diff options
Diffstat (limited to 'meta-oe')
340 files changed, 5752 insertions, 565 deletions
diff --git a/meta-oe/dynamic-layers/meta-python/recipes-benchmark/speedtest-cli/speedtest-cli_2.1.2.bb b/meta-oe/dynamic-layers/meta-python/recipes-benchmark/speedtest-cli/speedtest-cli_2.1.2.bb index de4fa1642..75a206c6b 100644 --- a/meta-oe/dynamic-layers/meta-python/recipes-benchmark/speedtest-cli/speedtest-cli_2.1.2.bb +++ b/meta-oe/dynamic-layers/meta-python/recipes-benchmark/speedtest-cli/speedtest-cli_2.1.2.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" inherit setuptools3 -SRC_URI = "git://github.com/sivel/speedtest-cli.git" +SRC_URI = "git://github.com/sivel/speedtest-cli.git;branch=master;protocol=https" SRCREV = "c58ad3367bf27f4b4a4d5b1bca29ebd574731c5d" S = "${WORKDIR}/git" diff --git a/meta-oe/dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb b/meta-oe/dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb index 065243ccf..f55247d9e 100644 --- a/meta-oe/dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb +++ b/meta-oe/dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb @@ -21,7 +21,7 @@ SRCREV_inih = "4b10c654051a86556dfdb634c891b6c3224c4109" SRCREV_FORMAT = "rwmem_inih" SRC_URI = " \ - git://github.com/tomba/rwmem.git;protocol=https;name=rwmem \ + git://github.com/tomba/rwmem.git;protocol=https;name=rwmem;branch=master \ git://github.com/benhoyt/inih.git;protocol=https;name=inih;nobranch=1;destsuffix=git/ext/inih \ " diff --git a/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb b/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb index 58841ef31..cc15a8de3 100644 --- a/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb +++ b/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb @@ -14,7 +14,7 @@ inherit scons dos2unix siteinfo python3native PV = "4.2.2" #v4.2.2 SRCREV = "a0bbbff6ada159e19298d37946ac8dc4b497eadf" -SRC_URI = "git://github.com/mongodb/mongo.git;branch=v4.2 \ +SRC_URI = "git://github.com/mongodb/mongo.git;branch=v4.2;protocol=https \ file://0001-Tell-scons-to-use-build-settings-from-environment-va.patch \ file://0001-Use-long-long-instead-of-int64_t.patch \ file://0001-Use-__GLIBC__-to-control-use-of-gnu_get_libc_version.patch \ @@ -56,6 +56,8 @@ EXTRA_OESCONS = "--prefix=${D}${prefix} \ LINKFLAGS='${LDFLAGS}' \ CXXFLAGS='${CXXFLAGS}' \ TARGET_ARCH=${TARGET_ARCH} \ + MONGO_VERSION=${PV} \ + OBJCOPY=${OBJCOPY} \ --ssl \ --disable-warnings-as-errors \ --use-system-zlib \ diff --git a/meta-oe/dynamic-layers/meta-python/recipes-extended/lcdproc/lcdproc_git.bb b/meta-oe/dynamic-layers/meta-python/recipes-extended/lcdproc/lcdproc_git.bb index 275b984e4..f0a0c6797 100644 --- a/meta-oe/dynamic-layers/meta-python/recipes-extended/lcdproc/lcdproc_git.bb +++ b/meta-oe/dynamic-layers/meta-python/recipes-extended/lcdproc/lcdproc_git.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=18810669f13b87348459e611d31ab760 \ PV = "0.5.9+git${SRCPV}" SRCREV = "3a3d622d9bb74c44fa67bc20573751a207514134" -SRC_URI = "git://github.com/lcdproc/lcdproc \ +SRC_URI = "git://github.com/lcdproc/lcdproc;branch=master;protocol=https \ file://0001-Fix-parallel-build-fix-port-internal-make-dependenci.patch \ file://0002-Include-limits.h-for-PATH_MAX-definition.patch \ file://0003-Fix-non-x86-platforms-on-musl.patch \ diff --git a/meta-oe/recipes-benchmark/cpuburn/cpuburn-arm_git.bb b/meta-oe/recipes-benchmark/cpuburn/cpuburn-arm_git.bb index b21212a43..de2341da4 100644 --- a/meta-oe/recipes-benchmark/cpuburn/cpuburn-arm_git.bb +++ b/meta-oe/recipes-benchmark/cpuburn/cpuburn-arm_git.bb @@ -9,7 +9,7 @@ SRCREV = "ad7e646700d14b81413297bda02fb7fe96613c3f" PV = "1.0+git${SRCPV}" -SRC_URI = "git://github.com/ssvb/cpuburn-arm.git \ +SRC_URI = "git://github.com/ssvb/cpuburn-arm.git;branch=master;protocol=https \ file://0001-cpuburn-a8.S-Remove-.func-.endfunc.patch \ file://0002-burn.S-Add.patch \ file://0003-burn.S-Remove-.func-.endfunc.patch \ diff --git a/meta-oe/recipes-benchmark/fio/fio_3.17.bb b/meta-oe/recipes-benchmark/fio/fio_3.17.bb index 759d1087c..bb3243a5c 100644 --- a/meta-oe/recipes-benchmark/fio/fio_3.17.bb +++ b/meta-oe/recipes-benchmark/fio/fio_3.17.bb @@ -23,7 +23,7 @@ PACKAGECONFIG ??= "${PACKAGECONFIG_NUMA}" PACKAGECONFIG[numa] = ",--disable-numa,numactl" SRCREV = "08ce9dc20b8a4e55db7af6d869ddfa49b4a02d03" -SRC_URI = "git://git.kernel.dk/fio.git \ +SRC_URI = "git://git.kernel.dk/fio.git;branch=master \ file://0001-update-the-interpreter-paths.patch \ file://python3_shebangs.patch \ " diff --git a/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb b/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb index 6d20bbdaf..4976bf690 100644 --- a/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb +++ b/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb @@ -14,7 +14,7 @@ PV = "20191226+${SRCPV}" COMPATIBLE_HOST_rpi = "${@bb.utils.contains('MACHINE_FEATURES', 'vc4graphics', '.*-linux*', 'null', d)}" -SRC_URI = "git://github.com/glmark2/glmark2.git;protocol=https \ +SRC_URI = "git://github.com/glmark2/glmark2.git;protocol=https;branch=master \ file://python3.patch" SRCREV = "72dabc5d72b49c6d45badeb8a941ba4d829b0bd6" diff --git a/meta-oe/recipes-benchmark/iperf2/iperf2_2.0.13.bb b/meta-oe/recipes-benchmark/iperf2/iperf2_2.0.13.bb index 4a520e3be..86e5fef53 100644 --- a/meta-oe/recipes-benchmark/iperf2/iperf2_2.0.13.bb +++ b/meta-oe/recipes-benchmark/iperf2/iperf2_2.0.13.bb @@ -19,3 +19,5 @@ EXTRA_OECONF = "--exec-prefix=${STAGING_DIR_HOST}${layout_exec_prefix}" PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)}" PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," + +CVE_PRODUCT = "iperf_project:iperf" diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3_3.7.bb b/meta-oe/recipes-benchmark/iperf3/iperf3_3.7.bb index 98d2faabf..b7ffb029a 100644 --- a/meta-oe/recipes-benchmark/iperf3/iperf3_3.7.bb +++ b/meta-oe/recipes-benchmark/iperf3/iperf3_3.7.bb @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f9088fe7ffdccd042f7645f1012d7f70" DEPENDS = "openssl" -SRC_URI = "git://github.com/esnet/iperf.git \ +SRC_URI = "git://github.com/esnet/iperf.git;branch=master;protocol=https \ file://0002-Remove-pg-from-profile_CFLAGS.patch \ " @@ -28,3 +28,5 @@ PACKAGECONFIG[lksctp] = "ac_cv_header_netinet_sctp_h=yes,ac_cv_header_netinet_sc CFLAGS += "-D_GNU_SOURCE" EXTRA_OECONF = "--with-openssl=${RECIPE_SYSROOT}${prefix}" + +CVE_PRODUCT = "iperf_project:iperf" diff --git a/meta-oe/recipes-benchmark/libc-bench/libc-bench_git.bb b/meta-oe/recipes-benchmark/libc-bench/libc-bench_git.bb index e81389431..60286c324 100644 --- a/meta-oe/recipes-benchmark/libc-bench/libc-bench_git.bb +++ b/meta-oe/recipes-benchmark/libc-bench/libc-bench_git.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=9a825c63897c53f487ef900598c31527" SRCREV = "b6b2ce5f9f87a09b14499cb00c600c601f022634" PV = "20110206+git${SRCPV}" -SRC_URI = "git://git.musl-libc.org/libc-bench \ +SRC_URI = "git://git.musl-libc.org/libc-bench;branch=master \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-benchmark/libhugetlbfs/libhugetlbfs_git.bb b/meta-oe/recipes-benchmark/libhugetlbfs/libhugetlbfs_git.bb index 4768d7b63..d6c35d0b3 100644 --- a/meta-oe/recipes-benchmark/libhugetlbfs/libhugetlbfs_git.bb +++ b/meta-oe/recipes-benchmark/libhugetlbfs/libhugetlbfs_git.bb @@ -12,7 +12,7 @@ PE = "1" SRCREV = "e6499ff92b4a7dcffbd131d1f5d24933e48c3f20" SRC_URI = " \ - git://github.com/libhugetlbfs/libhugetlbfs.git;protocol=https \ + git://github.com/libhugetlbfs/libhugetlbfs.git;protocol=https;branch=master \ file://skip-checking-LIB32-and-LIB64-if-they-point-to-the-s.patch \ file://libhugetlbfs-avoid-search-host-library-path-for-cros.patch \ file://tests-Makefile-install-static-4G-edge-testcases.patch \ diff --git a/meta-oe/recipes-benchmark/stressapptest/stressapptest_1.0.9.bb b/meta-oe/recipes-benchmark/stressapptest/stressapptest_1.0.9.bb index a2966e99d..d30ea5a01 100644 --- a/meta-oe/recipes-benchmark/stressapptest/stressapptest_1.0.9.bb +++ b/meta-oe/recipes-benchmark/stressapptest/stressapptest_1.0.9.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=55ea9d559f985fb4834317d8ed6b9e58" SRCREV = "fb72e5e5f0879231f38e0e826a98a6ca2d1ca38e" -SRC_URI = "git://github.com/stressapptest/stressapptest \ +SRC_URI = "git://github.com/stressapptest/stressapptest;branch=master;protocol=https \ file://libcplusplus-compat.patch \ file://read_sysfs_for_cachesize.patch \ " diff --git a/meta-oe/recipes-benchmark/tinymembench/tinymembench_git.bb b/meta-oe/recipes-benchmark/tinymembench/tinymembench_git.bb index 2ce10f9c4..9c20d68ef 100644 --- a/meta-oe/recipes-benchmark/tinymembench/tinymembench_git.bb +++ b/meta-oe/recipes-benchmark/tinymembench/tinymembench_git.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://main.c;endline=22;md5=879b9bbb60851454885b5fa47eb6b34 PV = "0.4.0+git${SRCPV}" SRCREV = "a2cf6d7e382e3aea1eb39173174d9fa28cad15f3" -SRC_URI = "git://github.com/ssvb/tinymembench.git \ +SRC_URI = "git://github.com/ssvb/tinymembench.git;branch=master;protocol=https \ file://0001-asm-Delete-.func-.endfunc-directives.patch \ " diff --git a/meta-oe/recipes-bsp/cpufrequtils/cpufrequtils_008.bb b/meta-oe/recipes-bsp/cpufrequtils/cpufrequtils_008.bb index 88fcc0200..589d62717 100644 --- a/meta-oe/recipes-bsp/cpufrequtils/cpufrequtils_008.bb +++ b/meta-oe/recipes-bsp/cpufrequtils/cpufrequtils_008.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" SRCREV = "a2f0c39d5f21596bb9f5223e895c0ff210b265d0" # SRC_URI = "git://git.kernel.org/pub/scm/utils/kernel/cpufreq/cpufrequtils.git -SRC_URI = "git://github.com/emagii/cpufrequtils.git \ +SRC_URI = "git://github.com/emagii/cpufrequtils.git;branch=master;protocol=https \ file://0001-dont-unset-cflags.patch \ " diff --git a/meta-oe/recipes-bsp/edac-utils/edac-utils_git.bb b/meta-oe/recipes-bsp/edac-utils/edac-utils_git.bb index b89fe6771..e42adc6dc 100644 --- a/meta-oe/recipes-bsp/edac-utils/edac-utils_git.bb +++ b/meta-oe/recipes-bsp/edac-utils/edac-utils_git.bb @@ -11,7 +11,7 @@ PV = "0.18+git${SRCPV}" S = "${WORKDIR}/git" -SRC_URI = "git://github.com/grondo/edac-utils \ +SRC_URI = "git://github.com/grondo/edac-utils;branch=master;protocol=https \ file://make-init-script-be-able-to-automatically-load-EDAC-.patch \ file://add-restart-to-initscript.patch \ file://edac.service \ diff --git a/meta-oe/recipes-bsp/ledmon/ledmon_git.bb b/meta-oe/recipes-bsp/ledmon/ledmon_git.bb index f9ae9aad9..1a9cb18c5 100644 --- a/meta-oe/recipes-bsp/ledmon/ledmon_git.bb +++ b/meta-oe/recipes-bsp/ledmon/ledmon_git.bb @@ -16,7 +16,7 @@ inherit autotools systemd SYSTEMD_SERVICE_${PN} = "ledmon.service" # 0.93 -SRC_URI = "git://github.com/intel/ledmon;branch=master \ +SRC_URI = "git://github.com/intel/ledmon;branch=master;protocol=https \ file://0002-include-sys-select.h-and-sys-types.h.patch \ file://0001-Don-t-build-with-Werror-to-fix-compile-error.patch \ " diff --git a/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb b/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb index 890db55bc..37a98a099 100644 --- a/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb +++ b/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb @@ -10,7 +10,7 @@ DEPENDS = " \ virtual/libiconv \ " -SRC_URI = "git://github.com/lm-sensors/lm-sensors.git;protocol=https \ +SRC_URI = "git://github.com/lm-sensors/lm-sensors.git;protocol=https;branch=master \ file://fancontrol.init \ file://sensord.init \ " @@ -95,7 +95,7 @@ RDEPENDS_${PN} += " \ ${PN}-sensorsdetect \ ${PN}-sensorsconfconvert \ ${PN}-pwmconfig \ - ${PN}-isatools \ + ${@bb.utils.contains('MACHINE_FEATURES', 'x86', '${PN}-isatools', '', d)} \ " # libsensors packages diff --git a/meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.10.1.bb b/meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.10.1.bb index 4f4bb2dfa..9344c17dc 100644 --- a/meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.10.1.bb +++ b/meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.10.1.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=8264535c0c4e9c6c335635c4026a8022" DEPENDS = "util-linux" PV .= "+git${SRCPV}" -SRC_URI = "git://github.com/linux-nvme/nvme-cli.git \ +SRC_URI = "git://github.com/linux-nvme/nvme-cli.git;branch=master;protocol=https \ file://0001-fix-musl-compilation.patch \ " SRCREV = "1d84d6ae0c7d7ceff5a73fe174dde8b0005f6108" diff --git a/meta-oe/recipes-connectivity/gattlib/gattlib_git.bb b/meta-oe/recipes-connectivity/gattlib/gattlib_git.bb index 6b4decce5..64595d59c 100644 --- a/meta-oe/recipes-connectivity/gattlib/gattlib_git.bb +++ b/meta-oe/recipes-connectivity/gattlib/gattlib_git.bb @@ -9,7 +9,7 @@ DEPENDS += "glib-2.0-native" PV = "0.2+git${SRCPV}" -SRC_URI = "git://github.com/labapart/gattlib.git \ +SRC_URI = "git://github.com/labapart/gattlib.git;branch=master;protocol=https \ file://dbus-avoid-strange-chars-from-the-build-dir.patch \ file://0001-cmake-Use-GNUInstallDirs.patch \ " @@ -28,5 +28,5 @@ EXTRA_OECMAKE += "-DGATTLIB_BUILD_DOCS=OFF" inherit pkgconfig cmake -FILES_${PN} = "${libdir}/* ${includedir}/*" -FILES_${PN}-dev = "${includedir}/*" +FILES_${PN} = "${libdir}/*" +FILES_${PN}-dev = "${includedir}/* ${libdir}/pkgconfig" diff --git a/meta-oe/recipes-connectivity/gensio/gensio_1.5.3.bb b/meta-oe/recipes-connectivity/gensio/gensio_1.5.3.bb index 8c97662df..bee757d5a 100644 --- a/meta-oe/recipes-connectivity/gensio/gensio_1.5.3.bb +++ b/meta-oe/recipes-connectivity/gensio/gensio_1.5.3.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=a0fd36908af843bcee10cb6dfc47fa67 \ SRCREV = "95ec1ab31ee97411fc37156d12061adcf0331598" PV = "1.5.3+git${SRCPV}" -SRC_URI = "git://github.com/cminyard/gensio;protocol=https \ +SRC_URI = "git://github.com/cminyard/gensio;protocol=https;branch=master \ file://0001-filter-Rename-some-variables-to-tr_stdxxx.patch \ " diff --git a/meta-oe/recipes-connectivity/iwd/iwd_1.9.bb b/meta-oe/recipes-connectivity/iwd/iwd_1.9.bb index 25500e650..1606f10cf 100644 --- a/meta-oe/recipes-connectivity/iwd/iwd_1.9.bb +++ b/meta-oe/recipes-connectivity/iwd/iwd_1.9.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=fb504b67c50331fc78734fed90fb0e09" DEPENDS = "ell" -SRC_URI = "git://git.kernel.org/pub/scm/network/wireless/iwd.git" +SRC_URI = "git://git.kernel.org/pub/scm/network/wireless/iwd.git;branch=master" SRCREV = "aa3dc1b95348dea177e9d8c2c3063b29e20fe2e9" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-connectivity/libimobiledevice/libimobiledevice_git.bb b/meta-oe/recipes-connectivity/libimobiledevice/libimobiledevice_git.bb index 908b98d8c..b1a9ed7ec 100644 --- a/meta-oe/recipes-connectivity/libimobiledevice/libimobiledevice_git.bb +++ b/meta-oe/recipes-connectivity/libimobiledevice/libimobiledevice_git.bb @@ -12,7 +12,7 @@ DEPENDS = "libplist usbmuxd libusbmuxd libtasn1 gnutls libgcrypt" SRCREV = "fb71aeef10488ed7b0e60a1c8a553193301428c0" PV = "1.2.0+git${SRCPV}" SRC_URI = "\ - git://github.com/libimobiledevice/libimobiledevice;protocol=https \ + git://github.com/libimobiledevice/libimobiledevice;protocol=https;branch=master \ file://configure-fix-largefile.patch \ " diff --git a/meta-oe/recipes-connectivity/libndp/libndp_1.7.bb b/meta-oe/recipes-connectivity/libndp/libndp_1.7.bb index 07a7a1d23..2537963dd 100644 --- a/meta-oe/recipes-connectivity/libndp/libndp_1.7.bb +++ b/meta-oe/recipes-connectivity/libndp/libndp_1.7.bb @@ -3,7 +3,7 @@ HOMEPAGE = "http://libndp.org/" LICENSE = "LGPLv2.1" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" -SRC_URI = "git://github.com/jpirko/libndp \ +SRC_URI = "git://github.com/jpirko/libndp;branch=master;protocol=https \ " # tag for v1.6 SRCREV = "96674e7d4f4d569c2c961e865cc16152dfab5f09" diff --git a/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb b/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb index 3ee69554b..b4094dd6f 100644 --- a/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb +++ b/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" DEPENDS = "zlib libsigc++-2.0 openssl cppunit" -SRC_URI = "git://github.com/rakshasa/libtorrent \ +SRC_URI = "git://github.com/rakshasa/libtorrent;branch=master;protocol=https \ file://don-t-run-code-while-configuring-package.patch \ " SRCREV = "756f70010779927dc0691e1e722ed433d5d295e1" diff --git a/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb b/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb index 757720731..41e95f56a 100644 --- a/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb +++ b/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb @@ -5,7 +5,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=a68902a430e32200263d182d44924d47" SRCREV = "533b738838ad8407032e14b6772b29ef9af63cfa" -SRC_URI = "git://github.com/libuv/libuv;branch=v1.x \ +SRC_URI = "git://github.com/libuv/libuv;branch=v1.x;protocol=https \ file://CVE-2020-8252.patch" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.bb b/meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.1.bb index c98976779..79e59a8fe 100644 --- a/meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.bb +++ b/meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.1.bb @@ -2,14 +2,13 @@ DESCRIPTION = "Precision Time Protocol (PTP) according to IEEE standard 1588 for LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "http://sourceforge.net/projects/linuxptp/files/v${PV}/linuxptp-${PV}.tgz \ +SRC_URI = "http://sourceforge.net/projects/linuxptp/files/v2.0/linuxptp-${PV}.tgz \ file://build-Allow-CC-and-prefix-to-be-overriden.patch \ file://Use-cross-cpp-in-incdefs.patch \ file://time_t_maybe_long_long.patch \ " -SRC_URI[md5sum] = "d8bb7374943bb747db7786ac26f17f11" -SRC_URI[sha256sum] = "0a24d9401e87d4af023d201e234d91127d82c350daad93432106284aa9459c7d" +SRC_URI[sha256sum] = "6f4669db1733747427217a9e74c8b5ca25c4245947463e9cdb860ec8f5ec797a" EXTRA_OEMAKE = "ARCH=${TARGET_ARCH} EXTRA_CFLAGS='${CFLAGS}'" diff --git a/meta-oe/recipes-connectivity/paho-mqtt-c/paho-mqtt-c_1.3.2.bb b/meta-oe/recipes-connectivity/paho-mqtt-c/paho-mqtt-c_1.3.2.bb index 3a1222e89..d070111e9 100644 --- a/meta-oe/recipes-connectivity/paho-mqtt-c/paho-mqtt-c_1.3.2.bb +++ b/meta-oe/recipes-connectivity/paho-mqtt-c/paho-mqtt-c_1.3.2.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = " \ file://about.html;md5=e5662cbb5f8fd5c9faac526e4077898e \ " -SRC_URI = "git://github.com/eclipse/paho.mqtt.c;protocol=http \ +SRC_URI = "git://github.com/eclipse/paho.mqtt.c;protocol=http;branch=master;protocol=https \ file://0001-Fix-bug-of-free-with-musl.patch" SRCREV = "3148fe2d5f4b87e16266dfe559c0764e16ca0546" diff --git a/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.10.0.bb b/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.10.0.bb index 2ef6b187e..bbc311ee1 100644 --- a/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.10.0.bb +++ b/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.10.0.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/alanxz/rabbitmq-c" LIC_FILES_CHKSUM = "file://LICENSE-MIT;md5=6b7424f9db80cfb11fdd5c980b583f53" LICENSE = "MIT" -SRC_URI = "git://github.com/alanxz/rabbitmq-c.git" +SRC_URI = "git://github.com/alanxz/rabbitmq-c.git;branch=master;protocol=https" # v0.10.0-master SRCREV = "ffe918a5fcef72038a88054dca3c56762b1953d4" diff --git a/meta-oe/recipes-connectivity/rtorrent/rtorrent_git.bb b/meta-oe/recipes-connectivity/rtorrent/rtorrent_git.bb index 331f978f8..41fb1ec82 100644 --- a/meta-oe/recipes-connectivity/rtorrent/rtorrent_git.bb +++ b/meta-oe/recipes-connectivity/rtorrent/rtorrent_git.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" DEPENDS = "libsigc++-2.0 curl cppunit libtorrent ncurses" -SRC_URI = "git://github.com/rakshasa/rtorrent \ +SRC_URI = "git://github.com/rakshasa/rtorrent;branch=master;protocol=https \ file://don-t-run-code-while-configuring-package.patch \ " # v0.9.8 diff --git a/meta-oe/recipes-connectivity/usbmuxd/usbmuxd_git.bb b/meta-oe/recipes-connectivity/usbmuxd/usbmuxd_git.bb index 728423432..7993e608d 100644 --- a/meta-oe/recipes-connectivity/usbmuxd/usbmuxd_git.bb +++ b/meta-oe/recipes-connectivity/usbmuxd/usbmuxd_git.bb @@ -10,7 +10,7 @@ inherit autotools pkgconfig gitpkgv systemd PKGV = "${GITPKGVTAG}" SRCREV = "ee85938c21043ef5f7cd4dfbc7677f385814d4d8" -SRC_URI = "git://github.com/libimobiledevice/usbmuxd;protocol=https" +SRC_URI = "git://github.com/libimobiledevice/usbmuxd;protocol=https;branch=master" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-connectivity/wifi-test-suite/wifi-test-suite_git.bb b/meta-oe/recipes-connectivity/wifi-test-suite/wifi-test-suite_git.bb index 99cfb3205..dd2b4392c 100644 --- a/meta-oe/recipes-connectivity/wifi-test-suite/wifi-test-suite_git.bb +++ b/meta-oe/recipes-connectivity/wifi-test-suite/wifi-test-suite_git.bb @@ -9,7 +9,7 @@ SECTION = "test" S = "${WORKDIR}/git" SRCREV = "f7a8d7ef7d1a831c1bb47de21fa083536ea2f3a9" -SRC_URI = "git://github.com/Wi-FiTestSuite/Wi-FiTestSuite-Linux-DUT.git \ +SRC_URI = "git://github.com/Wi-FiTestSuite/Wi-FiTestSuite-Linux-DUT.git;branch=master;protocol=https \ file://0001-Use-toolchain-from-environment-variables.patch \ file://0002-Add-missing-include-removes-unnedded-stuff-and-add-n.patch \ file://0003-fix-path-to-usr-sbin-for-script-and-make-script-for-.patch \ diff --git a/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb b/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb index 0b66970a9..2a435897d 100644 --- a/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb +++ b/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb @@ -7,7 +7,7 @@ DEPENDS = "zeromq" SRCREV = "8d5c9a88988dcbebb72939ca0939d432230ffde1" PV = "4.6.0" -SRC_URI = "git://github.com/zeromq/cppzmq.git" +SRC_URI = "git://github.com/zeromq/cppzmq.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-core/dbus/dbus-daemon-proxy/0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch b/meta-oe/recipes-core/dbus/dbus-daemon-proxy/0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch index 2c4ca057f..1c2fc3813 100644 --- a/meta-oe/recipes-core/dbus/dbus-daemon-proxy/0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch +++ b/meta-oe/recipes-core/dbus/dbus-daemon-proxy/0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch @@ -21,7 +21,7 @@ index 009e4fd..f3f0d80 100644 if (!dbus_conn) - return; -+ DBUS_HANDLER_RESULT_NOT_YET_HANDLED; ++ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; if (verbose) g_print ("New message from server: type='%d' path='%s' iface='%s'" diff --git a/meta-oe/recipes-core/dbus/dbus-daemon-proxy_git.bb b/meta-oe/recipes-core/dbus/dbus-daemon-proxy_git.bb index 42cd032c2..f40b48836 100644 --- a/meta-oe/recipes-core/dbus/dbus-daemon-proxy_git.bb +++ b/meta-oe/recipes-core/dbus/dbus-daemon-proxy_git.bb @@ -6,7 +6,7 @@ SRCREV = "1226a0a1374628ff191f6d8a56000be5e53e7608" PV = "0.0.0+gitr${SRCPV}" PR = "r1.59" -SRC_URI = "git://github.com/alban/dbus-daemon-proxy \ +SRC_URI = "git://github.com/alban/dbus-daemon-proxy;branch=master;protocol=https \ file://0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-core/emlog/emlog.inc b/meta-oe/recipes-core/emlog/emlog.inc index 9a0f9ba92..948e18da4 100644 --- a/meta-oe/recipes-core/emlog/emlog.inc +++ b/meta-oe/recipes-core/emlog/emlog.inc @@ -3,7 +3,7 @@ most recent (and only the most recent) output from a process" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" -SRC_URI = "git://github.com/nicupavel/emlog.git;protocol=http" +SRC_URI = "git://github.com/nicupavel/emlog.git;protocol=http;branch=master;protocol=https" SRCREV = "aee53e8dee862f35291242ba41b0ca88010f6c71" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-core/glfw/glfw_3.3.bb b/meta-oe/recipes-core/glfw/glfw_3.3.bb index 0fcf716c8..c920cbd50 100644 --- a/meta-oe/recipes-core/glfw/glfw_3.3.bb +++ b/meta-oe/recipes-core/glfw/glfw_3.3.bb @@ -12,7 +12,7 @@ inherit pkgconfig cmake features_check PV .= "+git${SRCPV}" SRCREV = "781fbbadb0bccc749058177b1385c82da9ace880" -SRC_URI = "git://github.com/glfw/glfw.git" +SRC_URI = "git://github.com/glfw/glfw.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-core/libnfc/libnfc_git.bb b/meta-oe/recipes-core/libnfc/libnfc_git.bb index 2851ecf9f..65586247a 100644 --- a/meta-oe/recipes-core/libnfc/libnfc_git.bb +++ b/meta-oe/recipes-core/libnfc/libnfc_git.bb @@ -11,7 +11,7 @@ PV = "1.7.1+git${SRCPV}" S = "${WORKDIR}/git" SRCREV = "2d4543673e9b76c02679ca8b89259659f1afd932" -SRC_URI = "git://github.com/nfc-tools/libnfc.git \ +SRC_URI = "git://github.com/nfc-tools/libnfc.git;branch=master;protocol=https \ file://0001-usbbus-Include-stdint.h-for-uintX_t.patch \ " diff --git a/meta-oe/recipes-core/mdbus2/mdbus2_git.bb b/meta-oe/recipes-core/mdbus2/mdbus2_git.bb index 82f2cf8c9..fa98e1cb4 100644 --- a/meta-oe/recipes-core/mdbus2/mdbus2_git.bb +++ b/meta-oe/recipes-core/mdbus2/mdbus2_git.bb @@ -6,7 +6,7 @@ DEPENDS = "readline" PV = "2.3.3+git${SRCPV}" -SRC_URI = "git://github.com/freesmartphone/mdbus.git;protocol=http" +SRC_URI = "git://github.com/freesmartphone/mdbus.git;protocol=http;branch=master;protocol=https" SRCREV = "28202692d0b441000f4ddb8f347f72d1355021aa" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-core/ndctl/ndctl_v67.bb b/meta-oe/recipes-core/ndctl/ndctl_v67.bb index da0c6563a..19d96414d 100644 --- a/meta-oe/recipes-core/ndctl/ndctl_v67.bb +++ b/meta-oe/recipes-core/ndctl/ndctl_v67.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=e66651809cac5da60c8b80e9e4e79e08" inherit autotools-brokensep pkgconfig bash-completion systemd SRCREV = "637bb424dc317a044c722a671355ef9df0e0d30f" -SRC_URI = "git://github.com/pmem/ndctl.git" +SRC_URI = "git://github.com/pmem/ndctl.git;branch=master;protocol=https" DEPENDS = "kmod udev json-c keyutils" diff --git a/meta-oe/recipes-core/opencl-headers/opencl-headers_git.bb b/meta-oe/recipes-core/opencl-headers/opencl-headers_git.bb index dec1bea56..1d86f48ae 100644 --- a/meta-oe/recipes-core/opencl-headers/opencl-headers_git.bb +++ b/meta-oe/recipes-core/opencl-headers/opencl-headers_git.bb @@ -6,7 +6,7 @@ SECTION = "base" S = "${WORKDIR}/git" SRCREV = "40c5d226c7c0706f0176884e9b94b3886679c983" -SRC_URI = "git://github.com/KhronosGroup/OpenCL-Headers.git" +SRC_URI = "git://github.com/KhronosGroup/OpenCL-Headers.git;branch=main;protocol=https" do_configure[noexec] = "1" do_compile[noexec] = "1" diff --git a/meta-oe/recipes-core/opencl-icd-loader/opencl-icd-loader_git.bb b/meta-oe/recipes-core/opencl-icd-loader/opencl-icd-loader_git.bb index 7c49c8d55..de355d29d 100644 --- a/meta-oe/recipes-core/opencl-icd-loader/opencl-icd-loader_git.bb +++ b/meta-oe/recipes-core/opencl-icd-loader/opencl-icd-loader_git.bb @@ -8,7 +8,7 @@ inherit pkgconfig cmake S = "${WORKDIR}/git" SRCREV = "b342ff7b7f70a4b3f2cfc53215af8fa20adc3d86" -SRC_URI = "git://github.com/KhronosGroup/OpenCL-ICD-Loader.git" +SRC_URI = "git://github.com/KhronosGroup/OpenCL-ICD-Loader.git;branch=main;protocol=https" do_install () { install -d ${D}${bindir} diff --git a/meta-oe/recipes-core/safec/safec_3.5.1.bb b/meta-oe/recipes-core/safec/safec_3.5.1.bb index 91d8fc65a..29158094a 100644 --- a/meta-oe/recipes-core/safec/safec_3.5.1.bb +++ b/meta-oe/recipes-core/safec/safec_3.5.1.bb @@ -9,7 +9,7 @@ inherit autotools pkgconfig S = "${WORKDIR}/git" # v08112019 SRCREV = "ad76c7b1dbd0403b0c9decf54164fcce271c590f" -SRC_URI = "git://github.com/rurban/safeclib.git \ +SRC_URI = "git://github.com/rurban/safeclib.git;branch=master;protocol=https \ " COMPATIBLE_HOST = '(x86_64|i.86|powerpc|powerpc64|arm|aarch64|mips).*-linux' diff --git a/meta-oe/recipes-core/sdbus-c++/sdbus-c++-0.8.1/0001-Try-to-first-find-googletest-in-the-system-before-do.patch b/meta-oe/recipes-core/sdbus-c++/sdbus-c++-0.8.1/0001-Try-to-first-find-googletest-in-the-system-before-do.patch new file mode 100644 index 000000000..89cb593e6 --- /dev/null +++ b/meta-oe/recipes-core/sdbus-c++/sdbus-c++-0.8.1/0001-Try-to-first-find-googletest-in-the-system-before-do.patch @@ -0,0 +1,96 @@ +From b073e1c2b9a8138da83300f598b9a56fc9762b4b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Stanislav=20Angelovi=C4=8D?= <angelovic.s@gmail.com> +Date: Mon, 16 Nov 2020 17:05:36 +0100 +Subject: [PATCH] Try to first find googletest in the system before downloading + it (#125) + +Upstream-Status: Backport [d6fdaca] +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> + +--- + tests/CMakeLists.txt | 62 ++++++++++++++++++++++++++++---------------- + 1 file changed, 40 insertions(+), 22 deletions(-) + +diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt +index 97f7c1a..7ecc327 100644 +--- a/tests/CMakeLists.txt ++++ b/tests/CMakeLists.txt +@@ -2,26 +2,44 @@ + # DOWNLOAD AND BUILD OF GOOGLETEST + #------------------------------- + +-include(FetchContent) +- +-message("Fetching googletest...") +-FetchContent_Declare(googletest +- GIT_REPOSITORY https://github.com/google/googletest.git +- GIT_TAG master +- GIT_SHALLOW 1 +- UPDATE_COMMAND "") +- +-#FetchContent_MakeAvailable(googletest) # Not available in CMake 3.13 :-( Let's do it manually: +-FetchContent_GetProperties(googletest) +-if(NOT googletest_POPULATED) +- FetchContent_Populate(googletest) +- set(gtest_force_shared_crt ON CACHE INTERNAL "" FORCE) +- set(BUILD_GMOCK ON CACHE INTERNAL "" FORCE) +- set(INSTALL_GTEST OFF CACHE INTERNAL "" FORCE) +- set(BUILD_SHARED_LIBS_BAK ${BUILD_SHARED_LIBS}) +- set(BUILD_SHARED_LIBS OFF) +- add_subdirectory(${googletest_SOURCE_DIR} ${googletest_BINARY_DIR}) +- set(BUILD_SHARED_LIBS ${BUILD_SHARED_LIBS_BAK}) ++set(GOOGLETEST_VERSION 1.10.0 CACHE STRING "Version of gmock to use") ++set(GOOGLETEST_GIT_REPO "https://github.com/google/googletest.git" CACHE STRING "A git repo to clone and build googletest from if gmock is not found in the system") ++ ++find_package(GTest ${GOOGLETEST_VERSION} CONFIG) ++if (NOT TARGET GTest::gmock) ++ # Try pkg-config if GTest was not found through CMake config ++ find_package(PkgConfig) ++ if (PkgConfig_FOUND) ++ pkg_check_modules(GMock IMPORTED_TARGET GLOBAL gmock>=${GOOGLETEST_VERSION}) ++ if(TARGET PkgConfig::GMock) ++ add_library(GTest::gmock ALIAS PkgConfig::GMock) ++ endif() ++ endif() ++ # GTest was not found in the system, build it on our own ++ if (NOT TARGET GTest::gmock) ++ include(FetchContent) ++ ++ message("Fetching googletest...") ++ FetchContent_Declare(googletest ++ GIT_REPOSITORY ${GOOGLETEST_GIT_REPO} ++ GIT_TAG release-${GOOGLETEST_VERSION} ++ GIT_SHALLOW 1 ++ UPDATE_COMMAND "") ++ ++ #FetchContent_MakeAvailable(googletest) # Not available in CMake 3.13 :-( Let's do it manually: ++ FetchContent_GetProperties(googletest) ++ if(NOT googletest_POPULATED) ++ FetchContent_Populate(googletest) ++ set(gtest_force_shared_crt ON CACHE INTERNAL "" FORCE) ++ set(BUILD_GMOCK ON CACHE INTERNAL "" FORCE) ++ set(INSTALL_GTEST OFF CACHE INTERNAL "" FORCE) ++ set(BUILD_SHARED_LIBS_BAK ${BUILD_SHARED_LIBS}) ++ set(BUILD_SHARED_LIBS OFF) ++ add_subdirectory(${googletest_SOURCE_DIR} ${googletest_BINARY_DIR}) ++ set(BUILD_SHARED_LIBS ${BUILD_SHARED_LIBS_BAK}) ++ add_library(GTest::gmock ALIAS gmock) ++ endif() ++ endif() + endif() + + #------------------------------- +@@ -87,11 +105,11 @@ include_directories(${CMAKE_CURRENT_SOURCE_DIR}) + + add_executable(sdbus-c++-unit-tests ${UNITTESTS_SRCS}) + target_compile_definitions(sdbus-c++-unit-tests PRIVATE LIBSYSTEMD_VERSION=${LIBSYSTEMD_VERSION}) +-target_link_libraries(sdbus-c++-unit-tests sdbus-c++-objlib gmock gmock_main) ++target_link_libraries(sdbus-c++-unit-tests sdbus-c++-objlib GTest::gmock) + + add_executable(sdbus-c++-integration-tests ${INTEGRATIONTESTS_SRCS}) + target_compile_definitions(sdbus-c++-integration-tests PRIVATE LIBSYSTEMD_VERSION=${LIBSYSTEMD_VERSION}) +-target_link_libraries(sdbus-c++-integration-tests sdbus-c++ gmock gmock_main) ++target_link_libraries(sdbus-c++-integration-tests sdbus-c++ GTest::gmock) + + # Manual performance and stress tests + option(ENABLE_PERF_TESTS "Build and install manual performance tests (default OFF)" OFF) diff --git a/meta-oe/recipes-core/sdbus-c++/sdbus-c++-libsystemd_243.bb b/meta-oe/recipes-core/sdbus-c++/sdbus-c++-libsystemd_243.bb index c8e81a412..f0e928d0d 100644 --- a/meta-oe/recipes-core/sdbus-c++/sdbus-c++-libsystemd_243.bb +++ b/meta-oe/recipes-core/sdbus-c++/sdbus-c++-libsystemd_243.bb @@ -12,7 +12,7 @@ DEPENDS += "gperf-native gettext-native util-linux libcap" SRCREV = "efb536d0cbe2e58f80e501d19999928c75e08f6a" SRCBRANCH = "v243-stable" -SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=git;branch=${SRCBRANCH}" +SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH}" SRC_URI += "file://static-libsystemd-pkgconfig.patch" diff --git a/meta-oe/recipes-core/sdbus-c++/sdbus-c++_0.8.1.bb b/meta-oe/recipes-core/sdbus-c++/sdbus-c++_0.8.1.bb index c4d63fd27..a94fb8def 100644 --- a/meta-oe/recipes-core/sdbus-c++/sdbus-c++_0.8.1.bb +++ b/meta-oe/recipes-core/sdbus-c++/sdbus-c++_0.8.1.bb @@ -12,13 +12,16 @@ PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'with-exte ${@bb.utils.contains('PTEST_ENABLED', '1', 'with-tests', '', d)}" PACKAGECONFIG[with-builtin-libsystemd] = ",,sdbus-c++-libsystemd,libcap" PACKAGECONFIG[with-external-libsystemd] = ",,systemd,libsystemd" -PACKAGECONFIG[with-tests] = "-DBUILD_TESTS=ON -DTESTS_INSTALL_PATH=${libdir}/${BPN}/tests,-DBUILD_TESTS=OFF" +PACKAGECONFIG[with-tests] = "-DBUILD_TESTS=ON -DTESTS_INSTALL_PATH=${libdir}/${BPN}/tests,-DBUILD_TESTS=OFF,googletest gmock" DEPENDS += "expat" SRCREV = "3a4f343fb924650e7639660efa5f143961162044" -SRC_URI = "git://github.com/Kistler-Group/sdbus-cpp.git;protocol=https;branch=master" -SRC_URI += "file://run-ptest" + +SRC_URI = "git://github.com/Kistler-Group/sdbus-cpp.git;protocol=https;branch=master \ + file://0001-Try-to-first-find-googletest-in-the-system-before-do.patch \ + file://run-ptest \ +" EXTRA_OECMAKE = "-DBUILD_CODE_GEN=ON \ -DBUILD_DOC=ON \ diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.2.bb b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.7.bb index b9668eb09..d303f27eb 100644 --- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.2.bb +++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.7.bb @@ -21,8 +21,8 @@ RDEPENDS_${PN} = " \ " SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz" -SRC_URI[md5sum] = "6e4ffb6d35a73f7539a5d0c1354654cd" -SRC_URI[sha256sum] = "a89e13dff0798fd0280e801d5f0cc8cfdb2aa5b1929bec1b7322e13d3eca95fb" +SRC_URI[md5sum] = "9c5952cebb836ee783b0b76c5380a964" +SRC_URI[sha256sum] = "61835132a5986217af17b8943013aa3fe6d47bdc1a07386343526765e2ce27a9" inherit autotools gettext pkgconfig @@ -54,7 +54,7 @@ PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup" PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-reencrypt,--disable-cryptsetup-reencrypt" PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup" PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux" -PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev" +PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev lvm2-udevrules" PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto" # gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't # recognized. diff --git a/meta-oe/recipes-crypto/libkcapi/libkcapi_git.bb b/meta-oe/recipes-crypto/libkcapi/libkcapi_git.bb index 4e217a351..ad5355ea6 100644 --- a/meta-oe/recipes-crypto/libkcapi/libkcapi_git.bb +++ b/meta-oe/recipes-crypto/libkcapi/libkcapi_git.bb @@ -9,7 +9,7 @@ S = "${WORKDIR}/git" SRCREV = "5649050d201856bf06c8738b5d2aa1710c86ac2f" PV = "1.1.5" SRC_URI = " \ - git://github.com/smuellerDD/libkcapi.git \ + git://github.com/smuellerDD/libkcapi.git;branch=master;protocol=https \ file://0001-kcapi-kdf-Move-code-to-fix.patch \ file://0001-Use-__builtin_bswap32-on-Clang-if-supported.patch \ " diff --git a/meta-oe/recipes-crypto/pkcs11-helper/pkcs11-helper_1.26.bb b/meta-oe/recipes-crypto/pkcs11-helper/pkcs11-helper_1.26.bb index 9b6e7ccbe..321aa4fdc 100644 --- a/meta-oe/recipes-crypto/pkcs11-helper/pkcs11-helper_1.26.bb +++ b/meta-oe/recipes-crypto/pkcs11-helper/pkcs11-helper_1.26.bb @@ -15,7 +15,7 @@ LIC_FILES_CHKSUM = " \ file://COPYING.GPL;md5=8a71d0475d08eee76d8b6d0c6dbec543 \ file://COPYING.BSD;md5=66b7a37c3c10483c1fd86007726104d7 \ " -SRC_URI = "git://github.com/OpenSC/${BPN}.git" +SRC_URI = "git://github.com/OpenSC/${BPN}.git;branch=master;protocol=https" S = "${WORKDIR}/git" # v1.26 diff --git a/meta-oe/recipes-dbs/leveldb/leveldb_1.22.bb b/meta-oe/recipes-dbs/leveldb/leveldb_1.22.bb index b597ef1ea..48f2fd8ac 100644 --- a/meta-oe/recipes-dbs/leveldb/leveldb_1.22.bb +++ b/meta-oe/recipes-dbs/leveldb/leveldb_1.22.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/google/leveldb" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=92d1b128950b11ba8495b64938fc164d" -SRC_URI = "git://github.com/google/${BPN}.git \ +SRC_URI = "git://github.com/google/${BPN}.git;branch=main;protocol=https \ file://run-ptest" SRCREV = "78b39d68c15ba020c0d60a3906fb66dbf1697595" diff --git a/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.20.bb b/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.25.bb index e1a038dfa..e1a038dfa 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.20.bb +++ b/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.25.bb diff --git a/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-oe/recipes-dbs/mysql/mariadb.inc index 0fb0c95ec..565f4d561 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb.inc +++ b/meta-oe/recipes-dbs/mysql/mariadb.inc @@ -15,12 +15,10 @@ SRC_URI = "https://downloads.mariadb.org/interstitial/${BP}/source/${BP}.tar.gz file://support-files-CMakeLists.txt-fix-do_populate_sysroot.patch \ file://sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch \ file://0001-disable-ucontext-on-musl.patch \ - file://c11_atomics.patch \ - file://clang_version_header_conflict.patch \ file://fix-arm-atomic.patch \ " -SRC_URI[md5sum] = "c3bc7a3eca3b0bbae5748f7b22a55c0c" -SRC_URI[sha256sum] = "87d5e29ee1f18de153266ec658138607703ed2a05b3ffb1f89091d33f4abf545" + +SRC_URI[sha256sum] = "ff963c4e11bc06b775f66f2b1ddef184996208fb4b23cfdb50d95fb02eaa7ef8" UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/releases" diff --git a/meta-oe/recipes-dbs/mysql/mariadb/c11_atomics.patch b/meta-oe/recipes-dbs/mysql/mariadb/c11_atomics.patch deleted file mode 100644 index b1ce96360..000000000 --- a/meta-oe/recipes-dbs/mysql/mariadb/c11_atomics.patch +++ /dev/null @@ -1,73 +0,0 @@ -Author: VicenÈ›iu Ciorbaru <vicentiu@mariadb.org> -Date: Fri Dec 21 19:14:04 2018 +0200 - - Link with libatomic to enable C11 atomics support - - Some architectures (mips) require libatomic to support proper - atomic operations. Check first if support is available without - linking, otherwise use the library. - -Upstream-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> - -Index: mariadb-10.4.17/configure.cmake -=================================================================== ---- mariadb-10.4.17.orig/configure.cmake -+++ mariadb-10.4.17/configure.cmake -@@ -863,7 +863,25 @@ int main() - long long int *ptr= &var; - return (int)__atomic_load_n(ptr, __ATOMIC_SEQ_CST); - }" --HAVE_GCC_C11_ATOMICS) -+HAVE_GCC_C11_ATOMICS_WITHOUT_LIBATOMIC) -+IF (HAVE_GCC_C11_ATOMICS_WITHOUT_LIBATOMIC) -+ SET(HAVE_GCC_C11_ATOMICS True) -+ELSE() -+ SET(OLD_CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES}) -+ LIST(APPEND CMAKE_REQUIRED_LIBRARIES "atomic") -+ CHECK_CXX_SOURCE_COMPILES(" -+ int main() -+ { -+ long long int var= 1; -+ long long int *ptr= &var; -+ return (int)__atomic_load_n(ptr, __ATOMIC_SEQ_CST); -+ }" -+ HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC) -+ IF(HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC) -+ SET(HAVE_GCC_C11_ATOMICS True) -+ ENDIF() -+ SET(CMAKE_REQUIRED_LIBRARIES ${OLD_CMAKE_REQUIRED_LIBRARIES}) -+ENDIF() - - IF(WITH_VALGRIND) - SET(HAVE_valgrind 1) -Index: mariadb-10.4.17/mysys/CMakeLists.txt -=================================================================== ---- mariadb-10.4.17.orig/mysys/CMakeLists.txt -+++ mariadb-10.4.17/mysys/CMakeLists.txt -@@ -78,6 +78,10 @@ TARGET_LINK_LIBRARIES(mysys dbug strings - ${LIBNSL} ${LIBM} ${LIBRT} ${CMAKE_DL_LIBS} ${LIBSOCKET} ${LIBEXECINFO} ${CRC32_LIBRARY}) - DTRACE_INSTRUMENT(mysys) - -+IF (HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC) -+ TARGET_LINK_LIBRARIES(mysys atomic) -+ENDIF() -+ - IF(HAVE_BFD_H) - TARGET_LINK_LIBRARIES(mysys bfd) - ENDIF(HAVE_BFD_H) -Index: mariadb-10.4.17/sql/CMakeLists.txt -=================================================================== ---- mariadb-10.4.17.orig/sql/CMakeLists.txt -+++ mariadb-10.4.17/sql/CMakeLists.txt -@@ -196,6 +196,10 @@ ELSE() - SET(MYSQLD_SOURCE main.cc ${DTRACE_PROBES_ALL}) - ENDIF() - -+IF (HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC) -+ TARGET_LINK_LIBRARIES(sql atomic) -+ENDIF() -+ - - IF(MSVC AND NOT WITHOUT_DYNAMIC_PLUGINS) - diff --git a/meta-oe/recipes-dbs/mysql/mariadb/clang_version_header_conflict.patch b/meta-oe/recipes-dbs/mysql/mariadb/clang_version_header_conflict.patch deleted file mode 100644 index c77a86944..000000000 --- a/meta-oe/recipes-dbs/mysql/mariadb/clang_version_header_conflict.patch +++ /dev/null @@ -1,32 +0,0 @@ -libc++ also has a file called version and this file and how cflags are specified -it ends up including this file and resulting in compile errors - -fixes errors like -storage/mroonga/version:1:1: error: expected unqualified-id -7.07 -^ - -Upstream-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> - ---- a/storage/mroonga/CMakeLists.txt -+++ b/storage/mroonga/CMakeLists.txt -@@ -80,7 +80,7 @@ else() - set(MRN_SOURCE_DIR ${CMAKE_SOURCE_DIR}) - endif() - --file(READ ${MRN_SOURCE_DIR}/version MRN_VERSION) -+file(READ ${MRN_SOURCE_DIR}/ver MRN_VERSION) - file(READ ${MRN_SOURCE_DIR}/version_major MRN_VERSION_MAJOR) - file(READ ${MRN_SOURCE_DIR}/version_minor MRN_VERSION_MINOR) - file(READ ${MRN_SOURCE_DIR}/version_micro MRN_VERSION_MICRO) ---- /dev/null -+++ b/storage/mroonga/ver -@@ -0,0 +1 @@ -+7.07 -\ No newline at end of file ---- a/storage/mroonga/version -+++ /dev/null -@@ -1 +0,0 @@ --7.07 -\ No newline at end of file diff --git a/meta-oe/recipes-dbs/mysql/mariadb_10.4.20.bb b/meta-oe/recipes-dbs/mysql/mariadb_10.4.25.bb index c0b53379d..c0b53379d 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb_10.4.20.bb +++ b/meta-oe/recipes-dbs/mysql/mariadb_10.4.25.bb diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch index 865ad3287..a1f5b2a7b 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch @@ -13,7 +13,7 @@ diff --git a/src/include/storage/s_lock.h b/src/include/storage/s_lock.h index 3fe29ce..7cd578f 100644 --- a/src/include/storage/s_lock.h +++ b/src/include/storage/s_lock.h -@@ -316,11 +316,12 @@ tas(volatile slock_t *lock) +@@ -317,11 +317,12 @@ tas(volatile slock_t *lock) /* * On ARM and ARM64, we use __sync_lock_test_and_set(int *, int) if available. @@ -27,7 +27,7 @@ index 3fe29ce..7cd578f 100644 #ifdef HAVE_GCC__SYNC_INT32_TAS #define HAS_TEST_AND_SET -@@ -337,7 +338,7 @@ tas(volatile slock_t *lock) +@@ -338,7 +339,7 @@ tas(volatile slock_t *lock) #define S_UNLOCK(lock) __sync_lock_release(lock) #endif /* HAVE_GCC__SYNC_INT32_TAS */ @@ -35,7 +35,7 @@ index 3fe29ce..7cd578f 100644 +#endif /* __arm__ || __arm || __aarch64__ || __aarch64 || __riscv */ - /* S/390 and S/390x Linux (32- and 64-bit zSeries) */ + /* -- 2.9.3 diff --git a/meta-oe/recipes-dbs/postgresql/files/CVE-2022-1552.patch b/meta-oe/recipes-dbs/postgresql/files/CVE-2022-1552.patch new file mode 100644 index 000000000..6f0d5ac06 --- /dev/null +++ b/meta-oe/recipes-dbs/postgresql/files/CVE-2022-1552.patch @@ -0,0 +1,947 @@ +From 31eefa1efc8eecb6ab91c8835d2952d44a3b1ae1 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Thu, 22 Sep 2022 11:20:41 +0530 +Subject: [PATCH] CVE-2022-1552 + +Upstream-Status: Backport [https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=ab49ce7c3414ac19e4afb386d7843ce2d2fb8bda && https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=677a494789062ca88e0142a17bedd5415f6ab0aa] + +CVE: CVE-2022-1552 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + contrib/amcheck/expected/check_btree.out | 23 ++++++ + contrib/amcheck/sql/check_btree.sql | 21 +++++ + contrib/amcheck/verify_nbtree.c | 27 +++++++ + src/backend/access/brin/brin.c | 29 ++++++- + src/backend/catalog/index.c | 65 ++++++++++++---- + src/backend/commands/cluster.c | 37 ++++++--- + src/backend/commands/indexcmds.c | 98 ++++++++++++++++++++---- + src/backend/commands/matview.c | 30 +++----- + src/backend/utils/init/miscinit.c | 24 +++--- + src/test/regress/expected/privileges.out | 71 +++++++++++++++++ + src/test/regress/sql/privileges.sql | 64 ++++++++++++++++ + 11 files changed, 422 insertions(+), 67 deletions(-) + +diff --git a/contrib/amcheck/expected/check_btree.out b/contrib/amcheck/expected/check_btree.out +index 59a805d..0fd6ea0 100644 +--- a/contrib/amcheck/expected/check_btree.out ++++ b/contrib/amcheck/expected/check_btree.out +@@ -168,11 +168,34 @@ SELECT bt_index_check('toasty', true); + + (1 row) + ++-- ++-- Check that index expressions and predicates are run as the table's owner ++-- ++TRUNCATE bttest_a; ++INSERT INTO bttest_a SELECT * FROM generate_series(1, 1000); ++ALTER TABLE bttest_a OWNER TO regress_bttest_role; ++-- A dummy index function checking current_user ++CREATE FUNCTION ifun(int8) RETURNS int8 AS $$ ++BEGIN ++ ASSERT current_user = 'regress_bttest_role', ++ format('ifun(%s) called by %s', $1, current_user); ++ RETURN $1; ++END; ++$$ LANGUAGE plpgsql IMMUTABLE; ++CREATE INDEX bttest_a_expr_idx ON bttest_a ((ifun(id) + ifun(0))) ++ WHERE ifun(id + 10) > ifun(10); ++SELECT bt_index_check('bttest_a_expr_idx', true); ++ bt_index_check ++---------------- ++ ++(1 row) ++ + -- cleanup + DROP TABLE bttest_a; + DROP TABLE bttest_b; + DROP TABLE bttest_multi; + DROP TABLE delete_test_table; + DROP TABLE toast_bug; ++DROP FUNCTION ifun(int8); + DROP OWNED BY regress_bttest_role; -- permissions + DROP ROLE regress_bttest_role; +diff --git a/contrib/amcheck/sql/check_btree.sql b/contrib/amcheck/sql/check_btree.sql +index 99acbc8..3248187 100644 +--- a/contrib/amcheck/sql/check_btree.sql ++++ b/contrib/amcheck/sql/check_btree.sql +@@ -110,11 +110,32 @@ INSERT INTO toast_bug SELECT repeat('a', 2200); + -- Should not get false positive report of corruption: + SELECT bt_index_check('toasty', true); + ++-- ++-- Check that index expressions and predicates are run as the table's owner ++-- ++TRUNCATE bttest_a; ++INSERT INTO bttest_a SELECT * FROM generate_series(1, 1000); ++ALTER TABLE bttest_a OWNER TO regress_bttest_role; ++-- A dummy index function checking current_user ++CREATE FUNCTION ifun(int8) RETURNS int8 AS $$ ++BEGIN ++ ASSERT current_user = 'regress_bttest_role', ++ format('ifun(%s) called by %s', $1, current_user); ++ RETURN $1; ++END; ++$$ LANGUAGE plpgsql IMMUTABLE; ++ ++CREATE INDEX bttest_a_expr_idx ON bttest_a ((ifun(id) + ifun(0))) ++ WHERE ifun(id + 10) > ifun(10); ++ ++SELECT bt_index_check('bttest_a_expr_idx', true); ++ + -- cleanup + DROP TABLE bttest_a; + DROP TABLE bttest_b; + DROP TABLE bttest_multi; + DROP TABLE delete_test_table; + DROP TABLE toast_bug; ++DROP FUNCTION ifun(int8); + DROP OWNED BY regress_bttest_role; -- permissions + DROP ROLE regress_bttest_role; +diff --git a/contrib/amcheck/verify_nbtree.c b/contrib/amcheck/verify_nbtree.c +index 700a02f..cb6475d 100644 +--- a/contrib/amcheck/verify_nbtree.c ++++ b/contrib/amcheck/verify_nbtree.c +@@ -228,6 +228,9 @@ bt_index_check_internal(Oid indrelid, bool parentcheck, bool heapallindexed, + Relation indrel; + Relation heaprel; + LOCKMODE lockmode; ++ Oid save_userid; ++ int save_sec_context; ++ int save_nestlevel; + + if (parentcheck) + lockmode = ShareLock; +@@ -244,9 +247,27 @@ bt_index_check_internal(Oid indrelid, bool parentcheck, bool heapallindexed, + */ + heapid = IndexGetRelation(indrelid, true); + if (OidIsValid(heapid)) ++ { + heaprel = table_open(heapid, lockmode); ++ ++ /* ++ * Switch to the table owner's userid, so that any index functions are ++ * run as that user. Also lock down security-restricted operations ++ * and arrange to make GUC variable changes local to this command. ++ */ ++ GetUserIdAndSecContext(&save_userid, &save_sec_context); ++ SetUserIdAndSecContext(heaprel->rd_rel->relowner, ++ save_sec_context | SECURITY_RESTRICTED_OPERATION); ++ save_nestlevel = NewGUCNestLevel(); ++ } + else ++ { + heaprel = NULL; ++ /* for "gcc -Og" https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78394 */ ++ save_userid = InvalidOid; ++ save_sec_context = -1; ++ save_nestlevel = -1; ++ } + + /* + * Open the target index relations separately (like relation_openrv(), but +@@ -293,6 +314,12 @@ bt_index_check_internal(Oid indrelid, bool parentcheck, bool heapallindexed, + heapallindexed, rootdescend); + } + ++ /* Roll back any GUC changes executed by index functions */ ++ AtEOXact_GUC(false, save_nestlevel); ++ ++ /* Restore userid and security context */ ++ SetUserIdAndSecContext(save_userid, save_sec_context); ++ + /* + * Release locks early. That's ok here because