* [Honister 0/7] Patch review
@ 2021-12-30 21:31 Armin Kuster
2021-12-30 21:31 ` [Honister 2/7] postgresql: fix CVE-2021-23214,CVE-2021-23222 Armin Kuster
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: Armin Kuster @ 2021-12-30 21:31 UTC (permalink / raw)
To: openembedded-devel
Please have comments back by Dec 31st.
The following changes since commit ae34f8f8e4f7210e4e86656a5dd9fb9bc1766ce1:
googletest: Switch branch from master to main (2021-12-18 11:23:46 -0800)
are available in the Git repository at:
git://git.openembedded.org/meta-openembedded-contrib stable/honister-nut
http://cgit.openembedded.org/meta-openembedded-contrib/log/?h=stable/honister-nut
Changqing Li (1):
postgresql: fix CVE-2021-23214,CVE-2021-23222
Trevor Gamblin (1):
python3-django: upgrade 3.2.5 -> 3.2.10
Yi Zhao (2):
postfix: upgrade 3.6.2 -> 3.6.3
openipmi: upgrade 2.0.31 -> 2.0.32
wangmy (1):
libfile-slurper-perl: upgrade 0.012 -> 0.013
zhengruoqin (2):
openvpn: upgrade 2.5.4 -> 2.5.5
libnet-dns-perl: upgrade 1.32 -> 1.33
.../{postfix_3.6.2.bb => postfix_3.6.3.bb} | 2 +-
...{openipmi_2.0.31.bb => openipmi_2.0.32.bb} | 4 +-
.../{openvpn_2.5.4.bb => openvpn_2.5.5.bb} | 2 +-
.../postgresql/files/CVE-2021-23214.patch | 116 ++++++++++++++++
.../postgresql/files/CVE-2021-23222.patch | 131 ++++++++++++++++++
.../recipes-dbs/postgresql/postgresql_13.4.bb | 2 +
...0.012.bb => libfile-slurper-perl_0.013.bb} | 3 +-
...s-perl_1.32.bb => libnet-dns-perl_1.33.bb} | 4 +-
...ango_3.2.5.bb => python3-django_3.2.10.bb} | 2 +-
9 files changed, 257 insertions(+), 9 deletions(-)
rename meta-networking/recipes-daemons/postfix/{postfix_3.6.2.bb => postfix_3.6.3.bb} (89%)
rename meta-networking/recipes-support/openipmi/{openipmi_2.0.31.bb => openipmi_2.0.32.bb} (96%)
rename meta-networking/recipes-support/openvpn/{openvpn_2.5.4.bb => openvpn_2.5.5.bb} (97%)
create mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch
create mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch
rename meta-perl/recipes-perl/libfile/{libfile-slurper-perl_0.012.bb => libfile-slurper-perl_0.013.bb} (88%)
rename meta-perl/recipes-perl/libnet/{libnet-dns-perl_1.32.bb => libnet-dns-perl_1.33.bb} (93%)
rename meta-python/recipes-devtools/python/{python3-django_3.2.5.bb => python3-django_3.2.10.bb} (77%)
--
2.25.1
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Honister 2/7] postgresql: fix CVE-2021-23214,CVE-2021-23222
2021-12-30 21:31 [Honister 0/7] Patch review Armin Kuster
@ 2021-12-30 21:31 ` Armin Kuster
2021-12-30 21:31 ` [Honister 3/7] openvpn: upgrade 2.5.4 -> 2.5.5 Armin Kuster
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Armin Kuster @ 2021-12-30 21:31 UTC (permalink / raw)
To: openembedded-devel
From: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8e57fb9b1e4da504ceeaadcff2fe38555a47b6b6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../postgresql/files/CVE-2021-23214.patch | 116 ++++++++++++++++
.../postgresql/files/CVE-2021-23222.patch | 131 ++++++++++++++++++
.../recipes-dbs/postgresql/postgresql_13.4.bb | 2 +
3 files changed, 249 insertions(+)
create mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch
create mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch
diff --git a/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch b/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch
new file mode 100644
index 0000000000..58bf810626
--- /dev/null
+++ b/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23214.patch
@@ -0,0 +1,116 @@
+From 24c2b9e42edb6d2f4ef2cead3b0aa1d6196adfce Mon Sep 17 00:00:00 2001
+From: Tom Lane <tgl@sss.pgh.pa.us>
+Date: Mon, 8 Nov 2021 11:01:43 -0500
+Subject: [PATCH 2/2] Reject extraneous data after SSL or GSS encryption
+ handshake.
