aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support
diff options
context:
space:
mode:
Diffstat (limited to 'meta-oe/recipes-support')
-rw-r--r--meta-oe/recipes-support/ace-cloud-editor/ace-cloud-editor_git.bb2
-rw-r--r--meta-oe/recipes-support/anthy/anthy_9100h.bb4
-rw-r--r--meta-oe/recipes-support/avro/avro-c_1.9.2.bb2
-rw-r--r--meta-oe/recipes-support/bdwgc/bdwgc_8.0.4.bb2
-rw-r--r--meta-oe/recipes-support/c-ares/c-ares/0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch27
-rw-r--r--meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch84
-rw-r--r--meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb (renamed from meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb)10
-rw-r--r--meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb2
-rw-r--r--meta-oe/recipes-support/cli11/cli11_1.8.0.bb2
-rw-r--r--meta-oe/recipes-support/cmark/cmark_git.bb2
-rw-r--r--meta-oe/recipes-support/daemonize/daemonize_git.bb2
-rw-r--r--meta-oe/recipes-support/digitemp/digitemp_3.7.2.bb2
-rw-r--r--meta-oe/recipes-support/dstat/dstat_0.7.4.bb4
-rw-r--r--meta-oe/recipes-support/epeg/epeg_git.bb2
-rw-r--r--meta-oe/recipes-support/fmt/fmt_6.2.0.bb2
-rw-r--r--meta-oe/recipes-support/freerdp/freerdp_git.bb2
-rw-r--r--meta-oe/recipes-support/function2/function2_4.0.0.bb2
-rw-r--r--meta-oe/recipes-support/gd/gd_2.3.0.bb2
-rw-r--r--meta-oe/recipes-support/gflags/gflags_2.2.2.bb2
-rw-r--r--meta-oe/recipes-support/glog/glog_0.3.5.bb2
-rw-r--r--meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb2
-rw-r--r--meta-oe/recipes-support/gperftools/gperftools_2.7.90.bb2
-rw-r--r--meta-oe/recipes-support/gpm/gpm_git.bb2
-rw-r--r--meta-oe/recipes-support/hidapi/hidapi_git.bb2
-rw-r--r--meta-oe/recipes-support/hunspell/hunspell-dictionaries.bb2
-rw-r--r--meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb2
-rw-r--r--meta-oe/recipes-support/hwdata/hwdata_git.bb2
-rw-r--r--meta-oe/recipes-support/iksemel/iksemel_1.5.bb2
-rw-r--r--meta-oe/recipes-support/imagemagick/imagemagick_7.0.9.bb2
-rw-r--r--meta-oe/recipes-support/inih/libinih_git.bb2
-rw-r--r--meta-oe/recipes-support/iniparser/iniparser_4.1.bb2
-rw-r--r--meta-oe/recipes-support/inotify-tools/inotify-tools_git.bb2
-rw-r--r--meta-oe/recipes-support/libatasmart/libatasmart_0.19.bb2
-rw-r--r--meta-oe/recipes-support/libbytesize/libbytesize_2.2.bb2
-rw-r--r--meta-oe/recipes-support/libcereal/libcereal_1.3.0.bb2
-rw-r--r--meta-oe/recipes-support/libcyusbserial/libcyusbserial_git.bb2
-rw-r--r--meta-oe/recipes-support/libfann/libfann_git.bb2
-rw-r--r--meta-oe/recipes-support/libgit2/libgit2_0.28.4.bb2
-rw-r--r--meta-oe/recipes-support/libgusb/libgusb_git.bb2
-rw-r--r--meta-oe/recipes-support/libharu/libharu_2.3.0.bb2
-rw-r--r--meta-oe/recipes-support/libiio/libiio_git.bb2
-rw-r--r--meta-oe/recipes-support/libmicrohttpd/libmicrohttpd/CVE-2021-3466.patch158
-rw-r--r--meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.70.bb3
-rw-r--r--meta-oe/recipes-support/libmimetic/libmimetic_0.9.8.bb2
-rw-r--r--meta-oe/recipes-support/libmxml/libmxml_3.1.bb2
-rw-r--r--meta-oe/recipes-support/libp11/libp11_0.4.10.bb2
-rw-r--r--meta-oe/recipes-support/librsync/librsync_2.3.1.bb2
-rw-r--r--meta-oe/recipes-support/libsoc/libsoc_0.8.2.bb2
-rw-r--r--meta-oe/recipes-support/libteam/libteam_1.30.bb2
-rw-r--r--meta-oe/recipes-support/libtinyxml2/libtinyxml2_8.0.0.bb2
-rw-r--r--meta-oe/recipes-support/libusbg/libusbg_git.bb2
-rw-r--r--meta-oe/recipes-support/libusbgx/libusbgx_git.bb2
-rw-r--r--meta-oe/recipes-support/libutempter/libutempter.bb2
-rw-r--r--meta-oe/recipes-support/lio-utils/lio-utils_4.1.bb2
-rw-r--r--meta-oe/recipes-support/lvm2/lvm2.inc2
-rw-r--r--meta-oe/recipes-support/mcelog/mce-inject_git.bb2
-rw-r--r--meta-oe/recipes-support/mcelog/mce-test_git.bb2
-rw-r--r--meta-oe/recipes-support/mcelog/mcelog_168.bb2
-rw-r--r--meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb2
-rw-r--r--meta-oe/recipes-support/ne10/ne10_1.2.1.bb2
-rw-r--r--meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch65
-rw-r--r--meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch80
-rw-r--r--meta-oe/recipes-support/nss/nss/CVE-2020-25648.patch163
-rw-r--r--meta-oe/recipes-support/nss/nss/CVE-2021-43527.patch283
-rw-r--r--meta-oe/recipes-support/nss/nss/CVE-2022-22747.patch63
-rw-r--r--meta-oe/recipes-support/nss/nss_3.51.1.bb11
-rw-r--r--meta-oe/recipes-support/numactl/numactl_git.bb2
-rw-r--r--meta-oe/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch39
-rw-r--r--meta-oe/recipes-support/open-vm-tools/open-vm-tools_11.0.1.bb3
-rw-r--r--meta-oe/recipes-support/opencl/clinfo_2.2.18.04.06.bb2
-rw-r--r--meta-oe/recipes-support/opencv/ade_0.1.1f.bb2
-rw-r--r--meta-oe/recipes-support/opencv/opencv_4.1.0.bb12
-rw-r--r--meta-oe/recipes-support/openldap/openldap/CVE-2022-29155.patch277
-rw-r--r--meta-oe/recipes-support/openldap/openldap_2.4.57.bb2
-rw-r--r--meta-oe/recipes-support/opensc/opensc_0.20.0.bb2
-rw-r--r--meta-oe/recipes-support/picocom/picocom_git.bb2
-rw-r--r--meta-oe/recipes-support/pidgin/funyahoo-plusplus_git.bb2
-rw-r--r--meta-oe/recipes-support/pidgin/icyque_git.bb2
-rw-r--r--meta-oe/recipes-support/pidgin/purple-skypeweb_git.bb2
-rw-r--r--meta-oe/recipes-support/poco/poco_1.9.4.bb2
-rw-r--r--meta-oe/recipes-support/pps-tools/pps-tools_1.0.2.bb2
-rw-r--r--meta-oe/recipes-support/remmina/remmina_1.3.6.bb2
-rw-r--r--meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb2
-rw-r--r--meta-oe/recipes-support/sass/libsass_3.6.3.bb2
-rw-r--r--meta-oe/recipes-support/sass/sassc_git.bb2
-rw-r--r--meta-oe/recipes-support/satyr/satyr_0.28.bb2
-rw-r--r--meta-oe/recipes-support/serial-utils/pty-forward-native.bb2
-rw-r--r--meta-oe/recipes-support/serial-utils/serial-forward_git.bb2
-rw-r--r--meta-oe/recipes-support/span-lite/span-lite_git.bb2
-rw-r--r--meta-oe/recipes-support/spdlog/spdlog_1.5.0.bb2
-rw-r--r--meta-oe/recipes-support/spitools/spitools_git.bb2
-rw-r--r--meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_0.8.5.bb2
-rw-r--r--meta-oe/recipes-support/toscoterm/toscoterm_git.bb2
-rw-r--r--meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch63
-rw-r--r--meta-oe/recipes-support/udisks/udisks2_git.bb3
-rw-r--r--meta-oe/recipes-support/uhubctl/uhubctl_2.1.0.bb2
-rw-r--r--meta-oe/recipes-support/uthash/uthash_2.1.0.bb2
-rw-r--r--meta-oe/recipes-support/utouch/utouch-evemu_git.bb2
-rw-r--r--meta-oe/recipes-support/utouch/utouch-frame_git.bb2
-rw-r--r--meta-oe/recipes-support/utouch/utouch-mtview_git.bb2
-rw-r--r--meta-oe/recipes-support/websocketpp/websocketpp_0.8.2.bb2
-rw-r--r--meta-oe/recipes-support/xdelta/xdelta3_3.1.0.bb2
-rw-r--r--meta-oe/recipes-support/xorg-xrdp/xorgxrdp_0.2.5.bb2
-rw-r--r--meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb2
-rw-r--r--meta-oe/recipes-support/xxhash/xxhash_0.7.3.bb2
-rw-r--r--meta-oe/recipes-support/zbar/zbar_git.bb2
-rw-r--r--meta-oe/recipes-support/zchunk/zchunk_1.1.6.bb2
107 files changed, 1308 insertions, 220 deletions
diff --git a/meta-oe/recipes-support/ace-cloud-editor/ace-cloud-editor_git.bb b/meta-oe/recipes-support/ace-cloud-editor/ace-cloud-editor_git.bb
index 4ea6c8a29..8df94d91e 100644
--- a/meta-oe/recipes-support/ace-cloud-editor/ace-cloud-editor_git.bb
+++ b/meta-oe/recipes-support/ace-cloud-editor/ace-cloud-editor_git.bb
@@ -4,7 +4,7 @@ SUMMARY = "Ace is a code editor written in JavaScript. This repository has only
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=794d11c5219c59c9efa2487c2b4066b2"
-SRC_URI = "git://github.com/ajaxorg/ace-builds.git;protocol=https"
+SRC_URI = "git://github.com/ajaxorg/ace-builds.git;protocol=https;branch=master"
PV = "02.07.17+git${SRCPV}"
SRCREV = "812e2c56aed246931a667f16c28b096e34597016"
diff --git a/meta-oe/recipes-support/anthy/anthy_9100h.bb b/meta-oe/recipes-support/anthy/anthy_9100h.bb
index a65d324ea..b464c0000 100644
--- a/meta-oe/recipes-support/anthy/anthy_9100h.bb
+++ b/meta-oe/recipes-support/anthy/anthy_9100h.bb
@@ -10,8 +10,8 @@ SRC_URI = "http://osdn.dl.sourceforge.jp/anthy/37536/anthy-9100h.tar.gz \
file://2ch_t.patch \
"
-SRC_URI_append_class-target = "file://target-helpers.patch"
-SRC_URI_append_class-native = "file://native-helpers.patch"
+SRC_URI_append_class-target = " file://target-helpers.patch"
+SRC_URI_append_class-native = " file://native-helpers.patch"
SRC_URI[md5sum] = "1f558ff7ed296787b55bb1c6cf131108"
SRC_URI[sha256sum] = "d256f075f018b4a3cb0d165ed6151fda4ba7db1621727e0eb54569b6e2275547"
diff --git a/meta-oe/recipes-support/avro/avro-c_1.9.2.bb b/meta-oe/recipes-support/avro/avro-c_1.9.2.bb
index 0642179fb..e85f341f1 100644
--- a/meta-oe/recipes-support/avro/avro-c_1.9.2.bb
+++ b/meta-oe/recipes-support/avro/avro-c_1.9.2.bb
@@ -9,7 +9,7 @@ DEPENDS = "jansson zlib xz"
BRANCH = "branch-1.9"
SRCREV = "bf20128ca6138a830b2ea13e0490f3df6b035639"
-SRC_URI = "git://github.com/apache/avro;branch=${BRANCH} \
+SRC_URI = "git://github.com/apache/avro;branch=${BRANCH};protocol=https \
file://0001-cmake-Use-GNUInstallDirs-instead-of-hard-coded-paths.patch;patchdir=../../ \
"
diff --git a/meta-oe/recipes-support/bdwgc/bdwgc_8.0.4.bb b/meta-oe/recipes-support/bdwgc/bdwgc_8.0.4.bb
index 407de2138..d7d0b9c15 100644
--- a/meta-oe/recipes-support/bdwgc/bdwgc_8.0.4.bb
+++ b/meta-oe/recipes-support/bdwgc/bdwgc_8.0.4.bb
@@ -24,7 +24,7 @@ LIC_FILES_CHKSUM = "file://README.QUICK;md5=81b447d779e278628c843aef92f088fa"
DEPENDS = "libatomic-ops"
SRCREV = "d3dede3ce4462cd82a15f161af797ca51654546a"
-SRC_URI = "git://github.com/ivmai/bdwgc.git;branch=release-8_0"
+SRC_URI = "git://github.com/ivmai/bdwgc.git;branch=release-8_0;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/c-ares/c-ares/0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch b/meta-oe/recipes-support/c-ares/c-ares/0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch
deleted file mode 100644
index 8f15f8424..000000000
--- a/meta-oe/recipes-support/c-ares/c-ares/0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From f2f1e134bf5d9d0789942848e03006af8d926cf8 Mon Sep 17 00:00:00 2001
-From: Wang Mingyu <wangmy@cn.fujitsu.com>
-Date: Tue, 17 Mar 2020 12:53:35 +0800
-Subject: [PATCH] fix configure error : mv libcares.pc.cmakein to
- libcares.pc.cmake
-
-Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
----
- CMakeLists.txt | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 3a5878d..c2e5740 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -563,7 +563,7 @@ IF (CARES_STATIC)
- ENDIF()
-
- # Write ares_config.h configuration file. This is used only for the build.
--CONFIGURE_FILE (libcares.pc.cmakein ${PROJECT_BINARY_DIR}/libcares.pc @ONLY)
-+CONFIGURE_FILE (libcares.pc.cmake ${PROJECT_BINARY_DIR}/libcares.pc @ONLY)
-
-
-
---
-2.17.1
-
diff --git a/meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch b/meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch
deleted file mode 100644
index 0eb7e4bbb..000000000
--- a/meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From 12414304245cce6ef0e8b9547949be5109845353 Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Tue, 24 Jul 2018 13:33:33 +0800
-Subject: [PATCH] cmake: Install libcares.pc
-
-Prepare and install libcares.pc file during cmake build, so libraries
-using pkg-config to find libcares will not fail.
-
-Signed-off-by: Alexey Firago <alexey_firago@mentor.com>
-
-update to 1.14.0, fix patch warning
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- CMakeLists.txt | 28 +++++++++++++++++++++++-----
- 1 file changed, 23 insertions(+), 5 deletions(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index fd123e1..3a5878d 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -214,22 +214,25 @@ ADD_DEFINITIONS(${SYSFLAGS})
-
-
- # Tell C-Ares about libraries to depend on
-+# Also pass these libraries to pkg-config file
-+SET(CARES_PRIVATE_LIBS_LIST)
- IF (HAVE_LIBRESOLV)
-- LIST (APPEND CARES_DEPENDENT_LIBS resolv)
-+ LIST (APPEND CARES_PRIVATE_LIBS_LIST "-lresolv")
- ENDIF ()
- IF (HAVE_LIBNSL)
-- LIST (APPEND CARES_DEPENDENT_LIBS nsl)
-+ LIST (APPEND CARES_PRIVATE_LIBS_LIST "-lnsl")
- ENDIF ()
- IF (HAVE_LIBSOCKET)
-- LIST (APPEND CARES_DEPENDENT_LIBS socket)
-+ LIST (APPEND CARES_PRIVATE_LIBS_LIST "-lsocket")
- ENDIF ()
- IF (HAVE_LIBRT)
-- LIST (APPEND CARES_DEPENDENT_LIBS rt)
-+ LIST (APPEND CARES_PRIVATE_LIBS_LIST "-lrt")
- ENDIF ()
- IF (WIN32)
-- LIST (APPEND CARES_DEPENDENT_LIBS ws2_32 Advapi32)
-+ LIST (APPEND CARES_PRIVATE_LIBS_LIST "-lws2_32")
- ENDIF ()
-
-+string (REPLACE ";" " " CARES_PRIVATE_LIBS "${CARES_PRIVATE_LIBS_LIST}")
-
- # When checking for symbols, we need to make sure we set the proper
- # headers, libraries, and definitions for the detection to work properly
-@@ -554,6 +557,15 @@ CONFIGURE_FILE (ares_build.h.cmake ${PROJECT_BINARY_DIR}/ares_build.h)
- # Write ares_config.h configuration file. This is used only for the build.
