* [honister][PATCH 1/4] ghostscript: fix CVE-2021-3781
@ 2022-03-17 7:32 chee.yang.lee
2022-03-17 7:32 ` [honister][PATCH 2/4] webkitgtk: update to 2.32.4 chee.yang.lee
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: chee.yang.lee @ 2022-03-17 7:32 UTC (permalink / raw)
To: openembedded-core
From: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
.../ghostscript/CVE-2021-3781.patch | 236 ++++++++++++++++++
.../ghostscript/ghostscript_9.54.0.bb | 1 +
2 files changed, 237 insertions(+)
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781.patch
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781.patch
new file mode 100644
index 0000000000..27ef83bb85
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781.patch
@@ -0,0 +1,236 @@
+From a9bd3dec9fde03327a4a2c69dad1036bf9632e20 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Tue, 7 Sep 2021 20:36:12 +0100
+Subject: [PATCH] Bug 704342: Include device specifier strings in access
+ validation
+
+for the "%pipe%", %handle%" and %printer% io devices.
+
+We previously validated only the part after the "%pipe%" Postscript device
+specifier, but this proved insufficient.
+
+This rebuilds the original file name string, and validates it complete. The
+slight complication for "%pipe%" is it can be reached implicitly using
+"|" so we have to check both prefixes.
+
+Addresses CVE-2021-3781
+
+Upstream-Status: Backport[https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20]
+CVE: CVE-2021-3781
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ base/gdevpipe.c | 22 +++++++++++++++-
+ base/gp_mshdl.c | 11 +++++++-
+ base/gp_msprn.c | 10 ++++++-
+ base/gp_os2pr.c | 13 +++++++++-
+ base/gslibctx.c | 69 ++++++++++---------------------------------------
+ 5 files changed, 65 insertions(+), 60 deletions(-)
+
+diff --git a/base/gdevpipe.c b/base/gdevpipe.c
+index 96d71f5d8..5bdc485be 100644
+--- a/base/gdevpipe.c
++++ b/base/gdevpipe.c
+@@ -72,8 +72,28 @@ pipe_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ #else
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ /* The pipe device can be reached in two ways, explicltly with %pipe%
++ or implicitly with "|", so we have to check for both
++ */
++ char f[gp_file_name_sizeof];
++ const char *pipestr = "|";
++ const size_t pipestrlen = strlen(pipestr);
++ const size_t preflen = strlen(iodev->dname);
++ const size_t nlen = strlen(fname);
++ int code1;
++
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(f, iodev->dname, preflen);
++ memcpy(f + preflen, fname, nlen + 1);
++
++ code1 = gp_validate_path(mem, f, access);
++
++ memcpy(f, pipestr, pipestrlen);
++ memcpy(f + pipestrlen, fname, nlen + 1);
+
+- if (gp_validate_path(mem, fname, access) != 0)
++ if (code1 != 0 && gp_validate_path(mem, f, access) != 0 )
+ return gs_error_invalidfileaccess;
+
+ /*
+diff --git a/base/gp_mshdl.c b/base/gp_mshdl.c
+index 2b964ed74..8d87ceadc 100644
+--- a/base/gp_mshdl.c
++++ b/base/gp_mshdl.c
+@@ -95,8 +95,17 @@ mswin_handle_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ long hfile; /* Correct for Win32, may be wrong for Win64 */
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ char f[gp_file_name_sizeof];
++ const size_t preflen = strlen(iodev->dname);
++ const size_t nlen = strlen(fname);
+
+- if (gp_validate_path(mem, fname, access) != 0)
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(f, iodev->dname, preflen);
++ memcpy(f + preflen, fname, nlen + 1);
++
++ if (gp_validate_path(mem, f, access) != 0)
+ return gs_error_invalidfileaccess;
+
+ /* First we try the open_handle method. */
+diff --git a/base/gp_msprn.c b/base/gp_msprn.c
+index ed4827968..746a974f7 100644
+--- a/base/gp_msprn.c
++++ b/base/gp_msprn.c
+@@ -168,8 +168,16 @@ mswin_printer_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ uintptr_t *ptid = &((tid_t *)(iodev->state))->tid;
