Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitc67ef22

Browse files
subtree updates
poky: 387ab5f18b..eaf8ce9d39: Alejandro Hernandez Samaniego (1): rootfs.py: dont try to list installed packages for baremetal images Alex Stewart (1): maintainers: update opkg maintainer Alexander Kanavin (26): devtool/upgrade: correctly clean up when recipe filename isn't yet known devtool/upgrade: catch bb.fetch2.decodeurl errors scripts/oe-setup-builddir: make it known where configurations come from bluez5: update 5.64 -> 5.65 libwpe: upgrade 1.12.0 -> 1.12.2 ell: upgrade 0.49 -> 0.50 iso-codes: upgrade 4.10.0 -> 4.11.0 libcap: upgrade 2.64 -> 2.65 libwebp: upgrade 1.2.2 -> 1.2.3 mobile-broadband-provider-info: upgrade 20220511 -> 20220725 webkitgtk: upgrade 2.36.4 -> 2.36.5 weston: upgrade 10.0.1 -> 10.0.2 tzdata: upgrade 2022a -> 2022b xz: update 5.2.5 -> 5.2.6 gdk-pixbuf: upgrade 2.42.6 -> 2.42.8 gdk-pixbuf: update 2.42.8 -> 2.42.9 epiphany: upgrade 42.3 -> 42.4 glib-networking: upgrade 2.72.1 -> 2.72.2 libjpeg-turbo: upgrade 2.1.3 -> 2.1.4 libwebp: upgrade 1.2.3 -> 1.2.4 wireless-regdb: upgrade 2022.06.06 -> 2022.08.12 wpebackend-fdo: upgrade 1.12.0 -> 1.12.1 bind: upgrade 9.18.4 -> 9.18.5 lighttpd: upgrade 1.4.65 -> 1.4.66 rpm: update 4.17.0 -> 4.17.1 tzdata: update to 2022d Alexandre Belloni (3): ruby: drop capstone support runqemu: display host uptime when starting oeqa/runtime/dnf: fix typo Andrei Gherzan (4): linux-yocto: Fix COMPATIBLE_MACHINE regex match shadow: Enable subid support rootfspostcommands.py: Cleanup subid backup files generated by shadow-utils shadow: Avoid nss warning/error with musl Anuj Mittal (1): poky.conf: add ubuntu-22.04 to tested distros Aryaman Gupta (2): bitbake: bitbake: runqueue: add cpu/io pressure regulation bitbake: bitbake: runqueue: add memory pressure regulation Awais Belal (1): kernel-fitimage.bbclass: only package unique DTBs Beniamin Sandu (1): libpam: use /run instead of /var/run in systemd tmpfiles Bertrand Marquis (1): sysvinit-inittab/start_getty: Fix respawn too fast Bruce Ashfield (16): lttng-modules: fix 5.19+ build lttng-modules: fix build against mips and v5.19 kernel lttng-modules: replace mips compaction fix with upstream change linux-yocto/5.15: update to v5.15.60 linux-yocto/5.15: update to v5.15.62 linux-yocto/5.10: update to v5.10.136 linux-yocto/5.10: update to v5.10.137 linux-yocto/5.10: update to v5.10.141 linux-yocto/5.10: update to v5.10.143 linux-yocto/5.15: update to v5.15.63 linux-yocto/5.15: update to v5.15.65 linux-yocto/5.15: update to v5.15.68 linux-yocto/5.15: cfg: fix ACPI warnings for -tiny kernel-yocto: allow patch author date to be commit date kern-tools: fix queue processing in relative TOPDIR configurations kern-tools: allow 'y' or 'm' to avoid config audit warnings Changqing Li (1): apt: fix nativesdk-apt build failure during the second time build Chee Yang Lee (1): sqlite: addCVE-2022-35737 patch to SRC_URI Daiane Angolini (1): python3-pip: Fix RDEPENDS after the update Daniel McGregor (1): coreutils: add openssl PACKAGECONFIG Denys Dmytriyenko (1): glibc-locale: explicitly remove empty dirs in ${libdir} Dmitry Baryshkov (2): linux-firmware: upgrade 20220708 -> 20220913 linux-firmware: package new Qualcomm firmware Enrico Scholz (5): npm: replace 'npm pack' call by 'tar czf' npm: return content of 'package.json' in 'npm_pack' npm: take 'version' directly from 'package.json' lib:npm_registry: initial checkin npm: use npm_registry to cache package Ernst Sjöstrand (1): cve-check: Don't use f-strings Florin Diaconescu (4): expat: upgrade 2.4.7 -> 2.4.8 expat: upgrade 2.4.8 -> 2.4.9 