* [OE-core][dunfell 1/8] golang: CVE-2022-2880 ReverseProxy should not forward unparseable query parameters
2022-11-06 16:03 [OE-core][dunfell 0/8] Patch review Steve Sakoman
@ 2022-11-06 16:03 ` Steve Sakoman
2022-11-06 16:03 ` [OE-core][dunfell 2/8] libX11: CVE-2022-3554 Fix memory leak Steve Sakoman
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Steve Sakoman @ 2022-11-06 16:03 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Upstream-Status: Backport from https://github.com/golang/go/commit/9d2c73a9fd69e45876509bb3bdb2af99bf77da1e
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE-2022-2880.patch | 164 ++++++++++++++++++
2 files changed, 165 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-2880.patch
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 2e1d8240f6..3341beb159 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -41,6 +41,7 @@ SRC_URI += "\
file://0002-CVE-2022-32190.patch \
file://0003-CVE-2022-32190.patch \
file://0004-CVE-2022-32190.patch \
+ file://CVE-2022-2880.patch \
"
SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-2880.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-2880.patch
new file mode 100644
index 0000000000..8376dc45ba
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-2880.patch
@@ -0,0 +1,164 @@
+From 753e3f8da191c2ac400407d83c70f46900769417 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Thu, 27 Oct 2022 12:22:41 +0530
+Subject: [PATCH] CVE-2022-2880
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/9d2c73a9fd69e45876509bb3bdb2af99bf77da1e]
+CVE: CVE-2022-2880
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+
+net/http/httputil: avoid query parameter
+
+Query parameter smuggling occurs when a proxy's interpretation
+of query parameters differs from that of a downstream server.
+Change ReverseProxy to avoid forwarding ignored query parameters.
+
+Remove unparsable query parameters from the outbound request
+
+ * if req.Form != nil after calling ReverseProxy.Director; and
+ * before calling ReverseProxy.Rewrite.
+
+This change preserves the existing behavior of forwarding the
+raw query untouched if a Director hook does not parse the query
+by calling Request.ParseForm (possibly indirectly).
+---
+ src/net/http/httputil/reverseproxy.go | 36 +++++++++++
+ src/net/http/httputil/reverseproxy_test.go | 74 ++++++++++++++++++++++
+ 2 files changed, 110 insertions(+)
+
+diff --git a/src/net/http/httputil/reverseproxy.go b/src/net/http/httputil/reverseproxy.go
+index 2072a5f..c6fb873 100644
+--- a/src/net/http/httputil/reverseproxy.go
++++ b/src/net/http/httputil/reverseproxy.go
+@@ -212,6 +212,9 @@ func (p *ReverseProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
+ }
+
+ p.Director(outreq)
++ if outreq.Form != nil {
++ outreq.URL.RawQuery = cleanQueryParams(outreq.URL.RawQuery)
++ }
+ outreq.Close = false
+
+ reqUpType := upgradeType(outreq.Header)
+@@ -561,3 +564,36 @@ func (c switchProtocolCopier) copyToBackend(errc chan<- error) {
+ _, err := io.Copy(c.backend, c.user)
+ errc <- err
+ }
++
++func cleanQueryParams(s string) string {
++ reencode := func(s string) string {
++ v, _ := url.ParseQuery(s)
++ return v.Encode()
++ }
++ for i := 0; i < len(s); {
++ switch s[i] {
++ case ';':
++ return reencode(s)
++ case '%':
++ if i+2 >= len(s) || !ishex(s[i+1]) || !ishex(s[i+2]) {
++ return reencode(s)
++ }
++ i += 3
++ default:
++ i++
++ }
++ }
++ return s
++}
++
++func ishex(c byte) bool {
++ switch {
++ case '0' <= c && c <= '9':
++ return true
++ case 'a' <= c && c <= 'f':
++ return true
++ case 'A' <= c && c <= 'F':
++ return true
++ }
++ return false
++}
+diff --git a/src/net/http/httputil/reverseproxy_test.go b/src/net/http/httputil/reverseproxy_test.go
+index 9a7223a..bc87a3b 100644
+--- a/src/net/http/httputil/reverseproxy_test.go
++++ b/src/net/http/httputil/reverseproxy_test.go
+@@ -1269,3 +1269,77 @@ func TestSingleJoinSlash(t *testing.T) {
+ }
+ }
+ }
++
++const (
++ testWantsCleanQuery = true
++ testWantsRawQuery = false
++)
++