- CONFIGURE_FILE (ares_config.h.cmake ${PROJECT_BINARY_DIR}/ares_config.h)
-
-+# Pass required CFLAGS to pkg-config in case of static library
-+IF (CARES_STATIC)
-+ SET (CPPFLAG_CARES_STATICLIB "-DCARES_STATICLIB")
-+ENDIF()
-+
-+# Write ares_config.h configuration file. This is used only for the build.
-+CONFIGURE_FILE (libcares.pc.cmakein ${PROJECT_BINARY_DIR}/libcares.pc @ONLY)
-+
-+
-
- # TRANSFORM_MAKEFILE_INC
- #
-@@ -728,6 +740,12 @@ IF (CARES_INSTALL)
- INSTALL (FILES "${CMAKE_CURRENT_BINARY_DIR}/libcares.pc" COMPONENT Devel DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig")
- ENDIF ()
-
-+# pkg-config file
-+IF (CARES_INSTALL)
-+ SET (PKGCONFIG_INSTALL_DIR "${CMAKE_INSTALL_LIBDIR}/pkgconfig")
-+ INSTALL (FILES "${CMAKE_CURRENT_BINARY_DIR}/libcares.pc" DESTINATION ${PKGCONFIG_INSTALL_DIR})
-+ENDIF ()
-+
- # Legacy chain-building variables (provided for compatibility with old code).
- # Don't use these, external code should be updated to refer to the aliases directly (e.g., Cares::cares).
- SET (CARES_FOUND 1 CACHE INTERNAL "CARES LIBRARY FOUND")
---
-2.17.1
-
diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
index 67dd70180..25ce45d74 100644
--- a/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb
+++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
@@ -5,14 +5,8 @@ SECTION = "libs"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006"
-PV = "1.16.0+gitr${SRCPV}"
-
-SRC_URI = "\
- git://github.com/c-ares/c-ares.git \
- file://cmake-install-libcares.pc.patch \
- file://0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch \
-"
-SRCREV = "74a1426ba60e2cd7977e53a22ef839c87415066e"
+SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main"
+SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed"
UPSTREAM_CHECK_GITTAGREGEX = "cares-(?P<pver>\d+_(\d_?)+)"
diff --git a/meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb b/meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb
index 105610be5..e0e50366d 100644
--- a/meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb
+++ b/meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=35e00f0c4c96a0820a03e0b31e6416be"
DEPENDS = "libeigen glog"
-SRC_URI = "git://github.com/ceres-solver/ceres-solver.git"
+SRC_URI = "git://github.com/ceres-solver/ceres-solver.git;branch=master;protocol=https"
SRCREV = "facb199f3eda902360f9e1d5271372b7e54febe1"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/cli11/cli11_1.8.0.bb b/meta-oe/recipes-support/cli11/cli11_1.8.0.bb
index dd129cbec..a49eab72f 100644
--- a/meta-oe/recipes-support/cli11/cli11_1.8.0.bb
+++ b/meta-oe/recipes-support/cli11/cli11_1.8.0.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b73927b18d5c6cd8d2ed28a6ad539733"
SRCREV = "13becaddb657eacd090537719a669d66d393b8b2"
PV .= "+git${SRCPV}"
-SRC_URI += "gitsm://github.com/CLIUtils/CLI11 \
+SRC_URI += "gitsm://github.com/CLIUtils/CLI11;branch=main;protocol=https \
file://0001-Add-CLANG_TIDY-check.patch \
file://0001-Use-GNUInstallDirs-instead-of-hard-coded-path.patch \
"
diff --git a/meta-oe/recipes-support/cmark/cmark_git.bb b/meta-oe/recipes-support/cmark/cmark_git.bb
index f74a39b50..4f07beb31 100644
--- a/meta-oe/recipes-support/cmark/cmark_git.bb
+++ b/meta-oe/recipes-support/cmark/cmark_git.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/commonmark/cmark"
LICENSE = "BSD-2-Clause & MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=81f9cae6293cc0345a9144b78152ab62"
-SRC_URI = "git://github.com/commonmark/cmark.git"
+SRC_URI = "git://github.com/commonmark/cmark.git;branch=master;protocol=https"
SRCREV = "8daa6b1495124f0b67e6034130e12d7be83e38bd"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/daemonize/daemonize_git.bb b/meta-oe/recipes-support/daemonize/daemonize_git.bb
index c76632781..f46dec59f 100644
--- a/meta-oe/recipes-support/daemonize/daemonize_git.bb
+++ b/meta-oe/recipes-support/daemonize/daemonize_git.bb
@@ -7,7 +7,7 @@ PV = "1.7.8"
inherit autotools
SRCREV = "18869a797dab12bf1c917ba3b4782fef484c407c"
-SRC_URI = "git://github.com/bmc/daemonize.git \
+SRC_URI = "git://github.com/bmc/daemonize.git;branch=master;protocol=https \
"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/digitemp/digitemp_3.7.2.bb b/meta-oe/recipes-support/digitemp/digitemp_3.7.2.bb
index 9fcc278d3..cac2b4fd6 100644
--- a/meta-oe/recipes-support/digitemp/digitemp_3.7.2.bb
+++ b/meta-oe/recipes-support/digitemp/digitemp_3.7.2.bb
@@ -4,7 +4,7 @@ DEPENDS = "libusb1"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=44fee82a1d2ed0676cf35478283e0aa0"
-SRC_URI = "git://github.com/bcl/digitemp"
+SRC_URI = "git://github.com/bcl/digitemp;branch=master;protocol=https"
SRCREV = "a162e63aad35358aab325388f3d5e88121606419"
diff --git a/meta-oe/recipes-support/dstat/dstat_0.7.4.bb b/meta-oe/recipes-support/dstat/dstat_0.7.4.bb
index 74af54ca5..18c3cdf82 100644
--- a/meta-oe/recipes-support/dstat/dstat_0.7.4.bb
+++ b/meta-oe/recipes-support/dstat/dstat_0.7.4.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
DEPENDS += "asciidoc-native xmlto-native"
-SRC_URI = "git://github.com/dagwieers/dstat.git \
+SRC_URI = "git://github.com/dagwieers/dstat.git;branch=master;protocol=https \
file://0001-change-dstat-to-python3.patch \
"
@@ -21,4 +21,4 @@ do_install() {
oe_runmake 'DESTDIR=${D}' install
}
-RDEPENDS_${PN} += "python3-core python3-misc python3-resource python3-shell python3-unixadmin"
+RDEPENDS_${PN} += "python3-core python3-misc python3-resource python3-shell python3-six python3-unixadmin"
diff --git a/meta-oe/recipes-support/epeg/epeg_git.bb b/meta-oe/recipes-support/epeg/epeg_git.bb
index 8ca574014..bdffe4ba7 100644
--- a/meta-oe/recipes-support/epeg/epeg_git.bb
+++ b/meta-oe/recipes-support/epeg/epeg_git.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=e7732a9290ea1e4b034fdc15cf49968d \
file://COPYING-PLAIN;md5=f59cacc08235a546b0c34a5422133035"
DEPENDS = "jpeg libexif"
-SRC_URI = "git://github.com/mattes/epeg.git"
+SRC_URI = "git://github.com/mattes/epeg.git;branch=master;protocol=https"
SRCREV = "9a175cd67eaa61fe45413d8da82da72936567047"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/fmt/fmt_6.2.0.bb b/meta-oe/recipes-support/fmt/fmt_6.2.0.bb
index 05dc94a99..1a05f0d54 100644
--- a/meta-oe/recipes-support/fmt/fmt_6.2.0.bb
+++ b/meta-oe/recipes-support/fmt/fmt_6.2.0.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://fmt.dev"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=af88d758f75f3c5c48a967501f24384b"
-SRC_URI += "git://github.com/fmtlib/fmt"
+SRC_URI += "git://github.com/fmtlib/fmt;branch=master;protocol=https"
SRCREV = "9bdd1596cef1b57b9556f8bef32dc4a32322ef3e"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/freerdp/freerdp_git.bb b/meta-oe/recipes-support/freerdp/freerdp_git.bb
index 82ef561fb..309acfbff 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_git.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_git.bb
@@ -16,7 +16,7 @@ PKGV = "${GITPKGVTAG}"
# 2.0.0 release
SRCREV = "5ab2bed8749747b8e4b2ed431fd102bc726be684"
-SRC_URI = "git://github.com/FreeRDP/FreeRDP.git \
+SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \
file://winpr-makecert-Build-with-install-RPATH.patch \
"
diff --git a/meta-oe/recipes-support/function2/function2_4.0.0.bb b/meta-oe/recipes-support/function2/function2_4.0.0.bb
index 556a25aa1..07aa66937 100644
--- a/meta-oe/recipes-support/function2/function2_4.0.0.bb
+++ b/meta-oe/recipes-support/function2/function2_4.0.0.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c"
SRCREV = "d2acdb6c3c7612a6133cd03464ef941161258f4e"
PV .= "+git${SRCPV}"
-SRC_URI += "gitsm://github.com/Naios/function2"
+SRC_URI += "gitsm://github.com/Naios/function2;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/gd/gd_2.3.0.bb b/meta-oe/recipes-support/gd/gd_2.3.0.bb
index eec8a05ae..8adb7db4d 100644
--- a/meta-oe/recipes-support/gd/gd_2.3.0.bb
+++ b/meta-oe/recipes-support/gd/gd_2.3.0.bb
@@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=8e5bc8627b9494741c905d65238c66b7"
DEPENDS = "freetype libpng jpeg zlib tiff"
-SRC_URI = "git://github.com/libgd/libgd.git;branch=master \
+SRC_URI = "git://github.com/libgd/libgd.git;branch=master;protocol=https \
"
SRCREV = "b079fa06223c3ab862c8f0eea58a968727971988"
diff --git a/meta-oe/recipes-support/gflags/gflags_2.2.2.bb b/meta-oe/recipes-support/gflags/gflags_2.2.2.bb
index 6eea0c00e..4379c2d9e 100644
--- a/meta-oe/recipes-support/gflags/gflags_2.2.2.bb
+++ b/meta-oe/recipes-support/gflags/gflags_2.2.2.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/gflags/gflags"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYING.txt;md5=c80d1a3b623f72bb85a4c75b556551df"
-SRC_URI = "git://github.com/gflags/gflags.git"
+SRC_URI = "git://github.com/gflags/gflags.git;branch=master;protocol=https"
SRCREV = "e171aa2d15ed9eb17054558e0b3a6a413bb01067"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/glog/glog_0.3.5.bb b/meta-oe/recipes-support/glog/glog_0.3.5.bb
index 56bf51554..55ca838cd 100644
--- a/meta-oe/recipes-support/glog/glog_0.3.5.bb
+++ b/meta-oe/recipes-support/glog/glog_0.3.5.bb
@@ -7,7 +7,7 @@ LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=dc9db360e0bbd4e46672f3fd91dd6c4b"
SRC_URI = " \
- git://github.com/google/glog.git;nobranch=1 \
+ git://github.com/google/glog.git;nobranch=1;protocol=https \
file://0001-Rework-CMake-glog-VERSION-management.patch \
file://0002-Find-Libunwind-during-configure.patch \
file://0003-installation-path-fix.patch \
diff --git a/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb b/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb
index 146747eee..ac46b5676 100644
--- a/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb
+++ b/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb
@@ -13,7 +13,7 @@ LICENSE = "LGPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=56a22a6e5bcce45e2c8ac184f81412b5"
SRCREV = "0d6e3307bbdb8df4d56043d5f373eeeffe4cbef3"
-SRC_URI = "git://git.sv.gnu.org/gnulib.git \
+SRC_URI = "git://git.sv.gnu.org/gnulib.git;branch=master \
"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/gperftools/gperftools_2.7.90.bb b/meta-oe/recipes-support/gperftools/gperftools_2.7.90.bb
index b7b783931..1a1f7db5c 100644
--- a/meta-oe/recipes-support/gperftools/gperftools_2.7.90.bb
+++ b/meta-oe/recipes-support/gperftools/gperftools_2.7.90.bb
@@ -4,7 +4,7 @@ LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=762732742c73dc6c7fbe8632f06c059a"
SRCREV = "db7aa547abb5abdd558587a15502584cbc825438"
-SRC_URI = "git://github.com/gperftools/gperftools \
+SRC_URI = "git://github.com/gperftools/gperftools;branch=master;protocol=https \
file://0001-Support-Atomic-ops-on-clang.patch \
file://0001-fix-build-with-musl-libc.patch \
file://0001-disbale-heap-checkers-and-debug-allocator-on-musl.patch \
diff --git a/meta-oe/recipes-support/gpm/gpm_git.bb b/meta-oe/recipes-support/gpm/gpm_git.bb
index 3800d147f..6bf071d89 100644
--- a/meta-oe/recipes-support/gpm/gpm_git.bb
+++ b/meta-oe/recipes-support/gpm/gpm_git.bb
@@ -13,7 +13,7 @@ SRCREV = "1fd19417b8a4dd9945347e98dfa97e4cfd798d77"
DEPENDS = "ncurses bison-native"
-SRC_URI = "git://github.com/telmich/gpm;protocol=git \
+SRC_URI = "git://github.com/telmich/gpm;protocol=https;branch=master \
file://init \
file://gpm.service.in \
file://0001-Use-sigemptyset-API-instead-of-__sigemptyset.patch \
diff --git a/meta-oe/recipes-support/hidapi/hidapi_git.bb b/meta-oe/recipes-support/hidapi/hidapi_git.bb
index a34797ff5..1cc3acac2 100644
--- a/meta-oe/recipes-support/hidapi/hidapi_git.bb
+++ b/meta-oe/recipes-support/hidapi/hidapi_git.bb
@@ -8,7 +8,7 @@ DEPENDS = "libusb udev"
PV = "0.7.99+0.8.0-rc1+git${SRCPV}"
SRCREV = "d17db57b9d4354752e0af42f5f33007a42ef2906"
-SRC_URI = "git://github.com/signal11/hidapi.git"
+SRC_URI = "git://github.com/signal11/hidapi.git;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/hunspell/hunspell-dictionaries.bb b/meta-oe/recipes-support/hunspell/hunspell-dictionaries.bb
index 3da67d1e3..2e902ca4c 100644
--- a/meta-oe/recipes-support/hunspell/hunspell-dictionaries.bb
+++ b/meta-oe/recipes-support/hunspell/hunspell-dictionaries.bb
@@ -135,7 +135,7 @@ RDEPENDS_${PN} = "hunspell"
PV = "0.0.0+git${SRCPV}"
SRCREV = "820a65e539e34a3a8c2a855d2450b84745c624ee"
-SRC_URI = "git://github.com/wooorm/dictionaries.git"
+SRC_URI = "git://github.com/wooorm/dictionaries.git;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb b/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb
index c2fb4fa05..63d68ea06 100644
--- a/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb
+++ b/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = " \
"
SRCREV = "4ddd8ed5ca6484b930b111aec50c2750a6119a0f"
-SRC_URI = "git://github.com/${BPN}/${BPN}.git"
+SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/hwdata/hwdata_git.bb b/meta-oe/recipes-support/hwdata/hwdata_git.bb
index 5f3e3f686..1d0c64000 100644
--- a/meta-oe/recipes-support/hwdata/hwdata_git.bb
+++ b/meta-oe/recipes-support/hwdata/hwdata_git.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=1556547711e8246992b999edd9445a57"
PV = "0.333"
SRCREV = "2de52be0d00015fa6cde70bb845fa9b86cf6f420"
-SRC_URI = "git://github.com/vcrhonek/${BPN}.git"
+SRC_URI = "git://github.com/vcrhonek/${BPN}.git;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/iksemel/iksemel_1.5.bb b/meta-oe/recipes-support/iksemel/iksemel_1.5.bb
index 986984d1f..ac23630d0 100644
--- a/meta-oe/recipes-support/iksemel/iksemel_1.5.bb
+++ b/meta-oe/recipes-support/iksemel/iksemel_1.5.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d8045f3b8f929c1cb29a1e3fd737b499"
SRCREV = "978b733462e41efd5db72bc9974cb3b0d1d5f6fa"
PV = "1.5+git${SRCPV}"
-SRC_URI = "git://github.com/meduketto/iksemel.git;protocol=https \
+SRC_URI = "git://github.com/meduketto/iksemel.git;protocol=https;branch=master \
file://fix-configure-option-parsing.patch \
file://avoid-obsolete-gnutls-apis.patch"
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.9.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.9.bb
index 3f7d06e26..21f51ff15 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.9.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.9.bb
