* [dunfell 0/5] Patch review Dec 2 @ 2021-12-02 12:19 Armin Kuster 2021-12-02 12:19 ` [dunfell 2/5] nss: Fix CVE-2020-12403 Armin Kuster ` (3 more replies) 0 siblings, 4 replies; 5+ messages in thread From: Armin Kuster @ 2021-12-02 12:19 UTC (permalink / raw) To: openembedded-devel Please have comments back by Saturday. The following changes since commit 7889158dcd187546fc5e99fd81d0779cad3e8d17: python3-fasteners: update 0.15 -> 0.16.3 (2021-11-02 08:34:34 -0700) are available in the Git repository at: git://git.openembedded.org/meta-openembedded-contrib stable/dunfell-nut http://cgit.openembedded.org/meta-openembedded-contrib/log/?h=stable/dunfell-nut Armin Kuster (1): recipes: Update SRC_URI branch and protocols Marta Rybczynska (1): jansson: whitelist CVE-2020-36325 Martin Jansa (1): sdbus-c++: don't fetch googletest during do_configure Ranjitsinh Rathod (1): nss: Fix CVE-2020-12403 lumag (1): lmsensors: do not depend on lmsensors-isatools on non-x86 .../logfsprogs/logfsprogs_git.bb | 2 +- .../recipes-filesystems/owfs/owfs_3.2p3.bb | 2 +- .../sshfs-fuse/sshfs-fuse_3.7.0.bb | 2 +- .../unionfs-fuse/unionfs-fuse_2.1.bb | 2 +- .../f2fs-tools/f2fs-tools_1.13.0.bb | 2 +- .../recipes-utils/fatcat/fatcat_1.1.0.bb | 2 +- .../fatresize/fatresize_1.0.2.bb | 2 +- .../recipes-utils/ufs-utils/ufs-utils_git.bb | 2 +- .../libchamplain/libchamplain_0.12.20.bb | 2 +- meta-gnome/recipes-support/ibus/ibus.inc | 2 +- .../keybinder/keybinder_3.0.bb | 2 +- .../recipes-support/libhandy/libhandy_git.bb | 2 +- .../libstemmer/libstemmer_git.bb | 2 +- .../recipes-support/libwacom/libwacom_0.33.bb | 2 +- .../recipes-bsp/kexecboot/kexecboot_git.bb | 2 +- .../recipes-devtools/dracut/dracut_git.bb | 2 +- .../recipes-devtools/grubby/grubby_8.40.bb | 2 +- .../recipes-devtools/grubby/grubby_git.bb | 2 +- .../mtd/ubi-utils-klibc_2.0.2.bb | 2 +- .../kexec/kexec-tools-klibc_git.bb | 2 +- .../libupnp/libupnp_git.bb | 2 +- .../recipes-dvb/tvheadend/tvheadend_git.bb | 2 +- .../recipes-multimedia/dca/dcadec_0.2.0.bb | 2 +- .../dleyna/dleyna-connector-dbus_0.3.0.bb | 2 +- .../dleyna/dleyna-core_0.6.0.bb | 2 +- .../dleyna/dleyna-renderer_0.6.0.bb | 2 +- .../dleyna/dleyna-server_0.6.0.bb | 2 +- .../fdk-aac/fdk-aac_2.0.1.bb | 2 +- .../fluidsynth/fluidsynth.inc | 2 +- .../recipes-multimedia/gerbera/gerbera_git.bb | 2 +- .../gstreamer-1.0/gst-shark_git.bb | 2 +- .../recipes-multimedia/libcamera/libcamera.bb | 2 +- .../libdvbcsa/libdvbcsa_1.1.0.bb | 2 +- .../libsquish/libsquish_git.bb | 2 +- .../recipes-multimedia/mimic/mimic_1.2.0.2.bb | 2 +- .../musicbrainz/libmusicbrainz_git.bb | 2 +- .../musicpd/libmpdclient_2.16.bb | 2 +- .../recipes-multimedia/musicpd/mpc_0.31.bb | 2 +- .../recipes-multimedia/musicpd/mpd_0.20.22.bb | 2 +- .../recipes-multimedia/musicpd/ncmpc_0.34.bb | 2 +- .../mycroft/mycroft_19.8.1.bb | 2 +- .../openal/openal-soft_1.19.1.bb | 2 +- .../rtmpdump/rtmpdump_2.4.bb | 2 +- .../recipes-multimedia/tinyalsa/tinyalsa.bb | 2 +- .../tremor/tremor_20180319.bb | 2 +- .../recipes-support/crossguid/crossguid.bb | 2 +- .../gst-instruments/gst-instruments_git.bb | 2 +- .../cannelloni/cannelloni_git.bb | 2 +- .../civetweb/civetweb_git.bb | 2 +- .../dibbler/dibbler_git.bb | 2 +- .../freeradius/freeradius_3.0.20.bb | 2 +- .../libdnet/libdnet_1.12.bb | 2 +- .../nanomsg/nanomsg_1.1.5.bb | 2 +- .../recipes-connectivity/nanomsg/nng_1.2.5.bb | 2 +- .../netplan/netplan_0.98.bb | 2 +- .../openconnect/openconnect_8.03.bb | 2 +- .../recipes-connectivity/relayd/relayd_git.bb | 2 +- .../recipes-connectivity/vpnc/vpnc_0.5.3.bb | 2 +- .../wolfssl/wolfssl_4.4.0.bb | 2 +- .../recipes-daemons/atftp/atftp_0.7.2.bb | 2 +- .../cyrus-sasl/cyrus-sasl_2.1.27.bb | 2 +- .../iscsi-initiator-utils_2.1.3.bb | 2 +- .../networkd-dispatcher_2.0.1.bb | 2 +- .../arno-iptables-firewall_2.1.0.bb | 2 +- .../libnetfilter/libnetfilter-log_1.0.1.bb | 2 +- .../libnetfilter/libnetfilter-queue_1.0.3.bb | 2 +- .../recipes-filter/libnftnl/libnftnl_1.1.7.bb | 2 +- meta-networking/recipes-irc/znc/znc_1.7.5.bb | 4 +- .../wireguard-module_1.0.20200401.bb | 2 +- .../wireguard/wireguard-tools_1.0.20200319.bb | 2 +- .../recipes-protocols/babeld/babeld_1.9.1.bb | 2 +- .../recipes-protocols/openflow/openflow.inc | 2 +- .../recipes-protocols/xl2tpd/xl2tpd_1.3.14.bb | 2 +- .../arptables/arptables_git.bb | 2 +- .../bridge-utils/bridge-utils_1.6.bb | 2 +- .../recipes-support/cifs/cifs-utils_6.10.bb | 2 +- .../recipes-support/curlpp/curlpp_0.8.1.bb | 2 +- .../recipes-support/drbd/drbd-utils_9.12.0.bb | 4 +- .../recipes-support/geoip/geoip-perl_1.51.bb | 2 +- .../recipes-support/geoip/geoip_1.6.12.bb | 2 +- .../ifenslave/ifenslave_2.9.bb | 2 +- .../recipes-support/ipcalc/ipcalc_0.2.3.bb | 2 +- .../lksctp-tools/lksctp-tools_1.0.18.bb | 2 +- .../lowpan-tools/lowpan-tools_git.bb | 2 +- .../recipes-support/mtr/mtr_0.93.bb | 2 +- .../recipes-support/nbdkit/nbdkit_git.bb | 2 +- .../recipes-support/ndisc6/ndisc6_git.bb | 2 +- .../recipes-support/netcf/netcf_0.2.8.bb | 2 +- .../recipes-support/netperf/netperf_git.bb | 2 +- .../recipes-support/nis/yp-tools_4.2.3.bb | 2 +- .../recipes-support/ntimed/ntimed_git.bb | 2 +- .../open-isns/open-isns_0.99.bb | 2 +- .../recipes-support/phytool/phytool.bb | 2 +- .../rdma-core/rdma-core_28.0.bb | 2 +- .../smcroute/smcroute_2.4.4.bb | 2 +- .../spice/spice-protocol_git.bb | 2 +- .../recipes-support/spice/spice_git.bb | 4 +- .../recipes-support/spice/usbredir_0.8.0.bb | 2 +- .../recipes-support/unbound/unbound_1.9.4.bb | 2 +- .../wpan-tools/wpan-tools_0.9.bb | 2 +- .../speedtest-cli/speedtest-cli_2.1.2.bb | 2 +- .../recipes-bsp/rwmem/rwmem_1.2.bb | 2 +- .../recipes-dbs/mongodb/mongodb_git.bb | 2 +- .../recipes-extended/lcdproc/lcdproc_git.bb | 2 +- .../cpuburn/cpuburn-arm_git.bb | 2 +- meta-oe/recipes-benchmark/fio/fio_3.17.bb | 2 +- .../recipes-benchmark/glmark2/glmark2_git.bb | 2 +- .../recipes-benchmark/iperf3/iperf3_3.7.bb | 2 +- .../libc-bench/libc-bench_git.bb | 2 +- .../libhugetlbfs/libhugetlbfs_git.bb | 2 +- .../stressapptest/stressapptest_1.0.9.bb | 2 +- .../tinymembench/tinymembench_git.bb | 2 +- .../cpufrequtils/cpufrequtils_008.bb | 2 +- .../recipes-bsp/edac-utils/edac-utils_git.bb | 2 +- meta-oe/recipes-bsp/ledmon/ledmon_git.bb | 2 +- .../recipes-bsp/lm_sensors/lmsensors_3.6.0.bb | 4 +- .../recipes-bsp/nvme-cli/nvme-cli_1.10.1.bb | 2 +- .../gattlib/gattlib_git.bb | 2 +- .../gensio/gensio_1.5.3.bb | 2 +- meta-oe/recipes-connectivity/iwd/iwd_1.9.bb | 2 +- .../libimobiledevice/libimobiledevice_git.bb | 2 +- .../recipes-connectivity/libndp/libndp_1.7.bb | 2 +- .../libtorrent/libtorrent_git.bb | 2 +- .../libuv/libuv_1.36.0.bb | 2 +- .../paho-mqtt-c/paho-mqtt-c_1.3.2.bb | 2 +- .../rabbitmq-c/rabbitmq-c_0.10.0.bb | 2 +- .../rtorrent/rtorrent_git.bb | 2 +- .../usbmuxd/usbmuxd_git.bb | 2 +- .../wifi-test-suite/wifi-test-suite_git.bb | 2 +- .../recipes-connectivity/zeromq/cppzmq_git.bb | 2 +- .../dbus/dbus-daemon-proxy_git.bb | 2 +- meta-oe/recipes-core/emlog/emlog.inc | 2 +- meta-oe/recipes-core/glfw/glfw_3.3.bb | 2 +- meta-oe/recipes-core/libnfc/libnfc_git.bb | 2 +- meta-oe/recipes-core/mdbus2/mdbus2_git.bb | 2 +- meta-oe/recipes-core/ndctl/ndctl_v67.bb | 2 +- .../opencl-headers/opencl-headers_git.bb | 2 +- .../opencl-icd-loader_git.bb | 2 +- meta-oe/recipes-core/safec/safec_3.5.1.bb | 2 +- ...d-googletest-in-the-system-before-do.patch | 96 +++++++++++++++++++ .../sdbus-c++/sdbus-c++-libsystemd_243.bb | 2 +- .../recipes-core/sdbus-c++/sdbus-c++_0.8.1.bb | 9 +- .../recipes-crypto/libkcapi/libkcapi_git.bb | 2 +- .../pkcs11-helper/pkcs11-helper_1.26.bb | 2 +- meta-oe/recipes-dbs/leveldb/leveldb_1.22.bb | 2 +- meta-oe/recipes-dbs/rocksdb/rocksdb_git.bb | 2 +- .../abseil-cpp/abseil-cpp_git.bb | 2 +- .../bootchart/bootchart_git.bb | 2 +- .../recipes-devtools/breakpad/breakpad_git.bb | 10 +- .../capnproto/capnproto_0.7.0.bb | 2 +- .../recipes-devtools/cjson/cjson_1.7.13.bb | 2 +- .../concurrencykit/concurrencykit_git.bb | 2 +- .../dnf-plugin-tui/dnf-plugin-tui_git.bb | 2 +- .../flatbuffers/flatbuffers_1.12.0.bb | 2 +- meta-oe/recipes-devtools/grpc/grpc_1.24.3.bb | 2 +- .../recipes-devtools/guider/guider_3.9.7.bb | 2 +- .../recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb | 2 +- .../recipes-devtools/jsonrpc/jsonrpc_1.3.0.bb | 2 +- .../recipes-devtools/lapack/lapack_3.9.0.bb | 2 +- .../libsombok3/libsombok3_2.4.0.bb | 2 +- .../recipes-devtools/libubox/libubox_git.bb | 2 +- meta-oe/recipes-devtools/ltrace/ltrace_git.bb | 2 +- .../luaposix/luaposix_33.4.0.bb | 2 +- .../msgpack/msgpack-c_3.2.1.bb | 2 +- .../recipes-devtools/nanopb/nanopb_0.4.0.bb | 2 +- .../nlohmann-fifo/nlohmann-fifo_git.bb | 2 +- .../nlohmann-json/nlohmann-json_3.7.3.bb | 2 +- .../recipes-devtools/openocd/openocd_git.bb | 8 +- meta-oe/recipes-devtools/pcimem/pcimem_2.0.bb | 2 +- .../perl/ipc-run_20180523.0.bb | 2 +- .../perl/libdbd-mysql-perl_4.050.bb | 2 +- .../perl/libjson-perl_4.02000.bb | 2 +- meta-oe/recipes-devtools/ply/ply_git.bb | 2 +- .../recipes-devtools/pmtools/pmtools_git.bb | 2 +- .../protobuf/protobuf-c_1.3.3.bb | 2 +- .../protobuf/protobuf_3.11.4.bb | 2 +- .../rapidjson/rapidjson_git.bb | 2 +- .../serialcheck/serialcheck_1.0.0.bb | 2 +- .../sqlite-orm/sqlite-orm_1.5.bb | 2 +- meta-oe/recipes-devtools/tclap/tclap_1.2.2.bb | 2 +- .../recipes-devtools/uftrace/uftrace_0.9.4.bb | 2 +- .../recipes-devtools/valijson/valijson_git.bb | 2 +- .../xmlrpc-c/xmlrpc-c_1.51.03.bb | 2 +- meta-oe/recipes-devtools/yajl/yajl_1.0.12.bb | 2 +- meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb | 2 +- meta-oe/recipes-devtools/yasm/yasm_git.bb | 2 +- .../recipes-extended/brotli/brotli_1.0.7.bb | 2 +- .../cmpi-bindings/cmpi-bindings_1.0.1.bb | 2 +- .../dlt-daemon/dlt-daemon_2.18.7.bb | 2 +- .../docopt.cpp/docopt.cpp_git.bb | 2 +- .../dumb-init/dumb-init_1.2.2.bb | 2 +- meta-oe/recipes-extended/figlet/figlet_git.bb | 2 +- .../haveged/haveged_1.9.13.bb | 2 +- .../recipes-extended/hexedit/hexedit_1.4.2.bb | 2 +- .../hiredis/hiredis_0.14.0.bb | 2 +- meta-oe/recipes-extended/iotop/iotop_0.6.bb | 2 +- .../isomd5sum/isomd5sum_1.2.3.bb | 2 +- .../jansson/jansson_2.13.1.bb | 3 + .../jpnevulator/jpnevulator_git.bb | 2 +- .../konkretcmpi/konkretcmpi_0.9.2.bb | 2 +- .../libblockdev/libblockdev_2.24.bb | 2 +- meta-oe/recipes-extended/libcec/libcec_git.bb | 2 +- .../libdivecomputer/libdivecomputer_git.bb | 2 +- .../libimobiledevice/libplist_2.1.0.bb | 2 +- .../libimobiledevice/libusbmuxd_git.bb | 2 +- .../liblightmodbus/liblightmodbus_2.0.2.bb | 2 +- .../libnss-nisplus/libnss-nisplus.bb | 2 +- meta-oe/recipes-extended/libqb/libqb_1.0.5.bb | 2 +- .../libreport/libreport_2.10.0.bb | 2 +- .../recipes-extended/libuio/libuio_0.2.1.bb | 2 +- .../recipes-extended/md5deep/md5deep_git.bb | 2 +- meta-oe/recipes-extended/mraa/mraa_git.bb | 2 +- .../openwsman/openwsman_2.6.11.bb | 2 +- .../recipes-extended/ostree/ostree_2020.3.bb | 2 +- .../p8platform/p8platform_git.bb | 2 +- .../pam/pam-plugin-ccreds_11.bb | 2 +- .../pam/pam-plugin-ldapdb_1.3.bb | 2 +- meta-oe/recipes-extended/pmdk/pmdk_1.7.bb | 2 +- .../recipes-extended/rrdtool/rrdtool_1.7.2.bb | 2 +- .../rsyslog/libfastjson_0.99.8.bb | 2 +- .../recipes-extended/rsyslog/librelp_1.5.0.bb | 2 +- .../recipes-extended/sanlock/sanlock_3.8.0.bb | 2 +- .../recipes-extended/sedutil/sedutil_git.bb | 2 +- .../socketcan/can-isotp_git.bb | 2 +- .../socketcan/can-utils_git.bb | 2 +- .../socketcan/canutils_4.0.6.bb | 2 +- .../socketcan/libsocketcan_0.0.11.bb | 2 +- meta-oe/recipes-extended/sysdig/sysdig_git.bb | 2 +- .../tipcutils/tipcutils_git.bb | 2 +- .../triggerhappy/triggerhappy_git.bb | 2 +- meta-oe/recipes-extended/upm/upm_git.bb | 2 +- meta-oe/recipes-extended/wipe/wipe_0.24.bb | 2 +- .../wxwidgets/wxwidgets_git.bb | 2 +- meta-oe/recipes-extended/zlog/zlog_1.2.14.bb | 2 +- meta-oe/recipes-extended/zstd/zstd_1.4.5.bb | 2 +- meta-oe/recipes-gnome/pyxdg/pyxdg_0.26.bb | 2 +- .../dietsplash/dietsplash_git.bb | 2 +- .../dnfdragora/dnfdragora_git.bb | 2 +- .../recipes-graphics/fbgrab/fbgrab_1.3.3.bb | 2 +- .../fontforge/fontforge_20190801.bb | 2 +- meta-oe/recipes-graphics/fvwm/fvwm_2.6.9.bb | 2 +- meta-oe/recipes-graphics/glm/glm_0.9.9.6.bb | 2 +- .../graphviz/graphviz_2.40.1.bb | 2 +- .../recipes-graphics/jasper/jasper_2.0.16.bb | 2 +- .../libvncserver/libvncserver_0.9.12.bb | 2 +- .../libyui/libyui-ncurses_2.52.0.bb | 2 +- .../recipes-graphics/libyui/libyui_3.6.0.bb | 2 +- .../openjpeg/openjpeg_2.3.1.bb | 2 +- .../recipes-graphics/qrencode/qrencode_git.bb | 2 +- .../renderdoc/renderdoc_1.7.bb | 2 +- .../spir/spirv-shader-generator_git.bb | 2 +- .../recipes-graphics/spir/spirv-tools_git.bb | 10 +- .../tesseract/tesseract-lang_4.0.0.bb | 2 +- .../tesseract/tesseract_git.bb | 2 +- .../tigervnc/tigervnc_1.10.1.bb | 2 +- .../ttf-fonts/ttf-droid_git.bb | 2 +- .../recipes-graphics/ttf-fonts/ttf-lohit_2.bb | 2 +- .../ttf-fonts/ttf-noto-emoji_20190815.bb | 2 +- .../unclutter-xfixes/unclutter-xfixes_1.5.bb | 2 +- .../recipes-graphics/vdpau/libvdpau_1.3.bb | 2 +- .../recipes-graphics/x11vnc/x11vnc_0.9.16.bb | 2 +- .../xorg-driver/xf86-video-armsoc_1.4.1.bb | 2 +- meta-oe/recipes-graphics/yad/yad_6.0.bb | 2 +- .../agent-proxy/agent-proxy_1.97.bb | 2 +- .../broadcom-bt-firmware_git.bb | 2 +- meta-oe/recipes-kernel/crash/crash_7.2.8.bb | 2 +- meta-oe/recipes-kernel/kpatch/kpatch.inc | 2 +- .../minicoredumper/minicoredumper_2.0.1.bb | 2 +- .../recipes-kernel/pm-graph/pm-graph_5.5.bb | 2 +- meta-oe/recipes-multimedia/jack/a2jmidid_9.bb | 2 +- .../recipes-multimedia/jack/jack_1.19.14.bb | 2 +- .../libass/libass_0.14.0.bb | 2 +- .../recipes-multimedia/mplayer/mpv_0.32.0.bb | 2 +- .../pipewire/pipewire-0.2_git.bb | 2 +- .../pipewire/pipewire_git.bb | 2 +- .../recipes-multimedia/v4l2apps/yavta_git.bb | 2 +- .../recipes-multimedia/webm/libvpx_1.8.2.bb | 2 +- .../recipes-security/softhsm/softhsm_git.bb | 2 +- .../ace-cloud-editor/ace-cloud-editor_git.bb | 2 +- meta-oe/recipes-support/avro/avro-c_1.9.2.bb | 2 +- meta-oe/recipes-support/bdwgc/bdwgc_8.0.4.bb | 2 +- .../recipes-support/c-ares/c-ares_1.16.1.bb | 2 +- .../ceres-solver/ceres-solver_1.14.0.bb | 2 +- meta-oe/recipes-support/cli11/cli11_1.8.0.bb | 2 +- meta-oe/recipes-support/cmark/cmark_git.bb | 2 +- .../daemonize/daemonize_git.bb | 2 +- .../digitemp/digitemp_3.7.2.bb | 2 +- meta-oe/recipes-support/dstat/dstat_0.7.4.bb | 2 +- meta-oe/recipes-support/epeg/epeg_git.bb | 2 +- meta-oe/recipes-support/fmt/fmt_6.2.0.bb | 2 +- .../recipes-support/freerdp/freerdp_git.bb | 2 +- .../function2/function2_4.0.0.bb | 2 +- meta-oe/recipes-support/gd/gd_2.3.0.bb | 2 +- .../recipes-support/gflags/gflags_2.2.2.bb | 2 +- meta-oe/recipes-support/glog/glog_0.3.5.bb | 2 +- .../gnulib/gnulib_2018-03-07.03.bb | 2 +- .../gperftools/gperftools_2.7.90.bb | 2 +- meta-oe/recipes-support/gpm/gpm_git.bb | 2 +- meta-oe/recipes-support/hidapi/hidapi_git.bb | 2 +- .../hunspell/hunspell-dictionaries.bb | 2 +- .../hunspell/hunspell_1.7.0.bb | 2 +- meta-oe/recipes-support/hwdata/hwdata_git.bb | 2 +- .../recipes-support/iksemel/iksemel_1.5.bb | 2 +- .../imagemagick/imagemagick_7.0.9.bb | 2 +- meta-oe/recipes-support/inih/libinih_git.bb | 2 +- .../iniparser/iniparser_4.1.bb | 2 +- .../inotify-tools/inotify-tools_git.bb | 2 +- .../libatasmart/libatasmart_0.19.bb | 2 +- .../libbytesize/libbytesize_2.2.bb | 2 +- .../libcereal/libcereal_1.3.0.bb | 2 +- .../libcyusbserial/libcyusbserial_git.bb | 2 +- .../recipes-support/libfann/libfann_git.bb | 2 +- .../recipes-support/libgit2/libgit2_0.28.4.bb | 2 +- .../recipes-support/libgusb/libgusb_git.bb | 2 +- .../recipes-support/libharu/libharu_2.3.0.bb | 2 +- meta-oe/recipes-support/libiio/libiio_git.bb | 2 +- .../libmimetic/libmimetic_0.9.8.bb | 2 +- .../recipes-support/libmxml/libmxml_3.1.bb | 2 +- .../recipes-support/libp11/libp11_0.4.10.bb | 2 +- .../librsync/librsync_2.3.1.bb | 2 +- .../recipes-support/libsoc/libsoc_0.8.2.bb | 2 +- .../recipes-support/libteam/libteam_1.30.bb | 2 +- .../libtinyxml2/libtinyxml2_8.0.0.bb | 2 +- .../recipes-support/libusbg/libusbg_git.bb | 2 +- .../recipes-support/libusbgx/libusbgx_git.bb | 2 +- .../libutempter/libutempter.bb | 2 +- .../lio-utils/lio-utils_4.1.bb | 2 +- meta-oe/recipes-support/lvm2/lvm2.inc | 2 +- .../recipes-support/mcelog/mce-inject_git.bb | 2 +- .../recipes-support/mcelog/mce-test_git.bb | 2 +- meta-oe/recipes-support/mcelog/mcelog_168.bb | 2 +- .../multipath-tools/multipath-tools_0.8.4.bb | 2 +- meta-oe/recipes-support/ne10/ne10_1.2.1.bb | 2 +- .../nss/nss/CVE-2020-12403_1.patch | 65 +++++++++++++ .../nss/nss/CVE-2020-12403_2.patch | 80 ++++++++++++++++ meta-oe/recipes-support/nss/nss_3.51.1.bb | 2 + .../recipes-support/numactl/numactl_git.bb | 2 +- .../open-vm-tools/open-vm-tools_11.0.1.bb | 2 +- .../opencl/clinfo_2.2.18.04.06.bb | 2 +- meta-oe/recipes-support/opencv/ade_0.1.1f.bb | 2 +- .../recipes-support/opencv/opencv_4.1.0.bb | 12 +-- .../recipes-support/opensc/opensc_0.20.0.bb | 2 +- .../recipes-support/picocom/picocom_git.bb | 2 +- .../pidgin/funyahoo-plusplus_git.bb | 2 +- meta-oe/recipes-support/pidgin/icyque_git.bb | 2 +- .../pidgin/purple-skypeweb_git.bb | 2 +- meta-oe/recipes-support/poco/poco_1.9.4.bb | 2 +- .../pps-tools/pps-tools_1.0.2.bb | 2 +- .../recipes-support/remmina/remmina_1.3.6.bb | 2 +- .../rsnapshot/rsnapshot_git.bb | 2 +- meta-oe/recipes-support/sass/libsass_3.6.3.bb | 2 +- meta-oe/recipes-support/sass/sassc_git.bb | 2 +- meta-oe/recipes-support/satyr/satyr_0.28.bb | 2 +- .../serial-utils/pty-forward-native.bb | 2 +- .../serial-utils/serial-forward_git.bb | 2 +- .../span-lite/span-lite_git.bb | 2 +- .../recipes-support/spdlog/spdlog_1.5.0.bb | 2 +- .../recipes-support/spitools/spitools_git.bb | 2 +- .../thin-provisioning-tools_0.8.5.bb | 2 +- .../toscoterm/toscoterm_git.bb | 2 +- meta-oe/recipes-support/udisks/udisks2_git.bb | 2 +- .../recipes-support/uhubctl/uhubctl_2.1.0.bb | 2 +- .../recipes-support/uthash/uthash_2.1.0.bb | 2 +- .../utouch/utouch-evemu_git.bb | 2 +- .../utouch/utouch-frame_git.bb | 2 +- .../utouch/utouch-mtview_git.bb | 2 +- .../websocketpp/websocketpp_0.8.2.bb | 2 +- .../recipes-support/xdelta/xdelta3_3.1.0.bb | 2 +- .../xorg-xrdp/xorgxrdp_0.2.5.bb | 2 +- meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb | 2 +- .../recipes-support/xxhash/xxhash_0.7.3.bb | 2 +- meta-oe/recipes-support/zbar/zbar_git.bb | 2 +- .../recipes-support/zchunk/zchunk_1.1.6.bb | 2 +- meta-oe/recipes-test/bats/bats_1.1.0.bb | 2 +- meta-oe/recipes-test/catch2/catch2_2.9.2.bb | 2 +- meta-oe/recipes-test/evtest/evtest_1.34.bb | 2 +- meta-oe/recipes-test/fbtest/fb-test_git.bb | 2 +- .../recipes-test/googletest/googletest_git.bb | 2 +- meta-perl/recipes-perl/po4a/po4a_0.49.bb | 2 +- .../python-txws/python3-txws_0.9.1.bb | 2 +- meta-python/recipes-devtools/gyp/gyp.inc | 2 +- .../python/python-feedformatter.inc | 2 +- .../python/python3-absl_0.7.0.bb | 2 +- .../python/python3-astor_0.8.1.bb | 2 +- .../python/python3-dbussy_1.2.1.bb | 2 +- .../python/python3-dt-schema_git.bb | 2 +- .../python/python3-gast_0.2.2.bb | 2 +- .../python/python3-h5py_2.9.0.bb | 2 +- .../python/python3-imageio_2.6.0.bb | 2 +- .../python3-keras-applications_1.0.8.bb | 2 +- .../python3-keras-preprocessing_1.1.0.bb | 2 +- .../python/python3-langtable_0.0.38.bb | 2 +- .../python/python3-pillow_6.2.1.bb | 2 +- .../python/python3-pkgconfig_1.4.0.bb | 2 +- .../python/python3-prctl_1.7.bb | 2 +- .../python/python3-wheel_0.33.6.bb | 2 +- .../python-blivet/python3-blivet_3.1.4.bb | 2 +- .../python-blivet/python3-blivetgui_2.1.10.bb | 2 +- .../python-cson/python3-cson_git.bb | 2 +- .../python-pyparted/python-pyparted.inc | 2 +- .../apache-mod/apache-websocket_git.bb | 2 +- .../recipes-httpd/cherokee/cherokee_git.bb | 2 +- .../recipes-httpd/sthttpd/sthttpd_2.27.1.bb | 2 +- .../recipes-support/fcgi/fcgi_git.bb | 2 +- .../recipes-webadmin/netdata/netdata_git.bb | 2 +- .../recipes-apps/xarchiver/xarchiver_git.bb | 2 +- .../xfce-polkit/xfce-polkit_0.3.bb | 2 +- .../xfce4-datetime-setter_3.32.2.bb | 2 +- .../xfce4-closebutton-plugin_git.bb | 2 +- 409 files changed, 675 insertions(+), 426 deletions(-) create mode 100644 meta-oe/recipes-core/sdbus-c++/sdbus-c++-0.8.1/0001-Try-to-first-find-googletest-in-the-system-before-do.patch create mode 100644 meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch create mode 100644 meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch -- 2.25.