diff options
Diffstat (limited to 'meta-oe/recipes-extended')
63 files changed, 643 insertions, 58 deletions
diff --git a/meta-oe/recipes-extended/brotli/brotli/0001-brotli-fix-CVE-2020-8927.patch b/meta-oe/recipes-extended/brotli/brotli/0001-brotli-fix-CVE-2020-8927.patch new file mode 100644 index 0000000000..c21794d147 --- /dev/null +++ b/meta-oe/recipes-extended/brotli/brotli/0001-brotli-fix-CVE-2020-8927.patch @@ -0,0 +1,44 @@ +From 95ab3786ce0f16e08e41f7bf216969a37dc86cad Mon Sep 17 00:00:00 2001 +From: Jan Kraemer <jan@spectrejan.de> +Date: Thu, 7 Oct 2021 12:48:04 +0200 +Subject: [PATCH] brotli: fix CVE-2020-8927 + +[No upstream tracking] -- + +This fixes a potential overflow when input chunk is >2GiB in +BrotliGetAvailableBits by capping the returned value to 2^30 + +Fixed in brotli version 1.0.8 +https://github.com/google/brotli as of commit id +223d80cfbec8fd346e32906c732c8ede21f0cea6 + +Patch taken from Debian Buster: 1.0.7-2+deb10u1 +http://deb.debian.org/debian/pool/main/b/brotli/brotli_1.0.7-2+deb10u1.dsc +https://security-tracker.debian.org/tracker/CVE-2020-8927 + + +Upstream-Status: Backported +CVE: CVE-2020-8927 + +Signed-off-by: Jan Kraemer <jan@spectrejan.de> +--- + c/dec/bit_reader.h | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/c/dec/bit_reader.h b/c/dec/bit_reader.h +index c06e914..0d20312 100644 +--- a/c/dec/bit_reader.h ++++ b/c/dec/bit_reader.h +@@ -87,8 +87,11 @@ static BROTLI_INLINE uint32_t BrotliGetAvailableBits( + } + + /* Returns amount of unread bytes the bit reader still has buffered from the +- BrotliInput, including whole bytes in br->val_. */ ++ BrotliInput, including whole bytes in br->val_. Result is capped with ++ maximal ring-buffer size (larger number won't be utilized anyway). */ + static BROTLI_INLINE size_t BrotliGetRemainingBytes(BrotliBitReader* br) { ++ static const size_t kCap = (size_t)1 << 30; ++ if (br->avail_in > kCap) return kCap; + return br->avail_in + (BrotliGetAvailableBits(br) >> 3); + } + diff --git a/meta-oe/recipes-extended/brotli/brotli_1.0.7.bb b/meta-oe/recipes-extended/brotli/brotli_1.0.7.bb index 70dbcaffb1..77fef778a4 100644 --- a/meta-oe/recipes-extended/brotli/brotli_1.0.7.bb +++ b/meta-oe/recipes-extended/brotli/brotli_1.0.7.bb @@ -6,7 +6,9 @@ BUGTRACKER = "https://github.com/google/brotli/issues" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=941ee9cd1609382f946352712a319b4b" -SRC_URI = "git://github.com/google/brotli.git" +SRC_URI = "git://github.com/google/brotli.git;branch=master;protocol=https \ + file://0001-brotli-fix-CVE-2020-8927.patch \ + " # tag 1.0.7 SRCREV= "d6d98957ca8ccb1ef45922e978bb10efca0ea541" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/cmpi-bindings/cmpi-bindings_1.0.1.bb b/meta-oe/recipes-extended/cmpi-bindings/cmpi-bindings_1.0.1.bb index 6c71d534be..388feb703b 100644 --- a/meta-oe/recipes-extended/cmpi-bindings/cmpi-bindings_1.0.1.bb +++ b/meta-oe/recipes-extended/cmpi-bindings/cmpi-bindings_1.0.1.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b19ee058d2d5f69af45da98051d91064" SECTION = "Development/Libraries" DEPENDS = "swig-native python3 sblim-cmpi-devel" -SRC_URI = "git://github.com/kkaempf/cmpi-bindings.git;protocol=http \ +SRC_URI = "git://github.com/kkaempf/cmpi-bindings.git;protocol=http;branch=master;protocol=https \ file://cmpi-bindings-0.4.17-no-ruby-perl.patch \ file://cmpi-bindings-0.4.17-sblim-sigsegv.patch \ file://cmpi-bindings-0.9.5-python-lib-dir.patch \ diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.7.bb b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.7.bb index 842652889c..2a045f5790 100644 --- a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.7.bb +++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.7.bb @@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=8184208060df880fe3137b93eb88aeea" DEPENDS = "zlib gzip-native json-c" -SRC_URI = "git://github.com/GENIVI/${BPN}.git;protocol=https \ +SRC_URI = "git://github.com/GENIVI/${BPN}.git;protocol=https;branch=master \ file://0002-Don-t-execute-processes-as-a-specific-user.patch \ file://0004-Modify-systemd-config-directory.patch \ file://317.patch \ diff --git a/meta-oe/recipes-extended/docopt.cpp/docopt.cpp_git.bb b/meta-oe/recipes-extended/docopt.cpp/docopt.cpp_git.bb index aa55ebf84d..162f5aa339 100644 --- a/meta-oe/recipes-extended/docopt.cpp/docopt.cpp_git.bb +++ b/meta-oe/recipes-extended/docopt.cpp/docopt.cpp_git.bb @@ -18,7 +18,7 @@ SRCREV = "3dd23e3280f213bacefdf5fcb04857bf52e90917" PV = "0.6.2+git${SRCPV}" SRC_URI = "\ - git://github.com/docopt/docopt.cpp.git;protocol=https \ + git://github.com/docopt/docopt.cpp.git;protocol=https;branch=master \ file://0001-Set-library-VERSION-and-SOVERSION.patch \ " diff --git a/meta-oe/recipes-extended/dumb-init/dumb-init_1.2.2.bb b/meta-oe/recipes-extended/dumb-init/dumb-init_1.2.2.bb index 09eab9dcd0..eb00092c7b 100644 --- a/meta-oe/recipes-extended/dumb-init/dumb-init_1.2.2.bb +++ b/meta-oe/recipes-extended/dumb-init/dumb-init_1.2.2.bb @@ -4,7 +4,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=5940d39995ea6857d01b8227109c2e9c" SRCREV = "b1e978e486114797347deefcc03ab12629a13cc3" -SRC_URI = "git://github.com/Yelp/dumb-init" +SRC_URI = "git://github.com/Yelp/dumb-init;branch=master;protocol=https" S = "${WORKDIR}/git" EXTRA_OEMAKE = "CC='${CC}' CFLAGS='${CFLAGS} ${LDFLAGS}'" diff --git a/meta-oe/recipes-extended/figlet/figlet_git.bb b/meta-oe/recipes-extended/figlet/figlet_git.bb index 4611646b9b..61b050aac6 100644 --- a/meta-oe/recipes-extended/figlet/figlet_git.bb +++ b/meta-oe/recipes-extended/figlet/figlet_git.bb @@ -4,7 +4,7 @@ HOMEPAGE = "http://www.figlet.org/" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=1688bcd97b27704f1afcac7336409857" -SRC_URI = "git://github.com/cmatsuoka/figlet.git \ +SRC_URI = "git://github.com/cmatsuoka/figlet.git;branch=master;protocol=https \ file://0001-build-add-autotools-support-to-allow-easy-cross-comp.patch" SRCREV = "5bbcd7383a8c3a531299b216b0c734e1495c6db3" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot_5.2.8.bb b/meta-oe/recipes-extended/gnuplot/gnuplot_5.2.8.bb index 926d8851d2..b2c41756e5 100644 --- a/meta-oe/recipes-extended/gnuplot/gnuplot_5.2.8.bb +++ b/meta-oe/recipes-extended/gnuplot/gnuplot_5.2.8.bb @@ -32,7 +32,7 @@ BBCLASSEXTEND = "native" DEPENDS_class-native = "readline-native" PACKAGECONFIG_class-native = "" -SRC_URI_append_class-native = "file://0001-reduce-build-to-conversion-tools-for-native-build.patch" +SRC_URI_append_class-native = " file://0001-reduce-build-to-conversion-tools-for-native-build.patch" do_install_class-native() { install -d ${D}${bindir} diff --git a/meta-oe/recipes-extended/haveged/haveged_1.9.13.bb b/meta-oe/recipes-extended/haveged/haveged_1.9.13.bb index 50326ea2f4..19b0d8dbd7 100644 --- a/meta-oe/recipes-extended/haveged/haveged_1.9.13.bb +++ b/meta-oe/recipes-extended/haveged/haveged_1.9.13.