diff options
Diffstat (limited to 'meta-oe')
17 files changed, 165 insertions, 12 deletions
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/0001-.F.-DEV-2077-fixed-reflected-XSS-issues.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/0001-.F.-DEV-2077-fixed-reflected-XSS-issues.patch new file mode 100644 index 0000000000..1d32a9cfdd --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/0001-.F.-DEV-2077-fixed-reflected-XSS-issues.patch @@ -0,0 +1,93 @@ +From fe3e2c2deeef568ec7e961340487497e31eb1a81 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Wed, 13 Apr 2022 10:19:39 +0800 +Subject: [PATCH] ..F....... [DEV-2077] fixed reflected XSS issues + +Merge in ZBX/zabbix from feature/DEV-2077-5.4 to release/5.4 + +* commit '5986cdf2572acaaaac1fc113d6407d5f0cd00c35': + ..F....... [DEV-2077] fixed service actions #3 + ..F....... [DEV-2077] fixed service actions #2 + ..F....... [DEV-2077] reverted unnecessary changes + ..F....... [DEV-2077] reverted tests + ..F....... [DEV-2077] fixed service actions + ..F....... [DEV-2077] fixed reflected XSS issue in service configuration form + ..F....... [DEV-2077] fixed reflected XSS issues in uncheckTableRows function + ..F....... [DEV-2077] fixed reflected XSS issues in graph configuration + ..F....... [DEV-2077] fixed reflected XSS issues in action configuration + +Upstream_Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/05976188fcca518c029e1af9ed03fd331786d77d] +CVE: CVE-2022-24349,CVE-2022-24917,CVE-2022-24918,CVE-2022-24919 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + ui/actionconf.php | 2 +- + ui/graphs.php | 2 +- + ui/include/func.inc.php | 5 ++--- + ui/include/views/configuration.services.edit.php | 5 +++-- + 4 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/ui/actionconf.php b/ui/actionconf.php +index 5b67f72..8cda3fc 100644 +--- a/ui/actionconf.php ++++ b/ui/actionconf.php +@@ -37,7 +37,7 @@ $fields = [ + 'name' => [T_ZBX_STR, O_OPT, null, NOT_EMPTY, 'isset({add}) || isset({update})', + _('Name') + ], +- 'eventsource' => [T_ZBX_INT, O_OPT, null, ++ 'eventsource' => [T_ZBX_INT, O_OPT, P_SYS, + IN([EVENT_SOURCE_TRIGGERS, EVENT_SOURCE_DISCOVERY, + EVENT_SOURCE_AUTOREGISTRATION, EVENT_SOURCE_INTERNAL + ]), +diff --git a/ui/graphs.php b/ui/graphs.php +index 79bb195..1d10803 100644 +--- a/ui/graphs.php ++++ b/ui/graphs.php +@@ -43,7 +43,7 @@ $fields = [ + 'name' => [T_ZBX_STR, O_OPT, null, NOT_EMPTY, 'isset({add}) || isset({update})', _('Name')], + 'width' => [T_ZBX_INT, O_OPT, null, BETWEEN(20, 65535), 'isset({add}) || isset({update})', _('Width')], + 'height' => [T_ZBX_INT, O_OPT, null, BETWEEN(20, 65535), 'isset({add}) || isset({update})', _('Height')], +- 'graphtype' => [T_ZBX_INT, O_OPT, null, IN('0,1,2,3'), 'isset({add}) || isset({update})'], ++ 'graphtype' => [T_ZBX_INT, O_OPT, P_SYS, IN('0,1,2,3'), 'isset({add}) || isset({update})'], + 'show_3d' => [T_ZBX_INT, O_OPT, P_NZERO, IN('0,1'), null], + 'show_legend' => [T_ZBX_INT, O_OPT, P_NZERO, IN('0,1'), null], + 'ymin_type' => [T_ZBX_INT, O_OPT, null, IN('0,1,2'), null], +diff --git a/ui/include/func.inc.php b/ui/include/func.inc.php +index 359fdfb..43c1a41 100644 +--- a/ui/include/func.inc.php ++++ b/ui/include/func.inc.php +@@ -2175,11 +2175,10 @@ function uncheckTableRows($parentid = null, $keepids = []) { + if ($keepids) { + // If $keepids will not have same key as value, it will create mess, when new checkbox will be checked. + $keepids = array_combine($keepids, $keepids); +- +- insert_js('sessionStorage.setItem("'.