@@ -10,7 +10,7 @@ DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool"
BASE_PV := "${PV}"
PV .= "_13"
-SRC_URI = "git://github.com/ImageMagick/ImageMagick.git "
+SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https"
SRCREV = "15b935d64f613b5a0fc9d3fead5c6ec1b0e3908f"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/inih/libinih_git.bb b/meta-oe/recipes-support/inih/libinih_git.bb
index 227e2a7b7..4c3c8f0fa 100644
--- a/meta-oe/recipes-support/inih/libinih_git.bb
+++ b/meta-oe/recipes-support/inih/libinih_git.bb
@@ -9,7 +9,7 @@ PR = "r3"
# The github repository provides a cmake and pkg-config integration
SRCREV = "c858aff8c31fa63ef4d1e0176c10e5928cde9a23"
-SRC_URI = "git://github.com/OSSystems/inih.git \
+SRC_URI = "git://github.com/OSSystems/inih.git;branch=master;protocol=https \
"
UPSTREAM_CHECK_COMMITS = "1"
diff --git a/meta-oe/recipes-support/iniparser/iniparser_4.1.bb b/meta-oe/recipes-support/iniparser/iniparser_4.1.bb
index f4b553a57..f3593fb5f 100644
--- a/meta-oe/recipes-support/iniparser/iniparser_4.1.bb
+++ b/meta-oe/recipes-support/iniparser/iniparser_4.1.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e02baf71c76e0650e667d7da133379ac"
DEPENDS = "doxygen-native"
-SRC_URI = "git://github.com/ndevilla/iniparser.git;protocol=https \
+SRC_URI = "git://github.com/ndevilla/iniparser.git;protocol=https;branch=master \
file://Add-CMake-support.patch"
# tag 4.1
diff --git a/meta-oe/recipes-support/inotify-tools/inotify-tools_git.bb b/meta-oe/recipes-support/inotify-tools/inotify-tools_git.bb
index f42abeb2b..1d84bfd49 100644
--- a/meta-oe/recipes-support/inotify-tools/inotify-tools_git.bb
+++ b/meta-oe/recipes-support/inotify-tools/inotify-tools_git.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ac6c26e52aea428ee7f56dc2c56424c6"
SRCREV = "cfa93aa19f81d85b63cd64da30c7499890d4c07d"
PV = "3.20.2.2"
-SRC_URI = "git://github.com/rvoicilas/${BPN} \
+SRC_URI = "git://github.com/rvoicilas/${BPN};branch=master;protocol=https \
file://0001-Makefile.am-add-build-rule-for-README.patch \
"
diff --git a/meta-oe/recipes-support/libatasmart/libatasmart_0.19.bb b/meta-oe/recipes-support/libatasmart/libatasmart_0.19.bb
index 4cfb73293..d084a3b9b 100644
--- a/meta-oe/recipes-support/libatasmart/libatasmart_0.19.bb
+++ b/meta-oe/recipes-support/libatasmart/libatasmart_0.19.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LGPL;md5=2d5025d4aa3495befef8f17206a5b0a1"
DEPENDS = "udev"
SRCREV = "de6258940960443038b4c1651dfda3620075e870"
-SRC_URI = "git://git.0pointer.de/libatasmart.git \
+SRC_URI = "git://git.0pointer.de/libatasmart.git;branch=master \
file://0001-Makefile.am-add-CFLAGS-and-LDFLAGS-definiton.patch \
"
diff --git a/meta-oe/recipes-support/libbytesize/libbytesize_2.2.bb b/meta-oe/recipes-support/libbytesize/libbytesize_2.2.bb
index a954499c6..527de93e4 100644
--- a/meta-oe/recipes-support/libbytesize/libbytesize_2.2.bb
+++ b/meta-oe/recipes-support/libbytesize/libbytesize_2.2.bb
@@ -10,7 +10,7 @@ S = "${WORKDIR}/git"
B = "${S}"
SRCREV = "e64e752a28a4a41b0a43cba3bedf9571c22af807"
-SRC_URI = "git://github.com/rhinstaller/libbytesize;branch=master"
+SRC_URI = "git://github.com/rhinstaller/libbytesize;branch=master;protocol=https"
inherit gettext autotools python3native
diff --git a/meta-oe/recipes-support/libcereal/libcereal_1.3.0.bb b/meta-oe/recipes-support/libcereal/libcereal_1.3.0.bb
index 6fc5881c5..ac6aedfd5 100644
--- a/meta-oe/recipes-support/libcereal/libcereal_1.3.0.bb
+++ b/meta-oe/recipes-support/libcereal/libcereal_1.3.0.bb
@@ -7,7 +7,7 @@ LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e612690af2f575dfd02e2e91443cea23"
SRCREV = "02eace19a99ce3cd564ca4e379753d69af08c2c8"
-SRC_URI = "git://github.com/USCiLab/cereal.git"
+SRC_URI = "git://github.com/USCiLab/cereal.git;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/libcyusbserial/libcyusbserial_git.bb b/meta-oe/recipes-support/libcyusbserial/libcyusbserial_git.bb
index 74b5e21e2..c6878577e 100644
--- a/meta-oe/recipes-support/libcyusbserial/libcyusbserial_git.bb
+++ b/meta-oe/recipes-support/libcyusbserial/libcyusbserial_git.bb
@@ -8,7 +8,7 @@ DEPENDS = "libusb udev"
PV = "1.0.0+git${SRCPV}"
SRCREV = "655e2d544183d094f0e2d119c7e0c6206a0ddb3f"
-SRC_URI = "git://github.com/cyrozap/${BPN}.git"
+SRC_URI = "git://github.com/cyrozap/${BPN}.git;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/libfann/libfann_git.bb b/meta-oe/recipes-support/libfann/libfann_git.bb
index eae24461d..5ab484d8a 100644
--- a/meta-oe/recipes-support/libfann/libfann_git.bb
+++ b/meta-oe/recipes-support/libfann/libfann_git.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=f14599a2f089f6ff8c97e2baa4e3d575"
inherit cmake
SRCREV ?= "7ec1fc7e5bd734f1d3c89b095e630e83c86b9be1"
-SRC_URI = "git://github.com/libfann/fann.git;branch=master \
+SRC_URI = "git://github.com/libfann/fann.git;branch=master;protocol=https \
"
PV = "2.2.0+git${SRCPV}"
diff --git a/meta-oe/recipes-support/libgit2/libgit2_0.28.4.bb b/meta-oe/recipes-support/libgit2/libgit2_0.28.4.bb
index 9b9c19104..c971491b1 100644
--- a/meta-oe/recipes-support/libgit2/libgit2_0.28.4.bb
+++ b/meta-oe/recipes-support/libgit2/libgit2_0.28.4.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=3f2cd5d3cccd71d62066ba619614592b"
DEPENDS = "curl openssl zlib libssh2 libgcrypt"
-SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v0.28"
+SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v0.28;protocol=https"
SRCREV = "106a5f27586504ea371528191f0ea3aac2ad432b"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/libgusb/libgusb_git.bb b/meta-oe/recipes-support/libgusb/libgusb_git.bb
index e3c0bdd15..a26c23465 100644
--- a/meta-oe/recipes-support/libgusb/libgusb_git.bb
+++ b/meta-oe/recipes-support/libgusb/libgusb_git.bb
@@ -6,7 +6,7 @@ DEPENDS = "glib-2.0 libusb"
inherit meson gobject-introspection gtk-doc gettext vala
-SRC_URI = "git://github.com/hughsie/libgusb.git"
+SRC_URI = "git://github.com/hughsie/libgusb.git;branch=master;protocol=https"
SRCREV = "636efc0624aa2a88174220fcabc9764c13d7febf"
PV = "0.3.0+git${SRCPV}"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/libharu/libharu_2.3.0.bb b/meta-oe/recipes-support/libharu/libharu_2.3.0.bb
index 2d1a37c42..86b5ba540 100644
--- a/meta-oe/recipes-support/libharu/libharu_2.3.0.bb
+++ b/meta-oe/recipes-support/libharu/libharu_2.3.0.bb
@@ -6,7 +6,7 @@ DESCRIPTION = "libHaru is a library for generating PDF files. \
LICENSE = "Zlib"
LIC_FILES_CHKSUM = "file://README;md5=3ee6bc1f64d9cc7907f44840c8e50cb1"
-SRC_URI = "git://github.com/libharu/libharu.git;branch=2_3 \
+SRC_URI = "git://github.com/libharu/libharu.git;branch=2_3;protocol=https \
file://libharu-RELEASE_2_3_0_cmake.patch \
"
diff --git a/meta-oe/recipes-support/libiio/libiio_git.bb b/meta-oe/recipes-support/libiio/libiio_git.bb
index f83d9c922..0892a3693 100644
--- a/meta-oe/recipes-support/libiio/libiio_git.bb
+++ b/meta-oe/recipes-support/libiio/libiio_git.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING.txt;md5=7c13b3376cea0ce68d2d2da0a1b3a72c"
SRCREV = "5f5af2e417129ad8f4e05fc5c1b730f0694dca12"
PV = "0.19+git${SRCPV}"
-SRC_URI = "git://github.com/analogdevicesinc/libiio.git;protocol=https"
+SRC_URI = "git://github.com/analogdevicesinc/libiio.git;protocol=https;branch=master"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd/CVE-2021-3466.patch b/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd/CVE-2021-3466.patch
new file mode 100644
index 000000000..ff792d4da
--- /dev/null
+++ b/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd/CVE-2021-3466.patch
@@ -0,0 +1,158 @@
+From 86d9a61be6395220714b1a50d5144e65668961f6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ernst=20Sj=C3=B6strand?= <ernst.sjostrand@verisure.com>
+Date: Tue, 21 Dec 2021 11:05:22 +0000
+Subject: [PATCH] Fix buffer overflow in url parser and add test
+
+Reference:
+https://git.gnunet.org/libmicrohttpd.git/commit/?id=a110ae6276660bee3caab30e9ff3f12f85cf3241
+
+Upstream-Status: Backport
+CVE: CVE-2021-3466
+
+Signed-off-by: Ernst Sjöstrand <ernst.sjostrand@verisure.com>
+---
+ src/microhttpd/postprocessor.c | 18 ++++++--
+ src/microhttpd/test_postprocessor.c | 66 +++++++++++++++++++++++++++++
+ 2 files changed, 80 insertions(+), 4 deletions(-)
+
+diff --git a/src/microhttpd/postprocessor.c b/src/microhttpd/postprocessor.c
+index b7f6b10..ebd1686 100644
+--- a/src/microhttpd/postprocessor.c
++++ b/src/microhttpd/postprocessor.c
+@@ -137,8 +137,7 @@ struct MHD_PostProcessor
+ void *cls;
+
+ /**
+- * Encoding as given by the headers of the
+- * connection.
++ * Encoding as given by the headers of the connection.
+ */
+ const char *encoding;
+
+@@ -586,7 +585,7 @@ post_process_urlencoded (struct MHD_PostProcessor *pp,
+ pp->state = PP_Error;
+ break;
+ case PP_Callback:
+- if ( (pp->buffer_pos + (end_key - start_key) >
++ if ( (pp->buffer_pos + (end_key - start_key) >=
+ pp->buffer_size) ||
+ (pp->buffer_pos + (end_key - start_key) <
+ pp->buffer_pos) )
+@@ -636,6 +635,11 @@ post_process_urlencoded (struct MHD_PostProcessor *pp,
+ {
+ if (NULL == end_key)
+ end_key = &post_data[poff];
++ if (pp->buffer_pos + (end_key - start_key) >= pp->buffer_size)
++ {
++ pp->state = PP_Error;
++ return MHD_NO;
++ }
+ memcpy (&kbuf[pp->buffer_pos],
+ start_key,
+ end_key - start_key);
+@@ -663,6 +667,11 @@ post_process_urlencoded (struct MHD_PostProcessor *pp,
+ last_escape);
+ pp->must_ikvi = false;
+ }
++ if (PP_Error == pp->state)
++ {
++ /* State in error, returning failure */
++ return MHD_NO;
++ }
+ return MHD_YES;
+ }
+
+@@ -1424,7 +1433,8 @@ MHD_destroy_post_processor (struct MHD_PostProcessor *pp)
+ the post-processing may have been interrupted
+ at any stage */
+ if ( (pp->xbuf_pos > 0) ||
+- (pp->state != PP_Done) )
++ ( (pp->state != PP_Done) &&
++ (pp->state != PP_Init) ) )
+ ret = MHD_NO;
+ else
+ ret = MHD_YES;
+diff --git a/src/microhttpd/test_postprocessor.c b/src/microhttpd/test_postprocessor.c
+index 2c37565..cba486d 100644
+--- a/src/microhttpd/test_postprocessor.c
++++ b/src/microhttpd/test_postprocessor.c
+@@ -451,6 +451,71 @@ test_empty_value (void)
+ }
+
+
++static enum MHD_Result
++value_checker2 (void *cls,
++ enum MHD_ValueKind kind,
++ const char *key,
++ const char *filename,
++ const char *content_type,
++ const char *transfer_encoding,
++ const char *data,
++ uint64_t off,
++ size_t size)
++{
++ return MHD_YES;
++}
++
++
++static int
++test_overflow ()
++{
++ struct MHD_Connection connection;
++ struct MHD_HTTP_Header header;
++ struct MHD_PostProcessor *pp;
++ size_t i;
++ size_t j;
++ size_t delta;
++ char *buf;
++
++ memset (&connection, 0, sizeof (struct MHD_Connection));
++ memset (&header, 0, sizeof (struct MHD_HTTP_Header));
++ connection.headers_received = &header;
++ header.header = MHD_HTTP_HEADER_CONTENT_TYPE;
++ header.value = MHD_HTTP_POST_ENCODING_FORM_URLENCODED;
++ header.header_size = strlen (header.header);
++ header.value_size = strlen (header.value);
++ header.kind = MHD_HEADER_KIND;
++ for (i = 128; i < 1024 * 1024; i += 1024)
++ {
++ pp = MHD_create_post_processor (&connection,
++ 1024,
++ &value_checker2,
++ NULL);
++ buf = malloc (i);
++ if (NULL == buf)
++ return 1;
++ memset (buf, 'A', i);
++ buf[i / 2] = '=';
++ delta = 1 + (MHD_random_ () % (i - 1));
++ j = 0;
++ while (j < i)
++ {
++ if (j + delta > i)
++ delta = i - j;
++ if (MHD_NO ==
++ MHD_post_process (pp,
++ &buf[j],
++ delta))
++ break;
++ j += delta;
++ }
++ free (buf);
++ MHD_destroy_post_processor (pp);
++ }
++ return 0;
++}
++
++
+ int
+ main (int argc, char *const *argv)
+ {
+@@ -463,6 +528,7 @@ main (int argc, char *const *argv)
+ errorCount += test_multipart ();
+ errorCount += test_nested_multipart ();
+ errorCount += test_empty_value ();
++ errorCount += test_overflow ();
+ if (errorCount != 0)
+ fprintf (stderr, "Error (code: %u)\n", errorCount);
+ return errorCount != 0; /* 0 == pass */
diff --git a/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.70.bb b/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.70.bb
index 94976d2e9..9d5e85e1a 100644
--- a/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.70.bb
+++ b/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.70.bb
@@ -7,7 +7,8 @@ SECTION = "net"
DEPENDS = "file"
SRC_URI = "${GNU_MIRROR}/libmicrohttpd/${BPN}-${PV}.tar.gz \
-"
+ file://CVE-2021-3466.patch \
+ "
SRC_URI[md5sum] = "dcd6045ecb4ea18c120afedccbd1da74"
SRC_URI[sha256sum] = "90d0a3d396f96f9bc41eb0f7e8187796049285fabef82604acd4879590977307"
diff --git a/meta-oe/recipes-support/libmimetic/libmimetic_0.9.8.bb b/meta-oe/recipes-support/libmimetic/libmimetic_0.9.8.bb
index 590c4ebc2..fc0b1ee49 100644
--- a/meta-oe/recipes-support/libmimetic/libmimetic_0.9.8.bb
+++ b/meta-oe/recipes-support/libmimetic/libmimetic_0.9.8.bb
@@ -10,7 +10,7 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=b49da7df0ca479ef01ff7f2d799eabee"
SRCREV = "50486af99b4f9b35522d7b3de40b6ce107505279"
-SRC_URI += "git://github.com/LadislavSopko/mimetic/ \
+SRC_URI += "git://github.com/LadislavSopko/mimetic/;branch=master;protocol=https \
file://0001-libmimetic-Removing-test-directory-from-the-Makefile.patch \
file://0001-mimetic-Check-for-MMAP_FAILED-return-from-mmap.patch \
"
diff --git a/meta-oe/recipes-support/libmxml/libmxml_3.1.bb b/meta-oe/recipes-support/libmxml/libmxml_3.1.bb
index 4e77d6cc0..fd3369d8d 100644
--- a/meta-oe/recipes-support/libmxml/libmxml_3.1.bb
+++ b/meta-oe/recipes-support/libmxml/libmxml_3.1.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
HOMEPAGE = "https://www.msweet.org/mxml/"
BUGTRACKER = "https://github.com/michaelrsweet/mxml/issues"
-SRC_URI = "git://github.com/michaelrsweet/mxml.git"
+SRC_URI = "git://github.com/michaelrsweet/mxml.git;branch=master;protocol=https"
SRCREV = "e483e5fd8a33386fd46967681521bdd2da2b548f"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/libp11/libp11_0.4.10.bb b/meta-oe/recipes-support/libp11/libp11_0.4.10.bb
index 7fe0640d9..142002a26 100644
--- a/meta-oe/recipes-support/libp11/libp11_0.4.10.bb
+++ b/meta-oe/recipes-support/libp11/libp11_0.4.10.bb
@@ -9,7 +9,7 @@ LICENSE = "LGPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=fad9b3332be894bab9bc501572864b29"
