multipath-tools_0.9.3.bb| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.9.3.bb b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.9.3.bb index ae4b3b9bf6..a7a9019e33 100644 --- a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.9.3.bb +++ b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.9.3.bb @@ -29,7 +29,7 @@ DEPENDS = "libdevmapper \ LICENSE = "GPL-2.0-only" -SRC_URI = "git://github.com/opensvc/multipath-tools.git;protocol=http;branch=master \ +SRC_URI = "git://github.com/opensvc/multipath-tools.git;protocol=https;branch=master \ file://multipathd.oe \ file://multipath.conf.example \ file://0021-RH-fixup-udev-rules-for-redhat.patch \ -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107885): https://lists.openembedded.org/g/openembedded-devel/message/107885 Mute This Topic: https://lists.openembedded.org/mt/103421488/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 02/17] python3-piccata: Use https for github
From: Fabio Estevam Per convert-srcuri.py script, github repos should be accessed via https. Change it accordingly. Signed-off-by: Fabio Estevam Signed-off-by: Khem Raj (cherry picked from commit 240b95417e0c3dc6b9a22179c73ed318fee36419) Signed-off-by: Armin Kuster --- .../recipes-devtools/python3-piccata/python3-piccata_2.0.3.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-python/recipes-devtools/python3-piccata/python3-piccata_2.0.3.bb b/meta-python/recipes-devtools/python3-piccata/python3-piccata_2.0.3.bb index b72589368d..fadcc32c24 100644 --- a/meta-python/recipes-devtools/python3-piccata/python3-piccata_2.0.3.bb +++ b/meta-python/recipes-devtools/python3-piccata/python3-piccata_2.0.3.bb @@ -4,7 +4,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=e664eb75e2791c2e505e6e1c274e6d4f" SRCREV = "218d310e3d840715b1c8e67cefd5b6d71a2d7a1a" -SRC_URI = "git://github.com/NordicSemiconductor/piccata.git;protocol=http;branch=master" +SRC_URI = "git://github.com/NordicSemiconductor/piccata.git;protocol=https;branch=master" S = "${WORKDIR}/git" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107884): https://lists.openembedded.org/g/openembedded-devel/message/107884 Mute This Topic: https://lists.openembedded.org/mt/103421487/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 01/17] openocd: Use https for github
From: Fabio Estevam Per convert-srcuri.py script, github repos should be accessed via https. Change it accordingly. Signed-off-by: Fabio Estevam Signed-off-by: Khem Raj (cherry picked from commit 4f69d8c19880dc5e8d078c68206eebbc8781e49b) Signed-off-by: Armin Kuster --- meta-oe/recipes-devtools/openocd/openocd_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-devtools/openocd/openocd_git.bb b/meta-oe/recipes-devtools/openocd/openocd_git.bb index d30d9c3466..19ef987387 100644 --- a/meta-oe/recipes-devtools/openocd/openocd_git.bb +++ b/meta-oe/recipes-devtools/openocd/openocd_git.bb @@ -7,7 +7,7 @@ RDEPENDS:${PN} = "libusb1" SRC_URI = " \ git://repo.or.cz/openocd.git;protocol=http;name=openocd;branch=master \ git://repo.or.cz/r/git2cl.git;protocol=http;destsuffix=tools/git2cl;name=git2cl;branch=master \ - git://github.com/msteveb/jimtcl.git;protocol=http;destsuffix=git/jimtcl;name=jimtcl;branch=master \ + git://github.com/msteveb/jimtcl.git;protocol=https;destsuffix=git/jimtcl;name=jimtcl;branch=master \ git://repo.or.cz/r/libjaylink.git;protocol=http;destsuffix=git/src/jtag/drivers/libjaylink;name=libjaylink;branch=master \ " -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107883): https://lists.openembedded.org/g/openembedded-devel/message/107883 Mute This Topic: https://lists.openembedded.org/mt/103421486/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nanbield][PATCH 00/17] Patch review
Please have comments back by Dec 31, 2023 Dylan Turner (1): apache2: v2.4.57 to v2.4.58 to fix CVE-2023-43622 Edi Feschiyan (1): libbytesize: update SRC_URI Fabio Estevam (3): openocd: Use https for github python3-piccata: Use https for github multipath-tools: Use https for github Jeffrey Pautler (1): apache2: add vendor to product name used for CVE checking Jonas Gorski (1): frr: fix CVEs CVE-2023-4675{2,3} and CVE-2023-4723{4,5} Khem Raj (3): hwdata: upgrade 0.370 -> 0.375 openvpn: upgrade 2.6.3 -> 2.6.6 python3-scapy: upgrade to latest revision Ross Burton (1): yajl: fix CVE-2017-16516, CVE-2022-24795, CVE-2023-33460 Wang Mingyu (3): hdf5: Fix install conflict when enable multilib. dnf-plugin-tui: Recover BBCLASSEXTEND variants strongswan: upgrade 5.9.11 -> 5.9.12 Zoltán Böszörményi (3): python3-ninja-syntax: Set BBCLASSEXTEND = "native nativesdk" python3-ninja: Set BBCLASSEXTEND = "native nativesdk" geos: Fix packaging .../python/python3-scapy_2.5.0.bb | 2 +- .../frr/frr/CVE-2023-46752.patch | 125 ++ .../frr/frr/CVE-2023-46753.patch | 117 .../frr/frr/CVE-2023-47234.patch | 95 + .../frr/frr/CVE-2023-47235.patch | 112 .../recipes-protocols/frr/frr_9.0.1.bb| 6 + .../{openvpn_2.6.3.bb => openvpn_2.6.6.bb}| 4 +- ...ongswan_5.9.11.bb => strongswan_5.9.12.bb} | 2 +- .../dnf-plugin-tui/dnf-plugin-tui_git.bb | 2 + .../recipes-devtools/openocd/openocd_git.bb | 2 +- .../yajl/yajl/CVE-2017-16516.patch| 37 ++ .../yajl/yajl/CVE-2022-24795.patch| 59 + .../yajl/yajl/CVE-2023-33460.patch| 35 + meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb | 6 +- .../recipes-navigation/geos/geos_3.12.0.bb| 2 +- meta-oe/recipes-support/hdf5/hdf5_1.14.2.bb | 6 +- .../{hwdata_0.370.bb => hwdata_0.375.bb} | 2 +- .../libbytesize/libbytesize_2.10.bb | 2 +- .../multipath-tools/multipath-tools_0.9.3.bb | 2 +- .../python/python3-ninja-syntax_1.7.2.bb | 4 +- .../python/python3-ninja_1.11.1.bb| 1 + .../python3-piccata/python3-piccata_2.0.3.bb | 2 +- ...config9.m4-Add-server-directory-to-i.patch | 31 - .../{apache2_2.4.57.bb => apache2_2.4.58.bb} | 5 +- 24 files changed, 614 insertions(+), 47 deletions(-) create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch rename meta-networking/recipes-support/openvpn/{openvpn_2.6.3.bb => openvpn_2.6.6.bb} (95%) rename meta-networking/recipes-support/strongswan/{strongswan_5.9.11.bb => strongswan_5.9.12.bb} (99%) create mode 100644 meta-oe/recipes-devtools/yajl/yajl/CVE-2017-16516.patch create mode 100644 meta-oe/recipes-devtools/yajl/yajl/CVE-2022-24795.patch create mode 100644 meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch rename meta-oe/recipes-support/hwdata/{hwdata_0.370.bb => hwdata_0.375.bb} (91%) delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.57.bb => apache2_2.4.58.bb} (98%) -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107882): https://lists.openembedded.org/g/openembedded-devel/message/107882 Mute This Topic: https://lists.openembedded.org/mt/103421484/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] dunfell merge request: Dec 17th
The following changes since commit 9135c7ea7350d5d241f4afc3b28087122ebe2d19: glmark2: fix compatibility with python-3.11 (2023-11-12 10:42:03 -0500) are available in the Git repository at: https://git.openembedded.org/meta-openembedded dunfell-next for you to fetch changes up to fc632d5bb0936e91e4e0191547b9aa8ca47b4ffe: wireshark: fix CVE-2022-4345 multiple (BPv6, OpenFlow, and Kafka protocol) dissector infinite loops (2023-12-17 15:36:42 -0500) Ashish Sharma (1): apache2: Backport fix for CVE-2023-45802 Bartosz Golaszewski (1): python3-cson: fix run-time dependencies Davide Gardenal (2): usrsctp: add CVE_VERSION to correctly check for CVEs openflow: ignore CVE-2018-1078 Frieder Schrempf (1): spirv-tools: Use main branch for all repos Hitendra Prajapati (3): wireshark: Fix CVE-2022-0585-CVE-2023-2879 php: CVE-2022-4900 fix potential buffer overflow samba: fix CVE-2023-42669 denial of service Jasper Orschulko (1): nginx: Mitigate HTTP/2 Stream Resets Flood impact Khem Raj (2): emlog: Add PV meta-python-image,meta-python-ptest-image: Use python3 packagegroups Richard Purdie (3): meta-oe: Drop broken BBCLASSEXTEND variants meta-perl: Drop broken BBCLASSEXTEND variants meta-python: Drop broken BBCLASSEXTEND variants Vijay Anusuri (1): traceroute: upgrade 2.1.0 -> 2.1.3 Yoann Congal (2): emlog: ignore inapplicable CVEs libusbmuxd: Add PV vkumbhar (2): squid: fix CVE-2023-46847 Denial of Service in HTTP Digest Authentication wireshark: fix CVE-2022-4345 multiple (BPv6, OpenFlow, and Kafka protocol) dissector infinite loops .../recipes-connectivity/samba/samba/CVE-2023-42669.patch | 93 ++ meta-networking/recipes-connectivity/samba/samba_4.10.18.bb | 1 + .../recipes-daemons/squid/files/CVE-2023-46847.patch | 47 ++ meta-networking/recipes-daemons/squid/squid_4.9.bb | 1 + meta-networking/recipes-protocols/openflow/openflow.inc | 4 + meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb | 2 + .../traceroute/{traceroute_2.1.0.bb => traceroute_2.1.3.bb} | 3 +- .../wireshark/files/CVE-2022-0585-CVE-2023-2879.patch | 93 ++ .../recipes-support/wireshark/files/CVE-2022-4345.patch | 52 ++ meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb | 2 + .../dynamic-layers/meta-python/recipes-support/smem/smem_1.5.bb | 2 - meta-oe/recipes-connectivity/ser2net/ser2net_4.1.8.bb | 2 - meta-oe/recipes-connectivity/zeromq/czmq_4.2.0.bb | 3 - meta-oe/recipes-core/emlog/emlog.inc | 2 +- meta-oe/recipes-core/emlog/emlog_git.bb | 13 +++ meta-oe/recipes-devtools/nanopb/nanopb_0.4.0.bb | 2 +- meta-oe/recipes-devtools/php/php/CVE-2022-4900.patch | 48 ++ meta-oe/recipes-devtools/php/php_7.4.33.bb | 1 + meta-oe/recipes-extended/libimobiledevice/libusbmuxd_git.bb | 1 + meta-oe/recipes-graphics/spir/spirv-tools_git.bb | 6 +- meta-oe/recipes-graphics/xorg-app/xgamma_1.0.6.bb | 2 - meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb | 2 - meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb | 1 - meta-oe/recipes-printing/cups/cups-filters.inc | 8 -- .../recipes-perl/libconfig/libconfig-autoconf-perl_0.318.bb | 2 +- meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.068.bb | 2 - meta-perl/recipes-perl/libnet/libnet-dns-perl_1.24.bb | 2 - meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.66.bb | 2 - meta-perl/recipes-perl/libstatgrab/libunix-statgrab_0.112.bb | 2 - meta-python/recipes-core/images/meta-python-image.bb | 3 +- meta-python/recipes-core/images/meta-python-ptest-image.bb | 2 +- meta-python/recipes-devtools/python/python-pint.inc | 2 - meta-python/recipes-devtools/python/python3-cmd2_0.9.23.bb | 2 - meta-python/recipes-devtools/python/python3-matplotlib_3.2.1.bb | 2 - meta-python/recipes-devtools/python/python3-pillow_6.2.1.bb | 2 - meta-python/recipes-devtools/python/python3-pyflakes_2.1.1.bb | 2 - .../python/python3-robotframework-seriallibrary_0.3.1.bb | 2 - meta-python/recipes-extended/python-cson/python3-cson_git.bb | 3 +- .../recipes-httpd/apache2/apache2/CVE-2023-45802.patch | 141 meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb | 1 + .../files/0001-HTTP-2-per-iteration-stream-handling-limit.patch | 92 ++ meta-webserver/recipes-httpd/nginx/nginx_1.16.1.bb | 1 + meta-webserver/recipes-httpd/nginx/nginx_1.17.8.bb | 2 + 43 files changed, 605 insertions(+), 53 deletions(-)
[oe] kirkstone merge request: Dec 13th
The following changes since commit 8a75c61cce2aa1d6e5a3597ab8fc5a7e6aeae1e4: nginx: upgrade to 1.24.0 release (2023-11-18 10:03:19 -0500) are available in the Git repository at: https://git.openembedded.org/meta-openembedded kirkstone-next for you to fetch changes up to 402affcc073db39f782c1ebfd718edd5f11eed4c: squid: fix CVE-2023-46847 Denial of Service in HTTP Digest Authentication (2023-12-13 13:35:51 -0500) Archana Polampalli (1): samba: fix CVE-2023-4091 Christian Eggers (1): python3-gcovr: switch to main branch Jasper Orschulko (1): nginx: Mitigate HTTP/2 Stream Resets Flood impact Narpat Mali (1): frr: Fix for multiple CVE's Poonam Jadhav (1): sdbus-c++: Update ptest path Yogita Urade (1): postgresql: fix CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 vkumbhar (1): squid: fix CVE-2023-46847 Denial of Service in HTTP Digest Authentication .../recipes-connectivity/samba/samba/CVE-2023-4091-0001.patch | 193 ++ .../recipes-connectivity/samba/samba/CVE-2023-4091-0002.patch | 59 ++ meta-networking/recipes-connectivity/samba/samba_4.14.14.bb | 2 + .../recipes-daemons/squid/files/CVE-2023-46847.patch | 47 + meta-networking/recipes-daemons/squid/squid_4.15.bb | 1 + meta-networking/recipes-protocols/frr/frr/CVE-2023-38406.patch | 42 meta-networking/recipes-protocols/frr/frr/CVE-2023-38407.patch | 63 ++ meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch | 127 meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch | 119 +++ meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch | 98 ++ meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch | 114 +++ meta-networking/recipes-protocols/frr/frr_8.2.2.bb | 6 + meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.0.0.bb | 7 +- meta-oe/recipes-dbs/postgresql/files/CVE-2023-5868.patch | 125 meta-oe/recipes-dbs/postgresql/files/CVE-2023-5869.patch | 294 meta-oe/recipes-dbs/postgresql/files/CVE-2023-5870.patch | 108 ++ meta-oe/recipes-dbs/postgresql/postgresql_14.9.bb | 3 + meta-python/recipes-devtools/python/python3-gcovr_5.1.bb | 2 +- .../files/0001-HTTP-2-per-iteration-stream-handling-limit.patch | 92 + meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb | 1 + meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb | 2 + 21 files changed, 1503 insertions(+), 2 deletions(-) create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0001.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0002.patch create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2023-46847.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-38406.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-38407.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch create mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2023-5868.patch create mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2023-5869.patch create mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2023-5870.patch create mode 100644 meta-webserver/recipes-httpd/nginx/files/0001-HTTP-2-per-iteration-stream-handling-limit.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107395): https://lists.openembedded.org/g/openembedded-devel/message/107395 Mute This Topic: https://lists.openembedded.org/mt/103155538/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe] [kirkstone][PATCH 0/2] Add sipconfig.py support to sip3
On 12/1/23 10:09 PM, Rob Woolley via lists.openembedded.org wrote: Some packages in meta-ros, like qt-gui-cpp, need sipconfig.py to be present in python3-sip3. Changes are required to ensure that the sip tools execute successfully and that paths from the host machine don't get included in the SIP configuration file. Do similar changes need to go into Master? Rob Woolley (2): sip3: Add sipconfig.py sip3: Add py_ssize_t_clean argument ...ean-argument-to-the-module-directive.patch | 17679 meta-oe/recipes-devtools/sip/sip3_4.19.23.bb |21 +- 2 files changed, 17699 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-devtools/sip/sip3/added-the-py_ssize_t_clean-argument-to-the-module-directive.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107243): https://lists.openembedded.org/g/openembedded-devel/message/107243 Mute This Topic: https://lists.openembedded.org/mt/102930497/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] mickeldore merge request: Dec 3rd
The following changes since commit aa5e8edabbc414d8ec1b2ad63c8743c7baf99626: nlohmann-json: Add ptest support (2023-11-16 21:49:15 -0500) are available in the Git repository at: https://git.openembedded.org/meta-openembedded mickledore-next for you to fetch changes up to f29290563cb821fae95340ba959749641c69ed7f: python3-django: move to version 4.2.7 (2023-12-04 09:47:03 -0500) Benjamin Bara (1): libvpx: upgrade 1.13.0 -> 1.13.1 Christian Eggers (1): python3-gcovr: switch to main branch Hitendra Prajapati (1): wireshark: Fix CVE-2023-2906 Joe Slater (1): python3-django: move to version 4.2.7 Khem Raj (1): gattlib: Upgrade to latest tip of trunk .../recipes-support/wireshark/files/CVE-2023-2906.patch | 38 + meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb | 1 + meta-oe/recipes-connectivity/gattlib/gattlib_git.bb | 11 +++-- .../webm/{libvpx_1.13.0.bb => libvpx_1.13.1.bb} | 2 +- .../python/{python3-django_4.2.1.bb => python3-django_4.2.7.bb} | 2 +- meta-python/recipes-devtools/python/python3-gcovr_6.0.bb | 2 +- 6 files changed, 51 insertions(+), 5 deletions(-) create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2023-2906.patch rename meta-oe/recipes-multimedia/webm/{libvpx_1.13.0.bb => libvpx_1.13.1.bb} (96%) rename meta-python/recipes-devtools/python/{python3-django_4.2.1.bb => python3-django_4.2.7.bb} (58%) -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107205): https://lists.openembedded.org/g/openembedded-devel/message/107205 Mute This Topic: https://lists.openembedded.org/mt/102971635/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] kirkstone merge request: Nove 29th
The following changes since commit 7da6cb848bc42b3e6bd5d2b37b52ba75510a6ca0: indent: fix CVE-2023-40305 (2023-11-03 10:52:59 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded kirkstone-next for you to fetch changes up to 8a75c61cce2aa1d6e5a3597ab8fc5a7e6aeae1e4: nginx: upgrade to 1.24.0 release (2023-11-18 10:03:19 -0500) Archana Polampalli (1): open-vm-tools: fix CVE-2023-34058 Bartosz Golaszewski (1): python3-cson: fix run-time dependencies Khem Raj (1): emlog: Add PV Michael Haener (1): nginx: upgrade to 1.24.0 release Mingli Yu (1): nlohmann-json: Add ptest support Narpat Mali (2): open-vm-tools: fix CVE-2023-20900 traceroute: upgrade 2.1.0 -> 2.1.3 Peter Kjellerstedt (1): libwebsockets: Support building for native Richard Purdie (4): meta-perl: Drop broken BBCLASSEXTEND variants meta-networking: Drop broken BBCLASSEXTEND variants meta-oe: Drop broken BBCLASSEXTEND variants meta-python: Drop broken BBCLASSEXTEND variants Yoann Congal (3): emlog: ignore CVE-2022-3968 & CVE-2023-43291 python3-soupsieve: Break circular dependency with beautifulsoup4 packagegroup-meta-oe-extended: RDEPENDS on an existing mozjs-91 package .../recipes-connectivity/mosquitto/mosquitto_2.0.18.bb | 2 +- .../recipes-support/netsniff-ng/netsniff-ng_0.6.8.bb | 2 +- .../open-vm-tools/open-vm-tools/CVE-2023-20900.patch | 36 + .../open-vm-tools/open-vm-tools/CVE-2023-34058.patch | 241 .../recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb | 2 + .../traceroute/{traceroute_2.1.0.bb => traceroute_2.1.3.bb} | 3 +- .../recipes-core/packagegroups/packagegroup-meta-oe.bbappend | 2 +- .../recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb | 3 + meta-oe/recipes-connectivity/ser2net/ser2net_4.3.5.bb | 2 - meta-oe/recipes-connectivity/zeromq/czmq_4.2.1.bb | 2 - meta-oe/recipes-core/emlog/emlog.inc | 2 +- meta-oe/recipes-core/emlog/emlog_git.bb | 2 + meta-oe/recipes-devtools/heaptrack/heaptrack_1.2.0.bb | 2 +- meta-oe/recipes-devtools/nlohmann-json/files/run-ptest | 12 ++ meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb | 20 ++- meta-oe/recipes-devtools/unifex/unifex_git.bb | 2 - meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb | 2 +- meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb | 2 - meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb | 1 - .../recipes-perl/libconfig/libconfig-autoconf-perl_0.319.bb | 2 +- meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb | 2 - meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb | 2 - meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb | 2 - meta-perl/recipes-perl/libstatgrab/libunix-statgrab_0.112.bb | 2 - .../recipes-devtools/python/python3-aiohttp-jinja2_1.5.bb | 2 - meta-python/recipes-devtools/python/python3-autobahn_22.3.2.bb | 2 - meta-python/recipes-devtools/python/python3-pyudev_0.23.2.bb | 2 +- .../python/python3-robotframework-seriallibrary_0.3.1.bb | 2 - meta-python/recipes-devtools/python/python3-snappy_0.6.1.bb | 2 - meta-python/recipes-devtools/python/python3-soupsieve_2.3.1.bb | 4 - meta-python/recipes-devtools/python/python3-txaio_22.2.1.bb | 2 - meta-python/recipes-extended/python-cson/python3-cson_git.bb | 3 +- .../recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb | 2 - meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb | 6 + 34 files changed, 329 insertions(+), 48 deletions(-) create mode 100644 meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20900.patch create mode 100644 meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch rename meta-networking/recipes-support/traceroute/{traceroute_2.1.0.bb => traceroute_2.1.3.bb} (91%) create mode 100755 meta-oe/recipes-devtools/nlohmann-json/files/run-ptest create mode 100644 meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107135): https://lists.openembedded.org/g/openembedded-devel/message/107135 Mute This Topic: https://lists.openembedded.org/mt/102870656/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe] [meta-python][kirkstone][PATCH 1/2] python3-cson: fix DEPENDS on python3-native