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM="file://COPYING;md5=d32239bcb673463ab874e80d47fae504" # v1.9.9 SRCREV = "1283a65c541c4a83e152024a63faf7b267b9b1cd" -SRC_URI = "git://github.com/jirka-h/haveged.git \ +SRC_URI = "git://github.com/jirka-h/haveged.git;branch=master;protocol=https \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/hexedit/hexedit_1.4.2.bb b/meta-oe/recipes-extended/hexedit/hexedit_1.4.2.bb index 050b7da3d7..c0d1b1b8bb 100644 --- a/meta-oe/recipes-extended/hexedit/hexedit_1.4.2.bb +++ b/meta-oe/recipes-extended/hexedit/hexedit_1.4.2.bb @@ -6,7 +6,7 @@ DEPENDS = "ncurses" LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3" -SRC_URI = "git://github.com/pixel/hexedit.git \ +SRC_URI = "git://github.com/pixel/hexedit.git;branch=master;protocol=https \ " SRCREV = "800e4b2e6280531a84fd23ee0b48e16baeb90878" diff --git a/meta-oe/recipes-extended/hiredis/hiredis_0.14.0.bb b/meta-oe/recipes-extended/hiredis/hiredis_0.14.0.bb index 29f8de8d2f..cee1f342bd 100644 --- a/meta-oe/recipes-extended/hiredis/hiredis_0.14.0.bb +++ b/meta-oe/recipes-extended/hiredis/hiredis_0.14.0.bb @@ -6,7 +6,7 @@ DEPENDS = "redis" LIC_FILES_CHKSUM = "file://COPYING;md5=d84d659a35c666d23233e54503aaea51" SRCREV = "685030652cd98c5414ce554ff5b356dfe8437870" -SRC_URI = "git://github.com/redis/hiredis;protocol=git \ +SRC_URI = "git://github.com/redis/hiredis;protocol=https;branch=master \ file://0001-Makefile-remove-hardcoding-of-CC.patch" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/iotop/iotop_0.6.bb b/meta-oe/recipes-extended/iotop/iotop_0.6.bb index 3a597218db..19af46cb16 100644 --- a/meta-oe/recipes-extended/iotop/iotop_0.6.bb +++ b/meta-oe/recipes-extended/iotop/iotop_0.6.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4325afd396febcb659c36b49533135d4" PV .= "+git${SRCPV}" SRCREV = "1bfb3bc70febb1ffb95146b6dcd65257228099a3" -SRC_URI = "git://repo.or.cz/iotop.git" +SRC_URI = "git://repo.or.cz/iotop.git;branch=master" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/isomd5sum/isomd5sum_1.2.3.bb b/meta-oe/recipes-extended/isomd5sum/isomd5sum_1.2.3.bb index b7899a11b6..2f4724a336 100644 --- a/meta-oe/recipes-extended/isomd5sum/isomd5sum_1.2.3.bb +++ b/meta-oe/recipes-extended/isomd5sum/isomd5sum_1.2.3.bb @@ -7,7 +7,7 @@ RDEPENDS_${BPN} = "openssl curl" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" -SRC_URI = "git://github.com/rhinstaller/isomd5sum.git;branch=master \ +SRC_URI = "git://github.com/rhinstaller/isomd5sum.git;branch=master;protocol=https \ file://0001-tweak-install-prefix.patch \ file://0002-fix-parallel-error.patch \ " diff --git a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb index d6e56ea768..7beea9f1e7 100644 --- a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb +++ b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb @@ -11,4 +11,7 @@ SRC_URI[sha256sum] = "f4f377da17b10201a60c1108613e78ee15df6b12016b116b6de42209f4 inherit autotools pkgconfig +# upstream considers it isn't a real bug https://github.com/akheron/jansson/issues/548 +CVE_CHECK_WHITELIST = "CVE-2020-36325 " + BBCLASSEXTEND = "native" diff --git a/meta-oe/recipes-extended/jpnevulator/jpnevulator_git.bb b/meta-oe/recipes-extended/jpnevulator/jpnevulator_git.bb index 50dd74b685..ba1fece05c 100644 --- a/meta-oe/recipes-extended/jpnevulator/jpnevulator_git.bb +++ b/meta-oe/recipes-extended/jpnevulator/jpnevulator_git.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=892f569a555ba9c07a568a7c0c4fa63a" PV = "2.3.5+git${SRCPV}" -SRC_URI = "git://github.com/snarlistic/jpnevulator.git;protocol=http" +SRC_URI = "git://github.com/snarlistic/jpnevulator.git;protocol=http;branch=master;protocol=https" SRCREV = "c2d857091c0dfed05139ac07ea9b0f36ad259638" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/konkretcmpi/konkretcmpi_0.9.2.bb b/meta-oe/recipes-extended/konkretcmpi/konkretcmpi_0.9.2.bb index e6d5663f85..977aabf040 100644 --- a/meta-oe/recipes-extended/konkretcmpi/konkretcmpi_0.9.2.bb +++ b/meta-oe/recipes-extended/konkretcmpi/konkretcmpi_0.9.2.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f673270bfc350d9ce1efc8724c6c1873" DEPENDS_append_class-target = " swig-native sblim-cmpi-devel python3" DEPENDS_append_class-native = " cmpi-bindings-native" -SRC_URI = "git://github.com/rnovacek/konkretcmpi.git \ +SRC_URI = "git://github.com/rnovacek/konkretcmpi.git;branch=master;protocol=https \ file://0001-CMakeLists.txt-fix-lib64-can-not-be-shiped-in-64bit-.patch \ file://0001-drop-including-rpath-cmake-module.patch \ " diff --git a/meta-oe/recipes-extended/libblockdev/libblockdev_2.24.bb b/meta-oe/recipes-extended/libblockdev/libblockdev_2.24.bb index 99cdee5bba..c1023e625e 100644 --- a/meta-oe/recipes-extended/libblockdev/libblockdev_2.24.bb +++ b/meta-oe/recipes-extended/libblockdev/libblockdev_2.24.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=c07cb499d259452f324bb90c3067d85c" inherit autotools gobject-introspection -SRC_URI = "git://github.com/storaged-project/libblockdev;branch=2.x-branch" +SRC_URI = "git://github.com/storaged-project/libblockdev;branch=2.x-branch;protocol=https" SRCREV = "f5a4ba8bb298f8cbc435707d0b19b4b2ff836a8e" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/libcec/libcec_git.bb b/meta-oe/recipes-extended/libcec/libcec_git.bb index 39ceb489e2..07320e42bd 100644 --- a/meta-oe/recipes-extended/libcec/libcec_git.bb +++ b/meta-oe/recipes-extended/libcec/libcec_git.bb @@ -12,7 +12,7 @@ DEPENDS_append_rpi = "${@bb.utils.contains('MACHINE_FEATURES', 'vc4graphics', '' PV = "5.0.0" SRCREV = "43bc27fe7be491149e6f57d14110e02abdac2f24" -SRC_URI = "git://github.com/Pulse-Eight/libcec.git;branch=release \ +SRC_URI = "git://github.com/Pulse-Eight/libcec.git;branch=release;protocol=https \ file://0001-CheckPlatformSupport.cmake-Do-not-hardcode-lib-path.patch \ file://0001-Enhance-reproducibility.patch \ " diff --git a/meta-oe/recipes-extended/libdivecomputer/libdivecomputer_git.bb b/meta-oe/recipes-extended/libdivecomputer/libdivecomputer_git.bb index b7c1958eef..e763a701e5 100644 --- a/meta-oe/recipes-extended/libdivecomputer/libdivecomputer_git.bb +++ b/meta-oe/recipes-extended/libdivecomputer/libdivecomputer_git.bb @@ -11,7 +11,7 @@ inherit autotools pkgconfig PV = "0.6.0" SRCREV = "1195abc2f4acc7b10175d570ec73549d0938c83e" -SRC_URI = "git://github.com/libdivecomputer/libdivecomputer.git;protocol=https \ +SRC_URI = "git://github.com/libdivecomputer/libdivecomputer.git;protocol=https;branch=master \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/libimobiledevice/libplist_2.1.0.bb b/meta-oe/recipes-extended/libimobiledevice/libplist_2.1.0.bb index a990deb91f..0906e9a645 