subtree updates
meta-security: 1f18c623e9..de6712a806:
Armin Kuster (8):
cryfs: drop recipe
trousers: set precise BSD license
ibmtpm2tss: set precise BSD license
ibmswtpm2: set precise BSD license
opendnssec: set precise BSD license
checksec: set precise BSD license
isic: set precise BSD license
tpm-quote-tools: Update SRC_URI
Christer Fletcher (1):
dm-verity-img.bbclass: Expose --data-block-size for configuration
Kai Kang (1):
sssd: 2.5.1 -> 2.5.2
meta-raspberrypi: a6fa6b3aec..9eb4879cf4:
Andrew Penner (1):
rpi-cmdline: Support ethernet over USB
Khem Raj (2):
linux-raspberrypi: Update to 5.10.63
raspberrypi-firmware: Update to latest
meta-openembedded: e4a3c66505..cff8331f96:
Armin Kuster (21):
python3-cycler: set precise BSD license
python3-dill: set precise BSD license
python3-ipython-genutils: set precise BSD license
python3-traitlets: set precise BSD license
python3-parallax: set precise BSD license
python3-ipython:set precise BSD license
python3-mpmath: set precise BSD license
python3-sympy: set precise BSD license
python3-sqlparse: set precise BSD license
python3-webencodings: set precise BSD license
python3-pyperclip:set precise BSD license
python3-geojson: set precise BSD license
python3-aenum: set precise BSD license
python3-gnupg: set precise BSD license
python3-kiwisolver: set precise BSD license
python3-jdcal: set precise BSD license
python3-send2trash: set precise BSD license
python3-flask-bootstrap: Update LICENSES
autossh: set precise BSD licenses
jemalloc: set precise BSD license
gpsd-machine-conf: set precise BSD license
Bruce Ashfield (1):
vboxguestdrivers: fix build against 5.14+
Ed Tanous (1):
Boost-url Move to latest version
Khem Raj (57):
gdm: Add polkit to required distro features
python3-lxml: Inherit pkgconfig
python3-icu: Inherit pkgconfig
python3-h5py: Inherit pkgconfig
python3-pyparted: Inherit pkgconfig
python3-systemd: Inherit pkgconfig
rp-pppoe: Add configure cached variable via recipe
site: Remove local site files
postfix: Inherit pkgconfig
emacs: Inherit pkgconfig
libgnt: Inherit pkgconfig
libgnt: Inherit pkgconfig
portaudio-v19: Inherit pkgconfig
sshfs-fuse: Inherit pkgconfig
appstream-glib: Inherit pkgconfig
volume-key: Inherit pkgconfig
kronosnet: Inherit pkgconfig
rrdtool: Inherit pkgconfig
libbytesize: Inherit pkgconfig
dlt-daemon: Inherit pkgconfig
libmypaint: Inherit pkgconfig
libubox: Inherit pkgconfig
xfsprogs: Inherit pkgconfig
pavucontrol: Inherit pkgconfig
blueman: Inherit pkgconfig
mimic: Inherit pkgconfig
libchamplain: Inherit pkgconfig
gst-shark: Inherit pkgconfig
zchunk: Inherit pkgconfig
libvdpau: Inherit pkgconfig
tigervnc: Inherit pkgconfig
mpc: Inherit pkgconfig
avro-c: Inherit pkgconfig
udevil: Inherit pkgconfig
remmina: Inherit pkgconfig
transmission: Inherit pkgconfig
libuvc: Inherit pkgconfig
crda: Inherit pkgconfig
wxwidgets: Inherit pkgconfig
mdbus2: Inherit pkgconfig
firewalld: Inherit pkgconfig
renderdoc: Inherit pkgconfig
fetchmail: Inherit pkgconfig
ncmpc: Inherit pkgconfig
yad: Inherit pkgconfig
mscgen: Inherit pkgconfig
libldb: Inherit pkgconfig
pahole: Inherit missing pkgconfig
gerbera: Inherit pkgconfig
xfce4-datetime-setter: Inherit pkgconfig
libblockdev: Inherit pkgconfig
ntopng: Inherit pkgconfig
mosquitto: Inherit pkgconfig
samba: Inherit pkgconfig
fio: Upgrade to 3.28
rdma-core: Inherit pkgconfig
postfix: Add missing dependency on m4
Marek Vasut (1):
dstat: Add missing python-six runtime dependency
Matteo Croce (1):
pahole: call python via env in the shebang
Pascal Bach (1):
poco: update to 1.11.0
Peter Kjellerstedt (1):
libiio: Make libiio-python3 depend on python3-core
Pierre-Jean Texier (1):
cppzmq: upgrade 4.8.0 -> 4.8.1
Sakib Sajal (3):
bats: source files from correct directory
gd: upgrade 2.3.2 -> 2.3.3
lmdb: replace tag with commit id in SRCREV
Trevor Woerner (2):
vk-gl-cts: allow the user to specify the target
vk-gl-cts: fix soname linking
Yi Zhao (2):
samba: upgrade 4.14.5 -> 4.14.7
net-snmp: remove perllocal.pod when enable packageconfig[perl]
jan (1):
netdata: Fixed the recipe.
