diff options
Diffstat (limited to 'meta/recipes-extended')
36 files changed, 711 insertions, 25 deletions
diff --git a/meta/recipes-extended/asciidoc/asciidoc_9.1.0.bb b/meta/recipes-extended/asciidoc/asciidoc_9.1.0.bb index 523bf33f42..3869abee59 100644 --- a/meta/recipes-extended/asciidoc/asciidoc_9.1.0.bb +++ b/meta/recipes-extended/asciidoc/asciidoc_9.1.0.bb @@ -8,7 +8,7 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=4e5d1baf6f20559e3bec172226a47e4e \ file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 " -SRC_URI = "git://github.com/asciidoc/asciidoc-py3;protocol=https;branch=9.x" +SRC_URI = "git://github.com/asciidoc/asciidoc-py;protocol=https;branch=9.x" SRCREV = "9705d428439530104ce55d0ba12e8ef9d1b57ad1" DEPENDS = "libxml2-native libxslt-native docbook-xml-dtd4-native docbook-xsl-stylesheets-native" diff --git a/meta/recipes-extended/bash/bash.inc b/meta/recipes-extended/bash/bash.inc index d3e1dfdb30..37871bcdca 100644 --- a/meta/recipes-extended/bash/bash.inc +++ b/meta/recipes-extended/bash/bash.inc @@ -62,6 +62,11 @@ do_compile_ptest () { oe_runmake buildtest } +do_install_prepend () { + # Ensure determinism as this counter increases for each make call + rm -f ${B}/.build +} + do_install_append () { # Move /usr/bin/bash to /bin/bash, if need if [ "${base_bindir}" != "${bindir}" ]; then diff --git a/meta/recipes-extended/bzip2/bzip2/Makefile.am b/meta/recipes-extended/bzip2/bzip2/Makefile.am index 7338df03eb..d12d3a45e4 100644 --- a/meta/recipes-extended/bzip2/bzip2/Makefile.am +++ b/meta/recipes-extended/bzip2/bzip2/Makefile.am @@ -1,6 +1,6 @@ lib_LTLIBRARIES = libbz2.la -libbz2_la_LDFLAGS = -version-info 1:6:0 +libbz2_la_LDFLAGS = -version-info 1:8:0 libbz2_la_SOURCES = blocksort.c \ huffman.c \ diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.8.bb b/meta/recipes-extended/bzip2/bzip2_1.0.8.bb index 70eb67f1f2..d2f34449b3 100644 --- a/meta/recipes-extended/bzip2/bzip2_1.0.8.bb +++ b/meta/recipes-extended/bzip2/bzip2_1.0.8.bb @@ -22,7 +22,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;endline=37;md5=600af43c50f1fcb82e " SRC_URI = "https://sourceware.org/pub/${BPN}/${BPN}-${PV}.tar.gz \ - git://sourceware.org/git/bzip2-tests.git;name=bzip2-tests \ + git://sourceware.org/git/bzip2-tests.git;name=bzip2-tests;branch=master \ file://configure.ac;subdir=${BP} \ file://Makefile.am;subdir=${BP} \ file://run-ptest \ diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index beee614828..a667d1a142 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -44,7 +44,7 @@ PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'zeroconf', 'avahi', PACKAGECONFIG[avahi] = "--enable-avahi,--disable-avahi,avahi" PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl" PACKAGECONFIG[pam] = "--enable-pam --with-pam-module=unix, --disable-pam, libpam" -PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--without-systemd,systemd" +PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--disable-systemd,systemd" PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd" EXTRA_OECONF = " \ diff --git a/meta/recipes-extended/ghostscript/ghostscript/0001-Bug-704342-Include-device-specifier-strings-in-acces.patch b/meta/recipes-extended/ghostscript/ghostscript/0001-Bug-704342-Include-device-specifier-strings-in-acces.patch new file mode 100644 index 0000000000..44bdfbba35 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/0001-Bug-704342-Include-device-specifier-strings-in-acces.patch @@ -0,0 +1,238 @@ +From a9bd3dec9fde03327a4a2c69dad1036bf9632e20 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Tue, 7 Sep 2021 20:36:12 +0100 +Subject: [PATCH] Bug 704342: Include device specifier strings in access + validation + +for the "%pipe%", %handle%" and %printer% io devices. + +We previously validated only the part after the "%pipe%" Postscript device +specifier, but this proved insufficient. + +This rebuilds the original file name string, and validates it complete. The +slight complication for "%pipe%" is it can be reached implicitly using +"|" so we have to check both prefixes. + +Addresses CVE-2021-3781 + +CVE: CVE-2021-3781 + +Upstream-Status: Backport (http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20) + +Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> +--- + base/gdevpipe.c | 22 +++++++++++++++- + base/gp_mshdl.c | 11 +++++++- + base/gp_msprn.c | 10 ++++++- + base/gp_os2pr.c | 13 +++++++++- + base/gslibctx.c | 69 ++++++++++--------------------------------------- + 5 files changed, 65 insertions(+), 60 deletions(-) + +diff --git a/base/gdevpipe.c b/base/gdevpipe.c +index 96d71f5d8..5bdc485be 100644 +--- a/base/gdevpipe.c ++++ b/base/gdevpipe.c +@@ -72,8 +72,28 @@ pipe_fopen(gx_io_device * iodev, const char *fname, const char *access, + #else + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ /* The pipe device can be reached in two ways, explicltly with %pipe% ++ or implicitly with "|", so we have to check for both ++ */ ++ char f[gp_file_name_sizeof]; ++ const char *pipestr = "|"; ++ const size_t pipestrlen = strlen(pipestr); ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); ++ int code1; ++ ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(f, iodev->dname, preflen); ++ memcpy(f + preflen, fname, nlen + 1); ++ ++ code1 = gp_validate_path(mem, f, access); ++ ++ memcpy(f, pipestr, pipestrlen); ++ memcpy(f + pipestrlen, fname, nlen + 1); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (code1 != 0 && gp_validate_path(mem, f, access) != 0 ) + return gs_error_invalidfileaccess; + + /* +diff --git a/base/gp_mshdl.c b/base/gp_mshdl.c +index 2b964ed74..8d87ceadc 100644 +--- a/base/gp_mshdl.c ++++ b/base/gp_mshdl.c +@@ -95,8 +95,17 @@ mswin_handle_fopen(gx_io_device * iodev, const char *fname, const char *access, + long hfile; /* Correct for Win32, may be wrong for Win64 */ + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ char f[gp_file_name_sizeof]; ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(f, iodev->dname, preflen); ++ memcpy(f + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, f, access) != 0) + return gs_error_invalidfileaccess; + + /* First we try the open_handle method. */ +diff --git a/base/gp_msprn.c b/base/gp_msprn.c +index ed4827968..746a974f7 100644 +--- a/base/gp_msprn.c ++++ b/base/gp_msprn.c +@@ -168,8 +168,16 @@ mswin_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, + uintptr_t *ptid = &((tid_t *)(iodev->state))->tid; + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(pname, iodev->dname, preflen); ++ memcpy(pname + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, pname, access) != 0) + return gs_error_invalidfileaccess; + + /* First we try the open_printer method. */ +diff --git a/base/gp_os2pr.c b/base/gp_os2pr.c +index f852c71fc..ba54cde66 100644 +--- a/base/gp_os2pr.c ++++ b/base/gp_os2pr.c +@@ -107,9 +107,20 @@ os2_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, + FILE ** pfile, char *rfname, uint rnamelen) + { + os2_printer_t *pr = (os2_printer_t *)iodev->state; +- char driver_name[256]; ++ char driver_name[gp_file_name_sizeof]; + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ const size_t preflen = strlen(iodev->dname); ++ const int size_t = strlen(fname); ++ ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(driver_name, iodev->dname, preflen); ++ memcpy(driver_name + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, driver_name, access) != 0) ++ return gs_error_invalidfileaccess; + + /* First we try the open_printer method. */ + /* Note that the loop condition here ensures we don't +diff --git a/base/gslibctx.c b/base/gslibctx.c +index 6dfed6cd5..318039fad 100644 +--- a/base/gslibctx.c ++++ b/base/gslibctx.c +@@ -655,82 +655,39 @@ rewrite_percent_specifiers(char *s) + int + gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) + { +- char *fp, f[gp_file_name_sizeof]; +- const int pipe = 124; /* ASCII code for '|' */ +- const int len = strlen(fname); +- int i, code; ++ char f[gp_file_name_sizeof]; ++ int code; + + /* Be sure the string copy will fit */ +- if (len >= gp_file_name_sizeof) ++ if (strlen(fname) >= gp_file_name_sizeof) + return gs_error_rangecheck; + strcpy(f, fname); +- fp = f; + /* Try to rewrite any %d (or similar) in the string */ + rewrite_percent_specifiers(f); +- for (i = 0; i < len; i++) { +- if (f[i] == pipe) { +- fp = &f[i + 1]; +- /* Because we potentially have to check file permissions at two levels +- for the output file (gx_device_open_output_file and the low level +- fopen API, if we're using a pipe, we have to add both the full string, +- (including the '|', and just the command to which we pipe - since at +- the pipe_fopen(), the leading '|' has been stripped. +- */ +- code = gs_add_control_path(mem, gs_permit_file_writing, f); +- if (code < 0) +- return code; +- code = gs_add_control_path(mem, gs_permit_file_control, f); +- if (code < 0) +- return code; +- break; +- } +- if (!IS_WHITESPACE(f[i])) +- break; +- } +- code = gs_add_control_path(mem, gs_permit_file_control, fp); ++ ++ code = gs_add_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; +- return gs_add_control_path(mem, gs_permit_file_writing, fp); ++ return gs_add_control_path(mem, gs_permit_file_writing, f); + } + + int + gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) + { +- char *fp, f[gp_file_name_sizeof]; +- const int pipe = 124; /* ASCII code for '|' */ +- const int len = strlen(fname); +- int i, code; ++ char f[gp_file_name_sizeof]; ++ int code; + + /* Be sure the string copy will fit */ +- if (len >= gp_file_name_sizeof) ++ if (strlen(fname) >= gp_file_name_sizeof) + return gs_error_rangecheck; + strcpy(f, fname); +- fp = f; + /* Try to rewrite any %d (or similar) in the string */ +- for (i = 0; i < len; i++) { +- if (f[i] == pipe) { +- fp = &f[i + 1]; +- /* Because we potentially have to check file permissions at two levels +- for the output file (gx_device_open_output_file and the low level +- fopen API, if we're using a pipe, we have to add both the full string, +- (including the '|', and just the command to which we pipe - since at +- the pipe_fopen(), the leading '|' has been stripped. +- */ +- code = gs_remove_control_path(mem, gs_permit_file_writing, f); +- if (code < 0) +- return code; +- code = gs_remove_control_path(mem, gs_permit_file_control, f); +- if (code < 0) +- return