meta-openembedded: subtree update:936f2380bb..4599fea881
Alexander Vickberg (1):
mbedtls: upgrade to 2.25.0
Andreas Müller (44):
xfce4-panel-profiles: upgrade 1.0.10 -> 1.0.12
mousepad: upgrade 0.4.2 -> 0.5.2
xfce4-screenshooter: upgrade 1.9.7 -> 1.9.8
xfce4-taskmanager: upgrade 1.2.3 -> 1.4.0
xfce4-calculator-plugin: upgrade 0.7.0 -> 0.7.1
xfce4-cpugraph-plugin: upgrade 1.1.0 -> 1.2.0
xfce4-datetime-plugin: upgrade 0.8.0 -> 0.8.1
xfce4-diskperf-plugin: upgrade 2.6.2 -> 2.6.3
xfce4-fsguard-plugin: upgrade 1.1.1 -> 1.1.2
xfce4-smartbookmark-plugin: upgrade 0.5.1 -> 0.5.2
xfce4-systemload-plugin: upgrade 1.2.3 -> 1.2.4
xfce4-verve-plugin: upgrade 2.0.0 -> 2.0.1
xfce4-wavelan-plugin: upgrade 0.6.1 -> 0.6.2
xfce4-whiskermenu-plugin: upgrade 2.4.6 -> 2.5.1
xfce4-xkb-plugin: upgrade 0.8.1 -> 0.8.2
xfce4-mount-plugin: upgrade 1.1.3 -> 1.1.5
xfce4-dev-tools: upgrade 4.14.0 -> 4.16.0
libxfce4util: upgrade 4.14.0 -> 4.16.0
xfconf: upgrade 4.14.3 -> 4.16.0
libxfce4ui: upgrade 4.14.1 -> 4.16.0
exo: upgrade 0.12.11 -> 4.16.0
garcon: upgrade 0.7.0 -> 0.8.0
xfwm4: upgrade 4.14.5 -> 4.16.0
xfce4-settings: upgrade 4.14.3 -> 4.16.0
xfce4-panel: upgrade 4.14.4 -> 4.16.0
xfce4-session: upgrade 4.14.2 -> 4.16.0
xfdesktop: upgrade 4.14.2 -> 4.16.0
xfce4-power-manager: upgrade 1.6.6 -> 4.16.0
tumbler: upgrade 0.3.1 -> 4.16.0
thunar-volman: upgrade 0.9.5 -> 4.16.0
thunar: upgrade 1.8.15 -> 4.16.0
xfce4-appfinder: upgrade 4.14.0 -> 4.16.0
xfce4-terminal: 0.8.9.2 -> 0.8.10
xfce4-screensaver: upgrade 0.1.10 -> 4.16.0
xfce4-taskmanager: remove exo-native from DEPENDS
xfce4-closebutton-plugin: upgrade 0.1.0+ -> 4.16.0
xfce4-sensors-plugin: upgrade 1.3.92 -> 1.3.95
xfce4-genmon-plugin: upgrade 4.0.2 -> 4.1.0
xfce4-hotcorner-plugin: remove
xfce4-embed-plugin: remove for now
xfce4-equake-plugin: remove for now
xfce4-notes-plugin: remove for now
fluidsynth: upgrade 2.1.5 -> 2.1.6
blueman: upgrade 2.1.3 -> 2.1.4
Bruce Ashfield (1):
vboxguestdrivers: fix build against kernel v5.10+
Caio Toledo (3):
Add recipe for dbus-cxx
Add dbus-cxx to packagegroup-meta-oe
Fix dbus-cxx build for musl
Changqing Li (1):
libssh2: enhance ptest
Chen Qi (1):
tclap: fix branch
Chencheng Zhang (1):
tclap: align version to tag v1.2.2
Diego Santa Cruz (2):
gssdp: Upgrade to 1.2.2 -> 1.2.3
gupnp: Upgrade to 1.2.2 -> 1.2.4
Dmitry Baryshkov (11):
android-tools-conf-configfs: add an alternative to anrdoid-tools-conf
android-tools-conf: fix android-tools build-deps warning
conf/layer.conf: provide default PREFERRED_PROVIDER_android-tools-conf
imlib2: add image manipulation libray from englightenment project
feh: imlib2 based image viewer
obconf: Openbox configuration tool
xterm: install xterm and uxterm desktop files
xterm: update to version 362
xterm: provide virtual/x-terminal-emulator
layer.conf: add gnome-layer dynamic entry
openbox-xdgmenu: Openbox menu generator
He Zhe (2):
ebtables: Add symbol link /sbin/ebtables
lmbench: Fix setting LDLIBS failure
Hongxu Jia (2):
flatbuffers: add python3 support
python3-wrapt: add native support
Joe Slater (1):
multipath-tools: fix error handling for udev_monitor_set_receive_buffer_size
Khem Raj (9):
pidgin-sipe: Do not add native libdir to pkgconfig search path
sdbus-c++-libsystemd: Fix reallocarray check in meson
networkmanager: Fix reallocarray check in meson and configure
redis: Update to 6.0.9
python3-matplotlib: Disable LTO on mips/clang
cyrus-sasl: Disable ntlm plugin by default
postgresql: Use /dev/urandom when openssl is not used
xrdp: Upgrade to 0.9.14
