aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb (renamed from meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb)3
-rw-r--r--meta-gnome/recipes-gnome/tracker/tracker_3.3.2.bb (renamed from meta-gnome/recipes-gnome/tracker/tracker_3.3.0.bb)2
-rw-r--r--meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb2
-rw-r--r--meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb39
-rw-r--r--meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb2
-rw-r--r--meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch27
-rw-r--r--meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb1
-rw-r--r--meta-networking/recipes-protocols/openflow/openflow.inc9
-rw-r--r--meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb4
-rw-r--r--meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb2
-rw-r--r--meta-networking/recipes-support/chrony/chrony_4.2.bb4
-rw-r--r--meta-networking/recipes-support/ndisc6/ndisc6_1.0.6.bb (renamed from meta-networking/recipes-support/ndisc6/ndisc6_git.bb)3
-rw-r--r--meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb26
-rw-r--r--meta-networking/recipes-support/spice/spice_git.bb6
-rw-r--r--meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch31
-rw-r--r--meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch92
-rw-r--r--meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb (renamed from meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb)4
-rw-r--r--meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch24
-rw-r--r--meta-networking/recipes-support/stunnel/stunnel_5.65.bb (renamed from meta-networking/recipes-support/stunnel/stunnel_5.63.bb)2
-rw-r--r--meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb (renamed from meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb)2
-rw-r--r--meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb6
-rw-r--r--meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb4
-rw-r--r--meta-oe/recipes-connectivity/modemmanager/files/0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch42
-rw-r--r--meta-oe/recipes-connectivity/modemmanager/files/0002-fcc-unlock-Make-scripts-POSIX-shell-compatible.patch100
-rw-r--r--meta-oe/recipes-connectivity/modemmanager/modemmanager_1.18.8.bb (renamed from meta-oe/recipes-connectivity/modemmanager/modemmanager_1.18.6.bb)5
-rw-r--r--meta-oe/recipes-connectivity/thrift/thrift_0.16.0.bb2
-rw-r--r--meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb (renamed from meta-oe/recipes-connectivity/zabbix/zabbix_5.2.6.bb)6
-rw-r--r--meta-oe/recipes-core/emlog/emlog_git.bb11
-rw-r--r--meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch6
-rw-r--r--meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb (renamed from meta-oe/recipes-dbs/postgresql/postgresql_14.3.bb)6
-rw-r--r--meta-oe/recipes-devtools/php/php_8.1.8.bb (renamed from meta-oe/recipes-devtools/php/php_8.1.6.bb)8
-rw-r--r--meta-oe/recipes-devtools/protobuf/protobuf-c_1.4.1.bb (renamed from meta-oe/recipes-devtools/protobuf/protobuf-c_1.4.0.bb)4
-rw-r--r--meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb4
-rw-r--r--meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb7
-rw-r--r--meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb6
-rw-r--r--meta-oe/recipes-extended/redis/redis/GNU_SOURCE.patch14
-rw-r--r--meta-oe/recipes-extended/redis/redis_6.2.7.bb (renamed from meta-oe/recipes-extended/redis/redis_6.2.6.bb)2
-rw-r--r--meta-oe/recipes-extended/redis/redis_7.0.4.bb (renamed from meta-oe/recipes-extended/redis/redis_7.0-rc3.bb)2
-rw-r--r--meta-oe/recipes-extended/rsyslog/rsyslog_8.2206.0.bb (renamed from meta-oe/recipes-extended/rsyslog/rsyslog_8.2202.0.bb)2
-rw-r--r--meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb4
-rw-r--r--meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb4
-rw-r--r--meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb4
-rw-r--r--meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb4
-rw-r--r--meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb4
-rw-r--r--meta-oe/recipes-support/atop/atop_2.4.0.bb4
-rw-r--r--meta-oe/recipes-support/emacs/emacs_27.2.bb4
-rw-r--r--meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb8
-rw-r--r--meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb5
-rw-r--r--meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.systemd2
-rw-r--r--meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.sysvinit2
-rw-r--r--meta-python/recipes-devtools/python/python3-lxml/CVE-2022-2309.patch99
-rw-r--r--meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb3
-rw-r--r--meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch8
-rw-r--r--meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb (renamed from meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb)2
-rw-r--r--meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb9
-rw-r--r--meta-xfce/recipes-xfce/exo/exo_4.16.4.bb (renamed from meta-xfce/recipes-xfce/exo/exo_4.16.3.bb)2
56 files changed, 408 insertions, 282 deletions
diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb
index c77028785..b29716ad4 100644
--- a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb
@@ -10,8 +10,7 @@ SRC_URI = "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \
file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \
"
S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
-SRC_URI[md5sum] = "90da343e78877d388eb34cefae6799ae"
-SRC_URI[sha256sum] = "55b883aa05d94b2ec746ef3966cb41e66bed6db99f22ddd41d1b8b94bb202efb"
+SRC_URI[sha256sum] = "0489fbb6972581e1b417ab578d543f6ae522e7fa648c3c9b49c789510fd5eb93"
UPSTREAM_CHECK_URI = "https://www.tuxera.com/community/open-source-ntfs-3g/"
UPSTREAM_CHECK_REGEX = "ntfs-3g_ntfsprogs-(?P<pver>\d+(\.\d+)+)\.tgz"
diff --git a/meta-gnome/recipes-gnome/tracker/tracker_3.3.0.bb b/meta-gnome/recipes-gnome/tracker/tracker_3.3.2.bb
index bb2396af7..eaa0e065d 100644
--- a/meta-gnome/recipes-gnome/tracker/tracker_3.3.0.bb
+++ b/meta-gnome/recipes-gnome/tracker/tracker_3.3.2.bb
@@ -22,7 +22,7 @@ GNOMEBASEBUILDCLASS = "meson"
inherit gnomebase gsettings gobject-introspection vala gtk-doc manpages bash-completion features_check python3native
-SRC_URI[archive.sha256sum] = "0706f96fe7f95df42acec812c1de7b4593a0d648321ca83506a9d71e22417bda"
+SRC_URI[archive.sha256sum] = "0ed2b98918956d6f16429c607dd8a14c84f4da0a48970fd2eb8c93aba3cf9913"
# gobject-introspection is mandatory and cannot be configured
REQUIRED_DISTRO_FEATURES = "gobject-introspection-data"
diff --git a/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb b/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb
index b848b820c..cb919d79e 100644
--- a/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb
+++ b/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb
@@ -3,7 +3,7 @@ LICENSE = "CC-BY-3.0"
# http://www.bigbuckbunny.org/index.php/about/
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/CC-BY-3.0;md5=dfa02b5755629022e267f10b9c0a2ab7"
-SRC_URI = "https://www.mediaspip.net/IMG/avi/big_buck_bunny_1080p_surround.avi"
+SRC_URI = "http://www.peach.themazzone.com/big_buck_bunny_1080p_surround.avi"
SRC_URI[md5sum] = "223991c8b33564eb77988a4c13c1c76a"
SRC_URI[sha256sum] = "69fe2cfe7154a6e752688e3a0d7d6b07b1605bbaf75b56f6470dc7b4c20c06ea"
diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
index da7e60419..d6477e340 100644
--- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
+++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
@@ -34,8 +34,15 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0
file://check-openssl-cmds-in-script-bootstrap.patch \
"
+raddbdir="${sysconfdir}/${MLPREFIX}raddb"
+
SRCREV = "af428abda249b2279ba0582180985a9f6f4a144a"
+CVE_CHECK_IGNORE = "\
+ CVE-2002-0318 \
+ CVE-2011-4966 \
+"
+
PARALLEL_MAKE = ""
S = "${WORKDIR}/git"
@@ -48,6 +55,7 @@ EXTRA_OECONF = " --enable-strict-dependencies \
--with-docdir=${docdir}/freeradius-${PV} \
--with-openssl-includes=${STAGING_INCDIR} \
--with-openssl-libraries=${STAGING_LIBDIR} \
+ --with-raddbdir=${raddbdir} \
--without-rlm_ippool \
--without-rlm_cache_memcached \
--without-rlm_counter \
@@ -98,7 +106,9 @@ PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl"
PACKAGECONFIG[rlm-eap-fast] = "--with-rlm_eap_fast, --without-rlm_eap_fast"
PACKAGECONFIG[rlm-eap-pwd] = "--with-rlm_eap_pwd, --without-rlm_eap_pwd"
-inherit useradd autotools-brokensep update-rc.d systemd
+inherit useradd autotools-brokensep update-rc.d systemd multilib_script multilib_header
+
+MULTILIB_SCRIPTS = "${PN}:${sbindir}/checkrad"
# This is not a cpan or python based package, but it needs some definitions
# from cpan-base and python3-dir bbclasses for building rlm_perl and rlm_python
@@ -141,7 +151,7 @@ do_install() {
oe_runmake install R=${D} INSTALLSTRIP=""
# remove unsupported config files
- rm -f ${D}/${sysconfdir}/raddb/experimental.conf
+ rm -f ${D}/${raddbdir}/experimental.conf
# remove scripts that required Perl(DBI)
rm -rf ${D}/${bindir}/radsqlrelay
@@ -153,7 +163,7 @@ do_install() {
rm -rf ${D}/${localstatedir}/log/
install -m 0644 ${WORKDIR}/volatiles.58_radiusd ${D}${sysconfdir}/default/volatiles/58_radiusd
- chown -R radiusd:radiusd ${D}/${sysconfdir}/raddb/
+ chown -R radiusd:radiusd ${D}/${raddbdir}
chown -R radiusd:radiusd ${D}/${localstatedir}/lib/radiusd
# For systemd
@@ -169,6 +179,9 @@ do_install() {
install -d ${D}${sysconfdir}/tmpfiles.d/
install -m 0644 ${WORKDIR}/radiusd-volatiles.conf ${D}${sysconfdir}/tmpfiles.d/radiusd.conf