code; +- break; +- } +- if (!IS_WHITESPACE(f[i])) +- break; +- } +- code = gs_remove_control_path(mem, gs_permit_file_control, fp); ++ rewrite_percent_specifiers(f); ++ ++ code = gs_remove_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; +- return gs_remove_control_path(mem, gs_permit_file_writing, fp); ++ return gs_remove_control_path(mem, gs_permit_file_writing, f); + } + + int +-- +2.33.0 + diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch new file mode 100644 index 0000000000..f312f89e04 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch @@ -0,0 +1,65 @@ +From 6643ff0cb837db3eade489ffff21e3e92eee2ae0 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Fri, 28 Jan 2022 08:21:19 +0000 +Subject: [PATCH] [PATCH] Bug 703902: Fix op stack management in + sampled_data_continue() + +Replace pop() (which does no checking, and doesn't handle stack extension +blocks) with ref_stack_pop() which does do all that. + +We still use pop() in one case (it's faster), but we have to later use +ref_stack_pop() before calling sampled_data_sample() which also accesses the +op stack. + +Fixes: +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 + +Upstream-Status: Backported [https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7] +CVE: CVE-2021-45949 +Signed-off-by: Minjae Kim <flowergom@gmail.com> +--- + psi/zfsample.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/psi/zfsample.c b/psi/zfsample.c +index 0023fa4..f84671f 100644 +--- a/psi/zfsample.c ++++ b/psi/zfsample.c +@@ -534,14 +534,17 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + data_ptr[bps * i + j] = (byte)(cv >> ((bps - 1 - j) * 8)); /* MSB first */ + } + pop(num_out); /* Move op to base of result values */ +- ++ /* From here on, we have to use ref_stack_pop() rather than pop() ++ so that it handles stack extension blocks properly, before calling ++ sampled_data_sample() which also uses the op stack. ++ */ + /* Check if we are done collecting data. */ + + if (increment_cube_indexes(params, penum->indexes)) { + if (stack_depth_adjust == 0) +- pop(O_STACK_PAD); /* Remove spare stack space */ ++ ref_stack_pop(&o_stack, O_STACK_PAD); /* Remove spare stack space */ + else +- pop(stack_depth_adjust - num_out); ++ ref_stack_pop(&o_stack, stack_depth_adjust - num_out); + /* Execute the closing procedure, if given */ + code = 0; + if (esp_finish_proc != 0) +@@ -554,11 +557,11 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + if ((O_STACK_PAD - stack_depth_adjust) < 0) { + stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust); + check_op(stack_depth_adjust); +- pop(stack_depth_adjust); ++ ref_stack_pop(&o_stack, stack_depth_adjust); + } + else { + check_ostack(O_STACK_PAD - stack_depth_adjust); +- push(O_STACK_PAD - stack_depth_adjust); ++ ref_stack_push(&o_stack, O_STACK_PAD - stack_depth_adjust); + for (i=0;i<O_STACK_PAD - stack_depth_adjust;i++) + make_null(op - i); + } +-- +2.17.1 + diff --git a/meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch b/meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch new file mode 100644 index 0000000000..722bab4ddb --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch @@ -0,0 +1,51 @@ +From 7861fcad13c497728189feafb41cd57b5b50ea25 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Fri, 12 Feb 2021 10:34:23 +0000 +Subject: [PATCH] oss-fuzz 30715: Check stack limits after function evaluation. + +During function result sampling, after the callout to the Postscript +interpreter, make sure there is enough stack space available before pushing +or popping entries. + +In thise case, the Postscript procedure for the "function" is totally invalid +(as a function), and leaves the op stack in an unrecoverable state (as far as +function evaluation is concerned). We end up popping more entries off the +stack than are available. + +To cope, add in stack limit checking to throw an appropriate error when this +happens. + +Upstream-Status: Backported [https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=7861fcad13c497728189feafb41cd57b5b50ea25] +Signed-off-by: Minjae Kim <flowergom@gmail.com> +--- + psi/zfsample.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/psi/zfsample.c b/psi/zfsample.c +index 290809405..652ae02c6 100644 +--- a/psi/zfsample.c ++++ b/psi/zfsample.c +@@ -551,9 +551,17 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + } else { + if (stack_depth_adjust) { + stack_depth_adjust -= num_out; +- push(O_STACK_PAD - stack_depth_adjust); +- for (i=0;i<O_STACK_PAD - stack_depth_adjust;i++) +- make_null(op - i); ++ if ((O_STACK_PAD - stack_depth_adjust) < 0) { ++ stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust); ++ check_op(stack_depth_adjust); ++ pop(stack_depth_adjust); ++ } ++ else { ++ check_ostack(O_STACK_PAD - stack_depth_adjust); ++ push(O_STACK_PAD - stack_depth_adjust); ++ for (i=0;i<O_STACK_PAD - stack_depth_adjust;i++) ++ make_null(op - i); ++ } + } + } + +-- +2.25.1 + diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb b/meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb index 35826c2549..958a88e968 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb @@ -33,6 +33,9 