Hello Yoann, thanks for the followup. I believe I got series sorted out. -Armin On 11/17/23 6:18 PM, Yoann Congal wrote: Le 18/11/2023 à 00:07, Yoann Congal a écrit : Le 17/11/2023 à 10:18, Yoann Congal a écrit : python-native is not provided by meta-python anymore and this is clearly a python3 recipe. Signed-off-by: Yoann Congal --- meta-python/recipes-extended/python-cson/python3-cson_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-python/recipes-extended/python-cson/python3-cson_git.bb b/meta-python/recipes-extended/python-cson/python3-cson_git.bb index c4fcc61ec..da174ad55 100644 --- a/meta-python/recipes-extended/python-cson/python3-cson_git.bb +++ b/meta-python/recipes-extended/python-cson/python3-cson_git.bb @@ -13,7 +13,7 @@ SRC_URI = "git://github.com/gt3389b/python-cson.git;branch=master;protocol=https S = "${WORKDIR}/git" RDEPENDS:${PN}:class-native = "" -DEPENDS:append:class-native = " python-native " +DEPENDS:append:class-native = " python3-native " inherit setuptools3 It would be better to backport https://git.openembedded.org/meta-openembedded/commit/?id=40b4cf5a83098a5f1be873be5c29f26380bc7993 instead of this patch In the current state : root@qemux86-64:~# python-cson Traceback (most recent call last): File "/usr/bin/python-cson", line 5, in from cson import main File "/usr/lib/python3.10/site-packages/cson.py", line 11, in import argparse, copy, json, sys ModuleNotFoundError: No module named 'json' I'll send the backport. Here it is : [meta-python][kirkstone][PATCH] python3-cson: fix run-time dependencies https://lists.openembedded.org/g/openembedded-devel/message/106881 With the backport the python-cson tool does start so this patch should definitely be dropped in favor of the backport. root@qemux86-64:~# python-cson usage: python-cson [-h] -f OUTPUT_FILE [-v] input_file python-cson: error: the following arguments are required: -f/--file, input_file Regards, -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#106886): https://lists.openembedded.org/g/openembedded-devel/message/106886 Mute This Topic: https://lists.openembedded.org/mt/102644490/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-networking][kirkstone][PATCH] nginx: upgrade to 1.24.0 release
From: Michael Haener According to http://nginx.org/en/CHANGES nginx supports the openssl 3.x component only from version 1.21.2. In Kirstone openssl 3.x is included but all provided versions of nginx are older, so there is currently an incompatibility. With this patch this incompatibility get removed. Signed-off-by: Michael Haener Signed-off-by: Armin Kuster --- meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb | 6 ++ 1 file changed, 6 insertions(+) create mode 100644 meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb new file mode 100644 index 00..2e865e400e --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb @@ -0,0 +1,6 @@ +require nginx.inc + +LIC_FILES_CHKSUM = "file://LICENSE;md5=175abb631c799f54573dc481454c8632" + +SRC_URI[sha256sum] = "77a2541637b92a621e3ee76776c8b7b40cf6d707e69ba53a940283e30ff2f55d" + -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#106871): https://lists.openembedded.org/g/openembedded-devel/message/106871 Mute This Topic: https://lists.openembedded.org/mt/102649879/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe] [OE-core][kirkstone][PATCH] qemu 6.2.0: Fix CVE-2023-1544
Wrong mailing list. Please try openembedded-c...@lists.openembedded.org br, Armin On 11/16/23 11:59 PM, Niranjan Pradhan via lists.openembedded.org wrote: Upstream Repository: https://gitlab.com/qemu-project/qemu.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2023-1544 Type: Security Fix CVE: CVE-2023-1544 Score: 6.3 Patch: https://gitlab.com/qemu-project/qemu/-/commit/85fc35afa93c Signed-off-by: Niranjan Pradhan --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2023-1544.patch | 70 +++ 2 files changed, 71 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-1544.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 83bd5d7e67..c8e4e2e6f3 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -101,6 +101,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2023-3354.patch \ file://CVE-2023-3180.patch \ file://CVE-2021-3638.patch \ + file://CVE-2023-1544.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-1544.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-1544.patch new file mode 100644 index 00..b4781e1c18 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-1544.patch @@ -0,0 +1,70 @@ +From e7d6e37675e422cfab2fe8c6bd411d2097228760 Mon Sep 17 00:00:00 2001 +From: Yuval Shaia +Date: Wed, 1 Mar 2023 16:29:26 +0200 +Subject: [PATCH] hw/pvrdma: Protect against buggy or malicious guest driver + +Guest driver allocates and initialize page tables to be used as a ring +of descriptors for CQ and async events. +The page table that represents the ring, along with the number of pages +in the page table is passed to the device. +Currently our device supports only one page table for a ring. + +Let's make sure that the number of page table entries the driver +reports, do not exceeds the one page table size. + +CVE: CVE-2023-1544 +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/85fc35afa93c] + +Reported-by: Soul Chen +Signed-off-by: Yuval Shaia +Fixes: CVE-2023-1544 +Message-ID: <20230301142926.18686-1-yuval.shaia...@gmail.com> +Signed-off-by: Thomas Huth +(cherry picked from commit 85fc35afa93c7320d1641d344d0c5dfbe341d087) +Signed-off-by: Niranjan Pradhan +--- + hw/rdma/vmw/pvrdma_main.c | 16 +++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c +index 4fc6712025..55b338046e 100644 +--- a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c +@@ -91,19 +91,33 @@ static int init_dev_ring(PvrdmaRing *ring, PvrdmaRingState **ring_state, + dma_addr_t dir_addr, uint32_t num_pages) + { + uint64_t *dir, *tbl; +-int rc = 0; ++int max_pages, rc = 0; + + if (!num_pages) { + rdma_error_report("Ring pages count must be strictly positive"); + return -EINVAL; + } + ++/* ++ * Make sure we can satisfy the requested number of pages in a single ++ * TARGET_PAGE_SIZE sized page table (taking into account that first entry ++ * is reserved for ring-state) ++ */ ++max_pages = TARGET_PAGE_SIZE / sizeof(dma_addr_t) - 1; ++if (num_pages > max_pages) { ++rdma_error_report("Maximum pages on a single directory must not exceed %d\n", ++ max_pages); ++return -EINVAL; ++} ++ + dir = rdma_pci_dma_map(pci_dev, dir_addr, TARGET_PAGE_SIZE); + if (!dir) { + rdma_error_report("Failed to map to page directory (ring %s)", name); + rc = -ENOMEM; + goto out; + } ++ ++/* We support only one page table for a ring */ + tbl = rdma_pci_dma_map(pci_dev, dir[0], TARGET_PAGE_SIZE); + if (!tbl) { + rdma_error_report("Failed to map to page table (ring %s)", name); +-- +2.35.6 + -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#106870): https://lists.openembedded.org/g/openembedded-devel/message/106870 Mute This Topic: https://lists.openembedded.org/mt/102642225/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] mickeldore merge request: Nov 17th.
The following changes since commit 39968837196cb48209b71e8852dd04a2f8ccdca8: nginx: add configure option (2023-10-15 19:09:42 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded mickledore-next for you to fetch changes up to aa5e8edabbc414d8ec1b2ad63c8743c7baf99626: nlohmann-json: Add ptest support (2023-11-16 21:49:15 -0500) Archana Polampalli (2): nodejs: Upgrade 18.17.1 -> 18.18.2 open-vm-tools: fix CVE-2023-34058 Changqing Li (1): cpuid: fix do_install Joe Slater (1): python3-pynacl: add RCONFLICTS with python3-nacl Mingli Yu (1): nlohmann-json: Add ptest support Narpat Mali (1): traceroute: upgrade 2.1.2 -> 2.1.3 Sourav Pramanik (1): nlohmann-json: Avoid usage of nobranch=1 Wang Mingyu (1): postgresql: upgrade 15.3 -> 15.4 Yi Zhao (2): mbedtls: upgrade 2.28.3 -> 2.28.5 libssh: upgrade 0.10.4 -> 0.10.5 .../mbedtls/{mbedtls_2.28.3.bb => mbedtls_2.28.5.bb} | 2 +- .../open-vm-tools/open-vm-tools/CVE-2023-34058.patch | 241 .../recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb | 1 + .../traceroute/{traceroute_2.1.2.bb => traceroute_2.1.3.bb} | 2 +- .../0001-configure.ac-bypass-autoconf-2.69-version-check.patch | 8 +- .../postgresql/{postgresql_15.3.bb => postgresql_15.4.bb} | 2 +- meta-oe/recipes-devtools/cpuid/cpuid_20211129.bb | 10 +- ...001-Makefile-update-the-hardcode-path-to-bindir-mandir.patch | 36 + ...0001-custom-allocators-define-missing-rebind-type-3895.patch | 61 +++ ...1-tests-unit-iterators2-use-std-ranges-equals-for-rang.patch | 31 meta-oe/recipes-devtools/nlohmann-json/files/run-ptest | 12 ++ meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.11.2.bb | 24 ++- .../oe-npm-cache | 0 ...oe-cache-native_18.17.bb => nodejs-oe-cache-native_18.18.bb} | 0 .../nodejs/{nodejs_18.17.1.bb => nodejs_18.18.2.bb} | 4 +- meta-oe/recipes-support/libssh/libssh/run-ptest | 42 + .../libssh/{libssh_0.10.4.bb => libssh_0.10.5.bb} | 5 +- meta-python/recipes-devtools/python/python3-pynacl_1.5.0.bb | 4 + 18 files changed, 429 insertions(+), 56 deletions(-) rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_2.28.3.bb => mbedtls_2.28.5.bb} (98%) create mode 100644 meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch rename meta-networking/recipes-support/traceroute/{traceroute_2.1.2.bb => traceroute_2.1.3.bb} (94%) rename meta-oe/recipes-dbs/postgresql/{postgresql_15.3.bb => postgresql_15.4.bb} (84%) create mode 100644 meta-oe/recipes-devtools/cpuid/files/0001-Makefile-update-the-hardcode-path-to-bindir-mandir.patch create mode 100644 meta-oe/recipes-devtools/nlohmann-json/files/0001-custom-allocators-define-missing-rebind-type-3895.patch create mode 100644 meta-oe/recipes-devtools/nlohmann-json/files/0001-tests-unit-iterators2-use-std-ranges-equals-for-rang.patch create mode 100755 meta-oe/recipes-devtools/nlohmann-json/files/run-ptest rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-18.17 => nodejs-oe-cache-18.18}/oe-npm-cache (100%) rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-native_18.17.bb => nodejs-oe-cache-native_18.18.bb} (100%) rename meta-oe/recipes-devtools/nodejs/{nodejs_18.17.1.bb => nodejs_18.18.2.bb} (97%) rename meta-oe/recipes-support/libssh/{libssh_0.10.4.bb => libssh_0.10.5.bb} (85%) -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#106869): https://lists.openembedded.org/g/openembedded-devel/message/106869 Mute This Topic: https://lists.openembedded.org/mt/102649405/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][mickledore][PATCH] nlohmann-json: Add ptest support
From: Mingli Yu * Backport 2 patches [1] [2] to fix the build failure under tests dir. * Fetch the test data during do_fetch phase to avoid internet access during test as some tests need test data. # ./run-ptest PASS: test-algorithms_cpp11 PASS: test-allocator_cpp11 PASS: test-alt-string_cpp11 PASS: test-assert_macro_cpp11 PASS: test-binary_formats_cpp11 [snip] PASS: test-unicode5_cpp11 PASS: test-user_defined_input_cpp11 PASS: test-windows_h_cpp11 PASS: test-wstring_cpp11 [1] https://github.com/nlohmann/json/commit/6cec5aefc97ad219b6fd5a4132f88f7c8f6800ee [2] https://github.com/nlohmann/json/commit/660d0b58565073975d6f5d94365d6cbf150a4cf8 Signed-off-by: Mingli Yu Signed-off-by: Khem Raj (cherry picked from commit 013b4d50432a3eba08a9cb54b9edf6b25a6378a8) Signed-off-by: Armin Kuster --- ...tors-define-missing-rebind-type-3895.patch | 61 +++ ...tors2-use-std-ranges-equals-for-rang.patch | 31 ++ .../nlohmann-json/files/run-ptest | 12 .../nlohmann-json/nlohmann-json_3.11.2.bb | 22 ++- 4 files changed, 123 insertions(+), 3 deletions(-) create mode 100644 meta-oe/recipes-devtools/nlohmann-json/files/0001-custom-allocators-define-missing-rebind-type-3895.patch create mode 100644 meta-oe/recipes-devtools/nlohmann-json/files/0001-tests-unit-iterators2-use-std-ranges-equals-for-rang.patch create mode 100755 meta-oe/recipes-devtools/nlohmann-json/files/run-ptest diff --git a/meta-oe/recipes-devtools/nlohmann-json/files/0001-custom-allocators-define-missing-rebind-type-3895.patch b/meta-oe/recipes-devtools/nlohmann-json/files/0001-custom-allocators-define-missing-rebind-type-3895.patch new file mode 100644 index 00..d964586c1c --- /dev/null +++ b/meta-oe/recipes-devtools/nlohmann-json/files/0001-custom-allocators-define-missing-rebind-type-3895.patch @@ -0,0 +1,61 @@ +From 6cec5aefc97ad219b6fd5a4132f88f7c8f6800ee Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich +Date: Wed, 8 Mar 2023 11:31:56 + +Subject: [PATCH] custom allocators: define missing 'rebind' type (#3895) + +Upstream-Status: Backport [https://github.com/nlohmann/json/commit/6cec5aefc97ad219b6fd5a4132f88f7c8f6800ee] + +Signed-off-by: Mingli Yu +--- + tests/src/unit-allocator.cpp | 9 + + tests/src/unit-regression2.cpp | 9 + + 2 files changed, 18 insertions(+) + +diff --git a/tests/src/unit-allocator.cpp b/tests/src/unit-allocator.cpp +index 76e3b03f..f2e63552 100644 +--- a/tests/src/unit-allocator.cpp b/tests/src/unit-allocator.cpp +@@ -20,11 +20,20 @@ struct bad_allocator : std::allocator + { + using std::allocator::allocator; + ++bad_allocator() = default; ++template bad_allocator(const bad_allocator& /*unused*/) { } ++ + template + void construct(T* /*unused*/, Args&& ... /*unused*/) + { + throw std::bad_alloc(); + } ++ ++template ++struct rebind ++{ ++using other = bad_allocator; ++}; + }; + } // namespace + +diff --git a/tests/src/unit-regression2.cpp b/tests/src/unit-regression2.cpp +index 2bb9b32e..dbafb436 100644 +--- a/tests/src/unit-regression2.cpp b/tests/src/unit-regression2.cpp +@@ -189,6 +189,15 @@ class my_allocator : public std::allocator + { + public: + using std::allocator::allocator; ++ ++my_allocator() = default; ++template my_allocator(const my_allocator& /*unused*/) { } ++ ++template ++struct rebind ++{ ++using other = my_allocator; ++}; + }; + + / +-- +2.25.1 + diff --git a/meta-oe/recipes-devtools/nlohmann-json/files/0001-tests-unit-iterators2-use-std-ranges-equals-for-rang.patch b/meta-oe/recipes-devtools/nlohmann-json/files/0001-tests-unit-iterators2-use-std-ranges-equals-for-rang.patch new file mode 100644 index 00..463912e4b6 --- /dev/null +++ b/meta-oe/recipes-devtools/nlohmann-json/files/0001-tests-unit-iterators2-use-std-ranges-equals-for-rang.patch @@ -0,0 +1,31 @@ +From 660d0b58565073975d6f5d94365d6cbf150a4cf8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Arsen=20Arsenovi=C4=87?= +Date: Sun, 5 Mar 2023 14:11:22 +0100 +Subject: [PATCH] tests/unit-iterators2: use std::ranges::equals for range + comparisons (#3950) + +Closes https://github.com/nlohmann/json/issues/3927 + +Upstream-Status: Backport [https://github.com/nlohmann/json/commit/660d0b58565073975d6f5d94365d6cbf150a4cf8] + +Signed-off-by: Mingli Yu +--- + tests/src/unit-iterators2.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/src/unit-iterators2.cpp b/tests/src/unit-iterators2.cpp +index 27926084..72a5d9dc 100644 +--- a/tests/src/unit-iterators2.cpp b/tests/src/unit-iterators2.cpp +@@ -943,7 +943,7 @@ TEST_CASE("iterators 2") + json j_expected{5, 4, 3, 2, 1}; + + auto reversed = j | std::views::reverse; +-CHECK(reversed == j_expected); ++
[oe] [meta-networking][PATCH] pkggrp: drop netkit
Signed-off-by: Armin Kuster --- .../packagegroup-meta-networking.bb | 17 - 1 file changed, 17 deletions(-) diff --git a/meta-networking/recipes-core/packagegroups/packagegroup-meta-networking.bb b/meta-networking/recipes-core/packagegroups/packagegroup-meta-networking.bb index 7be8261164..941efedd65 100644 --- a/meta-networking/recipes-core/packagegroups/packagegroup-meta-networking.bb +++ b/meta-networking/recipes-core/packagegroups/packagegroup-meta-networking.bb @@ -13,7 +13,6 @@ PACKAGES = ' \ packagegroup-meta-networking-filter \ packagegroup-meta-networking-irc \ packagegroup-meta-networking-kernel \ -packagegroup-meta-networking-netkit \ packagegroup-meta-networking-protocols \ packagegroup-meta-networking-support \ ' @@ -26,7 +25,6 @@ RDEPENDS:packagegroup-meta-networking = "\ packagegroup-meta-networking-filter \ packagegroup-meta-networking-irc \ packagegroup-meta-networking-kernel \ -packagegroup-meta-networking-netkit \ packagegroup-meta-networking-protocols \ packagegroup-meta-networking-support \ " @@ -134,21 +132,6 @@ RDEPENDS:packagegroup-meta-networking-kernel = "\ wireguard-tools \ " -RDEPENDS:packagegroup-meta-networking-netkit = "\ -netkit-rwho-client \ -netkit-rwho-server \ -netkit-rsh-client \ -netkit-rsh-server \ -netkit-telnet \ -netkit-tftp-client \ -netkit-tftp-server \ -netkit-ftp \ -netkit-rpc \ -" - -RDEPENDS:packagegroup-meta-networking-netkit:remove:libc-musl = " \ -netkit-rsh-client netkit-rsh-server netkit-telnet" - RDEPENDS:packagegroup-meta-networking-protocols = "\ babeld \ ${@bb.utils.contains("DISTRO_FEATURES", "pam", "dante", "", d)} \ -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#106760): https://lists.openembedded.org/g/openembedded-devel/message/106760 Mute This Topic: https://lists.openembedded.org/mt/102604506/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-networking][PATCH 1/3] netkit: Drop old and no upstream