$key.'", JSON.stringify('.json_encode($keepids).'))'); ++ insert_js('sessionStorage.setItem('.json_encode($key).', JSON.stringify('.json_encode($keepids).'));'); + } + else { +- insert_js('sessionStorage.removeItem("'.$key.'")'); ++ insert_js('sessionStorage.removeItem('.json_encode($key).');'); + } + } + +diff --git a/ui/include/views/configuration.services.edit.php b/ui/include/views/configuration.services.edit.php +index a12385b..625fba9 100644 +--- a/ui/include/views/configuration.services.edit.php ++++ b/ui/include/views/configuration.services.edit.php +@@ -141,9 +141,10 @@ foreach ($this->data['children'] as $child) { + !empty($child['trigger']) ? $child['trigger'] : '', + (new CCol( + (new CButton('remove', _('Remove'))) +- ->onClick('javascript: removeDependentChild(\''.$child['serviceid'].'\');') +- ->addClass(ZBX_STYLE_BTN_LINK) + ->removeId() ++ ->addClass(ZBX_STYLE_BTN_LINK) ++ ->setAttribute('data-serviceid', $child['serviceid']) ++ ->onClick('removeDependentChild(this.dataset.serviceid);') + ))->addClass(ZBX_STYLE_NOWRAP) + ]))->setId('children_'.$child['serviceid']) + ); +-- +2.25.1 + diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix_5.2.6.bb b/meta-oe/recipes-connectivity/zabbix/zabbix_5.2.6.bb index b5ab15df48..9d2a06c5ea 100644 --- a/meta-oe/recipes-connectivity/zabbix/zabbix_5.2.6.bb +++ b/meta-oe/recipes-connectivity/zabbix/zabbix_5.2.6.bb @@ -26,6 +26,7 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" SRC_URI = "https://cdn.zabbix.com/zabbix/sources/stable/5.2/${BPN}-${PV}.tar.gz \ file://0001-Fix-configure.ac.patch \ file://zabbix-agent.service \ + file://0001-.F.-DEV-2077-fixed-reflected-XSS-issues.patch \ " SRC_URI[md5sum] = "31dab3535a1fa212f5724902727f6d4d" diff --git a/meta-oe/recipes-core/dbus/dbus-daemon-proxy/0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch b/meta-oe/recipes-core/dbus/dbus-daemon-proxy/0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch index 2c4ca057f2..1c2fc3813f 100644 --- a/meta-oe/recipes-core/dbus/dbus-daemon-proxy/0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch +++ b/meta-oe/recipes-core/dbus/dbus-daemon-proxy/0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch @@ -21,7 +21,7 @@ index 009e4fd..f3f0d80 100644 if (!dbus_conn) - return; -+ DBUS_HANDLER_RESULT_NOT_YET_HANDLED; ++ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; if (verbose) g_print ("New message from server: type='%d' path='%s' iface='%s'" diff --git a/meta-oe/recipes-core/plymouth/files/0001-systemd-switch-to-KillMode-mixed.patch b/meta-oe/recipes-core/plymouth/files/0001-systemd-switch-to-KillMode-mixed.patch new file mode 100644 index 0000000000..eb1c8db21c --- /dev/null +++ b/meta-oe/recipes-core/plymouth/files/0001-systemd-switch-to-KillMode-mixed.patch @@ -0,0 +1,43 @@ +From 9d0f8b2e7bc2d1d2b0900fcdf119bb9a2cc4f474 Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Tue, 25 Aug 2020 10:49:11 -0400 +Subject: [PATCH] systemd: switch to KillMode=mixed + +KillMode=none is deprecated, so we need to stop using it. + +For now, use `KillMode=mixed` and `IgnoreOnIsolate=true` instead. + +In the future, we should change plymouth to be able to exit and +start again without restarting the active animation, but that's +going to require some