wangmy (3):
byacc: upgrade 20200910 -> 20210808
nghttp2: upgrade 1.44.0 -> 1.45.1
apache2: upgrade 2.4.48 -> 2.4.49
zangrc (5):
python3-beautifulsoup4: upgrade 4.9.3 -> 4.10.0
python3-bitarray: upgrade 2.3.3 -> 2.3.4
python3-decorator: upgrade 5.0.9 -> 5.1.0
python3-grpcio-tools: upgrade 1.39.0 -> 1.40.0
python3-grpcio: upgrade 1.39.0 -> 1.40.0
zhengruoqin (5):
python3-openpyxl: upgrade 3.0.7 -> 3.0.8
python3-pandas: upgrade 1.3.2 -> 1.3.3
python3-pulsectl: upgrade 21.5.18 -> 21.9.1
protobuf: upgrade 3.17.3 -> 3.18.0
span-lite: upgrade 0.10.0 -> 0.10.1
poky: 359e1cb62f..06dcace68b:
Alexander Kanavin (13):
lttng: update 2.12 -> 2.13.0
core-image-ptest-all: bump RAM requirement to 4G
bitbake: bitbake: drop old rules for python warnings
bitbake: bitbake: correct the collections vs collections.abc deprecation
bitbake: bitbake: fix regexp deprecation warnings
bitbake: bitbake: do not import imp in layerindexlib
bitbake: bitbake: adjust parser error check for python 3.10 compatibility
bitbake: bitbake: correct deprecation warning in process.py
bitbake: bitbake: enable python warnings at the first opportunity
meta: correct collections vs collections.abc deprecation
wic: keep rootfs_size as integer
cpan-base.bbclass: use raw string for regexp
testimage: symlink the task log and qemu console log to tmp/log/oeqa
Armin Kuster (2):
apr: Security fix for CVE-2021-35940
tar: ignore node-tar CVEs
Bruce Ashfield (11):
linux-yocto/5.13: update to v5.13.13
linux-yocto/5.13: update to v5.13.15
linux-yocto/5.10: update to v5.10.61
linux-yocto/5.10: update to v5.10.63
yocto-bsp/5.10: update to v5.10.63
yocto-bsp/5.13: update to v5.13.15
libc-headers: bump to v5.14
linux-yocto: introduce 5.14 reference kernel
systemtap: update to 4.5-latest
conf/machine: bump qemu preferred versions to 5.14
poky: set default kernel to 5.14
Changqing Li (1):
lttng-ust: fix do_compile error when PACKAGECONFIG examples is enabled
Chanho Park (1):
binutils: inherit pkgconfig to address libdebuginfod depdency
Claudius Heine (1):
rng-tools: add systemd-udev-settle wants to service
Daniel Ammann (1):
bitbake: fetch2/wget: Enable ftps
Daniel Wagenknecht (2):
mirrors.bbclass: provide additional rule for git repo fallbacks
mirrors.bbclass: remove redundant server-specific mirrors
Denys Dmytriyenko (1):
readline: correct pkg-config dependency for termcap
Hsia-Jun(Randy) Li (1):
cross-canadian: make android pass target sys check
Jon Mason (6):
Update mailing list address
README: update mailing list address
dev-manual: update mailing list address
core-image-sato: Fix runqemu error for qemuarmv5
machine/qemuarm*: use virtio graphics
testimage: remove aarch64 xorg exclusion
Joshua Watt (17):
Add SPDX licenses
classes/package: Add extended packaged data
classes/create-spdx: Add class
classes/create-spdx: Change creator
classes/create-spdx: Add SHA1 to index file
classes/create-spdx: Add index to DEPLOYDIR
classes/create-spdx: Add runtime dependency mapping
classes/create-spdx: Add NOASSERTION for unknown debug sources
classes/create-spdx: Fix another creator
classes/create-spdx: Fix up license reporting
classes/create-spdx: Speed up hash calculations
classes/create-spdx: Fix file:// in downloadLocation
classes/create-spdx: Add special exception for Public Domain license
classes/create-spdx: Collect all task dependencies
classes/create-spdx: Skip package processing for native recipes
classes/create-spdx: Comment out placeholder license warning
bitbake: cooker: Allow upstream for local hash equivalence server
Kai Kang (2):
perl: fix CVE-2021-36770
rust-common.bbclass: make sure ccache exist
Kevin Hao (1):
meta-yocto-bsp: Update the default kernel to v5.14
Khem Raj (3):
vim: Add packageconfig for sound notification support
site: Drop caching libIDL_cv_long_long_format
site: Drop ORBit2 relared cached variables
Konrad Weihmann (1):
expat: pull from github releases
Kristian Klausen (3):
systemd: Add homed PACKAGECONFIG
wic: Add extra-space argument
systemd: Add tpm2 PACKAGECONFIG
Mark Hatle (3):
reproducible_build: Remove BUILD_REPRODUCIBLE_BINARIES checking
