[oe] OpenEmbedded Happy Hour March 30 5pm/1700 UTC
All, You are cordially invited to the next OpenEmbedded Happy Hour on March 30 for Europe/Americas timezones @ 1700/5pm UTC (1pm ET / 10am PT): https://www.openembedded.org/wiki/Calendar https://www.openembedded.org/wiki/Happy_Hours https://www.timeanddate.com/worldclock/fixedtime.html?msg=OpenEmbedded+Happy+Hour+March+30&iso=20220330T17 -- Regards, Denys Dmytriyenko PGP: 0x420902729A92C964 - https://denix.org/0x420902729A92C964 Fingerprint: 25FC E4A5 8A72 2F69 1186 6D76 4209 0272 9A92 C964 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96204): https://lists.openembedded.org/g/openembedded-devel/message/96204 Mute This Topic: https://lists.openembedded.org/mt/90011135/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [PATCH] polkit: Fix build with libtool 2.4.7
Delete old m4 macros, so autoreconf can repopulate it. Fixes libtool: Version mismatch error. This is libtool 2.4.7, but the libtool: definition of this LT_INIT comes from libtool 2.4.6. libtool: You should recreate aclocal.m4 with macros from libtool 2.4.7 libtool: and run autoconf again. Signed-off-by: Scott Murray --- meta-oe/recipes-extended/polkit/polkit_0.119.bb | 4 1 file changed, 4 insertions(+) diff --git a/meta-oe/recipes-extended/polkit/polkit_0.119.bb b/meta-oe/recipes-extended/polkit/polkit_0.119.bb index b5f77700c..8a326a981 100644 --- a/meta-oe/recipes-extended/polkit/polkit_0.119.bb +++ b/meta-oe/recipes-extended/polkit/polkit_0.119.bb @@ -35,6 +35,10 @@ EXTRA_OECONF = "--with-os-type=moblin \ --disable-libelogind \ " +do_configure:prepend () { +rm -f ${S}/buildutil/lt*.m4 ${S}/buildutil/libtool.m4 +} + do_compile:prepend () { export GIR_EXTRA_LIBS_PATH="${B}/src/polkit/.libs" } -- 2.35.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96203): https://lists.openembedded.org/g/openembedded-devel/message/96203 Mute This Topic: https://lists.openembedded.org/mt/90007721/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-webserver][PATCH] netdata: Fix override separator syntax
Signed-off-by: Khem Raj --- meta-webserver/recipes-webadmin/netdata/netdata_1.33.1.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-webserver/recipes-webadmin/netdata/netdata_1.33.1.bb b/meta-webserver/recipes-webadmin/netdata/netdata_1.33.1.bb index 012efc0682..f575a4cbaf 100644 --- a/meta-webserver/recipes-webadmin/netdata/netdata_1.33.1.bb +++ b/meta-webserver/recipes-webadmin/netdata/netdata_1.33.1.bb @@ -76,6 +76,6 @@ do_install:append() { chown -R netdata:netdata ${D}${datadir}/netdata/web } -FILES_${PN} += "${localstatedir}/cache/netdata/ ${localstatedir}/lib/netdata/" +FILES:${PN} += "${localstatedir}/cache/netdata/ ${localstatedir}/lib/netdata/" RDEPENDS:${PN} = "bash zlib" -- 2.35.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96202): https://lists.openembedded.org/g/openembedded-devel/message/96202 Mute This Topic: https://lists.openembedded.org/mt/90006883/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe] [meta-oe][PATCH 0/2] polkit: switch from mozjs to duktape javascript engine
v2 of first patch applied the second patch does not apply, Can you send full series rebased on top of master next ? On Thu, Mar 24, 2022 at 2:09 AM Mikko Rapeli wrote: > > From: Mikko Rapeli > > polkit 0.121 will contain support for duktape but the patch applies > to 0.119 already so use it to get rid of mozjs and free 20 Mb of space. > Pick some CVE patches from master while at it. > > Mikko Rapeli (2): > polkit: add patches for CVE-2021-4034 and CVE-2021-4115 > polkit: switch from mozjs to duktape javascript engine > > ...l-privilege-escalation-CVE-2021-4034.patch | 82 + > ...0002-CVE-2021-4115-GHSL-2021-077-fix.patch | 86 + > .../0002-jsauthority-port-to-mozjs-91.patch | 38 - > ...ded-support-for-duktape-as-JS-engine.patch | 3460 + > ...re-to-call-JS_Init-and-JS_ShutDown-e.patch | 63 - > .../recipes-extended/polkit/polkit_0.119.bb |8 +- > 6 files changed, 3633 insertions(+), 104 deletions(-) > create mode 100644 > meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch > create mode 100644 > meta-oe/recipes-extended/polkit/polkit/0002-CVE-2021-4115-GHSL-2021-077-fix.patch > delete mode 100644 > meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch > create mode 100644 > meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch > delete mode 100644 > meta-oe/recipes-extended/polkit/polkit/0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch > > -- > 2.20.1 > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96201): https://lists.openembedded.org/g/openembedded-devel/message/96201 Mute This Topic: https://lists.openembedded.org/mt/89995316/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-gnome][PATCH] geary: Fix build failures with latest vala
Backport needed patches Signed-off-by: Khem Raj --- ...orkaround-missing-generic-type-argum.patch | 27 ...y-issues-with-initializer-of-constan.patch | 42 +++ .../recipes-connectivity/geary/geary_40.0.bb | 2 + 3 files changed, 71 insertions(+) create mode 100644 meta-gnome/recipes-connectivity/geary/geary/0001-Util.Cache.Lru-Workaround-missing-generic-type-argum.patch create mode 100644 meta-gnome/recipes-connectivity/geary/geary/0002-Fix-accessibility-issues-with-initializer-of-constan.patch diff --git a/meta-gnome/recipes-connectivity/geary/geary/0001-Util.Cache.Lru-Workaround-missing-generic-type-argum.patch b/meta-gnome/recipes-connectivity/geary/geary/0001-Util.Cache.Lru-Workaround-missing-generic-type-argum.patch new file mode 100644 index 00..22af4f5bea --- /dev/null +++ b/meta-gnome/recipes-connectivity/geary/geary/0001-Util.Cache.Lru-Workaround-missing-generic-type-argum.patch @@ -0,0 +1,27 @@ +From 166198735e9f4fbe91557df1351b3481bcf79e78 Mon Sep 17 00:00:00 2001 +From: Rico Tzschichholz +Date: Sun, 30 Jan 2022 19:54:11 +0100 +Subject: [PATCH 1/2] Util.Cache.Lru: Workaround missing generic type argument + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/geary/-/commit/0f75e7a84a39492d0748cec2ba6028e08cae3644] +Signed-off-by: Khem