subtree updates
meta-raspberrypi: 31c33d155c..cfbb192e5c:
Andrei Gherzan (1):
docs: Add information for RTC devices
Andrew Penner (2):
rpi-cmdline: Add ability to specify CPUs to add to the isolcpus list
extra-build-config: Add documentation for the ISOLATED_CPUS configuration variable
Jan Vermaete (1):
docs: untabify the few tabs in the file
Khem Raj (3):
userland: Update to latest as of 20220323
picamera-libs: Adjust sourcedir
omxplayer: Use internal version of ffmpeg
meta-openembedded: af11f6ce73..b9e440ead8:
Adrian Freihofer (1):
srecord: build fix
Andreas Müller (40):
octave: upgrade 4.4.1 -> 6.4.0 and overhaul recipe
mousepad: upgrade 0.5.8 -> 0.5.9
xfce4-terminal: upgrade 0.8.10 -> 1.0.0
orage: upgrade 4.12.1 -> 4.16.0
orage: enable notify PACKAGECONFIG by default
ristretto: upgrade 0.12.1 -> 0.12.2
xarchiver: upgrade 0.5.4.14 -> 0.5.4.17
xfce4-cpufreq-plugin: upgrade 1.2.5 -> 1.2.7
xfce4-cpugraph-plugin: upgrade 1.2.5 -> 1.2.6
xfce4-diskperf-plugin: upgrade 2.6.3 -> 2.7.0
xfce4-notifyd: upgrade 0.6.2 -> 0.6.3
xfce4-screenshooter: upgrade 1.9.9 -> 1.9.10
xfce4-sensors-plugin: upgrade 1.4.2 -> 1.4.3
Allow several components notification
meta-xfce: Add Andreas Müller back to maintainers list
accountsservice: upgrade 0.6.55 -> 22.08.8
colord-gtk: upgrade 0.2.0 -> 0.3.0
evince: upgrade 41.4 -> 42.1
evolution-data-server: upgrade 3.43.1 -> 3.44.0
file-roller: upgrade 3.40.0 -> 3.42.0
gdm: upgrade 41.0 -> 42.0
gedit: upgrade 41.0 -> 42.0
gfbgraph: upgrade 0.2.4 -> 0.2.5
gnome-calculator upgrade 41.1 -> 42-0
libgweather4: initial add 4.0.0
gnome-calendar 41.2 -> 42.0
gnome-desktop: upgrade 41.2 -> 42.0
libnma: upgrade 1.8.34 -> 1.8.36
gnome-bluetooth4: initial add 42.0
gnome-font-viewer: upgrade 41.0 -> 42.0
yelp-xsl: upgrade 41.1 -> 42.0
yelp-tools: upgrade 41.0 -> 42.0
yelp: upgrade 41.2 -> 42.1
upower: upgrade 0.99.13 -> 0.99.17 / build with mesom
upower: fix location of udev-rules with sysvinit
gnome-commander: initial add 1.14.2
gnome-text-editor: initial add 42.0
evolution-data-server: re-enable gobject-introspection
jack: upgrade 1.19.19 -> 1.19.20
fluidsynth: upgrade 2.2.4 -> 2.2.6
Chen Qi (1):
blueman: fix python site-packages installation issue
Craig McQueen (1):
dnsmasq: Fix a typo in initscript
Davide Gardenal (2):
python3-wxgtk4: add distro feature check to match dependency
fwupd: add COMPATIBLE_HOST to match dependency
Jose Quaresma (2):
srt: 1.4.2 -> 1.4.3
srt: 1.4.3 -> 1.4.4
Khem Raj (2):
xfce4-screenshooter: Add dependency on libxml-parser-perl-native
open-vm-tools: Use specific BSD-2-Clause for license
Matsunaga-Shinji (2):
samba: add 2 cves to allowlist
libzip: add CVE-2017-12858 to allowlist
Minjae Kim (1):
multipath-tools: update SRC_URI
Potin Lai (1):
libimobiledevice-glue: update recipe
Robert Yang (2):
wxwidgets: Fix checking for PACKAGECONFIG and DISTRO_FEATURES
wxwidgets: git -> gitsm to fix build when no x11
Samuli Piippo (1):
python3-qface: upgrade 2.0.6 -> 2.0.7
Xu Huan (5):
python3-cheetah: upgrade 3.2.6.post2 -> 3.2.6
python3-evdev: upgrade 1.4.0 -> 1.5.0
python3-google-api-python-client: upgrade 2.36.0 -> 2.42.0
python3-itsdangerous: upgrade 2.1.1 -> 2.1.2
python3-grpcio: upgrade 1.44.0 -> 1.45.0
Yi Zhao (1):
dracut: upgrade 055 -> 056
wangmy (20):
python3-bitarray: upgrade 2.4.0 -> 2.4.1
python3-click: upgrade 8.0.4 -> 8.1.2
python3-cppy: upgrade 1.2.0 -> 1.2.1
python3-pandas: upgrade 1.4.1 -> 1.4.2
