diff options
Diffstat (limited to 'meta/recipes-support')
45 files changed, 1070 insertions, 360 deletions
diff --git a/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb b/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb index 611c0fb680..70ce12a06f 100644 --- a/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb +++ b/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb @@ -9,7 +9,7 @@ SECTION = "console/utils" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/intel/${BPN}" +SRC_URI = "git://github.com/intel/${BPN};branch=master;protocol=https" SRCREV = "c0673962a8ec1624b5189dc1d24f33fe4f06785a" S = "${WORKDIR}/git" diff --git a/meta/recipes-support/boost/boost-build-native_4.3.0.bb b/meta/recipes-support/boost/boost-build-native_4.3.0.bb index 00f3a86dd6..f09ff484ec 100644 --- a/meta/recipes-support/boost/boost-build-native_4.3.0.bb +++ b/meta/recipes-support/boost/boost-build-native_4.3.0.bb @@ -6,7 +6,7 @@ SECTION = "devel" LICENSE = "BSL-1.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c" -SRC_URI = "git://github.com/boostorg/build;protocol=https" +SRC_URI = "git://github.com/boostorg/build;protocol=https;branch=master" SRCREV = "632ea768f3eb225b4472c5ed6d20afee708724ad" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+){2,}))" diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch new file mode 100644 index 0000000000..5c4a32f526 --- /dev/null +++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch @@ -0,0 +1,80 @@ +From cb43ec15b700b25f3c4fe44043a1a021aaf5b768 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Mon, 18 Oct 2021 12:05:49 +0200 +Subject: [PATCH] Revert "mozilla/certdata2pem.py: print a warning for expired + certificates." + +This avoids a dependency on python3-cryptography, and only checks +for expired certs (which is upstream concern, but not ours). + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + debian/changelog | 1 - + debian/control | 2 +- + mozilla/certdata2pem.py | 11 ----------- + 3 files changed, 1 insertion(+), 13 deletions(-) + +diff --git a/debian/changelog b/debian/changelog +index 531e4d0..4006509 100644 +--- a/debian/changelog ++++ b/debian/changelog +@@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low + - "Trustis FPS Root CA" + - "Staat der Nederlanden Root CA - G3" + * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) +- * mozilla/certdata2pem.py: print a warning for expired certificates. + + -- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200 + +diff --git a/debian/control b/debian/control +index 4434b7a..5c6ba24 100644 +--- a/debian/control ++++ b/debian/control +@@ -3,7 +3,7 @@ Section: misc + Priority: optional + Maintainer: Julien Cristau <jcristau@debian.org> + Build-Depends: debhelper-compat (= 13), po-debconf +-Build-Depends-Indep: python3, openssl, python3-cryptography ++Build-Depends-Indep: python3, openssl + Standards-Version: 4.5.0.2 + Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git + Vcs-Browser: https://salsa.debian.org/debian/ca-certificates +diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py +index ede23d4..7d796f1 100644 +--- a/mozilla/certdata2pem.py ++++ b/mozilla/certdata2pem.py +@@ -21,16 +21,12 @@ + # USA. + + import base64 +-import datetime + import os.path + import re + import sys + import textwrap + import io + +-from cryptography import x509 +- +- + objects = [] + + # Dirty file parser. +@@ -121,13 +117,6 @@ for obj in objects: + if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': + if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: + continue +- +- cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) +- if cert.not_valid_after < datetime.datetime.now(): +- print('!'*74) +- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) +- print('!'*74) +- + bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ + .replace(' ', '_')\ + .replace('(', '=')\ +-- +2.20.1 + diff --git a/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch b/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch deleted file mode 100644 index f343ebf16e..0000000000 --- a/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch +++ /dev/null @@ -1,26 +0,0 @@ -sbin/Makefile: Allow the sbin path to be configurable - -Some project sharing ca-certificates from Debian allow configuration -of the installation location. Make the sbin location configurable. - -Also ensure the target directory exists - -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> -Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/5] - ---- ca-certificates-20130119.orig/sbin/Makefile -+++ ca-certificates-20130119/sbin/Makefile -@@ -3,9 +3,12 @@ - # - # - -+SBINDIR = /usr/sbin -+ - all: - - clean: - - install: -- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/ -+ install -d $(DESTDIR)$(SBINDIR) -+ install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/ diff --git a/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch b/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch deleted file mode 100644 index f78790923c..0000000000 --- a/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch +++ /dev/null @@ -1,33 +0,0 @@ -update-ca-certificates: Replace deprecated mktemp -t with mktemp --tmpdir - -According to coreutils docs, mktemp -t is deprecated, switch to the ---tmpdir option instead. - -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> -Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/5] - -[This was originally for compatibility with toybox but toybox now -supports -t] ---- - sbin/update-ca-certificates | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates -index 79c41bb..ae9e3f1 100755 ---- a/sbin/update-ca-certificates -+++ b/sbin/update-ca-certificates -@@ -113,9 +113,9 @@ trap cleanup 0 - - # Helper files. (Some of them are not simple arrays because we spawn - # subshells later on.) --TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")" --ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" --REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" -+TEMPBUNDLE="$(mktemp --tmpdir "${CERTBUNDLE}.tmp.XXXXXX")" -+ADDED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")" -+REMOVED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")" - - # Adds a certificate to the list of trusted ones. This includes a symlink - # in /etc/ssl/certs to the certificate file and its inclusion into the --- -2.1.4 diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb b/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb index 7dcc86fdc1..a54d6b458a 100644 --- a/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb +++ b/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb @@ -14,15 +14,14 @@ DEPENDS_class-nativesdk = "openssl-native" # Need rehash from openssl and run-parts from debianutils PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" -SRCREV = "181be7ebd169b4a6fb5d90c3e6dc791e90534144" +SRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8" -SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \ +SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \ file://0002-update-ca-certificates-use-SYSROOT.patch \ file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \ - file://update-ca-certificates-support-Toybox.patch \ file://default-sysroot.patch \ - file://sbindir.patch \ file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \ + file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch \ " UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)" diff --git a/meta/recipes-support/curl/curl/CVE-2021-22945.patch b/meta/recipes-support/curl/curl/CVE-2021-22945.patch new file mode 100644 index 0000000000..44c42632ed --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2021-22945.patch @@ -0,0 +1,35 @@ +From 43157490a5054bd24256fe12876931e8abc9df49 Mon Sep 17 00:00:00 2001 +From: z2_ on hackerone <> +Date: Tue, 24 Aug 2021 09:50:33 +0200 +Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds + +CVE-2021-22945 + +Bug: https://curl.se/docs/CVE-2021-22945.html + +Upstream-Status: Backport [https://github.com/curl/curl/commit/43157490a5054bd24256fe12876931e8abc9df49] + +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> + +--- + lib/mqtt.