diff --git a/.oebuild/manifest.yaml b/.oebuild/manifest.yaml index ff81d1f9895ee260ae9b682b9b5668ccb03c85f4..6c43db4101bfacbca38a8e5d00f523a73173dfd7 100644 --- a/.oebuild/manifest.yaml +++ b/.oebuild/manifest.yaml @@ -641,16 +641,16 @@ manifest_list: version: 8a4f9ba59fd00b7a737df5b37fd43ecc19784d8e iperf3: remote_url: https://gitee.com/src-openeuler/iperf3.git - version: 593392e1333e09635dc769590d7b63773bc0da05 + version: 44e3d6151210ad335fa457cbe4dbfa156893366e iproute: remote_url: https://gitee.com/src-openeuler/iproute.git version: f387ba2b973e832920248c53cb736ec3b80f3895 iptables: remote_url: https://gitee.com/src-openeuler/iptables.git - version: c4a6a13233d7eef46b0e2ff3e4744bf9eb41d4c1 + version: 55f8dd47a26d50b01882f0389fecd083c3239b51 iso-codes: remote_url: https://gitee.com/src-openeuler/iso-codes.git - version: 53957185b56c3395450c7780856d8288181d4822 + version: a8ed1e4e91b9cab481e0cf3a06e701babae3853b itstool: remote_url: https://gitee.com/src-openeuler/itstool.git version: 1d89c268ee08d705174a56f7b6b8111469404c34 @@ -707,7 +707,7 @@ manifest_list: version: b663f34259f5dd732b48638e4d3ae86c6227c0d9 krb5: remote_url: https://gitee.com/src-openeuler/krb5.git - version: 79a8cf0f3c2c0e9262f6c7c2b1e0a2105b166c0e + version: 6ce837358de99dbc5bc67c18e4020b0c7a060fe8 kubeedge: remote_url: https://gitee.com/src-openeuler/kubeedge.git version: 8ee6a2fb2d5d9b740a74dba965337bb5668a3bb8 @@ -791,7 +791,7 @@ manifest_list: version: 8b2c4e58ea9e24d35b2746f7cfabdf170e9c7c9d libarchive: remote_url: https://gitee.com/src-openeuler/libarchive.git - version: 39b5141f3b9d094b21bea0c2f95ff21a9f097912 + version: 9d9c8ac56c342a4e32aa52e39f7d91024f2fd70b libassuan: remote_url: https://gitee.com/src-openeuler/libassuan.git version: 3cb4064dbe8ce2ef46c7aa02ea670e3a69f1a959 @@ -809,7 +809,7 @@ manifest_list: version: 5c919183b5bd99b0c9fb70dcb52929cc570c4689 libcap-ng: remote_url: https://gitee.com/src-openeuler/libcap-ng.git - version: 8aa2535255c3c80690a91509dab4a8fa4a5e8008 + version: bd9aeed1685c5fb0cdd8fc9a301f54c1400fe35b libcgroup: remote_url: https://gitee.com/src-openeuler/libcgroup.git version: 372aba8f04475be6563b272465be151ccea0f996 @@ -896,7 +896,7 @@ manifest_list: version: fc6915999915a72b656a30ff33eeada59ceaad25 libmd: remote_url: https://gitee.com/src-openeuler/libmd.git - version: ce0d328fbfbbbb1157f919eddb7a49c93a2c9719 + version: cc967be9b345b92c7585ebc73be8ed5e8280de75 libmetal: remote_url: https://gitee.com/src-openeuler/libmetal.git version: 69e96d9620652df428ec7f4faca92f70cce111d3 @@ -914,7 +914,7 @@ manifest_list: version: 12d250eb89accacc62bd609170bbd356e78c2ecd libmpc: remote_url: https://gitee.com/src-openeuler/libmpc.git - version: dcf4a81785d42aa8b64de50dceb21b7e9211fb5a + version: 686f5176cff9970f6a85743c259b6752b3a7fcb7 libnl: remote_url: https://gitee.com/src-openeuler/libnl3.git version: c01b2b55b02ae03b1c056b825f70a146ba74e38f @@ -956,10 +956,10 @@ manifest_list: version: 0662086c0b75ae354f0c3488b12fc008b1cbcb18 libselinux: remote_url: https://gitee.com/src-openeuler/libselinux.git - version: ec69384c70807cd21b4f08ba11f1765abecbc276 + version: 997bb2d00f0b597864e0000fd66e526a734b932e libsemanage: remote_url: https://gitee.com/src-openeuler/libsemanage.git - version: ac87612eeff0fbf90c5f0bdfb8f9c3abc5fc524e + version: 355bb99ee905eddfbba608bd6a0a177c0b009451 