python3-protobuf: upgrade 3.19.4 -> 3.20.0
python3-pychromecast: upgrade 10.3.0 -> 11.0.0
python3-pyparted: upgrade 3.11.7 -> 3.12.0
python3-redis: upgrade 4.2.0 -> 4.2.1
python3-sqlalchemy: upgrade 1.4.32 -> 1.4.34
python3-thrift: upgrade 0.15.0 -> 0.16.0
python3-trafaret: upgrade 2.1.0 -> 2.1.1
python3-twine: upgrade 3.8.0 -> 4.0.0
python3-tzlocal: upgrade 4.1 -> 4.2
python3-websocket-client: upgrade 1.3.1 -> 1.3.2
python3-werkzeug: upgrade 2.0.3 -> 2.1.1
zenity: upgrade 3.41.0 -> 3.42.0
ceres-solver: upgrade 2.0.0 -> 2.1.0
grpc: upgrade 1.45.0 -> 1.45.1
poppler: upgrade 22.03.0 -> 22.04.0
xorg-sgml-doctools: upgrade 1.11 -> 1.12
zhengrq.fnst (2):
python3-jdatetime: upgrade 4.0.0 -> 4.1.0
python3-kiwisolver: upgrade 1.4.0 -> 1.4.2
meta-security: da93339112..498ca39cd6:
Armin Kuster (5):
openscap-daemon: use renamaed python_setuptools_build_meta
python3-fail2ban: fix compile issue on some hosts
lkrg-module: covert to git fetcher
linux-yocto_security.inc: add lkrg kfrags
samhain: update to 4.4.7
Ashish Sharma (1):
meta-security : Use SPDX style licensing format
Davide Gardenal (2):
clamav: add COMPATIBLE_HOST to fix build error
fscrypt: update dependecy from go-dep-native to go-native
Robert Yang (1):
LICENSE: adopt SPDX standard names
poky: 1976521190..ed98f1a1ae:
Abongwa Amahnui Bonalais (1):
oe-init-build-env: add quotes around variables to prevent word splitting
Alessio Igor Bogani (1):
kernel.bbclass: Use KERNEL_IMAGEDEST instead of hardcoded boot path
Alexandre Belloni (1):
pseudo: Fix handling of absolute links
Bruce Ashfield (6):
linux-yocto/5.15: update to v5.15.32
linux-yocto/5.10: update to v5.10.109
linux-yocto/5.15: aufs: fixes and optimization
linux-yocto-rt/5.15: aufs: compile fix
linux-yocto/5.15: features/security: Move x86_64 configs to separate file
linux-yocto/5.10: features/security: Move x86_64 configs to separate file
Carlos Rafael Giani (1):
libsdl2: Disable libunwind dependency in native builds
Claudius Heine (1):
os-release: add os-release-initrd package
Ferry Toth (1):
package_manager: sign DEB package feeds
Joe Slater (1):
unzip: fix CVE-2021-4217
Khem Raj (1):
glib-2.0: Backport patches C++ variant of g_atomic_int_compare_and_exchange()
Oleksandr Kravchuk (1):
tzdata: update to 2022a
Peter Kjellerstedt (5):
python3-jinja2: Correct HOMEPAGE
insane.bbclass: Make do_qa_patch() depend on if patch-fuzz is in ERROR_QA
insane.bbclass: Make changes to QA_EMPTY_DIRS trigger package_qa to rerun
bitbake.conf: Remove ERROR_QA from BB_HASHEXCLUDE_COMMON
bitbake: knotty.py: Show elapsed time also for tasks with progress bars
Richard Purdie (11):
bitbake: parse: Ensure any existing siggen is closed down first
bitbake: data: Ensure vardepsexclude or BB_BASEHASH_IGNORE_VARS covers contains items
bitbake: server/process: Disable gc around critical section
bitbake: cooker: Reset and rebuild inotify watches
bitbake: pyinotify: Handle potential latent bug
mirrors: Switch glibc and binutils to use shallow mirror tarballs
bitbake: data: Fix accidentally added parameter
bitbake.conf: Drop unexports from a different era
vim: Upgrade 8.2.4524 -> 8.2.4681
Revert "meta: rust: Bug fix for target definitions returning 'NoneType'"
build-appliance-image: Update to master head revision
Robert Yang (1):
waffle: The surfaceless-egl and gbm requires opengl
Saul Wold (5):
busybox: Exclude .debug from depmod
