CVE Packages Update

Move libfastjson to the rsyslog directory

rsyslog 8.2002.0 -> 8.2206.0

add ntp4.2.8 recipe with fixed CVEs

update cryptsetup to 2.4.3

fix libxml2 CVE-2016-3709

curl 7.75.0 -> 7.86.0

strongswan 5.8.4 -> 5.9.8

libmodbus 3.1.6 -> 3.1.7

libesmtp 1.0.6 -> 1.1.0

cifs-utils 6.1 -> 7.0

update libtirpc to version 1.3.3

update rsync to version 3.2.5

Add zlib 1.2.13

upgrade gnutls to 3.7.8

upgrade openssh to 8.9p1

Add cmake 3.24.2 and cmake-native 3.24.2 to avoid loop dependecies building expat

Add expat 2.5.0 to fix CVE-2022-40674 and CVE-2022-43680

openvpn 2.4.9 -> 2.4.12

hostapd 2.9 -> 2.10

[GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28)
Openssh 8.9p1 no longer needed, because all necessary CVE fixes, backports and whitelists are present for current Openssh 8.4p1. There are no new CVE's in report.

[GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28)
Backported CVE patches for python3 component. Need to remove after upgrading Yocto to version more than 3.1.21.

[GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28)
Backported CVE patch for sudo component.
Added 2 CVE's to whitelist for OpenVPN component.

1 files changed, 57 insertions, 0 deletions

diff --git a/recipes-support/nettle/nettle_3.8.1.bb b/recipes-support/nettle/nettle_3.8.1.bb
new file mode 100644
index 0000000..bf49132
--- /dev/null
+++ b/recipes-support/nettle/nettle_3.8.1.bb
@@ -0,0 +1,57 @@
+SUMMARY = "A low level cryptographic library"
+DESCRIPTION = "Nettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages (C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space."
+HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/"
+DESCRIPTION = "It tries to solve a problem of providing a common set of \
+cryptographic algorithms for higher-level applications by implementing a \
+context-independent set of cryptographic algorithms"
+SECTION = "libs"
+LICENSE = "LGPL-3.0-or-later | GPL-2.0-or-later"
+
+LIC_FILES_CHKSUM = "file://COPYING.LESSERv3;md5=6a6a8e020838b23406c81b19c1d46df6 \
+                    file://COPYINGv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+                    file://serpent-decrypt.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e \
+                    file://serpent-set-key.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e"
+
+DEPENDS += "gmp"
+
+SRC_URI = "${GNU_MIRROR}/${BPN}/${BP}.tar.gz \
+           file://Add-target-to-only-build-tests-not-run-them.patch \
+           file://run-ptest \
+           file://check-header-files-of-openssl-only-if-enable_.patch \
+           "
+
+SRC_URI:append:class-target = "\
+            file://dlopen-test.patch \
+            "
+
+SRC_URI[sha256sum] = "364f3e2b77cd7dcde83fd7c45219c834e54b0c75e428b6f894a23d12dd41cbfe"
+
+UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar"
+
+inherit autotools ptest multilib_header
+
+EXTRA_AUTORECONF += "--exclude=aclocal"
+
+EXTRA_OECONF = "--disable-openssl"
+
+do_compile_ptest() {
+        oe_runmake buildtest
+}
+
+do_install:append() {
+    oe_multilib_header nettle/version.h
+}
+
+do_install_ptest() {
+        install -d ${D}${PTEST_PATH}/testsuite/
+        install ${S}/testsuite/gold-bug.txt ${D}${PTEST_PATH}/testsuite/
+        install ${S}/testsuite/*-test ${D}${PTEST_PATH}/testsuite/
+        # tools can be found in PATH, not in ../tools/
+        sed -i -e 's|../tools/||' ${D}${PTEST_PATH}/testsuite/*-test
+        install ${B}/testsuite/*-test ${D}${PTEST_PATH}/testsuite/
+}
+
+RDEPENDS:${PN}-ptest += "${PN}-dev"
+INSANE_SKIP:${PN}-ptest += "dev-deps"
+
+BBCLASSEXTEND = "native nativesdk"