Signed-off-by: Armin Kuster --- ...1-ftp-include-sys-types.h-for-u_long.patch | 32 - .../netkit-ftp/Add_ARG_MAX_define.patch | 27 - .../netkit-ftp/netkit-ftp_0.17.bb | 50 - .../0001-rpcgen-Fix-printf-formats.patch | 53 - .../netkit-rpc/netkit-rpc/gcc4.patch | 39 - .../netkit-rpc/netkit-rpc_0.17.bb | 51 - .../CVE-2019-7282-and-CVE-2019-7283.patch | 35 - .../netkit-rsh/fix-host-variable.patch| 27 - .../netkit-rsh/fixup_wait3_api_change.patch | 34 - .../netkit-rsh-0.17-rexec-ipv6.patch | 30 - .../netkit-rsh/no_pam_build_fix.patch | 39 - .../netkit-rsh/netkit-rsh/rexec.pam | 10 - .../netkit-rsh/netkit-rsh/rexec.xinetd.netkit | 20 - .../netkit-rsh/netkit-rsh/rlogin.pam | 12 - .../netkit-rsh/rlogin.xinetd.netkit | 23 - .../rsh-redone_link_order_file.patch | 77 -- .../netkit-rsh/netkit-rsh/rsh.pam | 10 - .../netkit-rsh/netkit-rsh/rsh.xinetd.netkit | 21 - .../netkit-rsh/netkit-rsh_0.17.bb | 105 -- .../0001-Link-with-libtirpc.patch | 120 -- ...sd-Makefile-fix-parallel-build-issue.patch | 30 - .../netkit-rusers/netkit-rusers_0.17.bb | 72 - ...dd-missing-include-path-to-I-options.patch | 46 - ...002-Fix-build-issues-found-with-musl.patch | 72 - .../netkit-rwho/netkit-rwho/rwhod | 71 - .../netkit-rwho/netkit-rwho/rwhod.default |2 - .../netkit-rwho/netkit-rwho_0.17.bb | 108 -- .../0001-Drop-using-register-keyword.patch| 457 --- ...lnet-telnetd-Fix-deadlock-on-cleanup.patch | 116 -- ...net-telnetd-Fix-print-format-strings.patch | 68 - c-Fix-buffer-overflow-in-netoprintf.patch | 56 - ...time.h-form-time-and-strftime-protot.patch | 27 - .../netkit-telnet/files/CVE-2020-10188.patch | 112 -- .../netkit-telnet/files/CVE-2022-39028.patch | 53 - .../To-aviod-buffer-overflow-in-telnet.patch | 1217 - .../Warning-fix-in-the-step-of-install.patch | 41 - .../netkit-telnet/files/cross-compile.patch | 48 - .../netkit-telnet/files/telnet-xinetd | 14 - .../netkit-telnet/netkit-telnet_0.17.bb | 74 - .../0001-tftp-Include-missing-fcntl.h.patch | 27 - .../netkit-tftp/netkit-tftp/tftp.conf | 11 - .../netkit-tftp/netkit-tftp_0.17.bb | 59 - 42 files changed, 3596 deletions(-) delete mode 100644 meta-networking/recipes-netkit/netkit-ftp/netkit-ftp/0001-ftp-include-sys-types.h-for-u_long.patch delete mode 100644 meta-networking/recipes-netkit/netkit-ftp/netkit-ftp/Add_ARG_MAX_define.patch delete mode 100644 meta-networking/recipes-netkit/netkit-ftp/netkit-ftp_0.17.bb delete mode 100644 meta-networking/recipes-netkit/netkit-rpc/netkit-rpc/0001-rpcgen-Fix-printf-formats.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rpc/netkit-rpc/gcc4.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rpc/netkit-rpc_0.17.bb delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/fix-host-variable.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/fixup_wait3_api_change.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/netkit-rsh-0.17-rexec-ipv6.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/no_pam_build_fix.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rexec.pam delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rexec.xinetd.netkit delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rlogin.pam delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rlogin.xinetd.netkit delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rsh-redone_link_order_file.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rsh.pam delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rsh.xinetd.netkit delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb delete mode 100644 meta-networking/recipes-netkit/netkit-rusers/netkit-rusers/0001-Link-with-libtirpc.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rusers/netkit-rusers/rpc.rusersd-Makefile-fix-parallel-build-issue.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rusers/netkit-rusers_0.17.bb delete mode 100644 meta-networking/recipes-netkit/netkit-rwho/netkit-rwho/0001-Add-missing-include-path-to-I-options.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rwho/netkit-rwho/0002-Fix-build-issues-found-with-musl.patch delete mode 100755 meta-networking/recipes-netkit/netkit-rwho/netkit-rwho/rwhod delete mode 100644 meta-networking/recipes-netkit/netkit-rwho/netkit-rwho
[oe] [meta-networking][PATCH 3/3] README: drop netkit maintainer
Signed-off-by: Armin Kuster --- meta-networking/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/meta-networking/README.md b/meta-networking/README.md index 34e11a96dd..ab2640618f 100644 --- a/meta-networking/README.md +++ b/meta-networking/README.md @@ -33,7 +33,6 @@ branch: master Maintenance --- Layer maintainers: Khem Raj - Armin Kuster (recipes-netkit) Please see the MAINTAINERS file for information on contacting the -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#106758): https://lists.openembedded.org/g/openembedded-devel/message/106758 Mute This Topic: https://lists.openembedded.org/mt/102604485/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-networking][PATCH 2/3] MAINTANERS: drop netkit
Signed-off-by: Armin Kuster --- meta-networking/MAINTAINERS | 4 1 file changed, 4 deletions(-) diff --git a/meta-networking/MAINTAINERS b/meta-networking/MAINTAINERS index ce53ec471b..dc549d7582 100644 --- a/meta-networking/MAINTAINERS +++ b/meta-networking/MAINTAINERS @@ -34,10 +34,6 @@ S: Maintained F: conf F: recipes-* -NETKIT -M: Armin Kuster -F: recipes-netkit - OPENTHREAD M: Stefan Schmidt F: recipes-connectivity/openthread/ -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#106757): https://lists.openembedded.org/g/openembedded-devel/message/106757 Mute This Topic: https://lists.openembedded.org/mt/102604484/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-networking][PATCH 0/3] Drop netkit pkgs
The netkit packages don't have an upstream. Some are in-secure and have more modern and maintained alt replacements. If someone needs one of these pkgs, please submit a patch to add it back in. Armin Kuster (3): netkit: Drop old and no upstream MAINTANERS: drop netkit README: drop netkit maintainer meta-networking/MAINTAINERS |4 - meta-networking/README.md |1 - ...1-ftp-include-sys-types.h-for-u_long.patch | 32 - .../netkit-ftp/Add_ARG_MAX_define.patch | 27 - .../netkit-ftp/netkit-ftp_0.17.bb | 50 - .../0001-rpcgen-Fix-printf-formats.patch | 53 - .../netkit-rpc/netkit-rpc/gcc4.patch | 39 - .../netkit-rpc/netkit-rpc_0.17.bb | 51 - .../CVE-2019-7282-and-CVE-2019-7283.patch | 35 - .../netkit-rsh/fix-host-variable.patch| 27 - .../netkit-rsh/fixup_wait3_api_change.patch | 34 - .../netkit-rsh-0.17-rexec-ipv6.patch | 30 - .../netkit-rsh/no_pam_build_fix.patch | 39 - .../netkit-rsh/netkit-rsh/rexec.pam | 10 - .../netkit-rsh/netkit-rsh/rexec.xinetd.netkit | 20 - .../netkit-rsh/netkit-rsh/rlogin.pam | 12 - .../netkit-rsh/rlogin.xinetd.netkit | 23 - .../rsh-redone_link_order_file.patch | 77 -- .../netkit-rsh/netkit-rsh/rsh.pam | 10 - .../netkit-rsh/netkit-rsh/rsh.xinetd.netkit | 21 - .../netkit-rsh/netkit-rsh_0.17.bb | 105 -- .../0001-Link-with-libtirpc.patch | 120 -- ...sd-Makefile-fix-parallel-build-issue.patch | 30 - .../netkit-rusers/netkit-rusers_0.17.bb | 72 - ...dd-missing-include-path-to-I-options.patch | 46 - ...002-Fix-build-issues-found-with-musl.patch | 72 - .../netkit-rwho/netkit-rwho/rwhod | 71 - .../netkit-rwho/netkit-rwho/rwhod.default |2 - .../netkit-rwho/netkit-rwho_0.17.bb | 108 -- .../0001-Drop-using-register-keyword.patch| 457 --- ...lnet-telnetd-Fix-deadlock-on-cleanup.patch | 116 -- ...net-telnetd-Fix-print-format-strings.patch | 68 - c-Fix-buffer-overflow-in-netoprintf.patch | 56 - ...time.h-form-time-and-strftime-protot.patch | 27 - .../netkit-telnet/files/CVE-2020-10188.patch | 112 -- .../netkit-telnet/files/CVE-2022-39028.patch | 53 - .../To-aviod-buffer-overflow-in-telnet.patch | 1217 - .../Warning-fix-in-the-step-of-install.patch | 41 - .../netkit-telnet/files/cross-compile.patch | 48 - .../netkit-telnet/files/telnet-xinetd | 14 - .../netkit-telnet/netkit-telnet_0.17.bb | 74 - .../0001-tftp-Include-missing-fcntl.h.patch | 27 - .../netkit-tftp/netkit-tftp/tftp.conf | 11 - .../netkit-tftp/netkit-tftp_0.17.bb | 59 - 44 files changed, 3601 deletions(-) delete mode 100644 meta-networking/recipes-netkit/netkit-ftp/netkit-ftp/0001-ftp-include-sys-types.h-for-u_long.patch delete mode 100644 meta-networking/recipes-netkit/netkit-ftp/netkit-ftp/Add_ARG_MAX_define.patch delete mode 100644 meta-networking/recipes-netkit/netkit-ftp/netkit-ftp_0.17.bb delete mode 100644 meta-networking/recipes-netkit/netkit-rpc/netkit-rpc/0001-rpcgen-Fix-printf-formats.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rpc/netkit-rpc/gcc4.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rpc/netkit-rpc_0.17.bb delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/fix-host-variable.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/fixup_wait3_api_change.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/netkit-rsh-0.17-rexec-ipv6.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/no_pam_build_fix.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rexec.pam delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rexec.xinetd.netkit delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rlogin.pam delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rlogin.xinetd.netkit delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rsh-redone_link_order_file.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rsh.pam delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rsh.xinetd.netkit delete mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb delete mode 100644 meta-networking/recipes-netkit/netkit-rusers/netkit-rusers/0001-Link-with-libtirpc.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rusers/netkit-rusers/rpc.rusersd-Makefile-fix-parallel-build-issue.patch delete mode 100644 meta-networking/recipes-netkit/netkit-rusers/netkit-rusers_0.17.bb delete mode
[oe] dunfell merge request: Nov 14th
The following changes since commit 300be975359fdb3a3b2bf7c6fe15dea7acac575d: libssh2: Backport fix for CVE-2020-22218 (2023-10-21 16:31:35 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded dunfell-next for you to fetch changes up to 9135c7ea7350d5d241f4afc3b28087122ebe2d19: glmark2: fix compatibility with python-3.11 (2023-11-12 10:42:03 -0500) Hitendra Prajapati (1): wireshark: Fix CVE-2023-3649 Khem Raj (1): ibus: Swith to use main branch instead of master Martin Jansa (2): libiio: use main branch instead of master glmark2: fix compatibility with python-3.11 Richard Purdie (1): grubby: Update branchname to match upstream meta-gnome/recipes-support/ibus/ibus.inc | 2 +- meta-initramfs/recipes-devtools/grubby/grubby_git.bb | 2 +- .../recipes-support/wireshark/files/CVE-2023-3649.patch | 231 meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb | 1 + .../files/0001-waflib-fix-compatibility-with-python-3.11.patch | 76 + meta-oe/recipes-benchmark/glmark2/glmark2_git.bb | 5 +- meta-oe/recipes-support/libiio/libiio_git.bb | 2 +- 7 files changed, 314 insertions(+), 5 deletions(-) create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2023-3649.patch create mode 100644 meta-oe/recipes-benchmark/glmark2/files/0001-waflib-fix-compatibility-with-python-3.11.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#106725): https://lists.openembedded.org/g/openembedded-devel/message/106725 Mute This Topic: https://lists.openembedded.org/mt/102594951/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] kirkstone merge request: Nov 8th
The following changes since commit 79a6f60dabad9e5b0e041efa91379447ef030482: mbedtls: upgrade 2.28.2 -> 2.28.5 (2023-10-17 09:07:38 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded kirkstone-next for you to fetch changes up to 7da6cb848bc42b3e6bd5d2b37b52ba75510a6ca0: indent: fix CVE-2023-40305 (2023-11-03 10:52:59 -0400) Beniamin Sandu (1): mbedtls: upgrade 3.4.0 -> 3.5.0 Martin Jansa (1): packagegroup-meta-multimedia: restore x11 restriction for projucer Omkar Patil (1): ntfs-3g-ntfsprogs: Upgrade 2022.5.17 to 2022.10.3 Richard Purdie (3): grubby: Update branchname to match upstream python-blivet: Adapt to upstream branch name changes suiteparse: Adapt to upstream branch name changes Yogita Urade (1): indent: fix CVE-2023-40305 ...3g-ntfsprogs_2022.5.17.bb => ntfs-3g-ntfsprogs_2022.10.3.bb} | 2 +- meta-initramfs/recipes-devtools/grubby/grubby_git.bb | 2 +- .../packagegroups/packagegroup-meta-multimedia.bb | 2 +- ...1-AES-NI-use-target-attributes-for-x86-32-bit-intrinsi.patch | 87 + ...1-aesce-do-not-specify-an-arch-version-when-enabling-c.patch | 33 - ...2-aesce-use-correct-target-attribute-when-building-wit.patch | 34 - .../mbedtls/{mbedtls_3.4.0.bb => mbedtls_3.5.0.bb} | 10 +- meta-oe/recipes-devtools/suitesparse/suitesparse_5.10.1.bb | 2 +- .../recipes-extended/indent/indent/CVE-2023-40305_0001.patch | 4196 ++ .../recipes-extended/indent/indent/CVE-2023-40305_0002.patch | 4254 +++ meta-oe/recipes-extended/indent/indent_2.2.12.bb | 2 + .../recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb | 2 +- 12 files changed, 8546 insertions(+), 80 deletions(-) rename meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/{ntfs-3g-ntfsprogs_2022.5.17.bb => ntfs-3g-ntfsprogs_2022.10.3.bb} (95%) create mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-AES-NI-use-target-attributes-for-x86-32-bit-intrinsi.patch delete mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch delete mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_3.4.0.bb => mbedtls_3.5.0.bb} (87%) create mode 100644 meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0001.patch create mode 100644 meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0002.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#106476): https://lists.openembedded.org/g/openembedded-devel/message/106476 Mute This Topic: https://lists.openembedded.org/mt/102463665/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] kirkstone merge request: Nov 3rd
The following changes since commit 9c5541f7e18a1fac3b8dea71e1ebb8398d58e6ff: python3-django: upgrade 4.2.3 -> 4.2.5 (2023-09-27 10:23:28 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded kirkstone-next for you to fetch changes up to 79a6f60dabad9e5b0e041efa91379447ef030482: mbedtls: upgrade 2.28.2 -> 2.28.5 (2023-10-17 09:07:38 -0400) Denys Dmytriyenko (1): mbedtls: set up /usr/bin/hello as alternative Gianfranco Costamagna (3): mosquitto: do not automatically depend on dlt-daemon, it's a non-mandatory logging system mosquitto: upgrade 2.0.15 -> 2.0.17 mosquitto: upgrade 2.0.17 -> 2.0.18 Joe Slater (1): nginx: add configure option Martin Jansa (1): mosquitto: add missing Upstream-Status Meenali Gupta (1): open-vm-tools: fix CVE-2023-20867 Narpat Mali (1): python3-gevent: fix CVE-2023-41419 Polampalli, Archana (4): samba: fix CVE-2023-34966 samba: fix CVE-2022-2127 samba:fix CVE-2023-34967 samba: fix CVE-2023-34968 Wang Mingyu (1): mosquitto: upgrade 2.0.14 -> 2.0.15 Yi Zhao (1): mbedtls: upgrade 2.28.2 -> 2.28.5 .../mbedtls/{mbedtls_2.28.2.bb => mbedtls_2.28.5.bb} | 7 +- meta-networking/recipes-connectivity/mosquitto/files/2894.patch | 25 ++ meta-networking/recipes-connectivity/mosquitto/files/2895.patch | 27 ++ .../recipes-connectivity/mosquitto/files/mosquitto.init | 20 +- .../mosquitto/{mosquitto_2.0.14.bb => mosquitto_2.0.18.bb} | 6 +- .../recipes-connectivity/samba/samba/CVE-2022-2127.patch | 44 ++ .../recipes-connectivity/samba/samba/CVE-2023-34966_0001.patch | 78 .../recipes-connectivity/samba/samba/CVE-2023-34966_0002.patch | 140 ++ .../recipes-connectivity/samba/samba/CVE-2023-34967_0001.patch | 178 .../recipes-connectivity/samba/samba/CVE-2023-34967_0002.patch | 125 ++ .../recipes-connectivity/samba/samba/CVE-2023-34968_0001.patch | 104 + .../recipes-connectivity/samba/samba/CVE-2023-34968_0002.patch | 39 ++ .../recipes-connectivity/samba/samba/CVE-2023-34968_0003.patch | 65 +++ .../recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch | 85 .../recipes-connectivity/samba/samba/CVE-2023-34968_0005.patch | 83 .../recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch | 57 +++ .../recipes-connectivity/samba/samba/CVE-2023-34968_0007.patch | 49 ++ .../recipes-connectivity/samba/samba/CVE-2023-34968_0008.patch | 62 +++ .../recipes-connectivity/samba/samba/CVE-2023-34968_0009.patch | 465 +++ .../recipes-connectivity/samba/samba/CVE-2023-34968_0010.patch | 484 .../recipes-connectivity/samba/samba/CVE-2023-34968_0011.patch | 295 meta-networking/recipes-connectivity/samba/samba_4.14.14.bb | 16 + .../open-vm-tools/open-vm-tools/CVE-2023-20867.patch | 158 +++ .../recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb | 1 + .../recipes-devtools/python/python3-gevent/CVE-2023-41419.patch | 673 meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb | 2 + .../recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch | 39 ++ meta-webserver/recipes-httpd/nginx/nginx.inc | 3 + 28 files changed, 3316 insertions(+), 14 deletions(-) rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_2.28.2.bb => mbedtls_2.28.5.bb} (91%) create mode 100644 meta-networking/recipes-connectivity/mosquitto/files/2894.patch create mode 100644 meta-networking/recipes-connectivity/mosquitto/files/2895.patch rename meta-networking/recipes-connectivity/mosquitto/{mosquitto_2.0.14.bb => mosquitto_2.0.18.bb} (94%) create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2022-2127.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0001.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0002.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0001.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0002.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0001.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0002.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0003.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0005.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0007.patch create mode 100644
[oe] nanbield merge request: Nov 3rd