DEPENDS = "libtool openssl"
-SRC_URI = "git://github.com/OpenSC/libp11.git"
+SRC_URI = "git://github.com/OpenSC/libp11.git;branch=master;protocol=https"
SRCREV = "973d31f3f58d5549ddd8b1f822ce8f72186f9d68"
UPSTREAM_CHECK_GITTAGREGEX = "libp11-(?P<pver>\d+(\.\d+)+)"
diff --git a/meta-oe/recipes-support/librsync/librsync_2.3.1.bb b/meta-oe/recipes-support/librsync/librsync_2.3.1.bb
index 004c93d0f..fddece8d1 100644
--- a/meta-oe/recipes-support/librsync/librsync_2.3.1.bb
+++ b/meta-oe/recipes-support/librsync/librsync_2.3.1.bb
@@ -4,7 +4,7 @@ AUTHOR = "Martin Pool, Andrew Tridgell, Donovan Baarda, Adam Schubert"
LICENSE = "LGPLv2.1+"
LIC_FILES_CHKSUM = "file://COPYING;md5=d8045f3b8f929c1cb29a1e3fd737b499"
-SRC_URI = "git://github.com/librsync/librsync.git"
+SRC_URI = "git://github.com/librsync/librsync.git;branch=master;protocol=https"
SRCREV = "27f738650c20fef1285f11d85a34e5094a71c06f"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/libsoc/libsoc_0.8.2.bb b/meta-oe/recipes-support/libsoc/libsoc_0.8.2.bb
index 8b773aefa..f6fc0e36b 100644
--- a/meta-oe/recipes-support/libsoc/libsoc_0.8.2.bb
+++ b/meta-oe/recipes-support/libsoc/libsoc_0.8.2.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=e0bfebea12a718922225ba987b2126a5"
inherit autotools pkgconfig python3-dir
SRCREV = "fd1ad6e7823fa76d8db0d3c5884faffa8ffddafb"
-SRC_URI = "git://github.com/jackmitch/libsoc.git"
+SRC_URI = "git://github.com/jackmitch/libsoc.git;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/libteam/libteam_1.30.bb b/meta-oe/recipes-support/libteam/libteam_1.30.bb
index 9cd02b0c0..d04660ca1 100644
--- a/meta-oe/recipes-support/libteam/libteam_1.30.bb
+++ b/meta-oe/recipes-support/libteam/libteam_1.30.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
DEPENDS = "libnl libdaemon jansson"
-SRC_URI = "git://github.com/jpirko/libteam \
+SRC_URI = "git://github.com/jpirko/libteam;branch=master;protocol=https \
file://0001-include-sys-select.h-for-fd_set-definition.patch \
file://0002-teamd-Re-adjust-include-header-order.patch \
file://0001-team_basic_test.py-disable-RedHat-specific-test.patch \
diff --git a/meta-oe/recipes-support/libtinyxml2/libtinyxml2_8.0.0.bb b/meta-oe/recipes-support/libtinyxml2/libtinyxml2_8.0.0.bb
index a2491cf9e..2a33284b8 100644
--- a/meta-oe/recipes-support/libtinyxml2/libtinyxml2_8.0.0.bb
+++ b/meta-oe/recipes-support/libtinyxml2/libtinyxml2_8.0.0.bb
@@ -4,7 +4,7 @@ SECTION = "libs"
LICENSE = "Zlib"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=135624eef03e1f1101b9ba9ac9b5fffd"
-SRC_URI = "git://github.com/leethomason/tinyxml2.git"
+SRC_URI = "git://github.com/leethomason/tinyxml2.git;branch=master;protocol=https"
SRCREV = "bf15233ad88390461f6ab0dbcf046cce643c5fcb"
diff --git a/meta-oe/recipes-support/libusbg/libusbg_git.bb b/meta-oe/recipes-support/libusbg/libusbg_git.bb
index 97d60a6a8..6edac56fe 100644
--- a/meta-oe/recipes-support/libusbg/libusbg_git.bb
+++ b/meta-oe/recipes-support/libusbg/libusbg_git.bb
@@ -8,7 +8,7 @@ inherit autotools
PV = "0.1.0"
SRCREV = "a826d136e0e8fa53815f1ba05893e6dd74208c15"
-SRC_URI = "git://github.com/libusbg/libusbg.git \
+SRC_URI = "git://github.com/libusbg/libusbg.git;branch=master;protocol=https \
file://0001-Fix-out-of-tree-builds.patch \
"
diff --git a/meta-oe/recipes-support/libusbgx/libusbgx_git.bb b/meta-oe/recipes-support/libusbgx/libusbgx_git.bb
index d73ca6106..b88941d6e 100644
--- a/meta-oe/recipes-support/libusbgx/libusbgx_git.bb
+++ b/meta-oe/recipes-support/libusbgx/libusbgx_git.bb
@@ -11,7 +11,7 @@ PV = "0.2.0+git${SRCPV}"
SRCREV = "45c14ef4d5d7ced0fbf984208de44ced6d5ed898"
SRCBRANCH = "master"
SRC_URI = " \
- git://github.com/libusbgx/libusbgx.git;branch=${SRCBRANCH} \
+ git://github.com/libusbgx/libusbgx.git;branch=${SRCBRANCH};protocol=https \
file://gadget-start \
file://usbgx.initd \
file://usbgx.service \
diff --git a/meta-oe/recipes-support/libutempter/libutempter.bb b/meta-oe/recipes-support/libutempter/libutempter.bb
index b8a700b7b..d259f166d 100644
--- a/meta-oe/recipes-support/libutempter/libutempter.bb
+++ b/meta-oe/recipes-support/libutempter/libutempter.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=2d5025d4aa3495befef8f17206a5b0a1"
SRCREV = "3ef74fff310f09e2601e241b9f042cd39d591018"
PV = "1.1.6-alt2+git${SRCPV}"
-SRC_URI = "git://git.altlinux.org/people/ldv/packages/libutempter.git \
+SRC_URI = "git://git.altlinux.org/people/ldv/packages/libutempter.git;branch=master \
file://0001-Fix-macro-error.patch \
file://0002-Proper-macro-path-generation.patch \
file://libutempter-remove-glibc-assumption.patch \
diff --git a/meta-oe/recipes-support/lio-utils/lio-utils_4.1.bb b/meta-oe/recipes-support/lio-utils/lio-utils_4.1.bb
index 0fb4a6e51..aab81461a 100644
--- a/meta-oe/recipes-support/lio-utils/lio-utils_4.1.bb
+++ b/meta-oe/recipes-support/lio-utils/lio-utils_4.1.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://debian/copyright;md5=c3ea231a32635cbb5debedf3e88aa3df
PV = "4.1+git${SRCPV}"
-SRC_URI = "git://github.com/Datera/lio-utils.git \
+SRC_URI = "git://github.com/Datera/lio-utils.git;branch=master;protocol=https \
file://0001-Makefiles-Respect-environment-variables-and-add-LDFL.patch \
"
SRCREV = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"
diff --git a/meta-oe/recipes-support/lvm2/lvm2.inc b/meta-oe/recipes-support/lvm2/lvm2.inc
index 2fe97d571..d0fb33d11 100644
--- a/meta-oe/recipes-support/lvm2/lvm2.inc
+++ b/meta-oe/recipes-support/lvm2/lvm2.inc
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12713b4d9386533feeb07d6e4831765a \
DEPENDS += "libaio"
-SRC_URI = "git://sourceware.org/git/lvm2.git \
+SRC_URI = "git://sourceware.org/git/lvm2.git;branch=master \
file://lvm.conf \
file://0001-implement-libc-specific-reopen_stream.patch \
file://0002-Guard-use-of-mallinfo-with-__GLIBC__.patch \
diff --git a/meta-oe/recipes-support/mcelog/mce-inject_git.bb b/meta-oe/recipes-support/mcelog/mce-inject_git.bb
index cc33cbaf2..8241bd234 100644
--- a/meta-oe/recipes-support/mcelog/mce-inject_git.bb
+++ b/meta-oe/recipes-support/mcelog/mce-inject_git.bb
@@ -4,7 +4,7 @@ software level into a running Linux kernel. This is intended for \
validation of the kernel machine check handler."
SECTION = "System Environment/Base"
-SRC_URI = "git://git.kernel.org/pub/scm/utils/cpu/mce/mce-inject.git"
+SRC_URI = "git://git.kernel.org/pub/scm/utils/cpu/mce/mce-inject.git;branch=master"
SRCREV = "4cbe46321b4a81365ff3aafafe63967264dbfec5"
diff --git a/meta-oe/recipes-support/mcelog/mce-test_git.bb b/meta-oe/recipes-support/mcelog/mce-test_git.bb
index 35fb94470..f24551521 100644
--- a/meta-oe/recipes-support/mcelog/mce-test_git.bb
+++ b/meta-oe/recipes-support/mcelog/mce-test_git.bb
@@ -10,7 +10,7 @@ containment and recovery, ACPI/APEI support etc."
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3"
-SRC_URI = "git://git.kernel.org/pub/scm/utils/cpu/mce/mce-test.git;protocol=git \
+SRC_URI = "git://git.kernel.org/pub/scm/utils/cpu/mce/mce-test.git;protocol=git;branch=master \
file://makefile-remove-ldflags.patch \
file://0001-gcov_merge.py-scov_merge.py-switch-to-python3.patch \
"
diff --git a/meta-oe/recipes-support/mcelog/mcelog_168.bb b/meta-oe/recipes-support/mcelog/mcelog_168.bb
index e2ef6ea58..c46413217 100644
--- a/meta-oe/recipes-support/mcelog/mcelog_168.bb
+++ b/meta-oe/recipes-support/mcelog/mcelog_168.bb
@@ -5,7 +5,7 @@ and should run on all Linux systems that need error handling."
HOMEPAGE = "http://mcelog.org/"
SECTION = "System Environment/Base"
-SRC_URI = "git://git.kernel.org/pub/scm/utils/cpu/mce/mcelog.git;protocol=http; \
+SRC_URI = "git://git.kernel.org/pub/scm/utils/cpu/mce/mcelog.git;protocol=http;branch=master \
file://run-ptest \
"
diff --git a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
index 8b0c89338..90cfd7d20 100644
--- a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
+++ b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
@@ -29,7 +29,7 @@ DEPENDS = "libdevmapper \
LICENSE = "GPLv2"
-SRC_URI = "git://git.opensvc.com/multipath-tools/.git;protocol=http \
+SRC_URI = "git://github.com/opensvc/multipath-tools.git;protocol=http;branch=master \
file://multipathd.oe \
file://multipath.conf.example \
file://0021-RH-fixup-udev-rules-for-redhat.patch \
diff --git a/meta-oe/recipes-support/ne10/ne10_1.2.1.bb b/meta-oe/recipes-support/ne10/ne10_1.2.1.bb
index f37ccde1c..6cb53212a 100644
--- a/meta-oe/recipes-support/ne10/ne10_1.2.1.bb
+++ b/meta-oe/recipes-support/ne10/ne10_1.2.1.bb
@@ -4,7 +4,7 @@ LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e7fe20c9be97be5579e3ab5d92d3a218"
SECTION = "libs"
-SRC_URI = "git://github.com/projectNe10/Ne10.git \
+SRC_URI = "git://github.com/projectNe10/Ne10.git;branch=master;protocol=https \
file://0001-CMakeLists.txt-Remove-mthumb-interwork.patch \
file://0001-Dont-specify-march-explicitly.patch \
"
diff --git a/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch
new file mode 100644
index 000000000..a229a2d20
--- /dev/null
+++ b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch
@@ -0,0 +1,65 @@
+From 9ff9d3925d31ab265a965ab1d16d76c496ddb5c8 Mon Sep 17 00:00:00 2001
+From: Benjamin Beurdouche <bbeurdouche@mozilla.com>
+Date: Sat, 18 Jul 2020 00:13:38 +0000
+Subject: [PATCH] Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by
+ PKCS11. r=jcj,kjacobs,rrelyea
+
+Differential Revision: https://phabricator.services.mozilla.com/D74801
+
+--HG--
+extra : moz-landing-system : lando
+---
+ nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc | 11 +++++++++--
+ nss/lib/freebl/chacha20poly1305.c | 2 +-
+ 2 files changed, 10 insertions(+), 3 deletions(-)
+
+CVE: CVE-2020-12403
+Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/9ff9d3925d31ab265a965ab1d16d76c496ddb5c8]
+Comment: Refreshed path for whole patchset
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+
+diff --git a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+index 41f9da71d6..3ea17678d9 100644
+--- a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
++++ b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+@@ -45,7 +45,7 @@ class Pkcs11ChaCha20Poly1305Test
+ SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
+ sizeof(aead_params)};
+
+- // Encrypt with bad parameters.
++ // Encrypt with bad parameters (TagLen is too long).
+ unsigned int encrypted_len = 0;
+ std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen);
+ aead_params.ulTagLen = 158072;
+@@ -54,9 +54,16 @@ class Pkcs11ChaCha20Poly1305Test
+ &encrypted_len, encrypted.size(), data, data_len);
+ EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(0U, encrypted_len);
+- aead_params.ulTagLen = 16;
++
++ // Encrypt with bad parameters (TagLen is too short).
++ aead_params.ulTagLen = 2;
++ rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
++ &encrypted_len, encrypted.size(), data, data_len);
++ EXPECT_EQ(SECFailure, rv);
++ EXPECT_EQ(0U, encrypted_len);
+
+ // Encrypt.
++ aead_params.ulTagLen = 16;
+ rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
+ &encrypted_len, encrypted.size(), data, data_len);
+
+diff --git a/nss/lib/freebl/chacha20poly1305.c b/nss/lib/freebl/chacha20poly1305.c
+index 970c6436da..5c294a9eaf 100644
+--- a/nss/lib/freebl/chacha20poly1305.c
++++ b/nss/lib/freebl/chacha20poly1305.c
+@@ -81,7 +81,7 @@ ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
+ PORT_SetError(SEC_ERROR_BAD_KEY);
+ return SECFailure;
+ }
+- if (tagLen == 0 || tagLen > 16) {
++ if (tagLen != 16) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
+ }
+
diff --git a/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch
new file mode 100644
index 000000000..7b093d0cd
--- /dev/null
+++ b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch
@@ -0,0 +1,80 @@
+From 06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45 Mon Sep 17 00:00:00 2001
+From: Benjamin Beurdouche <bbeurdouche@mozilla.com>
+Date: Sat, 18 Jul 2020 00:13:14 +0000
+Subject: [PATCH] Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20.
+ r=kjacobs,rrelyea
+
+Depends on D74801
+
+Differential Revision: https://phabricator.services.mozilla.com/D83994
+
+--HG--
+extra : moz-landing-system : lando
+---
+ nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc | 49 +++++++++++++++++++++
+ nss/lib/softoken/pkcs11c.c | 1 +
+ 2 files changed, 50 insertions(+)
+
+CVE: CVE-2020-12403
+Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45]
+Comment: Refreshed path for whole patchset and removed change for pkcs11c.c
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+
+diff --git a/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
+index 38982fd885..700750cc90 100644
+--- a/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
++++ b/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
+@@ -77,4 +77,53 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) {
+ NSS_ShutdownContext(globalctx);
+ }
+
++TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) {
++ PK11SlotInfo* slot;
++ PK11SymKey* key;
++ PK11Context* ctx;
++
++ NSSInitContext* globalctx =
++ NSS_InitContext("", "", "", "", NULL,
++ NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
++ NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
++
++ const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR;
++
++ slot = PK11_GetInternalSlot();
++ ASSERT_TRUE(slot);
++
++ // Use arbitrary bytes for the ChaCha20 key and IV
++ uint8_t key_bytes[32];
++ for (size_t i = 0; i < 32; i++) {
++ key_bytes[i] = i;
++ }
++ SECItem keyItem = {siBuffer, key_bytes, 32};
++
++ uint8_t iv_bytes[16];
++ for (size_t i = 0; i < 16; i++) {
++ key_bytes[i] = i;
++ }
++ SECItem ivItem = {siBuffer, iv_bytes, 16};
++
++ SECItem* param = PK11_ParamFromIV(cipher, &ivItem);
++
++ key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
++ &keyItem, NULL);
++ ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param);
++ ASSERT_TRUE(key);
++ ASSERT_TRUE(ctx);
++
++ uint8_t outbuf[128];
++ // This is supposed to fail for Chacha20. This is because the underlying
++ // PK11_CipherOp operation is calling the C_EncryptUpdate function for
++ // which multi-part is disabled for ChaCha20 in counter mode.
++ ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure);
++
++ PK11_FreeSymKey(key);
++ PK11_FreeSlot(slot);
++ SECITEM_FreeItem(param, PR_TRUE);
++ PK11_DestroyContext(ctx, PR_TRUE);
++ NSS_ShutdownContext(globalctx);
++}
++
+ } // namespace nss_test
diff --git a/meta-oe/recipes-support/nss/nss/CVE-2020-25648.patch b/meta-oe/recipes-support/nss/nss/CVE-2020-25648.patch
new file mode 100644
index 000000000..f30d4d32c
--- /dev/null
+++ b/meta-oe/recipes-support/nss/nss/CVE-2020-25648.patch
@@ -0,0 +1,163 @@
+# HG changeset patch
+# User Daiki Ueno <dueno@redhat.com>
+# Date 1602524521 0
+# Node ID 57bbefa793232586d27cee83e74411171e128361
+# Parent 6e3bc17f05086854ffd2b06f7fae9371f7a0c174
+Bug 1641480, TLS 1.3: tighten CCS handling in compatibility mode, r=mt
+
+This makes the server reject CCS when the client doesn't indicate the
+use of the middlebox compatibility mode with a non-empty
+ClientHello.legacy_session_id, or it sends multiple CCS in a row.
+
+Differential Revision: https://phabricator.services.mozilla.com/D79994
+
+Upstream-Status: Backport
+CVE: CVE-2020-25648
+Reference to upstream patch: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
+Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
+
+diff --color -Naur nss-3.51.1_old/nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc nss-3.51.1/nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
+--- nss-3.51.1_old/nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc 2022-12-08 16:05:47.447142660 +0100
++++ nss-3.51.1/nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc 2022-12-08 16:12:32.645932052 +0100
+@@ -348,6 +348,85 @@
+ client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+ }
+
++// The server rejects a ChangeCipherSpec if the client advertises an
++// empty session ID.
++TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) {
++ EnsureTlsSetup();
++ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
++
++ StartConnect();
++ client_->Handshake(); // Send ClientHello
++ client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); // Send CCS
++
++ server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
++ server_->Handshake(); // Consume ClientHello and CCS
++ server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
++}
++
++// The server rejects multiple ChangeCipherSpec even if the client
++// indicates compatibility mode with non-empty session ID.
++TEST_F(Tls13CompatTest, ChangeCipherSpecAfterClientHelloTwice) {
++ EnsureTlsSetup();
++ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
++ EnableCompatMode();
++
++ StartConnect();
++ client_->Handshake(); // Send ClientHello
++ // Send CCS twice in a row
++ client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
++ client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
++
++ server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
++ server_->Handshake(); // Consume ClientHello and CCS.
++ server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
++}
++
++// The client rejects a ChangeCipherSpec if it advertises an empty
++// session ID.
++TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) {
++ EnsureTlsSetup();
++ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
++
++ // To replace Finished with a CCS below
++ auto filter = MakeTlsFilter<TlsHandshakeDropper>(server_);
++ filter->SetHandshakeTypes({kTlsHandshakeFinished});
++ filter->EnableDecryption();
++
++ StartConnect();
++ client_->Handshake(); // Send ClientHello
++ server_->Handshake(); // Consume ClientHello, and
++ // send ServerHello..CertificateVerify
++ // Send CCS
++ server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
++ client_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
++ client_->Handshake(); // Consume ClientHello and CCS
++ client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
++}
++
++// The client rejects multiple ChangeCipherSpec in a row even if the
++// client indicates compatibility mode with non-empty session ID.
++TEST_F(Tls13CompatTest, ChangeCipherSpecAfterServerHelloTwice) {
++ EnsureTlsSetup();
++ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
++ EnableCompatMode();
++
++ // To replace Finished with a CCS below
++ auto filter = MakeTlsFilter<TlsHandshakeDropper>(server_);
++ filter->SetHandshakeTypes({kTlsHandshakeFinished});
++ filter->EnableDecryption();
++
++ StartConnect();
++ client_->Handshake(); // Send ClientHello
++ server_->Handshake(); // Consume ClientHello, and
++ // send ServerHello..CertificateVerify
++ // the ServerHello is followed by CCS
++ // Send another CCS
++ server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
++ client_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
++ client_->Handshake(); // Consume ClientHello and CCS
++ client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
++}
++
+ // If we negotiate 1.2, we abort.
+ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecBeforeClientHello12) {
+ EnsureTlsSetup();
+diff --color -Naur nss-3.51.1_old/nss/lib/ssl/ssl3con.c nss-3.51.1/nss/lib/ssl/ssl3con.c
+--- nss-3.51.1_old/nss/lib/ssl/ssl3con.c 2022-12-08 16:05:47.471142833 +0100
++++ nss-3.51.1/nss/lib/ssl/ssl3con.c 2022-12-08 16:12:42.037994262 +0100
+@@ -6711,7 +6711,11 @@
+
+ /* TLS 1.3: We sent a session ID. The server's should match. */
+ if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) {
+- return sidMatch;
++ if (sidMatch) {
++ ss->ssl3.hs.allowCcs = PR_TRUE;
++ return PR_TRUE;
++ }
++ return PR_FALSE;
+ }
+
+ /* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */
+@@ -8730,6 +8734,7 @@
+ errCode = PORT_GetError();
+ goto alert_loser;
+ }
++ ss->ssl3.hs.allowCcs = PR_TRUE;
+ }
+
+ /* TLS 1.3 requires that compression include only null. */
+@@ -13058,8 +13063,15 @@
+ ss->ssl3.hs.ws != idle_handshake &&
+ cText->buf->len == 1 &&
+ cText->buf->buf[0] == change_cipher_spec_choice) {
+- /* Ignore the CCS. */
+- return SECSuccess;
++ if (ss->ssl3.hs.allowCcs) {
++ /* Ignore the first CCS. */
++ ss->ssl3.hs.allowCcs = PR_FALSE;
++ return SECSuccess;
++ }
++
++ /* Compatibility mode is not negotiated. */
++ alert = unexpected_message;
++ PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
+ }
+
+ if (IS_DTLS(ss) ||
+diff --color -Naur nss-3.51.1_old/nss/lib/ssl/sslimpl.h nss-3.51.1/nss/lib/ssl/sslimpl.h
+--- nss-3.51.1_old/nss/lib/ssl/sslimpl.h 2022-12-08 16:05:47.471142833 +0100
++++ nss-3.51.1/nss/lib/ssl/sslimpl.h 2022-12-08 16:12:45.106014567 +0100
+@@ -711,6 +711,10 @@
+ * or received. */
+ PRBool receivedCcs; /* A server received ChangeCipherSpec
+ * before the handshake started. */
++ PRBool allowCcs; /* A server allows ChangeCipherSpec
++ * as the middlebox compatibility mode
++ * is explicitly indicarted by
++ * legacy_session_id in TLS 1.3 ClientHello. */
+ PRBool clientCertRequested; /* True if CertificateRequest received. */
+ ssl3KEADef kea_def_mutable; /* Used to hold the writable kea_def
+ * we use for TLS 1.3 */
diff --git a/meta-oe/recipes-support/nss/nss/CVE-2021-43527.patch b/meta-oe/recipes-support/nss/nss/CVE-2021-43527.patch
new file mode 100644
index 000000000..cf3ea63ca
--- /dev/null
+++ b/meta-oe/recipes-support/nss/nss/CVE-2021-43527.patch
@@ -0,0 +1,283 @@
+Description: fix heap overflow when verifying DSA/RSA-PSS DER-encoded signatures
+Origin: Provided by Mozilla
+
+CVE: CVE-2021-43527
+Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.35-2ubuntu2.13.debian.tar.xz]
+Comment: Refreshed hunk 1 and 6 due to fuzz
+Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
+
+--- a/nss/lib/cryptohi/secvfy.c
++++ b/nss/lib/cryptohi/secvfy.c
+@@ -164,6 +164,37 @@
+ PR_FALSE /*XXX: unsafeAllowMissingParameters*/);
+ }
+
++static unsigned int
++checkedSignatureLen(const SECKEYPublicKey *pubk)
++{
++ unsigned int sigLen = SECKEY_SignatureLen(pubk);
++ if (sigLen == 0) {
++ /* Error set by SECKEY_SignatureLen */
++ return sigLen;
++ }
++ unsigned int maxSigLen;
++ switch (pubk->keyType) {
++ case rsaKey:
++ case rsaPssKey:
++ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8;
++ break;
++ case dsaKey:
++ maxSigLen = DSA_MAX_SIGNATURE_LEN;
++ break;
++ case ecKey:
++ maxSigLen = 2 * MAX_ECKEY_LEN;
++ break;
++ default:
++ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
++ return 0;
++ }
++ if (sigLen > maxSigLen) {
++ PORT_SetError(SEC_ERROR_INVALID_KEY);
++ return 0;
++ }
++ return sigLen;
++}
++
+ /*
+ * decode the ECDSA or DSA signature from it's DER wrapping.
+ * The unwrapped/raw signature is placed in the buffer pointed
+@@ -174,38 +205,38 @@ decodeECorDSASignature(SECOidTag algid,
+ unsigned int len)
+ {
+ SECItem *dsasig = NULL; /* also used for ECDSA */
+- SECStatus rv = SECSuccess;
+
+- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
+- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
+- if (sig->len != len) {
+- PORT_SetError(SEC_ERROR_BAD_DER);
+- return SECFailure;
++ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */
++ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) {
++ if (len > DSA_MAX_SIGNATURE_LEN) {
++ goto loser;
+ }
+-
+- PORT_Memcpy(dsig, sig->data, sig->len);
+- return SECSuccess;
+- }
+-
+- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
++ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
+ if (len > MAX_ECKEY_LEN * 2) {
+- PORT_SetError(SEC_ERROR_BAD_DER);
+- return SECFailure;
++ goto loser;
+ }
+- }
+- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len);
+-
+- if ((dsasig == NULL) || (dsasig->len != len)) {
+- rv = SECFailure;
+ } else {
+- PORT_Memcpy(dsig, dsasig->data, dsasig->len);
++ goto loser;
+ }
+
+- if (dsasig != NULL)
++ /* Decode and pad to length */
++ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len);
++ if (dsasig == NULL) {
++ goto loser;
++ }
++ if (dsasig->len != len) {
+ SECITEM_FreeItem(dsasig, PR_TRUE);
+- if (rv == SECFailure)
+- PORT_SetError(SEC_ERROR_BAD_DER);
+- return rv;
++ goto loser;
++ }
++
++ PORT_Memcpy(dsig, dsasig->data, len);
++ SECITEM_FreeItem(dsasig, PR_TRUE);
++
++ return SECSuccess;
++
++loser:
++ PORT_SetError(SEC_ERROR_BAD_DER);
++ return SECFailure;
+ }
+
+ const SEC_ASN1Template hashParameterTemplate[] =
+@@ -231,7 +262,7 @@ SECStatus
+ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
+ const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg)
+ {
+- int len;
++ unsigned int len;
+ PLArenaPool *arena;
+ SECStatus rv;
+ SECItem oid;
+@@ -458,48 +489,52 @@ vfy_CreateContext(const SECKEYPublicKey
+ cx->pkcs1RSADigestInfo = NULL;
+ rv = SECSuccess;
+ if (sig) {
+- switch (type) {
+- case rsaKey:
+- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
+- &cx->pkcs1RSADigestInfo,
+- &cx->pkcs1RSADigestInfoLen,
+- cx->key,
+- sig, wincx);
+- break;
+- case rsaPssKey:
+- sigLen = SECKEY_SignatureLen(key);
+- if (sigLen == 0) {
+- /* error set by SECKEY_SignatureLen */
+- rv = SECFailure;
++ rv = SECFailure;
++ if (type == rsaKey) {
++ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
++ &cx->pkcs1RSADigestInfo,
++ &cx->pkcs1RSADigestInfoLen,
++ cx->key,
++ sig, wincx);
++ } else {
++ sigLen = checkedSignatureLen(key);
++ /* Check signature length is within limits */
++ if (sigLen == 0) {
++ /* error set by checkedSignatureLen */
++ rv = SECFailure;
++ goto loser;
++ }
++ if (sigLen > sizeof(cx->u)) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ rv = SECFailure;
++ goto loser;
++ }
++ switch (type) {
++ case rsaPssKey:
++ if (sig->len != sigLen) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ rv = SECFailure;
++ goto loser;
++ }
++ PORT_Memcpy(cx->u.buffer, sig->data, sigLen);
++ rv = SECSuccess;
+ break;
+- }
+- if (sig->len != sigLen) {
+- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+- rv = SECFailure;
++ case ecKey:
++ case dsaKey:
++ /* decodeECorDSASignature will check sigLen == sig->len after padding */
++ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
+ break;
+- }
+- PORT_Memcpy(cx->u.buffer, sig->data, sigLen);
+- break;
+- case dsaKey:
+- case ecKey:
+- sigLen = SECKEY_SignatureLen(key);
+- if (sigLen == 0) {
+- /* error set by SECKEY_SignatureLen */
++ default:
++ /* Unreachable */
+ rv = SECFailure;
+- break;
+- }
+- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
+- break;
+- default:
+- rv = SECFailure;
+- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+- break;
++ goto loser;
++ }
++ }
++ if (rv != SECSuccess) {
++ goto loser;
+ }
+ }
+
+- if (rv)
+- goto loser;
+-
+ /* check hash alg again, RSA may have changed it.*/
+ if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) {
+ /* error set by HASH_GetHashTypeByOidTag */
+@@ -634,11 +669,16 @@ VFY_EndWithSignature(VFYContext *cx, SEC
+ switch (cx->key->keyType) {
+ case ecKey:
+ case dsaKey:
+- dsasig.data = cx->u.buffer;
+- dsasig.len = SECKEY_SignatureLen(cx->key);
++ dsasig.len = checkedSignatureLen(cx->key);
+ if (dsasig.len == 0) {
+ return SECFailure;
+ }
++ if (dsasig.len > sizeof(cx->u)) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ return SECFailure;
++ }
++ dsasig.data = cx->u.buffer;
++
+ if (sig) {
+ rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data,
+ dsasig.len);
+@@ -667,8 +698,13 @@
+ }
+
+ rsasig.data = cx->u.buffer;
+- rsasig.len = SECKEY_SignatureLen(cx->key);
++ rsasig.len = checkedSignatureLen(cx->key);
+ if (rsasig.len == 0) {
++ /* Error set by checkedSignatureLen */
++ return SECFailure;
++ }
++ if (rsasig.len > sizeof(cx->u)) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ return SECFailure;
+ }
+ if (sig) {
+@@ -743,7 +788,6 @@ vfy_VerifyDigest(const SECItem *digest,
+ SECStatus rv;
+ VFYContext *cx;
+ SECItem dsasig; /* also used for ECDSA */
+-
+ rv = SECFailure;
+
+ cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx);
+@@ -751,19 +795,25 @@ vfy_VerifyDigest(const SECItem *digest,
+ switch (key->keyType) {
+ case rsaKey:
+ rv = verifyPKCS1DigestInfo(cx, digest);
++ /* Error (if any) set by verifyPKCS1DigestInfo */
+ break;
+- case dsaKey:
+ case ecKey:
++ case dsaKey:
+ dsasig.data = cx->u.buffer;
+- dsasig.len = SECKEY_SignatureLen(cx->key);
++ dsasig.len = checkedSignatureLen(cx->key);
+ if (dsasig.len == 0) {
++ /* Error set by checkedSignatureLen */
++ rv = SECFailure;
+ break;
+ }
+- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) !=
+- SECSuccess) {
++ if (dsasig.len > sizeof(cx->u)) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ rv = SECFailure;
++ break;
++ }
++ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx);
++ if (rv != SECSuccess) {
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+- } else {
+- rv = SECSuccess;
+ }
+ break;
+ default:
diff --git a/meta-oe/recipes-support/nss/nss/CVE-2022-22747.patch b/meta-oe/recipes-support/nss/nss/CVE-2022-22747.patch
new file mode 100644
index 000000000..cccb73187
--- /dev/null
+++ b/meta-oe/recipes-support/nss/nss/CVE-2022-22747.patch
@@ -0,0 +1,63 @@
+# HG changeset patch
+# User John M. Schanck <jschanck@mozilla.com>
+# Date 1633990165 0
+# Node ID 7ff99e71f3e37faed12bc3cc90a3eed27e3418d0
+# Parent f80fafd04cf82b4d315c8fe42bb4639703f6ee4f
+Bug 1735028 - check for missing signedData field r=keeler
+
+Differential Revision: https://phabricator.services.mozilla.com/D128112
+
+Upstream-Status: Backport [https://hg.mozilla.org/projects/nss/raw-rev/7ff99e71f3e37faed12bc3cc90a3eed27e3418d0]
+CVE: CVE-2022-22747
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+
+diff --git a/nss/gtests/certdb_gtest/decode_certs_unittest.cc b/nss/gtests/certdb_gtest/decode_certs_unittest.cc
+--- a/nss/gtests/certdb_gtest/decode_certs_unittest.cc
++++ b/nss/gtests/certdb_gtest/decode_certs_unittest.cc
+@@ -21,8 +21,21 @@ TEST_F(DecodeCertsTest, EmptyCertPackage
+ unsigned char emptyCertPackage[] = {0x30, 0x0f, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02,
+ 0x05, 0xa0, 0x02, 0x30, 0x00};
+ EXPECT_EQ(nullptr, CERT_DecodeCertFromPackage(
+ reinterpret_cast<char*>(emptyCertPackage),
+ sizeof(emptyCertPackage)));
+ EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
+ }
++
++TEST_F(DecodeCertsTest, EmptySignedData) {
++ // This represents a PKCS#7 ContentInfo of contentType
++ // 1.2.840.113549.1.7.2 (signedData) with missing content.