Raj +--- + src/client/util/util-cache.vala | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/client/util/util-cache.vala b/src/client/util/util-cache.vala +index f054e32e..ecc275e8 100644 +--- a/src/client/util/util-cache.vala b/src/client/util/util-cache.vala +@@ -12,7 +12,7 @@ public class Util.Cache.Lru : Geary.BaseObject { + private class CacheEntry { + + +-public static int lru_compare(CacheEntry a, CacheEntry b) { ++public static int lru_compare(CacheEntry a, CacheEntry b) { + if (a.key == b.key) { + return 0; + } +-- +2.35.1 + diff --git a/meta-gnome/recipes-connectivity/geary/geary/0002-Fix-accessibility-issues-with-initializer-of-constan.patch b/meta-gnome/recipes-connectivity/geary/geary/0002-Fix-accessibility-issues-with-initializer-of-constan.patch new file mode 100644 index 00..76315f3a0e --- /dev/null +++ b/meta-gnome/recipes-connectivity/geary/geary/0002-Fix-accessibility-issues-with-initializer-of-constan.patch @@ -0,0 +1,42 @@ +From 64b56e75a54a9fa3f37c7686be97a5c8818413a4 Mon Sep 17 00:00:00 2001 +From: Rico Tzschichholz +Date: Tue, 30 Nov 2021 15:31:31 +0100 +Subject: [PATCH 2/2] Fix accessibility issues with initializer of constants + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/geary/-/commit/9bd4c82952a0a2c3308c5cc86c0b85650c1fb484] +Signed-off-by: Khem Raj +--- + src/client/application/application-client.vala | 14 +++--- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/client/application/application-client.vala b/src/client/application/application-client.vala +index 6ce19ce2..e6ba8533 100644 +--- a/src/client/application/application-client.vala b/src/client/application/application-client.vala +@@ -8,16 +8,16 @@ + + // Defined by CMake build script. + extern const string GETTEXT_PACKAGE; +-extern const string _APP_ID; +-extern const string _BUILD_ROOT_DIR; +-extern const string _GSETTINGS_DIR; +-extern const string _INSTALL_PREFIX; +-extern const string _NAME_SUFFIX; ++public extern const string _APP_ID; ++public extern const string _BUILD_ROOT_DIR; ++public extern const string _GSETTINGS_DIR; ++public extern const string _INSTALL_PREFIX; ++public extern const string _NAME_SUFFIX; + extern const string _PLUGINS_DIR; + extern const string _PROFILE; + extern const string _REVNO; +-extern const string _SOURCE_ROOT_DIR; +-extern const string _VERSION; ++public extern const string _SOURCE_ROOT_DIR; ++public extern const string _VERSION; + extern const string _WEB_EXTENSIONS_DIR; + + +-- +2.35.1 + diff --git a/meta-gnome/recipes-connectivity/geary/geary_40.0.bb b/meta-gnome/recipes-connectivity/geary/geary_40.0.bb index 9b671eeab4..501b27a544 100644 --- a/meta-gnome/recipes-connectivity/geary/geary_40.0.bb +++ b/meta-gnome/recipes-connectivity/geary/geary_40.0.bb @@ -34,6 +34,8 @@ inherit meson pkgconfig mime-xdg gtk-icon-cache gobject-introspection vala featu SRC_URI = " \ git://github.com/GNOME/geary.git;nobranch=1;protocol=https \ +file://0001-Util.Cache.Lru-Workaround-missing-generic-type-argum.patch \ +file://0002-Fix-accessibility-issues-with-initializer-of-constan.patch \ " S = "${WORKDIR}/git" -- 2.35.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96200): https://lists.openembedded.org/g/openembedded-devel/message/96200 Mute This Topic: https://lists.openembedded.org/mt/90003476/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive
[oe] [meta-python][PATCH 3/4] python3-h5py: upgrade 3.5.0 -> 3.6.0
Signed-off-by: Trevor Gamblin --- .../python/{python3-h5py_3.5.0.bb => python3-h5py_3.6.0.bb}| 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) rename meta-python/recipes-devtools/python/{python3-h5py_3.5.0.bb => python3-h5py_3.6.0.bb} (84%) diff --git a/meta-python/recipes-devtools/python/python3-h5py_3.5.0.bb b/meta-python/recipes-devtools/python/python3-h5py_3.6.0.bb similarity index 84% rename from meta-python/recipes-devtools/python/python3-h5py_3.5.0.bb rename to meta-python/recipes-devtools/python/python3-h5py_3.6.0.bb index aad2f9177..64abe73cb 100644 --- a/meta-python/recipes-devtools/python/python3-h5py_3.5.0.bb +++ b/meta-python/recipes-devtools/python/python3-h5py_3.6.0.bb @@ -4,11 +4,10 @@ SECTION = "devel/python" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=113251d71fb0384712c719b567261c5c" -SRC_URI[sha256sum] = "77c7be4001ac7d3ed80477de5b6942501d782de1bbe4886597bdfec2a7ab821f" +SRC_URI[sha256sum] = "8752d2814a92aba4e2b2a5922d2782d0029102d99caaf3c201a566bc0b40db29" SRC_URI:append = " \ file://0001-setup_build.py-avoid-absolute-path.patch \ - file://0001-setup.py-Fix-numpy-version.patch \ " inherit pkgconfig pypi setuptools3 -- 2.35.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96198): https://lists.openembedded.org/g/openembedded-devel/message/96198 Mute This Topic: https://lists.openembedded.org/mt/90002636/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-python][PATCH 4/4] python3-paramiko: upgrade 2.9.2 -> 2.10.3
Signed-off-by: Trevor Gamblin --- .../{python3-paramiko_2.9.2.bb => python3-paramiko_2.10.3.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-paramiko_2.9.2.bb => python3-paramiko_2.10.3.bb} (82%) diff --git a/meta-python/recipes-devtools/python/python3-paramiko_2.9.2.bb b/meta-python/recipes-devtools/python/python3-paramiko_2.10.3.bb similarity index 82% rename from meta-python/recipes-devtools/python/python3-paramiko_2.9.2.bb rename to meta-python/recipes-devtools/python/python3-paramiko_2.10.3.bb index a02a7891a..9f7f45872 100644 --- a/meta-python/recipes-devtools/python/python3-paramiko_2.9.2.bb +++ b/meta-python/recipes-devtools/python/python3-paramiko_2.10.3.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/paramiko/paramiko/"; LICENSE = "LGPL-2.1-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=fd0120fc2e9f841c73ac707a30389af5" -SRC_URI[sha256sum] = "944a9e5dbdd413ab6c7951ea46b0ab40713235a9c4c5ca81cfe45c6f14fa677b" +SRC_URI[sha256sum] = "ddb1977853aef82804b35d72a0e597b244fa326c404c350bd00c5b01dbfee71a" PYPI_PACKAGE = "paramiko" -- 2.35.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96199): https://lists.openembedded.org/g/openembedded-devel/message/96199 Mute This Topic: https://lists.openembedded.org/mt/90002638/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-python][PATCH 2/4] python3-cachetools: upgrade 4.2.4 -> 5.0.0
