|
[meta-oe] [PATCH] monit: upgrade 5.29.0 -> 5.30.0
wangmy
Changelog:
========= -New: Add a read-only option to the set httpd statement. The option can be used on the TCP socket, the unix socket, or both. -Changed: Issue #1011: The include statement was limited to 512 files, increase the limit to 1024 files. -Fixed: The disk read and write bytes didn't show up in M/Monit for Monit 5.27.0 or later. -Fixed: Issue #998: Monit 5.29.0 may fail to compile on platforms without the monotonic clock support. -Fixed: Issue #1002: 32-bit Linux machines with more then 4GB of RAM reported wrong system memory size and swap size values. -Fixed: Issue #1005: When the port statement was used with the generic protocol test and the target server returned zeros in response, Monit >= 5.20.0 may crash. -Fixed: Issue #1009: When one executes an action via the Monit HTML GUI (uses a POST request), the Monit HTTP server will redirect the browser back to the base URL, so the browser won't perform the POST request again on an automatic page refresh, which is performed to poll for status changes. -Fixed: Issue #1015: The set httpd statement supports only one address option. Display warning if multiple address options are used. Signed-off-by: Wang Mingyu <wangmy@...> --- .../recipes-support/monit/{monit_5.29.0.bb => monit_5.30.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-support/monit/{monit_5.29.0.bb => monit_5.30.0.bb} (94%) diff --git a/meta-oe/recipes-support/monit/monit_5.29.0.bb b/meta-oe/recipes-support/monit/monit_5.30.0.bb similarity index 94% rename from meta-oe/recipes-support/monit/monit_5.29.0.bb rename to meta-oe/recipes-support/monit/monit_5.30.0.bb index 9528fe735..1496243c1 100644 --- a/meta-oe/recipes-support/monit/monit_5.29.0.bb +++ b/meta-oe/recipes-support/monit/monit_5.30.0.bb @@ -15,7 +15,7 @@ SRC_URI = " \ file://monitrc \ " -SRC_URI[sha256sum] = "f665e6dd1f26a74b5682899a877934167de2b2582e048652ecf036318477885f" +SRC_URI[sha256sum] = "e85649dfa8586f4fcdd34a0295c55ddd69b0eda6cfbdac47105a2673d10b1008" DEPENDS = "zlib bison-native libnsl2 flex-native openssl virtual/crypt" -- 2.25.1 |
|
|
|
[meta-oe] [PATCH] libsdl2-ttf: upgrade 2.0.15 -> 2.0.18
wangmy
refresh automake_foreign.patch
License-Update: year updated to 2022. Changelog: ========= -Added TTF_GetFreeTypeVersion() and TTF_GetHarfBuzzVersion() -Added support for Signed Distance Field rendering with TTF_SetFontSDF() and TTF_GetFontSDF() -Added optional DPI-scaling of fonts, with the following new functions: TTF_OpenFontDPI() TTF_OpenFontIndexDPI() TTF_OpenFontDPIRW() TTF_OpenFontIndexDPIRW() TTF_SetFontSizeDPI() -Added 32-bit character support with: TTF_GlyphIsProvided32() TTF_GlyphMetrics32() TTF_RenderGlyph32_Solid() TTF_RenderGlyph32_Shaded() TTF_RenderGlyph32_Blended() TTF_GetFontKerningSizeGlyphs32() -Added functions to set direction and script when using Harfbuzz: TTF_SetDirection() TTF_SetScript() -Added extended API for text measurement: TTF_MeasureText() TTF_MeasureUTF8() TTF_MeasureUNICODE() -Added TTF_SetFontSize() to set font size dynamically -Added 'Shaded' and 'Solid' text wrapped functions: TTF_RenderText_Solid_Wrapped() TTF_RenderUTF8_Solid_Wrapped() TTF_RenderUNICODE_Solid_Wrapped() TTF_RenderText_Shaded_Wrapped() TTF_RenderUTF8_Shaded_Wrapped() TTF_RenderUNICODE_Shaded_Wrapped() -Added TTF_HINTING_LIGHT_SUBPIXEL for better results at small text sizes at a performance cost Signed-off-by: Wang Mingyu <wangmy@...> --- .../libsdl/libsdl2-ttf/automake_foreign.patch | 6 +++--- .../{libsdl2-ttf_2.0.15.bb => libsdl2-ttf_2.0.18.bb} | 12 +++++------- 2 files changed, 8 insertions(+), 10 deletions(-) rename meta-oe/recipes-graphics/libsdl/{libsdl2-ttf_2.0.15.bb => libsdl2-ttf_2.0.18.bb} (60%) diff --git a/meta-oe/recipes-graphics/libsdl/libsdl2-ttf/automake_foreign.patch b/meta-oe/recipes-graphics/libsdl/libsdl2-ttf/automake_foreign.patch index 871e6e94e..962c11979 100644 --- a/meta-oe/recipes-graphics/libsdl/libsdl2-ttf/automake_foreign.patch +++ b/meta-oe/recipes-graphics/libsdl/libsdl2-ttf/automake_foreign.patch @@ -1,4 +1,4 @@ -From f9c4ad3a171d676e3818b8f6897f325ccf0b2203 Mon Sep 17 00:00:00 2001 +From 6ec375eaafc43a2b3c30a0e0e49447d231d81a67 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@...> Date: Tue, 9 May 2017 00:57:10 -0700 @@ -7,10 +7,10 @@ Date: Tue, 9 May 2017 00:57:10 -0700 1 file changed, 2 insertions(+) diff --git a/Makefile.am b/Makefile.am -index 8166d91..8e05e49 100644 +index 8568dd2..5efc91e 100644 --- a/Makefile.am +++ b/Makefile.am -@@ -2,6 +2,8 @@ +@@ -3,6 +3,8 @@ ACLOCAL_AMFLAGS = -I acinclude lib_LTLIBRARIES = libSDL2_ttf.la diff --git a/meta-oe/recipes-graphics/libsdl/libsdl2-ttf_2.0.15.bb b/meta-oe/recipes-graphics/libsdl/libsdl2-ttf_2.0.18.bb similarity index 60% rename from meta-oe/recipes-graphics/libsdl/libsdl2-ttf_2.0.15.bb rename to meta-oe/recipes-graphics/libsdl/libsdl2-ttf_2.0.18.bb index 0fd9916e9..513b41144 100644 --- a/meta-oe/recipes-graphics/libsdl/libsdl2-ttf_2.0.15.bb +++ b/meta-oe/recipes-graphics/libsdl/libsdl2-ttf_2.0.18.bb @@ -2,14 +2,12 @@ SUMMARY = "Simple DirectMedia Layer truetype font library" SECTION = "libs" DEPENDS = "virtual/libsdl2 freetype virtual/libgl" LICENSE = "Zlib" -LIC_FILES_CHKSUM = "file://COPYING.txt;md5=4bb27d550fdafcd8f8e4fb8cbb2775ef" +LIC_FILES_CHKSUM = "file://COPYING.txt;md5=e98cfd01ca78f683e9d035795810ce87" -SRC_URI = " \ - http://www.libsdl.org/projects/SDL_ttf/release/SDL2_ttf-${PV}.tar.gz \ - file://automake_foreign.patch \ -" -SRC_URI[md5sum] = "04fe06ff7623d7bdcb704e82f5f88391" -SRC_URI[sha256sum] = "a9eceb1ad88c1f1545cd7bd28e7cbc0b2c14191d40238f531a15b01b1b22cd33" +SRC_URI = "http://www.libsdl.org/projects/SDL_ttf/release/SDL2_ttf-${PV}.tar.gz \ + file://automake_foreign.patch \ + " +SRC_URI[sha256sum] = "7234eb8883514e019e7747c703e4a774575b18d435c22a4a29d068cb768a2251" S = "${WORKDIR}/SDL2_ttf-${PV}" -- 2.25.1 |
|
|
|
[meta-oe] [PATCH] libmodbus: upgrade 3.1.6 -> 3.1.7
wangmy
Fix-typo.patch