fi
+ oe_multilib_header freeradius/autoconf.h
+ oe_multilib_header freeradius/missing.h
+ oe_multilib_header freeradius/radpaths.h
}
# This is only needed when we install/update on a running target.
@@ -183,7 +196,7 @@ pkg_postinst:${PN} () {
fi
# Fix ownership for /etc/raddb/*, /var/lib/radiusd
- chown -R radiusd:radiusd ${sysconfdir}/raddb
+ chown -R radiusd:radiusd ${raddbdir}
chown -R radiusd:radiusd ${localstatedir}/lib/radiusd
fi
}
@@ -204,30 +217,30 @@ PACKAGES =+ "${PN}-utils ${PN}-ldap ${PN}-krb5 ${PN}-perl \
FILES:${PN}-utils = "${bindir}/*"
FILES:${PN}-ldap = "${libdir}/rlm_ldap.so* \
- ${sysconfdir}/raddb/mods-available/ldap \
+ ${raddbdir}/mods-available/ldap \
"
FILES:${PN}-krb5 = "${libdir}/rlm_krb5.so* \
- ${sysconfdir}/raddb/mods-available/krb5 \
+ ${raddbdir}/mods-available/krb5 \
"
FILES:${PN}-perl = "${libdir}/rlm_perl.so* \
- ${sysconfdir}/raddb/mods-config/perl \
- ${sysconfdir}/raddb/mods-available/perl \
+ ${raddbdir}/mods-config/perl \
+ ${raddbdir}/mods-available/perl \
"
FILES:${PN}-python = "${libdir}/rlm_python3.so* \
- ${sysconfdir}/raddb/mods-config/python3 \
- ${sysconfdir}/raddb/mods-available/python3 \
+ ${raddbdir}/mods-config/python3 \
+ ${raddbdir}/mods-available/python3 \
"
FILES:${PN}-mysql = "${libdir}/rlm_sql_mysql.so* \
- ${sysconfdir}/raddb/mods-config/sql/*/mysql \
- ${sysconfdir}/raddb/mods-available/sql \
+ ${raddbdir}/mods-config/sql/*/mysql \
+ ${raddbdir}/mods-available/sql \
"
FILES:${PN}-postgresql = "${libdir}/rlm_sql_postgresql.so* \
- ${sysconfdir}/raddb/mods-config/sql/*/postgresql \
+ ${raddbdir}/mods-config/sql/*/postgresql \
"
FILES:${PN}-unixodbc = "${libdir}/rlm_sql_unixodbc.so*"
diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
index 6c665d53b..e3b1296a6 100644
--- a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
+++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
@@ -83,7 +83,7 @@ PACKAGECONFIG[bluez5] = "-Dbluez5_dun=true,-Dbluez5_dun=false,bluez5"
# consolekit is not picked by shlibs, so add it to RDEPENDS too
PACKAGECONFIG[consolekit] = "-Dsession_tracking_consolekit=true,-Dsession_tracking_consolekit=false,consolekit,consolekit"
PACKAGECONFIG[modemmanager] = "-Dmodem_manager=true,-Dmodem_manager=false,modemmanager mobile-broadband-provider-info"
-PACKAGECONFIG[ppp] = "-Dppp=true,-Dppp=false,ppp,ppp"
+PACKAGECONFIG[ppp] = "-Dppp=true -Dpppd=/usr/sbin/pppd,-Dppp=false,ppp,ppp"
PACKAGECONFIG[dnsmasq] = "-Ddnsmasq=${bindir}/dnsmasq"
PACKAGECONFIG[nss] = "-Dcrypto=nss,,nss"
PACKAGECONFIG[resolvconf] = "-Dresolvconf=${base_sbindir}/resolvconf,-Dresolvconf=no,,resolvconf"
diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch
new file mode 100644
index 000000000..3d67f4741
--- /dev/null
+++ b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch
@@ -0,0 +1,27 @@
+From 078f98ea154475d953ce5b7cd851732f4dc270a7 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Tue, 5 Jul 2022 09:31:07 +0530
+Subject: [PATCH] CVE-2022-24407
+
+Upstream-Status: Backport [https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc]
+CVE: CVE-2022-24407
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ plugins/sql.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/plugins/sql.c b/plugins/sql.c
+index 6ac81c2f..d90dbac9 100644
+--- a/plugins/sql.c
++++ b/plugins/sql.c
+@@ -1127,6 +1127,7 @@ static int sql_auxprop_lookup(void *glob_context,
+ done:
+ if (escap_userid) sparams->utils->free(escap_userid);
+ if (escap_realm) sparams->utils->free(escap_realm);
++ if (escap_passwd) sparams->utils->free(escap_passwd);
+ if (conn) settings->sql_engine->sql_close(conn);
+ if (userid) sparams->utils->free(userid);
+ if (realm) sparams->utils->free(realm);
+--
+2.25.1
+
diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb
index 98899dfd5..e344733ef 100644
--- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb
+++ b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=cyrus-sas
file://saslauthd.service \
file://saslauthd.conf \
file://CVE-2019-19906.patch \
+ file://CVE-2022-24407.patch \
"
UPSTREAM_CHECK_URI = "https://github.com/cyrusimap/cyrus-sasl/archives"
diff --git a/meta-networking/recipes-protocols/openflow/openflow.inc b/meta-networking/recipes-protocols/openflow/openflow.inc
index 15eb65ad3..aaad0e00e 100644
--- a/meta-networking/recipes-protocols/openflow/openflow.inc
+++ b/meta-networking/recipes-protocols/openflow/openflow.inc
@@ -13,6 +13,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=e870c934e2c3d6ccf085fd7cf0a1e2e2"
SRC_URI = "git://gitosis.stanford.edu/openflow.git;protocol=git;branch=master"
+CVE_CHECK_IGNORE = "\
+ CVE-2015-1611 \
+ CVE-2015-1612 \
+"
+
DEPENDS = "virtual/libc"
PACKAGECONFIG ??= ""
@@ -53,3 +58,7 @@ do_install:append() {
}
FILES:${PN} += "${nonarch_libdir}/tmpfiles.d"
+
+# This CVE is not for this product but cve-check assumes it is
+# because two CPE collides when checking the NVD database
+CVE_CHECK_IGNORE = "CVE-2018-1078"
diff --git a/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb b/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
index a7697a1ae..984264a30 100644
--- a/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
+++ b/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
@@ -2,3 +2,7 @@ require quagga.inc
SRC_URI[md5sum] = "eced21b054d71c9e1b7c6ac43286a166"
SRC_URI[sha256sum] = "e364c082c3309910e1eb7b068bf39ee298e2f2f3f31a6431a5c115193bd653d3"
+
+CVE_CHECK_IGNORE += "\
+ CVE-2016-4049 \
+"
diff --git a/meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb b/meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb
index 4f8e4d428..dcfa7406d 100644
--- a/meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb
+++ b/meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb
@@ -23,3 +23,5 @@ PACKAGECONFIG[inet] = "--enable-inet,--disable-inet,"
PACKAGECONFIG[inet6] = "--enable-inet6,--disable-inet6,"
EXTRA_OECONF += "--disable-debug"
+
+CVE_VERSION = "0.9.3.0"
diff --git a/meta-networking/recipes-support/chrony/chrony_4.2.bb b/meta-networking/recipes-support/chrony/chrony_4.2.bb
index 57dd635dc..8ce9e1db5 100644
--- a/meta-networking/recipes-support/chrony/chrony_4.2.bb
+++ b/meta-networking/recipes-support/chrony/chrony_4.2.bb
@@ -126,6 +126,10 @@ do_install() {
${D}${systemd_unitdir}/system/chronyd.service
sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${sysconfdir}/init.d/chronyd
sed -i 's!^EnvironmentFile=.*!EnvironmentFile=-${sysconfdir}/default/chronyd!' ${D}${systemd_unitdir}/system/chronyd.service
+
+ install -d ${D}${sysconfdir}/tmpfiles.d
+ echo "d /var/lib/chrony 0755 root root -" > ${D}${sysconfdir}/tmpfiles.d/chronyd.conf
+
}
FILES:${PN} = "${sbindir}/chronyd ${sysconfdir} ${localstatedir}/lib/chrony ${localstatedir}"
diff --git a/meta-networking/recipes-support/ndisc6/ndisc6_git.bb b/meta-networking/recipes-support/ndisc6/ndisc6_1.0.6.bb
index f5467794e..6861314a0 100644
--- a/meta-networking/recipes-support/ndisc6/ndisc6_git.bb
+++ b/meta-networking/recipes-support/ndisc6/ndisc6_1.0.6.bb
@@ -5,8 +5,7 @@ HOMEPAGE = "http://www.remlab.net/ndisc6/"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
-PV = "1.0.5"
-SRCREV = "b706f5f01aa82aa0db678fffd15a1527f330c507"
+SRCREV = "7e314b23329f9c24c4c097b8513673fed7e7158a"
SRC_URI = "git://git.remlab.net/git/ndisc6.git;protocol=http;branch=master \
file://0001-autogen-Do-not-symlink-gettext.h-from-build-host.patch \
"
diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
index fe2bd0773..a30f720bb 100644
--- a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
+++ b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
@@ -29,7 +29,31 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g
SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19"