rsync: update 3.2.3 -> 3.2.4 rsync: update 3.2.4 -> 3.2.5 Gennaro Iorio (1): bitbake: fetch2: gitsm: fix incorrect handling of git submodule relative urls He Zhe (3): lttng-tools: Disable on qemuriscv32 stress-cpu: disable float128 math on powerpc64 to avoid SIGILL lttng-tools: Disable on riscv32 Hitendra Prajapati (5): gdk-pixbuf:CVE-2021-46829 a heap-based buffer overflow gnutls:CVE-2022-2509 Double free during gnutls_pkcs7_verify zlib:CVE-2022-37434 a heap-based buffer over-read libtiff:CVE-2022-34526 A stack overflow was discovered Revert "gdk-pixbuf:CVE-2021-46829 a heap-based buffer overflow" Jacob Kroon (1): bitbake: bitbake-user-manual: Correct description of the ??= operator Jon Mason (2): ref-manual: add numa to machine features oeqa/parselogs: add qemuarmv5 arm-charlcd masking Jose Quaresma (7): archiver.bbclass: remove unsed do_deploy_archives[dirs] create-spdx: ignore packing control files from ipk and deb archiver.bbclass: some recipes that uses the kernelsrc bbclass uses the shared source linux-yocto: prepend the the value with a space when append to KERNEL_EXTRA_ARGS bitbake: bitbake: bitbake-user-manual: hashserv can be accessed on a dedicated domain bitbake: bb/utils: remove: check the path again the expand python glob bitbake: bb/utils: movefile: use the logger for printing Joshua Watt (4): bitbake: utils: Pass lock argument in fileslocked classes: cve-check: Get shared database lock oeqa: qemurunner: Report UNIX Epoch timestamp on login bitbake: siggen: Fix insufficent entropy in sigtask file names Kai Kang (1): packagegroup-self-hosted: update for strace Khem Raj (15): libxml2: IgnoreCVE-2016-3709 connman: Backports for security fixes cracklib: Drop using register keyword tcp-wrappers: Fix implicit-function-declaration warnings xinetd: Pass missing -D_GNU_SOURCE watchdog: Include needed system header for function decls pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses apr: Use correct strerror_r implementation based on libc type gcr: Define _GNU_SOURCE apr: Cache configure tests which use AC_TRY_RUN autoconf: Fix strict prototype errors in generated tests autoconf: Update K & R stype functions webkitgtk: Upgrade to 2.36.6 minor update webkitgtk: Update to 2.36.7 rpm: Remove -Wimplicit-function-declaration warnings Kristian Amlie (1): externalsrc: Don't wipe out src dir when EXPORT_FUNCTIONS is used. LUIS ENRIQUEZ (1): kernel-fitimage.bbclass: add padding algorithm property in config nodes Mark Hatle (1): runqemu: Add missing space on default display option Martin Beeger (1): cmake: remove CMAKE_ASM_FLAGS variable in toolchain file Martin Jansa (2): libxml2: Port gentest.py to Python-3 create-pull-request: don't switch the git remote protocol to git:// Mateusz Marciniec (1): util-linux: Remove --enable-raw from EXTRA_OECONF Michael Opdenacker (7): migration guides: add missing release notes bitbake: doc: bitbake-user-manual: add explicit target for crates fetcher bitbake: doc: bitbake-user-manual: document npm and npmsw fetchers bitbake: bitbake-user-manual: npm fetcher: improve description of SRC_URI format poky.yaml.in: update version requirements migration-guides: add 4.0.4 release notes dev-manual: fix reference to BitBake user manual Mihai Lindner (1): create-spdx: Fix supplier field Mikko Rapeli (7): boost: fix install of fiber shared libraries bitbake: event.py: ignore exceptions from stdout and sterr operations in atexit u-boot: switch from append to += in SRC_URI glibc-tests: use += instead of :append go-native: switch from SRC_URI:append to SRC_URI += python3-rfc3986-validator: switch from SRC_URI:append to SRC_URI += linux-libc-headers: switch from SRC_URI:append to SRC_URI += Ming Liu (1): meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE Mingli Yu (1): busybox: add devmem 128-bit support Neil Horman (1): bitbake: Fix npm to use https rather than http Ola x Nilsson (1): bitbake: ConfHandler: Remove lingering close Otavio Salvador (1): bitbake: toaster: fix kirkstone version Paul Eggleton (1): relocate_sdk.py: ensure interpreter size error causes relocation to fail Pavel Zhukov (4): package_rpm: Do not replace square brackets in %files parselogs: Ignore xf86OpenConsole error core-image.bbclass: Exclude openssh complementary packages bitbake: gitsm: Error out if submodule refers to parent repo Peter Bergin (1): rootfs-postcommands.bbclass: avoid moving ssh host keys if etc is writable Peter Kjellerstedt (1): cairo: Adapt the license information based on what is being built Peter Marko (1): create-spdx: handle links to inaccessible locations Rajesh Dangi (2): linux-yocto/5.15: update genericx86* machines to v5.15.59 linux-yocto/5.10: update genericx86* machines to v5.10.135 Randy MacLeod (1): vim: update from 9.0.0063 to 9.0.0115 Rasmus Villemoes (1): bitbake.conf: set BB_DEFAULT_UMASK using ??= Richard Purdie (25): nativesdk: Clear TUNE_FEATURES selftest/wic: Tweak test case to not depend on kernel size bitbake: runqueue: Change pressure file warning to a note perf: Fix reproducibility issues with 5.19 onwards vim: Upgrade 9.0.0115 -> 9.0.0242 vim: Upgrade 9.0.0242 -> 9.0.0341 pseudo: Update to include recent upstream minor fixes bitbake: runqueue: Fix unihash cache mismatch issues bitbake: cooker: Drop sre_constants usage bitbake: ConfHandler/BBHandler: Improve comment error messages and add tests bitbake: fetch2: Ensure directory exists before creating symlink gcc-multilib-config: Fix i686 toolchain relocation issues kernel: Always set CC and LD for the kernel build kernel: Use consistent make flags for menuconfig vim: Upgrade 9.0.0341 -> 9.0.0453 build-appliance-image: Update to kirkstone head revision libpng: upgrade 1.6.37 -> 1.6.38 vim: Upgrade 9.0.453 -> 9.0.541 perf: Fix for recent kernel upgrades vim: Upgrade 9.0.0541 -> 9.0.0598 bitbake: runqueue: Ensure deferred tasks are sorted by multiconfig bitbake: runqueue: Improve deadlock warning messages bitbake: runqueue: Drop deadlock breaking force fail bitbake: bitbake: Add copyright headers where missing bitbake: asyncrpc/client: Fix unix domain socket chdir race issues Robert Joslyn (2): curl: Backport patch forCVE-2022-35252 tzdata: Update from 2022b to 2022c Roland Hieber (1): devtool: error out when workspace is using old override syntax Ross Burton (8): oeqa/qemurunner: add run_serial() comment oeqa/selftest: rename git.py to intercept.py oeqa/gotoolchain: put writable files in the Go module cache oeqa/gotoolchain: set CGO_ENABLED=1 wic: add target tools to PATH when executing native commands wic/bootimg-efi: use cross objcopy when building unified kernel image wic: depend on cross-binutils cve-check: close cursors as soon as possible Ruiqiang Hao (2): gcc: add arm-v9 support tune-neoversen2: support tune-neoversen2 base on armv9a Sakib Sajal (9): qemu: fixCVE-2021-3507 qemu: fixCVE-2021-3929 qemu: fixCVE-2021-4158 qemu: fixCVE-2022-0358 qemu: fixCVE-2022-0216 u-boot: fixCVE-2022-33103 u-boot: fixCVE-2022-30552 u-boot: fixCVE-2022-33967 go: update v1.17.12 -> v1.17.13 Samuli Piippo (2): Revert "gcc-cross-canadian: Add symlink to real-ld alongside other symlinks" gcc-cross-canadian: add default plugin linker Shubham Kulkarni (1): sanity: add a comment to ensure CONNECTIVITY_CHECK_URIS is correct Steve