|
[meta-oe] [PATCH] nlohmann-json: upgrade 3.10.4 -> 3.10.5
wangmy
License-Update: year updated to 2022.
Changelog: ========= Bug fixes --------- Make sure C++17 filesystem conversions are only used if the compiler supports it. Furthermore, add defines JSON_HAS_FILESYSTEM and JSON_HAS_EXPERIMENTAL_FILESYSTEM which can be set to 0 to avoid using filesystem support altogether.std::filesystem. #3090 #3097 #3101 #3156 #3203 Fix a compilation error with Nvidia CUDA Compiler (NVCC). #3013 #3234 Warnings --------- Fix a warning for shadowed variables. #3188 #3193 Fix a warning on a pointless comparison. #3227 #2712 #2676 #1390 #755 Improvements ------------ Add a parameter to the update function to recursively merge objects with common keys. #3006 #3069 Extend std::hash and std::swap to work on any nlohmann::basic_json specializations rather than just nlohmann::json. #3121 Further Changes -------------- Tests and CI Update CI to use Clang 14, GCC 6, and Clang-Tidy 14. #3088 Update cpplint. #3225 Add build step for the Nvidia CUDA Compiler (NVCC). #3227 Remove Travis CI. #3087 #3233 Compile and execute the test suite with C++17. #3101 Documentation -------------- The mkdocs-based documentation in doc/mkdocs has been totally overworked. It now has a unified structure, more examples, and contains all information from the previous Doxygen-based documentation. The single source of truth is now the documentation on https://json.nlohmann.me and in particular the API Documentation. #3071 Removed Wandbox online examples. #3071 Fix typos, links, and parameter names in the documentation. Add more examples. #3071 #3100 Signed-off-by: Wang Mingyu <wangmy@...> --- .../{nlohmann-json_3.10.4.bb => nlohmann-json_3.10.5.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-oe/recipes-devtools/nlohmann-json/{nlohmann-json_3.10.4.bb => nlohmann-json_3.10.5.bb} (82%) diff --git a/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.4.bb b/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb similarity index 82% rename from meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.4.bb rename to meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb index 223b141d1..a69c5c7e5 100644 --- a/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.4.bb +++ b/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb @@ -2,12 +2,12 @@ SUMMARY = "JSON for modern C++" HOMEPAGE = "https://nlohmann.github.io/json/" SECTION = "libs" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE.MIT;md5=441793d25a658d58d79a1f87516a6ad1" +LIC_FILES_CHKSUM = "file://LICENSE.MIT;md5=f969127d7b7ed0a8a63c2bbeae002588" SRC_URI = "git://github.com/nlohmann/json.git;nobranch=1;protocol=https \ " -SRCREV = "fec56a1a16c6e1c1b1f4e116a20e79398282626c" +SRCREV = "4f8fba14066156b73f1189a2b8bd568bde5284c5" S = "${WORKDIR}/git" -- 2.25.1 |
|
|
|
[meta-oe] [PATCH] ostree: upgrade 2021.6 -> 2022.1
wangmy
Changelog:
========== repo: Change locking for summary regeneration to be shared soup-uri: Fix clang-analyzer warning by dropping dead code tests: Fix clang-analyzer not seeing through `g_error()` Update FSF license notices to use URL instead of address lib: misc static analysis fixes lib/repo: assert that writable state and error agree lib/repo: do no return an arbitrary mode on failure lib/repo: do no return a NULL on failure tests: assert mandatory values are present main: add support for CLI extensions via external binaries tests/cli-extensions: tweak test logic lib: use ostree-content-writer header bsdiff: bump submodule, pick up fix for CVE-2014-9862 lib/static-delta: throw a proper error on bspatch failure github: add dependabot config Simon McVittie (1): rofiles-fuse: Build using FUSE 3 if possible, falling back to FUSE 2 Signed-off-by: Wang Mingyu <wangmy@...> --- .../ostree/{ostree_2021.6.bb => ostree_2022.1.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-extended/ostree/{ostree_2021.6.bb => ostree_2022.1.bb} (99%) diff --git a/meta-oe/recipes-extended/ostree/ostree_2021.6.bb b/meta-oe/recipes-extended/ostree/ostree_2022.1.bb similarity index 99% rename from meta-oe/recipes-extended/ostree/ostree_2021.6.bb rename to meta-oe/recipes-extended/ostree/ostree_2022.1.bb index d2d5dc0aa..64f39b6e8 100644 --- a/meta-oe/recipes-extended/ostree/ostree_2021.6.bb +++ b/meta-oe/recipes-extended/ostree/ostree_2022.1.bb @@ -21,7 +21,7 @@ SRC_URI = " \ gitsm://github.com/ostreedev/ostree;branch=main;protocol=https \ file://run-ptest \ " -SRCREV = "f1155c8d283c3c85d74d5e1050b0dcf8198f750a" +SRCREV = "6c903ab0b66e0542685108e837a23a9e29845949" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+\.\d+)" -- 2.25.1 |
|
|
|
Re: [meta-oe][hardknott][PATCH] postgresql: Update to 13.5
Robert Joslyn
On Jan 16, 2022, at 10:16 AM, Armin Kuster <akuster808@...> wrote:I did send a patch for master to update to 14.1. Figured it wasn’t worth bumping master to 13.5 when a newer major version was available. Thanks, Robert |
|
|
|
Re: [meta-oe][dunfell][PATCH 1/5] freerdp: Upgrade to 2.2.0
Marek Vasut
On 1/16/22 19:05, akuster808 wrote:
On 1/15/22 7:45 AM, Marek Vasut wrote:What about the large amount of CVE fixes and the fact that this is still a stable-2.0 branch update, not upgrade to 3.x , as explained below ?On 1/15/22 14:43, akuster808 wrote:I still see new features being added in 2.2.0 so the same statementsThis patch updates freerdp from 2.0.0 to 2.2.0 , not from 2.2.0 to What about this ?This one addresses quite a few old CVEs though, see below.I had to look at the release notes myself and found new features beingThis should all be part of FreeRDP stable-2.0 branch |
|
|
|
Re: [meta-oe][hardknott][PATCH] postgresql: Update to 13.5
Robert,
On 1/15/22 1:33 PM, Robert Joslyn wrote: This is a security and bugfix release. With this update, the backportedIf a patch to update master has not been sent, please do so as it currently has the same version as hardknott. thanks, Armin
|
|
|
|
Re: [meta-oe][dunfell][PATCH 1/5] freerdp: Upgrade to 2.2.0
On 1/15/22 7:45 AM, Marek Vasut wrote:
On 1/15/22 14:43, akuster808 wrote:I still see new features being added in 2.2.0 so the same statementsThis patch updates freerdp from 2.0.0 to 2.2.0 , not from 2.2.0 to apply. Until the process changes to allow package updates that include new features and functionality for a LTS branch, I am going to decline taking this patch series. -armin This one addresses quite a few old CVEs though, see below.I had to look at the release notes myself and found new features beingThis should all be part of FreeRDP stable-2.0 branch |
|
|
|
[meta-networking][PATCH] postfix: upgrade 3.6.3 -> 3.6.4
Yi Zhao
Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@...> --- ...makedefs.patch => 0001-Fix-makedefs.patch} | 23 ++++++----- ...conf-to-a-variable-for-cross-compil.patch} | 40 +++++++++++++------ ...ive-compiler-to-build-makedefs.test.patch} | 16 ++++---- ...config.patch => 0004-Fix-icu-config.patch} | 21 +++++++--- ...l-and-lresolv-to-SYSLIBS-by-default.patch} | 10 ++--- ...-correct-signature-of-closefrom-API.patch} | 5 ++- .../recipes-daemons/postfix/files/aliasesdb | 0 .../postfix/files/check_hostname.sh | 0 .../recipes-daemons/postfix/files/postfix | 0 .../postfix/files/postfix-install.patch | 26 ------------ .../recipes-daemons/postfix/postfix_3.6.3.bb | 19 --------- .../recipes-daemons/postfix/postfix_3.6.4.bb | 18 +++++++++ 12 files changed, 90 insertions(+), 88 deletions(-) rename meta-networking/recipes-daemons/postfix/files/{makedefs.patch => 0001-Fix-makedefs.patch} (86%) rename meta-networking/recipes-daemons/postfix/files/{install.patch => 0002-Change-fixed-postconf-to-a-variable-for-cross-compil.patch} (68%) rename meta-networking/recipes-daemons/postfix/files/{0001-makedefs-Use-native-compiler-to-build-makedefs.test.patch => 0003-makedefs-Use-native-compiler-to-build-makedefs.test.patch} (83%) rename meta-networking/recipes-daemons/postfix/files/{icu-config.patch => 0004-Fix-icu-config.patch} (61%) rename meta-networking/recipes-daemons/postfix/files/{0001-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch => 0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch} (88%) rename meta-networking/recipes-daemons/postfix/files/{0007-correct-signature-of-closefrom-API.patch => 0006-correct-signature-of-closefrom-API.patch} (97%) mode change 100755 => 100644 meta-networking/recipes-daemons/postfix/files/aliasesdb mode change 100755 => 100644 meta-networking/recipes-daemons/postfix/files/check_hostname.sh mode change 100755 => 100644 meta-networking/recipes-daemons/postfix/files/postfix delete mode 100644 meta-networking/recipes-daemons/postfix/files/postfix-install.patch delete mode 100644 meta-networking/recipes-daemons/postfix/postfix_3.6.3.bb create mode 100644 meta-networking/recipes-daemons/postfix/postfix_3.6.4.bb diff --git a/meta-networking/recipes-daemons/postfix/files/makedefs.patch b/meta-networking/recipes-daemons/postfix/files/0001-Fix-makedefs.patch similarity index 86% rename from meta-networking/recipes-daemons/postfix/files/makedefs.patch rename to meta-networking/recipes-daemons/postfix/files/0001-Fix-makedefs.patch index 98d5f7ed6..e83085d20 100644 --- a/meta-networking/recipes-daemons/postfix/files/makedefs.patch +++ b/meta-networking/recipes-daemons/postfix/files/0001-Fix-makedefs.patch @@ -1,8 +1,9 @@ -From 4f49e2ce420fb3c17415937530493158ef312733 Mon Sep 17 00:00:00 2001 +From 9000ee4d8bb5c5e0bcc588e9bec86eb56f4285e1 Mon Sep 17 00:00:00 2001 From: Li xin <lixin.fnst@...> Date: Fri, 19 Jun 2015 16:45:54 +0900 -Subject: [PATCH] 1)remove RANLIB, SYSLIBS, AR and get them from env. +Subject: [PATCH] Fix makedefs +1)remove RANLIB, SYSLIBS, AR and get them from env. 2)reference sysroot when searching header files 3)include sysroot path instead of absolute include path for Linux2 and Linux3 systems. @@ -18,10 +19,10 @@ Signed-off-by: Yao Zhao <yao.zhao@...> 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/makedefs b/makedefs -index 8b84e47..893fb0d 100644 +index 3448c1e..78e0717 100644 --- a/makedefs +++ b/makedefs -@@ -170,9 +170,6 @@ echo "# pie=$pie" +@@ -197,9 +197,6 @@ echo "# pie=$pie" # Defaults for most sane systems @@ -31,7 +32,7 @@ index 8b84e47..893fb0d 100644 ARFL=rv # Ugly function to make our error message more visible among the -@@ -424,12 +421,12 @@ case "$SYSTEM.$RELEASE" in +@@ -492,12 +489,12 @@ case "$SYSTEM.$RELEASE" in case "$CCARGS" in *-DNO_DB*) ;; *-DHAS_DB*) ;; @@ -47,7 +48,7 @@ index 8b84e47..893fb0d 100644 else # No, we're not going to try db1 db2 db3 etc. # On a properly installed system, Postfix builds -@@ -438,12 +435,12 @@ case "$SYSTEM.$RELEASE" in +@@ -506,12 +503,12 @@ case "$SYSTEM.$RELEASE" in echo "Install the appropriate db*-devel package first." 1>&2 exit 1 fi @@ -62,7 +63,7 @@ index 8b84e47..893fb0d 100644 do test -e $lib/lib$name.a -o -e $lib/lib$name.so && { SYSLIBS="$SYSLIBS -l$name" -@@ -463,7 +460,7 @@ case "$SYSTEM.$RELEASE" in +@@ -531,7 +528,7 @@ case "$SYSTEM.$RELEASE" in if [ `expr "X$CCARGS" : "X.*-DNO_EPOLL"` -gt 0 ] then : @@ -71,7 +72,7 @@ index 8b84e47..893fb0d 100644 then echo CCARGS="$CCARGS -DNO_EPOLL" else -@@ -487,8 +484,6 @@ int main(int argc, char **argv) +@@ -555,8 +552,6 @@ int main(int argc, char **argv) } EOF ${CC-gcc} -o makedefs.test makedefs.test.c || exit 1 @@ -80,7 +81,7 @@ index 8b84e47..893fb0d 100644 rm -f makedefs.test makedefs.test.[co] fi;; esac -@@ -504,12 +499,12 @@ EOF +@@ -572,12 +567,12 @@ EOF case "$CCARGS" in *-DNO_DB*) ;; *-DHAS_DB*) ;; @@ -96,7 +97,7 @@ index 8b84e47..893fb0d 100644 else # On a properly installed system, Postfix builds # by including <db.h> and by linking with -ldb -@@ -517,12 +512,12 @@ EOF +@@ -585,12 +580,12 @@ EOF echo "Install the appropriate db*-devel package first." 1>&2 exit 1 fi @@ -112,5 +113,5 @@ index 8b84e47..893fb0d 100644 test -e $lib/lib$name.a -o -e $lib/lib$name.so && { SYSLIBS="$SYSLIBS -l$name" -- -1.8.4.2 +2.17.1 diff --git a/meta-networking/recipes-daemons/postfix/files/install.patch b/meta-networking/recipes-daemons/postfix/files/0002-Change-fixed-postconf-to-a-variable-for-cross-compil.patch similarity index 68% rename from meta-networking/recipes-daemons/postfix/files/install.patch rename to meta-networking/recipes-daemons/postfix/files/0002-Change-fixed-postconf-to-a-variable-for-cross-compil.patch index d023680f3..347b9de0a 100644 --- a/meta-networking/recipes-daemons/postfix/files/install.patch +++ b/meta-networking/recipes-daemons/postfix/files/0002-Change-fixed-postconf-to-a-variable-for-cross-compil.patch @@ -1,4 +1,4 @@ -From 190650e1cd5700cd6950ead3fcb17ebcec192a2e Mon Sep 17 00:00:00 2001 +From cb69ffda0c2cbde6acdc8b01c8d5ff78d81a84fc Mon Sep 17 00:00:00 2001 From: Li xin <lixin.fnst@...