nothing in the called + * routines will trigger shared cache invalidations to be sent, so we can +diff --git a/src/backend/access/brin/brin.c b/src/backend/access/brin/brin.c +index c7b403b..781cac2 100644 +--- a/src/backend/access/brin/brin.c ++++ b/src/backend/access/brin/brin.c +@@ -873,6 +873,9 @@ brin_summarize_range(PG_FUNCTION_ARGS) + Oid heapoid; + Relation indexRel; + Relation heapRel; ++ Oid save_userid; ++ int save_sec_context; ++ int save_nestlevel; + double numSummarized = 0; + + if (RecoveryInProgress()) +@@ -899,7 +902,22 @@ brin_summarize_range(PG_FUNCTION_ARGS) + */ + heapoid = IndexGetRelation(indexoid, true); + if (OidIsValid(heapoid)) ++ { + heapRel = table_open(heapoid, ShareUpdateExclusiveLock); ++ ++ /* ++ * Autovacuum calls us. For its benefit, switch to the table owner's ++ * userid, so that any index functions are run as that user. Also ++ * lock down security-restricted operations and arrange to make GUC ++ * variable changes local to this command. This is harmless, albeit ++ * unnecessary, when called from SQL, because we fail shortly if the ++ * user does not own the index. ++ */ ++ GetUserIdAndSecContext(&save_userid, &save_sec_context); ++ SetUserIdAndSecContext(heapRel->rd_rel->relowner, ++ save_sec_context | SECURITY_RESTRICTED_OPERATION); ++ save_nestlevel = NewGUCNestLevel(); ++ } + else + heapRel = NULL; + +@@ -914,7 +932,7 @@ brin_summarize_range(PG_FUNCTION_ARGS) + RelationGetRelationName(indexRel)))); + + /* User must own the index (comparable to privileges needed for VACUUM) */ +- if (!pg_class_ownercheck(indexoid, GetUserId())) ++ if (heapRel != NULL && !pg_class_ownercheck(indexoid, save_userid)) + aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_INDEX, + RelationGetRelationName(indexRel)); + +@@ -932,6 +950,12 @@ brin_summarize_range(PG_FUNCTION_ARGS) + /* OK, do it */ + brinsummarize(indexRel, heapRel, heapBlk, true, &numSummarized, NULL); + ++ /* Roll back any GUC changes executed by index functions */ ++ AtEOXact_GUC(false, save_nestlevel); ++ ++ /* Restore userid and security context */ ++ SetUserIdAndSecContext(save_userid, save_sec_context); ++ + relation_close(indexRel, ShareUpdateExclusiveLock); + relation_close(heapRel, ShareUpdateExclusiveLock); + +@@ -973,6 +997,9 @@ brin_desummarize_range(PG_FUNCTION_ARGS) + * passed indexoid isn't an index then IndexGetRelation() will fail. + * Rather than emitting a not-very-helpful error message, postpone + * complaining, expecting that the is-it-an-index test below will fail. ++ * ++ * Unlike brin_summarize_range(), autovacuum never calls this. Hence, we ++ * don't switch userid. + */ + heapoid = IndexGetRelation(indexoid, true); + if (OidIsValid(heapoid)) +diff --git a/src/backend/catalog/index.c b/src/backend/catalog/index.c +index 3ece136..0333bfd 100644 +--- a/src/backend/catalog/index.c ++++ b/src/backend/catalog/index.c +@@ -1400,6 +1400,9 @@ index_concurrently_build(Oid heapRelationId, + Oid indexRelationId) + { + Relation heapRel; ++ Oid save_userid; ++ int save_sec_context; ++ int save_nestlevel; + Relation indexRelation; + IndexInfo *indexInfo; + +@@ -1409,7 +1412,16 @@ index_concurrently_build(Oid heapRelationId, + /* Open and lock the parent heap relation */ + heapRel = table_open(heapRelationId, ShareUpdateExclusiveLock); + +- /* And the target index relation */ ++ /* ++ * Switch to the table owner's userid, so that any index functions are run ++ * as that user. Also lock down security-restricted operations and ++ * arrange to make GUC variable changes local to this command. ++ */ ++ GetUserIdAndSecContext(&save_userid, &save_sec_context); ++ SetUserIdAndSecContext(heapRel->rd_rel->relowner, ++ save_sec_context | SECURITY_RESTRICTED_OPERATION); ++ save_nestlevel = NewGUCNestLevel(); ++ + indexRelation = index_open(indexRelationId, RowExclusiveLock); + + /* +@@ -1425,6 +1437,12 @@ index_concurrently_build(Oid heapRelationId, + /* Now build the index */ + index_build(heapRel, indexRelation, indexInfo, false, true); + ++ /* Roll back any GUC changes executed by index functions */ ++ AtEOXact_GUC(false, save_nestlevel); ++ ++ /* Restore userid and security context */ ++ SetUserIdAndSecContext(save_userid, save_sec_context); ++ + /* Close both the relations, but keep the locks */ + table_close(heapRel, NoLock); + index_close(indexRelation, NoLock); +@@ -3271,7 +3289,17 @@ validate_index(Oid heapId, Oid indexId, Snapshot snapshot) + + /* Open and lock the parent heap relation */ + heapRelation = table_open(heapId, ShareUpdateExclusiveLock); +- /* And the target index relation */ ++ ++ /* ++ * Switch to the table owner's userid, so that any index functions are run ++ * as that user. Also lock down security-restricted operations and ++ * arrange to make GUC variable changes local to this command. ++ */ ++ GetUserIdAndSecContext(&save_userid, &save_sec_context); ++ SetUserIdAndSecContext(heapRelation->rd_rel->relowner, ++ save_sec_context | SECURITY_RESTRICTED_OPERATION); ++ save_nestlevel = NewGUCNestLevel(); ++ + indexRelation = index_open(indexId, RowExclusiveLock); + + /* +@@ -3284,16 +3312,6 @@ validate_index(Oid heapId, Oid indexId, Snapshot snapshot) + /* mark build is concurrent just for consistency */ + indexInfo->ii_Concurrent = true; + +- /* +- * Switch to the table owner's userid, so that any index functions are run +- * as that user. Also lock down security-restricted operations and +- * arrange to make GUC variable changes local to this command. +- */ +- GetUserIdAndSecContext(&save_userid, &save_sec_context); +- SetUserIdAndSecContext(heapRelation->rd_rel->relowner, +- save_sec_context | SECURITY_RESTRICTED_OPERATION); +- save_nestlevel = NewGUCNestLevel(); +- + /* + * Scan the index and gather up all the TIDs into a tuplesort object. + */ +@@ -3497,6 +3515,9 @@ reindex_index(Oid indexId, bool skip_constraint_checks, char persistence, + Relation iRel, + heapRelation; + Oid heapId; ++ Oid save_userid; ++ int save_sec_context; ++ int save_nestlevel; + IndexInfo *indexInfo; + volatile bool skipped_constraint = false; + PGRUsage ru0; +@@ -3527,6 +3548,16 @@ reindex_index(Oid indexId, bool skip_constraint_checks, char persistence, + */ + iRel = index_open(indexId, AccessExclusiveLock); + ++ /* ++ * Switch to the table owner's userid, so that any index functions are run ++ * as that user. Also lock down security-restricted operations and ++ * arrange to make GUC variable changes local to this command. ++ */ ++ GetUserIdAndSecContext(&save_userid, &save_sec_context); ++ SetUserIdAndSecContext(heapRelation->rd_rel->relowner, ++ save_sec_context | SECURITY_RESTRICTED_OPERATION); ++ save_nestlevel = NewGUCNestLevel(); ++ + if (progress) + pgstat_progress_update_param(PROGRESS_CREATEIDX_ACCESS_METHOD_OID, + iRel->rd_rel->relam); +@@ -3684,12 +3715,18 @@ reindex_index(Oid indexId, bool skip_constraint_checks, char persistence, + errdetail_internal("%s", + pg_rusage_show(&ru0)))); + +- if (progress) +- pgstat_progress_end_command(); ++ /* Roll back any GUC changes executed by index functions */ ++ AtEOXact_GUC(false, save_nestlevel); ++ ++ /* Restore userid and security context */ ++ SetUserIdAndSecContext(save_userid, save_sec_context); + + /* Close rels, but keep locks */ + index_close(iRel, NoLock); + table_close(heapRelation, NoLock); ++ ++ if (progress) ++ pgstat_progress_end_command(); + } + + /* +diff --git a/src/backend/commands/cluster.c b/src/backend/commands/cluster.c +index bd6f408..74db03e 100644 +--- a/src/backend/commands/cluster.c ++++ b/src/backend/commands/cluster.c +@@ -266,6 +266,9 @@ void + cluster_rel(Oid tableOid, Oid indexOid, int options) + { + Relation OldHeap; ++ Oid save_userid; ++ int save_sec_context; ++ int save_nestlevel; + bool verbose = ((options & CLUOPT_VERBOSE) != 0); + bool recheck = ((options & CLUOPT_RECHECK) != 0); + +@@ -295,6 +298,16 @@ cluster_rel(Oid tableOid, Oid indexOid, int options) + return; + } + ++ /* ++ * Switch to the table owner's userid, so that any index functions are run ++ * as that user. Also lock down security-restricted operations and ++ * arrange to make GUC variable changes local to this command. ++ */ ++ GetUserIdAndSecContext(&save_userid, &save_sec_context); ++ SetUserIdAndSecContext(OldHeap->rd_rel->relowner, ++ save_sec_context | SECURITY_RESTRICTED_OPERATION); ++ save_nestlevel = NewGUCNestLevel(); ++ + /* + * Since we may open a new transaction for each relation, we have to check + * that the relation still is what we think it is. +@@ -309,11 +322,10 @@ cluster_rel(Oid tableOid, Oid indexOid, int options) + Form_pg_index indexForm; + + /* Check that the user still owns the relation */ +- if (!pg_class_ownercheck(tableOid, GetUserId())) ++ if (!pg_class_ownercheck(tableOid, save_userid)) + { + relation_close(OldHeap, AccessExclusiveLock); +- pgstat_progress_end_command(); +- return; ++ goto out; + } + + /* +@@ -327,8 +339,7 @@ cluster_rel(Oid tableOid, Oid indexOid, int options) + if (RELATION_IS_OTHER_TEMP(OldHeap)) + { + relation_close(OldHeap, AccessExclusiveLock); +- pgstat_progress_end_command(); +- return; ++ goto out; + } + + if (OidIsValid(indexOid)) +@@ -339,8 +350,7 @@ cluster_rel(Oid tableOid, Oid indexOid, int options) + if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(indexOid))) + { + relation_close(OldHeap, AccessExclusiveLock); +- pgstat_progress_end_command(); +- return; ++ goto out; + } + + /* +@@ -350,8 +360,7 @@ cluster_rel(Oid tableOid, Oid indexOid, int options) + if (!HeapTupleIsValid(tuple)) /* probably can't happen */ + { + relation_close(OldHeap, AccessExclusiveLock); +- pgstat_progress_end_command(); +- return; ++ goto out; + } + indexForm = (Form_pg_index) GETSTRUCT(tuple); + if (!indexForm->indisclustered) +@@ -413,8 +422,7 @@ cluster_rel(Oid tableOid, Oid indexOid, int options) + !RelationIsPopulated(OldHeap)) + { + relation_close(OldHeap, AccessExclusiveLock); +- pgstat_progress_end_command(); +- return; ++ goto out; + } + + /* +@@ -430,6 +438,13 @@ cluster_rel(Oid tableOid, Oid indexOid, int options) + + /* NB: rebuild_relation does table_close() on OldHeap */ + ++out: ++ /* Roll back any GUC changes executed by index functions */ ++ AtEOXact_GUC(false, save_nestlevel); ++ ++ /* Restore userid and security context */ ++ SetUserIdAndSecContext(save_userid, save_sec_context); ++ + pgstat_progress_end_command(); + } + +diff --git a/src/backend/commands/indexcmds.c b/src/backend/commands/indexcmds.c +index be1cf8c..167b377 100644 +--- a/src/backend/commands/indexcmds.c ++++ b/src/backend/commands/indexcmds.c +@@ -470,21 +470,22 @@ DefineIndex(Oid relationId, + LOCKTAG heaplocktag; + LOCKMODE lockmode; + Snapshot snapshot; +- int save_nestlevel = -1; ++ Oid root_save_userid; ++ int root_save_sec_context; ++ int root_save_nestlevel; + int i; + ++ root_save_nestlevel = NewGUCNestLevel(); ++ + /* + * Some callers need us to run with an empty default_tablespace; this is a + * necessary hack to be able to reproduce catalog state accurately when + * recreating indexes after table-rewriting ALTER TABLE. + */ + if (stmt->reset_default_tblspc) +- { +- save_nestlevel = NewGUCNestLevel(); + (void) set_config_option("default_tablespace", "", + PGC_USERSET, PGC_S_SESSION, + GUC_ACTION_SAVE, true, 0, false); +- } + + /* + * Force non-concurrent build on temporary relations, even if CONCURRENTLY +@@ -563,6 +564,15 @@ DefineIndex(Oid relationId, + lockmode = concurrent ? ShareUpdateExclusiveLock : ShareLock; + rel = table_open(relationId, lockmode); + ++ /* ++ * Switch to the table owner's userid, so that any index functions are run ++ * as that user. Also lock down security-restricted operations. We ++ * already arranged to make GUC variable changes local to this command. ++ */ ++ GetUserIdAndSecContext(&root_save_userid, &root_save_sec_context); ++ SetUserIdAndSecContext(rel->rd_rel->relowner, ++ root_save_sec_context | SECURITY_RESTRICTED_OPERATION); ++ + namespaceId = RelationGetNamespace(rel); + + /* Ensure that it makes sense to index this kind of relation */ +@@ -648,7 +658,7 @@ DefineIndex(Oid relationId, + { + AclResult aclresult; + +- aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), ++ aclresult = pg_namespace_aclcheck(namespaceId, root_save_userid, + ACL_CREATE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_SCHEMA, +@@ -680,7 +690,7 @@ DefineIndex(Oid relationId, + { + AclResult aclresult; + +- aclresult = pg_tablespace_aclcheck(tablespaceId, GetUserId(), ++ aclresult = pg_tablespace_aclcheck(tablespaceId, root_save_userid, + ACL_CREATE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_TABLESPACE, +@@ -1066,15 +1076,17 @@ DefineIndex(Oid relationId, + + ObjectAddressSet(address, RelationRelationId, indexRelationId); + +- /* +- * Revert to original default_tablespace. Must do this before any return +- * from this function, but after index_create, so this is a good time. +- */ +- if (save_nestlevel >= 0) +- AtEOXact_GUC(true, save_nestlevel); +- + if (!OidIsValid(indexRelationId)) + { ++ /* ++ * Roll back any GUC changes executed by index functions. Also revert ++ * to original default_tablespace if we changed it above. ++ */ ++ AtEOXact_GUC(false, root_save_nestlevel); ++ ++ /* Restore userid and security context */ ++ SetUserIdAndSecContext(root_save_userid, root_save_sec_context); ++ + table_close(rel, NoLock); + + /* If this is the top-level index, we're done */ +@@ -1084,6 +1096,17 @@ DefineIndex(Oid relationId, + return address; + } + ++ /* ++ * Roll back any GUC changes executed by index functions, and keep ++ * subsequent changes local to this command. It's barely possible that ++ * some index function changed a behavior-affecting GUC, e.g. xmloption, ++ * that affects subsequent steps. This improves bug-compatibility with ++ * older PostgreSQL versions. They did the AtEOXact_GUC() here for the ++ * purpose of clearing the above default_tablespace change. ++ */ ++ AtEOXact_GUC(false, root_save_nestlevel); ++ root_save_nestlevel = NewGUCNestLevel(); ++ + /* Add any requested comment */ + if (stmt->idxcomment != NULL) + CreateComments(indexRelationId, RelationRelationId, 0, +@@ -1130,6 +1153,9 @@ DefineIndex(Oid relationId, + { + Oid childRelid = part_oids[i]; + Relation childrel; ++ Oid child_save_userid; ++ int child_save_sec_context; ++ int child_save_nestlevel; + List *childidxs; + ListCell *cell; + AttrNumber *attmap; +@@ -1138,6 +1164,12 @@ DefineIndex(Oid relationId, + + childrel = table_open(childRelid, lockmode); + ++ GetUserIdAndSecContext(&child_save_userid, ++ &child_save_sec_context); ++ SetUserIdAndSecContext(childrel->rd_rel->relowner, ++ child_save_sec_context | SECURITY_RESTRICTED_OPERATION); ++ child_save_nestlevel = NewGUCNestLevel(); ++ + /* + * Don't try to create indexes on foreign tables, though. Skip + * those if a regular index, or fail if trying to create a +@@ -1153,6 +1185,9 @@ DefineIndex(Oid relationId, + errdetail("Table \"%s\" contains partitions that are foreign tables.", + RelationGetRelationName(rel)))); + ++ AtEOXact_GUC(false, child_save_nestlevel); ++ SetUserIdAndSecContext(child_save_userid, ++ child_save_sec_context); + table_close(childrel, lockmode); + continue; + } +@@ -1226,6 +1261,9 @@ DefineIndex(Oid relationId, + } + + list_free(childidxs); ++ AtEOXact_GUC(false, child_save_nestlevel); ++ SetUserIdAndSecContext(child_save_userid, ++ child_save_sec_context); + table_close(childrel, NoLock); + + /* +@@ -1280,12 +1318,21 @@ DefineIndex(Oid relationId, + if (found_whole_row) + elog(ERROR, "cannot convert whole-row table reference"); + ++ /* ++ * Recurse as the starting user ID. Callee will use that ++ * for permission checks, then switch again. ++ */ ++ Assert(GetUserId() == child_save_userid); ++ SetUserIdAndSecContext(root_save_userid, ++ root_save_sec_context); + DefineIndex(childRelid, childStmt, + InvalidOid, /* no predefined OID */ + indexRelationId, /* this is our child */ + createdConstraintId, + is_alter_table, check_rights, check_not_in_use, + skip_build, quiet); ++ SetUserIdAndSecContext(child_save_userid, ++ child_save_sec_context); + } + + pgstat_progress_update_param(PROGRESS_CREATEIDX_PARTITIONS_DONE, +@@ -1322,12 +1369,17 @@ DefineIndex(Oid relationId, + * Indexes on partitioned tables are not themselves built, so we're + * done here. + */ ++ AtEOXact_GUC(false, root_save_nestlevel); ++ SetUserIdAndSecContext(root_save_userid, root_save_sec_context); + table_close(rel, NoLock); + if (!OidIsValid(parentIndexId)) + pgstat_progress_end_command(); + return address; + } + ++ AtEOXact_GUC(false, root_save_nestlevel); ++ SetUserIdAndSecContext(root_save_userid, root_save_sec_context); ++ + if (!concurrent) + { + /* Close the heap and we're done, in the non-concurrent case */ +@@ -3040,6 +3092,9 @@ ReindexRelationConcurrently(Oid relationOid, int options) + Oid newIndexId; + Relation indexRel; + Relation heapRel; ++ Oid save_userid; ++ int save_sec_context; ++ int save_nestlevel; + Relation newIndexRel; + LockRelId *lockrelid; + +@@ -3047,6 +3102,16 @@ ReindexRelationConcurrently(Oid relationOid, int options) + heapRel = table_open(indexRel->rd_index->indrelid, + ShareUpdateExclusiveLock); + ++ /* ++ * Switch to the table owner's userid, so that any index functions are ++ * run as that user. Also lock down security-restricted operations ++ * and arrange to make GUC variable changes local to this command. ++ */ ++ GetUserIdAndSecContext(&save_userid, &save_sec_context); ++ SetUserIdAndSecContext(heapRel->rd_rel->relowner, ++ save_sec_context | SECURITY_RESTRICTED_OPERATION); ++ save_nestlevel = NewGUCNestLevel(); ++ + /* This function shouldn't be called for temporary relations. */ + if (indexRel->rd_rel->relpersistence == RELPERSISTENCE_TEMP) + elog(ERROR, "cannot reindex a temporary table concurrently"); +@@ -3101,6 +3166,13 @@ ReindexRelationConcurrently(Oid relationOid, int options) + + index_close(indexRel, NoLock); + index_close(newIndexRel, NoLock); ++ ++ /* Roll back any GUC changes executed by index functions */ ++ AtEOXact_GUC(false, save_nestlevel); ++ ++ /* Restore userid and security context */ ++ SetUserIdAndSecContext(save_userid, save_sec_context); ++ + table_close(heapRel, NoLock); + } + +diff --git a/src/backend/commands/matview.c b/src/backend/commands/matview.c +index 80e9ec0..e485661 100644 +--- a/src/backend/commands/matview.c ++++ b/src/backend/commands/matview.c +@@ -167,6 +167,17 @@ ExecRefreshMatView(RefreshMatViewStmt *stmt, const char *queryString, + lockmode, 0, + RangeVarCallbackOwnsTable, NULL); + matviewRel = table_open(matviewOid, NoLock); ++ relowner = matviewRel->rd_rel->relowner; ++ ++ /* ++ * Switch to the owner's userid, so that any functions are run as that ++ * user. Also lock down security-restricted operations and arrange to ++ * make GUC variable changes local to this command. ++ */ ++ GetUserIdAndSecContext(&save_userid, &save_sec_context); ++ SetUserIdAndSecContext(relowner, ++ save_sec_context | SECURITY_RESTRICTED_OPERATION); ++ save_nestlevel = NewGUCNestLevel(); + + /* Make sure it is a materialized view. */ + if (matviewRel->rd_rel->relkind != RELKIND_MATVIEW) +@@ -268,19 +279,6 @@ ExecRefreshMatView(RefreshMatViewStmt *stmt, const char *queryString, + */ + SetMatViewPopulatedState(matviewRel, !stmt->skipData); + +- relowner = matviewRel->rd_rel->relowner; +- +- /* +- * Switch to the owner's userid, so that any functions are run as that +- * user. Also arrange to make GUC variable changes local to this command. +- * Don't lock it down too tight to create a temporary table just yet. We +- * will switch modes when we are about to execute user code. +- */ +- GetUserIdAndSecContext(&save_userid, &save_sec_context); +- SetUserIdAndSecContext(relowner, +- save_sec_context | SECURITY_LOCAL_USERID_CHANGE); +- save_nestlevel = NewGUCNestLevel(); +- + /* Concurrent refresh builds new data in temp tablespace, and does diff. */ + if (concurrent) + { +@@ -303,12 +301,6 @@ ExecRefreshMatView(RefreshMatViewStmt *stmt, const char *queryString, + LockRelationOid(OIDNewHeap, AccessExclusiveLock); + dest = CreateTransientRelDestReceiver(OIDNewHeap); + +- /* +- * Now lock down security-restricted operations. +- */ +- SetUserIdAndSecContext(relowner, +- save_sec_context | SECURITY_RESTRICTED_OPERATION); +- + /* Generate the data, if wanted. */ + if (!stmt->skipData) + processed = refresh_matview_datafill(dest, dataQuery, queryString); +diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c +index de554e2..c9f858e 100644 +--- a/src/backend/utils/init/miscinit.c ++++ b/src/backend/utils/init/miscinit.c +@@ -455,15 +455,21 @@ GetAuthenticatedUserId(void) + * with guc.c's internal state, so SET ROLE has to be disallowed. + * + * SECURITY_RESTRICTED_OPERATION indicates that we are inside an operation +- * that does not wish to trust called user-defined functions at all. This +- * bit prevents not only SET ROLE, but various other changes of session state +- * that normally is unprotected but might possibly be used to subvert the +- * calling session later. An example is replacing an existing prepared +- * statement with new code, which will then be executed with the outer +- * session's permissions when the prepared statement is next used. Since +- * these restrictions are fairly draconian, we apply them only in contexts +- * where the called functions are really supposed to be side-effect-free +- * anyway, such as VACUUM/ANALYZE/REINDEX. ++ * that does not wish to trust called user-defined functions at all. The ++ * policy is to use this before operations, e.g. autovacuum and REINDEX, that ++ * enumerate relations of a database or schema and run functions associated ++ * with each found relation. The relation owner is the new user ID. Set this ++ * as soon as possible after locking the relation. Restore the old user ID as ++ * late as possible before closing the relation; restoring it shortly after ++ * close is also tolerable. If a command has both relation-enumerating and ++ * non-enumerating modes, e.g. ANALYZE, both modes set this bit. This bit ++ * prevents not only SET ROLE, but various other changes of session state that ++ * normally is unprotected but might possibly be used to subvert the calling ++ * session later. An example is replacing an existing prepared statement with ++ * new code, which will then be executed with the outer session's permissions ++ * when the prepared statement is next used. These restrictions are fairly ++ * draconian, but the functions called in relation-enumerating operations are ++ * really supposed to be side-effect-free anyway. + * + * SECURITY_NOFORCE_RLS indicates that we are inside an operation which should + * ignore the FORCE ROW LEVEL SECURITY per-table indication. This is used to +diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out +index 186d2fb..0f0c1b3 100644 +--- a/src/test/regress/expected/privileges.out ++++ b/src/test/regress/expected/privileges.out +@@ -1336,6 +1336,61 @@ SELECT has_table_privilege('regress_priv_user1', 'atest4', 'SELECT WITH GRANT OP + -- security-restricted operations + \c - + CREATE ROLE regress_sro_user; ++-- Check that index expressions and predicates are run as the table's owner ++-- A dummy index function checking current_user ++CREATE FUNCTION sro_ifun(int) RETURNS int AS $$ ++BEGIN ++ -- Below we set the table's owner to regress_sro_user ++ ASSERT current_user = 'regress_sro_user', ++ format('sro_ifun(%s) called by %s', $1, current_user); ++ RETURN $1; ++END; ++$$ LANGUAGE plpgsql IMMUTABLE; ++-- Create a table owned by regress_sro_user ++CREATE TABLE sro_tab (a int); ++ALTER TABLE sro_tab OWNER TO regress_sro_user; ++INSERT INTO sro_tab VALUES (1), (2), (3); ++-- Create an expression index with a predicate ++CREATE INDEX sro_idx ON sro_tab ((sro_ifun(a) + sro_ifun(0))) ++ WHERE sro_ifun(a + 10) > sro_ifun(10); ++DROP INDEX sro_idx; ++-- Do the same concurrently ++CREATE INDEX CONCURRENTLY sro_idx ON sro_tab ((sro_ifun(a) + sro_ifun(0))) ++ WHERE sro_ifun(a + 10) > sro_ifun(10); ++-- REINDEX ++REINDEX TABLE sro_tab; ++REINDEX INDEX sro_idx; ++REINDEX TABLE CONCURRENTLY sro_tab; ++DROP INDEX sro_idx; ++-- CLUSTER ++CREATE INDEX sro_cluster_idx ON sro_tab ((sro_ifun(a) + sro_ifun(0))); ++CLUSTER sro_tab USING sro_cluster_idx; ++DROP INDEX sro_cluster_idx; ++-- BRIN index ++CREATE INDEX sro_brin ON sro_tab USING brin ((sro_ifun(a) + sro_ifun(0))); ++SELECT brin_desummarize_range('sro_brin', 0); ++ brin_desummarize_range ++------------------------ ++ ++(1 row) ++ ++SELECT brin_summarize_range('sro_brin', 0); ++ brin_summarize_range ++---------------------- ++ 1 ++(1 row) ++ ++DROP TABLE sro_tab; ++-- Check with a partitioned table ++CREATE TABLE sro_ptab (a int) PARTITION BY RANGE (a); ++ALTER TABLE sro_ptab OWNER TO regress_sro_user; ++CREATE TABLE sro_part PARTITION OF sro_ptab FOR VALUES FROM (1) TO (10); ++ALTER TABLE sro_part OWNER TO regress_sro_user; ++INSERT INTO sro_ptab VALUES (1), (2), (3); ++CREATE INDEX sro_pidx ON sro_ptab ((sro_ifun(a) + sro_ifun(0))) ++ WHERE sro_ifun(a + 10) > sro_ifun(10); ++REINDEX TABLE sro_ptab; ++REINDEX INDEX CONCURRENTLY sro_pidx; + SET SESSION AUTHORIZATION regress_sro_user; + CREATE FUNCTION unwanted_grant() RETURNS void LANGUAGE sql AS + 'GRANT regress_priv_group2 TO regress_sro_user'; +@@ -1373,6 +1428,22 @@ CONTEXT: SQL function "unwanted_grant" statement 1 + SQL statement "SELECT unwanted_grant()" + PL/pgSQL function sro_trojan() line 1 at PERFORM + SQL function "mv_action" statement 1 ++-- REFRESH MATERIALIZED VIEW CONCURRENTLY use of eval_const_expressions() ++SET SESSION AUTHORIZATION regress_sro_user; ++CREATE FUNCTION unwanted_grant_nofail(int) RETURNS int ++ IMMUTABLE LANGUAGE plpgsql AS $$ ++BEGIN ++ PERFORM unwanted_grant(); ++ RAISE WARNING 'owned'; ++ RETURN 1; ++EXCEPTION WHEN OTHERS THEN ++ RETURN 2; ++END$$; ++CREATE MATERIALIZED VIEW sro_index_mv AS SELECT 1 AS c; ++CREATE UNIQUE INDEX ON sro_index_mv (c) WHERE unwanted_grant_nofail(1) > 0; ++\c - ++REFRESH MATERIALIZED VIEW CONCURRENTLY sro_index_mv; ++REFRESH MATERIALIZED VIEW sro_index_mv; + DROP OWNED BY regress_sro_user; + DROP ROLE regress_sro_user; + -- Admin options +diff --git a/src/test/regress/sql/privileges.sql b/src/test/regress/sql/privileges.sql +index 34fbf0e..c0b88a6 100644 +--- a/src/test/regress/sql/privileges.sql ++++ b/src/test/regress/sql/privileges.sql +@@ -826,6 +826,53 @@ SELECT has_table_privilege('regress_priv_user1', 'atest4', 'SELECT WITH GRANT OP + \c - + CREATE ROLE regress_sro_user; + ++-- Check that index expressions and predicates are run as the table's owner ++ ++-- A dummy index function checking current_user ++CREATE FUNCTION sro_ifun(int) RETURNS int AS $$ ++BEGIN ++ -- Below we set the table's owner to regress_sro_user ++ ASSERT current_user = 'regress_sro_user', ++ format('sro_ifun(%s) called by %s', $1, current_user); ++ RETURN $1; ++END; ++$$ LANGUAGE plpgsql IMMUTABLE; ++-- Create a table owned by regress_sro_user ++CREATE TABLE sro_tab (a int); ++ALTER TABLE sro_tab OWNER TO regress_sro_user; ++INSERT INTO sro_tab VALUES (1), (2), (3); ++-- Create an expression index with a predicate ++CREATE INDEX sro_idx ON sro_tab ((sro_ifun(a) + sro_ifun(0))) ++ WHERE sro_ifun(a + 10) > sro_ifun(10); ++DROP INDEX sro_idx; ++-- Do the same concurrently ++CREATE INDEX CONCURRENTLY sro_idx ON sro_tab ((sro_ifun(a) + sro_ifun(0))) ++ WHERE sro_ifun(a + 10) > sro_ifun(10); ++-- REINDEX ++REINDEX TABLE sro_tab; ++REINDEX INDEX sro_idx; ++REINDEX TABLE CONCURRENTLY sro_tab; ++DROP INDEX sro_idx; ++-- CLUSTER ++CREATE INDEX sro_cluster_idx ON sro_tab ((sro_ifun(a) + sro_ifun(0))); ++CLUSTER sro_tab USING sro_cluster_idx; ++DROP INDEX sro_cluster_idx; ++-- BRIN index ++CREATE INDEX sro_brin ON sro_tab USING brin ((sro_ifun(a) + sro_ifun(0))); ++SELECT brin_desummarize_range('sro_brin', 0); ++SELECT brin_summarize_range('sro_brin', 0); ++DROP TABLE sro_tab; ++-- Check with a partitioned table ++CREATE TABLE sro_ptab (a int) PARTITION BY RANGE (a); ++ALTER TABLE sro_ptab OWNER TO regress_sro_user; ++CREATE TABLE sro_part PARTITION OF sro_ptab FOR VALUES FROM (1) TO (10); ++ALTER TABLE sro_part OWNER TO regress_sro_user; ++INSERT INTO sro_ptab VALUES (1), (2), (3); ++CREATE INDEX sro_pidx ON sro_ptab ((sro_ifun(a) + sro_ifun(0))) ++ WHERE sro_ifun(a + 10) > sro_ifun(10); ++REINDEX TABLE sro_ptab; ++REINDEX INDEX CONCURRENTLY sro_pidx; ++ + SET SESSION AUTHORIZATION regress_sro_user; + CREATE FUNCTION unwanted_grant() RETURNS void LANGUAGE sql AS + 'GRANT regress_priv_group2 TO regress_sro_user'; +@@ -852,6 +899,23 @@ REFRESH MATERIALIZED VIEW sro_mv; + REFRESH MATERIALIZED VIEW sro_mv; + BEGIN; SET CONSTRAINTS ALL IMMEDIATE; REFRESH MATERIALIZED VIEW sro_mv; COMMIT; + ++-- REFRESH MATERIALIZED VIEW CONCURRENTLY use of eval_const_expressions() ++SET SESSION AUTHORIZATION regress_sro_user; ++CREATE FUNCTION unwanted_grant_nofail(int) RETURNS int ++ IMMUTABLE LANGUAGE plpgsql AS $$ ++BEGIN ++ PERFORM unwanted_grant(); ++ RAISE WARNING 'owned'; ++ RETURN 1; ++EXCEPTION WHEN OTHERS THEN ++ RETURN 2; ++END$$; ++CREATE MATERIALIZED VIEW sro_index_mv AS SELECT 1 AS c; ++CREATE UNIQUE INDEX ON sro_index_mv (c) WHERE unwanted_grant_nofail(1) > 0; ++\c - ++REFRESH MATERIALIZED VIEW CONCURRENTLY sro_index_mv; ++REFRESH MATERIALIZED VIEW sro_index_mv; ++ + DROP OWNED BY regress_sro_user; + DROP ROLE regress_sro_user; + +-- +2.25.1 + diff --git a/meta-oe/recipes-dbs/postgresql/files/CVE-2022-2625.patch b/meta-oe/recipes-dbs/postgresql/files/CVE-2022-2625.patch new file mode 100644 index 000000000..6417d8a2b --- /dev/null +++ b/meta-oe/recipes-dbs/postgresql/files/CVE-2022-2625.patch @@ -0,0 +1,904 @@ +From 84375c1db25ef650902cf80712495fc514b0ff63 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Thu, 13 Oct 2022 10:35:32 +0530 +Subject: [PATCH] CVE-2022-2625 + +Upstream-Status: Backport [https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=5579726bd60a6e7afb04a3548bced348cd5ffd89] +CVE: CVE-2022-2625 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + doc/src/sgml/extend.sgml | 11 -- + src/backend/catalog/pg_collation.c | 49 ++++-- + src/backend/catalog/pg_depend.c | 74 ++++++++- + src/backend/catalog/pg_operator.c | 2 +- + src/backend/catalog/pg_type.c | 7 +- + src/backend/commands/createas.c | 18 ++- + src/backend/commands/foreigncmds.c | 19 ++- + src/backend/commands/schemacmds.c | 25 ++- + src/backend/commands/sequence.c | 8 + + src/backend/commands/statscmds.c | 4 + + src/backend/commands/view.c | 16 +- + src/backend/parser/parse_utilcmd.c | 10 ++ + src/include/catalog/dependency.h | 2 + + src/test/modules/test_extensions/Makefile | 5 +- + .../expected/test_extensions.out | 153 ++++++++++++++++++ + .../test_extensions/sql/test_extensions.sql | 110 +++++++++++++ + .../test_ext_cine--1.0--1.1.sql | 26 +++ + .../test_extensions/test_ext_cine--1.0.sql | 25 +++ + .../test_extensions/test_ext_cine.control | 3 + + .../test_extensions/test_ext_cor--1.0.sql | 20 +++ + .../test_extensions/test_ext_cor.control | 3 + + 21 files changed, 540 insertions(+), 50 deletions(-) + create mode 100644 src/test/modules/test_extensions/test_ext_cine--1.0--1.1.sql + create mode 100644 src/test/modules/test_extensions/test_ext_cine--1.0.sql + create mode 100644 src/test/modules/test_extensions/test_ext_cine.control + create mode 100644 src/test/modules/test_extensions/test_ext_cor--1.0.sql + create mode 100644 src/test/modules/test_extensions/test_ext_cor.control + +diff --git a/doc/src/sgml/extend.sgml b/doc/src/sgml/extend.sgml +index 53f2638..bcc7a80 100644 +--- a/doc/src/sgml/extend.sgml ++++ b/doc/src/sgml/extend.sgml +@@ -1109,17 +1109,6 @@ SELECT * FROM pg_extension_update_paths('<replaceable>extension_name</replaceabl + <varname>search_path</varname>. However, no mechanism currently exists + to require that. + </para> +- +- <para> +- Do <emphasis>not</emphasis> use <command>CREATE OR REPLACE +- FUNCTION</command>, except in an update script that must change the +- definition of a function that is known to be an extension member +- already. (Likewise for other <literal>OR REPLACE</literal> options.) +- Using <literal>OR REPLACE</literal> unnecessarily not only has a risk +- of accidentally overwriting someone else's function, but it creates a +- security hazard since the overwritten function would still be owned by +- its original owner, who could modify it. +- </para> + </sect3> + </sect2> + +diff --git a/src/backend/catalog/pg_collation.c b/src/backend/catalog/pg_collation.c +index dd99d53..ba4c3ef 100644 +--- a/src/backend/catalog/pg_collation.c ++++ b/src/backend/catalog/pg_collation.c +@@ -78,15 +78,25 @@ CollationCreate(const char *collname, Oid collnamespace, + * friendlier error message. The unique index provides a backstop against + * race conditions. + */ +- if (SearchSysCacheExists3(COLLNAMEENCNSP, +- PointerGetDatum(collname), +- Int32GetDatum(collencoding), +- ObjectIdGetDatum(collnamespace))) ++ oid = GetSysCacheOid3(COLLNAMEENCNSP, ++ Anum_pg_collation_oid, ++ PointerGetDatum(collname), ++ Int32GetDatum(collencoding), ++ ObjectIdGetDatum(collnamespace)); ++ if (OidIsValid(oid)) + { + if (quiet) + return InvalidOid; + else if (if_not_exists) + { ++ /* ++ * If we are in an extension script, insist that the pre-existing ++ * object be a member of the extension, to avoid security risks. ++ */ ++ ObjectAddressSet(myself, CollationRelationId, oid); ++ checkMembershipInCurrentExtension(&myself); ++ ++ /* OK to skip */ + ereport(NOTICE, + (errcode(ERRCODE_DUPLICATE_OBJECT), + collencoding == -1 +@@ -116,16 +126,19 @@ CollationCreate(const char *collname, Oid collnamespace, + * so we take a ShareRowExclusiveLock earlier, to protect against + * concurrent changes fooling this check. + */ +- if ((collencoding == -1 && +- SearchSysCacheExists3(COLLNAMEENCNSP, +- PointerGetDatum(collname), +- Int32GetDatum(GetDatabaseEncoding()), +- ObjectIdGetDatum(collnamespace))) || +- (collencoding != -1 && +- SearchSysCacheExists3(COLLNAMEENCNSP, +- PointerGetDatum(collname), +- Int32GetDatum(-1), +- ObjectIdGetDatum(collnamespace)))) ++ if (collencoding == -1) ++ oid = GetSysCacheOid3(COLLNAMEENCNSP, ++ Anum_pg_collation_oid, ++ PointerGetDatum(collname), ++ Int32GetDatum(GetDatabaseEncoding()), ++ ObjectIdGetDatum(collnamespace)); ++ else ++ oid = GetSysCacheOid3(COLLNAMEENCNSP, ++ Anum_pg_collation_oid, ++ PointerGetDatum(collname), ++ Int32GetDatum(-1), ++ ObjectIdGetDatum(collnamespace)); ++ if (OidIsValid(oid)) + { + if (quiet) + { +@@ -134,6 +147,14 @@ CollationCreate(const char *collname, Oid collnamespace, + } + else if (if_not_exists) + { ++ /* ++ * If we are in an extension script, insist that the pre-existing ++ * object be a member of the extension, to avoid security risks. ++ */ ++ ObjectAddressSet(myself, CollationRelationId, oid); ++ checkMembershipInCurrentExtension(&myself); ++ ++ /* OK to skip */ + table_close(rel, NoLock); + ereport(NOTICE, + (errcode(ERRCODE_DUPLICATE_OBJECT), +diff --git a/src/backend/catalog/pg_depend.c b/src/backend/catalog/pg_depend.c +index 9ffadbb..71c7cef 100644 +--- a/src/backend/catalog/pg_depend.c ++++ b/src/backend/catalog/pg_depend.c +@@ -124,15 +124,23 @@ recordMultipleDependencies(const ObjectAddress *depender, + + /* + * If we are executing a CREATE EXTENSION operation, mark the given object +- * as being a member of the extension. Otherwise, do nothing. ++ * as being a member of the extension, or check that it already is one. ++ * Otherwise, do nothing. + * + * This must be called during creation of any user-definable object type + * that could be a member of an extension. + * +- * If isReplace is true, the object already existed (or might have already +- * existed), so we must check for a pre-existing extension membership entry. +- * Passing false is a guarantee that the object is newly created, and so +- * could not already be a member of any extension. ++ * isReplace must be true if the object already existed, and false if it is ++ * newly created. In the former case we insist that it already be a member ++ * of the current extension. In the latter case we can skip checking whether ++ * it is already a member of any extension. ++ * ++ * Note: isReplace = true is typically used when updating a object in ++ * CREATE OR REPLACE and similar commands. We used to allow the target ++ * object to not already be an extension member, instead silently absorbing ++ * it into the current extension. However, this was both error-prone ++ * (extensions might accidentally overwrite free-standing objects) and ++ * a security hazard (since the object would retain its previous ownership). + */ + void + recordDependencyOnCurrentExtension(const ObjectAddress *object, +@@ -150,6 +158,12 @@ recordDependencyOnCurrentExtension(const ObjectAddress *object, + { + Oid oldext; + ++ /* ++ * Side note: these catalog lookups are safe only because the ++ * object is a pre-existing one. In the not-isReplace case, the ++ * caller has most likely not yet done a CommandCounterIncrement ++ * that would make the new object visible. ++ */ + oldext = getExtensionOfObject(object->classId, object->objectId); + if (OidIsValid(oldext)) + { +@@ -163,6 +177,13 @@ recordDependencyOnCurrentExtension(const ObjectAddress *object, + getObjectDescription(object), + get_extension_name(oldext)))); + } ++ /* It's a free-standing object, so reject */ ++ ereport(ERROR, ++ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE), ++ errmsg("%s is not a member of extension \"%s\"", ++ getObjectDescription(object), ++ get_extension_name(CurrentExtensionObject)), ++ errdetail("An extension is not allowed to replace an object that it does not own."))); + } + + /* OK, record it as a member of CurrentExtensionObject */ +@@ -174,6 +195,49 @@ recordDependencyOnCurrentExtension(const ObjectAddress *object, + } + } + ++/* ++ * If we are executing a CREATE EXTENSION operation, check that the given ++ * object is a member of the extension, and throw an error if it isn't. ++ * Otherwise, do nothing. ++ * ++ * This must be called whenever a CREATE IF NOT EXISTS operation (for an ++ * object type that can be an extension member) has found that an object of ++ * the desired name already exists. It is insecure for an extension to use ++ * IF NOT EXISTS except when the conflicting object is already an extension ++ * member; otherwise a hostile user could substitute an object with arbitrary ++ * properties. ++ */ ++void ++checkMembershipInCurrentExtension(const ObjectAddress *object) ++{ ++ /* ++ * This is actually the same condition tested in ++ * recordDependencyOnCurrentExtension; but we want to issue a ++ * differently-worded error, and anyway it would be pretty confusing to ++ * call recordDependencyOnCurrentExtension in these circumstances. ++ */ ++ ++ /* Only whole objects can be extension members */ ++ Assert(object->objectSubId == 0); ++ ++ if (creating_extension) ++ { ++ Oid oldext; ++ ++ oldext = getExtensionOfObject(object->classId, object->objectId); ++ /* If already a member of this extension, OK */ ++ if (oldext == CurrentExtensionObject) ++ return; ++ /* Else complain */ ++ ereport(ERROR, ++ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE), ++ errmsg("%s is not a member of extension \"%s\"", ++ getObjectDescription(object), ++ get_extension_name(CurrentExtensionObject)), ++ errdetail("An extension may only use CREATE ... IF NOT EXISTS to skip object creation if the conflicting object is one that it already owns."))); ++ } ++} ++ + /* + * deleteDependencyRecordsFor -- delete all records with given depender + * classId/objectId. Returns the number of records deleted. +diff --git a/src/backend/catalog/pg_operator.c b/src/backend/catalog/pg_operator.c +index bcaa26c..84784e6 100644 +--- a/src/backend/catalog/pg_operator.c ++++ b/src/backend/catalog/pg_operator.c +@@ -867,7 +867,7 @@ makeOperatorDependencies(HeapTuple tuple, bool isUpdate) + oper->oprowner); + + /* Dependency on extension */ +- recordDependencyOnCurrentExtension(&myself, true); ++ recordDependencyOnCurrentExtension(&myself, isUpdate); + + return myself; + } +diff --git a/src/backend/catalog/pg_type.c b/src/backend/catalog/pg_type.c +index 2a51501..3ff017f 100644 +--- a/src/backend/catalog/pg_type.c ++++ b/src/backend/catalog/pg_type.c +@@ -528,10 +528,9 @@ TypeCreate(Oid newTypeOid, + * If rebuild is true, we remove existing dependencies and rebuild them + * from scratch. This is needed for ALTER TYPE, and also when replacing + * a shell type. We don't remove an existing extension dependency, though. +- * (That means an extension can't absorb a shell type created in another +- * extension, nor ALTER a type created by another extension. Also, if it +- * replaces a free-standing shell type or ALTERs a free-standing type, +- * that type will become a member of the extension.) ++ * That means an extension can't absorb a shell type that is free-standing ++ * or belongs to another extension, nor ALTER a type that is free-standing or ++ * belongs to another extension. + */ + void + GenerateTypeDependencies(Oid typeObjectId, +diff --git a/src/backend/commands/createas.c b/src/backend/commands/createas.c +index 4c1d909..a68d945 100644 +--- a/src/backend/commands/createas.c ++++ b/src/backend/commands/createas.c +@@ -243,15 +243,27 @@ ExecCreateTableAs(CreateTableAsStmt *stmt, const char *queryString, + if (stmt->if_not_exists) + { + Oid nspid; ++ Oid oldrelid; + +- nspid = RangeVarGetCreationNamespace(stmt->into->rel); ++ nspid = RangeVarGetCreationNamespace(into->rel); + +- if (get_relname_relid(stmt->into->rel->relname, nspid)) ++ oldrelid = get_relname_relid(into->rel->relname, nspid); ++ if (OidIsValid(oldrelid)) + { ++ /* ++ * The relation exists and IF NOT EXISTS has been specified. ++ * ++ * If we are in an extension script, insist that the pre-existing ++ * object be a member of the extension, to avoid security risks. ++ */ ++ ObjectAddressSet(address, RelationRelationId, oldrelid); ++ checkMembershipInCurrentExtension(&address); ++ ++ /* OK to skip */ + ereport(NOTICE, + (errcode(ERRCODE_DUPLICATE_TABLE), + errmsg("relation \"%s\" already exists, skipping", +- stmt->into->rel->relname))); ++ into->rel->relname))); + return InvalidObjectAddress; + } + } +diff --git a/src/backend/commands/foreigncmds.c b/src/backend/commands/foreigncmds.c +index d7bc6e3..bc583c6 100644 +--- a/src/backend/commands/foreigncmds.c ++++ b/src/backend/commands/foreigncmds.c +@@ -887,13 +887,22 @@ CreateForeignServer(CreateForeignServerStmt *stmt) + ownerId = GetUserId(); + + /* +- * Check that there is no other foreign server by this name. Do nothing if +- * IF NOT EXISTS was enforced. ++ * Check that there is no other foreign server by this name. If there is ++ * one, do nothing if IF NOT EXISTS was specified. + */ +- if (GetForeignServerByName(stmt->servername, true) != NULL) ++ srvId = get_foreign_server_oid(stmt->servername, true); ++ if (OidIsValid(srvId)) + { + if (stmt->if_not_exists) + { ++ /* ++ * If we are in an extension script, insist that the pre-existing ++ * object be a member of the extension, to avoid security risks. ++ */ ++ ObjectAddressSet(myself, ForeignServerRelationId, srvId); ++ checkMembershipInCurrentExtension(&myself); ++ ++ /* OK to skip */ + ereport(NOTICE, + (errcode(ERRCODE_DUPLICATE_OBJECT), + errmsg("server \"%s\" already exists, skipping", +@@ -1182,6 +1191,10 @@ CreateUserMapping(CreateUserMappingStmt *stmt) + { + if (stmt->if_not_exists) + { ++ /* ++ * Since user mappings aren't members of extensions (see comments ++ * below), no need for checkMembershipInCurrentExtension here. ++ */ + ereport(NOTICE, + (errcode(ERRCODE_DUPLICATE_OBJECT), + errmsg("user mapping for \"%s\" already exists for server \"%s\", skipping", +diff --git a/src/backend/commands/schemacmds.c b/src/backend/commands/schemacmds.c +index 6cf94a3..6bc4edc 100644 +--- a/src/backend/commands/schemacmds.c ++++ b/src/backend/commands/schemacmds.c +@@ -113,14 +113,25 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString, + * the permissions checks, but since CREATE TABLE IF NOT EXISTS makes its + * creation-permission check first, we do likewise. + */ +- if (stmt->if_not_exists && +- SearchSysCacheExists1(NAMESPACENAME, PointerGetDatum(schemaName))) ++ if (stmt->if_not_exists) + { +- ereport(NOTICE, +- (errcode(ERRCODE_DUPLICATE_SCHEMA), +- errmsg("schema \"%s\" already exists, skipping", +- schemaName))); +- return InvalidOid; ++ namespaceId = get_namespace_oid(schemaName, true); ++ if (OidIsValid(namespaceId)) ++ { ++ /* ++ * If we are in an extension script, insist that the pre-existing ++ * object be a member of the extension, to avoid security risks. ++ */ ++ ObjectAddressSet(address, NamespaceRelationId, namespaceId); ++ checkMembershipInCurrentExtension(&address); ++ ++ /* OK to skip */ ++ ereport(NOTICE, ++ (errcode(ERRCODE_DUPLICATE_SCHEMA), ++ errmsg("schema \"%s\" already exists, skipping", ++ schemaName))); ++ return InvalidOid; ++ } + } + + /* +diff --git a/src/backend/commands/sequence.c b/src/backend/commands/sequence.c +index 0960b33..0577184 100644 +--- a/src/backend/commands/sequence.c ++++ b/src/backend/commands/sequence.c +@@ -149,6 +149,14 @@ DefineSequence(ParseState *pstate, CreateSeqStmt *seq) + RangeVarGetAndCheckCreationNamespace(seq->sequence, NoLock, &seqoid); + if (OidIsValid(seqoid)) + { ++ /* ++ * If we are in an extension script, insist that the pre-existing ++ * object be a member of the extension, to avoid security risks. ++ */ ++ ObjectAddressSet(address, RelationRelationId, seqoid); ++ checkMembershipInCurrentExtension(&address); ++ ++ /* OK to skip */ + ereport(NOTICE, + (errcode(ERRCODE_DUPLICATE_TABLE), + errmsg("relation \"%s\" already exists, skipping", +diff --git a/src/backend/commands/statscmds.c b/src/backend/commands/statscmds.c +index 5678d31..409cf28 100644 +--- a/src/backend/commands/statscmds.c ++++ b/src/backend/commands/statscmds.c +@@ -173,6 +173,10 @@ CreateStatistics(CreateStatsStmt *stmt) + { + if (stmt->if_not_exists) + { ++ /* ++ * Since stats objects aren't members of extensions (see comments ++ * below), no need for checkMembershipInCurrentExtension here. ++ */ + ereport(NOTICE, + (errcode(ERRCODE_DUPLICATE_OBJECT), + errmsg("statistics object \"%s\" already exists, skipping", +diff --git a/src/backend/commands/view.c b/src/backend/commands/view.c +index 87ed453..dd7cc97 100644 +--- a/src/backend/commands/view.c ++++ b/src/backend/commands/view.c +@@ -205,7 +205,7 @@ DefineVirtualRelation(RangeVar *relation, List *tlist, bool replace, + CommandCounterIncrement(); + + /* +- * Finally update the view options. ++ * Update the view's options. + * + * The new options list replaces the existing options list, even if + * it's empty. +@@ -218,8 +218,22 @@ DefineVirtualRelation(RangeVar *relation, List *tlist, bool replace, + /* EventTriggerAlterTableStart called by ProcessUtilitySlow */ + AlterTableInternal(viewOid, atcmds, true); + ++ /* ++ * There is very little to do here to update the view's dependencies. ++ * Most view-level dependency relationships, such as those on the ++ * owner, schema, and associated composite type, aren't changing. ++ * Because we don't allow changing type or collation of an existing ++ * view column, those dependencies of the existing columns don't ++ * change either, while the AT_AddColumnToView machinery took care of ++ * adding such dependencies for new view columns. The dependencies of ++ * the view's query could have changed arbitrarily, but that was dealt ++ * with inside StoreViewQuery. What remains is only to check that ++ * view replacement is allowed when we're creating an extension. ++ */ + ObjectAddressSet(address, RelationRelationId, viewOid); + ++ recordDependencyOnCurrentExtension(&address, true); ++ + /* + * Seems okay, so return the OID of the pre-existing view. + */ +diff --git a/src/backend/parser/parse_utilcmd.c b/src/backend/parser/parse_utilcmd.c +index 44aa38a..8f4d940 100644 +--- a/src/backend/parser/parse_utilcmd.c ++++ b/src/backend/parser/parse_utilcmd.c +@@ -206,6 +206,16 @@ transformCreateStmt(CreateStmt *stmt, const char *queryString) + */ + if (stmt->if_not_exists && OidIsValid(existing_relid)) + { ++ /* ++ * If we are in an extension script, insist that the pre-existing ++ * object be a member of the extension, to avoid security risks. ++ */ ++ ObjectAddress address; ++ ++ ObjectAddressSet(address, RelationRelationId, existing_relid); ++ checkMembershipInCurrentExtension(&address); ++ ++ /* OK to skip */ + ereport(NOTICE, + (errcode(ERRCODE_DUPLICATE_TABLE), + errmsg("relation \"%s\" already exists, skipping", +diff --git a/src/include/catalog/dependency.h b/src/include/catalog/dependency.h +index 8b1e3aa..27c7509 100644 +--- a/src/include/catalog/dependency.h ++++ b/src/include/catalog/dependency.h +@@ -201,6 +201,8 @@ extern void recordMultipleDependencies(const ObjectAddress *depender, + extern void recordDependencyOnCurrentExtension(const ObjectAddress *object, + bool