From: Patrick Wicki <patrick.wi...@siemens.com> Update to latest (patch) release.
This fixes Integer overflow in Poco::UTF32Encoding, which is a security vulnerability (see https://github.com/pocoproject/poco/issues/4320). Drop POSIX thread creation patch since it's now fixed upstream. Refresh ccpignore.lnx patch. Add patch backporting https://github.com/pocoproject/poco/pull/4227. Changelog ========= - GH #4320: Integer overflow in Poco::UTF32Encoding - GH #4241: Poco::FileInputStream broken in 1.12.5 and 1.11.8 - GH #4219 Make POSIX event thread safe - GH #4215 Remove SocketReactor dependency on Poco::Thread for sleeping - GH #4197 ODBC::Binder UUID new/free mismatch - GH #4194 PollSet filters out some events - GH #4189 Use after free warnings - GH #4180 receiveResponse() may not return response body stream - GH #4177 Upgrade bundled pcre2 to 10.42 - GH #4147 missing \r\n when setting trailer header in chunked response - GH #4134 Initialisation of _socketIndex in SSLManager (OpenSSL) - GH #3867 Add options to disable STDIO in child process - GH #3832 pthread_getname_np' was not declared in this scope - GH #3786 FileChannel::setRotation overflow - GH #2776 Shutdown TLS1.3 connection - GH #4176 PCRE2 10.40 version has security vulnerabilities(CVE-2022-41409), when is the plan to fix it third-party - GH #4150 Use Poco format instead of sprintf in Util - GH #4116 Logging should evaluate only if the logging level is active - GH #4071 PageCompiler: add referrerPolicy to page directive feature - GH #4057 ODBC: SQL Anywhere Support - GH #4031 Classes with virtual functions missing virtual destructors (compilation issues) - GH #4023 CPPParser: Losing data if parameter std::function<void(bool)> is used - GH #4014 wrong string offset in HTTPCredentials::isNTLMCredentials - GH #4005 On UNIX platform, Poco::Path::getExtension() returns name of the hidden file if no extension is present - GH #3986 Fix dead lock on Timer destructor - GH #3968 Poco::Net::SocketConnector constructor should take SocketAddress by const reference - GH #3935 The extractor in postgresql drops milliseconds - GH #3926 CppParser throws exception when return value is specified to be in global namespace - GH #3921 Deadlock in Timer when one sync and one async cancel requests are issued - GH #3918 Static FastMutex fails to lock when issued from another thread on linux - GH #3880 NetSSL_OpenSSL: Support session resumption with TLSv1.3 - GH #3876 Replace sprintf with snprintf in Environment and NumberFormatter to avoid deprecation warnings - GH #3859 zlib headers not updated - GH #3806 HTTPClientSession::receiveResponse() gives NoMessage instead of Timeout exception for SSL connection on Windows when using OpenSSL 3.0.x - GH #3723 DateTimeFormatter creates invalid ISO8601 string - GH #3147 Reading from request stream hangs when "Transfer-Encoding: chunked" is used - GH #4218 Upgrade double-conversion to 3.3.0 - PR #4210 Fix pthread_setname not declared - PR #4072 optimize checkUpperLimit and checkLowerLimit in VarHolder.h enhancement - PR #4050 rename arc -> poco_arc - PR #4038 Fixed Poco::format specifier for error code bug platform_specific - PR #4011 fix #4005 Poco::Path::getExtension() - PR #3999 Fix hang in destructor - PR #3992 Fix thread counter leak - PR #3987 Fix dead lock on Timer destructor - PR #3971 Fix error handling with OpenSSL 3.0 in SecureSocketImpl.cpp (fixes #3806) - PR #3943 Fix build for QNX platform_specific - PR #3942 Fix data race when create POSIX thread - PR #3912 Fixed compile error for OpenSSL 1.0 systems (#3739) - PR #3883 Added system_error header to SockerProactor for std::error_code - PR #3855 Fix epollfd validity checks when compiling with wepoll - PR #3809 improve Windows OpenSSL 3.0.x error handling #3806 - PR #3769 Fixed converting/correcting pre-gregorian dates (#3723) Signed-off-by: Patrick Wicki <patrick.wi...