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [dunfell 2/5] nss: Fix CVE-2020-12403 2021-12-02 12:19 [dunfell 0/5] Patch review Dec 2 Armin Kuster @ 2021-12-02 12:19 ` Armin Kuster 2021-12-02 12:19 ` [dunfell 3/5] lmsensors: do not depend on lmsensors-isatools on non-x86 Armin Kuster ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: Armin Kuster @ 2021-12-02 12:19 UTC (permalink / raw) To: openembedded-devel From: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Add patch for CVE-2020-12403 Link: https://github.com/nss-dev/nss/commit/9ff9d3925d31ab265a965ab1d16d76c496ddb5c8 https://github.com/nss-dev/nss/commit/06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- .../nss/nss/CVE-2020-12403_1.patch | 65 +++++++++++++++ .../nss/nss/CVE-2020-12403_2.patch | 80 +++++++++++++++++++ meta-oe/recipes-support/nss/nss_3.51.1.bb | 2 + 3 files changed, 147 insertions(+) create mode 100644 meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch create mode 100644 meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch diff --git a/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch new file mode 100644 index 0000000000..a229a2d20f --- /dev/null +++ b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch @@ -0,0 +1,65 @@ +From 9ff9d3925d31ab265a965ab1d16d76c496ddb5c8 Mon Sep 17 00:00:00 2001 +From: Benjamin Beurdouche <bbeurdouche@mozilla.com> +Date: Sat, 18 Jul 2020 00:13:38 +0000 +Subject: [PATCH] Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by + PKCS11. r=jcj,kjacobs,rrelyea + +Differential Revision: https://phabricator.services.mozilla.com/D74801 + +--HG-- +extra : moz-landing-system : lando +--- + nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc | 11 +++++++++-- + nss/lib/freebl/chacha20poly1305.c | 2 +- + 2 files changed, 10 insertions(+), 3 deletions(-) + +CVE: CVE-2020-12403 +Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/9ff9d3925d31ab265a965ab1d16d76c496ddb5c8] +Comment: Refreshed path for whole patchset +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +diff --git a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc +index 41f9da71d6..3ea17678d9 100644 +--- a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc ++++ b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc +@@ -45,7 +45,7 @@ class Pkcs11ChaCha20Poly1305Test + SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params), + sizeof(aead_params)}; + +- // Encrypt with bad parameters. ++ // Encrypt with bad parameters (TagLen is too long). + unsigned int encrypted_len = 0; + std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen); + aead_params.ulTagLen = 158072; +@@ -54,9 +54,16 @@ class Pkcs11ChaCha20Poly1305Test + &encrypted_len, encrypted.size(), data, data_len); + EXPECT_EQ(SECFailure, rv); + EXPECT_EQ(0U, encrypted_len); +- aead_params.ulTagLen = 16; ++ ++ // Encrypt with bad parameters (TagLen is too short). ++ aead_params.ulTagLen = 2; ++ rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(), ++ &encrypted_len, encrypted.size(), data, data_len); ++ EXPECT_EQ(SECFailure, rv); ++ EXPECT_EQ(0U, encrypted_len); + + // Encrypt. ++ aead_params.ulTagLen = 16; + rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(), + &encrypted_len, encrypted.size(), data, data_len); + +diff --git a/nss/lib/freebl/chacha20poly1305.c b/nss/lib/freebl/chacha20poly1305.c +index 970c6436da..5c294a9eaf 100644 +--- a/nss/lib/freebl/chacha20poly1305.c ++++ b/nss/lib/freebl/chacha20poly1305.c +@@ -81,7 +81,7 @@ ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx, + PORT_SetError(SEC_ERROR_BAD_KEY); + return SECFailure; + } +- if (tagLen == 0 || tagLen > 16) { ++ if (tagLen != 16) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + diff --git a/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch new file mode 100644 index 0000000000..7b093d0cda --- /dev/null +++ b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch @@ -0,0 +1,80 @@ +From 06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45 Mon Sep 17 00:00:00 2001 +From: Benjamin Beurdouche <bbeurdouche@mozilla.com> +Date: Sat, 18 Jul 2020 00:13:14 +0000 +Subject: [PATCH] Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. + r=kjacobs,rrelyea + +Depends on D74801 + +Differential Revision: https://phabricator.services.mozilla.com/D83994 + +--HG-- +extra : moz-landing-system : lando +--- + nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc | 49 +++++++++++++++++++++ + nss/lib/softoken/pkcs11c.c | 1 + + 2 files changed, 50 insertions(+) + +CVE: CVE-2020-12403 +Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45] +Comment: Refreshed path for whole patchset and removed change for pkcs11c.c +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +diff --git a/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc +index 38982fd885..700750cc90 100644 +--- a/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc ++++ b/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc +@@ -77,4 +77,53 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) { + NSS_ShutdownContext(globalctx); + } + ++TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) { ++ PK11SlotInfo* slot; ++ PK11SymKey* key; ++ PK11Context* ctx; ++ ++ NSSInitContext* globalctx = ++ NSS_InitContext("", "", "", "", NULL, ++ NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | ++ NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT); ++ ++ const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR; ++ ++ slot = PK11_GetInternalSlot(); ++ ASSERT_TRUE(slot); ++ ++ // Use arbitrary bytes for the ChaCha20 key and IV ++ uint8_t key_bytes[32]; ++ for (size_t i = 0; i < 32; i++) { ++ key_bytes[i] = i; ++ } ++ SECItem keyItem = {siBuffer, key_bytes, 32}; ++ ++ uint8_t iv_bytes[16]; ++ for (size_t i = 0; i < 16; i++) { ++ key_bytes[i] = i; ++ } ++ SECItem ivItem = {siBuffer, iv_bytes, 16}; ++ ++ SECItem* param = PK11_ParamFromIV(cipher, &ivItem); ++ ++ key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT, ++ &keyItem, NULL); ++ ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param); ++ ASSERT_TRUE(key); ++ ASSERT_TRUE(ctx); ++ ++ uint8_t outbuf[128]; ++ // This is supposed to fail for Chacha20. This is because the underlying ++ // PK11_CipherOp operation is calling the C_EncryptUpdate function for ++ // which multi-part is disabled for ChaCha20 in counter mode. ++ ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure); ++ ++ PK11_FreeSymKey(key); ++ PK11_FreeSlot(slot); ++ SECITEM_FreeItem(param, PR_TRUE); ++ PK11_DestroyContext(ctx, PR_TRUE); ++ NSS_ShutdownContext(globalctx); ++} ++ + } // namespace nss_test diff --git a/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-oe/recipes-support/nss/nss_3.51.1.bb index ac046ed0fe..14f670c32a 100644 --- a/meta-oe/recipes-support/nss/nss_3.51.1.bb +++ b/meta-oe/recipes-support/nss/nss_3.51.1.bb @@ -37,6 +37,8 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO file://0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch \ file://CVE-2020-12401.patch \ file://CVE-2020-6829_12400.patch \ + file://CVE-2020-12403_1.patch \ + file://CVE-2020-12403_2.patch \ " SRC_URI[md5sum] = "6acaf1ddff69306ae30a908881c6f233" -- 2.25.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* [dunfell 3/5] lmsensors: do not depend on lmsensors-isatools on non-x86 2021-12-02 12:19 [dunfell 0/5] Patch review Dec 2 Armin Kuster 2021-12-02 12:19 ` [dunfell 2/5] nss: Fix CVE-2020-12403 Armin Kuster @ 2021-12-02 12:19 ` Armin Kuster 2021-12-02 12:19 ` [dunfell 4/5] sdbus-c++: don't fetch googletest during do_configure Armin Kuster 2021-12-02 12:19 ` [dunfell 5/5] jansson: whitelist CVE-2020-36325 Armin Kuster 3 siblings, 0 replies; 5+ messages in thread From: Armin Kuster @ 2021-12-02 12:19 UTC (permalink / raw) To: openembedded-devel From: lumag <dbaryshkov@gmail.com> lmsensors will build isadump and isaset only on x86 architecture. Depending on this package breaks lmsensors on all non-x86 machines. Fix this by enabling ${PN}-isatools dependency only on x86. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb b/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb index a2f0805fe5..37a98a0996 100644 --- a/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb +++ b/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb @@ -95,7 +95,7 @@ RDEPENDS_${PN} += " \ ${PN}-sensorsdetect \ ${PN}-sensorsconfconvert \ ${PN}-pwmconfig \ - ${PN}-isatools \ + ${@bb.utils.contains('MACHINE_FEATURES', 'x86', '${PN}-isatools', '', d)} \ " # libsensors packages -- 2.25.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* [dunfell 4/5] sdbus-c++: don't fetch googletest during do_configure 2021-12-02 12:19 [dunfell 0/5] Patch review Dec 2 Armin Kuster 2021-12-02 12:19 ` [dunfell 2/5] nss: Fix CVE-2020-12403 Armin Kuster 2021-12-02 12:19 ` [dunfell 3/5] lmsensors: do not depend on lmsensors-isatools on non-x86 Armin Kuster @ 2021-12-02 12:19 ` Armin Kuster 2021-12-02 12:19 ` [dunfell 5/5] jansson: whitelist CVE-2020-36325 Armin Kuster 3 siblings, 0 replies; 5+ messages in thread From: Armin Kuster @ 2021-12-02 12:19 UTC (permalink / raw) To: openembedded-devel From: Martin Jansa <Martin.Jansa@gmail.com> * with PTEST_ENABLED it enables with-tests PACKAGECONFIG which instead of using system googletest gmock, tries to fetch googletest from github and fails because branch was recently renamed from master to main | -- Found PkgConfig: /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/bin/pkg-config (found version "0.29.2") | -- Checking for module 'libsystemd>=236' | -- Found libsystemd, version 249 | -- Building with tests | Fetching googletest... | [1/9] Creating directories for 'googletest-populate' | [1/9] Performing download step (git clone) for 'googletest-populate' | Cloning into 'googletest-src'... | fatal: invalid reference: master | CMake Error at googletest-subbuild/googletest-populate-prefix/tmp/googletest-populate-gitclone.cmake:40 (message): | Failed to checkout tag: 'master' | | | FAILED: googletest-populate-prefix/src/googletest-populate-stamp/googletest-populate-download | cd /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/build/_deps && /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/bin/cmake -P /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/build/_deps/googletest-subbuild/googletest-populate-prefix/tmp/googletest-populate-gitclone.cmake && /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/bin/cmake -E touch /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/build/_deps/googletest-subbuild/googletest-populate-prefix/src/googletest-populate-stamp/googletest-populate-download | ninja: build stopped: subcommand failed. | | CMake Error at /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/share/cmake-3.19/Modules/FetchContent.cmake:989 (message): | Build step for googletest failed: 1 | Call Stack (most recent call first): | /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/share/cmake-3.19/Modules/FetchContent.cmake:1118:EVAL:2 (__FetchContent_directPopulate) | /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/share/cmake-3.19/Modules/FetchContent.cmake:1118 (cmake_language) | tests/CMakeLists.txt:17 (FetchContent_Populate) | | | -- Configuring incomplete, errors occurred! * unfortunately this backported patch fixes the fetching failure, because it uses release-${GOOGLETEST_VERSION} tag instead of now non-existent master branch, but is not enough to prevent fetching from github during do_configure: -- Building with tests -- Could NOT find GTest (missing: GTest_DIR) -- Checking for module 'gmock>=1.10.0' -- No package 'gmock' found Fetching googletest... we also need to add googletest dependency to with-tests PACKAGECONFIG was fixed in meta-oe/master with the upgrade to 1.0.0: https://github.com/openembedded/meta-openembedded/commit/b26b66e5da92718b4e99a57fbfaaef9e751c3cfe#diff-48a847e7323703994fd2ce0fcb731ff860fa955a77cdfe39d71a9cc84a042c06L15 then it's ok and not fetching: -- Building with tests -- Looking for pthread.h -- Looking for pthread.h - found Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- ...d-googletest-in-the-system-before-do.patch | 96 +++++++++++++++++++ .../recipes-core/sdbus-c++/sdbus-c++_0.8.1.bb | 9 +- 2 files changed, 102 insertions(+), 3 deletions(-) create mode 100644 meta-oe/recipes-core/sdbus-c++/sdbus-c++-0.8.1/0001-Try-to-first-find-googletest-in-the-system-before-do.patch diff --git a/meta-oe/recipes-core/sdbus-c++/sdbus-c++-0.8.1/0001-Try-to-first-find-googletest-in-the-system-before-do.patch b/meta-oe/recipes-core/sdbus-c++/sdbus-c++-0.8.1/0001-Try-to-first-find-googletest-in-the-system-before-do.patch new file mode 100644 index 0000000000..89cb593e60 --- /dev/null +++ b/meta-oe/recipes-core/sdbus-c++/sdbus-c++-0.8.1/0001-Try-to-first-find-googletest-in-the-system-before-do.patch @@ -0,0 +1,96 @@ +From b073e1c2b9a8138da83300f598b9a56fc9762b4b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Stanislav=20Angelovi=C4=8D?= <angelovic.s@gmail.com> +Date: Mon, 16 Nov 2020 17:05:36 +0100 +Subject: [PATCH] Try to first find googletest in the system before downloading + it (#125) + +Upstream-Status: Backport [d6fdaca] +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> + +--- + tests/CMakeLists.txt | 62 ++++++++++++++++++++++++++++---------------- + 1 file changed, 40 insertions(+), 22 deletions(-) + +diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt +index 97f7c1a..7ecc327 100644 +--- a/tests/CMakeLists.txt ++++ b/tests/CMakeLists.txt +@@ -2,26 +2,44 @@ + # DOWNLOAD AND BUILD OF GOOGLETEST + #------------------------------- + +-include(FetchContent) +- +-message("Fetching googletest...") +-FetchContent_Declare(googletest +- GIT_REPOSITORY https://github.com/google/googletest.git +- GIT_TAG master +- GIT_SHALLOW 1 +- UPDATE_COMMAND "") +- +-#FetchContent_MakeAvailable(googletest) # Not available in CMake 3.13 :-( Let's do it manually: +-FetchContent_GetProperties(googletest) +-if(NOT googletest_POPULATED) +- FetchContent_Populate(googletest) +- set(gtest_force_shared_crt ON CACHE INTERNAL "" FORCE) +- set(BUILD_GMOCK ON CACHE INTERNAL "" FORCE) +- set(INSTALL_GTEST OFF CACHE INTERNAL "" FORCE) +- set(BUILD_SHARED_LIBS_BAK ${BUILD_SHARED_LIBS}) +- set(BUILD_SHARED_LIBS OFF) +- add_subdirectory(${googletest_SOURCE_DIR} ${googletest_BINARY_DIR}) +- set(BUILD_SHARED_LIBS ${BUILD_SHARED_LIBS_BAK}) ++set(GOOGLETEST_VERSION 1.10.0 CACHE STRING "Version of gmock to use") ++set(GOOGLETEST_GIT_REPO "https://github.com/google/googletest.git" CACHE STRING "A git repo to clone and build googletest from if gmock is not found in the system") ++ ++find_package(GTest ${GOOGLETEST_VERSION} CONFIG) ++if (NOT TARGET GTest::gmock) ++ # Try pkg-config if GTest was not found through CMake config ++ find_package(PkgConfig) ++ if (PkgConfig_FOUND) ++ pkg_check_modules(GMock IMPORTED_TARGET GLOBAL gmock>=${GOOGLETEST_VERSION}) ++ if(TARGET