+
+The server collects up to a bufferload of data whenever it reads data
+from the client socket. When SSL or GSS encryption is requested
+during startup, any additional data received with the initial
+request message remained in the buffer, and would be treated as
+already-decrypted data once the encryption handshake completed.
+Thus, a man-in-the-middle with the ability to inject data into the
+TCP connection could stuff some cleartext data into the start of
+a supposedly encryption-protected database session.
+
+This could be abused to send faked SQL commands to the server,
+although that would only work if the server did not demand any
+authentication data. (However, a server relying on SSL certificate
+authentication might well not do so.)
+
+To fix, throw a protocol-violation error if the internal buffer
+is not empty after the encryption handshake.
+
+Our thanks to Jacob Champion for reporting this problem.
+
+Security: CVE-2021-23214
+
+Upstream-Status: Backport[https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951]
+CVE: CVE-2021-23214
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+---
+ src/backend/libpq/pqcomm.c | 11 +++++++++++
+ src/backend/postmaster/postmaster.c | 23 ++++++++++++++++++++++-
+ src/include/libpq/libpq.h | 1 +
+ 3 files changed, 34 insertions(+), 1 deletion(-)
+
+diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c
+index ee2cd86..4dd1c02 100644
+--- a/src/backend/libpq/pqcomm.c
++++ b/src/backend/libpq/pqcomm.c
+@@ -1183,6 +1183,17 @@ pq_getstring(StringInfo s)
+ }
+ }
+
++/* -------------------------------
++ * pq_buffer_has_data - is any buffered data available to read?
++ *
++ * This will *not* attempt to read more data.
++ * --------------------------------
++ */
++bool
++pq_buffer_has_data(void)
++{
++ return (PqRecvPointer < PqRecvLength);
++}
+
+ /* --------------------------------
+ * pq_startmsgread - begin reading a message from the client.
+diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
+index 5775fc0..1fcc3f8 100644
+--- a/src/backend/postmaster/postmaster.c
++++ b/src/backend/postmaster/postmaster.c
+@@ -2049,6 +2049,17 @@ retry1:
+ return STATUS_ERROR;
+ #endif
+
++ /*
++ * At this point we should have no data already buffered. If we do,
++ * it was received before we performed the SSL handshake, so it wasn't
++ * encrypted and indeed may have been injected by a man-in-the-middle.
++ * We report this case to the client.
++ */
++ if (pq_buffer_has_data())
++ ereport(FATAL,
++ (errcode(ERRCODE_PROTOCOL_VIOLATION),
++ errmsg("received unencrypted data after SSL request"),
++ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
+ /*
+ * regular startup packet, cancel, etc packet should follow, but not
+ * another SSL negotiation request, and a GSS request should only
+@@ -2080,7 +2091,17 @@ retry1:
+ if (GSSok == 'G' && secure_open_gssapi(port) == -1)
+ return STATUS_ERROR;
+ #endif
+-
++ /*
++ * At this point we should have no data already buffered. If we do,
++ * it was received before we performed the GSS handshake, so it wasn't
++ * encrypted and indeed may have been injected by a man-in-the-middle.
++ * We report this case to the client.
