diff options
Diffstat (limited to 'meta-oe/recipes-support')
73 files changed, 1772 insertions, 546 deletions
diff --git a/meta-oe/recipes-support/atop/atop_2.12.1.bb b/meta-oe/recipes-support/atop/atop_2.12.1.bb index 4ca74edbaf..d40b95ce6c 100644 --- a/meta-oe/recipes-support/atop/atop_2.12.1.bb +++ b/meta-oe/recipes-support/atop/atop_2.12.1.bb | |||
| @@ -7,7 +7,7 @@ etc. At regular intervals, it shows system-level activity related to the CPU, \ | |||
| 7 | memory, swap, disks (including LVM) and network layers, and for every process \ | 7 | memory, swap, disks (including LVM) and network layers, and for every process \ |
| 8 | (and thread) it shows e.g. the CPU utilization, memory growth, disk \ | 8 | (and thread) it shows e.g. the CPU utilization, memory growth, disk \ |
| 9 | utilization, priority, username, state, and exit code." | 9 | utilization, priority, username, state, and exit code." |
| 10 | HOMEPAGE = "http://www.atoptool.nl" | 10 | HOMEPAGE = "https://www.atoptool.nl" |
| 11 | SECTION = "console/utils" | 11 | SECTION = "console/utils" |
| 12 | 12 | ||
| 13 | LICENSE = "GPL-2.0-only" | 13 | LICENSE = "GPL-2.0-only" |
| @@ -37,7 +37,7 @@ do_compile() { | |||
| 37 | do_install() { | 37 | do_install() { |
| 38 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then | 38 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then |
| 39 | make DESTDIR=${D} VERS=${PV} SYSDPATH=${systemd_system_unitdir} \ | 39 | make DESTDIR=${D} VERS=${PV} SYSDPATH=${systemd_system_unitdir} \ |
| 40 | PMPATHD=${systemd_unitdir}/system-sleep install | 40 | PMPATHD=${systemd_unitdir}/system-sleep SBINPATH=${sbindir} install |
| 41 | install -d ${D}${sysconfdir}/tmpfiles.d | 41 | install -d ${D}${sysconfdir}/tmpfiles.d |
| 42 | install -m 644 ${UNPACKDIR}/volatiles.atop.conf ${D}${sysconfdir}/tmpfiles.d/atop.conf | 42 | install -m 644 ${UNPACKDIR}/volatiles.atop.conf ${D}${sysconfdir}/tmpfiles.d/atop.conf |
| 43 | rm -f ${D}${systemd_system_unitdir}/atopacct.service | 43 | rm -f ${D}${systemd_system_unitdir}/atopacct.service |
| @@ -51,16 +51,19 @@ do_install() { | |||
| 51 | # /var/log/atop will be created in runtime | 51 | # /var/log/atop will be created in runtime |
| 52 | rm -rf ${D}${localstatedir}/log | 52 | rm -rf ${D}${localstatedir}/log |
| 53 | rmdir --ignore-fail-on-non-empty ${D}${localstatedir} | 53 | rmdir --ignore-fail-on-non-empty ${D}${localstatedir} |
| 54 | |||
| 55 | # remove atopacct related files | ||
| 56 | rm -rf ${D}${sbindir} ${D}${mandir}/man8 | ||
| 57 | } | 54 | } |
| 58 | 55 | ||
| 59 | inherit systemd | 56 | inherit systemd |
| 60 | 57 | ||
| 58 | PACKAGES =+ "${PN}-acctd ${PN}-gpud" | ||
| 59 | |||
| 61 | SYSTEMD_SERVICE:${PN} = "atop.service atopgpu.service atop-rotate.service" | 60 | SYSTEMD_SERVICE:${PN} = "atop.service atopgpu.service atop-rotate.service" |
| 62 | SYSTEMD_AUTO_ENABLE = "disable" | 61 | SYSTEMD_AUTO_ENABLE = "disable" |
| 63 | 62 | ||
| 64 | FILES:${PN} += "${systemd_unitdir}/system-sleep ${systemd_system_unitdir}/atop-rotate.timer" | 63 | FILES:${PN} += "${systemd_unitdir}/system-sleep ${systemd_system_unitdir}/atop-rotate.timer" |
| 64 | FILES:${PN}-acctd += "${sbindir}/atopacctd ${mandir}/man8/atopacctd.8" | ||
| 65 | FILES:${PN}-gpud += "${sbindir}/atopgpud ${mandir}/man8/atopgpud.8" | ||
| 65 | 66 | ||
| 66 | RDEPENDS:${PN} = "procps" | 67 | RDEPENDS:${PN} = "procps" |
| 68 | RDEPENDS:${PN}-gpud = "python3-core" | ||
| 69 | RRECOMMENDS:${PN} = "${PN}-acctd ${PN}-gpud" | ||
diff --git a/meta-oe/recipes-support/bmap-writer/bmap-writer_1.0.3.bb b/meta-oe/recipes-support/bmap-writer/bmap-writer_1.0.4.bb index e08525b1c9..657ba60e1d 100644 --- a/meta-oe/recipes-support/bmap-writer/bmap-writer_1.0.3.bb +++ b/meta-oe/recipes-support/bmap-writer/bmap-writer_1.0.4.bb | |||
| @@ -9,11 +9,14 @@ LICENSE = "GPL-3.0-only" | |||
| 9 | LIC_FILES_CHKSUM = "file://LICENSE;md5=e49f4652534af377a713df3d9dec60cb" | 9 | LIC_FILES_CHKSUM = "file://LICENSE;md5=e49f4652534af377a713df3d9dec60cb" |
| 10 | 10 | ||
| 11 | SRC_URI = "git://github.com/embetrix/${BPN};branch=master;protocol=https;tag=${PV}" | 11 | SRC_URI = "git://github.com/embetrix/${BPN};branch=master;protocol=https;tag=${PV}" |
| 12 | SRCREV = "991e2c4264b843f61e502712f497103472a1b6e7" | 12 | SRCREV = "52919b145d04953a91cf846f3db3d8cee8d989ac" |
| 13 | 13 | ||
| 14 | DEPENDS = "libtinyxml2 libarchive" | 14 | DEPENDS = "libtinyxml2 libarchive" |
| 15 | inherit cmake pkgconfig | 15 | inherit cmake pkgconfig |
| 16 | 16 | ||
| 17 | PACKAGECONFIG ?= "" | ||
| 18 | PACKAGECONFIG[libkcapi] = "-DUSE_KERNEL_CRYPTO_API=ON, -DUSE_KERNEL_CRYPTO_API=OFF, libkcapi" | ||
| 19 | |||
| 17 | FILES:${PN} = "${bindir}" | 20 | FILES:${PN} = "${bindir}" |
| 18 | 21 | ||
| 19 | BBCLASSEXTEND = "native nativesdk" | 22 | BBCLASSEXTEND = "native nativesdk" |
diff --git a/meta-oe/recipes-support/ceres-solver/ceres-solver_2.2.0.bb b/meta-oe/recipes-support/ceres-solver/ceres-solver_2.2.0.bb index 0a8f237180..5368bdeeb4 100644 --- a/meta-oe/recipes-support/ceres-solver/ceres-solver_2.2.0.bb +++ b/meta-oe/recipes-support/ceres-solver/ceres-solver_2.2.0.bb | |||
| @@ -3,12 +3,11 @@ HOMEPAGE = "http://ceres-solver.org/" | |||
| 3 | LICENSE = "BSD-3-Clause" | 3 | LICENSE = "BSD-3-Clause" |
| 4 | LIC_FILES_CHKSUM = "file://LICENSE;md5=3585a26c9cd9ec0cb36a7d65542878ca" | 4 | LIC_FILES_CHKSUM = "file://LICENSE;md5=3585a26c9cd9ec0cb36a7d65542878ca" |
| 5 | 5 | ||
| 6 | DEPENDS = "libeigen glog" | 6 | DEPENDS = "libeigen" |
| 7 | 7 | ||
| 8 | SRC_URI = "git://github.com/ceres-solver/ceres-solver.git;branch=master;protocol=https" | 8 | SRC_URI = "git://github.com/ceres-solver/ceres-solver.git;branch=master;protocol=https" |
| 9 | SRCREV = "85331393dc0dff09f6fb9903ab0c4bfa3e134b01" | 9 | SRCREV = "85331393dc0dff09f6fb9903ab0c4bfa3e134b01" |
| 10 | 10 | ||
| 11 | |||
| 12 | inherit cmake | 11 | inherit cmake |
| 13 | 12 | ||
| 14 | do_configure:prepend() { | 13 | do_configure:prepend() { |
| @@ -19,6 +18,14 @@ do_configure:prepend() { | |||
| 19 | touch ${S}/.git/hooks/commit-msg 2>/dev/null || : | 18 | touch ${S}/.git/hooks/commit-msg 2>/dev/null || : |
| 20 | } | 19 | } |
| 21 | 20 | ||
| 21 | EXTRA_OECMAKE += " \ | ||
| 22 | -DBUILD_BENCHMARKS=OFF \ | ||
| 23 | -DBUILD_EXAMPLES=OFF \ | ||
| 24 | -DBUILD_TESTING=OFF \ | ||
| 25 | -DGFLAGS=OFF \ | ||
| 26 | -DUSE_CUDA=OFF \ | ||
| 27 | " | ||
| 28 | |||
| 22 | # We don't want path to eigen3 in ceres-solver RSS to be | 29 | # We don't want path to eigen3 in ceres-solver RSS to be |
| 23 | # used by components which use CeresConfig.cmake from their | 30 | # used by components which use CeresConfig.cmake from their |
| 24 | # own RSS | 31 | # own RSS |
| @@ -27,11 +34,12 @@ do_configure:prepend() { | |||
| 27 | # ceres-solver/1.14-r0/packages-split/ceres-solver-dev/usr/lib/cmake/Ceres/CeresConfig.cmake: set(glog_DIR ceres-solver/1.14-r0/recipe-sysroot/usr/lib/cmake/glog) | 34 | # ceres-solver/1.14-r0/packages-split/ceres-solver-dev/usr/lib/cmake/Ceres/CeresConfig.cmake: set(glog_DIR ceres-solver/1.14-r0/recipe-sysroot/usr/lib/cmake/glog) |
| 28 | SSTATE_SCAN_FILES += "*.cmake" | 35 | SSTATE_SCAN_FILES += "*.cmake" |
| 29 | 36 | ||
| 30 | PACKAGECONFIG ??= "" | 37 | PACKAGECONFIG ??= "glog" |
| 31 | 38 | ||
| 32 | # suitesparse* recipes will be in meta-ros layer | 39 | # suitesparse* recipes will be in meta-ros layer |
| 33 | PACKAGECONFIG[suitesparse] = "-DSUITESPARSE=ON,-DSUITESPARSE=OFF,suitesparse-config suitesparse-amd suitesparse-camd suitesparse-colamd suitesparse-ccolamd suitesparse-cholmod suitesparse-metis suitesparse-spqr" | 40 | PACKAGECONFIG[suitesparse] = "-DSUITESPARSE=ON,-DSUITESPARSE=OFF,suitesparse-config suitesparse-amd suitesparse-camd suitesparse-colamd suitesparse-ccolamd suitesparse-cholmod suitesparse-metis suitesparse-spqr" |
| 34 | PACKAGECONFIG[cxsparse] = "-DCXSPARSE=ON,-DCXSPARSE=OFF,suitesparse-cxsparse" | 41 | PACKAGECONFIG[cxsparse] = "-DCXSPARSE=ON,-DCXSPARSE=OFF,suitesparse-cxsparse" |
| 42 | PACKAGECONFIG[glog] = "-DMINIGLOG=OFF,-DMINIGLOG=ON,glog" | ||
| 35 | PACKAGECONFIG[lapack] = "-DLAPACK=ON,-DLAPACK=OFF,lapack" | 43 | PACKAGECONFIG[lapack] = "-DLAPACK=ON,-DLAPACK=OFF,lapack" |
| 36 | 44 | ||
| 37 | # Only a static library and headers are created | 45 | # Only a static library and headers are created |
diff --git a/meta-oe/recipes-support/composefs/composefs/0001-mkcomposefs-use-const-char-for-memchr-return-values.patch b/meta-oe/recipes-support/composefs/composefs/0001-mkcomposefs-use-const-char-for-memchr-return-values.patch new file mode 100644 index 0000000000..9c45d4fcc0 --- /dev/null +++ b/meta-oe/recipes-support/composefs/composefs/0001-mkcomposefs-use-const-char-for-memchr-return-values.patch | |||
| @@ -0,0 +1,45 @@ | |||
| 1 | From 9d82303c7a3a780d481469cd8eafa016dcbff86f Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Khem Raj <khem.raj@oss.qualcomm.com> | ||
| 3 | Date: Thu, 16 Apr 2026 08:25:28 -0700 | ||
| 4 | Subject: [PATCH] mkcomposefs: use const char* for memchr return values | ||
| 5 | |||
| 6 | memchr returns void*, which when assigned to char* discards the | ||
| 7 | const qualifier of the input pointer. Cast to const char* to | ||
| 8 | preserve const'ness. | ||
| 9 | |||
| 10 | Fixes build with clang-22/glibc-2.43 | ||
| 11 | |||
| 12 | tools/mkcomposefs.c | ||
| 13 | ../sources/composefs-1.0.8/tools/mkcomposefs.c:413:8: error: initializing 'char *' with an expression of type 'const void *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers] | ||
| 14 | 413 | char *embedded_nul_offset = memchr(line, 0, line_len); | ||
| 15 | | ^ ~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
| 16 | 1 error generated. | ||
| 17 | |||
| 18 | Upstream-Status: Submitted [https://github.com/composefs/composefs/pull/435] | ||
| 19 | Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> | ||
| 20 | --- | ||
| 21 | tools/mkcomposefs.c | 4 ++-- | ||
| 22 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
| 23 | |||
| 24 | diff --git a/tools/mkcomposefs.c b/tools/mkcomposefs.c | ||
| 25 | index 13b505d..e14d8d0 100644 | ||
| 26 | --- a/tools/mkcomposefs.c | ||
| 27 | +++ b/tools/mkcomposefs.c | ||
| 28 | @@ -63,7 +63,7 @@ static __attribute__((format(printf, 1, 2))) char *make_error(const char *fmt, . | ||
| 29 | static size_t split_at(const char **start, size_t *length, char split_char, | ||
| 30 | bool *partial) | ||
| 31 | { | ||
| 32 | - char *end = memchr(*start, split_char, *length); | ||
| 33 | + const char *end = (const char*)memchr(*start, split_char, *length); | ||
| 34 | if (end == NULL) { | ||
| 35 | size_t part_len = *length; | ||
| 36 | *start = *start + *length; | ||
| 37 | @@ -410,7 +410,7 @@ static char *tree_from_dump_line(dump_info *info, const char *line, | ||
| 38 | * We didn't document support for embedded NULs, and it only introduces | ||
| 39 | * ambiguity in parsing, so let's just reject this early on. | ||
| 40 | */ | ||
| 41 | - char *embedded_nul_offset = memchr(line, 0, line_len); | ||
| 42 | + const char *embedded_nul_offset = (const char*)memchr(line, 0, line_len); | ||
| 43 | if (embedded_nul_offset != NULL) { | ||
| 44 | size_t off = embedded_nul_offset - line; | ||
| 45 | return make_error("Invalid embedded NUL character at position %lld", | ||
diff --git a/meta-oe/recipes-support/composefs/composefs_1.0.8.bb b/meta-oe/recipes-support/composefs/composefs_1.0.8.bb index f2bae91f44..3450f9a339 100644 --- a/meta-oe/recipes-support/composefs/composefs_1.0.8.bb +++ b/meta-oe/recipes-support/composefs/composefs_1.0.8.bb | |||
| @@ -14,8 +14,9 @@ LIC_FILES_CHKSUM = "\ | |||
| 14 | " | 14 | " |
| 15 | 15 | ||
| 16 | SRCREV = "858ce1b38e1534c2602eb431124b5dca706bc746" | 16 | SRCREV = "858ce1b38e1534c2602eb431124b5dca706bc746" |
| 17 | SRC_URI = "git://github.com/containers/composefs.git;protocol=https;branch=main" | 17 | SRC_URI = "git://github.com/containers/composefs.git;protocol=https;branch=main;tag=v${PV} \ |
| 18 | 18 | file://0001-mkcomposefs-use-const-char-for-memchr-return-values.patch \ | |
| 19 | " | ||
| 19 | 20 | ||
| 20 | inherit meson | 21 | inherit meson |
| 21 | 22 | ||
diff --git a/meta-oe/recipes-support/crow/crow_1.3.2.bb b/meta-oe/recipes-support/crow/crow_1.3.2.bb new file mode 100644 index 0000000000..09970fcfc2 --- /dev/null +++ b/meta-oe/recipes-support/crow/crow_1.3.2.bb | |||
| @@ -0,0 +1,20 @@ | |||
| 1 | SUMMARY = "A Fast and Easy to use microframework for the web" | ||
| 2 | HOMEPAGE = "https://crowcpp.org/" | ||
| 3 | DESCRIPTION = "Crow is a C++ framework for creating HTTP or Websocket web services. \ | ||
| 4 | It uses routing similar to Python's Flask which makes it easy to use. \ | ||
| 5 | It is also extremely fast, beating multiple existing C++ frameworks as well as non-C++ frameworks." | ||
| 6 | SECTION = "libs" | ||
| 7 | LICENSE = "BSD-3-Clause" | ||
| 8 | LIC_FILES_CHKSUM = "file://LICENSE;md5=e08502e395a6f7c037ddfe7d2915f58e" | ||
| 9 | |||
| 10 | SRC_URI = "git://github.com/CrowCpp/Crow.git;protocol=https;branch=v1.3;tag=v${PV}" | ||
| 11 | SRCREV = "f8c060c51feeca2c65828fb6f538603db4392d55" | ||
| 12 | |||
| 13 | inherit cmake | ||
| 14 | |||
| 15 | DEPENDS = "asio" | ||
| 16 | |||
| 17 | EXTRA_OECMAKE = "\ | ||
| 18 | -DCROW_BUILD_EXAMPLES=OFF \ | ||
| 19 | -DCROW_BUILD_TESTS=OFF \ | ||
| 20 | " | ||
diff --git a/meta-oe/recipes-support/enca/enca_1.19.bb b/meta-oe/recipes-support/enca/enca_1.19.bb index 61da50ba52..395d7abe70 100644 --- a/meta-oe/recipes-support/enca/enca_1.19.bb +++ b/meta-oe/recipes-support/enca/enca_1.19.bb | |||
| @@ -17,4 +17,6 @@ SRC_URI[sha256sum] = "4c305cc59f3e57f2cfc150a6ac511690f43633595760e1cb266bf23362 | |||
| 17 | 17 | ||
| 18 | inherit autotools | 18 | inherit autotools |
| 19 | 19 | ||
| 20 | CACHED_CONFIGUREVARS += "ac_cv_prog_cc_c23=no" | ||
| 21 | |||
| 20 | EXTRA_OECONF += "MKTEMP_PROG=mktemp" | 22 | EXTRA_OECONF += "MKTEMP_PROG=mktemp" |
diff --git a/meta-oe/recipes-support/fastfetch/fastfetch_2.60.0.bb b/meta-oe/recipes-support/fastfetch/fastfetch_2.61.0.bb index dbb999969b..8db0b608f1 100644 --- a/meta-oe/recipes-support/fastfetch/fastfetch_2.60.0.bb +++ b/meta-oe/recipes-support/fastfetch/fastfetch_2.61.0.bb | |||
| @@ -10,14 +10,13 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2090e7d93df7ad5a3d41f6fb4226ac76" | |||
| 10 | 10 | ||
| 11 | DEPENDS = "yyjson" | 11 | DEPENDS = "yyjson" |
| 12 | 12 | ||
| 13 | SRC_URI = "git://github.com/fastfetch-cli/fastfetch.git;protocol=https;branch=dev;tag=${PV}" | 13 | SRC_URI = "git://github.com/fastfetch-cli/fastfetch.git;protocol=https;branch=master;tag=${PV}" |
| 14 | SRCREV = "06ecc9c4805794ca8d632844e64950e82a6d5f7e" | 14 | SRCREV = "e5d600600614f5496b02907a11a7bc80c369d266" |
| 15 | 15 | ||
| 16 | inherit cmake pkgconfig | 16 | inherit cmake pkgconfig |
| 17 | 17 | ||
| 18 | EXTRA_OECMAKE += "\ | 18 | EXTRA_OECMAKE += "\ |
| 19 | -DENABLE_SYSTEM_YYJSON=ON \ | 19 | -DENABLE_SYSTEM_YYJSON=ON \ |
| 20 | -DENABLE_DIRECTX_HEADERS=OFF \ | ||
| 21 | " | 20 | " |
| 22 | 21 | ||
| 23 | PACKAGECONFIG ??= "\ | 22 | PACKAGECONFIG ??= "\ |
diff --git a/meta-oe/recipes-support/freeipmi/freeipmi_1.6.16.bb b/meta-oe/recipes-support/freeipmi/freeipmi_1.6.17.bb index f5be870b1d..7970e0f563 100644 --- a/meta-oe/recipes-support/freeipmi/freeipmi_1.6.16.bb +++ b/meta-oe/recipes-support/freeipmi/freeipmi_1.6.17.bb | |||
| @@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ | |||
| 14 | file://COPYING.sunbmc;md5=c03f21cd76ff5caba6b890d1213cbfbb" | 14 | file://COPYING.sunbmc;md5=c03f21cd76ff5caba6b890d1213cbfbb" |
| 15 | 15 | ||
| 16 | SRC_URI = "${GNU_MIRROR}/freeipmi/freeipmi-${PV}.tar.gz" | 16 | SRC_URI = "${GNU_MIRROR}/freeipmi/freeipmi-${PV}.tar.gz" |
| 17 | SRC_URI[sha256sum] = "5bcef6bb9eb680e49b4a3623579930ace7899f53925b2045fe9f91ad6904111d" | 17 | SRC_URI[sha256sum] = "16783d10faa28847a795cce0bf86deeaa72b8fbe71d1f0dc1101d13a6b501ec1" |
| 18 | 18 | ||
| 19 | DEPENDS = "libgcrypt" | 19 | DEPENDS = "libgcrypt" |
| 20 | DEPENDS:append:libc-musl = " argp-standalone" | 20 | DEPENDS:append:libc-musl = " argp-standalone" |
| @@ -23,3 +23,4 @@ inherit pkgconfig autotools | |||
| 23 | 23 | ||
| 24 | EXTRA_OECONF = "--without-random-device" | 24 | EXTRA_OECONF = "--without-random-device" |
| 25 | 25 | ||
| 26 | CVE_STATUS[CVE-2026-33554] = "fixed-version: fixed since 1.6.17" | ||
diff --git a/meta-oe/recipes-support/gd/gd_2.3.3.bb b/meta-oe/recipes-support/gd/gd_2.3.3.bb index 0d7a6d34f9..062c4b4a8f 100644 --- a/meta-oe/recipes-support/gd/gd_2.3.3.bb +++ b/meta-oe/recipes-support/gd/gd_2.3.3.bb | |||
| @@ -23,14 +23,23 @@ SRCREV = "b5319a41286107b53daa0e08e402aa1819764bdc" | |||
| 23 | 23 | ||
| 24 | inherit autotools binconfig gettext pkgconfig | 24 | inherit autotools binconfig gettext pkgconfig |
| 25 | 25 | ||
| 26 | EXTRA_OECONF += " --disable-rpath \ | 26 | PACKAGECONFIG ?= "jpeg freetype" |
| 27 | --with-jpeg=${STAGING_LIBDIR}/.. \ | 27 | |
| 28 | --with-freetype=yes \ | 28 | PACKAGECONFIG[avif] = "--with-avif,--without-avif" |
| 29 | --without-fontconfig \ | 29 | PACKAGECONFIG[fontconfig] = "--with-fontconfig,--without-fontconfig" |
| 30 | --without-webp \ | 30 | PACKAGECONFIG[freetype] = "--with-freetype,--without-freetype" |
| 31 | --without-xpm \ | 31 | PACKAGECONFIG[heif] = "--with-heif,--without-heif" |
| 32 | --without-x \ | 32 | PACKAGECONFIG[jpeg] = "--with-jpeg,--without-jpeg" |
| 33 | " | 33 | PACKAGECONFIG[liq] = "--with-liq,--without-liq" |
| 34 | PACKAGECONFIG[png] = "--with-png,--without-png" | ||
| 35 | PACKAGECONFIG[raqm] = "--with-raqm,--without-raqm,libraqm" | ||
| 36 | PACKAGECONFIG[tiff] = "--with-tiff,--without-tiff" | ||
| 37 | PACKAGECONFIG[webp] = "--with-webp,--without-webp" | ||
| 38 | PACKAGECONFIG[x] = "--with-x,--without-x" | ||
| 39 | PACKAGECONFIG[xpm] = "--with-xpm,--without-xpm" | ||
| 40 | PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib" | ||
| 41 | |||
| 42 | EXTRA_OECONF += "--disable-rpath" | ||
| 34 | 43 | ||
| 35 | EXTRA_OEMAKE = 'LDFLAGS="${LDFLAGS}"' | 44 | EXTRA_OEMAKE = 'LDFLAGS="${LDFLAGS}"' |
| 36 | 45 | ||
diff --git a/meta-oe/recipes-support/glaze/glaze_7.2.1.bb b/meta-oe/recipes-support/glaze/glaze_7.3.3.bb index 9750253005..e733d166b2 100644 --- a/meta-oe/recipes-support/glaze/glaze_7.2.1.bb +++ b/meta-oe/recipes-support/glaze/glaze_7.3.3.bb | |||
| @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=ea4d29875d83fbbf50485c846dbbbed8" | |||
| 5 | 5 | ||
| 6 | SRC_URI = "git://github.com/stephenberry/glaze;protocol=https;branch=main;tag=v${PV}" | 6 | SRC_URI = "git://github.com/stephenberry/glaze;protocol=https;branch=main;tag=v${PV}" |
| 7 | 7 | ||
| 8 | SRCREV = "527b419fecfcc19261866dcfdf62dbf6e393970c" | 8 | SRCREV = "dbf6caec935b768546587a413e45d033480c4483" |
| 9 | 9 | ||
| 10 | inherit cmake | 10 | inherit cmake |
| 11 | 11 | ||
diff --git a/meta-oe/recipes-support/gtk-layer-shell/gtk-layer-shell_0.10.0.bb b/meta-oe/recipes-support/gtk-layer-shell/gtk-layer-shell_0.10.1.bb index 2bfe9b0e77..46a0562d2c 100644 --- a/meta-oe/recipes-support/gtk-layer-shell/gtk-layer-shell_0.10.0.bb +++ b/meta-oe/recipes-support/gtk-layer-shell/gtk-layer-shell_0.10.1.bb | |||
| @@ -18,7 +18,7 @@ DEPENDS += " \ | |||
| 18 | SRC_URI = " \ | 18 | SRC_URI = " \ |
| 19 | git://github.com/wmww/gtk-layer-shell.git;protocol=https;branch=master;tag=v${PV} \ | 19 | git://github.com/wmww/gtk-layer-shell.git;protocol=https;branch=master;tag=v${PV} \ |
| 20 | " | 20 | " |
| 21 | SRCREV = "3964966d72ea3359f4ff748081493e979c080b7e" | 21 | SRCREV = "fd88ba666c18ff65ea786bf7b2e270d840030817" |
| 22 | 22 | ||
| 23 | inherit meson pkgconfig features_check gobject-introspection vala | 23 | inherit meson pkgconfig features_check gobject-introspection vala |
| 24 | 24 | ||
