diff options
Diffstat (limited to 'meta/recipes-support')
41 files changed, 1152 insertions, 375 deletions
diff --git a/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb b/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb index c830a92776..c66ff3a7da 100644 --- a/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb +++ b/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb @@ -9,7 +9,7 @@ SECTION = "console/utils" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/intel/${BPN}" +SRC_URI = "git://github.com/intel/${BPN};branch=master;protocol=https" SRCREV = "c0673962a8ec1624b5189dc1d24f33fe4f06785a" S = "${WORKDIR}/git" diff --git a/meta/recipes-support/boost/boost-build-native_4.4.1.bb b/meta/recipes-support/boost/boost-build-native_4.4.1.bb index 2de05369a8..de566eeb82 100644 --- a/meta/recipes-support/boost/boost-build-native_4.4.1.bb +++ b/meta/recipes-support/boost/boost-build-native_4.4.1.bb @@ -6,7 +6,7 @@ SECTION = "devel" LICENSE = "BSL-1.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c" -SRC_URI = "git://github.com/boostorg/build;protocol=https" +SRC_URI = "git://github.com/boostorg/build;protocol=https;branch=master" SRCREV = "76da80f33187a3d9e5336157cdfae12ce82e37eb" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+){2,}))" diff --git a/meta/recipes-support/boost/boost/0001-BoostConfig.cmake-allow-searching-for-python310.patch b/meta/recipes-support/boost/boost/0001-BoostConfig.cmake-allow-searching-for-python310.patch new file mode 100644 index 0000000000..0a9ee2cc95 --- /dev/null +++ b/meta/recipes-support/boost/boost/0001-BoostConfig.cmake-allow-searching-for-python310.patch @@ -0,0 +1,50 @@ +From e193f080c7d209516ac9b712fa0c50bb08026fa2 Mon Sep 17 00:00:00 2001 +From: Martin Jansa <Martin.Jansa@gmail.com> +Date: Tue, 19 Oct 2021 12:24:31 +0000 +Subject: [PATCH] BoostConfig.cmake: allow searching for python310 + +* accept double digits in Python3_VERSION_MINOR + +* if someone is using e.g.: + find_package(Python3 REQUIRED) + find_package(Boost REQUIRED python${Python3_VERSION_MAJOR}${Python3_VERSION_MINOR}) + + with python-3.10 then it currently fails with: + + -- Found PythonLibs: /usr/lib/libpython3.10.so (found version "3.10.0") + -- Found Python3: -native/usr/bin/python3-native/python3 (found version "3.10.0") found components: Interpreter + CMake Error at /usr/lib/cmake/Boost-1.77.0/BoostConfig.cmake:141 (find_package): + Could not find a package configuration file provided by "boost_python310" + (requested version 1.77.0) with any of the following names: + + boost_python310Config.cmake + boost_python310-config.cmake + + Add the installation prefix of "boost_python310" to CMAKE_PREFIX_PATH or + set "boost_python310_DIR" to a directory containing one of the above files. + If "boost_python310" provides a separate development package or SDK, be + sure it has been installed. + Call Stack (most recent call first): + /usr/lib/cmake/Boost-1.77.0/BoostConfig.cmake:258 (boost_find_component) + /usr/share/cmake-3.21/Modules/FindBoost.cmake:594 (find_package) + CMakeLists.txt:18 (find_package) + +Upstream-Status: Submitted [https://github.com/boostorg/boost_install/pull/53] +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + tools/boost_install/BoostConfig.cmake | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/boost_install/BoostConfig.cmake b/tools/boost_install/BoostConfig.cmake +index fd17821..5dffa58 100644 +--- a/tools/boost_install/BoostConfig.cmake ++++ b/tools/boost_install/BoostConfig.cmake +@@ -113,7 +113,7 @@ macro(boost_find_component comp required quiet) + set(_BOOST_REQUIRED REQUIRED) + endif() + +- if("${comp}" MATCHES "^(python|numpy|mpi_python)([1-9])([0-9])$") ++ if("${comp}" MATCHES "^(python|numpy|mpi_python)([1-9])([0-9][0-9]?)$") + + # handle pythonXY and numpyXY versioned components for compatibility + diff --git a/meta/recipes-support/boost/boost/0002-math-allow-definition-of-boost_math_no_atomic_int-on-the-command-line.patch b/meta/recipes-support/boost/boost/0002-math-allow-definition-of-boost_math_no_atomic_int-on-the-command-line.patch new file mode 100644 index 0000000000..b05b795084 --- /dev/null +++ b/meta/recipes-support/boost/boost/0002-math-allow-definition-of-boost_math_no_atomic_int-on-the-command-line.patch @@ -0,0 +1,53 @@ +From 32bd6197353f6ea8e5bef01f09e25c944141acfc Mon Sep 17 00:00:00 2001 +From: jzmaddock <john@johnmaddock.co.uk> +Date: Wed, 1 Sep 2021 18:54:54 +0100 +Subject: [PATCH] Allow definition of BOOST_MATH_NO_ATOMIC_INT on the command + line. Allows us to test/emulate platforms with no atomic integers. + +[buildroot@heine.tech: + - backport from boostorg/math 32bd6197353f6ea8e5bef01f09e25c944141acfc + - alter path to match boost release +] +Signed-off-by: Michael Nosthoff <buildroot@heine.tech> +--- +Upstream-Status: Backport [https://github.com/boostorg/math/pull/684/commits/32bd6197353f6ea8e5bef01f09e25c944141acfc] + boost/math/tools/atomic.hpp | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/boost/math/tools/atomic.hpp b/boost/math/tools/atomic.hpp +index cc76ed269f..e3cbf5db89 100644 +--- a/boost/math/tools/atomic.hpp ++++ b/boost/math/tools/atomic.hpp +@@ -16,27 +16,27 @@ + namespace boost { + namespace math { + namespace detail { +-#if ATOMIC_INT_LOCK_FREE == 2 ++#if (ATOMIC_INT_LOCK_FREE == 2) && !defined(BOOST_MATH_NO_ATOMIC_INT) + typedef std::atomic<int> atomic_counter_type; + typedef std::atomic<unsigned> atomic_unsigned_type; + typedef int atomic_integer_type; + typedef unsigned atomic_unsigned_integer_type; +-#elif ATOMIC_SHORT_LOCK_FREE == 2 ++#elif (ATOMIC_SHORT_LOCK_FREE == 2) && !defined(BOOST_MATH_NO_ATOMIC_INT) + typedef std::atomic<short> atomic_counter_type; + typedef std::atomic<unsigned short> atomic_unsigned_type; + typedef short atomic_integer_type; + typedef unsigned short atomic_unsigned_type; +-#elif ATOMIC_LONG_LOCK_FREE == 2 ++#elif (ATOMIC_LONG_LOCK_FREE == 2) && !defined(BOOST_MATH_NO_ATOMIC_INT) + typedef std::atomic<long> atomic_unsigned_integer_type; + typedef std::atomic<unsigned long> atomic_unsigned_type; + typedef unsigned long atomic_unsigned_type; + typedef long atomic_integer_type; +-#elif ATOMIC_LLONG_LOCK_FREE == 2 ++#elif (ATOMIC_LLONG_LOCK_FREE == 2) && !defined(BOOST_MATH_NO_ATOMIC_INT) + typedef std::atomic<long long> atomic_unsigned_integer_type; + typedef std::atomic<unsigned long long> atomic_unsigned_type; + typedef long long atomic_integer_type; + typedef unsigned long long atomic_unsigned_integer_type; +-#else ++#elif !defined(BOOST_MATH_NO_ATOMIC_INT) + # define BOOST_MATH_NO_ATOMIC_INT + #endif + } // Namespace detail diff --git a/meta/recipes-support/boost/boost/0003-math-make-no-atomics-a-soft-failure-in-bernoulli_details_hpp.patch b/meta/recipes-support/boost/boost/0003-math-make-no-atomics-a-soft-failure-in-bernoulli_details_hpp.patch new file mode 100644 index 0000000000..f69e4f21f3 --- /dev/null +++ b/meta/recipes-support/boost/boost/0003-math-make-no-atomics-a-soft-failure-in-bernoulli_details_hpp.patch @@ -0,0 +1,151 @@ +From 7d482f6ebc356e6ec455ccb5f51a23971bf6ce5b Mon Sep 17 00:00:00 2001 +From: jzmaddock <john@johnmaddock.co.uk> +Date: Wed, 1 Sep 2021 20:31:53 +0100 +Subject: [PATCH] Make no atomics a soft failure in bernoulli_details.hpp. + Include an "escape macro" so thread safety can be disabled if certain + bernoulli features are to be used in a no-atomics environment. Fixes + https://github.com/boostorg/math/issues/673. + +[buildroot@heine.tech: + - backport from boostorg/math 7d482f6ebc356e6ec455ccb5f51a23971bf6ce5b + - alter path to match boost release +] +Signed-off-by: Michael Nosthoff <buildroot@heine.tech> +--- +Upstream-Status: Backport [https://github.com/boostorg/math/pull/684/commits/7d482f6ebc356e6ec455ccb5f51a23971bf6ce5b] + .../detail/bernoulli_details.hpp | 10 +++++++--- + libs/math/test/Jamfile.v2 | 3 +++ + test/compile_test/bernoulli_no_atomic_d.cpp | 14 ++++++++++++++ + test/compile_test/bernoulli_no_atomic_fail.cpp | 15 +++++++++++++++ + test/compile_test/bernoulli_no_atomic_mp.cpp | 16 ++++++++++++++++ + 5 files changed, 55 insertions(+), 3 deletions(-) + create mode 100644 test/compile_test/bernoulli_no_atomic_d.cpp + create mode 100644 test/compile_test/bernoulli_no_atomic_fail.cpp + create mode 100644 test/compile_test/bernoulli_no_atomic_mp.cpp + +diff --git a/boost/math/special_functions/detail/bernoulli_details.hpp b/boost/math/special_functions/detail/bernoulli_details.hpp +index cf35545264..8519b7c89c 100644 +--- a/boost/math/special_functions/detail/bernoulli_details.hpp ++++ b/boost/math/special_functions/detail/bernoulli_details.hpp +@@ -360,7 +360,7 @@ class bernoulli_numbers_cache + return out; + } + +- #ifndef BOOST_HAS_THREADS ++ #if !defined(BOOST_HAS_THREADS) || defined(BOOST_MATH_BERNOULLI_UNTHREADED) + // + // Single threaded code, very simple: + // +@@ -382,6 +382,8 @@ class bernoulli_numbers_cache + *out = (i >= m_overflow_limit) ? policies::raise_overflow_error<T>("boost::math::bernoulli_b2n<%1%>(std::size_t)", 0, T(i), pol) : bn[i]; + ++out; + } ++ #elif defined(BOOST_MATH_NO_ATOMIC_INT) ++ static_assert(sizeof(T) == 1, "Unsupported configuration: your platform appears to have no atomic integers. If you are happy with thread-unsafe code, then you may define BOOST_MATH_BERNOULLI_UNTHREADED to suppress this error."); + #else + // + // Double-checked locking pattern, lets us access cached already cached values +@@ -464,7 +466,7 @@ class bernoulli_numbers_cache + return out; + } + +- #ifndef BOOST_HAS_THREADS ++ #if !defined(BOOST_HAS_THREADS) || defined(BOOST_MATH_BERNOULLI_UNTHREADED) + // + // Single threaded code, very simple: + // +@@ -494,6 +496,8 @@ class bernoulli_numbers_cache + } + ++out; + } ++ #elif defined(BOOST_MATH_NO_ATOMIC_INT) ++ static_assert(sizeof(T) == 1, "Unsupported configuration: your platform appears to have no atomic integers. If you are happy with thread-unsafe code, then you may define BOOST_MATH_BERNOULLI_UNTHREADED to suppress this error."); + #else + // + // Double-checked locking pattern, lets us access cached already cached values +@@ -555,7 +559,7 @@ class bernoulli_numbers_cache + // The value at which we know overflow has already occurred for the Bn: + std::size_t m_overflow_limit; + +- #ifdef BOOST_HAS_THREADS ++ #if defined(BOOST_HAS_THREADS) && !defined(BOOST_MATH_NO_ATOMIC_INT) + std::mutex m_mutex; + atomic_counter_type m_counter, m_current_precision; + #else +diff --git a/libs/math/test/Jamfile.v2 b/libs/math/test/Jamfile.v2 +index 52fb87f5e5..3ac63f9279 100644 +--- a/libs/math/test/Jamfile.v2 ++++ b/libs/math/test/Jamfile.v2 +@@ -1137,6 +1137,9 @@ test-suite misc : + + # [ run __temporary_test.cpp test_instances//test_instances : : : <test-info>always_show_run_output <pch>off ] + [ compile test_no_long_double_policy.cpp ] ++ [ compile compile_test/bernoulli_no_atomic_d.cpp ] ++ [ compile compile_test/bernoulli_no_atomic_mp.cpp ] ++ [ compile-fail compile_test/bernoulli_no_atomic_fail.cpp ] + ; + + test-suite interpolators : +diff --git a/test/compile_test/bernoulli_no_atomic_d.cpp b/test/compile_test/bernoulli_no_atomic_d.cpp +new file mode 100644 +index 0000000000..61926f7e1f +--- /dev/null ++++ b/test/compile_test/bernoulli_no_atomic_d.cpp +@@ -0,0 +1,14 @@ ++// (C) Copyright John Maddock 2021. ++// Use, modification and distribution are subject to the ++// Boost Software License, Version 1.0. (See accompanying file ++// LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) ++ ++#define BOOST_MATH_NO_ATOMIC_INT ++ ++#include <boost/math/special_functions/bernoulli.hpp> ++#include "test_compile_result.hpp" ++ ++void compile_and_link_test() ++{ ++ check_result<double>(boost::math::bernoulli_b2n<double>(4)); ++} +diff --git a/test/compile_test/bernoulli_no_atomic_fail.cpp b/test/compile_test/bernoulli_no_atomic_fail.cpp +new file mode 100644 +index 0000000000..bbd7152412 +--- /dev/null ++++ b/test/compile_test/bernoulli_no_atomic_fail.cpp +@@ -0,0 +1,15 @@ ++// (C) Copyright John Maddock 2021. ++// Use, modification and distribution are subject to the ++// Boost Software License, Version 1.0. (See accompanying file ++// LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) ++ ++#define BOOST_MATH_NO_ATOMIC_INT ++ ++#include <boost/math/special_functions/bernoulli.hpp> ++#include <boost/multiprecision/cpp_bin_float.hpp> ++#include "test_compile_result.hpp" ++ ++void compile_and_link_test() ++{ ++ check_result<boost::multiprecision::cpp_bin_float_50>(boost::math::bernoulli_b2n<boost::multiprecision::cpp_bin_float_50>(4)); ++} +diff --git a/test/compile_test/bernoulli_no_atomic_mp.cpp b/test/compile_test/bernoulli_no_atomic_mp.cpp +new file mode 100644 +index 0000000000..8d5a6e78e6 +--- /dev/null ++++ b/test/compile_test/bernoulli_no_atomic_mp.cpp +@@ -0,0 +1,16 @@ ++// (C) Copyright John Maddock 2021. ++// Use, modification and distribution are subject to the ++// Boost Software License, Version 1.0. (See accompanying file ++// LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) ++ ++#define BOOST_MATH_NO_ATOMIC_INT ++#define BOOST_MATH_BERNOULLI_UNTHREADED ++ ++#include <boost/math/special_functions/bernoulli.hpp> ++#include <boost/multiprecision/cpp_bin_float.hpp> ++#include "test_compile_result.hpp" ++ ++void compile_and_link_test() ++{ ++ check_result<boost::multiprecision::cpp_bin_float_50>(boost::math::bernoulli_b2n<boost::multiprecision::cpp_bin_float_50>(4)); ++} diff --git a/meta/recipes-support/boost/boost_1.77.0.bb b/meta/recipes-support/boost/boost_1.77.0.bb index df8e08ad76..bde6b14a79 100644 --- a/meta/recipes-support/boost/boost_1.77.0.bb +++ b/meta/recipes-support/boost/boost_1.77.0.bb @@ -6,4 +6,7 @@ SRC_URI += "file://boost-CVE-2012-2677.patch \ file://0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \ file://0001-dont-setup-compiler-flags-m32-m64.patch \ file://0001-fiber-libs-Define-SYS_futex-if-it-does-not-exist.patch \ + file://0001-BoostConfig.cmake-allow-searching-for-python310.patch \ + file://0002-math-allow-definition-of-boost_math_no_atomic_int-on-the-command-line.patch \ + file://0003-math-make-no-atomics-a-soft-failure-in-bernoulli_details_hpp.patch \ " diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch new file mode 100644 index 0000000000..5c4a32f526 --- /dev/null +++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch @@ -0,0 +1,80 @@ +From cb43ec15b700b25f3c4fe44043a1a021aaf5b768 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Mon, 18 Oct 2021 12:05:49 +0200 +Subject: [PATCH] Revert "mozilla/certdata2pem.py: print a warning for expired + certificates." + +This avoids a dependency on python3-cryptography, and only checks +for expired certs (which is upstream concern, but not ours). + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + debian/changelog | 1 - + debian/control | 2 +- + mozilla/certdata2pem.py | 11 ----------- + 3 files changed, 1 insertion(+), 13 deletions(-) + +diff --git a/debian/changelog b/debian/changelog +index 531e4d0..4006509 100644 +--- a/debian/changelog ++++ b/debian/changelog +@@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low + - "Trustis FPS Root CA" + - "Staat der Nederlanden Root CA - G3" + * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) +- * mozilla/certdata2pem.py: print a warning for expired certificates. + + -- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200 + +diff --git a/debian/control b/debian/control +index 4434b7a..5c6ba24 100644 +--- a/debian/control ++++ b/debian/control +@@ -3,7 +3,7 @@ Section: misc + Priority: optional + Maintainer: Julien Cristau <jcristau@debian.org> + Build-Depends: debhelper-compat (= 13), po-debconf +-Build-Depends-Indep: python3, openssl, python3-cryptography ++Build-Depends-Indep: python3, openssl + Standards-Version: 4.5.0.2 + Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git + Vcs-Browser: https://salsa.debian.org/debian/ca-certificates +diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py +index ede23d4..7d796f1 100644 +--- a/mozilla/certdata2pem.py ++++ b/mozilla/certdata2pem.py +@@ -21,16 +21,12 @@ + # USA. + + import base64 +-import datetime + import os.path + import re + import sys + import textwrap + import io + +-from cryptography import x509 +- +- + objects = [] + + # Dirty file parser. +@@ -121,13 +117,6 @@ for obj in objects: + if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': + if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: + continue +- +- cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) +- if cert.not_valid_after < datetime.datetime.now(): +- print('!'