[hardknott 00/20] Patch review; June 27

[hardknott 00/20] Patch review; June 27

[Armin Kuster]

Please have comments back by wednesday.

The following changes since commit aca88908fd329f5cef6f19995b072397fb2d8ec6:

  thunar: fix CVE-2021-32563 (2021-06-13 12:35:48 -0700)

are available in the Git repository at:

  git://git.openembedded.org/meta-openembedded-contrib stable/hardknott-nut
  http://cgit.openembedded.org/meta-openembedded-contrib/log/?h=stable/hardknott-nut

Andrea Adami (3):
  initramfs-kexecboot-image: support cases where machines override
    IMAGE_FSTYPES
  initramfs-debug-image: support cases where machines override
    IMAGE_FSTYPES
  rapidjson: remove stale LIB_INSTALL_DIR

Chen Qi (1):
  minifi-cpp: set CLEANBROKEN to 1

Geoff Parker (1):
  cifs-utils: set ROOTSBINDIR to /usr/sbin if DISTRO_FEATURES has
    usrmerge

Leon Anavi (1):
  python3-django: Upgrade 3.2.3 -> 3.2.4

Olivier Georget (1):
  libpfm4 4.10.1 : enable arm64 host platform

Ovidiu Panait (1):
  libeigen: update LICENSE information

Peter Kjellerstedt (2):
  net-snmp: A little clean up
  net-snmp: Support building for native

Sekine Shigeki (2):
  add CVE-2011-2411 to allowlist
  ntp: add CVE-2016-9312 to allowlist

Trevor Gamblin (3):
  python3-django: upgrade 2.2.22 -> 2.2.23
  python3-django: upgrade 3.2.2 -> 3.2.3
  python3-django: upgrade 2.2.23 -> 2.2.24

Yi Zhao (1):
  minifi-cpp: set correct python processor directory in configure file

ito-yuichi@fujitsu.com (2):
  cyrus-sasl: add CVE-2020-8032 to allowlist
  dovecot: add CVE-2016-4983 to allowlist

zangrc (1):
  wireshark: upgrade 3.4.5 -> 3.4.6

zhengruoqin (1):
  net-snmp: upgrade 5.9 -> 5.9.1

 .../images/initramfs-debug-image.bb           |  7 ++-
 .../images/initramfs-kexecboot-image.bb       |  8 ++-
 .../samba/samba_4.10.18.bb                    |  4 ++
 .../cyrus-sasl/cyrus-sasl_2.1.27.bb           |  3 ++
 ....7.2-fix-engineBoots-value-on-SIGHUP.patch | 19 ++++---
 .../{net-snmp_5.9.bb => net-snmp_5.9.1.bb}    | 53 ++++++++++---------
 .../recipes-support/cifs/cifs-utils_6.13.bb   | 17 ++++--
 .../recipes-support/dovecot/dovecot_2.3.14.bb |  3 ++
 .../recipes-support/ntp/ntp_4.2.8p15.bb       |  3 ++
 ...{wireshark_3.4.5.bb => wireshark_3.4.6.bb} |  2 +-
 meta-oe/licenses/MINPACK                      | 51 ++++++++++++++++++
 .../rapidjson/rapidjson_git.bb                |  2 +-
 .../minifi-cpp/minifi-cpp_0.7.0.bb            |  5 ++
 .../recipes-kernel/libpfm/libpfm4_4.10.1.bb   |  3 +-
 .../libeigen/libeigen_3.3.7.bb                |  9 +++-
 ...ngo_2.2.22.bb => python3-django_2.2.24.bb} |  4 +-
 ...jango_3.2.2.bb => python3-django_3.2.4.bb} |  2 +-
 17 files changed, 149 insertions(+), 46 deletions(-)
 rename meta-networking/recipes-protocols/net-snmp/{net-snmp_5.9.bb => net-snmp_5.9.1.bb} (89%)
 rename meta-networking/recipes-support/wireshark/{wireshark_3.4.5.bb => wireshark_3.4.6.bb} (97%)
 create mode 100644 meta-oe/licenses/MINPACK
 rename meta-python/recipes-devtools/python/{python3-django_2.2.22.bb => python3-django_2.2.24.bb} (41%)
 rename meta-python/recipes-devtools/python/{python3-django_3.2.2.bb => python3-django_3.2.4.bb} (77%)

-- 
2.17.1

[hardknott 01/20] libpfm4 4.10.1 : enable arm64 host platform

[Armin Kuster]

From: Olivier Georget <ogeorget@prophesee.ai>

libpfm4 is only enabled for powerpc arch as of now.
This enables the lib on Arm 64bit platform as well.

Signed-off-by: Olivier Georget <olivier.georget@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d02bd486736ba7cc552312849cea4fa33b1e1259)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-kernel/libpfm/libpfm4_4.10.1.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta-oe/recipes-kernel/libpfm/libpfm4_4.10.1.bb b/meta-oe/recipes-kernel/libpfm/libpfm4_4.10.1.bb
index ff56d48043..6da0f5d9a0 100644
--- a/meta-oe/recipes-kernel/libpfm/libpfm4_4.10.1.bb
+++ b/meta-oe/recipes-kernel/libpfm/libpfm4_4.10.1.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=0de488f3bd4424e308e2e399cb99c788"
 
 SECTION = "devel"
 
