* [dunfell 0/5] Patch review Dec 2
@ 2021-12-02 12:19 Armin Kuster
2021-12-02 12:19 ` [dunfell 2/5] nss: Fix CVE-2020-12403 Armin Kuster
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Armin Kuster @ 2021-12-02 12:19 UTC (permalink / raw)
To: openembedded-devel
Please have comments back by Saturday.
The following changes since commit 7889158dcd187546fc5e99fd81d0779cad3e8d17:
python3-fasteners: update 0.15 -> 0.16.3 (2021-11-02 08:34:34 -0700)
are available in the Git repository at:
git://git.openembedded.org/meta-openembedded-contrib stable/dunfell-nut
http://cgit.openembedded.org/meta-openembedded-contrib/log/?h=stable/dunfell-nut
Armin Kuster (1):
recipes: Update SRC_URI branch and protocols
Marta Rybczynska (1):
jansson: whitelist CVE-2020-36325
Martin Jansa (1):
sdbus-c++: don't fetch googletest during do_configure
Ranjitsinh Rathod (1):
nss: Fix CVE-2020-12403
lumag (1):
lmsensors: do not depend on lmsensors-isatools on non-x86
.../logfsprogs/logfsprogs_git.bb | 2 +-
.../recipes-filesystems/owfs/owfs_3.2p3.bb | 2 +-
.../sshfs-fuse/sshfs-fuse_3.7.0.bb | 2 +-
.../unionfs-fuse/unionfs-fuse_2.1.bb | 2 +-
.../f2fs-tools/f2fs-tools_1.13.0.bb | 2 +-
.../recipes-utils/fatcat/fatcat_1.1.0.bb | 2 +-
.../fatresize/fatresize_1.0.2.bb | 2 +-
.../recipes-utils/ufs-utils/ufs-utils_git.bb | 2 +-
.../libchamplain/libchamplain_0.12.20.bb | 2 +-
meta-gnome/recipes-support/ibus/ibus.inc | 2 +-
.../keybinder/keybinder_3.0.bb | 2 +-
.../recipes-support/libhandy/libhandy_git.bb | 2 +-
.../libstemmer/libstemmer_git.bb | 2 +-
.../recipes-support/libwacom/libwacom_0.33.bb | 2 +-
.../recipes-bsp/kexecboot/kexecboot_git.bb | 2 +-
.../recipes-devtools/dracut/dracut_git.bb | 2 +-
.../recipes-devtools/grubby/grubby_8.40.bb | 2 +-
.../recipes-devtools/grubby/grubby_git.bb | 2 +-
.../mtd/ubi-utils-klibc_2.0.2.bb | 2 +-
.../kexec/kexec-tools-klibc_git.bb | 2 +-
.../libupnp/libupnp_git.bb | 2 +-
.../recipes-dvb/tvheadend/tvheadend_git.bb | 2 +-
.../recipes-multimedia/dca/dcadec_0.2.0.bb | 2 +-
.../dleyna/dleyna-connector-dbus_0.3.0.bb | 2 +-
.../dleyna/dleyna-core_0.6.0.bb | 2 +-
.../dleyna/dleyna-renderer_0.6.0.bb | 2 +-
.../dleyna/dleyna-server_0.6.0.bb | 2 +-
.../fdk-aac/fdk-aac_2.0.1.bb | 2 +-
.../fluidsynth/fluidsynth.inc | 2 +-
.../recipes-multimedia/gerbera/gerbera_git.bb | 2 +-
.../gstreamer-1.0/gst-shark_git.bb | 2 +-
.../recipes-multimedia/libcamera/libcamera.bb | 2 +-
.../libdvbcsa/libdvbcsa_1.1.0.bb | 2 +-
.../libsquish/libsquish_git.bb | 2 +-
.../recipes-multimedia/mimic/mimic_1.2.0.2.bb | 2 +-
.../musicbrainz/libmusicbrainz_git.bb | 2 +-
.../musicpd/libmpdclient_2.16.bb | 2 +-
.../recipes-multimedia/musicpd/mpc_0.31.bb | 2 +-
.../recipes-multimedia/musicpd/mpd_0.20.22.bb | 2 +-
.../recipes-multimedia/musicpd/ncmpc_0.34.bb | 2 +-
.../mycroft/mycroft_19.8.1.bb | 2 +-
.../openal/openal-soft_1.19.1.bb | 2 +-
.../rtmpdump/rtmpdump_2.4.bb | 2 +-
.../recipes-multimedia/tinyalsa/tinyalsa.bb | 2 +-
.../tremor/tremor_20180319.bb | 2 +-
.../recipes-support/crossguid/crossguid.bb | 2 +-
.../gst-instruments/gst-instruments_git.bb | 2 +-
.../cannelloni/cannelloni_git.bb | 2 +-
.../civetweb/civetweb_git.bb | 2 +-
.../dibbler/dibbler_git.bb | 2 +-
.../freeradius/freeradius_3.0.20.bb | 2 +-
.../libdnet/libdnet_1.12.bb | 2 +-
.../nanomsg/nanomsg_1.1.5.bb | 2 +-
.../recipes-connectivity/nanomsg/nng_1.2.5.bb | 2 +-
.../netplan/netplan_0.98.bb | 2 +-
.../openconnect/openconnect_8.03.bb | 2 +-
.../recipes-connectivity/relayd/relayd_git.bb | 2 +-
.../recipes-connectivity/vpnc/vpnc_0.5.3.bb | 2 +-
.../wolfssl/wolfssl_4.4.0.bb | 2 +-
.../recipes-daemons/atftp/atftp_0.7.2.bb | 2 +-
.../cyrus-sasl/cyrus-sasl_2.1.27.bb | 2 +-
.../iscsi-initiator-utils_2.1.3.bb | 2 +-
.../networkd-dispatcher_2.0.1.bb | 2 +-
.../arno-iptables-firewall_2.1.0.bb | 2 +-
.../libnetfilter/libnetfilter-log_1.0.1.bb | 2 +-
.../libnetfilter/libnetfilter-queue_1.0.3.bb | 2 +-
.../recipes-filter/libnftnl/libnftnl_1.1.7.bb | 2 +-
meta-networking/recipes-irc/znc/znc_1.7.5.bb | 4 +-
.../wireguard-module_1.0.20200401.bb | 2 +-
.../wireguard/wireguard-tools_1.0.20200319.bb | 2 +-
.../recipes-protocols/babeld/babeld_1.9.1.bb | 2 +-
.../recipes-protocols/openflow/openflow.inc | 2 +-
.../recipes-protocols/xl2tpd/xl2tpd_1.3.14.bb | 2 +-
.../arptables/arptables_git.bb | 2 +-
.../bridge-utils/bridge-utils_1.6.bb | 2 +-
.../recipes-support/cifs/cifs-utils_6.10.bb | 2 +-
.../recipes-support/curlpp/curlpp_0.8.1.bb | 2 +-
.../recipes-support/drbd/drbd-utils_9.12.0.bb | 4 +-
.../recipes-support/geoip/geoip-perl_1.51.bb | 2 +-
