Changes with APR-util 1.6.3
*) Correct a packaging issue in 1.6.2. The contents of the release were
correct, but the top level directory was misnamed.
Changes with APR-util 1.6.2
*) SECURITY: CVE-2022-25147 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer.
*) Teach configure how to find and build against MariaDB 10.2. PR 61517
[Kris Karas <bugs-a17 moonlit-rail.com>]
*) apr_crypto_commoncrypto: Remove stray reference to -lcrypto that
prevented commoncrypto being enabled. [Graham Leggett]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_dbm_gdbm: Fix handling of error codes. This makes gdbm 1.14 work.
apr_dbm_gdbm will now also return error codes starting with
APR_OS_START_USEERR, as apr_dbm_berkleydb does, instead of always
returning APR_EGENERAL. [Stefan Fritsch]
Drop backport.
(From OE-Core rev: e24b38a14b3520648ec418783fb74fcf61df7ff2)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dca707f9fecc805503e17f6db3e4c88069ac0125)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 43cd36b178ebb602edd5919c26f8b8642736a3a8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes for APR 1.7.2
*) Correct a packaging issue in 1.7.1. The contents of the release were
correct, but the top level directory was misnamed.
Changes for APR 1.7.1
*) SECURITY: CVE-2022-24963 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer.
*) SECURITY: CVE-2022-28331 (cve.mitre.org)
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond
the end of a stack based buffer in apr_socket_sendv(). This is a result
of integer overflow.
*) SECURITY: CVE-2021-35940 (cve.mitre.org)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling]
*) configure: Fix various build issues for compilers enforcing
strict C99 compliance. PR 66396, 66408, 66426.
[Florian Weimer <fweimer redhat.com>, Sam James <sam gentoo.org>]
*) apr_atomic_read64(): Fix non-atomic read on 32-bit Windows [Ivan Zhakov]
*) configure: Prefer posix name-based shared memory over SysV IPC.
[Jim Jagielski]
*) configure: Add --disable-sctp argument to forcibly disable SCTP
support, or --enable-sctp which fails if SCTP support is not
detected. [Lubos Uhliarik <luhliari redhat.com>, Joe Orton]
*) Fix handle leak in the Win32 apr_uid_current implementation.
PR 61165. [Ivan Zhakov]
*) Add error handling for lseek() failures in apr_file_write() and
apr_file_writev(). [Joe Orton]
*) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file
to avoid a fd and inode leak when/if later passed to apr_file_setaside().
[Yann Ylavic]
*) APR's configure script uses AC_TRY_RUN to detect whether the return type
of strerror_r is int. When cross-compiling this defaults to no.
This commit adds an AC_CACHE_CHECK so users who cross-compile APR may
influence the outcome with a configure variable. [Sebastian Kemper
<sebastian_ml gmx net>]
*) Add a cache check with which users who cross-compile APR
can influence the outcome of the /dev/zero test by setting the variable
ac_cv_mmap__dev_zero=yes [Sebastian Kemper <sebastian_ml gmx net>]
*) Trick autoconf into printing the correct default prefix in the help.
[Stefan Fritsch]
*) Don't try to use PROC_PTHREAD by default when cross compiling.
[Yann Ylavic]
*) Add the ability to cross compile APR. [Graham Leggett]
*) While cross-compiling, the tools/gen_test_char could not
be executed at build time, use AX_PROG_CC_FOR_BUILD to
build native tools/gen_test_char
Support explicit libtool by variable assigning before buildcheck.sh,
it is helpful for cross-compiling (such as libtool=aarch64-linux-libtool)
[Hongxu Jia <hongxu.jia windriver.com>]
*) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen
<r... hjortskov.dk>]
*) Use AC_CHECK_SIZEOF, so as to support cross compiling. PR 56053.
[Mike Frysinger <vapier gentoo.org>]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_pools: Fix pool debugging output so that creation events are
always emitted before allocation events and subpool destruction
events are emitted on pool clear/destroy for proper accounting.
[Brane Čibej]
*) apr_socket_listen: Allow larger listen backlog values on Windows 8+.
[Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
*) Fixed: apr_get_oslevel() was returning APR_WIN_XP on Windows 10
*) Fix attempt to free invalid memory on exit when apr_app is used
on Windows. [Ivan Zhakov]
*) Fix double free on exit when apr_app is used on Windows. [Ivan Zhakov]
*) Fix a regression in apr_stat() for root path on Windows. [Ivan Zhakov]
Dropped patches have all been merged, addressed separately or are backports.