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ const size_t preflen = strlen(iodev->dname);
++ const size_t nlen = strlen(fname);
+
+- if (gp_validate_path(mem, fname, access) != 0)
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(pname, iodev->dname, preflen);
++ memcpy(pname + preflen, fname, nlen + 1);
++
++ if (gp_validate_path(mem, pname, access) != 0)
+ return gs_error_invalidfileaccess;
+
+ /* First we try the open_printer method. */
+diff --git a/base/gp_os2pr.c b/base/gp_os2pr.c
+index f852c71fc..ba54cde66 100644
+--- a/base/gp_os2pr.c
++++ b/base/gp_os2pr.c
+@@ -107,9 +107,20 @@ os2_printer_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ FILE ** pfile, char *rfname, uint rnamelen)
+ {
+ os2_printer_t *pr = (os2_printer_t *)iodev->state;
+- char driver_name[256];
++ char driver_name[gp_file_name_sizeof];
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ const size_t preflen = strlen(iodev->dname);
++ const int size_t = strlen(fname);
++
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(driver_name, iodev->dname, preflen);
++ memcpy(driver_name + preflen, fname, nlen + 1);
++
++ if (gp_validate_path(mem, driver_name, access) != 0)
++ return gs_error_invalidfileaccess;
+
+ /* First we try the open_printer method. */
+ /* Note that the loop condition here ensures we don't
+diff --git a/base/gslibctx.c b/base/gslibctx.c
+index 6dfed6cd5..318039fad 100644
+--- a/base/gslibctx.c
++++ b/base/gslibctx.c
+@@ -655,82 +655,39 @@ rewrite_percent_specifiers(char *s)
+ int
+ gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname)
+ {
+- char *fp, f[gp_file_name_sizeof];
+- const int pipe = 124; /* ASCII code for '|' */
+- const int len = strlen(fname);
+- int i, code;
++ char f[gp_file_name_sizeof];
++ int code;
+
+ /* Be sure the string copy will fit */
+- if (len >= gp_file_name_sizeof)
++ if (strlen(fname) >= gp_file_name_sizeof)
+ return gs_error_rangecheck;
+ strcpy(f, fname);
+- fp = f;
+ /* Try to rewrite any %d (or similar) in the string */
+ rewrite_percent_specifiers(f);
+- for (i = 0; i < len; i++) {
+- if (f[i] == pipe) {
+- fp = &f[i + 1];
+- /* Because we potentially have to check file permissions at two levels
+- for the output file (gx_device_open_output_file and the low level
+- fopen API, if we're using a pipe, we have to add both the full string,
+- (including the '|', and just the command to which we pipe - since at
+- the pipe_fopen(), the leading '|' has been stripped.
+- */
+- code = gs_add_control_path(mem, gs_permit_file_writing, f);
+- if (code < 0)
+- return code;
+- code = gs_add_control_path(mem, gs_permit_file_control, f);
+- if (code < 0)
+- return code;
+- break;
+- }
+- if (!IS_WHITESPACE(f[i]))
+- break;
+- }
+- code = gs_add_control_path(mem, gs_permit_file_control, fp);
++
++ code = gs_add_control_path(mem, gs_permit_file_control, f);
+ if (code < 0)
+ return code;
+- return gs_add_control_path(mem, gs_permit_file_writing, fp);
++ return gs_add_control_path(mem, gs_permit_file_writing, f);
+ }
+
+ int
+ gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname)
+ {
+- char *fp, f[gp_file_name_sizeof];
+- const int pipe = 124; /* ASCII code for '|' */
+- const int len = strlen(fname);
+- int i, code;
++ char f[gp_file_name_sizeof];
++ int code;
+
+ /* Be sure the string copy will fit */
+- if (len >= gp_file_name_sizeof)
++ if (strlen(fname) >= gp_file_name_sizeof)
+ return gs_error_rangecheck;
+ strcpy(f, fname);
+- fp = f;
+ /* Try to rewrite any %d (or similar) in the string */
+- for (i = 0; i < len; i++) {
+- if (f[i] == pipe) {
+- fp = &f[i + 1];
+- /* Because we potentially have to check file permissions at two levels
+- for the output file (gx_device_open_output_file and the low level
+- fopen API, if we're using a pipe, we have to add both the full string,
+- (including the '|', and just the command to which we pipe - since at
+- the pipe_fopen(), the leading '|' has been stripped.