iwd: Upgrade to 1.10
Leon Anavi (33):
python3-stevedore: Upgrade 3.2.2 -> 3.3.0
python3-pychromecast: Upgrade 7.5.1 -> 7.6.0
python3-humanize: Upgrade 3.1.0 -> 3.2.0
python3-fasteners: Upgrade 0.15 -> 0.16
python3-luma-core: Upgrade 2.0.1 -> 2.2.0
python3-chardet: Upgrade 3.0.4 -> 4.0.0
python3-watchdog: Upgrade 0.10.3 -> 1.0.2
python3-natsort: Upgrade 7.0.1 -> 7.1.0
python3-gmqtt: Upgrade 0.6.8 -> 0.6.9
python3-pymongo: Upgrade 3.11.0 -> 3.11.2
python3-requests: Upgrade 2.25.0 -> 2.25.1
python3-nocasedict: Upgrade 1.0.1 -> 1.0.2
python3-soupsieve: Upgrade 2.0.1 -> 2.1
python3-jsonpatch: Upgrade 1.26 -> 1.28
python3-psutil: Upgrade 5.7.3 -> 5.8.0
python3-argcomplete: Upgrade 1.12.1 -> 1.12.2
python3-multidict: Upgrade 5.0.0 -> 5.1.0
python3-nocaselist: Upgrade 1.0.3 -> 1.0.4
python3-prompt-toolkit: Upgrade 3.0.8 -> 3.0.9
python3-pychromecast: Upgrade 7.6.0 -> 7.7.1
python3-txaio: Upgrade 20.4.1 -> 20.12.1
python3-croniter: Upgrade 0.3.36 -> 0.3.37
python3-pandas: Upgrade 1.1.4 -> 1.2.0
python3-sympy: Upgrade 1.6.2 -> 1.7.1
python3-twine: Upgrade 3.2.0 -> 3.3.0
python3-humanfriendly: Upgrade 8.2 -> 9.1
python3-sqlalchemy: Upgrade 1.3.20 -> 1.3.22
python3-transitions: Upgrade 0.8.5 -> 0.8.6
python3-pytest-metadata: Upgrade 1.10.0 -> 1.11.0
python3-smbus2: Upgrade 0.3.0 -> 0.4.0
python3-cantools: Upgrade 35.5.0 -> 36.1.0
python3-sentry-sdk: Upgrade 0.19.1 -> 0.19.5
python3-babel: Upgrade 2.8.0 -> 2.9.0
Mark Jonas (1):
beep: Update to 1.4.9 in new repository
Martin Jansa (1):
linuxconsole: move jscal to separate package, add to packagegroup
Michael Vetter (1):
jasper: upgrade 2.0.23 -> 2.0.24
Mingli Yu (3):
traceroute: change the ALTERNATIVE_PRIORITY
tftp-hpa: change the ALTERNATIVE_PRIORITY
python3-astor: switch to python3
Ola X Nilsson (1):
python3-idna Remove 2.8
Qi.Chen@windriver.com (1):
python3-requests: upgrade to 2.25.0
Ramon Fried (2):
bitwise: add new recipe
yaml-cpp: add new recipe
Roland Hieber (3):
openct: remove lines that resulted in a no-op
openct: clean up do_install
openct: allow building as native package
Sean Nyekjaer (1):
nodejs: 12.19.1 -> 12.20.1
Stacy Gaikovaia (1):
nodejs: 12.19.0 -> 12.19.1
Trevor Woerner (1):
glmark2: fix precision handling bugs
Wang Mingyu (1):
zabbix: CVE-2020-15803 Security Advisory
Wenlin Kang (1):
syslog-ng: add bison-native to dependencies
Yi Zhao (9):
ebtables: do not install /etc/ethertypes
yaffs2-utils: update to latest git rev
f2fs-tools: upgrade 1.13.0 -> 1.14.0
dracut: upgrade 049 -> 051
ebtables: add missing file ebtables.common
ebtables: remove upstream ebtables-legacy-save
ebtables: do not install /etc/ethertypes
tcpdump: add UPSTREAM_CHECK_REGEX
phpmyadmin: 5.0.2 -> 5.0.4
Zang Ruochen (5):
mcpp: Normalize the patch format of CVE
python3-aenum: upgrade 2.2.4 -> 2.2.6
python3-autobahn: upgrade 20.7.1 -> 20.12.3
python3-bandit: upgrade 1.6.2 -> 1.7.0
python3-cachetools: upgrade 4.1.1 -> 4.2.0
Zheng Ruoqin (5):
samba: CVE-2020-14318 Security Advisory
samba: CVE-2020-14383 Security Advisory
php: CVE-2020-7070
php: CVE-2020-7069
poppler: upgrade 20.11.0 -> 20.12.1
changqing.li@windriver.com (3):
postgresql: upgrade 12.4 -> 13.1
nginx: upgrade 1.16.1 -> 1.18.0
nginx: upgrade 1.17.8 -> 1.19.6
jabdoa2 (2):
libsdl2-mixer: Fix ogg/vorbis support in libsdl2-mixer
libsdl2-mixer: set --disable-music-ogg-shared to link statically
lumag (2):
android-tools: fix package split
android-tools: split adbd to the separate package
zangrc (35):
fuse3: upgrade 3.10.0 -> 3.10.1
openipmi: upgrade 2.0.29 -> 2.0.30