++ unsigned char emptySignedData[] = {0x30, 0x80, 0x06, 0x09, 0x2a, 0x86,
++ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07,
++ 0x02, 0x00, 0x00, 0x05, 0x00};
++
++ EXPECT_EQ(nullptr,
++ CERT_DecodeCertFromPackage(reinterpret_cast<char*>(emptySignedData),
++ sizeof(emptySignedData)));
++ EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
++}
+diff --git a/nss/lib/pkcs7/certread.c b/nss/lib/pkcs7/certread.c
+--- a/nss/lib/pkcs7/certread.c
++++ b/nss/lib/pkcs7/certread.c
+@@ -134,16 +134,21 @@ SEC_ReadPKCS7Certs(SECItem *pkcs7Item, C
+ pkcs7Item) != SECSuccess) {
+ goto done;
+ }
+
+ if (GetContentTypeTag(&contentInfo) != SEC_OID_PKCS7_SIGNED_DATA) {
+ goto done;
+ }
+
++ if (contentInfo.content.signedData == NULL) {
++ PORT_SetError(SEC_ERROR_BAD_DER);
++ goto done;
++ }
++
+ rv = SECSuccess;
+
+ certs = contentInfo.content.signedData->certificates;
+ if (certs) {
+ count = 0;
+
+ while (*certs) {
+ count++;
diff --git a/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-oe/recipes-support/nss/nss_3.51.1.bb
index ac046ed0f..07adea106 100644
--- a/meta-oe/recipes-support/nss/nss_3.51.1.bb
+++ b/meta-oe/recipes-support/nss/nss_3.51.1.bb
@@ -37,6 +37,11 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
file://0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch \
file://CVE-2020-12401.patch \
file://CVE-2020-6829_12400.patch \
+ file://CVE-2020-12403_1.patch \
+ file://CVE-2020-12403_2.patch \
+ file://CVE-2020-25648.patch \
+ file://CVE-2021-43527.patch \
+ file://CVE-2022-22747.patch \
"
SRC_URI[md5sum] = "6acaf1ddff69306ae30a908881c6f233"
@@ -287,5 +292,11 @@ RDEPENDS_${PN}-smime = "perl"
BBCLASSEXTEND = "native nativesdk"
+CVE_PRODUCT += "network_security_services"
+
# CVE-2006-5201 affects only Sun Solaris
CVE_CHECK_WHITELIST += "CVE-2006-5201"
+
+# CVES CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698 only affect
+# the legacy db (libnssdbm), only compiled with --enable-legacy-db.
+CVE_CHECK_WHITELIST += "CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698"
diff --git a/meta-oe/recipes-support/numactl/numactl_git.bb b/meta-oe/recipes-support/numactl/numactl_git.bb
index 20b7fed86..af082237c 100644
--- a/meta-oe/recipes-support/numactl/numactl_git.bb
+++ b/meta-oe/recipes-support/numactl/numactl_git.bb
@@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://README.md;beginline=19;endline=32;md5=f8ff2391624f28e
SRCREV = "5d9f16722e3df49dc618a9f361bd482559695db7"
PV = "2.0.13+git${SRCPV}"
-SRC_URI = "git://github.com/numactl/numactl \
+SRC_URI = "git://github.com/numactl/numactl;branch=master;protocol=https \
file://Fix-the-test-output-format.patch \
file://Makefile \
file://run-ptest \
diff --git a/meta-oe/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch b/meta-oe/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch
new file mode 100644
index 000000000..1c6657ae9
--- /dev/null
+++ b/meta-oe/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch
@@ -0,0 +1,39 @@
+From d16eda269413bdb04e85c242fa28db264697c45f Mon Sep 17 00:00:00 2001
+From: John Wolfe <jwolfe@vmware.com>
+Date: Sun, 21 Aug 2022 07:56:49 -0700
+Subject: [PATCH] Properly check authorization on incoming guestOps requests.
+
+Fix public pipe request checks. Only a SessionRequest type should
+be accepted on the public pipe.
+
+Upstream-Status: Backport from https://github.com/vmware/open-vm-tools/commit/70a74758bfe0042c27f15ce590fb21a2bc54d745
+CVE: CVE-2022-31676
+Signed-off-by: Priyal Doshi <pdoshi@mvista.com>
+---
+ open-vm-tools/vgauth/serviceImpl/proto.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/open-vm-tools/vgauth/serviceImpl/proto.c b/open-vm-tools/vgauth/serviceImpl/proto.c
+index f097fb6..0ebaa7b 100644
+--- a/open-vm-tools/vgauth/serviceImpl/proto.c
++++ b/open-vm-tools/vgauth/serviceImpl/proto.c
+@@ -1,5 +1,5 @@
+ /*********************************************************
+- * Copyright (C) 2011-2016,2019 VMware, Inc. All rights reserved.
++ * Copyright (C) 2011-2016,2019-2022 VMware, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as published
+@@ -1202,6 +1202,10 @@ Proto_SecurityCheckRequest(ServiceConnection *conn,
+ VGAuthError err;
+ gboolean isSecure = ServiceNetworkIsConnectionPrivateSuperUser(conn);
+
++ if (conn->isPublic && req->reqType != PROTO_REQUEST_SESSION_REQ) {
++ return VGAUTH_E_PERMISSION_DENIED;
++ }
++
+ switch (req->reqType) {
+ /*
+ * This comes over the public connection; alwsys let it through.
+--
+2.7.4
diff --git a/meta-oe/recipes-support/open-vm-tools/open-vm-tools_11.0.1.bb b/meta-oe/recipes-support/open-vm-tools/open-vm-tools_11.0.1.bb
index 34a81d21f..9a1b3f4c8 100644
--- a/meta-oe/recipes-support/open-vm-tools/open-vm-tools_11.0.1.bb
+++ b/meta-oe/recipes-support/open-vm-tools/open-vm-tools_11.0.1.bb
@@ -21,7 +21,7 @@ LICENSE_modules/freebsd/vmxnet = "GPL-2.0"
LICENSE_modules/linux = "GPL-2.0"
LICENSE_modules/solaris = "CDDL-1.0"
-SRC_URI = "git://github.com/vmware/open-vm-tools.git;protocol=https \
+SRC_URI = "git://github.com/vmware/open-vm-tools.git;protocol=https;branch=master \
file://tools.conf \
file://vmtoolsd.service \
file://vmtoolsd.init \
@@ -43,6 +43,7 @@ SRC_URI = "git://github.com/vmware/open-vm-tools.git;protocol=https \
file://0002-hgfsServerLinux-Consider-64bit-time_t-possibility.patch;patchdir=.. \
file://0001-utilBacktrace-Ignore-Warray-bounds.patch;patchdir=.. \
file://0001-hgfsmounter-Makefile.am-support-usrmerge.patch;patchdir=.. \
+ file://0001-Properly-check-authorization-on-incoming-guestOps-re.patch;patchdir=.. \
"
SRCREV = "d3edfd142a81096f9f58aff17d84219b457f4987"
diff --git a/meta-oe/recipes-support/opencl/clinfo_2.2.18.04.06.bb b/meta-oe/recipes-support/opencl/clinfo_2.2.18.04.06.bb
index 9fd88ced9..831b15a45 100644
--- a/meta-oe/recipes-support/opencl/clinfo_2.2.18.04.06.bb
+++ b/meta-oe/recipes-support/opencl/clinfo_2.2.18.04.06.bb
@@ -7,7 +7,7 @@ HOMEPAGE = "https://github.com/Oblomov/clinfo"
LICENSE = "CC0-1.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=fd8857f774dfb0eefe1e80c8f9240a7e"
-SRC_URI = "git://github.com/Oblomov/clinfo.git;protocol=https"
+SRC_URI = "git://github.com/Oblomov/clinfo.git;protocol=https;branch=master"
SRCREV = "59d0daf898e48d76ccbb788acbba258fa0a8ba7c"
diff --git a/meta-oe/recipes-support/opencv/ade_0.1.1f.bb b/meta-oe/recipes-support/opencv/ade_0.1.1f.bb
index 386180215..7e9bbc31c 100644
--- a/meta-oe/recipes-support/opencv/ade_0.1.1f.bb
+++ b/meta-oe/recipes-support/opencv/ade_0.1.1f.bb
@@ -4,7 +4,7 @@ and processing framework. ADE Framework is suitable for \
organizing data flow processing and execution."
HOMEPAGE = "https://github.com/opencv/ade"
-SRC_URI = "git://github.com/opencv/ade.git \
+SRC_URI = "git://github.com/opencv/ade.git;branch=master;protocol=https \
file://0001-use-GNUInstallDirs-for-detecting-install-paths.patch \
"
diff --git a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb
index 19d5d0c89..d7a015874 100644
--- a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb
+++ b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb
@@ -37,12 +37,12 @@ IPP_FILENAME = "${@ipp_filename(d)}"
IPP_MD5 = "${@ipp_md5sum(d)}"
SRCREV_FORMAT = "opencv_contrib_ipp_boostdesc_vgg"
-SRC_URI = "git://github.com/opencv/opencv.git;name=opencv \
- git://github.com/opencv/opencv_contrib.git;destsuffix=contrib;name=contrib \
- git://github.com/opencv/opencv_3rdparty.git;branch=ippicv/master_20180723;destsuffix=ipp;name=ipp \
- git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_boostdesc_20161012;destsuffix=boostdesc;name=boostdesc \
- git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_vgg_20160317;destsuffix=vgg;name=vgg \
- git://github.com/opencv/opencv_3rdparty.git;branch=contrib_face_alignment_20170818;destsuffix=face;name=face \
+SRC_URI = "git://github.com/opencv/opencv.git;name=opencv;branch=master;protocol=https \
+ git://github.com/opencv/opencv_contrib.git;destsuffix=contrib;name=contrib;branch=master;protocol=https \
+ git://github.com/opencv/opencv_3rdparty.git;branch=ippicv/master_20180723;destsuffix=ipp;name=ipp;protocol=https \
+ git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_boostdesc_20161012;destsuffix=boostdesc;name=boostdesc;protocol=https \
+ git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_vgg_20160317;destsuffix=vgg;name=vgg;protocol=https \
+ git://github.com/opencv/opencv_3rdparty.git;branch=contrib_face_alignment_20170818;destsuffix=face;name=face;protocol=https \
file://0001-3rdparty-ippicv-Use-pre-downloaded-ipp.patch \
file://0002-Make-opencv-ts-create-share-library-intead-of-static.patch \
file://0003-To-fix-errors-as-following.patch \
diff --git a/meta-oe/recipes-support/openldap/openldap/CVE-2022-29155.patch b/meta-oe/recipes-support/openldap/openldap/CVE-2022-29155.patch
new file mode 100644
index 000000000..2860b9522
--- /dev/null
+++ b/meta-oe/recipes-support/openldap/openldap/CVE-2022-29155.patch
@@ -0,0 +1,277 @@
+From 11e136f15085a4bda5701e910988966bed699977 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Wed, 18 May 2022 13:57:59 +0530
+Subject: [PATCH] CVE-2022-29155
+
+Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/87df6c19915042430540931d199a39105544a134]
+CVE: CVE-2022-29155
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+
+---
+ servers/slapd/back-sql/search.c | 123 +++++++++++++++++++++++++++-----
+ 1 file changed, 105 insertions(+), 18 deletions(-)
+
+diff --git a/servers/slapd/back-sql/search.c b/servers/slapd/back-sql/search.c
+index bb0f1e2..1770bde 100644
+--- a/servers/slapd/back-sql/search.c
++++ b/servers/slapd/back-sql/search.c
+@@ -63,6 +63,38 @@ static void send_paged_response(
+ ID *lastid );
+ #endif /* ! BACKSQL_ARBITRARY_KEY */
+
++/* Look for chars that need to be escaped, return count of them.
++ * If out is non-NULL, copy escape'd val to it.