+- */
+- code = gs_remove_control_path(mem, gs_permit_file_writing, f);
+- if (code < 0)
+- return code;
+- code = gs_remove_control_path(mem, gs_permit_file_control, f);
+- if (code < 0)
+- return code;
+- break;
+- }
+- if (!IS_WHITESPACE(f[i]))
+- break;
+- }
+- code = gs_remove_control_path(mem, gs_permit_file_control, fp);
++ rewrite_percent_specifiers(f);
++
++ code = gs_remove_control_path(mem, gs_permit_file_control, f);
+ if (code < 0)
+ return code;
+- return gs_remove_control_path(mem, gs_permit_file_writing, fp);
++ return gs_remove_control_path(mem, gs_permit_file_writing, f);
+ }
+
+ int
+--
+2.25.1
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb
index d4442a4908..28d064a1a8 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb
@@ -34,6 +34,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://avoid-host-contamination.patch \
file://mkdir-p.patch \
file://CVE-2021-45949.patch \
+ file://CVE-2021-3781.patch \
"
SRC_URI = "${SRC_URI_BASE} \
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [honister][PATCH 2/4] webkitgtk: update to 2.32.4
2022-03-17 7:32 [honister][PATCH 1/4] ghostscript: fix CVE-2021-3781 chee.yang.lee
@ 2022-03-17 7:32 ` chee.yang.lee
2022-03-21 13:40 ` [OE-core] " Mittal, Anuj
2022-03-17 7:32 ` [honister][PATCH 3/4] go: upgrade 1.16.13 -> 1.16.14 chee.yang.lee
2022-03-17 7:32 ` [honister][PATCH 4/4] go: update to 1.16.15 chee.yang.lee
2 siblings, 1 reply; 5+ messages in thread
From: chee.yang.lee @ 2022-03-17 7:32 UTC (permalink / raw)
To: openembedded-core
From: Chee Yang Lee <chee.yang.lee@intel.com>
This is a bug fix release in the stable 2.32 series.
change in the WebKitGTK 2.32.4 release:
Do not append .asc extension to downloaded text/plain files.
Fix several crashes and rendering issues.
https://webkitgtk.org/2021/09/17/webkitgtk2.32.4-released.html
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
.../webkit/{webkitgtk_2.32.3.bb => webkitgtk_2.32.4.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-sato/webkit/{webkitgtk_2.32.3.bb => webkitgtk_2.32.4.bb} (98%)
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb b/meta/recipes-sato/webkit/webkitgtk_2.32.4.bb
similarity index 98%
rename from meta/recipes-sato/webkit/webkitgtk_2.32.3.bb
rename to meta/recipes-sato/webkit/webkitgtk_2.32.4.bb
index bab1c17902..3e0ecb4611 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.32.4.bb
@@ -22,7 +22,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
file://reproducibility.patch \
"
-SRC_URI[sha256sum] = "c1f496f5ac654efe4cef62fbd4f2fbeeef265a07c5e7419e5d2900bfeea52cbc"
+SRC_URI[sha256sum] = "00ce2d3f798d7bc5e9039d9059f0c3c974d51de38c8b716f00e94452a177d3fd"
inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gtk-doc
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [honister][PATCH 3/4] go: upgrade 1.16.13 -> 1.16.14
2022-03-17 7:32 [honister][PATCH 1/4] ghostscript: fix CVE-2021-3781 chee.yang.lee
2022-03-17 7:32 ` [honister][PATCH 2/4] webkitgtk: update to 2.32.4 chee.yang.lee
@ 2022-03-17 7:32 ` chee.yang.lee
2022-03-17 7:32 ` [honister][PATCH 4/4] go: update to 1.16.15 chee.yang.lee
2 siblings, 0 replies; 5+ messages in thread
From: chee.yang.lee @ 2022-03-17 7:32 UTC (permalink / raw)
To: openembedded-core
From: Sakib Sajal <sakib.sajal@windriver.com>
go 1.16.14 release includes fix for CVE-2022-23806.