vblade: upgrade 24 -> 25
dumb-init: upgrade 1.2.2 -> 1.2.5
fio: upgrade 3.24 -> 3.25
hwdata: upgrade 0.341 -> 0.342
nano: upgrade 5.3 -> 5.4
ocl-icd: upgrade 2.2.13 -> 2.2.14
ebtables: upgrade 2.0.10-4 -> 2.0.11
iscsi-initiator-utils: upgrade 2.1.2 -> 2.1.3
opencl-headers: upgrade 2020.06.16 -> 2020.12.18
opencl-icd-loader: upgrade 2020.06.16 -> 2020.12.18
c-periphery: upgrade 2.2.5 -> 2.3.0
opencl-clhpp: upgrade 2.0.12 -> 2.0.13
uthash: upgrade 2.1.0 -> 2.2.0
libtalloc: upgrade 2.3.0 -> 2.3.1
libtevent: upgrade 0.10.1 -> 0.10.2
ace: upgrade 6.5.10 -> 6.5.12
python3-ldap: upgrade 3.2.0 -> 3.3.1
wolfssl: upgrade 4.5.0 -> 4.6.0
asio: upgrade 1.18.0 -> 1.18.1
dash: upgrade 0.5.11.2 -> 0.5.11.3
geoclue: upgrade 2.5.6 -> 2.5.7
libmicrohttpd: upgrade 0.9.71 -> 0.9.72
nss: upgrade 3.59 -> 3.60
paho-mqtt-c: upgrade 1.3.7 -> 1.3.8
terminus-font: upgrade 4.48 -> 4.49.1
libnet-ldap-perl: upgrade 0.66 -> 0.67
rdma-core: upgrade 32.0 -> 33.0
can-utils: upgrade 2020.11.0 -> 2020.12.0
cpprest: upgrade 2.10.16 -> 2.10.17
haveged: upgrade 1.9.13 -> 1.9.14
live555: upgrade 20201105 -> 20210101
smartmontools: upgrade 7.1 -> 7.2
openjpeg: upgrade 2.3.1 -> 2.4.0
zhengruoqin (12):
pugixml: upgrade 1.11 -> 1.11.2
spdlog: upgrade 1.8.1 -> 1.8.2
spitools: upgrade 0.8.5 -> 0.8.6
uhubctl: upgrade 2.2.0 -> 2.3.0
xserver-xorg-cvt-native: upgrade 1.20.9 -> 1.20.10
zchunk: upgrade 1.1.7 -> 1.1.8
libencode-perl: upgrade 3.07 -> 3.08
bridge-utils: upgrade 1.6 -> 1.7
netplan: upgrade 0.100 -> 0.101
opensaf: upgrade 5.20.08 -> 5.20.11
cppzmq: upgrade 4.7.0 -> 4.7.1
gperftools: upgrade 2.8 -> 2.8.1
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I53939ad487155ca87e27cfd77d65962458d892e0
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.1.3.bb b/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.1.4.bb
similarity index 95%
rename from meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.1.3.bb
rename to meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.1.4.bb
index 9143a67..29bef23 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.1.3.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.1.4.bb
@@ -11,7 +11,7 @@
file://0001-Search-for-cython3.patch \
file://0002-fix-fail-to-enable-bluetooth.patch \
"
-SRC_URI[sha256sum] = "3bd02e0cc9e2c1424df1fc2015da710a280ef4c657515727e47eafabf8c2cfde"
+SRC_URI[sha256sum] = "1d9c3d39a564d88851aa8de509f16bfa586b0b50f4307dc6c6347ba4833664da"
EXTRA_OECONF = " \
--disable-appindicator \
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls/fix-incorrect-EOF-check-in-ssl_context_info.patch b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls/fix-incorrect-EOF-check-in-ssl_context_info.patch
deleted file mode 100644
index 836fce9..0000000
--- a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls/fix-incorrect-EOF-check-in-ssl_context_info.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From d696e7d91e42a190d06760279d2e396392143454 Mon Sep 17 00:00:00 2001
-From: Nayna Jain <nayna@linux.ibm.com>
-Date: Thu, 13 Aug 2020 19:17:53 +0000
-Subject: [PATCH] programs/ssl: Fix incorrect EOF check in ssl_context_info.c
-
-In `read_next_b64_code()`, the result of fgetc() is stored into a char,
-but later compared against EOF, which is generally -1. On platforms
-where char is unsigned, this generates a compiler warning/error that the
-comparison will never be true (causing a build failure). The value will
-never match, with the function ultimately bailing with a "Too many bad
-symbols are detected" error.