.../recipes-support/geoip/geoip_1.6.12.bb | 2 +-
.../ifenslave/ifenslave_2.9.bb | 2 +-
.../recipes-support/ipcalc/ipcalc_0.2.3.bb | 2 +-
.../lksctp-tools/lksctp-tools_1.0.18.bb | 2 +-
.../lowpan-tools/lowpan-tools_git.bb | 2 +-
.../recipes-support/mtr/mtr_0.93.bb | 2 +-
.../recipes-support/nbdkit/nbdkit_git.bb | 2 +-
.../recipes-support/ndisc6/ndisc6_git.bb | 2 +-
.../recipes-support/netcf/netcf_0.2.8.bb | 2 +-
.../recipes-support/netperf/netperf_git.bb | 2 +-
.../recipes-support/nis/yp-tools_4.2.3.bb | 2 +-
.../recipes-support/ntimed/ntimed_git.bb | 2 +-
.../open-isns/open-isns_0.99.bb | 2 +-
.../recipes-support/phytool/phytool.bb | 2 +-
.../rdma-core/rdma-core_28.0.bb | 2 +-
.../smcroute/smcroute_2.4.4.bb | 2 +-
.../spice/spice-protocol_git.bb | 2 +-
.../recipes-support/spice/spice_git.bb | 4 +-
.../recipes-support/spice/usbredir_0.8.0.bb | 2 +-
.../recipes-support/unbound/unbound_1.9.4.bb | 2 +-
.../wpan-tools/wpan-tools_0.9.bb | 2 +-
.../speedtest-cli/speedtest-cli_2.1.2.bb | 2 +-
.../recipes-bsp/rwmem/rwmem_1.2.bb | 2 +-
.../recipes-dbs/mongodb/mongodb_git.bb | 2 +-
.../recipes-extended/lcdproc/lcdproc_git.bb | 2 +-
.../cpuburn/cpuburn-arm_git.bb | 2 +-
meta-oe/recipes-benchmark/fio/fio_3.17.bb | 2 +-
.../recipes-benchmark/glmark2/glmark2_git.bb | 2 +-
.../recipes-benchmark/iperf3/iperf3_3.7.bb | 2 +-
.../libc-bench/libc-bench_git.bb | 2 +-
.../libhugetlbfs/libhugetlbfs_git.bb | 2 +-
.../stressapptest/stressapptest_1.0.9.bb | 2 +-
.../tinymembench/tinymembench_git.bb | 2 +-
.../cpufrequtils/cpufrequtils_008.bb | 2 +-
.../recipes-bsp/edac-utils/edac-utils_git.bb | 2 +-
meta-oe/recipes-bsp/ledmon/ledmon_git.bb | 2 +-
.../recipes-bsp/lm_sensors/lmsensors_3.6.0.bb | 4 +-
.../recipes-bsp/nvme-cli/nvme-cli_1.10.1.bb | 2 +-
.../gattlib/gattlib_git.bb | 2 +-
.../gensio/gensio_1.5.3.bb | 2 +-
meta-oe/recipes-connectivity/iwd/iwd_1.9.bb | 2 +-
.../libimobiledevice/libimobiledevice_git.bb | 2 +-
.../recipes-connectivity/libndp/libndp_1.7.bb | 2 +-
.../libtorrent/libtorrent_git.bb | 2 +-
.../libuv/libuv_1.36.0.bb | 2 +-
.../paho-mqtt-c/paho-mqtt-c_1.3.2.bb | 2 +-
.../rabbitmq-c/rabbitmq-c_0.10.0.bb | 2 +-
.../rtorrent/rtorrent_git.bb | 2 +-
.../usbmuxd/usbmuxd_git.bb | 2 +-
.../wifi-test-suite/wifi-test-suite_git.bb | 2 +-
.../recipes-connectivity/zeromq/cppzmq_git.bb | 2 +-
.../dbus/dbus-daemon-proxy_git.bb | 2 +-
meta-oe/recipes-core/emlog/emlog.inc | 2 +-
meta-oe/recipes-core/glfw/glfw_3.3.bb | 2 +-
meta-oe/recipes-core/libnfc/libnfc_git.bb | 2 +-
meta-oe/recipes-core/mdbus2/mdbus2_git.bb | 2 +-
meta-oe/recipes-core/ndctl/ndctl_v67.bb | 2 +-
.../opencl-headers/opencl-headers_git.bb | 2 +-
.../opencl-icd-loader_git.bb | 2 +-
meta-oe/recipes-core/safec/safec_3.5.1.bb | 2 +-
...d-googletest-in-the-system-before-do.patch | 96 +++++++++++++++++++
.../sdbus-c++/sdbus-c++-libsystemd_243.bb | 2 +-
.../recipes-core/sdbus-c++/sdbus-c++_0.8.1.bb | 9 +-
.../recipes-crypto/libkcapi/libkcapi_git.bb | 2 +-
.../pkcs11-helper/pkcs11-helper_1.26.bb | 2 +-
meta-oe/recipes-dbs/leveldb/leveldb_1.22.bb | 2 +-
meta-oe/recipes-dbs/rocksdb/rocksdb_git.bb | 2 +-
.../abseil-cpp/abseil-cpp_git.bb | 2 +-
.../bootchart/bootchart_git.bb | 2 +-
.../recipes-devtools/breakpad/breakpad_git.bb | 10 +-
.../capnproto/capnproto_0.7.0.bb | 2 +-
.../recipes-devtools/cjson/cjson_1.7.13.bb | 2 +-
.../concurrencykit/concurrencykit_git.bb | 2 +-
.../dnf-plugin-tui/dnf-plugin-tui_git.bb | 2 +-
.../flatbuffers/flatbuffers_1.12.0.bb | 2 +-
meta-oe/recipes-devtools/grpc/grpc_1.24.3.bb | 2 +-
.../recipes-devtools/guider/guider_3.9.7.bb | 2 +-
.../recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb | 2 +-
.../recipes-devtools/jsonrpc/jsonrpc_1.3.0.bb | 2 +-
.../recipes-devtools/lapack/lapack_3.9.0.bb | 2 +-
.../libsombok3/libsombok3_2.4.0.bb | 2 +-
.../recipes-devtools/libubox/libubox_git.bb | 2 +-
meta-oe/recipes-devtools/ltrace/ltrace_git.bb | 2 +-
.../luaposix/luaposix_33.4.0.bb | 2 +-
.../msgpack/msgpack-c_3.2.1.bb | 2 +-
.../recipes-devtools/nanopb/nanopb_0.4.0.bb | 2 +-
.../nlohmann-fifo/nlohmann-fifo_git.bb | 2 +-
.../nlohmann-json/nlohmann-json_3.7.3.bb | 2 +-
.../recipes-devtools/openocd/openocd_git.bb | 8 +-
meta-oe/recipes-devtools/pcimem/pcimem_2.0.bb | 2 +-
.../perl/ipc-run_20180523.0.bb | 2 +-
.../perl/libdbd-mysql-perl_4.050.bb | 2 +-
.../perl/libjson-perl_4.02000.bb | 2 +-
meta-oe/recipes-devtools/ply/ply_git.bb | 2 +-
.../recipes-devtools/pmtools/pmtools_git.bb | 2 +-
.../protobuf/protobuf-c_1.3.3.bb | 2 +-
.../protobuf/protobuf_3.11.4.bb | 2 +-
.../rapidjson/rapidjson_git.bb | 2 +-