# CVE-2016-9312 is only for windows.
-CVE_CHECK_IGNORE += "CVE-2016-9312"
+# The other CVEs are not correctly identified because cve-check
+# is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference)
+CVE_CHECK_IGNORE += "\
+ CVE-2016-9312 \
+ CVE-2015-5146 \
+ CVE-2015-5300 \
+ CVE-2015-7975 \
+ CVE-2015-7976 \
+ CVE-2015-7977 \
+ CVE-2015-7978 \
+ CVE-2015-7979 \
+ CVE-2015-8138 \
+ CVE-2015-8139 \
+ CVE-2015-8140 \
+ CVE-2015-8158 \
+ CVE-2016-1547 \
+ CVE-2016-2516 \
+ CVE-2016-2517 \
+ CVE-2016-2519 \
+ CVE-2016-7429 \
+ CVE-2016-7433 \
+ CVE-2016-9310 \
+ CVE-2016-9311 \
+"
+
inherit autotools update-rc.d useradd systemd pkgconfig
diff --git a/meta-networking/recipes-support/spice/spice_git.bb b/meta-networking/recipes-support/spice/spice_git.bb
index d9083bcbe..1887a5582 100644
--- a/meta-networking/recipes-support/spice/spice_git.bb
+++ b/meta-networking/recipes-support/spice/spice_git.bb
@@ -30,6 +30,12 @@ SRC_URI = " \
S = "${WORKDIR}/git"
+CVE_CHECK_IGNORE += "\
+ CVE-2016-0749 \
+ CVE-2016-2150 \
+ CVE-2018-10893 \
+"
+
inherit autotools gettext python3native python3-dir pkgconfig
DEPENDS += "spice-protocol jpeg pixman alsa-lib glib-2.0 python3-pyparsing-native python3-six-native glib-2.0-native"
diff --git a/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch b/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch
new file mode 100644
index 000000000..e730fe1cd
--- /dev/null
+++ b/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch
@@ -0,0 +1,31 @@
+From d23c0ea81e630af3cfda89aeeb52146c0c84c960 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Mon, 2 May 2022 09:31:49 +0200
+Subject: [PATCH] enum: Fix compiler warning
+
+Closes strongswan/strongswan#1025
+
+Upstream-Status: Backport
+[https://github.com/strongswan/strongswan/commit/d23c0ea81e630af3cfda89aeeb52146c0c84c960]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/libstrongswan/utils/enum.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libstrongswan/utils/enum.c b/src/libstrongswan/utils/enum.c
+index 79da450f0c..1e77489f6f 100644
+--- a/src/libstrongswan/utils/enum.c
++++ b/src/libstrongswan/utils/enum.c
+@@ -97,7 +97,7 @@ char *enum_flags_to_string(enum_name_t *e, u_int val, char *buf, size_t len)
+ return buf;
+ }
+
+- if (snprintf(buf, len, e->names[0]) >= len)
++ if (snprintf(buf, len, "%s", e->names[0]) >= len)
+ {
+ return NULL;
+ }
+--
+2.25.1
+
diff --git a/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch b/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch
deleted file mode 100644
index 7da48cd2c..000000000
--- a/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From 3eecd40cec6415fc033f8d9141ab652047e71524 Mon Sep 17 00:00:00 2001
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Wed, 23 Feb 2022 17:29:02 +0100
-Subject: [PATCH] openssl: Don't unload providers
-
-There is a conflict between atexit() handlers registered by OpenSSL and
-some executables (e.g. swanctl or pki) to deinitialize libstrongswan.
-Because plugins are usually loaded after atexit() has been called, the
-handler registered by OpenSSL will run before our handler. So when the
-latter destroys the plugins it's a bad idea to try to access any OpenSSL
-objects as they might already be invalid.
-
-Fixes: f556fce16b60 ("openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.")
-Closes strongswan/strongswan#921
-
-Upstream-Status: Backport
-[https://github.com/strongswan/strongswan/commit/3eecd40cec6415fc033f8d9141ab652047e71524]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- .../plugins/openssl/openssl_plugin.c | 27 +++----------------
- 1 file changed, 3 insertions(+), 24 deletions(-)
-
-diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
-index 6b4923649..1491d5cf8 100644
---- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
-@@ -16,7 +16,6 @@
-
- #include <library.h>
- #include <utils/debug.h>
--#include <collections/array.h>
- #include <threading/thread.h>
- #include <threading/mutex.h>
- #include <threading/thread_value.h>
-@@ -74,13 +73,6 @@ struct private_openssl_plugin_t {
- * public functions
- */
- openssl_plugin_t public;
--
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-- /**
-- * Loaded providers
-- */
-- array_t *providers;
--#endif
- };
-
- /**
-@@ -887,15 +879,6 @@ METHOD(plugin_t, get_features, int,
- METHOD(plugin_t, destroy, void,
- private_openssl_plugin_t *this)
- {
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-- OSSL_PROVIDER *provider;
-- while (array_remove(this->providers, ARRAY_TAIL, &provider))
-- {
-- OSSL_PROVIDER_unload(provider);
-- }
-- array_destroy(this->providers);
--#endif /* OPENSSL_VERSION_NUMBER */
--
- /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
- * can't call it as we couldn't re-initialize the library (as required by the
- * unit tests and the Android app) */
-@@ -1009,20 +992,16 @@ plugin_t *openssl_plugin_create()
- DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider");
- return NULL;
- }
-- array_insert_create(&this->providers, ARRAY_TAIL, fips);
- /* explicitly load the base provider containing encoding functions */
-- array_insert_create(&this->providers, ARRAY_TAIL,
-- OSSL_PROVIDER_load(NULL, "base"));
-+ OSSL_PROVIDER_load(NULL, "base");
- }
- else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
- TRUE, lib->ns))
- {
- /* load the legacy provider for algorithms like MD4, DES, BF etc. */
-- array_insert_create(&this->providers, ARRAY_TAIL,
-- OSSL_PROVIDER_load(NULL, "legacy"));
-+ OSSL_PROVIDER_load(NULL, "legacy");
- /* explicitly load the default provider, as mentioned by crypto(7) */
-- array_insert_create(&this->providers, ARRAY_TAIL,
-- OSSL_PROVIDER_load(NULL, "default"));
-+ OSSL_PROVIDER_load(NULL, "default");
- }
- ossl_provider_names_t data = {};
- OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data);
---
-2.25.1
-
diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb
index cfb7b41fa..1b82dceac 100644
--- a/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb
@@ -9,10 +9,10 @@ DEPENDS = "flex-native flex bison-native"
DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', '', d)}"
SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \
- file://0001-openssl-Don-t-unload-providers.patch \
+ file://0001-enum-Fix-compiler-warning.patch \
"
-SRC_URI[sha256sum] = "983e4ef4a4c6c9d69f5fe6707c7fe0b2b9a9291943bbf4e008faab6bf91c0bdd"
+SRC_URI[sha256sum] = "91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7"
UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch b/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch
index aeb0bece9..0840cbbd8 100644
--- a/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch
+++ b/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch
@@ -1,3 +1,8 @@
+From 7ff4eba20b5c4fc7365e5ee0dfb775ed29bdd5ce Mon Sep 17 00:00:00 2001
+From: Kai Kang <kai.kang@windriver.com>
+Date: Wed, 1 Nov 2017 09:23:41 -0400
+Subject: [PATCH] stunnel: fix compile error when openssl disable des support
+
Upstream-Status: Pending
When openssl disable des support with configure option 'no-des', it doesn't
@@ -6,12 +11,17 @@ failed. Fix it by checking macro OPENSSL_NO_DES to use openssl des related
library conditionaly.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
---
+ src/common.h | 2 ++
+ src/protocol.c | 6 +++---
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
diff --git a/src/common.h b/src/common.h
-index f7d38b0..bf485af 100644
+index bc37eb5..03ee3e5 100644
--- a/src/common.h
+++ b/src/common.h
-@@ -478,7 +478,9 @@ extern char *sys_errlist[];