f1eb4bc7ccb09cd8d19ab641ee37637f8c34d16d.patch removed since they're included in 3.1.7 Changelog: ========= modbus_reply: fix copy & paste error in sanity check Add SECURITY.md Fix typo in comment Replace obsolete AC_PROG_CC_STDC by AC_PROG_CC Fix position of CC flags in documentation Remove duplicate ';' Add the baud rate of 256k for Windows cosmetic changes in man page standardizing itemization Fix many typos Replace .dir-locals.el (Emacs) by .editorconfig Include the test LICENSE in tarball Install the NEWS and AUTHORS files Update README.md docs: fix simple typo, reponse -> response Add modbus_[get|set]_indication_timeout to doc build Fix warning issues Move malloc before starting unit tests Fixed MODBUS_GET_* macros in case of negative values SPDX: change LGPL-2.1+ to LGPL-2.1-or-later Signed-off-by: Wang Mingyu <wangmy@...> --- .../libmodbus/libmodbus/Fix-typo.patch | 52 ------------------- ...4bc7ccb09cd8d19ab641ee37637f8c34d16d.patch | 32 ------------ .../libmodbus/libmodbus_3.1.6.bb | 12 ----- .../libmodbus/libmodbus_3.1.7.bb | 9 ++++ 4 files changed, 9 insertions(+), 96 deletions(-) delete mode 100644 meta-oe/recipes-extended/libmodbus/libmodbus/Fix-typo.patch delete mode 100644 meta-oe/recipes-extended/libmodbus/libmodbus/f1eb4bc7ccb09cd8d19ab641ee37637f8c34d16d.patch delete mode 100644 meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb create mode 100644 meta-oe/recipes-extended/libmodbus/libmodbus_3.1.7.bb diff --git a/meta-oe/recipes-extended/libmodbus/libmodbus/Fix-typo.patch b/meta-oe/recipes-extended/libmodbus/libmodbus/Fix-typo.patch deleted file mode 100644 index 384a4a40b..000000000 --- a/meta-oe/recipes-extended/libmodbus/libmodbus/Fix-typo.patch +++ /dev/null @@ -1,52 +0,0 @@ -From: =?utf-8?b?IlNaIExpbiAo5p6X5LiK5pm6KSI=?= <szlin@...> -Date: Thu, 27 Sep 2018 14:51:32 +0800 -Subject: Fix typo - ---- - doc/modbus_mapping_new_start_address.txt | 4 ++-- - doc/modbus_reply.txt | 2 +- - doc/modbus_reply_exception.txt | 2 +- - 3 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/doc/modbus_mapping_new_start_address.txt b/doc/modbus_mapping_new_start_address.txt -index 4fa196a..94a81fb 100644 ---- a/doc/modbus_mapping_new_start_address.txt -+++ b/doc/modbus_mapping_new_start_address.txt -@@ -21,9 +21,9 @@ The _modbus_mapping_new_start_address()_ function shall allocate four arrays to - store bits, input bits, registers and inputs registers. The pointers are stored - in modbus_mapping_t structure. All values of the arrays are initialized to zero. - --The different starting adresses make it possible to place the mapping at any -+The different starting addresses make it possible to place the mapping at any - address in each address space. This way, you can give access to values stored --at high adresses without allocating memory from the address zero, for eg. to -+at high addresses without allocating memory from the address zero, for eg. to - make available registers from 10000 to 10009, you can use: - - [source,c] -diff --git a/doc/modbus_reply.txt b/doc/modbus_reply.txt -index 0b29d6f..6b71d11 100644 ---- a/doc/modbus_reply.txt -+++ b/doc/modbus_reply.txt -@@ -3,7 +3,7 @@ modbus_reply(3) - - NAME - ---- --modbus_reply - send a reponse to the received request -+modbus_reply - send a response to the received request - - - SYNOPSIS -diff --git a/doc/modbus_reply_exception.txt b/doc/modbus_reply_exception.txt -index 7e6324f..b2170be 100644 ---- a/doc/modbus_reply_exception.txt -+++ b/doc/modbus_reply_exception.txt -@@ -3,7 +3,7 @@ modbus_reply_exception(3) - - NAME - ---- --modbus_reply_exception - send an exception reponse -+modbus_reply_exception - send an exception response - - - SYNOPSIS diff --git a/meta-oe/recipes-extended/libmodbus/libmodbus/f1eb4bc7ccb09cd8d19ab641ee37637f8c34d16d.patch b/meta-oe/recipes-extended/libmodbus/libmodbus/f1eb4bc7ccb09cd8d19ab641ee37637f8c34d16d.patch deleted file mode 100644 index 7fae34e7d..000000000 --- a/meta-oe/recipes-extended/libmodbus/libmodbus/f1eb4bc7ccb09cd8d19ab641ee37637f8c34d16d.patch +++ /dev/null @@ -1,32 +0,0 @@ -From f1eb4bc7ccb09cd8d19ab641ee37637f8c34d16d Mon Sep 17 00:00:00 2001 -From: i-ky <gl.ivanovsky@...> -Date: Tue, 10 Jul 2018 15:58:45 +0300 -Subject: [PATCH] Fixed MODBUS_GET_* macros in case of negative values - -In case resulting value should be negative it is incorrect to use '+' operator to construct it from pieces, because highest bytes will result in negative number after bitwise shift while others will stay positive. Replacing addition with '|' should solve the issue. ---- - src/modbus.h | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/modbus.h b/src/modbus.h -index f6e9a5f5..c63f5ceb 100644 ---- a/src/modbus.h -+++ b/src/modbus.h -@@ -245,12 +245,12 @@ MODBUS_API int modbus_reply_exception(modbus_t *ctx, const uint8_t *req, - #define MODBUS_GET_HIGH_BYTE(data) (((data) >> 8) & 0xFF) - #define MODBUS_GET_LOW_BYTE(data) ((data) & 0xFF) - #define MODBUS_GET_INT64_FROM_INT16(tab_int16, index) \ -- (((int64_t)tab_int16[(index) ] << 48) + \ -- ((int64_t)tab_int16[(index) + 1] << 32) + \ -- ((int64_t)tab_int16[(index) + 2] << 16) + \ -+ (((int64_t)tab_int16[(index) ] << 48) | \ -+ ((int64_t)tab_int16[(index) + 1] << 32) | \ -+ ((int64_t)tab_int16[(index) + 2] << 16) | \ - (int64_t)tab_int16[(index) + 3]) --#define MODBUS_GET_INT32_FROM_INT16(tab_int16, index) ((tab_int16[(index)] << 16) + tab_int16[(index) + 1]) --#define MODBUS_GET_INT16_FROM_INT8(tab_int8, index) ((tab_int8[(index)] << 8) + tab_int8[(index) + 1]) -+#define MODBUS_GET_INT32_FROM_INT16(tab_int16, index) ((tab_int16[(index)] << 16) | tab_int16[(index) + 1]) -+#define MODBUS_GET_INT16_FROM_INT8(tab_int8, index) ((tab_int8[(index)] << 8) | tab_int8[(index) + 1]) - #define MODBUS_SET_INT16_TO_INT8(tab_int8, index, value) \ - do { \ - tab_int8[(index)] = (value) >> 8; \ diff --git a/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb b/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb deleted file mode 100644 index 8e42fdc5d..000000000 --- a/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb +++ /dev/null @@ -1,12 +0,0 @@ -require libmodbus.inc - -SRC_URI += "file://f1eb4bc7ccb09cd8d19ab641ee37637f8c34d16d.patch \ - file://Fix-float-endianness-issue-on-big-endian-arch.patch \ - file://Fix-typo.patch" -SRC_URI[md5sum] = "15c84c1f7fb49502b3efaaa668cfd25e" -SRC_URI[sha256sum] = "d7d9fa94a16edb094e5fdf5d87ae17a0dc3f3e3d687fead81835d9572cf87c16" - -# this file has been created one minute after the configure file, so it doesn't get recreated during configure step -do_configure:prepend() { - rm -rf ${S}/tests/unit-test.h -} diff --git a/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.7.bb b/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.7.bb new file mode 100644 index 000000000..6c0e315d7 --- /dev/null +++ b/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.7.bb @@ -0,0 +1,9 @@ +require libmodbus.inc + +SRC_URI += "file://Fix-float-endianness-issue-on-big-endian-arch.patch" +SRC_URI[sha256sum] = "7dfe958431d0570b271e1a5b329b76a658e89c614cf119eb5aadb725c87f8fbd" + +# this file has been created one minute after the configure file, so it doesn't get recreated during configure step +do_configure:prepend() { + rm -rf ${S}/tests/unit-test.h +} -- 2.25.1 |