.../serialcheck/serialcheck_1.0.0.bb | 2 +-
.../sqlite-orm/sqlite-orm_1.5.bb | 2 +-
meta-oe/recipes-devtools/tclap/tclap_1.2.2.bb | 2 +-
.../recipes-devtools/uftrace/uftrace_0.9.4.bb | 2 +-
.../recipes-devtools/valijson/valijson_git.bb | 2 +-
.../xmlrpc-c/xmlrpc-c_1.51.03.bb | 2 +-
meta-oe/recipes-devtools/yajl/yajl_1.0.12.bb | 2 +-
meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb | 2 +-
meta-oe/recipes-devtools/yasm/yasm_git.bb | 2 +-
.../recipes-extended/brotli/brotli_1.0.7.bb | 2 +-
.../cmpi-bindings/cmpi-bindings_1.0.1.bb | 2 +-
.../dlt-daemon/dlt-daemon_2.18.7.bb | 2 +-
.../docopt.cpp/docopt.cpp_git.bb | 2 +-
.../dumb-init/dumb-init_1.2.2.bb | 2 +-
meta-oe/recipes-extended/figlet/figlet_git.bb | 2 +-
.../haveged/haveged_1.9.13.bb | 2 +-
.../recipes-extended/hexedit/hexedit_1.4.2.bb | 2 +-
.../hiredis/hiredis_0.14.0.bb | 2 +-
meta-oe/recipes-extended/iotop/iotop_0.6.bb | 2 +-
.../isomd5sum/isomd5sum_1.2.3.bb | 2 +-
.../jansson/jansson_2.13.1.bb | 3 +
.../jpnevulator/jpnevulator_git.bb | 2 +-
.../konkretcmpi/konkretcmpi_0.9.2.bb | 2 +-
.../libblockdev/libblockdev_2.24.bb | 2 +-
meta-oe/recipes-extended/libcec/libcec_git.bb | 2 +-
.../libdivecomputer/libdivecomputer_git.bb | 2 +-
.../libimobiledevice/libplist_2.1.0.bb | 2 +-
.../libimobiledevice/libusbmuxd_git.bb | 2 +-
.../liblightmodbus/liblightmodbus_2.0.2.bb | 2 +-
.../libnss-nisplus/libnss-nisplus.bb | 2 +-
meta-oe/recipes-extended/libqb/libqb_1.0.5.bb | 2 +-
.../libreport/libreport_2.10.0.bb | 2 +-
.../recipes-extended/libuio/libuio_0.2.1.bb | 2 +-
.../recipes-extended/md5deep/md5deep_git.bb | 2 +-
meta-oe/recipes-extended/mraa/mraa_git.bb | 2 +-
.../openwsman/openwsman_2.6.11.bb | 2 +-
.../recipes-extended/ostree/ostree_2020.3.bb | 2 +-
.../p8platform/p8platform_git.bb | 2 +-
.../pam/pam-plugin-ccreds_11.bb | 2 +-
.../pam/pam-plugin-ldapdb_1.3.bb | 2 +-
meta-oe/recipes-extended/pmdk/pmdk_1.7.bb | 2 +-
.../recipes-extended/rrdtool/rrdtool_1.7.2.bb | 2 +-
.../rsyslog/libfastjson_0.99.8.bb | 2 +-
.../recipes-extended/rsyslog/librelp_1.5.0.bb | 2 +-
.../recipes-extended/sanlock/sanlock_3.8.0.bb | 2 +-
.../recipes-extended/sedutil/sedutil_git.bb | 2 +-
.../socketcan/can-isotp_git.bb | 2 +-
.../socketcan/can-utils_git.bb | 2 +-
.../socketcan/canutils_4.0.6.bb | 2 +-
.../socketcan/libsocketcan_0.0.11.bb | 2 +-
meta-oe/recipes-extended/sysdig/sysdig_git.bb | 2 +-
.../tipcutils/tipcutils_git.bb | 2 +-
.../triggerhappy/triggerhappy_git.bb | 2 +-
meta-oe/recipes-extended/upm/upm_git.bb | 2 +-
meta-oe/recipes-extended/wipe/wipe_0.24.bb | 2 +-
.../wxwidgets/wxwidgets_git.bb | 2 +-
meta-oe/recipes-extended/zlog/zlog_1.2.14.bb | 2 +-
meta-oe/recipes-extended/zstd/zstd_1.4.5.bb | 2 +-
meta-oe/recipes-gnome/pyxdg/pyxdg_0.26.bb | 2 +-
.../dietsplash/dietsplash_git.bb | 2 +-
.../dnfdragora/dnfdragora_git.bb | 2 +-
.../recipes-graphics/fbgrab/fbgrab_1.3.3.bb | 2 +-
.../fontforge/fontforge_20190801.bb | 2 +-
meta-oe/recipes-graphics/fvwm/fvwm_2.6.9.bb | 2 +-
meta-oe/recipes-graphics/glm/glm_0.9.9.6.bb | 2 +-
.../graphviz/graphviz_2.40.1.bb | 2 +-
.../recipes-graphics/jasper/jasper_2.0.16.bb | 2 +-
.../libvncserver/libvncserver_0.9.12.bb | 2 +-
.../libyui/libyui-ncurses_2.52.0.bb | 2 +-
.../recipes-graphics/libyui/libyui_3.6.0.bb | 2 +-
.../openjpeg/openjpeg_2.3.1.bb | 2 +-
.../recipes-graphics/qrencode/qrencode_git.bb | 2 +-
.../renderdoc/renderdoc_1.7.bb | 2 +-
.../spir/spirv-shader-generator_git.bb | 2 +-
.../recipes-graphics/spir/spirv-tools_git.bb | 10 +-
.../tesseract/tesseract-lang_4.0.0.bb | 2 +-
.../tesseract/tesseract_git.bb | 2 +-
.../tigervnc/tigervnc_1.10.1.bb | 2 +-
.../ttf-fonts/ttf-droid_git.bb | 2 +-
.../recipes-graphics/ttf-fonts/ttf-lohit_2.bb | 2 +-
.../ttf-fonts/ttf-noto-emoji_20190815.bb | 2 +-
.../unclutter-xfixes/unclutter-xfixes_1.5.bb | 2 +-
.../recipes-graphics/vdpau/libvdpau_1.3.bb | 2 +-
.../recipes-graphics/x11vnc/x11vnc_0.9.16.bb | 2 +-
.../xorg-driver/xf86-video-armsoc_1.4.1.bb | 2 +-
meta-oe/recipes-graphics/yad/yad_6.0.bb | 2 +-
.../agent-proxy/agent-proxy_1.97.bb | 2 +-
.../broadcom-bt-firmware_git.bb | 2 +-
meta-oe/recipes-kernel/crash/crash_7.2.8.bb | 2 +-
meta-oe/recipes-kernel/kpatch/kpatch.inc | 2 +-
.../minicoredumper/minicoredumper_2.0.1.bb | 2 +-
.../recipes-kernel/pm-graph/pm-graph_5.5.bb | 2 +-
meta-oe/recipes-multimedia/jack/a2jmidid_9.bb | 2 +-
.../recipes-multimedia/jack/jack_1.19.14.bb | 2 +-
.../libass/libass_0.14.0.bb | 2 +-
.../recipes-multimedia/mplayer/mpv_0.32.0.bb | 2 +-
.../pipewire/pipewire-0.2_git.bb | 2 +-
.../pipewire/pipewire_git.bb | 2 +-