+@@ -486,7 +486,9 @@ extern char *sys_errlist[];
#ifndef OPENSSL_NO_MD4
#include <openssl/md4.h>
#endif /* !defined(OPENSSL_NO_MD4) */
@@ -22,19 +32,19 @@ index f7d38b0..bf485af 100644
#include <openssl/dh.h>
#if OPENSSL_VERSION_NUMBER<0x10100000L
diff --git a/src/protocol.c b/src/protocol.c
-index 587df09..8198eb6 100644
+index 804f115..d9b2b50 100644
--- a/src/protocol.c
+++ b/src/protocol.c
-@@ -67,7 +67,7 @@ NOEXPORT char *imap_server(CLI *, SERVICE_OPTIONS *, const PHASE);
+@@ -66,7 +66,7 @@ NOEXPORT char *nntp_client(CLI *, SERVICE_OPTIONS *, const PHASE);
NOEXPORT char *ldap_client(CLI *, SERVICE_OPTIONS *, const PHASE);
NOEXPORT char *connect_server(CLI *, SERVICE_OPTIONS *, const PHASE);
NOEXPORT char *connect_client(CLI *, SERVICE_OPTIONS *, const PHASE);
-#ifndef OPENSSL_NO_MD4
+#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DES)
NOEXPORT void ntlm(CLI *, SERVICE_OPTIONS *);
- NOEXPORT char *ntlm1();
+ NOEXPORT char *ntlm1(void);
NOEXPORT char *ntlm3(char *, char *, char *, char *);
-@@ -1332,7 +1332,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
+@@ -1351,7 +1351,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
fd_printf(c, c->remote_fd.fd, "Host: %s", opt->protocol_host);
if(opt->protocol_username && opt->protocol_password) {
if(!strcasecmp(opt->protocol_authentication, "ntlm")) {
@@ -43,7 +53,7 @@ index 587df09..8198eb6 100644
ntlm(c, opt);
#else
s_log(LOG_ERR, "NTLM authentication is not available");
-@@ -1376,7 +1376,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
+@@ -1395,7 +1395,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
return NULL;
}
diff --git a/meta-networking/recipes-support/stunnel/stunnel_5.63.bb b/meta-networking/recipes-support/stunnel/stunnel_5.65.bb
index 325737e8c..ab7ff4322 100644
--- a/meta-networking/recipes-support/stunnel/stunnel_5.63.bb
+++ b/meta-networking/recipes-support/stunnel/stunnel_5.65.bb
@@ -11,7 +11,7 @@ SRC_URI = "https://stunnel.org/archive/5.x/${BP}.tar.gz \
file://fix-openssl-no-des.patch \
"
-SRC_URI[sha256sum] = "c74c4e15144a3ae34b8b890bb31c909207301490bd1e51bfaaa5ffeb0a994617"
+SRC_URI[sha256sum] = "60c500063bd1feff2877f5726e38278c086f96c178f03f09d264a2012d6bf7fc"
inherit autotools bash-completion pkgconfig
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
index f1dba227a..38fdbce89 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
@@ -19,7 +19,7 @@ SRC_URI += " \
UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
-SRC_URI[sha256sum] = "a0e227bce2cc3a51ef3301891a0243231990b52a39b68a84a6e32f69c4e75279"
+SRC_URI[sha256sum] = "881a13303e263b7dc7fe337534c8a541d4914552287879bed30bbe76c5bf68ca"
PE = "1"
diff --git a/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb b/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb
index 7ea728aad..ff4a16e9f 100644
--- a/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb
+++ b/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb
@@ -45,6 +45,12 @@ SRC_URI:append:toolchain-clang = "\
S = "${WORKDIR}/git"
+CVE_CHECK_IGNORE += "\
+ CVE-2014-8180 \
+ CVE-2017-18381 \
+ CVE-2017-2665 \
+"
+
COMPATIBLE_HOST ?= '(x86_64|i.86|powerpc64|arm|aarch64).*-linux'
PACKAGECONFIG ??= "tcmalloc system-pcre"
diff --git a/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb b/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb
index 2fa24b29b..28a3e1e77 100644
--- a/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb
+++ b/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb
@@ -11,6 +11,10 @@ SRC_URI = "git://github.com/rakshasa/libtorrent;branch=master;protocol=https \
"
SRCREV = "756f70010779927dc0691e1e722ed433d5d295e1"
+CVE_CHECK_IGNORE += "\
+ CVE-2009-1760 \
+"
+
PV = "0.13.8"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-connectivity/modemmanager/files/0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch b/meta-oe/recipes-connectivity/modemmanager/files/0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch
index 7c3e7750a..914760512 100644
--- a/meta-oe/recipes-connectivity/modemmanager/files/0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch
+++ b/meta-oe/recipes-connectivity/modemmanager/files/0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch
@@ -1,42 +1,44 @@
-From f7a3292c1c753b29384e216693f51a4213fea7d0 Mon Sep 17 00:00:00 2001
+From 35173fa04d0116ba30a86dc1a19f859f2be14a24 Mon Sep 17 00:00:00 2001
From: "Bruce A. Johnson" <waterfordtrack@gmail.com>
Date: Wed, 22 Dec 2021 14:24:02 -0500
-Subject: [PATCH 1/2] core: switch bash shell scripts to use /bin/sh for use
+Subject: [PATCH] core: switch bash shell scripts to use /bin/sh for use
w/Busybox.
Fixes https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/issues/483
+
+%% original patch: 0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch
---
- data/fcc-unlock/105b | 2 +-
- data/fcc-unlock/1199 | 2 +-
- data/fcc-unlock/1eac | 2 +-
- test/mmcli-test-sms | 2 +-
- tools/tests/test-wrapper.sh.in | 2 +-
+ data/dispatcher-fcc-unlock/105b | 2 +-
+ data/dispatcher-fcc-unlock/1199 | 2 +-
+ data/dispatcher-fcc-unlock/1eac | 2 +-
+ test/mmcli-test-sms | 2 +-
+ tools/tests/test-wrapper.sh.in | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
-diff --git a/data/fcc-unlock/105b b/data/fcc-unlock/105b
-index 21fe5329..f276050f 100644
---- a/data/fcc-unlock/105b
-+++ b/data/fcc-unlock/105b
+diff --git a/data/dispatcher-fcc-unlock/105b b/data/dispatcher-fcc-unlock/105b
+index 444bd51f..772c90f4 100644
+--- a/data/dispatcher-fcc-unlock/105b
++++ b/data/dispatcher-fcc-unlock/105b
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# SPDX-License-Identifier: CC0-1.0
# 2021 Aleksander Morgado <aleksander@aleksander.es>
-diff --git a/data/fcc-unlock/1199 b/data/fcc-unlock/1199
-index 0109c6ab..e1d3804c 100644
---- a/data/fcc-unlock/1199
-+++ b/data/fcc-unlock/1199
+diff --git a/data/dispatcher-fcc-unlock/1199 b/data/dispatcher-fcc-unlock/1199
+index 83ab2c9e..6dbf8d1b 100644
+--- a/data/dispatcher-fcc-unlock/1199
++++ b/data/dispatcher-fcc-unlock/1199
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# SPDX-License-Identifier: CC0-1.0
# 2021 Aleksander Morgado <aleksander@aleksander.es>
-diff --git a/data/fcc-unlock/1eac b/data/fcc-unlock/1eac
-index 1068d9c2..d9342852 100644
---- a/data/fcc-unlock/1eac
-+++ b/data/fcc-unlock/1eac
+diff --git a/data/dispatcher-fcc-unlock/1eac b/data/dispatcher-fcc-unlock/1eac
+index 1a048dc8..44ce46d7 100644
+--- a/data/dispatcher-fcc-unlock/1eac
++++ b/data/dispatcher-fcc-unlock/1eac
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
@@ -64,5 +66,5 @@ index d64ea4cb..fcdb56de 100644
# For debugging behavior of test-modemmanager-service.py, you can modify
# this line to add --log-file option
--
-2.34.1
+2.35.3
diff --git a/meta-oe/recipes-connectivity/modemmanager/files/0002-fcc-unlock-Make-scripts-POSIX-shell-compatible.patch b/meta-oe/recipes-connectivity/modemmanager/files/0002-fcc-unlock-Make-scripts-POSIX-shell-compatible.patch
deleted file mode 100644
index d911d54ce..000000000
--- a/meta-oe/recipes-connectivity/modemmanager/files/0002-fcc-unlock-Make-scripts-POSIX-shell-compatible.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From ddf634b92bf96b35f521db6da329628b4525c2eb Mon Sep 17 00:00:00 2001
-From: Sven Schwermer <sven.schwermer@disruptive-technologies.com>
-Date: Fri, 25 Feb 2022 21:37:13 +0100
-Subject: [PATCH 2/2] fcc-unlock: Make scripts POSIX shell compatible
-
-This allows us to not rely on bash which may not be available on
-constrained systems, e.g. Yocto-built embedded systems. The scripts now
-pass shellcheck.