-COMPATIBLE_HOST = "powerpc64"
+COMPATIBLE_HOST = "powerpc64|aarch64"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/perfmon2/${BPN}/libpfm-${PV}.tar.gz \
            file://0001-Include-poll.h-instead-of-sys-poll.h.patch \
@@ -24,6 +24,7 @@ EXTRA_OEMAKE = "DESTDIR=\"${D}\" PREFIX=\"${prefix}\" LIBDIR=\"${libdir}\" LDCON
 EXTRA_OEMAKE_append_powerpc = " ARCH=\"powerpc\""
 EXTRA_OEMAKE_append_powerpc64 = " ARCH=\"powerpc\" BITMODE=\"64\""
 EXTRA_OEMAKE_append_powerpc64le = " ARCH=\"powerpc\" BITMODE=\"64\""
+EXTRA_OEMAKE_append_aarch64 = " ARCH=\"arm64\""
 
 S = "${WORKDIR}/libpfm-${PV}"
 
-- 
2.17.1

[hardknott 02/20] wireshark: upgrade 3.4.5 -> 3.4.6

[Armin Kuster]

From: zangrc <zangrc.fnst@fujitsu.com>

Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1c3701018ba2d251a72111f1159c9605dbff3992)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../wireshark/{wireshark_3.4.5.bb => wireshark_3.4.6.bb}        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-networking/recipes-support/wireshark/{wireshark_3.4.5.bb => wireshark_3.4.6.bb} (97%)

diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.5.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.6.bb
similarity index 97%
rename from meta-networking/recipes-support/wireshark/wireshark_3.4.5.bb
rename to meta-networking/recipes-support/wireshark/wireshark_3.4.6.bb
index f440328027..6acd849f89 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_3.4.5.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.6.bb
@@ -19,7 +19,7 @@ SRC_URI += " \
 
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
 
-SRC_URI[sha256sum] = "de1aafd100a1e1207c850d180e97dd91ab8da0f5eb6beec545f725cdb145d333"
+SRC_URI[sha256sum] = "12a678208f8cb009e6b9d96026e41a6ef03c7ad086b9e1029f42053b249b4628"
 
 PE = "1"
 
-- 
2.17.1

[hardknott 03/20] libeigen: update LICENSE information

[Armin Kuster]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=y, Size: 4830 bytes --]

From: Ovidiu Panait <ovidiu.panait@windriver.com>

From COPYING.README:
"""
Eigen is primarily MPL2 licensed. See COPYING.MPL2 and these links:
  http://www.mozilla.org/MPL/2.0/
  http://www.mozilla.org/MPL/2.0/FAQ.html

Some files contain third-party code under BSD or LGPL licenses, whence the other
COPYING.* files here.

All the LGPL code is either LGPL 2.1-only, or LGPL 2.1-or-later.
For this reason, the COPYING.LGPL file contains the LGPL 2.1 text.
"""

The upstream repository contains multiple COPYING files (various 3rd party
code is under different licenses), so update the LICENSE information
accordingly. Also, add MINPACK to meta-oe/licenses.

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9efdb6799ed45cf04acde9b435aeb8ccd1f2843c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/licenses/MINPACK                      | 51 +++++++++++++++++++
 .../libeigen/libeigen_3.3.7.bb                |  9 +++-
 2 files changed, 58 insertions(+), 2 deletions(-)
 create mode 100644 meta-oe/licenses/MINPACK

diff --git a/meta-oe/licenses/MINPACK b/meta-oe/licenses/MINPACK
new file mode 100644
index 0000000000..132cc3f33f
--- /dev/null
+++ b/meta-oe/licenses/MINPACK
@@ -0,0 +1,51 @@
+Minpack Copyright Notice (1999) University of Chicago.  All rights reserved
+
+Redistribution and use in source and binary forms, with or
+without modification, are permitted provided that the
+following conditions are met:
+
+1. Redistributions of source code must retain the above
+copyright notice, this list of conditions and the following
+disclaimer.
+
+2. Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following
+disclaimer in the documentation and/or other materials
+provided with the distribution.
+
+3. The end-user documentation included with the
+redistribution, if any, must include the following
+acknowledgment:
+
+   "This product includes software developed by the
+   University of Chicago, as Operator of Argonne National
+   Laboratory.
+
+Alternately, this acknowledgment may appear in the software
+itself, if and wherever such third-party acknowledgments
+normally appear.
+
+4. WARRANTY DISCLAIMER. THE SOFTWARE IS SUPPLIED "AS IS"
+WITHOUT WARRANTY OF ANY KIND. THE COPYRIGHT HOLDER, THE
+UNITED STATES, THE UNITED STATES DEPARTMENT OF ENERGY, AND
+THEIR EMPLOYEES: (1) DISCLAIM ANY WARRANTIES, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE
+OR NON-INFRINGEMENT, (2) DO NOT ASSUME ANY LEGAL LIABILITY
+OR RESPONSIBILITY FOR THE ACCURACY, COMPLETENESS, OR
+USEFULNESS OF THE SOFTWARE, (3) DO NOT REPRESENT THAT USE OF
+THE SOFTWARE WOULD NOT INFRINGE PRIVATELY OWNED RIGHTS, (4)
+DO NOT WARRANT THAT THE SOFTWARE WILL FUNCTION
+UNINTERRUPTED, THAT IT IS ERROR-FREE OR THAT ANY ERRORS WILL
+BE CORRECTED.
+
+5. LIMITATION OF LIABILITY. IN NO EVENT WILL THE COPYRIGHT
+HOLDER, THE UNITED STATES, THE UNITED STATES DEPARTMENT OF
+ENERGY, OR THEIR EMPLOYEES: BE LIABLE FOR ANY INDIRECT,
+INCIDENTAL, CONSEQUENTIAL, SPECIAL OR PUNITIVE DAMAGES OF
+ANY KIND OR NATURE, INCLUDING BUT NOT LIMITED TO LOSS OF
+PROFITS OR LOSS OF DATA, FOR ANY REASON WHATSOEVER, WHETHER
+SUCH LIABILITY IS ASSERTED ON THE BASIS OF CONTRACT, TORT
+(INCLUDING NEGLIGENCE OR STRICT LIABILITY), OR OTHERWISE,
+EVEN IF ANY OF SAID PARTIES HAS BEEN WARNED OF THE
+POSSIBILITY OF SUCH LOSS OR DAMAGES.
diff --git a/meta-oe/recipes-support/libeigen/libeigen_3.3.7.bb b/meta-oe/recipes-support/libeigen/libeigen_3.3.7.bb
index 6ce318d0b5..fe15f2eb2e 100644
--- a/meta-oe/recipes-support/libeigen/libeigen_3.3.7.bb
+++ b/meta-oe/recipes-support/libeigen/libeigen_3.3.7.bb
@@ -1,8 +1,13 @@
 DESCRIPTION = "Eigen is a C++ template library for linear algebra: matrices, vectors, numerical solvers, and related algorithms."
 AUTHOR = "Benoît Jacob and Gaël Guennebaud and others"
 HOMEPAGE = "http://eigen.tuxfamily.org/"
-LICENSE = "MPL-2.0"
-LIC_FILES_CHKSUM = "file://COPYING.MPL2;md5=815ca599c9df247a0c7f619bab123dad"
+LICENSE = "MPL-2.0 & Apache-2.0 & BSD-3-Clause & GPLv3 & LGPLv2.1 & MINPACK"
+LIC_FILES_CHKSUM = "file://COPYING.MPL2;md5=815ca599c9df247a0c7f619bab123dad \
+                    file://COPYING.BSD;md5=543367b8e11f07d353ef894f71b574a0 \
+                    file://COPYING.GPL;md5=d32239bcb673463ab874e80d47fae504 \
+                    file://COPYING.LGPL;md5=4fbd65380cdd255951079008b364516c \
+                    file://COPYING.MINPACK;md5=5fe4603e80ef7390306f51ef74449bbd \
+"
 