*74) +- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) +- print('!'*74) +- + bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ + .replace(' ', '_')\ + .replace('(', '=')\ +-- +2.20.1 + diff --git a/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch b/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch deleted file mode 100644 index f343ebf16e..0000000000 --- a/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch +++ /dev/null @@ -1,26 +0,0 @@ -sbin/Makefile: Allow the sbin path to be configurable - -Some project sharing ca-certificates from Debian allow configuration -of the installation location. Make the sbin location configurable. - -Also ensure the target directory exists - -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> -Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/5] - ---- ca-certificates-20130119.orig/sbin/Makefile -+++ ca-certificates-20130119/sbin/Makefile -@@ -3,9 +3,12 @@ - # - # - -+SBINDIR = /usr/sbin -+ - all: - - clean: - - install: -- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/ -+ install -d $(DESTDIR)$(SBINDIR) -+ install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/ diff --git a/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch b/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch deleted file mode 100644 index f78790923c..0000000000 --- a/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch +++ /dev/null @@ -1,33 +0,0 @@ -update-ca-certificates: Replace deprecated mktemp -t with mktemp --tmpdir - -According to coreutils docs, mktemp -t is deprecated, switch to the ---tmpdir option instead. - -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> -Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/5] - -[This was originally for compatibility with toybox but toybox now -supports -t] ---- - sbin/update-ca-certificates | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates -index 79c41bb..ae9e3f1 100755 ---- a/sbin/update-ca-certificates -+++ b/sbin/update-ca-certificates -@@ -113,9 +113,9 @@ trap cleanup 0 - - # Helper files. (Some of them are not simple arrays because we spawn - # subshells later on.) --TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")" --ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" --REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" -+TEMPBUNDLE="$(mktemp --tmpdir "${CERTBUNDLE}.tmp.XXXXXX")" -+ADDED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")" -+REMOVED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")" - - # Adds a certificate to the list of trusted ones. This includes a symlink - # in /etc/ssl/certs to the certificate file and its inclusion into the --- -2.1.4 diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb b/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb index 363203854f..dbee7dc616 100644 --- a/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb +++ b/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb @@ -14,15 +14,14 @@ DEPENDS:class-nativesdk = "openssl-native" # Need rehash from openssl and run-parts from debianutils PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" -SRCREV = "181be7ebd169b4a6fb5d90c3e6dc791e90534144" +SRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8" -SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \ +SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \ file://0002-update-ca-certificates-use-SYSROOT.patch \ file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \ - file://update-ca-certificates-support-Toybox.patch \ file://default-sysroot.patch \ - file://sbindir.patch \ file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \ + file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch \ " UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)" diff --git a/meta/recipes-support/curl/curl/cve-2021-22945.patch b/meta/recipes-support/curl/curl/cve-2021-22945.patch new file mode 100644 index 0000000000..2cbe110332 --- /dev/null +++ b/meta/recipes-support/curl/curl/cve-2021-22945.patch @@ -0,0 +1,34 @@ +CVE: CVE-2021-22945 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 92cb3059dab2f9ef3e6ea614dad5c86917d19807 Mon Sep 17 00:00:00 2001 +From: z2_ on hackerone <> +Date: Tue, 24 Aug 2021 09:50:33 +0200 +Subject: [PATCH 1/3] mqtt: clear the leftovers pointer when sending succeeds + +CVE-2021-22945 + +Bug: https://curl.se/docs/CVE-2021-22945.html +--- + lib/mqtt.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/mqtt.c b/lib/mqtt.c +index f077e6c3d..fcd40b41e 100644 +--- a/lib/mqtt.c ++++ b/lib/mqtt.c +@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data, + mq->sendleftovers = sendleftovers; + mq->nsend = nsend; + } ++ else { ++ mq->sendleftovers = NULL; ++ mq->nsend = 0; ++ } + return result; + } + +-- +2.25.1 + diff --git a/meta/recipes-support/curl/curl/cve-2021-22946.patch b/meta/recipes-support/curl/curl/cve-2021-22946.patch new file mode 100644 index 0000000000..1a4b3e1144 --- /dev/null +++ b/meta/recipes-support/curl/curl/cve-2021-22946.patch @@ -0,0 +1,332 @@ +CVE: CVE-2021-22946 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 089e18aefcee9b5093a96e9e1aa92751dde1f991 Mon Sep 17 00:00:00 2001 +From: Patrick Monnerat <patrick@monnerat.net> +Date: Wed, 8 Sep 2021 11:56:22 +0200 +Subject: [PATCH 2/3] ftp,imap,pop3: do not ignore --ssl-reqd + +In imap and pop3, check if TLS is required even when capabilities +request has failed. + +In ftp, ignore preauthentication (230 status of server greeting) if TLS +is required. + +Bug: https://curl.se/docs/CVE-2021-22946.html + +CVE-2021-22946 +--- + lib/ftp.c | 9 ++++--- + lib/imap.c | 24 ++++++++---------- + lib/pop3.c | 33 +++++++++++------------- + tests/data/Makefile.inc | 2 ++ + tests/data/test984 | 56 +++++++++++++++++++++++++++++++++++++++++ + tests/data/test985 | 54 +++++++++++++++++++++++++++++++++++++++ + tests/data/test986 | 53 ++++++++++++++++++++++++++++++++++++++ + 7 files changed, 195 insertions(+), 36 deletions(-) + create mode 100644 tests/data/test984 + create mode 100644 tests/data/test985 + create mode 100644 tests/data/test986 + +diff --git a/lib/ftp.c b/lib/ftp.c +index 1a699de59..08d18ca74 100644 +--- a/lib/ftp.c ++++ b/lib/ftp.c +@@ -2681,9 +2681,12 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, + /* we have now received a full FTP server response */ + switch(ftpc->state) { + case FTP_WAIT220: +- if(ftpcode == 230) +- /* 230 User logged in - already! */ +- return ftp_state_user_resp(data, ftpcode, ftpc->state); ++ if(ftpcode == 230) { ++ /* 230 User logged in - already! Take as 220 if TLS required. */ ++ if(data->set.use_ssl <= CURLUSESSL_TRY || ++ conn->bits.ftp_use_control_ssl) ++ return ftp_state_user_resp(data, ftpcode, ftpc->state); ++ } + else if(ftpcode != 220) { + failf(data, "Got a %03d ftp-server response when 220 was expected", + ftpcode); +diff --git a/lib/imap.c b/lib/imap.c +index ab4d412ee..efc0420ce 100644 +--- a/lib/imap.c ++++ b/lib/imap.c +@@ -935,22 +935,18 @@ static CURLcode imap_state_capability_resp(struct Curl_easy *data, + line += wordlen; + } + } +- else if(imapcode == IMAP_RESP_OK) { +- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { +- /* We don't have a SSL/TLS connection yet, but SSL is requested */ +- if(imapc->tls_supported) +- /* Switch to TLS connection now */ +- result = imap_perform_starttls(data, conn); +- else if(data->set.use_ssl == CURLUSESSL_TRY) +- /* Fallback and carry on with authentication */ +- result = imap_perform_authentication(data, conn); +- else { +- failf(data, "STARTTLS not supported."); +- result = CURLE_USE_SSL_FAILED; +- } ++ else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { ++ /* PREAUTH is not compatible with STARTTLS. */ ++ if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) { ++ /* Switch to TLS connection now */ ++ result = imap_perform_starttls(data, conn); + } +- else ++ else if(data->set.use_ssl <= CURLUSESSL_TRY) + result = imap_perform_authentication(data, conn); ++ else { ++ failf(data, "STARTTLS