(From OE-Core rev: 7b5723ae41b7fcdc73a24f04ec0cda4fba8f8622)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
meta/recipes-devtools/go/{go-1.16.13.inc => go-1.16.14.inc} | 4 ++--
...o-binary-native_1.16.13.bb => go-binary-native_1.16.14.bb} | 4 ++--
...cross-canadian_1.16.13.bb => go-cross-canadian_1.16.14.bb} | 0
.../go/{go-cross_1.16.13.bb => go-cross_1.16.14.bb} | 0
.../go/{go-crosssdk_1.16.13.bb => go-crosssdk_1.16.14.bb} | 0
.../go/{go-native_1.16.13.bb => go-native_1.16.14.bb} | 0
.../go/{go-runtime_1.16.13.bb => go-runtime_1.16.14.bb} | 0
meta/recipes-devtools/go/{go_1.16.13.bb => go_1.16.14.bb} | 0
8 files changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-devtools/go/{go-1.16.13.inc => go-1.16.14.inc} (90%)
rename meta/recipes-devtools/go/{go-binary-native_1.16.13.bb => go-binary-native_1.16.14.bb} (83%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.16.13.bb => go-cross-canadian_1.16.14.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.16.13.bb => go-cross_1.16.14.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.16.13.bb => go-crosssdk_1.16.14.bb} (100%)
rename meta/recipes-devtools/go/{go-native_1.16.13.bb => go-native_1.16.14.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.16.13.bb => go-runtime_1.16.14.bb} (100%)
rename meta/recipes-devtools/go/{go_1.16.13.bb => go_1.16.14.bb} (100%)
diff --git a/meta/recipes-devtools/go/go-1.16.13.inc b/meta/recipes-devtools/go/go-1.16.14.inc
similarity index 90%
rename from meta/recipes-devtools/go/go-1.16.13.inc
rename to meta/recipes-devtools/go/go-1.16.14.inc
index 46c6528dc4..c6445bccff 100644
--- a/meta/recipes-devtools/go/go-1.16.13.inc
+++ b/meta/recipes-devtools/go/go-1.16.14.inc
@@ -1,7 +1,7 @@
require go-common.inc
GO_BASEVERSION = "1.16"
-PV = "1.16.13"
+PV = "1.16.14"
FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
@@ -17,7 +17,7 @@ SRC_URI += "\
file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \
"
-SRC_URI[main.sha256sum] = "b0926654eaeb01ef43816638f42d7b1681f2d3f41b9559f07735522b7afad41a"
+SRC_URI[main.sha256sum] = "467898cd3a216de54dcb9014f541efe77e9b79a7154dbc1fd2dd778b0c63fb56"