++ */
++ if (pq_buffer_has_data())
++ ereport(FATAL,
++ (errcode(ERRCODE_PROTOCOL_VIOLATION),
++ errmsg("received unencrypted data after GSSAPI encryption request"),
++ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
+ /*
+ * regular startup packet, cancel, etc packet should follow, but not
+ * another GSS negotiation request, and an SSL request should only
+diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h
+index b115247..9969692 100644
+--- a/src/include/libpq/libpq.h
++++ b/src/include/libpq/libpq.h
+@@ -73,6 +73,7 @@ extern int pq_getbyte(void);
+ extern int pq_peekbyte(void);
+ extern int pq_getbyte_if_available(unsigned char *c);
+ extern int pq_putbytes(const char *s, size_t len);
++extern bool pq_buffer_has_data(void);
+
+ /*
+ * prototypes for functions in be-secure.c
+--
+2.17.1
+
diff --git a/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch b/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch
new file mode 100644
index 0000000000..42b78539b4
--- /dev/null
+++ b/meta-oe/recipes-dbs/postgresql/files/CVE-2021-23222.patch
@@ -0,0 +1,131 @@
+From 79125ead2a6a234086844bb42f06d49603fe6ca0 Mon Sep 17 00:00:00 2001
+From: Tom Lane <tgl@sss.pgh.pa.us>
+Date: Mon, 8 Nov 2021 11:14:56 -0500
+Subject: [PATCH 1/2] libpq: reject extraneous data after SSL or GSS encryption
+ handshake.
+
+libpq collects up to a bufferload of data whenever it reads data from
+the socket. When SSL or GSS encryption is requested during startup,
+any additional data received with the server's yes-or-no reply
+remained in the buffer, and would be treated as already-decrypted data
+once the encryption handshake completed. Thus, a man-in-the-middle
+with the ability to inject data into the TCP connection could stuff
+some cleartext data into the start of a supposedly encryption-protected
+database session.
+
+This could probably be abused to inject faked responses to the
+client's first few queries, although other details of libpq's behavior
+make that harder than it sounds. A different line of attack is to
+exfiltrate the client's password, or other sensitive data that might
+be sent early in the session. That has been shown to be possible with
+a server vulnerable to CVE-2021-23214.
+
+To fix, throw a protocol-violation error if the internal buffer
+is not empty after the encryption handshake.
+
+Our thanks to Jacob Champion for reporting this problem.
+
+Security: CVE-2021-23222
+
+Upstream-Status: Backport[https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45]
+CVE: CVE-2021-23222
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ doc/src/sgml/protocol.sgml | 28 ++++++++++++++++++++++++++++
+ src/interfaces/libpq/fe-connect.c | 26 ++++++++++++++++++++++++++
+ 2 files changed, 54 insertions(+)
+
+diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
+index e26619e1b5..b692648fca 100644
+--- a/doc/src/sgml/protocol.sgml
++++ b/doc/src/sgml/protocol.sgml
+@@ -1471,6 +1471,20 @@ SELCT 1/0;<!-- this typo is intentional -->
+ and proceed without requesting <acronym>SSL</acronym>.
+ </para>
+
++ <para>
++ When <acronym>SSL</acronym> encryption can be performed, the server
++ is expected to send only the single <literal>S</literal> byte and then
++ wait for the frontend to initiate an <acronym>SSL</acronym> handshake.
++ If additional bytes are available to read at this point, it likely
++ means that a man-in-the-middle is attempting to perform a
++ buffer-stuffing attack
++ (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>).
++ Frontends should be coded either to read exactly one byte from the
++ socket before turning the socket over to their SSL library, or to
++ treat it as a protocol violation if they find they have read additional
++ bytes.
++ </para>
++
+ <para>
+ An initial SSLRequest can also be used in a connection that is being
+ opened to send a CancelRequest message.
+@@ -1532,6 +1546,20 @@ SELCT 1/0;<!-- this typo is intentional -->
+ encryption.
+ </para>
+
++ <para>
++ When <acronym>GSSAPI</acronym> encryption can be performed, the server
++ is expected to send only the single <literal>G</literal> byte and then
++ wait for the frontend to initiate a <acronym>GSSAPI</acronym> handshake.
++ If additional bytes are available to read at this point, it likely
++ means that a man-in-the-middle is attempting to perform a
++ buffer-stuffing attack
++ (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>).
++ Frontends should be coded either to read exactly one byte from the
++ socket before turning the socket over to their GSSAPI library, or to
++ treat it as a protocol violation if they find they have read additional
++ bytes.
++ </para>
++
+ <para>
+ An initial GSSENCRequest can also be used in a connection that is being
+ opened to send a CancelRequest message.
+diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
+index f80f4e98d8..57aee95183 100644
+--- a/src/interfaces/libpq/fe-connect.c
++++ b/src/interfaces/libpq/fe-connect.c
+@@ -3076,6 +3076,19 @@ keep_going: /* We will come back to here until there is
+ pollres = pqsecure_open_client(conn);
+ if (pollres == PGRES_POLLING_OK)
+ {
++ /*
++ * At this point we should have no data already buffered.
++ * If we do, it was received before we performed the SSL
++ * handshake, so it wasn't encrypted and indeed may have
++ * been injected by a man-in-the-middle.
++ */
++ if (conn->inCursor != conn->inEnd)
++ {
++ appendPQExpBufferStr(&conn->errorMessage,
++ libpq_gettext("received unencrypted data after SSL response\n"));
++ goto error_return;
++ }
++
+ /* SSL handshake done, ready to send startup packet */
+ conn->status = CONNECTION_MADE;
+ return PGRES_POLLING_WRITING;
+@@ -3175,6 +3188,19 @@ keep_going: /* We will come back to here until there is
+ pollres = pqsecure_open_gss(conn);
+ if (pollres == PGRES_POLLING_OK)
+ {
++ /*
++ * At this point we should have no data already buffered.
++ * If we do, it was received before we performed the GSS
++ * handshake, so it wasn't encrypted and indeed may have
++ * been injected by a man-in-the-middle.
++ */
++ if (conn->inCursor != conn->inEnd)
++ {
++ appendPQExpBufferStr(&conn->errorMessage,
++ libpq_gettext("received unencrypted data after GSSAPI encryption response\n"));
++ goto error_return;
++ }
++
+ /* All set for startup packet */
+ conn->status = CONNECTION_MADE;
+ return PGRES_POLLING_WRITING;
+--
+2.17.1
+
diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb b/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb
index f63d23dbef..2ed0fa49bb 100644
--- a/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb
+++ b/meta-oe/recipes-dbs/postgresql/postgresql_13.4.bb
@@ -7,6 +7,8 @@ SRC_URI += "\
file://0001-Add-support-for-RISC-V.patch \
file://0001-Improve-reproducibility.patch \
file://0001-configure.in-bypass-autoconf-2.69-version-check.patch \
+ file://CVE-2021-23214.patch \
+ file://CVE-2021-23222.patch \
"
SRC_URI[sha256sum] = "ea93e10390245f1ce461a54eb5f99a48d8cabd3a08ce4d652ec2169a357bc0cd"
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Honister 3/7] openvpn: upgrade 2.5.4 -> 2.5.5
2021-12-30 21:31 [Honister 0/7] Patch review Armin Kuster
2021-12-30 21:31 ` [Honister 2/7] postgresql: fix CVE-2021-23214,CVE-2021-23222 Armin Kuster
@ 2021-12-30 21:31 ` Armin Kuster
2021-12-30 21:31 ` [Honister 4/7] postfix: upgrade 3.6.2 -> 3.6.3 Armin Kuster
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Armin Kuster @ 2021-12-30 21:31 UTC (permalink / raw)
To: openembedded-devel
From: zhengruoqin <zhengrq.fnst@fujitsu.com>
Changelog:
=========
Fix error in example firewall.sh script
configure: remove useless -Wno-* from default CFLAGS
Add argv_insert_head__empty_argv__head_only to argv tests
Move deprecation of SWEET32/64bit block size ciphers to 2.7
Include --push-remove in the output of --help.