PkgConfig::GMock) ++ add_library(GTest::gmock ALIAS PkgConfig::GMock) ++ endif() ++ endif() ++ # GTest was not found in the system, build it on our own ++ if (NOT TARGET GTest::gmock) ++ include(FetchContent) ++ ++ message("Fetching googletest...") ++ FetchContent_Declare(googletest ++ GIT_REPOSITORY ${GOOGLETEST_GIT_REPO} ++ GIT_TAG release-${GOOGLETEST_VERSION} ++ GIT_SHALLOW 1 ++ UPDATE_COMMAND "") ++ ++ #FetchContent_MakeAvailable(googletest) # Not available in CMake 3.13 :-( Let's do it manually: ++ FetchContent_GetProperties(googletest) ++ if(NOT googletest_POPULATED) ++ FetchContent_Populate(googletest) ++ set(gtest_force_shared_crt ON CACHE INTERNAL "" FORCE) ++ set(BUILD_GMOCK ON CACHE INTERNAL "" FORCE) ++ set(INSTALL_GTEST OFF CACHE INTERNAL "" FORCE) ++ set(BUILD_SHARED_LIBS_BAK ${BUILD_SHARED_LIBS}) ++ set(BUILD_SHARED_LIBS OFF) ++ add_subdirectory(${googletest_SOURCE_DIR} ${googletest_BINARY_DIR}) ++ set(BUILD_SHARED_LIBS ${BUILD_SHARED_LIBS_BAK}) ++ add_library(GTest::gmock ALIAS gmock) ++ endif() ++ endif() + endif() + + #------------------------------- +@@ -87,11 +105,11 @@ include_directories(${CMAKE_CURRENT_SOURCE_DIR}) + + add_executable(sdbus-c++-unit-tests ${UNITTESTS_SRCS}) + target_compile_definitions(sdbus-c++-unit-tests PRIVATE LIBSYSTEMD_VERSION=${LIBSYSTEMD_VERSION}) +-target_link_libraries(sdbus-c++-unit-tests sdbus-c++-objlib gmock gmock_main) ++target_link_libraries(sdbus-c++-unit-tests sdbus-c++-objlib GTest::gmock) + + add_executable(sdbus-c++-integration-tests ${INTEGRATIONTESTS_SRCS}) + target_compile_definitions(sdbus-c++-integration-tests PRIVATE LIBSYSTEMD_VERSION=${LIBSYSTEMD_VERSION}) +-target_link_libraries(sdbus-c++-integration-tests sdbus-c++ gmock gmock_main) ++target_link_libraries(sdbus-c++-integration-tests sdbus-c++ GTest::gmock) + + # Manual performance and stress tests + option(ENABLE_PERF_TESTS "Build and install manual performance tests (default OFF)" OFF) diff --git a/meta-oe/recipes-core/sdbus-c++/sdbus-c++_0.8.1.bb b/meta-oe/recipes-core/sdbus-c++/sdbus-c++_0.8.1.bb index c4d63fd272..a94fb8deff 100644 --- a/meta-oe/recipes-core/sdbus-c++/sdbus-c++_0.8.1.bb +++ b/meta-oe/recipes-core/sdbus-c++/sdbus-c++_0.8.1.bb @@ -12,13 +12,16 @@ PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'with-exte ${@bb.utils.contains('PTEST_ENABLED', '1', 'with-tests', '', d)}" PACKAGECONFIG[with-builtin-libsystemd] = ",,sdbus-c++-libsystemd,libcap" PACKAGECONFIG[with-external-libsystemd] = ",,systemd,libsystemd" -PACKAGECONFIG[with-tests] = "-DBUILD_TESTS=ON -DTESTS_INSTALL_PATH=${libdir}/${BPN}/tests,-DBUILD_TESTS=OFF" +PACKAGECONFIG[with-tests] = "-DBUILD_TESTS=ON -DTESTS_INSTALL_PATH=${libdir}/${BPN}/tests,-DBUILD_TESTS=OFF,googletest gmock" DEPENDS += "expat" SRCREV = "3a4f343fb924650e7639660efa5f143961162044" -SRC_URI = "git://github.com/Kistler-Group/sdbus-cpp.git;protocol=https;branch=master" -SRC_URI += "file://run-ptest" + +SRC_URI = "git://github.com/Kistler-Group/sdbus-cpp.git;protocol=https;branch=master \ + file://0001-Try-to-first-find-googletest-in-the-system-before-do.patch \ + file://run-ptest \ +" EXTRA_OECMAKE = "-DBUILD_CODE_GEN=ON \ -DBUILD_DOC=ON \ -- 2.25.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* [dunfell 5/5] jansson: whitelist CVE-2020-36325 2021-12-02 12:19 [dunfell 0/5] Patch review Dec 2 Armin Kuster ` (2 preceding siblings ...) 2021-12-02 12:19 ` [dunfell 4/5] sdbus-c++: don't fetch googletest during do_configure Armin Kuster @ 2021-12-02 12:19 ` Armin Kuster 3 siblings, 0 replies; 5+ messages in thread From: Armin Kuster @ 2021-12-02 12:19 UTC (permalink / raw) To: openembedded-devel From: Marta Rybczynska <marta.rybczynska@huawei.com> According to the upstream [1], the bug happens only if the programmer does not follow the API definition. [1] https://github.com/akheron/jansson/issues/548 Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta-oe/recipes-extended/jansson/jansson_2.13.1.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb index d6e56ea768..7beea9f1e7 100644 --- a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb +++ b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb @@ -11,4 +11,7 @@ SRC_URI[sha256sum] = "f4f377da17b10201a60c1108613e78ee15df6b12016b116b6de42209f4 inherit autotools pkgconfig +# upstream considers it isn't a real bug https://github.com/akheron/jansson/issues/548 +CVE_CHECK_WHITELIST = "CVE-2020-36325 " + BBCLASSEXTEND = "native" -- 2.25.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-12-02 12:19 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-12-02 12:19 [dunfell 0/5] Patch review Dec 2 Armin Kuster 2021-12-02 12:19 ` [dunfell 2/5] nss: Fix CVE-2020-12403 Armin Kuster 2021-12-02 12:19 ` [dunfell 3/5] lmsensors: do not depend on lmsensors-isatools on non-x86 Armin Kuster 2021-12-02 12:19 ` [dunfell 4/5] sdbus-c++: don't fetch googletest during do_configure Armin Kuster 2021-12-02 12:19 ` [dunfell 5/5] jansson: whitelist CVE-2020-36325 Armin Kuster
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.