100644 --- a/meta-oe/recipes-extended/libimobiledevice/libplist_2.1.0.bb +++ b/meta-oe/recipes-extended/libimobiledevice/libplist_2.1.0.bb @@ -9,7 +9,7 @@ DEPENDS = "libxml2 glib-2.0 swig python3" inherit autotools pkgconfig python3native python3targetconfig SRCREV = "3df02d4d0e9008771e8622fdc10de8333b3f0d85" -SRC_URI = "git://github.com/libimobiledevice/libplist;protocol=https \ +SRC_URI = "git://github.com/libimobiledevice/libplist;protocol=https;branch=master \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/libimobiledevice/libusbmuxd_git.bb b/meta-oe/recipes-extended/libimobiledevice/libusbmuxd_git.bb index 36fc5c858c..5901057840 100644 --- a/meta-oe/recipes-extended/libimobiledevice/libusbmuxd_git.bb +++ b/meta-oe/recipes-extended/libimobiledevice/libusbmuxd_git.bb @@ -7,9 +7,10 @@ DEPENDS = "udev libusb1 libplist" inherit autotools pkgconfig gitpkgv PKGV = "${GITPKGVTAG}" +PV = "1.0.10+git${SRCPV}" SRCREV = "78df9be5fc8222ed53846cb553de9b5d24c85c6c" -SRC_URI = "git://github.com/libimobiledevice/libusbmuxd;protocol=https" +SRC_URI = "git://github.com/libimobiledevice/libusbmuxd;protocol=https;branch=master" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/liblightmodbus/liblightmodbus_2.0.2.bb b/meta-oe/recipes-extended/liblightmodbus/liblightmodbus_2.0.2.bb index 7fc5997983..bbfee1ff7a 100644 --- a/meta-oe/recipes-extended/liblightmodbus/liblightmodbus_2.0.2.bb +++ b/meta-oe/recipes-extended/liblightmodbus/liblightmodbus_2.0.2.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=84dcc94da3adb52b53ae4fa38fe49e5d" inherit cmake pkgconfig -SRC_URI = "git://github.com/Jacajack/liblightmodbus.git;protocol=https \ +SRC_URI = "git://github.com/Jacajack/liblightmodbus.git;protocol=https;branch=master \ file://0001-cmake-Use-GNUInstallDirs-instead-of-hardcoding-lib-p.patch \ " SRCREV = "59d2b405f95701e5b04326589786dbb43ce49e81" diff --git a/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch b/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch new file mode 100644 index 0000000000..2aec818574 --- /dev/null +++ b/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch @@ -0,0 +1,38 @@ +From 790ff6dad16b70e68804a2d53ad54db40412e889 Mon Sep 17 00:00:00 2001 +From: Michael Heimpold <mhei@heimpold.de> +Date: Sat, 8 Jan 2022 20:00:50 +0100 +Subject: [PATCH] modbus_reply: fix copy & paste error in sanity check (fixes + #614) + +[ Upstream commit b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 ] + +While handling MODBUS_FC_WRITE_AND_READ_REGISTERS, both address offsets +must be checked, i.e. the read and the write address must be within the +mapping range. + +At the moment, only the read address was considered, it looks like a +simple copy and paste error, so let's fix it. + +CVE: CVE-2022-0367 + +Signed-off-by: Michael Heimpold <mhei@heimpold.de> +--- + src/modbus.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/modbus.c b/src/modbus.c +index 68a28a3..c871152 100644 +--- a/src/modbus.c ++++ b/src/modbus.c +@@ -961,7 +961,7 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, + nb_write, nb, MODBUS_MAX_WR_WRITE_REGISTERS, MODBUS_MAX_WR_READ_REGISTERS); + } else if (mapping_address < 0 || + (mapping_address + nb) > mb_mapping->nb_registers || +- mapping_address < 0 || ++ mapping_address_write < 0 || + (mapping_address_write + nb_write) > mb_mapping->nb_registers) { + rsp_length = response_exception( + ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, +-- +2.39.1 + diff --git a/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb b/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb index 075487ae90..5c59312760 100644 --- a/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb +++ b/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb @@ -2,7 +2,10 @@ require libmodbus.inc SRC_URI += "file://f1eb4bc7ccb09cd8d19ab641ee37637f8c34d16d.patch \ file://Fix-float-endianness-issue-on-big-endian-arch.patch \ - file://Fix-typo.patch" + file://Fix-typo.patch \ + file://CVE-2022-0367.patch \ + " + SRC_URI[md5sum] = "15c84c1f7fb49502b3efaaa668cfd25e" SRC_URI[sha256sum] = "d7d9fa94a16edb094e5fdf5d87ae17a0dc3f3e3d687fead81835d9572cf87c16" diff --git a/meta-oe/recipes-extended/libnss-nisplus/libnss-nisplus.bb b/meta-oe/recipes-extended/libnss-nisplus/libnss-nisplus.bb index c9d259b1a0..29c35caf54 100644 --- a/meta-oe/recipes-extended/libnss-nisplus/libnss-nisplus.bb +++ b/meta-oe/recipes-extended/libnss-nisplus/libnss-nisplus.bb @@ -17,7 +17,7 @@ PV = "1.3+git${SRCPV}" SRCREV = "116219e215858f4af9370171d3ead63baca8fdb4" -SRC_URI = "git://github.com/thkukuk/libnss_nisplus \ +SRC_URI = "git://github.com/thkukuk/libnss_nisplus;branch=master;protocol=https \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/libqb/libqb_1.0.5.bb b/meta-oe/recipes-extended/libqb/libqb_1.0.5.bb index cd4019666d..dbe03fedef 100644 --- a/meta-oe/recipes-extended/libqb/libqb_1.0.5.bb +++ b/meta-oe/recipes-extended/libqb/libqb_1.0.5.bb @@ -11,7 +11,7 @@ inherit autotools pkgconfig # v1.0.5 SRCREV = "d08dbcf08b0da418bce9b5427dfd89522916322a" -SRC_URI = "git://github.com/ClusterLabs/${BPN}.git;branch=version_1 \ +SRC_URI = "git://github.com/ClusterLabs/${BPN}.git;branch=version_1;protocol=https \ file://0001-build-fix-configure-script-neglecting-re-enable-out-.patch \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/libreport/libreport_2.10.0.bb b/meta-oe/recipes-extended/libreport/libreport_2.10.0.bb index 4276c49173..24784f77a0 100644 --- a/meta-oe/recipes-extended/libreport/libreport_2.10.0.bb +++ b/meta-oe/recipes-extended/libreport/libreport_2.10.0.bb @@ -11,7 +11,7 @@ DEPENDS = "xmlrpc-c xmlrpc-c-native intltool-native \ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" -SRC_URI = "git://github.com/abrt/libreport.git;protocol=https" +SRC_URI = "git://github.com/abrt/libreport.git;protocol=https;branch=master" SRC_URI += "file://0001-Makefile.am-remove-doc-and-apidoc.patch \ file://0002-configure.ac-remove-prog-test-of-xmlto-and-asciidoc.patch \ file://0003-without-build-plugins.patch \ diff --git a/meta-oe/recipes-extended/libstatgrab/libstatgrab_0.92.bb b/meta-oe/recipes-extended/libstatgrab/libstatgrab_0.92.bb index a081cb17a8..27fe0e2c40 100644 --- a/meta-oe/recipes-extended/libstatgrab/libstatgrab_0.92.bb +++ b/meta-oe/recipes-extended/libstatgrab/libstatgrab_0.92.bb @@ -31,4 +31,4 @@ FILES_statgrab-dbg = "${bindir}/.debug/statgrab" FILES_saidar = "${bindir}/saidar" FILES_saidar-dbg = "${bindir}/.debug/saidar" FILES_${PN}-mrtg = "${bindir}/statgrab-make-mrtg-config ${bindir}/statgrab-make-mrtg-index" -RDEPENDS_${PN}-mrtg_append = "perl statgrab" +RDEPENDS_${PN}-mrtg_append = " perl statgrab" diff --git a/meta-oe/recipes-extended/libuio/libuio_0.2.1.bb b/meta-oe/recipes-extended/libuio/libuio_0.2.1.bb index dd34c180a3..0278e55f3e 