diff options
64 files changed, 549 insertions, 190 deletions
diff --git a/contrib/pw-am.sh b/contrib/pw-am.sh index 8987eee8eb..d9d1187b0b 100755 --- a/contrib/pw-am.sh +++ b/contrib/pw-am.sh @@ -9,7 +9,7 @@ for patchnumber in $@; do - wget -nv http://patches.openembedded.org/patch/$patchnumber/mbox/ -O pw-am-$patchnumber.patch + wget -nv http://patchwork.yoctoproject.org/patch/$patchnumber/mbox/ -O pw-am-$patchnumber.patch git am -s pw-am-$patchnumber.patch rm pw-am-$patchnumber.patch done diff --git a/meta-multimedia/recipes-support/libsrtp/libsrtp_2.3.0.bb b/meta-multimedia/recipes-support/libsrtp/libsrtp_2.3.0.bb index 5b4f34592b..b494a3ca08 100644 --- a/meta-multimedia/recipes-support/libsrtp/libsrtp_2.3.0.bb +++ b/meta-multimedia/recipes-support/libsrtp/libsrtp_2.3.0.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2909fcf6f09ffff8430463d91c08c4e1" S = "${WORKDIR}/git" SRCREV = "d02d21111e379c297e93a9033d7b653135f732ee" -SRC_URI = "git://github.com/cisco/libsrtp.git;branch=master;protocol=https" +SRC_URI = "git://github.com/cisco/libsrtp.git;branch=main;protocol=https" inherit autotools pkgconfig diff --git a/meta-networking/recipes-daemons/postfix/postfix_3.6.2.bb b/meta-networking/recipes-daemons/postfix/postfix_3.6.3.bb index 982544d5ca..98005797d9 100644 --- a/meta-networking/recipes-daemons/postfix/postfix_3.6.2.bb +++ b/meta-networking/recipes-daemons/postfix/postfix_3.6.3.bb @@ -15,5 +15,5 @@ SRC_URI += "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${P file://0001-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \ file://0007-correct-signature-of-closefrom-API.patch \ " -SRC_URI[sha256sum] = "507323d20d7b3f705f49cf8c07d437c6d8090bed07e15a3c0ec405edad54a7d4" +SRC_URI[sha256sum] = "0f1241d456a0158e0c418abf62c52c2ff83f8f1dcf2fbdd4c40765b67789b1bc" UPSTREAM_CHECK_REGEX = "postfix\-(?P<pver>3\.6(\.\d+)+).tar.gz" diff --git a/meta-networking/recipes-filter/ebtables/ebtables_2.0.11.bb b/meta-networking/recipes-filter/ebtables/ebtables_2.0.11.bb index 21e5c1877e..fd837629b5 100644 --- a/meta-networking/recipes-filter/ebtables/ebtables_2.0.11.bb +++ b/meta-networking/recipes-filter/ebtables/ebtables_2.0.11.bb @@ -6,7 +6,7 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=53b4a999993871a28ab1488fdbd2e73e" SECTION = "net" -RDEPENDS:${PN} += "bash perl" +RDEPENDS:${PN} += "bash" RRECOMMENDS:${PN} += "kernel-module-ebtables \ " diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb index e5a28de40d..eb60750e2b 100644 --- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb +++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb @@ -40,6 +40,7 @@ EXTRA_OEMAKE = "INSTALL_PREFIX=${D} OTHERLDFLAGS='${LDFLAGS}' HOST_CPPFLAGS='${B PARALLEL_MAKE = "" CCACHE = "" +CLEANBROKEN = "1" TARGET_CC_ARCH += "${LDFLAGS}" diff --git a/meta-networking/recipes-support/ifenslave/ifenslave_2.12.bb b/meta-networking/recipes-support/ifenslave/ifenslave_2.12.bb index 34607f94c2..c8cf135b04 100644 --- a/meta-networking/recipes-support/ifenslave/ifenslave_2.12.bb +++ b/meta-networking/recipes-support/ifenslave/ifenslave_2.12.bb @@ -9,7 +9,7 @@ inherit manpages MAN_PKG = "${PN}" SRCREV = "88410a7003c31993e79471e151b24662fc2a0d64" -SRC_URI = "git://salsa.debian.org/debian/ifenslave.git;protocol=https;branch=master" +SRC_URI = "git://salsa.debian.org/debian/ifenslave.git;protocol=https;branch=main" S = "${WORKDIR}/git" diff --git a/meta-networking/recipes-support/openipmi/openipmi_2.0.31.bb b/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb index ecc98dd8be..0b4244022e 100644 --- a/meta-networking/recipes-support/openipmi/openipmi_2.0.31.bb +++ b/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb @@ -35,8 +35,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/openipmi/OpenIPMI-${PV}.tar.gz \ S = "${WORKDIR}/OpenIPMI-${PV}" -SRC_URI[md5sum] = "ce8eb27da016dcad7543d0128fcb3b0a" -SRC_URI[sha256sum] = "7052f37726ff454b0dcac49f35dd030bc12c9570ca0ba5cd2d17774b8e9d9717" +SRC_URI[md5sum] = "532404c9df7d0e8bde975b95b9e6775b" +SRC_URI[sha256sum] = "f6d0fd4c0a74b05f80907229d0b270f54ca23294bcc11979f8b8d12766786945" inherit autotools-brokensep pkgconfig python3native perlnative update-rc.d systemd cpan-base python3targetconfig diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.5.4.bb b/meta-networking/recipes-support/openvpn/openvpn_2.5.5.bb index 6b588a5f50..2dc3af6bf9 100644 --- a/meta-networking/recipes-support/openvpn/openvpn_2.5.4.bb +++ b/meta-networking/recipes-support/openvpn/openvpn_2.5.5.bb @@ -14,7 +14,7 @@ SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \ UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads" -SRC_URI[sha256sum] = "f80f3c3df1b94a8892ae547df84f152583250684a24bd022ccc98ef56fa93d97" +SRC_URI[sha256sum] = "7500df4734173bce2e95b5039079119dacaff121650b2b6ca76d2dc68bdac1c5" # CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn. CVE_CHECK_WHITELIST += "CVE-2020-7224 CVE-2020-27569" diff --git a/meta-networking/recipes-support/wireshark/files/0004-lemon-Remove-line-directives.patch b/meta-networking/recipes-support/wireshark/files/0004-lemon-Remove-line-directives.patch index c1a528f90d..134633f668 100644 --- a/meta-networking/recipes-support/wireshark/files/0004-lemon-Remove-line-directives.patch +++ b/meta-networking/recipes-support/wireshark/files/0004-lemon-Remove-line-directives.patch @@ -12,11 +12,11 @@ Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com> cmake/modules/UseLemon.cmake | 49 +++++++++++++++++++++++++----------- 1 file changed, 34 insertions(+), 15 deletions(-) -diff --git a/cmake/modules/UseLemon.cmake b/cmake/modules/UseLemon.cmake -index 849ffc1..ca38ab7 100644 ---- a/cmake/modules/UseLemon.cmake -+++ b/cmake/modules/UseLemon.cmake -@@ -7,21 +7,40 @@ MACRO(ADD_LEMON_FILES _source _generated) +Index: wireshark-3.4.11/cmake/modules/UseLemon.cmake +=================================================================== +--- wireshark-3.4.11.orig/cmake/modules/UseLemon.cmake ++++ wireshark-3.4.11/cmake/modules/UseLemon.cmake +@@ -7,21 +7,40 @@ MACRO(ADD_LEMON_FILES _source _generated SET(_out ${CMAKE_CURRENT_BINARY_DIR}/${_basename}) @@ -26,7 +26,7 @@ index 849ffc1..ca38ab7 100644 - # These files are generated as side-effect - ${_out}.h - ${_out}.out -- COMMAND lemon +- COMMAND $<TARGET_FILE:lemon> - -T${_lemonpardir}/lempar.c - -d. - ${_in} @@ -72,6 +72,3 @@ index 849ffc1..ca38ab7 100644 LIST(APPEND ${_source} ${_in}) LIST(APPEND ${_generated} ${_out}.c) --- -2.26.2.Cisco - diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.8.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb index faf2a3ad1f..6fee972b2c 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.4.8.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb @@ -19,7 +19,7 @@ SRC_URI += " \ UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" -SRC_URI[sha256sum] = "58a7fa8dfe2010a8c8b7dcf66438c653e6493d47eb936ba48ef49d4aa4dbd725" +SRC_URI[sha256sum] = "a0e227bce2cc3a51ef3301891a0243231990b52a39b68a84a6e32f69c4e75279" PE = "1" diff --git a/meta-oe/recipes-connectivity/gattlib/gattlib_git.bb b/meta-oe/recipes-connectivity/gattlib/gattlib_git.bb index ecff79be45..3fe4c9404c 100644 --- a/meta-oe/recipes-connectivity/gattlib/gattlib_git.bb +++ b/meta-oe/recipes-connectivity/gattlib/gattlib_git.bb @@ -23,6 +23,7 @@ PACKAGECONFIG[examples] = "-DGATTLIB_BUILD_EXAMPLES=ON,-DGATTLIB_BUILD_EXAMPLES= # Set this to force use of DBus API if Bluez version is older than 5.42 PACKAGECONFIG[force-dbus] = "-DGATTLIB_FORCE_DBUS=TRUE,-DGATTLIB_FORCE_DBUS=FALSE" +EXTRA_OECMAKE += "-DGATTLIB_PYTHON_INTERFACE=OFF" EXTRA_OECMAKE += "-DGATTLIB_BUILD_DOCS=OFF" inherit pkgconfig cmake diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/0001-.F.-DEV-2077-fixed-reflected-XSS-issues.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/0001-.F.-DEV-2077-fixed-reflected-XSS-issues.patch new file mode 100644 index 0000000000..1d32a9cfdd --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/0001-.F.