++func TestReverseProxyQueryParameterSmugglingDirectorDoesNotParseForm(t *testing.T) {
++ testReverseProxyQueryParameterSmuggling(t, testWantsRawQuery, func(u *url.URL) *ReverseProxy {
++ proxyHandler := NewSingleHostReverseProxy(u)
++ oldDirector := proxyHandler.Director
++ proxyHandler.Director = func(r *http.Request) {
++ oldDirector(r)
++ }
++ return proxyHandler
++ })
++}
++
++func TestReverseProxyQueryParameterSmugglingDirectorParsesForm(t *testing.T) {
++ testReverseProxyQueryParameterSmuggling(t, testWantsCleanQuery, func(u *url.URL) *ReverseProxy {
++ proxyHandler := NewSingleHostReverseProxy(u)
++ oldDirector := proxyHandler.Director
++ proxyHandler.Director = func(r *http.Request) {
++ // Parsing the form causes ReverseProxy to remove unparsable
++ // query parameters before forwarding.
++ r.FormValue("a")
++ oldDirector(r)
++ }
++ return proxyHandler
++ })
++}
++
++func testReverseProxyQueryParameterSmuggling(t *testing.T, wantCleanQuery bool, newProxy func(*url.URL) *ReverseProxy) {
++ const content = "response_content"
++ backend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
++ w.Write([]byte(r.URL.RawQuery))
++ }))
++ defer backend.Close()
++ backendURL, err := url.Parse(backend.URL)
++ if err != nil {
++ t.Fatal(err)
++ }
++ proxyHandler := newProxy(backendURL)
++ frontend := httptest.NewServer(proxyHandler)
++ defer frontend.Close()
++
++ // Don't spam output with logs of queries containing semicolons.
++ backend.Config.ErrorLog = log.New(io.Discard, "", 0)
++ frontend.Config.ErrorLog = log.New(io.Discard, "", 0)
++
++ for _, test := range []struct {
++ rawQuery string
++ cleanQuery string
++ }{{
++ rawQuery: "a=1&a=2;b=3",
++ cleanQuery: "a=1",
++ }, {
++ rawQuery: "a=1&a=%zz&b=3",
++ cleanQuery: "a=1&b=3",
++ }} {
++ res, err := frontend.Client().Get(frontend.URL + "?" + test.rawQuery)
++ if err != nil {
++ t.Fatalf("Get: %v", err)
++ }
++ defer res.Body.Close()
++ body, _ := io.ReadAll(res.Body)
++ wantQuery := test.rawQuery
++ if wantCleanQuery {
++ wantQuery = test.cleanQuery
++ }
++ if got, want := string(body), wantQuery; got != want {
++ t.Errorf("proxy forwarded raw query %q as %q, want %q", test.rawQuery, got, want)
++ }
++ }
++}
+--
+2.25.1
+
--
2.25.1
^ permalink raw reply related [flat|nested] 9+ messages in thread* [OE-core][dunfell 2/8] libX11: CVE-2022-3554 Fix memory leak
2022-11-06 16:03 [OE-core][dunfell 0/8] Patch review Steve Sakoman
2022-11-06 16:03 ` [OE-core][dunfell 1/8] golang: CVE-2022-2880 ReverseProxy should not forward unparseable query parameters Steve Sakoman
@ 2022-11-06 16:03 ` Steve Sakoman
2022-11-06 16:03 ` [OE-core][dunfell 3/8] expat: Fix CVE-2022-43680 for expat Steve Sakoman
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Steve Sakoman @ 2022-11-06 16:03 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1d11822601fd24a396b354fa616b04ed3df8b4ef
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../xorg-lib/libx11/CVE-2022-3554.patch | 58 +++++++++++++++++++
.../recipes-graphics/xorg-lib/libx11_1.6.9.bb | 1 +
2 files changed, 59 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3554.patch
diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3554.patch b/meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3554.patch
new file mode 100644
index 0000000000..fb61195225
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3554.patch
@@ -0,0 +1,58 @@
+From 8b51d1375a4dd6a7cf3a919da83d8e87e57e7333 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Wed, 2 Nov 2022 17:04:15 +0530
+Subject: [PATCH] CVE-2022-3554
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1d11822601fd24a396b354fa616b04ed3df8b4ef]
+CVE: CVE-2022-3554
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+
+fix a memory leak in XRegisterIMInstantiateCallback
+
+Analysis:
+
+ _XimRegisterIMInstantiateCallback() opens an XIM and closes it using
+ the internal function pointers, but the internal close function does
+ not free the pointer to the XIM (this would be done in XCloseIM()).