100644 --- a/meta-oe/recipes-extended/libuio/libuio_0.2.1.bb +++ b/meta-oe/recipes-extended/libuio/libuio_0.2.1.bb @@ -3,7 +3,7 @@ SECTION = "base" LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" -SRC_URI = "git://git.code.sf.net/p/libuio/code \ +SRC_URI = "git://git.code.sf.net/p/libuio/code;branch=master \ file://replace_inline_with_static-inline.patch \ file://0001-include-fcntl.h-for-O_RDWR-define.patch \ " diff --git a/meta-oe/recipes-extended/md5deep/md5deep_git.bb b/meta-oe/recipes-extended/md5deep/md5deep_git.bb index e8c6864c1f..cc31323c3f 100644 --- a/meta-oe/recipes-extended/md5deep/md5deep_git.bb +++ b/meta-oe/recipes-extended/md5deep/md5deep_git.bb @@ -9,7 +9,7 @@ PV = "4.4+git${SRCPV}" SRCREV = "877613493ff44807888ce1928129574be393cbb0" -SRC_URI = "git://github.com/jessek/hashdeep.git \ +SRC_URI = "git://github.com/jessek/hashdeep.git;branch=master;protocol=https \ file://wrong-variable-expansion.patch \ file://0001-Fix-literal-and-identifier-spacing-as-dictated-by-C-.patch \ " diff --git a/meta-oe/recipes-extended/mraa/mraa_git.bb b/meta-oe/recipes-extended/mraa/mraa_git.bb index 0b40dcb71b..540ef6e12a 100644 --- a/meta-oe/recipes-extended/mraa/mraa_git.bb +++ b/meta-oe/recipes-extended/mraa/mraa_git.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=91e7de50a8d3cf01057f318d72460acd" SRCREV = "e15ce6fbc76148ba8835adc92196b0d0a3f245e7" PV = "2.1.0+git${SRCPV}" -SRC_URI = "git://github.com/eclipse/${BPN}.git;protocol=http \ +SRC_URI = "git://github.com/eclipse/${BPN}.git;protocol=http;branch=master;protocol=https \ file://0001-cmake-Use-a-regular-expression-to-match-x86-architec.patch \ " diff --git a/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb b/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb index 9d5a2307e7..e96c977453 100644 --- a/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb +++ b/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb @@ -17,7 +17,7 @@ REQUIRED_DISTRO_FEATURES = "pam" SRCREV = "d8eba6cb6682b59d84ca1da67a523520b879ade6" -SRC_URI = "git://github.com/Openwsman/openwsman.git \ +SRC_URI = "git://github.com/Openwsman/openwsman.git;branch=main;protocol=https \ file://libssl-is-required-if-eventint-supported.patch \ file://openwsmand.service \ file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \ diff --git a/meta-oe/recipes-extended/ostree/ostree_2020.3.bb b/meta-oe/recipes-extended/ostree/ostree_2020.3.bb index c1f43feb67..5b0171d8c8 100644 --- a/meta-oe/recipes-extended/ostree/ostree_2020.3.bb +++ b/meta-oe/recipes-extended/ostree/ostree_2020.3.bb @@ -22,7 +22,7 @@ DEPENDS = " \ PREMIRRORS = "" SRC_URI = " \ - gitsm://github.com/ostreedev/ostree;branch=main \ + gitsm://github.com/ostreedev/ostree;branch=main;protocol=https \ file://run-ptest \ " SRCREV = "6ed48234ba579ff73eb128af237212b0a00f2057" @@ -181,7 +181,7 @@ RDEPENDS_${PN}-ptest += " \ " RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-utils glibc-localedata-en-us" -RRECOMMENDS_${PN} += "kernel-module-overlay" +RRECOMMENDS_${PN}_append_class-target = " kernel-module-overlay" SYSTEMD_SERVICE_${PN} = "ostree-remount.service ostree-finalize-staged.path" SYSTEMD_SERVICE_${PN}-switchroot = "ostree-prepare-root.service" diff --git a/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch new file mode 100644 index 0000000000..98e186cbf0 --- /dev/null +++ b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch @@ -0,0 +1,27 @@ +p7zip: Update CVE-2016-9296 patch URL. +From: Robert Luberda <robert@debian.org> +Date: Sat, 19 Nov 2016 08:48:08 +0100 +Subject: Fix nullptr dereference (CVE-2016-9296) + +Patch taken from https://sourceforge.net/p/p7zip/bugs/185/ +This patch file taken from Debian's patch set for p7zip + +Upstream-Status: Backport [https://sourceforge.net/p/p7zip/bugs/185/] +CVE: CVE-2016-9296 + +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> + +Index: p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Archive/7z/7zIn.cpp ++++ p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp +@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS + if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) + ThrowIncorrect(); + } +- HeadersSize += folders.PackPositions[folders.NumPackStreams]; ++ if (folders.PackPositions) ++ HeadersSize += folders.PackPositions[folders.NumPackStreams]; + return S_OK; + } + diff --git a/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch b/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch new file mode 100644 index 0000000000..b6deb5d3a7 --- /dev/null +++ b/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch @@ -0,0 +1,226 @@ +From: Robert Luberda <robert@debian.org> +Date: Sun, 28 Jan 2018 23:47:40 +0100 +Subject: CVE-2018-5996 + +Hopefully fix Memory Corruptions via RAR PPMd (CVE-2018-5996) by +applying a few changes from 7Zip 18.00-beta. + +Bug-Debian: https://bugs.debian.org/#888314 + +Upstream-Status: Backport [https://sources.debian.org/data/non-free/p/p7zip-rar/16.02-3/debian/patches/06-CVE-2018-5996.patch] +CVE: CVE-2018-5996 + +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> +--- + CPP/7zip/Compress/Rar1Decoder.cpp | 13 +++++++++---- + CPP/7zip/Compress/Rar1Decoder.h | 1 + + CPP/7zip/Compress/Rar2Decoder.cpp | 10 +++++++++- + CPP/7zip/Compress/Rar2Decoder.h | 1 + + CPP/7zip/Compress/Rar3Decoder.cpp | 23 ++++++++++++++++++++--- + CPP/7zip/Compress/Rar3Decoder.h | 2 ++ + 6 files changed, 42 insertions(+), 8 deletions(-) + +Index: p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.cpp +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar1Decoder.cpp ++++ p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.cpp +@@ -29,7 +29,7 @@ public: + }; + */ + +-CDecoder::CDecoder(): m_IsSolid(false) { } ++CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { } + + void CDecoder::InitStructures() + { +@@ -406,9 +406,14 @@ HRESULT CDecoder::CodeReal(ISequentialIn + InitData(); + if (!m_IsSolid) + { ++ _errorMode = false; + InitStructures(); + InitHuff(); + } ++ ++ if (_errorMode) ++ return S_FALSE; ++ + if (m_UnpackSize > 0) + { + GetFlagsBuf(); +@@ -477,9 +482,9 @@ STDMETHODIMP CDecoder::Code(ISequentialI + const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress) + { + try { return CodeReal(inStream, outStream, inSize, outSize, progress); } +- catch(const CInBufferException &e) { return e.ErrorCode; } +- catch(const CLzOutWindowException &e) { return e.ErrorCode; } +- catch(...) { return S_FALSE; } ++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(const CLzOutWindowException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(...) { _errorMode = true; return S_FALSE; } + } + + STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) +Index: p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.h +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar1Decoder.h ++++ p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.h +@@ -39,6 +39,7 @@ public: + + Int64 m_UnpackSize; + bool m_IsSolid; ++ bool _errorMode; + + UInt32 ReadBits(int numBits); + HRESULT CopyBlock(UInt32 distance, UInt32 len); +Index: p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.cpp +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar2Decoder.cpp ++++ p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.cpp +@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << + static const UInt32 kWindowReservSize = (1 << 22) + 256; + + CDecoder::CDecoder(): +- m_IsSolid(false) ++ m_IsSolid(false), ++ m_TablesOK(false) + { + } + +@@ -100,6 +101,8 @@ UInt32 CDecoder::ReadBits(unsigned numBi + + bool CDecoder::ReadTables(void) + { ++ m_TablesOK = false; ++ + Byte levelLevels[kLevelTableSize]; + Byte newLevels[kMaxTableSize]; + m_AudioMode = (ReadBits(1) == 1); +@@ -170,6 +173,8 @@ bool CDecoder::ReadTables(void) + } + + memcpy(m_LastLevels, newLevels, kMaxTableSize); ++ m_TablesOK = true; ++ + return true; + } + +@@ -344,6 +349,9 @@ HRESULT CDecoder::CodeReal(ISequentialIn + return S_FALSE; + } + ++ if (!m_TablesOK) ++ return S_FALSE; ++ + UInt64 startPos = m_OutWindowStream.GetProcessedSize(); + while (pos < unPackSize) + { +Index: p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.h +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar2Decoder.h ++++ p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.h +@@ -139,6 +139,7 @@ class CDecoder : + + UInt64 m_PackSize; + bool m_IsSolid; ++ bool m_TablesOK; + + void InitStructures(); + UInt32 ReadBits(unsigned numBits); +Index: p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.cpp +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar3Decoder.cpp ++++ p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.cpp +@@ -92,7 +92,8 @@ CDecoder::CDecoder(): + _writtenFileSize(0), + _vmData(0), + _vmCode(0), +- m_IsSolid(false) ++ m_IsSolid(false), ++ _errorMode(false) + { + Ppmd7_Construct(&_ppmd); + } +@@ -545,6 +546,9 @@ HRESULT CDecoder::ReadTables(bool &keepD + return InitPPM(); + } + ++ TablesRead = false; ++ TablesOK = false; ++ + _lzMode = true; + PrevAlignBits = 0; + PrevAlignCount = 0; +@@ -606,6 +610,9 @@ HRESULT CDecoder::ReadTables(bool &keepD + } + } + } ++ if (InputEofError()) ++ return S_FALSE; ++ + TablesRead = true; + + // original code has check here: +@@ -623,6 +630,9 @@ HRESULT CDecoder::ReadTables(bool &keepD + RIF(m_LenDecoder.Build(&newLevels[kMainTableSize + kDistTableSize + kAlignTableSize])); + + memcpy(m_LastLevels, newLevels, kTablesSizesSum); ++ ++ TablesOK = true; ++ + return S_OK; + } + +@@ -824,7 +834,12 @@ HRESULT CDecoder::CodeReal(ICompressProg + PpmEscChar = 2; + PpmError = true; + InitFilters(); ++ _errorMode = false; + } ++ ++ if (_errorMode) ++ return S_FALSE; ++ + if (!m_IsSolid || !TablesRead) + { + bool keepDecompressing; +@@ -838,6 +853,8 @@ HRESULT CDecoder::CodeReal(ICompressProg + bool keepDecompressing; + if (_lzMode) + { ++ if (!TablesOK) ++ return S_FALSE; + RINOK(DecodeLZ(keepDecompressing)) + } + else +@@ -901,8 +918,8 @@ STDMETHODIMP CDecoder::Code(ISequentialI + _unpackSize = outSize ? *outSize : (UInt64)(Int64)-1; + return CodeReal(progress); + } +- catch(const CInBufferException &e) { return e.ErrorCode; } +- catch(...) { return S_FALSE; } ++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(...) { _errorMode = true; return S_FALSE; } + // CNewException is possible here. But probably CNewException is caused + // by error in data stream. + } +Index: p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.h +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar3Decoder.h ++++ p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.h +@@ -192,6 +192,7 @@ class CDecoder: + UInt32 _lastFilter; + + bool m_IsSolid; ++ bool _errorMode; + + bool _lzMode; + bool _unsupportedFilter; +@@ -200,6 +201,7 @@ class CDecoder: + UInt32 PrevAlignCount; + + bool TablesRead; ++ bool TablesOK; + + CPpmd7 _ppmd; + int PpmEscChar; diff --git a/meta-oe/recipes-extended/p7zip/files/change_numMethods_from_bool_to_unsigned.patch b/meta-oe/recipes-extended/p7zip/files/change_numMethods_from_bool_to_unsigned.patch new file mode 100644 index 0000000000..dcde83e8a4 --- /dev/null +++ b/meta-oe/recipes-extended/p7zip/files/change_numMethods_from_bool_to_unsigned.patch @@ -0,0 +1,27 @@ +fixes the below error + +| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp: In member function 'virtual LONG NArchive::NWim::CHandler::GetArchiveProperty(PROPID, PROPVARIANT*)': +| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:308:11: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17 +| 308 | numMethods++; +| | ^~~~~~~~~~ +| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:318:9: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17 +| 318 | numMethods++; + + +use unsigned instead of bool +Signed-off-by: Nisha Parrakat <Nisha.Parrakat@kpit.com> + +Upstream-Status: Pending +Index: p7zip_16.02/CPP/7zip/Archive/Wim/WimHandler.cpp +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Archive/Wim/WimHandler.cpp ++++ p7zip_16.02/CPP/7zip/Archive/Wim/WimHandler.cpp +@@ -298,7 +298,7 @@ STDMETHODIMP CHandler::GetArchivePropert + + AString res; + +- bool numMethods = 0; ++ unsigned numMethods = 0; + for (unsigned i = 0; i < ARRAY_SIZE(k_Methods); i++) + { + if (methodMask & ((UInt32)1 << i)) diff --git a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb index 13479a90fe..79677c6487 100644 --- a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb +++ b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb @@ -9,6 +9,9 @@ SRC_URI = "http://downloads.sourceforge.net/p7zip/p7zip/${PV}/p7zip_${PV}_src_al file://do_not_override_compiler_and_do_not_strip.patch \ file://CVE-2017-17969.patch \ file://0001-Fix-narrowing-errors-Wc-11-narrowing.patch \ + file://change_numMethods_from_bool_to_unsigned.patch \ + file://CVE-2018-5996.patch \ + file://CVE-2016-9296.patch \ " SRC_URI[md5sum] = "a0128d661cfe7cc8c121e73519c54fbf" @@ -16,10 +19,26 @@ SRC_URI[sha256sum] = "5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6 S = "${WORKDIR}/${BPN}_${PV}" +do_compile_append() { + oe_runmake 7z +} +FILES_${PN} += "${libdir}/* ${bindir}/7z" + +FILES_SOLIBSDEV = "" +INSANE_SKIP_${PN} += "dev-so" + do_install() { install -d ${D}${bindir} - install -m 0755 ${S}/bin/* ${D}${bindir} + install -d ${D}${bindir}/Codecs + install -d ${D}${libdir} + install -d ${D}${libdir}/Codecs + install -m 0755 ${S}/bin/7za ${D}${bindir} ln -s 7za ${D}${bindir}/7z + install -m 0755 ${S}/bin/Codecs/* ${D}${libdir}/Codecs/ + install -m 0755 ${S}/bin/7z.so ${D}${libdir}/lib7z.so } -BBCLASSEXTEND = "native" +RPROVIDES_${PN} += "lib7z.so()(64bit) 7z lib7z.so" +RPROVIDES_${PN}-dev += "lib7z.so()(64bit) 7z lib7z.so" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-oe/recipes-extended/p8platform/p8platform_git.bb b/meta-oe/recipes-extended/p8platform/p8platform_git.bb index 0690d4ba3c..2e52caeffa 100644 --- a/meta-oe/recipes-extended/p8platform/p8platform_git.bb +++ b/meta-oe/recipes-extended/p8platform/p8platform_git.