-DEV-2077-fixed-reflected-XSS-issues.patch @@ -0,0 +1,93 @@ +From fe3e2c2deeef568ec7e961340487497e31eb1a81 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Wed, 13 Apr 2022 10:19:39 +0800 +Subject: [PATCH] ..F....... [DEV-2077] fixed reflected XSS issues + +Merge in ZBX/zabbix from feature/DEV-2077-5.4 to release/5.4 + +* commit '5986cdf2572acaaaac1fc113d6407d5f0cd00c35': + ..F....... [DEV-2077] fixed service actions #3 + ..F....... [DEV-2077] fixed service actions #2 + ..F....... [DEV-2077] reverted unnecessary changes + ..F....... [DEV-2077] reverted tests + ..F....... [DEV-2077] fixed service actions + ..F....... [DEV-2077] fixed reflected XSS issue in service configuration form + ..F....... [DEV-2077] fixed reflected XSS issues in uncheckTableRows function + ..F....... [DEV-2077] fixed reflected XSS issues in graph configuration + ..F....... [DEV-2077] fixed reflected XSS issues in action configuration + +Upstream_Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/05976188fcca518c029e1af9ed03fd331786d77d] +CVE: CVE-2022-24349,CVE-2022-24917,CVE-2022-24918,CVE-2022-24919 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + ui/actionconf.php | 2 +- + ui/graphs.php | 2 +- + ui/include/func.inc.php | 5 ++--- + ui/include/views/configuration.services.edit.php | 5 +++-- + 4 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/ui/actionconf.php b/ui/actionconf.php +index 5b67f72..8cda3fc 100644 +--- a/ui/actionconf.php ++++ b/ui/actionconf.php +@@ -37,7 +37,7 @@ $fields = [ + 'name' => [T_ZBX_STR, O_OPT, null, NOT_EMPTY, 'isset({add}) || isset({update})', + _('Name') + ], +- 'eventsource' => [T_ZBX_INT, O_OPT, null, ++ 'eventsource' => [T_ZBX_INT, O_OPT, P_SYS, + IN([EVENT_SOURCE_TRIGGERS, EVENT_SOURCE_DISCOVERY, + EVENT_SOURCE_AUTOREGISTRATION, EVENT_SOURCE_INTERNAL + ]), +diff --git a/ui/graphs.php b/ui/graphs.php +index 79bb195..1d10803 100644 +--- a/ui/graphs.php ++++ b/ui/graphs.php +@@ -43,7 +43,7 @@ $fields = [ + 'name' => [T_ZBX_STR, O_OPT, null, NOT_EMPTY, 'isset({add}) || isset({update})', _('Name')], + 'width' => [T_ZBX_INT, O_OPT, null, BETWEEN(20, 65535), 'isset({add}) || isset({update})', _('Width')], + 'height' => [T_ZBX_INT, O_OPT, null, BETWEEN(20, 65535), 'isset({add}) || isset({update})', _('Height')], +- 'graphtype' => [T_ZBX_INT, O_OPT, null, IN('0,1,2,3'), 'isset({add}) || isset({update})'], ++ 'graphtype' => [T_ZBX_INT, O_OPT, P_SYS, IN('0,1,2,3'), 'isset({add}) || isset({update})'], + 'show_3d' => [T_ZBX_INT, O_OPT, P_NZERO, IN('0,1'), null], + 'show_legend' => [T_ZBX_INT, O_OPT, P_NZERO, IN('0,1'), null], + 'ymin_type' => [T_ZBX_INT, O_OPT, null, IN('0,1,2'), null], +diff --git a/ui/include/func.inc.php b/ui/include/func.inc.php +index 359fdfb..43c1a41 100644 +--- a/ui/include/func.inc.php ++++ b/ui/include/func.inc.php +@@ -2175,11 +2175,10 @@ function uncheckTableRows($parentid = null, $keepids = []) { + if ($keepids) { + // If $keepids will not have same key as value, it will create mess, when new checkbox will be checked. + $keepids = array_combine($keepids, $keepids); +- +- insert_js('sessionStorage.setItem("'.$key.'", JSON.stringify('.json_encode($keepids).'))'); ++ insert_js('sessionStorage.setItem('.json_encode($key).', JSON.stringify('.json_encode($keepids).'));'); + } + else { +- insert_js('sessionStorage.removeItem("'.$key.'")'); ++ insert_js('sessionStorage.removeItem('.json_encode($key).');'); + } + } + +diff --git a/ui/include/views/configuration.services.edit.php b/ui/include/views/configuration.services.edit.php +index a12385b..625fba9 100644 +--- a/ui/include/views/configuration.services.edit.php ++++ b/ui/include/views/configuration.services.edit.php +@@ -141,9 +141,10 @@ foreach ($this->data['children'] as $child) { + !empty($child['trigger']) ? $child['trigger'] : '', + (new CCol( + (new CButton('remove', _('Remove'))) +- ->onClick('javascript: removeDependentChild(\''.$child['serviceid'].'\');') +- ->addClass(ZBX_STYLE_BTN_LINK) + ->removeId() ++ ->addClass(ZBX_STYLE_BTN_LINK) ++ ->setAttribute('data-serviceid', $child['serviceid']) ++ ->onClick('removeDependentChild(this.dataset.serviceid);') + ))->addClass(ZBX_STYLE_NOWRAP) + ]))->setId('children_'.$child['serviceid']) + ); +-- +2.25.1 + diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix_5.2.6.bb b/meta-oe/recipes-connectivity/zabbix/zabbix_5.2.6.bb index b5ab15df48..9d2a06c5ea 100644 --- a/meta-oe/recipes-connectivity/zabbix/zabbix_5.2.6.bb +++ b/meta-oe/recipes-connectivity/zabbix/zabbix_5.2.6.bb @@ -26,6 +26,7 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" SRC_URI = "https://cdn.zabbix.com/zabbix/sources/stable/5.2/${BPN}-${PV}.tar.gz \ file://0001-Fix-configure.ac.patch \ file://zabbix-agent.service \ + file://0001-.F.-DEV-2077-fixed-reflected-XSS-issues.patch \ " SRC_URI[md5sum] = "31dab3535a1fa212f5724902727f6d4d" diff --git a/meta-oe/recipes-core/dbus/dbus-daemon-proxy/0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch b/meta-oe/recipes-core/dbus/dbus-daemon-proxy/0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch index 2c4ca057f2..1c2fc3813f 100644 --- a/meta-oe/recipes-core/dbus/dbus-daemon-proxy/0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch +++ b/meta-oe/recipes-core/dbus/dbus-daemon-proxy/0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch @@ -21,7 +21,7 @@ index 009e4fd..f3f0d80 100644 if (!dbus_conn) - return; -+ DBUS_HANDLER_RESULT_NOT_YET_HANDLED; ++ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; if (verbose) g_print ("New message from server: type='%d' path='%s' iface='%s'" diff --git a/meta-oe/recipes-core/plymouth/files/0001-systemd-switch-to-KillMode-mixed.patch b/meta-oe/recipes-core/plymouth/files/0001-systemd-switch-to-KillMode-mixed.patch new file mode 100644 index 0000000000..eb1c8db21c --- /dev/null +++ b/meta-oe/recipes-core/plymouth/files/0001-systemd-switch-to-KillMode-mixed.patch @@ -0,0 +1,43 @@ +From 9d0f8b2e7bc2d1d2b0900fcdf119bb9a2cc4f474 Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Tue, 25 Aug 2020 10:49:11 -0400 +Subject: [PATCH] systemd: switch to KillMode=mixed + +KillMode=none is deprecated, so we need to stop using it. + +For now, use `KillMode=mixed` and `IgnoreOnIsolate=true` instead. + +In the future, we should change plymouth to be able to exit and +start again without restarting the active animation, but that's +going to require some effort. + +https://gitlab.freedesktop.org/plymouth/plymouth/-/issues/123 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/plymouth/plymouth/-/commit/9d0f8b2e7bc2d1d2b0900fcdf119bb9a2cc4f474] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + systemd-units/plymouth-start.service.in | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/systemd-units/plymouth-start.service.in b/systemd-units/plymouth-start.service.in +index 3d00cc6..830a62d 100644 +--- a/systemd-units/plymouth-start.service.in ++++ b/systemd-units/plymouth-start.service.in +@@ -6,11 +6,12 @@ After=systemd-vconsole-setup.service systemd-udev-trigger.service systemd-udevd. + Before=systemd-ask-password-plymouth.service + ConditionKernelCommandLine=!plymouth.enable=0 + ConditionVirtualization=!container ++IgnoreOnIsolate=true + + [Service] + ExecStart=@PLYMOUTH_DAEMON_DIR@/plymouthd --mode=boot --pid-file=@plymouthruntimedir@/pid --attach-to-session + ExecStartPost=-@PLYMOUTH_CLIENT_DIR@/plymouth show-splash + Type=forking + RemainAfterExit=yes +-KillMode=none ++KillMode=mixed + SendSIGKILL=no +-- +2.17.1 + diff --git a/meta-oe/recipes-core/plymouth/plymouth_0.9.5.bb b/meta-oe/recipes-core/plymouth/plymouth_0.9.5.bb index e5d8c98195..d096462eed 100644 --- a/meta-oe/recipes-core/plymouth/plymouth_0.9.5.bb +++ b/meta-oe/recipes-core/plymouth/plymouth_0.9.5.bb @@ -20,6 +20,7 @@ RPROVIDES:${PN} = "virtual-psplash virtual-psplash-support" SRC_URI = " \ http://www.freedesktop.org/software/plymouth/releases/${BPN}-${PV}.tar.xz \ file://0001-Make-full-path-to-systemd-tty-ask-password-agent-con.patch \ + file://0001-systemd-switch-to-KillMode-mixed.patch \ " SRC_URI[md5sum] = "8a25d23f3ae732af300a56fa33cacff2" diff --git a/meta-oe/recipes-crypto/libkcapi/libkcapi_1.2.1.bb b/meta-oe/recipes-crypto/libkcapi/libkcapi_1.2.1.bb index a66504dd83..ad68dc926d 100644 --- a/meta-oe/recipes-crypto/libkcapi/libkcapi_1.2.1.bb +++ b/meta-oe/recipes-crypto/libkcapi/libkcapi_1.2.1.bb @@ -1,6 +1,6 @@ SUMMARY = "Linux Kernel Crypto API User Space Interface Library" HOMEPAGE = "http://www.chronox.de/libkcapi.html" -LICENSE = "BSD | GPL-2.0" +LICENSE = "BSD-3-Clause | GPL-2.0" LIC_FILES_CHKSUM = "file://COPYING;md5=c78be93ed8d1637f2a3f4a83ff9d5f54" DEPENDS = "libtool" diff --git a/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch b/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch new file mode 100644 index 0000000000..58bf810626 --- /dev/null +++ b/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch @@ -0,0 +1,116 @@ +From 24c2b9e42edb6d2f4ef2cead3b0aa1d6196adfce Mon Sep 17 00:00:00 2001 +From: Tom Lane <tgl@sss.pgh.pa.us> +Date: Mon, 8 Nov 2021 11:01:43 -0500 +Subject: [PATCH 2/2] Reject extraneous data after SSL or GSS encryption + handshake. + +The server collects up to a bufferload of data whenever it reads data +from the client socket. When SSL or GSS encryption is requested +during startup, any additional data received with the initial +request message remained in the buffer, and would be treated as +already-decrypted data once the encryption handshake completed. +Thus, a man-in-the-middle with the ability