(From OE-Core rev: c291aefb531431b9a256740766dcb03cbdf84481)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ffae93f24bb1e3954b232099153fd059cfd7daf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit e5326ea0ac7e55b2d671a27c1e035c43b8bbc70d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
AC_TRY_RUN macro means the test needs to run to find the result and we
are cross compiling so this will always get wrong results, this results
in miscompiling apache2 on musl because it disables rlimit
(ac_cv_struct_rlimit) wrongly.
All these variables are determined with AC_TRY_RUN checks
(From OE-Core rev: 8784e3712add2fbdf684d442a14fb94e5a7fc61f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 504eb0ff1cae200ee85ec18ebae564cae9bf9c8c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
musl does not implement GNU extention of strerror_r but XSI compliant
version, therefore add it via a packageconfig to set right variables
during configure to cache the value.
configure detection logic depends on runtime test which will always be
wrong on cross compiles therefore backport a patch to make it possible
to cache the needed configure variable.
(From OE-Core rev: b59027f32e4b2896dccced6d9cb75fbb41651abe)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ded3d76a844dd1aef9ac610fbe506bf76285369b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libtool is now longer renamed to ${host}-libtool, so remove the changes
to support this.
This means that apr now installs libtool into the build-1 folder, but
as this has never been needed before (as we use the system libtool) we
can remove it (it contains build paths so is unreproducible). Also add
a RDEPENDS on libtool for the target -dev package.
(From OE-Core rev: 07c0c780fb79779827dcd7496fac288c179aa259)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the
Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue
was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed
compared to 1.6.3 and is vulnerable to the same issue.
(From OE-Core rev: d52b78c75323fb254b5d0216f9183573b353abd3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We need to use CFLAGS with the correct WORKDIR in them, replace those
in the sysroot file with the ones appropriate to the current recipe.
(From OE-Core rev: 45edf189961aff1858be9bb7b63116073c0a0c10)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Support for gdbm was made optional in 3260ad9e, but it was still being
used unconditionally.
(From OE-Core rev: 09d303ca295dc27874c72b30c37a64d1fdf4c5c0)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
apu-1-config encodes library path in to script
27c27
< libdir="/usr/lib64"
(From OE-Core rev: 3682d0ca3ffeb84fd2f935a9c9b253e015c9e137)
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Avoid:
libgcc_s.so.1 must be installed for pthread_cancel to work
when running the ptest without libgcc.
(From OE-Core rev: 791bb6f1c95552a44660bb78c522fd8ecc4e6384)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Two unrelated lines were extracted from apu_version.h for the license
information.
License-Update: Only extract the relevant part from apu_version.h
(From OE-Core rev: 2edb0f24a13f27b2fae94fb447221ad2ddb924a0)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Two unrelated lines were extracted from apr_lib.h for the license
information.
License-Update: Only extract the relevant part from apr_lib.h
(From OE-Core rev: 90ab83ecc509c2fdc1f6083d771031decdcaad63)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Test suite test_dbm failed after gdbm upgrtade to 13.1,
from 13.1, return value of some function are changed.
* gdbm_fetch, gdbm_firstkey, and gdbm_nextkey behavior
If the requested key was not found, these functions return datum with
dptr pointing to NULL and set gdbm_errno to GDBM_ITEM_NOT_FOUND (in
prior releases, gdbm_errno was set to GDBM_NO_ERROR),
(From OE-Core rev: 0952c190fc6aec333676ce3883e8232fa8595551)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1. Improve inappropriate patches:
- Drop inappropriate configure_fixes.patch
Use setting variable ac_cv_file__dev_zero and
ac_cv_sizeof_struct_iovec to replace
- Drop cleanup.patch
Aassign variable libtool at ./buildconf executing and
use 0001-build-buildcheck.sh-improve-libtool-detection.patch
to replace. Submitted it to upstream.
- Rename configfix.patch to
0002-apr-Remove-workdir-path-references-from-installed-ap.patch
Add its original comments and author, explain why it is inappropriate
- Drop upgrade-and-fix-1.5.1.patch
Use 0003-Makefile.in-configure.in-support-cross-compiling.patch
to replace. And submitted it to upstream.
2. Fix build path issue to improve reproducibility
(From OE-Core rev: 29c4b19e640b544c9c351aec4292a3f65b619998)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This adds or fixes the Upstream-Status for all remaining patches missing it
in OE-Core.
(From OE-Core rev: 563cab8e823c3fde8ae4785ceaf4d68a5d3e25df)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When subversion run on x86 and lib32 on x86-64, it use the APR's
apr.h header file. But when configure the APR, APR meets the cross
compiling, it was hardcoded in configure.in in apr source code. As
the following:
APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], off_t, 8)
It pass 8 bytes to off_t when meets cross compiling, but on x86 or lib32
the off_t in glibc was 4 bytes, so it let the application who use apr.h
go to wrong.