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://src/os.h;md5=752555fa94e82005d45fd201fee5bd33" PV = "2.1.0.1" -SRC_URI = "git://github.com/Pulse-Eight/platform.git \ +SRC_URI = "git://github.com/Pulse-Eight/platform.git;branch=master;protocol=https \ file://0001-Make-resulting-cmake-config-relocatable.patch" SRCREV = "2d90f98620e25f47702c9e848380c0d93f29462b" diff --git a/meta-oe/recipes-extended/pam/pam-plugin-ccreds_11.bb b/meta-oe/recipes-extended/pam/pam-plugin-ccreds_11.bb index 9838e75ef5..5c2af44c73 100644 --- a/meta-oe/recipes-extended/pam/pam-plugin-ccreds_11.bb +++ b/meta-oe/recipes-extended/pam/pam-plugin-ccreds_11.bb @@ -11,7 +11,7 @@ REQUIRED_DISTRO_FEATURES = "pam" SRCREV = "e2145df09469bf84878e4729b4ecd814efb797d1" -SRC_URI = "git://github.com/PADL/pam_ccreds" +SRC_URI = "git://github.com/PADL/pam_ccreds;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/pam/pam-plugin-ldapdb_1.3.bb b/meta-oe/recipes-extended/pam/pam-plugin-ldapdb_1.3.bb index 626b22fe48..5022300ba3 100644 --- a/meta-oe/recipes-extended/pam/pam-plugin-ldapdb_1.3.bb +++ b/meta-oe/recipes-extended/pam/pam-plugin-ldapdb_1.3.bb @@ -11,7 +11,7 @@ inherit features_check REQUIRED_DISTRO_FEATURES = "pam" SRCREV = "84d7b260f1ae6857ae36e014c9a5968e8aa1cbe8" -SRC_URI = "git://github.com/rmbreak/pam_ldapdb \ +SRC_URI = "git://github.com/rmbreak/pam_ldapdb;branch=master;protocol=https \ file://0001-include-stdexcept-for-std-invalid_argument.patch \ " diff --git a/meta-oe/recipes-extended/pmdk/pmdk_1.7.bb b/meta-oe/recipes-extended/pmdk/pmdk_1.7.bb index f5066da0d8..5c56a16f41 100644 --- a/meta-oe/recipes-extended/pmdk/pmdk_1.7.bb +++ b/meta-oe/recipes-extended/pmdk/pmdk_1.7.bb @@ -11,7 +11,7 @@ DEPENDS_append_libc-musl = " fts" S = "${WORKDIR}/git" -SRC_URI = "git://github.com/pmem/pmdk.git \ +SRC_URI = "git://github.com/pmem/pmdk.git;branch=master;protocol=https \ file://0001-jemalloc-jemalloc.cfg-Specify-the-host-when-building.patch \ file://0002-Makefile-Don-t-install-the-docs.patch \ file://0001-os_posix-Use-__FreeBSD__-to-control-secure_getenv-de.patch \ diff --git a/meta-oe/recipes-extended/polkit/files/CVE-2021-4034.patch b/meta-oe/recipes-extended/polkit/files/CVE-2021-4034.patch new file mode 100644 index 0000000000..cab1c83c09 --- /dev/null +++ b/meta-oe/recipes-extended/polkit/files/CVE-2021-4034.patch @@ -0,0 +1,74 @@ +From ed8b418f1341cf7fc576f6b17de5c6dd4017e034 Mon Sep 17 00:00:00 2001 +From: "Jeremy A. Puhlman" <jpuhlman@mvista.com> +Date: Thu, 27 Jan 2022 00:01:27 +0000 +Subject: [PATCH] CVE-2021-4034: Local privilege escalation in pkexec due to + incorrect handling of argument vector + +Upstream-Status: Backport https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 +CVE: CVE-2021-4034 + +Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> +--- + src/programs/pkcheck.c | 6 ++++++ + src/programs/pkexec.c | 21 ++++++++++++++++++++- + 2 files changed, 26 insertions(+), 1 deletion(-) + +diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c +index f1bb4e1..aff4f60 100644 +--- a/src/programs/pkcheck.c ++++ b/src/programs/pkcheck.c +@@ -363,6 +363,12 @@ main (int argc, char *argv[]) + local_agent_handle = NULL; + ret = 126; + ++ if (argc < 1) ++ { ++ help(); ++ exit(1); ++ } ++ + /* Disable remote file access from GIO. */ + setenv ("GIO_USE_VFS", "local", 1); + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 7698c5c..3ff4c58 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -488,6 +488,17 @@ main (int argc, char *argv[]) + pid_t pid_of_caller; + gpointer local_agent_handle; + ++ ++ /* ++ * If 'pkexec' is called wrong, just show help and bail out. ++ */ ++ if (argc<1) ++ { ++ clearenv(); ++ usage(argc, argv); ++ exit(1); ++ } ++ + ret = 127; + authority = NULL; + subject = NULL; +@@ -636,7 +647,15 @@ main (int argc, char *argv[]) + goto out; + } + g_free (path); +- argv[n] = path = s; ++ path = s; ++ ++ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. ++ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination ++ */ ++ if (argv[n] != NULL) ++ { ++ argv[n] = path; ++ } + } + if (access (path, F_OK) != 0) + { +-- +2.26.2 + diff --git a/meta-oe/recipes-extended/polkit/files/CVE-2021-4115.patch b/meta-oe/recipes-extended/polkit/files/CVE-2021-4115.patch new file mode 100644 index 0000000000..37e0d6063c --- /dev/null +++ b/meta-oe/recipes-extended/polkit/files/CVE-2021-4115.patch @@ -0,0 +1,87 @@ +From 41cb093f554da8772362654a128a84dd8a5542a7 Mon Sep 17 00:00:00 2001 +From: Jan Rybar <jrybar@redhat.com> +Date: Mon, 21 Feb 2022 08:29:05 +0000 +Subject: [PATCH] CVE-2021-4115 (GHSL-2021-077) fix + +Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7.patch] +CVE: CVE-2021-4115 +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + src/polkit/polkitsystembusname.c | 38 ++++++++++++++++++++++++++++---- + 1 file changed, 34 insertions(+), 4 deletions(-) + +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 8ed1363..2fbf5f1 100644 +--- a/src/polkit/polkitsystembusname.c ++++ b/src/polkit/polkitsystembusname.c +@@ -62,6 +62,10 @@ enum + PROP_NAME, + }; + ++ ++guint8 dbus_call_respond_fails; // has to be global because of callback ++ ++ + static void subject_iface_init (PolkitSubjectIface *subject_iface); + + G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT, +@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src, + if (!v) + { + data->caught_error = TRUE; ++ dbus_call_respond_fails += 1; + } + else + { +@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + tmp_context = g_main_context_new (); + g_main_context_push_thread_default (tmp_context); + ++ dbus_call_respond_fails = 0; ++ + /* Do two async calls as it's basically as fast as one sync call. + */ + g_dbus_connection_call (connection, +@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + on_retrieved_unix_uid_pid, + &data); + +- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) +- g_main_context_iteration (tmp_context, TRUE); ++ while (TRUE) ++ { ++ /* If one dbus call returns error, we must wait until the other call ++ * calls _call_finish(), otherwise fd leak is possible. ++ * Resolves: GHSL-2021-077 ++ */ + +- if (data.caught_error) +- goto out; ++ if ( (dbus_call_respond_fails > 1) ) ++ { ++ // we got two faults, we can leave ++ goto out; ++ } ++ ++ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid))) ++ { ++ // we got one fault and the other call finally finished, we can leave ++ goto out; ++ } ++ ++ if ( !