|
|
|
[meta-oe] [PATCH] cups-filters: upgrade 1.27.2 -> 1.28.11
wangmy
License-Update:
"org.cups.cupsd.Notifier.xml" changed to "utils/org.cups.cupsd.Notifier.xml" "GNU Library" changed to "GNU Library General" "GNU Lesser" changed to "GNU Lesser General" Changelog: URL of issues <https://github.com/OpenPrinting/cups-filters/pull/#####> ========= Bug fix release, containing backports of many of the bugs recently fixed during the preparation of the cups-filters 2.x release. Important is that cups-browsed's queue naming is aligned with CUPS' temporary queue naming now and several bugs affecting driverless printing are fixed. -libcupsfilters: Let PPD generator take default ColorModel from printer (CUPS issue #277). -Braille: In vectortopdf check inkscape version to call inkscape with the correct command line (Issue #315, Pull request #443). -Build system: Make missing DejaVuSans.ttf non-fatal in ./configure as the font is only needed for test programs, not for actual use of cups-filters (Issue #411). -libcupsfilters: In imagetoraster() fixed crash with SGray (Issue #435). -cups-browsed: Naming of local queues is matched to CUPS' current naming of temporary queues (no leading or trailing underscores), to avoid duplicates in print dialogs which support CUPS' temporary queues. -libcupsfilters: Make cupsRasterParseIPPOptions() work correctly with PPDs (Issue #436). -libcupsfilters: Let colord_get_profile_for_device_id() not return empty file name, to avoid error messages in CUPS error_log. -foomatic-rip: Debug message was wrongly sent to stdout and not to log (Issue #422). Signed-off-by: Wang Mingyu <wangmy@...> --- meta-oe/recipes-printing/cups/cups-filters.inc | 2 +- meta-oe/recipes-printing/cups/cups-filters_1.27.2.bb | 4 ---- meta-oe/recipes-printing/cups/cups-filters_1.28.11.bb | 3 +++ 3 files changed, 4 insertions(+), 5 deletions(-) delete mode 100644 meta-oe/recipes-printing/cups/cups-filters_1.27.2.bb create mode 100644 meta-oe/recipes-printing/cups/cups-filters_1.28.11.bb diff --git a/meta-oe/recipes-printing/cups/cups-filters.inc b/meta-oe/recipes-printing/cups/cups-filters.inc index c01e2cd49..061c8a625 100644 --- a/meta-oe/recipes-printing/cups/cups-filters.inc +++ b/meta-oe/recipes-printing/cups/cups-filters.inc @@ -2,7 +2,7 @@ DESCRIPTION = "CUPS backends, filters, and other software" HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/openprinting/cups-filters" LICENSE = "GPLv2 & LGPLv2 & MIT & GPLv2+ & GPLv3" -LIC_FILES_CHKSUM = "file://COPYING;md5=516215fd57564996d70327db19b368ff" +LIC_FILES_CHKSUM = "file://COPYING;md5=2d77679ce6a2cc4d873d4ebbf2a401e6" SECTION = "console/utils" diff --git a/meta-oe/recipes-printing/cups/cups-filters_1.27.2.bb b/meta-oe/recipes-printing/cups/cups-filters_1.27.2.bb deleted file mode 100644 index 35c4a929b..000000000 --- a/meta-oe/recipes-printing/cups/cups-filters_1.27.2.bb +++ /dev/null @@ -1,4 +0,0 @@ -include cups-filters.inc - -SRC_URI[md5sum] = "90ebcae31f2eabd802236408646b1dd9" -SRC_URI[sha256sum] = "174a2a5c919bf88c63ced692a2170add6c2cd70ff06c49bcea32e9cf56960492" diff --git a/meta-oe/recipes-printing/cups/cups-filters_1.28.11.bb b/meta-oe/recipes-printing/cups/cups-filters_1.28.11.bb new file mode 100644 index 000000000..bfe5375b2 --- /dev/null +++ b/meta-oe/recipes-printing/cups/cups-filters_1.28.11.bb @@ -0,0 +1,3 @@ +include cups-filters.inc + +SRC_URI[sha256sum] = "472418f1a1e12c9ad91b01caa020eb668626776d85de9da488be38e6663102ca" -- 2.25.1 |
|
|
|
[meta-networking] [PATCH] networkmanager: upgrade 1.32.12 -> 1.34.0
wangmy
Changelog:
========= * initrd: wait for both IPv4 and IPv6 with "ip=dhcp,dhcp6". * core: better handle sd-resolved errors when resolving hostnames. * nmcli: fix import WireGuard profile with DNS domain and address family disabled. * ndisc: send router solicitations before expiry. * policy: send earlier the ip configs to the DNS manager. * core: support linking with LLD 13. * wireguard: importing wg-quick configuration files with nmcli no longer sets a negative, exclusive "dns-priority". This plays better with common split DNS setups that use systemd-resolved. Adjust the "dns-priority" to your liking after import yourself. * NetworkManager no longer listens for netlink events for traffic control objects (qdiscs and filters). * core: add internal nm-priv-helper service for separating privileges and have a way to drop capabilities from NetworkManager daemon. * bond: add support for setting queue-id of bond port. * dns: support configuring DNS over TLS (DoT) with systemd-resolved. * nmtui: add support for WireGuard profiles. * nmcli: add aliases `nmcli device up|down` beside connect|disconnect. * conscious language: Deprecate 'Device.Slaves' D-Bus property in favor of new 'Device.Ports' property. Depracate 'nm_device_*_get_slaves()' in favor of 'nm_device_get_ports()' in libnm. * nmcli: invoking nmcli command without arguments will now show 'default' instead of null address in route4 or route6 section. The following changes were backported to 1.32.x releases between 1.32.0 and 1.32.12 are also present in NetworkManager-1.34: - 1.32.12: * Fix wrong order of addresses when restarting NetworkManager. * Preserve the IPv6 ff00::/8 route added by kernel in the local table, necessary for multicast communication. * Fix emitting the signal for changed metered status of devices. * Fix applying the ethtool autonegotiation and speed settings. * initrd: fix crash parsing plain '=' without key. * cloud-setup: use suppress_prefixlength rule to honor non-default-routes in the main table. - 1.32.10: * core: fix the order of IPv6 addresses changing on service restart. * initrd: add command line option to configure link autonegotiation and speed. * ifcfg-rh: fix crash when parsing invalid DNS address. * ifcfg-rh: extend ifup/ifdown scripts to work with