to inject data into the +TCP connection could stuff some cleartext data into the start of +a supposedly encryption-protected database session. + +This could be abused to send faked SQL commands to the server, +although that would only work if the server did not demand any +authentication data. (However, a server relying on SSL certificate +authentication might well not do so.) + +To fix, throw a protocol-violation error if the internal buffer +is not empty after the encryption handshake. + +Our thanks to Jacob Champion for reporting this problem. + +Security: CVE-2021-23214 + +Upstream-Status: Backport[https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951] +CVE: CVE-2021-23214 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +--- + src/backend/libpq/pqcomm.c | 11 +++++++++++ + src/backend/postmaster/postmaster.c | 23 ++++++++++++++++++++++- + src/include/libpq/libpq.h | 1 + + 3 files changed, 34 insertions(+), 1 deletion(-) + +diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c +index ee2cd86..4dd1c02 100644 +--- a/src/backend/libpq/pqcomm.c ++++ b/src/backend/libpq/pqcomm.c +@@ -1183,6 +1183,17 @@ pq_getstring(StringInfo s) + } + } + ++/* ------------------------------- ++ * pq_buffer_has_data - is any buffered data available to read? ++ * ++ * This will *not* attempt to read more data. ++ * -------------------------------- ++ */ ++bool ++pq_buffer_has_data(void) ++{ ++ return (PqRecvPointer < PqRecvLength); ++} + + /* -------------------------------- + * pq_startmsgread - begin reading a message from the client. +diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c +index 5775fc0..1fcc3f8 100644 +--- a/src/backend/postmaster/postmaster.c ++++ b/src/backend/postmaster/postmaster.c +@@ -2049,6 +2049,17 @@ retry1: + return STATUS_ERROR; + #endif + ++ /* ++ * At this point we should have no data already buffered. If we do, ++ * it was received before we performed the SSL handshake, so it wasn't ++ * encrypted and indeed may have been injected by a man-in-the-middle. ++ * We report this case to the client. ++ */ ++ if (pq_buffer_has_data()) ++ ereport(FATAL, ++ (errcode(ERRCODE_PROTOCOL_VIOLATION), ++ errmsg("received unencrypted data after SSL request"), ++ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); + /* + * regular startup packet, cancel, etc packet should follow, but not + * another SSL negotiation request, and a GSS request should only +@@ -2080,7 +2091,17 @@ retry1: + if (GSSok == 'G' && secure_open_gssapi(port) == -1) + return STATUS_ERROR; + #endif +- ++ /* ++ * At this point we should have no data already buffered. If we do, ++ * it was received before we performed the GSS handshake, so it wasn't ++ * encrypted and indeed may have been injected by a man-in-the-middle. ++ * We report this case to the client. ++ */ ++ if (pq_buffer_has_data()) ++ ereport(FATAL, ++ (errcode(ERRCODE_PROTOCOL_VIOLATION), ++ errmsg("received unencrypted data after GSSAPI encryption request"), ++ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); + /* + * regular startup packet, cancel, etc packet should follow, but not + * another GSS negotiation request, and an SSL request should only +diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h +index b115247..9969692 100644 +--- a/src/include/libpq/libpq.h ++++ b/src/include/libpq/libpq.h +@@ -73,6 +73,7 @@ extern int pq_getbyte(void); + extern int pq_peekbyte(void); + extern int pq_getbyte_if_available(unsigned char *c); + extern int pq_putbytes(const char *s, size_t len); ++extern bool pq_buffer_has_data(void); + + /* + * prototypes for functions in be-secure.c +-- +2.17.1 + diff --git a/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch b/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch new file mode 100644 index 0000000000..42b78539b4 --- /dev/null +++ b/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch @@ -0,0 +1,131 @@ +From 79125ead2a6a234086844bb42f06d49603fe6ca0 Mon Sep 17 00:00:00 2001 +From: Tom Lane <tgl@sss.pgh.pa.us> +Date: Mon, 8 Nov 2021 11:14:56 -0500 +Subject: [PATCH 1/2] libpq: reject extraneous data after SSL or GSS encryption + handshake. + +libpq collects up to a bufferload of data whenever it reads data from +the socket. When SSL or GSS encryption is requested during startup, +any additional data received with the server's yes-or-no reply +remained in the buffer, and would be treated as already-decrypted data +once the encryption handshake completed. Thus, a man-in-the-middle +with the ability to inject data into the TCP connection could stuff +some cleartext data into the start of a supposedly encryption-protected +database session. + +This could probably be abused to inject faked responses to the +client's first few queries, although other details of libpq's behavior +make that harder than it sounds. A different line of attack is to +exfiltrate the client's password, or other sensitive data that might +be sent early in the session. That has been shown to be possible with +a server vulnerable to CVE-2021-23214. + +To fix, throw a protocol-violation error if the internal buffer +is not empty after the encryption handshake. + +Our thanks to Jacob Champion for reporting this problem. + +Security: CVE-2021-23222 + +Upstream-Status: Backport[https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45] +CVE: CVE-2021-23222 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + doc/src/sgml/protocol.sgml | 28 ++++++++++++++++++++++++++++ + src/interfaces/libpq/fe-connect.c | 26 ++++++++++++++++++++++++++ + 2 files changed, 54 insertions(+) + +diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml +index e26619e1b5..b692648fca 100644 +--- a/doc/src/sgml/protocol.sgml ++++ b/doc/src/sgml/protocol.sgml +@@ -1471,6 +1471,20 @@ SELCT 1/0;<!-- this typo is intentional --> + and proceed without requesting <acronym>SSL</acronym>. + </para> + ++ <para> ++ When <acronym>SSL</acronym> encryption can be performed, the server ++ is expected to send only the single <literal>S</literal> byte and then ++ wait for the frontend to initiate an <acronym>SSL</acronym> handshake. ++ If additional bytes are available to read at this point, it likely ++ means that a man-in-the-middle is attempting to perform a ++ buffer-stuffing attack ++ (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>). ++ Frontends should be coded either to read exactly one byte from the ++ socket before turning the socket over to their SSL library, or to ++ treat it as a protocol violation if they find they have read additional ++ bytes. ++ </para> ++ + <para> + An initial SSLRequest can also be used in a connection that is being + opened to send a CancelRequest message. +@@ -1532,6 +1546,20 @@ SELCT 1/0;<!-- this typo is intentional --> + encryption. + </para> + ++ <para> ++ When <acronym>GSSAPI</acronym> encryption can be performed, the server ++ is expected to send only the single <literal>G</literal> byte and then ++ wait for the frontend to initiate a <acronym>GSSAPI</acronym> handshake. ++ If additional bytes are available to read at this point, it likely ++ means that a man-in-the-middle is attempting to perform a ++ buffer-stuffing attack ++ (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>). ++ Frontends should be coded either to read exactly one byte from the ++ socket before turning the socket over to their GSSAPI library, or to ++ treat it as a protocol violation if they find they have read additional ++ bytes. ++ </para> ++ + <para> + An initial GSSENCRequest can also be used in a connection that is being + opened to send a CancelRequest message. +diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c +index f80f4e98d8..57aee95183 100644 +--- a/src/interfaces/libpq/fe-connect.c ++++ b/src/interfaces/libpq/fe-connect.c +@@ -3076,6 +3076,19 @@ keep_going: /* We will come back to here until there is + pollres = pqsecure_open_client(conn); + if (pollres == PGRES_POLLING_OK) + { ++ /* ++ * At this point we should have no data already buffered. ++ * If we do, it was received before we performed the SSL ++ * handshake, so it wasn't encrypted and indeed may have ++ * been injected by a man-in-the-middle. ++ */ ++ if (conn->inCursor != conn->inEnd) ++ { ++ appendPQExpBufferStr(&conn->errorMessage, ++ libpq_gettext("received unencrypted data after SSL response\n")); ++ goto error_return; ++ } ++ + /* SSL handshake done, ready to send startup packet */ + conn->status = CONNECTION_MADE; + return PGRES_POLLING_WRITING; +@@ -3175,6 +3188,19 @@ keep_going: /* We will come back to here until there is + pollres = pqsecure_open_gss(conn); + if (pollres == PGRES_POLLING_OK) + { ++ /* ++ * At this point we should have no data already buffered. ++ * If we do, it was received before we