externalsrc: Work with reproducible_build
tcf-agent: Move to the latest master version
Markus Volk (1):
util-linux: disable raw
Martin Jansa (3):
default-distrovars.inc: Set BBINCLUDELOGS to empty to disable printing failed task output multiple times
bitbake: bitbake.conf: fix vars_from_file() call
qemu-native: add direct dependency on ninja-native and meson-native
Michael Halstead (1):
releases: update to include 3.3.3
Michael Opdenacker (9):
dev-manual: explicit that devpyshell is a task
bitbake: bitbake-user-manual: replace "file name" by "filename"
manuals: replace Freenode by Libera Chat as IRC host
manuals: delete unmaintained history sections
ref-manual: document UPSTREAM_CHECK_COMMITS and UPSTREAM_VERSION_UNKNOWN
ref-manual: remove checkpkg task
ref-manual: improve "devtool check-upgrade-status" details
ref-manual: improve documentation for RECIPE_NO_UPDATE_REASON
ref-manual: update "devtool check-upgrade-status" output
Mingli Yu (6):
coreutils: add pkgconfig for selinux
findutils: add pkgconfig for selinux
tar: add pkgconfig for selinux
multilib.bbclass: add RDEPENDS related check back
insane.bbclass: add FILERDEPENDS related check back
python3: fix multilib qa issue
Peter Bergin (1):
systemd: add packageconfig for wheel-group
Peter Kjellerstedt (2):
common-licenses, licenses.conf: Remove duplicate licenses
create-spdx.bbclass: Search all license directories for licenses
Quentin Schulz (3):
bitbake: doc: bitbake-user-manual-execution: remove mention to long-gone BBHASHDEPS variable
conf/mips: mips16e: prepend override to MACHINEOVERRIDES
bitbake: doc: bitbake-user-manual-fetching: S should be set to WORKDIR/git for git fetcher
Randy MacLeod (1):
tcmode-default: add rust to the default toolchains
Ranjitsinh Rathod (1):
rpm: Handle proper return value to avoid major issues
Richard Purdie (67):
oeqa/runtime/parselogs: Make DVD ata error apply to all qemux86 machines
tcl: Exclude CVE-2021-35331 from checks
xdg-utils: Add fix for CVE-2020-27748
build-appliance-image: Update to master head revision
utils: Drop unused variable staging_install from oe_libinstall
utils: Drop obsolete oe_machinstall function
flex: Add CVE-2019-6293 to exclusions for checks
go: Exclude CVE-2021-29923 from report list
bitbake: runqueue: Avoid deadlock avoidance task graph corruption
bitbake: runqueue: Fix issues with multiconfig deferred task deadlock messages
oeqa/oescripts: Fix after tar recipe changes
pseudo: Update with fcntl and glibc 2.34 fixes
bitbake: persist_data: Drop deprecated/unused function
bitbake: parse_py: Drop deprecated function reference
bitbake: build: Match markup to real function name
bitbake: build: Handle SystemExit in python tasks correctly
bitbake: process: Don't include logs in error message if piping them
bitbake: build: Avoid duplicating logs in verbose mode
bitbake: data_smart: Make ExpansionErrors more readable
bitbake: build: Catch and error upon circular task references
bitbake: data_smart: Improve error display for handled exceptions
bitbake: fetch2: Add recursion guard
bitbake: cookerdata: Improve missing core layer error message
bitbake: cookerdata: Show error for no BBLAYERS in bblayers.conf
bitbake: runqueue: Clean up task stats handling
Revert "default-distrovars.inc: Set BBINCLUDELOGS to empty to disable printing failed task output multiple times"
bitbake.conf: Ensure XZ_THREADS doesn't change sstate checksums
sstate: Avoid problems with recipes using SRCPV when fetching sstate
local.conf.sample: Update sstate mirror entry with new hash equivalence setting
useradd: Ensure preinst data is expanded correctly in pkgdata
package: Fix pkgdata determinism issues
sstate: Ensure SDE is accounted for in package task timestamps
bash: Ensure deterministic build
sstatesig: Allow exclusion of the root directory for do_package
bitbake: bitbake-worker: Improve error handling
bitbake: runqueue/knotty: Improve UI handling of setscene task counting
bitbake: fetch2/git: Avoid races over mirror tarball creation
README: Update email address for Bruce