@siemens.com> --- ...x-data-race-when-create-POSIX-thread.patch | 33 ----------------- ...nx-Ignore-PKCS12-and-testLaunch-test.patch | 35 ++++++++++--------- ...l-cmake-files-with-resolved-ENABLE_J.patch | 32 +++++++++++++++++ .../poco/{poco_1.12.4.bb => poco_1.12.5p2.bb} | 4 +-- 4 files changed, 53 insertions(+), 51 deletions(-) delete mode 100644 meta-oe/recipes-support/poco/poco/0001-Fix-data-race-when-create-POSIX-thread.patch create mode 100644 meta-oe/recipes-support/poco/poco/0002-fix-build-Install-cmake-files-with-resolved-ENABLE_J.patch rename meta-oe/recipes-support/poco/{poco_1.12.4.bb => poco_1.12.5p2.bb} (97%) diff --git a/meta-oe/recipes-support/poco/poco/0001-Fix-data-race-when-create-POSIX-thread.patch b/meta-oe/recipes-support/poco/poco/0001-Fix-data-race-when-create-POSIX-thread.patch deleted file mode 100644 index 1a7f4dcdc..000000000 --- a/meta-oe/recipes-support/poco/poco/0001-Fix-data-race-when-create-POSIX-thread.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 03b68fc924b24e12c87512d790d37fc6ddc352ac Mon Sep 17 00:00:00 2001 -From: Dawid Drozd <drozdda...@gmail.com> -Date: Sat, 11 Feb 2023 14:48:39 +0400 -Subject: [PATCH] Fix data race when create POSIX thread - -When creating thread using pthread_create() `_pData->thread` will be set. -It could lead to data race as in runnableEntry() we refer to that variable. - -Instead use pthread_self(). -getName() is already under mutex. - -Signed-off-by: Khem Raj <raj.k...@gmail.com> -Upstream-Status: Backport [https://github.com/pocoproject/poco/pull/3942/commits/9c8a79b994a367f626c5551e0f38c27d0d8431f1] ---- - Foundation/src/Thread_POSIX.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Foundation/src/Thread_POSIX.cpp b/Foundation/src/Thread_POSIX.cpp -index ceab76e82..3e52cd31f 100644 ---- a/Foundation/src/Thread_POSIX.cpp -+++ b/Foundation/src/Thread_POSIX.cpp -@@ -351,7 +351,7 @@ void* ThreadImpl::runnableEntry(void* pThread) - #endif - - ThreadImpl* pThreadImpl = reinterpret_cast<ThreadImpl*>(pThread); -- setThreadName(pThreadImpl->_pData->thread, reinterpret_cast<Thread*>(pThread)->getName()); -+ setThreadName(pthread_self(), reinterpret_cast<Thread*>(pThread)->getName()); - AutoPtr<ThreadData> pData = pThreadImpl->_pData; - try - { --- -2.42.0 - diff --git a/meta-oe/recipes-support/poco/poco/0001-cppignore.lnx-Ignore-PKCS12-and-testLaunch-test.patch b/meta-oe/recipes-support/poco/poco/0001-cppignore.lnx-Ignore-PKCS12-and-testLaunch-test.patch index 25934d61b..f70e8bcc7 100644 --- a/meta-oe/recipes-support/poco/poco/0001-cppignore.lnx-Ignore-PKCS12-and-testLaunch-test.patch +++ b/meta-oe/recipes-support/poco/poco/0001-cppignore.lnx-Ignore-PKCS12-and-testLaunch-test.patch @@ -1,4 +1,4 @@ -From ac0f06e20bdfaca74c8ab786be8ff8fc96b5a689 Mon Sep 17 00:00:00 2001 +From 879ddb725823c78c9510cfd39786adb16f3726c8 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.k...@gmail.com> Date: Sat, 16 Sep 2023 19:52:56 -0700 Subject: [PATCH] cppignore.lnx: Ignore PKCS12 and testLaunch test @@ -42,22 +42,25 @@ There were 4 failures: Upstream-Status: Inappropriate [OE specific] Signed-off-by: Khem Raj <raj.k...@gmail.com> +Signed-off-by: Patrick Wicki <patrick.wi...