Sakoman (3): lttng-modules: fix build for kernel 5.10.137 poky.conf: bump version for 4.0.4 system-requirements.rst: Add Ubuntu 22.04 to list of supported distros Sundeep KOKKONDA (1): glibc: stable 2.35 branch updates. Teoh Jay Shen (3): go: fixCVE-2022-27664 inetutils: fixCVE-2022-39028 - remote DoS vulnerability in inetutils-telnetd bind: upgrade 9.18.6 -> 9.18.7 Ulrich Ölmann (1): scripts/runqemu.README: fix typos and trailing whitespaces Xiangyu Chen (1): ltp: Fix pread02 case trigger the glibc overflow detection Yang Xu (1): insane.bbclass: Skip patches not in oe-core by full path Yongxin Liu (1): grub2: fix several CVEs ghassaneben (1): sqlite: fixCVE-2022-35737 niko.mauno@vaisala.com (2): systemd: Fix unwritable /var/lock when no sysvinit handling systemd: Add 'no-dns-fallback' PACKAGECONFIG option pgowda (3): binutils :CVE-2022-38533 binutils: fixCVE-2022-38126 binutils : FixCVE-2022-38127 wangmy (10): libcap: upgrade 2.63 -> 2.64 libtasn1: upgrade 4.18.0 -> 4.19.0 liburcu: upgrade 0.13.1 -> 0.13.2 libwpe: upgrade 1.12.2 -> 1.12.3 libatomic-ops: upgrade 7.6.12 -> 7.6.14 lz4: upgrade 1.9.3 -> 1.9.4 cracklib: upgrade 2.9.7 -> 2.9.8 vala: upgrade 0.56.2 -> 0.56.3 lighttpd: upgrade 1.4.64 -> 1.4.65 bind: upgrade 9.18.5 -> 9.18.6meta-raspberrypi: 0135a02ea5..dacad9302a: Lluis Campos (1): rpi-cmdline: do_compile: Use pure Python syntax to get `CMDLINE` Vinicius Aquino (1): raspberrypi-firmware: Update to 20220830 snapshotmeta-openembedded: acbe748798..744a4b6eda: Changqing Li (2): fuse3: support ptest fuse3: fix ptest test_passthrough_hp failure Chen Qi (1): polkit: refresh patch Enrico Scholz (1): nodejs-oe-cache-native: initial checkin Hitendra Prajapati (1): wireshark:CVE-2022-3190 Infinite loop in legacy style dissector Hitomi Hasegawa (1): libsdl: addCVE-2019-14906 to allowlist Jose Quaresma (2): wireguard-module: 1.0.20210219 -> 1.0.20220627 wireguard-tools: Add a new package for wg-quick Justin Bronder (1): lmdb: only set SONAME on the shared library Khem Raj (5): audit: Upgrade to 3.0.8 and fix build with linux 5.17+ ntpsec: Add -D_GNU_SOURCE and fix building with devtool gd: Fix build with clang-15 safec: Remove unused variable 'len' audit: Revert the tweak done in configure step in do_install Lei Maohui (1): xrdp: Fix buildpaths warning. Martin Jansa (1): libcec: fix runtime dependencies for ${PN}-examples Mingli Yu (1): postgresql: make sure pam conf installed when pam enabled Ovidiu Panait (1): net-snmp: upgrade 5.9.1 -> 5.9.3 Richard Purdie (1): lmdb: Don't inherit base Sakib Sajal (1): minicoredumper: retry elf parsing as long as needed Saul Wold (10): libipc-signal-perl: Fix LICENSE string libdigest-hmac-perl: Fix LICENSE string libio-socket-ssl-perl: Fix LICENSE string libdigest-sha1-perl: Fix LICENSE string libmime-types-perl: Fix LICENSE string libauthen-sasl-perl: Fix LICENSE string libnet-ldap-perl: Fix LICENSE string libxml-libxml-perl: Fix LICENSE string libnet-telnet-perl: Fix LICENSE string libproc-waitstat-perl: Fix LICENSE string Steffen Olsen (1): postgreql: Fix pg_config not working after buildpaths patch Wang Mingyu (3): php: upgrade 8.1.8 -> 8.1.9 postgresql: upgrade 14.4 -> 14.5 tcpreplay: upgrade 4.4.1 -> 4.4.2 Yi Zhao (6): libldb: upgrade 2.3.3 -> 2.3.4 samba: upgrade 4.14.13 -> 4.14.14 samba: fix buildpaths issue frr: Security fixCVE-2022-37035 open-vm-tools: Security fixCVE-2022-31676 frr: Security fixCVE-2022-37032 wangmy (2): php: upgrade 8.1.9 -> 8.1.10 dnsmasq: upgrade 2.86 -> 2.87Signed-off-by: Patrick Williams <patrick@stwcx.xyz>Change-Id: I02f0e5b5dcf292a12933c694a10d0946b0edcbc4
1 parent53fdac2 commitc67ef22