isReplace); + ++extern void checkMembershipInCurrentExtension(const ObjectAddress *object); ++ + extern long deleteDependencyRecordsFor(Oid classId, Oid objectId, + bool skipExtensionDeps); + +diff --git a/src/test/modules/test_extensions/Makefile b/src/test/modules/test_extensions/Makefile +index d18108e..7428f15 100644 +--- a/src/test/modules/test_extensions/Makefile ++++ b/src/test/modules/test_extensions/Makefile +@@ -4,10 +4,13 @@ MODULE = test_extensions + PGFILEDESC = "test_extensions - regression testing for EXTENSION support" + + EXTENSION = test_ext1 test_ext2 test_ext3 test_ext4 test_ext5 test_ext6 \ +- test_ext7 test_ext8 test_ext_cyclic1 test_ext_cyclic2 ++ test_ext7 test_ext8 test_ext_cine test_ext_cor \ ++ test_ext_cyclic1 test_ext_cyclic2 + DATA = test_ext1--1.0.sql test_ext2--1.0.sql test_ext3--1.0.sql \ + test_ext4--1.0.sql test_ext5--1.0.sql test_ext6--1.0.sql \ + test_ext7--1.0.sql test_ext7--1.0--2.0.sql test_ext8--1.0.sql \ ++ test_ext_cine--1.0.sql test_ext_cine--1.0--1.1.sql \ ++ test_ext_cor--1.0.sql \ + test_ext_cyclic1--1.0.sql test_ext_cyclic2--1.0.sql + + REGRESS = test_extensions test_extdepend +diff --git a/src/test/modules/test_extensions/expected/test_extensions.out b/src/test/modules/test_extensions/expected/test_extensions.out +index b5cbdfc..1e91640 100644 +--- a/src/test/modules/test_extensions/expected/test_extensions.out ++++ b/src/test/modules/test_extensions/expected/test_extensions.out +@@ -154,3 +154,156 @@ DROP TABLE test_ext4_tab; + DROP FUNCTION create_extension_with_temp_schema(); + RESET client_min_messages; + \unset SHOW_CONTEXT ++-- It's generally bad style to use CREATE OR REPLACE unnecessarily. ++-- Test what happens if an extension does it anyway. ++-- Replacing a shell type or operator is sort of like CREATE OR REPLACE; ++-- check that too. ++CREATE FUNCTION ext_cor_func() RETURNS text ++ AS $$ SELECT 'ext_cor_func: original'::text $$ LANGUAGE sql; ++CREATE EXTENSION test_ext_cor; -- fail ++ERROR: function ext_cor_func() is not a member of extension "test_ext_cor" ++DETAIL: An extension is not allowed to replace an object that it does not own. ++SELECT ext_cor_func(); ++ ext_cor_func ++------------------------ ++ ext_cor_func: original ++(1 row) ++ ++DROP FUNCTION ext_cor_func(); ++CREATE VIEW ext_cor_view AS ++ SELECT 'ext_cor_view: original'::text AS col; ++CREATE EXTENSION test_ext_cor; -- fail ++ERROR: view ext_cor_view is not a member of extension "test_ext_cor" ++DETAIL: An extension is not allowed to replace an object that it does not own. ++SELECT ext_cor_func(); ++ERROR: function ext_cor_func() does not exist ++LINE 1: SELECT ext_cor_func(); ++ ^ ++HINT: No function matches the given name and argument types. You might need to add explicit type casts. ++SELECT * FROM ext_cor_view; ++ col ++------------------------ ++ ext_cor_view: original ++(1 row) ++ ++DROP VIEW ext_cor_view; ++CREATE TYPE test_ext_type; ++CREATE EXTENSION test_ext_cor; -- fail ++ERROR: type test_ext_type is not a member of extension "test_ext_cor" ++DETAIL: An extension is not allowed to replace an object that it does not own. ++DROP TYPE test_ext_type; ++-- this makes a shell "point <<@@ polygon" operator too ++CREATE OPERATOR @@>> ( PROCEDURE = poly_contain_pt, ++ LEFTARG = polygon, RIGHTARG = point, ++ COMMUTATOR = <<@@ ); ++CREATE EXTENSION test_ext_cor; -- fail ++ERROR: operator <<@@(point,polygon) is not a member of extension "test_ext_cor" ++DETAIL: An extension is not allowed to replace an object that it does not own. ++DROP OPERATOR <<@@ (point, polygon); ++CREATE EXTENSION test_ext_cor; -- now it should work ++SELECT ext_cor_func(); ++ ext_cor_func ++------------------------------ ++ ext_cor_func: from extension ++(1 row) ++ ++SELECT * FROM ext_cor_view; ++ col ++------------------------------ ++ ext_cor_view: from extension ++(1 row) ++ ++SELECT 'x'::test_ext_type; ++ test_ext_type ++--------------- ++ x ++(1 row) ++ ++SELECT point(0,0) <<@@ polygon(circle(point(0,0),1)); ++ ?column? ++---------- ++ t ++(1 row) ++ ++\dx+ test_ext_cor ++Objects in extension "test_ext_cor" ++ Object description ++------------------------------ ++ function ext_cor_func() ++ operator <<@@(point,polygon) ++ type test_ext_type ++ view ext_cor_view ++(4 rows) ++ ++-- ++-- CREATE IF NOT EXISTS is an entirely unsound thing for an extension ++-- to be doing, but let's at least plug the major security hole in it. ++-- ++CREATE COLLATION ext_cine_coll ++ ( LC_COLLATE = "C", LC_CTYPE = "C" ); ++CREATE EXTENSION test_ext_cine; -- fail ++ERROR: collation ext_cine_coll is not a member of extension "test_ext_cine" ++DETAIL: An extension may only use CREATE ... IF NOT EXISTS to skip object creation if the conflicting object is one that it already owns. ++DROP COLLATION ext_cine_coll; ++CREATE MATERIALIZED VIEW ext_cine_mv AS SELECT 11 AS f1; ++CREATE EXTENSION test_ext_cine; -- fail ++ERROR: materialized view ext_cine_mv is not a member of extension "test_ext_cine" ++DETAIL: An extension may only use CREATE ... IF NOT EXISTS to skip object creation if the conflicting object is one that it already owns. ++DROP MATERIALIZED VIEW ext_cine_mv; ++CREATE FOREIGN DATA WRAPPER dummy; ++CREATE SERVER ext_cine_srv FOREIGN DATA WRAPPER dummy; ++CREATE EXTENSION test_ext_cine; -- fail ++ERROR: server ext_cine_srv is not a member of extension "test_ext_cine" ++DETAIL: An extension may only use CREATE ... IF NOT EXISTS to skip object creation if the conflicting object is one that it already owns. ++DROP SERVER ext_cine_srv; ++CREATE SCHEMA ext_cine_schema; ++CREATE EXTENSION test_ext_cine; -- fail ++ERROR: schema ext_cine_schema is not a member of extension "test_ext_cine" ++DETAIL: An extension may only use CREATE ... IF NOT EXISTS to skip object creation if the conflicting object is one that it already owns. ++DROP SCHEMA ext_cine_schema; ++CREATE SEQUENCE ext_cine_seq; ++CREATE EXTENSION test_ext_cine; -- fail ++ERROR: sequence ext_cine_seq is not a member of extension "test_ext_cine" ++DETAIL: An extension may only use CREATE ... IF NOT EXISTS to skip object creation if the conflicting object is one that it already owns. ++DROP SEQUENCE ext_cine_seq; ++CREATE TABLE ext_cine_tab1 (x int); ++CREATE EXTENSION test_ext_cine; -- fail ++ERROR: table ext_cine_tab1 is not a member of extension "test_ext_cine" ++DETAIL: An extension may only use CREATE ... IF NOT EXISTS to skip object creation if the conflicting object is one that it already owns. ++DROP TABLE ext_cine_tab1; ++CREATE TABLE ext_cine_tab2 AS SELECT 42 AS y; ++CREATE EXTENSION test_ext_cine; -- fail ++ERROR: table ext_cine_tab2 is not a member of extension "test_ext_cine" ++DETAIL: An extension may only use CREATE ... IF NOT EXISTS to skip object creation if the conflicting object is one that it already owns. ++DROP TABLE ext_cine_tab2; ++CREATE EXTENSION test_ext_cine; ++\dx+ test_ext_cine ++Objects in extension "test_ext_cine" ++ Object description ++----------------------------------- ++ collation ext_cine_coll ++ foreign-data wrapper ext_cine_fdw ++ materialized view ext_cine_mv ++ schema ext_cine_schema ++ sequence ext_cine_seq ++ server ext_cine_srv ++ table ext_cine_tab1 ++ table ext_cine_tab2 ++(8 rows) ++ ++ALTER EXTENSION test_ext_cine UPDATE TO '1.1'; ++\dx+ test_ext_cine ++Objects in extension "test_ext_cine" ++ Object description ++----------------------------------- ++ collation ext_cine_coll ++ foreign-data wrapper ext_cine_fdw ++ materialized view ext_cine_mv ++ schema ext_cine_schema ++ sequence ext_cine_seq ++ server ext_cine_srv ++ table ext_cine_tab1 ++ table ext_cine_tab2 ++ table ext_cine_tab3 ++(9 rows) ++ +diff --git a/src/test/modules/test_extensions/sql/test_extensions.sql b/src/test/modules/test_extensions/sql/test_extensions.sql +index f505466..b3d4579 100644 +--- a/src/test/modules/test_extensions/sql/test_extensions.sql ++++ b/src/test/modules/test_extensions/sql/test_extensions.sql +@@ -93,3 +93,113 @@ DROP TABLE test_ext4_tab; + DROP FUNCTION create_extension_with_temp_schema(); + RESET client_min_messages; + \unset SHOW_CONTEXT ++ ++-- It's generally bad style to use CREATE OR REPLACE unnecessarily. ++-- Test what happens if an extension does it anyway. ++-- Replacing a shell type or operator is sort of like CREATE OR REPLACE; ++-- check that too. ++ ++CREATE FUNCTION ext_cor_func() RETURNS text ++ AS $$ SELECT 'ext_cor_func: original'::text $$ LANGUAGE sql; ++ ++CREATE EXTENSION test_ext_cor; -- fail ++ ++SELECT ext_cor_func(); ++ ++DROP FUNCTION ext_cor_func(); ++ ++CREATE VIEW ext_cor_view AS ++ SELECT 'ext_cor_view: original'::text AS col; ++ ++CREATE EXTENSION test_ext_cor; -- fail ++ ++SELECT ext_cor_func(); ++ ++SELECT * FROM ext_cor_view; ++ ++DROP VIEW ext_cor_view; ++ ++CREATE TYPE test_ext_type; ++ ++CREATE EXTENSION test_ext_cor; -- fail ++ ++DROP TYPE test_ext_type; ++ ++-- this makes a shell "point <<@@ polygon" operator too ++CREATE OPERATOR @@>> ( PROCEDURE = poly_contain_pt, ++ LEFTARG = polygon, RIGHTARG = point, ++ COMMUTATOR = <<@@ ); ++ ++CREATE EXTENSION test_ext_cor; -- fail ++ ++DROP OPERATOR <<@@ (point, polygon); ++ ++CREATE EXTENSION test_ext_cor; -- now it should work ++ ++SELECT ext_cor_func(); ++ ++SELECT * FROM ext_cor_view; ++ ++SELECT 'x'::test_ext_type; ++ ++SELECT point(0,0) <<@@ polygon(circle(point(0,0),1)); ++ ++\dx+ test_ext_cor ++ ++-- ++-- CREATE IF NOT EXISTS is an entirely unsound thing for an extension ++-- to be doing, but let's at least plug the major security hole in it. ++-- ++ ++CREATE COLLATION ext_cine_coll ++ ( LC_COLLATE = "C", LC_CTYPE = "C" ); ++ ++CREATE EXTENSION test_ext_cine; -- fail ++ ++DROP COLLATION ext_cine_coll; ++ ++CREATE MATERIALIZED VIEW ext_cine_mv AS SELECT 11 AS f1; ++ ++CREATE EXTENSION test_ext_cine; -- fail ++ ++DROP MATERIALIZED VIEW ext_cine_mv; ++ ++CREATE FOREIGN DATA WRAPPER dummy; ++ ++CREATE SERVER ext_cine_srv FOREIGN DATA WRAPPER dummy; ++ ++CREATE EXTENSION test_ext_cine; -- fail ++ ++DROP SERVER ext_cine_srv; ++ ++CREATE SCHEMA ext_cine_schema; ++ ++CREATE EXTENSION test_ext_cine; -- fail ++ ++DROP SCHEMA ext_cine_schema; ++ ++CREATE SEQUENCE ext_cine_seq; ++ ++CREATE EXTENSION test_ext_cine; -- fail ++ ++DROP SEQUENCE ext_cine_seq; ++ ++CREATE TABLE ext_cine_tab1 (x int); ++ ++CREATE EXTENSION test_ext_cine; -- fail ++ ++DROP TABLE ext_cine_tab1; ++ ++CREATE TABLE ext_cine_tab2 AS SELECT 42 AS y; ++ ++CREATE EXTENSION test_ext_cine; -- fail ++ ++DROP TABLE ext_cine_tab2; ++ ++CREATE EXTENSION test_ext_cine; ++ ++\dx+ test_ext_cine ++ ++ALTER EXTENSION test_ext_cine UPDATE TO '1.1'; ++ ++\dx+ test_ext_cine +diff --git a/src/test/modules/test_extensions/test_ext_cine--1.0--1.1.sql b/src/test/modules/test_extensions/test_ext_cine--1.0--1.1.sql +new file mode 100644 +index 0000000..6dadfd2 +--- /dev/null ++++ b/src/test/modules/test_extensions/test_ext_cine--1.0--1.1.sql +@@ -0,0 +1,26 @@ ++/* src/test/modules/test_extensions/test_ext_cine--1.0--1.1.sql */ ++-- complain if script is sourced in psql, rather than via ALTER EXTENSION ++\echo Use "ALTER EXTENSION test_ext_cine UPDATE TO '1.1'" to load this file. \quit ++ ++-- ++-- These are the same commands as in the 1.0 script; we expect them ++-- to do nothing. ++-- ++ ++CREATE COLLATION IF NOT EXISTS ext_cine_coll ++ ( LC_COLLATE = "POSIX", LC_CTYPE = "POSIX" ); ++ ++CREATE MATERIALIZED VIEW IF NOT EXISTS ext_cine_mv AS SELECT 42 AS f1; ++ ++CREATE SERVER IF NOT EXISTS ext_cine_srv FOREIGN DATA WRAPPER ext_cine_fdw; ++ ++CREATE SCHEMA IF NOT EXISTS ext_cine_schema; ++ ++CREATE SEQUENCE IF NOT EXISTS ext_cine_seq; ++ ++CREATE TABLE IF NOT EXISTS ext_cine_tab1 (x int); ++ ++CREATE TABLE IF NOT EXISTS ext_cine_tab2 AS SELECT 42 AS y; ++ ++-- just to verify the script ran ++CREATE TABLE ext_cine_tab3 (z int); +diff --git a/src/test/modules/test_extensions/test_ext_cine--1.0.sql b/src/test/modules/test_extensions/test_ext_cine--1.0.sql +new file mode 100644 +index 0000000..01408ff +--- /dev/null ++++ b/src/test/modules/test_extensions/test_ext_cine--1.0.sql +@@ -0,0 +1,25 @@ ++/* src/test/modules/test_extensions/test_ext_cine--1.0.sql */ ++-- complain if script is sourced in psql, rather than via CREATE EXTENSION ++\echo Use "CREATE EXTENSION test_ext_cine" to load this file. \quit ++ ++-- ++-- CREATE IF NOT EXISTS is an entirely unsound thing for an extension ++-- to be doing, but let's at least plug the major security hole in it. ++-- ++ ++CREATE COLLATION IF NOT EXISTS ext_cine_coll ++ ( LC_COLLATE = "POSIX", LC_CTYPE = "POSIX" ); ++ ++CREATE MATERIALIZED VIEW IF NOT EXISTS ext_cine_mv AS SELECT 42 AS f1; ++ ++CREATE FOREIGN DATA WRAPPER ext_cine_fdw; ++ ++CREATE SERVER IF NOT EXISTS ext_cine_srv FOREIGN DATA WRAPPER ext_cine_fdw; ++ ++CREATE SCHEMA IF NOT EXISTS ext_cine_schema; ++ ++CREATE SEQUENCE IF NOT EXISTS ext_cine_seq; ++ ++CREATE TABLE IF NOT EXISTS ext_cine_tab1 (x int); ++ ++CREATE TABLE IF NOT EXISTS ext_cine_tab2 AS SELECT 42 AS y; +diff --git a/src/test/modules/test_extensions/test_ext_cine.control b/src/test/modules/test_extensions/test_ext_cine.control +new file mode 100644 +index 0000000..ced713b +--- /dev/null ++++ b/src/test/modules/test_extensions/test_ext_cine.control +@@ -0,0 +1,3 @@ ++comment = 'Test extension using CREATE IF NOT EXISTS' ++default_version = '1.0' ++relocatable = true +diff --git a/src/test/modules/test_extensions/test_ext_cor--1.0.sql b/src/test/modules/test_extensions/test_ext_cor--1.0.sql +new file mode 100644 +index 0000000..2e8d89c +--- /dev/null ++++ b/src/test/modules/test_extensions/test_ext_cor--1.0.sql +@@ -0,0 +1,20 @@ ++/* src/test/modules/test_extensions/test_ext_cor--1.0.sql */ ++-- complain if script is sourced in psql, rather than via CREATE EXTENSION ++\echo Use "CREATE EXTENSION test_ext_cor" to load this file. \quit ++ ++-- It's generally bad style to use CREATE OR REPLACE unnecessarily. ++-- Test what happens if an extension does it anyway. ++ ++CREATE OR REPLACE FUNCTION ext_cor_func() RETURNS text ++ AS $$ SELECT 'ext_cor_func: from extension'::text $$ LANGUAGE sql; ++ ++CREATE OR REPLACE VIEW ext_cor_view AS ++ SELECT 'ext_cor_view: from extension'::text AS col; ++ ++-- These are for testing replacement of a shell type/operator, which works ++-- enough like an implicit OR REPLACE to be important to check. ++ ++CREATE TYPE test_ext_type AS ENUM('x', 'y'); ++ ++CREATE OPERATOR <<@@ ( PROCEDURE = pt_contained_poly, ++ LEFTARG = point, RIGHTARG = polygon ); +diff --git a/src/test/modules/test_extensions/test_ext_cor.control b/src/test/modules/test_extensions/test_ext_cor.control +new file mode 100644 +index 0000000..0e972e5 +--- /dev/null ++++ b/src/test/modules/test_extensions/test_ext_cor.control +@@ -0,0 +1,3 @@ ++comment = 'Test extension using CREATE OR REPLACE' ++default_version = '1.0' ++relocatable = true +-- +2.25.1 + diff --git a/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch b/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch new file mode 100644 index 000000000..92a3dcc71 --- /dev/null +++ b/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch @@ -0,0 +1,38 @@ +Remove duplicate code for riscv + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +--- a/src/include/storage/s_lock.h ++++ b/src/include/storage/s_lock.h +@@ -341,30 +341,6 @@ tas(volatile slock_t *lock) + #endif /* HAVE_GCC__SYNC_INT32_TAS */ + #endif /* __arm__ || __arm || __aarch64__ || __aarch64 || __riscv */ + +- +-/* +- * RISC-V likewise uses __sync_lock_test_and_set(int *, int) if available. +- */ +-#if defined(__riscv) +-#ifdef HAVE_GCC__SYNC_INT32_TAS +-#define HAS_TEST_AND_SET +- +-#define TAS(lock) tas(lock) +- +-typedef int slock_t; +- +-static __inline__ int +-tas(volatile slock_t *lock) +-{ +- return __sync_lock_test_and_set(lock, 1); +-} +- +-#define S_UNLOCK(lock) __sync_lock_release(lock) +- +-#endif /* HAVE_GCC__SYNC_INT32_TAS */ +-#endif /* __riscv */ +- +- + /* S/390 and S/390x Linux (32- and 64-bit zSeries) */ + #if defined(__s390__) || defined(__s390x__) + #define HAS_TEST_AND_SET diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_12.7.bb b/meta-oe/recipes-dbs/postgresql/postgresql_12.9.bb index 18ba2178f..860e821b2 100644 --- a/meta-oe/recipes-dbs/postgresql/postgresql_12.7.bb +++ b/meta-oe/recipes-dbs/postgresql/postgresql_12.9.bb @@ -6,6 +6,9 @@ SRC_URI += "\ file://not-check-libperl.patch \ file://0001-Add-support-for-RISC-V.patch \ file://0001-Improve-reproducibility.patch \ + file://remove_duplicate.patch \ + file://CVE-2022-1552.patch \ + file://CVE-2022-2625.patch \ " -SRC_URI[sha256sum] = "8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995" +SRC_URI[sha256sum] = "89fda2de33ed04a98548e43f3ee5f15b882be17505d631fe0dd1a540a2b56dce" diff --git a/meta-oe/recipes-dbs/rocksdb/rocksdb_git.bb b/meta-oe/recipes-dbs/rocksdb/rocksdb_git.bb index b9038df81..f97131991 100644 --- a/meta-oe/recipes-dbs/rocksdb/rocksdb_git.bb +++ b/meta-oe/recipes-dbs/rocksdb/rocksdb_git.bb @@ -10,7 +10,7 @@ SRCREV = "551a110918493a19d11243f53408b97485de1411" SRCBRANCH = "6.6.fb" PV = "6.6.4" -SRC_URI = "git://github.com/facebook/${BPN}.git;branch=${SRCBRANCH} \ +SRC_URI = "git://github.com/facebook/${BPN}.git;branch=${SRCBRANCH};protocol=https \ file://0001-db-write_thread.cc-Initialize-state.patch \ file://0001-cmake-Add-check-for-atomic-support.patch \ " diff --git a/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb b/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb index e874e4a5e..87f9c23eb 100644 --- a/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb +++ b/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=df52c6edb7adc22e533b2bacc3bd3915" PV = "20190808+git${SRCPV}" SRCREV = "aa844899c937bde5d2b24f276b59997e5b668bde" BRANCH = "lts_2019_08_08" -SRC_URI = "git://github.com/abseil/abseil-cpp;branch=${BRANCH} \ +SRC_URI = "git://github.com/abseil/abseil-cpp;branch=${BRANCH};protocol=https \ file://0001-Remove-maes-option-from-cross-compilation.patch \ file://0002-Add-forgotten-ABSL_HAVE_VDSO_SUPPORT-conditional.patch \ file://0003-Add-fPIC-option.patch \ diff --git a/meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb b/meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb index fb6125e2a..ef440471b 100644 --- a/meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb +++ b/meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb @@ -19,6 +19,7 @@ SRCREV_libhardware = "be55eb1f4d840c82ffaf7c47460df17ff5bc4d9b" SRCREV_libselinux = "07e9e1339ad1ba608acfba9dce2d0f474b252feb" SRCREV_build = "16e987def3d7d8f7d30805eb95cef69e52a87dbc" +SRCREV_FORMAT = "core_extras_libhardware_libselinux_build" SRC_URI = " \ git://${ANDROID_MIRROR}/platform/system/core;name=core;protocol=https;nobranch=1;destsuffix=git/system/core \ git://${ANDROID_MIRROR}/platform/system/extras;name=extras;protocol=https;nobranch=1;destsuffix=git/system/extras \ diff --git a/meta-oe/recipes-devtools/bootchart/bootchart_git.bb b/meta-oe/recipes-devtools/bootchart/bootchart_git.bb index 2b75eaac9..79754050d 100644 --- a/meta-oe/recipes-devtools/bootchart/bootchart_git.bb +++ b/meta-oe/recipes-devtools/bootchart/bootchart_git.bb @@ -8,7 +8,7 @@ PV = "1.17" PR = "r1" PE = "1" -SRC_URI = "git://gitorious.org/meego-developer-tools/bootchart.git;protocol=https \ +SRC_URI = "git://gitorious.org/meego-developer-tools/bootchart.git;protocol=https;branch=master \ file://0001-svg-add-rudimentary-support-for-ARM-cpuinfo.patch \ file://0002-svg-open-etc-os-release-and-use-PRETTY_NAME-for-the-.patch \ " diff --git a/meta-oe/recipes-devtools/breakpad/breakpad_git.bb b/meta-oe/recipes-devtools/breakpad/breakpad_git.bb index daf262ed6..1e474225a 100644 --- a/meta-oe/recipes-devtools/breakpad/breakpad_git.bb +++ b/meta-oe/recipes-devtools/breakpad/breakpad_git.bb @@ -26,11 +26,11 @@ SRCREV_protobuf = "cb6dd4ef5f82e41e06179dcd57d3b1d9246ad6ac" SRCREV_lss = "8048ece6c16c91acfe0d36d1d3cc0890ab6e945c" SRCREV_gyp = "324dd166b7c0b39d513026fa52d6280ac6d56770" -SRC_URI = "git://github.com/google/breakpad;name=breakpad \ - git://github.com/google/googletest.git;destsuffix=git/src/testing/gtest;name=gtest \ - git://github.com/google/protobuf.git;destsuffix=git/src/third_party/protobuf/protobuf;name=protobuf \ - git://chromium.googlesource.com/linux-syscall-support;protocol=https;destsuffix=git/src/third_party/lss;name=lss \ - git://chromium.googlesource.com/external/gyp;protocol=https;destsuffix=git/src/tools/gyp;name=gyp \ +SRC_URI = "git://github.com/google/breakpad;name=breakpad;branch=main;protocol=https \ + git://github.com/google/googletest.git;destsuffix=git/src/testing/gtest;name=gtest;branch=main;protocol=https \ + git://github.com/google/protobuf.git;destsuffix=git/src/third_party/protobuf/protobuf;name=protobuf;branch=main;protocol=https \ + git://chromium.googlesource.com/linux-syscall-support;protocol=https;destsuffix=git/src/third_party/lss;name=lss;branch=main \ + git://chromium.googlesource.com/external/gyp;protocol=https;destsuffix=git/src/tools/gyp;name=gyp;branch=master \ file://0001-include-sys-reg.h-to-get-__WORDSIZE-on-musl-libc.patch \ file://0003-Fix-conflict-between-musl-libc-dirent.h-and-lss.patch \ file://0001-Turn-off-sign-compare-for-musl-libc.patch \ diff --git a/meta-oe/recipes-devtools/capnproto/capnproto_0.7.0.bb b/meta-oe/recipes-devtools/capnproto/capnproto_0.7.0.bb index c6bab5ec2..fa1751e56 100644 --- a/meta-oe/recipes-devtools/capnproto/capnproto_0.7.0.bb +++ b/meta-oe/recipes-devtools/capnproto/capnproto_0.7.0.bb @@ -5,7 +5,9 @@ SECTION = "console/tools" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://../LICENSE;md5=a05663ae6cca874123bf667a60dca8c9" -SRC_URI = "git://github.com/sandstorm-io/capnproto.git;branch=release-${PV}" +SRC_URI = "git://github.com/sandstorm-io/capnproto.git;branch=release-${PV};protocol=https \ + file://CVE-2022-46149.patch \ +" SRCREV = "3f44c6db0f0f6c0cab0633f15f15d0a2acd01d19" S = "${WORKDIR}/git/c++" diff --git a/meta-oe/recipes-devtools/capnproto/files/CVE-2022-46149.patch b/meta-oe/recipes-devtools/capnproto/files/CVE-2022-46149.patch new file mode 100644 index 000000000..b6b1fa651 --- /dev/null +++ b/meta-oe/recipes-devtools/capnproto/files/CVE-2022-46149.patch @@ -0,0 +1,49 @@ +From 25d34c67863fd960af34fc4f82a7ca3362ee74b9 Mon Sep 17 00:00:00 2001 +From: Kenton Varda <kenton@cloudflare.com> +Date: Wed, 23 Nov 2022 12:02:29 -0600 +Subject: [PATCH] Apply data offset for list-of-pointers at access time rather + than ListReader creation time. + +Baking this offset into `ptr` reduced ops needed at access time but made the interpretation of `ptr` inconsistent depending on what type of list was expected. + +CVE: CVE-2022-46149 +Upstream-Status: Backport [https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9] +Signed-off-by: Virendra Thakur <virendrak@kpit.com> +--- + c++/src/capnp/layout.c++ | 4 ---- + c++/src/capnp/layout.h | 6 +++++- + 2 files changed, 5 insertions(+), 5 deletions(-) + +Index: c++/src/capnp/layout.c++ +=================================================================== +--- c++.orig/src/capnp/layout.c++ ++++ c++/src/capnp/layout.c++ +@@ -2322,10 +2322,6 @@ struct WireHelpers { + break; + + case ElementSize::POINTER: +- // We expected a list of pointers but got a list of structs. Assuming the first field +- // in the struct is the pointer we were looking for, we want to munge the pointer to +- // point at the first element's pointer section. +- ptr += tag->structRef.dataSize.get(); + KJ_REQUIRE(tag->structRef.ptrCount.get() > ZERO * POINTERS, + "Expected a pointer list, but got a list of data-only structs.") { + goto useDefault; +Index: c++/src/capnp/layout.h +=================================================================== +--- c++.orig/src/capnp/layout.h ++++ c++/src/capnp/layout.h +@@ -1235,8 +1235,12 @@ inline Void ListReader::getDataElement<V + } + + inline PointerReader ListReader::getPointerElement(ElementCount index) const { ++ // If the list elements have data sections we need to skip those. Note that for pointers to be ++ // present at all (which already must be true if we get here), then `structDataSize` must be a ++ // whole number of words, so we don't have to worry about unaligned reads here. ++ auto offset = structDataSize / BITS_PER_BYTE; + return PointerReader(segment, capTable, reinterpret_cast<const WirePointer*>( +- ptr + upgradeBound<uint64_t>(index) * step / BITS_PER_BYTE), nestingLimit); ++ ptr + offset + upgradeBound<uint64_t>(index) * step / BITS_PER_BYTE), nestingLimit); + } + + // ------------------------------------------------------------------- diff --git a/meta-oe/recipes-devtools/cjson/cjson_1.7.13.bb b/meta-oe/recipes-devtools/cjson/cjson_1.7.13.bb index e6174821f..7af05acf9 100644 --- a/meta-oe/recipes-devtools/cjson/cjson_1.7.13.bb +++ b/meta-oe/recipes-devtools/cjson/cjson_1.7.13.bb @@ -5,7 +5,7 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=218947f77e8cb8e2fa02918dc41c50d0" -SRC_URI = "git://github.com/DaveGamble/cJSON.git" +SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https" SRCREV = "39853e5148dad8dc5d32ea2b00943cf4a0c6f120" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/concurrencykit/concurrencykit_git.bb b/meta-oe/recipes-devtools/concurrencykit/concurrencykit_git.bb index 8c6cf7db2..996314a75 100644 --- a/meta-oe/recipes-devtools/concurrencykit/concurrencykit_git.bb +++ b/meta-oe/recipes-devtools/concurrencykit/concurrencykit_git.bb @@ -10,7 +10,7 @@ SECTION = "base" PV = "0.5.1+git${SRCPV}" SRCREV = "f97d3da5c375ac2fc5a9173cdd36cb828915a2e1" LIC_FILES_CHKSUM = "file://LICENSE;md5=a0b24c1a8f9ad516a297d055b0294231" -SRC_URI = "git://github.com/concurrencykit/ck.git \ +SRC_URI = "git://github.com/concurrencykit/ck.git;branch=master;protocol=https \ file://cross.patch \ " diff --git a/meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb b/meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb index 406494ebb..d1b7134b8 100644 --- a/meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb +++ b/meta-oe/recipes-devtools/dnf-plugin-tui/dnf-plugin-tui_git.bb @@ -3,11 +3,11 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/ubinux/dnf-plugin-tui.git;branch=master " +SRC_URI = "git://github.com/ubinux/dnf-plugin-tui.git;branch=master;protocol=https" SRCREV = "c5416adeb210154dc4ccc4c3e1c5297d83ebd41e" PV = "1.1" -SRC_URI_append_class-target = "file://oe-remote.repo.sample" +SRC_URI_append_class-target = " file://oe-remote.repo.sample" inherit distutils3-base diff --git a/meta-oe/recipes-devtools/flatbuffers/flatbuffers_1.12.0.bb b/meta-oe/recipes-devtools/flatbuffers/flatbuffers_1.12.0.bb index 7b8d47d8d..c4f3594f3 100644 --- a/meta-oe/recipes-devtools/flatbuffers/flatbuffers_1.12.0.bb +++ b/meta-oe/recipes-devtools/flatbuffers/flatbuffers_1.12.0.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b83ef96387f14655fc854ddc3c6bd57" SRCREV = "6df40a2471737b27271bdd9b900ab5f3aec746c7" -SRC_URI = "git://github.com/google/flatbuffers.git" +SRC_URI = "git://github.com/google/flatbuffers.git;branch=master;protocol=https" # affects only flatbuffers rust crate CVE_CHECK_WHITELIST += "CVE-2020-35864" @@ -24,12 +24,17 @@ BUILD_CXXFLAGS += "-std=c++11 -fPIC" # BUILD_TYPE=Release is required, otherwise flatc is not installed EXTRA_OECMAKE += "\ -DCMAKE_BUILD_TYPE=Release \ - -DFLATBUFFERS_BUILD_TESTS=OFF \ + -DFLATBUFFERS_BUILD_TESTS=OFF \ -DFLATBUFFERS_BUILD_SHAREDLIB=ON \ " inherit cmake +rm_flatc_cmaketarget_for_target() { + rm -f "${SYSROOT_DESTDIR}/${libdir}/cmake/flatbuffers/FlatcTargets.cmake" +} +SYSROOT_PREPROCESS_FUNCS:class-target += "rm_flatc_cmaketarget_for_target" + S = "${WORKDIR}/git" FILES_${PN}-compiler = "${bindir}" diff --git a/meta-oe/recipes-devtools/grpc/grpc_1.24.3.bb b/meta-oe/recipes-devtools/grpc/grpc_1.24.3.bb index 752562eb3..8a055412f 100644 --- a/meta-oe/recipes-devtools/grpc/grpc_1.24.3.bb +++ b/meta-oe/recipes-devtools/grpc/grpc_1.24.3.bb @@ -15,9 +15,10 @@ SRCREV_grpc = "2de2e8dd8921e1f7d043e01faf7fe8a291fbb072" SRCREV_upb = "9effcbcb27f0a665f9f345030188c0b291e32482" BRANCH = "v1.24.x" SRC_URI = "git://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BRANCH} \ - git://github.com/protocolbuffers/upb;name=upb;destsuffix=git/third_party/upb \ + git://github.com/protocolbuffers/upb;name=upb;destsuffix=git/third_party/upb;branch=main;protocol=https \ file://0001-CMakeLists.txt-Fix-libraries-installation-for-Linux.patch \ " +SRCREV_FORMAT = "grpc_upb" SRC_URI_append_class-target = " file://0001-CMakeLists.txt-Fix-grpc_cpp_plugin-path-during-cross.patch \ " SRC_URI_append_class-nativesdk = " file://0001-CMakeLists.txt-Fix-grpc_cpp_plugin-path-during-cross.patch" @@ -62,6 +63,6 @@ do_configure_prepend_toolchain-clang_x86() { BBCLASSEXTEND = "native nativesdk" -SYSROOT_DIRS_BLACKLIST_append_class-target = "${baselib}/cmake/grpc" +SYSROOT_DIRS_BLACKLIST_append_class-target = " ${baselib}/cmake/grpc" FILES_${PN}-dev += "${bindir}" diff --git a/meta-oe/recipes-devtools/guider/guider_3.9.7.bb b/meta-oe/recipes-devtools/guider/guider_3.9.7.bb index 88fad936b..cc81443d5 100644 --- a/meta-oe/recipes-devtools/guider/guider_3.9.7.bb +++ b/meta-oe/recipes-devtools/guider/guider_3.9.7.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2c1c00f9d3ed9e24fa69b932b7e7aff2" PV = "3.9.7+git${SRCPV}" -SRC_URI = "git://github.com/iipeace/${BPN}" +SRC_URI = "git://github.com/iipeace/${BPN};branch=master;protocol=https" SRCREV = "459b5189a46023fc98e19888b196bdc2674022fd" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb index 8a5db3da3..629881f0c 100644 --- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb +++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb @@ -14,7 +14,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=fa2a23dd1dc6c139f35105379d76df2b" SRCREV = "d2e6a971f4544c55b8e3b25cf96db266971b778f" -SRC_URI = "git://github.com/open-source-parsers/jsoncpp" +SRC_URI = "git://github.com/open-source-parsers/jsoncpp;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/jsonrpc/jsonrpc_1.3.0.bb b/meta-oe/recipes-devtools/jsonrpc/jsonrpc_1.3.0.bb index ca9675ed6..e9672ea4d 100644 --- a/meta-oe/recipes-devtools/jsonrpc/jsonrpc_1.3.0.bb +++ b/meta-oe/recipes-devtools/jsonrpc/jsonrpc_1.3.0.bb @@ -9,7 +9,7 @@ SECTION = "libs" DEPENDS = "curl jsoncpp libmicrohttpd hiredis" -SRC_URI = "git://github.com/cinemast/libjson-rpc-cpp" +SRC_URI = "git://github.com/cinemast/libjson-rpc-cpp;branch=master;protocol=https" SRCREV = "c696f6932113b81cd20cd4a34fdb1808e773f23e" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/lapack/lapack_3.9.0.bb b/meta-oe/recipes-devtools/lapack/lapack_3.9.0.bb index 62d4df5e0..72f06ae44 100644 --- a/meta-oe/recipes-devtools/lapack/lapack_3.9.0.bb +++ b/meta-oe/recipes-devtools/lapack/lapack_3.9.0.bb @@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=930f8aa500a47c7dab0f8efb5a1c9a40" DEPENDS = "libgfortran" SRCREV = "6acc99d5f39130be7cec00fb835606042101a970" -SRC_URI = "git://github.com/Reference-LAPACK/lapack.git;protocol=https" +SRC_URI = "git://github.com/Reference-LAPACK/lapack.git;protocol=https;branch=master" S = "${WORKDIR}/git" EXTRA_OECMAKE = " -DBUILD_SHARED_LIBS=ON " diff --git a/meta-oe/recipes-devtools/libsombok3/libsombok3_2.4.0.bb b/meta-oe/recipes-devtools/libsombok3/libsombok3_2.4.0.bb index b83e86a48..2dc3776e8 100644 --- a/meta-oe/recipes-devtools/libsombok3/libsombok3_2.4.0.bb +++ b/meta-oe/recipes-devtools/libsombok3/libsombok3_2.4.0.bb @@ -7,7 +7,7 @@ Cluster segmentation described in Annex #29 (UAX #29)." LICENSE = "Artistic-1.0 | GPLv1+" LIC_FILES_CHKSUM = "file://COPYING;md5=5b122a36d0f6dc55279a0ebc69f3c60b" -SRC_URI = "git://github.com/hatukanezumi/sombok.git;protocol=https \ +SRC_URI = "git://github.com/hatukanezumi/sombok.git;protocol=https;branch=master \ file://0001-configure.ac-fix-cross-compiling-issue.patch \ " diff --git a/meta-oe/recipes-devtools/libubox/libubox_git.bb b/meta-oe/recipes-devtools/libubox/libubox_git.bb index 7dbefa115..18f26b009 100644 --- a/meta-oe/recipes-devtools/libubox/libubox_git.bb +++ b/meta-oe/recipes-devtools/libubox/libubox_git.bb @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "\ " SRC_URI = "\ - git://git.openwrt.org/project/libubox.git \ + git://git.openwrt.org/project/libubox.git;branch=master \ file://0001-version-libraries.patch \ file://fix-libdir.patch \ file://0001-blobmsg-fix-array-out-of-bounds-GCC-10-warning.patch \ diff --git a/meta-oe/recipes-devtools/ltrace/ltrace_git.bb b/meta-oe/recipes-devtools/ltrace/ltrace_git.bb index 5710943d7..339841acf 100644 --- a/meta-oe/recipes-devtools/ltrace/ltrace_git.bb +++ b/meta-oe/recipes-devtools/ltrace/ltrace_git.bb @@ -14,7 +14,7 @@ PV = "7.91+git${SRCPV}" SRCREV = "c22d359433b333937ee3d803450dc41998115685" DEPENDS = "elfutils" -SRC_URI = "git://github.com/sparkleholic/ltrace.git;branch=master;protocol=http \ +SRC_URI = "git://github.com/sparkleholic/ltrace.git;branch=master;protocol=http;protocol=https \ file://configure-allow-to-disable-selinux-support.patch \ file://0001-replace-readdir_r-with-readdir.patch \ file://0001-Use-correct-enum-type.patch \ diff --git a/meta-oe/recipes-devtools/lua/lua/0001-lua-fix-CVE-2022-28805.patch b/meta-oe/recipes-devtools/lua/lua/0001-lua-fix-CVE-2022-28805.patch new file mode 100644 index 000000000..606c9ea98 --- /dev/null +++ b/meta-oe/recipes-devtools/lua/lua/0001-lua-fix-CVE-2022-28805.patch @@ -0,0 +1,73 @@ +From a38684e4cb4e1439e5f2f7370724496d5b363b32 Mon Sep 17 00:00:00 2001 +From: Steve Sakoman <steve@sakoman.com> +Date: Mon, 18 Apr 2022 09:04:08 -1000 +Subject: [PATCH] lua: fix CVE-2022-28805 + +singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup +call, leading to a heap-based buffer over-read that might affect a system that +compiles untrusted Lua code. + +https://nvd.nist.gov/vuln/detail/CVE-2022-28805 + +(From OE-Core rev: d2ba3b8850d461bc7b773240cdf15b22b31a3f9e) + +Signed-off-by: Sana Kazi <sana.kazi@kpit.com> +Signed-off-by: Steve Sakoman <steve@sakoman.com> +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +(cherry picked from commit 91e14d3a8e6e67267047473f5c449f266b44f354) +Signed-off-by: Omkar Patil <omkar.patil@kpit.com> +--- + .../lua/lua/CVE-2022-28805.patch | 28 +++++++++++++++++++ + meta-oe/recipes-devtools/lua/lua_5.3.6.bb | 1 + + 2 files changed, 29 insertions(+) + create mode 100644 meta-oe/recipes-devtools/lua/lua/CVE-2022-28805.patch + +diff --git a/meta-oe/recipes-devtools/lua/lua/CVE-2022-28805.patch b/meta-oe/recipes-devtools/lua/lua/CVE-2022-28805.patch +new file mode 100644 +index 000000000..0a21d1ce7 +--- /dev/null ++++ b/meta-oe/recipes-devtools/lua/lua/CVE-2022-28805.patch +@@ -0,0 +1,28 @@ ++From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001 ++From: Roberto Ierusalimschy <roberto@inf.puc-rio.br> ++Date: Tue, 15 Feb 2022 12:28:46 -0300 ++Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const> ++ ++CVE: CVE-2022-28805 ++ ++Upstream-Status: Backport [https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa] ++ ++Signed-off-by: Sana Kazi <sana.kazi@kpit.com> ++Signed-off-by: Steve Sakoman <steve@sakoman.com> ++--- ++ src/lparser.c | 1 + ++ 1 files changed, 1 insertions(+) ++ ++diff --git a/src/lparser.c b/src/lparser.c ++index 3abe3d751..a5cd55257 100644 ++--- a/src/lparser.c +++++ b/src/lparser.c ++@@ -300,6 +300,7 @@ ++ expdesc key; ++ singlevaraux(fs, ls->envn, var, 1); /* get environment variable */ ++ lua_assert(var->k != VVOID); /* this one must exist */ +++ luaK_exp2anyregup(fs, var); /* but could be a constant */ ++ codestring(ls, &key, varname); /* key is variable name */ ++ luaK_indexed(fs, var, &key); /* env[varname] */ ++ } ++ +diff --git a/meta-oe/recipes-devtools/lua/lua_5.3.6.bb b/meta-oe/recipes-devtools/lua/lua_5.3.6.bb +index 342ed1b54..0137cc3c5 100644 +--- a/meta-oe/recipes-devtools/lua/lua_5.3.6.bb ++++ b/meta-oe/recipes-devtools/lua/lua_5.3.6.bb +@@ -10,6 +10,7 @@ SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \ + file://CVE-2020-15888.patch \ + file://CVE-2020-15945.patch \ + file://0001-Fixed-bug-barriers-cannot-be-active-during-sweep.patch \ ++ file://CVE-2022-28805.patch \ + " + + # if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release. +-- +2.17.1 + diff --git a/meta-oe/recipes-devtools/lua/lua/CVE-2022-28805.patch b/meta-oe/recipes-devtools/lua/lua/CVE-2022-28805.patch new file mode 100644 index 000000000..0a21d1ce7 --- /dev/null +++ b/meta-oe/recipes-devtools/lua/lua/CVE-2022-28805.patch @@ -0,0 +1,28 @@ +From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001 +From: Roberto Ierusalimschy <roberto@inf.puc-rio.br> +Date: Tue, 15 Feb 2022 12:28:46 -0300 +Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const> + +CVE: CVE-2022-28805 + +Upstream-Status: Backport [https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa] + +Signed-off-by: Sana Kazi <sana.kazi@kpit.com> +Signed-off-by: Steve Sakoman <steve@sakoman.com> +--- + src/lparser.c | 1 + + 1 files changed, 1 insertions(+) + +diff --git a/src/lparser.c b/src/lparser.c +index 3abe3d751..a5cd55257 100644 +--- a/src/lparser.c ++++ b/src/lparser.c +@@ -300,6 +300,7 @@ + expdesc key; + singlevaraux(fs, ls->envn, var, 1); /* get environment variable */ + lua_assert(var->k != VVOID); /* this one must exist */ ++ luaK_exp2anyregup(fs, var); /* but could be a constant */ + codestring(ls, &key, varname); /* key is variable name */ + luaK_indexed(fs, var, &key); /* env[varname] */ + } + diff --git a/meta-oe/recipes-devtools/lua/lua_5.3.6.bb b/meta-oe/recipes-devtools/lua/lua_5.3.6.bb index 342ed1b54..d46d402aa 100644 --- a/meta-oe/recipes-devtools/lua/lua_5.3.6.bb +++ b/meta-oe/recipes-devtools/lua/lua_5.3.6.bb @@ -10,6 +10,7 @@ SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \ file://CVE-2020-15888.patch \ file://CVE-2020-15945.patch \ file://0001-Fixed-bug-barriers-cannot-be-active-during-sweep.patch \ + file://CVE-2022-28805.patch \ " # if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release. @@ -31,7 +32,7 @@ PACKAGECONFIG ??= "readline" PACKAGECONFIG[readline] = ",,readline" UCLIBC_PATCHES += "file://uclibc-pthread.patch" -SRC_URI_append_libc-uclibc = "${UCLIBC_PATCHES}" +SRC_URI_append_libc-uclibc = " ${UCLIBC_PATCHES}" TARGET_CC_ARCH += " -fPIC ${LDFLAGS}" EXTRA_OEMAKE = "'CC=${CC} -fPIC' 'MYCFLAGS=${CFLAGS} -fPIC' MYLDFLAGS='${LDFLAGS}'" diff --git a/meta-oe/recipes-devtools/luaposix/luaposix_33.4.0.bb b/meta-oe/recipes-devtools/luaposix/luaposix_33.4.0.bb index 1bee9fe0b..83f6aa0f4 100644 --- a/meta-oe/recipes-devtools/luaposix/luaposix_33.4.0.bb +++ b/meta-oe/recipes-devtools/luaposix/luaposix_33.4.0.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7dd2aad04bb7ca212e69127ba8d58f9f" DEPENDS += "lua-native lua" -SRC_URI = "git://github.com/luaposix/luaposix.git;branch=release \ +SRC_URI = "git://github.com/luaposix/luaposix.git;branch=release;protocol=https \ file://0001-fix-avoid-race-condition-between-test-and-mkdir.patch \ " SRCREV = "8e4902ed81c922ed8f76a7ed85be1eaa3fd7e66d" diff --git a/meta-oe/recipes-devtools/msgpack/msgpack-c_3.2.1.bb b/meta-oe/recipes-devtools/msgpack/msgpack-c_3.2.1.bb index d410dc6e0..90b55ad2d 100644 --- a/meta-oe/recipes-devtools/msgpack/msgpack-c_3.2.1.bb +++ b/meta-oe/recipes-devtools/msgpack/msgpack-c_3.2.1.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://NOTICE;md5=7a858c074723608e08614061dc044352 \ PV .= "+git${SRCPV}" -SRC_URI = "git://github.com/msgpack/msgpack-c \ +SRC_URI = "git://github.com/msgpack/msgpack-c;branch=master;protocol=https \ " # cpp-3.2.1 SRCREV = "8085ab8721090a447cf98bb802d1406ad7afe420" diff --git a/meta-oe/recipes-devtools/nanopb/nanopb_0.4.0.bb b/meta-oe/recipes-devtools/nanopb/nanopb_0.4.0.bb index 21d110aee..5b1e2dfbf 100644 --- a/meta-oe/recipes-devtools/nanopb/nanopb_0.4.0.bb +++ b/meta-oe/recipes-devtools/nanopb/nanopb_0.4.0.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=9db4b73a55a3994384112efcdb37c01f" DEPENDS = "protobuf-native" -SRC_URI = "git://github.com/nanopb/nanopb.git" +SRC_URI = "git://github.com/nanopb/nanopb.git;branch=master;protocol=https" SRCREV = "70f0de9877b1ce12abc0229d5df84db6349fcbfc" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/nlohmann-fifo/nlohmann-fifo_git.bb b/meta-oe/recipes-devtools/nlohmann-fifo/nlohmann-fifo_git.bb index a97eb53c1..62fdecf6f 100644 --- a/meta-oe/recipes-devtools/nlohmann-fifo/nlohmann-fifo_git.bb +++ b/meta-oe/recipes-devtools/nlohmann-fifo/nlohmann-fifo_git.bb @@ -4,7 +4,7 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.MIT;md5=b67209a1e36b682a8226de19d265b1e0" -SRC_URI = "git://github.com/nlohmann/fifo_map.git" +SRC_URI = "git://github.com/nlohmann/fifo_map.git;branch=master;protocol=https" PV = "1.0.0+git${SRCPV}" diff --git a/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.7.3.bb b/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.7.3.bb index 5766194d2..2749f4497 100644 --- a/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.7.3.bb +++ b/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.7.3.bb @@ -4,7 +4,7 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.MIT;md5=f5f7c71504da070bcf4f090205ce1080" -SRC_URI = "git://github.com/nlohmann/json.git;nobranch=1 \ +SRC_URI = "git://github.com/nlohmann/json.git;nobranch=1;protocol=https \ file://0001-Templatize-basic_json-ctor-from-json_ref.patch \ file://0001-typo-fix.patch \ " diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_12.21.0.bb b/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb index b9e382177..8dbdd088e 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_12.21.0.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb @@ -1,7 +1,7 @@ DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" HOMEPAGE = "http://nodejs.org" LICENSE = "MIT & BSD & Artistic-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=8c66ff8861d9f96076a7cb61e3d75f54" +LIC_FILES_CHKSUM = "file://LICENSE;md5=93997aa7a45ba0f25f9c61aaab153ab8" DEPENDS = "openssl" DEPENDS_append_class-target = " nodejs-native" @@ -26,7 +26,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ SRC_URI_append_class-target = " \ file://0002-Using-native-binaries.patch \ " -SRC_URI[sha256sum] = "052f37ace6f569b513b5a1154b2a45d3c4d8b07d7d7c807b79f1566db61e979d" +SRC_URI[sha256sum] = "bc42b7f8495b9bfc7f7850dd180bb02a5bdf139cc232b8c6f02a6967e20714f2" S = "${WORKDIR}/node-v${PV}" diff --git a/meta-oe/recipes-devtools/openocd/openocd_git.bb b/meta-oe/recipes-devtools/openocd/openocd_git.bb index e95f1cfa5..9ff23d17a 100644 --- a/meta-oe/recipes-devtools/openocd/openocd_git.bb +++ b/meta-oe/recipes-devtools/openocd/openocd_git.bb @@ -5,10 +5,10 @@ DEPENDS = "libusb-compat libftdi" RDEPENDS_${PN} = "libusb1" SRC_URI = " \ - git://repo.or.cz/openocd.git;protocol=http;name=openocd \ - git://repo.or.cz/r/git2cl.git;protocol=http;destsuffix=tools/git2cl;name=git2cl \ - git://repo.or.cz/r/jimtcl.git;protocol=http;destsuffix=git/jimtcl;name=jimtcl \ - git://repo.or.cz/r/libjaylink.git;protocol=http;destsuffix=git/src/jtag/drivers/libjaylink;name=libjaylink \ + git://repo.or.cz/openocd.git;protocol=http;name=openocd;branch=master \ + git://repo.or.cz/r/git2cl.git;protocol=http;destsuffix=tools/git2cl;name=git2cl;branch=master \ + git://repo.or.cz/r/jimtcl.git;protocol=http;destsuffix=git/jimtcl;name=jimtcl;branch=master \ + git://repo.or.cz/r/libjaylink.git;protocol=http;destsuffix=git/src/jtag/drivers/libjaylink;name=libjaylink;branch=master \ file://0001-Do-not-include-syscrtl.h-with-glibc.patch \ " diff --git a/meta-oe/recipes-devtools/pcimem/pcimem_2.0.bb b/meta-oe/recipes-devtools/pcimem/pcimem_2.0.bb index 107d5a8b7..84f6c3ce2 100644 --- a/meta-oe/recipes-devtools/pcimem/pcimem_2.0.bb +++ b/meta-oe/recipes-devtools/pcimem/pcimem_2.0.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=b234ee4d69f5fce4486a80fdaf4a4263" COMPATIBLE_HOST = "(x86_64|aarch64|arm)" SRCREV = "09724edb1783a98da2b7ae53c5aaa87493aabc9b" -SRC_URI = "git://github.com/billfarrow/pcimem.git " +SRC_URI = "git://github.com/billfarrow/pcimem.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/perl/ipc-run_20180523.0.bb b/meta-oe/recipes-devtools/perl/ipc-run_20180523.0.bb index c812ae137..03812e901 100644 --- a/meta-oe/recipes-devtools/perl/ipc-run_20180523.0.bb +++ b/meta-oe/recipes-devtools/perl/ipc-run_20180523.0.bb @@ -9,7 +9,7 @@ LICENSE = "Artistic-1.0 | GPL-1.0+" LIC_FILES_CHKSUM = "file://LICENSE;md5=0ebd37caf53781e8b7223e6b99b63f4e" DEPENDS = "perl" -SRC_URI = "git://github.com/toddr/IPC-Run.git" +SRC_URI = "git://github.com/toddr/IPC-Run.git;branch=master;protocol=https" SRCREV = "0b409702490729eeb97ae65f5b94d949ec083134" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/perl/libdbd-mysql-perl_4.050.bb b/meta-oe/recipes-devtools/perl/libdbd-mysql-perl_4.050.bb index 049dc665d..760c0ad0a 100644 --- a/meta-oe/recipes-devtools/perl/libdbd-mysql-perl_4.050.bb +++ b/meta-oe/recipes-devtools/perl/libdbd-mysql-perl_4.050.bb @@ -15,7 +15,7 @@ DEPENDS += "libdev-checklib-perl-native libdbi-perl-native libmysqlclient" LIC_FILES_CHKSUM = "file://LICENSE;md5=d0a06964340e5c0cde88b7af611f755c" SRCREV = "9b5b70ea372f49fe9bc9e592dae3870596d1e3d6" -SRC_URI = "git://github.com/perl5-dbi/DBD-mysql.git;protocol=https" +SRC_URI = "git://github.com/perl5-dbi/DBD-mysql.git;protocol=https;branch=master" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/perl/libjson-perl_4.02000.bb b/meta-oe/recipes-devtools/perl/libjson-perl_4.02000.bb index 4e5a8a6ff..29bc99e14 100644 --- a/meta-oe/recipes-devtools/perl/libjson-perl_4.02000.bb +++ b/meta-oe/recipes-devtools/perl/libjson-perl_4.02000.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://README;beginline=1171;endline=1176;md5=3be2cb8159d094 DEPENDS += "perl" -SRC_URI = "git://github.com/makamaka/JSON.git;protocol=https" +SRC_URI = "git://github.com/makamaka/JSON.git;protocol=https;branch=master" SRCREV = "42a6324df654e92419512cee80c0b49155d9e56d" diff --git a/meta-oe/recipes-devtools/php/php_7.4.21.bb b/meta-oe/recipes-devtools/php/php_7.4.33.bb index c7c00ac30..caaaa2342 100644 --- a/meta-oe/recipes-devtools/php/php_7.4.21.bb +++ b/meta-oe/recipes-devtools/php/php_7.4.33.bb @@ -33,7 +33,7 @@ SRC_URI_append_class-target = " \ " S = "${WORKDIR}/php-${PV}" -SRC_URI[sha256sum] = "36ec6102e757e2c2b7742057a700bbff77c76fa0ccbe9c860398c3d24e32822a" +SRC_URI[sha256sum] = "4e8117458fe5a475bf203128726b71bcbba61c42ad463dffadee5667a198a98a" inherit autotools pkgconfig python3native gettext diff --git a/meta-oe/recipes-devtools/ply/ply_git.bb b/meta-oe/recipes-devtools/ply/ply_git.bb index 7d693b36d..bf789488d 100644 --- a/meta-oe/recipes-devtools/ply/ply_git.bb +++ b/meta-oe/recipes-devtools/ply/ply_git.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS += "bison-native" -SRC_URI = "git://github.com/iovisor/ply" +SRC_URI = "git://github.com/iovisor/ply;branch=master;protocol=https" SRCREV = "aa5b9ac31307ec1acece818be334ef801c802a12" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/pmtools/pmtools_git.bb b/meta-oe/recipes-devtools/pmtools/pmtools_git.bb index 9afcbbb7f..f605d2c90 100644 --- a/meta-oe/recipes-devtools/pmtools/pmtools_git.bb +++ b/meta-oe/recipes-devtools/pmtools/pmtools_git.