@siemens.com> --- - cppignore.lnx | 8 ++++++++ - 1 file changed, 8 insertions(+) + cppignore.lnx | 9 +++++++++ + 1 file changed, 9 insertions(+) +diff --git a/cppignore.lnx b/cppignore.lnx +index 2c2376526..65df4af08 100644 --- a/cppignore.lnx +++ b/cppignore.lnx -@@ -26,3 +26,12 @@ N7CppUnit10TestCallerI9TimerTestEE.testS - N7CppUnit10TestCallerI9TimerTestEE.testScheduleIntervalClock - N7CppUnit10TestCallerI9TimerTestEE.testScheduleIntervalTimestamp - N7CppUnit10TestCallerI9TimerTestEE.testTimer -+N7CppUnit10TestCallerI11ProcessTestEE.testLaunch -+N7CppUnit10TestCallerI11ProcessTestEE.testLaunchRedirectIn -+N7CppUnit10TestCallerI11ProcessTestEE.testLaunchRedirectOut -+N7CppUnit10TestCallerI11ProcessTestEE.testLaunchEnv -+N7CppUnit10TestCallerI7EVPTestEE.testRSAEVPKeyFromPKCS12 -+N7CppUnit10TestCallerI19PKCS12ContainerTestEE.testFullPKCS12 -+N7CppUnit10TestCallerI19PKCS12ContainerTestEE.testCertsOnlyPKCS12 -+N7CppUnit10TestCallerI19PKCS12ContainerTestEE.testPEMReadWrite -+N7CppUnit10TestCallerI11MongoDBTestEE.testArray +@@ -28,3 +28,12 @@ CppUnit::TestCaller<HTTPSClientSessionTest>.testProxy + CppUnit::TestCaller<HTTPSStreamFactoryTest>.testProxy + CppUnit::TestCaller<DNSTest>.testHostByAddress + CppUnit::TestCaller<DNSTest>.testHostByName ++CppUnit::TestCaller<ProcessTest>.testLaunch ++CppUnit::TestCaller<ProcessTest>.testLaunchRedirectIn ++CppUnit::TestCaller<ProcessTest>.testLaunchRedirectOut ++CppUnit::TestCaller<ProcessTest>.testLaunchEnv ++CppUnit::TestCaller<EVPTest>.testRSAEVPKeyFromPKCS12 ++CppUnit::TestCaller<PKCS12ContainerTest>.testFullPKCS12 ++CppUnit::TestCaller<PKCS12ContainerTest>.testCertsOnlyPKCS12 ++CppUnit::TestCaller<PKCS12ContainerTest>.testPEMReadWrite ++CppUnit::TestCaller<MongoDBTest>.testArray diff --git a/meta-oe/recipes-support/poco/poco/0002-fix-build-Install-cmake-files-with-resolved-ENABLE_J.patch b/meta-oe/recipes-support/poco/poco/0002-fix-build-Install-cmake-files-with-resolved-ENABLE_J.patch new file mode 100644 index 000000000..427cb9723 --- /dev/null +++ b/meta-oe/recipes-support/poco/poco/0002-fix-build-Install-cmake-files-with-resolved-ENABLE_J.patch @@ -0,0 +1,32 @@ +From e54478c936493c0ed87e875f04127bd13642de44 Mon Sep 17 00:00:00 2001 +From: tyler92 <tyle...@inbox.ru> +Date: Tue, 21 Nov 2023 05:07:24 +0300 +Subject: [PATCH] fix(build): Install cmake files with resolved ENABLE_JSON and + ENABLE_XML (#4227) + +Upstream-Status: Backport [https://github.com/pocoproject/poco/pull/4227] +Signed-off-by: Adrian Freihofer <adrian.freiho...@siemens.com> + +--- + Util/cmake/PocoUtilConfig.cmake | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Util/cmake/PocoUtilConfig.cmake b/Util/cmake/PocoUtilConfig.cmake +index 90c1eab1c..8186435e1 100644 +--- a/Util/cmake/PocoUtilConfig.cmake ++++ b/Util/cmake/PocoUtilConfig.cmake +@@ -1,9 +1,9 @@ + include(CMakeFindDependencyMacro) + find_dependency(PocoFoundation) +-if(ENABLE_XML) ++if(@ENABLE_XML@) + find_dependency(PocoXML) + endif() +-if(ENABLE_JSON) ++if(@ENABLE_JSON@) + find_dependency(PocoJSON) + endif() + include("${CMAKE_CURRENT_LIST_DIR}/PocoUtilTargets.cmake") +-- +2.43.0 + diff --git a/meta-oe/recipes-support/poco/poco_1.12.4.bb b/meta-oe/recipes-support/poco/poco_1.12.5p2.bb similarity index 97% rename from meta-oe/recipes-support/poco/poco_1.12.4.bb rename to meta-oe/recipes-support/poco/poco_1.12.5p2.bb index 12532e4ef..a0bb0b5d9 100644 --- a/meta-oe/recipes-support/poco/poco_1.12.4.bb +++ b/meta-oe/recipes-support/poco/poco_1.12.5p2.bb @@ -11,10 +11,10 @@ DEPENDS = "libpcre2 zlib" SRC_URI = "git://github.com/pocoproject/poco.git;branch=master;protocol=https \ file://0001-Use-std-atomic-int-instead-of-std-atomic-bool.patch \ file://0001-cppignore.lnx-Ignore-PKCS12-and-testLaunch-test.patch \ - file://0001-Fix-data-race-when-create-POSIX-thread.patch \ file://run-ptest \ + file://0002-fix-build-Install-cmake-files-with-resolved-ENABLE_J.patch \ " -SRCREV = "1211613642269b7d53bea58b02de7fcd25ece3b9" +SRCREV = "1d6fb3e1383e559cacbada5e3f861c0dafaf5d30" UPSTREAM_CHECK_GITTAGREGEX = "poco-(?P<pver>\d+(\.\d+)+)" -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#107231): https://lists.openembedded.org/g/openembedded-devel/message/107231 Mute This Topic: https://lists.openembedded.org/mt/103003937/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