diff --git a/meta-oe/recipes-support/htop/files/0001-configure.ac-Remove-usr-include-libnl3.patch b/meta-oe/recipes-support/htop/files/0001-configure.ac-Remove-usr-include-libnl3.patch index f00f3ac4db..c1f763ce17 100644 --- a/meta-oe/recipes-support/htop/files/0001-configure.ac-Remove-usr-include-libnl3.patch +++ b/meta-oe/recipes-support/htop/files/0001-configure.ac-Remove-usr-include-libnl3.patch | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | From 87d66b3b60176197e785670214b0bbc5bedd6552 Mon Sep 17 00:00:00 2001 | 1 | From 652b208b8c3038934fb55169f44068bbdf399b69 Mon Sep 17 00:00:00 2001 |
| 2 | From: Leon Anavi <leon.anavi@konsulko.com> | 2 | From: Liu Yiding <liuyd.fnst@fujitsu.com> |
| 3 | Date: Mon, 8 Dec 2025 11:06:01 +0000 | 3 | Date: Wed, 15 Apr 2026 01:34:56 +0000 |
| 4 | Subject: [PATCH] configure.ac: Remove /usr/include/libnl3 | 4 | Subject: [PATCH] configure.ac: Remove /usr/include/libnl3 |
| 5 | 5 | ||
| 6 | Fixes: | 6 | Fixes: |
| @@ -11,40 +11,35 @@ netlink/attr.h, netlink/handlers.h, netlink/msg.h | |||
| 11 | Upstream-Status: Inappropriate [OE-specific] | 11 | Upstream-Status: Inappropriate [OE-specific] |
| 12 | 12 | ||
| 13 | Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> | 13 | Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> |
| 14 | |||
| 15 | Update for 3.5.0. | ||
| 16 | Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> | ||
| 14 | --- | 17 | --- |
| 15 | configure.ac | 6 +++--- | 18 | configure.ac | 4 ++-- |
| 16 | 1 file changed, 3 insertions(+), 3 deletions(-) | 19 | 1 file changed, 2 insertions(+), 2 deletions(-) |
| 17 | 20 | ||
| 18 | diff --git a/configure.ac b/configure.ac | 21 | diff --git a/configure.ac b/configure.ac |
| 19 | index 9f2f46b3..f3906692 100644 | 22 | index 2d174d73..ee8b29ca 100644 |
| 20 | --- a/configure.ac | 23 | --- a/configure.ac |
| 21 | +++ b/configure.ac | 24 | +++ b/configure.ac |
| 22 | @@ -980,14 +980,14 @@ case "$enable_delayacct" in | 25 | @@ -1638,7 +1638,7 @@ case "$enable_delayacct" in |
| 23 | enable_delayacct=no | 26 | |
| 24 | else | 27 | htop_save_CFLAGS=$CFLAGS |
| 25 | old_CFLAGS="$CFLAGS" | 28 | # New include path searched after what user has specified |
| 26 | - CFLAGS="$CFLAGS -I/usr/include/libnl3" | 29 | - CFLAGS="$CFLAGS $LIBNL3_CFLAGS" |
| 27 | + CFLAGS="$CFLAGS" | ||
| 28 | AC_CHECK_HEADERS([netlink/attr.h netlink/handlers.h netlink/msg.h], [enable_delayacct=yes], [enable_delayacct=no]) | ||
| 29 | CFLAGS="$old_CFLAGS" | ||
| 30 | fi | ||
| 31 | ;; | ||
| 32 | yes) | ||
| 33 | old_CFLAGS="$CFLAGS" | ||
| 34 | - CFLAGS="$CFLAGS -I/usr/include/libnl3" | ||
| 35 | + CFLAGS="$CFLAGS" | 30 | + CFLAGS="$CFLAGS" |
| 36 | AC_CHECK_HEADERS([netlink/attr.h netlink/handlers.h netlink/msg.h], [], [AC_MSG_ERROR([can not find required header files netlink/attr.h, netlink/handlers.h, netlink/msg.h])]) | 31 | AC_CHECK_HEADERS( |
| 37 | CFLAGS="$old_CFLAGS" | 32 | [netlink/attr.h netlink/handlers.h netlink/msg.h], |
| 38 | ;; | 33 | [], |
| 39 | @@ -997,7 +997,7 @@ case "$enable_delayacct" in | 34 | @@ -1681,7 +1681,7 @@ case "$enable_delayacct" in |
| 40 | esac | 35 | esac |
| 41 | if test "$enable_delayacct" = yes; then | 36 | if test "$enable_delayacct" = yes; then |
| 42 | AC_DEFINE([HAVE_DELAYACCT], [1], [Define if delay accounting support should be enabled.]) | 37 | AC_DEFINE([HAVE_DELAYACCT], [1], [Define if delay accounting support should be enabled.]) |
| 43 | - AM_CFLAGS="$AM_CFLAGS -I/usr/include/libnl3" | 38 | - AM_CFLAGS="$AM_CFLAGS $LIBNL3_CFLAGS" |
| 44 | + AM_CFLAGS="$AM_CFLAGS" | 39 | + AM_CFLAGS="$AM_CFLAGS" |
| 45 | fi | 40 | fi |
| 46 | AM_CONDITIONAL([HAVE_DELAYACCT], [test "$enable_delayacct" = yes]) | 41 | AM_CONDITIONAL([HAVE_DELAYACCT], [test "$enable_delayacct" = yes]) |
| 47 | 42 | ||
| 48 | -- | 43 | -- |
| 49 | 2.47.3 | 44 | 2.43.0 |
| 50 | 45 | ||
diff --git a/meta-oe/recipes-support/htop/htop_3.4.1.bb b/meta-oe/recipes-support/htop/htop_3.5.0.bb index e3f8a7fdb4..961a87097b 100644 --- a/meta-oe/recipes-support/htop/htop_3.4.1.bb +++ b/meta-oe/recipes-support/htop/htop_3.5.0.bb | |||
| @@ -6,10 +6,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" | |||
| 6 | 6 | ||
| 7 | DEPENDS = "ncurses libnl" | 7 | DEPENDS = "ncurses libnl" |
| 8 | 8 | ||
| 9 | SRC_URI = "git://github.com/htop-dev/htop.git;branch=main;protocol=https \ | 9 | SRC_URI = "git://github.com/htop-dev/htop.git;branch=main;protocol=https;tag=${PV} \ |
| 10 | file://0001-configure.ac-Remove-usr-include-libnl3.patch \ | 10 | file://0001-configure.ac-Remove-usr-include-libnl3.patch \ |
| 11 | " | 11 | " |
| 12 | SRCREV = "348c0a6bf4f33571835a0b6a1a0f5deb15132128" | 12 | SRCREV = "a21f043b253a6dfa89df1ff4130fe7d2e505000f" |
| 13 | 13 | ||
| 14 | 14 | ||
| 15 | inherit autotools pkgconfig | 15 | inherit autotools pkgconfig |
| @@ -23,7 +23,7 @@ PACKAGECONFIG ??= " \ | |||
| 23 | " | 23 | " |
| 24 | PACKAGECONFIG[unicode] = "--enable-unicode,--disable-unicode" | 24 | PACKAGECONFIG[unicode] = "--enable-unicode,--disable-unicode" |
| 25 | PACKAGECONFIG[affinity] = "--enable-affinity,--disable-affinity,,,,hwloc" | 25 | PACKAGECONFIG[affinity] = "--enable-affinity,--disable-affinity,,,,hwloc" |
| 26 | PACKAGECONFIG[unwind] = "--enable-unwind,--disable-unwind,libunwind" | 26 | PACKAGECONFIG[unwind] = "--with-libunwind,--without-libunwind,libunwind" |
| 27 | PACKAGECONFIG[hwloc] = "--enable-hwloc,--disable-hwloc,hwloc,,,affinity" | 27 | PACKAGECONFIG[hwloc] = "--enable-hwloc,--disable-hwloc,hwloc,,,affinity" |
| 28 | PACKAGECONFIG[openvz] = "--enable-openvz,--disable-openvz" | 28 | PACKAGECONFIG[openvz] = "--enable-openvz,--disable-openvz" |
| 29 | PACKAGECONFIG[vserver] = "--enable-vserver,--disable-vserver" | 29 | PACKAGECONFIG[vserver] = "--enable-vserver,--disable-vserver" |
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-18.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-19.bb index 49bf257cd3..18c23cb0d4 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-18.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-19.bb | |||
| @@ -17,7 +17,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt | |||
| 17 | file://imagemagick-ptest.sh \ | 17 | file://imagemagick-ptest.sh \ |
| 18 | " | 18 | " |
| 19 | 19 | ||
| 20 | SRCREV = "d4e4b2b35a573fb7d96bc64ff1a417415bbe0f4c" | 20 | SRCREV = "9fbd2b79450e930edb95e8158d412e57a7b27e83" |
| 21 | 21 | ||
| 22 | inherit autotools pkgconfig update-alternatives ptest | 22 | inherit autotools pkgconfig update-alternatives ptest |
| 23 | export ac_cv_sys_file_offset_bits = "64" | 23 | export ac_cv_sys_file_offset_bits = "64" |
diff --git a/meta-oe/recipes-support/jsoncons/jsoncons_1.5.0.bb b/meta-oe/recipes-support/jsoncons/jsoncons_1.6.0.bb index 1321f824ee..64860c06dd 100644 --- a/meta-oe/recipes-support/jsoncons/jsoncons_1.5.0.bb +++ b/meta-oe/recipes-support/jsoncons/jsoncons_1.6.0.bb | |||
| @@ -5,7 +5,7 @@ LICENSE = "BSL-1.0" | |||
| 5 | LIC_FILES_CHKSUM = "file://LICENSE;md5=6ee7f7ed2001e4cde4679fdb8926f820" | 5 | LIC_FILES_CHKSUM = "file://LICENSE;md5=6ee7f7ed2001e4cde4679fdb8926f820" |
| 6 | 6 | ||
| 7 | SRC_URI = "git://github.com/danielaparker/jsoncons.git;protocol=https;branch=master;tag=v${PV}" | 7 | SRC_URI = "git://github.com/danielaparker/jsoncons.git;protocol=https;branch=master;tag=v${PV}" |
| 8 | SRCREV = "95a220dff2d927f15e1fe0c7dac2821b7134e4c9" | 8 | SRCREV = "128553c8d1b222c30819656d123590accb60689d" |
| 9 | 9 | ||
| 10 | 10 | ||
| 11 | inherit cmake | 11 | inherit cmake |
diff --git a/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch new file mode 100644 index 0000000000..2ed8e9f587 --- /dev/null +++ b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch | |||
| @@ -0,0 +1,28 @@ | |||
| 1 | From c83cfcd249d06950a307cee8d1e22b7f6a78a8a7 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Marti Maria <marti.maria@littlecms.com> | ||
| 3 | Date: Thu, 19 Feb 2026 09:07:20 +0100 | ||
| 4 | Subject: [PATCH] Fix integer overflow in CubeSize() | ||
| 5 | |||
| 6 | Thanks to @zerojackyi for reporting | ||
| 7 | |||
| 8 | CVE: CVE-2026-41254 | ||
| 9 | Upstream-Status: Backport [https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0] | ||
| 10 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 11 | --- | ||
| 12 | src/cmslut.c | 3 ++- | ||
| 13 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
| 14 | |||
| 15 | diff --git a/src/cmslut.c b/src/cmslut.c | ||
| 16 | index 1089148..b245209 100644 | ||
| 17 | --- a/src/cmslut.c | ||
| 18 | +++ b/src/cmslut.c | ||
| 19 | @@ -460,7 +460,8 @@ void EvaluateCLUTfloatIn16(const cmsFloat32Number In[], cmsFloat32Number Out[], | ||
| 20 | static | ||
| 21 | cmsUInt32Number CubeSize(const cmsUInt32Number Dims[], cmsUInt32Number b) | ||
| 22 | { | ||
| 23 | - cmsUInt32Number rv, dim; | ||
| 24 | + cmsUInt32Number dim; | ||
| 25 | + cmsUInt64Number rv; | ||
| 26 | |||
| 27 | _cmsAssert(Dims != NULL); | ||
| 28 | |||
diff --git a/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch new file mode 100644 index 0000000000..be8c759a6f --- /dev/null +++ b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch | |||
| @@ -0,0 +1,34 @@ | |||
| 1 | From f5994aea02d5620f3182cafdcf116ffe9d6c9fd2 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Marti Maria <marti.maria@littlecms.com> | ||
| 3 | Date: Thu, 12 Mar 2026 22:57:35 +0100 | ||
| 4 | Subject: [PATCH] check for overflow | ||
| 5 | |||
| 6 | Thanks to Guanni Qu for detecting & reporting the issue | ||
| 7 | |||
| 8 | CVE: CVE-2026-41254 | ||
| 9 | Upstream-Status: Backport [https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc] | ||
| 10 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 11 | --- | ||
| 12 | src/cmslut.c | 6 +++--- | ||
| 13 | 1 file changed, 3 insertions(+), 3 deletions(-) | ||
| 14 | |||
| 15 | diff --git a/src/cmslut.c b/src/cmslut.c | ||
| 16 | index b245209..c1dbb32 100644 | ||
| 17 | --- a/src/cmslut.c | ||
| 18 | +++ b/src/cmslut.c | ||
| 19 | @@ -468,12 +468,12 @@ cmsUInt32Number CubeSize(const cmsUInt32Number Dims[], cmsUInt32Number b) | ||
| 20 | for (rv = 1; b > 0; b--) { | ||
| 21 | |||
| 22 | dim = Dims[b-1]; | ||
| 23 | - if (dim <= 1) return 0; // Error | ||
| 24 | - | ||
| 25 | - rv *= dim; | ||
| 26 | + if (dim <= 1) return 0; | ||
| 27 | |||
| 28 | // Check for overflow | ||
| 29 | if (rv > UINT_MAX / dim) return 0; | ||
| 30 | + | ||
| 31 | + rv *= dim; | ||
| 32 | } | ||
| 33 | |||
| 34 | // Again, prevent overflow | ||
diff --git a/meta-oe/recipes-support/lcms/lcms_2.18.bb b/meta-oe/recipes-support/lcms/lcms_2.18.bb index 79e4a6f694..1ff3b3908f 100644 --- a/meta-oe/recipes-support/lcms/lcms_2.18.bb +++ b/meta-oe/recipes-support/lcms/lcms_2.18.bb | |||
| @@ -3,7 +3,10 @@ SECTION = "libs" | |||
| 3 | LICENSE = "MIT" | 3 | LICENSE = "MIT" |
| 4 | LIC_FILES_CHKSUM = "file://LICENSE;md5=e9ce323c4b71c943a785db90142b228a" | 4 | LIC_FILES_CHKSUM = "file://LICENSE;md5=e9ce323c4b71c943a785db90142b228a" |
| 5 | 5 | ||
| 6 | SRC_URI = "${SOURCEFORGE_MIRROR}/lcms/lcms2-${PV}.tar.gz" | 6 | SRC_URI = "${SOURCEFORGE_MIRROR}/lcms/lcms2-${PV}.tar.gz \ |
| 7 | file://CVE-2026-41254_1.patch \ | ||
| 8 | file://CVE-2026-41254_2.patch \ | ||
| 9 | " | ||
| 7 | SRC_URI[sha256sum] = "ee67be3566f459362c1ee094fde2c159d33fa0390aa4ed5f5af676f9e5004347" | 10 | SRC_URI[sha256sum] = "ee67be3566f459362c1ee094fde2c159d33fa0390aa4ed5f5af676f9e5004347" |
| 8 | 11 | ||
| 9 | DEPENDS = "tiff" | 12 | DEPENDS = "tiff" |
diff --git a/meta-oe/recipes-support/libcanberra/libcanberra_0.30-19.bb b/meta-oe/recipes-support/libcanberra/libcanberra_0.30-20.bb index 2c063fd995..2f10a10931 100644 --- a/meta-oe/recipes-support/libcanberra/libcanberra_0.30-19.bb +++ b/meta-oe/recipes-support/libcanberra/libcanberra_0.30-20.bb | |||
| @@ -12,13 +12,14 @@ SRC_URI = " \ | |||
| 12 | git://salsa.debian.org/gnome-team/libcanberra;protocol=https;branch=debian/latest;tag=debian/${PV} \ | 12 | git://salsa.debian.org/gnome-team/libcanberra;protocol=https;branch=debian/latest;tag=debian/${PV} \ |
| 13 | file://0001-Determine-audio-buffer-size-for-a-time-of-500ms.patch \ | 13 | file://0001-Determine-audio-buffer-size-for-a-time-of-500ms.patch \ |
| 14 | " | 14 | " |
| 15 | SRCREV = "d1ed1ac0c9950ed3908c04abb7c4a6de5c51ed94" | 15 | SRCREV = "47d67f43c58af36143060888fc8e69a9cb0eddea" |
| 16 | 16 | ||
| 17 | EXTRA_OECONF = "\ | 17 | EXTRA_OECONF = "\ |
| 18 | --enable-null \ | 18 | --enable-null \ |
| 19 | --disable-oss \ | 19 | --disable-oss \ |
| 20 | --disable-tdb \ | 20 | --disable-tdb \ |
| 21 | --disable-lynx \ | 21 | --disable-lynx \ |
| 22 | --disable-gtk-doc \ | ||
| 22 | " | 23 | " |
| 23 | 24 | ||
| 24 | PACKAGECONFIG ??= " \ | 25 | PACKAGECONFIG ??= " \ |
diff --git a/meta-oe/recipes-support/libgpiod/libgpiod-2.x/0001-tools-tests-remove-SIGINT-test-cases.patch b/meta-oe/recipes-support/libgpiod/libgpiod-2.x/0001-tools-tests-remove-SIGINT-test-cases.patch deleted file mode 100644 index 7fe06b9882..0000000000 --- a/meta-oe/recipes-support/libgpiod/libgpiod-2.x/0001-tools-tests-remove-SIGINT-test-cases.patch +++ /dev/null | |||
| @@ -1,83 +0,0 @@ | |||
| 1 | From 3c38c5f9ab49384039f35408656a88f87619dd03 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com> | ||
| 3 | Date: Wed, 18 Mar 2026 14:07:06 +0100 | ||
| 4 | Subject: [libgpiod][PATCH] tools: tests: remove SIGINT test cases | ||
| 5 | |||
| 6 | In coreutils v9.10 (specifically with commit 8c2461933411 ("timeout: | ||
| 7 | honor ignored signal dispositions")) the behavior of timeout changed and | ||
| 8 | it will no longer propagate SIGINT or SIGQUIT in shell background jobs. | ||
| 9 | This breaks the test cases checking the behavior of tools after SIGINT. | ||
| 10 | We have to assume that if exit after SIGTERM works, then so does it | ||
| 11 | after SIGINT and remove the failing tests. | ||
| 12 | |||
| 13 | Upstream-Status: Submitted [https://lore.kernel.org/all/20260318131413.56575-1-bartosz.golaszewski@oss.qualcomm.com/] | ||
| 14 | Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com> | ||
| 15 | --- | ||
| 16 | tools/gpio-tools-test.bash | 37 ------------------------------------- | ||
| 17 | 1 file changed, 37 deletions(-) | ||
| 18 | |||
| 19 | diff --git a/tools/gpio-tools-test.bash b/tools/gpio-tools-test.bash | ||
| 20 | index 71d6e3d..62f6836 100755 | ||
| 21 | --- a/tools/gpio-tools-test.bash | ||
| 22 | +++ b/tools/gpio-tools-test.bash | ||
| 23 | @@ -1415,17 +1415,6 @@ test_gpioset_with_lines_strictly_by_name() { | ||
| 24 | gpiosim_check_value sim0 6 0 | ||
| 25 | } | ||
| 26 | |||
| 27 | -test_gpioset_interactive_after_SIGINT() { | ||
| 28 | - gpiosim_chip sim0 num_lines=8 line_name=1:foo | ||
| 29 | - | ||
| 30 | - dut_run gpioset -i foo=1 | ||
| 31 | - | ||
| 32 | - dut_kill -SIGINT | ||
| 33 | - dut_wait | ||
| 34 | - | ||
| 35 | - status_is 130 | ||
| 36 | -} | ||
| 37 | - | ||
| 38 | test_gpioset_interactive_after_SIGTERM() { | ||
| 39 | gpiosim_chip sim0 num_lines=8 line_name=1:foo | ||
| 40 | |||
| 41 | @@ -1907,20 +1896,6 @@ test_gpiomon_multiple_lines_across_multiple_chips() { | ||
| 42 | assert_fail dut_readable | ||
| 43 | } | ||
| 44 | |||
| 45 | -test_gpiomon_exit_after_SIGINT() { | ||
| 46 | - gpiosim_chip sim0 num_lines=8 | ||
| 47 | - | ||
| 48 | - local sim0=${GPIOSIM_CHIP_NAME[sim0]} | ||
| 49 | - | ||
| 50 | - dut_run gpiomon --banner --chip "$sim0" 4 | ||
| 51 | - dut_regex_match "Monitoring line .*" | ||
| 52 | - | ||
| 53 | - dut_kill -SIGINT | ||
| 54 | - dut_wait | ||
| 55 | - | ||
| 56 | - status_is 130 | ||
| 57 | -} | ||
| 58 | - | ||
| 59 | test_gpiomon_exit_after_SIGTERM() { | ||
| 60 | gpiosim_chip sim0 num_lines=8 | ||
| 61 | |||
| 62 | @@ -2503,18 +2478,6 @@ test_gpionotify_multiple_lines_across_multiple_chips() { | ||
| 63 | assert_fail dut_readable | ||
| 64 | } | ||
| 65 | |||
| 66 | -test_gpionotify_exit_after_SIGINT() { | ||
| 67 | - gpiosim_chip sim0 num_lines=8 | ||
| 68 | - | ||
| 69 | - dut_run gpionotify --banner --chip "${GPIOSIM_CHIP_NAME[sim0]}" 4 | ||
| 70 | - dut_regex_match "Watching line .*" | ||
| 71 | - | ||
| 72 | - dut_kill -SIGINT | ||
| 73 | - dut_wait | ||
| 74 | - | ||
| 75 | - status_is 130 | ||
| 76 | -} | ||
| 77 | - | ||
| 78 | test_gpionotify_exit_after_SIGTERM() { | ||
| 79 | gpiosim_chip sim0 num_lines=8 | ||
| 80 | |||
| 81 | -- | ||
| 82 | 2.47.3 | ||
| 83 | |||
diff --git a/meta-oe/recipes-support/libgpiod/libgpiod_2.2.3.bb b/meta-oe/recipes-support/libgpiod/libgpiod_2.2.4.bb index 38829a620f..2c8d9f1873 100644 --- a/meta-oe/recipes-support/libgpiod/libgpiod_2.2.3.bb +++ b/meta-oe/recipes-support/libgpiod/libgpiod_2.2.4.bb | |||
| @@ -13,10 +13,9 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}-2.x:" | |||
| 13 | 13 | ||
| 14 | SRC_URI += " \ | 14 | SRC_URI += " \ |
| 15 | file://gpio-manager.init \ | 15 | file://gpio-manager.init \ |
| 16 | file://0001-tools-tests-remove-SIGINT-test-cases.patch \ | ||
| 17 | " | 16 | " |
| 18 | 17 | ||
| 19 | SRC_URI[sha256sum] = "70012b0262e4b90f140431efa841ca89643b02ea6c09f507e23cec664a51b71a" | 18 | SRC_URI[sha256sum] = "13207176b0eb9b3e0f02552d5f49f5a6a449343ce47416158bb484d9d3019592" |
| 20 | 19 | ||
| 21 | # Enable all project features for ptest | 20 | # Enable all project features for ptest |
| 22 | PACKAGECONFIG[tests] = " \ | 21 | PACKAGECONFIG[tests] = " \ |
diff --git a/meta-oe/recipes-support/libgusb/libgusb_0.4.9.bb b/meta-oe/recipes-support/libgusb/libgusb_0.4.9.bb index 9007574fc6..25750247f8 100644 --- a/meta-oe/recipes-support/libgusb/libgusb_0.4.9.bb +++ b/meta-oe/recipes-support/libgusb/libgusb_0.4.9.bb | |||
| @@ -10,7 +10,7 @@ inherit meson gobject-introspection gi-docgen gettext vala pkgconfig | |||
| 10 | PACKAGECONFIG:class-target ??= "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'vapi', '', d)}" | 10 | PACKAGECONFIG:class-target ??= "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'vapi', '', d)}" |
| 11 | PACKAGECONFIG[vapi] = "-Dvapi=true,-Dvapi=false" | 11 | PACKAGECONFIG[vapi] = "-Dvapi=true,-Dvapi=false" |
| 12 | 12 | ||
| 13 | EXTRA_OEMESON:class-native += "-Dtests=false -Dintrospection=false" | 13 | EXTRA_OEMESON:class-native = "-Dtests=false -Dintrospection=false" |
| 14 | 14 | ||
| 15 | GIDOCGEN_MESON_OPTION = 'docs' | 15 | GIDOCGEN_MESON_OPTION = 'docs' |
| 16 | 16 | ||
diff --git a/meta-oe/recipes-support/libharu/libharu_2.4.5.bb b/meta-oe/recipes-support/libharu/libharu_2.4.6.bb index 0ad4bd92c0..714cccbc3c 100644 --- a/meta-oe/recipes-support/libharu/libharu_2.4.5.bb +++ b/meta-oe/recipes-support/libharu/libharu_2.4.6.bb | |||
| @@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=924546dab2bef90e370d7c0c090ddcf0" | |||
| 8 | 8 | ||
| 9 | DEPENDS += "libpng zlib" | 9 | DEPENDS += "libpng zlib" |
| 10 | 10 | ||
| 11 | SRC_URI = "git://github.com/libharu/libharu.git;branch=master;protocol=https" | 11 | SRC_URI = "git://github.com/libharu/libharu.git;branch=master;protocol=https;tag=v${PV}" |
| 12 | SRCREV = "8fe5a738541a04642885fb7a75b2b5b9c5b416fa" | 12 | SRCREV = "3467749fd1c0ab6ca6ed424d053b1ea53c1bf67c" |
| 13 | 13 | ||
| 14 | 14 | ||
| 15 | inherit cmake | 15 | inherit cmake |
diff --git a/meta-oe/recipes-support/liboauth2/liboauth2/0001-build-guard-coverage-linker-flag-behind-CODE_COVERAG.patch b/meta-oe/recipes-support/liboauth2/liboauth2/0001-build-guard-coverage-linker-flag-behind-CODE_COVERAG.patch new file mode 100644 index 0000000000..f234cbd50b --- /dev/null +++ b/meta-oe/recipes-support/liboauth2/liboauth2/0001-build-guard-coverage-linker-flag-behind-CODE_COVERAG.patch | |||
| @@ -0,0 +1,33 @@ | |||
| 1 | From 7c70315f7f6b4305d761804fb03f8f90ad7572eb Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Khem Raj <khem.raj@oss.qualcomm.com> | ||
| 3 | Date: Fri, 17 Apr 2026 14:01:46 -0700 | ||
| 4 | Subject: [PATCH] build: guard --coverage linker flag behind | ||
| 5 | CODE_COVERAGE_ENABLED | ||
| 6 | |||
| 7 | AM_LDFLAGS passes --coverage to the linker unconditionally, | ||
| 8 | it causes coverage instrumentation to be enabled even when | ||
| 9 | configured with --disable-code-coverage. Wrap it in the | ||
| 10 | automake conditional provided by AX_CODE_COVERAGE. | ||
| 11 | |||
| 12 | Upstream-Status: Submitted [https://github.com/OpenIDC/liboauth2/pull/74] | ||
| 13 | Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> | ||
| 14 | --- | ||
| 15 | Makefile.am | 5 ++++- | ||
| 16 | 1 file changed, 4 insertions(+), 1 deletion(-) | ||
| 17 | |||
| 18 | diff --git a/Makefile.am b/Makefile.am | ||
| 19 | index a079dcc..a3f991d 100644 | ||
| 20 | --- a/Makefile.am | ||
| 21 | +++ b/Makefile.am | ||
| 22 | @@ -8,7 +8,10 @@ EXTRA_DIST = autogen.sh ChangeLog README.md LICENSE | ||
| 23 | |||
| 24 | AM_CPPFLAGS = -Wall -Werror -Wno-error=deprecated-declarations -I${srcdir}/include -I${srcdir}/src @JANSSON_CFLAGS@ @OPENSSL_CFLAGS@ | ||
| 25 | AM_CPPFLAGS += $(CODE_COVERAGE_CPPFLAGS) $(CODE_COVERAGE_CFLAGS) | ||
| 26 | -AM_LDFLAGS = --coverage | ||
| 27 | +AM_LDFLAGS = | ||
| 28 | +if CODE_COVERAGE_ENABLED | ||
| 29 | +AM_LDFLAGS += --coverage | ||
| 30 | +endif | ||
| 31 | |||
| 32 | LDADD = @JANSSON_LIBS@ @OPENSSL_LIBS@ | ||
| 33 | LDADD += $(CODE_COVERAGE_LIBS) | ||
diff --git a/meta-oe/recipes-support/liboauth2/liboauth2_2.2.0.bb b/meta-oe/recipes-support/liboauth2/liboauth2_2.2.0.bb index 5b1ecd23dd..83825c69a5 100644 --- a/meta-oe/recipes-support/liboauth2/liboauth2_2.2.0.bb +++ b/meta-oe/recipes-support/liboauth2/liboauth2_2.2.0.bb | |||
| @@ -7,6 +7,7 @@ SRC_URI = " \ | |||
| 7 | git://github.com/OpenIDC/liboauth2;protocol=https;branch=master;tag=v${PV} \ | 7 | git://github.com/OpenIDC/liboauth2;protocol=https;branch=master;tag=v${PV} \ |
| 8 | file://0001-fix-clang-curl_easy_setopt-takes-a-long-not-an-int.patch \ | 8 | file://0001-fix-clang-curl_easy_setopt-takes-a-long-not-an-int.patch \ |
| 9 | file://0002-Fix-use-of-strchr-with-new-GCC.patch \ | 9 | file://0002-Fix-use-of-strchr-with-new-GCC.patch \ |
| 10 | file://0001-build-guard-coverage-linker-flag-behind-CODE_COVERAG.patch \ | ||
| 10 | " | 11 | " |
| 11 | 12 | ||
| 12 | SRCREV = "12571b6d6568c2db7d5f080f60ecb55795c0db19" | 13 | SRCREV = "12571b6d6568c2db7d5f080f60ecb55795c0db19" |
| @@ -20,4 +21,4 @@ PACKAGECONFIG[memcache] = "--with-memcache,--without-memcache,libmemcached" | |||
| 20 | PACKAGECONFIG[redis] = "--with-redis,--without-redis,hiredis" | 21 | PACKAGECONFIG[redis] = "--with-redis,--without-redis,hiredis" |
| 21 | PACKAGECONFIG[jq] = "--with-jq,--without-jq,jq" | 22 | PACKAGECONFIG[jq] = "--with-jq,--without-jq,jq" |
| 22 | PACKAGECONFIG[apache] = "--with-apache,--without-apache,apache2" | 23 | PACKAGECONFIG[apache] = "--with-apache,--without-apache,apache2" |
| 23 | 24 | PACKAGECONFIG[ccov] = "--enable-code-coverage,--disable-code-coverage," | |
diff --git a/meta-oe/recipes-support/libraw/libraw_0.21.4.bb b/meta-oe/recipes-support/libraw/libraw_0.21.4.bb deleted file mode 100644 index ef0a0255d9..0000000000 --- a/meta-oe/recipes-support/libraw/libraw_0.21.4.bb +++ /dev/null | |||
| @@ -1,10 +0,0 @@ | |||
| 1 | SUMMARY = "raw image decoder" | ||
| 2 | LICENSE = "LGPL-2.1-only | CDDL-1.0" | ||
| 3 | LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=1501ae0aa3c8544e63f08d6f7bf88a6f" | ||
| 4 | |||
| 5 | SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=0.21-stable;protocol=https;tag=${PV}" | ||
| 6 | SRCREV = "9646d776c7c61976080a8f2be67928df0750493e" | ||
| 7 | |||
| 8 | inherit autotools pkgconfig | ||
| 9 | |||
| 10 | DEPENDS = "jpeg jasper lcms" | ||
diff --git a/meta-oe/recipes-support/libraw/libraw_0.22.1.bb b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb new file mode 100644 index 0000000000..e99f0e46b6 --- /dev/null +++ b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb | |||
| @@ -0,0 +1,17 @@ | |||
| 1 | SUMMARY = "raw image decoder" | ||
| 2 | LICENSE = "LGPL-2.1-only | CDDL-1.0" | ||
| 3 | LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=1d66195044cfbe4327c055d1c9c1a229" | ||
| 4 | |||
| 5 | SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=0.22-stable;protocol=https;tag=${PV}" | ||
| 6 | SRCREV = "b860248a89d9082b8e0a1e202e516f46af9adb29" | ||
| 7 | |||
| 8 | inherit autotools pkgconfig | ||
| 9 | |||
| 10 | DEPENDS = "jpeg jasper lcms" | ||
| 11 | |||
| 12 | CVE_STATUS[CVE-2026-5318] = "fixed-version: fixed since 0.22.1" | ||
| 13 | CVE_STATUS[CVE-2026-5342] = "fixed-version: fixed since 0.22.1" | ||
| 14 | CVE_STATUS[CVE-2026-20884] = "fixed-version: fixed since 0.22.1" | ||
| 15 | CVE_STATUS[CVE-2026-24450] = "fixed-version: fixed since 0.22.1" | ||
| 16 | CVE_STATUS[CVE-2026-20911] = "fixed-version: fixed since 0.22.1" | ||
| 17 | CVE_STATUS[CVE-2026-21413] = "fixed-version: fixed since 0.22.1" | ||
diff --git a/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb b/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb index 85eac33369..99d0939b34 100644 --- a/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb +++ b/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb | |||
| @@ -20,6 +20,9 @@ UPSTREAM_CHECK_REGEX = "${BPN}-(?P<pver>\d+(\.\d+)+)" | |||
| 20 | DEPENDS += "bison-native flex-native wget-native gawk-native" | 20 | DEPENDS += "bison-native flex-native wget-native gawk-native" |
| 21 | 21 | ||
| 22 | inherit autotools-brokensep update-alternatives | 22 | inherit autotools-brokensep update-alternatives |
| 23 | |||
| 24 | CACHED_CONFIGUREVARS += "ac_cv_prog_cc_c23=no" | ||
| 25 | |||
| 23 | ALTERNATIVE_PRIORITY = "50" | 26 | ALTERNATIVE_PRIORITY = "50" |
| 24 | ALTERNATIVE:${PN}-yang = " ietf-interfaces ietf-netconf-acm ietf-netconf-with-defaults ietf-netconf" | 27 | ALTERNATIVE:${PN}-yang = " ietf-interfaces ietf-netconf-acm ietf-netconf-with-defaults ietf-netconf" |
| 25 | ALTERNATIVE_LINK_NAME[ietf-interfaces] = "${datadir}/yang/ietf-interfaces.yang" | 28 | ALTERNATIVE_LINK_NAME[ietf-interfaces] = "${datadir}/yang/ietf-interfaces.yang" |
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch new file mode 100644 index 0000000000..7815dba55a --- /dev/null +++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch | |||
| @@ -0,0 +1,52 @@ | |||
| 1 | From d6028a6e6a8417b7fb6c89f6c10fb94781435ee6 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Changqing Li <changqing.li@windriver.com> | ||
| 3 | Date: Wed, 4 Feb 2026 15:08:50 +0800 | ||
| 4 | Subject: [PATCH] Reject duplicate Host headers (for libsoup 2) | ||
| 5 | |||
| 6 | This is a simplified version of my patch for libsoup 3: | ||
| 7 | |||
| 8 | !491 | ||
| 9 | |||
| 10 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/d3db5a6f8f03e1f0133754872877c92c0284c472] | ||
| 11 | CVE: CVE-2025-14523 | ||
| 12 | |||
| 13 | This patch is a MR for branch 2-74, but not merged yet, maybe it will | ||
| 14 | not be merged. | ||
| 15 | |||
| 16 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
| 17 | --- | ||
| 18 | libsoup/soup-headers.c | 3 +++ | ||
| 19 | libsoup/soup-message-headers.c | 3 +++ | ||
| 20 | 2 files changed, 6 insertions(+) | ||
| 21 | |||
| 22 | diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c | ||
| 23 | index ea2f986..6cd3dad 100644 | ||
| 24 | --- a/libsoup/soup-headers.c | ||
| 25 | +++ b/libsoup/soup-headers.c | ||
| 26 | @@ -138,6 +138,9 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest) | ||
| 27 | for (p = strchr (value, '\r'); p; p = strchr (p, '\r')) | ||
| 28 | *p = ' '; | ||
| 29 | |||
| 30 | + if (g_ascii_strcasecmp (name, "Host") == 0 && soup_message_headers_get_one (dest, "Host")) | ||
| 31 | + goto done; | ||
| 32 | + | ||
| 33 | soup_message_headers_append (dest, name, value); | ||
| 34 | } | ||
| 35 | success = TRUE; | ||
| 36 | diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c | ||
| 37 | index f612bff..bb20bbb 100644 | ||
| 38 | --- a/libsoup/soup-message-headers.c | ||
| 39 | +++ b/libsoup/soup-message-headers.c | ||
| 40 | @@ -220,6 +220,9 @@ soup_message_headers_append (SoupMessageHeaders *hdrs, | ||
| 41 | } | ||
| 42 | #endif | ||
| 43 | |||
| 44 | + if (g_ascii_strcasecmp (name, "Host") == 0 && soup_message_headers_get_one (hdrs, "Host")) | ||
| 45 | + return; | ||
| 46 | + | ||
| 47 | header.name = intern_header_name (name, &setter); | ||
| 48 | header.value = g_strdup (value); | ||
| 49 | g_array_append_val (hdrs->array, header); | ||
| 50 | -- | ||
| 51 | 2.34.1 | ||
| 52 | |||
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-1.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-1.patch new file mode 100644 index 0000000000..64e87cb1ec --- /dev/null +++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-1.patch | |||
| @@ -0,0 +1,229 @@ | |||
| 1 | From c574e659c41c18fad3973bbaa3b3ec75664b3137 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Changqing Li <changqing.li@windriver.com> | ||
| 3 | Date: Thu, 5 Feb 2026 16:20:02 +0800 | ||
| 4 | Subject: [PATCH 1/2] websocket: add a way to restrict the total message size | ||
| 5 | |||
| 6 | Otherwise a client could send small packages smaller than | ||
| 7 | total-incoming-payload-size but still to break the server | ||
| 8 | with a big allocation | ||
| 9 | |||
| 10 | Fixes: #390 | ||
| 11 | |||
| 12 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/db87805ab565d67533dfed2cb409dbfd63c7fdce] | ||
| 13 | CVE: CVE-2025-32049 | ||
| 14 | |||
| 15 | libsoup2 is not maintained, the patch is backported from libsoup3, and | ||
| 16 | change accordingly | ||
| 17 | |||
| 18 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
| 19 | --- | ||
| 20 | libsoup/soup-websocket-connection.c | 104 ++++++++++++++++++++++++++-- | ||
| 21 | libsoup/soup-websocket-connection.h | 7 ++ | ||
| 22 | 2 files changed, 107 insertions(+), 4 deletions(-) | ||
| 23 | |||
| 24 | diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c | ||
| 25 | index 9d5f4f8..3dad477 100644 | ||
| 26 | --- a/libsoup/soup-websocket-connection.c | ||
| 27 | +++ b/libsoup/soup-websocket-connection.c | ||
| 28 | @@ -85,7 +85,8 @@ enum { | ||
| 29 | PROP_STATE, | ||
| 30 | PROP_MAX_INCOMING_PAYLOAD_SIZE, | ||
| 31 | PROP_KEEPALIVE_INTERVAL, | ||
| 32 | - PROP_EXTENSIONS | ||
| 33 | + PROP_EXTENSIONS, | ||
| 34 | + PROP_MAX_TOTAL_MESSAGE_SIZE, | ||
| 35 | }; | ||
| 36 | |||
| 37 | enum { | ||
| 38 | @@ -120,6 +121,7 @@ struct _SoupWebsocketConnectionPrivate { | ||
| 39 | char *origin; | ||
| 40 | char *protocol; | ||
| 41 | guint64 max_incoming_payload_size; | ||
| 42 | + guint64 max_total_message_size; | ||
| 43 | guint keepalive_interval; | ||
| 44 | |||
| 45 | gushort peer_close_code; | ||
| 46 | @@ -152,6 +154,7 @@ struct _SoupWebsocketConnectionPrivate { | ||
| 47 | }; | ||
| 48 | |||
| 49 | #define MAX_INCOMING_PAYLOAD_SIZE_DEFAULT 128 * 1024 | ||
| 50 | +#define MAX_TOTAL_MESSAGE_SIZE_DEFAULT 128 * 1024 | ||
| 51 | #define READ_BUFFER_SIZE 1024 | ||
| 52 | #define MASK_LENGTH 4 | ||
| 53 | |||
| 54 | @@ -664,7 +667,7 @@ bad_data_error_and_close (SoupWebsocketConnection *self) | ||
| 55 | } | ||
| 56 | |||
| 57 | static void | ||
| 58 | -too_big_error_and_close (SoupWebsocketConnection *self, | ||
| 59 | +too_big_incoming_payload_error_and_close (SoupWebsocketConnection *self, | ||
| 60 | guint64 payload_len) | ||
| 61 | { | ||
| 62 | GError *error; | ||
| 63 | @@ -680,6 +683,23 @@ too_big_error_and_close (SoupWebsocketConnection *self, | ||
| 64 | emit_error_and_close (self, error, TRUE); | ||
| 65 | } | ||
| 66 | |||
| 67 | +static void | ||
| 68 | +too_big_message_error_and_close (SoupWebsocketConnection *self, | ||
| 69 | + guint64 len) | ||
| 70 | +{ | ||
| 71 | + GError *error; | ||
| 72 | + | ||
| 73 | + error = g_error_new_literal (SOUP_WEBSOCKET_ERROR, | ||
| 74 | + SOUP_WEBSOCKET_CLOSE_TOO_BIG, | ||
| 75 | + self->pv->connection_type == SOUP_WEBSOCKET_CONNECTION_SERVER ? | ||
| 76 | + "Received WebSocket payload from the client larger than configured max-total-message-size" : | ||
| 77 | + "Received WebSocket payload from the server larger than configured max-total-message-size"); | ||
| 78 | + g_debug ("%s received message of size %" G_GUINT64_FORMAT " or greater, but max supported size is %" G_GUINT64_FORMAT, | ||
| 79 | + self->pv->connection_type == SOUP_WEBSOCKET_CONNECTION_SERVER ? "server" : "client", | ||
| 80 | + len, self->pv->max_total_message_size); | ||
| 81 | + emit_error_and_close (self, error, TRUE); | ||
| 82 | +} | ||
| 83 | + | ||
| 84 | static void | ||
| 85 | close_connection (SoupWebsocketConnection *self, | ||
| 86 | gushort code, | ||
| 87 | @@ -913,6 +933,12 @@ process_contents (SoupWebsocketConnection *self, | ||
| 88 | switch (pv->message_opcode) { | ||
| 89 | case 0x01: | ||
| 90 | case 0x02: | ||
| 91 | + /* Safety valve */ | ||
| 92 | + if (pv->max_total_message_size > 0 && | ||
| 93 | + (pv->message_data->len + payload_len) > pv->max_total_message_size) { | ||
| 94 | + too_big_message_error_and_close (self, (pv->message_data->len + payload_len)); | ||
| 95 | + return; | ||
| 96 | + } | ||
| 97 | g_byte_array_append (pv->message_data, payload, payload_len); | ||
| 98 | break; | ||
| 99 | default: | ||
| 100 | @@ -1050,7 +1076,7 @@ process_frame (SoupWebsocketConnection *self) | ||
| 101 | /* Safety valve */ | ||
| 102 | if (self->pv->max_incoming_payload_size > 0 && | ||
| 103 | payload_len >= self->pv->max_incoming_payload_size) { | ||
| 104 | - too_big_error_and_close (self, payload_len); | ||
| 105 | + too_big_incoming_payload_error_and_close (self, payload_len); | ||
| 106 | return FALSE; | ||
| 107 | } | ||
| 108 | |||
| 109 | @@ -1357,6 +1383,10 @@ soup_websocket_connection_get_property (GObject *object, | ||
| 110 | g_value_set_pointer (value, pv->extensions); | ||
| 111 | break; | ||
| 112 | |||
| 113 | + case PROP_MAX_TOTAL_MESSAGE_SIZE: | ||
| 114 | + g_value_set_uint64 (value, pv->max_total_message_size); | ||
| 115 | + break; | ||
| 116 | + | ||
| 117 | default: | ||
| 118 | G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); | ||
| 119 | break; | ||
| 120 | @@ -1410,6 +1440,10 @@ soup_websocket_connection_set_property (GObject *object, | ||
| 121 | pv->extensions = g_value_get_pointer (value); | ||
| 122 | break; | ||
| 123 | |||
| 124 | + case PROP_MAX_TOTAL_MESSAGE_SIZE: | ||
| 125 | + pv->max_total_message_size = g_value_get_uint64 (value); | ||
| 126 | + break; | ||
| 127 | + | ||
| 128 | default: | ||
| 129 | G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); | ||
| 130 | break; | ||
| 131 | @@ -1631,7 +1665,24 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass) | ||
| 132 | G_PARAM_READWRITE | | ||
| 133 | G_PARAM_CONSTRUCT_ONLY | | ||
| 134 | G_PARAM_STATIC_STRINGS)); | ||
| 135 | - | ||
| 136 | + /** | ||
| 137 | + * SoupWebsocketConnection:max-total-message-size: | ||
| 138 | + * | ||
| 139 | + * The total message size for incoming packets. | ||
| 140 | + * | ||
| 141 | + * The protocol expects or 0 to not limit it. | ||
| 142 | + * | ||
| 143 | + */ | ||
| 144 | + g_object_class_install_property (gobject_class, PROP_MAX_TOTAL_MESSAGE_SIZE, | ||
| 145 | + g_param_spec_uint64 ("max-total-message-size", | ||
| 146 | + "Max total message size", | ||
| 147 | + "Max total message size ", | ||
| 148 | + 0, | ||
| 149 | + G_MAXUINT64, | ||
| 150 | + MAX_TOTAL_MESSAGE_SIZE_DEFAULT, | ||
| 151 | + G_PARAM_READWRITE | | ||
| 152 | + G_PARAM_CONSTRUCT | | ||
| 153 | + G_PARAM_STATIC_STRINGS)); | ||
| 154 | /** | ||
| 155 | * SoupWebsocketConnection::message: | ||
| 156 | * @self: the WebSocket | ||
| 157 | @@ -2145,6 +2196,51 @@ soup_websocket_connection_set_max_incoming_payload_size (SoupWebsocketConnection | ||
| 158 | } | ||
| 159 | } | ||
| 160 | |||
| 161 | +/** | ||
| 162 | + * soup_websocket_connection_get_max_total_message_size: | ||
| 163 | + * @self: the WebSocket | ||
| 164 | + * | ||
| 165 | + * Gets the maximum total message size allowed for packets. | ||
| 166 | + * | ||
| 167 | + * Returns: the maximum total message size. | ||
| 168 | + * | ||
| 169 | + */ | ||
| 170 | +guint64 | ||
| 171 | +soup_websocket_connection_get_max_total_message_size (SoupWebsocketConnection *self) | ||
| 172 | +{ | ||
| 173 | + SoupWebsocketConnectionPrivate *pv; | ||
| 174 | + | ||
| 175 | + g_return_val_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self), MAX_TOTAL_MESSAGE_SIZE_DEFAULT); | ||
| 176 | + pv = self->pv; | ||
| 177 | + | ||
| 178 | + return pv->max_total_message_size; | ||
| 179 | +} | ||
| 180 | + | ||
| 181 | +/** | ||
| 182 | + * soup_websocket_connection_set_max_total_message_size: | ||
| 183 | + * @self: the WebSocket | ||
| 184 | + * @max_total_message_size: the maximum total message size | ||
| 185 | + * | ||
| 186 | + * Sets the maximum total message size allowed for packets. | ||
| 187 | + * | ||
| 188 | + * It does not limit the outgoing packet size. | ||
| 189 | + * | ||
| 190 | + */ | ||
| 191 | +void | ||
| 192 | +soup_websocket_connection_set_max_total_message_size (SoupWebsocketConnection *self, | ||
| 193 | + guint64 max_total_message_size) | ||
| 194 | +{ | ||
| 195 | + SoupWebsocketConnectionPrivate *pv; | ||
| 196 | + | ||
| 197 | + g_return_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self)); | ||
| 198 | + pv = self->pv; | ||
| 199 | + | ||
| 200 | + if (pv->max_total_message_size != max_total_message_size) { | ||
| 201 | + pv->max_total_message_size = max_total_message_size; | ||
| 202 | + g_object_notify (G_OBJECT (self), "max-total-message-size"); | ||
| 203 | + } | ||
| 204 | +} | ||
| 205 | + | ||
| 206 | /** | ||
| 207 | * soup_websocket_connection_get_keepalive_interval: | ||
| 208 | * @self: the WebSocket | ||
| 209 | diff --git a/libsoup/soup-websocket-connection.h b/libsoup/soup-websocket-connection.h | ||
| 210 | index f82d723..d2a60e9 100644 | ||
| 211 | --- a/libsoup/soup-websocket-connection.h | ||
| 212 | +++ b/libsoup/soup-websocket-connection.h | ||
| 213 | @@ -136,6 +136,13 @@ SOUP_AVAILABLE_IN_2_58 | ||
| 214 | void soup_websocket_connection_set_keepalive_interval (SoupWebsocketConnection *self, | ||
| 215 | guint interval); | ||
| 216 | |||
| 217 | +SOUP_AVAILABLE_IN_2_72 | ||
| 218 | +guint64 soup_websocket_connection_get_max_total_message_size (SoupWebsocketConnection *self); | ||
| 219 | + | ||
| 220 | +SOUP_AVAILABLE_IN_2_72 | ||
| 221 | +void soup_websocket_connection_set_max_total_message_size (SoupWebsocketConnection *self, | ||
| 222 | + guint64 max_total_message_size); | ||
| 223 | + | ||
| 224 | G_END_DECLS | ||
| 225 | |||
| 226 | #endif /* __SOUP_WEBSOCKET_CONNECTION_H__ */ | ||
| 227 | -- | ||
| 228 | 2.34.1 | ||
| 229 | |||
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-2.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-2.patch new file mode 100644 index 0000000000..f9c894aaec --- /dev/null +++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-2.patch | |||
| @@ -0,0 +1,131 @@ | |||
| 1 | From 0bfc66f1082f5d47df99b6fc03f742ef7fa1051e Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Changqing Li <changqing.li@windriver.com> | ||
| 3 | Date: Thu, 5 Feb 2026 17:19:51 +0800 | ||
| 4 | Subject: [PATCH] Set message size limit in SoupServer rather than | ||
| 5 | SoupWebsocketConnection | ||
| 6 | |||
| 7 | We're not sure about the compatibility implications of having a default | ||
| 8 | size limit for clients. | ||
| 9 | |||
| 10 | Also not sure whether the server limit is actually set appropriately, | ||
| 11 | but there is probably very little server usage of | ||
| 12 | SoupWebsocketConnection in the wild, so it's not so likely to break | ||
| 13 | things. | ||
| 14 | |||
| 15 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/2df34d9544cabdbfdedd3b36f098cf69233b1df7] | ||
| 16 | CVE: CVE-2025-32049 | ||
| 17 | |||
| 18 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
| 19 | --- | ||
| 20 | libsoup/soup-server.c | 24 +++++++++++++++++++----- | ||
| 21 | libsoup/soup-websocket-connection.c | 23 ++++++++++++++++------- | ||
| 22 | 2 files changed, 35 insertions(+), 12 deletions(-) | ||
| 23 | |||
| 24 | diff --git a/libsoup/soup-server.c b/libsoup/soup-server.c | ||
| 25 | index 63875f3..a3f8597 100644 | ||
| 26 | --- a/libsoup/soup-server.c | ||
| 27 | +++ b/libsoup/soup-server.c | ||
| 28 | @@ -216,6 +216,16 @@ enum { | ||
| 29 | |||
| 30 | G_DEFINE_TYPE_WITH_PRIVATE (SoupServer, soup_server, G_TYPE_OBJECT) | ||
| 31 | |||
| 32 | +/* SoupWebsocketConnection by default limits only maximum packet size. But a | ||
| 33 | + * message may consist of multiple packets, so SoupServer additionally restricts | ||
| 34 | + * total message size to mitigate denial of service attacks on the server. | ||
| 35 | + * SoupWebsocketConnection does not do this by default because I don't know | ||
| 36 | + * whether that would or would not cause compatibility problems for websites. | ||
| 37 | + * | ||
| 38 | + * This size is in bytes and it is arbitrary. | ||
| 39 | + */ | ||
| 40 | +#define MAX_TOTAL_MESSAGE_SIZE_DEFAULT 128 * 1024 | ||
| 41 | + | ||
| 42 | static SoupClientContext *soup_client_context_ref (SoupClientContext *client); | ||
| 43 | static void soup_client_context_unref (SoupClientContext *client); | ||
| 44 | |||
| 45 | @@ -1445,11 +1455,15 @@ complete_websocket_upgrade (SoupMessage *msg, gpointer user_data) | ||
| 46 | |||
| 47 | soup_client_context_ref (client); | ||
| 48 | stream = soup_client_context_steal_connection (client); | ||
| 49 | - conn = soup_websocket_connection_new_with_extensions (stream, uri, | ||
| 50 | - SOUP_WEBSOCKET_CONNECTION_SERVER, | ||
| 51 | - soup_message_headers_get_one (msg->request_headers, "Origin"), | ||
| 52 | - soup_message_headers_get_one (msg->response_headers, "Sec-WebSocket-Protocol"), | ||
| 53 | - handler->websocket_extensions); | ||
| 54 | + conn = SOUP_WEBSOCKET_CONNECTION (g_object_new (SOUP_TYPE_WEBSOCKET_CONNECTION, | ||
| 55 | + "io-stream", stream, | ||
| 56 | + "uri", uri, | ||
| 57 | + "connection-type", SOUP_WEBSOCKET_CONNECTION_SERVER, | ||
| 58 | + "origin", soup_message_headers_get_one (msg->request_headers, "Origin"), | ||
| 59 | + "protocol", soup_message_headers_get_one (msg->response_headers, "Sec-WebSocket-Protocol"), | ||
| 60 | + "extensions", handler->websocket_extensions, | ||
| 61 | + "max-total-message-size", (guint64)MAX_TOTAL_MESSAGE_SIZE_DEFAULT, | ||
| 62 | + NULL)); | ||
| 63 | handler->websocket_extensions = NULL; | ||
| 64 | g_object_unref (stream); | ||
| 65 | soup_client_context_unref (client); | ||
| 66 | diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c | ||
| 67 | index 3dad477..e7fa9b7 100644 | ||
| 68 | --- a/libsoup/soup-websocket-connection.c | ||
| 69 | +++ b/libsoup/soup-websocket-connection.c | ||
| 70 | @@ -154,7 +154,6 @@ struct _SoupWebsocketConnectionPrivate { | ||
| 71 | }; | ||
| 72 | |||
| 73 | #define MAX_INCOMING_PAYLOAD_SIZE_DEFAULT 128 * 1024 | ||
| 74 | -#define MAX_TOTAL_MESSAGE_SIZE_DEFAULT 128 * 1024 | ||
| 75 | #define READ_BUFFER_SIZE 1024 | ||
| 76 | #define MASK_LENGTH 4 | ||
| 77 | |||
| 78 | @@ -1615,8 +1614,9 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass) | ||
| 79 | /** | ||
| 80 | * SoupWebsocketConnection:max-incoming-payload-size: | ||
| 81 | * | ||
| 82 | - * The maximum payload size for incoming packets the protocol expects | ||
| 83 | - * or 0 to not limit it. | ||
| 84 | + * The maximum payload size for incoming packets, or 0 to not limit it. | ||
| 85 | + * Each message may consist of multiple packets, so also refer to | ||
| 86 | + * [property@WebSocketConnection:max-total-message-size]. | ||
| 87 | * | ||
| 88 | * Since: 2.56 | ||
| 89 | */ | ||
| 90 | @@ -1668,9 +1668,18 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass) | ||
| 91 | /** | ||
| 92 | * SoupWebsocketConnection:max-total-message-size: | ||
| 93 | * | ||
| 94 | - * The total message size for incoming packets. | ||
| 95 | + * The maximum size for incoming messages. | ||
| 96 | + * Set to a value to limit the total message size, or 0 to not | ||
| 97 | + * limit it. | ||
| 98 | * | ||
| 99 | - * The protocol expects or 0 to not limit it. | ||
| 100 | + * [method@Server.add_websocket_handler] will set this to a nonzero | ||
| 101 | + * default value to mitigate denial of service attacks. Clients must | ||
| 102 | + * choose their own default if they need to mitigate denial of service | ||
| 103 | + * attacks. You also need to set your own default if creating your own | ||
| 104 | + * server SoupWebsocketConnection without using SoupServer. | ||
| 105 | + * | ||
| 106 | + * Each message may consist of multiple packets, so also refer to | ||
| 107 | + *[property@WebSocketConnection:max-incoming-payload-size]. | ||
| 108 | * | ||
| 109 | */ | ||
| 110 | g_object_class_install_property (gobject_class, PROP_MAX_TOTAL_MESSAGE_SIZE, | ||
| 111 | @@ -1679,7 +1688,7 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass) | ||
| 112 | "Max total message size ", | ||
| 113 | 0, | ||
| 114 | G_MAXUINT64, | ||
| 115 | - MAX_TOTAL_MESSAGE_SIZE_DEFAULT, | ||
| 116 | + 0, | ||
| 117 | G_PARAM_READWRITE | | ||
| 118 | G_PARAM_CONSTRUCT | | ||
| 119 | G_PARAM_STATIC_STRINGS)); | ||
| 120 | @@ -2210,7 +2219,7 @@ soup_websocket_connection_get_max_total_message_size (SoupWebsocketConnection *s | ||
| 121 | { | ||
| 122 | SoupWebsocketConnectionPrivate *pv; | ||
| 123 | |||
| 124 | - g_return_val_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self), MAX_TOTAL_MESSAGE_SIZE_DEFAULT); | ||
| 125 | + g_return_val_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self), 0); | ||
| 126 | pv = self->pv; | ||
| 127 | |||
| 128 | return pv->max_total_message_size; | ||
| 129 | -- | ||
| 130 | 2.34.1 | ||
| 131 | |||
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1467.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1467.patch new file mode 100644 index 0000000000..a1a130ee3a --- /dev/null +++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1467.patch | |||
| @@ -0,0 +1,151 @@ | |||
| 1 | From b4f1dcb89a552fc03bfd0e65830b4f76fdc4a232 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Changqing Li <changqing.li@windriver.com> | ||
| 3 | Date: Tue, 21 Apr 2026 17:10:37 +0800 | ||
| 4 | Subject: [PATCH] Fix CVE-2026-1467 | ||
| 5 | |||
| 6 | CVE: CVE-2026-1467 | ||
| 7 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/6dfe506618d2d5856618e5c0f85bd93386dc8012] | ||
| 8 | |||
| 9 | The original backport patch targets libsoup3. This patch has been | ||
| 10 | adapted accordingly for libsoup2, refer the openSUSE patch, see [1] | ||
| 11 | |||
| 12 | [1] https://www.suse.com/security/cve/CVE-2026-1467.html | ||
| 13 | |||
| 14 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
| 15 | --- | ||
| 16 | libsoup/soup-auth.c | 2 +- | ||
| 17 | libsoup/soup-message.c | 5 +++- | ||
| 18 | libsoup/soup-uri.c | 60 ++++++++++++++++++++++++++++++++++++++++++ | ||
| 19 | libsoup/soup-uri.h | 2 ++ | ||
| 20 | 4 files changed, 67 insertions(+), 2 deletions(-) | ||
| 21 | |||
| 22 | diff --git a/libsoup/soup-auth.c b/libsoup/soup-auth.c | ||
| 23 | index 1896aab..e205fe3 100644 | ||
| 24 | --- a/libsoup/soup-auth.c | ||
| 25 | +++ b/libsoup/soup-auth.c | ||
| 26 | @@ -535,7 +535,7 @@ GSList * | ||
| 27 | soup_auth_get_protection_space (SoupAuth *auth, SoupURI *source_uri) | ||
| 28 | { | ||
| 29 | g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL); | ||
| 30 | - g_return_val_if_fail (source_uri != NULL, NULL); | ||
| 31 | + g_return_val_if_fail (soup_uri_is_valid (source_uri), NULL); | ||
| 32 | |||
| 33 | return SOUP_AUTH_GET_CLASS (auth)->get_protection_space (auth, source_uri); | ||
| 34 | } | ||
| 35 | diff --git a/libsoup/soup-message.c b/libsoup/soup-message.c | ||
| 36 | index da32b42..cc4f22b 100644 | ||
| 37 | --- a/libsoup/soup-message.c | ||
| 38 | +++ b/libsoup/soup-message.c | ||
| 39 | @@ -1044,7 +1044,7 @@ soup_message_new (const char *method, const char *uri_string) | ||
| 40 | uri = soup_uri_new (uri_string); | ||
| 41 | if (!uri) | ||
| 42 | return NULL; | ||
| 43 | - if (!uri->host) { | ||
| 44 | + if (!soup_uri_is_valid (uri)) { | ||
| 45 | soup_uri_free (uri); | ||
| 46 | return NULL; | ||
| 47 | } | ||
| 48 | @@ -1066,6 +1066,8 @@ soup_message_new (const char *method, const char *uri_string) | ||
| 49 | SoupMessage * | ||
| 50 | soup_message_new_from_uri (const char *method, SoupURI *uri) | ||
| 51 | { | ||
| 52 | + g_return_val_if_fail (soup_uri_is_valid (uri), NULL); | ||
| 53 | + | ||
| 54 | return g_object_new (SOUP_TYPE_MESSAGE, | ||
| 55 | SOUP_MESSAGE_METHOD, method, | ||
| 56 | SOUP_MESSAGE_URI, uri, | ||
| 57 | @@ -1676,6 +1678,7 @@ soup_message_set_uri (SoupMessage *msg, SoupURI *uri) | ||
| 58 | SoupMessagePrivate *priv; | ||
| 59 | |||
| 60 | g_return_if_fail (SOUP_IS_MESSAGE (msg)); | ||
| 61 | + g_return_if_fail (soup_uri_is_valid (uri)); | ||
| 62 | priv = soup_message_get_instance_private (msg); | ||
| 63 | |||
| 64 | if (priv->uri) | ||
| 65 | diff --git a/libsoup/soup-uri.c b/libsoup/soup-uri.c | ||
| 66 | index bdb7a17..d781ff1 100644 | ||
| 67 | --- a/libsoup/soup-uri.c | ||
| 68 | +++ b/libsoup/soup-uri.c | ||
| 69 | @@ -1342,6 +1342,66 @@ soup_uri_host_equal (gconstpointer v1, gconstpointer v2) | ||
| 70 | return g_ascii_strcasecmp (one->host, two->host) == 0; | ||
| 71 | } | ||
| 72 | |||
| 73 | +static gboolean | ||
| 74 | +is_valid_character_for_host (char c) | ||
| 75 | +{ | ||
| 76 | + static const char forbidden_chars[] = { '\t', '\n', '\r', ' ', '#', '/', ':', '<', '>', '?', '@', '[', '\\', ']', '^', '|' }; | ||
| 77 | + int i; | ||
| 78 | + | ||
| 79 | + for (i = 0; i < G_N_ELEMENTS (forbidden_chars); ++i) { | ||
| 80 | + if (c == forbidden_chars[i]) | ||
| 81 | + return FALSE; | ||
| 82 | + } | ||
| 83 | + | ||
| 84 | + return TRUE; | ||
| 85 | +} | ||
| 86 | + | ||
| 87 | +static gboolean | ||
| 88 | +is_host_valid (const char* host) | ||
| 89 | +{ | ||
| 90 | + int i; | ||
| 91 | + gboolean is_valid; | ||
| 92 | + char *ascii_host = NULL; | ||
| 93 | + | ||
| 94 | + if (!host || !host[0]) | ||
| 95 | + return FALSE; | ||
| 96 | + | ||
| 97 | + if (g_hostname_is_non_ascii (host)) { | ||
| 98 | + ascii_host = g_hostname_to_ascii (host); | ||
| 99 | + if (!ascii_host) | ||
| 100 | + return FALSE; | ||
| 101 | + | ||
| 102 | + host = ascii_host; | ||
| 103 | + } | ||
| 104 | + | ||
| 105 | + if ((g_ascii_isdigit (host[0]) || strchr (host, ':')) && g_hostname_is_ip_address (host)) { | ||
| 106 | + g_free (ascii_host); | ||
| 107 | + return TRUE; | ||
| 108 | + } | ||
| 109 | + is_valid = TRUE; | ||
| 110 | + for (i = 0; host[i] && is_valid; i++) | ||
| 111 | + is_valid = is_valid_character_for_host (host[i]); | ||
| 112 | + | ||
| 113 | + g_free (ascii_host); | ||
| 114 | + | ||
| 115 | + return is_valid; | ||
| 116 | +} | ||
| 117 | + | ||
| 118 | +gboolean | ||
| 119 | +soup_uri_is_valid (SoupURI *uri) | ||
| 120 | +{ | ||
| 121 | + if (!uri) | ||
| 122 | + return FALSE; | ||
| 123 | + | ||
| 124 | + if (!is_host_valid (soup_uri_get_host (uri))) | ||
| 125 | + return FALSE; | ||
| 126 | + | ||
| 127 | + /* FIXME: validate other URI components? */ | ||
| 128 | + | ||
| 129 | + return TRUE; | ||
| 130 | +} | ||
| 131 | + | ||
| 132 | + | ||
| 133 | gboolean | ||
| 134 | soup_uri_is_http (SoupURI *uri, char **aliases) | ||
| 135 | { | ||
| 136 | diff --git a/libsoup/soup-uri.h b/libsoup/soup-uri.h | ||
| 137 | index 8015e4f..64099c3 100644 | ||
| 138 | --- a/libsoup/soup-uri.h | ||
| 139 | +++ b/libsoup/soup-uri.h | ||
| 140 | @@ -133,6 +133,8 @@ guint soup_uri_host_hash (gconstpointer key); | ||
| 141 | SOUP_AVAILABLE_IN_2_28 | ||
| 142 | gboolean soup_uri_host_equal (gconstpointer v1, | ||
| 143 | gconstpointer v2); | ||
| 144 | +SOUP_AVAILABLE_IN_2_68 | ||
| 145 | +gboolean soup_uri_is_valid (SoupURI *uri); | ||
| 146 | |||
| 147 | #define SOUP_URI_IS_VALID(uri) ((uri) && (uri)->scheme && (uri)->path) | ||
| 148 | #define SOUP_URI_VALID_FOR_HTTP(uri) ((uri) && ((uri)->scheme == SOUP_URI_SCHEME_HTTP || (uri)->scheme == SOUP_URI_SCHEME_HTTPS) && (uri)->host && (uri)->path) | ||
| 149 | -- | ||
| 150 | 2.34.1 | ||
| 151 | |||
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1539.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1539.patch new file mode 100644 index 0000000000..c6b813a98f --- /dev/null +++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1539.patch | |||
| @@ -0,0 +1,31 @@ | |||
| 1 | From 285faea567e1e2a95226201175dbf745a64a2439 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Changqing Li <changqing.li@windriver.com> | ||
| 3 | Date: Fri, 20 Mar 2026 15:04:22 +0800 | ||
| 4 | Subject: [PATCH 4/4] Also remove Proxy-Authorization header on cross origin | ||
| 5 | redirect | ||
| 6 | |||
| 7 | Closes #489 | ||
| 8 | |||
| 9 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/98c1285d9d78662c38bf14b4a128af01ccfdb446] | ||
| 10 | CVE: CVE-2026-1539 | ||
| 11 | |||
| 12 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
| 13 | --- | ||
| 14 | libsoup/soup-session.c | 1 + | ||
| 15 | 1 file changed, 1 insertion(+) | ||
| 16 | |||
| 17 | diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c | ||
| 18 | index cc0d04c..0361856 100644 | ||
| 19 | --- a/libsoup/soup-session.c | ||
| 20 | +++ b/libsoup/soup-session.c | ||
| 21 | @@ -1190,6 +1190,7 @@ soup_session_redirect_message (SoupSession *session, SoupMessage *msg) | ||
| 22 | /* Strip all credentials on cross-origin redirect. */ | ||
| 23 | if (!soup_uri_host_equal (soup_message_get_uri (msg), new_uri)) { | ||
| 24 | soup_message_headers_remove (msg->request_headers, "Authorization"); | ||
| 25 | + soup_message_headers_remove (msg->request_headers, "Proxy-Authorization"); | ||
| 26 | soup_message_set_auth (msg, NULL); | ||
| 27 | } | ||
| 28 | |||
| 29 | -- | ||
| 30 | 2.34.1 | ||
| 31 | |||
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1760.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1760.patch new file mode 100644 index 0000000000..a5547132a2 --- /dev/null +++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1760.patch | |||
| @@ -0,0 +1,153 @@ | |||
| 1 | From 0fca37e0fce479284e62091ffb9b7d6caff1c7e4 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Carlos Garcia Campos <cgarcia@igalia.com> | ||
| 3 | Date: Thu, 29 Jan 2026 16:43:28 +0100 | ||
| 4 | Subject: [PATCH] server: close the connection after responsing a request | ||
| 5 | containing Content-Length and Transfer-Encoding | ||
| 6 | |||
| 7 | Closes #475 | ||
| 8 | |||
| 9 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/6224df5a471e9040a99dd3dc2e91817a701b1bf6] | ||
| 10 | CVE: CVE-2026-1760 | ||
| 11 | |||
| 12 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
| 13 | --- | ||
| 14 | libsoup/soup-message-headers.c | 86 +++++++++++++++----------------- | ||
| 15 | libsoup/soup-message-server-io.c | 8 +++ | ||
| 16 | 2 files changed, 49 insertions(+), 45 deletions(-) | ||
| 17 | |||
| 18 | diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c | ||
| 19 | index 535cf14..06d9600 100644 | ||
| 20 | --- a/libsoup/soup-message-headers.c | ||
| 21 | +++ b/libsoup/soup-message-headers.c | ||
| 22 | @@ -666,38 +666,13 @@ clear_special_headers (SoupMessageHeaders *hdrs) | ||
| 23 | static void | ||
| 24 | transfer_encoding_setter (SoupMessageHeaders *hdrs, const char *value) | ||
| 25 | { | ||
| 26 | - if (value) { | ||
| 27 | - /* "identity" is a wrong value according to RFC errata 408, | ||
| 28 | - * and RFC 7230 does not list it as valid transfer-coding. | ||
| 29 | - * Nevertheless, the obsolete RFC 2616 stated "identity" | ||
| 30 | - * as valid, so we can't handle it as unrecognized here | ||
| 31 | - * for compatibility reasons. | ||
| 32 | - */ | ||
| 33 | - if (g_ascii_strcasecmp (value, "chunked") == 0) | ||
| 34 | - hdrs->encoding = SOUP_ENCODING_CHUNKED; | ||
| 35 | - else if (g_ascii_strcasecmp (value, "identity") != 0) | ||
| 36 | - hdrs->encoding = SOUP_ENCODING_UNRECOGNIZED; | ||
| 37 | - } else | ||
| 38 | - hdrs->encoding = -1; | ||
| 39 | + hdrs->encoding = -1; | ||
| 40 | } | ||
| 41 | |||
| 42 | static void | ||
| 43 | content_length_setter (SoupMessageHeaders *hdrs, const char *value) | ||
| 44 | { | ||
| 45 | - /* Transfer-Encoding trumps Content-Length */ | ||
| 46 | - if (hdrs->encoding == SOUP_ENCODING_CHUNKED) | ||
| 47 | - return; | ||
| 48 | - | ||
| 49 | - if (value) { | ||
| 50 | - char *end; | ||
| 51 | - | ||
| 52 | - hdrs->content_length = g_ascii_strtoull (value, &end, 10); | ||
| 53 | - if (*end) | ||
| 54 | - hdrs->encoding = SOUP_ENCODING_UNRECOGNIZED; | ||
| 55 | - else | ||
| 56 | - hdrs->encoding = SOUP_ENCODING_CONTENT_LENGTH; | ||
| 57 | - } else | ||
| 58 | - hdrs->encoding = -1; | ||
| 59 | + hdrs->encoding = -1; | ||
| 60 | } | ||
| 61 | |||
| 62 | /** | ||
| 63 | @@ -730,29 +705,50 @@ SoupEncoding | ||
| 64 | soup_message_headers_get_encoding (SoupMessageHeaders *hdrs) | ||
| 65 | { | ||
| 66 | const char *header; | ||
| 67 | + const char *content_length; | ||
| 68 | + const char *transfer_encoding; | ||
| 69 | |||
| 70 | if (hdrs->encoding != -1) | ||
| 71 | return hdrs->encoding; | ||
| 72 | |||
| 73 | - /* If Transfer-Encoding was set, hdrs->encoding would already | ||
| 74 | - * be set. So we don't need to check that possibility. | ||
| 75 | - */ | ||
| 76 | - header = soup_message_headers_get_one (hdrs, "Content-Length"); | ||
| 77 | - if (header) { | ||
| 78 | - content_length_setter (hdrs, header); | ||
| 79 | - if (hdrs->encoding != -1) | ||
| 80 | - return hdrs->encoding; | ||
| 81 | - } | ||
| 82 | + /* Transfer-Encoding is checked first because it overrides the Content-Length */ | ||
| 83 | + transfer_encoding = soup_message_headers_get_one (hdrs, "Transfer-Encoding"); | ||
| 84 | + if (transfer_encoding) { | ||
| 85 | + /* "identity" is a wrong value according to RFC errata 408, | ||
| 86 | + * and RFC 7230 does not list it as valid transfer-coding. | ||
| 87 | + * Nevertheless, the obsolete RFC 2616 stated "identity" | ||
| 88 | + * as valid, so we can't handle it as unrecognized here | ||
| 89 | + * for compatibility reasons. | ||
| 90 | + */ | ||
| 91 | + if (g_ascii_strcasecmp (transfer_encoding, "chunked") == 0) | ||
| 92 | + hdrs->encoding = SOUP_ENCODING_CHUNKED; | ||
| 93 | + else if (g_ascii_strcasecmp (transfer_encoding, "identity") != 0) | ||
| 94 | + hdrs->encoding = SOUP_ENCODING_UNRECOGNIZED; | ||
| 95 | + } else { | ||
| 96 | + content_length = soup_message_headers_get_one (hdrs, "Content-Length"); | ||
| 97 | + if (content_length) { | ||
| 98 | + char *end; | ||
| 99 | + | ||
| 100 | + hdrs->content_length = g_ascii_strtoull (content_length, &end, 10); | ||
| 101 | + if (*end) | ||
| 102 | + hdrs->encoding = SOUP_ENCODING_UNRECOGNIZED; | ||
| 103 | + else | ||
| 104 | + hdrs->encoding = SOUP_ENCODING_CONTENT_LENGTH; | ||
| 105 | + } | ||
| 106 | + } | ||
| 107 | + | ||
| 108 | + if (hdrs->encoding == -1) { | ||
| 109 | + /* Per RFC 2616 4.4, a response body that doesn't indicate its | ||
| 110 | + * encoding otherwise is terminated by connection close, and a | ||
| 111 | + * request that doesn't indicate otherwise has no body. Note | ||
| 112 | + * that SoupMessage calls soup_message_headers_set_encoding() | ||
| 113 | + * to override the response body default for our own | ||
| 114 | + * server-side messages. | ||
| 115 | + */ | ||
| 116 | + hdrs->encoding = (hdrs->type == SOUP_MESSAGE_HEADERS_RESPONSE) ? | ||
| 117 | + SOUP_ENCODING_EOF : SOUP_ENCODING_NONE; | ||
| 118 | + } | ||
| 119 | |||
| 120 | - /* Per RFC 2616 4.4, a response body that doesn't indicate its | ||
| 121 | - * encoding otherwise is terminated by connection close, and a | ||
| 122 | - * request that doesn't indicate otherwise has no body. Note | ||
| 123 | - * that SoupMessage calls soup_message_headers_set_encoding() | ||
| 124 | - * to override the response body default for our own | ||
| 125 | - * server-side messages. | ||
| 126 | - */ | ||
| 127 | - hdrs->encoding = (hdrs->type == SOUP_MESSAGE_HEADERS_RESPONSE) ? | ||
| 128 | - SOUP_ENCODING_EOF : SOUP_ENCODING_NONE; | ||
| 129 | return hdrs->encoding; | ||
| 130 | } | ||
| 131 | |||
| 132 | diff --git a/libsoup/soup-message-server-io.c b/libsoup/soup-message-server-io.c | ||
| 133 | index 71e943b..df5eafc 100644 | ||
| 134 | --- a/libsoup/soup-message-server-io.c | ||
| 135 | +++ b/libsoup/soup-message-server-io.c | ||
| 136 | @@ -80,6 +80,14 @@ parse_request_headers (SoupMessage *msg, char *headers, guint headers_len, | ||
| 137 | return SOUP_STATUS_BAD_REQUEST; | ||
| 138 | } | ||
| 139 | |||
| 140 | + /* A server MAY reject a request that contains both Content-Length and | ||
| 141 | + * Transfer-Encoding or process such a request in accordance with the | ||
| 142 | + * Transfer-Encoding alone. Regardless, the server MUST close the connection | ||
| 143 | + * after responding to such a request to avoid the potential attacks | ||
| 144 | + */ | ||
| 145 | + if (*encoding == SOUP_ENCODING_CHUNKED && soup_message_headers_get_one (msg->request_headers, "Content-Length")) | ||
| 146 | + soup_message_headers_replace (msg->request_headers, "Connection", "close"); | ||
| 147 | + | ||
| 148 | /* Generate correct context for request */ | ||
| 149 | req_host = soup_message_headers_get_one (msg->request_headers, "Host"); | ||
| 150 | if (req_host && strchr (req_host, '/')) { | ||
| 151 | -- | ||
| 152 | 2.34.1 | ||
| 153 | |||
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1761.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1761.patch new file mode 100644 index 0000000000..573e3e1dd0 --- /dev/null +++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1761.patch | |||
| @@ -0,0 +1,36 @@ | |||
| 1 | From 07757b7feacfc660c6c463ff2b773c13bc42d2c9 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Changqing Li <changqing.li@windriver.com> | ||
| 3 | Date: Thu, 19 Mar 2026 17:21:32 +0800 | ||
| 4 | Subject: [PATCH 3/4] multipart: check length of bytes read | ||
| 5 | soup_filter_input_stream_read_until() | ||
| 6 | |||
| 7 | We do make sure the read length is smaller than the buffer length when | ||
| 8 | the boundary is not found, but we should do the same when the boundary | ||
| 9 | is found. | ||
| 10 | |||
| 11 | Spotted in #YWH-PGM9867-149 | ||
| 12 | Closes #493 | ||
| 13 | |||
| 14 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/cfa9d90d1a5c274233554a264c56551c13d6a6f0] | ||
| 15 | CVE: CVE-2026-1761 | ||
| 16 | |||
| 17 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
| 18 | --- | ||
| 19 | libsoup/soup-filter-input-stream.c | 2 +- | ||
| 20 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 21 | |||
| 22 | diff --git a/libsoup/soup-filter-input-stream.c b/libsoup/soup-filter-input-stream.c | ||
| 23 | index 2c30bf9..c34510b 100644 | ||
| 24 | --- a/libsoup/soup-filter-input-stream.c | ||
| 25 | +++ b/libsoup/soup-filter-input-stream.c | ||
| 26 | @@ -272,6 +272,6 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream, | ||
| 27 | if (eof && !*got_boundary) | ||
| 28 | read_length = MIN (fstream->priv->buf->len, length); | ||
| 29 | else | ||
| 30 | - read_length = p - buf; | ||
| 31 | + read_length = MIN ((gsize)(p - buf), length); | ||
| 32 | return read_from_buf (fstream, buffer, read_length); | ||
| 33 | } | ||
| 34 | -- | ||
| 35 | 2.34.1 | ||
| 36 | |||
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1801.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1801.patch new file mode 100644 index 0000000000..5f445f7354 --- /dev/null +++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1801.patch | |||
| @@ -0,0 +1,126 @@ | |||
| 1 | From f9c933e258e9ef2f221cca6395f8092a1c4b93dd Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Changqing Li <changqing.li@windriver.com> | ||
| 3 | Date: Thu, 19 Mar 2026 17:10:36 +0800 | ||
| 4 | Subject: [PATCH 2/4] Fix CVE-2026-1801 | ||
| 5 | |||
| 6 | This patch merges 3 upstream patches | ||
| 7 | |||
| 8 | Chery-pick the first two patches to make the context is the same as the | ||
| 9 | third patch that fix CVE-2026-1801 | ||
| 10 | |||
| 11 | Upstream-Status: Backport | ||
| 12 | [https://gitlab.gnome.org/GNOME/libsoup/-/commit/1e32b5e123aa1689505472bdbfcbd897eac41977, | ||
| 13 | https://gitlab.gnome.org/GNOME/libsoup/-/commit/8a2e15c88512ae4517d2c2c887d39299725b22da, | ||
| 14 | https://gitlab.gnome.org/GNOME/libsoup/-/commit/b9a1c0663ff8ab6e79715db4b35b54f560416ddd] | ||
| 15 | CVE: CVE-2026-1801 | ||
| 16 | |||
| 17 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
| 18 | --- | ||
| 19 | libsoup/soup-body-input-stream.c | 66 ++++++++++++++++++++------------ | ||
| 20 | 1 file changed, 41 insertions(+), 25 deletions(-) | ||
| 21 | |||
| 22 | diff --git a/libsoup/soup-body-input-stream.c b/libsoup/soup-body-input-stream.c | ||
| 23 | index 6b95884..25d9312 100644 | ||
| 24 | --- a/libsoup/soup-body-input-stream.c | ||
| 25 | +++ b/libsoup/soup-body-input-stream.c | ||
| 26 | @@ -159,15 +159,18 @@ soup_body_input_stream_read_chunked (SoupBodyInputStream *bistream, | ||
| 27 | again: | ||
| 28 | switch (bistream->priv->chunked_state) { | ||
| 29 | case SOUP_BODY_INPUT_STREAM_STATE_CHUNK_SIZE: | ||
| 30 | - nread = soup_filter_input_stream_read_line ( | ||
| 31 | - fstream, metabuf, sizeof (metabuf), blocking, | ||
| 32 | - &got_line, cancellable, error); | ||
| 33 | - if (nread <= 0) | ||
| 34 | + nread = soup_filter_input_stream_read_until ( | ||
| 35 | + fstream, metabuf, sizeof (metabuf), | ||
| 36 | + "\r\n", 2, blocking, TRUE, | ||
| 37 | + &got_line, cancellable, error); | ||
| 38 | + if (nread < 0) | ||
| 39 | return nread; | ||
| 40 | - if (!got_line) { | ||
| 41 | - g_set_error_literal (error, G_IO_ERROR, | ||
| 42 | - G_IO_ERROR_PARTIAL_INPUT, | ||
| 43 | - _("Connection terminated unexpectedly")); | ||
| 44 | + if (nread == 0 || !got_line) { | ||
| 45 | + if (error && *error == NULL) { | ||
| 46 | + g_set_error_literal (error, G_IO_ERROR, | ||
| 47 | + G_IO_ERROR_PARTIAL_INPUT, | ||
| 48 | + ("Connection terminated unexpectedly")); | ||
| 49 | + } | ||
| 50 | return -1; | ||
| 51 | } | ||
| 52 | |||
| 53 | @@ -180,9 +183,9 @@ again: | ||
| 54 | |||
| 55 | case SOUP_BODY_INPUT_STREAM_STATE_CHUNK: | ||
| 56 | nread = soup_body_input_stream_read_raw ( | ||
| 57 | - bistream, buffer, | ||
| 58 | - MIN (count, bistream->priv->read_length), | ||
| 59 | - blocking, cancellable, error); | ||
| 60 | + bistream, buffer, | ||
| 61 | + MIN (count, bistream->priv->read_length), | ||
| 62 | + blocking, cancellable, error); | ||
| 63 | if (nread > 0) { | ||
| 64 | bistream->priv->read_length -= nread; | ||
| 65 | if (bistream->priv->read_length == 0) | ||
| 66 | @@ -191,16 +194,19 @@ again: | ||
| 67 | return nread; | ||
| 68 | |||
| 69 | case SOUP_BODY_INPUT_STREAM_STATE_CHUNK_END: | ||
| 70 | - nread = soup_filter_input_stream_read_line ( | ||
| 71 | - SOUP_FILTER_INPUT_STREAM (bistream->priv->base_stream), | ||
| 72 | - metabuf, sizeof (metabuf), blocking, | ||
| 73 | - &got_line, cancellable, error); | ||
| 74 | - if (nread <= 0) | ||
| 75 | + nread = soup_filter_input_stream_read_until ( | ||
| 76 | + SOUP_FILTER_INPUT_STREAM (bistream->priv->base_stream), | ||
| 77 | + metabuf, sizeof (metabuf), | ||
| 78 | + "\r\n", 2, blocking, TRUE, | ||
| 79 | + &got_line, cancellable, error); | ||
| 80 | + if (nread < 0) | ||
| 81 | return nread; | ||
| 82 | - if (!got_line) { | ||
| 83 | - g_set_error_literal (error, G_IO_ERROR, | ||
| 84 | - G_IO_ERROR_PARTIAL_INPUT, | ||
| 85 | - _("Connection terminated unexpectedly")); | ||
| 86 | + if (nread == 0 || !got_line) { | ||
| 87 | + if (error && *error == NULL) { | ||
| 88 | + g_set_error_literal (error, G_IO_ERROR, | ||
| 89 | + G_IO_ERROR_PARTIAL_INPUT, | ||
| 90 | + _("Connection terminated unexpectedly")); | ||
| 91 | + } | ||
| 92 | return -1; | ||
| 93 | } | ||
| 94 | |||
| 95 | @@ -208,13 +214,23 @@ again: | ||
| 96 | break; | ||
| 97 | |||
| 98 | case SOUP_BODY_INPUT_STREAM_STATE_TRAILERS: | ||
| 99 | - nread = soup_filter_input_stream_read_line ( | ||
| 100 | - fstream, buffer, count, blocking, | ||
| 101 | - &got_line, cancellable, error); | ||
| 102 | - if (nread <= 0) | ||
| 103 | + nread = soup_filter_input_stream_read_until ( | ||
| 104 | + fstream, metabuf, sizeof (metabuf), | ||
| 105 | + "\r\n", 2, blocking, TRUE, | ||
| 106 | + &got_line, cancellable, error); | ||
| 107 | + if (nread < 0) | ||
| 108 | return nread; | ||
| 109 | |||
| 110 | - if (strncmp (buffer, "\r\n", nread) || strncmp (buffer, "\n", nread)) { | ||
| 111 | + if (nread == 0) { | ||
| 112 | + if (error && *error == NULL) { | ||
| 113 | + g_set_error_literal (error, G_IO_ERROR, | ||
| 114 | + G_IO_ERROR_PARTIAL_INPUT, | ||
| 115 | + _("Connection terminated unexpectedly")); | ||
| 116 | + } | ||
| 117 | + return -1; | ||
| 118 | + } | ||
| 119 | + | ||
| 120 | + if (nread == 2 && strncmp (metabuf, "\r\n", nread) == 0) { | ||
| 121 | bistream->priv->chunked_state = SOUP_BODY_INPUT_STREAM_STATE_DONE; | ||
| 122 | bistream->priv->eof = TRUE; | ||
| 123 | } | ||
| 124 | -- | ||
| 125 | 2.34.1 | ||
| 126 | |||
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-2369.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-2369.patch new file mode 100644 index 0000000000..814672caca --- /dev/null +++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-2369.patch | |||
| @@ -0,0 +1,33 @@ | |||
| 1 | From 5c4e65fd99ff4e3ae76c7985c5e160bb07ea0f92 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Changqing Li <changqing.li@windriver.com> | ||
| 3 | Date: Wed, 25 Mar 2026 11:24:36 +0800 | ||
| 4 | Subject: [PATCH] sniffer: Handle potential underflow | ||
| 5 | |||
| 6 | Closes #498 | ||
| 7 | |||
| 8 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/b91bbd7d7888c85b17a8b33173caa806dff51681] | ||
| 9 | CVE: CVE-2026-2369 | ||
| 10 | |||
| 11 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
| 12 | --- | ||
| 13 | libsoup/soup-content-sniffer.c | 4 ++++ | ||
| 14 | 1 file changed, 4 insertions(+) | ||
| 15 | |||
| 16 | diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c | ||
| 17 | index 3edc568..b091bca 100644 | ||
| 18 | --- a/libsoup/soup-content-sniffer.c | ||
| 19 | +++ b/libsoup/soup-content-sniffer.c | ||
| 20 | @@ -504,6 +504,10 @@ sniff_unknown (SoupContentSniffer *sniffer, SoupBuffer *buffer, | ||
| 21 | if (!sniff_scriptable && type_row->scriptable) | ||
| 22 | continue; | ||
| 23 | |||
| 24 | + /* Ensure we have data to sniff - prevents underflow in resource_length - 1 */ | ||
| 25 | + if (resource_length == 0) | ||
| 26 | + continue; | ||
| 27 | + | ||
| 28 | if (type_row->has_ws) { | ||
| 29 | guint index_stream = 0; | ||
| 30 | guint index_pattern = 0; | ||
| 31 | -- | ||
| 32 | 2.34.1 | ||
| 33 | |||
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-2443.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-2443.patch new file mode 100644 index 0000000000..99d42acb1e --- /dev/null +++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-2443.patch | |||
| @@ -0,0 +1,135 @@ | |||
| 1 | From 7bb3115a296154e3f465900ea5c984a493385a7f Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Philip Withnall <pwithnall@gnome.org> | ||
| 3 | Date: Fri, 19 Dec 2025 23:49:05 +0000 | ||
| 4 | Subject: [PATCH] Fix CVE-2026-2443 | ||
| 5 | |||
| 6 | Upstream-Status: Backport [ | ||
| 7 | c1796442 soup-message-headers: Rework Range response statuses to match Apache | ||
| 8 | 191ef313 soup-message-headers: Fix rejection of Range headers with trailing garbage | ||
| 9 | be677bea soup-message-headers: Fix parsing of invalid Range suffix lengths | ||
| 10 | 2bbfdfe8 soup-message-headers: Reject ranges where end is before start | ||
| 11 | 739bf7cb soup-message-headers: Reject invalid Range ends longer than the content | ||
| 12 | ] | ||
| 13 | CVE: CVE-2026-2443 | ||
| 14 | |||
| 15 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
| 16 | --- | ||
| 17 | libsoup/soup-message-headers.c | 62 ++++++++++++++++++++++++---------- | ||
| 18 | 1 file changed, 44 insertions(+), 18 deletions(-) | ||
| 19 | |||
| 20 | diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c | ||
| 21 | index bb20bbb..535cf14 100644 | ||
| 22 | --- a/libsoup/soup-message-headers.c | ||
| 23 | +++ b/libsoup/soup-message-headers.c | ||
| 24 | @@ -943,10 +943,16 @@ sort_ranges (gconstpointer a, gconstpointer b) | ||
| 25 | } | ||
| 26 | |||
| 27 | /* like soup_message_headers_get_ranges(), except it returns: | ||
| 28 | - * SOUP_STATUS_OK if there is no Range or it should be ignored. | ||
| 29 | - * SOUP_STATUS_PARTIAL_CONTENT if there is at least one satisfiable range. | ||
| 30 | - * SOUP_STATUS_REQUESTED_RANGE_NOT_SATISFIABLE if @check_satisfiable | ||
| 31 | - * is %TRUE and the request is not satisfiable given @total_length. | ||
| 32 | + * - SOUP_STATUS_OK if there is no Range or it should be ignored due to being | ||
| 33 | + * entirely invalid. | ||
| 34 | + * - SOUP_STATUS_PARTIAL_CONTENT if there is at least one satisfiable range. | ||
| 35 | + * - SOUP_STATUS_REQUESTED_RANGE_NOT_SATISFIABLE if @check_satisfiable | ||
| 36 | + * is %TRUE, the Range is valid, but no part of the request is satisfiable | ||
| 37 | + * given @total_length. | ||
| 38 | + * | ||
| 39 | + * @ranges and @length are only set if SOUP_STATUS_PARTIAL_CONTENT is returned. | ||
| 40 | + * | ||
| 41 | + * See https://httpwg.org/specs/rfc9110.html#field.range | ||
| 42 | */ | ||
| 43 | guint | ||
| 44 | soup_message_headers_get_ranges_internal (SoupMessageHeaders *hdrs, | ||
| 45 | @@ -960,22 +966,28 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders *hdrs, | ||
| 46 | GArray *array; | ||
| 47 | char *spec, *end; | ||
| 48 | guint status = SOUP_STATUS_OK; | ||
| 49 | + gboolean is_all_valid = TRUE; | ||
| 50 | |||
| 51 | if (!range || strncmp (range, "bytes", 5) != 0) | ||
| 52 | - return status; | ||
| 53 | + return SOUP_STATUS_OK; /* invalid header or unknown range unit */ | ||
| 54 | |||
| 55 | range += 5; | ||
| 56 | while (g_ascii_isspace (*range)) | ||
| 57 | range++; | ||
| 58 | if (*range++ != '=') | ||
| 59 | - return status; | ||
| 60 | + return SOUP_STATUS_OK; /* invalid header */ | ||
| 61 | while (g_ascii_isspace (*range)) | ||
| 62 | range++; | ||
| 63 | |||
| 64 | range_list = soup_header_parse_list (range); | ||
| 65 | if (!range_list) | ||
| 66 | - return status; | ||
| 67 | + return SOUP_STATUS_OK; /* invalid list */ | ||
| 68 | |||
| 69 | + /* Loop through the ranges and modify the status accordingly. Default to | ||
| 70 | + * status 200 (OK, ignoring the ranges). Switch to status 206 (Partial | ||
| 71 | + * Content) if there is at least one partially valid range. Switch to | ||
| 72 | + * status 416 (Range Not Satisfiable) if there are no partially valid | ||
| 73 | + * ranges at all. */ | ||
| 74 | array = g_array_new (FALSE, FALSE, sizeof (SoupRange)); | ||
| 75 | for (r = range_list; r; r = r->next) { | ||
| 76 | SoupRange cur; | ||
| 77 | @@ -988,30 +1000,44 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders *hdrs, | ||
| 78 | cur.start = g_ascii_strtoull (spec, &end, 10); | ||
| 79 | if (*end == '-') | ||
| 80 | end++; | ||
| 81 | - if (*end) { | ||
| 82 | + if (*end) | ||
| 83 | cur.end = g_ascii_strtoull (end, &end, 10); | ||
| 84 | - if (cur.end < cur.start) { | ||
| 85 | - status = SOUP_STATUS_OK; | ||
| 86 | - break; | ||
| 87 | - } | ||
| 88 | - } else | ||
| 89 | + else | ||
| 90 | cur.end = total_length - 1; | ||
| 91 | } | ||
| 92 | + | ||
| 93 | if (*end) { | ||
| 94 | - status = SOUP_STATUS_OK; | ||
| 95 | - break; | ||
| 96 | - } else if (check_satisfiable && cur.start >= total_length) { | ||
| 97 | - if (status == SOUP_STATUS_OK) | ||
| 98 | - status = SOUP_STATUS_REQUESTED_RANGE_NOT_SATISFIABLE; | ||
| 99 | + /* Junk after the range */ | ||
| 100 | + is_all_valid = FALSE; | ||
| 101 | + continue; | ||
| 102 | + } | ||
| 103 | + | ||
| 104 | + if (cur.end < cur.start) { | ||
| 105 | + is_all_valid = FALSE; | ||
| 106 | + continue; | ||
| 107 | + } | ||
| 108 | + | ||
| 109 | + g_assert (cur.start >= 0); | ||
| 110 | + if (cur.end >= total_length) | ||
| 111 | + cur.end = total_length - 1; | ||
| 112 | + | ||
| 113 | + if (cur.start >= total_length) { | ||
| 114 | + /* Range is valid, but unsatisfiable */ | ||
| 115 | continue; | ||
| 116 | } | ||
| 117 | |||
| 118 | + /* We have at least one (at least partially) satisfiable range */ | ||
| 119 | g_array_append_val (array, cur); | ||
| 120 | status = SOUP_STATUS_PARTIAL_CONTENT; | ||
| 121 | } | ||
| 122 | soup_header_free_list (range_list); | ||
| 123 | |||
| 124 | if (status != SOUP_STATUS_PARTIAL_CONTENT) { | ||
| 125 | + g_assert (status == SOUP_STATUS_OK); | ||
| 126 | + | ||
| 127 | + if (is_all_valid && check_satisfiable) | ||
| 128 | + status = SOUP_STATUS_REQUESTED_RANGE_NOT_SATISFIABLE; | ||
| 129 | + | ||
| 130 | g_array_free (array, TRUE); | ||
| 131 | return status; | ||
| 132 | } | ||
| 133 | -- | ||
| 134 | 2.34.1 | ||
| 135 | |||
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb index 68ec576d9b..e588e60cd5 100644 --- a/meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb +++ b/meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb | |||
| @@ -40,6 +40,16 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ | |||
| 40 | file://CVE-2025-4948.patch \ | 40 | file://CVE-2025-4948.patch \ |
| 41 | file://CVE-2025-4969.patch \ | 41 | file://CVE-2025-4969.patch \ |
| 42 | file://CVE-2025-4945.patch \ | 42 | file://CVE-2025-4945.patch \ |
| 43 | file://CVE-2025-14523.patch \ | ||
| 44 | file://CVE-2025-32049-1.patch \ | ||
| 45 | file://CVE-2025-32049-2.patch \ | ||
| 46 | file://CVE-2026-2443.patch \ | ||
| 47 | file://CVE-2026-1801.patch \ | ||
| 48 | file://CVE-2026-1761.patch \ | ||
| 49 | file://CVE-2026-1539.patch \ | ||
| 50 | file://CVE-2026-2369.patch \ | ||
| 51 | file://CVE-2026-1760.patch \ | ||
| 52 | file://CVE-2026-1467.patch \ | ||
| 43 | " | 53 | " |
| 44 | SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13" | 54 | SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13" |
| 45 | 55 | ||
diff --git a/meta-oe/recipes-support/libspdm/libspdm_3.8.2.bb b/meta-oe/recipes-support/libspdm/libspdm_3.8.2.bb index 04f1ffc1fc..7d227d4148 100644 --- a/meta-oe/recipes-support/libspdm/libspdm_3.8.2.bb +++ b/meta-oe/recipes-support/libspdm/libspdm_3.8.2.bb | |||
| @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=8f9b59a81a88da8e812af43728b72dd7" | |||
| 10 | DEPENDS = "openssl" | 10 | DEPENDS = "openssl" |
| 11 | 11 | ||
| 12 | SRC_URI = "git://github.com/DMTF/libspdm.git;branch=release-3.8;protocol=https;tag=${PV}" | 12 | SRC_URI = "git://github.com/DMTF/libspdm.git;branch=release-3.8;protocol=https;tag=${PV}" |
| 13 | SRCREV = "5cf0acb87b2f36f8d70a89e5da8476d85db59f46" | 13 | SRCREV = "f55cf6d48ec69b4ac60a63903e9c6a2cb0fd155d" |
| 14 | 14 | ||
| 15 | inherit cmake | 15 | inherit cmake |
| 16 | 16 | ||
diff --git a/meta-oe/recipes-support/libtar/files/0001-compat-convert-K-R-function-definitions-to-ANSI-C-pr.patch b/meta-oe/recipes-support/libtar/files/0001-compat-convert-K-R-function-definitions-to-ANSI-C-pr.patch new file mode 100644 index 0000000000..4585c586b4 --- /dev/null +++ b/meta-oe/recipes-support/libtar/files/0001-compat-convert-K-R-function-definitions-to-ANSI-C-pr.patch | |||
| @@ -0,0 +1,62 @@ | |||
| 1 | From 5ea04d70221a18cbd711a9d570c81ef0b9be6765 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Khem Raj <khem.raj@oss.qualcomm.com> | ||
| 3 | Date: Fri, 10 Apr 2026 18:41:04 -0700 | ||
| 4 | Subject: [PATCH] compat: convert K&R function definitions to ANSI C prototypes | ||
| 5 | |||
| 6 | Replace old-style K&R parameter declarations with modern ANSI C | ||
| 7 | function prototypes in basename.c, dirname.c, and strmode.c. | ||
| 8 | |||
| 9 | Required for compatibility with clang 22 under -std=gnu23, which | ||
| 10 | no longer supports K&R-style function definitions. | ||
| 11 | |||
| 12 | Upstream-Status: Pending | ||
| 13 | Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> | ||
| 14 | --- | ||
| 15 | compat/basename.c | 3 +-- | ||
| 16 | compat/dirname.c | 3 +-- | ||
| 17 | compat/strmode.c | 4 +--- | ||
| 18 | 3 files changed, 3 insertions(+), 7 deletions(-) | ||
| 19 | |||
| 20 | diff --git a/compat/basename.c b/compat/basename.c | ||
| 21 | index 2ac1e13..7b0384a 100644 | ||
| 22 | --- a/compat/basename.c | ||
| 23 | +++ b/compat/basename.c | ||
| 24 | @@ -36,8 +36,7 @@ static char rcsid[] = "$OpenBSD: basename.c,v 1.4 1999/05/30 17:10:30 espie Exp | ||
| 25 | #include <sys/param.h> | ||
| 26 | |||
| 27 | char * | ||
| 28 | -openbsd_basename(path) | ||
| 29 | - const char *path; | ||
| 30 | +openbsd_basename(const char *path) | ||
| 31 | { | ||
| 32 | static char bname[MAXPATHLEN]; | ||
| 33 | register const char *endp, *startp; | ||
| 34 | diff --git a/compat/dirname.c b/compat/dirname.c | ||
| 35 | index 986db4a..6c1231d 100644 | ||
| 36 | --- a/compat/dirname.c | ||
| 37 | +++ b/compat/dirname.c | ||
| 38 | @@ -36,8 +36,7 @@ static char rcsid[] = "$OpenBSD: dirname.c,v 1.4 1999/05/30 17:10:30 espie Exp $ | ||
| 39 | #include <sys/param.h> | ||
| 40 | |||
| 41 | char * | ||
| 42 | -openbsd_dirname(path) | ||
| 43 | - const char *path; | ||
| 44 | +openbsd_dirname (const char *path) | ||
| 45 | { | ||
| 46 | static char bname[MAXPATHLEN]; | ||
| 47 | register const char *endp; | ||
| 48 | diff --git a/compat/strmode.c b/compat/strmode.c | ||
| 49 | index 5e7f15e..2ffab61 100644 | ||
| 50 | --- a/compat/strmode.c | ||
| 51 | +++ b/compat/strmode.c | ||
| 52 | @@ -40,9 +40,7 @@ static char *rcsid = "$OpenBSD: strmode.c,v 1.3 1997/06/13 13:57:20 deraadt Exp | ||
| 53 | #include <string.h> | ||
| 54 | |||
| 55 | void | ||
| 56 | -strmode(mode, p) | ||
| 57 | - register mode_t mode; | ||
| 58 | - register char *p; | ||
| 59 | +strmode (register mode_t mode, register char *p) | ||
| 60 | { | ||
| 61 | /* print type */ | ||
| 62 | switch (mode & S_IFMT) { | ||
diff --git a/meta-oe/recipes-support/libtar/libtar_1.2.20.bb b/meta-oe/recipes-support/libtar/libtar_1.2.20.bb index a17509d2e5..39d410064e 100644 --- a/meta-oe/recipes-support/libtar/libtar_1.2.20.bb +++ b/meta-oe/recipes-support/libtar/libtar_1.2.20.bb | |||
| @@ -20,6 +20,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/libt/${BPN}/${BPN}_${PV}.orig.tar.gz \ | |||
| 20 | file://CVE-2021-33643-CVE-2021-33644.patch \ | 20 | file://CVE-2021-33643-CVE-2021-33644.patch \ |
| 21 | file://CVE-2021-33640-CVE-2021-33645-CVE-2021-33646.patch \ | 21 | file://CVE-2021-33640-CVE-2021-33645-CVE-2021-33646.patch \ |
| 22 | file://CVE-2013-4420.patch \ | 22 | file://CVE-2013-4420.patch \ |
| 23 | file://0001-compat-convert-K-R-function-definitions-to-ANSI-C-pr.patch \ | ||
| 23 | " | 24 | " |
| 24 | 25 | ||
| 25 | S = "${UNPACKDIR}/${BPN}" | 26 | S = "${UNPACKDIR}/${BPN}" |
diff --git a/meta-oe/recipes-support/libvarlink/libvarlink/0001-transport-tool-use-const-for-strchr-return-pointers.patch b/meta-oe/recipes-support/libvarlink/libvarlink/0001-transport-tool-use-const-for-strchr-return-pointers.patch new file mode 100644 index 0000000000..348dc88838 --- /dev/null +++ b/meta-oe/recipes-support/libvarlink/libvarlink/0001-transport-tool-use-const-for-strchr-return-pointers.patch | |||
| @@ -0,0 +1,96 @@ | |||
| 1 | From 27e4f4504b3c60356b9507e926aae2b82ba47275 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Khem Raj <khem.raj@oss.qualcomm.com> | ||
| 3 | Date: Wed, 15 Apr 2026 11:10:01 -0700 | ||
| 4 | Subject: [PATCH] transport,tool: use const for strchr return pointers | ||
| 5 | |||
| 6 | Fixes errors seen after c23 implemented in glibc | ||
| 7 | |||
| 8 | lib/transport-device.c:13:14: error: assigning to 'char *' from 'const char *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers] | ||
| 9 | 13 | parm = strchr(address, ';'); | ||
| 10 | | ^ ~~~~~~~~~~~~~~~~~~~~ | ||
| 11 | 1 error generated. | ||
| 12 | |||
| 13 | Upstream-Status: Submitted [https://github.com/varlink/libvarlink/pull/85] | ||
| 14 | Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> | ||
| 15 | --- | ||
| 16 | lib/transport-device.c | 2 +- | ||
| 17 | lib/transport-tcp.c | 4 ++-- | ||
| 18 | lib/transport-unix.c | 2 +- | ||
| 19 | tool/command-format.c | 2 +- | ||
| 20 | tool/command-info.c | 2 +- | ||
| 21 | 5 files changed, 6 insertions(+), 6 deletions(-) | ||
| 22 | |||
| 23 | diff --git a/lib/transport-device.c b/lib/transport-device.c | ||
| 24 | index 0b8cec5..205eac4 100644 | ||
| 25 | --- a/lib/transport-device.c | ||
| 26 | +++ b/lib/transport-device.c | ||
| 27 | @@ -7,7 +7,7 @@ | ||
| 28 | #include <fcntl.h> | ||
| 29 | |||
| 30 | static int strip_parameters(const char *address, char **devicep) { | ||
| 31 | - char *parm; | ||
| 32 | + const char *parm; | ||
| 33 | _cleanup_(freep) char *device = NULL; | ||
| 34 | |||
| 35 | parm = strchr(address, ';'); | ||
| 36 | diff --git a/lib/transport-tcp.c b/lib/transport-tcp.c | ||
| 37 | index 92a0e7b..fff2379 100644 | ||
| 38 | --- a/lib/transport-tcp.c | ||
| 39 | +++ b/lib/transport-tcp.c | ||
| 40 | @@ -10,7 +10,7 @@ | ||
| 41 | #include <sys/socket.h> | ||
| 42 | |||
| 43 | static int strip_parameters(const char *address, char **hostp) { | ||
| 44 | - char *parm; | ||
| 45 | + const char *parm; | ||
| 46 | _cleanup_(freep) char *host = NULL; | ||
| 47 | |||
| 48 | parm = strchr(address, ';'); | ||
| 49 | @@ -34,7 +34,7 @@ static void freeaddrinfop(struct addrinfo **ai) { | ||
| 50 | static int resolve_addrinfo(const char *address, struct addrinfo **resultp) { | ||
| 51 | _cleanup_(freep) char *host = NULL; | ||
| 52 | char *endptr; | ||
| 53 | - char *port; | ||
| 54 | + const char *port; | ||
| 55 | struct addrinfo hints = { | ||
| 56 | .ai_family = AF_UNSPEC, | ||
| 57 | .ai_socktype = SOCK_STREAM, | ||
| 58 | diff --git a/lib/transport-unix.c b/lib/transport-unix.c | ||
| 59 | index 5dc3853..2414b29 100644 | ||
| 60 | --- a/lib/transport-unix.c | ||
| 61 | +++ b/lib/transport-unix.c | ||
| 62 | @@ -10,7 +10,7 @@ | ||
| 63 | #include <unistd.h> | ||
| 64 | |||
| 65 | static int strip_parameters(const char *address, char **pathp) { | ||
| 66 | - char *parm; | ||
| 67 | + const char *parm; | ||
| 68 | _cleanup_(freep) char *path = NULL; | ||
| 69 | |||
| 70 | parm = strchr(address, ';'); | ||
| 71 | diff --git a/tool/command-format.c b/tool/command-format.c | ||
| 72 | index 6932bc4..0f5ef8c 100644 | ||
| 73 | --- a/tool/command-format.c | ||
| 74 | +++ b/tool/command-format.c | ||
| 75 | @@ -155,7 +155,7 @@ static long format_run(Cli *UNUSED(cli), int argc, char **argv) { | ||
| 76 | static long format_complete(Cli *cli, int argc, char **UNUSED(argv), const char *current) { | ||
| 77 | _cleanup_(freep) char *prefix = NULL; | ||
| 78 | DIR *dir; | ||
| 79 | - char *p; | ||
| 80 | + const char *p; | ||
| 81 | |||
| 82 | if (argc != 1) | ||
| 83 | return 0; | ||
| 84 | diff --git a/tool/command-info.c b/tool/command-info.c | ||
| 85 | index 571b6fd..9d252f7 100644 | ||
| 86 | --- a/tool/command-info.c | ||
| 87 | +++ b/tool/command-info.c | ||
| 88 | @@ -137,7 +137,7 @@ static long info_run(Cli *cli, int argc, char **argv) { | ||
| 89 | static long info_complete(Cli *UNUSED(cli), int argc, char **UNUSED(argv), const char *current) { | ||
| 90 | _cleanup_(freep) char *prefix = NULL; | ||
| 91 | DIR *dir; | ||
| 92 | - char *p; | ||
| 93 | + const char *p; | ||
| 94 | |||
| 95 | if (argc != 1) | ||
| 96 | return 0; | ||
diff --git a/meta-oe/recipes-support/libvarlink/libvarlink_24.0.1.bb b/meta-oe/recipes-support/libvarlink/libvarlink_24.0.1.bb new file mode 100644 index 0000000000..1d1419a878 --- /dev/null +++ b/meta-oe/recipes-support/libvarlink/libvarlink_24.0.1.bb | |||
| @@ -0,0 +1,19 @@ | |||
| 1 | SUMMARY = "Varlink C library and command line tool" | ||
| 2 | HOMEPAGE = "https://varlink.org/" | ||
| 3 | DESCRIPTION = "Varlink is an interface description format and protocol that aims \ | ||
| 4 | to make services accessible to both humans and machines in the simplest feasible way." | ||
| 5 | SECION = "devel" | ||
| 6 | LICENSE = "Apache-2.0" | ||
| 7 | LIC_FILES_CHKSUM = "file://LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e" | ||
| 8 | |||
| 9 | SRC_URI = "git://github.com/varlink/libvarlink.git;protocol=https;branch=master;tag=v${PV} \ | ||
| 10 | file://0001-transport-tool-use-const-for-strchr-return-pointers.patch \ | ||
| 11 | " | ||
| 12 | SRCREV = "2ad4ec7ca62e148dbf0ad98646ec68c2e7e8a88e" | ||
| 13 | |||
| 14 | inherit meson bash-completion lib_package | ||
| 15 | |||
| 16 | do_install:append() { | ||
| 17 | # vim integration is not needed | ||
| 18 | rm -rf ${D}${datadir}/vim | ||
| 19 | } | ||
diff --git a/meta-oe/recipes-support/log4c/log4c/0001-sd-malloc-convert-K-R-function-declarations-to-ANSI-.patch b/meta-oe/recipes-support/log4c/log4c/0001-sd-malloc-convert-K-R-function-declarations-to-ANSI-.patch new file mode 100644 index 0000000000..fae1a2d0c2 --- /dev/null +++ b/meta-oe/recipes-support/log4c/log4c/0001-sd-malloc-convert-K-R-function-declarations-to-ANSI-.patch | |||
| @@ -0,0 +1,92 @@ | |||
| 1 | From b0ecadec662a8e35b017e16e92c5b1a04ed72598 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Khem Raj <khem.raj@oss.qualcomm.com> | ||
| 3 | Date: Sat, 11 Apr 2026 00:24:17 -0700 | ||
| 4 | Subject: [PATCH] sd/malloc: convert K&R function declarations to ANSI C | ||
| 5 | prototypes | ||
| 6 | |||
| 7 | Replace old-style K&R parameter declarations with modern ANSI C | ||
| 8 | (C89/C90) function prototypes across all functions in malloc.c. | ||
| 9 | Also remove trailing whitespace in fixup_null_alloc(). | ||
| 10 | |||
| 11 | Upstream-Status: Pending | ||
| 12 | Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> | ||
| 13 | --- | ||
| 14 | src/sd/malloc.c | 23 ++++++++--------------- | ||
| 15 | 1 file changed, 8 insertions(+), 15 deletions(-) | ||
| 16 | |||
| 17 | diff --git a/src/sd/malloc.c b/src/sd/malloc.c | ||
| 18 | index 7d241ad..43dd460 100644 | ||
| 19 | --- a/src/sd/malloc.c | ||
| 20 | +++ b/src/sd/malloc.c | ||
| 21 | @@ -41,8 +41,7 @@ typedef void (*sd_malloc_handler_t)(); | ||
| 22 | static sd_malloc_handler_t handler = NULL; | ||
| 23 | |||
| 24 | static void * | ||
| 25 | -fixup_null_alloc (n) | ||
| 26 | - size_t n; | ||
| 27 | +fixup_null_alloc (size_t n) | ||
| 28 | { | ||
| 29 | void* p = 0; | ||
| 30 | |||
| 31 | @@ -62,8 +61,8 @@ fixup_null_alloc (n) | ||
| 32 | allocated = (char *) sbrk (0) - (char *) &environ; | ||
| 33 | sd_error("\nCannot allocate %lu bytes after allocating %lu bytes\n", | ||
| 34 | (unsigned long) n, (unsigned long) allocated); | ||
| 35 | - | ||
| 36 | - if (handler) | ||
| 37 | + | ||
| 38 | + if (handler) | ||
| 39 | handler(); | ||
| 40 | else { | ||
| 41 | sd_error("\n\tMemory exhausted !! Aborting.\n"); | ||
| 42 | @@ -75,8 +74,7 @@ fixup_null_alloc (n) | ||
| 43 | } | ||
| 44 | |||
| 45 | sd_malloc_handler_t | ||
| 46 | -sd_malloc_set_handler(a_handler) | ||
| 47 | - sd_malloc_handler_t a_handler; | ||
| 48 | +sd_malloc_set_handler(sd_malloc_handler_t a_handler) | ||
| 49 | { | ||
| 50 | sd_malloc_handler_t previous = handler; | ||
| 51 | |||
| 52 | @@ -87,8 +85,7 @@ sd_malloc_set_handler(a_handler) | ||
| 53 | /* Allocate N bytes of memory dynamically, with error checking. */ | ||
| 54 | |||
| 55 | void * | ||
| 56 | -sd_malloc (n) | ||
| 57 | - size_t n; | ||
| 58 | +sd_malloc (size_t n) | ||
| 59 | { | ||
| 60 | void *p; | ||
| 61 | |||
| 62 | @@ -101,8 +98,7 @@ sd_malloc (n) | ||
| 63 | /* Allocate memory for N elements of S bytes, with error checking. */ | ||
| 64 | |||
| 65 | void * | ||
| 66 | -sd_calloc (n, s) | ||
| 67 | - size_t n, s; | ||
| 68 | +sd_calloc (size_t n, size_t s) | ||
| 69 | { | ||
| 70 | void *p; | ||
| 71 | |||
| 72 | @@ -117,9 +113,7 @@ sd_calloc (n, s) | ||
| 73 | If P is NULL, run sd_malloc. */ | ||
| 74 | |||
| 75 | void * | ||
| 76 | -sd_realloc (p, n) | ||
| 77 | - void *p; | ||
| 78 | - size_t n; | ||
| 79 | +sd_realloc (void *p, size_t n) | ||
| 80 | { | ||
| 81 | if (p == 0) | ||
| 82 | return sd_malloc (n); | ||
| 83 | @@ -132,8 +126,7 @@ sd_realloc (p, n) | ||
| 84 | /* Return a newly allocated copy of STRING. */ | ||
| 85 | |||
| 86 | char * | ||
| 87 | -sd_strdup (string) | ||
| 88 | - const char *string; | ||
| 89 | +sd_strdup (const char *string) | ||
| 90 | { | ||
| 91 | return strcpy (sd_malloc (strlen (string) + 1), string); | ||
| 92 | } | ||
diff --git a/meta-oe/recipes-support/log4c/log4c_1.2.4.bb b/meta-oe/recipes-support/log4c/log4c_1.2.4.bb index a0bd40b03a..eca800dc5e 100644 --- a/meta-oe/recipes-support/log4c/log4c_1.2.4.bb +++ b/meta-oe/recipes-support/log4c/log4c_1.2.4.bb | |||
| @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" | |||
| 6 | SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.gz \ | 6 | SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.gz \ |
| 7 | file://fix_configure_with-expat.patch \ | 7 | file://fix_configure_with-expat.patch \ |
| 8 | file://0001-Use-the-API-properly-in-the-example-format-security-.patch \ | 8 | file://0001-Use-the-API-properly-in-the-example-format-security-.patch \ |
| 9 | file://0001-sd-malloc-convert-K-R-function-declarations-to-ANSI-.patch \ | ||
| 9 | " | 10 | " |
| 10 | 11 | ||
| 11 | SRC_URI[sha256sum] = "5991020192f52cc40fa852fbf6bbf5bd5db5d5d00aa9905c67f6f0eadeed48ea" | 12 | SRC_URI[sha256sum] = "5991020192f52cc40fa852fbf6bbf5bd5db5d5d00aa9905c67f6f0eadeed48ea" |
diff --git a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.12.2.bb b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.12.2.bb index bfb75718f2..0c572d1bd3 100644 --- a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.12.2.bb +++ b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.12.2.bb | |||
| @@ -110,6 +110,7 @@ PACKAGES =+ "${PN}-libs" | |||
| 110 | FILES:${PN}-libs = "${base_libdir}/lib*.so.* \ | 110 | FILES:${PN}-libs = "${base_libdir}/lib*.so.* \ |
| 111 | ${base_libdir}/multipath/lib*.so*" | 111 | ${base_libdir}/multipath/lib*.so*" |
| 112 | RDEPENDS:${PN} += "${PN}-libs bash libgcc" | 112 | RDEPENDS:${PN} += "${PN}-libs bash libgcc" |
| 113 | RRECOMMENDS:${PN} = "kernel-module-dm-multipath" | ||
| 113 | 114 | ||
| 114 | PROVIDES += "device-mapper-multipath" | 115 | PROVIDES += "device-mapper-multipath" |
| 115 | RPROVIDES:${PN} += "device-mapper-multipath" | 116 | RPROVIDES:${PN} += "device-mapper-multipath" |
diff --git a/meta-oe/recipes-support/nano/nano_8.7.1.bb b/meta-oe/recipes-support/nano/nano_9.0.bb index e62529ff9b..06bb7a63ce 100644 --- a/meta-oe/recipes-support/nano/nano_8.7.1.bb +++ b/meta-oe/recipes-support/nano/nano_9.0.bb | |||
| @@ -13,7 +13,7 @@ RDEPENDS:${PN} = "ncurses-terminfo-base" | |||
| 13 | PV_MAJOR = "${@d.getVar('PV').split('.')[0]}" | 13 | PV_MAJOR = "${@d.getVar('PV').split('.')[0]}" |
| 14 | 14 | ||
| 15 | SRC_URI = "https://nano-editor.org/dist/v${PV_MAJOR}/nano-${PV}.tar.xz" | 15 | SRC_URI = "https://nano-editor.org/dist/v${PV_MAJOR}/nano-${PV}.tar.xz" |
| 16 | SRC_URI[sha256sum] = "76f0dcb248f2e2f1251d4ecd20fd30fb400a360a3a37c6c340e0a52c2d1cdedf" | 16 | SRC_URI[sha256sum] = "9f384374b496110a25b73ad5a5febb384783c6e3188b37063f677ac908013fde" |
| 17 | 17 | ||
| 18 | UPSTREAM_CHECK_URI = "${GNU_MIRROR}/nano" | 18 | UPSTREAM_CHECK_URI = "${GNU_MIRROR}/nano" |
| 19 | 19 | ||
diff --git a/meta-oe/recipes-support/nss/nss_3.121.bb b/meta-oe/recipes-support/nss/nss_3.122.bb index 99f54c948a..70aee3d9db 100644 --- a/meta-oe/recipes-support/nss/nss_3.121.bb +++ b/meta-oe/recipes-support/nss/nss_3.122.bb | |||
| @@ -33,7 +33,7 @@ SRC_URI = "https://ftp.mozilla.org/pub/security/nss/releases/${VERSION_DIR}/src/ | |||
| 33 | file://0006-Fix-nss-multilib-build-on-openSUSE-11.x-32bit.patch \ | 33 | file://0006-Fix-nss-multilib-build-on-openSUSE-11.x-32bit.patch \ |
| 34 | file://0007-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \ | 34 | file://0007-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \ |
| 35 | " | 35 | " |
| 36 | SRC_URI[sha256sum] = "cb3a8f8781bea78b7b8edd3afb7a2cb58e4881bb0160d189a39b98216ba7632e" | 36 | SRC_URI[sha256sum] = "2699478b843b9f09c61f85341578df514463a0069447c816bef0d59bd800d777" |
| 37 | 37 | ||
| 38 | UPSTREAM_CHECK_URI = "https://ftp.mozilla.org/pub/security/nss/releases/" | 38 | UPSTREAM_CHECK_URI = "https://ftp.mozilla.org/pub/security/nss/releases/" |
| 39 | UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>\d+(\_\d+)+)" | 39 | UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>\d+(\_\d+)+)" |
diff --git a/meta-oe/recipes-support/openct/openct/0001-Fix-incompatible-pointer-type-error-with-gcc-option.patch b/meta-oe/recipes-support/openct/openct/0001-Fix-incompatible-pointer-type-error-with-gcc-option.patch deleted file mode 100644 index 73c9d06667..0000000000 --- a/meta-oe/recipes-support/openct/openct/0001-Fix-incompatible-pointer-type-error-with-gcc-option.patch +++ /dev/null | |||
| @@ -1,65 +0,0 @@ | |||
| 1 | From c4351058da555e1e6a2b4b15d913baee80f55865 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Wang Mingyu <wangmy@fujitsu.com> | ||
| 3 | Date: Thu, 27 Jun 2024 06:27:18 +0000 | ||
| 4 | Subject: Fix incompatible pointer type error with gcc option | ||
| 5 | -Wincompatible-pointer-types | ||
| 6 | |||
| 7 | | ../../../openct-0.6.20/src/ifd/ifdhandler.c: In function 'ifdhandler_run': | ||
| 8 | | ../../../openct-0.6.20/src/ifd/ifdhandler.c:239:52: error: passing argument 2 of 'ifd_get_eventfd' from incompatible pointer type [-Wincompatible-pointer-types] | ||
| 9 | | 239 | sock->fd = ifd_get_eventfd(reader, &sock->events); | ||
| 10 | | | ^~~~~~~~~~~~~ | ||
| 11 | | | | | ||
| 12 | | | int * | ||
| 13 | | In file included from ../../../openct-0.6.20/src/ifd/internal.h:17, | ||
| 14 | | from ../../../openct-0.6.20/src/ifd/ifdhandler.c:7: | ||
| 15 | | ../../../openct-0.6.20/src/include/openct/ifd.h:182:65: note: expected 'short int *' but argument is of type 'int *' | ||
| 16 | | 182 | extern int ifd_get_eventfd(ifd_reader_t *, short *); | ||
| 17 | | | ^~~~~~~ | ||
| 18 | |||
| 19 | | ../../../openct-0.6.20/src/ifd/process.c: In function 'do_memory_write': | ||
| 20 | | ../../../openct-0.6.20/src/ifd/process.c:461:61: error: passing argument 4 of 'ct_tlv_get_opaque' from incompatible pointer type [-Wincompatible-pointer-types] | ||
| 21 | | 461 | || !ct_tlv_get_opaque(args, CT_TAG_DATA, &data, &data_len)) | ||
| 22 | | | ^~~~~~~~~ | ||
| 23 | | | | | ||
| 24 | | | unsigned int * | ||
| 25 | | In file included from ../../../openct-0.6.20/src/ifd/process.c:20: | ||
| 26 | | ../../../openct-0.6.20/src/include/openct/tlv.h:40:62: note: expected 'size_t *' {aka 'long unsigned int *'} but argument is of type 'unsigned int *' | ||
| 27 | | 40 | ifd_tag_t, unsigned char **, size_t *); | ||
| 28 | |||
| 29 | Upstream-Status: Submitted | ||
| 30 | |||
| 31 | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> | ||
| 32 | --- | ||
| 33 | src/ifd/ifdhandler.c | 2 +- | ||
| 34 | src/ifd/process.c | 2 +- | ||
| 35 | 2 files changed, 2 insertions(+), 2 deletions(-) | ||
| 36 | |||
| 37 | diff --git a/src/ifd/ifdhandler.c b/src/ifd/ifdhandler.c | ||
| 38 | index 12686c9..ebd1b53 100644 | ||
| 39 | --- a/src/ifd/ifdhandler.c | ||
| 40 | +++ b/src/ifd/ifdhandler.c | ||
| 41 | @@ -236,7 +236,7 @@ static void ifdhandler_run(ifd_reader_t * reader) | ||
| 42 | sock->fd = -1; | ||
| 43 | } | ||
| 44 | else { | ||
| 45 | - sock->fd = ifd_get_eventfd(reader, &sock->events); | ||
| 46 | + sock->fd = ifd_get_eventfd(reader, (short int *)&sock->events); | ||
| 47 | } | ||
| 48 | if (sock->fd == -1) { | ||
| 49 | ifd_debug(1, "events inactive for reader %s", reader->name); | ||
| 50 | diff --git a/src/ifd/process.c b/src/ifd/process.c | ||
| 51 | index 4563bdf..7088a76 100644 | ||
| 52 | --- a/src/ifd/process.c | ||
| 53 | +++ b/src/ifd/process.c | ||
| 54 | @@ -458,7 +458,7 @@ static int do_memory_write(ifd_reader_t * reader, int unit, | ||
| 55 | return IFD_ERROR_INVALID_SLOT; | ||
| 56 | |||
| 57 | if (ct_tlv_get_int(args, CT_TAG_ADDRESS, &address) == 0 | ||
| 58 | - || !ct_tlv_get_opaque(args, CT_TAG_DATA, &data, &data_len)) | ||
| 59 | + || !ct_tlv_get_opaque(args, CT_TAG_DATA, &data, (size_t *)&data_len)) | ||
| 60 | return IFD_ERROR_MISSING_ARG; | ||
| 61 | |||
| 62 | rc = ifd_card_write_memory(reader, unit, address, data, data_len); | ||
| 63 | -- | ||
| 64 | 2.34.1 | ||
| 65 | |||
diff --git a/meta-oe/recipes-support/openct/openct/0001-m4-Just-emit-the-first-line-of-compiler-version.patch b/meta-oe/recipes-support/openct/openct/0001-m4-Just-emit-the-first-line-of-compiler-version.patch deleted file mode 100644 index 9bd3d18d6e..0000000000 --- a/meta-oe/recipes-support/openct/openct/0001-m4-Just-emit-the-first-line-of-compiler-version.patch +++ /dev/null | |||
| @@ -1,31 +0,0 @@ | |||
| 1 | From 146b5116140d719e4e9ae19748c0b6dee7d82f96 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Khem Raj <raj.khem@gmail.com> | ||
| 3 | Date: Mon, 22 May 2023 22:01:28 -0700 | ||
| 4 | Subject: [PATCH] m4: Just emit the first line of compiler version | ||
| 5 | |||
| 6 | Avoids emitting buildpaths into comments | ||
| 7 | Fixes | ||
| 8 | WARNING: openct-0.6.20-r0 do_package_qa: QA Issue: File /usr/include/openct/types.h in package openct-dev contains reference to TMPDIR [buildpaths] | ||
| 9 | |||
| 10 | Upstream-Status: Pending | ||
| 11 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 12 | --- | ||
| 13 | m4/ac_create_stdint_h.m4 | 2 +- | ||
| 14 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 15 | |||
| 16 | diff --git a/m4/ac_create_stdint_h.m4 b/m4/ac_create_stdint_h.m4 | ||
| 17 | index 66de704..4b7223a 100644 | ||
| 18 | --- a/m4/ac_create_stdint_h.m4 | ||
| 19 | +++ b/m4/ac_create_stdint_h.m4 | ||
| 20 | @@ -110,7 +110,7 @@ echo "#define" $_ac_stdint_h "1" >>$ac_stdint_h | ||
| 21 | echo "#ifndef" _GENERATED_STDINT_H >>$ac_stdint_h | ||
| 22 | echo "#define" _GENERATED_STDINT_H '"'$PACKAGE $VERSION'"' >>$ac_stdint_h | ||
| 23 | if test "$GCC" = "yes" ; then | ||
| 24 | - echo "/* generated using a gnu compiler version" `$CC --version` "*/" \ | ||
| 25 | + echo "/* generated using a gnu compiler version" `$CC --version|head -1` "*/" \ | ||
| 26 | >>$ac_stdint_h | ||
| 27 | else | ||
| 28 | echo "/* generated using $CC */" >>$ac_stdint_h | ||
| 29 | -- | ||
| 30 | 2.40.1 | ||
| 31 | |||
diff --git a/meta-oe/recipes-support/openct/openct/etc-openct.udev.in-disablePROGRAM.patch b/meta-oe/recipes-support/openct/openct/etc-openct.udev.in-disablePROGRAM.patch deleted file mode 100644 index e2401bb31b..0000000000 --- a/meta-oe/recipes-support/openct/openct/etc-openct.udev.in-disablePROGRAM.patch +++ /dev/null | |||
| @@ -1,31 +0,0 @@ | |||
| 1 | From e0d3e0bb1e38ff851696a7d8826e651d364ad8ce Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Li xin <lixin.fnst@cn.fujitsu.com> | ||
| 3 | Date: Fri, 5 Dec 2014 02:00:57 +0900 | ||
| 4 | Subject: [PATCH 1/2] etc/openct.udev.in: disablePROGRAM | ||
| 5 | |||
| 6 | Bug fix: https://bugzilla.redhat.com/show_bug.cgi?id=287871 | ||
| 7 | |||
| 8 | Upstream-Status: Pending | ||
| 9 | |||
| 10 | Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> | ||
| 11 | --- | ||
| 12 | etc/openct.udev.in | 3 ++- | ||
| 13 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
| 14 | |||
| 15 | diff --git a/etc/openct.udev.in b/etc/openct.udev.in | ||
| 16 | index d11d0e1..48083c9 100644 | ||
| 17 | --- a/etc/openct.udev.in | ||
| 18 | +++ b/etc/openct.udev.in | ||
| 19 | @@ -22,7 +22,8 @@ ACTION!="add", GOTO="openct_usb_rules_end" | ||
| 20 | # 2010-01-06 removed, as latest udev doesn't know WAIT_FOR_ATTR any more. | ||
| 21 | |||
| 22 | # sleep for 100ms - the wait_for_sysfs might not be enough | ||
| 23 | -PROGRAM="/bin/sleep 0.1" | ||
| 24 | +# Disabled in this package - see https://bugzilla.redhat.com/287871 | ||
| 25 | +# PROGRAM="/bin/sleep 0.1" | ||
| 26 | |||
| 27 | # ccid | ||
| 28 | ATTR{bInterfaceClass}=="0b", ATTR{bInterfaceSubClass}=="00", ATTR{bInterfaceProtocol}=="00", ATTRS{idVendor}=="?*" RUN+="@udevdir@/openct_usb /dev/$parent" | ||
| 29 | -- | ||
| 30 | 1.8.4.2 | ||
| 31 | |||
diff --git a/meta-oe/recipes-support/openct/openct/etc-openct_usb.in-modify-UDEVINFO.patch b/meta-oe/recipes-support/openct/openct/etc-openct_usb.in-modify-UDEVINFO.patch deleted file mode 100644 index 22eda729fb..0000000000 --- a/meta-oe/recipes-support/openct/openct/etc-openct_usb.in-modify-UDEVINFO.patch +++ /dev/null | |||
| @@ -1,35 +0,0 @@ | |||
| 1 | From d93985a137b553b2723235d03bda341dab14064f Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Li xin <lixin.fnst@cn.fujitsu.com> | ||
| 3 | Date: Fri, 5 Dec 2014 02:04:03 +0900 | ||
| 4 | Subject: [PATCH 2/2] etc/openct_usb.in: modify UDEVINFO | ||
| 5 | |||
| 6 | this patch is from Fedora | ||
| 7 | |||
| 8 | Upstream-Status: Pending | ||
| 9 | |||
| 10 | Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> | ||
| 11 | --- | ||
| 12 | etc/openct_usb.in | 6 +++--- | ||
| 13 | 1 file changed, 3 insertions(+), 3 deletions(-) | ||
| 14 | |||
| 15 | diff --git a/etc/openct_usb.in b/etc/openct_usb.in | ||
| 16 | index 32f91aa..917467d 100644 | ||
| 17 | --- a/etc/openct_usb.in | ||
| 18 | +++ b/etc/openct_usb.in | ||
| 19 | @@ -15,10 +15,10 @@ if [ -z "$DEVNAME" ]; then | ||
| 20 | # Guess udev info interface. | ||
| 21 | # Newer udev uses udevadm | ||
| 22 | # | ||
| 23 | - if which udevinfo > /dev/null 2>&1; then | ||
| 24 | - UDEVINFO="udevinfo" | ||
| 25 | - else | ||
| 26 | + if which udevadm > /dev/null 2>&1; then | ||
| 27 | UDEVINFO="udevadm info" | ||
| 28 | + else | ||
| 29 | + UDEVINFO="udevinfo" | ||
| 30 | fi | ||
| 31 | DEVNAME=/dev/$($UDEVINFO --query=name --path=$(dirname $DEVPATH)) | ||
| 32 | fi | ||
| 33 | -- | ||
| 34 | 1.8.4.2 | ||
| 35 | |||
diff --git a/meta-oe/recipes-support/openct/openct/openct.init b/meta-oe/recipes-support/openct/openct/openct.init deleted file mode 100644 index c6896095e3..0000000000 --- a/meta-oe/recipes-support/openct/openct/openct.init +++ /dev/null | |||
| @@ -1,89 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | # | ||
| 3 | # openct This shell script takes care of starting and stopping OpenCT. | ||
| 4 | # | ||
| 5 | # chkconfig: 2345 24 89 | ||
| 6 | # description: OpenCT is a middleware framework for smart card terminals. | ||
| 7 | # | ||
| 8 | # processname: ifdhandler | ||
| 9 | # config: /etc/openct.conf | ||
| 10 | |||
| 11 | ### BEGIN INIT INFO | ||
| 12 | # Provides: openct | ||
| 13 | # Default-Start: 2 3 4 5 | ||
| 14 | # Default-Stop: 0 1 6 | ||
| 15 | # Should-Start: $syslog $network | ||
| 16 | # Should-Stop: $syslog $network | ||
| 17 | # Short-Description: Middleware framework for smart card terminals | ||
| 18 | # Description: This starts/stops the OpenCT middleware framework support | ||
| 19 | # for smart card terminals. | ||
| 20 | ### END INIT INFO | ||
| 21 | |||
| 22 | . /etc/init.d/functions | ||
| 23 | |||
| 24 | exec="/usr/sbin/openct-control" | ||
| 25 | prog=openct | ||
| 26 | proc=ifdhandler | ||
| 27 | |||
| 28 | OPENCT_OPTIONS= | ||
| 29 | [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog | ||
| 30 | |||
| 31 | lockfile=/var/lock/subsys/$prog | ||
| 32 | |||
| 33 | start() { | ||
| 34 | retval=0 | ||
| 35 | if ! status $proc >/dev/null 2>&1 ; then | ||
| 36 | action $"Initializing OpenCT smart card terminals: " \ | ||
| 37 | $exec $OPENCT_OPTIONS init | ||
| 38 | retval=$? | ||
| 39 | [ $retval -eq 0 ] && touch $lockfile | ||
| 40 | fi | ||
| 41 | return $retval | ||
| 42 | } | ||
| 43 | |||
| 44 | stop() { | ||
| 45 | if status $proc >/dev/null 2>&1 ; then | ||
| 46 | action $"Stopping OpenCT smart card terminals: " \ | ||
| 47 | $exec $OPENCT_OPTIONS shutdown | ||
| 48 | fi | ||
| 49 | retval=$? | ||
| 50 | if [ $retval -eq 0 ] ; then | ||
| 51 | rm -f /var/run/openct/status | ||
| 52 | rm -f $lockfile | ||
| 53 | fi | ||
| 54 | return $retval | ||
| 55 | } | ||
| 56 | |||
| 57 | restart() { | ||
| 58 | stop | ||
| 59 | start | ||
| 60 | } | ||
| 61 | |||
| 62 | oct_status() { | ||
| 63 | status $proc | ||
| 64 | retval=$? | ||
| 65 | if [ -e /var/run/openct/status ] ; then | ||
| 66 | $exec $OPENCT_OPTIONS status | ||
| 67 | [ -e /var/run/openct/status ] && \ | ||
| 68 | echo $"Waiting for reader attach/detach events..." | ||
| 69 | fi | ||
| 70 | return $retval | ||
| 71 | } | ||
| 72 | |||
| 73 | case "$1" in | ||
| 74 | start|stop|restart) | ||
| 75 | $1 | ||
| 76 | ;; | ||
| 77 | reload|force-reload) | ||
| 78 | restart | ||
| 79 | ;; | ||
| 80 | status) | ||
| 81 | oct_status | ||
| 82 | ;; | ||
| 83 | try-restart|condrestart) | ||
| 84 | [ ! -f $lockfile ] || restart | ||
| 85 | ;; | ||
| 86 | *) | ||
| 87 | echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload}" | ||
| 88 | exit 2 | ||
| 89 | esac | ||
diff --git a/meta-oe/recipes-support/openct/openct/openct.service b/meta-oe/recipes-support/openct/openct/openct.service deleted file mode 100644 index 57de8c0a88..0000000000 --- a/meta-oe/recipes-support/openct/openct/openct.service +++ /dev/null | |||
| @@ -1,13 +0,0 @@ | |||
| 1 | [Unit] | ||
| 2 | Description=Openct Middleware framework for smart card terminals | ||
| 3 | After=syslog.target network.target | ||
| 4 | |||
| 5 | [Service] | ||
| 6 | EnvironmentFile=-/etc/sysconfig/openct | ||
| 7 | ExecStart=/usr/sbin/openct-control $OPENCT_OPTIONS init | ||
| 8 | ExecStop=/usr/sbin/openct-control $OPENCT_OPTIONS shutdown | ||
| 9 | RemainAfterExit=yes | ||
| 10 | KillMode=mixed | ||
| 11 | |||
| 12 | [Install] | ||
| 13 | WantedBy=multi-user.target | ||
diff --git a/meta-oe/recipes-support/openct/openct/openct.sysconfig b/meta-oe/recipes-support/openct/openct/openct.sysconfig deleted file mode 100644 index ffc270790f..0000000000 --- a/meta-oe/recipes-support/openct/openct/openct.sysconfig +++ /dev/null | |||
| @@ -1,5 +0,0 @@ | |||
| 1 | # -*- sh -*- | ||
| 2 | # Extra options to pass to openct-control. | ||
| 3 | # Consult "/usr/sbin/openct-control -h" for available options. | ||
| 4 | # | ||
| 5 | OPENCT_OPTIONS="" | ||
diff --git a/meta-oe/recipes-support/openct/openct_0.6.20.bb b/meta-oe/recipes-support/openct/openct_0.6.20.bb deleted file mode 100644 index c7b0d0d56d..0000000000 --- a/meta-oe/recipes-support/openct/openct_0.6.20.bb +++ /dev/null | |||
| @@ -1,91 +0,0 @@ | |||
| 1 | SUMMARY = "Middleware framework for smart card terminals" | ||
| 2 | HOMEPAGE = "https://github.com/OpenSC/openct/wiki" | ||
| 3 | DESCRIPTION = " \ | ||
| 4 | OpenCT implements drivers for several smart card readers. \ | ||
| 5 | It comes as driver in ifdhandler format for PC/SC-Lite, \ | ||
| 6 | as CT-API driver, or as a small and lean middleware, \ | ||
| 7 | so applications can use it with minimal overhead. \ | ||
| 8 | OpenCT also has a primitive mechanism to export smart card \ | ||
| 9 | readers to remote machines via TCP/IP." | ||
| 10 | |||
| 11 | DEPENDS += "libtool pcsc-lite libusb-compat" | ||
| 12 | |||
| 13 | SRC_URI = " \ | ||
| 14 | https://downloads.sourceforge.net/project/opensc/${BPN}/${BPN}-${PV}.tar.gz \ | ||
| 15 | file://etc-openct.udev.in-disablePROGRAM.patch \ | ||
| 16 | file://etc-openct_usb.in-modify-UDEVINFO.patch \ | ||
| 17 | file://0001-m4-Just-emit-the-first-line-of-compiler-version.patch \ | ||
| 18 | file://openct.init \ | ||
| 19 | file://openct.sysconfig \ | ||
| 20 | file://openct.service \ | ||
| 21 | file://0001-Fix-incompatible-pointer-type-error-with-gcc-option.patch \ | ||
| 22 | " | ||
| 23 | |||
| 24 | SRC_URI[sha256sum] = "6cd3e2933d29eb1f875c838ee58b8071fd61f0ec8ed5922a86c01c805d181a68" | ||
| 25 | |||
| 26 | UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/opensc/files/openct/" | ||
| 27 | |||
| 28 | LICENSE = "LGPL-2.0-or-later" | ||
| 29 | LIC_FILES_CHKSUM = "file://LGPL-2.1;md5=2d5025d4aa3495befef8f17206a5b0a1" | ||
| 30 | |||
| 31 | inherit systemd | ||
| 32 | SYSTEMD_SERVICE:${PN} += "openct.service " | ||
| 33 | SYSTEMD_AUTO_ENABLE = "enable" | ||
| 34 | |||
| 35 | EXTRA_OECONF = " \ | ||
| 36 | --disable-static \ | ||
| 37 | --enable-usb \ | ||
| 38 | --enable-pcsc \ | ||
| 39 | --enable-doc \ | ||
| 40 | --enable-api-doc \ | ||
| 41 | --with-udev=${nonarch_libdir}/udev \ | ||
| 42 | --with-bundle=${libdir}/pcsc/drivers \ | ||
| 43 | " | ||
| 44 | |||
| 45 | inherit autotools pkgconfig | ||
| 46 | |||
| 47 | FILES:${PN} += " \ | ||
| 48 | ${libdir}/ctapi \ | ||
| 49 | ${nonarch_libdir}/udev \ | ||
| 50 | ${libdir}/openct-ifd.so \ | ||
| 51 | ${libdir}/pcsc \ | ||
| 52 | " | ||
| 53 | |||
| 54 | FILES:${PN}-dbg += " \ | ||
| 55 | ${libdir}/ctapi/.debug \ | ||
| 56 | ${libdir}/pcsc/drivers/openct-ifd.bundle/Contents/Linux/.debug \ | ||
| 57 | " | ||
| 58 | |||
| 59 | INSANE_SKIP:${PN} += "dev-deps" | ||
| 60 | |||
| 61 | do_install[cleandirs] += "${D}" | ||
| 62 | |||
| 63 | do_install () { | ||
| 64 | install -d ${D}${sysconfdir} | ||
| 65 | # fix up hardcoded paths | ||
| 66 | sed -i -e 's,/etc/,${sysconfdir}/,' -e 's,/usr/sbin/,${sbindir}/,' \ | ||
| 67 | ${UNPACKDIR}/openct.service ${UNPACKDIR}/openct.init | ||
| 68 | |||
| 69 | oe_runmake install DESTDIR=${D} | ||
| 70 | install -dm 755 ${D}${libdir}/ctapi/ | ||
| 71 | mv ${D}${libdir}/libopenctapi.so ${D}${libdir}/ctapi/ | ||
| 72 | install -Dpm 644 etc/openct.udev ${D}${nonarch_libdir}/udev/rules.d/60-openct.rules | ||
| 73 | install -pm 644 etc/openct.conf ${D}${sysconfdir}/openct.conf | ||
| 74 | |||
| 75 | install -Dpm 755 ${UNPACKDIR}/openct.init ${D}${sysconfdir}/init.d/openct | ||
| 76 | install -Dpm 644 ${UNPACKDIR}/openct.sysconfig ${D}${sysconfdir}/sysconfig/openct | ||
| 77 | |||
| 78 | install -d ${D}${systemd_unitdir}/system | ||
| 79 | install -m 644 ${UNPACKDIR}/openct.service ${D}${systemd_unitdir}/system | ||
| 80 | |||
| 81 | so=$(find ${D} -name \*.so | sed "s|^${D}||") | ||
| 82 | sed -i -e 's|\\(LIBPATH\\s*\\).*|\\1$so|' etc/reader.conf | ||
| 83 | install -Dpm 644 etc/reader.conf ${D}${sysconfdir}/reader.conf.d/openct.conf | ||
| 84 | } | ||
| 85 | |||
| 86 | BBCLASSEXTEND = "native" | ||
| 87 | |||
| 88 | # http://errors.yoctoproject.org/Errors/Details/766890/ | ||
| 89 | # openct-0.6.20/src/ifd/ifdhandler.c:239:52: error: passing argument 2 of 'ifd_get_eventfd' from incompatible pointer type [-Wincompatible-pointer-types] | ||
| 90 | # openct-0.6.20/src/ifd/process.c:461:61: error: passing argument 4 of 'ct_tlv_get_opaque' from incompatible pointer type [-Wincompatible-pointer-types] | ||
| 91 | CFLAGS += "-Wno-error=incompatible-pointer-types" | ||
diff --git a/meta-oe/recipes-support/opensc/opensc_0.26.1.bb b/meta-oe/recipes-support/opensc/opensc_0.27.1.bb index 78258c965a..d659fd1bee 100644 --- a/meta-oe/recipes-support/opensc/opensc_0.26.1.bb +++ b/meta-oe/recipes-support/opensc/opensc_0.27.1.bb | |||
| @@ -11,8 +11,8 @@ LICENSE = "LGPL-2.1-or-later" | |||
| 11 | LIC_FILES_CHKSUM = "file://COPYING;md5=cb8aedd3bced19bd8026d96a8b6876d7" | 11 | LIC_FILES_CHKSUM = "file://COPYING;md5=cb8aedd3bced19bd8026d96a8b6876d7" |
| 12 | DEPENDS = "openssl" | 12 | DEPENDS = "openssl" |
| 13 | 13 | ||
| 14 | SRCREV = "043343d2df7b09d1938bc3dc313d86a96be457cc" | 14 | SRCREV = "19868984dc4dc697af6a86d65ab32a1f19a43ea4" |
| 15 | SRC_URI = "git://github.com/OpenSC/OpenSC;branch=0.26.1;protocol=https" | 15 | SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https" |
| 16 | 16 | ||
| 17 | CVE_STATUS[CVE-2024-8443] = "fixed-version: this is fixed since 0.26.0" | 17 | CVE_STATUS[CVE-2024-8443] = "fixed-version: this is fixed since 0.26.0" |
| 18 | 18 | ||
| @@ -36,6 +36,7 @@ PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline" | |||
| 36 | FILES:${PN} += "\ | 36 | FILES:${PN} += "\ |
| 37 | ${libdir}/opensc-pkcs11.so \ | 37 | ${libdir}/opensc-pkcs11.so \ |
| 38 | ${libdir}/pkcs11-spy.so \ | 38 | ${libdir}/pkcs11-spy.so \ |
| 39 | ${datadir}/p11-kit/modules/opensc.module \ | ||
| 39 | " | 40 | " |
| 40 | FILES:${PN}-dev += "\ | 41 | FILES:${PN}-dev += "\ |
| 41 | ${libdir}/onepin-opensc-pkcs11.so \ | 42 | ${libdir}/onepin-opensc-pkcs11.so \ |
diff --git a/meta-oe/recipes-support/pcsc-lite/pcsc-lite_2.0.3.bb b/meta-oe/recipes-support/pcsc-lite/pcsc-lite_2.0.3.bb index 169630d319..9e3c98bb97 100644 --- a/meta-oe/recipes-support/pcsc-lite/pcsc-lite_2.0.3.bb +++ b/meta-oe/recipes-support/pcsc-lite/pcsc-lite_2.0.3.bb | |||
| @@ -34,7 +34,7 @@ PACKAGES = "${PN} ${PN}-dbg ${PN}-dev ${PN}-lib ${PN}-doc ${PN}-spy ${PN}-spy-de | |||
| 34 | 34 | ||
| 35 | RRECOMMENDS:${PN} = "ccid" | 35 | RRECOMMENDS:${PN} = "ccid" |
| 36 | RRECOMMENDS:${PN}:class-native = "" | 36 | RRECOMMENDS:${PN}:class-native = "" |
| 37 | RPROVIDES:${PN}:class-native += "pcsc-lite-lib-native" | 37 | RPROVIDES:${PN}:append:class-native = " pcsc-lite-lib-native" |
| 38 | 38 | ||
| 39 | FILES:${PN} = "${sbindir}/pcscd \ | 39 | FILES:${PN} = "${sbindir}/pcscd \ |
| 40 | ${datadir}/polkit-1" | 40 | ${datadir}/polkit-1" |
diff --git a/meta-oe/recipes-support/pidgin/pidgin_2.14.14.bb b/meta-oe/recipes-support/pidgin/pidgin_2.14.14.bb index 13a22f6e59..af44864fa9 100644 --- a/meta-oe/recipes-support/pidgin/pidgin_2.14.14.bb +++ b/meta-oe/recipes-support/pidgin/pidgin_2.14.14.bb | |||
| @@ -14,7 +14,6 @@ SRC_URI = "\ | |||
| 14 | 14 | ||
| 15 | SRC_URI[sha256sum] = "0ffc9994def10260f98a55cd132deefa8dc4a9835451cc0e982747bd458e2356" | 15 | SRC_URI[sha256sum] = "0ffc9994def10260f98a55cd132deefa8dc4a9835451cc0e982747bd458e2356" |
| 16 | 16 | ||
| 17 | CVE_STATUS[CVE-2010-1624] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." | ||
| 18 | CVE_STATUS[CVE-2011-3594] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." | 17 | CVE_STATUS[CVE-2011-3594] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." |
| 19 | 18 | ||
| 20 | PACKAGECONFIG ??= "gnutls consoleui avahi dbus idn nss \ | 19 | PACKAGECONFIG ??= "gnutls consoleui avahi dbus idn nss \ |
| @@ -51,6 +50,7 @@ EXTRA_OECONF = " \ | |||
| 51 | --disable-farstream \ | 50 | --disable-farstream \ |
| 52 | --disable-vv \ | 51 | --disable-vv \ |
| 53 | " | 52 | " |
| 53 | CACHED_CONFIGUREVARS += "ac_cv_prog_cc_c23=no" | ||
| 54 | 54 | ||
| 55 | # CONFIG_ARGS is used to display build info. Replace full paths by reproducible | 55 | # CONFIG_ARGS is used to display build info. Replace full paths by reproducible |
| 56 | # variables ($S, $WORKDIR) | 56 | # variables ($S, $WORKDIR) |
diff --git a/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_1.1.bb b/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_1.2.bb index 015c2287ef..1bdb4445e5 100644 --- a/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_1.1.bb +++ b/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_1.2.bb | |||
| @@ -15,7 +15,7 @@ DEPENDS = "\ | |||
| 15 | p11-kit \ | 15 | p11-kit \ |
| 16 | " | 16 | " |
| 17 | 17 | ||
| 18 | SRCREV = "acb7086e44849d019956233348046c4f07c0670b" | 18 | SRCREV = "c7a5c8b62a0ff012b16574f01651254ef7e664ee" |
| 19 | 19 | ||
| 20 | SRC_URI = "git://github.com/latchset/${BPN}.git;branch=main;protocol=https" | 20 | SRC_URI = "git://github.com/latchset/${BPN}.git;branch=main;protocol=https" |
| 21 | 21 | ||
diff --git a/meta-oe/recipes-support/poco/poco/0003-quill-rdtsc-fallback-for-32-bit-powerpc.patch b/meta-oe/recipes-support/poco/poco/0003-quill-rdtsc-fallback-for-32-bit-powerpc.patch new file mode 100644 index 0000000000..293321bfa8 --- /dev/null +++ b/meta-oe/recipes-support/poco/poco/0003-quill-rdtsc-fallback-for-32-bit-powerpc.patch | |||
| @@ -0,0 +1,35 @@ | |||
| 1 | From dce2cc2886a9097971856e69737cc5c05c9239ea Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Peter Marko <peter.marko@siemens.com> | ||
| 3 | Date: Wed, 8 Apr 2026 10:54:25 +0200 | ||
| 4 | Subject: [PATCH] quill: use soft rdtsc fallback on 32-bit PowerPC | ||
| 5 | |||
| 6 | Quill's rdtsc helper already avoids __rdtsc() on ARM and PPC64, but | ||
| 7 | 32-bit PowerPC was not included in that guard. On powerpc targets this | ||
| 8 | falls through to the x86-specific intrinsic and fails with: | ||
| 9 | |||
| 10 | error: '__rdtsc' was not declared in this scope | ||
| 11 | |||
| 12 | Treat common 32-bit PowerPC compiler define the same way as PPC64 and | ||
| 13 | use the existing steady_clock-based fallback. | ||
| 14 | |||
| 15 | Upstream-Status: Submitted [https://github.com/odygrd/quill/pull/911] | ||
| 16 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
| 17 | --- | ||
| 18 | dependencies/quill/include/quill/core/Rdtsc.h | 2 +- | ||
| 19 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 20 | |||
| 21 | diff --git a/dependencies/quill/include/quill/core/Rdtsc.h b/dependencies/quill/include/quill/core/Rdtsc.h | ||
| 22 | index 3d0ae9f26..67f26cb89 100644 | ||
| 23 | --- a/dependencies/quill/include/quill/core/Rdtsc.h | ||
| 24 | +++ b/dependencies/quill/include/quill/core/Rdtsc.h | ||
| 25 | @@ -95,7 +95,7 @@ QUILL_NODISCARD QUILL_ATTRIBUTE_HOT inline uint64_t rdtsc() noexcept | ||
| 26 | __asm__ volatile("stck %0" : "=Q"(tsc) : : "cc"); | ||
| 27 | return tsc; | ||
| 28 | } | ||
| 29 | -#elif (defined(_M_ARM) || defined(_M_ARM64) || defined(__PPC64__)) | ||
| 30 | +#elif (defined(_M_ARM) || defined(_M_ARM64) || defined(__PPC64__) || defined(__PPC__)) | ||
| 31 | QUILL_NODISCARD QUILL_ATTRIBUTE_HOT inline uint64_t rdtsc() noexcept | ||
| 32 | { | ||
| 33 | // soft failover | ||
| 34 | -- | ||
| 35 | 2.47.2 | ||
diff --git a/meta-oe/recipes-support/poco/poco_1.15.1.bb b/meta-oe/recipes-support/poco/poco_1.15.2.bb index 7dd87606ef..5a873a1d85 100644 --- a/meta-oe/recipes-support/poco/poco_1.15.1.bb +++ b/meta-oe/recipes-support/poco/poco_1.15.2.bb | |||
| @@ -11,9 +11,10 @@ DEPENDS = "libpcre2 utf8proc zlib" | |||
| 11 | SRC_URI = "git://github.com/pocoproject/poco.git;branch=poco-${PV};protocol=https;tag=poco-${PV}-release \ | 11 | SRC_URI = "git://github.com/pocoproject/poco.git;branch=poco-${PV};protocol=https;tag=poco-${PV}-release \ |
| 12 | file://0001-cppignore.lnx-Ignore-PKCS12-and-testLaunch-test.patch \ | 12 | file://0001-cppignore.lnx-Ignore-PKCS12-and-testLaunch-test.patch \ |
| 13 | file://0002-DataTest-disable-testSQLChannel-test.patch \ | 13 | file://0002-DataTest-disable-testSQLChannel-test.patch \ |
| 14 | file://0003-quill-rdtsc-fallback-for-32-bit-powerpc.patch \ | ||
| 14 | file://run-ptest \ | 15 | file://run-ptest \ |
| 15 | " | 16 | " |
| 16 | SRCREV = "a1aacbba1bda4301db01bb1a2c2ab80677756b90" | 17 | SRCREV = "afbb1ab68f29eec7079e2fdfa04b3efdbec6529d" |
| 17 | 18 | ||
| 18 | UPSTREAM_CHECK_GITTAGREGEX = "poco-(?P<pver>\d+(\.\d+)+)" | 19 | UPSTREAM_CHECK_GITTAGREGEX = "poco-(?P<pver>\d+(\.\d+)+)" |
| 19 | 20 | ||
| @@ -23,7 +24,7 @@ inherit cmake ptest | |||
| 23 | # By default the most commonly used poco components are built | 24 | # By default the most commonly used poco components are built |
| 24 | # Foundation is built anyway and doesn't need to be listed explicitly | 25 | # Foundation is built anyway and doesn't need to be listed explicitly |
| 25 | # these don't have dependencies outside oe-core | 26 | # these don't have dependencies outside oe-core |
| 26 | PACKAGECONFIG ??= "XML JSON PDF Util Net NetSSL Crypto JWT Data DataPostgreSQL DataSQLite DNSSDAvahi Zip Encodings Prometheus" | 27 | PACKAGECONFIG ??= "XML JSON PDF Util Net NetSSL Crypto JWT Data DataPostgreSQL DataSQLite DNSSDAvahi Zip Encodings Prometheus FastLogger" |
| 27 | # MongoDB does not build for all architectures yet keep in sync with COMPATIBLE_HOST list in mongodb recipe | 28 | # MongoDB does not build for all architectures yet keep in sync with COMPATIBLE_HOST list in mongodb recipe |
| 28 | # and mongodb needs meta-python enabled as well | 29 | # and mongodb needs meta-python enabled as well |
| 29 | PACKAGECONFIG:remove:riscv32 = "MongoDB" | 30 | PACKAGECONFIG:remove:riscv32 = "MongoDB" |
| @@ -48,6 +49,7 @@ PACKAGECONFIG[DNSSDAvahi] = "-DENABLE_DNSSD=ON -DENABLE_DNSSD_AVAHI=ON,-DENABLE_ | |||
| 48 | PACKAGECONFIG[Zip] = "-DENABLE_ZIP=ON,-DENABLE_ZIP=OFF" | 49 | PACKAGECONFIG[Zip] = "-DENABLE_ZIP=ON,-DENABLE_ZIP=OFF" |
| 49 | PACKAGECONFIG[Encodings] = "-DENABLE_ENCODINGS=ON,-DENABLE_ENCODINGS=OFF" | 50 | PACKAGECONFIG[Encodings] = "-DENABLE_ENCODINGS=ON,-DENABLE_ENCODINGS=OFF" |
| 50 | PACKAGECONFIG[Prometheus] = "-DENABLE_PROMETHEUS=ON,-DENABLE_PROMETHEUS=OFF" | 51 | PACKAGECONFIG[Prometheus] = "-DENABLE_PROMETHEUS=ON,-DENABLE_PROMETHEUS=OFF" |
| 52 | PACKAGECONFIG[FastLogger] = "-DENABLE_FASTLOGGER=ON,-DENABLE_FASTLOGGER=OFF" | ||
| 51 | 53 | ||
| 52 | # Additional components not build by default, | 54 | # Additional components not build by default, |
| 53 | # they might have dependencies not included in oe-core | 55 | # they might have dependencies not included in oe-core |
| @@ -74,11 +76,6 @@ EXTRA_OECMAKE:append:class-native = " -DPOCO_UNBUNDLED=OFF" | |||
| 74 | # do not use rpath | 76 | # do not use rpath |
| 75 | EXTRA_OECMAKE:append = " -DCMAKE_SKIP_RPATH=ON" | 77 | EXTRA_OECMAKE:append = " -DCMAKE_SKIP_RPATH=ON" |
| 76 | 78 | ||
| 77 | LDFLAGS:append:riscv32 = "${@bb.utils.contains('PACKAGECONFIG', 'Prometheus', ' -Wl,--no-as-needed -latomic -Wl,--as-needed', '', d)}" | ||
| 78 | LDFLAGS:append:mips = "${@bb.utils.contains('PACKAGECONFIG', 'Prometheus', ' -Wl,--no-as-needed -latomic -Wl,--as-needed', '', d)}" | ||
| 79 | LDFLAGS:append:powerpc = "${@bb.utils.contains('PACKAGECONFIG', 'Prometheus', ' -Wl,--no-as-needed -latomic -Wl,--as-needed', '', d)}" | ||
| 80 | LDFLAGS:append:x86 = "${@bb.utils.contains('PACKAGECONFIG', 'Prometheus', ' -Wl,--no-as-needed -latomic -Wl,--as-needed', '', d)}" | ||
| 81 | |||
| 82 | python populate_packages:prepend () { | 79 | python populate_packages:prepend () { |
| 83 | poco_libdir = d.expand('${libdir}') | 80 | poco_libdir = d.expand('${libdir}') |
| 84 | pn = d.getVar("PN") | 81 | pn = d.getVar("PN") |
diff --git a/meta-oe/recipes-support/systemd-netlogd/systemd-netlogd/0001-Fix-const-correctness-for-pointer-variables-to-refer.patch b/meta-oe/recipes-support/systemd-netlogd/systemd-netlogd/0001-Fix-const-correctness-for-pointer-variables-to-refer.patch new file mode 100644 index 0000000000..190baff606 --- /dev/null +++ b/meta-oe/recipes-support/systemd-netlogd/systemd-netlogd/0001-Fix-const-correctness-for-pointer-variables-to-refer.patch | |||
| @@ -0,0 +1,60 @@ | |||
| 1 | From 515e23b37ad1400bfb73797771c4f0fd78655328 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Khem Raj <khem.raj@oss.qualcomm.com> | ||
| 3 | Date: Wed, 15 Apr 2026 10:52:05 -0700 | ||
| 4 | Subject: [PATCH] Fix const-correctness for pointer variables to referred | ||
| 5 | strings | ||
| 6 | |||
| 7 | Mark pointer variables 'e' as 'const char *' in | ||
| 8 | config_parse_netlog_remote_address,file_in_same_dir, and | ||
| 9 | socket_address_parse, since they point to memory they do not | ||
| 10 | own or modify. | ||
| 11 | |||
| 12 | Upstream-Status: Submitted [https://github.com/systemd/systemd-netlogd/pull/148] | ||
| 13 | Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> | ||
| 14 | --- | ||
| 15 | src/netlog/netlog-conf.c | 2 +- | ||
| 16 | src/share/path-util.c | 3 ++- | ||
| 17 | src/share/socket-util.c | 3 ++- | ||
| 18 | 3 files changed, 5 insertions(+), 3 deletions(-) | ||
| 19 | |||
| 20 | diff --git a/src/netlog/netlog-conf.c b/src/netlog/netlog-conf.c | ||
| 21 | index a4cf0da..59bdd23 100644 | ||
| 22 | --- a/src/netlog/netlog-conf.c | ||
| 23 | +++ b/src/netlog/netlog-conf.c | ||
| 24 | @@ -22,7 +22,7 @@ int config_parse_netlog_remote_address(const char *unit, | ||
| 25 | void *data, | ||
| 26 | void *userdata) { | ||
| 27 | Manager *m = userdata; | ||
| 28 | - char *e; | ||
| 29 | + const char *e; | ||
| 30 | int r; | ||
| 31 | |||
| 32 | assert(filename); | ||
| 33 | diff --git a/src/share/path-util.c b/src/share/path-util.c | ||
| 34 | index dda7ec6..ad6f24a 100644 | ||
| 35 | --- a/src/share/path-util.c | ||
| 36 | +++ b/src/share/path-util.c | ||
| 37 | @@ -327,7 +327,8 @@ bool path_is_safe(const char *p) { | ||
| 38 | } | ||
| 39 | |||
| 40 | char *file_in_same_dir(const char *path, const char *filename) { | ||
| 41 | - char *e, *ret; | ||
| 42 | + const char *e; | ||
| 43 | + char *ret; | ||
| 44 | size_t k; | ||
| 45 | |||
| 46 | assert(path); | ||
| 47 | diff --git a/src/share/socket-util.c b/src/share/socket-util.c | ||
| 48 | index ae33338..5a6284b 100644 | ||
| 49 | --- a/src/share/socket-util.c | ||
| 50 | +++ b/src/share/socket-util.c | ||
| 51 | @@ -33,7 +33,8 @@ | ||
| 52 | #include "util.h" | ||
| 53 | |||
| 54 | int socket_address_parse(SocketAddress *a, const char *s) { | ||
| 55 | - char *e, *n; | ||
| 56 | + const char *e; | ||
| 57 | + char *n; | ||
| 58 | unsigned u; | ||
| 59 | int r; | ||
| 60 | |||
diff --git a/meta-oe/recipes-support/systemd-netlogd/systemd-netlogd_1.4.4.bb b/meta-oe/recipes-support/systemd-netlogd/systemd-netlogd_1.4.5.bb index 019098fdf7..c52940ec70 100644 --- a/meta-oe/recipes-support/systemd-netlogd/systemd-netlogd_1.4.4.bb +++ b/meta-oe/recipes-support/systemd-netlogd/systemd-netlogd_1.4.5.bb | |||
| @@ -3,8 +3,10 @@ SUMMARY = "Forwards messages from the journal to other hosts over the network us | |||
| 3 | LICENSE = "LGPL-2.1-or-later" | 3 | LICENSE = "LGPL-2.1-or-later" |
| 4 | LIC_FILES_CHKSUM = "file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" | 4 | LIC_FILES_CHKSUM = "file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" |
| 5 | 5 | ||
| 6 | SRC_URI = "git://github.com/systemd/systemd-netlogd.git;protocol=https;branch=main" | 6 | SRC_URI = "git://github.com/systemd/systemd-netlogd.git;protocol=https;branch=main;tag=v${PV} \ |
| 7 | SRCREV = "b03cc3b1a75048c7cf19467d8918a4b7320767e6" | 7 | file://0001-Fix-const-correctness-for-pointer-variables-to-refer.patch \ |
| 8 | " | ||
| 9 | SRCREV = "20534091417686d1185acb3f29e93944d8663c4b" | ||
| 8 | 10 | ||
| 9 | inherit meson systemd pkgconfig useradd features_check | 11 | inherit meson systemd pkgconfig useradd features_check |
| 10 | 12 | ||
diff --git a/meta-oe/recipes-support/tbb/tbb_2022.3.0.bb b/meta-oe/recipes-support/tbb/tbb_2022.3.0.bb index 01115e7e4d..440b6e0f46 100644 --- a/meta-oe/recipes-support/tbb/tbb_2022.3.0.bb +++ b/meta-oe/recipes-support/tbb/tbb_2022.3.0.bb | |||
| @@ -17,6 +17,7 @@ SRCREV = "f1862f38f83568d96e814e469ab61f88336cc595" | |||
| 17 | SRC_URI = "git://github.com/oneapi-src/oneTBB.git;protocol=https;branch=${BRANCH} \ | 17 | SRC_URI = "git://github.com/oneapi-src/oneTBB.git;protocol=https;branch=${BRANCH} \ |
| 18 | " | 18 | " |
| 19 | 19 | ||
| 20 | LDFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-lld', ' -Wl,--undefined-version', '', d)}" | ||
| 20 | 21 | ||
| 21 | inherit cmake pkgconfig | 22 | inherit cmake pkgconfig |
| 22 | 23 | ||
diff --git a/meta-oe/recipes-support/upower/upower_1.91.1.bb b/meta-oe/recipes-support/upower/upower_1.91.2.bb index d4107a959a..d6505974e9 100644 --- a/meta-oe/recipes-support/upower/upower_1.91.1.bb +++ b/meta-oe/recipes-support/upower/upower_1.91.2.bb | |||
| @@ -13,7 +13,7 @@ DEPENDS = " \ | |||
| 13 | " | 13 | " |
| 14 | 14 | ||
| 15 | SRC_URI = "https://gitlab.freedesktop.org/${BPN}/${BPN}/-/archive/v${PV}/${BPN}-v${PV}.tar.bz2" | 15 | SRC_URI = "https://gitlab.freedesktop.org/${BPN}/${BPN}/-/archive/v${PV}/${BPN}-v${PV}.tar.bz2" |
| 16 | SRC_URI[sha256sum] = "d568638d670a63a1886335b7b136f4888cb38a3b28f3f4bcdeaffcca0b0f6df8" | 16 | SRC_URI[sha256sum] = "f07f19b78a43a5053973d95a2fe96a12ede270b8db232b2e2c4ac4186fb42539" |
| 17 | S = "${UNPACKDIR}/${BPN}-v${PV}" | 17 | S = "${UNPACKDIR}/${BPN}-v${PV}" |
| 18 | 18 | ||
| 19 | UPSTREAM_CHECK_URI = "https://gitlab.freedesktop.org/${BPN}/${BPN}/-/tags" | 19 | UPSTREAM_CHECK_URI = "https://gitlab.freedesktop.org/${BPN}/${BPN}/-/tags" |
diff --git a/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.50.5.bb b/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.50.6.bb index e6007a6667..c3f736568f 100644 --- a/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.50.5.bb +++ b/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.50.6.bb | |||
| @@ -22,7 +22,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/webkitgtk-${PV}.tar.xz \ | |||
| 22 | file://fix-ftbfs-riscv64.patch \ | 22 | file://fix-ftbfs-riscv64.patch \ |
| 23 | file://0001-CMake-Add-a-variable-to-control-macro-__PAS_ALWAYS_I.patch \ | 23 | file://0001-CMake-Add-a-variable-to-control-macro-__PAS_ALWAYS_I.patch \ |
| 24 | " | 24 | " |
| 25 | SRC_URI[sha256sum] = "8737631bac3e9c7ad3e5208f9370e076c09d9c45b39980021ce54edadcc6f94f" | 25 | SRC_URI[sha256sum] = "2b281abf8894ffc6172152e5660b75eeeedbe1cc43d6783d09dc79f7c865bb42" |
| 26 | 26 | ||
| 27 | inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gi-docgen | 27 | inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gi-docgen |
| 28 | 28 | ||
| @@ -31,7 +31,7 @@ S = "${UNPACKDIR}/webkitgtk-${PV}" | |||
| 31 | ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" | 31 | ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" |
| 32 | REQUIRED_DISTRO_FEATURES = "opengl" | 32 | REQUIRED_DISTRO_FEATURES = "opengl" |
| 33 | 33 | ||
| 34 | CVE_PRODUCT = "webkitgtk webkitgtk\+" | 34 | CVE_PRODUCT = "webkitgtk webkitgtk+" |
| 35 | 35 | ||
| 36 | DEPENDS += " \ | 36 | DEPENDS += " \ |
| 37 | ruby-native \ | 37 | ruby-native \ |
diff --git a/meta-oe/recipes-support/xdg-dbus-proxy/xdg-dbus-proxy_0.1.6.bb b/meta-oe/recipes-support/xdg-dbus-proxy/xdg-dbus-proxy_0.1.7.bb index 28773163c5..a8e0a651ad 100644 --- a/meta-oe/recipes-support/xdg-dbus-proxy/xdg-dbus-proxy_0.1.6.bb +++ b/meta-oe/recipes-support/xdg-dbus-proxy/xdg-dbus-proxy_0.1.7.bb | |||
| @@ -12,11 +12,13 @@ DEPENDS = " \ | |||
| 12 | inherit meson pkgconfig ptest-gnome | 12 | inherit meson pkgconfig ptest-gnome |
| 13 | 13 | ||
| 14 | SRC_URI = " \ | 14 | SRC_URI = " \ |
| 15 | git://github.com/flatpak/xdg-dbus-proxy.git;protocol=https;branch=main \ | 15 | git://github.com/flatpak/xdg-dbus-proxy.git;protocol=https;branch=main;tag=${PV} \ |
| 16 | file://run-ptest \ | 16 | file://run-ptest \ |
| 17 | " | 17 | " |
| 18 | 18 | ||
| 19 | SRCREV = "1c1989e56f94b9eb3b7567f8a6e8a0aa16cba496" | 19 | SRCREV = "6a170fa77e3cbecb48f9dd2478fe5c0a119eb467" |
| 20 | |||
| 21 | CVE_STATUS[CVE-2026-34080] = "fixed-version: fixed in 0.1.7" | ||
| 20 | 22 | ||
| 21 | PACKAGECONFIG = "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" | 23 | PACKAGECONFIG = "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" |
| 22 | PACKAGECONFIG[tests] = "-Dtests=true -Dinstalled_tests=true,-Dtests=false -Dinstalled_tests=false" | 24 | PACKAGECONFIG[tests] = "-Dtests=true -Dinstalled_tests=true,-Dtests=false -Dinstalled_tests=false" |
diff --git a/meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.20.3.bb b/meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.20.4.bb index e0aca558fd..bb48b59dd8 100644 --- a/meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.20.3.bb +++ b/meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.20.4.bb | |||
| @@ -27,11 +27,17 @@ RDEPENDS:${PN} = "bubblewrap rtkit ${PORTAL_BACKENDS} fuse3-utils" | |||
| 27 | inherit meson pkgconfig python3native features_check | 27 | inherit meson pkgconfig python3native features_check |
| 28 | 28 | ||
| 29 | SRC_URI = " \ | 29 | SRC_URI = " \ |
| 30 | git://github.com/flatpak/xdg-desktop-portal.git;protocol=https;branch=xdg-desktop-portal-1.20 \ | 30 | git://github.com/flatpak/xdg-desktop-portal.git;protocol=https;branch=xdg-desktop-portal-1.20;name=main;tag=${PV} \ |
| 31 | git://gitlab.gnome.org/GNOME/libglnx.git;protocol=https;branch=master;name=libglnx;destsuffix=${BB_GIT_DEFAULT_DESTSUFFIX}/subprojects/libglnx \ | ||
| 31 | file://0001-meson.build-add-a-hack-for-crosscompile.patch \ | 32 | file://0001-meson.build-add-a-hack-for-crosscompile.patch \ |
| 32 | " | 33 | " |
| 33 | 34 | ||
| 34 | SRCREV = "23a76c392170dbbd26230f85ef56c3a57e52b857" | 35 | SRCREV_main = "f5aec228c9eb0c9a70eadd6424d92c0ca8a78247" |
| 36 | |||
| 37 | # this revision comes from subprojects/libglnx.wrap file of the main source repo | ||
| 38 | SRCREV_libglnx = "ccea836b799256420788c463a638ded0636b1632" | ||
| 39 | |||
| 40 | SRCREV_FORMAT = "main" | ||
| 35 | 41 | ||
| 36 | FILES:${PN} += "${libdir}/systemd ${datadir}/dbus-1" | 42 | FILES:${PN} += "${libdir}/systemd ${datadir}/dbus-1" |
| 37 | 43 | ||
| @@ -47,3 +53,5 @@ do_write_config:append() { | |||
| 47 | bwrap = '${bindir}/bwrap' | 53 | bwrap = '${bindir}/bwrap' |
| 48 | EOF | 54 | EOF |
| 49 | } | 55 | } |
| 56 | |||
| 57 | CVE_STATUS[CVE-2026-40354] = "fixed-version: fixed in 1.20.4" | ||
diff --git a/meta-oe/recipes-support/xdg-user-dirs/xdg-user-dirs_0.19.bb b/meta-oe/recipes-support/xdg-user-dirs/xdg-user-dirs_0.20.bb index 2550d4cd59..3d122981ca 100644 --- a/meta-oe/recipes-support/xdg-user-dirs/xdg-user-dirs_0.19.bb +++ b/meta-oe/recipes-support/xdg-user-dirs/xdg-user-dirs_0.20.bb | |||
| @@ -3,11 +3,11 @@ LICENSE = "GPL-2.0-only" | |||
| 3 | LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" | 3 | LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" |
| 4 | 4 | ||
| 5 | SRC_URI = "http://user-dirs.freedesktop.org/releases/${BPN}-${PV}.tar.xz" | 5 | SRC_URI = "http://user-dirs.freedesktop.org/releases/${BPN}-${PV}.tar.xz" |
| 6 | SRC_URI[sha256sum] = "e92deb929c10d4b29329397af8a2585101247f7e6177ac6f1d28e82130ed8c19" | 6 | SRC_URI[sha256sum] = "b8e34286278f4fef3e1bfe9685c395ccc0eb50c14d3a2fb4953dd00fbfd3af39" |
| 7 | 7 | ||
| 8 | inherit autotools gettext pkgconfig | 8 | inherit meson gettext pkgconfig |
| 9 | 9 | ||
| 10 | EXTRA_OECONF = "--disable-documentation" | 10 | EXTRA_OEMESON = "-Ddocs=false" |
| 11 | 11 | ||
| 12 | CONFFILES:${PN} += " \ | 12 | CONFFILES:${PN} += " \ |
| 13 | ${sysconfdir}/xdg/user-dirs.conf \ | 13 | ${sysconfdir}/xdg/user-dirs.conf \ |
diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.10.5.bb b/meta-oe/recipes-support/xrdp/xrdp_0.10.6.bb index 8d7c5807f2..152b37cb37 100644 --- a/meta-oe/recipes-support/xrdp/xrdp_0.10.5.bb +++ b/meta-oe/recipes-support/xrdp/xrdp_0.10.6.bb | |||
| @@ -17,7 +17,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN | |||
| 17 | file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \ | 17 | file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \ |
| 18 | file://0001-mark-count-with-unused-attribute.patch \ | 18 | file://0001-mark-count-with-unused-attribute.patch \ |
| 19 | " | 19 | " |
| 20 | SRC_URI[sha256sum] = "9abc96d164de4b1c40e2f3f537d0593d052a640cf3388978c133715ea69fb123" | 20 | SRC_URI[sha256sum] = "dfc21d5d603b642cf583987b36706b685bf05fd3aaaaacefb8f57c5f4a448677" |
| 21 | 21 | ||
| 22 | UPSTREAM_CHECK_URI = "https://github.com/neutrinolabs/xrdp/releases" | 22 | UPSTREAM_CHECK_URI = "https://github.com/neutrinolabs/xrdp/releases" |
| 23 | UPSTREAM_CHECK_REGEX = "releases/tag/v(?P<pver>\d+(\.\d+)+)" | 23 | UPSTREAM_CHECK_REGEX = "releases/tag/v(?P<pver>\d+(\.\d+)+)" |
| @@ -127,3 +127,12 @@ pkg_postinst:${PN}() { | |||
| 127 | fi | 127 | fi |
| 128 | fi | 128 | fi |
| 129 | } | 129 | } |
| 130 | |||
| 131 | CVE_STATUS[CVE-2026-32105] = "fixed-version: fixed in 0.10.6" | ||
| 132 | CVE_STATUS[CVE-2026-32107] = "fixed-version: fixed in 0.10.6" | ||
| 133 | CVE_STATUS[CVE-2026-32623] = "fixed-version: fixed in 0.10.6" | ||
| 134 | CVE_STATUS[CVE-2026-32624] = "fixed-version: fixed in 0.10.6" | ||
| 135 | CVE_STATUS[CVE-2026-33145] = "fixed-version: fixed in 0.10.6" | ||
| 136 | CVE_STATUS[CVE-2026-33516] = "fixed-version: fixed in 0.10.6" | ||
| 137 | CVE_STATUS[CVE-2026-33689] = "fixed-version: fixed in 0.10.6" | ||
| 138 | CVE_STATUS[CVE-2026-35512] = "fixed-version: fixed in 0.10.6" | ||