-
-On platforms with signed char, EOF is detected, but a file containing a
-0xFF character will causes a premature end of file exit of the loop.
-
-Fix this by changing the result to an int.
-
-Fixes #3794.
-
-Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
-Signed-off-by: David Brown <david.brown@linaro.org>
----
- ChangeLog.d/bugfix_3794.txt | 4 ++++
- programs/ssl/ssl_context_info.c | 4 ++--
- 2 files changed, 6 insertions(+), 2 deletions(-)
- create mode 100644 ChangeLog.d/bugfix_3794.txt
-
-diff --git a/ChangeLog.d/bugfix_3794.txt b/ChangeLog.d/bugfix_3794.txt
-new file mode 100644
-index 0000000000..a483ea76ae
---- /dev/null
-+++ b/ChangeLog.d/bugfix_3794.txt
-@@ -0,0 +1,4 @@
-+Bugfix
-+ * Fix handling of EOF against 0xff bytes and on platforms with
-+ unsigned chars. Fixes a build failure on platforms where char is
-+ unsigned. Fixes #3794.
-diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
-index df8819a804..d109c1e6f7 100644
---- a/programs/ssl/ssl_context_info.c
-+++ b/programs/ssl/ssl_context_info.c
-@@ -377,13 +377,13 @@ size_t read_next_b64_code( uint8_t **b64, size_t *max_len )
- int valid_balance = 0; /* balance between valid and invalid characters */
- size_t len = 0;
- char pad = 0;
-- char c = 0;
-+ int c = 0;
-
- while( EOF != c )
- {
- char c_valid = 0;
-
-- c = (char) fgetc( b64_file );
-+ c = fgetc( b64_file );
-
- if( pad > 0 )
- {
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.24.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.25.0.bb
similarity index 92%
rename from meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.24.0.bb
rename to meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.25.0.bb
index e3a0169..27c1b20 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.24.0.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.25.0.bb
@@ -23,10 +23,8 @@
SECTION = "libs"
S = "${WORKDIR}/git"
-SRCREV = "523f0554b6cdc7ace5d360885c3f5bbcc73ec0e8"
-SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=development \
- file://fix-incorrect-EOF-check-in-ssl_context_info.patch \
-"
+SRCREV = "1c54b5410fd48d6bcada97e30cac417c5c7eea67"
+SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=development"
inherit cmake
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-dbus-Remove-unused-variabes.patch b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-dbus-Remove-unused-variabes.patch
index af28ba7..407e24c 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-dbus-Remove-unused-variabes.patch
+++ b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-dbus-Remove-unused-variabes.patch
@@ -1,6 +1,3 @@
-From e5bd4c3853fb394edc8cbea17fad82ce23bd0fae Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Fri, 27 Nov 2020 12:21:32 -0800
Subject: [PATCH 1/2] dbus: Remove unused variabes
This issue is seen when using clang to compile it
@@ -19,11 +16,13 @@
src/parse.c | 1 -
3 files changed, 5 deletions(-)
+diff --git a/src/dbus.c b/src/dbus.c
+index 9606fea..8e1ed9d 100644
--- a/src/dbus.c
+++ b/src/dbus.c
-@@ -45,9 +45,6 @@ static int method_apply(sd_bus_message *
-
- static int method_info(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
+@@ -242,9 +242,6 @@ static int
+ method_info(sd_bus_message *m, void *userdata, sd_bus_error *ret_error)
+ {
sd_bus_message *reply = NULL;
- g_autoptr(GError) err = NULL;
- g_autofree gchar *stdout = NULL;
@@ -31,9 +30,11 @@
gint exit_status = 0;
exit_status = sd_bus_message_new_method_return(m, &reply);
+diff --git a/src/networkd.c b/src/networkd.c
+index 7c86cd6..7200740 100644
--- a/src/networkd.c
+++ b/src/networkd.c
-@@ -896,7 +896,6 @@ append_wpa_auth_conf(GString* s, const N
+@@ -897,7 +897,6 @@ append_wpa_auth_conf(GString* s, const NetplanAuthenticationSettings* auth, cons
static void
write_wpa_unit(const NetplanNetDefinition* def, const char* rootdir)
{
@@ -41,9 +42,11 @@
g_autofree gchar *stdouth = NULL;
stdouth = systemd_escape(def->id);
+diff --git a/src/parse.c b/src/parse.c
+index 033c657..faca27f 100644
--- a/src/parse.c
+++ b/src/parse.c
-@@ -1898,7 +1898,6 @@ handle_wireguard_peers(yaml_document_t*
+@@ -1899,7 +1899,6 @@ handle_wireguard_peers(yaml_document_t* doc, yaml_node_t* node, const void* _, G
}
for (yaml_node_item_t *i = node->data.sequence.items.start; i < node->data.sequence.items.top; i++) {
@@ -51,3 +54,6 @@
yaml_node_t *entry = yaml_document_get_node(doc, *i);
assert_type(entry, YAML_MAPPING_NODE);