performed the GSS ++ * handshake, so it wasn't encrypted and indeed may have ++ * been injected by a man-in-the-middle. ++ */ ++ if (conn->inCursor != conn->inEnd) ++ { ++ appendPQExpBufferStr(&conn->errorMessage, ++ libpq_gettext("received unencrypted data after GSSAPI encryption response\n")); ++ goto error_return; ++ } ++ + /* All set for startup packet */ + conn->status = CONNECTION_MADE; + return PGRES_POLLING_WRITING; +-- +2.17.1 + diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb b/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb index f63d23dbef..2ed0fa49bb 100644 --- a/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb +++ b/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb @@ -7,6 +7,8 @@ SRC_URI += "\ file://0001-Add-support-for-RISC-V.patch \ file://0001-Improve-reproducibility.patch \ file://0001-configure.in-bypass-autoconf-2.69-version-check.patch \ + file://CVE-2021-23214.patch \ + file://CVE-2021-23222.patch \ " SRC_URI[sha256sum] = "ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd" diff --git a/meta-oe/recipes-devtools/breakpad/breakpad_git.bb b/meta-oe/recipes-devtools/breakpad/breakpad_git.bb index fabf59d4b2..c752a10083 100644 --- a/meta-oe/recipes-devtools/breakpad/breakpad_git.bb +++ b/meta-oe/recipes-devtools/breakpad/breakpad_git.bb @@ -29,7 +29,7 @@ SRCREV_lss = "fd00dbbd0c06a309c657d89e9430143b179ff6db" SRCREV_gyp = "324dd166b7c0b39d513026fa52d6280ac6d56770" SRC_URI = "git://github.com/google/breakpad;name=breakpad;branch=main;protocol=https \ - git://github.com/google/googletest.git;destsuffix=git/src/testing/gtest;name=gtest;branch=master;protocol=https \ + git://github.com/google/googletest.git;destsuffix=git/src/testing/gtest;name=gtest;branch=main;protocol=https \ git://github.com/protocolbuffers/protobuf.git;destsuffix=git/src/third_party/protobuf/protobuf;name=protobuf;branch=master;protocol=https \ git://chromium.googlesource.com/linux-syscall-support;protocol=https;branch=main;destsuffix=git/src/third_party/lss;name=lss \ git://chromium.googlesource.com/external/gyp;protocol=https;destsuffix=git/src/tools/gyp;name=gyp;branch=master \ diff --git a/meta-oe/recipes-devtools/msgpack/msgpack-cpp_4.0.2.bb b/meta-oe/recipes-devtools/msgpack/msgpack-cpp_4.0.2.bb index ef066753d7..25b199f572 100644 --- a/meta-oe/recipes-devtools/msgpack/msgpack-cpp_4.0.2.bb +++ b/meta-oe/recipes-devtools/msgpack/msgpack-cpp_4.0.2.bb @@ -19,4 +19,6 @@ S = "${WORKDIR}/git" inherit cmake pkgconfig +RDEPENDS:${PN}-dev = "" + BBCLASSEXTEND += "native nativesdk" diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_14.17.1.bb b/meta-oe/recipes-devtools/nodejs/nodejs_14.17.1.bb index 4715019798..47be000c9f 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_14.17.1.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_14.17.1.bb @@ -1,6 +1,6 @@ DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" HOMEPAGE = "http://nodejs.org" -LICENSE = "MIT & BSD & Artistic-2.0" +LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=a1016f9b7979cfe6fc3466a9bba60b1e" DEPENDS = "openssl" diff --git a/meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.54.02.bb b/meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.54.02.bb index d3aa6d2ea2..e119420d2a 100644 --- a/meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.54.02.bb +++ b/meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.54.02.bb @@ -2,7 +2,7 @@ DESCRIPTION = "XML-RPC for C/C++ is programming libraries and related tools to h write an XML-RPC server or client in C or C++." HOMEPAGE = "http://xmlrpc-c.sourceforge.net/" -LICENSE = "BSD & MIT" +LICENSE = "BSD-3-Clause & MIT" LIC_FILES_CHKSUM = "file://doc/COPYING;md5=aefbf81ba0750f02176b6f86752ea951" SRC_URI = "git://github.com/mirror/xmlrpc-c.git;branch=master;protocol=https \ diff --git a/meta-oe/recipes-extended/ostree/ostree_2021.3.bb b/meta-oe/recipes-extended/ostree/ostree_2021.3.bb index 803186058a..7fb458ca10 100644 --- a/meta-oe/recipes-extended/ostree/ostree_2021.3.bb +++ b/meta-oe/recipes-extended/ostree/ostree_2021.3.bb @@ -181,7 +181,7 @@ RDEPENDS:${PN}-ptest += " \ " RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-utils glibc-localedata-en-us" -RRECOMMENDS:${PN} += "kernel-module-overlay" +RRECOMMENDS:${PN}:append:class-target = " kernel-module-overlay" SYSTEMD_SERVICE:${PN} = "ostree-remount.service ostree-finalize-staged.path" SYSTEMD_SERVICE:${PN}-switchroot = "ostree-prepare-root.service" diff --git a/meta-oe/recipes-extended/snappy/snappy_1.1.9.bb b/meta-oe/recipes-extended/snappy/snappy_1.1.9.bb index 252ba9f3dc..0d58345d7a 100644 --- a/meta-oe/recipes-extended/snappy/snappy_1.1.9.bb +++ b/meta-oe/recipes-extended/snappy/snappy_1.1.9.bb @@ -10,7 +10,7 @@ compression ratio." LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=f62f3080324a97b3159a7a7e61812d0c" -SRC_URI = "gitsm://github.com/google/snappy.git;protocol=https;branch=master \ +SRC_URI = "gitsm://github.com/google/snappy.git;protocol=https;branch=main \ file://0001-Add-inline-with-SNAPPY_ATTRIBUTE_ALWAYS_INLINE.patch \ " SRCREV = "2b63814b15a2aaae54b7943f0cd935892fae628f" diff --git a/meta-oe/recipes-extended/tiptop/tiptop_2.3.1.bb b/meta-oe/recipes-extended/tiptop/tiptop_2.3.1.bb index 31d0dae25c..b4e5fd4d73 100644 --- a/meta-oe/recipes-extended/tiptop/tiptop_2.3.1.bb +++ b/meta-oe/recipes-extended/tiptop/tiptop_2.3.1.bb @@ -1,10 +1,10 @@ SUMMARY = "Hardware performance monitoring counters" -HOMEPAGE = "http://tiptop.gforge.inria.fr/" +HOMEPAGE = "https://team.inria.fr/pacap/software/tiptop/" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS = "ncurses libxml2 bison-native flex-native" -SRC_URI = "http://tiptop.gforge.inria.fr/releases/${BP}.tar.gz \ +SRC_URI = "http://files.inria.fr/pacap/${BPN}/${BP}.tar.gz \ file://0001-Fix-parallel-build-problems-by-Adrian-Bunk.patch \ file://0002-fix-reproducibility-of-build-process.patch \ file://0001-Fix-build-when-S-B.patch \ @@ -12,6 +12,8 @@ SRC_URI = "http://tiptop.gforge.inria.fr/releases/${BP}.tar.gz \ SRC_URI[md5sum] = "46ca0fdf0236f02dd2b96d347626d2a2" SRC_URI[sha256sum] = "51c4449c95bba34f16b429729c2f58431490665d8093efaa8643b2e1d1084182" +UPSTREAM_CHECK_URI = "https://team.inria.fr/pacap/software/tiptop/" + inherit autotools EXTRA_OECONF = "CFLAGS="$CFLAGS -I${STAGING_INCDIR}/libxml2"" diff --git a/meta-oe/recipes-graphics/graphviz/graphviz_2.44.1.bb b/meta-oe/recipes-graphics/graphviz/graphviz_2.44.1.bb index 7d2515e075..203e0206fb 100644 --- a/meta-oe/recipes-graphics/graphviz/graphviz_2.44.1.bb +++ b/meta-oe/recipes-graphics/graphviz/graphviz_2.44.1.bb @@ -74,6 +74,17 @@ do_install:append:class-nativesdk() { } FILES:${PN}:class-nativesdk += "${SDKPATHNATIVE}" +# create /usr/lib/graphviz/config6 +graphviz_sstate_postinst() { + mkdir -p ${SYSROOT_DESTDIR}${bindir} + dest=${SYSROOT_DESTDIR}${bindir}/postinst-${PN} + echo '#!/bin/sh' > $dest + echo '' >> $dest + echo 'dot -c' >> $dest + chmod 0755 $dest +} +SYSROOT_PREPROCESS_FUNCS:append:class-native = " graphviz_sstate_postinst" + PACKAGES =+ "${PN}-python ${PN}-perl ${PN}-demo" FILES:${PN}-python += "${libdir}/python*/site-packages/ ${libdir}/graphviz/python/" diff --git a/meta-oe/recipes-graphics/imlib2/imlib2_git.bb b/meta-oe/recipes-graphics/imlib2/imlib2_git.bb index 9e4daddd53..869f8123db 100644 --- a/meta-oe/recipes-graphics/imlib2/imlib2_git.bb +++ b/meta-oe/recipes-graphics/imlib2/imlib2_git.bb @@ -2,7 +2,7 @@ SUMMARY = "A graphic library for file loading, saving, rendering, and manipulati HOMEPAGE = "https://sourceforge.net/projects/enlightenment/" SECTION = "libs" -LICENSE = "MIT & BSD" +LICENSE = "Imlib2" LIC_FILES_CHKSUM = "file://COPYING;md5=344895f253c32f38e182dcaf30fe8a35" DEPENDS = "freetype " @@ -14,7 +14,7 @@ inherit autotools pkgconfig lib_package AUTO_LIBNAME_PKGS = "" -SRC_URI = "git://git.enlightenment.org/legacy/${BPN}.git;protocol=https;branch=master" +SRC_URI = "git://git.enlightenment.org/old/legacy-${BPN}.git;protocol=https;branch=master" S = "${WORKDIR}/git" PACKAGECONFIG ??= "jpeg png zlib ${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" diff --git a/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb b/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb index c89204062e..e9841e483e 100644 --- a/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb +++ b/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb @@ -23,6 +23,8 @@ inherit cmake DEPENDS = "libcap file bzip2" RDEPENDS:dirsplit = "perl" +RDEPENDS:${PN}-dev = "" + PACKAGES =+ "dirsplit genisoimage icedax wodim" FILES:dirsplit = " \ diff --git a/meta-oe/recipes-shells/dash/dash_0.5.11.5.bb b/meta-oe/recipes-shells/dash/dash_0.5.11.5.bb index 8fe601a2d4..20f840411f 100644 --- a/meta-oe/recipes-shells/dash/dash_0.5.11.5.bb +++ b/meta-oe/recipes-shells/dash/dash_0.5.11.5.bb @@ -2,7 +2,7 @@ SUMMARY = "Small and fast POSIX-compliant shell" HOMEPAGE = "http://gondor.apana.org.au/~herbert/dash/" SECTION = "System Environment/Shells" -LICENSE = "BSD & GPLv2+" +LICENSE = "BSD-3-Clause & GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=b5262b4a1a1bff72b48e935531976d2e" inherit autotools update-alternatives diff --git a/meta-oe/recipes-support/htop/htop_3.0.5.bb b/meta-oe/recipes-support/htop/htop_3.0.5.bb index 2772aa577d..7be9a1186c 100644 --- a/meta-oe/recipes-support/htop/htop_3.0.5.bb +++ b/meta-oe/recipes-support/htop/htop_3.0.5.