connection profile names. * udev: also react to "move" (and "change") udev actions in our rules. - 1.32.8: * firewalld: configure zones on "Reloaded" signal. * core: fix wrong MTU for bridge interfaces. * cloud-setup: fix gateway address for Aliyun cloud. - 1.32.6: * core: fix adding stale local routes when address changes. * initrd: tag generated profiles with origin in user data. * core: introduce "allowed-connections" option to disallow profiles on a device. This allows to filter out profiles that originate from initrd. * core: introduce "keep-configuration" device option to forcefully activate a profile on start. * dhcp: handle filename/bootfile_name DHCP option and write it to device state file for initrd/kickstart. * initrd: add "ib.pkey=" command line option - 1.32.4: * core: remove stale entries from "seen-bssids" and "timestamp" files in "/var/lib/NetworkManager". * bond: support the peer_notif_delay option. * core: add ipv[46].required-timeout option to wait for IP configuration while activating. * core: send ARP announcements when there is carrier. * core: start DHCPv6 when a prefix delegation is needed for shared mode. * firewall: fix nftables backend to create "ip" table for IPv4 only. * initrd: set required-timeout of 20 seconds for default IPv4 configuration to opportunistically wait for IPv4. * ifcfg: log warning about invalid keys in ifcfg files. * ifcfg: reject non-UTF-8 from ifcfg files. * nmcli: show DNS SEARCH field in device information. * cloud-setup: add support for Aliyun cloud. - 1.32.2: * hostname: prefer IPv4 addresses for reverse DNS lookup. * dhcp: ignore unauthenticated FORCERENEW messages with internal, systemd-based DHCPv4 plugin (CVE-2020-13529). This plugin is not used, unless the undocumented dhcp=systemd option was set. * cloud-setup: preserve IP addresses, routes and rules from currently active connection profile. * Various bugfixes and performance improvements. Signed-off-by: Wang Mingyu <wangmy@...> --- .../{networkmanager_1.32.12.bb => networkmanager_1.34.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-connectivity/networkmanager/{networkmanager_1.32.12.bb => networkmanager_1.34.0.bb} (98%) diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.32.12.bb b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.34.0.bb similarity index 98% rename from meta-networking/recipes-connectivity/networkmanager/networkmanager_1.32.12.bb rename to meta-networking/recipes-connectivity/networkmanager/networkmanager_1.34.0.bb index c45452f75..ec15aea07 100644 --- a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.32.12.bb +++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.34.0.bb @@ -27,7 +27,7 @@ SRC_URI = " \ file://0002-Do-not-create-settings-settings-property-documentati.patch \ file://0003-install-firewalld-to-var-libdir-rather-than-hardcod-.patch \ " -SRC_URI[sha256sum] = "a8ab36a0a502fe73cd8e3bacb6585f97fbb94ebef79e276cdbaf11c33ff8f54b" +SRC_URI[sha256sum] = "819795d0899076204f5672421a58f1b1d9e393536ee87bb844b911e6243bf0bd" S = "${WORKDIR}/NetworkManager-${PV}" -- 2.25.1 |
|
|
|
[meta-oe] [PATCH] cryptsetup: upgrade 2.4.2 -> 2.4.3
wangmy
Changelog:
========= Stable security bug-fix release that fixes CVE-2021-4122. All users of cryptsetup 2.4.x must upgrade to this version. Changes since version 2.4.2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Fix possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery (CVE-2021-4122). An attacker can modify on-disk metadata to simulate decryption in progress with crashed (unfinished) reencryption step and persistently decrypt part of the LUKS device. This attack requires repeated physical access to the LUKS device but no knowledge of user passphrases. The decryption step is performed after a valid user activates the device with a correct passphrase and modified metadata. There are no visible warnings for the user that such recovery happened (except using the luksDump command). The attack can also be reversed afterward (simulating crashed encryption from a plaintext) with possible modification of revealed plaintext. The size of possible decrypted data depends on configured LUKS2 header size (metadata size is configurable for LUKS2). With the default parameters (16 MiB LUKS2 header) and only one allocated keyslot (512 bit key for AES-XTS), simulated decryption with checksum resilience SHA1 (20 bytes checksum for 4096-byte blocks), the maximal decrypted size can be over 3GiB. The attack is not applicable to LUKS1 format, but the attacker can update metadata in place to LUKS2 format as an additional step. For such a converted LUKS2 header, the keyslot area is limited to decrypted size (with SHA1 checksums) over 300 MiB. The issue is present in all cryptsetup releases since 2.2.0. Versions 1.x, 2.0.x, and 2.1.x are not affected, as these do not contain LUKS2 reencryption extension. The problem was caused by reusing a mechanism designed for actual reencryption operation without reassessing the security impact for new encryption and decryption operations. While the reencryption requires calculating and verifying both key digests, no digest was needed to initiate decryption recovery if the destination is plaintext (no encryption key). Also, some metadata (like encryption cipher) is not protected, and an attacker could change it. Note that LUKS2 protects visible metadata only when a random change occurs. It does not protect against intentional modification but such modification must not cause a violation of data confidentiality. The fix introduces additional digest protection of reencryption metadata. The digest is calculated from known keys and critical reencryption metadata. Now an attacker cannot create correct metadata digest without knowledge of a passphrase for used keyslots. For more details, see LUKS2 On-Disk Format Specification version 1.1.0. The former reencryption operation (without the additional digest) is no longer supported (reencryption with the digest is not backward compatible). You need to finish in-progress reencryption before updating to new packages. The alternative approach is to perform a repair command from the updated package to recalculate reencryption digest and fix metadata. The reencryption repair operation always require a user passphrase. WARNING: Devices with older reencryption in progress can be no