 SRC_URI = "git://gitlab.com/libeigen/eigen.git;protocol=http;nobranch=1"
 
-- 
2.17.1

[hardknott 04/20] net-snmp: upgrade 5.9 -> 5.9.1

[Armin Kuster]

From: zhengruoqin <zhengrq.fnst@fujitsu.com>

Refresh the following patch:
net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5411629c443d0d64b6d10f77d0622626e31a789d)
[Bug fix only update - AK]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ....7.2-fix-engineBoots-value-on-SIGHUP.patch | 19 +++++++++++--------
 .../{net-snmp_5.9.bb => net-snmp_5.9.1.bb}    |  2 +-
 2 files changed, 12 insertions(+), 9 deletions(-)
 rename meta-networking/recipes-protocols/net-snmp/{net-snmp_5.9.bb => net-snmp_5.9.1.bb} (99%)

diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch
index da6d80ef4a..022eb958f3 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch
@@ -1,6 +1,6 @@
-From b6a3d6c8af35f1ef27b80b0516742fce89f4eb29 Mon Sep 17 00:00:00 2001
-From: Marian Florea <marian.florea@windriver.com>
-Date: Thu, 20 Jul 2017 16:55:24 +0800
+From 1e3178835217ba89aa355e2b6b88e490f17be16d Mon Sep 17 00:00:00 2001
+From: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
+Date: Wed, 9 Jun 2021 15:47:30 +0900
 Subject: [PATCH] net snmp: fix engineBoots value on SIGHUP
 
 Upstream-Status: Pending
@@ -14,17 +14,17 @@ Signed-off-by: Li Zhou <li.zhou@windriver.com>
  2 files changed, 3 insertions(+), 2 deletions(-)
 
 diff --git a/agent/snmpd.c b/agent/snmpd.c
-index ae73eda..66b4560 100644
+index 1af439f..355b510 100644
 --- a/agent/snmpd.c
 +++ b/agent/snmpd.c
-@@ -1207,6 +1207,7 @@ receive(void)
+@@ -1208,6 +1208,7 @@ receive(void)
  	    snmp_log(LOG_INFO, "NET-SNMP version %s restarted\n",
  		     netsnmp_get_version());
              update_config();
-+            snmp_store(app_name);
++	    snmp_store(app_name);
              send_easy_trap(SNMP_TRAP_ENTERPRISESPECIFIC, 3);
- #if HAVE_SIGHOLD
-             sigrelse(SIGHUP);
+ #if HAVE_SIGPROCMASK
+             ret = sigprocmask(SIG_UNBLOCK, &set, NULL);
 diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c
 index 29c2a0f..ada961c 100644
 --- a/snmplib/snmpv3.c
@@ -41,3 +41,6 @@ index 29c2a0f..ada961c 100644
          engineBoots = 1;
      }
  
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb
similarity index 99%
rename from meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.bb
rename to meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb
index d9040c1647..d03961ab37 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.bb
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb
@@ -27,7 +27,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \
            file://reproducibility-have-printcap.patch \
            file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \
            "
-SRC_URI[sha256sum] = "04303a66f85d6d8b16d3cc53bde50428877c82ab524e17591dfceaeb94df6071"
+SRC_URI[sha256sum] = "eb7fd4a44de6cddbffd9a92a85ad1309e5c1054fb9d5a7dd93079c8953f48c3f"
 
 UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/net-snmp/files/net-snmp/"
 UPSTREAM_CHECK_REGEX = "/net-snmp/(?P<pver>\d+(\.\d+)+)/"
-- 
2.17.1

[hardknott 05/20] minifi-cpp: set correct python processor directory in configure file

[Armin Kuster]