kmod: Add an exclude directive to depmod
depmodwrapper: Use nonarch_base_libdir for depmod.d
kmod: Update exclude patch to Accepted
depmodwrapper-cross: Fix missing $
Sean Anderson (1):
u-boot: Fix condition for install_spl_helper
Simone Weiss (1):
popt: add ptest
Sundeep KOKKONDA (3):
gcc: sanitizer: Fix tsan against glibc 2.34
meta: rust: Bug fix for target definitions returning 'NoneType'
meta: scripts - relocation script adapted to support big-endian machines
Xavier Berger (1):
gpg-sign: Add parameters to gpg signature function
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I294af706d7b96796ff360b402b9d011082cf36a7
diff --git a/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch b/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
new file mode 100644
index 0000000..6ba2b87
--- /dev/null
+++ b/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
@@ -0,0 +1,67 @@
+From 731d698377dbd1f5b1b90efeb8094602ed59fc40 Mon Sep 17 00:00:00 2001
+From: Nils Bars <nils.bars@t-online.de>
+Date: Mon, 17 Jan 2022 16:53:16 +0000
+Subject: [PATCH] Fix null pointer dereference and use of uninitialized data
+
+This fixes a bug that causes use of uninitialized heap data if `readbuf` fails
+to read as many bytes as indicated by the extra field length attribute.
+Furthermore, this fixes a null pointer dereference if an archive contains an
+`EF_UNIPATH` extra field but does not have a filename set.
+---
+ fileio.c | 5 ++++-
+ process.c | 6 +++++-
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+---
+
+Patch from:
+https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
+https://launchpadlibrarian.net/580782282/0001-Fix-null-pointer-dereference-and-use-of-uninitialized-data.patch
+Regenerated to apply without offsets.
+
+CVE: CVE-2021-4217
+
+Upstream-Status: Pending [infozip upstream inactive]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+
+diff --git a/fileio.c b/fileio.c
+index 14460f3..1dc319e 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -2301,8 +2301,11 @@ int do_string(__G__ length, option) /* return PK-type error code */
+ seek_zipf(__G__ G.cur_zipfile_bufstart - G.extra_bytes +
+ (G.inptr-G.inbuf) + length);
+ } else {
+- if (readbuf(__G__ (char *)G.extra_field, length) == 0)
++ unsigned bytes_read = readbuf(__G__ (char *)G.extra_field, length);
++ if (bytes_read == 0)
+ return PK_EOF;
++ if (bytes_read != length)
++ return PK_ERR;
+ /* Looks like here is where extra fields are read */
+ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
+ {
+diff --git a/process.c b/process.c
+index 5f8f6c6..de843a5 100644
+--- a/process.c
++++ b/process.c
+@@ -2058,10 +2058,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
+ G.unipath_checksum = makelong(offset + ef_buf);
+ offset += 4;
+
++ if (!G.filename_full) {
++ /* Check if we have a unicode extra section but no filename set */
++ return PK_ERR;
++ }
++
+ /*
+ * Compute 32-bit crc
+ */
+-
+ chksum = crc32(chksum, (uch *)(G.filename_full),
+ strlen(G.filename_full));
+
+--
+2.32.0
+
diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
index af94a39..c222a68 100644
--- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -28,6 +28,7 @@
file://CVE-2019-13232_p3.patch \
file://unzip_optimization.patch \
file://0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch \
+ file://CVE-2021-4217.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"