# Upstream don't believe it is a signifiant real world issue and will only
# fix in 1.17 onwards where we can drop this.
diff --git a/meta/recipes-devtools/go/go-binary-native_1.16.13.bb b/meta/recipes-devtools/go/go-binary-native_1.16.14.bb
similarity index 83%
rename from meta/recipes-devtools/go/go-binary-native_1.16.13.bb
rename to meta/recipes-devtools/go/go-binary-native_1.16.14.bb
index 6e498a17be..419fc4ffcf 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.16.13.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.16.14.bb
@@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
PROVIDES = "go-native"
SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "275fc03c90c13b0bbff13125a43f1f7a9f9c00a0d5a9f2d5b16dbc2fa2c6e12a"
-SRC_URI[go_linux_arm64.sha256sum] = "3dd8e14837105cbfedf7124c7f8c524ce492748c370036c7316ef99e18d116d7"
+SRC_URI[go_linux_amd64.sha256sum] = "f4f5f02eb6809ac5bf19b5ad517b23504fd5fc036f6487651968ad36aa7a20e0"
+SRC_URI[go_linux_arm64.sha256sum] = "5e59056e36704acb25809bcdb27191f27593cb7aba4d716b523008135a1e764a"
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.16.13.bb b/meta/recipes-devtools/go/go-cross-canadian_1.16.14.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross-canadian_1.16.13.bb
rename to meta/recipes-devtools/go/go-cross-canadian_1.16.14.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.16.13.bb b/meta/recipes-devtools/go/go-cross_1.16.14.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross_1.16.13.bb
rename to meta/recipes-devtools/go/go-cross_1.16.14.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.16.13.bb b/meta/recipes-devtools/go/go-crosssdk_1.16.14.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-crosssdk_1.16.13.bb
rename to meta/recipes-devtools/go/go-crosssdk_1.16.14.bb
diff --git a/meta/recipes-devtools/go/go-native_1.16.13.bb b/meta/recipes-devtools/go/go-native_1.16.14.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-native_1.16.13.bb
rename to meta/recipes-devtools/go/go-native_1.16.14.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.16.13.bb b/meta/recipes-devtools/go/go-runtime_1.16.14.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-runtime_1.16.13.bb
rename to meta/recipes-devtools/go/go-runtime_1.16.14.bb
diff --git a/meta/recipes-devtools/go/go_1.16.13.bb b/meta/recipes-devtools/go/go_1.16.14.bb
similarity index 100%
rename from meta/recipes-devtools/go/go_1.16.13.bb
rename to meta/recipes-devtools/go/go_1.16.14.bb
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [honister][PATCH 4/4] go: update to 1.16.15
2022-03-17 7:32 [honister][PATCH 1/4] ghostscript: fix CVE-2021-3781 chee.yang.lee
2022-03-17 7:32 ` [honister][PATCH 2/4] webkitgtk: update to 2.32.4 chee.yang.lee
2022-03-17 7:32 ` [honister][PATCH 3/4] go: upgrade 1.16.13 -> 1.16.14 chee.yang.lee
@ 2022-03-17 7:32 ` chee.yang.lee
2 siblings, 0 replies; 5+ messages in thread
From: chee.yang.lee @ 2022-03-17 7:32 UTC (permalink / raw)
To: openembedded-core
From: Chee Yang Lee <chee.yang.lee@intel.com>
go1.16.15 (released 2022-03-03) includes a security fix to the regexp/syntax package, as well as bug fixes to the compiler, runtime, the go command, and to the net package.