.../recipes-multimedia/v4l2apps/yavta_git.bb | 2 +-
.../recipes-multimedia/webm/libvpx_1.8.2.bb | 2 +-
.../recipes-security/softhsm/softhsm_git.bb | 2 +-
.../ace-cloud-editor/ace-cloud-editor_git.bb | 2 +-
meta-oe/recipes-support/avro/avro-c_1.9.2.bb | 2 +-
meta-oe/recipes-support/bdwgc/bdwgc_8.0.4.bb | 2 +-
.../recipes-support/c-ares/c-ares_1.16.1.bb | 2 +-
.../ceres-solver/ceres-solver_1.14.0.bb | 2 +-
meta-oe/recipes-support/cli11/cli11_1.8.0.bb | 2 +-
meta-oe/recipes-support/cmark/cmark_git.bb | 2 +-
.../daemonize/daemonize_git.bb | 2 +-
.../digitemp/digitemp_3.7.2.bb | 2 +-
meta-oe/recipes-support/dstat/dstat_0.7.4.bb | 2 +-
meta-oe/recipes-support/epeg/epeg_git.bb | 2 +-
meta-oe/recipes-support/fmt/fmt_6.2.0.bb | 2 +-
.../recipes-support/freerdp/freerdp_git.bb | 2 +-
.../function2/function2_4.0.0.bb | 2 +-
meta-oe/recipes-support/gd/gd_2.3.0.bb | 2 +-
.../recipes-support/gflags/gflags_2.2.2.bb | 2 +-
meta-oe/recipes-support/glog/glog_0.3.5.bb | 2 +-
.../gnulib/gnulib_2018-03-07.03.bb | 2 +-
.../gperftools/gperftools_2.7.90.bb | 2 +-
meta-oe/recipes-support/gpm/gpm_git.bb | 2 +-
meta-oe/recipes-support/hidapi/hidapi_git.bb | 2 +-
.../hunspell/hunspell-dictionaries.bb | 2 +-
.../hunspell/hunspell_1.7.0.bb | 2 +-
meta-oe/recipes-support/hwdata/hwdata_git.bb | 2 +-
.../recipes-support/iksemel/iksemel_1.5.bb | 2 +-
.../imagemagick/imagemagick_7.0.9.bb | 2 +-
meta-oe/recipes-support/inih/libinih_git.bb | 2 +-
.../iniparser/iniparser_4.1.bb | 2 +-
.../inotify-tools/inotify-tools_git.bb | 2 +-
.../libatasmart/libatasmart_0.19.bb | 2 +-
.../libbytesize/libbytesize_2.2.bb | 2 +-
.../libcereal/libcereal_1.3.0.bb | 2 +-
.../libcyusbserial/libcyusbserial_git.bb | 2 +-
.../recipes-support/libfann/libfann_git.bb | 2 +-
.../recipes-support/libgit2/libgit2_0.28.4.bb | 2 +-
.../recipes-support/libgusb/libgusb_git.bb | 2 +-
.../recipes-support/libharu/libharu_2.3.0.bb | 2 +-
meta-oe/recipes-support/libiio/libiio_git.bb | 2 +-
.../libmimetic/libmimetic_0.9.8.bb | 2 +-
.../recipes-support/libmxml/libmxml_3.1.bb | 2 +-
.../recipes-support/libp11/libp11_0.4.10.bb | 2 +-
.../librsync/librsync_2.3.1.bb | 2 +-
.../recipes-support/libsoc/libsoc_0.8.2.bb | 2 +-
.../recipes-support/libteam/libteam_1.30.bb | 2 +-
.../libtinyxml2/libtinyxml2_8.0.0.bb | 2 +-
.../recipes-support/libusbg/libusbg_git.bb | 2 +-
.../recipes-support/libusbgx/libusbgx_git.bb | 2 +-
.../libutempter/libutempter.bb | 2 +-
.../lio-utils/lio-utils_4.1.bb | 2 +-
meta-oe/recipes-support/lvm2/lvm2.inc | 2 +-
.../recipes-support/mcelog/mce-inject_git.bb | 2 +-
.../recipes-support/mcelog/mce-test_git.bb | 2 +-
meta-oe/recipes-support/mcelog/mcelog_168.bb | 2 +-
.../multipath-tools/multipath-tools_0.8.4.bb | 2 +-
meta-oe/recipes-support/ne10/ne10_1.2.1.bb | 2 +-
.../nss/nss/CVE-2020-12403_1.patch | 65 +++++++++++++
.../nss/nss/CVE-2020-12403_2.patch | 80 ++++++++++++++++
meta-oe/recipes-support/nss/nss_3.51.1.bb | 2 +
.../recipes-support/numactl/numactl_git.bb | 2 +-
.../open-vm-tools/open-vm-tools_11.0.1.bb | 2 +-
.../opencl/clinfo_2.2.18.04.06.bb | 2 +-
meta-oe/recipes-support/opencv/ade_0.1.1f.bb | 2 +-
.../recipes-support/opencv/opencv_4.1.0.bb | 12 +--
.../recipes-support/opensc/opensc_0.20.0.bb | 2 +-
.../recipes-support/picocom/picocom_git.bb | 2 +-
.../pidgin/funyahoo-plusplus_git.bb | 2 +-
meta-oe/recipes-support/pidgin/icyque_git.bb | 2 +-
.../pidgin/purple-skypeweb_git.bb | 2 +-
meta-oe/recipes-support/poco/poco_1.9.4.bb | 2 +-
.../pps-tools/pps-tools_1.0.2.bb | 2 +-
.../recipes-support/remmina/remmina_1.3.6.bb | 2 +-
.../rsnapshot/rsnapshot_git.bb | 2 +-
meta-oe/recipes-support/sass/libsass_3.6.3.bb | 2 +-
meta-oe/recipes-support/sass/sassc_git.bb | 2 +-
meta-oe/recipes-support/satyr/satyr_0.28.bb | 2 +-
.../serial-utils/pty-forward-native.bb | 2 +-
.../serial-utils/serial-forward_git.bb | 2 +-
.../span-lite/span-lite_git.bb | 2 +-
.../recipes-support/spdlog/spdlog_1.5.0.bb | 2 +-
.../recipes-support/spitools/spitools_git.bb | 2 +-
.../thin-provisioning-tools_0.8.5.bb | 2 +-
.../toscoterm/toscoterm_git.bb | 2 +-
meta-oe/recipes-support/udisks/udisks2_git.bb | 2 +-
.../recipes-support/uhubctl/uhubctl_2.1.0.bb | 2 +-
.../recipes-support/uthash/uthash_2.1.0.bb | 2 +-
.../utouch/utouch-evemu_git.bb | 2 +-
.../utouch/utouch-frame_git.bb | 2 +-
.../utouch/utouch-mtview_git.bb | 2 +-
.../websocketpp/websocketpp_0.8.2.bb | 2 +-
.../recipes-support/xdelta/xdelta3_3.1.0.bb | 2 +-
.../xorg-xrdp/xorgxrdp_0.2.5.bb | 2 +-
meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb | 2 +-
.../recipes-support/xxhash/xxhash_0.7.3.bb | 2 +-