File tree

354 files changed

+11491
-1578
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

354 files changed

+11491
-1578
lines changed
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
From cee6de8d6619aeeb70f3318dfd35f2fdf5e43848 Mon Sep 17 00:00:00 2001
2+
From: Luis Henriques <luis-henrix@users.noreply.github.com>
3+
Date: Sat, 20 Nov 2021 10:09:25 +0000
4+
Subject: [PATCH] test/test_syscalls.c: allow EBADF in fcheck_stat() (#631)
5+
MIME-Version: 1.0
6+
Content-Type: text/plain; charset=UTF-8
7+
Content-Transfer-Encoding: 8bit
8+
9+
Test test/test_examples.py::test_passthrough_hp[False] fails because, on
10+
kernels >= 5.14, fstat() will return -EBADF:
11+
12+
3 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor
13+
4 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor
14+
5 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor
15+
9 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor
16+
...
17+
18+
This patch simply whitelists the EBADF errno code.
19+
20+
Signed-off-by: Luís Henriques <lhenriques@suse.de>
21+
Co-authored-by: Luís Henriques <lhenriques@suse.de>
22+
23+
Upstream-Status: Backport [https://github.com/libfuse/libfuse/commit/cee6de8d6619aeeb70f3318dfd35f2fdf5e43848]
24+
Signed-off-by: Changqing Li <changqing.li@windriver.com>
25+
---
26+
test/test_syscalls.c | 3 ++-
27+
1 file changed, 2 insertions(+), 1 deletion(-)
28+
29+
diff --git a/test/test_syscalls.c b/test/test_syscalls.c
30+
index 160a2ac..65292ed 100644
31+
--- a/test/test_syscalls.c
32+
+++ b/test/test_syscalls.c
33+
@@ -277,7 +277,8 @@ static int fcheck_stat(int fd, int flags, struct stat *st)
34+
if (flags & O_PATH) {
35+
// With O_PATH fd, the server does not have to keep
36+
// the inode alive so FUSE inode may be stale or bad
37+
-if (errno == ESTALE || errno == EIO || errno == ENOENT)
38+
+if (errno == ESTALE || errno == EIO ||
39+
+ errno == ENOENT || errno == EBADF)
40+
return 0;
41+
}
42+
PERROR("fstat");
43+
--
44+
2.25.1
45+

‎meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb‎

Lines changed: 22 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://GPL2.txt;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
1212
file://LICENSE;md5=a55c12a2d7d742ecb41ca9ae0a6ddc66"
1313

1414
SRC_URI="https://github.com/libfuse/libfuse/releases/download/fuse-${PV}/fuse-${PV}.tar.xz \
15+
file://0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch \
1516
"
1617
SRC_URI[sha256sum]="b2e283485d47404ac896dd0bb7f7ba81e1470838e677e45f659804c3a3b69666"
1718

@@ -35,7 +36,28 @@ RDEPENDS:${PN}-ptest += " \
3536

3637
do_install_ptest() {
3738
install -d${D}${PTEST_PATH}/test
39+
install -d${D}${PTEST_PATH}/example
40+
install -d${D}${PTEST_PATH}/util
3841
cp -rf${S}/test/*${D}${PTEST_PATH}/test/
42+
43+
example_excutables=`find${B}/example -typef -executable`
44+
util_excutables=`find${B}/util -typef -executable`
45+
test_excutables=`find${B}/test -typef -executable`
46+
47+
forein $example_excutables
48+
do
49+
cp -rf $e${D}${PTEST_PATH}/example/
50+
done
51+
52+
forein $util_excutables
53+
do
54+
cp -rf $e${D}${PTEST_PATH}/util/
55+
done
56+
57+
forein $test_excutables
58+
do
59+
cp -rf $e${D}${PTEST_PATH}/test
60+
done
3961
}
4062

4163
DEPENDS="udev"
@@ -49,10 +71,6 @@ RRECOMMENDS:${PN}:class-target = "kernel-module-fuse fuse3-utils"
4971
FILES:${PN}+="${libdir}/libfuse3.so.*"
5072
FILES:${PN}-dev+="${libdir}/libfuse3*.la"
5173