bitbake: cookerdata: Show a readable error for invalid multiconfig name
bitbake: fetch2/git: Use os.rename instead of mv
bitbake: tests/fetch2: Fix quoting warning
bitbake: data_smart: Don't add None to ExpansionError varlist
bitbake: fetch2/svn: Allow peg-revision functionality to be disabled
vim: Backport fix for CVE-2021-3770
libgcrypt: Upgrade 1.9.3 -> 1.9.4
sqlite3: Exclude CVE-2021-36690 from cve checks
recipes: Add missing pkgconfig inherit
lttng-tools: Add missing DEPENDS on bison-native
cross: Drop unused do_install
pybootchart: Avoid divide by zero
bitbake: tests/fetch2: Use our own git server for dtc test repo
scripts/oe-publish-sdk: Disable git gc to avoid build errors
image/qemu: Add explict depends for qemu-helper addto_recipe_sysroot task
siteinfo/autotools: Ensure task checksums reflect site files
package_ipk/deb/rpm: Drop recursive do_build task dependencies
reproducible_build/package_XXX: Ensure SDE task is in dependency chain
populate_sdk_base/images: Drop use of 'meta' class and hence do_build dependencies
buildtools-tarball/uninative-tarball/meta-ide-support: Drop useless meta class
meta: Drop useless class
staging: Mark deploy an sstate task
sstate: Ensure deploy tasks don't pull in toolchains
sstate: Avoid deploy_source_date_epoch sstate when unneeded
ssate: Cleanup directtasks handling
bitbake: build: Ensure python stdout/stderr is logged correctly
bitbake: build: Make exception printing clearer
bitbake: build: Fix log flushing race
oeqa/selftest: Add tests for bitbake shell/python task output
Robert P. J. Day (16):
dev-manual: pass False to d.getVar() for devpyshell example
ref-manual: add missing "${PN}-src" to default PACKAGES list
dev-manual: small number of minor aesthetic tweaks
dev-manual: various pedantic nitpickery
dev-manual: drop "three" since there are four requirements
ref-manual: update SYSROOT_DIRS_* variable entries
README: update manual list and names, online docs URL
image_types_wic.bbclass: alphabetize list of WICVARS
systemd: '${systemd_unitdir}/system' => '${systemd_system_unitdir}'
ref-manual: render options in monospace to show quotes properly
ref-manual: remove mention of obsolete devtool "--any-recipe" option
ref-manual: correct typo in "classes" section, "${BPN}/{PV}"
ref-manual: add potential of parallelism to defn of "Task"
ref-manual: couple minor tweaks to Chapter 1
dev-manual: emphasize that new layers live outside of poky
dev-manual: update output of "wic list images"
Robert Yang (1):
assimp: Remove it
Ross Burton (40):
lz4: remove redundant BSD license
python3-numpy: remove redundant BSD license
quota: remove BSD license
nfs-utils: set precise BSD license
dtc: set precise BSD license
acpica: set precise BSD license
libevent: set precise BSD license
openssh: remove redundant BSD license
python3-packaging: fix license statement
iputils: set precise BSD license
libx11-compose-data: set precise BSD license
webkitgtk: set precise BSD license
libwpe: set precise BSD license
wpebackend-fdo: set precise BSD license
common-licenses: add missing SPDX licences
dev-manual/common-tasks: sync libxpm fragment with the recipe
lsof: correct LICENSE
selftest/python-async-test: set precise BSD license
lsof: add upstream check
xinetd: correct LICENSE
oeqa/recipeutils: update for license change to python-async-test
libxfont: set precise BSD license
valgrind: set precise BSD license
shadow-sysroot: sync license with shadow
ovmf: set precise BSD license
ppp: set precise BSD license
ffmpeg: update LICENSE
hdparm: set correct license
recipetool/create_buildsys_python: treat BSD as BSD-3-Clause
oeqa/selftest/recipetool: update for license changes
create-spdx: transform license list into a dict for faster lookups
create-spdx: remove redundant test
create-spdx: embed unknown license texts
create-spdx: don't duplicate license texts in each package
create-spdx: handle CLOSED license
ffmpeg: fix LICENSE
avahi: remove obsolete intltool-native dependency
shared-mime-info: use a more concise description
libsoup-2.4: remove obsolete intltool dependency