meta-oe/recipes-support/zbar/zbar_git.bb | 2 +-
.../recipes-support/zchunk/zchunk_1.1.6.bb | 2 +-
meta-oe/recipes-test/bats/bats_1.1.0.bb | 2 +-
meta-oe/recipes-test/catch2/catch2_2.9.2.bb | 2 +-
meta-oe/recipes-test/evtest/evtest_1.34.bb | 2 +-
meta-oe/recipes-test/fbtest/fb-test_git.bb | 2 +-
.../recipes-test/googletest/googletest_git.bb | 2 +-
meta-perl/recipes-perl/po4a/po4a_0.49.bb | 2 +-
.../python-txws/python3-txws_0.9.1.bb | 2 +-
meta-python/recipes-devtools/gyp/gyp.inc | 2 +-
.../python/python-feedformatter.inc | 2 +-
.../python/python3-absl_0.7.0.bb | 2 +-
.../python/python3-astor_0.8.1.bb | 2 +-
.../python/python3-dbussy_1.2.1.bb | 2 +-
.../python/python3-dt-schema_git.bb | 2 +-
.../python/python3-gast_0.2.2.bb | 2 +-
.../python/python3-h5py_2.9.0.bb | 2 +-
.../python/python3-imageio_2.6.0.bb | 2 +-
.../python3-keras-applications_1.0.8.bb | 2 +-
.../python3-keras-preprocessing_1.1.0.bb | 2 +-
.../python/python3-langtable_0.0.38.bb | 2 +-
.../python/python3-pillow_6.2.1.bb | 2 +-
.../python/python3-pkgconfig_1.4.0.bb | 2 +-
.../python/python3-prctl_1.7.bb | 2 +-
.../python/python3-wheel_0.33.6.bb | 2 +-
.../python-blivet/python3-blivet_3.1.4.bb | 2 +-
.../python-blivet/python3-blivetgui_2.1.10.bb | 2 +-
.../python-cson/python3-cson_git.bb | 2 +-
.../python-pyparted/python-pyparted.inc | 2 +-
.../apache-mod/apache-websocket_git.bb | 2 +-
.../recipes-httpd/cherokee/cherokee_git.bb | 2 +-
.../recipes-httpd/sthttpd/sthttpd_2.27.1.bb | 2 +-
.../recipes-support/fcgi/fcgi_git.bb | 2 +-
.../recipes-webadmin/netdata/netdata_git.bb | 2 +-
.../recipes-apps/xarchiver/xarchiver_git.bb | 2 +-
.../xfce-polkit/xfce-polkit_0.3.bb | 2 +-
.../xfce4-datetime-setter_3.32.2.bb | 2 +-
.../xfce4-closebutton-plugin_git.bb | 2 +-
409 files changed, 675 insertions(+), 426 deletions(-)
create mode 100644 meta-oe/recipes-core/sdbus-c++/sdbus-c++-0.8.1/0001-Try-to-first-find-googletest-in-the-system-before-do.patch
create mode 100644 meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch
create mode 100644 meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch
--
2.25.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [dunfell 2/5] nss: Fix CVE-2020-12403
2021-12-02 12:19 [dunfell 0/5] Patch review Dec 2 Armin Kuster
@ 2021-12-02 12:19 ` Armin Kuster
2021-12-02 12:19 ` [dunfell 3/5] lmsensors: do not depend on lmsensors-isatools on non-x86 Armin Kuster
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Armin Kuster @ 2021-12-02 12:19 UTC (permalink / raw)
To: openembedded-devel
From: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Add patch for CVE-2020-12403
Link:
https://github.com/nss-dev/nss/commit/9ff9d3925d31ab265a965ab1d16d76c496ddb5c8
https://github.com/nss-dev/nss/commit/06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../nss/nss/CVE-2020-12403_1.patch | 65 +++++++++++++++
.../nss/nss/CVE-2020-12403_2.patch | 80 +++++++++++++++++++
meta-oe/recipes-support/nss/nss_3.51.1.bb | 2 +
3 files changed, 147 insertions(+)
create mode 100644 meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch
create mode 100644 meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch
diff --git a/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch
new file mode 100644
index 0000000000..a229a2d20f
--- /dev/null
+++ b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch
@@ -0,0 +1,65 @@
+From 9ff9d3925d31ab265a965ab1d16d76c496ddb5c8 Mon Sep 17 00:00:00 2001
+From: Benjamin Beurdouche <bbeurdouche@mozilla.com>
+Date: Sat, 18 Jul 2020 00:13:38 +0000
+Subject: [PATCH] Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by
+ PKCS11. r=jcj,kjacobs,rrelyea
+
+Differential Revision: https://phabricator.services.mozilla.com/D74801
+
+--HG--
+extra : moz-landing-system : lando
+---
+ nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc | 11 +++++++++--
+ nss/lib/freebl/chacha20poly1305.c | 2 +-
+ 2 files changed, 10 insertions(+), 3 deletions(-)
+
+CVE: CVE-2020-12403
+Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/9ff9d3925d31ab265a965ab1d16d76c496ddb5c8]
+Comment: Refreshed path for whole patchset
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+
+diff --git a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+index 41f9da71d6..3ea17678d9 100644
+--- a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
++++ b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+@@ -45,7 +45,7 @@ class Pkcs11ChaCha20Poly1305Test
+ SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
+ sizeof(aead_params)};
+
+- // Encrypt with bad parameters.
