From ffdbcd78955d43d34988991f1d217036f044167d Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Tue, 5 Nov 2019 15:24:18 +0000 Subject: libsoup-2.4: upgrade to 2.66.4 Fixes CVE-2019-17266. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/recipes-support/libsoup/libsoup-2.4_2.66.2.bb | 42 ---------------------- meta/recipes-support/libsoup/libsoup-2.4_2.66.4.bb | 42 ++++++++++++++++++++++ 2 files changed, 42 insertions(+), 42 deletions(-) delete mode 100644 meta/recipes-support/libsoup/libsoup-2.4_2.66.2.bb create mode 100644 meta/recipes-support/libsoup/libsoup-2.4_2.66.4.bb diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.66.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.66.2.bb deleted file mode 100644 index 3a735cf27a..0000000000 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.66.2.bb +++ /dev/null @@ -1,42 +0,0 @@ -SUMMARY = "An HTTP library implementation in C" -HOMEPAGE = "https://wiki.gnome.org/Projects/libsoup" -BUGTRACKER = "https://bugzilla.gnome.org/" -SECTION = "x11/gnome/libs" -LICENSE = "LGPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2" - -DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 intltool-native libpsl" - -SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" - -SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ - file://0001-Do-not-enforce-no-introspection-when-cross-building.patch \ - " -SRC_URI[md5sum] = "66c2ae89d6031b01337d78a2c57c75d5" -SRC_URI[sha256sum] = "bd2ea602eba642509672812f3c99b77cbec2f3de02ba1cc8cb7206bf7de0ae2a" - -CVE_PRODUCT = "libsoup" - -S = "${WORKDIR}/libsoup-${PV}" - -inherit meson gettext pkgconfig upstream-version-is-even gobject-introspection gtk-doc - -# libsoup-gnome is entirely deprecated and just stubs in 2.42 onwards. Disable by default. -PACKAGECONFIG ??= "" -PACKAGECONFIG[gnome] = "-Dgnome=true,-Dgnome=false" -PACKAGECONFIG[gssapi] = "-Dgssapi=true,-Dgssapi=false,krb5" - -EXTRA_OEMESON_append = " -Dvapi=false" - -GTKDOC_MESON_OPTION = "doc" - -# When built without gnome support, libsoup-2.4 will contain only one shared lib -# and will therefore become subject to renaming by debian.bbclass. Prevent -# renaming in order to keep the package name consistent regardless of whether -# gnome support is enabled or disabled. -DEBIAN_NOAUTONAME_${PN} = "1" - -# glib-networking is needed for SSL, proxies, etc. -RRECOMMENDS_${PN} = "glib-networking" - -BBCLASSEXTEND = "native" diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.66.4.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.66.4.bb new file mode 100644 index 0000000000..7f5f910d3d --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.66.4.bb @@ -0,0 +1,42 @@ +SUMMARY = "An HTTP library implementation in C" +HOMEPAGE = "https://wiki.gnome.org/Projects/libsoup" +BUGTRACKER = "https://bugzilla.gnome.org/" +SECTION = "x11/gnome/libs" +LICENSE = "LGPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2" + +DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 intltool-native libpsl" + +SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" + +SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ + file://0001-Do-not-enforce-no-introspection-when-cross-building.patch \ + " +SRC_URI[md5sum] = "42016d80ecae4cf8eb416631049a273a" +SRC_URI[sha256sum] = "8308984f1eee1c4f8c113a9c1763b2b22d981bd811b0cc82a9f3f1aa63228779" + +CVE_PRODUCT = "libsoup" + +S = "${WORKDIR}/libsoup-${PV}" + +inherit meson gettext pkgconfig upstream-version-is-even gobject-introspection gtk-doc + +# libsoup-gnome is entirely deprecated and just stubs in 2.42 onwards. Disable by default. +PACKAGECONFIG ??= "" +PACKAGECONFIG[gnome] = "-Dgnome=true,-Dgnome=false" +PACKAGECONFIG[gssapi] = "-Dgssapi=true,-Dgssapi=false,krb5" + +EXTRA_OEMESON_append = " -Dvapi=false" + +GTKDOC_MESON_OPTION = "gtk_doc" + +# When built without gnome support, libsoup-2.4 will contain only one shared lib +# and will therefore become subject to renaming by debian.bbclass. Prevent +# renaming in order to keep the package name consistent regardless of whether +# gnome support is enabled or disabled. +DEBIAN_NOAUTONAME_${PN} = "1" + +# glib-networking is needed for SSL, proxies, etc. +RRECOMMENDS_${PN} = "glib-networking" + +BBCLASSEXTEND = "native" -- cgit 1.2.3-korg