oeqa/target/ssh: don't assume target_dumper is set
Sakib Sajal (1):
go: upgrade 1.16.5 -> 1.16.7
Saul Wold (2):
classes/create-spdx: extend DocumentRef to include name
create-spdx: remove trailing comma
Scott Weaver (3):
bitbake: bitbake: fetch2: fix premirror URI when downloadfilename defined
bitbake: bitbake: tests/fetch: add downloadfilename tests
bitbake: bitbake: tests/fetch: add and fix npm tests
Steve Sakoman (1):
connman: add CVE_PRODUCT
Tom Rini (1):
common-tasks: Add an example of using bbappends to add a file
Trevor Woerner (1):
hello-mod/hello.c: convert to module_init/module_exit
Valentin Danaila (1):
bitbake: fetch2/s3: allow to switch profile from environment variable
Vyacheslav Yurkov (1):
ref-manual: add overlayfs class
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I194b13991cbaac7ae9e20cc2b552b508ab879905
diff --git a/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch b/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch
new file mode 100644
index 0000000..00befda
--- /dev/null
+++ b/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch
@@ -0,0 +1,58 @@
+
+SECURITY: CVE-2021-35940 (cve.mitre.org)
+
+Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though
+was addressed in 1.6.x in 1.6.3 and later via r1807976.
+
+The fix was merged back to 1.7.x in r1891198.
+
+Since this was a regression in 1.7.0, a new CVE name has been assigned
+to track this, CVE-2021-35940.
+
+Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue.
+
+https://svn.apache.org/viewvc?view=revision&revision=1891198
+
+Upstream-Status: Backport
+CVE: CVE-2021-35940
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+
+Index: time/unix/time.c
+===================================================================
+--- a/time/unix/time.c (revision 1891197)
++++ b/time/unix/time.c (revision 1891198)
+@@ -142,6 +142,9 @@
+ static const int dayoffset[12] =
+ {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+
++ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++ return APR_EBADDATE;
++
+ /* shift new year to 1st March in order to make leap year calc easy */
+
+ if (xt->tm_mon < 2)
+Index: time/win32/time.c
+===================================================================
+--- a/time/win32/time.c (revision 1891197)
++++ b/time/win32/time.c (revision 1891198)
+@@ -54,6 +54,9 @@
+ static const int dayoffset[12] =
+ {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
+
++ if (tm->wMonth < 1 || tm->wMonth > 12)
++ return APR_EBADDATE;
++
+ /* Note; the caller is responsible for filling in detailed tm_usec,
+ * tm_gmtoff and tm_isdst data when applicable.
+ */
+@@ -228,6 +231,9 @@
+ static const int dayoffset[12] =
+ {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+
++ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++ return APR_EBADDATE;
++
+ /* shift new year to 1st March in order to make leap year calc easy */
+
+ if (xt->tm_mon < 2)
diff --git a/poky/meta/recipes-support/apr/apr_1.7.0.bb b/poky/meta/recipes-support/apr/apr_1.7.0.bb
index 08d9edf..5f8fd6a 100644
--- a/poky/meta/recipes-support/apr/apr_1.7.0.bb
+++ b/poky/meta/recipes-support/apr/apr_1.7.0.bb
@@ -24,6 +24,7 @@
file://libtoolize_check.patch \
file://0001-Add-option-to-disable-timed-dependant-tests.patch \
file://autoconf270.patch \
+ file://CVE-2021-35940.patch \
"
SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7"
diff --git a/poky/meta/recipes-support/consolekit/consolekit_0.4.6.bb b/poky/meta/recipes-support/consolekit/consolekit_0.4.6.bb
index 3d28ba2..95ce97e 100644
--- a/poky/meta/recipes-support/consolekit/consolekit_0.4.6.bb
+++ b/poky/meta/recipes-support/consolekit/consolekit_0.4.6.bb
@@ -29,7 +29,7 @@
PACKAGECONFIG[pam] = "--enable-pam-module --with-pam-module-dir=${base_libdir}/security,--disable-pam-module,libpam"
PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit,polkit"
-PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/,--with-systemdsystemunitdir="
+PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}/,--with-systemdsystemunitdir="
FILES:${PN} += "${exec_prefix}/lib/ConsoleKit \