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4099d367cd5e59b6d4fc1ee33accb891" DEPENDS = "ncurses" -SRC_URI = "git://github.com/htop-dev/htop.git;branch=master;protocol=https \ +SRC_URI = "git://github.com/htop-dev/htop.git;branch=main;protocol=https \ file://0001-Use-pkg-config.patch \ " SRCREV = "ce6d60e7def146c13d0b8bca4642e7401a0a8995" diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb index bb111a1c9b..008a83f46d 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb @@ -11,7 +11,7 @@ DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool" BASE_PV := "${PV}" PV .= "_25" -SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=master;protocol=https" +SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https" SRCREV = "8b4e00829eb84d4e7b4da11acf1f98f1e8166e5b" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/lvm2/lvm2_2.03.11.bb b/meta-oe/recipes-support/lvm2/lvm2_2.03.11.bb index 3988d54910..a729324c9b 100644 --- a/meta-oe/recipes-support/lvm2/lvm2_2.03.11.bb +++ b/meta-oe/recipes-support/lvm2/lvm2_2.03.11.bb @@ -17,13 +17,16 @@ do_install:append() { install -d ${D}${sysconfdir}/lvm install -m 0644 ${WORKDIR}/lvm.conf ${D}${sysconfdir}/lvm/lvm.conf sed -i -e 's:@libdir@:${libdir}:g' ${D}${sysconfdir}/lvm/lvm.conf - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - oe_runmake 'DESTDIR=${D}' install install_systemd_units - sed -i -e 's:/usr/bin/true:${base_bindir}/true:g' ${D}${systemd_system_unitdir}/blk-availability.service - else - oe_runmake 'DESTDIR=${D}' install install_initscripts - mv ${D}${sysconfdir}/rc.d/init.d ${D}${sysconfdir}/init.d - rm -rf ${D}${sysconfdir}/rc.d + # We don't want init scripts/systemd units for native SDK utilities + if [ "${PN}" != "nativesdk-lvm2" ]; then + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + oe_runmake 'DESTDIR=${D}' install install_systemd_units + sed -i -e 's:/usr/bin/true:${base_bindir}/true:g' ${D}${systemd_system_unitdir}/blk-availability.service + else + oe_runmake 'DESTDIR=${D}' install install_initscripts + mv ${D}${sysconfdir}/rc.d/init.d ${D}${sysconfdir}/init.d + rm -rf ${D}${sysconfdir}/rc.d + fi fi } diff --git a/meta-oe/recipes-support/pcsc-lite/pcsc-lite_1.9.0.bb b/meta-oe/recipes-support/pcsc-lite/pcsc-lite_1.9.0.bb index 93b18ba1d5..d90dd43042 100644 --- a/meta-oe/recipes-support/pcsc-lite/pcsc-lite_1.9.0.bb +++ b/meta-oe/recipes-support/pcsc-lite/pcsc-lite_1.9.0.bb @@ -1,11 +1,11 @@ SUMMARY = "PC/SC Lite smart card framework and applications" HOMEPAGE = "http://pcsclite.alioth.debian.org/" -LICENSE = "BSD & GPLv3+" -LICENSE:${PN} = "BSD" -LICENSE:${PN}-lib = "BSD" -LICENSE:${PN}-doc = "BSD" -LICENSE:${PN}-dev = "BSD" -LICENSE:${PN}-dbg = "BSD & GPLv3+" +LICENSE = "BSD-3-Clause & GPLv3+" +LICENSE:${PN} = "BSD-3-Clause" +LICENSE:${PN}-lib = "BSD-3-Clause" +LICENSE:${PN}-doc = "BSD-3-Clause" +LICENSE:${PN}-dev = "BSD-3-Clause" +LICENSE:${PN}-dbg = "BSD-3-Clause & GPLv3+" LICENSE:${PN}-spy = "GPLv3+" LICENSE:${PN}-spy-dev = "GPLv3+" LIC_FILES_CHKSUM = "file://COPYING;md5=628c01ba985ecfa21677f5ee2d5202f6" diff --git a/meta-oe/recipes-support/sg3-utils/sg3-utils_1.45.bb b/meta-oe/recipes-support/sg3-utils/sg3-utils_1.45.bb index 43ee19afb8..3d07c01f07 100644 --- a/meta-oe/recipes-support/sg3-utils/sg3-utils_1.45.bb +++ b/meta-oe/recipes-support/sg3-utils/sg3-utils_1.45.bb @@ -5,7 +5,7 @@ DESCRIPTION = "This package contains low level utilities for devices that use th HOMEPAGE = "http://sg.danny.cz/sg/sg3_utils.html" SECTION = "console/admin" -LICENSE = "GPLv2+ & BSD" +LICENSE = "GPLv2+ & BSD-2-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=f90da7fc52172599dbf082d7620f18ca" SRC_URI = "http://sg.danny.cz/sg/p/sg3_utils-${PV}.tgz \ diff --git a/meta-oe/recipes-support/syslog-ng/files/syslog-ng.service-the-syslog-ng-service.patch b/meta-oe/recipes-support/syslog-ng/files/syslog-ng.service-the-syslog-ng-service.patch index 0e1d09492b..7334800304 100644 --- a/meta-oe/recipes-support/syslog-ng/files/syslog-ng.service-the-syslog-ng-service.patch +++ b/meta-oe/recipes-support/syslog-ng/files/syslog-ng.service-the-syslog-ng-service.patch @@ -38,7 +38,7 @@ index 0ccc2b9..7f08c0e 100644 -CONTROL_FILE=/var/run/syslog-ng.ctl -PID_FILE=/var/run/syslog-ng.pid +PERSIST_FILE=@LOCALSTATEDIR@/lib/syslog-ng/syslog-ng.persist -+CONTROL_FILE=@LOCALSTATEDIR@/lib/syslog-ng/syslog-ng.ctl ++CONTROL_FILE=@LOCALSTATEDIR@/run/syslog-ng/syslog-ng.ctl +PID_FILE=@LOCALSTATEDIR@/run/syslog-ng.pid OTHER_OPTIONS="--enable-core" -- diff --git a/meta-oe/recipes-support/udisks/udisks2_2.9.3.bb b/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb index 30c00d43ca..ec13cfa26b 100644 --- a/meta-oe/recipes-support/udisks/udisks2_2.9.3.bb +++ b/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb @@ -18,7 +18,7 @@ DEPENDS += "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" RDEPENDS:${PN} = "acl" SRC_URI = "git://github.com/storaged-project/udisks.git;branch=2.9.x-branch;protocol=https" -SRCREV = "c430dd9a27e158693cc783e9ee91bf6e5b2a8819" +SRCREV = "001c486e6d099ed33e2de4f5c73c03e3ee180f81" S = "${WORKDIR}/git" CVE_PRODUCT = "udisks" diff --git a/meta-oe/recipes-test/cmocka/cmocka_1.1.5.bb b/meta-oe/recipes-test/cmocka/cmocka_1.1.5.bb index 2e34f6ab44..554d582a57 100644 --- a/meta-oe/recipes-test/cmocka/cmocka_1.1.5.bb +++ b/meta-oe/recipes-test/cmocka/cmocka_1.1.5.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57" SRCREV = "a4fc3dd7705c277e3a57432895e9852ea105dac9" PV .= "+git${SRCPV}" -SRC_URI = "git://git.cryptomilk.org/projects/cmocka.git;branch=master \ +SRC_URI = "git://git.cryptomilk.org/projects/cmocka.git;protocol=https;branch=master \ file://run-ptest \ " diff --git a/meta-oe/recipes-test/fbtest/fb-test_git.bb b/meta-oe/recipes-test/fbtest/fb-test_1.1.0.bb index 2992135726..14ab41b144 100644 --- a/meta-oe/recipes-test/fbtest/fb-test_git.bb +++ b/meta-oe/recipes-test/fbtest/fb-test_1.1.0.bb @@ -1,12 +1,10 @@ SUMMARY = "Test suite for Linux framebuffer" -PV = "1.1.0" - LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a" SRCREV = "063ec650960c2d79ac51f5c5f026cb05343a33e2" -SRC_URI = "git://github.com/prpplague/fb-test-app.git;branch=master;protocol=https" +SRC_URI = "git://github.com//ponty/fb-test-app.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-test/googletest/googletest_git.bb b/meta-oe/recipes-test/googletest/googletest_git.bb index 2393f9b425..ff8191eff6 100644 --- a/meta-oe/recipes-test/googletest/googletest_git.bb +++ b/meta-oe/recipes-test/googletest/googletest_git.bb @@ -10,7 +10,7 @@ PROVIDES += "gmock gtest" S = "${WORKDIR}/git" SRCREV = "e2239ee6043f73722e7aa812a459f54a28552929" -SRC_URI = "git://github.com/google/googletest.git;branch=master;protocol=https" +SRC_URI = "git://github.com/google/googletest.git;branch=main;protocol=https" inherit cmake diff --git a/meta-perl/recipes-perl/libfile/libfile-slurper-perl_0.012.bb b/meta-perl/recipes-perl/libfile/libfile-slurper-perl_0.013.bb index 4a2cb73e86..c7e5c56b6e 100644 --- a/meta-perl/recipes-perl/libfile/libfile-slurper-perl_0.012.bb +++ b/meta-perl/recipes-perl/libfile/libfile-slurper-perl_0.013.bb @@ -13,8 +13,7 @@ file://${COMMON_LICENSE_DIR}/GPL-1.0-or-later;md5=30c0b8a5048cc2f4be5ff15ef0d8cf SRC_URI = "${CPAN_MIRROR}/authors/id/L/LE/LEONT/File-Slurper-${PV}.tar.gz" -SRC_URI[md5sum] = "5742c63096392dfee50b8db314bcca18" -SRC_URI[sha256sum] = "4efb2ea416b110a1bda6f8133549cc6ea3676402e3caf7529fce0313250aa578" +SRC_URI[sha256sum] = "e2f6a4029a6a242d50054044f1fb86770b9b5cc4daeb1a967f91ffb42716a8c5" RDEPENDS:${PN} = " \ perl-module-carp \ perl-module-encode \ diff --git a/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.32.bb b/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb index 7e485bece5..2c7d793a7b 100644 --- a/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.32.bb +++ b/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb @@ -3,13 +3,13 @@ HOMEPAGE = "http://www.net-dns.org/" SECTION = "libs" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://README;beginline=252;endline=269;md5=27db37b42cd1a5173a53922d67072bcb" +LIC_FILES_CHKSUM = "file://README;beginline=252;endline=269;md5=de95b6a896d5f861d724ea854d316a0b" DEPENDS += "perl" SRC_URI = "http://search.cpan.org/CPAN/authors/id/N/NL/NLNETLABS/Net-DNS-${PV}.tar.gz" -SRC_URI[sha256sum] = "b890a7b44d573f27cc713caadf1e12eaaa4478a6504d1157194df614316b5b50" +SRC_URI[sha256sum] = "5a40e7cf524e4bd2c33cf03b82b47d5308b712083aa5ee180b0b5af54c71fbd2" UPSTREAM_CHECK_REGEX = "Net\-DNS\-(?P<pver>(\d+\.