++ */
++static int
++backsql_val_escape( Operation *op, struct berval *in, struct berval *out )
++{
++ char *ptr, *end;
++ int q = 0;
++
++ ptr = in->bv_val;
++ end = ptr + in->bv_len;
++ while (ptr < end) {
++ if ( *ptr == '\'' )
++ q++;
++ ptr++;
++ }
++ if ( q && out ) {
++ char *dst;
++ out->bv_len = in->bv_len + q;
++ out->bv_val = op->o_tmpalloc( out->bv_len + 1, op->o_tmpmemctx );
++ ptr = in->bv_val;
++ dst = out->bv_val;
++ while (ptr < end ) {
++ if ( *ptr == '\'' )
++ *dst++ = '\'';
++ *dst++ = *ptr++;
++ }
++ *dst = '\0';
++ }
++ return q;
++}
++
+ static int
+ backsql_attrlist_add( backsql_srch_info *bsi, AttributeDescription *ad )
+ {
+@@ -429,6 +461,8 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f,
+ backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
+ int i;
+ int casefold = 0;
++ int escaped = 0;
++ struct berval escval, *fvalue;
+
+ if ( !f ) {
+ return 0;
+@@ -462,50 +496,68 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f,
+
+ BER_BVZERO( &bv );
+ if ( f->f_sub_initial.bv_val ) {
+- bv.bv_len += f->f_sub_initial.bv_len;
++ bv.bv_len += f->f_sub_initial.bv_len + backsql_val_escape( NULL, &f->f_sub_initial, NULL );
+ }
+ if ( f->f_sub_any != NULL ) {
+ for ( a = 0; f->f_sub_any[ a ].bv_val != NULL; a++ ) {
+- bv.bv_len += f->f_sub_any[ a ].bv_len;
++ bv.bv_len += f->f_sub_any[ a ].bv_len + backsql_val_escape( NULL, &f->f_sub_any[ a ], NULL );
+ }
+ }
+ if ( f->f_sub_final.bv_val ) {
+- bv.bv_len += f->f_sub_final.bv_len;
++ bv.bv_len += f->f_sub_final.bv_len + backsql_val_escape( NULL, &f->f_sub_final, NULL );
+ }
+ bv.bv_len = 2 * bv.bv_len - 1;
+ bv.bv_val = ch_malloc( bv.bv_len + 1 );
+
+ s = 0;
+ if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
+- bv.bv_val[ s ] = f->f_sub_initial.bv_val[ 0 ];
+- for ( i = 1; i < f->f_sub_initial.bv_len; i++ ) {
++ fvalue = &f->f_sub_initial;
++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval );
++ if ( escaped )
++ fvalue = &escval;
++ bv.bv_val[ s ] = fvalue->bv_val[ 0 ];
++ for ( i = 1; i < fvalue->bv_len; i++ ) {
+ bv.bv_val[ s + 2 * i - 1 ] = '%';
+- bv.bv_val[ s + 2 * i ] = f->f_sub_initial.bv_val[ i ];
++ bv.bv_val[ s + 2 * i ] = fvalue->bv_val[ i ];
+ }
+ bv.bv_val[ s + 2 * i - 1 ] = '%';
+ s += 2 * i;
++ if ( escaped )
++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx );
+ }
+
+ if ( f->f_sub_any != NULL ) {
+ for ( a = 0; !BER_BVISNULL( &f->f_sub_any[ a ] ); a++ ) {
+- bv.bv_val[ s ] = f->f_sub_any[ a ].bv_val[ 0 ];
+- for ( i = 1; i < f->f_sub_any[ a ].bv_len; i++ ) {
++ fvalue = &f->f_sub_any[ a ];
++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval );
++ if ( escaped )
++ fvalue = &escval;
++ bv.bv_val[ s ] = fvalue->bv_val[ 0 ];
++ for ( i = 1; i < fvalue->bv_len; i++ ) {
+ bv.bv_val[ s + 2 * i - 1 ] = '%';
+- bv.bv_val[ s + 2 * i ] = f->f_sub_any[ a ].bv_val[ i ];
++ bv.bv_val[ s + 2 * i ] = fvalue->bv_val[ i ];
+ }
+ bv.bv_val[ s + 2 * i - 1 ] = '%';
+ s += 2 * i;
++ if ( escaped )
++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx );
+ }
+ }
+
+ if ( !BER_BVISNULL( &f->f_sub_final ) ) {
+- bv.bv_val[ s ] = f->f_sub_final.bv_val[ 0 ];
+- for ( i = 1; i < f->f_sub_final.bv_len; i++ ) {
++ fvalue = &f->f_sub_final;
++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval );
++ if ( escaped )
++ fvalue = &escval;
++ bv.bv_val[ s ] = fvalue->bv_val[ 0 ];
++ for ( i = 1; i < fvalue->bv_len; i++ ) {
+ bv.bv_val[ s + 2 * i - 1 ] = '%';
+- bv.bv_val[ s + 2 * i ] = f->f_sub_final.bv_val[ i ];
++ bv.bv_val[ s + 2 * i ] = fvalue->bv_val[ i ];
+ }
+- bv.bv_val[ s + 2 * i - 1 ] = '%';
++ bv.bv_val[ s + 2 * i - 1 ] = '%';
+ s += 2 * i;
++ if ( escaped )
++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx );
+ }
+
+ bv.bv_val[ s - 1 ] = '\0';
+@@ -561,11 +613,17 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f,
+ f->f_sub_initial.bv_val, 0 );
+ #endif /* BACKSQL_TRACE */
+
++ fvalue = &f->f_sub_initial;
++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval );
++ if ( escaped )
++ fvalue = &escval;
+ start = bsi->bsi_flt_where.bb_val.bv_len;
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "b",
+- &f->f_sub_initial );
++ fvalue );
++ if ( escaped )
++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx );
+ if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
+ ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
+ }
+@@ -586,12 +644,18 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f,
+ i, f->f_sub_any[ i ].bv_val );
+ #endif /* BACKSQL_TRACE */
+
++ fvalue = &f->f_sub_any[ i ];
++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval );
++ if ( escaped )
++ fvalue = &escval;
+ start = bsi->bsi_flt_where.bb_val.bv_len;
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "bc",
+- &f->f_sub_any[ i ],
++ fvalue,
+ '%' );
++ if ( escaped )
++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx );
+ if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
+ /*
+ * Note: toupper('%') = '%'
+@@ -611,11 +675,17 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f,
+ f->f_sub_final.bv_val, 0 );
+ #endif /* BACKSQL_TRACE */
+
++ fvalue = &f->f_sub_final;
++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval );
++ if ( escaped )
++ fvalue = &escval;
+ start = bsi->bsi_flt_where.bb_val.bv_len;
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "b",
+- &f->f_sub_final );
++ fvalue );
++ if ( escaped )
++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx );
+ if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
+ ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
+ }
+@@ -1183,6 +1253,8 @@ backsql_process_filter_attr( backsql_srch_info *bsi, Filter *f, backsql_at_map_r
+ struct berval *filter_value = NULL;
+ MatchingRule *matching_rule = NULL;
+ struct berval ordering = BER_BVC("<=");
++ struct berval escval;
++ int escaped = 0;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_process_filter_attr(%s)\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+@@ -1237,6 +1309,10 @@ equality_match:;
+ casefold = 1;
+ }
+
++ escaped = backsql_val_escape( bsi->bsi_op, filter_value, &escval );
++ if ( escaped )
++ filter_value = &escval;
++
+ /* FIXME: directoryString filtering should use a similar
+ * approach to deal with non-prettified values like
+ * " A non prettified value ", by using a LIKE
+@@ -1317,6 +1393,10 @@ equality_match:;
+ casefold = 1;
+ }
+
++ escaped = backsql_val_escape( bsi->bsi_op, filter_value, &escval );
++ if ( escaped )
++ filter_value = &escval;
++
+ /*
+ * FIXME: should we uppercase the operands?
+ */
+@@ -1350,7 +1430,7 @@ equality_match:;
+ &at->bam_sel_expr,
+ &ordering,
+ '\'',
+- &f->f_av_value,
++ filter_value,
+ (ber_len_t)STRLENOF( /* (' */ "')" ),
+ /* ( */ "')" );
+ }
+@@ -1374,13 +1454,17 @@ equality_match:;
+ case LDAP_FILTER_APPROX:
+ /* we do our best */
+
++ filter_value = &f->f_av_value;
++ escaped = backsql_val_escape( bsi->bsi_op, filter_value, &escval );
++ if ( escaped )
++ filter_value = &escval;
+ /*
+ * maybe we should check type of at->sel_expr here somehow,
+ * to know whether upper_func is applicable, but for now
+ * upper_func stuff is made for Oracle, where UPPER is
+ * safely applicable to NUMBER etc.
+ */
+- (void)backsql_process_filter_like( bsi, at, 1, &f->f_av_value );
++ (void)backsql_process_filter_like( bsi, at, 1, filter_value );
+ break;
+
+ default:
+@@ -1394,6 +1478,9 @@ equality_match:;
+
+ }
+
++ if ( escaped )
++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx );
++
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_process_filter_attr(%s)\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+
+--
+2.25.1
+
diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
index a282523a3..e3e9caa1b 100644
--- a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
+++ b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
@@ -23,8 +23,8 @@ SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$
file://thread_stub.patch \
file://openldap-CVE-2015-3276.patch \
file://remove-user-host-pwd-from-version.patch \
+ file://CVE-2022-29155.patch \
"
-
SRC_URI[md5sum] = "e3349456c3a66e5e6155be7ddc3f042c"
SRC_URI[sha256sum] = "c7ba47e1e6ecb5b436f3d43281df57abeffa99262141aec822628bc220f6b45a"
diff --git a/meta-oe/recipes-support/opensc/opensc_0.20.0.bb b/meta-oe/recipes-support/opensc/opensc_0.20.0.bb
index a815980c4..b8cf203b7 100644
--- a/meta-oe/recipes-support/opensc/opensc_0.20.0.bb
+++ b/meta-oe/recipes-support/opensc/opensc_0.20.0.bb
@@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7fbc338309ac38fefcd64b04bb903e34"
#v0.19.0
SRCREV = "45e29056ccde422e70ed3585084a7f150c632515"
-SRC_URI = "git://github.com/OpenSC/OpenSC \
+SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \
"
DEPENDS = "virtual/libiconv openssl"
diff --git a/meta-oe/recipes-support/picocom/picocom_git.bb b/meta-oe/recipes-support/picocom/picocom_git.bb
index 3d26b9364..801300e70 100644
--- a/meta-oe/recipes-support/picocom/picocom_git.bb
+++ b/meta-oe/recipes-support/picocom/picocom_git.bb
@@ -9,7 +9,7 @@ PV = "${BASEPV}+git${SRCPV}"
SRCREV = "90385aabe2b51f39fa130627d46b377569f82d4a"
-SRC_URI = "git://github.com/npat-efault/picocom \
+SRC_URI = "git://github.com/npat-efault/picocom;branch=master;protocol=https \
file://0001-Fix-building-with-musl.patch \
"
diff --git a/meta-oe/recipes-support/pidgin/funyahoo-plusplus_git.bb b/meta-oe/recipes-support/pidgin/funyahoo-plusplus_git.bb
index 3a437659e..0e3e5ff73 100644
--- a/meta-oe/recipes-support/pidgin/funyahoo-plusplus_git.bb
+++ b/meta-oe/recipes-support/pidgin/funyahoo-plusplus_git.bb
@@ -7,7 +7,7 @@ DEPENDS = "pidgin json-glib glib-2.0"
inherit pkgconfig
-SRC_URI = "git://github.com/EionRobb/funyahoo-plusplus;branch=master;protocol=git"
+SRC_URI = "git://github.com/EionRobb/funyahoo-plusplus;branch=master;protocol=https"
SRCREV = "fbbd9c591100aa00a0487738ec7b6acd3d924b3f"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/pidgin/icyque_git.bb b/meta-oe/recipes-support/pidgin/icyque_git.bb
index 0f32dc3a3..2905e16fc 100644
--- a/meta-oe/recipes-support/pidgin/icyque_git.bb
+++ b/meta-oe/recipes-support/pidgin/icyque_git.bb
@@ -9,7 +9,7 @@ PV = "0.1+gitr${SRCPV}"
inherit pkgconfig
-SRC_URI = "git://github.com/EionRobb/icyque"
+SRC_URI = "git://github.com/EionRobb/icyque;branch=master;protocol=https"
SRCREV = "513fc162d5d1a201c2b044e2b42941436d1069d5"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/pidgin/purple-skypeweb_git.bb b/meta-oe/recipes-support/pidgin/purple-skypeweb_git.bb
index 092e6059b..854920d2e 100644
--- a/meta-oe/recipes-support/pidgin/purple-skypeweb_git.bb
+++ b/meta-oe/recipes-support/pidgin/purple-skypeweb_git.bb
@@ -7,7 +7,7 @@ DEPENDS = "pidgin json-glib glib-2.0 zlib"
inherit pkgconfig
-SRC_URI = "git://github.com/EionRobb/skype4pidgin;branch=master;protocol=git"
+SRC_URI = "git://github.com/EionRobb/skype4pidgin;branch=master;protocol=https"
SRCREV = "14f1b69b6292bbdc98cca484b050ec8359394c4e"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/poco/poco_1.9.4.bb b/meta-oe/recipes-support/poco/poco_1.9.4.bb
index fcd521975..1c3a4ebb0 100644
--- a/meta-oe/recipes-support/poco/poco_1.9.4.bb
+++ b/meta-oe/recipes-support/poco/poco_1.9.4.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=4267f48fc738f50380cbeeb76f95cebc"
DEPENDS = "libpcre zlib"
SRC_URI = " \
- git://github.com/pocoproject/poco.git;branch=poco-${PV} \
+ git://github.com/pocoproject/poco.git;branch=poco-${PV};protocol=https \
file://0001-Don-t-try-to-install-non-existing-Encodings-testsuit.patch \
file://0001-riscv-Enable-double-operations-when-using-double-flo.patch \
file://run-ptest \
diff --git a/meta-oe/recipes-support/pps-tools/pps-tools_1.0.2.bb b/meta-oe/recipes-support/pps-tools/pps-tools_1.0.2.bb
index c8baa5d9c..5b5358774 100644
--- a/meta-oe/recipes-support/pps-tools/pps-tools_1.0.2.bb
+++ b/meta-oe/recipes-support/pps-tools/pps-tools_1.0.2.bb
@@ -5,7 +5,7 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
SRCREV = "cb48b7ecf7079ceba7081c78d4e61e507b0e8d2d"
-SRC_URI = "git://github.com/ago/pps-tools.git"
+SRC_URI = "git://github.com/ago/pps-tools.git;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/remmina/remmina_1.3.6.bb b/meta-oe/recipes-support/remmina/remmina_1.3.6.bb
index 1c2f270e3..3b1e8706c 100644
--- a/meta-oe/recipes-support/remmina/remmina_1.3.6.bb
+++ b/meta-oe/recipes-support/remmina/remmina_1.3.6.bb
@@ -10,7 +10,7 @@ DEPENDS_append_libc-musl = " libexecinfo"
LDFLAGS_append_libc-musl = " -lexecinfo"
SRCREV = "cc391370d8b4c07597617e0a771a9732f0802411"
-SRC_URI = "git://gitlab.com/Remmina/Remmina;protocol=https \
+SRC_URI = "git://gitlab.com/Remmina/Remmina;protocol=https;branch=master \
"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb b/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb
index 33f5dccca..6fe8aa76f 100644
--- a/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb
+++ b/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb
@@ -25,7 +25,7 @@ RDEPENDS_${PN} = "rsync \
SRCREV = "a9e29850fc33c503c289e245c7bad350eed746d9"
PV = "1.4.3+git${SRCPV}"
-SRC_URI = "git://github.com/DrHyde/${BPN};branch=master;protocol=git \
+SRC_URI = "git://github.com/DrHyde/${BPN};branch=master;protocol=https \
file://configure-fix-cmd_rsync.patch \
"
diff --git a/meta-oe/recipes-support/sass/libsass_3.6.3.bb b/meta-oe/recipes-support/sass/libsass_3.6.3.bb
index d893be223..4b4fe5566 100644
--- a/meta-oe/recipes-support/sass/libsass_3.6.3.bb
+++ b/meta-oe/recipes-support/sass/libsass_3.6.3.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=8f34396ca205f5e119ee77aae91fa27d"
inherit autotools
-SRC_URI = "git://github.com/sass/libsass.git;branch=master"
+SRC_URI = "git://github.com/sass/libsass.git;branch=master;protocol=https"
SRCREV = "e1c16e09b4a953757a15149deaaf28a3fd81dc97"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/sass/sassc_git.bb b/meta-oe/recipes-support/sass/sassc_git.bb
index 3c7a55cc3..985d519f9 100644
--- a/meta-oe/recipes-support/sass/sassc_git.bb
+++ b/meta-oe/recipes-support/sass/sassc_git.bb
@@ -6,7 +6,7 @@ DEPENDS = "libsass"
inherit autotools pkgconfig
-SRC_URI = "git://github.com/sass/sassc.git"
+SRC_URI = "git://github.com/sass/sassc.git;branch=master;protocol=https"
SRCREV = "46748216ba0b60545e814c07846ca10c9fefc5b6"
S = "${WORKDIR}/git"
PV = "3.6.1"
diff --git a/meta-oe/recipes-support/satyr/satyr_0.28.bb b/meta-oe/recipes-support/satyr/satyr_0.28.bb
index fbf018d7f..a928681ae 100644
--- a/meta-oe/recipes-support/satyr/satyr_0.28.bb
+++ b/meta-oe/recipes-support/satyr/satyr_0.28.bb
@@ -7,7 +7,7 @@ LICENSE = "GPLv2"
inherit autotools-brokensep python3native pkgconfig
-SRC_URI = "git://github.com/abrt/satyr.git \
+SRC_URI = "git://github.com/abrt/satyr.git;branch=master;protocol=https \
file://0002-fix-compile-failure-against-musl-C-library.patch \
"
SRCREV = "8b5547b89b712b39a59f1d8b366e7de0f5f46108"
diff --git a/meta-oe/recipes-support/serial-utils/pty-forward-native.bb b/meta-oe/recipes-support/serial-utils/pty-forward-native.bb
index 7f59b3eca..87d9c5290 100644
--- a/meta-oe/recipes-support/serial-utils/pty-forward-native.bb
+++ b/meta-oe/recipes-support/serial-utils/pty-forward-native.bb
@@ -6,7 +6,7 @@ SECTION = "console/network"
SRCREV = "00dbec2636ae0385ad028587e20e446272ff97ec"
PV = "1.1+gitr${SRCPV}"
-SRC_URI = "git://github.com/freesmartphone/cornucopia.git;protocol=https"
+SRC_URI = "git://github.com/freesmartphone/cornucopia.git;protocol=https;branch=master"
S = "${WORKDIR}/git/tools/serial_forward"
inherit autotools native
diff --git a/meta-oe/recipes-support/serial-utils/serial-forward_git.bb b/meta-oe/recipes-support/serial-utils/serial-forward_git.bb
index 0ef829856..dcad8f710 100644
--- a/meta-oe/recipes-support/serial-utils/serial-forward_git.bb
+++ b/meta-oe/recipes-support/serial-utils/serial-forward_git.bb
@@ -6,7 +6,7 @@ SECTION = "console/devel"
SRCREV = "07c6fdede0870edc37a8d51d033b6e7e29aa7c91"
PV = "1.1+gitr${SRCPV}"
-SRC_URI = "git://github.com/freesmartphone/cornucopia.git \
+SRC_URI = "git://github.com/freesmartphone/cornucopia.git;branch=master;protocol=https \
file://0001-serial_forward-Disable-default-static-linking.patch;striplevel=3 \
"
S = "${WORKDIR}/git/tools/serial_forward"
diff --git a/meta-oe/recipes-support/span-lite/span-lite_git.bb b/meta-oe/recipes-support/span-lite/span-lite_git.bb
index 96ec829b7..abb3ec2f3 100644
--- a/meta-oe/recipes-support/span-lite/span-lite_git.bb
+++ b/meta-oe/recipes-support/span-lite/span-lite_git.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/martinmoene/span-lite"
LICENSE = "BSL-1.0"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c"
-SRC_URI += "git://github.com/martinmoene/span-lite"
+SRC_URI += "git://github.com/martinmoene/span-lite;branch=master;protocol=https"
SRCREV = "e03d1166ccc8481d993dc02aae703966301a5e6e"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/spdlog/spdlog_1.5.0.bb b/meta-oe/recipes-support/spdlog/spdlog_1.5.0.bb
index 39629cce0..9294d1a70 100644
--- a/meta-oe/recipes-support/spdlog/spdlog_1.5.0.bb
+++ b/meta-oe/recipes-support/spdlog/spdlog_1.5.0.bb
@@ -4,7 +4,7 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
SRCREV = "cf6f1dd01e660d5865d68bf5fa78f6376b89470a"
-SRC_URI = "git://github.com/gabime/spdlog.git;protocol=git;branch=v1.x;"
+SRC_URI = "git://github.com/gabime/spdlog.git;protocol=https;branch=v1.x;"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/spitools/spitools_git.bb b/meta-oe/recipes-support/spitools/spitools_git.bb
index 625756873..b9ed1bcd7 100644
--- a/meta-oe/recipes-support/spitools/spitools_git.bb
+++ b/meta-oe/recipes-support/spitools/spitools_git.bb
@@ -10,7 +10,7 @@ SRCREV = "4a36a84f7df291ddaebd397aecf0c8515256a8e0"
S = "${WORKDIR}/git"
-SRC_URI = "git://github.com/cpb-/spi-tools.git;protocol=git"
+SRC_URI = "git://github.com/cpb-/spi-tools.git;protocol=https;branch=master"
inherit autotools
diff --git a/meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_0.8.5.bb b/meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_0.8.5.bb
index 3f82734ac..5bcbea460 100644
--- a/meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_0.8.5.bb
+++ b/meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_0.8.5.bb
@@ -7,7 +7,7 @@ SECTION = "devel"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
S = "${WORKDIR}/git"
-SRC_URI = "git://github.com/jthornber/thin-provisioning-tools;branch=main \
+SRC_URI = "git://github.com/jthornber/thin-provisioning-tools;branch=main;protocol=https \
file://0001-do-not-strip-pdata_tools-at-do_install.patch \
file://use-sh-on-path.patch \
"
diff --git a/meta-oe/recipes-support/toscoterm/toscoterm_git.bb b/meta-oe/recipes-support/toscoterm/toscoterm_git.bb
index aba485e1a..4dddd54c5 100644
--- a/meta-oe/recipes-support/toscoterm/toscoterm_git.bb
+++ b/meta-oe/recipes-support/toscoterm/toscoterm_git.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://main.c;start_line=5;end_line=16;md5=9ae4bf20caf291afa
# 0.2 version
SRCREV = "8586d617aed19fc75f5ae1e07270752c1b2f9a30"
-SRC_URI = "git://github.com/OSSystems/toscoterm.git"
+SRC_URI = "git://github.com/OSSystems/toscoterm.git;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch b/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch
new file mode 100644
index 000000000..0189833b4
--- /dev/null
+++ b/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch
@@ -0,0 +1,63 @@
+From 2517b8feb13919c382e53ab5f9b63c5b5ee5b063 Mon Sep 17 00:00:00 2001
+From: Emilio Pozuelo Monfort <pochu@debian.org>
+Date: Fri, 5 Nov 2021 09:29:13 +0100
+Subject: [PATCH] udisks2 security update
+
+mount options: Always use errors=remount-ro for ext filesystems
+
+Stefan Walter found that udisks2, a service to access and manipulate
+storage devices, could cause denial of service via system crash if a
+corrupted or specially crafted ext2/3/4 device or image was mounted,
+which could happen automatically on certain environments.