The following changes since commit 278c3f75e32f38f71bb52d161fe06bcb6f6bdd2f: kernel-selftest: Build headers before compiling tests (2023-10-04 07:52:49 -0700) are available in the Git repository at: https://git.openembedded.org/meta-openembedded nanbield-next for you to fetch changes up to 1750c66ae8e4268c472c0b2b94748a59d6ef866d: emlog: Add PV (2023-11-01 08:16:30 -0400) Ahmad Fatoum (1): signing.bbclass: don't export OPENSSL environment variables globally Akash Hadke (1): libeigen: Update GPL-3.0-only to GPL-2.0-only Andrew Jeffery (1): mdio-tools: Add virtual/kernel dependency to avoid stale SPDX reference Beniamin Sandu (2): libnet: upgrade version v1.2 -> v1.3 mbedtls: upgrade 3.4.1 -> 3.5.0 Benjamin Bara (1): libvpx: upgrade 1.13.0 -> 1.13.1 Carlos Alberto Lopez Perez (1): libbacktrace: Update version and enable shared library. Charles Perry (2): libosip2: add recipe libexosip2: add recipe Chen Qi (1): libblockdev: fix QA error in case of multilib Chi Xu (1): re2: Add ptest support Christophe Vu-Brugier (4): libnvme: upgrade 1.5 -> 1.6 nvme-cli: upgrade 2.5 -> 2.6 libnvme: apply patch already upstream to fix build with musl exfatprogs: upgrade 1.2.1 -> 1.2.2 Clément Péron (3): Revert "protobuf: stage protoc binary to sysroot" proj: Upgrade to 9.3.0 release pcapplusplus: Add recipe for 23.09 release Daniel Klauer (1): graphviz: Fix build to not use $prefix as search dir Daniel McGregor (1): python3-pylint: allow native build David Pierret (3): libtext: add ptest cjson: Add ptest python3-rapidjson: add missing ptest dependency Denys Zagorui (1): libbpf: add arm, powerpc and mips64 to COMPATIBLE_HOST Etienne Cordonnier (1): uutils-coreutils: upgrade 0.0.21 -> 0.0.22 Fabien Thomas (10): meta-filesystems/layer.conf : Add meta-networking dependency Add static-passwd and static-group files Add static-passwd and static-group files Add static-passwd and static-group files Add static-passwd and static-group files Add static-passwd and static-group files Add static-passwd and static-group files Add static-passwd and static-group files klibc/klibc.inc : Add DEBUG_PREFIX_MAP flag. samba.bb : Disable ad-dc by default Fabio Estevam (1): edid-decode: Upgrade to latest master Gianfranco Costamagna (8): dlt-daemon: Make it work without systemd dlt-daemon: Enable experimental coredumphandler feature dlt-daemon: update patch 544.patch dlt-daemon: do not disable dlt-system build when systemd is set to off dlt-daemon: Add an additional fix for non-systemd builds cpprestsdk: fix typo in comment, tag is actually 2.0.18 vbxguestdrivers: upgrade 7.0.10 -> 7.0.12 cpulimit: add DESCRIPTION field Jeffrey Pautler (1): bolt: change product name used for CVE checking Joe Slater (2): nginx: add configure option python3-pynacl: add RCONFLICTS with python3-nacl Johannes Kauffmann (1): open62541: add Backport status and link to patch Jose Quaresma (4): ostree: Upgrade 2023.5 -> 2023.6 ostree: drop trivial-httpd-cmdline ostree: add ed25519-openssl ostree: Upgrade 2023.6 -> 2023.7 Jörg Sommer (1): collectd: Use https in SRC_URI, add HOMEPAGE Khem Raj (26): python3-pyroute2: Add missing dependency on sqlite3 for ptests python3-pylint: Upgrade to 3.0.0 python3-lz4: use python3-unittest-automake-output minicoredumber: Fix ptest reporting images: Inherit from core-image-base images: Delete layer specific base images images: Rename -image to -image-all images: Rename ptest images to rhyme with oe-core ptest images ptest-image: Switch to using core-image-minimal stressapptest: Upgrade to 1.0.11 release klibc: Upgrade to 2.0.13 release libnvme: Fix test builds on musl kernel-selftest: Build bpf tests again ptest-packagelists-meta-oe: Add kernel-selftest to x86/x86-64 images kernel-selftest: Copy the .config from kernel build kernel-selftest: Use clang options when clang is available libnet-idn-encode: Fix build with perl 2.38 and gcc13 poco: Fix data race when create POSIX thread static-group: Match nogroup id to base-passwd from core. gutenprint: Upgrade to 5.3.4 meta-perl: Add libtext-diff-perl to fast ptest list leveldb: Upgrade to 1.23 plus latest git meta-python: Add python3-rapidjson to PTESTS_FAST_META_PYTHON leveldb: Print uint64_t with PRI64 network-manager-applet,networkmanager-openvpn, networkmanager: Apply linker versioning patch when using lld only emlog: Add PV Lei Maohui (1): gexiv2: Fix do_package QA issue when usrmerge enabled. Leon Anavi (1):
[oe] dunfell merge request: Oct 24th
The following changes since commit 0f10a0d394ddffeeb1db0ea94046d86792d704fe: php: Fix CVE-2023-3824 (2023-09-30 08:55:03 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded dunfell-next for you to fetch changes up to 300be975359fdb3a3b2bf7c6fe15dea7acac575d: libssh2: Backport fix for CVE-2020-22218 (2023-10-21 16:31:35 -0400) Vijay Anusuri (1): libssh2: Backport fix for CVE-2020-22218 meta-oe/recipes-support/libssh2/files/CVE-2020-22218.patch | 39 ++ meta-oe/recipes-support/libssh2/libssh2_1.9.0.bb | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta-oe/recipes-support/libssh2/files/CVE-2020-22218.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105721): https://lists.openembedded.org/g/openembedded-devel/message/105721 Mute This Topic: https://lists.openembedded.org/mt/102156960/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] kirkstone merge request: Oct 21
The following changes since commit 9c5541f7e18a1fac3b8dea71e1ebb8398d58e6ff: python3-django: upgrade 4.2.3 -> 4.2.5 (2023-09-27 10:23:28 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded kirkstone-next for you to fetch changes up to 79a6f60dabad9e5b0e041efa91379447ef030482: mbedtls: upgrade 2.28.2 -> 2.28.5 (2023-10-17 09:07:38 -0400) Denys Dmytriyenko (1): mbedtls: set up /usr/bin/hello as alternative Gianfranco Costamagna (3): mosquitto: do not automatically depend on dlt-daemon, it's a non-mandatory logging system mosquitto: upgrade 2.0.15 -> 2.0.17 mosquitto: upgrade 2.0.17 -> 2.0.18 Joe Slater (1): nginx: add configure option Martin Jansa (1): mosquitto: add missing Upstream-Status Meenali Gupta (1): open-vm-tools: fix CVE-2023-20867 Narpat Mali (1): python3-gevent: fix CVE-2023-41419 Polampalli, Archana (4): samba: fix CVE-2023-34966 samba: fix CVE-2022-2127 samba:fix CVE-2023-34967 samba: fix CVE-2023-34968 Wang Mingyu (1): mosquitto: upgrade 2.0.14 -> 2.0.15 Yi Zhao (1): mbedtls: upgrade 2.28.2 -> 2.28.5 .../mbedtls/{mbedtls_2.28.2.bb => mbedtls_2.28.5.bb} | 7 +- meta-networking/recipes-connectivity/mosquitto/files/2894.patch | 25 ++ meta-networking/recipes-connectivity/mosquitto/files/2895.patch | 27 ++ .../recipes-connectivity/mosquitto/files/mosquitto.init | 20 +- .../mosquitto/{mosquitto_2.0.14.bb => mosquitto_2.0.18.bb} | 6 +- .../recipes-connectivity/samba/samba/CVE-2022-2127.patch | 44 ++ .../recipes-connectivity/samba/samba/CVE-2023-34966_0001.patch | 78 .../recipes-connectivity/samba/samba/CVE-2023-34966_0002.patch | 140 ++ .../recipes-connectivity/samba/samba/CVE-2023-34967_0001.patch | 178 .../recipes-connectivity/samba/samba/CVE-2023-34967_0002.patch | 125 ++ .../recipes-connectivity/samba/samba/CVE-2023-34968_0001.patch | 104 + .../recipes-connectivity/samba/samba/CVE-2023-34968_0002.patch | 39 ++ .../recipes-connectivity/samba/samba/CVE-2023-34968_0003.patch | 65 +++ .../recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch | 85 .../recipes-connectivity/samba/samba/CVE-2023-34968_0005.patch | 83 .../recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch | 57 +++ .../recipes-connectivity/samba/samba/CVE-2023-34968_0007.patch | 49 ++ .../recipes-connectivity/samba/samba/CVE-2023-34968_0008.patch | 62 +++ .../recipes-connectivity/samba/samba/CVE-2023-34968_0009.patch | 465 +++ .../recipes-connectivity/samba/samba/CVE-2023-34968_0010.patch | 484 .../recipes-connectivity/samba/samba/CVE-2023-34968_0011.patch | 295 meta-networking/recipes-connectivity/samba/samba_4.14.14.bb | 16 + .../open-vm-tools/open-vm-tools/CVE-2023-20867.patch | 158 +++ .../recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb | 1 + .../recipes-devtools/python/python3-gevent/CVE-2023-41419.patch | 673 meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb | 2 + .../recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch | 39 ++ meta-webserver/recipes-httpd/nginx/nginx.inc | 3 + 28 files changed, 3316 insertions(+), 14 deletions(-) rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_2.28.2.bb => mbedtls_2.28.5.bb} (91%) create mode 100644 meta-networking/recipes-connectivity/mosquitto/files/2894.patch create mode 100644 meta-networking/recipes-connectivity/mosquitto/files/2895.patch rename meta-networking/recipes-connectivity/mosquitto/{mosquitto_2.0.14.bb => mosquitto_2.0.18.bb} (94%) create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2022-2127.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0001.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0002.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0001.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0002.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0001.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0002.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0003.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0005.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0007.patch create mode 100644
[oe] mickledore merge request: Oct 17th
The following changes since commit 922f41b39f364e5b6be596b4b51e0fb37ffe1971: x11vnc: Fix CVE-2020-29074 (2023-09-27 07:40:56 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded mickledore-next for you to fetch changes up to 39968837196cb48209b71e8852dd04a2f8ccdca8: nginx: add configure option (2023-10-15 19:09:42 -0400) Changqing Li (1): redis: upgrade 7.0.12 -> 7.0.13 Joe Slater (2): python3-inotify: fix tests nginx: add configure option Khem Raj (1): kernel-selftest: Build headers before compiling tests Meenali Gupta (1): lldpd: upgrade 1.0.16 -> 1.0.17 Robert Yang (1): frr: Fix CVE-2023-41358 and CVE-2023-41360 Yi Zhao (1): frr: Security fix CVE-2023-38802 .../recipes-daemons/lldpd/{lldpd_1.0.16.bb => lldpd_1.0.17.bb} | 2 +- meta-networking/recipes-protocols/frr/frr/CVE-2023-38802.patch | 139 +++ meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch | 106 + meta-networking/recipes-protocols/frr/frr/CVE-2023-41360.patch | 35 ++ meta-networking/recipes-protocols/frr/frr_8.4.4.bb | 3 + .../0001-src-Do-not-reset-FINAL_LIBS.patch | 0 .../0006-Define-correct-gregs-for-RISCV32.patch | 0 .../redis/{redis-7.0.12 => redis-7.0.13}/GNU_SOURCE-7.patch | 0 .../hiredis-use-default-CC-if-it-is-set.patch | 0 .../redis/{redis-7.0.12 => redis-7.0.13}/init-redis-server | 0 .../lua-update-Makefile-to-use-environment-build-setting.patch | 0 .../{redis-7.0.12 => redis-7.0.13}/oe-use-libc-malloc.patch | 0 .../redis/{redis-7.0.12 => redis-7.0.13}/redis.conf | 0 .../redis/{redis-7.0.12 => redis-7.0.13}/redis.service | 0 .../recipes-extended/redis/{redis_7.0.12.bb => redis_7.0.13.bb} | 2 +- meta-oe/recipes-kernel/kernel-selftest/kernel-selftest.bb | 2 +- .../python/python3-inotify/new-test-inotify.patch | 620 meta-python/recipes-devtools/python/python3-inotify_git.bb | 1 + .../recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch | 39 ++ meta-webserver/recipes-httpd/nginx/nginx.inc | 3 + 20 files changed, 949 insertions(+), 3 deletions(-) rename meta-networking/recipes-daemons/lldpd/{lldpd_1.0.16.bb => lldpd_1.0.17.bb} (96%) create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-38802.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-41360.patch rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/0001-src-Do-not-reset-FINAL_LIBS.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/0006-Define-correct-gregs-for-RISCV32.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/GNU_SOURCE-7.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/hiredis-use-default-CC-if-it-is-set.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/init-redis-server (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/lua-update-Makefile-to-use-environment-build-setting.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/oe-use-libc-malloc.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/redis.conf (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/redis.service (100%) rename meta-oe/recipes-extended/redis/{redis_7.0.12.bb => redis_7.0.13.bb} (96%) create mode 100644 meta-python/recipes-devtools/python/python3-inotify/new-test-inotify.patch create mode 100644 meta-webserver/recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105552): https://lists.openembedded.org/g/openembedded-devel/message/105552 Mute This Topic: https://lists.openembedded.org/mt/102016189/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe] nanbield merge request: Oct 11th ( master sync)
On 10/11/23 1:49 PM, Khem Raj wrote: merged thanks Armin. I think we might need another sync with master after this. yep. was planning to. br, Armin On Wed, Oct 11, 2023 at 5:37 AM akuster808 wrote: The following changes since commit 3dd5d208be018f0f676d1adfceb9c22f19ad2ffe: meta-openemnedded: Add myself as nanbield maintainer (2023-09-25 11:39:20 -0700) are available in the Git repository at: https://git.openembedded.org/meta-openembedded nanbield-next for you to fetch changes up to 278c3f75e32f38f71bb52d161fe06bcb6f6bdd2f: kernel-selftest: Build headers before compiling tests (2023-10-04 07:52:49 -0700) Alex Kiernan (2): mdns: Upgrade 1790.80.10 -> 2200.0.8 jq: Upgrade 1.6+git -> 1.7 Archana Polampalli (1): nodejs: upgrade 18.17.1 -> 20.5.1 Bruce Ashfield (2): zfs: update to v2.2.0-rc4 vboxguestdrivers: fix kernel v6.5 build Clément Péron (6): etcd-cpp-apiv3: upgrade 0.14.3 -> 0.15.3 devtools: grpc: bump to 1.56.2 protobuf: upgrade 4.22.2 -> 4.23.4 protobuf-c: bump to next release to support protobuf 4.23.x mariadb: add missing in rocksdb string_util.h etcd-cpp-apiv3: fix build when gRPC is cross compiled Derek Straka (32): python3-apiflask: Update version 2.0.1 -> 2.0.2 python3-argh: Update version 0.29.3 -> 0.29.4 python3-async-timeout: remove old version of the library python3-pydantic: Update version 1.10.7 -> 2.4.1 python3-pyhamcrest: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX python3-pyasn1-modules: Update version 0.2.8 -> 0.3.0 python-pyiface: Update version from git -> 0.0.11 python3-pymysql: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX python3-pymysql: update verion 1.0.2 -> 1.1.0 python3-pyproj: update version 3.6.0 -> 3.6.1 python3-pyproject-api: update version 1.5.1 -> 1.6.1 python3-redis: update version 5.0.0 -> 5.0.1 python3-traitlets: update version 5.9.0 -> 5.10.1 python3-xxhash: update version 3.2.0 -> 3.3.0 python3-pyzmq: update version 25.0.0 -> 25.1.1 python3-cachecontrol: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX python3-flask-babel: update version 2.0.0 -> 3.1.0 python3-idna-ssl: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX python3-ninja-syntax: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX python3-prettytable: update version 3.6.0 -> 3.9.0 python3-pytz-deprecation-shim: Remove outdated recipe meant to be a short lived shim python3-tzlocal: Remove dependency on pytz_deprecation_shim removed in release 5.0 python3-astroid: update version 2.16.6 -> 3.0.0 python3-flask: update version 2.3.2 -> 2.3.3 python3-google-api-core: update version 2.12.0 python3-google-api-python-client: update version 2.100.0 -> 2.101.0 python3-google-auth: update version 2.23.0 -> 2.23.1 python3-parse-type: update version 0.5.2 -> 0.6.2 python3-nacl: Add recipe for the latest release of PyNaCl python3-botocore: add recipe for latest version of botocore python3-boto3: add recipe for latest version of boto3 python3-flask-cors: add initial version of the recipe for 4.0.0 Gianfranco Costamagna (1): mosquitto: upgrade 2.0.17 -> 2.0.18 Jeffrey Pautler (1): bolt: disable CVE checking for this recipe Khem Raj (14): mozjs-115: Apply autoconf tuple mismatch fix cpp-netlib: Fix build with boost 1.80+ cpp-netlib: Fix buildpaths in generated cmake files python3-pybluez: Fix patch upstream-status python3-pynetlinux: Fix patch upstream-status libnet-idn-encode: Add recipe libio-socket-ssl-perl: Change libnet-libidn-perl->libnet-idn-encode rdep for ptests libnfs: Drop -Wno-implicit-function-declaration webkitgtk3: Do not use musttail with clang on arm fftw: Fix ptest result reporting nodejs: Fix ptest result reporting relayd: Update to latest tip of trunk relayd: Fix build with clang kernel-selftest: Build headers before compiling tests Markus Volk (7): gedit: Upgrade 44.2 -> 46.1 tepl: Upgrade 6.4.0 -> 6.8.0 libblockdev: Upgrade 2.28 -> 3.03 udisks2: Upgrade 2.9.4 -> 2.10.1 mozjs: Upgrade 102.15.0 -> 102.15.1 libnfs: dont install libnfs-config.cmake gnome-remote-desktop: Upgrade 44.2 -> 45.0 Martin Jansa (9): gupnp: fix build with meson-1.2.0 minifi-cpp, mozjs-115, redis-7.2.1, pv: add missing Upstream-Status mozjs: fix filename in MULTILIB_SCRIPTS gupnp-tools: fix build with meson-1.2.0
[oe] nanbield merge request: Oct 11th ( master sync)
The following changes since commit 3dd5d208be018f0f676d1adfceb9c22f19ad2ffe: meta-openemnedded: Add myself as nanbield maintainer (2023-09-25 11:39:20 -0700) are available in the Git repository at: https://git.openembedded.org/meta-openembedded nanbield-next for you to fetch changes up to 278c3f75e32f38f71bb52d161fe06bcb6f6bdd2f: kernel-selftest: Build headers before compiling tests (2023-10-04 07:52:49 -0700) Alex Kiernan (2): mdns: Upgrade 1790.80.10 -> 2200.0.8 jq: Upgrade 1.6+git -> 1.7 Archana Polampalli (1): nodejs: upgrade 18.17.1 -> 20.5.1 Bruce Ashfield (2): zfs: update to v2.2.0-rc4 vboxguestdrivers: fix kernel v6.5 build Clément Péron (6): etcd-cpp-apiv3: upgrade 0.14.3 -> 0.15.3 devtools: grpc: bump to 1.56.2 protobuf: upgrade 4.22.2 -> 4.23.4 protobuf-c: bump to next release to support protobuf 4.23.x mariadb: add missing in rocksdb string_util.h etcd-cpp-apiv3: fix build when gRPC is cross compiled Derek Straka (32): python3-apiflask: Update version 2.0.1 -> 2.0.2 python3-argh: Update version 0.29.3 -> 0.29.4 python3-async-timeout: remove old version of the library python3-pydantic: Update version 1.10.7 -> 2.4.1 python3-pyhamcrest: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX python3-pyasn1-modules: Update version 0.2.8 -> 0.3.0 python-pyiface: Update version from git -> 0.0.11 python3-pymysql: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX python3-pymysql: update verion 1.0.2 -> 1.1.0 python3-pyproj: update version 3.6.0 -> 3.6.1 python3-pyproject-api: update version 1.5.1 -> 1.6.1 python3-redis: update version 5.0.0 -> 5.0.1 python3-traitlets: update version 5.9.0 -> 5.10.1 python3-xxhash: update version 3.2.0 -> 3.3.0 python3-pyzmq: update version 25.0.0 -> 25.1.1 python3-cachecontrol: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX python3-flask-babel: update version 2.0.0 -> 3.1.0 python3-idna-ssl: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX python3-ninja-syntax: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX python3-prettytable: update version 3.6.0 -> 3.9.0 python3-pytz-deprecation-shim: Remove outdated recipe meant to be a short lived shim python3-tzlocal: Remove dependency on pytz_deprecation_shim removed in release 5.0 python3-astroid: update version 2.16.6 -> 3.0.0 python3-flask: update version 2.3.2 -> 2.3.3 python3-google-api-core: update version 2.12.0 python3-google-api-python-client: update version 2.100.0 -> 2.101.0 python3-google-auth: update version 2.23.0 -> 2.23.1 python3-parse-type: update version 0.5.2 -> 0.6.2 python3-nacl: Add recipe for the latest release of PyNaCl python3-botocore: add recipe for latest version of botocore python3-boto3: add recipe for latest version of boto3 python3-flask-cors: add initial version of the recipe for 4.0.0 Gianfranco Costamagna (1): mosquitto: upgrade 2.0.17 -> 2.0.18 Jeffrey Pautler (1): bolt: disable CVE checking for this recipe Khem Raj (14): mozjs-115: Apply autoconf tuple mismatch fix cpp-netlib: Fix build with boost 1.80+ cpp-netlib: Fix buildpaths in generated cmake files python3-pybluez: Fix patch upstream-status python3-pynetlinux: Fix patch upstream-status libnet-idn-encode: Add recipe libio-socket-ssl-perl: Change libnet-libidn-perl->libnet-idn-encode rdep for ptests libnfs: Drop -Wno-implicit-function-declaration webkitgtk3: Do not use musttail with clang on arm fftw: Fix ptest result reporting nodejs: Fix ptest result reporting relayd: Update to latest tip of trunk relayd: Fix build with clang kernel-selftest: Build headers before compiling tests Markus Volk (7): gedit: Upgrade 44.2 -> 46.1 tepl: Upgrade 6.4.0 -> 6.8.0 libblockdev: Upgrade 2.28 -> 3.03 udisks2: Upgrade 2.9.4 -> 2.10.1 mozjs: Upgrade 102.15.0 -> 102.15.1 libnfs: dont install libnfs-config.cmake gnome-remote-desktop: Upgrade 44.2 -> 45.0 Martin Jansa (9): gupnp: fix build with meson-1.2.0 minifi-cpp, mozjs-115, redis-7.2.1, pv: add missing Upstream-Status mozjs: fix filename in MULTILIB_SCRIPTS gupnp-tools: fix build with meson-1.2.0 gnome-tweaks, networkmanager-fortisslvpn, libesmtp, json-schema-validator, python3-pybluez, python3-pynetlinux, apache2: Fix Malformed Upstream-Status mozjs: use PV in MULTILIB_SCRIPTS mosquitto, etcd-cpp-apiv3: add missing Upstream-Status meta-oe/dynamic-layers: add Upstream-Status where missing
Re: [oe] What are the plans for the nanbield branch?