not available."); ++ result = CURLE_USE_SSL_FAILED; ++ } + } + else + result = imap_perform_authentication(data, conn); +diff --git a/lib/pop3.c b/lib/pop3.c +index 5fdd6f3e0..f97e10eab 100644 +--- a/lib/pop3.c ++++ b/lib/pop3.c +@@ -741,28 +741,23 @@ static CURLcode pop3_state_capa_resp(struct Curl_easy *data, int pop3code, + } + } + } +- else if(pop3code == '+') { +- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { +- /* We don't have a SSL/TLS connection yet, but SSL is requested */ +- if(pop3c->tls_supported) +- /* Switch to TLS connection now */ +- result = pop3_perform_starttls(data, conn); +- else if(data->set.use_ssl == CURLUSESSL_TRY) +- /* Fallback and carry on with authentication */ +- result = pop3_perform_authentication(data, conn); +- else { +- failf(data, "STLS not supported."); +- result = CURLE_USE_SSL_FAILED; +- } +- } +- else +- result = pop3_perform_authentication(data, conn); +- } + else { + /* Clear text is supported when CAPA isn't recognised */ +- pop3c->authtypes |= POP3_TYPE_CLEARTEXT; ++ if(pop3code != '+') ++ pop3c->authtypes |= POP3_TYPE_CLEARTEXT; + +- result = pop3_perform_authentication(data, conn); ++ if(!data->set.use_ssl || conn->ssl[FIRSTSOCKET].use) ++ result = pop3_perform_authentication(data, conn); ++ else if(pop3code == '+' && pop3c->tls_supported) ++ /* Switch to TLS connection now */ ++ result = pop3_perform_starttls(data, conn); ++ else if(data->set.use_ssl <= CURLUSESSL_TRY) ++ /* Fallback and carry on with authentication */ ++ result = pop3_perform_authentication(data, conn); ++ else { ++ failf(data, "STLS not supported."); ++ result = CURLE_USE_SSL_FAILED; ++ } + } + + return result; +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index 163696962..5cd092192 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -118,6 +118,8 @@ test954 test955 test956 test957 test958 test959 test960 test961 test962 \ + test963 test964 test965 test966 test967 test968 test969 test970 test971 \ + test972 \ + \ ++test984 test985 test986 \ ++\ + test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ + test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ + test1016 test1017 test1018 test1019 test1020 test1021 test1022 test1023 \ +diff --git a/tests/data/test984 b/tests/data/test984 +new file mode 100644 +index 000000000..e573f23c1 +--- /dev/null ++++ b/tests/data/test984 +@@ -0,0 +1,56 @@ ++<testcase> ++<info> ++<keywords> ++IMAP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++REPLY CAPABILITY A001 BAD Not implemented ++</servercmd> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++imap ++</server> ++ <name> ++IMAP require STARTTLS with failing capabilities ++ </name> ++ <command> ++imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl-reqd ++</command> ++<file name="log/upload%TESTNUMBER"> ++Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) ++From: Fred Foobar <foobar@example.COM> ++Subject: afternoon meeting ++To: joe@example.com ++Message-Id: <B27397-0100000@example.COM> ++MIME-Version: 1.0 ++Content-Type: TEXT/PLAIN; CHARSET=US-ASCII ++ ++Hello Joe, do you think we can meet at 3:30 tomorrow? ++</file> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 64 is CURLE_USE_SSL_FAILED ++<errorcode> ++64 ++</errorcode> ++<protocol> ++A001 CAPABILITY ++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test985 b/tests/data/test985 +new file mode 100644 +index 000000000..d0db4aadf +--- /dev/null ++++ b/tests/data/test985 +@@ -0,0 +1,54 @@ ++<testcase> ++<info> ++<keywords> ++POP3 ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++REPLY CAPA -ERR Not implemented ++</servercmd> ++<data nocheck="yes"> ++From: me@somewhere ++To: fake@nowhere ++ ++body ++ ++-- ++ yours sincerely ++</data> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++pop3 ++</server> ++ <name> ++POP3 require STARTTLS with failing capabilities ++ </name> ++ <command> ++pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl-reqd ++ </command> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 64 is CURLE_USE_SSL_FAILED ++<errorcode> ++64 ++</errorcode> ++<protocol> ++CAPA ++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test986 b/tests/data/test986 +new file mode 100644 +index 000000000..a709437a4 +--- /dev/null ++++ b/tests/data/test986 +@@ -0,0 +1,53 @@ ++<testcase> ++<info> ++<keywords> ++FTP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++REPLY welcome 230 Welcome ++REPLY AUTH 500 unknown command ++</servercmd> ++</reply> ++ ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++ftp ++</server> ++ <name> ++FTP require STARTTLS while preauthenticated ++ </name> ++<file name="log/test%TESTNUMBER.txt"> ++data ++ to ++ see ++that FTPS ++works ++ so does it? ++</file> ++ <command> ++--ssl-reqd --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret ++</command> ++</client> ++ ++# Verify data after the test has been "shot" ++<verify> ++# 64 is CURLE_USE_SSL_FAILED ++<errorcode> ++64 ++</errorcode> ++<protocol> ++AUTH SSL ++AUTH TLS ++</protocol> ++</verify> ++</testcase> +-- +2.25.1 + diff --git a/meta/recipes-support/curl/curl/cve-2021-22947.patch b/meta/recipes-support/curl/curl/cve-2021-22947.patch new file mode 100644 index 0000000000..8a5031275a --- /dev/null +++ b/meta/recipes-support/curl/curl/cve-2021-22947.patch @@ -0,0 +1,355 @@ +CVE: CVE-2021-22947 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From aefa7370cb02801a571d51287d290d67068998b8 Mon Sep 17 00:00:00 2001 +From: Patrick Monnerat <patrick@monnerat.net> +Date: Tue, 7 Sep 2021 13:26:42 +0200 +Subject: [PATCH 3/3] ftp,imap,pop3,smtp: reject STARTTLS server response + pipelining + +If a server pipelines future responses within the STARTTLS response, the +former are preserved in the pingpong cache across TLS negotiation and +used as responses to the encrypted commands. + +This fix detects pipelined STARTTLS responses and rejects them with an +error. + +CVE-2021-22947 + +Bug: https://curl.se/docs/CVE-2021-22947.html +--- + lib/ftp.c | 3 +++ + lib/imap.c | 4 +++ + lib/pop3.c | 4 +++ + lib/smtp.c | 4 +++ + tests/data/Makefile.inc | 2 +- + tests/data/test980 | 52 ++++++++++++++++++++++++++++++++++++ + tests/data/test981 | 59 +++++++++++++++++++++++++++++++++++++++++ + tests/data/test982 | 57 +++++++++++++++++++++++++++++++++++++++ + tests/data/test983 | 52 ++++++++++++++++++++++++++++++++++++ + 9 files changed, 236 insertions(+), 1 deletion(-) + create mode 100644 tests/data/test980 + create mode 100644 tests/data/test981 + create mode 100644 tests/data/test982 + create mode 100644 tests/data/test983 + +diff --git a/lib/ftp.c b/lib/ftp.c +index 08d18ca74..0b9c9b732 100644 +--- a/lib/ftp.c ++++ b/lib/ftp.c +@@ -2743,6 +2743,9 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, + case FTP_AUTH: + /* we have gotten the response to a previous AUTH command */ + ++ if(pp->cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */ ++ + /* RFC2228 (page 5) says: + * + * If the server is willing to accept the named security mechanism, +diff --git a/lib/imap.c b/lib/imap.c +index efc0420ce..d1a48d7e3 100644 +--- a/lib/imap.c ++++ b/lib/imap.c +@@ -964,6 +964,10 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data, + + (void)instate; /* no use for this yet */ + ++ /* Pipelining in response is forbidden. */ ++ if(data->conn->proto.imapc.pp.cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; ++ + if(imapcode != IMAP_RESP_OK) { + if(data->set.use_ssl != CURLUSESSL_TRY) { + failf(data, "STARTTLS denied"); +diff --git a/lib/pop3.c b/lib/pop3.c +index f97e10eab..a06acb7b8 100644 +--- a/lib/pop3.c ++++ b/lib/pop3.c +@@ -772,6 +772,10 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data, + CURLcode result = CURLE_OK; + (void)instate; /* no use for this yet */ + ++ /* Pipelining in response is forbidden. */ ++ if(data->conn->proto.pop3c.pp.cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; ++ + if(pop3code != '+') { + if(data->set.use_ssl != CURLUSESSL_TRY) { + failf(data, "STARTTLS denied"); +diff --git a/lib/smtp.c b/lib/smtp.c +index 1a3da1559..9b9403b3d 100644 +--- a/lib/smtp.c ++++ b/lib/smtp.c +@@ -835,6 +835,10 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data, + CURLcode