${libdir}/ConsoleKit ${systemd_unitdir} ${base_libdir} \
diff --git a/poky/meta/recipes-support/libevent/libevent_2.1.12.bb b/poky/meta/recipes-support/libevent/libevent_2.1.12.bb
index 2a562fe..4b419ea 100644
--- a/poky/meta/recipes-support/libevent/libevent_2.1.12.bb
+++ b/poky/meta/recipes-support/libevent/libevent_2.1.12.bb
@@ -8,7 +8,7 @@
BUGTRACKER = "https://github.com/libevent/libevent/issues"
SECTION = "libs"
-LICENSE = "BSD & MIT"
+LICENSE = "BSD-3-Clause & MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=17f20574c0b154d12236d5fbe964f549"
SRC_URI = "https://github.com/libevent/libevent/releases/download/release-${PV}-stable/${BP}-stable.tar.gz \
diff --git a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.9.3.bb b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.9.4.bb
similarity index 95%
rename from poky/meta/recipes-support/libgcrypt/libgcrypt_1.9.3.bb
rename to poky/meta/recipes-support/libgcrypt/libgcrypt_1.9.4.bb
index dee936d..4bc1dd8 100644
--- a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.9.3.bb
+++ b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.9.4.bb
@@ -27,7 +27,7 @@
file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \
file://0001-Makefile.am-add-a-missing-space.patch \
"
-SRC_URI[sha256sum] = "97ebe4f94e2f7e35b752194ce15a0f3c66324e0ff6af26659bbfb5ff2ec328fd"
+SRC_URI[sha256sum] = "ea849c83a72454e3ed4267697e8ca03390aee972ab421e7df69dfe42b65caaf7"
# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro.
CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438"
diff --git a/poky/meta/recipes-support/libsoup/libsoup-2.4_2.72.0.bb b/poky/meta/recipes-support/libsoup/libsoup-2.4_2.72.0.bb
index 3149896..e888202 100644
--- a/poky/meta/recipes-support/libsoup/libsoup-2.4_2.72.0.bb
+++ b/poky/meta/recipes-support/libsoup/libsoup-2.4_2.72.0.bb
@@ -7,7 +7,7 @@
LICENSE = "LGPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
-DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 intltool-native libpsl"
+DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl"
SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
diff --git a/poky/meta/recipes-support/lz4/lz4_1.9.3.bb b/poky/meta/recipes-support/lz4/lz4_1.9.3.bb
index 74f6743..b22eea3 100644
--- a/poky/meta/recipes-support/lz4/lz4_1.9.3.bb
+++ b/poky/meta/recipes-support/lz4/lz4_1.9.3.bb
@@ -2,7 +2,7 @@
DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing compression speed at 400 MB/s per core, scalable with multi-cores CPU. It also features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems."
HOMEPAGE = "https://github.com/lz4/lz4"
-LICENSE = "BSD | BSD-2-Clause | GPL-2.0"
+LICENSE = "BSD-2-Clause | GPL-2.0"
LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=ebc2ea4814a64de7708f1571904b32cc \
file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://LICENSE;md5=d57c0d21cb917fb4e0af2454aa48b956 \
diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service b/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service
index 0559b97..568686e 100644
--- a/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service
+++ b/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service
@@ -3,6 +3,7 @@
DefaultDependencies=no
After=systemd-udev-settle.service
Before=sysinit.target shutdown.target
+Wants=systemd-udev-settle.service
Conflicts=shutdown.target
[Service]
diff --git a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
index 714aca6..b2b830c 100644
--- a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
+++ b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
@@ -1,5 +1,5 @@
SUMMARY = "Shared MIME type database and specification"
-DESCRIPTION = "The shared-mime-info package contains the core database of common types and the update-mime-database command used to extend it. It requires glib2 to be installed for building the update command. Additionally, it uses intltool for translations, though this is only a dependency for the maintainers."
+DESCRIPTION = "The shared-mime-info package contains the core database of common types."