Such as subversion:
svnadmin create test
So we should let the APR detect the correct off_t when cross compiling,
change it to the following:
AC_CHECK_SIZEOF(off_t)
The same for the following hardcoded types for cross compiling:
pid_t 8
size_t 8
ssize_t 8
Change the above correspondingly.
(From OE-Core rev: e18820ca9202c07e2406d702c46f45415182b7a6)
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add PACKAGECONFIG for ipv6 and control it based
on DISTRO_FEATURES.
(From OE-Core rev: 91d29c5555557fb0637c886f76c859d704ecd980)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixed when build nativesdk-apr-util:
| gawk: fatal: can't open source file `/opt/poky/2.0+snapshot/sysroots/x86_64-pokysdk-linux/usr/share/build-1/make_exports.awk' for reading (No such file or directory)
The ${S} should be ${B}.
(From OE-Core rev: ba29845a5b9bf16cda2230540d7ce17d0f82e8fa)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Enable apr-util's cryptographic routines so that the apache2 package
can encrypt session data. Also add sqlite3 and ldap modules, disabled
by default.
(From OE-Core rev: c8be8890e0a9c9d5f1532c4ee4fe9a346ed3ca5b)
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A new QA check was introduced by 47d38d4d86ec6a which catches recipes
which install loadable modules (*.so) inside -dev packages instead of
symlinks. Install apr-util's modules into ${PN} and also skip the QA
check [dev-so] because it is the reverse of the check introduced by
47d38d4d86ec6a (thus if a recipe passes one it fails the other).
(From OE-Core rev: ef82fb5aff4ca3204b40cdf6a074d9711e543af2)
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With the autodebug package generation logic, specifically setting FILES_${PN}-dbg
isn't needed in most cases, we can remove them.
(From OE-Core rev: 3ab59d49dd7c18e194b58d1248b4b87709b5a738)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When ccache is enabled, libtool requires --tag=CC when use ccache,
otherwise when building apr-util with ccache enabled:
| libtool: compile: unable to infer tagged configuration
| libtool: error: specify a tag with '--tag'
| libtool: compile: unable to infer tagged configuration
| make[1]: *** [buckets/apr_buckets.lo] Error 1
(From OE-Core rev: 52c314963e0ab90e6c1ced7bf66b06d4c304358a)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
testxlate test case fails due to dependency on some character-sets.
Install them.
[YOCTO #8171]
(From OE-Core rev: 814b7589ea857806db7e3d2a09cf5f52df5afd76)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If ccache is enabled, compiling apr-utils fails with the following error
messages because libtool is confused by the "ccache gcc" appearing on
the command line. Disable ccache for apr, so that ccache don't get
enabled in all software using apr's rules.mk.
The error message from apr-utils-native:
(From OE-Core rev: 3533552050d0f91b669c6939755c5f6efefa9d58)
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cleanup buildpaths from apu-1-config:
- remove ${STAGING_DIR_HOST} from CC, CPP ...
- set APU_SOURCE_DIR, APU_BUILD_DIR as empty
(From OE-Core rev: d61e73a37f805fd56efda1a6cfe7262356fc6274)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cleanup buildpaths from apr_rules.mk and apr-1-config:
- remove ${STAGING_DIR_HOST} from CC, CPP ...
- set APR_SOURCE_DIR, APR_BUILD_DIR as empty
* install ${HOST_SYS}-libtool to sysroot only, it's required for
building apache2 but not suitable for target.
(From OE-Core rev: 44c1a6af03ce9b45e5bfd6956062aa2b3a1be741)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Disconnect the connection by poll() timeout.
If timeout=0 and apr_wait_for_io_or_timeout()=APR_TIMEUP then
apr_socket_recv() returns EAGAIN.
(From OE-Core rev: cef4de5cd6c12091146dc1ef02cd80e094c6728e)
Signed-off-by: Noriaki Yoshitane <yoshitane.nrs@cnt.ncos.nec.co.jp>
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This adds 'nativesdk' in the BBCLASSEXTEND.
Building apr-util for the SDK requires that some paths in the rules.mk
file are fixed to point to the actual enviroment. These include pointing
the apr configuration variables to the actual apr builddir and
correcting the name of the libtool.
(From OE-Core rev: 4595e4832418afc651300c88ad2b835f0aedd8bc)
Signed-off-by: Timo Mueller <timo.mueller@bmw-carit.de>
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@oss.bmw-carit.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