+
+Report/patch:
+
+ Date: Mon, 03 Oct 2022 18:47:32 +0800
+ From: Po Lu <luangruo@yahoo.com>
+ To: xorg-devel@lists.x.org
+ Subject: Re: Yet another leak in Xlib
+
+ For reference, here's how I'm calling XRegisterIMInstantiateCallback:
+
+ XSetLocaleModifiers ("");
+ XRegisterIMInstantiateCallback (compositor.display,
+ XrmGetDatabase (compositor.display),
+ (char *) compositor.resource_name,
+ (char *) compositor.app_name,
+ IMInstantiateCallback, NULL);
+ and XMODIFIERS is:
+
+ @im=ibus
+
+Signed-off-by: Thomas E. Dickey's avatarThomas E. Dickey <dickey@invisible-island.net>
+---
+ modules/im/ximcp/imInsClbk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/modules/im/ximcp/imInsClbk.c b/modules/im/ximcp/imInsClbk.c
+index 961aaba..0a8a874 100644
+--- a/modules/im/ximcp/imInsClbk.c
++++ b/modules/im/ximcp/imInsClbk.c
+@@ -204,6 +204,9 @@ _XimRegisterIMInstantiateCallback(
+ if( xim ) {
+ lock = True;
+ xim->methods->close( (XIM)xim );
++ /* XIMs must be freed manually after being opened; close just
++ does the protocol to deinitialize the IM. */
++ XFree( xim );
+ lock = False;
+ icb->call = True;
+ callback( display, client_data, NULL );
+--
+2.25.1
+
diff --git a/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb b/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb
index ff2a6f7265..72ab1d4150 100644
--- a/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb
+++ b/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb
@@ -16,6 +16,7 @@ SRC_URI += "file://Fix-hanging-issue-in-_XReply.patch \
file://CVE-2020-14344.patch \
file://CVE-2020-14363.patch \
file://CVE-2021-31535.patch \
+ file://CVE-2022-3554.patch \
"
SRC_URI[md5sum] = "55adbfb6d4370ecac5e70598c4e7eed2"
--
2.25.1
^ permalink raw reply related [flat|nested] 9+ messages in thread* [OE-core][dunfell 3/8] expat: Fix CVE-2022-43680 for expat
2022-11-06 16:03 [OE-core][dunfell 0/8] Patch review Steve Sakoman
2022-11-06 16:03 ` [OE-core][dunfell 1/8] golang: CVE-2022-2880 ReverseProxy should not forward unparseable query parameters Steve Sakoman
2022-11-06 16:03 ` [OE-core][dunfell 2/8] libX11: CVE-2022-3554 Fix memory leak Steve Sakoman
@ 2022-11-06 16:03 ` Steve Sakoman
2022-11-06 16:03 ` [OE-core][dunfell 4/8] cve-update-db-native: add timeout to urlopen() calls Steve Sakoman
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Steve Sakoman @ 2022-11-06 16:03 UTC (permalink / raw)
To: openembedded-core
From: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Add a patch to fix CVE-2022-43680 issue where use-after free caused by
overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
in out-of-memory situations
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-43680
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../expat/expat/CVE-2022-43680.patch | 33 +++++++++++++++++++
meta/recipes-core/expat/expat_2.2.9.bb | 1 +
2 files changed, 34 insertions(+)