-
-Signed-off-by: Sven Schwermer <sven.schwermer@disruptive-technologies.com>
----
- data/fcc-unlock/105b | 8 ++++----
- data/fcc-unlock/1199 | 6 +++---
- data/fcc-unlock/1eac | 8 ++++----
- 3 files changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/data/fcc-unlock/105b b/data/fcc-unlock/105b
-index f276050f..772c90f4 100644
---- a/data/fcc-unlock/105b
-+++ b/data/fcc-unlock/105b
-@@ -15,20 +15,20 @@ shift
- # second and next arguments are control port names
- for PORT in "$@"; do
- # match port type in Linux 5.14 and newer
-- grep -q MBIM /sys/class/wwan/${PORT}/type 2>/dev/null && {
-+ grep -q MBIM "/sys/class/wwan/$PORT/type" 2>/dev/null && {
- MBIM_PORT=$PORT
- break
- }
- # match port name in Linux 5.13
-- [[ $PORT == *"MBIM"* ]] && {
-+ echo "$PORT" | grep -q MBIM && {
- MBIM_PORT=$PORT
- break
- }
- done
-
- # fail if no MBIM port exposed
--[ -n "${MBIM_PORT}" ] || exit 2
-+[ -n "$MBIM_PORT" ] || exit 2
-
- # run qmicli operation over MBIM
--qmicli --device-open-proxy --device=/dev/${MBIM_PORT} --dms-foxconn-set-fcc-authentication=0
-+qmicli --device-open-proxy --device="/dev/$MBIM_PORT" --dms-foxconn-set-fcc-authentication=0
- exit $?
-diff --git a/data/fcc-unlock/1199 b/data/fcc-unlock/1199
-index e1d3804c..6dbf8d1b 100644
---- a/data/fcc-unlock/1199
-+++ b/data/fcc-unlock/1199
-@@ -19,15 +19,15 @@ shift
- # second and next arguments are control port names
- for PORT in "$@"; do
- # match port name
-- [[ $PORT == *"cdc-wdm"* ]] && {
-+ echo "$PORT" | grep -q cdc-wdm && {
- CDC_WDM_PORT=$PORT
- break
- }
- done
-
- # fail if no cdc-wdm port exposed
--[ -n "${CDC_WDM_PORT}" ] || exit 2
-+[ -n "$CDC_WDM_PORT" ] || exit 2
-
- # run qmicli operation
--qmicli --device-open-proxy --device=/dev/${CDC_WDM_PORT} --dms-set-fcc-authentication
-+qmicli --device-open-proxy --device="/dev/$CDC_WDM_PORT" --dms-set-fcc-authentication
- exit $?
-diff --git a/data/fcc-unlock/1eac b/data/fcc-unlock/1eac
-index d9342852..44ce46d7 100644
---- a/data/fcc-unlock/1eac
-+++ b/data/fcc-unlock/1eac
-@@ -15,20 +15,20 @@ shift
- # second and next arguments are control port names
- for PORT in "$@"; do
- # match port type in Linux 5.14 and newer
-- grep -q MBIM /sys/class/wwan/${PORT}/type 2>/dev/null && {
-+ grep -q MBIM "/sys/class/wwan/$PORT/type" 2>/dev/null && {
- MBIM_PORT=$PORT
- break
- }
- # match port name in Linux 5.13
-- [[ $PORT == *"MBIM"* ]] && {
-+ echo "$PORT" | grep -q MBIM && {
- MBIM_PORT=$PORT
- break
- }
- done
-
- # fail if no MBIM port exposed
--[ -n "${MBIM_PORT}" ] || exit 2
-+[ -n "$MBIM_PORT" ] || exit 2
-
- # run mbimcli operation
--mbimcli --device-open-proxy --device=/dev/${MBIM_PORT} --quectel-set-radio-state=on
-+mbimcli --device-open-proxy --device="/dev/$MBIM_PORT" --quectel-set-radio-state=on
- exit $?
---
-2.34.1
-
diff --git a/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.18.6.bb b/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.18.8.bb
index 14d9942c0..28f81ba6e 100644
--- a/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.18.6.bb
+++ b/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.18.8.bb
@@ -12,13 +12,12 @@ inherit gnomebase gettext systemd gobject-introspection bash-completion
DEPENDS = "glib-2.0 libgudev libxslt-native dbus"
-SRCREV ?= "a7bcf2036b34d5043dbc33fee7d98bae5859c4d3"
+SRCREV ?= "0d8b5e93fc62eb0f41e18a2d9d845331d7af36ec"
-# Patches 0001, 0002 will be in ModemManager > 1.18.6
+# Patch 0001 will be in ModemManager > 1.19
SRC_URI = " \
git://gitlab.freedesktop.org/mobile-broadband/ModemManager.git;protocol=https;branch=mm-1-18 \
file://0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch \
- file://0002-fcc-unlock-Make-scripts-POSIX-shell-compatible.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-connectivity/thrift/thrift_0.16.0.bb b/meta-oe/recipes-connectivity/thrift/thrift_0.16.0.bb
index 2d601a2f9..8141abef5 100644
--- a/meta-oe/recipes-connectivity/thrift/thrift_0.16.0.bb
+++ b/meta-oe/recipes-connectivity/thrift/thrift_0.16.0.bb
@@ -15,6 +15,8 @@ SRC_URI[sha256sum] = "f460b5c1ca30d8918ff95ea3eb6291b3951cf518553566088f3f2be898
BBCLASSEXTEND = "native nativesdk"
+CVE_PRODUCT = "apache:thrift"
+
inherit pkgconfig cmake python3native
export STAGING_INCDIR
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix_5.2.6.bb b/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb
index 66c80758c..f5d89d6c3 100644
--- a/meta-oe/recipes-connectivity/zabbix/zabbix_5.2.6.bb
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb
@@ -23,13 +23,13 @@ DEPENDS = "libevent libpcre openldap virtual/libiconv zlib"
PACKAGE_ARCH = "${MACHINE_ARCH}"
-SRC_URI = "https://cdn.zabbix.com/zabbix/sources/stable/5.2/${BPN}-${PV}.tar.gz \
+SRC_URI = "https://cdn.zabbix.com/zabbix/sources/stable/5.4/${BPN}-${PV}.tar.gz \
file://0001-Fix-configure.ac.patch \
file://zabbix-agent.service \
"
-SRC_URI[md5sum] = "31dab3535a1fa212f5724902727f6d4d"
-SRC_URI[sha256sum] = "76cb704f2a04fbc87bb3eff44fa71339c355d467f7bbd8fb53f8927c760e1680"
+SRC_URI[md5sum] = "f295fd2df86143d72f6ff26e47d9e39e"
+SRC_URI[sha256sum] = "d60d5515807c30c05d0900b83a7e6ef6479929aef7d6f248fba481c4816bacf4"
inherit autotools-brokensep linux-kernel-base pkgconfig systemd useradd
diff --git a/meta-oe/recipes-core/emlog/emlog_git.bb b/meta-oe/recipes-core/emlog/emlog_git.bb
index be9ae5823..05fa0c334 100644
--- a/meta-oe/recipes-core/emlog/emlog_git.bb
+++ b/meta-oe/recipes-core/emlog/emlog_git.bb
@@ -24,3 +24,14 @@ do_install() {
}
RRECOMMENDS:${PN} += "kernel-module-emlog"
+
+# The NVD database doesn't have a CPE for this product,
+# the name of this product is exactly the same as github.com/emlog/emlog
+# but it's not related in any way. The following CVEs are from that project
+# so they can be safely ignored
+CVE_CHECK_IGNORE += "\
+ CVE-2019-16868 \
+ CVE-2019-17073 \
+ CVE-2021-44584 \
+ CVE-2022-1526 \
+"
diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch b/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch
index 78f24585e..2256bccec 100644
--- a/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch
+++ b/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch
@@ -1,4 +1,4 @@
-From f7084ba49758a6b8db46b917b7c0f831bd65a08f Mon Sep 17 00:00:00 2001
+From 07e605015fad0621c3e67133ff9330a5c6318daa Mon Sep 17 00:00:00 2001
From: Yi Fan Yu <yifan.yu@windriver.com>
Date: Fri, 5 Feb 2021 17:15:42 -0500
Subject: [PATCH] configure.ac: bypass autoconf 2.69 version check
@@ -14,12 +14,12 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
1 file changed, 4 deletions(-)
diff --git a/configure.ac b/configure.ac
-index d3c55f2..9120184 100644
+index 04ef7be..0eb595b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros
- AC_INIT([PostgreSQL], [14.3], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/])
+ AC_INIT([PostgreSQL], [14.4], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/])
-m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required.