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
meta/recipes-devtools/go/{go-1.16.14.inc => go-1.16.15.inc} | 4 ++--
...o-binary-native_1.16.14.bb => go-binary-native_1.16.15.bb} | 4 ++--
...cross-canadian_1.16.14.bb => go-cross-canadian_1.16.15.bb} | 0
.../go/{go-cross_1.16.14.bb => go-cross_1.16.15.bb} | 0
.../go/{go-crosssdk_1.16.14.bb => go-crosssdk_1.16.15.bb} | 0
.../go/{go-native_1.16.14.bb => go-native_1.16.15.bb} | 0
.../go/{go-runtime_1.16.14.bb => go-runtime_1.16.15.bb} | 0
meta/recipes-devtools/go/{go_1.16.14.bb => go_1.16.15.bb} | 0
8 files changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-devtools/go/{go-1.16.14.inc => go-1.16.15.inc} (90%)
rename meta/recipes-devtools/go/{go-binary-native_1.16.14.bb => go-binary-native_1.16.15.bb} (83%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.16.14.bb => go-cross-canadian_1.16.15.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.16.14.bb => go-cross_1.16.15.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.16.14.bb => go-crosssdk_1.16.15.bb} (100%)
rename meta/recipes-devtools/go/{go-native_1.16.14.bb => go-native_1.16.15.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.16.14.bb => go-runtime_1.16.15.bb} (100%)
rename meta/recipes-devtools/go/{go_1.16.14.bb => go_1.16.15.bb} (100%)
diff --git a/meta/recipes-devtools/go/go-1.16.14.inc b/meta/recipes-devtools/go/go-1.16.15.inc
similarity index 90%
rename from meta/recipes-devtools/go/go-1.16.14.inc
rename to meta/recipes-devtools/go/go-1.16.15.inc
index c6445bccff..50772346df 100644
--- a/meta/recipes-devtools/go/go-1.16.14.inc
+++ b/meta/recipes-devtools/go/go-1.16.15.inc
@@ -1,7 +1,7 @@
require go-common.inc
GO_BASEVERSION = "1.16"
-PV = "1.16.14"
+PV = "1.16.15"
FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
@@ -17,7 +17,7 @@ SRC_URI += "\
file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \
"
-SRC_URI[main.sha256sum] = "467898cd3a216de54dcb9014f541efe77e9b79a7154dbc1fd2dd778b0c63fb56"
+SRC_URI[main.sha256sum] = "90a08c689279e35f3865ba510998c33a63255c36089b3ec206c912fc0568c3d3"
# Upstream don't believe it is a signifiant real world issue and will only
# fix in 1.17 onwards where we can drop this.
diff --git a/meta/recipes-devtools/go/go-binary-native_1.16.14.bb b/meta/recipes-devtools/go/go-binary-native_1.16.15.bb
similarity index 83%
rename from meta/recipes-devtools/go/go-binary-native_1.16.14.bb
rename to meta/recipes-devtools/go/go-binary-native_1.16.15.bb
index 419fc4ffcf..ba11ee5695 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.16.14.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.16.15.bb
@@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
PROVIDES = "go-native"
SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "f4f5f02eb6809ac5bf19b5ad517b23504fd5fc036f6487651968ad36aa7a20e0"
-SRC_URI[go_linux_arm64.sha256sum] = "5e59056e36704acb25809bcdb27191f27593cb7aba4d716b523008135a1e764a"
+SRC_URI[go_linux_amd64.sha256sum] = "77c782a633186d78c384f972fb113a43c24be0234c42fef22c2d8c4c4c8e7475"
+SRC_URI[go_linux_arm64.sha256sum] = "c2f27f0ce5620a9bc2ff3446165d1974ef94e9b885ec12dbfa3c07e0e198b7ce"
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.16.14.bb b/meta/recipes-devtools/go/go-cross-canadian_1.16.15.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross-canadian_1.16.14.bb
rename to meta/recipes-devtools/go/go-cross-canadian_1.16.15.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.16.14.bb b/meta/recipes-devtools/go/go-cross_1.16.15.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross_1.16.14.bb
rename to meta/recipes-devtools/go/go-cross_1.16.15.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.16.14.bb b/meta/recipes-devtools/go/go-crosssdk_1.16.15.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-crosssdk_1.16.14.bb
rename to meta/recipes-devtools/go/go-crosssdk_1.16.15.bb
diff --git a/meta/recipes-devtools/go/go-native_1.16.14.bb b/meta/recipes-devtools/go/go-native_1.16.15.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-native_1.16.14.bb
rename to meta/recipes-devtools/go/go-native_1.16.15.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.16.14.bb b/meta/recipes-devtools/go/go-runtime_1.16.15.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-runtime_1.16.14.bb
rename to meta/recipes-devtools/go/go-runtime_1.16.15.bb
diff --git a/meta/recipes-devtools/go/go_1.16.14.bb b/meta/recipes-devtools/go/go_1.16.15.bb
similarity index 100%
rename from meta/recipes-devtools/go/go_1.16.14.bb
rename to meta/recipes-devtools/go/go_1.16.15.bb
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [OE-core] [honister][PATCH 2/4] webkitgtk: update to 2.32.4
2022-03-17 7:32 ` [honister][PATCH 2/4] webkitgtk: update to 2.32.4 chee.yang.lee
@ 2022-03-21 13:40 ` Mittal, Anuj
0 siblings, 0 replies; 5+ messages in thread
From: Mittal, Anuj @ 2022-03-21 13:40 UTC (permalink / raw)
To: openembedded-core, Lee, Chee Yang
On Thu, 2022-03-17 at 15:32 +0800, Lee Chee Yang wrote:
> From: Chee Yang Lee <chee.yang.lee@intel.com>
>
> This is a bug fix release in the stable 2.32 series.