Move '--push-peer-info' documentation from 'server' to 'client options'
add test case(s) to notice 'openvpn --show-cipher' crashing
BUILD: enable CFG and Spectre mitigation for MSVC
Fix loading PKCS12 files on Windows
msvc: fix product version display
msvc: add missing header to project file
config-msvc.h: fix OpenSSL-related defines
contrib/vcpkg-ports: remove openssl port
GitHub Actions: use latest working lukka/run-vcpkg
Use network address for emulated DHCP server as a default
Load OpenSSL config on Windows from trusted location
ring_buffer.h: fix GCC warning about unused function
ssh_openssl.h: remove unused declaration
vcpkg/pkcs11-helper: compatibility with latest vcpkg
config-msvc.h: indicate key material export support
Don't use BF-CBC in unit tests if we don't have it
Define have_blowfish variable in ncp unit tests
doc link-options.rst: Use free open-source dynamic-DNS provider URL
Fix some more wrong defines in config-msvc.h
Ensure the current common_name is in the environment for scripts
Require EC key support in Windows builds
resolvconf fails with -p
Update IRC information in CONTRIBUTING.rst
doc/man (vpn-network-options): fix foreign_option_{n} typo
README.down-root: Fix plugin module name
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2867330535cd93067d1fc005f0cdf5984a4c43fb)
[2.5.x is a stable branch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../openvpn/{openvpn_2.5.4.bb => openvpn_2.5.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-networking/recipes-support/openvpn/{openvpn_2.5.4.bb => openvpn_2.5.5.bb} (97%)
diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.5.4.bb b/meta-networking/recipes-support/openvpn/openvpn_2.5.5.bb
similarity index 97%
rename from meta-networking/recipes-support/openvpn/openvpn_2.5.4.bb
rename to meta-networking/recipes-support/openvpn/openvpn_2.5.5.bb
index 6b588a5f50..2dc3af6bf9 100644
--- a/meta-networking/recipes-support/openvpn/openvpn_2.5.4.bb
+++ b/meta-networking/recipes-support/openvpn/openvpn_2.5.5.bb
@@ -14,7 +14,7 @@ SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \
UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads"
-SRC_URI[sha256sum] = "f80f3c3df1b94a8892ae547df84f152583250684a24bd022ccc98ef56fa93d97"
+SRC_URI[sha256sum] = "7500df4734173bce2e95b5039079119dacaff121650b2b6ca76d2dc68bdac1c5"
# CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn.
CVE_CHECK_WHITELIST += "CVE-2020-7224 CVE-2020-27569"
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Honister 4/7] postfix: upgrade 3.6.2 -> 3.6.3
2021-12-30 21:31 [Honister 0/7] Patch review Armin Kuster
2021-12-30 21:31 ` [Honister 2/7] postgresql: fix CVE-2021-23214,CVE-2021-23222 Armin Kuster
2021-12-30 21:31 ` [Honister 3/7] openvpn: upgrade 2.5.4 -> 2.5.5 Armin Kuster
@ 2021-12-30 21:31 ` Armin Kuster
2021-12-30 21:31 ` [Honister 5/7] openipmi: upgrade 2.0.31 -> 2.0.32 Armin Kuster
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Armin Kuster @ 2021-12-30 21:31 UTC (permalink / raw)
To: openembedded-devel
From: Yi Zhao <yi.zhao@windriver.com>
Release Notes:
http://www.postfix.org/announcements/postfix-3.6.3.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 45fee2d0cec121808c6dda150b0d9ab990c74a72)
[3.6.x is a stable release]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../postfix/{postfix_3.6.2.bb => postfix_3.6.3.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-networking/recipes-daemons/postfix/{postfix_3.6.2.bb => postfix_3.6.3.bb} (89%)
diff --git a/meta-networking/recipes-daemons/postfix/postfix_3.6.2.bb b/meta-networking/recipes-daemons/postfix/postfix_3.6.3.bb
similarity index 89%
rename from meta-networking/recipes-daemons/postfix/postfix_3.6.2.bb
rename to meta-networking/recipes-daemons/postfix/postfix_3.6.3.bb
index 982544d5ca..98005797d9 100644
--- a/meta-networking/recipes-daemons/postfix/postfix_3.6.2.bb
+++ b/meta-networking/recipes-daemons/postfix/postfix_3.6.3.bb
@@ -15,5 +15,5 @@ SRC_URI += "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${P
file://0001-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \
file://0007-correct-signature-of-closefrom-API.patch \
"
-SRC_URI[sha256sum] = "507323d20d7b3f705f49cf8c07d437c6d8090bed07e15a3c0ec405edad54a7d4"
+SRC_URI[sha256sum] = "0f1241d456a0158e0c418abf62c52c2ff83f8f1dcf2fbdd4c40765b67789b1bc"
UPSTREAM_CHECK_REGEX = "postfix\-(?P<pver>3\.6(\.\d+)+).tar.gz"
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Honister 5/7] openipmi: upgrade 2.0.31 -> 2.0.32
2021-12-30 21:31 [Honister 0/7] Patch review Armin Kuster
` (2 preceding siblings ...)