From: Yi Zhao <yi.zhao@windriver.com>

Set an appropriate python processor directory in configure file to fix
the minifi startup warning:
[org::apache::nifi::minifi::python::PythonCreator] [error] Could not access /etc/minifi/minifi-python/

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a86b772e31079231a04762ed49ec83d32005ca15)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb b/meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb
index 322b58477d..5b27601c04 100644
--- a/meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb
+++ b/meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb
@@ -88,6 +88,7 @@ do_install() {
     install -d ${D}${MINIFI_BIN}
     install -d ${D}${MINIFI_HOME}/conf
     install -m 755 -d ${D}${localstatedir}/lib/minifi
+    install -m 755 -d ${D}${libexecdir}/minifi-python
     cp -a ${WORKDIR}/minifi-install/usr/bin/*   ${D}${MINIFI_BIN}/
     cp -a ${WORKDIR}/minifi-install/usr/conf/*  ${D}${MINIFI_HOME}/conf/
 
@@ -101,6 +102,8 @@ do_install() {
         ${D}${MINIFI_HOME}/conf/minifi.properties
     sed -i 's|nifi.flow.configuration.file=.*|nifi.flow.configuration.file='${MINIFI_HOME}'/conf/config.yml|g' \
         ${D}${MINIFI_HOME}/conf/minifi.properties
+    sed -i 's|nifi.python.processor.dir=.*|nifi.python.processor.dir=${libexecdir}/minifi-python|g' \
+        ${D}${MINIFI_HOME}/conf/minifi.properties
 
     sed -i 's|export MINIFI_HOME=.*|export MINIFI_HOME='${MINIFI_HOME}'|g' ${D}${MINIFI_BIN}/minifi.sh
     sed -i 's|bin_dir=${MINIFI_HOME}/bin|bin_dir='${MINIFI_BIN}'|g' ${D}${MINIFI_BIN}/minifi.sh
-- 
2.17.1

[hardknott 06/20] add CVE-2011-2411 to allowlist

[Armin Kuster]

From: Sekine Shigeki <sekine.shigeki@fujitsu.com>

This affects only on HP NonStop Server, so add it to allowlist.

Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bb4a4f0ff8d9926137cb152fd3f2808bd9f961ce)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-networking/recipes-connectivity/samba/samba_4.10.18.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb b/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb
index 166bf57279..018c748390 100644
--- a/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb
+++ b/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb
@@ -44,6 +44,10 @@ SRC_URI[sha256sum] = "7dcfc2aaaac565b959068788e6a43fc79ce2a03e7d523f5843f7a9fddf
 UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.10(\.\d+)+).tar.gz"
 
 inherit systemd waf-samba cpan-base perlnative update-rc.d
+
+# CVE-2011-2411 is valnerble only on HP NonStop Servers.
+CVE_CHECK_WHITELIST += "CVE-2011-2411" 
+
 # remove default added RDEPENDS on perl
 RDEPENDS_${PN}_remove = "perl"
 
-- 
2.17.1

[hardknott 07/20] cyrus-sasl: add CVE-2020-8032 to allowlist

[Armin Kuster]

From: "ito-yuichi@fujitsu.com" <ito-yuichi@fujitsu.com>

This affects only openSUSE, so add it to allowlist.

Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 711e932b14de57a5f341124470b2f3f131615a25)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.27.bb            | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.27.bb b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.27.bb
index 33de8ca7e2..c4b41ace8c 100644
--- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.27.bb
+++ b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.27.bb
@@ -96,3 +96,6 @@ FILES_${PN}-dbg       += "${libdir}/sasl2/.debug"
 FILES_${PN}-staticdev += "${libdir}/sasl2/*.a"
 
 INSANE_SKIP_${PN} += "dev-so"
+
+# CVE-2020-8032 affects only openSUSE
+CVE_CHECK_WHITELIST += "CVE-2020-8032"
-- 
2.17.1

[hardknott 08/20] initramfs-kexecboot-image: support cases where machines override IMAGE_FSTYPES

[Armin Kuster]

From: Andrea Adami <andrea.adami@gmail.com>

test case: zaurus.inc

IMAGE_FSTYPES ?= "tar.gz jffs2 jffs2.sum ubi ubifs"
IMAGE_FSTYPES_collie ?= "tar.gz jffs2 jffs2.sum"
INITRAMFS_FSTYPES ?= "cpio.gz cpio.xz"

The last assignment IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" did in fact
reset the value to IMAGE_FSTYPES_collie, thus not producing cpio.gz / cpio.xz.

Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cdce92b4e9e82327fe2b3118384c424d7f08cc0c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../recipes-core/images/initramfs-kexecboot-image.bb      | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/meta-initramfs/recipes-core/images/initramfs-kexecboot-image.bb b/meta-initramfs/recipes-core/images/initramfs-kexecboot-image.bb
index 9a686f366f..dd082ba529 100644
--- a/meta-initramfs/recipes-core/images/initramfs-kexecboot-image.bb
+++ b/meta-initramfs/recipes-core/images/initramfs-kexecboot-image.bb
@@ -1,9 +1,13 @@
 SUMMARY = "Initramfs image for kexecboot kernel"
 DESCRIPTION = "This image provides kexecboot (linux as bootloader) and helpers."
 
-inherit image
+# Some BSPs use IMAGE_FSTYPES_<machine override> which would override
+# an assignment to IMAGE_FSTYPES so we need anon python
+python () {
+    d.setVar("IMAGE_FSTYPES", d.getVar("INITRAMFS_FSTYPES"))
+}
 
-IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}"
+inherit image
 
 # avoid circular dependencies
 EXTRA_IMAGEDEPENDS = ""
-- 
2.17.1

[hardknott 09/20] initramfs-debug-image: support cases where machines override IMAGE_FSTYPES

[Armin Kuster]

From: Andrea Adami <andrea.adami@gmail.com>

As done for initramfs-kexecboot-image we need to use python to get the
desired value for IMAGE_FSTYPES.

Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 93e139c998857048182ed4169f04cfe350eab013)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../recipes-core/images/initramfs-debug-image.bb           | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/meta-initramfs/recipes-core/images/initramfs-debug-image.bb b/meta-initramfs/recipes-core/images/initramfs-debug-image.bb
index c3dcd2b821..601056b7e5 100644
--- a/meta-initramfs/recipes-core/images/initramfs-debug-image.bb
+++ b/meta-initramfs/recipes-core/images/initramfs-debug-image.bb
@@ -11,7 +11,12 @@ IMAGE_FEATURES = ""
 export IMAGE_BASENAME = "initramfs-debug-image"
 IMAGE_LINGUAS = ""
 
-IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}"
+# Some BSPs use IMAGE_FSTYPES_<machine override> which would override
+# an assignment to IMAGE_FSTYPES so we need anon python
+python () {
+    d.setVar("IMAGE_FSTYPES", d.getVar("INITRAMFS_FSTYPES"))
+}
+
 inherit core-image
 
 IMAGE_ROOTFS_SIZE = "8192"
-- 
2.17.1

[hardknott 10/20] rapidjson: remove stale LIB_INSTALL_DIR

[Armin Kuster]

From: Andrea Adami <andrea.adami@gmail.com>

This was introduced with commit:
 2e0fd78
 rapidjson: fix cmake artifacts installation for non-default BASELIB case

and should have been removed with commit:
 5aa127a
 rapidjson: Remove unwanted patches

NOTE: such multilib fixes are not needed after this commit in oe-core:
 24f630c cmake.bbclass: Define LIB_SUFFIX

Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0ceacaa68e212cc06ea7371a206bdbe21033cc05)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb b/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb
index 5b5c8b2570..ac803294e0 100644
--- a/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb
+++ b/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb
@@ -14,7 +14,7 @@ S = "${WORKDIR}/git"
 
 inherit cmake
 
-EXTRA_OECMAKE += "-DRAPIDJSON_BUILD_DOC=OFF -DRAPIDJSON_BUILD_TESTS=OFF -DRAPIDJSON_BUILD_EXAMPLES=OFF -DLIB_INSTALL_DIR:STRING=${libdir}"
+EXTRA_OECMAKE += "-DRAPIDJSON_BUILD_DOC=OFF -DRAPIDJSON_BUILD_TESTS=OFF -DRAPIDJSON_BUILD_EXAMPLES=OFF"
 
 # RapidJSON is a header-only C++ library, so the main package will be empty.
 
-- 
2.17.1

[hardknott 11/20] net-snmp: A little clean up

[Armin Kuster]

From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>

* Remove the explicit dependency on libnl as the libnl PACKAGECONFIG
  depends on it as necessary.
* Add a PACKAGECONFIG for systemd to replace modifying EXTRA_OECONF
  directly.
* Sort the PACKAGECONFIGs.
* Some whitespace clean up.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 411c981ef01b9965c22b7c35549dc95023169ea7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../net-snmp/net-snmp_5.9.1.bb                | 35 +++++++++----------
 1 file changed, 16 insertions(+), 19 deletions(-)

diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb
index d03961ab37..46aba3b81a 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb
@@ -5,7 +5,7 @@ LICENSE = "BSD & MIT"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=9d100a395a38584f2ec18a8275261687"
 
-DEPENDS = "openssl libnl pciutils"
+DEPENDS = "openssl pciutils"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \
            file://init \
@@ -41,24 +41,23 @@ CCACHE = ""
 
 TARGET_CC_ARCH += "${LDFLAGS}"
 
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} des smux"
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)} des smux"
+PACKAGECONFIG[des] = "--enable-des, --disable-des"
 PACKAGECONFIG[elfutils] = "--with-elf, --without-elf, elfutils"
+PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6"
 PACKAGECONFIG[libnl] = "--with-nl, --without-nl, libnl"
-
-PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,,"
-
-PACKAGECONFIG[perl] = "--enable-embedded-perl --with-perl-modules=yes, --disable-embedded-perl --with-perl-modules=no,\
-                       perl,"
-PACKAGECONFIG[des] = "--enable-des,--disable-des"
+PACKAGECONFIG[perl] = "--enable-embedded-perl --with-perl-modules=yes, --disable-embedded-perl --with-perl-modules=no, perl"
 PACKAGECONFIG[smux] = ""
-
-EXTRA_OECONF = "--enable-shared \
-                --disable-manuals \
-                --with-defaults \
-                --with-install-prefix=${D} \
-                --with-persistent-directory=${localstatedir}/lib/net-snmp \
-                ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '--with-endianness=little', '--with-endianness=big', d)} \
-                --with-mib-modules='${MIB_MODULES}' \
+PACKAGECONFIG[systemd] = "--with-systemd, --without-systemd"
+
+EXTRA_OECONF = " \
+    --enable-shared \
+    --disable-manuals \
+    --with-defaults \
+    --with-install-prefix=${D} \
+    --with-persistent-directory=${localstatedir}/lib/net-snmp \
+    --with-endianness=${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', 'little', 'big', d)} \
+    --with-mib-modules='${MIB_MODULES}' \
 "
 