longer activated without performing the action mentioned above. Encryption in progress can be detected by running the luksDump command (output includes reencrypt keyslot with reencryption parameters). Also, during the active reencryption, no keyslot operations are available (change of passphrases, etc.). The issue was found by Milan Broz as cryptsetup maintainer. Other changes ~~~~~~~~~~~~~ * Add configure option --disable-luks2-reencryption to completely disable LUKS2 reencryption code. When used, the libcryptsetup library can read metadata with reencryption code, but all reencryption API calls and cryptsetup reencrypt commands are disabled. Devices with online reencryption in progress cannot be activated. This option can cause some incompatibilities. Please use with care. * Improve internal metadata validation code for reencryption metadata. * Add updated documentation for LUKS2 On-Disk Format Specification version 1.1.0 (with reencryption extension description and updated metadata description). See docs/on-disk-format-luks2.pdf or online version in https://gitlab.com/cryptsetup/LUKS2-docs repository. * Fix support for bitlk (BitLocker compatible) startup key with new metadata entry introduced in Windows 11. * Fix space restriction for LUKS2 reencryption with data shift. The code required more space than was needed. Signed-off-by: Wang Mingyu <wangmy@...> --- .../cryptsetup/{cryptsetup_2.4.2.bb => cryptsetup_2.4.3.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-crypto/cryptsetup/{cryptsetup_2.4.2.bb => cryptsetup_2.4.3.bb} (97%) diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.2.bb b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb similarity index 97% rename from meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.2.bb rename to meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb index 621ac0f2f..8f9f663a3 100644 --- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.2.bb +++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb @@ -21,7 +21,7 @@ DEPENDS:append:libc-musl = " argp-standalone" LDFLAGS:append:libc-musl = " -largp" SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz" -SRC_URI[sha256sum] = "170cc2326a9daeeeb578579176bd10d4a60ee5c4fc5bc69018ce67dafc540b9c" +SRC_URI[sha256sum] = "fc0df945188172264ec5bf1d0bda08264fadc8a3f856d47eba91f31fe354b507" inherit autotools gettext pkgconfig -- 2.25.1 |
|
|
|
[meta-networking] [PATCH] mtr: upgrade 0.94 -> 0.95
wangmy
0001-Fix-a-lot-of-Werror-format-security-errors-in-printw.patch
removed since it is included in 0.95. Signed-off-by: Wang Mingyu <wangmy@...> --- ...ror-format-security-errors-in-printw.patch | 68 ------------------- .../mtr/{mtr_0.94.bb => mtr_0.95.bb} | 6 +- 2 files changed, 2 insertions(+), 72 deletions(-) delete mode 100644 meta-networking/recipes-support/mtr/mtr/0001-Fix-a-lot-of-Werror-format-security-errors-in-printw.patch rename meta-networking/recipes-support/mtr/{mtr_0.94.bb => mtr_0.95.bb} (83%) diff --git a/meta-networking/recipes-support/mtr/mtr/0001-Fix-a-lot-of-Werror-format-security-errors-in-printw.patch b/meta-networking/recipes-support/mtr/mtr/0001-Fix-a-lot-of-Werror-format-security-errors-in-printw.patch deleted file mode 100644 index 5a8ee49d5..000000000 --- a/meta-networking/recipes-support/mtr/mtr/0001-Fix-a-lot-of-Werror-format-security-errors-in-printw.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 628b4b3a16c5e3416aac3eea041ff03375fb495b Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@...> -Date: Sat, 30 Oct 2021 11:00:59 -0700 -Subject: [PATCH] Fix a lot of -Werror=format-security errors in - printw/mvprintw - -In all these places a non-constant is used as a format string which -compiler complains about. Fix by using "%s" as format. - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@...> ---- - ui/curses.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/ui/curses.c b/ui/curses.c -index 34bf30d..c24cf28 100644 ---- a/ui/curses.c -+++ b/ui/curses.c -@@ -432,7 +432,7 @@ static void mtr_curses_hosts( - attron(A_BOLD); - #ifdef HAVE_IPINFO - if (is_printii(ctl)) -- printw(fmt_ipinfo(ctl, addr)); -+ printw("%s", fmt_ipinfo(ctl, addr)); - #endif - if (name != NULL) { - if (ctl->show_ips) -@@ -485,7 +485,7 @@ static void mtr_curses_hosts( - printw("\n "); - #ifdef HAVE_IPINFO - if (is_printii(ctl)) -- printw(fmt_ipinfo(ctl, addrs)); -+ printw("%s", fmt_ipinfo(ctl, addrs)); - #endif - if (name != NULL) { - if (ctl->show_ips) -@@ -650,7 +650,7 @@ static void mtr_curses_graph( - - #ifdef HAVE_IPINFO - if (is_printii(ctl)) -- printw(fmt_ipinfo(ctl, addr)); -+ printw("%s", fmt_ipinfo(ctl, addr)); - #endif - name = dns_lookup(ctl, addr); - printw("%s", name ? name : strlongip(ctl, addr)); -@@ -700,7 +700,7 @@ void mtr_curses_redraw( - - mvprintw(1, 0, "%s (%s) -> %s", ctl->LocalHostname, net_localaddr(), ctl->Hostname); - t = time(NULL); -- mvprintw(1, maxx - 25, iso_time(&t)); -+ mvprintw(1, maxx - 25, "%s", iso_time(&t)); - printw("\n"); - - printw("Keys: "); -@@ -760,7 +760,7 @@ void mtr_curses_redraw( - startstat = padding - 2; - - snprintf(msg, sizeof(msg), " Last %3d pings", max_cols); -- mvprintw(rowstat - 1, startstat, msg); -+ mvprintw(rowstat - 1, startstat, "%s", msg); - - attroff(A_BOLD); - move(rowstat, 0); --- -2.33.1 - diff --git a/meta-networking/recipes-support/mtr/mtr_0.94.bb b/meta-networking/recipes-support/mtr/mtr_0.95.bb similarity index 83% rename from meta-networking/recipes-support/mtr/mtr_0.94.bb rename to meta-networking/recipes-support/mtr/mtr_0.95.bb index 460fd2e8b..b5e2fae50 100644 --- a/meta-networking/recipes-support/mtr/mtr_0.94.bb +++ b/meta-networking/recipes-support/mtr/mtr_0.95.bb @@ -8,10 +8,8 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://ui/mtr.c;beginline=5;endline=16;md5=00a894a39d53726a27386534d1c4e468" -SRCREV = "2c73cbf4094e4eed343ed11ae5bab2580f3122d1" -SRC_URI = "git://github.com/traviscross/mtr;branch=master;protocol=https \ - file://0001-Fix-a-lot-of-Werror-format-security-errors-in-printw.patch \ - " +SRCREV = "852e5617fbf331cf292723702161f0ac9afe257c" +SRC_URI = "git://github.com/traviscross/mtr;branch=master;protocol=https" S = "${WORKDIR}/git" -- 2.25.1 |
|
|
|
[meta-oe][PATCH] jq: upgrade 1.6 -> 2021-10-24 git
William A. Kennington III
JQ has gone through more than 3 years of code changes and has had