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-don-t-fail-if-GLOB_BRACE-is-not-defined.patch b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-don-t-fail-if-GLOB_BRACE-is-not-defined.patch
new file mode 100644
index 0000000..dab8693
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-don-t-fail-if-GLOB_BRACE-is-not-defined.patch
@@ -0,0 +1,30 @@
+From ceb4111af317ecc54d97bb21878dcccbfdb2983e Mon Sep 17 00:00:00 2001
+From: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
+Date: Fri, 25 Dec 2020 11:41:43 +0900
+Subject: [PATCH] don't fail if GLOB_BRACE is not defined
+
+Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
+---
+ src/util.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/util.c b/src/util.c
+index 7e59985..eb8e573 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -23,6 +23,12 @@
+
+ #include "util.h"
+
++/* Don't fail if the standard library
++ * doesn't provide brace expansion */
++#ifndef GLOB_BRACE
++#define GLOB_BRACE 0
++#endif
++
+ GHashTable* wifi_frequency_24;
+ GHashTable* wifi_frequency_5;
+
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0002-Makefile-Exclude-.h-files-from-target-rule.patch b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0002-Makefile-Exclude-.h-files-from-target-rule.patch
index cd75d1c..68aabd6 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0002-Makefile-Exclude-.h-files-from-target-rule.patch
+++ b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0002-Makefile-Exclude-.h-files-from-target-rule.patch
@@ -1,6 +1,3 @@
-From 5abb6b8343b5d2633844144979b40f398450b544 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Fri, 27 Nov 2020 12:22:32 -0800
Subject: [PATCH 2/2] Makefile: Exclude .h files from target rule
This ensures that src/_features.h is not added to compiler cmdline which
@@ -17,14 +14,19 @@
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/Makefile b/Makefile
+index 4fa6bd8..567d326 100644
--- a/Makefile
+++ b/Makefile
-@@ -47,7 +47,7 @@ generate: libnetplan.so.$(NETPLAN_SOVER)
+@@ -46,7 +46,7 @@ generate: libnetplan.so.$(NETPLAN_SOVER) nm.o networkd.o openvswitch.o generate.
$(CC) $(BUILDFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $^ -L. -lnetplan `pkg-config --cflags --libs glib-2.0 gio-2.0 yaml-0.1 uuid`
- netplan-dbus: src/dbus.c src/_features.h
-- $(CC) $(BUILDFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $^ `pkg-config --cflags --libs libsystemd glib-2.0`
-+ $(CC) $(BUILDFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $(patsubst %.h,,$^) `pkg-config --cflags --libs libsystemd glib-2.0`
+ netplan-dbus: src/dbus.c src/_features.h util.o
+- $(CC) $(BUILDFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $^ `pkg-config --cflags --libs libsystemd glib-2.0 gio-2.0`
++ $(CC) $(BUILDFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $(patsubst %.h,,$^) `pkg-config --cflags --libs libsystemd glib-2.0 gio-2.0`
src/_features.h: src/[^_]*.[hc]
printf "#include <stddef.h>\nstatic const char *feature_flags[] __attribute__((__unused__)) = {\n" > $@
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.100.bb b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.101.bb
similarity index 94%
rename from meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.100.bb
rename to meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.101.bb
index 2f74a22..a3afcd2 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.100.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.101.bb
@@ -11,14 +11,15 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
S = "${WORKDIR}/git"
-SRCREV = "b7d32aebc880f3161b8f97ee56b729c0c54dd0e4"
-PV = "0.100+git${SRCPV}"
+SRCREV = "e445b87b9dff439ec564c245d030b03d61eb0f24"
+PV = "0.101+git${SRCPV}"
SRC_URI = " \
git://github.com/CanonicalLtd/netplan.git \
file://0001-dbus-Remove-unused-variabes.patch \
file://0002-Makefile-Exclude-.h-files-from-target-rule.patch \
"
+SRC_URI_append_libc-musl = " file://0001-don-t-fail-if-GLOB_BRACE-is-not-defined.patch"
DEPENDS = "glib-2.0 libyaml ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch
new file mode 100644
index 0000000..0a8de54
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch
@@ -0,0 +1,27 @@
+reallocarray() is coming from stdlib.h which maybe indirectly included
+by malloc.h but not on all libc implementations
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+--- a/meson.build
++++ b/meson.build
+@@ -114,7 +114,7 @@ config_h.set10('HAVE_GETRANDOM', use_sys
+ # FIXME secure_getenv check is not useful?