 MIB_MODULES = ""
@@ -117,7 +116,7 @@ do_install_append() {
     install -d ${D}${systemd_unitdir}/system
     install -m 0644 ${WORKDIR}/snmpd.service ${D}${systemd_unitdir}/system
     install -m 0644 ${WORKDIR}/snmptrapd.service ${D}${systemd_unitdir}/system
-    sed    -e "s@^NSC_SRCDIR=.*@NSC_SRCDIR=.@g" \
+    sed -e "s@^NSC_SRCDIR=.*@NSC_SRCDIR=.@g" \
         -i ${D}${bindir}/net-snmp-create-v3-user
     sed -e 's@^NSC_SRCDIR=.*@NSC_SRCDIR=.@g' \
         -e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \
@@ -232,8 +231,6 @@ INITSCRIPT_PACKAGES = "${PN}-server-snmpd"
 INITSCRIPT_NAME_${PN}-server-snmpd = "snmpd"
 INITSCRIPT_PARAMS_${PN}-server-snmpd = "start 90 2 3 4 5 . stop 60 0 1 6 ."
 
-EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemd', '--without-systemd', d)}"
-
 SYSTEMD_PACKAGES = "${PN}-server-snmpd \
                     ${PN}-server-snmptrapd"
 
-- 
2.17.1

[hardknott 12/20] net-snmp: Support building for native

[Armin Kuster]

From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>

Due to the sed commands in do_install_append() that removed
${STAGING_DIR_HOST} and it being empty when building for native, it was
impossible to add support for building this as native using a bbappend.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 74d58bc6e8f53bff15d2c06865591c325ebb6a7f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../net-snmp/net-snmp_5.9.1.bb                 | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb
index 46aba3b81a..7c3d5babd8 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb
@@ -5,7 +5,8 @@ LICENSE = "BSD & MIT"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=9d100a395a38584f2ec18a8275261687"
 
-DEPENDS = "openssl pciutils"
+DEPENDS = "openssl"
+DEPENDS_append_class-target = " pciutils"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \
            file://init \
@@ -72,8 +73,10 @@ CACHED_CONFIGUREVARS = " \
     ac_cv_file__etc_printcap=no \
     NETSNMP_CONFIGURE_OPTIONS= \
 "
-export PERLPROG="${bindir}/env perl"
+PERLPROG = "${bindir}/env perl"
+PERLPROG_class-native = "${bindir_native}/env perl"
 PERLPROG_append = "${@bb.utils.contains('PACKAGECONFIG', 'perl', ' -I${WORKDIR}', '', d)}"
+export PERLPROG
 
 HAS_PERL = "${@bb.utils.contains('PACKAGECONFIG', 'perl', '1', '0', d)}"
 
@@ -126,11 +129,14 @@ do_install_append() {
         -e 's@[^ ]*--with-install-prefix=[^ "]*@@g' \
         -e 's@[^ ]*PKG_CONFIG_PATH=[^ "]*@@g' \
         -e 's@[^ ]*PKG_CONFIG_LIBDIR=[^ "]*@@g' \
-        -e 's@${STAGING_DIR_HOST}@@g' \
         -i ${D}${bindir}/net-snmp-config
 
-    sed -e 's@${STAGING_DIR_HOST}@@g' \
-        -i ${D}${libdir}/pkgconfig/netsnmp*.pc
+    # ${STAGING_DIR_HOST} is empty for native builds, and the sed command below
+    # will result in errors if run for native.
+    if [ "${STAGING_DIR_HOST}" ]; then
+        sed -e 's@${STAGING_DIR_HOST}@@g' \
+            -i ${D}${bindir}/net-snmp-config ${D}${libdir}/pkgconfig/netsnmp*.pc
+    fi
 
     sed -e "s@^NSC_INCLUDEDIR=.*@NSC_INCLUDEDIR=\$\{includedir\}@g" \
         -e "s@^NSC_LIBDIR=-L.*@NSC_LIBDIR=-L\$\{libdir\}@g" \
@@ -270,3 +276,5 @@ RCONFLICTS_${PN}-server-snmptrapd += "${PN}-server-snmptrapd-systemd"
 LEAD_SONAME = "libnetsnmp.so"
 
 MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/net-snmp-config"
+
+BBCLASSEXTEND = "native"
-- 
2.17.1

[hardknott 13/20] dovecot: add CVE-2016-4983 to allowlist

[Armin Kuster]

From: "ito-yuichi@fujitsu.com" <ito-yuichi@fujitsu.com>

CVE-2016-4983 affects only postinstall script on specific distribution, so add it to allowlist.

Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3613b50a84559ce771866cd1eef1141fa3e6d238)
[mkcert.sh does mask 077 first]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-networking/recipes-support/dovecot/dovecot_2.3.14.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-networking/recipes-support/dovecot/dovecot_2.3.14.bb b/meta-networking/recipes-support/dovecot/dovecot_2.3.14.bb
index c0f2863dbf..f767eb8430 100644
--- a/meta-networking/recipes-support/dovecot/dovecot_2.3.14.bb
+++ b/meta-networking/recipes-support/dovecot/dovecot_2.3.14.bb
@@ -71,3 +71,6 @@ FILES_${PN} += "${libdir}/dovecot/*plugin.so \
 FILES_${PN}-staticdev += "${libdir}/dovecot/*/*.a"
 FILES_${PN}-dev += "${libdir}/dovecot/libdovecot*.so"
 FILES_${PN}-dbg += "${libdir}/dovecot/*/.debug"
+
+# CVE-2016-4983 affects only postinstall script on specific distribution
+CVE_CHECK_WHITELIST += "CVE-2016-4983"
-- 
2.17.1

[hardknott 14/20] minifi-cpp: set CLEANBROKEN to 1

[Armin Kuster]

From: Chen Qi <Qi.Chen@windriver.com>

Rebuilding minifi-cpp in old build dir sometimes result
in do_compile failure. So set CLEANBROKEN to "1" to workaround
this problem. If further investigation is done and the underlying
problem is addressed, this setting could be removed.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a9e17243875b82dba698924cf2f1d31408127521)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb b/meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb
index 5b27601c04..68d83eb008 100644
--- a/meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb
+++ b/meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb
@@ -138,3 +138,5 @@ pkg_postinst_${PN}() {
         fi
     fi
 }
+
+CLEANBROKEN = "1"
-- 
2.17.1

[hardknott 15/20] cifs-utils: set ROOTSBINDIR to /usr/sbin if DISTRO_FEATURES has usrmerge

[Armin Kuster]

From: Geoff Parker <geoffrey.parker@arthrex.com>

Fixes cif-utils recipe build when DISTRO_FEATURES includes 'usrmerge'

Add do_configure_prepend() to override ROOTSSBINDIR environment variable
so that the utilities are installed in /usr/sbin rather than /sbin.
Setting --exec-prefix or --prefix in EXTRA_OECONF does not work.

Update do_install_append() to NOT remove /usr/bin /usr/sbin if usrmerge
is set in DISTRO_FEATURES

Signed-off-by: Geoff Parker <geoffrey.parker@arthrex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3c1e72d62ccf2c2f94bf280a2500e23fdb01a57c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../recipes-support/cifs/cifs-utils_6.13.bb     | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/meta-networking/recipes-support/cifs/cifs-utils_6.13.bb b/meta-networking/recipes-support/cifs/cifs-utils_6.13.bb
index 41a9b8e76a..bf8b18043a 100644
--- a/meta-networking/recipes-support/cifs/cifs-utils_6.13.bb
+++ b/meta-networking/recipes-support/cifs/cifs-utils_6.13.bb
@@ -22,10 +22,21 @@ PACKAGECONFIG[pam] = "--enable-pam --with-pamdir=${base_libdir}/security,--disab
 
 inherit autotools pkgconfig
 
+do_configure_prepend() {
+    # want installed to /usr/sbin rather than /sbin to be DISTRO_FEATURES usrmerge compliant
+    # must override ROOTSBINDIR (default '/sbin'),
+    # setting --exec-prefix or --prefix in EXTRA_OECONF does not work
+    if ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','true','fakse',d)}; then
+        export ROOTSBINDIR=${sbindir}
+    fi
+}
+
 do_install_append() {
-    # Remove empty /usr/bin and /usr/sbin directories since the mount helper
-    # is installed to /sbin
-    rmdir --ignore-fail-on-non-empty ${D}${bindir} ${D}${sbindir}
+    if ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','false','true',d)}; then
+        # Remove empty /usr/bin and /usr/sbin directories since the mount helper
+        # is installed to /sbin
+        rmdir --ignore-fail-on-non-empty ${D}${bindir} ${D}${sbindir}
+    fi
 }
 
 FILES_${PN} += "${base_libdir}/security"
-- 
2.17.1

[hardknott 16/20] ntp: add CVE-2016-9312 to allowlist

[Armin Kuster]

From: Sekine Shigeki <sekine.shigeki@fujitsu.com>

Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 04a7dce6259b43234e0f815dfc1415eca693eddf)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
index 7e168825e0..e668113c50 100644
--- a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
+++ b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
@@ -26,6 +26,9 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g
 
 SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19"
 
+# CVE-2016-9312 is only for windows.
+CVE_CHECK_WHITELIST += "CVE-2016-9312"
+
 inherit autotools update-rc.d useradd systemd pkgconfig
 
 # The ac_cv_header_readline_history is to stop ntpdc depending on either
-- 
2.17.1

[hardknott 17/20] python3-django: upgrade 2.2.22 -> 2.2.23

[Armin Kuster]

From: Trevor Gamblin <trevor.gamblin@windriver.com>

2.2.23 is a bugfix release:

- Fixed a regression in Django 2.2.21 where saving FileField would raise a
  SuspiciousFileOperation even when a custom upload_to returns a valid
  file path (#32718).

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit f07a8c1376fe9f5eb4fc0ddff8ca1a1b3c3f173b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../{python3-django_2.2.22.bb => python3-django_2.2.23.bb}    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-python/recipes-devtools/python/{python3-django_2.2.22.bb => python3-django_2.2.23.bb} (41%)

diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.22.bb b/meta-python/recipes-devtools/python/python3-django_2.2.23.bb
similarity index 41%
rename from meta-python/recipes-devtools/python/python3-django_2.2.22.bb
rename to meta-python/recipes-devtools/python/python3-django_2.2.23.bb
index a0b8840259..ab4b68fc87 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.22.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.23.bb
@@ -1,8 +1,8 @@
 require python-django.inc
 inherit setuptools3
 
-SRC_URI[md5sum] = "dca447b605dcabd924ac7ba17680cf73"
-SRC_URI[sha256sum] = "db2214db1c99017cbd971e58824e6f424375154fe358afc30e976f5b99fc6060"
+SRC_URI[md5sum] = "d72405637143e201b745714e300bb546"
+SRC_URI[sha256sum] = "12cfc045a4ccb2348719aaaa77b17e66a26bff9fc238b4c765a3e825ef92e414"
 
 RDEPENDS_${PN} += "\
     ${PYTHON_PN}-sqlparse \
-- 
2.17.1

[hardknott 18/20] python3-django: upgrade 3.2.2 -> 3.2.3

[Armin Kuster]

From: Trevor Gamblin <trevor.gamblin@windriver.com>

3.2.3 is a bugfix release:

- Prepared for mysqlclient > 2.0.3 support (#32732).
- Fixed a regression in Django 3.2 that caused the incorrect
  filtering of querysets combined with the | operator (#32717).
- Fixed a regression in Django 3.2.1 where saving FileField
  would raise a SuspiciousFileOperation even when a custom
  upload_to returns a valid file path (#32718).