-Untested combinations of 'autoconf' and PostgreSQL versions are not
diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_14.3.bb b/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb
index c686c9b35..64e83b2cd 100644
--- a/meta-oe/recipes-dbs/postgresql/postgresql_14.3.bb
+++ b/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb
@@ -10,4 +10,8 @@ SRC_URI += "\
file://remove_duplicate.patch \
"
-SRC_URI[sha256sum] = "279057368bf59a919c05ada8f95c5e04abb43e74b9a2a69c3d46a20e07a9af38"
+SRC_URI[sha256sum] = "c23b6237c5231c791511bdc79098617d6852e9e3bdf360efd8b5d15a1a3d8f6a"
+
+CVE_CHECK_IGNORE += "\
+ CVE-2017-8806 \
+"
diff --git a/meta-oe/recipes-devtools/php/php_8.1.6.bb b/meta-oe/recipes-devtools/php/php_8.1.8.bb
index 96af595a4..d5cf7d8b2 100644
--- a/meta-oe/recipes-devtools/php/php_8.1.6.bb
+++ b/meta-oe/recipes-devtools/php/php_8.1.8.bb
@@ -33,7 +33,13 @@ SRC_URI:append:class-target = " \
"
S = "${WORKDIR}/php-${PV}"
-SRC_URI[sha256sum] = "7b353304b7407554f70d3e101a226a1fc22decae5c4c42ed270c4e389bfa1b66"
+SRC_URI[sha256sum] = "b8815a5a02431453d4261e3598bd1f28516e4c0354f328c12890f257870e4c01"
+
+CVE_CHECK_IGNORE += "\
+ CVE-2007-2728 \
+ CVE-2007-3205 \
+ CVE-2007-4596 \
+"
inherit autotools pkgconfig python3native gettext
diff --git a/meta-oe/recipes-devtools/protobuf/protobuf-c_1.4.0.bb b/meta-oe/recipes-devtools/protobuf/protobuf-c_1.4.1.bb
index b3423ba84..d724287d6 100644
--- a/meta-oe/recipes-devtools/protobuf/protobuf-c_1.4.0.bb
+++ b/meta-oe/recipes-devtools/protobuf/protobuf-c_1.4.1.bb
@@ -8,12 +8,12 @@ has been split out into the protobuf-c-rpc project."
HOMEPAGE = "https://github.com/protobuf-c/protobuf-c"
SECTION = "console/tools"
LICENSE = "BSD-2-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=cb901168715f4782a2b06c3ddaefa558"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=9f725889e0d77383e26cb42b0b62cea2"
DEPENDS = "protobuf-native protobuf"
SRC_URI = "git://github.com/protobuf-c/protobuf-c.git;branch=master;protocol=https"
-SRCREV = "f224ab2eeb648a818eb20687d7150a285442c907"
+SRCREV = "abc67a11c6db271bedbb9f58be85d6f4e2ea8389"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
index e9cb7adb8..df90b629a 100644
--- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
+++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
@@ -18,6 +18,10 @@ SRC_URI[sha256sum] = "53e15a2b5c1bc80161d42e9f69792a3fa18332b7b771910131004eb520
S = "${WORKDIR}/imap-${PV}"
+CVE_CHECK_IGNORE += "\
+ CVE-2005-0198 \
+"
+
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}"
PACKAGECONFIG[pam] = ",,libpam"
diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb
index 2cea50dfb..7a613bcc9 100644
--- a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb
+++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb
@@ -19,7 +19,7 @@ SRC_URI = "git://github.com/GENIVI/${BPN}.git;protocol=https;branch=master \
file://0004-Modify-systemd-config-directory.patch \
file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \
"
-SRCREV = "0138c00811c86eab4ff6bff3c6528163885ade19"
+SRCREV = "6a3bd901d825c7206797e36ea98e10a218f5aad2"
PV .= "+2.18.9git${SRCPV}"
@@ -27,7 +27,7 @@ S = "${WORKDIR}/git"
LDFLAGS:append:riscv64 = " -latomic"
-PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', ' systemd systemd-watchdog systemd-journal dlt-examples dlt-adaptor dlt-console ', '', d)} \
+PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', ' systemd systemd-watchdog systemd-journal dlt-examples dlt-adaptor dlt-adaptor-udp dlt-console ', '', d)} \
udp-connection dlt-system dlt-filetransfer "
# dlt-dbus
@@ -44,6 +44,7 @@ PACKAGECONFIG[udp-connection] = "-DWITH_UDP_CONNECTION=ON,-DWITH_UDP_CONNECTION=
# Command line options
PACKAGECONFIG[dlt-system] = "-DWITH_DLT_SYSTEM=ON,-DWITH_DLT_SYSTEM=OFF"
PACKAGECONFIG[dlt-adaptor] = "-DWITH_DLT_ADAPTOR=ON,-DWITH_DLT_ADAPTOR=OFF,,dlt-daemon-systemd"
+PACKAGECONFIG[dlt-adaptor-udp] = "-DWITH_DLT_ADAPTOR_UDP=ON,-DWITH_DLT_ADAPTOR_UDP=OFF,,dlt-daemon-systemd"
PACKAGECONFIG[dlt-filetransfer] = "-DWITH_DLT_FILETRANSFER=ON,-DWITH_DLT_FILETRANSFER=OFF"
PACKAGECONFIG[dlt-console] = "-DWITH_DLT_CONSOLE=ON,-DWITH_DLT_CONSOLE=OFF,,dlt-daemon-systemd"
@@ -58,7 +59,7 @@ SYSTEMD_SERVICE:${PN} = " ${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'dlt.