> Date: Fri, 19 Jun 2015 17:14:58 +0900 Subject: [PATCH] Change fixed postconf to a variable for cross-compiling @@ -7,14 +7,28 @@ Upstreamstatus: Inappropriate [embedded specific] Signed-off-by: Yao Zhao <yao.zhao@...> --- + Makefile.in | 2 +- postfix-install | 18 ++++++++++-------- - 1 file changed, 10 insertions(+), 8 deletions(-) + 2 files changed, 11 insertions(+), 9 deletions(-) +diff --git a/Makefile.in b/Makefile.in +index 65e7911..40295be 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -22,7 +22,7 @@ META = meta/main.cf.proto meta/master.cf.proto meta/postfix-files \ + EXPAND = sed -e "s;\$${LIB_PREFIX};$(LIB_PREFIX);" \ + -e "s;\$${LIB_SUFFIX};$(LIB_SUFFIX);" + SHLIB_DIR_OVERRIDE = \ +- $${shlib_directory:-`$(SHLIB_ENV) bin/postconf -dhx shlib_directory`} ++ $${shlib_directory:-`$(SHLIB_ENV) $(POSTCONF) -dhx shlib_directory`} + + default: update + diff --git a/postfix-install b/postfix-install -index 1662c3d..d11fa12 100644 +index e498cd3..8049f43 100644 --- a/postfix-install +++ b/postfix-install -@@ -226,8 +226,8 @@ test -z "$non_interactive" -a ! -t 0 && { +@@ -244,8 +244,8 @@ test -z "$non_interactive" -a ! -t 0 && { exit 1 } @@ -25,7 +39,7 @@ index 1662c3d..d11fa12 100644 exit 1 } -@@ -248,7 +248,7 @@ do +@@ -266,7 +266,7 @@ do case "$junk" in *MAIL_VERSION*) case "$mail_version" in @@ -34,7 +48,7 @@ index 1662c3d..d11fa12 100644 esac val=`echo "$junk" | sed 's/MAIL_VERSION$/'"$mail_version/g"` || exit 1 case "$val" in -@@ -434,7 +434,7 @@ template files main.cf.proto and master.cf.proto." +@@ -454,7 +454,7 @@ template files main.cf.proto and master.cf.proto." : ${install_root=/} : ${tempdir=`pwd`} @@ -43,7 +57,7 @@ index 1662c3d..d11fa12 100644 # Find out the location of installed configuration files. -@@ -500,7 +500,7 @@ test -f $CONFIG_DIRECTORY/main.cf && { +@@ -520,7 +520,7 @@ test -f $CONFIG_DIRECTORY/main.cf && { case "$junk" in "") eval unset $name;; esac @@ -52,7 +66,7 @@ index 1662c3d..d11fa12 100644 exit 1 done } -@@ -513,7 +513,7 @@ do +@@ -533,7 +533,7 @@ do case "$junk" in "") eval unset $name;; esac @@ -61,7 +75,7 @@ index 1662c3d..d11fa12 100644 done # Override settings manually. -@@ -639,6 +639,8 @@ README_DIRECTORY=$install_root$readme_directory +@@ -670,6 +670,8 @@ README_DIRECTORY=$install_root$readme_directory SHLIB_DIRECTORY=$install_root$shlib_directory META_DIRECTORY=$install_root$meta_directory @@ -70,16 +84,16 @@ index 1662c3d..d11fa12 100644 # Avoid repeated tests for existence of these; default permissions suffice. test -d $DAEMON_DIRECTORY || mkdir -p $DAEMON_DIRECTORY || exit 1 -@@ -810,7 +812,7 @@ IFS="$BACKUP_IFS" +@@ -841,7 +843,7 @@ IFS="$BACKUP_IFS" # the wrong place when Postfix is being upgraded. case "$mail_version" in -"") mail_version="`bin/postconf -dhx mail_version`" || exit 1 -+"") mail_version="`$POSTCONF -dhx mail_version`" || exit 1 ++"") mail_version="`$POSTCONF -c $CONFIG_DIRECTORY -dhx mail_version`" || exit 1 esac # Undo MAIL_VERSION expansion at the end of a parameter value. If -@@ -830,7 +832,7 @@ do +@@ -861,7 +863,7 @@ do esac done @@ -89,5 +103,5 @@ index 1662c3d..d11fa12 100644 "data_directory = $data_directory" \ "command_directory = $command_directory" \ -- -1.8.4.2 +2.17.1 diff --git a/meta-networking/recipes-daemons/postfix/files/0001-makedefs-Use-native-compiler-to-build-makedefs.test.patch b/meta-networking/recipes-daemons/postfix/files/0003-makedefs-Use-native-compiler-to-build-makedefs.test.patch similarity index 83% rename from meta-networking/recipes-daemons/postfix/files/0001-makedefs-Use-native-compiler-to-build-makedefs.test.patch rename to meta-networking/recipes-daemons/postfix/files/0003-makedefs-Use-native-compiler-to-build-makedefs.test.patch index 763a4a9b9..0fc938e13 100644 --- a/meta-networking/recipes-daemons/postfix/files/0001-makedefs-Use-native-compiler-to-build-makedefs.test.patch +++ b/meta-networking/recipes-daemons/postfix/files/0003-makedefs-Use-native-compiler-to-build-makedefs.test.patch @@ -1,4 +1,4 @@ -From a0d0de10e4c5ab55bc2fa48798079e2876b1211d Mon Sep 17 00:00:00 2001 +From 995bddd9563b1aecca2369f2f9c675f88bdc0053 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@...> Date: Sat, 26 Aug 2017 10:29:37 -0700 Subject: [PATCH] makedefs: Use native compiler to build makedefs.test @@ -11,10 +11,10 @@ Signed-off-by: Khem Raj <raj.khem@...> 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/makedefs b/makedefs -index 9fd4bc2..5ee7747 100644 +index 78e0717..3299eba 100644 --- a/makedefs +++ b/makedefs -@@ -526,7 +526,7 @@ int main(int argc, char **argv) +@@ -551,7 +551,7 @@ int main(int argc, char **argv) exit(0); } EOF @@ -23,7 +23,7 @@ index 9fd4bc2..5ee7747 100644 rm -f makedefs.test makedefs.test.[co] fi;; esac -@@ -762,7 +762,7 @@ int main(int argc, char **argv) +@@ -787,7 +787,7 @@ int main(int argc, char **argv) exit(0); } EOF @@ -32,7 +32,7 @@ index 9fd4bc2..5ee7747 100644 ./makedefs.test 2>/dev/null || CCARGS="$CCARGS -DNO_SIGSETJMP" rm -f makedefs.test makedefs.test.[co] -@@ -796,7 +796,7 @@ int main(int argc, char **argv) +@@ -823,7 +823,7 @@ int main(int argc, char **argv) &error) != 14); } EOF @@ -41,7 +41,7 @@ index 9fd4bc2..5ee7747 100644 $icu_ldflags >/dev/null 2>&1 if ./makedefs.test 2>/dev/null ; then CCARGS="$CCARGS $icu_cppflags" -@@ -911,7 +911,7 @@ int main(void) +@@ -938,7 +938,7 @@ int main(void) exit(ferror(stdout) ? 1 : 0); } EOF @@ -50,7 +50,7 @@ index 9fd4bc2..5ee7747 100644 ./makedefs.test || exit 1 rm -f makedefs.test makedefs.test.[co] } -@@ -1067,7 +1067,7 @@ int main(void) +@@ -1094,7 +1094,7 @@ int main(void) exit(ferror(stdout) ? 1 : 0); } EOF @@ -60,5 +60,5 @@ index 9fd4bc2..5ee7747 100644 rm -f makedefs.test makedefs.test.[co] eval ${parm_name}=\""\$parm_val"\" -- -2.14.1 +2.17.1 diff --git a/meta-networking/recipes-daemons/postfix/files/icu-config.patch b/meta-networking/recipes-daemons/postfix/files/0004-Fix-icu-config.patch similarity index 61% rename from meta-networking/recipes-daemons/postfix/files/icu-config.patch rename to meta-networking/recipes-daemons/postfix/files/0004-Fix-icu-config.patch index 9bd9c2f03..6b4a5f7a0 100644 --- a/meta-networking/recipes-daemons/postfix/files/icu-config.patch +++ b/meta-networking/recipes-daemons/postfix/files/0004-Fix-icu-config.patch @@ -1,3 +1,8 @@ +From afef4a9391e6bb1a6c3e73d370f240577ed8b0dd Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@...> +Date: Sun, 16 Jan 2022 11:21:54 +0800 +Subject: [PATCH] Fix icu config + do not entertain cppflags from icu, this is because icu-config feeds the -I path without sysroot which caused native headers to be included and build is @@ -6,12 +11,15 @@ to the CCARGS which we loose nothing if its not entertained. Signed-off-by: Khem Raj <raj.khem@...> +--- + makedefs | 1 - + 1 file changed, 1 deletion(-) -Index: postfix-3.2.2/makedefs -=================================================================== ---- postfix-3.2.2.orig/makedefs -+++ postfix-3.2.2/makedefs -@@ -799,7 +799,6 @@ EOF +diff --git a/makedefs b/makedefs +index 3299eba..2a76f20 100644 +--- a/makedefs ++++ b/makedefs +@@ -826,7 +826,6 @@ EOF ${BUILD_CC-gcc} -o makedefs.test makedefs.test.c $icu_cppflags \ $icu_ldflags >/dev/null 2>&1 if ./makedefs.test 2>/dev/null ; then @@ -19,3 +27,6 @@ Index: postfix-3.2.2/makedefs SYSLIBS="$SYSLIBS $icu_ldflags" else CCARGS="$CCARGS -DNO_EAI" +-- +2.17.1 + diff --git a/meta-networking/recipes-daemons/postfix/files/0001-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch b/meta-networking/recipes-daemons/postfix/files/0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch similarity index 88% rename from meta-networking/recipes-daemons/postfix/files/0001-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch rename to meta-networking/recipes-daemons/postfix/files/0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch index 565098400..b425cf843 100644 --- a/meta-networking/recipes-daemons/postfix/files/0001-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch +++ b/meta-networking/recipes-daemons/postfix/files/0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch @@ -1,4 +1,4 @@ -From 4caa18feb70f8f3d133657c1250a53f4e292bb42 Mon Sep 17 00:00:00 2001 +From 545d4a79b50caa5698622c0c1905ae154197a16f Mon Sep 17 00:00:00 2001 From: Yi Zhao <yi.zhao@...> Date: Fri, 12 Oct 2018 12:38:02 +0800 Subject: [PATCH] makedefs: add -lnsl and -lresolv to SYSLIBS by default @@ -14,10 +14,10 @@ Signed-off-by: Yi Zhao <yi.zhao@...> 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/makedefs b/makedefs -index 2683bce..8f1b3f4 100644 +index 2a76f20..9d5db9f 100644 --- a/makedefs +++ b/makedefs -@@ -484,16 +484,7 @@ case "$SYSTEM.$RELEASE" in +@@ -506,16 +506,7 @@ case "$SYSTEM.$RELEASE" in SYSLIBS="$SYSLIBS -ldb" ;; esac @@ -35,7 +35,7 @@ index 2683bce..8f1b3f4 100644 # Kernel 2.4 added IPv6 case "$RELEASE" in 2.[0-3].*) CCARGS="$CCARGS -DNO_IPV6";; -@@ -561,16 +552,7 @@ EOF +@@ -583,16 +574,7 @@ EOF SYSLIBS="$SYSLIBS -ldb" ;; esac @@ -54,5 +54,5 @@ index 2683bce..8f1b3f4 100644 : ${SHLIB_SUFFIX=.so} : ${SHLIB_CFLAGS=-fPIC} -- -2.7.4 +2.17.1 diff --git a/meta-networking/recipes-daemons/postfix/files/0007-correct-signature-of-closefrom-API.patch b/meta-networking/recipes-daemons/postfix/files/0006-correct-signature-of-closefrom-API.patch similarity index 97% rename from meta-networking/recipes-daemons/postfix/files/0007-correct-signature-of-closefrom-API.patch rename to meta-networking/recipes-daemons/postfix/files/0006-correct-signature-of-closefrom-API.patch index e583354cc..95ca03b22 100644 --- a/meta-networking/recipes-daemons/postfix/files/0007-correct-signature-of-closefrom-API.patch +++ b/meta-networking/recipes-daemons/postfix/files/0006-correct-signature-of-closefrom-API.patch @@ -1,4 +1,4 @@ -From 1e451ddc15af1a4e19318c8b1ced46c5c41610d3 Mon Sep 17 00:00:00 2001 +From 56bec31c4117fddee3a141bcca6c585aa8ddbbe2 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@...> Date: Wed, 14 Jul 2021 18:08:30 -0700 Subject: [PATCH] correct signature of closefrom() API @@ -99,3 +99,6 @@ index 2e1c953..515de6c 100644 * XXX The (unsigned char) casts in isalnum() etc arguments are unnecessary * because the ISASCII() guard already ensures that the values are * non-negative; the casts are done anyway to shut up chatty compilers. +-- +2.17.1 + diff --git a/meta-networking/recipes-daemons/postfix/files/aliasesdb b/meta-networking/recipes-daemons/postfix/files/aliasesdb old mode 100755 new mode 100644 diff --git a/meta-networking/recipes-daemons/postfix/files/check_hostname.sh b/meta-networking/recipes-daemons/postfix/files/check_hostname.sh old mode 100755 new mode 100644 diff --git a/meta-networking/recipes-daemons/postfix/files/postfix b/meta-networking/recipes-daemons/postfix/files/postfix old mode 100755 new mode 100644 diff --git a/meta-networking/recipes-daemons/postfix/files/postfix-install.patch b/meta-networking/recipes-daemons/postfix/files/postfix-install.patch deleted file mode 100644 index 45479bd52..000000000 --- a/meta-networking/recipes-daemons/postfix/files/postfix-install.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: postfix-3.2.2/postfix-install -=================================================================== ---- postfix-3.2.2.orig/postfix-install -+++ postfix-3.2.2/postfix-install -@@ -843,7 +843,7 @@ IFS="$BACKUP_IFS" - # the wrong place when Postfix is being upgraded. - - case "$mail_version" in --"") mail_version="`$POSTCONF -dhx mail_version`" || exit 1 -+"") mail_version="`$POSTCONF -c $CONFIG_DIRECTORY -dhx mail_version`" || exit 1 - esac - - # Undo MAIL_VERSION expansion at the end of a parameter value. If -Index: postfix-3.2.2/Makefile.in -=================================================================== ---- postfix-3.2.2.orig/Makefile.in -+++ postfix-3.2.2/Makefile.in -@@ -20,7 +20,7 @@ META = meta/main.cf.proto meta/master.cf - EXPAND = sed -e "s;\$${LIB_PREFIX};$(LIB_PREFIX);" \ - -e "s;\$${LIB_SUFFIX};$(LIB_SUFFIX);" - SHLIB_DIR_OVERRIDE = \ -- $${shlib_directory:-`$(SHLIB_ENV) bin/postconf -dhx shlib_directory`} -+ $${shlib_directory:-`$(SHLIB_ENV) $(POSTCONF) -dhx shlib_directory`} - - default: update - diff --git a/meta-networking/recipes-daemons/postfix/postfix_3.6.3.bb b/meta-networking/recipes-daemons/postfix/postfix_3.6.3.bb deleted file mode 100644 index 98005797d..000000000 --- a/meta-networking/recipes-daemons/postfix/postfix_3.6.3.bb +++ /dev/null @@ -1,19 +0,0 @@ -require postfix.inc - -SRC_URI += "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${PV}.tar.gz \ - file://makedefs.patch \ - file://install.patch \ - file://main.cf \ - file://postfix \ - file://internal_recipient \ - file://postfix.service \ - file://aliasesdb \ - file://check_hostname.sh \ - file://0001-makedefs-Use-native-compiler-to-build-makedefs.test.patch \ - file://postfix-install.patch \ - file://icu-config.patch \ - file://0001-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \ - file://0007-correct-signature-of-closefrom-API.patch \ - " -SRC_URI[sha256sum] = "0f1241d456a0158e0c418abf62c52c2ff83f8f1dcf2fbdd4c40765b67789b1bc" -UPSTREAM_CHECK_REGEX = "postfix\-(?P<pver>3\.6(\.\d+)+).tar.gz" diff --git a/meta-networking/recipes-daemons/postfix/postfix_3.6.4.bb b/meta-networking/recipes-daemons/postfix/postfix_3.6.4.bb new file mode 100644 index 000000000..54c8eab5c --- /dev/null +++ b/meta-networking/recipes-daemons/postfix/postfix_3.6.4.bb @@ -0,0 +1,18 @@ +require postfix.inc + +SRC_URI += "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${PV}.tar.gz \ + file://main.cf \ + file://postfix \ + file://internal_recipient \ + file://postfix.service \ + file://aliasesdb \ + file://check_hostname.sh \ + file://0001-Fix-makedefs.patch \ + file://0002-Change-fixed-postconf-to-a-variable-for-cross-compil.patch \ + file://0003-makedefs-Use-native-compiler-to-build-makedefs.test.patch \ + file://0004-Fix-icu-config.patch \ + file://0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \ + file://0006-correct-signature-of-closefrom-API.patch \ + " +SRC_URI[sha256sum] = "8de0619dcf2fa7c215a80cf84b82ab71631d4d4722cba0949725ce3e18031d4e" +UPSTREAM_CHECK_REGEX = "postfix\-(?P<pver>3\.6(\.\d+)+).tar.gz" -- 2.25.1 |
|
|
|
[meta-python][PATCH 7/7] python3-cryptography: upgrade 3.3.2 -> 36.0.1
See https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst#3601---2021-12-14
for changes * Add PSF-2.0 license and explicitly add checksums for the LICENSE files that are packaged. * RDEPENDS on python3-hypothesis (in oe-core) for ptest so we can drop the patch for skipping. * Drop backported patch for openssl3 support. * inherit new setuptools_rust class (which inherits new pyo3 class, which inherits cargo and python3-dir). * RDEPENDS on python3-pytest-subtests for ptest * Copy pyproject.toml for ptest as it defines the pytest.marker(s) needed * Cleanup and alphabetize the RDEPENDS * Use 'cargo bitbake' to generate the crate:// SRC_URIs - Needed some hacks to the Cargo.toml in src/rust/ to make this work (probably only package.repository was strictly required): [package] description = "cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and key derivation functions." homepage = "https://github.com/pyca/cryptography" repository = "https://github.com/pyca/cryptography" * Add patches to src/rust/Cargo.toml to fix cargo errors including pem version * Add check-memfree.py to ptest to check for sufficient free memory Signed-off-by: Tim Orling <tim.orling@...> --- .../0001-Cargo.toml-specify-pem-version.patch | 31 +++++ .../0002-Cargo.toml-edition-2018-2021.patch | 28 ++++ .../python3-cryptography/check-memfree.py | 10 ++ .../python/python3-cryptography/h-test.patch | 10 -- .../python3-cryptography/openssl3.patch | 62 --------- .../python/python3-cryptography/run-ptest | 4 +- .../python/python3-cryptography_3.3.2.bb | 68 ---------- .../python/python3-cryptography_36.0.1.bb | 121 ++++++++++++++++++ 8 files changed, 193 insertions(+), 141 deletions(-) create mode 100644 meta-python/recipes-devtools/python/python3-cryptography/0001-Cargo.toml-specify-pem-version.patch create mode 100644 meta-python/recipes-devtools/python/python3-cryptography/0002-Cargo.toml-edition-2018-2021.patch create mode 100755 meta-python/recipes-devtools/python/python3-cryptography/check-memfree.py delete mode 100644 meta-python/recipes-devtools/python/python3-cryptography/h-test.patch delete mode 100644 meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch delete mode 100644 meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb create mode 100644 meta-python/recipes-devtools/python/python3-cryptography_36.0.1.bb diff --git a/meta-python/recipes-devtools/python/python3-cryptography/0001-Cargo.toml-specify-pem-version.patch b/meta-python/recipes-devtools/python/python3-cryptography/0001-Cargo.toml-specify-pem-version.patch new file mode 100644 index 0000000000..d7ab757bb5 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-cryptography/0001-Cargo.toml-specify-pem-version.patch @@ -0,0 +1,31 @@ +From ec8d3f3c61280c8140b34ed1479baef5e706f064 Mon Sep 17 00:00:00 2001 +From: Tim Orling <tim.orling@...> +Date: Fri, 14 Jan 2022 22:02:25 -0800 +Subject: [PATCH] Cargo.toml: specify pem version + +pem = "1.0" is not resolving, specify the current +pem = { version: "1.0.2"} + +Upstream-Status: Pending + +Signed-off-by: Tim Orling <tim.orling@...> +--- + src/rust/Cargo.toml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml +index 617167d0..174eaa80 100644 +--- a/src/rust/Cargo.toml ++++ b/src/rust/Cargo.toml +@@ -9,7 +9,7 @@ publish = false + lazy_static = "1" + pyo3 = { version = "0.15.1" } + asn1 = { version = "0.8.7", default-features = false, features = ["derive"] } +-pem = "1.0" ++pem = { version = "1.0.2" } + chrono = { version = "0.4", default-features = false, features = ["alloc", "clock"] } + ouroboros = "0.13" + +-- +2.30.2 + diff --git a/meta-python/recipes-devtools/python/python3-cryptography/0002-Cargo.toml-edition-2018-2021.patch b/meta-python/recipes-devtools/python/python3-cryptography/0002-Cargo.toml-edition-2018-2021.patch new file mode 100644 index 0000000000..366e3a4d39 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-cryptography/0002-Cargo.toml-edition-2018-2021.patch @@ -0,0 +1,28 @@ +From 4b73298b214a5b69ea6edf3c2e21dd82b2b29708 Mon Sep 17 00:00:00 2001 +From: Tim Orling <tim.orling@...> +Date: Fri, 14 Jan 2022 22:34:59 -0800 +Subject: [PATCH 2/2] Cargo.toml: edition 2018 -> 2021 + +Upstream-Status: Pending + +Signed-off-by: Tim Orling <tim.orling@...> +--- + src/rust/Cargo.toml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml +index 174eaa80..7ad053d9 100644 +--- a/src/rust/Cargo.toml ++++ b/src/rust/Cargo.toml +@@ -2,7 +2,7 @@ + name = "cryptography-rust" + version = "0.1.0" + authors = ["The cryptography developers <cryptography-dev@...>"] +-edition = "2018" ++edition = "2021" + publish = false + + [dependencies] +-- +2.30.2 + diff --git a/meta-python/recipes-devtools/python/python3-cryptography/check-memfree.py b/meta-python/recipes-devtools/python/python3-cryptography/check-memfree.py new file mode 100755 index 0000000000..c111a9074c --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-cryptography/check-memfree.py @@ -0,0 +1,10 @@ +#!/usr/bin/env python3 +# https://stackoverflow.com/questions/22102999/get-total-physical-memory-in-python/28161352 +import sys +meminfo = dict((i.split()[0].rstrip(':'),int(i.split()[1])) for i in open('/proc/meminfo').readlines()) +mem_free = meminfo['MemTotal']/1024./1024. +if mem_free < 2.: + raise RuntimeError("Insufficient free memory({:.3f}): requires > 2 GB".format(mem_free)) + sys.exit(1) +else: + print("Free memory: {:.3f} GB".format(mem_free)) diff --git a/meta-python/recipes-devtools/python/python3-cryptography/h-test.patch b/meta-python/recipes-devtools/python/python3-cryptography/h-test.patch deleted file mode 100644 index 9f07c73803..0000000000 --- a/meta-python/recipes-devtools/python/python3-cryptography/h-test.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/tests/hypothesis/__init__.py -+++ b/tests/hypothesis/__init__.py -@@ -3,3 +3,7 @@ - # for complete details. - - from __future__ import absolute_import, division, print_function -+ -+import pytest -+hypothesis = pytest.importorskip("hypothesis") -+ diff --git a/meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch b/meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch deleted file mode 100644 index 25baa42cc9..0000000000 --- a/meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch +++ /dev/null @@ -1,62 +0,0 @@ -Encourage our old python3-cryptography to at least start to work with OpenSSL 3. - -- Backport one patch to err.py to remove a symbol which has been removed in - OpenSSL 3, and isn't used in python3-cryptography. - (50ec692749b7e2e62685b443f5e629627b03987e) - -- Backport the detection of OpenSSL 3 and don't link to FIPS_mode/FIPS_mode_set - (parts of f08a7de651f9e6475c8c0a67d2a61ed8b669ddf6) - -This is *not* a complete backport of the 3.0 support, but is enough that packages -such as imgtool can import python3-cryptography and operate until the upgrade is -ready. - -Upstream-Status: Inappropriate -Signed-off-by: Ross Burton <ross.burton@...> - -diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py -index f24bee5a..920a86de 100644 ---- a/src/_cffi_src/openssl/cryptography.py -+++ b/src/_cffi_src/openssl/cryptography.py -@@ -35,6 +35,8 @@ INCLUDES = """ - - #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ - (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) -+#define CRYPTOGRAPHY_OPENSSL_300_OR_GREATER \ -+ (OPENSSL_VERSION_NUMBER >= 0x30000000 && !CRYPTOGRAPHY_IS_LIBRESSL) - - #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \ - (OPENSSL_VERSION_NUMBER < 0x101000af || CRYPTOGRAPHY_IS_LIBRESSL) -@@ -54,6 +56,7 @@ INCLUDES = """ - - TYPES = """ - static const int CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER; -+static const int CRYPTOGRAPHY_OPENSSL_300_OR_GREATER; - - static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111; - static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B; -diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py -index 0dd74146..42bab4d9 100644 ---- a/src/_cffi_src/openssl/err.py -+++ b/src/_cffi_src/openssl/err.py -@@ -40,7 +40,6 @@ void ERR_clear_error(void); - void ERR_put_error(int, int, int, const char *, int); - - int ERR_GET_LIB(unsigned long); --int ERR_GET_FUNC(unsigned long); - int ERR_GET_REASON(unsigned long); - - """ -diff --git a/src/_cffi_src/openssl/fips.py b/src/_cffi_src/openssl/fips.py -index c92bca49..38bfa231 100644 ---- a/src/_cffi_src/openssl/fips.py -+++ b/src/_cffi_src/openssl/fips.py -@@ -18,7 +18,7 @@ int FIPS_mode(void); - """ - - CUSTOMIZATIONS = """ --#if CRYPTOGRAPHY_IS_LIBRESSL -+#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_OPENSSL_300_OR_GREATER - static const long Cryptography_HAS_FIPS = 0; - int (*FIPS_mode_set)(int) = NULL; - int (*FIPS_mode)(void) = NULL; diff --git a/meta-python/recipes-devtools/python/python3-cryptography/run-ptest b/meta-python/recipes-devtools/python/python3-cryptography/run-ptest index 0ba239c2a4..1e97dda63e 100644 --- a/meta-python/recipes-devtools/python/python3-cryptography/run-ptest +++ b/meta-python/recipes-devtools/python/python3-cryptography/run-ptest @@ -1,2 +1,4 @@ #!/bin/sh -py.test +if ./check-memfree.py; then + pytest -vvvv tests/ +fi diff --git a/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb b/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb deleted file mode 100644 index a4c3344278..0000000000 --- a/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb +++ /dev/null @@ -1,68 +0,0 @@ -SUMMARY = "Provides cryptographic recipes and primitives to python developers" -HOMEPAGE = "https://cryptography.io/" -SECTION = "devel/python" -LICENSE = "Apache-2.0 | BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=bf405a8056a6647e7d077b0e7bc36aba \ - file://LICENSE.APACHE;md5=4e168cce331e5c827d4c2b68a6200e1b \ - file://LICENSE.BSD;md5=5ae30ba4123bc4f2fa49aa0b0dce887b" - -LDSHARED += "-pthread" - -SRC_URI[sha256sum] = "5a60d3780149e13b7a6ff7ad6526b38846354d11a15e21068e57073e29e19bed" - -SRC_URI += " \ - file://run-ptest \ - file://h-test.patch \ - file://openssl3.patch \ -" - -inherit pypi setuptools3 - -DEPENDS += " \ - ${PYTHON_PN}-cffi \ - ${PYTHON_PN}-cffi-native \ - ${PYTHON_PN}-asn1crypto \ - ${PYTHON_PN}-six \ -" - -RDEPENDS:${PN} += " \ - ${PYTHON_PN}-cffi \ - ${PYTHON_PN}-idna \ - ${PYTHON_PN}-asn1crypto \ - ${PYTHON_PN}-setuptools \ - ${PYTHON_PN}-six \ -" - -RDEPENDS:${PN}:class-target += " \ - ${PYTHON_PN}-cffi \ - ${PYTHON_PN}-idna \ - ${PYTHON_PN}-numbers \ - ${PYTHON_PN}-asn1crypto \ - ${PYTHON_PN}-setuptools \ - ${PYTHON_PN}-six \ - ${PYTHON_PN}-threading \ -" - -RDEPENDS:${PN}-ptest += " \ - ${PN} \ - ${PYTHON_PN}-cryptography-vectors \ - ${PYTHON_PN}-iso8601 \ - ${PYTHON_PN}-pretend \ - ${PYTHON_PN}-pytest \ - ${PYTHON_PN}-pytz \ -" - -inherit ptest - -do_install_ptest() { - install -d ${D}${PTEST_PATH}/tests - cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/ - install -d ${D}${PTEST_PATH}/tests/hazmat - cp -rf ${S}/tests/hazmat/* ${D}${PTEST_PATH}/tests/hazmat/ -} - -FILES:${PN}-dbg += " \ - ${libdir}/${PYTHON_PN}2.7/site-packages/${SRCNAME}/hazmat/bindings/.debug \ -" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-python/recipes-devtools/python/python3-cryptography_36.0.1.bb b/meta-python/recipes-devtools/python/python3-cryptography_36.0.1.bb new file mode 100644 index 0000000000..abb15381f5 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-cryptography_36.0.1.bb @@ -0,0 +1,121 @@ +SUMMARY = "Provides cryptographic recipes and primitives to python developers" +HOMEPAGE = "https://cryptography.io/" +SECTION = "devel/python" +LICENSE = "( Apache-2.0 | BSD-3-Clause ) & PSF-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=bf405a8056a6647e7d077b0e7bc36aba \ + file://LICENSE.APACHE;md5=4e168cce331e5c827d4c2b68a6200e1b \ + file://LICENSE.BSD;md5=5ae30ba4123bc4f2fa49aa0b0dce887b \ + file://LICENSE.PSF;md5=43c37d21e1dbad10cddcd150ba2c0595 \ + " +LDSHARED += "-pthread" + +SRC_URI[sha256sum] = "53e5c1dc3d7a953de055d77bef2ff607ceef7a2aac0353b5d630ab67f7423638" + +SRC_URI += " \ + file://run-ptest \ + file://check-memfree.py \ + file://0001-Cargo.toml-specify-pem-version.patch \ + file://0002-Cargo.toml-edition-2018-2021.patch \ +" + +inherit pypi setuptools3_rust + +DEPENDS += " \ + ${PYTHON_PN}-asn1crypto-native \ + ${PYTHON_PN}-cffi-native \ + ${PYTHON_PN}-setuptools-rust-native \ + ${PYTHON_PN}-six-native \ +" + +SRC_URI += " \ + crate://crates.io/Inflector/0.11.4 \ + crate://crates.io/aliasable/0.1.3 \ + crate://crates.io/asn1/0.8.7 \ + crate://crates.io/asn1_derive/0.8.7 \ + crate://crates.io/autocfg/1.0.1 \ + crate://crates.io/base64/0.13.0 \ + crate://crates.io/bitflags/1.3.2 \ + crate://crates.io/cfg-if/1.0.0 \ + crate://crates.io/chrono/0.4.19 \ + crate://crates.io/indoc-impl/0.3.6 \ + crate://crates.io/indoc/0.3.6 \ + crate://crates.io/instant/0.1.12 \ + crate://crates.io/lazy_static/1.4.0 \ + crate://crates.io/libc/0.2.112 \ + crate://crates.io/lock_api/0.4.5 \ + crate://crates.io/num-integer/0.1.44 \ + crate://crates.io/num-traits/0.2.14 \ + crate://crates.io/once_cell/1.9.0 \ + crate://crates.io/ouroboros/0.13.0 \ + crate://crates.io/ouroboros_macro/0.13.0 \ + crate://crates.io/parking_lot/0.11.2 \ + crate://crates.io/parking_lot_core/0.8.5 \ + crate://crates.io/paste-impl/0.1.18 \ + crate://crates.io/paste/0.1.18 \ + crate://crates.io/pem/1.0.2 \ + crate://crates.io/proc-macro-error-attr/1.0.4 \ + crate://crates.io/proc-macro-error/1.0.4 \ + crate://crates.io/proc-macro-hack/0.5.19 \ + crate://crates.io/proc-macro2/1.0.36 \ + crate://crates.io/pyo3-build-config/0.15.1 \ + crate://crates.io/pyo3-macros-backend/0.15.1 \ + crate://crates.io/pyo3-macros/0.15.1 \ + crate://crates.io/pyo3/0.15.1 \ + crate://crates.io/quote/1.0.14 \ + crate://crates.io/redox_syscall/0.2.10 \ + crate://crates.io/scopeguard/1.1.0 \ + crate://crates.io/smallvec/1.7.0 \ + crate://crates.io/stable_deref_trait/1.2.0 \ + crate://crates.io/syn/1.0.85 \ + crate://crates.io/unicode-xid/0.2.2 \ + crate://crates.io/unindent/0.1.7 \ + crate://crates.io/version_check/0.9.4 \ + crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \ + crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \ + crate://crates.io/winapi/0.3.9 \ +" + +RDEPENDS:${PN} += " \ + ${PYTHON_PN}-asn1crypto \ + ${PYTHON_PN}-cffi \ + ${PYTHON_PN}-idna \ + ${PYTHON_PN}-setuptools \ + ${PYTHON_PN}-six \ +" + +RDEPENDS:${PN}:append:class-target = " \ + ${PYTHON_PN}-numbers \ + ${PYTHON_PN}-threading \ +" + +RDEPENDS:${PN}-ptest += " \ + ${PYTHON_PN}-bcrypt \ + ${PYTHON_PN}-cryptography-vectors \ + ${PYTHON_PN}-hypothesis \ + ${PYTHON_PN}-iso8601 \ + ${PYTHON_PN}-pretend \ + ${PYTHON_PN}-psutil \ + ${PYTHON_PN}-pytest \ + ${PYTHON_PN}-pytest-subtests \ + ${PYTHON_PN}-pytz \ +" + +inherit ptest + +do_install_ptest() { + install -D ${WORKDIR}/check-memfree.py ${D}${PTEST_PATH}/ + install -d ${D}${PTEST_PATH}/tests + cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/ + install -d ${D}${PTEST_PATH}/tests/hazmat + cp -rf ${S}/tests/hazmat/* ${D}${PTEST_PATH}/tests/hazmat/ + cp -r ${S}/pyproject.toml ${D}${PTEST_PATH}/ +} + +FILES:${PN}-ptest += " \ + ${PTEST_PATH}/check-memfree.py \ +" +FILES:${PN}-dbg += " \ + ${PYTHON_SITEPACKAGES_DIR}/${SRCNAME}/hazmat/bindings/.debug \ +" + +BBCLASSEXTEND = "native nativesdk" -- 2.30.2 |
|
|
|
[meta-python][PATCH 6/7] python3-cryptography-vectors: upgrade 35.0.0 => 36.0.1
Add note to remind contributors to keep this recipe in lock-step with
python3-cryptography. They must be at the same version. 5bd0c10d allow parsing of nonstandard country name and jurisdiction country name (#6641) 78c2dd8a add AES SIV vectors (#6608) c451c1df add AES OCB3 test vectors (#6606) 4da2a681 Allow parsing CSR extensions with the critical bit having an explicitly encoded default (#6600) bb05d4b5 allow multiple identical pem blocks (#6551) f4871a21 add accvraiz1 bmpstring test vector (#6503) 667e7a5f Add new PKCS12 test vectors (#6383) 703de3af Accept combined PEM files with multiple sections (#6365) 51221b2c support legacy PEM headers for certificate and CSR (#6356) Signed-off-by: Tim Orling <tim.orling@...> --- ...tors_35.0.0.bb => python3-cryptography-vectors_36.0.1.bb} | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-cryptography-vectors_35.0.0.bb => python3-cryptography-vectors_36.0.1.bb} (72%) diff --git a/meta-python/recipes-devtools/python/python3-cryptography-vectors_35.0.0.bb b/meta-python/recipes-devtools/python/python3-cryptography-vectors_36.0.1.bb similarity index 72% rename from meta-python/recipes-devtools/python/python3-cryptography-vectors_35.0.0.bb rename to meta-python/recipes-devtools/python/python3-cryptography-vectors_36.0.1.bb index c0ab9c85c1..b9e6b811c3 100644 --- a/meta-python/recipes-devtools/python/python3-cryptography-vectors_35.0.0.bb +++ b/meta-python/recipes-devtools/python/python3-cryptography-vectors_36.0.1.bb @@ -6,7 +6,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \ file://LICENSE.APACHE;md5=4e168cce331e5c827d4c2b68a6200e1b \ file://LICENSE.BSD;md5=5ae30ba4123bc4f2fa49aa0b0dce887b" -SRC_URI[sha256sum] = "978ad96822c0e007a0a3d8187eb0eafbd9eb1d67b50cfac70277175e74957bfc" +# NOTE: Make sure to keep this recipe at the same version as python3-cryptography +# Upgrade both recipes at the same time + +SRC_URI[sha256sum] = "fc8490afd5424342b868215435bd174dcd76ab396b4ea9435498be5721dcd598" PYPI_PACKAGE = "cryptography_vectors" -- 2.30.2 |
|
|
|
[meta-python][PATCH 5/7] python3-pytest-subtests: upgrade 0.5.0 -> 0.6.0
0.6.0 (2022-01-15)
* pytest>=6.0 is now required. * Added official support for Python 3.10. * Dropped support for Python 3.5. * Users no longer need to configure a warnings filter for the internal A private pytest class or function was used pytest warning (#52). * Experimental: Use SUBPASS and , for passed subtests instead of general PASSED, SUBFAIL and u for failed ones instead of FAILED (#30). References: https://github.com/pytest-dev/pytest-subtests/pull/52 https://github.com/pytest-dev/pytest-subtests/pull/30 Signed-off-by: Tim Orling <tim.orling@...> --- .../python/python3-pytest-subtests_0.5.0.bb | 16 --------------- .../python/python3-pytest-subtests_0.6.0.bb | 20 +++++++++++++++++++ 2 files changed, 20 insertions(+), 16 deletions(-) delete mode 100644 meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb create mode 100644 meta-python/recipes-devtools/python/python3-pytest-subtests_0.6.0.bb diff --git a/meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb b/meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb deleted file mode 100644 index 2e03512bde..0000000000 --- a/meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb +++ /dev/null @@ -1,16 +0,0 @@ -DESCRIPTION = "unittest subTest() support and subtests fixture." - -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=242b4e17fa287dcf7aef372f6bc3dcb1" - -SRC_URI[sha256sum] = "5bd1e4bf0eda4c89a6cd42b0ee28e1d2ca0848de3fd67ad8cdd6d559ed00f120" - -inherit pypi setuptools3 - -DEPENDS += "${PYTHON_PN}-setuptools-scm-native" - -RDEPENDS:${PN} += " \ - ${PYTHON_PN}-pytest \ -" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-python/recipes-devtools/python/python3-pytest-subtests_0.6.0.bb b/meta-python/recipes-devtools/python/python3-pytest-subtests_0.6.0.bb new file mode 100644 index 0000000000..5e4847b8d9 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-pytest-subtests_0.6.0.bb @@ -0,0 +1,20 @@ +SUMMARY = "unittest subTest() support and subtests fixture." +DESCRIPTION = "Adds support for TestCase.subTest.\ +New subtests fixture, providing similar functionality for pure pytest tests." +HOMEPAGE = "https://github.com/pytest-dev/pytest-subtests" +BUGTRACKER = "https://github.com/pytest-dev/pytest-subtests/issues" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=242b4e17fa287dcf7aef372f6bc3dcb1" + +SRC_URI[sha256sum] = "3ebd306a8dcf75133f1742f288c82f36426ebcf8a132d4ee89782d20e84fc13a" + +inherit pypi setuptools3 + +DEPENDS += "${PYTHON_PN}-setuptools-scm-native" + +RDEPENDS:${PN} += " \ + ${PYTHON_PN}-pytest \ +" + +BBCLASSEXTEND = "native nativesdk" -- 2.30.2 |
|
|
|
[meta-python][PATCH 4/7] python3-pyruvate: add recipe for v1.1.2
Pyruvate is a reasonably fast, multithreaded, non-blocking WSGI server
implemented in Rust. This recipe uses the new setuptools3_rust and pyo3 classes. Signed-off-by: Tim Orling <tim.orling@...> --- .../python/python3-pyruvate_1.1.2.bb | 119 ++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-pyruvate_1.1.2.bb diff --git a/meta-python/recipes-devtools/python/python3-pyruvate_1.1.2.bb b/meta-python/recipes-devtools/python/python3-pyruvate_1.1.2.bb new file mode 100644 index 0000000000..835cf9a93d --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-pyruvate_1.1.2.bb @@ -0,0 +1,119 @@ +SUMMARY = "WSGI server implemented in Rust." +DESCRIPTION = "Pyruvate is a reasonably fast, multithreaded, non-blocking \ +WSGI server implemented in Rust." +HOMEPAGE = "https://gitlab.com/tschorr/pyruvate" +BUGTRACKER = "https://gitlab.com/tschorr/pyruvate/-/issues" + +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://LICENSE;md5=051b48e640a6e2d795eac75542d9417c \ + file://LICENSE.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +SRC_URI[sha256sum] = "10befedd97e73fc18b902d02aa3b24e8978aa162242c1b664849c886c0675899" + +S = "${WORKDIR}/pyruvate-${PV}" + +inherit pypi setuptools3_rust + +SRC_URI += " \ + crate://crates.io/aho-corasick/0.7.18 \ + crate://crates.io/atty/0.2.14 \ + crate://crates.io/autocfg/1.0.1 \ + crate://crates.io/bitflags/1.3.2 \ + crate://crates.io/block-buffer/0.9.0 \ + crate://crates.io/cc/1.0.72 \ + crate://crates.io/cfg-if/1.0.0 \ + crate://crates.io/chrono/0.4.19 \ + crate://crates.io/cpufeatures/0.2.1 \ + crate://crates.io/cpython/0.7.0 \ + crate://crates.io/crossbeam-channel/0.5.2 \ + crate://crates.io/crossbeam-deque/0.8.1 \ + crate://crates.io/crossbeam-epoch/0.9.6 \ + crate://crates.io/crossbeam-queue/0.3.3 \ + crate://crates.io/crossbeam-utils/0.8.6 \ + crate://crates.io/crossbeam/0.8.1 \ + crate://crates.io/crypto-mac/0.11.1 \ + crate://crates.io/ctrlc/3.2.1 \ + crate://crates.io/digest/0.9.0 \ + crate://crates.io/encoding-index-japanese/1.20141219.5 \ + crate://crates.io/encoding-index-korean/1.20141219.5 \ + crate://crates.io/encoding-index-simpchinese/1.20141219.5 \ + crate://crates.io/encoding-index-singlebyte/1.20141219.5 \ + crate://crates.io/encoding-index-tradchinese/1.20141219.5 \ + crate://crates.io/encoding/0.2.33 \ + crate://crates.io/encoding_index_tests/0.1.4 \ + crate://crates.io/env_logger/0.9.0 \ + crate://crates.io/errno-dragonfly/0.1.2 \ + crate://crates.io/errno/0.2.8 \ + crate://crates.io/fastrand/1.6.0 \ + crate://crates.io/generic-array/0.14.5 \ + crate://crates.io/getrandom/0.2.3 \ + crate://crates.io/hermit-abi/0.1.19 \ + crate://crates.io/hmac/0.11.0 \ + crate://crates.io/httparse/1.5.1 \ + crate://crates.io/humantime/2.1.0 \ + crate://crates.io/instant/0.1.12 \ + crate://crates.io/lazy_static/1.4.0 \ + crate://crates.io/libc/0.2.112 \ + crate://crates.io/libsystemd/0.4.1 \ + crate://crates.io/log/0.4.14 \ + crate://crates.io/memchr/2.4.1 \ + crate://crates.io/memoffset/0.6.5 \ + crate://crates.io/mio/0.8.0 \ + crate://crates.io/miow/0.3.7 \ + crate://crates.io/nix/0.23.1 \ + crate://crates.io/ntapi/0.3.6 \ + crate://crates.io/num-integer/0.1.44 \ + crate://crates.io/num-traits/0.2.14 \ + crate://crates.io/num_cpus/1.13.1 \ + crate://crates.io/once_cell/1.9.0 \ + crate://crates.io/opaque-debug/0.3.0 \ + crate://crates.io/paste/1.0.6 \ + crate://crates.io/ppv-lite86/0.2.16 \ + crate://crates.io/proc-macro2/1.0.36 \ + crate://crates.io/python3-sys/0.7.0 \ + crate://crates.io/quote/1.0.14 \ + crate://crates.io/rand/0.8.4 \ + crate://crates.io/rand_chacha/0.3.1 \ + crate://crates.io/rand_core/0.6.3 \ + crate://crates.io/rand_hc/0.3.1 \ + crate://crates.io/redox_syscall/0.2.10 \ + crate://crates.io/regex-syntax/0.6.25 \ + crate://crates.io/regex/1.5.4 \ + crate://crates.io/remove_dir_all/0.5.3 \ + crate://crates.io/scopeguard/1.1.0 \ + crate://crates.io/serde/1.0.133 \ + crate://crates.io/serde_derive/1.0.133 \ + crate://crates.io/sha2/0.9.9 \ + crate://crates.io/simplelog/0.11.1 \ + crate://crates.io/spmc/0.3.0 \ + crate://crates.io/subtle/2.4.1 \ + crate://crates.io/syn/1.0.85 \ + crate://crates.io/tempfile/3.3.0 \ + crate://crates.io/termcolor/1.1.2 \ + crate://crates.io/thiserror-impl/1.0.30 \ + crate://crates.io/thiserror/1.0.30 \ + crate://crates.io/threadpool/1.8.1 \ + crate://crates.io/time/0.1.44 \ + crate://crates.io/typenum/1.15.0 \ + crate://crates.io/unicode-xid/0.2.2 \ + crate://crates.io/urlencoding/2.1.0 \ + crate://crates.io/uuid/0.8.2 \ + crate://crates.io/version_check/0.9.4 \ + crate://crates.io/wasi/0.10.0+wasi-snapshot-preview1 \ + crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \ + crate://crates.io/winapi-util/0.1.5 \ + crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \ + crate://crates.io/winapi/0.3.9 \ +" + +# The following configs & dependencies are from setuptools extras_require. +# These dependencies are optional, hence can be controlled via PACKAGECONFIG. +# The upstream names may not correspond exactly to bitbake package names. +# +# Uncomment this line to enable all the optional features. +#PACKAGECONFIG ?= "test" +PACKAGECONFIG[test] = ",,,python3-pytest python3-requests" + +# WARNING: the following rdepends are determined through basic analysis of the +# python sources, and might not be 100% accurate. +RDEPENDS:${PN} += "python3-core" -- 2.30.2 |
|
|
|
[meta-python][PATCH 3/7] setuptools3_rust.bbclass: setuptoools Rust plugin
setuptools-rust is a plugin for setuptools to build Rust Python extensions
implemented with PyO3 or rust-cpython. Compile and distribute Python extensions written in Rust as easily as if they were written in C. This class inherits pyo3.bbclass (and therefore cargo.bbclass) and setuptools3.bbclass to make it easier to build Python modules with Rust extensions. Need to call pyo3_do_configure to properly setup the PyO3 environment for cross-compiling. Need to call cargo_common_do_configure to setup cargo_home/config so that the linker properly finds e.g. crti.o and crtbeginS.o It is strongly recommended to provide crates needed for your recipe using the crate:// fetcher. This can be helped with the cargo-bitbake command [1]. If you choose not to use the crate fetcher, bitbake vendoring will not work with setuptools-rust, as it errors out immediately because it cannot find pyo3 or some other crate. The (strongly discouraged) workaround for this is to set: CARGO_DISABLE_BITBAKE_VENDORING = "1" [1] https://crates.io/crates/cargo-bitbake Signed-off-by: Tim Orling <tim.orling@...> --- meta-python/classes/setuptools3_rust.bbclass | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 meta-python/classes/setuptools3_rust.bbclass diff --git a/meta-python/classes/setuptools3_rust.bbclass b/meta-python/classes/setuptools3_rust.bbclass new file mode 100644 index 0000000000..fb11f08f89 --- /dev/null +++ b/meta-python/classes/setuptools3_rust.bbclass @@ -0,0 +1,11 @@ +inherit pyo3 setuptools3 + +DEPENDS += "python3-setuptools-rust-native" + +setuptools3_rust_do_configure() { + pyo3_do_configure + cargo_common_do_configure + setuptools3_do_configure +} + +EXPORT_FUNCTIONS do_configure -- 2.30.2 |
|
|
|
[meta-python][PATCH 2/7] pyo3.bbclass: add class for PyO3 cross-compilation
PyO3 provides Rust bindings for Python, including tools for creating native
Python extension modules. Running and interacting with Python code from a Rust binary is also supported. This class sets up the cross-compilation environment. Export PYO3_CROSS, PYO3_CROSS_LIB_DIR, PYO3_CROSS_INCLUDE_DIR and CARGO_BUILD_TARGET to inform tools like setuptools-rust we are cross-compiling. Export RUSTFLAGS so cargo can find 'std' and 'core' for target Dynamically generate PyO3 config file and export PYO3_CONFIG_FILE absolute path. This is the trick that finally made pyo3 work. Signed-off-by: Tim Orling <tim.orling@...> --- meta-python/classes/pyo3.bbclass | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 meta-python/classes/pyo3.bbclass diff --git a/meta-python/classes/pyo3.bbclass b/meta-python/classes/pyo3.bbclass new file mode 100644 index 0000000000..4bae0949e5 --- /dev/null +++ b/meta-python/classes/pyo3.bbclass @@ -0,0 +1,30 @@ +# +# This class helps make sure that Python extensions built with PyO3 +# and setuptools_rust properly set up the environment for cross compilation +# + +inherit cargo python3-dir siteinfo + +export PYO3_CROSS="1" +export PYO3_CROSS_PYTHON_VERSION="${PYTHON_BASEVERSION}" +export PYO3_CROSS_LIB_DIR="${STAGING_LIBDIR}" +export CARGO_BUILD_TARGET="${HOST_SYS}" +export RUSTFLAGS +export PYO3_PYTHON="${PYTHON}" +export PYO3_CONFIG_FILE="${WORKDIR}/pyo3.config" + +pyo3_do_configure () { + cat > ${WORKDIR}/pyo3.config << EOF +implementation=CPython +version=${PYTHON_BASEVERSION} +shared=true +abi3=false +lib_name=${PYTHON_DIR} +lib_dir=${STAGING_LIBDIR} +pointer_width=${SITEINFO_BITS} +build_flags=WITH_THREAD +suppress_build_script_link_lines=false +EOF +} + +EXPORT_FUNCTIONS do_configure -- 2.30.2 |
|
|
|
[meta-python][PATCH 1/7] python3-setuptools-rust-native: add v1.1.2 recipe
Dependency for python3-cryptography 3.4.x+
Only native rustc is supported at this time in oe-core, therefore it makes no sense to try to build for target. Signed-off-by: Tim Orling <tim.orling@...> --- .../python3-setuptools-rust-native_1.1.2.bb | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-setuptools-rust-native_1.1.2.bb diff --git a/meta-python/recipes-devtools/python/python3-setuptools-rust-native_1.1.2.bb b/meta-python/recipes-devtools/python/python3-setuptools-rust-native_1.1.2.bb new file mode 100644 index 0000000000..34ff91241f --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-setuptools-rust-native_1.1.2.bb @@ -0,0 +1,26 @@ +SUMMARY = "Setuptools Rust extension plugin" +DESCRIPTION = "setuptools-rust is a plugin for setuptools to build Rust \ +Python extensions implemented with PyO3 or rust-cpython.\ +\ +Compile and distribute Python extensions written in Rust as easily as if they were written in C." +HOMEPAGE = "https://github.com/PyO3/setuptools-rust" +BUGTRACKER = "https://github.com/PyO3/setuptools-rust/issues" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=011cd92e702dd9e6b1a26157b6fd53f5" + +SRC_URI = "https://files.pythonhosted.org/packages/67/08/e1aa2c582c62ac76e4d60f8e454bd3bba933781a06a88b4e38797445822a/setuptools-rust-${PV}.tar.gz" +SRC_URI[sha256sum] = "a0adb9b503c0ffc4e8fe80b7c617898cefa78049983aaaea7f747e153a3e65d1" + +inherit cargo pypi setuptools3 native + +DEPENDS += "python3-setuptools-scm-native python3-wheel-native" + +RDEPENDS:${PN}:class-native += " \ + python3-semantic-version-native \ + python3-setuptools-native \ + python3-setuptools-scm-native \ + python3-toml-native \ + python3-typing-extensions-native \ + python3-wheel-native \ +" -- 2.30.2 |
|
|
|
[meta-python][PATCH 0/7] setuptools-rust and python3-cryptography
This series upgrades python3-cryptography from the last version to be
purely Python/C extensions (3.3.2) to the latest version which also includes Rust extensions (36.0.1). This has been tested (including full ptest runs) on: - qemux86-64 - qemux86-musl - qemuarm64 The test cases require an absolute minimum of 1 GB of free memory according to the documentation, but in practice it was more performant to have 2 GB of free memory. For this reason a check-memfree.py test is added to run-ptest to avoid OOM/Exit code 9 in the ptest-runner. The test cases were run with: runqemu nographic slirp qemuparams="-m 2176 -smp 4" On x86-64 with kvm this takes about 5 minutes. The results are 2856+/-2 passed, 1654+/-2 skipped. Of the skipped tests 1600 of them are because of unsupported "counter location middle_fixed" in https://github.com/pyca/cryptography/pull/2773. A further ~35 test cases are skipped because of not setting --wychefproof-root, but even when the Google wychefproof repository is cloned and the option is set, it adds another ~5000 skipped test cases: https://git.openembedded.org/meta-openembedded-contrib/commit/?h=timo/wip-python3-cryptography-ptest&id=fff4da6e70c97265e17a82f1d043ab16039d510e Upstream uses python3-pytest-xdist to parallize test cases (and python3-pytest-shard to distribute amongst workers), but this uses stdin/stdout and therefore we have no output to ptest-runner. This series introduces two helper classes pyo3.bbclass and setuptools_rust.bbclass for Python/Rust projects. The setuptools_rust.bbclass wraps PyO3, Cargo and the newly added python3-setuptools-rust-native recipe. Since oe-core only supports native rustc at this time, only a native recipe is provided. To demonstrate that these classes are applicable to multiple recipes, we also introduce python3-pyruvate, a WSGI implementation in Rust. While we are at it we upgrade python3-pytest-subtests from 0.5.0 to 0.6.0. The following changes since commit df5c1a31fdb8325d1c514f9ed8a7b3805dc581ac: python3-diskcache: Upgrade 5.3.0 -> 5.4.0 (2022-01-10 10:35:02 -0800) are available in the Git repository at: git://git.openembedded.org/meta-openembedded-contrib timo/python3-cryptography_36.0.1 http://cgit.openembedded.org/meta-openembedded-contrib/log/?h=timo/python3-cryptography_36.0.1 Tim Orling (7): python3-setuptools-rust-native: add v1.1.2 recipe pyo3.bbclass: add class for PyO3 cross-compilation setuptools3_rust.bbclass: setuptoools Rust plugin python3-pyruvate: add recipe for v1.1.2 python3-pytest-subtests: upgrade 0.5.0 -> 0.6.0 python3-cryptography-vectors: upgrade 35.0.0 => 36.0.1 python3-cryptography: upgrade 3.3.2 -> 36.0.1 meta-python/classes/pyo3.bbclass | 30 +++++ meta-python/classes/setuptools3_rust.bbclass | 11 ++ ...=> python3-cryptography-vectors_36.0.1.bb} | 5 +- .../0001-Cargo.toml-specify-pem-version.patch | 31 +++++ .../0002-Cargo.toml-edition-2018-2021.patch | 28 ++++ .../python3-cryptography/check-memfree.py | 10 ++ .../python/python3-cryptography/h-test.patch | 10 -- .../python3-cryptography/openssl3.patch | 62 --------- .../python/python3-cryptography/run-ptest | 4 +- .../python/python3-cryptography_3.3.2.bb | 68 ---------- .../python/python3-cryptography_36.0.1.bb | 121 ++++++++++++++++++ .../python/python3-pyruvate_1.1.2.bb | 119 +++++++++++++++++ .../python/python3-pytest-subtests_0.5.0.bb | 16 --- .../python/python3-pytest-subtests_0.6.0.bb | 20 +++ .../python3-setuptools-rust-native_1.1.2.bb | 26 ++++ 15 files changed, 403 insertions(+), 158 deletions(-) create mode 100644 meta-python/classes/pyo3.bbclass create mode 100644 meta-python/classes/setuptools3_rust.bbclass rename meta-python/recipes-devtools/python/{python3-cryptography-vectors_35.0.0.bb => python3-cryptography-vectors_36.0.1.bb} (72%) create mode 100644 meta-python/recipes-devtools/python/python3-cryptography/0001-Cargo.toml-specify-pem-version.patch create mode 100644 meta-python/recipes-devtools/python/python3-cryptography/0002-Cargo.toml-edition-2018-2021.patch create mode 100755 meta-python/recipes-devtools/python/python3-cryptography/check-memfree.py delete mode 100644 meta-python/recipes-devtools/python/python3-cryptography/h-test.patch delete mode 100644 meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch delete mode 100644 meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb create mode 100644 meta-python/recipes-devtools/python/python3-cryptography_36.0.1.bb create mode 100644 meta-python/recipes-devtools/python/python3-pyruvate_1.1.2.bb delete mode 100644 meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb create mode 100644 meta-python/recipes-devtools/python/python3-pytest-subtests_0.6.0.bb create mode 100644 meta-python/recipes-devtools/python/python3-setuptools-rust-native_1.1.2.bb -- 2.30.2 |
|
|
|
[meta-oe][hardknott][PATCH] postgresql: Update to 13.5
Robert Joslyn
This is a security and bugfix release. With this update, the backported