(data.retrieved_uid && data.retrieved_pid) ) ++ { ++ g_main_context_iteration (tmp_context, TRUE); ++ } ++ else ++ { ++ break; ++ } ++ } + + if (out_uid) + *out_uid = data.uid; +-- +GitLab + diff --git a/meta-oe/recipes-extended/polkit/polkit/CVE-2021-3560.patch b/meta-oe/recipes-extended/polkit/polkit/CVE-2021-3560.patch new file mode 100644 index 0000000000..76308ffdb9 --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/CVE-2021-3560.patch @@ -0,0 +1,33 @@ +From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001 +From: Jan Rybar <jrybar@redhat.com> +Date: Wed, 2 Jun 2021 15:43:38 +0200 +Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit + +initial values returned if error caught + +CVE: CVE-2021-3560 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + src/polkit/polkitsystembusname.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 8daa12c..8ed1363 100644 +--- a/src/polkit/polkitsystembusname.c ++++ b/src/polkit/polkitsystembusname.c +@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) + g_main_context_iteration (tmp_context, TRUE); + ++ if (data.caught_error) ++ goto out; ++ + if (out_uid) + *out_uid = data.uid; + if (out_pid) +-- +2.29.2 + diff --git a/meta-oe/recipes-extended/polkit/polkit_0.116.bb b/meta-oe/recipes-extended/polkit/polkit_0.116.bb index ad1973b136..dd8e208616 100644 --- a/meta-oe/recipes-extended/polkit/polkit_0.116.bb +++ b/meta-oe/recipes-extended/polkit/polkit_0.116.bb @@ -25,6 +25,9 @@ PAM_SRC_URI = "file://polkit-1_pam.patch" SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ file://0003-make-netgroup-support-optional.patch \ + file://CVE-2021-3560.patch \ + file://CVE-2021-4034.patch \ + file://CVE-2021-4115.patch \ " SRC_URI[md5sum] = "4b37258583393e83069a0e2e89c0162a" SRC_URI[sha256sum] = "88170c9e711e8db305a12fdb8234fac5706c61969b94e084d0f117d8ec5d34b1" diff --git a/meta-oe/recipes-extended/redis/redis_5.0.9.bb b/meta-oe/recipes-extended/redis/redis_5.0.14.bb index d04293369a..3d849ec8c3 100644 --- a/meta-oe/recipes-extended/redis/redis_5.0.9.bb +++ b/meta-oe/recipes-extended/redis/redis_5.0.14.bb @@ -17,8 +17,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://GNU_SOURCE.patch \ " -SRC_URI[md5sum] = "c94523c9f4ee662027ddf90575d0e058" -SRC_URI[sha256sum] = "53d0ae164cd33536c3d4b720ae9a128ea6166ebf04ff1add3b85f1242090cb85" +SRC_URI[sha256sum] = "3ea5024766d983249e80d4aa9457c897a9f079957d0fb1f35682df233f997f32" inherit autotools-brokensep update-rc.d systemd useradd diff --git a/meta-oe/recipes-extended/rrdtool/rrdtool_1.7.2.bb b/meta-oe/recipes-extended/rrdtool/rrdtool_1.7.2.bb index 5662e63474..914b12e7ca 100644 --- a/meta-oe/recipes-extended/rrdtool/rrdtool_1.7.2.bb +++ b/meta-oe/recipes-extended/rrdtool/rrdtool_1.7.2.bb @@ -10,7 +10,7 @@ SRCREV = "56a83f4f52e6745cd4352f9ee008be3183a6dedf" PV = "1.7.2" SRC_URI = "\ - git://github.com/oetiker/rrdtool-1.x.git;branch=master;protocol=http; \ + git://github.com/oetiker/rrdtool-1.x.git;branch=master;protocol=http;protocol=https \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/rsyslog/libfastjson_0.99.8.bb b/meta-oe/recipes-extended/rsyslog/libfastjson_0.99.8.bb index b84dde3d37..3b63971e5d 100644 --- a/meta-oe/recipes-extended/rsyslog/libfastjson_0.99.8.bb +++ b/meta-oe/recipes-extended/rsyslog/libfastjson_0.99.8.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a958bb07122368f3e1d9b2efe07d231f" DEPENDS = "" -SRC_URI = "git://github.com/rsyslog/libfastjson.git;protocol=https \ +SRC_URI = "git://github.com/rsyslog/libfastjson.git;protocol=https;branch=master \ file://0001-fix-jump-misses-init-gcc-8-warning.patch" SRCREV = "4758b1caf69ada911ef79e1d80793fe489b98dff" diff --git a/meta-oe/recipes-extended/rsyslog/librelp_1.5.0.bb b/meta-oe/recipes-extended/rsyslog/librelp_1.5.0.bb index a4663148cd..9da9d7c96c 100644 --- a/meta-oe/recipes-extended/rsyslog/librelp_1.5.0.bb +++ b/meta-oe/recipes-extended/rsyslog/librelp_1.5.0.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1fb9c10ed9fd6826757615455ca893a9" DEPENDS = "gmp nettle libidn zlib gnutls openssl" -SRC_URI = "git://github.com/rsyslog/librelp.git;protocol=https \ +SRC_URI = "git://github.com/rsyslog/librelp.git;protocol=https;branch=master \ " SRCREV = "0beb2258e12e4131dc31e261078ea53d18f787d7" diff --git a/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb b/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb index ffd46da0af..e720d3e5c8 100644 --- a/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb +++ b/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://../README.license;md5=60487bf0bf429d6b5aa72b6d37a0eb2 PV .= "+git${SRCPV}" -SRC_URI = "git://pagure.io/sanlock.git;protocol=http \ +SRC_URI = "git://pagure.io/sanlock.git;protocol=http;branch=master \ file://0001-sanlock-Replace-cp-a-with-cp-R-no-dereference-preser.patch;patchdir=../ \ " SRCREV = "cff348800722f7dadf030ffe7494c2df714996e3" diff --git a/meta-oe/recipes-extended/sedutil/sedutil_git.bb b/meta-oe/recipes-extended/sedutil/sedutil_git.bb index 765618433b..03446c324d 100644 --- a/meta-oe/recipes-extended/sedutil/sedutil_git.bb +++ b/meta-oe/recipes-extended/sedutil/sedutil_git.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://Common/LICENSE.txt;md5=d32239bcb673463ab874e80d47fae5 BASEPV = "1.15.1" PV = "${BASEPV}+git${SRCPV}" SRCREV = "358cc758948be788284d5faba46ccf4cc1813796" -SRC_URI = "git://github.com/Drive-Trust-Alliance/sedutil.git \ +SRC_URI = "git://github.com/Drive-Trust-Alliance/sedutil.git;branch=master;protocol=https \ file://0001-Fix-build-on-big-endian-architectures.patch \ " diff --git a/meta-oe/recipes-extended/socketcan/can-isotp_git.bb b/meta-oe/recipes-extended/socketcan/can-isotp_git.bb index e40e1cd263..7d016bc963 100644 --- a/meta-oe/recipes-extended/socketcan/can-isotp_git.bb +++ b/meta-oe/recipes-extended/socketcan/can-isotp_git.bb @@ -3,7 +3,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=72d977d697c3c05830fdff00a7448931" SRCREV = "b31bce98d65f894aad6427bcf6f3f7822e261a59" PV = "1.0+git${SRCPV}" -SRC_URI = "git://github.com/hartkopp/can-isotp.git;protocol=https" +SRC_URI = "git://github.com/hartkopp/can-isotp.git;protocol=https;branch=master" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/socketcan/can-utils_git.bb b/meta-oe/recipes-extended/socketcan/can-utils_git.bb index 519368817f..92b38030fe 100644 --- a/meta-oe/recipes-extended/socketcan/can-utils_git.bb +++ b/meta-oe/recipes-extended/socketcan/can-utils_git.