\d+))(?!_\d+).tar" diff --git a/meta-python/recipes-devtools/python/python-gevent/libev-conf.patch b/meta-python/recipes-devtools/python/python-gevent/libev-conf.patch deleted file mode 100644 index 79c1867ba7..0000000000 --- a/meta-python/recipes-devtools/python/python-gevent/libev-conf.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 2294734ef9d5e2efb05820e9759a1635799bdea9 Mon Sep 17 00:00:00 2001 -From: Andrej Rode <andrej.rode@ettus.com> -Date: Mon, 10 Apr 2017 19:25:18 -0700 -Subject: [PATCH] libev: make configure crosscompile compatible - -Signed-off-by: Andrej Rode <andrej.rode@ettus.com> ---- - deps/libev/configure | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/deps/libev/configure b/deps/libev/configure -index 743817e..96c2366 100755 ---- a/deps/libev/configure -+++ b/deps/libev/configure -@@ -2208,7 +2208,7 @@ fi - ac_ext=c - ac_cpp='$CPP $CPPFLAGS' - ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' --ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -+ac_link='$CC -static -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' - ac_compiler_gnu=$ac_cv_c_compiler_gnu - - --- -2.10.2 - diff --git a/meta-python/recipes-devtools/python/python3-cryptography-vectors_3.4.8.bb b/meta-python/recipes-devtools/python/python3-cryptography-vectors_3.4.8.bb index 2fb48f3cf7..25ff63b5eb 100644 --- a/meta-python/recipes-devtools/python/python3-cryptography-vectors_3.4.8.bb +++ b/meta-python/recipes-devtools/python/python3-cryptography-vectors_3.4.8.bb @@ -1,8 +1,10 @@ SUMMARY = "Test vectors for the cryptography package." HOMEPAGE = "https://cryptography.io/" SECTION = "devel/python" -LICENSE = "Apache-2.0 | BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4" +LICENSE = "Apache-2.0 | BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \ + file://LICENSE.APACHE;md5=4e168cce331e5c827d4c2b68a6200e1b \ + file://LICENSE.BSD;md5=5ae30ba4123bc4f2fa49aa0b0dce887b" SRC_URI[sha256sum] = "4c84410257993d3de058b44b777a49e1da2ae35ebea2970a360c7e3aa0f580f2" diff --git a/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb b/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb index baec105a3e..6c70284564 100644 --- a/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb +++ b/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb @@ -1,8 +1,10 @@ SUMMARY = "Provides cryptographic recipes and primitives to python developers" HOMEPAGE = "https://cryptography.io/" SECTION = "devel/python" -LICENSE = "Apache-2.0 | BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=bf405a8056a6647e7d077b0e7bc36aba" +LICENSE = "Apache-2.0 | BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=bf405a8056a6647e7d077b0e7bc36aba \ + file://LICENSE.APACHE;md5=4e168cce331e5c827d4c2b68a6200e1b \ + file://LICENSE.BSD;md5=5ae30ba4123bc4f2fa49aa0b0dce887b" LDSHARED += "-pthread" diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.24.bb b/meta-python/recipes-devtools/python/python3-django_2.2.27.bb index 982362bdd1..80e7de6248 100644 --- a/meta-python/recipes-devtools/python/python3-django_2.2.24.bb +++ b/meta-python/recipes-devtools/python/python3-django_2.2.27.bb @@ -5,8 +5,8 @@ UPSTREAM_CHECK_REGEX = "/${PYPI_PACKAGE}/(?P<pver>(2\.2\.\d*)+)/" inherit setuptools3 -SRC_URI[md5sum] = "ebf3bbb7716a7b11029e860475b9a122" -SRC_URI[sha256sum] = "3339ff0e03dee13045aef6ae7b523edff75b6d726adf7a7a48f53d5a501f7db7" +SRC_URI[md5sum] = "4af3aeed9e515ccde107ae6a9804c31f" +SRC_URI[sha256sum] = "1ee37046b0bf2b61e83b3a01d067323516ec3b6f2b17cd49b1326dd4ba9dc913" RDEPENDS:${PN} += "\ ${PYTHON_PN}-sqlparse \ diff --git a/meta-python/recipes-devtools/python/python3-django_3.2.5.bb b/meta-python/recipes-devtools/python/python3-django_3.2.12.bb index c10212c4cd..adbc498bdf 100644 --- a/meta-python/recipes-devtools/python/python3-django_3.2.5.bb +++ b/meta-python/recipes-devtools/python/python3-django_3.2.12.bb @@ -1,7 +1,7 @@ require python-django.inc inherit setuptools3 -SRC_URI[sha256sum] = "3da05fea54fdec2315b54a563d5b59f3b4e2b1e69c3a5841dda35019c01855cd" +SRC_URI[sha256sum] = "9772e6935703e59e993960832d66a614cf0233a1c5123bc6224ecc6ad69e41e2" RDEPENDS:${PN} += "\ ${PYTHON_PN}-sqlparse \ diff --git a/meta-python/recipes-devtools/python/python3-gevent_21.8.0.bb b/meta-python/recipes-devtools/python/python3-gevent_21.8.0.bb index 74ae6cf69d..7bdf126dea 100644 --- a/meta-python/recipes-devtools/python/python3-gevent_21.8.0.bb +++ b/meta-python/recipes-devtools/python/python3-gevent_21.8.0.bb @@ -2,32 +2,23 @@ SUMMARY = "A coroutine-based Python networking library" DESCRIPTION = "gevent is a coroutine-based Python networking library that uses greenlet to provide \ a high-level synchronous API on top of the libevent event loop." HOMEPAGE = "http://www.gevent.org" -LICENSE = "MIT & Python-2.0 & BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=4de99aac27b470c29c6c309e0c279b65 \ - file://NOTICE;md5=18108df3583462cafd457f024b9b09b5 \ - file://deps/libev/LICENSE;md5=d6ad416afd040c90698edcdf1cbee347 \ - " -DEPENDS += "libevent" -DEPENDS += "${PYTHON_PN}-greenlet" +LICENSE = "MIT & Python-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=4de99aac27b470c29c6c309e0c279b65" +DEPENDS += "${PYTHON_PN}-greenlet libev c-ares" + RDEPENDS:${PN} = "${PYTHON_PN}-greenlet \ ${PYTHON_PN}-mime \ ${PYTHON_PN}-pprint \ " -FILESEXTRAPATHS:prepend := "${THISDIR}/python-gevent:" +SRC_URI[sha256sum] = "43e93e1a4738c922a2416baf33f0afb0a20b22d3dba886720bc037cd02a98575" -SRC_URI:append = " \ - file://libev-conf.patch;patch=1;pnum=1 \ -" +inherit pypi setuptools3 -SRC_URI[sha256sum] = "43e93e1a4738c922a2416baf33f0afb0a20b22d3dba886720bc037cd02a98575" +# Don't embed libraries, link to the system instead +export GEVENTSETUP_EMBED = "0" -# The python-gevent has no autoreconf ability -# and the logic for detecting a cross compile is flawed -# so always force a cross compile +# Delete the embedded copies of libraries so we can't accidentally link to them do_configure:append() { - sed -i -e 's/^cross_compiling=no/cross_compiling=yes/' ${S}/deps/libev/configure - sed -i -e 's/^cross_compiling=no/cross_compiling=yes/' ${S}/deps/c-ares/configure + rm -rf ${S}/deps } - -inherit pypi setuptools3 diff --git a/meta-python/recipes-devtools/python/python3-lxml_4.6.3.bb b/meta-python/recipes-devtools/python/python3-lxml_4.6.5.bb index 669c2eaeeb..a0e8a8fbfb 100644 --- a/meta-python/recipes-devtools/python/python3-lxml_4.6.3.bb +++ b/meta-python/recipes-devtools/python/python3-lxml_4.6.5.bb @@ -4,9 +4,9 @@ libxslt libraries. It provides safe and convenient access to these \ libraries using the ElementTree API. It extends the ElementTree API \ significantly to offer support for XPath, RelaxNG, XML Schema, XSLT, \ C14N and much more." -HOMEPAGE = "http://codespeak.net/lxml" +HOMEPAGE = "https://lxml.de/" SECTION = "devel/python" -LICENSE = "BSD & GPLv2 & MIT & PSF" +LICENSE = "BSD-3-Clause & GPLv2 & MIT & PSF" LIC_FILES_CHKSUM = "file://LICENSES.txt;md5=e4c045ebad958ead4b48008f70838403 \ file://doc/licenses/elementtree.txt;md5=eb34d036a6e3d56314ee49a6852ac891 \ file://doc/licenses/BSD.txt;md5=700a1fc17f4797d4f2d34970c8ee694b \ @@ -18,7 +18,7 @@ LIC_FILES_CHKSUM = "file://LICENSES.txt;md5=e4c045ebad958ead4b48008f70838403 \ DEPENDS += "libxml2 libxslt" -SRC_URI[sha256sum] = "39b78571b3b30645ac77b95f7c69d1bffc4cf8c3b157c435a34da72e78c82468" +SRC_URI[sha256sum] = "6e84edecc3a82f90d44ddee2ee2a2630d4994b8471816e226d2b771cda7ac4ca" inherit pkgconfig pypi setuptools3 diff --git a/meta-python/recipes-devtools/python/python3-posix-ipc_1.0.5.bb b/meta-python/recipes-devtools/python/python3-posix-ipc_1.0.5.bb index 2377bd5258..d66ef0e3c4 100644 --- a/meta-python/recipes-devtools/python/python3-posix-ipc_1.0.5.bb +++ b/meta-python/recipes-devtools/python/python3-posix-ipc_1.0.5.bb @@ -1,7 +1,7 @@ DESCRIPTION = "POSIX IPC primitives (semaphores, shared memory and message queues) for Python" HOMEPAGE = "http://semanchuk.com/philip/posix_ipc/" SECTION = "devel/python" -LICENSE = "BSD" +LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=dc089fb2f37e90799a54c19a20c9880f" PYPI_PACKAGE = "posix_ipc" @@ -13,13 +13,3 @@ SRC_URI[md5sum] = "8c9443859492ecf3aae9182aa6b5c78c" SRC_URI[sha256sum] = "6cddb1ce2cf4aae383f2a0079c26c69bee257fe2720f372201ef047f8ceb8b97" inherit setuptools3 pypi - -# DEPENDS_default: python-pip - -DEPENDS += " \ - ${PYTHON_PN}-pip \ - " - -# RDEPENDS:default: -RDEPENDS:${PN} += " \ - " diff --git a/meta-python/recipes-devtools/python/python3-prctl_1.8.1.bb b/meta-python/recipes-devtools/python/python3-prctl_1.8.1.bb index b87a470b40..8426e48113 100644 --- a/meta-python/recipes-devtools/python/python3-prctl_1.8.1.bb +++ b/meta-python/recipes-devtools/python/python3-prctl_1.8.1.bb @@ -13,7 +13,7 @@ B = "${S}" SRCREV = "5e12e398eb5c4e30d7b29b02458c76d2cc780700" PV = "1.8.1+git${SRCPV}" -SRC_URI = "git://github.com/seveas/python-prctl;branch=main\ +SRC_URI = "git://github.com/seveas/python-prctl;protocol=https;branch=main \ file://0001-support-cross-complication.patch \ " inherit setuptools3 python3native diff --git a/meta-python/recipes-devtools/python/python3-pyzmq_22.3.0.bb b/meta-python/recipes-devtools/python/python3-pyzmq_22.3.0.bb index 3c91eee16f..87605c2b3e 100644 --- a/meta-python/recipes-devtools/python/python3-pyzmq_22.3.0.bb +++ b/meta-python/recipes-devtools/python/python3-pyzmq_22.3.0.bb @@ -1,6 +1,6 @@ SUMMARY = "Pyzmq provides Zero message queue access for the Python language" HOMEPAGE = "http://zeromq.org/bindings:python" -LICENSE = "BSD & LGPL-3.0" +LICENSE = "BSD-3-Clause & LGPL-3.0" LIC_FILES_CHKSUM = "file://COPYING.BSD;md5=11c65680f637c3df7f58bbc8d133e96e \ file://COPYING.LESSER;md5=12c592fa0bcfff3fb0977b066e9cb69e" DEPENDS = "zeromq" diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0001-configure-use-pkg-config-for-PCRE-detection.patch b/meta-webserver/recipes-httpd/apache2/apache2/0001-configure-use-pkg-config-for-PCRE-detection.patch index 6c0286457c..50775be533 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2/0001-configure-use-pkg-config-for-PCRE-detection.patch +++ b/meta-webserver/recipes-httpd/apache2/apache2/0001-configure-use-pkg-config-for-PCRE-detection.patch @@ -1,44 +1,43 @@ -From d2cedfa3394365689a3f7c8cfe8e0dd56b29bed9 Mon Sep 17 00:00:00 2001 +From ba9015386cbc044e111d7c266f13e2be045e4bf1 Mon Sep 17 00:00:00 2001 From: Koen Kooi <koen.kooi@linaro.org> Date: Tue, 17 Jun 2014 09:10:57 +0200 Subject: [PATCH] configure: use pkg-config for PCRE detection -Upstream-Status: Pending +Upstream-Status: Inappropriate [embedded specific] Signed-off-by: Koen Kooi <koen.kooi@linaro.org> --- - configure.in | 27 +++++---------------------- - 1 file changed, 5 insertions(+), 22 deletions(-) + configure.in | 26 +++++--------------------- + 1 file changed, 5 insertions(+), 21 deletions(-) diff --git a/configure.in b/configure.in -index 9feaceb..dc6ea15 100644 +index 38c1d0a..c799aec 100644 --- a/configure.in +++ b/configure.in -@@ -215,28 +215,11 @@ fi - AC_ARG_WITH(pcre, - APACHE_HELP_STRING(--with-pcre=PATH,Use external PCRE library)) +@@ -221,27 +221,11 @@ else if which $with_pcre 2>/dev/null; then :; else + fi + fi --AC_PATH_PROG(PCRE_CONFIG, pcre-config, false) --if test -d "$with_pcre" && test -x "$with_pcre/bin/pcre-config"; then -- PCRE_CONFIG=$with_pcre/bin/pcre-config --elif test -x "$with_pcre"; then -- PCRE_CONFIG=$with_pcre --fi +-AC_CHECK_TARGET_TOOLS(PCRE_CONFIG, [pcre2-config pcre-config], +- [`which $with_pcre 2>/dev/null`], $with_pcre) - --if test "$PCRE_CONFIG" != "false"; then +-if test "x$PCRE_CONFIG" != "x"; then - if $PCRE_CONFIG --version >/dev/null 2>&1; then :; else -- AC_MSG_ERROR([Did not find pcre-config script at $PCRE_CONFIG]) +- AC_MSG_ERROR([Did not find working script at $PCRE_CONFIG]) - fi - case `$PCRE_CONFIG --version` in +- [1[0-9].*]) +- AC_DEFINE(HAVE_PCRE2, 1, [Detected PCRE2]) +- ;; - [[1-5].*]) - AC_MSG_ERROR([Need at least pcre version 6.0]) - ;; - esac - AC_MSG_NOTICE([Using external PCRE library from $PCRE_CONFIG]) - APR_ADDTO(PCRE_INCLUDES, [`$PCRE_CONFIG --cflags`]) -- APR_ADDTO(PCRE_LIBS, [`$PCRE_CONFIG --libs`]) +- APR_ADDTO(PCRE_LIBS, [`$PCRE_CONFIG --libs8 2>/dev/null || $PCRE_CONFIG --libs`]) -else -- AC_MSG_ERROR([pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/]) +- AC_MSG_ERROR([pcre(2)-config for libpcre not found. PCRE is required and available from http://pcre.org/]) -fi +PKG_CHECK_MODULES([PCRE], [libpcre], [ + AC_DEFINE([HAVE_PCRE], [1], [Define if you have PCRE library]) @@ -49,5 +48,5 @@ index 9feaceb..dc6ea15 100644 AC_MSG_NOTICE([]) -- -2.7.4 +2.25.1 diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0002-apache2-bump-up-the-core-size-limit-if-CoreDumpDirec.patch b/meta-webserver/recipes-httpd/apache2/apache2/0002-apache2-bump-up-the-core-size-limit-if-CoreDumpDirec.patch index 85fe6ae4bd..bbe8b325b5 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2/0002-apache2-bump-up-the-core-size-limit-if-CoreDumpDirec.patch +++ b/meta-webserver/recipes-httpd/apache2/apache2/0002-apache2-bump-up-the-core-size-limit-if-CoreDumpDirec.patch @@ -1,8 +1,8 @@ -From 7df207ad4d0dcda2ad36e5642296e0dec7e13647 Mon Sep 17 00:00:00 2001 +From 5074ab3425e5f1e01fd9cfa2d9b7300ea1b3f38f Mon Sep 17 00:00:00 2001 From: Paul Eggleton <paul.eggleton@linux.intel.com> Date: Tue, 17 Jul 2012 11:27:39 +0100 -Subject: [PATCH] apache2: bump up the core size limit if CoreDumpDirectory - is configured +Subject: [PATCH] apache2: bump up the core size limit if CoreDumpDirectory is + configured Bump up the core size limit if CoreDumpDirectory is configured. @@ -11,16 +11,15 @@ Upstream-Status: Pending Note: upstreaming was discussed but there are competing desires; there are portability oddities here too. - --- server/core.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/server/core.c b/server/core.c -index eacb54f..7aa841f 100644 +index 090e397..3020090 100644 --- a/server/core.c +++ b/server/core.c -@@ -4965,6 +4965,25 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte +@@ -5107,6 +5107,25 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte } apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper, apr_pool_cleanup_null); @@ -47,5 +46,5 @@ index eacb54f..7aa841f 100644 } -- -2.7.4 +2.25.1 diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0003-apache2-do-not-export-apr-apr-util-symbols-when-usin.patch b/meta-webserver/recipes-httpd/apache2/apache2/0003-apache2-do-not-export-apr-apr-util-symbols-when-usin.patch index 081a02baa3..adb728ba31 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2/0003-apache2-do-not-export-apr-apr-util-symbols-when-usin.patch +++ b/meta-webserver/recipes-httpd/apache2/apache2/0003-apache2-do-not-export-apr-apr-util-symbols-when-usin.patch @@ -1,8 +1,8 @@ -From ddd560024a6d526187fd126f306b59533ca3f7e2 Mon Sep 17 00:00:00 2001 +From 9c03ed909b8da0e1a288f53fda535a3f15bcf791 Mon Sep 17 00:00:00 2001 From: Paul Eggleton <paul.eggleton@linux.intel.com> Date: Tue, 17 Jul 2012 11:27:39 +0100 -Subject: [PATCH] apache2: do not export apr/apr-util symbols when using - shared libapr +Subject: [PATCH] apache2: do not export apr/apr-util symbols when using shared + libapr There is no need to "suck in" the apr/apr-util symbols when using a shared libapr{,util}, it just bloats the symbol table; so don't. @@ -10,13 +10,12 @@ a shared libapr{,util}, it just bloats the symbol table; so don't. Upstream-Status: Pending Note: EXPORT_DIRS change is conditional on using shared apr - --- server/Makefile.in | 3 --- 1 file changed, 3 deletions(-) diff --git a/server/Makefile.in b/server/Makefile.in -index 1fa3344..f635d76 100644 +index 8111877..8c0c396 100644 --- a/server/Makefile.in +++ b/server/Makefile.in @@ -60,9 +60,6 @@ export_files: @@ -30,5 +29,5 @@ index 1fa3344..f635d76 100644 exports.c: export_files -- -2.7.4 +2.25.1 diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch b/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch index 78a04d9af4..5d82919685 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch +++ b/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch @@ -1,4 +1,4 @@ -From dfa834ebd449df299f54e98f0fb3a7bb4008fb03 Mon Sep 17 00:00:00 2001 +From 37699e9be04d83c5923644e298f400e077f76e85 Mon Sep 17 00:00:00 2001 From: Paul Eggleton <paul.eggleton@linux.intel.com> Date: Tue, 17 Jul 2012 11:27:39 +0100 Subject: [PATCH] Log the SELinux context at startup. @@ -8,17 +8,16 @@ Log the SELinux context at startup. Upstream-Status: Inappropriate [other] Note: unlikely to be any interest in this upstream - --- configure.in | 5 +++++ server/core.c | 26 ++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/configure.in b/configure.in -index dc6ea15..caa6f54 100644 +index c799aec..76811e7 100644 --- a/configure.in +++ b/configure.in -@@ -466,6 +466,11 @@ getloadavg +@@ -491,6 +491,11 @@ getloadavg dnl confirm that a void pointer is large enough to store a long integer APACHE_CHECK_VOID_PTR_LEN @@ -31,10 +30,10 @@ index dc6ea15..caa6f54 100644 [AC_TRY_RUN(#define _GNU_SOURCE #include <unistd.h> diff --git a/server/core.c b/server/core.c -index 7aa841f..79f34db 