HOMEPAGE = "http://freedesktop.org/wiki/Software/shared-mime-info"
SECTION = "base"
diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.36.0.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.36.0.bb
index f5d75e8..30c9445 100644
--- a/poky/meta/recipes-support/sqlite/sqlite3_3.36.0.bb
+++ b/poky/meta/recipes-support/sqlite/sqlite3_3.36.0.bb
@@ -10,3 +10,5 @@
CVE_CHECK_WHITELIST += "CVE-2019-19242"
# This is believed to be iOS specific (https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA)
CVE_CHECK_WHITELIST += "CVE-2015-3717"
+# Issue in an experimental extension we don't have/use. Fixed by https://sqlite.org/src/info/b1e0c22ec981cf5f
+CVE_CHECK_WHITELIST += "CVE-2021-36690"
diff --git a/poky/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch b/poky/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch
new file mode 100644
index 0000000..1cee759
--- /dev/null
+++ b/poky/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch
@@ -0,0 +1,207 @@
+From b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Sat, 4 Sep 2021 18:47:28 +0200
+Subject: [PATCH] patch 8.2.3402: invalid memory access when using :retab with
+ large value
+
+Problem: Invalid memory access when using :retab with large value.
+Solution: Check the number is positive.
+
+CVE: CVE-2021-3770
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Upstream-Status: Backport [https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9]
+---
+ src/indent.c | 34 +++++++++++++++++++++-------------
+ src/option.c | 12 ++++++------
+ src/optionstr.c | 4 ++--
+ src/testdir/test_retab.vim | 3 +++
+ src/version.c | 2 ++
+ 5 files changed, 34 insertions(+), 21 deletions(-)
+
+Index: git/src/indent.c
+===================================================================
+--- git.orig/src/indent.c
++++ git/src/indent.c
+@@ -18,18 +18,19 @@
+ /*
+ * Set the integer values corresponding to the string setting of 'vartabstop'.
+ * "array" will be set, caller must free it if needed.
++ * Return FAIL for an error.
+ */
+ int
+ tabstop_set(char_u *var, int **array)
+ {
+- int valcount = 1;
+- int t;
+- char_u *cp;
++ int valcount = 1;
++ int t;
++ char_u *cp;
+
+ if (var[0] == NUL || (var[0] == '0' && var[1] == NUL))
+ {
+ *array = NULL;
+- return TRUE;
++ return OK;
+ }
+
+ for (cp = var; *cp != NUL; ++cp)
+@@ -43,8 +44,8 @@ tabstop_set(char_u *var, int **array)
+ if (cp != end)
+ emsg(_(e_positive));
+ else
+- emsg(_(e_invarg));
+- return FALSE;
++ semsg(_(e_invarg2), cp);
++ return FAIL;
+ }
+ }
+
+@@ -55,26 +56,33 @@ tabstop_set(char_u *var, int **array)
+ ++valcount;
+ continue;
+ }
+- emsg(_(e_invarg));
+- return FALSE;
++ semsg(_(e_invarg2), var);
++ return FAIL;
+ }
+
+ *array = ALLOC_MULT(int, valcount + 1);
+ if (*array == NULL)
+- return FALSE;
++ return FAIL;
+ (*array)[0] = valcount;
+
+ t = 1;
+ for (cp = var; *cp != NUL;)
+ {
+- (*array)[t++] = atoi((char *)cp);
+- while (*cp != NUL && *cp != ',')
++ int n = atoi((char *)cp);
++
++ if (n < 0 || n > 9999)
++ {
++ semsg(_(e_invarg2), cp);
++ return FAIL;
++ }
++ (*array)[t++] = n;
++ while (*cp != NUL && *cp != ',')
+ ++cp;
+ if (*cp != NUL)
+ ++cp;
+ }
+
+- return TRUE;
++ return OK;
+ }
+
+ /*
+@@ -1556,7 +1564,7 @@ ex_retab(exarg_T *eap)
+
+ #ifdef FEAT_VARTABS
+ new_ts_str = eap->arg;
+- if (!tabstop_set(eap->arg, &new_vts_array))
++ if (tabstop_set(eap->arg, &new_vts_array) == FAIL)
+ return;
+ while (vim_isdigit(*(eap->arg)) || *(eap->arg) == ',')
+ ++(eap->arg);
+Index: git/src/option.c
+===================================================================
+--- git.orig/src/option.c
++++ git/src/option.c
+@@ -2292,9 +2292,9 @@ didset_options2(void)
+ #endif
+ #ifdef FEAT_VARTABS
+ vim_free(curbuf->b_p_vsts_array);
+- tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array);