effort. + +https://gitlab.freedesktop.org/plymouth/plymouth/-/issues/123 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/plymouth/plymouth/-/commit/9d0f8b2e7bc2d1d2b0900fcdf119bb9a2cc4f474] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + systemd-units/plymouth-start.service.in | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/systemd-units/plymouth-start.service.in b/systemd-units/plymouth-start.service.in +index 3d00cc6..830a62d 100644 +--- a/systemd-units/plymouth-start.service.in ++++ b/systemd-units/plymouth-start.service.in +@@ -6,11 +6,12 @@ After=systemd-vconsole-setup.service systemd-udev-trigger.service systemd-udevd. + Before=systemd-ask-password-plymouth.service + ConditionKernelCommandLine=!plymouth.enable=0 + ConditionVirtualization=!container ++IgnoreOnIsolate=true + + [Service] + ExecStart=@PLYMOUTH_DAEMON_DIR@/plymouthd --mode=boot --pid-file=@plymouthruntimedir@/pid --attach-to-session + ExecStartPost=-@PLYMOUTH_CLIENT_DIR@/plymouth show-splash + Type=forking + RemainAfterExit=yes +-KillMode=none ++KillMode=mixed + SendSIGKILL=no +-- +2.17.1 + diff --git a/meta-oe/recipes-core/plymouth/plymouth_0.9.5.bb b/meta-oe/recipes-core/plymouth/plymouth_0.9.5.bb index e5d8c98195..d096462eed 100644 --- a/meta-oe/recipes-core/plymouth/plymouth_0.9.5.bb +++ b/meta-oe/recipes-core/plymouth/plymouth_0.9.5.bb @@ -20,6 +20,7 @@ RPROVIDES:${PN} = "virtual-psplash virtual-psplash-support" SRC_URI = " \ http://www.freedesktop.org/software/plymouth/releases/${BPN}-${PV}.tar.xz \ file://0001-Make-full-path-to-systemd-tty-ask-password-agent-con.patch \ + file://0001-systemd-switch-to-KillMode-mixed.patch \ " SRC_URI[md5sum] = "8a25d23f3ae732af300a56fa33cacff2" diff --git a/meta-oe/recipes-devtools/breakpad/breakpad_git.bb b/meta-oe/recipes-devtools/breakpad/breakpad_git.bb index fabf59d4b2..c752a10083 100644 --- a/meta-oe/recipes-devtools/breakpad/breakpad_git.bb +++ b/meta-oe/recipes-devtools/breakpad/breakpad_git.bb @@ -29,7 +29,7 @@ SRCREV_lss = "fd00dbbd0c06a309c657d89e9430143b179ff6db" SRCREV_gyp = "324dd166b7c0b39d513026fa52d6280ac6d56770" SRC_URI = "git://github.com/google/breakpad;name=breakpad;branch=main;protocol=https \ - git://github.com/google/googletest.git;destsuffix=git/src/testing/gtest;name=gtest;branch=master;protocol=https \ + git://github.com/google/googletest.git;destsuffix=git/src/testing/gtest;name=gtest;branch=main;protocol=https \ git://github.com/protocolbuffers/protobuf.git;destsuffix=git/src/third_party/protobuf/protobuf;name=protobuf;branch=master;protocol=https \ git://chromium.googlesource.com/linux-syscall-support;protocol=https;branch=main;destsuffix=git/src/third_party/lss;name=lss \ git://chromium.googlesource.com/external/gyp;protocol=https;destsuffix=git/src/tools/gyp;name=gyp;branch=master \ diff --git a/meta-oe/recipes-extended/ostree/ostree_2021.3.bb b/meta-oe/recipes-extended/ostree/ostree_2021.3.bb index 803186058a..7fb458ca10 100644 --- a/meta-oe/recipes-extended/ostree/ostree_2021.3.bb +++ b/meta-oe/recipes-extended/ostree/ostree_2021.3.bb @@ -181,7 +181,7 @@ RDEPENDS:${PN}-ptest += " \ " RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-utils glibc-localedata-en-us" -RRECOMMENDS:${PN} += "kernel-module-overlay" +RRECOMMENDS:${PN}:append:class-target = " kernel-module-overlay" SYSTEMD_SERVICE:${PN} = "ostree-remount.service ostree-finalize-staged.path" SYSTEMD_SERVICE:${PN}-switchroot = "ostree-prepare-root.service" diff --git a/meta-oe/recipes-extended/snappy/snappy_1.1.9.bb b/meta-oe/recipes-extended/snappy/snappy_1.1.9.bb index 252ba9f3dc..0d58345d7a 100644 --- a/meta-oe/recipes-extended/snappy/snappy_1.1.9.bb +++ b/meta-oe/recipes-extended/snappy/snappy_1.1.9.bb @@ -10,7 +10,7 @@ compression ratio." LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=f62f3080324a97b3159a7a7e61812d0c" -SRC_URI = "gitsm://github.com/google/snappy.git;protocol=https;branch=master \ +SRC_URI = "gitsm://github.com/google/snappy.git;protocol=https;branch=main \ file://0001-Add-inline-with-SNAPPY_ATTRIBUTE_ALWAYS_INLINE.patch \ " SRCREV = "2b63814b15a2aaae54b7943f0cd935892fae628f" diff --git a/meta-oe/recipes-extended/tiptop/tiptop_2.3.1.bb b/meta-oe/recipes-extended/tiptop/tiptop_2.3.1.bb index 31d0dae25c..b4e5fd4d73 100644 --- a/meta-oe/recipes-extended/tiptop/tiptop_2.3.1.bb +++ b/meta-oe/recipes-extended/tiptop/tiptop_2.3.1.bb @@ -1,10 +1,10 @@ SUMMARY = "Hardware performance monitoring counters" -HOMEPAGE = "http://tiptop.gforge.inria.fr/" +HOMEPAGE = "https://team.inria.fr/pacap/software/tiptop/" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS = "ncurses libxml2 bison-native flex-native" -SRC_URI = "http://tiptop.gforge.inria.fr/releases/${BP}.tar.gz \ +SRC_URI = "http://files.inria.fr/pacap/${BPN}/${BP}.tar.gz \ file://0001-Fix-parallel-build-problems-by-Adrian-Bunk.patch \ file://0002-fix-reproducibility-of-build-process.patch \ file://0001-Fix-build-when-S-B.patch \ @@ -12,6 +12,8 @@ SRC_URI = "http://tiptop.gforge.inria.fr/releases/${BP}.tar.gz \ SRC_URI[md5sum] = "46ca0fdf0236f02dd2b96d347626d2a2" SRC_URI[sha256sum] = "51c4449c95bba34f16b429729c2f58431490665d8093efaa8643b2e1d1084182" +UPSTREAM_CHECK_URI = "https://team.inria.fr/pacap/software/tiptop/" + inherit autotools EXTRA_OECONF = "CFLAGS="$CFLAGS -I${STAGING_INCDIR}/libxml2"" diff --git a/meta-oe/recipes-graphics/graphviz/graphviz_2.44.1.bb b/meta-oe/recipes-graphics/graphviz/graphviz_2.44.1.bb index 7d2515e075..203e0206fb 100644 --- a/meta-oe/recipes-graphics/graphviz/graphviz_2.44.1.bb +++ b/meta-oe/recipes-graphics/graphviz/graphviz_2.44.1.bb @@ -74,6 +74,17 @@ do_install:append:class-nativesdk() { } FILES:${PN}:class-nativesdk += "${SDKPATHNATIVE}" +# create /usr/lib/graphviz/config6 +graphviz_sstate_postinst() { + mkdir -p ${SYSROOT_DESTDIR}${bindir} + dest=${SYSROOT_DESTDIR}${bindir}/postinst-${PN} + echo '#!/bin/sh' > $dest + echo '' >> $dest + echo 'dot -c' >> $dest + chmod 0755 $dest +} +SYSROOT_PREPROCESS_FUNCS:append:class-native = " graphviz_sstate_postinst" + PACKAGES =+ "${PN}-python ${PN}-perl ${PN}-demo" FILES:${PN}-python += "${libdir}/python*/site-packages/ ${libdir}/graphviz/python/" diff --git a/meta-oe/recipes-graphics/imlib2/imlib2_git.bb b/meta-oe/recipes-graphics/imlib2/imlib2_git.bb index 56d41cd394..869f8123db 100644 --- a/meta-oe/recipes-graphics/imlib2/imlib2_git.bb +++ b/meta-oe/recipes-graphics/imlib2/imlib2_git.bb @@ -14,7 +14,7 @@ inherit autotools pkgconfig lib_package AUTO_LIBNAME_PKGS = "" -SRC_URI = "git://git.enlightenment.org/legacy/${BPN}.git;protocol=https;branch=master" +SRC_URI = "git://git.enlightenment.org/old/legacy-${BPN}.git;protocol=https;branch=master" S = "${WORKDIR}/git" PACKAGECONFIG ??