result = CURLE_OK; + (void)instate; /* no use for this yet */ + ++ /* Pipelining in response is forbidden. */ ++ if(data->conn->proto.smtpc.pp.cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; ++ + if(smtpcode != 220) { + if(data->set.use_ssl != CURLUSESSL_TRY) { + failf(data, "STARTTLS denied, code %d", smtpcode); +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index 5cd092192..c524b993e 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -118,7 +118,7 @@ test954 test955 test956 test957 test958 test959 test960 test961 test962 \ + test963 test964 test965 test966 test967 test968 test969 test970 test971 \ + test972 \ + \ +-test984 test985 test986 \ ++test980 test981 test982 test983 test984 test985 test986 \ + \ + test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ + test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ +diff --git a/tests/data/test980 b/tests/data/test980 +new file mode 100644 +index 000000000..97567f856 +--- /dev/null ++++ b/tests/data/test980 +@@ -0,0 +1,52 @@ ++<testcase> ++<info> ++<keywords> ++SMTP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++CAPA STARTTLS ++AUTH PLAIN ++REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted ++REPLY AUTH 535 5.7.8 Authentication credentials invalid ++</servercmd> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++smtp ++</server> ++ <name> ++SMTP STARTTLS pipelined server response ++ </name> ++<stdin> ++mail body ++</stdin> ++ <command> ++smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T - ++</command> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 8 is CURLE_WEIRD_SERVER_REPLY ++<errorcode> ++8 ++</errorcode> ++<protocol> ++EHLO %TESTNUMBER ++STARTTLS ++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test981 b/tests/data/test981 +new file mode 100644 +index 000000000..2b98ce42a +--- /dev/null ++++ b/tests/data/test981 +@@ -0,0 +1,59 @@ ++<testcase> ++<info> ++<keywords> ++IMAP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++CAPA STARTTLS ++REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted ++REPLY LOGIN A003 BAD Authentication credentials invalid ++</servercmd> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++imap ++</server> ++ <name> ++IMAP STARTTLS pipelined server response ++ </name> ++ <command> ++imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl ++</command> ++<file name="log/upload%TESTNUMBER"> ++Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) ++From: Fred Foobar <foobar@example.COM> ++Subject: afternoon meeting ++To: joe@example.com ++Message-Id: <B27397-0100000@example.COM> ++MIME-Version: 1.0 ++Content-Type: TEXT/PLAIN; CHARSET=US-ASCII ++ ++Hello Joe, do you think we can meet at 3:30 tomorrow? ++</file> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 8 is CURLE_WEIRD_SERVER_REPLY ++<errorcode> ++8 ++</errorcode> ++<protocol> ++A001 CAPABILITY ++A002 STARTTLS ++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test982 b/tests/data/test982 +new file mode 100644 +index 000000000..9e07cc0b3 +--- /dev/null ++++ b/tests/data/test982 +@@ -0,0 +1,57 @@ ++<testcase> ++<info> ++<keywords> ++POP3 ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++CAPA STLS USER ++REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated ++REPLY PASS -ERR Authentication credentials invalid ++</servercmd> ++<data nocheck="yes"> ++From: me@somewhere ++To: fake@nowhere ++ ++body ++ ++-- ++ yours sincerely ++</data> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++pop3 ++</server> ++ <name> ++POP3 STARTTLS pipelined server response ++ </name> ++ <command> ++pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl ++ </command> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 8 is CURLE_WEIRD_SERVER_REPLY ++<errorcode> ++8 ++</errorcode> ++<protocol> ++CAPA ++STLS ++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test983 b/tests/data/test983 +new file mode 100644 +index 000000000..300ec459c +--- /dev/null ++++ b/tests/data/test983 +@@ -0,0 +1,52 @@ ++<testcase> ++<info> ++<keywords> ++FTP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete ++REPLY PASS 530 Login incorrect ++</servercmd> ++</reply> ++ ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++ftp ++</server> ++ <name> ++FTP STARTTLS pipelined server response ++ </name> ++<file name="log/test%TESTNUMBER.txt"> ++data ++ to ++ see ++that FTPS ++works ++ so does it? ++</file> ++ <command> ++--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP ++</command> ++</client> ++ ++# Verify data after the test has been "shot" ++<verify> ++# 8 is CURLE_WEIRD_SERVER_REPLY ++<errorcode> ++8 ++</errorcode> ++<protocol> ++AUTH SSL ++</protocol> ++</verify> ++</testcase> +-- +2.25.1 + diff --git a/meta/recipes-support/curl/curl_7.78.0.bb b/meta/recipes-support/curl/curl_7.78.0.bb index dece0babb2..3f736d8da6 100644 --- a/meta/recipes-support/curl/curl_7.78.0.bb +++ b/meta/recipes-support/curl/curl_7.78.0.bb @@ -11,6 +11,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=425f6fdc767cc067518eef9bbdf4ab7b" SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ + file://cve-2021-22945.patch \ + file://cve-2021-22946.patch \ + file://cve-2021-22947.patch \ " SRC_URI[sha256sum] = "98530b317dc95ccb324bbe4f834f07bb642fbc393b794ddf3434f246a71ea44a" diff --git a/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb b/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb index 15d097ebed..509a0a0ddc 100644 --- a/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb +++ b/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb @@ -8,7 +8,7 @@ SECTION = "support" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://COPYING.txt;md5=8a7c3499a1142df819e727253cd53a12" -SRC_URI = "git://git.code.sf.net/p/dos2unix/dos2unix" +SRC_URI = "git://git.code.sf.net/p/dos2unix/dos2unix;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "dos2unix-(?P<pver>(\d+(\.\d+)+))" SRCREV = "72596f0ae21faa25a07a872d4843bc885475115d" diff --git a/meta/recipes-support/gmp/gmp/cve-2021-43618.patch b/meta/recipes-support/gmp/gmp/cve-2021-43618.patch new file mode 100644 index 0000000000..095fb21eaa --- /dev/null +++ b/meta/recipes-support/gmp/gmp/cve-2021-43618.patch @@ -0,0 +1,27 @@ +CVE: CVE-2021-43618 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +# HG changeset patch +# User Marco Bodrato <bodrato@mail.dm.unipi.it> +# Date 1634836009 -7200 +# Node ID 561a9c25298e17bb01896801ff353546c6923dbd +# Parent e1fd9db13b475209a864577237ea4b9105b3e96e +mpz/inp_raw.c: Avoid bit size overflows + +diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c +--- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100 ++++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200 +@@ -88,8 +88,11 @@ + + abs_csize = ABS (csize); + ++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) ++ return 0; /* Bit size overflows */ ++ + /* round up to a multiple of limbs */ +- abs_xsize = BITS_TO_LIMBS (abs_csize*8); ++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); + + if (abs_xsize != 0) + { diff --git a/meta/recipes-support/gmp/gmp_6.2.1.bb b/meta/recipes-support/gmp/gmp_6.2.1.bb index d5996abd00..091a390511 100644 --- a/meta/recipes-support/gmp/gmp_6.2.1.bb +++ b/meta/recipes-support/gmp/gmp_6.2.1.bb @@ -2,9 +2,11 @@ require gmp.inc LICENSE = "GPLv2+ | LGPLv3+" -LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ - file://COPYING.LESSERv3;md5=6a6a8e020838b23406c81b19c1d46df6 \ - file://COPYINGv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ +LIC_FILES_CHKSUM = "\ + file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ + file://COPYING.LESSERv3;md5=6a6a8e020838b23406c81b19c1d46df6 \ + file://COPYINGv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://COPYINGv3;md5=11cc2d3ee574f9d6b7ee797bdce4d423 \ " REVISION = "" @@ -12,6 +14,7 @@ SRC_URI = "https://gmplib.org/download/${BPN}/${BP}${REVISION}.tar.bz2 \ file://use-includedir.patch \ file://0001-Append-the-user-provided-flags-to-the-auto-detected-.patch \ file://0001-confiure.ac-Believe-the-cflags-from-environment.patch \ + file://cve-2021-43618.patch \ " SRC_URI[md5sum] = "28971fc21cf028042d4897f02fd355ea" SRC_URI[sha256sum] = "eae9326beb4158c386e39a356818031bd28f3124cf915f8c5b1dc4c7a36b4d7c" diff --git a/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2021.1.bb b/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2021.1.bb index 10200f539f..8cd27e9075 100644 --- a/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2021.1.bb +++ b/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2021.1.bb @@ -9,7 +9,7 @@ LICENSE = "LGPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=3bf50002aefd002f49e7bb854063f7e7 \ file://src/gnome-desktop-testing-runner.c;beginline=1;endline=20;md5=7ef3ad9da2ffcf7707dc11151fe007f4" -SRC_URI = "git://gitlab.gnome.org/GNOME/gnome-desktop-testing.git;protocol=http \ +SRC_URI = "git://gitlab.gnome.org/GNOME/gnome-desktop-testing.git;protocol=http;branch=master \ file://0001-fix-non-literal-format-string-issue-with-clang.patch \ " SRCREV = "e346cd4ed2e2102c9b195b614f3c642d23f5f6e7" diff --git a/meta/recipes-support/icu/icu_69.1.bb b/meta/recipes-support/icu/icu_69.1.bb index 4daf0fe82e..848ae9ab19 100644 --- a/meta/recipes-support/icu/icu_69.1.bb +++ b/meta/recipes-support/icu/icu_69.1.bb @@ -147,4 +147,4 @@ do_make_icudata() { : } -addtask make_icudata before do_configure after do_patch +addtask make_icudata before do_configure after do_patch do_prepare_recipe_sysroot diff --git a/meta/recipes-support/libgit2/libgit2_1.1.1.bb b/meta/recipes-support/libgit2/libgit2_1.1.1.bb index ae30a7a100..fcf80e4809 100644 --- a/meta/recipes-support/libgit2/libgit2_1.1.1.bb +++ b/meta/recipes-support/libgit2/libgit2_1.1.1.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=5b002a195fb7ea2d8d583f07eaff3a8e" DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2" -SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.1" +SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.1;protocol=https" SRCREV = "8a0dc6783c340e61a44c179c48f832165ad2053c" S = "${WORKDIR}/git" diff --git a/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb b/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb index d9fbb5e9d6..b5d816f864 100644 --- a/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb +++ b/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=1c94a9d191202a5552f381a023551396 \ file://LICENSE.gplv2;md5=eb723b61539feef013de476e68b5c50a \ file://LICENSE.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \ " -SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git \ +SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git;branch=master;protocol=https \ file://0001-Makefile-restore-build-reproducibility.patch \ " SRCREV = "409828cfccf4b3b07edc40a7840a821ce074e2c3" diff --git a/meta/recipes-support/libpcre/libpcre2_10.37.bb b/meta/recipes-support/libpcre/libpcre2_10.37.bb index e0ead59da6..ccedf688d7 100644 --- a/meta/recipes-support/libpcre/libpcre2_10.37.bb +++ b/meta/recipes-support/libpcre/libpcre2_10.37.bb @@ -10,7 +10,9 @@ SECTION = "devel" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENCE;md5=6b3022283c9a79238d521848ea9dcb4d" -SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2" +SRC_URI = "https://github.com/PhilipHazel/pcre2/releases/download/pcre2-${PV}/pcre2-${PV}.tar.bz2" + +UPSTREAM_CHECK_URI = "https://github.com/PhilipHazel/pcre2/releases" SRC_URI[sha256sum] = "4d95a96e8b80529893b4562be12648d798b957b1ba1aae39606bbc2ab956d270" diff --git a/meta/recipes-support/libpcre/libpcre_8.45.bb b/meta/recipes-support/libpcre/libpcre_8.45.bb index 76b20f5f08..46fedbae48 100644 --- a/meta/recipes-support/libpcre/libpcre_8.45.bb +++ b/meta/recipes-support/libpcre/libpcre_8.45.bb @@ -7,7 +7,7 @@ HOMEPAGE = "http://www.pcre.org" SECTION = "devel" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENCE;md5=b5d5d1a69a24ea2718263f1ff85a1c58" -SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \ +SRC_URI = "${SOURCEFORGE_MIRROR}/pcre/pcre-${PV}.tar.bz2 \ file://run-ptest \ file://Makefile \ " diff --git a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb index 74bface4a1..27954ca6b1 100644 --- a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb +++ b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb @@ -10,7 +10,7 @@ DEPENDS += "gperf-native" PV .= "+git${SRCPV}" SRCREV = "5822e50c2920ce597d038077dea4a0eedf193f86" -SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=main \ +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=main;protocol=https \ file://0001-configure.ac-Bump-version-to-2.5.99.patch \ file://0001-arch-Add-riscv32-architecture-support.patch \ file://0002-Regenerate-syscall-cvs-file-from-5.13-rc5-kernel.patch \ diff --git a/meta/recipes-support/libunistring/libunistring_0.9.10.bb b/meta/recipes-support/libunistring/libunistring_0.9.10.bb index 0a7b18ed08..589faacb05 100644 --- a/meta/recipes-support/libunistring/libunistring_0.9.10.bb +++ b/meta/recipes-support/libunistring/libunistring_0.9.10.bb @@ -18,6 +18,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=6a6a8e020838b23406c81b19c1d46df6 \ file://README;beginline=45;endline=65;md5=08287d16ba8d839faed8d2dc14d7d6a5 \ file://doc/libunistring.texi;md5=287fa6075f78a3c85c1a52b0a92547cd \ " +DEPENDS = "gperf-native" SRC_URI = "${GNU_MIRROR}/libunistring/libunistring-${PV}.tar.gz \ file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ diff --git a/meta/recipes-support/libusb/libusb1_1.0.24.bb b/meta/recipes-support/libusb/libusb1_1.0.24.bb index 95a20958a1..e70021f4f7 100644 --- a/meta/recipes-support/libusb/libusb1_1.0.24.bb +++ b/meta/recipes-support/libusb/libusb1_1.0.24.bb @@ -1,7 +1,7 @@ SUMMARY = "Userspace library to access USB (version 1.0)" DESCRIPTION = "A cross-platform library to access USB devices from Linux, \ macOS, Windows, OpenBSD/NetBSD, Haiku and Solaris userspace." -HOMEPAGE = "http://libusb.sf.net" +HOMEPAGE = "https://libusb.info" BUGTRACKER = "http://www.libusb.org/report" SECTION = "libs" @@ -10,10 +10,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" BBCLASSEXTEND = "native nativesdk" -SRC_URI = "${SOURCEFORGE_MIRROR}/libusb/libusb-${PV}.tar.bz2 \ +SRC_URI = "https://github.com/libusb/libusb/releases/download/v${PV}/libusb-${PV}.tar.bz2 \ file://run-ptest \ " +UPSTREAM_CHECK_URI = "https://github.com/libusb/libusb/releases" + SRC_URI[sha256sum] = "7efd2685f7b327326dcfb85cee426d9b871fd70e22caa15bb68d595ce2a2b12a" S = "${WORKDIR}/libusb-${PV}" diff --git a/meta/recipes-support/lz4/lz4_1.9.3.bb b/meta/recipes-support/lz4/lz4_1.9.3.bb index b22eea3156..a3c48bccfb 100644 --- a/meta/recipes-support/lz4/lz4_1.9.3.bb +++ b/meta/recipes-support/lz4/lz4_1.9.3.bb @@ -12,7 +12,7 @@ PE = "1" SRCREV = "d44371841a2f1728a3f36839fd4b7e872d0927d3" -SRC_URI = "git://github.com/lz4/lz4.git;branch=release \ +SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \ file://CVE-2021-3520.patch \ " UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)" diff --git a/meta/recipes-support/numactl/numactl_git.bb b/meta/recipes-support/numactl/numactl_git.bb index 7b1b14d1d5..19f2293a51 100644 --- a/meta/recipes-support/numactl/numactl_git.bb +++ b/meta/recipes-support/numactl/numactl_git.bb @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://README.md;beginline=19;endline=32;md5=f8ff2391624f28e SRCREV = "dd6de072c92c892a86e18c0fd0dfa1ba57a9a05d" PV = "2.0.14" -SRC_URI = "git://github.com/numactl/numactl \ +SRC_URI = "git://github.com/numactl/numactl;branch=master;protocol=https \ file://Fix-the-test-output-format.patch \ file://Makefile \ file://run-ptest \ diff --git a/meta/recipes-support/p11-kit/p11-kit_0.24.0.bb b/meta/recipes-support/p11-kit/p11-kit_0.24.0.bb index 9cac87ed32..7fe3c37fde 100644 --- a/meta/recipes-support/p11-kit/p11-kit_0.24.0.bb +++ b/meta/recipes-support/p11-kit/p11-kit_0.24.0.bb @@ -10,7 +10,7 @@ DEPENDS = "libtasn1 libtasn1-native libffi" DEPENDS:append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}" -SRC_URI = "git://github.com/p11-glue/p11-kit" +SRC_URI = "git://github.com/p11-glue/p11-kit;branch=master;protocol=https" SRCREV = "34826623f58399b24c21f1788e2cdaea34521b7b" S = "${WORKDIR}/git" diff --git a/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb b/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb index 23ab48ba2b..72922d8453 100644 --- a/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb +++ b/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe" SRCREV = "bcb82804daa8f725b6add259dcef2067e61a75aa" PV .