significant performance improvements since the last release. The team is still figuring out a new release process. Use the latest git commit to pull in these changes. Signed-off-by: William A. Kennington III <wak@...> --- meta-oe/recipes-devtools/jq/{jq_1.6.bb => jq_git.bb} | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) rename meta-oe/recipes-devtools/jq/{jq_1.6.bb => jq_git.bb} (71%) diff --git a/meta-oe/recipes-devtools/jq/jq_1.6.bb b/meta-oe/recipes-devtools/jq/jq_git.bb similarity index 71% rename from meta-oe/recipes-devtools/jq/jq_1.6.bb rename to meta-oe/recipes-devtools/jq/jq_git.bb index bfaeed5fe..102bb9f15 100644 --- a/meta-oe/recipes-devtools/jq/jq_1.6.bb +++ b/meta-oe/recipes-devtools/jq/jq_git.bb @@ -8,13 +8,10 @@ SECTION = "utils" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=15d03e360fa7399f76d5a4359fc72cbf" -SRC_URI = "https://github.com/stedolan/${BPN}/releases/download/${BP}/${BP}.tar.gz" - -UPSTREAM_CHECK_URI = "https://github.com/stedolan/${BPN}/releases" -UPSTREAM_CHECK_REGEX = "jq\-(?P<pver>(\d+\.\d+))(?!_\d+).tar.gz" - -SRC_URI[md5sum] = "e68fbd6a992e36f1ac48c99bbf825d6b" -SRC_URI[sha256sum] = "5de8c8e29aaa3fb9cc6b47bb27299f271354ebb72514e3accadc7d38b5bbaa72" +PV = "1.16+git${SRCREV}" +SRC_URI = "git://github.com/stedolan/jq;protocol=https" +SRCREV = "a9f97e9e61a910a374a5d768244e8ad63f407d3e" +S = "${WORKDIR}/git" inherit autotools-brokensep -- 2.34.1.703.g22d0c6ccf7-goog |
|
|
|
[meta-oe][PATCH] iotop: Use lld with clang on arm
BFD linker is crashing when using clang, workaround it by always using
lld when using clang on arm Signed-off-by: Khem Raj <raj.khem@...> --- meta-oe/recipes-extended/iotop/iotop_1.20.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta-oe/recipes-extended/iotop/iotop_1.20.bb b/meta-oe/recipes-extended/iotop/iotop_1.20.bb index 17c567095b..b05c8cd35d 100644 --- a/meta-oe/recipes-extended/iotop/iotop_1.20.bb +++ b/meta-oe/recipes-extended/iotop/iotop_1.20.bb @@ -12,6 +12,10 @@ inherit pkgconfig EXTRA_OEMAKE = "V=1 STRIP=true" +# Workaround BFD linker crash with clang on arm +# revisit when upgrading binutils and see if its fixed +LDFLAGS:append:toolchain-clang:arm = " -fuse-ld=lld" + do_install() { oe_runmake install DESTDIR=${D} } -- 2.34.1 |
|
|
|
[PATCH v2] python3-pyruvate: disable 64 bit atomics for mips
Use the same approach as librsvg to disable 64-bit atomics on platforms
which have 32-bit pointers or are otherwise not supported. https://github.com/crossbeam-rs/crossbeam/blob/master/no_atomic.rs https://doc.rust-lang.org/std/sync/atomic/#portability "PowerPC and MIPS platforms with 32-bit pointers do not have AtomicU64 or AtomicI64 types." Signed-off-by: Tim Orling <tim.orling@...> --- Changes in v2: - add the rest of the fixes from librsvg... mipsel, riscv32 et al .../recipes-devtools/python/python3-pyruvate_1.1.2.bb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-pyruvate_1.1.2.bb b/meta-python/recipes-devtools/python/python3-pyruvate_1.1.2.bb index 835cf9a93d..dad18b78c2 100644 --- a/meta-python/recipes-devtools/python/python3-pyruvate_1.1.2.bb +++ b/meta-python/recipes-devtools/python/python3-pyruvate_1.1.2.bb @@ -14,6 +14,14 @@ S = "${WORKDIR}/pyruvate-${PV}" inherit pypi setuptools3_rust +# crossbeam-* -> std::sync::atomic AtomicI64, AtomicU64 +# not supported on mips/powerpc with 32-bit pointers +# https://doc.rust-lang.org/std/sync/atomic/#portability +RUSTFLAGS:append:mips = " --cfg crossbeam_no_atomic_64" +RUSTFLAGS:append:mipsel = " --cfg crossbeam_no_atomic_64" +RUSTFLAGS:append:powerpc = " --cfg crossbeam_no_atomic_64" +RUSTFLAGS:append:riscv32 = " --cfg crossbeam_no_atomic_64" + SRC_URI += " \ crate://crates.io/aho-corasick/0.7.18 \ crate://crates.io/atty/0.2.14 \ -- 2.30.2 |
|
|
|
[PATCH] python3-pyruvate: disable 64 bit atomics for mips
Use the same approach as librsvg to disable 64-bit atomics on platforms
which have 32-bit pointers or are otherwise not supported. https://github.com/crossbeam-rs/crossbeam/blob/master/no_atomic.rs https://doc.rust-lang.org/std/sync/atomic/#portability "PowerPC and MIPS platforms with 32-bit pointers do not have AtomicU64 or AtomicI64 types." Signed-off-by: Tim Orling <tim.orling@...> --- .../recipes-devtools/python/python3-pyruvate_1.1.2.bb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-pyruvate_1.1.2.bb b/meta-python/recipes-devtools/python/python3-pyruvate_1.1.2.bb index 835cf9a93d..25e1e68a56 100644 --- a/meta-python/recipes-devtools/python/python3-pyruvate_1.1.2.bb +++ b/meta-python/recipes-devtools/python/python3-pyruvate_1.1.2.bb @@ -14,6 +14,12 @@ S = "${WORKDIR}/pyruvate-${PV}" inherit pypi setuptools3_rust +# crossbeam-util -> std::sync::atomic AtomicI64, AtomicU64 +# not supported on mips/powerpc with 32-bit pointers +# https://doc.rust-lang.org/std/sync/atomic/#portability +RUSTFLAGS:append:mips = " --cfg crossbeam_no_atomic_64" +RUSTFLAGS:append:powerpc = " --cfg crossbeam_no_atomic_64" + SRC_URI += " \ crate://crates.io/aho-corasick/0.7.18 \ crate://crates.io/atty/0.2.14 \ -- 2.30.2 |
|
|
|
Re: [meta-python][PATCH 4/7] python3-pyruvate: add recipe for v1.1.2
On 1/18/22 9:22 AM, Tim Orling wrote:
On Tue, Jan 18, 2022 at 9:15 AM Khem Raj <raj.khem@... <mailto:raj.khem@...>> wrote:we have patched crossbeam elsewhere which could be helpful here too. Perhaps adding something like RUSTFLAGS:append:mips = " --cfg crossbeam_no_atomic_64" might help. On Sat, Jan 15, 2022 at 9:29 PM Tim Orling <ticotimo@... |
|
|
|
Re: [meta-python][PATCH 4/7] python3-pyruvate: add recipe for v1.1.2
On Tue, Jan 18, 2022 at 9:15 AM Khem Raj <raj.khem@...> wrote: this fail on mips see error[E0432]: unresolved imports `core::sync::atomic::AtomicI64`, `core::sync::atomic::AtomicU64`
--> /usr/src/debug/python3-pyruvate/1.1.2-r0/cargo_home/bitbake/crossbeam-utils-0.8.6/src/lib.rs:79:49
|
79 | pub(crate) use core::sync::atomic::{AtomicI64, AtomicU64};
| ^^^^^^^^^ ^^^^^^^^^ no `AtomicU64` in `sync::atomic`
| |
| no `AtomicI64` in `sync::atomic`
|
help: a similar name exists in the module
|
79 | pub(crate) use core::sync::atomic::{AtomicI8, AtomicU64};
| ~~~~~~~~
help: a similar name exists in the module
|
79 | pub(crate) use core::sync::atomic::{AtomicI64, AtomicU8}; | ~~~~~~~~ Probably need to disable for mips32 as it doesn't have support in rust? On Sat, Jan 15, 2022 at 9:29 PM Tim Orling <ticotimo@...> wrote: |
|
|
|