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3" PV = "20130209+git${SRCPV}" -SRC_URI = "git://github.com/anyc/pmtools.git \ +SRC_URI = "git://github.com/anyc/pmtools.git;branch=master;protocol=https \ file://pmtools-switch-to-dynamic-buffer-for-huge-ACPI-table.patch \ " SRCREV = "3ebe0e54c54061b4c627236cbe35d820de2e1168" diff --git a/meta-oe/recipes-devtools/protobuf/protobuf-c_1.3.3.bb b/meta-oe/recipes-devtools/protobuf/protobuf-c_1.3.3.bb index ed8773443..7bc1f23e7 100644 --- a/meta-oe/recipes-devtools/protobuf/protobuf-c_1.3.3.bb +++ b/meta-oe/recipes-devtools/protobuf/protobuf-c_1.3.3.bb @@ -14,7 +14,7 @@ DEPENDS = "protobuf-native protobuf" SRCREV = "f20a3fa131c275a0e795d99a28f94b4dbbb5af26" -SRC_URI = "git://github.com/protobuf-c/protobuf-c.git \ +SRC_URI = "git://github.com/protobuf-c/protobuf-c.git;branch=master;protocol=https \ file://0001-avoid-race-condition.patch \ " diff --git a/meta-oe/recipes-devtools/protobuf/protobuf/CVE-2021-22570.patch b/meta-oe/recipes-devtools/protobuf/protobuf/CVE-2021-22570.patch new file mode 100644 index 000000000..bb9594e96 --- /dev/null +++ b/meta-oe/recipes-devtools/protobuf/protobuf/CVE-2021-22570.patch @@ -0,0 +1,73 @@ +From f5ce0700d80c776186b0fb0414ef20966a3a6a03 Mon Sep 17 00:00:00 2001 +From: "Sana.Kazi" <Sana.Kazi@kpit.com> +Date: Wed, 23 Feb 2022 15:50:16 +0530 +Subject: [PATCH] protobuf: Fix CVE-2021-22570 + +CVE: CVE-2021-22570 +Upstream-Status: Backport [https://src.fedoraproject.org/rpms/protobuf/blob/394beeacb500861f76473d47e10314e6a3600810/f/CVE-2021-22570.patch] +Comment: Removed first and second hunk +Signed-off-by: Sana.Kazi <Sana.Kazi@kpit.com> + +--- + src/google/protobuf/descriptor.cc | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/src/google/protobuf/descriptor.cc b/src/google/protobuf/descriptor.cc +index 6835a3cde..1514ae531 100644 +--- a/src/google/protobuf/descriptor.cc ++++ b/src/google/protobuf/descriptor.cc +@@ -2603,6 +2603,8 @@ void Descriptor::DebugString(int depth, std::string* contents, + const Descriptor::ReservedRange* range = reserved_range(i); + if (range->end == range->start + 1) { + strings::SubstituteAndAppend(contents, "$0, ", range->start); ++ } else if (range->end > FieldDescriptor::kMaxNumber) { ++ strings::SubstituteAndAppend(contents, "$0 to max, ", range->start); + } else { + strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start, + range->end - 1); +@@ -2815,6 +2817,8 @@ void EnumDescriptor::DebugString( + const EnumDescriptor::ReservedRange* range = reserved_range(i); + if (range->end == range->start) { + strings::SubstituteAndAppend(contents, "$0, ", range->start); ++ } else if (range->end == INT_MAX) { ++ strings::SubstituteAndAppend(contents, "$0 to max, ", range->start); + } else { + strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start, + range->end); +@@ -4002,6 +4006,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name, + // Use its file as the parent instead. + if (parent == nullptr) parent = file_; + ++ if (full_name.find('\0') != std::string::npos) { ++ AddError(full_name, proto, DescriptorPool::ErrorCollector::NAME, ++ "\"" + full_name + "\" contains null character."); ++ return false; ++ } + if (tables_->AddSymbol(full_name, symbol)) { + if (!file_tables_->AddAliasUnderParent(parent, name, symbol)) { + // This is only possible if there was already an error adding something of +@@ -4041,6 +4050,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name, + void DescriptorBuilder::AddPackage(const std::string& name, + const Message& proto, + const FileDescriptor* file) { ++ if (name.find('\0') != std::string::npos) { ++ AddError(name, proto, DescriptorPool::ErrorCollector::NAME, ++ "\"" + name + "\" contains null character."); ++ return; ++ } + if (tables_->AddSymbol(name, Symbol(file))) { + // Success. Also add parent package, if any. + std::string::size_type dot_pos = name.find_last_of('.'); +@@ -4354,6 +4368,12 @@ FileDescriptor* DescriptorBuilder::BuildFileImpl( + } + result->pool_ = pool_; + ++ if (result->name().find('\0') != std::string::npos) { ++ AddError(result->name(), proto, DescriptorPool::ErrorCollector::NAME, ++ "\"" + result->name() + "\" contains null character."); ++ return nullptr; ++ } ++ + // Add to tables. + if (!tables_->AddFile(result)) { + AddError(proto.name(), proto, DescriptorPool::ErrorCollector::OTHER, diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb index 4d6c5b255..55d56ff08 100644 --- a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb +++ b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb @@ -12,11 +12,12 @@ DEPENDS_append_class-target = " protobuf-native" SRCREV = "d0bfd5221182da1a7cc280f3337b5e41a89539cf" -SRC_URI = "git://github.com/google/protobuf.git;branch=3.11.x \ +SRC_URI = "git://github.com/google/protobuf.git;branch=3.11.x;protocol=https \ file://run-ptest \ file://0001-protobuf-fix-configure-error.patch \ file://0001-Makefile.am-include-descriptor.cc-when-building-libp.patch \ file://0001-examples-Makefile-respect-CXX-LDFLAGS-variables-fix-.patch \ + file://CVE-2021-22570.patch \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb b/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb index 5b5c8b257..04ac93e92 100644 --- a/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb +++ b/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb @@ -4,7 +4,7 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://license.txt;md5=ba04aa8f65de1396a7e59d1d746c2125" -SRC_URI = "git://github.com/miloyip/rapidjson.git;nobranch=1" +SRC_URI = "git://github.com/miloyip/rapidjson.git;nobranch=1;protocol=https" SRCREV = "0ccdbf364c577803e2a751f5aededce935314313" diff --git a/meta-oe/recipes-devtools/serialcheck/serialcheck_1.0.0.bb b/meta-oe/recipes-devtools/serialcheck/serialcheck_1.0.0.bb index cd5e0a4e5..20cad69b5 100644 --- a/meta-oe/recipes-devtools/serialcheck/serialcheck_1.0.0.bb +++ b/meta-oe/recipes-devtools/serialcheck/serialcheck_1.0.0.bb @@ -3,7 +3,7 @@ HOMEPAGE = "http://git.breakpoint.cc/cgit/bigeasy/serialcheck.git/" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://git.breakpoint.cc/bigeasy/serialcheck.git \ +SRC_URI = "git://git.breakpoint.cc/bigeasy/serialcheck.git;branch=master \ file://0001-Add-option-to-enable-internal-loopback.patch \ file://0002-Restore-original-loopback-config.patch \ file://0001-Makefile-Change-order-of-link-flags.patch \ diff --git a/meta-oe/recipes-devtools/sqlite-orm/sqlite-orm_1.5.bb b/meta-oe/recipes-devtools/sqlite-orm/sqlite-orm_1.5.bb index 4a27e4b2a..9d0740556 100644 --- a/meta-oe/recipes-devtools/sqlite-orm/sqlite-orm_1.5.bb +++ b/meta-oe/recipes-devtools/sqlite-orm/sqlite-orm_1.5.bb @@ -8,7 +8,7 @@ inherit cmake DEPENDS += "sqlite3" SRCREV = "e8a9e9416f421303f4b8970caab26dadf8bae98b" -SRC_URI = "git://github.com/fnc12/sqlite_orm;protocol=https" +SRC_URI = "git://github.com/fnc12/sqlite_orm;protocol=https;branch=master" S = "${WORKDIR}/git" EXTRA_OECMAKE += "-DSqliteOrm_BuildTests=OFF" diff --git a/meta-oe/recipes-devtools/tclap/tclap_1.2.2.bb b/meta-oe/recipes-devtools/tclap/tclap_1.2.2.bb index 46a940803..3280dba49 100644 --- a/meta-oe/recipes-devtools/tclap/tclap_1.2.2.bb +++ b/meta-oe/recipes-devtools/tclap/tclap_1.2.2.bb @@ -4,7 +4,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=0ca8b9c5c5445cfa7af7e78fd27e60ed" SRCREV = "75f440bcac1276c847f5351e14216f6e91def44d" -SRC_URI = "git://git.code.sf.net/p/tclap/code \ +SRC_URI = "git://git.code.sf.net/p/tclap/code;branch=master \ file://Makefile.am-disable-docs.patch \ " diff --git a/meta-oe/recipes-devtools/uftrace/uftrace_0.9.4.bb b/meta-oe/recipes-devtools/uftrace/uftrace_0.9.4.bb index c33fa048c..a78eecfea 100644 --- a/meta-oe/recipes-devtools/uftrace/uftrace_0.9.4.bb +++ b/meta-oe/recipes-devtools/uftrace/uftrace_0.9.4.bb @@ -12,7 +12,7 @@ inherit autotools # v0.9.4 SRCREV = "d648bbffedef529220896283fb59e35531c13804" -SRC_URI = "git://github.com/namhyung/${BPN} \ +SRC_URI = "git://github.com/namhyung/${BPN};branch=master;protocol=https \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/valijson/valijson_git.bb b/meta-oe/recipes-devtools/valijson/valijson_git.bb index c3254d16e..5cff40752 100644 --- a/meta-oe/recipes-devtools/valijson/valijson_git.bb +++ b/meta-oe/recipes-devtools/valijson/valijson_git.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/tristanpenman/valijson" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=015106c62262b2383f6c72063f0998f2" -SRC_URI = "git://github.com/tristanpenman/valijson.git" +SRC_URI = "git://github.com/tristanpenman/valijson.git;branch=master;protocol=https" PV = "0.1+git${SRCPV}" SRCREV = "c2f22fddf599d04dc33fcd7ed257c698a05345d9" diff --git a/meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.51.03.bb b/meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.51.03.bb index 6c31b6981..34df70126 100644 --- a/meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.51.03.bb +++ b/meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.51.03.bb @@ -5,7 +5,7 @@ HOMEPAGE = "http://xmlrpc-c.sourceforge.net/" LICENSE = "BSD & MIT" LIC_FILES_CHKSUM = "file://doc/COPYING;md5=aefbf81ba0750f02176b6f86752ea951" -SRC_URI = "git://github.com/mirror/xmlrpc-c.git \ +SRC_URI = "git://github.com/mirror/xmlrpc-c.git;branch=master;protocol=https \ file://0001-test-cpp-server_abyss-Fix-build-with-clang-libc.patch \ file://0002-fix-formatting-issues.patch \ " diff --git a/meta-oe/recipes-devtools/yajl/yajl_1.0.12.bb b/meta-oe/recipes-devtools/yajl/yajl_1.0.12.bb index e112a5e30..186f2c8ed 100644 --- a/meta-oe/recipes-devtools/yajl/yajl_1.0.12.bb +++ b/meta-oe/recipes-devtools/yajl/yajl_1.0.12.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=da2e9aa80962d54e7c726f232a2bd1e8" # Use 1.0.12 tag SRCREV = "17b1790fb9c8abbb3c0f7e083864a6a014191d56" -SRC_URI = "git://github.com/lloyd/yajl;nobranch=1" +SRC_URI = "git://github.com/lloyd/yajl;nobranch=1;protocol=https" inherit cmake lib_package diff --git a/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb b/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb index d9a5821cb..cf8dbb183 100644 --- a/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb +++ b/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb @@ -8,7 +8,7 @@ HOMEPAGE = "http://lloyd.github.com/yajl/" LICENSE = "ISC" LIC_FILES_CHKSUM = "file://COPYING;md5=39af6eb42999852bdd3ea00ad120a36d" -SRC_URI = "git://github.com/lloyd/yajl" +SRC_URI = "git://github.com/lloyd/yajl;branch=master;protocol=https" SRCREV = "a0ecdde0c042b9256170f2f8890dd9451a4240aa" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-oe/recipes-devtools/yasm/yasm_git.bb index 53856263f..6aae29ad8 100644 --- a/meta-oe/recipes-devtools/yasm/yasm_git.bb +++ b/meta-oe/recipes-devtools/yasm/yasm_git.bb @@ -9,7 +9,7 @@ DEPENDS += "flex-native bison-native xmlto-native" PV = "1.3.0+git${SRCPV}" # v1.3.0 SRCREV = "ba463d3c26c0ece2e797b8d6381b161633b5971a" -SRC_URI = "git://github.com/yasm/yasm.git" +SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/brotli/brotli/0001-brotli-fix-CVE-2020-8927.patch b/meta-oe/recipes-extended/brotli/brotli/0001-brotli-fix-CVE-2020-8927.patch new file mode 100644 index 000000000..c21794d14 --- /dev/null +++ b/meta-oe/recipes-extended/brotli/brotli/0001-brotli-fix-CVE-2020-8927.patch @@ -0,0 +1,44 @@ +From 95ab3786ce0f16e08e41f7bf216969a37dc86cad Mon Sep 17 00:00:00 2001 +From: Jan Kraemer <jan@spectrejan.de> +Date: Thu, 7 Oct 2021 12:48:04 +0200 +Subject: [PATCH] brotli: fix CVE-2020-8927 + +[No upstream tracking] -- + +This fixes a potential overflow when input chunk is >2GiB in +BrotliGetAvailableBits by capping the returned value to 2^30 + +Fixed in brotli version 1.0.8 +https://github.com/google/brotli as of commit id +223d80cfbec8fd346e32906c732c8ede21f0cea6 + +Patch taken from Debian Buster: 1.0.7-2+deb10u1 +http://deb.debian.org/debian/pool/main/b/brotli/brotli_1.0.7-2+deb10u1.dsc +https://security-tracker.debian.org/tracker/CVE-2020-8927 + + +Upstream-Status: Backported +CVE: CVE-2020-8927 + +Signed-off-by: Jan Kraemer <jan@spectrejan.de> +--- + c/dec/bit_reader.h | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/c/dec/bit_reader.h b/c/dec/bit_reader.h +index c06e914..0d20312 100644 +--- a/c/dec/bit_reader.h ++++ b/c/dec/bit_reader.h +@@ -87,8 +87,11 @@ static BROTLI_INLINE uint32_t BrotliGetAvailableBits( + } + + /* Returns amount of unread bytes the bit reader still has buffered from the +- BrotliInput, including whole bytes in br->val_. */ ++ BrotliInput, including whole bytes in br->val_. Result is capped with ++ maximal ring-buffer size (larger number won't be utilized anyway). */ + static BROTLI_INLINE size_t BrotliGetRemainingBytes(BrotliBitReader* br) { ++ static const size_t kCap = (size_t)1 << 30; ++ if (br->avail_in > kCap) return kCap; + return br->avail_in + (BrotliGetAvailableBits(br) >> 3); + } + diff --git a/meta-oe/recipes-extended/brotli/brotli_1.0.7.bb b/meta-oe/recipes-extended/brotli/brotli_1.0.7.bb index 70dbcaffb..77fef778a 100644 --- a/meta-oe/recipes-extended/brotli/brotli_1.0.7.bb +++ b/meta-oe/recipes-extended/brotli/brotli_1.0.7.bb @@ -6,7 +6,9 @@ BUGTRACKER = "https://github.com/google/brotli/issues" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=941ee9cd1609382f946352712a319b4b" -SRC_URI = "git://github.com/google/brotli.git" +SRC_URI = "git://github.com/google/brotli.git;branch=master;protocol=https \ + file://0001-brotli-fix-CVE-2020-8927.patch \ + " # tag 1.0.7 SRCREV= "d6d98957ca8ccb1ef45922e978bb10efca0ea541" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/cmpi-bindings/cmpi-bindings_1.0.1.bb b/meta-oe/recipes-extended/cmpi-bindings/cmpi-bindings_1.0.1.bb index 6c71d534b..388feb703 100644 --- a/meta-oe/recipes-extended/cmpi-bindings/cmpi-bindings_1.0.1.bb +++ b/meta-oe/recipes-extended/cmpi-bindings/cmpi-bindings_1.0.1.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b19ee058d2d5f69af45da98051d91064" SECTION = "Development/Libraries" DEPENDS = "swig-native python3 sblim-cmpi-devel" -SRC_URI = "git://github.com/kkaempf/cmpi-bindings.git;protocol=http \ +SRC_URI = "git://github.com/kkaempf/cmpi-bindings.git;protocol=http;branch=master;protocol=https \ file://cmpi-bindings-0.4.17-no-ruby-perl.patch \ file://cmpi-bindings-0.4.17-sblim-sigsegv.patch \ file://cmpi-bindings-0.9.5-python-lib-dir.patch \ diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.7.bb b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.7.bb index 842652889..2a045f579 100644 --- a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.7.bb +++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.7.bb @@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=8184208060df880fe3137b93eb88aeea" DEPENDS = "zlib gzip-native json-c" -SRC_URI = "git://github.com/GENIVI/${BPN}.git;protocol=https \ +SRC_URI = "git://github.com/GENIVI/${BPN}.git;protocol=https;branch=master \ file://0002-Don-t-execute-processes-as-a-specific-user.patch \ file://0004-Modify-systemd-config-directory.patch \ file://317.patch \ diff --git a/meta-oe/recipes-extended/docopt.cpp/docopt.cpp_git.bb b/meta-oe/recipes-extended/docopt.cpp/docopt.cpp_git.bb index aa55ebf84..162f5aa33 100644 --- a/meta-oe/recipes-extended/docopt.cpp/docopt.cpp_git.bb +++ b/meta-oe/recipes-extended/docopt.cpp/docopt.cpp_git.bb @@ -18,7 +18,7 @@ SRCREV = "3dd23e3280f213bacefdf5fcb04857bf52e90917" PV = "0.6.2+git${SRCPV}" SRC_URI = "\ - git://github.com/docopt/docopt.cpp.git;protocol=https \ + git://github.com/docopt/docopt.cpp.git;protocol=https;branch=master \ file://0001-Set-library-VERSION-and-SOVERSION.patch \ " diff --git a/meta-oe/recipes-extended/dumb-init/dumb-init_1.2.2.bb b/meta-oe/recipes-extended/dumb-init/dumb-init_1.2.2.bb index 09eab9dcd..eb00092c7 100644 --- a/meta-oe/recipes-extended/dumb-init/dumb-init_1.2.2.bb +++ b/meta-oe/recipes-extended/dumb-init/dumb-init_1.2.2.bb @@ -4,7 +4,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=5940d39995ea6857d01b8227109c2e9c" SRCREV = "b1e978e486114797347deefcc03ab12629a13cc3" -SRC_URI = "git://github.com/Yelp/dumb-init" +SRC_URI = "git://github.com/Yelp/dumb-init;branch=master;protocol=https" S = "${WORKDIR}/git" EXTRA_OEMAKE = "CC='${CC}' CFLAGS='${CFLAGS} ${LDFLAGS}'" diff --git a/meta-oe/recipes-extended/figlet/figlet_git.bb b/meta-oe/recipes-extended/figlet/figlet_git.bb index 4611646b9..61b050aac 100644 --- a/meta-oe/recipes-extended/figlet/figlet_git.bb +++ b/meta-oe/recipes-extended/figlet/figlet_git.bb @@ -4,7 +4,7 @@ HOMEPAGE = "http://www.figlet.org/" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=1688bcd97b27704f1afcac7336409857" -SRC_URI = "git://github.com/cmatsuoka/figlet.git \ +SRC_URI = "git://github.com/cmatsuoka/figlet.git;branch=master;protocol=https \ file://0001-build-add-autotools-support-to-allow-easy-cross-comp.patch" SRCREV = "5bbcd7383a8c3a531299b216b0c734e1495c6db3" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot_5.2.8.bb b/meta-oe/recipes-extended/gnuplot/gnuplot_5.2.8.bb index 926d8851d..b2c41756e 100644 --- a/meta-oe/recipes-extended/gnuplot/gnuplot_5.2.8.bb +++ b/meta-oe/recipes-extended/gnuplot/gnuplot_5.2.8.bb @@ -32,7 +32,7 @@ BBCLASSEXTEND = "native" DEPENDS_class-native = "readline-native" PACKAGECONFIG_class-native = "" -SRC_URI_append_class-native = "file://0001-reduce-build-to-conversion-tools-for-native-build.patch" +SRC_URI_append_class-native = " file://0001-reduce-build-to-conversion-tools-for-native-build.patch" do_install_class-native() { install -d ${D}${bindir} diff --git a/meta-oe/recipes-extended/haveged/haveged_1.9.13.bb b/meta-oe/recipes-extended/haveged/haveged_1.9.13.bb index 50326ea2f..19b0d8dbd 100644 --- a/meta-oe/recipes-extended/haveged/haveged_1.9.13.bb +++ b/meta-oe/recipes-extended/haveged/haveged_1.9.13.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM="file://COPYING;md5=d32239bcb673463ab874e80d47fae504" # v1.9.9 SRCREV = "1283a65c541c4a83e152024a63faf7b267b9b1cd" -SRC_URI = "git://github.com/jirka-h/haveged.git \ +SRC_URI = "git://github.com/jirka-h/haveged.git;branch=master;protocol=https \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/hexedit/hexedit_1.4.2.bb b/meta-oe/recipes-extended/hexedit/hexedit_1.4.2.bb index 050b7da3d..c0d1b1b8b 100644 --- a/meta-oe/recipes-extended/hexedit/hexedit_1.4.2.bb +++ b/meta-oe/recipes-extended/hexedit/hexedit_1.4.2.bb @@ -6,7 +6,7 @@ DEPENDS = "ncurses" LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3" -SRC_URI = "git://github.com/pixel/hexedit.git \ +SRC_URI = "git://github.com/pixel/hexedit.git;branch=master;protocol=https \ " SRCREV = "800e4b2e6280531a84fd23ee0b48e16baeb90878" diff --git a/meta-oe/recipes-extended/hiredis/hiredis_0.14.0.bb b/meta-oe/recipes-extended/hiredis/hiredis_0.14.0.bb index 29f8de8d2..cee1f342b 100644 --- a/meta-oe/recipes-extended/hiredis/hiredis_0.14.0.bb +++ b/meta-oe/recipes-extended/hiredis/hiredis_0.14.0.bb @@ -6,7 +6,7 @@ DEPENDS = "redis" LIC_FILES_CHKSUM = "file://COPYING;md5=d84d659a35c666d23233e54503aaea51" SRCREV = "685030652cd98c5414ce554ff5b356dfe8437870" -SRC_URI = "git://github.com/redis/hiredis;protocol=git \ +SRC_URI = "git://github.com/redis/hiredis;protocol=https;branch=master \ file://0001-Makefile-remove-hardcoding-of-CC.patch" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/iotop/iotop_0.6.bb b/meta-oe/recipes-extended/iotop/iotop_0.6.bb index 3a597218d..19af46cb1 100644 --- a/meta-oe/recipes-extended/iotop/iotop_0.6.bb +++ b/meta-oe/recipes-extended/iotop/iotop_0.6.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4325afd396febcb659c36b49533135d4" PV .= "+git${SRCPV}" SRCREV = "1bfb3bc70febb1ffb95146b6dcd65257228099a3" -SRC_URI = "git://repo.or.cz/iotop.git" +SRC_URI = "git://repo.or.cz/iotop.git;branch=master" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/isomd5sum/isomd5sum_1.2.3.bb b/meta-oe/recipes-extended/isomd5sum/isomd5sum_1.2.3.bb index b7899a11b..2f4724a33 100644 --- a/meta-oe/recipes-extended/isomd5sum/isomd5sum_1.2.3.bb +++ b/meta-oe/recipes-extended/isomd5sum/isomd5sum_1.2.3.bb @@ -7,7 +7,7 @@ RDEPENDS_${BPN} = "openssl curl" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" -SRC_URI = "git://github.com/rhinstaller/isomd5sum.git;branch=master \ +SRC_URI = "git://github.com/rhinstaller/isomd5sum.git;branch=master;protocol=https \ file://0001-tweak-install-prefix.patch \ file://0002-fix-parallel-error.patch \ " diff --git a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb index d6e56ea76..7beea9f1e 100644 --- a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb +++ b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb @@ -11,4 +11,7 @@ SRC_URI[sha256sum] = "f4f377da17b10201a60c1108613e78ee15df6b12016b116b6de42209f4 inherit autotools pkgconfig +# upstream considers it isn't a real bug https://github.com/akheron/jansson/issues/548 +CVE_CHECK_WHITELIST = "CVE-2020-36325 " + BBCLASSEXTEND = "native" diff --git a/meta-oe/recipes-extended/jpnevulator/jpnevulator_git.bb b/meta-oe/recipes-extended/jpnevulator/jpnevulator_git.bb index 50dd74b68..ba1fece05 100644 --- a/meta-oe/recipes-extended/jpnevulator/jpnevulator_git.bb +++ b/meta-oe/recipes-extended/jpnevulator/jpnevulator_git.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=892f569a555ba9c07a568a7c0c4fa63a" PV = "2.3.5+git${SRCPV}" -SRC_URI = "git://github.com/snarlistic/jpnevulator.git;protocol=http" +SRC_URI = "git://github.com/snarlistic/jpnevulator.git;protocol=http;branch=master;protocol=https" SRCREV = "c2d857091c0dfed05139ac07ea9b0f36ad259638" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/konkretcmpi/konkretcmpi_0.9.2.bb b/meta-oe/recipes-extended/konkretcmpi/konkretcmpi_0.9.2.bb index e6d5663f8..977aabf04 100644 --- a/meta-oe/recipes-extended/konkretcmpi/konkretcmpi_0.9.2.bb +++ b/meta-oe/recipes-extended/konkretcmpi/konkretcmpi_0.9.2.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f673270bfc350d9ce1efc8724c6c1873" DEPENDS_append_class-target = " swig-native sblim-cmpi-devel python3" DEPENDS_append_class-native = " cmpi-bindings-native" -SRC_URI = "git://github.com/rnovacek/konkretcmpi.git \ +SRC_URI = "git://github.com/rnovacek/konkretcmpi.git;branch=master;protocol=https \ file://0001-CMakeLists.txt-fix-lib64-can-not-be-shiped-in-64bit-.patch \ file://0001-drop-including-rpath-cmake-module.patch \ " diff --git a/meta-oe/recipes-extended/libblockdev/libblockdev_2.24.bb b/meta-oe/recipes-extended/libblockdev/libblockdev_2.24.bb index 99cdee5bb..c1023e625 100644 --- a/meta-oe/recipes-extended/libblockdev/libblockdev_2.24.bb +++ b/meta-oe/recipes-extended/libblockdev/libblockdev_2.24.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=c07cb499d259452f324bb90c3067d85c" inherit autotools gobject-introspection -SRC_URI = "git://github.com/storaged-project/libblockdev;branch=2.x-branch" +SRC_URI = "git://github.com/storaged-project/libblockdev;branch=2.x-branch;protocol=https" SRCREV = "f5a4ba8bb298f8cbc435707d0b19b4b2ff836a8e" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/libcec/libcec_git.bb b/meta-oe/recipes-extended/libcec/libcec_git.bb index 39ceb489e..07320e42b 100644 --- a/meta-oe/recipes-extended/libcec/libcec_git.bb +++ b/meta-oe/recipes-extended/libcec/libcec_git.bb @@ -12,7 +12,7 @@ DEPENDS_append_rpi = "${@bb.utils.contains('MACHINE_FEATURES', 'vc4graphics', '' PV = "5.0.0" SRCREV = "43bc27fe7be491149e6f57d14110e02abdac2f24" -SRC_URI = "git://github.com/Pulse-Eight/libcec.git;branch=release \ +SRC_URI = "git://github.com/Pulse-Eight/libcec.git;branch=release;protocol=https \ file://0001-CheckPlatformSupport.cmake-Do-not-hardcode-lib-path.patch \ file://0001-Enhance-reproducibility.patch \ " diff --git a/meta-oe/recipes-extended/libdivecomputer/libdivecomputer_git.bb b/meta-oe/recipes-extended/libdivecomputer/libdivecomputer_git.bb index b7c1958ee..e763a701e 100644 --- a/meta-oe/recipes-extended/libdivecomputer/libdivecomputer_git.bb +++ b/meta-oe/recipes-extended/libdivecomputer/libdivecomputer_git.bb @@ -11,7 +11,7 @@ inherit autotools pkgconfig PV = "0.6.0" SRCREV = "1195abc2f4acc7b10175d570ec73549d0938c83e" -SRC_URI = "git://github.com/libdivecomputer/libdivecomputer.git;protocol=https \ +SRC_URI = "git://github.com/libdivecomputer/libdivecomputer.git;protocol=https;branch=master \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/libimobiledevice/libplist_2.1.0.bb b/meta-oe/recipes-extended/libimobiledevice/libplist_2.1.0.bb index a990deb91..0906e9a64 100644 --- a/meta-oe/recipes-extended/libimobiledevice/libplist_2.1.0.bb +++ b/meta-oe/recipes-extended/libimobiledevice/libplist_2.1.0.bb @@ -9,7 +9,7 @@ DEPENDS = "libxml2 glib-2.0 swig python3" inherit autotools pkgconfig python3native python3targetconfig SRCREV = "3df02d4d0e9008771e8622fdc10de8333b3f0d85" -SRC_URI = "git://github.com/libimobiledevice/libplist;protocol=https \ +SRC_URI = "git://github.com/libimobiledevice/libplist;protocol=https;branch=master \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/libimobiledevice/libusbmuxd_git.bb b/meta-oe/recipes-extended/libimobiledevice/libusbmuxd_git.bb index 36fc5c858..e9c58bf58 100644 --- a/meta-oe/recipes-extended/libimobiledevice/libusbmuxd_git.bb +++ b/meta-oe/recipes-extended/libimobiledevice/libusbmuxd_git.bb @@ -9,7 +9,7 @@ inherit autotools pkgconfig gitpkgv PKGV = "${GITPKGVTAG}" SRCREV = "78df9be5fc8222ed53846cb553de9b5d24c85c6c" -SRC_URI = "git://github.com/libimobiledevice/libusbmuxd;protocol=https" +SRC_URI = "git://github.com/libimobiledevice/libusbmuxd;protocol=https;branch=master" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/liblightmodbus/liblightmodbus_2.0.2.bb b/meta-oe/recipes-extended/liblightmodbus/liblightmodbus_2.0.2.bb index 7fc599798..bbfee1ff7 100644 --- a/meta-oe/recipes-extended/liblightmodbus/liblightmodbus_2.0.2.bb +++ b/meta-oe/recipes-extended/liblightmodbus/liblightmodbus_2.0.2.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=84dcc94da3adb52b53ae4fa38fe49e5d" inherit cmake pkgconfig -SRC_URI = "git://github.com/Jacajack/liblightmodbus.git;protocol=https \ +SRC_URI = "git://github.com/Jacajack/liblightmodbus.git;protocol=https;branch=master \ file://0001-cmake-Use-GNUInstallDirs-instead-of-hardcoding-lib-p.patch \ " SRCREV = "59d2b405f95701e5b04326589786dbb43ce49e81" diff --git a/meta-oe/recipes-extended/libnss-nisplus/libnss-nisplus.bb b/meta-oe/recipes-extended/libnss-nisplus/libnss-nisplus.bb index c9d259b1a..29c35caf5 100644 --- a/meta-oe/recipes-extended/libnss-nisplus/libnss-nisplus.bb +++ b/meta-oe/recipes-extended/libnss-nisplus/libnss-nisplus.bb @@ -17,7 +17,7 @@ PV = "1.3+git${SRCPV}" SRCREV = "116219e215858f4af9370171d3ead63baca8fdb4" -SRC_URI = "git://github.com/thkukuk/libnss_nisplus \ +SRC_URI = "git://github.com/thkukuk/libnss_nisplus;branch=master;protocol=https \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/libqb/libqb_1.0.5.bb b/meta-oe/recipes-extended/libqb/libqb_1.0.5.bb index cd4019666..dbe03fede 100644 --- a/meta-oe/recipes-extended/libqb/libqb_1.0.5.bb +++ b/meta-oe/recipes-extended/libqb/libqb_1.0.5.bb @@ -11,7 +11,7 @@ inherit autotools pkgconfig # v1.0.5 SRCREV = "d08dbcf08b0da418bce9b5427dfd89522916322a" -SRC_URI = "git://github.com/ClusterLabs/${BPN}.git;branch=version_1 \ +SRC_URI = "git://github.com/ClusterLabs/${BPN}.git;branch=version_1;protocol=https \ file://0001-build-fix-configure-script-neglecting-re-enable-out-.patch \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/libreport/libreport_2.10.0.bb b/meta-oe/recipes-extended/libreport/libreport_2.10.0.bb index 4276c4917..24784f77a 100644 --- a/meta-oe/recipes-extended/libreport/libreport_2.10.0.bb +++ b/meta-oe/recipes-extended/libreport/libreport_2.10.0.bb @@ -11,7 +11,7 @@ DEPENDS = "xmlrpc-c xmlrpc-c-native intltool-native \ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" -SRC_URI = "git://github.com/abrt/libreport.git;protocol=https" +SRC_URI = "git://github.com/abrt/libreport.git;protocol=https;branch=master" SRC_URI += "file://0001-Makefile.am-remove-doc-and-apidoc.patch \ file://0002-configure.ac-remove-prog-test-of-xmlto-and-asciidoc.patch \ file://0003-without-build-plugins.patch \ diff --git a/meta-oe/recipes-extended/libstatgrab/libstatgrab_0.92.bb b/meta-oe/recipes-extended/libstatgrab/libstatgrab_0.92.bb index a081cb17a..27fe0e2c4 100644 --- a/meta-oe/recipes-extended/libstatgrab/libstatgrab_0.92.bb +++ b/meta-oe/recipes-extended/libstatgrab/libstatgrab_0.92.bb @@ -31,4 +31,4 @@ FILES_statgrab-dbg = "${bindir}/.debug/statgrab" FILES_saidar = "${bindir}/saidar" FILES_saidar-dbg = "${bindir}/.debug/saidar" FILES_${PN}-mrtg = "${bindir}/statgrab-make-mrtg-config ${bindir}/statgrab-make-mrtg-index" -RDEPENDS_${PN}-mrtg_append = "perl statgrab" +RDEPENDS_${PN}-mrtg_append = " perl statgrab" diff --git a/meta-oe/recipes-extended/libuio/libuio_0.2.1.bb b/meta-oe/recipes-extended/libuio/libuio_0.2.1.bb index dd34c180a..0278e55f3 100644 --- a/meta-oe/recipes-extended/libuio/libuio_0.2.1.bb +++ b/meta-oe/recipes-extended/libuio/libuio_0.2.1.bb @@ -3,7 +3,7 @@ SECTION = "base" LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" -SRC_URI = "git://git.code.sf.net/p/libuio/code \ +SRC_URI = "git://git.code.sf.net/p/libuio/code;branch=master \ file://replace_inline_with_static-inline.patch \ file://0001-include-fcntl.h-for-O_RDWR-define.patch \ " diff --git a/meta-oe/recipes-extended/md5deep/md5deep_git.bb b/meta-oe/recipes-extended/md5deep/md5deep_git.bb index e8c6864c1..cc31323c3 100644 --- a/meta-oe/recipes-extended/md5deep/md5deep_git.bb +++ b/meta-oe/recipes-extended/md5deep/md5deep_git.bb @@ -9,7 +9,7 @@ PV = "4.4+git${SRCPV}" SRCREV = "877613493ff44807888ce1928129574be393cbb0" -SRC_URI = "git://github.com/jessek/hashdeep.git \ +SRC_URI = "git://github.com/jessek/hashdeep.git;branch=master;protocol=https \ file://wrong-variable-expansion.patch \ file://0001-Fix-literal-and-identifier-spacing-as-dictated-by-C-.patch \ " diff --git a/meta-oe/recipes-extended/mraa/mraa_git.bb b/meta-oe/recipes-extended/mraa/mraa_git.bb index 0b40dcb71..540ef6e12 100644 --- a/meta-oe/recipes-extended/mraa/mraa_git.bb +++ b/meta-oe/recipes-extended/mraa/mraa_git.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=91e7de50a8d3cf01057f318d72460acd" SRCREV = "e15ce6fbc76148ba8835adc92196b0d0a3f245e7" PV = "2.1.0+git${SRCPV}" -SRC_URI = "git://github.com/eclipse/${BPN}.git;protocol=http \ +SRC_URI = "git://github.com/eclipse/${BPN}.git;protocol=http;branch=master;protocol=https \ file://0001-cmake-Use-a-regular-expression-to-match-x86-architec.patch \ " diff --git a/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb b/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb index 9d5a2307e..f635a9b13 100644 --- a/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb +++ b/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb @@ -17,7 +17,7 @@ REQUIRED_DISTRO_FEATURES = "pam" SRCREV = "d8eba6cb6682b59d84ca1da67a523520b879ade6" -SRC_URI = "git://github.com/Openwsman/openwsman.git \ +SRC_URI = "git://github.com/Openwsman/openwsman.git;branch=master;protocol=https \ file://libssl-is-required-if-eventint-supported.patch \ file://openwsmand.service \ file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \ diff --git a/meta-oe/recipes-extended/ostree/ostree_2020.3.bb b/meta-oe/recipes-extended/ostree/ostree_2020.3.bb index c1f43feb6..5b0171d8c 100644 --- a/meta-oe/recipes-extended/ostree/ostree_2020.3.bb +++ b/meta-oe/recipes-extended/ostree/ostree_2020.3.bb @@ -22,7 +22,7 @@ DEPENDS = " \ PREMIRRORS = "" SRC_URI = " \ - gitsm://github.com/ostreedev/ostree;branch=main \ + gitsm://github.com/ostreedev/ostree;branch=main;protocol=https \ file://run-ptest \ " SRCREV = "6ed48234ba579ff73eb128af237212b0a00f2057" @@ -181,7 +181,7 @@ RDEPENDS_${PN}-ptest += " \ " RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-utils glibc-localedata-en-us" -RRECOMMENDS_${PN} += "kernel-module-overlay" +RRECOMMENDS_${PN}_append_class-target = " kernel-module-overlay" SYSTEMD_SERVICE_${PN} = "ostree-remount.service ostree-finalize-staged.path" SYSTEMD_SERVICE_${PN}-switchroot = "ostree-prepare-root.service" diff --git a/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch new file mode 100644 index 000000000..98e186cbf --- /dev/null +++ b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch @@ -0,0 +1,27 @@ +p7zip: Update CVE-2016-9296 patch URL. +From: Robert Luberda <robert@debian.org> +Date: Sat, 19 Nov 2016 08:48:08 +0100 +Subject: Fix nullptr dereference (CVE-2016-9296) + +Patch taken from https://sourceforge.net/p/p7zip/bugs/185/ +This patch file taken from Debian's patch set for p7zip + +Upstream-Status: Backport [https://sourceforge.net/p/p7zip/bugs/185/] +CVE: CVE-2016-9296 + +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> + +Index: p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Archive/7z/7zIn.cpp ++++ p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp +@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS + if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) + ThrowIncorrect(); + } +- HeadersSize += folders.PackPositions[folders.NumPackStreams]; ++ if (folders.PackPositions) ++ HeadersSize += folders.PackPositions[folders.NumPackStreams]; + return S_OK; + } + diff --git a/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch b/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch new file mode 100644 index 000000000..b6deb5d3a --- /dev/null +++ b/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch @@ -0,0 +1,226 @@ +From: Robert Luberda <robert@debian.org> +Date: Sun, 28 Jan 2018 23:47:40 +0100 +Subject: CVE-2018-5996 + +Hopefully fix Memory Corruptions via RAR PPMd (CVE-2018-5996) by +applying a few changes from 7Zip 18.00-beta. + +Bug-Debian: https://bugs.debian.org/#888314 + +Upstream-Status: Backport [https://sources.debian.org/data/non-free/p/p7zip-rar/16.02-3/debian/patches/06-CVE-2018-5996.patch] +CVE: CVE-2018-5996 + +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> +--- + CPP/7zip/Compress/Rar1Decoder.cpp | 13 +++++++++---- + CPP/7zip/Compress/Rar1Decoder.h | 1 + + CPP/7zip/Compress/Rar2Decoder.cpp | 10 +++++++++- + CPP/7zip/Compress/Rar2Decoder.h | 1 + + CPP/7zip/Compress/Rar3Decoder.cpp | 23 ++++++++++++++++++++--- + CPP/7zip/Compress/Rar3Decoder.h | 2 ++ + 6 files changed, 42 insertions(+), 8 deletions(-) + +Index: p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.cpp +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar1Decoder.cpp ++++ p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.cpp +@@ -29,7 +29,7 @@ public: + }; + */ + +-CDecoder::CDecoder(): m_IsSolid(false) { } ++CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { } + + void CDecoder::InitStructures() + { +@@ -406,9 +406,14 @@ HRESULT CDecoder::CodeReal(ISequentialIn + InitData(); + if (!m_IsSolid) + { ++ _errorMode = false; + InitStructures(); + InitHuff(); + } ++ ++ if (_errorMode) ++ return S_FALSE; ++ + if (m_UnpackSize > 0) + { + GetFlagsBuf(); +@@ -477,9 +482,9 @@ STDMETHODIMP CDecoder::Code(ISequentialI + const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress) + { + try { return CodeReal(inStream, outStream, inSize, outSize, progress); } +- catch(const CInBufferException &e) { return e.ErrorCode; } +- catch(const CLzOutWindowException &e) { return e.ErrorCode; } +- catch(...) { return S_FALSE; } ++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(const CLzOutWindowException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(...) { _errorMode = true; return S_FALSE; } + } + + STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) +Index: p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.h +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar1Decoder.h ++++ p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.h +@@ -39,6 +39,7 @@ public: + + Int64 m_UnpackSize; + bool m_IsSolid; ++ bool _errorMode; + + UInt32 ReadBits(int numBits); + HRESULT CopyBlock(UInt32 distance, UInt32 len); +Index: p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.cpp +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar2Decoder.cpp ++++ p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.cpp +@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << + static const UInt32 kWindowReservSize = (1 << 22) + 256; + + CDecoder::CDecoder(): +- m_IsSolid(false) ++ m_IsSolid(false), ++ m_TablesOK(false) + { + } + +@@ -100,6 +101,8 @@ UInt32 CDecoder::ReadBits(unsigned numBi + + bool CDecoder::ReadTables(void) + { ++ m_TablesOK = false; ++ + Byte levelLevels[kLevelTableSize]; + Byte newLevels[kMaxTableSize]; + m_AudioMode = (ReadBits(1) == 1); +@@ -170,6 +173,8 @@ bool CDecoder::ReadTables(void) + } + + memcpy(m_LastLevels, newLevels, kMaxTableSize); ++ m_TablesOK = true; ++ + return true; + } + +@@ -344,6 +349,9 @@ HRESULT CDecoder::CodeReal(ISequentialIn + return S_FALSE; + } + ++ if (!m_TablesOK) ++ return S_FALSE; ++ + UInt64 startPos = m_OutWindowStream.GetProcessedSize(); + while (pos < unPackSize) + { +Index: p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.h +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar2Decoder.h ++++ p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.h +@@ -139,6 +139,7 @@ class CDecoder : + + UInt64 m_PackSize; + bool m_IsSolid; ++ bool m_TablesOK; + + void InitStructures(); + UInt32 ReadBits(unsigned numBits); +Index: p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.cpp +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar3Decoder.cpp ++++ p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.cpp +@@ -92,7 +92,8 @@ CDecoder::CDecoder(): + _writtenFileSize(0), + _vmData(0), + _vmCode(0), +- m_IsSolid(false) ++ m_IsSolid(false), ++ _errorMode(false) + { + Ppmd7_Construct(&_ppmd); + } +@@ -545,6 +546,9 @@ HRESULT CDecoder::ReadTables(bool &keepD + return InitPPM(); + } + ++ TablesRead = false; ++ TablesOK = false; ++ + _lzMode = true; + PrevAlignBits = 0; + PrevAlignCount = 0; +@@ -606,6 +610,9 @@ HRESULT CDecoder::ReadTables(bool &keepD + } + } + } ++ if (InputEofError()) ++ return S_FALSE; ++ + TablesRead = true; + + // original code has check here: +@@ -623,6 +630,9 @@ HRESULT CDecoder::ReadTables(bool &keepD + RIF(m_LenDecoder.Build(&newLevels[kMainTableSize + kDistTableSize + kAlignTableSize])); + + memcpy(m_LastLevels, newLevels, kTablesSizesSum); ++ ++ TablesOK = true; ++ + return S_OK; + } + +@@ -824,7 +834,12 @@ HRESULT CDecoder::CodeReal(ICompressProg + PpmEscChar = 2; + PpmError = true; + InitFilters(); ++ _errorMode = false; + } ++ ++ if (_errorMode) ++ return S_FALSE; ++ + if (!m_IsSolid || !TablesRead) + { + bool keepDecompressing; +@@ -838,6 +853,8 @@ HRESULT CDecoder::CodeReal(ICompressProg + bool keepDecompressing; + if (_lzMode) + { ++ if (!TablesOK) ++ return S_FALSE; + RINOK(DecodeLZ(keepDecompressing)) + } + else +@@ -901,8 +918,8 @@ STDMETHODIMP CDecoder::Code(ISequentialI + _unpackSize = outSize ? *outSize : (UInt64)(Int64)-1; + return CodeReal(progress); + } +- catch(const CInBufferException &e) { return e.ErrorCode; } +- catch(...) { return S_FALSE; } ++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(...) { _errorMode = true; return S_FALSE; } + // CNewException is possible here. But probably CNewException is caused + // by error in data stream. + } +Index: p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.h +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar3Decoder.h ++++ p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.h +@@ -192,6 +192,7 @@ class CDecoder: + UInt32 _lastFilter; + + bool m_IsSolid; ++ bool _errorMode; + + bool _lzMode; + bool _unsupportedFilter; +@@ -200,6 +201,7 @@ class CDecoder: + UInt32 PrevAlignCount; + + bool TablesRead; ++ bool TablesOK; + + CPpmd7 _ppmd; + int PpmEscChar; diff --git a/meta-oe/recipes-extended/p7zip/files/change_numMethods_from_bool_to_unsigned.patch b/meta-oe/recipes-extended/p7zip/files/change_numMethods_from_bool_to_unsigned.patch new file mode 100644 index 000000000..dcde83e8a --- /dev/null +++ b/meta-oe/recipes-extended/p7zip/files/change_numMethods_from_bool_to_unsigned.patch @@ -0,0 +1,27 @@ +fixes the below error + +| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp: In member function 'virtual LONG NArchive::NWim::CHandler::GetArchiveProperty(PROPID, PROPVARIANT*)': +| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:308:11: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17 +| 308 | numMethods++; +| | ^~~~~~~~~~ +| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:318:9: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17 +| 318 | numMethods++; + + +use unsigned instead of bool +Signed-off-by: Nisha Parrakat <Nisha.Parrakat@kpit.com> + +Upstream-Status: Pending +Index: p7zip_16.02/CPP/7zip/Archive/Wim/WimHandler.cpp +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Archive/Wim/WimHandler.cpp ++++ p7zip_16.02/CPP/7zip/Archive/Wim/WimHandler.cpp +@@ -298,7 +298,7 @@ STDMETHODIMP CHandler::GetArchivePropert + + AString res; + +- bool numMethods = 0; ++ unsigned numMethods = 0; + for (unsigned i = 0; i < ARRAY_SIZE(k_Methods); i++) + { + if (methodMask & ((UInt32)1 << i)) diff --git a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb index 13479a90f..79677c648 100644 --- a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb +++ b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb @@ -9,6 +9,9 @@ SRC_URI = "http://downloads.sourceforge.net/p7zip/p7zip/${PV}/p7zip_${PV}_src_al file://do_not_override_compiler_and_do_not_strip.patch \ file://CVE-2017-17969.patch \ file://0001-Fix-narrowing-errors-Wc-11-narrowing.patch \ + file://change_numMethods_from_bool_to_unsigned.patch \ + file://CVE-2018-5996.patch \ + file://CVE-2016-9296.patch \ " SRC_URI[md5sum] = "a0128d661cfe7cc8c121e73519c54fbf" @@ -16,10 +19,26 @@ SRC_URI[sha256sum] = "5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6 S = "${WORKDIR}/${BPN}_${PV}" +do_compile_append() { + oe_runmake 7z +} +FILES_${PN} += "${libdir}/* ${bindir}/7z" + +FILES_SOLIBSDEV = "" +INSANE_SKIP_${PN} += "dev-so" + do_install() { install -d ${D}${bindir} - install -m 0755 ${S}/bin/* ${D}${bindir} + install -d ${D}${bindir}/Codecs + install -d ${D}${libdir} + install -d ${D}${libdir}/Codecs + install -m 0755 ${S}/bin/7za ${D}${bindir} ln -s 7za ${D}${bindir}/7z + install -m 0755 ${S}/bin/Codecs/* ${D}${libdir}/Codecs/ + install -m 0755 ${S}/bin/7z.so ${D}${libdir}/lib7z.so } -BBCLASSEXTEND = "native" +RPROVIDES_${PN} += "lib7z.so()(64bit) 7z lib7z.so" +RPROVIDES_${PN}-dev += "lib7z.so()(64bit) 7z lib7z.so" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-oe/recipes-extended/p8platform/p8platform_git.bb b/meta-oe/recipes-extended/p8platform/p8platform_git.bb index 0690d4ba3..2e52caeff 100644 --- a/meta-oe/recipes-extended/p8platform/p8platform_git.bb +++ b/meta-oe/recipes-extended/p8platform/p8platform_git.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://src/os.h;md5=752555fa94e82005d45fd201fee5bd33" PV = "2.1.0.1" -SRC_URI = "git://github.com/Pulse-Eight/platform.git \ +SRC_URI = "git://github.com/Pulse-Eight/platform.git;branch=master;protocol=https \ file://0001-Make-resulting-cmake-config-relocatable.patch" SRCREV = "2d90f98620e25f47702c9e848380c0d93f29462b" diff --git a/meta-oe/recipes-extended/pam/pam-plugin-ccreds_11.bb b/meta-oe/recipes-extended/pam/pam-plugin-ccreds_11.bb index 9838e75ef..5c2af44c7 100644 --- a/meta-oe/recipes-extended/pam/pam-plugin-ccreds_11.bb +++ b/meta-oe/recipes-extended/pam/pam-plugin-ccreds_11.bb @@ -11,7 +11,7 @@ REQUIRED_DISTRO_FEATURES = "pam" SRCREV = "e2145df09469bf84878e4729b4ecd814efb797d1" -SRC_URI = "git://github.com/PADL/pam_ccreds" +SRC_URI = "git://github.com/PADL/pam_ccreds;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/pam/pam-plugin-ldapdb_1.3.bb b/meta-oe/recipes-extended/pam/pam-plugin-ldapdb_1.3.bb index 626b22fe4..5022300ba 100644 --- a/meta-oe/recipes-extended/pam/pam-plugin-ldapdb_1.3.bb +++ b/meta-oe/recipes-extended/pam/pam-plugin-ldapdb_1.3.bb @@ -11,7 +11,7 @@ inherit features_check REQUIRED_DISTRO_FEATURES = "pam" SRCREV = "84d7b260f1ae6857ae36e014c9a5968e8aa1cbe8" -SRC_URI = "git://github.com/rmbreak/pam_ldapdb \ +SRC_URI = "git://github.com/rmbreak/pam_ldapdb;branch=master;protocol=https \ file://0001-include-stdexcept-for-std-invalid_argument.patch \ " diff --git a/meta-oe/recipes-extended/pmdk/pmdk_1.7.bb b/meta-oe/recipes-extended/pmdk/pmdk_1.7.bb index f5066da0d..5c56a16f4 100644 --- a/meta-oe/recipes-extended/pmdk/pmdk_1.7.bb +++ b/meta-oe/recipes-extended/pmdk/pmdk_1.7.bb @@ -11,7 +11,7 @@ DEPENDS_append_libc-musl = " fts" S = "${WORKDIR}/git" -SRC_URI = "git://github.com/pmem/pmdk.git \ +SRC_URI = "git://github.com/pmem/pmdk.git;branch=master;protocol=https \ file://0001-jemalloc-jemalloc.cfg-Specify-the-host-when-building.patch \ file://0002-Makefile-Don-t-install-the-docs.patch \ file://0001-os_posix-Use-__FreeBSD__-to-control-secure_getenv-de.patch \ diff --git a/meta-oe/recipes-extended/polkit/files/CVE-2021-4034.patch b/meta-oe/recipes-extended/polkit/files/CVE-2021-4034.patch new file mode 100644 index 000000000..cab1c83c0 --- /dev/null +++ b/meta-oe/recipes-extended/polkit/files/CVE-2021-4034.patch @@ -0,0 +1,74 @@ +From ed8b418f1341cf7fc576f6b17de5c6dd4017e034 Mon Sep 17 00:00:00 2001 +From: "Jeremy A. Puhlman" <jpuhlman@mvista.com> +Date: Thu, 27 Jan 2022 00:01:27 +0000 +Subject: [PATCH] CVE-2021-4034: Local privilege escalation in pkexec due to + incorrect handling of argument vector + +Upstream-Status: Backport https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 +CVE: CVE-2021-4034 + +Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> +--- + src/programs/pkcheck.c | 6 ++++++ + src/programs/pkexec.c | 21 ++++++++++++++++++++- + 2 files changed, 26 insertions(+), 1 deletion(-) + +diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c +index f1bb4e1..aff4f60 100644 +--- a/src/programs/pkcheck.c ++++ b/src/programs/pkcheck.c +@@ -363,6 +363,12 @@ main (int argc, char *argv[]) + local_agent_handle = NULL; + ret = 126; + ++ if (argc < 1) ++ { ++ help(); ++ exit(1); ++ } ++ + /* Disable remote file access from GIO. */ + setenv ("GIO_USE_VFS", "local", 1); + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 7698c5c..3ff4c58 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -488,6 +488,17 @@ main (int argc, char *argv[]) + pid_t pid_of_caller; + gpointer local_agent_handle; + ++ ++ /* ++ * If 'pkexec' is called wrong, just show help and bail out. ++ */ ++ if (argc<1) ++ { ++ clearenv(); ++ usage(argc, argv); ++ exit(1); ++ } ++ + ret = 127; + authority = NULL; + subject = NULL; +@@ -636,7 +647,15 @@ main (int argc, char *argv[]) + goto out; + } + g_free (path); +- argv[n] = path = s; ++ path = s; ++ ++ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. ++ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination ++ */ ++ if (argv[n] != NULL) ++ { ++ argv[n] = path; ++ } + } + if (access (path, F_OK) != 0) + { +-- +2.26.2 + diff --git a/meta-oe/recipes-extended/polkit/files/CVE-2021-4115.patch b/meta-oe/recipes-extended/polkit/files/CVE-2021-4115.patch new file mode 100644 index 000000000..37e0d6063 --- /dev/null +++ b/meta-oe/recipes-extended/polkit/files/CVE-2021-4115.patch @@ -0,0 +1,87 @@ +From 41cb093f554da8772362654a128a84dd8a5542a7 Mon Sep 17 00:00:00 2001 +From: Jan Rybar <jrybar@redhat.com> +Date: Mon, 21 Feb 2022 08:29:05 +0000 +Subject: [PATCH] CVE-2021-4115 (GHSL-2021-077) fix + +Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7.patch] +CVE: CVE-2021-4115 +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + src/polkit/polkitsystembusname.c | 38 ++++++++++++++++++++++++++++---- + 1 file changed, 34 insertions(+), 4 deletions(-) + +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 8ed1363..2fbf5f1 100644 +--- a/src/polkit/polkitsystembusname.c ++++ b/src/polkit/polkitsystembusname.c +@@ -62,6 +62,10 @@ enum + PROP_NAME, + }; + ++ ++guint8 dbus_call_respond_fails; // has to be global because of callback ++ ++ + static void subject_iface_init (PolkitSubjectIface *subject_iface); + + G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT, +@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src, + if (!v) + { + data->caught_error = TRUE; ++ dbus_call_respond_fails += 1; + } + else + { +@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + tmp_context = g_main_context_new (); + g_main_context_push_thread_default (tmp_context); + ++ dbus_call_respond_fails = 0; ++ + /* Do two async calls as it's basically as fast as one sync call. + */ + g_dbus_connection_call (connection, +@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + on_retrieved_unix_uid_pid, + &data); + +- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) +- g_main_context_iteration (tmp_context, TRUE); ++ while (TRUE) ++ { ++ /* If one dbus call returns error, we must wait until the other call ++ * calls _call_finish(), otherwise fd leak is possible. ++ * Resolves: GHSL-2021-077 ++ */ + +- if (data.caught_error) +- goto out; ++ if ( (dbus_call_respond_fails > 1) ) ++ { ++ // we got two faults, we can leave ++ goto out; ++ } ++ ++ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid))) ++ { ++ // we got one fault and the other call finally finished, we can leave ++ goto out; ++ } ++ ++ if ( !(data.retrieved_uid && data.retrieved_pid) ) ++ { ++ g_main_context_iteration (tmp_context, TRUE); ++ } ++ else ++ { ++ break; ++ } ++ } + + if (out_uid) + *out_uid = data.uid; +-- +GitLab + diff --git a/meta-oe/recipes-extended/polkit/polkit/CVE-2021-3560.patch b/meta-oe/recipes-extended/polkit/polkit/CVE-2021-3560.patch new file mode 100644 index 000000000..76308ffdb --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/CVE-2021-3560.patch @@ -0,0 +1,33 @@ +From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001 +From: Jan Rybar <jrybar@redhat.com> +Date: Wed, 2 Jun 2021 15:43:38 +0200 +Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit + +initial values returned if error caught + +CVE: CVE-2021-3560 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + src/polkit/polkitsystembusname.