On 10/5/23 7:01 AM, Peter Kjellerstedt wrote: Khem and Armin, what are the plans for the nanbield branch, given that is was branched off long before the actual Nanbield release? Do you plan on merging master into it once Nanbield is released, or will it stay as it is and relevant parts will have to be backported? I started a stable/nanbield-nut with a sync to the tip of master. That will most likely be the starting point depending on when 4.3 is released. I might sync once more. The reason I ask is because I am currently working on preparing our layers for the upgrade to Nanbield and currently there is quite a big difference between the nanbield branch and the master branch in meta-openembedded. Thus it would help to know if should continue to track the master branch for meta-openembedded, or if I should revert to the nanbield branch. Typically if there are no new applications added after a new stable branch is released, the first few merges tend to be in line with master. hope this helps, Armin //Peter -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105358): https://lists.openembedded.org/g/openembedded-devel/message/105358 Mute This Topic: https://lists.openembedded.org/mt/101777064/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] dunfell merge request: Oct 3rd
The following changes since commit e42d1e758f9f08b98c0e8c6f0532316951bb276f: postgresql: refresh patches (2023-09-09 12:52:03 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded dunfell-next for you to fetch changes up to 0f10a0d394ddffeeb1db0ea94046d86792d704fe: php: Fix CVE-2023-3824 (2023-09-30 08:55:03 -0400) Bhargav Das (1): iperf3: Fix CVE-2023-38403 Hitendra Prajapati (1): wireshark: Fix CVE-2023-2906 Kirill Esipov (1): catch2: switch from master to v2.x branch Priyal Doshi (1): open-vm-tools: Security fix for CVE-2023-20900 Siddharth Doshi (1): php: Fix CVE-2023-3824 meta-networking/recipes-support/wireshark/files/CVE-2023-2906.patch | 38 +++ meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb | 1 + meta-oe/recipes-benchmark/iperf3/iperf3/0001-Fix-memory-allocation-hazard-1542-.-1543.patch | 46 +++ meta-oe/recipes-benchmark/iperf3/iperf3_3.7.bb | 1 + meta-oe/recipes-devtools/php/php/CVE-2023-3824.patch | 91 ++ meta-oe/recipes-devtools/php/php_7.4.33.bb | 1 + .../open-vm-tools/0001-Allow-only-X509-certs-to-verify-the-SAML-token-signa.patch | 35 ++ meta-oe/recipes-support/open-vm-tools/open-vm-tools_11.0.1.bb | 1 + meta-oe/recipes-test/catch2/catch2_2.9.2.bb | 2 +- 9 files changed, 215 insertions(+), 1 deletion(-) create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2023-2906.patch create mode 100644 meta-oe/recipes-benchmark/iperf3/iperf3/0001-Fix-memory-allocation-hazard-1542-.-1543.patch create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2023-3824.patch create mode 100644 meta-oe/recipes-support/open-vm-tools/open-vm-tools/0001-Allow-only-X509-certs-to-verify-the-SAML-token-signa.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105323): https://lists.openembedded.org/g/openembedded-devel/message/105323 Mute This Topic: https://lists.openembedded.org/mt/101733882/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] kirkstone merge request: Sept 30th
The following changes since commit a88cb922f91fda95e8a584cee3092083d5ad3e98: hwloc: fix CVE-2022-47022 (2023-09-06 09:13:26 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded kirkstone-next for you to fetch changes up to 9c5541f7e18a1fac3b8dea71e1ebb8398d58e6ff: python3-django: upgrade 4.2.3 -> 4.2.5 (2023-09-27 10:23:28 -0400) ---- Armin Kuster (2): frr: Fix CVE-2023-41909 openldap: update to 2.5.16 Hitendra Prajapati (1): wireshark: Fix CVE-2023-2906 Jose Quaresma (1): opensc: ignore CVE-2021-34193 Khem Raj (1): freeglut: Add packageconfigs for x11/wayland/gles Mingli Yu (1): hdf5: Fix CVE-2021-37501 Narpat Mali (3): python3-django: fix CVE-2023-41164 python3-django: upgrade 3.2.20 -> 3.2.21 python3-django: upgrade 4.2.3 -> 4.2.5 Polampalli, Archana (1): redis: upgrade 7.0.12 -> 7.0.13 Shinu Chandran (1): c-ares: CVE-ID correction for CVE-2022-4904 Soumya Sambu (1): rabbitmq-c: Fix CVE-2023-35789 meta-networking/recipes-protocols/frr/frr/CVE-2023-41909.patch | 42 + meta-networking/recipes-protocols/frr/frr_8.2.2.bb | 1 + .../recipes-support/wireshark/files/CVE-2023-2906.patch | 38 meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb | 1 + .../recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch | 135 meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb | 4 +- .../0001-src-Do-not-reset-FINAL_LIBS.patch | 0 .../0006-Define-correct-gregs-for-RISCV32.patch | 0 .../redis/{redis-7.0.12 => redis-7.0.13}/GNU_SOURCE-7.patch | 0 .../hiredis-use-default-CC-if-it-is-set.patch | 0 .../redis/{redis-7.0.12 => redis-7.0.13}/init-redis-server | 0 .../lua-update-Makefile-to-use-environment-build-setting.patch | 0 .../{redis-7.0.12 => redis-7.0.13}/oe-use-libc-malloc.patch | 0 .../redis/{redis-7.0.12 => redis-7.0.13}/redis.conf | 0 .../redis/{redis-7.0.12 => redis-7.0.13}/redis.service | 0 .../recipes-extended/redis/{redis_7.0.12.bb => redis_7.0.13.bb} | 2 +- meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb | 18 +++- meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch | 2 +- meta-oe/recipes-support/hdf5/files/CVE-2021-37501.patch | 37 meta-oe/recipes-support/hdf5/hdf5_1.8.21.bb | 1 + .../openldap/0001-ldif-filter-fix-parallel-build-failure.patch | 32 --- .../0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch | 33 --- ...1-librewrite-include-ldap_pvt_thread.h-before-redefini.patch | 54 --- meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch | 30 --- meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch | 76 .../openldap/{openldap_2.5.12.bb => openldap_2.5.16.bb} | 7 +- meta-oe/recipes-support/opensc/opensc_0.22.0.bb | 5 ++ .../recipes-devtools/python/python3-django/CVE-2023-41164.patch | 105 ++ meta-python/recipes-devtools/python/python3-django_2.2.28.bb | 1 + .../{python3-django_3.2.20.bb => python3-django_3.2.21.bb} | 4 +- .../python/{python3-django_4.2.3.bb => python3-django_4.2.5.bb} | 4 +- 31 files changed, 390 insertions(+), 242 deletions(-) create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-41909.patch create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2023-2906.patch create mode 100644 meta-oe/recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/0001-src-Do-not-reset-FINAL_LIBS.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/0006-Define-correct-gregs-for-RISCV32.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/GNU_SOURCE-7.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/hiredis-use-default-CC-if-it-is-set.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/init-redis-server (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/lua-update-Makefile-to-use-environment-build-setting.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/oe-use-libc-malloc.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/redis.conf (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.12 => redis-7.0.13}/redis.service (100%) rename meta-oe/recipes-extended/redis/{redis_7.0.12.bb => redis_7.0.13.bb} (96%) create mode 100644 meta-oe/recipes-support/hdf5/files/CVE-2021-37501.patch delete mode 100644 meta-oe/recipes-support/openldap/openldap/
[oe] [meta-oe][kirkstone][PATCH] openldap: update to 2.5.16
2.5.x is an LTS version per the project. Drop patch now included. Signed-off-by: Armin Kuster --- ...if-filter-fix-parallel-build-failure.patch | 32 ...-Makefile.in-ignore-the-mkdir-errors.patch | 33 ...de-ldap_pvt_thread.h-before-redefini.patch | 54 - .../openldap/openldap/CVE-2023-2953-1.patch | 30 .../openldap/openldap/CVE-2023-2953-2.patch | 76 --- ...{openldap_2.5.12.bb => openldap_2.5.16.bb} | 7 +- 6 files changed, 1 insertion(+), 231 deletions(-) delete mode 100644 meta-oe/recipes-support/openldap/openldap/0001-ldif-filter-fix-parallel-build-failure.patch delete mode 100644 meta-oe/recipes-support/openldap/openldap/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch delete mode 100644 meta-oe/recipes-support/openldap/openldap/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch delete mode 100644 meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch delete mode 100644 meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch rename meta-oe/recipes-support/openldap/{openldap_2.5.12.bb => openldap_2.5.16.bb} (96%) diff --git a/meta-oe/recipes-support/openldap/openldap/0001-ldif-filter-fix-parallel-build-failure.patch b/meta-oe/recipes-support/openldap/openldap/0001-ldif-filter-fix-parallel-build-failure.patch deleted file mode 100644 index b42bd9764f..00 --- a/meta-oe/recipes-support/openldap/openldap/0001-ldif-filter-fix-parallel-build-failure.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 9e4ccd1e78ceac8de1ab66ee62ee216f1fbd4956 Mon Sep 17 00:00:00 2001 -From: Yi Zhao -Date: Thu, 2 Dec 2021 11:38:15 +0800 -Subject: [PATCH] ldif-filter: fix parallel build failure - -Add slapd-common.o as dependency for ldif-filter to fix the parallel -build failure: - ld: cannot find slapd-common.o: No such file or directory - -Upstream-Status: Pending - -Signed-off-by: Yi Zhao - tests/progs/Makefile.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/progs/Makefile.in b/tests/progs/Makefile.in -index 13f1e8be2..e4f4ccf98 100644 a/tests/progs/Makefile.in -+++ b/tests/progs/Makefile.in -@@ -56,7 +56,7 @@ slapd-modify: slapd-modify.o $(OBJS) $(XLIBS) - slapd-bind: slapd-bind.o $(OBJS) $(XLIBS) - $(LTLINK) -o $@ slapd-bind.o $(OBJS) $(LIBS) - --ldif-filter: ldif-filter.o $(XLIBS) -+ldif-filter: ldif-filter.o $(OBJS) $(XLIBS) - $(LTLINK) -o $@ ldif-filter.o $(OBJS) $(LIBS) - - slapd-mtread: slapd-mtread.o $(OBJS) $(XLIBS) --- -2.25.1 - diff --git a/meta-oe/recipes-support/openldap/openldap/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch b/meta-oe/recipes-support/openldap/openldap/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch deleted file mode 100644 index 552726bb0a..00 --- a/meta-oe/recipes-support/openldap/openldap/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 690f69791eb6cd0d7e94b4d73219ee864de27f62 Mon Sep 17 00:00:00 2001 -From: Yi Zhao -Date: Mon, 10 Jan 2022 10:13:51 +0800 -Subject: [PATCH] libraries/Makefile.in: ignore the mkdir errors - -Ignore the mkdir errors to fix the parallel build failure: - -../../build/shtool mkdir -p TOPDIR/tmp-glibc/work/cortexa15t2hf-neon-wrs-linux-gnueabi/openldap/2.5.9-r0/image/usr/lib -mkdir: cannot create directory 'TOPDIR/tmp-glibc/work/cortexa15t2hf-neon-wrs-linux-gnueabi/openldap/2.5.9-r0/image/usr/lib': File exists - -Upstream-Status: Pending - -Signed-off-by: Yi Zhao - libraries/Makefile.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libraries/Makefile.in b/libraries/Makefile.in -index d9cb2ff..c6b251f 100644 a/libraries/Makefile.in -+++ b/libraries/Makefile.in -@@ -24,7 +24,7 @@ PKGCONFIG_DIR=$(DESTDIR)$(libdir)/pkgconfig - PKGCONFIG_SRCDIRS=liblber libldap - - install-local: -- @$(MKDIR) $(PKGCONFIG_DIR) -+ @-$(MKDIR) $(PKGCONFIG_DIR) - @for i in $(PKGCONFIG_SRCDIRS); do \ - $(INSTALL_DATA) $$i/*.pc $(PKGCONFIG_DIR); \ - done --- -2.17.1 - diff --git a/meta-oe/recipes-support/openldap/openldap/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch b/meta-oe/recipes-support/openldap/openldap/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch deleted file mode 100644 index bcd1525b67..00 --- a/meta-oe/recipes-support/openldap/openldap/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 79381ab335898c9184e22dd25b544adefa9bf6c5 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Mon, 7 Feb 2022 16:26:57 -0800 -Subject: [PATCH] librewrite: include ldap_pvt_thread.h before redefining - calloc - -This helps compiling with musl, where sched.h is included by -ldap_pvt_thread.h which provides prototype for calloc() and conflicts - -/usr/include/sched.h:84:7: error: conflicting types for 'ber_memcalloc' -| void *calloc(size_t, size_t); -| ^1 -| warning and 1
[oe] mickledore merge request: Sept 27th
The following changes since commit 32c529d435c45e60151c714936d451ed9e341466: poppler: fix CVE-2023-34872 (2023-09-19 07:22:00 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded mickledore-next for you to fetch changes up to 922f41b39f364e5b6be596b4b51e0fb37ffe1971: x11vnc: Fix CVE-2020-29074 (2023-09-27 07:40:56 -0400) Armin Kuster (1): openldap: update to 2.5.16. Lee Chee Yang (2): opensc: fix CVE-2023-2977 x11vnc: Fix CVE-2020-29074 Sanjay Chitroda (1): netkit-telnet: Fix CVE-2022-39028 .../recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch | 53 .../recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb | 1 + meta-oe/recipes-graphics/x11vnc/files/CVE-2020-29074.patch | 27 +++ meta-oe/recipes-graphics/x11vnc/x11vnc_0.9.16.bb | 1 + .../0001-configure-Pass-pthread_t-to-pthread_detach.patch | 32 - .../openldap/{openldap_2.5.13.bb => openldap_2.5.16.bb} | 3 +- meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch | 54 + meta-oe/recipes-support/opensc/opensc_0.23.0.bb | 1 + 8 files changed, 138 insertions(+), 34 deletions(-) create mode 100644 meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch create mode 100644 meta-oe/recipes-graphics/x11vnc/files/CVE-2020-29074.patch delete mode 100644 meta-oe/recipes-support/openldap/openldap/0001-configure-Pass-pthread_t-to-pthread_detach.patch rename meta-oe/recipes-support/openldap/{openldap_2.5.13.bb => openldap_2.5.16.bb} (98%) create mode 100644 meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105190): https://lists.openembedded.org/g/openembedded-devel/message/105190 Mute This Topic: https://lists.openembedded.org/mt/101615353/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][mickledore][PATCH 1/2] opensc: fix CVE-2023-2977
From: Lee Chee Yang Signed-off-by: Lee Chee Yang Signed-off-by: Khem Raj (cherry picked from commit 44b00373094f845e71575d9d6f5c54b038f3a21a) Signed-off-by: Armin Kuster --- .../opensc/files/CVE-2023-2977.patch | 54 +++ .../recipes-support/opensc/opensc_0.23.0.bb | 1 + 2 files changed, 55 insertions(+) create mode 100644 meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch diff --git a/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch b/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch new file mode 100644 index 00..165fc316bf --- /dev/null +++ b/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch @@ -0,0 +1,54 @@ +CVE: CVE-2023-2977 +Upstream-Status: Backport [ https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a ] +Signed-off-by: Lee Chee Yang + + +From 81944d1529202bd28359bede57c0a15deb65ba8a Mon Sep 17 00:00:00 2001 +From: fullwaywang +Date: Mon, 29 May 2023 10:38:48 +0800 +Subject: [PATCH] pkcs15init: correct left length calculation to fix buffer + overrun bug. Fixes #2785 + +--- + src/pkcs15init/pkcs15-cardos.c | 10 +- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/pkcs15init/pkcs15-cardos.c b/src/pkcs15init/pkcs15-cardos.c +index 9715cf390f..f41f73c349 100644 +--- a/src/pkcs15init/pkcs15-cardos.c b/src/pkcs15init/pkcs15-cardos.c +@@ -872,7 +872,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card) + sc_apdu_t apdu; + u8rbuf[SC_MAX_APDU_BUFFER_SIZE]; + int r; +- const u8 *p = rbuf, *q; ++ const u8 *p = rbuf, *q, *pp; + size_tlen, tlen = 0, ilen = 0; + + sc_format_apdu(card, , SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x88); +@@ -888,13 +888,13 @@ static int cardos_have_verifyrc_package(sc_card_t *card) + return 0; + + while (len != 0) { +- p = sc_asn1_find_tag(card->ctx, p, len, 0xe1, ); +- if (p == NULL) ++ pp = sc_asn1_find_tag(card->ctx, p, len, 0xe1, ); ++ if (pp == NULL) + return 0; + if (card->type == SC_CARD_TYPE_CARDOS_M4_3) { + /* the verifyRC package on CardOS 4.3B use Manufacturer ID 0x01 */ + /* and Package Number 0x07 */ +- q = sc_asn1_find_tag(card->ctx, p, tlen, 0x01, ); ++ q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x01, ); + if (q == NULL || ilen != 4) + return 0; + if (q[0] == 0x07) +@@ -902,7 +902,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card) + } else if (card->type == SC_CARD_TYPE_CARDOS_M4_4) { + /* the verifyRC package on CardOS 4.4 use Manufacturer ID 0x03 */ + /* and Package Number 0x02 */ +- q = sc_asn1_find_tag(card->ctx, p, tlen, 0x03, ); ++ q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x03, ); + if (q == NULL || ilen != 4) + return 0; + if (q[0] == 0x02) diff --git a/meta-oe/recipes-support/opensc/opensc_0.23.0.bb b/meta-oe/recipes-support/opensc/opensc_0.23.0.bb index f68107df87..b3fc1f0458 100644 --- a/meta-oe/recipes-support/opensc/opensc_0.23.0.bb +++ b/meta-oe/recipes-support/opensc/opensc_0.23.0.bb @@ -16,6 +16,7 @@ SRCREV = "5497519ea6b4af596628f8f8f2f904bacaa3148f" SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \ file://0001-pkcs11-tool-Fix-private-key-import.patch \ file://0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch \ + file://CVE-2023-2977.patch \ " DEPENDS = "virtual/libiconv openssl" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105107): https://lists.openembedded.org/g/openembedded-devel/message/105107 Mute This Topic: https://lists.openembedded.org/mt/101556730/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][mickledore][PATCH 2/2] x11vnc: Fix CVE-2020-29074
From: Lee Chee Yang Signed-off-by: Lee Chee Yang Signed-off-by: Khem Raj (cherry picked from commit dbdea59838054f9c908533d486cf3c0c2897c791) Signed-off-by: Armin Kuster --- .../x11vnc/files/CVE-2020-29074.patch | 27 +++ .../recipes-graphics/x11vnc/x11vnc_0.9.16.bb | 1 + 2 files changed, 28 insertions(+) create mode 100644 meta-oe/recipes-graphics/x11vnc/files/CVE-2020-29074.patch diff --git a/meta-oe/recipes-graphics/x11vnc/files/CVE-2020-29074.patch b/meta-oe/recipes-graphics/x11vnc/files/CVE-2020-29074.patch new file mode 100644 index 00..fbdb9123cc --- /dev/null +++ b/meta-oe/recipes-graphics/x11vnc/files/CVE-2020-29074.patch @@ -0,0 +1,27 @@ +CVE: CVE-2020-29074 +Upstream-Status: Backport [https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a ] +Signed-off-by: Lee Chee Yang + + +From 69eeb9f7baa14ca03b16c9de821f9876def7a36a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Gu=C3=A9nal=20DAVALAN?= +Date: Wed, 18 Nov 2020 08:40:45 +0100 +Subject: [PATCH] scan: limit access to shared memory segments to current user + +--- + src/scan.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/scan.c b/src/scan.c +index 43e00d20..12994d52 100644 +--- a/src/scan.c b/src/scan.c +@@ -320,7 +320,7 @@ static int shm_create(XShmSegmentInfo *shm, XImage **ximg_ptr, int w, int h, + + #if HAVE_XSHM + shm->shmid = shmget(IPC_PRIVATE, +- xim->bytes_per_line * xim->height, IPC_CREAT | 0777); ++ xim->bytes_per_line * xim->height, IPC_CREAT | 0600); + + if (shm->shmid == -1) { + rfbErr("shmget(%s) failed.\n", name); diff --git a/meta-oe/recipes-graphics/x11vnc/x11vnc_0.9.16.bb b/meta-oe/recipes-graphics/x11vnc/x11vnc_0.9.16.bb index 5f7c0beb66..be9ef3cbaa 100644 --- a/meta-oe/recipes-graphics/x11vnc/x11vnc_0.9.16.bb +++ b/meta-oe/recipes-graphics/x11vnc/x11vnc_0.9.16.bb @@ -12,6 +12,7 @@ PV .= "+git${SRCPV}" SRC_URI = "git://github.com/LibVNC/x11vnc;branch=master;protocol=https \ file://starting-fix.patch \ + file://CVE-2020-29074.patch \ " S = "${WORKDIR}/git" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105108): https://lists.openembedded.org/g/openembedded-devel/message/105108 Mute This Topic: https://lists.openembedded.org/mt/101556731/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][mickledore][PATCH] netkit-telnet: Fix CVE-2022-39028
From: Sanjay Chitroda References: https://nvd.nist.gov/vuln/detail/CVE-2022-39028 https://security-tracker.debian.org/tracker/CVE-2022-39028 Upstream Patch: https://cgit.freebsd.org/src/commit/?id=6914ffef4e23 - Patch is adopted from FreeBSD, as same vulnerability of telnetd is applicable to FreeBSD and netkit-telnet packages. Signed-off-by: Sanjay Chitroda Signed-off-by: Khem Raj (cherry picked from commit d629fe71e4242fc0557f5668d9f223777eb60a0f) Signed-off-by: Armin Kuster --- .../netkit-telnet/files/CVE-2022-39028.patch | 53 +++ .../netkit-telnet/netkit-telnet_0.17.bb | 1 + 2 files changed, 54 insertions(+) create mode 100644 meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch diff --git a/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch b/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch new file mode 100644 index 00..e8c3f1d84b --- /dev/null +++ b/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch @@ -0,0 +1,53 @@ +From 4133a888aa256312186962ab70d4a36eed5920c1 Mon Sep 17 00:00:00 2001 +From: Brooks Davis +Date: Mon, 26 Sep 2022 18:56:51 +0100 +Subject: [PATCH] telnetd: fix two-byte input crash + +Move initialization of the slc table earlier so it doesn't get +accessed before that happens. + +For details on the issue, see: +https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html + +Reviewed by: cy +Obtained from: NetBSD via cy +Differential Revision: https://reviews.freebsd.org/D36680 + +CVE: CVE-2022-39028 +Upstream-Status: Backport [https://cgit.freebsd.org/src/commit/?id=6914ffef4e23] + +(cherry picked from commit 6914ffef4e2318ca1d0ead28eafb6f06055ce0f8) +Signed-off-by: Sanjay Chitroda + +--- + telnetd/telnetd.c | 10 +- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/telnetd/telnetd.c b/telnetd/telnetd.c +index f36f505..efa0fe1 100644 +--- a/telnetd/telnetd.c b/telnetd/telnetd.c +@@ -615,6 +615,11 @@ doit(struct sockaddr_in *who) + int level; + char user_name[256]; + ++ /* ++ * Initialize the slc mapping table. ++ */ ++ get_slc_defaults(); ++ + /* +* Find an available pty to use. +*/ +@@ -698,11 +703,6 @@ void telnet(int f, int p) + char *HE; + const char *IM; + +-/* +- * Initialize the slc mapping table. +- */ +-get_slc_defaults(); +- + /* + * Do some tests where it is desireable to wait for a response. + * Rather than doing them slowly, one at a time, do them all diff --git a/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb b/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb index e28eeae491..d3de038d16 100644 --- a/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb +++ b/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb @@ -16,6 +16,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/netkit-telnet_${PV}.orig.tar.gz file://0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch \ file://0001-utility-Include-time.h-form-time-and-strftime-protot.patch \ file://0001-Drop-using-register-keyword.patch \ + file://CVE-2022-39028.patch \ " UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105106): https://lists.openembedded.org/g/openembedded-devel/message/105106 Mute This Topic: https://lists.openembedded.org/mt/101556702/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][mickledore][PATCH] openldap: update to 2.5.16.