Re: [meta-python][PATCH 4/7] python3-pyruvate: add recipe for v1.1.2
toggle quoted message
Show quoted text
On Sat, Jan 15, 2022 at 9:29 PM Tim Orling <ticotimo@...> wrote:
|
|
|
|
Re: [meta-python2][PATCH] distutils-base: stop using distutils-common-base which now triggers warning about distutils removal in Python 3.12
Thank you for this JaMa, it will make the move of distutils* classes to meta-python smoother. And when we drop distutils-common-base from oe-core it won't impact meta-python2. Thank you also for maintaining meta-python2. I do appreciate it. On Tue, Jan 18, 2022 at 12:32 AM Martin Jansa <Martin.Jansa@...> wrote: * distutils removal in Python 3.12 doesn't affect already EOL Python2 recipes Acked-by: Tim Orlnig <tim.orling@...> --- |
|
|
|
[meta-networking][dunfell][PATCH v3] strongswan: Fix for CVE-2021-41990 and CVE-2021-41991
From: Virendra Thakur <virendrak@...>
Add patch to fix CVE-2021-41990 and CVE-2021-41991 Signed-off-by: Virendra Thakur <virendra.thakur@...> Signed-off-by: virendra thakur <thakur.virendra1810@...> --- .../strongswan/files/CVE-2021-41990.patch | 62 +++++++++++++++++++ .../strongswan/files/CVE-2021-41991.patch | 41 ++++++++++++ .../strongswan/strongswan_5.8.4.bb | 2 + 3 files changed, 105 insertions(+) create mode 100644 meta-networking/recipes-support/strongswan/files/CVE-2021-41990.patch create mode 100644 meta-networking/recipes-support/strongswan/files/CVE-2021-41991.patch diff --git a/meta-networking/recipes-support/strongswan/files/CVE-2021-41990.patch b/meta-networking/recipes-support/strongswan/files/CVE-2021-41990.patch new file mode 100644 index 000000000..b7118ba1f --- /dev/null +++ b/meta-networking/recipes-support/strongswan/files/CVE-2021-41990.patch @@ -0,0 +1,62 @@ +From 423a5d56274a1d343e0d2107dfc4fbf0df2dcca5 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner <tobias@...> +Date: Tue, 28 Sep 2021 17:52:08 +0200 +Subject: [PATCH] Reject RSASSA-PSS params with negative salt length + +The `salt_len` member in the struct is of type `ssize_t` because we use +negative values for special automatic salt lengths when generating +signatures. + +Not checking this could lead to an integer overflow. The value is assigned +to the `len` field of a chunk (`size_t`), which is further used in +calculations to check the padding structure and (if that is passed by a +matching crafted signature value) eventually a memcpy() that will result +in a segmentation fault. + +Fixes: a22316520b91 ("signature-params: Add functions to parse/build ASN.1 RSASSA-PSS params") +Fixes: 7d6b81648b2d ("gmp: Add support for RSASSA-PSS signature verification") +Fixes: CVE-2021-41990 + +Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2021-41990] +CVE: CVE-2021-41990 + +Signed-off-by: Virendra Thakur <virendra.thakur@...> + +--- + src/libstrongswan/credentials/keys/signature_params.c | 6 +++++- + src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 2 +- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/libstrongswan/credentials/keys/signature_params.c b/src/libstrongswan/credentials/keys/signature_params.c +index d89bd2c96bb5..837de8443d43 100644 +--- a/src/libstrongswan/credentials/keys/signature_params.c ++++ b/src/libstrongswan/credentials/keys/signature_params.c +@@ -322,7 +322,11 @@ bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params) + case RSASSA_PSS_PARAMS_SALT_LEN: + if (object.len) + { +- params->salt_len = (size_t)asn1_parse_integer_uint64(object); ++ params->salt_len = (ssize_t)asn1_parse_integer_uint64(object); ++ if (params->salt_len < 0) ++ { ++ goto end; ++ } + } + break; + case RSASSA_PSS_PARAMS_TRAILER: +diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +index f9bd1d314dec..3a775090883e 100644 +--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c ++++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +@@ -168,7 +168,7 @@ static bool verify_emsa_pss_signature(private_gmp_rsa_public_key_t *this, + int i; + bool success = FALSE; + +- if (!params) ++ if (!params || params->salt_len < 0) + { + return FALSE; + } +-- +2.25.1 + diff --git a/meta-networking/recipes-support/strongswan/files/CVE-2021-41991.patch b/meta-networking/recipes-support/strongswan/files/CVE-2021-41991.patch new file mode 100644 index 000000000..2d898fa5c --- /dev/null +++ b/meta-networking/recipes-support/strongswan/files/CVE-2021-41991.patch @@ -0,0 +1,41 @@ +From b667237b3a84f601ef5a707ce8eb861c3a5002d3 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner <tobias@...> +Date: Tue, 28 Sep 2021 19:38:22 +0200 +Subject: [PATCH] cert-cache: Prevent crash due to integer overflow/sign change + +random() allocates values in the range [0, RAND_MAX], with RAND_MAX usually +equaling INT_MAX = 2^31-1. Previously, values between 0 and 31 were added +directly to that offset before applying`% CACHE_SIZE` to get an index into +the cache array. If the random value was very high, this resulted in an +integer overflow and a negative index value and, therefore, an out-of-bounds +access of the array and in turn dereferencing invalid pointers when trying +to acquire the read lock. This most likely results in a segmentation fault. + +Fixes: 764e8b2211ce ("reimplemented certificate cache") +Fixes: CVE-2021-41991 + +Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2021-41991] +CVE: CVE-2021-41991 + +Signed-off-by: Virendra Thakur <virendra.thakur@...> + +--- + src/libstrongswan/credentials/sets/cert_cache.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c +index f1579c60a9bc..ceebb3843725 100644 +--- a/src/libstrongswan/credentials/sets/cert_cache.c ++++ b/src/libstrongswan/credentials/sets/cert_cache.c +@@ -151,7 +151,7 @@ static void cache(private_cert_cache_t *this, + for (try = 0; try < REPLACE_TRIES; try++) + { + /* replace a random relation */ +- offset = random(); ++ offset = random() % CACHE_SIZE; + for (i = 0; i < CACHE_SIZE; i++) + { + rel = &this->relations[(i + offset) % CACHE_SIZE]; +-- +2.25.1 + diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb index 8a8809243..b45b8074c 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb @@ -11,6 +11,8 @@ SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ file://fix-funtion-parameter.patch \ file://0001-memory.h-Include-stdint.h-for-uintptr_t.patch \ file://0001-Remove-obsolete-setting-regarding-the-Standard-Outpu.patch \ + file://CVE-2021-41990.patch \ + file://CVE-2021-41991.patch \ " SRC_URI[md5sum] = "0634e7f40591bd3f6770e583c3f27d29" -- 2.17.1 |