patches for CVE-2021-2314 and CVE-2021-23222 are no longer needed. Full release notes are available at: https://www.postgresql.org/docs/release/13.5/ Signed-off-by: Robert Joslyn <robert.joslyn@...> --- .../files/0001-Add-support-for-RISC-V.patch | 10 +- ...n-bypass-autoconf-2.69-version-check.patch | 2 +- .../postgresql/files/CVE-2021-23214.patch | 116 ---------------- .../postgresql/files/CVE-2021-23222.patch | 131 ------------------ ...{postgresql_13.4.bb => postgresql_13.5.bb} | 4 +- 5 files changed, 8 insertions(+), 255 deletions(-) delete mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch delete mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch rename meta-oe/recipes-dbs/postgresql/{postgresql_13.4.bb => postgresql_13.5.bb} (67%) diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch index 0dc6ece6d..5c65e6185 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch @@ -1,4 +1,4 @@ -From b06a228a5fd1589fc9bed654b3288b321fc21aa1 Mon Sep 17 00:00:00 2001 +From 0b60fe3c39b2f62f9867d955da82d9d20c42d028 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" <rjones@...> Date: Sun, 20 Nov 2016 15:04:52 +0000 Subject: [PATCH] Add support for RISC-V. @@ -9,9 +9,11 @@ extending the existing aarch64 macro works. src/include/storage/s_lock.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) +diff --git a/src/include/storage/s_lock.h b/src/include/storage/s_lock.h +index 6b368a5..f7d3387 100644 --- a/src/include/storage/s_lock.h +++ b/src/include/storage/s_lock.h -@@ -316,11 +316,12 @@ tas(volatile slock_t *lock) +@@ -317,11 +317,12 @@ tas(volatile slock_t *lock) /* * On ARM and ARM64, we use __sync_lock_test_and_set(int *, int) if available. @@ -25,7 +27,7 @@ extending the existing aarch64 macro works. #ifdef HAVE_GCC__SYNC_INT32_TAS #define HAS_TEST_AND_SET -@@ -337,7 +338,7 @@ tas(volatile slock_t *lock) +@@ -338,7 +339,7 @@ tas(volatile slock_t *lock) #define S_UNLOCK(lock) __sync_lock_release(lock) #endif /* HAVE_GCC__SYNC_INT32_TAS */ @@ -33,4 +35,4 @@ extending the existing aarch64 macro works. +#endif /* __arm__ || __arm || __aarch64__ || __aarch64 || __riscv */ - /* S/390 and S/390x Linux (32- and 64-bit zSeries) */ + /* diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch b/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch index db9769f82..17ba04b66 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch @@ -18,7 +18,7 @@ index fb14dcc..a2b4a4f 100644 +++ b/configure.in @@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros - AC_INIT([PostgreSQL], [13.4], [pgsql-bugs@...], [], [https://www.postgresql.org/]) + AC_INIT([PostgreSQL], [13.5], [pgsql-bugs@...], [], [https://www.postgresql.org/]) -m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required. -Untested combinations of 'autoconf' and PostgreSQL versions are not diff --git a/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch b/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch deleted file mode 100644 index 58bf81062..000000000 --- a/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 24c2b9e42edb6d2f4ef2cead3b0aa1d6196adfce Mon Sep 17 00:00:00 2001 -From: Tom Lane <tgl@...> -Date: Mon, 8 Nov 2021 11:01:43 -0500 -Subject: [PATCH 2/2] Reject extraneous data after SSL or GSS encryption - handshake. - -The server collects up to a bufferload of data whenever it reads data -from the client socket. When SSL or GSS encryption is requested -during startup, any additional data received with the initial -request message remained in the buffer, and would be treated as -already-decrypted data once the encryption handshake completed. -Thus, a man-in-the-middle with the ability to inject data into the -TCP connection could stuff some cleartext data into the start of -a supposedly encryption-protected database session. - -This could be abused to send faked SQL commands to the server, -although that would only work if the server did not demand any -authentication data. (However, a server relying on SSL certificate -authentication might well not do so.) - -To fix, throw a protocol-violation error if the internal buffer -is not empty after the encryption handshake. - -Our thanks to Jacob Champion for reporting this problem. - -Security: CVE-2021-23214 - -Upstream-Status: Backport[https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951] -CVE: CVE-2021-23214 - -Signed-off-by: Changqing Li <changqing.li@...> - ---- - src/backend/libpq/pqcomm.c | 11 +++++++++++ - src/backend/postmaster/postmaster.c | 23 ++++++++++++++++++++++- - src/include/libpq/libpq.h | 1 + - 3 files changed, 34 insertions(+), 1 deletion(-) - -diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c -index ee2cd86..4dd1c02 100644 ---- a/src/backend/libpq/pqcomm.c -+++ b/src/backend/libpq/pqcomm.c -@@ -1183,6 +1183,17 @@ pq_getstring(StringInfo s) - } - } - -+/* ------------------------------- -+ * pq_buffer_has_data - is any buffered data available to read? -+ * -+ * This will *not* attempt to read more data. -+ * -------------------------------- -+ */ -+bool -+pq_buffer_has_data(void) -+{ -+ return (PqRecvPointer < PqRecvLength); -+} - - /* -------------------------------- - * pq_startmsgread - begin reading a message from the client. -diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c -index 5775fc0..1fcc3f8 100644 ---- a/src/backend/postmaster/postmaster.c -+++ b/src/backend/postmaster/postmaster.c -@@ -2049,6 +2049,17 @@ retry1: - return STATUS_ERROR; - #endif - -+ /* -+ * At this point we should have no data already buffered. If we do, -+ * it was received before we performed the SSL handshake, so it wasn't -+ * encrypted and indeed may have been injected by a man-in-the-middle. -+ * We report this case to the client. -+ */ -+ if (pq_buffer_has_data()) -+ ereport(FATAL, -+ (errcode(ERRCODE_PROTOCOL_VIOLATION), -+ errmsg("received unencrypted data after SSL request"), -+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); - /* - * regular startup packet, cancel, etc packet should follow, but not - * another SSL negotiation request, and a GSS request should only -@@ -2080,7 +2091,17 @@ retry1: - if (GSSok == 'G' && secure_open_gssapi(port) == -1) - return STATUS_ERROR; - #endif -- -+ /* -+ * At this point we should have no data already buffered. If we do, -+ * it was received before we performed the GSS handshake, so it wasn't -+ * encrypted and indeed may have been injected by a man-in-the-middle. -+ * We report this case to the client. -+ */ -+ if (pq_buffer_has_data()) -+ ereport(FATAL, -+ (errcode(ERRCODE_PROTOCOL_VIOLATION), -+ errmsg("received unencrypted data after GSSAPI encryption request"), -+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); - /* - * regular startup packet, cancel, etc packet should follow, but not - * another GSS negotiation request, and an SSL request should only -diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h -index b115247..9969692 100644 ---- a/src/include/libpq/libpq.h -+++ b/src/include/libpq/libpq.h -@@ -73,6 +73,7 @@ extern int pq_getbyte(void); - extern int pq_peekbyte(void); - extern int pq_getbyte_if_available(unsigned char *c); - extern int pq_putbytes(const char *s, size_t len); -+extern bool pq_buffer_has_data(void); - - /* - * prototypes for functions in be-secure.c --- -2.17.1 - diff --git a/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch b/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch deleted file mode 100644 index 42b78539b..000000000 --- a/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 79125ead2a6a234086844bb42f06d49603fe6ca0 Mon Sep 17 00:00:00 2001 -From: Tom Lane <tgl@...> -Date: Mon, 8 Nov 2021 11:14:56 -0500 -Subject: [PATCH 1/2] libpq: reject extraneous data after SSL or GSS encryption - handshake. - -libpq collects up to a bufferload of data whenever it reads data from -the socket. When SSL or GSS encryption is requested during startup, -any additional data received with the server's yes-or-no reply -remained in the buffer, and would be treated as already-decrypted data -once the encryption handshake completed. Thus, a man-in-the-middle -with the ability to inject data into the TCP connection could stuff -some cleartext data into the start of a supposedly encryption-protected -database session. - -This could probably be abused to inject faked responses to the -client's first few queries, although other details of libpq's behavior -make that harder than it sounds. A different line of attack is to -exfiltrate the client's password, or other sensitive data that might -be sent early in the session. That has been shown to be possible with -a server vulnerable to CVE-2021-23214. - -To fix, throw a protocol-violation error if the internal buffer -is not empty after the encryption handshake. - -Our thanks to Jacob Champion for reporting this problem. - -Security: CVE-2021-23222 - -Upstream-Status: Backport[https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45] -CVE: CVE-2021-23222 - -Signed-off-by: Changqing Li <changqing.li@...> ---- - doc/src/sgml/protocol.sgml | 28 ++++++++++++++++++++++++++++ - src/interfaces/libpq/fe-connect.c | 26 ++++++++++++++++++++++++++ - 2 files changed, 54 insertions(+) - -diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml -index e26619e1b5..b692648fca 100644 ---- a/doc/src/sgml/protocol.sgml -+++ b/doc/src/sgml/protocol.sgml -@@ -1471,6 +1471,20 @@ SELCT 1/0;<!-- this typo is intentional --> - and proceed without requesting <acronym>SSL</acronym>. - </para> - -+ <para> -+ When <acronym>SSL</acronym> encryption can be performed, the server -+ is expected to send only the single <literal>S</literal> byte and then -+ wait for the frontend to initiate an <acronym>SSL</acronym> handshake. -+ If additional bytes are available to read at this point, it likely -+ means that a man-in-the-middle is attempting to perform a -+ buffer-stuffing attack -+ (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>). -+ Frontends should be coded either to read exactly one byte from the -+ socket before turning the socket over to their SSL library, or to -+ treat it as a protocol violation if they find they have read additional -+ bytes. -+ </para> -+ - <para> - An initial SSLRequest can also be used in a connection that is being - opened to send a CancelRequest message. -@@ -1532,6 +1546,20 @@ SELCT 1/0;<!-- this typo is intentional --> - encryption. - </para> - -+ <para> -+ When <acronym>GSSAPI</acronym> encryption can be performed, the server -+ is expected to send only the single <literal>G</literal> byte and then -+ wait for the frontend to initiate a <acronym>GSSAPI</acronym> handshake. -+ If additional bytes are available to read at this point, it likely -+ means that a man-in-the-middle is attempting to perform a -+ buffer-stuffing attack -+ (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>). -+ Frontends should be coded either to read exactly one byte from the -+ socket before turning the socket over to their GSSAPI library, or to -+ treat it as a protocol violation if they find they have read additional -+ bytes. -+ </para> -+ - <para> - An initial GSSENCRequest can also be used in a connection that is being - opened to send a CancelRequest message. -diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c -index f80f4e98d8..57aee95183 100644 ---- a/src/interfaces/libpq/fe-connect.c -+++ b/src/interfaces/libpq/fe-connect.c -@@ -3076,6 +3076,19 @@ keep_going: /* We will come back to here until there is - pollres = pqsecure_open_client(conn); - if (pollres == PGRES_POLLING_OK) - { -+ /* -+ * At this point we should have no data already buffered. -+ * If we do, it was received before we performed the SSL -+ * handshake, so it wasn't encrypted and indeed may have -+ * been injected by a man-in-the-middle. -+ */ -+ if (conn->inCursor != conn->inEnd) -+ { -+ appendPQExpBufferStr(&conn->errorMessage, -+ libpq_gettext("received unencrypted data after SSL response\n")); -+ goto error_return; -+ } -+ - /* SSL handshake done, ready to send startup packet */ - conn->status = CONNECTION_MADE; - return PGRES_POLLING_WRITING; -@@ -3175,6 +3188,19 @@ keep_going: /* We will come back to here until there is - pollres = pqsecure_open_gss(conn); - if (pollres == PGRES_POLLING_OK) - { -+ /* -+ * At this point we should have no data already buffered. -+ * If we do, it was received before we performed the GSS -+ * handshake, so it wasn't encrypted and indeed may have -+ * been injected by a man-in-the-middle. -+ */ -+ if (conn->inCursor != conn->inEnd) -+ { -+ appendPQExpBufferStr(&conn->errorMessage, -+ libpq_gettext("received unencrypted data after GSSAPI encryption response\n")); -+ goto error_return; -+ } -+ - /* All set for startup packet */ - conn->status = CONNECTION_MADE; - return PGRES_POLLING_WRITING; --- -2.17.1 - diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb b/meta-oe/recipes-dbs/postgresql/postgresql_13.5.bb similarity index 67% rename from meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb rename to meta-oe/recipes-dbs/postgresql/postgresql_13.5.bb index 2ed0fa49b..81193e30e 100644 --- a/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb +++ b/meta-oe/recipes-dbs/postgresql/postgresql_13.5.bb @@ -7,8 +7,6 @@ SRC_URI += "\ file://0001-Add-support-for-RISC-V.patch \ file://0001-Improve-reproducibility.patch \ file://0001-configure.in-bypass-autoconf-2.69-version-check.patch \ - file://CVE-2021-23214.patch \ - file://CVE-2021-23222.patch \ " -SRC_URI[sha256sum] = "ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd" +SRC_URI[sha256sum] = "9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3" -- 2.34.1 |
|
|
|
[meta-oe][PATCH] postgresql: Update to 14.1
Robert Joslyn
Refresh patches, since upstream moved from configure.in to configure.ac.