From: Armin Kuster 2.5.x is an LTS version per the project. Drop patch now included. Signed-off-by: Armin Kuster Signed-off-by: Khem Raj (cherry picked from commit 7a423279cf6afe27cf6abf747f1a2021ee5b6d26) Signed-off-by: Armin Kuster --- ...ure-Pass-pthread_t-to-pthread_detach.patch | 32 --- ...{openldap_2.5.13.bb => openldap_2.5.16.bb} | 3 +- 2 files changed, 1 insertion(+), 34 deletions(-) delete mode 100644 meta-oe/recipes-support/openldap/openldap/0001-configure-Pass-pthread_t-to-pthread_detach.patch rename meta-oe/recipes-support/openldap/{openldap_2.5.13.bb => openldap_2.5.16.bb} (98%) diff --git a/meta-oe/recipes-support/openldap/openldap/0001-configure-Pass-pthread_t-to-pthread_detach.patch b/meta-oe/recipes-support/openldap/openldap/0001-configure-Pass-pthread_t-to-pthread_detach.patch deleted file mode 100644 index 6e73f8b382..00 --- a/meta-oe/recipes-support/openldap/openldap/0001-configure-Pass-pthread_t-to-pthread_detach.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 7577b120acda087bf3f5f613c2c72663b3864ad8 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Sun, 4 Sep 2022 09:43:06 -0700 -Subject: [PATCH] configure: Pass pthread_t to pthread_detach - -This helps compilers when using C2X standard - -Upstream-Status: Pending -Signed-off-by: Khem Raj - configure.ac | 5 + - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 0978eeb..58d15f8 100644 a/configure.ac -+++ b/configure.ac -@@ -1467,10 +1467,7 @@ pthread_rwlock_t rwlock; - dnl save the flags - AC_LINK_IFELSE([AC_LANG_PROGRAM([[ - #include --#ifndef NULL --#define NULL (void*)0 --#endif --]], [[pthread_detach(NULL);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no]) -+]], [[pthread_detach((pthread_t)-1);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no]) - ]) - - if test $ol_cv_func_pthread_detach = no ; then --- -2.37.3 - diff --git a/meta-oe/recipes-support/openldap/openldap_2.5.13.bb b/meta-oe/recipes-support/openldap/openldap_2.5.16.bb similarity index 98% rename from meta-oe/recipes-support/openldap/openldap_2.5.13.bb rename to meta-oe/recipes-support/openldap/openldap_2.5.16.bb index b117677f9b..a56b454dc0 100644 --- a/meta-oe/recipes-support/openldap/openldap_2.5.13.bb +++ b/meta-oe/recipes-support/openldap/openldap_2.5.16.bb @@ -19,10 +19,9 @@ SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$ file://slapd.service \ file://remove-user-host-pwd-from-version.patch \ file://0001-build-top.mk-unset-STRIP_OPTS.patch \ -file://0001-configure-Pass-pthread_t-to-pthread_detach.patch \ " -SRC_URI[sha256sum] = "ee3c430c4ef7b87c57b622108c7339376d6c27fbbf2767770be3de1df63d008c" +SRC_URI[sha256sum] = "546ba591822e8bb0e467d40c4d4a30f89d937c3a507fe83a578f582f6a211327" DEPENDS = "util-linux groff-native" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105105): https://lists.openembedded.org/g/openembedded-devel/message/105105 Mute This Topic: https://lists.openembedded.org/mt/101556689/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe] [meta-networking][kirkstone][PATCH 1/1] frr: Fix CVE-2023-41909
On 9/22/23 8:17 AM, Narpat Mali via lists.openembedded.org wrote: Gentle Reminder !! getting to it today. I had to tweak it a bit to apply as there were a few other frr cve fixes in the queue. thanks for the reminder. BR, Armin ../Narpat On 08-09-2023 18:06, Narpat Mali via lists.openembedded.org wrote: From: Narpat Mali An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. References: https://nvd.nist.gov/vuln/detail/CVE-2023-41909 https://security-tracker.debian.org/tracker/CVE-2023-41909 Signed-off-by: Narpat Mali --- .../frr/frr/CVE-2023-41909.patch | 42 +++ .../recipes-protocols/frr/frr_8.2.2.bb | 1 + 2 files changed, 43 insertions(+) create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-41909.patch diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-41909.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41909.patch new file mode 100644 index 00..b27d7af166 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41909.patch @@ -0,0 +1,42 @@ +From 5966b6a1fc72d3698d08199922cc4f42ea7fc9eb Mon Sep 17 00:00:00 2001 +From: Donald Sharp +Date: Fri, 8 Sep 2023 11:46:12 + +Subject: [PATCH] bgpd: Limit flowspec to no attribute means a implicit + withdrawal + +All other parsing functions done from bgp_nlri_parse() assume +no attributes == an implicit withdrawal. Let's move +bgp_nlri_parse_flowspec() into the same alignment. + +Reported-by: Matteo Memelli +Signed-off-by: Donald Sharp + +CVE: CVE-2023-41909 + +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/cfd04dcb3e689754a72507d086ba3b9709fc5ed8] + +Signed-off-by: Narpat Mali +--- + bgpd/bgp_flowspec.c | 7 +++ + 1 file changed, 7 insertions(+) + +diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c +index 341cfe9d0..3e2b1ac49 100644 +--- a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c +@@ -112,6 +112,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, + afi = packet->afi; + safi = packet->safi; + ++ /* ++ * All other AFI/SAFI's treat no attribute as a implicit ++ * withdraw. Flowspec should as well. ++ */ ++ if (!attr) ++ withdraw = 1; ++ + if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) { + flog_err(EC_BGP_FLOWSPEC_PACKET, + "BGP flowspec nlri length maximum reached (%u)", +-- +2.40.0 diff --git a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb index 1897eb2abd..d226d5411d 100644 --- a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb +++ b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb @@ -18,6 +18,7 @@ SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \ file://CVE-2022-43681.patch \ file://CVE-2023-31489.patch \ file://CVE-2023-31490.patch \ + file://CVE-2023-41909.patch \ file://frr.pam \ " -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105100): https://lists.openembedded.org/g/openembedded-devel/message/105100 Mute This Topic: https://lists.openembedded.org/mt/101235307/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe] [meta-python][kirkstone][PATCH v2 2/2] Introduce python3-trustme to fix ptest error of python3-requests-toolbelt
On 9/22/23 8:15 AM, Mali, Narpat wrote: Gentle Reminder !! Since this appears to not affect the functionality of python3-requests-toolbelt, request is declined. BR, Armin ../Narpat On 08-09-2023 12:09, Narpat Mali via lists.openembedded.org wrote: Gentle Reminder !! ../Narpat On 23-08-2023 16:11, Narpat Mali via lists.openembedded.org wrote: From: Narpat Mali The ptest fails after python3-requests-toolbelt is upgraded to 0.10.1. === Hint: make sure your test modules/packages have valid Python names. Traceback: ../../python3.11/importlib/{}init{}.py:126: in import_module return _bootstrap._gcd_import(name[level:], package, level) tests/test_x509_adapter.py:20: in import trustme E ModuleNotFoundError: No module named 'trustme' === The commit b93b4067ea "Fix x509 tests by using trustme" of python3-requests-toolbelt introduces the trustme in test_x509_adapter.py. Introducing python3-trustme to fix ptest error of python3-requests-toolbelt, also introducing python3-service-identity, which is requested by python3-trustme's ptest. The ptest passes of all the three packages. Signed-off-by: Yue Tao Signed-off-by: Khem Raj Cherry-picked the upstream master commit: https://git.openembedded.org/meta-openembedded/commit/?id=a4b6e3ee894047cd13c5d2b7bfc67f0093899537 Signed-off-by: Narpat Mali --- .../packagegroups/packagegroup-meta-python.bb | 2 ++ .../python3-requests-toolbelt_0.10.1.bb | 1 + .../python/python3-service-identity/run-ptest | 3 +++ .../python/python3-service-identity_21.1.0.bb | 25 + .../python/python3-trustme/run-ptest | 3 +++ .../python/python3-trustme_0.9.0.bb | 27 +++ 6 files changed, 61 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-service-identity/run-ptest create mode 100644 meta-python/recipes-devtools/python/python3-service-identity_21.1.0.bb create mode 100644 meta-python/recipes-devtools/python/python3-trustme/run-ptest create mode 100644 meta-python/recipes-devtools/python/python3-trustme_0.9.0.bb diff --git a/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb b/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb index fdeb83c42a..c2481eb307 100644 --- a/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb +++ b/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb @@ -373,6 +373,7 @@ RDEPENDS:packagegroup-meta-python3 = "\ python3-send2trash \ python3-sentry-sdk \ python3-serpent \ + python3-service-identity \ python3-sh \ python3-sijax \ python3-simpleeval \ @@ -408,6 +409,7 @@ RDEPENDS:packagegroup-meta-python3 = "\ python3-trafaret-config \ python3-traitlets \ python3-transitions \ + python3-trustme \ python3-twine \ python3-twisted \ python3-twitter \ diff --git a/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.10.1.bb b/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.10.1.bb index c39950ab5d..7191a3e6c1 100644 --- a/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.10.1.bb +++ b/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.10.1.bb @@ -21,6 +21,7 @@ RDEPENDS:${PN}-ptest += " \ ${PYTHON_PN}-betamax \ ${PYTHON_PN}-mock \ ${PYTHON_PN}-multiprocessing \ + ${PYTHON_PN}-trustme \ " do_install_ptest() { diff --git a/meta-python/recipes-devtools/python/python3-service-identity/run-ptest b/meta-python/recipes-devtools/python/python3-service-identity/run-ptest new file mode 100644 index 00..b63c4de0d9 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-service-identity/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +pytest -o log_cli=true -o log_cli_level=INFO | sed -e 's/\[...%\]//g'| sed -e 's/PASSED/PASS/g'| sed -e 's/FAILED/FAIL/g'|sed -e 's/SKIPPED/SKIP/g'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS"){printf "%s: %s\n", $NF, $0}else{print}}'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS") {$NF="";print $0}else{print}}' diff --git a/meta-python/recipes-devtools/python/python3-service-identity_21.1.0.bb b/meta-python/recipes-devtools/python/python3-service-identity_21.1.0.bb new file mode 100644 index 00..0210a5de22 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-service-identity_21.1.0.bb @@ -0,0 +1,25 @@ +DESCRIPTION = "The tools for verifying whether a certificate is valid for the intended purposes." +HOMEPAGE = "https://pypi.org/project/service-identity; +AUTHOR = "Hynek Schlawack" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=8a0f079f4e6a215d6bd6f9d97cab4d5f" + +SRC_URI[md5sum] = "5e5c195d8fcedc72f9068be2ad9b5a13"
Re: [oe] [meta-python][kirkstone][PATCH v2 1/2] python3-requests-toolbelt: upgrade 0.9.1 -> 0.10.1
On 9/22/23 8:14 AM, Mali, Narpat wrote: Gentle Reminder !! This appears to be a major version update which is a not within the Stable branch charter. - Armin ../Narpat On 08-09-2023 12:08, Narpat Mali via lists.openembedded.org wrote: Gentle Reminder !! ../Narpat On 23-08-2023 16:11, Narpat Mali via lists.openembedded.org wrote: From: Narpat Mali Changelog: https://pyup.io/packages/pypi/requests-toolbelt/changelog https://github.com/requests/toolbelt/blob/master/HISTORY.rst - License-Update: url of License changed from http to https. - Fixing missing newline in dump utility. - Add support for preparing requests in BaseUrlSession. - Fix urllib3 warning to only emit on X509Adapter usage Upstream master patches: 0.9.1 -> 0.10.0 : https://git.openembedded.org/meta-openembedded/commit/?id=a4f2646ef27a3f27bc607d57b8166071f307426f 0.10.0 -> 0.10.1 : https://git.openembedded.org/meta-openembedded/commit/?id=b5cd6f6164eb3ab0403f610236ac0cbbe5459671 Signed-off-by: Narpat Mali --- ...abc-deprecation-warning-in-downloadu.patch | 41 --- ...bb => python3-requests-toolbelt_0.10.1.bb} | 8 ++-- 2 files changed, 3 insertions(+), 46 deletions(-) delete mode 100644 meta-python/recipes-devtools/python/python3-requests-toolbelt/0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch rename meta-python/recipes-devtools/python/{python3-requests-toolbelt_0.9.1.bb => python3-requests-toolbelt_0.10.1.bb} (70%) diff --git a/meta-python/recipes-devtools/python/python3-requests-toolbelt/0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch b/meta-python/recipes-devtools/python/python3-requests-toolbelt/0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch deleted file mode 100644 index baa833b6d2..00 --- a/meta-python/recipes-devtools/python/python3-requests-toolbelt/0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 7188b06330e5260be20bce8cbcf0d5ae44e34eaf Mon Sep 17 00:00:00 2001 -From: Jon Dufresne -Date: Fri, 1 Feb 2019 16:30:01 -0800 -Subject: [PATCH] Fix collections.abc deprecation warning in downloadutils - -Warning appears as: - -tests/test_downloadutils.py::test_stream_response_to_specific_filename - requests_toolbelt/downloadutils/stream.py:161: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working - if path and isinstance(getattr(path, 'write', None), collections.Callable): - -Upstream-Status: Backport [https://github.com/requests/toolbelt/commit/7188b06330e5260be20bce8cbcf0d5ae44e34eaf] - -Signed-off-by: Narpat Mali - requests_toolbelt/downloadutils/stream.py | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/requests_toolbelt/downloadutils/stream.py b/requests_toolbelt/downloadutils/stream.py -index eed60a7..1d1c31b 100644 a/requests_toolbelt/downloadutils/stream.py -+++ b/requests_toolbelt/downloadutils/stream.py -@@ -1,6 +1,5 @@ - # -*- coding: utf-8 -*- - """Utilities for dealing with streamed requests.""" --import collections - import os.path - import re - -@@ -158,7 +157,7 @@ def stream_response_to_file(response, path=None, chunksize=_DEFAULT_CHUNKSIZE): - pre_opened = False - fd = None - filename = None -- if path and isinstance(getattr(path, 'write', None), collections.Callable): -+ if path and callable(getattr(path, 'write', None)): - pre_opened = True - fd = path - filename = getattr(fd, 'name', None) --- -2.25.1 - diff --git a/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.9.1.bb b/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.10.1.bb similarity index 70% rename from meta-python/recipes-devtools/python/python3-requests-toolbelt_0.9.1.bb rename to meta-python/recipes-devtools/python/python3-requests-toolbelt_0.10.1.bb index 72ad7a6180..c39950ab5d 100644 --- a/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.9.1.bb +++ b/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.10.1.bb @@ -3,14 +3,12 @@ HOMEPAGE = "https://toolbelt.readthedocs.org; AUTHOR = "Ian Cordasco, Cory Benfield" LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=71760e0f1dda8cff91b0bc9246caf571" +LIC_FILES_CHKSUM = "file://LICENSE;md5=6f14302a4b4099009ab38b4dde5f1075" SRC_URI = "file://run-ptest \ - file://0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch \ - " + " -SRC_URI[md5sum] = "b1509735c4b4cf95df2619facbc3672e" -SRC_URI[sha256sum] = "968089d4584ad4ad7c171454f0a5c6dac23971e9472521ea3b6d49d610aa6fc0" +SRC_URI[sha256sum] = "62e09f7ff5ccbda92772a29f394a49c3ad6cb181d568b1337626b2abb628a63d" inherit pypi setuptools3 ptest -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105098):
[oe] mickledore merge request Sept 22nd
The following changes since commit 57c516973978ca2667339bf1aae7dc722b5bcac7: tcpdump: upgrade 4.99.3 -> 4.99.4 (2023-09-05 13:40:23 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded mickledore-next for you to fetch changes up to 32c529d435c45e60151c714936d451ed9e341466: poppler: fix CVE-2023-34872 (2023-09-19 07:22:00 -0400) Chen Qi (2): grpc: fix CVE-2023-32732 grpc: fix CVE-2023-33953 Chris Dimich (1): image_types_sparse: Fix syntax error Martin Jansa (4): mongodb: enable hardware crc32 only with crc in TUNE_FEATURES khronos-cts.inc: respect MLPREFIX when appending DEPENDS with anonymous python libcyusbserial: fix installed-vs-shipped QA issue with multilib tcpreplay: fix pcap detection with /usr/lib32 multilib Polampalli, Archana (1): python3-appdirs: print ptest results in unified format Yogita Urade (1): poppler: fix CVE-2023-34872 ...1-configure.ac-unify-search-dirs-for-pcap-and-add-lib3.patch | 82 ++ meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb | 9 +- meta-oe/classes/image_types_sparse.bbclass | 12 +- .../meta-python/recipes-dbs/mongodb/mongodb_git.bb | 1 + ...1-backport-iomgr-EventEngine-Improve-server-handling-o.patch | 224 .../recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch | 81 ++ meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb | 2 + meta-oe/recipes-graphics/vk-gl-cts/khronos-cts.inc | 4 +- ...1-CMakeLists.txt-don-t-fall-back-CMAKE_INSTALL_LIBDIR-.patch | 43 ++ meta-oe/recipes-support/libcyusbserial/libcyusbserial_git.bb | 4 +- meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch | 46 ++ meta-oe/recipes-support/poppler/poppler_23.03.0.bb | 1 + meta-python/recipes-devtools/python/python3-appdirs/run-ptest | 2 +- 13 files changed, 498 insertions(+), 13 deletions(-) create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/0001-configure.ac-unify-search-dirs-for-pcap-and-add-lib3.patch create mode 100644 meta-oe/recipes-devtools/grpc/grpc/0001-backport-iomgr-EventEngine-Improve-server-handling-o.patch create mode 100644 meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch create mode 100644 meta-oe/recipes-support/libcyusbserial/libcyusbserial/0001-CMakeLists.txt-don-t-fall-back-CMAKE_INSTALL_LIBDIR-.patch create mode 100644 meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105064): https://lists.openembedded.org/g/openembedded-devel/message/105064 Mute This Topic: https://lists.openembedded.org/mt/101519910/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][nambield][PATCH] meta-openemnedded: Add myself as nanbield maintainer
Signed-off-by: Armin Kuster --- README.md | 2 +- meta-filesystems/README.md | 10 +- meta-gnome/README.md| 10 +- meta-initramfs/README.md| 8 meta-multimedia/README.md | 10 +- meta-networking/MAINTAINERS | 15 +++ meta-networking/README.md | 9 - meta-oe/README.md | 8 meta-perl/README.md | 11 +-- meta-python/README.md | 12 +--- meta-webserver/README.md| 11 +++ meta-xfce/README.md | 11 +-- 12 files changed, 53 insertions(+), 64 deletions(-) diff --git a/README.md b/README.md index 7318f09cdb..82f2e9699a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ Collection of layers for the OE-core universe -Main layer maintainer: Khem Raj +Main layer maintainer: Armin Kuster This repository is a collection of layers to suppliment OE-Core with additional packages, Each layer have designated maintainer diff --git a/meta-filesystems/README.md b/meta-filesystems/README.md index 78a4429ce2..49ce350571 100644 --- a/meta-filesystems/README.md +++ b/meta-filesystems/README.md @@ -11,26 +11,26 @@ This layer depends on: URI: git://git.openembedded.org/openembedded-core layers: meta - branch: master + branch: nanbield URI: git://git.openembedded.org/meta-openembedded layers: meta-oe - branch: master + branch: nanbield Patches === Please submit any patches against the filesystems layer to the OpenEmbedded development mailing list (openembedded-devel@lists.openembedded.org) -with '[meta-filesystems]' in the subject. +with '[meta-filesystems][nanbield]' in the subject. -Layer maintainer: Khem Raj +Layer maintainer: Armin Kuster When sending single patches, please use something like: git send-email -1 -M \ --to openembedded-devel@lists.openembedded.org \ ---subject-prefix='meta-filesystems][PATCH' +--subject-prefix='meta-filesystems][nanbield][PATCH' Table of Contents diff --git a/meta-gnome/README.md b/meta-gnome/README.md index fbb0d72476..ef202bca17 100644 --- a/meta-gnome/README.md +++ b/meta-gnome/README.md @@ -3,14 +3,14 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/openembedded-core -branch: master +branch: nanbield URI: git://git.openembedded.org/meta-openembedded -branch: master +branch: nanbield -Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-gnome]' in the subject' +Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-gnome][nanbield]' in the subject' When sending single patches, please using something like: -git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-gnome][PATCH' +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-gnome][nanbield][PATCH' -Layer maintainer: Andreas M??ller +Layer maintainer: Armin Kuster diff --git a/meta-initramfs/README.md b/meta-initramfs/README.md index 119293a741..07704abc6d 100644 --- a/meta-initramfs/README.md +++ b/meta-initramfs/README.md @@ -12,19 +12,19 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/meta-openembedded -branch: master +branch: nanbield Maintenance --- Send patches / pull requests to openembedded-devel@lists.openembedded.org -with '[meta-initramfs]' in the subject. +with '[meta-initramfs][nanbield]' in the subject. When sending single patches, please using something like: -git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-initramfs][PATCH' +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-initramfs][nanbield][PATCH' -Interm layer maintainer: Khem Raj +Interm layer maintainer: Armin Kuster License diff --git a/meta-multimedia/README.md b/meta-multimedia/README.md index 235c34331b..70d46afc82 100644 --- a/meta-multimedia/README.md +++ b/meta-multimedia/README.md @@ -1,17 +1,17 @@ This layer depends on: URI: git://git.openembedded.org/openembedded-core -branch: master +branch: nanbield URI: git://git.openembedded.org/meta-openembedded layers: meta-oe -branch: master +branch: nanbield -Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-multimedia]' in the subject +Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-multimedia][nanbield]' in the subject When sending single patches, please use something like: -git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-multimedia][PATCH' +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-multimedia][nanbield][PATCH' You are encouraged to fork the mirror on github https://github.com/openembedded/meta-openembedded to share your patches, this is preferred for patch sets consisting of more than one patch. Other
[oe] [meta-oe][PATCH] openldap: update to 2.5.16.