2021-12-30 21:31 ` [Honister 4/7] postfix: upgrade 3.6.2 -> 3.6.3 Armin Kuster
@ 2021-12-30 21:31 ` Armin Kuster
2021-12-30 21:31 ` [Honister 6/7] libfile-slurper-perl: upgrade 0.012 -> 0.013 Armin Kuster
2021-12-30 21:31 ` [Honister 7/7] libnet-dns-perl: upgrade 1.32 -> 1.33 Armin Kuster
5 siblings, 0 replies; 7+ messages in thread
From: Armin Kuster @ 2021-12-30 21:31 UTC (permalink / raw)
To: openembedded-devel
From: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 35aa5959c6bc2fa0458b90f4892cffd1da8189f0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../openipmi/{openipmi_2.0.31.bb => openipmi_2.0.32.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta-networking/recipes-support/openipmi/{openipmi_2.0.31.bb => openipmi_2.0.32.bb} (96%)
diff --git a/meta-networking/recipes-support/openipmi/openipmi_2.0.31.bb b/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb
similarity index 96%
rename from meta-networking/recipes-support/openipmi/openipmi_2.0.31.bb
rename to meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb
index ecc98dd8be..0b4244022e 100644
--- a/meta-networking/recipes-support/openipmi/openipmi_2.0.31.bb
+++ b/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb
@@ -35,8 +35,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/openipmi/OpenIPMI-${PV}.tar.gz \
S = "${WORKDIR}/OpenIPMI-${PV}"
-SRC_URI[md5sum] = "ce8eb27da016dcad7543d0128fcb3b0a"
-SRC_URI[sha256sum] = "7052f37726ff454b0dcac49f35dd030bc12c9570ca0ba5cd2d17774b8e9d9717"
+SRC_URI[md5sum] = "532404c9df7d0e8bde975b95b9e6775b"
+SRC_URI[sha256sum] = "f6d0fd4c0a74b05f80907229d0b270f54ca23294bcc11979f8b8d12766786945"
inherit autotools-brokensep pkgconfig python3native perlnative update-rc.d systemd cpan-base python3targetconfig
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Honister 6/7] libfile-slurper-perl: upgrade 0.012 -> 0.013
2021-12-30 21:31 [Honister 0/7] Patch review Armin Kuster
` (3 preceding siblings ...)
2021-12-30 21:31 ` [Honister 5/7] openipmi: upgrade 2.0.31 -> 2.0.32 Armin Kuster
@ 2021-12-30 21:31 ` Armin Kuster
2021-12-30 21:31 ` [Honister 7/7] libnet-dns-perl: upgrade 1.32 -> 1.33 Armin Kuster
5 siblings, 0 replies; 7+ messages in thread
From: Armin Kuster @ 2021-12-30 21:31 UTC (permalink / raw)
To: openembedded-devel
From: wangmy <wangmy@fujitsu.com>
Changelog:
=========
Always split on newlines in read_lines
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d830b7ad4a957a4667d000f840d9442db13250d2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
...ile-slurper-perl_0.012.bb => libfile-slurper-perl_0.013.bb} | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
rename meta-perl/recipes-perl/libfile/{libfile-slurper-perl_0.012.bb => libfile-slurper-perl_0.013.bb} (88%)
diff --git a/meta-perl/recipes-perl/libfile/libfile-slurper-perl_0.012.bb b/meta-perl/recipes-perl/libfile/libfile-slurper-perl_0.013.bb
similarity index 88%
rename from meta-perl/recipes-perl/libfile/libfile-slurper-perl_0.012.bb
rename to meta-perl/recipes-perl/libfile/libfile-slurper-perl_0.013.bb
index 4a2cb73e86..c7e5c56b6e 100644
--- a/meta-perl/recipes-perl/libfile/libfile-slurper-perl_0.012.bb
+++ b/meta-perl/recipes-perl/libfile/libfile-slurper-perl_0.013.bb
@@ -13,8 +13,7 @@ file://${COMMON_LICENSE_DIR}/GPL-1.0-or-later;md5=30c0b8a5048cc2f4be5ff15ef0d8cf
SRC_URI = "${CPAN_MIRROR}/authors/id/L/LE/LEONT/File-Slurper-${PV}.tar.gz"
-SRC_URI[md5sum] = "5742c63096392dfee50b8db314bcca18"
-SRC_URI[sha256sum] = "4efb2ea416b110a1bda6f8133549cc6ea3676402e3caf7529fce0313250aa578"
+SRC_URI[sha256sum] = "e2f6a4029a6a242d50054044f1fb86770b9b5cc4daeb1a967f91ffb42716a8c5"
RDEPENDS:${PN} = " \
perl-module-carp \
perl-module-encode \
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Honister 7/7] libnet-dns-perl: upgrade 1.32 -> 1.33
2021-12-30 21:31 [Honister 0/7] Patch review Armin Kuster
` (4 preceding siblings ...)