create mode 100644 meta/recipes-core/expat/expat/CVE-2022-43680.patch
diff --git a/meta/recipes-core/expat/expat/CVE-2022-43680.patch b/meta/recipes-core/expat/expat/CVE-2022-43680.patch
new file mode 100644
index 0000000000..6f93bc3ed7
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2022-43680.patch
@@ -0,0 +1,33 @@
+From 5290462a7ea1278a8d5c0d5b2860d4e244f997e4 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Tue, 20 Sep 2022 02:44:34 +0200
+Subject: [PATCH] lib: Fix overeager DTD destruction in
+ XML_ExternalEntityParserCreate
+
+CVE: CVE-2022-43680
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/5290462a7ea1278a8d5c0d5b2860d4e244f997e4.patch]
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+Comments: Hunk refreshed
+---
+ lib/xmlparse.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index aacd6e7fc..57bf103cc 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -1035,6 +1035,14 @@ parserCreate(const XML_Char *encodingNam
+ parserInit(parser, encodingName);
+
+ if (encodingName && ! parser->m_protocolEncodingName) {
++ if (dtd) {
++ // We need to stop the upcoming call to XML_ParserFree from happily
++ // destroying parser->m_dtd because the DTD is shared with the parent
++ // parser and the only guard that keeps XML_ParserFree from destroying
++ // parser->m_dtd is parser->m_isParamEntity but it will be set to
++ // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
++ parser->m_dtd = NULL;
++ }
+ XML_ParserFree(parser);
+ return NULL;
+ }
diff --git a/meta/recipes-core/expat/expat_2.2.9.bb b/meta/recipes-core/expat/expat_2.2.9.bb
index 578edfcbff..8a5006e59a 100644
--- a/meta/recipes-core/expat/expat_2.2.9.bb
+++ b/meta/recipes-core/expat/expat_2.2.9.bb
@@ -21,6 +21,7 @@ SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \
file://CVE-2022-25315.patch \
file://libtool-tag.patch \
file://CVE-2022-40674.patch \
+ file://CVE-2022-43680.patch \
"
SRCREV = "a7bc26b69768f7fb24f0c7976fae24b157b85b13"
--
2.25.1
^ permalink raw reply related [flat|nested] 9+ messages in thread* [OE-core][dunfell 4/8] cve-update-db-native: add timeout to urlopen() calls
2022-11-06 16:03 [OE-core][dunfell 0/8] Patch review Steve Sakoman
` (2 preceding siblings ...)
2022-11-06 16:03 ` [OE-core][dunfell 3/8] expat: Fix CVE-2022-43680 for expat Steve Sakoman
@ 2022-11-06 16:03 ` Steve Sakoman
2022-11-06 16:03 ` [OE-core][dunfell 5/8] vim: Upgrade 9.0.0598 -> 9.0.0614 Steve Sakoman
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Steve Sakoman @ 2022-11-06 16:03 UTC (permalink / raw)
To: openembedded-core
From: Frank de Brabander <debrabander@gmail.com>
The urlopen() call can block indefinitely under some circumstances.
This can result in the bitbake process to run endlessly because of
the 'do_fetch' task of cve-update-bb-native to remain active.
This adds a default timeout of 60 seconds to avoid this hang, while
being large enough to minimize the risk of unwanted timeouts.