Remove CVE backports that no longer apply to the new version. Update SRC_URI to use https. Upstream redirects http to https anyway. Rework PACKAGECONFIG: * Reorder PACKAGECONFIG to be the same as the `./configure --help` output to make future updates easier. * Move zlib to a PACKAGECONFIG. Upstream enables it by default, so keep it enabled to preserve existing behavior. * Add PACKAGECONFIGs for ldap, systemd, gssapi, xslt, and lz4 * Update openssl to use `--with-ssl=openssl` because the `--with-openssl` form is deprecated. * Remove the nls config because gettext.bbclass already appends the desired option to EXTRA_OECONF based on the value of USE_NLS. Enable spinlocks on aarch64. Support was added in version 9.2.5 and should provide much better performance. Signed-off-by: Robert Joslyn <robert.joslyn@...> --- .../files/0001-Add-support-for-RISC-V.patch | 13 +- .../files/0001-Improve-reproducibility.patch | 9 +- ...-bypass-autoconf-2.69-version-check.patch} | 22 +-- .../postgresql/files/CVE-2021-23214.patch | 116 ---------------- .../postgresql/files/CVE-2021-23222.patch | 131 ------------------ .../postgresql/files/not-check-libperl.patch | 17 ++- meta-oe/recipes-dbs/postgresql/postgresql.inc | 29 ++-- ...{postgresql_13.4.bb => postgresql_14.1.bb} | 6 +- 8 files changed, 57 insertions(+), 286 deletions(-) rename meta-oe/recipes-dbs/postgresql/files/{0001-configure.in-bypass-autoconf-2.69-version-check.patch => 0001-configure.ac-bypass-autoconf-2.69-version-check.patch} (60%) delete mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch delete mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch rename meta-oe/recipes-dbs/postgresql/{postgresql_13.4.bb => postgresql_14.1.bb} (53%) diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch index 0dc6ece6d..90b741949 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch @@ -1,4 +1,4 @@ -From b06a228a5fd1589fc9bed654b3288b321fc21aa1 Mon Sep 17 00:00:00 2001 +From 780fd27ea6f7f2c446c46a7a5e26d94106c67efd Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" <rjones@...> Date: Sun, 20 Nov 2016 15:04:52 +0000 Subject: [PATCH] Add support for RISC-V. @@ -9,9 +9,11 @@ extending the existing aarch64 macro works. src/include/storage/s_lock.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) +diff --git a/src/include/storage/s_lock.h b/src/include/storage/s_lock.h +index dccbd29..ad60429 100644 --- a/src/include/storage/s_lock.h +++ b/src/include/storage/s_lock.h -@@ -316,11 +316,12 @@ tas(volatile slock_t *lock) +@@ -317,11 +317,12 @@ tas(volatile slock_t *lock) /* * On ARM and ARM64, we use __sync_lock_test_and_set(int *, int) if available. @@ -25,7 +27,7 @@ extending the existing aarch64 macro works. #ifdef HAVE_GCC__SYNC_INT32_TAS #define HAS_TEST_AND_SET -@@ -337,7 +338,7 @@ tas(volatile slock_t *lock) +@@ -338,7 +339,7 @@ tas(volatile slock_t *lock) #define S_UNLOCK(lock) __sync_lock_release(lock) #endif /* HAVE_GCC__SYNC_INT32_TAS */ @@ -33,4 +35,7 @@ extending the existing aarch64 macro works. +#endif /* __arm__ || __arm || __aarch64__ || __aarch64 || __riscv */ - /* S/390 and S/390x Linux (32- and 64-bit zSeries) */ + /* +-- +2.34.1 + diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch index e9bc6240d..02f4c9e51 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch @@ -1,4 +1,4 @@ -From 71fbee3888ee889a269eded5585ed7591bcbe9dd Mon Sep 17 00:00:00 2001 +From bbba8a5261a99e79c9cd4693ef56021014a9856b Mon Sep 17 00:00:00 2001 From: Changqing Li <changqing.li@...> Date: Mon, 28 Dec 2020 16:38:21 +0800 Subject: [PATCH] Improve reproducibility, @@ -22,9 +22,11 @@ Signed-off-by: Changqing Li <changqing.li@...> src/common/Makefile | 3 --- 1 file changed, 3 deletions(-) +diff --git a/src/common/Makefile b/src/common/Makefile +index 880722f..7a9b9d4 100644 --- a/src/common/Makefile +++ b/src/common/Makefile -@@ -31,9 +31,6 @@ include $(top_builddir)/src/Makefile.glo +@@ -31,9 +31,6 @@ include $(top_builddir)/src/Makefile.global # don't include subdirectory-path-dependent -I and -L switches STD_CPPFLAGS := $(filter-out -I$(top_srcdir)/src/include -I$(top_builddir)/src/include,$(CPPFLAGS)) STD_LDFLAGS := $(filter-out -L$(top_builddir)/src/common -L$(top_builddir)/src/port,$(LDFLAGS)) @@ -34,3 +36,6 @@ Signed-off-by: Changqing Li <changqing.li@...> override CPPFLAGS += -DVAL_CFLAGS_SL="\"$(CFLAGS_SL)\"" override CPPFLAGS += -DVAL_LDFLAGS="\"$(STD_LDFLAGS)\"" override CPPFLAGS += -DVAL_LDFLAGS_EX="\"$(LDFLAGS_EX)\"" +-- +2.34.1 + diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch b/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch similarity index 60% rename from meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch rename to meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch index db9769f82..3d969cc7e 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch @@ -1,7 +1,7 @@ -From eba2c940afcd83521f591ccf6b49eca06908ea8e Mon Sep 17 00:00:00 2001 +From 053e8fc51bd9688100ce284a9c7afab88656386f Mon Sep 17 00:00:00 2001 From: Yi Fan Yu <yifan.yu@...> Date: Fri, 5 Feb 2021 17:15:42 -0500 -Subject: [PATCH] configure.in: bypass autoconf 2.69 version check +Subject: [PATCH] configure.ac: bypass autoconf 2.69 version check for upgrade to autoconf 2.71 @@ -9,24 +9,24 @@ Upstream-Status: Inappropriate [disable feature] Signed-off-by: Yi Fan Yu <yifan.yu@...> --- - configure.in | 4 ---- + configure.ac | 4 ---- 1 file changed, 4 deletions(-) -diff --git a/configure.in b/configure.in -index fb14dcc..a2b4a4f 100644 ---- a/configure.in -+++ b/configure.in +diff --git a/configure.ac b/configure.ac +index 7170f26..daf85b9 100644 +--- a/configure.ac ++++ b/configure.ac @@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros - AC_INIT([PostgreSQL], [13.4], [pgsql-bugs@...], [], [https://www.postgresql.org/]) + AC_INIT([PostgreSQL], [14.1], [pgsql-bugs@...], [], [https://www.postgresql.org/]) -m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required. -Untested combinations of 'autoconf' and PostgreSQL versions are not --recommended. You can remove the check from 'configure.in' but it is then +-recommended. You can remove the check from 'configure.ac' but it is then -your responsibility whether the result works or not.])]) - AC_COPYRIGHT([Copyright (c) 1996-2020, PostgreSQL Global Development Group]) + AC_COPYRIGHT([Copyright (c) 1996-2021, PostgreSQL Global Development Group]) AC_CONFIG_SRCDIR([src/backend/access/common/heaptuple.c]) AC_CONFIG_AUX_DIR(config) -- -2.17.1 +2.34.1 diff --git a/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch b/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch deleted file mode 100644 index 58bf81062..000000000 --- a/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 24c2b9e42edb6d2f4ef2cead3b0aa1d6196adfce Mon Sep 17 00:00:00 2001 -From: Tom Lane <tgl@...> -Date: Mon, 8 Nov 2021 11:01:43 -0500 -Subject: [PATCH 2/2] Reject extraneous data after SSL or GSS encryption - handshake. - -The server collects up to a bufferload of data whenever it reads data -from the client socket. When SSL or GSS encryption is requested -during startup, any additional data received with the initial -request message remained in the buffer, and would be treated as -already-decrypted data once the encryption handshake completed. -Thus, a man-in-the-middle with the ability to inject data into the -TCP connection could stuff some cleartext data into the start of -a supposedly encryption-protected database session. - -This could be abused to send faked SQL commands to the server, -although that would only work if the server did not demand any -authentication data. (However, a server relying on SSL certificate -authentication might well not do so.) - -To fix, throw a protocol-violation error if the internal buffer -is not empty after the encryption handshake. - -Our thanks to Jacob Champion for reporting this problem. - -Security: CVE-2021-23214 - -Upstream-Status: Backport[https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951] -CVE: CVE-2021-23214 - -Signed-off-by: Changqing Li <changqing.li@...> - ---- - src/backend/libpq/pqcomm.c | 11 +++++++++++ - src/backend/postmaster/postmaster.c | 23 ++++++++++++++++++++++- - src/include/libpq/libpq.h | 1 + - 3 files changed, 34 insertions(+), 1 deletion(-) - -diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c -index ee2cd86..4dd1c02 100644 ---- a/src/backend/libpq/pqcomm.c -+++ b/src/backend/libpq/pqcomm.c -@@ -1183,6 +1183,17 @@ pq_getstring(StringInfo s) - } - } - -+/* ------------------------------- -+ * pq_buffer_has_data - is any buffered data available to read? -+ * -+ * This will *not* attempt to read more data. -+ * -------------------------------- -+ */ -+bool -+pq_buffer_has_data(void) -+{ -+ return (PqRecvPointer < PqRecvLength); -+} - - /* -------------------------------- - * pq_startmsgread - begin reading a message from the client. -diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c -index 5775fc0..1fcc3f8 100644 ---- a/src/backend/postmaster/postmaster.c -+++ b/src/backend/postmaster/postmaster.c -@@ -2049,6 +2049,17 @@ retry1: - return STATUS_ERROR; - #endif - -+ /* -+ * At this point we should have no data already buffered. If we do, -+ * it was received before we performed the SSL handshake, so it wasn't -+ * encrypted and indeed may have been injected by a man-in-the-middle. -+ * We report this case to the client. -+ */ -+ if (pq_buffer_has_data()) -+ ereport(FATAL, -+ (errcode(ERRCODE_PROTOCOL_VIOLATION), -+ errmsg("received unencrypted data after SSL request"), -+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); - /* - * regular startup packet, cancel, etc packet should follow, but not - * another SSL negotiation request, and a GSS request should only -@@ -2080,7 +2091,17 @@ retry1: - if (GSSok == 'G' && secure_open_gssapi(port) == -1) - return STATUS_ERROR; - #endif -- -+ /* -+ * At this point we should have no data already buffered. If we do, -+ * it was received before we performed the GSS handshake, so it wasn't -+ * encrypted and indeed may have been injected by a man-in-the-middle. -+ * We report this case to the client. -+ */ -+ if (pq_buffer_has_data()) -+ ereport(FATAL, -+ (errcode(ERRCODE_PROTOCOL_VIOLATION), -+ errmsg("received unencrypted data after GSSAPI encryption request"), -+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); - /* - * regular startup packet, cancel, etc packet should follow, but not - * another GSS negotiation request, and an SSL request should only -diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h -index b115247..9969692 100644 ---- a/src/include/libpq/libpq.h -+++ b/src/include/libpq/libpq.h -@@ -73,6 +73,7 @@ extern int pq_getbyte(void); - extern int pq_peekbyte(void); - extern int pq_getbyte_if_available(unsigned char *c); - extern int pq_putbytes(const char *s, size_t len); -+extern bool pq_buffer_has_data(void); - - /* - * prototypes for functions in be-secure.c --- -2.17.1 - diff --git a/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch b/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch deleted file mode 100644 index 42b78539b..000000000 --- a/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 79125ead2a6a234086844bb42f06d49603fe6ca0 Mon Sep 17 00:00:00 2001 -From: Tom Lane <tgl@...> -Date: Mon, 8 Nov 2021 11:14:56 -0500 -Subject: [PATCH 1/2] libpq: reject extraneous data after SSL or GSS encryption - handshake. - -libpq collects up to a bufferload of data whenever it reads data from -the socket. When SSL or GSS encryption is requested during startup, -any additional data received with the server's yes-or-no reply -remained in the buffer, and would be treated as already-decrypted data -once the encryption handshake completed. Thus, a man-in-the-middle -with the ability to inject data into the TCP connection could stuff -some cleartext data into the start of a supposedly encryption-protected -database session. - -This could probably be abused to inject faked responses to the -client's first few queries, although other details of libpq's behavior -make that harder than it sounds. A different line of attack is to -exfiltrate the client's password, or other sensitive data that might -be sent early in the session. That has been shown to be possible with -a server vulnerable to CVE-2021-23214. - -To fix, throw a protocol-violation error if the internal buffer -is not empty after the encryption handshake. - -Our thanks to Jacob Champion for reporting this problem. - -Security: CVE-2021-23222 - -Upstream-Status: Backport[https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45] -CVE: CVE-2021-23222 - -Signed-off-by: Changqing Li <changqing.li@...> ---- - doc/src/sgml/protocol.sgml | 28 ++++++++++++++++++++++++++++ - src/interfaces/libpq/fe-connect.c | 26 ++++++++++++++++++++++++++ - 2 files changed, 54 insertions(+) - -diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml -index e26619e1b5..b692648fca 100644 ---- a/doc/src/sgml/protocol.sgml -+++ b/doc/src/sgml/protocol.sgml -@@ -1471,6 +1471,20 @@ SELCT 1/0;<!