++ (void)tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array);
+ vim_free(curbuf->b_p_vts_array);
+- tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array);
++ (void)tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array);
+ #endif
+ }
+
+@@ -5756,7 +5756,7 @@ buf_copy_options(buf_T *buf, int flags)
+ buf->b_p_vsts = vim_strsave(p_vsts);
+ COPY_OPT_SCTX(buf, BV_VSTS);
+ if (p_vsts && p_vsts != empty_option)
+- tabstop_set(p_vsts, &buf->b_p_vsts_array);
++ (void)tabstop_set(p_vsts, &buf->b_p_vsts_array);
+ else
+ buf->b_p_vsts_array = 0;
+ buf->b_p_vsts_nopaste = p_vsts_nopaste
+@@ -5914,7 +5914,7 @@ buf_copy_options(buf_T *buf, int flags)
+ buf->b_p_isk = save_p_isk;
+ #ifdef FEAT_VARTABS
+ if (p_vts && p_vts != empty_option && !buf->b_p_vts_array)
+- tabstop_set(p_vts, &buf->b_p_vts_array);
++ (void)tabstop_set(p_vts, &buf->b_p_vts_array);
+ else
+ buf->b_p_vts_array = NULL;
+ #endif
+@@ -5929,7 +5929,7 @@ buf_copy_options(buf_T *buf, int flags)
+ buf->b_p_vts = vim_strsave(p_vts);
+ COPY_OPT_SCTX(buf, BV_VTS);
+ if (p_vts && p_vts != empty_option && !buf->b_p_vts_array)
+- tabstop_set(p_vts, &buf->b_p_vts_array);
++ (void)tabstop_set(p_vts, &buf->b_p_vts_array);
+ else
+ buf->b_p_vts_array = NULL;
+ #endif
+@@ -6634,7 +6634,7 @@ paste_option_changed(void)
+ if (buf->b_p_vsts_array)
+ vim_free(buf->b_p_vsts_array);
+ if (buf->b_p_vsts && buf->b_p_vsts != empty_option)
+- tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array);
++ (void)tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array);
+ else
+ buf->b_p_vsts_array = 0;
+ #endif
+Index: git/src/optionstr.c
+===================================================================
+--- git.orig/src/optionstr.c
++++ git/src/optionstr.c
+@@ -2166,7 +2166,7 @@ did_set_string_option(
+ if (errmsg == NULL)
+ {
+ int *oldarray = curbuf->b_p_vsts_array;
+- if (tabstop_set(*varp, &(curbuf->b_p_vsts_array)))
++ if (tabstop_set(*varp, &(curbuf->b_p_vsts_array)) == OK)
+ {
+ if (oldarray)
+ vim_free(oldarray);
+@@ -2205,7 +2205,7 @@ did_set_string_option(
+ {
+ int *oldarray = curbuf->b_p_vts_array;
+
+- if (tabstop_set(*varp, &(curbuf->b_p_vts_array)))
++ if (tabstop_set(*varp, &(curbuf->b_p_vts_array)) == OK)
+ {
+ vim_free(oldarray);
+ #ifdef FEAT_FOLDING
+Index: git/src/testdir/test_retab.vim
+===================================================================
+--- git.orig/src/testdir/test_retab.vim
++++ git/src/testdir/test_retab.vim
+@@ -74,4 +74,7 @@ endfunc
+ func Test_retab_error()
+ call assert_fails('retab -1', 'E487:')
+ call assert_fails('retab! -1', 'E487:')
++ call assert_fails('ret -1000', 'E487:')
++ call assert_fails('ret 10000', 'E475:')
++ call assert_fails('ret 80000000000000000000', 'E475:')
+ endfunc
+Index: git/src/version.c
+===================================================================
+--- git.orig/src/version.c
++++ git/src/version.c
+@@ -743,6 +743,8 @@ static char *(features[]) =
+ static int included_patches[] =
+ { /* Add new patch number below this line */
+ /**/
++ 3402,
++/**/
+ 0
+ };
+
diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc
index 860fd24..7e9225f 100644
--- a/poky/meta/recipes-support/vim/vim.inc
+++ b/poky/meta/recipes-support/vim/vim.inc
@@ -17,7 +17,9 @@
file://0001-src-Makefile-improve-reproducibility.patch \
file://no-path-adjust.patch \
file://racefix.patch \
+ file://b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch \
"
+
SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44"
# Do not consider .z in x.y.z, as that is updated with every commit
@@ -69,6 +71,7 @@
PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,"
PACKAGECONFIG[elfutils] = "--enable-elf-check,,elfutils,"
PACKAGECONFIG[nls] = "--enable-nls,--disable-nls,,"
+PACKAGECONFIG[sound] = "--enable-canberra,--disable-canberra,canberra,"
EXTRA_OECONF = " \
--disable-gpm \