diff options
| author | Andrii Davydenko <andrii.davydenko@globallogic.com> | 2022-12-14 12:08:42 +0200 |
|---|---|---|
| committer | Mykyta Dorokhin <mykyta.dorokhin@globallogic.com> | 2023-01-24 12:41:29 +0200 |
| commit | 2eaa3fd064097eb221b56d5df0e7136ba705a0cd (patch) | |
| tree | 2ca46c9a625d6f743933b1ea7e2fc6bd2581e6eb /recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch | |
| parent | 1e52890ac41318d28923787af35541a8f9ee0653 (diff) | |
| download | meta-mlinux-2eaa3fd064097eb221b56d5df0e7136ba705a0cd.tar.gz meta-mlinux-2eaa3fd064097eb221b56d5df0e7136ba705a0cd.tar.bz2 meta-mlinux-2eaa3fd064097eb221b56d5df0e7136ba705a0cd.zip | |
CVE Packages Update
Move libfastjson to the rsyslog directory
rsyslog 8.2002.0 -> 8.2206.0
add ntp4.2.8 recipe with fixed CVEs
update cryptsetup to 2.4.3
fix libxml2 CVE-2016-3709
curl 7.75.0 -> 7.86.0
strongswan 5.8.4 -> 5.9.8
libmodbus 3.1.6 -> 3.1.7
libesmtp 1.0.6 -> 1.1.0
cifs-utils 6.1 -> 7.0
update libtirpc to version 1.3.3
update rsync to version 3.2.5
Add zlib 1.2.13
upgrade gnutls to 3.7.8
upgrade openssh to 8.9p1
Add cmake 3.24.2 and cmake-native 3.24.2 to avoid loop dependecies building expat
Add expat 2.5.0 to fix CVE-2022-40674 and CVE-2022-43680
openvpn 2.4.9 -> 2.4.12
hostapd 2.9 -> 2.10
[GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28)
Openssh 8.9p1 no longer needed, because all necessary CVE fixes, backports and whitelists are present for current Openssh 8.4p1. There are no new CVE's in report.
[GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28)
Backported CVE patches for python3 component. Need to remove after upgrading Yocto to version more than 3.1.21.
[GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28)
Backported CVE patch for sudo component.
Added 2 CVE's to whitelist for OpenVPN component.
Diffstat (limited to 'recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch')
| -rw-r--r-- | recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch b/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch new file mode 100644 index 0000000..1d9c4bf --- /dev/null +++ b/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch @@ -0,0 +1,68 @@ +From e64a58387db46239902b610871a0eb81626e99ff Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@cs.ucla.edu> +Date: Thu, 18 Aug 2022 07:46:28 -0700 +Subject: [PATCH] Turn on -pedantic-errors at the end of 'configure' + +Problem reported by Khem Raj in: +https://lists.gnu.org/r/autoconf-patches/2022-08/msg00009.html +Upstream-Status: Submitted [https://lists.samba.org/archive/rsync/2022-August/032862.html] +--- + configure.ac | 35 ++++++++++++++++++++--------------- + 1 file changed, 20 insertions(+), 15 deletions(-) + +diff --git a/configure.ac b/configure.ac +index d185b2d3..7e9514f7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1071,21 +1071,6 @@ elif test x"$ac_cv_header_popt_h" != x"yes"; then + with_included_popt=yes + fi + +-if test x"$GCC" = x"yes"; then +- if test x"$with_included_popt" != x"yes"; then +- # Turn pedantic warnings into errors to ensure an array-init overflow is an error. +- CFLAGS="$CFLAGS -pedantic-errors" +- else +- # Our internal popt code cannot be compiled with pedantic warnings as errors, so try to +- # turn off pedantic warnings (which will not lose the error for array-init overflow). +- # Older gcc versions don't understand -Wno-pedantic, so check if --help=warnings lists +- # -Wpedantic and use that as a flag. +- case `$CC --help=warnings 2>/dev/null | grep Wpedantic` in +- *-Wpedantic*) CFLAGS="$CFLAGS -pedantic-errors -Wno-pedantic" ;; +- esac +- fi +-fi +- + AC_MSG_CHECKING([whether to use included libpopt]) + if test x"$with_included_popt" = x"yes"; then + AC_MSG_RESULT($srcdir/popt) +@@ -1444,6 +1429,26 @@ case "$CC" in + ;; + esac + ++# Enable -pedantic-errors last, so that it doesn't mess up other ++# 'configure' tests. For example, Autoconf uses empty function ++# prototypes like 'int main () {}' which Clang 15's -pedantic-errors ++# would reject. Generally it's not a good idea to try to run ++# 'configure' itself with strict compiler checking. ++if test x"$GCC" = x"yes"; then ++ if test x"$with_included_popt" != x"yes"; then ++ # Turn pedantic warnings into errors to ensure an array-init overflow is an error. ++ CFLAGS="$CFLAGS -pedantic-errors" ++ else ++ # Our internal popt code cannot be compiled with pedantic warnings as errors, so try to ++ # turn off pedantic warnings (which will not lose the error for array-init overflow). ++ # Older gcc versions don't understand -Wno-pedantic, so check if --help=warnings lists ++ # -Wpedantic and use that as a flag. ++ case `$CC --help=warnings 2>/dev/null | grep Wpedantic` in ++ *-Wpedantic*) CFLAGS="$CFLAGS -pedantic-errors -Wno-pedantic" ;; ++ esac ++ fi ++fi ++ + AC_CONFIG_FILES([Makefile lib/dummy zlib/dummy popt/dummy shconfig]) + AC_OUTPUT + +-- +2.37.1 + |