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://do-not-check-local-libpng-source.patch \ file://avoid-host-contamination.patch \ file://mkdir-p.patch \ + file://0001-Bug-704342-Include-device-specifier-strings-in-acces.patch \ + file://check-stack-limits-after-function-evalution.patch \ + file://CVE-2021-45949.patch \ " SRC_URI = "${SRC_URI_BASE} \ diff --git a/meta/recipes-extended/go-examples/go-helloworld_0.1.bb b/meta/recipes-extended/go-examples/go-helloworld_0.1.bb index c51f163e9b..3b738f82e7 100644 --- a/meta/recipes-extended/go-examples/go-helloworld_0.1.bb +++ b/meta/recipes-extended/go-examples/go-helloworld_0.1.bb @@ -5,7 +5,7 @@ HOMEPAGE = "https://golang.org/" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" -SRC_URI = "git://${GO_IMPORT}" +SRC_URI = "git://${GO_IMPORT};branch=master;protocol=https" SRCREV = "46695d81d1fae905a270fb7db8a4d11a334562fe" UPSTREAM_CHECK_COMMITS = "1" diff --git a/meta/recipes-extended/iputils/iputils_s20200821.bb b/meta/recipes-extended/iputils/iputils_s20200821.bb index e43abf2629..dd541d4d48 100644 --- a/meta/recipes-extended/iputils/iputils_s20200821.bb +++ b/meta/recipes-extended/iputils/iputils_s20200821.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=55aa8c9fcad0691cef0ecd420361e390" DEPENDS = "gnutls" -SRC_URI = "git://github.com/iputils/iputils \ +SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https \ file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \ " SRCREV = "23c3782ae0c7f9c6ae59dbed8ad9204f8758542b" diff --git a/meta/recipes-extended/libaio/libaio_0.3.112.bb b/meta/recipes-extended/libaio/libaio_0.3.112.bb index b3606474a5..3892f3244e 100644 --- a/meta/recipes-extended/libaio/libaio_0.3.112.bb +++ b/meta/recipes-extended/libaio/libaio_0.3.112.bb @@ -5,7 +5,7 @@ HOMEPAGE = "http://lse.sourceforge.net/io/aio.html" LICENSE = "LGPLv2.1+" LIC_FILES_CHKSUM = "file://COPYING;md5=d8045f3b8f929c1cb29a1e3fd737b499" -SRC_URI = "git://pagure.io/libaio.git;protocol=https \ +SRC_URI = "git://pagure.io/libaio.git;protocol=https;branch=master \ file://00_arches.patch \ file://libaio_fix_for_mips_syscalls.patch \ file://system-linkage.patch \ diff --git a/meta/recipes-extended/libarchive/libarchive_3.5.1.bb b/meta/recipes-extended/libarchive/libarchive_3.5.3.bb index 1387b69066..92bb223784 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.5.1.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.5.3.bb @@ -34,7 +34,7 @@ EXTRA_OECONF += "--enable-largefile" SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz" -SRC_URI[sha256sum] = "9015d109ec00bb9ae1a384b172bf2fc1dff41e2c66e5a9eeddf933af9db37f5a" +SRC_URI[sha256sum] = "72788e5f58d16febddfa262a5215e05fc9c79f2670f641ac039e6df44330ef51" inherit autotools update-alternatives pkgconfig diff --git a/meta/recipes-extended/libnsl/libnsl2_git.bb b/meta/recipes-extended/libnsl/libnsl2_git.bb index badb71d977..0690d4cd3b 100644 --- a/meta/recipes-extended/libnsl/libnsl2_git.bb +++ b/meta/recipes-extended/libnsl/libnsl2_git.bb @@ -14,7 +14,7 @@ PV = "1.3.0" SRCREV = "fbad7b36acaa89a54023930af70805649f962999" -SRC_URI = "git://github.com/thkukuk/libnsl \ +SRC_URI = "git://github.com/thkukuk/libnsl;branch=master;protocol=https \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-extended/libnss-nis/libnss-nis.bb b/meta/recipes-extended/libnss-nis/libnss-nis.bb index a1d914e871..984cc98fc2 100644 --- a/meta/recipes-extended/libnss-nis/libnss-nis.bb +++ b/meta/recipes-extended/libnss-nis/libnss-nis.bb @@ -17,7 +17,7 @@ PV = "3.1+git${SRCPV}" SRCREV = "062f31999b35393abf7595cb89dfc9590d5a42ad" -SRC_URI = "git://github.com/thkukuk/libnss_nis \ +SRC_URI = "git://github.com/thkukuk/libnss_nis;branch=master;protocol=https \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-extended/libsolv/libsolv_0.7.17.bb b/meta/recipes-extended/libsolv/libsolv_0.7.17.bb index fa6e8a3c4d..2b5da4d932 100644 --- a/meta/recipes-extended/libsolv/libsolv_0.7.17.bb +++ b/meta/recipes-extended/libsolv/libsolv_0.7.17.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.BSD;md5=62272bd11c97396d4aaf1c41bc11f7d8" DEPENDS = "expat zlib" -SRC_URI = "git://github.com/openSUSE/libsolv.git \ +SRC_URI = "git://github.com/openSUSE/libsolv.git;branch=master;protocol=https \ " SRCREV = "4bc791c0d235eb14bfe4c5da607206bfdfa6983d" diff --git a/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch b/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch new file mode 100644 index 0000000000..f4e93d1065 --- /dev/null +++ b/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch @@ -0,0 +1,97 @@ +Upstream-Status: Backport +CVE: CVE-2022-22707 +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 27103f3f8b1a2857aa45b889e775435f7daf141f Mon Sep 17 00:00:00 2001 +From: povcfe <povcfe@qq.com> +Date: Wed, 5 Jan 2022 11:11:09 +0000 +Subject: [PATCH] [mod_extforward] fix out-of-bounds (OOB) write (fixes #3134) + +(thx povcfe) + +(edited: gstrauss) + +There is a potential remote denial of service in lighttpd mod_extforward +under specific, non-default and uncommon 32-bit lighttpd mod_extforward +configurations. + +Under specific, non-default and uncommon lighttpd mod_extforward +configurations, a remote attacker can