= "+git${SRCPV}" -SRC_URI = "git://git.yoctoproject.org/ptest-runner2 \ +SRC_URI = "git://git.yoctoproject.org/ptest-runner2;branch=master \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-support/rng-tools/rng-tools_6.14.bb b/meta/recipes-support/rng-tools/rng-tools_6.14.bb index 6b79a3b040..222d7cc630 100644 --- a/meta/recipes-support/rng-tools/rng-tools_6.14.bb +++ b/meta/recipes-support/rng-tools/rng-tools_6.14.bb @@ -8,7 +8,7 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS = "sysfsutils openssl" -SRC_URI = "git://github.com/nhorman/rng-tools.git \ +SRC_URI = "git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \ file://init \ file://default \ file://rngd.service \ diff --git a/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb b/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb index b2b830cc1f..2dca36a7df 100644 --- a/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb +++ b/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS = "libxml2 itstool-native glib-2.0 shared-mime-info-native xmlto-native" -SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https" +SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https;branch=master" SRCREV = "18e558fa1c8b90b86757ade09a4ba4d6a6cf8f70" PV = "2.1" S = "${WORKDIR}/git" diff --git a/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch b/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch index 63a7b78f12..2fc11dbdc2 100644 --- a/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch +++ b/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch @@ -16,11 +16,11 @@ Signed-off-by: Mingli Yu <mingli.yu@windriver.com> src/Makefile | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) -diff --git a/src/Makefile b/src/Makefile -index f2fafa4dc..7148d4bd9 100644 ---- a/src/Makefile -+++ b/src/Makefile -@@ -2845,16 +2845,10 @@ auto/pathdef.c: Makefile auto/config.mk +Index: git/src/Makefile +=================================================================== +--- git.orig/src/Makefile ++++ git/src/Makefile +@@ -3101,16 +3101,10 @@ auto/pathdef.c: Makefile auto/config.mk -@echo '#include "vim.h"' >> $@ -@echo 'char_u *default_vim_dir = (char_u *)"$(VIMRCLOC)";' | $(QUOTESED) >> $@ -@echo 'char_u *default_vimruntime_dir = (char_u *)"$(VIMRUNTIMEDIR)";' | $(QUOTESED) >> $@ @@ -41,6 +41,3 @@ index f2fafa4dc..7148d4bd9 100644 -@sh $(srcdir)/pathdef.sh GUI_GTK_RES_INPUTS = \ --- -2.17.1 - diff --git a/meta/recipes-support/vim/files/CVE-2021-3778.patch b/meta/recipes-support/vim/files/CVE-2021-3778.patch deleted file mode 100644 index 769a7a07ac..0000000000 --- a/meta/recipes-support/vim/files/CVE-2021-3778.patch +++ /dev/null @@ -1,46 +0,0 @@ -From eb41373c8c88b0789e5cf04669d6116f9a199264 Mon Sep 17 00:00:00 2001 -From: Minjae Kim <flowergom@gmail.com> -Date: Sun, 26 Sep 2021 23:48:00 +0000 -Subject: [PATCH] patch 8.2.3409: reading beyond end of line with invalid utf-8 - character - -Problem: Reading beyond end of line with invalid utf-8 character. -Solution: Check for NUL when advancing. - -Upstream-Status: Accepted [https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f] -CVE: CVE-2021-3778 -Signed-off-by: Minjae Kim <flowergom@gmail.com> ---- - src/regexp_nfa.c | 3 ++- - src/testdir/test_regexp_utf8.vim | 7 +++++++ - 2 files changed, 9 insertions(+), 1 deletion(-) - -Index: git/src/regexp_nfa.c -=================================================================== ---- git.orig/src/regexp_nfa.c -+++ git/src/regexp_nfa.c -@@ -5455,7 +5455,8 @@ find_match_text(colnr_T startcol, int re - match = FALSE; - break; - } -- len2 += MB_CHAR2LEN(c2); -+ len2 += enc_utf8 ? utf_ptr2len(rex.line + col + len2) -+ : MB_CHAR2LEN(c2); - } - if (match - // check that no composing char follows -Index: git/src/testdir/test_regexp_utf8.vim -=================================================================== ---- git.orig/src/testdir/test_regexp_utf8.vim -+++ git/src/testdir/test_regexp_utf8.vim -@@ -215,3 +215,10 @@ func Test_optmatch_toolong() - set re=0 - endfunc - -+func Test_match_invalid_byte() -+ call writefile(0z630a.765d30aa0a.2e0a.790a.4030, 'Xinvalid') -+ new -+ source Xinvalid -+ bwipe! -+ call delete('Xinvalid') -+endfunc diff --git a/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch b/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch deleted file mode 100644 index 1cee759502..0000000000 --- a/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch +++ /dev/null @@ -1,207 +0,0 @@ -From b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar <Bram@vim.org> -Date: Sat, 4 Sep 2021 18:47:28 +0200 -Subject: [PATCH] patch 8.2.3402: invalid memory access when using :retab with - large value - -Problem: Invalid memory access when using :retab with large value. -Solution: Check the number is positive. - -CVE: CVE-2021-3770 -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> -Upstream-Status: Backport [https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9] ---- - src/indent.c | 34 +++++++++++++++++++++------------- - src/option.c | 12 ++++++------ - src/optionstr.c | 4 ++-- - src/testdir/test_retab.vim | 3 +++ - src/version.c | 2 ++ - 5 files changed, 34 insertions(+), 21 deletions(-) - -Index: git/src/indent.c -=================================================================== ---- git.orig/src/indent.c -+++ git/src/indent.c -@@ -18,18 +18,19 @@ - /* - * Set the integer values corresponding to the string setting of 'vartabstop'. - * "array" will be set, caller must free it if needed. -+ * Return FAIL for an error. - */ - int - tabstop_set(char_u *var, int **array) - { -- int valcount = 1; -- int t; -- char_u *cp; -+ int valcount = 1; -+ int t; -+ char_u *cp; - - if (var[0] == NUL || (var[0] == '0' && var[1] == NUL)) - { - *array = NULL; -- return TRUE; -+ return OK; - } - - for (cp = var; *cp != NUL; ++cp) -@@ -43,8 +44,8 @@ tabstop_set(char_u *var, int **array) - if (cp != end) - emsg(_(e_positive)); - else -- emsg(_(e_invarg)); -- return FALSE; -+ semsg(_(e_invarg2), cp); -+ return FAIL; - } - } - -@@ -55,26 +56,33 @@ tabstop_set(char_u *var, int **array) - ++valcount; - continue; - } -- emsg(_(e_invarg)); -- return FALSE; -+ semsg(_(e_invarg2), var); -+ return FAIL; - } - - *array = ALLOC_MULT(int, valcount + 1); - if (*array == NULL) -- return FALSE; -+ return FAIL; - (*array)[0] = valcount; - - t = 1; - for (cp = var; *cp != NUL;) - { -- (*array)[t++] = atoi((char *)cp); -- while (*cp != NUL && *cp != ',') -+ int n = atoi((char *)cp); -+ -+ if (n < 0 || n > 9999) -+ { -+ semsg(_(e_invarg2), cp); -+ return FAIL; -+ } -+ (*array)[t++] = n; -+ while (*cp != NUL && *cp != ',') - ++cp; - if (*cp != NUL) - ++cp; - } - -- return TRUE; -+ return OK; - } - - /* -@@ -1556,7 +1564,7 @@ ex_retab(exarg_T *eap) - - #ifdef FEAT_VARTABS - new_ts_str = eap->arg; -- if (!tabstop_set(eap->arg, &new_vts_array)) -+ if (tabstop_set(eap->arg, &new_vts_array) == FAIL) - return; - while (vim_isdigit(*(eap->arg)) || *(eap->arg) == ',') - ++(eap->arg); -Index: git/src/option.c -=================================================================== ---- git.orig/src/option.c -+++ git/src/option.c -@@ -2292,9 +2292,9 @@ didset_options2(void) - #endif - #ifdef FEAT_VARTABS - vim_free(curbuf->b_p_vsts_array); -- tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array); -+ (void)tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array); - vim_free(curbuf->b_p_vts_array); -- tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array); -+ (void)tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array); - #endif - } - -@@ -5756,7 +5756,7 @@ buf_copy_options(buf_T *buf, int flags) - buf->b_p_vsts = vim_strsave(p_vsts); - COPY_OPT_SCTX(buf, BV_VSTS); - if (p_vsts && p_vsts != empty_option) -- tabstop_set(p_vsts, &buf->b_p_vsts_array); -+ (void)tabstop_set(p_vsts, &buf->b_p_vsts_array); - else - buf->b_p_vsts_array = 0; - buf->b_p_vsts_nopaste = p_vsts_nopaste -@@ -5914,7 +5914,7 @@ buf_copy_options(buf_T *buf, int flags) - buf->b_p_isk = save_p_isk; - #ifdef FEAT_VARTABS - if (p_vts && p_vts != empty_option && !buf->b_p_vts_array) -- tabstop_set(p_vts, &buf->b_p_vts_array); -+ (void)tabstop_set(p_vts, &buf->b_p_vts_array); - else - buf->b_p_vts_array = NULL; - #endif -@@ -5929,7 +5929,7 @@ buf_copy_options(buf_T *buf, int flags) - buf->b_p_vts = vim_strsave(p_vts); - COPY_OPT_SCTX(buf, BV_VTS); - if (p_vts && p_vts != empty_option && !buf->b_p_vts_array) -- tabstop_set(p_vts, &buf->b_p_vts_array); -+ (void)tabstop_set(p_vts, &buf->b_p_vts_array); - else - buf->b_p_vts_array = NULL; - #endif -@@ -6634,7 +6634,7 @@ paste_option_changed(void) - if (buf->b_p_vsts_array) - vim_free(buf->b_p_vsts_array); - if (buf->b_p_vsts && buf->b_p_vsts != empty_option) -- tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array); -+ (void)tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array); - else - buf->b_p_vsts_array = 0; - #endif -Index: git/src/optionstr.c -=================================================================== ---- git.orig/src/optionstr.c -+++ git/src/optionstr.c -@@ -2166,7 +2166,7 @@ did_set_string_option( - if (errmsg == NULL) - { - int *oldarray = curbuf->b_p_vsts_array; -- if (tabstop_set(*varp, &(curbuf->b_p_vsts_array))) -+ if (tabstop_set(*varp, &(curbuf->b_p_vsts_array)) == OK) - { - if (oldarray) - vim_free(oldarray); -@@ -2205,7 +2205,7 @@ did_set_string_option( - { - int *oldarray = curbuf->b_p_vts_array; - -- if (tabstop_set(*varp, &(curbuf->b_p_vts_array))) -+ if (tabstop_set(*varp, &(curbuf->b_p_vts_array)) == OK) - { - vim_free(oldarray); - #ifdef FEAT_FOLDING -Index: git/src/testdir/test_retab.vim -=================================================================== ---- git.orig/src/testdir/test_retab.vim -+++ git/src/testdir/test_retab.vim -@@ -74,4 +74,7 @@ endfunc - func Test_retab_error() - call assert_fails('retab -1', 'E487:') - call assert_fails('retab! -1', 'E487:') -+ call assert_fails('ret -1000', 'E487:') -+ call assert_fails('ret 10000', 'E475:') -+ call assert_fails('ret 80000000000000000000', 'E475:') - endfunc -Index: git/src/version.c -=================================================================== ---- git.orig/src/version.c -+++ git/src/version.c -@@ -743,6 +743,8 @@ static char *(features[]) = - static int included_patches[] = - { /* Add new patch number below this line */ - /**/ -+ 3402, -+/**/ - 0 - }; - diff --git a/meta/recipes-support/vim/files/disable_acl_header_check.patch b/meta/recipes-support/vim/files/disable_acl_header_check.patch index 33089162b4..533138245d 100644 --- a/meta/recipes-support/vim/files/disable_acl_header_check.patch +++ b/meta/recipes-support/vim/files/disable_acl_header_check.patch @@ -13,11 +13,11 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com> src/configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -diff --git a/src/configure.ac b/src/configure.ac -index 2d409b3ca06a..dbcaf6140263 100644 ---- a/src/configure.ac -+++ b/src/configure.ac -@@ -3257,7 +3257,7 @@ AC_CHECK_HEADERS(stdint.h stdlib.h string.h \ +Index: git/src/configure.ac +=================================================================== +--- git.orig/src/configure.ac ++++ git/src/configure.ac +@@ -3292,7 +3292,7 @@ AC_CHECK_HEADERS(stdint.h stdlib.h strin sys/systeminfo.h locale.h sys/stream.h termios.h \ libc.h sys/statfs.h poll.h sys/poll.h pwd.h \ utime.h sys/param.h sys/ptms.h libintl.h libgen.h \ @@ -26,7 +26,7 @@ index 2d409b3ca06a..dbcaf6140263 100644 sys/access.h sys/sysinfo.h wchar.h wctype.h) dnl sys/ptem.h depends on sys/stream.h on Solaris -@@ -3886,6 +3886,7 @@ AC_ARG_ENABLE(acl, +@@ -3974,6 +3974,7 @@ AC_ARG_ENABLE(acl, , [enable_acl="yes"]) if test "$enable_acl" = "yes"; then AC_MSG_RESULT(no) @@ -34,6 +34,3 @@ index 2d409b3ca06a..dbcaf6140263 100644 AC_CHECK_LIB(posix1e, acl_get_file, [LIBS="$LIBS -lposix1e"], AC_CHECK_LIB(acl, acl_get_file, [LIBS="$LIBS -lacl" AC_CHECK_LIB(attr, fgetxattr, LIBS="$LIBS -lattr",,)],,),) --- -2.7.4 - diff --git a/meta/recipes-support/vim/files/no-path-adjust.patch b/meta/recipes-support/vim/files/no-path-adjust.patch index 05c2d803f6..9d6da80913 100644 --- a/meta/recipes-support/vim/files/no-path-adjust.patch +++ b/meta/recipes-support/vim/files/no-path-adjust.patch @@ -7,9 +7,11 @@ Upstream-Status: Pending Signed-off-by: Joe Slater <joe.slater@windriver.com> ---- a/src/Makefile -+++ b/src/Makefile -@@ -2507,11 +2507,14 @@ installtools: $(TOOLS) $(DESTDIR)$(exec_ +Index: git/src/Makefile +=================================================================== +--- git.orig/src/Makefile ++++ git/src/Makefile +@@ -2565,11 +2565,14 @@ installtools: $(TOOLS) $(DESTDIR)$(exec_ rm -rf $$cvs; \ fi -chmod $(FILEMOD) $(DEST_TOOLS)/* diff --git a/meta/recipes-support/vim/files/racefix.patch b/meta/recipes-support/vim/files/racefix.patch index 48dca44cad..1cb8fb442f 100644 --- a/meta/recipes-support/vim/files/racefix.patch +++ b/meta/recipes-support/vim/files/racefix.patch @@ -9,9 +9,9 @@ Index: git/src/po/Makefile =================================================================== --- git.orig/src/po/Makefile +++ git/src/po/Makefile -@@ -165,17 +165,16 @@ $(PACKAGE).pot: ../*.c ../if_perl.xs ../ - po/gvim.desktop.in po/vim.desktop.in - mv -f ../$(PACKAGE).po $(PACKAGE).pot +@@ -207,17 +207,16 @@ $(PACKAGE).pot: $(PO_INPUTLIST) $(PO_VIM + # Delete the temporary files + rm *.js -vim.desktop: vim.desktop.in $(POFILES) +LINGUAS: diff --git a/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch b/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch index 37914d4cd9..5284ba45b6 100644 --- a/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch +++ b/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch @@ -14,11 +14,11 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com> src/configure.ac | 7 +++++++ 1 file changed, 7 insertions(+) -diff --git a/src/configure.ac b/src/configure.ac -index 0ee86ad..64736f0 100644 ---- a/src/configure.ac -+++ b/src/configure.ac -@@ -3192,11 +3192,18 @@ AC_TRY_COMPILE([#include <stdio.h>], [int x __attribute__((unused));], +Index: git/src/configure.ac +=================================================================== +--- git.orig/src/configure.ac ++++ git/src/configure.ac +@@ -3264,11 +3264,18 @@ AC_TRY_COMPILE([#include <stdio.h>], [in AC_MSG_RESULT(no)) dnl Checks for header files. @@ -37,6 +37,3 @@ index 0ee86ad..64736f0 100644 AC_HEADER_DIRENT --- -2.7.4 - diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index db1e9caf4d..087153c1d6 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -8,20 +8,21 @@ BUGTRACKER = "https://github.com/vim/vim/issues" DEPENDS = "ncurses gettext-native" # vimdiff doesn't like busybox diff RSUGGESTS:${PN} = "diffutils" + LICENSE = "vim" -LIC_FILES_CHKSUM = "file://runtime/doc/uganda.txt;endline=287;md5=a19edd7ec70d573a005d9e509375a99a" +LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99 \ + file://runtime/doc/uganda.txt;md5=daf48235bb824c77fe8ae88d5f575f74" -SRC_URI = "git://github.com/vim/vim.git \ +SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://disable_acl_header_check.patch \ file://vim-add-knob-whether-elf.h-are-checked.patch \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ file://racefix.patch \ - file://b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch \ - file://CVE-2021-3778.patch \ -" + " -SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44" +PV .= ".4912" +SRCREV = "a7583c42cd6b64fd276a5d7bb0db5ce7bfafa730" # Do not consider .z in x.y.z, as that is updated with every commit UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0" diff --git a/meta/recipes-support/xxhash/xxhash_0.8.0.bb b/meta/recipes-support/xxhash/xxhash_0.8.0.bb index 4e48365a71..686fbea591 100644 --- a/meta/recipes-support/xxhash/xxhash_0.8.0.bb +++ b/meta/recipes-support/xxhash/xxhash_0.8.0.bb @@ -5,7 +5,7 @@ HOMEPAGE = "http://www.xxhash.com/" LICENSE = "BSD-2-Clause & GPL-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=b335320506abb0505437e39295e799cb" -SRC_URI = "git://github.com/Cyan4973/xxHash.git;branch=release;protocol=git \ +SRC_URI = "git://github.com/Cyan4973/xxHash.git;branch=release;protocol=https \ file://0001-Makefile-escape-special-regex-characters-in-paths.patch \ " UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" |