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/mqtt.c b/lib/mqtt.c +index f077e6c3d..fcd40b41e 100644 +--- a/lib/mqtt.c ++++ b/lib/mqtt.c +@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data, + mq->sendleftovers = sendleftovers; + mq->nsend = nsend; + } ++ else { ++ mq->sendleftovers = NULL; ++ mq->nsend = 0; ++ } + return result; + } + +-- +2.34.1 + diff --git a/meta/recipes-support/curl/curl/CVE-2021-22946.patch b/meta/recipes-support/curl/curl/CVE-2021-22946.patch new file mode 100644 index 0000000000..1cb95f0ea7 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2021-22946.patch @@ -0,0 +1,333 @@ +From 7c6e072216001fb1280d1868adfdcb54e3372ce7 Mon Sep 17 00:00:00 2001 +From: Patrick Monnerat <patrick@monnerat.net> +Date: Wed, 8 Sep 2021 11:56:22 +0200 +Subject: [PATCH] ftp,imap,pop3: do not ignore --ssl-reqd + +In imap and pop3, check if TLS is required even when capabilities +request has failed. + +In ftp, ignore preauthentication (230 status of server greeting) if TLS +is required. + +Bug: https://curl.se/docs/CVE-2021-22946.html + +CVE-2021-22946 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca] + +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> + +--- + lib/ftp.c | 9 ++++--- + lib/imap.c | 24 ++++++++---------- + lib/pop3.c | 33 +++++++++++------------- + tests/data/Makefile.inc | 2 ++ + tests/data/test984 | 56 +++++++++++++++++++++++++++++++++++++++++ + tests/data/test985 | 54 +++++++++++++++++++++++++++++++++++++++ + tests/data/test986 | 53 ++++++++++++++++++++++++++++++++++++++ + 7 files changed, 195 insertions(+), 36 deletions(-) + create mode 100644 tests/data/test984 + create mode 100644 tests/data/test985 + create mode 100644 tests/data/test986 + +diff --git a/lib/ftp.c b/lib/ftp.c +index 3818a9e..8b3fe1d 100644 +--- a/lib/ftp.c ++++ b/lib/ftp.c +@@ -2665,9 +2665,12 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, + /* we have now received a full FTP server response */ + switch(ftpc->state) { + case FTP_WAIT220: +- if(ftpcode == 230) +- /* 230 User logged in - already! */ +- return ftp_state_user_resp(data, ftpcode, ftpc->state); ++ if(ftpcode == 230) { ++ /* 230 User logged in - already! Take as 220 if TLS required. */ ++ if(data->set.use_ssl <= CURLUSESSL_TRY || ++ conn->bits.ftp_use_control_ssl) ++ return ftp_state_user_resp(data, ftpcode, ftpc->state); ++ } + else if(ftpcode != 220) { + failf(data, "Got a %03d ftp-server response when 220 was expected", + ftpcode); +diff --git a/lib/imap.c b/lib/imap.c +index 2d80699..b056208 100644 +--- a/lib/imap.c ++++ b/lib/imap.c +@@ -933,22 +933,18 @@ static CURLcode imap_state_capability_resp(struct Curl_easy *data, + line += wordlen; + } + } +- else if(imapcode == IMAP_RESP_OK) { +- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { +- /* We don't have a SSL/TLS connection yet, but SSL is requested */ +- if(imapc->tls_supported) +- /* Switch to TLS connection now */ +- result = imap_perform_starttls(data, conn); +- else if(data->set.use_ssl == CURLUSESSL_TRY) +- /* Fallback and carry on with authentication */ +- result = imap_perform_authentication(data, conn); +- else { +- failf(data, "STARTTLS not supported."); +- result = CURLE_USE_SSL_FAILED; +- } ++ else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { ++ /* PREAUTH is not compatible with STARTTLS. */ ++ if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) { ++ /* Switch to TLS connection now */ ++ result = imap_perform_starttls(data, conn); + } +- else ++ else if(data->set.use_ssl <= CURLUSESSL_TRY) + result = imap_perform_authentication(data, conn); ++ else { ++ failf(data, "STARTTLS not available."); ++ result = CURLE_USE_SSL_FAILED; ++ } + } + else + result = imap_perform_authentication(data, conn); +diff --git a/lib/pop3.c b/lib/pop3.c +index 0ed3d3e..018fda1 100644 +--- a/lib/pop3.c ++++ b/lib/pop3.c +@@ -738,28 +738,23 @@ static CURLcode pop3_state_capa_resp(struct Curl_easy *data, int pop3code, + } + } + } +- else if(pop3code == '+') { +- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { +- /* We don't have a SSL/TLS connection yet, but SSL is requested */ +- if(pop3c->tls_supported) +- /* Switch to TLS connection now */ +- result = pop3_perform_starttls(data, conn); +- else if(data->set.use_ssl == CURLUSESSL_TRY) +- /* Fallback and carry on with authentication */ +- result = pop3_perform_authentication(data, conn); +- else { +- failf(data, "STLS not supported."); +- result = CURLE_USE_SSL_FAILED; +- } +- } +- else +- result = pop3_perform_authentication(data, conn); +- } + else { + /* Clear text is supported when CAPA isn't recognised */ +- pop3c->authtypes |= POP3_TYPE_CLEARTEXT; ++ if(pop3code != '+') ++ pop3c->authtypes |= POP3_TYPE_CLEARTEXT; + +- result = pop3_perform_authentication(data, conn); ++ if(!data->set.use_ssl || conn->ssl[FIRSTSOCKET].use) ++ result = pop3_perform_authentication(data, conn); ++ else if(pop3code == '+' && pop3c->tls_supported) ++ /* Switch to TLS connection now */ ++ result = pop3_perform_starttls(data, conn); ++ else if(data->set.use_ssl <= CURLUSESSL_TRY) ++ /* Fallback and carry on with authentication */ ++ result = pop3_perform_authentication(data, conn); ++ else { ++ failf(data, "STLS not supported."); ++ result = CURLE_USE_SSL_FAILED; ++ } + } + + return result; +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index e08cfc7..e6e2551 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -115,6 +115,8 @@ test945 test946 test947 test948 test949 test950 test951 test952 test953 \ + test954 test955 test956 test957 test958 test959 test960 test961 test962 \ + test963 test964 test965 test966 test967 test968 test969 test970 test971 \ + \ ++test984 test985 test986 \ ++\ + test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ + test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ + test1016 test1017 test1018 test1019 test1020 test1021 test1022 test1023 \ +diff --git a/tests/data/test984 b/tests/data/test984 +new file mode 100644 +index 0000000..e573f23 +--- /dev/null ++++ b/tests/data/test984 +@@ -0,0 +1,56 @@ ++<testcase> ++<info> ++<keywords> ++IMAP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++REPLY CAPABILITY A001 BAD Not implemented ++</servercmd> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++imap ++</server> ++ <name> ++IMAP require STARTTLS with failing capabilities ++ </name> ++ <command> ++imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl-reqd ++</command> ++<file name="log/upload%TESTNUMBER"> ++Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) ++From: Fred Foobar <foobar@example.COM> ++Subject: afternoon meeting ++To: joe@example.com ++Message-Id: <B27397-0100000@example.COM> ++MIME-Version: 1.0 ++Content-Type: TEXT/PLAIN; CHARSET=US-ASCII ++ ++Hello Joe, do you think we can meet at 3:30 tomorrow? ++</file> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 64 is CURLE_USE_SSL_FAILED ++<errorcode> ++64 ++</errorcode> ++<protocol> ++A001 CAPABILITY