= "jpeg png zlib ${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" diff --git a/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb b/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb index c89204062e..e9841e483e 100644 --- a/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb +++ b/meta-oe/recipes-multimedia/cdrkit/cdrkit_1.1.11.bb @@ -23,6 +23,8 @@ inherit cmake DEPENDS = "libcap file bzip2" RDEPENDS:dirsplit = "perl" +RDEPENDS:${PN}-dev = "" + PACKAGES =+ "dirsplit genisoimage icedax wodim" FILES:dirsplit = " \ diff --git a/meta-oe/recipes-support/htop/htop_3.0.5.bb b/meta-oe/recipes-support/htop/htop_3.0.5.bb index 2772aa577d..7be9a1186c 100644 --- a/meta-oe/recipes-support/htop/htop_3.0.5.bb +++ b/meta-oe/recipes-support/htop/htop_3.0.5.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4099d367cd5e59b6d4fc1ee33accb891" DEPENDS = "ncurses" -SRC_URI = "git://github.com/htop-dev/htop.git;branch=master;protocol=https \ +SRC_URI = "git://github.com/htop-dev/htop.git;branch=main;protocol=https \ file://0001-Use-pkg-config.patch \ " SRCREV = "ce6d60e7def146c13d0b8bca4642e7401a0a8995" diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb index bb111a1c9b..008a83f46d 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb @@ -11,7 +11,7 @@ DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool" BASE_PV := "${PV}" PV .= "_25" -SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=master;protocol=https" +SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https" SRCREV = "8b4e00829eb84d4e7b4da11acf1f98f1e8166e5b" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/syslog-ng/files/syslog-ng.service-the-syslog-ng-service.patch b/meta-oe/recipes-support/syslog-ng/files/syslog-ng.service-the-syslog-ng-service.patch index 0e1d09492b..7334800304 100644 --- a/meta-oe/recipes-support/syslog-ng/files/syslog-ng.service-the-syslog-ng-service.patch +++ b/meta-oe/recipes-support/syslog-ng/files/syslog-ng.service-the-syslog-ng-service.patch @@ -38,7 +38,7 @@ index 0ccc2b9..7f08c0e 100644 -CONTROL_FILE=/var/run/syslog-ng.ctl -PID_FILE=/var/run/syslog-ng.pid +PERSIST_FILE=@LOCALSTATEDIR@/lib/syslog-ng/syslog-ng.persist -+CONTROL_FILE=@LOCALSTATEDIR@/lib/syslog-ng/syslog-ng.ctl ++CONTROL_FILE=@LOCALSTATEDIR@/run/syslog-ng/syslog-ng.ctl +PID_FILE=@LOCALSTATEDIR@/run/syslog-ng.pid OTHER_OPTIONS="--enable-core" -- diff --git a/meta-oe/recipes-support/udisks/udisks2_2.9.3.bb b/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb index 30c00d43ca..ec13cfa26b 100644 --- a/meta-oe/recipes-support/udisks/udisks2_2.9.3.bb +++ b/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb @@ -18,7 +18,7 @@ DEPENDS += "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" RDEPENDS:${PN} = "acl" SRC_URI = "git://github.com/storaged-project/udisks.git;branch=2.9.x-branch;protocol=https" -SRCREV = "c430dd9a27e158693cc783e9ee91bf6e5b2a8819" +SRCREV = "001c486e6d099ed33e2de4f5c73c03e3ee180f81" S = "${WORKDIR}/git" CVE_PRODUCT = "udisks" diff --git a/meta-oe/recipes-test/cmocka/cmocka_1.1.5.bb b/meta-oe/recipes-test/cmocka/cmocka_1.1.5.bb index 2e34f6ab44..554d582a57 100644 --- a/meta-oe/recipes-test/cmocka/cmocka_1.1.5.bb +++ b/meta-oe/recipes-test/cmocka/cmocka_1.1.5.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57" SRCREV = "a4fc3dd7705c277e3a57432895e9852ea105dac9" PV .= "+git${SRCPV}" -SRC_URI = "git://git.cryptomilk.org/projects/cmocka.git;branch=master \ +SRC_URI = "git://git.cryptomilk.org/projects/cmocka.git;protocol=https;branch=master \ file://run-ptest \ " |