libsepol: remote_url: https://gitee.com/src-openeuler/libsepol.git version: 69dd5a4b41ad9c95018775a84fb806f4e138db9f @@ -980,7 +980,7 @@ manifest_list: version: 29c561743c9985756494385f56e94fcf9f8e7745 libtasn1: remote_url: https://gitee.com/src-openeuler/libtasn1.git - version: 6d034beea0cb87a4b3738fb1249fb9b457f2a28f + version: 9ebb6c4aadbf43d791ac3c1f3c5f69fc30c45dcc libtheora: remote_url: https://gitee.com/src-openeuler/libtheora.git version: 09519f6d0a7017a132dd212c311bee3201b386e3 @@ -1229,7 +1229,7 @@ manifest_list: version: 98a08ae8b050fd45830e6c6b3cb677f9b623f165 numactl: remote_url: https://gitee.com/src-openeuler/numactl.git - version: 43324c95441a7c701fc9dd7f004522fb2b44f034 + version: 956bff0a289582ed983e745b736f64c99d7ec226 numpy: remote_url: https://gitee.com/src-openeuler/numpy.git version: fd352a1771a247950a1df6abe72caa14f388b8c1 diff --git a/meta-openeuler/dynamic-layers/openembedded-layer/recipes-benchmark/iperf3/iperf3_%.bbappend b/meta-openeuler/dynamic-layers/openembedded-layer/recipes-benchmark/iperf3/iperf3_%.bbappend index 1f3df1da2cc109ba767a02c28e63b84823d2d49a..3a76a3a87210f388f5775570104604eac1985cf4 100644 --- a/meta-openeuler/dynamic-layers/openembedded-layer/recipes-benchmark/iperf3/iperf3_%.bbappend +++ b/meta-openeuler/dynamic-layers/openembedded-layer/recipes-benchmark/iperf3/iperf3_%.bbappend @@ -1,12 +1,11 @@ # main bb file: yocto-meta-openembedded/meta-oe/recipes-benchmark/iperf3/iperf3_3.11.bb -PV = "3.16" +PV = "3.18" -LIC_FILES_CHKSUM = "file://LICENSE;md5=dc6301c8256ceb8f71c9e3c2ae9096b9" +LIC_FILES_CHKSUM = "file://LICENSE;md5=f9873a72f714e240530e759e103ac7b2" SRC_URI:prepend = " \ file://iperf-${PV}.tar.gz \ - file://CVE-2024-26306.patch \ " # update 0001-configure.ac-check-for-CPP-prog.patch from iperf3_3.16.bb diff --git a/meta-openeuler/dynamic-layers/openembedded-layer/recipes-connectivity/krb5/krb5_%.bbappend b/meta-openeuler/dynamic-layers/openembedded-layer/recipes-connectivity/krb5/krb5_%.bbappend index bc6935869d2070c436b9ad31a23e1aa27f1c59ed..19434cfb66fb9eb36d822b5f68eae7e9f605054e 100644 --- a/meta-openeuler/dynamic-layers/openembedded-layer/recipes-connectivity/krb5/krb5_%.bbappend +++ b/meta-openeuler/dynamic-layers/openembedded-layer/recipes-connectivity/krb5/krb5_%.bbappend @@ -28,6 +28,19 @@ SRC_URI:prepend = " \ file://backport-Fix-memory-leak-in-PAC-checksum-verification.patch;patchdir=${PATCH_DIR} \ file://fix-libkadm5-parameter-leak.patch;patchdir=${PATCH_DIR} \ file://backport-CVE-2024-3596.patch;patchdir=${PATCH_DIR} \ + file://backport-Avoid-mutex-locking-in-krb5int_trace.patch;patchdir=${PATCH_DIR} \ + file://backport-Fix-unlikely-password-change-leak.patch;patchdir=${PATCH_DIR} \ + file://backport-Allow-null-keyblocks-in-IOV-checksum-functions.patch;patchdir=${PATCH_DIR} \ + file://backport-Fix-krb5_ldap_list_policy-filtering-loop.patch;patchdir=${PATCH_DIR} \ + file://backport-Fix-various-issues-detected-by-static-analysis.patch;patchdir=${PATCH_DIR} \ + file://backport-Fix-krb5_crypto_us_timeofday-microseconds-check.patch;patchdir=${PATCH_DIR} \ + file://backport-Prevent-late-initialization-of-GSS-error-map.patch;patchdir=${PATCH_DIR} \ + file://backport-CVE-2025-24528.patch;patchdir=${PATCH_DIR} \ + file://backport-Fix-LDAP-module-leak-on-authentication-error.patch;patchdir=${PATCH_DIR} \ + file://backport-Fix-minor-logic-errors.patch;patchdir=${PATCH_DIR} \ + file://backport-Fix-type-violation-in-libkrad.patch;patchdir=${PATCH_DIR} \ + file://backport-Fix-various-small-logic-errors.patch;patchdir=${PATCH_DIR} \ + file://backport-Prevent-undefined-shift-in-decode_krb5_flags.patch;patchdir=${PATCH_DIR} \ " # unapplicable patch from openEuler diff --git a/meta-openeuler/recipes-core/selinux/libselinux_%.bbappend b/meta-openeuler/recipes-core/selinux/libselinux_%.bbappend index f87957a345fc11a8955a8581e705789ce044c7bd..2abcd5289c0375694ffcefd35dd52887acbcdbcf 100644 --- a/meta-openeuler/recipes-core/selinux/libselinux_%.bbappend +++ b/meta-openeuler/recipes-core/selinux/libselinux_%.bbappend @@ -10,6 +10,15 @@ SRC_URI:prepend = "file://${BP}.tar.gz \ file://backport-libselinux-reorder-calloc-3-arguments.patch \ file://backport-libselinux-Fix-ordering-of-arguments-to-calloc.patch \ file://backport-libselinux-use-reentrant-strtok_r-3.patch \ + file://backport-libselinux-utils-selabel_digest-drop-unsupported-opt.patch \ + file://backport-libselinux-utils-selabel_digest-avoid-buffer-overflo.patch \ + file://backport-libselinux-free-data-on-selabel-open-failure.patch \ + file://backport-libselinux-avoid-logs-in-get_ordered_context_list-wi.patch \ + file://backport-libselinux-free-empty-scandir-3-result.patch \ + file://backport-libselinux-avoid-pointer-dereference-before-check.patch \ + file://backport-libselinux-set-free-d-data-to-NULL.patch \ + file://backport-libselinux-matchpathcon-RESOURCE_LEAK-Variable-con.patch \ + file://backport-libselinux-Close-old-selabel-handle-when-setting-a-n.patch \ file://do-malloc-trim-after-load-policy.patch \ " diff --git a/meta-openeuler/recipes-core/selinux/libsemanage_%.bbappend b/meta-openeuler/recipes-core/selinux/libsemanage_%.bbappend index e6cc06c8e52d2ca7144740f102ea7d4b3654503f..31aa1a7b44c20e3b0d1a108ba79c2d43e36a16b0 100644 --- a/meta-openeuler/recipes-core/selinux/libsemanage_%.bbappend +++ b/meta-openeuler/recipes-core/selinux/libsemanage_%.bbappend @@ -4,6 +4,21 @@ PV = "3.5" LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=a6f89e2100d9b6cdffcea4f398e37343" SRC_URI:prepend = "file://${BP}.tar.gz \ + file://backport-libsemanage-direct_api-INTEGER_OVERFLOW-read_len-rea.patch \ + file://backport-libsemanage-open-lock_file-with-O_RDWR.patch \ + file://backport-libsemanage-check-memory-allocations.patch \ + file://backport-libsemanage-free-resources-on-failed-connect-attempt.patch \ + file://backport-libsemanage-fix-asprintf-error-branch.patch \ + file://backport-libsemanage-avoid-leak-on-realloc-failure.patch \ + file://backport-libsemanage-free-ibdev-names-in-semanage_ibendport_v.patch \ + file://backport-libsemanage-check-for-path-formatting-failures.patch \ + file://backport-libsemanage-set-O_CLOEXEC-flag-for-file-descriptors.patch \ + file://backport-libsemanage-check-closing-written-files.patch \ + file://backport-libsemanage-handle-cil_set_handle_unknown-failure.patch \ + file://backport-libsemanage-handle-shell-allocation-failure.patch \ + file://backport-libsemanage-drop-duplicate-newlines-and-error-descriptions-in-error-messages.patch \ + file://backport-libsemanage-simplify-file-deletion.patch \ + file://backport-libsemanage-optimize-policy-by-default.patch \ file://fix-test-failure-with-secilc.patch \ " diff --git a/meta-openeuler/recipes-extended/iptables/iptables_%.bbappend b/meta-openeuler/recipes-extended/iptables/iptables_%.bbappend index a25deec78ec45a2f6316f8d12f908c62c7c95a22..4ca6b5b235cd16962a0cda637b2b1b3e758ebae3 100644 --- a/meta-openeuler/recipes-extended/iptables/iptables_%.bbappend +++ b/meta-openeuler/recipes-extended/iptables/iptables_%.bbappend @@ -41,6 +41,7 @@ SRC_URI:append = " \ file://tests-extensions-add-some-testcases.patch \ file://backport-extensions-recent-Fix-format-string-for-unsigned-values.patch \ file://backport-nft-cmd-Init-struct-nft_cmd-head-early.patch \ + file://backport-ip6tables-Fix-checking-existence-of-rule.patch \ " # the openeuler patch apply failed # file://0001-extensions-NAT-Fix-for-Werror-format-security.patch diff --git a/meta-openeuler/recipes-extended/libarchive/libarchive_%.bbappend b/meta-openeuler/recipes-extended/libarchive/libarchive_%.bbappend index 03f9a299f42c797b71783f01dcdd4724feabf33c..138cf88ca5580c5c71567db09c21cffc6dc8629a 100644 --- a/meta-openeuler/recipes-extended/libarchive/libarchive_%.bbappend +++ b/meta-openeuler/recipes-extended/libarchive/libarchive_%.bbappend @@ -3,6 +3,8 @@ PV = "3.7.1" # openeuler src SRC_URI:prepend = "file://${BP}.tar.gz \ + file://backport-CVE-2025-1632.patch \ + file://backport-CVE-2025-25724.patch \ " FILESEXTRAPATHS:append := "${THISDIR}/${BPN}/:" diff --git a/meta-openeuler/recipes-support/gnutls/libtasn1_%.bbappend b/meta-openeuler/recipes-support/gnutls/libtasn1_%.bbappend index 382d2033c24fcf1b6759e154ba75f297468df8f5..67dcd9c2ef73ecce7d78dcadbc635b9390079fee 100644 --- a/meta-openeuler/recipes-support/gnutls/libtasn1_%.bbappend +++ b/meta-openeuler/recipes-support/gnutls/libtasn1_%.bbappend @@ -1,3 +1,6 @@ -SRC_URI:prepend = "file://${BP}.tar.gz " +SRC_URI:prepend = "file://${BP}.tar.gz \ + file://backport-CVE-2024-12133-part1.patch \ + file://backport-CVE-2024-12133-part2.patch \ +" ASSUME_PROVIDE_PKGS = "libtasn1" diff --git a/meta-openeuler/recipes-support/libmd/libmd_%.bbappend b/meta-openeuler/recipes-support/libmd/libmd_%.bbappend index 568e0a17e037a36338bb0e4f1373f12095ee1b34..8d0c8284d1a2cd1ebecc370a3375ddb8240213bf 100644 --- a/meta-openeuler/recipes-support/libmd/libmd_%.bbappend +++ b/meta-openeuler/recipes-support/libmd/libmd_%.bbappend @@ -2,4 +2,7 @@ PV = "1.1.0" SRC_URI:prepend = " \ file://${BP}.tar.xz \ + file://backport-fix-out-of-tree-build.patch \ + file://backport-Refactor-autogen-call-into-before_script.patch \ + file://backport-fix-man-Sync-SHA2-changes-from-OpenBSD.patch \ " diff --git a/meta-openeuler/recipes-support/numactl/numactl_%.bbappend b/meta-openeuler/recipes-support/numactl/numactl_%.bbappend index b24ff1ded1b80deab8457c5f32d04ddf08136517..62fce2d05e6e21a65bc45983cb03fdca546ce8aa 100644 --- a/meta-openeuler/recipes-support/numactl/numactl_%.bbappend +++ b/meta-openeuler/recipes-support/numactl/numactl_%.bbappend @@ -17,4 +17,6 @@ SRC_URI:prepend = " \ file://0011-libnuma-Fix-unexpected-output.patch \ file://0012-libnuma-Fix-incorrect-print-and-exit-of-numa_preferr.patch \ file://0013-fix-the-using-of-the-uninitialized-value.patch \ + file://0014-backport-Make-numa_available-respect-EPERM.patch \ + file://0015-backport-fix-nodemask-allocation-size-for-get_mempolicy.patch \ "