100644 +index 3020090..8fef5fd 100644 --- a/server/core.c +++ b/server/core.c -@@ -59,6 +59,10 @@ +@@ -65,6 +65,10 @@ #include <unistd.h> #endif @@ -45,7 +44,7 @@ index 7aa841f..79f34db 100644 /* LimitRequestBody handling */ #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) -@@ -4984,6 +4988,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte +@@ -5126,6 +5130,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte } #endif @@ -75,5 +74,5 @@ index 7aa841f..79f34db 100644 } -- -2.7.4 +2.25.1 diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0005-replace-lynx-to-curl-in-apachectl-script.patch b/meta-webserver/recipes-httpd/apache2/apache2/0005-replace-lynx-to-curl-in-apachectl-script.patch index 47320a9ee5..7b4a1b932b 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2/0005-replace-lynx-to-curl-in-apachectl-script.patch +++ b/meta-webserver/recipes-httpd/apache2/apache2/0005-replace-lynx-to-curl-in-apachectl-script.patch @@ -1,4 +1,4 @@ -From 7db1b650bb4b01a5194a34cd7573f915656a595b Mon Sep 17 00:00:00 2001 +From e59aab44a28c654e518080693d573ca472ca5a08 Mon Sep 17 00:00:00 2001 From: Yulong Pei <Yulong.pei@windriver.com> Date: Thu, 1 Sep 2011 01:03:14 +0800 Subject: [PATCH] replace lynx to curl in apachectl script @@ -48,5 +48,5 @@ index 3281c2e..6ab4ba5 100644 *) $HTTPD "$@" -- -2.7.4 +2.25.1 diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0006-apache2-fix-the-race-issue-of-parallel-installation.patch b/meta-webserver/recipes-httpd/apache2/apache2/0006-apache2-fix-the-race-issue-of-parallel-installation.patch index 227d04064b..dbaf01d2c5 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2/0006-apache2-fix-the-race-issue-of-parallel-installation.patch +++ b/meta-webserver/recipes-httpd/apache2/apache2/0006-apache2-fix-the-race-issue-of-parallel-installation.patch @@ -1,4 +1,4 @@ -From 4f4d7d6b88b6e440263ebeb22dfb40c52bb30fd8 Mon Sep 17 00:00:00 2001 +From fb09f1fe4525058b16b3d4edb2e3ae693154026e Mon Sep 17 00:00:00 2001 From: Zhenhua Luo <zhenhua.luo@freescale.com> Date: Fri, 25 Jan 2013 18:10:50 +0800 Subject: [PATCH] apache2: fix the race issue of parallel installation @@ -31,5 +31,5 @@ index e2d5bb6..dde5ae0 100755 pathcomp="$pathcomp/" done -- -2.7.4 +2.25.1 diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch b/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch index fed6b5010b..3ff6894409 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch +++ b/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch @@ -1,4 +1,4 @@ -From 964ef2c1af74984602f46e7db938d3b95b148385 Mon Sep 17 00:00:00 2001 +From 0686564f64130f230870db8b4846973e3edbd646 Mon Sep 17 00:00:00 2001 From: Wenzong Fan <wenzong.fan@windriver.com> Date: Mon, 1 Dec 2014 02:08:27 -0500 Subject: [PATCH] apache2: allow to disable selinux support @@ -11,10 +11,10 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/configure.in b/configure.in -index caa6f54..eab2090 100644 +index 76811e7..4df3ff3 100644 --- a/configure.in +++ b/configure.in -@@ -466,10 +466,16 @@ getloadavg +@@ -491,10 +491,16 @@ getloadavg dnl confirm that a void pointer is large enough to store a long integer APACHE_CHECK_VOID_PTR_LEN @@ -36,5 +36,5 @@ index caa6f54..eab2090 100644 AC_CACHE_CHECK([for gettid()], ac_cv_gettid, [AC_TRY_RUN(#define _GNU_SOURCE -- -2.7.4 +2.25.1 diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch b/meta-webserver/recipes-httpd/apache2/apache2/0008-Fix-perl-install-directory-to-usr-bin.patch index 61669e3641..dc5b5c88f2 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch +++ b/meta-webserver/recipes-httpd/apache2/apache2/0008-Fix-perl-install-directory-to-usr-bin.patch @@ -1,4 +1,4 @@ -From 5412077c398dec74321388fe6e593a44c4c80de6 Mon Sep 17 00:00:00 2001 +From 443d15b91d4e4979d92405610303797663f31102 Mon Sep 17 00:00:00 2001 From: echo <fei.geng@windriver.com> Date: Tue, 28 Apr 2009 03:11:06 +0000 Subject: [PATCH] Fix perl install directory to /usr/bin @@ -11,16 +11,15 @@ error: bad interpreter: No such file or directory Signed-off-by: Changqing Li <changqing.li@windriver.com> - --- configure.in | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/configure.in b/configure.in -index d828512..be7bd25 100644 +index 4df3ff3..4eeb609 100644 --- a/configure.in +++ b/configure.in -@@ -855,10 +855,7 @@ AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${rel_sysconfdir}/${progname}.conf", +@@ -903,10 +903,7 @@ AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${rel_sysconfdir}/${progname}.conf", AC_DEFINE_UNQUOTED(AP_TYPES_CONFIG_FILE, "${rel_sysconfdir}/mime.types", [Location of the MIME types config file, relative to the Apache root directory]) @@ -32,3 +31,6 @@ index d828512..be7bd25 100644 AC_SUBST(perlbin) dnl If we are running on BSD/OS, we need to use the BSD .include syntax. +-- +2.25.1 + diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0001-support-apxs.in-force-destdir-to-be-empty-string.patch b/meta-webserver/recipes-httpd/apache2/apache2/0009-support-apxs.in-force-destdir-to-be-empty-string.patch index bdedd146c2..d1f9bb0f43 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2/0001-support-apxs.in-force-destdir-to-be-empty-string.patch +++ b/meta-webserver/recipes-httpd/apache2/apache2/0009-support-apxs.in-force-destdir-to-be-empty-string.patch @@ -1,10 +1,10 @@ -From 705c0a7e9d9c1e64ee09fc0b54f6b5a4e27de1ca Mon Sep 17 00:00:00 2001 +From 43a4ad04e0d8771267a73f98b5918bcd10b167ec Mon Sep 17 00:00:00 2001 From: Trevor Gamblin <trevor.gamblin@windriver.com> Date: Fri, 17 Apr 2020 06:31:35 -0700 Subject: [PATCH] support/apxs.in: force destdir to be empty string -If destdir is assigned to anything other than the empty string, the -search path for apache2 config files is appended to itself, and +If destdir is assigned to anything other than the empty string, the +search path for apache2 config files is appended to itself, and related packages like apache-websocket will be unable to locate them: | cannot open @@ -24,7 +24,7 @@ Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/support/apxs.in b/support/apxs.in -index 65e1288527..9d96e33728 100644 +index b2705fa..781f2ab 100644 --- a/support/apxs.in +++ b/support/apxs.in @@ -28,10 +28,12 @@ package apxs; @@ -45,5 +45,5 @@ index 65e1288527..9d96e33728 100644 my %config_vars = (); -- -2.17.1 +2.25.1 diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0008-apache2-do-not-use-relative-path-for-gen_test_char.patch b/meta-webserver/recipes-httpd/apache2/apache2/0010-apache2-do-not-use-relative-path-for-gen_test_char.patch index 82e9e8c35f..ced8469f3a 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2/0008-apache2-do-not-use-relative-path-for-gen_test_char.patch +++ b/meta-webserver/recipes-httpd/apache2/apache2/0010-apache2-do-not-use-relative-path-for-gen_test_char.patch @@ -1,16 +1,15 @@ -From b62c4cd2295c98b2ebe12641e5f01590bd96ae94 Mon Sep 17 00:00:00 2001 +From d9993cbc33565c0acd29b0127d651dafa2a16975 Mon Sep 17 00:00:00 2001 From: Paul Eggleton <paul.eggleton@linux.intel.com> Date: Tue, 17 Jul 2012 11:27:39 +0100 Subject: [PATCH] apache2: do not use relative path for gen_test_char Upstream-Status: Inappropriate [embedded specific] - --- server/Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/Makefile.in b/server/Makefile.in -index f635d76..0d48924 100644 +index 8c0c396..3544f55 100644 --- a/server/Makefile.in +++ b/server/Makefile.in @@ -29,7 +29,7 @@ gen_test_char: $(gen_test_char_OBJECTS) @@ -23,5 +22,5 @@ index f635d76..0d48924 100644 util.lo: test_char.h -- -2.7.4 +2.25.1 diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb index 4b36c50d55..bac012ea56 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb @@ -13,12 +13,12 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \ file://0005-replace-lynx-to-curl-in-apachectl-script.patch \ file://0006-apache2-fix-the-race-issue-of-parallel-installation.patch \ file://0007-apache2-allow-to-disable-selinux-support.patch \ - file://apache-configure_perlbin.patch \ - file://0001-support-apxs.in-force-destdir-to-be-empty-string.patch \ + file://0008-Fix-perl-install-directory-to-usr-bin.patch \ + file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \ " SRC_URI:append:class-target = " \ - file://0008-apache2-do-not-use-relative-path-for-gen_test_char.patch \ + file://0010-apache2-do-not-use-relative-path-for-gen_test_char.patch \ file://init \ file://apache2-volatile.conf \ file://apache2.service \ @@ -26,7 +26,7 @@ SRC_URI:append:class-target = " \ " LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" -SRC_URI[sha256sum] = "20e01d81fecf077690a4439e3969a9b22a09a8d43c525356e863407741b838f4" +SRC_URI[sha256sum] = "d0bbd1121a57b5f2a6ff92d7b96f8050c5a45d3f14db118f64979d525858db63" S = "${WORKDIR}/httpd-${PV}" |