>From the changelog >(https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst): - Require Python 3.7 or later (breaking change). - Remove deprecated submodules (breaking change). - The cache, fifo, lfu, lru, mru, rr and ttl submodules have been deleted. Therefore, statements like from cachetools.ttl import TTLCache will no longer work. Use from cachetools import TTLCache instead. - Pass self to @cachedmethod key function (breaking change). - The key function passed to the @cachedmethod decorator is now called as key(self, *args, **kwargs). - The default key function has been changed to ignore its first argument, so this should only affect applications using custom key functions with the @cachedmethod decorator. - Change exact time of expiration in TTLCache (breaking change). - TTLCache items now get expired if their expiration time is less than or equal to timer(). For applications using the default timer(), this should be barely noticable, but it may affect the use of custom timers with larger tick intervals. Note that this also implies that a TTLCache with ttl=0 can no longer hold any items, since they will expire immediately. - Change Cache.__repr__() format (breaking change). - String representations of cache instances now use a more compact and efficient format, e.g. LRUCache({1: 1, 2: 2}, maxsize=10, currsize=2) - Add TLRU cache implementation. - Documentation improvements. Signed-off-by: Trevor Gamblin --- ...{python3-cachetools_4.2.4.bb => python3-cachetools_5.0.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-cachetools_4.2.4.bb => python3-cachetools_5.0.0.bb} (89%) diff --git a/meta-python/recipes-devtools/python/python3-cachetools_4.2.4.bb b/meta-python/recipes-devtools/python/python3-cachetools_5.0.0.bb similarity index 89% rename from meta-python/recipes-devtools/python/python3-cachetools_4.2.4.bb rename to meta-python/recipes-devtools/python/python3-cachetools_5.0.0.bb index bf225e60e..f2974f7e3 100644 --- a/meta-python/recipes-devtools/python/python3-cachetools_4.2.4.bb +++ b/meta-python/recipes-devtools/python/python3-cachetools_5.0.0.bb @@ -27,6 +27,6 @@ do_install_ptest() { cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/ } -SRC_URI[sha256sum] = "89ea6f1b638d5a73a4f9226be57ac5e4f399d22770b92355f92dcb0f7f001693" +SRC_URI[sha256sum] = "486471dfa8799eb7ec503a8059e263db000cdda20075ce5e48903087f79d5fd6" BBCLASSEXTEND = "native nativesdk" -- 2.35.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96197): https://lists.openembedded.org/g/openembedded-devel/message/96197 Mute This Topic: https://lists.openembedded.org/mt/90002635/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-python][PATCH 1/4] python3-protobuf: upgrade 3.19.3 -> 3.19.4
>From the release notes (https://github.com/protocolbuffers/protobuf/releases): - Make libprotobuf symbols local on OSX to fix issue #9395 (#9435) Signed-off-by: Trevor Gamblin --- .../{python3-protobuf_3.19.3.bb => python3-protobuf_3.19.4.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-protobuf_3.19.3.bb => python3-protobuf_3.19.4.bb} (92%) diff --git a/meta-python/recipes-devtools/python/python3-protobuf_3.19.3.bb b/meta-python/recipes-devtools/python/python3-protobuf_3.19.4.bb similarity index 92% rename from meta-python/recipes-devtools/python/python3-protobuf_3.19.3.bb rename to meta-python/recipes-devtools/python/python3-protobuf_3.19.4.bb index 5e0ee7cb2..85147544e 100644 --- a/meta-python/recipes-devtools/python/python3-protobuf_3.19.3.bb +++ b/meta-python/recipes-devtools/python/python3-protobuf_3.19.4.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://PKG-INFO;beginline=8;endline=8;md5=19e8f490f9526b1de8 inherit pypi setuptools3 -SRC_URI[sha256sum] = "d975a6314fbf5c524d4981e24294739216b5fb81ef3c14b86fb4b045d6690907" +SRC_URI[sha256sum] = "9df0c10adf3e83015ced42a9a7bd64e13d06c4cf45c340d2c63020ea04499d0a" # http://errors.yoctoproject.org/Errors/Details/184715/ # Can't find required file: ../src/google/protobuf/descriptor.proto -- 2.35.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96196): https://lists.openembedded.org/g/openembedded-devel/message/96196 Mute This Topic: https://lists.openembedded.org/mt/90002634/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][PATCH v2 1/2] polkit: add patches for CVE-2021-4034 and CVE-2021-4115
From: Mikko Rapeli They were available in polkit master branch and cherry-pick to 0.119 version works so pick the patches. Signed-off-by: Mikko Rapeli --- ...l-privilege-escalation-CVE-2021-4034.patch | 84 ++ ...0002-CVE-2021-4115-GHSL-2021-077-fix.patch | 88 +++ .../recipes-extended/polkit/polkit_0.119.bb | 2 + 3 files changed, 174 insertions(+) create mode 100644 meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch create mode 100644 meta-oe/recipes-extended/polkit/polkit/0002-CVE-2021-4115-GHSL-2021-077-fix.patch diff --git a/meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch b/meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch new file mode 100644 index 0..c725c001d --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch @@ -0,0 +1,84 @@ +From 85c2dd9275cdfb369f613089f22733c0f1ba2aec Mon Sep 17 00:00:00 2001 +From: Jan Rybar +Date: Tue, 25 Jan 2022 17:21:46 + +Subject: [PATCH 1/3] pkexec: local privilege escalation (CVE-2021-4034) + +Signed-off-by: Mikko Rapeli + +--- + src/programs/pkcheck.c | 5 + + src/programs/pkexec.c | 23 --- + 2 files changed, 25 insertions(+), 3 deletions(-) + +CVE: CVE-2021-4034 +Upstream-Status: Backport [a2bf5c9c83b6ae46cbd5c779d3055bff81ded683] + +diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c +index f1bb4e1..768525c 100644 +--- a/src/programs/pkcheck.c b/src/programs/pkcheck.c +@@ -363,6 +363,11 @@ main (int argc, char *argv[]) + local_agent_handle = NULL; + ret = 126; + ++ if (argc < 1) ++{ ++ exit(126); ++} ++ + /* Disable remote file access from GIO. */ + setenv ("GIO_USE_VFS", "local", 1); + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 7698c5c..84e5ef6 100644 +--- a/src/programs/pkexec.c b/src/programs/pkexec.c +@@ -488,6 +488,15 @@ main (int argc, char *argv[]) + pid_t pid_of_caller; + gpointer local_agent_handle; + ++ ++ /* ++ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out. ++ */ ++ if (argc<1) ++{ ++ exit(127); ++} ++ + ret = 127; + authority = NULL; + subject = NULL; +@@ -614,10 +623,10 @@ main (int argc, char *argv[]) + + path = g_strdup (pwstruct.pw_shell); + if (!path) +- { ++{ + g_printerr ("No shell configured or error retrieving pw_shell\n"); + goto out; +- } ++} + /* If you change this, be sure to change the if (!command_line) +case below too */ + command_line = g_strdup (path); +@@ -636,7 +645,15 @@ main (int argc, char *argv[]) + goto out; + } + g_free (path); +- argv[n] = path = s; ++ path = s; ++ ++ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. ++ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination ++ */ ++ if (argv[n] != NULL) ++ { ++argv[n] = path; ++ } + } + if (access (path, F_OK) != 0) + { +-- +2.20.1 + diff --git a/meta-oe/recipes-extended/polkit/polkit/0002-CVE-2021-4115-GHSL-2021-077-fix.patch b/meta-oe/recipes-extended/polkit/polkit/0002-CVE-2021-4115-GHSL-2021-077-fix.patch new file mode 100644 index 0..fcad872dc --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/0002-CVE-2021-4115-GHSL-2021-077-fix.patch @@ -0,0 +1,88 @@ +From c86aea01a06ad4d6c428137e9cfe2f74b1ae7f01 Mon Sep 17 00:00:00 2001 +From: Jan Rybar +Date: Mon, 21 Feb 2022 08:29:05 + +Subject: [PATCH 2/3] CVE-2021-4115 (GHSL-2021-077) fix + +Signed-off-by: Mikko Rapeli + +--- + src/polkit/polkitsystembusname.c | 38 + 1 file changed, 34 insertions(+), 4 deletions(-) + +CVE: CVE-2021-4115 +Upstream-Status: Backport [41cb093f554da8772362654a128a84dd8a5542a7] + +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 8ed1363..2fbf5f1 100644 +--- a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +@@ -62,6 +62,10 @@ enum + PROP_NAME, + }; + ++ ++guint8 dbus_call_respond_fails; // has to be global because of callback ++ ++ + static void subject_iface_init (PolkitSubjectIface *subject_iface); + + G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT, +@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src, + if (!v) + { + data->caught_error = TRUE; ++ dbus_call_respond_fails += 1; + } + else + { +@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + tmp_context = g_main_context_new (); + g_main_context_push_thread_default (tmp_context); + ++ dbus_call_respond_fails = 0;
[oe] [meta-oe][PATCH v2 0/2] polkit: switch from mozjs to duktape javascript engine
From: Mikko Rapeli polkit 0.121 will contain support for duktape but the patch applies to 0.119 already so use it to get rid of mozjs and free 20 Mb of space. Pick some CVE patches from master while at it. v2: added Signed-off-By lines to all patches Mikko Rapeli (2): polkit: add patches for CVE-2021-4034 and CVE-2021-4115 polkit: switch from mozjs to duktape javascript engine ...l-privilege-escalation-CVE-2021-4034.patch | 84 + ...0002-CVE-2021-4115-GHSL-2021-077-fix.patch | 88 + .../0002-jsauthority-port-to-mozjs-91.patch | 38 - ...ded-support-for-duktape-as-JS-engine.patch | 3463 + ...re-to-call-JS_Init-and-JS_ShutDown-e.patch | 63 - .../recipes-extended/polkit/polkit_0.119.bb |8 +- 6 files changed, 3640 insertions(+), 104 deletions(-) create mode 100644 meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch create mode 100644 meta-oe/recipes-extended/polkit/polkit/0002-CVE-2021-4115-GHSL-2021-077-fix.patch delete mode 100644 meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch create mode 100644 meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch delete mode 100644 meta-oe/recipes-extended/polkit/polkit/0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch -- 2.20.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96192): https://lists.openembedded.org/g/openembedded-devel/message/96192 Mute This Topic: https://lists.openembedded.org/mt/89996101/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][PATCH v2 2/2] polkit: switch from mozjs to duktape javascript engine
From: Mikko Rapeli cherry-pick the change from polkit 0.120+ upstream since it applies directly to 0.119. Drop mozjs patches. Removes mozjs and its dependency nspr from images. They account for roughly 21 Mb on 64bit ARM machines. The replacement libduktape is roughly 300 kb in size. Thus this saves at least 20 Mb in rootfs size when polkit is used. Signed-off-by: Mikko Rapeli --- .../0002-jsauthority-port-to-mozjs-91.patch | 38 - ...ded-support-for-duktape-as-JS-engine.patch | 3463 + ...re-to-call-JS_Init-and-JS_ShutDown-e.patch | 63 - .../recipes-extended/polkit/polkit_0.119.bb |6 +- 4 files changed, 3466 insertions(+), 104 deletions(-) delete mode 100644 meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch create mode 100644 meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch delete mode 100644 meta-oe/recipes-extended/polkit/polkit/0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch diff --git a/meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch b/meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch deleted file mode 100644 index 5b3660da2..0 --- a/meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 4ce27b66bb07b72cb96d3d43a75108a5a6e7e156 Mon Sep 17 00:00:00 2001 -From: Xi Ruoyao -Date: Tue, 10 Aug 2021 19:09:42 +0800 -Subject: [PATCH] jsauthority: port to mozjs-91 - -Upstream-Status: Submitted [https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/92] -Signed-off-by: Alexander Kanavin - configure.ac | 2 +- - meson.build | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index d807086..5a7fc11 100644 a/configure.ac -+++ b/configure.ac -@@ -80,7 +80,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) - AC_SUBST(GLIB_CFLAGS) - AC_SUBST(GLIB_LIBS) - --PKG_CHECK_MODULES(LIBJS, [mozjs-78]) -+PKG_CHECK_MODULES(LIBJS, [mozjs-91]) - - AC_SUBST(LIBJS_CFLAGS) - AC_SUBST(LIBJS_CXXFLAGS) -diff --git a/meson.build b/meson.build -index b3702be..733bbff 100644 a/meson.build -+++ b/meson.build -@@ -126,7 +126,7 @@ expat_dep = dependency('expat') - assert(cc.has_header('expat.h', dependencies: expat_dep), 'Can\'t find expat.h. Please install expat.') - assert(cc.has_function('XML_ParserCreate', dependencies: expat_dep), 'Can\'t find expat library. Please install expat.') - --mozjs_dep = dependency('mozjs-78') -+mozjs_dep = dependency('mozjs-91') - - dbus_dep = dependency('dbus-1') - dbus_confdir = dbus_dep.get_pkgconfig_variable('datadir', define_variable: ['datadir', pk_prefix / pk_datadir]) #changed from sysconfdir with respect to commit#8eada3836465838 diff --git a/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch b/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch new file mode 100644 index 0..e44e4f6e4 --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch @@ -0,0 +1,3463 @@ +From eaecfb21e1bca42e99321cc731e21dbfc1ea0d0c Mon Sep 17 00:00:00 2001 +From: Gustavo Lima Chaves +Date: Tue, 25 Jan 2022 09:43:21 + +Subject: [PATCH 3/3] Added support for duktape as JS engine + +Original author: Wu Xiaotian (@yetist) +Resurrection author, runaway-killer author: Gustavo Lima Chaves (@limachaves) + +Signed-off-by: Mikko Rapeli + +--- + .gitlab-ci.yml|1 + + buildutil/ax_pthread.m4 | 522 + configure.ac | 34 +- + docs/man/polkit.xml |4 +- + meson.build | 16 +- + meson_options.txt |1 + + src/polkitbackend/Makefile.am | 17 +- + src/polkitbackend/meson.build | 14 +- + src/polkitbackend/polkitbackendcommon.c | 530 + + src/polkitbackend/polkitbackendcommon.h | 158 +++ + .../polkitbackendduktapeauthority.c | 1051 + + .../polkitbackendjsauthority.cpp | 721 +-- + .../etc/polkit-1/rules.d/10-testing.rules |6 +- + .../test-polkitbackendjsauthority.c |2 +- + 14 files changed, 2399 insertions(+), 678 deletions(-) + create mode 100644 buildutil/ax_pthread.m4 + create mode 100644 src/polkitbackend/polkitbackendcommon.c + create mode 100644 src/polkitbackend/polkitbackendcommon.h + create mode 100644 src/polkitbackend/polkitbackendduktapeauthority.c + +Upstream-Status: Backport [c7fc4e1b61f0fd82fc697c19c604af7e9fb291a2] +Dropped change to .gitlab-ci.yml and adapted configure.ac due to other +patches in meta-oe. + +diff --git a/buildutil/ax_pthread.m4 b/buildutil/ax_pthread.m4 +new file mode 100644 +index 000..9f35d13 +---
Re: [oe] [meta-oe][PATCH 1/2] polkit: add patches for CVE-2021-4034 and CVE-2021-4115
On Thu, Mar 24, 2022 at 10:45:35AM +0200, mikko.rap...@iki.fi wrote: > +++ > b/meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch > @@ -0,0 +1,82 @@ > +From 85c2dd9275cdfb369f613089f22733c0f1ba2aec Mon Sep 17 00:00:00 2001 > +From: Jan Rybar > +Date: Tue, 25 Jan 2022 17:21:46 + > +Subject: [PATCH 1/3] pkexec: local privilege escalation (CVE-2021-4034) > + Patches are missing Signed-off-by lines, I'll add in a v2. -Mikko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96191): https://lists.openembedded.org/g/openembedded-devel/message/96191 Mute This Topic: https://lists.openembedded.org/mt/89995317/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[PATCH 4/5] [oe] [meta-python] [PATCH] python3-cantools: upgrade 37.0.1 -> 37.0.7
From: Xu Huan Signed-off-by: Xu Huan --- ...{python3-cantools_37.0.1.bb => python3-cantools_37.0.7.bb} | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-cantools_37.0.1.bb => python3-cantools_37.0.7.bb} (71%) diff --git a/meta-python/recipes-devtools/python/python3-cantools_37.0.1.bb b/meta-python/recipes-devtools/python/python3-cantools_37.0.7.bb similarity index 71% rename from meta-python/recipes-devtools/python/python3-cantools_37.0.1.bb rename to meta-python/recipes-devtools/python/python3-cantools_37.0.7.bb index 9642bc5287..c179071afa 100644 --- a/meta-python/recipes-devtools/python/python3-cantools_37.0.1.bb +++ b/meta-python/recipes-devtools/python/python3-cantools_37.0.7.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/eerimoq/cantools"; LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=d9aa4ec07de78abae21c490c9ffe61bd" -SRC_URI[sha256sum] = "5852ad9fd17ddd7b1a1ce87b21b000e7f5716b358cdac4fdaca13b3e292f4c99" +SRC_URI[sha256sum] = "e603a7e1e40f5b4963c4c64cf4b013264afa009e232a878c73d31c29942e4466" PYPI_PACKAGE = "cantools" @@ -14,6 +14,8 @@ RDEPENDS:${PN} += "\ ${PYTHON_PN}-bitstruct \ ${PYTHON_PN}-core \ ${PYTHON_PN}-textparser \ + ${PYTHON_PN}-typing-extensions \ + ${PYTHON_PN}-diskcache \ " CLEANBROKEN = "1" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96188): https://lists.openembedded.org/g/openembedded-devel/message/96188 Mute This Topic: https://lists.openembedded.org/mt/89995517/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[PATCH 5/5] [oe] [meta-python] [PATCH] python3-intervals: upgrade 1.10.0.post1 -> 1.10.0
From: Xu Huan Signed-off-by: Xu Huan --- ...n3-intervals_1.10.0.post1.bb => python3-intervals_1.10.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-intervals_1.10.0.post1.bb => python3-intervals_1.10.0.bb} (85%) diff --git a/meta-python/recipes-devtools/python/python3-intervals_1.10.0.post1.bb b/meta-python/recipes-devtools/python/python3-intervals_1.10.0.bb similarity index 85% rename from meta-python/recipes-devtools/python/python3-intervals_1.10.0.post1.bb rename to meta-python/recipes-devtools/python/python3-intervals_1.10.0.bb index d841f92343..abf87c597c 100644 --- a/meta-python/recipes-devtools/python/python3-intervals_1.10.0.post1.bb +++ b/meta-python/recipes-devtools/python/python3-intervals_1.10.0.bb @@ -22,6 +22,6 @@ do_install_ptest() { cp -f ${S}/README.md ${D}${PTEST_PATH} } -SRC_URI[sha256sum] = "68a772dc2de6b2b2e83b457329ffa8f9286710994b8070db54348a05762515d2" +SRC_URI[sha256sum] = "0d26746eaed0be78a61dd289bb7a10721b08770bb3e807614835f490d514f2a5" BBCLASSEXTEND = "native" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96189): https://lists.openembedded.org/g/openembedded-devel/message/96189 Mute This Topic: https://lists.openembedded.org/mt/89995518/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[PATCH 3/5] [oe] [meta-python] [PATCH] python3-cachetools: upgrade 4.2.4 -> 5.0.0