+ config_h.set('HAVE_SECURE_GETENV', cc.has_function('secure_getenv'))
+ config_h.set('HAVE___SECURE_GETENV', cc.has_function('__secure_getenv'))
+-config_h.set10('HAVE_DECL_REALLOCARRAY', cc.has_function('reallocarray', prefix: '#include <malloc.h>'))
++config_h.set10('HAVE_DECL_REALLOCARRAY', cc.has_function('reallocarray', prefix: '#include <stdlib.h>'))
+ config_h.set10('HAVE_DECL_EXPLICIT_BZERO', cc.has_function('explicit_bzero', prefix: '#include <string.h>'))
+ config_h.set10('HAVE_DECL_MEMFD_CREATE', cc.has_function('memfd_create', prefix: '#include <sys/mman.h>'))
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -82,7 +82,7 @@ AC_CHECK_DECLS([
+ AC_CHECK_DECLS([
+ reallocarray],
+ [], [], [[
+-#include <malloc.h>
++#include <stdlib.h>
+ ]])
+
+ AC_CHECK_DECLS([
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.14.bb b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.14.bb
index 2613076..aa8ab89 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.14.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.14.bb
@@ -27,6 +27,7 @@
file://0001-Fixed-configure.ac-Fix-pkgconfig-sysroot-locations.patch \
file://0002-Do-not-create-settings-settings-property-documentati.patch \
file://0001-install-firewalld-to-var-libdir-rather-than-hardcod-.patch \
+ file://fix_reallocarray_check.patch \
"
SRC_URI_append_libc-musl = " \
file://musl/0001-Fix-build-with-musl-systemd-specific.patch \
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14318.patch b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14318.patch
new file mode 100644
index 0000000..ff1225d
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14318.patch
@@ -0,0 +1,142 @@
+From ccf53dfdcd39f3526dbc2f20e1245674155380ff Mon Sep 17 00:00:00 2001
+From: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
+Date: Fri, 11 Dec 2020 11:32:44 +0900
+Subject: [PATCH] s4: torture: Add smb2.notify.handle-permissions test.
+
+s3: smbd: Ensure change notifies can't get set unless the
+ directory handle is open for SEC_DIR_LIST.
+
+CVE-2020-14318
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14434
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+
+Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
+---
+ source3/smbd/notify.c | 8 ++++
+ source4/torture/smb2/notify.c | 82 ++++++++++++++++++++++++++++++++++-
+ 2 files changed, 89 insertions(+), 1 deletion(-)
+
+diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
+index 44c0b09..d23c03b 100644
+--- a/source3/smbd/notify.c
++++ b/source3/smbd/notify.c
+@@ -283,6 +283,14 @@ NTSTATUS change_notify_create(struct files_struct *fsp, uint32_t filter,
+ char fullpath[len+1];
+ NTSTATUS status = NT_STATUS_NOT_IMPLEMENTED;
+
++ /*
++ * Setting a changenotify needs READ/LIST access
++ * on the directory handle.
++ */
++ if (!(fsp->access_mask & SEC_DIR_LIST)) {
++ return NT_STATUS_ACCESS_DENIED;
++ }
++
+ if (fsp->notify != NULL) {
+ DEBUG(1, ("change_notify_create: fsp->notify != NULL, "
+ "fname = %s\n", fsp->fsp_name->base_name));
+diff --git a/source4/torture/smb2/notify.c b/source4/torture/smb2/notify.c
+index ebb4f8a..a5c9b94 100644
+--- a/source4/torture/smb2/notify.c
++++ b/source4/torture/smb2/notify.c
+@@ -2569,6 +2569,83 @@ done:
+ return ok;
+ }
+
++/*
++ Test asking for a change notify on a handle without permissions.