52-
EXTRA_OEMESON+=" \
53-
-Dexamples=false \
54-
"
55-
5674
# Forbid auto-renaming to libfuse3-utils
5775
FILES:fuse3-utils="${bindir}${base_sbindir}"
5876
DEBIAN_NOAUTONAME:fuse3-utils="1"
Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
From 059b517f9ef6cbdc696e0983ce255b1728042827 Mon Sep 17 00:00:00 2001
2+
From: Yi Zhao <yi.zhao@windriver.com>
3+
Date: Thu, 25 Aug 2022 16:46:04 +0800
4+
Subject: [PATCH] smbtorture: skip test case tfork_cmd_send
5+
6+
The test case tfork_cmd_send fails on target as it requires a script
7+
located in the source directory:
8+
9+
$ smbtorture ncalrpc:localhost local.tfork.tfork_cmd_send
10+
test: tfork_cmd_send
11+
/buildarea/build/tmp/work/core2-64-poky-linux/samba/4.14.14-r0/samba-4.14.14/testprogs/blackbox/tfork.sh:
12+
Failed to exec child - No such file or directory
13+
14+
Upstream-Status: Inappropriate [embedded specific]
15+
16+
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
17+
---
18+
lib/util/tests/tfork.c | 4 ----
19+
1 file changed, 4 deletions(-)
20+
21+
diff --git a/lib/util/tests/tfork.c b/lib/util/tests/tfork.c
22+
index 70ae975..4826ce6 100644
23+
--- a/lib/util/tests/tfork.c
24+
+++ b/lib/util/tests/tfork.c
25+
@@ -839,10 +839,6 @@ struct torture_suite *torture_local_tfork(TALLOC_CTX *mem_ctx)
26+
"tfork_threads",
27+
test_tfork_threads);
28+
29+
-torture_suite_add_simple_test(suite,
30+
- "tfork_cmd_send",
31+
- test_tfork_cmd_send);
32+
-
33+
torture_suite_add_simple_test(suite,
34+
"tfork_event_file_handle",
35+
test_tfork_event_file_handle);
36+
--
37+
2.25.1
38+

‎meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.13.bb‎renamed to ‎meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb‎

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
2121
file://0004-Add-options-to-configure-the-use-of-libbsd.patch \
2222
file://0005-samba-build-dnsserver_common-code.patch \
2323
file://0001-Fix-pyext_PATTERN-for-cross-compilation.patch \
24+
file://0001-smbtorture-skip-test-case-tfork_cmd_send.patch \
2425
"
2526

2627
SRC_URI:append:libc-musl=" \
@@ -31,7 +32,7 @@ SRC_URI:append:libc-musl = " \
3132
file://samba-fix-musl-lib-without-innetgr.patch \
3233
"
3334

34-
SRC_URI[sha256sum]="e1df792818a17d8d21faf33580d32939214694c92b84fb499464210d86a7ff75"
35+
SRC_URI[sha256sum]="abd5e9e6aa45e55114b188ba189ebdfc8fd3d7718d43f749e477ce7f791e5519"
3536

3637
UPSTREAM_CHECK_REGEX="samba\-(?P<pver>4\.14(\.\d+)+).tar.gz"
3738

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
requirewireguard.inc
22

3-
SRCREV="122f06bfd8fc7b06a0899fa9adc4ce8e06900d98"
3+
SRCREV="18fbcd68a35a892527345dc5679d0b2d860ee004"
44

5-
SRC_URI="git://git.zx2c4.com/wireguard-linux-compat;branch=master"
5+
SRC_URI="git://git.zx2c4.com/wireguard-linux-compat;protocol=https;branch=master"
66

77
inheritmodulekernel-module-split
88

‎meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb‎

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,11 +16,19 @@ do_install () {
1616
install
1717
}
1818

19+
PACKAGES+="${PN}-wg-quick"
20+
1921
FILES:${PN}=" \
22+
${bindir}/wg \
2023
${sysconfdir} \
24+
"
25+
FILES:${PN}-wg-quick=" \
26+
${bindir}/wg-quick \
2127
${systemd_system_unitdir} \
22-
${bindir} \
2328
"
2429