Signed-off-by: Frank de Brabander <debrabander@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e5f6652854f544106b40d860de2946954de642f3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/meta/cve-update-db-native.bb | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 85874ead01..59e7d7dc2c 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -17,6 +17,9 @@ deltask do_populate_sysroot
# Use a negative value to skip the update
CVE_DB_UPDATE_INTERVAL ?= "86400"
+# Timeout for blocking socket operations, such as the connection attempt.
+CVE_SOCKET_TIMEOUT ?= "60"
+
python () {
if not bb.data.inherits_class("cve-check", d):
raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
@@ -39,6 +42,8 @@ python do_fetch() {
db_file = d.getVar("CVE_CHECK_DB_FILE")
db_dir = os.path.dirname(db_file)
+ cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT"))
+
if os.path.exists("{0}-journal".format(db_file)):
# If a journal is present the last update might have been interrupted. In that case,
# just wipe any leftovers and force the DB to be recreated.
@@ -77,7 +82,7 @@ python do_fetch() {
# Retrieve meta last modified date
try:
- response = urllib.request.urlopen(meta_url)
+ response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout)
except urllib.error.URLError as e:
cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n')
bb.warn("Failed to fetch CVE data (%s)" % e.reason)
@@ -104,7 +109,7 @@ python do_fetch() {
# Update db with current year json file
try:
- response = urllib.request.urlopen(json_url)
+ response = urllib.request.urlopen(json_url, timeout=cve_socket_timeout)
if response:
update_db(conn, gzip.decompress(response.read()).decode('utf-8'))
conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close()
--
2.25.1
^ permalink raw reply related [flat|nested] 9+ messages in thread* [OE-core][dunfell 5/8] vim: Upgrade 9.0.0598 -> 9.0.0614
2022-11-06 16:03 [OE-core][dunfell 0/8] Patch review Steve Sakoman
` (3 preceding siblings ...)
2022-11-06 16:03 ` [OE-core][dunfell 4/8] cve-update-db-native: add timeout to urlopen() calls Steve Sakoman
@ 2022-11-06 16:03 ` Steve Sakoman
2022-11-06 16:03 ` [OE-core][dunfell 6/8] tzdata: update to 2022d Steve Sakoman
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Steve Sakoman @ 2022-11-06 16:03 UTC (permalink / raw)
To: openembedded-core
From: Teoh Jay Shen <jay.shen.teoh@intel.com>
Include fixes for CVE-2022-3352.
Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 8aa707f80ae1cfe89d5e20ec1f1632a65149aed4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index f2cd235329..e9fd7a3eec 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://no-path-adjust.patch \
"
-PV .= ".0598"
-SRCREV = "8279af514ca7e5fd3c31cf13b0864163d1a0bfeb"
+PV .= ".0614"
+SRCREV = "ef976323e770315b5fca544efb6b2faa25674d15"
# Remove when 8.3 is out
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.25.1
^ permalink raw reply related [flat|nested] 9+ messages in thread* [OE-core][dunfell 6/8] tzdata: update to 2022d
2022-11-06 16:03 [OE-core][dunfell 0/8] Patch review Steve Sakoman
` (4 preceding siblings ...)
2022-11-06 16:03 ` [OE-core][dunfell 5/8] vim: Upgrade 9.0.0598 -> 9.0.0614 Steve Sakoman
@ 2022-11-06 16:03 ` Steve Sakoman
2022-11-06 16:03 ` [OE-core][dunfell 7/8] coreutils: add openssl PACKAGECONFIG Steve Sakoman
2022-11-06 16:03 ` [OE-core][dunfell 8/8] bluez5: add dbus to RDEPENDS Steve Sakoman
7 siblings, 0 replies; 9+ messages in thread
From: Steve Sakoman @ 2022-11-06 16:03 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ceac0492e75baa63a46365d8b63275437ad5671f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/timezone/timezone.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index d032fed356..d3c78e9157 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -6,7 +6,7 @@ SECTION = "base"
LICENSE = "PD & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
-PV = "2022c"
+PV = "2022d"
SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \
@@ -14,6 +14,6 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
-SRC_URI[tzcode.sha256sum] = "3e7ce1f3620cc0481907c7e074d69910793285bffe0ca331ef1a6d1ae3ea90cc"
-SRC_URI[tzdata.sha256sum] = "6974f4e348bf2323274b56dff9e7500247e3159eaa4b485dfa0cd66e75c14bfe"
+SRC_URI[tzcode.sha256sum] = "d644ba0f938899374ea8cb554e35fb4afa0f7bd7b716c61777cd00500b8759e0"
+SRC_URI[tzdata.sha256sum] = "6ecdbee27fa43dcfa49f3d4fd8bb1dfef54c90da1abcd82c9abcf2dc4f321de0"
--
2.25.1
^ permalink raw reply related [flat|nested] 9+ messages in thread* [OE-core][dunfell 7/8] coreutils: add openssl PACKAGECONFIG
2022-11-06 16:03 [OE-core][dunfell 0/8] Patch review Steve Sakoman
` (5 preceding siblings ...)