++ // Encrypt with bad parameters (TagLen is too long).
+ unsigned int encrypted_len = 0;
+ std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen);
+ aead_params.ulTagLen = 158072;
+@@ -54,9 +54,16 @@ class Pkcs11ChaCha20Poly1305Test
+ &encrypted_len, encrypted.size(), data, data_len);
+ EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(0U, encrypted_len);
+- aead_params.ulTagLen = 16;
++
++ // Encrypt with bad parameters (TagLen is too short).
++ aead_params.ulTagLen = 2;
++ rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(),
++ &encrypted_len, encrypted.size(), data, data_len);
++ EXPECT_EQ(SECFailure, rv);
++ EXPECT_EQ(0U, encrypted_len);
+
+ // Encrypt.
++ aead_params.ulTagLen = 16;
+ rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(),
+ &encrypted_len, encrypted.size(), data, data_len);
+
+diff --git a/nss/lib/freebl/chacha20poly1305.c b/nss/lib/freebl/chacha20poly1305.c
+index 970c6436da..5c294a9eaf 100644
+--- a/nss/lib/freebl/chacha20poly1305.c
++++ b/nss/lib/freebl/chacha20poly1305.c
+@@ -81,7 +81,7 @@ ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
+ PORT_SetError(SEC_ERROR_BAD_KEY);
+ return SECFailure;
+ }
+- if (tagLen == 0 || tagLen > 16) {
++ if (tagLen != 16) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
+ }
+
diff --git a/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch
new file mode 100644
index 0000000000..7b093d0cda
--- /dev/null
+++ b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch
@@ -0,0 +1,80 @@
+From 06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45 Mon Sep 17 00:00:00 2001
+From: Benjamin Beurdouche <bbeurdouche@mozilla.com>
+Date: Sat, 18 Jul 2020 00:13:14 +0000
+Subject: [PATCH] Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20.
+ r=kjacobs,rrelyea
+
+Depends on D74801
+
+Differential Revision: https://phabricator.services.mozilla.com/D83994
+
+--HG--
+extra : moz-landing-system : lando
+---
+ nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc | 49 +++++++++++++++++++++
+ nss/lib/softoken/pkcs11c.c | 1 +
+ 2 files changed, 50 insertions(+)
+
+CVE: CVE-2020-12403
+Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45]
+Comment: Refreshed path for whole patchset and removed change for pkcs11c.c
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+
+diff --git a/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
+index 38982fd885..700750cc90 100644
+--- a/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
++++ b/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
+@@ -77,4 +77,53 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) {
+ NSS_ShutdownContext(globalctx);
+ }
+
++TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) {
++ PK11SlotInfo* slot;
++ PK11SymKey* key;
++ PK11Context* ctx;
++
++ NSSInitContext* globalctx =
++ NSS_InitContext("", "", "", "", NULL,
++ NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
++ NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
++
++ const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR;
++
++ slot = PK11_GetInternalSlot();
++ ASSERT_TRUE(slot);
++
++ // Use arbitrary bytes for the ChaCha20 key and IV
++ uint8_t key_bytes[32];
++ for (size_t i = 0; i < 32; i++) {
++ key_bytes[i] = i;
++ }
++ SECItem keyItem = {siBuffer, key_bytes, 32};
++
++ uint8_t iv_bytes[16];
++ for (size_t i = 0; i < 16; i++) {
++ key_bytes[i] = i;
++ }
++ SECItem ivItem = {siBuffer, iv_bytes, 16};
++
++ SECItem* param = PK11_ParamFromIV(cipher, &ivItem);
++
++ key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
++ &keyItem, NULL);
++ ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param);
++ ASSERT_TRUE(key);
++ ASSERT_TRUE(ctx);
++
++ uint8_t outbuf[128];
++ // This is supposed to fail for Chacha20. This is because the underlying
++ // PK11_CipherOp operation is calling the C_EncryptUpdate function for
++ // which multi-part is disabled for ChaCha20 in counter mode.
++ ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure);
++
++ PK11_FreeSymKey(key);
++ PK11_FreeSlot(slot);
++ SECITEM_FreeItem(param, PR_TRUE);
++ PK11_DestroyContext(ctx, PR_TRUE);
++ NSS_ShutdownContext(globalctx);
++}
++
+ } // namespace nss_test
diff --git a/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-oe/recipes-support/nss/nss_3.51.1.bb
index ac046ed0fe..14f670c32a 100644
--- a/meta-oe/recipes-support/nss/nss_3.51.1.bb
+++ b/meta-oe/recipes-support/nss/nss_3.51.1.bb
@@ -37,6 +37,8 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
file://0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch \
file://CVE-2020-12401.patch \
file://CVE-2020-6829_12400.patch \
+ file://CVE-2020-12403_1.patch \
+ file://CVE-2020-12403_2.patch \
"
SRC_URI[md5sum] = "6acaf1ddff69306ae30a908881c6f233"
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [dunfell 3/5] lmsensors: do not depend on lmsensors-isatools on non-x86
2021-12-02 12:19 [dunfell 0/5] Patch review Dec 2 Armin Kuster
2021-12-02 12:19 ` [dunfell 2/5] nss: Fix CVE-2020-12403 Armin Kuster
@ 2021-12-02 12:19 ` Armin Kuster
2021-12-02 12:19 ` [dunfell 4/5] sdbus-c++: don't fetch googletest during do_configure Armin Kuster
2021-12-02 12:19 ` [dunfell 5/5] jansson: whitelist CVE-2020-36325 Armin Kuster
3 siblings, 0 replies; 5+ messages in thread
From: Armin Kuster @ 2021-12-02 12:19 UTC (permalink / raw)
To: openembedded-devel
From: lumag <dbaryshkov@gmail.com>
lmsensors will build isadump and isaset only on x86 architecture.