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://include/linux/can.h;endline=44;md5=a9e1169c6c9a114a61 DEPENDS = "libsocketcan" -SRC_URI = "git://github.com/linux-can/${BPN}.git;protocol=git" +SRC_URI = "git://github.com/linux-can/${BPN}.git;protocol=https;branch=master" SRCREV = "da65fdfe0d1986625ee00af0b56ae17ec132e700" diff --git a/meta-oe/recipes-extended/socketcan/canutils_4.0.6.bb b/meta-oe/recipes-extended/socketcan/canutils_4.0.6.bb index e1508af857..56466a6cd2 100644 --- a/meta-oe/recipes-extended/socketcan/canutils_4.0.6.bb +++ b/meta-oe/recipes-extended/socketcan/canutils_4.0.6.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" DEPENDS = "libsocketcan" SRCREV = "299dff7f5322bf0348dcdd60071958ebedf5f09d" -SRC_URI = "git://git.pengutronix.de/git/tools/canutils.git;protocol=git \ +SRC_URI = "git://git.pengutronix.de/git/tools/canutils.git;protocol=git;branch=master \ file://0001-canutils-candump-Add-error-frame-s-handling.patch \ " diff --git a/meta-oe/recipes-extended/socketcan/libsocketcan_0.0.11.bb b/meta-oe/recipes-extended/socketcan/libsocketcan_0.0.11.bb index 0debe47e03..6a44cff93d 100644 --- a/meta-oe/recipes-extended/socketcan/libsocketcan_0.0.11.bb +++ b/meta-oe/recipes-extended/socketcan/libsocketcan_0.0.11.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://src/libsocketcan.c;beginline=3;endline=17;md5=97e38ad SRCREV = "0ff01ae7e4d271a7b81241e7a7026bfcea0add3f" -SRC_URI = "git://git.pengutronix.de/git/tools/libsocketcan.git;protocol=git" +SRC_URI = "git://git.pengutronix.de/git/tools/libsocketcan.git;protocol=git;branch=master" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/sysdig/sysdig_git.bb b/meta-oe/recipes-extended/sysdig/sysdig_git.bb index 04a022af4f..b06340f82f 100644 --- a/meta-oe/recipes-extended/sysdig/sysdig_git.bb +++ b/meta-oe/recipes-extended/sysdig/sysdig_git.bb @@ -15,10 +15,10 @@ JIT_mipsarchn64 = "" JIT_riscv64 = "" JIT_riscv32 = "" -DEPENDS += "lua${JIT} zlib c-ares grpc-native grpc curl ncurses jsoncpp tbb jq openssl elfutils protobuf protobuf-native jq-native" +DEPENDS += "libb64 lua${JIT} zlib c-ares grpc-native grpc curl ncurses jsoncpp tbb jq openssl elfutils protobuf protobuf-native jq-native" RDEPENDS_${PN} = "bash" -SRC_URI = "git://github.com/draios/sysdig.git;branch=dev \ +SRC_URI = "git://github.com/draios/sysdig.git;branch=dev;protocol=https \ file://0001-fix-build-with-LuaJIT-2.1-betas.patch \ file://0001-Fix-build-with-musl-backtrace-APIs-are-glibc-specifi.patch \ file://fix-uint64-const.patch \ @@ -32,7 +32,6 @@ S = "${WORKDIR}/git" EXTRA_OECMAKE = "\ -DBUILD_DRIVER=OFF \ -DUSE_BUNDLED_DEPS=OFF \ - -DUSE_BUNDLED_B64=ON \ -DCREATE_TEST_TARGETS=OFF \ -DDIR_ETC=${sysconfdir} \ -DLUA_INCLUDE_DIR=${STAGING_INCDIR}/luajit-2.1 \ diff --git a/meta-oe/recipes-extended/tipcutils/tipcutils_git.bb b/meta-oe/recipes-extended/tipcutils/tipcutils_git.bb index 637770af24..c9d9fb5729 100644 --- a/meta-oe/recipes-extended/tipcutils/tipcutils_git.bb +++ b/meta-oe/recipes-extended/tipcutils/tipcutils_git.bb @@ -2,7 +2,7 @@ SUMMARY = "Transparent Inter-Process Communication protocol" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://tipclog/tipc.h;endline=35;md5=985b6ea8735818511d276c1b466cce98" -SRC_URI = "git://git.code.sf.net/p/tipc/tipcutils \ +SRC_URI = "git://git.code.sf.net/p/tipc/tipcutils;branch=master \ file://0001-include-sys-select.h-for-FD_-definitions.patch \ file://0002-replace-non-standard-uint-with-unsigned-int.patch \ file://0001-multicast_blast-tipcc-Fix-struct-type-for-TIPC_GROUP.patch \ diff --git a/meta-oe/recipes-extended/triggerhappy/triggerhappy_git.bb b/meta-oe/recipes-extended/triggerhappy/triggerhappy_git.bb index 38ce4f5571..c62cef36d3 100644 --- a/meta-oe/recipes-extended/triggerhappy/triggerhappy_git.bb +++ b/meta-oe/recipes-extended/triggerhappy/triggerhappy_git.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" # matches debian/0.5.0-1 tag SRCREV = "44a173195986d0d853316cb02a58785ded66c12b" PV = "0.5.0+git${SRCPV}" -SRC_URI = "git://github.com/wertarbyte/${BPN}.git;branch=debian" +SRC_URI = "git://github.com/wertarbyte/${BPN}.git;branch=debian;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/upm/upm_git.bb b/meta-oe/recipes-extended/upm/upm_git.bb index 6a7611f382..7643d13e25 100644 --- a/meta-oe/recipes-extended/upm/upm_git.bb +++ b/meta-oe/recipes-extended/upm/upm_git.bb @@ -10,7 +10,7 @@ DEPENDS = "libjpeg-turbo mraa" SRCREV = "5cf20df96c6b35c19d5b871ba4e319e96b4df72d" PV = "2.0.0+git${SRCPV}" -SRC_URI = "git://github.com/eclipse/${BPN}.git;protocol=http \ +SRC_URI = "git://github.com/eclipse/${BPN}.git;protocol=http;branch=master;protocol=https \ file://0001-CMakeLists.txt-Use-SWIG_SUPPORT_FILES-to-find-the-li.patch \ file://0001-Use-stdint-types.patch \ file://0001-initialize-local-variables-before-use.patch \ diff --git a/meta-oe/recipes-extended/wipe/wipe_0.24.bb b/meta-oe/recipes-extended/wipe/wipe_0.24.bb index 831d514a4e..3ccc5afd5c 100644 --- a/meta-oe/recipes-extended/wipe/wipe_0.24.bb +++ b/meta-oe/recipes-extended/wipe/wipe_0.24.bb @@ -9,7 +9,7 @@ HOMEPAGE = "http://lambda-diode.com/software/wipe/" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://GPL;md5=0636e73ff0215e8d672dc4c32c317bb3" -SRC_URI = "git://github.com/berke/wipe.git;branch=master \ +SRC_URI = "git://github.com/berke/wipe.git;branch=master;protocol=https \ file://support-cross-compile-for-linux.patch \ file://makefile-add-ldflags.patch \ " diff --git a/meta-oe/recipes-extended/wxwidgets/wxwidgets_git.bb b/meta-oe/recipes-extended/wxwidgets/wxwidgets_git.bb index 06337b79c7..8f766ac877 100644 --- a/meta-oe/recipes-extended/wxwidgets/wxwidgets_git.bb +++ b/meta-oe/recipes-extended/wxwidgets/wxwidgets_git.bb @@ -21,7 +21,7 @@ DEPENDS += " \ tiff \ " -SRC_URI = "git://github.com/wxWidgets/wxWidgets.git" +SRC_URI = "git://github.com/wxWidgets/wxWidgets.git;branch=master;protocol=https" PV = "3.1.3" SRCREV= "8a40d23b27ed1c80b5a2ca9f7e8461df4fbc1a31" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/zlog/zlog_1.2.14.bb b/meta-oe/recipes-extended/zlog/zlog_1.2.14.bb index b94664c33c..eddf1ed960 100644 --- a/meta-oe/recipes-extended/zlog/zlog_1.2.14.bb +++ b/meta-oe/recipes-extended/zlog/zlog_1.2.14.bb @@ -4,7 +4,7 @@ LICENSE = "LGPLv2.1" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SRCREV = "8fc78c3c65cb705953a2f3f9a813c3ef3c8b2270" -SRC_URI = "git://github.com/HardySimpson/zlog" +SRC_URI = "git://github.com/HardySimpson/zlog;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/zstd/zstd_1.4.5.bb b/meta-oe/recipes-extended/zstd/zstd_1.4.5.bb index cd0b471e17..0c564c0d1c 100644 --- a/meta-oe/recipes-extended/zstd/zstd_1.4.5.bb +++ b/meta-oe/recipes-extended/zstd/zstd_1.4.5.bb @@ -9,7 +9,7 @@ LICENSE = "BSD-3-Clause & GPLv2" LIC_FILES_CHKSUM = "file://LICENSE;md5=c7f0b161edbe52f5f345a3d1311d0b32 \ file://COPYING;md5=39bba7d2cf0ba1036f2a6e2be52fe3f0" -SRC_URI = "git://github.com/facebook/zstd.git;nobranch=1 \ +SRC_URI = "git://github.com/facebook/zstd.git;branch=dev;protocol=https \ file://0001-Fix-legacy-build-after-2103.patch \ " |