++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test985 b/tests/data/test985 +new file mode 100644 +index 0000000..d0db4aa +--- /dev/null ++++ b/tests/data/test985 +@@ -0,0 +1,54 @@ ++<testcase> ++<info> ++<keywords> ++POP3 ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++REPLY CAPA -ERR Not implemented ++</servercmd> ++<data nocheck="yes"> ++From: me@somewhere ++To: fake@nowhere ++ ++body ++ ++-- ++ yours sincerely ++</data> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++pop3 ++</server> ++ <name> ++POP3 require STARTTLS with failing capabilities ++ </name> ++ <command> ++pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl-reqd ++ </command> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 64 is CURLE_USE_SSL_FAILED ++<errorcode> ++64 ++</errorcode> ++<protocol> ++CAPA
++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test986 b/tests/data/test986 +new file mode 100644 +index 0000000..a709437 +--- /dev/null ++++ b/tests/data/test986 +@@ -0,0 +1,53 @@ ++<testcase> ++<info> ++<keywords> ++FTP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++REPLY welcome 230 Welcome ++REPLY AUTH 500 unknown command ++</servercmd> ++</reply> ++ ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++ftp ++</server> ++ <name> ++FTP require STARTTLS while preauthenticated ++ </name> ++<file name="log/test%TESTNUMBER.txt"> ++data ++ to ++ see ++that FTPS ++works ++ so does it? ++</file> ++ <command> ++--ssl-reqd --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret ++</command> ++</client> ++ ++# Verify data after the test has been "shot" ++<verify> ++# 64 is CURLE_USE_SSL_FAILED ++<errorcode> ++64 ++</errorcode> ++<protocol> ++AUTH SSL
++AUTH TLS
++</protocol> ++</verify> ++</testcase> +-- +2.34.1 + diff --git a/meta/recipes-support/curl/curl/CVE-2021-22947.patch b/meta/recipes-support/curl/curl/CVE-2021-22947.patch new file mode 100644 index 0000000000..9bd9890d72 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2021-22947.patch @@ -0,0 +1,357 @@ +From f3f2d2554d09ca0e13039e4915b83faaa55961c4 Mon Sep 17 00:00:00 2001 +From: Patrick Monnerat <patrick@monnerat.net> +Date: Tue, 7 Sep 2021 13:26:42 +0200 +Subject: [PATCH] ftp,imap,pop3,smtp: reject STARTTLS server response + + pipelining + +If a server pipelines future responses within the STARTTLS response, the +former are preserved in the pingpong cache across TLS negotiation and +used as responses to the encrypted commands. + +This fix detects pipelined STARTTLS responses and rejects them with an +error. + +CVE-2021-22947 + +Bug: https://curl.se/docs/CVE-2021-22947.html + +Upstream-Status: Backport [https://github.com/curl/curl/commit/8ef147c43646e91fdaad5d0e7b60351f842e5c68] + +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> + +--- + lib/ftp.c | 3 +++ + lib/imap.c | 4 +++ + lib/pop3.c | 4 +++ + lib/smtp.c | 4 +++ + tests/data/Makefile.inc | 2 +- + tests/data/test980 | 52 ++++++++++++++++++++++++++++++++++++ + tests/data/test981 | 59 +++++++++++++++++++++++++++++++++++++++++ + tests/data/test982 | 57 +++++++++++++++++++++++++++++++++++++++ + tests/data/test983 | 52 ++++++++++++++++++++++++++++++++++++ + 9 files changed, 236 insertions(+), 1 deletion(-) + create mode 100644 tests/data/test980 + create mode 100644 tests/data/test981 + create mode 100644 tests/data/test982 + create mode 100644 tests/data/test983 + +diff --git a/lib/ftp.c b/lib/ftp.c +index 8b3fe1d..a55566a 100644 +--- a/lib/ftp.c ++++ b/lib/ftp.c +@@ -2727,6 +2727,9 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, + case FTP_AUTH: + /* we have gotten the response to a previous AUTH command */ + ++ if(pp->cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */ ++ + /* RFC2228 (page 5) says: + * + * If the server is willing to accept the named security mechanism, +diff --git a/lib/imap.c b/lib/imap.c +index b056208..9230f17 100644 +--- a/lib/imap.c ++++ b/lib/imap.c +@@ -962,6 +962,10 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data, + + (void)instate; /* no use for this yet */ + ++ /* Pipelining in response is forbidden. */ ++ if(data->conn->proto.imapc.pp.cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; ++ + if(imapcode != IMAP_RESP_OK) { + if(data->set.use_ssl != CURLUSESSL_TRY) { + failf(data, "STARTTLS denied"); +diff --git a/lib/pop3.c b/lib/pop3.c +index 018fda1..4f953f7 100644 +--- a/lib/pop3.c ++++ b/lib/pop3.c +@@ -769,6 +769,10 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data, + CURLcode result = CURLE_OK; + (void)instate; /* no use for this yet */ + ++ /* Pipelining in response is forbidden. */ ++ if(data->conn->proto.pop3c.pp.cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; ++ + if(pop3code != '+') { + if(data->set.use_ssl != CURLUSESSL_TRY) { + failf(data, "STARTTLS denied"); +diff --git a/lib/smtp.c b/lib/smtp.c +index 1fc8800..51445f6 100644 +--- a/lib/smtp.c ++++ b/lib/smtp.c +@@ -832,6 +832,10 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data, + CURLcode result = CURLE_OK; + (void)instate; /* no use for this yet */ + ++ /* Pipelining in response is forbidden. */ ++ if(data->conn->proto.smtpc.pp.cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; ++ + if(smtpcode != 220) { + if(data->set.use_ssl != CURLUSESSL_TRY) { + failf(data, "STARTTLS denied, code %d", smtpcode); +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index e6e2551..22d7a0b 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -115,7 +115,7 @@ test945 test946 test947 test948 test949 test950 test951 test952 test953 \ + test954 test955 test956 test957 test958 test959 test960 test961 test962 \ + test963 test964 test965 test966 test967 test968 test969 test970 test971 \ + \ +-test984 test985 test986 \ ++test980 test981 test982 test983 test984 test985 test986 \ + \ + test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ + test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ +diff --git a/tests/data/test980 b/tests/data/test980 +new file mode 100644 +index 0000000..97567f8 +--- /dev/null ++++ b/tests/data/test980 +@@ -0,0 +1,52 @@ ++<testcase> ++<info> ++<keywords> ++SMTP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++CAPA STARTTLS ++AUTH PLAIN ++REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted ++REPLY AUTH 535 5.7.8 Authentication credentials invalid ++</servercmd> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++smtp ++</server> ++ <name> ++SMTP STARTTLS pipelined server response ++ </name> ++<stdin> ++mail body ++</stdin> ++ <command> ++smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T - ++</command> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 8 is CURLE_WEIRD_SERVER_REPLY ++<errorcode> ++8 ++</errorcode> ++<protocol> ++EHLO %TESTNUMBER
++STARTTLS
++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test981 b/tests/data/test981 +new file mode 100644 +index 0000000..2b98ce4 +--- /dev/null ++++ b/tests/data/test981 +@@ -0,0 +1,59 @@ ++<testcase> ++<info> ++<keywords> ++IMAP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++CAPA STARTTLS ++REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted ++REPLY LOGIN A003 BAD Authentication credentials invalid ++</servercmd> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++imap ++</server> ++ <name> ++IMAP STARTTLS pipelined server response ++ </name> ++ <command> ++imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl ++</command> ++<file name="log/upload%TESTNUMBER"> ++Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) ++From: Fred Foobar <foobar@example.COM> ++Subject: afternoon meeting ++To: joe@example.com ++Message-Id: <B27397-0100000@example.COM> ++MIME-Version: 1.0 ++Content-Type: TEXT/PLAIN; CHARSET=US-ASCII ++ ++Hello Joe, do you think we can meet at 3:30 tomorrow? ++</file> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 8 is CURLE_WEIRD_SERVER_REPLY ++<errorcode> ++8 ++</errorcode> ++<protocol> ++A001 CAPABILITY