From: Xu Huan changelog: === -Require Python 3.7 or later (breaking change). -Remove deprecated submodules (breaking change). The cache, fifo, lfu, lru, mru, rr and ttl submodules have been deleted. Therefore, statements like from cachetools.ttl import TTLCache will no longer work. Use from cachetools import TTLCacheinstead. -Pass self to @cachedmethod key function (breaking change). The key function passed to the @cachedmethod decorator is now called as key (self, *args, **kwargs). The default key function has been changed to ignore its first argument, so this should only affect applications using custom key functions with the @cachedmethod decorator. -Change exact time of expiration in TTLCache (breaking change). TTLCache items now get expired if their expiration time is less than or equal to timer(). For applications using the default timer(), this should be barely noticable, but it may affect the use of custom timers with larger tick intervals. Note that this also implies that a TTLCache with ttl=0 can no longer hold any items, since they will expire immediately. -Change Cache.__repr__() format (breaking change). String representations of cache instances now use a more compact and efficient format, e.g.LRUCache({1: 1, 2: 2}, maxsize=10, currsize=2) -Add TLRU cache implementation. -Documentation improvements. Signed-off-by: Xu Huan --- ...{python3-cachetools_4.2.4.bb => python3-cachetools_5.0.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-cachetools_4.2.4.bb => python3-cachetools_5.0.0.bb} (89%) diff --git a/meta-python/recipes-devtools/python/python3-cachetools_4.2.4.bb b/meta-python/recipes-devtools/python/python3-cachetools_5.0.0.bb similarity index 89% rename from meta-python/recipes-devtools/python/python3-cachetools_4.2.4.bb rename to meta-python/recipes-devtools/python/python3-cachetools_5.0.0.bb index bf225e60e0..f2974f7e34 100644 --- a/meta-python/recipes-devtools/python/python3-cachetools_4.2.4.bb +++ b/meta-python/recipes-devtools/python/python3-cachetools_5.0.0.bb @@ -27,6 +27,6 @@ do_install_ptest() { cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/ } -SRC_URI[sha256sum] = "89ea6f1b638d5a73a4f9226be57ac5e4f399d22770b92355f92dcb0f7f001693" +SRC_URI[sha256sum] = "486471dfa8799eb7ec503a8059e263db000cdda20075ce5e48903087f79d5fd6" BBCLASSEXTEND = "native nativesdk" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96190): https://lists.openembedded.org/g/openembedded-devel/message/96190 Mute This Topic: https://lists.openembedded.org/mt/89995519/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[PATCH 2/5] [oe] [meta-python] [PATCH] python3-arpeggio: upgrade 1.10.2 -> 2.0.0
From: Xu Huan changelog: Added eval_attrs call to NoMatch exceptions (ebfd60). Dropped support for deprecated Python versions. The lowest supported version is 3.6. Signed-off-by: Xu Huan --- .../{python3-arpeggio_1.10.2.bb => python3-arpeggio_2.0.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-arpeggio_1.10.2.bb => python3-arpeggio_2.0.0.bb} (83%) diff --git a/meta-python/recipes-devtools/python/python3-arpeggio_1.10.2.bb b/meta-python/recipes-devtools/python/python3-arpeggio_2.0.0.bb similarity index 83% rename from meta-python/recipes-devtools/python/python3-arpeggio_1.10.2.bb rename to meta-python/recipes-devtools/python/python3-arpeggio_2.0.0.bb index 468e6d5fde..96d6de6a69 100644 --- a/meta-python/recipes-devtools/python/python3-arpeggio_1.10.2.bb +++ b/meta-python/recipes-devtools/python/python3-arpeggio_2.0.0.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://pypi.org/project/Arpeggio/"; LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=33b8d1ba459a2fa4d801acfd1d1b7ceb" -SRC_URI[sha256sum] = "bfe349f252f82f82d84cb886f1d5081d1a31451e6045275e9f90b65d0daa06f1" +SRC_URI[sha256sum] = "d6b03839019bb8a68785f9292ee6a36b1954eb84b925b84a6b8a5e1e26d3ed3d" PYPI_PACKAGE = "Arpeggio" inherit pypi setuptools3 -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96187): https://lists.openembedded.org/g/openembedded-devel/message/96187 Mute This Topic: https://lists.openembedded.org/mt/89995499/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[PATCH 1/5] [oe] [meta-python] [PATCH] python3-alembic: upgrade 1.7.6 -> 1.7.7
From: Xu Huan changelog: === -[bug] [operations] Fixed issue where using Operations.create_table() in conjunction with a CheckConstraint that referred to table-bound Column objects rather than string expressions would be added to the parent table potentially multiple times, resulting in an incorrect DDL sequence. Pull request courtesy Nicolas CANIART. -[bug] [environment] The logging.fileConfig() line in env.py templates, which is used to setup Python logging for the migration run, is now conditional on Config.config_file_name not being None. Otherwise, the line is skipped as there is no default logging configuration present. -[bug] [mssql] Fixed bug where an Operations.alter_column() operation would change a “NOT NULL” column to “NULL” by emitting an ALTER COLUMN statement that did not specify “NOT NULL”. (In the absence of “NOT NULL” T-SQL was implicitly assuming “NULL”). An Operations.alter_column() operation that specifies Operations.alter_column.type should also specify include either Operations.alter_column.nullable or Operations.alter_column.existing_nullable to inform Alembic as to whether the emitted DDL should include “NULL” or “NOT NULL”; a warning is now emitted if this is missing under this scenario. Signed-off-by: Xu Huan --- .../{python3-alembic_1.7.6.bb => python3-alembic_1.7.7.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-alembic_1.7.6.bb => python3-alembic_1.7.7.bb} (81%) diff --git a/meta-python/recipes-devtools/python/python3-alembic_1.7.6.bb b/meta-python/recipes-devtools/python/python3-alembic_1.7.7.bb similarity index 81% rename from meta-python/recipes-devtools/python/python3-alembic_1.7.6.bb rename to meta-python/recipes-devtools/python/python3-alembic_1.7.7.bb index 822b3c02b8..6b7ac4a99c 100644 --- a/meta-python/recipes-devtools/python/python3-alembic_1.7.6.bb +++ b/meta-python/recipes-devtools/python/python3-alembic_1.7.7.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f5a8522010db1a393833988dbe2c7f0b" inherit pypi setuptools3 -SRC_URI[sha256sum] = "6c0c05e9768a896d804387e20b299880fe01bc56484246b0dffe8075d6d3d847" +SRC_URI[sha256sum] = "4961248173ead7ce8a21efb3de378f13b8398e6630fab0eb258dc74a8af24c58" PYPI_PACKAGE = "alembic" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96186): https://lists.openembedded.org/g/openembedded-devel/message/96186 Mute This Topic: https://lists.openembedded.org/mt/89995492/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-oe][PATCH 1/2] polkit: add patches for CVE-2021-4034 and CVE-2021-4115