>
> change in the WebKitGTK 2.32.4 release:
> Do not append .asc extension to downloaded text/plain files.
> Fix several crashes and rendering issues.
>
> https://webkitgtk.org/2021/09/17/webkitgtk2.32.4-released.html
This is causing patch fuzz warnings:
https://autobuilder.yoctoproject.org/typhoon/#/builders/40/builds/4926/steps/11/logs/stdio
Applying patch 0001-Enable-THREADS_PREFER_PTHREAD_FLAG.patch
patching file Source/cmake/OptionsGTK.cmake
Hunk #1 succeeded at 6 with fuzz 1.
patching file Source/cmake/OptionsJSCOnly.cmake
The context lines in the patches can be updated with devtool:
devtool modify webkitgtk
devtool finish --force-patch-refresh webkitgtk <layer_path>
Don't forget to review changes done by devtool!
Thanks,
Anuj
>
> Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
> ---
> .../webkit/{webkitgtk_2.32.3.bb => webkitgtk_2.32.4.bb} | 2
> +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> rename meta/recipes-sato/webkit/{webkitgtk_2.32.3.bb =>
> webkitgtk_2.32.4.bb} (98%)
>
> diff --git a/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb
> b/meta/recipes-sato/webkit/webkitgtk_2.32.4.bb
> similarity index 98%
> rename from meta/recipes-sato/webkit/webkitgtk_2.32.3.bb
> rename to meta/recipes-sato/webkit/webkitgtk_2.32.4.bb
> index bab1c17902..3e0ecb4611 100644
> --- a/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb
> +++ b/meta/recipes-sato/webkit/webkitgtk_2.32.4.bb
> @@ -22,7 +22,7 @@ SRC_URI =
> "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
> file://reproducibility.patch \
> "
>
> -SRC_URI[sha256sum] =
> "c1f496f5ac654efe4cef62fbd4f2fbeeef265a07c5e7419e5d2900bfeea52cbc"
> +SRC_URI[sha256sum] =
> "00ce2d3f798d7bc5e9039d9059f0c3c974d51de38c8b716f00e94452a177d3fd"
>
> inherit cmake pkgconfig gobject-introspection perlnative
> features_check upstream-version-is-even gtk-doc
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#163375):
> https://lists.openembedded.org/g/openembedded-core/message/163375
> Mute This Topic: https://lists.openembedded.org/mt/89840580/3616702
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe:
> https://lists.openembedded.org/g/openembedded-core/unsub [
> anuj.mittal@intel.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-03-21 13:40 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-17 7:32 [honister][PATCH 1/4] ghostscript: fix CVE-2021-3781 chee.yang.lee
2022-03-17 7:32 ` [honister][PATCH 2/4] webkitgtk: update to 2.32.4 chee.yang.lee
2022-03-21 13:40 ` [OE-core] " Mittal, Anuj
2022-03-17 7:32 ` [honister][PATCH 3/4] go: upgrade 1.16.13 -> 1.16.14 chee.yang.lee
2022-03-17 7:32 ` [honister][PATCH 4/4] go: update to 1.16.15 chee.yang.lee
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.