++A002 STARTTLS
++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test982 b/tests/data/test982 +new file mode 100644 +index 0000000..9e07cc0 +--- /dev/null ++++ b/tests/data/test982 +@@ -0,0 +1,57 @@ ++<testcase> ++<info> ++<keywords> ++POP3 ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++CAPA STLS USER ++REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated ++REPLY PASS -ERR Authentication credentials invalid ++</servercmd> ++<data nocheck="yes"> ++From: me@somewhere ++To: fake@nowhere ++ ++body ++ ++-- ++ yours sincerely ++</data> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++pop3 ++</server> ++ <name> ++POP3 STARTTLS pipelined server response ++ </name> ++ <command> ++pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl ++ </command> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 8 is CURLE_WEIRD_SERVER_REPLY ++<errorcode> ++8 ++</errorcode> ++<protocol> ++CAPA
++STLS
++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test983 b/tests/data/test983 +new file mode 100644 +index 0000000..300ec45 +--- /dev/null ++++ b/tests/data/test983 +@@ -0,0 +1,52 @@ ++<testcase> ++<info> ++<keywords> ++FTP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete ++REPLY PASS 530 Login incorrect ++</servercmd> ++</reply> ++ ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++ftp ++</server> ++ <name> ++FTP STARTTLS pipelined server response ++ </name> ++<file name="log/test%TESTNUMBER.txt"> ++data ++ to ++ see ++that FTPS ++works ++ so does it? ++</file> ++ <command> ++--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP ++</command> ++</client> ++ ++# Verify data after the test has been "shot" ++<verify> ++# 8 is CURLE_WEIRD_SERVER_REPLY ++<errorcode> ++8 ++</errorcode> ++<protocol> ++AUTH SSL
++</protocol> ++</verify> ++</testcase> +-- +2.34.1 + diff --git a/meta/recipes-support/curl/curl_7.75.0.bb b/meta/recipes-support/curl/curl_7.75.0.bb index d64e5e1f79..accede604c 100644 --- a/meta/recipes-support/curl/curl_7.75.0.bb +++ b/meta/recipes-support/curl/curl_7.75.0.bb @@ -21,6 +21,9 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://CVE-2021-22901.patch \ file://CVE-2021-22924.patch \ file://CVE-2021-22926.patch \ + file://CVE-2021-22945.patch \ + file://CVE-2021-22946.patch \ + file://CVE-2021-22947.patch \ " SRC_URI[sha256sum] = "50552d4501c178e4cc68baaecc487f466a3d6d19bbf4e50a01869effb316d026" @@ -28,6 +31,10 @@ SRC_URI[sha256sum] = "50552d4501c178e4cc68baaecc487f466a3d6d19bbf4e50a01869effb3 # Curl has used many names over the years... CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" +# These only apply when using --with-libmetalink, but --without-libmetalink is +# set below. +CVE_CHECK_WHITELIST += "CVE-2021-22922 CVE-2021-22923" + inherit autotools pkgconfig binconfig multilib_header PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib" @@ -65,6 +72,7 @@ PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threade PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose" PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" +# Keep --without-libmetalink to mitigate CVE-2021-22922 and CVE-2021-22923 EXTRA_OECONF = " \ --disable-libcurl-option \ --disable-ntlm-wb \ diff --git a/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb b/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb index 9005bdea59..e0a5499263 100644 --- a/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb +++ b/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb @@ -8,7 +8,7 @@ SECTION = "support" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://COPYING.txt;md5=8a7c3499a1142df819e727253cd53a12" -SRC_URI = "git://git.code.sf.net/p/dos2unix/dos2unix" +SRC_URI = "git://git.code.sf.net/p/dos2unix/dos2unix;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "dos2unix-(?P<pver>(\d+(\.\d+)+))" SRCREV = "72596f0ae21faa25a07a872d4843bc885475115d" diff --git a/meta/recipes-support/gmp/gmp/cve-2021-43618.patch b/meta/recipes-support/gmp/gmp/cve-2021-43618.patch new file mode 100644 index 0000000000..095fb21eaa --- /dev/null +++ b/meta/recipes-support/gmp/gmp/cve-2021-43618.patch @@ -0,0 +1,27 @@ +CVE: CVE-2021-43618 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +# HG changeset patch +# User Marco Bodrato <bodrato@mail.dm.unipi.it> +# Date 1634836009 -7200 +# Node ID 561a9c25298e17bb01896801ff353546c6923dbd +# Parent e1fd9db13b475209a864577237ea4b9105b3e96e +mpz/inp_raw.c: Avoid bit size overflows + +diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c +--- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100 ++++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200 +@@ -88,8 +88,11 @@ + + abs_csize = ABS (csize); + ++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) ++ return 0; /* Bit size overflows */ ++ + /* round up to a multiple of limbs */ +- abs_xsize = BITS_TO_LIMBS (abs_csize*8); ++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); + + if (abs_xsize != 0) + { diff --git a/meta/recipes-support/gmp/gmp_6.2.1.bb b/meta/recipes-support/gmp/gmp_6.2.1.bb index 3c50f928ab..f97c588c31 100644 --- a/meta/recipes-support/gmp/gmp_6.2.1.bb +++ b/meta/recipes-support/gmp/gmp_6.2.1.bb @@ -12,6 +12,7 @@ SRC_URI = "https://gmplib.org/download/${BPN}/${BP}${REVISION}.tar.bz2 \ file://use-includedir.patch \ file://0001-Append-the-user-provided-flags-to-the-auto-detected-.patch \ file://0001-confiure.ac-Believe-the-cflags-from-environment.patch \ + file://cve-2021-43618.patch \ " SRC_URI[md5sum] = "28971fc21cf028042d4897f02fd355ea" SRC_URI[sha256sum] = "eae9326beb4158c386e39a356818031bd28f3124cf915f8c5b1dc4c7a36b4d7c" diff --git a/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb b/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb index e5c69c0c46..19f32e8d1f 100644 --- a/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb +++ b/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb @@ -9,7 +9,7 @@ LICENSE = "LGPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=3bf50002aefd002f49e7bb854063f7e7 \ file://src/gnome-desktop-testing-runner.c;beginline=1;endline=20;md5=7ef3ad9da2ffcf7707dc11151fe007f4" -SRC_URI = "git://gitlab.gnome.org/GNOME/gnome-desktop-testing.git;protocol=http" +SRC_URI = "git://gitlab.gnome.org/GNOME/gnome-desktop-testing.git;protocol=http;branch=master" SRCREV = "4decade67b29ad170fcf3de148e41695fc459f48" DEPENDS = "glib-2.0" diff --git a/meta/recipes-support/gnupg/gnupg_2.2.27.bb b/meta/recipes-support/gnupg/gnupg_2.2.27.bb index 1181c8341b..18bb855769 100644 --- a/meta/recipes-support/gnupg/gnupg_2.2.27.bb +++ b/meta/recipes-support/gnupg/gnupg_2.2.27.bb @@ -32,6 +32,7 @@ EXTRA_OECONF = "--disable-ldap \ --with-zlib=${STAGING_LIBDIR}/.. \ --with-bzip2=${STAGING_LIBDIR}/.. \ --with-readline=${STAGING_LIBDIR}/.. \ + --with-mailprog=${sbindir}/sendmail \ --enable-gpg-is-gpg2 \ " diff --git a/meta/recipes-support/gpgme/gpgme/0001-use-closefrom-on-linux-and-glibc-2.34.patch b/meta/recipes-support/gpgme/gpgme/0001-use-closefrom-on-linux-and-glibc-2.34.patch new file mode 100644 index 0000000000..1c46684c6d --- /dev/null +++ b/meta/recipes-support/gpgme/gpgme/0001-use-closefrom-on-linux-and-glibc-2.34.patch @@ -0,0 +1,24 @@ +From adb1d4e5498a19e9d591ac8f42f9ddfdb23a1354 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Thu, 15 Jul 2021 12:33:13 -0700 +Subject: [PATCH] use closefrom() on linux and glibc 2.34+ + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/posix-io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/posix-io.c b/src/posix-io.c +index e712ef2..ab8ded9 100644 +--- a/src/posix-io.c ++++ b/src/posix-io.c +@@ -570,7 +570,7 @@ _gpgme_io_spawn (const char *path, char *const argv[], unsigned int flags, + if (fd_list[i].fd > fd) + fd = fd_list[i].fd; + fd++; +-#if defined(__sun) || defined(__FreeBSD__) ++#if defined(__sun) || defined(__FreeBSD__) || (defined(__GLIBC__) && __GNUC_PREREQ(2, 34)) + closefrom (fd); + max_fds = fd; + #else /*!