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit bdf1be7c5511f3d19e4786b9f2bcad88dfb2a9e4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../python/{python3-django_3.2.2.bb => python3-django_3.2.3.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-django_3.2.2.bb => python3-django_3.2.3.bb} (77%)

diff --git a/meta-python/recipes-devtools/python/python3-django_3.2.2.bb b/meta-python/recipes-devtools/python/python3-django_3.2.3.bb
similarity index 77%
rename from meta-python/recipes-devtools/python/python3-django_3.2.2.bb
rename to meta-python/recipes-devtools/python/python3-django_3.2.3.bb
index 7deac2ca9b..7a9611ca12 100644
--- a/meta-python/recipes-devtools/python/python3-django_3.2.2.bb
+++ b/meta-python/recipes-devtools/python/python3-django_3.2.3.bb
@@ -1,7 +1,7 @@
 require python-django.inc
 inherit setuptools3
 
-SRC_URI[sha256sum] = "0a1d195ad65c52bf275b8277b3d49680bd1137a5f55039a806f25f6b9752ce3d"
+SRC_URI[sha256sum] = "13ac78dbfd189532cad8f383a27e58e18b3d33f80009ceb476d7fcbfc5dcebd8"
 
 RDEPENDS_${PN} += "\
     ${PYTHON_PN}-sqlparse \
-- 
2.17.1

[hardknott 19/20] python3-django: Upgrade 3.2.3 -> 3.2.4

[Armin Kuster]

From: Leon Anavi <leon.anavi@konsulko.com>

Upgrade to release 3.2.4:

- CVE-2021-33203: Potential directory traversal via admindocs
- CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks
  since validators accepted leading zeros in IPv4 addresses
- Fixed a bug in Django 3.2 where a final catch-all view in the
  admin didn't respect the server-provided value of SCRIPT_NAME
  when redirecting unauthenticated users to the login page.
- Fixed a bug in Django 3.2 where a system check would crash on an
  abstract model
- Prevented unnecessary initialization of unused caches following
  a regression in Django 3.2
- Fixed a crash in Django 3.2 that could occur when running
  mod_wsgi with the recommended settings while the Windows
  colorama library was installed
- Fixed a bug in Django 3.2 that would trigger the auto-reloader
  for template changes when directory paths were specified with
  strings
- Fixed a regression in Django 3.2 that caused a crash of
  auto-reloader with AttributeError, e.g. inside a Conda
  environment
- Fixed a regression in Django 3.2 that caused a loss of precision
  for operations with DecimalField on MySQL

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 624e3e18982775d2ea88e55e16d179420f0575fc)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../python/{python3-django_3.2.3.bb => python3-django_3.2.4.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-django_3.2.3.bb => python3-django_3.2.4.bb} (77%)

diff --git a/meta-python/recipes-devtools/python/python3-django_3.2.3.bb b/meta-python/recipes-devtools/python/python3-django_3.2.4.bb
similarity index 77%
rename from meta-python/recipes-devtools/python/python3-django_3.2.3.bb
rename to meta-python/recipes-devtools/python/python3-django_3.2.4.bb
index 7a9611ca12..52504885e5 100644
--- a/meta-python/recipes-devtools/python/python3-django_3.2.3.bb
+++ b/meta-python/recipes-devtools/python/python3-django_3.2.4.bb
@@ -1,7 +1,7 @@
 require python-django.inc
 inherit setuptools3
 
-SRC_URI[sha256sum] = "13ac78dbfd189532cad8f383a27e58e18b3d33f80009ceb476d7fcbfc5dcebd8"
+SRC_URI[sha256sum] = "66c9d8db8cc6fe938a28b7887c1596e42d522e27618562517cc8929eb7e7f296"
 
 RDEPENDS_${PN} += "\
     ${PYTHON_PN}-sqlparse \
-- 
2.17.1

[hardknott 20/20] python3-django: upgrade 2.2.23 -> 2.2.24

[Armin Kuster]

From: Trevor Gamblin <trevor.gamblin@windriver.com>

Version 2.2.24 contains a fix for CVE-2021-33571 and is the latest LTS
release.

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fa2d3338fb87a38a66d11735b876ce2320045b0d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../{python3-django_2.2.23.bb => python3-django_2.2.24.bb}    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-python/recipes-devtools/python/{python3-django_2.2.23.bb => python3-django_2.2.24.bb} (41%)

diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.23.bb b/meta-python/recipes-devtools/python/python3-django_2.2.24.bb
similarity index 41%
rename from meta-python/recipes-devtools/python/python3-django_2.2.23.bb
rename to meta-python/recipes-devtools/python/python3-django_2.2.24.bb
index ab4b68fc87..964ca6ba03 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.23.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.24.bb
@@ -1,8 +1,8 @@
 require python-django.inc
 inherit setuptools3
 
-SRC_URI[md5sum] = "d72405637143e201b745714e300bb546"
-SRC_URI[sha256sum] = "12cfc045a4ccb2348719aaaa77b17e66a26bff9fc238b4c765a3e825ef92e414"
+SRC_URI[md5sum] = "ebf3bbb7716a7b11029e860475b9a122"
+SRC_URI[sha256sum] = "3339ff0e03dee13045aef6ae7b523edff75b6d726adf7a7a48f53d5a501f7db7"
 
 RDEPENDS_${PN} += "\
     ${PYTHON_PN}-sqlparse \
-- 
2.17.1