-- this typo is intentional --> - and proceed without requesting <acronym>SSL</acronym>. - </para> - -+ <para> -+ When <acronym>SSL</acronym> encryption can be performed, the server -+ is expected to send only the single <literal>S</literal> byte and then -+ wait for the frontend to initiate an <acronym>SSL</acronym> handshake. -+ If additional bytes are available to read at this point, it likely -+ means that a man-in-the-middle is attempting to perform a -+ buffer-stuffing attack -+ (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>). -+ Frontends should be coded either to read exactly one byte from the -+ socket before turning the socket over to their SSL library, or to -+ treat it as a protocol violation if they find they have read additional -+ bytes. -+ </para> -+ - <para> - An initial SSLRequest can also be used in a connection that is being - opened to send a CancelRequest message. -@@ -1532,6 +1546,20 @@ SELCT 1/0;<!-- this typo is intentional --> - encryption. - </para> - -+ <para> -+ When <acronym>GSSAPI</acronym> encryption can be performed, the server -+ is expected to send only the single <literal>G</literal> byte and then -+ wait for the frontend to initiate a <acronym>GSSAPI</acronym> handshake. -+ If additional bytes are available to read at this point, it likely -+ means that a man-in-the-middle is attempting to perform a -+ buffer-stuffing attack -+ (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>). -+ Frontends should be coded either to read exactly one byte from the -+ socket before turning the socket over to their GSSAPI library, or to -+ treat it as a protocol violation if they find they have read additional -+ bytes. -+ </para> -+ - <para> - An initial GSSENCRequest can also be used in a connection that is being - opened to send a CancelRequest message. -diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c -index f80f4e98d8..57aee95183 100644 ---- a/src/interfaces/libpq/fe-connect.c -+++ b/src/interfaces/libpq/fe-connect.c -@@ -3076,6 +3076,19 @@ keep_going: /* We will come back to here until there is - pollres = pqsecure_open_client(conn); - if (pollres == PGRES_POLLING_OK) - { -+ /* -+ * At this point we should have no data already buffered. -+ * If we do, it was received before we performed the SSL -+ * handshake, so it wasn't encrypted and indeed may have -+ * been injected by a man-in-the-middle. -+ */ -+ if (conn->inCursor != conn->inEnd) -+ { -+ appendPQExpBufferStr(&conn->errorMessage, -+ libpq_gettext("received unencrypted data after SSL response\n")); -+ goto error_return; -+ } -+ - /* SSL handshake done, ready to send startup packet */ - conn->status = CONNECTION_MADE; - return PGRES_POLLING_WRITING; -@@ -3175,6 +3188,19 @@ keep_going: /* We will come back to here until there is - pollres = pqsecure_open_gss(conn); - if (pollres == PGRES_POLLING_OK) - { -+ /* -+ * At this point we should have no data already buffered. -+ * If we do, it was received before we performed the GSS -+ * handshake, so it wasn't encrypted and indeed may have -+ * been injected by a man-in-the-middle. -+ */ -+ if (conn->inCursor != conn->inEnd) -+ { -+ appendPQExpBufferStr(&conn->errorMessage, -+ libpq_gettext("received unencrypted data after GSSAPI encryption response\n")); -+ goto error_return; -+ } -+ - /* All set for startup packet */ - conn->status = CONNECTION_MADE; - return PGRES_POLLING_WRITING; --- -2.17.1 - diff --git a/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch b/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch index ba2ee29f0..fa46912ee 100644 --- a/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch +++ b/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch @@ -1,7 +1,7 @@ -From 7e2af4de19be58bc9d551c41ce2750396d357f34 Mon Sep 17 00:00:00 2001 +From 56b830edecff1cac5f8a8a956e7a7eeef2aa7c17 Mon Sep 17 00:00:00 2001 From: Changqing Li <changqing.li@...> Date: Tue, 27 Nov 2018 13:25:15 +0800 -Subject: [PATCH] PATCH] not check libperl under cross compiling +Subject: [PATCH] not check libperl under cross compiling Upstream-Status: Inappropriate [configuration] @@ -16,12 +16,14 @@ Signed-off-by: Roy Li <rongqing.li@...> update patch to version 11.1 Signed-off-by: Changqing Li <changqing.li@...> --- - configure.in | 2 +- + configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---- a/configure.in -+++ b/configure.in -@@ -2206,7 +2206,7 @@ Use --without-tcl to disable building PL +diff --git a/configure.ac b/configure.ac +index fba79ee..7170f26 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -2261,7 +2261,7 @@ Use --without-tcl to disable building PL/Tcl.]) fi # check for <perl.h> @@ -30,3 +32,6 @@ Signed-off-by: Changqing Li <changqing.li@...> ac_save_CPPFLAGS=$CPPFLAGS CPPFLAGS="$CPPFLAGS $perl_includespec" AC_CHECK_HEADER(perl.h, [], [AC_MSG_ERROR([header file <perl.h> is required for Perl])], +-- +2.34.1 + diff --git a/meta-oe/recipes-dbs/postgresql/postgresql.inc b/meta-oe/recipes-dbs/postgresql/postgresql.inc index e609ac33e..257d27b11 100644 --- a/meta-oe/recipes-dbs/postgresql/postgresql.inc +++ b/meta-oe/recipes-dbs/postgresql/postgresql.inc @@ -19,11 +19,11 @@ DESCRIPTION = "\ " HOMEPAGE = "http://www.postgresql.com" LICENSE = "BSD-0-Clause" -DEPENDS = "libnsl2 zlib readline tzcode-native" +DEPENDS = "libnsl2 readline tzcode-native" ARM_INSTRUCTION_SET = "arm" -SRC_URI = "http://ftp.postgresql.org/pub/source/v${PV}/${BP}.tar.bz2 \ +SRC_URI = "https://ftp.postgresql.org/pub/source/v${PV}/${BP}.tar.bz2 \ file://postgresql.init \ file://postgresql-profile \ file://postgresql.pam \ @@ -43,7 +43,6 @@ CFLAGS += "-I${STAGING_INCDIR}/${PYTHON_DIR} -I${STAGING_INCDIR}/tcl8.6" SYSTEMD_SERVICE:${PN} = "postgresql.service" SYSTEMD_AUTO_ENABLE:${PN} = "disable" -DEPENDS:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-systemctl-native', '', d)}" pkg_postinst:${PN} () { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd sysvinit', 'true', 'false', d)}; then if [ -n "$D" ]; then @@ -53,23 +52,29 @@ pkg_postinst:${PN} () { fi } -enable_pam = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" -PACKAGECONFIG ??= "${enable_pam} openssl python uuid libxml tcl nls libxml perl" -PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam," -PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl ac_cv_file__dev_urandom=yes,openssl," -PACKAGECONFIG[python] = "--with-python,--without-python,python3,python3" -PACKAGECONFIG[uuid] = "--with-uuid=e2fs,--without-uuid,util-linux," +PACKAGECONFIG ??= " \ + ${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd', d)} \ + openssl python uuid libxml tcl perl zlib \ +" PACKAGECONFIG[tcl] = "--with-tcl --with-tclconfig=${STAGING_BINDIR_CROSS},--without-tcl,tcl tcl-native," -PACKAGECONFIG[nls] = "--enable-nls,--disable-nls,," -PACKAGECONFIG[libxml] = "--with-libxml,--without-libxml,libxml2,libxml2" PACKAGECONFIG[perl] = "--with-perl,--without-perl,perl,perl" +PACKAGECONFIG[python] = "--with-python,--without-python,python3,python3" +PACKAGECONFIG[gssapi] = "--with-gssapi,--without-gssapi,krb5" +PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam" +PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap" +PACKAGECONFIG[systemd] = "--with-systemd,--without-systemd,systemd systemd-systemctl-native" +PACKAGECONFIG[uuid] = "--with-uuid=e2fs,--without-uuid,util-linux" +PACKAGECONFIG[libxml] = "--with-libxml,--without-libxml,libxml2,libxml2" +PACKAGECONFIG[libxslt] = "--with-libxslt,--without-libxslt,libxslt" +PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib,zlib" +PACKAGECONFIG[lz4] = "--with-lz4,--without-lz4,lz4" +PACKAGECONFIG[openssl] = "--with-ssl=openssl,ac_cv_file__dev_urandom=yes,openssl" EXTRA_OECONF += "--enable-thread-safety --disable-rpath \ --datadir=${datadir}/${BPN} \ --sysconfdir=${sysconfdir}/${BPN} \ " EXTRA_OECONF:sh4 += "--disable-spinlocks" -EXTRA_OECONF:aarch64 += "--disable-spinlocks" DEBUG_OPTIMIZATION:remove:mips = " -Og" DEBUG_OPTIMIZATION:append:mips = " -O" diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb b/meta-oe/recipes-dbs/postgresql/postgresql_14.1.bb similarity index 53% rename from meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb rename to meta-oe/recipes-dbs/postgresql/postgresql_14.1.bb index 2ed0fa49b..1112cc21d 100644 --- a/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb +++ b/meta-oe/recipes-dbs/postgresql/postgresql_14.1.bb @@ -6,9 +6,7 @@ SRC_URI += "\ file://not-check-libperl.patch \ file://0001-Add-support-for-RISC-V.patch \ file://0001-Improve-reproducibility.patch \ - file://0001-configure.in-bypass-autoconf-2.69-version-check.patch \ - file://CVE-2021-23214.patch \ - file://CVE-2021-23222.patch \ + file://0001-configure.ac-bypass-autoconf-2.69-version-check.patch \ " -SRC_URI[sha256sum] = "ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd" +SRC_URI[sha256sum] = "4d3c101ea7ae38982f06bdc73758b53727fb6402ecd9382006fa5ecc7c2ca41f" -- 2.34.1 |
|
|
|
Re: [PATCH 2/3] iotop: move to the C port of iotop
On Sat, Jan 15, 2022 at 2:33 AM Ross Burton <ross@...> wrote: On Sat, 15 Jan 2022 at 01:26, Khem Raj <raj.khem@...> wrote: Yeah and it’s with glibc master so not a big deal I will still extract a test case for reporting to llvm GitHub issue
|
|
|
|
Re: [meta-oe][dunfell][PATCH 1/5] freerdp: Upgrade to 2.2.0
Marek Vasut
On 1/15/22 14:43, akuster808 wrote:
On 1/11/22 8:57 PM, Marek Vasut wrote:This patch updates freerdp from 2.0.0 to 2.2.0 , not from 2.2.0 to 2.4.1 , that's a later patch. This one addresses quite a few old CVEs though, see below.On 1/12/22 05:42, akuster808 wrote:What is in the update from 2.2.0 to 2.4.1?This ... what ? The SoB line or the update ? I had to look at the release notes myself and found new features beingThis should all be part of FreeRDP stable-2.0 branch https://github.com/FreeRDP/FreeRDP/tree/stable-2.0 Their active development is happening toward 3.0 release, that's where features are being added. Looking briefly at the debian changelog for the various CVEs this patchset addresses, here is a list: https://metadata.ftp-master.debian.org/changelogs//main/f/freerdp2/freerdp2_2.4.1+dfsg1-1_changelog freerdp2 (2.2.0+dfsg1-1) unstable; urgency=medium * New upstream release. + CVE-2020-15103: Integer overflow due to missing input sanitation in ... freerdp2 (2.1.2+dfsg1-1) unstable; urgency=medium * New upstream release. - CVE-2020-4033: Out of bound read in RLEDECOMPRESS - CVE-2020-4031: Use-After-Free in gdi_SelectObject - CVE-2020-4032: Integer casting vulnerability in `update_recv_secondary_order` - CVE-2020-4030: OOB read in `TrioParse` - CVE-2020-11099: OOB Read in license_read_new_or_upgrade_license_packet - CVE-2020-11098: Out-of-bound read in glyph_cache_put - CVE-2020-11097: OOB read in ntlm_av_pair_get - CVE-2020-11095: Global OOB read in update_recv_primary_order - CVE-2020-11096: Global OOB read in update_read_cache_bitmap_v3_order ... freerdp2 (2.4.1+dfsg1-1) unstable; urgency=medium * New upstream release. (Closes: #999727). - CVE-2021-41160: Fix improper region checks in all clients that allowed out of bound write to memory. (Closes: #1001062). - CVE-2021-41159: Fix improper client input validation for gateway connections that allowed one to overwrite memory. (Closes: #1001061). This patch set will not be included.I see you've made your decision then. How do you propose those CVEs be closed in dunfell then ? [...] |
|
|
|
[hardknott 11/11] udisks2: upgrade from 2.9.2 to 2.9.4
From: Chen Qi <Qi.Chen@...>
Upgrade udisks2 from 2.9.2 to 2.9.4. This upgrade will solves CVE-2021-3802. Signed-off-by: Chen Qi <Qi.Chen@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../udisks/{udisks2_2.9.2.bb => udisks2_2.9.4.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-oe/recipes-support/udisks/{udisks2_2.9.2.bb => udisks2_2.9.4.bb} (89%) diff --git a/meta-oe/recipes-support/udisks/udisks2_2.9.2.bb b/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb similarity index 89% rename from meta-oe/recipes-support/udisks/udisks2_2.9.2.bb rename to meta-oe/recipes-support/udisks/udisks2_2.9.4.bb index 4c64f91a9e..a25860fd92 100644 --- a/meta-oe/recipes-support/udisks/udisks2_2.9.2.bb +++ b/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb @@ -17,8 +17,8 @@ DEPENDS += "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" RDEPENDS_${PN} = "acl" -SRC_URI = "git://github.com/storaged-project/udisks.git;branch=master;protocol=https" -SRCREV = "da6d9480fefeb0ffdf8a84626b5096827d8d7030" +SRC_URI = "git://github.com/storaged-project/udisks.git;branch=2.9.x-branch;protocol=https" +SRCREV = "001c486e6d099ed33e2de4f5c73c03e3ee180f81" S = "${WORKDIR}/git" CVE_PRODUCT = "udisks" -- 2.25.1 |
|
|