__sun */ diff --git a/meta/recipes-support/gpgme/gpgme_1.15.1.bb b/meta/recipes-support/gpgme/gpgme_1.15.1.bb index dc38aa8e3c..f207e81687 100644 --- a/meta/recipes-support/gpgme/gpgme_1.15.1.bb +++ b/meta/recipes-support/gpgme/gpgme_1.15.1.bb @@ -20,7 +20,8 @@ SRC_URI = "${GNUPG_MIRROR}/gpgme/${BP}.tar.bz2 \ file://0006-fix-build-path-issue.patch \ file://0007-python-Add-variables-to-tests.patch \ file://0008-do-not-auto-check-var-PYTHON.patch \ - " + file://0001-use-closefrom-on-linux-and-glibc-2.34.patch \ + " SRC_URI[sha256sum] = "eebc3c1b27f1c8979896ff361ba9bb4778b508b2496c2fc10e3775a40b1de1ad" diff --git a/meta/recipes-support/iso-codes/iso-codes_4.6.0.bb b/meta/recipes-support/iso-codes/iso-codes_4.6.0.bb index f915716ce7..cd27fb0b70 100644 --- a/meta/recipes-support/iso-codes/iso-codes_4.6.0.bb +++ b/meta/recipes-support/iso-codes/iso-codes_4.6.0.bb @@ -20,3 +20,7 @@ S = "${WORKDIR}/git" inherit allarch autotools FILES_${PN} += "${datadir}/xml/" + +# remove at next version upgrade or when output changes +PR = "r1" +HASHEQUIV_HASH_VERSION .= ".1" diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.9.3.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.9.4.bb index fd3d8e09f2..c212d02651 100644 --- a/meta/recipes-support/libgcrypt/libgcrypt_1.9.3.bb +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.9.4.bb @@ -27,7 +27,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \ file://0001-Makefile.am-add-a-missing-space.patch \ " -SRC_URI[sha256sum] = "97ebe4f94e2f7e35b752194ce15a0f3c66324e0ff6af26659bbfb5ff2ec328fd" +SRC_URI[sha256sum] = "ea849c83a72454e3ed4267697e8ca03390aee972ab421e7df69dfe42b65caaf7" # Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro. CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438" diff --git a/meta/recipes-support/libgit2/libgit2_1.1.0.bb b/meta/recipes-support/libgit2/libgit2_1.1.0.bb index 2bbf59ea74..9b2eec9c9e 100644 --- a/meta/recipes-support/libgit2/libgit2_1.1.0.bb +++ b/meta/recipes-support/libgit2/libgit2_1.1.0.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=5b002a195fb7ea2d8d583f07eaff3a8e" DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2" -SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.1" +SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.1;protocol=https" SRCREV = "7f4fa178629d559c037a1f72f79f79af9c1ef8ce" S = "${WORKDIR}/git" diff --git a/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb b/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb index 197bb787ac..f335abb261 100644 --- a/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb +++ b/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c69090e97c8fd6372d03099c0a5bc382 \ file://COPYING.gplv2;md5=eb723b61539feef013de476e68b5c50a \ file://COPYING.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \ " -SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git" +SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git;branch=master;protocol=https" SRCREV = "747bf030b0ea9c44548b4e29bcfab7ae416675fc" S = "${WORKDIR}/git" diff --git a/meta/recipes-support/libpcre/libpcre2_10.36.bb b/meta/recipes-support/libpcre/libpcre2_10.36.bb index d8077a1224..d64822be30 100644 --- a/meta/recipes-support/libpcre/libpcre2_10.36.bb +++ b/meta/recipes-support/libpcre/libpcre2_10.36.bb @@ -10,7 +10,9 @@ SECTION = "devel" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENCE;md5=60c08fab1357bfe9084b333bc33362d6" -SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2" +SRC_URI = "https://github.com/PhilipHazel/pcre2/releases/download/pcre2-${PV}/pcre2-${PV}.tar.bz2" + +UPSTREAM_CHECK_URI = "https://github.com/PhilipHazel/pcre2/releases" SRC_URI[sha256sum] = "a9ef39278113542968c7c73a31cfcb81aca1faa64690f400b907e8ab6b4a665c" diff --git a/meta/recipes-support/libpcre/libpcre_8.44.bb b/meta/recipes-support/libpcre/libpcre_8.44.bb index cd80dc7345..3267c5ad72 100644 --- a/meta/recipes-support/libpcre/libpcre_8.44.bb +++ b/meta/recipes-support/libpcre/libpcre_8.44.bb @@ -7,7 +7,7 @@ HOMEPAGE = "http://www.pcre.org" SECTION = "devel" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENCE;md5=3bb381a66a5385b246d4877922e7511e" -SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \ +SRC_URI = "${SOURCEFORGE_MIRROR}/pcre/pcre-${PV}.tar.bz2 \ file://run-ptest \ file://Makefile \ " diff --git a/meta/recipes-support/libunistring/libunistring_0.9.10.bb b/meta/recipes-support/libunistring/libunistring_0.9.10.bb index 0a7b18ed08..589faacb05 100644 --- a/meta/recipes-support/libunistring/libunistring_0.9.10.bb +++ b/meta/recipes-support/libunistring/libunistring_0.9.10.bb @@ -18,6 +18,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=6a6a8e020838b23406c81b19c1d46df6 \ file://README;beginline=45;endline=65;md5=08287d16ba8d839faed8d2dc14d7d6a5 \ file://doc/libunistring.texi;md5=287fa6075f78a3c85c1a52b0a92547cd \ " +DEPENDS = "gperf-native" SRC_URI = "${GNU_MIRROR}/libunistring/libunistring-${PV}.tar.gz \ file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ diff --git a/meta/recipes-support/libusb/libusb1_1.0.24.bb b/meta/recipes-support/libusb/libusb1_1.0.24.bb index 92e66b1b16..76a707b70f 100644 --- a/meta/recipes-support/libusb/libusb1_1.0.24.bb +++ b/meta/recipes-support/libusb/libusb1_1.0.24.bb @@ -1,7 +1,7 @@ SUMMARY = "Userspace library to access USB (version 1.0)" DESCRIPTION = "A cross-platform library to access USB devices from Linux, \ macOS, Windows, OpenBSD/NetBSD, Haiku and Solaris userspace." -HOMEPAGE = "http://libusb.sf.net" +HOMEPAGE = "https://libusb.info" BUGTRACKER = "http://www.libusb.org/report" SECTION = "libs" @@ -10,10 +10,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" BBCLASSEXTEND = "native nativesdk" -SRC_URI = "${SOURCEFORGE_MIRROR}/libusb/libusb-${PV}.tar.bz2 \ +SRC_URI = "https://github.com/libusb/libusb/releases/download/v${PV}/libusb-${PV}.tar.bz2 \ file://run-ptest \ " +UPSTREAM_CHECK_URI = "https://github.com/libusb/libusb/releases" + SRC_URI[sha256sum] = "7efd2685f7b327326dcfb85cee426d9b871fd70e22caa15bb68d595ce2a2b12a" S = "${WORKDIR}/libusb-${PV}" diff --git a/meta/recipes-support/lz4/lz4_1.9.3.bb b/meta/recipes-support/lz4/lz4_1.9.3.bb index 9d5dc0253a..15867023c3 100644 --- a/meta/recipes-support/lz4/lz4_1.9.3.bb +++ b/meta/recipes-support/lz4/lz4_1.9.3.bb @@ -12,7 +12,7 @@ PE = "1" SRCREV = "d44371841a2f1728a3f36839fd4b7e872d0927d3" -SRC_URI = "git://github.com/lz4/lz4.git;branch=release \ +SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \ file://run-ptest \ file://CVE-2021-3520.patch \ " diff --git a/meta/recipes-support/numactl/numactl_git.bb