25-
RDEPENDS:${PN}="bash"
26-
RRECOMMENDS:${PN}="kernel-module-wireguard"
30+
RDEPENDS:${PN}-wg-quick="${PN} bash"
31+
RRECOMMENDS:${PN}=" \
32+
kernel-module-wireguard \
33+
${PN}-wg-quick \
34+
"
Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
From 3c4821679f2362bcd38fcc7803f28a5210441ddb Mon Sep 17 00:00:00 2001
2+
From: Donald Sharp <sharpd@nvidia.com>
3+
Date: Thu, 21 Jul 2022 08:11:58 -0400
4+
Subject: [PATCH] bgpd: Make sure hdr length is at a minimum of what is
5+
expected
6+
7+
Ensure that if the capability length specified is enough data.
8+
9+
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
10+
11+
CVE: CVE-2022-37032
12+
13+
Upstream-Status: Backport
14+
[https://github.com/FRRouting/frr/commit/3c4821679f2362bcd38fcc7803f28a5210441ddb]
15+
16+
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
17+
---
18+
bgpd/bgp_packet.c | 8 ++++++++
19+
1 file changed, 8 insertions(+)
20+
21+
diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
22+
index 7c92a8d9e..bcd47e32d 100644
23+
--- a/bgpd/bgp_packet.c
24+
+++ b/bgpd/bgp_packet.c
25+
@@ -2440,6 +2440,14 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
26+
"%s CAPABILITY has action: %d, code: %u, length %u",
27+
peer->host, action, hdr->code, hdr->length);
28+
29+
+if (hdr->length < sizeof(struct capability_mp_data)) {
30+
+zlog_info(
31+
+"%s Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d",
32+
+peer->host, sizeof(struct capability_mp_data),
33+
+hdr->length);
34+
+return BGP_Stop;
35+
+}
36+
+
37+
/* Capability length check. */
38+
if ((pnt + hdr->length + 3) > end) {
39+
zlog_info("%s Capability length error", peer->host);
40+
--
41+
2.25.1
42+
Lines changed: 151 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,151 @@
1+
From db24300d56ad5831d9f6e4545ff2999b99e71bac Mon Sep 17 00:00:00 2001
2+
From: Mark Stapp <mstapp@nvidia.com>
3+
Date: Thu, 8 Sep 2022 16:14:36 -0400
4+
Subject: [PATCH] bgpd: avoid notify race between io and main pthreads
5+
6+
The "bgp_notify_" apis in bgp_packet.c generate a notification
7+
to a peer, usually during error handling. The io pthread wants
8+
to send notifications in a couple of cases during early
9+
received-packet validation - but the existing api interacts
10+
with the peer struct itself, and that's not safe.
11+
12+
Add a new api for use by the io pthread, and adjust the main
13+
notify api so that it can avoid touching the peer struct.
14+
15+
Signed-off-by: Mark Stapp <mstapp@nvidia.com>
16+
17+
CVE: CVE-2022-37035
18+
19+
Upstream-Status: Backport
20+
[https://github.com/FRRouting/frr/commit/71ca5b09bc71e8cbe38177cf41e83fe164e52eee]
21+
22+
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
23+
---
24+
bgpd/bgp_io.c | 17 ++++++++---------
25+
bgpd/bgp_packet.c | 32 ++++++++++++++++++++++++++++----
26+
bgpd/bgp_packet.h | 2 ++
27+
3 files changed, 38 insertions(+), 13 deletions(-)
28+
29+
diff --git a/bgpd/bgp_io.c b/bgpd/bgp_io.c
30+
index 9b5a31f28..c736d02db 100644
31+
--- a/bgpd/bgp_io.c
32+
+++ b/bgpd/bgp_io.c
33+
@@ -37,7 +37,7 @@
34+
#include "bgpd/bgp_debug.h"// for bgp_debug_neighbor_events, bgp_type_str
35+
#include "bgpd/bgp_errors.h"// for expanded error reference information
36+
#include "bgpd/bgp_fsm.h"// for BGP_EVENT_ADD, bgp_event
37+
-#include "bgpd/bgp_packet.h"// for bgp_notify_send_with_data, bgp_notify...
38+
+#include "bgpd/bgp_packet.h"// for bgp_notify_io_invalid...
39+
#include "bgpd/bgp_trace.h"// for frrtraces
40+
#include "bgpd/bgpd.h"// for peer, BGP_MARKER_SIZE, bgp_master, bm
41+
/* clang-format on */
42+
@@ -526,8 +526,8 @@ static bool validate_header(struct peer *peer)
43+
return false;
44+
45+
if (memcmp(m_correct, m_rx, BGP_MARKER_SIZE) != 0) {
46+
-bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR,
47+
-BGP_NOTIFY_HEADER_NOT_SYNC);
48+
+bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR,
49+
+ BGP_NOTIFY_HEADER_NOT_SYNC, NULL, 0);
50+
return false;
51+
}
52+
53+
@@ -547,9 +547,8 @@ static bool validate_header(struct peer *peer)
54+
zlog_debug("%s unknown message type 0x%02x", peer->host,
55+
type);
56+
57+
-bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR,
58+
- BGP_NOTIFY_HEADER_BAD_MESTYPE, &type,
59+
- 1);
60+
+bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR,
61+
+ BGP_NOTIFY_HEADER_BAD_MESTYPE, &type, 1);
62+
return false;
63+
}
64+
65+
@@ -574,9 +573,9 @@ static bool validate_header(struct peer *peer)
66+
67+
uint16_t nsize = htons(size);
68+
69+
-bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR,
70+
- BGP_NOTIFY_HEADER_BAD_MESLEN,
71+
- (unsigned char *)&nsize, 2);
72+
+bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR,
73+
+ BGP_NOTIFY_HEADER_BAD_MESLEN,
74+
+ (unsigned char *)&nsize, 2);
75+
return false;
76+
}
77+
78+
diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
79+
index 7c92a8d9e..a5ce5a527 100644
80+
--- a/bgpd/bgp_packet.c
81+
+++ b/bgpd/bgp_packet.c
82+
@@ -736,8 +736,9 @@ static void bgp_write_notify(struct peer *peer)
83+
* @param data Data portion
84+
* @param datalen length of data portion
85+
*/
86+
-void bgp_notify_send_with_data(struct peer *peer, uint8_t code,
87+
- uint8_t sub_code, uint8_t *data, size_t datalen)
88+
+static void bgp_notify_send_internal(struct peer *peer, uint8_t code,
89+
+ uint8_t sub_code, uint8_t *data,
90+
+ size_t datalen, bool use_curr)
91+
{
92+
struct stream *s;
93+
94+
@@ -769,8 +770,11 @@ void bgp_notify_send_with_data(struct peer *peer, uint8_t code,
95+
* If possible, store last packet for debugging purposes. This check is
96+
* in place because we are sometimes called with a doppelganger peer,
97+
* who tends to have a plethora of fields nulled out.
98+
+ *
99+
+ * Some callers should not attempt this - the io pthread for example
100+
+ * should not touch internals of the peer struct.
101+
*/
102+
-if (peer->curr) {
103+
+if (use_curr && peer->curr) {
104+
size_t packetsize = stream_get_endp(peer->curr);
105+
assert(packetsize <= peer->max_packet_size);
106+
memcpy(peer->last_reset_cause, peer->curr->data, packetsize);
107+
@@ -853,7 +857,27 @@ void bgp_notify_send_with_data(struct peer *peer, uint8_t code,
108+
*/
109+
void bgp_notify_send(struct peer *peer, uint8_t code, uint8_t sub_code)
110+
{
111+
-bgp_notify_send_with_data(peer, code, sub_code, NULL, 0);
112+
+bgp_notify_send_internal(peer, code, sub_code, NULL, 0, true);
113+
+}
114+
+
115+
+/*
116+
+ * Enqueue notification; called from the main pthread, peer object access is ok.
117+
+ */
118+
+void bgp_notify_send_with_data(struct peer *peer, uint8_t code,
119+
+ uint8_t sub_code, uint8_t *data, size_t datalen)
120+
+{
121+
+bgp_notify_send_internal(peer, code, sub_code, data, datalen, true);
122+
+}
123+
+
124+
+/*
125+
+ * For use by the io pthread, queueing a notification but avoiding access to
126+
+ * the peer object.
127+
+ */
128+
+void bgp_notify_io_invalid(struct peer *peer, uint8_t code, uint8_t sub_code,
129+
+ uint8_t *data, size_t datalen)
130+
+{
131+
+/* Avoid touching the peer object */
132+
+bgp_notify_send_internal(peer, code, sub_code, data, datalen, false);
133+
}
134+
135+
/*
136+
diff --git a/bgpd/bgp_packet.h b/bgpd/bgp_packet.h
137+
index 280d3ec17..898f88ff5 100644
138+
--- a/bgpd/bgp_packet.h
139+
+++ b/bgpd/bgp_packet.h
140+
@@ -62,6 +62,8 @@ extern void bgp_open_send(struct peer *);
141+
extern void bgp_notify_send(struct peer *, uint8_t, uint8_t);
142+
extern void bgp_notify_send_with_data(struct peer *, uint8_t, uint8_t,
143+
uint8_t *, size_t);
144+
+void bgp_notify_io_invalid(struct peer *peer, uint8_t code, uint8_t sub_code,
145+
+ uint8_t *data, size_t datalen);
146+
extern void bgp_route_refresh_send(struct peer *peer, afi_t afi, safi_t safi,
147+
uint8_t orf_type, uint8_t when_to_refresh,
148+
int remove, uint8_t subtype);
149+
--
150+
2.25.1
151+

‎meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
1010
file://COPYING-LGPLv2.1;md5=4fbd65380cdd255951079008b364516c"
1111

1212
SRC_URI="git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \
13+
file://CVE-2022-37035.patch \
14+
file://CVE-2022-37032.patch \
1315
file://frr.pam \
1416
"
1517

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp