diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2023-05-05 19:29:21 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2023-05-19 16:11:41 +0300 |
commit | 028142bd6118b39dd3928195162e5f1cf2a8f3ce (patch) | |
tree | de3fc1d81a0e7046980dd4ab7829942b08d4db3e /poky/meta/recipes-extended | |
parent | d452b77b0ed98c8f3dcd413078e87f25ab4a3b1d (diff) | |
download | openbmc-028142bd6118b39dd3928195162e5f1cf2a8f3ce.tar.xz |
subtree updates
poky: cce6db2a59..76cec94fad:
Alex Kiernan (1):
rust: Upgrade 1.68.2 -> 1.69.0
Alexander Kanavin (10):
selftest/distrodata: clean up exception lists in recipe maintainers test
dhcpcd: use git instead of tarballs
perl: patch out build paths from native binaries
binutils: backport a patch to address failures when time64.inc is in use
time64.inc: add glibc-testsuite to 'special cases'
bitbake.conf: set minimum required target kernel to 5.15
time64.inc: add a comment about how to simulate Y2038 in qemu
oeqa/sdk/assimp: run only when zlib is in the SDK
insane.bbclass: simplify exceptions for 32 bit time API check
vulkan: add a comment explaining upstream version policy
Andrey Zhizhikin (1):
cryptodev: upgrade to 1.13
Armin Kuster (2):
maintainers.inc: remove myself from assignment
os-release: Add CPE_NAME
Changhyeok Bae (1):
iproute2: upgrade 6.2.0 -> 6.3.0
Enrico Jörns (1):
package_manager/ipk: fix config path generation in _create_custom_config()
Frederic Martinsons (3):
ptest-cargo.bbclass: create class
python3-bcrypt: enable build of unit tests
zvariant: add ptest feature for zvariant test suite
Jamin Lin (2):
kernel-fitimage: support 64 bits address
uboot-sign: support 64bits address
Joe Slater (1):
ghostscript: fix CVE-2023-28879
Johannes Schrimpf (1):
python3targetconfig.bbclass: Extend PYTHONPATH instead of overwriting
Khem Raj (8):
musl: Update to latest master
gpgme: Reset ac_cv_sys_file_offset_bits on musl
mpg123: Reset ac_cv_sys_file_offset_bits on musl
quilt: Fix merge.test race condition
systemd: Fix timesyncd runtime assertions with 64bit time_t
qtwebkitgtk: Backport a build fix for GCC 13
cmake: Upgrade to 3.26.3
piglit: Fix c++11-narrowing warnings in tests
Lee Chee Yang (1):
release-notes-4.2: remove/merge duplicates entries
Markus Volk (2):
gtk4: update 4.10.0 -> 4.10.3
gcr: update 4.0.0 -> 4.1.0
Martin Jansa (2):
populate_sdk_ext.bbclass: redirect stderr to stdout so that both end in LOGFILE
image_types_wic: Remove incorrect MLPREFIX to already prefixed virtual/
Martin Siegumfeldt (1):
systemd-systemctl: fix instance template WantedBy symlink construction
Michael Halstead (1):
docs: add support for mickledore (4.2) release
Michael Opdenacker (3):
dev-manual: init-manager.rst: add summary
ref-manual: system-requirements.rst: fix AlmaLinux variable name
ref-manual: variables.rst: don't mention the INIT_MANAGER "none" option
Ming Liu (1):
weston: add xwayland to DEPENDS for PACKAGECONFIG xwayland
Otavio Salvador (2):
glide: remove as 'go mod' has become standard
mesa: 23.0.2 -> 23.0.3
Patrick Williams (1):
perl-version: remove PERL* assignments
Paul Gortmaker (1):
scripts: fix buildstats diff/summary hard bound to host python3
Peter Bergin (1):
update-alternatives.bbclass: fix old override syntax
Peter Kjellerstedt (1):
license.bbclass: Include LICENSE in the output when it fails to parse
Petr Kubizňák (1):
devicetree.bbclass: Allow selection of dts files to build
Qiu Tingting (1):
lz4: Add ptest support
Randolph Sapp (1):
kernel-devicetree: allow specification of dtb directory
Ranjitsinh Rathod (1):
libbsd: Add correct license for all packages
Richard Purdie (13):
bitbake: cooker: Log config and parse cache status changes
binutils: Drop crosssdk suffix from virtual provides to improve dependency handling
gcc/go: Drop crosssdk suffix from virtual provides to improve dependency handling
oeqa/runtime/ptest: Make returning no test results a failure
python3-psutil: Drop nativesdk class extension due to breakage
maintainers.inc: Move apt/dpkg to unassigned
patchelf: Upgrade 0.17.2 -> 0.18.0
maintainers.inc: Fix email address typo
qemu: Add fix for powerpc instruction fallback issue
qemu: Upgrade 7.2.0 -> 8.0.0
maintainers.inc: Move repo to unassigned
recipes: Default to https git protocol where possible
bitbake: tests/fetch: Default to https git protocol where possible
Ross Burton (13):
python3-pytest: add missing tomllib RDEPENDS
libinput: upgrade to 1.23.0
gtk+3: upgrade 3.24.36 -> 3.24.37
piglit: upgrade to latest revision
dmidecode: upgrade to 3.5
connman: backport fix for CVE-2023-28488
vulkan-samples: update to latest SHA
glslang: upgrade to 1.3.243
vulkan-headers: upgrade to 1.3.243
vulkan-loader: upgrade to 1.3.243
vulkan-tools: upgrade to 1.3.243
spirv-headers: remove description
spirv-tools: remove redundant python3native inherit
Sergei Zhmylev (1):
wic: add support for proper kernel name to bootimg-pcbios
Sudip Mukherjee (5):
apt: Upgrade to v2.6.0
libxt: Upgrade to v1.3.0
libxfixes: Upgrade to v6.0.1
xwininfo: upgrade to v1.1.6
xinput: upgrade to v1.6.4
Tim Orling (1):
libmodule-build-perl: upgrade 0.4232 -> 0.4234
Upgrade Helper (1):
waffle: upgrade 1.7.0 -> 1.7.2
Virendra Thakur (1):
qemu: Whitelist CVE-2023-0664
hen Qi (1):
unfs3: fix symlink time setting issue
meta-openembedded: c5f330bc9a..f3cdc9d7ee:
Andrew Geissler (3):
etcd: add recipe
etcd: use v2.1.2 xhash to fix build issue
etcd: remove gobin requirement for build
Bergin, Peter (1):
freediameter: fix typo and old overide syntax
Bhargav Das (2):
tslib: Add native & nativestdk package support
pointercal: Add native & nativestdk package support
Gianfranco Costamagna (1):
dlt-daemon: upgrade 2.18.8 -> 2.18.9 (commit: 9a2312d3512a27620d41b9a325338b6e7b3d42de)
Khem Raj (24):
unixODBC: Update SRC_URI to use updated location of tarball
ttf-arphic-uming: Update to 0.2.20080216-2
thrift: Upgrade to 0.18.1
unicode-ucd: Update license URI to reflect renamed license
libtimezonemap: Point to a working SRC_URI
libx86: Point to working SRC_URI
ctapi-common: Point to working SRC_URI locations
netkit-ftp: Update to debian patch 34
nicstat: Use SOURCEFORGE_MIRROR in SRC_URI
rp-pppoe: Point SRC_URI to valid location
ttf-mplus: Point to valid download location for SRC_URI
geary: Use sysroot prefix with pkg-config in meson
srecord: Upgrade to 1.65.0
ttf-lklug: Point SRC_URI to a working location
radiusclient-ng: Point SRC_URI to archive.ubuntu.com
httpfs2: Do not use S during compile/install tasks
p910nd: Switch to using github for SRC_URI
mosh: Point SRC_URI to https://mosh.org/
xdotool: Upgrade to 3.20211022.1 release
faenza-icon-theme: Switch to a valid download location for SRC_URI
debootstrap: Update SRC_URI to point to valid URL
debootstrap: Use DEBIAN_MIRROR for SRC_URI
ttf-gentium: Switch to debian archive mirror for SRC_URI
nfacct: Update SRC_URI to point to valid URL
Petr Gotthard (1):
gensio: fix QA issue: non -staticdev package with .a libraries
meta-arm: c60d7865dd..0b5724266a:
Rui Miguel Silva (1):
arm-bsp/u-boot: corstone1000: remove debug messages and fix env
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I89bb649b388963a4e16080db6caa8ae1ac2cb3c2
Diffstat (limited to 'poky/meta/recipes-extended')
3 files changed, 62 insertions, 1 deletions
diff --git a/poky/meta/recipes-extended/bzip2/bzip2_1.0.8.bb b/poky/meta/recipes-extended/bzip2/bzip2_1.0.8.bb index 78138d1543..4e3a06f240 100644 --- a/poky/meta/recipes-extended/bzip2/bzip2_1.0.8.bb +++ b/poky/meta/recipes-extended/bzip2/bzip2_1.0.8.bb @@ -22,7 +22,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;endline=37;md5=600af43c50f1fcb82e " SRC_URI = "https://sourceware.org/pub/${BPN}/${BPN}-${PV}.tar.gz \ - git://sourceware.org/git/bzip2-tests.git;name=bzip2-tests;branch=master \ + git://sourceware.org/git/bzip2-tests.git;name=bzip2-tests;branch=master;protocol=https \ file://configure.ac;subdir=${BP} \ file://Makefile.am;subdir=${BP} \ file://run-ptest \ diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch new file mode 100644 index 0000000000..604b927521 --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch @@ -0,0 +1,60 @@ +From 37ed5022cecd584de868933b5b60da2e995b3179 Mon Sep 17 00:00:00 2001 +From: Ken Sharp <ken.sharp@artifex.com> +Date: Fri, 24 Mar 2023 13:19:57 +0000 +Subject: [PATCH] Graphics library - prevent buffer overrun in (T)BCP encoding + +Bug #706494 "Buffer Overflow in s_xBCPE_process" + +As described in detail in the bug report, if the write buffer is filled +to one byte less than full, and we then try to write an escaped +character, we overrun the buffer because we don't check before +writing two bytes to it. + +This just checks if we have two bytes before starting to write an +escaped character and exits if we don't (replacing the consumed byte +of the input). + +Up for further discussion; why do we even permit a BCP encoding filter +anyway ? I think we should remove this, at least when SAFER is true. +--- +CVE: CVE-2023-28879 + +Upstream-Status: Backport [see text] + +git://git.ghostscript.com/ghostpdl +cherry-pick + +Signed-off-by: Joe Slater <joe.slater@windriver.com. + +--- + base/sbcp.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/base/sbcp.c b/base/sbcp.c +index 979ae0992..47fc233ec 100644 +--- a/base/sbcp.c ++++ b/base/sbcp.c +@@ -1,4 +1,4 @@ +-/* Copyright (C) 2001-2021 Artifex Software, Inc. ++/* Copyright (C) 2001-2023 Artifex Software, Inc. + All Rights Reserved. + + This software is provided AS-IS with no warranty, either express or +@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr, + byte ch = *++p; + + if (ch <= 31 && escaped[ch]) { ++ /* Make sure we have space to store two characters in the write buffer, ++ * if we don't then exit without consuming the input character, we'll process ++ * that on the next time round. ++ */ ++ if (pw->limit - q < 2) { ++ p--; ++ break; ++ } + if (p == rlimit) { + p--; + break; +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb index 56a93632e2..86ecdbe24a 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb +++ b/poky/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb @@ -34,6 +34,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://avoid-host-contamination.patch \ file://mkdir-p.patch \ file://cross-compile.patch \ + file://cve-2023-28879.patch \ " SRC_URI = "${SRC_URI_BASE} \ |