Depending on this package breaks lmsensors on all non-x86 machines. Fix
this by enabling ${PN}-isatools dependency only on x86.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb b/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb
index a2f0805fe5..37a98a0996 100644
--- a/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb
+++ b/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb
@@ -95,7 +95,7 @@ RDEPENDS_${PN} += " \
${PN}-sensorsdetect \
${PN}-sensorsconfconvert \
${PN}-pwmconfig \
- ${PN}-isatools \
+ ${@bb.utils.contains('MACHINE_FEATURES', 'x86', '${PN}-isatools', '', d)} \
"
# libsensors packages
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [dunfell 4/5] sdbus-c++: don't fetch googletest during do_configure
2021-12-02 12:19 [dunfell 0/5] Patch review Dec 2 Armin Kuster
2021-12-02 12:19 ` [dunfell 2/5] nss: Fix CVE-2020-12403 Armin Kuster
2021-12-02 12:19 ` [dunfell 3/5] lmsensors: do not depend on lmsensors-isatools on non-x86 Armin Kuster
@ 2021-12-02 12:19 ` Armin Kuster
2021-12-02 12:19 ` [dunfell 5/5] jansson: whitelist CVE-2020-36325 Armin Kuster
3 siblings, 0 replies; 5+ messages in thread
From: Armin Kuster @ 2021-12-02 12:19 UTC (permalink / raw)
To: openembedded-devel
From: Martin Jansa <Martin.Jansa@gmail.com>
* with PTEST_ENABLED it enables with-tests PACKAGECONFIG which
instead of using system googletest gmock, tries to fetch googletest
from github and fails because branch was recently renamed from master to main
| -- Found PkgConfig: /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/bin/pkg-config (found version "0.29.2")
| -- Checking for module 'libsystemd>=236'
| -- Found libsystemd, version 249
| -- Building with tests
| Fetching googletest...
| [1/9] Creating directories for 'googletest-populate'
| [1/9] Performing download step (git clone) for 'googletest-populate'
| Cloning into 'googletest-src'...
| fatal: invalid reference: master
| CMake Error at googletest-subbuild/googletest-populate-prefix/tmp/googletest-populate-gitclone.cmake:40 (message):
| Failed to checkout tag: 'master'
|
|
| FAILED: googletest-populate-prefix/src/googletest-populate-stamp/googletest-populate-download
| cd /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/build/_deps && /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/bin/cmake -P /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/build/_deps/googletest-subbuild/googletest-populate-prefix/tmp/googletest-populate-gitclone.cmake && /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/bin/cmake -E touch /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/build/_deps/googletest-subbuild/googletest-populate-prefix/src/googletest-populate-stamp/googletest-populate-download
| ninja: build stopped: subcommand failed.
|
| CMake Error at /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/share/cmake-3.19/Modules/FetchContent.cmake:989 (message):
| Build step for googletest failed: 1
| Call Stack (most recent call first):
| /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/share/cmake-3.19/Modules/FetchContent.cmake:1118:EVAL:2 (__FetchContent_directPopulate)
| /OE/tmp-glibc/work/qemux86-oe-linux/sdbus-c++/0.8.3-r0/recipe-sysroot-native/usr/share/cmake-3.19/Modules/FetchContent.cmake:1118 (cmake_language)
| tests/CMakeLists.txt:17 (FetchContent_Populate)
|
|
| -- Configuring incomplete, errors occurred!
* unfortunately this backported patch fixes the fetching failure, because
it uses release-${GOOGLETEST_VERSION} tag instead of now non-existent
master branch, but is not enough to prevent fetching from github during
do_configure:
-- Building with tests
-- Could NOT find GTest (missing: GTest_DIR)
-- Checking for module 'gmock>=1.10.0'
-- No package 'gmock' found
Fetching googletest...
we also need to add googletest dependency to with-tests PACKAGECONFIG was fixed in meta-oe/master with the upgrade to 1.0.0:
https://github.com/openembedded/meta-openembedded/commit/b26b66e5da92718b4e99a57fbfaaef9e751c3cfe#diff-48a847e7323703994fd2ce0fcb731ff860fa955a77cdfe39d71a9cc84a042c06L15
then it's ok and not fetching:
-- Building with tests
-- Looking for pthread.h
-- Looking for pthread.h - found
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
...d-googletest-in-the-system-before-do.patch | 96 +++++++++++++++++++
.../recipes-core/sdbus-c++/sdbus-c++_0.8.1.bb | 9 +-
2 files changed, 102 insertions(+), 3 deletions(-)
create mode 100644 meta-oe/recipes-core/sdbus-c++/sdbus-c++-0.8.1/0001-Try-to-first-find-googletest-in-the-system-before-do.patch
diff --git a/meta-oe/recipes-core/sdbus-c++/sdbus-c++-0.8.1/0001-Try-to-first-find-googletest-in-the-system-before-do.patch b/meta-oe/recipes-core/sdbus-c++/sdbus-c++-0.8.1/0001-Try-to-first-find-googletest-in-the-system-before-do.patch
new file mode 100644
index 0000000000..89cb593e60
--- /dev/null
+++ b/meta-oe/recipes-core/sdbus-c++/sdbus-c++-0.8.1/0001-Try-to-first-find-googletest-in-the-system-before-do.patch
@@ -0,0 +1,96 @@
+From b073e1c2b9a8138da83300f598b9a56fc9762b4b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Stanislav=20Angelovi=C4=8D?= <angelovic.s@gmail.com>
+Date: Mon, 16 Nov 2020 17:05:36 +0100
+Subject: [PATCH] Try to first find googletest in the system before downloading
+ it (#125)
+
+Upstream-Status: Backport [d6fdaca]
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+
+---
+ tests/CMakeLists.txt | 62 ++++++++++++++++++++++++++++----------------
+ 1 file changed, 40 insertions(+), 22 deletions(-)
+
+diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
+index 97f7c1a..7ecc327 100644
+--- a/tests/CMakeLists.txt
++++ b/tests/CMakeLists.txt
+@@ -2,26 +2,44 @@
+ # DOWNLOAD AND BUILD OF GOOGLETEST
+ #-------------------------------
+
+-include(FetchContent)
+-
+-message("Fetching googletest...")
+-FetchContent_Declare(googletest
+- GIT_REPOSITORY https://github.com/google/googletest.git
+- GIT_TAG master
+- GIT_SHALLOW 1
+- UPDATE_COMMAND "")
+-
+-#FetchContent_MakeAvailable(googletest) # Not available in CMake 3.13 :-( Let's do it manually:
+-FetchContent_GetProperties(googletest)
+-if(NOT googletest_POPULATED)
+- FetchContent_Populate(googletest)
+- set(gtest_force_shared_crt ON CACHE INTERNAL "" FORCE)
+- set(BUILD_GMOCK ON CACHE INTERNAL "" FORCE)
+- set(INSTALL_GTEST OFF CACHE INTERNAL "" FORCE)
+- set(BUILD_SHARED_LIBS_BAK ${BUILD_SHARED_LIBS})
+- set(BUILD_SHARED_LIBS OFF)
+- add_subdirectory(${googletest_SOURCE_DIR} ${googletest_BINARY_DIR})
+- set(BUILD_SHARED_LIBS ${BUILD_SHARED_LIBS_BAK})
++set(GOOGLETEST_VERSION 1.10.0 CACHE STRING "Version of gmock to use")
++set(GOOGLETEST_GIT_REPO "https://github.com/google/googletest.git" CACHE STRING "A git repo to clone and build googletest from if gmock is not found in the system")
++
++find_package(GTest ${GOOGLETEST_VERSION} CONFIG)
++if (NOT TARGET GTest::gmock)
++ # Try pkg-config if GTest was not found through CMake config
++ find_package(PkgConfig)
++ if (PkgConfig_FOUND)
++ pkg_check_modules(GMock IMPORTED_TARGET GLOBAL gmock>=${GOOGLETEST_VERSION})
++ if(TARGET PkgConfig::GMock)
++ add_library(GTest::gmock ALIAS PkgConfig::GMock)
++ endif()
++ endif()
++ # GTest was not found in the system, build it on our own
++ if (NOT TARGET GTest::gmock)
++ include(FetchContent)
++
++ message("Fetching googletest...")