2021-12-30 21:31 ` [Honister 6/7] libfile-slurper-perl: upgrade 0.012 -> 0.013 Armin Kuster
@ 2021-12-30 21:31 ` Armin Kuster
5 siblings, 0 replies; 7+ messages in thread
From: Armin Kuster @ 2021-12-30 21:31 UTC (permalink / raw)
To: openembedded-devel
From: zhengruoqin <zhengrq.fnst@fujitsu.com>
License-Update:
change "the above copyright" to "the original copyright"
Changelog:
=========
Fix rt.cpan.org #137768
Test t/05-SVCB.t on Perl 5.18.0 fails with deep recursion.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 347a9d7456fbc705c58113adf397025a0cd12e24)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../{libnet-dns-perl_1.32.bb => libnet-dns-perl_1.33.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta-perl/recipes-perl/libnet/{libnet-dns-perl_1.32.bb => libnet-dns-perl_1.33.bb} (93%)
diff --git a/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.32.bb b/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb
similarity index 93%
rename from meta-perl/recipes-perl/libnet/libnet-dns-perl_1.32.bb
rename to meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb
index 7e485bece5..2c7d793a7b 100644
--- a/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.32.bb
+++ b/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb
@@ -3,13 +3,13 @@ HOMEPAGE = "http://www.net-dns.org/"
SECTION = "libs"
LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://README;beginline=252;endline=269;md5=27db37b42cd1a5173a53922d67072bcb"
+LIC_FILES_CHKSUM = "file://README;beginline=252;endline=269;md5=de95b6a896d5f861d724ea854d316a0b"
DEPENDS += "perl"
SRC_URI = "http://search.cpan.org/CPAN/authors/id/N/NL/NLNETLABS/Net-DNS-${PV}.tar.gz"
-SRC_URI[sha256sum] = "b890a7b44d573f27cc713caadf1e12eaaa4478a6504d1157194df614316b5b50"
+SRC_URI[sha256sum] = "5a40e7cf524e4bd2c33cf03b82b47d5308b712083aa5ee180b0b5af54c71fbd2"
UPSTREAM_CHECK_REGEX = "Net\-DNS\-(?P<pver>(\d+\.\d+))(?!_\d+).tar"
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-12-30 21:31 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-30 21:31 [Honister 0/7] Patch review Armin Kuster
2021-12-30 21:31 ` [Honister 2/7] postgresql: fix CVE-2021-23214,CVE-2021-23222 Armin Kuster
2021-12-30 21:31 ` [Honister 3/7] openvpn: upgrade 2.5.4 -> 2.5.5 Armin Kuster
2021-12-30 21:31 ` [Honister 4/7] postfix: upgrade 3.6.2 -> 3.6.3 Armin Kuster
2021-12-30 21:31 ` [Honister 5/7] openipmi: upgrade 2.0.31 -> 2.0.32 Armin Kuster
2021-12-30 21:31 ` [Honister 6/7] libfile-slurper-perl: upgrade 0.012 -> 0.013 Armin Kuster
2021-12-30 21:31 ` [Honister 7/7] libnet-dns-perl: upgrade 1.32 -> 1.33 Armin Kuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.