|
|
|
[meta-python][PATCH 3/3] python3-fastjsonschema: Upgrade 2.15.1 -> 2.15.3
Upgrade to release 2.15.3:
- Fix swapping handlers - Fix tests - Readablregexps in generated code Signed-off-by: Leon Anavi <leon.anavi@...> --- ...astjsonschema_2.15.1.bb => python3-fastjsonschema_2.15.3.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-fastjsonschema_2.15.1.bb => python3-fastjsonschema_2.15.3.bb} (94%) diff --git a/meta-python/recipes-devtools/python/python3-fastjsonschema_2.15.1.bb b/meta-python/recipes-devtools/python/python3-fastjsonschema_2.15.3.bb similarity index 94% rename from meta-python/recipes-devtools/python/python3-fastjsonschema_2.15.1.bb rename to meta-python/recipes-devtools/python/python3-fastjsonschema_2.15.3.bb index a8bc0c10d..a2821c117 100644 --- a/meta-python/recipes-devtools/python/python3-fastjsonschema_2.15.1.bb +++ b/meta-python/recipes-devtools/python/python3-fastjsonschema_2.15.3.bb @@ -6,7 +6,7 @@ HOMEPAGE = "https://github.com/seznam/python-fastjsonschema" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=18950e8362b69c0c617b42b8bd8e7532" -SRCREV = "1e214911fe83dbaeea3d50dfb3a539118de8a442" +SRCREV = "d03f3835da4899bdeb597a9d3f30a709e7c3254f" PYPI_SRC_URI = "git://github.com/horejsek/python-fastjsonschema;protocol=https;branch=master" SRC_URI += "file://run-ptest" -- 2.30.2 |
|
|
|
[meta-python][PATCH 2/3] python3-fasteners: Upgrade 0.16.3 -> 0.17.2
Upgrade to release 0.17.2:
- Remove unecessary setuptools pin - Switch to the modern python package build infrastructure - Remove support for python 3.5 and earlier, including 2.7 - Add support for python 3.9 and 3.10 - Fix a conflict with django lock - Add __version__ and __all__ attributes - Fix a failure to parse README as utf-8 - Move from nosetest to pytest and cleanup testing infrastructure Signed-off-by: Leon Anavi <leon.anavi@...> --- ...asteners_0.16.3.bb => python3-fasteners_0.17.2.bb} | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) rename meta-python/recipes-devtools/python/{python3-fasteners_0.16.3.bb => python3-fasteners_0.17.2.bb} (50%) diff --git a/meta-python/recipes-devtools/python/python3-fasteners_0.16.3.bb b/meta-python/recipes-devtools/python/python3-fasteners_0.17.2.bb similarity index 50% rename from meta-python/recipes-devtools/python/python3-fasteners_0.16.3.bb rename to meta-python/recipes-devtools/python/python3-fasteners_0.17.2.bb index 26549c151..5e847497a 100644 --- a/meta-python/recipes-devtools/python/python3-fasteners_0.16.3.bb +++ b/meta-python/recipes-devtools/python/python3-fasteners_0.17.2.bb @@ -3,11 +3,16 @@ HOMEPAGE = "https://github.com/harlowja/fasteners" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=4476c4be31402271e101d9a4a3430d52" -SRC_URI[sha256sum] = "b1ab4e5adfbc28681ce44b3024421c4f567e705cc3963c732bf1cba3348307de" +SRC_URI[sha256sum] = "2aceacb2bd618ce8526676f7a3e84ea25d0165ef10abb574a45b4a9c07292d2e" inherit pypi setuptools3 RDEPENDS:${PN} += "\ - ${PYTHON_PN}-logging \ - ${PYTHON_PN}-fcntl \ + ${PYTHON_PN}-logging \ + ${PYTHON_PN}-fcntl \ " + +do_compile:prepend() { + echo "from setuptools import setup" > ${S}/setup.py + echo "setup()" >> ${S}/setup.py +} -- 2.30.2 |
|
|
|
[meta-python][PATCH 1/3] python3-gmpy2: Upgrade 2.1.1 -> 2.1.2
Upgrade to release 2.1.2:
- Added binary wheels for Apple silicon Signed-off-by: Leon Anavi <leon.anavi@...> --- .../python/{python3-gmpy2_2.1.1.bb => python3-gmpy2_2.1.2.bb} | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-gmpy2_2.1.1.bb => python3-gmpy2_2.1.2.bb} (82%) diff --git a/meta-python/recipes-devtools/python/python3-gmpy2_2.1.1.bb b/meta-python/recipes-devtools/python/python3-gmpy2_2.1.2.bb similarity index 82% rename from meta-python/recipes-devtools/python/python3-gmpy2_2.1.1.bb rename to meta-python/recipes-devtools/python/python3-gmpy2_2.1.2.bb index fc8db9509..d064ba5c0 100644 --- a/meta-python/recipes-devtools/python/python3-gmpy2_2.1.1.bb +++ b/meta-python/recipes-devtools/python/python3-gmpy2_2.1.2.bb @@ -7,7 +7,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ DEPENDS += "gmp mpfr libmpc" PYPI_PACKAGE = "gmpy2" -SRC_URI[sha256sum] = "346f442063c8212c347e330519905591626ea6fa31aa6ccd299ecd5654e1086f" +SRC_URI[sha256sum] = "da75140bca128ece795895477e53b43773e3748aa90ba6170eae7ca2c74b82d1" inherit pypi setuptools3 python3native + BBCLASSEXTEND = "native nativesdk" -- 2.30.2 |
|
|
|
[meta-python2][PATCH] distutils-base: stop using distutils-common-base which now triggers warning about distutils removal in Python 3.12
Martin Jansa
* distutils removal in Python 3.12 doesn't affect already EOL Python2 recipes
Signed-off-by: Martin Jansa <Martin.Jansa@...> --- classes/distutils-base.bbclass | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/classes/distutils-base.bbclass b/classes/distutils-base.bbclass index 803dc8b..26aadad 100644 --- a/classes/distutils-base.bbclass +++ b/classes/distutils-base.bbclass @@ -1,4 +1,34 @@ DEPENDS += "${@["${PYTHON_PN}-native ${PYTHON_PN}", ""][(d.getVar('PACKAGES') == '')]}" RDEPENDS:${PN} += "${@['', '${PYTHON_PN}-core']['${CLASSOVERRIDE}' == 'class-target']}" -inherit distutils-common-base pythonnative +inherit pythonnative + +# the rest is meta/classes/distutils-common-base.bbclass before the bb.warn was added in: +# https://git.openembedded.org/openembedded-core/commit/?id=54b455049ee94c01c78b31b6c744c8e32b5b7737 +# as the distutils removal in Python 3.12 doesn't affect already EOL Python2 recipes + +export STAGING_INCDIR +export STAGING_LIBDIR + +# LDSHARED is the ld *command* used to create shared library +export LDSHARED = "${CCLD} -shared" +# LDXXSHARED is the ld *command* used to create shared library of C++ +# objects +export LDCXXSHARED = "${CXX} -shared" +# CCSHARED are the C *flags* used to create objects to go into a shared +# library (module) +export CCSHARED = "-fPIC -DPIC" +# LINKFORSHARED are the flags passed to the $(CC) command that links +# the python executable +export LINKFORSHARED = "${SECURITY_CFLAGS} -Xlinker -export-dynamic" + +FILES:${PN} += "${libdir}/* ${libdir}/${PYTHON_DIR}/*" + +FILES:${PN}-staticdev += "\ + ${PYTHON_SITEPACKAGES_DIR}/*.a \ +" +FILES:${PN}-dev += "\ + ${datadir}/pkgconfig \ + ${libdir}/pkgconfig \ + ${PYTHON_SITEPACKAGES_DIR}/*.la \ +" -- 2.32.0 |
|
|