++*/
++
++#define BASEDIR_HPERM BASEDIR "_HPERM"
++
++static bool torture_smb2_notify_handle_permissions(
++ struct torture_context *torture,
++ struct smb2_tree *tree)
++{
++ bool ret = true;
++ NTSTATUS status;
++ union smb_notify notify;
++ union smb_open io;
++ struct smb2_handle h1 = {{0}};
++ struct smb2_request *req;
++
++ smb2_deltree(tree, BASEDIR_HPERM);
++ smb2_util_rmdir(tree, BASEDIR_HPERM);
++
++ torture_comment(torture,
++ "TESTING CHANGE NOTIFY "
++ "ON A HANDLE WITHOUT PERMISSIONS\n");
++
++ /*
++ get a handle on the directory
++ */
++ ZERO_STRUCT(io.smb2);
++ io.generic.level = RAW_OPEN_SMB2;
++ io.smb2.in.create_flags = 0;
++ io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
++ io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
++ io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
++ io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
++ NTCREATEX_SHARE_ACCESS_WRITE;
++ io.smb2.in.alloc_size = 0;
++ io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
++ io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
++ io.smb2.in.security_flags = 0;
++ io.smb2.in.fname = BASEDIR_HPERM;
++
++ status = smb2_create(tree, torture, &io.smb2);
++ CHECK_STATUS(status, NT_STATUS_OK);
++ h1 = io.smb2.out.file.handle;
++
++ /* ask for a change notify,
++ on file or directory name changes */
++ ZERO_STRUCT(notify.smb2);
++ notify.smb2.level = RAW_NOTIFY_SMB2;
++ notify.smb2.in.buffer_size = 1000;
++ notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
++ notify.smb2.in.file.handle = h1;
++ notify.smb2.in.recursive = true;
++
++ req = smb2_notify_send(tree, ¬ify.smb2);
++ torture_assert_goto(torture,
++ req != NULL,
++ ret,
++ done,
++ "smb2_notify_send failed\n");
++
++ /*
++ * Cancel it, we don't really want to wait.
++ */
++ smb2_cancel(req);
++ status = smb2_notify_recv(req, torture, ¬ify.smb2);
++ /* Handle h1 doesn't have permissions for ChangeNotify. */
++ CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
++
++done:
++ if (!smb2_util_handle_empty(h1)) {
++ smb2_util_close(tree, h1);
++ }
++ smb2_deltree(tree, BASEDIR_HPERM);
++ return ret;
++}
++
+ /*
+ basic testing of SMB2 change notify
+ */
+@@ -2602,7 +2679,10 @@ struct torture_suite *torture_smb2_notify_init(TALLOC_CTX *ctx)
+ torture_smb2_notify_rmdir3);
+ torture_suite_add_2smb2_test(suite, "rmdir4",
+ torture_smb2_notify_rmdir4);
+-
++ torture_suite_add_1smb2_test(suite,
++ "handle-permissions",
++ torture_smb2_notify_handle_permissions);
++
+ suite->description = talloc_strdup(suite, "SMB2-NOTIFY tests");
+
+ return suite;
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch
new file mode 100644
index 0000000..3341b80
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch
@@ -0,0 +1,112 @@
+From ff17443fe761eda864d13957bec45f5bac478fe3 Mon Sep 17 00:00:00 2001
+From: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
+Date: Fri, 11 Dec 2020 14:34:31 +0900
+Subject: [PATCH] CVE-2020-14383: s4/dns: Ensure variable initialization with
+ NULL. do not crash when additional data not found
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Found by Francis Brosnan Blázquez <francis@aspl.es>.