trigger a 4-byte out-of-bounds +write of value '-1' to the stack. This is not believed to be exploitable +in any way beyond triggering a crash of the lighttpd server on systems +where the lighttpd server has been built 32-bit and with compiler flags +which enable a stack canary -- gcc/clang -fstack-protector-strong or +-fstack-protector-all, but bug not visible with only -fstack-protector. + +With standard lighttpd builds using -O2 optimization on 64-bit x86_64, +this bug has not been observed to cause adverse behavior, even with +gcc/clang -fstack-protector-strong. + +For the bug to be reachable, the user must be using a non-default +lighttpd configuration which enables mod_extforward and configures +mod_extforward to accept and parse the "Forwarded" header from a trusted +proxy. At this time, support for RFC7239 Forwarded is not common in CDN +providers or popular web server reverse proxies. It bears repeating that +for the user to desire to configure lighttpd mod_extforward to accept +"Forwarded", the user must also be using a trusted proxy (in front of +lighttpd) which understands and actively modifies the "Forwarded" header +sent to lighttpd. + +lighttpd natively supports RFC7239 "Forwarded" +hiawatha natively supports RFC7239 "Forwarded" + +nginx can be manually configured to add a "Forwarded" header +https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/ + +A 64-bit build of lighttpd on x86_64 (not known to be affected by bug) +in front of another 32-bit lighttpd will detect and reject a malicious +"Forwarded" request header, thereby thwarting an attempt to trigger +this bug in an upstream 32-bit lighttpd. + +The following servers currently do not natively support RFC7239 Forwarded: +nginx +apache2 +caddy +node.js +haproxy +squid +varnish-cache +litespeed + +Given the general dearth of support for RFC7239 Forwarded in popular +CDNs and web server reverse proxies, and given the prerequisites in +lighttpd mod_extforward needed to reach this bug, the number of lighttpd +servers vulnerable to this bug is estimated to be vanishingly small. +Large systems using reverse proxies are likely running 64-bit lighttpd, +which is not known to be adversely affected by this bug. + +In the future, it is desirable for more servers to implement RFC7239 +Forwarded. lighttpd developers would like to thank povcfe for reporting +this bug so that it can be fixed before more CDNs and web servers +implement RFC7239 Forwarded. + +x-ref: + "mod_extforward plugin has out-of-bounds (OOB) write of 4-byte -1" + https://redmine.lighttpd.net/issues/3134 + (not yet written or published) + CVE-2022-22707 +--- + src/mod_extforward.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/mod_extforward.c b/src/mod_extforward.c +index ba957e04..fdaef7f6 100644 +--- a/src/mod_extforward.c ++++ b/src/mod_extforward.c +@@ -715,7 +715,7 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c + while (s[i] == ' ' || s[i] == '\t') ++i; + if (s[i] == ';') { ++i; continue; } + if (s[i] == ',') { +- if (j >= (int)(sizeof(offsets)/sizeof(int))) break; ++ if (j >= (int)(sizeof(offsets)/sizeof(int))-1) break; + offsets[++j] = -1; /*("offset" separating params from next proxy)*/ + ++i; + continue; +-- +2.25.1 + diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb index cf7f478915..73443f77b4 100644 --- a/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb +++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb @@ -14,6 +14,7 @@ RRECOMMENDS_${PN} = "lighttpd-module-access \ lighttpd-module-accesslog" SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \ + file://0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch \ file://index.html.lighttpd \ file://lighttpd.conf \ file://lighttpd \ diff --git a/meta/recipes-extended/ltp/ltp_20210121.bb b/meta/recipes-extended/ltp/ltp_20210121.bb index 17adbf43f0..e816244f8c 100644 --- a/meta/recipes-extended/ltp/ltp_20210121.bb +++ b/meta/recipes-extended/ltp/ltp_20210121.bb @@ -33,7 +33,7 @@ SRCREV = "4d005621edd109d119627eb9210b224a63bf22cb" PR = "r4" HASHEQUIV_HASH_VERSION .= ".4" -SRC_URI = "git://github.com/linux-test-project/ltp.git \ +SRC_URI = "git://github.com/linux-test-project/ltp.git;branch=master;protocol=https \ file://0001-build-Add-option-to-select-libc-implementation.patch \ file://0007-Fix-test_proc_kill-hanging.patch \ file://0001-Add-more-musl-exclusions.patch \ diff --git a/meta/recipes-extended/mc/files/0001-Ticket-4200-fix-FTBFS-with-ncurses-build-with-disabl.patch b/meta/recipes-extended/mc/files/0001-Ticket-4200-fix-FTBFS-with-ncurses-build-with-disabl.patch new file mode 100644 index 0000000000..408473664f --- /dev/null +++ b/meta/recipes-extended/mc/files/0001-Ticket-4200-fix-FTBFS-with-ncurses-build-with-disabl.patch @@ -0,0 +1,87 @@ +From e7bbf72544ab62db9c92bfe7bd1155227e78c621 Mon Sep 17 00:00:00 2001 +From: Andrew Borodin <aborodin@vmail.ru> +Date: Sat, 28 Aug 2021 11:46:53 +0300 +Subject: [PATCH] Ticket #4200: fix FTBFS with ncurses build with + --disable-widec. + +Upstream-Status: Accepted [https://github.com/MidnightCommander/mc/commit/e7bbf72544] +Signed-off-by: Andrew Borodin <aborodin@vmail.ru> +--- + lib/tty/tty-ncurses.c | 8 ++++++++ + lib/tty/tty-ncurses.h | 5 +++++ + lib/tty/tty-slang.h | 2 ++ + src/filemanager/boxes.c | 2 ++ + 4 files changed, 17 insertions(+) + +diff --git a/lib/tty/tty-ncurses.c b/lib/tty/tty-ncurses.c +index f619c0a7bf31..13058a624208 100644 +--- a/lib/tty/tty-ncurses.c ++++ b/lib/tty/tty-ncurses.c +@@ -560,6 +560,7 @@ tty_fill_region (int y, int x, int rows, int cols, unsigned char ch) + void + tty_colorize_area (int y, int x, int rows, int cols, int color) + { ++#ifdef ENABLE_SHADOWS + cchar_t *ctext; + wchar_t wch[10]; /* TODO not sure if the length is correct */ + attr_t attrs; +@@ -585,6 +586,13 @@ tty_colorize_area (int y, int x, int rows, int cols, int color) + } + + g_free (ctext); ++#else ++ (void) y; ++ (void) x; ++ (void) rows; ++ (void) cols; ++ (void) color; ++#endif /* ENABLE_SHADOWS */ + } + + /* --------------------------------------------------------------------------------------------- */ +diff --git a/lib/tty/tty-ncurses.h b/lib/tty/tty-ncurses.h +index d75df9533ab9..8feb17ccd045 100644 +--- a/lib/tty/tty-ncurses.h ++++ b/lib/tty/tty-ncurses.h +@@ -30,6 +30,11 @@ + #define NCURSES_CONST const + #endif + ++/* do not draw shadows if NCurses is built with --disable-widec */ ++#if defined(NCURSES_WIDECHAR) && NCURSES_WIDECHAR ++#define ENABLE_SHADOWS 1 ++#endif ++ + /*** typedefs(not structures) and defined constants **********************************************/ + + /*** enums ***************************************************************************************/ +diff --git a/lib/tty/tty-slang.h b/lib/tty/tty-slang.h +index 5b12c6512853..eeaade388af4 100644 +--- a/lib/tty/tty-slang.h ++++ b/lib/tty/tty-slang.h +@@ -23,6 +23,8 @@ + #define COLS SLtt_Screen_Cols + #define LINES SLtt_Screen_Rows + ++#define ENABLE_SHADOWS 1 ++ + /*** enums ***************************************************************************************/ + + enum +diff --git a/src/filemanager/boxes.c b/src/filemanager/boxes.c +index 3eb525be4a9b..98df5ff2ed9a 100644 +--- a/src/filemanager/boxes.c ++++ b/src/filemanager/boxes.c +@@ -280,7 +280,9 @@ appearance_box_callback (Widget * w, Widget * sender, widget_msg_t msg, int parm + switch (msg) + { + case MSG_INIT: ++#ifdef ENABLE_SHADOWS + if (!tty_use_colors ()) ++#endif + { + Widget *shadow; + +-- +2.34.1 + diff --git a/meta/recipes-extended/mc/mc_4.8.26.bb b/meta/recipes-extended/mc/mc_4.8.26.bb index 6bc7e6e8e1..906778400e 100644 --- a/meta/recipes-extended/mc/mc_4.8.26.bb +++ b/meta/recipes-extended/mc/mc_4.8.26.bb @@ -12,6 +12,7 @@ SRC_URI = "http://www.midnight-commander.org/downloads/${BPN}-${PV}.tar.bz2 \ file://0001-mc-replace-perl-w-with-use-warnings.patch \ file://nomandate.patch \ file://CVE-2021-36370.patch \ + file://0001-Ticket-4200-fix-FTBFS-with-ncurses-build-with-disabl.patch \ " SRC_URI[sha256sum] = "9d6358d0a351a455a1410aab57f33b6b48b0fcf31344b9a10b0ff497595979d1" @@ -24,7 +25,9 @@ PACKAGECONFIG ??= "" PACKAGECONFIG[smb] = "--enable-vfs-smb,--disable-vfs-smb,samba," PACKAGECONFIG[sftp] = "--enable-vfs-sftp,--disable-vfs-sftp,libssh2," -CFLAGS_append_libc-musl = ' -DNCURSES_WIDECHAR=1 ' +# enable NCURSES_WIDECHAR=1 only if ENABLE_WIDEC has not been explicitly disabled (e.g. by the distro config). +# When compiling against the ncurses library, NCURSES_WIDECHAR needs to explicitly set to 0 in this case. +CFLAGS_append_libc-musl = "${@' -DNCURSES_WIDECHAR=1' if bb.utils.to_boolean((d.getVar('ENABLE_WIDEC') or 'True')) else ' -DNCURSES_WIDECHAR=0'}" EXTRA_OECONF = "--with-screen=ncurses --without-gpm-mouse --without-x --disable-configure-args" CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'" diff --git a/meta/recipes-extended/net-tools/net-tools_2.10.bb b/meta/recipes-extended/net-tools/net-tools_2.10.bb index de4a715971..2dafe96356 100644 --- a/meta/recipes-extended/net-tools/net-tools_2.10.bb +++ b/meta/recipes-extended/net-tools/net-tools_2.10.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://ifconfig.c;beginline=11;endline=15;md5=d1ca372080ad5401e23ca0afc35cf9ba" SRCREV = "80d7b95067f1f22fece9537dea6dff53081f4886" -SRC_URI = "git://git.code.sf.net/p/net-tools/code;protocol=https \ +SRC_URI = "git://git.code.sf.net/p/net-tools/code;protocol=https;branch=master \ file://net-tools-config.h \ file://net-tools-config.make \ file://Add_missing_headers.patch \ diff --git a/meta/recipes-extended/newt/libnewt_0.52.21.bb b/meta/recipes-extended/newt/libnewt_0.52.21.bb index 88b4cf4a03..3d35a17c92 100644 --- a/meta/recipes-extended/newt/libnewt_0.52.21.bb +++ b/meta/recipes-extended/newt/libnewt_0.52.21.bb @@ -29,7 +29,7 @@ SRC_URI[sha256sum] = "265eb46b55d7eaeb887fca7a1d51fe115658882dfe148164b6c49fccac S = "${WORKDIR}/newt-${PV}" -inherit autotools-brokensep python3native python3-dir +inherit autotools-brokensep python3native python3-dir python3targetconfig EXTRA_OECONF = "--without-tcl --with-python" diff --git a/meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch b/meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch new file mode 100644 index 0000000000..9c301f2054 --- /dev/null +++ b/meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch @@ -0,0 +1,50 @@ +From 65986f3d12d434b9bc428ceb6fcb1f6eeeb2c47d Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Mon, 17 Jan 2022 15:36:56 +0800 +Subject: [PATCH] Fix bug when combining -l with -d. + +Though it makes no sense to do pigz -ld, that is implicit when +doing unpigz -l. This commit fixes a bug for that combination. + +Upstream-Status: Backport [https://github.com/madler/pigz/commit/326bba44aa102c707dd6ebcd2fc3f413b3119db0] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + pigz.