From: Mikko Rapeli They were available in polkit master branch and cherry-pick to 0.119 version works so pick the patches. Signed-off-by: Mikko Rapeli --- ...l-privilege-escalation-CVE-2021-4034.patch | 82 ++ ...0002-CVE-2021-4115-GHSL-2021-077-fix.patch | 86 +++ .../recipes-extended/polkit/polkit_0.119.bb | 2 + 3 files changed, 170 insertions(+) create mode 100644 meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch create mode 100644 meta-oe/recipes-extended/polkit/polkit/0002-CVE-2021-4115-GHSL-2021-077-fix.patch diff --git a/meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch b/meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch new file mode 100644 index 0..4691bd102 --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch @@ -0,0 +1,82 @@ +From 85c2dd9275cdfb369f613089f22733c0f1ba2aec Mon Sep 17 00:00:00 2001 +From: Jan Rybar +Date: Tue, 25 Jan 2022 17:21:46 + +Subject: [PATCH 1/3] pkexec: local privilege escalation (CVE-2021-4034) + +--- + src/programs/pkcheck.c | 5 + + src/programs/pkexec.c | 23 --- + 2 files changed, 25 insertions(+), 3 deletions(-) + +CVE: CVE-2021-4034 +Upstream-Status: Backport [a2bf5c9c83b6ae46cbd5c779d3055bff81ded683] + +diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c +index f1bb4e1..768525c 100644 +--- a/src/programs/pkcheck.c b/src/programs/pkcheck.c +@@ -363,6 +363,11 @@ main (int argc, char *argv[]) + local_agent_handle = NULL; + ret = 126; + ++ if (argc < 1) ++{ ++ exit(126); ++} ++ + /* Disable remote file access from GIO. */ + setenv ("GIO_USE_VFS", "local", 1); + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 7698c5c..84e5ef6 100644 +--- a/src/programs/pkexec.c b/src/programs/pkexec.c +@@ -488,6 +488,15 @@ main (int argc, char *argv[]) + pid_t pid_of_caller; + gpointer local_agent_handle; + ++ ++ /* ++ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out. ++ */ ++ if (argc<1) ++{ ++ exit(127); ++} ++ + ret = 127; + authority = NULL; + subject = NULL; +@@ -614,10 +623,10 @@ main (int argc, char *argv[]) + + path = g_strdup (pwstruct.pw_shell); + if (!path) +- { ++{ + g_printerr ("No shell configured or error retrieving pw_shell\n"); + goto out; +- } ++} + /* If you change this, be sure to change the if (!command_line) +case below too */ + command_line = g_strdup (path); +@@ -636,7 +645,15 @@ main (int argc, char *argv[]) + goto out; + } + g_free (path); +- argv[n] = path = s; ++ path = s; ++ ++ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. ++ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination ++ */ ++ if (argv[n] != NULL) ++ { ++argv[n] = path; ++ } + } + if (access (path, F_OK) != 0) + { +-- +2.20.1 + diff --git a/meta-oe/recipes-extended/polkit/polkit/0002-CVE-2021-4115-GHSL-2021-077-fix.patch b/meta-oe/recipes-extended/polkit/polkit/0002-CVE-2021-4115-GHSL-2021-077-fix.patch new file mode 100644 index 0..264ccdd79 --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/0002-CVE-2021-4115-GHSL-2021-077-fix.patch @@ -0,0 +1,86 @@ +From c86aea01a06ad4d6c428137e9cfe2f74b1ae7f01 Mon Sep 17 00:00:00 2001 +From: Jan Rybar +Date: Mon, 21 Feb 2022 08:29:05 + +Subject: [PATCH 2/3] CVE-2021-4115 (GHSL-2021-077) fix + +--- + src/polkit/polkitsystembusname.c | 38 + 1 file changed, 34 insertions(+), 4 deletions(-) + +CVE: CVE-2021-4115 +Upstream-Status: Backport [41cb093f554da8772362654a128a84dd8a5542a7] + +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 8ed1363..2fbf5f1 100644 +--- a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +@@ -62,6 +62,10 @@ enum + PROP_NAME, + }; + ++ ++guint8 dbus_call_respond_fails; // has to be global because of callback ++ ++ + static void subject_iface_init (PolkitSubjectIface *subject_iface); + + G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT, +@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src, + if (!v) + { + data->caught_error = TRUE; ++ dbus_call_respond_fails += 1; + } + else + { +@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + tmp_context = g_main_context_new (); + g_main_context_push_thread_default (tmp_context); + ++ dbus_call_respond_fails = 0; ++ + /* Do two async calls as it's basically as fast as one sy
[oe] [meta-oe][PATCH 2/2] polkit: switch from mozjs to duktape javascript engine
From: Mikko Rapeli cherry-pick the change from polkit 0.120+ upstream since it applies directly to 0.119. Drop mozjs patches. Removes mozjs and its dependency nspr from images. They account for roughly 21 Mb on 64bit ARM machines. The replacement libduktape is roughly 300 kb in size. Thus this saves at least 20 Mb in rootfs size when polkit is used. Signed-off-by: Mikko Rapeli --- .../0002-jsauthority-port-to-mozjs-91.patch | 38 - ...ded-support-for-duktape-as-JS-engine.patch | 3460 + ...re-to-call-JS_Init-and-JS_ShutDown-e.patch | 63 - .../recipes-extended/polkit/polkit_0.119.bb |6 +- 4 files changed, 3463 insertions(+), 104 deletions(-) delete mode 100644 meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch create mode 100644 meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch delete mode 100644 meta-oe/recipes-extended/polkit/polkit/0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch diff --git a/meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch b/meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch deleted file mode 100644 index 5b3660da2..0 --- a/meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 4ce27b66bb07b72cb96d3d43a75108a5a6e7e156 Mon Sep 17 00:00:00 2001 -From: Xi Ruoyao -Date: Tue, 10 Aug 2021 19:09:42 +0800 -Subject: [PATCH] jsauthority: port to mozjs-91 - -Upstream-Status: Submitted [https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/92] -Signed-off-by: Alexander Kanavin - configure.ac | 2 +- - meson.build | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index d807086..5a7fc11 100644 a/configure.ac -+++ b/configure.ac -@@ -80,7 +80,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) - AC_SUBST(GLIB_CFLAGS) - AC_SUBST(GLIB_LIBS) - --PKG_CHECK_MODULES(LIBJS, [mozjs-78]) -+PKG_CHECK_MODULES(LIBJS, [mozjs-91]) - - AC_SUBST(LIBJS_CFLAGS) - AC_SUBST(LIBJS_CXXFLAGS) -diff --git a/meson.build b/meson.build -index b3702be..733bbff 100644 a/meson.build -+++ b/meson.build -@@ -126,7 +126,7 @@ expat_dep = dependency('expat') - assert(cc.has_header('expat.h', dependencies: expat_dep), 'Can\'t find expat.h. Please install expat.') - assert(cc.has_function('XML_ParserCreate', dependencies: expat_dep), 'Can\'t find expat library. Please install expat.') - --mozjs_dep = dependency('mozjs-78') -+mozjs_dep = dependency('mozjs-91') - - dbus_dep = dependency('dbus-1') - dbus_confdir = dbus_dep.get_pkgconfig_variable('datadir', define_variable: ['datadir', pk_prefix / pk_datadir]) #changed from sysconfdir with respect to commit#8eada3836465838 diff --git a/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch b/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch new file mode 100644 index 0..ec8e32efd --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch @@ -0,0 +1,3460 @@ +From eaecfb21e1bca42e99321cc731e21dbfc1ea0d0c Mon Sep 17 00:00:00 2001 +From: Gustavo Lima Chaves +Date: Tue, 25 Jan 2022 09:43:21 + +Subject: [PATCH 3/3] Added support for duktape as JS engine + +Original author: Wu Xiaotian (@yetist) +Resurrection author, runaway-killer author: Gustavo Lima Chaves (@limachaves) +--- + .gitlab-ci.yml|1 + + buildutil/ax_pthread.m4 | 522 + configure.ac | 34 +- + docs/man/polkit.xml |4 +- + meson.build | 16 +- + meson_options.txt |1 + + src/polkitbackend/Makefile.am | 17 +- + src/polkitbackend/meson.build | 14 +- + src/polkitbackend/polkitbackendcommon.c | 530 + + src/polkitbackend/polkitbackendcommon.h | 158 +++ + .../polkitbackendduktapeauthority.c | 1051 + + .../polkitbackendjsauthority.cpp | 721 +-- + .../etc/polkit-1/rules.d/10-testing.rules |6 +- + .../test-polkitbackendjsauthority.c |2 +- + 14 files changed, 2399 insertions(+), 678 deletions(-) + create mode 100644 buildutil/ax_pthread.m4 + create mode 100644 src/polkitbackend/polkitbackendcommon.c + create mode 100644 src/polkitbackend/polkitbackendcommon.h + create mode 100644 src/polkitbackend/polkitbackendduktapeauthority.c + +Upstream-Status: Backport [c7fc4e1b61f0fd82fc697c19c604af7e9fb291a2] +Dropped change to .gitlab-ci.yml and adapted configure.ac due to other +patches in meta-oe. + +diff --git a/buildutil/ax_pthread.m4 b/buildutil/ax_pthread.m4 +new file mode 100644 +index 000..9f35d13 +--- /dev/null b/buildutil/ax_pth
[oe] [meta-oe][PATCH 0/2] polkit: switch from mozjs to duktape javascript engine
From: Mikko Rapeli polkit 0.121 will contain support for duktape but the patch applies to 0.119 already so use it to get rid of mozjs and free 20 Mb of space. Pick some CVE patches from master while at it. Mikko Rapeli (2): polkit: add patches for CVE-2021-4034 and CVE-2021-4115 polkit: switch from mozjs to duktape javascript engine ...l-privilege-escalation-CVE-2021-4034.patch | 82 + ...0002-CVE-2021-4115-GHSL-2021-077-fix.patch | 86 + .../0002-jsauthority-port-to-mozjs-91.patch | 38 - ...ded-support-for-duktape-as-JS-engine.patch | 3460 + ...re-to-call-JS_Init-and-JS_ShutDown-e.patch | 63 - .../recipes-extended/polkit/polkit_0.119.bb |8 +- 6 files changed, 3633 insertions(+), 104 deletions(-) create mode 100644 meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch create mode 100644 meta-oe/recipes-extended/polkit/polkit/0002-CVE-2021-4115-GHSL-2021-077-fix.patch delete mode 100644 meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch create mode 100644 meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch delete mode 100644 meta-oe/recipes-extended/polkit/polkit/0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch -- 2.20.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96183): https://lists.openembedded.org/g/openembedded-devel/message/96183 Mute This Topic: https://lists.openembedded.org/mt/89995316/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe] [meta-python][dunfell][PATCH] python3-fasteners: fix typo in RDEPENDS
Colon is fine I guess you need to update bitbake to latest dunfell as well On Wed, Mar 23, 2022 at 11:59 PM Dominik Peklo wrote: > The RDEPENDS statement contained syntax error - using colon instead > of underscore. > > Signed-off-by: Dominik Peklo > --- > meta-python/recipes-devtools/python/python3-fasteners_0.16.3.bb | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta-python/recipes-devtools/python/ > python3-fasteners_0.16.3.bb b/meta-python/recipes-devtools/python/ > python3-fasteners_0.16.3.bb > index 1ba2c6f20..7ebaa4590 100644 > --- a/meta-python/recipes-devtools/python/python3-fasteners_0.16.3.bb > +++ b/meta-python/recipes-devtools/python/python3-fasteners_0.16.3.bb > @@ -8,7 +8,7 @@ SRC_URI[sha256sum] = > "b1ab4e5adfbc28681ce44b3024421c4f567e705cc3963c732bf1cba334 > > inherit pypi setuptools3 > > -RDEPENDS:${PN} += "\ > +RDEPENDS_${PN} += "\ > ${PYTHON_PN}-logging \ > ${PYTHON_PN}-fcntl \ > " > -- > 2.25.1 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96182): https://lists.openembedded.org/g/openembedded-devel/message/96182 Mute This Topic: https://lists.openembedded.org/mt/89994245/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-