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 8daa12c..8ed1363 100644 +--- a/src/polkit/polkitsystembusname.c ++++ b/src/polkit/polkitsystembusname.c +@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) + g_main_context_iteration (tmp_context, TRUE); + ++ if (data.caught_error) ++ goto out; ++ + if (out_uid) + *out_uid = data.uid; + if (out_pid) +-- +2.29.2 + diff --git a/meta-oe/recipes-extended/polkit/polkit_0.116.bb b/meta-oe/recipes-extended/polkit/polkit_0.116.bb index ad1973b13..dd8e20861 100644 --- a/meta-oe/recipes-extended/polkit/polkit_0.116.bb +++ b/meta-oe/recipes-extended/polkit/polkit_0.116.bb @@ -25,6 +25,9 @@ PAM_SRC_URI = "file://polkit-1_pam.patch" SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ file://0003-make-netgroup-support-optional.patch \ + file://CVE-2021-3560.patch \ + file://CVE-2021-4034.patch \ + file://CVE-2021-4115.patch \ " SRC_URI[md5sum] = "4b37258583393e83069a0e2e89c0162a" SRC_URI[sha256sum] = "88170c9e711e8db305a12fdb8234fac5706c61969b94e084d0f117d8ec5d34b1" diff --git a/meta-oe/recipes-extended/redis/redis_5.0.9.bb b/meta-oe/recipes-extended/redis/redis_5.0.14.bb index d04293369..3d849ec8c 100644 --- a/meta-oe/recipes-extended/redis/redis_5.0.9.bb +++ b/meta-oe/recipes-extended/redis/redis_5.0.14.bb @@ -17,8 +17,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://GNU_SOURCE.patch \ " -SRC_URI[md5sum] = "c94523c9f4ee662027ddf90575d0e058" -SRC_URI[sha256sum] = "53d0ae164cd33536c3d4b720ae9a128ea6166ebf04ff1add3b85f1242090cb85" +SRC_URI[sha256sum] = "3ea5024766d983249e80d4aa9457c897a9f079957d0fb1f35682df233f997f32" inherit autotools-brokensep update-rc.d systemd useradd diff --git a/meta-oe/recipes-extended/rrdtool/rrdtool_1.7.2.bb b/meta-oe/recipes-extended/rrdtool/rrdtool_1.7.2.bb index 5662e6347..914b12e7c 100644 --- a/meta-oe/recipes-extended/rrdtool/rrdtool_1.7.2.bb +++ b/meta-oe/recipes-extended/rrdtool/rrdtool_1.7.2.bb @@ -10,7 +10,7 @@ SRCREV = "56a83f4f52e6745cd4352f9ee008be3183a6dedf" PV = "1.7.2" SRC_URI = "\ - git://github.com/oetiker/rrdtool-1.x.git;branch=master;protocol=http; \ + git://github.com/oetiker/rrdtool-1.x.git;branch=master;protocol=http;protocol=https \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/rsyslog/libfastjson_0.99.8.bb b/meta-oe/recipes-extended/rsyslog/libfastjson_0.99.8.bb index b84dde3d3..3b63971e5 100644 --- a/meta-oe/recipes-extended/rsyslog/libfastjson_0.99.8.bb +++ b/meta-oe/recipes-extended/rsyslog/libfastjson_0.99.8.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a958bb07122368f3e1d9b2efe07d231f" DEPENDS = "" -SRC_URI = "git://github.com/rsyslog/libfastjson.git;protocol=https \ +SRC_URI = "git://github.com/rsyslog/libfastjson.git;protocol=https;branch=master \ file://0001-fix-jump-misses-init-gcc-8-warning.patch" SRCREV = "4758b1caf69ada911ef79e1d80793fe489b98dff" diff --git a/meta-oe/recipes-extended/rsyslog/librelp_1.5.0.bb b/meta-oe/recipes-extended/rsyslog/librelp_1.5.0.bb index a4663148c..9da9d7c96 100644 --- a/meta-oe/recipes-extended/rsyslog/librelp_1.5.0.bb +++ b/meta-oe/recipes-extended/rsyslog/librelp_1.5.0.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1fb9c10ed9fd6826757615455ca893a9" DEPENDS = "gmp nettle libidn zlib gnutls openssl" -SRC_URI = "git://github.com/rsyslog/librelp.git;protocol=https \ +SRC_URI = "git://github.com/rsyslog/librelp.git;protocol=https;branch=master \ " SRCREV = "0beb2258e12e4131dc31e261078ea53d18f787d7" diff --git a/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb b/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb index ffd46da0a..e720d3e5c 100644 --- a/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb +++ b/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://../README.license;md5=60487bf0bf429d6b5aa72b6d37a0eb2 PV .= "+git${SRCPV}" -SRC_URI = "git://pagure.io/sanlock.git;protocol=http \ +SRC_URI = "git://pagure.io/sanlock.git;protocol=http;branch=master \ file://0001-sanlock-Replace-cp-a-with-cp-R-no-dereference-preser.patch;patchdir=../ \ " SRCREV = "cff348800722f7dadf030ffe7494c2df714996e3" diff --git a/meta-oe/recipes-extended/sedutil/sedutil_git.bb b/meta-oe/recipes-extended/sedutil/sedutil_git.bb index 765618433..03446c324 100644 --- a/meta-oe/recipes-extended/sedutil/sedutil_git.bb +++ b/meta-oe/recipes-extended/sedutil/sedutil_git.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://Common/LICENSE.txt;md5=d32239bcb673463ab874e80d47fae5 BASEPV = "1.15.1" PV = "${BASEPV}+git${SRCPV}" SRCREV = "358cc758948be788284d5faba46ccf4cc1813796" -SRC_URI = "git://github.com/Drive-Trust-Alliance/sedutil.git \ +SRC_URI = "git://github.com/Drive-Trust-Alliance/sedutil.git;branch=master;protocol=https \ file://0001-Fix-build-on-big-endian-architectures.patch \ " diff --git a/meta-oe/recipes-extended/socketcan/can-isotp_git.bb b/meta-oe/recipes-extended/socketcan/can-isotp_git.bb index e40e1cd26..7d016bc96 100644 --- a/meta-oe/recipes-extended/socketcan/can-isotp_git.bb +++ b/meta-oe/recipes-extended/socketcan/can-isotp_git.bb @@ -3,7 +3,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=72d977d697c3c05830fdff00a7448931" SRCREV = "b31bce98d65f894aad6427bcf6f3f7822e261a59" PV = "1.0+git${SRCPV}" -SRC_URI = "git://github.com/hartkopp/can-isotp.git;protocol=https" +SRC_URI = "git://github.com/hartkopp/can-isotp.git;protocol=https;branch=master" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/socketcan/can-utils_git.bb b/meta-oe/recipes-extended/socketcan/can-utils_git.bb index 519368817..92b38030f 100644 --- a/meta-oe/recipes-extended/socketcan/can-utils_git.bb +++ b/meta-oe/recipes-extended/socketcan/can-utils_git.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://include/linux/can.h;endline=44;md5=a9e1169c6c9a114a61 DEPENDS = "libsocketcan" -SRC_URI = "git://github.com/linux-can/${BPN}.git;protocol=git" +SRC_URI = "git://github.com/linux-can/${BPN}.git;protocol=https;branch=master" SRCREV = "da65fdfe0d1986625ee00af0b56ae17ec132e700" diff --git a/meta-oe/recipes-extended/socketcan/canutils_4.0.6.bb b/meta-oe/recipes-extended/socketcan/canutils_4.0.6.bb index e1508af85..56466a6cd 100644 --- a/meta-oe/recipes-extended/socketcan/canutils_4.0.6.bb +++ b/meta-oe/recipes-extended/socketcan/canutils_4.0.6.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" DEPENDS = "libsocketcan" SRCREV = "299dff7f5322bf0348dcdd60071958ebedf5f09d" -SRC_URI = "git://git.pengutronix.de/git/tools/canutils.git;protocol=git \ +SRC_URI = "git://git.pengutronix.de/git/tools/canutils.git;protocol=git;branch=master \ file://0001-canutils-candump-Add-error-frame-s-handling.patch \ " diff --git a/meta-oe/recipes-extended/socketcan/libsocketcan_0.0.11.bb b/meta-oe/recipes-extended/socketcan/libsocketcan_0.0.11.bb index 0debe47e0..6a44cff93 100644 --- a/meta-oe/recipes-extended/socketcan/libsocketcan_0.0.11.bb +++ b/meta-oe/recipes-extended/socketcan/libsocketcan_0.0.11.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://src/libsocketcan.c;beginline=3;endline=17;md5=97e38ad SRCREV = "0ff01ae7e4d271a7b81241e7a7026bfcea0add3f" -SRC_URI = "git://git.pengutronix.de/git/tools/libsocketcan.git;protocol=git" +SRC_URI = "git://git.pengutronix.de/git/tools/libsocketcan.git;protocol=git;branch=master" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/sysdig/sysdig_git.bb b/meta-oe/recipes-extended/sysdig/sysdig_git.bb index 04a022af4..d15ecdb03 100644 --- a/meta-oe/recipes-extended/sysdig/sysdig_git.bb +++ b/meta-oe/recipes-extended/sysdig/sysdig_git.bb @@ -18,7 +18,7 @@ JIT_riscv32 = "" DEPENDS += "lua${JIT} zlib c-ares grpc-native grpc curl ncurses jsoncpp tbb jq openssl elfutils protobuf protobuf-native jq-native" RDEPENDS_${PN} = "bash" -SRC_URI = "git://github.com/draios/sysdig.git;branch=dev \ +SRC_URI = "git://github.com/draios/sysdig.git;branch=dev;protocol=https \ file://0001-fix-build-with-LuaJIT-2.1-betas.patch \ file://0001-Fix-build-with-musl-backtrace-APIs-are-glibc-specifi.patch \ file://fix-uint64-const.patch \ diff --git a/meta-oe/recipes-extended/tipcutils/tipcutils_git.bb b/meta-oe/recipes-extended/tipcutils/tipcutils_git.bb index 637770af2..c9d9fb572 100644 --- a/meta-oe/recipes-extended/tipcutils/tipcutils_git.bb +++ b/meta-oe/recipes-extended/tipcutils/tipcutils_git.bb @@ -2,7 +2,7 @@ SUMMARY = "Transparent Inter-Process Communication protocol" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://tipclog/tipc.h;endline=35;md5=985b6ea8735818511d276c1b466cce98" -SRC_URI = "git://git.code.sf.net/p/tipc/tipcutils \ +SRC_URI = "git://git.code.sf.net/p/tipc/tipcutils;branch=master \ file://0001-include-sys-select.h-for-FD_-definitions.patch \ file://0002-replace-non-standard-uint-with-unsigned-int.patch \ file://0001-multicast_blast-tipcc-Fix-struct-type-for-TIPC_GROUP.patch \ diff --git a/meta-oe/recipes-extended/triggerhappy/triggerhappy_git.bb b/meta-oe/recipes-extended/triggerhappy/triggerhappy_git.bb index 38ce4f557..c62cef36d 100644 --- a/meta-oe/recipes-extended/triggerhappy/triggerhappy_git.bb +++ b/meta-oe/recipes-extended/triggerhappy/triggerhappy_git.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" # matches debian/0.5.0-1 tag SRCREV = "44a173195986d0d853316cb02a58785ded66c12b" PV = "0.5.0+git${SRCPV}" -SRC_URI = "git://github.com/wertarbyte/${BPN}.git;branch=debian" +SRC_URI = "git://github.com/wertarbyte/${BPN}.git;branch=debian;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/upm/upm_git.bb b/meta-oe/recipes-extended/upm/upm_git.bb index 6a7611f38..7643d13e2 100644 --- a/meta-oe/recipes-extended/upm/upm_git.bb +++ b/meta-oe/recipes-extended/upm/upm_git.bb @@ -10,7 +10,7 @@ DEPENDS = "libjpeg-turbo mraa" SRCREV = "5cf20df96c6b35c19d5b871ba4e319e96b4df72d" PV = "2.0.0+git${SRCPV}" -SRC_URI = "git://github.com/eclipse/${BPN}.git;protocol=http \ +SRC_URI = "git://github.com/eclipse/${BPN}.git;protocol=http;branch=master;protocol=https \ file://0001-CMakeLists.txt-Use-SWIG_SUPPORT_FILES-to-find-the-li.patch \ file://0001-Use-stdint-types.patch \ file://0001-initialize-local-variables-before-use.patch \ diff --git a/meta-oe/recipes-extended/wipe/wipe_0.24.bb b/meta-oe/recipes-extended/wipe/wipe_0.24.bb index 831d514a4..3ccc5afd5 100644 --- a/meta-oe/recipes-extended/wipe/wipe_0.24.bb +++ b/meta-oe/recipes-extended/wipe/wipe_0.24.bb @@ -9,7 +9,7 @@ HOMEPAGE = "http://lambda-diode.com/software/wipe/" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://GPL;md5=0636e73ff0215e8d672dc4c32c317bb3" -SRC_URI = "git://github.com/berke/wipe.git;branch=master \ +SRC_URI = "git://github.com/berke/wipe.git;branch=master;protocol=https \ file://support-cross-compile-for-linux.patch \ file://makefile-add-ldflags.patch \ " diff --git a/meta-oe/recipes-extended/wxwidgets/wxwidgets_git.bb b/meta-oe/recipes-extended/wxwidgets/wxwidgets_git.bb index 06337b79c..8f766ac87 100644 --- a/meta-oe/recipes-extended/wxwidgets/wxwidgets_git.bb +++ b/meta-oe/recipes-extended/wxwidgets/wxwidgets_git.bb @@ -21,7 +21,7 @@ DEPENDS += " \ tiff \ " -SRC_URI = "git://github.com/wxWidgets/wxWidgets.git" +SRC_URI = "git://github.com/wxWidgets/wxWidgets.git;branch=master;protocol=https" PV = "3.1.3" SRCREV= "8a40d23b27ed1c80b5a2ca9f7e8461df4fbc1a31" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/zlog/zlog_1.2.14.bb b/meta-oe/recipes-extended/zlog/zlog_1.2.14.bb index b94664c33..eddf1ed96 100644 --- a/meta-oe/recipes-extended/zlog/zlog_1.2.14.bb +++ b/meta-oe/recipes-extended/zlog/zlog_1.2.14.bb @@ -4,7 +4,7 @@ LICENSE = "LGPLv2.1" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SRCREV = "8fc78c3c65cb705953a2f3f9a813c3ef3c8b2270" -SRC_URI = "git://github.com/HardySimpson/zlog" +SRC_URI = "git://github.com/HardySimpson/zlog;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/zstd/zstd_1.4.5.bb b/meta-oe/recipes-extended/zstd/zstd_1.4.5.bb index cd0b471e1..f8fa226f6 100644 --- a/meta-oe/recipes-extended/zstd/zstd_1.4.5.bb +++ b/meta-oe/recipes-extended/zstd/zstd_1.4.5.bb @@ -9,7 +9,7 @@ LICENSE = "BSD-3-Clause & GPLv2" LIC_FILES_CHKSUM = "file://LICENSE;md5=c7f0b161edbe52f5f345a3d1311d0b32 \ file://COPYING;md5=39bba7d2cf0ba1036f2a6e2be52fe3f0" -SRC_URI = "git://github.com/facebook/zstd.git;nobranch=1 \ +SRC_URI = "git://github.com/facebook/zstd.git;nobranch=1;protocol=https \ file://0001-Fix-legacy-build-after-2103.patch \ " diff --git a/meta-oe/recipes-gnome/pyxdg/pyxdg_0.26.bb b/meta-oe/recipes-gnome/pyxdg/pyxdg_0.26.bb index a957c1d67..6fa31c58f 100644 --- a/meta-oe/recipes-gnome/pyxdg/pyxdg_0.26.bb +++ b/meta-oe/recipes-gnome/pyxdg/pyxdg_0.26.bb @@ -5,7 +5,7 @@ LICENSE = "LGPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=f30a9716ef3762e3467a2f62bf790f0a" SRCREV = "7db14dcf4c4305c3859a2d9fcf9f5da2db328330" -SRC_URI = "git://anongit.freedesktop.org/xdg/pyxdg" +SRC_URI = "git://anongit.freedesktop.org/xdg/pyxdg;branch=master" inherit distutils3 diff --git a/meta-oe/recipes-graphics/dietsplash/dietsplash_git.bb b/meta-oe/recipes-graphics/dietsplash/dietsplash_git.bb index 32f081592..2d13f26a3 100644 --- a/meta-oe/recipes-graphics/dietsplash/dietsplash_git.bb +++ b/meta-oe/recipes-graphics/dietsplash/dietsplash_git.bb @@ -8,7 +8,7 @@ PV = "0.3" PR = "r1" SRCREV = "ef2e1a390e768e21e6a6268977580ee129a96633" -SRC_URI = "git://github.com/lucasdemarchi/dietsplash.git \ +SRC_URI = "git://github.com/lucasdemarchi/dietsplash.git;branch=master;protocol=https \ file://0001-configure.ac-Do-not-demand-linker-hash-style.patch \ " diff --git a/meta-oe/recipes-graphics/dnfdragora/dnfdragora_git.bb b/meta-oe/recipes-graphics/dnfdragora/dnfdragora_git.bb index 007385101..24f8e44d8 100644 --- a/meta-oe/recipes-graphics/dnfdragora/dnfdragora_git.bb +++ b/meta-oe/recipes-graphics/dnfdragora/dnfdragora_git.bb @@ -3,7 +3,7 @@ LICENSE = "GPLv3" LIC_FILES_CHKSUM = "file://LICENSE;md5=d32239bcb673463ab874e80d47fae504 \ " -SRC_URI = "git://github.com/manatools/dnfdragora.git \ +SRC_URI = "git://github.com/manatools/dnfdragora.git;branch=master;protocol=https \ file://0001-disable-build-manpages.patch \ file://0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \ file://0001-To-fix-error-when-do_package.patch \ diff --git a/meta-oe/recipes-graphics/fbgrab/fbgrab_1.3.3.bb b/meta-oe/recipes-graphics/fbgrab/fbgrab_1.3.3.bb index e3dff9191..8036d5f7a 100644 --- a/meta-oe/recipes-graphics/fbgrab/fbgrab_1.3.3.bb +++ b/meta-oe/recipes-graphics/fbgrab/fbgrab_1.3.3.bb @@ -4,7 +4,7 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=ea5bed2f60d357618ca161ad539f7c0a" SECTION = "console/utils" DEPENDS = "libpng zlib" -SRC_URI = "git://github.com/GunnarMonell/fbgrab.git;protocol=https" +SRC_URI = "git://github.com/GunnarMonell/fbgrab.git;protocol=https;branch=master" SRCREV = "b179e2a42b8a5d72516b9c8d91713c9025cf6044" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb index 1863f95f0..8f65da2c1 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb @@ -15,7 +15,7 @@ REQUIRED_DISTRO_FEATURES_append_class-target = " x11" # tag 20190801 SRCREV = "ac635b818e38ddb8e7e2e1057330a32b4e25476e" -SRC_URI = "git://github.com/${BPN}/${BPN}.git \ +SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \ file://0001-include-sys-select-on-non-glibc-platforms.patch \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-graphics/fvwm/fvwm_2.6.9.bb b/meta-oe/recipes-graphics/fvwm/fvwm_2.6.9.bb index 3b01a216b..d405cb877 100644 --- a/meta-oe/recipes-graphics/fvwm/fvwm_2.6.9.bb +++ b/meta-oe/recipes-graphics/fvwm/fvwm_2.6.9.bb @@ -32,7 +32,7 @@ DEPENDS = " \ " SRC_URI = " \ - git://github.com/fvwmorg/fvwm.git;protocol=https \ + git://github.com/fvwmorg/fvwm.git;protocol=https;branch=master \ file://0001-Fix-compilation-for-disabled-gnome.patch \ " diff --git a/meta-oe/recipes-graphics/glm/glm_0.9.9.6.bb b/meta-oe/recipes-graphics/glm/glm_0.9.9.6.bb index e2f4dbebc..b44f06c55 100644 --- a/meta-oe/recipes-graphics/glm/glm_0.9.9.6.bb +++ b/meta-oe/recipes-graphics/glm/glm_0.9.9.6.bb @@ -9,7 +9,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://copying.txt;md5=4a735e33f271f57404fda17e80085411" SRC_URI = " \ - git://github.com/g-truc/glm;branch=master \ + git://github.com/g-truc/glm;branch=master;protocol=https \ file://0001-Fix-Wimplicit-int-float-conversion-warnings-with-cla.patch \ file://glmConfig.cmake.in \ file://glmConfigVersion.cmake.in \ diff --git a/meta-oe/recipes-graphics/graphviz/graphviz_2.40.1.bb b/meta-oe/recipes-graphics/graphviz/graphviz_2.40.1.bb index d393ae2a1..72e2f5cc7 100644 --- a/meta-oe/recipes-graphics/graphviz/graphviz_2.40.1.bb +++ b/meta-oe/recipes-graphics/graphviz/graphviz_2.40.1.bb @@ -24,7 +24,7 @@ inherit autotools-brokensep pkgconfig gettext # https://github.com/ellson/MOTHBALLED-graphviz/releases/tag/stable_release_2.40.1 # https://gitlab.com/graphviz/graphviz/-/commit/67cd2e5121379a38e0801cc05cce5033f8a2a609 SRCREV = "67cd2e5121379a38e0801cc05cce5033f8a2a609" -SRC_URI = "git://gitlab.com/${BPN}/${BPN}.git \ +SRC_URI = "git://gitlab.com/${BPN}/${BPN}.git;branch=master \ file://0001-plugin-pango-Include-freetype-headers-explicitly.patch \ " # Use native mkdefs @@ -55,6 +55,17 @@ do_install_append_class-native() { install -m755 ${B}/lib/gvpr/mkdefs ${D}${bindir} } +# create /usr/lib/graphviz/config6 +graphviz_sstate_postinst() { + mkdir -p ${SYSROOT_DESTDIR}${bindir} + dest=${SYSROOT_DESTDIR}${bindir}/postinst-${PN} + echo '#!/bin/sh' > $dest + echo '' >> $dest + echo 'dot -c' >> $dest + chmod 0755 $dest +} +SYSROOT_PREPROCESS_FUNCS_append_class-native = " graphviz_sstate_postinst" + PACKAGES =+ "${PN}-python ${PN}-perl ${PN}-demo" FILES_${PN}-python += "${libdir}/python*/site-packages/ ${libdir}/graphviz/python/" diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.16.bb b/meta-oe/recipes-graphics/jasper/jasper_2.0.16.bb index 1d5a29438..977c0961b 100644 --- a/meta-oe/recipes-graphics/jasper/jasper_2.0.16.bb +++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.16.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/mdadams/jasper" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb" -SRC_URI = "git://github.com/mdadams/jasper.git;protocol=https" +SRC_URI = "git://github.com/mdadams/jasper.git;protocol=https;branch=master" SRCREV = "9aef6d91a82a8a6aecb575cbee57f74470603cc2" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-graphics/libvncserver/libvncserver_0.9.12.bb b/meta-oe/recipes-graphics/libvncserver/libvncserver_0.9.12.bb index dfdf82458..7f622c279 100644 --- a/meta-oe/recipes-graphics/libvncserver/libvncserver_0.9.12.bb +++ b/meta-oe/recipes-graphics/libvncserver/libvncserver_0.9.12.bb @@ -44,7 +44,7 @@ FILES_libvncclient = "${libdir}/libvncclient.*" inherit cmake -SRC_URI = "git://github.com/LibVNC/libvncserver" +SRC_URI = "git://github.com/LibVNC/libvncserver;branch=master;protocol=https" SRCREV = "1354f7f1bb6962dab209eddb9d6aac1f03408110" PV .= "+git${SRCPV}" diff --git a/meta-oe/recipes-graphics/libyui/libyui-ncurses_2.52.0.bb b/meta-oe/recipes-graphics/libyui/libyui-ncurses_2.52.0.bb index 1a376a469..8fda4b5fb 100644 --- a/meta-oe/recipes-graphics/libyui/libyui-ncurses_2.52.0.bb +++ b/meta-oe/recipes-graphics/libyui/libyui-ncurses_2.52.0.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING.lgpl-3;md5=e6a600fd5e1d9cbde2d983680233ad02 \ file://COPYING.lgpl-2.1;md5=4fbd65380cdd255951079008b364516c \ " -SRC_URI = "git://github.com/libyui/libyui-ncurses.git \ +SRC_URI = "git://github.com/libyui/libyui-ncurses.git;branch=master;protocol=https \ file://0003-Simplify-ncurses-finding-module.patch \ " diff --git a/meta-oe/recipes-graphics/libyui/libyui_3.6.0.bb b/meta-oe/recipes-graphics/libyui/libyui_3.6.0.bb index f3c112c3b..72a86955e 100644 --- a/meta-oe/recipes-graphics/libyui/libyui_3.6.0.bb +++ b/meta-oe/recipes-graphics/libyui/libyui_3.6.0.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING.gpl-3;md5=d32239bcb673463ab874e80d47fae504 \ file://COPYING.lgpl-3;md5=e6a600fd5e1d9cbde2d983680233ad02 \ " -SRC_URI = "git://github.com/libyui/libyui-old.git \ +SRC_URI = "git://github.com/libyui/libyui-old.git;branch=master;protocol=https \ file://0001-Fix-build-with-clang.patch \ file://0001-Use-relative-install-paths-for-CMake.patch \ " diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2019-12973-1.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2019-12973-1.patch new file mode 100644 index 000000000..98988e686 --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2019-12973-1.patch @@ -0,0 +1,72 @@ +From 21399f6b7d318fcdf4406d5e88723c4922202aa3 Mon Sep 17 00:00:00 2001 +From: Young Xiao <YangX92@hotmail.com> +Date: Sat, 16 Mar 2019 19:57:27 +0800 +Subject: [PATCH] convertbmp: detect invalid file dimensions early + +width/length dimensions read from bmp headers are not necessarily +valid. For instance they may have been maliciously set to very large +values with the intention to cause DoS (large memory allocation, stack +overflow). In these cases we want to detect the invalid size as early +as possible. + +This commit introduces a counter which verifies that the number of +written bytes corresponds to the advertized width/length. + +See commit 8ee335227bbc for details. + +Signed-off-by: Young Xiao <YangX92@hotmail.com> + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2019-12973 +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> +--- + src/bin/jp2/convertbmp.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index 0af52f816..ec34f535b 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -622,13 +622,13 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData, + static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + OPJ_UINT32 stride, OPJ_UINT32 width, OPJ_UINT32 height) + { +- OPJ_UINT32 x, y; ++ OPJ_UINT32 x, y, written; + OPJ_UINT8 *pix; + const OPJ_UINT8 *beyond; + + beyond = pData + stride * height; + pix = pData; +- x = y = 0U; ++ x = y = written = 0U; + while (y < height) { + int c = getc(IN); + if (c == EOF) { +@@ -642,6 +642,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + for (j = 0; (j < c) && (x < width) && + ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) { + *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU)); ++ written++; + } + } else { /* absolute mode */ + c = getc(IN); +@@ -671,6 +672,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + c1 = (OPJ_UINT8)getc(IN); + } + *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU)); ++ written++; + } + if (((c & 3) == 1) || ((c & 3) == 2)) { /* skip padding byte */ + getc(IN); +@@ -678,6 +680,10 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + } + } + } /* while(y < height) */ ++ if (written != width * height) { ++ fprintf(stderr, "warning, image's actual size does not match advertized one\n"); ++ return OPJ_FALSE; ++ } + return OPJ_TRUE; + } + diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2019-12973-2.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2019-12973-2.patch new file mode 100644 index 000000000..2177bfdbd --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2019-12973-2.patch @@ -0,0 +1,86 @@ +From 3aef207f90e937d4931daf6d411e092f76d82e66 Mon Sep 17 00:00:00 2001 +From: Young Xiao <YangX92@hotmail.com> +Date: Sat, 16 Mar 2019 20:09:59 +0800 +Subject: [PATCH] bmp_read_rle4_data(): avoid potential infinite loop + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2019-12973 +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> +--- + src/bin/jp2/convertbmp.c | 32 ++++++++++++++++++++++++++------ + 1 file changed, 26 insertions(+), 6 deletions(-) + +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index ec34f535b..2fc4e9bc4 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -632,12 +632,18 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + while (y < height) { + int c = getc(IN); + if (c == EOF) { +- break; ++ return OPJ_FALSE; + } + + if (c) { /* encoded mode */ +- int j; +- OPJ_UINT8 c1 = (OPJ_UINT8)getc(IN); ++ int j, c1_int; ++ OPJ_UINT8 c1; ++ ++ c1_int = getc(IN); ++ if (c1_int == EOF) { ++ return OPJ_FALSE; ++ } ++ c1 = (OPJ_UINT8)c1_int; + + for (j = 0; (j < c) && (x < width) && + ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) { +@@ -647,7 +653,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + } else { /* absolute mode */ + c = getc(IN); + if (c == EOF) { +- break; ++ return OPJ_FALSE; + } + + if (c == 0x00) { /* EOL */ +@@ -658,8 +664,14 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + break; + } else if (c == 0x02) { /* MOVE by dxdy */ + c = getc(IN); ++ if (c == EOF) { ++ return OPJ_FALSE; ++ } + x += (OPJ_UINT32)c; + c = getc(IN); ++ if (c == EOF) { ++ return OPJ_FALSE; ++ } + y += (OPJ_UINT32)c; + pix = pData + y * stride + x; + } else { /* 03 .. 255 : absolute mode */ +@@ -669,13 +681,21 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + for (j = 0; (j < c) && (x < width) && + ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) { + if ((j & 1) == 0) { +- c1 = (OPJ_UINT8)getc(IN); ++ int c1_int; ++ c1_int = getc(IN); ++ if (c1_int == EOF) { ++ return OPJ_FALSE; ++ } ++ c1 = (OPJ_UINT8)c1_int; + } + *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU)); + written++; + } + if (((c & 3) == 1) || ((c & 3) == 2)) { /* skip padding byte */ +- getc(IN); ++ c = getc(IN); ++ if (c == EOF) { ++ return OPJ_FALSE; ++ } + } + } + } diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch new file mode 100644 index 000000000..f22e153b5 --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch @@ -0,0 +1,43 @@ +From e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Sun, 28 Jun 2020 14:19:59 +0200 +Subject: [PATCH] opj_decompress: fix double-free on input directory with mix + of valid and invalid images (CVE-2020-15389) + +Fixes #1261 + +Credits to @Ruia-ruia for reporting and analysis. + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-15389 +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> +--- + src/bin/jp2/opj_decompress.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c +index 7eeb0952f..2634907f0 100644 +--- a/src/bin/jp2/opj_decompress.c ++++ b/src/bin/jp2/opj_decompress.c +@@ -1316,10 +1316,6 @@ static opj_image_t* upsample_image_components(opj_image_t* original) + int main(int argc, char **argv) + { + opj_decompress_parameters parameters; /* decompression parameters */ +- opj_image_t* image = NULL; +- opj_stream_t *l_stream = NULL; /* Stream */ +- opj_codec_t* l_codec = NULL; /* Handle to a decompressor */ +- opj_codestream_index_t* cstr_index = NULL; + + OPJ_INT32 num_images, imageno; + img_fol_t img_fol; +@@ -1393,6 +1389,10 @@ int main(int argc, char **argv) + + /*Decoding image one by one*/ + for (imageno = 0; imageno < num_images ; imageno++) { ++ opj_image_t* image = NULL; ++ opj_stream_t *l_stream = NULL; /* Stream */ ++ opj_codec_t* l_codec = NULL; /* Handle to a decompressor */ ++ opj_codestream_index_t* cstr_index = NULL; + + if (!parameters.quiet) { + fprintf(stderr, "\n"); diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-1.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-1.patch new file mode 100644 index 000000000..da06db6db --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-1.patch @@ -0,0 +1,29 @@ +From eaa098b59b346cb88e4d10d505061f669d7134fc Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Mon, 23 Nov 2020 13:49:05 +0100 +Subject: [PATCH] Encoder: grow buffer size in + opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in + opj_mqc_flush (fixes #1283) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27814 +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> +--- + src/lib/openjp2/tcd.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/src/lib/openjp2/tcd.c ++++ b/src/lib/openjp2/tcd.c +@@ -1235,9 +1235,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_a + + /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ + /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */ ++ /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */ ++ /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */ + /* TODO: is there a theoretical upper-bound for the compressed code */ + /* block size ? */ +- l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * ++ l_data_size = 26 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * + (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); + + if (l_data_size > p_code_block->data_size) { diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-2.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-2.patch new file mode 100644 index 000000000..9c5894c72 --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-2.patch @@ -0,0 +1,27 @@ +From 15cf3d95814dc931ca0ecb132f81cb152e051bae Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Mon, 23 Nov 2020 18:14:02 +0100 +Subject: [PATCH] Encoder: grow again buffer size in + opj_tcd_code_block_enc_allocate_data() (fixes #1283) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27814 +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> +--- + src/lib/openjp2/tcd.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/src/lib/openjp2/tcd.c ++++ b/src/lib/openjp2/tcd.c +@@ -1237,9 +1237,10 @@ static OPJ_BOOL opj_tcd_code_block_enc_a + /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */ + /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */ + /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */ ++ /* and +28 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 44) */ + /* TODO: is there a theoretical upper-bound for the compressed code */ + /* block size ? */ +- l_data_size = 26 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * ++ l_data_size = 28 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * + (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); + + if (l_data_size > p_code_block->data_size) { diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-3.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-3.patch new file mode 100644 index 000000000..1eb030af4 --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-3.patch @@ -0,0 +1,30 @@ +From 649298dcf84b2f20cfe458d887c1591db47372a6 Mon Sep 17 00:00:00 2001 +From: yuan <zodf0055980@gmail.com> +Date: Wed, 25 Nov 2020 20:41:39 +0800 +Subject: [PATCH] Encoder: grow again buffer size in + opj_tcd_code_block_enc_allocate_data() (fixes #1283) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27814 +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> +--- + src/lib/openjp2/tcd.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/src/lib/openjp2/tcd.c ++++ b/src/lib/openjp2/tcd.c +@@ -1238,10 +1238,12 @@ static OPJ_BOOL opj_tcd_code_block_enc_a + /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */ + /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */ + /* and +28 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 44) */ ++ /* and +33 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 4) */ ++ /* and +63 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 4 -IMF 2K) */ + /* TODO: is there a theoretical upper-bound for the compressed code */ + /* block size ? */ +- l_data_size = 28 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * +- (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); ++ l_data_size = 63 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * ++ (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); + + if (l_data_size > p_code_block->data_size) { + if (p_code_block->data) { diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-4.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-4.patch new file mode 100644 index 000000000..1c267c313 --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-4.patch @@ -0,0 +1,27 @@ +From 4ce7d285a55d29b79880d0566d4b010fe1907aa9 Mon Sep 17 00:00:00 2001 +From: yuan <zodf0055980@gmail.com> +Date: Fri, 4 Dec 2020 19:00:22 +0800 +Subject: [PATCH] Encoder: grow again buffer size in + opj_tcd_code_block_enc_allocate_data() (fixes #1283) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27814 +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> +--- + src/lib/openjp2/tcd.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/src/lib/openjp2/tcd.c ++++ b/src/lib/openjp2/tcd.c +@@ -1240,9 +1240,10 @@ static OPJ_BOOL opj_tcd_code_block_enc_a + /* and +28 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 44) */ + /* and +33 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 4) */ + /* and +63 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 4 -IMF 2K) */ ++ /* and +74 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 4 -n 8 -s 7,7 -I) */ + /* TODO: is there a theoretical upper-bound for the compressed code */ + /* block size ? */ +- l_data_size = 63 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * ++ l_data_size = 74 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * + (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); + + if (l_data_size > p_code_block->data_size) { diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27823.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27823.patch new file mode 100644 index 000000000..e4373d0d3 --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27823.patch @@ -0,0 +1,29 @@ +From b2072402b7e14d22bba6fb8cde2a1e9996e9a919 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Mon, 30 Nov 2020 22:31:51 +0100 +Subject: [PATCH] pngtoimage(): fix wrong computation of x1,y1 if -d option is + used, that would result in a heap buffer overflow (fixes #1284) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27823 +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> +--- + src/bin/jp2/convertpng.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/bin/jp2/convertpng.c b/src/bin/jp2/convertpng.c +index 328c91beb..00f596e27 100644 +--- a/src/bin/jp2/convertpng.c ++++ b/src/bin/jp2/convertpng.c +@@ -223,9 +223,9 @@ opj_image_t *pngtoimage(const char *read_idf, opj_cparameters_t * params) + image->x0 = (OPJ_UINT32)params->image_offset_x0; + image->y0 = (OPJ_UINT32)params->image_offset_y0; + image->x1 = (OPJ_UINT32)(image->x0 + (width - 1) * (OPJ_UINT32) +- params->subsampling_dx + 1 + image->x0); ++ params->subsampling_dx + 1); + image->y1 = (OPJ_UINT32)(image->y0 + (height - 1) * (OPJ_UINT32) +- params->subsampling_dy + 1 + image->y0); ++ params->subsampling_dy + 1); + + row32s = (OPJ_INT32 *)malloc((size_t)width * nr_comp * sizeof(OPJ_INT32)); + if (row32s == NULL) { diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27824.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27824.patch new file mode 100644 index 000000000..5f3deb4dd --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27824.patch @@ -0,0 +1,24 @@ +From 6daf5f3e1ec6eff03b7982889874a3de6617db8d Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Mon, 30 Nov 2020 22:37:07 +0100 +Subject: [PATCH] Encoder: avoid global buffer overflow on irreversible + conversion when too many decomposition levels are specified (fixes #1286) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27824 +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> +--- + src/lib/openjp2/dwt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/src/lib/openjp2/dwt.c ++++ b/src/lib/openjp2/dwt.c +@@ -1293,7 +1293,7 @@ void opj_dwt_calc_explicit_stepsizes(opj + if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) { + stepsize = 1.0; + } else { +- OPJ_FLOAT64 norm = opj_dwt_norms_real[orient][level]; ++ OPJ_FLOAT64 norm = opj_dwt_getnorm_real(level, orient); + stepsize = (1 << (gain)) / norm; + } + opj_dwt_encode_stepsize((OPJ_INT32) floor(stepsize * 8192.0), diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27841.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27841.patch new file mode 100644 index 000000000..db6d12dc2 --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27841.patch @@ -0,0 +1,238 @@ +From 00383e162ae2f8fc951f5745bf1011771acb8dce Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Wed, 2 Dec 2020 14:02:17 +0100 +Subject: [PATCH] pi.c: avoid out of bounds access with POC (refs + https://github.com/uclouvain/openjpeg/issues/1293#issuecomment-737122836) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27841 +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> +--- + src/lib/openjp2/pi.c | 49 +++++++++++++++++++++++++++++--------------- + src/lib/openjp2/pi.h | 10 +++++++-- + src/lib/openjp2/t2.c | 4 ++-- + 3 files changed, 42 insertions(+), 21 deletions(-) + +--- a/src/lib/openjp2/pi.c ++++ b/src/lib/openjp2/pi.c +@@ -192,10 +192,12 @@ static void opj_get_all_encoding_paramet + * @param p_image the image used to initialize the packet iterator (in fact only the number of components is relevant. + * @param p_cp the coding parameters. + * @param tileno the index of the tile from which creating the packet iterator. ++ * @param manager Event manager + */ + static opj_pi_iterator_t * opj_pi_create(const opj_image_t *p_image, + const opj_cp_t *p_cp, +- OPJ_UINT32 tileno); ++ OPJ_UINT32 tileno, ++ opj_event_mgr_t* manager); + /** + * FIXME DOC + */ +@@ -230,12 +232,6 @@ static OPJ_BOOL opj_pi_check_next_level( + ========================================================== + */ + +-static void opj_pi_emit_error(opj_pi_iterator_t * pi, const char* msg) +-{ +- (void)pi; +- (void)msg; +-} +- + static OPJ_BOOL opj_pi_next_lrcp(opj_pi_iterator_t * pi) + { + opj_pi_comp_t *comp = NULL; +@@ -272,7 +268,7 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_ + /* include should be resized when a POC arises, or */ + /* the POC should be rejected */ + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -318,7 +314,7 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_ + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -449,7 +445,7 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_ + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -473,6 +469,13 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_pcrl(): invalid compno0/compno1"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + goto LABEL_SKIP; +@@ -580,7 +583,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_ + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -604,6 +607,13 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_cprl(): invalid compno0/compno1"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + goto LABEL_SKIP; +@@ -708,7 +718,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_ + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -981,7 +991,8 @@ static void opj_get_all_encoding_paramet + + static opj_pi_iterator_t * opj_pi_create(const opj_image_t *image, + const opj_cp_t *cp, +- OPJ_UINT32 tileno) ++ OPJ_UINT32 tileno, ++ opj_event_mgr_t* manager) + { + /* loop*/ + OPJ_UINT32 pino, compno; +@@ -1015,6 +1026,8 @@ static opj_pi_iterator_t * opj_pi_create + l_current_pi = l_pi; + for (pino = 0; pino < l_poc_bound ; ++pino) { + ++ l_current_pi->manager = manager; ++ + l_current_pi->comps = (opj_pi_comp_t*) opj_calloc(image->numcomps, + sizeof(opj_pi_comp_t)); + if (! l_current_pi->comps) { +@@ -1352,7 +1365,8 @@ static OPJ_BOOL opj_pi_check_next_level( + */ + opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image, + opj_cp_t *p_cp, +- OPJ_UINT32 p_tile_no) ++ OPJ_UINT32 p_tile_no, ++ opj_event_mgr_t* manager) + { + OPJ_UINT32 numcomps = p_image->numcomps; + +@@ -1407,7 +1421,7 @@ opj_pi_iterator_t *opj_pi_create_decode( + } + + /* memory allocation for pi */ +- l_pi = opj_pi_create(p_image, p_cp, p_tile_no); ++ l_pi = opj_pi_create(p_image, p_cp, p_tile_no, manager); + if (!l_pi) { + opj_free(l_tmp_data); + opj_free(l_tmp_ptr); +@@ -1552,7 +1566,8 @@ opj_pi_iterator_t *opj_pi_create_decode( + opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *p_image, + opj_cp_t *p_cp, + OPJ_UINT32 p_tile_no, +- J2K_T2_MODE p_t2_mode) ++ J2K_T2_MODE p_t2_mode, ++ opj_event_mgr_t* manager) + { + OPJ_UINT32 numcomps = p_image->numcomps; + +@@ -1606,7 +1621,7 @@ opj_pi_iterator_t *opj_pi_initialise_enc + } + + /* memory allocation for pi*/ +- l_pi = opj_pi_create(p_image, p_cp, p_tile_no); ++ l_pi = opj_pi_create(p_image, p_cp, p_tile_no, manager); + if (!l_pi) { + opj_free(l_tmp_data); + opj_free(l_tmp_ptr); +--- a/src/lib/openjp2/pi.h ++++ b/src/lib/openjp2/pi.h +@@ -107,6 +107,8 @@ typedef struct opj_pi_iterator { + OPJ_INT32 x, y; + /** FIXME DOC*/ + OPJ_UINT32 dx, dy; ++ /** event manager */ ++ opj_event_mgr_t* manager; + } opj_pi_iterator_t; + + /** @name Exported functions */ +@@ -119,13 +121,15 @@ typedef struct opj_pi_iterator { + * @param cp the coding parameters. + * @param tileno index of the tile being encoded. + * @param t2_mode the type of pass for generating the packet iterator ++ * @param manager Event manager + * + * @return a list of packet iterator that points to the first packet of the tile (not true). + */ + opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *image, + opj_cp_t *cp, + OPJ_UINT32 tileno, +- J2K_T2_MODE t2_mode); ++ J2K_T2_MODE t2_mode, ++ opj_event_mgr_t* manager); + + /** + * Updates the encoding parameters of the codec. +@@ -161,12 +165,14 @@ Create a packet iterator for Decoder + @param image Raw image for which the packets will be listed + @param cp Coding parameters + @param tileno Number that identifies the tile for which to list the packets ++@param manager Event manager + @return Returns a packet iterator that points to the first packet of the tile + @see opj_pi_destroy + */ + opj_pi_iterator_t *opj_pi_create_decode(opj_image_t * image, + opj_cp_t * cp, +- OPJ_UINT32 tileno); ++ OPJ_UINT32 tileno, ++ opj_event_mgr_t* manager); + /** + * Destroys a packet iterator array. + * +--- a/src/lib/openjp2/t2.c ++++ b/src/lib/openjp2/t2.c +@@ -244,7 +244,7 @@ OPJ_BOOL opj_t2_encode_packets(opj_t2_t* + l_image->numcomps : 1; + OPJ_UINT32 l_nb_pocs = l_tcp->numpocs + 1; + +- l_pi = opj_pi_initialise_encode(l_image, l_cp, p_tile_no, p_t2_mode); ++ l_pi = opj_pi_initialise_encode(l_image, l_cp, p_tile_no, p_t2_mode, p_manager); + if (!l_pi) { + return OPJ_FALSE; + } +@@ -405,7 +405,7 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t + #endif + + /* create a packet iterator */ +- l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no); ++ l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no, p_manager); + if (!l_pi) { + return OPJ_FALSE; + } diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27842.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27842.patch new file mode 100644 index 000000000..6984aa860 --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27842.patch @@ -0,0 +1,31 @@ +From fbd30b064f8f9607d500437b6fedc41431fd6cdc Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Tue, 1 Dec 2020 19:51:35 +0100 +Subject: [PATCH] opj_t2_encode_packet(): avoid out of bound access of #1294, + but likely not the proper fix + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27842 +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> +--- + src/lib/openjp2/t2.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/src/lib/openjp2/t2.c ++++ b/src/lib/openjp2/t2.c +@@ -711,6 +711,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ + continue; + } + ++ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1294 */ ++ /* but likely not a proper fix. */ ++ if (precno >= res->pw * res->ph) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "opj_t2_encode_packet(): accessing precno=%u >= %u\n", ++ precno, res->pw * res->ph); ++ return OPJ_FALSE; ++ } ++ + prc = &band->precincts[precno]; + opj_tgt_reset(prc->incltree); + opj_tgt_reset(prc->imsbtree); diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27843.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27843.patch new file mode 100644 index 000000000..53c86ea5e --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27843.patch @@ -0,0 +1,31 @@ +From 38d661a3897052c7ff0b39b30c29cb067e130121 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Wed, 2 Dec 2020 13:13:26 +0100 +Subject: [PATCH] opj_t2_encode_packet(): avoid out of bound access of #1297, + but likely not the proper fix + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27843 +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> +--- + src/lib/openjp2/t2.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/src/lib/openjp2/t2.c ++++ b/src/lib/openjp2/t2.c +@@ -787,6 +787,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ + continue; + } + ++ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1297 */ ++ /* but likely not a proper fix. */ ++ if (precno >= res->pw * res->ph) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "opj_t2_encode_packet(): accessing precno=%u >= %u\n", ++ precno, res->pw * res->ph); ++ return OPJ_FALSE; ++ } ++ + prc = &band->precincts[precno]; + l_nb_blocks = prc->cw * prc->ch; + cblk = prc->cblks.enc; diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27845.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27845.patch new file mode 100644 index 000000000..a1aa49a21 --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27845.patch @@ -0,0 +1,74 @@ +From 8f5aff1dff510a964d3901d0fba281abec98ab63 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Fri, 4 Dec 2020 20:45:25 +0100 +Subject: [PATCH] pi.c: avoid out of bounds access with POC (fixes #1302) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27845 +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> +--- + src/lib/openjp2/pi.c | 25 +++++++++++++++++++++++-- + 1 file changed, 23 insertions(+), 2 deletions(-) + +--- a/src/lib/openjp2/pi.c ++++ b/src/lib/openjp2/pi.c +@@ -238,6 +238,13 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_lrcp(): invalid compno0/compno1\n"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + res = &comp->resolutions[pi->resno]; +@@ -291,6 +298,13 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_rlcp(): invalid compno0/compno1\n"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + res = &comp->resolutions[pi->resno]; +@@ -337,6 +351,13 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_rpcl(): invalid compno0/compno1\n"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + goto LABEL_SKIP; + } else { +@@ -472,7 +493,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_ + if (pi->poc.compno0 >= pi->numcomps || + pi->poc.compno1 >= pi->numcomps + 1) { + opj_event_msg(pi->manager, EVT_ERROR, +- "opj_pi_next_pcrl(): invalid compno0/compno1"); ++ "opj_pi_next_pcrl(): invalid compno0/compno1\n"); + return OPJ_FALSE; + } + +@@ -610,7 +631,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_ + if (pi->poc.compno0 >= pi->numcomps || + pi->poc.compno1 >= pi->numcomps + 1) { + opj_event_msg(pi->manager, EVT_ERROR, +- "opj_pi_next_cprl(): invalid compno0/compno1"); ++ "opj_pi_next_cprl(): invalid compno0/compno1\n"); + return OPJ_FALSE; + } + diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb index 42011efa9..9cf513f3f 100644 --- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb @@ -6,10 +6,23 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=c648878b4840d7babaade1303e7f108c" DEPENDS = "libpng tiff lcms zlib" SRC_URI = " \ - git://github.com/uclouvain/openjpeg.git \ + git://github.com/uclouvain/openjpeg.git;branch=master;protocol=https \ file://0002-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \ + file://CVE-2019-12973-1.patch \ + file://CVE-2019-12973-2.patch \ file://CVE-2020-6851.patch \ file://CVE-2020-8112.patch \ + file://CVE-2020-15389.patch \ + file://CVE-2020-27814-1.patch \ + file://CVE-2020-27814-2.patch \ + file://CVE-2020-27814-3.patch \ + file://CVE-2020-27814-4.patch \ + file://CVE-2020-27823.patch \ + file://CVE-2020-27824.patch \ + file://CVE-2020-27841.patch \ + file://CVE-2020-27842.patch \ + file://CVE-2020-27843.patch \ + file://CVE-2020-27845.patch \ " SRCREV = "57096325457f96d8cd07bd3af04fe81d7a2ba788" S = "${WORKDIR}/git" @@ -20,3 +33,17 @@ inherit cmake EXTRA_OECMAKE += "-DOPENJPEG_INSTALL_LIB_DIR=${@d.getVar('baselib').replace('/', '')}" FILES_${PN} += "${libdir}/openjpeg*" + +# This flaw is introduced by +# https://github.com/uclouvain/openjpeg/commit/4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5 +# but the contents of this patch is not present in openjpeg_2.3.1 +# Hence, it can be whitelisted. +# https://security-tracker.debian.org/tracker/CVE-2020-27844 + +CVE_CHECK_WHITELIST += "CVE-2020-27844" + +# The CVE description clearly states that j2k_read_ppm_v3 function in openjpeg +# is affected due to CVE-2015-1239 but in openjpeg_2.3.1 this function is not present. +# Hence, CVE-2015-1239 does not affect openjpeg_2.3.1 + +CVE_CHECK_WHITELIST += "CVE-2015-1239" diff --git a/meta-oe/recipes-graphics/qrencode/qrencode_git.bb b/meta-oe/recipes-graphics/qrencode/qrencode_git.bb index 108c339bf..3ef4f5959 100644 --- a/meta-oe/recipes-graphics/qrencode/qrencode_git.bb +++ b/meta-oe/recipes-graphics/qrencode/qrencode_git.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=2d5025d4aa3495befef8f17206a5b0a1" PV = "4.0.1+git${SRCPV}" SRCREV = "7c83deb8f562ae6013fea4c3e65278df93f98fb7" -SRC_URI = "git://github.com/fukuchi/libqrencode.git" +SRC_URI = "git://github.com/fukuchi/libqrencode.