From: Armin Kuster 2.5.x is an LTS version per the project. Drop patch now included. Signed-off-by: Armin Kuster --- ...ure-Pass-pthread_t-to-pthread_detach.patch | 32 --- ...{openldap_2.5.13.bb => openldap_2.5.16.bb} | 3 +- 2 files changed, 1 insertion(+), 34 deletions(-) delete mode 100644 meta-oe/recipes-support/openldap/openldap/0001-configure-Pass-pthread_t-to-pthread_detach.patch rename meta-oe/recipes-support/openldap/{openldap_2.5.13.bb => openldap_2.5.16.bb} (98%) diff --git a/meta-oe/recipes-support/openldap/openldap/0001-configure-Pass-pthread_t-to-pthread_detach.patch b/meta-oe/recipes-support/openldap/openldap/0001-configure-Pass-pthread_t-to-pthread_detach.patch deleted file mode 100644 index 6e73f8b382..00 --- a/meta-oe/recipes-support/openldap/openldap/0001-configure-Pass-pthread_t-to-pthread_detach.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 7577b120acda087bf3f5f613c2c72663b3864ad8 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Sun, 4 Sep 2022 09:43:06 -0700 -Subject: [PATCH] configure: Pass pthread_t to pthread_detach - -This helps compilers when using C2X standard - -Upstream-Status: Pending -Signed-off-by: Khem Raj - configure.ac | 5 + - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 0978eeb..58d15f8 100644 a/configure.ac -+++ b/configure.ac -@@ -1467,10 +1467,7 @@ pthread_rwlock_t rwlock; - dnl save the flags - AC_LINK_IFELSE([AC_LANG_PROGRAM([[ - #include --#ifndef NULL --#define NULL (void*)0 --#endif --]], [[pthread_detach(NULL);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no]) -+]], [[pthread_detach((pthread_t)-1);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no]) - ]) - - if test $ol_cv_func_pthread_detach = no ; then --- -2.37.3 - diff --git a/meta-oe/recipes-support/openldap/openldap_2.5.13.bb b/meta-oe/recipes-support/openldap/openldap_2.5.16.bb similarity index 98% rename from meta-oe/recipes-support/openldap/openldap_2.5.13.bb rename to meta-oe/recipes-support/openldap/openldap_2.5.16.bb index 7dc926c61c..8d13a4ddbd 100644 --- a/meta-oe/recipes-support/openldap/openldap_2.5.13.bb +++ b/meta-oe/recipes-support/openldap/openldap_2.5.16.bb @@ -19,10 +19,9 @@ SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$ file://slapd.service \ file://remove-user-host-pwd-from-version.patch \ file://0001-build-top.mk-unset-STRIP_OPTS.patch \ -file://0001-configure-Pass-pthread_t-to-pthread_detach.patch \ " -SRC_URI[sha256sum] = "ee3c430c4ef7b87c57b622108c7339376d6c27fbbf2767770be3de1df63d008c" +SRC_URI[sha256sum] = "546ba591822e8bb0e467d40c4d4a30f89d937c3a507fe83a578f582f6a211327" DEPENDS = "util-linux groff-native" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105043): https://lists.openembedded.org/g/openembedded-devel/message/105043 Mute This Topic: https://lists.openembedded.org/mt/101513151/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe][meta-oe][kirkstone] freeglut: add packageconfigs for x11, wayland, gles, and demos
On 9/14/23 9:05 PM, Randolph Sapp via lists.openembedded.org wrote: From: Randolph Sapp Add the PACKAGECONFIG entries to build freeglut for wayland and x11, which should conflict in this release, and add the ability to build a GLES release. Also split the demos their own config. The demos will conflict with the gles flag as they still require desktop GL in this release. This is essentially a loose backport of the following patch for this older release: a9212722c (freeglut: Add packageconfigs for x11/wayland/gles, 2023-01-10) It does not change the current default behavior of compiling for x11 with demos. Signed-off-by: Randolph Sapp --- meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb b/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb index 6ef9f74c70..a204f86a6f 100644 --- a/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb +++ b/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb @@ -10,11 +10,18 @@ SRC_URI[sha256sum] = "d4000e02102acaf259998c870e25214739d1f16f67f99cb35e4f468413 inherit cmake features_check # depends on virtual/libx11, virtual/libgl -REQUIRED_DISTRO_FEATURES = "x11 opengl" +REQUIRED_DISTRO_FEATURES = "opengl" + +PACKAGECONFIG ?= "x11 demos" + +PACKAGECONFIG[x11] = ",,virtual/libx11 virtual/libgl libxi libglu,,,wayland" +PACKAGECONFIG[wayland] = "-DFREEGLUT_WAYLAND=ON,-DFREEGLUT_WAYLAND=OFF,wayland,,,x11" +PACKAGECONFIG[gles] = "-DFREEGLUT_GLES=ON,-DFREEGLUT_GLES=OFF,virtual/libgles1 virtual/libgles2 virtual/egl,,,demos" +PACKAGECONFIG[demos] = "-DFREEGLUT_BUILD_DEMOS=ON,-DFREEGLUT_BUILD_DEMOS=OFF" # Do not use -fno-common, check back when upgrading to new version it might not be needed CFLAGS += "-fcommon" PROVIDES += "mesa-glut" -DEPENDS = "virtual/libx11 libxmu libxi virtual/libgl libglu libxrandr" +DEPENDS = "libxkbcommon" Is there any reason not to take this commit? Master and Kirkstone would have different implementations for the same thing. https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-graphics/freeglut?h=master-next=a9212722c1b1a2ab29215651063ca94fb114c39b - Armin -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105002): https://lists.openembedded.org/g/openembedded-devel/message/105002 Mute This Topic: https://lists.openembedded.org/mt/101371224/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] dunfell pull request: Sept 11th
The following changes since commit b8b0b06821d4d4df0cce4f07fa31a8ca1dd38f46: sysdig: Depend on system libb64 (2023-07-22 07:49:35 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded dunfell-next for you to fetch changes up to e42d1e758f9f08b98c0e8c6f0532316951bb276f: postgresql: refresh patches (2023-09-09 12:52:03 -0400) Armin Kuster (1): postgresql: refresh patches Ashish Sharma (1): php: Backport fix CVE-2023-3247 Khem Raj (1): nodejs: Fix build with gcc13 Martin Jansa (1): nodejs-14: add -fpermissive BUILD_CXXFLAGS to fix build with gcc-13 on host Robert Joslyn (1): postgresql: Update to 12.16 Sourav Kumar Pramanik (1): meta-oe-components: Avoid usage of nobranch=1 Sourav Pramanik (2): rapidjson: Avoid usage of nobranch=1 nlohmann-json: Avoid usage of nobranch=1 Vijay Anusuri (1): c-ares: CVE-2023-32067 0-byte UDP payload Denial of Service .../dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb | 2 +- .../postgresql/files/0001-Add-support-for-RISC-V.patch | 13 +- .../postgresql/files/0001-Improve-reproducibility.patch | 13 +- meta-oe/recipes-dbs/postgresql/files/CVE-2022-1552.patch | 947 meta-oe/recipes-dbs/postgresql/files/CVE-2022-2625.patch | 904 -- meta-oe/recipes-dbs/postgresql/files/CVE-2022-41862.patch | 48 -- meta-oe/recipes-dbs/postgresql/files/CVE-2023-2454.patch | 235 --- meta-oe/recipes-dbs/postgresql/files/CVE-2023-2455.patch | 118 meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch | 13 +- meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch | 38 -- meta-oe/recipes-dbs/postgresql/postgresql_12.16.bb | 11 + meta-oe/recipes-dbs/postgresql/postgresql_12.9.bb | 17 - meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.7.3.bb | 2 +- meta-oe/recipes-devtools/nodejs/nodejs/gcc13.patch | 63 ++ meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb | 1 + meta-oe/recipes-devtools/nodejs/nodejs_14.18.1.bb | 4 + meta-oe/recipes-devtools/php/php/CVE-2023-3247-1.patch | 87 +++ meta-oe/recipes-devtools/php/php/CVE-2023-3247-2.patch | 29 + meta-oe/recipes-devtools/php/php_7.4.33.bb | 2 + meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb | 2 +- meta-oe/recipes-extended/zstd/zstd_1.4.5.bb | 2 +- meta-oe/recipes-support/c-ares/c-ares/CVE-2023-32067.patch | 84 +++ meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb | 1 + 23 files changed, 301 insertions(+), 2335 deletions(-) delete mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2022-1552.patch delete mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2022-2625.patch delete mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2022-41862.patch delete mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2023-2454.patch delete mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2023-2455.patch delete mode 100644 meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch create mode 100644 meta-oe/recipes-dbs/postgresql/postgresql_12.16.bb delete mode 100644 meta-oe/recipes-dbs/postgresql/postgresql_12.9.bb create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/gcc13.patch create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2023-3247-1.patch create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2023-3247-2.patch create mode 100644 meta-oe/recipes-support/c-ares/c-ares/CVE-2023-32067.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#104838): https://lists.openembedded.org/g/openembedded-devel/message/104838 Mute This Topic: https://lists.openembedded.org/mt/101290358/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][dunfell][PATCH] postgresql: refresh patches
fixes: WARNING: postgresql-12.16-r0 do_patch: Fuzz detected: Applying patch 0001-Add-support-for-RISC-V.patch patching file src/include/storage/s_lock.h Hunk #2 succeeded at 339 with fuzz 1. Signed-off-by: Armin Kuster --- .../files/0001-Add-support-for-RISC-V.patch | 13 + .../files/0001-Improve-reproducibility.patch| 13 + .../postgresql/files/not-check-libperl.patch| 13 + 3 files changed, 15 insertions(+), 24 deletions(-) diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch index a1f5b2a7b4..e5fb85170b 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch @@ -9,10 +9,10 @@ extending the existing aarch64 macro works. src/include/storage/s_lock.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) -diff --git a/src/include/storage/s_lock.h b/src/include/storage/s_lock.h -index 3fe29ce..7cd578f 100644 a/src/include/storage/s_lock.h -+++ b/src/include/storage/s_lock.h +Index: postgresql-12.16/src/include/storage/s_lock.h +=== +--- postgresql-12.16.orig/src/include/storage/s_lock.h postgresql-12.16/src/include/storage/s_lock.h @@ -317,11 +317,12 @@ tas(volatile slock_t *lock) /* @@ -35,7 +35,4 @@ index 3fe29ce..7cd578f 100644 +#endif /* __arm__ || __arm || __aarch64__ || __aarch64 || __riscv */ - /* --- -2.9.3 - + /* S/390 and S/390x Linux (32- and 64-bit zSeries) */ diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch index 32b7f42845..70c813adf5 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch @@ -19,11 +19,11 @@ Signed-off-by: Hongxu Jia src/common/Makefile | 4 1 file changed, 4 deletions(-) -diff --git a/src/common/Makefile b/src/common/Makefile -index 1fc2c66..5e6c457 100644 a/src/common/Makefile -+++ b/src/common/Makefile -@@ -27,10 +27,6 @@ include $(top_builddir)/src/Makefile.global +Index: postgresql-12.16/src/common/Makefile +=== +--- postgresql-12.16.orig/src/common/Makefile postgresql-12.16/src/common/Makefile +@@ -31,10 +31,6 @@ include $(top_builddir)/src/Makefile.glo # don't include subdirectory-path-dependent -I and -L switches STD_CPPFLAGS := $(filter-out -I$(top_srcdir)/src/include -I$(top_builddir)/src/include,$(CPPFLAGS)) STD_LDFLAGS := $(filter-out -L$(top_builddir)/src/common -L$(top_builddir)/src/port,$(LDFLAGS)) @@ -34,6 +34,3 @@ index 1fc2c66..5e6c457 100644 override CPPFLAGS += -DVAL_CFLAGS_SL="\"$(CFLAGS_SL)\"" override CPPFLAGS += -DVAL_LDFLAGS="\"$(STD_LDFLAGS)\"" override CPPFLAGS += -DVAL_LDFLAGS_EX="\"$(LDFLAGS_EX)\"" --- -2.7.4 - diff --git a/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch b/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch index 22b62d9ded..eb6226b179 100644 --- a/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch +++ b/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch @@ -19,11 +19,11 @@ Signed-off-by: Changqing Li configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/configure.in b/configure.in -index b98b9bb..8584677 100644 a/configure.in -+++ b/configure.in -@@ -2211,7 +2211,7 @@ Use --without-tcl to disable building PL/Tcl.]) +Index: postgresql-12.16/configure.in +=== +--- postgresql-12.16.orig/configure.in postgresql-12.16/configure.in +@@ -2357,7 +2357,7 @@ Use --without-tcl to disable building PL fi # check for @@ -32,6 +32,3 @@ index b98b9bb..8584677 100644 ac_save_CPPFLAGS=$CPPFLAGS CPPFLAGS="$CPPFLAGS $perl_includespec" AC_CHECK_HEADER(perl.h, [], [AC_MSG_ERROR([header file is required for Perl])], --- -2.7.4 - -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#104816): https://lists.openembedded.org/g/openembedded-devel/message/104816 Mute This Topic: https://lists.openembedded.org/mt/101259381/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] kirkstone merge request: Sept 9th
The following changes since commit 529620141e773080a6a7be4615fb7993204af883: nodejs: upgrade 16.20.1 -> 16.20.2 (2023-08-11 10:32:04 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded kirkstone-next for you to fetch changes up to a88cb922f91fda95e8a584cee3092083d5ad3e98: hwloc: fix CVE-2022-47022 (2023-09-06 09:13:26 -0400) Chen Qi (1): spice-protocol: fix populate_sdk error when spice is installed Marine Vovard (1): python3-kivy: Require X11 or Wayland in DISTRO_FEATURES Martin Jansa (1): libiio: use main branch instead of master Narpat Mali (4): libqb: upgrade 2.0.6 -> 2.0.8 python3-django: fix CVE-2023-36053 python3-aiohttp: upgrade 3.8.1 -> 3.8.5 frr: Fix CVE-2023-38802 and CVE-2023-41358 Polampalli, Archana (2): php: upgrade 8.1.16 -> 8.1.22 nodejs: fix CVE-2022-25883 Robert Joslyn (1): postgresql: Update to 14.9 Soumya Sambu (3): krb5: Fix CVE-2023-36054 iperf3: upgrade 3.11 -> 3.14 hwloc: fix CVE-2022-47022 Sourav Kumar Pramanik (1): meta-oe-components: Avoid usage of nobranch=1 Sourav Pramanik (2): rapidjson: Avoid usage of nobranch=1 nlohmann-json: Avoid usage of nobranch=1 Wang Mingyu (3): tcpdump: upgrade 4.99.1 -> 4.99.2 tcpdump: upgrade 4.99.2 -> 4.99.3 tcpdump: upgrade 4.99.3 -> 4.99.4 Yogita Urade (1): poppler: fix CVE-2023-34872 meta-gnome/recipes-connectivity/geary/geary_40.0.bb | 2 +- meta-networking/recipes-connectivity/libdnet/libdnet_1.14.bb | 2 +- meta-networking/recipes-protocols/frr/frr/CVE-2023-38802.patch | 136 ++ meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch | 105 +++ meta-networking/recipes-protocols/frr/frr_8.2.2.bb | 2 + meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb | 2 + .../tcpdump/{tcpdump_4.99.1.bb => tcpdump_4.99.4.bb} | 3 +- .../dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb | 2 +- .../recipes-benchmark/iperf3/{iperf3_3.11.bb => iperf3_3.14.bb} | 4 +- meta-oe/recipes-connectivity/krb5/krb5/CVE-2023-36054.patch | 68 +++ meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb | 1 + .../postgresql/files/0001-Add-support-for-RISC-V.patch | 10 +- .../postgresql/files/0001-Improve-reproducibility.patch | 6 +- ...1-Properly-NULL-terminate-GSS-receive-buffer-on-error-.patch | 50 -- .../files/0001-config_info.c-not-expose-build-info.patch | 18 +- .../0001-configure.ac-bypass-autoconf-2.69-version-check.patch | 6 +- .../files/0001-postgresql-fix-ptest-failure-of-sysviews.patch | 11 +- meta-oe/recipes-dbs/postgresql/files/CVE-2023-2454.patch | 235 - meta-oe/recipes-dbs/postgresql/files/CVE-2023-2455.patch | 118 - meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch | 10 +- meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch | 38 .../postgresql/{postgresql_14.5.bb => postgresql_14.9.bb} | 8 +- meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb | 2 +- meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-25883.patch | 262 +++ meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb | 1 + meta-oe/recipes-devtools/php/{php_8.1.16.bb => php_8.1.22.bb} | 2 +- meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb | 2 +- meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch | 77 meta-oe/recipes-extended/hwloc/hwloc_1.11.13.bb | 4 +- .../recipes-extended/libqb/{libqb_2.0.6.bb => libqb_2.0.8.bb} | 2 +- meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb | 2 +- meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb | 2 +- meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb | 2 +- meta-oe/recipes-support/glog/glog_0.5.0.bb | 2 +- meta-oe/recipes-support/libiio/libiio_git.bb | 2 +- meta-oe/recipes-support/libmxml/libmxml_3.3.bb | 2 +- meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch | 46 + meta-oe/recipes-support/poppler/poppler_22.04.0.bb | 1 + .../{python3-aiohttp_3.8.1.bb => python3-aiohttp_3.8.5.bb} | 4 +- .../recipes-devtools/python/python3-django/CVE-2023-36053.patch | 263 meta-python/recipes-devtools/python/python3-django_2.2.28.bb | 4 +- meta-python/recipes-devtools/python/python3-kivy_2.1.0..bb | 4 +- 42 files changed, 1022 insertions(+), 501 deletions(-) create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-38802.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch rename meta-networking/recipes-support/tcpdump/{tcpdump_4.99.1.bb => tcpdump_4.99.4.bb}
[oe] mickledore merge request: Sept 6th
The following changes since commit 41fffef6b044b2722aa13f7e7648a3f848231851: yasm: fix CVE-2023-37732 (2023-09-03 10:43:56 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded mickledore-next for you to fetch changes up to 57c516973978ca2667339bf1aae7dc722b5bcac7: tcpdump: upgrade 4.99.3 -> 4.99.4 (2023-09-05 13:40:23 -0400) Martin Jansa (1): libiio: use main branch instead of master Soumya Sambu (1): krb5: Fix CVE-2023-36054 Wang Mingyu (1): tcpdump: upgrade 4.99.3 -> 4.99.4 .../tcpdump/{tcpdump_4.99.3.bb => tcpdump_4.99.4.bb} | 2 +- meta-oe/recipes-connectivity/krb5/krb5/CVE-2023-36054.patch | 68 + meta-oe/recipes-connectivity/krb5/krb5_1.20.1.bb | 1 + meta-oe/recipes-support/libiio/libiio_git.bb | 2 +- 4 files changed, 71 insertions(+), 2 deletions(-) rename meta-networking/recipes-support/tcpdump/{tcpdump_4.99.3.bb => tcpdump_4.99.4.bb} (93%) create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/CVE-2023-36054.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#104778): https://lists.openembedded.org/g/openembedded-devel/message/104778 Mute This Topic: https://lists.openembedded.org/mt/101190892/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][kirkstone][PATCH 3/3] tcpdump: upgrade 4.99.3 -> 4.99.4
From: Wang Mingyu Changelog: == Source code: Fix spaces before tabs in indentation. Updated printers: - LSP ping: Fix "Unused value" warnings from Coverity. CVE-2023-1801: Fix an out-of-bounds write in the SMB printer. DNS: sync resource types with IANA. ICMPv6: Update the output to show a RPL DAO field name. Geneve: Fix the Geneve UDP port test. Building and testing: -- Require at least autoconf 2.69. Don't check for strftime(), as it's in C90 and beyond. Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21. Documentation: - man: Document TCP flag names better. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 2e782260d0b6018614dbdea95899a4a0921915e0) Signed-off-by: Armin Kuster --- .../tcpdump/{tcpdump_4.99.3.bb => tcpdump_4.99.4.bb}| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-support/tcpdump/{tcpdump_4.99.3.bb => tcpdump_4.99.4.bb} (93%) diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.3.bb b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb similarity index 93% rename from meta-networking/recipes-support/tcpdump/tcpdump_4.99.3.bb rename to meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb index 03f1b76f97..803a9bb5f5 100644 --- a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.3.bb +++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb @@ -26,7 +26,7 @@ SRC_URI = " \ file://run-ptest \ " -SRC_URI[sha256sum] = "ad75a6ed3dc0d9732945b2e5483cb41dc8b4b528a169315e499c6861952e73b3" +SRC_URI[sha256sum] = "0232231bb2f29d6bf2426e70a08a7e0c63a0d59a9b44863b7f5e2357a6e49fea" UPSTREAM_CHECK_REGEX = "tcpdump-(?P\d+(\.\d+)+)\.tar" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#104777): https://lists.openembedded.org/g/openembedded-devel/message/104777 Mute This Topic: https://lists.openembedded.org/mt/101190078/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][kirkstone][PATCH 1/3] tcpdump: upgrade 4.99.1 -> 4.99.2
ot;. Assign ndo->ndo_packetp in pretty_print_packet(). Add ND_LCHECKMSG_U, ND_LCHECK_U, ND_LCHECKMSG_ZU and ND_LCHECK_ZU macros. Update tok2strbuf() to a static function. netdissect.h: Keep the link-layer dissectors names sorted. setsignal(): Set SA_RESTART on non-lethal signals (REQ_INFO, FLUSH_PCAP) to avoid corrupting binary pcap output. Use __builtin_unreachable(). Fail if nd_push_buffer() or nd_push_snaplen() fails. Improve code style and fix many typos. Documentation: --- Some man page cleanups. Update the print interface for the packet count to stdout. Note that we require compilers to support at least some of C99. Update AIX and Solaris-related specifics. INSTALL.txt: Add doc/README.*, delete the deleted win32 directory. Update README.md and README.Win32.md. Update some comments with new RFC numbers. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 68db0a388005c319784ec3b6ca533d0d9a142554) Signed-off-by: Armin Kuster --- .../tcpdump/{tcpdump_4.99.1.bb => tcpdump_4.99.2.bb} | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) rename meta-networking/recipes-support/tcpdump/{tcpdump_4.99.1.bb => tcpdump_4.99.2.bb} (90%) diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.1.bb b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.2.bb similarity index 90% rename from meta-networking/recipes-support/tcpdump/tcpdump_4.99.1.bb rename to meta-networking/recipes-support/tcpdump/tcpdump_4.99.2.bb index 322a826f07..0a541acfea 100644 --- a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.1.bb +++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.2.bb @@ -26,8 +26,7 @@ SRC_URI = " \ file://run-ptest \ " -SRC_URI[md5sum] = "929a255c71a9933608bd7c31927760f7" -SRC_URI[sha256sum] = "79b36985fb2703146618d87c4acde3e068b91c553fb93f021a337f175fd10ebe" +SRC_URI[sha256sum] = "f4304357d34b79d46f4e17e654f1f91f9ce4e3d5608a1badbd53295a26fb44d5" UPSTREAM_CHECK_REGEX = "tcpdump-(?P\d+(\.\d+)+)\.tar" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#104775): https://lists.openembedded.org/g/openembedded-devel/message/104775 Mute This Topic: https://lists.openembedded.org/mt/101190076/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][kirkstone][PATCH 2/3] tcpdump: upgrade 4.99.2 -> 4.99.3
From: Wang Mingyu Changelog: == Updated printers: PTP: Use the proper values for the control field and print un-allocated values for the message field as "Reserved" instead of "none". Source code: smbutil.c: Replace obsolete function call (asctime) Building and testing: cmake: Update the minimum required version to 2.8.12 (except Windows). CI: Introduce and use TCPDUMP_CMAKE_TAINTED. Makefile.in: Add the releasecheck target. Makefile.in: Add "make -s install" in the releasecheck target. Cirrus CI: Run the "make releasecheck" command in the Linux task. Makefile.in: Add the whitespacecheck target. Cirrus CI: Run the "make whitespacecheck" command in the Linux task. Address all shellcheck warnings in update-test.sh. Makefile.in: Get rid of a remain of gnuc.h. Documentation: Reformat the installation notes (INSTALL.txt) in Markdown. Convert CONTRIBUTING to Markdown. CONTRIBUTING.md: Document the use of "protocol: " in a commit summary. Add a README file for NetBSD. Fix CMake build to set man page section numbers in tcpdump.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit dab75037cc9c4a5674e08c3a55fff172fd6eba75) Signed-off-by: Armin Kuster --- .../tcpdump/{tcpdump_4.99.2.bb => tcpdump_4.99.3.bb}| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-support/tcpdump/{tcpdump_4.99.2.bb => tcpdump_4.99.3.bb} (93%) diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.2.bb b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.3.bb similarity index 93% rename from meta-networking/recipes-support/tcpdump/tcpdump_4.99.2.bb rename to meta-networking/recipes-support/tcpdump/tcpdump_4.99.3.bb index 0a541acfea..03f1b76f97 100644 --- a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.2.bb +++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.3.bb @@ -26,7 +26,7 @@ SRC_URI = " \ file://run-ptest \ " -SRC_URI[sha256sum] = "f4304357d34b79d46f4e17e654f1f91f9ce4e3d5608a1badbd53295a26fb44d5" +SRC_URI[sha256sum] = "ad75a6ed3dc0d9732945b2e5483cb41dc8b4b528a169315e499c6861952e73b3" UPSTREAM_CHECK_REGEX = "tcpdump-(?P\d+(\.\d+)+)\.tar" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#104776): https://lists.openembedded.org/g/openembedded-devel/message/104776 Mute This Topic: https://lists.openembedded.org/mt/101190077/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][mickledore][PATCH] tcpdump: upgrade 4.99.3 -> 4.99.4
From: Wang Mingyu Changelog: == Source code: Fix spaces before tabs in indentation. Updated printers: - LSP ping: Fix "Unused value" warnings from Coverity. CVE-2023-1801: Fix an out-of-bounds write in the SMB printer. DNS: sync resource types with IANA. ICMPv6: Update the output to show a RPL DAO field name. Geneve: Fix the Geneve UDP port test. Building and testing: -- Require at least autoconf 2.69. Don't check for strftime(), as it's in C90 and beyond. Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21. Documentation: - man: Document TCP flag names better. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 2e782260d0b6018614dbdea95899a4a0921915e0) Signed-off-by: Armin Kuster --- .../tcpdump/{tcpdump_4.99.3.bb => tcpdump_4.99.4.bb}| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-support/tcpdump/{tcpdump_4.99.3.bb => tcpdump_4.99.4.bb} (93%) diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.3.bb b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb similarity index 93% rename from meta-networking/recipes-support/tcpdump/tcpdump_4.99.3.bb rename to meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb index 03f1b76f97..803a9bb5f5 100644 --- a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.3.bb +++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb @@ -26,7 +26,7 @@ SRC_URI = " \ file://run-ptest \ " -SRC_URI[sha256sum] = "ad75a6ed3dc0d9732945b2e5483cb41dc8b4b528a169315e499c6861952e73b3" +SRC_URI[sha256sum] = "0232231bb2f29d6bf2426e70a08a7e0c63a0d59a9b44863b7f5e2357a6e49fea" UPSTREAM_CHECK_REGEX = "tcpdump-(?P\d+(\.\d+)+)\.tar" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#104774): https://lists.openembedded.org/g/openembedded-devel/message/104774 Mute This Topic: https://lists.openembedded.org/mt/101190054/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] Mickledore merge request Sept 4th
The following changes since commit 75cf318cef3b4ee81fad2782cf063ecd69ba8842: lmsensors: do not pull in unneeded perl modules for run-time dependencies (2023-08-03 16:46:11 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded mickledore-next for you to fetch changes up to 41fffef6b044b2722aa13f7e7648a3f848231851: yasm: fix CVE-2023-37732 (2023-09-03 10:43:56 -0400) Changqing Li (2): redis: upgrade 6.2.12 -> 6.2.13 redis: upgrade 7.0.11 -> 7.0.12 Linus Jacobson (1): khronos-cts: Replace wayland feature dependancy with vulkan Mingli Yu (4): yajl: Fix CVE-2023-33460 iniparser: Fix CVE-2023-33461 php: Upgrade to 8.2.8 mcelog: Drop unneeded autotools-brokensep Polampalli, Archana (2): nodejs: upgrade 18.16.1 -> 18.17.1 hwloc: fix CVE-2022-47022 Soumya (1): yasm: fix CVE-2023-37732 Wang Mingyu (1): iperf3: upgrade 3.13 -> 3.14 Yi Zhao (1): frr: Security fix CVE-2023-3748 meta-networking/recipes-protocols/frr/frr/CVE-2023-3748.patch | 54 meta-networking/recipes-protocols/frr/frr_8.4.4.bb | 1 + .../recipes-benchmark/iperf3/{iperf3_3.13.bb => iperf3_3.14.bb} | 2 +- .../oe-npm-cache | 0 ...oe-cache-native_18.16.bb => nodejs-oe-cache-native_18.17.bb} | 0 .../nodejs/{nodejs_18.16.1.bb => nodejs_18.17.1.bb} | 4 +- meta-oe/recipes-devtools/php/{php_8.2.6.bb => php_8.2.8.bb} | 2 +- meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_1.patch | 43 meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_2.patch | 31 meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb | 5 +- meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch | 41 meta-oe/recipes-devtools/yasm/yasm_git.bb | 1 + meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch | 76 + meta-oe/recipes-extended/hwloc/hwloc_2.9.0.bb | 4 +- .../0001-src-Do-not-reset-FINAL_LIBS.patch | 0 .../0006-Define-correct-gregs-for-RISCV32.patch | 0 .../redis/{redis-7.0.11 => redis-7.0.12}/GNU_SOURCE-7.patch | 0 .../hiredis-use-default-CC-if-it-is-set.patch | 0 .../redis/{redis-7.0.11 => redis-7.0.12}/init-redis-server | 0 .../lua-update-Makefile-to-use-environment-build-setting.patch | 0 .../{redis-7.0.11 => redis-7.0.12}/oe-use-libc-malloc.patch | 0 .../redis/{redis-7.0.11 => redis-7.0.12}/redis.conf | 0 .../redis/{redis-7.0.11 => redis-7.0.12}/redis.service | 0 .../recipes-extended/redis/{redis_6.2.12.bb => redis_6.2.13.bb} | 2 +- .../recipes-extended/redis/{redis_7.0.11.bb => redis_7.0.12.bb} | 2 +- meta-oe/recipes-graphics/vk-gl-cts/khronos-cts.inc | 2 +- .../recipes-support/iniparser/iniparser/CVE-2023-33461.patch | 52 meta-oe/recipes-support/iniparser/iniparser_4.1.bb | 3 +- meta-oe/recipes-support/mcelog/mcelog_191.bb | 11 - 29 files changed, 324 insertions(+), 12 deletions(-) create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-3748.patch rename meta-oe/recipes-benchmark/iperf3/{iperf3_3.13.bb => iperf3_3.14.bb} (95%) rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-18.16 => nodejs-oe-cache-18.17}/oe-npm-cache (100%) rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-native_18.16.bb => nodejs-oe-cache-native_18.17.bb} (100%) rename meta-oe/recipes-devtools/nodejs/{nodejs_18.16.1.bb => nodejs_18.17.1.bb} (97%) rename meta-oe/recipes-devtools/php/{php_8.2.6.bb => php_8.2.8.bb} (99%) create mode 100644 meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_1.patch create mode 100644 meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_2.patch create mode 100644 meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch create mode 100644 meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch rename meta-oe/recipes-extended/redis/{redis-7.0.11 => redis-7.0.12}/0001-src-Do-not-reset-FINAL_LIBS.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.11 => redis-7.0.12}/0006-Define-correct-gregs-for-RISCV32.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.11 => redis-7.0.12}/GNU_SOURCE-7.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.11 => redis-7.0.12}/hiredis-use-default-CC-if-it-is-set.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.11 => redis-7.0.12}/init-redis-server (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.11 => redis-7.0.12}/lua-update-Makefile-to-use-environment-build-setting.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.11 => redis-7.0.12}/oe-use-libc-malloc.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.11 =>
Re: [oe][meta-oe][mickledore][PATCH 2/2] nodejs: fix CVE-2022-25883
On 8/29/23 7:35 AM, Polampalli, Archana via lists.openembedded.org wrote: Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. Doesn't this apply to master too as it is @ version 18.17.1? - Armin References: https://nvd.nist.gov/vuln/detail/CVE-2022-25883 Upstream patches: https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441 Signed-off-by: Archana Polampalli --- .../nodejs/nodejs/CVE-2022-25883.patch| 260 ++ .../recipes-devtools/nodejs/nodejs_18.17.1.bb | 1 + 2 files changed, 261 insertions(+) create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-25883.patch diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-25883.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-25883.patch new file mode 100644 index 0..1c9daf714 --- /dev/null +++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-25883.patch @@ -0,0 +1,260 @@ +From 717534ee353682f3bcf33e60a8af4292626d4441 Mon Sep 17 00:00:00 2001 +From: Luke Karrys +Date: Thu, 15 Jun 2023 12:21:14 -0700 +Subject: [PATCH] fix: better handling of whitespace (#564) + +CVE: CVE-2022-25883 + +Upstream-Status: Backport [https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441] +--- + classes/comparator.js | 3 +- + classes/range.js | 64 + classes/semver.js | 2 +- + functions/coerce.js| 2 +- + internal/re.js | 11 + + package.json | 2 +- + 6 files changed, 53 insertions(+), 31 deletions(-) + +diff --git a/classes/comparator.js b/classes/comparator.js +index 2146c88..3d39c0e 100644 +--- a/classes/comparator.js b/classes/comparator.js +@@ -16,6 +16,7 @@ class Comparator { + } + } + ++comp = comp.trim().split(/\s+/).join(' ') + debug('comparator', comp, options) + this.options = options + this.loose = !!options.loose +@@ -133,7 +134,7 @@ class Comparator { + module.exports = Comparator + + const parseOptions = require('../internal/parse-options') +-const { re, t } = require('../internal/re') ++const { safeRe: re, t } = require('../internal/re') + const cmp = require('../functions/cmp') + const debug = require('../internal/debug') + const SemVer = require('./semver') +diff --git a/classes/range.js b/classes/range.js +index d9e866d..53c2540 100644 +--- a/classes/range.js b/classes/range.js +@@ -26,19 +26,26 @@ class Range { + this.loose = !!options.loose + this.includePrerelease = !!options.includePrerelease + +-// First, split based on boolean or || ++// First reduce all whitespace as much as possible so we do not have to rely ++// on potentially slow regexes like \s*. This is then stored and used for ++// future error messages as well. + this.raw = range +-this.set = range ++ .trim() ++ .split(/\s+/) ++ .join(' ') ++ ++// First, split on || ++this.set = this.raw + .split('||') + // map the range to a 2d array of comparators +- .map(r => this.parseRange(r.trim())) ++ .map(r => this.parseRange(r)) + // throw out any comparator lists that are empty + // this generally means that it was not a valid range, which is allowed + // in loose mode, but will still throw if the WHOLE range is invalid. + .filter(c => c.length) + + if (!this.set.length) { +- throw new TypeError(`Invalid SemVer Range: ${range}`) ++ throw new TypeError(`Invalid SemVer Range: ${this.raw}`) + } + + // if we have any that are not the null set, throw out null sets. +@@ -64,9 +71,7 @@ class Range { + + format () { + this.range = this.set +- .map((comps) => { +-return comps.join(' ').trim() +- }) ++ .map((comps) => comps.join(' ').trim()) + .join('||') + .trim() + return this.range +@@ -77,8 +82,6 @@ class Range { + } + + parseRange (range) { +-range = range.trim() +- + // memoize range parsing for performance. + // this is a very hot path, and fully deterministic. + const memoOpts = +@@ -105,9 +108,6 @@ class Range { + // `^ 1.2.3` => `^1.2.3` + range = range.replace(re[t.CARETTRIM], caretTrimReplace) + +-// normalize spaces +-range = range.split(/\s+/).join(' ') +- + // At this point, the range is completely trimmed and + // ready to be split into comparators. + +@@ -203,7 +203,7 @@ const Comparator = require('./comparator') + const debug = require('../internal/debug') + const SemVer = require('./semver') + const { +- re, ++ safeRe: re, + t, + comparatorTrimReplace, + tildeTrimReplace, +@@ -257,10 +257,13 @@ const isX = id => !id || id.toLowerCase() === 'x' || id === '*' + // ~1.2.3, ~>1.2.3 --> >=1.2.3 <1.3.0-0 + // ~1.2.0, ~>1.2.0 --> >=1.2.0 <1.3.0-0 + // ~0.0.1 --> >=0.0.1
[oe] Mickledore merge request : Aug 20th
The following changes since commit 75cf318cef3b4ee81fad2782cf063ecd69ba8842: lmsensors: do not pull in unneeded perl modules for run-time dependencies (2023-08-03 16:46:11 -0400) are available in the Git repository at: https://git.openembedded.org/meta-openembedded mickledore-next for you to fetch changes up to b0ba472191c2b7709ef04ae9c5a23bea040518f9: mcelog: Drop unneeded autotools-brokensep (2023-08-16 08:33:38 -0400) Changqing Li (2): redis: upgrade 6.2.12 -> 6.2.13 redis: upgrade 7.0.11 -> 7.0.12 Linus Jacobson (1): khronos-cts: Replace wayland feature dependancy with vulkan Mingli Yu (4): yajl: Fix CVE-2023-33460 iniparser: Fix CVE-2023-33461 php: Upgrade to 8.2.8 mcelog: Drop unneeded autotools-brokensep meta-oe/recipes-devtools/php/{php_8.2.6.bb => php_8.2.8.bb} | 2 +- meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_1.patch | 43 meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_2.patch | 31 + meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb | 5 ++- .../0001-src-Do-not-reset-FINAL_LIBS.patch | 0 .../0006-Define-correct-gregs-for-RISCV32.patch | 0 .../redis/{redis-7.0.11 => redis-7.0.12}/GNU_SOURCE-7.patch | 0 .../hiredis-use-default-CC-if-it-is-set.patch | 0 .../redis/{redis-7.0.11 => redis-7.0.12}/init-redis-server | 0 .../lua-update-Makefile-to-use-environment-build-setting.patch | 0 .../{redis-7.0.11 => redis-7.0.12}/oe-use-libc-malloc.patch | 0 .../redis/{redis-7.0.11 => redis-7.0.12}/redis.conf | 0 .../redis/{redis-7.0.11 => redis-7.0.12}/redis.service | 0 .../recipes-extended/redis/{redis_6.2.12.bb => redis_6.2.13.bb} | 2 +- .../recipes-extended/redis/{redis_7.0.11.bb => redis_7.0.12.bb} | 2 +- meta-oe/recipes-graphics/vk-gl-cts/khronos-cts.inc | 2 +- .../recipes-support/iniparser/iniparser/CVE-2023-33461.patch | 52 + meta-oe/recipes-support/iniparser/iniparser_4.1.bb | 3 +- meta-oe/recipes-support/mcelog/mcelog_191.bb | 11 -- 19 files changed, 145 insertions(+), 8 deletions(-) rename meta-oe/recipes-devtools/php/{php_8.2.6.bb => php_8.2.8.bb} (99%) create mode 100644 meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_1.patch create mode 100644 meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_2.patch rename meta-oe/recipes-extended/redis/{redis-7.0.11 => redis-7.0.12}/0001-src-Do-not-reset-FINAL_LIBS.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.11 => redis-7.0.12}/0006-Define-correct-gregs-for-RISCV32.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.11 => redis-7.0.12}/GNU_SOURCE-7.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.11 => redis-7.0.12}/hiredis-use-default-CC-if-it-is-set.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.11 => redis-7.0.12}/init-redis-server (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.11 => redis-7.0.12}/lua-update-Makefile-to-use-environment-build-setting.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.11 => redis-7.0.12}/oe-use-libc-malloc.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.11 => redis-7.0.12}/redis.conf (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.11 => redis-7.0.12}/redis.service (100%) rename meta-oe/recipes-extended/redis/{redis_6.2.12.bb => redis_6.2.13.bb} (96%) rename meta-oe/recipes-extended/redis/{redis_7.0.11.bb => redis_7.0.12.bb} (96%) create mode 100644 meta-oe/recipes-support/iniparser/iniparser/CVE-2023-33461.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#104500): https://lists.openembedded.org/g/openembedded-devel/message/104500 Mute This Topic: https://lists.openembedded.org/mt/100855359/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-