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/pigz.c b/pigz.c +index f90157f..d648216 100644 +--- a/pigz.c ++++ b/pigz.c +@@ -4007,6 +4007,13 @@ local void process(char *path) { + } + SET_BINARY_MODE(g.ind); + ++ // if requested, just list information about the input file ++ if (g.list && g.decode != 2) { ++ list_info(); ++ load_end(); ++ return; ++ } ++ + // if decoding or testing, try to read gzip header + if (g.decode) { + in_init(); +@@ -4048,13 +4055,6 @@ local void process(char *path) { + } + } + +- // if requested, just list information about input file +- if (g.list) { +- list_info(); +- load_end(); +- return; +- } +- + // create output file out, descriptor outd + if (path == NULL || g.pipeout) { + // write to stdout +-- +2.17.1 + diff --git a/meta/recipes-extended/pigz/pigz_2.6.bb b/meta/recipes-extended/pigz/pigz_2.6.bb index 05be9b733f..5c0aab55a7 100644 --- a/meta/recipes-extended/pigz/pigz_2.6.bb +++ b/meta/recipes-extended/pigz/pigz_2.6.bb @@ -8,7 +8,8 @@ SECTION = "console/utils" LICENSE = "Zlib & Apache-2.0" LIC_FILES_CHKSUM = "file://pigz.c;md5=9ae6dee8ceba9610596ed0ada493d142;beginline=7;endline=21" -SRC_URI = "http://zlib.net/${BPN}/fossils/${BP}.tar.gz" +SRC_URI = "http://zlib.net/${BPN}/fossils/${BP}.tar.gz \ + file://0001-Fix-bug-when-combining-l-with-d.patch" SRC_URI[sha256sum] = "2eed7b0d7449d1d70903f2a62cd6005d262eb3a8c9e98687bc8cbb5809db2a7d" PROVIDES_class-native += "gzip-native" diff --git a/meta/recipes-extended/procps/procps_3.3.17.bb b/meta/recipes-extended/procps/procps_3.3.17.bb index c74a901d9a..9fd3db196d 100644 --- a/meta/recipes-extended/procps/procps_3.3.17.bb +++ b/meta/recipes-extended/procps/procps_3.3.17.bb @@ -12,7 +12,7 @@ DEPENDS = "ncurses" inherit autotools gettext pkgconfig update-alternatives -SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https \ +SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https;branch=master \ file://sysctl.conf \ file://0001-w.c-correct-musl-builds.patch \ file://0002-proc-escape.c-add-missing-include.patch \ diff --git a/meta/recipes-extended/psmisc/psmisc_23.4.bb b/meta/recipes-extended/psmisc/psmisc_23.4.bb index 894443f4ef..89fe8a709c 100644 --- a/meta/recipes-extended/psmisc/psmisc_23.4.bb +++ b/meta/recipes-extended/psmisc/psmisc_23.4.bb @@ -2,7 +2,7 @@ require psmisc.inc LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3" -SRC_URI = "git://gitlab.com/psmisc/psmisc.git;protocol=https \ +SRC_URI = "git://gitlab.com/psmisc/psmisc.git;protocol=https;branch=master \ file://0001-Use-UINTPTR_MAX-instead-of-__WORDSIZE.patch \ " SRCREV = "5fab6b7ab385080f1db725d6803136ec1841a15f" diff --git a/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb b/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb index 5aff2b56a6..ad392138b5 100644 --- a/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb +++ b/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb @@ -19,7 +19,7 @@ PV = "1.4.2" SRCREV = "6f54e54455c073d08a56ea627c6cd2355a40eb53" -SRC_URI = "git://github.com/thkukuk/${BPN} \ +SRC_URI = "git://github.com/thkukuk/${BPN};branch=master;protocol=https \ file://0001-Use-cross-compiled-rpcgen.patch \ " diff --git a/meta/recipes-extended/sysklogd/sysklogd_2.2.2.bb b/meta/recipes-extended/sysklogd/sysklogd_2.2.2.bb index 5dfeca5326..01a079f041 100644 --- a/meta/recipes-extended/sysklogd/sysklogd_2.2.2.bb +++ b/meta/recipes-extended/sysklogd/sysklogd_2.2.2.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5b4be4b2549338526758ef479c040943 \ inherit update-rc.d update-alternatives systemd autotools -SRC_URI = "git://github.com/troglobit/sysklogd.git;nobranch=1 \ +SRC_URI = "git://github.com/troglobit/sysklogd.git;nobranch=1;protocol=https \ file://sysklogd \ " diff --git a/meta/recipes-extended/tar/tar_1.34.bb b/meta/recipes-extended/tar/tar_1.34.bb index 66c11cbfea..f41e5b33d4 100644 --- a/meta/recipes-extended/tar/tar_1.34.bb +++ b/meta/recipes-extended/tar/tar_1.34.bb @@ -64,3 +64,4 @@ BBCLASSEXTEND = "native nativesdk" # These are both specific to the NPM package node-tar CVE_CHECK_WHITELIST += "CVE-2021-32803 CVE-2021-32804" +CVE_CHECK_WHITELIST += "CVE-2021-37701 CVE-2021-37712 CVE-2021-37713" diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index a89560b424..5c19e9a7f4 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2021a" +PV = "2021d" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \ @@ -14,5 +14,6 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "eb46bfa124b5b6bd13d61a609bfde8351bd192894708d33aa06e5c1e255802d0" -SRC_URI[tzdata.sha256sum] = "39e7d2ba08c68cbaefc8de3227aab0dec2521be8042cf56855f7dc3a9fb14e08" +SRC_URI[tzcode.sha256sum] = "ed0d02be79b54f4449ba1f239aeaf9315da490bf32f401d302dcbba4921f591d" +SRC_URI[tzdata.sha256sum] = "d7c188a2b33d4a3c25ee4a9fdc68c1ff462bfdb302cf41343d84ca5942dbddf6" + diff --git a/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb b/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb index 69d5b2f83b..c6d356d227 100644 --- a/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb +++ b/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=55c5fdf02cfcca3fc9621b6f2ceae10f" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" -SRC_URI = "git://github.com/openSUSE/xinetd.git;protocol=https \ +SRC_URI = "git://github.com/openSUSE/xinetd.git;protocol=https;branch=master \ file://xinetd.init \ file://xinetd.default \ file://xinetd.service \ diff --git a/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch b/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch new file mode 100644 index 0000000000..02253f968c --- /dev/null +++ b/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch @@ -0,0 +1,47 @@ +From 7a2729ee7f5d9b9d4a0d9b83fe641a2ab03c4ee0 Mon Sep 17 00:00:00 2001 +From: Joe Slater <joe.slater@windriver.com> +Date: Thu, 24 Feb 2022 17:36:59 -0800 +Subject: [PATCH 1/2] configure: use correct CPP + +configure uses CPP to test that two assembler routines +can be built. Unfortunately, it will use /usr/bin/cpp +if it exists, invalidating the tests. We use the $CC +passed to configure. + +Upstream-Status: Inappropriate [openembedded specific] + +Signed-off-by: Joe Slater <joe.slater@windriver.com> +--- + unix/configure | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/unix/configure b/unix/configure +index 73ba803..7e21070 100644 +--- a/unix/configure ++++ b/unix/configure +@@ -220,13 +220,16 @@ fi + echo Check for the C preprocessor + # on SVR4, cc -E does not produce correct assembler files. Need /lib/cpp. + CPP="${CC} -E" ++ ++# We should not change CPP for yocto builds. ++# + # solaris as(1) needs -P, maybe others as well ? +-[ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P" +-[ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp +-[ -f /lib/cpp ] && CPP=/lib/cpp +-[ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp +-[ -f /xenix ] && CPP="${CC} -E" +-[ -f /lynx.os ] && CPP="${CC} -E" ++# [ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P" ++# [ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp ++# [ -f /lib/cpp ] && CPP=/lib/cpp ++# [ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp ++# [ -f /xenix ] && CPP="${CC} -E" ++# [ -f /lynx.os ] && CPP="${CC} -E" + + echo "#include <stdio.h>" > conftest.c + $CPP conftest.c >/dev/null 2>/dev/null || CPP="${CC} -E" +-- +2.24.1 + diff --git a/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch b/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch new file mode 100644 index 0000000000..6e0879616a --- /dev/null +++ b/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch @@ -0,0 +1,34 @@ +From b0492506d2c28581193906e9d260d4f0451e2c39 Mon Sep 17 00:00:00 2001 +From: Joe Slater <joe.slater@windriver.com> +Date: Thu, 24 Feb 2022 17:46:03 -0800 +Subject: [PATCH 2/2] configure: support PIC code build + +Disable building match.S. The code requires +relocation in .text. + +Upstream-Status: Inappropriate [openembedded specific] + +Signed-off-by: Joe Slater <joe.slater@windriver.com> +--- + unix/configure | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/unix/configure b/unix/configure +index 7e21070..1bc698b 100644 +--- a/unix/configure ++++ b/unix/configure +@@ -242,8 +242,9 @@ if eval "$CPP match.S > _match.s 2>/dev/null"; then + if test ! -s _match.s || grep error < _match.s > /dev/null; then + : + elif eval "$CC -c _match.s >/dev/null 2>/dev/null" && [ -f _match.o ]; then +- CFLAGS="${CFLAGS} -DASMV" +- OBJA="match.o" ++ # disable match.S for PIC code ++ # CFLAGS="${CFLAGS} -DASMV" ++ # OBJA="match.o" + echo "int foo() { return 0;}" > conftest.c + $CC -c conftest.c >/dev/null 2>/dev/null + echo Check if compiler generates underlines +-- +2.24.1 + diff --git a/meta/recipes-extended/zip/zip_3.0.bb b/meta/recipes-extended/zip/zip_3.0.bb index 18b5d8648e..f8e0b6e259 100644 --- a/meta/recipes-extended/zip/zip_3.0.bb +++ b/meta/recipes-extended/zip/zip_3.0.bb @@ -14,6 +14,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/Zip%203.x%20%28latest%29/3.0/zip30.tar. file://fix-security-format.patch \ file://10-remove-build-date.patch \ file://zipnote-crashes-with-segfault.patch \ + file://0001-configure-use-correct-CPP.patch \ + file://0002-configure-support-PIC-code-build.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" diff --git a/meta/recipes-extended/zstd/zstd_1.4.9.bb b/meta/recipes-extended/zstd/zstd_1.4.9.bb index 44224ec627..b648c84093 100644 --- a/meta/recipes-extended/zstd/zstd_1.4.9.bb +++ b/meta/recipes-extended/zstd/zstd_1.4.9.bb @@ -9,7 +9,7 @@ LICENSE = "BSD-3-Clause & GPLv2" LIC_FILES_CHKSUM = "file://LICENSE;md5=c7f0b161edbe52f5f345a3d1311d0b32 \ file://COPYING;md5=39bba7d2cf0ba1036f2a6e2be52fe3f0" -SRC_URI = "git://github.com/facebook/zstd.git;branch=release \ +SRC_URI = "git://github.com/facebook/zstd.git;branch=release;protocol=https \ file://0001-Makefile-sort-all-wildcard-file-list-expansions.patch \ " |