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-graphics/renderdoc/renderdoc_1.7.bb b/meta-oe/recipes-graphics/renderdoc/renderdoc_1.7.bb index 6ea632d06..b20e06a45 100644 --- a/meta-oe/recipes-graphics/renderdoc/renderdoc_1.7.bb +++ b/meta-oe/recipes-graphics/renderdoc/renderdoc_1.7.bb @@ -5,7 +5,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.md;md5=df7ea9e196efc7014c124747a0ef9772" SRCREV = "a56af589d94dc851809fd5344d0ae441da70c1f2" -SRC_URI = "git://github.com/baldurk/${BPN}.git;protocol=http;branch=v1.x \ +SRC_URI = "git://github.com/baldurk/${BPN}.git;protocol=http;branch=v1.x;protocol=https \ file://0001-renderdoc-use-xxd-instead-of-cross-compiling-shim-bi.patch \ file://0001-Remove-glslang-pool_allocator-setAllocator.patch \ " diff --git a/meta-oe/recipes-graphics/spir/spirv-shader-generator_git.bb b/meta-oe/recipes-graphics/spir/spirv-shader-generator_git.bb index b787972da..bf0a5947b 100644 --- a/meta-oe/recipes-graphics/spir/spirv-shader-generator_git.bb +++ b/meta-oe/recipes-graphics/spir/spirv-shader-generator_git.bb @@ -6,7 +6,7 @@ SECTION = "graphics" S = "${WORKDIR}/git" SRCREV = "ed16b3e69985feaf565efbecea70a1cc2fca2a58" -SRC_URI = "git://github.com/KhronosGroup/SPIRV-Cross.git \ +SRC_URI = "git://github.com/KhronosGroup/SPIRV-Cross.git;branch=master;protocol=https \ file://0001-Add-install-PHONY-target-in-Makefile.patch \ " diff --git a/meta-oe/recipes-graphics/spir/spirv-tools_git.bb b/meta-oe/recipes-graphics/spir/spirv-tools_git.bb index 8e8388e8d..a76c97ad6 100644 --- a/meta-oe/recipes-graphics/spir/spirv-tools_git.bb +++ b/meta-oe/recipes-graphics/spir/spirv-tools_git.bb @@ -8,11 +8,11 @@ SECTION = "graphics" S = "${WORKDIR}/git" DEST_DIR = "${S}/external" -SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;name=spirv-tools \ - git://github.com/KhronosGroup/SPIRV-Headers.git;name=spirv-headers;destsuffix=${DEST_DIR}/spirv-headers \ - git://github.com/google/effcee.git;name=effcee;destsuffix=${DEST_DIR}/effcee \ - git://github.com/google/re2.git;name=re2;destsuffix=${DEST_DIR}/re2 \ - git://github.com/google/googletest.git;name=googletest;destsuffix=${DEST_DIR}/googletest \ +SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;name=spirv-tools;branch=master;protocol=https \ + git://github.com/KhronosGroup/SPIRV-Headers.git;name=spirv-headers;destsuffix=${DEST_DIR}/spirv-headers;branch=master;protocol=https \ + git://github.com/google/effcee.git;name=effcee;destsuffix=${DEST_DIR}/effcee;branch=master;protocol=https \ + git://github.com/google/re2.git;name=re2;destsuffix=${DEST_DIR}/re2;branch=master;protocol=https \ + git://github.com/google/googletest.git;name=googletest;destsuffix=${DEST_DIR}/googletest;branch=main;protocol=https \ file://0001-Respect-CMAKE_INSTALL_LIBDIR-in-installed-CMake-file.patch \ file://0001-Avoid-pessimizing-std-move-3124.patch \ " @@ -21,6 +21,7 @@ SRCREV_spirv-headers = "af64a9e826bf5bb5fcd2434dd71be1e41e922563" SRCREV_effcee = "cd25ec17e9382f99a895b9ef53ff3c277464d07d" SRCREV_re2 = "5bd613749fd530b576b890283bfb6bc6ea6246cb" SRCREV_googletest = "f2fb48c3b3d79a75a88a99fba6576b25d42ec528" +SRCREV_FORMAT = "spirv-ttols_spirv-headers_effcee_re2_googletest" inherit cmake python3native diff --git a/meta-oe/recipes-graphics/tesseract/tesseract-lang_4.0.0.bb b/meta-oe/recipes-graphics/tesseract/tesseract-lang_4.0.0.bb index 75c2bc00e..9fe61ae9c 100644 --- a/meta-oe/recipes-graphics/tesseract/tesseract-lang_4.0.0.bb +++ b/meta-oe/recipes-graphics/tesseract/tesseract-lang_4.0.0.bb @@ -4,7 +4,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://COPYING;md5=9648bd7af63bd3cc4f5ac046d12c49e4" SRCREV = "590567f20dc044f6948a8e2c61afc714c360ad0e" -SRC_URI = "git://github.com/tesseract-ocr/tessdata.git" +SRC_URI = "git://github.com/tesseract-ocr/tessdata.git;branch=main;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-graphics/tesseract/tesseract_git.bb b/meta-oe/recipes-graphics/tesseract/tesseract_git.bb index 89d09a0f5..70c98372b 100644 --- a/meta-oe/recipes-graphics/tesseract/tesseract_git.bb +++ b/meta-oe/recipes-graphics/tesseract/tesseract_git.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7ea4f9a43aba9d3c849fe5c203a0ed40" BRANCH = "3.05" PV = "${BRANCH}.01+git${SRCPV}" SRCREV = "215866151e774972c9502282111b998d7a053562" -SRC_URI = "git://github.com/${BPN}-ocr/${BPN}.git;branch=${BRANCH}" +SRC_URI = "git://github.com/${BPN}-ocr/${BPN}.git;branch=${BRANCH};protocol=https" S = "${WORKDIR}/git" DEPENDS = "leptonica" diff --git a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.10.1.bb b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.10.1.bb index f97c2b2d6..03b9d6488 100644 --- a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.10.1.bb +++ b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.10.1.bb @@ -17,7 +17,7 @@ B = "${S}" SRCREV = "4739493b635372bd40a34640a719f79fa90e4dba" -SRC_URI = "git://github.com/TigerVNC/tigervnc.git;branch=1.10-branch \ +SRC_URI = "git://github.com/TigerVNC/tigervnc.git;branch=1.10-branch;protocol=https \ file://0002-do-not-build-tests-sub-directory.patch \ file://0003-add-missing-dynamic-library-to-FLTK_LIBRARIES.patch \ file://0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch \ diff --git a/meta-oe/recipes-graphics/ttf-fonts/ttf-droid_git.bb b/meta-oe/recipes-graphics/ttf-fonts/ttf-droid_git.bb index 8dba7ee6f..16ac65b1b 100644 --- a/meta-oe/recipes-graphics/ttf-fonts/ttf-droid_git.bb +++ b/meta-oe/recipes-graphics/ttf-fonts/ttf-droid_git.bb @@ -8,7 +8,7 @@ SRCREV = "21e6e2de1f0062f949fcc52d0b4559dfa3246e0e" PV = "0.1+gitr${SRCPV}" PR = "r3" -SRC_URI = "git://github.com/android/platform_frameworks_base.git;branch=master" +SRC_URI = "git://github.com/android/platform_frameworks_base.git;branch=master;protocol=https" S = "${WORKDIR}/git/data/fonts" diff --git a/meta-oe/recipes-graphics/ttf-fonts/ttf-lohit_2.bb b/meta-oe/recipes-graphics/ttf-fonts/ttf-lohit_2.bb index 0af0e91d6..7dde4cc66 100644 --- a/meta-oe/recipes-graphics/ttf-fonts/ttf-lohit_2.bb +++ b/meta-oe/recipes-graphics/ttf-fonts/ttf-lohit_2.bb @@ -8,7 +8,7 @@ LICENSE = "OFL-1.1" LIC_FILES_CHKSUM = "file://OFL.txt;md5=7dfa0a236dc535ad2d2548e6170c4402" SRCREV = "d678f1b1807ea5602586279e90b5db6d62ed475e" -SRC_URI = "git://github.com/pravins/lohit.git;branch=master" +SRC_URI = "git://github.com/pravins/lohit.git;branch=master;protocol=https" DEPENDS = "fontforge-native" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-graphics/ttf-fonts/ttf-noto-emoji_20190815.bb b/meta-oe/recipes-graphics/ttf-fonts/ttf-noto-emoji_20190815.bb index e74f7a7f6..1a2f6cb4d 100644 --- a/meta-oe/recipes-graphics/ttf-fonts/ttf-noto-emoji_20190815.bb +++ b/meta-oe/recipes-graphics/ttf-fonts/ttf-noto-emoji_20190815.bb @@ -5,7 +5,7 @@ HOMEPAGE = "https://github.com/googlefonts/noto-emoji" LICENSE = "OFL-1.1" LIC_FILES_CHKSUM = "file://fonts/LICENSE;md5=55719faa0112708e946b820b24b14097" -SRC_URI = "git://github.com/googlefonts/noto-emoji;protocol=https" +SRC_URI = "git://github.com/googlefonts/noto-emoji;protocol=https;branch=master" SRCREV = "833a43d03246a9325e748a2d783006454d76ff66" PACKAGES = "${PN}-color ${PN}-regular" diff --git a/meta-oe/recipes-graphics/unclutter-xfixes/unclutter-xfixes_1.5.bb b/meta-oe/recipes-graphics/unclutter-xfixes/unclutter-xfixes_1.5.bb index 7e22038f2..427882d32 100644 --- a/meta-oe/recipes-graphics/unclutter-xfixes/unclutter-xfixes_1.5.bb +++ b/meta-oe/recipes-graphics/unclutter-xfixes/unclutter-xfixes_1.5.bb @@ -5,7 +5,7 @@ AUTHOR = "Ingo Bürk" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=b25d2c4cca175f44120d1b8e67cb358d" -SRC_URI = "git://github.com/Airblader/unclutter-xfixes.git \ +SRC_URI = "git://github.com/Airblader/unclutter-xfixes.git;branch=master;protocol=https \ file://0001-build-use-autotools.patch" SRCREV = "10fd337bb77e4e93c3380f630a0555372778a948" diff --git a/meta-oe/recipes-graphics/vdpau/libvdpau_1.3.bb b/meta-oe/recipes-graphics/vdpau/libvdpau_1.3.bb index 240949f55..dd8f41aa5 100644 --- a/meta-oe/recipes-graphics/vdpau/libvdpau_1.3.bb +++ b/meta-oe/recipes-graphics/vdpau/libvdpau_1.3.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=83af8811a28727a13f04132cc33b7f58" DEPENDS = "virtual/libx11 libxext xorgproto" SRCREV = "f57a9904c43ef5d726320c77baa91d0c38361ed4" -SRC_URI = "git://anongit.freedesktop.org/vdpau/libvdpau" +SRC_URI = "git://anongit.freedesktop.org/vdpau/libvdpau;branch=master" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-graphics/x11vnc/x11vnc_0.9.16.bb b/meta-oe/recipes-graphics/x11vnc/x11vnc_0.9.16.bb index e3a1914fe..fe725879d 100644 --- a/meta-oe/recipes-graphics/x11vnc/x11vnc_0.9.16.bb +++ b/meta-oe/recipes-graphics/x11vnc/x11vnc_0.9.16.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://src/x11vnc.h;endline=31;md5=e871a2ad004776794b616822dcab6314" SRCREV = "4ca006fed80410bd9b061a1519bd5d9366bb0bc8" -SRC_URI = "git://github.com/LibVNC/x11vnc \ +SRC_URI = "git://github.com/LibVNC/x11vnc;branch=master;protocol=https \ file://starting-fix.patch \ file://0001-misc-Makefile.am-don-t-install-Xdummy-when-configure.patch \ file://0001-Fix-build-on-32bit-arches-with-64bit-time_t.patch \ diff --git a/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2022-24130.patch b/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2022-24130.patch new file mode 100644 index 000000000..b7a5f297a --- /dev/null +++ b/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2022-24130.patch @@ -0,0 +1,84 @@ +From 85666286473f2fbb2d4731d4e175f00d7a76e21f Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Tue, 21 Jun 2022 10:53:01 +0530 +Subject: [PATCH] CVE-2022-24130 + +Upstream-Status: Backport [https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d] +CVE: CVE-2022-24130 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> + +Description: Cherry-pick sixel graphics fixes from xterm 370d and 370f + Check for out-of-bounds condition while drawing sixels, and quit that + operation (report by Nick Black, CVE-2022-24130). +Bug-Debian: https://bugs.debian.org/1004689 + +--- + graphics_sixel.c | 22 +++++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +diff --git a/graphics_sixel.c b/graphics_sixel.c +index 00ba3ef..6a82295 100644 +--- a/graphics_sixel.c ++++ b/graphics_sixel.c +@@ -141,7 +141,7 @@ init_sixel_background(Graphic *graphic, SixelContext const *context) + graphic->color_registers_used[context->background] = 1; + } + +-static void ++static Boolean + set_sixel(Graphic *graphic, SixelContext const *context, int sixel) + { + const int mh = graphic->max_height; +@@ -162,7 +162,10 @@ set_sixel(Graphic *graphic, SixelContext const *context, int sixel) + ((color != COLOR_HOLE) + ? (unsigned) graphic->color_registers[color].b : 0U))); + for (pix = 0; pix < 6; pix++) { +- if (context->col < mw && context->row + pix < mh) { ++ if (context->col >= 0 && ++ context->col < mw && ++ context->row + pix >= 0 && ++ context->row + pix < mh) { + if (sixel & (1 << pix)) { + if (context->col + 1 > graphic->actual_width) { + graphic->actual_width = context->col + 1; +@@ -175,8 +178,10 @@ set_sixel(Graphic *graphic, SixelContext const *context, int sixel) + } + } else { + TRACE(("sixel pixel %d out of bounds\n", pix)); ++ return False; + } + } ++ return True; + } + + static void +@@ -451,7 +456,10 @@ parse_sixel(XtermWidget xw, ANSI *params, char const *string) + init_sixel_background(graphic, &context); + graphic->valid = 1; + } +- set_sixel(graphic, &context, sixel); ++ if (!set_sixel(graphic, &context, sixel)) { ++ context.col = 0; ++ break; ++ } + context.col++; + } else if (ch == '$') { /* DECGCR */ + /* ignore DECCRNLM in sixel mode */ +@@ -529,8 +537,12 @@ parse_sixel(XtermWidget xw, ANSI *params, char const *string) + graphic->valid = 1; + } + for (i = 0; i < Pcount; i++) { +- set_sixel(graphic, &context, sixel); +- context.col++; ++ if (set_sixel(graphic, &context, sixel)) { ++ context.col++; ++ } else { ++ context.col = 0; ++ break; ++ } + } + } else if (ch == '#') { /* DECGCI */ + ANSI color_params; +-- +2.25.1 + diff --git a/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2022-45063.patch b/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2022-45063.patch new file mode 100644 index 000000000..8d1be3210 --- /dev/null +++ b/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2022-45063.patch @@ -0,0 +1,785 @@ +From 787636674918873a091e7a4ef5977263ba982322 Mon Sep 17 00:00:00 2001 +From: "Thomas E. Dickey" <dickey@invisible-island.net> +Date: Sun, 23 Oct 2022 22:59:52 +0000 +Subject: [PATCH] snapshot of project "xterm", label xterm-374c + +Upstream-Status: Backport [https://github.com/ThomasDickey/xterm-snapshots/commit/787636674918873a091e7a4ef5977263ba982322] +CVE: CVE-2022-45063 + +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + button.c | 16 +-- + charproc.c | 9 +- + doublechr.c | 4 +- + fontutils.c | 266 ++++++++++++++++++++++++++----------------------- + fontutils.h | 4 +- + misc.c | 7 +- + screen.c | 2 +- + xterm.h | 2 +- + xterm.log.html | 6 ++ + 9 files changed, 164 insertions(+), 152 deletions(-) + +diff --git a/button.c b/button.c +index 66a6181..e05ca50 100644 +--- a/button.c ++++ b/button.c +@@ -1619,14 +1619,9 @@ static void + UnmapSelections(XtermWidget xw) + { + TScreen *screen = TScreenOf(xw); +- Cardinal n; + +- if (screen->mappedSelect) { +- for (n = 0; screen->mappedSelect[n] != 0; ++n) +- free((void *) screen->mappedSelect[n]); +- free(screen->mappedSelect); +- screen->mappedSelect = 0; +- } ++ free(screen->mappedSelect); ++ screen->mappedSelect = 0; + } + + /* +@@ -1662,14 +1657,11 @@ MapSelections(XtermWidget xw, String *params, Cardinal num_params) + if ((result = TypeMallocN(String, num_params + 1)) != 0) { + result[num_params] = 0; + for (j = 0; j < num_params; ++j) { +- result[j] = x_strdup((isSELECT(params[j]) ++ result[j] = (String) (isSELECT(params[j]) + ? mapTo +- : params[j])); ++ : params[j]); + if (result[j] == 0) { + UnmapSelections(xw); +- while (j != 0) { +- free((void *) result[--j]); +- } + free(result); + result = 0; + break; +diff --git a/charproc.c b/charproc.c +index 55f0108..b07de4c 100644 +--- a/charproc.c ++++ b/charproc.c +@@ -12548,7 +12548,6 @@ DoSetSelectedFont(Widget w, + Bell(xw, XkbBI_MinorError, 0); + } else { + Boolean failed = False; +- int oldFont = TScreenOf(xw)->menu_font_number; + char *save = TScreenOf(xw)->SelectFontName(); + char *val; + char *test; +@@ -12593,10 +12592,6 @@ DoSetSelectedFont(Widget w, + failed = True; + } + if (failed) { +- (void) xtermLoadFont(xw, +- xtermFontName(TScreenOf(xw)->MenuFontName(oldFont)), +- True, +- oldFont); + Bell(xw, XkbBI_MinorError, 0); + } + free(used); +@@ -12605,7 +12600,7 @@ DoSetSelectedFont(Widget w, + } + } + +-void ++Bool + FindFontSelection(XtermWidget xw, const char *atom_name, Bool justprobe) + { + TScreen *screen = TScreenOf(xw); +@@ -12645,7 +12640,7 @@ FindFontSelection(XtermWidget xw, const char *atom_name, Bool justprobe) + DoSetSelectedFont, NULL, + XtLastTimestampProcessed(XtDisplay(xw))); + } +- return; ++ return (screen->SelectFontName() != NULL) ? True : False; + } + + Bool +diff --git a/doublechr.c b/doublechr.c +index a60f5bd..f7b6bae 100644 +--- a/doublechr.c ++++ b/doublechr.c +@@ -294,7 +294,7 @@ xterm_DoubleGC(XTermDraw * params, GC old_gc, int *inxp) + temp.flags = (params->attr_flags & BOLD); + temp.warn = fwResource; + +- if (!xtermOpenFont(params->xw, name, &temp, False)) { ++ if (!xtermOpenFont(params->xw, name, &temp, NULL, False)) { + XTermDraw local = *params; + char *nname; + +@@ -303,7 +303,7 @@ xterm_DoubleGC(XTermDraw * params, GC old_gc, int *inxp) + nname = xtermSpecialFont(&local); + if (nname != 0) { + found = (Boolean) xtermOpenFont(params->xw, nname, &temp, +- False); ++ NULL, False); + free(nname); + } + } else { +diff --git a/fontutils.c b/fontutils.c +index 4b0ef85..d9bfaf8 100644 +--- a/fontutils.c ++++ b/fontutils.c +@@ -92,9 +92,9 @@ + } + + #define FREE_FNAME(field) \ +- if (fonts == 0 || myfonts.field != fonts->field) { \ +- FREE_STRING(myfonts.field); \ +- myfonts.field = 0; \ ++ if (fonts == 0 || new_fnames.field != fonts->field) { \ ++ FREE_STRING(new_fnames.field); \ ++ new_fnames.field = 0; \ + } + + /* +@@ -573,7 +573,7 @@ open_italic_font(XtermWidget xw, int n, FontNameProperties *fp, XTermFonts * dat + if ((name = italic_font_name(fp, slant[pass])) != 0) { + TRACE(("open_italic_font %s %s\n", + whichFontEnum((VTFontEnum) n), name)); +- if (xtermOpenFont(xw, name, data, False)) { ++ if (xtermOpenFont(xw, name, data, NULL, False)) { + result = (data->fs != 0); + #if OPT_REPORT_FONTS + if (resource.reportFonts) { +@@ -1006,13 +1006,14 @@ cannotFont(XtermWidget xw, const char *who, const char *tag, const char *name) + } + + /* +- * Open the given font and verify that it is non-empty. Return a null on ++ * Open the given font and verify that it is non-empty. Return false on + * failure. + */ + Bool + xtermOpenFont(XtermWidget xw, + const char *name, + XTermFonts * result, ++ XTermFonts * current, + Bool force) + { + Bool code = False; +@@ -1020,7 +1021,12 @@ xtermOpenFont(XtermWidget xw, + + TRACE(("xtermOpenFont %d:%d '%s'\n", + result->warn, xw->misc.fontWarnings, NonNull(name))); ++ + if (!IsEmpty(name)) { ++ Bool existing = (current != NULL ++ && current->fs != NULL ++ && current->fn != NULL); ++ + if ((result->fs = XLoadQueryFont(screen->display, name)) != 0) { + code = True; + if (EmptyFont(result->fs)) { +@@ -1039,9 +1045,13 @@ xtermOpenFont(XtermWidget xw, + } else { + TRACE(("xtermOpenFont: cannot load font '%s'\n", name)); + } +- if (force) { ++ if (existing) { ++ TRACE(("...continue using font '%s'\n", current->fn)); ++ result->fn = x_strdup(current->fn); ++ result->fs = current->fs; ++ } else if (force) { + NoFontWarning(result); +- code = xtermOpenFont(xw, DEFFONT, result, True); ++ code = xtermOpenFont(xw, DEFFONT, result, NULL, True); + } + } + } +@@ -1289,6 +1299,7 @@ static Bool + loadNormFP(XtermWidget xw, + char **nameOutP, + XTermFonts * infoOut, ++ XTermFonts * current, + int fontnum) + { + Bool status = True; +@@ -1298,7 +1309,7 @@ loadNormFP(XtermWidget xw, + if (!xtermOpenFont(xw, + *nameOutP, + infoOut, +- (fontnum == fontMenu_default))) { ++ current, (fontnum == fontMenu_default))) { + /* + * If we are opening the default font, and it happens to be missing, + * force that to the compiled-in default font, e.g., "fixed". If we +@@ -1333,10 +1344,10 @@ loadBoldFP(XtermWidget xw, + if (fp != 0) { + NoFontWarning(infoOut); + *nameOutP = bold_font_name(fp, fp->average_width); +- if (!xtermOpenFont(xw, *nameOutP, infoOut, False)) { ++ if (!xtermOpenFont(xw, *nameOutP, infoOut, NULL, False)) { + free(*nameOutP); + *nameOutP = bold_font_name(fp, -1); +- xtermOpenFont(xw, *nameOutP, infoOut, False); ++ xtermOpenFont(xw, *nameOutP, infoOut, NULL, False); + } + TRACE(("...derived bold '%s'\n", NonNull(*nameOutP))); + } +@@ -1354,7 +1365,7 @@ loadBoldFP(XtermWidget xw, + TRACE(("...did not get a matching bold font\n")); + } + free(normal); +- } else if (!xtermOpenFont(xw, *nameOutP, infoOut, False)) { ++ } else if (!xtermOpenFont(xw, *nameOutP, infoOut, NULL, False)) { + xtermCopyFontInfo(infoOut, infoRef); + TRACE(("...cannot load bold font '%s'\n", NonNull(*nameOutP))); + } else { +@@ -1408,7 +1419,7 @@ loadWideFP(XtermWidget xw, + } + + if (check_fontname(*nameOutP)) { +- if (xtermOpenFont(xw, *nameOutP, infoOut, False) ++ if (xtermOpenFont(xw, *nameOutP, infoOut, NULL, False) + && is_derived_font_name(*nameOutP) + && EmptyFont(infoOut->fs)) { + xtermCloseFont2(xw, infoOut - fWide, fWide); +@@ -1452,7 +1463,7 @@ loadWBoldFP(XtermWidget xw, + + if (check_fontname(*nameOutP)) { + +- if (xtermOpenFont(xw, *nameOutP, infoOut, False) ++ if (xtermOpenFont(xw, *nameOutP, infoOut, NULL, False) + && is_derived_font_name(*nameOutP) + && !compatibleWideCounts(wideInfoRef->fs, infoOut->fs)) { + xtermCloseFont2(xw, infoOut - fWBold, fWBold); +@@ -1505,6 +1516,10 @@ loadWBoldFP(XtermWidget xw, + } + #endif + ++/* ++ * Load a given bitmap font, along with the bold/wide variants. ++ * Returns nonzero on success. ++ */ + int + xtermLoadFont(XtermWidget xw, + const VTFontNames * fonts, +@@ -1514,33 +1529,37 @@ xtermLoadFont(XtermWidget xw, + TScreen *screen = TScreenOf(xw); + VTwin *win = WhichVWin(screen); + +- VTFontNames myfonts; +- XTermFonts fnts[fMAX]; ++ VTFontNames new_fnames; ++ XTermFonts new_fonts[fMAX]; ++ XTermFonts old_fonts[fMAX]; + char *tmpname = NULL; + Boolean proportional = False; ++ Boolean recovered; ++ int code = 0; + +- memset(&myfonts, 0, sizeof(myfonts)); +- memset(fnts, 0, sizeof(fnts)); ++ memset(&new_fnames, 0, sizeof(new_fnames)); ++ memset(new_fonts, 0, sizeof(new_fonts)); ++ memcpy(&old_fonts, screen->fnts, sizeof(old_fonts)); + + if (fonts != 0) +- myfonts = *fonts; +- if (!check_fontname(myfonts.f_n)) +- return 0; ++ new_fnames = *fonts; ++ if (!check_fontname(new_fnames.f_n)) ++ return code; + + if (fontnum == fontMenu_fontescape +- && myfonts.f_n != screen->MenuFontName(fontnum)) { +- if ((tmpname = x_strdup(myfonts.f_n)) == 0) +- return 0; ++ && new_fnames.f_n != screen->MenuFontName(fontnum)) { ++ if ((tmpname = x_strdup(new_fnames.f_n)) == 0) ++ return code; + } + +- TRACE(("Begin Cgs - xtermLoadFont(%s)\n", myfonts.f_n)); ++ TRACE(("Begin Cgs - xtermLoadFont(%s)\n", new_fnames.f_n)); + releaseWindowGCs(xw, win); + + #define DbgResource(name, field, index) \ + TRACE(("xtermLoadFont #%d "name" %s%s\n", \ + fontnum, \ +- (fnts[index].warn == fwResource) ? "*" : " ", \ +- NonNull(myfonts.field))) ++ (new_fonts[index].warn == fwResource) ? "*" : " ", \ ++ NonNull(new_fnames.field))) + DbgResource("normal", f_n, fNorm); + DbgResource("bold ", f_b, fBold); + #if OPT_WIDE_CHARS +@@ -1549,16 +1568,17 @@ xtermLoadFont(XtermWidget xw, + #endif + + if (!loadNormFP(xw, +- &myfonts.f_n, +- &fnts[fNorm], ++ &new_fnames.f_n, ++ &new_fonts[fNorm], ++ &old_fonts[fNorm], + fontnum)) + goto bad; + + if (!loadBoldFP(xw, +- &myfonts.f_b, +- &fnts[fBold], +- myfonts.f_n, +- &fnts[fNorm], ++ &new_fnames.f_b, ++ &new_fonts[fBold], ++ new_fnames.f_n, ++ &new_fonts[fNorm], + fontnum)) + goto bad; + +@@ -1570,20 +1590,20 @@ xtermLoadFont(XtermWidget xw, + if_OPT_WIDE_CHARS(screen, { + + if (!loadWideFP(xw, +- &myfonts.f_w, +- &fnts[fWide], +- myfonts.f_n, +- &fnts[fNorm], ++ &new_fnames.f_w, ++ &new_fonts[fWide], ++ new_fnames.f_n, ++ &new_fonts[fNorm], + fontnum)) + goto bad; + + if (!loadWBoldFP(xw, +- &myfonts.f_wb, +- &fnts[fWBold], +- myfonts.f_w, +- &fnts[fWide], +- myfonts.f_b, +- &fnts[fBold], ++ &new_fnames.f_wb, ++ &new_fonts[fWBold], ++ new_fnames.f_w, ++ &new_fonts[fWide], ++ new_fnames.f_b, ++ &new_fonts[fBold], + fontnum)) + goto bad; + +@@ -1593,30 +1613,30 @@ xtermLoadFont(XtermWidget xw, + * Normal/bold fonts should be the same width. Also, the min/max + * values should be the same. + */ +- if (fnts[fNorm].fs != 0 +- && fnts[fBold].fs != 0 +- && (!is_fixed_font(fnts[fNorm].fs) +- || !is_fixed_font(fnts[fBold].fs) +- || differing_widths(fnts[fNorm].fs, fnts[fBold].fs))) { ++ if (new_fonts[fNorm].fs != 0 ++ && new_fonts[fBold].fs != 0 ++ && (!is_fixed_font(new_fonts[fNorm].fs) ++ || !is_fixed_font(new_fonts[fBold].fs) ++ || differing_widths(new_fonts[fNorm].fs, new_fonts[fBold].fs))) { + TRACE(("Proportional font! normal %d/%d, bold %d/%d\n", +- fnts[fNorm].fs->min_bounds.width, +- fnts[fNorm].fs->max_bounds.width, +- fnts[fBold].fs->min_bounds.width, +- fnts[fBold].fs->max_bounds.width)); ++ new_fonts[fNorm].fs->min_bounds.width, ++ new_fonts[fNorm].fs->max_bounds.width, ++ new_fonts[fBold].fs->min_bounds.width, ++ new_fonts[fBold].fs->max_bounds.width)); + proportional = True; + } + + if_OPT_WIDE_CHARS(screen, { +- if (fnts[fWide].fs != 0 +- && fnts[fWBold].fs != 0 +- && (!is_fixed_font(fnts[fWide].fs) +- || !is_fixed_font(fnts[fWBold].fs) +- || differing_widths(fnts[fWide].fs, fnts[fWBold].fs))) { ++ if (new_fonts[fWide].fs != 0 ++ && new_fonts[fWBold].fs != 0 ++ && (!is_fixed_font(new_fonts[fWide].fs) ++ || !is_fixed_font(new_fonts[fWBold].fs) ++ || differing_widths(new_fonts[fWide].fs, new_fonts[fWBold].fs))) { + TRACE(("Proportional font! wide %d/%d, wide bold %d/%d\n", +- fnts[fWide].fs->min_bounds.width, +- fnts[fWide].fs->max_bounds.width, +- fnts[fWBold].fs->min_bounds.width, +- fnts[fWBold].fs->max_bounds.width)); ++ new_fonts[fWide].fs->min_bounds.width, ++ new_fonts[fWide].fs->max_bounds.width, ++ new_fonts[fWBold].fs->min_bounds.width, ++ new_fonts[fWBold].fs->max_bounds.width)); + proportional = True; + } + }); +@@ -1635,13 +1655,13 @@ xtermLoadFont(XtermWidget xw, + screen->ifnts_ok = False; + #endif + +- xtermCopyFontInfo(GetNormalFont(screen, fNorm), &fnts[fNorm]); +- xtermCopyFontInfo(GetNormalFont(screen, fBold), &fnts[fBold]); ++ xtermCopyFontInfo(GetNormalFont(screen, fNorm), &new_fonts[fNorm]); ++ xtermCopyFontInfo(GetNormalFont(screen, fBold), &new_fonts[fBold]); + #if OPT_WIDE_CHARS +- xtermCopyFontInfo(GetNormalFont(screen, fWide), &fnts[fWide]); +- if (fnts[fWBold].fs == NULL) +- xtermCopyFontInfo(GetNormalFont(screen, fWide), &fnts[fWide]); +- xtermCopyFontInfo(GetNormalFont(screen, fWBold), &fnts[fWBold]); ++ xtermCopyFontInfo(GetNormalFont(screen, fWide), &new_fonts[fWide]); ++ if (new_fonts[fWBold].fs == NULL) ++ xtermCopyFontInfo(GetNormalFont(screen, fWide), &new_fonts[fWide]); ++ xtermCopyFontInfo(GetNormalFont(screen, fWBold), &new_fonts[fWBold]); + #endif + + xtermUpdateFontGCs(xw, getNormalFont); +@@ -1672,7 +1692,7 @@ xtermLoadFont(XtermWidget xw, + unsigned ch; + + #if OPT_TRACE +-#define TRACE_MISS(index) show_font_misses(#index, &fnts[index]) ++#define TRACE_MISS(index) show_font_misses(#index, &new_fonts[index]) + TRACE_MISS(fNorm); + TRACE_MISS(fBold); + #if OPT_WIDE_CHARS +@@ -1689,8 +1709,8 @@ xtermLoadFont(XtermWidget xw, + if ((n != UCS_REPL) + && (n != ch) + && (screen->fnt_boxes & 2)) { +- if (xtermMissingChar(n, &fnts[fNorm]) || +- xtermMissingChar(n, &fnts[fBold])) { ++ if (xtermMissingChar(n, &new_fonts[fNorm]) || ++ xtermMissingChar(n, &new_fonts[fBold])) { + UIntClr(screen->fnt_boxes, 2); + TRACE(("missing graphics character #%d, U+%04X\n", + ch, n)); +@@ -1702,12 +1722,12 @@ xtermLoadFont(XtermWidget xw, + #endif + + for (ch = 1; ch < 32; ch++) { +- if (xtermMissingChar(ch, &fnts[fNorm])) { ++ if (xtermMissingChar(ch, &new_fonts[fNorm])) { + TRACE(("missing normal char #%d\n", ch)); + UIntClr(screen->fnt_boxes, 1); + break; + } +- if (xtermMissingChar(ch, &fnts[fBold])) { ++ if (xtermMissingChar(ch, &new_fonts[fBold])) { + TRACE(("missing bold char #%d\n", ch)); + UIntClr(screen->fnt_boxes, 1); + break; +@@ -1724,8 +1744,8 @@ xtermLoadFont(XtermWidget xw, + screen->enbolden = screen->bold_mode; + } else { + screen->enbolden = screen->bold_mode +- && ((fnts[fNorm].fs == fnts[fBold].fs) +- || same_font_name(myfonts.f_n, myfonts.f_b)); ++ && ((new_fonts[fNorm].fs == new_fonts[fBold].fs) ++ || same_font_name(new_fnames.f_n, new_fnames.f_b)); + } + TRACE(("Will %suse 1-pixel offset/overstrike to simulate bold\n", + screen->enbolden ? "" : "not ")); +@@ -1741,7 +1761,7 @@ xtermLoadFont(XtermWidget xw, + update_font_escape(); + } + #if OPT_SHIFT_FONTS +- screen->menu_font_sizes[fontnum] = FontSize(fnts[fNorm].fs); ++ screen->menu_font_sizes[fontnum] = FontSize(new_fonts[fNorm].fs); + #endif + } + set_cursor_gcs(xw); +@@ -1756,20 +1776,21 @@ xtermLoadFont(XtermWidget xw, + FREE_FNAME(f_w); + FREE_FNAME(f_wb); + #endif +- if (fnts[fNorm].fn == fnts[fBold].fn) { +- free(fnts[fNorm].fn); ++ if (new_fonts[fNorm].fn == new_fonts[fBold].fn) { ++ free(new_fonts[fNorm].fn); + } else { +- free(fnts[fNorm].fn); +- free(fnts[fBold].fn); ++ free(new_fonts[fNorm].fn); ++ free(new_fonts[fBold].fn); + } + #if OPT_WIDE_CHARS +- free(fnts[fWide].fn); +- free(fnts[fWBold].fn); ++ free(new_fonts[fWide].fn); ++ free(new_fonts[fWBold].fn); + #endif + xtermSetWinSize(xw); + return 1; + + bad: ++ recovered = False; + if (tmpname) + free(tmpname); + +@@ -1780,15 +1801,15 @@ xtermLoadFont(XtermWidget xw, + SetItemSensitivity(fontMenuEntries[fontnum].widget, True); + #endif + Bell(xw, XkbBI_MinorError, 0); +- myfonts.f_n = screen->MenuFontName(old_fontnum); +- return xtermLoadFont(xw, &myfonts, doresize, old_fontnum); +- } else if (x_strcasecmp(myfonts.f_n, DEFFONT)) { +- int code; +- +- myfonts.f_n = x_strdup(DEFFONT); +- TRACE(("...recovering for TrueType fonts\n")); +- code = xtermLoadFont(xw, &myfonts, doresize, fontnum); +- if (code) { ++ new_fnames.f_n = screen->MenuFontName(old_fontnum); ++ if (xtermLoadFont(xw, &new_fnames, doresize, old_fontnum)) ++ recovered = True; ++ } else if (x_strcasecmp(new_fnames.f_n, DEFFONT) ++ && x_strcasecmp(new_fnames.f_n, old_fonts[fNorm].fn)) { ++ new_fnames.f_n = x_strdup(old_fonts[fNorm].fn); ++ TRACE(("...recovering from failed font-load\n")); ++ if (xtermLoadFont(xw, &new_fnames, doresize, fontnum)) { ++ recovered = True; + if (fontnum != fontMenu_fontsel) { + SetItemSensitivity(fontMenuEntries[fontnum].widget, + UsingRenderFont(xw)); +@@ -1797,15 +1818,15 @@ xtermLoadFont(XtermWidget xw, + FontHeight(screen), + FontWidth(screen))); + } +- return code; + } + #endif +- +- releaseWindowGCs(xw, win); +- +- xtermCloseFonts(xw, fnts); +- TRACE(("Fail Cgs - xtermLoadFont\n")); +- return 0; ++ if (!recovered) { ++ releaseWindowGCs(xw, win); ++ xtermCloseFonts(xw, new_fonts); ++ TRACE(("Fail Cgs - xtermLoadFont\n")); ++ code = 0; ++ } ++ return code; + } + + #if OPT_WIDE_ATTRS +@@ -1853,7 +1874,7 @@ xtermLoadItalics(XtermWidget xw) + } else { + xtermOpenFont(xw, + getNormalFont(screen, n)->fn, +- data, False); ++ data, NULL, False); + } + } + } +@@ -4119,6 +4140,8 @@ findXftGlyph(XtermWidget xw, XftFont *given, unsigned wc) + } + #endif + if (foundXftGlyph(xw, check, wc)) { ++ (void) added; ++ (void) actual; + markXftOpened(xw, which, n, wc); + reportXftFonts(xw, check, "fallback", tag, myReport); + result = check; +@@ -4317,7 +4340,7 @@ lookupOneFontSize(XtermWidget xw, int fontnum) + + memset(&fnt, 0, sizeof(fnt)); + screen->menu_font_sizes[fontnum] = -1; +- if (xtermOpenFont(xw, screen->MenuFontName(fontnum), &fnt, True)) { ++ if (xtermOpenFont(xw, screen->MenuFontName(fontnum), &fnt, NULL, True)) { + if (fontnum <= fontMenu_lastBuiltin + || strcmp(fnt.fn, DEFFONT)) { + screen->menu_font_sizes[fontnum] = FontSize(fnt.fs); +@@ -4722,13 +4745,14 @@ HandleSetFont(Widget w GCC_UNUSED, + } + } + +-void ++Bool + SetVTFont(XtermWidget xw, + int which, + Bool doresize, + const VTFontNames * fonts) + { + TScreen *screen = TScreenOf(xw); ++ Bool result = False; + + TRACE(("SetVTFont(which=%d, f_n=%s, f_b=%s)\n", which, + (fonts && fonts->f_n) ? fonts->f_n : "<null>", +@@ -4737,34 +4761,31 @@ SetVTFont(XtermWidget xw, + if (IsIcon(screen)) { + Bell(xw, XkbBI_MinorError, 0); + } else if (which >= 0 && which < NMENUFONTS) { +- VTFontNames myfonts; ++ VTFontNames new_fnames; + +- memset(&myfonts, 0, sizeof(myfonts)); ++ memset(&new_fnames, 0, sizeof(new_fnames)); + if (fonts != 0) +- myfonts = *fonts; ++ new_fnames = *fonts; + + if (which == fontMenu_fontsel) { /* go get the selection */ +- FindFontSelection(xw, myfonts.f_n, False); ++ result = FindFontSelection(xw, new_fnames.f_n, False); + } else { +- int oldFont = screen->menu_font_number; +- + #define USE_CACHED(field, name) \ +- if (myfonts.field == 0) { \ +- myfonts.field = x_strdup(screen->menu_font_names[which][name]); \ +- TRACE(("set myfonts." #field " from menu_font_names[%d][" #name "] %s\n", \ +- which, NonNull(myfonts.field))); \ ++ if (new_fnames.field == NULL) { \ ++ new_fnames.field = x_strdup(screen->menu_font_names[which][name]); \ ++ TRACE(("set new_fnames." #field " from menu_font_names[%d][" #name "] %s\n", \ ++ which, NonNull(new_fnames.field))); \ + } else { \ +- TRACE(("set myfonts." #field " reused\n")); \ ++ TRACE(("set new_fnames." #field " reused\n")); \ + } + #define SAVE_FNAME(field, name) \ +- if (myfonts.field != 0) { \ +- if (screen->menu_font_names[which][name] == 0 \ +- || strcmp(screen->menu_font_names[which][name], myfonts.field)) { \ +- TRACE(("updating menu_font_names[%d][" #name "] to %s\n", \ +- which, myfonts.field)); \ +- FREE_STRING(screen->menu_font_names[which][name]); \ +- screen->menu_font_names[which][name] = x_strdup(myfonts.field); \ +- } \ ++ if (new_fnames.field != NULL \ ++ && (screen->menu_font_names[which][name] == NULL \ ++ || strcmp(screen->menu_font_names[which][name], new_fnames.field))) { \ ++ TRACE(("updating menu_font_names[%d][" #name "] to \"%s\"\n", \ ++ which, new_fnames.field)); \ ++ FREE_STRING(screen->menu_font_names[which][name]); \ ++ screen->menu_font_names[which][name] = x_strdup(new_fnames.field); \ + } + + USE_CACHED(f_n, fNorm); +@@ -4774,7 +4795,7 @@ SetVTFont(XtermWidget xw, + USE_CACHED(f_wb, fWBold); + #endif + if (xtermLoadFont(xw, +- &myfonts, ++ &new_fnames, + doresize, which)) { + /* + * If successful, save the data so that a subsequent query via +@@ -4786,10 +4807,8 @@ SetVTFont(XtermWidget xw, + SAVE_FNAME(f_w, fWide); + SAVE_FNAME(f_wb, fWBold); + #endif ++ result = True; + } else { +- (void) xtermLoadFont(xw, +- xtermFontName(screen->MenuFontName(oldFont)), +- doresize, oldFont); + Bell(xw, XkbBI_MinorError, 0); + } + FREE_FNAME(f_n); +@@ -4802,7 +4821,8 @@ SetVTFont(XtermWidget xw, + } else { + Bell(xw, XkbBI_MinorError, 0); + } +- return; ++ TRACE(("...SetVTFont: %d\n", result)); ++ return result; + } + + #if OPT_RENDERFONT +diff --git a/fontutils.h b/fontutils.h +index 9d530c5..ceaf44a 100644 +--- a/fontutils.h ++++ b/fontutils.h +@@ -37,7 +37,7 @@ + /* *INDENT-OFF* */ + + extern Bool xtermLoadDefaultFonts (XtermWidget /* xw */); +-extern Bool xtermOpenFont (XtermWidget /* xw */, const char */* name */, XTermFonts * /* result */, Bool /* force */); ++extern Bool xtermOpenFont (XtermWidget /* xw */, const char */* name */, XTermFonts * /* result */, XTermFonts * /* current */, Bool /* force */); + extern XTermFonts * getDoubleFont (TScreen * /* screen */, int /* which */); + extern XTermFonts * getItalicFont (TScreen * /* screen */, int /* which */); + extern XTermFonts * getNormalFont (TScreen * /* screen */, int /* which */); +@@ -50,7 +50,7 @@ extern int lookupRelativeFontSize (XtermWidget /* xw */, int /* old */, int /* r + extern int xtermGetFont (const char * /* param */); + extern int xtermLoadFont (XtermWidget /* xw */, const VTFontNames */* fonts */, Bool /* doresize */, int /* fontnum */); + extern void HandleSetFont PROTO_XT_ACTIONS_ARGS; +-extern void SetVTFont (XtermWidget /* xw */, int /* i */, Bool /* doresize */, const VTFontNames */* fonts */); ++extern Bool SetVTFont (XtermWidget /* xw */, int /* i */, Bool /* doresize */, const VTFontNames */* fonts */); + extern void allocFontList (XtermWidget /* xw */, const char * /* name */, XtermFontNames * /* target */, VTFontEnum /* which */, const char * /* source */, Bool /* ttf */); + extern void copyFontList (char *** /* targetp */, char ** /* source */); + extern void initFontLists (XtermWidget /* xw */); +diff --git a/misc.c b/misc.c +index cc323f8..6c5e938 100644 +--- a/misc.c ++++ b/misc.c +@@ -3787,9 +3787,9 @@ ChangeFontRequest(XtermWidget xw, String buf) + { + memset(&fonts, 0, sizeof(fonts)); + fonts.f_n = name; +- SetVTFont(xw, num, True, &fonts); +- if (num == screen->menu_font_number && +- num != fontMenu_fontescape) { ++ if (SetVTFont(xw, num, True, &fonts) ++ && num == screen->menu_font_number ++ && num != fontMenu_fontescape) { + screen->EscapeFontName() = x_strdup(name); + } + } +@@ -6237,7 +6237,6 @@ xtermSetenv(const char *var, const char *value) + + found = envindex; + environ[found + 1] = NULL; +- environ = environ; + } + + environ[found] = TextAlloc(1 + len + strlen(value)); +diff --git a/screen.c b/screen.c +index 690e3e2..f84254f 100644 +--- a/screen.c ++++ b/screen.c +@@ -1497,7 +1497,7 @@ ScrnRefresh(XtermWidget xw, + screen->topline, toprow, leftcol, + nrows, ncols, + force ? " force" : "")); +- ++ (void) recurse; + ++recurse; + + if (screen->cursorp.col >= leftcol +diff --git a/xterm.h b/xterm.h +index ec70e43..aa71f96 100644 +--- a/xterm.h ++++ b/xterm.h +@@ -967,7 +967,7 @@ extern Bool CheckBufPtrs (TScreen * /* screen */); + extern Bool set_cursor_gcs (XtermWidget /* xw */); + extern char * vt100ResourceToString (XtermWidget /* xw */, const char * /* name */); + extern int VTInit (XtermWidget /* xw */); +-extern void FindFontSelection (XtermWidget /* xw */, const char * /* atom_name */, Bool /* justprobe */); ++extern Bool FindFontSelection (XtermWidget /* xw */, const char * /* atom_name */, Bool /* justprobe */); + extern void HideCursor (void); + extern void RestartBlinking(XtermWidget /* xw */); + extern void ShowCursor (void); +diff --git a/xterm.log.html b/xterm.log.html +index 47d590b..e27dc31 100644 +--- a/xterm.log.html ++++ b/xterm.log.html +@@ -991,6 +991,12 @@ + 2020/02/01</a></h1> + + <ul> ++ <li>improve error-recovery when setting a bitmap font for the ++ VT100 window, e.g., in case <em>OSC 50</em> failed, ++ restoring the most recent valid font so that a subsequent ++ <em>OSC 50</em> reports this correctly (report by David ++ Leadbeater).</li> ++ + <li>amend change in <a href="#xterm_352">patch #352</a> for + button-events to fix a case where some followup events were not + processed soon enough (report/patch by Jimmy Aguilar +-- +2.24.4 + diff --git a/meta-oe/recipes-graphics/xorg-app/xterm_353.bb b/meta-oe/recipes-graphics/xorg-app/xterm_353.bb index 264320212..4e2b0c9d5 100644 --- a/meta-oe/recipes-graphics/xorg-app/xterm_353.bb +++ b/meta-oe/recipes-graphics/xorg-app/xterm_353.bb @@ -7,8 +7,9 @@ LIC_FILES_CHKSUM = "file://xterm.h;beginline=3;endline=31;md5=996b1ce0584c0747b1 SRC_URI = "http://invisible-mirror.net/archives/${BPN}/${BP}.tgz \ file://0001-Add-configure-time-check-for-setsid.patch \ file://CVE-2021-27135.patch \ + file://CVE-2022-24130.patch \ + file://CVE-2022-45063.patch \ " - SRC_URI[md5sum] = "247c30ebfa44623f3a2d100e0cae5c7f" SRC_URI[sha256sum] = "e521d3ee9def61f5d5c911afc74dd5c3a56ce147c7071c74023ea24cac9bb768" PACKAGECONFIG ?= "" diff --git a/meta-oe/recipes-graphics/xorg-driver/xf86-video-armsoc_1.4.1.bb b/meta-oe/recipes-graphics/xorg-driver/xf86-video-armsoc_1.4.1.bb index b436ef1e4..3d60ed131 100644 --- a/meta-oe/recipes-graphics/xorg-driver/xf86-video-armsoc_1.4.1.bb +++ b/meta-oe/recipes-graphics/xorg-driver/xf86-video-armsoc_1.4.1.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=10ce5de3b111315ea652a5f74ec0c602" DEPENDS += "virtual/libx11 libdrm xorgproto" SRCREV = "8bbdb2ae3bb8ef649999a8da33ddbe11a04763b8" -SRC_URI = "git://anongit.freedesktop.org/xorg/driver/xf86-video-armsoc" +SRC_URI = "git://anongit.freedesktop.org/xorg/driver/xf86-video-armsoc;branch=master" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-graphics/yad/yad_6.0.bb b/meta-oe/recipes-graphics/yad/yad_6.0.bb index 3760a37d3..92a5c284b 100644 --- a/meta-oe/recipes-graphics/yad/yad_6.0.bb +++ b/meta-oe/recipes-graphics/yad/yad_6.0.bb @@ -5,7 +5,7 @@ AUTHOR = "Victor Ananjevsky" LICENSE = "GPLv3" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" -SRC_URI = "git://github.com/v1cont/yad.git" +SRC_URI = "git://github.com/v1cont/yad.git;branch=master;protocol=https" SRCREV = "a5b1a7a3867bc7dffbbc539f586f301687b6ec02" inherit autotools gsettings features_check diff --git a/meta-oe/recipes-kernel/agent-proxy/agent-proxy_1.97.bb b/meta-oe/recipes-kernel/agent-proxy/agent-proxy_1.97.bb index 2eb19206d..57232f8d5 100644 --- a/meta-oe/recipes-kernel/agent-proxy/agent-proxy_1.97.bb +++ b/meta-oe/recipes-kernel/agent-proxy/agent-proxy_1.97.bb @@ -10,7 +10,7 @@ EXTRA_OEMAKE = "'CC=${CC}'" SRCREV = "468fe4c31e6c62c9bbb328b06ba71eaf7be0b76a" -SRC_URI = "git://git.kernel.org/pub/scm/utils/kernel/kgdb/agent-proxy.git;protocol=git \ +SRC_URI = "git://git.kernel.org/pub/scm/utils/kernel/kgdb/agent-proxy.git;protocol=git;branch=master \ file://0001-Makefile-Add-LDFLAGS-variable.patch \ " diff --git a/meta-oe/recipes-kernel/broadcom-bt-firmware/broadcom-bt-firmware_git.bb b/meta-oe/recipes-kernel/broadcom-bt-firmware/broadcom-bt-firmware_git.bb index 8c474ecdc..b6fbccfbf 100644 --- a/meta-oe/recipes-kernel/broadcom-bt-firmware/broadcom-bt-firmware_git.bb +++ b/meta-oe/recipes-kernel/broadcom-bt-firmware/broadcom-bt-firmware_git.bb @@ -9,7 +9,7 @@ LICENSE = "Firmware-Broadcom-WIDCOMM" NO_GENERIC_LICENSE[Firmware-Broadcom-WIDCOMM] = "LICENSE.broadcom_bcm20702" LIC_FILES_CHKSUM = "file://LICENSE.broadcom_bcm20702;md5=c0d5ea0502b00df74173d0f8a48b619d" -SRC_URI = "git://github.com/winterheart/broadcom-bt-firmware.git" +SRC_URI = "git://github.com/winterheart/broadcom-bt-firmware.git;branch=master;protocol=https" SRCREV = "c0bd928b8ae5754b6077c99afe6ef5c949a58f32" PE = "1" PV = "0.0+git${SRCPV}" diff --git a/meta-oe/recipes-kernel/crash/crash_7.2.8.bb b/meta-oe/recipes-kernel/crash/crash_7.2.8.bb index 834c92cc4..5dd2c0aa0 100644 --- a/meta-oe/recipes-kernel/crash/crash_7.2.8.bb +++ b/meta-oe/recipes-kernel/crash/crash_7.2.8.bb @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://COPYING3;md5=d32239bcb673463ab874e80d47fae504" DEPENDS = "zlib readline coreutils-native ncurses-native" S = "${WORKDIR}/git" -SRC_URI = "git://github.com/crash-utility/${BPN}.git \ +SRC_URI = "git://github.com/crash-utility/${BPN}.git;branch=master;protocol=https \ ${GNU_MIRROR}/gdb/gdb-7.6.tar.gz;name=gdb;subdir=git \ file://7001force_define_architecture.patch \ file://7003cross_ranlib.patch \ diff --git a/meta-oe/recipes-kernel/kpatch/kpatch.inc b/meta-oe/recipes-kernel/kpatch/kpatch.inc index 1f70f7205..685be7d40 100644 --- a/meta-oe/recipes-kernel/kpatch/kpatch.inc +++ b/meta-oe/recipes-kernel/kpatch/kpatch.inc @@ -3,7 +3,7 @@ DESCRIPTION = "kpatch is a Linux dynamic kernel patching infrastructure which al LICENSE = "GPLv2 & LGPLv2" DEPENDS = "elfutils bash" -SRC_URI = "git://github.com/dynup/kpatch.git;protocol=https \ +SRC_URI = "git://github.com/dynup/kpatch.git;protocol=https;branch=master \ file://0001-kpatch-build-add-cross-compilation-support.patch \ file://0002-kpatch-build-allow-overriding-of-distro-name.patch \ " diff --git a/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb b/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb index d381c83ae..8188ae599 100644 --- a/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb +++ b/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb @@ -13,7 +13,7 @@ SRCREV = "16a0d44f1725eaa93096eaa0e086f42ef4c2712c" PR .= "+git${SRCPV}" -SRC_URI = "git://github.com/diamon/minicoredumper;protocol=https \ +SRC_URI = "git://github.com/diamon/minicoredumper;protocol=https;branch=master \ file://minicoredumper.service \ file://minicoredumper.init \ " diff --git a/meta-oe/recipes-kernel/pm-graph/pm-graph_5.5.bb b/meta-oe/recipes-kernel/pm-graph/pm-graph_5.5.bb index a1378866a..78d9c36c9 100644 --- a/meta-oe/recipes-kernel/pm-graph/pm-graph_5.5.bb +++ b/meta-oe/recipes-kernel/pm-graph/pm-graph_5.5.bb @@ -6,7 +6,7 @@ LICENSE = "GPL-2" LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e" SRCREV = "cf59527dc24fdd2f314ae4dcaeb3d68a117988f6" -SRC_URI = "git://github.com/intel/pm-graph.git \ +SRC_URI = "git://github.com/intel/pm-graph.git;branch=master;protocol=https \ file://0001-Makefile-fix-multilib-build-failure.patch \ file://0001-sleepgraph.py-use-python3.patch \ " diff --git a/meta-oe/recipes-multimedia/jack/a2jmidid_9.bb b/meta-oe/recipes-multimedia/jack/a2jmidid_9.bb index 5fffe77c2..e33a3f257 100644 --- a/meta-oe/recipes-multimedia/jack/a2jmidid_9.bb +++ b/meta-oe/recipes-multimedia/jack/a2jmidid_9.bb @@ -11,7 +11,7 @@ DEPENDS_append_libc-musl = " libexecinfo" SRCREV = "de37569c926c5886768f892c019e3f0468615038" SRC_URI = " \ - git://github.com/linuxaudio/a2jmidid;protocol=https \ + git://github.com/linuxaudio/a2jmidid;protocol=https;branch=master \ file://riscv_ucontext.patch \ " diff --git a/meta-oe/recipes-multimedia/jack/jack_1.19.14.bb b/meta-oe/recipes-multimedia/jack/jack_1.19.14.bb index e954341ff..dbf4c1ae7 100644 --- a/meta-oe/recipes-multimedia/jack/jack_1.19.14.bb +++ b/meta-oe/recipes-multimedia/jack/jack_1.19.14.bb @@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = " \ DEPENDS = "libsamplerate0 libsndfile1 readline" -SRC_URI = "git://github.com/jackaudio/jack2.git \ +SRC_URI = "git://github.com/jackaudio/jack2.git;branch=master;protocol=https \ file://0001-example-clients-Use-c-compiler-for-jack_simdtests.patch \ " SRCREV = "b54a09bf7ef760d81fdb8544ad10e45575394624" diff --git a/meta-oe/recipes-multimedia/libass/libass_0.14.0.bb b/meta-oe/recipes-multimedia/libass/libass_0.14.0.bb index 3454a5c27..f6c64212f 100644 --- a/meta-oe/recipes-multimedia/libass/libass_0.14.0.bb +++ b/meta-oe/recipes-multimedia/libass/libass_0.14.0.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a42532a0684420bdb15556c3cdd49a75" DEPENDS = "enca fontconfig freetype libpng fribidi" -SRC_URI = "git://github.com/libass/libass.git" +SRC_URI = "git://github.com/libass/libass.git;branch=master;protocol=https" SRCREV = "73284b676b12b47e17af2ef1b430527299e10c17" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-multimedia/mplayer/mpv_0.32.0.bb b/meta-oe/recipes-multimedia/mplayer/mpv_0.32.0.bb index 70a39c7b6..13979ae9b 100644 --- a/meta-oe/recipes-multimedia/mplayer/mpv_0.32.0.bb +++ b/meta-oe/recipes-multimedia/mplayer/mpv_0.32.0.bb @@ -17,7 +17,7 @@ LICENSE_FLAGS = "commercial" SRCREV_mpv = "70b991749df389bcc0a4e145b5687233a03b4ed7" SRC_URI = " \ - git://github.com/mpv-player/mpv;name=mpv \ + git://github.com/mpv-player/mpv;name=mpv;branch=master;protocol=https \ https://waf.io/waf-2.0.20;name=waf;subdir=git \ " SRC_URI[waf.sha256sum] = "bf971e98edc2414968a262c6aa6b88541a26c3cd248689c89f4c57370955ee7f" diff --git a/meta-oe/recipes-multimedia/pipewire/pipewire-0.2_git.bb b/meta-oe/recipes-multimedia/pipewire/pipewire-0.2_git.bb index bcb3015f8..f6cefd810 100644 --- a/meta-oe/recipes-multimedia/pipewire/pipewire-0.2_git.bb +++ b/meta-oe/recipes-multimedia/pipewire/pipewire-0.2_git.bb @@ -11,7 +11,7 @@ DEPENDS = "alsa-lib dbus udev" SRCREV = "14c11c0fe4d366bad4cfecdee97b6652ff9ed63d" PV = "0.2.7" -SRC_URI = "git://github.com/PipeWire/pipewire" +SRC_URI = "git://github.com/PipeWire/pipewire;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-multimedia/pipewire/pipewire_git.bb b/meta-oe/recipes-multimedia/pipewire/pipewire_git.bb index 1a415c13c..c55432d3b 100644 --- a/meta-oe/recipes-multimedia/pipewire/pipewire_git.bb +++ b/meta-oe/recipes-multimedia/pipewire/pipewire_git.bb @@ -11,7 +11,7 @@ DEPENDS = "alsa-lib dbus udev" SRCREV = "74a1632f0720886d5b3b6c23ee8fcd6c03ca7aac" PV = "0.3.1" -SRC_URI = "git://github.com/PipeWire/pipewire" +SRC_URI = "git://github.com/PipeWire/pipewire;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-multimedia/v4l2apps/yavta_git.bb b/meta-oe/recipes-multimedia/v4l2apps/yavta_git.bb index a192d1a3b..98542ffe6 100644 --- a/meta-oe/recipes-multimedia/v4l2apps/yavta_git.bb +++ b/meta-oe/recipes-multimedia/v4l2apps/yavta_git.bb @@ -2,7 +2,7 @@ SUMMARY = "Yet Another V4L2 Test Application" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING.GPL;md5=751419260aa954499f7abaabaa882bbe" -SRC_URI = "git://git.ideasonboard.org/yavta.git \ +SRC_URI = "git://git.ideasonboard.org/yavta.git;branch=master \ file://0001-Add-stdout-mode-to-allow-streaming-over-the-network-.patch" SRCREV = "7e9f28bedc1ed3205fb5164f686aea96f27a0de2" diff --git a/meta-oe/recipes-multimedia/webm/libvpx_1.8.2.bb b/meta-oe/recipes-multimedia/webm/libvpx_1.8.2.bb index 4a98ec17d..d607bbebe 100644 --- a/meta-oe/recipes-multimedia/webm/libvpx_1.8.2.bb +++ b/meta-oe/recipes-multimedia/webm/libvpx_1.8.2.bb @@ -8,7 +8,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=d5b04755015be901744a78cc30d390d4" SRCREV = "7ec7a33a081aeeb53fed1a8d87e4cbd189152527" -SRC_URI += "git://chromium.googlesource.com/webm/libvpx;protocol=https \ +SRC_URI += "git://chromium.googlesource.com/webm/libvpx;protocol=https;branch=master \ file://libvpx-configure-support-blank-prefix.patch \ " diff --git a/meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb b/meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb index 0a8c2e483..879dbe5ca 100644 --- a/meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb +++ b/meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb @@ -31,6 +31,9 @@ EXTRA_OEMAKE = "'CFLAGS=${CFLAGS} -Wall' \ LIBDIR=${libdir} \ USRLIBDIR=${libdir} \ INCLUDEDIR=${includedir} \ + ETCDIR=${sysconfdir} \ + SHAREDIR=${datadir}/keyutils \ + MANDIR=${datadir}/man \ BUILDFOR=${SITEINFO_BITS}-bit \ NO_GLIBC_KEYERR=1 \ " @@ -40,18 +43,6 @@ do_install () { oe_runmake DESTDIR=${D} install } -do_install_append_class-nativesdk() { - install -d ${D}${datadir} - src_dir="${D}${target_datadir}" - mv $src_dir/* ${D}${datadir} - par_dir=`dirname $src_dir` - rmdir $src_dir $par_dir - - install -d ${D}${sysconfdir} - mv ${D}/etc/* ${D}${sysconfdir}/ - rmdir ${D}/etc -} - do_install_ptest () { cp -r ${S}/tests ${D}${PTEST_PATH}/ sed -i -e 's/OSDIST=Unknown/OSDIST=${DISTRO}/' ${D}${PTEST_PATH}/tests/prepare.inc.sh diff --git a/meta-oe/recipes-security/softhsm/softhsm_git.bb b/meta-oe/recipes-security/softhsm/softhsm_git.bb index 3236cb9a6..4ceda3d4b 100644 --- a/meta-oe/recipes-security/softhsm/softhsm_git.bb +++ b/meta-oe/recipes-security/softhsm/softhsm_git.