${@bb.utils.contains('PACKAGECONFIG', 'dlt-dbus', 'dlt-dbus.service', '', d)}"
SYSTEMD_AUTO_ENABLE:${PN} = "enable"
SYSTEMD_SERVICE:${PN}-systemd = " \
- ${@bb.utils.contains('PACKAGECONFIG', 'dlt-adaptor', 'dlt-adaptor-udp.service', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', 'dlt-adaptor-udp', 'dlt-adaptor-udp.service', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'dlt-examples', 'dlt-example-user.service', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'dlt-examples dlt-console', 'dlt-receive.service', '', d)} \
"
diff --git a/meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb b/meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb
index db4f507b7..daaff0039 100644
--- a/meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb
+++ b/meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb
@@ -13,6 +13,12 @@ SRC_URI = "git://github.com/libimobiledevice/libplist;protocol=https;branch=mast
S = "${WORKDIR}/git"
+CVE_CHECK_IGNORE += "\
+ CVE-2017-5834 \
+ CVE-2017-5835 \
+ CVE-2017-5836 \
+"
+
do_install:append () {
if [ -e ${D}${libdir}/python*/site-packages/plist/_plist.so ]; then
chrpath -d ${D}${libdir}/python*/site-packages/plist/_plist.so
diff --git a/meta-oe/recipes-extended/redis/redis/GNU_SOURCE.patch b/meta-oe/recipes-extended/redis/redis/GNU_SOURCE.patch
index 12994da56..20f689bd0 100644
--- a/meta-oe/recipes-extended/redis/redis/GNU_SOURCE.patch
+++ b/meta-oe/recipes-extended/redis/redis/GNU_SOURCE.patch
@@ -1,4 +1,4 @@
-From 18dc1457db8f66237e016b85a04dc50833c33c50 Mon Sep 17 00:00:00 2001
+From 98d526f76049be21bf3d77158236b2189419a78e Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sat, 21 Dec 2019 12:09:51 -0800
Subject: [PATCH] Define _GNU_SOURCE to get PTHREAD_MUTEX_INITIALIZER
@@ -10,20 +10,22 @@ Fixes
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
---
src/zmalloc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/zmalloc.c b/src/zmalloc.c
-index ba03685..322304f 100644
+index 1f33d09..5e182d1 100644
--- a/src/zmalloc.c
+++ b/src/zmalloc.c
-@@ -32,6 +32,7 @@
- #include "config.h"
- #include "solarisfixes.h"
+@@ -28,6 +28,7 @@
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
+--
+2.25.1
+
diff --git a/meta-oe/recipes-extended/redis/redis_6.2.6.bb b/meta-oe/recipes-extended/redis/redis_6.2.7.bb
index 87fade7e0..7f922a4e0 100644
--- a/meta-oe/recipes-extended/redis/redis_6.2.6.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.7.bb
@@ -17,7 +17,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
file://GNU_SOURCE.patch \
file://0006-Define-correct-gregs-for-RISCV32.patch \
"
-SRC_URI[sha256sum] = "5b2b8b7a50111ef395bf1c1d5be11e6e167ac018125055daa8b5c2317ae131ab"
+SRC_URI[sha256sum] = "b7a79cc3b46d3c6eb52fa37dde34a4a60824079ebdfb3abfbbfa035947c55319"
inherit autotools-brokensep update-rc.d systemd useradd
diff --git a/meta-oe/recipes-extended/redis/redis_7.0-rc3.bb b/meta-oe/recipes-extended/redis/redis_7.0.4.bb
index e977d67f6..993ff34b1 100644
--- a/meta-oe/recipes-extended/redis/redis_7.0-rc3.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.0.4.bb
@@ -19,7 +19,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
file://GNU_SOURCE.patch \
file://0006-Define-correct-gregs-for-RISCV32.patch \
"
-SRC_URI[sha256sum] = "66b2ecc2e4b53c62940589434ea8af3a85546df131001680ed294028cd84ecdc"
+SRC_URI[sha256sum] = "f0e65fda74c44a3dd4fa9d512d4d4d833dd0939c934e946a5c622a630d057f2f"
inherit autotools-brokensep update-rc.d systemd useradd
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog_8.2202.0.bb b/meta-oe/recipes-extended/rsyslog/rsyslog_8.2206.0.bb
index ebb8ecf9b..a39de3acb 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog_8.2202.0.bb
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog_8.2206.0.bb
@@ -31,7 +31,7 @@ SRC_URI:append:libc-musl = " \
file://0001-Include-sys-time-h.patch \
"
-SRC_URI[sha256sum] = "e41308a5a171939b3cbc246e9d4bd30be44e801521e04cd95d051fa3867d6738"
+SRC_URI[sha256sum] = "a1377218b26c0767a7a3f67d166d5338af7c24b455d35ec99974e18e6845ba27"
UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/releases"
UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)"
diff --git a/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb b/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb
index ecbfad394..a59a5c41d 100644
--- a/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb
+++ b/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb
@@ -21,6 +21,10 @@ SRCREV = "a181e951376d49a82eef17920c8ebedec80b4823"
S = "${WORKDIR}/git"
+CVE_CHECK_IGNORE += "\
+ CVE-2012-5638 \
+"
+
DEPENDS = "libaio util-linux"
inherit setuptools3 useradd
diff --git a/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb b/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb
index 7e00f150d..4b9ae4758 100644
--- a/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb
+++ b/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb
@@ -32,6 +32,10 @@ SRC_URI = "http://downloads.sourceforge.net/sblim/${BP}.tar.bz2 \
SRC_URI[md5sum] = "28021cdabc73690a94f4f9d57254ce30"
SRC_URI[sha256sum] = "634a67b2f7ac3b386a79160eb44413d618e33e4e7fc74ae68b0240484af149dd"
+CVE_CHECK_IGNORE += "\
+ CVE-2012-3381 \
+"
+
inherit autotools
inherit systemd
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb
index aa597cd8e..4c51af669 100644
--- a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb
+++ b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb
@@ -31,6 +31,10 @@ SRC_URI:append:class-nativesdk = "\
SRC_URI[sha256sum] = "6b16bf990df114195be669773a1dae975dbbffada45e1de2849ddeb5851bb9a8"
+CVE_CHECK_IGNORE += "\
+ CVE-2014-9157 \
+"
+
PACKAGECONFIG ??= "librsvg"
PACKAGECONFIG[librsvg] = "--with-librsvg,--without-librsvg,librsvg"
diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
index 4c17105a9..27dff82df 100644
--- a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
+++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
@@ -6,6 +6,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb"
SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master"
SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"
+CVE_CHECK_IGNORE += "\
+ CVE-2015-8751 \
+"
+
S = "${WORKDIR}/git"
inherit cmake
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
index f248619ec..42d2b4efb 100644
--- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
@@ -15,6 +15,10 @@ SRC_URI = " \
SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505"
S = "${WORKDIR}/git"
+CVE_CHECK_IGNORE += "\
+ CVE-2015-1239 \
+"
+
inherit cmake
# for multilib
diff --git a/meta-oe/recipes-support/atop/atop_2.4.0.bb b/meta-oe/recipes-support/atop/atop_2.4.0.bb
index 35540b3b8..b1d2abde7 100644
--- a/meta-oe/recipes-support/atop/atop_2.4.0.bb
+++ b/meta-oe/recipes-support/atop/atop_2.4.0.bb
@@ -24,6 +24,10 @@ SRC_URI = "http://www.atoptool.nl/download/${BP}.tar.gz \
SRC_URI[md5sum] = "1077da884ed94f2bc3c81ac3ab970436"
SRC_URI[sha256sum] = "be1c010a77086b7d98376fce96514afcd73c3f20a8d1fe01520899ff69a73d69"
+CVE_CHECK_IGNORE += "\
+ CVE-2011-3618 \
+"
+
do_compile() {
oe_runmake all
}
diff --git a/meta-oe/recipes-support/emacs/emacs_27.2.bb b/meta-oe/recipes-support/emacs/emacs_27.2.bb
index b78dc5e45..4a7e7aba5 100644
--- a/meta-oe/recipes-support/emacs/emacs_27.2.bb
+++ b/meta-oe/recipes-support/emacs/emacs_27.2.bb
@@ -11,6 +11,10 @@ SRC_URI:append:class-target = " file://usemake-docfile-native.patch"
SRC_URI[sha256sum] = "b4a7cc4e78e63f378624e0919215b910af5bb2a0afc819fad298272e9f40c1b9"
+CVE_CHECK_IGNORE = "\
+ CVE-2007-6109 \
+"
+
PACKAGECONFIG[gnutls] = "--with-gnutls=yes,--with-gnutls=no,gnutls"
PACKAGECONFIG[kerberos] = "--with-kerberos=yes,--with-kerberos=no,krb5"
PACKAGECONFIG[libgmp] = "--with-libgmp=yes,--with-libgmp=no,gmp"
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index 008a83f46..b8167f5a7 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -4,15 +4,15 @@ HOMEPAGE = "https://www.imagemagick.org/"
DESCRIPTION = "ImageMagick is a collection of tools for displaying, converting, and \
editing raster and vector image files. It can read and write over 200 image file formats."
LICENSE = "ImageMagick"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=41b4fa9af60c88e61484b02c0561181a \
- file://NOTICE;md5=a2aa6e41f8a40700196a9ce301693e34"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=b97c12a9213df1499565d69b92c73dd7 \
+ file://NOTICE;md5=d8b9d2ccf273687ad12ebd06e5d8478f"
# FIXME: There are many more checked libraries. All should be added or explicitly disabled to get consistent results.
DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool"
BASE_PV := "${PV}"
-PV .= "_25"
+PV .= "-62"
SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https"
-SRCREV = "8b4e00829eb84d4e7b4da11acf1f98f1e8166e5b"
+SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb b/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb
index 14b1aaf01..3d8a45786 100644
--- a/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb
+++ b/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb
@@ -15,6 +15,11 @@ SRC_URI = "\
SRC_URI[sha256sum] = "19654ad276b149646371fbdac21bc7620742f2975f7399fed0ffc1a18fbaf603"
+CVE_CHECK_IGNORE += "\
+ CVE-2010-1624 \
+ CVE-2011-3594 \
+"
+
PACKAGECONFIG ??= "gnutls consoleui avahi dbus idn nss \
${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 gtk startup-notification', '', d)} \
"
diff --git a/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.systemd b/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.systemd
index b63f46ddc..851bf252b 100644
--- a/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.systemd
+++ b/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.systemd
@@ -1,4 +1,4 @@
-@version: 3.31
+@version: 3.36
#
# Syslog-ng configuration file, compatible with default Debian syslogd
# installation. Originally written by anonymous (I can't find his name)
diff --git a/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.sysvinit b/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.sysvinit
index 07cd3b086..70afd0da8 100644
--- a/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.sysvinit
+++ b/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.sysvinit
@@ -1,4 +1,4 @@
-@version: 3.31
+@version: 3.36
#
# Syslog-ng configuration file, compatible with default Debian syslogd
# installation. Originally written by anonymous (I can't find his name)
diff --git a/meta-python/recipes-devtools/python/python3-lxml/CVE-2022-2309.patch b/meta-python/recipes-devtools/python/python3-lxml/CVE-2022-2309.patch
new file mode 100644
index 000000000..5ec55dfd2
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-lxml/CVE-2022-2309.patch
@@ -0,0 +1,99 @@
+From 86368e9cf70a0ad23cccd5ee32de847149af0c6f Mon Sep 17 00:00:00 2001
+From: Stefan Behnel <stefan_ml@behnel.de>
+Date: Fri, 1 Jul 2022 21:06:10 +0200
+Subject: [PATCH] Fix a crash when incorrect parser input occurs together with
+ usages of iterwalk() on trees generated by the same parser.