++ FetchContent_Declare(googletest
++ GIT_REPOSITORY ${GOOGLETEST_GIT_REPO}
++ GIT_TAG release-${GOOGLETEST_VERSION}
++ GIT_SHALLOW 1
++ UPDATE_COMMAND "")
++
++ #FetchContent_MakeAvailable(googletest) # Not available in CMake 3.13 :-( Let's do it manually:
++ FetchContent_GetProperties(googletest)
++ if(NOT googletest_POPULATED)
++ FetchContent_Populate(googletest)
++ set(gtest_force_shared_crt ON CACHE INTERNAL "" FORCE)
++ set(BUILD_GMOCK ON CACHE INTERNAL "" FORCE)
++ set(INSTALL_GTEST OFF CACHE INTERNAL "" FORCE)
++ set(BUILD_SHARED_LIBS_BAK ${BUILD_SHARED_LIBS})
++ set(BUILD_SHARED_LIBS OFF)
++ add_subdirectory(${googletest_SOURCE_DIR} ${googletest_BINARY_DIR})
++ set(BUILD_SHARED_LIBS ${BUILD_SHARED_LIBS_BAK})
++ add_library(GTest::gmock ALIAS gmock)
++ endif()
++ endif()
+ endif()
+
+ #-------------------------------
+@@ -87,11 +105,11 @@ include_directories(${CMAKE_CURRENT_SOURCE_DIR})
+
+ add_executable(sdbus-c++-unit-tests ${UNITTESTS_SRCS})
+ target_compile_definitions(sdbus-c++-unit-tests PRIVATE LIBSYSTEMD_VERSION=${LIBSYSTEMD_VERSION})
+-target_link_libraries(sdbus-c++-unit-tests sdbus-c++-objlib gmock gmock_main)
++target_link_libraries(sdbus-c++-unit-tests sdbus-c++-objlib GTest::gmock)
+
+ add_executable(sdbus-c++-integration-tests ${INTEGRATIONTESTS_SRCS})
+ target_compile_definitions(sdbus-c++-integration-tests PRIVATE LIBSYSTEMD_VERSION=${LIBSYSTEMD_VERSION})
+-target_link_libraries(sdbus-c++-integration-tests sdbus-c++ gmock gmock_main)
++target_link_libraries(sdbus-c++-integration-tests sdbus-c++ GTest::gmock)
+
+ # Manual performance and stress tests
+ option(ENABLE_PERF_TESTS "Build and install manual performance tests (default OFF)" OFF)
diff --git a/meta-oe/recipes-core/sdbus-c++/sdbus-c++_0.8.1.bb b/meta-oe/recipes-core/sdbus-c++/sdbus-c++_0.8.1.bb
index c4d63fd272..a94fb8deff 100644
--- a/meta-oe/recipes-core/sdbus-c++/sdbus-c++_0.8.1.bb
+++ b/meta-oe/recipes-core/sdbus-c++/sdbus-c++_0.8.1.bb
@@ -12,13 +12,16 @@ PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'with-exte
${@bb.utils.contains('PTEST_ENABLED', '1', 'with-tests', '', d)}"
PACKAGECONFIG[with-builtin-libsystemd] = ",,sdbus-c++-libsystemd,libcap"
PACKAGECONFIG[with-external-libsystemd] = ",,systemd,libsystemd"
-PACKAGECONFIG[with-tests] = "-DBUILD_TESTS=ON -DTESTS_INSTALL_PATH=${libdir}/${BPN}/tests,-DBUILD_TESTS=OFF"
+PACKAGECONFIG[with-tests] = "-DBUILD_TESTS=ON -DTESTS_INSTALL_PATH=${libdir}/${BPN}/tests,-DBUILD_TESTS=OFF,googletest gmock"
DEPENDS += "expat"
SRCREV = "3a4f343fb924650e7639660efa5f143961162044"
-SRC_URI = "git://github.com/Kistler-Group/sdbus-cpp.git;protocol=https;branch=master"
-SRC_URI += "file://run-ptest"
+
+SRC_URI = "git://github.com/Kistler-Group/sdbus-cpp.git;protocol=https;branch=master \
+ file://0001-Try-to-first-find-googletest-in-the-system-before-do.patch \
+ file://run-ptest \
+"
EXTRA_OECMAKE = "-DBUILD_CODE_GEN=ON \
-DBUILD_DOC=ON \
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [dunfell 5/5] jansson: whitelist CVE-2020-36325
2021-12-02 12:19 [dunfell 0/5] Patch review Dec 2 Armin Kuster
` (2 preceding siblings ...)
2021-12-02 12:19 ` [dunfell 4/5] sdbus-c++: don't fetch googletest during do_configure Armin Kuster
@ 2021-12-02 12:19 ` Armin Kuster
3 siblings, 0 replies; 5+ messages in thread
From: Armin Kuster @ 2021-12-02 12:19 UTC (permalink / raw)
To: openembedded-devel
From: Marta Rybczynska <marta.rybczynska@huawei.com>
According to the upstream [1], the bug happens only if the programmer
does not follow the API definition.
[1] https://github.com/akheron/jansson/issues/548
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-oe/recipes-extended/jansson/jansson_2.13.1.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb
index d6e56ea768..7beea9f1e7 100644
--- a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb
+++ b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb
@@ -11,4 +11,7 @@ SRC_URI[sha256sum] = "f4f377da17b10201a60c1108613e78ee15df6b12016b116b6de42209f4
inherit autotools pkgconfig
+# upstream considers it isn't a real bug https://github.com/akheron/jansson/issues/548
+CVE_CHECK_WHITELIST = "CVE-2020-36325 "
+
BBCLASSEXTEND = "native"
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-12-02 12:19 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-02 12:19 [dunfell 0/5] Patch review Dec 2 Armin Kuster
2021-12-02 12:19 ` [dunfell 2/5] nss: Fix CVE-2020-12403 Armin Kuster
2021-12-02 12:19 ` [dunfell 3/5] lmsensors: do not depend on lmsensors-isatools on non-x86 Armin Kuster
2021-12-02 12:19 ` [dunfell 4/5] sdbus-c++: don't fetch googletest during do_configure Armin Kuster
2021-12-02 12:19 ` [dunfell 5/5] jansson: whitelist CVE-2020-36325 Armin Kuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.