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=ef3f77a3507c3d91e75b9f2bdaee4210" DEPENDS = "openssl" PV = "2.5.0" -SRC_URI = "git://github.com/opendnssec/SoftHSMv2.git;branch=master" +SRC_URI = "git://github.com/opendnssec/SoftHSMv2.git;branch=master;protocol=https" SRCREV = "369df0383d101bc8952692c2a368ac8bc887d1b4" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/ace-cloud-editor/ace-cloud-editor_git.bb b/meta-oe/recipes-support/ace-cloud-editor/ace-cloud-editor_git.bb index 4ea6c8a29..8df94d91e 100644 --- a/meta-oe/recipes-support/ace-cloud-editor/ace-cloud-editor_git.bb +++ b/meta-oe/recipes-support/ace-cloud-editor/ace-cloud-editor_git.bb @@ -4,7 +4,7 @@ SUMMARY = "Ace is a code editor written in JavaScript. This repository has only LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=794d11c5219c59c9efa2487c2b4066b2" -SRC_URI = "git://github.com/ajaxorg/ace-builds.git;protocol=https" +SRC_URI = "git://github.com/ajaxorg/ace-builds.git;protocol=https;branch=master" PV = "02.07.17+git${SRCPV}" SRCREV = "812e2c56aed246931a667f16c28b096e34597016" diff --git a/meta-oe/recipes-support/anthy/anthy_9100h.bb b/meta-oe/recipes-support/anthy/anthy_9100h.bb index a65d324ea..b464c0000 100644 --- a/meta-oe/recipes-support/anthy/anthy_9100h.bb +++ b/meta-oe/recipes-support/anthy/anthy_9100h.bb @@ -10,8 +10,8 @@ SRC_URI = "http://osdn.dl.sourceforge.jp/anthy/37536/anthy-9100h.tar.gz \ file://2ch_t.patch \ " -SRC_URI_append_class-target = "file://target-helpers.patch" -SRC_URI_append_class-native = "file://native-helpers.patch" +SRC_URI_append_class-target = " file://target-helpers.patch" +SRC_URI_append_class-native = " file://native-helpers.patch" SRC_URI[md5sum] = "1f558ff7ed296787b55bb1c6cf131108" SRC_URI[sha256sum] = "d256f075f018b4a3cb0d165ed6151fda4ba7db1621727e0eb54569b6e2275547" diff --git a/meta-oe/recipes-support/avro/avro-c_1.9.2.bb b/meta-oe/recipes-support/avro/avro-c_1.9.2.bb index 0642179fb..e85f341f1 100644 --- a/meta-oe/recipes-support/avro/avro-c_1.9.2.bb +++ b/meta-oe/recipes-support/avro/avro-c_1.9.2.bb @@ -9,7 +9,7 @@ DEPENDS = "jansson zlib xz" BRANCH = "branch-1.9" SRCREV = "bf20128ca6138a830b2ea13e0490f3df6b035639" -SRC_URI = "git://github.com/apache/avro;branch=${BRANCH} \ +SRC_URI = "git://github.com/apache/avro;branch=${BRANCH};protocol=https \ file://0001-cmake-Use-GNUInstallDirs-instead-of-hard-coded-paths.patch;patchdir=../../ \ " diff --git a/meta-oe/recipes-support/bdwgc/bdwgc_8.0.4.bb b/meta-oe/recipes-support/bdwgc/bdwgc_8.0.4.bb index 407de2138..d7d0b9c15 100644 --- a/meta-oe/recipes-support/bdwgc/bdwgc_8.0.4.bb +++ b/meta-oe/recipes-support/bdwgc/bdwgc_8.0.4.bb @@ -24,7 +24,7 @@ LIC_FILES_CHKSUM = "file://README.QUICK;md5=81b447d779e278628c843aef92f088fa" DEPENDS = "libatomic-ops" SRCREV = "d3dede3ce4462cd82a15f161af797ca51654546a" -SRC_URI = "git://github.com/ivmai/bdwgc.git;branch=release-8_0" +SRC_URI = "git://github.com/ivmai/bdwgc.git;branch=release-8_0;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/c-ares/c-ares/0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch b/meta-oe/recipes-support/c-ares/c-ares/0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch deleted file mode 100644 index 8f15f8424..000000000 --- a/meta-oe/recipes-support/c-ares/c-ares/0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch +++ /dev/null @@ -1,27 +0,0 @@ -From f2f1e134bf5d9d0789942848e03006af8d926cf8 Mon Sep 17 00:00:00 2001 -From: Wang Mingyu <wangmy@cn.fujitsu.com> -Date: Tue, 17 Mar 2020 12:53:35 +0800 -Subject: [PATCH] fix configure error : mv libcares.pc.cmakein to - libcares.pc.cmake - -Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> ---- - CMakeLists.txt | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 3a5878d..c2e5740 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -563,7 +563,7 @@ IF (CARES_STATIC) - ENDIF() - - # Write ares_config.h configuration file. This is used only for the build. --CONFIGURE_FILE (libcares.pc.cmakein ${PROJECT_BINARY_DIR}/libcares.pc @ONLY) -+CONFIGURE_FILE (libcares.pc.cmake ${PROJECT_BINARY_DIR}/libcares.pc @ONLY) - - - --- -2.17.1 - diff --git a/meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch b/meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch deleted file mode 100644 index 0eb7e4bbb..000000000 --- a/meta-oe/recipes-support/c-ares/c-ares/cmake-install-libcares.pc.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 12414304245cce6ef0e8b9547949be5109845353 Mon Sep 17 00:00:00 2001 -From: Changqing Li <changqing.li@windriver.com> -Date: Tue, 24 Jul 2018 13:33:33 +0800 -Subject: [PATCH] cmake: Install libcares.pc - -Prepare and install libcares.pc file during cmake build, so libraries -using pkg-config to find libcares will not fail. - -Signed-off-by: Alexey Firago <alexey_firago@mentor.com> - -update to 1.14.0, fix patch warning - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - CMakeLists.txt | 28 +++++++++++++++++++++++----- - 1 file changed, 23 insertions(+), 5 deletions(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index fd123e1..3a5878d 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -214,22 +214,25 @@ ADD_DEFINITIONS(${SYSFLAGS}) - - - # Tell C-Ares about libraries to depend on -+# Also pass these libraries to pkg-config file -+SET(CARES_PRIVATE_LIBS_LIST) - IF (HAVE_LIBRESOLV) -- LIST (APPEND CARES_DEPENDENT_LIBS resolv) -+ LIST (APPEND CARES_PRIVATE_LIBS_LIST "-lresolv") - ENDIF () - IF (HAVE_LIBNSL) -- LIST (APPEND CARES_DEPENDENT_LIBS nsl) -+ LIST (APPEND CARES_PRIVATE_LIBS_LIST "-lnsl") - ENDIF () - IF (HAVE_LIBSOCKET) -- LIST (APPEND CARES_DEPENDENT_LIBS socket) -+ LIST (APPEND CARES_PRIVATE_LIBS_LIST "-lsocket") - ENDIF () - IF (HAVE_LIBRT) -- LIST (APPEND CARES_DEPENDENT_LIBS rt) -+ LIST (APPEND CARES_PRIVATE_LIBS_LIST "-lrt") - ENDIF () - IF (WIN32) -- LIST (APPEND CARES_DEPENDENT_LIBS ws2_32 Advapi32) -+ LIST (APPEND CARES_PRIVATE_LIBS_LIST "-lws2_32") - ENDIF () - -+string (REPLACE ";" " " CARES_PRIVATE_LIBS "${CARES_PRIVATE_LIBS_LIST}") - - # When checking for symbols, we need to make sure we set the proper - # headers, libraries, and definitions for the detection to work properly -@@ -554,6 +557,15 @@ CONFIGURE_FILE (ares_build.h.cmake ${PROJECT_BINARY_DIR}/ares_build.h) - # Write ares_config.h configuration file. This is used only for the build. - CONFIGURE_FILE (ares_config.h.cmake ${PROJECT_BINARY_DIR}/ares_config.h) - -+# Pass required CFLAGS to pkg-config in case of static library -+IF (CARES_STATIC) -+ SET (CPPFLAG_CARES_STATICLIB "-DCARES_STATICLIB") -+ENDIF() -+ -+# Write ares_config.h configuration file. This is used only for the build. -+CONFIGURE_FILE (libcares.pc.cmakein ${PROJECT_BINARY_DIR}/libcares.pc @ONLY) -+ -+ - - # TRANSFORM_MAKEFILE_INC - # -@@ -728,6 +740,12 @@ IF (CARES_INSTALL) - INSTALL (FILES "${CMAKE_CURRENT_BINARY_DIR}/libcares.pc" COMPONENT Devel DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig") - ENDIF () - -+# pkg-config file -+IF (CARES_INSTALL) -+ SET (PKGCONFIG_INSTALL_DIR "${CMAKE_INSTALL_LIBDIR}/pkgconfig") -+ INSTALL (FILES "${CMAKE_CURRENT_BINARY_DIR}/libcares.pc" DESTINATION ${PKGCONFIG_INSTALL_DIR}) -+ENDIF () -+ - # Legacy chain-building variables (provided for compatibility with old code). - # Don't use these, external code should be updated to refer to the aliases directly (e.g., Cares::cares). - SET (CARES_FOUND 1 CACHE INTERNAL "CARES LIBRARY FOUND") --- -2.17.1 - diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb index 67dd70180..25ce45d74 100644 --- a/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb +++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb @@ -5,14 +5,8 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006" -PV = "1.16.0+gitr${SRCPV}" - -SRC_URI = "\ - git://github.com/c-ares/c-ares.git \ - file://cmake-install-libcares.pc.patch \ - file://0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch \ -" -SRCREV = "74a1426ba60e2cd7977e53a22ef839c87415066e" +SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main" +SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed" UPSTREAM_CHECK_GITTAGREGEX = "cares-(?P<pver>\d+_(\d_?)+)" diff --git a/meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb b/meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb index 105610be5..e0e50366d 100644 --- a/meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb +++ b/meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=35e00f0c4c96a0820a03e0b31e6416be" DEPENDS = "libeigen glog" -SRC_URI = "git://github.com/ceres-solver/ceres-solver.git" +SRC_URI = "git://github.com/ceres-solver/ceres-solver.git;branch=master;protocol=https" SRCREV = "facb199f3eda902360f9e1d5271372b7e54febe1" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/cli11/cli11_1.8.0.bb b/meta-oe/recipes-support/cli11/cli11_1.8.0.bb index dd129cbec..a49eab72f 100644 --- a/meta-oe/recipes-support/cli11/cli11_1.8.0.bb +++ b/meta-oe/recipes-support/cli11/cli11_1.8.0.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b73927b18d5c6cd8d2ed28a6ad539733" SRCREV = "13becaddb657eacd090537719a669d66d393b8b2" PV .= "+git${SRCPV}" -SRC_URI += "gitsm://github.com/CLIUtils/CLI11 \ +SRC_URI += "gitsm://github.com/CLIUtils/CLI11;branch=main;protocol=https \ file://0001-Add-CLANG_TIDY-check.patch \ file://0001-Use-GNUInstallDirs-instead-of-hard-coded-path.patch \ " diff --git a/meta-oe/recipes-support/cmark/cmark_git.bb b/meta-oe/recipes-support/cmark/cmark_git.bb index f74a39b50..4f07beb31 100644 --- a/meta-oe/recipes-support/cmark/cmark_git.bb +++ b/meta-oe/recipes-support/cmark/cmark_git.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/commonmark/cmark" LICENSE = "BSD-2-Clause & MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=81f9cae6293cc0345a9144b78152ab62" -SRC_URI = "git://github.com/commonmark/cmark.git" +SRC_URI = "git://github.com/commonmark/cmark.git;branch=master;protocol=https" SRCREV = "8daa6b1495124f0b67e6034130e12d7be83e38bd" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/daemonize/daemonize_git.bb b/meta-oe/recipes-support/daemonize/daemonize_git.bb index c76632781..f46dec59f 100644 --- a/meta-oe/recipes-support/daemonize/daemonize_git.bb +++ b/meta-oe/recipes-support/daemonize/daemonize_git.bb @@ -7,7 +7,7 @@ PV = "1.7.8" inherit autotools SRCREV = "18869a797dab12bf1c917ba3b4782fef484c407c" -SRC_URI = "git://github.com/bmc/daemonize.git \ +SRC_URI = "git://github.com/bmc/daemonize.git;branch=master;protocol=https \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/digitemp/digitemp_3.7.2.bb b/meta-oe/recipes-support/digitemp/digitemp_3.7.2.bb index 9fcc278d3..cac2b4fd6 100644 --- a/meta-oe/recipes-support/digitemp/digitemp_3.7.2.bb +++ b/meta-oe/recipes-support/digitemp/digitemp_3.7.2.bb @@ -4,7 +4,7 @@ DEPENDS = "libusb1" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=44fee82a1d2ed0676cf35478283e0aa0" -SRC_URI = "git://github.com/bcl/digitemp" +SRC_URI = "git://github.com/bcl/digitemp;branch=master;protocol=https" SRCREV = "a162e63aad35358aab325388f3d5e88121606419" diff --git a/meta-oe/recipes-support/dstat/dstat_0.7.4.bb b/meta-oe/recipes-support/dstat/dstat_0.7.4.bb index 74af54ca5..18c3cdf82 100644 --- a/meta-oe/recipes-support/dstat/dstat_0.7.4.bb +++ b/meta-oe/recipes-support/dstat/dstat_0.7.4.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS += "asciidoc-native xmlto-native" -SRC_URI = "git://github.com/dagwieers/dstat.git \ +SRC_URI = "git://github.com/dagwieers/dstat.git;branch=master;protocol=https \ file://0001-change-dstat-to-python3.patch \ " @@ -21,4 +21,4 @@ do_install() { oe_runmake 'DESTDIR=${D}' install } -RDEPENDS_${PN} += "python3-core python3-misc python3-resource python3-shell python3-unixadmin" +RDEPENDS_${PN} += "python3-core python3-misc python3-resource python3-shell python3-six python3-unixadmin" diff --git a/meta-oe/recipes-support/epeg/epeg_git.bb b/meta-oe/recipes-support/epeg/epeg_git.bb index 8ca574014..bdffe4ba7 100644 --- a/meta-oe/recipes-support/epeg/epeg_git.bb +++ b/meta-oe/recipes-support/epeg/epeg_git.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=e7732a9290ea1e4b034fdc15cf49968d \ file://COPYING-PLAIN;md5=f59cacc08235a546b0c34a5422133035" DEPENDS = "jpeg libexif" -SRC_URI = "git://github.com/mattes/epeg.git" +SRC_URI = "git://github.com/mattes/epeg.git;branch=master;protocol=https" SRCREV = "9a175cd67eaa61fe45413d8da82da72936567047" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/fmt/fmt_6.2.0.bb b/meta-oe/recipes-support/fmt/fmt_6.2.0.bb index 05dc94a99..1a05f0d54 100644 --- a/meta-oe/recipes-support/fmt/fmt_6.2.0.bb +++ b/meta-oe/recipes-support/fmt/fmt_6.2.0.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://fmt.dev" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=af88d758f75f3c5c48a967501f24384b" -SRC_URI += "git://github.com/fmtlib/fmt" +SRC_URI += "git://github.com/fmtlib/fmt;branch=master;protocol=https" SRCREV = "9bdd1596cef1b57b9556f8bef32dc4a32322ef3e" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/freerdp/freerdp_git.bb b/meta-oe/recipes-support/freerdp/freerdp_git.bb index 82ef561fb..309acfbff 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_git.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_git.bb @@ -16,7 +16,7 @@ PKGV = "${GITPKGVTAG}" # 2.0.0 release SRCREV = "5ab2bed8749747b8e4b2ed431fd102bc726be684" -SRC_URI = "git://github.com/FreeRDP/FreeRDP.git \ +SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://winpr-makecert-Build-with-install-RPATH.patch \ " diff --git a/meta-oe/recipes-support/function2/function2_4.0.0.bb b/meta-oe/recipes-support/function2/function2_4.0.0.bb index 556a25aa1..07aa66937 100644 --- a/meta-oe/recipes-support/function2/function2_4.0.0.bb +++ b/meta-oe/recipes-support/function2/function2_4.0.0.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c" SRCREV = "d2acdb6c3c7612a6133cd03464ef941161258f4e" PV .= "+git${SRCPV}" -SRC_URI += "gitsm://github.com/Naios/function2" +SRC_URI += "gitsm://github.com/Naios/function2;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/gd/gd_2.3.0.bb b/meta-oe/recipes-support/gd/gd_2.3.0.bb index eec8a05ae..8adb7db4d 100644 --- a/meta-oe/recipes-support/gd/gd_2.3.0.bb +++ b/meta-oe/recipes-support/gd/gd_2.3.0.bb @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=8e5bc8627b9494741c905d65238c66b7" DEPENDS = "freetype libpng jpeg zlib tiff" -SRC_URI = "git://github.com/libgd/libgd.git;branch=master \ +SRC_URI = "git://github.com/libgd/libgd.git;branch=master;protocol=https \ " SRCREV = "b079fa06223c3ab862c8f0eea58a968727971988" diff --git a/meta-oe/recipes-support/gflags/gflags_2.2.2.bb b/meta-oe/recipes-support/gflags/gflags_2.2.2.bb index 6eea0c00e..4379c2d9e 100644 --- a/meta-oe/recipes-support/gflags/gflags_2.2.2.bb +++ b/meta-oe/recipes-support/gflags/gflags_2.2.2.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/gflags/gflags" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING.txt;md5=c80d1a3b623f72bb85a4c75b556551df" -SRC_URI = "git://github.com/gflags/gflags.git" +SRC_URI = "git://github.com/gflags/gflags.git;branch=master;protocol=https" SRCREV = "e171aa2d15ed9eb17054558e0b3a6a413bb01067" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/glog/glog_0.3.5.bb b/meta-oe/recipes-support/glog/glog_0.3.5.bb index 56bf51554..55ca838cd 100644 --- a/meta-oe/recipes-support/glog/glog_0.3.5.bb +++ b/meta-oe/recipes-support/glog/glog_0.3.5.bb @@ -7,7 +7,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=dc9db360e0bbd4e46672f3fd91dd6c4b" SRC_URI = " \ - git://github.com/google/glog.git;nobranch=1 \ + git://github.com/google/glog.git;nobranch=1;protocol=https \ file://0001-Rework-CMake-glog-VERSION-management.patch \ file://0002-Find-Libunwind-during-configure.patch \ file://0003-installation-path-fix.patch \ diff --git a/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb b/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb index 146747eee..ac46b5676 100644 --- a/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb +++ b/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb @@ -13,7 +13,7 @@ LICENSE = "LGPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=56a22a6e5bcce45e2c8ac184f81412b5" SRCREV = "0d6e3307bbdb8df4d56043d5f373eeeffe4cbef3" -SRC_URI = "git://git.sv.gnu.org/gnulib.git \ +SRC_URI = "git://git.sv.gnu.org/gnulib.git;branch=master \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/gperftools/gperftools_2.7.90.bb b/meta-oe/recipes-support/gperftools/gperftools_2.7.90.bb index b7b783931..1a1f7db5c 100644 --- a/meta-oe/recipes-support/gperftools/gperftools_2.7.90.bb +++ b/meta-oe/recipes-support/gperftools/gperftools_2.7.90.bb @@ -4,7 +4,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=762732742c73dc6c7fbe8632f06c059a" SRCREV = "db7aa547abb5abdd558587a15502584cbc825438" -SRC_URI = "git://github.com/gperftools/gperftools \ +SRC_URI = "git://github.com/gperftools/gperftools;branch=master;protocol=https \ file://0001-Support-Atomic-ops-on-clang.patch \ file://0001-fix-build-with-musl-libc.patch \ file://0001-disbale-heap-checkers-and-debug-allocator-on-musl.patch \ diff --git a/meta-oe/recipes-support/gpm/gpm_git.bb b/meta-oe/recipes-support/gpm/gpm_git.bb index 3800d147f..6bf071d89 100644 --- a/meta-oe/recipes-support/gpm/gpm_git.bb +++ b/meta-oe/recipes-support/gpm/gpm_git.bb @@ -13,7 +13,7 @@ SRCREV = "1fd19417b8a4dd9945347e98dfa97e4cfd798d77" DEPENDS = "ncurses bison-native" -SRC_URI = "git://github.com/telmich/gpm;protocol=git \ +SRC_URI = "git://github.com/telmich/gpm;protocol=https;branch=master \ file://init \ file://gpm.service.in \ file://0001-Use-sigemptyset-API-instead-of-__sigemptyset.patch \ diff --git a/meta-oe/recipes-support/hidapi/hidapi_git.bb b/meta-oe/recipes-support/hidapi/hidapi_git.bb index a34797ff5..1cc3acac2 100644 --- a/meta-oe/recipes-support/hidapi/hidapi_git.bb +++ b/meta-oe/recipes-support/hidapi/hidapi_git.bb @@ -8,7 +8,7 @@ DEPENDS = "libusb udev" PV = "0.7.99+0.8.0-rc1+git${SRCPV}" SRCREV = "d17db57b9d4354752e0af42f5f33007a42ef2906" -SRC_URI = "git://github.com/signal11/hidapi.git" +SRC_URI = "git://github.com/signal11/hidapi.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/hunspell/hunspell-dictionaries.bb b/meta-oe/recipes-support/hunspell/hunspell-dictionaries.bb index 3da67d1e3..2e902ca4c 100644 --- a/meta-oe/recipes-support/hunspell/hunspell-dictionaries.bb +++ b/meta-oe/recipes-support/hunspell/hunspell-dictionaries.bb @@ -135,7 +135,7 @@ RDEPENDS_${PN} = "hunspell" PV = "0.0.0+git${SRCPV}" SRCREV = "820a65e539e34a3a8c2a855d2450b84745c624ee" -SRC_URI = "git://github.com/wooorm/dictionaries.git" +SRC_URI = "git://github.com/wooorm/dictionaries.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb b/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb index c2fb4fa05..63d68ea06 100644 --- a/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb +++ b/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = " \ " SRCREV = "4ddd8ed5ca6484b930b111aec50c2750a6119a0f" -SRC_URI = "git://github.com/${BPN}/${BPN}.git" +SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/hwdata/hwdata_git.bb b/meta-oe/recipes-support/hwdata/hwdata_git.bb index 5f3e3f686..1d0c64000 100644 --- a/meta-oe/recipes-support/hwdata/hwdata_git.bb +++ b/meta-oe/recipes-support/hwdata/hwdata_git.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=1556547711e8246992b999edd9445a57" PV = "0.333" SRCREV = "2de52be0d00015fa6cde70bb845fa9b86cf6f420" -SRC_URI = "git://github.com/vcrhonek/${BPN}.git" +SRC_URI = "git://github.com/vcrhonek/${BPN}.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/iksemel/iksemel_1.5.bb b/meta-oe/recipes-support/iksemel/iksemel_1.5.bb index 986984d1f..ac23630d0 100644 --- a/meta-oe/recipes-support/iksemel/iksemel_1.5.bb +++ b/meta-oe/recipes-support/iksemel/iksemel_1.5.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d8045f3b8f929c1cb29a1e3fd737b499" SRCREV = "978b733462e41efd5db72bc9974cb3b0d1d5f6fa" PV = "1.5+git${SRCPV}" -SRC_URI = "git://github.com/meduketto/iksemel.git;protocol=https \ +SRC_URI = "git://github.com/meduketto/iksemel.git;protocol=https;branch=master \ file://fix-configure-option-parsing.patch \ file://avoid-obsolete-gnutls-apis.patch" diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.9.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.9.bb index 3f7d06e26..21f51ff15 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.9.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.9.bb @@ -10,7 +10,7 @@ DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool" BASE_PV := "${PV}" PV .= "_13" -SRC_URI = "git://github.com/ImageMagick/ImageMagick.git " +SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https" SRCREV = "15b935d64f613b5a0fc9d3fead5c6ec1b0e3908f" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/inih/libinih_git.bb b/meta-oe/recipes-support/inih/libinih_git.bb index 227e2a7b7..4c3c8f0fa 100644 --- a/meta-oe/recipes-support/inih/libinih_git.bb +++ b/meta-oe/recipes-support/inih/libinih_git.bb @@ -9,7 +9,7 @@ PR = "r3" # The github repository provides a cmake and pkg-config integration SRCREV = "c858aff8c31fa63ef4d1e0176c10e5928cde9a23" -SRC_URI = "git://github.com/OSSystems/inih.git \ +SRC_URI = "git://github.com/OSSystems/inih.git;branch=master;protocol=https \ " UPSTREAM_CHECK_COMMITS = "1" diff --git a/meta-oe/recipes-support/iniparser/iniparser_4.1.bb b/meta-oe/recipes-support/iniparser/iniparser_4.1.bb index f4b553a57..f3593fb5f 100644 --- a/meta-oe/recipes-support/iniparser/iniparser_4.1.bb +++ b/meta-oe/recipes-support/iniparser/iniparser_4.1.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e02baf71c76e0650e667d7da133379ac" DEPENDS = "doxygen-native" -SRC_URI = "git://github.com/ndevilla/iniparser.git;protocol=https \ +SRC_URI = "git://github.com/ndevilla/iniparser.git;protocol=https;branch=master \ file://Add-CMake-support.patch" # tag 4.1 diff --git a/meta-oe/recipes-support/inotify-tools/inotify-tools_git.bb b/meta-oe/recipes-support/inotify-tools/inotify-tools_git.bb index f42abeb2b..1d84bfd49 100644 --- a/meta-oe/recipes-support/inotify-tools/inotify-tools_git.bb +++ b/meta-oe/recipes-support/inotify-tools/inotify-tools_git.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ac6c26e52aea428ee7f56dc2c56424c6" SRCREV = "cfa93aa19f81d85b63cd64da30c7499890d4c07d" PV = "3.20.2.2" -SRC_URI = "git://github.com/rvoicilas/${BPN} \ +SRC_URI = "git://github.com/rvoicilas/${BPN};branch=master;protocol=https \ file://0001-Makefile.am-add-build-rule-for-README.patch \ " diff --git a/meta-oe/recipes-support/libatasmart/libatasmart_0.19.bb b/meta-oe/recipes-support/libatasmart/libatasmart_0.19.bb index 4cfb73293..d084a3b9b 100644 --- a/meta-oe/recipes-support/libatasmart/libatasmart_0.19.bb +++ b/meta-oe/recipes-support/libatasmart/libatasmart_0.19.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LGPL;md5=2d5025d4aa3495befef8f17206a5b0a1" DEPENDS = "udev" SRCREV = "de6258940960443038b4c1651dfda3620075e870" -SRC_URI = "git://git.0pointer.de/libatasmart.git \ +SRC_URI = "git://git.0pointer.de/libatasmart.git;branch=master \ file://0001-Makefile.am-add-CFLAGS-and-LDFLAGS-definiton.patch \ " diff --git a/meta-oe/recipes-support/libbytesize/libbytesize_2.2.bb b/meta-oe/recipes-support/libbytesize/libbytesize_2.2.bb index a954499c6..527de93e4 100644 --- a/meta-oe/recipes-support/libbytesize/libbytesize_2.2.bb +++ b/meta-oe/recipes-support/libbytesize/libbytesize_2.2.bb @@ -10,7 +10,7 @@ S = "${WORKDIR}/git" B = "${S}" SRCREV = "e64e752a28a4a41b0a43cba3bedf9571c22af807" -SRC_URI = "git://github.com/rhinstaller/libbytesize;branch=master" +SRC_URI = "git://github.com/rhinstaller/libbytesize;branch=master;protocol=https" inherit gettext autotools python3native diff --git a/meta-oe/recipes-support/libcereal/libcereal_1.3.0.bb b/meta-oe/recipes-support/libcereal/libcereal_1.3.0.bb index 6fc5881c5..ac6aedfd5 100644 --- a/meta-oe/recipes-support/libcereal/libcereal_1.3.0.bb +++ b/meta-oe/recipes-support/libcereal/libcereal_1.3.0.bb @@ -7,7 +7,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=e612690af2f575dfd02e2e91443cea23" SRCREV = "02eace19a99ce3cd564ca4e379753d69af08c2c8" -SRC_URI = "git://github.com/USCiLab/cereal.git" +SRC_URI = "git://github.com/USCiLab/cereal.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/libcyusbserial/libcyusbserial_git.bb b/meta-oe/recipes-support/libcyusbserial/libcyusbserial_git.bb index 74b5e21e2..c6878577e 100644 --- a/meta-oe/recipes-support/libcyusbserial/libcyusbserial_git.bb +++ b/meta-oe/recipes-support/libcyusbserial/libcyusbserial_git.bb @@ -8,7 +8,7 @@ DEPENDS = "libusb udev" PV = "1.0.0+git${SRCPV}" SRCREV = "655e2d544183d094f0e2d119c7e0c6206a0ddb3f" -SRC_URI = "git://github.com/cyrozap/${BPN}.git" +SRC_URI = "git://github.com/cyrozap/${BPN}.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/libfann/libfann_git.bb b/meta-oe/recipes-support/libfann/libfann_git.bb index eae24461d..5ab484d8a 100644 --- a/meta-oe/recipes-support/libfann/libfann_git.bb +++ b/meta-oe/recipes-support/libfann/libfann_git.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=f14599a2f089f6ff8c97e2baa4e3d575" inherit cmake SRCREV ?= "7ec1fc7e5bd734f1d3c89b095e630e83c86b9be1" -SRC_URI = "git://github.com/libfann/fann.git;branch=master \ +SRC_URI = "git://github.com/libfann/fann.git;branch=master;protocol=https \ " PV = "2.2.0+git${SRCPV}" diff --git a/meta-oe/recipes-support/libgit2/libgit2_0.28.4.bb b/meta-oe/recipes-support/libgit2/libgit2_0.28.4.bb index 9b9c19104..c971491b1 100644 --- a/meta-oe/recipes-support/libgit2/libgit2_0.28.4.bb +++ b/meta-oe/recipes-support/libgit2/libgit2_0.28.4.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=3f2cd5d3cccd71d62066ba619614592b" DEPENDS = "curl openssl zlib libssh2 libgcrypt" -SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v0.28" +SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v0.28;protocol=https" SRCREV = "106a5f27586504ea371528191f0ea3aac2ad432b" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/libgusb/libgusb_git.bb b/meta-oe/recipes-support/libgusb/libgusb_git.bb index e3c0bdd15..a26c23465 100644 --- a/meta-oe/recipes-support/libgusb/libgusb_git.bb +++ b/meta-oe/recipes-support/libgusb/libgusb_git.bb @@ -6,7 +6,7 @@ DEPENDS = "glib-2.0 libusb" inherit meson gobject-introspection gtk-doc gettext vala -SRC_URI = "git://github.com/hughsie/libgusb.git" +SRC_URI = "git://github.com/hughsie/libgusb.git;branch=master;protocol=https" SRCREV = "636efc0624aa2a88174220fcabc9764c13d7febf" PV = "0.3.0+git${SRCPV}" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/libharu/libharu_2.3.0.bb b/meta-oe/recipes-support/libharu/libharu_2.3.0.bb index 2d1a37c42..86b5ba540 100644 --- a/meta-oe/recipes-support/libharu/libharu_2.3.0.bb +++ b/meta-oe/recipes-support/libharu/libharu_2.3.0.bb @@ -6,7 +6,7 @@ DESCRIPTION = "libHaru is a library for generating PDF files. \ LICENSE = "Zlib" LIC_FILES_CHKSUM = "file://README;md5=3ee6bc1f64d9cc7907f44840c8e50cb1" -SRC_URI = "git://github.com/libharu/libharu.git;branch=2_3 \ +SRC_URI = "git://github.com/libharu/libharu.git;branch=2_3;protocol=https \ file://libharu-RELEASE_2_3_0_cmake.patch \ " diff --git a/meta-oe/recipes-support/libiio/libiio_git.bb b/meta-oe/recipes-support/libiio/libiio_git.bb index f83d9c922..0892a3693 100644 --- a/meta-oe/recipes-support/libiio/libiio_git.bb +++ b/meta-oe/recipes-support/libiio/libiio_git.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING.txt;md5=7c13b3376cea0ce68d2d2da0a1b3a72c" SRCREV = "5f5af2e417129ad8f4e05fc5c1b730f0694dca12" PV = "0.19+git${SRCPV}" -SRC_URI = "git://github.com/analogdevicesinc/libiio.git;protocol=https" +SRC_URI = "git://github.com/analogdevicesinc/libiio.git;protocol=https;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd/CVE-2021-3466.patch b/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd/CVE-2021-3466.patch new file mode 100644 index 000000000..ff792d4da --- /dev/null +++ b/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd/CVE-2021-3466.patch @@ -0,0 +1,158 @@ +From 86d9a61be6395220714b1a50d5144e65668961f6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ernst=20Sj=C3=B6strand?= <ernst.sjostrand@verisure.com> +Date: Tue, 21 Dec 2021 11:05:22 +0000 +Subject: [PATCH] Fix buffer overflow in url parser and add test + +Reference: +https://git.gnunet.org/libmicrohttpd.git/commit/?id=a110ae6276660bee3caab30e9ff3f12f85cf3241 + +Upstream-Status: Backport +CVE: CVE-2021-3466 + +Signed-off-by: Ernst Sjöstrand <ernst.sjostrand@verisure.com> +--- + src/microhttpd/postprocessor.c | 18 ++++++-- + src/microhttpd/test_postprocessor.c | 66 +++++++++++++++++++++++++++++ + 2 files changed, 80 insertions(+), 4 deletions(-) + +diff --git a/src/microhttpd/postprocessor.c b/src/microhttpd/postprocessor.c +index b7f6b10..ebd1686 100644 +--- a/src/microhttpd/postprocessor.c ++++ b/src/microhttpd/postprocessor.c +@@ -137,8 +137,7 @@ struct MHD_PostProcessor + void *cls; + + /** +- * Encoding as given by the headers of the +- * connection. ++ * Encoding as given by the headers of the connection. + */ + const char *encoding; + +@@ -586,7 +585,7 @@ post_process_urlencoded (struct MHD_PostProcessor *pp, + pp->state = PP_Error; + break; + case PP_Callback: +- if ( (pp->buffer_pos + (end_key - start_key) > ++ if ( (pp->buffer_pos + (end_key - start_key) >= + pp->buffer_size) || + (pp->buffer_pos + (end_key - start_key) < + pp->buffer_pos) ) +@@ -636,6 +635,11 @@ post_process_urlencoded (struct MHD_PostProcessor *pp, + { + if (NULL == end_key) + end_key = &post_data[poff]; ++ if (pp->buffer_pos + (end_key - start_key) >= pp->buffer_size) ++ { ++ pp->state = PP_Error; ++ return MHD_NO; ++ } + memcpy (&kbuf[pp->buffer_pos], + start_key, + end_key - start_key); +@@ -663,6 +667,11 @@ post_process_urlencoded (struct MHD_PostProcessor *pp, + last_escape); + pp->must_ikvi = false; + } ++ if (PP_Error == pp->state) ++ { ++ /* State in error, returning failure */ ++ return MHD_NO; ++ } + return MHD_YES; + } + +@@ -1424,7 +1433,8 @@ MHD_destroy_post_processor (struct MHD_PostProcessor *pp) + the post-processing may have been interrupted + at any stage */ + if ( (pp->xbuf_pos > 0) || +- (pp->state != PP_Done) ) ++ ( (pp->state != PP_Done) && ++ (pp->state != PP_Init) ) ) + ret = MHD_NO; + else + ret = MHD_YES; +diff --git a/src/microhttpd/test_postprocessor.c b/src/microhttpd/test_postprocessor.c +index 2c37565..cba486d 100644 +--- a/src/microhttpd/test_postprocessor.c ++++ b/src/microhttpd/test_postprocessor.c +@@ -451,6 +451,71 @@ test_empty_value (void) + } + + ++static enum MHD_Result ++value_checker2 (void *cls, ++ enum MHD_ValueKind kind, ++ const char *key, ++ const char *filename, ++ const char *content_type, ++ const char *transfer_encoding, ++ const char *data, ++ uint64_t off, ++ size_t size) ++{ ++ return MHD_YES; ++} ++ ++ ++static int ++test_overflow () ++{ ++ struct MHD_Connection connection; ++ struct MHD_HTTP_Header header; ++ struct MHD_PostProcessor *pp; ++ size_t i; ++ size_t j; ++ size_t delta; ++ char *buf; ++ ++ memset (&connection, 0, sizeof (struct MHD_Connection)); ++ memset (&header, 0, sizeof (struct MHD_HTTP_Header)); ++ connection.headers_received = &header; ++ header.header = MHD_HTTP_HEADER_CONTENT_TYPE; ++ header.value = MHD_HTTP_POST_ENCODING_FORM_URLENCODED; ++ header.header_size = strlen (header.header); ++ header.value_size = strlen (header.value); ++ header.kind = MHD_HEADER_KIND; ++ for (i = 128; i < 1024 * 1024; i += 1024) ++ { ++ pp = MHD_create_post_processor (&connection, ++ 1024, ++ &value_checker2, ++ NULL); ++ buf = malloc (i); ++ if (NULL == buf) ++ return 1; ++ memset (buf, 'A', i); ++ buf[i / 2] = '='; ++ delta = 1 + (MHD_random_ () % (i - 1)); ++ j = 0; ++ while (j < i) ++ { ++ if (j + delta > i) ++ delta = i - j; ++ if (MHD_NO == ++ MHD_post_process (pp, ++ &buf[j], ++ delta)) ++ break; ++ j += delta; ++ } ++ free (buf); ++ MHD_destroy_post_processor (pp); ++ } ++ return 0; ++} ++ ++ + int + main (int argc, char *const *argv) + { +@@ -463,6 +528,7 @@ main (int argc, char *const *argv) + errorCount += test_multipart (); + errorCount += test_nested_multipart (); + errorCount += test_empty_value (); ++ errorCount += test_overflow (); + if (errorCount != 0) + fprintf (stderr, "Error (code: %u)\n", errorCount); + return errorCount != 0; /* 0 == pass */ diff --git a/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.70.bb b/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.70.bb index 94976d2e9..9d5e85e1a 100644 --- a/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.70.bb +++ b/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.70.bb @@ -7,7 +7,8 @@ SECTION = "net" DEPENDS = "file" SRC_URI = "${GNU_MIRROR}/libmicrohttpd/${BPN}-${PV}.tar.gz \ -" + file://CVE-2021-3466.patch \ + " SRC_URI[md5sum] = "dcd6045ecb4ea18c120afedccbd1da74" SRC_URI[sha256sum] = "90d0a3d396f96f9bc41eb0f7e8187796049285fabef82604acd4879590977307" diff --git a/meta-oe/recipes-support/libmimetic/libmimetic_0.9.8.bb b/meta-oe/recipes-support/libmimetic/libmimetic_0.9.8.bb index 590c4ebc2..fc0b1ee49 100644 --- a/meta-oe/recipes-support/libmimetic/libmimetic_0.9.8.bb +++ b/meta-oe/recipes-support/libmimetic/libmimetic_0.9.8.bb @@ -10,7 +10,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=b49da7df0ca479ef01ff7f2d799eabee" SRCREV = "50486af99b4f9b35522d7b3de40b6ce107505279" -SRC_URI += "git://github.com/LadislavSopko/mimetic/ \ +SRC_URI += "git://github.com/LadislavSopko/mimetic/;branch=master;protocol=https \ file://0001-libmimetic-Removing-test-directory-from-the-Makefile.patch \ file://0001-mimetic-Check-for-MMAP_FAILED-return-from-mmap.patch \ " diff --git a/meta-oe/recipes-support/libmxml/libmxml_3.1.bb b/meta-oe/recipes-support/libmxml/libmxml_3.1.bb index 4e77d6cc0..fd3369d8d 100644 --- a/meta-oe/recipes-support/libmxml/libmxml_3.1.bb +++ b/meta-oe/recipes-support/libmxml/libmxml_3.1.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" HOMEPAGE = "https://www.msweet.org/mxml/" BUGTRACKER = "https://github.com/michaelrsweet/mxml/issues" -SRC_URI = "git://github.com/michaelrsweet/mxml.git" +SRC_URI = "git://github.com/michaelrsweet/mxml.git;branch=master;protocol=https" SRCREV = "e483e5fd8a33386fd46967681521bdd2da2b548f" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/libp11/libp11_0.4.10.bb b/meta-oe/recipes-support/libp11/libp11_0.4.10.bb index 7fe0640d9..142002a26 100644 --- a/meta-oe/recipes-support/libp11/libp11_0.4.10.bb +++ b/meta-oe/recipes-support/libp11/libp11_0.4.10.bb @@ -9,7 +9,7 @@ LICENSE = "LGPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=fad9b3332be894bab9bc501572864b29" DEPENDS = "libtool openssl" -SRC_URI = "git://github.com/OpenSC/libp11.git" +SRC_URI = "git://github.com/OpenSC/libp11.git;branch=master;protocol=https" SRCREV = "973d31f3f58d5549ddd8b1f822ce8f72186f9d68" UPSTREAM_CHECK_GITTAGREGEX = "libp11-(?P<pver>\d+(\.\d+)+)" diff --git a/meta-oe/recipes-support/librsync/librsync_2.3.1.bb b/meta-oe/recipes-support/librsync/librsync_2.3.1.bb index 004c93d0f..fddece8d1 100644 --- a/meta-oe/recipes-support/librsync/librsync_2.3.1.bb +++ b/meta-oe/recipes-support/librsync/librsync_2.3.1.bb @@ -4,7 +4,7 @@ AUTHOR = "Martin Pool, Andrew Tridgell, Donovan Baarda, Adam Schubert" LICENSE = "LGPLv2.1+" LIC_FILES_CHKSUM = "file://COPYING;md5=d8045f3b8f929c1cb29a1e3fd737b499" -SRC_URI = "git://github.com/librsync/librsync.git" +SRC_URI = "git://github.com/librsync/librsync.git;branch=master;protocol=https" SRCREV = "27f738650c20fef1285f11d85a34e5094a71c06f" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/libsoc/libsoc_0.8.2.bb b/meta-oe/recipes-support/libsoc/libsoc_0.8.2.bb index 8b773aefa..f6fc0e36b 100644 --- a/meta-oe/recipes-support/libsoc/libsoc_0.8.2.bb +++ b/meta-oe/recipes-support/libsoc/libsoc_0.8.2.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=e0bfebea12a718922225ba987b2126a5" inherit autotools pkgconfig python3-dir SRCREV = "fd1ad6e7823fa76d8db0d3c5884faffa8ffddafb" -SRC_URI = "git://github.com/jackmitch/libsoc.git" +SRC_URI = "git://github.com/jackmitch/libsoc.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/libteam/libteam_1.30.bb b/meta-oe/recipes-support/libteam/libteam_1.30.bb index 9cd02b0c0..d04660ca1 100644 --- a/meta-oe/recipes-support/libteam/libteam_1.30.bb +++ b/meta-oe/recipes-support/libteam/libteam_1.30.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" DEPENDS = "libnl libdaemon jansson" -SRC_URI = "git://github.com/jpirko/libteam \ +SRC_URI = "git://github.com/jpirko/libteam;branch=master;protocol=https \ file://0001-include-sys-select.h-for-fd_set-definition.patch \ file://0002-teamd-Re-adjust-include-header-order.patch \ file://0001-team_basic_test.py-disable-RedHat-specific-test.patch \ diff --git a/meta-oe/recipes-support/libtinyxml2/libtinyxml2_8.0.0.bb b/meta-oe/recipes-support/libtinyxml2/libtinyxml2_8.0.0.bb index a2491cf9e..2a33284b8 100644 --- a/meta-oe/recipes-support/libtinyxml2/libtinyxml2_8.0.0.bb +++ b/meta-oe/recipes-support/libtinyxml2/libtinyxml2_8.0.0.bb @@ -4,7 +4,7 @@ SECTION = "libs" LICENSE = "Zlib" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=135624eef03e1f1101b9ba9ac9b5fffd" -SRC_URI = "git://github.com/leethomason/tinyxml2.git" +SRC_URI = "git://github.com/leethomason/tinyxml2.git;branch=master;protocol=https" SRCREV = "bf15233ad88390461f6ab0dbcf046cce643c5fcb" diff --git a/meta-oe/recipes-support/libusbg/libusbg_git.bb b/meta-oe/recipes-support/libusbg/libusbg_git.bb index 97d60a6a8..6edac56fe 100644 --- a/meta-oe/recipes-support/libusbg/libusbg_git.bb +++ b/meta-oe/recipes-support/libusbg/libusbg_git.bb @@ -8,7 +8,7 @@ inherit autotools PV = "0.1.0" SRCREV = "a826d136e0e8fa53815f1ba05893e6dd74208c15" -SRC_URI = "git://github.com/libusbg/libusbg.git \ +SRC_URI = "git://github.com/libusbg/libusbg.git;branch=master;protocol=https \ file://0001-Fix-out-of-tree-builds.patch \ " diff --git a/meta-oe/recipes-support/libusbgx/libusbgx_git.bb b/meta-oe/recipes-support/libusbgx/libusbgx_git.bb index d73ca6106..b88941d6e 100644 --- a/meta-oe/recipes-support/libusbgx/libusbgx_git.bb +++ b/meta-oe/recipes-support/libusbgx/libusbgx_git.bb @@ -11,7 +11,7 @@ PV = "0.2.0+git${SRCPV}" SRCREV = "45c14ef4d5d7ced0fbf984208de44ced6d5ed898" SRCBRANCH = "master" SRC_URI = " \ - git://github.com/libusbgx/libusbgx.git;branch=${SRCBRANCH} \ + git://github.com/libusbgx/libusbgx.git;branch=${SRCBRANCH};protocol=https \ file://gadget-start \ file://usbgx.initd \ file://usbgx.service \ diff --git a/meta-oe/recipes-support/libutempter/libutempter.bb b/meta-oe/recipes-support/libutempter/libutempter.bb index b8a700b7b..d259f166d 100644 --- a/meta-oe/recipes-support/libutempter/libutempter.bb +++ b/meta-oe/recipes-support/libutempter/libutempter.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=2d5025d4aa3495befef8f17206a5b0a1" SRCREV = "3ef74fff310f09e2601e241b9f042cd39d591018" PV = "1.1.6-alt2+git${SRCPV}" -SRC_URI = "git://git.altlinux.org/people/ldv/packages/libutempter.git \ +SRC_URI = "git://git.altlinux.org/people/ldv/packages/libutempter.git;branch=master \ file://0001-Fix-macro-error.patch \ file://0002-Proper-macro-path-generation.patch \ file://libutempter-remove-glibc-assumption.patch \ diff --git a/meta-oe/recipes-support/lio-utils/lio-utils_4.1.bb b/meta-oe/recipes-support/lio-utils/lio-utils_4.1.bb index 0fb4a6e51..aab81461a 100644 --- a/meta-oe/recipes-support/lio-utils/lio-utils_4.1.bb +++ b/meta-oe/recipes-support/lio-utils/lio-utils_4.1.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://debian/copyright;md5=c3ea231a32635cbb5debedf3e88aa3df PV = "4.1+git${SRCPV}" -SRC_URI = "git://github.com/Datera/lio-utils.git \ +SRC_URI = "git://github.com/Datera/lio-utils.git;branch=master;protocol=https \ file://0001-Makefiles-Respect-environment-variables-and-add-LDFL.patch \ " SRCREV = "0ac9091c1ff7a52d5435a4f4449e82637142e06e" diff --git a/meta-oe/recipes-support/lvm2/lvm2.inc b/meta-oe/recipes-support/lvm2/lvm2.inc index 2fe97d571..d0fb33d11 100644 --- a/meta-oe/recipes-support/lvm2/lvm2.inc +++ b/meta-oe/recipes-support/lvm2/lvm2.inc @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12713b4d9386533feeb07d6e4831765a \ DEPENDS += "libaio" -SRC_URI = "git://sourceware.org/git/lvm2.git \ +SRC_URI = "git://sourceware.org/git/lvm2.git;branch=master \ file://lvm.conf \ file://0001-implement-libc-specific-reopen_stream.patch \ file://0002-Guard-use-of-mallinfo-with-__GLIBC__.patch \ diff --git a/meta-oe/recipes-support/mcelog/mce-inject_git.bb b/meta-oe/recipes-support/mcelog/mce-inject_git.bb index cc33cbaf2..8241bd234 100644 --- a/meta-oe/recipes-support/mcelog/mce-inject_git.bb +++ b/meta-oe/recipes-support/mcelog/mce-inject_git.bb @@ -4,7 +4,7 @@ software level into a running Linux kernel. This is intended for \ validation of the kernel machine check handler." SECTION = "System Environment/Base" -SRC_URI = "git://git.kernel.org/pub/scm/utils/cpu/mce/mce-inject.git" +SRC_URI = "git://git.kernel.org/pub/scm/utils/cpu/mce/mce-inject.git;branch=master" SRCREV = "4cbe46321b4a81365ff3aafafe63967264dbfec5" diff --git a/meta-oe/recipes-support/mcelog/mce-test_git.bb b/meta-oe/recipes-support/mcelog/mce-test_git.bb index 35fb94470..f24551521 100644 --- a/meta-oe/recipes-support/mcelog/mce-test_git.bb +++ b/meta-oe/recipes-support/mcelog/mce-test_git.bb @@ -10,7 +10,7 @@ containment and recovery, ACPI/APEI support etc." LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3" -SRC_URI = "git://git.kernel.org/pub/scm/utils/cpu/mce/mce-test.git;protocol=git \ +SRC_URI = "git://git.kernel.org/pub/scm/utils/cpu/mce/mce-test.git;protocol=git;branch=master \ file://makefile-remove-ldflags.patch \ file://0001-gcov_merge.py-scov_merge.py-switch-to-python3.patch \ " diff --git a/meta-oe/recipes-support/mcelog/mcelog_168.bb b/meta-oe/recipes-support/mcelog/mcelog_168.bb index e2ef6ea58..c46413217 100644 --- a/meta-oe/recipes-support/mcelog/mcelog_168.bb +++ b/meta-oe/recipes-support/mcelog/mcelog_168.bb @@ -5,7 +5,7 @@ and should run on all Linux systems that need error handling." HOMEPAGE = "http://mcelog.org/" SECTION = "System Environment/Base" -SRC_URI = "git://git.kernel.org/pub/scm/utils/cpu/mce/mcelog.git;protocol=http; \ +SRC_URI = "git://git.kernel.org/pub/scm/utils/cpu/mce/mcelog.git;protocol=http;branch=master \ file://run-ptest \ " diff --git a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb index 8b0c89338..90cfd7d20 100644 --- a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb +++ b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb @@ -29,7 +29,7 @@ DEPENDS = "libdevmapper \ LICENSE = "GPLv2" -SRC_URI = "git://git.opensvc.com/multipath-tools/.git;protocol=http \ +SRC_URI = "git://github.com/opensvc/multipath-tools.git;protocol=http;branch=master \ file://multipathd.oe \ file://multipath.conf.example \ file://0021-RH-fixup-udev-rules-for-redhat.patch \ diff --git a/meta-oe/recipes-support/ne10/ne10_1.2.1.bb b/meta-oe/recipes-support/ne10/ne10_1.2.1.bb index f37ccde1c..6cb53212a 100644 --- a/meta-oe/recipes-support/ne10/ne10_1.2.1.bb +++ b/meta-oe/recipes-support/ne10/ne10_1.2.1.bb @@ -4,7 +4,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=e7fe20c9be97be5579e3ab5d92d3a218" SECTION = "libs" -SRC_URI = "git://github.com/projectNe10/Ne10.git \ +SRC_URI = "git://github.com/projectNe10/Ne10.git;branch=master;protocol=https \ file://0001-CMakeLists.txt-Remove-mthumb-interwork.patch \ file://0001-Dont-specify-march-explicitly.patch \ " diff --git a/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch new file mode 100644 index 000000000..a229a2d20 --- /dev/null +++ b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch @@ -0,0 +1,65 @@ +From 9ff9d3925d31ab265a965ab1d16d76c496ddb5c8 Mon Sep 17 00:00:00 2001 +From: Benjamin Beurdouche <bbeurdouche@mozilla.com> +Date: Sat, 18 Jul 2020 00:13:38 +0000 +Subject: [PATCH] Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by + PKCS11. r=jcj,kjacobs,rrelyea + +Differential Revision: https://phabricator.services.mozilla.com/D74801 + +--HG-- +extra : moz-landing-system : lando +--- + nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc | 11 +++++++++-- + nss/lib/freebl/chacha20poly1305.c | 2 +- + 2 files changed, 10 insertions(+), 3 deletions(-) + +CVE: CVE-2020-12403 +Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/9ff9d3925d31ab265a965ab1d16d76c496ddb5c8] +Comment: Refreshed path for whole patchset +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +diff --git a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc +index 41f9da71d6..3ea17678d9 100644 +--- a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc ++++ b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc +@@ -45,7 +45,7 @@ class Pkcs11ChaCha20Poly1305Test + SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params), + sizeof(aead_params)}; + +- // Encrypt with bad parameters. ++ // Encrypt with bad parameters (TagLen is too long). + unsigned int encrypted_len = 0; + std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen); + aead_params.ulTagLen = 158072; +@@ -54,9 +54,16 @@ class Pkcs11ChaCha20Poly1305Test + &encrypted_len, encrypted.size(), data, data_len); + EXPECT_EQ(SECFailure, rv); + EXPECT_EQ(0U, encrypted_len); +- aead_params.ulTagLen = 16; ++ ++ // Encrypt with bad parameters (TagLen is too short). ++ aead_params.ulTagLen = 2; ++ rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(), ++ &encrypted_len, encrypted.size(), data, data_len); ++ EXPECT_EQ(SECFailure, rv); ++ EXPECT_EQ(0U, encrypted_len); + + // Encrypt. ++ aead_params.ulTagLen = 16; + rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(), + &encrypted_len, encrypted.size(), data, data_len); + +diff --git a/nss/lib/freebl/chacha20poly1305.c b/nss/lib/freebl/chacha20poly1305.c +index 970c6436da..5c294a9eaf 100644 +--- a/nss/lib/freebl/chacha20poly1305.c ++++ b/nss/lib/freebl/chacha20poly1305.c +@@ -81,7 +81,7 @@ ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx, + PORT_SetError(SEC_ERROR_BAD_KEY); + return SECFailure; + } +- if (tagLen == 0 || tagLen > 16) { ++ if (tagLen != 16) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + diff --git a/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch new file mode 100644 index 000000000..7b093d0cd --- /dev/null +++ b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch @@ -0,0 +1,80 @@ +From 06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45 Mon Sep 17 00:00:00 2001 +From: Benjamin Beurdouche <bbeurdouche@mozilla.com> +Date: Sat, 18 Jul 2020 00:13:14 +0000 +Subject: [PATCH] Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. + r=kjacobs,rrelyea + +Depends on D74801 + +Differential Revision: https://phabricator.services.mozilla.com/D83994 + +--HG-- +extra : moz-landing-system : lando +--- + nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc | 49 +++++++++++++++++++++ + nss/lib/softoken/pkcs11c.c | 1 + + 2 files changed, 50 insertions(+) + +CVE: CVE-2020-12403 +Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45] +Comment: Refreshed path for whole patchset and removed change for pkcs11c.c +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +diff --git a/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc +index 38982fd885..700750cc90 100644 +--- a/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc ++++ b/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc +@@ -77,4 +77,53 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) { + NSS_ShutdownContext(globalctx); + } + ++TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) { ++ PK11SlotInfo* slot; ++ PK11SymKey* key; ++ PK11Context* ctx; ++ ++ NSSInitContext* globalctx = ++ NSS_InitContext("", "", "", "", NULL, ++ NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | ++ NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT); ++ ++ const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR; ++ ++ slot = PK11_GetInternalSlot(); ++ ASSERT_TRUE(slot); ++ ++ // Use arbitrary bytes for the ChaCha20 key and IV ++ uint8_t key_bytes[32]; ++ for (size_t i = 0; i < 32; i++) { ++ key_bytes[i] = i; ++ } ++ SECItem keyItem = {siBuffer, key_bytes, 32}; ++ ++ uint8_t iv_bytes[16]; ++ for (size_t i = 0; i < 16; i++) { ++ key_bytes[i] = i; ++ } ++ SECItem ivItem = {siBuffer, iv_bytes, 16}; ++ ++ SECItem* param = PK11_ParamFromIV(cipher, &ivItem); ++ ++ key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT, ++ &keyItem, NULL); ++ ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param); ++ ASSERT_TRUE(key); ++ ASSERT_TRUE(ctx); ++ ++ uint8_t outbuf[128]; ++ // This is supposed to fail for Chacha20. This is because the underlying ++ // PK11_CipherOp operation is calling the C_EncryptUpdate function for ++ // which multi-part is disabled for ChaCha20 in counter mode. ++ ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure); ++ ++ PK11_FreeSymKey(key); ++ PK11_FreeSlot(slot); ++ SECITEM_FreeItem(param, PR_TRUE); ++ PK11_DestroyContext(ctx, PR_TRUE); ++ NSS_ShutdownContext(globalctx); ++} ++ + } // namespace nss_test diff --git a/meta-oe/recipes-support/nss/nss/CVE-2021-43527.patch b/meta-oe/recipes-support/nss/nss/CVE-2021-43527.patch new file mode 100644 index 000000000..cf3ea63ca --- /dev/null +++ b/meta-oe/recipes-support/nss/nss/CVE-2021-43527.patch @@ -0,0 +1,283 @@ +Description: fix heap overflow when verifying DSA/RSA-PSS DER-encoded signatures +Origin: Provided by Mozilla + +CVE: CVE-2021-43527 +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.35-2ubuntu2.13.debian.tar.xz] +Comment: Refreshed hunk 1 and 6 due to fuzz +Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> + +--- a/nss/lib/cryptohi/secvfy.c ++++ b/nss/lib/cryptohi/secvfy.c +@@ -164,6 +164,37 @@ + PR_FALSE /*XXX: unsafeAllowMissingParameters*/); + } + ++static unsigned int ++checkedSignatureLen(const SECKEYPublicKey *pubk) ++{ ++ unsigned int sigLen = SECKEY_SignatureLen(pubk); ++ if (sigLen == 0) { ++ /* Error set by SECKEY_SignatureLen */ ++ return sigLen; ++ } ++ unsigned int maxSigLen; ++ switch (pubk->keyType) { ++ case rsaKey: ++ case rsaPssKey: ++ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8; ++ break; ++ case dsaKey: ++ maxSigLen = DSA_MAX_SIGNATURE_LEN; ++ break; ++ case ecKey: ++ maxSigLen = 2 * MAX_ECKEY_LEN; ++ break; ++ default: ++ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); ++ return 0; ++ } ++ if (sigLen > maxSigLen) { ++ PORT_SetError(SEC_ERROR_INVALID_KEY); ++ return 0; ++ } ++ return sigLen; ++} ++ + /* + * decode the ECDSA or DSA signature from it's DER wrapping. + * The unwrapped/raw signature is placed in the buffer pointed +@@ -174,38 +205,38 @@ decodeECorDSASignature(SECOidTag algid, + unsigned int len) + { + SECItem *dsasig = NULL; /* also used for ECDSA */ +- SECStatus rv = SECSuccess; + +- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) && +- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) { +- if (sig->len != len) { +- PORT_SetError(SEC_ERROR_BAD_DER); +- return SECFailure; ++ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */ ++ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) { ++ if (len > DSA_MAX_SIGNATURE_LEN) { ++ goto loser; + } +- +- PORT_Memcpy(dsig, sig->data, sig->len); +- return SECSuccess; +- } +- +- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { ++ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { + if (len > MAX_ECKEY_LEN * 2) { +- PORT_SetError(SEC_ERROR_BAD_DER); +- return SECFailure; ++ goto loser; + } +- } +- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); +- +- if ((dsasig == NULL) || (dsasig->len != len)) { +- rv = SECFailure; + } else { +- PORT_Memcpy(dsig, dsasig->data, dsasig->len); ++ goto loser; + } + +- if (dsasig != NULL) ++ /* Decode and pad to length */ ++ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); ++ if (dsasig == NULL) { ++ goto loser; ++ } ++ if (dsasig->len != len) { + SECITEM_FreeItem(dsasig, PR_TRUE); +- if (rv == SECFailure) +- PORT_SetError(SEC_ERROR_BAD_DER); +- return rv; ++ goto loser; ++ } ++ ++ PORT_Memcpy(dsig, dsasig->data, len); ++ SECITEM_FreeItem(dsasig, PR_TRUE); ++ ++ return SECSuccess; ++ ++loser: ++ PORT_SetError(SEC_ERROR_BAD_DER); ++ return SECFailure; + } + + const SEC_ASN1Template hashParameterTemplate[] = +@@ -231,7 +262,7 @@ SECStatus + sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, + const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg) + { +- int len; ++ unsigned int len; + PLArenaPool *arena; + SECStatus rv; + SECItem oid; +@@ -458,48 +489,52 @@ vfy_CreateContext(const SECKEYPublicKey + cx->pkcs1RSADigestInfo = NULL; + rv = SECSuccess; + if (sig) { +- switch (type) { +- case rsaKey: +- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, +- &cx->pkcs1RSADigestInfo, +- &cx->pkcs1RSADigestInfoLen, +- cx->key, +- sig, wincx); +- break; +- case rsaPssKey: +- sigLen = SECKEY_SignatureLen(key); +- if (sigLen == 0) { +- /* error set by SECKEY_SignatureLen */ +- rv = SECFailure; ++ rv = SECFailure; ++ if (type == rsaKey) { ++ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, ++ &cx->pkcs1RSADigestInfo, ++ &cx->pkcs1RSADigestInfoLen, ++ cx->key, ++ sig, wincx); ++ } else { ++ sigLen = checkedSignatureLen(key); ++ /* Check signature length is within limits */ ++ if (sigLen == 0) { ++ /* error set by checkedSignatureLen */ ++ rv = SECFailure; ++ goto loser; ++ } ++ if (sigLen > sizeof(cx->u)) { ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); ++ rv = SECFailure; ++ goto loser; ++ } ++ switch (type) { ++ case rsaPssKey: ++ if (sig->len != sigLen) { ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); ++ rv = SECFailure; ++ goto loser; ++ } ++ PORT_Memcpy(cx->u.buffer, sig->data, sigLen); ++ rv = SECSuccess; + break; +- } +- if (sig->len != sigLen) { +- PORT_SetError(SEC_ERROR_BAD_SIGNATURE); +- rv = SECFailure; ++ case ecKey: ++ case dsaKey: ++ /* decodeECorDSASignature will check sigLen == sig->len after padding */ ++ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); + break; +- } +- PORT_Memcpy(cx->u.buffer, sig->data, sigLen); +- break; +- case dsaKey: +- case ecKey: +- sigLen = SECKEY_SignatureLen(key); +- if (sigLen == 0) { +- /* error set by SECKEY_SignatureLen */ ++ default: ++ /* Unreachable */ + rv = SECFailure; +- break; +- } +- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); +- break; +- default: +- rv = SECFailure; +- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); +- break; ++ goto loser; ++ } ++ } ++ if (rv != SECSuccess) { ++ goto loser; + } + } + +- if (rv) +- goto loser; +- + /* check hash alg again, RSA may have changed it.