b/meta/recipes-support/numactl/numactl_git.bb index 6c8a667a41..a0e72253a1 100644 --- a/meta/recipes-support/numactl/numactl_git.bb +++ b/meta/recipes-support/numactl/numactl_git.bb @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://README.md;beginline=19;endline=32;md5=f8ff2391624f28e SRCREV = "dd6de072c92c892a86e18c0fd0dfa1ba57a9a05d" PV = "2.0.14" -SRC_URI = "git://github.com/numactl/numactl \ +SRC_URI = "git://github.com/numactl/numactl;branch=master;protocol=https \ file://Fix-the-test-output-format.patch \ file://Makefile \ file://run-ptest \ diff --git a/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb b/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb index 623afccb5e..5f1b73ee16 100644 --- a/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb +++ b/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb @@ -10,7 +10,7 @@ DEPENDS = "libtasn1 libtasn1-native libffi" DEPENDS_append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}" -SRC_URI = "git://github.com/p11-glue/p11-kit;branch=0.23" +SRC_URI = "git://github.com/p11-glue/p11-kit;branch=0.23;protocol=https" SRCREV = "bd97afbfe28d5fbbde95ce36ff7a8834fc0291ee" S = "${WORKDIR}/git" diff --git a/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb b/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb index b14b947f97..6544b374c2 100644 --- a/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb +++ b/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe" SRCREV = "bcb82804daa8f725b6add259dcef2067e61a75aa" PV .= "+git${SRCPV}" -SRC_URI = "git://git.yoctoproject.org/ptest-runner2 \ +SRC_URI = "git://git.yoctoproject.org/ptest-runner2;branch=master \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-support/rng-tools/rng-tools/rngd.service b/meta/recipes-support/rng-tools/rng-tools/rngd.service index 0559b97991..568686e80e 100644 --- a/meta/recipes-support/rng-tools/rng-tools/rngd.service +++ b/meta/recipes-support/rng-tools/rng-tools/rngd.service @@ -3,6 +3,7 @@ Description=Hardware RNG Entropy Gatherer Daemon DefaultDependencies=no After=systemd-udev-settle.service Before=sysinit.target shutdown.target +Wants=systemd-udev-settle.service Conflicts=shutdown.target [Service] diff --git a/meta/recipes-support/rng-tools/rng-tools_6.11.bb b/meta/recipes-support/rng-tools/rng-tools_6.11.bb index 61a0cef2e0..bc98efa3c6 100644 --- a/meta/recipes-support/rng-tools/rng-tools_6.11.bb +++ b/meta/recipes-support/rng-tools/rng-tools_6.11.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS = "sysfsutils openssl" SRC_URI = "\ - git://github.com/nhorman/rng-tools.git \ + git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \ file://init \ file://default \ file://rngd.service \ diff --git a/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb b/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb index ff32259d8e..9eb70b7e65 100644 --- a/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb +++ b/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS = "libxml2 itstool-native glib-2.0 shared-mime-info-native xmlto-native" -SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https" +SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https;branch=master" SRCREV = "18e558fa1c8b90b86757ade09a4ba4d6a6cf8f70" PV = "2.1" S = "${WORKDIR}/git" diff --git a/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch b/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch index 63a7b78f12..2fc11dbdc2 100644 --- a/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch +++ b/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch @@ -16,11 +16,11 @@ Signed-off-by: Mingli Yu <mingli.yu@windriver.com> src/Makefile | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) -diff --git a/src/Makefile b/src/Makefile -index f2fafa4dc..7148d4bd9 100644 ---- a/src/Makefile -+++ b/src/Makefile -@@ -2845,16 +2845,10 @@ auto/pathdef.c: Makefile auto/config.mk +Index: git/src/Makefile +=================================================================== +--- git.orig/src/Makefile ++++ git/src/Makefile +@@ -3101,16 +3101,10 @@ auto/pathdef.c: Makefile auto/config.mk -@echo '#include "vim.h"' >> $@ -@echo 'char_u *default_vim_dir = (char_u *)"$(VIMRCLOC)";' | $(QUOTESED) >> $@ -@echo 'char_u *default_vimruntime_dir = (char_u *)"$(VIMRUNTIMEDIR)";' | $(QUOTESED) >> $@ @@ -41,6 +41,3 @@ index f2fafa4dc..7148d4bd9 100644 -@sh $(srcdir)/pathdef.sh GUI_GTK_RES_INPUTS = \ --- -2.17.1 - diff --git a/meta/recipes-support/vim/files/CVE-2021-3778.patch b/meta/recipes-support/vim/files/CVE-2021-3778.patch deleted file mode 100644 index 04ac413e56..0000000000 --- a/meta/recipes-support/vim/files/CVE-2021-3778.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 9ba62f1042513fcadcc4e8fdcee171db66ef1d69 Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar <Bram@vim.org> -Date: Fri, 24 Sep 2021 15:15:24 +0800 -Subject: [PATCH] patch 8.2.3409: reading beyond end of line with invalid utf-8 - character - -Problem: Reading beyond end of line with invalid utf-8 character. -Solution: Check for NUL when advancing. - -Upstream-Status: Backport [https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f] -CVE: CVE-2021-3778 - -Signed-off-by: Mingli Yu <mingli.yu@windriver.com> ---- - src/regexp_nfa.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c -index fb512f961..2806408de 100644 ---- a/src/regexp_nfa.c -+++ b/src/regexp_nfa.c -@@ -5455,7 +5455,8 @@ find_match_text(colnr_T startcol, int regstart, char_u *match_text) - match = FALSE; - break; - } -- len2 += MB_CHAR2LEN(c2); -+ len2 += enc_utf8 ? utf_ptr2len(rex.line + col + len2) -+ : MB_CHAR2LEN(c2); - } - if (match - // check that no composing char follows --- -2.17.1 - diff --git a/meta/recipes-support/vim/files/CVE-2021-3875.patch b/meta/recipes-support/vim/files/CVE-2021-3875.patch new file mode 100644 index 0000000000..d62d875f8e --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2021-3875.patch @@ -0,0 +1,37 @@ +From 40aa9802ef56d3cdbe256b4c9e58049953051a2d Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Mon, 15 Nov 2021 14:34:50 +0800 +Subject: [PATCH] patch 8.2.3489: ml_get error after search with range + +Problem: ml_get error after search with range. +Solution: Limit the line number to the buffer line count. + +CVE: CVE-2021-3875 + +Upstream-Status: Backport [https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + src/ex_docmd.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/ex_docmd.c b/src/ex_docmd.c +index fb07450f8..89d33ba90 100644 +--- a/src/ex_docmd.c ++++ b/src/ex_docmd.c +@@ -3586,8 +3586,10 @@ get_address( + + // When '/' or '?' follows another address, start from + // there. +- if (lnum != MAXLNUM) +- curwin->w_cursor.lnum = lnum; ++ if (lnum > 0 && lnum != MAXLNUM) ++ curwin->w_cursor.lnum = ++ lnum > curbuf->b_ml.ml_line_count ++ ? curbuf->b_ml.ml_line_count : lnum; + + // Start a forward search at the end of the line (unless + // before the first line). +-- +2.17.1 + diff --git a/meta/recipes-support/vim/files/CVE-2021-3903.patch b/meta/recipes-support/vim/files/CVE-2021-3903.patch new file mode 100644 index 0000000000..fb45857de8 --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2021-3903.patch @@ -0,0 +1,38 @@ +From a366598006f4d7bf9b4fbcd334a2e5078dcb6ad8 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Fri, 12 Nov 2021 02:23:38 +0000 +Subject: [PATCH] =?UTF-8?q?patch=208.2.3564:=20invalid=20memory=20access?= + =?UTF-8?q?=20when=20scrolling=20without=20valid=20sc=E2=80=A6?