+
+For Debian 9 stretch, this problem has been fixed in version
+2.1.8-1+deb9u1.
+
+Default mount options are focused primarily on data safety, mounting
+damaged ext2/3/4 filesystem as readonly would indicate something's wrong.
+
+Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/u/udisks2/udisks2_2.1.8-1+deb9u1.debian.tar.xz]
+CVE: CVE-2021-3802
+
+Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
+
+---
+ src/udiskslinuxfilesystem.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c
+index a5a3898c..eac8cab3 100644
+--- a/src/udiskslinuxfilesystem.c
++++ b/src/udiskslinuxfilesystem.c
+@@ -421,6 +421,21 @@ static const gchar *hfsplus_allow[] = { "creator", "type", "umask", "session", "
+ static const gchar *hfsplus_allow_uid_self[] = { "uid", NULL };
+ static const gchar *hfsplus_allow_gid_self[] = { "gid", NULL };
+
++/* ---------------------- ext2 -------------------- */
++
++static const gchar *ext2_defaults[] = { "errors=remount-ro", NULL };
++static const gchar *ext2_allow[] = { "errors=remount-ro", NULL };
++
++/* ---------------------- ext3 -------------------- */
++
++static const gchar *ext3_defaults[] = { "errors=remount-ro", NULL };
++static const gchar *ext3_allow[] = { "errors=remount-ro", NULL };
++
++/* ---------------------- ext4 -------------------- */
++
++static const gchar *ext4_defaults[] = { "errors=remount-ro", NULL };
++static const gchar *ext4_allow[] = { "errors=remount-ro", NULL };
++
+ /* ------------------------------------------------ */
+ /* TODO: support context= */
+
+@@ -434,6 +449,9 @@ static const FSMountOptions fs_mount_options[] =
+ { "udf", udf_defaults, udf_allow, udf_allow_uid_self, udf_allow_gid_self },
+ { "exfat", exfat_defaults, exfat_allow, exfat_allow_uid_self, exfat_allow_gid_self },
+ { "hfsplus", hfsplus_defaults, hfsplus_allow, hfsplus_allow_uid_self, hfsplus_allow_gid_self },
++ { "ext2", ext2_defaults, ext2_allow, NULL, NULL },
++ { "ext3", ext3_defaults, ext3_allow, NULL, NULL },
++ { "ext4", ext4_defaults, ext4_allow, NULL, NULL },
+ };
+
+ /* ------------------------------------------------ */
diff --git a/meta-oe/recipes-support/udisks/udisks2_git.bb b/meta-oe/recipes-support/udisks/udisks2_git.bb
index ecaf01e71..58c8a9899 100644
--- a/meta-oe/recipes-support/udisks/udisks2_git.bb
+++ b/meta-oe/recipes-support/udisks/udisks2_git.bb
@@ -17,7 +17,8 @@ DEPENDS += "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
RDEPENDS_${PN} = "acl"
SRC_URI = " \
- git://github.com/storaged-project/udisks.git;branch=master \
+ git://github.com/storaged-project/udisks.git;branch=master;protocol=https \
+ file://CVE-2021-3802.patch \
"
PV = "2.8.4+git${SRCREV}"
SRCREV = "db5f487345da2eaa87976450ea51c2c465d9b82e"
diff --git a/meta-oe/recipes-support/uhubctl/uhubctl_2.1.0.bb b/meta-oe/recipes-support/uhubctl/uhubctl_2.1.0.bb
index b294d77ba..0bb48412a 100644
--- a/meta-oe/recipes-support/uhubctl/uhubctl_2.1.0.bb
+++ b/meta-oe/recipes-support/uhubctl/uhubctl_2.1.0.bb
@@ -7,7 +7,7 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
SRCREV = "c9fa3c68a1b2c9790c731602b8bae2b513e80605"
-SRC_URI = "git://github.com/mvp/${BPN}"
+SRC_URI = "git://github.com/mvp/${BPN};branch=master;protocol=https"
S = "${WORKDIR}/git"
# uhubctl gets its program version from "git describe". As we use the source
diff --git a/meta-oe/recipes-support/uthash/uthash_2.1.0.bb b/meta-oe/recipes-support/uthash/uthash_2.1.0.bb
index 09cef44a8..3f4529e1a 100644
--- a/meta-oe/recipes-support/uthash/uthash_2.1.0.bb
+++ b/meta-oe/recipes-support/uthash/uthash_2.1.0.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a2513f7d2291df840527b76b2a8f9718"
SRCREV = "8b214aefcb81df86a7e5e0d4fa20e59a6c18bc02"
SRC_URI = "\
- git://github.com/troydhanson/${BPN}.git \
+ git://github.com/troydhanson/${BPN}.git;branch=master;protocol=https \
file://run-ptest \
"
diff --git a/meta-oe/recipes-support/utouch/utouch-evemu_git.bb b/meta-oe/recipes-support/utouch/utouch-evemu_git.bb
index 7c5a73439..e1ec1fda8 100644
--- a/meta-oe/recipes-support/utouch/utouch-evemu_git.bb
+++ b/meta-oe/recipes-support/utouch/utouch-evemu_git.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949"
inherit autotools
-SRC_URI = "git://bitmath.org/git/evemu.git;protocol=http \
+SRC_URI = "git://bitmath.org/git/evemu.git;protocol=http;branch=master \
file://0001-Fix-build-on-32bit-arches-with-64bit-time_t.patch \
"
SRCREV = "9752b50e922572e4cd214ac45ed95e4ee410fe24"
diff --git a/meta-oe/recipes-support/utouch/utouch-frame_git.bb b/meta-oe/recipes-support/utouch/utouch-frame_git.bb
index 1ebebfa9f..599395635 100644
--- a/meta-oe/recipes-support/utouch/utouch-frame_git.bb
+++ b/meta-oe/recipes-support/utouch/utouch-frame_git.bb
@@ -9,7 +9,7 @@ DEPENDS += "mtdev utouch-evemu"
inherit autotools pkgconfig
-SRC_URI = "git://bitmath.org/git/frame.git;protocol=http \
+SRC_URI = "git://bitmath.org/git/frame.git;protocol=http;branch=master \
file://remove-man-page-creation.patch \
file://0001-include-sys-stat.h-for-fixing-build-issue-on-musl.patch \
file://0001-Fix-build-on-32bit-arches-with-64bit-time_t.patch \
diff --git a/meta-oe/recipes-support/utouch/utouch-mtview_git.bb b/meta-oe/recipes-support/utouch/utouch-mtview_git.bb
index 5f07bf28e..65edaf1e5 100644
--- a/meta-oe/recipes-support/utouch/utouch-mtview_git.bb
+++ b/meta-oe/recipes-support/utouch/utouch-mtview_git.bb
@@ -9,7 +9,7 @@ inherit autotools pkgconfig features_check
# depends on virtual/libx11
REQUIRED_DISTRO_FEATURES = "x11"
-SRC_URI = "git://bitmath.org/git/mtview.git;protocol=http"
+SRC_URI = "git://bitmath.org/git/mtview.git;protocol=http;branch=master"
SRCREV = "ad437c38dc111cf3990a03abf14efe1b5d89604b"
DEPENDS += "mtdev utouch-frame utouch-evemu libx11"
diff --git a/meta-oe/recipes-support/websocketpp/websocketpp_0.8.2.bb b/meta-oe/recipes-support/websocketpp/websocketpp_0.8.2.bb
index 79a5ac5c4..673fc5899 100644
--- a/meta-oe/recipes-support/websocketpp/websocketpp_0.8.2.bb
+++ b/meta-oe/recipes-support/websocketpp/websocketpp_0.8.2.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=4d168d763c111f4ffc62249870e4e0ea"
DEPENDS = " ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'openssl boost zlib', '', d)} "
-SRC_URI = "git://github.com/zaphoyd/websocketpp.git;protocol=https \
+SRC_URI = "git://github.com/zaphoyd/websocketpp.git;protocol=https;branch=master \
file://0001-cmake-Use-GNUInstallDirs.patch \
file://855.patch \
file://857.patch \
diff --git a/meta-oe/recipes-support/xdelta/xdelta3_3.1.0.bb b/meta-oe/recipes-support/xdelta/xdelta3_3.1.0.bb
index d100030f9..c16178198 100644
--- a/meta-oe/recipes-support/xdelta/xdelta3_3.1.0.bb
+++ b/meta-oe/recipes-support/xdelta/xdelta3_3.1.0.bb
@@ -7,7 +7,7 @@ SECTION = "console/utils"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-SRC_URI = "git://github.com/jmacd/xdelta.git;branch=release3_1_apl"
+SRC_URI = "git://github.com/jmacd/xdelta.git;branch=release3_1_apl;protocol=https"
SRCREV = "4b4aed71a959fe11852e45242bb6524be85d3709"
S = "${WORKDIR}/git/xdelta3"
diff --git a/meta-oe/recipes-support/xorg-xrdp/xorgxrdp_0.2.5.bb b/meta-oe/recipes-support/xorg-xrdp/xorgxrdp_0.2.5.bb
index 481e7303b..1ba4a32ba 100644
--- a/meta-oe/recipes-support/xorg-xrdp/xorgxrdp_0.2.5.bb
+++ b/meta-oe/recipes-support/xorg-xrdp/xorgxrdp_0.2.5.bb
@@ -10,7 +10,7 @@ DEPENDS = "virtual/libx11 xserver-xorg xrdp nasm-native"
inherit features_check
REQUIRED_DISTRO_FEATURES = "x11 pam"
-SRC_URI = "git://github.com/neutrinolabs/xorgxrdp.git"
+SRC_URI = "git://github.com/neutrinolabs/xorgxrdp.git;branch=master;protocol=https"
SRCREV = "c122544f184d4031bbae1ad80fbab554c34a9427"
diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb b/meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb
index deda0fd1b..36184705b 100644
--- a/meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb
+++ b/meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb
@@ -10,7 +10,7 @@ DEPENDS = "openssl virtual/libx11 libxfixes libxrandr libpam nasm-native"
REQUIRED_DISTRO_FEATURES = "x11 pam"
-SRC_URI = "git://github.com/neutrinolabs/xrdp.git \
+SRC_URI = "git://github.com/neutrinolabs/xrdp.git;branch=master;protocol=https \
file://xrdp.sysconfig \
file://0001-Added-req_distinguished_name-in-etc-xrdp-openssl.con.patch \
file://0001-Fix-the-compile-error.patch \
diff --git a/meta-oe/recipes-support/xxhash/xxhash_0.7.3.bb b/meta-oe/recipes-support/xxhash/xxhash_0.7.3.bb
index 865adc5a1..783af89be 100644
--- a/meta-oe/recipes-support/xxhash/xxhash_0.7.3.bb
+++ b/meta-oe/recipes-support/xxhash/xxhash_0.7.3.bb
@@ -5,7 +5,7 @@ HOMEPAGE = "http://www.xxhash.com/"
LICENSE = "BSD-2-Clause & GPL-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=01a7eba4212ef1e882777a38585e7a9b"
-SRC_URI = "git://github.com/Cyan4973/xxHash.git"
+SRC_URI = "git://github.com/Cyan4973/xxHash.git;branch=master;protocol=https"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
SRCREV = "d408e9b0606d07b1ddc5452ffc0ec8512211b174"
diff --git a/meta-oe/recipes-support/zbar/zbar_git.bb b/meta-oe/recipes-support/zbar/zbar_git.bb
index 935e09cd5..46ca549c5 100644
--- a/meta-oe/recipes-support/zbar/zbar_git.bb
+++ b/meta-oe/recipes-support/zbar/zbar_git.bb
@@ -10,7 +10,7 @@ PV = "0.10+git${SRCPV}"
# iPhoneSDK-1.3.1 tag
SRCREV = "67003d2a985b5f9627bee2d8e3e0b26d0c474b57"
-SRC_URI = "git://github.com/ZBar/Zbar \
+SRC_URI = "git://github.com/ZBar/Zbar;branch=master;protocol=https \
file://0001-make-relies-GNU-extentions.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/zchunk/zchunk_1.1.6.bb b/meta-oe/recipes-support/zchunk/zchunk_1.1.6.bb
index e041132b1..e4c0232bd 100644
--- a/meta-oe/recipes-support/zchunk/zchunk_1.1.6.bb
+++ b/meta-oe/recipes-support/zchunk/zchunk_1.1.6.bb
@@ -4,7 +4,7 @@ AUTHOR = "Jonathan Dieter"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=cd6e590282010ce90a94ef25dd31410f"
-SRC_URI = "git://github.com/zchunk/zchunk.git;protocol=https"
+SRC_URI = "git://github.com/zchunk/zchunk.git;protocol=https;branch=master"
SRCREV = "f5593aa11584faa691c81b4898f0aaded47f8bf7"
S = "${WORKDIR}/git"