+Based on patches from Francis Brosnan Blázquez <francis@aspl.es>
+and Jeremy Allison <jra@samba.org>
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14472
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795
+
+Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+
+Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
+Autobuild-Date(master): Mon Aug 24 00:21:41 UTC 2020 on sn-devel-184
+
+(based on commit df98e7db04c901259dd089e20cd557bdbdeaf379)
+(based on commit 7afe449e7201be92bed8e53cbb37b74af720ef4e
+
+Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
+---
+ .../rpc_server/dnsserver/dcerpc_dnsserver.c | 31 ++++++++++---------
+ 1 file changed, 17 insertions(+), 14 deletions(-)
+
+diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
+index 910de9a1..618c7096 100644
+--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
++++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
+@@ -1754,15 +1754,17 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
+ TALLOC_CTX *tmp_ctx;
+ char *name;
+ const char * const attrs[] = { "name", "dnsRecord", NULL };
+- struct ldb_result *res;
+- struct DNS_RPC_RECORDS_ARRAY *recs;
++ struct ldb_result *res = NULL;
++ struct DNS_RPC_RECORDS_ARRAY *recs = NULL;
+ char **add_names = NULL;
+- char *rname;
++ char *rname = NULL;
+ const char *preference_name = NULL;
+ int add_count = 0;
+ int i, ret, len;
+ WERROR status;
+- struct dns_tree *tree, *base, *node;
++ struct dns_tree *tree = NULL;
++ struct dns_tree *base = NULL;
++ struct dns_tree *node = NULL;
+
+ tmp_ctx = talloc_new(mem_ctx);
+ W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+@@ -1845,15 +1847,15 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
+ }
+ }
+
+- talloc_free(res);
+- talloc_free(tree);
+- talloc_free(name);
++ TALLOC_FREE(res);
++ TALLOC_FREE(tree);
++ TALLOC_FREE(name);
+
+ /* Add any additional records */
+ if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) {
+ for (i=0; i<add_count; i++) {
+- struct dnsserver_zone *z2;
+-
++ struct dnsserver_zone *z2 = NULL;
++ struct ldb_message *msg = NULL;
+ /* Search all the available zones for additional name */
+ for (z2 = dsstate->zones; z2; z2 = z2->next) {
+ char *encoded_name;
+@@ -1865,14 +1867,15 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
+ LDB_SCOPE_ONELEVEL, attrs,
+ "(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
+ encoded_name);
+- talloc_free(name);
++ TALLOC_FREE(name);
+ if (ret != LDB_SUCCESS) {
+ continue;
+ }
+ if (res->count == 1) {
++ msg = res->msgs[0];
+ break;
+ } else {
+- talloc_free(res);
++ TALLOC_FREE(res);
+ continue;
+ }
+ }
+@@ -1885,10 +1888,10 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
+ }
+ status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A,
+ select_flag, rname,
+- res->msgs[0], 0, recs,
++ msg, 0, recs,
+ NULL, NULL);
+- talloc_free(rname);
+- talloc_free(res);
++ TALLOC_FREE(rname);
++ TALLOC_FREE(res);
+ }
+ }
+
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb
index b5085c9..1a98236 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb
@@ -28,6 +28,8 @@
file://0002-util_sec.c-Move-__thread-variable-to-global-scope.patch \
file://0001-Add-options-to-configure-the-use-of-libbsd.patch \
file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \
+ file://CVE-2020-14318.patch \
+ file://CVE-2020-14383.patch \
"
SRC_URI_append_libc-musl = " \
file://samba-pam.patch \
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl/0001-Make-ByteReverseWords-available-for-big-and-little-e.patch b/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl/0001-Make-ByteReverseWords-available-for-big-and-little-e.patch
deleted file mode 100644
index 4676769..0000000
--- a/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl/0001-Make-ByteReverseWords-available-for-big-and-little-e.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From b90acc91d0cd276befe7f08f87ba2dc5ee7122ff Mon Sep 17 00:00:00 2001
-From: Tesfa Mael <tesfa@wolfssl.com>
-Date: Wed, 26 Aug 2020 10:13:06 -0700
-Subject: [PATCH] Make ByteReverseWords available for big and little endian
-
----
- wolfcrypt/src/misc.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c
-index fe66ee0a1..23bfa1adc 100644
---- a/wolfcrypt/src/misc.c
-+++ b/wolfcrypt/src/misc.c
-@@ -120,7 +120,6 @@ WC_STATIC WC_INLINE word32 ByteReverseWord32(word32 value)
- return rotlFixed(value, 16U);
- #endif
- }
--#if defined(LITTLE_ENDIAN_ORDER)
- /* This routine performs a byte swap of words array of a given count. */
- WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
- word32 byteCount)
-@@ -131,7 +130,6 @@ WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
- out[i] = ByteReverseWord32(in[i]);
-
- }
--#endif /* LITTLE_ENDIAN_ORDER */
-
- #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
-
---
-2.25.1
-
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_4.5.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_4.6.0.bb
similarity index 84%
rename from meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_4.5.0.bb
rename to meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_4.6.0.bb
index 61cf1cc..ad7e923 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_4.5.0.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_4.6.0.bb
@@ -13,9 +13,8 @@
RPROVIDES_${PN} = "cyassl"
SRC_URI = "git://github.com/wolfSSL/wolfssl.git;protocol=https \
- file://0001-Make-ByteReverseWords-available-for-big-and-little-e.patch \
"
-SRCREV = "0fa5af9929ce2ee99e8789996a3048f41a99830e"
+SRCREV = "9c87f979a7f1d3a6d786b260653d566c1d31a1c4"
S = "${WORKDIR}/git"
inherit autotools