+
+CVE: CVE-2022-2309
+
+Upstream-Status: Backport
+[https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f]
+
+Signed-off-by: Yue Tao <yue.tao@windriver.com>
+
+---
+ src/lxml/apihelpers.pxi | 7 ++++---
+ src/lxml/iterparse.pxi | 11 ++++++-----
+ src/lxml/tests/test_etree.py | 20 ++++++++++++++++++++
+ 3 files changed, 30 insertions(+), 8 deletions(-)
+
+diff --git a/src/lxml/apihelpers.pxi b/src/lxml/apihelpers.pxi
+index c1662762..9fae9fb1 100644
+--- a/src/lxml/apihelpers.pxi
++++ b/src/lxml/apihelpers.pxi
+@@ -246,9 +246,10 @@ cdef dict _build_nsmap(xmlNode* c_node):
+ while c_node is not NULL and c_node.type == tree.XML_ELEMENT_NODE:
+ c_ns = c_node.nsDef
+ while c_ns is not NULL:
+- prefix = funicodeOrNone(c_ns.prefix)
+- if prefix not in nsmap:
+- nsmap[prefix] = funicodeOrNone(c_ns.href)
++ if c_ns.prefix or c_ns.href:
++ prefix = funicodeOrNone(c_ns.prefix)
++ if prefix not in nsmap:
++ nsmap[prefix] = funicodeOrNone(c_ns.href)
+ c_ns = c_ns.next
+ c_node = c_node.parent
+ return nsmap
+diff --git a/src/lxml/iterparse.pxi b/src/lxml/iterparse.pxi
+index 138c23a6..a7299da6 100644
+--- a/src/lxml/iterparse.pxi
++++ b/src/lxml/iterparse.pxi
+@@ -420,7 +420,7 @@ cdef int _countNsDefs(xmlNode* c_node):
+ count = 0
+ c_ns = c_node.nsDef
+ while c_ns is not NULL:
+- count += 1
++ count += (c_ns.href is not NULL)
+ c_ns = c_ns.next
+ return count
+
+@@ -431,9 +431,10 @@ cdef int _appendStartNsEvents(xmlNode* c_node, list event_list) except -1:
+ count = 0
+ c_ns = c_node.nsDef
+ while c_ns is not NULL:
+- ns_tuple = (funicode(c_ns.prefix) if c_ns.prefix is not NULL else '',
+- funicode(c_ns.href))
+- event_list.append( (u"start-ns", ns_tuple) )
+- count += 1
++ if c_ns.href:
++ ns_tuple = (funicodeOrEmpty(c_ns.prefix),
++ funicode(c_ns.href))
++ event_list.append( (u"start-ns", ns_tuple) )
++ count += 1
+ c_ns = c_ns.next
+ return count
+diff --git a/src/lxml/tests/test_etree.py b/src/lxml/tests/test_etree.py
+index e5f08469..285313f6 100644
+--- a/src/lxml/tests/test_etree.py
++++ b/src/lxml/tests/test_etree.py
+@@ -1460,6 +1460,26 @@ class ETreeOnlyTestCase(HelperTestCase):
+ [1,2,1,4],
+ counts)
+
++ def test_walk_after_parse_failure(self):
++ # This used to be an issue because libxml2 can leak empty namespaces
++ # between failed parser runs. iterwalk() failed to handle such a tree.
++ try:
++ etree.XML('''<anot xmlns="1">''')
++ except etree.XMLSyntaxError:
++ pass
++ else:
++ assert False, "invalid input did not fail to parse"
++
++ et = etree.XML('''<root> </root>''')
++ try:
++ ns = next(etree.iterwalk(et, events=('start-ns',)))
++ except StopIteration:
++ # This would be the expected result, because there was no namespace
++ pass
++ else:
++ # This is a bug in libxml2
++ assert not ns, repr(ns)
++
+ def test_itertext_comment_pi(self):
+ # https://bugs.launchpad.net/lxml/+bug/1844674
+ XML = self.etree.XML
+--
+2.17.1
+
diff --git a/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb b/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb
index c4d4df383..0c78d97ab 100644
--- a/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb
+++ b/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb
@@ -20,7 +20,8 @@ DEPENDS += "libxml2 libxslt"
SRC_URI[sha256sum] = "f63f62fc60e6228a4ca9abae28228f35e1bd3ce675013d1dfb828688d50c6e23"
-SRC_URI += "${PYPI_SRC_URI}"
+SRC_URI += "${PYPI_SRC_URI} \
+ file://CVE-2022-2309.patch "
inherit pkgconfig pypi setuptools3
# {standard input}: Assembler messages:
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch b/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch
index 5d8291968..a652b7969 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch
+++ b/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch
@@ -1,4 +1,4 @@
-From 37699e9be04d83c5923644e298f400e077f76e85 Mon Sep 17 00:00:00 2001
+From abd5b40c9b094e721e91a5d75132639149d7952f Mon Sep 17 00:00:00 2001
From: Paul Eggleton <paul.eggleton@linux.intel.com>
Date: Tue, 17 Jul 2012 11:27:39 +0100
Subject: [PATCH] Log the SELinux context at startup.
@@ -14,7 +14,7 @@ Note: unlikely to be any interest in this upstream
2 files changed, 31 insertions(+)
diff --git a/configure.in b/configure.in
-index c799aec..76811e7 100644
+index ea6cec3..92b74b7 100644
--- a/configure.in
+++ b/configure.in
@@ -491,6 +491,11 @@ getloadavg
@@ -30,7 +30,7 @@ index c799aec..76811e7 100644
[AC_TRY_RUN(#define _GNU_SOURCE
#include <unistd.h>
diff --git a/server/core.c b/server/core.c
-index 3020090..8fef5fd 100644
+index 4da7209..d3ca25b 100644
--- a/server/core.c
+++ b/server/core.c
@@ -65,6 +65,10 @@
@@ -43,7 +43,7 @@ index 3020090..8fef5fd 100644
+
/* LimitRequestBody handling */
#define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
- #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0)
+ #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */
@@ -5126,6 +5130,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
}
#endif
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb
index 8413f5379..4b0ed2f62 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb
@@ -26,7 +26,7 @@ SRC_URI:append:class-target = " \
"
LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3"
-SRC_URI[sha256sum] = "d0bbd1121a57b5f2a6ff92d7b96f8050c5a45d3f14db118f64979d525858db63"
+SRC_URI[sha256sum] = "eb397feeefccaf254f8d45de3768d9d68e8e73851c49afd5b7176d1ecf80c340"
S = "${WORKDIR}/httpd-${PV}"
diff --git a/meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb b/meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb
index 98cd251d2..8fe879b81 100644
--- a/meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb
+++ b/meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb
@@ -12,3 +12,12 @@ SRC_URI[sha256sum] = "e9a99a62d10981391508dd43f3cbfa2d50a69bd6b7d1eeef7d30ba4c67
FILES:${PN} += "${datadir}/metainfo"
RDEPENDS:${PN} += "python3-pygobject python3-dbus"
+
+do_install:append() {
+ #
+ # Until catfish upstream figures out a way to overcome this buildpath issue, we need to do such adjustments here.
+ #
+ sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' ${D}${datadir}/applications/org.xfce.Catfish.desktop
+ sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' ${D}${PYTHON_SITEPACKAGES_DIR}/catfish_lib/catfishconfig.py
+ rm -f ${D}${PYTHON_SITEPACKAGES_DIR}/catfish_lib/__pycache__/catfishconfig.*.pyc
+}
diff --git a/meta-xfce/recipes-xfce/exo/exo_4.16.3.bb b/meta-xfce/recipes-xfce/exo/exo_4.16.4.bb
index 2b164442f..b97d9943f 100644
--- a/meta-xfce/recipes-xfce/exo/exo_4.16.3.bb
+++ b/meta-xfce/recipes-xfce/exo/exo_4.16.4.bb
@@ -14,7 +14,7 @@ SRC_URI += " \
file://configure.patch \
"
-SRC_URI[sha256sum] = "722dff3c3fe23f0a65405e63889cf247c99d092d3f9fb16dec78d062cfb8fae6"
+SRC_URI[sha256sum] = "82a50c67e78f1e5c420b7615515bcca759b86eeab99224ab8eca4306b89d2eca"
# Note: python bindings did not work in oe-dev and are about to be moved to
# pyxfce see http://comments.gmane.org/gmane.comp.desktop.xfce.devel.version4/19560