*/ + if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) { + /* error set by HASH_GetHashTypeByOidTag */ +@@ -634,11 +669,16 @@ VFY_EndWithSignature(VFYContext *cx, SEC + switch (cx->key->keyType) { + case ecKey: + case dsaKey: +- dsasig.data = cx->u.buffer; +- dsasig.len = SECKEY_SignatureLen(cx->key); ++ dsasig.len = checkedSignatureLen(cx->key); + if (dsasig.len == 0) { + return SECFailure; + } ++ if (dsasig.len > sizeof(cx->u)) { ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); ++ return SECFailure; ++ } ++ dsasig.data = cx->u.buffer; ++ + if (sig) { + rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data, + dsasig.len); +@@ -667,8 +698,13 @@ + } + + rsasig.data = cx->u.buffer; +- rsasig.len = SECKEY_SignatureLen(cx->key); ++ rsasig.len = checkedSignatureLen(cx->key); + if (rsasig.len == 0) { ++ /* Error set by checkedSignatureLen */ ++ return SECFailure; ++ } ++ if (rsasig.len > sizeof(cx->u)) { ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); + return SECFailure; + } + if (sig) { +@@ -743,7 +788,6 @@ vfy_VerifyDigest(const SECItem *digest, + SECStatus rv; + VFYContext *cx; + SECItem dsasig; /* also used for ECDSA */ +- + rv = SECFailure; + + cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx); +@@ -751,19 +795,25 @@ vfy_VerifyDigest(const SECItem *digest, + switch (key->keyType) { + case rsaKey: + rv = verifyPKCS1DigestInfo(cx, digest); ++ /* Error (if any) set by verifyPKCS1DigestInfo */ + break; +- case dsaKey: + case ecKey: ++ case dsaKey: + dsasig.data = cx->u.buffer; +- dsasig.len = SECKEY_SignatureLen(cx->key); ++ dsasig.len = checkedSignatureLen(cx->key); + if (dsasig.len == 0) { ++ /* Error set by checkedSignatureLen */ ++ rv = SECFailure; + break; + } +- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) != +- SECSuccess) { ++ if (dsasig.len > sizeof(cx->u)) { ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); ++ rv = SECFailure; ++ break; ++ } ++ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx); ++ if (rv != SECSuccess) { + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); +- } else { +- rv = SECSuccess; + } + break; + default: diff --git a/meta-oe/recipes-support/nss/nss/CVE-2022-22747.patch b/meta-oe/recipes-support/nss/nss/CVE-2022-22747.patch new file mode 100644 index 000000000..cccb73187 --- /dev/null +++ b/meta-oe/recipes-support/nss/nss/CVE-2022-22747.patch @@ -0,0 +1,63 @@ +# HG changeset patch +# User John M. Schanck <jschanck@mozilla.com> +# Date 1633990165 0 +# Node ID 7ff99e71f3e37faed12bc3cc90a3eed27e3418d0 +# Parent f80fafd04cf82b4d315c8fe42bb4639703f6ee4f +Bug 1735028 - check for missing signedData field r=keeler + +Differential Revision: https://phabricator.services.mozilla.com/D128112 + +Upstream-Status: Backport [https://hg.mozilla.org/projects/nss/raw-rev/7ff99e71f3e37faed12bc3cc90a3eed27e3418d0] +CVE: CVE-2022-22747 +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +diff --git a/nss/gtests/certdb_gtest/decode_certs_unittest.cc b/nss/gtests/certdb_gtest/decode_certs_unittest.cc +--- a/nss/gtests/certdb_gtest/decode_certs_unittest.cc ++++ b/nss/gtests/certdb_gtest/decode_certs_unittest.cc +@@ -21,8 +21,21 @@ TEST_F(DecodeCertsTest, EmptyCertPackage + unsigned char emptyCertPackage[] = {0x30, 0x0f, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02, + 0x05, 0xa0, 0x02, 0x30, 0x00}; + EXPECT_EQ(nullptr, CERT_DecodeCertFromPackage( + reinterpret_cast<char*>(emptyCertPackage), + sizeof(emptyCertPackage))); + EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError()); + } ++ ++TEST_F(DecodeCertsTest, EmptySignedData) { ++ // This represents a PKCS#7 ContentInfo of contentType ++ // 1.2.840.113549.1.7.2 (signedData) with missing content. ++ unsigned char emptySignedData[] = {0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, ++ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, ++ 0x02, 0x00, 0x00, 0x05, 0x00}; ++ ++ EXPECT_EQ(nullptr, ++ CERT_DecodeCertFromPackage(reinterpret_cast<char*>(emptySignedData), ++ sizeof(emptySignedData))); ++ EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError()); ++} +diff --git a/nss/lib/pkcs7/certread.c b/nss/lib/pkcs7/certread.c +--- a/nss/lib/pkcs7/certread.c ++++ b/nss/lib/pkcs7/certread.c +@@ -134,16 +134,21 @@ SEC_ReadPKCS7Certs(SECItem *pkcs7Item, C + pkcs7Item) != SECSuccess) { + goto done; + } + + if (GetContentTypeTag(&contentInfo) != SEC_OID_PKCS7_SIGNED_DATA) { + goto done; + } + ++ if (contentInfo.content.signedData == NULL) { ++ PORT_SetError(SEC_ERROR_BAD_DER); ++ goto done; ++ } ++ + rv = SECSuccess; + + certs = contentInfo.content.signedData->certificates; + if (certs) { + count = 0; + + while (*certs) { + count++; diff --git a/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-oe/recipes-support/nss/nss_3.51.1.bb index ac046ed0f..8b59f7ea8 100644 --- a/meta-oe/recipes-support/nss/nss_3.51.1.bb +++ b/meta-oe/recipes-support/nss/nss_3.51.1.bb @@ -37,6 +37,10 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO file://0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch \ file://CVE-2020-12401.patch \ file://CVE-2020-6829_12400.patch \ + file://CVE-2020-12403_1.patch \ + file://CVE-2020-12403_2.patch \ + file://CVE-2021-43527.patch \ + file://CVE-2022-22747.patch \ " SRC_URI[md5sum] = "6acaf1ddff69306ae30a908881c6f233" diff --git a/meta-oe/recipes-support/numactl/numactl_git.bb b/meta-oe/recipes-support/numactl/numactl_git.bb index 20b7fed86..af082237c 100644 --- a/meta-oe/recipes-support/numactl/numactl_git.bb +++ b/meta-oe/recipes-support/numactl/numactl_git.bb @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://README.md;beginline=19;endline=32;md5=f8ff2391624f28e SRCREV = "5d9f16722e3df49dc618a9f361bd482559695db7" PV = "2.0.13+git${SRCPV}" -SRC_URI = "git://github.com/numactl/numactl \ +SRC_URI = "git://github.com/numactl/numactl;branch=master;protocol=https \ file://Fix-the-test-output-format.patch \ file://Makefile \ file://run-ptest \ diff --git a/meta-oe/recipes-support/open-vm-tools/open-vm-tools_11.0.1.bb b/meta-oe/recipes-support/open-vm-tools/open-vm-tools_11.0.1.bb index 34a81d21f..3cf0aa829 100644 --- a/meta-oe/recipes-support/open-vm-tools/open-vm-tools_11.0.1.bb +++ b/meta-oe/recipes-support/open-vm-tools/open-vm-tools_11.0.1.bb @@ -21,7 +21,7 @@ LICENSE_modules/freebsd/vmxnet = "GPL-2.0" LICENSE_modules/linux = "GPL-2.0" LICENSE_modules/solaris = "CDDL-1.0" -SRC_URI = "git://github.com/vmware/open-vm-tools.git;protocol=https \ +SRC_URI = "git://github.com/vmware/open-vm-tools.git;protocol=https;branch=master \ file://tools.conf \ file://vmtoolsd.service \ file://vmtoolsd.init \ diff --git a/meta-oe/recipes-support/opencl/clinfo_2.2.18.04.06.bb b/meta-oe/recipes-support/opencl/clinfo_2.2.18.04.06.bb index 9fd88ced9..831b15a45 100644 --- a/meta-oe/recipes-support/opencl/clinfo_2.2.18.04.06.bb +++ b/meta-oe/recipes-support/opencl/clinfo_2.2.18.04.06.bb @@ -7,7 +7,7 @@ HOMEPAGE = "https://github.com/Oblomov/clinfo" LICENSE = "CC0-1.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=fd8857f774dfb0eefe1e80c8f9240a7e" -SRC_URI = "git://github.com/Oblomov/clinfo.git;protocol=https" +SRC_URI = "git://github.com/Oblomov/clinfo.git;protocol=https;branch=master" SRCREV = "59d0daf898e48d76ccbb788acbba258fa0a8ba7c" diff --git a/meta-oe/recipes-support/opencv/ade_0.1.1f.bb b/meta-oe/recipes-support/opencv/ade_0.1.1f.bb index 386180215..7e9bbc31c 100644 --- a/meta-oe/recipes-support/opencv/ade_0.1.1f.bb +++ b/meta-oe/recipes-support/opencv/ade_0.1.1f.bb @@ -4,7 +4,7 @@ and processing framework. ADE Framework is suitable for \ organizing data flow processing and execution." HOMEPAGE = "https://github.com/opencv/ade" -SRC_URI = "git://github.com/opencv/ade.git \ +SRC_URI = "git://github.com/opencv/ade.git;branch=master;protocol=https \ file://0001-use-GNUInstallDirs-for-detecting-install-paths.patch \ " diff --git a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb index 19d5d0c89..d7a015874 100644 --- a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb +++ b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb @@ -37,12 +37,12 @@ IPP_FILENAME = "${@ipp_filename(d)}" IPP_MD5 = "${@ipp_md5sum(d)}" SRCREV_FORMAT = "opencv_contrib_ipp_boostdesc_vgg" -SRC_URI = "git://github.com/opencv/opencv.git;name=opencv \ - git://github.com/opencv/opencv_contrib.git;destsuffix=contrib;name=contrib \ - git://github.com/opencv/opencv_3rdparty.git;branch=ippicv/master_20180723;destsuffix=ipp;name=ipp \ - git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_boostdesc_20161012;destsuffix=boostdesc;name=boostdesc \ - git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_vgg_20160317;destsuffix=vgg;name=vgg \ - git://github.com/opencv/opencv_3rdparty.git;branch=contrib_face_alignment_20170818;destsuffix=face;name=face \ +SRC_URI = "git://github.com/opencv/opencv.git;name=opencv;branch=master;protocol=https \ + git://github.com/opencv/opencv_contrib.git;destsuffix=contrib;name=contrib;branch=master;protocol=https \ + git://github.com/opencv/opencv_3rdparty.git;branch=ippicv/master_20180723;destsuffix=ipp;name=ipp;protocol=https \ + git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_boostdesc_20161012;destsuffix=boostdesc;name=boostdesc;protocol=https \ + git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_vgg_20160317;destsuffix=vgg;name=vgg;protocol=https \ + git://github.com/opencv/opencv_3rdparty.git;branch=contrib_face_alignment_20170818;destsuffix=face;name=face;protocol=https \ file://0001-3rdparty-ippicv-Use-pre-downloaded-ipp.patch \ file://0002-Make-opencv-ts-create-share-library-intead-of-static.patch \ file://0003-To-fix-errors-as-following.patch \ diff --git a/meta-oe/recipes-support/openldap/openldap/CVE-2022-29155.patch b/meta-oe/recipes-support/openldap/openldap/CVE-2022-29155.patch new file mode 100644 index 000000000..2860b9522 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap/CVE-2022-29155.patch @@ -0,0 +1,277 @@ +From 11e136f15085a4bda5701e910988966bed699977 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Wed, 18 May 2022 13:57:59 +0530 +Subject: [PATCH] CVE-2022-29155 + +Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/87df6c19915042430540931d199a39105544a134] +CVE: CVE-2022-29155 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> + +--- + servers/slapd/back-sql/search.c | 123 +++++++++++++++++++++++++++----- + 1 file changed, 105 insertions(+), 18 deletions(-) + +diff --git a/servers/slapd/back-sql/search.c b/servers/slapd/back-sql/search.c +index bb0f1e2..1770bde 100644 +--- a/servers/slapd/back-sql/search.c ++++ b/servers/slapd/back-sql/search.c +@@ -63,6 +63,38 @@ static void send_paged_response( + ID *lastid ); + #endif /* ! BACKSQL_ARBITRARY_KEY */ + ++/* Look for chars that need to be escaped, return count of them. ++ * If out is non-NULL, copy escape'd val to it. ++ */ ++static int ++backsql_val_escape( Operation *op, struct berval *in, struct berval *out ) ++{ ++ char *ptr, *end; ++ int q = 0; ++ ++ ptr = in->bv_val; ++ end = ptr + in->bv_len; ++ while (ptr < end) { ++ if ( *ptr == '\'' ) ++ q++; ++ ptr++; ++ } ++ if ( q && out ) { ++ char *dst; ++ out->bv_len = in->bv_len + q; ++ out->bv_val = op->o_tmpalloc( out->bv_len + 1, op->o_tmpmemctx ); ++ ptr = in->bv_val; ++ dst = out->bv_val; ++ while (ptr < end ) { ++ if ( *ptr == '\'' ) ++ *dst++ = '\''; ++ *dst++ = *ptr++; ++ } ++ *dst = '\0'; ++ } ++ return q; ++} ++ + static int + backsql_attrlist_add( backsql_srch_info *bsi, AttributeDescription *ad ) + { +@@ -429,6 +461,8 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f, + backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private; + int i; + int casefold = 0; ++ int escaped = 0; ++ struct berval escval, *fvalue; + + if ( !f ) { + return 0; +@@ -462,50 +496,68 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f, + + BER_BVZERO( &bv ); + if ( f->f_sub_initial.bv_val ) { +- bv.bv_len += f->f_sub_initial.bv_len; ++ bv.bv_len += f->f_sub_initial.bv_len + backsql_val_escape( NULL, &f->f_sub_initial, NULL ); + } + if ( f->f_sub_any != NULL ) { + for ( a = 0; f->f_sub_any[ a ].bv_val != NULL; a++ ) { +- bv.bv_len += f->f_sub_any[ a ].bv_len; ++ bv.bv_len += f->f_sub_any[ a ].bv_len + backsql_val_escape( NULL, &f->f_sub_any[ a ], NULL ); + } + } + if ( f->f_sub_final.bv_val ) { +- bv.bv_len += f->f_sub_final.bv_len; ++ bv.bv_len += f->f_sub_final.bv_len + backsql_val_escape( NULL, &f->f_sub_final, NULL ); + } + bv.bv_len = 2 * bv.bv_len - 1; + bv.bv_val = ch_malloc( bv.bv_len + 1 ); + + s = 0; + if ( !BER_BVISNULL( &f->f_sub_initial ) ) { +- bv.bv_val[ s ] = f->f_sub_initial.bv_val[ 0 ]; +- for ( i = 1; i < f->f_sub_initial.bv_len; i++ ) { ++ fvalue = &f->f_sub_initial; ++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval ); ++ if ( escaped ) ++ fvalue = &escval; ++ bv.bv_val[ s ] = fvalue->bv_val[ 0 ]; ++ for ( i = 1; i < fvalue->bv_len; i++ ) { + bv.bv_val[ s + 2 * i - 1 ] = '%'; +- bv.bv_val[ s + 2 * i ] = f->f_sub_initial.bv_val[ i ]; ++ bv.bv_val[ s + 2 * i ] = fvalue->bv_val[ i ]; + } + bv.bv_val[ s + 2 * i - 1 ] = '%'; + s += 2 * i; ++ if ( escaped ) ++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx ); + } + + if ( f->f_sub_any != NULL ) { + for ( a = 0; !BER_BVISNULL( &f->f_sub_any[ a ] ); a++ ) { +- bv.bv_val[ s ] = f->f_sub_any[ a ].bv_val[ 0 ]; +- for ( i = 1; i < f->f_sub_any[ a ].bv_len; i++ ) { ++ fvalue = &f->f_sub_any[ a ]; ++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval ); ++ if ( escaped ) ++ fvalue = &escval; ++ bv.bv_val[ s ] = fvalue->bv_val[ 0 ]; ++ for ( i = 1; i < fvalue->bv_len; i++ ) { + bv.bv_val[ s + 2 * i - 1 ] = '%'; +- bv.bv_val[ s + 2 * i ] = f->f_sub_any[ a ].bv_val[ i ]; ++ bv.bv_val[ s + 2 * i ] = fvalue->bv_val[ i ]; + } + bv.bv_val[ s + 2 * i - 1 ] = '%'; + s += 2 * i; ++ if ( escaped ) ++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx ); + } + } + + if ( !BER_BVISNULL( &f->f_sub_final ) ) { +- bv.bv_val[ s ] = f->f_sub_final.bv_val[ 0 ]; +- for ( i = 1; i < f->f_sub_final.bv_len; i++ ) { ++ fvalue = &f->f_sub_final; ++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval ); ++ if ( escaped ) ++ fvalue = &escval; ++ bv.bv_val[ s ] = fvalue->bv_val[ 0 ]; ++ for ( i = 1; i < fvalue->bv_len; i++ ) { + bv.bv_val[ s + 2 * i - 1 ] = '%'; +- bv.bv_val[ s + 2 * i ] = f->f_sub_final.bv_val[ i ]; ++ bv.bv_val[ s + 2 * i ] = fvalue->bv_val[ i ]; + } +- bv.bv_val[ s + 2 * i - 1 ] = '%'; ++ bv.bv_val[ s + 2 * i - 1 ] = '%'; + s += 2 * i; ++ if ( escaped ) ++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx ); + } + + bv.bv_val[ s - 1 ] = '\0'; +@@ -561,11 +613,17 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f, + f->f_sub_initial.bv_val, 0 ); + #endif /* BACKSQL_TRACE */ + ++ fvalue = &f->f_sub_initial; ++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval ); ++ if ( escaped ) ++ fvalue = &escval; + start = bsi->bsi_flt_where.bb_val.bv_len; + backsql_strfcat_x( &bsi->bsi_flt_where, + bsi->bsi_op->o_tmpmemctx, + "b", +- &f->f_sub_initial ); ++ fvalue ); ++ if ( escaped ) ++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx ); + if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) { + ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] ); + } +@@ -586,12 +644,18 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f, + i, f->f_sub_any[ i ].bv_val ); + #endif /* BACKSQL_TRACE */ + ++ fvalue = &f->f_sub_any[ i ]; ++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval ); ++ if ( escaped ) ++ fvalue = &escval; + start = bsi->bsi_flt_where.bb_val.bv_len; + backsql_strfcat_x( &bsi->bsi_flt_where, + bsi->bsi_op->o_tmpmemctx, + "bc", +- &f->f_sub_any[ i ], ++ fvalue, + '%' ); ++ if ( escaped ) ++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx ); + if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) { + /* + * Note: toupper('%') = '%' +@@ -611,11 +675,17 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f, + f->f_sub_final.bv_val, 0 ); + #endif /* BACKSQL_TRACE */ + ++ fvalue = &f->f_sub_final; ++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval ); ++ if ( escaped ) ++ fvalue = &escval; + start = bsi->bsi_flt_where.bb_val.bv_len; + backsql_strfcat_x( &bsi->bsi_flt_where, + bsi->bsi_op->o_tmpmemctx, + "b", +- &f->f_sub_final ); ++ fvalue ); ++ if ( escaped ) ++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx ); + if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) { + ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] ); + } +@@ -1183,6 +1253,8 @@ backsql_process_filter_attr( backsql_srch_info *bsi, Filter *f, backsql_at_map_r + struct berval *filter_value = NULL; + MatchingRule *matching_rule = NULL; + struct berval ordering = BER_BVC("<="); ++ struct berval escval; ++ int escaped = 0; + + Debug( LDAP_DEBUG_TRACE, "==>backsql_process_filter_attr(%s)\n", + at->bam_ad->ad_cname.bv_val, 0, 0 ); +@@ -1237,6 +1309,10 @@ equality_match:; + casefold = 1; + } + ++ escaped = backsql_val_escape( bsi->bsi_op, filter_value, &escval ); ++ if ( escaped ) ++ filter_value = &escval; ++ + /* FIXME: directoryString filtering should use a similar + * approach to deal with non-prettified values like + * " A non prettified value ", by using a LIKE +@@ -1317,6 +1393,10 @@ equality_match:; + casefold = 1; + } + ++ escaped = backsql_val_escape( bsi->bsi_op, filter_value, &escval ); ++ if ( escaped ) ++ filter_value = &escval; ++ + /* + * FIXME: should we uppercase the operands? + */ +@@ -1350,7 +1430,7 @@ equality_match:; + &at->bam_sel_expr, + &ordering, + '\'', +- &f->f_av_value, ++ filter_value, + (ber_len_t)STRLENOF( /* (' */ "')" ), + /* ( */ "')" ); + } +@@ -1374,13 +1454,17 @@ equality_match:; + case LDAP_FILTER_APPROX: + /* we do our best */ + ++ filter_value = &f->f_av_value; ++ escaped = backsql_val_escape( bsi->bsi_op, filter_value, &escval ); ++ if ( escaped ) ++ filter_value = &escval; + /* + * maybe we should check type of at->sel_expr here somehow, + * to know whether upper_func is applicable, but for now + * upper_func stuff is made for Oracle, where UPPER is + * safely applicable to NUMBER etc. + */ +- (void)backsql_process_filter_like( bsi, at, 1, &f->f_av_value ); ++ (void)backsql_process_filter_like( bsi, at, 1, filter_value ); + break; + + default: +@@ -1394,6 +1478,9 @@ equality_match:; + + } + ++ if ( escaped ) ++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx ); ++ + Debug( LDAP_DEBUG_TRACE, "<==backsql_process_filter_attr(%s)\n", + at->bam_ad->ad_cname.bv_val, 0, 0 ); + +-- +2.25.1 + diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb index a282523a3..e3e9caa1b 100644 --- a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb +++ b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb @@ -23,8 +23,8 @@ SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$ file://thread_stub.patch \ file://openldap-CVE-2015-3276.patch \ file://remove-user-host-pwd-from-version.patch \ + file://CVE-2022-29155.patch \ " - SRC_URI[md5sum] = "e3349456c3a66e5e6155be7ddc3f042c" SRC_URI[sha256sum] = "c7ba47e1e6ecb5b436f3d43281df57abeffa99262141aec822628bc220f6b45a" diff --git a/meta-oe/recipes-support/opensc/opensc_0.20.0.bb b/meta-oe/recipes-support/opensc/opensc_0.20.0.bb index a815980c4..b8cf203b7 100644 --- a/meta-oe/recipes-support/opensc/opensc_0.20.0.bb +++ b/meta-oe/recipes-support/opensc/opensc_0.20.0.bb @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7fbc338309ac38fefcd64b04bb903e34" #v0.19.0 SRCREV = "45e29056ccde422e70ed3585084a7f150c632515" -SRC_URI = "git://github.com/OpenSC/OpenSC \ +SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \ " DEPENDS = "virtual/libiconv openssl" diff --git a/meta-oe/recipes-support/picocom/picocom_git.bb b/meta-oe/recipes-support/picocom/picocom_git.bb index 3d26b9364..801300e70 100644 --- a/meta-oe/recipes-support/picocom/picocom_git.bb +++ b/meta-oe/recipes-support/picocom/picocom_git.bb @@ -9,7 +9,7 @@ PV = "${BASEPV}+git${SRCPV}" SRCREV = "90385aabe2b51f39fa130627d46b377569f82d4a" -SRC_URI = "git://github.com/npat-efault/picocom \ +SRC_URI = "git://github.com/npat-efault/picocom;branch=master;protocol=https \ file://0001-Fix-building-with-musl.patch \ " diff --git a/meta-oe/recipes-support/pidgin/funyahoo-plusplus_git.bb b/meta-oe/recipes-support/pidgin/funyahoo-plusplus_git.bb index 3a437659e..0e3e5ff73 100644 --- a/meta-oe/recipes-support/pidgin/funyahoo-plusplus_git.bb +++ b/meta-oe/recipes-support/pidgin/funyahoo-plusplus_git.bb @@ -7,7 +7,7 @@ DEPENDS = "pidgin json-glib glib-2.0" inherit pkgconfig -SRC_URI = "git://github.com/EionRobb/funyahoo-plusplus;branch=master;protocol=git" +SRC_URI = "git://github.com/EionRobb/funyahoo-plusplus;branch=master;protocol=https" SRCREV = "fbbd9c591100aa00a0487738ec7b6acd3d924b3f" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/pidgin/icyque_git.bb b/meta-oe/recipes-support/pidgin/icyque_git.bb index 0f32dc3a3..2905e16fc 100644 --- a/meta-oe/recipes-support/pidgin/icyque_git.bb +++ b/meta-oe/recipes-support/pidgin/icyque_git.bb @@ -9,7 +9,7 @@ PV = "0.1+gitr${SRCPV}" inherit pkgconfig -SRC_URI = "git://github.com/EionRobb/icyque" +SRC_URI = "git://github.com/EionRobb/icyque;branch=master;protocol=https" SRCREV = "513fc162d5d1a201c2b044e2b42941436d1069d5" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/pidgin/purple-skypeweb_git.bb b/meta-oe/recipes-support/pidgin/purple-skypeweb_git.bb index 092e6059b..854920d2e 100644 --- a/meta-oe/recipes-support/pidgin/purple-skypeweb_git.bb +++ b/meta-oe/recipes-support/pidgin/purple-skypeweb_git.bb @@ -7,7 +7,7 @@ DEPENDS = "pidgin json-glib glib-2.0 zlib" inherit pkgconfig -SRC_URI = "git://github.com/EionRobb/skype4pidgin;branch=master;protocol=git" +SRC_URI = "git://github.com/EionRobb/skype4pidgin;branch=master;protocol=https" SRCREV = "14f1b69b6292bbdc98cca484b050ec8359394c4e" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/poco/poco_1.9.4.bb b/meta-oe/recipes-support/poco/poco_1.9.4.bb index fcd521975..1c3a4ebb0 100644 --- a/meta-oe/recipes-support/poco/poco_1.9.4.bb +++ b/meta-oe/recipes-support/poco/poco_1.9.4.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=4267f48fc738f50380cbeeb76f95cebc" DEPENDS = "libpcre zlib" SRC_URI = " \ - git://github.com/pocoproject/poco.git;branch=poco-${PV} \ + git://github.com/pocoproject/poco.git;branch=poco-${PV};protocol=https \ file://0001-Don-t-try-to-install-non-existing-Encodings-testsuit.patch \ file://0001-riscv-Enable-double-operations-when-using-double-flo.patch \ file://run-ptest \ diff --git a/meta-oe/recipes-support/pps-tools/pps-tools_1.0.2.bb b/meta-oe/recipes-support/pps-tools/pps-tools_1.0.2.bb index c8baa5d9c..5b5358774 100644 --- a/meta-oe/recipes-support/pps-tools/pps-tools_1.0.2.bb +++ b/meta-oe/recipes-support/pps-tools/pps-tools_1.0.2.bb @@ -5,7 +5,7 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" SRCREV = "cb48b7ecf7079ceba7081c78d4e61e507b0e8d2d" -SRC_URI = "git://github.com/ago/pps-tools.git" +SRC_URI = "git://github.com/ago/pps-tools.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/remmina/remmina_1.3.6.bb b/meta-oe/recipes-support/remmina/remmina_1.3.6.bb index 1c2f270e3..3b1e8706c 100644 --- a/meta-oe/recipes-support/remmina/remmina_1.3.6.bb +++ b/meta-oe/recipes-support/remmina/remmina_1.3.6.bb @@ -10,7 +10,7 @@ DEPENDS_append_libc-musl = " libexecinfo" LDFLAGS_append_libc-musl = " -lexecinfo" SRCREV = "cc391370d8b4c07597617e0a771a9732f0802411" -SRC_URI = "git://gitlab.com/Remmina/Remmina;protocol=https \ +SRC_URI = "git://gitlab.com/Remmina/Remmina;protocol=https;branch=master \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb b/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb index 33f5dccca..6fe8aa76f 100644 --- a/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb +++ b/meta-oe/recipes-support/rsnapshot/rsnapshot_git.bb @@ -25,7 +25,7 @@ RDEPENDS_${PN} = "rsync \ SRCREV = "a9e29850fc33c503c289e245c7bad350eed746d9" PV = "1.4.3+git${SRCPV}" -SRC_URI = "git://github.com/DrHyde/${BPN};branch=master;protocol=git \ +SRC_URI = "git://github.com/DrHyde/${BPN};branch=master;protocol=https \ file://configure-fix-cmd_rsync.patch \ " diff --git a/meta-oe/recipes-support/sass/libsass_3.6.3.bb b/meta-oe/recipes-support/sass/libsass_3.6.3.bb index d893be223..4b4fe5566 100644 --- a/meta-oe/recipes-support/sass/libsass_3.6.3.bb +++ b/meta-oe/recipes-support/sass/libsass_3.6.3.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=8f34396ca205f5e119ee77aae91fa27d" inherit autotools -SRC_URI = "git://github.com/sass/libsass.git;branch=master" +SRC_URI = "git://github.com/sass/libsass.git;branch=master;protocol=https" SRCREV = "e1c16e09b4a953757a15149deaaf28a3fd81dc97" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/sass/sassc_git.bb b/meta-oe/recipes-support/sass/sassc_git.bb index 3c7a55cc3..985d519f9 100644 --- a/meta-oe/recipes-support/sass/sassc_git.bb +++ b/meta-oe/recipes-support/sass/sassc_git.bb @@ -6,7 +6,7 @@ DEPENDS = "libsass" inherit autotools pkgconfig -SRC_URI = "git://github.com/sass/sassc.git" +SRC_URI = "git://github.com/sass/sassc.git;branch=master;protocol=https" SRCREV = "46748216ba0b60545e814c07846ca10c9fefc5b6" S = "${WORKDIR}/git" PV = "3.6.1" diff --git a/meta-oe/recipes-support/satyr/satyr_0.28.bb b/meta-oe/recipes-support/satyr/satyr_0.28.bb index fbf018d7f..a928681ae 100644 --- a/meta-oe/recipes-support/satyr/satyr_0.28.bb +++ b/meta-oe/recipes-support/satyr/satyr_0.28.bb @@ -7,7 +7,7 @@ LICENSE = "GPLv2" inherit autotools-brokensep python3native pkgconfig -SRC_URI = "git://github.com/abrt/satyr.git \ +SRC_URI = "git://github.com/abrt/satyr.git;branch=master;protocol=https \ file://0002-fix-compile-failure-against-musl-C-library.patch \ " SRCREV = "8b5547b89b712b39a59f1d8b366e7de0f5f46108" diff --git a/meta-oe/recipes-support/serial-utils/pty-forward-native.bb b/meta-oe/recipes-support/serial-utils/pty-forward-native.bb index 7f59b3eca..87d9c5290 100644 --- a/meta-oe/recipes-support/serial-utils/pty-forward-native.bb +++ b/meta-oe/recipes-support/serial-utils/pty-forward-native.bb @@ -6,7 +6,7 @@ SECTION = "console/network" SRCREV = "00dbec2636ae0385ad028587e20e446272ff97ec" PV = "1.1+gitr${SRCPV}" -SRC_URI = "git://github.com/freesmartphone/cornucopia.git;protocol=https" +SRC_URI = "git://github.com/freesmartphone/cornucopia.git;protocol=https;branch=master" S = "${WORKDIR}/git/tools/serial_forward" inherit autotools native diff --git a/meta-oe/recipes-support/serial-utils/serial-forward_git.bb b/meta-oe/recipes-support/serial-utils/serial-forward_git.bb index 0ef829856..dcad8f710 100644 --- a/meta-oe/recipes-support/serial-utils/serial-forward_git.bb +++ b/meta-oe/recipes-support/serial-utils/serial-forward_git.bb @@ -6,7 +6,7 @@ SECTION = "console/devel" SRCREV = "07c6fdede0870edc37a8d51d033b6e7e29aa7c91" PV = "1.1+gitr${SRCPV}" -SRC_URI = "git://github.com/freesmartphone/cornucopia.git \ +SRC_URI = "git://github.com/freesmartphone/cornucopia.git;branch=master;protocol=https \ file://0001-serial_forward-Disable-default-static-linking.patch;striplevel=3 \ " S = "${WORKDIR}/git/tools/serial_forward" diff --git a/meta-oe/recipes-support/span-lite/span-lite_git.bb b/meta-oe/recipes-support/span-lite/span-lite_git.bb index 96ec829b7..abb3ec2f3 100644 --- a/meta-oe/recipes-support/span-lite/span-lite_git.bb +++ b/meta-oe/recipes-support/span-lite/span-lite_git.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/martinmoene/span-lite" LICENSE = "BSL-1.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c" -SRC_URI += "git://github.com/martinmoene/span-lite" +SRC_URI += "git://github.com/martinmoene/span-lite;branch=master;protocol=https" SRCREV = "e03d1166ccc8481d993dc02aae703966301a5e6e" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/spdlog/spdlog_1.5.0.bb b/meta-oe/recipes-support/spdlog/spdlog_1.5.0.bb index 39629cce0..9294d1a70 100644 --- a/meta-oe/recipes-support/spdlog/spdlog_1.5.0.bb +++ b/meta-oe/recipes-support/spdlog/spdlog_1.5.0.bb @@ -4,7 +4,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" SRCREV = "cf6f1dd01e660d5865d68bf5fa78f6376b89470a" -SRC_URI = "git://github.com/gabime/spdlog.git;protocol=git;branch=v1.x;" +SRC_URI = "git://github.com/gabime/spdlog.git;protocol=https;branch=v1.x;" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/spitools/spitools_git.bb b/meta-oe/recipes-support/spitools/spitools_git.bb index 625756873..b9ed1bcd7 100644 --- a/meta-oe/recipes-support/spitools/spitools_git.bb +++ b/meta-oe/recipes-support/spitools/spitools_git.bb @@ -10,7 +10,7 @@ SRCREV = "4a36a84f7df291ddaebd397aecf0c8515256a8e0" S = "${WORKDIR}/git" -SRC_URI = "git://github.com/cpb-/spi-tools.git;protocol=git" +SRC_URI = "git://github.com/cpb-/spi-tools.git;protocol=https;branch=master" inherit autotools diff --git a/meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_0.8.5.bb b/meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_0.8.5.bb index 3f82734ac..5bcbea460 100644 --- a/meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_0.8.5.bb +++ b/meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_0.8.5.bb @@ -7,7 +7,7 @@ SECTION = "devel" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" S = "${WORKDIR}/git" -SRC_URI = "git://github.com/jthornber/thin-provisioning-tools;branch=main \ +SRC_URI = "git://github.com/jthornber/thin-provisioning-tools;branch=main;protocol=https \ file://0001-do-not-strip-pdata_tools-at-do_install.patch \ file://use-sh-on-path.patch \ " diff --git a/meta-oe/recipes-support/toscoterm/toscoterm_git.bb b/meta-oe/recipes-support/toscoterm/toscoterm_git.bb index aba485e1a..4dddd54c5 100644 --- a/meta-oe/recipes-support/toscoterm/toscoterm_git.bb +++ b/meta-oe/recipes-support/toscoterm/toscoterm_git.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://main.c;start_line=5;end_line=16;md5=9ae4bf20caf291afa # 0.2 version SRCREV = "8586d617aed19fc75f5ae1e07270752c1b2f9a30" -SRC_URI = "git://github.com/OSSystems/toscoterm.git" +SRC_URI = "git://github.com/OSSystems/toscoterm.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch b/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch new file mode 100644 index 000000000..0189833b4 --- /dev/null +++ b/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch @@ -0,0 +1,63 @@ +From 2517b8feb13919c382e53ab5f9b63c5b5ee5b063 Mon Sep 17 00:00:00 2001 +From: Emilio Pozuelo Monfort <pochu@debian.org> +Date: Fri, 5 Nov 2021 09:29:13 +0100 +Subject: [PATCH] udisks2 security update + +mount options: Always use errors=remount-ro for ext filesystems + +Stefan Walter found that udisks2, a service to access and manipulate +storage devices, could cause denial of service via system crash if a +corrupted or specially crafted ext2/3/4 device or image was mounted, +which could happen automatically on certain environments. + +For Debian 9 stretch, this problem has been fixed in version +2.1.8-1+deb9u1. + +Default mount options are focused primarily on data safety, mounting +damaged ext2/3/4 filesystem as readonly would indicate something's wrong. + +Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/u/udisks2/udisks2_2.1.8-1+deb9u1.debian.tar.xz] +CVE: CVE-2021-3802 + +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> + +--- + src/udiskslinuxfilesystem.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c +index a5a3898c..eac8cab3 100644 +--- a/src/udiskslinuxfilesystem.c ++++ b/src/udiskslinuxfilesystem.c +@@ -421,6 +421,21 @@ static const gchar *hfsplus_allow[] = { "creator", "type", "umask", "session", " + static const gchar *hfsplus_allow_uid_self[] = { "uid", NULL }; + static const gchar *hfsplus_allow_gid_self[] = { "gid", NULL }; + ++/* ---------------------- ext2 -------------------- */ ++ ++static const gchar *ext2_defaults[] = { "errors=remount-ro", NULL }; ++static const gchar *ext2_allow[] = { "errors=remount-ro", NULL }; ++ ++/* ---------------------- ext3 -------------------- */ ++ ++static const gchar *ext3_defaults[] = { "errors=remount-ro", NULL }; ++static const gchar *ext3_allow[] = { "errors=remount-ro", NULL }; ++ ++/* ---------------------- ext4 -------------------- */ ++ ++static const gchar *ext4_defaults[] = { "errors=remount-ro", NULL }; ++static const gchar *ext4_allow[] = { "errors=remount-ro", NULL }; ++ + /* ------------------------------------------------ */ + /* TODO: support context= */ + +@@ -434,6 +449,9 @@ static const FSMountOptions fs_mount_options[] = + { "udf", udf_defaults, udf_allow, udf_allow_uid_self, udf_allow_gid_self }, + { "exfat", exfat_defaults, exfat_allow, exfat_allow_uid_self, exfat_allow_gid_self }, + { "hfsplus", hfsplus_defaults, hfsplus_allow, hfsplus_allow_uid_self, hfsplus_allow_gid_self }, ++ { "ext2", ext2_defaults, ext2_allow, NULL, NULL }, ++ { "ext3", ext3_defaults, ext3_allow, NULL, NULL }, ++ { "ext4", ext4_defaults, ext4_allow, NULL, NULL }, + }; + + /* ------------------------------------------------ */ diff --git a/meta-oe/recipes-support/udisks/udisks2_git.bb b/meta-oe/recipes-support/udisks/udisks2_git.bb index ecaf01e71..58c8a9899 100644 --- a/meta-oe/recipes-support/udisks/udisks2_git.bb +++ b/meta-oe/recipes-support/udisks/udisks2_git.bb @@ -17,7 +17,8 @@ DEPENDS += "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" RDEPENDS_${PN} = "acl" SRC_URI = " \ - git://github.com/storaged-project/udisks.git;branch=master \ + git://github.com/storaged-project/udisks.git;branch=master;protocol=https \ + file://CVE-2021-3802.patch \ " PV = "2.8.4+git${SRCREV}" SRCREV = "db5f487345da2eaa87976450ea51c2c465d9b82e" diff --git a/meta-oe/recipes-support/uhubctl/uhubctl_2.1.0.bb b/meta-oe/recipes-support/uhubctl/uhubctl_2.1.0.bb index b294d77ba..0bb48412a 100644 --- a/meta-oe/recipes-support/uhubctl/uhubctl_2.1.0.bb +++ b/meta-oe/recipes-support/uhubctl/uhubctl_2.1.0.bb @@ -7,7 +7,7 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRCREV = "c9fa3c68a1b2c9790c731602b8bae2b513e80605" -SRC_URI = "git://github.com/mvp/${BPN}" +SRC_URI = "git://github.com/mvp/${BPN};branch=master;protocol=https" S = "${WORKDIR}/git" # uhubctl gets its program version from "git describe". As we use the source diff --git a/meta-oe/recipes-support/uthash/uthash_2.1.0.bb b/meta-oe/recipes-support/uthash/uthash_2.1.0.bb index 09cef44a8..3f4529e1a 100644 --- a/meta-oe/recipes-support/uthash/uthash_2.1.0.bb +++ b/meta-oe/recipes-support/uthash/uthash_2.1.0.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a2513f7d2291df840527b76b2a8f9718" SRCREV = "8b214aefcb81df86a7e5e0d4fa20e59a6c18bc02" SRC_URI = "\ - git://github.com/troydhanson/${BPN}.git \ + git://github.com/troydhanson/${BPN}.git;branch=master;protocol=https \ file://run-ptest \ " diff --git a/meta-oe/recipes-support/utouch/utouch-evemu_git.bb b/meta-oe/recipes-support/utouch/utouch-evemu_git.bb index 7c5a73439..e1ec1fda8 100644 --- a/meta-oe/recipes-support/utouch/utouch-evemu_git.bb +++ b/meta-oe/recipes-support/utouch/utouch-evemu_git.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949" inherit autotools -SRC_URI = "git://bitmath.org/git/evemu.git;protocol=http \ +SRC_URI = "git://bitmath.org/git/evemu.git;protocol=http;branch=master \ file://0001-Fix-build-on-32bit-arches-with-64bit-time_t.patch \ " SRCREV = "9752b50e922572e4cd214ac45ed95e4ee410fe24" diff --git a/meta-oe/recipes-support/utouch/utouch-frame_git.bb b/meta-oe/recipes-support/utouch/utouch-frame_git.bb index 1ebebfa9f..599395635 100644 --- a/meta-oe/recipes-support/utouch/utouch-frame_git.bb +++ b/meta-oe/recipes-support/utouch/utouch-frame_git.bb @@ -9,7 +9,7 @@ DEPENDS += "mtdev utouch-evemu" inherit autotools pkgconfig -SRC_URI = "git://bitmath.org/git/frame.git;protocol=http \ +SRC_URI = "git://bitmath.org/git/frame.git;protocol=http;branch=master \ file://remove-man-page-creation.patch \ file://0001-include-sys-stat.h-for-fixing-build-issue-on-musl.patch \ file://0001-Fix-build-on-32bit-arches-with-64bit-time_t.patch \ diff --git a/meta-oe/recipes-support/utouch/utouch-mtview_git.bb b/meta-oe/recipes-support/utouch/utouch-mtview_git.bb index 5f07bf28e..65edaf1e5 100644 --- a/meta-oe/recipes-support/utouch/utouch-mtview_git.bb +++ b/meta-oe/recipes-support/utouch/utouch-mtview_git.bb @@ -9,7 +9,7 @@ inherit autotools pkgconfig features_check # depends on virtual/libx11 REQUIRED_DISTRO_FEATURES = "x11" -SRC_URI = "git://bitmath.org/git/mtview.git;protocol=http" +SRC_URI = "git://bitmath.org/git/mtview.git;protocol=http;branch=master" SRCREV = "ad437c38dc111cf3990a03abf14efe1b5d89604b" DEPENDS += "mtdev utouch-frame utouch-evemu libx11" diff --git a/meta-oe/recipes-support/websocketpp/websocketpp_0.8.2.bb b/meta-oe/recipes-support/websocketpp/websocketpp_0.8.2.bb index 79a5ac5c4..673fc5899 100644 --- a/meta-oe/recipes-support/websocketpp/websocketpp_0.8.2.bb +++ b/meta-oe/recipes-support/websocketpp/websocketpp_0.8.2.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=4d168d763c111f4ffc62249870e4e0ea" DEPENDS = " ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'openssl boost zlib', '', d)} " -SRC_URI = "git://github.com/zaphoyd/websocketpp.git;protocol=https \ +SRC_URI = "git://github.com/zaphoyd/websocketpp.git;protocol=https;branch=master \ file://0001-cmake-Use-GNUInstallDirs.patch \ file://855.patch \ file://857.patch \ diff --git a/meta-oe/recipes-support/xdelta/xdelta3_3.1.0.bb b/meta-oe/recipes-support/xdelta/xdelta3_3.1.0.bb index d100030f9..c16178198 100644 --- a/meta-oe/recipes-support/xdelta/xdelta3_3.1.0.bb +++ b/meta-oe/recipes-support/xdelta/xdelta3_3.1.0.bb @@ -7,7 +7,7 @@ SECTION = "console/utils" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" -SRC_URI = "git://github.com/jmacd/xdelta.git;branch=release3_1_apl" +SRC_URI = "git://github.com/jmacd/xdelta.git;branch=release3_1_apl;protocol=https" SRCREV = "4b4aed71a959fe11852e45242bb6524be85d3709" S = "${WORKDIR}/git/xdelta3" diff --git a/meta-oe/recipes-support/xorg-xrdp/xorgxrdp_0.2.5.bb b/meta-oe/recipes-support/xorg-xrdp/xorgxrdp_0.2.5.bb index 481e7303b..1ba4a32ba 100644 --- a/meta-oe/recipes-support/xorg-xrdp/xorgxrdp_0.2.5.bb +++ b/meta-oe/recipes-support/xorg-xrdp/xorgxrdp_0.2.5.bb @@ -10,7 +10,7 @@ DEPENDS = "virtual/libx11 xserver-xorg xrdp nasm-native" inherit features_check REQUIRED_DISTRO_FEATURES = "x11 pam" -SRC_URI = "git://github.com/neutrinolabs/xorgxrdp.git" +SRC_URI = "git://github.com/neutrinolabs/xorgxrdp.git;branch=master;protocol=https" SRCREV = "c122544f184d4031bbae1ad80fbab554c34a9427" diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb b/meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb index deda0fd1b..36184705b 100644 --- a/meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb +++ b/meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb @@ -10,7 +10,7 @@ DEPENDS = "openssl virtual/libx11 libxfixes libxrandr libpam nasm-native" REQUIRED_DISTRO_FEATURES = "x11 pam" -SRC_URI = "git://github.com/neutrinolabs/xrdp.git \ +SRC_URI = "git://github.com/neutrinolabs/xrdp.git;branch=master;protocol=https \ file://xrdp.sysconfig \ file://0001-Added-req_distinguished_name-in-etc-xrdp-openssl.con.patch \ file://0001-Fix-the-compile-error.patch \ diff --git a/meta-oe/recipes-support/xxhash/xxhash_0.7.3.bb b/meta-oe/recipes-support/xxhash/xxhash_0.7.3.bb index 865adc5a1..783af89be 100644 --- a/meta-oe/recipes-support/xxhash/xxhash_0.7.3.bb +++ b/meta-oe/recipes-support/xxhash/xxhash_0.7.3.bb @@ -5,7 +5,7 @@ HOMEPAGE = "http://www.xxhash.com/" LICENSE = "BSD-2-Clause & GPL-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=01a7eba4212ef1e882777a38585e7a9b" -SRC_URI = "git://github.com/Cyan4973/xxHash.git" +SRC_URI = "git://github.com/Cyan4973/xxHash.git;branch=master;protocol=https" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" SRCREV = "d408e9b0606d07b1ddc5452ffc0ec8512211b174" diff --git a/meta-oe/recipes-support/zbar/zbar_git.bb b/meta-oe/recipes-support/zbar/zbar_git.bb index 935e09cd5..46ca549c5 100644 --- a/meta-oe/recipes-support/zbar/zbar_git.bb +++ b/meta-oe/recipes-support/zbar/zbar_git.bb @@ -10,7 +10,7 @@ PV = "0.10+git${SRCPV}" # iPhoneSDK-1.3.1 tag SRCREV = "67003d2a985b5f9627bee2d8e3e0b26d0c474b57" -SRC_URI = "git://github.com/ZBar/Zbar \ +SRC_URI = "git://github.com/ZBar/Zbar;branch=master;protocol=https \ file://0001-make-relies-GNU-extentions.patch \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/zchunk/zchunk_1.1.6.bb b/meta-oe/recipes-support/zchunk/zchunk_1.1.6.bb index e041132b1..e4c0232bd 100644 --- a/meta-oe/recipes-support/zchunk/zchunk_1.1.6.bb +++ b/meta-oe/recipes-support/zchunk/zchunk_1.1.6.bb @@ -4,7 +4,7 @@ AUTHOR = "Jonathan Dieter" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=cd6e590282010ce90a94ef25dd31410f" -SRC_URI = "git://github.com/zchunk/zchunk.git;protocol=https" +SRC_URI = "git://github.com/zchunk/zchunk.git;protocol=https;branch=master" SRCREV = "f5593aa11584faa691c81b4898f0aaded47f8bf7" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-test/bats/bats_1.1.0.bb b/meta-oe/recipes-test/bats/bats_1.1.0.bb index a8179744a..7ee020576 100644 --- a/meta-oe/recipes-test/bats/bats_1.1.0.bb +++ b/meta-oe/recipes-test/bats/bats_1.1.0.bb @@ -6,7 +6,7 @@ HOMEPAGE = "https://github.com/bats-core/bats-core" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.md;md5=2970203aedf9e829edb96a137a4fe81b" -SRC_URI = "git://github.com/bats-core/bats-core.git \ +SRC_URI = "git://github.com/bats-core/bats-core.git;branch=master;protocol=https \ " # v1.1.0 SRCREV = "c706d1470dd1376687776bbe985ac22d09780327" diff --git a/meta-oe/recipes-test/catch2/catch2_2.9.2.bb b/meta-oe/recipes-test/catch2/catch2_2.9.2.bb index 57fc935f7..9d449a23a 100644 --- a/meta-oe/recipes-test/catch2/catch2_2.9.2.bb +++ b/meta-oe/recipes-test/catch2/catch2_2.9.2.bb @@ -5,7 +5,7 @@ HOMEPAGE = "https://github.com/catchorg/Catch2" LICENSE = "BSL-1.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c" -SRC_URI = "git://github.com/catchorg/Catch2.git" +SRC_URI = "git://github.com/catchorg/Catch2.git;branch=master;protocol=https" SRCREV = "2c869e17e4803d30b3d5ca5b0d76387b9db97fa5" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-test/evtest/evtest_1.34.bb b/meta-oe/recipes-test/evtest/evtest_1.34.bb index a3a23c895..eb6a34f30 100644 --- a/meta-oe/recipes-test/evtest/evtest_1.34.bb +++ b/meta-oe/recipes-test/evtest/evtest_1.34.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" DEPENDS = "libxml2" SRCREV = "16e5104127a620686bdddc4a9ad62881134d6c69" -SRC_URI = "git://gitlab.freedesktop.org/libevdev/evtest.git;protocol=https \ +SRC_URI = "git://gitlab.freedesktop.org/libevdev/evtest.git;protocol=https;branch=master \ file://add_missing_limits_h_include.patch \ file://0001-Fix-build-on-32bit-arches-with-64bit-time_t.patch \ " diff --git a/meta-oe/recipes-test/fbtest/fb-test_git.bb b/meta-oe/recipes-test/fbtest/fb-test_git.bb index 6a9d4b278..299213572 100644 --- a/meta-oe/recipes-test/fbtest/fb-test_git.bb +++ b/meta-oe/recipes-test/fbtest/fb-test_git.bb @@ -6,7 +6,7 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a" SRCREV = "063ec650960c2d79ac51f5c5f026cb05343a33e2" -SRC_URI = "git://github.com/prpplague/fb-test-app.git" +SRC_URI = "git://github.com/prpplague/fb-test-app.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-test/googletest/googletest_git.bb b/meta-oe/recipes-test/googletest/googletest_git.bb index 354e7de33..35fe1bed0 100644 --- a/meta-oe/recipes-test/googletest/googletest_git.bb +++ b/meta-oe/recipes-test/googletest/googletest_git.bb @@ -11,7 +11,7 @@ PROVIDES += "gmock gtest" S = "${WORKDIR}/git" SRCREV = "703bd9caab50b139428cea1aaff9974ebee5742e" -SRC_URI = "git://github.com/google/googletest.git" +SRC_URI = "git://github.com/google/googletest.git;branch=main;protocol=https" inherit cmake diff --git a/meta-oe/recipes-test/pm-qa/pm-qa_git.bb b/meta-oe/recipes-test/pm-qa/pm-qa_git.bb index 7e9971ea4..bb641437c 100644 --- a/meta-oe/recipes-test/pm-qa/pm-qa_git.bb +++ b/meta-oe/recipes-test/pm-qa/pm-qa_git.bb @@ -42,6 +42,7 @@ do_install () { do # Remove hardcoded relative paths sed -i -e 's#..\/utils\/##' ${script} + sed -i -e 's#. ..\/Switches#${bindir}#g' ${script} script_basename=`basename ${script}` install -m 0755 $script ${D}${libdir}/${BPN}/${script_basename} @@ -54,7 +55,7 @@ do_install () { # if the script includes any helper scripts from the $libdir # directory then change the source path to the absolute path # to reflect the install location of the helper scripts. - sed -i -e "s#source ../include#source ${libdir}/${BPN}#g" ${script} + sed -i -e "s#. ../include#. ${libdir}/${BPN}#g" ${script} # Remove hardcoded relative paths sed -i -e 's#..\/utils\/##' ${script} |