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +…reen + +Problem: Invalid memory access when scrolling without a valid screen. +Solution: Do not set VALID_BOTLINE in w_valid. + +CVE: CVE-2021-3903 + +Upstream-Status: Backport [https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + src/move.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/move.c b/src/move.c +index 8e53d8bcb..10165ef4d 100644 +--- a/src/move.c ++++ b/src/move.c +@@ -198,7 +198,6 @@ update_topline(void) + { + curwin->w_topline = curwin->w_cursor.lnum; + curwin->w_botline = curwin->w_topline; +- curwin->w_valid |= VALID_BOTLINE|VALID_BOTLINE_AP; + curwin->w_scbind_pos = 1; + return; + } +-- +2.31.1 + diff --git a/meta/recipes-support/vim/files/CVE-2021-3927.patch b/meta/recipes-support/vim/files/CVE-2021-3927.patch new file mode 100644 index 0000000000..90b1b6b82e --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2021-3927.patch @@ -0,0 +1,32 @@ +From f334a87204b4aab76536063b37b4d4a10be46a3a Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Wed, 17 Nov 2021 11:09:48 +0800 +Subject: [PATCH] patch 8.2.3581: reading character past end of line + +Problem: Reading character past end of line. +Solution: Correct the cursor column. + +CVE: CVE-2021-3927 + +Upstream-Status: Backport [https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + src/ex_docmd.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/ex_docmd.c b/src/ex_docmd.c +index 89d33ba90..54d7f4cb3 100644 +--- a/src/ex_docmd.c ++++ b/src/ex_docmd.c +@@ -6905,6 +6905,7 @@ ex_put(exarg_T *eap) + eap->forceit = TRUE; + } + curwin->w_cursor.lnum = eap->line2; ++ check_cursor_col(); + do_put(eap->regname, eap->forceit ? BACKWARD : FORWARD, 1L, + PUT_LINE|PUT_CURSLINE); + } +-- +2.17.1 + diff --git a/meta/recipes-support/vim/files/CVE-2021-3928.patch b/meta/recipes-support/vim/files/CVE-2021-3928.patch new file mode 100644 index 0000000000..8672367ab9 --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2021-3928.patch @@ -0,0 +1,34 @@ +From ad7f7a3f81077ddfac451acd33ca049b9f2a5178 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Wed, 17 Nov 2021 11:22:21 +0800 +Subject: [PATCH] patch 8.2.3582: reading uninitialized memory when giving + spell suggestions + +Problem: Reading uninitialized memory when giving spell suggestions. +Solution: Check that preword is not empty. + +CVE: CVE-2021-3928 + +Upstream-Status: Backport [https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + src/spellsuggest.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/spellsuggest.c b/src/spellsuggest.c +index 9d6df7930..88307b203 100644 +--- a/src/spellsuggest.c ++++ b/src/spellsuggest.c +@@ -1600,7 +1600,7 @@ suggest_trie_walk( + // char, e.g., "thes," -> "these". + p = fword + sp->ts_fidx; + MB_PTR_BACK(fword, p); +- if (!spell_iswordp(p, curwin)) ++ if (!spell_iswordp(p, curwin) && *preword != NUL) + { + p = preword + STRLEN(preword); + MB_PTR_BACK(preword, p); +-- +2.17.1 + diff --git a/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch b/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch deleted file mode 100644 index 1cee759502..0000000000 --- a/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch +++ /dev/null @@ -1,207 +0,0 @@ -From b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar <Bram@vim.org> -Date: Sat, 4 Sep 2021 18:47:28 +0200 -Subject: [PATCH] patch 8.2.3402: invalid memory access when using :retab with - large value - -Problem: Invalid memory access when using :retab with large value. -Solution: Check the number is positive. - -CVE: CVE-2021-3770 -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> -Upstream-Status: Backport [https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9] ---- - src/indent.c | 34 +++++++++++++++++++++------------- - src/option.c | 12 ++++++------ - src/optionstr.c | 4 ++-- - src/testdir/test_retab.vim | 3 +++ - src/version.c | 2 ++ - 5 files changed, 34 insertions(+), 21 deletions(-) - -Index: git/src/indent.c -=================================================================== ---- git.orig/src/indent.c -+++ git/src/indent.c -@@ -18,18 +18,19 @@ - /* - * Set the integer values corresponding to the string setting of 'vartabstop'. - * "array" will be set, caller must free it if needed. -+ * Return FAIL for an error. - */ - int - tabstop_set(char_u *var, int **array) - { -- int valcount = 1; -- int t; -- char_u *cp; -+ int valcount = 1; -+ int t; -+ char_u *cp; - - if (var[0] == NUL || (var[0] == '0' && var[1] == NUL)) - { - *array = NULL; -- return TRUE; -+ return OK; - } - - for (cp = var; *cp != NUL; ++cp) -@@ -43,8 +44,8 @@ tabstop_set(char_u *var, int **array) - if (cp != end) - emsg(_(e_positive)); - else -- emsg(_(e_invarg)); -- return FALSE; -+ semsg(_(e_invarg2), cp); -+ return FAIL; - } - } - -@@ -55,26 +56,33 @@ tabstop_set(char_u *var, int **array) - ++valcount; - continue; - } -- emsg(_(e_invarg)); -- return FALSE; -+ semsg(_(e_invarg2), var); -+ return FAIL; - } - - *array = ALLOC_MULT(int, valcount + 1); - if (*array == NULL) -- return FALSE; -+ return FAIL; - (*array)[0] = valcount; - - t = 1; - for (cp = var; *cp != NUL;) - { -- (*array)[t++] = atoi((char *)cp); -- while (*cp != NUL && *cp != ',') -+ int n = atoi((char *)cp); -+ -+ if (n < 0 || n > 9999) -+ { -+ semsg(_(e_invarg2), cp); -+ return FAIL; -+ } -+ (*array)[t++] = n; -+ while (*cp != NUL && *cp != ',') - ++cp; - if (*cp != NUL) - ++cp; - } - -- return TRUE; -+ return OK; - } - - /* -@@ -1556,7 +1564,7 @@ ex_retab(exarg_T *eap) - - #ifdef FEAT_VARTABS - new_ts_str = eap->arg; -- if (!tabstop_set(eap->arg, &new_vts_array)) -+ if (tabstop_set(eap->arg, &new_vts_array) == FAIL) - return; - while (vim_isdigit(*(eap->arg)) || *(eap->arg) == ',') - ++(eap->arg); -Index: git/src/option.c -=================================================================== ---- git.orig/src/option.c -+++ git/src/option.c -@@ -2292,9 +2292,9 @@ didset_options2(void) - #endif - #ifdef FEAT_VARTABS - vim_free(curbuf->b_p_vsts_array); -- tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array); -+ (void)tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array); - vim_free(curbuf->b_p_vts_array); -- tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array); -+ (void)tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array); - #endif - } - -@@ -5756,7 +5756,7 @@ buf_copy_options(buf_T *buf, int flags) - buf->b_p_vsts = vim_strsave(p_vsts); - COPY_OPT_SCTX(buf, BV_VSTS); - if (p_vsts && p_vsts != empty_option) -- tabstop_set(p_vsts, &buf->b_p_vsts_array); -+ (void)tabstop_set(p_vsts, &buf->b_p_vsts_array); - else - buf->b_p_vsts_array = 0; - buf->b_p_vsts_nopaste = p_vsts_nopaste -@@ -5914,7 +5914,7 @@ buf_copy_options(buf_T *buf, int flags) - buf->b_p_isk = save_p_isk; - #ifdef FEAT_VARTABS - if (p_vts && p_vts != empty_option && !buf->b_p_vts_array) -- tabstop_set(p_vts, &buf->b_p_vts_array); -+ (void)tabstop_set(p_vts, &buf->b_p_vts_array); - else - buf->b_p_vts_array = NULL; - #endif -@@ -5929,7 +5929,7 @@ buf_copy_options(buf_T *buf, int flags) - buf->b_p_vts = vim_strsave(p_vts); - COPY_OPT_SCTX(buf, BV_VTS); - if (p_vts && p_vts != empty_option && !buf->b_p_vts_array) -- tabstop_set(p_vts, &buf->b_p_vts_array); -+ (void)tabstop_set(p_vts, &buf->b_p_vts_array); - else - buf->b_p_vts_array = NULL; - #endif -@@ -6634,7 +6634,7 @@ paste_option_changed(void) - if (buf->b_p_vsts_array) - vim_free(buf->b_p_vsts_array); - if (buf->b_p_vsts && buf->b_p_vsts != empty_option) -- tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array); -+ (void)tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array); - else - buf->b_p_vsts_array = 0; - #endif -Index: git/src/optionstr.c -=================================================================== ---- git.orig/src/optionstr.c -+++ git/src/optionstr.c -@@ -2166,7 +2166,7 @@ did_set_string_option( - if (errmsg == NULL) - { - int *oldarray = curbuf->b_p_vsts_array; -- if (tabstop_set(*varp, &(curbuf->b_p_vsts_array))) -+ if (tabstop_set(*varp, &(curbuf->b_p_vsts_array)) == OK) - { - if (oldarray) - vim_free(oldarray); -@@ -2205,7 +2205,7 @@ did_set_string_option( - { - int *oldarray = curbuf->b_p_vts_array; - -- if (tabstop_set(*varp, &(curbuf->b_p_vts_array))) -+ if (tabstop_set(*varp, &(curbuf->b_p_vts_array)) == OK) - { - vim_free(oldarray); - #ifdef FEAT_FOLDING -Index: git/src/testdir/test_retab.vim -=================================================================== ---- git.orig/src/testdir/test_retab.vim -+++ git/src/testdir/test_retab.vim -@@ -74,4 +74,7 @@ endfunc - func Test_retab_error() - call assert_fails('retab -1', 'E487:') - call assert_fails('retab! -1', 'E487:') -+ call assert_fails('ret -1000', 'E487:') -+ call assert_fails('ret 10000', 'E475:') -+ call assert_fails('ret 80000000000000000000', 'E475:') - endfunc -Index: git/src/version.c -=================================================================== ---- git.orig/src/version.c -+++ git/src/version.c -@@ -743,6 +743,8 @@ static char *(features[]) = - static int included_patches[] = - { /* Add new patch number below this line */ - /**/ -+ 3402, -+/**/ - 0 - }; - diff --git a/meta/recipes-support/vim/files/disable_acl_header_check.patch b/meta/recipes-support/vim/files/disable_acl_header_check.patch index 33089162b4..533138245d 100644 --- a/meta/recipes-support/vim/files/disable_acl_header_check.patch +++ b/meta/recipes-support/vim/files/disable_acl_header_check.patch @@ -13,11 +13,11 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com> src/configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -diff --git a/src/configure.ac b/src/configure.ac -index 2d409b3ca06a..dbcaf6140263 100644 ---- a/src/configure.ac -+++ b/src/configure.ac -@@ -3257,7 +3257,7 @@ AC_CHECK_HEADERS(stdint.h stdlib.h string.h \ +Index: git/src/configure.ac +=================================================================== +--- git.orig/src/configure.ac ++++ git/src/configure.ac +@@ -3292,7 +3292,7 @@ AC_CHECK_HEADERS(stdint.h stdlib.h strin sys/systeminfo.h locale.h sys/stream.h termios.h \ libc.h sys/statfs.h poll.h sys/poll.h pwd.h \ utime.h sys/param.h sys/ptms.h libintl.h libgen.h \ @@ -26,7 +26,7 @@ index 2d409b3ca06a..dbcaf6140263 100644 sys/access.h sys/sysinfo.h wchar.h wctype.h) dnl sys/ptem.h depends on sys/stream.h on Solaris -@@ -3886,6 +3886,7 @@ AC_ARG_ENABLE(acl, +@@ -3974,6 +3974,7 @@ AC_ARG_ENABLE(acl, , [enable_acl="yes"]) if test "$enable_acl" = "yes"; then AC_MSG_RESULT(no) @@ -34,6 +34,3 @@ index 2d409b3ca06a..dbcaf6140263 100644 AC_CHECK_LIB(posix1e, acl_get_file, [LIBS="$LIBS -lposix1e"], AC_CHECK_LIB(acl, acl_get_file, [LIBS="$LIBS -lacl" AC_CHECK_LIB(attr, fgetxattr, LIBS="$LIBS -lattr",,)],,),) --- -2.7.4 - diff --git a/meta/recipes-support/vim/files/no-path-adjust.patch b/meta/recipes-support/vim/files/no-path-adjust.patch index 05c2d803f6..9d6da80913 100644 --- a/meta/recipes-support/vim/files/no-path-adjust.patch +++ b/meta/recipes-support/vim/files/no-path-adjust.patch @@ -7,9 +7,11 @@ Upstream-Status: Pending Signed-off-by: Joe Slater <joe.slater@windriver.com> ---- a/src/Makefile -+++ b/src/Makefile -@@ -2507,11 +2507,14 @@ installtools: $(TOOLS) $(DESTDIR)$(exec_ +Index: git/src/Makefile +=================================================================== +--- git.orig/src/Makefile ++++ git/src/Makefile +@@ -2565,11 +2565,14 @@ installtools: $(TOOLS) $(DESTDIR)$(exec_ rm -rf $$cvs; \ fi -chmod $(FILEMOD) $(DEST_TOOLS)/* diff --git a/meta/recipes-support/vim/files/racefix.patch b/meta/recipes-support/vim/files/racefix.patch index 48dca44cad..1cb8fb442f 100644 --- a/meta/recipes-support/vim/files/racefix.patch +++ b/meta/recipes-support/vim/files/racefix.patch @@ -9,9 +9,9 @@ Index: git/src/po/Makefile =================================================================== --- git.orig/src/po/Makefile +++ git/src/po/Makefile -@@ -165,17 +165,16 @@ $(PACKAGE).pot: ../*.c ../if_perl.xs ../ - po/gvim.desktop.in po/vim.desktop.in - mv -f ../$(PACKAGE).po $(PACKAGE).pot +@@ -207,17 +207,16 @@ $(PACKAGE).pot: $(PO_INPUTLIST) $(PO_VIM + # Delete the temporary files + rm *.js -vim.desktop: vim.desktop.in $(POFILES) +LINGUAS: diff --git a/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch b/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch index 37914d4cd9..5284ba45b6 100644 --- a/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch +++ b/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch @@ -14,11 +14,11 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com> src/configure.ac | 7 +++++++ 1 file changed, 7 insertions(+) -diff --git a/src/configure.ac b/src/configure.ac -index 0ee86ad..64736f0 100644 ---- a/src/configure.ac -+++ b/src/configure.ac -@@ -3192,11 +3192,18 @@ AC_TRY_COMPILE([#include <stdio.h>], [int x __attribute__((unused));], +Index: git/src/configure.ac +=================================================================== +--- git.orig/src/configure.ac ++++ git/src/configure.ac +@@ -3264,11 +3264,18 @@ AC_TRY_COMPILE([#include <stdio.h>], [in AC_MSG_RESULT(no)) dnl Checks for header files. @@ -37,6 +37,3 @@ index 0ee86ad..64736f0 100644 AC_HEADER_DIRENT --- -2.7.4 - diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index e04c653fe3..c124596e8d 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -8,21 +8,21 @@ BUGTRACKER = "https://github.com/vim/vim/issues" DEPENDS = "ncurses gettext-native" # vimdiff doesn't like busybox diff RSUGGESTS_${PN} = "diffutils" + LICENSE = "vim" -LIC_FILES_CHKSUM = "file://runtime/doc/uganda.txt;endline=287;md5=a19edd7ec70d573a005d9e509375a99a" +LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99 \ + file://runtime/doc/uganda.txt;md5=a3f193c20c6faff93c69185d5d070535" -SRC_URI = "git://github.com/vim/vim.git \ +SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://disable_acl_header_check.patch \ file://vim-add-knob-whether-elf.h-are-checked.patch \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ file://racefix.patch \ - file://CVE-2021-3778.patch \ - file://CVE-2021-3796.patch \ - file://b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch \ " -SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44" +PV .= ".4524" +SRCREV = "d8f8629b1bf566e1dada7515e9b146c69e5d9757" # Do not consider .z in x.y.z, as that is updated with every commit UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0" diff --git a/meta/recipes-support/xxhash/xxhash_0.8.0.bb b/meta/recipes-support/xxhash/xxhash_0.8.0.bb index 9e38872361..daa1bc26de 100644 --- a/meta/recipes-support/xxhash/xxhash_0.8.0.bb +++ b/meta/recipes-support/xxhash/xxhash_0.8.0.bb @@ -5,7 +5,7 @@ HOMEPAGE = "http://www.xxhash.com/" LICENSE = "BSD-2-Clause & GPL-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=b335320506abb0505437e39295e799cb" -SRC_URI = "git://github.com/Cyan4973/xxHash.git;branch=release;protocol=git" +SRC_URI = "git://github.com/Cyan4973/xxHash.git;branch=release;protocol=https" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" SRCREV = "94e5f23e736f2bb67ebdf90727353e65344f9fc0" |