2022-11-06 16:03 ` [OE-core][dunfell 6/8] tzdata: update to 2022d Steve Sakoman
@ 2022-11-06 16:03 ` Steve Sakoman
2022-11-06 16:03 ` [OE-core][dunfell 8/8] bluez5: add dbus to RDEPENDS Steve Sakoman
7 siblings, 0 replies; 9+ messages in thread
From: Steve Sakoman @ 2022-11-06 16:03 UTC (permalink / raw)
To: openembedded-core
From: Daniel McGregor <daniel.mcgregor@vecima.com>
coreutils-native will pick up openssl on the host if it's GPL
compatible (version >= 3), which causes uninative failures with hosts
that don't have openssl3.
Add a PACKAGECONFIG entry for openssl so it can be enabled, but isn't
by default.
Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9859a8124a0c09ac38d476445e7df7097f41d153)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/coreutils/coreutils_8.31.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-core/coreutils/coreutils_8.31.bb b/meta/recipes-core/coreutils/coreutils_8.31.bb
index 3d569881e8..3841f71155 100644
--- a/meta/recipes-core/coreutils/coreutils_8.31.bb
+++ b/meta/recipes-core/coreutils/coreutils_8.31.bb
@@ -51,6 +51,7 @@ PACKAGECONFIG_class-nativesdk ??= "xattr"
PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl,"
PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr,"
PACKAGECONFIG[single-binary] = "--enable-single-binary,--disable-single-binary,,"
+PACKAGECONFIG[openssl] = "--with-openssl=yes,--with-openssl=no,openssl"
# [ df mktemp nice printenv base64 gets a special treatment and is not included in this
bindir_progs = "arch basename chcon cksum comm csplit cut dir dircolors dirname du \
--
2.25.1
^ permalink raw reply related [flat|nested] 9+ messages in thread* [OE-core][dunfell 8/8] bluez5: add dbus to RDEPENDS
2022-11-06 16:03 [OE-core][dunfell 0/8] Patch review Steve Sakoman
` (6 preceding siblings ...)
2022-11-06 16:03 ` [OE-core][dunfell 7/8] coreutils: add openssl PACKAGECONFIG Steve Sakoman
@ 2022-11-06 16:03 ` Steve Sakoman
7 siblings, 0 replies; 9+ messages in thread
From: Steve Sakoman @ 2022-11-06 16:03 UTC (permalink / raw)
To: openembedded-core
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Unless we're using systemd, dbus is not pulled into the system
automatically. Bluez5 will not work without dbus so add it to RDEPENDS
explicitly.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 377ef7009a8638efe688b6b61f67ae399eb1f23d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-connectivity/bluez5/bluez5.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index eaac9ee849..7ad054b3a7 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \
file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e"
DEPENDS = "dbus glib-2.0"
+RDEPENDS:${PN} += "dbus"
PROVIDES += "bluez-hcidump"
RPROVIDES_${PN} += "bluez-hcidump"
--
2.25.1
^ permalink raw reply related [flat|nested] 9+ messages in thread